Tuesday, 2024-04-16

clarkbJust about meeting time18:59
clarkb#startmeeting infra19:00
opendevmeetMeeting started Tue Apr 16 19:00:12 2024 UTC and is due to finish in 60 minutes.  The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot.19:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:00
opendevmeetThe meeting name has been set to 'infra'19:00
clarkb#link https://lists.opendev.org/archives/list/service-discuss@lists.opendev.org/thread/X5LH5DM5F4KOX5X2D2IGRGVJ5USFL3SZ/ Our Agenda19:00
clarkb#topic Announcements19:00
clarkbI wanted to call out this email fungi sent to the service-announce list19:00
clarkb#link https://lists.opendev.org/archives/list/service-announce@lists.opendev.org/thread/4HUXROUE4ZRWLC6JFT5YF3GO6G3UULWL/19:01
fungii had fun pulling those numbers19:01
clarkbBasically if you use ecdsa keys and putty you'll want to check that out as your private key material is potentially determinable19:01
clarkbanything else to announce?19:01
funginot just any ecdsa, one specific set of nist parameters19:02
fungibut yes19:02
* fungi has nothing else to announce19:03
clarkb#topic Upgrading Servers19:03
tonybno n progress.19:04
clarkbI don't think there is anything new to report here, but it is worth noting that OpenStack and StarlingX have made major releases and the PTG has concluded19:04
clarkbwe should be good to start making changes with minimized impact to development cycles19:04
tonybI'll get back into the swing of things this week19:04
clarkb#topic MariaDB Upgrades19:04
clarkback19:04
clarkbEtherpad, Gitea, Gerrit, and Mailman could use upgrades.19:04
clarkb#link https://review.opendev.org/c/opendev/system-config/+/915183 Upgrade mailman3 mariadb to 10.1119:04
clarkb#link https://review.opendev.org/c/opendev/system-config/+/911000 Upgrade etherpad mariadb to 10.1119:05
corvuszuul runs on mariadb now and does not need upgrading :)19:05
clarkbI believe that ansible and docker compose will automatically upgrade these db servers for us when we land these changes19:05
fungii think the mailman one could go in without much concern. i'm happy to monitor it as it deploys19:05
clarkbif we don't want the upgrades to be automated we can put nodes in the emergency file and do it manually19:06
clarkbfungi: ya I agree. Maybe we should just go ahead with that one and do similar with etherpad once we've got a better idea of what the 2.0.x upgrade path looks like?19:06
fungisure. we've already got one +2 on it, didn't know if anyone else wanted to look it over first19:06
clarkbI guess any other reviewers can chime in during the meeting otherwise I think you're clear to proceed when ready19:08
fungithanks!19:09
clarkb#topic AFS Mirror Cleanups19:09
clarkbNow that the PTG is over I need to start pulling up existing xenial configs in zuul to figure out a course of action for cleaning up xenial19:09
clarkbI suspect with this one we're going to have to set a hard date and then just accept zuul errors because there are a lot of tendrils in everything19:09
clarkbonce I've got a general sense of what needs to be cleaned up I'll try to write appropriate mailing list emails for those affected and then we can set a date and aim for that19:11
fungimay need to merge some things bypassing errors too19:11
clarkb#topic Building Ubuntu Noble Nodes19:11
clarkbThe other related item to cleaning old ubuntu up is adding new ubuntu19:11
clarkbfrickler has started some testing of this locally and discovered two problems. The first is glean needs some small updatse to be python3.12 ready19:12
clarkb#link https://review.opendev.org/c/opendev/glean/+/915907 Glean updates for python3.12 support19:12
clarkbThe other is that debootstrap in our debian bookworm based nodepool-builder images is not new enough to build noble. I think this is "normal" and we have had to pull newer debootstrap from testing/unstable to accomodate prior ubuntu releases19:13
clarkbfrickler is there a change to do that bump yet?19:13
clarkbI haven't seen one if so. Adding one would probably be a good idea19:13
fricklerno, I just created the missing symlink locally for me19:13
fricklerthen there's also some infra elements that need updating, I hope I can do a patch for that tomorrow19:14
clarkbsounds good, thank you for looking into that19:14
clarkb#topic review gerrit service troubles19:16
clarkbI haven't seen any word from mnaser or guillhermesp on why the server shutdown under us. At this point maybe we file this topic away and address it if we do get that info19:16
clarkbHowever, on Sunday the service stopped responding again. This time the server itself was up and running but spinning its cpus and not getting any useful work done19:17
clarkbI believe I tracked this down to a bad client and blocked them then restarted services and things have been happy since19:17
clarkbWe also upgraded Gerrit yesterday which brought in a bug fix for a potential dos vector19:18
fricklerso that was just a single IP address?19:18
clarkbfrickler: yes19:18
clarkbas a side note when we rebuilt the 3.8 image we also rebuilt the 3.9 image which brought in fixes for the issues I was concerned about upon upgrading. We can probably start upgrade planning and testing now19:19
clarkbI don't think there is anything we need to do related to gerrit at thsi moment. I just wanted to get everyone up to date on the issues we have had and point out we're in a position to begin upgrade testing and planning19:21
clarkb#topic Project Renaming19:21
clarkbBefore we upgrade Gerrit we have a project rename request. We pencilled in April 19th as renaming day as it happens after the PTG and that happens to be this Friday.19:21
clarkbDo we want to proceed with an April 19 renaming? If so we need to land https://review.opendev.org/c/opendev/system-config/+/911622 (or something like it ) and prep the record keeping changes19:22
clarkbOh and we need to decide on a time to do that so we can send an announcement19:22
clarkbI'm happy to shepherd that stuff along but don't want to be the only one around on Friday if we proceed19:23
fungisounds good to me19:24
fungii can be available whenever you are19:24
clarkbfungi: ok in that case 9am pacific is good for me. I think that is 1600 UTC. Lets announce 1600-1700 UTC as the window?19:24
clarkband I'll dedicate a chunk of tomorrow to getting everything prepared well in advance19:25
fungiwfm19:25
clarkbgreat I'll send an announcement later today19:26
clarkb#topic Etherpad 2.0.x Upgrade19:26
clarkb#link https://review.opendev.org/c/opendev/system-config/+/914119 WIP change for Etherpad 2.0.319:26
clarkbThis change passes testing now which is a nice improvement.19:27
clarkbThe background on this is taht Etherpad made a 2.0.0 release that largely didn't chagne anything user facing and had everything to do with how you install and deploy etherpad using pnpm now19:27
clarkbThis resulted in dockerfile updates but was reasonably straightforward. Then before the PTG could end 2.0.2 was released and they removed support for APIKEY.txt based authentication and moved everything to oauth2.019:28
fungiso much for semver ;)19:28
clarkbI filed a bug asking them to document how you can use the api like before and the result of that was new functioanlity in the oauth2 server to support client_credentials grants19:28
clarkbThe reason why that change above is a WIP is that this update (whcih does work for our purposes) is not in a release yet. I suspect that release will be 2.0.3 or 2.1.019:28
clarkbI also updated testing to cover the documented api tasks that we perform to ensure we can perform them via the new auth process19:29
clarkband I updated the docs19:29
clarkbI do think this change is ready for review. I hope that when the release happens I can update teh git checkouts as the only updates to the change and we can upgrade19:29
fungithanks for solving that!19:29
clarkbGiven we don't know when that release will happen I think we can probably try to do the mariadb upgrade before we upgrade etherpad19:30
clarkbI'll try to find time to watch that upgrade if no one has objections19:30
fungiwfm19:30
clarkbit was a fun one. I had to rtfs to find the api endpoints because even after the docs updates details like that were not mentioned. Then spent time reading the oauth2.0 rfc to figure out the client_credentials request flow19:31
clarkbits actually fairly straightforward once you have that info, the hard part was discovering all the breadcrumbs myself19:32
fungiuse the source, luke19:32
clarkbI'll get a held node up soon that we can use to test normal functionality hasn't regressed as well19:32
clarkb#topic Gitea 1.21.11 Upgrade19:33
clarkb#link https://review.opendev.org/c/opendev/system-config/+/916004 Upgrade Gitea to 1.21.1119:33
clarkbGitea made a release overnight19:34
clarkbthere are bug fixes in there that we should probably consider upgrading for19:34
clarkbThe templates we override did not change so we don't have any template updates either19:34
frickleranything that might be related to the missing tags?19:35
clarkbfrickler: unfortunately I didn't see anything that looks related to that19:35
clarkb#topic Open Discussion19:36
clarkbAnything else?19:36
corvusas alluded to earlier, zuul-db01 is running mariadb now and zuul is using that as its db19:37
clarkbcorvus: and the host is out of the emergencyfile?19:37
corvusi've removed it from emergency, so we should consider it back in normal service19:37
clarkbthanks!19:37
clarkbthe web ui works for me so this seems to be happy19:38
clarkbcorvus: we should probably plan cleanup of the trove db at some point?19:38
corvusi did leave the mysql 8 files on disk; maybe we'll delete them next weekend/week?19:38
fungisounds good19:38
corvusyes, maybe do both mysql 8 and trove cleanups at the same time?19:38
clarkbwfm19:38
corvushow about we action me on that, and i'll try to do it > fri  and < tues?19:39
fungii think i still need to clean up the old keycloak server too19:39
clarkb#action corvus cleanup the zuul trove and mysql dbs19:40
clarkbfungi: did you want an action on that too?19:41
fungisure19:41
frickler/var/mariadb looks pretty full19:41
clarkb#action fungi cleanup old keycloak server19:42
fungispeaking of cleanup, openinfra foundation staff are looking at moving the openstack.org dns hosting from rackspace's dns service to cloudflare where they have the openinfra.dev domain hosted. we don't rely on it for much any more, but probably worth talking through. i was at least going to see about deleting any old records of ours we no longer need so we have a better idea of what's19:42
fricklerjust looking at cacti19:42
fungistill in there19:42
clarkbfrickler: agreed. The volume is mounted via lvm though so in theory we can add another and grow it. Or add a biger one, grow, then remove the old smaller one19:43
clarkbfungi: ++ deleting old records is a great idea19:43
corvuswell, removing the mysql 8 data will give half the used space back19:43
corvusif we're talking about zuul-db0119:43
clarkbcorvus: oh I see ++19:43
fungiwe can also pvmove extents from a smaller pv to a larger one in the same vg, if it becomes necessary19:43
clarkbfungi: I also mentioned to them that ianw wrote a tool to dump the rax zones in zonefile format which I offered to provide them to simplify the move19:44
clarkbProbably also worth noting that meetpad seems to have done well during the PTG. There were some reports of mic problems that apparently don't happen in other tools and some indicated they couldn't connect. But on the whole it worked well and performance was reasonable from what I could see19:45
fungisome users also found the built-in noise cancellation option helpful to turn on, if their own mics didn't do a good enough job of it19:46
frickleryes, not sure still what happened in the openeuler session19:46
clarkblast call on any other items. Otherwise I'll end the meeting about 12 minutes early.19:46
fungifrickler: diablo_rojo was going to check in with them to get details19:47
fungithe edge wg session(s) used the recording feature, which seems to have worked out19:47
funginot sure if any other tracks recorded anything19:48
clarkbI haven't seen any if so19:48
clarkbsounds like that may be all. Thank you everyone! We'll be back next week at the same time and location.19:49
clarkb#endmeeting19:49
opendevmeetMeeting ended Tue Apr 16 19:49:29 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)19:49
opendevmeetMinutes:        https://meetings.opendev.org/meetings/infra/2024/infra.2024-04-16-19.00.html19:49
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/infra/2024/infra.2024-04-16-19.00.txt19:49
opendevmeetLog:            https://meetings.opendev.org/meetings/infra/2024/infra.2024-04-16-19.00.log.html19:49
clarkbNow to track down lunch and maybe a bike ride19:49
* tonyb goes for a pre-dawn run19:50

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!