Tuesday, 2018-02-20

« Monday, 2018-02-19 Index Wednesday, 2018-02-21 »
*** JasonCL has joined #zuul00:12
*** JasonCL has quit IRC00:19
SpamapSclarkb: correct00:27
clarkbSpamapS: ok just wanted to confirm as there are setups that would result in more than one handler thread that would need syncing between but in that setup you should only get the one handler if I've read the code correctly00:27
clarkbso much simpler to solve for this constrained case (in theory)00:27
SpamapSIf splitting into 3 pools would solve my problem I can do that. :)00:28
clarkbI don't think it will00:28
SpamapSyeah I don't think so either00:28
SpamapSI am looking at reducing from 5 to 4 nodes00:28
clarkbin that case you'd have three handlers "fighting" to grab requests and fulfill them including for min ready00:28
SpamapSunfortunately we baked some assumptions in deep00:29
clarkbI expect the end results would be similar to what you currently experience now with the random assignment00:29
mordredit's definitely an interesting case00:30
mordredthe ratio of quota to nodeset size and the azs existing is fun00:31
clarkba hack you could do is similar to the one we are using with our multiple launchers. Basically configure one launcher with one az and have it with a >0 min ready00:32
clarkbthen have a second (and possibly third) launcher for the remaining azs and no min ready configured in them00:32
clarkbyou'd be constrained to servicing all min ready from a single az but that should make it consistent at least00:33
SpamapSwe'll see how it goes with a patch to turn off AZ stickyness.00:33
SpamapSI think that will for the most part solve the lag issues I have.00:34
*** JasonCL has joined #zuul00:36
*** JasonCL has quit IRC00:40
openstackgerritMerged openstack-infra/nodepool master: Add opensuse-tumbleweed to nodepool dsvm testing  https://review.openstack.org/54518301:05
*** rlandy|rover is now known as rlandy|rover|bbl01:23
*** JasonCL has joined #zuul01:54
*** JasonCL has quit IRC02:00
corvusmordred: the zuul_stream callback plugin handles both log lines from the remote host, and internally generated log lines (ie, announcing play start/stop).  if we move the remote log receiver from zuul_stream into an executor subprocess, we'd be writing to the log file from two processes.  since we could have multiple tasks starting and stopping simultaneously, we probably can't count on that being clean.02:02
corvusdoes that mean the component in the executor should be more like a proxy?  it receives log lines from remote hosts, and zuul_stream fetches them from it and logs them?02:02
corvusmordred: or is there some other way to set that up....?02:02
corvusmordred: oh... zuul_stream could *send* it's internally generated log lines to the executor component.  then the executor component is the only one writing them...02:04
*** toabctl has quit IRC02:05
corvusthat seems obvious now that i think about it.  then again, everything about the logging system seems obvious in retrospect.  nothing seems obvious in prospect.  :)02:06
*** harlowja has quit IRC02:52
*** rlandy|rover|bbl is now known as rlandy|rover03:10
dmsimardWhat's this "Open CI" thing I seem to keep hearing about ? Is that openlab ?04:01
dmsimardmrhillsman: ^04:01
openstackgerritPaul Belanger proposed openstack-infra/nodepool master: Support ubuntu-bionic (18.04) with nodepool dsvm  https://review.openstack.org/54457404:12
dmsimardcorvus: Just looked at the logs for that particular error. It has nothing to do with the zuul_json callback truncating the json file, unfortunately.. but does highlight another case of Ansible breaking the callback contract by passing a string instead of a bool. I'll try to figure out if it's been fixed in Ansible but in any case I'll have to work around it in ARA.04:14
*** rlandy|rover has quit IRC04:24
openstackgerritPaul Belanger proposed openstack-infra/nodepool master: Support ubuntu-bionic (18.04) with nodepool dsvm  https://review.openstack.org/54457404:37
openstackgerritPaul Belanger proposed openstack-infra/nodepool master: Source /etc/ci/mirror_info.sh for mirrors  https://review.openstack.org/54603204:37
SpamapScorvus: it's just software.04:45
*** harlowja has joined #zuul04:54
openstackgerritDavid Moreau Simard proposed openstack-infra/zuul master: Make test-logs.sh more convenient to use  https://review.openstack.org/54603704:55
dmsimardShrews: this one might interest you: http://paste.openstack.org/show/678121/04:55
dmsimardERROR zuul.Scheduler: Unable to process autohold for None04:55
openstackgerritPaul Belanger proposed openstack-infra/nodepool master: Support ubuntu-bionic (18.04) with nodepool dsvm  https://review.openstack.org/54457405:20
*** bhavik1 has joined #zuul05:20
*** bhavik1 has quit IRC05:31
*** toabctl has joined #zuul06:08
openstackgerritMerged openstack-infra/zuul master: Use a status code to detect unknown vs. missing tenant  https://review.openstack.org/54587906:39
openstackgerritMerged openstack-infra/nodepool master: Hack for test_delete_now rare failures  https://review.openstack.org/54598206:43
openstackgerritMerged openstack-infra/zuul master: Remove Paste from the dependencies  https://review.openstack.org/54600006:47
*** chrnils has joined #zuul06:47
*** threestrands has quit IRC07:10
*** harlowja has quit IRC07:10
*** JasonCL has joined #zuul07:22
*** JasonCL has quit IRC07:27
AJaegermordred, infra-root: http://zuul.openstack.org/jobs.html and http://zuul.openstack.org/builds.html are broken completely right now. I get a json output, not a nicely rendered page.07:38
tobiashfeels like matrix08:34
*** swest has quit IRC08:44
*** swest has joined #zuul08:45
*** jpena|off is now known as jpena08:46
openstackgerritTobias Henkel proposed openstack-infra/zuul master: Add regex support to project stanzas  https://review.openstack.org/53571308:49
openstackgerritTobias Henkel proposed openstack-infra/zuul master: Add winrm certificate handling  https://review.openstack.org/53571708:57
AJaegertobiash, ianw and myself fixed the Zuul/nodepool integration tests, could you review the stacks starting at https://review.openstack.org/#/c/545163/ and https://review.openstack.org/#/c/545158/ , please?09:06
tobiashAJaeger: yes, can do that in a few minutes09:06
AJaegerthanks!09:08
openstackgerritTobias Henkel proposed openstack-infra/zuul master: Fix builds queued forever after failure to get node request  https://review.openstack.org/53733509:08
tobiashAJaeger: +2 with comment on https://review.openstack.org/#/c/545158/1409:17
tobiashAJaeger: stacks lgtm09:20
*** hashar has joined #zuul09:22
openstackgerritTobias Henkel proposed openstack-infra/zuul master: Add regex support to project stanzas  https://review.openstack.org/53571309:26
openstackgerritMerged openstack-infra/zuul master: Fix nodepool-zuul-functional  https://review.openstack.org/54516309:30
*** jimi_|ansible has joined #zuul09:34
*** jimi_|ansible has joined #zuul09:34
*** jimi|ansible has quit IRC09:35
openstackgerritMerged openstack-infra/nodepool master: Fix nodepool-zuul-functional  https://review.openstack.org/54515809:51
AJaegertobiash: thanks!09:58
AJaegertobiash: put it on my todo list for cleanup later09:59
tobiashAJaeger: just a nit ;)10:00
openstackgerritMerged openstack-infra/zuul master: Remove install-distro step for nodepool integration  https://review.openstack.org/54522110:13
*** elyezer has quit IRC10:18
*** tosky has joined #zuul10:19
openstackgerritAndreas Jaeger proposed openstack-infra/zuul master: Add nodepool-zuul-functional as non-voting check job  https://review.openstack.org/54520310:19
openstackgerritMerged openstack-infra/nodepool master: Remove copying of legacy install-distro script  https://review.openstack.org/54522210:24
openstackgerritMerged openstack-infra/nodepool master: Avoid tools/nodepool-integration-setup.sh from zuul  https://review.openstack.org/54522810:24
*** elyezer has joined #zuul10:27
AJaegertobiash: could you readd your +1 to https://review.openstack.org/545203 , please? I rebased since I misread gerrit's note10:37
AJaeger+A I mean10:37
openstackgerritMerged openstack-infra/zuul master: Remove tools/nodepool-integration-setup.sh  https://review.openstack.org/54522910:53
*** JasonCL has joined #zuul11:09
*** JasonCL has quit IRC11:32
*** JasonCL has joined #zuul11:33
openstackgerritMatthieu Huin proposed openstack-infra/zuul master: zuul web: add admin endpoint, enqueue & autohold commands  https://review.openstack.org/53900411:37
*** JasonCL has quit IRC11:38
openstackgerritMatthieu Huin proposed openstack-infra/zuul master: zuul autohold: allow operator to specify nodes TTL  https://review.openstack.org/54340311:44
tobiashAJaeger: done12:02
*** elyezer has quit IRC12:15
*** elyezer has joined #zuul12:19
openstackgerritMerged openstack-infra/zuul master: Add nodepool-zuul-functional as non-voting check job  https://review.openstack.org/54520312:22
mordredAJaeger: looking in to the builds/jobs dashboards12:33
openstackgerritMonty Taylor proposed openstack-infra/zuul master: Extract an abstract base Parser class  https://review.openstack.org/54561012:33
mordredAJaeger: fixed in prod - patch coming12:36
*** jpena is now known as jpena|lunch12:44
AJaegerthanks, mordred and tobiash !12:46
*** toabctl has quit IRC13:02
*** dkranz has joined #zuul13:10
*** toabctl has joined #zuul13:23
openstackgerritDavid Shrewsbury proposed openstack-infra/nodepool master: Only DeletedNodeWorker should delete nodes  https://review.openstack.org/54614613:32
*** rlandy has joined #zuul13:33
*** rlandy is now known as rlandy|rover13:34
*** JasonCL has joined #zuul13:35
dmsimardmordred: sorry if this is obvious but why are we messing with all these rewrite rules instead of having zuul-web as a proper wsgi app with URL routing ?13:37
dmsimardit sounds like we're putting a lot of logic into apache that should be built in the app13:38
dmsimardI'm not familiar with aiohttp but it does seem like there's the concept of URL routing available13:39
*** JasonCL has quit IRC13:39
Shrewsmhu: 546146 is going to affect your held node cleanup code. Sorry about that13:40
dmsimardShrews: that reminds me, did you see my message last night ?13:41
mhuShrews, thanks for the heads-up, I'll look into it13:41
Shrewsdmsimard: no13:41
dmsimardShrews: came across this error all over zuul.log on the scheduler yesterday: http://paste.openstack.org/show/678121/13:41
dmsimardthought you might know what was going on13:42
Shrewsdmsimard: hrm, never seen that. not sure what's happening there13:42
dmsimardShrews: it's hard to tell what exactly is going on, yeah -- I might submit a first patch to give us some insight on the exception because the logs are interleaved so it's a bit hard to tell what the exception relates to13:43
*** jpena|lunch is now known as jpena13:44
dmsimardcorvus: in case you were curious, tristanC found my url_pattern/failure-pattern/success-pattern issue I asked about last week :/ https://github.com/softwarefactory-project/zuul-distgit/blob/master/0001-model-keep-jenkins-url-as-is.patch13:46
Shrewscorvus: mordred: I'm sort of thinking we should remove the --now option to 'nodepool delete'. Because the delete thread runs really quickly, there's not any need that I can see to say13:47
Shrews"do it now"13:47
ShrewsIf we remove it, then we totally eliminate that test_delete_now race.13:48
Shrewscurrent delete thread interval is 5 seconds13:49
dmsimardShrews: never realized we got rid of --now in v313:49
Shrewsdmsimard: we didn't, which is my point13:49
Shrewsi think we should get rid of it13:49
*** JasonCL has joined #zuul13:50
*** JasonCL has quit IRC13:51
mordreddmsimard: we're working towards less rewrite rules - there's a few things to untangle, but hopefully this should all be sane by the end of this week13:53
*** JasonCL has joined #zuul13:53
dmsimardmordred: ok, ideally the webserver should be as dumb as possible :)13:53
dmsimardfacilitates implementation with other webservers/proxies if people don't like apache or whatnot13:54
mordredyah - the one thing we'll have rewrite rules for (which will be optional/an optimization) is offloading serving the static html/javascript we produce from webpack13:54
mordredso there should be like, one rewrite rule13:54
dmsimardare you planning on packaging the js/css stuff like horizon ? with xstatic ?13:55
dmsimardor will there always be an expectation that there's a puppet or ansible to mash the two together ?13:55
dmsimard(I guess the RPM packaging from software factory makes this kind of redundant)13:56
mordreddmsimard: but yes - one of the reasons this javascript stack has been slow going in is that we want to make sure that everything works if you don't have any apache, if you want to off-load static assets to apache but proxy dynamic api calls to zuul-web, if you want to do the second thing but whitelabel a specific tenant - and if you want to put the static web assets somewhere else (like swift)13:56
mordreddmsimard: HELL NO (to xstatic)13:56
mordreddmsimard: xstatic is a plague that I find very offensive (there is no reason to use python tools to package javascript when the javascript ecosystem has their own set of tools)13:57
mordreddmsimard: BUT - totally will package the html/javascript into an installable bundle13:57
*** electrofelix has quit IRC13:57
dmsimardmordred: yeah, I don't think it's pretty either but doing "pip install" and getting everything installed without having to use npm or whatever is pretty neat13:57
openstackgerritDavid Shrewsbury proposed openstack-infra/nodepool master: Remove --now option to 'delete' CLI command  https://review.openstack.org/54615213:58
Shrews^^^ WIP for discussion13:58
*** JasonCL has quit IRC13:58
mordreddmsimard: yes. pip install zuul will get you the web content13:58
*** JasonCL has joined #zuul13:58
dmsimardmordred: how? my understanding is that currently we need shenanigans like https://github.com/openstack-infra/puppet-zuul/blob/master/manifests/web.pp#L16413:59
mordreddmsimard: none of the javascript tooling stack is landed yet - that's this week :)13:59
dmsimardmordred: oh, so I'm just looking at old stuff, okay :p13:59
mordreddmsimard: so- the javascript stack will use npm/webpack to generate the html bundles which it writes to zuul/web/static ... that way if we run the js build before running setup.py sdist then the bult js files will be inside the python package and thus pip install will work14:00
mordreddmsimard: however, if we wanted to deploy the static assets independently, we can grab the js bundle produced by https://review.openstack.org/#/c/538131/914:01
mordredand just untar it in an apache folder (like we do for storyboard-webclient)- or even publish it to swift if we got really crazy :)14:01
mordreddmsimard: tl;dr - COMPLETELY agree with you on the rewrite rules :)14:01
*** sshnaidm|off is now known as sshnaidm14:05
tobiashmordred: is your pending dashboard fix easy?14:09
tobiashmordred: I'm currently rebasing my deployment branch14:09
tobiashshould I base from before the web patches from yesterday or just wait for your fix?14:10
mordredtobiash: which pending dashboard fix?14:11
tobiashmordred: "<mordred> AJaeger: fixed in prod - patch coming"14:11
tobiashfrom today14:11
mordredtobiash: oh! yah - that was just a fix to our puppet ... one sec14:11
mordredtobiash: https://review.openstack.org/546134 was the issue14:12
tobiashah, so no zuul patch14:12
mordredtobiash: nope - just got rewrite rule order wrong14:12
tobiashthat's why I didn't see it :)14:12
mordred:)14:12
tobiashok my rewrite rules are simpler so this shouldn't be an issue for me :)14:13
mordreddmsimard: thanks for reminding me - the javascript stack doesn't actually update the tarball build/publication job to include the javascript - I should fix that14:13
*** JasonCL has quit IRC14:28
*** JasonCL has joined #zuul14:29
rcarrillocruz\o/ for getting static stuff with pip install14:49
rcarrillocruzdo I read right that by default aiohttp will serve static ? last time i checked, i couldn't figure out how to change the root folder in aiohttp/zuul-web, like it was hardcoded and thus relative to the zuul package install path14:52
openstackgerritDavid Shrewsbury proposed openstack-infra/nodepool master: Remove --now option to 'delete' CLI command  https://review.openstack.org/54615214:54
mordredrcarrillocruz: yah - once the javascript stack is in, you should not have to mess with the root folder location14:57
rcarrillocruzsweet15:00
openstackgerritMatthieu Huin proposed openstack-infra/nodepool master: Clean held nodes automatically after configurable timeout  https://review.openstack.org/53629515:07
*** JasonCL has quit IRC15:08
*** JasonCL has joined #zuul15:08
openstackgerritClint 'SpamapS' Byrum proposed openstack-infra/nodepool master: WIP: allow disabling sticky AZs  https://review.openstack.org/54617515:10
*** JasonCL has quit IRC15:11
*** JasonCL has joined #zuul15:11
SpamapS ^^ no idea if it works15:12
SpamapSwill be playing with it soon15:12
openstackgerritMatthieu Huin proposed openstack-infra/nodepool master: Clean held nodes automatically after configurable timeout  https://review.openstack.org/53629515:14
dmsimardmordred: yay15:16
tobiashSpamapS: it will work partly15:18
tobiashSpamapS: with this change it will take any ready nodes, but will still stick to a randomly self chosen az for nodes it creates15:20
tobiash(see review)15:20
tobiashhrm, this will interfere with the azs defined by a pool if any15:22
tobiashSpamapS: maybe it's better to name it disable-az-handling or something like that and then just bypass any az handling?15:22
SpamapSWell I don't mind if it creates the new ones all in a single AZ.15:50
SpamapSI just want it to take whatever's ready.15:50
SpamapSBut I can see where it might be less confusing if it just stuck to random allocation all the time.15:51
*** hashar has quit IRC16:44
*** chrnils has quit IRC16:59
corvusmordred: i'll sign up for doing the executor log receiver thing.  i'll make it a followup patch to your wip stack, so i shouldn't interfere with that if you update it.17:04
*** dkranz has quit IRC17:07
mordredcorvus: cool - let me know if the code there doesn't make any sense... but I *think* it should be fairly easy for your brain17:08
*** harlowja has joined #zuul17:23
pabelangerHmm, should nodepool-dsvm test jobs be using upper-constraints for diskimage-builder? First time I've noticed that17:24
pabelangerhttp://logs.openstack.org/74/544574/11/check/nodepool-functional-py35/1041e03/job-output.txt.gz#_2018-02-20_15_33_39_67112517:25
pabelangeralso, we appear to be using python2.7 pip17:25
clarkbpabelanger: devstack's pip install routines only use constraints17:27
clarkbas for python2 vs python3 you need to set the use python3 flag17:27
openstackgerritPaul Belanger proposed openstack-infra/nodepool master: Install nodepool with python3 for dvsm job  https://review.openstack.org/54625417:29
pabelangerclarkb: does that work?^17:29
clarkbpabelanger: I would just set it for the job as a whole17:29
clarkbopenstack passes tempest under python3, just diasble swift17:30
pabelangerk17:30
clarkband I'm not sure if that will work. depends if the python3 setup stuff happens on the fly when necessary or if it needs to do it early on17:30
openstackgerritPaul Belanger proposed openstack-infra/nodepool master: Use python3 for devstack testing  https://review.openstack.org/54625417:38
pabelangerk, I think that should work17:38
pabelangerI'll see what is needed to bump DIB in upper-requirements17:38
clarkbpabelanger: it doesnt need to be in upper reuirements does it?17:39
pabelangerclarkb: not sure, its there today17:39
pabelangerI don't know why17:39
clarkboh I see17:39
pabelangernot sure the process to remove something from upper-constraints17:39
clarkbcheck with ianw I seem to recall that maube that was done for dib testing of some sort17:40
pabelangerkk17:43
corvusmordred: what do you think about having only one log receiver per job, and having an extra argument to the command module to tell it what 'host' it's on, then adding the host as extra data to the log line, then having the receiver pull that out when doing the string formatting (a la the timestamp)?17:50
corvusmordred: (as opposed to more or less the current structure, which is one receiver per inventory host, and the receiver internally knows which host its for)17:50
corvusmordred: that means we don't need to try to map inventory hosts to log receiver socket paths, etc...17:52
*** dkranz has joined #zuul17:54
mordredcorvus: yes. I think that is exactly right17:59
corvuskk17:59
*** openstackgerrit has quit IRC18:03
*** jpena is now known as jpena|off18:18
*** harlowja has quit IRC18:23
*** tosky has quit IRC18:24
SpamapStobiash: I'm curious if you find yourself holding nodes a lot for users?18:32
SpamapSI've been noodling on making a hold-manager..18:32
SpamapSLet users do their own holds.18:32
SpamapSand clean them up more easily18:33
SpamapSBecause it turns out it's pretty useful to have an automatic dev environment maker.18:33
SpamapSThat makes VMs that are identical to your eventual CI tests.18:33
SpamapSBut it's a little janky..18:33
SpamapSset autohold... bounce ssh.. clean up nodes manually...18:34
clarkbSpamapS: one idea I've had with that is resurrecting plans to make our images more public. You might consider having nodepool makr your images as public in your cloud then users can boot on demand?18:34
SpamapSehh18:34
SpamapSThe zuul variable is just as important18:34
SpamapSand the trees in the state18:34
SpamapSclarkb: that said..18:34
SpamapSIf I could have a 'zuul-executor --local --change XX' .....18:34
SpamapSthat would be incredibly helpful18:34
clarkbyes, being able to build the tree locally would be useful18:35
SpamapSLike, basically let users make their own VMs and inventory, and then let zuul-executor operate on them.18:35
SpamapSbut I keep coming around to the fact that it's not really about who owns the VMs in OpenStack.. I just need to be able to SSH to them, and delete them when I'm done.18:36
clarkbone thing we've found though is that a lot of the problems with people understanding test failures have less to do with the git tree and more to do with bad assumptions around how clouds or cloud instances work18:36
SpamapSOh, that's not my case.. :)18:36
clarkbah ok18:36
clarkbfor us that tends to be the case18:36
SpamapSWe are missing stuff in the output that helps you debug why a job failed..18:36
SpamapSIt gets better and better.18:36
clarkb"Oh! this instance has two network interfaces and neither are called eth0!"18:36
SpamapSBut sometimes I just need to log in and mess with stuff.18:36
SpamapSI have as many fails because of misunderstandings of how Ansible works than anything. :)18:37
SpamapSBut really, a lot of times we just hold nodes to debug and inspect.18:37
clarkbara has been extremely useful for us in debugging the ansible aspects18:38
SpamapS"WTF? Why?" --> hold.... play... fix... push18:38
clarkbthank you dmsimard!18:38
SpamapSDefinitely. harlowja just got it working in our CI.18:38
tobiashSpamapS: I didn't hold any node yet for my users18:38
SpamapSone problem we're having is we're using ARA in prod and it exposes passwords. :-/18:38
SpamapSUnless you use the giant no_log hammer.18:38
tobiashSpamapS: but we're currently in process of ramping up the number of users ov zuulv3 ;)18:38
SpamapSOne reason I'm holding nodes too, is I'm not developing like, microservices.18:39
SpamapSWe're developing kolla-ansible automation glue.18:39
SpamapSSo we are doing a lot of like, why can't this node talk to that node.18:39
tobiashbut holding nodes as a service usable by the normal users will save me a lot of time in the future probably18:40
SpamapSanyway... I think we can make holds better.. but I like the idea of having a way to point a local zuul executable at a repo and have it roughly duplicate what happens inside zuul.18:40
SpamapSAnother idea I have is something like Depends-On, but   Hold-key: {{ Put an SSH Key Here }}18:40
SpamapSor in a comment18:41
SpamapSlike   recheck-with-hold  {{ key }}18:41
tobiashlol, that would at least be easy to use :)18:41
SpamapSand then have zuul like, automatically clean the held nodes up if the PR merges.18:41
SpamapSbut that does start to get scary... quotas and used nodes..18:42
SpamapSmaking it too easy would be bad. ;)18:42
SpamapSso yeah.. stuff to think about18:42
pabelangerclarkb: Shrews: https://review.openstack.org/546254/ is an easy review for python3 nodepool. Confirmed to be working now in devstack logs18:48
dmsimardSpamapS: passwords where ? how ?18:51
dmsimardclarkb: yay ara \o/18:51
pabelangertobiash: danke18:52
*** harlowja has joined #zuul18:55
*** openstackgerrit has joined #zuul18:57
openstackgerritAndreas Jaeger proposed openstack-infra/nodepool master: Refactor playbooks/nodepool-zuul-functional/pre.yaml  https://review.openstack.org/54627218:57
AJaegertobiash: is that what you suggested? ^18:57
*** dkranz has quit IRC18:58
*** harlowja_ has joined #zuul18:59
*** harlowja has quit IRC18:59
tobiashAJaeger: yes, a role for a single task normally seems a bit odd but that makes ordering clear on the first sight :)19:02
openstackgerritMerged openstack-infra/nodepool master: Use python3 for devstack testing  https://review.openstack.org/54625419:03
corvusSpamapS: https://storyboard.openstack.org/#!/story/200080119:04
dmsimardSpamapS: I need to step away for a bit but I'm curious to dig into your ARA password thing, let's chat later. ARA picks up whatever Ansible sends to it which should not be very much different than what would be displayed in the console.19:05
pabelangereasy review on zuul to clean up bindep.txt https://review.openstack.org/544569/19:41
*** tobiash has quit IRC19:50
EmilienMit would be awesome to have branch filtering support on http://zuul.openstack.org/builds.html19:53
openstackgerritMatthieu Huin proposed openstack-infra/zuul master: zuul web: add admin endpoint, enqueue & autohold commands  https://review.openstack.org/53900419:54
corvusEmilienM: should not be difficult to add19:55
*** tobiash has joined #zuul19:55
*** JasonCL has quit IRC20:03
*** JasonCL has joined #zuul20:04
*** JasonCL_ has joined #zuul20:07
*** JasonCL has quit IRC20:09
*** JasonCL_ has quit IRC20:11
openstackgerritMerged openstack-infra/zuul master: Ensure only python3 is installed with bindep.txt  https://review.openstack.org/54456920:19
*** dmellado has quit IRC20:58
openstackgerritDavid Shrewsbury proposed openstack-infra/nodepool master: Add additional builder debug logging  https://review.openstack.org/54630321:09
openstackgerritJames E. Blair proposed openstack-infra/zuul master: Start log receiver in executor  https://review.openstack.org/54630421:09
corvusmordred: ^ untested, but i think that's the bulk of the effort21:10
mordredcorvus: woot21:20
corvusmordred: i'm assuming you'll squash the series at some point21:28
SpamapSdmsimard: items with passwords show in ARA output.21:29
dmsimardSpamapS: so they'd show in the console output too, right ? What ends up showing depends on the module, really.. what module have you seen this happen with ?21:30
SpamapSdmsimard: kolla_docker21:33
SpamapSdmsimard: also we see them in the invocation21:33
SpamapSwith verbose==2, which I'd expect not to include invocation21:34
dmsimardSpamapS: I skimmed https://github.com/openstack/kolla-ansible/blob/master/ansible/library/kolla_docker.py real quick and didn't see any special treatment regarding passwords.. they should address that to at the very least leave the sensitive information out21:37
SpamapSdmsimard: yeah I'm not necessarily blaming ARA :)21:44
SpamapSit's just the thing that I caught the leaks with21:44
dmsimardSpamapS: I wonder if no_log could be improved to just filter out a list of fields (in upstream ansible)21:51
openstackgerritJames E. Blair proposed openstack-infra/zuul master: Start log receiver in executor  https://review.openstack.org/54630421:51
dmsimardSpamapS: the thing that sucks is that, ultimately, the "respect" of no_log is left up to the callbacks21:53
dmsimardSpamapS: the data from the module is sent to the callbacks unfiltered and then the "burden" is on the callback to filter the data out21:53
dmsimardThis lead to some interesting discussions, there was a CVE for it but nothing really came of it https://bugzilla.redhat.com/show_bug.cgi?id=144091221:54
openstackgerritJames E. Blair proposed openstack-infra/zuul master: Correct hyphenation in host/group vars  https://review.openstack.org/54631721:54
clarkbya ansible pushes a lot of this top level logic down into the actual module implementations21:55
clarkbretry for sync was broken due to this21:55
corvustobiash, pabelanger: ^ can we merge  https://review.openstack.org/546317 asap?  that slipped through review21:55
pabelanger+221:57
openstackgerritJames E. Blair proposed openstack-infra/zuul master: Remove support for erroneous host_vars and group_vars  https://review.openstack.org/54631821:57
pabelangercorvus: test fixtures also need updating, but assume that will happen once we remove support for host_vars / group-vars21:57
corvuspabelanger: yeah i did it in that second patch ^21:58
pabelangerwfm21:58
corvusclarkb: it might be late for tobiash; can you +3 https://review.openstack.org/546317 asap?  that slipped through review21:58
corvus21:57 < pabelanger> +221:58
corvusgah21:58
corvusclarkb: it might be late for tobiash can you +3 https://review.openstack.org/546317  ?21:58
dmsimardclarkb: it's kind of a weird approach.. best practices (e.g, https://cwe.mitre.org/data/definitions/212.html ) basically say that sensitive data should not be sent in the first place21:58
clarkbcorvus: yup done21:58
dmsimardclarkb: modules are executed remotely and callbacks are executed locally so it's quite a large surface area -- the problem is (and the nature of that CVE) that callbacks are not necessarily trusted.. an unprivileged user could drop a callback in a path loaded by Ansible but by then I guess you could assume it's a local exploit and if you have local exploit you can do worse things..22:00
corvusclarkb, pabelanger: it looks like nothing using that has landed yet, so how about we go ahead and merge the second patch22:04
clarkbah ok so no jobs at all merged yet?22:04
pabelanger+1, I won't be able to help with restart. Getting called away from computer22:05
*** AJaeger has quit IRC22:06
*** dmellado has joined #zuul22:18
*** AJaeger has joined #zuul22:19
openstackgerritMerged openstack-infra/zuul master: Correct hyphenation in host/group vars  https://review.openstack.org/54631722:19
*** threestrands has joined #zuul22:23
openstackgerritMerged openstack-infra/zuul master: Remove support for erroneous host_vars and group_vars  https://review.openstack.org/54631822:39
clarkbcorvus: ^ we wait for puppet to apply that then are ready?22:40
clarkbalso does that need to have executors restarted?22:40
corvusclarkb: just scheduler22:40
*** openstackgerrit has quit IRC23:04
*** openstackgerrit has joined #zuul23:10
openstackgerritJames E. Blair proposed openstack-infra/zuul master: Don't store references to secret objects from jobs  https://review.openstack.org/54642823:10
*** JasonCL has joined #zuul23:10
*** JasonCL has quit IRC23:19
« Monday, 2018-02-19 Index Wednesday, 2018-02-21 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!