Tuesday, 2023-05-30

tonybFWIW I'll be late to the OpenDev meeting soon.18:44
fungican you just be on time later instead? ;)18:46
* frickler is getting too tired now and will skip18:46
fricklerimagine me mentioning https://review.opendev.org/c/openstack/project-config/+/884563 in the open section18:46
clarkbfrickler: oh interesting. Ya I'll call that out18:47
clarkbgood morning and good night to tonyb and frickler as is appropriate18:47
* fungi peers around19:00
clarkbhello!19:00
clarkbWe'll get started momentarily19:00
clarkb#startmeeting infra19:01
opendevmeetMeeting started Tue May 30 19:01:10 2023 UTC and is due to finish in 60 minutes.  The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot.19:01
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:01
opendevmeetThe meeting name has been set to 'infra'19:01
clarkb#link https://lists.opendev.org/archives/list/service-discuss@lists.opendev.org/thread/G2YQVAPBGOGDJKUKZKDUKAWMFMIWIRRD/ Our Agenda19:01
clarkb#topic Announcements19:01
clarkbI've gone ahead and written down that we should skip the meeting on June 13 as many of us will be in vancouver for the summit19:01
fungiworks for me19:02
clarkbI will also be unable to attend the meeting on June 20th as I'll either be on a plane or in a tsa line or something19:02
fungii expect to be travelling and likely miss the meeting on the 27th as well19:02
clarkbbut I'm happy for the meeting to happen without me19:02
ianwi will also be AFK then!19:02
fungii can likely chair the one on the 20th unless someone else wants to19:02
corvusLol see everyone in September!19:02
fungii like that plan even better19:03
corvusJk19:03
clarkbI do plan to have a meeting here next week though before the hiatus19:03
clarkbAlso good to generally be aware that a summit + forum + ptg is happening that week (June 13-15)19:05
clarkb#topic Topics19:05
clarkb#topic Migrating to quay.io19:05
clarkbI thought about pulling this off of the agenda but decided to keep it for today in order to do a recap19:05
corvusRun as root is new info19:06
fungisudo all the things19:06
clarkbthe tl;dr is that after migrating about half of hte issues I discoverd that transparent mirroring of images outside of docker.io does not work when using docker19:06
clarkbthis eventually led me to revert all of the moves I had already done. This is largely done except for base image locations in the zuul/* repos19:06
clarkband ya rootless podman really really wants a systemd session liek you're logging in on a desktop19:07
clarkbas far as I can tell our test nodes do create a session with systemd when sshing in (we have all that pam setup in place)19:07
corvusUser mapping is the bigger production issue 19:07
clarkbbut that isn't sufficient to make it happy. This leads to cgroupfs override options. THen on top of that you cannot run podman su'd to another user because you lack even more sstemd session stuff in that case19:07
corvusThat requires root19:08
clarkbWhen I did my test conversions of system-config stuff to podman it was all running as root because that is the simple 1:1 mapping away from docker19:09
clarkbI don't think this is a big regression compared to our use of docker but does remove some of the functionality you would hope to get out of podman19:09
clarkbThe other thing I want to call out is that dib folks are asking for some resolution on speculative image testing with nodepool. https://review.opendev.org/c/zuul/nodepool/+/884632 has been proposed now which does the hack up image names and set them via vars option we considered in my brainstorming document19:11
clarkbI personally think rolling forward with podman there is the best way forward so I -1'd it and pointed to the change that does that19:11
clarkbbut might be good to try and close that out soon one way or another 19:11
corvusoh yeah i'm going to -2 that19:12
corvuswe haven't been working on the actual fix for weeks just to give up now that it's actually working19:12
clarkbI think some of this confusion occurred due to the holiday creating two disparate groups of people attacking hte same problem19:12
clarkbbut I'm with you I've put a lot of effort into this and would like to see us fix it more properly19:13
fungithe fedora mirror change for dib has moments ago been revised to drop the dep on the other nodepool change anyway19:13
ianw++ 19:13
clarkbI think that is about it on quay.io stuff. Basically reviews and progress on the zuul side of things is what remains19:14
clarkb#link https://review.opendev.org/c/opendev/system-config/+/883311 A role to install podman. Clarkb needs to update this role19:14
clarkboh also this change is on my list of things to update so that we can start pushing on converting existing jammy nodes19:14
corvusi'm not sure the thing i raised before was adequately articulated19:15
corvusthe thing that is new since the last meeting is that due to the way we bind mount in files that are owned by the in-container nodepool user, the only way we can find to make that work right now is to run podman as root so that bind-mount happens with the correct perms, then we can still run the nodepool container as the nodepool user.19:16
clarkbcorvus: right we execute `podman` as root but then the container workload can still run as a dedicated user19:17
corvusso the implication is that we need to be okay with running the podman command as the root user (which is effectively the same as what is happening now with docker) in production, at least unless/until someone figures out a way of subuid mapping to allow that to happen with a host-level nodepool user.19:17
corvusya19:17
fungiif it's basically already the case with how we run the docker client, i don't see the concern19:18
fungiunless it's just that podman might have otherwise been an opportunity to avoid doing that19:18
corvusfungi: yep, from my pov, it's mostly just a sad face19:19
clarkbya I think we had hoped we could run things more betterer19:19
clarkbbut this isn't any worse19:19
clarkbalright anything else on this? We can pick up the zuul work in matrix since its largely zuul specific at this point19:20
tonybsounds good 19:20
clarkb#topic Bastion Host Change19:21
clarkb#link https://review.opendev.org/q/topic:bridge-backups19:21
clarkbI think this topic still needs reviews19:21
clarkbI do like the functionality and would like to move forard with it but also think it is sensitive enough it should be carefully reviewed (eg not move forward with just my review)19:21
tonybI promise to review it tomorrow 19:22
tonybjust another set of eyes19:22
clarkbthanks!19:22
fungioh, right, i keep meaning to look at that too19:23
clarkb#topic Mailman 319:23
fungino news yet. next i need to initiate some delivery tests so i can check what urls end up embedded in the list-oriented headers19:23
clarkbfungi: is the held node the same one as last week?19:23
fungislightly worried they'll go to the default domain instead of the list-specific domains19:23
fungiyeah, same held node still19:23
fungiat least now that the default domain is completely separate from the list-specific domains, it'll be easier to check for19:24
clarkbfungi: re email headers I think that may just work because django and the email bits are separted and it was only django that we had trouble with19:24
clarkbI think when we create the list and set the domain that is with the email backend and it should be more happy on that side of the mm3 house19:24
clarkbbut ++ to testing it19:24
fungiyes, hyperkitty and postorius specifically are the concern, so mailman-core should probably be unaffected19:24
fungibut i want to make sure19:25
clarkbSounds good19:26
clarkbanything else related to mm3?19:26
funginada19:27
clarkb#topic Gerrit Updates19:27
clarkbWith all the quay.io stuff I haven't had a chance to look at this. I still would really like to but realistically with summit and travel etc it is unlikely. For this reason I'll push up a revert for the bind mount which we can fallback to if necessary19:28
clarkb(again I don't think this is urgent more just super annoying)19:28
fungii guess the main new bit of news is that there's actually a gerrit 3.8.0 release now?19:29
clarkbyes since my bugs haven't gotten any traction19:29
clarkbthere is a community meeting on thursday morning which I'll attempt to attend19:29
clarkbbut they cancelled the last two because no one at google would start the google meeting instance19:29
clarkbI'm not getting my hopes up19:29
fungioh, i guess technically 3.8.0 was released a few days before last week's meeting19:30
fungitime has been an absolute blur lately19:30
clarkb#topic Upgrading Servers19:30
clarkbAs with gerrit replication task file cleanup this has been on the back burner. Unlike Gerrit replication leaks I'm hoping I might do a server or two between now and the summit19:31
clarkbfingers crossed! but other than that I don't have any real updates19:31
corvusi upgraded zuul mergers to jammy19:31
clarkbcorvus: did replcae our zuul mergers with jammy nodes.19:31
clarkbjinx!19:31
corvus:)19:31
fungithanks!19:31
clarkbThis continues to be the perpetual example of slow and steady progress19:32
clarkbnever as fast as I would like but never completely stalling out. Hopefully I can continue the trend before the summit19:32
clarkb#topic Fedora Cleanup19:33
fungicorvus: i guess, judging from the inventory/dns changes, you were able to do the full set of mergers in one shot?19:33
clarkb#undo19:33
opendevmeetRemoving item from minutes: #topic Fedora Cleanup19:33
fungii think i was nodding off that afternoon19:33
clarkbfungi: that is my understanding. In part because the executors also run mergers so we didn't need all of the mergers running at all times19:33
fungicool19:34
fungimakes sense to me, thanks19:34
clarkb#topic Fedora Cleanup19:34
clarkbtonyb: I went looking for any changes around the disabling of mirrors for fedora test nodes and didn't find one. But I may hvae looked poorly.19:34
clarkbI think that is the next step here, I'm happy to help if you need direction or reviews etc19:35
tonybI didn't get my patch published but I did a bunch of local testing 19:35
tonybI'll push it up today after I land19:35
clarkbsounds good thanks19:35
ianwi really should have thought about DIB first19:35
ianwthis + the quay changes have unfortunately caused quite some confusion19:35
ianw#link https://review.opendev.org/c/openstack/diskimage-builder/+/88379819:35
clarkbya, but we have changes to fix things on both sides so we should be able to make progress shortly19:36
ianwis I think ~ right19:36
ianwhowever we saw one weird failure where we couldn't parse out the .qcow2 path from a curl to the mirror19:36
ianwit's undetermined why, but i don't think as is the work-around in there is required per my comment19:37
clarkbonce the nodepool stuff is running again we caniterate on the dib side more easily too19:39
clarkbto figure that curl thing out19:39
clarkbI think that is it for fedora19:40
ianw++ ; i mean we could also just drop building fedora from .qcow2's 19:40
ianwi don't know if anyone actually uses it, other than the test19:40
clarkbeh its a feature people like to have since it allows them to modify existing eimages pretty easily19:40
clarkbor at least I'm always told this is why guestfs or whatever it is called is popular19:40
clarkband I have to remind people that dib does that too :)19:41
clarkb#topic Storyboard19:41
clarkbfungi: I saw some openstack-helm discussion today about this. Anything else to report?19:41
funginah, i merged that change and am about to deactivate the projects it removes19:42
fungithat's basically the extent of it19:42
clarkb#topic Open Discussion19:42
clarkb#link https://review.opendev.org/c/openstack/project-config/+/884563 Github merge method zuul configuration error fixes19:43
fungiand it's just cleanup for some already retired repos, the team isn't moving their active repos off sb for now19:43
clarkback19:43
clarkbfrickler: called out this change to fix some configuration errors in zuul19:43
fungifrickler also re-lit a fire under the openstack tc to get back to cleaning up their errors19:43
clarkbcorvus: ^ Is the underlying issue there that the projects in github have chosen a merge method that zuul doesn't support so we have to override? I do think frickler is correct that the harm here is minimal since we aren't gating those projects and are instead doing third party ci19:43
corvusi think that may be more complex than anticipated; i left a comment on the change19:43
clarkbah ok I should refresh and read it then19:44
clarkbcorvus: is the issue that zuul is detecting a mismatch between it and the github project configuration?19:44
corvuswell, even if the change were correct, i don't think we should merge comments that are incorrect19:44
corvusclarkb: yes, zuul is saying that it's configured to use the "merge" merge method with a certain repo, and github says that's not an option19:45
clarkbthe ideal fix would be to set the merge mode to match the upstream project in that case. Assuming zuul supports that mode.19:45
clarkband then we can drop the comment entirely19:45
corvushrm?19:46
corvusi mean, the comment says "this shouldn't be necessary since we're not gating" but it is necessary even if not gating19:46
corvusso i don't want to propagate the incorrect idea that this is only important for gating, it's not.  it's always important for zuul to merge changes locally the same way they are merged remotely.19:46
clarkbright, my point is if we set merge-mode to what github wants then the comment isn't relevant anymore and can be removed19:46
fungibecause zuul needs to be able to match its merge method in order to faithfully predict what a pr might look like once it merges19:47
corvusi mean, we don't need a comment19:47
corvusbut if we do feel that, then let's say something like "we're setting this to match the upstream method"19:47
corvusmy objection to the comment is that it says something about zuul's behavior which could mislead people19:47
corvusfungi: exactly19:48
clarkbgot it. I'm trying to calrify what the actual fix is here since you also sa that this change won't change any behavior19:48
corvusyes, i think that's the more important thing19:48
corvusand i don't have an answer to that19:48
corvusyou can see right now if you look at the error it says that the 'merge' merge-mode isn't supported19:48
corvusit's probably just not reporting an error in this case because it's not tripping the "is this a new error?" check19:49
corvusbut i bet a nickel if you merge that change the error will still be present since the conditions are the same19:49
corvusso, what is the correct merge mode?  and if it is 'merge', then why does zuul think it's not allowed?  are the $10k questions19:50
corvusmaybe $11k now with inflation19:50
clarkblooking at some closed PRs there doesn't seem to be a clear indication of the method being used unless 'foo merged commit 1234567' means merged explicitly19:50
tonybis that USD?  19:50
fungicanadian19:51
fungii need to use up all my leftover canadian currency19:51
tonybstill better than AUD19:51
clarkbbut ya we can run that down maybe by asking someone at ansible or querying the github api like zuul or something19:51
corvusmaybe there's a bug where no merge methods show up as permissible to the zuul user or something.  just brainstorm.19:51
clarkbcorvus: I wonder if zuul can list the acceptable merge methods when it logs the unacceptable ones (I don't know if it has that knowledge)19:51
corvusyeah i'd start with the latter.19:51
corvusclarkb: that would be ideal for debugging this19:52
fungidoes sound like a useful addition19:52
clarkbanything else?19:53
funginothing here19:55
fungiat least not that i can remember after the weekend19:55
clarkbsounds like that is everything. Thank you for your time. Reminder we'll be back next week then take at least a one week break19:55
clarkbpossibly a two week break.19:55
clarkbAnd then this meeting will occur at 6am for me so I'll feel tonyb and ianw's pain19:55
clarkbthanks again!19:55
clarkb#endmeeting19:55
opendevmeetMeeting ended Tue May 30 19:55:55 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)19:55
opendevmeetMinutes:        https://meetings.opendev.org/meetings/infra/2023/infra.2023-05-30-19.01.html19:55
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/infra/2023/infra.2023-05-30-19.01.txt19:55
opendevmeetLog:            https://meetings.opendev.org/meetings/infra/2023/infra.2023-05-30-19.01.log.html19:55
fungithanks clarkb!19:56
tonybthanks all19:56

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!