Wednesday, 2018-02-21

« Tuesday, 2018-02-20 Index Thursday, 2018-02-22 »
*** sshnaidm has quit IRC00:04
*** sshnaidm has joined #zuul00:09
*** openstackstatus has quit IRC00:12
*** openstackstatus has joined #zuul00:15
*** ChanServ sets mode: +v openstackstatus00:15
openstackgerritPaul Belanger proposed openstack-infra/nodepool master: Sort formats results from zookeeper  https://review.openstack.org/54645800:22
pabelangerclarkb: ianw: Shrews: improvement on readability of dib-image-list, right now formats is unsorted and with more then 1 format, results seem to be random :)00:24
openstackgerritJames E. Blair proposed openstack-infra/zuul master: Don't store references to secret objects from jobs  https://review.openstack.org/54642800:38
openstackgerritClark Boylan proposed openstack-infra/zuul master: Error when enqueue-ref doesn't get long enough rev  https://review.openstack.org/54646100:39
clarkbcorvus: ^ also checks that it is a valid base16 number00:39
*** JasonCL has joined #zuul00:42
clarkbarg I think it may fail pep8 because I made a change after the last run of pep 8 and it is wrong00:42
corvusclarkb: nice!00:43
corvusi mean, not the pep8 thing, the change itself00:43
openstackgerritClark Boylan proposed openstack-infra/zuul master: Error when enqueue-ref doesn't get long enough rev  https://review.openstack.org/54646100:44
*** sshnaidm has quit IRC00:56
*** JasonCL has quit IRC01:18
*** JasonCL has joined #zuul01:28
*** JasonCL has quit IRC01:39
*** JasonCL has joined #zuul01:41
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: sql: add buildset.branch column  https://review.openstack.org/54646801:57
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: sql: add buildset.branch column  https://review.openstack.org/54646802:03
*** harlowja_ has quit IRC02:28
*** JasonCL has quit IRC02:39
*** JasonCL has joined #zuul02:40
*** JasonCL has quit IRC02:45
openstackgerritPaul Belanger proposed openstack-infra/zuul master: Add support for Ansible extra-vars flag  https://review.openstack.org/54647402:48
openstackgerritPaul Belanger proposed openstack-infra/zuul master: Add support for Ansible extra-vars flag  https://review.openstack.org/54647403:37
pabelanger^WIP for now, so we can discuss it more03:39
pabelangerand now I am done03:39
*** rlandy|rover has quit IRC03:42
*** sshnaidm has joined #zuul04:41
openstackgerritMerged openstack-infra/zuul master: Error when enqueue-ref doesn't get long enough rev  https://review.openstack.org/54646106:24
openstackgerritMerged openstack-infra/nodepool master: Sort formats results from zookeeper  https://review.openstack.org/54645806:25
*** hashar has joined #zuul07:32
tobiashtristanC: did you notice some problems with ansible 2.4?07:46
tobiashI rolled this out into production and templates seem to be not working anymore07:47
tobiashhttp://paste.openstack.org/show/680184/07:48
tobiashneed to debug that07:48
*** fbo has joined #zuul07:53
tristanCtobiash: heh, we actually just rolled it out, and templates seems to be working correctly08:10
tobiashtristanC: in untrusted jobs?08:10
tristanCtobiash: oh, i don't think we have untrusted job using template08:12
*** chrnils has joined #zuul08:12
tobiashwhat's strange is that copy works08:17
tristanCfwiw we also deployed the new javascript stack with the new pipelines and jobs d3 graph08:27
*** electrofelix has joined #zuul08:39
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: Tenant config dynamic loading of project from external script  https://review.openstack.org/53587808:44
*** jpena|off is now known as jpena08:53
openstackgerritMatthieu Huin proposed openstack-infra/zuul master: zuul web: add admin endpoint, enqueue & autohold commands  https://review.openstack.org/53900409:23
*** JasonCL has joined #zuul09:50
*** tosky has joined #zuul11:06
*** elyezer has quit IRC11:25
*** tosky has quit IRC11:34
*** mgagne has quit IRC12:19
*** adam_g has quit IRC12:20
*** evrardjp has quit IRC12:22
*** evrardjp has joined #zuul12:26
*** adam_g has joined #zuul12:28
*** mgagne has joined #zuul12:36
*** mgagne is now known as Guest2094612:36
*** jpena is now known as jpena|lunch12:39
*** persia has quit IRC12:46
*** persia has joined #zuul12:47
*** electrofelix has quit IRC12:49
*** JasonCL has quit IRC12:52
*** JasonCL has joined #zuul12:52
*** tosky has joined #zuul12:52
*** weshay_PTO is now known as weshay13:04
Shrewscorvus: can I get your eyes on https://review.openstack.org/546146 ?13:30
*** rlandy has joined #zuul13:34
*** rlandy is now known as rlandy|rover13:35
openstackgerritDavid Shrewsbury proposed openstack-infra/nodepool master: Add additional builder debug logging  https://review.openstack.org/54630313:35
*** jpena|lunch is now known as jpena13:44
*** elyezer has joined #zuul14:26
*** dmellado has quit IRC14:37
*** dmellado has joined #zuul14:42
openstackgerritMatthieu Huin proposed openstack-infra/zuul master: zuul web: add admin endpoint, enqueue & autohold commands  https://review.openstack.org/53900414:51
openstackgerritMerged openstack-infra/nodepool master: Revert fixes for legacy boot jobs  https://review.openstack.org/54335014:58
*** jimi_|ansible is now known as jimi|ansible15:10
*** dkranz has joined #zuul15:23
kklimondawhy in openstack zuul only zuul{-base,}-jobs are set to shadow project-config, and not openstack-zuul-jobs?15:23
corvuskklimonda: because both openstack-zuul-jobs and project-config are openstack-specific repos, so we won't have the same job defined in both.15:24
corvuskklimonda: zuul-{base,}-jobs are general-purpose repos, and we might need to override jobs defined there because of some openstack-specific thing at some point.15:24
kklimondamhm, and to move jobs from project-config to openstack-zuul-jobs you'd have enable shadowing, right?15:24
corvuskklimonda: this is true for the "base" job, right now in fact.15:25
kklimondaalso, why is there a separate openstack-zuul-roles ?15:25
corvuskklimonda: yes, we'd either have to turn on shadowing, or do a complicated rename dance15:25
kklimondamhm, makes sense15:25
corvuskklimonda: -roles was before we figured out how to organize things; we thought we might want a separate roles repo.  i think we've decided against it now, and could probably retire it.15:26
kklimondaok, makes sense - this is pretty bare repository. Another question: jobs have to be explicitly shadowed, and how about playbooks and roles? if two repositories have same playbooks and roles, which is going to win if the job includes roles from both repositories? I don't think I've seen that documented15:27
corvuskklimonda: playbooks are closely bound to their jobs, so wherever a job is defined, that's the repo/branch zuul gets the playbook it specifies from.  so if you want to override a parent job's run playbook in a child, you can't just make a playbook with the same name, you have to give it another explicit "run" attribute.15:29
corvuskklimonda: roles are also tightly bound to their jobs, but they are a list.  so when you put a playbook on a job, that playbook gets all of the roles added so far in the inheritance hierarchy (but that playbook won't get any roles from any child jobs).15:31
corvuskklimonda: child jobs then add more roles to the list, which, if any more playbooks are added, those playbooks will get a longer list.  roles are added to the front of the list, so newer repos are always first.  roles are added with the 'roles' attribute, and also the current project/branch is implicitly added.15:32
kklimondaso roles added with the 'roles' attribute will shadow roles from the repository itself?15:33
corvuskklimonda: hopefully those are in the docs for the individual attributes, but maybe we need a section somewhere covering them all to tie it all together...15:33
*** sshnaidm is now known as sshnaidm|afk15:33
corvuskklimonda: well, the actual mechanism is we pass a multiple-entry roles_path to ansible, but yeah, i think current project/branch comes first, then entries in 'roles'15:34
corvuskklimonda: yes, confirmed, that's the first entry.15:35
pabelangerre: openstack-zuul-roles, the repo worked as expected. It was just a little harder to code review and meant more complex depends-on chains to land new changes.  I admit, but having roles and playbooks just in openstack-zuul-jobs, it is much easier15:35
corvuspabelanger: heh, yeah, i think we're at our limit of the number of repos the human brain can keep track of at once.  :)15:36
pabelangerYah! ++15:36
openstackgerritMerged openstack-infra/nodepool master: Only DeletedNodeWorker should delete nodes  https://review.openstack.org/54614615:39
openstackgerritMerged openstack-infra/nodepool master: Clean held nodes automatically after configurable timeout  https://review.openstack.org/53629515:39
openstackgerritMatthieu Huin proposed openstack-infra/zuul master: zuul web: add admin endpoint, enqueue & autohold commands  https://review.openstack.org/53900415:39
*** sshnaidm|afk is now known as sshnaidm16:03
*** openstackgerrit has quit IRC16:19
ShrewstristanC: mhu: seems you two are conflicted on https://review.openstack.org/535563 in the last two patchsets. one removed count, the other added it back16:34
mhuShrews, oops mistake on my part16:39
mhuI think my last revision should be discarded16:40
*** openstackgerrit has joined #zuul16:56
openstackgerritTobias Henkel proposed openstack-infra/zuul master: Move tmpdir into work root  https://review.openstack.org/54669816:56
tobiashthat took me half of today ^^16:56
tobiash:/16:56
tobiashtristanC: that fixes the template with ansible 2.4 ^16:58
*** timrc has quit IRC16:58
*** myoung is now known as myoung|food17:01
*** sshnaidm is now known as sshnaidm|afk17:03
*** timrc has joined #zuul17:11
pabelangerHmm, for some reason debian-jessie for nodepool dsvm is failing17:16
openstackgerritMatthieu Huin proposed openstack-infra/zuul master: zuul web: add admin endpoint, enqueue & autohold commands  https://review.openstack.org/53900417:28
kklimondahmm, when I have change A being tested in gate, and change B arrives zuul will not cancel the A job, but will enqueue A->B into gate and run both in parallel?17:29
kklimondawhat I'm trying to figure out is whether it's possible for me to have packages build from code that will be merged after jobs finish running17:29
pabelangerkklimonda: that looks right, A shouldn't be cancelled17:30
pabelangeryes, we would do package builds in a post pipeline17:30
kklimondayeah, but then it takes an hour to make them available for other jobs to reuse17:31
pabelangerwhat other projects to, if change B happens, and change A is in gate, they have logic to detect that, and rebuild the package for change B in gate17:31
pabelangertripleo from openstack does this alot using DRLN17:31
pabelangeryou could do the same workflow17:31
kklimondawe'd have to squash our jobs then - now we have packaging->containers->deployment+systests17:32
kklimonda(using job dependencies)17:32
kklimondaunless I could add logic to packaging job to skip building packages, and do the same for containers17:33
pabelangeryes, that is what they do. They only rebuild if project is zuul.projects variable, other wise, they pull package from release17:34
kklimondamhm17:34
*** openstackgerrit has quit IRC17:48
*** myoung|food is now known as myoung17:49
pabelangerShrews: looking at http://git.openstack.org/cgit/openstack-infra/zuul/tree/zuul/lib/fingergw.py#n51 is there any reason we cannot set timeout=None? It will still be blocking according to docs, but allow for periods greater then 10 seconds of no data to work17:56
pabelangerShrews: for example17:56
pabelangerfinger 1e77913b99fd49ed920faf627debb704@zuul.openstack.org17:56
pabelangerto see the issue17:57
pabelangerwe run sleep(10) in job, which causes no traffic to be sent17:57
pabelangerbut fingergw will raise a timeout exceptoin17:57
pabelangerexception*17:57
pabelangerShrews: clarkb: mind a +3 on https://review.openstack.org/546032/ fixes our mirrors with nodepool dsvm testing18:03
kklimondahow do secrets interact with untrusted projects? Given that unmerged code can be run in CI, can I leak a secret defined in the same project as the job?18:10
tobiashkklimonda: secrets in untrusted projects can only be used in pipelines marked as post-review18:11
tobiash(which defaults to false)18:11
kklimondaah, I think I just found the correct piece of documentation18:11
kklimondathanks18:11
tobiashso in a check pipeline you cannot use a secret which is defined in an untrusted repo18:11
kklimondaso when gate is marked as post-review, we can first review changes to ensure that no secrets are being leaked, and have it run in gate with those new secrets (for example rotating passwords)18:15
pabelangeryah, that should be possible18:16
kklimondais it how openstack rotates secrets, or do you do it differently?18:17
pabelangerwe haven't done a rotation yet18:17
*** jpena is now known as jpena|off18:18
pabelangerbut, most things are use passwords today in zuul are post pipeline jobs18:18
pabelangerso we could rotate out, say pypi, land change, then update pypi.python.ord18:19
pabelangeror the other way around18:19
kklimondamhm18:19
pabelangerand not tag any releases during that time18:19
kklimondaright, if its not part of the gate pipeline, it's not going to block merge18:19
pabelangeryah18:20
pabelangerin fact, we'll need to rotate our signing gpg key soon. that might be the first rotation we do18:20
pabelangeragain, post pipeline usage18:21
pabelangerkklimonda: what is your usage to use a secret per merge?18:21
kklimonda@pabelanger we upload packages to a local repository so they can be later used by next tasks (dependent jobs really)18:22
pabelangerah, ya. A common request we see in openstack-infra18:23
pabelangerI've often thought it would be helpful to some how flag a top level job in DAG to keep running (it then can serve artifacts to next jobs in job graph). Then once a job is finished, that nodes gets deleted18:26
Shrewspabelanger: does that require data to be returned else it timeout? I thought it was just 10 seconds to establish a connection18:27
pabelangerI think that is where our swift story comes into play18:27
pabelangerShrews: https://docs.python.org/3/library/socket.html#socket.create_connection isn't clear, but I think it is data to be returned18:28
pabelangerShrews: http://paste.openstack.org/show/680410/ is the exception from fingergw.log18:30
Shrewspabelanger: oh, it's on the recv, not the connect. that makes more sense18:31
pabelangerah, I guess a different timeout then18:32
Shrewspabelanger: i wanted the timeout just for the connection (b/c if we can't connect to an executor, not sure if we wanted to wait forever). but it makes sense to increase that for the recv() operation i think18:33
Shrewspabelanger: could try a s.settimeout() there after the connect18:34
Shrewss.settimeout(None) to be more precise18:35
kklimonda@pabelanger it's nice, but keeping only a top level job wouldn't be enough for us anyway - we have 3 levels, each previous job preparing artifacts for the next job.18:36
kklimondaalso, with reusing cached artifacts, I again think that I'd like to have a custom/extra zuul result that I can return back to indicate that the job has finished early, something like EARLY_SUCCESS or "NOT_NEEDED"18:38
kklimondait would both make it clearer that not a full job was executed, and have an additional effect of not skewing estimated job times in zuul18:39
*** openstackgerrit has joined #zuul18:43
openstackgerritMerged openstack-infra/nodepool master: Source /etc/ci/mirror_info.sh for mirrors  https://review.openstack.org/54603218:43
openstackgerritDavid Shrewsbury proposed openstack-infra/zuul master: Unset finger client timeout after connect  https://review.openstack.org/54673518:43
Shrewspabelanger: ^^^ might work18:43
pabelangerShrews: ah, that make sense18:46
*** chrnils has quit IRC18:46
*** tosky has quit IRC18:49
openstackgerritPaul Belanger proposed openstack-infra/nodepool master: Support ubuntu-bionic (18.04) with nodepool dsvm  https://review.openstack.org/54457419:39
pabelangerhere is a great exception in zuul: https://softwarefactory-project.io/paste/show/984/19:48
pabelangerhttp://paste.openstack.org/show/680426/ was the pipeline that was merged19:49
corvuspabelanger: did that not go through testing?19:52
pabelangercorvus: that is what I am looking at now19:54
pabelangercorvus: okay, it doesn't look like it. Seems the patch was forced merged into gerrit, then zuul picked it up next (re)start. I don't have much exposure to that instances, just seen some internal chats about the failure19:55
corvuspabelanger: okay, it might be useful to let folks know that even though config-project changes aren't dynamically used before they land, zuul *does* validate their configuration, so they should still go through testing in the normal way19:57
pabelangercorvus: Yup, agree19:59
*** hashar has quit IRC20:23
*** myoung is now known as myoung|brb20:35
*** myoung|brb is now known as myoung20:54
*** openstackgerrit has quit IRC21:03
*** hashar has joined #zuul21:40
*** dkranz has quit IRC21:56
*** dmellado has quit IRC22:00
*** hashar has quit IRC22:59
*** myoung is now known as myoung|afk23:08
*** rlandy|rover is now known as rlandy|rover|bbl23:34
« Tuesday, 2018-02-20 Index Thursday, 2018-02-22 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!