Tuesday, 2022-02-15

-@gerrit:opendev.org- Ian Wienand proposed: [zuul/zuul-jobs] 828818: encrypt-file : role to encrypt a file https://review.opendev.org/c/zuul/zuul-jobs/+/82881800:06
-@gerrit:opendev.org- Ian Wienand proposed: [zuul/zuul-jobs] 828818: encrypt-file : role to encrypt a file https://review.opendev.org/c/zuul/zuul-jobs/+/82881800:14
-@gerrit:opendev.org- Ian Wienand proposed: [zuul/zuul-jobs] 828818: encrypt-file : role to encrypt a file https://review.opendev.org/c/zuul/zuul-jobs/+/82881800:49
-@gerrit:opendev.org- Ian Wienand proposed: [zuul/zuul-jobs] 828818: encrypt-file : role to encrypt a file https://review.opendev.org/c/zuul/zuul-jobs/+/82881801:51
-@gerrit:opendev.org- Tobias Henkel proposed: [zuul/zuul] 829166: Document max jitter value in timer driver https://review.opendev.org/c/zuul/zuul/+/82916608:17
@sshnaidm:matrix.orgIs there a way to disable (or not to require) TLS between zuul and zk? I run it in testing environment and don't want to deal with keys and certs.10:59
@sshnaidm:matrix.orgtristanC: ^^10:59
@tristanc_:matrix.orgsshnaidm: TLS is mandatory, but it's easy to setup using https://opendev.org/zuul/zuul/src/branch/master/tools/zk-ca.sh12:18
@sshnaidm:matrix.orgtristanC: thanks, and what is meant by FQDN - zk server FQDN?12:36
@tristanc_:matrix.orgit should match the zk server value in the zuul.conf12:43
@sshnaidm:matrix.orgtristanC: I've generated keys and set zuul.conf like that: https://paste.opendev.org/show/bPaVzEveCQA1vykMpkYa/  but has tls errors in logs of zk and scheduler. Is this config correct?15:02
@sshnaidm:matrix.orgkeys dir looks like that: https://paste.opendev.org/show/b23iGnj8AL1ejV5cFOsm/15:03
@tristanc_:matrix.orgsshnaidm: that seems correct, though in our zuul we set the zookeeper port. here is the config setup by software-factory: https://softwarefactory-project.io/cgit/software-factory/sf-config/tree/ansible/roles/sf-zuul/templates/zuul.conf.j2 and https://softwarefactory-project.io/cgit/software-factory/sf-config/tree/ansible/roles/sf-zookeeper/templates/zoo.cfg.j215:03
@sshnaidm:matrix.orgI have errors like:15:16
```
2022-02-15 15:15:24,290 - kazoo.client - INFO - Connecting to zk(127.0.0.1):2181, use_ssl: True
2022-02-15 15:15:24,294 - kazoo.client - WARNING - Connection dropped: socket connection error: EOF occurred in violation of protocol (_ssl.c:1131)
2022-02-15 15:15:24,695 - kazoo.client - WARNING - Failed connecting to Zookeeper within the connection retry policy.
2022-02-15 15:15:24,695 - kazoo.client - INFO - Zookeeper session closed, state: CLOSED
```
@tristanc_:matrix.orgsshnaidm: if i remember correctly, the tls port is 228115:21
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 829310: wip: release tenant read lock early in case of reconfig https://review.opendev.org/c/zuul/zuul/+/82931015:26
-@gerrit:opendev.org- Benjamin Schanzel proposed: [zuul/zuul] 829339: Unpin github3.py<3.0.0 requirement https://review.opendev.org/c/zuul/zuul/+/82933915:44
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 829384: Add buildset start/end db columns https://review.opendev.org/c/zuul/zuul/+/82938417:18
@sshnaidm:matrix.orgtristanC: the problem was that zk container user is zookeeper and it couldn't read /var/certs mounted to container 🤷‍♂️17:37
@tristanc_:matrix.orgsshnaidm: are you sharing the directory with `:z`, as shown in https://opendev.org/zuul/zuul/src/branch/master/doc/source/examples/docker-compose.yaml ?18:12
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 829384: Add buildset start/end db columns https://review.opendev.org/c/zuul/zuul/+/82938418:32
@jim:acmegating.comfungi: request for clarification on https://review.opendev.org/828888 when you get a min18:51
@jim:acmegating.commordred, tobiash, anyone else: i'd love to hear you thoughts on whether it's better to duplicate data or add a db join in this case: https://review.opendev.org/82938418:53
@clarkb:matrix.orgcorvus: it would be a join that would then need to be filtered for min and max values?18:54
@jim:acmegating.comClark: yeah, i'd probably just get the full set of builds and iterate in python.  that's easy to do with sqlalchemy.  though there is probably a really clever way to get just those 2 values in sql, i don't know how to do it in sql and i don't know how to make sqlalchemy do it either, so that sounds like a bit of a potential rabbit hole.19:00
@jim:acmegating.comif that sounds worthwhile, i can try to dig into that though.19:01
@clarkb:matrix.orgConsidering the number of records we should get back per buildset optimizing the filter doesn't seem necessary. I just wanted to make sure I understood the mechanism there19:02
@tobias.henkel:matrix.orgI'd also vote for duplicating that data. It's much simpler and likely avoids additional runtime overhead for the join19:07
-@gerrit:opendev.org- Zuul merged on behalf of Simon Westphahl: [zuul/zuul] 829018: Don't block tenant list on empty pipeline summary https://review.opendev.org/c/zuul/zuul/+/82901819:42
-@gerrit:opendev.org- Zuul merged on behalf of Dong Zhang: [zuul/zuul] 828823: Fix Job page error when semaphores is not empty https://review.opendev.org/c/zuul/zuul/+/82882319:53
@fungicide:matrix.org> <@jim:acmegating.com> fungi: request for clarification on https://review.opendev.org/828888 when you get a min19:55
i've replied, should we be looking at taking advantage of that auto-reconfiguring of tenant config updates in opendev? right now we still explicitly trigger a smart-reconfigure any time we replace the main.yaml
-@gerrit:opendev.org- Zuul merged on behalf of Jeremy Stanley https://matrix.to/#/@fungicide:matrix.org: [zuul/zuul] 828596: Better document service command-line switches https://review.opendev.org/c/zuul/zuul/+/82859620:02
@jim:acmegating.comfungi: sorry, i may not be communicating well.  everyone (opendev included) should run "zuul-scheduler smart-reconfigure" on main.yaml updates, so no change there.  it's just that if you restart the scheduler, it does that automatically in zuulv5 (to approximate the v3 behavior).20:09
@fungicide:matrix.orgthanks, that makes more sense. i'll try to adapt the text to make it clearer that you don't need to reconfigure if restarting20:11
@jim:acmegating.comfungi: and likewise you do need to reconfigure when operating normally and not restarting.  i think that will cover it.20:11
@jim:acmegating.comfungi: but also, we don't want to lead people to think that a restart is needed :)20:12
@fungicide:matrix.orgperfect, i can work with that. thanks again!20:12
@mordred:inaugust.comcorvus: I agree with tobiash and Clark - duplicating++20:18
-@gerrit:opendev.org- Jeremy Stanley https://matrix.to/#/@fungicide:matrix.org proposed: [zuul/zuul] 828888: Add a reconfig reminder to tenant config doc https://review.opendev.org/c/zuul/zuul/+/82888820:53
@fungicide:matrix.orgcorvus: ^ hopefully that's closer now?20:55
@jim:acmegating.comfungi: looks great!21:24
@fungicide:matrix.orgthanks!21:24
@jpew:matrix.orgOur Zuul instance interacts with another system that requires you to lock and unlock resources as part of it's testing.... is there a way to make the unlocking part robust in the face of Zuul node failures and/or jobs restarting?22:56
@jpew:matrix.orgI have the unlock in a cleanup-run playbook, so it works great in the normal case where nothing goes wrong22:56
@jpew:matrix.orgbut, if the (openstack) node zuul is using disappears (sadly this happens...), or zuul itself restarts and decides to re-run the job (which is awesome!) it will just wait until it times out because the resource is still locked22:57
@clarkb:matrix.orgjpew: for the openstack node disappearing one method is to use a lock mechanism that automatically unlocks when the connection holding it goes away. This is how zookeeper locks can function for example. A long time ago there was a hardware testing setup taht opendev tied into that used gearman in a similar way. Basically you only have the lock if you can maintain a tcp connection the entire time.23:45
@clarkb:matrix.orgAnother option is to tie the locking and unlocking into the nodepool resource acquisition somehow. Hardware resources could be enrolled into ironic for example and then managed like VMs. Or static nodes directly addressed in nodepool23:47

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!