Tuesday, 2022-04-05

clarkbanyone else here for our meeting? I expect today' smeeting to be quick due to PTG having sucked some of us into meetings all day already19:00
fungiohai19:00
clarkb#startmeeting infra19:01
opendevmeetMeeting started Tue Apr  5 19:01:19 2022 UTC and is due to finish in 60 minutes.  The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot.19:01
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:01
opendevmeetThe meeting name has been set to 'infra'19:01
ianwo/19:01
clarkb#link https://lists.opendev.org/pipermail/service-discuss/2022-April/000330.html Our Agenda19:01
clarkb#topic Announcements19:01
clarkbAs noted earlier the PTG is happening right now and all week. I've ended up in more PTG sessions than anticipated which probably means I anticipated poorly :) but so far decently productive so yay19:02
clarkbI expect to continue to participat ein PTG thing sthrough the week. There will be discussion about ci resources and translation tools and more that I'm forgetting about19:03
clarkbOne thing I noticed was that the openstack TC discussion with project PTLs ended up having some feedback for OpenDev. I found it a bit odd that we've tried to have time for that every ptg until this one and largely been ignored so we skipped it this time around and then a different venue gets found19:04
clarkbIf anyone has ideas on how we might solicit that feedback better I'm all ears. (we have the mailing list and our irc channel and previously the ptg office hour sessions)19:04
clarkb#topic Actions from last meeting19:05
clarkb#link http://eavesdrop.openstack.org/meetings/infra/2022/infra.2022-03-29-19.01.txt minutes from last meeting19:05
clarkbianw has an action to clean up our gerrit fork repo's branches and retire the repo19:05
clarkbLooks like thta happened?19:05
ianwthat is done, yep19:05
clarkb#link https://opendev.org/opendev/gerrit has been retired19:06
clarkbthank you!19:06
clarkb#topic Topics19:06
clarkb#topic Improving OpenDev CD Throughput19:06
clarkbI did want to call out Zuul's latest spec: https://review.opendev.org/c/zuul/zuul/+/834198 in relation to this19:07
clarkbIn particular I think we need to consider the spec for managing bridge more directly in zuul within the contetx of ^ and determine if we need to make any edits to the spec or potentially change our approach in general19:08
clarkbdon't need to sort that out in this meeitng, but maybe after we've all had some time to think it over a meeting/call/thread to discuss it would be a good idea?19:09
clarkbessentially a more explicit followup for us to consider the potential changing risk there19:09
clarkbanything else to add to this topic?19:11
ianware you thinking things like publishing jobs too?19:11
fungimainly the question of whether zuul's container-based isolation alone is sufficient security to trust deployment on our production servers to19:12
clarkbright19:12
clarkbin a shared zuul deployment19:12
funginoting that this question is merely triggerd by the discussion of the ansible module spec, it's the situation we're already in and effectively have been since we started doing cd with zuul19:13
ianwright, i'm just thinking, a bit like "reflections on trusting trust", we're pulling zuul images that have been published via that "level" of isolation19:13
clarkbianw: yup that is good to call out too.19:13
fungiand gerrit images, and so on19:13
clarkbin my mind it was a good reminderfor us to take stock of the security stance and determine if anything needs adjusting19:14
clarkbbut I think that deserves its own conversation and if others agree I can work to schedule something forthat19:15
ianwright, so ultimately it feels like our consideration is to (continue) trusting publish/deploy pipelines in general, or not, just because we ultimately end up there19:15
clarkbyup that makes sense19:16
clarkbanyway maybe think it over for the next week and at our netx meeting I can schedule discussion on this if we want to do that (or start a thread)19:16
ianw++19:17
fungii guess the reason not to discuss it on the ml is that we don't want to unnecessarily shake users' faith in our systems management toolchain?19:17
ianwheh yes, or write out a "here's a great way to compromise us, now give it a go" instructions :)19:17
clarkbI also think synchronous comms can be useful when it come sto this sort of thing as a sort of brainstorming exercise19:18
clarkbI find that asynchronous comms tend to be less candid19:18
clarkbmaybe that has to do more with the recording aspect though19:18
clarkbBasically take some time to think about it so we're aware of the related issues, then meet together synchronously to have candid discussion/brainstorming where silly ideas don't filtered out by editing an email19:20
ianwsounds good19:20
clarkb#topic Container Maintenance19:21
clarkbI don't see any new changes on this yet. I think jentoio is busy though. Feel free to ping me if/when you manage to look at this again19:21
jentoioyeah, still working on it19:22
clarkb#topic Cleaning up old reviews19:22
clarkb#link https://review.opendev.org/q/project:opendev/system-config+status:open+topic:system-config-cleanup resurrected reviews that should be easy to land that need review19:23
clarkbwould be great if we could try to review a few of these and land them19:23
clarkbfungi: on https://review.opendev.org/c/opendev/system-config/+/654040 it isn't clear to me if you want thos efiles to be removed in that chagne or if we can land that change then do a followup to delete unused files19:23
clarkbmostly the lack of a value vote making me wonder which you would prefer there19:24
fungii was +/-0 on the change, as almost everything it's updating should just be deleted instead19:24
fungi(possibly everything it's updating)19:24
clarkbeverything but the readme file update I think19:25
clarkboh and prep-apply.sh19:25
clarkbso half the chagne would stick around19:25
fungido we use prep-apply.sh any longer?19:25
clarkbyes in our puppet noop apply tests19:25
fungii wasn't sure if that only got called when launching new servers. okay19:26
clarkbwhich will exist until we remove the puppet apply testing I think19:26
fungigot it. i thought we used ansible to install it19:26
fungito install/configure puppet i mean19:26
clarkbwe do, if you read that script it uses ansible19:27
clarkbbut ya that script is still used by the noop apply tests iirc19:27
fungianyway, i figured if people concurred on deleting some of those files, i could just push a revision to remove any which aren't needed, or a separate deletion change as a parent of that19:27
fungiand if there was any input on other things we should also delete from the repo, add those too19:28
clarkbok I can push a new ps that removes email_stats.py and maintain-infra-groups.py19:28
clarkbthen maybe do a separate followup for any additional files to remove19:28
clarkbthe problem I'm trying to avoid is makign each of these super perfect since they have been ignored for so long. Better to land what is good enough then followup I think19:29
clarkbotherwise we may go another 3 years not merging anything :)19:29
fungithat's fair, easier to just approve this one for now19:29
clarkbSome of the other changes under that topic may need more scrutiny lik ethe gerrit config updates19:30
clarkbbut I'll try to keep up with the reviews on them regardless of who the original owner is. I can be a proxy owner19:30
clarkb#topic Retiring the Gerrit Repo19:31
clarkbI think we can say "DONE" and move on19:31
clarkb#topic Scheduling project renames19:31
clarkbthe school let me know that the 15th is a day off for the kids which I susppose I should've expected. I don't think it is that big of a deal to continue to do the rename on that day for me though19:32
clarkbif there are no objections at this point I should send email about the plan and make the scheduled time official19:32
clarkbfungi: ^ does this day still work for you?19:32
fungiyep19:32
clarkbcool let me make a note here to send email about that soon (probably tomorrow at this rate). Is there a good time of day?19:33
clarkbI think I can do anything after like 1500 UTC19:33
fungithat works for me19:34
fungiunless later is better for others who want to help19:34
clarkbcool I can send email for 1500-1600 on the 15th then we can always adjust from there if necessary19:35
clarkb#topic Open Discussion19:35
ianwi can't guarantee much for my 16th as that's school holidays here19:35
clarkbianw: ya no worries19:35
clarkbI'm good with it as long as we have two people around19:36
clarkband then we can schedule the gerrit upgrade on another day. (which I keep meaning to start catcing up on)19:36
clarkbNote we updated the udev rule for glean to fix centos 9 boots in rax19:36
clarkbthat seems to have worked and I havne't seen any unexpected fallout which is always a concern when modifying boot processes19:36
ianwthanks for that.  i sent a kernel patch in to mark those interfaces as "enumerated", which is a flag to systemd that basically they should be renamed19:38
ianwthe chance of that 1) getting merged, 2) making its way back into centos 8 to get the interfaces renamed there rounds down to about 0% i think19:38
ianwbut still, hopefully going forward it may not flip-flop again19:39
clarkbis that a backport of an existing fix since centos 9 doesn't have that behavior?19:39
clarkbor are we working by chance?19:39
ianwi think that centos 9 systemd/udev decides to rename them anyway; despite their /sys flag not marking them as "unstably" named19:40
clarkbah19:40
ianwi couldn't find a smoking gun change, probably could by git bisecting systemd and booting over and over19:41
ianwbut who knows, maybe something happens and the behaviour flips back again, unclear if it was even intentional19:41
clarkbgot it19:41
clarkbSounds like that may be it for this week. I'll give it a few more minutes before ending19:44
fungii've just sent e-mail messages to service-announce and openstack-discuss about the new -d with depends-on behavior19:46
fungier, -2 with depends-on19:46
clarkbthank you for putting that together19:48
clarkb#endmeeting19:51
opendevmeetMeeting ended Tue Apr  5 19:51:24 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)19:51
opendevmeetMinutes:        https://meetings.opendev.org/meetings/infra/2022/infra.2022-04-05-19.01.html19:51
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/infra/2022/infra.2022-04-05-19.01.txt19:51
opendevmeetLog:            https://meetings.opendev.org/meetings/infra/2022/infra.2022-04-05-19.01.log.html19:51
clarkbThank you everyone19:51
jentoiothanks19:51
fungithanks clarkb!19:51

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!