Tuesday, 2020-07-07

*** hamalq has quit IRC02:25
*** hamalq has joined #opendev-meeting02:33
*** hamalq has quit IRC03:04
*** hamalq has joined #opendev-meeting15:10
*** hamalq_ has joined #opendev-meeting15:12
*** hamalq has quit IRC15:15
*** diablo_rojo has joined #opendev-meeting19:00
zbro/19:00
diablo_rojo o/19:00
ianw#startmeeting infra19:00
openstackMeeting started Tue Jul  7 19:00:33 2020 UTC and is due to finish in 60 minutes.  The chair is ianw. Information about MeetBot at http://wiki.debian.org/MeetBot.19:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:00
*** openstack changes topic to " (Meeting topic: infra)"19:00
openstackThe meeting name has been set to 'infra'19:00
fungiahoy, mateys19:00
zbrahoy19:01
ianw#topic Announcements19:01
*** openstack changes topic to "Announcements (Meeting topic: infra)"19:01
corvusaloha19:01
ianwno clarkb today, so i am copy/pasting the agenda #topics for a change19:01
ianwno other announcements of note19:02
ianw#topic Actions from last meeting19:02
*** openstack changes topic to "Actions from last meeting (Meeting topic: infra)"19:02
ianw#link http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-06-30-19.01.html minutes from last meeting19:02
ianwthere were no action items, so we can keep moving on that19:02
ianw#topic Specs approval19:02
*** openstack changes topic to "Specs approval (Meeting topic: infra)"19:02
ianw#link https://review.opendev.org/#/c/731838/ Authentication broker service19:02
ianwthis doesn't appear to have changed since last week, but seems to have a fair bit of comment19:03
ianwfungi: any further thoughts?19:03
fungiit was revised last week-ish19:03
fungiready for more comments19:03
fungii think all the comments thus far have been addressed19:04
mordredo/19:04
fungilast week was a bit of a black hole for me what with the opendev large scale deployments conference, so it was probably actually week before last i revised it19:05
fungianywah, bring on the comments19:05
ianwcool, so anyone who has an interest in, or knows anything about authentication should attach themselves to that19:05
ianw#topic Priority Efforts19:05
*** openstack changes topic to "Priority Efforts (Meeting topic: infra)"19:06
ianw#topic Opendev19:06
*** openstack changes topic to "Opendev (Meeting topic: infra)"19:06
ianwfirstly looping back on the gitea pagination issues, it seems clarkb's patch was accepted19:06
fungiso maybe we can re-simplify manage-projects at next upgrade?19:07
ianwyeah, that was my question, are we tracking that somehow19:07
ianw#link https://github.com/go-gitea/gitea/pull/12057 gitea pagination fixes19:07
mordredI've been tracking it via the "clarkb mentions its progress" method19:08
ianwok, i'll put next week's date on the topic and we can loop back on that19:08
mordredsince they accepted it upstream, we could cherry-pick it into our image builds and re-simplify - or just wait19:08
ianwat next meeting19:08
fungisounds good, it may be time to act on by then given their release cadence19:09
corvusi don't think the simplification is urgent19:09
corvus(iirc)19:09
ianwthe ddos i have down as a separate topic, so we can discuss that there19:09
fungii seem to have picked the wrong afternoon to attend a meeting from my patio, there are children having a birthday party at the rental house next door. there's now a bouncy castle, and i'm coveting it (maybe after a heavy round of disinfecting)19:10
ianwso the only other bit was governance changes here, of which i don't think there's new news since last week19:10
fungii think it was any time after the first of this month we could start publishing a list of representatives for the advisory board, we just haven't gotten to it yet19:11
fungipeople are still welcome to volunteer at any time anyway19:11
ianw++19:11
ianw#topic Update Config Management19:12
*** openstack changes topic to "Update Config Management (Meeting topic: infra)"19:12
ianwcouple of things to get updates on19:12
ianwzuul-executors as containers : that's complete?  i noticed they're still in emergency yesterday19:12
mordredlast I knew there was another missing package in the container for afs - but I think that got fixed, yes?19:13
ianwi remember seeing something go by about the client package being a suggests19:14
corvusthere's one more thing19:14
corvuswe need gear19:14
corvusi think (haven't double checked) that ze01 is still disabled due to that19:14
corvusthis one is trickier19:15
mordredyeah - ze01 is disabled19:15
corvusi feel less enthusastic about asking the zuul community to add gear to the zuul-exec images since nothing in zuul-jobs uses gear19:15
corvus(i recognize this is weird, since zuul itself uses gear)19:15
corvusthe idea that has bubbled to the top of my list is actually to just vendor gear into our opendev base jobs19:15
corvus(this is for the logstash submit thing)19:16
fungithat seems like a fine compromise to me, at least19:16
corvusi also recognize that's icky.  but it lets us avoid the weird conversation about including opendev-specific stuff in zuul images, and avoid building our own downstream images19:16
corvusand gear is small19:16
mordred++19:17
fungiwe really need to reengineer the logstash stuff anyway if we're going to continue it in the long term19:17
corvusso if no one is violently objecting to that, i'll get something together this week19:17
fungii too don't wish to heap that maintenance burden on the zuul community19:17
mordredcorvus: clarkb was also questioning the value of our elk cluster during the ptg19:17
mordredcorvus: ++19:17
fungiwell, several of us were questioning it, yes. the resources it consumes are likely disproportional with the value it provides19:18
corvusyeah, all the more reason to avoid over-engineering it then19:18
ianwdo you want an action item so we come back to it next week?  or just let it happen?19:19
fungii'd like to revisit it next week, but that doesn't need an action item necessarily, we can just keep it on the agenda (it's relative to our config management priority effort, so already the case)19:20
ianwok, the second thing i had, also probably corvus/mordred was an update on the cross-arch container work19:20
ianware we at the point we have stable arm64/amd64 builds popping out?19:21
corvusi think that i think and i think that mordred thinks that it should all be working maybe now?19:21
mordredyeah - and I thnk it's time to land https://review.opendev.org/#/c/726263/19:21
mordredbut - it is of course possible that there is something we don't know that we don't know19:22
corvusbut also, we sure did just take a bunch of stuff apart and put it back together, so i think we're at "lets try to use it and see if we really fixed it"19:22
fungiit conflicts with 726458, is that still needed?19:23
mordredyeah19:23
fungiseems to be based on an outdated patchset unless gertty is lagging for me19:23
mordredno - we can toss that one19:24
ianwi can redo https://review.opendev.org/#/c/726037/ to test it native for nodepool-builder19:24
mordredI went ahead and did it in the main one19:24
fungiokay, fine next step as far as i'm concerned then. +2 but ianw has already approved19:26
ianwok, so i think wheels are in motion for that19:26
mordredwoot19:26
fungi--progress--19:26
ianwlast one was grafana/graphite update19:26
ianw#link https://grafana.opendev.org/ grafana from container19:27
ianwthat's up and production ready19:27
ianwgraphite.opendev.org is also up, however i need to copy the data over, but i also noticed a few settings we've tweaked relating to null value storage and the mulder-scully-ish xFilesFactor that i need to port19:28
fungii'll try to look at that this evening. i gather something we merged recently broke some of it19:28
fungior just held up the patches to implement it?19:29
ianwfungi: ohh, there was deployment issues, i'd forgotten to add the promote job so it wasn't tagging the latest, but that's fixed19:29
fungiahh, okay19:30
fungiand then yeah there were the holdups from review-test still getting deployed19:30
fungiwith its out of control track-upstream logs19:30
ianwthen there's been a few side issues with hosts dying and leaving hung processes, yeah the 200+ containers somehow on review-dev, and then openedge mirror disappearing19:30
fungisaw a few of the cron errors about the full fs19:30
mordredianw: were they all manage-projects  containers?19:31
ianwactually, it's review-test.openstack.org -- again it seems to be doing the same thing19:31
ianwreview-test.opendev.org19:32
mordredI think we need to look in to our retry behavior in jeepyb - I think we currently retry indefinitely when we can't do an initial connection19:32
mordredalthough speaking of review-test ...19:32
ianwyeah, every hour that has launched a container19:32
ianwall of them looping now in "    raise NoValidConnectionsError(errors)"19:33
ianwso, that host is on a downwards spiral again19:33
mordredyeah - I bet each one are spinning unable to connect to something19:33
mordredyup19:33
mordredthat isn't really the behavior we want anymore19:34
* mordred will poke at jeepyb19:34
mordredalso - didn't we skip review-test in manage-projects?19:34
mordredwhat is starting those?19:35
mordredbut while we're talking about review-test - could I get some reviews on https://review.opendev.org/#/c/737023/ ?19:35
ianwmordred: there's a cron entry19:35
mordredI'd like to sync the data from review to review-test19:35
ianwperhaps the cron job wasn't "absented:"?19:35
mordredit has been noted in the past we should carefully review that - to ensure that it's not going to delete our production data. I'm pretty sure it isn't19:35
mordredianw: oh - this is track-upstream isn't it?19:36
mordredyup. track-upstream. let's not run that on review-test :)19:36
ianwok, well i also managed to kill the main container on it, so it's currently doing nothing19:37
ianwmordred: do you have time to subdue it back into shape, or do want me to look into it?19:37
mordredianw: I'll work on it19:38
ianwcool, let's move on19:38
ianw#topic General Topics19:38
*** openstack changes topic to "General Topics (Meeting topic: infra)"19:38
fungirelated, the pull-request closer is still running out of cron19:38
fungid'oh, seconds too late19:38
ianwno we can go back if you like19:38
funginah19:38
fungilet's keep moving19:39
fungii have corn and sausages on the grill19:39
ianwi think the only active trusty host transition is wiki, and i don't think there's too much happening with that ATM?19:39
fungithere is not, no19:40
ianwok19:40
fungiit welcomes friends however19:40
ianw#topic Time to retire the openstack-infra ML yet?19:40
*** openstack changes topic to "Time to retire the openstack-infra ML yet? (Meeting topic: infra)"19:40
ianw#link http://lists.openstack.org/pipermail/openstack-infra/2020-July/006632.html19:40
mordredianw: remote:   https://review.opendev.org/739840 Don't install the track-upstream cron on review-test19:41
ianwfungi: i don't think there's been any disagreement on the list ... if anyone has an objection to why this merge should not go ahead they should speak now or forever hold your peace :)19:42
fungiindeed19:43
ianwotherwise, i guess we declare the lists joined in holy matrimony19:43
fungiits retirement is already on my personal schedule19:43
corvusno objections19:43
ianwmazel tov19:43
fungii look forward to having one fewer list to moderate19:44
ianw#topic China telecom blocks19:44
*** openstack changes topic to "China telecom blocks (Meeting topic: infra)"19:44
ianwso we currently still have these in place with iptables19:44
ianwi think fungi has been most active in monitoring, what's the latest?19:44
fungiand taking the open connections graph in cacti as an indicator, the activity is ongoing from chinanet and probably elsewhere19:45
ianw#link http://lists.opendev.org/pipermail/service-discuss/2020-July/000053.html19:45
ianwthat's the discussion for posterity19:45
fungiit stopped a lot over the weekend, but resumed late sunday utc and has been consuatnt19:45
fungiconstant19:45
ianw#link https://review.opendev.org/738721 gitea reverse proxy19:45
ianw#link https://review.opendev.org/738725 crawler reject rules19:46
ianwthat is, i think, the currently alternative solution, based on the fact the UA's making these requests appear to be from a very specific scraping script19:46
fungibasically i think we need to choose between layer 3 filtering with a lot of collateral damage, or layer 7 filtering with a lot of added complexity. rock meet hard place19:46
corvusi reckon we should try the layer 7 then19:47
ianwyeah, last week we put up the robots.txt -- but this script does not obey that19:47
fungii'm personally at peace with the layer 7 solution, though it would be nice to not have to keep it in place indefinitely19:47
corvusbtw...19:48
corvushow certain are we that these UA strings are non-current?19:48
ianwthat was what i was about to say ... someone should really double check on my work there19:48
fungisome of that depends on how you define "current" as there is some software in use (albeit probably of questionable origin) which has decided this is the ua to report19:49
ianwfor anyone following19:50
ianw#link https://review.opendev.org/#/c/738725/6/playbooks/roles/gitea/templates/gitea.vhost.j219:50
ianwis the UA's in question19:50
fungiif mnaser is around, i'd love to get his input. he's the first member of our community to inquire about the status, so may have additional information about the current adverse impact19:50
ianwthe change also doesn't deploy into production, it just sets up the proxy and we still have to point haproxy at it19:51
corvusother than that, maybe we just land them and see if we end up getting user reports?19:52
fungiyeah, i'm cool approving that nowish, since it's not (yet) in a production code path19:52
fungibut i also second corvus's suggestion19:53
corvusi +3d19:53
ianwyeah, i guess the requests are still coming over vexxhost, but rejecting them at layer 3 v accepting them and 403'ing them probably isn't a significant networking-back-end issue?19:54
fungiagreed, the impact is when gitea has to process the git requests19:55
fungianything which stops them before that point is probably plenty sufficient19:55
ianwok, so wheels in motion there19:56
ianw#topic Project Renames19:56
*** openstack changes topic to "Project Renames (Meeting topic: infra)"19:56
fungithe traffic volume and request rates are not absurd on their own (though a bit aggressive and clearly ignoring modicum of a reasonable crawler)19:56
ianwfungi: yes ... that script that appears to be hitting us does not meet the standard of "reasonable crawler" in any way :)19:56
ianwthere are a couple of renames, including a mis-spelling19:57
ianwnot sure how urgent it is19:57
ianwand openstack/transparency-policy -> osf/transparency-policy19:57
fungii'm cool with handling a rename maintenance for this week if it's warranted. i'm around and will take a closer look at the commands i cut and paste from our docs in comparison to last time19:58
ianwi'm out thu/fri .au time so no help19:58
fungithe transparency-policy move is definitely non-urgent. that repo is basically dead since years19:58
ianwperhaps we wait then19:59
fungithe topiko->tobiko fix is the only one i expect has much urgency behind it19:59
fungibut... folks involved signed off on the rename patch which incorporated that typo, so i'm not in any hurry either20:00
fungithey seem to be patient20:00
ianwok, we can come back to it next week20:00
ianw#topic Open Discussion20:00
*** openstack changes topic to "Open Discussion (Meeting topic: infra)"20:00
ianwwe are at time, but if anyone would like to flag something i guess we can go a little over20:01
fungii'm good. stuff's about ready to come off the grill anyway20:01
fungiand i need to stop obsessing over the bouncy castle next door20:01
ianwwe've unfortunately gone back into lockdown here :(20:02
ianwso my daughter will have to cancel her bday party since we can't have anyone over20:02
ianwit is certainly a year to remember20:03
ianwwith that, i think we're done, thanks everyone20:03
ianw#endmeeting20:03
*** openstack changes topic to "Incident management and meetings for the OpenDev sysadmins; normal discussions are in #opendev"20:03
openstackMeeting ended Tue Jul  7 20:03:31 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)20:03
openstackMinutes:        http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-07-07-19.00.html20:03
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-07-07-19.00.txt20:03
openstackLog:            http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-07-07-19.00.log.html20:03
fungithanks ianw!20:03
*** tobiash has quit IRC22:12
*** jentoio has quit IRC22:43
*** jentoio has joined #opendev-meeting22:45
*** mnaser has quit IRC22:50
*** jentoio has quit IRC22:52
*** zbr has quit IRC22:53
*** diablo_rojo_phon has quit IRC22:53
*** hamalq_ has quit IRC23:10

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!