[infra][tripleo] is it possible to control (tripleo) gate queue priority?

Jeremy Stanley fungi at yuggoth.org
Tue Dec 22 17:14:41 UTC 2020

On 2020-12-22 11:33:28 -0300 (-0300), Sorin Sbarnea wrote:
> Could we find a way to extend the ability to alter queue to a
> select group of non-zuul admins?
> I personally find the need to ping zuul admins about queue
> alteration problematic for at least two reasons:
> - increases load of zuul-admins, which likely have other more
> pressing (or interesting) issues to deal with
> - it depends directly on the availability of zuul admins, which is
> not really a 24x7 service, not even a 24x5.
> If we would have a token that allow some of us to use the new zuul
> client to put some patches on top of the queue, we could likely
> avoid having to depend on other humans for unblocking some
> pipelines.
> As these operations would be very easy to track, I doubt this
> would be abused.
> Currently that is achievable only by admins with something like:
> zuul promote --tenant openstack --pipeline gate --changes 123,1

We quite often also precede it with `zuul enqueue ...` to put the
change into the gate pipeline, either because the changes in
question have preexisting Verified -1/-2 due to unrelated failures,
or no Verified vote because it hasn't completed check pipeline jobs.

> What if we can also have some power users? aka queue
> owners/stewards? How hard it would be?

Currently we access the scheduler's RPC socket via sudo locally on
the server (the CLI utility writes to a named pipe owned by the
zuuld user). An alternative would be to set up authentication for
the REST API, which the client supports but we haven't used in
OpenDev yet.

However, I question whether it's worthwhile spending time
engineering a two-tiered administrative solution for our scheduler.
This comes up once or maybe twice a month, takes only a minute, and
never really has immediate urgency (except for security fixes which
are generally scheduled and coordinated with someone well in
advance), so it's not a particular burden on the current sysadmin
team and there's generally someone around within 24 hours or less to
process a request of that nature. As previously discussed, if it
were particularly urgent, there are other remedies available to core
review teams already.
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20201222/22a2cafe/attachment.sig>

More information about the openstack-discuss mailing list