Tuesday, 2020-05-26

*** tobiash has quit IRC07:28
*** openstackstatus has quit IRC07:39
*** openstackstatus has joined #opendev-meeting07:39
*** ChanServ sets mode: +v openstackstatus07:39
*** tobiash has joined #opendev-meeting08:07
*** tobiash has quit IRC09:02
*** tobiash_ has joined #opendev-meeting09:02
*** SotK has quit IRC09:24
*** SotK has joined #opendev-meeting12:26
*** tobiash_ is now known as tobiash13:37
*** yoctozepto8 has joined #opendev-meeting14:00
*** yoctozepto has quit IRC14:01
*** yoctozepto8 is now known as yoctozepto14:01
*** hrw has joined #opendev-meeting18:24
clarkbwe'll get the meeting started shortly18:59
*** diablo_rojo has joined #opendev-meeting18:59
hrwo/18:59
mordredo/19:00
diablo_rojoo/19:00
corvuso/19:00
fungiohai19:00
clarkb#startmeeting infra19:01
openstackMeeting started Tue May 26 19:01:16 2020 UTC and is due to finish in 60 minutes.  The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot.19:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:01
*** openstack changes topic to " (Meeting topic: infra)"19:01
openstackThe meeting name has been set to 'infra'19:01
clarkb#link http://lists.opendev.org/pipermail/service-discuss/2020-May/000029.html Our Agenda19:01
ianwo/19:01
clarkb#topic Announcements19:01
*** openstack changes topic to "Announcements (Meeting topic: infra)"19:01
clarkbThe PTG is running next week19:02
zbro/19:02
AJaegero/19:02
clarkbwe'll talk more about that later in the meeting, but wanted to make sure people were aware that was going to happen next week19:02
clarkb#topic Actions from last meeting19:02
*** openstack changes topic to "Actions from last meeting (Meeting topic: infra)"19:02
clarkb#link http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-05-19-19.01.txt minutes from last meeting19:02
clarkbThere were no recorded actions, though I think a fair bit has happened so lets continue and discuss19:03
clarkb#topic Priority Efforts19:03
*** openstack changes topic to "Priority Efforts (Meeting topic: infra)"19:03
clarkb#topic Update Config Management19:03
*** openstack changes topic to "Update Config Management (Meeting topic: infra)"19:03
clarkbmordred: corvus: fungi: I think we have learned new things about using Zuul for CD thursday-friday ish?19:03
clarkbspecifically how requiring base and things like LE before running other services can have cascading effects. This is something ianw has pointed out before and has proposed a potential workaround19:04
corvusa new insight is that since sometimes we have the run-zuul job run without the other base jobs, then we can short-circuit the protections afforded by running it in sequence after the base jobs19:05
mordredyeah. that was less awesome19:05
corvusclarkb: what's the ianw fix?19:05
mordredclarkb: I've also got an idea about splitting base into per-service-base19:05
corvusalso, mordred had a proposal he was noodling on19:05
mordredthat I wanted to check with people about today and then if it's ok with people I'll write it19:06
clarkbcorvus: https://review.opendev.org/#/c/727907/ its a potential fix for unreachable hosts (basically ignore them). That is a subset of the issues we ran into19:06
clarkbI pointed out that may not be safe given that we sometimes do expect things to run in order. However ignornign things like that specifically in base may be ok. My biggest concern with base there would be ignoring a host and not setting up its firewall properly, then that host somehow working a few minutes later when services are configured19:07
mordredthe idea in a nutshell is - make per-service base playbooks that run the base roles, move the soft-depend from service-playbook->base to service-playbook->service-base - and add appropriate file matchers19:07
mordredthis allows us to still run base things before services - but limits the success-needed scope to the hosts involved in the given service19:07
mordredso if paste is unreachable, we don't skip running zuul19:08
mordredbut - will WILL skip running paste if paste-base fails19:08
corvusmordred: what about running the base role in the normal service playbook, and putting limits on all the service jobs?19:08
mordredwe do this rather than just putting base roles into every service playbook to avoid no-op installing users for 5 minutes on every service19:08
corvusmordred: (ie, "limit: zuul" on run-zuul -- would that waste too much time running the base role?)19:09
mordredcorvus: those were the two other ideas - base role in normal servicve I don't like because most of the base stuff moves very slowly but does take a non-zero amount of time to do nothing on each service invocation - and with zuul file matchers we can reduce the number of times we run service-base19:09
corvusi don't even really know why the base job ran for my change series :(19:10
mordredcorvus: and yeah - I think we could run base.yaml --limit zuul ... but on friday when we were talking about it it seemed like we might have a harder time understanding exactly what was going on with that approach19:10
clarkbmy biggest concern with the above proposal is it seems like it could get very complicated quickly19:10
clarkbcorvus' suggestion is much simpler but might be less efficient19:10
clarkbs/might/very likely/19:10
mordredthere are like 4 proposals - sorry, can we be more specific19:11
mordredlet me name them:19:11
mordreda) ignore unreachable b) service-base c) base-in-service d) --limit19:11
*** hamalq has joined #opendev-meeting19:12
clarkbb seems like it will have many complicated file matcher rules and it will be more difficult to understand when things will run. c seems much simpler (that is what my comment above was trying to say)19:12
mordredawesome. and yes - I agree - I think c is the simplest thing to understand - although it might be less efficient on a per-service basis19:13
ianwclarkb: "would be ignoring a host and not setting up its firewall properly, then that host somehow working a few minutes later when services are configured" ... the intent at least was to ignore the unreachable host (so it would presumably be unreachable for the service playbook); if it was an error that's a different exit code so serivce playbook stops19:13
corvusbecause the file matchers for b would be the union of the matchers for todays "base" and today's "service" playbooks?19:14
ianwnot that i'm really arguing for a)19:14
mordredcorvus: I think we could trim down the matchers for today's "base" - they're currently a bit broad19:14
mordredbut yes19:14
mordredwell ...19:14
mordredno19:14
mordredservice-base would be a per-service subset of today's base file matchers - but would not need to include a service's file matchers19:15
mordredtoday I think we do base on inventory and playbooks/host_vars19:15
mordredif we did per-service base, we could file-matchers on specific host_vars19:15
mordredlike we do for service19:15
mordredbut we can also do that with c)19:15
clarkbright it would be host_vars/service*.yaml and group_vars/service.yaml rather than host_vars/* group_vars/* sort of thing right?19:15
mordredyeah19:16
corvuswhat's the job name for base today?19:16
corvus(cause it's not "runbase19:16
clarkbinfra-prod-run-base iirc19:16
corvusno that's "run base on pretend nodes for testing"19:16
corvusnot "actually run base on real nodes"19:16
mordredcorvus: infra-prod-base19:16
mordredand it's triggered on all of inventory/ playbooks/host_vars/ and playbooks/group_vars/19:17
mordred(as well as base.yaml and the base roles)19:17
corvusthat explains why it ran for my changes; it's hard to change stuff without changing host_vars19:18
mordredyeah19:18
clarkbthinking out loud here, I think I'd be happy to try b) with a fallback of c) if we find it is too complicated19:18
clarkbmostly wanted to call out the potential for complexity early so that we can try and minimize it19:18
mordred++ ... I think the file matchers are going to be very similar for b) and c)19:18
mordredhow about I try it for one service and we can look at it19:18
mordredand if it's too complex, we go with c)19:19
clarkbwfm19:19
corvusiiuc, b) we'll have a set of like 4-6 file matchers for each service-base job19:19
corvusthey'll basically look the same19:19
corvusexcept the specific groups and hostvars files/dirs will be service related19:19
mordredyeah. and there's not an awesome way to de-duplicate taht19:19
corvusso i think it'll be *verbose* but maybe not *complicated*19:19
ianwis it correct to say c) means basically every playbooks/service-*.yaml will have a pre_task of include_tasks: base.yaml?19:19
mordredcorvus: ++19:20
mordredianw: basically yeah19:20
mordredcorvus: I just had an idea ...19:20
mordredcorvus: I *think* normal ansible supports roles in subdirs referenced with dot notation... maybe we put our base roles in playbooks/roles/base - so we can make the file matchers list smaller19:20
mordredso it would be roles: - base.users19:21
mordredI can do a test of that too and see if it works- could allow us to shrink the file matchers19:22
corvussounds good19:22
corvushey19:22
corvusi wonder if there's something we can do about the hostvars like that too19:23
corvuslike, could we segregate the base hostvars in such a way that we can more correctly detect when to run base19:23
corvuscause just looking at the roles base runs, they pretty much never change, including the data for them19:24
mordredcorvus: I think that's a good idea19:24
corvusbut we need to run the job a lot because of hostvars19:24
clarkbcorvus: if it recursively looks for matching filenames we might be able to use host_vars/zuul/zuul01.yaml and then just match on host_vars/zuul ?19:24
clarkbI have no idea if ansible works that way though19:25
mordredI do not think it does19:25
mordredoh - you know ...19:25
corvusthe roles are: users, base-repos, base-server, timezone, unbound, exim, snmpd, iptables19:25
mordredyeah19:25
mordredremote:   https://review.opendev.org/730937 WIP Move users into a base subdir19:26
mordredI just pushed that up to see if subdirs will work for role organizaiton19:26
mordredwe could maybe make a second hostvar location into which we just put base-associated hostvars19:26
mordredmaybe inside of the inventory dir19:26
corvusyeah, that sounds worth exploring19:26
mordredso we could have inventory/host_vars/zuul01.openstack.org.yarml into which we put base hostvars for zuul - and playbooks/host_vars/zuul01.openstack.org.yaml has hostvars for the zuul service playbook19:27
mordredbut we should write our own plugin that understands .yarml files19:27
corvusthat's the key19:27
mordredI think it's super important19:27
mordredsimilarly ...19:27
mordredwe could split the inventory into multiple files19:28
mordred(we own the plugin that does that anyway)19:28
clarkbwe tend to not change the inventory super often so that may be a good followin?19:28
clarkb*follow on19:28
mordredyeah19:28
mordredjust thinking of ways to simplify matching what to run when19:28
clarkbanother appraoch could be to avoid having zuul's job descriptions determine the rulse for us19:29
clarkbwe could have a system that zuul triggered that determined what to execute based on git deltas or similar19:29
clarkb(this is me thinking out loud, I Think that would take far more effort to get right since we'd be building that from scratch and in many ways it will probably look like what zuul is already doing)19:30
mordredI think that would wind up needing to implement something similar to file matchers19:30
mordredyeah19:30
corvusyeah, though it might centralize it a bit19:30
corvus(we have have a job that decides what child jobs to run)19:30
corvuser19:30
corvus(we can have have a job that decides what child jobs to run)19:30
mordredthat's a good point19:31
corvusstill, i think b and the related things we discussed are a good place to start19:32
clarkbas a time check half our hour is gone now. Do we think mordred's plan to try it out on some services is a good place to start or should we discuss this further?19:32
clarkbcorvus: ++ from me19:32
corvusand we can think about a dispatch job if it gets wild19:32
mordredI'll get a patch doing b) for service-zuul up after the meeting19:32
clarkbmordred: thanks19:32
clarkbanything else config management related before we move on?19:32
mordredafter I get done with that19:33
mordredI want to start working on gerrit upgrade19:33
zbrsuper19:33
clarkbmordred: exciting, there is a recent thread on gerrit performance post upgrade to notedb that we may want to read over19:33
clarkb(as part of upgrade planning)19:33
mordredyup. have been reading that19:33
mordredsome things about frequent aggressive GC19:34
clarkbI was somewhat disappointed that some of the response seems to have been "notedb performs less well deal with it"19:34
mordred clarkb moore's law will fix19:34
corvusyeah, i think notedb perf depends a lot on caching19:35
clarkb#topic OpenDev19:36
*** openstack changes topic to "OpenDev (Meeting topic: infra)"19:36
clarkbI've sent out the call for advisory board volunteers.19:36
clarkb#link http://lists.opendev.org/pipermail/service-discuss/2020-May/000026.html Advisory Board thread. We have some volunteers already!19:37
clarkbwe've gotten a couple responses so far which is good considering there were holidaysi n many parts of the world recently19:37
* hrw joins19:38
clarkbI think the next steps here are to give people enough time to catch up on email, and work through how various groups want to select membership. But in a few weeks I'm hopiong we can select a simple operating mechanism for reaching out between the groups (admins and advisory baord)19:39
clarkbI suggested a simple mailing list subject tag, but we'll see if that makes sense once we've got a membership19:39
clarkbany questions or concerns on this?19:39
fungithe subject tag may also be more trouble than its worth until volume ramps up on that ml (assuming it ever does)19:40
clarkbfungi: ya thats possible, I can see it being nice for client side filtration too though19:40
clarkb(even if you are getting all of the emails)19:40
fungiot'19:41
fungigrr19:41
fungiit's also something we could talk about during the ptg19:41
clarkb++19:41
clarkb#topic General topics19:42
*** openstack changes topic to "General topics (Meeting topic: infra)"19:42
clarkb#topic pip-and-virtualenv next steps19:42
*** openstack changes topic to "pip-and-virtualenv next steps (Meeting topic: infra)"19:42
clarkbianw: I kept this on the agenda as I didnt' see announcement of the changes we had planned. Anything we can do to help or is it simlpy a matter of time now?19:43
ianwi've been working on the announcement at https://etherpad.opendev.org/p/rm-pip-and-virtualenv19:43
ianwit feels way too long19:43
fungimaybe the summary needs a summary? ;)19:44
clarkb#link https://etherpad.opendev.org/p/rm-pip-and-virtualenv announcement draft for pip and virtualenv changes19:44
ianwfungi: yeah, i'll put a tl;dr at the top19:44
clarkbsounds like it is moving along then, should we keep this on the agenda for next meeting?19:45
corvusmaybe something action focused?  like "no action required unless $foo happens in which case you can $bar"19:45
corvuswhich i *think* is the case :)  -- ie, i think we're telling people they shouldn't need to do anything, but jobs are varied, and if something breaks they have options19:45
ianwcorvus: good point; i thin think the main action will be "if virtualenv is not found, install it"19:45
clarkb++ to giving peopel shortcut to fixes if they have a problem19:46
ianwok, will do, will ping for reviews on opendev at some point, thanks19:47
clarkb#topic DNS cleanup and backups19:47
*** openstack changes topic to "DNS cleanup and backups (Meeting topic: infra)"19:47
clarkbfungi: I didn't end up sharing the dns zone contents with foundation staff. I think you may have, did that happen?19:48
fungiyes, they observed there was a lot they could clean up in there, but no concerns publishing the list of records19:48
ianw#link https://review.opendev.org/#/c/728739/19:49
ianwis the final job that backs up all the RAX domains19:49
clarkbcool19:50
ianwshould we etherpad the openstack.org and we can go through it, maybe put "DELETE" next to things people know can go, then I can clean it up at some point?19:50
clarkbianw: that works for me. We can also share that etherpad with the foundation admins and they can help annotate it too?19:51
clarkbthough maybe it is better for them to delete the things they know about19:51
clarkb#topic Using HTTPS with in region mirrors19:52
*** openstack changes topic to "Using HTTPS with in region mirrors (Meeting topic: infra)"19:52
clarkbmoving along as we only have a few minutes left19:52
clarkb#link https://review.opendev.org/730861 Test ssl with mirrors via base-test19:52
ianw#link https://etherpad.opendev.org/p/rax-dns-openstack-org19:52
ianw^^ to go through19:53
clarkb#link https://review.opendev.org/730862 Use ssl with mirrors in production if base-test is happy19:53
clarkbI've been pushing this along now that ianw rebuilt all of our mirrors. The big upside to this is we get a bit more assurance that nothing silly is happenign with packages since we don't sign them with reprepro19:53
clarkbalso with pypi it will be a nice to have too since it basically relies on ssl for all its trust19:53
clarkbthe firs tchange I've linked will update base-test, we can check bindep and things are happy with it, then roll it out globally19:54
mordred++19:54
clarkb#topic Scaling Meetpad/Jitsi Meet19:54
*** openstack changes topic to "Scaling Meetpad/Jitsi Meet (Meeting topic: infra)"19:54
clarkbmy change to configure a jvb server has landed. I think that means we can deploy a jvb server19:55
corvuslet's do it19:55
clarkbThis si somethign I can likely do tomorrow if no one else can do it sooner19:55
corvusit'll be good to have that up and running, then we can add others quickly if needed19:55
clarkbany new server called jvb01.opendev.org in our inventory should be configured properly (and jvb02, 03, 99 etc)19:55
fungihopefully we don't need more than 10019:56
fungithough we probably support an arbitrary number of digits there19:56
clarkbI'm totally happy with someone else spinning one up today if they have time. othewise I've got it on the todo list for tomorrow19:56
clarkb#topic Project Renames19:57
*** openstack changes topic to "Project Renames (Meeting topic: infra)"19:57
clarkbA reminder that June 12 was pencilled in last week. I think that is still looking ok for me19:57
fungiwfm19:57
clarkbI'll try to bring it up with the opnstack tc soon so that any other renames they want can be included at that time too19:57
clarkb#topic Virtual PTG Attendance19:58
*** openstack changes topic to "Virtual PTG Attendance (Meeting topic: infra)"19:58
clarkb#link https://virtualptgjune2020.eventbrite.com Register if you plan to attend. This helps with planning details.19:58
clarkb#link https://etherpad.opendev.org/p/opendev-virtual-ptg-june-2020 PTG Ideas19:58
clarkbPlease register and feel free to add ideas to our planning document19:58
clarkbAny thoughts on whether or not we should have this meeting next week?19:58
clarkbunlike a normal PTG we won't be distracted by travel and timezones. The PTG times we've requested do not conflict with this meeting19:59
clarkbI guess I can show up and if others do too we'll have a meeting.19:59
corvusyeah, maybe play it by ear?20:00
clarkbI don't have to go out of my way to be around during that time period20:00
clarkbalso a reminder that the PTG is happening next week20:00
clarkband that takes us to the end of our hour20:00
clarkbthank you everyeon20:00
clarkb#endmeeting20:00
*** openstack changes topic to "Incident management and meetings for the OpenDev sysadmins; normal discussions are in #opendev"20:01
openstackMeeting ended Tue May 26 20:00:58 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)20:01
openstackMinutes:        http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-05-26-19.01.html20:01
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-05-26-19.01.txt20:01
openstackLog:            http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-05-26-19.01.log.html20:01
fungithanks clarkb!20:01
*** hrw has left #opendev-meeting20:01
*** tobiash has quit IRC22:33
*** tobiash has joined #opendev-meeting22:34

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!