Tuesday, 2020-04-07

*** jentoio has joined #opendev-meeting01:30
*** tobiash has joined #opendev-meeting08:05
clarkblooks like there are a few of us in here now18:59
fungiuyp19:00
fungiayup19:00
clarkb#startmeeting infra19:01
openstackMeeting started Tue Apr  7 19:01:01 2020 UTC and is due to finish in 60 minutes.  The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot.19:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:01
*** openstack changes topic to " (Meeting topic: infra)"19:01
openstackThe meeting name has been set to 'infra'19:01
clarkb#link http://lists.opendev.org/pipermail/service-discuss/2020-April/000000.html Our Agenda19:01
zbro/19:01
clarkb#topic Announcements19:01
*** openstack changes topic to "Announcements (Meeting topic: infra)"19:01
*** ianw has joined #opendev-meeting19:01
clarkbFor announcements the big one is the meeting is now here instead of #openstack-meeting. If you are in this cahnnel you already know that, but I had this up as a reminder to notify #openstack-meeting too19:01
clarkbwe've also got service-discuss@lists.opendev.org up and running. You should join that mailing list if you are interested in working on the services that comprose opendev19:02
*** diablo_rojo has joined #opendev-meeting19:02
clarkbif you justwant important announcements service-announce@lists.opendev.org is a good option (and fungi has a change up to udpate that info on https://opendev.org with shiny links)19:02
fungithough the site does at least currently mention the new mailing lists19:03
diablo_rojoo/19:03
fungiso that's a start19:03
fungi#link https://review.opendev.org/718188 Add IRC logs and ML subscribe links to opendev.org19:04
fungi(for the change clarkb mentioned)19:04
clarkbfungi: did infra-manual get updated too?19:04
fungithere were no mentions of our ml in infra-manual as far as i could find19:04
fungiwhich i think is likely a glaring omission, but at least did not warrant correcting19:04
corvuso/19:05
fungiadding it would be a good idea though19:05
clarkbfungi: I think there may be one or two occurences. I'll try to take a look after the meeting19:05
fungipossible my git grep was wrong19:05
*** mordred has joined #opendev-meeting19:05
mordredo/19:06
corvusso mordred will handle all of that then.. great!19:06
clarkbworks for me19:06
fungiclarkb: i take that back, it turns up the setup.cfg19:06
fungiwhich i noticed but figured was not worth correcting on its own19:06
clarkbfungi: doc/source/index.rst and doc/source/creators.rst too looks like19:07
clarkb#topic Priority Efforts19:07
*** openstack changes topic to "Priority Efforts (Meeting topic: infra)"19:07
clarkbLets dive right into the bulk of the meeting19:07
clarkb#topic Update Config Management19:07
*** openstack changes topic to "Update Config Management (Meeting topic: infra)"19:07
clarkbmordred: you've been pushing most of this along the last little while. Would you like to summarize some of the updates to how we are config managementing now19:07
fungiclarkb: oh! i searched for the e-mail address, yep, we have the hyperlink in there, will fix19:07
*** mnaser has joined #opendev-meeting19:08
mordredyes! so - there's this great stack everyone should review19:08
mordredhttps://review.opendev.org/#/q/topic:infra-prod-zuul+status:open19:08
mordredbut we've made great progress on shifting things from running out of cron on bridge.openstack.org to being triggered by zuul19:09
mordredfor many things things means we can insta-run them on landing19:09
mordredthere are a few things where we have external deps (and in this case external also includes zuul) - where we still need to also run periodically19:09
mordredso we added a new hourly pipeline to run those in19:09
mordredthe whole stack should be ready to go - it's just about landing things as we're comfortable19:10
mordredas a note - logs are not being collected and published by default19:10
mordredthere is a flag for that and we should only set it on a per-job basis once we've verified that the logs don't contain secret infos19:10
mordredI've also got a dockerized etherpad in progress, and a patch up for dockerized zuul19:11
clarkbhttps://review.opendev.org/#/c/718161/ is a change I wrote to make that verification of logs easier (as well as finding historical lgso in the current setup)19:11
clarkbbasically it will curate the logs on bridge for you19:11
mordredyah. end-goal should be that we don't have logs only on bridge- but it might take us a little bit to safely get tehre19:12
corvusoh nice19:12
clarkbone thing that I thought about yseterday when debugging gerrit weirdness is we are still not running containered gerrit yet are we?19:13
mordredhttps://review.opendev.org/#/c/717620/ is the zuul patch fwiw - there is a blocker with that we'll need to figure out, which is using AFS from bubblewrap from inside docker19:13
clarkbshould we plan to make that restart happen soon?19:13
mordredclarkb: no - we need to do a restart19:13
mordredand yse19:13
mordredbasically just need a stop/start cycle19:13
mordredso it shouldn't be a long downtime19:13
clarkbmaybe friday g=considering it is a holiday in many parts of the world?19:14
mordred++19:14
clarkbnot sure where the g= came from19:14
mordredgoogle probably added it for you19:14
fungig++19:14
fungi(maybe gnu added it for you!)19:15
clarkbalright anything else related to config management?19:15
mordredI think that's it from me19:16
clarkb#topic OpenDev19:17
*** openstack changes topic to "OpenDev (Meeting topic: infra)"19:17
clarkbNow that we've started getting the forward looking comms channels stuff set up I/we (though I'm volunteering, help apprecaited if interested) need to start the ball rolling on project leadership formalization as well as building the advisory board19:18
clarkbToday is supposed to be nice and sunny so I'll work on drafting some emails to the list to kick that off (I'll share them in etherpads)19:18
fungi#link https://review.opendev.org/718193 Update contact info for OpenDev community19:18
clarkbmy picnic table should be well positioned for writing emails :)19:18
fungijust to follow up on my terrible git grep skills earlier19:18
fungi(infra-manual edits)19:19
clarkbyup the other half of this is updating links and documents as necessary. If you find some old info please send up a patch or let someone know and we'll get a patch up19:19
clarkband more generally if you find documents that are out of date or could use a perspective shift let us know (doesn't have to be limited to the new comms channels)19:20
clarkbthe Get Started links on gitea are a good example of that turning out to be a positive chagne for everyone :)19:20
clarkbfungi: did you want to talk about the authentication stuff now?19:21
fungioh, yeah probably good to revisit that19:21
fungimainly just thinking we're reaching the point where it warrants rekindling the sso efforts we've started multiple times in the past19:22
mordred++19:22
fungirevisiting some old ground, also seeing what might be new since the last time we looked19:22
fungii was going to hit knikolla up for a bit more detail on the thing morgan had started working on for keystone19:23
fungialso i think i'm going to write a spec19:23
fungieven though it may be premature with no actual software identified we can use19:23
fungiwe basically have no documentation i've been able to find anywhere of the discussions we've had previously about what it is we want out of an sso implementation19:24
clarkbfungi: if it can identify specific use cases as well as what we need to transition from that would probably be helpful even without specific suggestions19:24
mordredit's worth noting that since last we looked the governance of dex has changed - and we also run things in containers now (which I believe was one of our concerns with it before, it was sort of "run me in containers" centric)19:24
clarkbmordred: there is also a newish thing called gluu that I ran across19:25
fungiwell, also some brief re-researching suggests we may want to consider options like completely dropping launchpad authentication19:25
mordredI believe we'd have to implement an openid v1 provider for dex if we wanted to use it and continuing having launchpad be a login source - but it _is_ an SSO proxy project, so other than lack of openid v1 it does seem to understand our use case19:25
mordredcool19:25
* mordred is guessing we;ll have to add openidv1 support to _anything_ we wind19:25
mordredfind19:25
clarkbmordred: or give up on openidv1 entirely19:25
fungiit seems launchpad never moved beyond very early openid protocols, and none of the currently maintained identity solutions out there support the protocols it uses these days19:26
clarkblaunchpad implements some subsets of other things like saml and oauth but only for their internal usage apparently? I have no idea if that might provide us a stepping stone or not19:26
clarkbbut definitely interested to start writing all this down19:26
fungiso yes, we should weigh whether a coordinated forklift of users with no clean migration from launchpad is more or less work than writing openid v1 support into whatever we end up deciding on19:27
mordredagree19:27
fungithat was the biggest sticking point i recall morgan running up against in his last attempt19:27
mordredyeah - our existing login data being openid v1 from launchpad is challenging :)19:28
fungiso keeping in mind that may simply be an unsatisfyable requirement and considering alternative options19:28
mordredyup19:28
mordredI don't think we need to keep launchpad as an ongoing auth source - but I do think we should be able to migrate and have people still able to log in to their gerrit account19:28
fungianyway, that's all i had, mostly just wanted to be sure folks think it's reasonable to whip up a spec to try and express what we want, even if we don't have more than a loose design plan so far19:29
mordred++19:29
mordredyes please19:29
mordredclarkb: gluu also doesn't support openidv119:29
clarkbmordred: ya basically nothing does19:29
clarkbonce google killed it everyone seemed to stop supporting it19:29
corvusit's pretty easy to add to anything written in python19:30
fungii've also heard rumors that some red hat employees don't want to interact with opendev services because it requires them to sign in with an ubuntu account, so providing more neutrally-branded options will hopefully satisfy some of those seemingly irrational objections19:30
mordredclarkb: fwiw - dex does jwt (good for zuul) and gluu does UMA - so that's a thing we should consider too19:30
mordredfungi: for the record, I am not motivated by sectarianism, and might be anti-motivated by that19:31
mordredBUT19:31
mordredI still think we need a better SSO story19:31
fungiyes, which is my primary motivation19:31
corvusat the very least, if there's a spec (or even a draft spec), you can just point them at that and say 'patches welcome'19:31
fungiwell, that and not being wholly dependent on a single identity provider we don't control19:31
mordredyup19:31
fungicorvus: yep, precisely19:31
clarkbmordred: I believe UMA is a superset of jwt so it may all just work19:31
mordredclarkb: cool19:31
clarkb(if it comes down to a uma providing tool being preferable)19:32
mordredoh - other differences - gluu is java, dex is go - neither is python19:32
fungicorvus: in fact i wanted to pass along the "patches welcome" invitation along with a link to our plan, and then realized i couldn't find it written down anywhere19:32
clarkbbut ya I'm not super concerned about specific tools as much as "the tools in the space ahs changed lets reevaluate with some concrete use cases/requirements/goals"19:33
mordredclarkb: ++19:33
corvusi think there was a (draft) spec, i'm not sure we ever approved it?19:33
fungicorvus: maybe it got abandoned, i checked proposed specs and didn't see one19:33
fungialso possible i'm blind19:33
fungiif the old spec can be found i'm happy to resurrect/revise/whatever19:34
fungiwill go back and look again to be certain19:34
clarkbthanks!19:35
corvusit looks like ubuntu one uses oauth for the desktop portion of things19:35
corvusi wonder if there might be something usable there?19:35
fungithat sounds like it would have to be public-facing then19:35
clarkbcorvus: ya there is definitely some stuff to investigate there as option for migration19:35
clarkbfungi: I believe its all public facing, but they don't do fully spec compliant implementations, they just do the subset they need for $usecase19:36
corvus(or continued support for people who want to keep using that)19:36
clarkbso if our use case can fit into that subset (and we can figure out how to integrate with launchpad with no docs) that may be viable19:36
mordredmaybe it's enough for a transition19:36
mordredyeah19:36
fungialso i just went back over open and abandoned specs and didn't find it. i thought i remembered an outline in a mailing list post (maybe from corvus) several years back, but my searching was insufficient to locate it19:37
fungimight be remembering the old idp poc19:37
corvusi thought mordred wrote it19:37
fungiahh, perhaps19:37
mordredI think I might have sent the email19:38
mordredbut I also can't find it19:38
mordredI remember writing it19:38
fungiwell, at this point it's likely easier to just redo from scratch19:38
fungienough has changed19:38
fungii'll see what i come up with19:38
mordredyeah - I think the biggest benefit of finding it might have been the part where we describe the use case19:38
fungianyway, didn't want to suck up this much of the meeting19:39
clarkbthere wasn't much else on the agenda. Why don't we finish that up then can continue this discussion after if we have time19:39
clarkbDoes anyone else have OpenDev related items to bring up (that was all I had)?19:39
clarkb#topic General Topics19:41
*** openstack changes topic to "General Topics (Meeting topic: infra)"19:41
clarkbOnly one entry here, the wiki entry.19:41
clarkbfungi: fwiw I am happy to remove it, but since we've been good at ignoring the wiki in the past I don't want to forget it if there is movement on it19:41
clarkbI don't think there has been recent movement. Let me know if you think its useful to have the check ins or if we should remove this from the agenda19:42
fungithere has not, i also am not sure it's useful to revisit weekly, but am unopposed19:42
fungimaybe i or someone will take it as a cue to do something19:43
clarkbk19:43
clarkb#topic Open Discussion19:44
*** openstack changes topic to "Open Discussion (Meeting topic: infra)"19:44
clarkbfeel free to discuss the authentication stuff more now. Or bring up other items19:44
fungii didn't really have anything else on that topic for now, but if folks had more suggestions i'm game19:44
ianwi'm making some progress on removing pip-and-virtualenv19:45
ianwbasically going through zuul-jobs and figuring out where we've made assumptions that pip and virtualenv exist on the platform they're running on19:46
ianwthis has come to more of a head with latest fedora's and suse's dropping python2 support, making changes required in the pip-and-virtualenv element that would make it even crazier than it already is19:47
mordredit's maybe worth mentioning there is a big pile of changes in zuul-jobs  that just landed to rename things from install- to ensure-19:47
mordredianw: ++19:48
fungigood timing in that case!19:48
ianwyep, ensure-* seems to fit what we do much better19:48
fungii feel like moving the meeting to our shiny new channel has also made it faster19:50
clarkbfungi: there was also lots of fire fighting over the last week19:51
clarkbor maybe it seemed that way19:51
fungino, there definitely was19:51
fungithe past several weeks really19:51
clarkbsounds like that may be it for the meeting?19:52
clarkbI'll go ahead and call it a few minutes early.19:52
clarkbTHanks everyone!19:52
fungiour first early finish in... ages19:52
clarkb#endmeeting19:52
fungithanks clarkb!19:52
*** openstack changes topic to "Incident management and meetings for the OpenDev sysadmins; normal discussions are in #opendev"19:52
openstackMeeting ended Tue Apr  7 19:52:36 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)19:52
openstackMinutes:        http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-04-07-19.01.html19:52
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-04-07-19.01.txt19:52
openstackLog:            http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-04-07-19.01.log.html19:52

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!