#openstack-meeting log

19:01:42 <clarkb> #startmeeting infra
19:01:43 <openstack> Meeting started Tue Oct 22 19:01:42 2019 UTC and is due to finish in 60 minutes.  The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:01:44 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:01:46 <openstack> The meeting name has been set to 'infra'
19:01:48 <clarkb> Anyone else here for the meeting?
19:01:51 <corvus> o/
19:01:51 <clarkb> #link http://lists.openstack.org/pipermail/openstack-infra/2019-October/006501.html Our Agenda
19:01:53 <fungi> sure
19:01:57 <fungi> why not?
19:02:17 <clarkb> well it is lunch time :)
19:02:26 <ianw> o/
19:02:29 <clarkb> #topic Announcements
19:02:40 <clarkb> The openstack release is behind is and as far I know it went well
19:03:00 <clarkb> Also the summit and ptg are fast approaching. I expect this means we will not have a meeting on November 5
19:05:08 <mordred> o/
19:05:23 <clarkb> That was really all I had to announcements. I did get a visa finally so plan to be there
19:06:12 <corvus> clarkb: \o/
19:06:43 <mordred> yay!
19:06:57 <clarkb> #topic Actions from last meeting
19:07:05 <clarkb> #link http://eavesdrop.openstack.org/meetings/infra/2019/infra.2019-10-15-19.01.txt minutes from last meeting
19:07:17 <clarkb> There are none. Let's keep moving
19:07:20 <clarkb> #topic Specs approval
19:07:27 <clarkb> #link https://review.opendev.org/#/c/683852/ Replace static.o.o spec
19:07:45 <clarkb> I think this one is very very close. corvus pointed out a detail we'll want to get correct with dns which is owrth a new patchset
19:08:11 <clarkb> assuming we can make that update soon how do people feel about putting this up for approval this week?
19:08:35 <mordred> ++
19:09:23 <fungi> i'm cool with that
19:10:14 <clarkb> I'd like to get that in so that we can have converstaions with the openstack project in particular at the ptg to help push it along
19:10:19 <ianw> (just pushed that update :)
19:10:20 <clarkb> ianw: ^ any concerns with that?
19:10:43 <fungi> indeed, i'm waiting on my gertty to refresh so i can vote again
19:11:21 <clarkb> great lets put that up for approval this week then and I'll push it through at the end of the week assuming there are no new concerns that pop up
19:11:26 <clarkb> Thank you for putting that together ianw
19:11:32 <ianw> no, i think that's ok.  i'll do some preliminary work to get some related reviews into wip state, particularly i think we can test the openstack.org cert generation path (make sure i haven't somehow baked in .opendev.org)
19:12:22 <fungi> that sounds awesome. thanks again!
19:13:38 <clarkb> #topic Priority Efforts
19:13:44 <clarkb> #topic OpenDev
19:13:51 <clarkb> #link https://etherpad.openstack.org/p/rCF58JvzbF Governance email kick off draft
19:14:32 <clarkb> There has been some input there over the last week. Do we want to try and answer these questions in the draft and then send it to the openstack tc et al or would you prefer we start with the draft and questions as is on the -infra list and hash out details there to produce the email for broader consumption
19:14:58 <corvus> i confess i have been bad and not reviewed that
19:15:18 <fungi> i don't recall if i've actually reviewed it yet
19:15:24 <fungi> oh, looks like maybe i did
19:15:39 <fungi> i confess i've been so distracted i can't remember what i have and haven't done
19:16:06 <clarkb> maybe we can start with people reviewing it as is and then we can decide how we'd like to proceed after that review?
19:16:13 <corvus> i would like to, but feel bad asking for more time just because i forgot.  but if more time is in the cards, i'd be happy :)
19:16:48 <clarkb> I think for this particular item taking our time to get some of the details right is worthwhile
19:17:05 <fungi> i concur
19:17:05 <clarkb> I'd rather we consider the questions early than rush in
19:17:07 <fungi> no need to rush it
19:19:57 <clarkb> sounds like that may be it on this topic. Please take a look as you hav etime
19:20:05 <clarkb> any other opendev business before we move on to config management?
19:20:30 <fungi> none i'm aware of that isn't also tied to other agenda items coming up
19:20:55 <clarkb> #topic Config Management Updates
19:21:11 <clarkb> I think we've learned some things about our python docker images
19:21:17 <mordred> yeah we have
19:21:26 <clarkb> specifically that our builder and base images need to be kept in sync to avoid differences in python versions
19:21:37 <clarkb> Also that upstream updates the python version in them when new pythons come out
19:21:39 <mordred> and/or c libraries
19:21:43 <clarkb> so we have pinned them to 3.7
19:22:08 <mordred> yeah - because the rehash library and 2.8 do not work so good
19:22:10 <mordred> 3.8
19:22:29 <fungi> and apparently other ci systems make it hard to consume new software
19:22:37 <clarkb> Calling this out as it is a failure mode I think we should be aware of though we've addressed the current occurence of it
19:24:28 <clarkb> mordred: anything new to add with the gerrit images?
19:25:08 <mordred> I've gotten to the point where it's time to start trying the ansible - the ansible change is green
19:25:14 <mordred> so I'll be doing that today
19:25:32 <clarkb> this is on review-dev?
19:25:34 <mordred> yeah
19:25:37 <clarkb> exciting
19:25:51 <mordred> also - I put up a change for using podman instead of docker so we can discuss it
19:26:01 <mordred> and review-dev is actually currently running from podman
19:26:18 <corvus> that's groovy
19:26:43 <corvus> i was thinking maybe we should make a mirror of the projectatomic ppa
19:26:43 <mordred> podman-compose isn't as full featured as docker-compose - BUT - it is stricter and returns errors on mistakes more
19:26:53 <mordred> corvus: yeah. not a bad idea
19:26:54 <corvus> mordred: anything we're using it lacks?
19:27:05 <fungi> not ignoring as many errors seems like an improvement
19:27:09 <mordred> corvus: not that I can tell from the yaml file
19:27:13 <corvus> (cool -- we try to keep our compose files simple)
19:27:17 <mordred> but the CLI doesn't do as much
19:27:26 <mordred> so, like, - there's no podman-compose log
19:27:45 <mordred> or really anything other than up / down / stop / start / restart
19:27:47 <corvus> tristanC noticed a potential issue with noninteractive apt-get commands in the zuul-quick-start change
19:27:50 <fungi> does it provide similar info on stdout/stderr or something?
19:27:51 <clarkb> mordred: fwiw I tend to use the docker commands and not docker-compose commands for that stuff anyway
19:27:59 <clarkb> figure I can s/docker/podman/ and be happy
19:28:04 <mordred> clarkb: awesome. then it shouldnt' be an issue :)
19:28:24 <fungi> ahh, `podman-compose log` not being a cli command, got it
19:28:36 <fungi> so need to use other tools to inspect the container logs
19:28:40 <corvus> fungi: i think docker-compose logs does the thing where it interleaves logs from all containers -- useful in limited local development but probably not in prod
19:29:43 <mordred> yeah. in prod that's probably way too much info
19:30:06 <fungi> i mistakenly thought he meant it doesn't log its output
19:30:15 <mordred> ah - no, that it does
19:30:22 <fungi> okay, cool ;)
19:31:13 <mordred> that's about all I've got there
19:31:40 <clarkb> ok lets move on then
19:31:43 <clarkb> #topic Storyboard
19:31:52 <clarkb> fungi: diablo_rojo anything to share?
19:32:04 <clarkb> there was some interesting commentary duringthe airship meeting this morning
19:32:21 <diablo_rojo> Yeah..
19:32:35 <diablo_rojo> not sure when that conversation happened or who said it..
19:32:43 <fungi> i identified a couple of problems with the storyboard-webclient draft builds which have come about as a result of opendev's build log/artifact move to object storage
19:32:49 <clarkb> (for those of you that didn't dial in there was some hand waving around jira + storyboard integration)
19:33:02 <diablo_rojo> I dont think we have plans to write a script to sync storyboard to jira and vice versa
19:33:11 <diablo_rojo> Yeah..
19:33:42 <fungi> in short, the allowed_origins and valid_oauth_clients config options for the api server expect a list of all possible hostnames for webclients which we can no longer easily maintain for the drafts hosted in object storage
19:33:58 <diablo_rojo> efried, also raised an issue with assigning tasks atm in the webclient this morning which I think SotK is currently working on.
19:34:47 <fungi> i'm working on a change to make allowed_origins and valid_oauth_clients accept a wildcard, or a glob, or a regex... meant to have it done thursday or friday but time is an illusion
19:35:06 <corvus> fungi: hrm, that's a tricky one -- we don't have anything like that with the similar zuul job, so i didn't see that
19:35:06 <clarkb> fungi: we probably could produce a list fwiw since its rax + fn + ovh currently
19:35:24 <fungi> are the rax cdn hostnames deterministic?
19:35:28 <clarkb> oh except on rax the hostname is ya
19:35:32 <fungi> looks like they include a uuid
19:35:36 <clarkb> fungi: they are deterministic but there are 4096 of them
19:35:49 <fungi> that would be a very large config
19:35:50 <clarkb> fungi: its an hmac hash of the container and other stuff
19:36:05 <clarkb> ya I forgot about that cdn detail there
19:36:09 <corvus> maybe it's worth digging into why this is necessary...
19:36:36 <clarkb> I believe it is a security measure to avoid xss?
19:36:47 <corvus> do we actually want to restrict clients like this, or is there some technical reason...?
19:36:59 <fungi> it's mostly safeguards against xss and to feed into the csrf middleware, yes
19:37:04 <corvus> i bet there are other ways of doing that
19:37:11 <fungi> i agree, there probably are
19:37:46 <fungi> right now, ripping those options out is at least as much (of not more) work as allowing them to have a syntax which can match any value, effectively disabling them
19:39:27 <fungi> and more backward-compatible for folks who might be relying on it blocking csrf/openid for untrusted frontends
19:40:01 <fungi> i expect it's only a few lines of code, having mostly identified the code paths which rely on those settings. but haveb't tested yet
19:40:16 <clarkb> and I guess if we do that only with the dev server we reduce the possibility it will get exploited
19:40:43 <fungi> yeah, the idea is we'd set this in the dev server's config since that's what the draft builds point at
19:40:57 <clarkb> that seems reasonable
19:41:54 <fungi> thinking through the way the matching is done, adding glob or regex support is also basically as easy. i just need to decide on one and find a few minutes to code it up and test
19:42:34 <corvus> that might be nice in case we want to do the same to prod in the future
19:42:41 <fungi> yep
19:43:01 <fungi> we could do something like *.opendev.org or regex equivalent
19:44:30 <clarkb> alright anything else? diablo_rojo sounds like sotk is handling that one issue and for the jira thing we may just need to hunt down airship and ask them for more dteails on what they meant?
19:44:59 <fungi> that would be swell, if one of the airship opendev liaisons can elaborate
19:45:37 <fungi> if they want a mechanism for importing stories from an abandoned jira project or whatever, it's probably in scope
19:45:52 <fungi> similar to projects migrating in from launchpad
19:46:26 <fungi> (granted launchpad is ostensibly open-source, confluence/jira is not afaik so that could be tough)
19:47:04 <diablo_rojo> Yeah I guess we will need to talk to mattmceuen
19:47:16 <clarkb> k. lets move on I want to talk PTG since that is coming up real soon now
19:47:26 <fungi> sounds good, thanks!
19:47:31 <clarkb> #topic General Topics
19:47:52 <clarkb> #link https://etherpad.openstack.org/p/OpenDev-Shanghai-PTG-2019 Planning Document
19:47:59 <clarkb> #link https://www.openstack.org/ptg/#tab_schedule PTG Schedule
19:48:06 <clarkb> I've been adding ideas there as I think of them
19:48:15 <clarkb> in particular I'm really interested in maximizing our time with the gitea team
19:48:28 <clarkb> one thing that may be good to discuss iwth them is this performance on large repos bug
19:48:33 <clarkb> (which has been very active this morning)
19:48:50 <clarkb> I get the sense that much of the code is done and its juts a matter of testing and cleanup
19:49:08 <clarkb> are there other gitea issues/items we'd like to bring up with them?
19:49:29 <clarkb> I don't think we'll all be in shanghai so please add ideas for gitea discussion to the etherpad and I'll do my best to bring them up
19:50:40 <corvus> i'm not sure i got a confirmation from the gitea folks about attending -- can you see if they used the registration codes?
19:50:45 <fungi> oh, care to #link for posterity?
19:51:03 <fungi> (the performance on large repos issue url i mean)
19:51:34 <clarkb> #link https://github.com/go-gitea/gitea/issues/491 Gitea slow performance on large repos bug
19:51:41 <clarkb> corvus: I can ask
19:51:51 <fungi> clarkb: thanks. looks like it's in the etherpad too
19:51:53 <corvus> clarkb: cool, if not, maybe someone else should try sending a mail :)
19:52:14 <clarkb> for Opendev proper we have a day and a half of time blocked off from thurdsay afternoon through friday
19:52:17 <corvus> and ill just go ahead and send another ping
19:52:35 <clarkb> corvus: ok
19:53:25 <clarkb> I think we expect the PTG to be different this time around so I don't really want to commit to getting too many specific things done
19:53:33 <corvus> clarkb: ++
19:53:35 <clarkb> and instead do our best to be flexible based on what we end up with there
19:53:45 <mordred> ++
19:53:49 <clarkb> But I'm still happy for ya'll to add topics to the therpad and we'llcover them as best we can
19:54:28 <clarkb> Things to keep in mind. Food and drink is apparently only a thing in hallways and not in the rooms
19:54:35 <clarkb> and much of the PTG is happening in a large shared room
19:54:41 <fungi> i just read today's resurgence in discussion on the gitea performance issue, and looks very promising
19:55:53 <fungi> we can have "standing meetings" in the ptg hallway for those of us who need to mainline amphetamine salts via hot brown liquid
19:56:30 <clarkb> Long story short I want to be flexible as I don't quite know what to expect yet
19:56:47 <clarkb> also I don't hav eto give any formal presentations so will likely travel light when it comes to technology
19:56:58 <clarkb> and with that we have ~4 minute sleft
19:57:02 <clarkb> #topic Open Discussion
19:57:05 <clarkb> now 3 apparently
19:57:21 <fungi> supposedly there are very high ceilings, so conversations at different tables ought to not interfere acoustically, but i'm skeptical
19:57:50 <corvus> clarkb: you'll have room in your luggage to bring a cone of silence
19:58:06 <fungi> and a shoe phone?
19:58:17 * fungi missed it by that much
19:59:24 <mordred> fungi: I am also skeptical - but will try to be optimistic
19:59:28 <clarkb> if anyone else is as excited to ride the maglev as I am I land saturday evening and fully intend to figure out that transit option
19:59:42 <fungi> same here, assuming i'm cleared to enter china
19:59:51 <fungi> (still waiting to hear
19:59:53 <fungi> )
20:00:13 <clarkb> and we are at time
20:00:15 <clarkb> #endmeeting