Tuesday, 2020-11-03

*** smyers has quit IRC		00:08
*** smyers has joined #zuul		00:09
*** tosky has quit IRC		00:26
*** hamalq has quit IRC		01:41
*** ianychoi has quit IRC		03:00
*** bhavikdbavishi has joined #zuul		03:06
*** bhavikdbavishi1 has joined #zuul		03:09
*** bhavikdbavishi has quit IRC		03:10
*** bhavikdbavishi1 is now known as bhavikdbavishi		03:10
*** ianychoi has joined #zuul		03:21
*** zenkuro has quit IRC		03:36
*** wuchunyang has quit IRC		03:39
*** smyers has quit IRC		03:47
*** smyers has joined #zuul		03:49
*** bhavikdbavishi has quit IRC		04:28
*** bhavikdbavishi has joined #zuul		04:29
*** saneax has joined #zuul		05:06
*** evrardjp has quit IRC		05:33
*** evrardjp has joined #zuul		05:33
*** bhavikdbavishi1 has joined #zuul		06:32
*** bhavikdbavishi has quit IRC		06:33
*** bhavikdbavishi1 is now known as bhavikdbavishi		06:33
*** bhavikdbavishi1 has joined #zuul		06:48
*** bhavikdbavishi has quit IRC		06:50
*** bhavikdbavishi1 is now known as bhavikdbavishi		06:50
*** bhavikdbavishi has quit IRC		06:58
*** vorotech has joined #zuul		07:03
*** vishalmanchanda has joined #zuul		07:23
*** mach1na has joined #zuul		07:23
*** bhavikdbavishi has joined #zuul		07:25
*** bhavikdbavishi1 has joined #zuul		07:27
*** bhavikdbavishi has quit IRC		07:29
*** bhavikdbavishi1 is now known as bhavikdbavishi		07:29
*** vorotech has quit IRC		07:42
*** vorotech has joined #zuul		07:54
*** vorotech has quit IRC		07:57
*** vorotech has joined #zuul		08:01
*** mach1na has quit IRC		08:01
*** hashar has joined #zuul		08:03
*** jcapitao has joined #zuul		08:05
*** fbo\|off is now known as fbo		08:14
*** rpittau\|afk is now known as rpittau		08:19
*** frenzyfriday has joined #zuul		08:29
*** vorotech has quit IRC		08:35
*** mach1na has joined #zuul		08:38
*** mach1na has joined #zuul		08:39
*** tosky has joined #zuul		08:40
*** vorotech has joined #zuul		08:40
*** mach1na has quit IRC		08:49
*** jpena\|off is now known as jpena		08:56
openstackgerrit	zbr proposed zuul/zuul-jobs master: More E208 fixes https://review.opendev.org/761090	08:56
*** mach1na has joined #zuul		09:01
*** bhavikdbavishi has quit IRC		09:06
*** frenzyfriday has quit IRC		09:44
*** sshnaidm\|afk is now known as sshnaidm\|rover		09:56
openstackgerrit	zbr proposed zuul/zuul-jobs master: More E208 fixes https://review.opendev.org/761090	10:05
tobiash	avass: commented on the nimble roles	10:10
avass	tobiash: reasonable, I'll update later	10:13
tobiash	clarkb: replied on https://review.opendev.org/720249	10:24
webknjaz	Anybody wants to advertise Zuul to pip? https://github.com/pypa/pip/issues/7279	10:44
*** mach1na has quit IRC		10:53
*** mach1na has joined #zuul		10:58
*** bhavikdbavishi has joined #zuul		11:21
*** bhavikdbavishi1 has joined #zuul		11:28
*** bhavikdbavishi has quit IRC		11:30
*** bhavikdbavishi1 is now known as bhavikdbavishi		11:30
*** jcapitao is now known as jcapitao_lunch		11:36
avass	webknjaz: taht would have been cool. I still don't understand what people don't like about the UX, I keep seeing complaints that it's 'bad' but I haven't seen any specifics on what's bad about it	11:44
avass	webknjaz: oh, looking a zbr's reply I guess that's because I'm using gerrit. That zuul only reports a single check for github is _slightly_ annoying	11:52
zbr	i think that pabelanger was involved with github integration but I am sure that webknjaz could be able to extend it to make it appear as multiple checks.	11:54
zbr	i never touched that integration.	11:54
zbr	avass: here is a hint, zuul still fails to render ANSI. my changes failed to merge.	11:55
avass	I don't think you could since zuul only reports once for each buildset	11:55
zbr	i do understand why some people complain about zuul UI, that was the reasons why i tried to improve the UX.	11:55
zbr	hmm, better to wait for input from those that know the internals	11:56
zbr	clearlty there is a way to query in progress builds, the js extension for gerrit is still working	11:56
zbr	it may not push the status, but you clearly can query its progress.	11:57
avass	If you can do that in github then it should work I guess	11:57
zbr	i am sure they would not allow you to write javascript that runs on their servers.	11:57
avass	:)	11:57
*** rfolco has joined #zuul		12:00
*** vorotech has quit IRC		12:00
*** nils has joined #zuul		12:01
*** mach1na has quit IRC		12:05
*** vorotech has joined #zuul		12:09
tobiash	avass, zbr: it's one check for a very good reason which is also explained here: https://zuul-ci.org/docs/zuul/discussion/github-checks-api.html#design-decisions	12:10
avass	makes sense to me	12:14
*** vorotech has quit IRC		12:20
*** vorotech has joined #zuul		12:21
*** rlandy has joined #zuul		12:26
*** jcapitao_lunch is now known as jcapitao		12:27
*** vorotech has quit IRC		12:31
*** jpena is now known as jpena\|lunch		12:32
*** vorotech has joined #zuul		12:36
zbr	clearly a good source of information but i am not fully convinced	12:44
zbr	it assumes user would want to use zuul for both check/gate for example	12:44
zbr	avass: see https://github.com/ansible/ansible-lint/pull/1089 -- clarkb mentioned it yesterday.	12:49
avass	zbr: lgtm	12:52
*** mach1na has joined #zuul		13:02
tristanC	zbr: looking at the "208 mode fixes" changes, it seems like we mostly make the default mode explicit, what is wrong with omitting the default, isn't ansible always using 755/644 ?	13:04
avass	tristanC: ++	13:04
avass	I would guess it came from ansible changing the default mode, but since that was fixed I'm not sure if we want it to be this verbose	13:05
tristanC	avass: yeah, i'd like to understand what is the reasoning, it seems like in some situation the default behavior would be unexpected, but i have yet to find an example of such situation...	13:06
webknjaz	@avass: I think that "bad UX" mostly means that it brings a lot of unfamiliar stuff to the world outside of the openstack bubble + yes the GH integration could be better.	13:19
webknjaz	@zbr: I proposed expanding the checks properly in this channel some time ago but people couldn't agree on how it should work	13:20
webknjaz	@avass: one of the differences in, as zbr said, ANSI in logs. That is something that is native to all the other CIs people use. Of course, folks would consider it a bad UX	13:22
openstackgerrit	zbr proposed zuul/zuul master: Enable ANSI rendering via react-ansi https://review.opendev.org/739444	13:25
webknjaz	@tobiash: as I mentioned before, that problem with checks is solvable by reporting a static check for gate and mapping the rest as usual. This is what would be considered native to the GH bubble	13:25
corvus	webknjaz: can you elaborate on that? what do you mean by "static check for gate"?	13:27
zbr	webknjaz: my initial ANSI patch is likely more than year old but a complete rewrite is still open at https://review.opendev.org/#/c/739444/ and seems to find a hard time getting reviews.	13:29
zbr	a problem tobiash reported yesterday, lack of core reviews.	13:29
avass	zbr: that change doesn't look too hard to review, you don't happen to have en example to link whenver it's done building?	13:30
webknjaz	@corvus: I meant a static name	13:30
avass	webknjaz: I guess that's what we got for github at the moment, but it would report each job separately as well	13:31
*** jpena\|lunch is now known as jpena		13:32
zbr	having each job separated would be a benefit for github users using zuul as a 3rd party ci (not primary one)	13:32
zbr	and while this seems bit outside the original zuul design, we should realise that this is the most likely way someone using github would want to try it.	13:33
corvus	webknjaz: i still don't understand your suggestion	13:33
corvus	webknjaz: i may need it spelled out with more words	13:34
corvus	"Most importantly, there can only be one check suite per commit SHA, per app." that seems key. how would one solve that?	13:35
avass	I think I need a betteer explanation what "one check suite" means	13:37
avass	what I believe travis does is it has one check for each 'job' and one that reports if all of them has passed (webknjaz can probably correct me here)	13:38
avass	which is what zuul could do	13:38
corvus	avass: explained in the first pgraph at https://zuul-ci.org/docs/zuul/discussion/github-checks-api.html#design-decisions and further if you follow the first link there	13:38
*** zenkuro has joined #zuul		13:39
avass	corvus: reading	13:39
webknjaz	@avass: Travis does not have that but GitHub Actions do	13:39
corvus	avass, webknjaz: are you suggesting that we have a check suite consisting of the jobs "pep8, py27, check" and the check job is a meta-job which reports whether all the jobs in the check pipeline passed. then add a "gate" meta-job which gets added if all the jobs in the gate pipeline pass?	13:41
openstackgerrit	zbr proposed zuul/zuul master: Enable display of dnf/yum failures inside console https://review.opendev.org/734833	13:42
avass	something along those lines	13:42
corvus	zbr: i'm all for accomodating folks that want to use zuul as advisory, however we can't do that at the expense of zuul's primary mission: to be a project gating system. so we have to support the gating workflow if people want to upgrade to it.	13:44
webknjaz	@corvus: yes, that's what I want. Plus there was a proposal in the past to make it toggleable so that folks could choose	13:44
webknjaz	If there's multiple pipelines in Zuul, it could use prefixes for check names too	13:45
corvus	webknjaz: makes sense	13:45
corvus	webknjaz: do you think you could write up a description of that and send it to the zuul-discuss list? it sounds like there may be a solution there, but it's going to require some detailed thought and the ml is better for getting all our github experts looking at it.	13:45
webknjaz	Where's that list?	13:46
webknjaz	I'll try	13:46
corvus	webknjaz: http://lists.zuul-ci.org/cgi-bin/mailman/listinfo/zuul-discuss	13:46
webknjaz	👍	13:47
*** mach1na has quit IRC		13:55
*** mach1na has joined #zuul		13:56
*** mach1na has quit IRC		13:56
*** mach1na has joined #zuul		13:56
openstackgerrit	zbr proposed zuul/zuul master: Consolidated javascript identation https://review.opendev.org/749702	14:02
*** bhavikdbavishi has quit IRC		14:05
*** bhavikdbavishi has joined #zuul		14:06
openstackgerrit	zbr proposed zuul/zuul-jobs master: Update ensure-docker for new releases https://review.opendev.org/752630	14:06
*** bhavikdbavishi has quit IRC		14:13
*** saneax has quit IRC		14:19
*** saneax has joined #zuul		14:20
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Move management and result events to model https://review.opendev.org/761163	14:29
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of management events https://review.opendev.org/761164	14:29
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of result events https://review.opendev.org/761165	14:29
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Add missing fields in driver trigger event models https://review.opendev.org/761166	14:29
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of trigger events https://review.opendev.org/761167	14:29
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Interface to get a driver's trigger event class https://review.opendev.org/761168	14:29
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Clear list of Zookeeper connections after tests https://review.opendev.org/761169	14:29
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper backed event queues https://review.opendev.org/761170	14:29
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper event watcher https://review.opendev.org/761171	14:29
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Switch to Zookeeper backed trigger event queues https://review.opendev.org/761172	14:29
*** Goneri has joined #zuul		14:36
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper backed event queues https://review.opendev.org/761170	14:39
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper event watcher https://review.opendev.org/761171	14:39
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Switch to Zookeeper backed trigger event queues https://review.opendev.org/761172	14:39
openstackgerrit	zbr proposed zuul/zuul-jobs master: POC: Force color support in ansible-lint https://review.opendev.org/761175	14:48
*** stevthedev has quit IRC		14:54
*** stevthedev has joined #zuul		14:55
zbr	avass: please +W again https://review.opendev.org/#/c/752630/ -- failed to merge last time.	14:57
*** masterpe has quit IRC		14:57
*** Eighth_Doctor has quit IRC		14:59
*** mordred has quit IRC		15:00
*** decimuscorvinus has quit IRC		15:00
*** decimuscorvinus has joined #zuul		15:04
clarkb	tristanC: aiui there is no published consistent dovumented default	15:17
*** sanjayu_ has joined #zuul		15:21
*** hashar is now known as hasharOut		15:22
tristanC	clarkb: would you know when it is not 0755 or 0644 ?	15:23
clarkb	I dont think 755 or 644 is docimented anywhere?	15:24
*** saneax has quit IRC		15:24
clarkb	I would respond with when is it 644 or 755? and is that documented?	15:24
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of management events https://review.opendev.org/761164	15:24
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of result events https://review.opendev.org/761165	15:24
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Add missing fields in driver trigger event models https://review.opendev.org/761166	15:24
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of trigger events https://review.opendev.org/761167	15:24
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Interface to get a driver's trigger event class https://review.opendev.org/761168	15:24
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Clear list of Zookeeper connections after tests https://review.opendev.org/761169	15:24
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper backed event queues https://review.opendev.org/761170	15:24
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper event watcher https://review.opendev.org/761171	15:24
openstackgerrit	Simon Westphahl proposed zuul/zuul master: Switch to Zookeeper backed trigger event queues https://review.opendev.org/761172	15:24
tristanC	well it seems to be the case when testing locally	15:24
mhu	hello zuul-maint, here are a few patches that are ready for a final +3: https://review.opendev.org/#/c/728118/ https://review.opendev.org/#/c/751312/ https://review.opendev.org/#/c/754103/ https://review.opendev.org/#/c/755519/	15:25
clarkb	tristanC: I think at one point we theorized it may be umask relatrd	15:25
openstackgerrit	zbr proposed zuul/zuul master: Enable ANSI rendering via react-ansi https://review.opendev.org/739444	15:25
*** vorotech has quit IRC		15:27
tristanC	clarkb: if that's the case, shouldn't we let umask take over?	15:27
openstackgerrit	Merged zuul/zuul-jobs master: Update ensure-docker for new releases https://review.opendev.org/752630	15:27
clarkb	tristanC: not necessarily as it can be variable and inapplocable to certain scenarios	15:28
clarkb	I think being explicit is the right choice for most situations	15:28
clarkb	there are cases whereit doesnt make senselike extracting tarballs	15:29
zbr	tristanC: when ansible_user is different than become_user you can easily get very weird file modes, due to the way ansible transports the files. the final outcome is that umode is not the one from the become user but the one from ansible users.	15:29
tristanC	zbr: you mean file owner?	15:30
zbr	i do remember reading several long ansible bugs few months back, and the conclusion was to be explicit unless you want surprises.	15:30
zbr	very hard to identify surprises	15:30
zbr	file owner is fixed by ansible, the issue is around file mode.	15:31
zbr	for mode is more complex than chown, which sorts ownership.	15:31
*** Eighth_Doctor has joined #zuul		15:32
zbr	until Ansible team will document default file modes, i will strongly support explicit modes.	15:33
tristanC	zbr: shouldn't we wait for a fix upstream instead of adding explicit default everywhere? Do we have a reproducer where 0755/0644 is not used by default?	15:38
zbr	tristanC: you are welcomed to read the entire collection of issues: https://github.com/ansible/ansible/pulls?q=CVE-2020-1736	15:41
zbr	the doc update is already 28 days old, not sure what to wait for,	15:41
*** mordred has joined #zuul		15:41
zbr	But https://github.com/ansible/ansible/pull/71516/files should be a strong enough motivation.	15:42
zbr	look at the 3rd file recomandation.	15:43
*** mordred has quit IRC		15:47
*** Eighth_Doctor has quit IRC		15:47
zbr	tristanC: i just got confirmation from ansible core team that https://github.com/ansible/ansible/issues/67794 is still open.	15:47
tristanC	zbr: that seems to indicate the default is indeed world readable	15:49
zbr	can != always does, also default is still not documented.	15:50
tristanC	zbr: but when is this not the case?	15:50
tristanC	zbr: reading through the issues you linked, it seems like the issue is the otherway around where non world readable setting where incorrectly set	15:52
tristanC	zbr: having a playbook that demonstrates how the default world readable mode is not set would be help to justify why mode needs to be explicitly defined	15:55
*** bhavikdbavishi has joined #zuul		15:56
*** Eighth_Doctor has joined #zuul		15:57
clarkb	ya I think the biggest issue here is ansible doesn't actually state a default or expectation around this stuff and has changed the behavior in the past	15:59
clarkb	as a result it is better to be explicit where we can be	16:00
clarkb	what is the downside to being explicit?	16:00
tristanC	clarkb: there more than 70 mode missing in zuul-jobs	16:02
clarkb	tristanC: and if ansible changes the behavior again many of them will likely break? seems worthwhile to do what we can to mitigate against that?	16:04
*** mach1na has quit IRC		16:06
*** sanjayu_ has quit IRC		16:13
*** sanjayu_ has joined #zuul		16:13
*** masterpe has joined #zuul		16:15
*** mordred has joined #zuul		16:15
*** mach1na has joined #zuul		16:20
*** vorotech has joined #zuul		16:21
*** mach1na has quit IRC		16:31
*** sanjayu_ has quit IRC		16:37
zbr	https://review.opendev.org/#/c/761090/ brings the remaining to 56 - few more and we are done.	16:45
mnaser	i'm having job failures with ensure-package-repositories due to the fact that gnupg is missing from my (slim) image	16:46
*** mach1na has joined #zuul		16:46
*** rpittau is now known as rpittau\|afk		16:46
mnaser	would it make sense to install that inside the ensure-package-repositories role?	16:46
clarkb	mnaser: we add it into our image	16:46
clarkb	and I think there is a change to add it to the dib minimal stuff	16:46
mnaser	clarkb: right -- i'm just wondering if this follows the push towards "empty base image" stuff that was being driven	16:47
clarkb	no this is a weird debian thing	16:48
clarkb	they've baked in enough gpg stuff to not need the dep by default, but then if you try to use certain commands it breaks	16:48
clarkb	there are ways to deal with that by copying the ascii armored files manually or something	16:49
*** saneax has joined #zuul		16:49
openstackgerrit	zbr proposed zuul/zuul master: Enable optional pre-wrapping on console and output https://review.opendev.org/723603	16:49
avass	mnaser: I'd say that it should	16:49
clarkb	well I think the real fix is using those workarounds	16:50
clarkb	rather than depending on gpg properly	16:50
clarkb	fungi: ^ you probably know off the top of your head what the details are	16:50
mnaser	i mean in that case we'd have to fix the ensure-nodejs role (and likely many others)	16:50
mnaser	i think we have to do some stuff offline then we can download the file staright to trusted.gpg.d	16:50
mnaser	but i think as long as we use the apt_key module, we'll need gnupg	16:51
clarkb	right stop using apt_key then is what I'm suggesting	16:51
clarkb	since that is what debian wants you to do	16:51
mnaser	http://codesearch.openstack.org/?q=repositories_keys&i=nope&files=&repos=	16:52
openstackgerrit	zbr proposed zuul/zuul-jobs master: Make .sh browsable on swift logs https://review.opendev.org/731795	16:53
mnaser	so i guess we'll have to get rid of those and change the behaviour of ensure-package-repositories .. or ensure that gnupg is installed and flow through the existing setup	16:53
clarkb	you don't have to get rid of them entirely you just have to copy the file into the correct spot as debian wants you to aiui	16:53
clarkb	rather than use the gpg tooling that needs the pacakge	16:53
clarkb	(my only concern with adding the package is that debian seems to be saying you shouldn't do it that way anymore)	16:54
mnaser	you actually have to transform that file before you drop it into trusted.gpg.d	16:54
*** vorotech has quit IRC		16:54
clarkb	I don't think so with modern debian	16:54
clarkb	which is why they dropped the dep	16:54
clarkb	old debian yes	16:54
zbr	zuul-maint: https://review.opendev.org/#/c/723837/ -- just say it if you do not find it useful, i will abandon it. even negative feedback is better than none.	16:55
avass	mnaser: this gives some information https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851774	16:56
openstack	Debian bug 851774 in apt-setup-udeb "Stop using apt-key add to add keys in generators/60local" [Serious,Fixed]	16:56
zbr	the idea was to make it easier for new folks to make small contributions to zuul, without having to read a lot of docs about how to run/test different parts.	16:56
*** vorotech has joined #zuul		16:56
*** vorotech has quit IRC		16:56
corvus	zbr: you may find https://review.opendev.org/88698 interesting	16:56
*** mach1na has quit IRC		16:57
fungi	mnaser: clarkb: yeah, see the "SUPPORTED KEYRING FILES" section of the apt-key manpage but on newer debian versions (those with apt 1.4 or newer) you can stick ascii-armored keys into /etc/apt/trusted.gpg.d	16:57
zbr	corvus: another change stuck in time intead of being abandoned.	16:57
mnaser	ok so i guess we can replace the apt_key by get_url or whatever	16:57
tobiash	I guess if we want a makefile we should go with the new version instead of the 2014 version	16:58
avass	I think so	16:58
fungi	if you're using an older version of apt you have to use gpg's binary export format for files in there	16:58
mnaser	stretch seems to have apt 1.4	16:58
zbr	I do not fancy Makefiles themselves, but usually you do not need to touch them.	16:58
mnaser	bionic is 1.6	16:58
mnaser	xenial is the only fail at 1.2	16:59
fungi	yeah, for those something needs to import the .asc keyfile into a gpg keyring and then export it in binary format to put in /etc/apt/trusted.gpg.d	16:59
fungi	(for xenial)	16:59
mnaser	xenial has only a few months on its timeline..	17:00
fungi	indeed. eol ~april 2021 i think?	17:00
zbr	i really wish to see zuul cores starting to press the abandon button on changes, abandon is not "delete".	17:00
*** hamalq has joined #zuul		17:01
*** bhavikdbavishi has quit IRC		17:01
tobiash	I usually hesitate to press the abandon button on changes that are now owned by me	17:01
tobiash	s/now/not	17:01
mnaser	honestly though this seems like a lot of extra work and testing and potentially breakages vs	17:03
mnaser	installing gnupg if it's not there :(	17:03
*** bhavikdbavishi has joined #zuul		17:03
avass	tobiash: yeah the abandon button equals the 'remove from memory' button for me	17:03
avass	oh I read something else nvm :)	17:04
*** mach1na has joined #zuul		17:04
mnaser	cause its easy to workaround for the downloadable keys	17:04
mnaser	but then now we have no structure for zuul imported keys on what the file name should be	17:05
mnaser	because it is possible that it is only "data"	17:05
zbr	i found an interesting change about splitting stdout/stderr. https://review.opendev.org/#/c/650276/10 - should we refresh it?	17:08
zbr	i personally find very useful to have stdout/stderr separated.	17:09
openstackgerrit	Mohammed Naser proposed zuul/zuul-jobs master: Install gnupg if keys need to be imported https://review.opendev.org/761201	17:10
mnaser	^ this is what i can 'afford' to fix in terms of my time constraints :\	17:11
mnaser	if that's not ok, ill go update our images to add gnupg -- i don't have time now to rewrite our usage of apt_key	17:11
avass	I'm fine with that until there's a better solution	17:13
clarkb	ya I won't -1 such a solution. I just think we should be careful relying on the old deprecated expecations of tools	17:14
*** jcapitao has quit IRC		17:15
clarkb	zbr: I seem to recall the concerns with that is we can't stream it that way or something?	17:15
clarkb	zbr: so its better to be consistent with the stream and the recording?	17:15
clarkb	(sort of related google says github's parsing of stdout is a problem. Something we should be wary of)	17:15
avass	someone forgot "Don't cross the streams" heh ;)	17:16
zbr	i observed that recently github stopped showing output in real time, now it displays output only after each run did run (task, not entire job).	17:16
avass	I don't think we want to stop showing output in real time if that's what you mean	17:18
zbr	the stream crossing is a tricky bit, once that made me do https://pypi.org/project/subprocess-tee a week ago.	17:18
zbr	i do not see any comment on the review regarding that aspect.	17:19
clarkb	I think it came up in conversation here (don't knwo if there was a change at that point?)	17:20
*** sshnaidm\|rover is now known as sshnaidm\|afk		17:22
zbr	i see that current implementation does not use asyncio so likely to have some undersired side effects	17:23
clarkb	also I think the ansible console splits them?	17:23
clarkb	so they are already separately readable if necessary	17:24
zbr	ansible does not care about that, it does not stream.	17:24
clarkb	yes, this is not for the streaming aspect	17:24
clarkb	this is when the job is completed	17:24
zbr	ansible produces output on both, and you can control where do tasks go, you can opt-in for stderr if you want.	17:25
zbr	basically you can tell ansible to send everything to stderr if you want.	17:25
zbr	but default behavior is to send only warnings to stderr, if i recall well.	17:25
zbr	quite useful if you want to identify them or if you use a output callback that is machine parseable.	17:26
*** sanjayu_ has joined #zuul		17:26
*** saneax has quit IRC		17:27
zbr	downside of split stderr is that you may get runtime warnings that you have no clue from which tasks they are are origination from.	17:27
zbr	still, i found that subprocess-tee was able to produce good console output (combined) while capturing output separated, so it did not affect me.	17:28
*** sanjayu_ has quit IRC		17:33
*** sanjayu_ has joined #zuul		17:33
* zbr got enough for today, see you tomorrow.		17:34
*** armstrongs has joined #zuul		17:37
*** mach1na has quit IRC		17:41
*** bhavikdbavishi has quit IRC		17:48
*** nils has quit IRC		17:56
*** tosky has quit IRC		17:57
*** saneax has joined #zuul		18:04
*** sanjayu_ has quit IRC		18:06
*** wuchunyang has joined #zuul		18:11
*** wuchunyang has quit IRC		18:16
*** hamalq has quit IRC		18:27
*** hamalq has joined #zuul		18:27
*** arxcruz has quit IRC		18:28
*** jpena is now known as jpena\|off		18:33
*** ianw_pto is now known as ianw		18:59
*** vishalmanchanda has quit IRC		19:02
*** saneax has quit IRC		19:24
*** arxcruz has joined #zuul		19:28
*** armstrongs has quit IRC		19:30
*** zenkuro has quit IRC		19:53
*** wuchunyang has joined #zuul		20:12
*** zenkuro has joined #zuul		20:14
*** wuchunyang has quit IRC		20:17
*** zenkuro has quit IRC		20:19
*** zenkuro has joined #zuul		20:19
*** zenkuro has quit IRC		20:26
*** tosky has joined #zuul		20:27
*** zenkuro has joined #zuul		20:27
openstackgerrit	Merged zuul/zuul-jobs master: Install gnupg if keys need to be imported https://review.opendev.org/761201	20:30
*** AshBullock has joined #zuul		20:35
pabelanger	is statsd / graphite / grafana still the best way to render zuul stats?	21:07
pabelanger	or is there a simpler way	21:07
corvus	pabelanger: i don't think anything has changed there (if you have a prometheus, it's worth discussing options, but setting up a promethus and exporters if you don't already have one is likely not simpler)	21:12
*** hasharOut is now known as hashar		21:12
pabelanger	yah, no prometheus	21:12
pabelanger	basically, need to get some basic metrics out of zuul, I've never setup statsd / graphite / grafana and was looking for something less work	21:13
pabelanger	I have to answer the question of 'how many jobs a day' do we run	21:13
pabelanger	and realize that is much harder with out that stack	21:14
corvus	pabelanger: if it's a one-off request you could grep logs; otherwise, yeah, statsd/graphite. grafana is optional, it just makes it prettier but you can get graphs or numbers from graphite directly.	21:15
openstackgerrit	Clark Boylan proposed zuul/nodepool master: Have nodepool scan as many ssh host keys as possible https://review.opendev.org/761229	21:16
clarkb	fungi: corvus ^ thats the result of my poking around at paramiko after the discussion in #openstack-infra	21:16
clarkb	I hvaen't actually tested that yet, but I think something along those lines is what we want	21:16
corvus	pabelanger: they're both pretty easy to set up. grab the graphite rollup config file from opendev. otherwise, can probably just run from os packages.	21:17
pabelanger	clarkb: HA, i just enabled FIPs mode in centos	21:17
pabelanger	I did it by disabling hostkey generation in DIB	21:17
clarkb	pabelanger: it should be fine if you enable it in the bsae image since nodepool will see the valid keys from the start	21:17
clarkb	but if you enable it after nodepool has done the scan paramiko grabs the wrong key type by default	21:17
clarkb	then ansible fails to ssh after that	21:17
pabelanger	clarkb: yah, I did the following: https://github.com/ansible-network/windmill-config/blob/master/nodepool/elements/nodepool-base/finalise.d/89-sshd-keygen / https://github.com/ansible-network/windmill-config/blob/master/nodepool/elements/nodepool-base/sshd-keygen.target	21:18
pabelanger	and fixes it	21:18
pabelanger	but only enables ecdsa	21:18
pabelanger	I think the issue becomes, on zuul side, how to pick the right SSH key for inventory file	21:19
pabelanger	I thought about exposing ssh_type setting in nodepool.yaml or something	21:19
clarkb	well we appear to write an entire known hosts file	21:19
clarkb	so it can set all the key types I think	21:19
clarkb	which is what my change is trying to achieve	21:20
pabelanger	k	21:20
clarkb	then when the new ssh connection gets an ecdsa instead of an ed25519 back it can verify that	21:20
pabelanger	I have to still update add-build-sshkey role to allow for different type of keys, today we hardcode rsa	21:20
pabelanger	corvus: thanks for info	21:21
corvus	pabelanger: gl	21:21
clarkb	really the worst part about it is that the public api for getting the list of keys that will be used requires you to construct a connection almost	21:22
clarkb	which makes error handling iffy	21:22
pabelanger	https://github.com/ansible/ansible-zuul-jobs/pull/668 is my experiment with FIPs, had to update grub config since command didn't	21:23
*** rfolco has quit IRC		21:24
*** rfolco has joined #zuul		21:24
*** ChanServ has quit IRC		21:26
*** rfolco has quit IRC		21:29
*** ChanServ has joined #zuul		21:32
*** tepper.freenode.net sets mode: +o ChanServ		21:32
*** AshBullock has quit IRC		21:43
tristanC	pabelanger: for 'how many jobs a day' you can also query the database, for example we run this https://softwarefactory-project.io/cgit/software-factory/sf-config/tree/ansible/roles/sf-install-server/files/status-page-update.py script daily to create https://softwarefactory-project.io/status/	21:52
corvus	tristanC: good point; though that may miss some aborted jobs (but maybe that's okay for pabelanger's purpose)	21:55
fungi	we did get the data into the statsd emitters to be able to gauge build durations now too right?	21:58
fungi	so you can do node*hour calculations for specific jobs and whatnot?	21:59
pabelanger	tristanC: thanks, that might be good enough for right now	22:01
*** hashar has quit IRC		22:01
tristanC	corvus: pabelanger: that's not ideal and we are looking forward replacing this by prometheus metrics, but that is a lot more complicated	22:04
pabelanger	++	22:04
pabelanger	for now, I just need some aprox numbers	22:04
pabelanger	tristanC: which version of patternfly is that dev'd with?	22:10
*** holser has quit IRC		22:10
pabelanger	using 3.24.0 seem the colapse / expand isn't working	22:10
pabelanger	oh	22:10
pabelanger	missing js files	22:10
*** holser has joined #zuul		22:11
tristanC	pabelanger: the css and scripts are hardcoded for https://softwarefactory-project.io/cgit/software-factory/sf-web-assets-distgit/tree/sf-web-assets.spec	22:12
tristanC	prometheus works great for us, but it's tricky to scrap zuul statsd based metric, so we only use it to monitor a few metrics: https://prometheus.monitoring.softwarefactory-project.io/prometheus/alerts	22:15
pabelanger	tristanC: okay, this will work well for starting point and give me time to setup proper solution	22:16
pabelanger	tyty	22:17
tristanC	pabelanger: you're welcome :)	22:17
pabelanger	tristanC: care to host my instance :)	22:17
pabelanger	I'll just dump data to it	22:17
tristanC	pabelanger: unfortunately zuul doesn't expose a /metric endpoint, so you would still have to setup a custom exporter...	22:24
openstackgerrit	Ashley Bullock proposed zuul/zuul master: Add initial bitbucket cloud driver using webhooks https://review.opendev.org/759003	22:25
tristanC	(prometheus doesn't listen, it polls metric from services)	22:25
*** tosky has quit IRC		23:01
openstackgerrit	Merged zuul/zuul master: Warn user when dynamic layout ignores zuul config https://review.opendev.org/720249	23:12

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!