Monday, 2024-07-29

-@gerrit:opendev.org- Dong Zhang proposed: [zuul/nodepool] 925086: Fix exception for non Statemachine providers https://review.opendev.org/c/zuul/nodepool/+/92508610:27
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/nodepool] 925090: Pin setuptools<72 to fix build error https://review.opendev.org/c/zuul/nodepool/+/92509012:38
@dfajfer:fsfe.orgI have a weird problem - /api/ endpoint seems to work okay but whenever I try to do zuul client commands (`{autohold,autohold-delete,autohold-info,autohold-list,enqueue,enqueue-ref,dequeue,promote,encrypt,builds,build-info,job-graph,freeze-job}`) it ends up with 40412:48
@dfajfer:fsfe.orgit's just one environment and they're both on k8s. Currently sitting and comparing everything but nothing looks like it would block certain api endpoints12:48
@dfajfer:fsfe.org * I have problem with just one environment and they're both on k8s. Currently sitting and comparing everything but nothing looks like it would block certain api endpoints12:48
@dfajfer:fsfe.org * I have problem with just one environment and they're all on k8s (with operator running). Currently sitting and comparing everything but nothing looks like it would block certain api endpoints12:49
@dfajfer:fsfe.orgto say it somewhat easier, for some reason I get 404 on url:12:57
`https://zuul/api/tenant/{tenant}/project/{project}/autohold`
as it says `404 Not Found Unknown project`
but GET on `https://zuul/api/tenant/{tenant}/project/{project}` works as expected. I don't experience that on the old environment :( not sure what am I missing but I failed to find anything looking at ingress related configurations
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 925019: Refactor AWS SMs to allow recovery from ZK state https://review.opendev.org/c/zuul/zuul/+/92501913:00
-@gerrit:opendev.org- Benjamin Schanzel proposed: [zuul/zuul] 924067: Add filtering support for pipeline status views https://review.opendev.org/c/zuul/zuul/+/92406713:09
@dfajfer:fsfe.org * to say it somewhat easier, for some reason I get 404 on url:13:24
`https://zuul/api/tenant/{tenant}/project/{project}/autohold`
as it says `404 Not Found Unknown project`
but GET on `https://zuul/api/tenant/{tenant}/project/{project}` works as expected. I don't experience that on the old environment :( not sure what am I missing but I failed to find anything looking at ingress related configurations. The error comes from CherryPy though so it's something regarding Zuul that I might have not done properly, kinda stuck right now
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 925019: Refactor AWS SMs to allow recovery from ZK state https://review.opendev.org/c/zuul/zuul/+/92501913:34
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 925019: Refactor AWS SMs to allow recovery from ZK state https://review.opendev.org/c/zuul/zuul/+/92501913:36
-@gerrit:opendev.org- Felix Edel proposed: [zuul/zuul] 925096: WIP: Make QueueItem cards in ChangeQueue more concise https://review.opendev.org/c/zuul/zuul/+/92509613:51
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 925019: Refactor AWS SMs to allow recovery from ZK state https://review.opendev.org/c/zuul/zuul/+/92501914:03
@fungicide:matrix.org> <@dfajfer:fsfe.org> to say it somewhat easier, for some reason I get 404 on url:14:26
> `https://zuul/api/tenant/{tenant}/project/{project}/autohold`
> as it says `404 Not Found Unknown project`
>
> but GET on `https://zuul/api/tenant/{tenant}/project/{project}` works as expected. I don't experience that on the old environment :( not sure what am I missing but I failed to find anything looking at ingress related configurations. The error comes from CherryPy though so it's something regarding Zuul that I might have not done properly, kinda stuck right now
did you add and apply the same `authorization-rule` (formerly `admin-rule`) entries in your tenant config?
@fungicide:matrix.orghttps://zuul-ci.org/docs/zuul/latest/tenants.html#authorization-rule14:26
@dfajfer:fsfe.orgI do but it's a mockup really14:29
@dfajfer:fsfe.orgit's literally like this on both envs14:30
```
- admin-rule:
name: myrule
conditions:
- preferred_username: fajfer
```
@dfajfer:fsfe.orgin tenant configs14:30
@dfajfer:fsfe.orgI'm more worried because if I'm not authenticated and reach the endpoint on old one I get a 404 and JSON response `Missing \"Authorization\" header`14:30
@dfajfer:fsfe.orgwhilist on the new environment CherryPy greets me14:31
@dfajfer:fsfe.org * whilist on the new environment CherryPy greets me with a bare 404 not found14:31
@dfajfer:fsfe.org * whilist on the new environment CherryPy greets me with a bare 404 Not Found Unknown project14:31
@dfajfer:fsfe.org```When an authorization rule is included in the tenant’s admin-rules, the protected actions available are autohold, enqueue, dequeue and promote.```14:35
Stuff like `autohold-list` give me 404 from CherryPy as well
@dfajfer:fsfe.orgI think I have something, I don't see admin rules apply under every tenant14:39
@dfajfer:fsfe.orgdoesn't seem to work, can I somehow check current rules in rare case the tenant config didnt update14:54
@dfajfer:fsfe.org * seems to work the same way, can I somehow check current rules in rare case the tenant config didnt update14:54
@dfajfer:fsfe.orgmade another cluster without admin rules and it's the same thing there 15:10
@dfajfer:fsfe.orgso just regarding Zuul overall, is the above expected behaviour? I mean without https://zuul-ci.org/docs/zuul/latest/tenants.html#authorization-rule I should be just allowed to enqueue whatever I want, right? currently I have no '[auth]' blocks in my zuul-config so putting some mockup rules didn't make any sense on my part but I got rid of them15:48
@dfajfer:fsfe.org * so just regarding Zuul overall, is the above expected behaviour? I mean without https://zuul-ci.org/docs/zuul/latest/tenants.html#authorization-rule I should be just allowed to enqueue whatever I want, right? currently I have no '[auth]` blocks in my zuul-config so putting some mockup rules didn't make any sense on my part but I got rid of them15:49
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul] 922779: Add exclude_results to web UI buildset filtering https://review.opendev.org/c/zuul/zuul/+/92277915:57
@dfajfer:fsfe.org> <@dfajfer:fsfe.org> so just regarding Zuul overall, is the above expected behaviour? I mean without https://zuul-ci.org/docs/zuul/latest/tenants.html#authorization-rule I should be just allowed to enqueue whatever I want, right? currently I have no '[auth]` blocks in my zuul-config so putting some mockup rules didn't make any sense on my part but I got rid of them16:08
`At least one authenticator must be configured in Zuul for admin commands to be enabled in the client.`
https://zuul-ci.org/docs/zuul/latest/configuration.html#client
Guess it is expected behaviour.
@dfajfer:fsfe.orgdidn't really catch that earlier and the operator doesn't really make room for creating one16:09
@dfajfer:fsfe.orgI guess the error wasn't really helpful as it was saying `Unknown project` instead of some kind of 403 message16:11
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 925124: Mark some intentional errors as okay https://review.opendev.org/c/zuul/zuul/+/92512418:08
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed:18:12
- [zuul/zuul] 922433: Add ability to fail tests if tracebacks appear in logs https://review.opendev.org/c/zuul/zuul/+/922433
- [zuul/zuul] 922434: Handle some TemplateNotFoundErrors https://review.opendev.org/c/zuul/zuul/+/922434
- [zuul/zuul] 922435: Don't log tracebacks on malformed JSON error https://review.opendev.org/c/zuul/zuul/+/922435
- [zuul/zuul] 922436: Mark mqtt test exception as okay https://review.opendev.org/c/zuul/zuul/+/922436
- [zuul/zuul] 925124: Mark some intentional errors as okay https://review.opendev.org/c/zuul/zuul/+/925124
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed:23:06
- [zuul/zuul] 925136: Mark exception okay in test_cache_new_branch https://review.opendev.org/c/zuul/zuul/+/925136
- [zuul/zuul] 925137: Mark line map exceptions as okay https://review.opendev.org/c/zuul/zuul/+/925137
- [zuul/zuul] 925138: Avoid DB exceptions on certain build cleanups https://review.opendev.org/c/zuul/zuul/+/925138
- [zuul/zuul] 925139: Fix test_crd_gate_unknown https://review.opendev.org/c/zuul/zuul/+/925139
- [zuul/zuul] 925140: Update pagure fake get_project_webhook_token https://review.opendev.org/c/zuul/zuul/+/925140
- [zuul/zuul] 925141: Don't log tracebacks on missing jobs in freeze https://review.opendev.org/c/zuul/zuul/+/925141
- [zuul/zuul] 925142: Avoid logging tracebacks on some job freeze errors https://review.opendev.org/c/zuul/zuul/+/925142
- [zuul/zuul] 925143: Avoid logging tracebacks on inheritance freeze errors https://review.opendev.org/c/zuul/zuul/+/925143
- [zuul/zuul] 925144: Don't log tracebacks on broken stream pipes https://review.opendev.org/c/zuul/zuul/+/925144
- [zuul/zuul] 925145: Don't log tracebacks on job dependency errors https://review.opendev.org/c/zuul/zuul/+/925145
- [zuul/zuul] 925146: Refactor JobConfigurationError https://review.opendev.org/c/zuul/zuul/+/925146
- [zuul/zuul] 925147: Don't log tracebacks when failing to create cron triggers https://review.opendev.org/c/zuul/zuul/+/925147
- [zuul/zuul] 925148: Set ltime in test_pending_merge_in_reconfig https://review.opendev.org/c/zuul/zuul/+/925148
- [zuul/zuul] 925149: Fix traceback in test_merger_repack_large_change https://review.opendev.org/c/zuul/zuul/+/925149
- [zuul/zuul] 925150: Fix traceback in test_nodepool_pipeline_priority https://review.opendev.org/c/zuul/zuul/+/925150
- [zuul/zuul] 925151: Don't log tracebacks on variable name errors https://review.opendev.org/c/zuul/zuul/+/925151
- [zuul/zuul] 925152: Unconditionally check for tracebacks in logs https://review.opendev.org/c/zuul/zuul/+/925152

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!