Tuesday, 2019-08-06

*** sthussey has quit IRC		00:01
*** nishantkr has quit IRC		00:21
*** kskels has quit IRC		01:05
*** Kuirong has joined #airshipit		01:27
*** altlogbot_0 has quit IRC		01:37
*** altlogbot_0 has joined #airshipit		01:37
openstackgerrit	PRATEEK REDDY DODDA proposed airship/porthole master: Chart/Dockerfile for Openstack Utility Container Added Support for rbac https://review.opendev.org/674670	02:07
arunx	mattmceuen: I destroyed the 1804 VM. Created a new VM with 1604, and tried latest clone of the airship project and scripts to try Airship-in-a-bottle.	02:12
arunx	mattmceuen: I still status of the containers, https://justpaste.it/2isuz . I still see one went to error, other 2 containers restarted 100+ times means something wrong	02:15
arunx	mattmceuen: Here is the postgresql-0 container log, https://justpaste.it/3omqt	02:18
arunx	mattmceuen: additional logs from the shell (from script airship-in-a-bottle.sh), https://justpaste.it/2o23g	02:32
openstackgerrit	PRATEEK REDDY DODDA proposed airship/porthole master: Chart/Dockerfile for Openstack Utility Container Added Support for rbac https://review.opendev.org/674670	02:37
openstackgerrit	PRATEEK REDDY DODDA proposed airship/porthole master: Chart/Dockerfile for Openstack Utility Container Added Support for rbac https://review.opendev.org/674670	02:40
*** AlexNoskov has quit IRC		03:19
*** GoldenBear_ has joined #airshipit		03:22
*** GoldenBear has quit IRC		03:22
*** cheng1 has quit IRC		04:04
*** jhesketh has joined #airshipit		04:54
*** seaneagan has quit IRC		05:03
*** gkadam_ has joined #airshipit		05:54
*** gkadam_ has quit IRC		05:54
*** gkadam has quit IRC		05:56
openstackgerrit	Andreas Jaeger proposed airship/kubernetes-entrypoint master: Add .gitreview file https://review.opendev.org/674734	06:24
openstackgerrit	Andreas Jaeger proposed airship/kubernetes-entrypoint master: Remove binary file kubernetes-entrypoint https://review.opendev.org/674735	06:25
openstackgerrit	Andreas Jaeger proposed airship/kubernetes-entrypoint master: Add noop-jobs to be able to merge changes https://review.opendev.org/674736	06:30
*** LoicL35 has joined #airshipit		07:02
*** rezroo has quit IRC		07:34
*** pgaxatte has joined #airshipit		07:38
*** avolkov has joined #airshipit		08:16
*** dr_feelgood has joined #airshipit		09:11
*** dr_feelgood has quit IRC		10:07
*** dr_feelgood has joined #airshipit		10:09
*** pgaxatte has quit IRC		10:20
*** dr_feelgood has quit IRC		10:21
*** dr_feelgood has joined #airshipit		10:21
*** dr_feelgood has quit IRC		10:25
*** mbologna has quit IRC		10:39
*** mbologna has joined #airshipit		10:46
*** dr_feelgood has joined #airshipit		10:49
*** dr_feelgood has quit IRC		11:13
*** dr_feelgood has joined #airshipit		11:13
*** dr_feelgood has quit IRC		11:14
*** dr_feelgood has joined #airshipit		11:15
*** dr_feelgood has quit IRC		12:01
*** dr_feelgood has joined #airshipit		12:02
*** pgaxatte has joined #airshipit		12:06
*** dr_feelgood has quit IRC		12:07
*** henriqueof has joined #airshipit		12:11
*** dr_feelgood has joined #airshipit		12:15
*** bh526r has joined #airshipit		12:35
*** marianito has joined #airshipit		12:48
openstackgerrit	Alexander Hughes proposed airship/pegleg master: Support regenerating PKI https://review.opendev.org/671337	12:49
openstackgerrit	Jagan Mohan Kavva proposed airship/airship-in-a-bottle master: [WIP] Adding utility conatiners to airship-in-a-bottle https://review.opendev.org/674626	12:49
*** aaronsheffield has joined #airshipit		12:56
*** alexanderhughes has joined #airshipit		12:59
openstackgerrit	Luna Das proposed airship/porthole master: Chart/Dockerfile for Openstack Utility Container Added Support for rbac. https://review.opendev.org/674670	13:04
openstackgerrit	Luna Das proposed airship/porthole master: Add Tracking User Identity in openstack utility container logs https://review.opendev.org/674808	13:04
evrardjp	hey	13:05
alexanderhughes	good morning all! meeting is in an hour, agenda etherpad is up -- https://etherpad.openstack.org/p/airship-meeting-2019-08-06	13:06
*** dr_feelgood has quit IRC		13:09
*** dr_feelgood has joined #airshipit		13:09
alexanderhughes	also for those new to the community we have a design call going on now, https://attcorp.webex.com/meet/rp2723 you can to the email lists where a lot of the call invites are sent out here http://lists.airshipit.org/	13:11
alexanderhughes	subscribe to^	13:11
*** nishantkr has joined #airshipit		13:11
openstackgerrit	Alexander Hughes proposed airship/pegleg master: Update airship dependencies in Pegleg reqs https://review.opendev.org/673899	13:17
openstackgerrit	Alexander Hughes proposed airship/pegleg master: Fix: Allow Pegleg to generate unencrypted bundle https://review.opendev.org/673904	13:17
openstackgerrit	Luna Das proposed airship/porthole master: Add Tracking User Identity in openstack utility container logs https://review.opendev.org/674808	13:18
openstackgerrit	Anthony Bellino proposed airship/promenade master: Run haproxy-anchor and haproxy pod with the nobody user (65534) https://review.opendev.org/657879	13:34
*** ab2434_ has joined #airshipit		13:36
*** dr_feelgood has quit IRC		13:39
*** dr_feelgood has joined #airshipit		13:40
*** rezroo has joined #airshipit		13:41
*** dr_feelgood has quit IRC		13:42
*** dr_feelgood has joined #airshipit		13:43
openstackgerrit	Svetlana Shturm proposed airship/pegleg master: Add support domain-scoped token for CLI https://review.opendev.org/674175	13:45
*** lemko has joined #airshipit		13:48
mattmceuen	Agenda for our meeting in 12min: please add anything else you'd like to discuss today, folks: https://etherpad.openstack.org/p/airship-meeting-2019-08-06	13:48
*** dr_feelgood has quit IRC		13:51
*** DanCrank has joined #airshipit		13:55
mattmceuen	#startmeeting airship	14:00
openstack	Meeting started Tue Aug 6 14:00:04 2019 UTC and is due to finish in 60 minutes. The chair is mattmceuen. Information about MeetBot at http://wiki.debian.org/MeetBot.	14:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	14:00
*** openstack changes topic to " (Meeting topic: airship)"		14:00
openstack	The meeting name has been set to 'airship'	14:00
mattmceuen	#topic Rollcall	14:00
*** openstack changes topic to "Rollcall (Meeting topic: airship)"		14:00
alexanderhughes	o/	14:00
mattmceuen	Hey everyone, GM / GE!	14:00
howell	o/	14:00
nishantkr	o/	14:00
mattmceuen	Agenda: https://etherpad.openstack.org/p/airship-meeting-2019-08-06	14:00
evgenyl	Hi everyone!	14:00
mattmceuen	please add any discussion topics for today to this^	14:00
mattmceuen	o/ all	14:00
mattmceuen	we'll give it a min for folks go get their laptops warmed up	14:00
jamesgu	o/	14:00
evrardjp	o/	14:01
dwalt	o/	14:01
openstackgerrit	Marjorie Middleton proposed airship/porthole master: Initial Commit of compute-utility container code compute-utility pod permits access to functionality of several compute pods. https://review.opendev.org/674695	14:02
*** arunkant has joined #airshipit		14:02
mattmceuen	ok, let's get started:	14:02
mattmceuen	#topic Update Eavesdrop to include links to other Airship meetings?	14:02
*** openstack changes topic to "Update Eavesdrop to include links to other Airship meetings? (Meeting topic: airship)"		14:02
mattmceuen	go for it alex	14:02
alexanderhughes	hi, we've got a large number of meetings and it seems we keep adding more. it's great that people are interested in various aspects of airship design - I was just wondering especially for new users that haven't subscribed to the mailing lists they're missing out on some opportunities to join our discussions	14:03
alexanderhughes	can we add these meetings to eavesdrop? we have 5 a week now that I know of	14:04
*** rdharwadkar has joined #airshipit		14:04
mattmceuen	we have been adding them to the wiki, but you're right, not evesdrop: https://wiki.openstack.org/wiki/Airship	14:04
mattmceuen	I think it makes sense to add them	14:04
*** pramchan62 has joined #airshipit		14:04
alexanderhughes	and for the new users those email lists I mention above can be found at #link lists.airshipit.org	14:04
*** AJaeger has joined #airshipit		14:05
mattmceuen	if we add new meetings, would they show up under the existing Airship header?	14:05
mattmceuen	or would Airship end up with five list items on an already-crowded list	14:05
evrardjp	I would prefer eavesdrop, because ics generation is neat :)	14:06
mattmceuen	++	14:06
alexanderhughes	can we rename airship team meeting -> Airship community meetingS and then add each in our section?	14:06
evrardjp	alexanderhughes: yeah, It's possible to have multiple meetings	14:07
*** roman_g has joined #airshipit		14:07
evrardjp	I mean	14:07
roman_g	o/	14:07
evrardjp	because it's possible to add multiple meetings, it would be clearer to have each of them named appropriately :)	14:07
alexanderhughes	just thinking about organization in the summary list where our link is. having 5 meetings seems overkill, but if you can click on our link then browse our short section it's a good balance in my mind	14:07
evrardjp	Just pointing to eavesdrop?	14:08
mattmceuen	It looks like you might not get much differentiation between what the different time slots under a "header" are for	14:08
evrardjp	Or adding all the meetings into one ics	14:08
mattmceuen	I.e., I see Auto-scaling SIG Meeting has two different invites, but I don't see that you can differentiate between different topics (SIG-X, SIG-Y) for them?	14:09
evrardjp	I think it's fine to have multiple meetings, because not everybody care about everything	14:09
alexanderhughes	ah I see. yeah maybe we need 5 separate entries	14:09
evrardjp	mattmceuen: because that's the same meeting different timezones	14:09
mattmceuen	Let's start with that since it's good for us, and if it's frowned upon, we should find out in code review :)	14:09
evrardjp	for different meetings see for example the OpenStack TC, which has meetings and office hours	14:09
mattmceuen	evrardjp advanced technology!!	14:09
mattmceuen	what will they think of next	14:10
evrardjp	mattmceuen: ics is so 21th century	14:10
*** dpawlik has quit IRC		14:10
mattmceuen	lol	14:10
alexanderhughes	lol	14:10
alexanderhughes	I'm happy with that, just want to make finding logs, calendar invites etc. easier for people in general to stay up to date with airship progress/news	14:10
mattmceuen	was just going to ask for volunteer :) that's a great idea alexanderhughes, thanks for bringing it up	14:10
evrardjp	alexanderhughes: I don't have Airship in my agenda because there is no eavesdrop link , so I rely on 20th century tech called human memory	14:11
evrardjp	very not reliable depending age of said tech	14:11
alexanderhughes	haha	14:11
mattmceuen	:D	14:11
mattmceuen	alright - I think we can move on to the next topic:	14:12
mattmceuen	#topic Airship WC election requirements	14:12
*** openstack changes topic to "Airship WC election requirements (Meeting topic: airship)"		14:12
mattmceuen	So in our ongoing working committee election process, we have hit a first-time-through bump	14:12
*** altlogbot_0 has quit IRC		14:12
evrardjp	it's not really a bump IMO :)	14:13
mattmceuen	A handful of folks who had nominated for the committee were admitted by the election officials, and post-hoc discovered not to be eligible per airship governance description of eligibility	14:13
*** altlogbot_0 has joined #airshipit		14:13
mattmceuen	So they have been withdrawn	14:13
* mattmceuen feels very bad - mea culpa 100%		14:13
evrardjp	mattmceuen: you shouldn't worry about that : )	14:14
mattmceuen	Really appreciate the nominations and hope all of these excellent gents nominates again in the future	14:14
evrardjp	I expect there is no hard feelings	14:14
mattmceuen	ty jp :)	14:14
evrardjp	everybody is doing their best, and as you can see, there is willingness to step up ;)	14:14
evrardjp	mattmceuen: yw :)	14:14
*** sthussey has joined #airshipit		14:15
mattmceuen	Yes, it's really awesome to see the community growth and community involvement	14:15
pramchan62	Any idea what requirements were difficult to meet?	14:15
mattmceuen	Yes - let's discuss	14:15
mattmceuen	So the TC requirements are different than the WC requirements	14:15
evrardjp	well tbh it's not the requirements that I would like to discuss	14:15
evrardjp	on that topic	14:15
evrardjp	it's to make sure it doesn't happen ? :)	14:15
evrardjp	again*	14:15
evrardjp	(implementing a job for validating, like it's done in openstack?)	14:16
pramchan62	ok	14:16
mattmceuen	TC candidates are broadly eligible based on contributions to the community. WC candidates are more narrowly eligible based on having gotten commits merged to a repo in the previous 12 months	14:16
evrardjp	(sorry to highjack this!)	14:16
mattmceuen	I think step 1 is to better understand the requirements, lol	14:16
evrardjp	on that I can blame myself for not reading appropriately	14:17
mattmceuen	Step 2 is to either automate them or have a rote process to validate them	14:17
mattmceuen	#same	14:17
*** jamesgu_ has joined #airshipit		14:17
pramchan62	Is zull pipeline setup for airship 2.0 modules yet?	14:17
pramchan62	Zuul	14:17
mattmceuen	evrardjp, are there any best practices you're aware of that could help with that?	14:18
*** obravo has joined #airshipit		14:18
mattmceuen	from the openstack community, which has been doing this for a while	14:18
evrardjp	yeah we do have jobs for that in the election repo -- I suggest to speak with current election officials on how the zuul jobs are set up	14:18
mattmceuen	we should be able to incorporate their functionality; our election repo was based on theirs, but with most of the automation turned off in the interest of time	14:19
evrardjp	you would have to do something special for the affiliation afaik, but that probably should be done after election results	14:19
mattmceuen	would be good to refine that for the next round	14:19
evrardjp	which is after candidacies	14:19
mattmceuen	cool	14:19
evrardjp	mattmceuen: yup. To make things simpler, having only one set of requirements would be easier too	14:20
evrardjp	for the test jobs I mean	14:20
*** AlexNoskov has joined #airshipit		14:20
mattmceuen	pramchan62: the first module targeted for 2.0 (airshipctl) has zuul gating set up; we'll keep adding gates as we keep adding modules	14:21
*** kskels has joined #airshipit		14:21
mattmceuen	I think that'll be a good thing to retrospect on - the TC can adjust the requirements if we propose reasonable changes	14:21
*** spilla has joined #airshipit		14:22
alexanderhughes	agreed, I can add this as an action item to the TC agenda. I'd like to take a second look at the WC requirements for next election cycle	14:22
jamesgu	++	14:22
mattmceuen	alright, anything else on this topic?	14:23
mattmceuen	we'll be kicking off the voting later today	14:23
alexanderhughes	just a heartfelt apology to those that ran and were disqualified after their nominations were merged, and thanks for your understanding with our stumbles. we'll get better over time	14:24
mattmceuen	++	14:24
mattmceuen	Ok! next topic:	14:24
mattmceuen	#topic Aligning airskiff to sloop type has presented challenges	14:24
*** openstack changes topic to "Aligning airskiff to sloop type has presented challenges (Meeting topic: airship)"		14:24
mattmceuen	So jamesgu has been working on some manifest alignment	14:25
mattmceuen	between sloop and airskiff	14:25
mattmceuen	one of the goals of this is to make it easy(er) to have airskiff sites that are customized, e.g. for opensuse images	14:26
mattmceuen	I think we've exhausted the wiggleroom in our three-layer (global, type, site) hierarchy in trying to get all of this aligned. Challenges include:	14:26
jamesgu	yes, the challenge is that we only allow one shot at replacement in armada manifest, airskiff has to duplicate the abstract charts, certs, etc in airskiff site. Now we are going to make it worse with airskiff-*	14:27
mattmceuen	airskiff doesn't need kubernetes widgets (e.g. etcd), but has to override them in its list of "unused" charts. To me it feels like cauterizing abstract documents we don't want anyway. These docs would need to be duplicated across airskiff-X and airskiff-Y	14:27
jamesgu	sorry crossed msgs	14:28
jamesgu	mattmceuen: I added option b in the agenda	14:28
mattmceuen	yeah, one-shot replacement makes sense in some contexts, but jamesgu ran into wanting to replace the full-site manifest that was already replaced at the type level	14:28
mattmceuen	no worries :D	14:28
mattmceuen	I'll paste the ideas in here as well:	14:29
mattmceuen	option a:Make a "skiff" a type?	14:29
mattmceuen	option b: remove the full-site and cluster-bootstrap manifest from sloop type (means airsloop will add its own full site and bootstrap yaml as its own armada manifest)	14:29
kskels	maybe we need to talk about it more - but there are ways to workaround it by creating charts/chart-groups with different names	14:29
kskels	even for full-site - in shipyard it's possible to specify which full-site manifest to run	14:29
kskels	also, I think we should make replacement somehow multi-level.. wonder if that is possible	14:30
openstackgerrit	Luna Das proposed airship/porthole master: Add Tracking User Identity in openstack utility container logs https://review.opendev.org/674808	14:30
dwalt	So if we add a skiff type, we still have to override unused documents. Are there other benefits to doing so?	14:30
jamesgu	kskels: agree that replacement should be multi level.	14:30
*** michael-beaver has joined #airshipit		14:30
mattmceuen	the idea there dwalt is that at least we'd only be overriding them once at the type level, and airskiff-X becomes easy	14:31
dwalt	The idea behind using sloop for Airskiff was only that it reduced the replica count and reduced the total number of Airskiff-specific documents slightly	14:31
jamesgu	the issue is the sloop site manifest full-site and cluster-bootstrap... both of which incudes the k8s charts for example	14:31
kskels	yes - but can't we just choose different name for them	14:31
mattmceuen	kskels: agree that specifying a different manifest document is a tool in our toolbox as well	14:32
kskels	and do armada apply `full-site-airskiff`?	14:32
openstackgerrit	Luna Das proposed airship/porthole master: Add Tracking User Identity in openstack utility container logs https://review.opendev.org/674808	14:32
mattmceuen	I think that solves for one challenge (one-shot replacement, at least for that doc)	14:32
jamesgu	yes we are using different names, but the full-site and bootstrap from sloop are included nonetheless in the generated site and armada tries to valdiate them	14:32
kskels	ah.. got it..	14:33
kskels	usually though extra files wouldn't matter	14:33
mattmceuen	kskels: `full-site-airskiff` doesn't solve for cauterizing unused abstract documents though, right	14:33
kskels	as long as they are not having errors	14:33
jamesgu	so that could be an armada validation bug or design ;-)	14:33
mattmceuen	It's intentional	14:33
mattmceuen	As is one-shot replacement	14:34
kskels	hm.. I didn't know one-shot replacement was intential	14:34
openstackgerrit	Luna Das proposed airship/porthole master: Add Tracking User Identity in openstack utility container logs https://review.opendev.org/674808	14:34
kskels	replacement anyway is kind a "inheritance" or overlay	14:34
mattmceuen	Although I could be convinced that value trade-off isn't worth it	14:34
jamesgu	a simpler solution (since this will change in 2.0) is to remove the full-site and boostrap armada manifest in the sloop type and let airsloop and airskiff to define their own	14:34
openstackgerrit	Merged airship/pegleg master: Add support domain-scoped token for CLI https://review.opendev.org/674175	14:35
kskels	to simply fix this we could just move the sloop/full-site to site/airsloop/	14:35
kskels	and then each site will automatically require to define their own	14:35
jamesgu	kskels: texactly, hat's the option b proposal	14:35
mattmceuen	sounds like you guys are thinking along the same lines	14:36
dwalt	That makes sense to me	14:36
*** KeithMnemonic has joined #airshipit		14:36
kskels	yeah - but then hope it's not the same for all other files in `sloop`..	14:36
mattmceuen	Just to confirm: validation won't barf if there are uncauterized abstract documents, as long as they are not pulled in from a manifest file?	14:36
jamesgu	if mattmceuen likes it too we have a deal :-)	14:36
kskels	which in that case would be better to do your own airskiff	14:36
jamesgu	I tested it for airskiff, it seems to be happy, not tested airsloop yet	14:37
mattmceuen	jamesgu: if it work well, let's do it - if not, I would suggest skiff type as a plan B	14:37
jamesgu	sounds good!	14:37
kskels	sounds good!	14:37
mattmceuen	kskels: do you know whether anyone is actively basing out-of-tree sites off of sloop type?	14:37
mattmceuen	I know there were some ericsson folks who had used sloop, but I didn't know if they were pointing sites back at treasuremap or not	14:38
kskels	good question.. though due to our tags `v1.3` and all - I think it would be acceptable even if they do..	14:38
mattmceuen	agree	14:38
mattmceuen	ok	14:38
mattmceuen	I think we have a plan - any other discussion before moving on?	14:39
jamesgu	no, thanks all	14:39
mattmceuen	#topic How to build kubernetes-entrypoint	14:39
*** openstack changes topic to "How to build kubernetes-entrypoint (Meeting topic: airship)"		14:39
mattmceuen	ok - this is my plea for help	14:39
mattmceuen	as discussed last week I think, k8s-entrypoint project has migrated to airship: https://opendev.org/airship/kubernetes-entrypoint	14:39
mattmceuen	still getting it set up	14:40
mattmceuen	but one thing that confuses me -- the stackanetes project builds a container and pushes it to quay with every merge	14:40
mattmceuen	but for the life of me I can't find either a dockerfile or a CI job	14:40
howell	do we have contact info for anyone from the stackanetes team?	14:40
howell	I assume we don	14:40
howell	don't want to move the image	14:40
mattmceuen	alanmeadows and portdirect been chatting with those guys and could ask I'm sure	14:41
mattmceuen	looks like we don't have seaneagan here - he might know	14:41
howell	I'll contact him	14:41
mattmceuen	I think we do want to start hosting the image in the normal airship registry namespace; it's currently getting pushed to a stackanetes namespaced location	14:42
howell	but beyond that, I don't see anything in that repo that could create the image nor push it to quay.io	14:42
alanmeadows	^ yes	14:42
portdirect	its build in quay.ios build system	14:42
portdirect	built rather	14:42
portdirect	we should just create our own	14:42
alanmeadows	with regard to us wanting to push the image into an airship quay namespace	14:42
howell	if we're pushing it to a new location, what's to stop us from just writing our own?	14:42
mattmceuen	ok	14:43
howell	ah, portdirect beat me to it	14:43
portdirect	I'll also get some basic ci pushed up today	14:43
mattmceuen	awesome - ty portdirect	14:43
portdirect	np - though i stress the word 'basic' :D	14:43
evrardjp	portdirect: have a look at zuul's buildset registry if you can	14:43
evrardjp	haha	14:43
evrardjp	I see	14:43
evrardjp	:)	14:43
mattmceuen	alright, let's keep moving, few items left:	14:44
mattmceuen	#topic Base image vulnerabilities	14:44
*** openstack changes topic to "Base image vulnerabilities (Meeting topic: airship)"		14:44
mattmceuen	alexanderhughes go for it	14:44
openstackgerrit	PRATEEK REDDY DODDA proposed airship/porthole master: Chart/Dockerfile for Openstack Utility Container Added Support for rbac https://review.opendev.org/674670	14:45
alexanderhughes	a while back we had a discussion about reducing image vulnerabilities in pegleg and spyglass by migrating to ubuntu:xenial instead of python:3.6 - this improved, but across airship we're still sitting around 15 medium vulnerabilities per image some with as many as 200 total vulnerabilites (lows, etc. included)	14:45
alexanderhughes	since most of these vulnerabilities are from the base image, does it make sense for us to build our own minimal base image to use for each project?	14:45
*** arunkant has quit IRC		14:46
alexanderhughes	or do we want to just wait on updates to the official ubuntu images?	14:46
mattmceuen	my 2c is the latter. Operators/vendors are likely using their own base images anyway	14:46
evrardjp	I would wait for updates, because it's building tech debt which we might be less good to track of	14:47
*** arunkant has joined #airshipit		14:47
mattmceuen	So probably makes sense to rely on canonical to do their own work on that	14:47
mattmceuen	++	14:47
evrardjp	but is that a big deal though?	14:47
evrardjp	sorry to ask that question, but I expected that everyone would build their own images with their own infra	14:47
evrardjp	I didn't expect to say "the official airship images published on opendev are secure"	14:48
evrardjp	liability and stuff :)	14:48
alexanderhughes	we already support overriding the dokcerfiles with the FROM argument so if people want things more secure than we offer they can accomplish that. I've just been involved in a lot of vulnerability talks lately and want to make sure we're making a reasonable effort at securing what we offer	14:48
evrardjp	while we should do the best, people should be aware of things :)	14:48
roman_g	+2 to evrardjp	14:49
openstackgerrit	Merged airship/pegleg master: Fix: Allow Pegleg to generate unencrypted bundle https://review.opendev.org/673904	14:49
portdirect	evrardjp: +2 to 'but I expected that everyone would build their own images with their own infra'	14:49
evrardjp	alexanderhughes: I think we all agree, it's just about making the message crystal clear :)	14:49
portdirect	but at the same time, we want to make that easy	14:49
evrardjp	portdirect: agreed :)	14:49
mattmceuen	cool - I think we're aligned. good with that plan alexanderhughes?	14:50
alexanderhughes	yes	14:50
mattmceuen	alright, moving on:	14:51
mattmceuen	#topic Question re. single rabbitmq cluster PS	14:51
*** openstack changes topic to "Question re. single rabbitmq cluster PS (Meeting topic: airship)"		14:51
mattmceuen	all yours evrardjp	14:51
jamesgu	that was me... this is just an initial inquiry re. the "recent" change to a single rabbitmq cluster. we are evaluating what it means for scaling. Do we still have the flexibility / choice in place to allow seperate rabbiqmq cluster when the cloud scales up?	14:51
mattmceuen	oop	14:51
mattmceuen	s	14:51
mattmceuen	purples all look the same in etherpad :)	14:51
jamesgu	yep :-)	14:51
mattmceuen	jamesgu: yes, absolutely still have that flexibility	14:52
evrardjp	mattmceuen: I was following that up too, so that's fine :)	14:52
mattmceuen	the choice to go down to one cluster was driven by rabbitmq clustering issues. every time the cluster starts up, you're rolling the dice on getting an issue in the clustering	14:53
mattmceuen	the more clusters, the more opportunities for clustering issues	14:53
mattmceuen	my understanding is that this is resolved in an upcoming version of rabbitmq	14:53
evrardjp	that doesn't sound like an answer I will accept easily :)	14:53
mattmceuen	portdirect can supply all kinds of hideous details	14:54
jamesgu	what would it take for a smaller openstck cloud on a single cluster to scale up and have multiple rabbit clusters? It is no longer simple replicas # adjustment anymore, right?	14:54
evrardjp	mattmceuen: I would say.. "assuming deploy of rabbitmq is fine", what would you do?	14:54
evrardjp	valid question of jamesgu on how to scale	14:54
evrardjp	(the question I asked was, ofc, for large clusters)	14:55
evrardjp	small clusters are just fine with minimum things	14:55
mattmceuen	jamesgu: we can definitely still follow the same setup as before with multiple rabbit clusters	14:55
evrardjp	mattmceuen: so the option is not removed, merely the default changes?	14:56
mattmceuen	correct	14:56
evrardjp	that's fine for me then :)	14:56
pramchan62	+1	14:56
evrardjp	docs have been provided?	14:56
mattmceuen	the "reference archiecture" was changed, for now at least	14:56
evrardjp	(I know I am annoying)	14:56
mattmceuen	depends how much you enjoy reading yaml, evrardjp	14:56
jamesgu	but no gate or treasuremap will use the multi cluster approach more... concern is over the time it will become less (unofficial) supported	14:56
evrardjp	mattmceuen: that's not docs	14:56
evrardjp	json is for machine	14:57
mattmceuen	docs-as-code	14:57
* mattmceuen note: I am being annoying on purpose		14:57
evrardjp	mattmceuen: weirdly loves that :)	14:57
mattmceuen	yes, this is a very documentable thing	14:57
evrardjp	I mean I weirdly like that*	14:57
mattmceuen	as well as - getting documented when we can our more dependable clustering	14:57
evrardjp	mattmceuen: +1 on that then!	14:57
mattmceuen	#action mattmceuen to document our rabbitmq disposition	14:58
mattmceuen	just a couple mins left --	14:58
mattmceuen	#topic First TC meeting scheduled for 08-Aug-2019 at 9am CST	14:58
*** openstack changes topic to "First TC meeting scheduled for 08-Aug-2019 at 9am CST (Meeting topic: airship)"		14:58
mattmceuen	last topic!	14:58
evrardjp	(it's important to clarify why we did this, what's the plan, and what can ppl do if they don't like the current state)	14:58
mattmceuen	++	14:58
alexanderhughes	just an announcement really, connection details are here https://wiki.openstack.org/wiki/Airship/Airship-TC	14:58
jamesgu	++	14:58
mattmceuen	that's great - thanks alexanderhughes	14:59
alexanderhughes	Ryan wants to reserve last few minutes for community questions, call will be recorded and we'll share it and minutes as soon as we're able	14:59
pramchan62	Is it open to all are only TC members meet?	14:59
alexanderhughes	open to all for last few minutes, anyone can listen to the whole duration	14:59
pramchan62	OK	14:59
mattmceuen	awesome	14:59
mattmceuen	great meeting - thanks everyone, & have a great week	15:00
kskels	hey quick one	15:00
alexanderhughes	reviews pls	15:00
alexanderhughes	^	15:00
kskels	this one https://review.opendev.org/#/c/659369/	15:00
mattmceuen	ah shoot	15:00
kskels	broke the integration gates yesterday night	15:00
kskels	if folks can take a look.. and maybe notify on these rather impacting changes..	15:00
mattmceuen	#topic requests for review	15:00
*** openstack changes topic to "requests for review (Meeting topic: airship)"		15:00
mattmceuen	https://review.opendev.org/#/c/671337/ - Pegleg certificate generation enhancements/fixes	15:00
mattmceuen	https://review.opendev.org/#/c/673899/ - Pegleg dependency updates	15:00
mattmceuen	https://review.opendev.org/#/c/673904/ - Pegleg bugfix to allow unencrypted Genesis bundle (as supported by Promenade)	15:00
mattmceuen	https://review.opendev.org/#/c/671575/ - Shipyard	15:00
mattmceuen	Thanks for the reminder Kaspars :)	15:01
mattmceuen	eyeballs on these guys please^ plus kskels' https://review.opendev.org/#/c/659369/	15:01
mattmceuen	thanks all	15:01
mattmceuen	#endmeeting	15:01
*** cheng1 has joined #airshipit		15:01
*** openstack changes topic to "airshipit.org \|\| General Review Dashboard: https://review.opendev.org/#/q/project:%255Eairship.*+status:open,n,z"		15:01
openstack	Meeting ended Tue Aug 6 15:01:44 2019 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	15:01
openstack	Minutes: http://eavesdrop.openstack.org/meetings/airship/2019/airship.2019-08-06-14.00.html	15:01
alexanderhughes	thanks all	15:01
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/airship/2019/airship.2019-08-06-14.00.txt	15:01
openstack	Log: http://eavesdrop.openstack.org/meetings/airship/2019/airship.2019-08-06-14.00.log.html	15:01
*** rdharwadkar has left #airshipit		15:03
AJaeger	alexanderhughes: regarding https://review.opendev.org/674734, .git is just fine - that's what we our CI pushes into new empty repos, see https://opendev.org/vexxhost/openstack-monitoring/commit/e101f4a97a7494427c459241263b5c02e570eeb7 - so I disagree with your -1 and ask you to reconsider	15:04
sthussey	They are synonymous within the git standard	15:06
alexanderhughes	sure. just browsed the other airship projects quickly and noticed they all omitted the .git extension in their .gitreview files. so really should have been a nit. amending review now :)	15:07
AJaeger	alexanderhughes: all? I checked - half has .git ;)	15:08
AJaeger	alexanderhughes: you hit the other half by accident :)	15:08
AJaeger	thanks!	15:08
alexanderhughes	hahaha	15:08
AJaeger	alexanderhughes: just three examples: airshipctl, tempest-plugin, treasuremap	15:09
AJaeger	both work ;)	15:09
openstackgerrit	Luna Das proposed airship/promenade master: Add custom apparmor profile for kubernetes-proxy https://review.opendev.org/647749	15:10
alexanderhughes	that's funny. I checked pegleg spyglass and armada they all use the other one	15:10
AJaeger	no worries	15:11
*** pgaxatte has quit IRC		15:15
*** seaneagan has joined #airshipit		15:24
openstackgerrit	Dan Crank proposed airship/promenade master: [WIP] Fixes/updates for webhook-apiserver https://review.opendev.org/665761	15:27
*** AJaeger has left #airshipit		15:29
*** pramchan62 has quit IRC		16:06
openstackgerrit	Marjorie Middleton proposed airship/porthole master: Initial commit of compute-utility container. https://review.opendev.org/674695	16:18
openstackgerrit	Merged airship/kubernetes-entrypoint master: Add noop-jobs to be able to merge changes https://review.opendev.org/674736	16:43
openstackgerrit	Merged airship/kubernetes-entrypoint master: Add .gitreview file https://review.opendev.org/674734	16:49
openstackgerrit	Andreas Jaeger proposed airship/porthole master: Add .gitreview https://review.opendev.org/674873	16:49
openstackgerrit	Merged airship/kubernetes-entrypoint master: Remove binary file kubernetes-entrypoint https://review.opendev.org/674735	16:50
openstackgerrit	Andreas Jaeger proposed airship/porthole master: Add noop-jobs https://review.opendev.org/674874	16:50
*** AJaeger has joined #airshipit		16:50
AJaeger	mattmceuen: https://review.opendev.org/674874 and https://review.opendev.org/674873 set up porthole - if you want to take them this way...	17:02
*** bh526r has quit IRC		17:05
mattmceuen	thanks AJaeger! That'll get us started - we can add testing after this	17:07
AJaeger	or add testing now and I abandon the noop-jobs change...	17:09
openstackgerrit	Trung Thai proposed airship/porthole master: Chart and Docker files for MySql Client Utility container. https://review.opendev.org/674881	17:10
openstackgerrit	Alexander Hughes proposed airship/pegleg master: Support regenerating PKI https://review.opendev.org/671337	17:15
*** arunkant51 has joined #airshipit		17:16
*** arunkant51 has quit IRC		17:17
*** arunkant14 has joined #airshipit		17:23
*** arunkant14 has quit IRC		17:23
*** marianito has left #airshipit		17:25
openstackgerrit	Ian Howell proposed airship/kubernetes-entrypoint master: [WIP] Move to go modules https://review.opendev.org/674888	17:42
openstackgerrit	Alexander Noskov proposed airship/airship-in-a-bottle master: Update k8s, helm, coredns, promenade docker images https://review.opendev.org/674890	17:52
openstackgerrit	Trung Thai proposed airship/porthole master: The setup script automates the setup of user profile to connect to a K8S cluster remotely. https://review.opendev.org/674892	17:53
openstackgerrit	Alexander Noskov proposed airship/airship-in-a-bottle master: Update k8s, helm, coredns, promenade docker images https://review.opendev.org/674890	17:59
*** obravo has quit IRC		18:01
openstackgerrit	Kaspars Skels proposed airship/treasuremap master: Uplift helm/tiller to 1.14.1 https://review.opendev.org/674897	18:02
openstackgerrit	Kaspars Skels proposed airship/treasuremap master: Uplift helm/tiller to 2.14.1 https://review.opendev.org/674897	18:12
openstackgerrit	Trung Thai proposed airship/porthole master: Chart and Docker files for MySql Client Utility container. https://review.opendev.org/674881	18:12
openstackgerrit	Alexander Noskov proposed airship/airship-in-a-bottle master: Update k8s, helm, coredns, promenade docker images https://review.opendev.org/674890	18:16
alexanderhughes	can I get a review on https://review.opendev.org/#/c/671337/ please?	18:18
openstackgerrit	Luna Das proposed airship/porthole master: Add Tracking User Identity in openstack utility container logs https://review.opendev.org/674808	18:34
*** henriqueof has quit IRC		18:38
openstackgerrit	Dan Crank proposed airship/promenade master: [WIP] Fixes/updates for webhook-apiserver https://review.opendev.org/665761	18:39
openstackgerrit	Merged airship/pegleg master: Support regenerating PKI https://review.opendev.org/671337	18:45
openstackgerrit	Merged airship/election master: WC2019 election: remove non-qualifying candidates https://review.opendev.org/674073	18:53
openstackgerrit	Trung Thai proposed airship/porthole master: Initial commit of mysqlclient-utility container. https://review.opendev.org/674881	18:59
openstackgerrit	Matt McEuen proposed airship/election master: Add 2019 WC Candidates https://review.opendev.org/674913	19:01
*** LoicL35 has quit IRC		19:04
openstackgerrit	Dan Crank proposed airship/promenade master: Fixes/updates for webhook-apiserver https://review.opendev.org/665761	19:09
openstackgerrit	Merged airship/election master: Add 2019 WC Candidates https://review.opendev.org/674913	19:16
openstackgerrit	Marjorie Middleton proposed airship/porthole master: Initial Commit of compute-utility container code https://review.opendev.org/674695	19:22
openstackgerrit	Alexander Hughes proposed airship/pegleg master: Update airship dependencies in Pegleg reqs https://review.opendev.org/673899	19:25
jamesgu_	mattmceuen, dwalt, kskels: so when I remove the full site and boostrap manifest from sloop, armada apply is happy, but pegleg lint still complains about missing substitutions. I can stop pegleg ling errors by using -f flag to ignore substitution check but I don't know if that really pushes too far?	19:28
jamesgu_	armada apply on the airskiff site just to clarify	19:29
*** henriqueof has joined #airshipit		19:43
openstackgerrit	Scott Hussey proposed airship/maas master: (fix) Omit maas-ingress proxy port https://review.opendev.org/674922	19:45
mattmceuen	jamesgu_ -- that's what I was afraid of	19:55
mattmceuen	It's less that I feel like using -f is going to far, and more that I don't think we want to have invalid (from a linting perspective) manifests living as references in treasuremap	19:56
mattmceuen	This makes me lean toward splitting out sloop vs. skiff as separate types. Is that what you're thinking jamesgu?	19:58
jamesgu_	agreed on not wanting to have invalid manifests in treasuremap. Just to help me understand, why does pegleg want to lint the resources that are not used by the airskiff site (I mean following down the references through the armada manifest in the deployment configuration for example)	19:59
jamesgu_	yes, I was thinking the same as you, having airskiff type (SW stck only) seems to be more clean. But I am not entirely sure if we'd see the same Pegleg lint issue or not	20:01
mattmceuen	it's because the documents are part of the declared site (due to inheritance), and are not valid rendered documents (since they haven't been finalized by a concrete document). The docs are still ingested into the the site / deckhand, even though nothing pulls them out of deckhand during the deployment proper	20:02
*** dirk has quit IRC		20:02
mattmceuen	if it was just a pegleg lint issue then I'd be all for changing it there, but I believe deckhand will be unhappy from a validation standpoint as well at runtime	20:02
*** dirk has joined #airshipit		20:05
jamesgu_	okay, I haven't been able to get the openstack deployment yet due to a mariabdb issue, so can't confirm if deckhand will also complain. So do you recommend to go to the airskiff type plan?	20:06
openstackgerrit	Merged airship/pegleg master: Update airship dependencies in Pegleg reqs https://review.opendev.org/673899	20:11
mattmceuen	Yeah, I think that's the best path forward jamesgu	20:16
mattmceuen	if there were only going to be one airskiff I'd say let's spin it differently; but given we want at least a couple airskiff sites, I think it's worth it to have the skiff type	20:17
*** lemko has quit IRC		20:27
jamesgu_	okay, I'll give it a spin :-)	20:42
openstackgerrit	James Gu proposed airship/treasuremap master: [WIP] airskiff: Use sloop type https://review.opendev.org/656882	20:47
*** alexanderhughes has quit IRC		20:59
*** DanCrank has quit IRC		21:14
openstackgerrit	Anthony Bellino proposed airship/promenade master: Run haproxy-anchor and haproxy pod with the nobody user (65534) https://review.opendev.org/657879	21:18
*** spilla has quit IRC		21:26
openstackgerrit	Merged airship/treasuremap master: Uplift helm/tiller to 2.14.1 https://review.opendev.org/674897	21:38
*** henriqueof has quit IRC		21:45
*** avolkov has quit IRC		21:45
*** Kuirong has quit IRC		21:51
*** ab2434_ has quit IRC		21:58
openstackgerrit	Michael Beaver proposed airship/airship-in-a-bottle master: Move from Quagga to FRRouting https://review.opendev.org/674941	22:01
openstackgerrit	Sean Eagan proposed airship/armada master: Implement Prometheus metric integration https://review.opendev.org/668980	22:03
*** henriqueof has joined #airshipit		22:43
*** aaronsheffield has quit IRC		23:05
*** arunx has quit IRC		23:32
*** kskels has quit IRC		23:48

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!