Tuesday, 2020-11-17

*** tosky has quit IRC		00:06
*** rfolco has quit IRC		00:12
*** rlandy\|rover\|bbl is now known as rlandy\|rover		00:28
*** Goneri has quit IRC		01:01
*** iurygregory has quit IRC		01:32
openstackgerrit	Paul Belanger proposed zuul/zuul-jobs master: Use --password-stdin for upload-container-image https://review.opendev.org/762939	01:46
openstackgerrit	Paul Belanger proposed zuul/zuul-jobs master: Use --password-stdin for upload-container-image https://review.opendev.org/762939	01:47
openstackgerrit	Paul Belanger proposed zuul/zuul-jobs master: Use --password-stdin for upload-container-image https://review.opendev.org/762939	02:00
openstackgerrit	Paul Belanger proposed zuul/zuul-jobs master: Use --password-stdin for upload-container-image https://review.opendev.org/762939	02:05
openstackgerrit	Paul Belanger proposed zuul/zuul-jobs master: Use --password-stdin for upload-container-image https://review.opendev.org/762939	02:09
*** zenkuro has quit IRC		02:31
*** bhavikdbavishi has joined #zuul		02:40
*** bhavikdbavishi1 has joined #zuul		02:42
*** bhavikdbavishi has quit IRC		02:44
*** bhavikdbavishi1 is now known as bhavikdbavishi		02:44
*** rlandy\|rover has quit IRC		02:52
*** bhavikdbavishi has quit IRC		03:21
*** bhavikdbavishi has joined #zuul		03:22
*** bhavikdbavishi has quit IRC		03:29
*** bhavikdbavishi has joined #zuul		03:31
*** vishalmanchanda has joined #zuul		03:52
*** donnyd has quit IRC		04:07
*** donnyd has joined #zuul		04:08
*** ChrisShort has quit IRC		04:16
*** ChrisShort has joined #zuul		04:16
*** bhavikdbavishi has quit IRC		04:19
*** bhavikdbavishi has joined #zuul		04:19
*** bhavikdbavishi has quit IRC		04:34
*** bhavikdbavishi has joined #zuul		04:37
*** johnsom has quit IRC		04:46
*** johnsom has joined #zuul		04:49
*** bhavikdbavishi has quit IRC		04:52
*** johnsom has quit IRC		05:18
*** johnsom has joined #zuul		05:19
*** aprice has quit IRC		05:27
*** aprice has joined #zuul		05:27
*** evrardjp has quit IRC		05:33
*** evrardjp has joined #zuul		05:33
*** johnsom has quit IRC		06:27
*** johnsom has joined #zuul		06:27
*** bhavikdbavishi has joined #zuul		06:53
*** bhavikdbavishi1 has joined #zuul		06:56
*** bhavikdbavishi has quit IRC		06:58
*** bhavikdbavishi1 is now known as bhavikdbavishi		06:58
*** bhavikdbavishi has quit IRC		07:24
*** bhavikdbavishi has joined #zuul		07:25
*** mach1na has joined #zuul		07:25
*** CraigR has joined #zuul		07:29
*** bhavikdbavishi has quit IRC		07:29
*** mach1na has quit IRC		07:33
*** jcapitao has joined #zuul		08:03
*** rpittau\|afk is now known as rpittau		08:05
*** bhavikdbavishi has joined #zuul		08:08
*** jpena\|off is now known as jpena		08:09
*** hashar has joined #zuul		08:11
*** jfoufas1 has joined #zuul		08:11
*** sugaar has quit IRC		08:12
*** sugaar has joined #zuul		08:12
*** guillaumec has quit IRC		08:14
*** guillaumec has joined #zuul		08:15
*** tobiash has quit IRC		08:15
*** bhavikdbavishi1 has joined #zuul		08:15
*** bhavikdbavishi has quit IRC		08:16
*** bhavikdbavishi1 is now known as bhavikdbavishi		08:16
*** tobiash has joined #zuul		08:16
*** guillaumec has quit IRC		08:23
*** guillaumec has joined #zuul		08:24
*** slaweq has joined #zuul		08:51
slaweq	hi zuul experts :)	08:51
slaweq	I'm trying to fix Neutron ovn multinode jobs	08:52
*** iurygregory has joined #zuul		08:52
slaweq	the problem is that in those jobs we are installing ovn and ovs from source during devstack installation	08:52
slaweq	and that breaks tunnel created by multi-node-bridge role	08:52
slaweq	so I tried to do something like https://review.opendev.org/#/c/762650/ to workaround it	08:53
slaweq	but it seems for me that this jinja2 template isn't rendered correctly	08:53
slaweq	see https://b18b498c87a70760171a-55be5aa52ff9f3c19ea7817c824a7dd8.ssl.cf5.rackcdn.com/762654/5/check/neutron-ovn-tempest-slow/d4cc10a/job-output.txt	08:53
slaweq	can You help me with that maybe?	08:53
*** tosky has joined #zuul		08:56
*** sean-k-mooney has quit IRC		09:27
*** sean-k-mooney has joined #zuul		09:27
*** zenkuro has joined #zuul		09:46
*** odyssey4me has quit IRC		09:50
*** odyssey4me has joined #zuul		09:50
*** felixedel has quit IRC		09:56
*** felixedel has joined #zuul		09:57
openstackgerrit	Tobias Henkel proposed zuul/zuul master: WIP: Report max 50 file comments to github https://review.opendev.org/762869	09:57
*** nils has joined #zuul		10:01
*** bhavikdbavishi has quit IRC		10:15
*** wuchunyang has joined #zuul		10:18
*** CraigR has quit IRC		10:20
*** mach1na has joined #zuul		10:20
*** wuchunyang has quit IRC		10:22
*** mach1na has quit IRC		10:54
*** wuchunyang has joined #zuul		11:05
*** bhavikdbavishi has joined #zuul		11:13
*** migi has joined #zuul		11:29
*** mach1na has joined #zuul		11:33
*** mach1na has quit IRC		11:36
*** mach1na has joined #zuul		11:36
*** jcapitao is now known as jcapitao_lunch		11:55
*** slaweq has quit IRC		11:56
*** slaweq has joined #zuul		11:57
*** mach1na has quit IRC		12:09
*** ianychoi_ has quit IRC		12:10
*** wuchunyang has quit IRC		12:11
*** rfolco has joined #zuul		12:26
*** rfolco has quit IRC		12:28
*** jpena is now known as jpena\|lunch		12:36
*** bhavikdbavishi has quit IRC		12:48
*** bhavikdbavishi has joined #zuul		12:48
*** jcapitao_lunch is now known as jcapitao		12:55
*** rlandy has joined #zuul		12:55
*** rlandy is now known as rlandy\|rover		12:56
*** mach1na has joined #zuul		12:57
*** mach1na has quit IRC		12:58
*** mach1na has joined #zuul		12:58
*** jpena\|lunch is now known as jpena		13:24
*** Goneri has joined #zuul		13:40
tobiash	slaweq: could the delegate_to be an issue there?	13:43
slaweq	tobiash: tbh I don't know	13:43
slaweq	I'm not zuul and ansible expert	13:43
slaweq	but should delegate_to simply create this file on the delegated node?	13:44
tobiash	slaweq: I think the delegated task uses the hostvars of the original node	13:44
tobiash	I don't know if that's an issue there since I don't know the details of that role	13:44
slaweq	tobiash: my modification is "just" doing script using variables which were already used in that job, also in task which was delegate_to	13:45
slaweq	IMO there is some issue with rendering jinja template - probably I'm doing something wrong in that template :/	13:46
tobiash	at least I don't see any obvious typo at first glance	13:47
slaweq	tobiash: I try to use this new script here https://review.opendev.org/#/c/762654/	13:50
tobiash	slaweq: http://paste.openstack.org/show/800094/	13:50
slaweq	tobiash: exactly	13:50
tobiash	looking at that it looks like there is an unintended line break in there	13:50
slaweq	that's my understanding too	13:50
slaweq	but there is no this line break in the template :/	13:50
slaweq	and I don't know why it's like that	13:51
tobiash	maybe the {{ switch_ip }} variable has one	13:51
tobiash	yes, after each of that ip address there is a line break in that file	13:51
slaweq	tobiash: ha	13:52
slaweq	You are genius :)	13:52
slaweq	thx a lot	13:52
tobiash	no problem :)	13:52
openstackgerrit	Slawek Kaplonski proposed zuul/zuul-jobs master: [multi-node-bridge] Add script to configure connectivity https://review.opendev.org/762650	14:00
slaweq	tobiash: ^^ lets see if that will help :)	14:01
*** zenkuro has quit IRC		14:04
*** zenkuro has joined #zuul		14:05
*** bhavikdbavishi has quit IRC		14:08
*** bhavikdbavishi has joined #zuul		14:56
*** lliu82 has joined #zuul		14:58
*** CraigR has joined #zuul		14:58
lliu82	Hi, I find it a little hard to understand zuul.child_jobs What kind of jobs will show in the list?	14:59
*** mach1na has quit IRC		15:01
*** lliu82 has quit IRC		15:02
*** LLIU82 has joined #zuul		15:04
openstackgerrit	Tristan Cacqueray proposed zuul/zuul master: web: replace react-ansi component with re-ansi https://review.opendev.org/762759	15:08
*** CraigR has quit IRC		15:15
*** mach1na has joined #zuul		15:16
*** jfoufas1 has quit IRC		16:14
*** mach1na has quit IRC		16:26
*** iurygregory has quit IRC		16:29
openstackgerrit	Tristan Cacqueray proposed zuul/zuul master: web: replace react-ansi component with re-ansi https://review.opendev.org/762759	16:37
corvus	LLIU82: jobs that set 'dependencies' on the parent job	16:45
*** LLIU82 has quit IRC		16:48
*** hamalq has quit IRC		16:56
*** hamalq has joined #zuul		16:57
*** jpena is now known as jpena\|off		17:01
*** jcapitao has quit IRC		17:19
*** iurygregory has joined #zuul		17:19
*** rpittau is now known as rpittau\|afk		17:27
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-jobs master: DNM: generate ansi log for benchmark purpose https://review.opendev.org/763054	17:40
openstackgerrit	Jeremy Stanley proposed zuul/zuul-jobs master: validate-host: Options to require v4 and v6 routes https://review.opendev.org/763065	18:01
fungi	clarkb: frickler: ^ i should probably work out how to include a test for that	18:02
clarkb	fungi: we might rely on base-test, not sure	18:02
fungi	well, i meant a test for those new vars in the battery of zuul-jobs testing	18:03
clarkb	fungi: gotcha. Also I think continuing to support the default behavior would be good. Maybe we can use a single var: require_network_connectivty then default to 'either' but handle ipv6, ipv4, and both as values?	18:04
fungi	isn't it still supporting the prior behavior? i merely inverted how the passed flag was being toggled	18:06
fungi	oh... i see	18:06
*** y2kenny has joined #zuul		18:06
corvus	fungi: also see inline comments	18:06
fungi	i just made it a no-op when neither is required, yup	18:06
clarkb	ya	18:06
fungi	that was not intentional ;)	18:06
fungi	i started with separate flags and then thought i could condense them to simplify the logic, but nope. fixing	18:07
*** nirmoy has joined #zuul		18:07
tristanC	zbr: corvus: i shared ansi code rendering benchmark in https://review.opendev.org/762759	18:10
nirmoy	Hi did any one faced:	18:10
nirmoy	2020-11-17 17:41:05.478390 \| buildpod \| MODULE FAILURE:	18:10
nirmoy	2020-11-17 17:41:05.478603 \| buildpod \| Traceback (most recent call last):	18:10
nirmoy	2020-11-17 17:41:05.478636 \| buildpod \| File "<stdin>", line 102, in <module>	18:10
nirmoy	2020-11-17 17:41:05.478661 \| buildpod \| File "<stdin>", line 94, in _ansiballz_main	18:10
nirmoy	2020-11-17 17:41:05.478683 \| buildpod \| File "<stdin>", line 40, in invoke_module	18:10
nirmoy	2020-11-17 17:41:05.478706 \| buildpod \| File "/usr/lib64/python3.9/runpy.py", line 210, in run_module	18:10
nirmoy	2020-11-17 17:41:05.478728 \| buildpod \| return _run_module_code(code, init_globals, run_name, mod_spec)	18:10
nirmoy	2020-11-17 17:41:05.478750 \| buildpod \| File "/usr/lib64/python3.9/runpy.py", line 97, in _run_module_code	18:11
nirmoy	2020-11-17 17:41:05.478771 \| buildpod \| _run_code(code, mod_globals, init_globals,	18:11
nirmoy	2020-11-17 17:41:05.478793 \| buildpod \| File "/usr/lib64/python3.9/runpy.py", line 87, in _run_code	18:11
nirmoy	2020-11-17 17:41:05.478815 \| buildpod \| exec(code, run_globals)	18:11
nirmoy	2020-11-17 17:41:05.478836 \| buildpod \| File "/tmp/ansible_command_payload_tajemifl/ansible_command_payload.zip/ansible/modules/command.py", line 675, in <module>	18:11
nirmoy	2020-11-17 17:41:05.478860 \| buildpod \| File "/tmp/ansible_command_payload_tajemifl/ansible_command_payload.zip/ansible/modules/command.py", line 651, in main	18:11
nirmoy	2020-11-17 17:41:05.478882 \| buildpod \| File "/tmp/ansible_command_payload_tajemifl/ansible_command_payload.zip/ansible/modules/command.py", line 498, in zuul_run_command	18:11
nirmoy	2020-11-17 17:41:05.478904 \| buildpod \| AttributeError: 'Thread' object has no attribute 'isAlive'	18:11
nirmoy	2020-11-17 17:41:05.478925 \| buildpod \| command terminated with exit code 1	18:11
nirmoy	2020-11-17 17:41:05.478959 \| buildpod \| changed: All items complete	18:11
clarkb	nirmoy: please use a paste service in the future as it is more readable and doesn't flood the channel wit hmessages. And yes people have hit that, there is a discussion on the mialing list	18:11
clarkb	let me get a link	18:11
clarkb	http://lists.zuul-ci.org/pipermail/zuul-discuss/2020-November/001389.html the discussion starts there	18:12
corvus	tristanC: thanks; my other question is whether we can use it in the logs tab	18:12
nirmoy	clarkb: sorry about that	18:12
tristanC	corvus: for sure, i designed re-ansi so that it integrates transparently in zuul ui component	18:13
corvus	tristanC: iirc, the logs tab is a little unusual in that it operates line-by-line to support line numbers and syntax highlighting of error messages	18:13
clarkb	nirmoy: if you run the head of master the issue is fixed, but the latest reelase doesn't have it yet. YOu can also have zuul run under an older python version on the remote (while still testing under 3.9)	18:14
y2kenny	clarkb: head of master for the executor?	18:15
clarkb	y2kenny: yes	18:15
tristanC	corvus: well i'd be happy to improve the logs tab too, but i think the main advantage of re-ansi is provided by bucklescript, and i'd like to benefit from the compiler optimizations	18:15
y2kenny	clarkb: (nirmoy is my colleague)	18:16
clarkb	I broght up the idea of doing a 3.9.2 release in that mailing list thread but not sure how much interest there is in that currently	18:16
clarkb	(the existing goal was to release 4.0 with the new zk required stuff)	18:16
corvus	tristanC: i don't understand your answer	18:16
clarkb	corvus: ^ not sure if you saw that thread	18:16
nirmoy	clarkb: thanks for your quick reply :)	18:16
y2kenny	clarkb: are the the dockerhub images are always tip of master	18:16
corvus	clarkb: it took about a week of work last time to do a point release; is someone willing to do that? (i don't have time)	18:17
clarkb	y2kenny: oh wait sorry I misread your question, no it is the python version that ansible runs under on the remote	18:17
corvus	clarkb: i'm happy to help push the buttons if someone else wants to do the prep. and make sure we don't end up with crazy release notes again.	18:17
clarkb	y2kenny: you can avoid that by running the latest executor code	18:17
clarkb	corvus: I don't have time this week at least	18:17
y2kenny	clarkb: ok.	18:17
clarkb	y2kenny: and yes the latest docker image should be up to date	18:18
clarkb	y2kenny: basically 3.9.1 executor sends code to the remote node that can't run under 3.9. Latest sends code that can.	18:18
tristanC	corvus: we could use re-ansi here: https://opendev.org/zuul/zuul/src/branch/master/web/src/containers/logfile/LogFile.jsx#L221	18:19
corvus	tristanC: want to try that out and see if it scales to 10k lines?	18:19
tristanC	corvus: but i think we could also benefit from bucklescript optimization if the whole logfile container was written in reason, similarly to re-ansi	18:19
zbr	tristanC: i am not sure if a benchmark done between incomplete ansi implementations would be correct.	18:20
y2kenny	clarkb: understood. thanks	18:20
openstackgerrit	Jeremy Stanley proposed zuul/zuul-jobs master: validate-host: Options to require v4 and v6 routes https://review.opendev.org/763065	18:20
tristanC	zbr: well react-ansi is also incomplete, as far as i understand it only adds color	18:22
zbr	tristanC: i am not saying is bad but I would first collect some real ANSI examples of stuff we naturally find on build logs. combine them and benchmark on them. also checking that it works fine.	18:23
zbr	imho, performance matters when feature level is relatively equal. it did not observe any performance issues myself with current one.	18:24
zbr	on the other hand, I have the impression that I will get more attention if I make a PR towards your re-ansi repo instead of of current react-ansi	18:25
zbr	the author does not seem to be very active	18:25
zbr	tristanC: did you cc the patterfly feature request? it would be awesome to get this into pf itself.	18:27
tristanC	zbr: i would be happy to review your changes. We are using ReasonML to write react component, which i find a better fit for web (and native) development than es6, thus i'd be also happy to do some onboarding too.	18:32
tristanC	zbr: i'm not sure why patternfly would provide such specific component	18:33
*** cloudnull is now known as kecarter		18:36
*** kecarter is now known as cloudnull		18:36
*** nirmoy has quit IRC		18:39
tobiash	clarkb, corvus: what do you think about getting the 4.0 release done instead? I think we'd need mostly the first few changes of the zk preparation stack plus the mandatory sql?	19:03
tobiash	Mandatory sql got broken due to rebases but I could fix that by tomorrow probably	19:05
clarkb	I'm not opposed, though currently distracted by all the gerrit upgrade planning and next week is a big holiday	19:06
tobiash	We could target 4.0 maybe the week after the gerrit upgrade?	19:08
tobiash	I guess that work would collide with 3.9.2 as well?	19:08
clarkb	it conflicts with USA thanksgiving so mayn of us likely won't be around tohelp	19:08
clarkb	week after I expect things to be more normal for me	19:08
tobiash	The other question is can/should we extend reno such that it supports our use case of branching and releasing from older releases	19:10
clarkb	I want to say that openstack already does that, but I can't seem to keep the related issues paged in	19:11
tobiash	At least the 3.9.1 caused a lot of trouble	19:11
tobiash	The problem I think was we have one page im the docs with all releases which was not possible with simple branching and tagging	19:12
pabelanger	anyone up for a review: https://review.opendev.org/762939/ that switches to --password-stdin for container-upload-role, in an effort to remove no_log: true task	19:13
tobiash	pabelanger: won't the copy task have the pw in the json log?	19:14
pabelanger	shouldn't	19:15
pabelanger	I don't believe content is rendered	19:15
pabelanger	https://6fe79164c1899b3f89c6-6113b1a0d951f28e43a544861377cc1f.ssl.cf1.rackcdn.com/762939/5/check/zuul-jobs-test-build-container-image-release/93189f0/job-output.json	19:16
pabelanger	testpassword only shows up, because we use set_fact	19:17
*** y2kenny has quit IRC		19:17
pabelanger	over security stanza	19:17
fungi	clarkb: the only openstack reno examples i could find was branched release notes (the releases on stable branches aren't mixed back into the master branch document)	19:17
clarkb	fungi: gotcha the issue is the shred doc which is what tobiash thoughti t was	19:17
clarkb	seems like that use case woudl be one reno should support since release notes tend to be a single large doc	19:18
corvus	i think 4.0.0 would be preferable to 3.9.2; i don't think we should target it until 1st week of december though due to holidays/upgrade	19:19
fungi	yeah, i can't say for certain the problem is solveable... right now the way it works out how to include notes in a release goes by the point at which the tag appears in the branch history, so if we merge 3.9.2 back into master and delete the temporary stable branch for it, basically all release notes merged in master before 3.9.2 got merged in would get listed as belonging to 3.9.2	19:20
fungi	one workaround we talked about was merging a change to delete all new release notes, merging the tag in, then reverting the deletion, but that's exceptionally messy and not great for bisecting/pickaxe	19:21
clarkb	fungi: reno could create a single combined doc from scans of ever branch?	19:21
fungi	then the branch would need to be kept indefinitely	19:22
clarkb	basically aggregate all the release notes found in /tmp or wherever and build from there rather than only building off of a branch	19:22
tobiash	something like a --all-releases option might make sense	19:22
tobiash	aka current branch plus all tags	19:22
fungi	oh, mmm maybe iterating over tags yeah	19:22
fungi	and then doing a version sort on the tag names, and deduplicating release notes associating them with the first release (according to version sort order) they're contained in	19:23
tobiash	corvus: so we could target in 3-4 weeks?	19:23
fungi	that would be a pretty big modification to reno, but it might work	19:23
corvus	tobiash: sounds reasonable	19:24
tobiash	great :)	19:24
corvus	i honestly don't see us being able to do 3.9.2 any earlier	19:24
*** bhavikdbavishi has quit IRC		19:41
openstackgerrit	Guillaume Chauvel proposed zuul/zuul master: Fix gerrit merge commit change with zuul configuration https://review.opendev.org/762886	19:47
openstackgerrit	Guillaume Chauvel proposed zuul/zuul master: Fix gerrit amended merge commit change with zuul configuration https://review.opendev.org/762887	19:47
avass	I got a quick review if anyone has time: https://review.opendev.org/#/c/762767/	20:17
avass	it adds the job node to the graph over the components, we've had a lot of users that thinks the 'executors' are the nodes the tests run on	20:18
openstackgerrit	Tristan Cacqueray proposed zuul/zuul master: web: replace react-ansi component with re-ansi https://review.opendev.org/762759	20:18
avass	I think it would be a simple way to make that a bit clearer	20:18
openstackgerrit	Guillaume Chauvel proposed zuul/zuul master: Fix gerrit merge commit change with zuul configuration https://review.opendev.org/762886	20:22
openstackgerrit	Guillaume Chauvel proposed zuul/zuul master: Fix gerrit amended merge commit change with zuul configuration https://review.opendev.org/762887	20:22
avass	pabelanger: re 762939	20:25
avass	pabelanger: oh you already got that question and answered it :)	20:26
avass	tobiash, pabelanger: content shows up as 'content: null' so I'm unsure if that's intentional or not. it seems like it's an unecessary risk to not use no_log there	20:28
pabelanger	yah, using copy / content will be safe, and it is a pattern we already use in roles	20:28
pabelanger	sign-artifact for example	20:28
pabelanger	add-sshkey	20:29
avass	there's a no log for it so I guess it's fine: https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/copy.py#L508	20:32
pabelanger	right	20:33
fungi	corvus: are you still -1 on 761621 if combined with 762588?	20:45
corvus	fungi: i think so; i think the disappearing search icon is just plain not the way to do a hyperlink.	20:47
fungi	yeah, i'm not terribly keen on the icon business either. clickable text is preferable, so long as making it clickable doesn't also cause it to no longer be highlightable so the text can be copied to the clipboard	20:51
openstackgerrit	Merged zuul/zuul-jobs master: Use --password-stdin for upload-container-image https://review.opendev.org/762939	20:53
fungi	not sure if this is a case of fighting the framework, and whether designers assume ~nobody copies page content from their browsers these days	20:53
pabelanger	corvus: do you think we can tag zuul-registry for pypi release?	20:54
corvus	fungi: no, i don't think so. i think the original state of having the result be the link is perfectly feasible. i believe this was an attempted improvement and it hasn't worked out.	20:54
pabelanger	corvus: actually, we'd need pypi jobs it looks like	20:55
pabelanger	I can work on that now	20:55
corvus	i believe it's okay to try things like this out, but when they don't work we should be willing to roll back. so i'd like to see us just go back to the result being a link. but if that was hard to discover, i have no objection to making the job also be a link.	20:57
openstackgerrit	Paul Belanger proposed zuul/zuul-registry master: Begin publishing to pypi https://review.opendev.org/763086	20:59
*** hashar has quit IRC		21:06
*** hashar_ has joined #zuul		21:06
*** hashar_ is now known as hashar		21:20
pabelanger	is anyone aware of build-python-release job being broken? https://zuul.opendev.org/t/zuul/build/225b52058c8e454ea4152f9008a0b5a3	21:24
pabelanger	or a change to setuptools missing on nodes?	21:24
pabelanger	before I start down the path of fixing	21:25
pabelanger	actually, let me move that into #opendev	21:25
clarkb	I think fungi just updated those jobs?	21:25
clarkb	that could be fallout	21:25
clarkb	?	21:25
fungi	pabelanger: we merged https://review.opendev.org/762699 earlier today, could it be fallout from that? we stopped running ensure-tox and bindep roles	21:27
fungi	we do still include ensure-pip, so i would expect we'd still have setuptools	21:28
clarkb	fungi: I just checked and I think these jobs are in zuul-jobs and not affected by openstack	21:28
clarkb	I think I know what it is	21:28
clarkb	python2 is being used and not python3?	21:28
*** nils has quit IRC		21:29
clarkb	pabelanger: ^ check zuul and nodepool release jobs they may set python3 explicitly and that may be the fix you need	21:29
pabelanger	oh, you might be right	21:29
fungi	yeah, so probably unrelated as i only altered pti-python-tarball and python-branch-tarball playbooks in openstack/project-config	21:29
pabelanger	yah, that looks to be it	21:29
openstackgerrit	Paul Belanger proposed zuul/zuul-registry master: Begin publishing to pypi https://review.opendev.org/763086	21:30
pabelanger	clarkb: thanks for the pointer	21:30
*** holser has quit IRC		21:52
pabelanger	clarkb: corvus: https://review.opendev.org/763086 is passing now (release jobs)	21:57
pabelanger	for zuul-registry	21:57
*** y2kenny has joined #zuul		22:03
y2kenny	has anyone run into "Executing local code is prohibited" when using prepare-workspace-openshift recently?	22:03
y2kenny	http://paste.openstack.org/show/800125/	22:04
clarkb	y2kenny: the raeson for that is going to be that the role does command or shell on localhost and zuul restricts that to trusted playbooks only	22:04
clarkb	y2kenny: the likely fix in your case is to move that role into a bse job in a trusted repo or similar	22:05
*** y2kenny58 has joined #zuul		22:05
*** y2kenny58 has quit IRC		22:05
*** y2kenny1 has joined #zuul		22:06
*** y2kenny1 has quit IRC		22:06
*** y2kenny64 has joined #zuul		22:07
*** y2kenny has quit IRC		22:08
*** y2kenny64 has quit IRC		22:09
*** y2kenny has joined #zuul		22:09
y2kenny	it has been working for me without problem. The only thing I just changed is upgrading the executor (which I didn't think it's an issue.)	22:10
clarkb	y2kenny: depending on which version you upgraded from that may be it. There was a security hole plugged around this	22:10
y2kenny	clarkb: ok... I am guessing prepare-workspace-openshift needs to be run by trusted project all the time? (like it can't be included by untrusted project?)	22:12
fungi	yes, older versions of the executor didn't realize they were supposed to forbid that	22:12
fungi	it can be in a parent job inherited by jobs in an untrusted project	22:12
fungi	but the playbook calling prepare-workspace-openshift should be in a job defined in a trusted repo	22:13
y2kenny	um... Ok... it needs to be inherited at the job level... ok	22:13
clarkb	the reason for that is the trusted repo's code will only be used in a merged state not a pre merge state	22:13
clarkb	having this check in place ensures that people have checked any code changes and merged them before they are used when they can be used in sensitive areas	22:14
y2kenny	right... I probably wasn't quite clear about the security model at the time and thought I understood the model since things work	22:14
y2kenny	this actually answered a question I have for awhile... when to use job inheritance and when to just include_role	22:15
y2kenny	thanks folks.	22:15
y2kenny	clarkb: although this bring up another issue I ran into awhile back (I am not sure if it's fixed now.) Is it still true that I cannot modify the inventory across play?	22:16
clarkb	y2kenny: you cannot across playbooks, but each playbook can load in extra inventory stuff iirc	22:18
fungi	y2kenny: announcement was here: http://lists.zuul-ci.org/pipermail/zuul-announce/2020-July/000078.html	22:18
fungi	for the executor security fix	22:19
y2kenny	fungi: thanks	22:19
y2kenny	clarkb: um... is there a recommended way to pass information across playbook?	22:20
clarkb	I think zuul return maybe available between playbooks. corvus is that true?	22:21
y2kenny	actually... may be this still work... I just need to be more creative I guess. What I have is a role that launches a pod in a received k8s namespace resources and add the pod into the inventory.	22:21
y2kenny	and then run prepare-workspace-openshift	22:21
clarkb	tristanC and tobiash may have ideas too as they use k8s a bit more than I do	22:22
y2kenny	this role was included in the playbook such that the pod in the inventory is available within the same playbook. But now that the security hole is fixed, the prepare-workspace-openshift no longer works.	22:23
y2kenny	Ideally I should have the pod launching in a pre- playbook in some base job but then I need to figure out how to pass the pod info across the playbook	22:24
clarkb	I think another option is you can write into the build dir then read that info back in later	22:24
y2kenny	I think tristanC or someone else may have a patch that allow inventory modification but I don't think that was merged.	22:25
clarkb	so make pod, prepare-workspace, write details to the build dir, in next playbook read those details and add host to inventory	22:25
*** holser has joined #zuul		22:25
y2kenny	clarkb: ah... I can give that a try	22:25
*** hashar has quit IRC		22:26
tristanC	clarkb: iiuc, zuul return passes variables accross jobs, and using the special set_facts `cacheable: true` may makes a fact variable available for the next playbook	22:30
tristanC	y2kenny: the change to enable a playbook to update the inventory for the other playbook is https://review.opendev.org/590092 , and that can be emulated by dumping host info the executor work_dir, and then reloading in the next playbook	22:31
clarkb	oh right you can set facts and cache them	22:32
clarkb	that is probably the easiest option here	22:32
y2kenny	awesome. I will play around with this. Thanks clarkb, tristanC	22:33
tristanC	y2kenny: and this is how software-factory setup container native job, using the emulation trick here: https://softwarefactory-project.io/cgit/software-factory/sf-config/tree/ansible/roles/sf-repos/files/config/playbooks/openshift/deploy-project.yaml#n63	22:33
tristanC	y2kenny: in the run phase, you can load the pods.yaml file and use add_host	22:33
y2kenny	nice.	22:34
tristanC	i think that's what `cacheable: true` does, but i find the explicit dump less magic	22:35
tristanC	y2kenny: here is how the load works from the integration job: https://softwarefactory-project.io/cgit/software-factory/sf-ci/tree/roles/health-check/openshift/tasks/demo_project_zuul_configuration.yml#n40	22:37
y2kenny	ok, got it.	22:38
corvus	there are a number of jobs in zuul-jobs that use cacheable:true to pass facts from one playbook to the next	23:07
corvus	y2kenny: it's a good pattern for passing information	23:07
*** armstrongs has joined #zuul		23:12
*** slaweq has quit IRC		23:21
*** armstrongs has quit IRC		23:22
pabelanger	I'm seeing missing dependency when running nodepool config-validate	23:26
pabelanger	msrestazure	23:26
pabelanger	http://paste.openstack.org/show/800137/	23:27
pabelanger	looks like azure driver?	23:27
pabelanger	ah	23:31
pabelanger	https://review.opendev.org/752724/	23:31
pabelanger	clarkb: corvus: do you think we can have a new nodepool release to pull in^	23:32
*** zbr has quit IRC		23:57
*** zbr4 has joined #zuul		23:57
*** tosky has quit IRC		23:58

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!