Monday, 2019-06-03

« Sunday, 2019-06-02 Index Tuesday, 2019-06-04 »
*** rfolco has quit IRC00:31
*** openstackgerrit has joined #zuul04:29
openstackgerritTristan Cacqueray proposed zuul/zuul master: executor: run cleanup playbook on stop  https://review.opendev.org/66188104:29
*** altlogbot_1 has quit IRC04:36
*** altlogbot_0 has joined #zuul04:38
*** raukadah is now known as chandankumar04:41
*** sshnaidm is now known as sshnaidm|off05:03
*** pcaruana has joined #zuul05:08
*** swest has joined #zuul05:14
*** threestrands has joined #zuul05:28
*** sanjayu_ has joined #zuul05:34
*** sanjayu_ has quit IRC05:34
*** sanjayu_ has joined #zuul05:34
*** flepied has joined #zuul06:48
*** gtema has joined #zuul06:51
*** threestrands has quit IRC06:58
*** threestrands has joined #zuul07:03
*** jbryce has quit IRC07:41
*** mnaser has quit IRC07:41
*** timburke has quit IRC07:41
*** mugsie has quit IRC07:41
*** irclogbot_3 has quit IRC07:44
*** irclogbot_1 has joined #zuul07:46
*** EvilienM has quit IRC07:47
openstackgerritTristan Cacqueray proposed zuul/zuul master: executor: run cleanup playbook on stop  https://review.opendev.org/66188107:49
*** EvilienM has joined #zuul07:52
*** jbryce has joined #zuul07:53
*** mnaser has joined #zuul07:53
*** timburke has joined #zuul07:53
*** mugsie has joined #zuul07:53
*** jpena|off is now known as jpena07:55
*** threestrands has quit IRC07:58
*** yolanda has joined #zuul08:11
*** themroc has joined #zuul08:16
*** jangutter has joined #zuul08:25
*** themroc has quit IRC08:28
*** themroc has joined #zuul08:31
openstackgerritMark Meyer proposed zuul/zuul master: Extend event reporting  https://review.opendev.org/66213408:37
openstackgerritMatthieu Huin proposed zuul/zuul master: web: add tenant and project scoped, JWT-protected actions  https://review.opendev.org/57690708:50
openstackgerritMatthieu Huin proposed zuul/zuul master: Allow operator to generate auth tokens through the CLI  https://review.opendev.org/63619708:50
openstackgerritMatthieu Huin proposed zuul/zuul master: Zuul CLI: allow access via REST  https://review.opendev.org/63631508:50
openstackgerritMatthieu Huin proposed zuul/zuul master: Add Authorization Rules configuration  https://review.opendev.org/63985508:50
openstackgerritMatthieu Huin proposed zuul/zuul master: Web: plug the authorization engine  https://review.opendev.org/64088408:51
openstackgerritMatthieu Huin proposed zuul/zuul master: Zuul Web: add /api/user/authorizations endpoint  https://review.opendev.org/64109908:51
openstackgerritMatthieu Huin proposed zuul/zuul master: authentication config: add optional token_expiry  https://review.opendev.org/64240808:51
*** toabctl has left #zuul09:05
*** felixgcb_ has joined #zuul09:48
felixgcb_Hey :) Not sure if this is the right place to ask..09:51
felixgcb_is there a certain point in time when the "zuul.executor.log_root" points to a valid path? I'm trying to access is as part of a "post-run" job in order to send the log files to some API. But there is nothing there no matter what I try...09:52
*** felixgcb_ has quit IRC10:13
*** felixgcb has joined #zuul10:14
*** aspiers has joined #zuul10:22
*** hashar has joined #zuul10:24
*** gtema has quit IRC10:43
*** MrCoder25 has joined #zuul10:56
*** MrCoder25 has quit IRC10:57
*** MrCoder25 has joined #zuul10:58
*** MrCoder25 has quit IRC11:00
*** jpena is now known as jpena|lunch11:31
felixgcbAlternatively if somebody can share a zuul repo which accesses those logs from a post-run job, that would help, too :)11:38
*** rfolco has joined #zuul11:58
*** gtema has joined #zuul12:05
*** rlandy has joined #zuul12:06
*** rfolco has quit IRC12:21
*** rfolco has joined #zuul12:24
*** themroc has quit IRC12:28
*** themroc has joined #zuul12:28
*** jpena|lunch is now known as jpena12:29
*** jbryce has quit IRC12:43
*** jbryce has joined #zuul12:46
dmsimardfelixgcb: codesearch has a few hits: http://codesearch.openstack.org/?q=zuul.executor.log_root&i=nope&files=&repos=12:49
*** gtema has quit IRC12:51
*** EvilienM is now known as EmilienM13:24
*** mnaser has quit IRC13:34
*** themroc has quit IRC13:35
*** mnaser has joined #zuul13:37
*** panda has quit IRC13:39
*** panda has joined #zuul13:42
corvusfelixgcb: z.e.log_root points to a directory where zuul itself writes the console text and json logs.  for any other logs to end up there, the job needs to fetch them.  there are some roles in zuul-jobs to help with that (see fetch-output https://zuul-ci.org/docs/zuul-jobs/log-roles.html )14:00
corvusfelixgcb: so generally, we'd expect the site base job to run fetch-output along with a role to push the logs to an archive server (zuul-jobs also has roles to help with that), or perhaps the thing you are describing.14:01
openstackgerritJames E. Blair proposed zuul/zuul-jobs master: WIP: registry test job  https://review.opendev.org/66132714:40
openstackgerritJames E. Blair proposed zuul/zuul-jobs master: WIP: registry test job  https://review.opendev.org/66132714:59
*** jamesmcarthur has joined #zuul15:01
*** jamesmcarthur_ has joined #zuul15:07
tobiashcorvus: we're starting to hit a scalability limit with the sequential event processing in the github event queue15:09
SpamapStobiash:congratulations. ;)15:10
clarkbtobiash: I think we (opendev) are on the edge there with ansible's post merge testing not being able to take advantage of the commit to PR cache15:10
clarkbtobiash: is that where you see the problems too?15:10
tobiashcorvus: I think I'll see if I can parallelize that using a threadpool while keepint the order they are injected into the scheduler queue15:10
*** irclogbot_1 has quit IRC15:10
*** jamesmcarthur has quit IRC15:10
*** altlogbot_0 has quit IRC15:11
clarkbbasically we fall behind by about 45 minutes to an hour anytime ansible merges more than one change in succession15:11
tobiashwe had an event queue of 1300 today where it took ~5s per event to gather all required metadata15:11
tobiashclarkb: if my idea works, this might solve your problem too15:11
SpamapSthat sounds like you can definitely parallelize the information scraping, but, is the problem that you have to scrape it *after* the change ahead of it merges?15:12
clarkbthe threadpool should reduce the cost of the scraping15:12
fungiyeah, the fact that zuul needs to check every pull request on a project for each of those events is painful. wish gh had a better api for that15:12
*** irclogbot_1 has joined #zuul15:12
tobiashmy idea is to pop the events single threaded, put them into a threadpoolexecutor and put the futures in order into another queue from where the final zuul events are poped and pushed into the scheduler queue15:12
*** altlogbot_2 has joined #zuul15:13
tobiashwhat also would help is merging https://review.opendev.org/660800 and parent so we can better analize and further reduce the number of requests per event15:13
tobiashmaybe we could also look into leveraging graphql15:14
SpamapSYeah that sounds about right. But I'm asking, if you have 20 events in the queue, and while handling event 10, you merge something as the 21st, does that invalidate anything you already fetched to satisfy 11-20?15:14
tobiashbut for now my top prio is the multithreaded information fetching in the github event queue15:14
tobiashmy users were a little unhappy today :/15:14
clarkbSpamapS: it shouldn't because git is a dag15:15
clarkbSpamapS: so earlier commits don't change15:15
tobiashSpamapS: that case should be (abd is I guess) handled later in the pipeline itself15:15
clarkb(and the struggles here are keeping track of commits)15:15
SpamapSMakes sense.15:18
SpamapSWhy doesn't Gerrit suffer from this?15:24
clarkbbecause gerrit lets you lookup changes by commit sha15:25
clarkbgithub does not (you ahve to do a full scan of all PRs)15:25
SpamapSI'm really surprised the other CI platforms haven't also pushed for PR-by-sha15:26
clarkbSpamapS: jlk was saying their own internal slackbot team is pushing for it15:27
clarkbso it islikely to happen but unsure of when15:27
SpamapSYeah, Hubot is pretty popular.15:27
fungimost ci platforms don't care about inter-change relationships15:27
fungithey get an event for a pull request and then retrieve the code referred to in the event15:28
corvustobiash: your threadpool workaround sounds good15:28
corvuslooking at the logging changes now15:28
tobiashthanks :)15:28
SpamapSfungi: yeah, and they can listen to the push events too, but then they just grab the branch and run15:28
fungibut yeah, a query-by-commit-id option in the gh api would solve much of this, i expect15:28
corvusdo we have a cache index?15:29
tobiashSpamapS: one diffrrence is that gerrit spllies almost al needed information in the event while github does not and we need to do several requests to get status, reviews, ...15:29
clarkbwe cache the commit -> PR mapping. The problem is it is based on the pre merge projected merge sha which changes when you merge multiple PRs in succession15:30
corvus(ie, do we maintain our own pr-by-sha index?)15:30
clarkbcorvus: yes15:30
corvusgotcha, so we still have a lot of cache misses15:30
clarkbthat coupled with ansible's post merge testing means we get a ton of PR events for shas that we've never seen before15:31
corvus(my irc connection is starting to lag)15:31
corvushttps://review.opendev.org/660800 and parent lgtm15:33
*** sanjayu_ has quit IRC15:36
corvusquick question: i'm about to add a job to zuul-jobs which is not meant for public use, only internal testing of changes to zuul-jobs.  we have a gate check that all jobs in zuul-jobs be included in the documentation.  should i add an exception to that (so you set a tag on the job and it doesn't need to be included), or should i add a new section to the docs for jobs which test changes to this repo?15:37
corvus(basically -- would it be less confusing to hide the job from users by not including it in the documentation, or to include it but keep it separate so it's clear it shouldn't be used?)15:38
AJaegercorvus: new section with an intro "jobs for testing of zuul-jobs only" might be less confusing...15:39
AJaegercorvus: but no strong opinion, either way works for me15:39
SpamapSDo we update the cache when we hit the 'merge' button?15:40
SpamapSI bet that returns the final sha.15:40
SpamapSOr if nothing else, we could query it right then and shove that into the cache.15:40
SpamapScorvus: I suspect that job will be final, yes?15:41
corvusSpamapS: good idea :)15:41
SpamapScorvus: if so, I think that would be the right heuristic... final jobs shouldn't need docs since they can't be consumed.15:41
corvuswell, they could still be consumed, but they couldn't be changed...15:42
corvusbut we could throw an 'allowed-projects' in there to make it difficult to be consumed15:42
SpamapSStack all the signals up. :)15:43
SpamapSBut yeah, an explicit exception for the job is probably fine too.15:43
*** chandankumar is now known as raukadah15:43
*** zbr has quit IRC15:47
fungicorvus: i too think that being consistent about documenting zuul jobs used for testing the zuul-jobs repo would be more consistent and probably also clearer to people who come across them15:48
openstackgerritJames E. Blair proposed zuul/zuul-jobs master: WIP: registry test job  https://review.opendev.org/66132715:48
corvusthanks -- that adds a doc section and also sets allowed-projects :)15:49
*** zbr has joined #zuul15:55
felixgcbcorvus: Thanks for your hint, I finally found it, I need to add "delegate_to: localhost" to be able to access those files15:56
corvusah, yes, that's a path on the executor (localhost)15:57
corvusokay, the registry test job is all green now, i'll push up a final version16:03
openstackgerritJames E. Blair proposed zuul/zuul-jobs master: Add a registry test job  https://review.opendev.org/66132716:05
corvusremote:   https://review.opendev.org/662794 Add registry test to zuul-jobs16:05
*** pwhalen has joined #zuul16:16
*** pwhalen has quit IRC16:21
corvusShrews: autohold changes are looking good; i left some comments16:24
corvusclarkb, fungi, AJaeger: https://review.opendev.org/661327 and https://review.opendev.org/662794 are ready16:24
Shrewscorvus: cool. working on the last piece now (setting nodes from HOLD to USED). will look at your comments after lunch16:25
*** panda has quit IRC16:35
*** panda has joined #zuul16:37
*** felixgcb has quit IRC16:51
*** jpena is now known as jpena|off17:04
Shrewscorvus: Good comments, thx. I did play devil's advocate on one of your points though.17:04
Shrewscomplete with example and everything!  :)17:05
*** hashar is now known as hasharDinner17:06
*** armstrongs has joined #zuul17:08
corvusShrews: ack; replied with suggestions for even more work!  :)17:11
armstrongshi guys has anyone had issues using lookup plugins with zuul. I am trying to set a fact that uses a lookup on a fedora nodepool machine and its telling me I don't have a required pip package. However it is on the target node. I also tried installing it on the zuul scheduler too but its still complaining.17:11
armstrongsI can run the same playbook on the target machine with no issue just via zuul17:12
Shrewscorvus: joy17:12
corvusarmstrongs: it will need to be installed on the zuul executor (that's where ansible runs, and lookup plugins run locally in ansible).  but be aware that there are some restrictions on what lookup plugins can be used in untrusted jobs (but there are no restrictions for trusted jobs).17:14
armstrongsyeah i installed it on the zuul executor but its still complaining17:14
armstrongsmy lookup is calling a vault secret17:14
armstrongshashicorp vault that is17:15
armstrongswould that not work17:15
armstrongsits an untrusted project17:15
corvusarmstrongs: there should be a clear error if it's hitting the zuul restriction; it shouldn't be an error about a missing package.17:16
armstrongsyeah its just saying "An unhandled exception occurred while running the lookup plugin 'hashi_vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Please pip install hvac to use the hashi_vault lookup module."17:16
armstrongshowever the package is installed on the executor17:16
corvusarmstrongs: oh!17:17
corvusarmstrongs: it probably isn't installed in the virtualenvs zuul uses to run ansible17:17
corvuslet me dig up a link17:17
armstrongsthanks17:17
corvusarmstrongs: here we go -- https://zuul-ci.org/docs/zuul/admin/installation.html#ansible17:17
corvusarmstrongs: so something like "ANSIBLE_EXTRA_PACKAGES=hvac zuul-manage-ansible" i think17:18
armstrongsthanks again will give that a go17:19
corvusarmstrongs: (zuul manages its own installations of ansible inside virtualenvs in order to support multiple ansible versions)17:19
openstackgerritMonty Taylor proposed zuul/zuul master: Read multiple *.conf files from directory  https://review.opendev.org/66097717:20
mordredflaper87, corvus, tobiash, SpamapS : ^^ updated that to address review thigns and add some docs/release notes17:21
mordredI didn't add tests yet because my brain isn't smart enough to do that right now17:22
*** rlandy has quit IRC17:22
*** rlandy has joined #zuul17:22
*** jamesmcarthur_ has quit IRC17:25
*** jamesmcarthur has joined #zuul17:29
*** jamesmcarthur_ has joined #zuul17:33
*** jamesmcarthur has quit IRC17:36
armstrongscorvus: that worked thanks for the info17:49
*** jamesmcarthur_ has quit IRC17:49
*** pwhalen has joined #zuul18:10
*** hasharDinner has quit IRC18:12
openstackgerritJean-Philippe Evrard proposed zuul/zuul-jobs master: Explicitly store facts for promote  https://review.opendev.org/66281718:13
*** themroc has joined #zuul18:23
*** themroc has quit IRC18:24
*** themroc has joined #zuul18:25
*** hasharDinner has joined #zuul18:26
*** hasharDinner is now known as hashar18:31
openstackgerritTobias Henkel proposed zuul/zuul master: Parallelize githib event processing  https://review.opendev.org/66281818:37
tobiashthis is my attempt to parallelize the event processing ^18:37
tobiashthis passes all tests locally18:38
*** pwhalen has quit IRC18:39
*** altlogbot_2 has quit IRC18:43
tobiashcorvus: your registry test job work is impressive :)18:45
*** altlogbot_3 has joined #zuul18:45
openstackgerritTobias Henkel proposed zuul/zuul master: Parallelize github event processing  https://review.opendev.org/66281818:46
openstackgerritMerged zuul/zuul-jobs master: Add a registry test job  https://review.opendev.org/66132718:52
*** themroc has quit IRC18:59
*** themroc has joined #zuul19:04
fungiis anybody already working on the password lookup plugin todo noted at https://opendev.org/zuul/zuul-jobs/src/branch/master/roles/run-buildset-registry/tasks/main.yaml#L28 ?19:06
fungitrying to get an idea of what's involved in making it allowed for the executor19:07
fungithat question is probably mostly for corvus since git blame says he added the todo comment19:09
openstackgerritJean-Philippe Evrard proposed zuul/zuul-jobs master: Append date to tag optionally  https://review.opendev.org/66282819:11
*** pwhalen has joined #zuul19:14
corvusfungi: not that i'm aware of; i think it just involves thinking about whether it can be exploited, and if it's okay, fiddling some knobs in zuul/ansible/19:15
fungiyeah, i guess the biggest risk with it is the ability to write to arbitrary files... that may be enough of a reason to discount it?19:16
fungiif it's safe to use, the invocation we want there is presumably something like registry_password: "{{ lookup('password', '/dev/null') }}"19:17
fungiat least according to what's documented at https://docs.ansible.com/ansible/latest/plugins/lookup/password.html19:17
fungilooks like you can't write to an existing file (other than /dev/null) with it, though you can create new files and also read arbitrary files19:19
fungitarget path has to be readable/writeable as the playbook user, doesn't automatically escalate privs19:20
fungiare these capabilities already possible via any of the allowed plugins?19:20
fungi(the reading of existing files and creating new files)19:21
*** altlogbot_3 has quit IRC19:21
corvusfungi: we have helper methods to verify the path is in the work dir; i think we'd want to use that here19:27
*** altlogbot_0 has joined #zuul19:27
corvusso with that, i think concerns about writing to files should be addressed19:27
fungigot it, so we do need to scope writes (and reads/)19:27
fungier, and reads?19:28
fungior is reading files okay?19:28
*** armstrongs has quit IRC19:28
corvusi think scope both19:29
fungiif there's a way to scope the path, i'd be fine just requiring it to be /dev/null and expecting it to be set as a fact or an ansible var19:29
corvusi don't think we need to require that it be /dev/null19:29
fungiand yeah, it's the same parameter for both reads and writes, which it does depends on how it's being invoked19:29
corvusi think as long as it's scoped to the workdir, reading/writing should be ok19:30
fungihave we done something similar with other plugins?19:30
corvusyeah, here's one: https://opendev.org/zuul/zuul/src/branch/master/zuul/ansible/base/lookup/ini.py19:30
fungicool, thanks!19:30
fungiokay, so we just subclass the plugin basically and then shadow the methods we care about19:31
funginot too bad19:31
corvusyep19:31
corvusmordred: I think zuul has delivered an answer to your question about testing https://review.opendev.org/66097719:37
*** pwhalen has quit IRC19:39
openstackgerritTobias Henkel proposed zuul/zuul master: Parallelize github event processing  https://review.opendev.org/66281819:49
corvusmordred: i threw a recheck on https://review.opendev.org/656879 -- it should be tested by the new registry job20:01
corvusinfra-root, zuul-maint: i have a zuul/opendev crossover question -- the main unresolved question for moving the rest of the zuul repos to the new zuul opendev zuul tenant (that series of words really does make sense) is where to put the js tarballs -- we currently publish them to http://tarballs.openstack.org/zuul/zuul-content-latest.tar.gz  -- should we continue doing that?  is there some other way we20:05
corvusshould publish the latest static js builds?  should we deprecate those and tell people to use the docker image (or, at least, copy the content out of it?)  should we set up tarballs.opendev.org and port the jobs over to use that?20:05
mordredcorvus: so ... in order to do that, I think we'd need to support -c setting a root path for conf.d dir too - or an additional parameter that means taht20:05
corvusmordred: ah, yeah, we probably should -- if we can specify a file, we should probably also be able to specify a dir...20:06
corvus(i think just having -c accept a dir would be fine and the easier thing)20:06
tobiashcorvus: do you know if someone is using the tarballs?20:06
corvus(er, i mean, have -c accept either a file or a dir)20:06
mordredcorvus: how does the logic of "if -c option exists and is a dir, it's intended to be a base dir, otherwise it's a file20:06
mordredcool20:06
*** jamesmcarthur has joined #zuul20:06
corvustobiash: i know that opendev is, but of course we'd be happy to change; i don't know if anyone else is.20:07
tobiashI wasn't even aware that they are there and could be used by folks20:07
clarkbtobiash: I think pabelanger is using wheels that end up on the tarballs server20:07
mordredcorvus: I'd vote for deprecating/removing the tarballs and either publishing something to npm that could be used instead and/or pointing people to docker20:07
corvusclarkb: don't we publish wheels to pypi?20:07
clarkband opendev consumes the js tarballs for our deployments20:07
tobiashclarkb: we publish the wheels now to pypi20:07
clarkbcorvus: we do, but pabelanger wants per commit wheels20:07
clarkbtobiash: ^20:07
tobiashand I guess pabelanger is already using them20:07
corvusclarkb: i'm almost certain that pabelanger is using pypi20:07
tobiash(from pypi)20:07
corvusclarkb: at least, that's what he says when he asks us to tag a release :)20:08
mordredclarkb, corvus: I think it woudl be nice to change how we're deploying opendev zuul for this anyway20:08
clarkbare we publishing wheels on every commit? I seem to recall the specific need was wheels on every commit so that windmill can avoid installing from source20:08
tobiashyes20:08
clarkbk20:08
tobiashclarkb: https://pypi.org/project/zuul/#history20:08
mordredso from an opendev-using-them perspective, I thnik it would be fine if they went away (coordinated with changing what we're doing)20:08
webknjazIt's recommended to always publish both sdist and wheel.20:08
mordredwebknjaz: yah - we definitely do that20:09
clarkbtobiash: I misunderstood then and think we should stop doing that to pypi20:09
webknjaznope20:09
clarkbwe had to stop mirroring pypi because of projects doing that to pypi20:09
*** mugsie_ has joined #zuul20:09
clarkband I'm not comfortable with being part of that problem20:09
tobiashclarkb: pabelanger wanted to be able to use pre-releases so we added pushing them to pypi20:09
webknjazthe idea is that sdist should have the whole source snapshot, while wheel is for built artifacts only20:10
corvuswebknjaz: yes, we always do both20:10
webknjazyep20:10
clarkbtobiash: ya I got that part of it, but thought we were using tarballs for the intermediate wheels. I don't like pushing every commit to pypi20:10
clarkbtobiash: its made pypi much less useable in a local/mirror context20:11
webknjazas for publishing every commit, you should use https://test.pypi.org/project/zuul instead20:11
clarkbwebknjaz: I think taht is for testing pypi/warehouse itself20:11
clarkbso pushing every commit there doesn't really help pabelanger20:11
webknjaznot really20:11
webknjazyou can use it for testing your flows20:12
clarkbright we don't need that20:12
mordredclarkb: but it might provide a way to push per-commit wheels to a location pabelanger can point pip to without scewing mirroring20:12
webknjazi've configured that for molecule and ansible-lint and it keeps the publish pipeline healhy20:12
clarkbmordred: not sure how comfortable users should be installing zuul from test.pypi.org :)20:13
webknjazis that for users?20:13
clarkbreally I think the ideal there is if windmill needs per commit deployment support then doing it from source is what it should do20:13
clarkbwebknjaz: yes, the need from pabelanger is to be able to deploy an arbitrary commit and currently it only deploys wheels20:13
clarkb(aiui)20:13
mordredclarkb: yah - the problem is that from source would involve installing all of the js tools on his servers - which is then a MUST larger deployment20:13
corvusi agree that as a project we should not target "test.pypi.org" as one of our release platforms, even for per-commit builds.20:13
*** timburke_ has joined #zuul20:14
fungithe only real concern i'd have with relying on wheels on pypi, images on dockerhub, js libs on npm, et cetera is that we've found occasions where having a backup copy of those artifacts is useful20:14
mordredif we don't want to push per-commit wheels to pypi, I *do* think we should publish per-commit wheels somewhere (What with suggesting zuul is good for CD consumption) - so maybe we should publish to $somewhere but do it as a full index?20:15
*** timburke has quit IRC20:15
*** mugsie has quit IRC20:15
corvusfungi: so tarballs.opendev.org as a backup artifact archive?20:15
fungiperhaps20:15
fungialso pypi doesn't like publishing signatures of packages20:15
clarkbfungi: ya that has come up a few times over the years in various python projects we've hosted/built20:16
fungii do think that performing uploads tests to test.pypi.org could be useful, since the current rules baked into warehouse about whether a package is acceptable are somewhat inscrutable, but wouldn't want to rely on that as a publishing platform20:16
mordredfungi: ++20:16
fungithey also say they won't go to the same degree of effort guarantee against content loss on test.pypi.org20:16
clarkbit also doesn't prevent the rules from changing and breaking you20:16
webknjazexactly20:17
fungisure, test uploads to test.pypi.org would be more of a canary20:17
clarkbdepends on how often you are committing when they switch things over20:17
fungibut orthogonal to the current topic i think20:17
clarkbsince if you don't commit for the week they switch you break anyway20:17
mordredwell - the current parallel topics20:17
corvuslooks like https://review.opendev.org/655474 is the change that started publishing per-commit wheels to pypi20:17
mordredsince we've moved on to a second topic from covus' original question :)20:17
clarkbon the publish every commit topic: it does make me wonder if pypi has an official stance on that20:18
fungisome of you have moved on, i'm still catching up ;)20:18
clarkbI suppose if pypi says its ok we'll never turn opinion on that and may as well get in line20:18
mordredfungi: I think we just put it on hold for a second20:18
clarkbbut if they'd rather not beacuse pypi is ingesting gigabytes of data every day now maybe we should be nice and stop too20:18
webknjazclarkb: ask here https://discuss.python.org/c/packaging20:18
clarkb(zuul artifacts are bigger than I expected, I guess that is the js build results?)20:19
mordredyeah20:20
fungipresumably vendoring of vendoring of vendoring of javascript20:20
mordredbuilt artifacts not vendoring20:21
fungioh, we're not shipping copies of other people's libraries?20:21
clarkbgoing back to the original question, I think i agree wtih fungi that having a set of copies with hashes/signatures/someverification that we control is valuable so tarballs.opendev.org is probably an alias we should set up20:21
fungior are you saying the js community simply has a more palatable term for the concept? ;)20:22
clarkbfungi: we are shipping compiled versions of those libraries for the various browser versions20:22
mordredno, not in their entirety. we're shipping minified versions of the relevant parts of other people's libraries. in some contexts one might call that "compiling"20:22
clarkbfungi: you compile jsx into javascript for firefox of this age and firefox of that age and mobile browsers and chrom* etc20:22
fungiokay, so like a statically-linked binary20:22
mordredyeah20:22
fungistill makes me a bit uncomfortable since we're shipping copies of (parts of) random libraries we don't produce and have no real means of alerting users to vulnerabilities in20:23
clarkbbut despite having a tarballs archive we can/probably should also push peolpe to use the more official installation repository for their flavor of deployment (eg use docker hub and pypi)20:23
fungibut that ship has sailed i suppose20:23
*** jamesmcarthur has quit IRC20:25
corvusokay, sounds like tarballs.opendev.org is desirable for several reasons; since we publish js to tarballs.openstack.org currently, we may as well continue doing that for tarballs.opendev.org and consider deprecating that at some point in the future20:25
mordredcorvus: ++20:25
clarkband then separately we can check if pypi has an opinion on per commit/daily uploads that have made mirroring pypi incredibly difficult and change our behavior if necessary20:25
corvusso blockers for zuul moving into its own tenant are: 1) create tarballs.opendev.org; 2) move existing publishing jobs to that20:25
clarkbcorvus: can 2) be mostly a noop if we use the same host with an alias?20:26
corvusclarkb: unclear; we may need new jobs with new namespacing rules20:26
mordredwell - we probably want to do $something to make the publication job tenant namespaced20:26
corvus(that's been true for most of the opendev "publication" style jobs so far)20:26
mordredyeah20:27
corvusmordred: maybe not tenant namespaced, but at least fully qualified project names20:27
clarkbeg new user with access to subtree and no other user can write to that and vice versa?20:27
clarkbwfm20:27
corvuseg like https://docs.opendev.org/20:27
clarkbya docs is set up that way via the kerberos users and acls20:27
clarkbiirc20:27
corvusso we'd probably end up with tarballs.opendev.org/zuul/zuul/zuul-content-latest.tar.gz20:28
corvuswhich is not the *most* number of "zuuls" i've seen in a path, but is very close.20:29
clarkbmy zuul is in src/zuul/ so I have src/zuul/zuul/zuul/lib :)20:29
*** themroc has quit IRC20:30
corvusclarkb: you also have src/zuul/zuul/zuul/driver/zuul20:30
mordredI've got ~src/opendev.org/zuul/zuul/zuul20:30
mordredI've got ~/src/opendev.org/zuul/zuul/zuul20:31
mordredtyping is hard20:31
funginow i feel outdone since mine is just in ~/src/opendev.org/zuul/zuul/20:32
fungiidentical to mordred's now that i'm caught up on scrollback20:32
corvus(i have asked a followup conversation about implementation in #openstack-infra for those following along)20:33
openstackgerritMonty Taylor proposed zuul/zuul master: Read multiple *.conf files from directory  https://review.opendev.org/66097720:37
mordredcorvus: maybe that will work ^^20:37
*** jamesmcarthur has joined #zuul20:37
mordredcorvus: I think that should handle -c doing dirs, adding a test and fixing the other broken one20:37
*** altlogbot_0 has quit IRC20:45
clarkbtobiash: the multithreaded github processing lgtm. I did leave some notes but I think that will likely make a big impact.20:59
clarkbthe py35 test is unhappy too20:59
*** rlandy is now known as rlandy|brb21:04
fungistill trying to wrap my head around ansible's plugin module... i can't tell where the original methods we're shadowing in https://opendev.org/zuul/zuul/src/branch/master/zuul/ansible/base/lookup/ini.py are originally defined... traced all the way back to lib/ansible/plugins/__init__.py in ansible and it's just inheriting from abc.ABCMeta in the python stdlib which also does not have those methods21:05
fungis/module/model/21:05
*** pcaruana has quit IRC21:07
mordredfungi: you want to look in lib/ansible/plugins/lookup21:15
corvusfungi: https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/lookup/ini.py#L10721:16
mordredfungi: the subdirs under plugins are special21:16
fungiyeah, but i don't see where the original read_properties() and read_ini() methods are defined for it21:16
fungior are these new methods we're adding to the class?21:17
funginot shadowing existing methods?21:17
*** rlandy|brb is now known as rlandy21:18
*** jamesmcarthur has quit IRC21:19
corvusfungi: why, they're all the way back in v2.3: https://github.com/ansible/ansible/blob/v2.3.0.0-1/lib/ansible/plugins/lookup/ini.py#L5421:20
corvusi don't seem them in later versions21:20
fungioh, so this is ansible v2.3 compat code we're carrying to work around leaks in older versions of the plugin not present in modern versions?21:20
fungii did think to check back as far as v2.6 just to be sure i wasn't overlooking a supported version21:21
corvusfungi: we have a way of supporting different versions of our overrides for different ansible versions.  since we're not using that here, there is a good chance that we actually just missed an implementation change and we accidentally lost protection.21:22
corvus(i haven't looked closely enough to say for certain)21:22
fungigot it. looks like that was added over 2 years ago, so sounds likely21:23
corvus(we have a directory for our overrides for each ansible version, most just symlink to the "base" directory, but if we needed different implementations, we would not do that and instead have different files)21:23
fungiokay, now i'm at least not nearly so uncertain about my ability to read python source code. i was second-guessing myself and thinking i was missing some sort of fancy object generator magic21:24
corvusa fair assumption with ansible :)21:24
fungii'll consider this a lesson to not take provided examples at face value ;)21:25
*** sshnaidm|off has quit IRC21:34
openstackgerritMerged zuul/zuul master: Set the DiskAccountant log as warning level  https://review.opendev.org/66099621:36
*** sshnaidm has joined #zuul21:40
*** sshnaidm is now known as sshnaidm|off21:41
*** mattw4 has joined #zuul21:54
fungigrr, the fact that this plugin just has a run() method and then relies on in-script private functions is making it hard to duplicate its path resolution behavior. already down in the weeds where it's indirectly calling into the jinja2.FileSystemLoader class21:57
fungiproblem is that it wants to allow passing of "relative" paths, where the definition of "relative" is apparently being left up to jinja221:58
fungi(i think)21:58
clarkbfungi: it might just use relative paths direclty21:59
clarkband they end up relative to the tasks cwd21:59
funginot that i can see21:59
fungilib/ansible/plugins/lookup/password.py identifies file paths by parsing a terms list passed into its initialization method22:00
*** mattw4 has quit IRC22:01
fungito do that it calls a path_dwim() method of the _loader attribute from its parent LookupBase class22:01
*** mattw4 has joined #zuul22:02
fungithe LookupBase class seems to expect a loader parameter passed in explicitly at initialization or at least set at some point before use (its default value is None)22:03
fungiahh, i went down the wrong road. it's in lib/ansible/parsing/dataloader.py22:03
fungistarting here https://github.com/ansible/ansible/blob/devel/lib/ansible/parsing/dataloader.py#L17322:05
fungidoesn't looks like we currently import ansible.parsing in zuul22:07
fungithough the DataLoader class initialization takes no arguments, so i guess wouldn't be too hard to add22:09
fungioh, nevermind, i can refer to it as an inherited class method22:11
fungihuh... https://opendev.org/zuul/zuul/src/branch/master/zuul/ansible/base/lookup/ doesn't make it at all clear that those files are symlinks22:20
fungialso what's with all the empty .pyi files?22:20
clarkbthe empty .pyi files make the type checker happy iirc22:21
*** hashar has quit IRC22:24
openstackgerritJeremy Stanley proposed zuul/zuul master: Safely add Ansible password lookup plugin  https://review.opendev.org/66287022:26
fungi^ wip for now as it presumably needs (positive and negative) tests22:26
openstackgerritMonty Taylor proposed zuul/zuul master: Read multiple *.conf files from directory  https://review.opendev.org/66097722:31
mordredcorvus: this time I've learned that os.makedir is not how that is spelled22:32
corvusmordred: RTT on an airplane is not ideal is it?22:32
mordredcorvus: it's not awesome :)22:33
fungii curse myself every time i accidentally pass the -r flag to tox while i'm on an airplane (and destroy the testenvs i've safely cached before i departed)22:36
*** zbr has quit IRC23:00
*** sanjayu_ has joined #zuul23:02
openstackgerritJames E. Blair proposed zuul/zuul-jobs master: Allow download-artifact to download multiple files  https://review.opendev.org/66287623:22
openstackgerritJames E. Blair proposed zuul/zuul-jobs master: Allow download-artifact to download multiple files  https://review.opendev.org/66287623:25
openstackgerritJeremy Stanley proposed zuul/zuul master: Safely add Ansible password lookup plugin  https://review.opendev.org/66287023:32
*** jamesmcarthur has joined #zuul23:43
*** mattw4 has quit IRC23:44
*** jamesmcarthur has quit IRC23:49
*** jamesmcarthur has joined #zuul23:51
« Sunday, 2019-06-02 Index Tuesday, 2019-06-04 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!