Tuesday, 2020-03-31

*** sanjayu_ has quit IRC		00:13
*** armstrongs has joined #zuul		00:15
*** armstrongs has quit IRC		00:23
*** Goneri has quit IRC		01:26
*** swest has quit IRC		01:36
*** rlandy has quit IRC		01:48
*** swest has joined #zuul		01:51
*** ysandeep\|away is now known as ysandeep\|rover		01:55
*** dangtrinhnt has joined #zuul		02:03
*** dangtrinhnt has quit IRC		03:03
*** dangtrinhnt has joined #zuul		03:24
*** marvs has quit IRC		03:33
*** marvs has joined #zuul		03:33
*** bhavikdbavishi has joined #zuul		03:35
*** bhavikdbavishi1 has joined #zuul		03:38
*** threestrands has joined #zuul		03:39
*** bhavikdbavishi has quit IRC		03:39
*** bhavikdbavishi1 is now known as bhavikdbavishi		03:39
*** toabctl has joined #zuul		03:39
*** dangtrinhnt has quit IRC		03:48
*** dangtrinhnt has joined #zuul		03:48
*** toabctl has quit IRC		04:03
*** toabctl has joined #zuul		04:07
*** dangtrinhnt_ has joined #zuul		04:21
*** dangtrinhnt has quit IRC		04:25
*** bhavikdbavishi has quit IRC		04:33
*** bhavikdbavishi has joined #zuul		04:35
*** evrardjp has quit IRC		04:36
*** evrardjp has joined #zuul		04:36
*** bhavikdbavishi has quit IRC		04:39
*** smyers has quit IRC		04:54
*** smyers has joined #zuul		05:01
*** bhavikdbavishi has joined #zuul		05:50
*** sgw has quit IRC		05:57
*** dpawlik has joined #zuul		06:20
*** dpawlik has quit IRC		06:28
*** dpawlik has joined #zuul		06:47
openstackgerrit	Albin Vass proposed zuul/zuul-jobs master: Adds roles to install and run hashicorp packer https://review.opendev.org/709292	06:47
*** dangtrinhnt_ has quit IRC		06:50
*** dangtrinhnt has joined #zuul		06:50
*** bhavikdbavishi has quit IRC		07:08
*** sanjayu_ has joined #zuul		07:19
*** tosky has joined #zuul		07:29
*** bhavikdbavishi has joined #zuul		07:31
*** zxiiro has quit IRC		07:38
*** jcapitao has joined #zuul		07:42
*** ysandeep\|rover is now known as ysandeep\|rover\|l		07:47
*** jpena\|off is now known as jpena		07:53
*** threestrands has quit IRC		08:26
*** ysandeep\|rover\|l is now known as ysandeep\|rover		08:34
*** bhavikdbavishi has quit IRC		08:47
*** avass has quit IRC		08:55
*** avass has joined #zuul		08:55
avass	is it possible to add config to ansible.cfg somehow?	08:56
avass	We're planning to use the splunk callback for monitoring: https://docs.ansible.com/ansible/latest/plugins/callback/splunk.html and we need to be able to whitelist that callback somehow	08:57
*** jpena is now known as jpena\|away		09:00
*** hashar has joined #zuul		09:29
*** sshnaidm\|afk is now known as sshnaidm		09:30
*** bhavikdbavishi has joined #zuul		09:37
openstackgerrit	Jan Kubovy proposed zuul/zuul master: Connect merger to Zookeeper https://review.opendev.org/716221	09:48
*** dangtrinhnt_ has joined #zuul		09:59
*** jpena\|away is now known as jpena		10:00
*** dangtrinhnt has quit IRC		10:03
tobiash	avass: you might be able to add this callback to each respective callback dir in the executor after installing it	10:07
*** ysandeep\|rover is now known as ysandeep\|afk		10:09
avass	tobiash: I was thinking of something like that, but I thin ansible.cfg needs to whitelist the callback as well	10:10
tobiash	oh right	10:11
tobiash	then I guess this needs to be implemented	10:11
avass	I'll take a look at that later then :)	10:15
*** dangtrinhnt_ has quit IRC		10:16
*** dangtrinhnt has joined #zuul		10:17
*** dangtrinhnt has quit IRC		10:22
*** dangtrinhnt has joined #zuul		10:29
*** bhavikdbavishi has quit IRC		10:33
*** weshay\|ruck has quit IRC		10:35
*** weshay_ has joined #zuul		10:35
*** bhavikdbavishi has joined #zuul		10:36
*** nhicher has quit IRC		10:36
*** jpena has quit IRC		10:37
*** ysandeep\|afk is now known as ysandeep\|rover		10:39
*** jpena has joined #zuul		10:43
*** nhicher has joined #zuul		10:51
*** jcapitao is now known as jcapitao_lunch		10:53
openstackgerrit	Albin Vass proposed zuul/zuul-jobs master: Adds roles to install and run hashicorp packer https://review.opendev.org/709292	10:57
zbr	can someone give me a hint about where is the code that builds the "preview" part on Results (the stdout tail). I want to add ANSI support to it.	11:17
zbr	clearly is done in javascript but i am still digging for it....	11:18
zbr	found it, the magic renderFailedTask	11:20
openstackgerrit	Sorin Sbarnea proposed zuul/zuul master: WIP: Enable ANSI rendering on stdout/stderr https://review.opendev.org/716251	11:25
openstackgerrit	Jan Kubovy proposed zuul/zuul master: Connect merger to Zookeeper https://review.opendev.org/716221	11:31
openstackgerrit	Sorin Sbarnea proposed zuul/zuul master: WIP: Enable ANSI rendering on stdout/stderr https://review.opendev.org/716251	11:40
*** jpena is now known as jpena\|lunch		11:40
*** hashar has quit IRC		11:43
openstackgerrit	Jan Kubovy proposed zuul/zuul master: Connect executor to Zookeeper https://review.opendev.org/716262	11:45
openstackgerrit	Tobias Henkel proposed zuul/zuul-jobs master: Generalize parse tox output https://review.opendev.org/716263	11:45
openstackgerrit	Tobias Henkel proposed zuul/zuul-jobs master: Strip source dir from file comments https://review.opendev.org/716264	11:45
bolg	zuul-maint: I quess the https://review.opendev.org/716221 and https://review.opendev.org/716262 may break some installations in case the executor or merger config does not contain [zookeeper] section, correct?	11:50
tobiash	bolg: yes, so they should go into the 4.0.0 release	11:50
*** nhicher has quit IRC		11:51
bolg	tobiash: should it be marked somehow? E.g. topic?	11:52
*** nhicher has joined #zuul		11:52
tobiash	we typically vote with an administrative -2 in those cases	11:52
bolg	tobiash: feel free to do so :)	11:52
tobiash	done	11:53
bolg	thx	11:54
tobiash	bolg: it would be great if you could add a release note to one of them in the section upgrade notes	11:55
bolg	tobiash: sure	11:57
*** weshay_ has quit IRC		11:59
*** jpena\|lunch has quit IRC		11:59
*** nhicher has quit IRC		11:59
zbr	can anyone give me some hints on yarn/react side?	12:00
zbr	mainly "yarn build" fails on https://review.opendev.org/#/c/716251/1 with "Failed to minify the code..."	12:02
*** harrymichal has joined #zuul		12:04
mnaser	tobiash: nice changes wrt inline comments	12:06
tobiash	mnaser: just tested with a sphinx build locally :)	12:07
*** jpena has joined #zuul		12:07
openstackgerrit	Albin Vass proposed zuul/zuul-jobs master: Adds roles to install and run hashicorp packer https://review.opendev.org/709292	12:08
*** nhicher has joined #zuul		12:08
*** weshay_ has joined #zuul		12:10
*** weshay_ is now known as weshay\|ruck		12:12
*** hashar has joined #zuul		12:16
*** rlandy has joined #zuul		12:16
*** fbo has joined #zuul		12:18
openstackgerrit	Jan Kubovy proposed zuul/zuul master: Connect executor to Zookeeper https://review.opendev.org/716262	12:19
*** jcapitao_lunch is now known as jcapitao		12:21
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Add integration test playbook https://review.opendev.org/714165	12:25
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Add nodepool launcher service initial deployment https://review.opendev.org/715310	12:25
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Add nodepool external config https://review.opendev.org/715311	12:25
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Adapt the integration playbook to be usable locally https://review.opendev.org/714163	12:25
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Add nodepool kubernetes pod label to integration test https://review.opendev.org/715316	12:25
*** rfolco has joined #zuul		12:27
*** hashar has quit IRC		12:28
*** hashar has joined #zuul		12:29
fbo	hi @zuul-maint could we approve https://review.opendev.org/696134/ (Pagure related), a dependent change is already W+1 but stuck due to this one.	12:29
tobiash	fbo: lgtm	12:37
*** fbo has quit IRC		12:38
*** nhicher has quit IRC		12:39
*** nhicher has joined #zuul		12:40
*** fbo has joined #zuul		12:47
fbo	tobiash: thanks	12:50
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Add nodepool kubernetes pod label to integration test https://review.opendev.org/715316	12:52
mnaser	tobiash: i think we are going to probably write tests at some point for that role	13:00
tobiash	mnaser: yes we should do that :)	13:01
mnaser	tobiash: i'm thinking we can just have a string of different outputs that we know it breaks/works with, that way we avoid the whole wip changes everywhere	13:01
mnaser	tobiash: do you have time to write something out at the moment?	13:03
tobiash	mnaser: I'm deep in ops topics today	13:04
*** sgw has joined #zuul		13:09
openstackgerrit	Albin Vass proposed zuul/zuul-jobs master: Adds roles to install and run hashicorp packer https://review.opendev.org/709292	13:11
openstackgerrit	Albin Vass proposed zuul/zuul-jobs master: Adds roles to install and run hashicorp packer https://review.opendev.org/709292	13:14
tristanC	here is a good progress on zuul-operator integration tests, here are the nodepool-launcher service logs spawning pod in the minikube: https://f5c97d48dcd7c256d91c-c98b0e913e593910e72c88f6f60b9c46.ssl.cf1.rackcdn.com/715316/7/check/zuul-operator-functional-k8s/ff83f89/docker/k8s_launcher_zuul-launcher-66d8cf545f-dwvhm_default_bd078005-df77-4445-84c6-dd7987144286_0.txt	13:20
tristanC	and the zuul-executor log shows that zuul-base-jobs doesn't work with kubectl because `add-build-sshkey` fails with `Failed to lookup user zuul: "getpwnam(): name not found: 'zuul'`	13:21
*** weshay has joined #zuul		13:23
*** fbo has quit IRC		13:24
*** fbo has joined #zuul		13:24
*** nhicher has quit IRC		13:24
*** jpena has quit IRC		13:25
*** weshay\|ruck has quit IRC		13:25
*** Goneri has joined #zuul		13:26
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Add nodepool kubernetes pod label to integration test https://review.opendev.org/715316	13:26
*** nhicher has joined #zuul		13:26
openstackgerrit	Albin Vass proposed zuul/zuul-jobs master: Adds roles to install and run hashicorp packer https://review.opendev.org/709292	13:27
*** jpena has joined #zuul		13:31
mordred	tristanC: hrm. do we need add-build-sshkey when doing kubectl?	13:36
tristanC	mordred: no, actually zuul-base-jobs fails with kubectl connection because of add-build-sshkey, prepare-workspace, fetch-output and remove-build-sshkey	13:38
*** bhavikdbavishi has quit IRC		13:39
tristanC	zuul-maint: the operator could use some review please, the integration test is currently running on a stack of 8 open changes: https://review.opendev.org/715316	13:41
openstackgerrit	Merged zuul/zuul master: Pagure: remove connectors burden and simplify code https://review.opendev.org/696134	13:42
openstackgerrit	Merged zuul/zuul master: Pagure - Refresh token and recheck sign when token regenerated https://review.opendev.org/698208	13:42
tobiash	tristanC: I'll have a look later today	13:43
openstackgerrit	Albin Vass proposed zuul/zuul-jobs master: Control log archive and user preservation with vars https://review.opendev.org/701381	13:45
tristanC	tobiash: thanks! i think this test is quite valuable as it may be the first one that test using zuul jobs with a nodepool kubernetes providers	13:45
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-base-jobs master: base: skip role incompatible with kubectl connection https://review.opendev.org/716298	13:46
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Use speculative zuul-base-jobs in integration test https://review.opendev.org/716300	13:51
tristanC	mordred: hopefully ^ should enable testing change to the zuul-base-jobs	13:53
*** Diabelko has quit IRC		13:56
openstackgerrit	Monty Taylor proposed zuul/zuul master: WIP: Enable ANSI rendering on stdout/stderr https://review.opendev.org/716251	14:02
openstackgerrit	Monty Taylor proposed zuul/zuul master: Update to create-react-app 3.4.1 https://review.opendev.org/716305	14:02
mordred	tristanC: neat!	14:02
*** y2kenny has joined #zuul		14:02
mordred	zbr: ^^ you nerd-sniped me - I couldn't figure out why your patch wouldn't build - so I poked around and learned our create-react-app was a bit old now, so I updated it and it fixed the build issue	14:03
zbr	mordred: super! thanks.	14:03
openstackgerrit	Albin Vass proposed zuul/zuul-jobs master: Adds roles to install and run hashicorp packer https://review.opendev.org/709292	14:03
zbr	sadly my web-dev (especially around js stuff are very poort)	14:04
mordred	tristanC, corvus, tobiash : it doesn't look like anything substantive changed for the negative in that update to create-react-app - but obviously a change like that should get extra attention before merging	14:04
mordred	mnaser: ^^	14:04
zbr	i was suprised to discover that npm was reporting no less than 88 security warnings	14:05
tobiash	mordred: .keep has hit you :D	14:06
tobiash	mordred: maybe it's time to advocate again for https://review.opendev.org/663108 ?	14:06
tobiash	;)	14:06
zbr	we could put a try/catch on it, getting rid of .keep would be awesome	14:08
tobiash	oh I need to revise it slightly	14:09
mordred	tobiash: blerg keep	14:21
*** dangtrinhnt has quit IRC		14:22
openstackgerrit	Monty Taylor proposed zuul/zuul master: Update to create-react-app 3.4.1 https://review.opendev.org/716305	14:22
*** dangtrinhnt has joined #zuul		14:22
mordred	tobiash: or instead of try could just check for os.path.islink	14:23
*** dangtrinhnt has quit IRC		14:28
corvus	avass, tobiash: i'm in favor of a way to add callback modules; we wanted to do that for ara, but didn't have time. but we should generalize that so that ara and splunk and anything else can be added by the site admin.	14:31
tobiash	corvus: ++	14:35
*** ysandeep\|rover is now known as ysandeep\|away		14:39
openstackgerrit	Tobias Henkel proposed zuul/zuul master: Revert "Revert "Create zuul/web/static on demand"" https://review.opendev.org/663108	14:41
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Add nodepool kubernetes pod label to integration test https://review.opendev.org/715316	14:42
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Use speculative zuul-base-jobs in integration test https://review.opendev.org/716300	14:42
corvus	mordred: do we still need the ansible lint skip in https://review.opendev.org/715727 ?	14:47
openstackgerrit	James E. Blair proposed zuul/zuul-jobs master: Remove lint skip in tox iniline comment parser https://review.opendev.org/716321	14:50
corvus	that will tell	14:50
corvus	tristanC: is this failure something to worry about? https://softwarefactory-project.io/logs/27/715727/4/third-party-check/test-job-tox-el7/f430b9d/job-output.txt.gz	14:51
tristanC	corvus: iirc i fixed it yesterday, it was because of tox not working with old virtualenv	14:53
mordred	corvus: I think we don't	14:55
*** dangtrinhnt has joined #zuul		14:55
corvus	tristanC: thanks, sounds like we can probably merge that and ignore the el7 error	14:56
mnaser	mordred, corvus: i actaully think we're probably good without it	15:01
mnaser	since we have the noop-y zuul_return, but we'll find out indeed :)	15:02
*** dangtrinhnt has quit IRC		15:08
*** dangtrinhnt has joined #zuul		15:09
*** dangtrinhnt has quit IRC		15:09
*** dangtrinhnt has joined #zuul		15:09
*** jcapitao is now known as jcapitao_afk		15:18
tristanC	mordred: turns out even validate-host doesn't work with a kubectl connection to the docker.io/fedora:31 image : https://e92b17c725197d560c8a-a15027182aab035aa882f99410b51a23.ssl.cf5.rackcdn.com/716300/2/check/zuul-operator-functional-k8s/f190d96/docker/k8s_executor_zuul-executor-0_default_d02ebab2-e446-406e-882b-afc0c2dcf086_0.txt	15:22
*** avass is now known as Guest32455		15:23
*** avass has joined #zuul		15:23
avass	corvus: I agree, I also saw that there already was a comment from mordred about that :)	15:24
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-base-jobs master: base: skip role incompatible with kubectl connection https://review.opendev.org/716298	15:24
*** bhavikdbavishi has joined #zuul		15:31
*** bhavikdbavishi1 has joined #zuul		15:34
*** bhavikdbavishi has quit IRC		15:35
*** bhavikdbavishi1 is now known as bhavikdbavishi		15:35
*** jcapitao_afk is now known as jcapitao		15:45
openstackgerrit	Monty Taylor proposed zuul/zuul master: Update to create-react-app 3.4.1 https://review.opendev.org/716305	15:46
tobiash	corvus: just curious regarding cleanup runs, did you move log upload to the cleanup phase or live with not having logs from cleanup runs?	15:54
corvus	tobiash: i think log is still in post, and we don't worry about cleanup logs.	15:56
tobiash	k, like we have it atm as well	15:56
*** dangtrinhnt has quit IRC		15:56
*** y2kenny has left #zuul		15:57
clarkb	correct, but also cleanup for opendev is largely used as last effort debugging tool. So if we have to reach there we've already failed pretty hard elsewhere	15:57
clarkb	(specifcally we do a raw connection and dump disk usage (bytes and inodes) as well as networking data)	15:58
zbr	corvus: clarkb : ok to proceed with https://review.opendev.org/#/c/702304/ (install-docker)?	15:58
*** dangtrinhnt has joined #zuul		15:58
*** dangtrinhnt has quit IRC		16:05
clarkb	zbr: I've approved that change. I'm curious how the vars/ loading in tasks/main.yaml works with defaults/main.yaml being presumably loaded first? It seems to be working based on the existing code for fidning packages to isntall, but I wouldn't have expected that if I were writing it from scratch	16:16
clarkb	maybe we are updated the variable values before we actualy use them and that is good enough	16:20
*** y2kenny has joined #zuul		16:22
zbr	clarkb: defaults is implicit, vars/ always override it, is well documented.	16:22
y2kenny	When I run a playbook, does having hosts: localhost mean it's being run on the executor?	16:24
clarkb	y2kenny: yes	16:25
y2kenny	is that the reason why I would get "Executing local code is prohibited"?	16:25
clarkb	the executor is excluded from the 'all' group but if you explicitly use 'localhost' it will run on the executor	16:25
clarkb	y2kenny: if the job is untrusted yes (there are limitations to what you can do on the executor outside of trusted jobs)	16:25
y2kenny	I was just trying to run a find with ansible to list a set of specific files. Should I just use shell or command instead?	16:27
clarkb	y2kenny: those will be restricted too. In general the rules are "no file access outside of the build directory and no arbitrary code execution"	16:28
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Add nodepool kubernetes pod label to integration test https://review.opendev.org/715316	16:28
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-operator master: Use speculative zuul-base-jobs in integration test https://review.opendev.org/716300	16:28
clarkb	y2kenny: this means you can run ansible modules within the build directory (in the case of find are you searching outside of that subdir?)	16:28
y2kenny	clarkb: I just want to find within the work_root	16:28
y2kenny	actually executor.work_root/project.src_dir	16:29
clarkb	that I would've expected to work if using the ansible find module	16:29
fungi	also be aware that lots of the builtin ansible modules are blacklisted on the executor if they can be used to run arbitrary code or overwrite arbitrary files	16:30
clarkb	ya its possible find isn't as safe as I think	16:30
fungi	find -exec is a thing ;)	16:30
*** bhavikdbavishi has quit IRC		16:30
clarkb	also I thought we had documentation on these restrictions but I'm not finding any	16:31
y2kenny	fungi: so in this case what would be the recommended workaround? would I need to run it under hosts: all after copying the src over?	16:32
y2kenny	fungi: potentially I can just shell out	16:33
fungi	"find" is a very generic tool with lots of functions, what are you trying to do with it?	16:35
y2kenny	literally just trying to find all the Dockerfile in the repository and get the paths to them	16:35
fungi	when you say "list a set of specific files" you mean test whether they exist?	16:36
fungi	ahh, so generate a list of anything named "Dockerfile" within the workdir	16:36
*** evrardjp has quit IRC		16:36
y2kenny	this is a repository of a few different docker context. I want to re-generate the docker image if there are changes to the context	16:36
*** evrardjp has joined #zuul		16:36
y2kenny	fungi: yup, that's it	16:37
mordred	y2kenny: fwiw - there's a file matcher in zuul job definitions that you can set so that zuul will only trigger jobs if they match	16:37
mordred	then with docker images, there's a nice system for re-using images built by one job in child jobs if they were built, but otherwise pulling them from published sources	16:38
* mordred gets example links		16:38
openstackgerrit	Merged zuul/zuul-jobs master: install-docker: allow removal of conflicting packages https://review.opendev.org/702304	16:38
corvus	y2kenny: since you won't be able to generate the image on the executor anyway, yeah, you might as well do the find on the worker node. however, what mordred is saying might be a good approach -- opendev uses it in a repo with a bunch of dockerfiles	16:38
mordred	https://opendev.org/opendev/system-config/src/branch/master/.zuul.yaml#L211-L232	16:38
mordred	there's our gerrit-2.13 build job - which only runs if we touch things in the base gerrit image or the context for 2.13	16:39
mordred	then we have: https://opendev.org/opendev/system-config/src/branch/master/.zuul.yaml#L1658-L1662	16:39
y2kenny	so I've got the job to launch a kaniko pod to generate and publish the image.	16:39
mordred	which runs system-config-run-review with a soft-depend on the build job	16:40
y2kenny	I understand the image re-use thing but this is sort of the base image infrastructure	16:40
corvus	y2kenny: have you seen this doc? https://zuul-ci.org/docs/zuul-jobs/docker-image.html	16:42
y2kenny	corvus: I have not but that is very useful. I was thinking about the intermediate registry thing. Currently I am just using an internal Artifactory server.	16:44
corvus	y2kenny: this really shines with images that depend on other images (like mordred's gerrit-2.13 -> gerrit example)	16:44
y2kenny	um... I am not sure if this helps though (because I am trying to bring up the infra to support the building of images that everything else will depends on.)	16:45
corvus	yeah, it'll depend on the specifics :)	16:46
corvus	but if you think it might be useful, then it might be worth keeping in mind so you can steer your design in that direction	16:46
y2kenny	the building and publishing image I've got working. What I am trying to do organize the docker image contexts that devs might come up with	16:48
y2kenny	I am using a separate repo to store the docker context because a lot of the upstream components/projects are not container native	16:49
corvus	y2kenny: the jobs mordred pointed to use this directory: https://opendev.org/opendev/system-config/src/branch/master/docker	16:49
y2kenny	so it's not like each project's repo has a Dockerfile	16:49
corvus	y2kenny: so there's a job per docker context directory, and it only runs on changes to that dir	16:49
tristanC	corvus: tobiash: thanks a lot for the zuul-operator review! I added a comment about the current zuul restart implementation in https://review.opendev.org/715424	16:50
y2kenny	corvus: ok... I think I get what you are getting at with the job.files thing now.	16:50
y2kenny	corvus:... yea... I am trying to build a generic job that build all images but you are suggesting separate job for separate image	16:51
corvus	y2kenny: yep; i think that'll be clearer (if a little more verbose) and also set you up well for using artifacts or speculative container images in the future	16:52
y2kenny	corvus: which make sense because jobs are so easy to add with Zuul. I am still kind of thinking with the old mindset where adding jobs are difficult. So in this case, devs will just add an image job as they add the context to the repo	16:53
corvus	y2kenny: ++ jobs are free :)	16:53
openstackgerrit	Merged zuul/zuul-operator master: Add tenant reconfiguration when main.yaml changed https://review.opendev.org/703631	16:54
fungi	sometimes a job is just a couple lines to inherit from another job and add a role or set a variable	16:55
y2kenny	so back to the secret thing, do you guys avoid having the need to use secret for speculative image building because there's an intermediate registry?	16:58
y2kenny	(so you only really need secret on publish which is post-review task?)	16:58
*** dustinc has joined #zuul		17:00
*** y2kenny has left #zuul		17:01
*** y2kenny58 has joined #zuul		17:02
*** y2kenny58 has quit IRC		17:02
*** jpena is now known as jpena\|off		17:02
*** y2kenny5 has joined #zuul		17:03
*** y2kenny5 has quit IRC		17:03
*** y2kenny8 has joined #zuul		17:04
*** y2kenny8 has left #zuul		17:05
*** y2kenny has joined #zuul		17:06
*** zxiiro has joined #zuul		17:09
corvus	y2kenny: there's a secret in the config project for the speculative registry. we put that in a base job, and it handles the stuff that needs the secret there. child jobs that inherit from it (to actually do the image building) don't need the secret in their playbooks, so that part of the job is still dynamic.	17:16
tristanC	mordred: success, it seems like https://review.opendev.org/716300 validated the zuul-base-jobs change to fix kubectl usage!	17:16
mnaser	speaking of which, is there a way to get a secret into a config-project and allow certain projects to use it? i'm having to re-encrypt secrets in every job right now	17:44
mordred	mnaser: sort of -	17:46
mordred	mnaser: put the use of the secret into a base job in the config-project - so the consumer of the secret is with the secret	17:46
mordred	mnaser: then you can put allowed-projects on the base-job	17:46
mordred	we do this with the image jobs in opendev so that people can use them without needing access to the secret itself	17:46
clarkb	you do need to be careful doing that as job material could expose the secret if it is on disk from a pre playbook	17:47
mnaser	in this case it's just the docker registry credentials	17:47
mnaser	(for the existing jobs that i use in opendev)	17:48
mordred	yeah. in that case, I'd totally follow our pattern - this is for publishing images yeah?	17:48
mnaser	yeah, for upload/promote	17:48
mordred	mnaser: yeah - you just need a base job	17:48
mnaser	now in that case...	17:49
mordred	doesn't even need to be in a config-project since it's already protected via use of secret	17:49
openstackgerrit	Merged zuul/zuul-operator master: zuul-restart: change service order to prevent tenant loading failure https://review.opendev.org/715424	17:52
openstackgerrit	Merged zuul/zuul-operator master: Set default secret mode to 0400 https://review.opendev.org/714501	17:52
openstackgerrit	Merged zuul/zuul-operator master: Add integration test playbook https://review.opendev.org/714165	17:52
openstackgerrit	Merged zuul/zuul-operator master: Add nodepool launcher service initial deployment https://review.opendev.org/715310	17:52
*** hashar is now known as hasharAway		17:52
*** jcapitao has quit IRC		18:08
mnaser	tristanC: i like the approach at https://review.opendev.org/716298 -- it makes for a lot cleaner base jobs to be recommended to our users	18:11
mnaser	are we testing those basejobs in any way though? :x	18:12
mnaser	tristanC: looks like past you has thought of the same solution before :) https://review.opendev.org/680711	18:14
tristanC	mnaser: this is tested in https://review.opendev.org/716300	18:21
tristanC	mnaser: e.g. here are the executor logs that shows a successfull kubectl port-forward usage using the zuul container image: https://3605f41c7a13495ddbda-73dc500a2fd36a4e9335396c9d68e49b.ssl.cf5.rackcdn.com/716300/3/check/zuul-operator-functional-k8s/22aa6bf/docker/k8s_executor_zuul-executor-0_default_9fdb2ca6-403d-4651-8e29-caabe2d74cde_0.txt	18:22
tristanC	mnaser: and here is an integration test that verify the console-stream does contains the job output: https://zuul.opendev.org/t/zuul/build/22aa6bf72f204978adb434f4fca8cf22/console#3/0/26/ubuntu-bionic	18:22
mnaser	ok but the actual repo it self has no tests other than the zuul-operator	18:23
tristanC	mnaser: i don't know if it is possible to test base job without spawning a new zuul	18:24
*** sanjayu_ has quit IRC		18:26
tristanC	we are actually considering adding such update jobs to our zuul, to test new images or config-project changes, using a similar nested zuul that would validate both the image and the config project	18:28
fungi	that'll be a nice and thorough testing solution	18:29
*** cloudnull has quit IRC		18:57
openstackgerrit	Merged zuul/zuul-jobs master: Revert "Revert "Extract pep8 messages for inline comments"" https://review.opendev.org/715727	19:05
openstackgerrit	Merged zuul/zuul-jobs master: Remove lint skip in tox iniline comment parser https://review.opendev.org/716321	19:05
AJaeger	mordred: this zuul-jobs change of yours is 14 months old - still relevant? https://review.opendev.org/#/c/629604/2	19:10
mordred	AJaeger: I think so? I need to ponder a little	19:11
AJaeger	fine	19:11
*** dustinc has quit IRC		19:23
*** y2kenny has left #zuul		19:24
openstackgerrit	Merged zuul/nodepool master: Update dib dep to 2.35.0 https://review.opendev.org/716104	20:05
openstackgerrit	Monty Taylor proposed zuul/zuul master: Update to create-react-app 3.4.1 https://review.opendev.org/716305	20:06
openstackgerrit	Ian Wienand proposed zuul/zuul-jobs master: local-log-download : role with script to download all log files https://review.opendev.org/715756	20:10
openstackgerrit	Ian Wienand proposed zuul/zuul-jobs master: local-log-download : role with script to download all log files https://review.opendev.org/715756	20:25
*** y2kenny has joined #zuul		20:29
*** mwhahaha has joined #zuul		20:29
y2kenny	for the rsa keypair use to encrypt the secret, is it own by the scheduler or the web component? Is there a way to save they keys so that the encryption survive zuul restart?	20:40
openstackgerrit	Ian Wienand proposed zuul/zuul-jobs master: local-log-download : role with script to download all log files https://review.opendev.org/715756	20:41
openstackgerrit	Ian Wienand proposed zuul/zuul-jobs master: local-log-download : role with script to download all log files https://review.opendev.org/715756	20:41
clarkb	y2kenny: the scheduler component owns them. And they are all on disk can can be preserved by preserving that path	20:43
y2kenny	in the scheduler.state_dir?	20:43
clarkb	ya on our install it is /var/lib/zuul/keys	20:44
y2kenny	great thanks.	20:45
*** hasharAway has quit IRC		20:46
*** hashar has joined #zuul		20:48
*** hashar has quit IRC		21:32
*** harrymichal has quit IRC		21:38
*** harrymichal has joined #zuul		21:38
*** harrymichal has quit IRC		21:45
*** harrymichal has joined #zuul		21:57
*** armstrongs has joined #zuul		22:01
*** armstrongs has quit IRC		22:11
*** y2kenny has quit IRC		22:29
openstackgerrit	Merged zuul/nodepool master: Filter active images for OpenStack provider https://review.opendev.org/713471	22:31
*** zxiiro has quit IRC		22:43
openstackgerrit	James E. Blair proposed zuul/zuul-registry master: Very rarely, we see an object in swift doesn't match the sha256 we expect. Nor does the Etag (swift-calculated md5sum) match the md5sum that openstacksdk calculated on upload. Something is going wrong somewhere, but nothing is raising an exception. Thi https://review.opendev.org/716444	22:45
corvus	oh dear	22:45
openstackgerrit	James E. Blair proposed zuul/zuul-registry master: Add debug/verification for uploads https://review.opendev.org/716444	22:45
corvus	mordred: ^ i think that may help us localize the problem	22:46
mordred	corvus: cool! also - nice commit message the first time	22:46
mordred	corvus: I'm excited to learn what's going on here	22:48
corvus	mordred: i'm going to just start doing them as stream-of-conciousness james joyce style	22:48
mordred	corvus: please	22:49
*** tosky has quit IRC		22:54
*** ianychoi has quit IRC		23:15
*** ianychoi has joined #zuul		23:16
openstackgerrit	Mohammed Naser proposed zuul/zuul-jobs master: golangci-lint: add job https://review.opendev.org/716452	23:18
mordred	mnaser: you didn't want to add inline comment reporting? :)	23:33
mnaser	mordred: that was my follow up actually :D i was trying to see what the output looked like :)	23:34
mordred	mnaser: nice	23:37
openstackgerrit	Mohammed Naser proposed zuul/zuul-jobs master: golangci-lint: add job https://review.opendev.org/716452	23:41
corvus	mnaser, mordred: i did enough work on this to know it's not a 2-hour programming job. it's not hugely complicated, but it would probably take me the better part of a week with few distractions.	23:51
mordred	corvus: nod	23:51
mnaser	corvus: yeah, it does seem relatively non-trivial and one of those things you need to get right (or otherwise you end up giving root)	23:53
corvus	yep. still very much want to do it though.	23:54
*** Goneri has quit IRC		23:57
mnaser	today on "i thought this will be a simple job", mnaser runs into error "[Errno 8] Exec format error: 'golangci-lint'"	23:59
mnaser	the only other time i've ever seen that is when running something on the wrong architecture?	23:59
*** shanemcd has quit IRC		23:59
clarkb	mnaser: we do have arm64 nodes	23:59
clarkb	(though I doubt you mixed them in accidentally)	23:59

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!