*** sshnaidm has quit IRC | 00:04 | |
*** sshnaidm has joined #zuul | 00:09 | |
*** openstackstatus has quit IRC | 00:12 | |
*** openstackstatus has joined #zuul | 00:15 | |
*** ChanServ sets mode: +v openstackstatus | 00:15 | |
openstackgerrit | Paul Belanger proposed openstack-infra/nodepool master: Sort formats results from zookeeper https://review.openstack.org/546458 | 00:22 |
---|---|---|
pabelanger | clarkb: ianw: Shrews: improvement on readability of dib-image-list, right now formats is unsorted and with more then 1 format, results seem to be random :) | 00:24 |
openstackgerrit | James E. Blair proposed openstack-infra/zuul master: Don't store references to secret objects from jobs https://review.openstack.org/546428 | 00:38 |
openstackgerrit | Clark Boylan proposed openstack-infra/zuul master: Error when enqueue-ref doesn't get long enough rev https://review.openstack.org/546461 | 00:39 |
clarkb | corvus: ^ also checks that it is a valid base16 number | 00:39 |
*** JasonCL has joined #zuul | 00:42 | |
clarkb | arg I think it may fail pep8 because I made a change after the last run of pep 8 and it is wrong | 00:42 |
corvus | clarkb: nice! | 00:43 |
corvus | i mean, not the pep8 thing, the change itself | 00:43 |
openstackgerrit | Clark Boylan proposed openstack-infra/zuul master: Error when enqueue-ref doesn't get long enough rev https://review.openstack.org/546461 | 00:44 |
*** sshnaidm has quit IRC | 00:56 | |
*** JasonCL has quit IRC | 01:18 | |
*** JasonCL has joined #zuul | 01:28 | |
*** JasonCL has quit IRC | 01:39 | |
*** JasonCL has joined #zuul | 01:41 | |
openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: sql: add buildset.branch column https://review.openstack.org/546468 | 01:57 |
openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: sql: add buildset.branch column https://review.openstack.org/546468 | 02:03 |
*** harlowja_ has quit IRC | 02:28 | |
*** JasonCL has quit IRC | 02:39 | |
*** JasonCL has joined #zuul | 02:40 | |
*** JasonCL has quit IRC | 02:45 | |
openstackgerrit | Paul Belanger proposed openstack-infra/zuul master: Add support for Ansible extra-vars flag https://review.openstack.org/546474 | 02:48 |
openstackgerrit | Paul Belanger proposed openstack-infra/zuul master: Add support for Ansible extra-vars flag https://review.openstack.org/546474 | 03:37 |
pabelanger | ^WIP for now, so we can discuss it more | 03:39 |
pabelanger | and now I am done | 03:39 |
*** rlandy|rover has quit IRC | 03:42 | |
*** sshnaidm has joined #zuul | 04:41 | |
openstackgerrit | Merged openstack-infra/zuul master: Error when enqueue-ref doesn't get long enough rev https://review.openstack.org/546461 | 06:24 |
openstackgerrit | Merged openstack-infra/nodepool master: Sort formats results from zookeeper https://review.openstack.org/546458 | 06:25 |
*** hashar has joined #zuul | 07:32 | |
tobiash | tristanC: did you notice some problems with ansible 2.4? | 07:46 |
tobiash | I rolled this out into production and templates seem to be not working anymore | 07:47 |
tobiash | http://paste.openstack.org/show/680184/ | 07:48 |
tobiash | need to debug that | 07:48 |
*** fbo has joined #zuul | 07:53 | |
tristanC | tobiash: heh, we actually just rolled it out, and templates seems to be working correctly | 08:10 |
tobiash | tristanC: in untrusted jobs? | 08:10 |
tristanC | tobiash: oh, i don't think we have untrusted job using template | 08:12 |
*** chrnils has joined #zuul | 08:12 | |
tobiash | what's strange is that copy works | 08:17 |
tristanC | fwiw we also deployed the new javascript stack with the new pipelines and jobs d3 graph | 08:27 |
*** electrofelix has joined #zuul | 08:39 | |
openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: Tenant config dynamic loading of project from external script https://review.openstack.org/535878 | 08:44 |
*** jpena|off is now known as jpena | 08:53 | |
openstackgerrit | Matthieu Huin proposed openstack-infra/zuul master: zuul web: add admin endpoint, enqueue & autohold commands https://review.openstack.org/539004 | 09:23 |
*** JasonCL has joined #zuul | 09:50 | |
*** tosky has joined #zuul | 11:06 | |
*** elyezer has quit IRC | 11:25 | |
*** tosky has quit IRC | 11:34 | |
*** mgagne has quit IRC | 12:19 | |
*** adam_g has quit IRC | 12:20 | |
*** evrardjp has quit IRC | 12:22 | |
*** evrardjp has joined #zuul | 12:26 | |
*** adam_g has joined #zuul | 12:28 | |
*** mgagne has joined #zuul | 12:36 | |
*** mgagne is now known as Guest20946 | 12:36 | |
*** jpena is now known as jpena|lunch | 12:39 | |
*** persia has quit IRC | 12:46 | |
*** persia has joined #zuul | 12:47 | |
*** electrofelix has quit IRC | 12:49 | |
*** JasonCL has quit IRC | 12:52 | |
*** JasonCL has joined #zuul | 12:52 | |
*** tosky has joined #zuul | 12:52 | |
*** weshay_PTO is now known as weshay | 13:04 | |
Shrews | corvus: can I get your eyes on https://review.openstack.org/546146 ? | 13:30 |
*** rlandy has joined #zuul | 13:34 | |
*** rlandy is now known as rlandy|rover | 13:35 | |
openstackgerrit | David Shrewsbury proposed openstack-infra/nodepool master: Add additional builder debug logging https://review.openstack.org/546303 | 13:35 |
*** jpena|lunch is now known as jpena | 13:44 | |
*** elyezer has joined #zuul | 14:26 | |
*** dmellado has quit IRC | 14:37 | |
*** dmellado has joined #zuul | 14:42 | |
openstackgerrit | Matthieu Huin proposed openstack-infra/zuul master: zuul web: add admin endpoint, enqueue & autohold commands https://review.openstack.org/539004 | 14:51 |
openstackgerrit | Merged openstack-infra/nodepool master: Revert fixes for legacy boot jobs https://review.openstack.org/543350 | 14:58 |
*** jimi_|ansible is now known as jimi|ansible | 15:10 | |
*** dkranz has joined #zuul | 15:23 | |
kklimonda | why in openstack zuul only zuul{-base,}-jobs are set to shadow project-config, and not openstack-zuul-jobs? | 15:23 |
corvus | kklimonda: because both openstack-zuul-jobs and project-config are openstack-specific repos, so we won't have the same job defined in both. | 15:24 |
corvus | kklimonda: zuul-{base,}-jobs are general-purpose repos, and we might need to override jobs defined there because of some openstack-specific thing at some point. | 15:24 |
kklimonda | mhm, and to move jobs from project-config to openstack-zuul-jobs you'd have enable shadowing, right? | 15:24 |
corvus | kklimonda: this is true for the "base" job, right now in fact. | 15:25 |
kklimonda | also, why is there a separate openstack-zuul-roles ? | 15:25 |
corvus | kklimonda: yes, we'd either have to turn on shadowing, or do a complicated rename dance | 15:25 |
kklimonda | mhm, makes sense | 15:25 |
corvus | kklimonda: -roles was before we figured out how to organize things; we thought we might want a separate roles repo. i think we've decided against it now, and could probably retire it. | 15:26 |
kklimonda | ok, makes sense - this is pretty bare repository. Another question: jobs have to be explicitly shadowed, and how about playbooks and roles? if two repositories have same playbooks and roles, which is going to win if the job includes roles from both repositories? I don't think I've seen that documented | 15:27 |
corvus | kklimonda: playbooks are closely bound to their jobs, so wherever a job is defined, that's the repo/branch zuul gets the playbook it specifies from. so if you want to override a parent job's run playbook in a child, you can't just make a playbook with the same name, you have to give it another explicit "run" attribute. | 15:29 |
corvus | kklimonda: roles are also tightly bound to their jobs, but they are a list. so when you put a playbook on a job, that playbook gets all of the roles added so far in the inheritance hierarchy (but that playbook won't get any roles from any child jobs). | 15:31 |
corvus | kklimonda: child jobs then add more roles to the list, which, if any more playbooks are added, those playbooks will get a longer list. roles are added to the front of the list, so newer repos are always first. roles are added with the 'roles' attribute, and also the current project/branch is implicitly added. | 15:32 |
kklimonda | so roles added with the 'roles' attribute will shadow roles from the repository itself? | 15:33 |
corvus | kklimonda: hopefully those are in the docs for the individual attributes, but maybe we need a section somewhere covering them all to tie it all together... | 15:33 |
*** sshnaidm is now known as sshnaidm|afk | 15:33 | |
corvus | kklimonda: well, the actual mechanism is we pass a multiple-entry roles_path to ansible, but yeah, i think current project/branch comes first, then entries in 'roles' | 15:34 |
corvus | kklimonda: yes, confirmed, that's the first entry. | 15:35 |
pabelanger | re: openstack-zuul-roles, the repo worked as expected. It was just a little harder to code review and meant more complex depends-on chains to land new changes. I admit, but having roles and playbooks just in openstack-zuul-jobs, it is much easier | 15:35 |
corvus | pabelanger: heh, yeah, i think we're at our limit of the number of repos the human brain can keep track of at once. :) | 15:36 |
pabelanger | Yah! ++ | 15:36 |
openstackgerrit | Merged openstack-infra/nodepool master: Only DeletedNodeWorker should delete nodes https://review.openstack.org/546146 | 15:39 |
openstackgerrit | Merged openstack-infra/nodepool master: Clean held nodes automatically after configurable timeout https://review.openstack.org/536295 | 15:39 |
openstackgerrit | Matthieu Huin proposed openstack-infra/zuul master: zuul web: add admin endpoint, enqueue & autohold commands https://review.openstack.org/539004 | 15:39 |
*** sshnaidm|afk is now known as sshnaidm | 16:03 | |
*** openstackgerrit has quit IRC | 16:19 | |
Shrews | tristanC: mhu: seems you two are conflicted on https://review.openstack.org/535563 in the last two patchsets. one removed count, the other added it back | 16:34 |
mhu | Shrews, oops mistake on my part | 16:39 |
mhu | I think my last revision should be discarded | 16:40 |
*** openstackgerrit has joined #zuul | 16:56 | |
openstackgerrit | Tobias Henkel proposed openstack-infra/zuul master: Move tmpdir into work root https://review.openstack.org/546698 | 16:56 |
tobiash | that took me half of today ^^ | 16:56 |
tobiash | :/ | 16:56 |
tobiash | tristanC: that fixes the template with ansible 2.4 ^ | 16:58 |
*** timrc has quit IRC | 16:58 | |
*** myoung is now known as myoung|food | 17:01 | |
*** sshnaidm is now known as sshnaidm|afk | 17:03 | |
*** timrc has joined #zuul | 17:11 | |
pabelanger | Hmm, for some reason debian-jessie for nodepool dsvm is failing | 17:16 |
openstackgerrit | Matthieu Huin proposed openstack-infra/zuul master: zuul web: add admin endpoint, enqueue & autohold commands https://review.openstack.org/539004 | 17:28 |
kklimonda | hmm, when I have change A being tested in gate, and change B arrives zuul will not cancel the A job, but will enqueue A->B into gate and run both in parallel? | 17:29 |
kklimonda | what I'm trying to figure out is whether it's possible for me to have packages build from code that will be merged after jobs finish running | 17:29 |
pabelanger | kklimonda: that looks right, A shouldn't be cancelled | 17:30 |
pabelanger | yes, we would do package builds in a post pipeline | 17:30 |
kklimonda | yeah, but then it takes an hour to make them available for other jobs to reuse | 17:31 |
pabelanger | what other projects to, if change B happens, and change A is in gate, they have logic to detect that, and rebuild the package for change B in gate | 17:31 |
pabelanger | tripleo from openstack does this alot using DRLN | 17:31 |
pabelanger | you could do the same workflow | 17:31 |
kklimonda | we'd have to squash our jobs then - now we have packaging->containers->deployment+systests | 17:32 |
kklimonda | (using job dependencies) | 17:32 |
kklimonda | unless I could add logic to packaging job to skip building packages, and do the same for containers | 17:33 |
pabelanger | yes, that is what they do. They only rebuild if project is zuul.projects variable, other wise, they pull package from release | 17:34 |
kklimonda | mhm | 17:34 |
*** openstackgerrit has quit IRC | 17:48 | |
*** myoung|food is now known as myoung | 17:49 | |
pabelanger | Shrews: looking at http://git.openstack.org/cgit/openstack-infra/zuul/tree/zuul/lib/fingergw.py#n51 is there any reason we cannot set timeout=None? It will still be blocking according to docs, but allow for periods greater then 10 seconds of no data to work | 17:56 |
pabelanger | Shrews: for example | 17:56 |
pabelanger | finger 1e77913b99fd49ed920faf627debb704@zuul.openstack.org | 17:56 |
pabelanger | to see the issue | 17:57 |
pabelanger | we run sleep(10) in job, which causes no traffic to be sent | 17:57 |
pabelanger | but fingergw will raise a timeout exceptoin | 17:57 |
pabelanger | exception* | 17:57 |
pabelanger | Shrews: clarkb: mind a +3 on https://review.openstack.org/546032/ fixes our mirrors with nodepool dsvm testing | 18:03 |
kklimonda | how do secrets interact with untrusted projects? Given that unmerged code can be run in CI, can I leak a secret defined in the same project as the job? | 18:10 |
tobiash | kklimonda: secrets in untrusted projects can only be used in pipelines marked as post-review | 18:11 |
tobiash | (which defaults to false) | 18:11 |
kklimonda | ah, I think I just found the correct piece of documentation | 18:11 |
kklimonda | thanks | 18:11 |
tobiash | so in a check pipeline you cannot use a secret which is defined in an untrusted repo | 18:11 |
kklimonda | so when gate is marked as post-review, we can first review changes to ensure that no secrets are being leaked, and have it run in gate with those new secrets (for example rotating passwords) | 18:15 |
pabelanger | yah, that should be possible | 18:16 |
kklimonda | is it how openstack rotates secrets, or do you do it differently? | 18:17 |
pabelanger | we haven't done a rotation yet | 18:17 |
*** jpena is now known as jpena|off | 18:18 | |
pabelanger | but, most things are use passwords today in zuul are post pipeline jobs | 18:18 |
pabelanger | so we could rotate out, say pypi, land change, then update pypi.python.ord | 18:19 |
pabelanger | or the other way around | 18:19 |
kklimonda | mhm | 18:19 |
pabelanger | and not tag any releases during that time | 18:19 |
kklimonda | right, if its not part of the gate pipeline, it's not going to block merge | 18:19 |
pabelanger | yah | 18:20 |
pabelanger | in fact, we'll need to rotate our signing gpg key soon. that might be the first rotation we do | 18:20 |
pabelanger | again, post pipeline usage | 18:21 |
pabelanger | kklimonda: what is your usage to use a secret per merge? | 18:21 |
kklimonda | @pabelanger we upload packages to a local repository so they can be later used by next tasks (dependent jobs really) | 18:22 |
pabelanger | ah, ya. A common request we see in openstack-infra | 18:23 |
pabelanger | I've often thought it would be helpful to some how flag a top level job in DAG to keep running (it then can serve artifacts to next jobs in job graph). Then once a job is finished, that nodes gets deleted | 18:26 |
Shrews | pabelanger: does that require data to be returned else it timeout? I thought it was just 10 seconds to establish a connection | 18:27 |
pabelanger | I think that is where our swift story comes into play | 18:27 |
pabelanger | Shrews: https://docs.python.org/3/library/socket.html#socket.create_connection isn't clear, but I think it is data to be returned | 18:28 |
pabelanger | Shrews: http://paste.openstack.org/show/680410/ is the exception from fingergw.log | 18:30 |
Shrews | pabelanger: oh, it's on the recv, not the connect. that makes more sense | 18:31 |
pabelanger | ah, I guess a different timeout then | 18:32 |
Shrews | pabelanger: i wanted the timeout just for the connection (b/c if we can't connect to an executor, not sure if we wanted to wait forever). but it makes sense to increase that for the recv() operation i think | 18:33 |
Shrews | pabelanger: could try a s.settimeout() there after the connect | 18:34 |
Shrews | s.settimeout(None) to be more precise | 18:35 |
kklimonda | @pabelanger it's nice, but keeping only a top level job wouldn't be enough for us anyway - we have 3 levels, each previous job preparing artifacts for the next job. | 18:36 |
kklimonda | also, with reusing cached artifacts, I again think that I'd like to have a custom/extra zuul result that I can return back to indicate that the job has finished early, something like EARLY_SUCCESS or "NOT_NEEDED" | 18:38 |
kklimonda | it would both make it clearer that not a full job was executed, and have an additional effect of not skewing estimated job times in zuul | 18:39 |
*** openstackgerrit has joined #zuul | 18:43 | |
openstackgerrit | Merged openstack-infra/nodepool master: Source /etc/ci/mirror_info.sh for mirrors https://review.openstack.org/546032 | 18:43 |
openstackgerrit | David Shrewsbury proposed openstack-infra/zuul master: Unset finger client timeout after connect https://review.openstack.org/546735 | 18:43 |
Shrews | pabelanger: ^^^ might work | 18:43 |
pabelanger | Shrews: ah, that make sense | 18:46 |
*** chrnils has quit IRC | 18:46 | |
*** tosky has quit IRC | 18:49 | |
openstackgerrit | Paul Belanger proposed openstack-infra/nodepool master: Support ubuntu-bionic (18.04) with nodepool dsvm https://review.openstack.org/544574 | 19:39 |
pabelanger | here is a great exception in zuul: https://softwarefactory-project.io/paste/show/984/ | 19:48 |
pabelanger | http://paste.openstack.org/show/680426/ was the pipeline that was merged | 19:49 |
corvus | pabelanger: did that not go through testing? | 19:52 |
pabelanger | corvus: that is what I am looking at now | 19:54 |
pabelanger | corvus: okay, it doesn't look like it. Seems the patch was forced merged into gerrit, then zuul picked it up next (re)start. I don't have much exposure to that instances, just seen some internal chats about the failure | 19:55 |
corvus | pabelanger: okay, it might be useful to let folks know that even though config-project changes aren't dynamically used before they land, zuul *does* validate their configuration, so they should still go through testing in the normal way | 19:57 |
pabelanger | corvus: Yup, agree | 19:59 |
*** hashar has quit IRC | 20:23 | |
*** myoung is now known as myoung|brb | 20:35 | |
*** myoung|brb is now known as myoung | 20:54 | |
*** openstackgerrit has quit IRC | 21:03 | |
*** hashar has joined #zuul | 21:40 | |
*** dkranz has quit IRC | 21:56 | |
*** dmellado has quit IRC | 22:00 | |
*** hashar has quit IRC | 22:59 | |
*** myoung is now known as myoung|afk | 23:08 | |
*** rlandy|rover is now known as rlandy|rover|bbl | 23:34 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!