Thursday, 2022-09-15

« Wednesday, 2022-09-14 Index Friday, 2022-09-16 »
*** rlandy|bbl is now known as rlandy|out01:10
opendevreviewIan Wienand proposed opendev/system-config master: bootstrap-bridge: drop pip3 role, add venv  https://review.opendev.org/c/opendev/system-config/+/85659301:37
*** Guest166 is now known as diablo_rojo_phone01:47
diablo_rojo1fungi: clarkb finally got this sorted - https://review.opendev.org/c/openstack/project-config/+/84736402:15
diablo_rojo1When you have a spare moment, a review would be super helpful. 02:15
* diablo_rojo1 realizes she is in the same tz as ianw currently and waves :) 02:16
opendevreviewOpenStack Proposal Bot proposed openstack/project-config master: Normalize projects.yaml  https://review.opendev.org/c/openstack/project-config/+/85779802:16
opendevreviewIan Wienand proposed opendev/system-config master: Run jobs with a focal bridge.openstack.org  https://review.opendev.org/c/opendev/system-config/+/85779902:18
ianwdiablo_rojo1: welcome to the future :)02:18
diablo_rojo1Its a bit weird, I must admit. 02:18
opendevreviewMerged openstack/project-config master: Normalize projects.yaml  https://review.opendev.org/c/openstack/project-config/+/85779802:44
opendevreviewIan Wienand proposed opendev/system-config master: Run jobs with a focal bridge.openstack.org  https://review.opendev.org/c/opendev/system-config/+/85779902:45
*** ysandeep|out is now known as ysandeep02:49
opendevreviewIan Wienand proposed opendev/system-config master: Run jobs with a focal bridge.openstack.org  https://review.opendev.org/c/opendev/system-config/+/85779902:53
diablo_rojo1ianw: I guess if you have a moment - https://review.opendev.org/c/openstack/project-config/+/847364 would you review this? 03:42
ianwdiablo_rojo1: lgtm03:45
diablo_rojo1thanks ianw @03:48
diablo_rojo1!03:48
diablo_rojo1lol03:48
opendevreviewMerged openstack/project-config master: Setup #openinfra-envirosig IRC Channel  https://review.opendev.org/c/openstack/project-config/+/84736403:57
opendevreviewIan Wienand proposed opendev/system-config master: install-ansible: remove testinfra version install workaround  https://review.opendev.org/c/opendev/system-config/+/85247504:01
opendevreviewIan Wienand proposed opendev/system-config master: testinfra: install with ansible extras  https://review.opendev.org/c/opendev/system-config/+/85247604:01
opendevreviewIan Wienand proposed opendev/system-config master: install-ansible: remove stevedore workaround  https://review.opendev.org/c/opendev/system-config/+/85247704:01
opendevreviewIan Wienand proposed opendev/system-config master: install-ansible: remove stub install for ARA  https://review.opendev.org/c/opendev/system-config/+/85247804:01
opendevreviewIan Wienand proposed opendev/system-config master: bootstrap-bridge: drop pip3 role, add venv  https://review.opendev.org/c/opendev/system-config/+/85659304:01
opendevreviewIan Wienand proposed opendev/system-config master: Run jobs with a focal bridge.openstack.org  https://review.opendev.org/c/opendev/system-config/+/85779904:01
opendevreviewIan Wienand proposed opendev/system-config master: run-selenium: Use latest tag on firefox image  https://review.opendev.org/c/opendev/system-config/+/85780304:01
ianwit looks like our jobs are generally ok with a Focal node as bridge.openstack.org, but something is up with the screenshots.  that runs a firefox container on bridge and takes shots of the remote nodes.  i'll have to debug that, but it's not in the production path04:06
opendevreviewIan Wienand proposed opendev/system-config master: run-selenium: Use latest tag on firefox image  https://review.opendev.org/c/opendev/system-config/+/85780304:10
opendevreviewIan Wienand proposed opendev/system-config master: run-selenium: Use latest tag on firefox image  https://review.opendev.org/c/opendev/system-config/+/85780304:12
opendevreviewIan Wienand proposed opendev/system-config master: Run jobs with a focal bridge.openstack.org  https://review.opendev.org/c/opendev/system-config/+/85779904:12
opendevreviewIan Wienand proposed opendev/system-config master: bootstrap-bridge: drop pip3 role, add venv  https://review.opendev.org/c/opendev/system-config/+/85659304:28
opendevreviewIan Wienand proposed opendev/system-config master: run-selenium: Use latest tag on firefox image  https://review.opendev.org/c/opendev/system-config/+/85780304:28
opendevreviewIan Wienand proposed opendev/system-config master: Run jobs with a focal bridge.openstack.org  https://review.opendev.org/c/opendev/system-config/+/85779904:28
opendevreviewIan Wienand proposed opendev/system-config master: bootstrap-bridge: drop pip3 role, add venv  https://review.opendev.org/c/opendev/system-config/+/85659304:53
opendevreviewIan Wienand proposed opendev/system-config master: run-selenium: Use latest tag on firefox image  https://review.opendev.org/c/opendev/system-config/+/85780304:53
opendevreviewIan Wienand proposed opendev/system-config master: Run jobs with a focal bridge.openstack.org  https://review.opendev.org/c/opendev/system-config/+/85779904:53
*** ysandeep is now known as ysandeep|afk05:13
opendevreviewIan Wienand proposed opendev/system-config master: bootstrap-bridge: drop pip3 role, add venv  https://review.opendev.org/c/opendev/system-config/+/85659305:15
opendevreviewIan Wienand proposed opendev/system-config master: run-selenium: Use latest tag on firefox image  https://review.opendev.org/c/opendev/system-config/+/85780305:15
opendevreviewIan Wienand proposed opendev/system-config master: Run jobs with a focal bridge.openstack.org  https://review.opendev.org/c/opendev/system-config/+/85779905:15
*** bhagyashris_ is now known as bhagyashris|ruck05:51
*** ysandeep|afk is now known as ysandeep06:25
*** jpena|off is now known as jpena07:21
*** ysandeep is now known as ysandeep|afk08:07
frickleramorin: infra-root: some updates on the nested-kvm issue: good news is that the c2-N nodes do not show the issue. it also turns out that the trigger is not nested-kvm per se, but neutron's addition of cpu_mode=host-passthrough, I'm running a check without that now as final confirmation https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/854910/5..6/zuul.d/base-nested-switch.yaml08:26
amorinack08:28
fricklerif you compare cpu flags, there are two additional ones set in "our" flavor: https://paste.opendev.org/show/b52xVaeN45Dg5GGrmKbf/ not sure to which host setup this correlates08:30
fricklerbut I'm rather sure that "ssbd" is what triggers the failing cirros kernel behavior08:30
frickleralso while I initially only saw failures on gra1, the situation seems to be the same on bhs108:32
amorinthat make sense, I think the hypervisor are the same on bhs1 and gra108:36
frickleramorin: can you tell if the difference from c2-30 to ssd-osFoundation-3 is because it runs on different hardware or is that just some flavor thing?08:45
amorinthe hardware is different08:46
amorinI will check, but if I am correct, the flags in cpu info are directly taken from the hypervisor + some extra08:46
amorinlet me check that08:46
amorincpu_model_extra_flags=vmx,ssbd,pdpe1gb,pcid08:47
amorinwe have this for os foundation aggregate08:48
amorinnot sure why08:48
fricklerseems the middle two are exactly what I see as delta08:48
amorinit seems we enabled that in the paste especially for foundation08:50
amorinwe enabled that for kuryr project issues it seems08:51
amorin"<kashyap> dpawlik: For Intel hosts, don't forget: "spec-ctrl", "ssbd" as well."08:53
amorintaken from a conversation08:53
fricklerinteresting, do you have a timestamp for that so I can look up more context?08:53
*** ysandeep|afk is now known as ysandeep08:53
amorinit seems it was done in 03/201908:55
amorinI have this in my internal ticketing system:08:55
amorinhttp://logs.openstack.org/56/629856/3/gate/kuryr-kubernetes-tempest-daemon-containerized-octavia-py36/153248a/controller/logs/screen-etcd.txt.gz#_Jan_14_08_02_23_37983708:55
amorinbut link is down now08:55
amorinand this08:55
amorinhttp://logs.openstack.org/29/630629/1/check/kuryr-kubernetes-tempest-multinode-daemon-octavia-containerized/83152b6/controller/logs/screen-etcd.txt.gz#_Jan_14_09_57_16_44985508:56
amorinbased on the git history, we did this change on 2019-01-1808:57
amorinnote that, it seems we did it on some other aggreates as well, but I reverted it because of live migration issues08:58
amorinwe kept it only on OSF aggregate08:59
amorinshould I try to remove it as well?08:59
amorinthat would solve your issue08:59
dpawlikamorin: o/09:00
amorinhey daniel :)09:00
fricklermaybe wait for feedback from other infra-root first09:00
dpawlikamorin: is it related to me ?09:01
amorinyup09:01
amorinit's a commit from you yes :)09:01
dpawlikwoo, good that git got function "blame" :)09:04
amorinyup :)09:08
dpawlikianw: hey, do you still use grafyaml to maintain grafana?09:12
*** ysandeep is now known as ysandeep|brb09:51
*** ysandeep|brb is now known as ysandeep10:03
opendevreviewAlfredo Moralejo proposed zuul/zuul-jobs master: Use AFS mirrors for extras-common in CS9  https://review.opendev.org/c/zuul/zuul-jobs/+/85773010:17
ianwdpawlik: yes, we still do, but we also support importing dashboards exported directly from grafana.  documentation is @ https://docs.opendev.org/opendev/system-config/latest/grafana.html10:30
*** bhagyashris is now known as bhagyashris|ruck10:59
frickleramorin: just as a theoretical question for now: could you create a new flavor for us with the two additional flags dropped? so that would could run some tests on possibly affected projects before we switch everything? or is this an either-or thing?11:00
*** dviroel|afk is now known as dviroel11:31
*** pojadhav is now known as pojadhav|afk11:39
*** rlandy is now known as rlandy|mtg11:42
amorinI dont think it's possible on flavor side, this is an nova.conf setting (cpu_extra_flag)12:23
amorinfrickler ^12:23
*** ysandeep is now known as ysandeep|afk12:26
fricklerah, then I misunderstood this, o.k.12:26
*** rlandy|mtg is now known as rlandy13:12
*** ysandeep|afk is now known as ysandeep13:24
*** dasm|off is now known as dasm13:29
johnsomFYI 5.16 made a bunch of changes around ssbd handling. I suspect by passing it through, but not the other related CPU flags we have an invalid CPU.13:56
johnsomhttps://www.phoronix.com/news/Linux-5.16-Spectre-SECCOMP-To-P13:57
fungijohnsom: that could certainly explain why we didn't notice initially until we started trying to use newer ubuntu versions, which of course use recent linux kernels14:12
opendevreviewClark Boylan proposed opendev/system-config master: More aggresively enable ansible pipelining  https://review.opendev.org/c/opendev/system-config/+/85723915:21
fungii've been running a scripted import of all the mailman sites on the new held node for the past hour or so, and it's finally on lists.openstack.org's data (it's doing the sites in alpha order)15:35
fungilogging all of stdout and stderr this time, with timing data for each command as well as overall start/end timestamps for each site15:36
*** marios is now known as marios|out15:40
*** pojadhav is now known as pojadhav|out15:41
corvusit seems like zuul is not on fire... yeah?  if my pyrotechnic estimation is correct, i'll make that release....15:48
clarkbcorvus: I have not heard or seen any reports of fire and the jobs I expected to run ran and produced results that I could interrogate15:48
clarkbcorvus: did we want to test a job with ansible 6 first?15:49
clarkbzuul's ci does that already so probably not critical15:49
corvusstill, a good sanity check.  i'll do that real quick15:55
*** dviroel is now known as dviroel|lunch15:59
dtantsurhi folks! not sure if you can help, but apparently if you trigger an update of grub-pc on debian testing nodes (which bifrost does), it fails: https://zuul.opendev.org/t/openstack/build/062f0c9f6a764cce869b6a3f597c6889/log/logs/bifrost.log#1523316:01
*** ysandeep is now known as ysandeep|out16:03
dtantsurI found some explanation on https://forum.openmediavault.org/index.php?thread/38006-recent-updates-and-upgrades-can-fail-when-updating-to-grub-pc-2-02-dfsg1-20-deb1/16:03
opendevreviewAlfredo Moralejo proposed zuul/zuul-jobs master: Use extras-common repo in CS9 from package_mirror  https://review.opendev.org/c/zuul/zuul-jobs/+/85773016:03
fungidtantsur: i'm not sure we have a good answer to projects wanting to install a bootloader on test nodes, unless they're also going to adapt the boot configuration for those nodes accordingly. can you clarify the problem you're having?16:04
dtantsurfungi: it's not that we need to install a bootloader, we need some grub files though16:05
fungiahh, and the maintscripts for that package seem to care16:05
dtantsurnamely, EFI binaries16:05
corvusclarkb: do you want to try throwing ansible 6 at the zuul job and check timings?16:05
dtantsurso, grub-efi-amd64-bin pulls in grub-pc, and grub-pc tries to ensure we can boot16:05
opendevreviewAlfredo Moralejo proposed zuul/zuul-jobs master: Use extras-common repo in CS9 from package_mirror  https://review.opendev.org/c/zuul/zuul-jobs/+/85773016:06
clarkbcorvus: the one I was testing with 2.9? I can do that16:06
corvusya16:06
fungidtantsur: you may be able to coerce it to skip that check and/or its other maintscript activities and triggers. there's an apt policy which can be set to indicate you don't want some of that stuff to happen i think, which is commonly used for installing packages into a chroot for example. i'll see if i can find some docs16:07
JayFfungi: the latest version of the grub-pc package specifically errors if you use that mechanism16:07
JayFfungi: it's explicitly checking and failing if you have a non-interactive DEBIAN_FRONTEND16:07
JayFafaict16:07
fungiahh, okay so maybe you need another way of getting the efi binaries. maybe you can fetch and unpack the package without installing it?16:08
clarkbhow is debian building cloud images? The underlying issue is we build the image on a different machine which has different devices. For this reason dib does everything by label instead16:08
JayFI mean, we could do that, but then we're not really testing what the bifrost user would be testing16:08
clarkbthere must be some workaround though otherwise debian wouldn't be able to have cloud iamges16:08
dtantsurright16:08
dtantsurJayF: well, we could switch to only downloading the DEB/RPM files16:08
JayFvm images are a bit easier because you can statically set the debconf value16:08
fungido bifrost users typically install grub-pc onto cloud virtual machines?16:08
fungior are you hoping that's similar to something a bifrost user actually does?16:09
dtantsurfungi: the users don't care, the problem is about getting EFI artefacts16:09
fungiit seems to me that getting efi artifacts as a side effect of installing a particular bootloader is a risky choice16:09
fungiand this is just evidence of that16:10
JayFhttps://packages.debian.org/stretch/grub-efi-amd64-bin16:10
JayFwe didn't make that choice though; the debian packager did16:10
JayFI don't disagree with you that the dep link is dubious here; but we can't really control that16:10
fungiyou didn't make the choice to use efi binaries?16:10
dtantsurapt --download-only --assume-yes16:10
dtantsurfungi: well, we definitely did not invent UEFI :D maybe we do need to look into another way of getting them16:10
JayFdtantsur: I'm really keen of the fact we're relying on the OS for security updates to such things16:11
fungii'm saying installing a package to get the efi binaries even though you don't necessarily intend to use that bootloader is dubious, and leads to situations like this16:11
JayFI don't want an EFI bootloader vuln to become a CVE in Ironic||bifrost16:11
dtantsurJayF: I suspect we bake them into an image anyway16:11
dtantsurso you won't get new versions without updating bifrost16:12
JayFif we bake them into an image, I'm game to try something less deb-y16:12
fungigetting the efi binaries from the package does make sense. installing a bootloader just to get access to those binaries is the part what i'm questioning16:12
fungithere are ways to get files from a package other than installing it16:12
dtantsurJayF: I can give it a try and see where it leads us?16:12
JayFI agree with you in technical fact, I disagree with you in terms of it being a good practice16:12
JayFbut the debian maintainers have forced our hand16:12
JayFdtantsur: bluntly, i'm not sure I'm up to speed enough on bifrost and ansible generally to be a good choice for this; but I can try if we have literally nobody else invested in fixing it16:13
* dtantsur wonders of shim falls in the same bucket16:13
clarkbIs this in some nested image the job builds for testing or are you trying to modify the image we provide to the job?16:13
fungiwell, the debian maintainers have decided what the purpose of those packages is, and it's to set up the bootloader for the system you're installing them on. your use of those packages is... for lack of a better term, off-label16:13
dtantsurJayF: I have a relatively calm evening, so only ify ou want to16:13
dtantsurclarkb: we're testing bifrost, it does not know that it's running in the CI16:14
JayFdtantsur: I already have a big list, and first on it is "run even more benchmarks for the sqla 2.0 migration", which I think is more urgent16:14
clarkbdtantsur: right I understand that. I'm trying to understand he context of the package install16:14
clarkbare you trying to install a debian package on the host in order to grab some files out of the pcakge that you later inject somewhere else? If so I agree with fungi16:15
dtantsurclarkb: it's the easiest way we've found to get the UEFI artefacts that we use for building EFI-compatible boot ISOs16:15
clarkbwhy not extract the files out of the package directly?16:15
JayFe.g., from grub-efi-amd64-bin > /usr/lib/grub/x86_64-efi/monolithic/grubx64.efi 16:15
fungiif those efi binaries are vendored blobs, you can probably fetch them more easily from the debian source package which builds that binary package16:15
clarkbya or that16:15
dtantsurgonna give it a try16:16
JayFI'm going to file a bug trying to convince upstream to change the hard dep into a recommendation16:16
JayFbecause IMO that's where the real disconnect between what this package should be and what it is actually trying to do is16:17
fungijust be aware even if they agree, they probably won't change that until after bookworm releases, since tey're coming up on the start of release freeze soon16:17
* dtantsur sees suse support still in tree and screams16:17
fungiand they try to stabilize things which affect the base install as early as possible16:17
*** jpena is now known as jpena|off16:19
fungimm3 test import has reached the longest part (openstack-stable-maint achive)16:51
corvusi'm going to enable "keep" on all the executors to help debug an issue with ansible 616:57
fungithanks for the heads up!17:01
*** dviroel|lunch is now known as dviroel17:09
corvusi'm turning off keep now17:16
clarkbfungi: re mm3 migrations. Do you know if we can do a migration and then followup with an update to that migration? If so maybe we can potentially prime the migration ahead of time? That might be more complicated than it is worth though17:26
fungiwe may be able to, but i'd avoid it unless absolutely necessary. the less we complicate things, the better17:27
fungidelaying deliveries and having the archives unavailable for a little while is not the end of the world17:27
clarkb++17:28
fungiwe could think about importing openstack-stable-maint last when doing that site, since it only gets automated posts from a specific time each day17:29
fungiand just switch dns over once the other lists are done17:29
*** rlandy is now known as rlandy|ruck17:34
opendevreviewFelipe Reyes proposed openstack/project-config master: Mirror keystone-openidc to github  https://review.opendev.org/c/openstack/project-config/+/85794017:42
fungimigration of openstack-stable-maint took 1h34m this time, which was ~53% of the 2h56m to migrate all of the lists.openstack.org site18:28
fungiby comparison, the lists.opendev.org site took 8m24s for migration18:30
fungiit's almost done with lists.starlingx.io and then lists.zuul-ci.org should go fairly quickly, and i'll see about putting the log up in a paste18:33
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Remove shebang from all python ansible modules  https://review.opendev.org/c/zuul/zuul-jobs/+/85794819:06
fungiclarkb: here's a new error some of the config imports hit... 'Length of value for nonmember_rejection_notice is 299 which is too long for MySQL.'19:10
fungii guess we have a limited field size for that19:11
clarkbfungi: ya we'll probably need to dump the field size of nonmember_rejection_notice and decide if we need upstream to make it bigger or reduce the length of that value19:13
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: DNM: check sfio sphinx jobs  https://review.opendev.org/c/zuul/zuul-jobs/+/85797019:14
fungiwe only hit that error on 3 lists, fwiw19:14
fungione was for member_moderation_notice and the other two were nonmember_rejection_notice19:15
fungiand they look like (old) boilerplate probably19:15
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: DNM: check generate-manifest job  https://review.opendev.org/c/zuul/zuul-jobs/+/85797319:56
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: DNM: check generate-manifest job 2.9  https://review.opendev.org/c/zuul/zuul-jobs/+/85797419:58
*** rlandy|ruck is now known as rlandy|ruck|biab20:44
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Remove shebang from all python ansible modules  https://review.opendev.org/c/zuul/zuul-jobs/+/85794820:49
opendevreviewIan Wienand proposed zuul/zuul-jobs master: linters: lint that library files don't start with #!  https://review.opendev.org/c/zuul/zuul-jobs/+/85798121:10
opendevreviewIan Wienand proposed zuul/zuul-jobs master: linters: lint that library files don't start with #!  https://review.opendev.org/c/zuul/zuul-jobs/+/85798121:12
*** rlandy|ruck|biab is now known as rlandy|ruck21:31
opendevreviewMerged zuul/zuul-jobs master: Remove shebang from all python ansible modules  https://review.opendev.org/c/zuul/zuul-jobs/+/85794821:39
corvusinfra-root: ^ heads up -- that change is hopefully a noop, but if we're wrong, it will affect all jobs21:43
corvusif it fails, it will fail with post_failure21:43
*** dviroel is now known as dviroel|out21:45
clarkbI've seen ansible 6 jobs are happy21:50
clarkbstill waiting on ansible 5 jobs to report back21:50
*** rlandy|ruck is now known as rlandy|ruck|bbl21:50
fungiyeah, eyes peeled21:54
clarkbthe zuul tox docs change used ansible 5 and was happy21:56
clarkbeverything I'm seeing so far looks good21:56
fungimainly worried about log uploads, but those seem to be fine21:57
clarkbthere are a number of cinder jobs that have run under ansible 5 in the agte that are fine too21:57
*** dasm is now known as dasm|off21:58
corvusi think at this point we've seen success in the two critical cases we expected... so any errors at this point would be coming from unexpected conditions.21:58
corvusbased on that, i'm going to take a break and check back in later21:59
fungithanks!22:00
*** dmitriis0 is now known as dmitriis22:12
fungilog from the latest mm3 import test of the lists.openstack.org site: https://paste.opendev.org/show/81675822:42
fungihttps://paste.opendev.org/show/816759 is a better, more trimmed-down one22:53
Clark[m]fungi: paste should default to the anonymized pastes now. Any idea why yours aren't? Wondering if we have a bug in that23:04
corvussome zuul image jobs failed, maybe because of the registry, i'm checking23:09
corvusssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:1131)23:10
corvusdoes that error translate to "restart the server" ?23:10
clarkbcorvus: I would check that the LE cert updated as expected.23:10
clarkb(and if we aren't checking that cert with our certcheck we shoudl add it)23:11
clarkbinternet says that could just be noise from scanners23:11
clarkbinjecting bad data trying to do bad things23:11
corvusyeah, but if that's the last thing and it's not responding on the port...23:12
corvus#status log restarted zuul-registry container23:13
corvusit's responding now23:13
opendevstatuscorvus: finished logging23:13
fungiclarkb: pastebinit seems to call the api in a way that generates the old numbered style23:16
fungii still need to look into why that is23:17
clarkbah23:17
clarkbya when we patched it we only did the web ui I tink23:17
clarkbI forgot there are cli tools23:17
opendevreviewJames E. Blair proposed opendev/system-config master: Add Jaeger tracing server  https://review.opendev.org/c/opendev/system-config/+/85598323:42
« Wednesday, 2022-09-14 Index Friday, 2022-09-16 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!