Wednesday, 2017-03-29

« Tuesday, 2017-03-28 Index Thursday, 2017-03-30 »
SpamapSok.. it's something with the way I'm loading yaml00:00
SpamapSprobably metaclass problems00:01
SpamapSnot the c loader itself00:01
clarkbas an aside reading this it looks like fromYaml is not actually fromYaml?00:01
clarkbits operating on things already deserialized so they are native python objects00:02
openstackgerritPaul Belanger proposed openstack-infra/nodepool feature/zuulv3: Move assertReportedStat to test_node to avoid race  https://review.openstack.org/45111900:02
clarkbSpamapS: an ya guessing you just want to set the loader to C loader at line 870 in configloader.py00:05
clarkband then against for safe_load_yaml00:05
openstackgerritPaul Belanger proposed openstack-infra/nodepool feature/zuulv3: Rename nodepoold to nodepool-launcher  https://review.openstack.org/45087700:06
openstackgerritPaul Belanger proposed openstack-infra/nodepool feature/zuulv3: Force os-client-config to use ipv4  https://review.openstack.org/45098300:06
clarkbSpamapS: I think its breaking in the super call at 9600:08
clarkbsince that expects SafeLoader to be around but its been monkey patched out?00:09
clarkbbut now time for yard work00:09
*** herlo has quit IRC00:41
*** jamielennox is now known as jamielennox|away01:02
*** jamielennox|away is now known as jamielennox01:16
*** nibalizer has quit IRC03:15
*** nibalizer has joined #zuul03:16
*** jeblair has quit IRC03:24
*** jeblair has joined #zuul03:25
*** gundalow_ has joined #zuul05:07
*** gundalow has quit IRC05:07
*** jamielennox is now known as jamielennox|away06:10
*** isaacb has joined #zuul06:24
*** jamielennox|away is now known as jamielennox06:25
*** gundalow_ is now known as gundalow06:30
*** jamielennox is now known as jamielennox|away06:50
*** jamielennox|away is now known as jamielennox06:57
openstackgerritJoshua Hesketh proposed openstack-infra/nodepool feature/zuulv3: Fix test_leaked_node_not_deleted for v3  https://review.openstack.org/44937507:06
openstackgerritJoshua Hesketh proposed openstack-infra/nodepool feature/zuulv3: I948f9f69ad911778fabb1c498aebd23acce8c89c  https://review.openstack.org/45121407:06
openstackgerritJoshua Hesketh proposed openstack-infra/nodepool feature/zuulv3: Fix test_leaked_node_not_deleted for v3  https://review.openstack.org/44937507:11
openstackgerritJoshua Hesketh proposed openstack-infra/nodepool feature/zuulv3: Merge branch 'master' into feature/zuulv3  https://review.openstack.org/44532507:12
*** hashar has joined #zuul07:41
*** jamielennox is now known as jamielennox|away08:17
openstackgerritClint 'SpamapS' Byrum proposed openstack-infra/zuul feature/zuulv3: Use libyaml if possible  https://review.openstack.org/45111308:25
SpamapSclarkb: FYI, the problem was actually that the C loader variants produce a different "Mark" class.08:26
*** rcarrillocruz has joined #zuul08:52
tobiash_is there a reason behind that on zuul tests the expected and to check values are exchanged for self.assertEqual?11:28
tobiash_signature of assertEqual is assertEqual(expected, observed,...)11:28
tobiash_usage is e.g. assertEqual(A.reported, 0)11:29
openstackgerritJoshua Hesketh proposed openstack-infra/nodepool feature/zuulv3: Fix test_leaked_node_not_deleted for v3  https://review.openstack.org/44937511:33
openstackgerritJoshua Hesketh proposed openstack-infra/nodepool feature/zuulv3: Merge branch 'master' into feature/zuulv3  https://review.openstack.org/44532511:33
pabelangerShrews: jeblair: mordred: https://review.openstack.org/#/q/topic:nodepool-dsvm gets our dsvm jobs voting again for nodepool.11:37
Shrewspabelanger: 451119 doesn't make sense to me.12:06
Shrewsthe nodes in test_node_assignment have to be online for the request to be fulfilled12:07
pabelangerShrews: the difference I saw, is we didn't call self.waitForNodes() which seems to be the way we ensure nodes are online for tests12:09
ShrewswaitForNodeRequest() and then validating it is FULFILLED does the same thing (in a round about way).12:10
Shrewsbecause it can't be fulfilled until ready nodes have been assigned to the request12:11
Shrewsthe 'for node_id in req.nodes:' loop validates that12:11
Shrewspabelanger: do you have an example failure I could look at?12:12
pabelangerfrom what I seen, I don't think updateNodeStats() was getting called12:12
pabelangersure12:12
pabelanger1 sec12:12
pabelangerhttp://logs.openstack.org/83/450983/2/check/nodepool-coverage-ubuntu-xenial/2aceb27/console.html12:13
pabelangermaybe stopping to fast, before stats are added to statsd?12:18
Shrewshrm, gonna need more coffee for this one12:24
Shrewspabelanger: ok, there are a couple of bugs here i think. one is in the stats fixture, the other in the actual test12:42
pabelangerShrews: oh, cool. Yay for bug finding12:47
Shrewsi think i found one while sleeping last night. have yet to look at that one  :)12:47
Shrewspabelanger: so... ok, no bug in the statsd fixture (just working in a weird way), but that assert causing the failure is not always true in that one test because 2 nodes are actually being created.12:55
Shrewspabelanger: if both nodes are ready when updateNodeStats is first called, it will never record a 1 value for nodepool.nodes.ready, but a 2. so the test will timeout and report that misleading error12:56
Shrewspabelanger: so i think your fix is actually ok, but the commit message is wrong12:57
pabelangerShrews: okay, let me see if I can capture the issue.12:59
Shrewspabelanger: alternatively, you can leave the asserts where they're at and change the '1' to a '2'13:05
Shrewsbut i wonder if even that might be somewhat racey depending on when the delete thread runs13:06
openstackgerritJoshua Hesketh proposed openstack-infra/nodepool feature/zuulv3: Fix test_leaked_node_not_deleted for v3  https://review.openstack.org/44937513:08
openstackgerritJoshua Hesketh proposed openstack-infra/nodepool feature/zuulv3: Merge branch 'master' into feature/zuulv3  https://review.openstack.org/44532513:08
openstackgerritJoshua Hesketh proposed openstack-infra/nodepool feature/zuulv3: Fix test_leaked_node_not_deleted for v3  https://review.openstack.org/44937513:09
openstackgerritJoshua Hesketh proposed openstack-infra/nodepool feature/zuulv3: Merge branch 'master' into feature/zuulv3  https://review.openstack.org/44532513:09
Shrewspabelanger: oh! the _better_ fix for this is to put waitForNodes before the request creation. the only reason 2 node would be created if the 1st wasnt' ready when the request is handled13:11
Shrews(i think my coffee is starting to kick in  \o/)13:13
pabelangerShrews: okay, let me do that13:13
pabelangerand test13:13
Shrewsi confirmed that eliminates the problem for me locally13:16
openstackgerritPaul Belanger proposed openstack-infra/nodepool feature/zuulv3: Add waitForNodes() for test_node_assignment  https://review.openstack.org/45111913:21
openstackgerritPaul Belanger proposed openstack-infra/nodepool feature/zuulv3: Rename nodepoold to nodepool-launcher  https://review.openstack.org/45087713:21
openstackgerritPaul Belanger proposed openstack-infra/nodepool feature/zuulv3: Force os-client-config to use ipv4  https://review.openstack.org/45098313:21
Shrewspabelanger: yeah, that should do it. though pep8 may not like you using 'nodes' somewhere. maybe assertEqual(len(nodes), 1) after?13:22
Shrewsnot* using 'nodes'13:23
pabelangerShrews: right13:26
pabelangercopy pasta13:26
openstackgerritPaul Belanger proposed openstack-infra/nodepool feature/zuulv3: Add waitForNodes() for test_node_assignment  https://review.openstack.org/45111913:29
openstackgerritPaul Belanger proposed openstack-infra/nodepool feature/zuulv3: Rename nodepoold to nodepool-launcher  https://review.openstack.org/45087713:29
openstackgerritPaul Belanger proposed openstack-infra/nodepool feature/zuulv3: Force os-client-config to use ipv4  https://review.openstack.org/45098313:29
*** dmsimard is now known as dmsimard|afk13:39
*** dkranz has joined #zuul14:13
openstackgerritTobias Henkel proposed openstack-infra/zuul feature/zuulv3: Use unicode for change number extraction  https://review.openstack.org/45070414:15
openstackgerritTobias Henkel proposed openstack-infra/zuul feature/zuulv3: Move dependency cycle detection into pipelines  https://review.openstack.org/45142314:15
pabelangerOdd, we are doing ipv4 again14:21
pabelangerwithout force_ipv4 patch14:21
pabelangermust depend on the cloud we running the job on14:21
jeblairjlk: the semaphore isn't part of the secrets series, but conflicts with it, so it's stacked on top of it.14:44
jeblairtobiash_: the reason they are swapped is that i can't remember what order they are supposed to be in.  also, in mathematics, "equals" means things on either side of the equality operator are the same -- it never made sense to me that one side would be more equal than the other.  at any rate, feel free to use it correctly in new code, or fix existing usage if you are already modifying a test.  but please don't write a patch that only fixes them; ...14:47
jeblair... at this point, that's probably not worth your time to write or our time to review.  :)14:47
mordredjeblair: I can never remember their order either ...14:48
jeblairmordred: also, i always make symlinks backwards, then rm them and make them the other way.14:50
mordredjeblair: me too14:50
mordredjeblair: no matter how hard I think about it14:50
jeblairmordred: the harder you think about it, the more backwards they end up?14:51
mordredyup14:55
*** isaacb has quit IRC14:56
openstackgerritMonty Taylor proposed openstack-infra/nodepool feature/zuulv3: Fetch list of AZs from nova if it's not configured  https://review.openstack.org/45034515:04
mordredShrews: okie- I think that is good now ^^15:04
*** dmsimard|afk is now known as dmsimard15:11
*** isaacb has joined #zuul15:13
*** herlo has joined #zuul15:39
eggshellanyone in here have opinions on https://storyboard.openstack.org/#!/story/2000878 ?15:49
openstackgerritMerged openstack-infra/nodepool feature/zuulv3: Rename nodepoold to nodepool-launcher  https://review.openstack.org/45087715:50
mordredeggshell: I'm sure we all have opinions - but they may or may not be _good_ opinions15:52
jeblairmordred: left comments on 45034515:52
mordredoh - that one15:52
mordredjeblair: I'm excited about that15:52
openstackgerritMonty Taylor proposed openstack-infra/nodepool feature/zuulv3: Add ability to select flavor by name or id  https://review.openstack.org/44978415:53
mordredjeblair: btw - I tried that voluptuous thing you showed me - and it does not work for me15:53
mordredjeblair: the nice part is that the test totally blows up - so that's good15:53
jeblairmordred: bummer15:53
mordredjeblair: I mean - I was not 100% sure how to apply your example into the nodepool/config structure though15:53
jeblairmordred: we can always fall back to just doing an if statement after schema validation.15:54
mordredso it's 100% possible I just made a silly error15:54
jeblaireggshell: my first thoughts are "let's not go down the docker container path"15:54
mordredjeblair: (since your example was with nested schemas, but in config.py we have nested dicts that we pass to a single schema - so I took my best shot15:54
mordred++15:54
jeblairmordred: i can take a look at it in a minute and see if there's something that jumps out at me15:54
* mordred likes the multi-node integration test option15:55
eggshelljeblair: thought that might be the case, and agree.15:55
mordredsince that gets us both testing of the action plugins _and_ testing of multi-node jobs in a real way15:55
jeblaireggshell, mordred: yeah, i think multi-node sounds good.  we don't have a way of attaching a static node to zuul right now though...15:55
mordredjeblair: do we need a static node?15:55
jeblairwell, we need a node15:55
jeblairand i'm not super keen on having this depend on devstack15:56
mordredgolly no15:56
mordredoh15:57
mordredok - I was asking the questions in more detail and as a result of typing I now understand the issue15:57
mordredjeblair: maybe we should just made test-action-plugins blocked on support-static-node ?15:58
clarkbcould you preseed zookeeper with a record that says node (self on external IP) belongs to test box?15:59
jeblairpart of me thinks "maybe we can do this as a functional test and put 127.0.0.1 (maybe aliased) in the inventory" but i think that's sort of "begging the question" as far as testing goes.  since this is really designed to make sure we don't have any holes there, and that would greatly alter the very thing we're trying to test, yeah?15:59
jeblairwhich is why the "static node" idea is there, right?15:59
mordredyah15:59
jeblairclarkb: i think that could work.  it'd be a small throwaway utility.  i guess the question is: is it worth it to write that now, or defer till we have nodepool static nodes as mordred suggests?16:00
eggshellI was under the impression that testing the plugins locally was a no-go.16:00
mordredyah - testing them locally is a no-go16:00
jeblaireggshell: yeah, i think that's the case.  i'm mostly just refreshing my memory as to why.  :)16:01
eggshelljeblair: cool, just wanna make sure I'm on the same page.16:01
openstackgerritPaul Belanger proposed openstack-infra/nodepool feature/zuulv3: Set socket timeout for SSH keyscan  https://review.openstack.org/45147016:02
jeblairclarkb: similarly -- we could run these in a zuul functional test environment with a modified version of zuul's fake nodepool which returns the static node.16:03
openstackgerritMonty Taylor proposed openstack-infra/nodepool feature/zuulv3: Fetch list of AZs from nova if it's not configured  https://review.openstack.org/45034516:04
jeblaireggshell: so i think we've got 3 options for the multi-node job approach: 1) defer until zuul and/or nodepool support static nodes.  2) run with nodepool in fake mode but pre-seed the zookeeper data structure with the static node's info.  3) use zuul's fake nodepool and have it return the static node.16:08
pabelangerjeblair: clarkb: do you mind adding https://review.openstack.org/#/c/449938 to your review queue? I'd like to add debian images to our dsvm-nodepool jobs, currently experimental for glean / diskimage-buidler. To increase coverage. Also need to help debug glean on debian failures I am working on16:10
*** isaacb has quit IRC16:12
*** dmsimard is now known as dmsimard|afk16:13
*** hashar has quit IRC16:18
eggshelljeblair: 3) seems like the best approach today imo. Not sure what the time cost is on waiting for 1)16:20
jeblairpabelanger: done16:20
pabelangerjeblair: ty16:20
jeblaireggshell: i think static node support is not a very high priority task right now, so i agree, 3 is probably simplest.16:21
SpamapStobiash_: unfortunately, the testtools authors messed that one up, and they're reversed from unittest216:23
SpamapSI wonder if we should see if we can create a testtools2 that fixes that.16:23
jlkgood morning you grand Zuuleans!16:24
jlkZuulmans?16:24
SpamapSZuulites16:24
jlkZuulanders?16:24
SpamapSZuulanians!16:25
jlkZuuliacs16:25
SpamapSclarkb: So I believe the yaml changes have an overall positive effect on test suite runtime. On my machine it went from 9 minutes to 8 minutes (sample size 2 without yaml change, 2 with)16:31
*** rcarrill1 has joined #zuul16:35
*** rcarrillocruz has quit IRC16:36
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add canonical hostname to source object  https://review.openstack.org/45111016:39
mordredSpamapS: that's about a 12.5% impact!16:54
SpamapSmordred: we parse yaml a lot.16:56
mordredSpamapS: bah16:56
SpamapSIt's pretty annoying that PyYAML doesn't a) just do this. and b) use the same yaml.error.Mark for marks in the C versions.16:56
mordredSpamapS: yah16:56
SpamapSI want to poke at rtyaml to see if maybe it does either of those things16:56
SpamapSif not.. I feel a pypi library coming on.16:56
SpamapSfastyaml?16:57
mordredI think it does - I like pretty much everything I read about rtyaml - except for his usage of ~ instead of null16:57
SpamapSmordred: yeah that is bonghits16:57
mordredlike - it also uses OrderedDict by default16:57
SpamapS~ is totally not more obvious as null than... null.16:57
mordredbut - honestly, if it does all the other things well - I can learn to grok ~ as null16:57
SpamapSwell also we don't dump yaml all that much16:58
mordredSpamapS: oh - although - it seems like rtyaml might have a hard-depend on libyaml - rather than trying and faling back gracefully16:59
mordred"16:59
mordredWrites unicode strings without any weird YAML tag. They just appear as strings. Output is UTF-8 encoded, and non-ASCII characters appear as Unicode without escaping."16:59
mordredis one of my favorite defaults he does - if we make a fastyaml - I think we should also do that :)16:59
mordredand "Writes multi-line strings in block mode rather than quoted with embedded ā€œnā€œā€˜s, choosing between the literal or folded mode depending on what looks better for the length of the lines in the string."17:00
SpamapSYeah17:00
mordredSpamapS: k - no. it does to graceful fallback - although it doesn't seem to do anything with Mark17:01
SpamapSanother idea17:01
SpamapScan we talk to PyYAML?17:01
SpamapSmordred: yeah not doing things with Mark is pretty unsurprising.. that was a very complicated issue and it's really a shame PyYAML does it the way they've done it.17:01
SpamapSMy guess is that any time a groundswell of activity happens around this, people realize they shouldn't be parsing yaml in any performance critical path and switch to msgpack or something17:02
mordredyah. this is also I think at the root of why the pip folks decided to use that thing that isn't yaml but that i do not mention17:02
mordredSpamapS: I imagine talking to pyyaml would be weird since our suggestion is "could you please change your default behavior"17:03
jlk"Have you tried just NOT being slow?"17:04
mordredSpamapS: we could probably send rtyaml a PR adding Mark support17:04
SpamapSmordred: the public domain grant is problematic17:05
mordredis it? whyso?17:05
SpamapSOh, no it's not.. it's actually the proper CC017:06
SpamapSon the pypi page it just says public domain grant17:06
SpamapSbut CC0 is actually something i can work with ;)17:06
mordred++17:06
mordredSpamapS: yah - I _think_ you'd just need to make a 3-line PR to rtyaml17:06
* SpamapS forks17:07
mordredSpamapS: oh - it's public domain because it's part of a project "A shared commons of data and tools for the United States. Made by the public, used by the public.17:07
mordred"17:07
mordredwith a bunch of repos with info about congress and the states and whatnot17:07
SpamapSyeah that's pretty amazing17:07
SpamapShad no idea that existed17:08
SpamapSmordred: https://github.com/unitedstates/rtyaml/pull/1 <-- that 3 line patch?17:15
jeblairSpamapS: your pr, um, has a reply...17:22
jeblairlmgtfy17:24
jlkWhat's a Mark?17:24
jlkCan we get somebody named Mark to reply?17:24
SpamapSjeblair: RIGHT?17:24
jeblaircan we get *lots* of people named Mark to reply?17:24
SpamapSPerhaps a significant percentage of the Mark's could reply17:24
SpamapShrm17:25
SpamapSworking on a patch to use rtyaml17:25
SpamapSsomething's not working right17:25
* SpamapS notes there's not much hair left on this yak17:25
jlkMark's not pulling his weight.17:25
jlkGET WITH THE PROGRAM, MARK!17:25
jeblairnow i know what "Great question!" means when SpamapS says it17:28
pabelangerwe are adding a dependency on rtyaml?17:28
SpamapSjeblair: }:)17:28
SpamapSpabelanger: I'm just playing with it17:28
pabelangerk, that was mostly a packaging question17:29
SpamapSIts a 154 line python module with a CC0 license. Pretty sure we can get that packaged. ;)17:31
SpamapSheck, I'd be willing to vendor it17:32
SpamapShm, OrderedDict seems to be confusing configloader17:32
mordredfascinating17:32
mordredjeblair: reviewed the secrets stack - it all looks great - there's one set of things on patch 2 - then a few different nits that folks have pointed out on up the stack on +2'd patches (so scanning for commnents even though the stack is mostly green is worth doing)17:34
jeblairmordred: cool thanks!  i just replied to comments on the first patch and am revising it now.17:36
mordredjeblair: oh - actually - I made a comment on like, patch 6 or 7 that might be more relevant to patch 1 while you're on it17:39
mordredjeblair: do we need to add libssl or libssl-dev or anything like that to bindep?17:40
clarkbmordred: its probably already there for paramiko?17:40
clarkbwhich ansible pulls in17:40
mordredparamiko does not declare bindep depends17:41
jeblairmordred: https://cryptography.io/en/latest/installation/#building-cryptography-on-linux  ?17:42
clarkbmordred: no but wouldn't zuul need to have a bindep entry already bceause ansible?17:42
mordredclarkb: we might just be getting lucky? also - we don't use the paramiko codepaths in ansible17:43
mordredjeblair: yah - so that says to me that we should put libssl-dev libffi-dev and python-dev in bindep.txt17:43
clarkbmordred: right but it will still install them iirc17:43
clarkbI ran into this with ansible in d-g17:43
clarkbwe even had to pin paramiko even though we don't use it17:44
mordredsure. I'm just saying that with a depend on cryptography, zuul has a depend on some non-python packages being present, which is what bindep is there to communicate and to ensure are there before python installs happen17:44
SpamapSagggh.. no.. the thing that's getting me is rtyaml doesn't play nice with ZuulSafeLoader's construct_mapping17:45
clarkbmordred: yes, I am agreeing and saying I figured they would already be there because of ansible17:45
mordredclarkb: gotcha. nod17:45
clarkbmordred: because zuul -> ansible -> paramiko -> cryptography17:45
SpamapSYAK DEAD17:46
mordredSpamapS: you get all the day to the skin and decide to just keep the small file in zuul?17:46
jeblairso long Mark17:46
SpamapSMark failed me17:46
SpamapSas usual17:46
mordredHI MARK17:46
SpamapSthere's likely a way to make it work17:46
SpamapSbut I don't care enough anymore17:47
* SpamapS back to real tasks17:47
mordredclarkb: do we have libssl-dev and libffi-dev on our wheel build host? so we're not seeing the issue in the gate because we're installing from pre-built wheels?17:47
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add per-repo public and private keys  https://review.openstack.org/40638217:47
clarkbmordred: oh that could very well be17:47
jeblairmordred, clarkb, SpamapS, jhesketh, jlk: ^ that addresses the comments and adds bindep stuffs.17:48
jlkcoolios17:51
mordredjeblair: woot!17:51
openstackgerritMonty Taylor proposed openstack-infra/zuul feature/zuulv3: Mark bindep depends for dpkg and add rpm versions  https://review.openstack.org/45149917:52
mordredjeblair: that's a follow up to add the equiv lines for the RHs17:52
jeblairmordred: oh i thought there was automagic?17:52
jeblairmaybe that needs more words...17:53
jeblairi thought bindep did some kind of translation for equivalent package names (like for the -dev / -devel thing)?17:54
mordredjeblair: nope, it does not - it allows you to specify both17:55
mordredjeblair: diskimage-builder has a tool that keeps package name mappings, and the experience of trying to deal with that I believe led to making bindep not try to do the same - instead one just annotates depends as needed17:56
clarkbfwiw I far prefer dibs thing to bindep17:56
clarkbbut bindep is more straightforward for the simple case17:57
mordredI have actually grown to prefer bindep's approach - although I preferred the dib approach originally17:57
clarkbI like how the dib thing is a tree17:57
mordredI like that the file can be read by humans from any of the distros and they can understand what it means for them - withouth having to make rh people read ubuntu names or vice-versa17:57
clarkbits easier to understand how the names all fit into the linux galaxy17:57
mordredyah - that part is nice17:58
jlkI really really don't miss being a distro developer17:58
clarkbbut ya teh tree is only necessary when you have complicated cases were fedora and centos and ubuntu and debian are all different17:59
mordredclarkb: yup18:00
mordredjlk: and nope18:00
mordredjlk: I love how much time and energy I put into trying to become a debian developer, except I did it at the wrong time or something, because after 2-3 years I still couldn't get signed off on, even though my packages were all _PERFECT_18:01
jlkoh yeah, doing it as a hobby is the worst.18:02
jlkbeing paid to do it was also bad, because you can't just walk away when things get stupid shitty18:02
clarkbthis is actually why I've stuck with tumbleweed. I file bugs, they get responded to quickly and then fixed18:03
mordredjeblair: don't know if you saw - but there's a unittest failure on patch one - likely want to get it before rebasing the rest of the stack18:07
openstackgerritMonty Taylor proposed openstack-infra/nodepool feature/zuulv3: Fetch list of AZs from nova if it's not configured  https://review.openstack.org/45034518:09
mordredmaybe it'll work this time. running the unittests locally before pushing gives me more confidence in that18:10
jeblairmordred: thanks.  okay if i squash your bindep patch into it?18:15
mordredjeblair: please do!18:15
mordredjeblair: (although to be fair, my stackalytics numbers are much lower than usual, so maybe I shouldn't be so quick to give away patches :) )18:15
pabelangermordred: clarkb: do you mind +3 on https://review.openstack.org/#/c/449938/18:19
mordredpabelanger: done18:20
pabelangerdanke18:20
openstackgerritMerged openstack-infra/nodepool master: Add debian-jessie DIB for dsvm testing  https://review.openstack.org/44993818:23
pabelangermordred: clarkb: do you mind https://review.openstack.org/#/c/451383/ too. I thought it was merged this morning18:32
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add secret top-level config object  https://review.openstack.org/44615618:38
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add per-repo public and private keys  https://review.openstack.org/40638218:38
clarkbpabelanger: done18:44
*** hashar has joined #zuul19:02
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Decrypt secrets and plumb to Ansible  https://review.openstack.org/44668819:06
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add 'allow-secrets' pipeline attribute  https://review.openstack.org/44713819:06
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Isolate encryption-related methods  https://review.openstack.org/44708719:06
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Augment references of pkcs1 with oaep  https://review.openstack.org/44708819:06
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Associate secrets with jobs  https://review.openstack.org/44668719:06
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add support for job allowed-projects  https://review.openstack.org/44713419:06
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Serve public keys through webapp  https://review.openstack.org/44675619:06
mordredjeblair: woot19:08
mordredjeblair: (although you have angered the pep8 gods)19:08
jeblairugh19:11
jeblairi think i'll let those settle out over lunch then do another cleanup pass19:11
mordredjeblair: ++19:14
mordredjeblair: anger of the gods notwithstanding, the stack seems like it's in great shape19:14
SpamapSjeblair: your favorite sandwich shop, Jersey Mike's, is donating 100% of its proceeds to Operation Gratitude today btw... FYI.19:25
jlkinterestig19:25
mordredSpamapS: that makes me fell bad for not having eaten there today19:25
mordredSpamapS: but there is not one within walking distance of my house19:25
SpamapSYeah I have one a block away. :)19:25
jlkI think we have some of those around here.19:25
SpamapSyeah I've seen one in Seattle19:26
SpamapSin fact I think that's where I learned it's jeblair's favorite sandwich shop ;)19:26
mordredShrews: yay my nodepool patch actually passes tests!!!19:28
Shrewsmordred: right?19:30
*** openstackgerrit has quit IRC19:33
*** jamielennox|away is now known as jamielennox19:33
*** openstackgerrit has joined #zuul19:44
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Decrypt secrets and plumb to Ansible  https://review.openstack.org/44668819:44
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add 'allow-secrets' pipeline attribute  https://review.openstack.org/44713819:45
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Isolate encryption-related methods  https://review.openstack.org/44708719:45
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add secret top-level config object  https://review.openstack.org/44615619:45
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Augment references of pkcs1 with oaep  https://review.openstack.org/44708819:45
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Associate secrets with jobs  https://review.openstack.org/44668719:45
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add support for job allowed-projects  https://review.openstack.org/44713419:45
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add per-repo public and private keys  https://review.openstack.org/40638219:45
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Serve public keys through webapp  https://review.openstack.org/44675619:45
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add canonical hostname to source object  https://review.openstack.org/45111019:52
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add canonical hostname to source object  https://review.openstack.org/45111019:55
*** dkranz has quit IRC19:56
mordredjeblair: so - https://review.openstack.org/#/c/449784/ is up and only fails the new test it added - so that's good!19:57
jeblairmordred: yay!19:57
jeblairmordred: what do you think of the interaction with flavor-name and name-filter?19:58
jeblairmordred: they do different things, but it feels weird having two name related things...19:58
mordredjeblair: I dunno - that doesn't bother me too much - do you think we should do something different with them?20:01
mordredjeblair: like, I mean we could just skip the name-filter and have min-ram and name and if min-ram isn't specific enough for you, just use name?20:02
mordredjeblair: or maybe combining them isn't terrible - if only name: name must match. if min-ram and name, we'll first grab matching min-rams and then we'll filter those by if name in flavor.name20:04
* mordred is clearly just thinking out loud20:04
jeblairmordred: well, i think if we did that, we would have to switch to name (since rax has so many flavors).  personally, i'd be okay with dropping min-ram and name-filter and only using flavor name (or id).  but other folks on the team thought the min-ram approach was good.  so i wonder about going fully in the direction of filtering: keep min-ram and name-filter, don't add flavor-name, but instead make min-ram optional.  then use each of min-ram ...20:05
jeblair... and name-filter to reduce the candidate flavor set and bail if it's > 1.20:05
jeblairmordred: sorry, it took me a long time to type that; it refers to your "skip name-filter" suggestion :)20:05
jeblairmordred: i think the thing i just said is a sort of general approach which lets us add filters in the future (disk? network?) without things being too confusing...20:06
mordredjeblair: I guess my concern is that for folks who just want to specify by name, doing that by putting the value ina field called "name-filter" when there are no other criteria feels weird20:06
jeblairmordred: yeah, could just rename it "name"20:06
mordredk. lemme noodle on those real quick ...20:07
jeblairmordred: so then it's "name: Rackspace 8GB Performance Flavor Esquire" if you want the full name.  or "name: Performance; ram: 8096" if you want what we do now...20:07
mordredyah20:08
jeblair(i mean, that's hiding complexity, but it's hiding it in a way that is likely to make users accidentally do the "safe" thing and specify the full name)20:09
jeblairmordred: meanwhile, i spotted the error and left a comment20:11
mordredjeblair: wow.20:12
jeblairmordred: (also, your second suggestion is very similar in spirit to my suggestion, i think)20:13
mordredyes - I think we pretty much came to the same thing :)20:14
jesusaur /buffer 3820:35
SpamapSonly 38? amateur.20:46
* rcarrill1 excited to see https://review.openstack.org/#/c/406382/ close to land20:47
rcarrill1sucks i got sucked on Ansible 2.3 and had to hand it off20:48
rcarrill1thx a bunch jeblair20:48
* rcarrill1 goes back to cisco and network gear madness PRs20:49
*** rcarrill1 is now known as rcarrillocruz20:49
*** hashar has quit IRC21:27
jesusaurSpamapS: that could just as easily have been a /buffer 83; but anything over 100 triggers my channel garbage collector21:44
jheskethMorning21:44
*** jamielennox is now known as jamielennox|away22:09
*** jamielennox|away is now known as jamielennox22:12
eggshellSpamapS: you around?22:27
SpamapSeggshell: back now. Wassup?23:00
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add source to projects  https://review.openstack.org/45159623:03
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add a project index to Tenant  https://review.openstack.org/45159723:03
jeblairjhesketh, mordred, SpamapS, jkl, fungi: i have either respended to or addressed all of the comments on the secrets stack (thanks!), and it is passing tests, so is ready for re-review.23:06
jheskethjeblair: neat. Will do so today :-)23:06
fungithanks, it's (finally!) on my agenda for this evening23:07
eggshellSpamapS: trying to get some info on how zuul creates a fake nodepool during testing.23:15
SpamapSjeblair: ty, will dive back in23:16
SpamapSeggshell: hm23:20
SpamapSeggshell: did you find tests/base.py:FakeNodepool yet?23:22
* eggshell looks23:24
eggshellfacepalm. wasn't on feature/zuulv323:25
eggshellalright, I should be able to read and play around some. thanks23:25
SpamapSeggshell: I did that last week.. cost me a good 4 hours23:30
SpamapSmaster is just muscle-memoried in23:30
SpamapShave to start calling master branches random nouns to break that habit23:31
clarkbSpamapS: I found https://blog.jessfraz.com/post/getting-towards-real-sandbox-containers/ re sandbox containers23:34
clarkband it points at bubblewrap23:34
clarkbso there is that23:34
SpamapSIndeed, I'm sold on bubblewrap23:35
SpamapSthe USER_NS stuff... not as much.. but the approach I like.23:35
SpamapSjust that USER_NS is really new23:35
clarkbbut there is also subgraph23:35
SpamapSsubgraph I had not looked at23:37
SpamapSBut their front page graphic is _amazing_23:37
clarkbbut another point (right at the end) is that at least 11 months ago the author did not feel you could get a proper sandbox23:38
SpamapSI just realized the security spec I wrote doesn't even talk about Seccomp23:39
SpamapSbut bubblewrap facilitates it, and we should probably use it.23:39
SpamapSclarkb: right, I'm still of the mind to use bubblewrap via setuid23:42
SpamapSotherwise we'll have to have a special kernel on kexecutors23:42
« Tuesday, 2017-03-28 Index Thursday, 2017-03-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!