| *** darmach4 is now known as darmach | 05:27 | |
| opendevreview | Lukas Kranz proposed zuul/zuul-jobs master: Add limit-log-files role https://review.opendev.org/c/zuul/zuul-jobs/+/945795 | 05:55 |
|---|---|---|
| opendevreview | Lukas Kranz proposed zuul/zuul-jobs master: Add limit-log-files role https://review.opendev.org/c/zuul/zuul-jobs/+/945795 | 06:10 |
| opendevreview | Lukas Kranz proposed zuul/zuul-jobs master: Add limit-log-files role https://review.opendev.org/c/zuul/zuul-jobs/+/945795 | 06:11 |
| mnasiadka | corvus: it seems it didn't fail, anyways I'll post a change to disable no_log because there's no other way to understand what's happening | 06:58 |
| opendevreview | Michal Nasiadka proposed opendev/zuul-providers master: Remove no_log for image upload tasks https://review.opendev.org/c/opendev/zuul-providers/+/948989 | 07:00 |
| opendevreview | Lukas Kranz proposed zuul/zuul-jobs master: Add limit-log-files role https://review.opendev.org/c/zuul/zuul-jobs/+/945795 | 07:05 |
| opendevreview | Lukas Kranz proposed zuul/zuul-jobs master: Add limit-log-files role https://review.opendev.org/c/zuul/zuul-jobs/+/945795 | 11:25 |
| opendevreview | Lukas Kranz proposed zuul/zuul-jobs master: Add limit-log-files role https://review.opendev.org/c/zuul/zuul-jobs/+/945795 | 11:38 |
| Clark[m] | mnasiadka: corvus: we can't drop the no log there because we pass the cloud credentials in as vars. I think Ansible records all task vars in its logging if no log isn't set | 13:25 |
| Clark[m] | So even if the uploads themselves don't leak secrets the mere act of running the task will via ansible | 13:25 |
| frickler | Clark[m]: corvus: so how can we proceed with this, then? hold a node and try to reproduce the upload step manually from there? | 13:30 |
| mnasiadka | Clark: I think if we set no_log=True on the cloud argument in argument_spec (see https://opendev.org/opendev/zuul-providers/src/commit/de9e6784d67810e97ed5b12361ac746cf8896d26/roles/image-upload-swift/library/image_upload_swift.py#L91) we could overcome this | 13:33 |
| opendevreview | Michal Nasiadka proposed opendev/zuul-providers master: Remove no_log for image upload tasks https://review.opendev.org/c/opendev/zuul-providers/+/948989 | 13:36 |
| Clark[m] | frickler: generally yes I think when we hit issues and no log is required that we have to resort to manual attempts to reproduce the issue | 13:38 |
| Clark[m] | mnasiadka: does that work? I thought Ansible always logged all vars on a task at the call site | 13:39 |
| Clark[m] | Not necessarily to stdout but in the json report | 13:39 |
| mnasiadka | Clark: it does, we use that in some Kolla-Ansible modules | 13:39 |
| mnasiadka | But I guess it's worth testing out outside of Zuul run :) | 13:40 |
| corvus | i expect the no_log solution to work | 13:40 |
| corvus | the creds we're using for that are application creds only used for uploading niz images. if we're fairly sure it'll work, i think we can risk a run in prod and revoke the creds if it shows up in the json. | 13:42 |
| corvus | also, we could add a dummy secret and try a run with that (expecting it to fail on auth) just to demonstrate. | 13:42 |
| mnasiadka | feel free to update my patch, I don't think I know all the mechanics in that repo :) | 13:45 |
| Clark[m] | Oh that's a good point these credentials are scoped so if we're reasonably confident then proceeding seems ok | 14:00 |
| mnasiadka | Clark, corvus : Seems https://review.opendev.org/c/opendev/zuul-providers/+/948989 passed - do you want to have a go and see if that does not leak credentials? | 14:50 |
| *** ralonsoh is now known as ralonsoh_out | 15:15 | |
| corvus | mnasiadka: lgtm; definitely want Clark fungi or frickler to weigh in on that. | 16:00 |
| corvus | mnasiadka: wild guess: is this the first build that is running on a jammy node? because i think we build the x86 jammy image on noble? there may be something about that platform that is incompatible with the upload implementation. perhaps taking Clark's suggestion and running that on a noble node would help? | 16:07 |
| opendevreview | James E. Blair proposed opendev/zuul-providers master: Add ubuntu-jammy-arm64 image builds https://review.opendev.org/c/opendev/zuul-providers/+/948318 | 16:08 |
| corvus | mnasiadka: since that change is stalled waiting for a solution anyway, i went ahead and updated that to see if it works. | 16:08 |
| mnasiadka | Sure, if that works - I totally missed that comment | 16:10 |
| mnasiadka | Or maybe got too focused on getting an output from upload task :) | 16:11 |
| corvus | i'm going to single-core approve that since it's a minor already-reviewed change and it's self testing. | 16:14 |
| corvus | we'll find out if it fixes the upload faster | 16:15 |
| opendevreview | Merged opendev/zuul-providers master: Add ubuntu-jammy-arm64 image builds https://review.opendev.org/c/opendev/zuul-providers/+/948318 | 18:21 |
| corvus | mnasiadka: okay i guess that was it. so that ansible role is maybe just not "jammy-compatible"... and maybe we don't actually care enough to fix it? :) | 18:22 |
| corvus | (but if we did, then someone could try running that manually on a jammy node to do so) | 18:23 |
| corvus | Clark also wins points for leaving a comment that improved 2 things at once :) | 18:24 |
| mnasiadka | Yay | 18:35 |
| frickler | as long as we don't discover an image which needs to be built on an older node, I guess we should be fine with this | 19:03 |
| fungi | corvus: mnasiadka: i've been loosely following along but this is a bad week, both clark and i are busy with all-day in-person meetings and travel through friday | 19:17 |
| opendevreview | Goutham Pacha Ravi proposed opendev/system-config master: Add the Gerrit reviewers plugin to Gerrit builds https://review.opendev.org/c/opendev/system-config/+/724914 | 19:40 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!