| openstackgerrit | Clint 'SpamapS' Byrum proposed openstack-infra/zuul feature/zuulv3: Slack driver https://review.openstack.org/530521 | 00:32 |
|---|---|---|
| * SpamapS begins testing that on GD internal zuul | 00:33 | |
| SpamapS | GD it I say! | 00:33 |
| openstackgerrit | Clint 'SpamapS' Byrum proposed openstack-infra/zuul feature/zuulv3: Slack driver https://review.openstack.org/530521 | 04:54 |
| SpamapS | Hrm. So I'm setting up a "staging" zuul, which I plan to use to stage updates to zuul and nodepool. But it's kind of feeling a little icky. I think I"m going to have to double-edit project-config unless I can figure out a way to use templating to compose the zuul configwith 90% the same stuff. Hrm. | 05:23 |
| SpamapS | I guess I can have two config repos? One with env-specific, and the other with common. | 05:23 |
| SpamapS | Would be cool to have a namespace inside zuul configs tho. | 05:23 |
| SpamapS | just like "hey this is here but it's not yours just leave it" | 05:24 |
| *** bhavik has joined #zuul | 06:20 | |
| tobiash | SpamapS: you can have as many config repos as you want | 06:26 |
| *** bhavik has quit IRC | 06:29 | |
| SpamapS | tobiash: yeah, it's just that I'm not sure I want to have an entire repo separation just to change a few urls and secrets. | 08:07 |
| tobiash | SpamapS: for changing urls you can use site vars | 08:08 |
| tobiash | SpamapS: https://docs.openstack.org/infra/zuul/feature/zuulv3/admin/components.html#attr-executor.variables | 08:10 |
| SpamapS | tobiash: can I reference those in pipelines? | 08:12 |
| tobiash | SpamapS: no, only use in ansible | 08:13 |
| SpamapS | Because I need to change the status-url for instance. | 08:13 |
| SpamapS | Right so site vars I am already using for that. | 08:14 |
| tobiash | SpamapS: the result url is defined by the jobs, maybe the status url is overwritten as soon the result url is set | 08:15 |
| SpamapS | status url is for pending status | 08:16 |
| SpamapS | So while jobs are running the link takes you to the status.html | 08:17 |
| tobiash | SpamapS: the status url is a config setting: https://docs.openstack.org/infra/zuul/feature/zuulv3/admin/components.html#attr-webapp.status_url | 08:20 |
| tobiash | so it is deployment specific by definition | 08:21 |
| tobiash | SpamapS: or do you need a dynamic status url? | 08:22 |
| SpamapS | tobiash: oh, am I overriding it unnecessarily? | 08:22 |
| * SpamapS looks closer | 08:23 | |
| SpamapS | that would still leave secrets | 08:23 |
| tobiash | SpamapS: yes, that's more complicated | 08:23 |
| SpamapS | Ok well I will move the status url to config. That's just nicer anyway. | 08:25 |
| SpamapS | For secrets, I have differnet secrets I want to use with the same playbooks in stage/prod. | 08:25 |
| SpamapS | Now I can arrange this.. | 08:26 |
| SpamapS | sort of.. | 08:26 |
| SpamapS | Yeah so I think it can sort of be done. The roles can be in a shared repo. The playbooks have to be where the secret is though. | 08:28 |
| SpamapS | so like, one repo is shared-config and has pipelines and roles.. then the env-specific one has to have playbooks, jobs, and secrets. | 08:30 |
| tobiash | yes, you also could think about adding an additional inheritance layer in between for injecting secrets | 08:31 |
| tobiash | I have a similar use | 08:31 |
| SpamapS | secrets aren't available to children | 08:31 |
| tobiash | but should be to the parent I think | 08:31 |
| SpamapS | job and playbook have to be together with the secret. | 08:31 |
| tobiash | so I have a multi tenant use case: base -> tenant-base -> tenant-job | 08:32 |
| SpamapS | yeah the base job is the main thing I don't want to have variation on ;-) | 08:33 |
| tobiash | where tenant-base should inject tenant specific secrets to pre and post playbooks | 08:33 |
| SpamapS | but that has mostly worked out fine | 08:33 |
| SpamapS | tobiash: that seems pretty doable. | 08:33 |
| tobiash | I think secrets is a critical area where we probably still have to learn how to structure things in a good maintainable way | 08:34 |
| SpamapS | I quite like the way it works. What I'm doing with stage is rather.. odd. | 08:35 |
| SpamapS | but like any good staging environment, I want it to share as much as it can in behavior with the production env. | 08:37 |
| openstackgerrit | Clint 'SpamapS' Byrum proposed openstack-infra/zuul feature/zuulv3: Slack driver https://review.openstack.org/530521 | 09:01 |
| openstackgerrit | Clint 'SpamapS' Byrum proposed openstack-infra/zuul feature/zuulv3: Add --strip option to encrypt_secret.py https://review.openstack.org/530547 | 14:21 |
| SpamapS | Achievement Unlocked: Deploy to prod with zuul. | 14:37 |
| SpamapS | Achievement Unlocked: zuulception -- deploy zuul to prod with zuul | 14:38 |
| SpamapS | Now to figure out how to make it restart the scheduler automatically. ;) | 14:38 |
| openstackgerrit | Clint 'SpamapS' Byrum proposed openstack-infra/zuul feature/zuulv3: Slack driver https://review.openstack.org/530521 | 23:19 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!