| *** mattw4 has quit IRC | 00:07 | |
| pabelanger | corvus: thanks! Confirmed it worked as expected | 00:14 |
|---|---|---|
| pabelanger | (zuul.artifacts) | 00:14 |
| *** armstrongs has quit IRC | 00:38 | |
| *** smyers has quit IRC | 00:50 | |
| *** rlandy|bbl is now known as rlandy | 00:58 | |
| openstackgerrit | Clark Boylan proposed zuul/zuul-jobs master: DNM test all the things on ansible 2.9 with default python https://review.opendev.org/698344 | 01:01 |
| clarkb | pabelanger: corvus I think something like ^ is a first step to evaluating if ansible 2.9 can be a default | 01:02 |
| *** jamesmcarthur has joined #zuul | 01:53 | |
| *** jamesmcarthur has quit IRC | 02:02 | |
| *** rlandy has quit IRC | 02:08 | |
| *** bhavikdbavishi has joined #zuul | 02:14 | |
| *** Goneri has quit IRC | 02:21 | |
| *** bhavikdbavishi has quit IRC | 02:33 | |
| *** jamesmcarthur has joined #zuul | 02:38 | |
| *** rfolco|bbl has quit IRC | 02:46 | |
| *** jamesmcarthur has quit IRC | 02:54 | |
| *** bhavikdbavishi has joined #zuul | 03:21 | |
| *** jamesmcarthur has joined #zuul | 03:54 | |
| *** jamesmcarthur has quit IRC | 04:26 | |
| *** raukadah is now known as chkumar|rover | 05:33 | |
| openstackgerrit | Merged zuul/nodepool master: Dockerfile: install sudo for nodepool-builder https://review.opendev.org/694709 | 06:26 |
| openstackgerrit | Merged zuul/nodepool master: Dockerfile: add DEBUG environment flag https://review.opendev.org/694845 | 06:27 |
| *** jamesmcarthur has joined #zuul | 06:28 | |
| *** jamesmcarthur has quit IRC | 06:33 | |
| *** jcapitao has joined #zuul | 07:25 | |
| *** avass has joined #zuul | 07:32 | |
| *** pcaruana has joined #zuul | 07:52 | |
| *** tosky has joined #zuul | 08:20 | |
| *** saneax has joined #zuul | 08:22 | |
| *** hashar has joined #zuul | 08:36 | |
| *** jpena|off is now known as jpena | 08:49 | |
| *** themroc has joined #zuul | 08:49 | |
| *** clayg_ has joined #zuul | 09:03 | |
| *** ChrisShort_ has joined #zuul | 09:03 | |
| *** dcastellani_ has joined #zuul | 09:04 | |
| *** tosky_ has joined #zuul | 09:04 | |
| *** zxiiro_ has joined #zuul | 09:04 | |
| *** klindgren_ has joined #zuul | 09:04 | |
| *** shanemcd- has joined #zuul | 09:09 | |
| *** amotoki_ has joined #zuul | 09:09 | |
| *** tosky has quit IRC | 09:10 | |
| *** klindgren has quit IRC | 09:10 | |
| *** shanemcd has quit IRC | 09:10 | |
| *** AJaeger has quit IRC | 09:10 | |
| *** SotK has quit IRC | 09:10 | |
| *** ChrisShort has quit IRC | 09:10 | |
| *** zxiiro has quit IRC | 09:10 | |
| *** dcastellani has quit IRC | 09:10 | |
| *** amotoki has quit IRC | 09:10 | |
| *** clayg has quit IRC | 09:10 | |
| *** clayg_ is now known as clayg | 09:12 | |
| *** ChrisShort_ is now known as ChrisShort | 09:12 | |
| *** zxiiro_ is now known as zxiiro | 09:12 | |
| *** dcastellani_ is now known as dcastellani | 09:12 | |
| *** SotK has joined #zuul | 09:12 | |
| *** AJaeger has joined #zuul | 09:16 | |
| *** tosky_ is now known as tosky | 09:19 | |
| *** sshnaidm|afk is now known as sshnaidm | 09:34 | |
| *** bhavikdbavishi has quit IRC | 09:53 | |
| *** hashar has quit IRC | 10:24 | |
| *** bhavikdbavishi has joined #zuul | 10:31 | |
| *** jcapitao is now known as jcapitao|afk | 11:21 | |
| Shrews | ianw: him, https://review.opendev.org/693464 pretty much doubles the nodepool test run time because of the opendev-buildset-registry job | 11:35 |
| Shrews | s/him/hrm/ | 11:35 |
| *** ianychoi has quit IRC | 11:38 | |
| Shrews | ianw: why do we need that job and the dependency on it for the new jobs? can we not use the current intermediate registry? | 11:40 |
| *** ianychoi has joined #zuul | 11:40 | |
| Shrews | I left a question inline on the review. | 11:55 |
| *** rfolco|bbl has joined #zuul | 11:57 | |
| *** amotoki_ is now known as amotoki | 12:12 | |
| openstackgerrit | Merged zuul/nodepool master: Also build sibling container images https://review.opendev.org/697393 | 12:19 |
| *** rfolco|bbl is now known as rfolco | 12:27 | |
| *** jpena is now known as jpena|lunch | 12:38 | |
| *** armstrongs has joined #zuul | 12:45 | |
| *** jcapitao|afk is now known as jcapitao | 12:49 | |
| *** armstrongs has quit IRC | 12:54 | |
| *** jamesmcarthur has joined #zuul | 12:56 | |
| *** sshnaidm is now known as sshnaidm|afk | 12:58 | |
| *** rlandy has joined #zuul | 12:59 | |
| *** jamesmcarthur has quit IRC | 13:02 | |
| *** jamesmcarthur has joined #zuul | 13:08 | |
| mordred | Shrews: the buildset-registry and the intermediate registry work in concert with each other - you need the buildset registry when you build or use images. | 13:17 |
| Shrews | mordred: right, I got that part, but I thought the buildset registry was a system-level thing, not project level? | 13:17 |
| mordred | it's project - but also - that time is going to be misleading | 13:18 |
| mordred | since the buildset registry job pauses | 13:18 |
| Shrews | otherwise, how are the current nodepool jobs working? | 13:18 |
| mordred | so it's going to run, then the other jobs that need it are going to run, then it's going to finish | 13:18 |
| Shrews | I think I fully misunderstand how the pieces fit then | 13:19 |
| mordred | Shrews: I'm only on sip one of coffee one - so I'm probably not smart enough to explain it yet | 13:20 |
| *** bhavikdbavishi has quit IRC | 13:20 | |
| Shrews | aye. I started way too early, too, so I'm blaming lack of caffeine as well | 13:20 |
| *** bhavikdbavishi has joined #zuul | 13:20 | |
| Shrews | although I've had two cups at this point... there may not be enough caffeine in my house | 13:21 |
| mordred | Shrews: the tl;dr is that the jobs themselves that do things with speculative container images always want to talk to the buildset registry | 13:21 |
| mordred | the buildset registry jobs will grab image content as appropriate from the intermediate registry and put it in the buildset registry so that a request for, say, docker.io/opendevorg/nodepool actually comes from the buildset registry and returns the correct image content | 13:22 |
| fungi | a job starts which sets up the buildset registry server running from a job node, then pauses. another job starts and configures docker or whatever to connect to the registry running on the node for the paused job. when that second job finishes, the buildset registry job resumes and cleans up, then exits as well | 13:22 |
| mordred | the intermediate registry is where built but not published image content goes - but it goes there tagged with its change info so that a buildset registry can pull it and rename it apporiately | 13:22 |
| mordred | if you do image jobs without a buildset registry, the content you're going to work with is whatever that job itself built and any other images will be whatever is in dockerhub | 13:24 |
| *** jamesmcarthur has quit IRC | 13:31 | |
| Shrews | I think the bit about the buildset registry being a project level thing helps to reconfigure my brain | 13:34 |
| *** bhavikdbavishi has quit IRC | 13:35 | |
| *** jpena|lunch is now known as jpena | 13:41 | |
| Shrews | and after re-re-rereading https://zuul-ci.org/docs/zuul-jobs/docker-image.html#system-architecture, I can see that info is there, just sort of implied. *sigh* | 13:42 |
| *** jamesmcarthur has joined #zuul | 13:42 | |
| mordred | Shrews: this is all a super new concept that only exists in zuul ... we should probably improve that doc if it was confusing? | 13:58 |
| *** sshnaidm|afk is now known as sshnaidm | 14:02 | |
| Shrews | mordred: not sure if it’s the doc so much as it is me being thick. I’m a visual learner for sure. | 14:02 |
| mordred | nod | 14:03 |
| *** panda has quit IRC | 14:44 | |
| *** panda has joined #zuul | 14:44 | |
| tristanC | after upgrading to zuul-3.13.0, some of our jobs got broken because it seems like ansible changed something with regards to delegated and become:true synchronize task which now fails with permission error: https://softwarefactory-project.io/r/#/c/17241/ | 15:10 |
| AJaeger | tristanC: corvus pointed out https://opendev.org/zuul/zuul-jobs/src/branch/master/roles/use-buildset-registry/tasks/main.yaml#L96-L103 - might be related to your problem... | 15:13 |
| openstackgerrit | Albin Vass proposed zuul/nodepool master: 'keys' must be defined for host-key-checking: false https://review.opendev.org/698029 | 15:19 |
| tristanC | AJaeger: maybe... well pinning ansible-version fixed the issue for now. | 15:27 |
| corvus | oh we haven't done the 2.5 removal / 3.14 release yet... | 15:29 |
| corvus | we should do that today | 15:29 |
| corvus | i think the issue with delegate+synchronize sounds new to me | 15:32 |
| corvus | i'm not sure how else to write that :/ | 15:32 |
| corvus | tristanC: it might be interesting to try it with 2.9. i have no reason to think that would fix it, but it would provide more data | 15:33 |
| tristanC | corvus: alright, i'm trying 2.9 with https://softwarefactory-project.io/r/17246 | 15:37 |
| *** michael-beaver has joined #zuul | 15:45 | |
| *** jamesmcarthur has quit IRC | 15:47 | |
| *** jamesmcarthur has joined #zuul | 15:48 | |
| *** chkumar|rover is now known as raukadah | 15:50 | |
| *** saneax has quit IRC | 15:52 | |
| *** jamesmcarthur has quit IRC | 15:53 | |
| *** jcapitao is now known as jcapitao|afk | 15:56 | |
| *** jamesmcarthur has joined #zuul | 15:59 | |
| pabelanger | tristanC: which version of ansible are you upgrading from? | 16:03 |
| pabelanger | maybe try copy, see how that works | 16:03 |
| openstackgerrit | Clark Boylan proposed zuul/zuul-jobs master: DNM test all the things on ansible 2.9 with default python https://review.opendev.org/698344 | 16:04 |
| tristanC | pabelanger: we went from zuul-3.11 to zuul-3.13 | 16:06 |
| pabelanger | tristanC: sorry, ansible side | 16:06 |
| tristanC | pabelanger: corvus: setting ansible-version to 2.9 didn't work either. pinning to 2.6 does work | 16:07 |
| pabelanger | ansible 2.9 really isn't tested at this point, so I'd expect some playbook issues | 16:08 |
| clarkb | tristanC: we did see other changes with become and become_user between 2.7 and 2.8 | 16:08 |
| clarkb | 2.8 doesn't let you become on include roles now | 16:08 |
| tristanC | pabelanger: well the job didn't had an ansible-version set, we had to pin it to 2.6 to make it work again | 16:08 |
| clarkb | would not surprise me if there were other updates around that | 16:08 |
| clarkb | pabelanger: see 698344 :) | 16:08 |
| clarkb | trying to get some testing done | 16:08 |
| tristanC | clarkb: here is the affected task: https://softwarefactory-project.io/logs/46/17246/1/check/sf-tenants/bff3e43/ara-report/file/00a68911-aa1b-48b8-9e2d-fc113d79a7c3/#line-1 | 16:08 |
| pabelanger | tristanC: k, so default version of ansible in 3.11 is 2.7 IIRC | 16:09 |
| pabelanger | clarkb: yah, I was going to suggest uplifting all of zuul tenant to 2.9, if basic smoke test worked. But haven't had time to do that yet | 16:10 |
| clarkb | tristanC: https://opendev.org/openstack/openstack-helm-infra/src/branch/master/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml#L26-L49 is the thing we found as no longer working | 16:10 |
| pabelanger | clarkb: no, you can do become on include_role, you just need to use apply parameter | 16:11 |
| tristanC | clarkb: that seems like another issue, in our case there is no block or import propagation, become and delegate are set to the task directly | 16:11 |
| pabelanger | clarkb: https://docs.ansible.com/ansible/latest/modules/include_role_module.html | 16:11 |
| pabelanger | was added in ansible 2.7 | 16:11 |
| clarkb | pabelanger: ok. The error message totally doesn't say that fwiw | 16:11 |
| clarkb | it says become is not valid on includerole | 16:12 |
| pabelanger | yah, if you move into apply param, it should work | 16:12 |
| pabelanger | let me check porting guide | 16:12 |
| clarkb | right, maybe ansible should say "become is not valid on icnludrole. Use apply parameter | 16:12 |
| clarkb | instead of "this isn't possible" | 16:12 |
| pabelanger | +1 | 16:12 |
| pabelanger | wow, isn't in porting guide | 16:13 |
| pabelanger | ;( | 16:13 |
| pabelanger | https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.7.html#include-role-and-import-role-variable-exposure is only real notes | 16:14 |
| tristanC | or we could have use deprecation warning too | 16:14 |
| clarkb | re 2.9 looks like we have some failures from zuul-jobs tests. We'll probably want to make that green as step 0 in 2.9 by default | 16:14 |
| pabelanger | that reminds me, it would be nice if we bubbles up deprecated warnings into console for zuul | 16:14 |
| pabelanger | today, you can only see them in debug logs on executor | 16:14 |
| clarkb | "msg": "value of state must be one of: absent, build-dep, fixed, latest, present, got: installed" small things like that. I'll try to get some changes up after breakfast | 16:15 |
| pabelanger | oh | 16:15 |
| pabelanger | yah, that is deprecated now | 16:15 |
| *** themroc has quit IRC | 16:15 | |
| pabelanger | s/installed/present | 16:15 |
| pabelanger | that is actually a good example of zuul user doesn't see that warning in playbook runs | 16:16 |
| pabelanger | but if you look in executor debug logs, you will see it | 16:16 |
| clarkb | its also a good example of a change that is user facing but doesn't really help users :/ | 16:16 |
| pabelanger | IMO, we should add that warning to zuul console logs too | 16:16 |
| pabelanger | well, to be fair, the warning has been around since 2.7 I think | 16:17 |
| clarkb | sure, but how does it help users? | 16:17 |
| clarkb | prseent and installed can be equivalent | 16:17 |
| clarkb | just accept both since you have accepted one or the other already | 16:17 |
| pabelanger | yah, you got me on that. It was core who removed it | 16:17 |
| pabelanger | clarkb: expect a lot of fall out in ansible 2.10.0, that is what I am dealing with now | 16:18 |
| clarkb | pabelanger: note windmill uses a lot of state:installed | 16:22 |
| clarkb | http://codesearch.openstack.org/?q=state%3A%20installed&i=nope&files=&repos= the list isn't as large as I feared | 16:22 |
| clarkb | (for things we host) | 16:23 |
| *** jcapitao|afk is now known as jcapitao | 16:23 | |
| pabelanger | clarkb: yah, I've slowly been migrating them | 16:23 |
| pabelanger | haven't fixed them all yet | 16:23 |
| openstackgerrit | Clark Boylan proposed zuul/zuul-jobs master: Use present for package state instead of installed https://review.opendev.org/699450 | 16:24 |
| pabelanger | eg https://review.opendev.org/675339/ | 16:24 |
| corvus | is present supported in 2.5? | 16:31 |
| corvus | yes | 16:31 |
| corvus | https://docs.ansible.com/ansible/2.5/modules/package_module.html | 16:32 |
| corvus | wow, installed isn't even documented as far back as 2.5 | 16:32 |
| clarkb | ya I checked the docs but didn't test it | 16:33 |
| clarkb | is that something a linter should be catching? | 16:34 |
| clarkb | (these are the things I actually want linting to warn me about) | 16:34 |
| pabelanger | ansible-review was to add the ability for custom hooks | 16:35 |
| pabelanger | but not sure what happened to that tool | 16:35 |
| openstackgerrit | Merged zuul/nodepool master: Add container-with-siblings functional test https://review.opendev.org/693464 | 16:37 |
| *** jpena is now known as jpena|brb | 16:45 | |
| *** jamesmcarthur has quit IRC | 16:48 | |
| *** jamesmcarthur has joined #zuul | 16:48 | |
| *** jamesmcarthur has quit IRC | 16:53 | |
| *** jamesmcarthur has joined #zuul | 16:53 | |
| *** jcapitao is now known as jcapitao|afk | 16:54 | |
| *** jamesmcarthur has quit IRC | 16:56 | |
| SpamapS | Yesterday whilst walking the dog I had an epiphany. The #1 reason my devs bounce off Zuul is Ansible complexity. I'm really good with Ansible, but ultimately, it's not a pleasing language. So.. what I wish we had, was a really well thought out set of roles that do really basic stuff, so that most users could construct most tests entirely from playbooks.... | 16:59 |
| SpamapS | I know that seems obvious, but.. right now I feel that zuul-jobs is really focused on enabling tools, not necessarily on enabling devs to grok. | 17:00 |
| SpamapS | Anyway, just a thought. | 17:00 |
| SpamapS | Oh also, more simple examples in the docs. :) | 17:01 |
| clarkb | SpamapS: re enabling tools you mean "here is the tox role" and "here is the go test" role? | 17:02 |
| corvus | SpamapS: i agree, and i think it's slowly going in the right direction (see recent addition of 'go' jobs). but i would also hope that before someone bounces off of zuul because of complexity, they might at least try https://zuul-ci.org/docs/zuul-jobs/general-jobs.html#job-run-test-command whenever i talk about zuul and ansible, i try to always mention "if you don't like ansible, just tell ansible to run | 17:03 |
| corvus | whatever you do like" | 17:03 |
| clarkb | mordred: is SELECT COUNT(*) from zuul_build WHERE end_time BETWEEN '2019-01-01 00:00:00' AND '2019-12-31 11:59:59'; how you would count the number of builds done by a zuul install over the last year? | 17:03 |
| clarkb | mordred: this would be for zuuls that don't have a statsd or other counting mechanism | 17:04 |
| SpamapS | corvus: yeah, more roles and generic jobs like that. :) | 17:05 |
| openstackgerrit | Merged zuul/zuul master: Remove support for ansible 2.5 https://review.opendev.org/650431 | 17:06 |
| mordred | clarkb: yah, that looks right (assuming between is an operator | 17:08 |
| Shrews | it is | 17:09 |
| clarkb | tyty | 17:12 |
| clarkb | corvus: SpamapS: maybe we should make the "have ansible run whatever you prefer" job as a prominent example in the zuul documentation (not just the zuul-jobs docs) | 17:13 |
| corvus | ++ | 17:13 |
| fungi | yes, that definitely cries out for an example | 17:19 |
| *** Goneri has joined #zuul | 17:20 | |
| fungi | i agree saying "zuul can have very simple jobs, here's a pile of ansible documentation to read" is probably a tad unhelpful ;) | 17:21 |
| openstackgerrit | Merged zuul/zuul-jobs master: Use present for package state instead of installed https://review.opendev.org/699450 | 17:22 |
| *** jpena|brb is now known as jpena | 17:23 | |
| dmsimard | clarkb: I had a similar query for build time (instead of build count): SELECT job_name, result, start_time, end_time, TIMEDIFF(end_time, start_time) as duration FROM zuul_build WHERE start_time BETWEEN '2019-01-01 00:00:00' AND '2019-01-31 23:59:59'" | 17:31 |
| *** jamesmcarthur has joined #zuul | 17:31 | |
| dmsimard | also noticed your query has 11:59:59 instead of 23:59:59 | 17:33 |
| clarkb | dmsimard: ya I noticed that too but 12-31 is 2 weeks away so good enough for now :) | 17:33 |
| *** jamesmcarthur has quit IRC | 17:33 | |
| dmsimard | sure :p | 17:33 |
| *** jamesmcarthur has joined #zuul | 17:34 | |
| *** mattw4 has joined #zuul | 17:38 | |
| *** michael-beaver has quit IRC | 17:55 | |
| corvus | SpamapS: any thoughts about where in the docs to convey this wisdom? | 18:02 |
| fungi | https://zuul-ci.org/docs/zuul/user/jobs.html already has some examples for slightly more esoteric tasks | 18:09 |
| fungi | i wonder if a basic example would fit in there fairly early | 18:10 |
| tristanC | fwiw i like the documentation layout introduced here: https://www.divio.com/blog/documentation/ | 18:13 |
| tristanC | e.g. move most of the existing content to a reference category, and pull the few tutorial/how-to to a top level category easier to find | 18:15 |
| *** rlandy has quit IRC | 18:15 | |
| *** rlandy has joined #zuul | 18:16 | |
| *** jpena is now known as jpena|off | 18:33 | |
| *** pcaruana has quit IRC | 18:38 | |
| corvus | tristanC: sounds great | 18:47 |
| *** panda has quit IRC | 18:49 | |
| *** panda has joined #zuul | 18:49 | |
| openstackgerrit | Clark Boylan proposed zuul/zuul-jobs master: Fix ansible use of filters and tests https://review.opendev.org/699478 | 18:50 |
| clarkb | more 2.9 fixes ^ should be backward compat to 2.5 | 18:50 |
| *** jamesmcarthur has quit IRC | 18:51 | |
| SpamapS | corvus: I've actually been thinking we need a "Getting Started as a user" section. | 19:12 |
| SpamapS | tristanC: yeah, that sounds good | 19:12 |
| SpamapS | our docs right now are definitely in the "power user" category | 19:12 |
| corvus | if someone wants to propose an outline, that would be great. that's probably the best way to get started. | 19:14 |
| *** pcaruana has joined #zuul | 19:18 | |
| tristanC | corvus: i won't have time for that until next year, but i'm happy to help implement this structure. | 19:21 |
| tristanC | though it seems like we are a bit short of tutorials, how-tos and discussions content... | 19:22 |
| tristanC | thus the initial outline might looks quite unbalanced | 19:22 |
| corvus | well, i think the outline should look like we want it to look; if it names a section we don't have any content for, we'll know what to work on | 19:23 |
| SpamapS | +1 | 19:26 |
| *** hashar has joined #zuul | 19:31 | |
| SpamapS | I've been meaning to carve out a few hours to write just such a tutorial up. Never seem to quite get there though. :P | 19:44 |
| *** ianw is now known as ianw_pto | 19:50 | |
| *** jamesmcarthur has joined #zuul | 19:55 | |
| *** pcaruana has quit IRC | 19:59 | |
| *** jamesmcarthur has quit IRC | 20:11 | |
| *** jamesmcarthur has joined #zuul | 20:12 | |
| *** jamesmcarthur has quit IRC | 20:19 | |
| *** jamesmcarthur has joined #zuul | 20:34 | |
| *** pcaruana has joined #zuul | 20:42 | |
| openstackgerrit | Merged zuul/nodepool master: Dockerfile: install nodepool-builder dependencies https://review.opendev.org/693306 | 20:50 |
| clarkb | anyone else able to review https://review.opendev.org/#/c/699478/ fixes some ansible 2.9 support things in zuul-jobs | 20:51 |
| openstackgerrit | Merged zuul/nodepool master: Add a container-with-releases functional test https://review.opendev.org/698818 | 20:58 |
| *** jcapitao|afk has quit IRC | 21:18 | |
| *** jamesmcarthur has quit IRC | 21:28 | |
| *** pcaruana has quit IRC | 21:41 | |
| openstackgerrit | Merged zuul/zuul-jobs master: Fix ansible use of filters and tests https://review.opendev.org/699478 | 21:44 |
| *** panda has quit IRC | 22:07 | |
| *** panda has joined #zuul | 22:10 | |
| clarkb | ansible 2.9 support in zuul-jobs is looking good after ^ | 22:20 |
| corvus | how does this message to repo-discuss about setting up zuul for gerrit look? https://etherpad.openstack.org/p/j5EifZIKD3 | 22:36 |
| corvus | paladox, mordred: ^ | 22:36 |
| * paladox looks | 22:37 | |
| clarkb | https://review.opendev.org/#/c/698344/3 passees testing now. pabelanger for next steps on 2.9 I think we want to search for occurences of the installed vs present issue as well as filters vs tests being used improperly. Then we can probably switch zuul tenant to ansible 2.9 | 22:37 |
| corvus | clarkb: i love that change | 22:38 |
| corvus | clarkb, fungi, Shrews: ^ also, as opendev folks with much zuul experience, how does that look as a greenfield deployment of zuul in gitops? | 22:39 |
| clarkb | corvus: the major question I have after reading that is how does the zuul/ops config get into the google k8s | 22:40 |
| clarkb | maybe that is getting too far ahead of baby steps but I doubt you want to be running that by hand often | 22:40 |
| paladox | corvus +1 (looks good to me!) | 22:41 |
| corvus | clarkb: yeah, i expect by hand at first, and by zuul asap :) | 22:41 |
| corvus | (probably some sort of throwaway GCE vm where we check it out and run kubectl apply or something) | 22:42 |
| corvus | but a zuul job which checks it out and uses a zuul secret to run kubectl apply shouldn't be too hard to do | 22:42 |
| corvus | (that zuul secret could be for a google cloud service account with creds to do that) | 22:43 |
| corvus | that it should be that simple is one of the main draws of running the control plane in k8s | 22:43 |
| corvus | clarkb: i added a little bit on line 62 about that | 22:44 |
| clarkb | lgtm | 22:44 |
| clarkb | corvus: and I guess you won't bother with image builds to start? | 22:56 |
| corvus | clarkb: yeah | 22:56 |
| clarkb | (that would depend on ianw's nodepool-builder container work to run in k8s and probably need privileged containers?) | 22:56 |
| corvus | well, executors need privileged containers anyway | 22:57 |
| clarkb | oh right | 22:57 |
| clarkb | or user namespacing | 22:57 |
| corvus | (which is the default in gke) | 22:57 |
| clarkb | I think on opensuse you don't need privileged containers to run the executor | 22:57 |
| clarkb | but on centos you do | 22:57 |
| clarkb | you'll also want to be careful to toggle th gke security settings such that zuul and nodepool don't have admin access to the google cloud account | 22:58 |
| clarkb | I think they may do that by default now | 22:58 |
| clarkb | but was not default for a long time | 22:58 |
| fungi | corvus: just read the draft e-mail and it makes sense to me, even if i pretend to have a lot less context about how zuul works | 23:03 |
| *** saneax has joined #zuul | 23:03 | |
| *** sgw has quit IRC | 23:19 | |
| *** hashar has quit IRC | 23:20 | |
| *** avass has quit IRC | 23:31 | |
| mnaser | FWIW: I am currently in the process of writing helm charts for zuul... | 23:59 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!