Thursday, 2017-09-28

openstackgerrit	Merged openstack-infra/zuul-jobs master: Expand docs for fetch-sphinx-output role https://review.openstack.org/507999	00:41
*** lennyb has quit IRC		01:11
*** lennyb has joined #zuul		01:11
*** huangtianhua has joined #zuul		02:44
*** zhuli has joined #zuul		02:45
zhuli	hi folks, how to integrate zuul with github? after install zuul from feature/zuulv3 branch and follow the quick start guide of official doc, I encounter a problem when starting the zuul-scheduler service that it raised an AttributeError said 'Github' object has no attribute 'session'	03:06
zhuli	# cat /etc/zuul/zuul.conf	03:11
zhuli	[scheduler]	03:11
zhuli	tenant_config=/etc/zuul/main.yaml	03:11
zhuli	[gearman_server]	03:11
zhuli	start=true	03:11
zhuli	[gearman]	03:11
zhuli	server=127.0.0.1	03:11
zhuli	[connection github]	03:11
zhuli	driver=github	03:11
zhuli	server=github.com	03:11
zhuli	api_token=xxxxxxxxxxxxxxxxxxxxxxxxxx	03:11
zhuli	sshkey=/home/zuul/.ssh/id_rsa	03:11
zhuli	and this is my configuration	03:12
mordred	jlk: ^^	03:30
mordred	zhuli: as soon as the rollout is done this week we'll be working on more documentation to help folks get up and going	03:32
mordred	zhuli: I think I remember someone else having the session isue and it turned out to be a too-old version of Github3.py ...	03:32
mordred	zhuli: we unfortunately depend on an unreleased version of the library for the moment (waiting on a release)	03:32
* mordred isn't really here - goes back to being AFK		03:33
zhuli	mordred thanks, I will update the Github3 and try again to see if this error go away	03:41
*** pbrobinson has quit IRC		03:54
*** pbrobinson has joined #zuul		03:59
openstackgerrit	Merged openstack-infra/zuul-jobs master: Emit a message about the final tox invocation https://review.openstack.org/507990	04:39
*** bhavik1 has joined #zuul		04:57
*** bhavik1 has quit IRC		05:23
*** xinliang has quit IRC		07:51
*** xinliang has joined #zuul		08:05
*** xinliang has quit IRC		08:05
*** xinliang has joined #zuul		08:05
*** electrofelix has joined #zuul		08:05
*** hashar has joined #zuul		08:20
kklimonda	what's the high availability story with zuul-scheduler?	08:24
kklimonda	I can probably run two gerrit instances, and I can run a ZK cluster, zuul executors are dumb anyway, and nodepool-launchers seem to be pretty self contained too	08:25
*** jesusaur has quit IRC		08:40
*** jesusaur has joined #zuul		08:48
tobiash	kklimonda: zuul-scheduler is currently a single point of failure	08:53
tobiash	kklimonda: there are thoughts to eventually change zuul-scheduler in v4 into a scale out component synced via zookeeper	08:54
kklimonda	tobiash: you just brightened my day with a mention of zuulv4 ;)	08:55
tobiash	kklimonda: but that's probably a long term roadmap entry ;)	08:56
*** smyers has quit IRC		09:03
*** smyers has joined #zuul		09:14
*** _ari_ has quit IRC		10:08
*** _ari_ has joined #zuul		10:13
*** jkilpatr has quit IRC		10:35
*** jkilpatr has joined #zuul		10:52
*** yolanda has quit IRC		10:54
*** yolanda has joined #zuul		11:08
pabelanger	zhuli: you have the wrong version of github.py installed. You need to install git+https://github.com/sigmavirus24/github3.py.git@develop#egg=Github3.py	12:00
pabelanger	for some reason pip install doesn't install it correctly	12:00
zhuli	pabelanger: thanks, it works now :)	12:40
*** dkranz has quit IRC		13:25
*** yolanda has quit IRC		14:08
*** yolanda has joined #zuul		14:08
*** isaacb has joined #zuul		14:15
*** dkranz has joined #zuul		14:41
*** SpamapS is now known as Zuulv2		14:43
*** Zuulv2 is now known as SpamapS		14:43
*** nhicher has joined #zuul		14:46
SpamapS	When the dust settles on the migration...	14:55
SpamapS	http://paste.openstack.org/show/622163/	14:55
SpamapS	I would really like to see that ansible problem sent to the user.	14:55
SpamapS	Pretty simple "oops I forgot to git add roles/k8s-certs" since I could read the debug log	14:55
SpamapS	but from the outside, it looked like the playbook was invisible.	14:55
*** isaacb has quit IRC		15:10
openstackgerrit	James E. Blair proposed openstack-infra/zuul feature/zuulv3: Remove "Applying template" log line https://review.openstack.org/508203	15:32
*** jkilpatr has quit IRC		15:34
rbergeron	I'll just share this for team spirit while y'all get things done:	15:44
rbergeron	https://www.infoworld.com/article/3228171/devops/why-ansible-is-the-future-of-red-hatand-automated-devops.html	15:44
*** hashar is now known as hasharAway		15:51
openstackgerrit	Merged openstack-infra/zuul feature/zuulv3: Remove "Applying template" log line https://review.openstack.org/508203	16:06
openstackgerrit	David Shrewsbury proposed openstack-infra/nodepool feature/zuulv3: Add debug line for deleting unlocked nodes https://review.openstack.org/508235	16:56
openstackgerrit	James E. Blair proposed openstack-infra/zuul feature/zuulv3: Improve debug logging around dynamic layout loading https://review.openstack.org/508237	16:57
openstackgerrit	James E. Blair proposed openstack-infra/zuul feature/zuulv3: Improve debug logging around dynamic layout loading https://review.openstack.org/508237	17:02
openstackgerrit	James E. Blair proposed openstack-infra/zuul feature/zuulv3: Add ZK session timeout option https://review.openstack.org/508251	17:35
harlowja	timeouts i hear :-P	17:44
*** jkilpatr has joined #zuul		18:14
openstackgerrit	James E. Blair proposed openstack-infra/zuul feature/zuulv3: Wait up to 30s to lock a node https://review.openstack.org/508260	18:19
openstackgerrit	Merged openstack-infra/zuul feature/zuulv3: Add ZK session timeout option https://review.openstack.org/508251	18:25
openstackgerrit	Merged openstack-infra/zuul feature/zuulv3: Improve debug logging around dynamic layout loading https://review.openstack.org/508237	18:25
openstackgerrit	Merged openstack-infra/zuul feature/zuulv3: Wait up to 30s to lock a node https://review.openstack.org/508260	18:25
openstackgerrit	Monty Taylor proposed openstack-infra/zuul feature/zuulv3: Parent legacy jobs with artifacts legacy-publish-openstack-artifacts https://review.openstack.org/508265	18:26
openstackgerrit	Monty Taylor proposed openstack-infra/zuul feature/zuulv3: Set BUILD_TIMEOUT environment variable in zuul_legacy_vars https://review.openstack.org/508266	18:26
openstackgerrit	Monty Taylor proposed openstack-infra/zuul feature/zuulv3: Set BUILD_TIMEOUT environment variable in zuul_legacy_vars https://review.openstack.org/508266	18:26
*** hasharAway is now known as hashar		18:27
openstackgerrit	Merged openstack-infra/zuul feature/zuulv3: Set BUILD_TIMEOUT environment variable in zuul_legacy_vars https://review.openstack.org/508266	18:32
openstackgerrit	Merged openstack-infra/nodepool feature/zuulv3: Add debug line for deleting unlocked nodes https://review.openstack.org/508235	18:44
openstackgerrit	Monty Taylor proposed openstack-infra/zuul-jobs master: Remove the right file in revoke-sudo https://review.openstack.org/508274	19:11
openstackgerrit	Jeremy Stanley proposed openstack-infra/zuul-jobs master: Remove the right file in revoke-sudo https://review.openstack.org/508274	19:25
openstackgerrit	Jeremy Stanley proposed openstack-infra/zuul-jobs master: Remove the right file in revoke-sudo https://review.openstack.org/508274	19:36
openstackgerrit	Jeremy Stanley proposed openstack-infra/zuul-jobs master: Remove the right file in revoke-sudo https://review.openstack.org/508274	19:53
openstackgerrit	Jeremy Stanley proposed openstack-infra/zuul-jobs master: Stop running ansible-lint on playbooks https://review.openstack.org/508285	19:53
*** hashar has quit IRC		19:53
*** weshay has quit IRC		20:10
openstackgerrit	Monty Taylor proposed openstack-infra/zuul feature/zuulv3: Only add BUILD_TIMEOUT if there is a timeout https://review.openstack.org/508290	20:11
*** weshay has joined #zuul		20:11
openstackgerrit	Jeremy Stanley proposed openstack-infra/zuul-jobs master: Stop running ansible-lint on playbooks https://review.openstack.org/508285	20:15
openstackgerrit	Jeremy Stanley proposed openstack-infra/zuul-jobs master: Remove the right file in revoke-sudo https://review.openstack.org/508274	20:15
openstackgerrit	Monty Taylor proposed openstack-infra/zuul feature/zuulv3: Only add BUILD_TIMEOUT if there is a timeout https://review.openstack.org/508290	20:22
openstackgerrit	Merged openstack-infra/zuul feature/zuulv3: Parent legacy jobs with artifacts legacy-publish-openstack-artifacts https://review.openstack.org/508265	20:35
openstackgerrit	Monty Taylor proposed openstack-infra/zuul feature/zuulv3: Only add BUILD_TIMEOUT if there is a timeout https://review.openstack.org/508290	20:35
openstackgerrit	Merged openstack-infra/zuul feature/zuulv3: Only add BUILD_TIMEOUT if there is a timeout https://review.openstack.org/508290	21:08
kklimonda	do you see any issue with making sure that we add user aux groups when we drop root privileges for zuul-executor?	21:08
kklimonda	I'm thinking of using puppet CA and certs to authenticate gearman connections, adding zuul user to the puppet group so it can read certs.	21:09
dmsimard	jeblair, mordred: I was pointing out to mnaser that his attempt at uploading logs should probably not be working.. but then it worked and I'm not sure I understand what's going on	21:10
dmsimard	the play is here http://logs.openstack.org/96/508296/2/check/puppet-openstack-integration-scenario004-ubuntu-xenial-puppet-4/c30f8bf/ara/file/02f6cfdf-e9a7-4487-800c-ec6bdabbcf53/#line-3	21:10
dmsimard	and the result is here: http://logs.openstack.org/96/508296/2/check/puppet-openstack-integration-scenario004-ubuntu-xenial-puppet-4/c30f8bf/ara/result/3c5a2558-f993-482d-ba70-48986d380892/	21:10
jeblair	kklimonda: nothing jumps out at me right now, but i'm distracted; SpamapS would be a good person to think about that	21:11
dmsimard	it looks like it ran against 'ubuntu-xenial', not localhost or anything..	21:11
jeblair	dmsimard: that task is slightly misnamed	21:11
jeblair	dmsimard: that's "pull log files from worker onto executor"	21:11
jeblair	dmsimard: then the base job handles uploading	21:11
mordred	yah	21:11
dmsimard	that play is not from the base job though I think	21:12
jeblair	dmsimard: correct; it's auto-converted	21:12
jeblair	dmsimard: any job can pull log files onto the executor	21:12
jeblair	then whatever they pull, base job uploads	21:12
dmsimard	okay, I thought that was limited to the base job	21:13
dmsimard	i.e, that an untrusted playbook could not run https://review.openstack.org/#/c/508296/4/playbooks/upload-logs.yaml	21:13
jeblair	dmsimard: all jobs get a build-specific workspace on the executor in which they can do (almost) whatever they want. so logs all go to a scratch space.	21:13
dmsimard	is it a DoS vector to pull a series of huge files on the executor or something ?	21:14
jeblair	dmsimard: yep. if you exceed a certain size the job will be killed.	21:14
dmsimard	ok	21:14
dmsimard	thanks for clarifying	21:14
jeblair	i only hope i did :)	21:14
dmsimard	yeah I was mistakenly thinking we did not authorize pulls :)	21:15
dmsimard	mnaser: ^ fwiw you can "manually" upload things beyond what ends up being in the "logs" directory	21:15
mnaser	nice :>	21:16
*** dkranz has quit IRC		21:45
openstackgerrit	Merged openstack-infra/zuul-jobs master: Stop running ansible-lint on playbooks https://review.openstack.org/508285	22:23
SpamapS	kklimonda: You should be fine. The executor is just a plain old python daemon at the gearman level.	22:42
SpamapS	2017-09-28 22:33:30.287774 \| control \| failed: [localhost] (item=control) => {"changed": false, "checksum": "82e1fe58c157d7df7d63b5f9cbdf2c91b9e0451e", "failed": true, "item": "control", "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"}	22:43
SpamapS	well that's a new one on me :-P	22:43
openstackgerrit	James E. Blair proposed openstack-infra/zuul-jobs master: Fix post log location https://review.openstack.org/508346	22:49
SpamapS	dmsimard: https://dmsimard.com/2016/01/08/selinux-python-virtualenv-chroot-and-ansible-dont-play-nice/ <-- ARGH	22:52
SpamapS	W T F	22:52
dmsimard	SpamapS: that again? :)	22:52
SpamapS	yep	22:52
dmsimard	SpamapS: I should probably edit that post	22:52
* SpamapS decides it's not worth it and just installs ansible in system python land		22:52
dmsimard	SpamapS: it holds true for anything that can't be pip installed basically	22:53
dmsimard	SpamapS: libselinux-python, rpm-python are two examples I know offhand	22:53
* SpamapS grumbles something about maybe somebody should make those pip installable		22:53
dmsimard	SpamapS: depending on the situation, you can also selectively set the ansible_python_interpreter per task	22:53
SpamapS	yeah no I want this to be simple	22:53
SpamapS	why does it even care? No selinux, don't set selinux. Done.	22:53
dmsimard	because it tries to import selinux to check if selinux is there	22:54
dmsimard	:D	22:54
SpamapS	we have this amazing thing	22:54
SpamapS	try	22:54
dmsimard	maybe it's worth revisiting upstream	22:55
dmsimard	if I'm not mistaken bcoca said it wasn't a bug :p	22:55
SpamapS	I mean, if I have to fix my PR's to work with python2.6, they should have to fix their modules to work with virtualenv'd pythons	22:55
dmsimard	maybe some core Ansible folks would have a better idea	22:56
dmsimard	Shrews, mordred ^	22:56
openstackgerrit	Merged openstack-infra/zuul-jobs master: Remove the right file in revoke-sudo https://review.openstack.org/508274	22:59
SpamapS	dmsimard: your bug report and bcoca's response were accurate. The bug, however, is trying to use selinux when it's unnecessary, IMO.	23:00
* SpamapS is reading the file action now		23:00
dmsimard	SpamapS: it doesn't know if it has to use selinux until it's able to check if selinux is activated and it does that with the libselinux-python lib	23:00
SpamapS	dmsimard: right... but if libselinux-python isn't available......... that's a sign. ;)	23:02
dmsimard	SpamapS: I'm not sure libselinux-python is a requirement of selinux	23:06
SpamapS	hm	23:08
SpamapS	it looks like it is already conditional	23:08
SpamapS	yeah... it's as I expected	23:09
SpamapS	dmsimard: selinux _is_ enabled on the box I'm testing on. Doh.	23:09
dmsimard	ಠ_ಠ	23:10
dmsimard	Also, it's localhost, not remote host	23:11
openstackgerrit	Merged openstack-infra/zuul-jobs master: Fix post log location https://review.openstack.org/508346	23:14
SpamapS	dmsimard: I guess if you build a centos-minimal and don't disable selinux, you get selinux ;)	23:16
SpamapS	and I'm fine with that. It doesn't seem to be breaking stuff yet	23:16
dmsimard	there's a dib element to disable selinux	23:16
SpamapS	CI should run with selinux enabled if you can swing it ;)	23:16
SpamapS	have always felt that the only reason everybody disables it is that they start with it turned off	23:17
SpamapS	oh also nobody knows how to use the tools	23:17
dmsimard	running selinux in prod is awesome and not that hard, you just need to understand how it works	23:17
dmsimard	there's even a tool that is able to write policies automatically if you're not able to do it yourself	23:17
SpamapS	it's more the bleary eyed 3am 'somfinkbroke' that gets it turned off	23:18
dmsimard	Stuff isn't supposed to break at 3am suddenly cause of selinux :)	23:22
dmsimard	It'll break in broad daylight long before that	23:22
Shrews	SpamapS: the last time i was bleary eyed at 3am, i was with you... in Atl... in some dark corner of the city	23:30

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!