[09:19:09] 10GitLab (Pipeline Services Migration🐤), 10Research, 10collaboration-services, 10Patch-For-Review: Move research webpages to gitlab - https://phabricator.wikimedia.org/T334511 (10Jelto) a:05Jelto→03fkaelin Reassigning to @fkaelin > @fkaelin do you have experience deploying services to Kubernetes. The... [10:07:14] 10GitLab, 10Release-Engineering-Team, 10collaboration-services: Strange gitlab behavior - https://phabricator.wikimedia.org/T344156 (10Jelto) [11:44:03] 10GitLab (CI & Job Runners), 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10CodeReviewBot) jnuche merged https://gitlab.wikimedia.org/repos/releng/jwt-authorizer/-/merge_requests/14 JWT iss... [12:14:17] jelto: I have one last change to deploy for the jwt-authorizer (v1.2.0) [12:14:30] this time around there is a puppet config change associated: https://gerrit.wikimedia.org/r/c/operations/puppet/+/951484 [12:14:45] could you help me get that deployed at some point? [12:18:25] hi. I'm trying to access a service that I've defined in .gitlab-ci.yml, but it seems like the service hostname is not known from the container that the tests execute in. [12:18:29] https://gitlab.wikimedia.org/repos/mediawiki/services/ipoid/-/jobs/135083 [12:18:47] https://gitlab.wikimedia.org/repos/mediawiki/services/ipoid/-/merge_requests/44/diffs [12:19:04] maybe I'm missing something obvious... if someone has ideas, please let me know [12:22:34] jnuche: change looks good to me. I can deploy it to the registry now if that works for you [12:22:44] bzw https://gitlab.wikimedia.org/repos/releng/jwt-authorizer/-/blob/main/README.md still mentiones "issuer" [12:22:47] btw [12:23:32] jelto: good catch, I'll fix the README [12:24:13] yes please, the new package depends on the puppet change (and we still need to restart the service manually after updating the package) [12:25:13] ok so I'll deploy the change to the registry nodes in a sec. The jwt-authorizer package is already updated right? Or do we need a new version here as well? [12:26:11] we need to create a new package for tag v1.2.0 if you want to create in the build host like last time [12:26:24] otherwise I could create a version using a Docker image we have for that [12:27:40] ah I missed that. Ok then I'll rebuild the jwt-authorizer package first. Give me some minutes [12:28:15] 👍 [12:29:57] kostajh: I may be wrong, but I think Kokkuri/Blubber doesn't support gitlab CI's sidecar services at the moment [12:30:06] dduvall should be able to confirm [12:31:44] oh :\ [12:32:12] is this tracked/documented somewhere? [12:34:34] if not, I can file a task [12:35:04] context for our needs is T339352 [12:35:05] T339352: Create MySQL container in CI for integration tests - https://phabricator.wikimedia.org/T339352 [12:38:28] kostajh: I can't find any tasks or mentions in wikis/docs, if you don't mind creating a new one please [12:44:17] I found this so it looks like at least we consider it at some point, but I don't know what came out of it: https://phabricator.wikimedia.org/T308789#7990694 [12:48:34] ok [12:49:45] jnuche: upgrade of jwt-authorzer to v1.2.0 and the puppet change should be deployed together right? [12:50:23] jelto: yeah, correct [12:51:36] ok then I'll upgrade all four nodes in a sec. package is rebuild and available as v1.2.0 [12:52:15] ack [12:52:45] 10GitLab, 10Continuous-Integration-Infrastructure: Allow GitLab CI containers to connect to services - https://phabricator.wikimedia.org/T344818 (10kostajh) [12:53:50] 10GitLab, 10Continuous-Integration-Infrastructure: Allow GitLab CI containers to connect to services - https://phabricator.wikimedia.org/T344818 (10kostajh) [12:54:00] jelto: filed ^ thank you [12:58:41] 10GitLab (CI & Job Runners), 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10CodeReviewBot) jnuche opened https://gitlab.wikimedia.org/repos/releng/jwt-authorizer/-/merge_requests/16 README:... [12:59:01] 10GitLab, 10Continuous-Integration-Infrastructure: Allow GitLab CI containers to connect to services - https://phabricator.wikimedia.org/T344818 (10Tchanders) [13:00:37] 10GitLab (CI & Job Runners), 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10CodeReviewBot) jnuche merged https://gitlab.wikimedia.org/repos/releng/jwt-authorizer/-/merge_requests/16 README:... [13:04:06] jnuche: jwt-authorizer updated and change deployed. Puppet restarted jwt-authorizer automatically [13:04:32] kostajh: I guess you wanted to ping jnuche, not me :) [13:04:45] ok, lemme verify [13:07:39] jelto: it looks healthy [13:07:41] thank you :) [13:07:48] great! [13:22:00] 10GitLab (CI & Job Runners), 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10jnuche) 05In progress→03Resolved The new id tokens changed the value in the issuer (`iss`) field which made th... [13:27:04] 10GitLab (CI & Job Runners), 10collaboration-services, 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10Jelto) [13:34:04] jelto: sorry about that [13:34:37] np :) [14:51:49] 10GitLab, 10Continuous-Integration-Infrastructure: Allow GitLab CI containers to connect to services - https://phabricator.wikimedia.org/T344818 (10dancy) The problem is that the build is running inside of a container created by buildkitd while the mariadb service is running in a container created by the runne... [15:04:14] 10GitLab, 10Continuous-Integration-Infrastructure: Allow GitLab CI containers to connect to services - https://phabricator.wikimedia.org/T344818 (10kostajh) >>! In T344818#9113789, @dancy wrote: > The problem is that the build is running inside of a container created by buildkitd while the mariadb service is r... [15:05:38] 10GitLab (CI & Job Runners), 10collaboration-services, 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Replace deprecated `CI_JOB_JWT` CI variable in Kokkuri - https://phabricator.wikimedia.org/T337474 (10dancy) Great work @jnuche ! [15:16:22] 10GitLab (Pipeline Services Migration🐤), 10Release-Engineering-Team (Priority Backlog 📥): Archive the "wikimedia/production" repo - https://phabricator.wikimedia.org/T344763 (10Jdforrester-WMF) I've [[https://gerrit.wikimedia.org/r/admin/repos/wikimedia/production,general|set it to Read-Only]]; let's see if th... [15:33:06] 10GitLab, 10Continuous-Integration-Infrastructure: Allow GitLab CI containers to connect to services - https://phabricator.wikimedia.org/T344818 (10Jdforrester-WMF) It sounds like you'd want something more like the #tool-ducttape tool that QTE are planning to re-build for general use on GitLab. [15:42:35] 10GitLab (Pipeline Services Migration🐤), 10Platform Engineering, 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Migrate mediawiki/services/kask to GitLab - https://phabricator.wikimedia.org/T335691 (10Eevans) >>! In T335691#9113942, @gerritbot wrote: > Change 913949 **merged** by Eevans: >... [15:44:13] 10GitLab (Pipeline Services Migration🐤), 10Platform Engineering, 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Migrate mediawiki/services/kask to GitLab - https://phabricator.wikimedia.org/T335691 (10dancy) Thanks! [15:44:33] 10GitLab (Pipeline Services Migration🐤), 10Platform Engineering, 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Migrate mediawiki/services/kask to GitLab - https://phabricator.wikimedia.org/T335691 (10dancy) [15:48:48] kostajh, jnuche: you can use gitlab ci services, but not with `.kokkuri:build-and-run-image`. the reason for this is that `.kokkuri:build-and-run-image` uses the blubber `run-variant` option to run the entrypoint within the context of buildkitd. buildkitd containers are isolated within their own CNI managed networks [15:52:00] to make use of services, you'd have to use a different pattern: to first build the test runner image in one job using `.kokkuri.build-image`, and then reference that built image as `image: `${_IMAGE_REF}` in a subsequent job where you've also defined various services. using this pattern, the image built by blubber is now running as a container in the usual GitLab CI runner context [15:52:12] TL;DR we need to add this usage to the kokkuri docs [15:52:49] also, i don't think this latter usage can be supported in WMCS at the moment since we don't have a central caching registry. it's only available on DO [15:57:39] 10Gitlab-Application-Security-Pipeline, 10Security, 10user-sbassett: osv-scanner: add support for finding nested lockfiles - https://phabricator.wikimedia.org/T342178 (10sbassett) 05Open→03Resolved p:05Triage→03Low [15:57:43] 10Gitlab-Application-Security-Pipeline, 10Security-Team, 10SecTeam-Processed, 10Security, 10user-sbassett: [EPIC] Application Security Pipeline Components for Gitlab - Phase 2 Work - https://phabricator.wikimedia.org/T342177 (10sbassett) [16:43:49] 10GitLab (Misc), 10Release-Engineering-Team (Radar), 10User-brennen: Investigate opendev.org hosting options and their costs, risks, & benefits - https://phabricator.wikimedia.org/T344372 (10brennen) [16:44:00] 10GitLab (Integrations), 10ExtensionDistributor: Add Gitlab Provider for ExtensionDistributor - https://phabricator.wikimedia.org/T340523 (10brennen) [16:44:11] 10GitLab (CI & Job Runners), 10Continuous-Integration-Infrastructure: Allow GitLab CI containers to connect to services - https://phabricator.wikimedia.org/T344818 (10brennen) [16:50:14] 10GitLab (Auth & Access), 10Release-Engineering-Team (Priority Backlog 📥): Test Trusted Contributors group in devtools GitLab - https://phabricator.wikimedia.org/T344379 (10thcipriani) 05Open→03In progress p:05Triage→03Medium [16:50:37] 10GitLab (Upstream pit of despair 🕳️), 10Release-Engineering-Team (Seen): GitLab: find a way to search open merge-requests filtering out groups of people - https://phabricator.wikimedia.org/T344361 (10thcipriani) [16:50:54] 10GitLab (Upstream pit of despair 🕳️), 10Release-Engineering-Team (Seen), 10Upstream: Disable GitLab snippets - https://phabricator.wikimedia.org/T332993 (10brennen) [17:22:40] dduvall: thanks. I'd be happy to test this out but would need some hand holding to get it working, I think [17:28:04] 10GitLab (Pipeline Services Migration🐤), 10Platform Engineering, 10Patch-For-Review, 10Release-Engineering-Team (Escape Goats🐐): Migrate mediawiki/services/kask to GitLab - https://phabricator.wikimedia.org/T335691 (10dancy) [17:31:54] kostajh: sure thing. we can either collab here async, or feel free to calendar stalk me :) [17:32:19] a good example of this pattern can be found in blubber's `.gitlab-ci.yml` https://gitlab.wikimedia.org/repos/releng/blubber/-/blob/main/.gitlab-ci.yml#L58 [17:33:17] here the `run-acceptance-tests` job is actually referencing two images that were built from prior jobs [17:33:35] thanks [17:34:24] (how do I know if the jobs are running in DO vs WMCS?) [17:35:14] one built during the `build-frontend-for-testing` job now referenced as `${BUILD_FRONTEND_FOR_TESTING_IMAGE_REF}`, and another built during the `build-acceptance-runner` job now referenced as `${BUILD_ACCEPTANCE_RUNNER_IMAGE_REF}`. notice the variables that hold the ref value of the previously built images are named after the jobs [17:35:55] re: DO vs WMCS you're on the WMCS runners atm. you can see the hostname of the runner at the top of the console output [17:36:17] to ensure you get a DO runner, add `kubernetes` to the tags (ambiguous tag naming, i know) [20:23:24] 10GitLab (Pipeline Services Migration🐤), 10Editing-team: Migrate Citoid/Zotero Pipeline Repos to GitLab - https://phabricator.wikimedia.org/T344736 (10Jdforrester-WMF) [20:25:05] 10GitLab (Pipeline Services Migration🐤), 10Platform Engineering: Migrate former Platform team service to GitLab - https://phabricator.wikimedia.org/T344739 (10Jdforrester-WMF) [20:25:08] 10GitLab (Pipeline Services Migration🐤), 10Platform Engineering, 10Release-Engineering-Team (Escape Goats🐐): Migrate mediawiki/services/kask to GitLab - https://phabricator.wikimedia.org/T335691 (10Jdforrester-WMF)