*** jentoio has joined #opendev-meeting | 01:30 | |
*** tobiash has joined #opendev-meeting | 08:05 | |
clarkb | looks like there are a few of us in here now | 18:59 |
---|---|---|
fungi | uyp | 19:00 |
fungi | ayup | 19:00 |
clarkb | #startmeeting infra | 19:01 |
openstack | Meeting started Tue Apr 7 19:01:01 2020 UTC and is due to finish in 60 minutes. The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot. | 19:01 |
openstack | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 19:01 |
*** openstack changes topic to " (Meeting topic: infra)" | 19:01 | |
openstack | The meeting name has been set to 'infra' | 19:01 |
clarkb | #link http://lists.opendev.org/pipermail/service-discuss/2020-April/000000.html Our Agenda | 19:01 |
zbr | o/ | 19:01 |
clarkb | #topic Announcements | 19:01 |
*** openstack changes topic to "Announcements (Meeting topic: infra)" | 19:01 | |
*** ianw has joined #opendev-meeting | 19:01 | |
clarkb | For announcements the big one is the meeting is now here instead of #openstack-meeting. If you are in this cahnnel you already know that, but I had this up as a reminder to notify #openstack-meeting too | 19:01 |
clarkb | we've also got service-discuss@lists.opendev.org up and running. You should join that mailing list if you are interested in working on the services that comprose opendev | 19:02 |
*** diablo_rojo has joined #opendev-meeting | 19:02 | |
clarkb | if you justwant important announcements service-announce@lists.opendev.org is a good option (and fungi has a change up to udpate that info on https://opendev.org with shiny links) | 19:02 |
fungi | though the site does at least currently mention the new mailing lists | 19:03 |
diablo_rojo | o/ | 19:03 |
fungi | so that's a start | 19:03 |
fungi | #link https://review.opendev.org/718188 Add IRC logs and ML subscribe links to opendev.org | 19:04 |
fungi | (for the change clarkb mentioned) | 19:04 |
clarkb | fungi: did infra-manual get updated too? | 19:04 |
fungi | there were no mentions of our ml in infra-manual as far as i could find | 19:04 |
fungi | which i think is likely a glaring omission, but at least did not warrant correcting | 19:04 |
corvus | o/ | 19:05 |
fungi | adding it would be a good idea though | 19:05 |
clarkb | fungi: I think there may be one or two occurences. I'll try to take a look after the meeting | 19:05 |
fungi | possible my git grep was wrong | 19:05 |
*** mordred has joined #opendev-meeting | 19:05 | |
mordred | o/ | 19:06 |
corvus | so mordred will handle all of that then.. great! | 19:06 |
clarkb | works for me | 19:06 |
fungi | clarkb: i take that back, it turns up the setup.cfg | 19:06 |
fungi | which i noticed but figured was not worth correcting on its own | 19:06 |
clarkb | fungi: doc/source/index.rst and doc/source/creators.rst too looks like | 19:07 |
clarkb | #topic Priority Efforts | 19:07 |
*** openstack changes topic to "Priority Efforts (Meeting topic: infra)" | 19:07 | |
clarkb | Lets dive right into the bulk of the meeting | 19:07 |
clarkb | #topic Update Config Management | 19:07 |
*** openstack changes topic to "Update Config Management (Meeting topic: infra)" | 19:07 | |
clarkb | mordred: you've been pushing most of this along the last little while. Would you like to summarize some of the updates to how we are config managementing now | 19:07 |
fungi | clarkb: oh! i searched for the e-mail address, yep, we have the hyperlink in there, will fix | 19:07 |
*** mnaser has joined #opendev-meeting | 19:08 | |
mordred | yes! so - there's this great stack everyone should review | 19:08 |
mordred | https://review.opendev.org/#/q/topic:infra-prod-zuul+status:open | 19:08 |
mordred | but we've made great progress on shifting things from running out of cron on bridge.openstack.org to being triggered by zuul | 19:09 |
mordred | for many things things means we can insta-run them on landing | 19:09 |
mordred | there are a few things where we have external deps (and in this case external also includes zuul) - where we still need to also run periodically | 19:09 |
mordred | so we added a new hourly pipeline to run those in | 19:09 |
mordred | the whole stack should be ready to go - it's just about landing things as we're comfortable | 19:10 |
mordred | as a note - logs are not being collected and published by default | 19:10 |
mordred | there is a flag for that and we should only set it on a per-job basis once we've verified that the logs don't contain secret infos | 19:10 |
mordred | I've also got a dockerized etherpad in progress, and a patch up for dockerized zuul | 19:11 |
clarkb | https://review.opendev.org/#/c/718161/ is a change I wrote to make that verification of logs easier (as well as finding historical lgso in the current setup) | 19:11 |
clarkb | basically it will curate the logs on bridge for you | 19:11 |
mordred | yah. end-goal should be that we don't have logs only on bridge- but it might take us a little bit to safely get tehre | 19:12 |
corvus | oh nice | 19:12 |
clarkb | one thing that I thought about yseterday when debugging gerrit weirdness is we are still not running containered gerrit yet are we? | 19:13 |
mordred | https://review.opendev.org/#/c/717620/ is the zuul patch fwiw - there is a blocker with that we'll need to figure out, which is using AFS from bubblewrap from inside docker | 19:13 |
clarkb | should we plan to make that restart happen soon? | 19:13 |
mordred | clarkb: no - we need to do a restart | 19:13 |
mordred | and yse | 19:13 |
mordred | basically just need a stop/start cycle | 19:13 |
mordred | so it shouldn't be a long downtime | 19:13 |
clarkb | maybe friday g=considering it is a holiday in many parts of the world? | 19:14 |
mordred | ++ | 19:14 |
clarkb | not sure where the g= came from | 19:14 |
mordred | google probably added it for you | 19:14 |
fungi | g++ | 19:14 |
fungi | (maybe gnu added it for you!) | 19:15 |
clarkb | alright anything else related to config management? | 19:15 |
mordred | I think that's it from me | 19:16 |
clarkb | #topic OpenDev | 19:17 |
*** openstack changes topic to "OpenDev (Meeting topic: infra)" | 19:17 | |
clarkb | Now that we've started getting the forward looking comms channels stuff set up I/we (though I'm volunteering, help apprecaited if interested) need to start the ball rolling on project leadership formalization as well as building the advisory board | 19:18 |
clarkb | Today is supposed to be nice and sunny so I'll work on drafting some emails to the list to kick that off (I'll share them in etherpads) | 19:18 |
fungi | #link https://review.opendev.org/718193 Update contact info for OpenDev community | 19:18 |
clarkb | my picnic table should be well positioned for writing emails :) | 19:18 |
fungi | just to follow up on my terrible git grep skills earlier | 19:18 |
fungi | (infra-manual edits) | 19:19 |
clarkb | yup the other half of this is updating links and documents as necessary. If you find some old info please send up a patch or let someone know and we'll get a patch up | 19:19 |
clarkb | and more generally if you find documents that are out of date or could use a perspective shift let us know (doesn't have to be limited to the new comms channels) | 19:20 |
clarkb | the Get Started links on gitea are a good example of that turning out to be a positive chagne for everyone :) | 19:20 |
clarkb | fungi: did you want to talk about the authentication stuff now? | 19:21 |
fungi | oh, yeah probably good to revisit that | 19:21 |
fungi | mainly just thinking we're reaching the point where it warrants rekindling the sso efforts we've started multiple times in the past | 19:22 |
mordred | ++ | 19:22 |
fungi | revisiting some old ground, also seeing what might be new since the last time we looked | 19:22 |
fungi | i was going to hit knikolla up for a bit more detail on the thing morgan had started working on for keystone | 19:23 |
fungi | also i think i'm going to write a spec | 19:23 |
fungi | even though it may be premature with no actual software identified we can use | 19:23 |
fungi | we basically have no documentation i've been able to find anywhere of the discussions we've had previously about what it is we want out of an sso implementation | 19:24 |
clarkb | fungi: if it can identify specific use cases as well as what we need to transition from that would probably be helpful even without specific suggestions | 19:24 |
mordred | it's worth noting that since last we looked the governance of dex has changed - and we also run things in containers now (which I believe was one of our concerns with it before, it was sort of "run me in containers" centric) | 19:24 |
clarkb | mordred: there is also a newish thing called gluu that I ran across | 19:25 |
fungi | well, also some brief re-researching suggests we may want to consider options like completely dropping launchpad authentication | 19:25 |
mordred | I believe we'd have to implement an openid v1 provider for dex if we wanted to use it and continuing having launchpad be a login source - but it _is_ an SSO proxy project, so other than lack of openid v1 it does seem to understand our use case | 19:25 |
mordred | cool | 19:25 |
* mordred is guessing we;ll have to add openidv1 support to _anything_ we wind | 19:25 | |
mordred | find | 19:25 |
clarkb | mordred: or give up on openidv1 entirely | 19:25 |
fungi | it seems launchpad never moved beyond very early openid protocols, and none of the currently maintained identity solutions out there support the protocols it uses these days | 19:26 |
clarkb | launchpad implements some subsets of other things like saml and oauth but only for their internal usage apparently? I have no idea if that might provide us a stepping stone or not | 19:26 |
clarkb | but definitely interested to start writing all this down | 19:26 |
fungi | so yes, we should weigh whether a coordinated forklift of users with no clean migration from launchpad is more or less work than writing openid v1 support into whatever we end up deciding on | 19:27 |
mordred | agree | 19:27 |
fungi | that was the biggest sticking point i recall morgan running up against in his last attempt | 19:27 |
mordred | yeah - our existing login data being openid v1 from launchpad is challenging :) | 19:28 |
fungi | so keeping in mind that may simply be an unsatisfyable requirement and considering alternative options | 19:28 |
mordred | yup | 19:28 |
mordred | I don't think we need to keep launchpad as an ongoing auth source - but I do think we should be able to migrate and have people still able to log in to their gerrit account | 19:28 |
fungi | anyway, that's all i had, mostly just wanted to be sure folks think it's reasonable to whip up a spec to try and express what we want, even if we don't have more than a loose design plan so far | 19:29 |
mordred | ++ | 19:29 |
mordred | yes please | 19:29 |
mordred | clarkb: gluu also doesn't support openidv1 | 19:29 |
clarkb | mordred: ya basically nothing does | 19:29 |
clarkb | once google killed it everyone seemed to stop supporting it | 19:29 |
corvus | it's pretty easy to add to anything written in python | 19:30 |
fungi | i've also heard rumors that some red hat employees don't want to interact with opendev services because it requires them to sign in with an ubuntu account, so providing more neutrally-branded options will hopefully satisfy some of those seemingly irrational objections | 19:30 |
mordred | clarkb: fwiw - dex does jwt (good for zuul) and gluu does UMA - so that's a thing we should consider too | 19:30 |
mordred | fungi: for the record, I am not motivated by sectarianism, and might be anti-motivated by that | 19:31 |
mordred | BUT | 19:31 |
mordred | I still think we need a better SSO story | 19:31 |
fungi | yes, which is my primary motivation | 19:31 |
corvus | at the very least, if there's a spec (or even a draft spec), you can just point them at that and say 'patches welcome' | 19:31 |
fungi | well, that and not being wholly dependent on a single identity provider we don't control | 19:31 |
mordred | yup | 19:31 |
fungi | corvus: yep, precisely | 19:31 |
clarkb | mordred: I believe UMA is a superset of jwt so it may all just work | 19:31 |
mordred | clarkb: cool | 19:31 |
clarkb | (if it comes down to a uma providing tool being preferable) | 19:32 |
mordred | oh - other differences - gluu is java, dex is go - neither is python | 19:32 |
fungi | corvus: in fact i wanted to pass along the "patches welcome" invitation along with a link to our plan, and then realized i couldn't find it written down anywhere | 19:32 |
clarkb | but ya I'm not super concerned about specific tools as much as "the tools in the space ahs changed lets reevaluate with some concrete use cases/requirements/goals" | 19:33 |
mordred | clarkb: ++ | 19:33 |
corvus | i think there was a (draft) spec, i'm not sure we ever approved it? | 19:33 |
fungi | corvus: maybe it got abandoned, i checked proposed specs and didn't see one | 19:33 |
fungi | also possible i'm blind | 19:33 |
fungi | if the old spec can be found i'm happy to resurrect/revise/whatever | 19:34 |
fungi | will go back and look again to be certain | 19:34 |
clarkb | thanks! | 19:35 |
corvus | it looks like ubuntu one uses oauth for the desktop portion of things | 19:35 |
corvus | i wonder if there might be something usable there? | 19:35 |
fungi | that sounds like it would have to be public-facing then | 19:35 |
clarkb | corvus: ya there is definitely some stuff to investigate there as option for migration | 19:35 |
clarkb | fungi: I believe its all public facing, but they don't do fully spec compliant implementations, they just do the subset they need for $usecase | 19:36 |
corvus | (or continued support for people who want to keep using that) | 19:36 |
clarkb | so if our use case can fit into that subset (and we can figure out how to integrate with launchpad with no docs) that may be viable | 19:36 |
mordred | maybe it's enough for a transition | 19:36 |
mordred | yeah | 19:36 |
fungi | also i just went back over open and abandoned specs and didn't find it. i thought i remembered an outline in a mailing list post (maybe from corvus) several years back, but my searching was insufficient to locate it | 19:37 |
fungi | might be remembering the old idp poc | 19:37 |
corvus | i thought mordred wrote it | 19:37 |
fungi | ahh, perhaps | 19:37 |
mordred | I think I might have sent the email | 19:38 |
mordred | but I also can't find it | 19:38 |
mordred | I remember writing it | 19:38 |
fungi | well, at this point it's likely easier to just redo from scratch | 19:38 |
fungi | enough has changed | 19:38 |
fungi | i'll see what i come up with | 19:38 |
mordred | yeah - I think the biggest benefit of finding it might have been the part where we describe the use case | 19:38 |
fungi | anyway, didn't want to suck up this much of the meeting | 19:39 |
clarkb | there wasn't much else on the agenda. Why don't we finish that up then can continue this discussion after if we have time | 19:39 |
clarkb | Does anyone else have OpenDev related items to bring up (that was all I had)? | 19:39 |
clarkb | #topic General Topics | 19:41 |
*** openstack changes topic to "General Topics (Meeting topic: infra)" | 19:41 | |
clarkb | Only one entry here, the wiki entry. | 19:41 |
clarkb | fungi: fwiw I am happy to remove it, but since we've been good at ignoring the wiki in the past I don't want to forget it if there is movement on it | 19:41 |
clarkb | I don't think there has been recent movement. Let me know if you think its useful to have the check ins or if we should remove this from the agenda | 19:42 |
fungi | there has not, i also am not sure it's useful to revisit weekly, but am unopposed | 19:42 |
fungi | maybe i or someone will take it as a cue to do something | 19:43 |
clarkb | k | 19:43 |
clarkb | #topic Open Discussion | 19:44 |
*** openstack changes topic to "Open Discussion (Meeting topic: infra)" | 19:44 | |
clarkb | feel free to discuss the authentication stuff more now. Or bring up other items | 19:44 |
fungi | i didn't really have anything else on that topic for now, but if folks had more suggestions i'm game | 19:44 |
ianw | i'm making some progress on removing pip-and-virtualenv | 19:45 |
ianw | basically going through zuul-jobs and figuring out where we've made assumptions that pip and virtualenv exist on the platform they're running on | 19:46 |
ianw | this has come to more of a head with latest fedora's and suse's dropping python2 support, making changes required in the pip-and-virtualenv element that would make it even crazier than it already is | 19:47 |
mordred | it's maybe worth mentioning there is a big pile of changes in zuul-jobs that just landed to rename things from install- to ensure- | 19:47 |
mordred | ianw: ++ | 19:48 |
fungi | good timing in that case! | 19:48 |
ianw | yep, ensure-* seems to fit what we do much better | 19:48 |
fungi | i feel like moving the meeting to our shiny new channel has also made it faster | 19:50 |
clarkb | fungi: there was also lots of fire fighting over the last week | 19:51 |
clarkb | or maybe it seemed that way | 19:51 |
fungi | no, there definitely was | 19:51 |
fungi | the past several weeks really | 19:51 |
clarkb | sounds like that may be it for the meeting? | 19:52 |
clarkb | I'll go ahead and call it a few minutes early. | 19:52 |
clarkb | THanks everyone! | 19:52 |
fungi | our first early finish in... ages | 19:52 |
clarkb | #endmeeting | 19:52 |
fungi | thanks clarkb! | 19:52 |
*** openstack changes topic to "Incident management and meetings for the OpenDev sysadmins; normal discussions are in #opendev" | 19:52 | |
openstack | Meeting ended Tue Apr 7 19:52:36 2020 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 19:52 |
openstack | Minutes: http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-04-07-19.01.html | 19:52 |
openstack | Minutes (text): http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-04-07-19.01.txt | 19:52 |
openstack | Log: http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-04-07-19.01.log.html | 19:52 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!