Tuesday, 2024-08-20

clarkbjust about meeting time18:59
clarkb#startmeeting infra19:00
opendevmeetMeeting started Tue Aug 20 19:00:55 2024 UTC and is due to finish in 60 minutes.  The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot.19:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:00
opendevmeetThe meeting name has been set to 'infra'19:00
clarkb#link https://lists.opendev.org/archives/list/service-discuss@lists.opendev.org/thread/XHQIBDONZ6RMOINLKWHDFGKVN5ADB3N3/ Our Agenda19:01
clarkb#topic Announcements19:01
clarkbThe openinfra summit in korea is just under 2 weeks away19:01
clarkbI'm planning to attend so will miss the September 3 meeting. Do plan to chair the August 27 meeting though19:02
clarkb#topic Upgrading Old Servers19:03
clarkbLooking at Gerrit it appears tonyb has been pushing noble server replacements along19:03
clarkbapologies that these changes got lost in the shuffle19:03
clarkb#link https://review.opendev.org/c/opendev/system-config/+/925447/219:04
tonybSlowly.  I have some updates to make to https://review.opendev.org/q/topic:noble-mirror+is:open which will be the first focal upgrade19:04
clarkb#link https://review.opendev.org/q/topic:noble-mirror+is:open19:04
tonybAlso I've finally finished testing the recaptcha and bulk delete extensions on the held wiki node19:05
fungifrickler had some comments on 925438 or else i'd just insta-approve it19:05
clarkbya I +2'd those changes but didn't approve since there were comment sfrom frickler19:05
tonybI plan to respin the mediawiki role with a bunch of questions.19:05
clarkbtonyb: I take it there weren't any major concerns that popped up in the wiki testing?19:05
clarkbat least for those particular items?19:06
fungimy cursory testing was good with the wiki held node19:06
tonybYeah I don't know how I missed that's what the pause was on the noble updates19:06
fungii didn't find time to make edits with a separate account and test partrolling them, but i'd also be fine just "testing in production" for that bit since i'm the only one currently doing it anyway19:07
tonybclarkb, fungi: Nope once I creted a valid recatchpa token (it's a personal one) recaptcha worked as expected and once that was done the there was stuff to bulk delete19:07
clarkbthat is reassuring that things are working as you get to them19:07
tonybI'd like another review of https://etherpad.opendev.org/p/opendev-wiki-announce and then we can float some timelines19:08
clarkb#link https://etherpad.opendev.org/p/opendev-wiki-announce Draft announcement for wiki server replacement19:08
tonybYeah the only think that doesn't "just work" is the skin which was also expected19:08
fungiand also purely cosmetic19:09
tonybWe can think about how to handle the database update/migration inline on the review once they're updated19:09
clarkbsounds good. I'll take a look at that announcement draft today. I know i've looked at it before but there appear to be new edits19:09
tonybYup I incorporated your feedback and added some extra details19:10
clarkbanything else?19:10
clarkb#topic AFS Mirror Cleanups19:12
clarkbThis item is the first one to fall off my list as I get distracted by other things. Unfortanately, that means I haven't made any real progress on this since the removal of projects from the zuul tenant19:12
clarkbI think the next step here is going to be continuing to do project removals from the zuul tenant config and also cleaning up jobs in projects that are still active19:13
clarkbbut I don't have a sense yet for what is left to do in the current state of things19:13
clarkbThat said there is some interest in mirroring rocky packages so it would be good to get xenial cleared out19:13
clarkbHowever, it would be good to determine if we need to mirror rocky packages before proceeding with that (this came up in the TC meeting about an hour ago)19:14
clarkb#topic Testing Rax's New Cloud Offering19:14
clarkbProgress is slowly being made here. I'm hoping to have a quick chat with some folks on thursday to get some base details19:15
clarkbSo while I don't have anything concrete yet I expect to have more info this week19:15
tonybThat'd be good.  It's all very "handwavy"19:16
fungiyeah, basically hoping cloudnull can clarify it all for us19:16
clarkb#topic Etherpad 2.2.2 Upgrade19:17
clarkbRecently Etherpad made a 2.2.2 release. There are actually tags for releases between 2.2.2 and the release we are running but not official release objects on github19:17
clarkbTesting quickly showed that this doesn't just work for us like some previous updates. In particular they have completely rewored how js code is imported/loaded into the browser and this appears to break our ep_headings plugin19:18
clarkbThere is an alternative plugin called ep_headings2 that does similar things, but an ancient github issue indicates ep_headings2 is not compatible with ep_headings markup. It isn't clear to me yet if this incompatibility is fatal to etherpad or if pads will just require some manual reformatting19:19
clarkbI think we can live with manual reformatting as people can do that for pads that are active and that they care about. But if this is fatal for the service or just pads using ep_headings we will need to do more work to fix things19:19
fungithe data is fully encapsulated in mysql right? so in theory we can dump/source production into a held node and see what happens?19:20
clarkbAnyway that all requires some testing. I think we can hold a node on the version we are running today. Make a pad with all the variou headings content, then update to 2.2.2 and see what breaks if anything19:20
clarkbyes an alternative to ^ is to restore the prod db into the current 2.2.2 held node19:20
clarkbI just haven't prioritized this testing yet as I've been largely focused on getting prepared for the summit19:20
clarkbif anyone else wants to poke at this that would be appreciated19:21
clarkb#link https://review.opendev.org/c/opendev/system-config/+/926078 WIP Change implementing the upgrade19:21
fungii'll see how my tomorrow shapes up19:21
clarkbthat change is WIP until we know we won't break things with an upgrade19:21
* fungi is still catching up from emergency travel madness19:21
fungiseems like it would be straightforward to test though so i'll try to give it a shot19:22
clarkbthanks19:22
clarkbalso worth noting we did confirm that ep_headings2 works with 2.2.2. The main question is what compatibilty looks like coming from ep_headings19:22
clarkbI suspect in an absolute worst case we might end up needing to export and reimport all the pads in some sort of automated fashion. That will almost certainly lose all the headings formatting but should preserve the content19:23
tonyband the etherpad team aren't interested in the fact ep_headings is broken?19:24
fungiit's "just a plugin"19:24
tonybAh19:24
clarkbya ist an ancient plugin that was archived19:24
tonybthat's a little sad19:24
tonybbut understandable19:24
fungii think the idea that there are people running decade+ old etherpad instances and not auto-expiring pads is surprising to them19:25
clarkband more generally the new maintainer is far more interested in modernizing things than keeping compatibility with really old stuff19:25
fungithe project itself has had several leadership turnovers and renames in that span of time, after all19:25
clarkbfor example the new auth system. Though they did eventually add the old auth system abck into etherpad19:25
clarkb#topic Service Coorindator Election19:27
clarkbToday is the last day for the nomination period. I haven't seen any nominations. Assuming I haven't missed one does that mean I'm it again?19:27
fricklercongratulations :)19:28
clarkbI can make it official after the meeting if no one else wants it I guess19:28
fungiamd you have my condolences19:29
fungis/amd/and/19:29
fungicongratudolences19:29
tonybclarkb: Thank you for your bravery19:29
clarkbthe crowd is making their will clear19:30
clarkb#topic Updating the Default Zuul Nodeset19:30
clarkblast week I announced we would set ubuntu-noble as the default nodeset tomorrow19:30
clarkb#link https://lists.opendev.org/archives/list/service-announce@lists.opendev.org/thread/DWF57QP75BC6GBIG7RV6PRLBDOVANET3/19:30
fungiand there was much rejoicing19:30
clarkb#link https://review.opendev.org/c/opendev/base-jobs/+/92636019:31
clarkbplan is still to merge that tomorrow as announced19:31
clarkbI intend on doing that first thing in the morning so I have plenty of time to be around to help debug if necessary19:31
clarkbdo ya'll think that is early enough in the day or would you prefer to merge it before my day starts?19:31
clarkbI can drop the -W if that is the case19:31
fricklerI'm busy in my morning, so fine with waiting for you19:32
fungiseems fine. i can approve it earlier if you want though19:32
clarkbno I think that is enough time. I just wanted to give the option if we felt strongly about it19:33
clarkb#topic openstack.org DNS Hosting Moved to CloudFlare19:33
fungiit happened19:33
clarkbas of very recently this manuever has been completed19:33
fungia few hours ago now19:33
clarkbplease be on the lookout for unexpected behavior that can be attributed to DNS19:33
tonybnoted19:34
clarkbfungi is able to edit the zone directly and while I can't yet do things myself I can also message other people who can19:34
fungithanks frickler for spotting the problem with the proxied openstack.org redirect to www.openstack.org19:34
clarkbI've got on my todo list to create an account so that I can make edits in addition to fungi. In general though we don't make a ton of edits so I don't expect issues19:34
fungimore generally, we should avoid making changes to that domain for a few days anyway while authoritative dns settles out19:34
fungialso it looks like we can probably adapt our raxdns backup to use the cloudflare api, we'll just need an api key created and (obviously) code changes to enable it19:35
clarkbI wonder if cloudflare has direct export apis19:36
clarkbthe raxdns backup has to go record by record and construct the file itself iirc19:36
fricklerso are all non-opendev websites now proxied by cloudflare?19:36
fungithey definitely have a rest api because i perused the docs for it19:36
fungifrickler: no, only openstack.org19:36
clarkb(and it was before this change. I think some of the motivation for the change was to streamline that existing integration)19:37
fungibasically, the foundation relies on cloudflare for cdn services with www.openstack.org but cloudflare makes that less expensive if you host the domain with them, while rackspace charges the foundation for dns hosting19:37
fricklerI think the good thing about it is that it is reachable via IPv6 now19:38
tonybyeah it looks like you can basically get a bind zone file via the API 19:38
fungiso moving the hosting for that specific domain was a cost-cutting measure19:38
frickleropenstack.org did point to a rax IP before, but I didn't check www.19:38
clarkbfrickler: oh ya I think only one of them pointed to cloudflare before19:39
clarkband the other redirected to the cdn or something.19:39
fungiactually openstack.org was going to a vexxhost ip address i think, but regardless it was just hosting a redirect to the cloudflare cdn for www.o.o19:39
fricklerdidn't occur to me that anyone is actually still using www.* these days19:39
fungiwelcome to the wonders of the world wide web19:40
fricklerI'd also still prefer for us to have higher TTLs on our CNAMEs again (like 1h), but also not mission critical I guess19:41
clarkbI think that is a generally good idea. At least historically we saw dns resolution failures at a higher rate with low ttls from hosts behind NAT19:41
fungiyeah, as i pointed out, an http patch call can adjust the ttl per record so we could do that to the (currently) 104 records which refer to opendev services19:41
clarkball of those udp packets can easily get lost in the NAT state tables I guess19:42
fungibut also we try not to depend on the openstack.org domain where we can, so it should eventually just be for openstack project content (afs/kerberos is the biggest hold-out at the moment)19:42
fricklerwell I don't think we will change docs.openstack.org, which I'd consider the most important one19:43
fungidocs.openstack.org is openstack-specific content hosted from static.opendev.org via a cname in dns19:43
fungiso basically the sort of thing i said the domain should eventually consist of once we're done moving opendev services out19:44
clarkb#topic OpenMetal Cloud Cert Refresh19:45
fungiwith my openstack tact sig chair hat on i do think the dns and hosting for docs.openstack.org is important, but opendev's own operations don't depend on it19:45
clarkbya and we've got a path towards addressing that19:45
clarkbmight just take a moment19:46
fricklerthe openmetal issue looks like it could be fixed19:46
clarkbyup the background here is LE emailed us warning us that the cert was going to expire soon19:46
fungiwe'll know tomorrow-ish19:46
fricklerI checked logs earlier and they no longer showed the error19:46
fungioh good19:46
clarkbfrickler looked at the kolla logs and saw that the config appeared to have been updated to use the wrong email account19:46
fricklerinstead there was a ratelimit error from LE19:46
clarkbwe passed this info along to openmetal and they made some changes which hopefully will resolve things19:46
fricklerbut hopefulle it will be all resolved after the next cron trigger19:47
fungistupid rate limits. doesn't everyone know that time and space are relative anyway?19:47
clarkbfungi: did you change to add it to certcheck land?19:47
funginot yet19:47
fungi#link https://review.opendev.org/926488 "Track our OpenMetal environment HTTPS cert expiry"19:47
clarkbmaybe we should go ahead and +W that since its a minor change with minimal impact if we got it wrong19:48
fungilooks like frickler just did. thanks!19:48
frickler+319:48
fricklergood idea to check port 500019:48
fungiagreed, it hadn't dawned on me that they could diverge in the future19:49
clarkbcool, that should help us easily confirm things are issuing properly in the next day or so19:49
clarkb#topic Open Discussion19:49
clarkbAnything else with our last ~10 minutes?19:49
tonybnot from me.19:50
* fungi hungers19:50
fricklerthere was some discussion about the "opendev team" name in https://review.opendev.org/c/openstack/contributor-guide/+/92651119:51
fricklerand we do reference that multiple times in our own docs19:51
fungioh, yeah, i think what's there now was the result of a quick stream edit19:52
fricklerso if someone feels strongly to not use that term, an update would be in order IMO19:52
fungii'll try to take a look tomorrow and adjust the terminology to match what we settled on when we established our new identity19:53
clarkbhttps://codesearch.opendev.org/?q=OpenDev%20Team&i=nope&literal=nope&files=&excludeFiles=&repos= shows a couple of small instances19:53
clarkbmight be good to link to others if you see them19:53
fricklerI also failed to find a good reference for "all (openstack/opendev related) IRC channels"19:53
fricklerdo we intentionally not have that?19:53
clarkbfrickler: openstack/project-config/accessbot/channels.yaml is probably the most reliable19:54
fungiwe don't run any irc servers, so technically speaking, no19:54
fricklerthere were some refs in system-config19:54
fungiwe have channels where we maintain access controls, channels where we provide logging and meeting services, channels where we emit code review event data, channels where we supply announcements...19:55
tonybthere was a master list on the wiki but that's certainly wrong.  apart from that you could trall meetings.opendev.org/irclogs19:55
fricklerhttps://docs.opendev.org/opendev/system-config/latest/project.html and https://docs.opendev.org/opendev/system-config/latest/irc.html19:55
clarkbfrickler: thanks19:55
fungibut to be clear, we haven't attempted to offer an index of channels indicating what's on topic for each of them19:55
clarkband I think thats more the purvue of the projects themselves if they choose to have 100 channels19:56
frickleryes, I resorted to referring to individual project's contributor docs19:56
clarkb(I'm much more a fan of collapsing things down into more central channels)19:56
fungii agree that's the most correct guidance19:56
fungireferring to project documentation i mean19:57
clarkband we are at time. Thank you everyone! we'll be back here next week at the same time and location.20:00
clarkb#endmeeting20:00
opendevmeetMeeting ended Tue Aug 20 20:00:22 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)20:00
opendevmeetMinutes:        https://meetings.opendev.org/meetings/infra/2024/infra.2024-08-20-19.00.html20:00
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/infra/2024/infra.2024-08-20-19.00.txt20:00
opendevmeetLog:            https://meetings.opendev.org/meetings/infra/2024/infra.2024-08-20-19.00.log.html20:00
fungithanks clarkb!20:00
fricklerthx all o/20:00

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!