Wednesday, 2024-03-06

« Tuesday, 2024-03-05 Index Thursday, 2024-03-07 »
opendevreviewMerged openstack/diskimage-builder master: Cleanup uses of DIB_IMAGE_ROOT_FS_UUID variable  https://review.opendev.org/c/openstack/diskimage-builder/+/90555600:58
opendevreviewMerged openstack/diskimage-builder master: Bump upper version of flake8  https://review.opendev.org/c/openstack/diskimage-builder/+/90933600:58
*** promethe- is now known as prometheanfire01:30
*** liuxie is now known as liushy02:51
opendevreviewBirger J. Nordølum proposed openstack/diskimage-builder master: feat: add almalinux-container element  https://review.opendev.org/c/openstack/diskimage-builder/+/88385506:48
opendevreviewThierry Carrez proposed opendev/irc-meetings master: Large Scale SIG now meets monthly  https://review.opendev.org/c/opendev/irc-meetings/+/91141609:36
opendevreviewBirger J. Nordølum proposed openstack/diskimage-builder master: feat: add almalinux-container element  https://review.opendev.org/c/openstack/diskimage-builder/+/88385509:54
opendevreviewMerged opendev/irc-meetings master: Large Scale SIG now meets monthly  https://review.opendev.org/c/opendev/irc-meetings/+/91141610:07
*** mrunge_ is now known as mrunge10:22
opendevreviewJonathan Rosser proposed openstack/project-config master: Implement ironic-unmaintained-core group  https://review.opendev.org/c/openstack/project-config/+/91157613:12
opendevreviewJonathan Rosser proposed openstack/project-config master: Implement openstack-ansible-unmaintained-core group  https://review.opendev.org/c/openstack/project-config/+/91157613:13
opendevreviewJonathan Rosser proposed openstack/project-config master: Implement openstack-ansible-unmaintained-core group  https://review.opendev.org/c/openstack/project-config/+/91157613:23
fungi#status log Restarted the ptgbot container to force a reconnect to IRC since it came loose during a netsplit at 00:49 UTC13:56
fungihuh, looks like the statusbot may have met a similar fate13:57
fungi0049 <-- opendevstatus (~opendevst@eavesdrop01.opendev.org) has quit (resistance.oftc.net larich.oftc.net)13:57
fungiyep. i'll restart it too13:57
*** tosky_ is now known as tosky13:57
fungi#status log Restarted the ptgbot and statusbot containers forcing them to reconnect to IRC since both came loose during a netsplit at 00:49 UTC13:59
opendevstatusfungi: finished logging14:01
fungithe meetbot doesn't appear to have been impacted, fwiw14:06
frickleryes, successfully started kolla meeting right now14:08
*** dansmith_ is now known as dansmith15:02
TheJuliaAny chance I could get some insight from the opendev wizzards? Specifically curious why https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/909939 doesn't seem to be triggering anything15:06
TheJuliain zuul, that is.15:06
opendevreviewJeremy Stanley proposed openstack/project-config master: Try switching Rackspace DFW to an API key  https://review.opendev.org/c/openstack/project-config/+/91138115:06
jrosser_TheJulia: is the depends-on abandoned?15:07
fungilooks like it is indeed, yes15:07
fungigood eye jrosser_!15:07
TheJuliaThat would do it15:07
TheJuliaThanks guys, I'll make more coffee now15:07
fungiit's late enough in the morning here i think i'd better switch to tea15:08
clarkb1we got the email from rax finally which is the final confirmation this is coming for our accounts too16:39
fungiit's heading right for us!16:40
clarkb1fungi: I think corvus was hoping to avoid approving the nodepool rackspace auth change until after we confirmed it was working on nl01?16:41
clarkb1we have a couple minutes to remove the +A if so16:41
clarkb1but also its easy enough to revert so meh16:42
clarkb1but we could use the artifact for the launcher from here: https://zuul.opendev.org/t/zuul/build/e02cb1c8119b4a00bb6c4a02e13585a4/artifacts to test it before merging16:42
fungioh, sorry! i think i forgot that discussion happened since it wasn't mentioned in the review comments. anyway i unapproved it16:42
fungiclarkb1: technically zuul will upload a container image to quay before it decides not to merge, it just won't tag it in promote16:43
fungibut we could also grab it from the intermediate registry sure16:43
clarkb1fungi: ya so you can pull it from quay or the insecure registry16:43
clarkb1I need to figure out this 1 tail16:43
fungiyou're number one!16:44
fungier, you're the duke of new york, you're a-number-one?16:44
fungi(sorry, couldn't help that one)16:44
clarkb1fungi: other things to note: I'm not sure if openstacksdk will get grumpy on the other launchers trying to read the new clouds.yaml16:44
clarkb1I think it only loads the clouds.yaml info when you ask it to set up a cloud connection so its probably fine16:45
clarkb1but if not we can put all the nodepool nodes in the emergency file16:45
clarkb1oh and the infra-prod-service nodepool job runs hourly so we may have to put at least nl01 into the emergency file while testing16:45
clarkb1(to prevent it from reverting to the prod released image and restarting the container under us)16:45
clarkb1in any case I think the system-config change goes in first, then we have to coordinate the project-config update with a launcher update on nl01. Might have some slight bumps along the way but nothing we can sort out16:46
fungiwe could also test out the launch_node script before moving onto nodepool tests16:47
clarkb1oh ya that too16:49
clarkb1since that is only depending on the system-config update16:49
fungicertainly if things break there, then that's a signal to pause and work out why before we move onto nodepool16:51
clarkb1ya though note the volume stuff is unahppy already. I would just do a simple server boot and not worry about volumes16:53
clarkb1I think that gets us 90% of what we need anyway16:54
*** clarkb1 is now known as clarkb16:55
clarkbfungi: I'm not going to be around for the next several hours (maybe longer than that actually), but I'm happy if you want to proceed with the system-config change and start testing some stuff17:01
clarkbfungi: also on the git-review side of things I think we can approve https://review.opendev.org/c/opendev/git-review/+/910268 and the rebase cleanup change. Then maybe make a release then do a followup release for the other changes if you want to get those in too?17:01
fungisounds good. have fun!17:06
fungii'll get the launch script tested and revisit git-review changes if nothing major comes up17:07
clarkbthanks!17:07
opendevreviewClark Boylan proposed opendev/system-config master: Move gerrit replication waiting queue aside during project renames  https://review.opendev.org/c/opendev/system-config/+/91162217:20
clarkbthis is a quick stab at moving waiting queues aside during the rename process. I'm not sure I like the approch there (maybe we should just delete the queue instead), btu wanted to get something up now so I don't forget also feedback welcome17:21
clarkbthat playbook should be tested by the system-config-run-* jobs for gerrit too which is nice17:21
fungiclarkb: not sure if you really meant to mv instead of cp there17:23
clarkbfungi: I did!17:23
clarkbbad copy pasta from the task above17:24
fungigot it17:24
opendevreviewClark Boylan proposed opendev/system-config master: Move gerrit replication waiting queue aside during project renames  https://review.opendev.org/c/opendev/system-config/+/91162217:25
opendevreviewMerged opendev/git-review master: Don't make hook script read-only  https://review.opendev.org/c/opendev/git-review/+/91026817:44
opendevreviewMerged opendev/system-config master: Transition to Rackspace API keys  https://review.opendev.org/c/opendev/system-config/+/91116418:02
opendevreviewMerged opendev/git-review master: Vendor a copy of Gerrit's commit-msg Git hook  https://review.opendev.org/c/opendev/git-review/+/91027518:06
fungiokay, clouds.yaml additions just deployed to bridge, so i'll start trying things out there18:30
fungilaunch-node run underway using the new --cloud=opendevci-rax instead of the old --cloud=openstackci-rax and it seems to be interacting with the api normally18:32
fungicompleted without error, and i'm able to ssh into the resulting server instance normally18:40
fungithe /usr/local/bin/openstack on bridge is symlinked to /usr/launcher-venv/bin/openstack and is able to openstack server list and openstack server delete just fine too18:43
fungiagain with the new --os-cloud=opendevci-rax instead of the old --os-cloud=openstackci-rax18:43
Clark[m]Woot18:43
fungiopenstack volume list is working fine too18:44
fungias a secondary check, i can openstack server list with the new --os-cloud=opendevzuul-rax (instead of the old --os-cloud=openstackjenkins-rax) too18:46
fungiand i see nodepool nodes in dfw for example18:46
fungiso i think this is as thorough of a test as we need to do for this phase18:47
funginew configuration parameters seem right, api keys are also apparently correct18:47
opendevreviewMerged opendev/git-review master: Don't keep incomplete rebase state by default  https://review.opendev.org/c/opendev/git-review/+/85006118:49
fungihow did we want to go about nodepool testing for the next phase? put all nodepool servers except nb01 and nl01 into emergency disable, let 911381 deploy, add nb01 and nl01 to emergency disable, pull experimental nodepool images onto them and restart the containers, then watch for errors?18:49
fungiinfra-root: we're talking about tagging the current state of git-review's master branch for a new release (probably 2.4.0). the changes since the last release (2.3.1) can be found here for your convenience: https://paste.opendev.org/show/bOoHHxUEW8odCDEetUXO/19:00
fungijudging from https://docs.opendev.org/opendev/git-review/latest/releasenotes.html only two of those changes came with release notes. which others do you think we should add release notes for?19:01
fungi(note i highlighted infra-root to get their attention, but anyone who cares is welcome to provide input)19:02
fungi"feat(cmd): add hashtag implementation" and "Add message option" probably at a minimum? "Use GIT_SSH for the SSH executable" maybe as well? i'm on the fence about "Warn rather than fail if HEAD already exists on the remote" and we probably don't need to call out changes like "Add --wip as an alias to --work-in-progress" or "Add classifiers for Python 3.10 and 3.11" but i suppose we can19:04
fungilet me know which of those you think warrant their own release notes and i'm happy to write them up in a catch-up change we can expedite19:05
fungii'll also try to do a better job in the future of asking contributors to include release notes (or amending their changes myself)19:06
fungialso it looks like i used the wrong markup in my release notes. should have wrapped commands and options in doubled backticks rather than single. i can fix those up in the same change19:09
JayFoooh fixing git-review to use GIT_SSH is going to be great19:27
JayFthat needs to be release noted for sure19:27
JayFgoing to be a HUGE help for people running on WSL/Windows due to the shenanigans (windows ssh can't talk to mingw/git ssh agents)19:28
fungicool, so that's at least 3 more release notes to add to the existing 219:31
corvusfungi: to that i would say "yes" to "wip" and "no" to classifiers19:40
fungiokay, can add a simple mention of the --wip alias19:41
fungiyes on one no on two19:41
corvus(my test for a release note is "might a user change their behavior or usage of the program based on reading this")19:41
corvusfungi: yes no two!19:41
fungirodger rodger19:42
corvushttps://www.youtube.com/watch?v=zSdObe8VRDE&t=60s19:43
fungiin the past we've sometimes mentioned when we started testing some tools on new python versions, which is why i mentioned the classifiers (but sort of embarrassing to have a release that proclaims it's now tested on python 3.11 when 3.12 has been out for a while)19:44
fungiah, yes, the prop 242 misspelling classic19:45
corvusyeah, my feeling is that if it starts or stops working on some python version due to effort on our part, that warrants a note, but "still works" doesn't make the cut, mostly so that notes don't get long and boring.  i don't feel strongly about it, but i have thought about it and those are my thoughts.  :)19:45
fungiagreed19:45
fungiwe did, for example, add a release note when we dropped python 3.5 support in git-review19:46
fungibut this version is still tested on 3.6 so we're fine there19:46
fricklerfungi: if this can wait until tomorrow, I'll be happy to take a look at those, too. out for today now19:52
fungifrickler: yeah, i don't think it's super urgent19:55
diablo_rojoHello party people :) 20:34
diablo_rojofungi: Clark I would like to introduce you to aquin and his professor profcorey 20:34
diablo_rojoWe are getting aquin setup to work on horizon and we are hitting that super awesome issues where it tells us to manually setup a remote20:35
diablo_rojoWe double checked usernames, sshkeys, icla but still are having no success. 20:35
diablo_rojoAny ideas? 20:35
JayFprofcorey: o/ hey Corey20:36
JayFdiablo_rojo: is this windows/wsl by any chance?20:37
diablo_rojoJayF: it is :) 20:37
JayFSo a possible thing you're hitting is that git-review and the scp command git-review runs may be using different SSH binaries20:37
JayFif you run with enough -vvvv you may get some useful output to share20:38
JayFif that's what's happening, I think you can manually add the hook and it'll fix things up20:38
diablo_rojoWe will give the -vvvv a try!20:39
profcoreyHi Jay!20:41
aquinhttps://paste.opendev.org/show/beCdECA65ygloteaB9aL/20:41
diablo_rojoJayF: ^20:41
JayF> ssh://aquintero93@review.opendev.org:29418/opendev/sandbox.git did not work. Description: Host key verification failed.20:42
JayFis the meaningful bit20:42
JayFwhat does review.opendev.org resolve to, there?20:42
aquinI have a cloned sandbox repo20:44
JayFI have to AFK for a bit (probably 20ish minutes); but I'd suggest:20:44
JayF1) Validating that review.opendev.org resolves where you'd expect; mine resolves to review02.opendev.org / 199.204.45.3320:44
JayF2) Assuming ^ that is true (and only if that looks like you expect), check ~/.ssh/known_hosts and remove anything relating to opendev or that IP20:44
JayF3) Try again20:44
diablo_rojoJayF: sounds good! Thank you!20:44
fungidiablo_rojo: aquin: profcorey: hi! apologies, you caught me in the middle of an early dinner20:51
fungii can check the server for errors related to the aquintero93 user20:52
fungiinteresting, no matches for any aquintero93 user in the log20:53
diablo_rojofungi: thank you! We are working through what JayF suggested. 20:53
diablo_rojoHuh. 20:53
fungibut since it's a "Host key verification failed" error, it probably never got as far as trying to authenticate20:53
fungiusually, openssh will let you know when the host key it sees from the server is unknown, and will prompt you to remember it20:54
diablo_rojoHe doesn't actually have a knownhosts file in the dir, just the ssh keys he created and shared with gerrit. 20:56
fungiit's possible running `ssh -p 29418 aquintero93@review.opendev.org` would produce a more useful error20:56
diablo_rojoOn it. 20:57
diablo_rojoOh that looks much happier20:58
fungidid that get a "Welcome to Gerrit Code Review" banner?20:59
diablo_rojoCorrect20:59
fungidid it prompt to remember the host key, or no?20:59
diablo_rojoIt did20:59
fungii wonder if running `git review -s` would "just work" now21:00
diablo_rojoaquin:  did you already delete the sandbox repo? 21:02
diablo_rojoIf not give that a try? 21:02
fungimaybe there's something off with ssh's ability to cache host keys when called from git on wsl. as JayF mentioned earlier, https://review.opendev.org/c/opendev/git-review/+/890043 may be a useful workaround for situations where the GIT_SSH environment variable has been set, should be included in 2.4.0 when we release it (likely later this week)21:02
aquinOk I believed runnign 'git review -s' again simply woked21:03
aquinI'm getting a: 'Creating a git remote called 'gerrit' that maps to:21:04
aquinssh://aquintero93@review.opendev.org:29418/opendev/sandbox.git'21:04
fungiyeah, that's what it was supposed to do before21:04
fungiin that case, this is probably "fixed" for the environment you've got set up, but if you try to do it again from a new computer you may run into a similar situation21:04
diablo_rojoHuzzah!21:05
aquinOk perfect thanks a lot!21:05
fungiout of curiosity, what does it say if you enter `echo $GIT_SSH` (without the quotes)?21:05
fungia blank line, or does it spit out a path to a git executable?21:05
fungialso, what distro is your wsl using? ubuntu (i think that's the default if you don't specify anything when building it)? debian? something else?21:07
aquinfungi: I am using Ubuntu in my WSL21:12
fungithanks. and does $GIT_SSH appear to be set or no?21:13
aquinfungi: When I use the 'echo' command above, it produces PS C:\Users\aquin\OneDrive\Documents\Projects\sandbox>21:13
fungiokay, so just another prompt, no actual value for that environment variable. in that case change 890043 probably isn't going to help avoid that in the future on its own21:14
aquinSorry, I should be good to go now though right?21:19
diablo_rojoaquin: so now you can make a branch, make a file add some pizzaz to it, git add it and git commit it and git push. 21:26
fungiaquin: absolutely, but if you run into more problems please feel free to reach out here21:26
fungithere are often people around, but we're a global community living in a variety of timezones, so sometimes it may take a while to get an answer, just be patient21:27
aquindiablo_rojo: Sounds good will do! I have to pivot over to some meetings and deliverables at work, but as soon as I get off I will tackle this!21:29
diablo_rojoSounds good! 21:30
aquinfungi: Thank you!21:30
diablo_rojoYou can ping me here later or on my other nick diablo_rojo_phone and I will try to help out if I can!21:30
jrosserfungi: mtu is a usual trip hazard with ssh in wsl21:31
Clark[m]fungi: trying to catch up quickly. I think I convinced myself that we don't need to do anything outside nl01. The updated config won't affect them and if builders fail it isn't an urgent issue22:05
Clark[m]fungi: so I think we can land changes in whatever order works and restart nl01 on the intermediate image. Or maybe just approve the nodepool change after your testing on bridge22:06
fungiokay, so basically merge 911381 and, once it deploys, put nl01 in the emergency disable list and pull the experimental nodepool image there and restart onto it?22:06
Clark[m]Ya22:09
Clark[m]The builders will be angry for a bit but as mentioned not a big deal22:09
Clark[m]But if you want out then into the emergency file now and we can sort them out after22:10
Clark[m]nb01 and nb02. nb04 doesn't talk to rax dfw so will be unaffected 22:11
Clark[m]Why would ssh under wsl have a different mtu than the windows host?22:11
fungiit's basically a virtual machine, and uses separate addressing on an internal switch that has to be encapsulated, from what i understand22:12
Clark[m]Huh there really shouldn't be a reason for tunneling a single special purpose VM22:13
fungior at least the networking layer for it is virtualized by default22:13
Clark[m]Should be able to just route or NAT out22:13
fungiwell, wsl can have an arbitrary number of machines too, i think22:13
Clark[m]You really only need the tunnel stuff when you want arbitrary addressing that may conflict with other addresses. Maybe they are just being extra cautious22:15
fungii think there are also ways to change the networking model it uses, not sure22:18
fungii'd read that it was fairly limited on windows 10 but got more flexible on 1122:19
*** kopecmartin_ is now known as kopecmartin22:50
clarkbfungi: re git review release notes corvus' rule makes sense to me22:52
fungicool. if you spot any other changes that could use release notes, let me know22:53
clarkbit just occurred to me that the other place that MFA will impact us is DNS22:55
clarkbthsi is far less of an issue these days since there are few oepnstack.org records22:55
clarkbI'll bring it up on the foundation side too since this is one of those weird shared situations22:56
clarkbI believe that account is shared but we have our own credentials for it so amybe we just need our own MFA setup for it and then we're good. That doesn't address configuring dns records automatically but as mentioned this is less and less cmommon so maybe we can live with that22:58
fungiactually the account is not shared. we have our own dedicated account, the tenant/project is shared though23:00
fungithough i guess that's what you said, more or less23:00
clarkbya we login using "infra" credentials but then have access to the shared openstack.org domain23:00
clarkbhowever that ends up being structured. I suppose the most likely scenario there is we set up MFA for the credentials we use and that doesn't affect a nyone else's access to the resources23:01
fungithat's what i'm expecting will happen23:01
opendevreviewBirger J. Nordølum proposed openstack/diskimage-builder master: feat: add almalinux-container element  https://review.opendev.org/c/openstack/diskimage-builder/+/88385523:07
clarkbfungi: I'm guessing that at this point we'll test nodepool stuff tomorrow? (thats fine just making sure I'm caught up on where we are at)23:11
fungiyeah, that's my expectation23:12
« Tuesday, 2024-03-05 Index Thursday, 2024-03-07 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!