Wednesday, 2021-01-27

« Tuesday, 2021-01-26 Index Thursday, 2021-01-28 »
*** zbr has quit IRC00:27
*** zbr5 has joined #zuul00:27
*** hamalq has quit IRC00:41
*** jamesmcarthur has joined #zuul01:21
*** zenkuro has joined #zuul01:29
*** rlandy has quit IRC01:41
*** jamesmcarthur has quit IRC01:55
*** jamesmcarthur has joined #zuul01:55
*** cloudnull has quit IRC01:56
*** cloudnull has joined #zuul01:59
*** harrymichal has quit IRC02:08
*** jamesmcarthur has quit IRC02:44
*** jamesmcarthur has joined #zuul02:45
*** jamesmcarthur has quit IRC02:50
*** jamesmcarthur has joined #zuul02:50
*** jamesmcarthur has quit IRC02:50
*** jamesmcarthur has joined #zuul02:50
*** jamesmcarthur has quit IRC02:56
*** jamesmcarthur has joined #zuul03:21
*** jamesmcarthur has quit IRC03:35
*** bhavikdbavishi has joined #zuul03:48
*** jamesmcarthur has joined #zuul03:50
*** bhavikdbavishi has quit IRC03:53
*** bhavikdbavishi1 has joined #zuul03:53
*** bhavikdbavishi1 is now known as bhavikdbavishi03:55
*** logan- has quit IRC04:08
*** dcastellani has quit IRC04:08
*** iamweswilson has quit IRC04:08
*** PrinzElvis has quit IRC04:08
*** mgoddard has quit IRC04:11
*** mgoddard has joined #zuul04:14
*** dcastellani has joined #zuul04:14
*** iamweswilson has joined #zuul04:14
*** PrinzElvis has joined #zuul04:14
*** mordred has quit IRC04:20
*** Eighth_Doctor has quit IRC04:20
*** masterpe has quit IRC04:20
*** logan- has joined #zuul04:33
*** ykarel has joined #zuul04:35
*** logan- has quit IRC04:36
*** jfoufas1 has joined #zuul04:36
*** logan- has joined #zuul04:38
*** vishalmanchanda has joined #zuul04:41
*** logan- has quit IRC04:54
*** logan- has joined #zuul04:57
*** jamesmcarthur has quit IRC05:04
*** jamesmcarthur has joined #zuul05:04
*** jamesmcarthur has quit IRC05:13
*** jamesmcarthur has joined #zuul05:13
*** jamesmcarthur has quit IRC05:18
*** evrardjp has quit IRC05:33
*** evrardjp has joined #zuul05:33
*** bhavikdbavishi has quit IRC05:37
*** bhavikdbavishi has joined #zuul05:37
*** jamesmcarthur has joined #zuul05:43
*** mordred has joined #zuul05:45
*** jamesmcarthur has quit IRC05:52
*** Eighth_Doctor has joined #zuul06:00
*** jamesmcarthur has joined #zuul06:05
*** jamesmcarthur has quit IRC06:16
*** jamesmcarthur has joined #zuul06:16
*** jamesmcarthur has quit IRC06:40
*** jamesmcarthur has joined #zuul06:41
*** jamesmcarthur has quit IRC06:46
*** bhavikdbavishi has quit IRC06:59
*** jamesmcarthur has joined #zuul07:11
*** piotrowskim has joined #zuul07:21
*** bhavikdbavishi has joined #zuul07:27
*** bhavikdbavishi1 has joined #zuul07:32
*** aprice has quit IRC07:32
*** bhavikdbavishi has quit IRC07:34
*** bhavikdbavishi1 is now known as bhavikdbavishi07:34
*** aprice has joined #zuul07:34
*** jcapitao has joined #zuul07:39
*** ikhan has joined #zuul07:40
*** bhavikdbavishi has quit IRC07:51
*** jamesmcarthur has quit IRC08:07
*** ykarel is now known as ykarel|lunch08:13
*** jamesmcarthur has joined #zuul08:19
*** jamesmcarthur has quit IRC08:27
*** rpittau|afk is now known as rpittau08:30
*** jamesmcarthur has joined #zuul08:38
*** tosky has joined #zuul08:43
*** yoctozepto5 has joined #zuul08:47
*** yoctozepto has quit IRC08:48
*** yoctozepto5 is now known as yoctozepto08:48
*** hashar has joined #zuul08:53
*** jpena|off is now known as jpena08:57
*** vishalmanchanda has quit IRC09:00
*** nils has joined #zuul09:08
*** jamesmcarthur has quit IRC09:12
*** ykarel|lunch is now known as ykarel09:14
*** bhavikdbavishi has joined #zuul09:20
*** bhavikdbavishi1 has joined #zuul09:22
*** bhavikdbavishi has quit IRC09:24
*** bhavikdbavishi1 is now known as bhavikdbavishi09:24
openstackgerritSorin Sbârnea proposed zuul/zuul-jobs master: Add tox-py39 job  https://review.opendev.org/c/zuul/zuul-jobs/+/76219210:14
*** jamesmcarthur has joined #zuul10:16
*** jamesmcarthur has quit IRC10:22
*** vishalmanchanda has joined #zuul10:28
*** ykarel_ has joined #zuul10:48
*** ykarel has quit IRC10:51
*** ykarel_ is now known as ykarel10:51
zbr5avass: tobiash: ^ please. tox-py39 is ready now and other changes depend on it. thanks.10:53
avasszbr5: lgtm10:59
zbr5not the most complex change i ever made :D10:59
*** yoctozepto5 has joined #zuul11:01
*** yoctozepto has quit IRC11:02
*** yoctozepto5 is now known as yoctozepto11:02
*** ianychoi_ has joined #zuul11:09
*** ianychoi__ has quit IRC11:12
*** masterpe has joined #zuul11:22
masterpeIn a call that I had with mnaser he mentioned that it is possible to use a multi-node. But can I then also use heat to deploy the networks, routers and other stuff for this?11:22
mnasermasterpe: yes, it’s possible but probably not super recommended. Better to stick to zuul multi node systems only11:24
*** msuszko has quit IRC11:27
*** jcapitao is now known as jcapitao_lunch11:28
masterpeBut then except that then everything flow's over the same network / subnet. I then can create a compute node, storage controllers and a deploy node?11:31
*** aluria has quit IRC11:36
*** aluria has joined #zuul11:39
*** hashar has quit IRC11:54
*** jamesmcarthur has joined #zuul12:20
*** jamesmcarthur has quit IRC12:27
*** rlandy has joined #zuul12:31
*** jpena is now known as jpena|lunch12:35
*** hashar has joined #zuul12:38
*** jcapitao_lunch is now known as jcapitao13:02
*** hashar has quit IRC13:15
*** zbr5 has quit IRC13:20
*** zbr has joined #zuul13:20
*** yoctozepto2 has joined #zuul13:27
*** yoctozepto has quit IRC13:28
*** yoctozepto2 is now known as yoctozepto13:28
openstackgerritTobias Henkel proposed zuul/zuul master: Perform per tenant locking in getStatus  https://review.opendev.org/c/zuul/zuul/+/77269513:50
openstackgerritMerged zuul/zuul-jobs master: Add tox-py39 job  https://review.opendev.org/c/zuul/zuul-jobs/+/76219213:54
*** jpena|lunch is now known as jpena14:01
*** bhavikdbavishi has quit IRC14:02
*** spotz has joined #zuul14:03
openstackgerritGuillaume Chauvel proposed zuul/zuul master: [DNM] TEST: Format all log entries on one line  https://review.opendev.org/c/zuul/zuul/+/77269714:06
openstackgerritAndy Ladjadj proposed zuul/zuul-jobs master: [ensure-python] install python version only if not present  https://review.opendev.org/c/zuul/zuul-jobs/+/77065614:07
*** yoctozepto8 has joined #zuul14:14
*** yoctozepto has quit IRC14:15
*** yoctozepto8 is now known as yoctozepto14:15
*** jamesmcarthur has joined #zuul14:24
jktmhu: re that insane proposal for a Gerrit plugin that proxies and authenticates users for access to Zuul that I sent to the ML, let me share my background here14:28
*** jamesmcarthur has quit IRC14:29
jktmhu: I'm afraid that the identity provier landscape is less rosy than what various projects say. I've seen IdP belonging to universities sending nonsense in the e-mail address fields14:29
jktmhu: and that's despite the fact that they are members of a federation which explicitly says that these bits are required, and that stuff will break without them14:30
jktmhu: also, and perhaps it's just me, but I like the "disaggregation" of identity maangement from group membership. Imagine a use case where we temporarily hire a student from a random university14:31
jktmhu: chances of having the university's IdP admin flipping some bits in their DB for indicating "student 123456 can access company-C's group ABC" are, in my opinion, close to zero14:32
jktso yeah, I proposed writng code for solving a policy/workflow/bureaucratic issue, but hey, that's what makes sense from where I'm standing14:32
*** tosky has quit IRC14:35
*** tosky has joined #zuul14:36
*** yoctozepto0 has joined #zuul14:41
*** yoctozepto has quit IRC14:41
*** yoctozepto0 is now known as yoctozepto14:41
*** jamesmcarthur has joined #zuul14:45
*** tosky has quit IRC14:50
*** tosky has joined #zuul14:50
*** irclogbot_1 has quit IRC14:55
*** irclogbot_2 has joined #zuul15:00
mhujkt: I guess there's theory (centralized authN/authZ with your IdP) and the real world15:11
mhuthat's a bummer because it means we'd need to get an ACL driver for every connection we support (gerrit, github, gitlab, pagure, etc)15:14
mhuinstead of just getting the info needed from the IdP15:15
*** ykarel_ has joined #zuul15:21
openstackgerritGuillaume Chauvel proposed zuul/zuul master: [DNM] TEST: Format all log entries on one line  https://review.opendev.org/c/zuul/zuul/+/77269715:22
*** ykarel has quit IRC15:23
*** sduthil has quit IRC15:32
*** zenkuro has quit IRC15:34
*** zenkuro has joined #zuul15:35
fungialso a number of the systems for which we have connection drivers may not expose their acls15:42
mhufungi, right - for gerrit, getting the groups of a given user might require privileged access to the REST API15:46
mhuI know for example I can access my groups onhttps://review.opendev.org/a/accounts/self/groups15:47
mhubut I can't check someone else's groups15:47
corvusmhu, jkt: i haven't made it all the way through the email thread yet, but a thought i had is that a way to implement what jkt wants may be to make a gerrit auth provider15:48
*** hashar has joined #zuul15:49
corvuslike, if the goal is for gerrit groups to determine what a user can do in zuul, then gerrit should act as an auth provider and export that group information that way.15:49
*** jamesmcarthur has quit IRC15:49
fungimight be doable as a gerrit plugin, right15:49
corvusyep15:49
mhushould there be an auth provider for every possible source? github and gitlab with oauth for example?15:51
*** zenkuro has quit IRC15:51
mhubut how would that work on tenants that have multiple sources?15:52
corvusmhu: i'm saying i don't think zuul needs to change; i agree with your assertion that group handling should be done by the idp, and that a way to solve jkt's problem is to make *gerrit* the idp15:52
fungi...with code in (or plugged into) gerrit itself, exposing standard auth{n,z} protocols15:53
corvusright15:53
*** sduthil has joined #zuul15:54
fungiand if people want pagure to also support that, it's just a patch (or several) away15:54
corvusi don't think that zuul should grow id integrations into sources; that conflicts with our goal of being multi-source.15:54
*** ykarel_ has quit IRC15:55
corvussure, though i think in the general case it's an anti-pattern; i think we all agree that generally some central auth system should be the source of truth.  but in jkt's specific case, there are bureaucratic obstacles.15:57
corvusperhaps anti-pattern is too strong... it's actually exactly what a user is likely to do with github15:57
corvus(github is both the authn and authz source)15:58
mhutrue, same for gitlab, and both can be used as IdPs15:58
mhubut for gerrit it feels backwards to me, since it always relies on a third party IdP for authentication (unless you're in dev mode and you can impersonate whoever you want)15:59
corvusi think the thing i think is unusual is when you have a central sso system (shib) but then choose to front it with an unrelated system (gerrit) to do authz.15:59
corvusmhu: yes, ideally gerrit and zuul both rely on $idp which provides group info to both.  iiuc jkt is saying they can't rely on group info from $sso and need it from gerrit.  i think in that case making gerrit the idp is a reasonable solution.  it's all done with open protocols and we don't end up with special case handling in zuul.16:01
corvusif someone is in a situation where both gerrit and zuul can rely on groups from $idp, then that's the better approach16:02
mhuwell gerrit's SAML auth plugin added support for group mapping last september16:03
corvusfwiw, when i was working on shib friends, there was software dedicated to group management so that flipping group bits for a user was an easy workflow16:03
corvushttps://www.incommon.org/software/grouper/ is one such16:04
tobiashzuul-maint: during peak load we have quite a lot timeouts on the status page in zuul web. This is targeted to optimize the thread locks for the status call to improve this part: https://review.opendev.org/c/zuul/zuul/+/77269516:07
tobiashwith that locks are per tenant and only block if the cacned status needs an update16:07
*** jamesmcarthur has joined #zuul16:08
jktcorvus, mhu: yup, gerrit as an IdP sounds reasonable16:12
jktto be honest, at $dayjob we do have a Magic Solution(TM) for this, it's a meta-idp-thingy which lets people do group control (well, attribute control...) in that extra magic IdP proxy16:13
jktbut all I know about that is that people have been working on that and maintaining the result for 5+ years, so it seems to me that it's a problem that's hard enough16:13
jktand given that it was about 666x easier for me to just set up these groups in Gerrit, I think there are probably more people like me out there :)16:14
fungiactually, getting group info from gerrit was one of the possible solutions we looked at in opendev to do group management for storyboard, though i think i've settled on structured data in git with a zuul job pushing updates to the storyboard api instead16:16
corvusjkt: yeah, people have been working on that problem for, literally, decades!  a friend of mine from berkeley started a cloud-based id identity company for higher-ed: https://www.cirrusidentity.com/16:18
*** wuchunyang has joined #zuul16:19
*** wuchunyang has quit IRC16:24
*** rpittau is now known as rpittau|afk16:24
*** jfoufas1 has quit IRC16:26
fungineat16:28
*** yoctozepto2 has joined #zuul16:28
*** yoctozepto has quit IRC16:29
*** yoctozepto2 is now known as yoctozepto16:29
*** dcastellani has quit IRC16:37
*** PrinzElvis has quit IRC16:37
*** stevthedev has quit IRC16:37
*** erbarr has quit IRC16:37
*** piotrowskim has quit IRC16:37
*** mwhahaha has quit IRC16:37
*** mnaser has quit IRC16:37
*** ChrisShort has quit IRC16:37
*** vishalmanchanda has quit IRC16:37
*** jbryce has quit IRC16:37
*** johnsom has quit IRC16:38
*** gmann has quit IRC16:38
*** Open10K8S has quit IRC16:38
*** donnyd has quit IRC16:38
*** aprice has quit IRC16:38
*** rpittau|afk has quit IRC16:38
*** guilhermesp has quit IRC16:38
*** webknjaz has quit IRC16:38
*** Shrews has quit IRC16:38
*** mnasiadka has quit IRC16:38
*** samccann has quit IRC16:38
*** ericsysmin has quit IRC16:38
*** maxamillion has quit IRC16:38
*** parallax has quit IRC16:38
*** iamweswilson has quit IRC16:38
*** johnsom has joined #zuul16:39
*** webknjaz has joined #zuul16:39
*** gouthamr has quit IRC16:40
*** iamweswilson has joined #zuul16:40
*** erbarr has joined #zuul16:40
*** gundalow has quit IRC16:40
*** vishalmanchanda has joined #zuul16:40
*** Shrews has joined #zuul16:41
*** donnyd has joined #zuul16:41
*** rpittau|afk has joined #zuul16:41
*** ericsysmin has joined #zuul16:41
*** stevthedev has joined #zuul16:42
*** piotrowskim has joined #zuul16:42
*** ChrisShort has joined #zuul16:42
*** guilhermesp has joined #zuul16:42
*** mwhahaha has joined #zuul16:44
*** jbryce has joined #zuul16:44
*** Open10K8S has joined #zuul16:45
*** aprice has joined #zuul16:45
*** gmann has joined #zuul16:45
*** mnaser has joined #zuul16:45
*** parallax has joined #zuul16:50
*** samccann has joined #zuul16:50
*** gouthamr has joined #zuul16:50
*** gouthamr has quit IRC16:50
*** mnasiadka has joined #zuul16:50
*** wuchunyang has joined #zuul16:53
*** mnasiadka has quit IRC16:55
*** parallax has quit IRC16:55
*** dcastellani has joined #zuul16:56
*** PrinzElvis has joined #zuul16:56
*** maxamillion has joined #zuul16:56
*** parallax has joined #zuul16:57
*** gundalow has joined #zuul16:57
*** mnasiadka has joined #zuul16:57
*** wuchunyang has quit IRC16:58
*** johanssone has quit IRC16:58
*** johanssone has joined #zuul17:01
*** samccann has quit IRC17:17
*** gundalow has quit IRC17:17
*** mnasiadka has quit IRC17:18
*** parallax has quit IRC17:18
*** samccann has joined #zuul17:18
*** gundalow has joined #zuul17:19
*** parallax has joined #zuul17:19
*** mnasiadka has joined #zuul17:20
*** hashar is now known as hasharAway17:26
*** jcapitao has quit IRC17:31
*** jamesmcarthur has quit IRC17:50
*** jamesmcarthur has joined #zuul17:51
*** hasharAway is now known as hashar17:56
*** jamesmcarthur_ has joined #zuul17:57
*** tosky has quit IRC17:58
*** jamesmcarthur_ has quit IRC17:58
*** tosky has joined #zuul17:58
*** jamesmcarthur has quit IRC17:59
*** vishalmanchanda has quit IRC18:00
*** mnasiadka has quit IRC18:00
*** jpena is now known as jpena|off18:00
*** ChrisShort has quit IRC18:00
*** ChrisShort has joined #zuul18:00
*** vishalmanchanda has joined #zuul18:01
*** mnasiadka has joined #zuul18:01
*** jamesmcarthur has joined #zuul18:02
*** fbo is now known as fbo|off18:02
*** iamweswilson has quit IRC18:04
*** iamweswilson has joined #zuul18:04
*** dcastellani has quit IRC18:04
*** dcastellani has joined #zuul18:05
*** vishalmanchanda has quit IRC18:08
*** mnasiadka has quit IRC18:13
*** ChrisShort has quit IRC18:14
*** dcastellani has quit IRC18:14
*** iamweswilson has quit IRC18:14
*** erbarr has quit IRC18:17
*** guilhermesp has quit IRC18:17
*** mnaser has quit IRC18:17
*** donnyd has quit IRC18:17
*** iamweswilson has joined #zuul18:18
*** donnyd has joined #zuul18:18
*** ChrisShort has joined #zuul18:18
*** mnaser has joined #zuul18:18
*** mnasiadka has joined #zuul18:18
*** dcastellani has joined #zuul18:18
*** guilhermesp has joined #zuul18:19
*** erbarr has joined #zuul18:19
*** gouthamr has joined #zuul18:20
*** iamweswilson has quit IRC18:24
*** dcastellani has quit IRC18:25
*** ChrisShort has quit IRC18:25
*** mnasiadka has quit IRC18:25
*** donnyd has quit IRC18:25
*** guilhermesp has quit IRC18:25
*** mnaser has quit IRC18:27
*** jamesmcarthur has quit IRC18:27
*** donnyd has joined #zuul18:28
*** ChrisShort has joined #zuul18:30
*** dcastellani has joined #zuul18:30
*** iamweswilson has joined #zuul18:31
*** guilhermesp has joined #zuul18:31
*** mnaser has joined #zuul18:32
*** mnasiadka has joined #zuul18:33
*** zbr0 has joined #zuul18:35
*** zbr has quit IRC18:37
*** zbr0 is now known as zbr18:37
*** iamweswilson has quit IRC18:54
*** mnasiadka has quit IRC18:54
*** guilhermesp has quit IRC18:54
*** mnaser has quit IRC18:55
*** hamalq has joined #zuul19:08
*** iamweswilson has joined #zuul19:14
*** gouthamr_ has joined #zuul19:18
*** mnaser has joined #zuul19:19
*** guilhermesp has joined #zuul19:20
*** mnasiadka has joined #zuul19:20
*** jamesmcarthur has joined #zuul19:24
*** paladox has quit IRC19:40
*** gouthamr_ has quit IRC19:40
*** mnaser has quit IRC19:40
*** guilhermesp has quit IRC19:40
*** mnasiadka has quit IRC19:40
*** mnasiadka has joined #zuul19:42
*** guilhermesp has joined #zuul19:42
*** mnaser has joined #zuul19:42
*** paladox has joined #zuul19:43
*** yoctozepto9 has joined #zuul19:50
*** yoctozepto has quit IRC19:51
*** yoctozepto9 is now known as yoctozepto19:51
openstackgerritTristan Cacqueray proposed zuul/zuul master: git: add missing TriggerInterface to the driver  https://review.opendev.org/c/zuul/zuul/+/77276920:35
*** iamweswilson has quit IRC20:43
*** hashar has quit IRC20:46
*** iamweswilson has joined #zuul20:49
*** jamesmcarthur has quit IRC21:12
*** jamesmcarthur has joined #zuul21:19
*** jamesmcarthur has quit IRC21:24
*** masterpe has quit IRC21:50
*** Eighth_Doctor has quit IRC21:50
*** mordred has quit IRC21:50
*** samccann has quit IRC21:54
*** ericsysmin has quit IRC21:55
*** samccann has joined #zuul21:56
*** ericsysmin has joined #zuul21:57
*** nils has quit IRC22:19
*** jamesmcarthur has joined #zuul22:29
*** jamesmcarthur has quit IRC22:34
*** rlandy has quit IRC22:47
*** piotrowskim has quit IRC23:31
*** masterpe has joined #zuul23:35
*** jamesmcarthur has joined #zuul23:38
*** jamesmcarthur has quit IRC23:45
*** Eighth_Doctor has joined #zuul23:57
*** mordred has joined #zuul23:57
« Tuesday, 2021-01-26 Index Thursday, 2021-01-28 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!