#openstack-meeting log

19:01:15 <clarkb> #startmeeting infra
19:01:16 <openstack> Meeting started Tue Jan  9 19:01:15 2018 UTC and is due to finish in 60 minutes.  The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:01:17 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:01:19 <openstack> The meeting name has been set to 'infra'
19:01:28 <clarkb> #link https://wiki.openstack.org/wiki/Meetings/InfraTeamMeeting#Agenda_for_next_meeting
19:01:37 <clarkb> #topic Announcements
19:01:53 * mordred waves
19:02:02 <clarkb> I will be traveling for meetings on January 23rd so will not be able to run or attend the infra meeting
19:02:06 <fungi> i'm back, just in the nick of time
19:02:10 <clarkb> that is the meeting after next
19:02:17 <clarkb> I think fungi is in this same boat too.
19:02:18 <mordred> fungi: I thought you were back in the nick of fungi
19:02:24 <fungi> i'll be on the same trip, so can't volunteer to chair
19:02:43 <clarkb> would be great if someone else was able to run that assumed we aren't all traveling at the same time
19:02:47 <clarkb> let me know if you are interested
19:03:03 <fungi> pabelanger and ianw have chaired meetings in my stead in the past, fwiw
19:03:21 <ianw> happy to if nobody else wants to
19:03:25 <pabelanger> yah, happy to help, unless somebody else wants to try :)
19:03:32 <fungi> who ever _wants_ to chair a meeting? ;)
19:03:53 <clarkb> #topic Actions from last meeting
19:04:00 <clarkb> #link http://eavesdrop.openstack.org/meetings/infra/2018/infra.2018-01-02-19.06.txt minutes from last meeting
19:04:07 <clarkb> there were none \o/
19:04:20 <fungi> success!
19:04:25 <clarkb> #topic Specs approval
19:04:53 <clarkb> I don't think there are any specs up for approval right now. But I do still intend on cleaning up our specs list after fungi's jenkins vote removal bubbled a bunch of old ones to the front of the list
19:05:15 * fungi is happy to tale the blame for people noticing old changes in review
19:05:15 <corvus> i didn't put it on the agenda, but i'd like to issue a request for collaboration on https://review.openstack.org/531242
19:05:15 <clarkb> Also worth mentioning there is an irc bot improvement spec that we should be reviewing which is related to handling the irc spam freenode has been seeing recently
19:05:21 <corvus> clarkb: ya that :)
19:05:22 <fungi> er, s/tale/take/
19:05:53 <clarkb> it would be helpful if you could rebase your old specs if they are still valid and abandon them otherwise
19:06:06 <clarkb> I will be going through and doing this for specs whose owners are less active now
19:06:21 <clarkb> #link https://review.openstack.org/531242 irc bot improvement spec
19:06:36 <pabelanger> Yah, I have a spec or 2 to rebase
19:06:39 <corvus> please get me feedback on that soon, and i'll put it on the agenda for approval
19:06:51 <fungi> thanks for the reminder on the irc spec
19:07:13 <dmsimard> \o sorry I'm late
19:07:41 <clarkb> #topic Priority Efforts
19:07:47 <clarkb> #topic Storyboard
19:07:57 <dmsimard> There is also the ARA spec, I was waiting on one more review or two before spinning up a new draft: https://review.openstack.org/#/c/527500/
19:08:05 <dmsimard> oops
19:08:13 <clarkb> #undo
19:08:14 <openstack> Removing item from minutes: #topic Storyboard
19:08:16 <clarkb> #undo
19:08:17 <openstack> Removing item from minutes: #topic Priority Efforts
19:08:34 <clarkb> #link https://review.openstack.org/#/c/527500/ ARA dashboard spec
19:08:59 <clarkb> dmsimard: you might want to rebase it and push a new patchset anyways as it is merge conflicted which a lot of people filter out
19:09:11 <dmsimard> I can do that.
19:09:31 <clarkb> #topic Priority Efforts
19:09:40 <clarkb> #topic Storyboard
19:10:02 <clarkb> We don't often have storyboard topics in this meeting but I wanted to mention that I have nominated diablo_rojo as storyboard core
19:10:21 <clarkb> diablo_rojo has been actively reviewing and shepherding storyboard changes recently and want ot encourage more of that.
19:10:43 <clarkb> (this in addition to helping projects work through the migration to storyboard)
19:10:56 <clarkb> there is an email thread on the infra list if you want to chime in
19:11:05 <clarkb> #topic Zuul v3
19:11:28 <corvus> See my email about mailing lists
19:11:43 <clarkb> I've almost got the zuulv3-issues etherpad cleared out by either tracking down things as fixed, fixing them, or creating bugs.
19:11:52 <corvus> #link zuul mailing list email http://lists.openstack.org/pipermail/openstack-infra/2018-January/005758.html
19:12:13 <fungi> zuul mailing lists double-plus good
19:12:25 <corvus> clarkb: thanks!
19:12:35 <corvus> note that clarkb added two 3.0 release blocking bugs to storyboard
19:12:54 <fungi> mmedvede'
19:12:56 <corvus> so there's work available there
19:13:04 <diablo_rojo> thanks clarkb :)
19:13:06 <fungi> s puppet changes are looking good
19:13:22 <corvus> fungi: oh great!
19:13:28 <clarkb> fungi: is there a topic or other gerrit query we can use to find those?
19:13:29 * fungi apologizes for having his return key adjacent to his apostrophe)
19:13:40 <corvus> fungi: i fixed that, it's next to my
19:13:40 <corvus> -
19:13:41 <corvus> key
19:13:44 <clarkb> (they are on my list of things to followup on to make sure we are progressing towards a merged feature branch)
19:13:45 <fungi> hah
19:14:04 <mordred> fyi for folks, we're working on turning on testing ansible PRs from their github repo - https://review.openstack.org/#/q/topic:turn-on-ansible is the stack ATM
19:14:08 <fungi> clarkb: good question. i simply found them looking in openstack-infra/puppet-openstackci open changes
19:14:10 <corvus> fungi: are they just ready for a +3 or are we going to need to be careful?
19:14:15 <clarkb> fungi: thanks
19:14:33 <corvus> #link puppet-openstack changes https://review.openstack.org/523951
19:14:45 <fungi> i think they're probably ready for +3 since they default to zuul 2.x code paths, but eatra reviews are of course strongly recommended
19:14:59 <fungi> er, extra
19:15:08 <fungi> not eatra
19:15:13 <fungi> but that should totally be a word
19:15:17 <corvus> mordred: that's so cool.  i'm hoping to follow that up shortly with cross-source deps which will be nice to have in place before we make any big announcements (that way we can show people a change in ansible depending on a change in shade!)
19:15:50 <clarkb> mordred: corvus will/are we reporting to github yet?
19:15:59 <clarkb> or is it currently just commenting on gerrit changes?
19:16:03 <mordred> we are not yet reporting to github but will be by the end of that stack
19:16:11 * fungi wants a change in nodepool depending on a change in ansible depending on a change in shade
19:16:20 <clarkb> and ansible knows that this is happening and won't hunt us down?
19:16:20 <mordred> currently iterating on the test job to make sure it's actually, you know, testing the right thing
19:16:25 <fungi> i recently had a change in pbr which depended on a change in setuptools
19:16:35 <fungi> but alas, no zuul support for me
19:16:38 <corvus> so we'll start reporting... poke at things a bit, make sure it looks good, add in cross-source deps, test that out, then show people how cool it all is
19:16:39 <mordred> clarkb: yup!
19:16:50 <clarkb> cool
19:17:05 <pabelanger> exciting times
19:17:21 <fungi> and not even in the ancient chinese proverb sense
19:17:24 <mmedvede> o/
19:17:46 <clarkb> mmedvede: other than reviews is there anything we need to be doing or aware of in updating puppet-openstackci?
19:18:07 <fungi> clarkb: luckily, we have robyn to prevent ansible people from _actually_ hunting us down
19:18:30 <corvus> incidentally, the implementation path i've chosen for cross-source deps should let us leave error messages on changes when there are dependency cycles.  that's a long-requested feature.
19:18:30 <mmedvede> clarkb: well, it is more work than I initially thought it would be :)
19:18:50 <fungi> corvus: i missed that tidbit... amazing!
19:19:08 <dmsimard> corvus++
19:19:08 <corvus> fungi: it's not there yet -- will probably happen in a followup.  but i'm laying groundwork.
19:19:09 <mordred> corvus: \o/
19:19:18 <clarkb> corvus: I filed two bugs related to that that are not marked 3.0 just 3
19:19:20 <fungi> color me excited
19:19:37 <clarkb> corvus: one is lack of reporting the other is detecting cycles when there isn't a proper cycle
19:20:17 <clarkb> alright any other zuul v3 related items?
19:20:52 <corvus> nak
19:21:03 <mmedvede> clarkb: I am restarting work on puppet-openstackci, would follow up outside of meeting with you if you got a moment
19:21:14 <clarkb> mmedvede: sure
19:21:20 <clarkb> #topic General Topics
19:21:27 <clarkb> Meltdown/Spectre!
19:21:45 <corvus> it's the 9th is ubuntu updated?
19:21:45 <fungi> i've melted down at least a few spectres already
19:21:54 <clarkb> corvus: they have not
19:22:08 <clarkb> corvus: there are kernels in testing though, but they haven't listed one for trusty unless you use the xenial kernel on trusty :/
19:22:15 <fungi> debian was pretty johnny-on-the-spot, but it's hard to beat openbsd getting patches in more than a decade ago
19:22:28 <clarkb> fungi: debian still doesn't have kernel for jessie for me :/
19:22:32 <corvus> #link ubuntu meltdown/spectre https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
19:22:44 <fungi> clarkb: it's called 'apt dist-upgrade' to stretch :/
19:23:01 <clarkb> fungi: ya I should probably upgrade the entire OS
19:23:02 <fungi> lts security is not handled by the debian security team, alas
19:23:02 <corvus> meanwhile, the meltdown POC was published today...
19:23:20 <dmsimard> In the meantime, I've (for another purpose) made what should be a cross-distro playbook that allows to see what hosts are patched and which aren't
19:23:22 <clarkb> anyways tl;dr for us is this:
19:23:26 <mordred> fungi: so we should be migrating to openbsd, yeah?
19:23:46 <dmsimard> I'll clean it up and we can use it to keep an inventory of which host needs to be patched still
19:23:48 <fungi> mordred: i'm running a bunch of it at home since long ago
19:23:52 <clarkb> Our CentOS machines (git*.openstack.org) are all patched and running with page table isolation. We are waiting for ubuntu to publish kernel updates for the rest of our control plane.
19:23:58 <corvus> dmsimard: sounds cool, thx
19:24:09 <fungi> and i gather you can run openbsd virtual machines as long as you don't need pv guests, but i still need to try that myself
19:24:12 <clarkb> The test node VMs will automagically pick up new kernels as part of daily rebuilds
19:24:26 <clarkb> Rackspace as a Xen user is for the most part not affected by meltdown
19:24:40 <clarkb> so I think concern about side channel attacks attacking our control plane is relatively minor
19:24:47 <dmsimard> We don't upload any secrets from the executor to the test nodes, do we ?
19:24:59 <fungi> their hypervisor layer not particularly impacted still doesn't change that we need to upgrade our guest layer kernels though
19:25:05 <dmsimard> (since we don't control the state of each nodepool provider)
19:25:06 <pabelanger> dmsimard: yes, AFS credentials
19:25:18 <clarkb> fungi: correct
19:25:39 <ianw> clarkb: i'm assuming etherpad/ethercalc are pretty much where we left them before break?
19:25:41 <clarkb> also everyone should use firefox and make sure it is up to date as it has meltdown mitigation built in. Chrom* will get updatedon the 23rd
19:25:45 <clarkb> ianw: ya
19:26:00 <ianw> ok, should get back to that, as part of this too
19:26:02 <corvus> pabelanger: what job uploads afs creds to nodepool nodes?
19:26:02 <dmsimard> pabelanger: we mount the AFS on the test nodes ?
19:26:21 <dmsimard> actually, creds should only be required for writing I would guess ? since read only is unauthenticated
19:26:33 <pabelanger> corvus: dmsimard our wheel builders
19:26:39 <pabelanger> let me get jobs
19:27:03 <dmsimard> pabelanger: the contents aren't recovered by the executor like logs or other artifacts would be ?
19:27:15 * dmsimard is totally unfamiliar with the wheel build process
19:27:37 <fungi> the bigger concern is whether we put decrypted secrets on systems where we run untrusted code. to the extent that our (config-core) reviews are thorough, that shouldn't be the case
19:28:24 <clarkb> as soon as Ubuntu does publish kernels (which is supposed to be today), it would be much appreciated if we could have a semi organized patching "sprint"
19:28:26 <corvus> that's not running proposed code though, that's a job we control centrally.  however, it may be running code in python packages that build wheels.  but that's not a new attact vector.
19:28:35 <dmsimard> yeah, I thought secrets were meant to stay on the executor -- but that tells me there's nothing preventing a project from sending the secret(s) to the test nodes
19:28:36 <pabelanger> publish-wheel-mirror-centos-7 for example will use secrets on nodepool node
19:28:37 <clarkb> maybe we can all hop in the incident channel and start working through it and partition out servers
19:28:52 <corvus> dmsimard: secrets are meant to be used however needed
19:28:54 <clarkb> corvus: +1
19:29:01 <clarkb> er +1 to not new attack vector
19:29:23 <fungi> agreed, ping infra-root in #-incident as soon as someone notices ubuntu trusty and/or xenial kernel updates addressing meltdown
19:29:39 <fungi> i'm happy to pitch in on upgrading/rebooting if i'm at a computer
19:30:00 <clarkb> I will likely end up making that my priority once we have packages
19:30:00 <corvus> as with anything, each piece of privileged information needs to be thought about and risk evaluated.  there's no hard rule we can make about secrets.
19:30:06 <dmsimard> corvus: what I am saying is that if secrets are used in test nodes, then they are vulnerable if the test node is running in an unpatched nodepool cloud provider
19:30:30 <corvus> dmsimard: i agree.
19:30:45 <clarkb> yup, but those creds have alway sbeen vulnerable to attacks through the package builds
19:30:51 <fungi> dmsimard: to the extent that the jobs/code running there aren't approved by the same people who know the secret
19:31:07 <clarkb> fungi: no, just running the job opens it to attack
19:31:19 <clarkb> or maybe thats what you mean by approved
19:31:21 <fungi> attack from...
19:31:26 <dmsimard> fungi: meltdown
19:31:33 <dmsimard> in $vulnerablecloud
19:31:37 <clarkb> via other cloud users
19:31:38 <fungi> using secrets in jobs which run proposed patches is already a huge no-no
19:31:57 <clarkb> fungi: the attack vector is ovh customers
19:31:58 <dmsimard> regardless if it's proposed, post, or release
19:31:58 <fungi> ohm, in providers who haven't secured their hypervisor hosts? yes indeed
19:32:02 <clarkb> compeltely unrelated to us
19:32:12 <dmsimard> right
19:32:28 <clarkb> so this increases the risk of exposure of the credentials but I don't think it does so greatly
19:32:32 <corvus> so that job is now vulnerable to evil package maintainers, and other customers on unpatched nodepool cloud providers
19:32:49 <corvus> (whereas it used to only be the first -- a risk we deemed acceptable)
19:33:13 <dmsimard> It's probably not that big of a risk, but it's worth keeping in mind and generally try to keep secrets off of test nodes where possible
19:33:19 <clarkb> dmsimard: yup
19:33:32 <fungi> agreed
19:33:44 <corvus> dmsimard: i'm not going to agree with we should try to keep secrets off test nodes where possible
19:34:03 <corvus> i'm only going to go as far as we need to keep that risk in mind when we evaluate where we use secrets
19:34:15 <fungi> yep, if a job using a secret doesn't need to run arbitrary code and can leverage the bwrap environment on the executor, that's best
19:34:19 <clarkb> corvus: I think it is part of the risk assessment, and then we decide if we can accept possible insecure_cpu/cloud bugs
19:34:29 <clarkb> corvus: ++
19:34:35 <dmsimard> Given the choice of using the secret on the executor or on the test node, I'd keep it on the executor if it doesn't mean jumping through 10 hoops
19:34:43 <pabelanger> what about jobs that are using docker credentials, should we post something to warn about exposure? Or hope they understand it
19:34:48 <fungi> but secrets on executors are only actually safe if the other rackspace guests on the same hosts aren't 64-bit pv flavor
19:34:56 <corvus> (and to be really specific, i would like to eventually put a secrets on the test node so that we don't have to route logs through the executor)
19:35:03 <fungi> so, it's still up to the provider to provide proper security
19:35:19 <dmsimard> corvus: an approach we have for RDO is that we have the logserver pull the logs instead of having the test nodes push the logs
19:35:22 <corvus> so i'm not going to climb on board any rule that precludes that.  i'm happy to have a discussion about the risks when we do.
19:35:34 <dmsimard> i.e, the log server has a ssh key that grants access to the test nodes
19:35:53 <pabelanger> We talked about that before, but didn't implement it for some reason
19:36:05 <corvus> let's not turn this into a discussion about that.  i don't have a proposal.
19:36:13 <clarkb> pabelanger: it may be worth a note, maybe when the dust settles and we can speak with a bit more concrete info (eg find out when $clouds say they are patched, after we are patched and so on)
19:36:15 <corvus> i merely cite it as an example of why i disagree with the blanket statement.
19:36:27 <fungi> yeah, this is not the venue for redesigning test log publishing
19:36:29 <dmsimard> sure
19:36:33 <clarkb> pabelanger: right now I don't think we have enough concrete info other than "please don't panic but be aware of this"
19:36:43 <pabelanger> clarkb: agree
19:37:04 <clarkb> other than the general situation update adn call for help once we have packages I'
19:37:10 <clarkb> m not sure there is much more to talk about here
19:37:47 <clarkb> #topic Project Renames
19:37:53 <dmsimard> clarkb: you missed a topic
19:38:10 <fungi> or he's reordering them
19:38:10 <clarkb> dmsimard: refresh confirms
19:38:16 <clarkb> no I had missed it
19:38:17 <clarkb> #undo
19:38:18 <openstack> Removing item from minutes: #topic Project Renames
19:38:19 <clarkb> was added late
19:38:30 <dmsimard> added it shortly before meeting, sorry :)
19:38:30 <clarkb> sshnaidm: are you around?
19:38:43 <sshnaidm> clarkb, yep
19:39:04 <clarkb> "Allow jobs to send data to graphite.openstack.org"
19:39:19 <sshnaidm> the question I wanted to ask - is it possible to do in general?
19:39:25 <sshnaidm> I know now it's firewalled
19:39:27 <corvus> i'd like to make sure everyone is aware of and has read this spec:
19:39:32 <corvus> #link qa counter spec https://specs.openstack.org/openstack/qa-specs/specs/devstack/counter-inspection.html
19:40:08 <clarkb> sshnaidm: the spec corvus linked has a specific way to accomplish this despite the firewall
19:40:12 <dmsimard> a target of mitaka-2, nice
19:40:22 <clarkb> I think that approach is still valid
19:40:57 <corvus> it is partially implemented, and probably needs a little bit of updating because it predates zuulv3 and the changes we made to subunit processing, but the approach is still largely viable and is important prior work
19:40:57 <sshnaidm> clarkb, yeah, I ready it briefly
19:41:11 <dmsimard> from skimming the spec, it's the same approach as openstack-health and logstash-workers ?
19:41:14 <sshnaidm> clarkb, it seems close, but not really what is done in jobs
19:41:26 <clarkb> the appraoch should also be generally applicable to all jobs
19:41:41 <clarkb> sshnaidm: meaning it doesn't meet your usecase?
19:42:21 <sshnaidm> clarkb, maybe I miss something in docs, but what I need actually it's to send some my custom statistics to some statistics server (graphite/influx/whatever)
19:42:34 <clarkb> sshnaidm: yes that is what that spec is for
19:42:36 <sshnaidm> clarkb, during the job run
19:42:47 <fungi> i haven't looked closely at the spec, but is there no sane way to ship the stats back to the executor and let it emit them?
19:42:51 <dmsimard> sshnaidm: why would it be a problem if you send the data after the job is complete ?
19:42:53 <clarkb> sshnaidm: jobs will collect the data then as part of the log publishing and processing we write the info to graphite
19:43:01 <sshnaidm> clarkb, ok, just maybe confused by subunit, mysql and other stuff there..
19:43:19 <clarkb> sshnaidm: it is just pointing out that subunit2sql and logstash already use a similar data flow
19:43:21 <sshnaidm> dmsimard, post playbook is ok, of course
19:43:31 <clarkb> sshnaidm: and SpamapS was explicitly interested in mysql stats
19:43:39 <fungi> ahh, so basically what i was asking. i should definitely look over the spec
19:43:51 <sshnaidm> clarkb, ok, so we need just to wait afaiu
19:43:54 <clarkb> Probably the best approach here is to work to implement that spec and update it where it needs to be updated
19:43:57 <dmsimard> sshnaidm: yeah, the approach in how we currently ask logstash and openstack-health to index data involves a post playbook
19:44:10 <clarkb> sshnaidm: I don't think anyone is actively working it.
19:44:14 <corvus> sshnaidm: oh, no.  SpamapS is not working on that spec.  if you want this to happen, someone will need to work on it.
19:44:15 <fungi> waiting isn't likely to get you much unless there is someone else actively implementing
19:44:30 <ianw> sshnaidm: you might be interested in something like https://review.openstack.org/#/c/434625/ ; that is an example of adding coverage output to the subunit stream
19:44:39 <sshnaidm> corvus, clarkb ok.. it it tracked anywhere?
19:44:45 <SpamapS> hmmm?
19:44:55 <corvus> sshnaidm: i'd recommend talking to SpamapS to find out what's completed and what maybe should be changed.
19:44:55 <clarkb> sshnaidm: you'd have to ask the qa team probably, or SpamapS
19:45:03 <SpamapS> Indeed, I don't, unfortunately, have bandwidth to finish the perf stats spec. :-/
19:45:16 <SpamapS> Happy to advise anyone who wants to pick it up.
19:45:33 <sshnaidm> ok, thanks, will try to poke there
19:45:34 <clarkb> sshnaidm: ^ does that work as a starting point?
19:45:38 <dmsimard> I'm sure a lot of projects could benefit from that spec -- I've seen kolla implement a self-contained collectd recently
19:45:56 <dmsimard> (for the purpose of tracking gate job resource usage and performance data)
19:46:01 <SpamapS> Yeah!
19:46:06 <SpamapS> I wanted to do that too. :)
19:46:18 <dmsimard> sshnaidm: I can help point you in the right direction
19:46:31 <clarkb> cool sounds like we have a rough starting point/plan
19:46:34 <sshnaidm> dmsimard, great
19:46:38 <corvus> dmsimard: wait -- they implemented it just for kolla?
19:46:49 <clarkb> corvus: I think its more that kolla deployed clouds need that tooling anyways
19:47:00 <clarkb> corvus: so they implemented it for their users (and may also take advantage of it in jobs)
19:47:07 <dmsimard> corvus: it's a collectd implementation that generates a html page at the end and the html page is stored in the logs
19:47:09 <sshnaidm> dmsimard, well, in tripleo we also run dstat that collect data.. just not sending it anywhere
19:47:25 <corvus> dmsimard: oh that makes sense... i thought you were saying they stood up a private collectd
19:47:26 <ianw> sshnaidm: https://review.openstack.org/#/c/436768/5/specs/coverage-tracking.rst also has a bunch of info on subunit streams and how they plug in
19:47:39 <ianw> to openstack-health, etc
19:47:46 <corvus> dmsimard: i agree, that's a great first step that can feed into what sshnaidm wants to accomplish and make things better for everyone
19:47:56 <sshnaidm> ianw, thanks, will look
19:48:08 <clarkb> #topic Project Renames
19:48:11 <sshnaidm> another question I have is - how can I inject credentials to some 3d-party server in jobs? for example to authenticate with some http api in 3party to send data there
19:48:15 <sshnaidm> oops
19:48:32 <clarkb> I don't want to derail the previous discussion but we are running out of time and would like to talk about project renames before the meeting ends
19:48:37 <corvus> sshnaidm: why not send the data to a first party server?
19:48:53 <sshnaidm> ok, let's talk later about it
19:48:53 <dmsimard> sshnaidm: it's a question for #openstack-infra, we can help there
19:49:11 <sshnaidm> great, thanks
19:49:18 <fungi> short answer...
19:49:20 <fungi> #link https://docs.openstack.org/infra/zuul/feature/zuulv3/user/encryption.html#encryption Zuul v3 secrets
19:49:21 <clarkb> fungi: mordred ianw I know everyone has been afk and snowed in or under a heat wave, but curious if any progress has been made on sorting out a project rename plan
19:49:57 <fungi> clarkb: AJaeger has been asking that we discuss the plan for pypi registration for new projects. is that still in need of discussion?
19:50:32 <clarkb> fungi: I thought there was rough consensus on the plan there to register empty projects? I may have missed some subtle details that need ironing out
19:50:42 <fungi> i'm not aware of any progress on redesigning the renames process yet, unfortunately
19:50:47 <mordred> clarkb: the project name not needed patch landed to zuul, so that part is good, but we've still got required-projects entries to consider
19:51:00 <clarkb> mordred: oh cool
19:51:12 <corvus> oh, and i guess we've restarted zuul since then
19:51:21 <corvus> i'll start pushing up patches to remove project names
19:51:29 <clarkb> sounds like good progress for everyone being on holiday
19:51:37 <fungi> mordred: clarkb: also we had talked about switching to implicit required jobs where desired, and dropping teh system-required project-template?
19:51:45 <corvus> #action corvus patchbomb project name removals from zuul.yaml
19:51:50 <mordred> clarkb, fungi: on pypi - I've got patches up to verify that a project either doesn't exist in pypi or exists but has openstackci properly as the owner ...
19:52:11 <fungi> mordred: cool, saw those, still need to find a moment to review, but seems like a solution is in progress anyway
19:52:19 <clarkb> for require-projects maybe we can have project aliases
19:52:30 <clarkb> where we map old to new and zuul will attempt to use both
19:52:37 <clarkb> then after a rename is compelte we can remove the aliases
19:52:40 <corvus> or we could remove the jobs, rename, then readd.
19:54:02 <corvus> though really, required-projects failures should probably soft-fail -- they should not fail at startup, but should still error on proposed reconfigurations.
19:54:02 <mordred> clarkb, fungi: https://review.openstack.org/#/q/topic:check-pypi ... it does not contain anything to actually auto-register yet (figure let's get verification working solidly first)
19:54:31 <corvus> since we should protect zuul from external renames happening, but still prevent folks from botching a config change
19:54:44 <clarkb> ya external renames would be annoying
19:54:44 <mordred> ++
19:54:50 <fungi> sounds right
19:54:53 <clarkb> especuially if you couldn't start zuul as a result
19:54:54 <corvus> i think that would cover this case?  the job would just be 'broken' till someone updated its' required projects...
19:55:10 <clarkb> corvus: ya I think it would. Job would be broken but zuul would work for everyone else
19:55:24 <fungi> last thing we want is for zuul to stop being able to start due to a change in external data
19:55:25 <clarkb> and renames already tend to put projects in a half working state anyways
19:55:28 <corvus> of course, if it's an important job, fallout could be large, but hey.
19:56:01 <clarkb> #topic open discussion
19:56:04 <Zara> o/
19:56:16 <clarkb> we have a few minutes for whatever else we missed :)
19:56:16 <fungi> a wild Zara appears
19:56:18 <Zara> I'm late but congrats diablo_rojo!
19:56:28 <Zara> I arrived *right* after the storyboard topic and have been lurking haha
19:56:36 <corvus> diablo_rojo: ++ :)
19:56:39 <Zara> I'm very happy about the nomination :)
19:56:46 <diablo_rojo> Thanks :)
19:56:52 <diablo_rojo> Happy to share the load ;)
19:56:58 <clarkb> woot
19:57:01 <fungi> hopefully there are more new sb contributors on their way too
19:57:11 <Zara> :D
19:57:15 <fungi> seems like it's gaining visibility
19:57:36 <fungi> and mordred's been hacking on it some again
19:58:02 <Zara> yep!
19:58:14 * diablo_rojo writes a dozen 'You are eligible for migration' emails
19:58:14 <clarkb> oh! PTG is coming up
19:58:44 <fungi> krotscheck has even been resurfacing on occasion
19:58:53 <pabelanger> There are a few patches up to add puppetlabs to AFS mirrors, if anybody else wants some hands on XP on AFS changes: https://review.openstack.org/#/q/topic:puppetlabs/mirrors
19:58:58 <clarkb> I'll probably start soliciting rough planning thoughts for PTG once we get past meltdown
19:59:05 <pabelanger> happy to walk people thought it or will likely do it in a day or so
19:59:26 <clarkb> pabelanger: you might want to check with frickler directly as the timezones don't make it easy to see pings
19:59:32 <clarkb> I expect frickler will be interested
19:59:42 <pabelanger> wfm
20:00:06 <clarkb> ok we are out of time. Thank you everyone
20:00:08 <clarkb> #endmeeting