15:06:14 <anteaya> #startmeeting third-party 15:06:15 <openstack> Meeting started Mon Nov 9 15:06:14 2015 UTC and is due to finish in 60 minutes. The chair is anteaya. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:06:16 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:06:19 <openstack> The meeting name has been set to 'third_party' 15:06:22 <anteaya> sorry I'm late 15:06:30 <anteaya> pabelanger: you are correct, the time is right 15:06:37 <pabelanger> anteaya: thanks 15:06:41 <anteaya> I had to get my room key re-keyed 15:06:48 <anteaya> asselin__: morning 15:07:10 <asselin__> pabelanger, this one is for all 3rd party folks, and more ops-related. The other one is mainly for those actively working on patches/specs. 15:07:14 <asselin__> anteaya, good morning 15:07:35 <anteaya> is anyone else here this morning in addition to pabelanger and asselin__? 15:08:09 <anteaya> and any thoughts on what we should discuss today? 15:08:25 * pabelanger will wait until open disussions 15:08:55 <anteaya> pabelanger: may as well go now 15:08:59 <pabelanger> sure 15:09:41 <pabelanger> so, I might not be in the right meeting, so I'll start by asking. Do you discuss the tooling around 3rd party CI here? 15:09:48 <pabelanger> or is that for another meeting 15:10:17 <mmedvede> o/ 15:10:36 <anteaya> pabelanger: we can discuss it here 15:10:43 <anteaya> morning mmedvede 15:10:44 <pabelanger> great 15:11:48 <mmedvede> good morning anteaya 15:12:16 <pabelanger> So, my question is the following. I have started work on ansible roles for 3rd party CI. For example, ansible-role-nodepool, ansible-role-zuul. Right now, I have things hosted on github under my personal space, but I would like to move them into big tent. So, what I am asking is, would 3rd party CI be the proper location for these repos 15:12:39 <anteaya> pabelanger: what is the motivation for creating them? 15:12:56 <anteaya> pabelanger: who do you expect to use them and what are they using them to do? 15:12:57 <pabelanger> we want to use ansible over puppet 15:13:21 <anteaya> who is we in this case? 15:13:46 <pabelanger> in this case, downstream Red Hat. 15:14:13 <asselin__> pabelanger, what exactly to you mean by "would 3rd party CI be the proper location" 15:14:21 <pabelanger> there have also been some other people, I won't name them right now, who have expressed interest is using ansible role for 3rd party CI over puppet 15:15:09 <anteaya> well I'm interested in supporting development of things to help third party operators and their ci systems 15:15:17 <pabelanger> asselin__: I have asked openstack-infra if they are interested in hosting ansible-role-zuul under openstack-infa namespace. They declined since they would not consume them. So, I am looking for another team to use as the umbrella 15:15:20 <anteaya> I have no interest in being adversarial towards puppet 15:15:36 <anteaya> also I want to ensure that folks consuming tools infra supports is aware infra supports them 15:15:37 <pabelanger> adversarial? 15:15:45 <anteaya> as there are tools infra does not support 15:15:51 <anteaya> infra supports puppet 15:16:03 <anteaya> infra also uses ansible 15:16:25 <fungi> doesn't seem adversarial, but the infra team declined to govern ansible roles which duplicate our puppet modules because we're fans of having one strongly supported solution. the ansible roles can happily live elsewhere in the ecosystem for those who have a preference 15:16:25 <anteaya> folks are free to use whatever tools they wish 15:16:43 <anteaya> fungi: thank you 15:16:44 <pabelanger> correct. The reason I am asking here is 3rd party CI tends to run other tooling outside of openstack-infra down stream. 15:17:05 <anteaya> some third party ci operators choose to do that yes, 15:17:26 <anteaya> but they also do so without having infra support for their tooling choices 15:17:41 <pabelanger> fungi: right. Basically I am trying to figure out where these modules would live. If it is using existing teams, or some new team 15:17:59 <pabelanger> anteaya: agreed. and that is acceptable 15:18:06 <anteaya> I have no preference where the tools live 15:18:11 <asselin__> pabelanger, isn't the default 'openstack' 15:18:15 <fungi> it also doesn't necessarily need an official team to be in the openstack/ git namespace now 15:18:24 <fungi> you can always get them into gerrit and worry about forming a team later 15:19:20 <pabelanger> Right. I just wanted to make people aware of the effort to import them into gerrit, see if anybody major objections existed. 15:19:52 <pabelanger> the people are fine with the import into gerrit then dealing with which team to work with, I can proceed with that 15:20:08 <asselin__> no objections from me 15:20:09 <pabelanger> s/the/if the/ 15:20:15 <anteaya> pabelanger: thanks for having the discussion 15:20:21 <mmedvede> +1 15:21:05 <anteaya> any more on this topic? 15:21:36 <anteaya> pabelanger: did you get what you needed? 15:21:58 <pabelanger> none from me. Just to recap, everybody is okay with moving ansible-role-zuul into gerrit 15:22:14 <pabelanger> and dealing with which team to move under at a later date 15:22:15 <anteaya> well noone has any objections to that 15:22:18 <anteaya> that I heard 15:22:25 <pabelanger> great, just confirming 15:22:28 <anteaya> yup 15:22:29 <pabelanger> thank you 15:22:38 <anteaya> thanks for bringing it up for discussion 15:22:52 <anteaya> does anyone have any other topic to discuss? 15:23:03 <asselin__> yes, jenkins security issue: http://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli 15:23:26 <anteaya> asselin__: I do believe clarkb and fungi were addressing that on Friday 15:23:43 <anteaya> asselin__: I haven't checked since then to see what the current status is 15:23:46 <anteaya> anyone know? 15:23:47 <asselin__> anteaya, yes they were. Not sure how many 3rd party ops have public jenkins 15:23:58 <fungi> yep, we should be fine but it's a good idea to make sure other people running jenkins are also aware 15:24:00 <anteaya> asselin__: yup, good call bringing that up 15:24:08 <anteaya> fungi: yes 15:24:08 <fungi> in case they don't keep track of jenkins security announcements 15:24:32 <anteaya> which, we should note, they should begin to if you don't already 15:24:40 <anteaya> s/you/they 15:24:54 <fungi> we did get the recommended mitigation added to the puppet-jenkins module though it may still need some tweaking and also implies a restart or additional manual steps to apply online 15:25:21 <anteaya> I think it wasn't sticking after restart 15:25:30 <anteaya> if i parsed the logs correctly Friday night 15:25:52 <fungi> right, there was some subsequent discussion that the jenkins devs found where the race condition was and it may be better fixed in their git repo from whence i copied that file 15:25:52 <asselin__> anteaya, I saw those logs, but my tests showed it was sticking. 15:25:54 <anteaya> it being the fix 15:26:12 <anteaya> asselin__: wonderful, good to know 15:26:17 <anteaya> fungi: ah 15:26:24 <fungi> i'll revisit it here shortly once i get out of the other meeting i'm also in the middle of 15:26:26 * anteaya offers points for whence 15:26:49 <anteaya> fungi: yup, thanks for your help here, sorry to double team you on a Monday morning 15:27:02 <asselin__> fungi, I have a patch up that syncs to latest, but under merge conflict now: https://review.openstack.org/#/c/242787/ 15:28:03 <anteaya> #link asselin's jenkins fix https://review.openstack.org/#/c/242787 15:28:58 <anteaya> any more discussion on this topic? 15:29:32 <fungi> asselin__: it's merge conflicting because it duplicates a fix which already merged 15:29:48 <fungi> #link https://review.openstack.org/242713 15:30:20 <asselin__> fungi, yes, I know...code is not the same though.... 15:30:23 <fungi> well, partially duplicates. needs to be rebased 15:30:26 <fungi> yep 15:30:28 <asselin__> fungi, ++ 15:30:34 <fungi> i'll take a closer look in a bit 15:31:37 <anteaya> anything more on this? 15:32:42 <anteaya> does anyone have any other topic they would like to discuss today? 15:34:05 <asselin__> I made quite a few updates to https://review.openstack.org/#/c/227584/ (documentation for common-third-party-ci setup) 15:34:44 <anteaya> #link openstackci documentation patch: https://review.openstack.org/#/c/227584/ 15:34:45 <asselin__> big thanks to those reviewing and pointing out areas of confusion. 15:35:00 <anteaya> yes, wonderful work here 15:35:16 <anteaya> quite a few reviewers, nice to see 15:35:48 <anteaya> so if folks have a chance to take another pass on this latest patchset that would be great 15:36:25 <anteaya> asselin__: do you think we are close to getting something merged and then fixing it from there? 15:36:42 <anteaya> it will never be perfect but would be nice to have something merged in the repo 15:37:15 <asselin__> anteaya, yes I believe so. I've been following my own instructions on a clean system to see where things are working or not 15:37:37 <anteaya> wonderful 15:38:01 <anteaya> asselin__: so baring any objection perhaps merge what you have and let follow up concerns be addressed in patches 15:38:07 <asselin__> biggest changes are simplification of how puppet configurations are setup, and adding documentation to setup the log server 15:39:08 <asselin__> anteaya, yes, I think we can achieve that this week 15:39:33 <anteaya> asselin__: wonderful 15:39:39 <anteaya> thanks so much for you work here 15:39:43 <anteaya> it is awesome 15:39:59 <anteaya> and even if you don't hear it much, we all really appreciate it in infra 15:40:02 <anteaya> thank you so much 15:40:04 <anteaya> :) 15:40:16 <asselin__> thanks :) 15:41:28 <anteaya> so please review the documenation patch here if you are reading the logs 15:41:36 <anteaya> anything more to talk about today? 15:42:13 <anteaya> any objection to me closing this meeting? 15:42:55 <anteaya> thanks all for your kind attendance and participation 15:43:01 <anteaya> see you all next week 15:43:04 <anteaya> #endmeeting