*** smyers has quit IRC | 00:08 | |
*** smyers has joined #zuul | 00:09 | |
*** tosky has quit IRC | 00:26 | |
*** hamalq has quit IRC | 01:41 | |
*** ianychoi has quit IRC | 03:00 | |
*** bhavikdbavishi has joined #zuul | 03:06 | |
*** bhavikdbavishi1 has joined #zuul | 03:09 | |
*** bhavikdbavishi has quit IRC | 03:10 | |
*** bhavikdbavishi1 is now known as bhavikdbavishi | 03:10 | |
*** ianychoi has joined #zuul | 03:21 | |
*** zenkuro has quit IRC | 03:36 | |
*** wuchunyang has quit IRC | 03:39 | |
*** smyers has quit IRC | 03:47 | |
*** smyers has joined #zuul | 03:49 | |
*** bhavikdbavishi has quit IRC | 04:28 | |
*** bhavikdbavishi has joined #zuul | 04:29 | |
*** saneax has joined #zuul | 05:06 | |
*** evrardjp has quit IRC | 05:33 | |
*** evrardjp has joined #zuul | 05:33 | |
*** bhavikdbavishi1 has joined #zuul | 06:32 | |
*** bhavikdbavishi has quit IRC | 06:33 | |
*** bhavikdbavishi1 is now known as bhavikdbavishi | 06:33 | |
*** bhavikdbavishi1 has joined #zuul | 06:48 | |
*** bhavikdbavishi has quit IRC | 06:50 | |
*** bhavikdbavishi1 is now known as bhavikdbavishi | 06:50 | |
*** bhavikdbavishi has quit IRC | 06:58 | |
*** vorotech has joined #zuul | 07:03 | |
*** vishalmanchanda has joined #zuul | 07:23 | |
*** mach1na has joined #zuul | 07:23 | |
*** bhavikdbavishi has joined #zuul | 07:25 | |
*** bhavikdbavishi1 has joined #zuul | 07:27 | |
*** bhavikdbavishi has quit IRC | 07:29 | |
*** bhavikdbavishi1 is now known as bhavikdbavishi | 07:29 | |
*** vorotech has quit IRC | 07:42 | |
*** vorotech has joined #zuul | 07:54 | |
*** vorotech has quit IRC | 07:57 | |
*** vorotech has joined #zuul | 08:01 | |
*** mach1na has quit IRC | 08:01 | |
*** hashar has joined #zuul | 08:03 | |
*** jcapitao has joined #zuul | 08:05 | |
*** fbo|off is now known as fbo | 08:14 | |
*** rpittau|afk is now known as rpittau | 08:19 | |
*** frenzyfriday has joined #zuul | 08:29 | |
*** vorotech has quit IRC | 08:35 | |
*** mach1na has joined #zuul | 08:38 | |
*** mach1na has joined #zuul | 08:39 | |
*** tosky has joined #zuul | 08:40 | |
*** vorotech has joined #zuul | 08:40 | |
*** mach1na has quit IRC | 08:49 | |
*** jpena|off is now known as jpena | 08:56 | |
openstackgerrit | zbr proposed zuul/zuul-jobs master: More E208 fixes https://review.opendev.org/761090 | 08:56 |
---|---|---|
*** mach1na has joined #zuul | 09:01 | |
*** bhavikdbavishi has quit IRC | 09:06 | |
*** frenzyfriday has quit IRC | 09:44 | |
*** sshnaidm|afk is now known as sshnaidm|rover | 09:56 | |
openstackgerrit | zbr proposed zuul/zuul-jobs master: More E208 fixes https://review.opendev.org/761090 | 10:05 |
tobiash | avass: commented on the nimble roles | 10:10 |
avass | tobiash: reasonable, I'll update later | 10:13 |
tobiash | clarkb: replied on https://review.opendev.org/720249 | 10:24 |
webknjaz | Anybody wants to advertise Zuul to pip? https://github.com/pypa/pip/issues/7279 | 10:44 |
*** mach1na has quit IRC | 10:53 | |
*** mach1na has joined #zuul | 10:58 | |
*** bhavikdbavishi has joined #zuul | 11:21 | |
*** bhavikdbavishi1 has joined #zuul | 11:28 | |
*** bhavikdbavishi has quit IRC | 11:30 | |
*** bhavikdbavishi1 is now known as bhavikdbavishi | 11:30 | |
*** jcapitao is now known as jcapitao_lunch | 11:36 | |
avass | webknjaz: taht would have been cool. I still don't understand what people don't like about the UX, I keep seeing complaints that it's 'bad' but I haven't seen any specifics on what's bad about it | 11:44 |
avass | webknjaz: oh, looking a zbr's reply I guess that's because I'm using gerrit. That zuul only reports a single check for github is _slightly_ annoying | 11:52 |
zbr | i think that pabelanger was involved with github integration but I am sure that webknjaz could be able to extend it to make it appear as multiple checks. | 11:54 |
zbr | i never touched that integration. | 11:54 |
zbr | avass: here is a hint, zuul still fails to render ANSI. my changes failed to merge. | 11:55 |
avass | I don't think you could since zuul only reports once for each buildset | 11:55 |
zbr | i do understand why some people complain about zuul UI, that was the reasons why i tried to improve the UX. | 11:55 |
zbr | hmm, better to wait for input from those that know the internals | 11:56 |
zbr | clearlty there is a way to query in progress builds, the js extension for gerrit is still working | 11:56 |
zbr | it may not push the status, but you clearly can query its progress. | 11:57 |
avass | If you can do that in github then it should work I guess | 11:57 |
zbr | i am sure they would not allow you to write javascript that runs on their servers. | 11:57 |
avass | :) | 11:57 |
*** rfolco has joined #zuul | 12:00 | |
*** vorotech has quit IRC | 12:00 | |
*** nils has joined #zuul | 12:01 | |
*** mach1na has quit IRC | 12:05 | |
*** vorotech has joined #zuul | 12:09 | |
tobiash | avass, zbr: it's one check for a very good reason which is also explained here: https://zuul-ci.org/docs/zuul/discussion/github-checks-api.html#design-decisions | 12:10 |
avass | makes sense to me | 12:14 |
*** vorotech has quit IRC | 12:20 | |
*** vorotech has joined #zuul | 12:21 | |
*** rlandy has joined #zuul | 12:26 | |
*** jcapitao_lunch is now known as jcapitao | 12:27 | |
*** vorotech has quit IRC | 12:31 | |
*** jpena is now known as jpena|lunch | 12:32 | |
*** vorotech has joined #zuul | 12:36 | |
zbr | clearly a good source of information but i am not fully convinced | 12:44 |
zbr | it assumes user would want to use zuul for both check/gate for example | 12:44 |
zbr | avass: see https://github.com/ansible/ansible-lint/pull/1089 -- clarkb mentioned it yesterday. | 12:49 |
avass | zbr: lgtm | 12:52 |
*** mach1na has joined #zuul | 13:02 | |
tristanC | zbr: looking at the "208 mode fixes" changes, it seems like we mostly make the default mode explicit, what is wrong with omitting the default, isn't ansible always using 755/644 ? | 13:04 |
avass | tristanC: ++ | 13:04 |
avass | I would guess it came from ansible changing the default mode, but since that was fixed I'm not sure if we want it to be this verbose | 13:05 |
tristanC | avass: yeah, i'd like to understand what is the reasoning, it seems like in some situation the default behavior would be unexpected, but i have yet to find an example of such situation... | 13:06 |
webknjaz | @avass: I think that "bad UX" mostly means that it brings a lot of unfamiliar stuff to the world outside of the openstack bubble + yes the GH integration could be better. | 13:19 |
webknjaz | @zbr: I proposed expanding the checks properly in this channel some time ago but people couldn't agree on how it should work | 13:20 |
webknjaz | @avass: one of the differences in, as zbr said, ANSI in logs. That is something that is native to all the other CIs people use. Of course, folks would consider it a bad UX | 13:22 |
openstackgerrit | zbr proposed zuul/zuul master: Enable ANSI rendering via react-ansi https://review.opendev.org/739444 | 13:25 |
webknjaz | @tobiash: as I mentioned before, that problem with checks is solvable by reporting a static check for gate and mapping the rest as usual. This is what would be considered native to the GH bubble | 13:25 |
corvus | webknjaz: can you elaborate on that? what do you mean by "static check for gate"? | 13:27 |
zbr | webknjaz: my initial ANSI patch is likely more than year old but a complete rewrite is still open at https://review.opendev.org/#/c/739444/ and seems to find a hard time getting reviews. | 13:29 |
zbr | a problem tobiash reported yesterday, lack of core reviews. | 13:29 |
avass | zbr: that change doesn't look too hard to review, you don't happen to have en example to link whenver it's done building? | 13:30 |
webknjaz | @corvus: I meant a static name | 13:30 |
avass | webknjaz: I guess that's what we got for github at the moment, but it would report each job separately as well | 13:31 |
*** jpena|lunch is now known as jpena | 13:32 | |
zbr | having each job separated would be a benefit for github users using zuul as a 3rd party ci (not primary one) | 13:32 |
zbr | and while this seems bit outside the original zuul design, we should realise that this is the most likely way someone using github would want to try it. | 13:33 |
corvus | webknjaz: i still don't understand your suggestion | 13:33 |
corvus | webknjaz: i may need it spelled out with more words | 13:34 |
corvus | "Most importantly, there can only be one check suite per commit SHA, per app." that seems key. how would one solve that? | 13:35 |
avass | I think I need a betteer explanation what "one check suite" means | 13:37 |
avass | what I believe travis does is it has one check for each 'job' and one that reports if all of them has passed (webknjaz can probably correct me here) | 13:38 |
avass | which is what zuul could do | 13:38 |
corvus | avass: explained in the first pgraph at https://zuul-ci.org/docs/zuul/discussion/github-checks-api.html#design-decisions and further if you follow the first link there | 13:38 |
*** zenkuro has joined #zuul | 13:39 | |
avass | corvus: reading | 13:39 |
webknjaz | @avass: Travis does not have that but GitHub Actions do | 13:39 |
corvus | avass, webknjaz: are you suggesting that we have a check suite consisting of the jobs "pep8, py27, check" and the check job is a meta-job which reports whether all the jobs in the check pipeline passed. then add a "gate" meta-job which gets added if all the jobs in the gate pipeline pass? | 13:41 |
openstackgerrit | zbr proposed zuul/zuul master: Enable display of dnf/yum failures inside console https://review.opendev.org/734833 | 13:42 |
avass | something along those lines | 13:42 |
corvus | zbr: i'm all for accomodating folks that want to use zuul as advisory, however we can't do that at the expense of zuul's primary mission: to be a project gating system. so we have to support the gating workflow if people want to upgrade to it. | 13:44 |
webknjaz | @corvus: yes, that's what I want. Plus there was a proposal in the past to make it toggleable so that folks could choose | 13:44 |
webknjaz | If there's multiple pipelines in Zuul, it could use prefixes for check names too | 13:45 |
corvus | webknjaz: makes sense | 13:45 |
corvus | webknjaz: do you think you could write up a description of that and send it to the zuul-discuss list? it sounds like there may be a solution there, but it's going to require some detailed thought and the ml is better for getting all our github experts looking at it. | 13:45 |
webknjaz | Where's that list? | 13:46 |
webknjaz | I'll try | 13:46 |
corvus | webknjaz: http://lists.zuul-ci.org/cgi-bin/mailman/listinfo/zuul-discuss | 13:46 |
webknjaz | 👍 | 13:47 |
*** mach1na has quit IRC | 13:55 | |
*** mach1na has joined #zuul | 13:56 | |
*** mach1na has quit IRC | 13:56 | |
*** mach1na has joined #zuul | 13:56 | |
openstackgerrit | zbr proposed zuul/zuul master: Consolidated javascript identation https://review.opendev.org/749702 | 14:02 |
*** bhavikdbavishi has quit IRC | 14:05 | |
*** bhavikdbavishi has joined #zuul | 14:06 | |
openstackgerrit | zbr proposed zuul/zuul-jobs master: Update ensure-docker for new releases https://review.opendev.org/752630 | 14:06 |
*** bhavikdbavishi has quit IRC | 14:13 | |
*** saneax has quit IRC | 14:19 | |
*** saneax has joined #zuul | 14:20 | |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Move management and result events to model https://review.opendev.org/761163 | 14:29 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of management events https://review.opendev.org/761164 | 14:29 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of result events https://review.opendev.org/761165 | 14:29 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Add missing fields in driver trigger event models https://review.opendev.org/761166 | 14:29 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of trigger events https://review.opendev.org/761167 | 14:29 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Interface to get a driver's trigger event class https://review.opendev.org/761168 | 14:29 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Clear list of Zookeeper connections after tests https://review.opendev.org/761169 | 14:29 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper backed event queues https://review.opendev.org/761170 | 14:29 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper event watcher https://review.opendev.org/761171 | 14:29 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Switch to Zookeeper backed trigger event queues https://review.opendev.org/761172 | 14:29 |
*** Goneri has joined #zuul | 14:36 | |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper backed event queues https://review.opendev.org/761170 | 14:39 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper event watcher https://review.opendev.org/761171 | 14:39 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Switch to Zookeeper backed trigger event queues https://review.opendev.org/761172 | 14:39 |
openstackgerrit | zbr proposed zuul/zuul-jobs master: POC: Force color support in ansible-lint https://review.opendev.org/761175 | 14:48 |
*** stevthedev has quit IRC | 14:54 | |
*** stevthedev has joined #zuul | 14:55 | |
zbr | avass: please +W again https://review.opendev.org/#/c/752630/ -- failed to merge last time. | 14:57 |
*** masterpe has quit IRC | 14:57 | |
*** Eighth_Doctor has quit IRC | 14:59 | |
*** mordred has quit IRC | 15:00 | |
*** decimuscorvinus has quit IRC | 15:00 | |
*** decimuscorvinus has joined #zuul | 15:04 | |
clarkb | tristanC: aiui there is no published consistent dovumented default | 15:17 |
*** sanjayu_ has joined #zuul | 15:21 | |
*** hashar is now known as hasharOut | 15:22 | |
tristanC | clarkb: would you know when it is not 0755 or 0644 ? | 15:23 |
clarkb | I dont think 755 or 644 is docimented anywhere? | 15:24 |
*** saneax has quit IRC | 15:24 | |
clarkb | I would respond with when is it 644 or 755? and is that documented? | 15:24 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of management events https://review.opendev.org/761164 | 15:24 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of result events https://review.opendev.org/761165 | 15:24 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Add missing fields in driver trigger event models https://review.opendev.org/761166 | 15:24 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Allow (de-)serialization of trigger events https://review.opendev.org/761167 | 15:24 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Interface to get a driver's trigger event class https://review.opendev.org/761168 | 15:24 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Clear list of Zookeeper connections after tests https://review.opendev.org/761169 | 15:24 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper backed event queues https://review.opendev.org/761170 | 15:24 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Implementation of Zookeeper event watcher https://review.opendev.org/761171 | 15:24 |
openstackgerrit | Simon Westphahl proposed zuul/zuul master: Switch to Zookeeper backed trigger event queues https://review.opendev.org/761172 | 15:24 |
tristanC | well it seems to be the case when testing locally | 15:24 |
mhu | hello zuul-maint, here are a few patches that are ready for a final +3: https://review.opendev.org/#/c/728118/ https://review.opendev.org/#/c/751312/ https://review.opendev.org/#/c/754103/ https://review.opendev.org/#/c/755519/ | 15:25 |
clarkb | tristanC: I think at one point we theorized it may be umask relatrd | 15:25 |
openstackgerrit | zbr proposed zuul/zuul master: Enable ANSI rendering via react-ansi https://review.opendev.org/739444 | 15:25 |
*** vorotech has quit IRC | 15:27 | |
tristanC | clarkb: if that's the case, shouldn't we let umask take over? | 15:27 |
openstackgerrit | Merged zuul/zuul-jobs master: Update ensure-docker for new releases https://review.opendev.org/752630 | 15:27 |
clarkb | tristanC: not necessarily as it can be variable and inapplocable to certain scenarios | 15:28 |
clarkb | I think being explicit is the right choice for most situations | 15:28 |
clarkb | there are cases whereit doesnt make senselike extracting tarballs | 15:29 |
zbr | tristanC: when ansible_user is different than become_user you can easily get very weird file modes, due to the way ansible transports the files. the final outcome is that umode is not the one from the become user but the one from ansible users. | 15:29 |
tristanC | zbr: you mean file owner? | 15:30 |
zbr | i do remember reading several long ansible bugs few months back, and the conclusion was to be explicit unless you want surprises. | 15:30 |
zbr | very hard to identify surprises | 15:30 |
zbr | file owner is fixed by ansible, the issue is around file mode. | 15:31 |
zbr | for mode is more complex than chown, which sorts ownership. | 15:31 |
*** Eighth_Doctor has joined #zuul | 15:32 | |
zbr | until Ansible team will document default file modes, i will strongly support explicit modes. | 15:33 |
tristanC | zbr: shouldn't we wait for a fix upstream instead of adding explicit default everywhere? Do we have a reproducer where 0755/0644 is not used by default? | 15:38 |
zbr | tristanC: you are welcomed to read the entire collection of issues: https://github.com/ansible/ansible/pulls?q=CVE-2020-1736 | 15:41 |
zbr | the doc update is already 28 days old, not sure what to wait for, | 15:41 |
*** mordred has joined #zuul | 15:41 | |
zbr | But https://github.com/ansible/ansible/pull/71516/files should be a strong enough motivation. | 15:42 |
zbr | look at the 3rd file recomandation. | 15:43 |
*** mordred has quit IRC | 15:47 | |
*** Eighth_Doctor has quit IRC | 15:47 | |
zbr | tristanC: i just got confirmation from ansible core team that https://github.com/ansible/ansible/issues/67794 is still open. | 15:47 |
tristanC | zbr: that seems to indicate the default is indeed world readable | 15:49 |
zbr | can != always does, also default is still not documented. | 15:50 |
tristanC | zbr: but when is this not the case? | 15:50 |
tristanC | zbr: reading through the issues you linked, it seems like the issue is the otherway around where non world readable setting where incorrectly set | 15:52 |
tristanC | zbr: having a playbook that demonstrates how the default world readable mode is not set would be help to justify why mode needs to be explicitly defined | 15:55 |
*** bhavikdbavishi has joined #zuul | 15:56 | |
*** Eighth_Doctor has joined #zuul | 15:57 | |
clarkb | ya I think the biggest issue here is ansible doesn't actually state a default or expectation around this stuff and has changed the behavior in the past | 15:59 |
clarkb | as a result it is better to be explicit where we can be | 16:00 |
clarkb | what is the downside to being explicit? | 16:00 |
tristanC | clarkb: there more than 70 mode missing in zuul-jobs | 16:02 |
clarkb | tristanC: and if ansible changes the behavior again many of them will likely break? seems worthwhile to do what we can to mitigate against that? | 16:04 |
*** mach1na has quit IRC | 16:06 | |
*** sanjayu_ has quit IRC | 16:13 | |
*** sanjayu_ has joined #zuul | 16:13 | |
*** masterpe has joined #zuul | 16:15 | |
*** mordred has joined #zuul | 16:15 | |
*** mach1na has joined #zuul | 16:20 | |
*** vorotech has joined #zuul | 16:21 | |
*** mach1na has quit IRC | 16:31 | |
*** sanjayu_ has quit IRC | 16:37 | |
zbr | https://review.opendev.org/#/c/761090/ brings the remaining to 56 - few more and we are done. | 16:45 |
mnaser | i'm having job failures with ensure-package-repositories due to the fact that gnupg is missing from my (slim) image | 16:46 |
*** mach1na has joined #zuul | 16:46 | |
*** rpittau is now known as rpittau|afk | 16:46 | |
mnaser | would it make sense to install that inside the ensure-package-repositories role? | 16:46 |
clarkb | mnaser: we add it into our image | 16:46 |
clarkb | and I think there is a change to add it to the dib minimal stuff | 16:46 |
mnaser | clarkb: right -- i'm just wondering if this follows the push towards "empty base image" stuff that was being driven | 16:47 |
clarkb | no this is a weird debian thing | 16:48 |
clarkb | they've baked in enough gpg stuff to not need the dep by default, but then if you try to use certain commands it breaks | 16:48 |
clarkb | there are ways to deal with that by copying the ascii armored files manually or something | 16:49 |
*** saneax has joined #zuul | 16:49 | |
openstackgerrit | zbr proposed zuul/zuul master: Enable optional pre-wrapping on console and output https://review.opendev.org/723603 | 16:49 |
avass | mnaser: I'd say that it should | 16:49 |
clarkb | well I think the real fix is using those workarounds | 16:50 |
clarkb | rather than depending on gpg properly | 16:50 |
clarkb | fungi: ^ you probably know off the top of your head what the details are | 16:50 |
mnaser | i mean in that case we'd have to fix the ensure-nodejs role (and likely many others) | 16:50 |
mnaser | i think we have to do some stuff offline then we can download the file staright to trusted.gpg.d | 16:50 |
mnaser | but i think as long as we use the apt_key module, we'll need gnupg | 16:51 |
clarkb | right stop using apt_key then is what I'm suggesting | 16:51 |
clarkb | since that is what debian wants you to do | 16:51 |
mnaser | http://codesearch.openstack.org/?q=repositories_keys&i=nope&files=&repos= | 16:52 |
openstackgerrit | zbr proposed zuul/zuul-jobs master: Make .sh browsable on swift logs https://review.opendev.org/731795 | 16:53 |
mnaser | so i guess we'll have to get rid of those and change the behaviour of ensure-package-repositories .. or ensure that gnupg is installed and flow through the existing setup | 16:53 |
clarkb | you don't have to get rid of them entirely you just have to copy the file into the correct spot as debian wants you to aiui | 16:53 |
clarkb | rather than use the gpg tooling that needs the pacakge | 16:53 |
clarkb | (my only concern with adding the package is that debian seems to be saying you shouldn't do it that way anymore) | 16:54 |
mnaser | you actually have to transform that file before you drop it into trusted.gpg.d | 16:54 |
*** vorotech has quit IRC | 16:54 | |
clarkb | I don't think so with modern debian | 16:54 |
clarkb | which is why they dropped the dep | 16:54 |
clarkb | old debian yes | 16:54 |
zbr | zuul-maint: https://review.opendev.org/#/c/723837/ -- just say it if you do not find it useful, i will abandon it. even negative feedback is better than none. | 16:55 |
avass | mnaser: this gives some information https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851774 | 16:56 |
openstack | Debian bug 851774 in apt-setup-udeb "Stop using apt-key add to add keys in generators/60local" [Serious,Fixed] | 16:56 |
zbr | the idea was to make it easier for new folks to make small contributions to zuul, without having to read a lot of docs about how to run/test different parts. | 16:56 |
*** vorotech has joined #zuul | 16:56 | |
*** vorotech has quit IRC | 16:56 | |
corvus | zbr: you may find https://review.opendev.org/88698 interesting | 16:56 |
*** mach1na has quit IRC | 16:57 | |
fungi | mnaser: clarkb: yeah, see the "SUPPORTED KEYRING FILES" section of the apt-key manpage but on newer debian versions (those with apt 1.4 or newer) you can stick ascii-armored keys into /etc/apt/trusted.gpg.d | 16:57 |
zbr | corvus: another change stuck in time intead of being abandoned. | 16:57 |
mnaser | ok so i guess we can replace the apt_key by get_url or whatever | 16:57 |
tobiash | I guess if we want a makefile we should go with the new version instead of the 2014 version | 16:58 |
avass | I think so | 16:58 |
fungi | if you're using an older version of apt you have to use gpg's binary export format for files in there | 16:58 |
mnaser | stretch seems to have apt 1.4 | 16:58 |
zbr | I do not fancy Makefiles themselves, but usually you do not need to touch them. | 16:58 |
mnaser | bionic is 1.6 | 16:58 |
mnaser | xenial is the only fail at 1.2 | 16:59 |
fungi | yeah, for those something needs to import the .asc keyfile into a gpg keyring and then export it in binary format to put in /etc/apt/trusted.gpg.d | 16:59 |
fungi | (for xenial) | 16:59 |
mnaser | xenial has only a few months on its timeline.. | 17:00 |
fungi | indeed. eol ~april 2021 i think? | 17:00 |
zbr | i really wish to see zuul cores starting to press the abandon button on changes, abandon is not "delete". | 17:00 |
*** hamalq has joined #zuul | 17:01 | |
*** bhavikdbavishi has quit IRC | 17:01 | |
tobiash | I usually hesitate to press the abandon button on changes that are now owned by me | 17:01 |
tobiash | s/now/not | 17:01 |
mnaser | honestly though this seems like a lot of extra work and testing and potentially breakages vs | 17:03 |
mnaser | installing gnupg if it's not there :( | 17:03 |
*** bhavikdbavishi has joined #zuul | 17:03 | |
avass | tobiash: yeah the abandon button equals the 'remove from memory' button for me | 17:03 |
avass | oh I read something else nvm :) | 17:04 |
*** mach1na has joined #zuul | 17:04 | |
mnaser | cause its easy to workaround for the downloadable keys | 17:04 |
mnaser | but then now we have no structure for zuul imported keys on what the file name should be | 17:05 |
mnaser | because it is possible that it is only "data" | 17:05 |
zbr | i found an interesting change about splitting stdout/stderr. https://review.opendev.org/#/c/650276/10 - should we refresh it? | 17:08 |
zbr | i personally find very useful to have stdout/stderr separated. | 17:09 |
openstackgerrit | Mohammed Naser proposed zuul/zuul-jobs master: Install gnupg if keys need to be imported https://review.opendev.org/761201 | 17:10 |
mnaser | ^ this is what i can 'afford' to fix in terms of my time constraints :\ | 17:11 |
mnaser | if that's not ok, ill go update our images to add gnupg -- i don't have time now to rewrite our usage of apt_key | 17:11 |
avass | I'm fine with that until there's a better solution | 17:13 |
clarkb | ya I won't -1 such a solution. I just think we should be careful relying on the old deprecated expecations of tools | 17:14 |
*** jcapitao has quit IRC | 17:15 | |
clarkb | zbr: I seem to recall the concerns with that is we can't stream it that way or something? | 17:15 |
clarkb | zbr: so its better to be consistent with the stream and the recording? | 17:15 |
clarkb | (sort of related google says github's parsing of stdout is a problem. Something we should be wary of) | 17:15 |
avass | someone forgot "Don't cross the streams" heh ;) | 17:16 |
zbr | i observed that recently github stopped showing output in real time, now it displays output only after each run did run (task, not entire job). | 17:16 |
avass | I don't think we want to stop showing output in real time if that's what you mean | 17:18 |
zbr | the stream crossing is a tricky bit, once that made me do https://pypi.org/project/subprocess-tee a week ago. | 17:18 |
zbr | i do not see any comment on the review regarding that aspect. | 17:19 |
clarkb | I think it came up in conversation here (don't knwo if there was a change at that point?) | 17:20 |
*** sshnaidm|rover is now known as sshnaidm|afk | 17:22 | |
zbr | i see that current implementation does not use asyncio so likely to have some undersired side effects | 17:23 |
clarkb | also I think the ansible console splits them? | 17:23 |
clarkb | so they are already separately readable if necessary | 17:24 |
zbr | ansible does not care about that, it does not stream. | 17:24 |
clarkb | yes, this is not for the streaming aspect | 17:24 |
clarkb | this is when the job is completed | 17:24 |
zbr | ansible produces output on both, and you can control where do tasks go, you can opt-in for stderr if you want. | 17:25 |
zbr | basically you can tell ansible to send everything to stderr if you want. | 17:25 |
zbr | but default behavior is to send only warnings to stderr, if i recall well. | 17:25 |
zbr | quite useful if you want to identify them or if you use a output callback that is machine parseable. | 17:26 |
*** sanjayu_ has joined #zuul | 17:26 | |
*** saneax has quit IRC | 17:27 | |
zbr | downside of split stderr is that you may get runtime warnings that you have no clue from which tasks they are are origination from. | 17:27 |
zbr | still, i found that subprocess-tee was able to produce good console output (combined) while capturing output separated, so it did not affect me. | 17:28 |
*** sanjayu_ has quit IRC | 17:33 | |
*** sanjayu_ has joined #zuul | 17:33 | |
* zbr got enough for today, see you tomorrow. | 17:34 | |
*** armstrongs has joined #zuul | 17:37 | |
*** mach1na has quit IRC | 17:41 | |
*** bhavikdbavishi has quit IRC | 17:48 | |
*** nils has quit IRC | 17:56 | |
*** tosky has quit IRC | 17:57 | |
*** saneax has joined #zuul | 18:04 | |
*** sanjayu_ has quit IRC | 18:06 | |
*** wuchunyang has joined #zuul | 18:11 | |
*** wuchunyang has quit IRC | 18:16 | |
*** hamalq has quit IRC | 18:27 | |
*** hamalq has joined #zuul | 18:27 | |
*** arxcruz has quit IRC | 18:28 | |
*** jpena is now known as jpena|off | 18:33 | |
*** ianw_pto is now known as ianw | 18:59 | |
*** vishalmanchanda has quit IRC | 19:02 | |
*** saneax has quit IRC | 19:24 | |
*** arxcruz has joined #zuul | 19:28 | |
*** armstrongs has quit IRC | 19:30 | |
*** zenkuro has quit IRC | 19:53 | |
*** wuchunyang has joined #zuul | 20:12 | |
*** zenkuro has joined #zuul | 20:14 | |
*** wuchunyang has quit IRC | 20:17 | |
*** zenkuro has quit IRC | 20:19 | |
*** zenkuro has joined #zuul | 20:19 | |
*** zenkuro has quit IRC | 20:26 | |
*** tosky has joined #zuul | 20:27 | |
*** zenkuro has joined #zuul | 20:27 | |
openstackgerrit | Merged zuul/zuul-jobs master: Install gnupg if keys need to be imported https://review.opendev.org/761201 | 20:30 |
*** AshBullock has joined #zuul | 20:35 | |
pabelanger | is statsd / graphite / grafana still the best way to render zuul stats? | 21:07 |
pabelanger | or is there a simpler way | 21:07 |
corvus | pabelanger: i don't think anything has changed there (if you have a prometheus, it's worth discussing options, but setting up a promethus and exporters if you don't already have one is likely not simpler) | 21:12 |
*** hasharOut is now known as hashar | 21:12 | |
pabelanger | yah, no prometheus | 21:12 |
pabelanger | basically, need to get some basic metrics out of zuul, I've never setup statsd / graphite / grafana and was looking for something less work | 21:13 |
pabelanger | I have to answer the question of 'how many jobs a day' do we run | 21:13 |
pabelanger | and realize that is much harder with out that stack | 21:14 |
corvus | pabelanger: if it's a one-off request you could grep logs; otherwise, yeah, statsd/graphite. grafana is optional, it just makes it prettier but you can get graphs or numbers from graphite directly. | 21:15 |
openstackgerrit | Clark Boylan proposed zuul/nodepool master: Have nodepool scan as many ssh host keys as possible https://review.opendev.org/761229 | 21:16 |
clarkb | fungi: corvus ^ thats the result of my poking around at paramiko after the discussion in #openstack-infra | 21:16 |
clarkb | I hvaen't actually tested that yet, but I think something along those lines is what we want | 21:16 |
corvus | pabelanger: they're both pretty easy to set up. grab the graphite rollup config file from opendev. otherwise, can probably just run from os packages. | 21:17 |
pabelanger | clarkb: HA, i just enabled FIPs mode in centos | 21:17 |
pabelanger | I did it by disabling hostkey generation in DIB | 21:17 |
clarkb | pabelanger: it should be fine if you enable it in the bsae image since nodepool will see the valid keys from the start | 21:17 |
clarkb | but if you enable it after nodepool has done the scan paramiko grabs the wrong key type by default | 21:17 |
clarkb | then ansible fails to ssh after that | 21:17 |
pabelanger | clarkb: yah, I did the following: https://github.com/ansible-network/windmill-config/blob/master/nodepool/elements/nodepool-base/finalise.d/89-sshd-keygen / https://github.com/ansible-network/windmill-config/blob/master/nodepool/elements/nodepool-base/sshd-keygen.target | 21:18 |
pabelanger | and fixes it | 21:18 |
pabelanger | but only enables ecdsa | 21:18 |
pabelanger | I think the issue becomes, on zuul side, how to pick the right SSH key for inventory file | 21:19 |
pabelanger | I thought about exposing ssh_type setting in nodepool.yaml or something | 21:19 |
clarkb | well we appear to write an entire known hosts file | 21:19 |
clarkb | so it can set all the key types I think | 21:19 |
clarkb | which is what my change is trying to achieve | 21:20 |
pabelanger | k | 21:20 |
clarkb | then when the new ssh connection gets an ecdsa instead of an ed25519 back it can verify that | 21:20 |
pabelanger | I have to still update add-build-sshkey role to allow for different type of keys, today we hardcode rsa | 21:20 |
pabelanger | corvus: thanks for info | 21:21 |
corvus | pabelanger: gl | 21:21 |
clarkb | really the worst part about it is that the public api for getting the list of keys that will be used requires you to construct a connection almost | 21:22 |
clarkb | which makes error handling iffy | 21:22 |
pabelanger | https://github.com/ansible/ansible-zuul-jobs/pull/668 is my experiment with FIPs, had to update grub config since command didn't | 21:23 |
*** rfolco has quit IRC | 21:24 | |
*** rfolco has joined #zuul | 21:24 | |
*** ChanServ has quit IRC | 21:26 | |
*** rfolco has quit IRC | 21:29 | |
*** ChanServ has joined #zuul | 21:32 | |
*** tepper.freenode.net sets mode: +o ChanServ | 21:32 | |
*** AshBullock has quit IRC | 21:43 | |
tristanC | pabelanger: for 'how many jobs a day' you can also query the database, for example we run this https://softwarefactory-project.io/cgit/software-factory/sf-config/tree/ansible/roles/sf-install-server/files/status-page-update.py script daily to create https://softwarefactory-project.io/status/ | 21:52 |
corvus | tristanC: good point; though that may miss some aborted jobs (but maybe that's okay for pabelanger's purpose) | 21:55 |
fungi | we did get the data into the statsd emitters to be able to gauge build durations now too right? | 21:58 |
fungi | so you can do node*hour calculations for specific jobs and whatnot? | 21:59 |
pabelanger | tristanC: thanks, that might be good enough for right now | 22:01 |
*** hashar has quit IRC | 22:01 | |
tristanC | corvus: pabelanger: that's not ideal and we are looking forward replacing this by prometheus metrics, but that is a lot more complicated | 22:04 |
pabelanger | ++ | 22:04 |
pabelanger | for now, I just need some aprox numbers | 22:04 |
pabelanger | tristanC: which version of patternfly is that dev'd with? | 22:10 |
*** holser has quit IRC | 22:10 | |
pabelanger | using 3.24.0 seem the colapse / expand isn't working | 22:10 |
pabelanger | oh | 22:10 |
pabelanger | missing js files | 22:10 |
*** holser has joined #zuul | 22:11 | |
tristanC | pabelanger: the css and scripts are hardcoded for https://softwarefactory-project.io/cgit/software-factory/sf-web-assets-distgit/tree/sf-web-assets.spec | 22:12 |
tristanC | prometheus works great for us, but it's tricky to scrap zuul statsd based metric, so we only use it to monitor a few metrics: https://prometheus.monitoring.softwarefactory-project.io/prometheus/alerts | 22:15 |
pabelanger | tristanC: okay, this will work well for starting point and give me time to setup proper solution | 22:16 |
pabelanger | tyty | 22:17 |
tristanC | pabelanger: you're welcome :) | 22:17 |
pabelanger | tristanC: care to host my instance :) | 22:17 |
pabelanger | I'll just dump data to it | 22:17 |
tristanC | pabelanger: unfortunately zuul doesn't expose a /metric endpoint, so you would still have to setup a custom exporter... | 22:24 |
openstackgerrit | Ashley Bullock proposed zuul/zuul master: Add initial bitbucket cloud driver using webhooks https://review.opendev.org/759003 | 22:25 |
tristanC | (prometheus doesn't listen, it polls metric from services) | 22:25 |
*** tosky has quit IRC | 23:01 | |
openstackgerrit | Merged zuul/zuul master: Warn user when dynamic layout ignores zuul config https://review.opendev.org/720249 | 23:12 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!