Saturday, 2020-04-11

« Friday, 2020-04-10 Index Sunday, 2020-04-12 »
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Add initial withCertManager input toggle  https://review.opendev.org/71884000:17
*** saneax_ has quit IRC00:29
*** jamesmcarthur has quit IRC00:31
*** jamesmcarthur has joined #zuul00:36
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Add gearman tls secret provided by cert-manager  https://review.opendev.org/71911001:21
*** swest has quit IRC01:23
*** jamesmcarthur has quit IRC01:38
*** swest has joined #zuul01:38
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Add initial withCertManager input toggle  https://review.opendev.org/71884001:42
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Add gearman tls secret provided by cert-manager  https://review.opendev.org/71911001:42
*** jamesmcarthur has joined #zuul01:42
*** jamesmcarthur has quit IRC01:56
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Improve logs collection  https://review.opendev.org/71912901:59
*** jamesmcarthur has joined #zuul02:09
*** bhavikdbavishi has joined #zuul02:56
*** cdearborn has quit IRC02:58
*** bhavikdbavishi1 has joined #zuul02:59
*** bhavikdbavishi has quit IRC03:01
*** bhavikdbavishi1 is now known as bhavikdbavishi03:01
*** jamesmcarthur has quit IRC03:13
*** Goneri has quit IRC03:22
*** jamesmcarthur has joined #zuul03:37
*** bhavikdbavishi has quit IRC03:42
*** bhavikdbavishi has joined #zuul03:43
*** bhavikdbavishi has quit IRC04:22
*** bhavikdbavishi has joined #zuul04:24
*** bhavikdbavishi has quit IRC04:30
*** evrardjp has quit IRC04:37
*** evrardjp has joined #zuul04:37
*** jamesmcarthur_ has joined #zuul04:44
*** jamesmcarthur has quit IRC04:47
*** jamesmcarthur has joined #zuul04:48
*** jamesmcarthur_ has quit IRC04:52
*** jamesmcarthur has quit IRC04:52
*** jamesmcarthur has joined #zuul04:52
*** jamesmcarthur_ has joined #zuul04:54
*** jamesmcarthur has quit IRC04:58
*** bhavikdbavishi has joined #zuul05:03
*** jamesmcarthur_ has quit IRC05:28
*** msuszko has joined #zuul06:48
*** bhavikdbavishi has quit IRC07:26
*** bhavikdbavishi has joined #zuul07:50
*** tosky has joined #zuul08:29
zbrcan we merge https://review.opendev.org/#/c/718284/ ?09:07
zbrmnaser: AJaeger corvus ^09:08
AJaegerzbr: there's a question by corvus on the change that ianw should answer first IMHO10:09
zbrahh, the one I answered two days ago, not sure if needs addresing but lets wait for them.10:23
*** gtema has joined #zuul11:11
*** gtema has quit IRC11:48
*** sgw has quit IRC11:52
AJaegerzbr: then let's wait for corvus to answer back - or agree to move forward with 718284 (and the stack on top of it)12:25
*** ChanServ has quit IRC12:55
*** ChanServ has joined #zuul13:03
*** tepper.freenode.net sets mode: +o ChanServ13:03
*** ChanServ has quit IRC13:08
*** ChanServ has joined #zuul13:10
*** tepper.freenode.net sets mode: +o ChanServ13:10
*** bhavikdbavishi has quit IRC13:14
openstackgerritTristan Cacqueray proposed zuul/nodepool master: config_validator: refactor the schema to a static method  https://review.opendev.org/71858213:47
*** msuszko has quit IRC13:53
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Add gearman tls secret provided by cert-manager  https://review.opendev.org/71911013:57
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Improve logs collection  https://review.opendev.org/71912913:57
tristanCzuul-maint : please find another stack of operator changes to enable using the cert-manager, i tried to keep the modification atomic in logical orders, but this getting difficult to rebase and update previous changes. Tip of the stack is: https://review.opendev.org/719129. Reviews would be very much appreciated, thanks in advance!14:19
*** bhavikdbavishi has joined #zuul14:33
-openstackstatus- NOTICE: Restarting gerrit to fix an issue from yesterday's maintenance14:35
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Add gearman tls secret provided by cert-manager  https://review.opendev.org/71911014:40
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Improve logs collection  https://review.opendev.org/71912914:40
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Add registry tls secret provided by cert-manager  https://review.opendev.org/71918514:40
*** Goneri has joined #zuul14:46
*** bhavikdbavishi has quit IRC14:50
openstackgerritJames E. Blair proposed zuul/nodepool master: Add requires to zuul-quick-start job  https://review.opendev.org/71870814:55
*** sassyn has joined #zuul16:08
sassynhi again16:09
sassynI have a simple question: I understand the nodepool have two components: building and  launching.16:10
sassynWhat I understand is that building build the image in the cloud providers, using openstack element.16:10
sassynlaunching is for using this build image in the IAAS provider16:11
sassynand I assume that the zuul executor.private_key_file should be the key that the image was build with.16:12
sassynmy questions: 1. is that true? and if so nodepool doesn't need this key?16:13
sassyn2. where is ansible take part?16:13
sassynproviders.[static].pools.nodes.username point that The username nodepool will use to validate it can connect to the node, but how can it connect? if it doesn't have the key?16:16
sassyn    host-key: is the fingure print and not the ssh private key? what do I miss?16:16
fungiso... nodepool doesn't necessarily build images *in* the iaas provider16:19
fungifor typical cases it builds images locally in a chroot on the builder, and then uploads those images to the iaas provider16:20
fungibut yes, then the launcher communicates with the iaas provider to "boot" nodes from those uploaded images16:21
corvussassyn: you can either build the key into the image, or ask the cloud provider to install the key for you (if it supports that) when it launches the vm.  nodepool doesn't need the private key because it never logs into the vms; only zuul needs it.16:21
corvussassyn: that's a good question about that doc for the static driver; let me check16:22
fungifor typical dynamic/ephemeral nodes though, zuul uses the private key to bootstrap a build key onto the nodes before handing off to the sandboxed ansible process with that key loaded into the ssh agent, so ansible never gets access to the original key16:23
fungithat way if someone manages to get ansible to spit out the private key it's connecting to nodes with, that key can't be reused against nodes for any other build because it's a throwaway key16:24
corvussassyn: i think that documentation is just wrong and should say "the username that zuul should use to log into the node" or something like that16:25
*** evrardjp has quit IRC16:37
*** evrardjp has joined #zuul16:37
openstackgerritMichaƂ Suszko proposed zuul/nodepool master: diskimage.username setting was not read from configuration file  https://review.opendev.org/71919116:37
sassynfungi as always thank u16:38
fungiyou're welcome! we're all here to answer questions if you have more16:38
sassynto be honest I have few16:39
sassynbut the work the team did is amazing!16:39
sassynI debug the docker files how the all process is going and WOW!16:39
fungii'm thrilled to hear that!16:40
sassynso if I many summaries: nodepool only creating the instances with or without the help of the nodepool-building16:41
sassynNodepool-builder16:42
*** msuszko has joined #zuul16:42
sassynwhy do I need the host-key ?16:43
sassynin the /etc/nodepool/nodepool.yaml16:43
sassynwith static driver16:43
clarkbsassyn: I expect the driveris passing that along to zuul so that ansible connects to the host with verified host key16:46
sassynALSO in the https://zuul-ci.org/docs/zuul/howtos/nodepool_install.html there is a step "ssh-keygen -t rsa -m PEM -b 2048 -f nodepool_rsa -N ''16:46
sassynunderstood clarkb16:46
sassynthank u clarkb16:46
tristanCcorvus: oops, the cert-manager change are actually not working for gear, it seems like the resulting certicates contains `X509v3 extensions` which result in python ssl lib to fails with `unsupported certificate purpose`16:46
sassynI sill don't understand where is the ansible part16:49
clarkbsassyn: zuul executes ansible to run the jobs. Its sort of the last compnent in the chain16:51
sassynif I have diskimages which is used by the diskimage-builder which is trigger from Nodepool-builder16:52
sassynclarkb so basically it is simple ssh call16:53
clarkbya ansible uses normal openssh by default16:53
sassynOK16:53
sassynwith paramiko16:53
sassynI guess16:53
sassynso the jobs is ansible script16:53
sassynHow to run Nodepool-builder16:54
sassynhttps://zuul-ci.org/docs/nodepool/operation.html#nodepool-builder it says it is a  daemon16:55
clarkbyes, it runs as a persistend service like the launcher and also connects to zookeeper16:55
clarkbprobably the biggest difference is it needs enough disk to build your images16:56
sassyncan u point to a doc where I configure the service16:56
sassynI think I got it.16:56
sassynit is the same /etc/nodepool/nodepool.yaml16:57
sassynbut one u use for the nodepool-launcher and one for nodepool-builder16:57
sassynin diffrent machine16:57
clarkbit can use the same file yes16:57
clarkbhttps://zuul-ci.org/docs/nodepool/installation.html as well as your link above16:58
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Add initial withCertManager input toggle  https://review.opendev.org/71884016:59
openstackgerritTristan Cacqueray proposed zuul/zuul-operator master: Add gearman tls secret provided by cert-manager  https://review.opendev.org/71911016:59
sassynclarkb, fungi can u explain more about elements?17:01
tristanChere is the cert-manager output: http://paste.openstack.org/show/791958/ , and changing SSLContext of https://opendev.org/opendev/gear/src/branch/master/gear/__init__.py#L211 to ssl.PROTOCOL_TLS results in `sslv3 alert unsupported certificate`17:02
fungisassyn: "elements" are basic units of image configuration in diskimage-builder17:03
fungisassyn: typically diskimage-builder starts from some base element for the operating system itself and then other elements are arbitrary scripts/executables which it runs either inside the chroot or on the chroot tree from the host system17:04
sassynlike debian-bootstap17:04
sassynboostrap17:04
fungiyep, like debootstrap, but then additional elements might do things like install extra packages, put specific files in place, edit existing files in the chroot, et cetera17:05
sassynunderstood17:05
*** msuszko has quit IRC17:05
fungifor example, in opendev we have an element we use to pre-cache copies of all our git repositories on our images, so that zuul only needs to push a few refs for things which have merged since the last image build17:06
*** jamesmcarthur has joined #zuul17:29
*** jamesmcarthur has quit IRC17:34
*** msuszko has joined #zuul17:44
*** msuszko has quit IRC17:52
*** msuszko has joined #zuul17:53
*** msuszko has quit IRC18:58
*** msuszko has joined #zuul18:59
*** jamesmcarthur has joined #zuul19:20
*** jamesmcarthur has quit IRC20:40
*** jamesmcarthur has joined #zuul20:41
*** jamesmcarthur has quit IRC20:47
sassynclarkb. fungi - One more question: in the scheduler.tenant_config it is required to configure config-projects and untrusted-projects. From what I understand When Zuul starts, it examines all of the git repositories which are specified by the system administrator in Tenant Configuration and searches for files in the root of each repository.20:56
sassynSo we have a config-projects name zuul that have zuul.d/pipelines.yaml + zuul.d/projects.yaml and is says: "we want all of the projects in Gerrit to participate in the check and gate pipelines" (in https://zuul-ci.org/docs/zuul/tutorials/quick-start.html) so that means it skipping what is configure in the tenant_config ?20:58
sassynor the projects.yaml regular expression will include all the project that are configure in the tenant_config21:00
clarkbsassyn: zuul will only evaluate projects in the tenant config21:02
clarkbthis means the regex is limited to that list21:02
sassynUnderstood!21:02
sassynthank u21:03
sassynI find the documentation to be great, but I think there need to be done some arrangement.21:03
sassynNot criticize just giving a feedback here21:04
sassynI hope it is fine.21:04
clarkbsassyn: its been recently reorganized around howtos, tutorials, and reference material. I think now it needs to flesh out that content around those themes a bit more21:04
sassynIt is amazing project!21:05
sassynSo much insight and experience21:05
sassynbut it is not easy to learn21:06
sassynI must admit21:06
sassynI spent 3 days just to under stand how to work21:06
sassynwith this21:06
sassynI didn't use the docker compose... I want to know what is going under the wood21:06
sassynis this normal?21:07
fungisassyn: i don't know what qualifies for normal, but i think it's a good way to learn how a complicated suite of software actually works21:11
fungisome people just want to use things without really needing to understand them at that level, which i suppose is also valid21:13
fungii agree zuul can be hard to understand... it relies on novel concepts you don't find in other ci/cd applications, and is designed to solve very complicated problems21:14
sassynWell, If i want to put this into production and replace around 200 slaves of jenkins with around 200+ jobs I need to know what I'm doing21:14
fungii think we could still do a better job of making it approachable, but there is also some inherent complexity which just goes with the territory21:14
sassynIt is just there is many configuration21:15
sassynto do, running the docker example is not really for production grade env21:15
fungii believe the docker example was built primarily to serve as a demonstration21:16
fungithough it also gives us a nice framework to perform integration tests of the software itself21:17
sassynyes21:20
sassyntrue!21:20
sassynbut this is magic.. I had to learn about nodepool, how to install with groupadd + useradd21:21
sassynI think I will build a deb ppa files21:21
sassynfor this21:21
sassynso u can install it via apt-get21:22
fungiout of curiosity, how long did it take you to figure out how to get jenkins set up and running jobs on 200 servers?21:22
sassynwill see, step by step21:22
*** jamesmcarthur has joined #zuul21:22
sassyncan't tell - i"m working with jenkins for 8 years now21:23
sassynI guess was quite quick21:23
fungii mean when you first learned about jenkins ;)21:23
sassynpipelines and jenkisfiles was more - cause u had to know grovvy (YAK21:23
*** jamesmcarthur has quit IRC21:24
*** jamesmcarthur has joined #zuul21:24
sassynI guess zuul has too many moving parts and there is everything in the docs, but it is not organized21:24
fungii remember it took me a few days to figure out hudson/jenkins the first time i encountered it21:25
sassynjenkins is a great project as well,21:26
fungii agree21:26
sassynbut the problem is there is too many jobs, and we don't want user to merge the code.21:26
fungiwe relied on it for many years21:26
sassynwe want a machine to do it21:26
sassynand it avoid the restest when we do rebase21:26
sassynin a fast forward git repo based21:27
sassynretest = rebase*21:27
sassynI which I had time to learn and install openstack21:28
sassynI remember it just started at 2008 by rackspace.... but never manage to really doing it, only use the devstack for playing21:28
sassynanyway It is time to get some sleep. It is 12:30am already21:29
sassynI'm from Israel - Tel Aviv21:29
fungihave a good night, and thanks for the feedback!21:29
sassynthank u dude! u are rock!21:30
sassynI will be back for sure :-)21:30
fungiwe'll be here21:30
sassyn:-)21:30
sassynLalya Tov as we say in hebrew21:30
sassynGoog Night friends!21:30
*** jamesmcarthur has quit IRC22:12
*** jamesmcarthur has joined #zuul22:13
*** jamesmcarthur has quit IRC22:19
*** jamesmcarthur has joined #zuul22:20
*** jamesmcarthur has quit IRC22:33
*** jamesmcarthur has joined #zuul22:34
*** msuszko has quit IRC22:42
*** jamesmcarthur has quit IRC22:44
*** msuszko has joined #zuul22:48
*** saneax_ has joined #zuul23:02
*** tosky has quit IRC23:24
*** jamesmcarthur has joined #zuul23:27
« Friday, 2020-04-10 Index Sunday, 2020-04-12 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!