22:02:08 <jeblair> #startmeeting zuul
22:02:09 <openstack> Meeting started Mon Mar 20 22:02:08 2017 UTC and is due to finish in 60 minutes.  The chair is jeblair. Information about MeetBot at http://wiki.debian.org/MeetBot.
22:02:10 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
22:02:10 <jhesketh> Morning
22:02:12 <openstack> The meeting name has been set to 'zuul'
22:02:22 <jeblair> #link agenda https://wiki.openstack.org/wiki/Meetings/Zuul
22:02:29 <jeblair> #link previous meeting http://eavesdrop.openstack.org/meetings/zuul/2017/zuul.2017-03-13-22.02.html
22:02:40 <jeblair> #topic Actions from last meeting
22:02:42 <SpamapS> o/
22:03:05 <jeblair> clarkb review https://review.openstack.org/#/c/435933/
22:03:09 <jeblair> clark did review that
22:03:13 <clarkb> I did
22:03:18 <pabelanger> o/
22:03:45 <jamielennox> o/
22:03:49 <jeblair> jhesketh review https://review.openstack.org/438281
22:03:56 <jeblair> jhesketh: did review and approve that :)
22:04:08 <jhesketh> Ack
22:04:18 <jeblair> that's it for that
22:04:29 <jeblair> #topic Status updates: Nodepool
22:05:05 <Shrews> no updates. just in the bug fixing phase at this point. many found and fixed last week.
22:05:21 <jeblair> groovy
22:05:27 <pabelanger> I have a few patches up related to SSH
22:05:37 * mordred is going to try to get the shim done this week - now that travelling is done
22:05:48 <pabelanger> and some removal of legacy code
22:05:55 * mordred enjoyed that removal
22:06:13 <Shrews> jeblair and myself both worked on a fix for https://review.openstack.org/447630, so if other reviewers could take a peek, that would be the bees knees
22:06:31 <jeblair> mordred: cool -- we're still running some jobs on the shim branch which i think we expect to fail; what's the plan there?
22:06:40 <jeblair> mordred: keep running and @skip or turn more of them off in zuul?
22:06:47 * rbergeron also can actually ping the shrews about documentation things now that she is not on a plane or dealing with summit drama of the rh variety
22:07:05 <jeblair> mordred: or "develop plan to deal with failing jobs when plane lands"?  :)
22:07:27 <Shrews> rbergeron: i whiteboarded some things about that. let's talk this week.
22:08:09 <jeblair> i'm going to try to implement the config-language rework think week that i proposed in january
22:08:17 <mordred> jeblair: I actually put up a job to delete them
22:08:19 <mordred> gah
22:08:21 <mordred> config change
22:08:27 <mordred> link coming
22:09:31 <rbergeron> shrews: awesome. like an actual whiteboard?
22:10:04 <mordred> jeblair: actually - the project-config change landed, so we should be avoiding jobs on shim branch that don't matter
22:10:12 <Shrews> rbergeron: indeed. i'm a very visual person  :)
22:10:13 <rbergeron> #info no major nodepool updates; bug fixing is the thing, many found and fixed this past week
22:10:22 <jeblair> mordred: well, 3 of them are still running and failing
22:10:38 <rbergeron> #info plz review https://review.openstack.org/447630
22:11:39 <mordred> jeblair: I'll get that sorted first then :)
22:11:43 <jeblair> mordred: so i guess main thing is -- are your two changes ready to review, since it seems like the plan is to disable the jobs out of band?
22:12:37 <mordred> jeblair: let me follow up on that question post meeting- internet is too slow for me to quickly answer that
22:12:48 <mordred> it's _possible_ one of the failures is legit
22:12:57 <jeblair> mordred: no prob.  :)
22:13:16 <SpamapS> mordred: are you metal tubing or just somewhere in the hinterlands?
22:13:28 <mordred> SpamapS: TOOBZ
22:13:33 <jeblair> mordred: i think the takeaway is -- you let us know when we should review those changes.  :)
22:13:39 <mordred> jeblair: yes!
22:13:47 * mordred will be suitably annoying when the time is right
22:13:51 <jeblair> ++
22:14:32 <rbergeron> #action mordred to let ppl know when to review changes he's working on that the details are long to share while metal tubing
22:14:42 <rbergeron> ....awkward sentence is awkward
22:15:01 <jeblair> Shrews, rbergeron: please keep me in the loop on docs stuff.  it is of particular importance to me.  :)
22:15:21 <Shrews> aye
22:15:37 <rbergeron> jeblair: aye, release early and often and ask frequently because my imposter syndrome, that's my motto
22:15:44 <rbergeron> :D
22:16:19 <jeblair> cool, any other nodepoolish things?
22:16:19 <rbergeron> (until i get more cozy, but until then :D)
22:16:57 <jeblair> #topic Status updates:  Devstack-gate roles refactoring
22:17:42 <jeblair> i think rcarillocruz has been drawn away from us for a little while, so maybe we should put this on the back burner until he's able to return
22:18:21 <jeblair> or until we get close enough to wanting to run a devstack job that someone else wants to take over driving it
22:18:23 * mordred shakes fist at people stealing the rcarillocruz
22:18:25 <SpamapS> jeblair: if it doesn't get done but everything else in the /41 board does.. what's the consequence?
22:18:27 <fungi> a definitely nice-to-have but not a blocker for v3 production, right?
22:18:36 <jeblair> fungi: right
22:19:00 <mordred> ++
22:19:03 <fungi> i mean, we'll have lots of shell scripts that could stand to become ansible roles after v3 is running anyway
22:19:08 <mordred> tuns out, ansible can run shell scripts
22:19:12 <jeblair> SpamapS: it's mostly so that we have a really meaty example of a sophisticated ansible-focused job out of the gate
22:19:22 <fungi> d-g was just a great opportunity to demonstrate that
22:19:27 <mordred> ++
22:19:32 <SpamapS> jeblair: oh that's still a pretty important thing to keep forward progress on.
22:19:32 <fungi> right-o, that
22:19:43 <SpamapS> but yeah, not a prod blocker
22:19:43 <jeblair> so while we will certainly have tons of auto-generated shell-script jobs, we won't have a lot of "this is what we *really* want things to look like" to show for a while
22:19:48 <SpamapS> I wonder if we should make yet another tag
22:19:53 <clarkb> fwiw whats there is super close if we just want to push it the last bit
22:19:57 <SpamapS> zuulv3.0
22:19:59 <clarkb> I'm happy to keep reviewing it
22:20:32 <jeblair> yeah, i think quite a bit of it is done, we probably just need someone to push on it a bit
22:20:40 <fungi> i thought you were going to suggest a steal-rccarillocruz-back tag
22:20:41 <rbergeron> #info devstack-gate role refactoring on the back burner until (a) rcarrillocruz has a bit more time, (b) we get close enough to wanting a devstack job that someone else jumps up and does things :D basically: not a blocker for v3 atm.
22:20:44 <SpamapS> oh if it's close then probably best to just keep it in with everything else.
22:21:15 <pabelanger> if we get to the point of adding nodepool to zuulv3-dev.o.o, I think we'll be able to iterate faster on devstack roles.
22:21:34 <rbergeron> #info it may be super close and with some love and leaning we may be able to move it up the hill of awesome to completion
22:21:34 <jeblair> this is probably a good opportunity for someone who knows more ansible than zuul.
22:21:34 <clarkb> the network overlay stuff was the last really big thing I think
22:21:45 <clarkb> there will be other items but none as complicated as that one I don't think
22:21:51 <jeblair> (or someone who wants to know more ansible than zuul)
22:22:57 <jeblair> well, if folks have a moment to take a look, please do.  maybe someone will feel like pushing up a new patch to address clarkb's comments on 435933
22:23:29 <jeblair> #topic Status updates:  Zuul test enablement
22:23:32 <clarkb> I could easily push a new ps but then the reviewer/committer stuff gets murkey and I do think having eyeballs on this is good
22:23:48 <pabelanger> clarkb: I'll take a peak too
22:23:54 <SpamapS> I pushed up one test removal, and one re-enablement
22:23:57 <rbergeron> #info good opportunity for someone who knows more ansible than zuul; check out https://review.openstack.org/#/c/435933 -- eyeballs are good! :)
22:24:23 <jeblair> SpamapS: w00t
22:24:33 <SpamapS> I think jamielennox has been head-down focused on deploying v3 into BonnyCI, so hasn't been picking tasks up
22:24:39 <SpamapS> and eggshell is at IBM interconnect.
22:24:46 <SpamapS> Or, was helping with it
22:24:48 <SpamapS> or something
22:24:53 <jeblair> also, i found that some of the stuff i wrote in the test summary etherpad was wrong -- we haven't landed the merge-conflict stuff i thought we had
22:24:56 <SpamapS> but yeah, I hope we'll get some more submitted this week.
22:25:09 <jeblair> jesusaur has started work on actually doing that
22:25:12 <jesusaur> I took a stab at re-enabling the merge conflict test, and will iterate based on jeblair's review
22:25:30 <jeblair> so when it lands, erm, that etherpad should be more correct :)
22:25:34 <jamielennox> yea, i've mostly been submitting things things that were awkward in our deploy
22:25:53 <SpamapS> heh.. jesusaur is I believe the 5th person to run into that wall
22:25:55 <jeblair> #link https://etherpad.openstack.org/p/zuulv3skips
22:26:09 <SpamapS> hopefully by now the portal is restored and he'll make it to the Hogwarts Express.
22:26:31 <jeblair> yeah, it's not intractable, it's just unfortunate scheduling in the past
22:26:38 <SpamapS> yep
22:27:03 <SpamapS> platform9.75 would be a great steganography library name.
22:27:15 <jesusaur> ha, yep
22:27:51 * jesusaur equips a large hammer of portal-making
22:28:02 * jeblair works on "plan 9.75 from outer space" mashup
22:28:27 <mordred> oy
22:28:29 <jeblair> #topic Status updates:  Zuul sample jobs
22:29:28 <jeblair> pabelanger: i think you and i left work friday with another substantial question :)
22:29:57 <jeblair> i mean, pretty substantial for bikesheds
22:30:35 <jeblair> we each wrote some essays in:
22:30:38 <jeblair> #link https://review.openstack.org/441441
22:30:39 <rbergeron> is the bikeshed big enough to conceal a yak?
22:30:53 <jeblair> rbergeron: i don't know, do you think it should be? ;)
22:31:05 <mordred> is it really a yak we want?
22:31:57 <pabelanger> jeblair: yes, I haven't replied yet, but first pass your comments make sense
22:32:05 <jeblair> at any rate, there's another fundamental question about how we ought to arrange our roles
22:32:26 <SpamapS> that's really at the core of every Ansible user's mind who ever starts a new role set. :-P
22:32:45 <jeblair> pabelanger: you also made the suggestion of codifying some of this in a style guide, which i think is good; so maybe after we get a little further, we can start to distill some of these recommendations
22:32:46 <SpamapS> by service.. by files.. by moon phase..
22:33:05 <bkero> by color
22:33:09 <pabelanger> jeblair: agree
22:33:11 <rbergeron> SpamapS: well, and again at the core of every ansible user's mind who goes back after a year and says "my god, what was i thinking when i did it *that* way"
22:33:37 <SpamapS> bkero: { role: bikeshed, color: {{ poll_users }} }  <-- automatic timeout generator
22:34:09 <jeblair> it'd be especially good to get some feedback on that from other folks who have used ansible in anger
22:34:34 * fungi didn't know there were other ways people use ansible ;)
22:34:36 * SpamapS starred it
22:35:00 <jeblair> pabelanger: i think that's the main blocker on this now; anything else we should be thinking about?
22:35:32 <rbergeron> jeblair: maybe we could hit up some of the other ansible users in openstack... i hear there are a few?
22:35:34 <pabelanger> jeblair: no, I think the current comments are a good starting point
22:35:45 <pabelanger> I'll add some more for tomorrow
22:36:39 <rbergeron> or is it still kind of "need to be kind of deep under the hood to provide feedback" territory atm
22:37:05 <jeblair> rbergeron: i think some of the ones that have made changes to our current zuul/jjb configuration could probably follow what we're trying to do here and be helpful.
22:37:54 <jeblair> SpamapS: stand by for link
22:38:03 <jeblair> #topic Progress summary
22:38:13 <jeblair> SpamapS: and go!
22:38:16 <SpamapS> #link https://storyboard.openstack.org/#!/board/41
22:38:24 * SpamapS shudders with glee
22:38:32 <jeblair> nicely done
22:38:42 <SpamapS> I just want to point out that In Progress is _very_ full.
22:38:54 <SpamapS> Too much WIP can bring forward progress to a halt.
22:39:54 <SpamapS> 5 are rcarrilolocruz ... so those might change hands soon and maybe move forward
22:40:19 <SpamapS> pabelanger: are you still working on test_time_database ?
22:40:29 <pabelanger> SpamapS: not recently
22:40:36 <pabelanger> I should remove my name for now
22:40:44 <pabelanger> actually
22:40:50 <pabelanger> I'll dive into it tomorrow
22:41:04 <SpamapS> cool!
22:41:19 <SpamapS> hm
22:41:21 <SpamapS> Storyboard bug
22:41:24 <Shrews> SpamapS: the nodepool side of https://storyboard.openstack.org/#!/story/2000897 is done. i implemented that last week. review https://review.openstack.org/#/c/445055/ for reference
22:41:28 <SpamapS> tasks on the board are not showing their story
22:41:54 <jeblair> SpamapS: when i click on one, it brings up the popup with a link to the story
22:42:15 <SpamapS> jeblair: my link is showing just as ""
22:42:25 * SpamapS forces refresh
22:42:28 <jeblair> i'm not logged in, fwiw
22:42:41 <jeblair> both of my in-progress tasks are actually complete-ish.  the job graphs changes just landed; i don't think i did the task header so i'll have to manually resolve it
22:42:47 <SpamapS> yep.. out of date js depends
22:43:05 <jeblair> the other is the secrets stuff which is complete and in review
22:44:01 <clarkb> oh I meant to swing around on how you were planning to do that (re switch to gpg or stick with sha1 hash and accept short secret length or ??)
22:44:04 <pabelanger> oops, https://review.openstack.org/446785/ is the other side of 2000897
22:44:07 <SpamapS> jeblair: I wonder if we should be encouraging folks to review more too? I haven't really been asking anybody on the BonnyCI side to do that.. but maybe it would help the patches move through a bit faster to have preliminary easy reviews done.
22:44:23 <pabelanger> not sure who is Cullen Taylor is
22:44:32 <SpamapS> pabelanger: Cullen == eggshell
22:44:35 <jeblair> clarkb: ah, i'm working on an email to send about that
22:44:35 <SpamapS> not around this week
22:44:57 <Shrews> pabelanger: he hadn't started on any of it as of last week, so i think you're ok
22:45:05 <pabelanger> Shrews: cool
22:45:43 <jeblair> SpamapS: yeah, that would be great -- not only to try to catch things, but also to help folks keep up to speed with development progress and otherwise keep involved.
22:45:46 <SpamapS> Ok, I don't see any other glaring issues on the board
22:45:58 <SpamapS> "Remove ready scripts from nodepool" is in New
22:46:01 <jeblair> SpamapS: the zuul channel topic and Zuul readme have a recommended gerrit/gertty query
22:46:37 <pabelanger> SpamapS: that is done: I07b63a16a668bb9a37fb3f763ac29f307f6c3a65
22:46:38 <Shrews> i think pabelanger did the ready scripts chang
22:46:41 <SpamapS> jeblair: ACK
22:46:47 <SpamapS> pabelanger: cool!
22:46:50 * SpamapS will mark it as such
22:47:39 <jeblair> #topic Open Discussion
22:47:48 <SpamapS> Security spec could use more reviews.
22:48:04 <rbergeron> SpamapS: link handy?
22:48:07 <SpamapS> I got some feedback from Rob Clark and he's suggested that we will probably want a MAC to layer on top of bubblewrap.
22:48:17 <SpamapS> (Rob Clark is the PTL of the security team)
22:48:20 <jeblair> #link security spec https://review.openstack.org/444495
22:48:25 <rbergeron> jeblair: merci
22:48:35 <SpamapS> (MAC == AppArmor and/or SELinux
22:48:37 <SpamapS> )
22:48:43 <pabelanger> left question / comment on bwrap
22:48:47 <rbergeron> #info security spec could use more reviews
22:48:49 <clarkb> I was going to ask media access control address?
22:49:02 <SpamapS> Mandatory Access Control I believe
22:49:10 <SpamapS> could be wrong
22:49:14 <clarkb> SpamapS: if using eg selinux does bubblewrap do anything at that point?
22:49:22 <clarkb> (I think selinux can do all that we'd need?)
22:49:35 <SpamapS> clarkb: yes it makes SELinux's job a berzillion times easier.
22:49:55 <jeblair> SpamapS: should we aim for more review/discussion this week and see if we're ready to put it up for formal vote at the infra team meeting next week?
22:50:03 <SpamapS> because you have a single anonymous context that all the processes in the bubblewrap get assigned.
22:50:21 <SpamapS> so you can just say "Give that container this set of contexts"
22:50:27 <SpamapS> instead of "And this file gets this, and this one that, and these those"
22:51:19 <SpamapS> I'm using the word 'context' wrong
22:51:21 <SpamapS> and I think I mean label
22:51:44 <jamielennox> my understanding of selinux/app armour with containers (and specifically docker) is that you apply the label to a container, that selinux doesn't try to work inside the container at all
22:51:57 <SpamapS> jeblair: I think it's missing some things, but we should aim to settle one a plan soon for sure.
22:52:10 <SpamapS> jamielennox: correct that's how I understand it too
22:52:13 <jamielennox> i didn't think there was any sense of doing individual file stuff
22:52:17 <clarkb> SpamapS: I groked fwiw
22:52:52 <SpamapS> And with AppArmor, you can define a policy for a container's overlay-hosted binaries.
22:53:20 <SpamapS> which basically says "all these binaries can only touch the files inside the container"
22:53:43 <SpamapS> Either are basically suspenders for bubblewraps suspenders which are suspenders for ansible plugins' belt.
22:53:58 <pabelanger> which OS are people using to test bwrap on? I had some issues compiling it for xenial
22:54:23 <SpamapS> pabelanger: It works fine for me on xenial. I've got a TODO to submit it to xenial-backports.
22:54:36 <SpamapS> pabelanger: but it only does non-setuid on Yakkety+ kernels
22:54:50 <SpamapS> Works fine setuid on Xenial stock.
22:54:56 <pabelanger> SpamapS: okay cool. Ya, I left that comment on spec too
22:55:00 <mordred> ++
22:55:53 <pabelanger> are we planning anything for boston?
22:56:00 <pabelanger> like a hacking session?
22:57:05 <jeblair> fungi: ^ do you have a feel for what the new summit/forum thingy is going to be like?  is there something productive we should do there?
22:57:39 <fungi> i was pondering it
22:58:01 <fungi> i think probably our best position from the forum perspective is one of users and operators of openstack services
22:58:09 <mordred> I imagine I'll be wearing my TC hat much more strongly at the summit/forum and trying to listen to what users/operators etc are saying - but that doesn't mean that needs to be what everyone does
22:58:21 <mordred> fungi: oh yeah - or that, also wearing my User hat
22:58:22 <SpamapS> Yeah we're users.
22:58:24 <jeblair> (personally, i think we're well set up to continue our laser focus on getting v3 out the door and then working on moving openstack over that i don't feel like there's a pressing need for something organized at the moment)
22:58:34 <fungi> but there is also, aside from the forum, hackspace teams can use for what they will
22:58:42 <SpamapS> Would be great to have hacking space one of the days.
22:58:57 <SpamapS> I'll be there M-We
22:58:59 <fungi> so if zuul v3 focused peeps are planning to be there, it's an opportunity to continue to grouphack
22:59:04 <SpamapS> with a talk on Tu
22:59:33 <mordred> yes. but also maybe an open door for zuul folks to _not_ go if they feel their time would be better spent continuing laser focus on v3
22:59:37 <Shrews> if there are no planned v3 group things, i'll likely skip since i can get more done by not being there
22:59:55 <Shrews> so i'd like to know about that soon
23:00:29 <jeblair> let's discuss further; out of time here now.  thanks all!
23:00:30 <fungi> right, the general message of teh forum from an upstream dev perspective is that we'd love it if everybody could come to the ptg and the summit, but if you need to pick between the two your time is likely better spent at the ptg
23:00:35 <jeblair> #endmeeting