Tuesday, 2019-01-22

*** rlandy has quit IRC		00:47
openstackgerrit	Paul Belanger proposed openstack-infra/zuul master: Add data_files entry for zuul/web/static https://review.openstack.org/631494	01:25
openstackgerrit	Paul Belanger proposed openstack-infra/zuul master: Add data_files entry for zuul/web/static https://review.openstack.org/631494	01:47
pabelanger	mordred: I can't see to figure out why pbrx jobs are failing on ^, do you mind looking when you have free time	01:48
SpamapS	fungi: I tend to see equivs as "I give up packaging stuff". ;)	01:50
SpamapS	but this case seems like the corner it was ment to handle	01:50
fungi	well, yes. i mean it's a handy workaround of course	01:57
*** irclogbot_3 has quit IRC		03:16
*** irclogbot_3 has joined #zuul		03:24
*** bhavikdbavishi has joined #zuul		04:56
*** saneax has joined #zuul		05:34
*** badboy has joined #zuul		06:14
*** spsurya has joined #zuul		06:21
*** quiquell\|off is now known as quiquell		07:12
quiquell	AJaeger: o/	07:19
quiquell	https://review.openstack.org/#/c/623294	07:20
*** saneax has quit IRC		07:20
quiquell	Is this all good now?	07:20
quiquell	mordred: ∆	07:21
*** saneax has joined #zuul		07:27
*** saneax has quit IRC		07:30
*** pcaruana has joined #zuul		07:41
*** hashar has joined #zuul		08:21
*** avass has joined #zuul		08:27
*** electrofelix has joined #zuul		08:56
*** jpena\|off is now known as jpena		08:56
*** saneax has joined #zuul		09:20
*** saneax has quit IRC		09:31
*** saneax has joined #zuul		09:31
*** sanjayu_ has joined #zuul		09:34
*** saneax has quit IRC		09:37
*** bhavikdbavishi has quit IRC		09:51
*** sanjayu_ has quit IRC		10:05
*** sanjayu_ has joined #zuul		10:05
*** hashar has quit IRC		10:52
tobias-urdin	could somebody please review https://review.openstack.org/#/c/632163/ :)	10:53
tobias-urdin	so we can continue testing to get it working	10:53
*** bhavikdbavishi has joined #zuul		10:56
tobiash	tobias-urdin: lgtm, is this role already in use somewhere?	11:32
*** quiquell is now known as quiquell\|lunch		11:50
*** dkehn has quit IRC		11:51
avass	what does the zuul-daemon do?	12:02
avass	I mean the zuul_console daemon on the hosts	12:03
*** bhavikdbavishi has quit IRC		12:07
*** hjensas has quit IRC		12:21
*** bhavikdbavishi has joined #zuul		12:36
*** jpena is now known as jpena\|lunch		12:43
openstackgerrit	Simon Westphahl proposed openstack-infra/zuul master: List changed files for all commits between refs https://review.openstack.org/631797	12:45
*** quiquell\|lunch is now known as quiquell		12:54
*** hashar has joined #zuul		12:55
tobias-urdin	tobiash: well yes and no, we are trying to get it working in openstack ci but not working just yet, hopefully after that patch :)	13:07
*** bhavikdbavishi has quit IRC		13:17
*** bhavikdbavishi has joined #zuul		13:19
*** bhavikdbavishi has quit IRC		13:28
openstackgerrit	Matthieu Huin proposed openstack-infra/zuul-jobs master: install-nodejs: add support for RPM-based OSes https://review.openstack.org/631049	13:32
*** rlandy has joined #zuul		13:32
*** AJaeger has quit IRC		13:33
mordred	avass: that's what currently streams the console logs back to the executor so that they can be shown in the web dashboard and finger gateway	13:41
mordred	avass: there is half-finished work to rework how that is done and remove the need for the zuul_console daemon	13:42
*** jpena\|lunch is now known as jpena		13:47
avass	mordred: ah, just what i was looking for. I'm guessing there's no windows version of it, right?	13:48
mordred	avass: no, unfortunately not. I think the rework to replace zuul_console will work much better on windows	13:49
avass	mordred: alright	13:49
mordred	sorry bout that	13:49
*** bhavikdbavishi has joined #zuul		13:51
*** badboy has quit IRC		13:51
*** gtema has joined #zuul		13:55
*** AJaeger has joined #zuul		14:05
*** gtema has quit IRC		14:14
*** gtema has joined #zuul		14:14
*** sanjayu_ has quit IRC		14:19
*** sanjayu_ has joined #zuul		14:20
*** sanjayu_ has quit IRC		14:26
quiquell	mordred: Do zuul have any limitation on the kind of keys you have to set at sshkey at gerrit connection	14:32
quiquell	mordred: also can you use anonymous user there ?	14:32
*** saneax has joined #zuul		14:46
*** avass has quit IRC		15:02
*** hashar has quit IRC		15:22
*** avass has joined #zuul		15:24
*** quiquell is now known as quiquell\|off		15:25
openstackgerrit	Monty Taylor proposed openstack-infra/nodepool master: Build images with Dockerfile instead of pbrx https://review.openstack.org/632187	15:38
*** gtema has quit IRC		15:42
pabelanger	mordred: tobiash: do you have any thoughts on what is going on with https://review.openstack.org/631494/ and pbrx jobs? I am modifying the web/static folder location	15:48
*** openstackgerrit has quit IRC		15:51
mordred	pabelanger: no - I haven't dug in to it too much. I'm not 100% sure that's going to work though - I thought with wheel-based installs python stopped supporting installing things into arbitrary locations	15:59
mordred	pabelanger: however, it's also possible there is an issue because zuul/web/static/* is generated	15:59
mordred	pabelanger: I'm not 100% sure though - the logs are a bit weird - I'll need to dig in a bit more, but I've got a phone call I need to jump on rightnow	16:00
pabelanger	mordred: okay thanks, I'll keep digging too	16:01
dmsimard	vars in zuul jobs declaration are inventory vars, right ? not extra-vars ?	16:09
*** openstackgerrit has joined #zuul		16:10
openstackgerrit	Gabriele Cerami proposed openstack-infra/zuul master: Scheduler: make autohold hold_list configurable https://review.openstack.org/632498	16:10
openstackgerrit	Sagi Shnaidman proposed openstack-infra/nodepool master: Support userdata for instances in openstack https://review.openstack.org/630649	16:24
*** ianychoi has joined #zuul		16:26
Shrews	mordred: where is the change to publish opendevorg/python-builder?	16:33
Shrews	err, promote rather	16:34
Shrews	ah, found it	16:35
Shrews	but it haz sads	16:35
*** avass has quit IRC		16:46
*** hashar has joined #zuul		16:59
*** panda is now known as panda\|off		17:02
*** pcaruana has quit IRC		17:02
openstackgerrit	James E. Blair proposed openstack-infra/zuul-jobs master: Add docker image build jobs https://review.openstack.org/632172	17:02
openstackgerrit	Sagi Shnaidman proposed openstack-infra/nodepool master: Support userdata for instances in openstack https://review.openstack.org/630649	17:15
tobiash	dmsimard: yes, should be inventory vars	17:36
openstackgerrit	Tobias Henkel proposed openstack-infra/zuul master: Add spec for multi ansible version support https://review.openstack.org/623927	17:43
*** bhavikdbavishi has quit IRC		17:55
*** pcaruana has joined #zuul		18:01
*** ssbarnea\|rover has joined #zuul		18:02
*** ssbarnea\|bkp2 has quit IRC		18:04
*** hashar is now known as hasharDinner		18:05
*** jpena is now known as jpena\|off		18:22
*** pcaruana has quit IRC		18:23
SpamapS	is there any progress on a buildset page?	18:25
SpamapS	The default role that makes zuul log paths is chopping all but the last 2 chars off of PR#'s, so my GitHub status URLs are all wrong once a repo gets past PR#99.	18:26
SpamapS	and I can't do any transforms in the pipeline config.. so... status URL is officially busted. :-/	18:26
SpamapS	Oh hm	18:27
SpamapS	I guess I can do /builds?change=xxx	18:27
*** saneax has quit IRC		18:38
pabelanger	dmsimard: depends, https://zuul-ci.org/docs/zuul/user/jobs.html#variables	18:44
*** hasharDinner has quit IRC		18:56
*** jesusaur has quit IRC		18:59
*** hasharDinner has joined #zuul		18:59
openstackgerrit	Monty Taylor proposed openstack-infra/zuul-jobs master: Pull target from item in build image https://review.openstack.org/632528	19:00
mordred	Shrews: ^^ that	19:00
Shrews	lol	19:01
mordred	tobiash: ^^	19:01
*** ianw_pto is now known as ianw		19:02
Shrews	mordred: hrm, no easy way to fix the opendevorg/python-builder upload without a change i guess?	19:02
mordred	yeah- I was just looking for something to change	19:02
tobiash	mordred: lgtm	19:03
mordred	tobiash: thanks! opendevorg/python-builder currently has the contents of opendevorg/python-base - which does not work very well as a builder image	19:04
tobiash	ah, so we need to land that and trigger a rebuild of it	19:06
Shrews	tobiash: https://review.openstack.org/632529 is the trigger, fwiw	19:07
Shrews	though perhaps it should use depends-on to prevent it from going in before the fix	19:07
tobiash	lol	19:08
pabelanger	Hmm, so I think swift container names have to be unique in cloud	19:09
pabelanger	confirming now	19:10
mordred	pabelanger: I think they only have to be unique within a project	19:11
pabelanger	mordred: not sure, i get Conflict (HTTP 409) (Request-ID: tx0000000000000000e4df3-005c476a63-3c95143d-default) if I try to create 'logs' container, but my project is empty	19:13
mordred	pabelanger: yay! I wonder if that's related to radosgw somehow	19:13
mordred	pabelanger: (I'm assuming this is on vexxhost)	19:13
pabelanger	mordred: yah, think we need help from mnaser here	19:13
timburke	mordred: that was my first thought, too :-)	19:13
pabelanger	yup	19:13
tobiash	pabelanger, mordred: they must be unique on the whole swift service	19:14
tobiash	it's the same on aws s3 btw	19:14
timburke	sure sounds like a ceph limitation to me ;-)	19:14
pabelanger	tobiash: yup, confirmed: https://object-storage-ca-ymq-1.vexxhost.net/v1/e0cc062046f0440db462b035c5df0910/vexxhost-poc-logs/2/2/d1a1139de90e4248fc42f1709da95685fc01287f/check/tox-linters/f193fa2/	19:14
mordred	timburke: so you're saying that there is a bug in radosgw from a swift POV then?	19:14
pabelanger	so, i think our upload-logs-swift need to be updated to trap 409 resp, took me a while to figure this one out	19:15
mordred	tobiash: amazon s3 requires a container name to be unique across all of amazon?	19:15
pabelanger	as zuul would success but logs in swift be empty	19:15
tobiash	mordred: at least across the region	19:15
mordred	pabelanger: yah - seems like an important error to handle	19:15
mordred	tobiash: wow. that legitimately boggles my mind	19:15
timburke	mordred: yeah, the 409 description of "The container already exists under a different user’s ownership." from http://docs.ceph.com/docs/master/radosgw/swift/containerops/#http-response is definitely a divergence from swift behavior	19:16
tobiash	yes ;)	19:16
Shrews	wow, how wonderfully limiting	19:16
mordred	well - I'll give swift credit for doing the right thing here when s3 is clearly INSANE	19:16
* mordred hands timburke a cookie		19:16
timburke	mordred: bonus fun: that sort of behavior has been implicated in some security holes, like https://www.safetydetective.com/blog/microsoft-outlook/	19:18
mordred	timburke: uh - yeah. I'd imagine it would be - it's a TERRIBLE design	19:19
mordred	timburke: taht was literally the first attack that came to mind within the first few seconds of learning that container names have to be unique globally	19:19
pabelanger	best part, if you try to create 'logs' container in horizon, you actually get kicked out of horizon when you enter container name into web. something, something, security?	19:20
timburke	so protip: audit your CNAME records! make sure if any of them point to somewhere on AWS/Azure/wherever, they still actually exist and are under your control!	19:21
timburke	'cause if you don't do it, someone else may ;-)	19:21
mordred	timburke: I'd say that if any of your CNAME records point to anything on AWS/Azure your'e already screwed	19:21
mordred	timburke: :)	19:21
pabelanger	so yay, I now have a functional zuul in vexxhost for 3pci testing, swift was the last step	19:24
mordred	pabelanger: woot!	19:24
pabelanger	and if people are intersted, it is even 1 zuul deploying another zuul via post pipeline: https://ansible-network.softwarefactory-project.io/zuul/builds?job_name=windmill-config-deploy	19:25
pabelanger	zuul all the way down	19:25
*** jesusaur has joined #zuul		19:25
jkt	I'm getting a weird error, https://gerrit.cesnet.cz/c/ci/project-config/+/1277#message-ca7c4a1281c54ce48e4119844d6df0a9673f4d68	19:30
jkt	I wonder why it says that it cannot find the "dummy" project	19:30
jkt	it is defined in https://gerrit.cesnet.cz/plugins/gitiles/ci/project-config/+/master/zuul/tenants.yaml#24	19:31
pabelanger	jkt: have you reloaded zuul scheduler with latest main.yaml?	19:32
jkt	is it actually OK to use multiple tenants like this, with a shared config-projects repo?	19:32
tobiash	corvus: what do you expect if there are two pipelines with the same name in different config projects?	19:32
jkt	pabelanger: yes (it's via the script option, and I restarted the zuul-scheduler)	19:32
pabelanger	jkt: you should be able to look at debug log to see, possible scheduler didn't load the project for some reason. Eg: existing zuul.d folder	19:33
tobiash	I think I found a project that tried to 'redefine' a pipeline which is already defined in a central config repo	19:33
tobiash	and zuul doesn't seem to raise a config error	19:33
jkt	pabelanger: is it OK to reference the same project-config repo from multiple tenants like I am doing?	19:33
pabelanger	jkt: yes, but you won't be able to share things like secrets	19:34
pabelanger	so you need to be careful	19:34
jkt	my first tenant, the CzechLight-internal, indeed doesn't list the "dummy" repo	19:34
pabelanger	jkt: I think tobiash shares config-projects between tenants, currently I don't (plan to test)	19:35
jkt	tobiash: got a sample config I could look at?	19:35
tobiash	jkt: you can just add it normally to the tenant that should gate on the config repo, the other tenants can just list it by excluding 'project': http://paste.openstack.org/show/743115/	19:37
jkt	tobiash: right, thanks, so this looks like trying to share two project definitions between two tenants is a no-go	19:38
tobiash	and yes, you can share secrets as the private keys are not dependent of the tenant	19:38
tobiash	jkt: not necessarily	19:39
tobiash	jkt: sharing check could be ok, but sharing gates is a no-go	19:39
jkt	I wonder if I actually need multi tenants in the first place	19:39
tobiash	jkt: depends on your role	19:39
jkt	I think that one benefit are separate dashboards if I can somehow block access to the top-level dashboard site	19:40
tobiash	if you're ci service provider for multiple distinct project it can make much sense	19:40
jkt	tobiash: my use case is that we have both public open source SW and some internal-still-proprietary SW within one Gerrit server	19:40
jkt	I would prefer not to share the CI logs etc with the rest of the world	19:41
tobiash	jkt: you can always put an authenticating proxy in front of zuul and even authenticate path based behind the tenant paths	19:41
*** hasharDinner is now known as hashar		19:41
tobiash	jkt: ok, this use case needs much thoughts. If you can separate auth clearly by putting a proxy in front multi tenant would be an option	19:42
tobiash	but you have to also take log storage etc into account	19:42
jkt	ack	19:42
tobiash	so if you don't want to risk disclosure you also can think about two zuul deployments	19:43
tobiash	these still can share common projects if needed	19:43
openstackgerrit	Merged openstack-infra/zuul-jobs master: Pull target from item in build image https://review.openstack.org/632528	19:47
corvus	tobiash: oh, hrm. i don't think you should be able to redefine a pipeline; i think that should be an error, and the first one should win.	19:50
*** pcaruana has joined #zuul		19:50
tobiash	corvus: I just prototyped a quick test case and it seems that it doesn't throw an error and the last one wins	19:51
corvus	tobiash: i think we should fix that	19:51
tobiash	++	19:51
openstackgerrit	Merged openstack-infra/zuul-jobs master: Use become for packages in upload-puppetforge https://review.openstack.org/632163	20:08
*** pcaruana has quit IRC		20:11
*** pcaruana has joined #zuul		20:24
mordred	Shrews: the python-builder updated image has been rebuilt and published - so if you docker pull it you should now be able to successfully build the nodepool images	20:25
Shrews	mordred: yeah, already doing so. looks good so far	20:27
pabelanger	corvus: did say you are looking to do a release of zuul this week?	20:28
pabelanger	I wouldn't mind one to pick up known_hosts / add_host fixes	20:29
jkt	tobiash, pabelanger: thanks, it was indeed due to my misunderstanding and reusing the same config in two tenants	20:35
jkt	with all the associated funny effects like duplicate job results, etc :)	20:35
openstackgerrit	Tobias Henkel proposed openstack-infra/zuul master: Raise an error if pipeline is defined twice https://review.openstack.org/632550	20:35
corvus	yeah, sharing configuration is a spectrum -- there's no hard rule about whether you should share none, a little, or a lot between tenants. it depends on needs.	20:39
corvus	pabelanger: i think/hope we will have a release this week.	20:39
tobiash	there is also a node leak fix that should go into one of the next releases: https://review.openstack.org/613261 :)	20:40
corvus	tobiash: agreed; i will try to review it asap	20:41
tobiash	thanks :)	20:41
jkt	I wonder why a new job is not picked by Zuul here: https://gerrit.cesnet.cz/c/dummy/+/1286#message-8a7b11541f4dcfe1303705997a98f9bee5d5dcd9	20:58
jkt	is that because I already have a noop job listed in my ci/project-config-public?	20:59
jkt	I do not have any base job defined (the docs said that there's an implicit one), and I have not defined any nodeset either	21:01
jkt	...but defining a node set does not change stuff as far as I can tell	21:03
tobiash	jkt: the problem is that you don't have a job named base	21:08
tobiash	jkt: if you don't set a parent, the parent is by default 'base'	21:08
tobiash	jkt: and if that doesn't exist, it will be ignored	21:08
tobiash	jkt: but you can set 'parent: null' to make it a job without parent...	21:09
jkt	tobiash: thanks	21:09
corvus	tobiash, mordred, SpamapS, pabelanger: can you take a look at https://storyboard.openstack.org/#!/story/2004837	21:10
jkt	tobiash: seems that https://softwarefactory-project.io/docs/zuul/glossary.html#term-base-job should be updated, though	21:10
tobiash	corvus: reading	21:10
corvus	jkt: there's some narrative documentation about base jobs in the quick start -- https://zuul-ci.org/docs/zuul/admin/quick-start.html#configure-zuul-pipelines then scroll down to "Every real job" (sorry, i guess we need better anchors in there)	21:12
corvus	jkt: https://zuul-ci.org/docs/zuul/admin/quick-start.html#configure-a-base-job is the real meat	21:12
jkt	corvus: I can do that, it's just that the docs speak about that "implicit base job" which is said to exist for each tenant	21:13
corvus	jkt: you may also be interested in the recommended base jobs https://git.zuul-ci.org/cgit/zuul-base-jobs/tree/	21:13
jkt	if it exist, how come that I have to define it?	21:13
corvus	jkt: ah, i understand the ambiguity you are describing and agree we can/should update the docs to clarify it :)	21:13
openstackgerrit	Merged openstack-infra/nodepool master: Add dogpile.cache master to the -src tests https://review.openstack.org/625457	21:15
jkt	corvus: I'll be happy to review it once it's done :), at this time I don't think I'm qualified to propose a better wording :)	21:15
corvus	the thing we need to convey: the site operator is expected to have defined at least one base job for the use of tenants and, if there is more than one, select one as the default for each tenant; once that's done, end-users can rely on that default being the implicit parent of any jobs which do not explicitly set a parent attribute.	21:17
jkt	just fyi, there's also no warning when there's no base job	21:18
corvus	that would be a very reasonable config error to report in the logs and web dashboard :)	21:19
*** pcaruana has quit IRC		21:19
SpamapS	corvus: seems legit. There's a typo "emoved the allowed-projects acces restriction"	21:25
openstackgerrit	Tobias Henkel proposed openstack-infra/zuul master: Raise an error if pipeline is defined twice https://review.openstack.org/632550	21:37
openstackgerrit	Merged openstack-infra/zuul master: Fix node leak when skipping child jobs https://review.openstack.org/613261	21:44
corvus	okay, i'll push that change up now and make the story public	21:58
openstackgerrit	James E. Blair proposed openstack-infra/zuul master: Set allowed-projects on untrusted jobs with secrets https://review.openstack.org/632566	21:59
openstackgerrit	James E. Blair proposed openstack-infra/zuul master: Set allowed-projects on untrusted jobs with secrets https://review.openstack.org/632566	22:01
mordred	corvus: do you know if it's possible to consume 2 yaml anchors in the same place?	22:07
corvus	mordred: i don't know	22:07
SpamapS	corvus: aand I just remembered I can fix typos myself. ;)	22:08
mordred	corvus: I find that I want to do "vars: zuul_image_vars + nodepool_image_vars" - and I'm pretty sure that's not a thing	22:08
SpamapS	mordred: that's not a thing	22:08
corvus	when the allowed-projects change lands, i'll restart openstack with it, and if it checks out, i'll tag that as 3.5.0	22:08
SpamapS	wanted that as well	22:08
SpamapS	and came up with spruce	22:08
mordred	corvus: ++	22:08
SpamapS	as in, "oh you can't do that in YAML, you need something like spruce"	22:09
corvus	mordred: maybe i can get you on board the multiple inheritance train :)	22:09
mordred	corvus: I'm on the multiple inheritance train! I just don't understand it yet :)	22:09
SpamapS	mordred: you might be able to bend this one: https://yaml.org/type/merge.html	22:09
corvus	parent: [zuul-image-vars-job, nodepool-image-vars-job]	22:10
mordred	cooooh	22:10
mordred	corvus: (I realized that we need to build the zuul and the nodepool images using the dockerfile in the quick-start job)	22:10
corvus	mordred: yeah, i think i'll propose the change to do ^ that so that it's understandable :)	22:10
SpamapS	but merge YAML is like.. zomg wtf is this whenever I encounter it	22:10
mordred	corvus: and the best way to do that ... is with the build-docker-image role using the vars already defined	22:10
jkt	what can I use to SCP logs to some log server? The docs say that https://zuul-ci.org/docs/zuul-jobs/roles.html#role-upload-logs should do that, but doing something like zuul_logserver_root: "user@server:/path" results in an error	22:11
corvus	jkt, mordred: i think the upload-logs has an undocumented expectation that add_host will be used to add the remote server?	22:12
mordred	corvus: I think you might be right	22:12
jkt	corvus: I'm still embarasingly new to ansible; do you have an example?	22:13
corvus	jkt: so i think you need this role as well https://zuul-ci.org/docs/zuul-jobs/roles.html#role-add-fileserver	22:13
corvus	jkt: yes, here's openstack's use of that. lines 1-11 http://git.openstack.org/cgit/openstack-infra/project-config/tree/playbooks/base/post-logs.yaml	22:14
corvus	jkt: you can ignore the last task (lines 13+)	22:14
corvus	jkt: you may also want to omit line 5 for simplicity	22:14
mordred	SpamapS: ooh - I _could_ use that ... except I then need a list merge of a subkey :(	22:15
jkt	corvus: thanks, that makes sesne	22:16
openstackgerrit	James E. Blair proposed openstack-infra/zuul-jobs master: Document upload-logs reliance on add-fileserver https://review.openstack.org/632572	22:18
corvus	jkt, mordred: ^	22:18
corvus	er, hang on :)	22:19
openstackgerrit	James E. Blair proposed openstack-infra/zuul-jobs master: Document upload-logs reliance on add-fileserver https://review.openstack.org/632572	22:19
corvus	mordred: that removes the {{site_logs}} stuff from the example. though i believe the intent was eventually to figure out how to get that to work with zuul-base-jobs.	22:20
openstackgerrit	Monty Taylor proposed openstack-infra/zuul master: Build zuul containers with dockerfile not pbrx https://review.openstack.org/631840	22:20
openstackgerrit	Monty Taylor proposed openstack-infra/zuul master: Remove zuul-migrate and zuul-bwrap images https://review.openstack.org/632167	22:20
openstackgerrit	Monty Taylor proposed openstack-infra/zuul master: Switch to zuul-jobs docker jobs https://review.openstack.org/632173	22:20
openstackgerrit	Monty Taylor proposed openstack-infra/zuul master: Replace build-essential with gcc/g++ https://review.openstack.org/632576	22:20
openstackgerrit	Monty Taylor proposed openstack-infra/zuul master: Update quick-start job to build images with dockerfile https://review.openstack.org/632577	22:20
corvus	i'm not sure whether we should put that in the example now, or omit it to keep things simple.	22:20
mordred	well that was almost certainly not what I wanted to do	22:20
mordred	corvus: reading	22:20
jkt	corvus: I'll post my CR once I get this working (it's also about SSH keys and therefore I should first understand zuul's secrets, etc)	22:22
mordred	corvus: hrm. I'm also not sure ...	22:24
mordred	corvus: without the site_logs secret (or a secret with those things), the add_host command in the example is incomplete	22:25
mordred	corvus: since fileserver takes a dict	22:25
mordred	BUT - that's starting to get long ... but maybe that's a good place to put a more comprehensive chunk?	22:25
corvus	mordred: oh, then we should definitely -1 that and go with the full site_logs secret. :)	22:27
corvus	mordred: this is obvious now that you mention it. thanks, and sorry for the derp.	22:27
corvus	mordred: i'll rewrite that including site_logs	22:27
mordred	corvus: woot	22:28
SpamapS	mordred: I'd suggest wrapping your playbook in a zuul-friendly playbook and just passing the two lists in as separate vars.	22:30
SpamapS	I have a number of playbooks that work without zuul, and then a foo-zuul.yaml that just does an import_playbook: with the vars rearranged.	22:30
SpamapS	It's not a bad pattern really, keeps the zuul stuff out of the ansible.	22:31
mordred	SpamapS: yeah - I think I'm going to have to wind up doing something similarish	22:34
*** hashar has quit IRC		22:35
corvus	yep, we could have an ansible playbook that "builds the zuul images" and then several jobs which invoke that, but it's also runnable locally	22:38
* mordred wishes he could do "docker build . --all-targets --tag-prefix=opendevorg" and have docker keep all of the intermediate images and tag them with {tag_prefix}/{intermediate-image-name}		22:40
mordred	instead of needing call docker build 8 times - but what can you do	22:41
openstackgerrit	James E. Blair proposed openstack-infra/zuul-jobs master: Document upload-logs reliance on add-fileserver https://review.openstack.org/632572	22:41
corvus	jkt, mordred: with more docs ^	22:41
jkt	corvus: that looks good, thanks, I'll add my vote tomorrow	22:44
openstackgerrit	Monty Taylor proposed openstack-infra/zuul master: Update quick-start job to build images with dockerfile https://review.openstack.org/632577	22:55
mordred	corvus: ^^ that is a much smaller version	22:57
*** ParsectiX has joined #zuul		23:06
ParsectiX	Hi guys,	23:11
ParsectiX	I would like to introduce Zuul to my company. Although I don’t know from where to start. I have followed the quick start guide and played with the system. Documentation it’s really great but I’m not understanding all the moving parts yet.	23:11
ParsectiX	From where can I start ? Can you provide some guidance?	23:11
dmsimard	ParsectiX: ask away :D	23:12
dmsimard	there's plenty of zuul operators around	23:12
ParsectiX	Can I run/develop those jobs on my local machine?	23:22
pabelanger	corvus: just reading https://storyboard.openstack.org/#!/story/2004837 now, thanks	23:24
corvus	ParsectiX: one easy way would be to continue using the quick-start -- it's set up to run jobs on your local machine (in a container)	23:25
pabelanger	interesting issue, we aren't using 'restricted check' today, but have considered.	23:26
pabelanger	nice find	23:26
corvus	pabelanger: yeah, it's one of the original zuulv3 use cases, so if it doesn't work, it's a bug :\|	23:27
pabelanger	yah	23:27
ParsectiX	Can I use Zuul without gerrit?	23:29
pabelanger	ParsectiX: yes, github is the other driver it supports	23:31
ParsectiX	Nice	23:31
corvus	ParsectiX: yes, you can use it with github. we hope to have other drivers in the future as folks volunteer to write them.	23:31
mordred	++	23:31
corvus	(you can also load configuration from plain git repos, but you can't use those for reviewing/gating changes)	23:32
openstackgerrit	Merged openstack-infra/zuul master: Set allowed-projects on untrusted jobs with secrets https://review.openstack.org/632566	23:36
openstackgerrit	James E. Blair proposed openstack-infra/zuul master: Fix secondary exception in fingergw https://review.openstack.org/632582	23:37
corvus	pabelanger: ^	23:37
corvus	pabelanger: http://logs.openstack.org/66/632566/2/gate/tox-py36/c927e1e/job-output.txt.gz#_2019-01-22_23_29_15_817739	23:37
pabelanger	eep	23:38
pabelanger	+2	23:39
ParsectiX	Can I use the same Ansible role to build a project locally and on the CI server?	23:42
corvus	ParsectiX: usually, yes. that's the idea behind zuul. there are some things that zuul doesn't allow untrusted projects to do (because they could compromise the zuul system itself). those usually only show up in fairly advanced playbooks. if you run into that, you can always have zuul run the 'ansible-playbook' command.	23:44
corvus	ParsectiX: but generally, the best approach is to write ansible playbooks that work on their own, and have zuul run them. basically, zuul supplies the inventory file. if you want to run them locally, you supply the inventory file.	23:45
ParsectiX	corvus: Thanks. I'm wondering how can I have the same output when running locally and on Zuul. Is there a way to integrate the callbacks and libraries to a local role?	23:48
SpamapS	You can run with the zuul plugins loaded, but there's no trivial way to do that... you have to set al the ansible variables just right to make it work.	23:50
SpamapS	I find myself wanting command output streaming all the time when running ansible locally.	23:51
corvus	ParsectiX: the streaming log output in particular won't work outside of zuul. we have plans to rework that and make it possible to integrate into upstream ansible, but that hasn't been fully implemented yet.	23:51
corvus	ParsectiX: but things like setting up log streaming and copying logs should be handled in base jobs, so they shouldn't require any zuul-specific tasks be added to the playbooks of normal jobs	23:53
ParsectiX	corvus: Yeah make sense. I just wanted to see if I can give to my developers the same user experience on both cases	23:55

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!