Wednesday, 2020-10-28

« Tuesday, 2020-10-27 Index Thursday, 2020-10-29 »
mnaserright now, i can't 'approve' my own PR, and any other solution such as using comments or labels makes me lack some sort of rbac-iness00:01
clarkbmy understanding is that is a github issue00:10
clarkbthe workarounds you describe workaround the underlying problem00:10
clarkbhttps://github.community/t/do-not-require-owner-approval-if-the-pull-request-is-from-an-owner/369/5100:12
clarkbseems people were still complaining about this as recently as 8 days ago00:12
mnaseryeah i found that post too unfortunately00:19
mnaseri'm half wondering if i can build a zuul pipeline which is triggered on pr comments00:19
mnaserand it takes those comments, checks if user is owner/etc, and then if they are, enqueue into gate.. or 'approve' the change00:20
*** wuchunyang has joined #zuul00:21
mnasermaybe similar to how ttx did the release stuff for openstack00:21
*** wuchunyang has quit IRC00:26
*** hamalq has quit IRC00:26
corvusmnaser: you should be able to try something out relatively quickly with a pipeline triggered on a comment or label and a zero-node job run on the executor with a secret that does the github lookup and then leaves the approval01:01
corvussince it's looking like this issue is going to persist, i think we could also look into expanding the github trigger to allow you to express "label 'approve' left by owner of repo" as a pipeline requirement.  that should get the logic entirely into zuul01:02
*** Goneri has quit IRC01:03
corvushttps://zuul-ci.org/docs/zuul/reference/drivers/github.html#attr-pipeline.require.%3Cgithub%20source%3E.review.permission01:04
mnasercorvus: yeah -- it does seem like github is probably not changing it's path, working with their enterprise support team have yielded to not much success...01:04
dmsimardtristanC: looks ok to me testing from https://api.us-east.open-edge.io:8080/swift/v1/AUTH_e02c11e4e2c24efc98022353c88ab506/zuul_opendev_logs_962/759969/1/check/zuul-build-dashboard-opendev/962c403/npm/html/01:04
dmsimardcan't really comment on the javascript bits though :)01:04
corvusmnaser: there's something really close already with "review from user with write permission"01:04
corvusprobably not exactly what's needed here, but that's the kind of pattern01:05
mnasercorvus: yeah, the pattern fits perfectly -- if github just fixed this, it'd be super clean01:05
mnaseri guess the nice thing about the idea you suggested with a zero node job is the flexibility it gives you01:06
corvustristanC: oh i entered "foo,bar" and got stuff without either foo or bar.01:07
mnaserbut then you wind up in a bit of a state-machine-y thing where you don't have an easy way of undoing this01:07
corvusmnaser: yeah, i think putting it in the driver is the better medium-term fix (and improves UX for all zuul github users)01:07
mnaseri guess the logic all lives here01:12
mnaserhttps://opendev.org/zuul/zuul/src/branch/master/zuul/driver/github/githubmodel.py01:12
mnasercorvus: i hope github stores which user added which label :(01:13
mnaserit doesn't -- so this makes it a little trickier..01:15
mnasercorvus: i wonder if we can leverage something like https://github.com/go-gitea/lgtm or document usage of this01:18
mnaseralso this interesting one which can run in a zero node thing -- https://github.com/NerdWalletOSS/github-lgtm01:23
*** armstrongs has joined #zuul01:31
*** armstrongs has quit IRC01:41
*** zenkuro has quit IRC02:03
*** bhavikdbavishi has joined #zuul03:10
*** bhavikdbavishi1 has joined #zuul03:13
*** bhavikdbavishi has quit IRC03:15
*** bhavikdbavishi1 is now known as bhavikdbavishi03:15
*** sean-k-mooney has quit IRC04:16
*** sean-k-mooney has joined #zuul04:16
*** bhavikdbavishi has quit IRC04:21
*** bhavikdbavishi has joined #zuul04:22
*** evrardjp has quit IRC05:33
*** evrardjp has joined #zuul05:33
*** wuchunyang has joined #zuul05:42
*** openstackgerrit has quit IRC05:46
*** bhavikdbavishi1 has joined #zuul06:06
*** bhavikdbavishi has quit IRC06:07
*** bhavikdbavishi1 is now known as bhavikdbavishi06:07
*** saneax has joined #zuul06:08
*** jfoufas1 has joined #zuul06:54
*** sshnaidm|afk is now known as sshnaidm|rover07:00
*** bhavikdbavishi has quit IRC07:31
*** openstackgerrit has joined #zuul07:47
openstackgerritTobias Henkel proposed zuul/zuul master: Recover from cat job failures during startup  https://review.opendev.org/75463607:47
*** mach1na has joined #zuul07:48
*** rpittau|afk is now known as rpittau07:51
*** bhavikdbavishi has joined #zuul07:54
*** jcapitao has joined #zuul08:02
*** yolanda has joined #zuul08:19
*** mach1na has quit IRC08:35
*** mach1na has joined #zuul08:38
*** hashar has joined #zuul08:42
*** jpena|off is now known as jpena08:54
*** tosky has joined #zuul08:57
*** jfoufas1 has quit IRC09:02
*** openstack has quit IRC09:21
*** openstack has joined #zuul09:24
*** ChanServ sets mode: +o openstack09:24
*** logan- has quit IRC09:27
*** logan- has joined #zuul09:27
*** vorotech has joined #zuul10:06
*** wuchunyang has quit IRC10:12
*** zenkuro has joined #zuul10:21
*** bhavikdbavishi has quit IRC10:31
*** jcapitao is now known as jcapitao_lunch11:31
*** bhavikdbavishi has joined #zuul11:52
*** mach1na has quit IRC12:06
*** rlandy has joined #zuul12:07
*** vorotech has quit IRC12:19
*** jpena is now known as jpena|lunch12:25
*** jcapitao_lunch is now known as jcapitao12:27
*** bhavikdbavishi1 has joined #zuul12:28
*** bhavikdbavishi has quit IRC12:30
*** bhavikdbavishi1 is now known as bhavikdbavishi12:30
*** rfolco has joined #zuul12:34
*** jfoufas1 has joined #zuul12:36
*** mach1na has joined #zuul12:46
*** hashar has quit IRC12:50
*** mach1na has quit IRC12:51
*** vorotech has joined #zuul12:54
*** hashar has joined #zuul12:56
*** mach1na has joined #zuul13:02
*** bhavikdbavishi has quit IRC13:24
*** sshnaidm|rover has quit IRC13:25
*** jpena|lunch is now known as jpena13:27
*** sshnaidm|rover has joined #zuul13:39
*** sshnaidm|rover is now known as sshnaidm|mtg13:44
zbrI wonder why there is no lookup for  tools/test-setup.yaml playbook in addition to test-setup.sh from zuul side, writing a playbook can prove easier in some cases than shell.13:45
zbris that due to some security concerns?13:46
zbrfungi: corvus: https://review.opendev.org/#/c/653130/7 please.13:52
*** jfoufas1 has quit IRC14:04
*** nils has joined #zuul14:06
fungizbr: i don't understand the question... what sort of lookup for tools/test-setup.yaml would you expect and where?14:17
zbrnow zuul looks for presence of test-setup.sh and executes it14:18
fungior are you suggesting that we could offer to run a tools/test-setup.yaml if it exists in a repository in the same place we currently execute tools/test-setup.sh14:18
zbrhow if it would also look for a playbook, and if present to run it.14:18
zbrexactly, implicit.14:18
zbrthis would be user friendly as not everyone knows how to alter zuul jobs, but they may know how to write a playbook.14:19
*** holser has quit IRC14:20
zbri am asking this because I seen some test-setup.sh files growing and growing and realized they would be much easier to maintain as ansible playbooks instead of shell.14:20
fungiwith my openstack developer hat on, the tools/test-setup.sh pattern grew out of having common tasks which developers may need to run (usually with root/elevated permissions) on a system to set up the dev environment before running, say, unit tests. in particular it was used to preconfigure databases or temporary filesystems which were used as local resources by some unit tests (rather than mocked)14:20
*** holser has joined #zuul14:20
fungii guess replacing that with a playbook would mean that projects need to describe to developers how to get ansible up and running and execute the playbook with it, instead of telling them they need a working shell14:21
zbrlet me give you one practical example I seen: https://github.com/ansible-community/molecule-vagrant/blob/master/tools/test-setup.sh14:21
fungibefore tools/test-setup.sh projects all had their own scripts or cut-n-paste commands in readme files and they all differed. we encouraged them to put them into a consistently-named place because then we could also use them in ci jobs14:22
zbrwriting cross-platform setup shell is..., less than ideal.14:22
zbri am not proposing replacing it, only to *also* look for a playbook and run it if present.14:22
fungiyeah, i get the suggestion now. it seems reasonable to me, if the developer community for a particular projects is already assumed to have ansible installed and be intimately familiar with it14:23
zbrand I really like the layout, i was  happy to see people proposing changes to the file even if they never used zuul and while the purpose of the file was not documented.14:23
zbrin fact I think I could be able trick zuul to run the playbook if I change the shebang line ;) ... as long ansible is already present.14:24
zbri personally see a pattern: initial write a bash script, script grows, you make it a playbook, later you make it a zuul role (if it makes sense).14:26
corvuszbr: you could add a pre-run playbook to a job which did include_tasks on a yaml file14:26
zbrwhat I want is to make it run this playbook if it exists, without having to alter the jobs definitions.14:27
zbri think i know how to do it but i wanted to check if such a feature would be desirable or not14:27
corvusaltering a job definition is the only way to make it run.  it's a question of which job defn to alter.  if you want it to run like test-setup.sh, then it's the "unittests" job that should be altered.14:28
*** vorotech has quit IRC14:30
*** vorotech has joined #zuul14:36
*** vorotech has quit IRC14:38
mnaserwould it be reasonable for zuul to pick up config projects from `main` as well if there is no other branches at all ?14:40
*** vorotech has joined #zuul14:40
mnaseri was confused for quite sometime now :)14:40
*** sanjayu_ has joined #zuul14:40
*** saneax has quit IRC14:42
*** Goneri has joined #zuul14:48
*** Goneri has quit IRC14:52
openstackgerritMatthieu Huin proposed zuul/zuul master: [DNM] zuul-client: test change-status command  https://review.opendev.org/75984014:58
fungimnaser: yeah, we discussed that earlier in the week or over the weekend, sean-k-mooney ran into a similar challenge15:01
fungiit seems reasonable that "main" could be a fallback when zuul can't find "master"15:01
fungii don't think anyone has proposed a change to implement that yet15:02
fungiif zuul could identify the default branch and get rid of the hard-coded master assumption that would probably be ideal, but i don't know if it's feasible (or else i assume we'd have already done it that way)15:03
tobiashmnaser: currently you can say load-branch: main in the tenant config for those repos, later we can make an automatic fallback so this is not necessary15:07
mnasertobiash: yeah that's what i ended up doing, to add my confusion i had forgotten to enable branch protections too on that branch15:08
mnaserso that confused me foor a bi tafter too :p15:08
tristanCbeside sending SIGUSR2, is there another thing we could do to investigate a scheduler memory leak?15:14
sean-k-mooneythis is what i do https://github.com/SeanMooney/ci-sean-mooney/blob/main/zuul.d/jobs.yaml#L29-L4115:14
sean-k-mooneyas a workaroudn currently15:15
sean-k-mooneyits only an issue if the repo under test is on branch main15:15
sean-k-mooneyi guess it could be an issue the other way around15:15
sean-k-mooneybut we dont have main brances in openstack currently15:15
sean-k-mooneybut ya automatic fallback would be optimal form a ux point of view15:16
fungitristanC: i have notes somewhere for running the scheduler under repl, i think, which has been useful in the past for exploring objects in the running system, but could lead to performance impact15:23
mnasertobiash: https://zuul-ci.org/docs/zuul/reference/drivers/github.html under "Reference pipelines" -- the `- event: check_run` -- shouldn't we set `action: completed` too, it looks like i'm running a 'loop' right now15:26
mnasersorry, i mean `action: requested`15:26
mnasercause now every time zuul reports to github, it re-enqueues15:26
tristanCfungi: i remember reading about using the zuul repl for such things, but can't find what the operator needs to do. I'd be happy to add your note to the troubleshooting doc if you can find them15:27
fungiyeah, unfortunately it looks like the etherpad i was thinking of might be corrupt. i'm going to see if i can salvage it via the admin api15:28
tristanCftr here is the memory usage graph: https://prometheus.monitoring.softwarefactory-project.io/grafana/d/EtRMbV1Zk/node-exporter-full?viewPanel=78&orgId=1&var-job=node&var-name=zs.softwarefactory-project.io&var-node=zs.softwarefactory-project.io&var-port=9100&from=now-15d&to=now15:29
tobiashmnaser: which pipeline?15:42
mnasertobiash: the 'check' pipeline15:42
mnasershouldn't we include action: requested under the 'check_run' event15:42
tobiashprobably, let me compare this with our check pipeline15:42
tobiashmnaser: yes, we have this: http://paste.openstack.org/show/799479/15:43
mnasertobiash: do you want to push up a patch to update it (or i can?)15:45
openstackgerritTobias Henkel proposed zuul/zuul master: Fix reference check pipeline  https://review.opendev.org/76017015:45
tobiashmnaser: ^15:46
fungitristanC: so here's one pad of notes (i think from corvus) about methods for investigating memory leaks in the scheduler: http://paste.openstack.org/show/799481/15:46
mnasertobiash: awesome, +115:46
tobiashzuul-maint: small doc fix: https://review.opendev.org/76017015:48
tristanCfungi: thanks!15:48
fungitristanC: aha, for some reason i wasn't able to get the pad for that to load correctly, maybe user error, it's working for me here now https://etherpad.opendev.org/p/zuul-memory-leak15:48
tobiashtristanC: what version are you running?15:49
tobiashwe've recently spent weeks to hunt down and fix a memleak15:49
tristanCtobiash: 3.19.115:49
tobiashthat might not include those fixes15:49
fungitristanC: unfortunately that doesn't cover restarting the scheduler with repl loaded15:49
tobiashlet me check15:49
fungijust what to do once you're in it15:50
tristanCfungi: yep, got it. i'll look into adding repl usage to the doc too15:50
tobiashtristanC: this stack solved our memleak: https://review.opendev.org/751172 (and two parents)15:51
fungiawesome, thanks!15:51
tobiashtristanC: that's not in 3.19.115:51
tristanCtobiash: unfortunately... i guess we'll have to wait for the v415:52
tobiashtristanC: so actually there were two leaks, one when loosing the zk session (so not that severe since zk session loss itself is already severe)15:53
tristanCtobiash: thank you for fixing those!15:53
tobiashthe more important is https://review.opendev.org/75117215:53
tobiashwhich you can avoid mainly if you don't allow enqueue/dequeue via api since that's the main trigger (wrongly used enqueues or dequeues)15:53
tobiashso if you cannot update, don't allow enqueue/dequeue to the users15:54
tristanCtobiash: heh i guess we hit both issues, lost zk last week and enabled admin user to enqueues/dequeus :-)15:54
tobiashtristanC: what's your zk session timeout?15:55
tristanCminSessionTimeout: 600000 and maxSessionTimeout: 180000015:56
tristanCand last zk outage lasted for more than 30min15:57
tobiashk, then just restart zuul as well if you have a real zk outage15:57
tobiashwe had also without zk problems session timeouts due to thread contention in zuul itself so needed to increase the timeout15:58
tristanCyeah, i think the main issue is when restart launcher, in that situation it may takes 30min for the lock to expire15:58
tobiashor well, the memleak triggered gc runs > 40s which lead to session losses which lead to more memory leaked...15:58
tobiashyou can imagine what the result was ;)15:59
tristanCin anycase, is there a topic for the patch blocking the v4 release?16:00
tristanCand/or, would it be worth doing a v3.19.2 with the leak fix?16:01
tobiashhrm, where was that etherpad again with the release plan?16:01
tobiashtristanC: I guess 3.19.2 won't happen since 3.19.1 cause way too much trouble16:01
tobiashhere it is: https://etherpad.opendev.org/p/zuulv416:02
tobiashso from what I can see this would be missing for a v4: https://review.opendev.org/63047216:03
tobiashand maybe make tls zk mandatory16:04
tobiashand the ha scheduler stack up to https://review.opendev.org/71626216:04
tristanCtobiash: i see, thanks!16:07
tobiashoh and remove zuul-migrate16:07
tobiashI guess that's easy16:07
openstackgerritzbr proposed zuul/zuul-jobs master: Add test_setup_reset_connection setting  https://review.opendev.org/65313016:08
*** vorotech has quit IRC16:23
*** hamalq has joined #zuul16:51
*** rpittau is now known as rpittau|afk17:09
*** mach1na has quit IRC17:09
*** tosky has quit IRC17:20
*** mach1na has joined #zuul17:20
*** mach1na has quit IRC17:25
*** jcapitao has quit IRC17:31
*** sshnaidm|mtg is now known as sshnaidm|rover17:46
*** mach1na has joined #zuul17:54
*** sanjayu_ has quit IRC17:57
*** mach1na has quit IRC17:59
*** jamesmcarthur has joined #zuul18:01
*** jpena is now known as jpena|off18:05
*** sugaar has quit IRC18:09
openstackgerritMatthieu Huin proposed zuul/zuul master: [DNM] zuul-client: test change-status command  https://review.opendev.org/75984018:16
*** hashar has quit IRC18:28
*** jamesmcarthur has quit IRC18:29
dmsimardwow, mediawiki moving off gerrit to gitlab: https://www.mediawiki.org/wiki/GitLab_consultation#Outcome18:29
clarkbthe move away from gerrit has been long planned for them, the original target was phabricator iirc18:30
fungiyeah, presumably they finally gave up on phabricator after moving a bunch of repos to it. will see if they have any better luck with gitlab18:41
*** sshnaidm_ has joined #zuul18:57
*** sshnaidm|rover has quit IRC19:00
*** sshnaidm_ is now known as sshnaidm|rover19:06
*** ianychoi__ has joined #zuul19:17
*** ianychoi_ has quit IRC19:21
*** sshnaidm|rover is now known as sshnaidm|afk19:28
*** hashar has joined #zuul19:39
*** jamesmcarthur has joined #zuul19:40
*** mach1na has joined #zuul19:55
*** mach1na has quit IRC20:00
*** mach1na has joined #zuul20:03
*** mach1na has quit IRC20:07
*** piotrowskim has quit IRC20:23
*** yolanda has quit IRC20:24
*** yolanda has joined #zuul20:25
*** mach1na has joined #zuul20:34
*** nils has quit IRC20:36
*** tosky has joined #zuul20:39
*** mach1na has quit IRC20:39
*** rfolco has quit IRC21:06
mnaseri've got a little 'approval' system going for zuul that's pretty 'zuul-native' so far21:08
mnasernow just to double check, i cant install any pip packages on the executor, right?21:09
mnaserso i really need to rewrite this to do things like urllib and friends and my pygithub usage is no bueno21:09
fungifor a bunch of stuff like that i think we just use the url lookup module in ansible21:10
mnaseri assume i cant use shell on the executor (and i cant use my own module either?)21:11
mnaser(but are the rules different if it's a config-project job?)21:11
ianwmnaser: i think you can do shell in a trusted playbook21:13
ianwjust it makes it hard to test is all21:13
mnaserok that may be my cop out then21:13
mnaserit has to be priv anyways21:13
ianwyou can get libraries installed, i mean things like the s3 and google cloud uploader need them.  i'm not sure if there's a formalised way to do that?21:16
*** jamesmcarthur has quit IRC21:26
fungithere is, it's a list somewhere for additional modules manage-ansible will install in the ansible venvs21:29
fungishould be in the zuul manage-ansible docs, i just don't have time to look right this moment21:29
*** zenkuro has quit IRC21:35
*** zenkuro has joined #zuul21:35
*** rfolco has joined #zuul21:57
*** ChrisShort has quit IRC21:59
*** shanemcd has quit IRC21:59
*** zer0c00l has quit IRC21:59
*** zer0c00l has joined #zuul21:59
*** shanemcd has joined #zuul21:59
*** ChrisShort has joined #zuul21:59
ianwahh yeah ANSIBLE_EXTRA_PACKAGES ; til :)22:02
*** rfolco has quit IRC22:03
*** zenkuro has quit IRC22:07
*** zenkuro has joined #zuul22:09
*** rfolco has joined #zuul22:30
*** rlandy is now known as rlandy|bbl22:33
*** rfolco has quit IRC22:35
*** mach1na has joined #zuul22:42
*** mach1na has quit IRC22:47
*** hashar has quit IRC23:28
*** holser has quit IRC23:58
« Tuesday, 2020-10-27 Index Thursday, 2020-10-29 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!