Tuesday, 2019-07-30

openstackgerrit	Merged zuul/zuul master: Add log browsing to build page https://review.opendev.org/671906	00:10
*** threestrands has joined #zuul		00:10
openstackgerrit	Merged zuul/zuul master: Move artifacts to their own section https://review.opendev.org/672379	00:21
openstackgerrit	Merged zuul/zuul master: Remember tab location on build page https://review.opendev.org/672836	00:34
openstackgerrit	Merged zuul/zuul master: Use base 1 line number anchors in log view https://review.opendev.org/672837	00:54
*** panda has quit IRC		01:06
*** panda has joined #zuul		01:08
openstackgerrit	Merged zuul/zuul master: Add severity filtering to logs https://review.opendev.org/672839	01:14
*** igordc has quit IRC		01:15
openstackgerrit	Merged zuul/zuul master: Colorize log severity https://review.opendev.org/673103	01:29
openstackgerrit	Merged zuul/zuul master: Add raw links to log manifest https://review.opendev.org/673104	01:46
*** saneax has quit IRC		01:48
openstackgerrit	Merged zuul/zuul master: Rename view to logfile https://review.opendev.org/673105	02:03
*** threestrands has quit IRC		03:30
*** threestrands has joined #zuul		03:30
*** threestrands has quit IRC		03:31
*** saneax has joined #zuul		03:53
*** jank has joined #zuul		04:53
*** jamesmcarthur_ has quit IRC		05:28
*** shachar has quit IRC		06:05
*** shachar has joined #zuul		06:05
openstackgerrit	Tobias Henkel proposed zuul/zuul master: Add support for smart reconfigurations https://review.opendev.org/652114	06:49
openstackgerrit	Tobias Henkel proposed zuul/zuul master: Add --check-config option to zuul scheduler https://review.opendev.org/542160	06:49
*** yoctozepto has quit IRC		07:00
*** tosky has joined #zuul		07:24
*** jpena\|off is now known as jpena		07:24
*** themroc has joined #zuul		07:26
*** jangutter has joined #zuul		07:55
arxcruz	hey guys, is that possible to set a host-vars to several jobs as a variable? so i don't need to repeat the host-vars in all the jobs? It can't be by the parent since there are different parents for those jobs	07:58
arxcruz	something like host-vars: my-host-vars where my-host-vars have the dictionary	07:59
AJaeger	arxcruz: you can add vars to all templates like https://opendev.org/openstack/project-config/src/branch/master/zuul.d/projects.yaml#L65	08:02
AJaeger	That might even apply to jobs in all pipelines, not sure about exact semantics - let's check docs...	08:02
AJaeger	so, we have https://zuul-ci.org/docs/zuul/user/config.html#attr-project.vars	08:03
arxcruz	AJaeger, yeah, here's the problem i have, we have some rhel-8 jobs running that require to set ansible_python_interpreter: /usr/bin/python3	08:03
AJaeger	arxcruz: but not project.host-vars, so what you want is not possible today...	08:04
arxcruz	AJaeger, i was wondering if i could do something like the nodeset	08:04
arxcruz	that i have a - nodeset:	08:05
arxcruz	- name: my-nodeset	08:05
arxcruz	and all the settings	08:05
AJaeger	arxcruz: So, the quick ideas don't work - sorry, can't help further right now. Best ask later today. But let me check first what you read ;)	08:05
AJaeger	arxcruz: looking at the docs, that is not possible. Don't you have a common base job?	08:07
AJaeger	But better discuss with rest of team later today, I'm offline again now...	08:07
arxcruz	AJaeger, yes, i do, but as i said, it's shared by other jobs that run on python2	08:07
arxcruz	AJaeger, sure, thanks	08:07
AJaeger	ah, fun ;)	08:08
*** yoctozepto has joined #zuul		08:09
openstackgerrit	Matthieu Huin proposed zuul/zuul master: Zuul CLI: allow access via REST https://review.opendev.org/636315	08:46
*** SotK has quit IRC		09:06
*** SotK has joined #zuul		09:08
*** AshBullock has joined #zuul		09:32
*** hwangbo has quit IRC		09:52
*** ianw has quit IRC		09:55
*** ianw has joined #zuul		09:59
*** AshBullock has quit IRC		10:26
*** bhavikdbavishi has joined #zuul		10:31
*** bjackman has joined #zuul		10:39
openstackgerrit	Sorin Sbarnea proposed zuul/zuul-jobs master: WIP: Allow ensure-tox to upgrade tox version https://review.opendev.org/672760	10:44
*** jank has quit IRC		10:48
*** AshBullock has joined #zuul		10:57
*** bhavikdbavishi has quit IRC		11:01
*** jank has joined #zuul		11:04
*** saneax has quit IRC		11:30
*** saneax has joined #zuul		11:34
*** jpena is now known as jpena\|lunch		11:35
*** AshBullock has quit IRC		11:41
*** jamesmcarthur has joined #zuul		11:50
*** jamesmcarthur has quit IRC		12:03
*** jpena\|lunch is now known as jpena		12:42
*** jamesmcarthur has joined #zuul		12:44
*** bjackman has quit IRC		12:47
*** jamesmcarthur has quit IRC		12:51
*** jamesmcarthur has joined #zuul		13:01
*** jank has quit IRC		13:01
*** jamesmcarthur has quit IRC		13:02
*** jank has joined #zuul		13:03
*** jamesmcarthur has joined #zuul		13:03
fungi	arxcruz: if they're all defined in the same file, you could use a yaml anchor and reference it	13:38
fungi	not technically a zuul feature, it's a yaml feature	13:39
mordred	arxcruz: for instance: https://opendev.org/opendev/system-config/src/branch/master/.zuul.yaml#L54 and then https://opendev.org/opendev/system-config/src/branch/master/.zuul.yaml#L66 and https://opendev.org/opendev/system-config/src/branch/master/.zuul.yaml#L73	13:43
arxcruz	mordred, fungi is this work also to host-vars right?	14:01
arxcruz	thanks! that's what i needed :D	14:01
fungi	yeah, it's just a general yaml feature to deduplicate data structures	14:05
fungi	since zuul relies on a standard yaml parser, zuul doesn't need to know you're doing that	14:05
arxcruz	fungi, but it requires to be in the same file correct? or zuul will parse all the files in a big yaml file first ?	14:06
*** jeliu_ has joined #zuul		14:09
*** wxy-xiyuan has quit IRC		14:10
fungi	has to be in the same file, yes	14:12
fungi	zuul doesn't concatenate files	14:12
*** jeliu_ has quit IRC		14:13
*** jeliu_ has joined #zuul		14:13
*** jank has quit IRC		14:19
*** bjackman has joined #zuul		14:22
*** michael-beaver has joined #zuul		14:27
*** sanjayu_ has joined #zuul		14:41
*** saneax has quit IRC		14:41
*** bjackman has quit IRC		14:48
*** bhavikdbavishi has joined #zuul		14:52
*** jeliu_ has quit IRC		14:54
*** bhavikdbavishi has quit IRC		14:56
*** jeliu_ has joined #zuul		15:00
tobiash	corvus, mordred: is there some important stuff to review atm?	15:02
tobiash	I was less active here in the last weeks due to operational challenges and vacation but plan to get more active again	15:03
corvus	tobiash: i think mhu's zuul_admin_web series is close to ready, and since it's half-merged already, it would be nice to get the whole thing in for a release	15:04
corvus	also we said we'd review Shrews' autohold stuff once that merges	15:05
mhu	corvus, the GUI part needs a lot of work yet though. I am on it but I am not a react specialist	15:05
mhu	but if you're fine with just the CLI part at this point in time, then by all means	15:06
Shrews	\o/	15:06
corvus	mhu: yeah, the current stuff up for review is the authz configuration, right? with that in place, someone can at least use the rest api	15:06
mhu	corvus, yes	15:06
tobiash	cool, I'll look at it	15:06
mhu	also, I'll be on vacation in a week, so if I'm not around do not hesitate to take over	15:07
corvus	all the more reason to get it finished this week :)	15:07
tobiash	I left a comment on 636315	15:12
tobiash	corvus: what do you think?	15:13
*** bhavikdbavishi has joined #zuul		15:14
SpamapS	Is one of the things in the admin interface going to be a "retry" button for buildsets? I have gotten a few requests for that of late, but I don't remember seeing it in the spec.	15:19
mhu	spamaps, the spec didn't cover the GUI, but if you look at https://review.opendev.org/#/c/643536/15/web/src/pages/Buildsets.jsx I added an "enqueue" button	15:20
mhu	so yes	15:20
corvus	or perhaps the web trigger could handle that	15:22
SpamapS	Cool, just wondering.	15:23
corvus	tobiash: replied and +3	15:27
corvus	mhu: you want to rebase the rest of that stack?	15:27
mhu	corvus, on it	15:27
*** chandankumar is now known as raukadah		15:29
tobiash	:)	15:31
openstackgerrit	Matthieu Huin proposed zuul/zuul master: Add Authorization Rules configuration https://review.opendev.org/639855	15:32
openstackgerrit	Matthieu Huin proposed zuul/zuul master: Web: plug the authorization engine https://review.opendev.org/640884	15:32
openstackgerrit	Matthieu Huin proposed zuul/zuul master: Zuul Web: add /api/user/authorizations endpoint https://review.opendev.org/641099	15:32
openstackgerrit	Matthieu Huin proposed zuul/zuul master: authentication config: add optional token_expiry https://review.opendev.org/642408	15:32
corvus	clarkb, mordred, tristanC: i think opendev's javascript updated, but when i visit a page like http://zuul.opendev.org/t/zuul/build/0c8293045843425b89c14d1f49af52b0 i don't see the tabs at the top	15:38
corvus	what am i missing?	15:38
corvus	we should at least see the "Summary" tab even if there's no "Logs" tab; that makes it feel like it's an old version of the js	15:40
corvus	but isn't the artifacts list new?	15:40
tobiash	corvus: I saw that some post jobs failed	15:41
tobiash	corvus: https://review.opendev.org/673105	15:41
corvus	tobiash: aha, thanks!	15:41
corvus	i will follow that trail	15:41
tobiash	I guess opendev-promote-javascript-content is supposed to do that?	15:41
corvus	yep	15:42
corvus	indeed, the artifacts change is the last time that succeeded	15:43
tobiash	wasn't there some deprecation around download artifact by name?	15:43
tobiash	that's where it fails: http://logs.openstack.org/05/673105/1/promote/opendev-promote-javascript-content/784f17a/job-output.txt.gz#_2019-07-30_02_04_22_902311	15:44
corvus	yeah, but it's supposed to be backwards compat for the next 2 weeks	15:44
corvus	i guess that didn't work	15:44
*** hwangbo has joined #zuul		15:45
openstackgerrit	James E. Blair proposed zuul/zuul-jobs master: Fix typo in download-artifact https://review.opendev.org/673566	15:46
corvus	tobiash: ^	15:46
AJaeger	ah, an extra ")"	15:47
corvus	once that's done, i'll retrigger the latest promotes	15:47
mordred	stupid )'s	15:48
openstackgerrit	Merged zuul/zuul master: Spec: Add a Kubernetes Operator for Zuul https://review.opendev.org/659180	15:50
tobiash	I was too slow...	15:50
openstackgerrit	Merged zuul/zuul-jobs master: Update testing section https://review.opendev.org/672820	15:51
openstackgerrit	Sorin Sbarnea proposed zuul/zuul-jobs master: WIP: Allow ensure-tox to upgrade tox version https://review.opendev.org/672760	15:54
corvus	tobiash: do you have mirrors or proxies (ie, operating system or language packages, etc) in your setup?	15:54
tobiash	corvus: both	15:55
corvus	tobiash: then do you want to look over https://review.opendev.org/669948 ?	15:55
tobiash	(authenticated) Proxies for internet access and mirrors using artifactory	15:56
tobiash	corvus: I'll take a look when I'm at home	15:56
corvus	tobiash: thanks	15:56
openstackgerrit	Merged zuul/zuul-jobs master: Fix typo in download-artifact https://review.opendev.org/673566	16:01
corvus	re-enqueuing 673105,1 for promote	16:04
AJaeger	corvus: want to re-enqueue 672820 for promote as well?	16:08
AJaeger	we can also wait for next merge for accurate docs...	16:08
corvus	AJaeger: i still had the command up so it was easy enough to do, thanks :)	16:09
corvus	the jobs for 105 ran as expected	16:09
*** panda has quit IRC		16:09
corvus	and afs is updated	16:10
corvus	so we're just waiting on an opendev ansible/puppet run	16:10
*** panda has joined #zuul		16:13
openstackgerrit	Merged zuul/zuul master: Zuul CLI: allow access via REST https://review.opendev.org/636315	16:18
openstackgerrit	Jeff Liu proposed zuul/zuul-jobs master: Add auth config to kubelet user for buildset registries https://review.opendev.org/673351	16:19
AJaeger	thanks, corvus	16:22
*** evgenyl has quit IRC		16:24
*** evgenyl has joined #zuul		16:27
*** igordc has joined #zuul		16:33
*** evgenyl has quit IRC		16:34
*** evgenyl has joined #zuul		16:36
*** jpena is now known as jpena\|off		16:38
*** cixx has quit IRC		16:39
*** cixx has joined #zuul		16:40
*** sgw has quit IRC		16:42
*** themroc has quit IRC		16:52
*** bhavikdbavishi has quit IRC		16:54
pabelanger	Greetings, I think I've asked this before, we have a new requirement for zuul to checkout a project (say https://github.com/ansible-network/sandbox) on disk as src/github.com/ansible_network/sandbox. I know a role has the ability to control the dest name, but I don't believe a project can? This is all related to the upcoming collections work that ansible is going to be pushing in 2.9 and a hyphen in project	16:54
pabelanger	name is no longer allowed. I am hoping to avoid renaming a complete org in git to support it	16:55
*** bhavikdbavishi has joined #zuul		16:56
mordred	pabelanger: I would suggest that you're not the only person who is going to have an issue with a decision to start disallowing hypens	16:57
fungi	sounds like a good reason to convince them to allow hyphens	16:57
fungi	yeah, that	16:57
mordred	yeah	16:57
*** jeliu_ has quit IRC		16:57
mordred	otherwise its going to make life VERY hard for people who want to use collections but want to install them via git	16:57
*** sshnaidm is now known as sshnaidm\|afk		16:58
pabelanger	from what I am being told, it is because python importer breaks (doesn't support it)	16:58
pabelanger	yes	16:58
mordred	pabelanger: anyway - I believe you'd want a pre-playbook to do a mv	16:58
pabelanger	very hard is what I am seeing now, I'm trying to avoid the need to move files around after zuul pushed them	16:58
pabelanger	mordred: yah, I do that today, but don't like it	16:59
fungi	probably we need a way for collections to do that remapping. it would be very confusing to need to refer to the on-disk path with something other than its actual repository name. so many places i expect we assume they match	16:59
pabelanger	I'd also symlink it, but something about testing tool (ansible-test) doesn't like a symlink :(	16:59
mordred	yup. also - I have roles in repos with -s in them	16:59
mordred	not just org names :)	17:00
mordred	like - literally all of my role repos	17:00
pabelanger	this is also going to be an issue for zuul directly, when it grows the ability to use a collection from executor	17:00
pabelanger	same	17:00
fungi	can collections "know" a thing by some symbolic name which is not its directory name, maybe?	17:00
fungi	maybe via some configurable translation table?	17:00
*** jamesmcarthur has quit IRC		17:00
pabelanger	maybe, but so far there is resistance to using "-", even if a technical solution was found	17:00
mordred	pabelanger: is it possible to do something (slighly absurd) like "mazer install src/github.com/ansible-network/sandbox" and have that install the thing into a location with the transformations needed?	17:01
fungi	i guess good luck getting it adopted if they're basically telling users they're not going to support existing names and everyone has to rename stuff before collections will be generally usable	17:01
fungi	sounds like a cop-out to me	17:01
pabelanger	mordred: maybe, I can test	17:02
mordred	fungi: yeah - but ... other things need to be installed, so I can accept the difference between "installed artifact" and "checked out source repo"	17:02
fungi	right, i mean python packages support this concept	17:03
mordred	yeah	17:03
fungi	the distname doesn't have to be the file/directory/archive name	17:03
fungi	you just have a registry mapping them to one another somewhere, or embed some metadata, or both	17:03
fungi	it's kinda like saying my new web browser is awesome but it doesn't support domains with hyphens in them so everyone will need to rename their websites	17:04
fungi	(because the url parsing library i chose gets confused by hyphens, but also because i think hyphens in domain names are ugly and everyone should agree with me)	17:05
*** bhavikdbavishi has quit IRC		17:07
*** bhavikdbavishi has joined #zuul		17:07
*** bhavikdbavishi has quit IRC		17:17
*** bhavikdbavishi has joined #zuul		17:18
*** jamesmcarthur has joined #zuul		17:26
corvus	yay! http://zuul.opendev.org/t/zuul/build/2bf9467ddfe74b039a03d81c7d074f01#logs works	17:32
clarkb	corvus: the raw links have an extra / in them (it will work as is, but would be a nice cleanup)	17:33
corvus	clarkb: ya	17:33
* clarkb can write that patch if you want		17:33
clarkb	I'm betting that one is simple enough for me to not get wrong :)	17:33
corvus	clarkb: all yours :)	17:34
corvus	i need to afk for a bit anyway	17:34
*** bhavikdbavishi1 has joined #zuul		17:36
*** bhavikdbavishi has quit IRC		17:37
*** bhavikdbavishi1 is now known as bhavikdbavishi		17:37
mordred	corvus: that's just so sexy	17:39
mordred	SpamapS: ^^ I think you're going to like that	17:41
*** bhavikdbavishi has quit IRC		17:41
pabelanger	looking at http://zuul.opendev.org/t/zuul/build/2bf9467ddfe74b039a03d81c7d074f01#logs in chrome, doesn't show anything execpt summary	17:42
pabelanger	I do see expections in console	17:42
pabelanger	hmm, network error	17:43
pabelanger	so maybe myside	17:43
*** tosky has quit IRC		17:43
*** bhavikdbavishi has joined #zuul		17:43
AJaeger	corvus: that is great!	17:43
pabelanger	http://logs.openstack.org/99/641099/33/check/tox-pep8/2bf9467/job-output.json.gz does load directy	17:44
pabelanger	directly*	17:44
pabelanger	so something in js that is issue?	17:44
mordred	pabelanger: if you refresh the build link does it work?	17:44
mordred	(and what sort of network error?)	17:45
pabelanger	http://paste.openstack.org/show/755129/	17:45
tristanC	corvus: well done :)	17:45
pabelanger	that is what I see	17:45
pabelanger	ctrl-f5 doesn't fix	17:45
mordred	pabelanger: (the logs tab won't show until the data has been loaded)	17:46
pabelanger	firefox works	17:46
pabelanger	some things related to chrome	17:46
mordred	hrm. it's like it's applying a CORS rule or something - what version of chrome?	17:47
mordred	pabelanger: ad blocker	17:47
mordred	or also https://love2dev.com/blog/what-the-heck-does-neterr_blocked_by_client-mean-and-how-can-you-fix-it/	17:47
fungi	pabelanger: blocked by am extension maybe?	17:47
pabelanger	Google Chrome 74.0.3729.131 (Official Build) (64-bit)	17:48
pabelanger	fungi: checking	17:48
mordred	oh - which is also mentioning adblock	17:48
pabelanger	yah, incognito works	17:48
pabelanger	so like adblock	17:49
Shrews	pabelanger: you'll accept our zuul ads and like it! :)	17:49
mordred	the internet seems to think it's related to extension - so maybe the fetch of a thing ending in .gz is bothering it?	17:49
pabelanger	indeed!	17:49
pabelanger	privacy badger was issue	17:49
pabelanger	relaxed settings for logs.o.o	17:50
mordred	ah. privacy badger	17:50
pabelanger	which is odd	17:50
mordred	I wonder if there is any way to detect such a thing and display a warning	17:50
pabelanger	because premerge it worked	17:50
pabelanger	I suspect because both were on logs.o.o	17:50
Shrews	hrm, i use pb and don't have any problems	17:50
pabelanger	web and logs	17:50
mordred	pabelanger: pre-merge it was the same site	17:50
fungi	yeah, it's the cross-site request that does it	17:50
mordred	both from logs.o.o	17:50
pabelanger	yah, that worked fine	17:50
mordred	cross-site to a .txt.gz potentially	17:50
pabelanger	maybe	17:50
fungi	pb blocks it for me in ff too, fwiw	17:51
Shrews	mordred: possibility of an sdk release soon-ish to help track down the builder volume leak issue?	17:51
mordred	Shrews: https://review.opendev.org/673581 Release 0.32.0 of openstacksdk	17:53
mordred	Shrews: you mean like that?	17:53
Shrews	something like that, yeah	17:53
mordred	Shrews: sweet	17:54
tristanC	pabelanger: did it worked before for json.gz request, e.g. on failed build page, there should be a panel with the failed task output	17:54
fungi	i bet if it was linking to logs.opendev.org pb wouldn't care	17:55
*** fdegir has quit IRC		17:55
fungi	but it's a cross-domain request and those seem to raise its ire	17:55
*** fdegir has joined #zuul		17:56
tristanC	fungi: failed build page does a cross-domain request the job-output.json.gz from zuul.o.o to logs.o.o (to display hosts stat and failed task output)	17:57
pabelanger	http://paste.openstack.org/show/755132/	17:59
pabelanger	is what I seen	17:59
pabelanger	nothing after Summary was rendered	17:59
mordred	pabelanger: does privacy badger show you anything about why it's blocking that?	18:00
fungi	yep, and eff privacy badger blocks that request unless i tell it to allow requests to logs.openSTACK.org from zuul.openDEV.org	18:00
mordred	I'm reading about posting DNT policy files to self-certify that we are not tracking people	18:00
openstackgerrit	Clark Boylan proposed zuul/zuul master: Cleanup extra /'s in manifest render view https://review.opendev.org/673605	18:01
mordred	fungi: any more specific information about what it doesn't like about it?	18:01
pabelanger	mordred: no, nothing about why, just orange indicator that something was found	18:01
fungi	mordred: good luck with that. pretty sure the folks assessing the dnt policy submissions only get around to verifying them for very large/popular sites	18:01
fungi	i looked into it at length	18:01
mordred	boo	18:01
*** jeliu_ has joined #zuul		18:02
mordred	well - this is unfortunate, as I imagine this will be an issue for a non-zero number of our users	18:02
pabelanger	will also be issue with swift I suspect	18:03
clarkb	fwiw FF with default do not track stuff enabled and ublock origin and my crazy home firewall did not block it	18:03
clarkb	pabelanger: with swift we'll drop the .gz suffix and have swift properly serve the content based on headers	18:03
tristanC	clarkb: same for me	18:03
pabelanger	clarkb: cool	18:03
mordred	clarkb: I don't know that we've determined it's the .gz vs. just the cross-domain	18:03
clarkb	mordred: ah	18:03
tristanC	clarkb: there needs to be a cors header though	18:03
clarkb	tristanC: ya that may fix the cross domain problem?	18:04
mordred	it's _something_ and those are both likely candidates - unfortunately privacy badger isn't telling us what rule is being triggered	18:04
mordred	a CORS header violation would show differently - and we'd all be seeing it	18:05
fungi	mordred: fwiw, if i allow cookies for logs.openstack.org when viewing zuul.opendev.org pages, that fixes it	18:06
fungi	is the logs.o.o site requesting/setting a cookie somehow?	18:06
tristanC	clarkb: this is the header needed from the logserver: https://review.opendev.org/627903	18:06
clarkb	tristanC: isn't that set then?	18:07
clarkb	I mean the change is merged	18:07
clarkb	that is probably why we aren't seeing cors errors	18:07
mordred	fungi: hrm. I don't think we're _purposely_ doing cookies on logs.o.o	18:07
mordred	clarkb: yeah - we'll need to ensure we tell swift to set that header when we start using swift	18:08
tristanC	clarkb: this would somehow need to be set on the swift host	18:08
clarkb	tristanC: I think we may be able to set that via the swift api?	18:08
clarkb	https://www.swiftstack.com/blog/2013/04/02/using-cors-with-swift/ ya	18:08
clarkb	(note we aren't using swift yet)	18:08
fungi	for comparison, http://zuul.openstack.org/build/46add3e269ae4c33a2adfdc95ace58f9#logs works fine for me and pb doesn't claim to have spotted any requests to trackers (allowed or otherwise)	18:09
fungi	in that case, the requests are not cross-domain though, they're just to other sites in the same domain	18:09
mordred	fungi: I don't see any cookies in my browers' interaction with logs.o.o	18:10
fungi	yeah, nor do i	18:10
fungi	so the "allow cookies" setting in pb may not be as simple as its name would imply	18:10
mordred	ooh!	18:12
mordred	https://zuul.opendev.org/t/zuul/build/2bf9467ddfe74b039a03d81c7d074f01#logs does not work	18:13
mordred	because of ssl / no-ssl	18:13
fungi	mordred: https://zuul.opendev.org/t/zuul/build/2bf9467ddfe74b039a03d81c7d074f01 doesn't seem to have a logs tab at all	18:14
mordred	yeah - the logs tab won't load if it can't load the json content that drives it	18:15
fungi	aha, right	18:15
fungi	and yeah, doing https://zuul... to http://logs... will be a problem (the browser will generally block that, don't need some extension to get in the way)	18:15
clarkb	we can create a vhost for logs.opendev and LE it easy enough	18:16
clarkb	or just switch to swift	18:16
mordred	yeah. but then zuul.openstack.org would be an issue - also - can we fetch swift objects over https:	18:17
mordred	?	18:17
mordred	(This is a fun rabbithole we've opened here)	18:17
clarkb	mordred: that will depend on the swift implementation re swift https	18:18
mordred	clarkb: I guess since the objects are part of the API though that it's highly unlikely any of our public clouds don't have https turned on	18:18
clarkb	ya	18:18
mordred	we'll still need to sort out whether the .gz is involved or whether this will be a problem with swift too	18:19
clarkb	with swift we'll drop the .gz's	18:19
mordred	what I'm saying is - if the .gz isn't the issue, and the issue is the cross domain ...	18:19
mordred	then swift will have the same issue	18:19
fungi	the easiest demonstration is to compare http://zuul.openstack.org/build/46add3e269ae4c33a2adfdc95ace58f9#logs and http://zuul.opendev.org/t/openstack/build/46add3e269ae4c33a2adfdc95ace58f9#logs	18:20
clarkb	mordred: ah yup	18:20
fungi	they are the same build but via different vhosts	18:20
fungi	the former works fine for me and pb reports no trackers, the latter it thinks the logs site is a tracker and blocks it by default (unless i allow it)	18:20
mordred	awesome	18:21
clarkb	so could be that while the CORS policy says cross domain is fine	18:21
clarkb	pb is not allowing it because thatcould be a nefarious third party	18:21
fungi	pb does the same thing when i go to http://graphana.opendev.org/ because it requests files from http://graphite.openstack.org/ (again cross-domain)	18:21
corvus	i just installed pb and am able to view the job-output.txt of both of those just fine	18:21
fungi	er, http://grafana.opendev.org/ to http://graphite.openstack.org/	18:21
fungi	gah, other way around	18:22
mordred	fungi: privacy badger source says that if we post https://subdomain.example.com/.well-known/dnt-policy.txt	18:23
mordred	it won't block the interaction	18:23
corvus	can someone help me out with a reproducer?	18:23
mordred	fungi: it reproduces for fungi - I think he's the reproducer case	18:23
mordred	fungi: which link doesn't work for you?	18:24
mordred	also, fungi, what version of PB do you have installed?	18:25
corvus	version 2019.7.1.1	18:25
corvus	is what i just installed	18:25
fungi	corvus: i'm on firefox 67.0.1 with eff privacy badger 2019.7.1.1	18:25
corvus	i see that pabelanger was looking at job-output.json earlier -- i suspect there's a problem with direct rendering of that, so we may want to be clear about which files we're accessing	18:26
corvus	i'm looking at job-output.txt, and so far, i have not had any trouble	18:26
corvus	i'm on ff 68.0.1	18:27
fungi	in general what i see is that if an opendev.org site requests content from an openstack.org site (such as the case with the zuul builds pages) or an openstack.org site requests content from an opendev.org site (such as graphs in grafana) then privacy badger sees the request as going to a tracker	18:27
mordred	corvus: I thought the original pabelanger issue was that he got no logs tab at all because he got the blocking	18:27
fungi	so i generally just slide the control for that "tracker" over to allow and forget about it	18:28
mordred	corvus: I concur though - I just installed PB and I am able to load the page fine	18:28
corvus	mordred: 17:44 < pabelanger> http://logs.openstack.org/99/641099/33/check/tox-pep8/2bf9467/job-output.json.gz does load directy	18:28
corvus	mordred, fungi: yeah, i don't know how to reproduce fungi's issue	18:29
fungi	mordred: corvus: does the pb icon show a yellow-background number like "1" or a green-background "0" on those pages?	18:29
corvus	green 0	18:29
fungi	neat	18:29
mordred	green 0 for me too	18:29
mordred	13:42:51<pabelanger>looking at http://zuul.opendev.org/t/zuul/build/2bf9467ddfe74b039a03d81c7d074f01#logs in chrome, doesn't show anything execpt summary	18:29
mordred	(sorry for the bad timestamp)	18:29
corvus	mordred: right, i'm just saying let's be careful about using job-output.json as a test	18:30
mordred	totally	18:30
corvus	i'm not saying that pabelanger didn't have a problem	18:30
fungi	for me http://zuul.openstack.org/build/46add3e269ae4c33a2adfdc95ace58f9#logs has a green "0" (no trackers found) but http://zuul.opendev.org/t/openstack/build/46add3e269ae4c33a2adfdc95ace58f9#logs has a yellow "1" (logs.openstack.org)	18:30
corvus	i'm saying, "hey folks, there may be 2 problems, let's be careful not to accidentally conflate them"	18:30
fungi	pabelanger: do you see the same?	18:30
mordred	corvus: incidentally - job-output.json IS giving me a problem - but it's a different issue, so I'll just put a pin in it and we can come back to it	18:30
corvus	fungi: pb apparently "learns" ?	18:30
fungi	yeah, i don't know what sort of learning algorithm it uses	18:31
mordred	http://paste.openstack.org/show/755133/ is what I get from http://zuul.opendev.org/t/openstack/build/46add3e269ae4c33a2adfdc95ace58f9/log/job-output.json	18:31
mordred	corvus: so maybe the fact that pabelanger and fungi both enabled it means we don't see the issue?	18:33
mordred	oh - or the opposite - fungi has been using it for a while so it has learned things about his usage	18:34
corvus	yeah... maybe something about some other site under openstack.org?	18:34
fungi	mordred: ahh, the dnt policy thing is different, okay. maybe that's a lot easier. i was thinking of the https://tosdr.org/ database which is how ddg privacy essentials works out the site's "privacy practices" for part of its "privacy grade"	18:34
mordred	fungi: can you still see the error?	18:34
mordred	fungi: if so, I'd like to try putting the well-known file in place and seeing if that clears it up for you	18:35
*** jamesmcarthur has quit IRC		18:35
fungi	mordred: that seems to have solved it	18:35
mordred	I did not put the file in place	18:35
fungi	oh, you're right	18:36
fungi	it took a moment for the js to get far enough to request the file and then it switched form green 0 to yellow 1	18:36
fungi	so yes, it is reprodicble for me on reload, just takes a moment to show up	18:36
pabelanger	fungi: yes, that is correct	18:37
mordred	fungi: ok. I'm going to put the file in place - let's see if it solves it	18:37
fungi	lmk when it's there and i'll do another forced reload	18:37
fungi	assuming you can confirm it's directly fetchable	18:37
fungi	you're installing it on the logs site, right?	18:38
mordred	http://logs.openstack.org/.well-known/dnt-policy.txt is in place	18:38
mordred	yes	18:38
mordred	fungi: any luck?	18:39
fungi	i confirmed i was able to load that file, but pb behavior is unchanged	18:39
fungi	we can also check the apache access log for any requests for that file	18:40
mordred	ok. so putting that file in place does not help. that's at least good to know	18:40
fungi	of course, i've requested it once already	18:40
corvus	mordred: when you're done, let's be sure to remove it so it doesn't confuse the issue	18:40
mordred	corvus: agree	18:40
mordred	fungi: I see three accesses	18:40
mordred	I loaded it once	18:40
mordred	you loaded it once	18:40
corvus	me	18:40
mordred	and corvus	18:41
mordred	so pb did not load it	18:41
mordred	I will remove it now	18:41
mordred	gone	18:41
mordred	corvus: ok - I can't load job-output.json in my browser in either domain - same error each time	18:45
mordred	line 29 of errors.js - it seems like error.request is undefined	18:45
corvus	mordred: yeah, i expect that's a different error	18:45
corvus	are we switching to that?	18:45
corvus	i can only handle debugging one thing at a time	18:45
mordred	corvus: oh - sorry - yes. I expect that's a different error. and we can keep a pin in it	18:46
corvus	mind you, i'm not sure what else to do with the PB thing	18:47
corvus	i've been browsing a bunch of openstack.org domains to try to get PB to "learn" to distrust it, but no joy so far	18:47
corvus	looking at the pb config pages, i don't see anything indicating why it may have decided a domain is a tracking domain	18:49
corvus	(i have accumulated 1073 tracking domains just by browsing openstack.org)	18:50
mordred	corvus: same here (out of ideas) and same here (can't see anything)	18:50
mordred	corvus: wow	18:50
fungi	it could also have to do with the identifier-looking hex strings in those requests	18:50
fungi	hard to say	18:50
mordred	corvus: go to openstack.org itself?	18:50
corvus	mordred: openstack.org, ask.openstack.org, wiki.openstack.org	18:50
mordred	and maybe log in to your foundation account?	18:50
corvus	oh, i haven't logged in	18:50
mordred	(trying to think of something that would set a cookie in openstack.org domain)	18:51
fungi	oh, great point	18:51
corvus	no joy	18:52
fungi	ff says i have an "openstack.org" cookie last used 35 minutes ago	18:52
fungi	so this might explain 1. why not all of us see this behavior and 2. why allowing cookies for logs.openstack.org gets the content loading for me	18:53
mordred	yeah - because you had the cookies thing	18:53
mordred	yeah	18:53
mordred	like - why is your ff sending a cookie to logs.o.o one wonders	18:53
fungi	now if only i could figure out how to get it to show me what's in that cookie	18:54
clarkb	fungi: that should be in the network debug panel of ff	18:54
fungi	also i think this may explain why pabelanger said switching to an incognito session solved it (you did say that didn't you pabelanger?)	18:54
mordred	I have a cookie set for logs.o.o	18:56
mordred	how do I have one of those?	18:56
corvus	fungi: do you have ff content blocking enabled? mine is set to strict	18:56
corvus	i wonder if that means that pb isn't seeing as much training material	18:56
fungi	corvus: i do, but it's possible at some point i allowed cookies for openstack.org to get something working there	18:57
fungi	the cookie in question is for .openstack.org and has a name of __cfduid	18:57
fungi	set back in may with a one-year expiration	18:57
fungi	and ff says it is indeed sending that to logs.o.o	18:58
clarkb	ya I think cookies are sent to subdomains and parent domains	18:58
mordred	fungi: that's a cloudflare cookie	19:00
fungi	yuck	19:00
fungi	baleeted	19:01
corvus	is the current hypothesis: openstack.org set a cloudflare cookie at some point in the past, PB saw that cookie go to logs.o.o and therefore learned that it was a "tracking domain"?	19:01
mordred	yeah	19:01
mordred	also - I thought we looked in to cookies for subdomains and determined they did not get sent to subdomains - when we were looking in to the zuul-preview stuff	19:02
clarkb	mordred: I think there are settings you set in the cookie for that	19:02
mordred	yes - this is accurate - I just re-learned that	19:03
clarkb	so if the cloudflare cookie doesn't do that then you lose	19:03
clarkb	(we might be able to work with jimmy to fix that)	19:03
mordred	yeah - and fungi said it was set for .openstack.org	19:03
fungi	or was until i baleeted it	19:03
corvus	new browsers ignore the leading dot, so i think that means that cookie should be sent to *.openstack.org and openstack.org	19:05
fungi	to takeaway is for opendev/osf folks to work out the openstack.org cookie. this is not a zuul problem so i think we've discussed it as much as needs be in here	19:13
fungi	can move on to the json file issue i guess	19:13
mordred	fungi, corvus: maybe we should put in a $something where the logs tab will go after $time or something $somehow - like with a little flag and a popup "don't see logs, you may have an issue with PB or browser blocking, please contact your admin" or something like that? (I don't think we get an actual exception in the javascript we can respond to)	19:18
corvus	mordred: that's a good question -- are we sure we don't get an error? (like, axios returns a i couldn't get this file message?)	19:19
corvus	cause if so, we can probably do a thing where we say "this build has a manifest, but i can't retrieve it, popup an error"	19:19
fungi	the js debugger shows a "blocked by client" error	19:19
fungi	so maybe that's doable?	19:19
corvus	and that error could say "unable to fetch $URL" which might be enough for the user to debug the issue	19:19
corvus	(that would let them triage "oh hey i think the logserver is down" as well as "hrm, maybe that orange privacy badger thing has something to do with this"	19:20
fungi	could even say "unable to fetch $URL, check your browser plugins and ad blockers"	19:20
fungi	or... whatever	19:20
fungi	(though also we're going to be unable to generally support https->http requests so need to remember that needs solving by adding https to more things)	19:21
fungi	((or switching to things that already https, like swift))	19:21
mordred	well - the js debugger shows that in the console - but that doesnt' mean an exception got tossed to the javascript code	19:21
mordred	fungi: yeah	19:21
corvus	mordred: but... something should, right?	19:22
corvus	i mean, somewhere, there's an http request that needs a response	19:22
mordred	corvus: yeah. I'd like to know what that response looks like I guess	19:22
corvus	too bad fungi removed the cookie	19:23
mordred	corvus: maybe we could manaully add logs.openstack.org to the PB list?	19:23
corvus	mordred: oh maybe	19:23
corvus	might could do that by exporting, modifying, importing data	19:24
fungi	i have a feeling i can reacquire said cookie easily	19:24
mordred	yeah	19:24
fungi	but not until after the infra meeting	19:25
mordred	corvus: I tried the modifying route. it did not work as well as I otherwise might have wanted	19:30
corvus	:(	19:31
*** bhavikdbavishi has quit IRC		19:39
fungi	so... on another computer i actually have two .openstack.org cookies (the aforementioned __cfduid which is probably from cloudflare and also a __ga which looks to be google analytics)	19:59
corvus	fungi: is it broke there too?	20:01
fungi	testing now	20:01
fungi	yes, privacy badger claims to have detected logs.openstack.org as a tracking site on this computer's firefox as well	20:02
fungi	(when trying to view the zuul.opendev.org build details)	20:03
corvus	cool	20:03
corvus	so i can add some error handling for this, but i think we would have to actually merge and deploy it to test it with PB	20:04
corvus	since the logs.o.o hosted version of this won't hit the error	20:04
corvus	oh, i wonder if we could use zuul-preview	20:04
corvus	yes!	20:10
fungi	wow, a new use case for it!	20:10
corvus	fungi: can you visit http://site.1e8199ad98454be297311a2542315ed8.zuul.zuul-preview.opendev.org/build/3c841507c8c345f0a4c83dc8fb8b6d00 and tell me if the problem shows up?	20:10
clarkb	wow hax	20:11
corvus	that's just the most recent build from the old patch series	20:11
corvus	but if it works, then it means i can mock up a solution and we can test it pre-merge	20:11
fungi	"File Not Found"	20:11
corvus	what's the context for that?	20:11
fungi	maybe i got the url wrong	20:11
corvus	fwiw, that url works for me, including the log tree and rendering job-output.txt	20:12
corvus	oh ha	20:12
corvus	a reload gets 404	20:12
corvus	so, we might be hitting a zuul-preview bug	20:12
corvus	oh no i know what it is	20:12
corvus	i deep linked, but we can't do that with preview sites	20:12
corvus	fungi: go to http://site.1e8199ad98454be297311a2542315ed8.zuul.zuul-preview.opendev.org/status	20:13
corvus	grr	20:13
corvus	fungi: go to http://site.1e8199ad98454be297311a2542315ed8.zuul.zuul-preview.opendev.org/	20:13
corvus	fungi: then navigate to a buld using the builds tab	20:13
corvus	any build should do	20:13
corvus	(so click "builds" then click the first "success" link on the list)	20:13
fungi	privacy badger is currently blocking content from zuul.openstack.org there for me. will set it to allow	20:14
fungi	allowing cookies for zuul.openstack.org got the initial url working	20:14
corvus	(that sounds like the same error)	20:14
fungi	i concur	20:15
corvus	we have 3 sites involved now, so 2 places where we can hit that error	20:15
corvus	happily we don't really need to solve this one	20:15
fungi	and yeah, on a build it is flagging logs.openstack.org as a blocked tracker	20:15
corvus	fungi: w00t	20:16
corvus	i will go add some error handling based on just a 404 and we can see if that's the same	20:16
jeliu_	ansible	20:16
jeliu_	^sorry accident	20:16
fungi	i will go to the grocery store, but shouldn't be gone long. pabelanger may also be able to test	20:17
pabelanger	same, GET https://zuul.openstack.org/api/info net::ERR_BLOCKED_BY_CLIENT for url above	20:18
corvus	other than the config-errors, i can't find a place where we report an error to a user; can anyone think of one?	20:21
*** themroc has joined #zuul		20:24
corvus	found it	20:24
openstackgerrit	James E. Blair proposed zuul/zuul master: js: correct action names https://review.opendev.org/673680	20:28
corvus	i have learned something about the way our app is structured. :)	20:29
corvus	once the preview build is ready for that, i'll paste in the new url	20:29
corvus	i'm going to debug the json issue while we wait	20:33
*** pabelanger has quit IRC		20:37
corvus	okay, the json issue is (this may not surprise anyone) that we're given in actual javascript object when we fetch that, rather than a string.	20:38
*** mhu has quit IRC		20:38
*** sgw has joined #zuul		20:39
mordred	corvus: hahahaha	20:41
openstackgerrit	Jeff Liu proposed zuul/zuul-operator master: use opendev image building system for zuul-operator test https://review.opendev.org/673020	20:46
openstackgerrit	Jeff Liu proposed zuul/zuul-jobs master: Add auth config to kubelet user for buildset registries https://review.opendev.org/673351	20:48
*** igordc has quit IRC		20:50
openstackgerrit	James E. Blair proposed zuul/zuul master: js: don't transform json logfiles https://review.opendev.org/673688	20:54
corvus	that should take care of that one	20:54
mordred	\o/	20:55
corvus	fungi: can you try http://site.7ee9de4db7ca498ead5c80429d0b6830.zuul.zuul-preview.opendev.org/ ?	21:37
*** jeliu_ has quit IRC		21:46
fungi	i am back and can definitely try that	21:50
fungi	my browser is really, really slow at the moment. please wait :/	21:51
fungi	okay, so that initial page worked because i was allowing zuul.openstack.org cookies. retrying with them disabled	21:52
corvus	fungi: i expect you're going to need to allow from zuul.openstack.org	21:54
fungi	yeah, so with cookies to zuul.openstack.org blocked, http://site.7ee9de4db7ca498ead5c80429d0b6830.zuul.zuul-preview.opendev.org/ just spins forever at "Fetching info..."	21:54
fungi	i'll reallow those and then see about the builds page	21:54
corvus	i think we're only interested in what happens when you go to the builds page	21:54
fungi	fair	21:55
fungi	re-set it to block cookies for logs.openstack.org now	21:56
fungi	no error message... i just don't get a logs tab when i select a build's detail	21:57
corvus	fungi: what happens if you enable the network pane?	21:58
corvus	fungi: oh, also, try going to the developer console and clicking the "XHR" button	21:59
corvus	maybe mordred's idea of not receiving an error response is at play, in which case, i'd love some suggestion as to what that actually looks like	22:00
*** themroc has quit IRC		22:02
*** jamesmcarthur has joined #zuul		22:09
fungi	will check	22:09
fungi	aha, under web developer -> web console	22:11
fungi	ooh, this is fun	22:12
fungi	Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://logs.openstack.org/81/668181/1/gate/build-openstack-releasenotes/f863b3a/zuul-manifest.json. (Reason: CORS request did not succeed).	22:12
fungi	Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://logs.openstack.org/81/668181/1/gate/build-openstack-releasenotes/f863b3a/html/job-output.json. (Reason: CORS request did not succeed).	22:12
corvus	okay, so it looks like it's the same mech for cors	22:14
corvus	that's a less esoteric error, so that may be a thread we can pull on	22:14
*** panda has quit IRC		22:15
fungi	right, that doesn't 100% jive with my experience that pb is blocking cookies for logs.o.o and if i allow cookies for logs.o.o the content loads	22:17
*** panda has joined #zuul		22:18
corvus	fungi: yeah, but i'm thinking that's how pb implements its blocking -- it somehow triggers the same codepath that cors does	22:18
fungi	oh, entirely possible	22:19
corvus	(maybe behind the scenes if it wants to block something, it updates firefox's cors value for a site)	22:19
*** sanjayu_ has quit IRC		22:22
*** sanjayu_ has joined #zuul		22:23
*** jamesmcarthur has quit IRC		22:39
openstackgerrit	James E. Blair proposed zuul/zuul master: Attempt to report CORS and related errors https://review.opendev.org/673707	22:47
corvus	fungi: ^ that's based on a cors failure i manufactured; once we have that available through the preview site, we should see if that handles the PB case too	22:48
openstackgerrit	Clark Boylan proposed zuul/zuul master: Cleanup extra /'s in manifest render view https://review.opendev.org/673605	22:51
*** rfolco\|ruck has quit IRC		23:02
*** michael-beaver has quit IRC		23:15
clarkb	corvus: I'm not sure ^ is working beacuse I get weird urls back out except not weird in the way I expected (missing /s or extra /s) weird beacuse there are extra works in the urls. Maybe that is beacuse of how I am viewing them in js off of the logserver?	23:38
clarkb	http://logs.openstack.org/05/673605/2/check/zuul-build-dashboard/5d07d5f/npm/html/build/bc7c11147a464bd48c06f44677608611#logs has an extra /html/ in the raw url	23:39
corvus	clarkb: it's because the log_url has an html in it	23:42
corvus	i think that was overwritten with success_url	23:43
clarkb	oh so not related to my change but likely a bug we need to fix anyway?	23:43
corvus	yep	23:43
corvus	i think we need to update zuul to store the original log_url in the database, not what was reported back	23:44
corvus	also, i think we're going to need to deprecate success-url and failure-url altogether	23:44
clarkb	or turn them into something the builds page can link to?	23:44
corvus	yes -- that part is already there -- many of our jobs now report those as "artifacts"	23:45
clarkb	oh right	23:45
corvus	not that one though, so we should update it	23:45
corvus	and there's still ongoing cleanup for that https://review.opendev.org/673327 and https://review.opendev.org/672382 will make that much better	23:46
corvus	so anyway, i think we should change the log_url in the mysql reporter now, then over the next 2 weeks we can update the success-url jobs to return artifacts. then when we make the switch, it should be pretty straightforward to get to preview builds	23:49
corvus	fungi: can you try http://site.142c8d68a65c4ca48341390fae29998a.zuul.zuul-preview.opendev.org/	23:51
*** sanjayu_ has quit IRC		23:52

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!