| *** Guest7 is now known as diablo_rojo_phone | 17:24 | |
| *** diablo_rojo_phone is now known as Guest229 | 17:24 | |
| clarkb | Anyone else here for the meeting? | 19:00 |
|---|---|---|
| ianw | o/ | 19:00 |
| clarkb | #startmeeting infra | 19:01 |
| opendevmeet | Meeting started Tue Feb 22 19:01:14 2022 UTC and is due to finish in 60 minutes. The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot. | 19:01 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 19:01 |
| opendevmeet | The meeting name has been set to 'infra' | 19:01 |
| clarkb | #link http://lists.opendev.org/pipermail/service-discuss/2022-February/000322.html Our Agenda | 19:01 |
| clarkb | #topic Announcements | 19:01 |
| clarkb | The service coordinator nomination period ended last week and I was the only one who was crazy enough to jump on it :) | 19:01 |
| clarkb | #topic Actions from last meeting | 19:03 |
| clarkb | #link http://eavesdrop.openstack.org/meetings/infra/2022/infra.2022-02-15-19.01.txt minutes from last meeting | 19:03 |
| clarkb | #link https://review.opendev.org/c/opendev/system-config/+/829882 Restore gerrit mergeability checking | 19:03 |
| clarkb | frickler: got that chagne pushed up. I asked about doing some additional testing but after talkign to gerrit upstream over slack about it I think it is probably safe to proceed as is if we prefer | 19:03 |
| clarkb | basically the behavior we should expect is that changes that are modified after the config update will get mergability checked. Changes that aren't updated won't have that info | 19:03 |
| clarkb | Then we'll need to monitor for overall load induced by the chagne. THough we don't expect it to be a problem | 19:05 |
| clarkb | #topic Topics | 19:05 |
| clarkb | #topic Improving OpenDev's CD throughput | 19:05 |
| clarkb | I didn't update this topic to reflect the gpg encryption of logs work, but I think that is realyl close now? | 19:06 |
| ianw | yes, after a few mis-steps in templates it worked :) | 19:06 |
| ianw | https://zuul.opendev.org/t/openstack/build/307b0e0e097c48daa959ee3b960f7ff5/logs | 19:06 |
| ianw | what I plan to do now is write up a change with some documentation, and to switch it to apply to all prod jobs | 19:07 |
| clarkb | cool. I guess infra-root should push up changes with their keys? | 19:07 |
| ianw | yep, can either do that now to test if you like, or after i write up some docs | 19:07 |
| clarkb | I'm not in a rush | 19:08 |
| fungi | same | 19:08 |
| clarkb | Anything else on this topic? | 19:08 |
| ianw | i'm hopeful it can help us get some more people interested in helping with prod jobs ... build it and they will come :) that's the theory anyway :) | 19:09 |
| clarkb | if nothing else I think it continues to show how we can make use of zuul to help us operate things | 19:09 |
| ianw | nope ... although waiting for the various prod jobs to finish has increased my interest in finishing this parallel work! | 19:09 |
| ianw | oh, there were a few comments on the spec @ | 19:09 |
| ianw | #link https://review.opendev.org/c/opendev/infra-specs/+/821645 | 19:10 |
| ianw | something to read and ponder | 19:10 |
| ianw | that's all, thanks | 19:10 |
| clarkb | #topic Container maintenance | 19:11 |
| clarkb | No real news on this other than I actually set time aside for looking at this later today with jentoio. No concrete time, but sometime this afternoon :) Hoping to start making progress on this | 19:11 |
| clarkb | #topic Spring Cleaning of Old Reviews | 19:12 |
| clarkb | #link https://review.opendev.org/q/topic:retirement+status:open Changes to retire all unused the repos. | 19:12 |
| clarkb | This is where I'm at on that. I got all the repos running noop jobs and then pushed up retirement changes for them all. | 19:12 |
| clarkb | If they still look retireable please approve and land those changes. Then I'll followup with a change that removes them from zuul and marks them retired in projects.yaml | 19:13 |
| clarkb | And we can abandon changes at that point too | 19:13 |
| fungi | abandoning should be done before approving the acl update, just a reminder | 19:14 |
| clarkb | Please ping me somehow if you find something that shouldn't be retired that has been going through the process. I'll need to update some of my notes and rollback some updates | 19:14 |
| clarkb | fungi: ++ good point | 19:14 |
| clarkb | #topic Gitea 1.16.1 | 19:15 |
| clarkb | #link https://review.opendev.org/c/opendev/system-config/+/828184 Change to upgrade to 1.16.1 when we are ready | 19:15 |
| clarkb | #link https://104.130.74.7:3081/opendev/system-config Test site via held node here | 19:15 |
| clarkb | I think this is likely landable, but I was really hoping to get many eyes on this | 19:15 |
| clarkb | Our testing should represent good coverage but the large changelog scares me :) | 19:16 |
| clarkb | If you have time to take a look it is much appreciated | 19:16 |
| clarkb | Cross checking the changelog against our expectations is likely a good idea too (in addition to general functioanltiy via the test site) | 19:16 |
| clarkb | #topic Gerrit Gitea links | 19:17 |
| clarkb | Hey this happened. Thank you to everyone who kept pushing it along | 19:17 |
| fungi | thank you for the heavy lifting fixing gerrit upstream! | 19:17 |
| clarkb | This required quite a bit more tweaking than I would've expected | 19:17 |
| ianw | clarkb: heh, just on the previous, i'm seeing that jinja thing agains system-config again | 19:18 |
| clarkb | ianw: interesting. If I had to guess they reindex things periodically (maybe as a new change) and depending on how complete it is per repo maybe yo uget back weird results. That may be worth asking upstream about | 19:18 |
| clarkb | we can try filing an issue with them in github I guess | 19:18 |
| fungi | as part of the gitea linking work, we aldo disabled gitiles links in the gerrit webui (because they're effectively redundant) | 19:18 |
| fungi | s/aldo/also/ | 19:19 |
| clarkb | ya I think at this point we're mostly waiting for anyone to notice and if they notice hopefully without issues :) | 19:19 |
| ianw | or, maybe it's just ... right - https://imgur.com/a/Yi79MSx | 19:19 |
| fungi | i couldn't find any way to disable the gitiles plug-in because it's "core" to gerrit, but i have a change proposed to forbid access to /plugins/gitiles as a location in our apache proxy layer | 19:19 |
| clarkb | ianw: heh it is a lot of nasible. But the flip flopping is curious | 19:19 |
| clarkb | #topic Rocky Linux | 19:22 |
| clarkb | Just a heads up that rocky images continue to be a work in progress. The most recent thing was we needed epel to install haveged | 19:22 |
| clarkb | I updated dib's epel role to support rocky so that we can get that in our builds and ianw made a dib release. We've updated nodepool to include that dib release and are just waiting for images to build now | 19:23 |
| clarkb | I think we're stuck behind all the other image builds right now so may be a bit. Might be nice to be able to prioritize a build in nodepool but I don't think that is currently possible | 19:23 |
| ianw | yesterday i almost deleted the centos-8 wheel afs volumes, but then i paused thinking rocky could use them | 19:24 |
| fungi | can't even cancel the other builds to move it up the queue, i don't think | 19:24 |
| ianw | but then i realised it is better to start them fresh anyway | 19:24 |
| ianw | if there is actually interest in that, because they have a lot of old stuff in them | 19:24 |
| ianw | from before fungi updated us to only build wheels that aren't upstream, etc. | 19:25 |
| ianw | so, unless there's objections, my plan is still to delete those volumes | 19:25 |
| fungi | no objection from me | 19:25 |
| clarkb | if things are signed the signatures are likely different too? | 19:26 |
| clarkb | oh wheels ya those aren't signed | 19:26 |
| clarkb | sorry I had in my head rpms | 19:26 |
| clarkb | But ya I agree starting over is probably better | 19:26 |
| clarkb | and I think rocky will be a good test case for mirroring less stuff and seeing how it goes | 19:26 |
| clarkb | #topic Open Discussion | 19:28 |
| clarkb | That was what we had on the agenda. Anything else? | 19:28 |
| clarkb | I'm working on fixing Gerrit's server-sig-algs ssh key exchange extension support | 19:28 |
| clarkb | Eventually Gerrit will be able to do modern rsa :) | 19:28 |
| fungi | i've got openstack's release artifact signing key proposed for the zed cycle | 19:29 |
| fungi | if anyone wants to update it with additional attestations, you can find it here: | 19:29 |
| fungi | #link https://review.opendev.org/829933 Publish the Zed Cycle signing key for future use | 19:29 |
| fungi | the process for exporting the signed key with your added signature is in a comment in the index.rst file at the top of the list of key entries | 19:30 |
| clarkb | https://gerrit-review.googlesource.com/c/gerrit/+/331019 just pushed the gerrit fix for kex server sig algs | 19:30 |
| fungi | awesome, thanks! | 19:30 |
| fungi | i assume best case that will only be available in 3.5.something? | 19:30 |
| fungi | seems like they're not backporting the mina-sshd update | 19:31 |
| clarkb | I think 3.6 | 19:32 |
| ianw | clarkb's gitea stats are going to start flipping to "java" soon :) | 19:32 |
| clarkb | ianw: its ok gitea stopped syncing the gerrit repo :) | 19:32 |
| clarkb | well we stopped syncing the gerrit repo so gerrit stopped pushing updates to gitea :) | 19:32 |
| fungi | did we ever retire that repo? should we? | 19:33 |
| clarkb | I thought about retiring it but keeping it for now seems fine | 19:33 |
| clarkb | I think my main concern is that we might need ti again for some reason. Though we have a good way to carry patches more distro packaging like in system-config if necessary | 19:33 |
| ianw | i find it tends to come up with higher priority in searches than the actual gerrit repos | 19:33 |
| fungi | that could be problematic | 19:34 |
| ianw | i should add for esoteric things where the only reference is in the actual code | 19:34 |
| ianw | or changelog | 19:35 |
| clarkb | ianw: as you can probably tell I've just ended up with a local checkout :/ | 19:36 |
| clarkb | worth noting you need bazel 5.0 for gerrit master and I had to do a whole dance for that and ended up with a 5GB docker image in the process | 19:36 |
| fungi | yikes | 19:37 |
| fungi | reminds me of when i tried to `tox -e docs` in zuul/zuul recently and it died with enospc after consuming some 4gb of disk | 19:38 |
| clarkb | ya similar situation. Turns out that build stuff is big | 19:39 |
| clarkb | Anyway sounds like that may be all for the meeting? | 19:39 |
| clarkb | thank you everyone. We'll see you here next week | 19:39 |
| ianw | ++ thanks for hosting clarkb! | 19:39 |
| clarkb | But then the week after I'll likely have to skip due to other engagements | 19:40 |
| fungi | thanks clarkb! | 19:40 |
| clarkb | #endmeeting | 19:40 |
| opendevmeet | Meeting ended Tue Feb 22 19:40:08 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 19:40 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/infra/2022/infra.2022-02-22-19.01.html | 19:40 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/infra/2022/infra.2022-02-22-19.01.txt | 19:40 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/infra/2022/infra.2022-02-22-19.01.log.html | 19:40 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!