Tuesday, 2022-04-12

« Monday, 2022-04-11 Index Wednesday, 2022-04-13 »
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul-jobs] 837416: Add per-build WinRM cert generation https://review.opendev.org/c/zuul/zuul-jobs/+/83741600:43
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed:00:54
- [zuul/zuul] 837420: Remove unused ansible modules https://review.opendev.org/c/zuul/zuul/+/837420
- [zuul/zuul] 837436: Remove unused remote module tests https://review.opendev.org/c/zuul/zuul/+/837436
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/nodepool] 837385: Add more debug info to AWS driver https://review.opendev.org/c/zuul/nodepool/+/83738501:38
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul] 835464: Add a blob store and store large secrets in it https://review.opendev.org/c/zuul/zuul/+/83546401:51
@g_gobi:matrix.orgHi,04:20
Is there any doc or reference available for view all available fields in pipeline and change in start-message?
https://zuul-ci.org/docs/zuul/latest/config/pipeline.html#attr-pipeline.start-message
@iwienand:matrix.orgGobi G it seems you've found the doc page, could you expand on what else you're looking for?04:35
@g_gobi:matrix.orgianw: I tried to use 'change' attribute but it printed as python object. So, I need details about what are all the available attributes in change. 04:39
@g_gobi:matrix.org * ianw: I tried to use 'change' attribute but it printed as python object (<zuul.model.Attributes object at 0x7ff7c45121f0>). So, I need details about what are all the available attributes in change.04:40
@g_gobi:matrix.org * ianw: I tried to use 'change' attribute but it printed as python object (\<zuul.model.Attributes object at 0x7ff7c45121f0>). So, I need details about what are all the available attributes in change object.04:41
@iwienand:matrix.orgoh right, yeah that looks like a doc bug really, it should note the fields04:41
@iwienand:matrix.orgtry "start-message: Jobs started in {pipeline.name} for {change.number},{change.patchset}."04:41
@g_gobi:matrix.orgianw: Thanks🙂. 04:42
@g_gobi:matrix.orgLooks like these are available fields:04:49
scheduler_1 | pipeline: {'name': 'gate'}
scheduler_1 | change: {'project': <Project root/test1>, 'number': 15, 'patchset': '06aec488ef2a2dcd59a16d3ebf70007b7d1275d3'}
@iwienand:matrix.orgyeah, it calls getSafeAttributes() on the pipeline/change object, and then uses format() on that04:55
@iwienand:matrix.orgbut in the process of getSafeAttributres(), it looses the __repr__ for the original object04:55
-@gerrit:opendev.org- Ron Izraeli proposed: [zuul/zuul] 837319: dependencies-by-topic changes should be updated when new patch-sets are created. https://review.opendev.org/c/zuul/zuul/+/83731905:11
-@gerrit:opendev.org- Ron Izraeli proposed: [zuul/zuul] 837319: dependencies-by-topic changes should be updated when new patch-sets are created. https://review.opendev.org/c/zuul/zuul/+/83731905:19
-@gerrit:opendev.org- Ian Wienand proposed:06:26
- [zuul/zuul] 837458: Give default string values to getSafeAttributes https://review.opendev.org/c/zuul/zuul/+/837458
- [zuul/zuul] 837459: doc: uncap sphinx https://review.opendev.org/c/zuul/zuul/+/837459
@iwienand:matrix.orgGobi G: ^ 837458 should help future people hitting this :)06:27
-@gerrit:opendev.org- Ian Wienand proposed: [zuul/zuul] 837459: doc: uncap sphinx https://review.opendev.org/c/zuul/zuul/+/83745906:27
-@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] 837407: client: generate a token silently if possible and needed https://review.opendev.org/c/zuul/zuul/+/83740706:30
-@gerrit:opendev.org- Guillaume Chauvel proposed: [zuul/zuul] 762887: Improve and fix merger getFilesChanges https://review.opendev.org/c/zuul/zuul/+/76288707:42
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 837506: Don't overwrite result data in compat mode https://review.opendev.org/c/zuul/zuul/+/83750609:12
-@gerrit:opendev.org- Albin Vass proposed: [zuul/zuul] 837559: Add feature to exclude a branch pattern from tenant https://review.opendev.org/c/zuul/zuul/+/83755912:44
@avass:vassast.orgI don't know how many people react to gerritbot sending updates about changes to the channel, but I have a feeling that it would be good if wip changes showed up as wip in matrix :) tristanC  ?12:50
@avass:vassast.organyway if anyone feels like they got time to do some reviews later I have a couple of changes ready: 833001, 836022, 833353, 835019, 831933, 82397812:53
@fungicide:matrix.org> <@iwienand:matrix.org> mnaser: lmn if you're trying to build manylinux wheels too; i have some experience with that from pyca/cryptography and would be interested in anything we can do to make any bits of it more generic and zuul-job-sy13:00
late last week, timburke expressed an interest in doing something similar in opendev for the swift team's pyeclib packages, since they build c extensions (right now it's only distributed as an sdist). we talked through what the job dependency graph might look like in order to be able to upload the sdist and wheels for multiple architectures to pypi simultaneously even after building them in separate jobs
@clarkb:matrix.orgAlbin Vass: I'll try to take a look once the kids are at school13:04
@avass:vassast.orgClark: thanks!13:04
@fungicide:matrix.org> <@mnaser:matrix.org> I think because we're maybe one of the first ones who make use of the `docker_registry` variable (since we are trying to push to Google Artifact Registry and not Docker Hub)13:10
looks like airship may have been using it in opendev for pushing images to quay? https://opendev.org/airship/image-builder/src/branch/master/zuul.d/projects.yaml#L3
@mnaser:matrix.org> <@fungicide:matrix.org> looks like airship may have been using it in opendev for pushing images to quay? https://opendev.org/airship/image-builder/src/branch/master/zuul.d/projects.yaml#L313:12
https://opendev.org/airship/image-builder/src/branch/master/playbooks/airship-image-builder-build.yaml
I don’t think they actually use the role though :)
@fungicide:matrix.orgoh, yep, it's just a similarly-named var13:14
@fungicide:matrix.orgi guess they rolled theor own mechanism13:14
@fungicide:matrix.org * i guess they rolled their own mechanism13:18
@tristanc_:matrix.orgAlbin Vass: for sure, i think we could use an extra event type for that13:29
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/nodepool] 837567: Fix default python paths in aws, azure, ibmvpc drivers https://review.opendev.org/c/zuul/nodepool/+/83756713:34
@tristanc_:matrix.org * Albin Vass: for sure, how about adding `wip` to the verb, e.g. `$author proposed wip: $change` ?13:37
@avass:vassast.org> <@tristanc_:matrix.org> Albin Vass: for sure, how about adding `wip` to the verb, e.g. `$author proposed wip: $change` ?13:54
Yup, works for me
@tristanc_:matrix.orgAlbin Vass: here it is: https://softwarefactory-project.io/r/c/software-factory/gerritbot-matrix/+/2458014:00
-@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] 837407: client: generate a token silently if possible and needed https://review.opendev.org/c/zuul/zuul/+/83740714:10
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed:14:11
- [zuul/zuul] 837436: Remove unused remote module tests https://review.opendev.org/c/zuul/zuul/+/837436
- [zuul/zuul] 837420: Remove unused ansible modules https://review.opendev.org/c/zuul/zuul/+/837420
- [zuul/zuul] 837421: Remove localhost restriction from command.py https://review.opendev.org/c/zuul/zuul/+/837421
- [zuul/zuul] 837422: Remove workspace path check from zuul_return https://review.opendev.org/c/zuul/zuul/+/837422
- [zuul/zuul] 837423: Remove unused functions from zuul.ansible.paths https://review.opendev.org/c/zuul/zuul/+/837423
- [zuul/zuul] 837424: Remove actiongeneral / actiontrusted dirs https://review.opendev.org/c/zuul/zuul/+/837424
- [zuul/zuul] 837425: Remove plugin tests https://review.opendev.org/c/zuul/zuul/+/837425
- [zuul/zuul] 837426: Remove executor plugin checks https://review.opendev.org/c/zuul/zuul/+/837426
- [zuul/zuul] 837427: Add docs about additional security considerations https://review.opendev.org/c/zuul/zuul/+/837427
- [zuul/zuul] 837428: Remove unrestricted Ansible spec https://review.opendev.org/c/zuul/zuul/+/837428
@mnaser:matrix.orgsmall question wrt the dropping restrictions, i'm wondering if thought was given to the cpu usage aspect of things14:32
@mnaser:matrix.orglike, what if i just ran a compilation on hosts: localhost14:32
@mnaser:matrix.orgi guess you still dont have root so its kinda hard to have packages show up in there, but it doesnt stop perhaps someone doing something that exhausts resources on zuul-executor (perhaps even accidentally?)14:33
@jim:acmegating.commnaser: yes, that was considered; tldr: 1) ask users not to do that please.  2) we will probably look into the possibility of using cgroups limits.14:37
@mnaser:matrix.org> <@jim:acmegating.com> mnaser: yes, that was considered; tldr: 1) ask users not to do that please.  2) we will probably look into the possibility of using cgroups limits.14:38
okay cool, i figured, i quickly scanned the spec again but didn't see anything referring to that
@mnaser:matrix.orgregardless, i'm pretty excited to see this land :)14:38
-@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] 837407: client: generate a token silently if possible and needed https://review.opendev.org/c/zuul/zuul/+/83740714:41
-@gerrit:opendev.org- Zuul merged on behalf of Albin Vass: [zuul/zuul] 836022: Document prometheus_port, prometheus_addr for all components https://review.opendev.org/c/zuul/zuul/+/83602214:52
-@gerrit:opendev.org- Zuul merged on behalf of Albin Vass: [zuul/zuul] 833353: Don't stream async tasks https://review.opendev.org/c/zuul/zuul/+/83335315:00
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed:15:52
- [zuul/zuul] 837424: Remove actiongeneral / actiontrusted dirs https://review.opendev.org/c/zuul/zuul/+/837424
- [zuul/zuul] 837425: Remove plugin tests https://review.opendev.org/c/zuul/zuul/+/837425
- [zuul/zuul] 837426: Remove executor plugin checks https://review.opendev.org/c/zuul/zuul/+/837426
- [zuul/zuul] 837427: Add docs about additional security considerations https://review.opendev.org/c/zuul/zuul/+/837427
- [zuul/zuul] 837428: Remove unrestricted Ansible spec https://review.opendev.org/c/zuul/zuul/+/837428
@clarkb:matrix.orgAlbin Vass: note on https://review.opendev.org/c/zuul/zuul/+/83300116:00
@clarkb:matrix.orgcorvus: you didn't remove your +A from https://review.opendev.org/c/zuul/zuul/+/831933/ so it can merge if rechecked. Not sure if that was intentional16:06
@pabelanger:matrix.orgI noticed zuul-operator moved away from using https://olm.operatorframework.io/ based operators towards kopf (unsupported by olm). Is there a place where that was documented?16:09
@clarkb:matrix.orgpabelanger: the commit that switched, eff9f360f79849e59a0d924bfa8fe12f2b384c51, has details on why the switch happened16:23
@clarkb:matrix.orgcorvus: https://review.opendev.org/c/zuul/nodepool/+/837567 seems straightforward enough for a single core approval but I didn't do that as I don't use any of the providers that are being updated. Figured it would be good if at least of the users of those drivers could indicates this is fine for them. I think the behavior when python path is auto vs None is roughyl the same?16:26
@jim:acmegating.comClark: was not intentional, thx16:34
@jim:acmegating.comClark: no, it's an error if it's None (i think it gets set as a literal null)16:36
@clarkb:matrix.orgah16:39
@pabelanger:matrix.orgClark: thanks, is opendev using the zuul-operator in production?16:48
@clarkb:matrix.orgpabelanger: we are not.16:48
@pabelanger:matrix.orgack, thanks16:48
@clarkb:matrix.orgWe don't use kubernetes because it turns out "get a kubernetes" is still somehwat of an unsolved problem if you aren't on one of the major public clouds. Or at least every time we've attempted it its been an exercise in frustration16:49
@pabelanger:matrix.orgindeed, been doing work on AKS (azure) the last 8 months. So far, has been okay, but don't manage it16:52
@pabelanger:matrix.orgEKS, another story16:52
@blaisep-sureify:matrix.org> <@clarkb:matrix.org> We don't use kubernetes because it turns out "get a kubernetes" is still somehwat of an unsolved problem if you aren't on one of the major public clouds. Or at least every time we've attempted it its been an exercise in frustration16:55
Ummmm, I have a lot of k8s, do you need some?
@avass:vassast.org> <@clarkb:matrix.org> Albin Vass: note on https://review.opendev.org/c/zuul/zuul/+/83300116:58
Oops will fix
@clarkb:matrix.orgBlaise Pabon: I think we'd probably be happy to try dabbling again. The main issues have always been "day 2" management stuff like k8s upgrades. Though we've gotten really good at using docker-compose + VMs as well. I expect that migration wouldn't be too difficult if we wanted to try that. I just don't want to promise anything as it will likely take some feeling out :)16:58
@blaisep-sureify:matrix.org> <@clarkb:matrix.org> Blaise Pabon: I think we'd probably be happy to try dabbling again. The main issues have always been "day 2" management stuff like k8s upgrades. Though we've gotten really good at using docker-compose + VMs as well. I expect that migration wouldn't be too difficult if we wanted to try that. I just don't want to promise anything as it will likely take some feeling out :)17:02
I can arrange to give you remote access. Yes, "day 2" is things get real. TL;DR: K8s is a framework for building platforms, so if you're just using the vanilla disto, you'll have a lot of decisions to make.
@blaisep-sureify:matrix.orgClark: Disclosure, I'm just an old guy with a lot of compute in his garage. Service levels are "best effort"17:03
@clarkb:matrix.orgah gotcha. For that sort of setup it may make the most sense to point our nodepool at a k8s there and use it for test nodes. Then if best effort loses power due to a snow storm (this was our yesterday around here) it isn't a big deal17:05
@clarkb:matrix.organd that can be a good way to learn about tooling needs if/when we restart efforts to use k8s for production services17:05
-@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] 837407: client: generate a token silently if possible and needed https://review.opendev.org/c/zuul/zuul/+/83740718:28
-@gerrit:opendev.org- Albin Vass proposed: [zuul/zuul] 833001: Allow using 'unique' workspace scheme in jobs https://review.opendev.org/c/zuul/zuul/+/83300119:09
@avass:vassast.orgClark: fixed ^ 19:29
@clarkb:matrix.org+2 thanks19:31
@iwienand:matrix.org> <@fungicide:matrix.org> late last week, timburke expressed an interest in doing something similar in opendev for the swift team's pyeclib packages, since they build c extensions (right now it's only distributed as an sdist). we talked through what the job dependency graph might look like in order to be able to upload the sdist and wheels for multiple architectures to pypi simultaneously even after building them in separate jobs19:37
ahh, yes afaik the cryptography side bumps that issue by having a person in the loop. i've certainly offered to put secrets in zuul to allow automated release, but not something we've gone with, yet
-@gerrit:opendev.org- Albin Vass proposed: [zuul/zuul] 831933: gerritdriver: enable triggering on wip state https://review.opendev.org/c/zuul/zuul/+/83193319:43
@avass:vassast.orgcorvus: fixed ^ 19:44
@avass:vassast.org> <@tristanc_:matrix.org> Albin Vass: here it is: https://softwarefactory-project.io/r/c/software-factory/gerritbot-matrix/+/2458019:45
I guess that looks good, though I haven't gotten any time to wrap my head around haskell yet so I can't say much about the code :)
-@gerrit:opendev.org- Zuul merged on behalf of Albin Vass: [zuul/zuul] 833001: Allow using 'unique' workspace scheme in jobs https://review.opendev.org/c/zuul/zuul/+/83300120:42
@vlotorev:matrix.orgHi, I trying to debug executor that losts connection to static node. Executor print WARNING like 21:00
`WARNING zuul.AnsibleJob: [e: ...] [build: ...] Ansible timeout exceeded:...`. There is no info which host it fails to connect. Executor dumps all ansible config and playbook into temporary files but those files are already removed by executor.
The thing is I'd like to find out which host it was failing to connect. This happens in pre-playbooks and no logs are recorded.
@vlotorev:matrix.org * Hi, I'm trying to debug executor that losts connection to static node. Executor print WARNING like21:01
`WARNING zuul.AnsibleJob: [e: ...] [build: ...] Ansible timeout exceeded:...`. Logs doesn't contain info which host it fails to connect. Executor dumps all ansible config and playbook into temporary files but those files are already removed by executor. This happens in pre-playbooks and no logs are recorded.
@vlotorev:matrix.org * Hi, I'm trying to debug executor that losts connection to static node. Executor print WARNING like21:02
`WARNING zuul.AnsibleJob: [e: ...] [build: ...] Ansible timeout exceeded:...`. Logs doesn't contain info which host it fails to connect. Executor dumps ansible config and playbook into temporary files but these are removed by executor once build is finished. This ansible timeout happens in pre-playbooks and no logs are recorded.
@jim:acmegating.comvlotorev: you can run 'zuul-executor keep` to tell it to save the build directory; that can aid with debugging if what you're looking for isn't in the logs already.  'zuul-executor verbose` may also help.21:04
@jim:acmegating.com * vlotorev: you can run `zuul-executor keep` to tell it to save the build directory; that can aid with debugging if what you're looking for isn't in the logs already.  `zuul-executor verbose` may also help.21:04
@vlotorev:matrix.orgThanks, I'll give it a try.21:14
It seems easy to patch source code https://opendev.org/zuul/zuul/src/branch/master/zuul/executor/server.py#L2849 so that list of failing host got printed on timeout. Is such change would be welcomed?
@vlotorev:matrix.org * Thanks, I'll give it a try.21:15
It seems easy to patch source code https://opendev.org/zuul/zuul/src/branch/master/zuul/executor/server.py#L2849 so that list of failing hosts got printed on timeout. Is such change would be welcomed?
@vlotorev:matrix.org * Hi, I'm trying to debug executor that losts connection to static node. Executor prints WARNING like21:16
`WARNING zuul.AnsibleJob: [e: ...] [build: ...] Ansible timeout exceeded:...`. Logs doesn't contain info which host it fails to connect. Executor dumps ansible config and playbook into temporary files but these are removed by executor once build is finished. This ansible timeout happens in pre-playbooks and no logs are recorded.
@vlotorev:matrix.org * Thanks, I'll give it a try.21:16
It seems easy to patch source code https://opendev.org/zuul/zuul/src/branch/master/zuul/executor/server.py#L2849 so that list of failing hosts got printed on timeout. Would such change be welcomed?
@jim:acmegating.comvlotorev: if it is simple, yes -- but i'm not sure it is.  3 things to keep in mind if you decide to look into it: it may be that only ansible has that information; it may be that the information is already recorded in the executor log; and zuul must take care not to expose sensitive info to the build log (which is why some error output is only in the executor log).21:31
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 837629: Add suuport for Ansible 5 https://review.opendev.org/c/zuul/zuul/+/83762921:43
@clarkb:matrix.orgFYI since we all work with git all day: The fix for https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 has impacted some of openstack's ci jobs as we do git operations as root when doing global packages installs when the repository is owned as not root. Debugging this was not super straightforward since the git operations were performed by PBR. Figured if others run into oddities having this heads up may be helpful23:52
« Monday, 2022-04-11 Index Wednesday, 2022-04-13 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!