#openstack-requirements log

20:43:52 <prometheanfire> #startmeeting requirements
20:43:53 <openstack> Meeting started Wed Aug 29 20:43:52 2018 UTC and is due to finish in 60 minutes.  The chair is prometheanfire. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:43:54 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:43:56 <openstack> The meeting name has been set to 'requirements'
20:44:01 <prometheanfire> #topic rollcall
20:44:07 <prometheanfire> tonyb, prometheanfire, number80, dirk, coolsvap, toabctl, smcginnis, dhellmann ping
20:44:10 <prometheanfire> o/
20:44:25 <tonyb> \o
20:44:44 <dhellmann> o/
20:45:51 <prometheanfire> #topic Any controversies in the Queue?
20:46:02 <prometheanfire> eventlet timing
20:46:15 <prometheanfire> release is soon, so I'd say early next week?
20:46:54 <dhellmann> we'll tag the final release tomorrow
20:47:23 * tonyb would suggest waiting until the cycle-trailing projects have released or at the very least validating that they're pulling in rocky barnches of the $projects and not using eventlet themselves
20:47:47 <tonyb> s/would suggest/suggests/
20:47:50 <prometheanfire> iirc tripleo was/is always the holdout
20:48:46 <tonyb> prometheanfire: They're often late to branch
20:48:49 <prometheanfire> and they've branched
20:48:58 <tonyb> great
20:49:12 <tonyb> they're not the only cycle-trailing team
20:49:26 <prometheanfire> I'll send the email tomorrow after the release stating monday is the day
20:49:35 <tonyb> we had a sctipt in gerrit to work this out
20:49:40 <prometheanfire> they aren't
20:50:10 <tonyb> prometheanfire: As long as you do the research as part of that email ok
20:50:15 <prometheanfire> yep
20:50:16 * smcginnis walks in late
20:50:36 <prometheanfire> smcginnis: any other yet to branch projects?
20:50:51 <prometheanfire> kolla is one
20:51:17 <smcginnis> There are some ansible repos, heat, one tripleo.
20:51:26 <prometheanfire> heat still hasn't branched?
20:51:29 <smcginnis> The others looks like tempest-plugins or QA non-branching stuff.
20:51:41 <smcginnis> heat-agents and heat-dashboard have not.
20:51:45 <prometheanfire> oh, ya
20:51:54 <prometheanfire> I thought you meant the main project
20:52:18 <smcginnis> Nope, all main service projects are good.
20:52:21 <prometheanfire> tonyb: I've used the release repo tooling to check branching
20:52:40 <prometheanfire> ok, anything else on the eventlet plan?
20:52:59 <tonyb> prometheanfire: Great.  As long as it's communicated it sounds ok to me
20:53:27 <prometheanfire> ya, there will be a list of yet-to-brach repos
20:54:28 <tonyb> and an idea of the impact to each
20:54:43 <prometheanfire> #topic moving projects.txt under governance
20:54:47 <prometheanfire> my reasoning is here https://gist.github.com/prometheanfire/d2b9302b2e6574b91fa3d0399b20d5b2
20:55:12 <tonyb> prometheanfire: gimme a few to read that
20:55:40 <dhellmann> while tonyb reads, I will point out that we don't do similar enforcement for any of the other PTI jobs
20:56:07 <dhellmann> so this would be a new thing, and we talked about ways to implement it but we should also talk about whether we need to do that or if we should just add it to the PTI
20:56:37 <prometheanfire> PTI?
20:56:48 <dhellmann> "project testing interface"
20:56:57 <tonyb> ZOMG that hurts my brain
20:56:59 <prometheanfire> smcginnis: https://releases.openstack.org/reference/ has no index
20:57:00 <dhellmann> we could, for example, simply expand https://governance.openstack.org/tc/reference/pti/python.html#requirements-listing to talk about the job template that projects should adopt
20:57:21 <smcginnis> prometheanfire: Does it need one?
20:57:25 <smcginnis> PTI - https://governance.openstack.org/tc/reference/project-testing-interface.html
20:58:04 <smcginnis> This is the reference section navigation point - https://releases.openstack.org/#references
20:58:05 <prometheanfire> dhellmann: I'm of the opinion that the test should be enforced, I've seen projects try to break co-installability in the past
20:58:16 <prometheanfire> smcginnis: up to you
20:58:25 <dhellmann> "try to break" or "accidentally break"?
20:59:13 <prometheanfire> second one, but when told about it probably don't care as much as they should
20:59:16 <tonyb> Actually I think a) we move projects.txt to project-config; b) we remove tox-validate; c) rely of projects using requierments-0check from in-repo and d) add a check at release-time that a projects *requirements.txt are still good
20:59:56 <dhellmann> what would we do with projects.txt in project-config?
20:59:57 <tonyb> this moves the trust circle onto the project, it does add small amounts of work for the release team but really it's just +/1- from zuul and an cmment doe a core member
21:00:30 <tonyb> well it's still used by $jobs there so it's pulling it closer to the use and we can slowly phase it out
21:00:57 <dhellmann> and what pressure do we use to keep it up to date?
21:01:11 <prometheanfire> tonyb: what happens when a project adds a lib (or changed version or whatever) that fails the release check
21:01:29 <prometheanfire> time crunch + potentially massive code change doesn't sound nice
21:01:35 <tonyb> prometheanfire: they get a -1 from zull ate release time and need to fix it
21:02:05 <dhellmann> if we're going to check it at release time, I think the check would be that the requirements-check job is applied to the repository
21:02:12 <tonyb> dhellmann: I'm not sure we need to keep it in sync anymore
21:02:12 <dhellmann> that way we don't have to reproduce that job
21:02:29 <dhellmann> tonyb : ok, me either. I feel like this is another big opportunity to stop doing something.
21:02:33 <prometheanfire> dhellmann: applied at the commit in question, that still leaves a hole though
21:02:44 <tonyb> dhellmann: Sure
21:02:44 <dhellmann> prometheanfire : nothing is going to be perfect, right?
21:02:47 <prometheanfire> just adding the job doesn't trigger it
21:02:54 <prometheanfire> true
21:03:10 <prometheanfire> perfect is the enemy of good and all that
21:03:15 <dhellmann> we don't run any other test jobs against the repo at the time of release, and I don't think we want to start trying to do that
21:03:34 <tonyb> dhellmann: Yup.  There are a couple of places that use it "for real" but the main consumer requirements updates is gone
21:03:42 <dhellmann> those validation checks right now are "are you set up right" not "does everything work as promised"
21:04:20 <tonyb> dhellmann: Yup I'm not really convinced there is a ton of value in doing it at release time but I feel like we want a poin tin ttime check
21:05:05 <dhellmann> yeah, I don't mind checking for the job to be configured
21:05:06 <smcginnis> We just don't want the release time to be the only time where they find out something is wrong.
21:05:08 <prometheanfire> have it somewhere
21:05:13 <smcginnis> That could be months after the problem was introduced.
21:05:26 <dhellmann> true
21:05:26 <prometheanfire> smcginnis: that's my worry
21:05:33 <smcginnis> So checking for the job is good. Checking that things work would be problematic.
21:05:53 <tonyb> smcginnis: Ture but it's a problem that $project team would have taken explict steps to introduce
21:07:11 <prometheanfire> remove job, add bad lib, ..., readd job, release
21:07:21 <prometheanfire> that's how you work around it
21:07:39 <tonyb> prometheanfire: right
21:07:42 <dhellmann> the way to ensure that everyone runs the check job is to explain why that's important well enough and often enough to convince them to do it. We don't want to just hammer a bunch of rules onto teams without their understanding -- that just leads to them subverting the inconvenient rules
21:08:04 <prometheanfire> true
21:08:27 <prometheanfire> and name/shame the teams that do it :P
21:08:55 <dhellmann> that's not really a way to convince them either
21:09:03 <prometheanfire> one thing to do would be for the reqs team to submit a noop change to all projects reqs files to check their gate
21:09:14 <prometheanfire> dhellmann: it's not, true
21:09:14 <tonyb> at the moment what we have works only because you need to talk to project-config-cores to do that step (removing the job)
21:09:33 <dhellmann> prometheanfire : it's possible to run that test without submitting a patch, using a tox environment in the requirements repo
21:09:51 <dhellmann> step 1 should be to figure out which repos actually need the job, and then to look at that list and see which ones don't
21:10:08 <dhellmann> and then we can go talk to those teams about why they should and get them to add it
21:10:10 <prometheanfire> all repos that wish to be co-installable need the job
21:10:13 <tonyb> moving the file will be a big job as we need to deal with brched and branchless repos etc
21:10:34 <dhellmann> prometheanfire : yes, but we need to be more specific about what that list is. for example, earlier you seemed surprised when I said the specs repos did not need it
21:10:51 <dhellmann> tonyb : why do we need to move the file then?
21:10:53 <prometheanfire> I think my surprise was about something else, not specs
21:11:04 <dhellmann> oh, ok, I misunderstood then
21:11:23 <tonyb> dhellmann: we don't *need* to move it.  I think we probably just need to stop updating it
21:11:50 <dhellmann> tonyb : ok, that sounds better. and maybe turn off that validation job that's failing because the file is out of date. :-)
21:12:01 <tonyb> I think we're going around in circles a little
21:12:06 <prometheanfire> so do we not care about co-installability?
21:12:16 <prometheanfire> that's the reason we validate that the jobs exist right?
21:12:18 <dhellmann> ?
21:12:18 <tonyb> the file is used in "intersting" wasy by virtue of what it once meant
21:13:39 <dhellmann> prometheanfire : we care about the code working, too, but we don't have anything in place that forces teams to run specific test jobs because we don't need that. they understand why those jobs are useful.
21:13:42 <tonyb> dhellmann: I'm not even sure anymore :/
21:14:04 <dhellmann> tonyb : so does that mean we *should* update the file?
21:14:21 <prometheanfire> projects are less concerned about co-installability anymore (venvs, containers, etc)
21:14:36 <dhellmann> I'm not suggesting that convincing them is going to be easy, just that it needs to be done.
21:14:54 <tonyb> dhellmann: I don't think so.  I guess we need to look at all the non-trivial uses of thew file and decide if it still has value or not
21:14:54 <prometheanfire> I agree, but it only takes one
21:15:15 <dhellmann> we're not going to achieve perfection
21:15:36 <tonyb> prometheanfire: I'm not sure we really need to worry too much about projects teams doing the clearly bad thing
21:15:47 <prometheanfire> clear to us, not to them
21:15:48 * tonyb wants to err on thre side of trust here
21:16:28 <prometheanfire> I'm not as trusting
21:16:40 <prometheanfire> it does come down to that though
21:16:46 <tonyb> prometheanfire: If $project does the disble/update/enable dance the *next* time they want to update that file for reall they'll also need to do that dance and *every* subsequent time
21:16:59 <prometheanfire> yep
21:17:02 <tonyb> that's pretty clearly a bad thing
21:17:04 <dhellmann> yeah, the point of this team is to help the project teams achieve a good release, not build a bunch of rules without explaining them.
21:17:14 <prometheanfire> not saying it'd happen like that
21:17:15 <tonyb> dhellmann: ++
21:17:34 <prometheanfire> never said they wouldn't be explained :|
21:17:41 <dhellmann> I believe we can have all of the necessary repos running the test job without forcing things
21:17:49 <tonyb> Yup
21:18:23 <prometheanfire> if ia good release means X, and X requires Y and Z then ensuring that Y and Z are actually Y and Z is a good idea
21:18:27 <tonyb> like I said I want to err on the side of trust here
21:18:28 <dhellmann> prometheanfire : ok. I'm reacting to what seems like your impression that teams want to *not* have co-installability.  I don't think that's true. I think some don't understand what it is, or why they should care.
21:19:00 <prometheanfire> dhellmann: I think what you think leads to what I think
21:19:18 <dhellmann> right, so it's *our* job to explain things to them and convince them
21:19:58 <dhellmann> it is not our job to force anyone to do anything
21:20:17 <prometheanfire> tonyb: which release types would get the check-reqs-check job?
21:20:17 * tonyb will write up something for the mailing list
21:20:35 <tonyb> prometheanfire: what is check-reqs-check ?
21:20:44 <prometheanfire> check requiremets-check
21:21:09 <prometheanfire> because the name of the job is check-requirements (I think) and we are checking for it's existance
21:21:15 <tonyb> check-requirements ?
21:21:19 <prometheanfire> just to add more confusion
21:21:51 <tonyb> check-requirements: is the job that any project that wants to subscribe to our 'vetted' list of libraries would run
21:21:56 <dhellmann> what is it we want to achieve?
21:22:41 <prometheanfire> tonyb: it also helps to ensure co-installability by denying the addition of 'bad libs'
21:22:43 <tonyb> check-requirements: would be managed in repo as per PTI and is the job that project teams would remove/disbale if they wanted to opt out of that list or libraries
21:23:05 <tonyb> prometheanfire: where does it do that?
21:23:29 <tonyb> prometheanfire: it ensures consistency between *requiremenst and lower-constraints.txt
21:23:29 <dhellmann> tonyb : it requires that all of the things in the dependency list appear in the global list
21:23:38 <dhellmann> no, that's a different job
21:23:51 <dhellmann> oh, wait it does do that
21:23:54 <prometheanfire> tonyb: part of what the job does is check for playbooks/files/project-requirements-change.py
21:23:56 <tonyb> dhellmann: right but that's less about co-installability and more about library vetting at this point
21:24:18 <dhellmann> it doesn't test with those constraints, that's a different job
21:24:32 <dhellmann> yeah, check-requirements matches the local dependency lists with the global dependency list, and with the global upper constraints and the local lower constraints
21:24:41 <prometheanfire> yep
21:24:55 <dhellmann> if there is a local lower constraints list
21:25:44 <tonyb> wheer does it do 'and with the global upper constraints'
21:26:34 <prometheanfire> I thought it just checked the requirements files
21:26:58 <tonyb> I'm under the impression that our check-uc, openstack-tox* and *dsvm* jobs do that for us
21:27:05 <dhellmann> http://git.openstack.org/cgit/openstack/requirements/tree/openstack_requirements/check.py#n151
21:28:07 <dhellmann> oh, sorry, that's just the dependency list not the constraints
21:28:13 <dhellmann> hmm
21:28:13 <tonyb> prometheanfire: IIUC it checks a projects *requiremenst.txt only lists libraries in g-r *and* if the project has a lower-constratins.txt it checks that the value in that file matches the one in the projects *requirements.tx
21:29:07 <dhellmann> it does also check that the local exclusions are a subset of the global exclusions
21:29:11 <tonyb> so with that understanding that job is ensuring self-consistency and that projects are only using 'vetted' code
21:29:19 <prometheanfire> ah
21:29:23 <tonyb> dhellmann: True I forgot that part
21:29:38 <dhellmann> but you're right that it does not explicitly check against the u-c list
21:29:40 <tonyb> so again that consistency and vetting not co-installability
21:29:55 <dhellmann> well, we get it commutatively
21:30:01 <prometheanfire> isn't that a prereq for co-installability?
21:30:19 <dhellmann> if a projects dependencies are compatible with the global list, and the global list is compatible with the constraint, then the projects' dependencies are compatible with the constraint
21:30:20 <tonyb> prometheanfire: not really
21:30:49 <prometheanfire> dhellmann: right
21:31:10 <tonyb> dhellmann: okay that's fair I stand corrected
21:31:16 <prometheanfire> dhellmann: that's basically my reasoning
21:31:58 <dhellmann> I think that's actually transitive, not commutative
21:32:04 <dhellmann> it has been a long time since I studied math :-)
21:32:08 <tonyb> dhellmann: it is but meh
21:32:10 <prometheanfire> same
21:33:04 <tonyb> So I think after 45mins we've decided this is complex and we need to dicuss it in the community
21:33:17 <dhellmann> heh
21:33:20 <prometheanfire> lol
21:33:31 <prometheanfire> true, that was always the case
21:33:43 <dhellmann> I don't feel like anything has really changed about this except that we should make sure the requirements repo is not blocking changes because projects.txt is out of date
21:33:46 <tonyb> I feel like projects.txt isn't really part of that discussion as we no longer consult it from a requiremenst POV
21:33:50 <prometheanfire> letting them know that they should use the job for x y z reasons
21:34:02 <dhellmann> right
21:34:22 <prometheanfire> ya, the real 'source of truth' now is project-config
21:34:34 <prometheanfire> and relying on jobs not being removed
21:34:39 <tonyb> prometheanfire: no
21:34:47 <dhellmann> project-config?
21:34:49 <tonyb> prometheanfire: the source of truth now is zuul
21:35:04 <tonyb> (and the as yet un merged API we were promised)
21:35:20 <prometheanfire> ?
21:35:21 <smcginnis> I thought there was some progress on that.
21:35:26 <prometheanfire> now I'm confused
21:35:42 <dhellmann> there's an API to fetch the settings for a job, but they do not include which repos it's attached to
21:35:44 <tonyb> smcginnis: you can query a job defn. but not get a list of jobs for $project
21:35:49 <tonyb> ... at least alst time I checked
21:35:51 <prometheanfire> the check-requirements job defined in project config for various projects is considered valuable still right?
21:35:53 <dhellmann> prometheanfire : we are working on moving most of the zuul settings out of the project-config repository
21:36:13 <dhellmann> the job is valuable. we are moving that setting into the repos, though.
21:36:15 <tonyb> prometheanfire: No thre PTI changed and $projecst can move it in-repo
21:36:18 <smcginnis> Maybe getting this all written in a post to the ML would help.
21:36:29 <prometheanfire> dhellmann: I'm aware, iirc we kept the job in project-config because it's harder to remove
21:36:36 * tonyb notes hes' said he'd do that 3 times ;p
21:36:59 <tonyb> prometheanfire: nope we agreed to move it
21:36:59 <dhellmann> that is not one of the jobs the scripts are leaving behind
21:37:25 <prometheanfire> ok, guess we just assume it's going to work in the end
21:37:30 <smcginnis> tonyb: I was trying to get it back around to that. ;)
21:37:30 <dhellmann> http://git.openstack.org/cgit/openstack/goal-tools/tree/goal_tools/python3_first/jobs.py#n22
21:39:15 <tonyb> Okay we're 7mins over now
21:39:56 <prometheanfire> we don't have anything for verifying our upper-constraints is used either, so I guess veriifcation is overblown
21:40:04 <prometheanfire> trust but verify is just trust now
21:40:15 <prometheanfire> tonyb: ya, I don't have anything else for the meeting
21:40:19 <dhellmann> teams understand the value of the uc list because it helps protect their gate jobs
21:40:24 <prometheanfire> yep
21:41:06 <smcginnis> We could maybe add a check that their tox.ini has something like http://git.openstack.org/cgit/openstack/cinder/tree/tox.ini#n15
21:41:55 <tonyb> smcginnis: Perhaps but there are so many other places it's used/needed and some projects have deliberatly opt-out of u-c
21:41:56 <prometheanfire> ya, but at this point we are beyond the meeting
21:42:02 <prometheanfire> can carry this on after/later
21:42:19 * tonyb need to breakfast and get kids to school
21:42:21 <prometheanfire> good with that?
21:42:27 <prometheanfire> we don't have to decide this today
21:42:36 <smcginnis> Yep
21:42:46 <prometheanfire> #endmeeting