| dmsimard | mordred: config drive is infinitely simpler than dhcp and metadata service | 00:44 |
|---|---|---|
| dmsimard | Two less services that both have to be HA, etc | 00:44 |
| dmsimard | "infinitely" is probably an exaggeration :p | 00:46 |
| clarkb | eh metadata service is the nova api its already going to be ha | 00:47 |
| clarkb | and dhcp is how all the things want to configure, its a well known service and protocol and pretty easy to run ha, just run lots of them with different ranges | 00:48 |
| clarkb | (I know this isnt how neutron does it) | 00:49 |
| jlk | multiple nodes, shared database | 01:00 |
| jlk | HA the database | 01:00 |
| jlk | tons of strategies | 01:01 |
| Shrews | jlk: if you're interested: https://github.com/Shrews/PyGerrit | 02:30 |
| Shrews | i got it runnable, but that was about it | 02:30 |
| Shrews | sooo much effort | 02:31 |
| *** rfolco|rucker has quit IRC | 02:50 | |
| dmsimard | 10 years ago | 03:13 |
| *** andreaf has quit IRC | 05:10 | |
| *** andreaf has joined #zuul | 05:15 | |
| *** rlandy has quit IRC | 05:17 | |
| *** pcaruana has joined #zuul | 06:14 | |
| tristanC | mordred: the build page code to update the url with search filter is: http://git.zuul-ci.org/cgit/zuul/tree/web/src/containers/TableFilters.jsx#n43 | 06:49 |
| tristanC | mordred: that needs to be replicated and used in http://git.zuul-ci.org/cgit/zuul/tree/web/src/pages/Status.jsx#n144 | 06:50 |
| tristanC | corvus: for api errors, the ideal would be to use reducer action for each call, like it is done for the info endpoint, and have a generic reducer to catch error and display a toast notification when it happens | 06:52 |
| *** pcaruana has quit IRC | 07:09 | |
| *** pcaruana has joined #zuul | 07:28 | |
| *** pcaruana is now known as pcaruana|elisa| | 07:30 | |
| *** electrofelix has joined #zuul | 07:56 | |
| *** openstackgerrit has joined #zuul | 09:36 | |
| openstackgerrit | Tobias Henkel proposed openstack-infra/nodepool master: Remove sqlalchemy from requirements https://review.openstack.org/611821 | 09:36 |
| *** rfolco|rucker has joined #zuul | 10:18 | |
| *** panda is now known as panda|lunch | 11:53 | |
| goern | hey all, is there an example how to create a zuul secret using an ansible playbook? | 11:56 |
| goern | encrypt_secret.py is references in the doc, but I am pretty sure we can do that via ansible too, cant we? | 11:56 |
| *** EmilienM is now known as EvilienM | 11:58 | |
| Shrews | dmsimard: 6, not 10. but still ancient history | 12:02 |
| Shrews | goern: you can run shell commands from an ansible playbook | 12:03 |
| goern | Shrews, ja, but calling out to encrypt_secret would require that I clone the zuul src before... | 12:05 |
| Shrews | yep. there is a git module | 12:06 |
| Shrews | https://docs.ansible.com/ansible/latest/modules/git_module.html | 12:06 |
| *** sshnaidm is now known as sshnaidm|off | 12:06 | |
| goern | ja, right, but it feels not right to first git clone, then shell call out to a python script and do all that via ansible ,) | 12:09 |
| Shrews | goern: i'm not sure i understand what you're looking for then | 12:10 |
| goern | Shrews, a more ansible-only way to create the secret .yaml | 12:12 |
| Shrews | goern: by "a more ansible-only way", do you mean you want a new module that you can call directly? because that does not exist, but should be easy-ish to write | 12:13 |
| tobiash | goern: you could add zuul to required-projects ;) | 12:13 |
| goern | tobiash, :P | 12:14 |
| goern | Shrews, ja, maybe a playbook to start with, not a full blown role/module | 12:14 |
| tobiash | goern: do you want this to be single source? | 12:16 |
| goern | tobiash, what do you mean? | 12:16 |
| tobiash | goern: I mean do you want to avoid copyint the encrypt_secrets script to somewhere else? | 12:17 |
| tobiash | in that case you need to clone/require the zuul repo | 12:17 |
| tobiash | if not you could use shell/script or rewrite it to be a native ansible module | 12:18 |
| goern | tobiash, you think I should just add enc_sec to my repo, even if it diverts from the zuul src? | 12:18 |
| tobiash | goern: my question was if that's ok for you (it is a tradeoff because it creates work for maintaining when it diverts) | 12:19 |
| goern | tobiash, ja, that is ok, actually I didnt look it enc_sec is completely decoupled from anyo other zuul src | 12:19 |
| *** rlandy has joined #zuul | 12:38 | |
| tobiash | mordred: is nodepool with boot-from-volume expected to work with kilo based clouds? | 14:00 |
| mordred | tobiash: "yes" | 14:00 |
| tobiash | mordred: I get openstack.exceptions.SDKException: Error in creating the server: Build of instance f8423fec-510b-41b6-912f-779a924ea01a aborted: Block Device Mapping is Invalid. | 14:01 |
| tobiash | mordred: in our main cloud it just works | 14:01 |
| mordred | tobiash: ah - then it's possible our support for kilo based clouds is incomplete | 14:01 |
| mordred | tobiash: it's a use case that sdk should take care of - so I'd consider that breaking a bug in openstacksdk | 14:01 |
| tobiash | at least I think our old cloud was kilo | 14:01 |
| mordred | I'll need to go dig up some docs on what the bfv api looked like in kilo | 14:02 |
| Shrews | kilo EOL like 2 years ago | 14:02 |
| tobiash | Shrews: well, that's my old fallback cloud atm ;) | 14:02 |
| tobiash | it's not a big issue for me, was mostly curious | 14:03 |
| mordred | tobiash: yah - the theory is that it should be supported | 14:21 |
| mordred | tobiash: the practice is that if it's a feature we added to shade/sdk after an old eol, we may not have fully taken in to account the old behavior | 14:21 |
| pabelanger | https://review.openstack.org/610980/ | 14:33 |
| pabelanger | is an update to zuul-web from dmsimard to make padding a little more appealing. Anybody else like to review? http://logs.openstack.org/80/610980/1/check/zuul-build-dashboard/0aeed9e/npm/html/status is the new display | 14:34 |
| *** panda|lunch is now known as panda | 14:49 | |
| *** pcaruana|elisa| has quit IRC | 14:56 | |
| *** pcaruana|elisa| has joined #zuul | 14:57 | |
| *** pcaruana|elisa| has quit IRC | 15:08 | |
| *** pcaruana has joined #zuul | 15:08 | |
| *** electrofelix has quit IRC | 15:25 | |
| pabelanger | so, as a follow up to yesteday and deleting a git branch in github, we are seeing the following error now: | 15:27 |
| pabelanger | ValueError: Could not parse git-remote prune result: ' refs/remotes/origin/HEAD will become dangling!' | 15:27 |
| pabelanger | traceback at: https://tree.taiga.io/project/morucci-software-factory/issue/1902 | 15:27 |
| pabelanger | reading more now about dangling items with git | 15:28 |
| clarkb | pabelanger: the remote HEAD isn't updated when you pull or push after changing the remote HEAD | 15:29 |
| clarkb | this is why I have strongly suggested people stop pretending git without master is a thing you want | 15:29 |
| clarkb | it creates all sorts of confusion. You either need to reclone the repo or update the HEAD manually | 15:29 |
| pabelanger | Yah, I am working to fix the master -> devel renaming in ansible-network. We don't seem to do it for a good reason | 15:30 |
| clarkb | what I've suggested to other groups (like debian when they moved some packaging into oepnstack infra) is keep the master branch, leave a readme that points people where the actual branch specific work happens | 15:31 |
| clarkb | this is similar to how infra publications repo works too | 15:31 |
| *** pcaruana has quit IRC | 15:31 | |
| pabelanger | reasonable suggestion | 15:31 |
| *** jlk has quit IRC | 16:21 | |
| *** jlk has joined #zuul | 16:22 | |
| *** openstackgerrit has quit IRC | 16:24 | |
| mordred | pabelanger: of course, not renaming the default branch would be much better... but I know that ship has sailed I guess | 16:34 |
| mordred | it's SUPER painful on the muscle memory | 16:34 |
| clarkb | it also doesn't really make anything more clear imo | 16:34 |
| mordred | the number of times I type "git rebase -i origin/master", have that fail, and then go "crap, right - this one has devel" "git rebase -i origin/devel" | 16:34 |
| mordred | is basically literally every time I have to do anything | 16:35 |
| mordred | of course now for anyone with years of working in that repo, switching back would break their muscle memory. so sigh | 16:35 |
| SpamapS | Clearly you haven't been drinking enough if your muscles remember that well. | 16:36 |
| pabelanger | mordred: for ansible-network, we might have more freedom. I plan on pushing on it with team. | 16:37 |
| mordred | pabelanger: well - there's the other thing to consider - as we do more zuul work with ansible | 16:37 |
| mordred | pabelanger: which is zuul branch-matching will have a better time if ansible/ansible and ansible/ansible-network match | 16:37 |
| pabelanger | mordred: true, however we already setup default-branch on all projects for ansible-network. However, even then, the development workflow of ansible-network, could have devel branches testing against both ansible/ansible devel and ansible/ansible latest stable | 16:39 |
| pabelanger | it is a little confusing right now | 16:40 |
| mordred | yeha | 16:40 |
| jlk | oh yeah, Ansible. | 16:42 |
| jlk | always pisses me off :D | 16:42 |
| jlk | probably THE worst thing Michael did to the project | 16:43 |
| mordred | jlk: ++ | 16:44 |
| mordred | I believe the reason was "I don't like the name of the master branch that git chose because I have some habits from another VCS system that I want to carry over" iirc | 16:45 |
| SpamapS | jlk: global scope for all variables is maybe the only thing worse. ;) | 16:50 |
| pabelanger | jlk: yah, and when we create new projects now in ansible-network, people don't know why they rename it | 16:52 |
| pabelanger | SpamapS: yah, I do like puppet more in that aspect | 16:53 |
| jlk | well, they're host scoped, or group scoped, or group of groups scoped | 16:54 |
| jlk | and you have role vars, task vars, etc... | 16:54 |
| jlk | but yes, I can see the global nature of them | 16:54 |
| jlk | every host can access every other host's variables | 16:54 |
| mordred | hosts being able to access other host's variables actually doesn't bother me in ansible because of its push nature. in puppet, the remote node was the one that was executing the code, so variable segregation was important to not allow a remote client to read the entire db of secrets | 16:57 |
| SpamapS | jlk: the fact that I nearly always have to have the scope precedence page open when writing ansible is the problem I am referring to ;) | 16:57 |
| jlk | see, that's too MUCH scope :D | 16:57 |
| jlk | if it were truly global scope then... | 16:58 |
| mordred | in ansible, the calling context has access to the secrets, so a remote node can only 'steal' secrets if someone chooses to run terrible code from a host with access to the secrets in the first place :) | 16:58 |
| clarkb | SpamapS: this is your warning to stay away from lua :P | 17:05 |
| clarkb | I actually really disliked lua for this reason | 17:05 |
| clarkb | I ended upw ith a code base once upon a time where no one could use the local keywaord | 17:05 |
| clarkb | you end up with the weirdest bugs | 17:05 |
| SpamapS | clarkb: lua and I had a wrestling match a few years ago... my knee still clicks. | 17:05 |
| jlk | all the RPM install scripting stuff is basically lua | 17:09 |
| jlk | more than my knee clicks | 17:09 |
| jlk | http://rpm.org/user_doc/lua.html | 17:10 |
| jlk | People thought they were clever and used lua to do some rather batshit crazy things in packages, that I would run across as the release engineer. I wanted to stab SO, MANY, PEOPLE | 17:11 |
| *** openstackgerrit has joined #zuul | 17:11 | |
| openstackgerrit | Merged openstack-infra/zuul-jobs master: ensure-sphinx: do not attempt a gettext install if exists https://review.openstack.org/599028 | 17:11 |
| *** j^2 has joined #zuul | 17:59 | |
| *** AJaeger_ has joined #zuul | 18:11 | |
| *** AJaeger has quit IRC | 18:14 | |
| mordred | jlk: that sounds HORRIBLE | 18:19 |
| jlk | You've met Linux nerds, right? | 18:19 |
| *** AJaeger has joined #zuul | 18:26 | |
| *** AJaeger_ has quit IRC | 18:28 | |
| AJaeger | corvus: ianw wanted you to have a look at https://review.openstack.org/#/c/607691/1 - could you put that on your list, please? | 18:32 |
| openstackgerrit | Merged openstack-infra/zuul-jobs master: Update ANSIBLE_LIBRARY to use envsitepackagesdir https://review.openstack.org/611622 | 18:45 |
| *** AJaeger_ has joined #zuul | 18:47 | |
| *** caphrim007 has joined #zuul | 18:48 | |
| *** AJaeger has quit IRC | 18:49 | |
| caphrim007 | corvus or mordred: do you know if the zuul-web pypi thing that we talked about at ansiblefest is fixed? was going to have another go at installing the whole zuul stack | 18:52 |
| *** AJaeger_ is now known as AJaeger | 18:53 | |
| clarkb | caphrim007: I believe it has been fixed | 18:53 |
| clarkb | (the issue being lack of built static resources?) | 18:53 |
| caphrim007 | yeah yeah | 18:53 |
| clarkb | caphrim007: that said I'm not sure if the curreny pypi packages have the fix | 18:53 |
| clarkb | but if you build from source or use the zuul containers on dockerhub they should work | 18:54 |
| caphrim007 | clarkb: ok, i'll have a go at it | 18:54 |
| clarkb | we should probably make a release of zuul just to get the wheels and sdist updated on pypi | 18:54 |
| pabelanger | +1 | 18:55 |
| mordred | caphrim007: yes! it all should work | 19:02 |
| caphrim007 | mordred: thanks! will have a look! | 19:03 |
| mordred | caphrim007: also - the docs for the new docker-compose based quickstart have landed and are published | 19:03 |
| caphrim007 | oh neat-o. that'll be super helpful! | 19:03 |
| mordred | yah - it's great to work with | 19:04 |
| openstackgerrit | David Shrewsbury proposed openstack-infra/nodepool master: Cleanup down ports https://review.openstack.org/609829 | 19:14 |
| Shrews | I have my concerns with ^^, but there is "something" at least. We can all mull it over during the weekend... because that's fun | 19:15 |
| openstackgerrit | David Shrewsbury proposed openstack-infra/nodepool master: Cleanup down ports https://review.openstack.org/609829 | 19:19 |
| clarkb | Shrews: I left some quick thoughtson the change | 19:26 |
| Shrews | clarkb: those are good quick thawts | 19:27 |
| clarkb | Shrews: the other thing we might consider which the current hacky script doesn't do is check the owner of the port to make sure we don't delete a port on a router | 19:31 |
| clarkb | I think those ports are never DOWN for us currently so that hasn't been a concern | 19:31 |
| Shrews | clarkb: so if owner id is not the id of a router (which i guess we'd have to get a list of now...), then delete? | 19:33 |
| clarkb | ya, I think that can be a followon. Also there may be an attribute other than the uuid that says if it is part of a router | 19:33 |
| clarkb | I seem to remember seeing something like dhcp in some attribute | 19:33 |
| Shrews | hmm, not that familiar with the data to know that myself | 19:34 |
| clarkb | and for noav instances I think they may say nova on them somewhere? we should be able to determine that looking at the data returned by port list only I think | 19:34 |
| clarkb | give me a sec and I can check | 19:34 |
| *** sshnaidm|off has quit IRC | 19:34 | |
| Shrews | clarkb: this isn't something provider-specific, is it? | 19:35 |
| Shrews | (the attributes you refer to, that is) | 19:36 |
| clarkb | Shrews: | device_owner | compute:nova | | 19:36 |
| clarkb | I don't think it is provider specific looks like you can delete the port if not device_owner or device_owner == compute:nova | 19:37 |
| Shrews | ok | 19:37 |
| clarkb | looks like errored out ports will be down without a device owner (hence the not device_owner) and ports that get used by nova end up with compute:nova set | 19:37 |
| clarkb | and routers are set to something like router:dhcp though there are many I'm sifting through and haven't confirmed the exact value yet | 19:38 |
| clarkb | I wonder if the docs say what the values can be | 19:38 |
| clarkb | "The entity type that uses this port. For example, compute:nova (server instance), network:dhcp (DHCP agent) or network:router_interface (router interface)." | 19:39 |
| clarkb | so ya the above check shoudl work | 19:39 |
| Shrews | cool | 19:40 |
| caphrim007 | zuul-ci.org down? | 19:42 |
| clarkb | looks like another DNS issue hrm | 19:42 |
| clarkb | the issue last time was dnssec key rotations? | 19:43 |
| clarkb | mordred: ^ do you recall? | 19:43 |
| caphrim007 | clarkb: do you know the org on dockerhub with the zuul containers? | 19:50 |
| *** sshnaidm|off has joined #zuul | 19:50 | |
| pabelanger | caphrim007: https://hub.docker.com/r/zuul/ | 19:51 |
| clarkb | caphrim007: https://git.openstack.org/cgit/openstack-infra/zuul/tree/doc/source/admin/examples/docker-compose.yaml zuul/zuul | 19:51 |
| caphrim007 | pabelanger clarkb: thanks | 19:51 |
| pabelanger | also, zuul-ci.org is down for me | 19:52 |
| caphrim007 | yeah me too | 19:52 |
| clarkb | its DNS | 19:52 |
| clarkb | and yes it will be broken for everyone based onw hat I am seeing | 19:53 |
| clarkb | the authoritative server unpings | 19:53 |
| clarkb | and the two public facing servers seem to have stopped resolving the domain as a result? | 19:53 |
| pabelanger | are these the new servers specific to zuul-ci.org? | 19:53 |
| clarkb | Oct 19 16:01:07 ns2 nsd[22004]: [2018-10-19 16:01:07.925] nsd[22004]: error: xfrd: zone zuulci.org has expired | 19:54 |
| clarkb | pabelanger: no | 19:54 |
| clarkb | ok I think that means adns1 went away for some reason, then the zone expired | 19:55 |
| clarkb | so to fix this in theory I reboot adns1 | 19:55 |
| clarkb | let me see if the console says anything interesting first | 19:55 |
| pabelanger | clarkb: adns1.o.o right? | 19:56 |
| clarkb | yes | 19:57 |
| pabelanger | k, I don't see much info in cacti.o.o for it either. | 19:57 |
| clarkb | console seems happy | 19:59 |
| clarkb | pabelanger: lets move back to -infra | 19:59 |
| *** sshnaidm|off has quit IRC | 20:04 | |
| clarkb | https://zuul-ci.org should respond again. DNS was fixed | 20:06 |
| caphrim007 | verified | 20:07 |
| *** sshnaidm|off has joined #zuul | 20:22 | |
| clarkb | caphrim007: were you able to find the quick start docs? | 20:26 |
| clarkb | they should be in the zuul docs on zuul-ci.org which should be accessible now | 20:26 |
| caphrim007 | clarkb: yep i see them. i'm using the docker-compose example with my inhouse zuul config to see how well it works | 20:27 |
| clarkb | great | 20:28 |
| *** goern has quit IRC | 20:36 | |
| *** goern has joined #zuul | 20:37 | |
| *** ssbarnea has quit IRC | 21:21 | |
| *** ssbarnea|bkp2 has joined #zuul | 21:21 | |
| *** rlandy has quit IRC | 21:40 | |
| *** ssbarnea has joined #zuul | 22:21 | |
| *** rfolco|rucker has quit IRC | 23:16 | |
| *** caphrim007 has quit IRC | 23:25 | |
| *** ssbarnea has quit IRC | 23:35 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!