Thursday, 2020-04-30

« Wednesday, 2020-04-29 Index Friday, 2020-05-01 »
clarkbjkt: we have seen them leak in the past. Nodepool attempts to clear out leaked ports but its best effort iirc00:02
openstackgerritMohammed Naser proposed zuul/zuul-jobs master: Fix incorrect variable name for promote-docker-image  https://review.opendev.org/72444200:05
mnaserclarkb: that _should_ work, i have to grab some food, so feel free to hijack the review if you need to make small revisions to get it to land00:05
mnaserill beb ack in 30ish00:05
clarkbmnaser: that looks good to me based on your debuigging so far00:06
*** Goneri has quit IRC00:14
openstackgerritMerged zuul/zuul-jobs master: Fix incorrect variable name for promote-docker-image  https://review.opendev.org/72444200:15
jktclarkb: here's my current status with one VM running and four ports being used: http://paste.openstack.org/show/792907/00:18
jktclarkb: I believe that port #3 (8b227f1c-8dda-4006-8a68-0bdc833639c0, ip_address='172.16.202.2') belongs to the router and that it's just some misleading output that it's shown as DOWN00:19
clarkbjkt: if you do a port show on the ports you'll get more info about its prupose00:20
openstackgerritGuillaume Chauvel proposed zuul/zuul master: Add git name and email for quickstart executor  https://review.opendev.org/72409600:29
openstackgerritIan Wienand proposed zuul/nodepool master: container functional test : allow to specify elements-dir  https://review.opendev.org/72445201:45
*** swest has quit IRC01:59
*** swest has joined #zuul02:13
*** bhavikdbavishi has joined #zuul02:15
*** bhavikdbavishi has quit IRC02:21
*** cdearborn has quit IRC02:23
*** bhavikdbavishi has joined #zuul02:31
*** bhavikdbavishi has quit IRC02:44
*** bhavikdbavishi has joined #zuul02:44
*** bhavikdbavishi1 has joined #zuul02:51
*** bhavikdbavishi has quit IRC02:53
*** bhavikdbavishi1 is now known as bhavikdbavishi02:53
openstackgerritIan Wienand proposed zuul/nodepool master: Allow disabling build-log-retention  https://review.opendev.org/72378202:59
openstackgerritIan Wienand proposed zuul/nodepool master: Dockerfile: use local openstack-ci-core PPA key  https://review.opendev.org/72446203:23
openstackgerritIan Wienand proposed zuul/nodepool master: Dockerfile: use local openstack-ci-core PPA key  https://review.opendev.org/72446203:42
openstackgerritMerged zuul/nodepool master: Switch to fedora-30 for the openshift integration job  https://review.opendev.org/68673703:46
*** bhavikdbavishi has quit IRC04:23
*** evrardjp has quit IRC04:35
*** evrardjp has joined #zuul04:36
*** sgw has quit IRC04:36
openstackgerritIan Wienand proposed zuul/nodepool master: Dockerfile: use local openstack-ci-core PPA key  https://review.opendev.org/72446204:36
*** bhavikdbavishi has joined #zuul04:40
openstackgerritIan Wienand proposed zuul/nodepool master: Dockerfile: use local openstack-ci-core PPA key  https://review.opendev.org/72446205:28
*** reiterative has quit IRC05:41
*** reiterative has joined #zuul05:42
*** ysandeep|away is now known as ysandeep05:42
*** bhavikdbavishi has quit IRC06:01
*** bhavikdbavishi has joined #zuul06:02
openstackgerritIan Wienand proposed zuul/nodepool master: Dockerfile: use local openstack-ci-core PPA key  https://review.opendev.org/72446206:14
openstackgerritIan Wienand proposed zuul/nodepool master: Dockerfile: use local openstack-ci-core PPA key  https://review.opendev.org/72446206:42
openstackgerritIan Wienand proposed zuul/nodepool master: Dockerfile: use local openstack-ci-core PPA key  https://review.opendev.org/72446207:03
*** bhavikdbavishi has quit IRC07:06
*** jcapitao has joined #zuul07:08
*** PrinzElvis has joined #zuul07:13
zbrcan we do something about https://review.opendev.org/#/c/703053/ ?07:18
zbrthat workaround is more than 6mo old and I doubt Docker Inc will ever fix it, better to have working roles07:20
*** tosky has joined #zuul07:28
*** rpittau|afk is now known as rpittau07:29
openstackgerritIan Wienand proposed zuul/nodepool master: Dockerfile: use local openstack-ci-core PPA key  https://review.opendev.org/72446207:32
*** avass has joined #zuul07:43
*** bhavikdbavishi has joined #zuul07:56
*** jpena|off is now known as jpena07:57
*** PrinzElvis has quit IRC08:07
*** PrinzElvis has joined #zuul08:08
*** ysandeep is now known as ysandeep|lunch08:08
*** PrinzElvis has quit IRC08:11
*** PrinzElvis has joined #zuul08:12
*** yolanda has joined #zuul08:41
avassdoes the "Depends-On" tag in the commit message make zuul always check out that other project, even though that project is not specified with "required-projects:"? Looks like one of our users did that. Seems dangerous because the next change would have failed, or used an outdated version of the required-project.08:44
avassI have a feeling that there should be a check like "if dependent_change.project not in (project, required_projects): error()"08:54
*** masterpe has quit IRC08:56
*** ysandeep|lunch is now known as ysandeep09:04
*** masterpe has joined #zuul09:11
*** bhavikdbavishi has quit IRC09:13
*** bhavikdbavishi has joined #zuul09:17
AJaegeravass: it only checks it out if there is required-projects. If there isn't, Zuul will just enforce the order09:20
AJaegeravass: adding such a check would break for example policy changes that we do also with depends-on. Here the depends-on just ensures the changes merge in order - but are tested indepentent09:21
avassAJaeger: are you sure? because the project was present on the machine and they were able to use the zuul.projects[canonical_name].src_dir09:24
avassAJaeger: I'll take another look at that change to see that I didn't miss something09:24
avassmnaser: Sorry!09:24
avassAJaeger: Yeah they're at least able to use the zuul.projects variable, and the tests look like they should't work if the repo wasn't present09:27
avassAJaeger: it is a static node though so the project could have left from another change09:28
avassAJaeger: but I see a reason why we want to be able to load a dependent change even though it's not a required project09:37
avassAJaeger: say we updated parent a parent job in project A, project B needs the updated parent to work so you add Depends-On: change-in-project-A, but I guess this also causes zuul to push project A to the remote and set the relevant zuul.projects variables09:39
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Only push required projects  https://review.opendev.org/72462609:45
avassAJaeger: I guess something like this would be the fix :)09:45
avassat least partially09:45
AJaegeravass: best discuss with corvus on what he thought09:48
avassyeah I want more input on that09:49
openstackgerritSorin Sbarnea zbr proposed zuul/zuul-jobs master: ensure-docker: workaround for centos-8 conflicts  https://review.opendev.org/70305310:04
*** guillaumec has joined #zuul10:11
*** rpittau is now known as rpittau|bbl10:21
openstackgerritSorin Sbarnea zbr proposed zuul/zuul master: WIP: Enable ANSI rendering on stdout/stderr  https://review.opendev.org/71625110:21
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Only push required projects  https://review.opendev.org/72462610:24
*** wxy has quit IRC10:36
*** zxiiro has quit IRC10:42
openstackgerritAlbin Vass proposed zuul/zuul master: Do not add dependent changes project to zuul.projects  https://review.opendev.org/72463310:42
avassI think that^ fixes it10:46
zbravass: AJaeger what do you think about the makefile helper at https://review.opendev.org/#/c/723837/ ?10:49
*** bhavikdbavishi has quit IRC10:57
avasszbr: I'll have to look later, have to make some food10:57
zbravass: thanks, going to do the same, try it if, it gives a nice output w/o params.10:58
*** jcapitao is now known as jcapitao_lunch11:09
*** ysandeep is now known as ysandeep|brb11:18
*** sugaar has quit IRC11:21
*** sugaar has joined #zuul11:26
*** bhavikdbavishi has joined #zuul11:31
AJaegerzbr: I'm rarely building Zuul myself but if, it might be handy. I left a few comments11:31
zbrAJaeger: my goal was to help newbies, those that want to do just a simple hack.11:34
*** jpena is now known as jpena|lunch11:36
AJaegerthx11:36
zbrin fact i want to also write a contributing documentation bit because there is none aimed at this yet, where I would also mention the makefile.11:42
zbrthere is nothing about contributing/developer on https://zuul-ci.org/docs/zuul/index.html homepage11:42
zbris about user, admin, but no developer/hacker.11:43
*** ysandeep|brb is now known as ysandeep11:54
openstackgerritAlbin Vass proposed zuul/zuul master: Do not add dependent changes project to zuul.projects  https://review.opendev.org/72463312:07
*** hashar has joined #zuul12:10
*** jcapitao_lunch is now known as jcapitao12:18
*** rpittau|bbl is now known as rpittau12:22
*** rlandy has joined #zuul12:22
*** jpena|lunch is now known as jpena12:38
avassis this supposed to be empty? https://zuul-ci.org/docs/zuul/tutorials/user.html12:43
avassah, I guess it actually is12:45
*** dpawlik has joined #zuul12:46
*** dpawlik has joined #zuul12:46
tristanCavass: there is a change that adds content here: https://review.opendev.org/#/c/702487/12:46
avasstristanC: nice, I'll take a look at it and throw some comments on it. would be nice to have something like that when we onboard new teams :)12:50
tristanCavass: feedback would be greatly appreciated, thanks!12:52
openstackgerritMonty Taylor proposed zuul/zuul master: Install skopeo in container images  https://review.opendev.org/72434413:05
mordredtristanC: great idea ^^ thanks - I think that makes it much simpler13:06
*** jcapitao has quit IRC13:06
*** jcapitao has joined #zuul13:07
mordredtristanC: also - I think that patch looks great!13:08
openstackgerritMonty Taylor proposed zuul/zuul-website master: Switch website to Gatsby  https://review.opendev.org/71737113:27
openstackgerritMonty Taylor proposed zuul/zuul-website master: Add blog to website  https://review.opendev.org/72464813:27
mordredmnaser, tristanC: I updated that to not be WIP and split the blog-post out of it13:27
openstackgerritMonty Taylor proposed zuul/zuul-website master: Switch website to Gatsby  https://review.opendev.org/71737113:30
openstackgerritMonty Taylor proposed zuul/zuul-website master: Add blog to website  https://review.opendev.org/72464813:33
avassmordred: oooh, a zuul blog13:35
mordredyeah - tristanC's patch to add the software-factory blog content to the docs reminded me that we had the gatsby and blog work outstanding13:36
avassI like the zuul-is-cool/index.md ;)13:36
*** bhavikdbavishi has quit IRC13:46
*** ysandeep is now known as ysandeep|afk13:56
corvusavass: pushing extra projects with depends-on was intentional; that's why there's a 'required' flag in the projects list13:56
corvuszbr: if you search for 'developer' on that index page you linked, you'll find the developer's guide.13:58
zbrcorvus: i found it few hours ago, but that was only when using site search, browser search does not find any mention of "developer" of "contributing", two very common keywords.13:59
avasscorvus: that seems dangerous14:00
corvuszbr: i don't know what to say, it's on my screen: https://imgur.com/a/bfNveiu14:01
fungiavass: can you expand on the exploit scenario you have in mind which makes it dangerous (i assume you mean "insecure)?14:02
*** sgw has joined #zuul14:02
corvuszbr: that used to be a top-level guide: user, admin, developer.  but then documentation experts said that was wrong, so we rearranged it.  maybe we were right to start with and we should switch it back.14:02
avassfungi, corvus: not insecure but for static nodes the required project could be left from an earlier change testing it with an our of sync repo, making the change succeed when it should have failed14:03
avassout of sync*14:03
zbrcorvus: that is amazing, firefox search is broken. it works searching for other texts on the same page but "devel" does not find anything.14:03
avassand I we don't want to start deleting the workspaces since we have a repo that is ~5GB :(14:04
corvusavass: well, if you're re-using workspaces they could be left from a different job14:04
fungiavass: why would a job suddenly choose to use that repository? it's just some files pushed to disk14:04
zbrindeed, only some words are found by firefox search, looks like 50/50 chance14:04
zbrproved to be a PBKAC issue, somehow the whole words was enabled.14:05
avasscorvus, fungi: wait.. no the following changes would probably fail since they wouldn't have the zuul.projects[] entry for that repo14:05
avassstill, what's the reason we push non-required projects to the remote?14:06
corvusavass: basically because the user asked us to by setting depends-on :)14:06
fungipushed to the node in case the job wants it for some reason14:07
avasscorvus, fungi: just get the feeling that the depends-on and required-projects should be separate14:07
corvusavass: i think the idea was to support jobs that switched between using published software and development software based on whether there was a depends-on.  of course, that's problematic for gating projects, but could be useful.14:07
corvusthey are separate14:08
openstackgerritTristan Cacqueray proposed zuul/zuul master: docs: move components to reference  https://review.opendev.org/70868614:08
corvusa project that appears in the 'zuul.projects' list that was not in 'required-projects' will not have the 'required' flag set14:08
zbrcorvus: any reason why the Scheduler info is on the root of the developer guide? to me it seems as it should a sub page, like the others.14:08
corvuszbr: no reason14:08
corvuszbr: that really shouldn't even be documented there14:09
corvusno one is ever going to instantiate a Scheduler object14:09
zbrcorvus: ok, because I would be happy to put some generic info on root, on how to run various tests.14:09
tristanCcorvus: iirc we adapted the `four sections` documentation structure to fit the operator vs user vision for zuul documentation, but i think that needs more work to make it convenient.14:10
corvuszbr: like this?  https://opendev.org/zuul/zuul/src/branch/master/TESTING.rst14:10
avasscorvus: I can see why having a depends-on to load updated job configuration is wanted, but not why we should push a job-library to the remote14:10
*** Goneri has joined #zuul14:10
avasscorvus, fungi: anyway the problem is that a new user added a "Depends-On:" footer since they wanted to test two projects together, they forgot to add the "required-projects" attribute so the following change would have failed.14:11
corvustristanC: yeah.  i think maybe we need to pull the developer guide up to the top level too, then have those sections under it.14:11
avassso the repository would have been in a sort of broken state, depends on how you see it I guess14:13
corvusavass: yeah, i agree that what you propose makes logical sense.  it might be worth examining our jobs in opendev to see if we really make use of the dynamically-add-a-project feature.  if it turns out not to be useful, perhaps we could consider changing to the approach you recommend.14:13
zbrcorvus: yes, very similar to that. Why is this page not included under developer guide? in fact there is a Testing one there which is totally different.14:13
corvusavass: however, you may also want to make that job more robust, because even if zuul behaved the way you suggest, you could have repos on disk left over from other jobs or previous versions of the job.  i might suggest adding something in a pre-playbook which deleted any repos which are not in zuul.projects with required=true.14:14
corvuszbr: yep, the developer guide needs work; none of that is by design and improvements are welcome14:15
avasscoruvs: no I don't think the following jobs would have succeeded since the "zuul.projects['project-b']" entry wouldn't exist14:15
avasscorvus:14:15
avassI have to leave for some hours, I'll be back later14:15
zbrcorvus: sure, but i need to ask questions before proposing some improvements.14:15
zbrcorvus: for example it would very useful to know if https://review.opendev.org/#/c/723837/ would be welcomed or not, as I can be used to simplify the documentation a lot.14:16
corvusavass: i agree the following jobs wouldn't have succeeded -- my suggestion is that if you delete repos that are on disk but not in zuul.projects with required=true, then you would have deleted project-b from the *first* build.  in other words, you have the tools today to make sure that that first change doesn't pass just by adding a depends-on without required-projects.14:17
zbrinstead of writing long and boring commands about how to install build tools,..., we could document `make coffee` commands.14:18
corvuszbr: i don't know if people are interested in a makefile, but i do know that even when we chose to make something simple and easy, we should still document what that thing is doing.  we should not simply delete all of the knowledge that is in https://opendev.org/zuul/zuul/src/branch/master/TESTING.rst -- it belongs in the documentation because developers need to understand how things work, even if there's a14:20
corvussimpler way.14:20
tristanCzbr: i'd be in favor of documenting (and teaching) the correct commands, as this is more instructive than an abstract `make` command.14:20
fungii guess the concern that makefile is attempting to address is that the web build relies on yarn instead of tox?14:20
*** hashar_ has joined #zuul14:21
tristanCthough having a Makefile lgtm to me as it's usefull14:21
*** hashar has quit IRC14:23
zbrfungi: basically yes, but to describe it better is to have a single command/entry-point for most testing commands, one that is not biased towards tox, yarn,... or whatever may use in the future.14:27
zbrone good example is that linting is split between the tox and yarn now.14:27
zbri do not have any particular love for make syntax, but I cannot beat the popularity of `make ...` among developers.14:28
fungidon't get me wrong, i rather like make, just want to understand better whether this is really reducing or actually increasing the maintenance burden14:29
zbri used other tools (scons, waf, doit, cmake, even bash), but none is so ubiquitous14:29
zbri doubt we would have to update it often, i really doubt.14:30
zbri consider it as "part of documentation"14:30
*** guillaumec has quit IRC14:40
mnasermordred, clarkb, avass: ok i just had a promote job fail again even after yesterday's fix14:54
mnaserhttps://zuul.opendev.org/t/vexxhost/build/e817c7336f264e79b97930e8c7cea2b214:54
* mnaser digs some more..14:54
mnaserlooks like zuul promote's are failing too so its not limited to my uaage14:56
AJaegermnaser: could you review https://review.opendev.org/#/c/724132/ , please? Let's not merge until the issue above is fixed14:56
AJaegeravass: did you send the ensure- change mail to zuul-announce?14:57
mnaserAJaeger: i believe so :)14:58
corvusmnaser: yeah, that change and a zuul change failed on getting the dockerhub token14:59
mnasercorvus: yeah i fixed something yesterday thinking it was the next task that was silently failing -- https://review.opendev.org/#/c/724442/14:59
mnaserbut clearly it's not that..15:00
mnaserit can clearly push to dockerhub with no problems though15:00
mnaseras the review_xxx tag showed up15:00
corvusyeah, though the process is slightly different for promoting15:00
corvus(the auth process)15:01
mnaserright yes, so rather tha relying on the local file and docker doing the auth, we get a token via api15:01
corvusmnaser: oh i think i see it15:01
corvusmnaser: see my comment on https://review.opendev.org/72444215:01
mnaserah darn, yes!15:02
corvuspatch in progress15:02
openstackgerritJames E. Blair proposed zuul/zuul-jobs master: Fix another incorrect variable name for promote-docker-image  https://review.opendev.org/72468615:03
corvusAJaeger, mnaser: ^15:03
mordred+A15:04
mordredcorvus: so once that lands, re-enqueue the promote yeah?15:06
openstackgerritPaul Albertella proposed zuul/zuul-jobs master: Add Bazel build and ensure roles  https://review.opendev.org/69351315:06
mnaserit sounds like zuul will do its own cleanup later, right?15:06
mnaserfor the stale review_xx images15:06
corvusmordred: mnaser yes to both15:10
avassAJager, corvus: Yeah, I sent an updated mail, did you get it?15:11
avasscorvus: Yeah, the problem with deleting repos is that we want to keep a continuous cache on the nodes since some of the repos are very large15:14
avasscorvus: because of legacy issues15:14
corvusavass: right, but you want to delete the repo which was in the depends-on but not in required-projects.  you can do that.15:15
corvusit's not ideal to push a repo to the remote node and then delete it, but it would at least keep that job from succeeding. :/15:15
AJaegeravass: http://lists.zuul-ci.org/pipermail/zuul-announce/ does not show anything yet. corvus, did you approve it?15:16
corvusand protect against any other repo being left on the node between jobs15:16
avasscorvus: but then we would have to check if there's any job running for that repo on that label15:16
avasscorvus, AJaeger: I could send another one with update dates15:16
corvusAJaeger, avass: i approved it now15:16
openstackgerritMerged zuul/zuul-jobs master: Fix another incorrect variable name for promote-docker-image  https://review.opendev.org/72468615:17
avasscorvus: unless I'm not just understanding what you mean15:17
AJaegeravass: we're good since corvus approved - thanks15:17
corvusavass: i don't follow -- i'm proposing a simple and automated way to prevent not only the case you are concerned about, but also the danger of repos being left on the node from other jobs, or older versions of jobs.15:18
corvusavass: simply do this: "for each repo on disk, if that repo is in zuul.projects and required=true: continue; otherwise: delete"15:18
corvusavass: that will make the repos on disk correspond exactly to the required-projects of the running job15:19
avasscorvus: for that specific job yes, but not for jobs running for the repo we just deleted15:19
clarkbcorvus: avass could you use a /opt/git cache type setup like we use and hardlink that into /home/zuul/src. Then you can always delete /home/zuul/src then let git repo setup for the next job set up /home/zuul/src again from the cache15:20
corvusclarkb: that's a good idea15:20
clarkbit seems to work pretty well for opendev but all those nodes are single use. I expect it would map to multiuse nodes reasonably well though15:20
avassclarkb, corvus: yes but the 5GB repos that just needs to run a linter starts taking a very long time because it needs to clone the repo as well15:20
clarkbavass: thats basically free as long as it is on the same fs15:21
corvusavass: i'm really confused :(15:21
clarkbdue to hardlinking15:21
corvusavass: i don't understand " for that specific job yes, but not for jobs running for the repo we just deleted"15:21
avassuuh, I missed the link15:21
avassclarkb: that sounds like a good idea actually15:22
corvusi thought the issue is that you want, for each job running on the node, for the checked out repos to be exactly the repos in required-projects15:22
mordredavass, clarkb: for your setup where you have a known set of static nodes - you could also set up /opt/git to be a location that gerrit replicates to - then the zuul role that will clone/hard-link from /opt/git as part of pushing the repos can do it efficiently, and you cn also keep the /opt/git cache up to date as you land patches so that you minimize the amount of data being rsynced from the zuul executor15:24
avasscorvus: the problem does not happen at the moment since we only test against project in zuul.projects at the moment15:24
corvusavass, clarkb: regarding the cache idea, i think if you put them in /opt/git and that's on the same filesystem as /home/zuul (or whatever user), and you use the git based prepare-workspace roles, it should all be automatic15:25
avasscorvus: it is but I believe it actually clones it15:25
corvusavass: can you dereference some of those "it"s? :)15:26
avasscorvus: but testing together with another project using depends-on without required-projects allows the user to merge the repo in a broken state15:26
avasscorvus: it's automatic :)15:27
avasscorvus: let me check15:27
corvusi am completely lost15:27
corvusi'm pretty sure i understand what you want15:27
openstackgerritPaul Albertella proposed zuul/zuul-jobs master: Add Bazel build and ensure roles  https://review.opendev.org/69351315:27
corvusavass: i have to run to a meeting now, maybe we can continue later15:27
avasscorvus: I'll try to come up with a scenario for it :)15:28
corvusavass: just to double check, you know about the "required" attribute i mentioned, right?  https://zuul-ci.org/docs/zuul/reference/jobs.html#var-zuul.projects.required15:28
avasscorvus: yes15:28
corvusok.  let's chat in a bit15:29
openstackgerritMonty Taylor proposed zuul/zuul master: Install skopeo in container images  https://review.opendev.org/72434415:29
avassclarkb, corvus: prepare-workspace-git clones the cache to the workspace: https://review.opendev.org/gitweb?p=zuul/zuul-jobs.git;a=blob;f=roles/prepare-workspace-git/tasks/main.yaml;h=9c5de2146ddc28d87a57b818fb75bd5a5719ee9c;hb=refs/heads/master15:30
*** bhavikdbavishi has joined #zuul15:31
avassclarkb: using a hard link would require us to set up multiple caches since we have multiple users to be able to run multiple jobs on the nodes15:31
avassclarkb: but could work15:31
fungihardlinking is done at an object level under the hood of git itself15:32
fungiyou don't explicitly hardlink anything15:32
fungiyou just clone from the file path using git and it sets up hardlinks for any objects it needs15:32
fungiso it's basically copy-on-write git clones15:32
avassfungi: ok, I didn't know that :)15:32
fungiand effectively instantaneous since there is no data getting copied15:33
avassfungi: I bet that's specific for linux though15:33
fungiand also doesn't use additional disk space for any of the objects which are duplicated across the clones15:33
avassfungi: we have another (horrible) set-up for some windows jobs15:33
fungiit might not do that on windows, but i thought the newer windows filesystems had hardlinks15:34
avassnot if you need to test on windows 7 :)15:34
fungioh, indeed15:34
fungihttps://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createhardlinka15:35
funginot sure if ntfs on win7 supports that15:35
funginor if windows builds of git make use of it15:35
fungiso would probably need to be tested15:35
avassyeah we already need to create new workspaces for the same user on our windows machines because of software that doesn't like to be automated or licensing issues15:36
avassand the cloning for that takes a while15:37
fungithis reminds me of why i sought different work after years of dealing with windows professionally ;)15:40
fungii don't envy you15:40
avassI can see why ;) we are moving towards linux very fast though, it's just that we need to support software that's 10 years or older15:41
fungiyeah, there was a point at which i realized that taking all my microsoft software experience off my resume was the best choice i ever made15:46
* mordred tries not to mention his experience as a C# developer very often15:51
reiterativeavass I think I've addressed your review comments on https://review.opendev.org/#/c/693513/ now - get_url choked on the checksum for the bazel installer at first, because it has the filename appended :-)15:53
avassreiterative: cool, I'll take a look in a moment!15:53
avassfungin, mordred: Even though I'm stuck with supporting windows sometimes, I'm quite happy with this being my first job ;)15:56
avassbut I'd love to work on opensource full time15:56
*** jcapitao has quit IRC16:03
*** jcapitao has joined #zuul16:03
fungioh, this is your first job? congrats!16:03
fungiand yeah, my first full-time job was supporting a mix of windows nt 3.5 and sco "open"server 5... i can totally relate16:04
fungiit was a good stepping-stone though, and i did manage to convince them to start using some linux before i left for greener pastures16:05
avassdoes this make sense? https://etherpad.opendev.org/p/depends-on_16:07
*** rpittau is now known as rpittau|afk16:07
corvusavass: okay, i'm back; taking a look at the etherpad now16:08
avasscorvus: ah good timing :)16:08
*** zxiiro has joined #zuul16:09
*** hashar_ has quit IRC16:10
corvusavass: yes, i think that makes sense.  now, aside from the inefficiency of cloning, is there anything in the section below line 27 that is undesirable?16:11
avasscorvus: not really16:11
avassat least not that I can think of16:11
corvusavass: yeah, me neither.  so i think that could be a solution.16:14
corvusavass: clarkb's solution is also good; though that looks more like the "Currently" section, except that example.org/A won't be in a problen state for change a2, it would not be present.  but change a1 would still succeed unless you did something to remove the non-required repo.16:15
corvusavass: you can combine the two, and remove non-required projects and still clone from the cached repos so you get hard-links whenever cloning needs to happen16:15
avasscorvus: I mean, combining them would be best16:15
avasscorvus: but then we'd have to update the cache all the time wouldn't we?16:16
corvusavass: yeah, you'd want something to periodically update it.  could be continuous by using gerrit replication, or could be an hourly/daily cron job16:16
corvusavass: the cache doesn't have to be current, only recent.  zuul will make sure the final clone in /home/zuul/src is current.16:17
avasscorvus: yeah16:17
avasscorvus: Still, being able to use Depends-On to test one change against another project seems wrong.16:18
corvusavass: a fourth option is that we could add a job attribute to tell zuul not to include any non-required repos.  then change a1 will not pass because B isn't in zuul.projects, and then if you also did clarkb's solution of deleting /home/zuul/src then you would avoid having extra repos leak from other jobs or if you removed a repo from required-projects.16:18
corvusavass: testing one change against another project is exactly what it's supposed to be used for :)16:19
tristanCcorvus: would it makes sense to have a 'use-intermediate-registry' role so that a zuul-registry can be used without buildset registry?16:22
avasscorvus: I feel like it's good if you don't want to wait for another change to merge, or to make sure your change don't merge before the other one. but not for testing against a separate repo with just one change because of what I described in that etherpad16:22
tristanCotherwise it seems like using the 'use-buildset-registry' role would work, but the name is a bit missleading...16:22
tristanCand bonus question, the use-buildset-registry is restarting docker without when condition, and because we don't have docker, this is going to cause quite a bit of noise... would it be possible to not restart docker when docker is not installed?16:24
avasscorvus: because the next change would also need a depends-on, or add the other repository to required-projects to succeed.16:25
avasscorvus: or if you add a check to see if zuul.projects['example.org/B'] is defined to do this other thing. but only sometimes when we add a Depends-On footer to a commit.16:27
avasscorvus: I just don't see a usecase for it, but I can see it causing errors16:28
tristanCiiuc, to use an intermediate or buildset registry with rootless podman, we only needs the modify_registries_conf and user-config tasks... so perhaps we could add a `configure-podman-registry` role which takes the buildset or intermediary secret as a variable?16:29
*** evrardjp has quit IRC16:35
*** evrardjp has joined #zuul16:36
openstackgerritMonty Taylor proposed zuul/zuul-jobs master: DNM Run builder tests on expanded node  https://review.opendev.org/72407916:37
corvustristanC: the intermediate registry can't be used directly because the images in it have names based on the build uuid, not the "real" names; the pull-from-intermediate-registry role copies the images from intermediate to buildset and renames them to their correct names.16:38
tristanCcorvus: hmm, can't the intermediate registry be used with real name?16:40
corvusavass: yeah, it's possible there are no uses of that feature and we could restrict it to required-projects only.  i think it's worth asking that question on zuul-discuss to see if we can find users of it.  the tox siblings role only looks at 'required' projects, so it is compatible with the behavior you want.16:41
corvustristanC: no, it's job is to hold all of the random check pipeline builds, so there's no "zuul:latest" it's all "zuul:123abcdef"16:42
tristanCcorvus: our use-case is for a periodic pipeline to manage container update (e.g. one job build and push the image to the intermediate registry, then other jobs test the update, and a promote job push the image to quay.io)16:43
corvus(but, from the perspective of the job that built it, zuul:1234abcdef was intended to be zuul:latest at the time.  so when pull-from-intermediate-registry runs, it copies zuul:123abcdef into the buildset registry as zuul:latest")16:43
tristanCusing the buildset.uuid as an intermediate ref would work16:44
mordredtristanC, corvus, clarkb: https://review.opendev.org/#/c/724344/ is green16:45
corvustristanC: that should work; or you could build it around gating and have check/gate/promote16:45
mordredtristanC: (and thanks again for the idea about just copying the executable - I think that wound up being much nicer)16:47
tristanCmordred: nice, that's good to hear :)16:47
tristanCmordred: but it seems like this is not tested, and that could break if the skopeo requires an extra lib in the future... should we add a simple 'run --rm zuul/zuul-executor skopeo --version' test to the container build job just to be sure?16:49
avassreiterative: re https://review.opendev.org/#/c/693513/20 just one small thing, I think it would be good to use the 'mode' parameter on get_url instead of 'chmod +x' for each distro/os16:49
mordredtristanC: I agree - it would be good to add a test - although I thnik they'd have to rewrite skopeo to be in something other than go for it to grow a library dependency16:50
clarkbmordred: left a question on that change16:50
avassmordred, tristanC: yeah go doesn't have runtime dependencies right? only thing that could error is if we change from glibc to musl16:51
tristanCmordred: not necessarly, if docker.io/opendevorg/python-builder doesn't provides the good SONAME used by /kubic:/libcontainers:/stable/Debian_10/ , then running skopeo won't work16:51
avassI believe16:52
mordredclarkb: yeah - we could drop that - it's leftover from a previous version whee I was copying to constructed keyring16:52
tristanCavass: mordred: yes, libc, or any of the libs currently linked, like libgpgme.so.11, libdevmapper.so.1.02 or libgcc_s.so.116:53
mordredtristanC: http://paste.openstack.org/show/792963/ that's the ldd output from skopeo16:53
mordredI mean - python-builder and python-base would have to be out of sync for that issue to arise - and they'd have to be out of sync with each on a different major version of the debian base image16:54
tristanCmordred: what version is this? mine has quite a few more from fedora16:54
clarkbmordred: except for maybe libgpg since you install gpg ?16:54
mordredno - but those are all installed from the distro - and we install skopeo from the distro too16:55
mordredand it's the same base distro16:55
mordredso the source of the so libs is the same in both images16:55
clarkbmordred: ya but we only install the libs in the builder16:55
mordredwe don't install libs16:55
clarkbmordred: we do gpg?16:55
mordredoh wow16:56
mordredactually - wtaf?16:56
mordredok - I agree - this is problematic16:56
tristanCmordred: iiuc, even golang base can pulls extra ELF requirements for shared c libraries16:56
clarkbeverything but gpg looks fine16:56
clarkbbut gpg stands out as a weird exception there16:56
mordredyeah. I'm going to back to installing the package in the final image from apt16:56
mordredif it's pulling in lib depends, that's not acceptable from a "just copy the binary" pov16:56
zbrmordred: clarkb: sorry to nag again about the pre-wrapping change https://review.opendev.org/#/c/723603/  but i am getting dizzy scrolling on dependencies16:57
mordred(and it is)16:57
mordredtristanC: that's skopeo installed from kubic on a focal test node16:57
mordred(that produced that ldd)16:57
mordredbut - the libgpgme - which the apt install DID install as a dependency - I think blows the straight-copy approach16:58
clarkbzbr: that applies to live streams of the consoles and the log rendering when jobs are complete? you don't happen to have a build I can use to test it in the built dashboard?16:58
tristanCmordred: i haven't seen issue with copying go binaries, as long as they are built using the same toolchain as the dest environment16:58
tristanCand simply checking execve works is enough to tell if the correct soname are present16:59
clarkbnevermind I think I found one for the live streamed console16:59
clarkb(pick a tempest job :) )16:59
avasscorvus: wanna +3 this ? https://review.opendev.org/#/c/723640/16:59
openstackgerritMonty Taylor proposed zuul/zuul master: Install skopeo in container images  https://review.opendev.org/72434416:59
zbrclarkb: i addresses all instances of using <pre>, so both summary view and the console. i doubt it has anything to affect streaming because streaming does not use pre.17:00
clarkboh streaming was already wrapping then17:00
clarkbI guess I should find a different example17:00
mordredtristanC: yeah - me either - except that in this case there sure does seem to be an ldd depend on libgpgme.so.11 - and libgpgme is installed by apt and is not in the target image17:00
zbrstreaming already supports ANSI and if I remember well uses spans what do wrap correctly.17:00
mordredtristanC: I'm very surprised by that17:00
zbrand tbw, I got the ANSI working for console too, but I need to. merge the react app update first.17:01
zbri will show some examples tomorrow.17:01
tristanCmordred: left a comment about having Debian_10 in the repo location17:02
zbrthe real question is if we do have a specific place where we do not want to wrap content on <pre>, i personally doubt.17:02
clarkbzbr: I think there is a bug. My comment on the change links to a job log and the line numbers are wrapping too17:03
clarkbzbr: so instead of line 155 its line 1\n5\n\n517:03
corvusclarkb, zbr: i don't think we should implement wrapping, and now that i see that we have apparently already merged a change to do that in one place, i think we should revert it for further discussion.17:05
mordredtristanC: root@a8ef1daabbe9:/usr/src# ./skopeo --version17:05
mordred./skopeo: error while loading shared libraries: libgpgme.so.11: cannot open shared object file: No such file or directory17:05
mordredtristanC: that's what happens when I install skopeo from apt, copy the binary, then remove skopeo from apt and run autoremove (to get rid of the deps)17:05
tristanCmordred: well yes, you would have to add libgpgme to the bindep17:05
mordredso somehow they really have made a go binary that is doing dynamic linking to system libs17:06
openstackgerritPaul Albertella proposed zuul/zuul-jobs master: Add Bazel build and ensure roles  https://review.opendev.org/69351317:06
corvusmordred, tobiash, zbr: (since i -1'd https://review.opendev.org/681532 i would have liked a chance to weigh in before we merged it :)17:06
mordredyeah - and that's just starting to get weird17:06
corvuszbr: is there any other way to avoid the trackpad accidentally scrolls issue without using pre?17:06
zbris not only a tracpad issue, is an UX issue17:07
zbrwhat if your terminal would do the same, forcing you to scroll to long lines?17:07
corvuszbr: i agree about that; in my comment on your latest change i explained why i think the horizontal scrolling ux is better17:07
corvuszbr: journalctl does that and i love it17:07
corvuszbr: when i don't use journalctl, i go to great lengths to avoid wrapping17:08
zbr... one of the few people loving journalctl :D17:08
corvusbecause when i look at long debug lines, i need them to be on one line so i can scan them17:08
tristanCcorvus: `| less -S` is useful to get that horizontal scroll17:08
zbrok, in that case I will do a survery, i am curious what openstack developers prefer.17:08
corvustristanC: yes that! thanks! :)17:09
zbrdefaults should be about bringing best experience overall, if someone has a unique preference, they can use custom-css injenction, something I was using for many months.17:10
corvusand yes, the fact that i praised journalctl for doing that is significant :)17:10
clarkbI personally prefer the wrapping. When you get really long lines the browser doesn't do horizontal scrolling well and you end up either scrolling slowly or losing your place17:10
tobiashcorvus: oops sorry do you want a revert?17:10
clarkbgranted thats mostly a browser issue but our logs often expose it17:10
corvusand to be clear, i'm not saying that the current implementation is perfect; parts of it annoy me too17:11
corvusso i'm not advocating horizontal scroll in a small window (i actually prefer horizontall scroll the whole page)17:11
corvusbut i do think wrapping log lines is worse ux than horizontal scroll17:12
openstackgerritMonty Taylor proposed zuul/zuul-jobs master: DNM Run builder tests on multi-numa-ubuntu-bionic node  https://review.opendev.org/72407917:13
zbrif zuul would have had user preferences I would have attempted to make it configurable. i am really curious what users will prefer when being allowed to compare the two.17:15
corvuszbr, clarkb: https://zuul.opendev.org/t/zuul/build/baf99edfb2b94e7999b713c7722d4d9f/log/container_logs/executor.log17:15
zbrmy guess is 80/20 in preference to enable wrapping.17:15
mordredI wish there was a good way to support both based on user preference - or even toggleable depending on content - there are times when lack of wrapping is important to me - and times when lack of wrapping makes life super hard (I see that on openstacksdk tests where the log line is some absurdly long rest json blob) - and I don't know that I believe there is a "right" answer that applies to all of the output17:15
corvusi think that's the ideal -- full window horizontal scrolling17:15
mordredforms17:15
corvusmordred: i'm curious when wrapping is desirable?17:16
*** guillaumec has joined #zuul17:16
corvuszbr is advocating it based on the trackpoint doing two dimensional scrolling17:16
*** bhavikdbavishi has quit IRC17:17
clarkbcorvus: when you want to see all the info at once without scrolling17:17
tristanCcorvus: when the lines are not too long, for example when they can fit in two screen width, it can be valuable to see the whole content at once17:17
mordredcorvus: https://zuul.opendev.org/t/openstack/build/61c9ee9337a64e7ba5d65616f05a9fec/log/job-output.txt#4552717:18
*** bhavikdbavishi has joined #zuul17:18
mordredcorvus: that would be much easier to deal with if it was wrapped17:18
mordredlooking for another better example though17:18
corvusmordred: if you were looking for find, say, what version of dogpile.cache was installed, but if you wanted to see "ansible finish; ansible installed; ansible start" by scanning down vertically, it would be very hard17:19
fungimost of the times that wrapping is desirable for me is when i don't want to have to actually interact with the window... so if it all fits in my (usually fairly large) browser window without needing either horizontal or vertical scrolling, that's great. as soon as i need to scroll vertically though, i might as well scroll horizontally too. the only time horizontal scrolling itself becomes challenging is when17:20
fungiyou have to vertically scroll to find the horizontal scrollbar, then horizontally scroll blind to roughly the columns you think you need to be at, then veritcally scroll again to get back to the lines you were looking at17:20
corvusfungi: yeah, that's one of the reasons to consider full-screen horizontal scrolling distinct from tiny-window horizontal scrolling17:21
mordredcorvus: right - that's why I'm saying I think that both scrolling and not-scrolling can be valuable tools depending on circumstances17:22
fungiif browsers did a better job of scrolling using keypresses, it wouldn't be such a bother, but lots of sites break keyboard interaction17:22
corvusmordred: agreed17:22
corvusmordred: but possibly even from one line to the next :)17:22
mordredyup17:22
mordredI kind of think a toggle could be super useful17:22
mordredthat would wrap or not-wrap the container on the fly17:23
corvusi could dig that17:23
tristanCit seems like most cli output are better viewed with word wrap, but application logs are better viewed with horizontal scroll17:23
fungimaintaining a cursor anchor of sorts so your content doesn't jump around when you toggle that option could be tough, but maybe not critical to support17:24
*** jpena is now known as jpena|off17:24
tristanCfungi: there is usually a `scrollIntoView` javascript function that can be used for that17:24
corvustristanC: that may be a good generalization -- probably true 90% of the time? :)17:24
mordredtristanC: I've got logs from openstacksdk that sometimes are *absurdly* long and a single line - and make scanning in a non-wrapped way almost impossible to do - I can't find an example right now, but they usually happen when I'm madly debugging something17:24
tristanCmordred: isn't that an issue with the sdk that shouldn't emit such line?17:25
fungidebug line containing a massive http request parameter blob, maybe17:26
mordredtristanC: no - in this case it's the line that the sdk should emit - it's an http request debug entry and the catalog returned is ... long17:26
fungigood guess ;)17:26
mordredsplitting it across multiople lines (which is what keystoneauth does in some cases) is actually quite noisy and makes the logs hard to read in the general case17:26
mordredso it really is circumstance-specific as to whether you want the wrapping17:27
mordredhaving it all on one logical line (since. it's a logical thought) allows you to wrap it if you need to - but if it's pre-split it's harder to combine if it the split version is noise17:27
corvusmordred, zbr, tobiash: let's avoid reverting the change that has merged already (wrapping in the task output) and treat it as an experiment.  but i'm opposed to forced wrapping in the log viewer; in fact, i spent about a day working to make the output look exactly like it does now, so that's no accident.  if we want to undo that work, we're going to need a good reason.  i think i'll need a user toggle to get17:27
corvusbehind wrapping there.17:27
corvus(by the log viewer, i mean what happens when you click on a log under the "logs" tab;  the existing change already merged applies to the popup in the 'console' tab)17:28
fungifwiw, i felt like doing it on the results page snippet was a good compromise (precisely because all the page content usually fits in my, admittedly largeish, browser window)17:29
zbrok, and meanwhile we can fix reported bugs, and investigate more the issue.17:29
corvuszbr: yeah, you'd need to solve the line number problem even with a user toggle17:29
corvuszbr: and you could probably save the user toggle as a cookie so you don't have to keep switching back and forth.  the status page saves the filter as a cookie.17:30
zbri need to see it... damn, how much I hate that we cannot share the site-preview links.17:30
corvuszbr: take the build uuid that clarkb pasted in his comment and navigate to that build, then navigate to the log17:30
zbri seen that someone was adding a feature controlable with a cookie but i never seen the option to toggle it.17:30
zbrdoing it now...17:30
mordredzbr: we have a toggle that interacts with a cookie on the status page - so you can look at that for inspiration17:31
mordredoh - nevermind- it's just the search bar that is cookie - not the expand-by-default toggle17:31
zbrwe will have to create some kind of profile / settings page where to put settings17:32
mordredbut - the search bar does17:32
zbras probably the list of options will grow, and hiding them on various pages is not ideal17:32
corvuszbr: i think because of the use case mordred points out (wating to change wrapping on the fly), i would just put it at the top of any page where it could apply, and have it persist and apply to all of them17:33
fungiwell, unless the "wrap" toggle is sticky via a cookie and persists to your next view17:33
corvusi don't think a user settings page is necessary17:33
avasscorvus: I wonder how EU would look at those cookies, they're not really "strictly necessary" for the site to work ;)17:34
corvuszbr: you could just check it and never touch it again.  :)  mordred can check it and uncheck it as he sees fit.  and i can just (almost) never check it.  :)17:34
zbri am thinking at the notification icon the rightop as in deal place for such thing.17:34
openstackgerritTristan Cacqueray proposed zuul/zuul-jobs master: use-buildset-registry: add Fedora certifacts vars  https://review.opendev.org/72471717:34
avassbut I can't say I'm an expert at cookie laws17:34
zbrbut if the settings is sticky, it would acceptable to spam each page with the option.17:34
zbrcookies are not fobidden, tracking cookies are.17:35
corvuszbr: i'd put it near the refresh/auto reload.  ie, the page header, not the site header.  (because it shouldn't appear on pages like the builds table)17:35
avasszbr: they're not forbidden but you have to inform the user that your site is using cookies if the cookies are not stricly necessary for the site to work17:36
zbrand here is how i ruin my plan to avoid javascript world till i retire17:36
*** dpawlik has quit IRC17:38
fungiavass: from what i''m reading, exemptions to the consent requirement include "Technical cookies strictly necessary for the provision of the service. These include preference cookies, session cookies, load balancing, etc."17:43
fungi"...preference cookies..."17:43
fungiso the definition of "strictly necessary" seems like it includes optional site features17:44
fungieverything about consent requirements appear to be specific to third-party tracking cookies, non-anonymized statistical behavior tracking, et cetera17:45
avassfungi: huh, good to know17:46
fungii am not a lawyer though, so this is not legal advice ;)17:46
avassI guess 'strictly necessary' is different if you're a lawmaker or a developer ;)17:46
fungicourts rarely interpret words the same way computer programmers do, and so this sort of misunderstanding is a common point of debate in legal discussion lists about computer software17:47
fungithe law is (almost) never about absolutes and literal interpretations17:48
zbrlets close the cookie subject, we already have the _ga cookie on https://zuul.opendev.org17:49
zbrit is set on the bare domain, applies to any site17:50
fungi*we* don't set that cookie on https://zuul.opendev.org/17:50
*** jcapitao has quit IRC17:52
fungii'm checking now to see if i have one, but i don't think i do17:52
fungizbr: are you maybe thinking of openstack.org?17:53
mordredcorvus: I'm still getting a puppet error on lists in the gate: https://75ab7718a1ac933a54f7-6414947d36de3e18491bc440889da30b.ssl.cf2.rackcdn.com/724682/6/check/system-config-run-lists/6f39839/bridge.openstack.org/ara-report/result/513b6b1c-6952-4838-8f60-64288f83627a/18:19
mordredcorvus: sorry18:20
mordredclarkb: ^^18:20
mordredclarkb: and it's because you fixed listpassword in a different change: https://review.opendev.org/#/c/724356/318:20
mordredfungi: ^^ would you mind reviewing that?18:20
mordredGAH18:20
mordredsorry wrong channel18:20
zbranyone brave to talk about create-react-app update via https://review.opendev.org/#/c/716305/ ?18:24
mordredzbr: it still has a bug that needs to be solved18:25
mordredzbr: if zuul has a config error, it is broken18:25
avassmordred: maybe -1 workflow that so no-one merges it18:25
zbrwhere is this bug?18:26
avassmordred: with some information, since it looks very ready otherwise18:26
zbrahh, right, i do not see the alert button when looking at openstack tenant18:27
mordredavass, zbr : I just left a -2 and a description of how to currently see the issue18:27
mordredthe local tenant on SF - which is the multi-tenant test job - has config errors18:28
mordredand shows the dashboard break18:28
openstackgerritAlbin Vass proposed zuul/zuul master: Validate ansible extra packages  https://review.opendev.org/72411018:28
mordredI'm currently stumped - I have no idea what's wrong18:28
mordredbut I think other than that it's ready to go :)18:28
mordredcorvus, clarkb, tristanC, tobiash: https://review.opendev.org/#/c/724079/ is green - it ran on an IPv6-only cloud. I think that means that https://review.opendev.org/#/c/722339/ is ready to go18:30
mordredavass: you might also find that interesting - or you might not :)18:30
avassmordred: I've pretty much never touched react, but I do like challenges ;)18:31
mordredavass: :)18:31
mordredcorvus, tristanC: also - https://review.opendev.org/#/c/724344/ - skopeo patch works now - and should avoid the soname issue tristanC pointed out earlier (although - thanks - I *never* would have imagined that)18:31
avassoh, unless you meant the multiarch image builds18:32
avassI'll take a look at that :)18:32
avassmordred: the complexity of the build docker image task feels like it should be a custom action plugin18:36
avassor maybe it's just me that don't like reading that much jinja18:36
tristanCmordred: both lgtm18:41
tristanCmay i request some zuul-base-jobs and zuul-jobs review to enable kubectl based connection usage: https://review.opendev.org/680712 and https://review.opendev.org/71629818:43
avasstristanC: I'll take a look in a minute18:45
mordredavass: so much jinja :)18:54
*** rlandy is now known as rlandy|biab19:00
mordredtristanC: replied to your question on https://review.opendev.org/#/c/722339/19:09
mordredtristanC: also - as best I can tell, buildah does not yet fully support doing this, although I believe support is in work19:10
*** bhavikdbavishi has quit IRC19:11
mordredtristanC: (if it had, I would have been very tempted to just write this to use buildah in the first place and say "if you want multi-arch images this is the story" - because unlike normal docker build - where I can see users being upset if they say "please build this docker container" and then we use not-docker and it's different- I thnk there can not be very many pre-existing expectations for how multi-arch19:12
mordredimages get built :) )19:12
mordredtristanC: which si all to say - if you learn how to do the same thing with buildah, please let me know :)19:12
* mordred isn't crazy about how complicated that buildx approach is - nor the duplication of registry config information due to the registry interactions happening inside of the builder images using buildkitd19:19
*** bhavikdbavishi has joined #zuul19:19
masterpeIs there a howto how you install zuul on a ubuntu system?19:23
openstackgerritAlbin Vass proposed zuul/zuul master: Validate ansible extra packages  https://review.opendev.org/72411019:24
avassmasterpe: there should be19:24
clarkbquickstart should run on ubuntu, I believe we test it on ubuntu and the more in depth instructions cover a number of distros I think19:25
*** bhavikdbavishi has quit IRC19:25
masterpetill now I only could find the quick-start19:25
masterpewith docker19:25
mordredcorvus: do you want to review the multi-arch patch? it's got 2x+2 - but I'm not sure if you want to review before it lands19:26
clarkbI guess install from.scratch is leap, fedora and centos19:26
masterpeBut that is with via docker, is there something without docker?19:26
avassmasterpe, clakb: I was very sure I saw one once19:26
*** bhavikdbavishi has joined #zuul19:27
clarkbmasterpe: https://zuul-ci.org/docs/zuul/howtos/zuul_install.html#installation19:27
clarkbthe from scratch docs dont use docker19:27
*** hashar has joined #zuul19:28
clarkbyou would do apt-get install -y $(bindep -b compile) for ubuntu in that step19:29
clarkbthe other steps should be fairly distroo indeoendent19:29
openstackgerritTristan Cacqueray proposed zuul/zuul-jobs master: use-buildset-registry: remove unused test library from remarshal  https://review.opendev.org/72473519:30
avassclarkb, masterpe: right I always get confused by the layout of "Zuul from scratch"19:31
*** rlandy|biab is now known as rlandy19:32
masterpeI will give Zuul from scratch a try19:33
avassmasterpe, clakb: I do remember having to build the json part of zuul-web for some reason on ubuntu though, can't remember why19:34
avassmasterpe: if your zuul-web isn't working as it should later, make sure it got built :)19:35
*** cloudnull2 has joined #zuul19:37
*** cloudnull has quit IRC19:38
*** cloudnull2 is now known as cloudnull19:38
openstackgerritAlbin Vass proposed zuul/zuul master: Validate ansible extra packages  https://review.opendev.org/72411019:39
reiterativeI think https://review.opendev.org/#/c/693513/ is just about ready to go now, but it's missing a Workflow label. Could someone do the honours?19:46
openstackgerritAlbin Vass proposed zuul/zuul master: Validate ansible extra packages  https://review.opendev.org/72411019:46
*** bhavikdbavishi has quit IRC19:47
corvusmordred: yeah, i'll review it (at least to make sure i have the latest version in my brain)19:51
*** saneax has quit IRC19:51
avassreiterative: we usually require two maintainers to review it before we merge something, unless it's something simple like a quick doc fix. :)19:52
openstackgerritGuillaume Chauvel proposed zuul/zuul master: Add git name and email for quickstart executor  https://review.opendev.org/72409619:52
mordredcorvus: I think we still have work to do on it - but I think it's sufficient to get images built19:53
corvusmordred: what do you want to improve?19:56
openstackgerritGuillaume Chauvel proposed zuul/zuul master: Add git name and email for quickstart executor  https://review.opendev.org/72409620:00
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Control log archive and user preservation with vars  https://review.opendev.org/70138120:01
corvusmordred: question on 72233920:02
mordredcorvus: we still need to plumb in registry config so that it will pull from buildset registry20:05
mordredcorvus: right now it is not appropriate for consuming depends-on20:05
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Control log archive and user preservation with vars  https://review.opendev.org/70138120:05
mordredcorvus: ah - your question is the thing I think we need to improvie20:06
avasscorvus: re ^, I just realized I completely misunderstood what you meant. I should probably not work on things when I'm too tired20:06
mordredcorvus: there'sa. bunch of work to allow us to push the results of the build to the buildset registry20:06
avasslike 22:06 right now :)20:06
mordredcorvus: but in order to configure the builder to pull things _from_ the buildset registry when it's building (the mirror config stuff) - we need to write a buildkit.toml file - which is similar to but different from the container config used by buildah/podman20:07
avasscorvus: I have a feeling that all unarchive/synchronize tasks between remote and executor should behave that way20:07
mordredcorvus: pushing to the buildset registry works because we're doing an explicit push with the buildset registry appended to the location20:08
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Control log archive and user preservation with vars  https://review.opendev.org/70138120:09
corvusmordred: what do you think about holding the merge of that until it's ready?20:18
corvusmordred: i feel like "depends-on will silently not work" may be a bad trap here20:19
mordredcorvus: could do - I wasn't sure what the relative urgency was to get multi-arch nodepool images built20:19
corvusmordred: i'd say it's pretty urgent for opendev, but it's not urgent for zuul-jobs :/20:20
openstackgerritTristan Cacqueray proposed zuul/zuul-jobs master: Add configure-podman-registry role  https://review.opendev.org/72474420:22
mordredcorvus: do the current test jobs test that we can consume images from the intermediate registry when we build a new image?20:22
corvusmordred: they're supposed to, so i'm interested in seeing why they didn't fail20:23
mordredcorvus: ah - FROM docker.io/library/debian:testing20:24
mordredcorvus: so - the jobs test that we can docker pull on the builder host20:24
mordredbut don't build a downstream image FROM the upstream image20:24
tristanCcorvus: not sure how it works in opendev, but to use the zuul-registry with podman on fedora, i had to set the CA used to signed the registry cert for the buildset_registry.cert value.20:25
mordredcorvus: that said - now that I think about it  - it's _possible_ this does Just Work20:26
mordredcorvus: let me see if I can cook up a synthetic example locally real quick20:26
tristanCIn the end we were able to push intermediary image using the configure-podman-registry role proposed in https://review.opendev.org/724744 . Not very happy about the code duplication, but that's a first milestone for us!20:27
openstackgerritMonty Taylor proposed zuul/zuul-jobs master: DNM Check to see if images from intermediate work  https://review.opendev.org/72475120:31
corvustristanC: that's great, but i have some questions on that change :)20:32
mordredcorvus: ^^ I think that should show whether images from intermediate registry work20:32
mordredcorvus: (but double check me that should work)20:33
corvustristanC: notably, use-buildset-registry should already set everything up for podman/containers, so i'm curious why you can't use that directly, and if it doesn't work, what could we do to fix it.20:33
tristanCcorvus: use-buildset-registry should work, but it seems like designed for buildset-registry, and it does docker/podman/cri-o all at once20:39
corvustristanC: oh, you're trying to push to the intermediate registry;  why not use the push-to-intermediate-registry role?20:40
corvustristanC: and yes, it does do all of those things, but that shouldn't be a problem?  that way it can be used in a base job that doesn't need to know exactly how an image is being built20:42
tristanCcorvus: here is the playbook for our image-update job: https://softwarefactory-project.io/r/gitweb?p=zuul-images-jobs.git;a=blob;f=playbooks/image/update.yaml;h=0bd8ac81f4b4505edffb155de9f9a1cca6685e28;hb=feee5fa32e39841970f1ea1e684d7d13a0b8180b20:42
corvusmordred: i think that test is valid20:43
tristanCcorvus: push-to-intermediate-registry seems to be doing `skopeo copy docker://... docker://`,  but when the image is built with podman, then the source is `container-storage:`20:46
openstackgerritMonty Taylor proposed zuul/zuul-jobs master: Write a buildkitd config file pointing to buildset registry  https://review.opendev.org/72475720:46
mordredcorvus: cool. if it is - then maybe that ^^ should work20:46
tristanCcorvus: and we don't use a buildset registry, only an intermediary registry, so doing `podman build`, then `podman push` works well, and it's only two tasks20:47
mordredcorvus: although - now that I think about it - I think we should likely move the setup stuff into use-buildset-registry20:47
corvusmordred: yeah, but we need the builder, right?20:47
mordredcorvus: yah - but we could have use-buildset-registry do the "are there arches in the images list" detection and then do the buildx-setup tasks20:47
mordredcorvus: so that it's in a position to configure the buildx builder at the same time20:48
tristanCcorvus: using `use-buildset-registry` seems overkill, it does things we don't want like restart a docker service, and i'm not sure why it works with a registry.cert where we need a registry.ca value20:48
corvustristanC: i'd still love to have a discussion about how you could use the gating workflow20:48
corvusi'm a little concerned about overloading the zuul-jobs registry system to support a second non-gating workflow20:49
tristanCcorvus: we'd be happy to talk about this use case, here is the documentation so far: https://tree.taiga.io/project/morucci-software-factory/us/3419 and https://softwarefactory-project.io/cgit/zuul-images-jobs/tree/README.md20:50
tristanCit's not exactly a gate, but rather a periodic pipeline to update image and push good new layers20:52
corvustristanC: right, i think we're proving out the gate process, why not use that?  we're using it for zuul, opendev, mnaser is using it for vexxhost, openstack is starting to use it...20:53
corvusswift is using it20:53
*** flaper87 has quit IRC20:53
*** johanssone has quit IRC20:53
*** openstackgerrit has quit IRC20:53
*** johanssone has joined #zuul20:54
mordredcorvus: the test of pulling from intermediate in multiarch failed as we expected: https://zuul.opendev.org/t/zuul/build/7977d9d05428466aa607936d54ea038320:55
corvusmordred: excellent! :(20:55
mordredcorvus: so - at least the hunch about how things work or don't work turned out to be correct20:55
fungii gather the kolla devs are currently looking at redoing their image building jobs to take advantage of the buildset and intermediate registry workflow20:55
mordredcorvus: now let's see if that buildktd.toml fixed it20:55
mordredfungi: woot! that's great news20:56
fungiat least that seemed to be their resolution after a recent discussion about their broken old legacy converted jobs20:56
tristanCwe also would like to use that gate process, but we don't have a gate since our job are not tied to a change, they run periodically21:18
tristanC(and we are aiming for a pipeline that also works for diskimage)21:25
*** hashar has quit IRC21:27
mordredcorvus: ok - my first stab at writing a buildkitd.toml did not work21:33
mordredcorvus: and - it doesn't seem like it decided to provide any information as to WHY21:33
mordredoh wait21:34
*** openstackgerrit has joined #zuul21:34
openstackgerritMonty Taylor proposed zuul/zuul-jobs master: Write a buildkitd config file pointing to buildset registry  https://review.opendev.org/72475721:34
mordredcorvus: in fact, it DID provide logs, and they were clear, and I can verify that it read the config file I put in :)21:34
mordredhttps://6858d98d7a501e0358b0-54baced7b3de4d4a8f29448d2e5adbbf.ssl.cf2.rackcdn.com/724757/3/check/zuul-jobs-test-registry-docker-multiarch/9badf51/builder/docker/buildx_buildkit_mybuilder0.txt21:35
mordredand if you look at the interdiff between the last 2 patchsets of 724757 - I agree with the buildx builder that it was an error :)21:35
corvusmordred: agree that looks legit21:36
mordredcorvus: I'm a little annoyed it didn;t know to ignore my copy-pasta error and do what I meant21:36
mordredall of the rest of you know that by now21:36
corvusmordred: i feel toml is not living up to its billing21:37
mordredcorvus: ikr21:37
mordredcorvus: I thought tom was solving all of the world's problems by inventing a new and ugly config file format21:37
mordredI don't feel like this solved my problems despite the use of a bunch of square brackets!21:38
mordredcorvus: so - back to the previous thing - I think I've convinced myself that we do need a reorg of some of the new buildx stuff21:39
mordredbut I think I've also convinced myself that can wait21:39
mordredas it should not have end-user facing impact21:39
mordredat the very least, I think we can have use-buildset-registry just write an /etc/buildkit/buildkitd.toml file (editing it using the same approach as the containers.conf file)21:40
mordredand then if we want to keep buildx set up in the build role, we can just copy the file in place21:40
corvusoh that's a good idea21:40
mordredbecause it's also potentially a useful file in case someone wanted to use buildkit on the build host21:40
mordred(I'm also not sure whether dockerd with USE_BUILDKIT=1 would read /etc/buildkit for config...)21:41
mordredcorvus: 2020-04-30 21:44:08.302296 | builder | #4 [linux/amd64 internal] load metadata for docker.io/upstream/image:latest21:44
mordred2020-04-30 21:44:09.503583 | builder | #4 ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed21:44
mordred221:44
mordredcorvus: sad panda21:44
mordredcorvus: I don't think I have enough brain pellets to further debug that today21:45
mordredI'll pick it up in the morning when my pellet trough has hopefully been replenished21:45
corvusmordred: kk21:45
mordredcorvus: https://github.com/moby/buildkit/issues/606#issuecomment-56996987221:48
mordredcorvus: it's possible there's something the buildkit may be doing that's non-standard?21:48
mordredhttps://add65db26ee2f5c0e620-8e6e263cc7d5bd2680bb2429d6dd2093.ssl.cf1.rackcdn.com/724757/4/check/zuul-jobs-test-registry-docker-multiarch/2eb566e/ is the logs21:49
mordredcorvus: 21:44:09.503583 is when it fails to pull ... which corresponds to some lines here:21:50
mordredhttps://add65db26ee2f5c0e620-8e6e263cc7d5bd2680bb2429d6dd2093.ssl.cf1.rackcdn.com/724757/4/check/zuul-jobs-test-registry-docker-multiarch/2eb566e/builder/docker/buildset_registry.txt21:50
mordred2020-04-30 21:44:08,353 INFO registry.authz: Authenticate level read21:50
corvusmordred: maybe run the buildset registry with debug so we can see what the uris are21:51
mordredcorvus: got a cantrip for that handy?21:53
mordredcorvus: oh wait - I'm supposed to set username/password for the buildset registry aren't I?21:54
*** rfolco has quit IRC22:37
tristanCmordred: that should be defined by https://opendev.org/zuul/zuul-jobs/src/branch/master/roles/build-docker-image/tasks/main.yaml#L522:51
*** tosky has quit IRC23:11
openstackgerritIan Wienand proposed zuul/zuul-jobs master: [wip] add plain nodes  https://review.opendev.org/72477623:15
openstackgerritIan Wienand proposed zuul/zuul-jobs master: [wip] suse python2 pip support  https://review.opendev.org/72477723:15
« Wednesday, 2020-04-29 Index Friday, 2020-05-01 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!