| tristanC | corvus: what if you don't gate with every possible variation of the test job... | 00:00 |
|---|---|---|
| tristanC | i mean, what if you can't because there are too much of them | 00:00 |
| tristanC | then what Q[AE] do (iiuc) is run those case manually before shipping the fix | 00:01 |
| corvus | tristanC: then a change to add the purportedly broken configuration to the gating configuration sounds like a fine change to make. or maybe, make a change (A) to add the gating configuration, make a change (B) to fix the bug, make a change (C) to add a unit test, make a change (D) to remove the gating configuration because it's now covered by a regression test. | 00:02 |
| corvus | tristanC: in the process you describe, is there any testing added for the fix? | 00:03 |
| tristanC | corvus: i agree, but that's not how Q[AE] currently operate, they don't do git... | 00:03 |
| corvus | tristanC: if they don't do git, then what are they testing? i mean, how do they test the fix, if the fix doesn't include a change to the source code? | 00:04 |
| tristanC | corvus: dev fixes (upstream if needed), then dev produces a new package which gets validated by Q[AE] (iiuc) | 00:05 |
| corvus | tristanC: the purpose of zuul is to have the fix tested as part of the development. | 00:06 |
| corvus | tristanC: i have two suggestions of how to proceed: | 00:06 |
| corvus | tristanC: 1) since you and i and mordred work at the same company, we should go have some nice internal company meetings about how teams can utilize automated test-centric gating workflows with zuul :) | 00:08 |
| *** sdake_ has quit IRC | 00:08 | |
| corvus | tristanC: 2) in the mean time, to enable the kind of sharing of jobs between devs and qe folks, look into using playbooks outside of zuul. as you know (from working on zuul-runner), zuul basically just sets up some stuff for ansible to run. so if you make sure that the *playbooks* take the right variables as input, then you can run those playbooks with zuul, or have QEs run them manually. or maybe use | 00:10 |
| corvus | AWX, or some other way of running them. i don't know if zuul-runner is far along enough to consider yet, but obviously when that lands, that would be something to consider too. | 00:10 |
| tristanC | 1) would be ideal, but it may not be the right approach. There are good arguments to keep q[ae] separated from dev. And I was hoping Zuul could adapt to people workflow, not the other way around... | 00:13 |
| tristanC | 2) we are also waiting for zuul-runner to be reviewed, but that doesn't solve the nodepool side of things | 00:13 |
| tristanC | the proposed webtrigger would work just fine, but if that's not possible, we could build a simple service to manage the creation/deletion of the fake review to run those jobs too... | 00:14 |
| corvus | understood | 00:16 |
| tristanC | or maybe, zuul could manage an internal git server to host those fake review and provide (git) history :) | 00:17 |
| tristanC | a bit like how gerrit is now using git to store user's pref | 00:17 |
| *** sdake has joined #zuul | 00:24 | |
| tristanC | corvus: what about https://review.openstack.org/637666 , this change adds a zuul.amqp job variable with the content of the trigger event, would that be considered a model violation too? | 00:28 |
| corvus | tristanC: yes, the thing that's enqueued in a zuul pipeline is a git ref that's provided by a source driver. so any information about the thing that's enqueued has to come from the source, not from the trigger. | 00:31 |
| tristanC | corvus: and the source has to be git protocol? | 00:33 |
| pabelanger | It sounds like there is a new ansible 2.5 / 2.6 / 2.7 security release (2.5.15 in our case) with fetch module. But believe we are likely protected with bwrap. | 00:34 |
| pabelanger | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828 | 00:34 |
| pabelanger | I won't have time tonight to dig into it, but wanted to give heads up as just seen it via inbox | 00:35 |
| corvus | tristanC: yes, but it can add information. for instance, information about the gerrit change or github pull request (like whether it's open, or review votes, labels, etc) is in scope. | 00:35 |
| openstackgerrit | Ian Wienand proposed openstack-infra/nodepool master: Use a pipeline for dib stats https://review.openstack.org/638265 | 00:37 |
| openstackgerrit | Ian Wienand proposed openstack-infra/nodepool master: Update dib stats https://review.openstack.org/638533 | 00:37 |
| tristanC | corvus: my bad, i didn't realized non git source would be rejected. Then it seems like we would have to convert external event such as webtrigger or amqp message to git ref and give those to zuul | 00:39 |
| *** rlandy is now known as rlandy|afk | 00:49 | |
| *** takamatsu_ has joined #zuul | 01:26 | |
| *** takamatsu has quit IRC | 01:26 | |
| tristanC | corvus: thinking though this, i don't think there is value in the web or the amqp trigger, since they are not git based. It seems like we'll have to build tooling around it, some sort of git gateway or a zuul-runner based extra service. | 01:35 |
| tristanC | Too bad, it would have been nice to have this supported by default in zuul... | 01:36 |
| *** sdake has quit IRC | 01:44 | |
| *** sdake has joined #zuul | 01:45 | |
| *** bhavikdbavishi has joined #zuul | 02:08 | |
| openstackgerrit | Ian Wienand proposed openstack-infra/nodepool master: Update dib stats https://review.openstack.org/638533 | 02:26 |
| *** rfolco|rover has quit IRC | 02:30 | |
| *** sdake has quit IRC | 02:32 | |
| *** sdake has joined #zuul | 02:34 | |
| *** sdake has quit IRC | 02:38 | |
| *** sdake_ has joined #zuul | 02:39 | |
| *** sdake_ has quit IRC | 03:03 | |
| *** sdake has joined #zuul | 03:11 | |
| *** bhavikdbavishi has quit IRC | 03:30 | |
| *** sdake has quit IRC | 03:33 | |
| *** bhavikdbavishi has joined #zuul | 04:20 | |
| *** rlandy|afk is now known as rlandy | 04:21 | |
| *** swest has joined #zuul | 05:58 | |
| *** saneax has joined #zuul | 06:06 | |
| *** ruffian_sheep has joined #zuul | 06:26 | |
| *** calebb has quit IRC | 06:27 | |
| *** badboy has joined #zuul | 06:35 | |
| *** quiquell|off is now known as quiquell | 06:59 | |
| *** sdake has joined #zuul | 07:00 | |
| *** bhavikdbavishi has quit IRC | 07:01 | |
| openstackgerrit | Tobias Henkel proposed openstack-infra/zuul master: Optionally disable disk_limit_per_job https://review.openstack.org/638596 | 07:13 |
| *** sdake has quit IRC | 07:33 | |
| *** hashar has joined #zuul | 07:41 | |
| *** cmurphy has left #zuul | 07:55 | |
| *** [GNU] has quit IRC | 07:56 | |
| *** bhavikdbavishi has joined #zuul | 07:59 | |
| *** sdake has joined #zuul | 08:18 | |
| *** gtema has joined #zuul | 08:28 | |
| ruffian_sheep | I can do the cmd to clone this project?Isn't mean I set the right ssh key? SpamapS | 08:43 |
| ruffian_sheep | Does anyone know how to deal it? git.exc.GitCommandError: Cmd('git') failed due to: exit code(-13) | 08:43 |
| ruffian_sheep | I can do the cmd by myself.But I cannot be used by the service. http://paste.openstack.org/show/745241/ | 08:44 |
| ruffian_sheep | I can do the cmd to clone this project?Isn't mean I set the right ssh key? | 08:44 |
| *** nilashishc has joined #zuul | 08:56 | |
| *** sshnaidm is now known as sshnaidm|off | 08:56 | |
| *** jpena|off is now known as jpena | 09:02 | |
| *** panda|ruck|off is now known as panda|ruck | 09:24 | |
| *** sdake has quit IRC | 09:26 | |
| *** nilashishc has quit IRC | 09:26 | |
| *** nilashishc has joined #zuul | 09:27 | |
| *** electrofelix has joined #zuul | 09:36 | |
| openstackgerrit | Jakub Bielecki proposed openstack-infra/nodepool master: doc bugfix for static provider https://review.openstack.org/637518 | 09:40 |
| *** swest has quit IRC | 09:45 | |
| jkt | tristanC, mordred: OK, I'm fine with that -- it's just that I would like to get something running "now"; I can always switch to something less sucking in future | 09:56 |
| jkt | I'm a bit lost when it comes to jinja and zuul.projects -- how do I access e.g. src_dir of a project whose name I know? | 09:57 |
| jkt | I tried zuul.projects["foo/bar"].src_dir and zuul.projects.foo/bar.src_dir, and neither works | 09:57 |
| *** nilashishc has quit IRC | 10:03 | |
| *** takamatsu_ has quit IRC | 10:04 | |
| *** takamatsu has joined #zuul | 10:05 | |
| jkt | ah, right, I was just missing my gerrit fqdn as a prefix | 10:07 |
| *** takamatsu_ has joined #zuul | 10:23 | |
| *** takamatsu has quit IRC | 10:24 | |
| *** takamatsu_ has quit IRC | 10:48 | |
| *** takamatsu has joined #zuul | 10:49 | |
| *** takamatsu has quit IRC | 10:54 | |
| *** takamatsu has joined #zuul | 10:58 | |
| *** ruffian_sheep has quit IRC | 11:09 | |
| *** sdake has joined #zuul | 11:12 | |
| *** bhavikdbavishi has quit IRC | 11:30 | |
| *** sdake has quit IRC | 12:03 | |
| *** AJaeger has quit IRC | 12:04 | |
| *** sdake_ has joined #zuul | 12:04 | |
| *** rfolco|rover has joined #zuul | 12:06 | |
| *** AJaeger has joined #zuul | 12:17 | |
| *** EmilienM is now known as EvilienM | 12:27 | |
| *** jpena is now known as jpena|lunch | 12:35 | |
| *** smyers_ has joined #zuul | 13:03 | |
| *** smyers has quit IRC | 13:03 | |
| *** smyers_ is now known as smyers | 13:03 | |
| *** panda|ruck is now known as panda|lunch | 13:10 | |
| *** quiquell is now known as quiquell|off | 13:22 | |
| *** rlandy has joined #zuul | 13:34 | |
| *** nilashishc has joined #zuul | 13:50 | |
| *** saneax has quit IRC | 13:51 | |
| *** sdake_ has quit IRC | 13:51 | |
| *** jpena|lunch is now known as jpena | 14:13 | |
| *** panda|lunch is now known as panda | 14:13 | |
| *** sdake has joined #zuul | 14:17 | |
| *** jamesmcarthur has joined #zuul | 14:17 | |
| *** panda is now known as panda|rcuk | 14:21 | |
| *** panda|rcuk is now known as panda|ruck | 14:21 | |
| *** jamesmcarthur has quit IRC | 14:26 | |
| *** jamesmcarthur has joined #zuul | 14:40 | |
| *** sdake has quit IRC | 14:43 | |
| *** sdake has joined #zuul | 14:45 | |
| *** bhavikdbavishi has joined #zuul | 14:55 | |
| *** bhavikdbavishi has quit IRC | 15:14 | |
| *** bhavikdbavishi has joined #zuul | 15:15 | |
| corvus | tristanC: the trigger doesn't have to be git based, it just has to point to a git ref. so it's fine to have a web trigger that allows someone to say "enqueue nova master" or "enqueue nova stable/pike" or "enqueue nova change 123456 patchset 2" | 15:21 |
| *** sdake has quit IRC | 15:21 | |
| *** sdake has joined #zuul | 15:23 | |
| *** hashar has quit IRC | 15:50 | |
| SpamapS | corvus: thanks for the tip, I missed that part of the promote pipeline. :-P | 16:24 |
| SpamapS | corvus: (regarding your repoly about change vs. sha) | 16:24 |
| SpamapS | reply too | 16:24 |
| corvus | SpamapS: np, let me know how it works :) | 16:26 |
| mnaser | question: shouldn't the 'nodes' section be technically moved up to the global tenant list view? | 16:36 |
| mnaser | nodes arent necessarily per tenant.. or are they? i know labels are | 16:36 |
| mnaser | or vice versa, i dunno, but it doesn't seem like a tenant construct (the # of vm's available) | 16:36 |
| openstackgerrit | James E. Blair proposed openstack-infra/zuul-preview master: Build docker image https://review.openstack.org/637037 | 16:37 |
| *** hashar has joined #zuul | 16:40 | |
| *** hashar has quit IRC | 16:41 | |
| mnaser | i just thought it would be pretty neat for us to come up with something like `zuul_log` module inside zuul-jobs | 16:41 |
| mnaser | it can be super useful in case i want to log the output of some arbitrary command | 16:41 |
| mnaser | instead of using shell: foo > bar.x | 16:42 |
| clarkb | mnaser: the zuul console log does already log all shell and command output fwiw | 16:46 |
| mnaser | clarkb: right but im thinking more to log it into a file | 16:47 |
| mnaser | the console log can get pretty big | 16:47 |
| corvus | mnaser: we'd like to have a javascript+json version of the build log where all of the boring stuff is collapsed by default and interesting stuff is expanded, so it's easy to find things | 16:53 |
| mnaser | corvus: yeah i think travis does this neatly and we can do the same by maybe doing it on a play and task level | 16:54 |
| corvus | mnaser: we already have the .json version of the log to support that. | 16:54 |
| corvus | just need the javascript | 16:54 |
| corvus | tristanC has done some work recently which shows error tasks in the build overview page | 16:55 |
| mnaser | on the subject of logging, figuring out how to buffer last N lines but also allowing to scroll up above before that would be neat not to thrash browsers | 16:55 |
| corvus | mnaser: here's an example failure: http://zuul.openstack.org/build/09fd864397ed4756b311958aafa6136c | 16:57 |
| corvus | that's parsed live from the json file | 16:57 |
| dmsimard | mnaser: fwiw ara has ara_record | 17:05 |
| dmsimard | Not available in Ansible's Zuul however | 17:05 |
| dmsimard | Or rather Zuul's Ansible | 17:06 |
| *** takamatsu_ has joined #zuul | 17:48 | |
| *** takamatsu has quit IRC | 17:48 | |
| *** gtema has quit IRC | 17:51 | |
| *** sdake has quit IRC | 17:54 | |
| *** sdake has joined #zuul | 17:55 | |
| *** electrofelix has quit IRC | 17:58 | |
| *** takamatsu_ has quit IRC | 18:03 | |
| *** takamatsu_ has joined #zuul | 18:06 | |
| openstackgerrit | James E. Blair proposed openstack-infra/zuul-jobs master: DNM: test https://review.openstack.org/638736 | 18:07 |
| *** jpena is now known as jpena|off | 18:07 | |
| *** nilashishc has quit IRC | 18:12 | |
| *** josefwells has joined #zuul | 18:16 | |
| josefwells | hey zuul-wizards, wondering if there are any reasons to go with a github-application vs webhook configuration | 18:20 |
| pabelanger | IIRC, github app gets you higher rate limit | 18:21 |
| *** jamesmcarthur has quit IRC | 18:22 | |
| pabelanger | https://zuul-ci.org/docs/zuul/admin/github_setup.html#configure-github | 18:22 |
| josefwells | thanks pabelanger, I'm on an enterprise github setup and don't have a rate-limit | 18:22 |
| josefwells | I can't seem to make the applications work | 18:23 |
| josefwells | Request signature does not match calculated payload signature. Check that secret is correct. | 18:23 |
| josefwells | I'm working with the quick-setup docker images, have added my github, but it doesn't seem to work still | 18:24 |
| josefwells | I see some mention in the logs like this: scheduler_1 | 2019-02-22 18:09:23,939 INFO zuul.TenantParser: Saving RSA keypair for project zuul/zuul-test-config to /var/lib/ zuul/keys/secrets/project/github/zuul/zuul-test-config/0.pem | 18:25 |
| josefwells | but that is the only mention of any .pem I see | 18:25 |
| pabelanger | josefwells: did you setup a secret in the github app? | 18:26 |
| josefwells | yes | 18:26 |
| pabelanger | you'll also need to that that to zuul.conf | 18:26 |
| josefwells | yeah, I have that, in fact, it all started working when I added a webhook to the organization | 18:26 |
| josefwells | so the webhook side works | 18:26 |
| pabelanger | you have 3 settings under your github connection? app_id / app_key / webhook_token? | 18:27 |
| *** rlandy is now known as rlandy|brb | 18:28 | |
| josefwells | some others as well, user / server / baseurl / sshkey | 18:28 |
| josefwells | the app key I had on a bind volume, but tried also to add an ansible task to copy it and leave the user/permissions as root 600 | 18:29 |
| josefwells | I don't ever see anything in the logs about zuul finding it, etc | 18:30 |
| pabelanger | josefwells: where are you seeing the check that secret is correct message? | 18:30 |
| josefwells | maybe I could turn up the logging, | 18:30 |
| josefwells | that shows up on github, if I look at the application's deliveries, it is the 401 response | 18:31 |
| pabelanger | unrelated: damn, I just hit https://review.openstack.org/633314/ again on github. Would great if we could think about zuul release to pick up fixes. Lead to an hour of yak shaving why zuul.yaml changes were not picked up on untrusted jobs | 18:31 |
| pabelanger | josefwells: and your zuul is on public web so github can reach it? | 18:31 |
| josefwells | hmm, that is a good question | 18:32 |
| pabelanger | I don't think I have see that error before, but maybe tobiash knows more | 18:32 |
| josefwells | using the docker images | 18:32 |
| josefwells | and I notice that I can only see host:9000 from localhost | 18:32 |
| pabelanger | yah, you'll need to expose zuul-web 9000 (I think) to network for your github install | 18:32 |
| josefwells | let me try that, good idea | 18:33 |
| pabelanger | that is how zuul gets webhooks | 18:33 |
| josefwells | odd that the webhook version works | 18:33 |
| tobiash | josefwells: you need to remove sshkey when using app auth, that's incompatible | 18:34 |
| josefwells | oh, really? ok | 18:35 |
| tobiash | yes, that breaks auth | 18:35 |
| pabelanger | Oh, ha | 18:35 |
| pabelanger | I didn't know that | 18:35 |
| tobiash | and also remove the user | 18:36 |
| tobiash | yah, we should add a validation about this into zuul and enhance the docs | 18:36 |
| pabelanger | ++ | 18:36 |
| tobiash | for app auth you need app_id, app_key and webhook_token | 18:37 |
| tobiash | (and server for github enterprise) | 18:37 |
| tobiash | josefwells: and btw, I really recommend using app auth ;) | 18:38 |
| josefwells | are baseurl and server ok? | 18:38 |
| clarkb | pabelanger: re a release I'd defer to corvus, but the code openstack most recently restarted on seems to be stable | 18:38 |
| tobiash | yes | 18:38 |
| openstackgerrit | James E. Blair proposed openstack-infra/zuul-preview master: Build docker image https://review.openstack.org/637037 | 18:39 |
| josefwells | I get the same thing (redelivering a previous payload from github->zuul) | 18:41 |
| josefwells | web_1 | 2019-02-22 18:40:21,574 DEBUG zuul.GithubWebController: Payload Signature: sha1=ac9c87c6b4e27c629b39ba13eb3a755270134e5c web_1 | 2019-02-22 18:40:21,574 DEBUG zuul.GithubWebController: Request Signature: sha1=c2ba653f54983d994350de48f05f54ad30798496 | 18:41 |
| josefwells | I see that in the logs | 18:41 |
| corvus | clarkb, pabelanger: i don't think we're ready for a release. i think the provides/requires/artifacts stuff is ready. but someone needs to work on the change.message escaping issue. | 18:43 |
| corvus | i haven't seen a message to the mailing list about that yet | 18:43 |
| pabelanger | is that the jinja2 in commit message issue? | 18:44 |
| clarkb | corvus: is the missing piece for change message escaping notification to the list? we merged the code fix right? | 18:44 |
| corvus | clarkb: the issue is whether we want to release with that fix, or revert it in favor of a different one | 18:44 |
| corvus | i was hoping that someone working on that would send a message to the list opening the discussion | 18:45 |
| corvus | but it's looking like that's going to fall to me | 18:45 |
| *** chandankumar is now known as raukadah | 18:45 | |
| clarkb | ah (I hadn't followed that very closely) | 18:45 |
| pabelanger | is there a summary of the issue? I missed the discussion | 18:45 |
| corvus | pabelanger: there is in irc. the next task is literally to summarize the issue to the mailing list to start discussion. | 18:46 |
| pabelanger | ah | 18:46 |
| corvus | i guess i should have picked someone and asked them to do it. i will do that next time. | 18:47 |
| josefwells | Oh wow | 18:47 |
| josefwells | getting a shell into docker, my permissions are all screwy on the pem file | 18:47 |
| josefwells | apparently I need more practice with my ansible machine | 18:47 |
| josefwells | ---x-wx--T 1 root root 1679 Feb 22 17:22 zuul.pem | 18:47 |
| corvus | josefwells: be sure to use a leading 0 or quote octal values in ansible (see the note on "mode" in https://docs.ansible.com/ansible/latest/modules/file_module.html ) | 18:48 |
| josefwells | so, since all this runs as root, can I just put the pem on a bind mount (in /etc/zuul for instance) and if it is owned by the wrong user will zuul be ok with that? | 18:48 |
| *** jamesmcarthur has joined #zuul | 18:51 | |
| corvus | josefwells: i think as long as zuul can read that, it's okay. | 18:51 |
| josefwells | I did totally cowboy that ansible task, despite being very unfamiliar.. but I'm a unix guy, I figured it would be ok :( Anyway, fixed, and I get the same thing | 18:53 |
| josefwells | I wonder if some of the magic done in /var/ssh by other tasks (/var/ssh/zuul /var/ssh/zuul.pub are interfering, since they exist) | 18:54 |
| *** rlandy|brb is now known as rlandy | 18:54 | |
| josefwells | it all seems to be gerrit related | 18:55 |
| *** bhavikdbavishi has quit IRC | 18:57 | |
| openstackgerrit | Merged openstack-infra/zuul-jobs master: Assure iptables is installed inside multi-node-firewall role https://review.openstack.org/638414 | 19:06 |
| *** jamesmcarthur has quit IRC | 19:12 | |
| Shrews | tristanC: left you a comment on https://review.openstack.org/637338. i like the new PS but curious about your thoughts on the static driver comment | 19:13 |
| *** nilashishc has joined #zuul | 19:14 | |
| *** jamesmcarthur has joined #zuul | 19:15 | |
| *** jamesmcarthur has quit IRC | 19:16 | |
| *** nilashishc has quit IRC | 19:29 | |
| *** sdake has quit IRC | 19:31 | |
| daniel2 | Where would be a good place to get support on diskimage-builder? | 20:02 |
| daniel2 | Not sure if it would be here, or another channel, or openstack in general, carrier pidgions maybe? | 20:02 |
| daniel2 | pigeons*? Did I butcher that | 20:02 |
| clarkb | daniel2: #openstack-dib is the official irc channel though I expect many of us here are familiar with it | 20:02 |
| corvus | pabelanger, tobiash, quiquell|off, clarkb: i sent email about escaping text | 20:09 |
| openstackgerrit | Merged openstack-infra/nodepool master: doc bugfix for static provider https://review.openstack.org/637518 | 21:02 |
| openstackgerrit | Merged openstack-infra/nodepool master: Use a pipeline for dib stats https://review.openstack.org/638265 | 21:07 |
| openstackgerrit | James E. Blair proposed openstack-infra/zuul-jobs master: run-buildset-container: fix username/password for proxy registry https://review.openstack.org/638767 | 21:23 |
| openstackgerrit | Merged openstack-infra/zuul-jobs master: run-buildset-container: fix username/password for proxy registry https://review.openstack.org/638767 | 21:52 |
| *** rlandy has quit IRC | 22:15 | |
| *** sdake has joined #zuul | 22:37 | |
| openstackgerrit | Merged openstack-infra/zuul-preview master: Build docker image https://review.openstack.org/637037 | 22:45 |
| josefwells | man, long day glimmer of hope now dashed again | 22:56 |
| josefwells | I tried creating a new key for the zuul github app | 22:57 |
| josefwells | but now I can't even get the scheduler to start | 22:57 |
| josefwells | I get this: | 22:57 |
| josefwells | requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://github.mydomain.com/api/v3/app/installations | 22:57 |
| josefwells | and sure enough, I can't wget that URL from the container | 22:58 |
| josefwells | but I can hit that url from an incognito window | 22:58 |
| josefwells | maybe a more acurate answer is that from an incognito window I get: { "message": "A JSON web token could not be decoded", "documentation_url": "https://developer.github.com/enterprise/2.15/v3" } | 22:59 |
| *** josefwells has quit IRC | 23:34 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!