Tuesday, 2020-08-11

« Monday, 2020-08-10 Index Wednesday, 2020-08-12 »
*** saneax has joined #zuul00:48
*** hamalq_ has quit IRC02:21
*** bhavikdbavishi has joined #zuul02:58
*** zbr9 has joined #zuul03:03
*** irclogbot_1 has quit IRC03:04
*** tobberydberg_ has quit IRC03:04
*** zbr has quit IRC03:04
*** dpawlik2 has quit IRC03:04
*** zbr9 is now known as zbr03:04
*** wuchunyang has joined #zuul03:05
*** irclogbot_3 has joined #zuul03:08
*** tobberydberg has joined #zuul03:10
*** wuchunyang has quit IRC03:11
*** wuchunyang has joined #zuul03:11
*** wuchunyang has quit IRC03:13
*** wuchunyang has joined #zuul03:15
*** wuchunyang has quit IRC03:17
*** wuchunyang has joined #zuul03:20
*** wuchunyang has joined #zuul03:21
*** wuchunyang has quit IRC03:25
*** wuchunyang has joined #zuul03:26
*** wuchunyang has joined #zuul03:29
*** wuchunyang has quit IRC03:33
*** wuchunyang has joined #zuul03:36
*** bhavikdbavishi has quit IRC03:42
*** wuchunyang has quit IRC03:44
*** wuchunyang has joined #zuul03:45
*** wuchunyang has quit IRC03:48
*** wuchunyang has joined #zuul03:48
*** wuchunyang has quit IRC03:51
*** wuchunyang has joined #zuul03:54
*** wuchunyang has quit IRC03:56
*** wuchunyang has joined #zuul03:57
*** wuchunyang has quit IRC04:00
*** bhavikdbavishi has joined #zuul04:00
*** wuchunyang has joined #zuul04:03
*** wuchunyang has quit IRC04:05
*** wuchunyang has joined #zuul04:09
*** wuchunyang has quit IRC04:10
*** evrardjp has quit IRC04:33
*** evrardjp has joined #zuul04:33
*** raukadah is now known as chkumar|rover04:43
*** bhavikdbavishi1 has joined #zuul05:05
*** bhavikdbavishi has quit IRC05:07
*** bhavikdbavishi1 is now known as bhavikdbavishi05:07
*** sanjayu_ has joined #zuul05:26
*** saneax has quit IRC05:28
*** wuchunyang has joined #zuul05:28
*** wuchunyang has quit IRC05:31
*** wuchunyang has joined #zuul05:31
*** sanjayu_ has quit IRC05:33
*** sanjayu_ has joined #zuul05:34
*** wuchunyang has quit IRC05:35
*** wuchunyang has joined #zuul05:38
*** wuchunyang has quit IRC05:40
*** wuchunyang has joined #zuul05:41
*** wuchunyang has quit IRC05:43
*** wuchunyang has joined #zuul05:47
*** wuchunyang has quit IRC05:49
*** wuchunyang has joined #zuul05:50
*** wuchunyang has quit IRC05:52
*** wuchunyang has joined #zuul05:52
*** wuchunyang has quit IRC05:54
*** wuchunyang has joined #zuul05:54
*** wuchunyang has quit IRC06:00
*** wuchunyang has joined #zuul06:06
*** wuchunyang has quit IRC06:11
*** bhavikdbavishi has quit IRC06:13
*** wuchunyang has joined #zuul06:15
*** wuchunyang has quit IRC06:19
*** wuchunyang has joined #zuul06:20
*** wuchunyang has quit IRC06:24
*** wuchunyang has joined #zuul06:25
*** wuchunyang has quit IRC06:27
*** wuchunyang has joined #zuul06:30
*** wuchunyang has quit IRC06:33
*** wuchunyang has joined #zuul06:33
openstackgerritFelix Edel proposed zuul/zuul master: PF4: Update filter toolbar on builds and buildsets page  https://review.opendev.org/74138506:35
*** danpawlik has joined #zuul06:36
*** wuchunyang has quit IRC06:38
*** wuchunyang has joined #zuul06:39
*** bhavikdbavishi has joined #zuul06:41
*** wuchunyang has quit IRC06:43
*** wuchunyang has joined #zuul06:48
*** hashar has joined #zuul06:49
*** wuchunyang has quit IRC06:52
*** wuchunyang has joined #zuul06:53
*** danpawlik has quit IRC06:54
*** danpawlik has joined #zuul06:55
*** wuchunyang has quit IRC06:58
*** hashar has quit IRC07:05
*** wuchunyang has joined #zuul07:07
*** wuchunyang has quit IRC07:09
*** wuchunyang has joined #zuul07:10
*** wuchunyang has quit IRC07:12
*** wuchunyang has joined #zuul07:12
*** jcapitao has joined #zuul07:14
*** wuchunyang has quit IRC07:17
*** wuchunyang has joined #zuul07:17
*** wuchunyang has quit IRC07:19
*** wuchunyang has joined #zuul07:20
*** wuchunyang has quit IRC07:22
*** wuchunyang has joined #zuul07:22
*** wuchunyang has quit IRC07:24
*** wuchunyang has joined #zuul07:38
*** tosky has joined #zuul07:41
*** wuchunyang has quit IRC07:46
*** wuchunyang has joined #zuul07:46
*** wuchunyang has quit IRC07:49
*** wuchunyang has joined #zuul07:50
*** hashar has joined #zuul07:51
*** wuchunyang has quit IRC07:53
*** jpena|off is now known as jpena07:54
*** wuchunyang has joined #zuul07:54
*** wuchunyang has quit IRC07:56
*** wuchunyang has joined #zuul07:56
*** wuchunyang has quit IRC08:00
*** wuchunyang has joined #zuul08:04
*** wuchunyang has quit IRC08:06
*** wuchunyang has joined #zuul08:06
*** wuchunyang has quit IRC08:08
avassHi everyone, I'm back from vacation. Have I missed anything important or interesting the last couple of weeks? :)08:09
*** nils has joined #zuul08:10
*** wuchunyang has joined #zuul08:16
*** wuchunyang has quit IRC08:19
*** wuchunyang has joined #zuul08:26
*** wuchunyang has quit IRC08:29
*** wuchunyang has joined #zuul08:30
*** wuchunyang has quit IRC08:32
*** wuchunyang has joined #zuul08:32
*** wuchunyang has quit IRC08:37
*** wuchunyang has joined #zuul08:40
*** jcapitao is now known as jcapitao_afk08:41
*** wuchunyang has quit IRC08:42
*** wuchunyang has joined #zuul08:42
*** wuchunyang has quit IRC08:44
*** wuchunyang has joined #zuul08:45
*** wuchunyang has quit IRC08:47
*** wuchunyang has joined #zuul08:47
*** jcapitao_afk is now known as jcapitao08:53
*** brendangalloway has joined #zuul08:55
*** wuchunyang has quit IRC08:56
*** wuchunyang has joined #zuul08:56
brendangallowayHello - I'm trying to connect a kubernetes cluster as a nodepool provider.  I am able to connect to the cluster from the nodepool host, but when I try define a pod in nodepool.yaml I get the following error:08:57
brendangalloway  File "/usr/lib/python3.6/site-packages/nodepool/driver/kubernetes/config.py", line 62, in load    full_config.labels[label['name']].pools.append(self)KeyError: 'pod-centos-7-7'08:57
*** wuchunyang has quit IRC09:02
*** wuchunyang has joined #zuul09:05
*** wuchunyang has quit IRC09:13
*** wuchunyang has joined #zuul09:14
openstackgerritSimon Westphahl proposed zuul/zuul master: Add optional support for circular dependencies  https://review.opendev.org/68535409:14
openstackgerritSimon Westphahl proposed zuul/zuul master: Check cycle items are mergeable before reporting  https://review.opendev.org/74345009:14
*** wuchunyang has quit IRC09:16
*** wuchunyang has joined #zuul09:16
*** wuchunyang has quit IRC09:22
*** wuchunyang has joined #zuul09:23
*** wuchunyang has quit IRC09:26
*** wuchunyang has joined #zuul09:26
*** wuchunyang has quit IRC09:29
*** wuchunyang has joined #zuul09:30
*** wuchunyang has quit IRC09:32
*** wuchunyang has joined #zuul09:33
*** wuchunyang has quit IRC09:39
*** wuchunyang has joined #zuul09:40
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: add-build-sshkey: call cmd with command  https://review.opendev.org/74564609:41
avasstobiash: you might want to take a look ad that ^09:42
*** bhavikdbavishi has quit IRC09:42
*** wuchunyang has quit IRC09:43
*** wuchunyang has joined #zuul09:43
*** wuchunyang has quit IRC09:45
*** wuchunyang has joined #zuul09:46
*** wuchunyang has quit IRC09:48
*** wuchunyang has joined #zuul09:48
*** wuchunyang has quit IRC09:50
*** wuchunyang has joined #zuul09:56
*** wuchunyang has quit IRC09:59
*** wuchunyang has joined #zuul09:59
*** wuchunyang has quit IRC10:02
*** wuchunyang has joined #zuul10:03
*** wuchunyang has quit IRC10:05
*** bhavikdbavishi has joined #zuul10:29
*** hashar has quit IRC10:53
*** sanjayu_ has quit IRC10:53
*** sanjayu_ has joined #zuul10:54
*** sanjayu__ has joined #zuul10:58
zbravass: welcome back!10:58
*** brendangalloway has quit IRC10:59
*** sanjayu_ has quit IRC11:01
zbrfelixedel: please add me as reviewer on pf4 changes that you consider ready, i want to help.11:06
*** wuchunyang has joined #zuul11:11
*** hashar has joined #zuul11:12
*** wuchunyang has quit IRC11:17
*** wuchunyang has joined #zuul11:18
*** wuchunyang has quit IRC11:21
tobiashavass: welcome back!, that change lgtm, but I didn't test it11:21
tobiashtristanC: didn't we have the aws iam profile config in the nodepool docs somewhere? I don't find it.11:22
*** wuchunyang has joined #zuul11:25
openstackgerritSimon Westphahl proposed zuul/zuul master: Add optional support for circular dependencies  https://review.opendev.org/68535411:32
openstackgerritSimon Westphahl proposed zuul/zuul master: Check cycle items are mergeable before reporting  https://review.opendev.org/74345011:32
*** jpena is now known as jpena|lunch11:33
openstackgerritTobias Henkel proposed zuul/nodepool master: Document aws iam profile  https://review.opendev.org/74565811:35
*** wuchunyang has quit IRC11:39
*** jcapitao is now known as jcapitao_lunch11:40
avasstobiash: I'm pretty confident it should work, currently it dumps the "Microsoft Windows ...." header to authorized keys :)11:43
tobiashyay11:44
avasstobiash: do you mean: https://zuul-ci.org/docs/nodepool/configuration.html#attr-providers.[aws].pools.labels.iam-instance-profile ?11:44
tobiashavass: no I mean the permissions nodepool needs to have to be able to work with aws11:45
avassoh, I haven't seen one at least. But I've wanted one :)11:45
*** wuchunyang has joined #zuul11:50
*** wuchunyang has quit IRC11:52
*** wuchunyang has joined #zuul11:55
*** rlandy has joined #zuul11:59
*** wuchunyang has quit IRC12:02
tristanCtobiash: i don't remember, i only used the basic free tier for the initial testing12:03
*** wuchunyang has joined #zuul12:05
*** wuchunyang has quit IRC12:07
*** wuchunyang has joined #zuul12:10
*** wuchunyang has quit IRC12:12
*** wuchunyang has joined #zuul12:13
*** wuchunyang has quit IRC12:15
*** iurygregory has quit IRC12:25
*** iurygregory has joined #zuul12:26
*** hashar has joined #zuul12:36
*** jpena|lunch is now known as jpena12:39
fungizuul-maint: just a heads up, recent point releases of ansible seem to have changed default file modes: https://github.com/ansible/ansible/issues/7120012:43
fungiwe frequently have files tasks with no mode specified i think, so this could easily impact jobs (though probably mostly jobs which involve multiple users)12:43
*** sanjayu__ has quit IRC12:50
*** sanjayu__ has joined #zuul12:52
*** vishalmanchanda has joined #zuul13:04
*** bhavikdbavishi has quit IRC13:04
*** jcapitao_lunch is now known as jcapitao13:14
zbrfungi: well, i think they do have a decent explanation for the breaking change.13:21
fungizbr: explanation sure, but that doesn't mean users will immediately realize an ansible stable update is what caused all their file permissions to change13:24
zbryep, that is why I am subscribed to all their releases and read the changelog each time.13:25
fungialso that does seem like a rather sudden behavior change to introduce in stable point releases rather than just in development. it's not like ansible prevented you from setting secure file permissions13:25
zbri am sure that I will see few tripleo jobs failing due to it, part of the daily chores13:25
fungichoosing to suddenly protect users from themselves in a stable patch bump is surprising13:25
zbrit is a grey area, and they are experts in it ;)13:27
tristanCzbr: is there an ansible-lint rule to detect missing file mode?13:29
fungii'm actually stunned that the solution to cve-2020-1736 was to explicitly set the file mode when copying rather than copying the source file mode13:29
zbrtristanC: nope, but if you do one, I can merge it, even make a release.13:29
fungihttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-173613:30
zbrseems like a good opportunity to make one13:30
zbrtristanC: i already starting to write the linter rule, any other modules than template affected?13:36
zbrhttps://github.com/ansible/ansible-lint/pull/94313:48
zbrlots of occurences in zuul-roles: http://paste.openstack.org/show/796730/13:49
fungiit's worth bearing in mind that most of those are probably not actually a problem because they'll be accessed by the same user which creates them13:50
zbrfungi: yep, still i have no idea how distinguish between one are or another. I am open to suggestions.13:51
fungithis will really only be an issue if the account under which ansible runs is creating files which another user needs to read. i don't think there's going to be an automated way to identify those stiuations, no13:51
fungiso maybe just avoiding the situation by always having explicit file modes is the solution, to avoid ~undefined behavior13:52
zbram I wrong or the docs were not updated at https://docs.ansible.com/ansible/latest/modules/template_module.html ?13:53
zbrif I understand correctly, new default is 0x600 or not really?13:53
zbrprobably I should suggest using "preserve" as a workaround that does avoid triggering the rule violation?13:54
fungii guess "preserve" keeps the source file's mode?13:55
fungis/keeps/copies/13:55
zbryep, which is also acting as "default"13:55
zbrbut there are 9 core modules with mode, i need to see if all support it....13:56
fungii'm just surprised that copying the source file's mode wasn't the default behavior, as opposed to hard-coding a default file mode, but i guess there must be reasons13:56
* yoctozepto surprised too13:57
yoctozeptoor not getting the real issue...13:57
zbronly synchronize module has different docs on mode param13:58
fungiyoctozepto: the underlying trigger for this seems to have been cve-2020-1736 about atomic_copy using a very loose umask and not copying the original file's mode by default14:00
fungiso the end result was that it created files world-writeable when copying14:01
fungithat i get is a real problem14:01
yoctozeptofungi: yeah, noticed, I replied with my suprisement in the bug report14:01
*** smcginnis has quit IRC14:01
yoctozeptothat one truly is14:01
fungibut yeah, it seems like there are multiple ways that vulnerability could have been addressed14:02
yoctozeptoalso, the defaults for non-overridable mode might better be more strict14:02
yoctozeptobut for regular actions, one rather expects normal posix behaviour14:02
yoctozeptoand changing default to more secure is fine but not in stable for devops sake14:02
yoctozeptowell, they went with the hammer approach :-)14:03
fungii concur. the original behavior is not posix-like, but neither is the fixed behavior14:03
fungii would also have expected something which behaved like the `cp` command14:03
SpamapS:|14:04
SpamapSThey should know better.14:04
SpamapSThere will be flames.14:04
yoctozeptoah, true, I was speaking about newly-created files14:04
SpamapS50% chance of revert in urgent stable patch.14:04
yoctozeptocause that is what has bitten us14:04
yoctozeptobut yeah, cp behaviour for copying would be just right14:04
SpamapS(Regarding Ansible changing mode behavior in a stable update)14:04
yoctozeptoand mv for moves14:04
SpamapSDoes Ansible even have a move?14:05
SpamapSIt didn't, a few years back.14:05
yoctozeptoSpamapS: well, internally14:05
yoctozeptothe changed part is 'atomic_move'14:05
fungii guess the argument could be that if you want posix-like behaviors, use the command module14:05
yoctozeptotrue that, but no kidding :-)14:06
SpamapSfungi: but then you're back in making sure every command is idempotent. ;)14:06
fungisure14:06
yoctozeptono, seriously, one can set those modes where necessary but sometimes the default umask behaviour was just fine14:07
yoctozeptowhy would you want to touch perfect defaults14:07
yoctozeptoanyhow, everything up to ansible team14:07
clarkbSpamapS: fungi and the linter will complain you should use copy/template/etc14:13
yoctozeptoclarkb: true that14:14
yoctozeptoso it's easy to fight this argument14:14
fungithat's easy, disable those linting rules14:15
*** wuchunyang has joined #zuul14:16
*** wuchunyang has quit IRC14:17
zbrwe may need to optimize this rule a little bit as it finds just too many occurences14:20
yoctozeptofungi: well then I want the new default configurable! :D14:23
yoctozepto(but then I would be setting myself into security issues, oh well)14:24
yoctozeptonasty one14:24
*** adam_g has quit IRC14:25
*** adam_g has joined #zuul14:27
*** chkumar|rover is now known as raukadah14:42
zbryoctozepto: look at the bright side: they removed the non octals from ansible code while fixing this bug ;)14:45
zbrdoing file permission checking using base-10, it would have not passed my review :D14:46
clarkbzbr: what happens to people using mode: 600 ?14:47
clarkbare they all broken now too?14:47
yoctozeptozbr: 😂14:47
zbrclarkb: nope, when I said removed, removed internal implementation that was doing comparisions with some base-10 values14:48
yoctozeptoclarkb: mode: 600 has quite surprising effects14:49
yoctozeptoor at least had; I always write octals in there14:49
clarkbyoctozepto: I'm not suggesting its correct but suddenly beraking users that do that would be bad14:49
clarkb'600' too14:50
yoctozepto'600' works I guess14:50
zbrthere is a rule in the linter for that issue too14:52
*** Shrews has joined #zuul15:05
*** sanjayu_ has joined #zuul15:12
*** bhavikdbavishi has joined #zuul15:13
*** sanjayu__ has quit IRC15:14
*** jcapitao has quit IRC15:34
*** rlandy is now known as rlandy|ruck15:54
*** nils has quit IRC16:09
*** hamalq has joined #zuul16:10
*** hamalq_ has joined #zuul16:11
*** jpena is now known as jpena|off16:13
*** hamalq has quit IRC16:16
fungiyay, looks like the ansible devs are considering revisiting the file mode change with a more measured approach16:19
zbrs/hammer/mallet/16:26
dmsimardyeah I was about to mention that -- it's a bit late now that it's been released but oh well16:27
fungiusu mochi mallet16:27
*** hamalq_ has quit IRC16:29
*** hamalq has joined #zuul16:30
*** tosky has quit IRC16:59
*** bhavikdbavishi has quit IRC17:07
*** bhavikdbavishi has joined #zuul17:07
*** hashar has quit IRC17:10
*** hamalq has quit IRC17:31
*** holser has quit IRC17:39
*** holser has joined #zuul17:39
*** sanjayu_ has quit IRC17:47
corvustristanC: i think it's okay to merge https://review.opendev.org/742971 now (cc infra-root: when that merges, we should be able to get ara repots from system run jobs again)17:47
*** bhavikdbavishi has quit IRC17:48
*** saneax has joined #zuul17:51
tristanCcorvus: ok, i rechecked it to verify vexxhost ci is not affected17:56
corvustristanC: good point; i opened up a window to watch streaming logs just in case17:57
tristanCthe issue seems to be cleared, i put the +workflow now18:02
clarkbcorvus: do we need to update our system-config jobs in opendev? or shold that get auto picked up?18:03
corvusclarkb: i think automatic18:11
openstackgerritMerged zuul/zuul-jobs master: Allow ara-report to run on any node  https://review.opendev.org/74297118:18
corvusdmsimard: ^18:18
tristanCafter updating our local copy of zuul-jobs, some jobs started to fail because ensure-tox doesn't seems to install tox in the PATH anymore, we had to replace `tox` command by `{{ tox_executable }}`18:37
clarkbtristanC: you have to enable fact caching18:38
clarkbensure-tox installs it to venv if tox_executable does not exist, then sets tox_executable as a fact18:39
corvusdoesn't zuul enable fact caching?18:39
tristanCclarkb: this playbook used to work: https://pagure.io/fork/tdecacqu/fedora-qa/os-autoinst-distri-fedora/blob/637c605496e5253e99ff638eb2f3d7c3c392d9fd/f/ci/tox.yaml18:39
clarkbtristanC: I would expect that to still work if fact caching works18:40
tristanCor rahter this one https://pagure.io/fedora-qa/os-autoinst-distri-fedora/blob/master/f/ci/tox.yaml18:40
clarkbcorvus: maybe? I'm not 100% sure on that18:40
tristanCfirst link is the patched version18:40
corvusclarkb: when you say "you need to enable fact caching" what does the user need to do?18:40
tristanCi can't find where this was announced, was this announced?18:40
clarkbcorvus: I don't know. I just know that the role relies on setting that value as a fact to address tristanC's problem18:41
clarkbhttps://opendev.org/zuul/zuul-jobs/src/branch/master/roles/ensure-tox/tasks/main.yaml#L30-L33 in particular does it18:41
corvustristanC: do you have a link to a failed build?18:42
tristanCcorvus: https://fedora.softwarefactory-project.io/zuul/build/211ab6902e4b4e8b9da532eda802abd818:42
tristanCthis is after updating our zuul-jobs copy from 86db3adeb1abdf2f2e03a8a4ef6fe1eab5d352c5 to fcf84346eff89398fd4f67cc7e2fa30ba443145c18:44
corvusi wonder if the issue is that ensure-tox is being used in an include_18:45
corvusgrr18:45
corvusi wonder if the issue is that ensure-tox is being used in an include_role task in the same playbook that then later relies on the cached fact18:45
corvusie, maybe it only loads the fact from the cache at the start, so it's not there, and the fact doesn't persist beyond the include_role?18:46
corvusthat second part is the troubling part18:46
corvusit seems like if we're in the same playbook, a set_fact should persist all they way through, even through an include_role18:46
clarkbyes if it is the same playbook I would expect it to work even more well18:47
corvusoh, wait: https://pagure.io/fedora-qa/os-autoinst-distri-fedora/c/85be99830bc7d9472ee307d80b3ee4c22bf37f29?branch=master18:47
corvusit used to just be "tox"18:47
corvusso i think the advice "you need to enable fact caching" is not relevant here; because the role wasn't relying on the fact before18:48
corvusor rather, the playbook18:48
corvusi think the issue is that the playbook was previously relying on tox being in the path, and with the changes to ensure-tox, it now should rely on the tox_executable output variable18:48
corvus(iow, tristanC's patch is the intended way to use the role now)18:49
tristanCcorvus: yeah, the ensure-tox role used to do `type tox || $PIP install --user tox`. I can't find where the change was announced18:52
corvustristanC: i think https://review.opendev.org/718284 is the implementing change18:52
clarkboh I thought the two were tied to gether (and that is why we set the fact)18:54
corvustristanC: i suspect that the reviewers only considered the case of other roles in zuul-jobs relying on the behavior, not end-user playbooks, and so probably didn't realize it would be a breaking change in that case18:55
corvustristanC: (iow, we probably looked at it and said: "ensure-tox role + tox role" works, so we're good)18:55
corvusbut this case is more like "ensure-tox role + playbook runs 'tox' command"18:55
clarkboh I see18:56
clarkbya18:56
tristanCcorvus: alright, thank you for the details18:57
corvustristanC: i agree, we should have announced it, but i think we just missed that case in good faith, and we can try to think about that in the future.  i do think that the documented output variables is a big improvement and should help avoid this problem in the future.18:57
corvusclarkb: i think the only "you need to enable caching" applicable here is: if you're writing a role like ensure-tox, and you want to produce an output variable, you need to set the cacheable flag on the set_fact task when you write that role.  iow, it's a responsibility of a zuul-jobs role author; an end-user shouldn't need to worry about that detail.18:58
clarkbcorvus: ya looking in the executor code we set up fact caching18:58
clarkbzuul should handle that side of things, then as you say the roles need to make specific values cacheable to translate between playbooks18:59
tristanCcorvus: that's ok, i was just wondering if i missed a mailling list or something, the user wanted to know how to prepare for such change...19:01
fungii thought it had been announced, but am probably wrong19:02
tristanCi think it would be to difficult to announce each role "api" change19:02
fungialso i thought we added a variable to cause it to symlink tox in /usr/local/bin as a solution for scripts which want to call the tox executable without a full path19:03
fungiahh, it was the tox_envlist removal which got announced. the tox role installing to nonstandard paths looks like it happened as part of standardizing similar patterns for pip and virtualenv19:05
fungitristanC: would adding https://zuul-ci.org/docs/zuul-jobs/python-roles.html#rolevar-ensure-tox.ensure_global_symlinks work better for you?19:06
tristanCfungi: oh that would have been another option, but that's ok, using "{{ tox_executable }}" fixed the issue19:07
fungiyeah, if you're calling tox from ansible then it's probably the better solution anyway. the ensure_global_symlinks toggle is more helpful when you have ansible calling shell scripts which call tox and want to work similarly when run locally by a developer19:08
fungi(though you can also do that with envvar magic and defaults)19:08
*** hashar has joined #zuul19:31
openstackgerritMerged zuul/zuul-jobs master: add-build-sshkey: call cmd with command  https://review.opendev.org/74564619:34
*** hashar has quit IRC20:07
*** hashar has joined #zuul20:09
*** openstackgerrit has quit IRC20:52
-openstackstatus- NOTICE: The openstackgerrit IRC bot (gerritbot) will be offline for a short period while we redeploy it on a new server20:53
*** hashar has quit IRC21:00
*** vishalmanchanda has quit IRC21:14
*** rlandy|ruck has quit IRC22:47
*** saneax has quit IRC23:02
*** logan- has quit IRC23:05
corvustristanC, mordred, tobiash: i updated gerrit's zuul to use tls zk with that series of patches i linked earlier (plus a couple of brown-bag followups).  tristanC, you were right about the extended cert attributes ('client auth' is needed).  i have no idea why it worked without that in my testing.23:32
corvusanyway, it's all up and appears to be working now, using zk tls.  so that's both opendev and gerrit's zuul using that.23:33
« Monday, 2020-08-10 Index Wednesday, 2020-08-12 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!