Tuesday, 2020-08-04

*** hamalq has joined #opendev-meeting04:09
*** hamalq has quit IRC04:09
*** hamalq has joined #opendev-meeting04:10
*** hamalq has quit IRC04:17
*** AJaeger has joined #opendev-meeting08:08
*** hamalq has joined #opendev-meeting16:38
*** hamalq_ has joined #opendev-meeting16:41
*** hamalq has quit IRC16:44
*** diablo_rojo has joined #opendev-meeting18:52
clarkbanyone else here for the meeting? we'll get started ina  couple minutes18:59
corvuso/19:00
clarkb#startmeeting infra19:01
ianwo/19:01
openstackMeeting started Tue Aug  4 19:01:07 2020 UTC and is due to finish in 60 minutes.  The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot.19:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:01
*** openstack changes topic to " (Meeting topic: infra)"19:01
openstackThe meeting name has been set to 'infra'19:01
clarkb#link http://lists.opendev.org/pipermail/service-discuss/2020-August/000068.html Our Agenda19:01
clarkb#topic Announcements19:01
*** openstack changes topic to "Announcements (Meeting topic: infra)"19:01
clarkbThird and final Virtual OpenDev event next week: August 10-1119:01
fungiwell, probably not *final* just the last one planned for 2020 ;)19:01
clarkbfinal of this round19:02
clarkbThe topic is Containers in Production19:02
clarkbwhich may be interesting to this group as we do more and more of that19:02
fungigreat point19:02
clarkbI also bring it up because they use the etherpad server for their discussions similar to a ptg or forum session. We'll want to try and be slushy with that service early next week19:02
clarkb#topic Actions from last meeting19:03
*** openstack changes topic to "Actions from last meeting (Meeting topic: infra)"19:03
diablo_rojoo/19:03
clarkb#link http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-07-28-19.01.txt minutes from last meeting19:03
clarkbianw was going to look into incorporating non openstack python packages into our wheel caches19:04
clarkbI'm not sure that has happened yet as there have been a number of other distractions recently19:04
ianwumm started but haven't finished yet.  i got a bit distracted looking at trying to parallel the jobs so we could farm it out across two/three/n nodes19:04
fungiseems like the only real challenge there is in designing how we want to consume the lists of packages19:04
fungioh, but sharding the build will be good for scaling it, excellent point19:05
fungialso i think we're not quite as clear as we could be on how to build for a variety of python interpreter versions?19:06
clarkbfungi: yes we've only ever done distro version + distro python + cpu arch19:06
clarkbwhich as a starting point is likely fine19:06
ianwyeah,that was another distraction looking at the various versions it builds19:07
fungibuilding for non-default python on certain distros was not a thing for a while, don't recall if that got solved yet19:07
clarkbI don't think so, but seems like that can be a followon without too much interference with pulling different lists of packages19:08
fungilike bionic defaulting to python3.6 but people wanting to do builds for 3.719:08
fungi(which is packaged for bionic, just not the default)19:09
fungithat one may specifically be less of an issue with focal available now, but will likely come up again19:09
ianwyeah similar with 3.8 ... which is used on bionic for some 3.8 tox19:10
clarkb#topic Specs approval19:10
*** openstack changes topic to "Specs approval (Meeting topic: infra)"19:10
clarkblets keep moving as we have a few things on the agenda19:10
clarkb#link https://review.opendev.org/#/c/731838/ Authentication broker service19:11
clarkbthat got a new patchset last week19:11
clarkbI need to rereview it and other input would be appreciated as well19:11
fungiit did19:11
clarkbfungi: anything else you'd like t ocall out about it?19:11
fungiplease anyone feel free to take a look19:11
fungilatest revision records keycloak as the consensus choice, and makes a more detailed note about knikolla's suggestion regarding simplesamlphp19:13
clarkbgreat, I think that gives us a more concrete set of choices to evaluate19:13
clarkb(and they seemed to be the strong consensus in earlier discussions)19:13
clarkb#topic Priority Efforts19:14
*** openstack changes topic to "Priority Efforts (Meeting topic: infra)"19:14
clarkb#topic Update Config Management19:14
*** openstack changes topic to "Update Config Management (Meeting topic: infra)"19:14
clarkbfungi: you manually updated gerritbot configs today (or was that yesterday). Maybe we should prioritize getting that redeployed on eavesdrop19:14
clarkbI believe we're building a container for it and now just need to deploy it with ansible and docker-compose?19:15
fungisure, for now i just did a wget of the file from gitea and copied it over the old one, then restarted the service19:15
fungibut yeah, that sounds likely19:15
clarkbok, I may take a look at that later this week if I find time. As it seems like users are noticing more and more often19:16
clarkbcorvus' zuul and nodepool upgrade plan email remainds me of the other place we need to update our config management: nb0319:16
fungiyep, we had some 50+ changed lines between all the project additions, retirements, renames, et cetera19:16
clarkbI think we had assumed that we'd get containers build for arm64 and it would be switch like the othre 3 builders but maybe we should add zk tls support to the ansible in the shorter term?19:17
clarkbcorvus: ianw ^ you've been working on various aspects of that and probably hvae a better idea for whether or not that is a good choice19:17
ianwi guess the containers is so close, we should probably just hack in support for generic wheels quickly and switch to that19:18
corvusdid we come up with a plan for nodepool arm?19:18
corvuscontainers19:18
corvusi want to say we did discuss this.. last week... but i forgot the agreemente19:18
clarkbI think the last I remember was using an intermediate layer for nodepool19:19
clarkbbut I'm not sure if anyone is working on that yet19:19
clarkbfrom the opendev side I want to make sure we don't forget that if nodepool and zuul start merging v4 changes that change expectations nb03 may be left behind19:19
ianwmy understanding was that first we'd look at building the wheels so that the existing builds were just faster19:19
corvusah yep that was it19:19
corvusbuild wheels, and also start on a new layer in parallel19:20
ianwand if we still couldn't get there, look into intermediate layers19:20
corvusk19:20
fungialso help upstreams of various libs build arm wheels19:20
fungi(hence the subsequent discussion about pyca/cryptography)19:20
clarkbgot it, in that case it seems we're making progress there and if we keep that up we'll probably be fine19:20
ianwyep :)  upstream became/is somewhat of a distraction getting the generic wheels built :)19:21
corvusso the question is: should we pin zuul to 3.x?19:21
fungibut a good distraction in my opinion19:21
corvussince we could be really close to breaking ourselves19:21
clarkbcorvus: or short term add zk tls support to our ansible for nb0319:21
corvusis nb03 all ansible, or is there puppet?19:22
clarkbI believe it is all ansible now19:22
corvusthen it's probably not too hard to add zk tls; we should probably do that19:22
clarkboh hrm it still runs run-puppet on that host19:23
corvusthen i don't think we should touch it with a ten-foot pole19:23
clarkbI guess its ansible in that it runs puppet19:23
corvusadding zk tls to the puppet is just a 6-month long rabbit hole19:23
clarkbok, in that case we should keep aware of when zuul will require tls and pin to a previous versio nif we don't have arm64 nb03 sorted out on containers yet19:24
ianwi think we can definitely get it done quickly, like before next week19:25
clarkbin that case we continue as is and push for arm64 imges then imo. Thanks19:25
clarkbany other config management topics befor we move on?19:26
clarkb#topic OpenDev19:27
*** openstack changes topic to "OpenDev (Meeting topic: infra)"19:27
clarkbwe disbaled gerrit's /p/ mirror serving in apache19:28
clarkbhaven't heard of any issues from that yet19:28
fungi[and there was much rejoicing]19:28
clarkbI figure I'll give it another week or so then disable replicating to the local mirror and clean it up on the server19:28
clarkb(just in case we need a quick revert if something comes up)19:28
clarkbthe next set of tasks related to the branch management are in gerritlib and jeepyb19:28
clarkb#link https://review.opendev.org/741277 Needed in Gerritlib first as well as a Gerritlib release with this change.19:29
clarkb#link https://review.opendev.org/741279 Can land once Gerritlib release is made with above change.19:29
clarkbif folks have a chance to review those it would be appreciated. I can approve and tag releases as well as monitor things as they land19:29
clarkbThe other Gerrit service related topic was status of review-test19:30
clarkbdoes anyone know where it got to? I know when we did the project renames it error'd on that particular host19:30
clarkbit being the project rename playbook since review-test is in our gerrit group19:30
clarkbmordred: ^ if you are around you may have an update on that?19:31
clarkbwe can move on and return to this if mordred is able to update later19:32
clarkb#topic General topics19:32
*** openstack changes topic to "General topics (Meeting topic: infra)"19:32
clarkb#topic Bup and Borg Backups19:32
*** openstack changes topic to "Bup and Borg Backups (Meeting topic: infra)"19:32
clarkbianw: I seem to recall you said that a bup recovery on hosts that had their indexes cleaned worked as expceted19:32
ianwyes, i checked on that, noticed that zuul wasn't backing up to the "new" bup server and fixed that19:33
ianwi haven't brought up the new borg backup server and started with that, though19:33
clarkbseparately the borg change seems to have the rviews you need to land it then to start enrolling hosts as a next step19:33
clarkb#link https://review.opendev.org/74136619:33
ianwyep, thanks, just been leaving it till i start the server19:33
clarkbno worries. Just making sure we're all caught up on the progress there19:34
clarkbtl;dr is bup is working and borg has no major hurdles19:34
clarkb(which is excellent news)19:34
fungialso, resistance is futile19:34
clarkb#topic github 3rd party ci19:34
*** openstack changes topic to "github 3rd party ci (Meeting topic: infra)"19:34
clarkbI think ianw has learned things baout zuul and github and is making progress working with pyca?19:35
clarkb#link https://review.opendev.org/#/q/topic:opendev-3pci19:35
ianwyes the only other comment there as about running tests on direct merge to master19:35
fungiso something like our "post" pipeline?19:35
ianw... which is a thing that is done apparently ...19:35
fungior more like the "promote" pipeline maybe?19:36
ianwfungi: well, yeah, except there's a chance the tests don't work in it :)19:36
fungiokay, so like closing the barn door after the cows are out ;)19:36
clarkbianw: pabelanger or tobiash may have config snippets for making that work against github19:37
ianwwe can listen for merge events, so it can be done.  i was thinking of asking them to just start with pull-requests, and then once we have that stable we can make it listen for master merges if they want19:37
clarkbya starting with the most useful subset then expanding from there seems like a good idea19:38
ianwyeah, it's hard to test, and i don't want it to go mad and make it look like zuul/me has no idea what's going on.  mostly the latter ;)19:38
clarkbless noise if thing sneed work to get reliable19:38
clarkb++19:38
clarkbianw: from their side any feedback beyond the reporting and events that get jobs run?19:39
ianwnot so far, there was some discussion over the fact that it doesn't work with the python shipped on xenial19:40
fungi"it" being their job workload?19:40
ianwit being the pyca/cryptography tox testing19:40
fungigot it19:40
ianwthat didn't seem to be something that bothered them; so xenial is running 2.7 tests but not 3.519:40
fungiright, so they're using travis with pyenv installed python or something like that?19:40
fungianything in particular they've found neat/been excited about so far?19:41
ianwyes, well it wgets a python tarball from some travis address ...19:41
fungitotally testing like production there ;)19:41
ianwyeah ... i mean that's always the problem.  it's great that it works on 3.5, but not the 3.5 that someone might actually have i guess19:42
ianwbut, then again, people probably run out of their own env's they've built too.  at some point you have to decide what is in and out of the test matrix19:43
clarkbya eventually you do what is reasonable and that is well reasonable19:43
ianwnot much else to report, i'll give a gentle prod on the pull request and see what else comes back19:44
fungithanks for working on that!19:44
clarkb#topic Open Discussion19:45
*** openstack changes topic to "Open Discussion (Meeting topic: infra)"19:45
clarkbA few things have popped up in the last day or so that didn't make it to the agenda that I thought I'd call out19:45
clarkbthe first is OpenEdge cloud is being turned back on and we need to build a new mirror there. There was an ipv6 routingissue yesterday thta has since been fixed19:46
clarkbI can work on deploying the mirror after lunch today, and are we deploying those on focal or bionic?19:46
clarkb(I think it may still be bionic for afs?)19:46
clarkbianw: also I think you have an update to launch-node that adds sshfp records. I guess I should use that as part of reviewin the change when booting the new mirror19:47
fungiianw had mentioned something about rebuilding the linaro mirror on focal to rule out fixed kernel bugs for the random shutoff we're experiencing19:47
ianwheh, yeah i just had a look at that19:47
ianwthere's two servers there at the moment?  did you start them?19:47
clarkbno I haven't started anything yet19:47
clarkbmy plan was to start over to ruel out any bootstrapping problems with sad network19:48
fungioh, also probably worth highlighting, following discussion on the ml we removed the sshfp record for review.open{dev,stack}.org by splitting it to its own a/aaaa record instead of using a cname19:48
clarkbbut if we think that is unnecesary I'm happy to review changes to update dns and inventory instead19:48
clarkbfungi: has that change merged?19:48
fungii think i saw it merge last night my time19:48
fungiyeah, looks merged19:49
ianwthere we no servers yesterday, perhaps donnyd started them.  the two sticking points were ipv6 and i also couldn't contact the volume endpoint19:49
clarkbk, I'll check with donnyd and you and sort it out in an hour or two19:49
fungiactually still need to update the openstack.org cname for it to point to review.opendev.org instead of review01, i'll do that now19:49
clarkbother items of note: we removed the kata zuul tenant today19:50
clarkbI kept an eye on it since it was the firs ttime we've removed a tenant as far as I can remember and it seemed to go smoothly19:50
clarkband pip 20.2 has broken version handling for packages with '.'s in their names19:50
clarkb20.2.1 has fixed that and I've triggered ubuntu focal, bionic, and xenial image builds in nodepool to pick that up19:50
clarkbit was mostly openstack noticing as oslo packages have lots of '.'s in them19:51
clarkbbut if anyone else has noticed that problem with tox's pip version new images should correct it19:51
clarkbAnything else?19:52
fungialso saw that crop up with dogpile.cache, but yeah within openstack context19:53
fungiit mostly manifested as constraints not getting applied for anything with a . in the name19:53
clarkbright it would update the package to the latest version despite other bounds19:53
fungiso projects not using constraints files in the deps field for tox envs probably wouldn't have noticed regardless19:53
clarkbwhich for eg zuul is probably a non issue as it keeps up to date for most things19:53
clarkbthanks everyone! we'll be here next week after the opendev event19:54
clarkb#endmeeting19:54
*** openstack changes topic to "Incident management and meetings for the OpenDev sysadmins; normal discussions are in #opendev"19:54
openstackMeeting ended Tue Aug  4 19:54:38 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)19:54
openstackMinutes:        http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-08-04-19.01.html19:54
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-08-04-19.01.txt19:54
openstackLog:            http://eavesdrop.openstack.org/meetings/infra/2020/infra.2020-08-04-19.01.log.html19:54
fungithanks clarkb!19:54
*** frickler has quit IRC22:55
*** frickler has joined #opendev-meeting22:57
*** hamalq_ has quit IRC23:52

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!