Monday, 2018-12-17

« Sunday, 2018-12-16 Index Tuesday, 2018-12-18 »
*** dkehn has quit IRC01:29
*** dkehn has joined #zuul01:36
openstackgerritIan Wienand proposed openstack-infra/nodepool master: [wip] Add dogpile.cache master to the -src tests  https://review.openstack.org/62545701:49
openstackgerritIan Wienand proposed openstack-infra/nodepool master: [wip] Add dogpile.cache master to the -src tests  https://review.openstack.org/62545703:07
*** bjackman has joined #zuul03:36
*** bhavikdbavishi has joined #zuul03:41
*** bjackman has quit IRC03:50
*** chandan_kumar is now known as chandankumar04:55
*** bhavikdbavishi1 has joined #zuul05:59
*** bhavikdbavishi has quit IRC06:01
*** bhavikdbavishi1 is now known as bhavikdbavishi06:01
*** quiquell|off has quit IRC06:09
*** threestrands has quit IRC06:21
*** AJaeger has quit IRC07:00
*** AJaeger has joined #zuul07:09
*** jpena|off is now known as jpena07:42
*** yolanda has joined #zuul07:50
*** pcaruana has joined #zuul08:18
*** jpena is now known as jpena|away08:21
*** fbo has joined #zuul08:44
*** quiquell has joined #zuul08:49
quiquellGood morning08:49
quiquellCould be beneficial to ignore "non-voting" jobs and start gate jobs before they finish ?08:58
tobiashquiquell: zuul only reports once after all jobs are finished. So if you want to 'ignore' non-voting jobs you can move them into a comment triggered pipeline like check-experimental in openstack land.09:08
quiquelltobiash: ack, ok so change pipelines should do that09:09
tobiashyes, you also could make it trigger automatically but not require the vote of that pipeline for gate09:09
quiquelltobiash: this is nice, voting jobs that run at experimental, don't count ?09:11
quiquelltobiash: like third party ones I suppose09:11
tobiashquiquell: that depends on your pipeline definition, that controls votes of it. And you can let it vote on a non-required label or even just comment without any votes.09:12
quiquelltobiash: btw after adding some mergers to my local zuul It takes just 2,5 minute to startup connecting to git.review.org and rdo :-)09:18
*** bjackman has joined #zuul09:27
*** themroc has joined #zuul09:28
*** bhavikdbavishi has quit IRC09:36
*** ssbarnea|rover has joined #zuul09:47
*** jpena|away is now known as jpena10:12
*** electrofelix has joined #zuul10:52
*** bhavikdbavishi has joined #zuul11:30
*** rfolco has joined #zuul11:37
*** dkehn has quit IRC11:57
*** gtema has joined #zuul12:07
*** bhavikdbavishi has quit IRC12:09
openstackgerritSorin Sbarnea proposed openstack-infra/zuul-jobs master: Remove world writable umask from /src folder  https://review.openstack.org/62557612:14
*** jpena is now known as jpena|lunch12:30
*** bjackman has quit IRC12:31
openstackgerritTobias Henkel proposed openstack-infra/zuul master: Delay Github fileschanges workaround to pipeline processing  https://review.openstack.org/62558412:50
*** rlandy has joined #zuul12:57
*** gtema has quit IRC12:58
sean-k-mooneyo/13:00
sean-k-mooneyquick question. i deployed the container form the adming demo docker compose using kubernetes at the weekend13:01
sean-k-mooneyi have each of the service deploy but zuul is not picking up chages from gerrit13:01
sean-k-mooneyany suggestions on how to debug13:01
sean-k-mooneycan i check if zuul is connected to gerrit in some way via the zuul cli?13:02
tobiashsean-k-mooney: do you have the scheduler log?13:08
sean-k-mooneyam not to hand but i have access to them yes13:10
sean-k-mooneythey were almost empty but thinking about it i assume the container did not default to debug loginin that would probaly be a good place to start13:10
openstackgerritQuique Llorente proposed openstack/pbrx master: Add tag to container images  https://review.openstack.org/62559013:12
sean-k-mooneyi peiced the deploy logic together form the docker compose file by had. since i know relitilly little about kubernets its higly proably i messed something up but i think the container are correct but i could eaisily have missed something.13:12
*** bhavikdbavishi has joined #zuul13:13
sean-k-mooneyim buying a new server to use fo teh ci and will likely redeploy in a vm when it arrive so this is not urgent.13:14
openstackgerritTobias Henkel proposed openstack-infra/zuul master: Delay Github fileschanges workaround to pipeline processing  https://review.openstack.org/62558413:26
*** jpena|lunch is now known as jpena13:27
quiquelltobiash: Has created this to tag zuul docker images https://review.openstack.org/#/c/625590/13:34
quiquellpbrx change13:35
tobiashquiquell: I'm no core in pbrx, Shrews, mordred ^13:36
quiquelltobiash: ack13:37
*** bjackman has joined #zuul13:38
openstackgerritJens Harbott (frickler) proposed openstack-infra/zuul-jobs master: Alwas use pathless docker mirror URI  https://review.openstack.org/62559613:43
*** dkehn has joined #zuul13:45
*** bhavikdbavishi has quit IRC13:49
*** quiquell is now known as quiquell|lunch13:49
*** pcaruana has quit IRC13:50
*** bjackman has quit IRC13:55
quiquell|lunchtobiash: do we have access to the commit id in at zuul job "vars" ?13:55
quiquell|lunchtobiash: like expanding at job var to the commit id ?13:56
openstackgerritJens Harbott (frickler) proposed openstack-infra/nodepool master: Switch devstack jobs to Xenial  https://review.openstack.org/62485513:57
tobiashquiquell|lunch: check out any inventory file of a job result: http://logs.openstack.org/84/625584/2/check/tox-py36/82b809e/zuul-info/inventory.yaml13:59
tobiashquiquell|lunch: that contains all vars zuul supplies13:59
sean-k-mooneytobiash: quiquell|lunch is that where the zuul docker images are defiend?13:59
sean-k-mooneyi was trying to figure that out but there is no info in the dockerhub site or the docs or the zuul git repo to figure it out14:00
tobiashsean-k-mooney: pbrx is the tool used to build the zuul docker images14:00
sean-k-mooneyim guessign it stands for pbr extentions14:01
sean-k-mooneyhum so this is how you define packages to be installed https://github.com/openstack-infra/zuul/blob/master/setup.cfg#L48-L58 and it generate a contaier for each console script ...14:05
tobiashyes14:05
*** pcaruana has joined #zuul14:05
sean-k-mooneywhile that seams conviniant it is rther obscure. it would be nice to call that out in the docs14:06
sean-k-mooneyim kind of surprised it does not use bindep.txt14:07
*** quiquell|lunch has quit IRC14:15
*** quiquell has joined #zuul14:20
quiquelltoabctl: zuul.build is the commit id ?14:21
mordredquiquell, tobiash: lgtm - Shrews, SpamapS wanna take a look?14:22
openstackgerritQuique Llorente proposed openstack/pbrx master: Add tag to container images  https://review.openstack.org/62559014:22
quiquellmordred: ^ updated also the job14:23
mordredquiquell: what if we used zuul.tag instead of zuul.build? that way it'll do the right thing in release pipelines, but we won't be pushing tags to dockerhub just for normal builds14:26
tobiashhrm, zuul-quick-start seems to be broken: http://logs.openstack.org/84/625584/2/check/zuul-quick-start/f53553d/job-output.txt.gz#_2018-12-17_13_30_04_40947414:29
fungitobiash: https://review.openstack.org/625596 seems to fix it for zuul.openstack.org, but likely needs some discussion still14:30
tobiashfungi: thanks!14:31
openstackgerritTobias Henkel proposed openstack-infra/zuul master: Delay Github fileschanges workaround to pipeline processing  https://review.openstack.org/62558414:32
openstackgerritSorin Sbarnea proposed openstack-infra/zuul-jobs master: Remove world writable umask from /src folder  https://review.openstack.org/62557614:33
quiquellmugsie: I don't see zuul.tag http://logs.openstack.org/84/625584/2/check/tox-py36/82b809e/zuul-info/inventory.yaml14:34
quiquellmordred: ^14:34
quiquellwrong mfoobar14:34
mordredquiquell: :) yah - its only set if a job has been run in a pipeline triggered by a tag. check out http://logs.openstack.org/e1/e1c7f9f254c817f31cfa5a3195f60b3f2c4ae37a/release/propose-update-constraints/55e4a69/zuul-info/inventory.yaml14:36
quiquellmordred: I think we need both14:38
quiquellmordred: not every commit id increase the semver14:38
quiquellmordred: I suppose the pinning granularity is commit id14:38
mordredyah - that's right ... but wouldn't it get messy to push a tag to dockerhub for every commit?14:38
quiquellmordred: how often is semver increased ?14:39
mordredusually every 2 weeks or so14:39
quiquellmordred: ack, what are the reqs ?14:40
quiquellsshnaidm: ^ we are going to pin zuul to semver instead of commit id, the update it every two weeks14:40
mordredtends to be when people say "hey, we should tag a new release" - but also, we update openstack's zuul and run it for a little bit to make sure it's good before we tag14:40
mordredquiquell: well - I'm not sure tagging commits is a bad idea ... totally asking14:41
mordredI mean, we should definitely tag tags when they exist14:41
mordredbut I could see a benefit in tagging git shas - I just don't know if there is a downside14:41
quiquellmordred: https://container-solutions.com/tagging-docker-images-the-right-way/14:41
quiquellreading stuff14:41
tobiashmordred, frickler, fungi: I think we should rethink the docker mirror thing in the zuul-jobs/install-docker role14:42
quiquelllook like having commit id and semver is the way to go14:42
tobiashmordred: do you know if there are more users of the install-docker role that use the mirror thing?14:42
quiquellmordred: tagging with commit id, can render on space problemas at dockerhub ?14:42
tobiashmordred: that still looks quite openstack specific to me: https://review.openstack.org/#/c/625596/1/roles/install-docker/tasks/mirror.yaml14:43
mordredtobiash: yeah- I agree, that's pretty openstack specific looking14:43
mordredtobiash: I'm not sure if anyone else is using it - but seeing how it's so openstack specific, I doubt it :)14:44
tobiashmordred: I think on the long run we should change that to take the mirror url instead (and a flag if it's insecure or not)14:44
mordredtobiash: ++14:44
tobiashmordred: yes, so with that reasoning I'd be +2 on the change to unblock things14:44
fricklerthis is where our mirror setup for this is defined http://git.openstack.org/cgit/openstack-infra/system-config/tree/modules/openstack_project/templates/mirror.vhost.erb#n38714:44
fricklerbut I agree that this shouldn't belong into the generic job14:45
mordredtobiash: that mirror_fqdn is being set if zuul_site_mirror_fqdn is set - but given this whole running-on-a-port setup, I think basing it off of zuul_site_mirror_fqdn may not really work here14:47
mordredmaybe a new variable, like zuul_site_docker_mirror_url that the role consumes for defaults - so it's easy for an admin to setup a mirror?14:48
tobiashmordred: ++14:48
mordredand we can get the "construct url with port from fqdn" logic out14:48
tobiashThat makes totally sense14:49
mordredfrickler: that "use_upstream_docker" behavior difference with the mirror is actually about "is docker old or new"14:49
fungiso should we merge 625596 without any warning as a short-term fix and then refactor the role to be more generic longer-term?14:50
mordredfrickler: I'm not sure if we should rework the logic to expose the old mirror url as a choice? or maybe just roll with it for now and only support newer mirrors if we're seeing newer docker everywhere now?14:50
mordredfungi: yeah - I think it's fine as a fix for now and just has brought to mind we can improve it14:51
fungii just didn't want to see us merge a potentially breaking change to zuul-jobs without some discussion outside of #openstack-infra14:51
mordred++14:51
mordredfungi: I think we're pretty safe from this being used outside of infra given how openstack-specific the mirror setup is in the first place14:51
*** toabctl has quit IRC14:57
*** toabctl has joined #zuul14:57
tobiashmordred: ah now I see, there really was a docker with registry v1 api in use?15:00
tobiashthat feels a little bit like stone age ;)15:01
mordredtobiash: yah - and in fact it was in heavy usage by openstack jobs :(15:02
tobiashmordred: ok, so if we still want to support v1 we should switch on the docker version instead of upstream docker or not15:02
mordredI think the docker that was being installed in centos needed it15:02
tobiashah ok15:02
mordredtobiash: I agree. although I think I'm not sure how to sanely know what version got installed ... so I think I'm fine just defaulting this one to sanity and providing a variable people can set at invocation time if they need it15:03
openstackgerritMonty Taylor proposed openstack-infra/zuul-jobs master: Update install-docker to use docker site variable  https://review.openstack.org/62561715:03
mordredtobiash, frickler, fungi: ^^ there's a stab at updating the role to use the site variable defined in the infra project-config patch15:03
tobiashmordred: we should ask the installed docker probabky15:03
mordredtobiash: yah - but that's going to be very distro specific ... not sure the effort it worth it for what should be a shrinking number of jobs15:04
mordredlemme ping the tripleo folks about it though15:04
tobiashmordred: that should do it: docker version --format '{{.Server.Version}}'15:08
tobiashat least for current versions15:09
mordredtobiash: oh - neat!15:10
*** themroc has quit IRC15:11
mordredtobiash: now to figure out which version of docker needs v1 registry15:11
openstackgerritQuique Llorente proposed openstack/pbrx master: Add tag to container images  https://review.openstack.org/62559015:11
tobiashmordred: registry v2 is supported since 1.615:12
mordredI was just reading that it returns v1 style by default for 1.9 - but if 1.6 supports v2, maybe that's the right one15:13
tobiashcentos 7 has 1.13.1 currently15:14
tobiashmordred: trusty has 1.6.1 and doesn't support the --format parameter15:16
tobiashmordred: but docker --version still seems to look the same:15:16
tobiashDocker version 1.6.2, build 7c8fca215:16
tobiashDocker version 17.09.1-ce, build 19e2cf615:17
tobiashthat might be parsable15:17
mordredtobiash: well - if trusty is the only thing that has 1.615:17
mordredtobiash: then maybe actually just not bothering is better? I don't think we're supporting trusty anymore in infra - right frickler? - and I'm guessing we'd be the most likely people to need to still support build nodes that old15:18
tobiashxenial has Docker version 18.06.1-ce, build e68fc7a15:18
fricklerat least for nodes running jobs, trusty should be gone, yes15:19
openstackgerritQuique Llorente proposed openstack/pbrx master: Add tag to container images  https://review.openstack.org/62559015:23
*** themroc has joined #zuul15:23
*** chandankumar is now known as chkumar|out15:26
*** pcaruana has quit IRC15:29
openstackgerritJens Harbott (frickler) proposed openstack-infra/nodepool master: [wip] Add dogpile.cache master to the -src tests  https://review.openstack.org/62545715:42
openstackgerritQuique Llorente proposed openstack/pbrx master: Add tag to container images  https://review.openstack.org/62559015:42
openstackgerritQuique Llorente proposed openstack/pbrx master: Add tag to container images  https://review.openstack.org/62559015:43
*** pcaruana has joined #zuul15:51
tobiashmordred: do you think the dogpile cache problems will break swift upload too?15:54
mordredtobiash: hrm. that's a really good question. they might, since it's a decorator that happens at import time. HOWEVER - we do a null wrap if you don't have per-resource caching configured15:55
mordredtobiash: so it might not15:56
tobiashmordred: ah so this is only a problem if I really enable caching in clouds.yaml?15:57
mordredtobiash: I *think* so - but I'm not 100% sure since it's a code-level issue that happens at decorator time15:58
mordredtobiash: kmalloc has a patch up to fix the dogpile issue though15:58
kmallocYes15:59
kmallocOnly happens with caching. The fix is pending another fix though.15:59
tobiashkmalloc: thanks, I'm not using caching on the executors that do swift upload16:00
kmallocYeah it should be fine, since we don't do the wrap with real dogpile16:01
kmallocWith caching disabled16:01
tobiashcool, so I'll be able to update my zuul later :)16:04
quiquellmordred: damn I think we need to run also without tags to have "latest" :-/16:05
quiquellmordred: will look it tomorrow have to drop16:05
*** quiquell is now known as quiquell|off16:06
openstackgerritMerged openstack-infra/zuul-jobs master: Alwas use pathless docker mirror URI  https://review.openstack.org/62559616:07
mordredquiquell|off: oh  yeah. good call - thanks for looking at it so far - I may poke at that patch some while you're afk - it's been on my todo list for a while so I appreciate you getting it going16:09
*** themr0c has joined #zuul16:16
*** themroc has quit IRC16:19
*** pcaruana has quit IRC16:28
*** bhavikdbavishi has joined #zuul16:38
corvusSpamapS: can you look at https://review.openstack.org/619156 if you have a moment?16:49
openstackgerritJens Harbott (frickler) proposed openstack-infra/nodepool master: [wip] Add dogpile.cache master to the -src tests  https://review.openstack.org/62545717:00
AJaegerhere's a change for zuul-jobs, could you put that on your review queue, please? https://review.openstack.org/#/c/624575/ as test change and then https://review.openstack.org/#/c/621840 as real one. Together with a note for testing: https://review.openstack.org/62457817:15
AJaegerall looks fine to me - but I'd like broader review so didn't +2 yet17:15
openstackgerritMerged openstack-infra/zuul master: Use combined status for Github status checks  https://review.openstack.org/62341717:21
*** themr0c has quit IRC17:27
SpamapScorvus: looking. When you've got a moment, I'd love to walk through an issue I'm having that I don't understand.17:33
tobiashAJaeger: commented on the testing note17:34
corvusSpamapS: i'm available now17:35
SpamapScorvus: perfect, give me a second to get a +2 on that auth review. ;)17:35
SpamapS(Reviewing the nodepool side too)17:37
*** bhavikdbavishi has quit IRC17:37
SpamapScorvus: ok, so I have this in my repo (GoodMoney/tech) http://paste.openstack.org/show/737498/  and it is tied to this pipeline: http://paste.openstack.org/show/737499/17:40
AJaegerthanks, tobiash !17:40
SpamapScorvus: tech has two branches, 'master', and 'prod'. The idea is that you only run gmapiprod-post on merge to prod, and only run gmapidev-post on merge to master....17:41
SpamapScorvus: what actually ends up happening is, both copies of gmapidev-post run on merges to master, the one from master, and the one from prod.17:41
SpamapSNow, I can delete either/or from the two respective branches, and solve this problem for now.. but I want to understand a) is there a way to keep the configs consistent between? b) is there an idiomatic example of what I'm trying to do?17:42
corvusSpamapS: oh, the contents of that paste are in the repo itself, and on both branches?17:43
openstackgerritMerged openstack-infra/nodepool master: Switch devstack jobs to Xenial  https://review.openstack.org/62485517:44
SpamapScorvus: correct17:45
SpamapSgmapidev-post puts anything that lands on master into a staging env for UAT type things.. then people PR to prod to publish forealz.17:46
SpamapSI'm actually thinking of changing to a 'tag for prod' model.17:46
SpamapSBut for now, this is how it works.17:46
SpamapS(tags would make it easier to reuse the container images)17:46
SpamapS(FYI, this is how https://goodmoney.com is published)17:47
corvusSpamapS: based on what i see as the differences there -- a couple of variables and the run playbook, i think you could make them one job17:49
corvusSpamapS: you could then have the "master" and "prod" branches just have implied branch variants with those differences.17:50
corvusSpamapS: or, you could define the job in master with a branch matcher of ".*" and then add explicit branch variants in either the branches, or even on the project-pipeline definition17:51
SpamapScorvus: Ok, that was one avenue I'd thought of too...17:52
corvusSpamapS: the latter option is probably the best way to have a single definititon with the bulk of the settings, then one or two more little definitions with the delta.17:52
SpamapScorvus: this was.. extremely confusing and frustrating to debug. The first evidence I had it was not working well was that the slack notifications were duplicated. But it really broke when I landed a backward-incompatible change in the job's ansible in master, and then the prod ansible ran and it cost me 7 minutes of downtime. :-/17:53
corvusSpamapS: the former presents the most localized view (you just look in the prod branch to see the complete prod definition of the job)17:53
SpamapS(I actually caught it in staging, but we were under a regulatory time box which forced me to manually deploy.. and manual deploy screwed things up for 7 minutes. ;-)17:53
SpamapSOne job with branch variant seems like a good plan.17:55
SpamapSBut the really weird thing, the thing that really blew my mind, was that it ran every piece of the job, one from master, one from prod, when I landed stuff in each branch.17:55
SpamapSSo like, two pre's, two runs, two posts.17:55
corvusSpamapS: i understand -- i think perhaps as we work on narrative documentation for setting up jobs, we might want to come up with a rule of thumb and highlight it -- something like "don't use explicit branch matchers on in-repo jobs in branched repos".  it's not a hard-and-fast rule (i'm suggesting you violate it in my option #2) -- but it works most of the time, including in my option #1.  and the point is17:55
corvusjust to avoid foot-guns.17:55
SpamapSOk, this makes some sense now. My expectation was that only the jobs defined in the branch I was in, would run, which was false.17:57
SpamapSThe explicit branch matching made the config match despite being from a different branch.17:57
SpamapScorvus: I think I'll just accelerate my move to having prod pushes just take tags... that way there's just one branch, and two distinct jobs.18:02
*** jpena is now known as jpena|off18:14
*** electrofelix has quit IRC18:32
fungifun discovery in #openstack-infra, if you upgrade ansible on an active executor, jinja2 templating can fail somewhat cryptically on an inability to find ansible's core filter plugin18:57
fungithe more you know!18:58
openstackgerritSorin Sbarnea proposed openstack-infra/zuul-jobs master: Remove unsecure chmod which makes src world writable  https://review.openstack.org/62569419:27
openstackgerritMerged openstack-infra/zuul master: Modify some file content errors  https://review.openstack.org/62427820:00
*** sshnaidm is now known as sshnaidm|off20:07
openstackgerritIan Wienand proposed openstack-infra/zuul-jobs master: Add a note on testing  https://review.openstack.org/62457820:39
openstackgerritIan Wienand proposed openstack-infra/zuul-jobs master: Add a note on testing trusted roles  https://review.openstack.org/62457820:39
*** hashar has joined #zuul21:02
*** dmellado has quit IRC21:05
*** gouthamr has quit IRC21:06
*** gouthamr has joined #zuul21:17
*** yolanda has quit IRC21:18
fungianother osf newsletter is going out wednesday. can anyone think of important zuul news which isn't covered in corvus's latest project update on the zuul-discuss ml or in published release notes for recent releases of zuul and nodepool?21:28
tobiashfungi: I'm not aware of further topics21:29
fungii figured those would be a good base source of news items at any rate21:29
*** gouthamr_ has joined #zuul21:30
tobiashyay, ubuntu removed the setuid bit from bwrap in the latest package version. This breaks dockerized executors running on centos based hosts21:30
clarkbtobiash: this is a case of the userland having different expectations from the kernel than it got?21:31
clarkbprobably beacuse ubuntu kernels allow user namespacing21:31
tobiashyes, that's probably the reason they removed it21:31
tobiashbut centos kernels don't allow user namespacing21:31
tobiashand thus bwrap needs setuid21:31
tobiashjust did an executor upgrade and nothing worked21:32
tobiasheverything went into retry limit21:32
clarkbouch21:32
*** hashar has quit IRC21:32
clarkbtobiash: any idea if rhel8 beta allows user namespacing (mostly just curious if this general problem goes away in the future)21:32
tobiashclarkb: I don't know21:33
corvustobiash: this is if you build an executor image based on ubuntu, right?  can you switch to the upstream alpine images?  (or build your own alpine images using pbrx?)21:33
tobiashcorvus: pbrx doesn't really fit into my current deployment process so I'm building my own images based on ubuntu (as this is currently kind of the default platform for testing)21:35
mordredah - I didn't realize you'd moved off of alpine images - good to know21:35
mordred(Also good to know about the setuid bit removal)21:36
tobiashmordred: yes, I moved to ubuntu two months ago21:36
mordredcool.21:36
*** gouthamr_ has quit IRC21:37
tobiashI switched mostly because of python weels, ubuntu as default testing platform and potentially faster python on ubuntu because of glibc21:39
mordredwheels existing for ubuntu is a big one21:40
clarkbzuul's wheels should be universal though?21:40
mordredtobiash: do you have any data on faster python with glibc?21:40
mordredclarkb: for dependencies21:40
clarkbmordred: well for deps pypi doesn't distinguish distros for wheels21:40
clarkbyou get the rhel5 like universal wheel option or build it yourself21:41
*** gouthamr_ has joined #zuul21:41
tobiashmordred: I've seen a python in docker benchmark for different base images on phoronix half a year ago21:41
tobiashand alpine was much slower in almost every test case21:41
clarkbtobiash: mordred re performance glibc throws memory at performance but musl is memory conscious21:41
mordredclarkb: right - but alpine runs a different libc, so I think there are wheels that publish binaries linked with glibc, no?21:42
clarkbI thought the rhel5 base image was intentionally chosen because it should be compatible across the newer libc options21:43
clarkbits possible that doens't work as well as expected21:43
tobiashfound it: https://www.phoronix.com/scan.php?page=article&item=docker-summer-2018&num=421:43
tobiashso they ran pybench21:44
*** gouthamr_ has quit IRC21:46
tobiashcorvus: the reason for pbrx not fitting for me is that I'm currently using openshift build configs that only support s2i or plain old dockerfiles so I'm using a plain old dockerfile21:48
mordredtobiash: do they support multi-stage dockerfiles?21:49
tobiashunfortunately not21:49
tobiashI learned about multi-stage dockerfiles a few months ago and this was awesome, then tried them in openshift but it didn't like them21:51
clarkbis openshift using buildah21:51
*** gouthamr_ has joined #zuul21:51
tobiashI have no idea, I just know it's not using docker21:54
*** gouthamr_ has quit IRC21:56
mordredthe openshift-y way of doing the multi-stage build approach would be builder images for s2i ... and in making those following the guidance for compiled languages rather than the guidance for interpreted languages22:00
mordredI was toying with the idea of making one of those for zuul - or for re-imagining pbrx as a generic builder image22:00
mordredbut haven't gotten around to playing with it yet22:00
tobiashI think so22:01
clarkbit likely isworth noting that the theoretical "kernel and user space won't agree" problem is no longer theoretical here. I wonder if that does make an argument for running containers within the same family as the host kernel22:01
tobiashbut I anyway want to switch to images built by zuul but then I have some kind of bootstrap problem22:01
clarkb(I'm trying to be open to the idea that "just build one image because it doesn't matter" is maybe not the best approach and kolla et al may have something in their approach)22:02
tobiashclarkb: I think zuul is a special case here because of sandboxing things22:04
tobiashoh and nodepool too because of dib ;)22:05
clarkbtobiash: ya its possible that its such a corner case that it doesn't matter in general. Mostly I'v eargued against the kolla approach of container on every platform possible, because it seems like a waste of effort and shouldn't matter if containers are being useful22:05
clarkbbut maybe they aren't quite as strong and abstraction as we might assume :)22:06
tobiashyes, if you aren't using fancy new or not widely adopted kernel features I think the approach having one base image is sufficient22:07
clarkbtobiash: as far as possible terrible hacks go can you setuid the binary in your image build and it works?22:08
tobiashyes, that was my fix, chmod 4755 at the end and everything worked again22:09
tobiashit was just unexpected that ubuntu bionic as an lts release made such a change without even changing the version number of bwrap22:10
clarkbya22:10
SpamapStobiash: sorry I said in #openstack-infra, but, yeah, Alpine-- IMO. I don't think there's much reason to use them now that we have good solid slim Debian/Ubuntu images.22:35
tobiashSpamapS: yes, the most important reason for alpine in the past for me was the size22:36
SpamapSAnd I'm very dubious about who the Alpine devs are.22:36
tobiashbut the zuul images are large anyway22:36
SpamapSNot that I think they're bad people, but they just appeared out of nowhere, their bug tracker is hard to join, and I'm just not sure they're ready to power as much as they're powering.22:37
SpamapSYeah my zuul alpine images are not tiny.22:37
* SpamapS has a todo to switch to Debian. ;)22:37
SpamapSzuul-base                                                            latest                                            80dca46bd93d        2 weeks ago         265MB22:37
tobiashin fact my scheduler image based on bionic is just 250mb22:37
SpamapS265MB isn't so bad I guess.22:37
SpamapSAnything under 500MB is a win really.22:38
tobiashmy alpine based zuul was around 600mb22:38
SpamapStobiash: interesting22:38
SpamapSWhat were you putting in there? ;)22:38
SpamapSzuul-scheduler                                                       latest                                            914c4f94bfda        2 weeks ago         265MB22:38
SpamapS(The base and scheduler are the same image w/ diff cmds)22:38
tobiashprobably because of something not cleaned up during installing gcc world, compiling stuff and deinstalling gcc world in a single docker task...22:39
SpamapStobiash: multi-stage builds FTW22:39
SpamapSwheel it up in a build stage, then just copy the wheels out into the runtime stage.22:39
tobiashSpamapS: tell that the openshift devs ;)22:39
SpamapSI've not used openshift. Not sure what the fuss is about. K8S+Artifactory is pretty nice.. :-P22:40
SpamapSOr in my case right now, K8S + AWS ECR22:40
SpamapSBut I'm sure there's some "Enterprise" thing I'm not doing that I should be. :)22:40
tobiashSpamapS: yes, I also plan to switch to something like this and not using buildconfigs anymore22:41
SpamapSI'm pretty happy with Spruce for templating things btw.22:41
SpamapShttps://github.com/geofffranks/spruce22:41
SpamapSI was going to make Helm charts for Zuul but Helm is.. not inspiring IMO.22:42
SpamapSBut I might open source our spruce based zuul env if I get time.22:42
tobiashinteresting, never heard about spruce22:43
clarkb256MB is about 1/3 the size of an image on centos to run rsyslog :P22:46
openstackgerritJames E. Blair proposed openstack-infra/zuul master: Add governance document  https://review.openstack.org/62243922:49
SpamapSIndeed. But to give context, it's likely only about 50MB bigger to run it on Debian or Ubuntu.22:49
SpamapS(as long as you start with the -slim containers which are basically just a bare debootstrap)22:50
clarkbalso alpine was around in the embedded space for a long time aiui (that is why musl too). The come out of nowhere was docker pushing them as a lightweight base alternative22:50
mordredSpamapS: so - the other reason I was doing alpine was that bubblewrap on debian was ... old, and it was the good version in alpine23:02
mordredbut - that's not really a long-term-design reason :)23:02
mordredSpamapS: and yeah - starting with python:slim instead of python:alpine would not be super onerous or anything23:03
SpamapSDid Bionic release with old too?23:04
SpamapS0.2.1 ..23:05
mordredpython:slim is on top of debian23:05
SpamapSAh yeah, 0.1.723:06
mordredSpamapS: which has 0.1.7-123:06
SpamapSlooks like backports has 0.3.123:07
mordredyeah. kind of unfortunate. then I went down the rabbit hole of trying to figure out how to express ppas in bindep files23:07
SpamapSany carrots down there?23:07
mordredjust insanity23:07
SpamapSA very merry unbirthday, to Stretch.23:08
SpamapScorvus: ok, so would this work the way I described I wanted it working (only run one version in either master, or prod)? http://paste.openstack.org/show/737515/23:18
SpamapSHopefully that only creates two variants in the config, one for all branches, and one for prod.23:18
SpamapS(and hopefully in prod, it only runs the prod one?)23:19
corvusSpamapS: that would work if it were in a branchless repo (eg, project-config, or tempest).  but in a branch repo, you'll need to add 'branches: .*' to the first job def.  other than that should be good.23:20
SpamapSOhhh23:24
SpamapSOk you said that before23:24
SpamapSnow I get why23:24
SpamapSimplicitness biting me ;)23:25
*** dkehn has quit IRC23:37
*** dkehn has joined #zuul23:38
corvusSpamapS: if you think this is the way everything should behave for this project, you may want to set https://zuul-ci.org/docs/zuul/user/config.html#attr-pragma.implied-branch-matchers to false23:39
corvusSpamapS: that will turn off implied branch matchers altogether in that repo.  then your example would work as you wrote it.23:39
corvusSpamapS: i should have thought of that earlier, but was probably trying to be too minimal in suggesting changes.23:40
SpamapScorvus: Hm, I'll think about it. I am seriously pondering de-branching anyway.23:42
SpamapScorvus: thanks for the help. My mind is fully unbent again.23:42
openstackgerritIan Wienand proposed openstack-infra/nodepool master: [wip] Add dogpile.cache master to the -src tests  https://review.openstack.org/62545723:43
corvusSpamapS: no prob.  i *think* we should be able to support either thing.  we've just learned another thing to say in the to-be-written narrative docs: if you're doing a dev/prod sort of branching, turn of implied-branch-matchers.  :)23:44
corvuss/turn of/turn off/23:44
SpamapSYeah I think that's right.23:46
SpamapSimplied matchers are really there for more of a stable branch setup, I presume.23:46
corvusyep23:54
« Sunday, 2018-12-16 Index Tuesday, 2018-12-18 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!