Tuesday, 2018-08-28

« Monday, 2018-08-27 Index Wednesday, 2018-08-29 »
pabelangerinteresting news related to bubblewrap: https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/ seems ubuntu / centos are disabling it in gnome, because they haven't done an audit of the tool yet00:05
pabelangertake with grain of salt00:06
SpamapSpabelanger: "It's easy to criticise but the reality is that to ship a high-quality distro all packages promoted to [Ubuntu main] have to go through a thorough review process which takes time," Murray added.00:12
SpamapSHaving been a part of the MIR process a few times.. the security team is pretty awesome and they actually do spot audits of code. And bubblewrap being security software.. they're all going to fight over who gets to audit it. ;)00:13
*** leifmadsen has quit IRC00:54
*** leifmadsen has joined #zuul00:54
SpamapShttp://paste.openstack.org/show/728892/02:50
SpamapSdmsimard: tristanC ^ latest 'splosion02:50
*** rlandy has quit IRC03:37
SpamapSoh this is fun now03:45
SpamapSUbuntu 18.04's don't have /usr/bin/python03:45
SpamapSand Ansible doesn't even try /usr/bin/python303:45
SpamapShrm maybe an extra var03:45
* SpamapS gives up on stock images and just builds a custom ubuntu image04:08
openstackgerritMerged openstack-infra/zuul-jobs master: write-inventory: add ansible_python_interpreter variable  https://review.openstack.org/59696104:46
*** weshay|rover has quit IRC04:55
*** pabelanger has quit IRC04:55
clarkbSpamapS: the infra channel has a ton of scrollback of us going theough similar05:26
clarkbit would be nice if ansible did its best to find a python05:26
tristanCSpamapS: it may be caused by http://git.openstack.org/cgit/openstack-infra/zuul/tree/zuul/executor/server.py#n150805:39
tristanCiiuc, zuul executor force using '/usr/bin/python2'05:40
tristanCi had to such things (L1088 and L1463) to work around it to use fedora pod: https://review.openstack.org/#/c/570668/8/zuul/executor/server.py05:41
*** hwoarang has joined #zuul06:35
*** pcaruana has joined #zuul06:39
openstackgerritIan Wienand proposed openstack-infra/zuul-jobs master: write-inventory: Add groups to created inventory  https://review.openstack.org/59699406:41
SpamapSI've been trying to set variables but the failure is in the direct call to the setup module which doesn't use site or job variables. :-P06:46
*** hashar has joined #zuul06:58
openstackgerritIan Wienand proposed openstack-infra/zuul-jobs master: write-inventory: Add groups to created inventory  https://review.openstack.org/59699407:03
*** jpena|off is now known as jpena07:49
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: rewrite interface in react  https://review.openstack.org/59160408:42
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: add build page  https://review.openstack.org/59702408:42
*** electrofelix has joined #zuul08:46
openstackgerritIan Wienand proposed openstack-infra/zuul-jobs master: write-inventory: Add groups to created inventory  https://review.openstack.org/59699409:54
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: rewrite interface in react  https://review.openstack.org/59160411:18
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: add build page  https://review.openstack.org/59702411:18
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: add job page  https://review.openstack.org/59704811:18
*** jpena is now known as jpena|lunch11:28
tristanCBehold, a javascript unit test for the status ChangePanel component: https://review.openstack.org/#/c/591604/24/web/src/containers/status/ChangePanel.test.jsx11:28
tristanCand the last status page with a loading spinner and jobs' page: http://logs.openstack.org/48/597048/1/check/zuul-build-dashboard/3147b22/npm/html/11:32
rcarrillocruzoh wow11:39
rcarrillocruzthat looks vveeeeery nice11:40
*** jpena|lunch is now known as jpena12:28
*** rlandy has joined #zuul12:34
openstackgerritMarkus Hosch proposed openstack-infra/nodepool master: Add list of metrics provided to statsd  https://review.openstack.org/59023312:40
openstackgerritMarkus Hosch proposed openstack-infra/nodepool master: Add list of metrics provided to statsd  https://review.openstack.org/59023312:42
*** samccann has joined #zuul12:51
*** jimi|ansible has joined #zuul13:45
*** pabelanger has joined #zuul14:08
*** pcaruana has quit IRC14:29
*** pcaruana has joined #zuul14:30
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: add config-error notifications drawer  https://review.openstack.org/59714714:34
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: add config-errors notifications drawer  https://review.openstack.org/59714714:49
corvustristanC: that js unit test looks cool! :)14:53
*** pcaruana has quit IRC15:00
tristanCcorvus: yes, i didn't add much test yet, but it looks promising15:01
corvusthe first one's always the hardest :)15:01
tristanCalso there are libraries to simplify mocking the store too, haven't looked into that yet15:02
tristanCand writting those test really helped me understand how redux works, i think the design is much better now15:02
tristanCand the "auto-reload" toggle on the status page is a great addition too :)15:03
tristanCcorvus: for the job page, i tried to used a carousel to match with your mockup https://imgur.com/a/5etfM . But the result was not conclusive, so I put a ListView in the meantime.15:07
corvustristanC: cool, i think that's a good start.  the main thing is to be able to help people understand the different variants and their locations.  listview is one way of doing that :)15:10
corvustristanC: do you have any ideas about how to format the variables?  i think they're important to have on the page, but json is... not pretty.  do you think we can do some kind of tree-rendering, like how firefox renders raw json?15:12
tristanCcorvus: the issue with listview is that you can't easily compare variants configuration, a carousel type of display would show the difference in place...15:19
tristanCcorvus: for the json, we could try using an extra library like https://github.com/alexkuz/react-json-tree15:19
corvustristanC: re carousel: yeah. or tabs, maybe?15:19
corvustristanC: that json tree looks promising :)15:20
tristanCoh yes, tabs would be easier to use. the problem with carousel is that they are designed for images background with a tiny sub title15:20
corvuscool, maybe let's try tabs then15:21
*** jhesketh has quit IRC15:41
*** jhesketh has joined #zuul15:41
openstackgerritDavid Shrewsbury proposed openstack-infra/nodepool master: Add post job to push pbrx container images  https://review.openstack.org/59717115:57
dmsimardSpamapS: I'll send a patchset to fix some of the stuff you brought up sometime today15:57
*** snapiri has quit IRC16:08
SpamapSdmsimard: awesome16:09
*** jpena is now known as jpena|off16:11
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: add config-errors notifications drawer  https://review.openstack.org/59714716:12
dmsimardI just tagged 0.16.0rc1 for ARA, changelog: https://github.com/openstack/ara/releases/tag/0.16.0.0rc117:09
*** hashar is now known as hasharAway17:16
openstackgerritMerged openstack-infra/zuul-jobs master: write-inventory: Add groups to created inventory  https://review.openstack.org/59699418:10
*** elyezer has joined #zuul18:18
*** electrofelix has quit IRC18:23
*** samccann has quit IRC18:31
*** jpena|off has quit IRC18:33
*** jpena|off has joined #zuul18:33
openstackgerritMerged openstack-infra/zuul-jobs master: Promote test-emit-job-header change  https://review.openstack.org/59145718:42
dmsimardcorvus: I believe there's an undocumented metric around here for wait_time at the job level: https://zuul-ci.org/docs/zuul/admin/monitoring.html#stat-zuul.tenant.%3Ctenant%3E.pipeline.%3Cpipeline%20name%3E.project.%3Ccanonical_hostname%3E.%3Cproject%3E.%3Cbranch%3E.job.%3Cjobname%3E19:01
dmsimardi.e, stats.timers.zuul.tenant.openstack.pipeline.check.project.git_openstack_org.openstack-infra_zuul.master.job.tox-py36.wait_time.mean19:01
dmsimardI'm not sure yet what it represents -- I expected it to be the time it took for the job to start (from initial queuing) but that doesn't appear accurate. I'm getting readings of <5 seconds when it stayed queued for about a minute before getting a node from nodepool19:03
*** samccann has joined #zuul19:20
pabelangerHmm, does zuul containers not have a shell?19:47
pabelangerah19:47
clarkbthey are based on the python alpine minimal images iirc19:47
clarkbso whatever that base includes19:47
pabelanger/bin/sh19:47
pabelangerwas using bash19:47
SpamapSthey have /bin/sh :)19:57
* SpamapS has got them working-ish19:57
SpamapSnow just need to get nodepool-builder to produce AMI's ;-)19:57
SpamapSor figure out how to easily make an AMI for myself that has /usr/bin/python19:58
* SpamapS grumbles about Ansible being slow to adapt to the new distro reality19:58
pabelanger+1 nodepool-builder19:59
openstackgerritPaul Belanger proposed openstack/pbrx master: Don't store apk indexes in cache  https://review.openstack.org/59722420:00
SpamapSis there a good graceful way to get zuul-executor to re-read its config without disturbing running jobs?20:00
SpamapSor do I just have to pause.. wait... restart..?20:00
pabelangeryah, think pause is working now20:01
pabelangerso, pause, lets jobs finish, then stop20:01
pabelangerstart20:01
pabelangerwe had a playbook in openstack-infra that would wait upto 3hours for jobs to stop (tripleo)20:02
pabelangerhopefully yours are faster :)20:02
pabelangeror shorter20:02
SpamapSseems like we could put that into zuul-executor20:02
SpamapSpause+reexec-on-last-job-finishing20:02
SpamapSI have a 1 hour job20:02
SpamapSwhich is actually using too much disk because I foolishly set my disk limit per job to 250MB20:03
SpamapSso I'm trying to raise the disk limit to 500MB20:03
SpamapS(kind of gratifying to see the disk accounter I wrote working.. but.. derp)20:03
pabelangerSpamapS: it is possible it exists now, I think corvus did some updates recently, or maybe tobiash20:07
pabelangerguess not20:08
pabelangerhttp://git.openstack.org/cgit/openstack-infra/zuul/tree/zuul/executor/server.py#n221520:08
corvusSpamapS: https://hub.docker.com/r/zuul/ exists now thanks to Shrews20:17
corvusdmsimard: hrm, something may be wrong with the wait_time stat then; perhaps we messed it up in the v3 transition20:18
SpamapScorvus: \o/20:18
pabelangerif I read apk right, https://review.openstack.org/597224/ will save us some space in images. But removing apk indexes from /var/cache20:20
pabelangeranybody know the difference between zuul/zuul and zuul/zuul-base ?20:21
pabelangeron docker20:21
clarkbpabelanger: zuul-base is the zuul install, zuul is the zuul command20:22
clarkbthis way you can run the zuul cli command seasily20:22
pabelangerAh20:22
pabelangerokay, that helps20:22
pabelangerI was thinking it would be docker pull zuul/zuul if you wanted all services in a single container20:24
Shrewszuul-base is the image with all deps installed, from which the other containers are based on20:27
Shrewsi contemplated not pushing that one, but mordred thought it might be useful for someone20:28
pabelangerI can see somebody wanting to build atop of zuul-base20:30
fungiis there an etherpad yet for brainstorming zuul-oriented topic ideas for berlin forum sessions?20:30
dmsimardAre there any plans to make the secrets backend pluggable ? i.e, hashicorp vault or some other thing20:31
dmsimardWriting that made me realize that Ansible already has vault (and other) lookups available so it might be possible to do things within the jobs themselves... although that makes me question how secure that would be with speculative execution and all20:33
openstackgerritRafael Folco proposed openstack-infra/zuul-jobs master: Set zuul job start time fact  https://review.openstack.org/59723520:38
SpamapSdmsimard: what context are you getting at?20:42
SpamapSdmsimard: like, the secrets are encrypted in git and only decrypted into temp files inside bwrap20:42
dmsimardSpamapS: fyi in the upcoming patchset I'll change the "ami" label arg to "cloud-image" to bring it line with the driver spec which expects either "diskimage" or "cloud-image" https://zuul-ci.org/docs/nodepool/configuration.html#pool-labels20:42
SpamapSthe keys would be much happier in Hashicorp Vault20:42
SpamapSdmsimard: isn't cloud-image a separate config object too?20:43
dmsimardSpamapS: not sure yet, the trace you provided ( http://paste.openstack.org/show/728892/ ) is a bit rabbit-holey20:44
SpamapSdmsimard: yeah I patched around that by just tacking on a diskimage attribute defaulted to None20:45
dmsimardSpamapS: the trace happens here: https://github.com/openstack-infra/nodepool/blob/master/nodepool/launcher.py#L902 and occured because we don't check if there is a diskimage attribute before trying to access it -- I'll patch that line with a getattr instead20:45
SpamapSyeah hasattr/getattr makes more sense20:47
SpamapSseems like the driver interface is still kind of unclear inside nodepool20:47
pabelangerSpamapS: fungi: clarkb: corvus: anybody care to +3 Shrews change for nodepool pbrx publishing: https://review.openstack.org/597171/20:48
dmsimardSpamapS: yeah -- past that hasattr, it'll use the "labelReady" method from the driver -- it's a patch that has nothing to do with aws :D20:51
dmsimardSpamapS: hmm, the other drivers do a better job at setting default values though -- so the assumption that a diskimage attribute exists (although it might be none) doesn't seem out of line20:53
SpamapSdmsimard: I'd like to see that as part of an abcmeta that requires implementing it as a getter if the underlying code will assume it20:54
* SpamapS really starts to long for a strongly typed language in these situations20:54
dmsimard¯\_(ツ)_/¯20:56
corvusi'm all for documenting/improving the nodepool driver interface.  we need to make it more solid before we add too many more of these.20:58
openstackgerritJames E. Blair proposed openstack-infra/zuul master: Add private key storage migration  https://review.openstack.org/59221320:59
openstackgerritMerged openstack-infra/nodepool master: Add post job to push pbrx container images  https://review.openstack.org/59717121:00
dmsimardyeah, I think actually trying to work with it is a good way to expose what's good and what could be improved21:01
*** jimi|ansible has quit IRC21:06
*** samccann has quit IRC21:18
Shrewscorvus: SpamapS: dmsimard: yes, the iface makes a lot of assumptions about config values. I put a lot of work in the recent past into getting the common interface to not reference many driver specific config values, so there's at least that. But it has a long way to go21:36
Shrewsto become a proper iface21:36
Shrewsi welcome improvements as you all iterate on the new drivers21:37
Shrewss/you all/we/  :)21:37
dmsimardI think a lot of it has to do with abstracting the differences between drivers while attempting to keep a single interface ... like AWS has a lot of the same concepts as OpenStack (floating IPs, security groups, networks, regions, AZs, etc.) but they might be named differently or used differently, etc.21:38
Shrewsyup21:38
dmsimardalso, shade and osc take care of a LOT of business logic21:39
dmsimards/shade/openstacksdk/21:39
*** hasharAway has quit IRC21:50
dmsimardShrews: another thing I'm struggling a bit with is where to really put things -- for example the region name could be at the provider level like it could be at the pool level21:59
clarkbdmsimard: I really like how we've got openstack split up for that currently, each provider is a logical location/failure domain/quota set22:07
clarkbthen you manage pools within that22:07
dmsimardclarkb: yeah the exercise I'm doing right now is to align the current experimental implementation of the ec2 driver against the openstack one22:08
dmsimardbut for a lot of things it's not a 1:1 mapping22:08
dmsimardan easy example -- openstack has a "boot_from_volume" parameter but it's not exactly straightforward to translate that to ec2 (because ec2's version of flavors, images and volumes is a mess)22:10
openstackgerritJames E. Blair proposed openstack-infra/zuul master: Add private key storage migration  https://review.openstack.org/59221322:10
clarkbdmsimard: in that case just don't support it?22:11
dmsimardclarkb: right but then the whole point of a driver interface is to abstract these kind of differences, no ? i.e, volume: yes and then the openstack and ec2 drivers do their respective thing to make it happen22:12
clarkbnot necessarily, the driver interface is primarily there to allow you to speak to many backends22:14
clarkbthey don't need to have the same config inputs22:14
clarkbespecially if they don't all support the same features22:14
rcarrillocruzlcd22:14
clarkbif nodepool was user facing api then I think that would be more important22:15
clarkbbut its a CI operator tool (primarily) and they'll be able to reconcile the differences between their backend compute providers22:16
openstackgerritJames E. Blair proposed openstack-infra/zuul master: Change project.private_key to private_secrets_key  https://review.openstack.org/59730222:27
*** sshnaidm is now known as sshnaidm|afk22:39
SpamapSYeah I'm more a fan of the "common interface to put the cloud specific configurations into" than "high level concept of what a cloud is" pattern.23:29
SpamapSLike one reason I like nodepool+openstack is that the provider configs kind of read as 1:1 with openstack concepts so it's easy to understand what's happening under the covers23:30
SpamapSif it was high level concept driven...23:30
SpamapSno23:30
SpamapSjust let me influence the calls to the aws APIs so I get the test resources I want from aws.23:31
*** threestrands has joined #zuul23:54
« Monday, 2018-08-27 Index Wednesday, 2018-08-29 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!