Thursday, 2019-01-24

« Wednesday, 2019-01-23 Index Friday, 2019-01-25 »
openstackgerritTristan Cacqueray proposed openstack-infra/zuul-jobs master: add-build-sshkey: remove previously authorized build-sshkey  https://review.openstack.org/63262000:56
SpamapSanother option would be to add a `dequeue-trigger:` to pipelines.00:57
SpamapSAnd then make sure there are sufficient actions to just catch what gets sent whenever a label is removed.00:58
SpamapSor maybe cancel-trigger would be more clear00:58
openstackgerritzhouxinyong proposed openstack/pbrx master: Fix author-email in setup.cfg  https://review.openstack.org/63284702:03
*** bhavikdbavishi has joined #zuul02:09
*** bhavikdbavishi has quit IRC02:37
*** bjackman has quit IRC02:54
*** dkehn has quit IRC03:11
*** bhavikdbavishi has joined #zuul03:27
*** bhavikdbavishi has quit IRC03:31
*** bhavikdbavishi has joined #zuul03:35
*** rlandy|bbl is now known as rlandy03:53
*** spsurya has joined #zuul04:33
*** bjackman has joined #zuul04:58
SpamapSwhoa, this is weird05:09
SpamapSI pulled in someone else's branch into my fork, submitted a new PR for it, and Zuul got confused and is running with change set to the original05:10
SpamapSoh.. and circleci got confused too....05:11
* SpamapS is so stealing the promote pipeline05:21
*** quiquell|off is now known as quiquell06:01
quiquellSpamapS: good morning this is good to merge https://review.openstack.org/#/c/62329406:13
quiquellTesting patches are in the comments06:13
quiquellMaybe you can help06:13
*** badboy has joined #zuul06:22
*** saneax has joined #zuul06:22
quiquellAJaeger: multinode job working at test reviews https://review.openstack.org/#/c/62329406:28
quiquellIs good to merge06:28
quiquelltristanC: ^06:40
quiquellsshnaidm|afk: did you have a testing tenant?06:42
quiquellOpenatack tenant I mean06:42
sshnaidm|afkquiquell, yep06:43
quiquellWant to try to start to experiment with the repro ci there06:43
badboyhi guys06:57
badboyAny ideas on hot to debug Zuul's log:06:57
badboyWARNING zuul.Scheduler: Tenant example-tenant isn't loaded06:57
badboythe tenant_config is correct in /etc/zuul/main.yaml06:58
badboy:q06:58
badboyups ;)06:59
quiquellbadboy: It takes time to startup07:01
quiquellbadboy: in case the message is at start up07:02
quiquellbadboy: Tenant is loaded after you see it parses the config in the logs07:02
quiquellbadboy: but takes time07:02
badboyquiquell: it's not on startup, it's everytime I open Zuul's webpage07:03
badboythe dashboard07:03
quiquellbadboy: Well it means something is not good not at the main.yaml but at the project zuul config07:03
quiquellbadboy: you can check in the logs07:03
badboyquiquell: can it be that gerrit is unavailable?07:04
badboyquiquell: because I know it's down for maintenance07:04
quiquellquiquell: yep07:04
quiquellquiquell: that would be very verbose at logs too07:04
badboy2019-01-23 23:04:31,532 DEBUG zuul.RPCListener: Received job zuul:status_get 2019-01-23 23:04:31,532 WARNING zuul.Scheduler: Tenant example-tenant isn't loaded 2019-01-23 23:04:31,573 DEBUG zuul.RPCListener: Received job zuul:config_errors_list07:05
badboysorry for spamming07:05
quiquellbadboy: Have you see anything regarding gerrit connections ?07:09
quiquellbadboy: At startup you see how it get of the refspecs and the like07:09
quiquellbadboy: If something with the key or connection is no good you see it there in the scheduler07:09
badboyquiquell: the gerrit I'm trying to connect is currently offline07:10
quiquellbadboy: maybe there is a mirror or the like, so you can change it07:11
quiquellbadboy: but without mirror there is nothing to do I think07:11
badboyquiquell: it's my internal dev gerrit07:11
badboyquiquell: as the is a proof of concept I wouldn't want to connect to a production gerrit07:12
badboyquiquell: so I guess I have to wait for it to become online07:12
quiquellbadboy: Do you have a lot of projects if not maybe you can mimic your internal gerrit at localhost and connect to it07:13
quiquellbadboy: with empty projects07:13
quiquellbadboy: or importing the projects if they are not huge07:13
badboyquiquell: that's another option but I would have to reconfigure it so that is resembles the dev gerrit and I'm not the one who configured it07:14
badboyquiquell: but thx for the hint07:14
quiquellquiquell: well you can also change your /etc/resolv.conf to point to your local gerrit :-)07:15
quiquellbadboy: take a look at zuul quickstart it's good to test stuff07:15
quiquellbadboy: https://zuul-ci.org/docs/zuul/admin/quick-start.html07:16
badboyquiquell: I've already tried the docker approach07:16
quiquellbadboy: ack07:16
badboyquiquell: it working great07:16
badboyquiquell: now I want to do that on my own machines without docker07:16
quiquellbadboy: was good for us a our team, we are using it for other matters07:16
quiquellbadboy: like baremetal ?07:17
badboylike vms07:17
quiquellI see07:18
badboyquiquell: I cannot wrap my head around the web dashboard config for nginx or apache07:18
badboyquiquell: do you have any working vhost config for that?07:19
quiquellbadboy: nah, I am just using docker version of it for my team purposes07:19
quiquellbadboy: and reporting possible issues07:20
badboyquiquell: i see07:20
quiquellbadboy: I am not a zuul developer, maybe some exporadical patches07:20
tristanCbadboy: vhost configuration depends on if you want whitelabel tenant interface or multi-tenant07:22
quiquelltristanC: Good morning sir07:29
tristanCquiquell: 'morning07:31
badboytristanC: hi, I would be good to post an example config in the docs07:33
tristanCbadboy: aren't those enough https://zuul-ci.org/docs/zuul/admin/installation.html#web-deployment-options ?07:34
tristanCbadboy: you may want to give those a try too: https://review.openstack.org/#/c/608850/2/doc/source/admin/installation.rst07:35
openstackgerritMerged openstack-infra/zuul-jobs master: Apply requested tags locally for docker build  https://review.openstack.org/63279007:36
openstackgerritMerged openstack-infra/zuul-jobs master: Document upload-logs reliance on add-fileserver  https://review.openstack.org/63257207:37
badboytristanC: thx, will look into that07:38
quiquelltristanC: It's this good now ? https://review.openstack.org/#/c/623294/07:38
quiquelltristanC: Do I need to test something else ?07:38
badboytristanC: /usr/share/zuul doesn't exist07:38
badboytristanC: where does the "pip3 install ." put the web files?07:39
*** quiquell is now known as quiquell|brb07:42
tristanCbadboy: iirc you need yarn installed to get pip to build the web files, and iirc pip puts them in site-packages/zuul/web/static07:44
tristanCbadboy: you may want to grab a pre-build version from http://tarballs.openstack.org/zuul/zuul-content-latest.tar.gz07:45
badboytristanC: so the vhost config shou point to /usr/local/lib/python3.6/site-packages/zuul/web/static, right?07:45
tristanCquiquell|brb: it lgtm07:46
tristanCbadboy: that would work i guess07:46
badboytristanC: worth noting in the docs I guess07:47
badboytristanC: on Ubuntu 18.04 it's /usr/local/lib/python3.6/dist-packages/zuul/web/static/07:48
*** quiquell|brb is now known as quiquell08:18
quiquelltristanC: can you workflow it?08:18
*** themroc has joined #zuul08:18
tristanCquiquell: actually i'm not a zuul maintainer :)08:19
quiquelltristanC: then some blessing with +1 would be good too08:20
quiquellThanka08:20
*** badboy has quit IRC08:36
*** badboy has joined #zuul08:42
*** jpena|off is now known as jpena08:42
*** avass has joined #zuul08:43
*** hashar has joined #zuul08:44
badboywhere did I go wrong?08:48
badboyparamiko.ssh_exception.SSHException: Signature verification (ssh-ed25519) failed.08:49
*** ianychoi has quit IRC08:55
*** bjackman has quit IRC09:08
*** bjackman has joined #zuul09:12
*** bjackman has quit IRC09:20
*** bjackman has joined #zuul09:26
*** bjackman has quit IRC09:30
*** sanjayu_ has joined #zuul09:36
*** saneax has quit IRC09:38
tristanCbadboy: we had the same issue recently, it seems like paramiko doesn't like non ssh-rsa keys, removing the offending type from ~zuul/.ssh/known_hosts should fix it09:39
*** luizbag has joined #zuul09:50
*** bjackman has joined #zuul09:50
*** electrofelix has joined #zuul09:51
quiquelltristanC: this is host key verification or priv key verification ?09:52
quiquelltristanC: priv key the issues is different09:52
*** sshnaidm|afk is now known as sshnaidm09:53
tristanCquiquell: it seems like host key verification09:53
quiquellbadboy, tristanC: Maybe this is related too https://storyboard.openstack.org/#!/story/200484209:53
avasshmm, is there any way to get a 'worker-id', like a number, from nodepool to be able to set a different workspace depending on worker-id on a static node when max-parallel jobs is set higher than 1?09:55
*** ssbarnea|rover has joined #zuul10:02
*** ssbarnea|bkp2 has quit IRC10:04
quiquellavass: There is a web api at nodepool, maybe there is something there than you can use10:05
quiquellavass: https://zuul-ci.org/docs/nodepool/operation.html#web-interface10:06
*** sanjayu_ has quit IRC10:07
*** ssbarnea|bkp2 has joined #zuul10:07
*** sanjayu_ has joined #zuul10:08
quiquellcorvus, fungi: Are you up for a +w https://review.openstack.org/#/c/623294/  ? it's look ok now10:10
*** ssbarnea|rover has quit IRC10:10
quiquellianw: ^ ?10:10
avassquiqell: thanks I'll take a look at that10:12
quiquellavass: yw10:14
pandaany feedback on http://lists.zuul-ci.org/pipermail/zuul-discuss/2019-January/000715.html before I start fixing 10 millions lines in tests ?10:22
*** bhavikdbavishi has quit IRC10:22
openstackgerritJean-Philippe Evrard proposed openstack-infra/zuul-jobs master: Allow different filenames for Dockerfiles  https://review.openstack.org/63297910:31
openstackgerritGabriele Cerami proposed openstack-infra/zuul master: Scheduler: make autohold hold_list configurable  https://review.openstack.org/63249810:34
quiquelltristanC: Do you know if zuul just open one gerrit connection per gerrit server or multiple ?11:01
*** ssbarnea|rover has joined #zuul11:23
*** ssbarnea|bkp2 has quit IRC11:24
*** hashar has quit IRC11:30
*** bhavikdbavishi has joined #zuul11:36
tristanCquiquell: only one iirc, but perhaps multiple channels when requestion change... why do you ask?11:39
quiquelltristanC: we were running zuul with a user and get too much concurrent connections11:40
quiquelltristanC: looks like we where not graceful shutting down, now it's all good11:40
sshnaidmtristanC, do you know what is policy for building zuul/nodepool-launcher for example? I see it's 6 days old11:43
sshnaidmand all other zuul/* containers are pretty old, a few days before11:43
quiquellsshnaidm, tristanC: openstackzuul-pbrx-push-container-images is failing11:45
sshnaidmquiquell, link..?11:46
quiquellhttp://zuul.openstack.org/builds?project=openstack-infra%2Fnodepool&job_name=openstackzuul-pbrx-push-container-images11:46
tristanCsshnaidm: you mean docker.io/zuul namespace? i don't know how this works11:46
*** gtema has joined #zuul11:46
quiquelldenied: requested access to the resource is denied11:47
quiquellsshnaidm: is at post pipeline, so it does not vote in the gates :-/11:48
quiquellsshnaidm: maybe they reached a limit at dockerhub11:48
quiquellsshnaidm: or password changed11:48
sshnaidmquiquell, yeah, asking on infra channel11:50
quiquellsshnaidm: Let's see11:50
*** ssbarnea|bkp2 has joined #zuul11:52
*** ssbarnea|rover has quit IRC11:54
*** hashar has joined #zuul11:58
openstackgerritMerged openstack-infra/zuul-jobs master: Default private_ipv4 to use public_ipv4 address when null  https://review.openstack.org/62329412:16
*** panda is now known as panda|lunch12:17
*** gtema has quit IRC12:18
*** quiquell is now known as quiquell|lunch12:36
*** ssbarnea|rover has joined #zuul12:37
*** ssbarnea|bkp2 has quit IRC12:39
*** jpena is now known as jpena|lunch12:40
*** pcaruana has quit IRC12:40
*** jesusaur has quit IRC12:48
*** quiquell|lunch is now known as quiquell12:54
badboyshould I be worried about something like this in Zuul's logs?12:55
badboyAttributeError: 'MergeJob' object has no attribute 'updated'12:55
*** panda|lunch is now known as panda12:55
*** quiquell is now known as quiquell|brb12:59
*** bhavikdbavishi has quit IRC12:59
*** bhavikdbavishi has joined #zuul13:00
*** bjackman has quit IRC13:09
*** gtema has joined #zuul13:09
*** quiquell|brb is now known as quiquell13:15
*** pcaruana has joined #zuul13:20
*** hashar has quit IRC13:22
odyssey4messhnaidm It could useful to have userdata_file as another option? Either that, or some way to have it grab a file instead of specifying the content directly in nodepool.yaml13:24
sshnaidmodyssey4me, I thought about it, but wonder - where can I put the file so that it could be passed to nodepool?13:25
odyssey4messhnaidm well, the file would need to be local to nodepool at the specified path13:25
odyssey4mehow it gets there is up to the user13:25
sshnaidmodyssey4me, so it should be on nodepool host itself13:25
odyssey4messhnaidm yeah - it useful when using a bash script to have that... trying to use the native yaml formatted config gets a bit complicated13:26
sshnaidmodyssey4me, yeah, it could be useful I think13:27
odyssey4messhnaidm I wonder though, whether a new attribute makes sense - or whether there's another way to do it13:31
*** gtema has quit IRC13:31
odyssey4mein ansible, for example, we use a jinja lookup - something like this... userdata: "{{ lookup('file', /path/to/file) }}"13:32
odyssey4methat pulls the file into the value of the var13:32
*** gtema has joined #zuul13:32
sshnaidmodyssey4me, mm.. could it be used as "instance-properties: userdata: /path/to/file" ?13:32
sshnaidmodyssey4me, I think I saw some parameter for file in particular13:33
odyssey4meoh really?13:33
sshnaidmodyssey4me, yeah.. need to find that, if I'm not wrong..13:33
*** rlandy has joined #zuul13:37
*** jpena|lunch is now known as jpena13:43
*** bjackman has joined #zuul13:49
odyssey4messhnaidm did you mean in nodepool itself, or in shade or elsewhere?13:50
sshnaidmodyssey4me, I mean userdata file parameter to nova client13:51
sshnaidmodyssey4me, or maybe it's possible via meta-data: https://zuul-ci.org/docs/nodepool/configuration.html#attr-providers.[openstack].pools.labels.instance-properties13:52
*** badboy has quit IRC13:52
sshnaidmodyssey4me, I'm a little bit confused with all these options..13:52
Shrewspanda: i replied to that email13:55
Shrewssshnaidm: what option is confusing you?14:03
pandaShrews: thanks.14:04
odyssey4messhnaidm yeah, meta-data is different - it's for properties of the server like this sort of stuff: https://docs.openstack.org/nova/queens/user/config-drive.html#openstack-metadata-format14:09
*** gtema has quit IRC14:15
*** ssbarnea|rover has quit IRC14:19
*** bjackman has quit IRC14:21
*** ssbarnea|rover has joined #zuul14:22
*** bjackman has joined #zuul14:24
*** avass has quit IRC14:33
sshnaidmodyssey4me, so I suppose the easiest option will be just to read file in path and to pass string to cliend with current userdata var14:39
sshnaidmodyssey4me, but still requires a different option14:40
SpamapSodyssey4me: shouldn't you be generating your nodepool yaml via config management? So you can just use ansible and jinja and get what you need there.. no?14:51
odyssey4meSpamapS I do happen to be, yes - but using "{{ lookup('file', /path/to/script) }}" is resulting in an invalid yaml formatted file14:52
odyssey4meAt this point I'm thinking of just having a simple curl | bash in userdata instead.14:53
SpamapSjson encode it14:54
SpamapSyou'll be fine14:54
SpamapSAlso, how big is your userdata? because, it should be like, 1-2 lines of bash usually.14:54
SpamapSbig userdata is an anti-pattern.14:54
odyssey4meSpamapS It's a bit of a script - yeah, I know, it's a bit of config and required package installs to make sure jenkins/ansible can do things on it. It's longer than it has to be for improved readability.14:55
SpamapSInteresting14:56
odyssey4meIn particular this is for Ironic/OnMetal hosts where we can't implement things in a diskimage.14:56
SpamapS(I've seen some pretty awful abuses of userdata, so don't feel bad. ;-)14:56
odyssey4meIt's not *that* bad. :p https://raw.githubusercontent.com/rcbops/rpc-gating/85ca0b3f7c462a949677300908db299502f3b371/scripts/user_data_pubcloud.sh14:56
SpamapSAnd yeah typically it's a script that will do something like install python and an SSH key and ping somewhere so ansible can start pwning the box.14:57
pabelangerodyssey4me: SpamapS: it feels like this would be a good use case for ready-scripts, which nodepool used to support14:57
pabelangerwe used to have bash script, that would setup things like dns / mirrors before handing it over to zulu14:57
pabelangerzuul*14:57
SpamapSEither way, I think if you add a |to_json after your lookup, you'll get valid yaml.14:57
odyssey4mepabelanger yeah, and with userdata support, there is kinda a ready script function now14:57
SpamapS(it should encode it as a json string with everything escaped properly)14:58
SpamapSand a json string is a valid yaml string.14:58
odyssey4meSpamapS hmm, lemme have a go at that - thanks14:58
odyssey4meI tried to_yaml and that didn't work out14:58
pabelangerodyssey4me: don't really know user_data well, but maybe just curl it onto baremetal, rather then push from nodepool?14:58
SpamapSpabelanger: yeah, same difference really.. the point is that you still need something to customize a stock image so your config management can start doing the heavy lifting.14:58
SpamapSodyssey4me: yeah, to_json is more strict.14:59
odyssey4mepabelanger this tells nodepool when creating an instance what to run when the instance boots - it uses cloud-init to execute it...15:00
odyssey4mecloud-init has its own yaml formatted config, but any script can be run... and the built-in stuff is yet another syntax to learn, so meh15:00
SpamapSthat's way way way more than you need for ansible to work btw.15:00
pabelangerodyssey4me: okay, understand now15:00
SpamapSodyssey4me: does OnMetal not support nova SSH keys?15:01
odyssey4meSpamapS yes, of course - the intent is absolutely to cut that set down15:01
odyssey4meSpamapS it does, but we want *all* our keys, not just the jenkins account keys15:01
SpamapSyeah, put those keys in the ansible15:01
SpamapSYou can have a pre-ansible that is basically this bash script.15:01
SpamapSAll you need is python and an SSH key.15:02
SpamapSIt's the single most important feature of Ansible. :)15:02
SpamapSlike I said, should be 1-2 lines of bash in userdata.15:03
* mordred has still never actually used a cloud-init userdata script15:06
corvusyou can put multiple ssh keys in an openstack 'keypair'.  openstack-infra has all of the infra-root keys in one.15:06
mordredcorvus: ++15:07
mordredyup. there is nothing about openstack keypairs that requires you only put one key in it15:07
pabelangerI think we use the raw task on a nodepool that ricardo built for network images, in an effort to bootstrap them, since they don't support python15:08
pabelangerwould need to check again15:08
pabelangernodepool node*15:08
odyssey4mepabelanger yep, a raw/script task works if python is not present on the target node15:09
SpamapSTIL you can install python with raw.15:09
odyssey4mehttps://github.com/rcbops/rpc-gating/blob/master/playbooks/setup_openstack_instances.yml#L147-L18215:09
mordredreally shouldn't need any userdata scripts with ansible as long as you put ssh keys in to keypairs15:10
SpamapSmordred: um, I've been meaning to tell you.. we got really drunk in Atlanta once and I took a video of you using a userdata script to bootstrap imagemagick to crop some... sensitive photos...15:10
mordredbecause once an ssh key is on, the rest can be done with ansible15:10
mordredSpamapS: that seems ... unlikely :)15:10
SpamapSmordred: totally happened15:11
mordredSpamapS: but - you never know with karaoke bars in atlanta15:11
SpamapSand you did it from a mac15:11
mordredSpamapS: yeah. that definitely sounds like a thing i'd do15:11
SpamapSyou even editted the script with textmate15:11
mordredI bet I found it to be a very pleasant workflow15:11
SpamapSI've found trolling you to be a very pleasant workflow.15:11
* SpamapS retreats to breakfasting w/ kids15:12
odyssey4methanks for the pointer SpamapS - using to_json appears to be working :)15:12
odyssey4methanks you all for being enablers ;)15:12
electrofelixlooking at adding some stats to zuul merger server locally (cause it's v2 thought might be of interest for v3) to try and capture variations in how long the merger:update and merger:merge jobs take and be able to detect unusual spikes for certain projects being processed15:13
SpamapSodyssey4me: now say 3 hail spaghetti monster's and add a task to your project management system to de-userdata your solutions. Ra-men.15:13
electrofelixbut I'm a bit of a novice as to statsd, so I just copied the statsd call used on the pipelines for resident_time and I'm wondering if that would show me when it takes longer for certain projects compared to others to be processed15:15
corvuselectrofelix: if you pastebin what you have i can translate :)15:16
electrofelixthis is to help see the problem with some projects in github with lots of branches/refs and subsequently whether changes made or cleanup done helps fix15:16
electrofelixcorvus: https://pastebin.com/bvUnpiDy15:17
corvuselectrofelix: the statsd part of that looks okay, but in a dependent pipeline, or with a long series of dependent changes, it will record the entire operation across all branches and repos under the project under test.15:19
corvuselectrofelix: so if you have A->B->C, then the cumulative value to update all 3 repos gets logged under A.15:20
electrofelixso need to move to the mergeChange to be from the start/end of each item, thanks15:21
electrofelixone thing I wasn't sure about was why existing resident time related stats multiply by 100015:21
*** bhavikdbavishi has quit IRC15:22
*** bhavikdbavishi has joined #zuul15:22
electrofelixthe other stat we're hoping to add is to capture the time queued of these jobs being performed by the merger, with a goal of trying to understand when we need additional mergers as well as the benefit when one is added, unless I've missed a stat capturing that already?15:24
corvuselectrofelix: statsd values are integers, so it's in microseconds (which is the javascript-standard way of representing time)15:24
corvuselectrofelix: in v2, i couldn't say.  in v3, you just look at the merger queue backlog.15:26
electrofelixcorvus: I suspect we don't have the sustained traffic for us to have a consistent queue length, it's more like there are certain busy periods and then quiet periods but we're not always watching15:28
electrofelixcorvus: we've some problems that might be due to only running one merger but it's kind of speculative as whether that is what is happening so was going to add some enqueue/dequeue info and make sure the onMergeCompleted does the same as onBuildCompleted for processing stats15:29
corvuselectrofelix: right, in v3, zuul emits stats of the queue length, so if the yellow line goes up and to the right, add mergers: http://grafana.openstack.org/d/T6vSHcSik/zuul-status?panelId=31&fullscreen&orgId=115:30
electrofelixah, yep that's missing from v2 alright15:31
electrofelixI might have a look at what's needed to backport the same stat15:31
electrofelixwould the other stats for capturing length of time to process merger tasks be of interest for v3?15:32
corvuselectrofelix: i think so, yes15:33
dmsimardThe new zuul pipeline for promote (and the docker use case) really reminds me of the way we do container promotions in RDO although we have an intermediary registry between the builds and dockerhub15:34
dmsimardWe build containers, push them to a private registry, have a bunch of jobs test those containers (which are tagged after a hash, not unlike how you tag them with the gerrit change) and then if everything is successful at the end, they are uploaded to dockerhub with an appropriate tag15:35
*** pcaruana has quit IRC15:35
dmsimardI guess I don't know where I am going with this, but the challenge we had was the step "have a bunch of jobs test those containers" which might span different projects or changes15:35
dmsimardI remember talking about this with mordred and inc0 in denver a long time ago15:36
corvusdmsimard: yeah, i think that's the next thing to tackle.  we could build something like you describe with a zuul job graph, so that, with one change, you build containers, stick them in a local registry, then several dependent jobs use those containers.15:37
corvusdmsimard: but that only exists within a single change, so depends on each change starting by building all the necessary containers (including those of changes ahead of it in the queue).  it would be nice to avoid that and re-use the built artifacts of changes ahead.15:37
corvusthat, however, runs into issues with parallelization.15:39
dmsimardyeah, we've ended up evolving our promotion process to be asynchronous15:39
dmsimardjobs will eventually run against this set of container images (matching a specific tag) and report their results -- there is an outside process that will query the results and decide to promote or not based on criteria (i.e, job X Y Z must be successful)15:40
corvusdmsimard: that is an interesting approach.  i believe that in the not too distant future we will be able to do the same with zuul's synchronous gate.15:42
openstackgerritMonty Taylor proposed openstack-infra/zuul master: Bind mount ld.so.cache into bwrap context  https://review.openstack.org/63301915:42
corvusthat is to say, accomplish the same ends, not perform the same process.  :)15:42
mordredcorvus, tobiash: ^^ found the issue with the quick-start15:42
mordredtobiash: you were right - it was bubblewrap related15:43
dmsimardcorvus: yes -- I think the take away is that our promotion process requires more than one job to be successful against a set of artifacts15:43
*** ianychoi has joined #zuul15:44
corvusmordred: that should probably be rebased into the dockerfile stack...15:45
corvusmordred: but how about we squash all 5 changes together into one?15:45
corvusmordred: i'd rather not push 4 broken images to dockerhub :)15:46
corvusalso we need to fix the nodepool change15:46
mordredcorvus: can do - I was going to push up an updated quick-start patch with a depends-on just to make sure it worked15:46
mordredthen start squashing things15:46
mordredbut I can go ahead and squash15:46
corvusdmsimard: yeah, though the more than one job part is easy and exists today, the artifacts built by different projects and spanning changes is the tricky part.15:48
*** quiquell is now known as quiquell|off15:51
mordredcorvus: what strategy do we want to use for the nodepool jobs? just add a secret to nodepool?15:51
mordredwith the zuulzuul secret?15:51
mordredcorvus: if so - since you just added zuulzuul to project-config, are you in an easy position to push up a zuulzuul secret to nodepool?15:53
*** pcaruana has joined #zuul15:55
mordredcorvus: or do we want to make a zuul-build-image base job in project-config with an allowed-projects list?15:56
*** gtema has joined #zuul15:56
corvusmordred: i say copy to np for now; i will do16:00
openstackgerritJames E. Blair proposed openstack-infra/nodepool master: Add dockerhub secret  https://review.openstack.org/63302516:02
corvusmordred: feel free to squash ^16:02
mordredcorvus: awesome. updates coming16:05
openstackgerritMonty Taylor proposed openstack-infra/nodepool master: Build images with Dockerfile instead of pbrx  https://review.openstack.org/63218716:11
openstackgerritMonty Taylor proposed openstack-infra/zuul master: Build zuul containers with dockerfile not pbrx  https://review.openstack.org/63184016:11
mordredcorvus: ^^ there - 2 changes :)16:11
openstackgerritMonty Taylor proposed openstack-infra/nodepool master: Stop building an explicit nodepool-base image  https://review.openstack.org/63218816:12
openstackgerritMonty Taylor proposed openstack-infra/zuul master: Stop building an explicit zuul-base image  https://review.openstack.org/63218916:13
openstackgerritMonty Taylor proposed openstack-infra/zuul master: Use node v10 instead of node v8  https://review.openstack.org/63216516:14
openstackgerritMerged openstack-infra/nodepool master: Add a timeout for the image build  https://review.openstack.org/62992316:15
openstackgerritMerged openstack-infra/nodepool master: Revert "Revert "Cleanup down ports""  https://review.openstack.org/61437016:15
mordredcorvus: I think we want to see the zuul change quick-start job succeed before landing the nodepool change - but in general, https://review.openstack.org/#/q/status:open+topic:replace-pbrx should be fairly solid now I thnik16:16
corvusmordred: agreed16:16
mordredI went through and abandoned all of the various things that got squashed16:17
Shrewsfyi, a failed fedora update on my work laptop seems to have put it in an unusable state. i will likely be spending much of my day recovering from that16:18
mordredShrews: I've never suffered from that before16:18
Shrewsmordred: it's such fun16:18
mordredShrews: and certainly not multiple times since the switch to systemd16:18
mordredShrews: I definitly didnt' have to reinstall my laptop from scratch the last time because the failure mode was undebuggable16:19
* Shrews suspects a *tiny* bit of sarcasm16:20
mordredShrews: I NEVER use sarcasm constantly16:21
*** themroc has quit IRC16:21
Shrewsyup, this is hosed big time. /me looks for his usb key with ubuntu16:21
dmsimardfedora updates have been working really well for me but I haven't moved to f29 yet16:23
corvusShrews: oh, well, when you get back, those 2 changes you wanted to restart with have landed :)16:26
Shrewscorvus: ack. definitely gonna have to re-install it looks like, so not likely to take on doing that today16:30
corvusShrews: good luck!16:31
tobiashhrm, my zuul suddenly started to timeout many jobs after two minutes16:31
*** mhu has joined #zuul16:37
mordredtobiash: that does not seem like a good new feature16:38
tobiashI have no idea16:38
tobiashand unfortunately zuul doesn't log the timeout it thinks it's enforcing16:38
corvustobiash: did we land that tenant max timeout thing?16:40
tobiashcorvus: no16:40
tobiashlet me check if it's in my current deployment16:40
*** panda is now known as panda|off16:40
*** sanjayu_ has quit IRC16:41
tobiashnope16:41
corvusno leap seconds recently... :)16:41
tobiashit started together with a reconfig16:41
tobiashbut could be a coincidence16:41
tobiashalmost 400 timeouts in the last hour16:42
corvustobiash: the inventory file should have the timeout value16:42
tobiashunfortunately I get only finger links16:43
tobiashso no logs16:43
tobiashbut I could enable keep16:43
*** pcaruana has quit IRC16:48
mordredcorvus: woot! https://review.openstack.org/#/c/631840/ passed quick-start and correctly used the built images16:57
mordredcorvus: tox failure though16:57
corvusmordred: yeah, they've been failing a lot lately :(16:58
mordredyeah16:58
corvusthat particular failure looks debuggable.  let's recheck that, but i'll dig into that one.16:59
mordredkk16:59
*** bhavikdbavishi has quit IRC17:01
tobiashhrm, looks like a second reconfigure fixed it17:03
tobiashshall I blame cosmic radiation?17:03
*** gtema has quit IRC17:18
*** bhavikdbavishi has joined #zuul17:20
*** mhu has quit IRC17:25
jktit seems that I cannot pass secrets from a tenant-specific repo towards a base job which is defined in a trusted config repo shared by two tenants18:15
jktright? :)18:15
jktmy use case: have the base-job defined in that shared repo, and supply tenant-specific credentials for log upload over SCP18:18
*** jpena is now known as jpena|off18:28
dmsimardpabelanger: do you still use molecule with zuul ? how is that working out for you ?18:32
SpamapSjkt: My understanding of the rules: secrets can only be consumed in playbooks that are in the same repo as the secret is defined in.18:32
pabelangerdmsimard: yup, we are working towards doing it with our ansible-network roles18:32
SpamapSjkt: so if your base job is in the shared repo, the secret needs to be in the shared repo too.18:33
dmsimardpabelanger: have an example working somewhere ? curious to see what it looks like in practice18:33
dmsimardpabelanger: there's some amount of overlap between molecule and zuul as far as testing roles go18:33
kmalloco/18:33
pabelangerdmsimard: http://git.openstack.org/cgit/openstack/ansible-role-nodepool has tox -emolecule entry point18:33
kmallocjust wanted to stop in and say hi :)18:33
* kmalloc is catching up on everything.18:33
dmsimardpabelanger: with ara enabled too, isn't that fancy18:34
pabelangerdmsimard: yah, agree with overlad. I just added a test for ansible-role-nodepool, to show it work by default with docker, but with ansible-network roles, we'll skip docker and just use nodesets from zuul via local connection18:34
pabelangerdmsimard: of course :)18:34
dmsimardpabelanger: right, by overlap I meant for node provisioning18:34
pabelangeryup, people in ansible have been talking about adding some sort of node provision for zuul, but I push back a little on that. giving molecule a working inventory is better option IMO18:35
pabelangerdmsimard: http://logs.openstack.org/34/632034/1/check/windmill-tox-molecule/97eae0b/ is a recent run18:37
pabelangerlook under logs folder for molecule ARA18:37
*** bjackman has quit IRC18:43
*** bjackman has joined #zuul18:43
mordredSpamapS, jkt: we *just* released an update to that secret usage policy - which is the pass-to-parent feature18:46
mordredSpamapS, jkt: with that - you can define a job in one repo that is designed to take a secret, and then define a child job in another repo that has the secret and attaches it to the job with the 'pass-to-parent' flag set to true18:47
mordredjkt: so - you can now do the thing you want to do18:48
corvusmordred: http://logs.openstack.org/40/631840/16/check/zuul-quick-start/27e9337/job-output.txt.gz#_2019-01-24_17_14_30_158354 is an interesting error18:51
corvusmordred: that run was with psutil 5.4.8.  the previous successful run was with psutil 5.5.018:51
corvus5.5.0 is still the latest on pypi18:52
corvusbut either way, the error is no gcc?18:53
*** manjeets_ has joined #zuul18:59
*** manjeets has quit IRC19:00
SpamapSmordred: oh right, is that in 3.5.0 ?19:02
jktmordred: thanks a lot, I'll give this a try19:05
corvusSpamapS: yes it is19:08
corvushttps://zuul-ci.org/docs/zuul/releasenotes.html#new-features and https://zuul-ci.org/docs/zuul/user/config.html#attr-job.secrets.pass-to-parent19:09
corvusjkt: ^19:09
*** dkehn has joined #zuul19:10
* Shrews is not having a good/fun day, fwiw19:10
*** bhavikdbavishi has quit IRC19:11
*** manjeets_ is now known as manjeets19:17
SpamapSCool!19:19
mordredcorvus: hrm. so the 'no gcc' error usually happens when we didnt' build a wheel for something we should have during the builder image phase19:21
corvusmordred: is it possible some dependency pinned psutil 5.4.8 between the two phases?19:23
mordredpossibly ... but pip is claiming it's installing psutil because of requirements.txt19:23
mordredcorvus: here: http://logs.openstack.org/40/631840/16/check/zuul-quick-start/27e9337/job-output.txt.gz#_2019-01-24_17_14_30_13773519:23
mordredcorvus: /output/requirements.txt is a verbatim copy of zuul's19:23
corvusoh.  wow.19:24
mordredcorvus: so for some reason, confronted with 'psutil' - pip decided to install 5.4.819:24
corvusmordred: and maybe that changed between the two phases?19:24
corvusmordred: like, maybe we hit an out of date mirror or something?19:25
mordredyeah19:25
mordredcorvus: makes me kind of want to output a constraints file in the build step based on what we build19:25
mordredcorvus: and supply it to the pip install19:25
mordredso that we'd get an error ore like "couldn't find 5.5.0 at pypi.org" instead of "gcc command not found"19:26
corvusmordred: that sounds reasonable; it's intended to be the same build, we don't want anything to change between the two phases19:27
corvusmordred: btw, are we using the mirror in opendevorg/python-builder ?19:27
mordredyeah. I think for now just rechecking this should be fine - that seems like an internet heisenbug19:27
corvusagreed -- recheck issued19:28
mordredcorvus: no - I haven't figured out a good way to do that yet19:28
mordredcorvus: it's on my list19:28
corvusmordred: oh, right... per-region... i think i'm beginning to see the problem.19:28
mordredcorvus: yeah- and you can't bind-mount with docker build :(19:29
mordredcorvus: I thnik the answer might be to do a build-arg with the mirror url19:29
corvusmordred: ah nice, i like that.19:29
mordredand have the assemble script splat out a mirror config if it's set19:29
corvusthat's way better than the crazy ideas i was about to say19:30
mordredhehe19:30
corvus(they involved ansible mutating images)19:30
corvusforget i said anything19:30
mordredcorvus: already forgotten19:30
*** sshnaidm is now known as sshnaidm|off19:36
tobiash++ for mirror per buildarg, but you should take care to not persist this in the image19:45
mordredtobiash: yah - very much so19:47
openstackgerritElod Illes proposed openstack-infra/zuul-jobs master: Fix Editable Git install package name parsing  https://review.openstack.org/63304919:47
mordredtobiash: I think in the builder image it's fine - but not the final image19:47
tobiashYes19:48
mordredcorvus, tobiash: https://review.openstack.org/#/c/631840/ is green!20:02
corvusmordred: +3 on the nodepool side; +2 on zuul20:04
mordredcorvus: woot20:05
mordredcorvus: I also re-did https://review.openstack.org/632532 to make it two different jobs like you somewhat suggested20:06
corvusslick20:08
jktcorvus, mordred: I still have to define *some* secret in the parent job, right? I'm getting an error if I do not do that20:22
corvusjkt: shouldn't need to; i'll dig up some examples20:29
corvusjkt: just to double check, are you running from dockerhub images or source?20:29
*** luizbag has quit IRC20:31
corvusjkt: here's a child job: http://git.openstack.org/cgit/openstack-infra/system-config/tree/.zuul.yaml#n4720:33
corvusjkt: which passes a secret to its parent: http://git.zuul-ci.org/cgit/zuul-jobs/tree/zuul.yaml#n3220:33
jktcorvus: source, 3.5.020:34
jktcorvus: thanks, it works21:08
jktcorvus: the only undocumented thing was the need to override zuul_logserver_root as in https://gerrit.cesnet.cz/plugins/gitiles/ci/project-config/+/027a8427a1040993477cbbad4409a92da36cb400/playbooks/base/post-logs.yaml#1121:08
jktcorvus: my secret definition is at https://gerrit.cesnet.cz/plugins/gitiles/ci/project-config-public/+/ef90bbe53714ffb75f063dc20b88fd646a0e506d/zuul.d/secrets.yaml , it seems that the {{secret}}.path as passed to add-fileserver it not picked up by the upload-logs role21:09
jktthere's also that rather cosmetic issue that I have to have a small pass-through job in both tenants just to pass the secret, https://gerrit.cesnet.cz/plugins/gitiles/ci/project-config-public/+/ef90bbe53714ffb75f063dc20b88fd646a0e506d/zuul.d/jobs.yaml21:11
jktbut that's just a cosmetic thing21:11
*** ssbarnea|bkp2 has joined #zuul21:32
*** ssbarnea|rover has quit IRC21:33
openstackgerritElod Illes proposed openstack-infra/zuul-jobs master: Fix Editable Git install package name parsing  https://review.openstack.org/63304921:37
openstackgerritMonty Taylor proposed openstack-infra/zuul-jobs master: Drop pip.conf into target source dir  https://review.openstack.org/63306821:39
mordredcorvus: ^^ and https://review.openstack.org/63306921:40
*** jesusaur has joined #zuul21:45
openstackgerritMonty Taylor proposed openstack-infra/zuul-jobs master: Drop pip.conf into target source dir  https://review.openstack.org/63306822:13
*** ssbarnea|rover has joined #zuul22:14
*** pwhalen has joined #zuul22:15
*** ssbarnea|bkp2 has quit IRC22:16
corvusmordred: left several thoughts on https://review.openstack.org/63306823:04
*** spsurya has quit IRC23:04
*** bjackman has quit IRC23:35
*** bjackman has joined #zuul23:36
*** dkehn has quit IRC23:37
mordredcorvus: awesome. I stopped having thoughts a few hours ago23:48
corvusmordred: excellent choice.  have shots instead.23:49
mordredcorvus: I like all of your thoughts23:49
mordredcorvus: I'll start to whittle them down a little bit more tomorrow23:49
« Wednesday, 2019-01-23 Index Friday, 2019-01-25 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!