| opendevreview | Merged openstack/project-config master: gerrit/acl : check for function/s-r in normalize https://review.opendev.org/c/openstack/project-config/+/875997 | 00:09 |
|---|---|---|
| opendevreview | Merged openstack/project-config master: gerrit/acl : check for capital booleans in normalize https://review.opendev.org/c/openstack/project-config/+/877571 | 00:09 |
| corvus | i removed the afs content i was using to test htaccess | 00:19 |
| ianw | ok, will call out in meeting but i've now put DONE next to everything in the areas of concern in https://etherpad.opendev.org/p/gerrit-upgrade-3.7 | 00:44 |
| ianw | although i should add something about the group submit stuff | 00:45 |
| ianw | but yeah, double checking those DONE's to ensure we agree with my conclusions would be good | 00:45 |
| opendevreview | Ian Wienand proposed opendev/system-config master: gerrit images : trigger rebuild https://review.opendev.org/c/opendev/system-config/+/878042 | 00:54 |
| opendevreview | Ian Wienand proposed opendev/system-config master: gerrit images : trigger rebuild https://review.opendev.org/c/opendev/system-config/+/878042 | 02:55 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Add promote-container-image role https://review.opendev.org/c/zuul/zuul-jobs/+/838919 | 03:14 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Revert "Use --password-stdin for upload-container-image" https://review.opendev.org/c/zuul/zuul-jobs/+/878048 | 03:14 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Add container repository cred permission checks https://review.opendev.org/c/zuul/zuul-jobs/+/878049 | 03:14 |
| corvus | ianw: clarkb fungi ^ i think those 3 changes should get us the promote container role and near-parity with the docker roles | 03:16 |
| corvus | untested by me locally, however, i think they should be self-testing, so we can evaluate job results. i'm sure they will fail the first time. :) | 03:17 |
| opendevreview | Merged openstack/diskimage-builder master: A new diskimage-builder command for yaml image builds https://review.opendev.org/c/openstack/diskimage-builder/+/876245 | 04:30 |
| opendevreview | Merged openstack/diskimage-builder master: Switch run_functests.sh from disk-image-create to diskimage-builder https://review.opendev.org/c/openstack/diskimage-builder/+/876479 | 04:33 |
| opendevreview | Merged openstack/diskimage-builder master: Document diskimage-builder command https://review.opendev.org/c/openstack/diskimage-builder/+/876633 | 04:33 |
| opendevreview | Merged opendev/system-config master: system-config-run-review : add review priority and backport labels https://review.opendev.org/c/opendev/system-config/+/868054 | 05:03 |
| ianw | clarkb: https://review.opendev.org/c/opendev/system-config/+/878042 is to trigger a gerrit image refresh which should get us the fixes for the related-changes links in the UI for 3.7. I think we could go to prod with that, but will keep an eye for further point releases | 05:23 |
| hitesh1409__ | Hi | 05:52 |
| opendevreview | Merged openstack/diskimage-builder master: Add swap support https://review.opendev.org/c/openstack/diskimage-builder/+/869270 | 06:38 |
| opendevreview | Merged openstack/diskimage-builder master: Correct boot path to cover FIPS usage cases https://review.opendev.org/c/openstack/diskimage-builder/+/876192 | 06:39 |
| *** jpena|off is now known as jpena | 08:22 | |
| hitesh1409_ | Hi Team, | 08:32 |
| hitesh1409_ | I've made some changes in the python-jenkins repository. Can you please review it? | 08:32 |
| frickler | hashar: ^^ seems the person has already left again, but it looks like you've been working on CI fixes recently. also not sure whether there's a better channel to redirect this to? | 09:09 |
| hashar | frickler: hello :) | 09:09 |
| hashar | ah yeah I think the CI is broken :/ | 09:09 |
| hashar | I will comment on their proposed change | 09:10 |
| hashar | namely the fix is https://review.opendev.org/c/jjb/python-jenkins/+/865776 ;) | 09:13 |
| hashar | there are various issues such as multi_key_dict requirement that probably got removed from the images/global requirements | 09:25 |
| hashar | setuptools v66 dropping `LegacyVersion` | 09:26 |
| hashar | and tox renaming `whitelist_externals` to `allowlist_externals` ;) | 09:26 |
| hashar | what puzzles me with the OpenDev Gerrit is we can't see the projects access lists nor the groups ( https://review.opendev.org/admin/repos/jjb/python-jenkins,access and `python-jenkins-core` group https://review.opendev.org/admin/groups/94568a57f89b3e6e706e37db97b4bc01649294f9 both show as empty) | 09:35 |
| *** dhill is now known as Guest8418 | 11:44 | |
| fungi | hashar: newer gerrit versions hide all access rules from users who aren't party to each rule. it's very annoying but i guess the gerrit maintainers think it's a security improvement that a general user can't find out who has access to what | 12:09 |
| fungi | hashar: you can find our acls in git though: https://opendev.org/openstack/project-config/src/branch/master/gerrit/acls/jjb/python-jenkins.config | 12:11 |
| hashar | fungi: ah great. Thank you | 12:11 |
| fungi | hashar: but you're not able to see the members in this list? https://review.opendev.org/admin/groups/python-jenkins-core,members | 12:12 |
| hashar | oh | 12:13 |
| hashar | yeah that works sorry | 12:13 |
| hashar | looks like I earlier today I stopped at the group page which merely has the descriptions https://review.opendev.org/admin/groups/python-jenkins-core | 12:13 |
| fungi | the default groups view in newer gerrit is the general group info yeah, you have to click "members" in the far left column | 12:13 |
| hashar | sorry for the misleading comment earlier :) | 12:14 |
| hashar | while on this topic, don't you have some yaml based system to manage all those groups and ACL? | 12:14 |
| fungi | the acls are in gerrit's ini type format and we just push those in through its git interface, groups are generally managed through the webui (we don't have any separate group management system) | 12:16 |
| fungi | we do have the mapping of acl files to projects in https://opendev.org/openstack/project-config/src/branch/master/gerrit/projects.yaml if that's what you're remembering | 12:17 |
| fungi | though the "groups" mentioned in there are for mapping from gerrit project names to project names in bug trackers | 12:17 |
| fungi | nothing to do with gerrit groups | 12:18 |
| opendevreview | Merged opendev/system-config master: gerrit images : trigger rebuild https://review.opendev.org/c/opendev/system-config/+/878042 | 13:04 |
| opendevreview | Julia Kreger proposed openstack/diskimage-builder master: Add a FIPS element https://review.opendev.org/c/openstack/diskimage-builder/+/877539 | 13:07 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Add promote-container-image role https://review.opendev.org/c/zuul/zuul-jobs/+/838919 | 14:56 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Revert "Use --password-stdin for upload-container-image" https://review.opendev.org/c/zuul/zuul-jobs/+/878048 | 14:56 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Add container repository cred permission checks https://review.opendev.org/c/zuul/zuul-jobs/+/878049 | 14:56 |
| noonedeadpunk | hey there :) | 15:11 |
| noonedeadpunk | fwiw clarkb: I've tried using rocky 8 container image and "just update" it with rocky-container dib element. And it failed on updating image due to curl/curl-minimal stuff https://paste.openstack.org/show/bXTh5GOe5PY6mWGMGtXJ/ | 15:12 |
| noonedeadpunk | just decided to follow up on idea that package update should be just fine... | 15:13 |
| clarkb | noonedeadpunk: is your dib up to date? there was an issue in dib itself around that iirc | 15:17 |
| clarkb | I mean if you pull the latest rock 8 image today and update it and that doesn't work again thats a bug with the distro | 15:18 |
| clarkb | but I think in this case dib needed an update and you dib may be out of date | 15:18 |
| opendevreview | Michael Johnson proposed openstack/diskimage-builder master: Fix ubuntu-minimal to run autoremove https://review.opendev.org/c/openstack/diskimage-builder/+/878089 | 15:19 |
| noonedeadpunk | clarkb: to be fair - I had like half a year old image lying around and jsut decided to try it out | 15:20 |
| noonedeadpunk | I know it's fixed now, but I guess what I meant is that just updating old images doesn't ususally work with rhel.... | 15:20 |
| noonedeadpunk | iirc it was fixed by `dnf install /usr/bin/curl` isntead of `dnf install curl` | 15:21 |
| clarkb | how do people update rhel then? I mean I've never had this issue with a traditionally released distro. Arch yes because arch expects users to continuously update to keep up with its rolling nature | 15:21 |
| clarkb | But I also don't use rhel based distros | 15:21 |
| noonedeadpunk | Dunno, with pain? Because in osa we used to have issues a lot, whenever new point release was published | 15:22 |
| noonedeadpunk | changes in package names, repos, config paths - all was happening for 7 and 8 | 15:23 |
| clarkb | right but you have to be able to upgrade from 8.1 to 8.6 or whatever? | 15:23 |
| clarkb | I understand package names may change and binaries may move, but the packages and package manager should accomodate that? | 15:23 |
| noonedeadpunk | Well, might be, but it's way harder to accomodate tools like dib to deal with that. As another example was rename of high-availability repo to HighAvailability, so with new point release attempt to add `high-availability` would just fail out. And attempt to add HighAvailability on older point release as well was failing. | 15:26 |
| clarkb | I guess they don't do transitional packages like debuntu? | 15:27 |
| noonedeadpunk | So to support that in element you need to really identify exact release number and install based on that, which is way more hussle to support | 15:27 |
| clarkb | I guess the issue is the distro is buggy :) | 15:27 |
| noonedeadpunk | nah. they don't | 15:27 |
| noonedeadpunk | Well, maybe they do sometimes... I don't really use centos for really a long time now anywhere on prod so can't tell how just manual updates go, but trying to automate these was really interesting thing to do. | 15:28 |
| clarkb | jitsi meet hasn't updated docker image locations yet | 16:00 |
| *** artom_ is now known as artom | 16:08 | |
| fungi | were they planning to? | 16:19 |
| fungi | was there any discussion linked somewhere? | 16:19 |
| clarkb | fungi: yes they are planning to host on github's registry https://github.com/jitsi/docker-jitsi-meet/issues/1502 | 16:20 |
| fungi | aha, thanks, now i remember you pointing that out earlier | 16:21 |
| clarkb | part of my concern here is that we don't end up on stale images again without noticing. I'll keep an eye on that issue and their docker-compose file over the next few days and hopefully catch the switch | 16:38 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image variables https://review.opendev.org/c/zuul/zuul-jobs/+/878137 | 17:00 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Add promote-container-image role https://review.opendev.org/c/zuul/zuul-jobs/+/838919 | 17:18 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Revert "Use --password-stdin for upload-container-image" https://review.opendev.org/c/zuul/zuul-jobs/+/878048 | 17:19 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Add container repository cred permission checks https://review.opendev.org/c/zuul/zuul-jobs/+/878049 | 17:19 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image variables https://review.opendev.org/c/zuul/zuul-jobs/+/878137 | 17:20 |
| *** jpena is now known as jpena|off | 17:21 | |
| opendevreview | Jeremy Stanley proposed openstack/project-config master: Replace old Antelope cycle key with 2023.2/Bobcat https://review.opendev.org/c/openstack/project-config/+/878144 | 17:44 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image variables https://review.opendev.org/c/zuul/zuul-jobs/+/878137 | 18:02 |
| clarkb | fungi: ianw: I think we may want ot ask both works on arm and linaro if they want to be posted since they are two halves of the one coin there | 20:02 |
| fungi | ianw: i guess it's a question of whether we attribute it to linaro, or works on arm, or both | 20:02 |
| fungi | we did something similar with platform9 right? | 20:02 |
| clarkb | My initial thought is both because with only one or the other we wouldn't have what we need | 20:02 |
| fungi | though also i'm now remembering that our linaro justification was for hosting the nodepool builder, which has since moved to osuosl? | 20:03 |
| fungi | starting to wonder if we should just list everybody there ;) | 20:03 |
| ianw | i mean it's not lying, and more logos does i guess convey that we interact with a wide range of providers in various ways | 20:05 |
| opendevreview | Merged openstack/project-config master: Temporarily remove release docs semaphores https://review.opendev.org/c/openstack/project-config/+/877552 | 20:15 |
| opendevreview | Merged openstack/diskimage-builder master: Fix ubuntu-minimal to run autoremove https://review.opendev.org/c/openstack/diskimage-builder/+/878089 | 20:33 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image jobs https://review.opendev.org/c/zuul/zuul-jobs/+/878172 | 20:51 |
| corvus | clarkb: fungi ianw ^ that refactors the jobs to make it clear that there are multiple axes: roleset ("docker" or "container"), command ("docker" or "podman"), multiarch (true, false), promote (true, false) | 20:53 |
| corvus | i think i also added container_roleset+docker_command tests in there | 20:53 |
| corvus | once we're happy with that, we should add the multi-arch support on top of that and add those jobs to the matrix too | 20:54 |
| clarkb | corvus: sounds good | 20:58 |
| clarkb | ianw: your gerrit 3.7 checklist of DONE items lgtm. I did leave a couple of comments in places but nothing that needs action. THough I suggest we might test downgrades | 20:59 |
| clarkb | corvus: I'll take a look at that change after a bike ride. Then start looking at multiarch I guess | 21:00 |
| ianw | clarkb: thanks, yep we can try with a held node with the new build | 21:00 |
| corvus | clarkb: awesome thanks! | 21:00 |
| ianw | fungi: https://review.opendev.org/c/openstack/project-config/+/877721 was one i meant to mention. that came out of discussions in #openstack-infra about the way openstack/releases is showing in the UI | 21:08 |
| fungi | ianw: yep, i saw 877721 but it didn't have feedback from the release managers acknowledging it yet and i didn't want to change things up on them until after the impending openstack release anyway | 21:13 |
| ianw | ok no worries, a good answer on the whole thing alludes me anyway | 21:14 |
| fungi | agreed, it's yet another example of gerrit ui changes which they probably didn't consider too heavily beyond "does google rely on this?: | 21:15 |
| opendevreview | Ian Wienand proposed zuul/zuul-jobs master: containers : update test variable https://review.opendev.org/c/zuul/zuul-jobs/+/878175 | 22:58 |
| opendevreview | Ian Wienand proposed zuul/zuul-jobs master: container role docs : clarify requirements https://review.opendev.org/c/zuul/zuul-jobs/+/878176 | 22:58 |
| opendevreview | Ian Wienand proposed zuul/zuul-jobs master: container role docs : clarify requirements https://review.opendev.org/c/zuul/zuul-jobs/+/878176 | 22:59 |
| opendevreview | Merged zuul/zuul-jobs master: build-docker-image: further cleanup buildx path https://review.opendev.org/c/zuul/zuul-jobs/+/872806 | 23:27 |
| clarkb | corvus: I'm looking at that change and a number of things confuse me around the addition and removal of the files. It seems you didn't remove the file that called the inner playbook and that playbook set additional vars to not promote things. Should we keep the inner file and send things through that outer playbook or remove it and move the vars it set into the new file? | 23:37 |
| clarkb | and then we need to update the jobs in the pipeline listigs. I can do that but I'm somewhat confused over what the intent was there | 23:37 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image jobs https://review.opendev.org/c/zuul/zuul-jobs/+/878172 | 23:38 |
| corvus | clarkb: re the job listings -- i forgot to run the update script (and also i had a docker/container typo at one point) | 23:39 |
| corvus | oh i'll go delete the other playbooks | 23:39 |
| corvus | the intent with removing those playbooks was to just defer to the new "promote" variable in the job def since that's all those did | 23:40 |
| clarkb | corvus: I see and that gets mapped properly with the different vars names? | 23:40 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image jobs https://review.opendev.org/c/zuul/zuul-jobs/+/878172 | 23:41 |
| clarkb | ya ok that looks more like what I expected. | 23:41 |
| corvus | one more pass for whitespace | 23:41 |
| opendevreview | James E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image jobs https://review.opendev.org/c/zuul/zuul-jobs/+/878172 | 23:42 |
| corvus | there we go | 23:42 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!