[04:04:46] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-brennen: Mirror a subset of active Gerrit repositories read-only to GitLab instance - https://phabricator.wikimedia.org/T307246 (10brennen) 05Open→03Declined After discussion within the team, we've concluded this probably... [04:04:50] 10GitLab (Project Migration), 10Release-Engineering-Team (Priority Backlog 📥), 10User-brennen: Mirror all active Gerrit repositories to GitLab instance - https://phabricator.wikimedia.org/T305984 (10brennen) [04:05:11] 10GitLab (Project Migration), 10Release-Engineering-Team (Priority Backlog 📥), 10User-brennen: Mirror all active Gerrit repositories to GitLab instance - https://phabricator.wikimedia.org/T305984 (10brennen) 05Open→03Stalled [04:07:57] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Create Blubber repo on GitLab, archive Gerrit repo - https://phabricator.wikimedia.org/T307533 (10brennen) [04:08:18] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Create Blubber repo on GitLab, archive Gerrit repo - https://phabricator.wikimedia.org/T307533 (10brennen) [04:10:25] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Implement linting and unit tests for Blubber on GitLab CI - https://phabricator.wikimedia.org/T307534 (10brennen) [04:10:37] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Implement linting and unit tests for Blubber on GitLab CI - https://phabricator.wikimedia.org/T307534 (10brennen) [04:17:25] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Update Blubber documentation, codesearch, and other references for new GitLab location - https://phabricator.wikimedia.org/T307535 (10brennen) [04:17:43] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Update Blubber documentation, codesearch, and other references for new GitLab location - https://phabricator.wikimedia.org/T307535 (10brennen) [04:24:01] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊): Build Blubber images on GitLab - https://phabricator.wikimedia.org/T307536 (10brennen) [04:29:38] 10GitLab (Administration, Settings & Policy), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10cloud-services-team (Kanban): Assess GitLab-provided docker container registry as a default for docker-in-docker build processes - https://phabricator.wikimedia.org/T307537 (10brennen) p:05Triage→03Medium [04:29:51] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊): Build Blubber images on GitLab - https://phabricator.wikimedia.org/T307536 (10brennen) [04:29:57] 10GitLab (Administration, Settings & Policy), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10cloud-services-team (Kanban): Assess GitLab-provided docker container registry as a default for docker-in-docker build processes - https://phabricator.wikimedia.org/T307537 (10brennen) [04:30:49] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊): Build Blubber images on GitLab - https://phabricator.wikimedia.org/T307536 (10brennen) [04:30:53] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Migrate Blubber project to GitLab - https://phabricator.wikimedia.org/T301168 (10brennen) [04:35:48] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Write a GitLab "Migrating a Project" runbook / manual based on Blubber migration - https://phabricator.wikimedia.org/T307538 (10brennen) [04:35:56] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Write a GitLab "Migrating a Project" runbook / manual based on Blubber migration - https://phabricator.wikimedia.org/T307538 (10brennen) [05:30:50] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊): Establish image trust system for GitLab/Blubber - https://phabricator.wikimedia.org/T307541 (10brennen) [13:27:22] 10GitLab (CI & Job Runners), 10Release-Engineering-Team (Next), 10User-brennen: Provision untrusted instance-wide GitLab job runners to handle user-level projects and merge requests from forks - https://phabricator.wikimedia.org/T297426 (10Jelto) https://gitlab.wikimedia.org/repos/releng/gitlab-cloud-runner... [13:32:26] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊): Establish image trust system for GitLab/Blubber - https://phabricator.wikimedia.org/T307541 (10Jelto) That's related to T295481. Trust is most probably established by using dedicated and more secure runners. So this builds will need t... [16:36:32] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊): Establish image trust system for GitLab/Blubber - https://phabricator.wikimedia.org/T307541 (10thcipriani) Things to look investigate: - ContentTrustCLI - Concept of using signing to establish trust - CNCF paper about image signing [16:40:53] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊): Establish image trust system for GitLab/Blubber - https://phabricator.wikimedia.org/T307541 (10thcipriani) [16:43:00] 10GitLab (Administration, Settings & Policy), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10cloud-services-team (Kanban): Assess GitLab-provided docker container registry as a default for docker-in-docker build processes - https://phabricator.wikimedia.org/T307537 (10thcipriani) Related to {T307541} [16:45:01] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Update Blubber documentation, codesearch, and other references for new GitLab location - https://phabricator.wikimedia.org/T307535 (10thcipriani) Possible other references in various subpages of https://wikitech.wikim... [16:52:20] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊): Build Blubber images on GitLab - https://phabricator.wikimedia.org/T307536 (10thcipriani) [16:52:28] 10GitLab, 10Release-Engineering-Team (GitLab-a-thon 🦊): Investigate alternatives to docker-in-docker for container image creation in GitLab - https://phabricator.wikimedia.org/T307599 (10thcipriani) [16:53:12] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊): Build Blubber images on GitLab - https://phabricator.wikimedia.org/T307536 (10thcipriani) [16:54:15] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊): Build Blubber images on GitLab - https://phabricator.wikimedia.org/T307536 (10thcipriani) [16:55:39] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Implement linting and unit tests for Blubber on GitLab CI - https://phabricator.wikimedia.org/T307534 (10thcipriani) Changing estimate per discussion in team meeting [16:58:30] 10GitLab (CI & Job Runners), 10Security-Team, 10Patch-For-Review, 10Release-Engineering-Team (GitLab-a-thon 🦊), and 2 others: Limit GitLab shared runners to images from Wikimedia Docker registry - https://phabricator.wikimedia.org/T291978 (10thcipriani) [17:00:13] 10GitLab (CI & Job Runners), 10Security-Team, 10Patch-For-Review, 10Release-Engineering-Team (GitLab-a-thon 🦊), and 2 others: Limit GitLab shared runners to images from Wikimedia Docker registry - https://phabricator.wikimedia.org/T291978 (10thcipriani) Talked about doing this as part of #gitlabsperiment n... [17:03:57] Hello [17:04:27] re: all the bugspam above, we outlined a bunch of stuff for a sprint where we migrate blubber to gitlab and figure out our story for building container images and getting them to prod. [17:05:01] we'll try to do comms about that in here and on phab rather than slack [17:05:29] also having a string of video meetings this coming week that folks are welcome to join if they're so inclined. [17:15:49] 10GitLab, 10Release-Engineering-Team (GitLab-a-thon 🦊): Investigate alternatives to docker-in-docker for container image creation in GitLab - https://phabricator.wikimedia.org/T307599 (10dduvall) [17:23:59] 10GitLab, 10Release-Engineering-Team (GitLab-a-thon 🦊): Investigate alternatives to docker-in-docker for container image creation in GitLab - https://phabricator.wikimedia.org/T307599 (10hashar) [17:26:40] so stupid question time. is docker-in-docker still Considered Terrible if it uses a docker daemon running in a container specifically for that purpose, a la this writeup? https://pythonspeed.com/articles/gitlab-build-docker-image/ [17:33:25] still requires privileged mode i guess [17:46:56] we have a new gitlab-runner. it's called.... [17:46:57] PC-Valentino [17:57:03] brennen: i was just reading something similar [17:57:33] i don't know why you'd use docker-in-docker if you have an isolated daemon specifically for building [18:00:31] i.e. i think you can accomplish the same thing without relying on privileged mode by spinning up separate docker daemons on remote "build only" hosts and having the jobs call out to them using `DOCKER_HOST=tcp://{remote host} docker build ...` [18:05:08] using buildkitd would require a similar model: spinning up dedicated hosts for building, each running buildkitd, and having jobs call out to them using `buildctl --addr tcp://{remote host} ...` [18:06:27] here are some examples of spinning up buildkitd on k8s that we could try https://github.com/moby/buildkit/tree/master/examples/kubernetes [18:13:15] mutante: what's the naming scheme? [18:13:46] RhinosF1: pure randomness :p [18:13:59] mutante: the best :) [18:17:27] pc-valentino sounds like a film noir detective game from the 90s, on cd-rom :) [18:18:07] a la https://en.wikipedia.org/wiki/Under_a_Killing_Moon [18:18:58] or https://en.wikipedia.org/wiki/Gabriel_Knight [18:19:22] lol, nice [18:19:22] (i never actually played those, but _pc gamer_ magazine sure was fond of writing about them.) [18:19:49] does your gitlab sprint have a name too? [18:20:04] I remember those sprints some team had that were named after bands [18:20:05] or was it movies [18:20:18] we went with GitLab-a-thon [18:20:38] I was thinking maybe this guy just likes the brand Valentino valentino.com [18:20:54] at sparkfun we named releases alphabetically after musicians, but the servers were all dinosaur species. [18:27:03] oh, looks Gabriel Knight was written by the same person that did Kings Quest. i'll have to take a look [18:34:42] 10GitLab (Infrastructure), 10serviceops: bring new gitlab hardware servers into production - https://phabricator.wikimedia.org/T307142 (10Dzahn) @Jelto gitlab-runner2002, gitlab-runner2003 and gitlab-runner2004 are up and running. Regarding partioning they have / and /srv logical volumes unlike 2001, the VM,... [18:35:21] o/ [18:35:25] 10GitLab (Infrastructure), 10serviceops: bring new gitlab hardware servers into production - https://phabricator.wikimedia.org/T307142 (10Dzahn) I also merged https://gerrit.wikimedia.org/r/c/operations/puppet/+/788752 when I noticed we got the 14.9 version installed. [18:36:50] brennen: waving to follow along. as exammple of something I'd like tto have a CI image to just use: https://gitlab.wikimedia.org/repos/data-engineering/workflow_utils/-/blob/main/gitlab_ci_templates/lib/conda.yml [18:37:07] i'd rather do that in a dockerfile and have an image, than doing it in the CI script for every ci job [18:37:24] Part of https://gitlab.wikimedia.org/repos/data-engineering/workflow_utils/-/tree/main/gitlab_ci_templates [18:37:47] https://phabricator.wikimedia.org/T304450 [18:40:10] fg [18:40:13] damnit [18:47:42] 10GitLab (Infrastructure), 10serviceops, 10Patch-For-Review: bring new gitlab hardware servers into production - https://phabricator.wikimedia.org/T307142 (10Dzahn) same for gitlab-runner1002, 1003 and 1004 now: {F35103530} [18:48:41] 10GitLab (Infrastructure), 10serviceops, 10Patch-For-Review: bring new gitlab hardware servers into production - https://phabricator.wikimedia.org/T307142 (10Dzahn) [18:53:36] thcipriani: :D [18:54:11] I blame slack. somehow. [19:27:33] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-brennen, 10User-dduvall: Write a GitLab "Migrating a Project" runbook / manual based on Blubber migration - https://phabricator.wikimedia.org/T307538 (10brennen) 05Open→03In progress p:05Triage→03Medium [19:27:37] 10GitLab (Project Migration), 10Release-Engineering-Team (GitLab-a-thon 🦊), 10User-dduvall: Migrate Blubber project to GitLab - https://phabricator.wikimedia.org/T301168 (10brennen)