Added a slightly larger overview talk

1 files changed, 1258 insertions, 0 deletions

diff --git a/src/zuulv3/overview.rst b/src/zuulv3/overview.rst
new file mode 100644
index 0000000..5e6b281
--- /dev/null
+++ b/src/zuulv3/overview.rst
@@ -0,0 +1,1258 @@
+. display in 68x24
+.. display in 88x24
+
+.. pygments yaml? (only file breaks (---) tinted)
+.. slide on high level v3 changes
+.. slide on nodepool
+
+.. transition:: dissolve
+   :duration: 0.4
+
+Test Slide
+==========
+.. hidetitle::
+
+.. ansi:: images/testslide.ans
+
+Preshow
+=======
+.. hidetitle::
+
+.. ansi:: images/cursor.ans images/cursor2.ans
+
+Zuul
+====
+.. hidetitle::
+.. ansi:: images/title.ans
+
+Monty Taylor
+============
+
+* @e_monty
+* freenode:mordred
+* mordred@inaugust.com
+
+Red Hat
+=======
+.. hidetitle::
+.. container:: handout
+   i work for
+
+.. ansi:: images/redhat.ans
+
+Ansible
+=======
+.. hidetitle::
+.. ansi:: images/ansible.ans
+
+OpenDev
+=======
+
+::
+
+  "most insane CI infrastructure I've ever been a part of"
+
+    -- Alex Gaynor
+
+  "OpenStack Infra are like the SpaceX of CI"
+
+    -- Emily Dunham
+
+Zuul
+====
+.. hidetitle::
+.. ansi:: images/zuul.ans
+
+
+What Zuul Does
+==============
+
+  * gated changes
+  * one or more git repositories
+  * integrated deliverable
+  * testing like deployment
+
+Underlying Philosophy
+=====================
+
+  * All changes flow through code review
+  * Changes only land if they pass all tests
+  * Computers are cheaper than humans
+
+Ramifications of Philosophy
+===========================
+
+  * No direct push access for anyone
+  * Software should be installable from source
+  * Testing should be automated and repeatable
+  * Developers write tests with their patches
+  * Code always works
+
+Getting to Gating
+=================
+
+No Tests / Manual Tests
+=======================
+
+  * No test automation exists or ...
+  * Developer runs test suite before pushing code
+  * Prone to developer skipping tests for "trivial" changes
+  * Doesn't scale organizationally
+
+Periodic Testing
+================
+
+  * Developers push changes directly to shared branch
+  * CI system runs tests from time to time - report if things still work
+  * "Who broke the build?"
+  * Leads to hacks like NVIE model
+
+Post-Merge Testing
+==================
+
+  * Developers push changes directly to shared branch
+  * CI system is triggered by push - reports if push broke something
+  * Frequently batched / rolled up
+  * Easier to diagnose which change broke things
+  * Reactive - the bad changes are already in
+
+Pre-Review Testing
+==================
+
+  * Changes are pushed to code review (Gerrit Change, GitHub PR, etc)
+  * CI system is triggered by code review change creation
+  * Test results inform review decisions
+  * Proactive - testing code before it lands
+  * Reviewers can get bored waiting for tests
+  * Only tests code as written, not potential result of merging code
+
+Gating
+======
+
+  * Changes are pushed to code review
+  * CI system is triggered by code review approval
+  * CI system merges code IFF tests pass
+  * Proactive - testing code before it lands
+  * Future state resulting from merge of code is tested
+  * Reviewers can fire-and-forget safely
+
+Mix and Match
+=============
+
+  * Zuul supports all of those modes
+  * Zuul users frequently combine them
+  * Run pre-review (check) and gating (gate) on each change
+  * Post-merge/post-tag for release/publication automation
+  * Periodic for catching bitrot
+
+Multi-repository integration
+============================
+
+  * Multiple source repositories are needed for deliverable
+  * Future state to be tested is the future state of all involved repos
+
+To test proposed future state
+=============================
+
+  * Get tip of each project. Merge appropriate change. Test.
+  * Changes must be serialized, otherwise state under test is invalid.
+  * Integrated deliverable repos share serialized queue
+
+Speculative Execution
+=====================
+
+  * Correct parallel processing of serialized future states
+  * Create virtual serial queue of changes for each deliverable
+  * Assume each change will pass its tests
+  * Test successive changes with previous changes applied to starting state
+
+Nearest Non-Failing Change
+==========================
+
+(aka 'The Jim Blair Algorithm')
+
+  * If a change fails, move it aside
+  * Cancel all test jobs behind it in the queue
+  * Reparent queue items on the nearest non-failing change
+  * Restart tests with new state
+
+Zuul Simulation
+===============
+.. transition:: pan
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-00.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-01.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-02.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-03.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-04.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-05.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-06.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-07.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-08.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-09.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-10.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-11.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-12.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-13.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-14.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-15.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-16.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-17.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-18.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-19.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-20.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-21.ans
+
+Zuul Simulation
+===============
+.. transition:: cut
+.. container:: handout
+
+  * todo
+
+.. ansi:: images/zsim-22.ans
+
+
+Cross-Project Dependencies
+==========================
+
+Testing or gating dependencies manually specified by developers
+
+.. container:: progressive
+
+   * nodepool https://review.openstack.org/612168
+
+       Make functional src jobs actually install from source
+   * openstacksdk https://review.openstack.org/612186
+
+       Don't start task managers passed in to Connection
+
+       Depends-On: https://review.openstack.org/612168
+   * openstacksdk https://review.openstack.org/604521
+
+       Add support for per-service rate limits
+
+       (git parent is 612186)
+   * nodepool https://review.openstack.org/612169
+
+       Consume rate limiting task manager from openstacksdk 
+
+       Depends-On: https://review.openstack.org/604521
+
+       (nodepool-functional-py35-src should pass, but
+        nodepool-functional-py35 should not fail until openstacksdk release)
+
+Lock Step Changes
+=================
+
+  * Circular Dependencies are not supported on purpose
+  * Rolling upgrades across interdependent services
+  * HOWEVER - many valid use cases - support will be coming
+
+Live Configuration Changes
+==========================
+
+.. container:: handout
+
+  Zuul is a distributed system, with a distributed configuration.
+
+.. code:: yaml
+
+   - tenant:
+       name: openstack
+       source:
+         gerrit:
+           config-repos:
+             - opendev/project-config
+           project-repos:
+             - opendev/zuul-jobs
+             - zuul/zuul
+             - zuul/nodepool
+             - ansible/ansible
+             - openstack/openstacksdk
+
+Zuul Startup
+============
+
+* Read config file
+
+Zuul Startup
+============
+
+* Read config file
+* Ask mergers for branches of each repo
+
+.. ansi:: images/startup1.ans
+
+Zuul Startup
+============
+
+* Read config file
+* Ask mergers for branches of each repo
+* Ask mergers for .zuul.yaml for each branch
+
+    of each repo
+
+.. ansi:: images/startup2.ans
+
+When .zuul.yaml Changes
+=======================
+
+.. container:: progressive
+
+  * Zuul looks for changes to .zuul.yaml
+  * Asks mergers for updated content
+  * Splices into configuration used for that change
+  * Works with cross-repo dependencies
+
+    ("This change depends on a change to the job definition")
+
+Zuul Architecture
+=================
+
+.. ansi:: images/architecture.ans
+
+
+Nodepool
+========
+
+  * A separate program that works very closely with *Zuul*
+  * Creates and destroys zero or more node resources
+  * Resources can include VMs, Containers, COE contexts or Bare Metals
+  * Static driver for allocating pre-existing nodes to jobs
+  * Optionally periodically builds images and uploads to clouds
+
+Nodepool Launcher
+=================
+
+  Where build nodes should come from
+
+  * OpenStack
+  * Static
+  * Kubernetes
+
+  In review:
+
+  * OpenShift
+  * AWS
+
+  In work / coming soon:
+
+  * Azure
+  * GCE
+  * Mac Stadium
+
+What about test/job content?
+============================
+
+  * Written in Ansible
+  * Ansible is excellent at running one or more tasks in one or more places
+  * The answer to "how do I" is almost always "Ansible"
+
+What Zuul Does
+==============
+
+  * Listens for code events
+  * Prepares appropriate job config and git repo states
+  * Allocates nodes for test jobs
+  * Pushes git repo states to nodes
+  * Runs user-defined Ansible playbooks
+  * Collects/reports results
+  * Potentially merges change
+
+Jobs
+====
+
+* Jobs run on nodes from nodepool (static or dynamic)
+* Metadata defined in Zuul's configuration
+* Execution content in Ansible
+* Jobs may be defined centrally or in the repo being tested
+* Jobs have contextual variants that simplify configuration
+
+Job
+===
+
+.. code:: yaml
+
+  - job:
+      name: base
+      parent: null
+      description: |
+        The base job for Zuul.
+      timeout: 1800
+      nodeset:
+        nodes:
+          - name: primary
+            label: centos-7
+      pre-run: playbooks/base/pre.yaml
+      post-run:
+        - playbooks/base/post-ssh.yaml
+        - playbooks/base/post-logs.yaml
+      secrets:
+        - site_logs
+
+Simple Job
+==========
+
+.. code:: yaml
+
+   - job:
+      name: tox
+      pre-run: playbooks/setup-tox.yaml
+      run: playbooks/tox.yaml
+      post-run: playbooks/fetch-tox-output.yaml
+
+Simple Job Inheritance
+======================
+
+.. code:: yaml
+
+  - job:
+      name: tox-py36
+      parent: tox
+      vars:
+        tox_envlist: py36
+
+Inheritance Works Like An Onion
+===============================
+
+  * pre-run playbooks run in order of inheritance
+  * run playbook of job runs
+  * post-run playbooks run in reverse order of inheritance
+  * If pre-run playbooks fail, job is re-tried
+  * All post-run playbooks run - as far as pre-run playbooks got
+
+Inheritance Example
+===================
+
+For tox-py36 job
+
+  * base pre-run playbooks/base/pre.yaml
+  * tox pre-run playbooks/setup-tox.yaml
+  * tox run playbooks/tox.yaml
+  * tox post-run playbooks/fetch-tox-output.yaml
+  * base post-run playbooks/base/post-ssh.yaml
+  * base post-run playbooks/base/post-logs.yaml
+
+Simple Job Variant
+==================
+
+.. code:: yaml
+
+  - job:
+      name: tox-py27
+      branches: stable/mitaka
+      nodeset:
+        - name: ubuntu-trusty
+          label: ubuntu-trusty
+
+Nodesets for Multi-node Jobs
+============================
+
+.. code:: yaml
+
+  - nodeset:
+      name: ceph-cluster
+      nodes:
+        - name: controller
+          label: centos-7
+        - name: compute1
+          label: fedora-28
+        - name: compute2
+          label: fedora-28
+      groups:
+        - name: ceph-osd
+          nodes:
+            - controller
+        - name: ceph-monitor
+          nodes:
+            - controller
+            - compute1
+            - compute2
+
+Multi-node Job
+==============
+
+* nodesets are provided to Ansible for jobs in inventory
+
+.. code:: yaml
+
+  - job:
+      name: ceph-multinode
+      nodeset: ceph-cluster
+      run: playbooks/install-ceph.yaml
+
+
+Multi-node Ceph Job Content
+===========================
+
+.. code:: yaml
+
+  - hosts: all
+    roles:
+      - install-ceph
+
+  - hosts: ceph-osd
+    roles:
+      - start-ceph-osd
+
+  - hosts: ceph-monitor
+    roles:
+      - start-ceph-monitor
+
+  - hosts: all
+    roles:
+      - do-something-interesting
+
+Project With Central and Local Config
+=====================================
+
+.. code:: yaml
+
+   # In git.openstack.org/openstack-infra/project-config:
+   - project:
+       name: openstack/nova
+       templates:
+         - openstack-tox-jobs
+
+.. code:: yaml
+
+   # In git.openstack.org/openstack/nova/.zuul.yaml:
+   - project:
+       check:
+         - nova-placement-functional-devstack
+
+Project with Job Dependencies
+=============================
+
+.. code:: yaml
+
+    - project:
+        release:
+          jobs:
+            - build-artifacts
+            - upload-tarball:
+                dependencies: build-artifacts
+            - upload-pypi:
+                dependencies: build-artifacts
+            - notify-mirror:
+                dependencies:
+                  - upload-tarball
+                  - upload-pypi
+
+Secrets
+=======
+
+* Inspired by Kubernetes Secrets API
+* Projects can add named encrypted secrets to their .zuul.yaml file
+* Jobs can request to use secrets by name
+* Jobs using secrets are not reconfigured speculatively
+* Secrets can only be used by the same project they are defined in
+* Public key per project:
+  ``{{ zuul_url }}/{{ tenant }}/{{ project }}.pub``
+
+::
+  GET https://zuul.openstack.org/openstack-infra/shade.pub
+
+Secret Example (note, no admins had to enable this)
+===================================================
+
+.. code:: yaml
+
+    # In git.openstack.org/openstack/loci/.zuul.yaml:
+    - secret:
+        name: loci_docker_login
+        data:
+          user: loci-username
+          password: !encrypted/pkcs1-oaep
+            - gUEX4eY3JAk/Xt7Evmf/hF7xr6HpNRXTibZjrKTbmI4QYHlzEBrBbHey27Pt/eYvKKeKw
+              hk8MDQ4rNX7ZK1v+CKTilUfOf4AkKYbe6JFDd4z+zIZ2PAA7ZedO5FY/OnqrG7nhLvQHE
+              5nQrYwmxRp4O8eU5qG1dSrM9X+bzri8UnsI7URjqmEsIvlUqtybQKB9qQXT4d6mOeaKGE
+              5h6Ydkb9Zdi4Qh+GpCGDYwHZKu1mBgVK5M1G6NFMy1DYz+4NJNkTRe9J+0TmWhQ/KZSqo
+              4ck0x7Tb0Nr7hQzV8SxlwkaCTLDzvbiqmsJPLmzXY2jry6QsaRCpthS01vnj47itoZ/7p
+              taH9CoJ0Gl7AkaxsrDSVjWSjatTQpsy1ub2fuzWHH4ASJFCiu83Lb2xwYts++r8ZSn+mA
+              hbEs0GzPI6dIWg0u7aUsRWMOB4A+6t2IOJibVYwmwkG8TjHRXxVCLH5sY+i3MR+NicR9T
+              IZFdY/AyH6vt5uHLQDU35+5n91pUG3F2lyiY5aeMOvBL05p27GTMuixR5ZoHcvSoHHtCq
+              7Wnk21iHqmv/UnEzqUfXZOque9YP386RBWkshrHd0x3OHUfBK/WrpivxvIGBzGwMr2qAj
+              /AhJsfDXKBBbhGOGk1u5oBLjeC4SRnAcIVh1+RWzR4/cAhOuy2EcbzxaGb6VTM=
+
+Secret Example
+==============
+
+.. code:: yaml
+
+    # In git.openstack.org/openstack/loci/.zuul.yaml:
+    - job:
+        name: publish-loci-cinder
+        parent: loci-cinder
+        post-run: playbooks/push
+        secrets:
+          - loci_docker_login
+
+    # In git.openstack.org/openstack/loci/playbooks/push.yaml:
+    - hosts: all
+      tasks:
+        - include_vars: vars.yaml
+
+    - name: Push project to DockerHub
+      block:
+        - command: docker login -u {{ loci_docker_login.user }} -p {{ loci_docker_login.password }}
+          no_log: True
+        - command: docker push openstackloci/{{ project }}:{{ branch }}-{{ item.name }}
+          with_items: "{{ distros }}"
+
+OpenDev - Largest Known Zuul
+====================================
+
+  * 2KJPH (2,000 jobs per hour)
+  * Build Nodes from 16 Regions of 5 Public and 3 Private OpenStack Clouds
+  * Rackspace, Internap, OVH, Vexxhost, CityCloud
+  * Linaro (ARM), Limestone, Packethost
+  * 10,000 changes merged per month
+
+Zuul is not New
+===============
+
+  * Has been in Production for OpenStack for Six Years
+  * Zuul is now a top-level effort of OpenStack Foundation
+  * Zuul v3 first release where not-OpenStack is first-class use case
+
+Not just for OpenStack
+======================
+
+  * BMW (control plane in OpenShift)
+  * GoDaddy (control plane in Kubernetes)
+  * Le Bon Coin
+  * GoodMoney
+  * Easystack
+  * TungstenFabric
+  * OpenLab
+  * Red Hat
+  * others ...
+
+Code Review Systems
+===================
+
+  * Gerrit
+  * GitHub (Public and Enterprise)
+
+  In work / coming soon:
+
+  * GitLab
+  * Bitbucket
+
+Support for non-git
+===================
+
+.. container:: progressive
+
+  * Nope
+  * helix4git may work for perforce, but is untested
+
+Installation of Software
+========================
+
+Ways to Install Zuul
+====================
+
+* Containers: https://hub.docker.com/_/zuul/
+* Windmill: http://git.openstack.org/cgit/openstack/windmill
+* Software Factory: https://softwarefactory-project.io/
+* Puppet: http://git.openstack.org/cgit/openstack-infra/puppet-zuul
+
+Zuul Containers
+===============
+
+* Published on every commit
+* Application/Process containers
+* Config / Data should be bind-mounted in
+
+zuul/zuul-executor
+==================
+
+* In k8s, zuul-executor must be run privileged
+* Uses bubblewrap for unprivileged sanboxing
+* Restriction may be lifted in the future
+
+Release Management
+==================
+
+* Zuul is a CI system
+* C stands for "Continuous"
+* It is run Continuously Delivered and Deployed upstream
+* Releases are tagged from code run upstream
+* There is no intent to have a 'stable' release
+* 'stable' is a synonym for "old and buggy"
+
+zuul/zuul-scheduler
+===================
+
+* SPOF
+* We're working on it
+* Recommend running scheduler from tags
+
+Quick Start
+===========
+
+https://zuul-ci.org/docs/zuul/admin/quick-start.html
+
+Important Links
+===============
+
+* https://zuul-ci.org/
+* https://git.zuul-ci.org/cgit/zuul
+* https://zuul-ci.org/docs/zuul
+* https://zuul-ci.org/docs/zuul-jobs/
+* freenode:#zuul
+
+Questions
+=========
+
+.. ansi:: images/questions.ans
+
+Quick Start Prereq
+==================
+
+* Install docker, docker-compose, git-review
+
+Debian/Ubuntu:
+
+::
+
+  sudo apt-get install docker-compose git git-review
+
+RHEL / CentOS / Fedora:
+
+::
+
+  sudo yum install docker docker-compose git git-review
+
+OpenSuse:
+
+::
+
+  sudo zypper install docker docker-compose git git-review
+
+RHEL / CentOS / Fedora / OpenSuse
+
+::
+
+  sudo systemctl enable docker.service
+  sudo systemctl start docker.service
+
+Actual Quick Start
+==================
+
+* git clone https://git.zuul-ci.org/zuul
+* cd zuul
+* cd doc/source/admin/examples
+* docker-compose up
+
+What's Running
+==============
+
+* Zookeeper
+* Gerrit
+* Nodepool Launcher
+* Zuul Scheduler
+* Zuul Web Server
+* Zuul Executor
+* Apache HTTPD
+* A container to use as a 'static' build node
+
+How they're connected
+=====================
+
+* End Users talk to Gerrit and Apache HTTPD
+* Zuul Scheduler talks to Gerrit
+* Nodepool Launcher, Zuul Scheduler, Zuul Web talk to Zookeeper
+* Zuul Executor talks to Zuul Scheduler (using Gearman)
+
+Initial provided config
+=======================
+
+* docker-compose has plumbed in basic config ``etc_zuul/zuul.conf``
+  and ``etc_zuul/main.yaml``
+* Gerrit Connection named "gerrit"
+* Zuul user for that connection
+* Git connection named "zuul-ci.org" for ``zuul-jobs`` standard library
+
+Initial tenant
+==============
+
+* Zuul is (always) multi-tenant
+* Example config contains a tenant called ``example-tenant``
+* Three projects in the ``example-tenant`` tenant:
+  ``zuul-config``, ``test1``, ``test2``
+* Three projects are also in gerrit ready to use
+
+zuul.conf
+=========
+
+::
+
+  [gearman]
+  server=scheduler
+
+  [gearman_server]
+  start=true
+
+  [zookeeper]
+  hosts=zk
+
+  [scheduler]
+  tenant_config=/etc/zuul/main.yaml
+
+  [web]
+  listen_address=0.0.0.0
+
+  [executor]
+  private_key_file=/var/ssh/nodepool
+  default_username=root
+
+zuul.conf part 2
+================
+
+::
+
+  [connection "gerrit"]
+  name=gerrit
+  driver=gerrit
+  server=gerrit
+  sshkey=/var/ssh/zuul
+  user=zuul
+  password=secret
+  baseurl=http://gerrit:8080
+  auth_type=basic
+
+  [connection "zuul-ci.org"]
+  name=zuul-ci
+  driver=git
+  baseurl=https://git.zuul-ci.org/
+
+main.yaml
+=========
+
+::
+
+  - tenant:
+      name: example-tenant
+      source:
+        gerrit:
+          config-projects:
+            - zuul-config
+          untrusted-projects:
+            - test1
+            - test2
+        zuul-ci.org:
+          untrusted-projects:
+            - zuul-jobs:
+                include:
+                  - job
+
+Gerrit Account
+==============
+
+* Need a user account to interact with Gerrit
+* Gerrit is configured in dev mode - no passwords required
+* Visit http://localhost:8080
+* Click "Become"
+* Click "New Account"
+* Click "Register"
+* Enter Full Name
+* Click "Save Changes"
+* Enter username in Username field (match your local laptop user)
+* Copy ``~/.ssh/id_rsa.pub`` contents into SSH Key field
+* Click Continue
+
+Config Repo
+===========
+
+* ``zuul-config`` is a trusted ``config-repo``
+* Security and functionality of system depend on this repo
+* Limit its contents to minimum required
+
+Config Files vs. Directories
+============================
+
+* Zuul reads config from:
+  ``.zuul.yaml``, ``zuul.yaml``, ``zuul.d`` or ``.zuul.d``
+* For projects with substantial zuul config, like ``zuul-config``
+  ``zuul.d`` directory is likely best.
+* The directories are read run-parts style.
+* Recommended practice is splitting by type of object
+
+Setting up Gating
+=================
+
+* We want to have changes to ``zuul-config`` be gated
+* We need to define pipelines: ``check`` and ``gate``
+* Need to attach ``zuul-config`` to them
+* Start with builtin ``noop`` job (always return success)
+* Use regex to attach all projects to ``check`` and ``gate``
+
+Pipeline Definitions
+====================
+
+* Zuul has no built-in workflow definitions, let's add ``check`` and ``gate``
+
+check pipeline
+==============
+
+::
+
+  - pipeline:
+      name: check
+      description: |
+        Newly uploaded patchsets enter this pipeline to receive an
+        initial +/-1 Verified vote.
+      manager: independent
+      require:
+        gerrit:
+          open: True
+          current-patchset: True
+      trigger:
+        gerrit:
+          - event: patchset-created
+          - event: change-restored
+      success:
+        gerrit:
+          Verified: 1
+      failure:
+        gerrit:
+          Verified: -1
+
+gate pipeline
+=============
+
+:: 
+    - pipeline:
+        name: gate
+        description: |
+          Changes that have been approved are enqueued in order in this
+          pipeline, and if they pass tests, will be merged.
+        manager: dependent
+        post-review: True
+        require:
+          gerrit:
+            open: True
+            current-patchset: True
+            approval:
+              - Workflow: 1
+        trigger:
+          gerrit:
+            - event: comment-added
+              approval:
+                - Workflow: 1
+        start:
+          gerrit:
+            Verified: 0
+        success:
+          gerrit:
+            Verified: 2
+            submit: true
+        failure:
+          gerrit:
+            Verified: -2
+
+Add the pipeline definitions
+============================
+
+.. code-block:: bash
+
+  git clone http://localhost:8080/zuul-config
+  cd zuul-config
+  mkdir zuul.d
+  cp ../examples/zuul-config/zuul.d/pipelines.yaml .
+
+Shared Project Pipeline Definition
+==================================
+
+In ``examples/zuul-config/zuul.d/projects.yaml``
+
+.. code-block:: yaml
+
+  - project:
+      name: ^.*$
+      check:
+        jobs: []
+      gate:
+        jobs: []
+
+  - project:
+      name: zuul-config
+      check:
+        jobs:
+          - noop
+      gate:
+        jobs:
+          - noop
+
+Attach the projects to the pipelines
+====================================
+
+.. code-block:: bash
+
+  cp ../examples/zuul-config/zuul.d/projects.yaml .
+
+Commit the changes and push up for review
+=========================================
+
+.. code-block:: bash
+
+   git add zuul.d
+   git commit
+   git review
+
+Force merging bootstrap config
+==============================
+
+* Zuul is running with no config, so it won't do anything
+* For this change (and this change only) we will bypass gating
+
+Reviewing normally
+==================
+
+* visit http://localhost:8080/#/c/zuul-config/+/1001/
+* click reply
+* vote +2 Code Review +1 Approved
+
+Verified +2 is Missing
+======================
+
+Verified +2 is what we have zuul configured to do.
+
+::
+        success:
+          gerrit:
+            Verified: 2
+            submit: true
+
+
+Bypassing Gating
+================
+
+* visit http://localhost:8080/
+* click 'switch account'
+* click 'admin'
+* visit http://localhost:8080/#/c/zuul-config/+/1001/
+* click reply
+* vote +2 Verified (normal users do not see this)
+* click submit (normal users do not see this)
+* click 'switch account'
+* click your username
+
+Base Job
+========
+
+* Every Zuul installation must define a ``base`` job
+* Push git repos to build node
+* Publish logs/artifacts
+* Any local specific setup
+* Goes in config repo - because it impacts EVERY job
+
+Add Base Job to zuul-config
+===========================
+
+::
+
+  cp ../examples/zuul-config/zuul.d/jobs.yaml .
+  git add jobs.yaml
+  git commit
+  git review
+
+Then go to http://localhost:8080/#/c/zuul-config/+/1002/ and approve it
+
+Zuul should merge the patch
+===========================
+
+zuul-config is configured to use the ``noop`` job
+
+Zuul tests syntax automatically
+===============================
+
+* Edit jobs.yaml
+* Change ``parent: null`` to ``parent: broken``
+* git commit ; git review
+* Check out the review in gerrit ... there should be errors!
+
+Presentty
+=========
+.. hidetitle::
+.. transition:: pan
+.. figlet:: Presentty
+
+* Console presentations written in reStructuredText
+* Cross-fade, pan, tilt, cut transitions
+* https://pypi.python.org/pypi/presentty