!gbYfCmRFdiprAcsClG:matrix.org

gerritcodereview

333 Members
5 Servers

Load older messages


SenderMessageTime
9 Jan 2024
@jim:acmegating.comcorvusi double checked the certs on the zk servers with openssl and both the client and server cert have expirations in feb. the ca cert expires in 203018:10:36
@_discord_1022546464011993138:t2bot.ionasser_linaro looks like that one is coming from https://gerrit.googlesource.com/zuul/ops/+/master/k8s/zookeeper/zookeeper.yaml#3 18:14:51
@_discord_1022546464011993138:t2bot.ionasser_linaro https://cloud.google.com/kubernetes-engine/docs/deprecations/apis-1-25#poddisruptionbudget-v125 18:17:06
@jim:acmegating.comcorvus there's a liveness probe that connects over ssl and runs ruok ever few seconds, and that appears to be working 18:18:35
@jim:acmegating.comcorvuswhich suggests that the zk cluster is able to accept ssl connections in general (and specifically with its copy of the client cert)18:19:21
@jim:acmegating.comcorvushowever, that is a different certificate than the executor is using18:21:49
@jim:acmegating.comcorvusthey both have approx the same expiration dates18:21:59
@jim:acmegating.comcorvusi wonder if zk is caching an old copy of the certs and needs to be restarted18:24:56
@jim:acmegating.comcorvusi'm inclined to restart zk then restart zuul.18:25:37
@jim:acmegating.comcorvusokay, after the initial restart of zookeeper-0, it did not join the quorum because of cert errors, but after restarting all 3, they have reformed a quorum. i think that lends credence to the "stale cert" theory.18:28:53
@clarkb:matrix.orgClarkI see an executor in the components list now18:29:55
@jim:acmegating.comcorvusit looks like all the zuul components have automatically reconnected; so the actual fix for this was "restart zk"18:30:00
@jim:acmegating.comcorvuszuul is working through a backlog of fairly old data18:30:52
@jim:acmegating.comcorvusi think we can declare it back in service; we should fix that pod disruption thing tho; i wonder if that has something to do with why the cert upgrade wasn't handled.18:32:46
@jim:acmegating.comcorvus Clark: nasser_linaro fyi, i'm using kubectl with the google cloud auth setup to get the logs and run commands; i don't think i've ever had access to logs in the web console. in case you want to see about setting up the same. 18:34:35
@clarkb:matrix.orgClarkok, I don't thjink I ever had access to the google cloud stuff or k8s there18:37:00
@_discord_1022546464011993138:t2bot.ionasser_linaro You can't view tags if you can't view any branches with the tagged commits. 21:11:25
@_discord_1022546464011993138:t2bot.ionasser_linaro See https://groups.google.com/g/repo-discuss/c/f0nArdvuFCw 21:13:18
10 Jan 2024
@_discord_1105817889669382144:t2bot.iomaitriporwal Hi, ran into an another issue after 05:21:17
@_discord_1194720336000860242:t2bot.iostnma7e_27446 joined the room.19:14:09
@_discord_207662094277935105:t2bot.ioecnerwall I could view all branches in that repo, but I'm guessing that some tags were created, some branches were deleted (maybe, no idea if that's actually the case) and since the branch didn't exist I couldn't see the tags.
The thing that really bug us, is why the other admin could see them
20:14:21
@_discord_1022546464011993138:t2bot.ionasser_linaro I would guess you have slightly different permissions if another user could see them and you couldn't 21:09:19
12 Jan 2024
@_discord_450041161265184789:t2bot.ioAntoine For the 3.7 upgrade, the labels approval copying fields are removed (I have at least copyAllScoresIfNoChange copyMinScore copyAllScoresOnTrivialRebase and copyAllScoresIfNoCodeChange). The release notes mentions a schema migration exists and it seems to be https://gerrit-review.googlesource.com/c/gerrit/+/334325 . Does that implies that on upgrade gerrit init will magically update the settings in all projects? I guess I can just try it 😄 15:39:21
@_discord_1022546464011993138:t2bot.ionasser_linaro Yes, I think that happens in an init step 15:51:36
@_discord_450041161265184789:t2bot.ioAntoine I guess I have to give it a try and validate the copy condition matches my expectations 🙂 15:55:55
@_discord_450041161265184789:t2bot.ioAntoine thanks nasser_linaro ! 15:55:59
@fungicide:matrix.orgfungi
In reply to @_discord_450041161265184789:t2bot.io
For the 3.7 upgrade, the labels approval copying fields are removed (I have at least copyAllScoresIfNoChange copyMinScore copyAllScoresOnTrivialRebase and copyAllScoresIfNoCodeChange). The release notes mentions a schema migration exists and it seems to be https://gerrit-review.googlesource.com/c/gerrit/+/334325 . Does that implies that on upgrade gerrit init will magically update the settings in all projects? I guess I can just try it 😄
since the new syntax was also supported in 3.6, the approach we took was to load all our configs into a test deployment of 3.6, upgrade it to 3.7, check what the upgrade process did to the configs, applied those changes to another 3.6 test deployment, upgraded that to make sure it resulted in no changes, then applied that new configuration to our 3.6 production site
16:12:15
@fungicide:matrix.orgfungiand also introduced some new rules in our config linter to make sure no old-style configs got added in the lead-up to our production upgrade maintenance16:13:09
@fungicide:matrix.orgfungiand double-checked after the production upgrade that there were no new changes to the configuration16:13:39
31 Jan 2024
@jim:acmegating.comcorvuso/19:39:01

There are no newer messages yet.


Back to Room ListRoom Version: 9