Thursday, 2017-08-24

« Wednesday, 2017-08-23 Index Friday, 2017-08-25 »
jeblairi don't know, but this is getting complicated and i'd like to defer it to now+13 days00:01
pabelangerya, thats what I planned on doing00:02
pabelangerhack up something at PTG after all the other stuff was done00:02
dmsimardjeblair: oh, I got something now that I hardcoded the role name: http://logs.openstack.org/52/496952/8/check/role-integration-emit-ara-html/fbb43ad/job-output.txt.gz#_2017-08-23_23_47_09_80726400:18
dmsimardI guess ara is installed outside the bubblewrap or something like that ?00:18
dmsimardOr no, wait, that job is running on a node, not an executor00:18
dmsimardYeah, I don't see how we can test the roles in the base job unless the base job picks them up from a review. For example, ara is installed (and the database) is on the executor, not on the nodepool VM.01:01
dmsimardSo when trying to do a job that tests emit-ara-html, ara isn't installed there and the database isn't there either.01:02
openstackgerritDavid Moreau Simard proposed openstack-infra/zuul-jobs master: WIP: Add a job to test emit-ara-html  https://review.openstack.org/49695201:03
openstackgerritDavid Moreau Simard proposed openstack-infra/zuul-jobs master: WIP: Add a job to test emit-ara-html  https://review.openstack.org/49695201:04
openstackgerritDavid Moreau Simard proposed openstack-infra/zuul-jobs master: WIP: Add a job to test emit-ara-html  https://review.openstack.org/49695201:05
dmsimardI tried in those attempts ^ to take out the "nodes" parameter so that it would run on the executor ? But I can't find a way to make it work.01:06
openstackgerritPaul Belanger proposed openstack-infra/zuul-jobs master: WIP: Add test-role-ensure-twine job  https://review.openstack.org/49699403:15
openstackgerritPaul Belanger proposed openstack-infra/zuul-jobs master: WIP: Add test-role-ensure-twine job  https://review.openstack.org/49699403:23
openstackgerritPaul Belanger proposed openstack-infra/zuul-jobs master: WIP: Add test-role-ensure-twine job  https://review.openstack.org/49699403:25
*** bhavik1 has joined #zuul05:03
*** bhavik1 has quit IRC05:51
*** smyers has quit IRC09:03
*** smyers has joined #zuul09:15
*** jkilpatr has quit IRC10:39
*** xinliang has quit IRC10:44
*** xinliang has joined #zuul10:57
*** xinliang has quit IRC10:57
*** xinliang has joined #zuul10:57
*** jkilpatr has joined #zuul11:13
mordreddmsimard: that's good - we've spent a lot of effort to prevent you from doing that :)12:54
*** dkranz has joined #zuul12:57
mordreddmsimard: ultimately the thing we need (which is why it's gonna wind up being a post-PTG task) is a 2-node job that sets the things up on node one, then runs ansible-playbook on one node pointed at the other node and checks the results of having done so12:57
*** amoralej is now known as amoralej|lunch13:05
openstackgerritMonty Taylor proposed openstack-infra/zuul feature/zuulv3: Document list of configuration items for include/exclude  https://review.openstack.org/49692813:08
*** amoralej|lunch is now known as amoralej13:43
pabelangerdmsimard: mordred: my dirty hack for testing roles, see 49699414:59
mordredpabelanger: yah- that's largely the thing- needs to run on the remote node :)15:03
mordredpabelanger: although venv and that role don't seem super happy15:04
*** bhavik1 has joined #zuul15:18
Shrewsi so love it when adding debug logging statements solves the problem you were trying to hunt down15:18
jeblairShrews: better than comments15:33
jeblairturbo c++ 4ever15:35
pabelangermordred: ya, pip install --user foo doesn't work well inside virtualenv15:36
pabelangerjeblair: mordred: I pushed up a patch last night to https://review.openstack.org/496428/ to reduce the number of post-run playbooks. Do you mind reviewing again? I'd like to try gpg signing for wheels / tarballs for testpypi15:37
pabelangerif you didn't see: https://testpypi.python.org/pypi/sandbox 0.0.13 uploaded yesterday15:37
jeblairpabelanger: lgtm15:40
jeblairclarkb: do the words "ironic_key" mean anything to you in the devstack-gate context?15:53
jeblairclarkb: oops, meant to ask that in infra15:53
dmsimardpabelanger: I don't understand what your hack is -- you mean you're running on localhost instead of on the node ?15:57
dmsimardpabelanger: re: testing roles15:57
pabelangerdmsimard: it is using ansible_connection=local, to avoid setting up SSH keys (but I think they are setup now), on a node from nodepool.15:58
dmsimardpabelanger: okay, that doesn't help me though ? The problem is that what I want to test is in the base job16:00
dmsimardand has some other dependencies -- like for emit-ara-html, the database and ara are on the executor, not the node16:01
dmsimarddoes localhost mean the executor or the node ?16:01
pabelangerdmsimard: that's what I am saying, you'll need to mock the executor on the node16:01
pabelangeryou won't be able to run it on the executor pre-merge16:01
*** bhavik1 has quit IRC16:02
pabelangerdmsimard: we'll have some time at PTG to talk more about it :)16:02
dmsimardpabelanger: yeah I think that'd be best left for the PTG -- I just wanted to prevent unfortunate breakages from the base role16:03
pabelangerdmsimard: for now, we've been proposing changes to base-test first in project-config. That is a little more tricky when it comes to roles, since both playbooks use the same role16:04
*** openstackgerrit has quit IRC16:04
*** openstackgerrit has joined #zuul16:22
openstackgerritDavid Shrewsbury proposed openstack-infra/nodepool feature/zuulv3: Revert "Allow launcher to stop quicker when asked"  https://review.openstack.org/49748016:22
*** dmsimard is now known as dmsimard|afk17:30
jlkgood (late) morning all!18:17
openstackgerritMerged openstack-infra/zuul feature/zuulv3: Document list of configuration items for include/exclude  https://review.openstack.org/49692818:26
*** olaph has joined #zuul18:38
*** olaph1 has quit IRC18:40
openstackgerritPaul Belanger proposed openstack-infra/zuul-jobs master: Fix matched condition for gpg signing  https://review.openstack.org/49755118:49
pabelangerjlk: jeblair: mordred: ^mind a review, for sign-artifact role18:49
pabelangerhttp://logs.openstack.org/bd/f9d1843b6068bde096425166ba2f1c98e122e1bd/release/release-openstack-python/b0f7a57/job-output.txt.gz18:49
jlkreading.18:50
pabelangerjeblair: mordred: I also have a question / comment about secrets, specifically, why we don't use group / host vars for them. I think we could add some additional filtering, secrect side, and limit where we want that secret to show up.  Today, we add it to extra_vars and any host will be able to access it.18:52
jlkWasn't part of that decision the variable precedent?  -e rules over all and cannot be changed during playbook execution (even with set_fact).18:56
pabelangerYa, maybe that was it. offers protection for changing a serect18:58
pabelangerand everything I've read says you cannot limit -e to hosts / groups18:58
jlkright, it's global.18:58
pabelangerya, so is having a global secret better?18:59
jlkwhat's the use case of limiting it to hosts?18:59
jlkI task could spread it around18:59
jlkand you could always access it via hostvars['hostname']['secret_name']18:59
pabelangerso, our secrets in project-config, are only going to to be for localhost18:59
jlkevery host has "access" to the variables for every other host19:00
pabelangerhowever, it is possible that a secret could be mistakenly run against not localhost (I just did this). While the key wasn't leaked into logs, it was copied to a remote node and then the node was deleted19:00
pabelangerif the secret was a hostvar for localhost, that would offer some protection I think19:01
jlkit doesn't limit where it's available19:01
pabelangerAh, okay.19:01
clarkbthis was one of the reasons why we kept our hiera data separate from ansible almost entirely with ansible-puppet iirc19:02
pabelangerso, like you say. you could hostvars['localhost']['secret_name'] from another node19:02
clarkbbecause ya ansible doesn't really partition data access19:02
clarkbso we did it independently19:02
pabelangerclarkb: right19:02
pabelangertests.unit.test_executor.TestExecutorRepos failed, is that a new failure?19:06
pabelangerhttp://logs.openstack.org/51/497551/1/check/tox-py35-on-zuul/bcc250f/testr_results.html.gz19:06
openstackgerritMerged openstack-infra/zuul-jobs master: Fix matched condition for gpg signing  https://review.openstack.org/49755119:16
openstackgerritPaul Belanger proposed openstack-infra/zuul-jobs master: Stat pubring.gpg / secring.gpg for debugging  https://review.openstack.org/49760320:27
pabelangerjlk: jeblair: ^ collects some debug information about gpg files to help see what is going on with invalid packet issue20:28
jeblairpabelanger: are you saying that stat will calculate the sha1sum of a file?20:29
jeblairthat's a very expensive operation.  that seems counter-intuitive to me.20:30
pabelangerjeblair: ya, that is included in the results20:30
jeblairthen we should stop using stat everywhere20:30
pabelangerok20:31
*** jkilpatr has quit IRC20:31
jeblairor set get_checksoum to false or something20:33
openstackgerritPaul Belanger proposed openstack-infra/zuul-jobs master: sha1sum pubring.gpg / secring.gpg for debugging  https://review.openstack.org/49760320:33
jeblairpabelanger: why did you change that?20:34
pabelangerthat was your original suggestion, just seen get_checksum false20:35
pabelangersorry, confused on which you'd like.20:35
jeblairpabelanger: yes, that was before i knew stat ran sha1sum.  so either works.  i had already approved that change, so i wonder why you changed it.20:35
jeblairpabelanger: i don't care20:35
jeblairpabelanger: i only want *something* to run sha1sum on those file20:35
pabelangerokay, I didn't see your +A, was writing patch20:36
jeblairpabelanger: i *don't* want to run sha1sum in all the places we used 'stat' to verify a file exists because it's overkill.  but that's a different discussion.20:36
pabelangerjeblair: understood. We'll need to change that in tarball uploading, we stat today20:37
openstackgerritMerged openstack-infra/zuul-jobs master: sha1sum pubring.gpg / secring.gpg for debugging  https://review.openstack.org/49760320:52
*** jkilpatr has joined #zuul21:00
*** jkilpatr has quit IRC21:07
*** jkilpatr has joined #zuul21:18
clarkbjlk: thanks for sorting out the offset confusion in the overlay change21:58
clarkbjlk: something like a delegate to localhost for loop over all the inventory entries and give each one offset of offset + 1 would work?22:01
*** dmsimard|afk is now known as dmsimard22:46
mordredpabelanger: also  (re hostvars/groupsvars) we publish the inventory so people can see it, and putting secrets into a separate file allows us to not publish those23:13
pabelangermordred: ya, the part I am unsure of is if /etc/ansible/host_vars/foosball would also end up in inventory files. If ansible did merging or something23:18
pabelangerbut extra_vars does work23:18
mordredpabelanger: not in a way that would make us happy today - however - with the inventory plugin rework in 2.4 smart merging is possible23:19
mordred(things merge in 2.3, but it's ... wonkly)23:19
mordredpabelanger: cooll - mostly just wanted to respond - have been in meetings most of today23:19
pabelangerunderstood23:19
pabelangermordred: np! When you have time tomorrow, I have gpg_key secret questions23:20
mordredpabelanger: awesome. I'm back home and online all of tomorrow23:21
pabelanger++23:21
mordredpabelanger: (are they in scrollback?)23:21
pabelangermordred: ya, #openstack-infra23:21
*** jkilpatr has quit IRC23:40
*** jkilpatr has joined #zuul23:40
openstackgerritJames E. Blair proposed openstack-infra/zuul feature/zuulv3: Add proc to bubblewrap  https://review.openstack.org/49769823:59
« Wednesday, 2017-08-23 Index Friday, 2017-08-25 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!