Tuesday, 2016-06-21

« Monday, 2016-06-20 Index Wednesday, 2016-06-22 »
jheskethfungi: have you (or do you know of anybody who may have) scripted EOL'ing branches?00:44
fungijhesketh: i've done nasty ad hoc one-liners for it in the past00:45
fungibasically i keep clones of everything we have in gerrit on my workstation, so i can just do a for loop over a list of repos, pushd into them, run arbitrary git/git-review commands, and then popd again00:46
fungiusually i'd whip up a text file containing the (short) tag message and pass that with an option to git so it was consistent and that way git wouldn't spawn an editor over and over00:47
fungiand then push an empty refname to the old branch name once done (and store a list of the prior shas of all the branches so i could undo it in case of a mistake)00:48
jheskethfungi: righto.. also I'm guessing the general process is to add myself to the bootstrappers then it's just git push gerrit tag && git push gerrit --delete stable/kilo?00:48
fungiyep, that's basically it00:49
fungibut you know, with some logging and debug details so you can fix any accidents00:49
jheskethokay I might script something up.. thanks :-)00:49
fungithanks for looking into it!00:50
fungijhesketh: also be mindful you'll need to check for (and abandon) any open reviews on the branches in question, or defer deletion until you can get those projects' core teams to do so00:51
jheskethrgr00:51
fungia quick gerrit query can double-check that for you00:51
jheskethyeah, tonyb has already gotten that for us :-)00:52
fungiall'00:53
fungis the better00:53
tonybjhesketh, fungi: the only open ones remaining are the ones I don't have permission to close.00:53
tonybtiny.cc/os-kilo-still-open is the dash of the open reviews but scripting would be quicker.00:54
tonybIf it's just those git commands I can add them to the same script if you like.00:57
*** zul has joined #openstack-stable01:00
jheskethtonyb: I'm working on a tool to do it01:11
tonybjhesketh: Cool, Thanks.01:11
*** mrunge has quit IRC01:15
*** mrunge has joined #openstack-stable01:21
jheskethtonyb, fungi: my bash and git foo are a little weak, but here is my first pass: https://review.openstack.org/33191001:52
tonybjhesketh: Thanks01:56
fungijhesketh: far from exhaustive, but a few suggestions left on that review02:01
fungiall in all looks good, mostly robustness items02:01
jheskethThanks :-)02:01
fungispotted a syntax error too02:03
* tonyb is too slow with his reviews02:08
jheskethtonyb: thanks, a quick comment inline about signing tags02:11
tonybreplied02:18
jheskethta02:18
*** mriedem has quit IRC02:26
jheskethtonyb, fungi: new version up for review https://review.openstack.org/33191002:53
*** stevemar has quit IRC02:54
tonybjhesketh: Thanks +1'd sort of ....03:13
jheskethtonyb: thanks.. tidied it up slightly03:39
jheskethtonyb: should probably give this a go and retire an old branch03:39
tonybjhesketh: go for it .... I can't do that thing03:39
jheskeththe gerrit documentation lies... it isn't matching a review to the commit sha and wants the changeid  (which is much harder to grep for)03:49
jheskethfine, I'll do it the nova way which requires jq to be installed03:52
jheskethwait, that outputs sha's...03:54
jheskethtonyb: look at https://review.openstack.org/Documentation/cmd-review.html and http://paste.openstack.org/show/520853/ and see if you can tell me what I'm doing wrong :-s03:56
jhesketh(please if yo uhave time)03:56
tonybjhesketh: looking ....03:56
tonybjhesketh: Well that looks right to me.04:04
tonybjhesketh: and matches what nova's script does AFAICT04:05
jheskethyep, hence the head+desk04:05
jheskethtonyb: playing around, that second one works: http://paste.openstack.org/show/520855/04:06
jheskethah okay, so it doesn't like the --branch param04:08
tonybjhesketh: Oh so --project and --branch bork it unless they fix it?04:08
jheskethotherwise it works04:08
tonybOh okay04:08
jheskethunless they fix it?04:08
tonybwell the docs that that --project and --barch are used if the SHA/CHange# have duplicates04:08
jheskethso if hte same commit is in multiple branches it may get confused, but that's not too bad as at least it'll still constrain to one project (rather than any commit from any project)04:08
jheskethtonyb: oh okay... well it works both with and without --project04:09
jheskethit just seems to be --branch it doesn't like04:09
tonybjhesketh: okay.04:09
jheskethand it'd be odd to only use --project or --branch if there were duplicates... so something weird is going on04:09
jhesketheither way, ommiting --branch should be safe04:09
jheskethokay abanding part of the script works04:11
tonybjhesketh: https://review.openstack.org/#/c/236642/2 look at the last few comments ...04:18
jheskethtonyb: that was me tryign different abandon methods04:19
tonybjhesketh: okay.04:19
jheskethtonyb: so the --message flag appears to leave multiple messages on a change... it seems like a gerrit bug but I'm trying to confirm https://review.openstack.org/#/c/331937/04:44
tonybjhesketh: You know we have openstack-dev/sandboc for that right?04:45
tonyb*sandbox*04:45
jheskethyes, I should have done it there04:45
tonybI'm not seeing multiple messages04:46
jheskethsorry, that change is a bad example...04:47
jhesketh1st abandon was via the web ui.. the 1st "not needed" comment was abandoning with a message while it was already in abandoned state04:47
jheskethso it added the message and kept the state04:48
jheskeththen it's restored and abanded via the cli.. this "Not needed" appears as a comment on the patch and then again on the Abandoned action04:48
jheskethThen restoring a 2nd time, the last Abandon is via the CLI with no --message which abandons with just 1 comment (correctly)04:48
tonybjhesketh: Hmm That's a bit of a pain :(04:51
jheskethtonyb: right... so our options are double comment, fix upstream gerrit (err, no thanks), leave no message04:53
jheskethI'm thinking double comment and moving on with our lives04:53
tonybjhesketh: I basically agree, there is another option .. the REST interface doesn't seem to have that same issue with double comments04:55
jheskethoh? did you run a test?04:55
tonybjhesketh: I used the REST API to abandon 40somethign reviews that I had permissions to do.05:02
tonybjhesketh: I s'pose I shoudl find one or two to verify that it didn't leave double messages.05:03
jheskethtonyb: got a script?05:03
tonybjhesketh: It's rough, ignore the 'gah_repos' stuff http://paste.openstack.org/show/520859/05:05
jheskethtonyb: maybe we should put that in the releases tooling and have the eol script call it?05:08
tonybjhesketh: Yeah it'd need tweking to be used that way but adding it to release-tools is my plan.05:09
tonybjhesketh: Also probably need a better way to get the http creds to it than via the cli05:11
tonybjhesketh: Tweaked slightly: http://paste.openstack.org/show/520861/05:15
*** armax has joined #openstack-stable05:41
*** armax has quit IRC05:46
*** rcernin has joined #openstack-stable05:56
jheskeththere aren't very many non-abandoned patches in your list... so I'm just going to do those manually and proceed with my script05:58
jheskethtonyb: okay, shall we do this thing live? starting with devstack?06:03
*** armax has joined #openstack-stable06:12
*** armax has quit IRC06:17
tonybjhesketh: So it looks like you've abandoned all the changes :)06:20
tonybjhesketh: Thanks.06:20
jheskethno worries06:20
*** armax has joined #openstack-stable06:21
jheskethtonyb: so is openstack-dev/devstack ready to go? eg there are no jobs or anything depending on it etc06:22
tonybjhesketh: It's my understanding that we're good to drop it.06:23
tonybjhesketh: but I understand if you want to leave it alive for 24hours or so to verify that06:23
jheskethwhat do we need to verity?06:23
jheskethmaybe we should start with an easier project06:24
tonybjhesketh: Yeah maybe leave devstack and requirements 'til last06:31
jheskethI was thinking the same for grenade and pbr06:31
jheskethtonyb: so what about astara06:31
jheskethdo we need to do any due diligence there?06:32
tonybjhesketh: Sounds good06:32
jheskethtonyb: where did you get this list from btw... are they big-tent projects with kilo branhces?06:32
tonybjhesketh: that's how it ended up, but it started as a much smaller set, then a few people opted in so I switched it around to opt out06:33
tonybjhesketh: and only a few things opted out06:33
tonybjhesketh: https://gist.github.com/tbreeds/7de812a5d363fab4bd425beae5084c87 at the end you can see the ones that opted out06:33
jheskethtonyb: is that the most up to date list? ie should I use that instead of your mailing list one?06:34
tonybSo you're right we need to leave devstack/grenade/requirements until tomorrow and I'll verify that the projects staying active are going to work without those things06:34
tonybjhesketh: the mailing list one was generated at the same time06:35
tonybjhesketh: the list I gave you had all the 'tagged repos removed which I now know is wrong06:35
jheskethtonyb: okay, lets do openstack/astara and see what happens06:36
tonybjhesketh: because that will leave the kilo branch behind in those projects06:36
tonybjhesketh: okay, then perhaps we shoudl wit until tomorrow06:36
tonybPhoebe is very distratcing06:36
jheskethtonyb: all good, we can wait until tomorrow for all of them06:36
jheskethwe have the tooling in place so we just need to make sure people are ready for branches to disappear and then we're good to go06:36
tonybjhesketh: cool06:37
tonybthey *should* be fine they were warned about it several times etc06:37
jheskethcool06:40
*** agireud has quit IRC06:51
*** pcaruana has joined #openstack-stable06:52
*** agireud has joined #openstack-stable06:55
*** ihrachys has joined #openstack-stable07:25
*** apevec has joined #openstack-stable07:48
*** e0ne has joined #openstack-stable08:11
*** agireud has quit IRC08:19
*** agireud has joined #openstack-stable08:28
*** armax has quit IRC08:44
*** derekh has joined #openstack-stable08:44
*** armax has joined #openstack-stable09:34
*** armax has quit IRC09:58
*** ihrachys has quit IRC10:22
*** amrith has quit IRC10:28
*** amrith has joined #openstack-stable10:29
*** amrith has quit IRC10:32
*** amrith has joined #openstack-stable10:33
*** armax has joined #openstack-stable11:06
*** ihrachys has joined #openstack-stable11:24
*** ihrachys has quit IRC11:26
*** armax has quit IRC11:33
*** ihrachys has joined #openstack-stable11:34
*** armax has joined #openstack-stable11:43
*** dtantsur|afk is now known as dtantsur12:01
*** apevec has quit IRC12:17
*** armax has quit IRC12:20
*** armax has joined #openstack-stable12:27
*** takedakn has joined #openstack-stable12:29
*** armax has quit IRC12:35
*** zul has quit IRC12:35
*** armax has joined #openstack-stable12:35
*** zul has joined #openstack-stable12:35
*** fesp has joined #openstack-stable12:45
*** fesp has quit IRC12:46
*** apevec has joined #openstack-stable13:04
*** sigmavirus24_awa is now known as sigmavirus2413:14
*** e0ne has quit IRC13:27
*** mriedem has joined #openstack-stable13:30
*** e0ne has joined #openstack-stable13:31
*** derekh has quit IRC13:36
*** eharney has joined #openstack-stable13:39
*** e0ne has quit IRC13:41
*** e0ne has joined #openstack-stable13:51
fungijhesketh: tonyb: fwiw, after playing around with the gerrit rest api a bunch, the ssh api is terribad by comparison. for a greenfield script i'd stick with using teh rest api for lookups and metadata/configuration. i only still use the ssh interface for git operations and the event stream14:08
fungiin theory git operations also work over https to gerrit now, i just haven't played around with it yet14:09
jheskethfungi: agreed14:09
fungiand if mtreinish and i have our way, authenticated ssh access to the event stream will also be a thing of the past (via the "firehose")14:10
jheskethfungi: so I think the script I hacked together today is ready to go fyi (well the abandon stuff is still cli but we've abandoned all the cahnges so it does nothing at the moment)14:10
jheskethfungi: are you suggesting then we'd turn off other ssh access?14:11
fungijhesketh: eventually maybe, not any time in the near future14:11
jheskethsure14:12
fungibut the bridge to mqtt mtreinish wrote will make it possible for people to consume the gerrit event stream over an anonymous protocol14:12
*** stevemar has joined #openstack-stable14:12
fungi(and eventually i'd expect to see us add other data sources into the firehose too)14:13
mtreinishfungi: unfortunately hp really doesn't know how to keep the power on for their clouds. So my germqtt demo is no longer running14:13
mtreinishso we can't point to that anymore14:13
fungimeh. i could probably spin one up for us, but not this week14:13
mtreinishjhesketh: https://review.openstack.org/32911514:14
mtreinishfungi: heh, as can I. It takes like 3 secs :)14:14
jheskethmight be something worth spinning up as an infra module14:14
jheskethoh there's a spec14:14
jheskethshiny14:14
fungijhesketh: yeah, that's the plan in the spec14:14
* jhesketh adds to review queue for tomorrow14:14
fungiincomplete spec. i owe mtreinish some sections for it still14:15
fungithe "plan" i refer to may not _yet_ be in that spec. i think it's one of the things i still need to flesh out14:15
mtreinishfungi: I didn't put anything in there for the zuul to consume mqtt side14:16
mtreinishwasn't sure that was really part of the spec or not14:16
fungiit's not part of this spec. it's an option for the future14:20
fungiwe can _mention_ in the spec that it would enable us to do things like that14:21
fungiand if it's easier for, say, people in china to get mqtt connections throug the great wall than it is ssh connections, i can imagine a new trigger type might show up as a patch for zuul pretty quickly14:22
fungiright now to run zuul behind the great wall, i gather you need a vpn tunnel (of questionable legality) to a rpoxy14:23
*** armax has quit IRC14:23
mtreinishyeah, especially if we enable it over a websocket on port 80 (which I think I put in that first draft) I can't imagine it would be worse for people in china14:23
*** amrith has quit IRC14:28
*** amrith has joined #openstack-stable14:28
*** takedakn has quit IRC14:57
*** zul_ has joined #openstack-stable15:13
*** zul has quit IRC15:17
*** e0ne has quit IRC15:25
*** e0ne has joined #openstack-stable15:26
*** e0ne has quit IRC15:34
*** pcaruana has quit IRC15:35
*** ihrachys has quit IRC15:58
-openstackstatus- NOTICE: Gerrit is being restarted now to apply an emergency security-related configuration change16:06
*** stevemar has quit IRC16:29
*** e0ne has joined #openstack-stable16:32
*** armax has joined #openstack-stable16:51
*** catintheroof has joined #openstack-stable16:53
*** e0ne has quit IRC17:02
*** ihrachys has joined #openstack-stable17:03
apevecdhellmann, fungi - firefox claims "releases.openstack.org uses an invalid security certificate"17:10
apevecit was fine few days ago iirc17:11
apevecor maybe I had exception?17:11
fungiapevec: try http. we don't have a cert for https://releases.openstack.org/ yet17:12
*** ihrachys_ has joined #openstack-stable17:13
apevecah, yes I was using http before :)17:13
apevecsorry for the noise17:13
apevecfungi, while at it, has infra considered using letsencrypt?17:14
apevecwe use it for rdoproject.org17:14
fungiapevec: i've seen far too few sites screw up certificate renewals for letsencrypt. maybe in a few years once it's matured17:14
fungier, far too many17:14
apevecthere are cron jobs :)17:15
fungiin the meantime i'm going to switch us to startssl, since we can get basically an unlimited number of certs and subjectaltnames for a reasonable flat rate17:15
fungiapevec: yep, cron jobs for that frighten me17:15
apevecold-school :)17:16
fungii want to retrieve the new cert, manually check that it has the correct parameters still, load it myself and confirm the services are still working17:16
fungiand i don't want to do that every 90 days17:16
*** ihrachys has quit IRC17:16
fungirelying on a cron job for that means the site is down when the letsencrypt renewal process breaks for some reason, and stays broken until someone with root access is around, informed and addresses it17:17
fungialso, letsencrypt rubs me the wrong way. mofo gave cacert.org the runaround for years, then put together a coalition with google and some cabforum members to do basically the same thing, except it's still not community-maintained17:18
fungialso, mofo's trust store policies/cabal rub me the wrong way in general. backroom deals and quid pro quo17:20
fungiwe still need to either get open process and community control over https or officially declare failure to actually secure http and look more seriously at alternatives17:21
fungiletsencrypt solves the easy problem and does nothing to address the hard issues17:21
*** mriedem has quit IRC17:25
*** mriedem has joined #openstack-stable17:28
*** ihrachys_ has quit IRC17:32
*** ihrachys has joined #openstack-stable17:33
*** stevemar has joined #openstack-stable17:36
*** pcaruana has joined #openstack-stable17:40
*** rcernin has quit IRC17:43
*** ihrachys has quit IRC17:46
*** armax has quit IRC17:53
*** Rockyg has joined #openstack-stable18:06
*** e0ne has joined #openstack-stable18:19
*** pcaruana has quit IRC18:22
*** catintheroof has quit IRC18:51
*** catintheroof has joined #openstack-stable18:51
*** mriedem1 has joined #openstack-stable18:58
*** mriedem has quit IRC18:59
*** mriedem1 is now known as mriedem19:00
*** zul_ has quit IRC19:01
*** zul has joined #openstack-stable19:02
*** ihrachys has joined #openstack-stable19:25
*** hachi-ju has joined #openstack-stable19:28
*** e0ne_ has joined #openstack-stable19:28
*** e0ne_ has quit IRC19:28
*** arif-ali has quit IRC19:29
*** number80 has quit IRC19:29
*** hachi-ju has quit IRC19:29
*** e0ne has quit IRC19:30
*** number80 has joined #openstack-stable19:30
*** tonyb has quit IRC19:31
*** tonyb has joined #openstack-stable19:32
*** arif-ali has joined #openstack-stable19:35
*** dtantsur is now known as dtantsur|afk19:51
*** ihrachys has quit IRC20:04
*** rcernin has joined #openstack-stable20:12
*** eharney has quit IRC21:07
*** armax has joined #openstack-stable21:10
*** rcernin has quit IRC21:41
*** clayton has quit IRC21:46
*** stevemar has quit IRC21:47
*** clayton has joined #openstack-stable21:47
*** catintheroof has quit IRC21:51
*** Rockyg has quit IRC21:55
*** mriedem has quit IRC22:03
*** apevec has quit IRC22:34
*** armax has quit IRC22:50
*** stevemar has joined #openstack-stable23:07
*** stevemar has quit IRC23:12
*** stevemar has joined #openstack-stable23:18
« Monday, 2016-06-20 Index Wednesday, 2016-06-22 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!