Wednesday, 2021-12-01

« Tuesday, 2021-11-30 Index Thursday, 2021-12-02 »
@y2kenny:matrix.orgwith required-project/override-checkout, what is the expected behaviour if I specify full ref like "refs/heads/some-release" or "refs/tags/some-release-tag"?00:48
@y2kenny:matrix.orgSeems like Zuul is not able to understand full ref and just checkout default silently.01:07
@jim:acmegating.comi believe it is not expecting the full ref01:14
@jim:acmegating.comit strips `refs/*/` from the start of any branches and tags when it inventories the refs in the repo for use by override-checkout01:15
@y2kenny:matrix.orgI did some experiment and it doesn't seem to stripes refs/*/01:16
@y2kenny:matrix.orgit seems to not able to see the ref and just checkout the default01:16
@y2kenny:matrix.orglike if I specify refs/heads/release1, the override will just checkout master01:22
@y2kenny:matrix.orgThis would also be an issue if branch and tag have the same name (not saying that's a good practice... but it can happen.)01:23
@jim:acmegating.comi agree, it doesn't strip refs/*/, i was trying to say it expects you to do that.01:29
@jim:acmegating.comit strips it on the comparison side, not the input01:29
@jim:acmegating.com(so if your git repo has refs/heads/foo then set override-checkout: foo)01:30
@y2kenny:matrix.orgok.  If there are refs/heads/foo and refs/tags/foo, is there a way to remedies the ambiguity?01:31
@y2kenny:matrix.orgremedy*01:32
@jim:acmegating.comi don't believe so.  i believe it will defer to git.01:34
@y2kenny:matrix.orgok thanks.01:35
-@gerrit:opendev.org- Zuul merged on behalf of Felix Edel: [zuul/zuul] 819408: Skip tests asserting on tenant reconfig results on multi scheduler https://review.opendev.org/c/zuul/zuul/+/81940801:36
-@gerrit:opendev.org- Zuul merged on behalf of Clark Boylan: [zuul/zuul] 819735: Add nonvoting multischeduler job https://review.opendev.org/c/zuul/zuul/+/81973502:49
@iwienand:matrix.orgzuul-maint: could i get some feedback on https://review.opendev.org/c/zuul/nodepool/+/818705 ; this checks dib is setting kernel flags correctly.  as noted inline, we introduce issues that mean things boot when built on gate dib images, but then don't boot when built externally03:51
@avass:vassast.orgClark: corvus Cool thanks. Shouldn't be any issue for us since we haven't put zuul into production yet, and getting 5.0 before that would be perfect :)07:46
-@gerrit:opendev.org- Albin Vass proposed: [zuul/nodepool] 820024: Add support for configuration runtimeClassName https://review.opendev.org/c/zuul/nodepool/+/82002413:17
-@gerrit:opendev.org- Albin Vass proposed: [zuul/nodepool] 820024: Openshift: Enable configuring runtimeClassName https://review.opendev.org/c/zuul/nodepool/+/82002413:23
-@gerrit:opendev.org- Albin Vass proposed: [zuul/nodepool] 820024: Openshift: Enable configuring runtimeClassName https://review.opendev.org/c/zuul/nodepool/+/82002413:26
-@gerrit:opendev.org- Albin Vass proposed: [zuul/nodepool] 820024: Openshift: Enable configuring runtimeClassName https://review.opendev.org/c/zuul/nodepool/+/82002413:33
@clarkb:matrix.orgcorvus: following up on https://review.opendev.org/c/zuul/zuul/+/818257 I'll try to update the change to address tobiash's comment but I wanted to make sure I understood yours better first. Can you check my question there?16:49
@spamaps:spamaps.ems.hostReally struggling to debug ansible problems with kubernetes hosts. I can't even run a basic ansible command on the executor.. 16:50
@spamaps:spamaps.ems.host```root@28053b26ad5f:/var/lib/zuul/builds/c79ab538a1dc4d9dba66019504b345ea# /usr/local/lib/zuul/ansible/2.9/bin/ansible -c kubectl -e ansible_kubectl_kubeconfig=$PWD/work/.kube/config -e ansible_kubectl_context=zuul -m setup -i ubuntu-pod, all16:51
+ /usr/local/lib/zuul/ansible/2.9/bin/ansible -c kubectl -e ansible_kubectl_kubeconfig=/var/lib/zuul/builds/c79ab538a1dc4d9dba66019504b345ea/work/.kube/config -e ansible_kubectl_context=zuul -m setup -i ubuntu-pod, all
ubuntu-pod | UNREACHABLE! => {
"changed": false,
"msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp `\"&& mkdir \"` echo ~/.ansible/tmp/ansible-tmp-1638377458.0963545-3360-181097587516921 `\" && echo ansible-tmp-1638377458.0963545-3360-181097587516921=\"` echo ~/.ansible/tmp/ansible-tmp-1638377458.0963545-3360-181097587516921 `\" ), exited with result 1",
"unreachable": true
}```
@spamaps:spamaps.ems.hostIf I copy/paste the command that it says failed.. it runs fine.16:53
@spamaps:spamaps.ems.hostAh wait, -vvv shows that's actually running on the pod.. derp16:54
@tobias.henkel:matrix.orgsounds like /tmp is not writable in the pod?17:07
@spamaps:spamaps.ems.hostStarting to think maybe the kubernetes support in Zuul and Ansible isn't well tested? Or maybe I'm just dumb. I can't get it to work and it feels like it is failing at a really low level. If anybody has tips, maybe a walkthrough, I'd appreciate it. My Zuul POC is falling apart because as much as I don't mind running on VMs.. our entire CI/CD is based on containers and I don't relish trying to get that working on VMs when I have a perfectly good k8s cluster.17:07
@jpew:matrix.orgI'm using k8s17:07
@spamaps:spamaps.ems.host```root@28053b26ad5f:/var/lib/zuul/builds/78129a8a35e0450aaa560a7133eaf23a# /usr/bin/kubectl exec -ti ubuntu-pod-0000000005 -- /bin/bash17:08
Defaulted container "ubuntu-pod" out of: ubuntu-pod, ffwd-java-shim
root@ubuntu-pod-0000000005:/# mkdir /tmp/foo
root@ubuntu-pod-0000000005:/#```
@spamaps:spamaps.ems.hostnope, /tmp, and ~/.ansible/tmp, work fine17:08
@spamaps:spamaps.ems.hostWhen I run the kubectl commands that -vvv prints out, myself, they work17:08
@spamaps:spamaps.ems.host```root@28053b26ad5f:/var/lib/zuul/builds/78129a8a35e0450aaa560a7133eaf23a# /usr/bin/kubectl exec -i ubuntu-pod-0000000005 -- /bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp `"&& mkdir "` echo ~/.ansible/tmp/ansible-tmp-1638378065.7739134-4574-248799323483403 `" && echo ansible-tmp-1638378065.7739134-4574-248799323483403="` echo ~/.ansible/tmp/ansible-tmp-1638378065.7739134-4574-248799323483403 `" ) && sleep 0'17:09
Defaulted container "ubuntu-pod" out of: ubuntu-pod, ffwd-java-shim
ansible-tmp-1638378065.7739134-4574-248799323483403=/root/.ansible/tmp/ansible-tmp-1638378065.7739134-4574-248799323483403
root@28053b26ad5f:/var/lib/zuul/builds/78129a8a35e0450aaa560a7133eaf23a#```
@spamaps:spamaps.ems.hostThe one thing I do notice...17:10
@spamaps:spamaps.ems.host```<ubuntu-pod-0000000005> EXEC ['/usr/bin/kubectl', 'exec', '-i', 'ubuntu-pod-0000000005', '--', '/bin/sh', '-c', '/bin/sh -c \'( umask 77 && mkdir -p "` echo ~/.ansible/tmp `"&& mkdir "` echo ~/.ansible/tmp/ansible-tmp-1638378594.8050508-5149-183244121444877 `" && echo ansible-tmp-1638378594.8050508-5149-183244121444877="` echo ~/.ansible/tmp/ansible-tmp-1638378594.8050508-5149-183244121444877 `" ) && sleep 0\'']```17:10
@spamaps:spamaps.ems.host`/bin/sh -c` twice after `--``17:11
@spamaps:spamaps.ems.host * `/bin/sh -c` twice after `--`17:11
@spamaps:spamaps.ems.hostIf I do that, I don't get exit code 1, I get a forever never returning kubectl.17:11
@tobias.henkel:matrix.orgI wonder why that's doing a double shell17:11
@jim:acmegating.comClark: replied17:13
@tobias.henkel:matrix.orgthe question is, does it fail because the command within the pod fails or does it already fail to do the kubectl exec17:13
@tobias.henkel:matrix.orgwhat does ansible tell you if you don't execute setup but just a shell task with a sleep?17:14
@clarkb:matrix.orgcorvus: is the concern that calling the abstract method will raise an exception and we'll retry a couple of times unnecessarily?17:15
@spamaps:spamaps.ems.host> <@tobias.henkel:matrix.org> what does ansible tell you if you don't execute setup but just a shell task with a sleep?17:16
same, because this is in the connection establishment phase. It hasn't even begun to try and run a module.
@spamaps:spamaps.ems.hostLike, it hasn't even copied setup to the container yet.17:17
@spamaps:spamaps.ems.hostOk I added *5* v's and I got a new error. Yay ansible.17:18
@clarkb:matrix.orgthe command that failed is using ~/.ansible/tmp not /tmp17:18
@spamaps:spamaps.ems.host> <@clarkb:matrix.org> the command that failed is using ~/.ansible/tmp not /tmp17:19
Both work fine
@spamaps:spamaps.ems.hostI got a new error finally..17:19
@spamaps:spamaps.ems.host`error: You must be logged in to the server (Unauthorized)\n",`17:19
@clarkb:matrix.orgok just checking as your example test above was for /tmp.17:19
@spamaps:spamaps.ems.hostOk so that's kubectl complaining.17:19
@spamaps:spamaps.ems.hostBut when I run it directly, it works.17:19
@spamaps:spamaps.ems.hostI do not get that error when I run kubectl directly. >:|17:20
@spamaps:spamaps.ems.host```<ubuntu-pod-0000000005> ESTABLISH kubectl CONNECTION17:21
ubuntu-pod-0000000005EXEC ['/usr/bin/kubectl', 'exec', '-i', 'ubuntu-pod-0000000005', '--', '/bin/sh', '-c', "/bin/sh -c 'echo ~zuul && sleep 0'"]
ubuntu-pod-0000000005EXEC ['/usr/bin/kubectl', 'exec', '-i', 'ubuntu-pod-0000000005', '--', '/bin/sh', '-c', '/bin/sh -c \'echo "`pwd`" && sleep 0\'']
ubuntu-pod-0000000005EXEC ['/usr/bin/kubectl', 'exec', '-i', 'ubuntu-pod-0000000005', '--', '/bin/sh', '-c', '/bin/sh -c \'( umask 77 && mkdir -p "` echo ~/.ansible/tmp `"&& mkdir "` echo ~/.ansible/tmp/ansible-tmp-1638379115.6251209-5724-266407412259585 `" && echo ansible-tmp-1638379115.6251209-5724-266407412259585="` echo ~/.ansible/tmp/ansible-tmp-1638379115.6251209-5724-266407412259585 `" ) && sleep 0\'']
ubuntu-pod | UNREACHABLE! => {
"changed": false,
"msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp `\"&& mkdir \"` echo ~/.ansible/tmp/ansible-tmp-1638379115.6251209-5724-266407412259585 `\" && echo ansible-tmp-1638379115.6251209-5724-266407412259585=\"` echo ~/.ansible/tmp/ansible-tmp-1638379115.6251209-5724-266407412259585 `\" ), exited with result 1, stderr output: error: You must be logged in to the server (Unauthorized)\n",
"unreachable": true
}
root@28053b26ad5f:/var/lib/zuul/builds/78129a8a35e0450aaa560a7133eaf23a#```
@spamaps:spamaps.ems.host * ```<ubuntu-pod-0000000005>17:21
ubuntu-pod-0000000005EXEC ['/usr/bin/kubectl', 'exec', '-i', 'ubuntu-pod-0000000005', '--', '/bin/sh', '-c', "/bin/sh -c 'echo ~zuul && sleep 0'"]
ubuntu-pod-0000000005EXEC ['/usr/bin/kubectl', 'exec', '-i', 'ubuntu-pod-0000000005', '--', '/bin/sh', '-c', '/bin/sh -c \'echo "`pwd`" && sleep 0\'']
ubuntu-pod-0000000005EXEC ['/usr/bin/kubectl', 'exec', '-i', 'ubuntu-pod-0000000005', '--', '/bin/sh', '-c', '/bin/sh -c \'( umask 77 && mkdir -p "` echo ~/.ansible/tmp `"&& mkdir "` echo ~/.ansible/tmp/ansible-tmp-1638379115.6251209-5724-266407412259585 `" && echo ansible-tmp-1638379115.6251209-5724-266407412259585="` echo ~/.ansible/tmp/ansible-tmp-1638379115.6251209-5724-266407412259585 `" ) && sleep 0\'']
ubuntu-pod | UNREACHABLE! => {
"changed": false,
"msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp `\"&& mkdir \"` echo ~/.ansible/tmp/ansible-tmp-1638379115.6251209-5724-266407412259585 `\" && echo ansible-tmp-1638379115.6251209-5724-266407412259585=\"` echo ~/.ansible/tmp/ansible-tmp-1638379115.6251209-5724-266407412259585 `\" ), exited with result 1, stderr output: error: You must be logged in to the server (Unauthorized)\n",
"unreachable": true
}
root@28053b26ad5f:/var/lib/zuul/builds/78129a8a35e0450aaa560a7133eaf23a#
```
@spamaps:spamaps.ems.hostOk I added in ANSIBLE_CONFIG= to use the zuul generated ansible.cfg and I get a slightly different manifestation of the same error.17:24
@jim:acmegating.comClark: no i mean make a new method on the base class so that we're not embedding source retry logic in the pipeline manager17:24
@spamaps:spamaps.ems.host```root@28053b26ad5f:/var/lib/zuul/builds/78129a8a35e0450aaa560a7133eaf23a# PYTHONPATH=/usr/local/lib/python3.8/site-packages ANSIBLE_CONFIG=ansible/playbook17:25
_0/ansible.cfg /usr/local/lib/zuul/ansible/2.9/bin/ansible -vvvvv -c kubectl -e ansible_kubectl_kubeconfig=$PWD/work/.kube/config -e ansible_kubectl_conte
xt=zuul-ci:zuul-worker/146-148-79-24 -m shell -a 'sleep 1' -i ansible/inventory.yaml all
@jim:acmegating.com(you can't just put it in the abstract method because that's the contract that the source class has to implement, and you don't want to duplicate the retry logic in every driver; though i would be okay with that)17:25
@spamaps:spamaps.ems.hostnew command.. and now I get this error...17:25
@spamaps:spamaps.ems.host```<ubuntu-pod> Attempting python interpreter discovery17:25
ubuntu-pod-0000000005ESTABLISH kubectl CONNECTION
ubuntu-pod-0000000005EXEC ['/usr/bin/kubectl', 'exec', '-i', 'ubuntu-pod-0000000005', '--', '/bin/sh', '-c', '/bin/sh -c \'echo PLATFORM; uname; echo FOUND; command -v \'"\'"\'/usr/bin/python\'"\'"\'; command -v \'"\'"\'python3.7\'"\'"\'; command -v \'"\'"\'python3.6\'"\'"\'; command -v \'"\'"\'python3.5\'"\'"\'; command -v \'"\'"\'python2.7\'"\'"\'; command -v \'"\'"\'python2.6\'"\'"\'; command -v \'"\'"\'/usr/libexec/platform-python\'"\'"\'; command -v \'"\'"\'/usr/bin/python3\'"\'"\'; command -v \'"\'"\'python\'"\'"\'; echo ENDFOUND && sleep 0\'']
[WARNING]: Unhandled error in Python interpreter discovery for host ubuntu-pod: unexpected output from Python interpreter discovery
ubuntu-podInterpreter discovery remote stderr:
error: You must be logged in to the server (Unauthorized)
Using module file /var/lib/zuul/ansible/2.9/zuul/ansible/library/command.py
Pipelining is enabled.
ubuntu-pod-0000000005EXEC ['/usr/bin/kubectl', 'exec', '-i', 'ubuntu-pod-0000000005', '--', '/bin/sh', '-c', "/bin/sh -c '/usr/bin/python && sleep 0'"]
[WARNING]: Platform unknown on host ubuntu-pod is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
ubuntu-pod | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"module_stderr": "error: You must be logged in to the server (Unauthorized)\n",
"module_stdout": "",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
@spamaps:spamaps.ems.hostRunning that exact /usr/bin/kubectl ... command does not return.17:26
@spamaps:spamaps.ems.hostAHA!17:28
@spamaps:spamaps.ems.host--kubeconfig was needed because ansible is silently setting the path to the right kubeconfig17:28
@tobias.henkel:matrix.orgthen kubectl directly is likely using a different kubeconfig17:28
@spamaps:spamaps.ems.hostit's using the executor's adminy kubeconfig17:28
@spamaps:spamaps.ems.hostOk so I can reproduce, Ok I'll debug without dumping it all here now. Honestly.. I wonder sometimes if ansible is worth it with containers.17:29
@tobias.henkel:matrix.orgEveryting in zuul is stuctured around ansible. I don't think it's feasible to replace it with something else17:30
@spamaps:spamaps.ems.hostI do think it could be, but I understand why it might sound radical. :)17:36
@jim:acmegating.comthere's an escape valve with zuul: have ansible run the thing you really want.  the problem here is that only a trusted playbook can run kubectl without yet another execution context.  i'd like to remove that restriction and we're working toward it.  removing gearman is a step in that direction.17:38
@clarkb:matrix.org> <@jim:acmegating.com> Clark: no i mean make a new method on the base class so that we're not embedding source retry logic in the pipeline manager17:40
Got it
@jim:acmegating.commeanwhile, zuul is the only system out there that can coordinate actions across bare metal, vms, and containers.  ansible is a big part of why it can do that.17:40
@jim:acmegating.comgiven that zuul is older than k8s, the flexibility to adopt to new systems has served us well17:43
@spamaps:spamaps.ems.host> <@jim:acmegating.com> there's an escape valve with zuul: have ansible run the thing you really want.  the problem here is that only a trusted playbook can run kubectl without yet another execution context.  i'd like to remove that restriction and we're working toward it.  removing gearman is a step in that direction.17:43
That escape valve hinges on me having enough access to my kubernetes cluster to even get Zuul and Nodepool to run things on it. So far, that's been a real slog.
@jim:acmegating.comspamaps: i mean, you should be able to write a job that just executes a kubectl command on the zuul executor.  then you're not dealing with ansible.17:44
@spamaps:spamaps.ems.hostI have a service account that is allowed access to one namespace only, and that's proving to be too restrictive I think.17:44
@spamaps:spamaps.ems.host> <@jim:acmegating.com> spamaps: i mean, you should be able to write a job that just executes a kubectl command on the zuul executor.  then you're not dealing with ansible.17:45
But then I'm also not dealing with nodepool which makes me t3h sad. ;)
@jim:acmegating.comit's not a practical solution because that requires a trusted playbook, but that's the thing i'd like to change.  and that's "merely" lifting a restriction.17:45
@tobias.henkel:matrix.orgspamaps: that's a point where I agree we should work on since the openshift pods driver supports exactly this use case17:45
@tobias.henkel:matrix.orgin this regard the k8s and openshift driver differ so we might want to harmonize them at some point regarding the functionality17:45
@spamaps:spamaps.ems.hostI could make a Deployment and Horizontal Pod Autoscaler.. and delete pods once I use them.. but man.. that sounds a lot like zuul and nodepool.17:45
@spamaps:spamaps.ems.hostI'm also like.. really struggling to figure out what permissions are needed for the openshiftpods to even work.17:46
@spamaps:spamaps.ems.hostI do have a sympathetic k8s cluster admin now.. so I can get more perms if need be.17:46
@spamaps:spamaps.ems.host(Or I can also run my own k8s cluster.. but ... please no)17:46
@tobias.henkel:matrix.orgI think that requires a real openshift cluster so it won't work on vanilla k8s17:47
@jpew:matrix.orgspamaps: https://review.opendev.org/c/zuul/zuul-operator/+/810498 ?17:47
@spamaps:spamaps.ems.host> <@jpew:matrix.org> spamaps: https://review.opendev.org/c/zuul/zuul-operator/+/810498 ?17:48
I can't run the operator. I do not have admin on the cluster.
@jpew:matrix.orgAh, ya. I was wondering if that was the bug you were seeing with kubeconfig, but if you aren't using the operator, probably not :)17:48
@spamaps:spamaps.ems.hostA request for perms to have CRDs in my namespace was aggressively opposed.17:48
@spamaps:spamaps.ems.hostThis k8s cluster serves about 20% of Spotify's backend.. so.. they're quite protective of it. :)17:49
@jpew:matrix.orgSure17:49
@tobias.henkel:matrix.orgI wonder if it's a good idea to mix that with ci tasks ;)17:49
@jpew:matrix.orgThat was my thought :)17:50
@spamaps:spamaps.ems.host(and collectively this is just one of about 12 identical clusters that serve more like 90% of Spotify's backend ... they have carved out permissions for the usual case.. not CI/CD)17:50
@spamaps:spamaps.ems.host> <@tobias.henkel:matrix.org> I wonder if it's a good idea to mix that with ci tasks ;)17:51
I wonder that too. :-/
@tobias.henkel:matrix.orgI just wonder if development infrastructure should be separated from real production services17:51
@spamaps:spamaps.ems.hostBut the only alternatives that exist is a staging cluster meant to be identical to prod, so that's not going to work, or roll your own.17:51
@tobias.henkel:matrix.orgI know my users and they can break everything ;)17:51
@jim:acmegating.comthere's certainly a school of thought that k8s clusters should be plentiful, and perhaps dedicated to tasks.  it's interesting to see that the opposite is also held -- that there should be 1 (or N for small values of N) to rule them all.17:52
@spamaps:spamaps.ems.hostThe permissions are extremely locked down. I'm sure we can break out, but.. I dunno, it doesn't concern anyone here to run CI on the same cluster.17:52
@tobias.henkel:matrix.orgI tend to like k8s as a service these days :)17:53
@tobias.henkel:matrix.org> <@jim:acmegating.com> there's certainly a school of thought that k8s clusters should be plentiful, and perhaps dedicated to tasks.  it's interesting to see that the opposite is also held -- that there should be 1 (or N for small values of N) to rule them all.17:54
that's what we're migrating towards
@spamaps:spamaps.ems.host> <@jim:acmegating.com> there's certainly a school of thought that k8s clusters should be plentiful, and perhaps dedicated to tasks.  it's interesting to see that the opposite is also held -- that there should be 1 (or N for small values of N) to rule them all.17:54
There are 12 clusters, 4 in each geo region (and about to be 20 because 2 new regions are coming) They are all identical. All namespaces are in all clusters. Apps are by default deployed on one cluster per region, and a provisioner decides which cluster you get at the time of your app creation.
@spamaps:spamaps.ems.hostOne might argue this cluster *is* dedicated to a single thing. Running java backends.17:54
@spamaps:spamaps.ems.hostAnd I'm a weirdo.. so I should probably accept my fate and make my own k8s cluster.17:54
@tobias.henkel:matrix.orgbut smaller clusters are only useful when using some kind of managed k8s17:54
@spamaps:spamaps.ems.hostBut.. that basically means Zuul comes to Spotify some time in 2023.17:54
@spamaps:spamaps.ems.hostBecause a new k8s cluster must have a host of security approvals to get access to the network where GHE lives.17:56
@spamaps:spamaps.ems.hostHonestly I'd probably be better off just squeezing our container CI jobs into docker commands on vms. I may do that actually.17:56
@tobias.henkel:matrix.orgI think such an architecture perfectly serves its main purpose which is reliably running production services at scale17:56
@spamaps:spamaps.ems.hostWe are on Google cloud, so we have GKE.. the management trouble comes at the networking level.17:57
@tobias.henkel:matrix.orgyay networking level, I feel your pain17:57
@spamaps:spamaps.ems.hostI have to get subnets.. and routes.. and firewall rules.17:57
@spamaps:spamaps.ems.hostThanks, y'all have talked me out of using kubernetes based jobs. ;)17:58
@tobias.henkel:matrix.orgwe have multi-step tunneling mechanisms in place to cope with networking when combining public cloud and on prem17:58
@tobias.henkel:matrix.org * we have multi-hop tunneling mechanisms in place to cope with networking when combining public cloud and on prem17:58
@tobias.henkel:matrix.org> <@spamaps:spamaps.ems.host> Honestly I'd probably be better off just squeezing our container CI jobs into docker commands on vms. I may do that actually.17:59
that's actually what many of our users do...
@spamaps:spamaps.ems.hostBut, I have to say.. if the only option for using Zuul with k8s is to have admin on the k8s.. it just raises the bar for what has rapidly become the way people run containers.  If somebody could write down exactly what is needed to use openshiftpods with a k8s cluster where you don't have admin.. that might change my mind. But right now, it feels like I'm blazing a trail, not following in footsteps.18:00
@spamaps:spamaps.ems.hostAnd I just don't have the time or resources to blaze a trail.18:00
@spamaps:spamaps.ems.hostThanks everyone for chiming in. It's been helpful!18:01
@tobias.henkel:matrix.orgI think we'd need to add the functionality of the openshiftpods driver to the k8s driver18:01
@tobias.henkel:matrix.orgmaybe with an option to get a namespace or not18:01
@tobias.henkel:matrix.orgopenshiftpods as is likely only works on openshift18:02
@spamaps:spamaps.ems.hostI am not sure it is openshiftpods' fault right now? The failure I'm at now is that the token that nodepool put in the port.. doesn't seem to work. Is that some missing openshift magic? Or do I just need to figure out how to bind the right role to the right service account?18:02
@spamaps:spamaps.ems.hostI guess my point is, fumbling around, asking in this chat room, isn't going to get us to a working solution quick enough to matter. I need something to start running jobs ... now.18:03
@spamaps:spamaps.ems.hostI was hoping somebody would point me at a blog post or a guide in the docs that says "so you have a k8s namespace and you want to zuul with it."18:04
@spamaps:spamaps.ems.hostAnyway.. I'm backing away from k8s slowly now. Onward to VMs. Thanks again. Have to context switch now. :(18:05
@avass:vassast.orgHeh, I've convinced my infra team to give us Kata containers on our private openshift just so we can run docker workloads inside pods :)18:11
@jim:acmegating.comAlbin Vass: i think you win container bingo18:16
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul] 817495: Use merger API for merger stats https://review.opendev.org/c/zuul/zuul/+/81749518:36
-@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed:20:44
- [zuul/zuul] 808041: [web] Pagination in builds, buildsets search https://review.opendev.org/c/zuul/zuul/+/808041
- [zuul/zuul] 820066: Update patternfly/react-core to 4.175.11 https://review.opendev.org/c/zuul/zuul/+/820066
@mhuin:matrix.org^this is not API-breaking anymore \o/ however I still want to improve search by using indexes rather than offsets. More on that tomorrow!20:45
-@gerrit:opendev.org- Clark Boylan proposed: [zuul/zuul] 818257: Retry dependency update requests https://review.opendev.org/c/zuul/zuul/+/81825721:44
@clarkb:matrix.orgcorvus: tobiash ^ thank you for the feedback I think that addresses your comments21:44
-@gerrit:opendev.org- Zuul merged on behalf of Ian Wienand: [zuul/nodepool] 818705: functional test: check DIB kernel flags https://review.opendev.org/c/zuul/nodepool/+/81870522:31
@jim:acmegating.comClark, tobiash i think i found the cause of the issue in #opendev (the periodic pipeline is stuck because there's a change missing from the change cache).  this is subtle.22:49
@jim:acmegating.comafter every pipeline run we save a list of changes in the pipeline for quick reference later.  we use that list when pruning the change cache so that we don't delete changes that are still in pipelines.22:50
@jim:acmegating.combut we remove change queues during pipeline processing, and i think we may skip over change queue N if we remove N-1 (because we mutate the list).  if we do that, we won't record change N in the list of changes in the pipeline.22:51
@clarkb:matrix.orgoh interesting22:51
@jim:acmegating.comso basically, if scheduler A completes processing of a queue item right before scheduler B prunes the cache, we might delete a change from the cache that we shouldn't.  but it corrects on the next pass, so the timing has to be just right (and it was during this mornings periodic runs)22:52
@jim:acmegating.comi'll work on a fix.  i'm not hopeful that we'll be able to test this :/22:52
@clarkb:matrix.orgok then I guess we'd try restarting after the fix lands?22:53
@clarkb:matrix.orgianw: ^ fyi since you indicated you could help too22:53
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed:23:42
- [zuul/zuul] 820079: Fix mutation while iterating over queues https://review.opendev.org/c/zuul/zuul/+/820079
- [zuul/zuul] 820080: Handle more than 1024 changes in the pipeline change list https://review.opendev.org/c/zuul/zuul/+/820080
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 820080: Handle more than 1024 changes in the pipeline change list https://review.opendev.org/c/zuul/zuul/+/82008023:43
@jim:acmegating.comClark: ^ the first change is our immediate problem; the second is something that could eventually be a problem.  i think merging the first asap is okay but would like to give tobiash a chance to consider 820080 before we approve it23:44
@clarkb:matrix.orgok I'll take a look as soon as the restart is complete23:45
@jim:acmegating.comthe first change has a fantastic 416:1 commit-message:change ratio for character counts.23:46
@mordred:inaugust.com> <@jim:acmegating.com> the first change has a fantastic 416:1 commit-message:change ratio for character counts.23:59
It is truly glorious
« Tuesday, 2021-11-30 Index Thursday, 2021-12-02 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!