| opendevreview | Ivan Anfimov proposed openstack/openstack-ansible-os_magnum master: Remove outdate file manual-test.rc https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/959655 | 00:31 |
|---|---|---|
| opendevreview | OpenStack Proposal Bot proposed openstack/openstack-ansible master: Imported Translations from Zanata https://review.opendev.org/c/openstack/openstack-ansible/+/963236 | 03:49 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_networkd master: Restart systemd-udev on link changes https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/954876 | 08:10 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_networkd master: Restart systemd-udev on link changes https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/954876 | 08:11 |
| opendevreview | Merged openstack/ansible-role-pki master: Allow to supply ttl for ownca certificates https://review.opendev.org/c/openstack/ansible-role-pki/+/963180 | 14:31 |
| noonedeadpunk | #startmeeting openstack_ansible_meeting | 15:02 |
| opendevmeet | Meeting started Tue Oct 7 15:02:13 2025 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:02 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:02 |
| opendevmeet | The meeting name has been set to 'openstack_ansible_meeting' | 15:02 |
| noonedeadpunk | #topic rollcall | 15:02 |
| noonedeadpunk | o/ | 15:02 |
| DavidGomez | o/ | 15:02 |
| NeilHanlon_ | o/ | 15:02 |
| damiandabrowski | hi! | 15:03 |
| noonedeadpunk | courtesy ping: jrosser | 15:03 |
| jrosser | o/ hello | 15:03 |
| noonedeadpunk | #topic office hours | 15:03 |
| noonedeadpunk | so releases | 15:04 |
| noonedeadpunk | for 2025.1 I think only rocky left | 15:04 |
| noonedeadpunk | #link https://review.opendev.org/q/parentproject:openstack/openstack-ansible+branch:%5Estable/2025.1+status:open+ | 15:04 |
| noonedeadpunk | *rocky 10 backport | 15:04 |
| noonedeadpunk | 2024.2 is waiting for another vote on bump | 15:05 |
| noonedeadpunk | and 2024.1 had issues yesterday with Rocky 9 mirrors | 15:05 |
| noonedeadpunk | I'm considering to backport https://review.opendev.org/c/openstack/openstack-ansible/+/935362 as well if it's not gonna pass today | 15:06 |
| NeilHanlon_ | yeah i think that would make sense | 15:06 |
| *** NeilHanlon_ is now known as NeilHanlon | 15:06 | |
| jrosser | yes it looked like a big mess yesterday | 15:06 |
| noonedeadpunk | for 2025.2 beta I've pushed freeze https://review.opendev.org/c/openstack/openstack-ansible/+/963189 - will push unfreeze today right after the meeting | 15:07 |
| noonedeadpunk | ideally I should have done that yesterday | 15:07 |
| noonedeadpunk | I;ve also spotted a copy-paste issue during refactoring of releasing script while doing freeze, so pushed small path for it | 15:09 |
| noonedeadpunk | Also run some tests/played with facts gathering yesterday evening. As today we basically are collecting all facts, as ANSIBLE_GATHER_SUBSET not respected anymore | 15:09 |
| jrosser | that patch looked basically ok | 15:10 |
| noonedeadpunk | got quite a massive patch out for playbooks: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/963204 | 15:10 |
| noonedeadpunk | I was thinking if I should simplify it | 15:10 |
| noonedeadpunk | and drop `ANSIBLE_GATHER_SUBSET` altogether | 15:10 |
| noonedeadpunk | as it could be `gather_subset: "{{ osa_gather_subset | default('!all,min') }}"` instead | 15:11 |
| noonedeadpunk | really no reason except some compatability concerns not to do that | 15:12 |
| noonedeadpunk | but we're now on non-slurp, so eh | 15:12 |
| jrosser | the env var is no longer a thing in actual ansible so yes makes sense to simplify | 15:12 |
| NeilHanlon | that all feels rather fine | 15:12 |
| noonedeadpunk | I guess my thinking was that I didn't intend to add ansible var in place at the begining, but then realized it might be good to do it with anisble var | 15:13 |
| noonedeadpunk | but left env var in place | 15:13 |
| noonedeadpunk | I will check on that and I guess simplify it indeed | 15:13 |
| * noonedeadpunk having several envs which would need to convert from env var to ansible var | 15:14 | |
| * noonedeadpunk is lazy | 15:14 | |
| noonedeadpunk | ok, we got some progress on pki route I believe | 15:15 |
| noonedeadpunk | There were some comments in IRC about the last patch bringing in the new driver from jrosser yesterday | 15:15 |
| noonedeadpunk | damiandabrowski: have you seen them and was able to process? | 15:15 |
| noonedeadpunk | do we want to discuss them now? | 15:15 |
| jrosser | yeah there still is vault_ vars in places | 15:15 |
| jrosser | i already left comments on the patch a long time ago | 15:16 |
| damiandabrowski | yeah, i think it's related to: https://review.opendev.org/c/openstack/ansible-role-pki/+/948881/comment/ee0404e1_b5ac6aae/ | 15:16 |
| damiandabrowski | I tried to explain there why I've implemented it like this | 15:17 |
| noonedeadpunk | yeah, I hardly dealt with vault so it's hard to judge for me without deeper dive into specifics | 15:19 |
| noonedeadpunk | at glance explanation kinda make sense | 15:20 |
| noonedeadpunk | btw it's in merge conflict now | 15:20 |
| damiandabrowski | yeah, I'll handle it during the evening | 15:21 |
| noonedeadpunk | Will put some effort into reviewing this. As I was postponing this last bit for too long | 15:23 |
| noonedeadpunk | But I think my main problem is that I'm really not sure what is the most widespread or reasonable pattern of vault usage is | 15:24 |
| damiandabrowski | yeah, me neither. Didn't really have any experience with Vault before I started working on this integration | 15:24 |
| damiandabrowski | okok, I'm currently adoping sevice roles to recent pki changes we made(type, dynamic permission/owner etc.) | 15:25 |
| damiandabrowski | it's going slower than I expected but today I aim to finish patching and start testing it locally | 15:26 |
| noonedeadpunk | ok, sounds good then | 15:26 |
| noonedeadpunk | Debian 13 - I don't have any updates so far. Was not looking there :( | 15:26 |
| damiandabrowski | btw. how can I upload a new patchset to the propsoed change but avoid triggerring CI jobs? Would workflow -1 do the job? | 15:26 |
| noonedeadpunk | nope, I don't think you can do this | 15:26 |
| noonedeadpunk | as jobs are triggered based of file changes and the trigger is new patchset | 15:27 |
| damiandabrowski | ahh okok :/ thanks | 15:27 |
| noonedeadpunk | labels do not really matter afaik | 15:27 |
| noonedeadpunk | you can make a typo in zuul.d so that they instantly fail :D | 15:27 |
| noonedeadpunk | or comment out jobs in project.yaml | 15:28 |
| noonedeadpunk | but yeah | 15:28 |
| noonedeadpunk | I wanna check on Debian 13 this week, but really no time to be frank, as need to prepare plenty of stuff for the summit | 15:30 |
| noonedeadpunk | anything else for today? | 15:35 |
| jrosser | sorry fire alarm here - back now | 15:40 |
| jrosser | my only objection to the vault_* vars is that they look mandatory | 15:40 |
| jrosser | if they defaulted to some sensible value and did not need always to be in the input data to the pki role it would be much cleaner | 15:40 |
| jrosser | i also don't see why we can't use signed_by for either backend | 15:41 |
| damiandabrowski | hmm, I can define some default values for vault_path and vault_root_ca_path, so they won't have to be explicitly defined | 15:44 |
| damiandabrowski | I was thinking about getting rid of vault_root_ca_path and using signed_by for both backends, but I was afraid it would be too confusing for users | 15:45 |
| damiandabrowski | vault_root_ca_path specifies a vault path where the root certificate is stored. It doesn't point to the issuing certificate directly | 15:45 |
| damiandabrowski | so that's quite a difference, comparing to how signed_by is used in standalone backend | 15:46 |
| noonedeadpunk | #endmeeting | 16:02 |
| opendevmeet | Meeting ended Tue Oct 7 16:02:02 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:02 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-10-07-15.02.html | 16:02 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-10-07-15.02.txt | 16:02 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-10-07-15.02.log.html | 16:02 |
| opendevreview | Ivan Anfimov proposed openstack/ansible-role-systemd_networkd master: tox: Remove ineffective ignore_basepython_conflict and bump minimum version https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/963318 | 18:40 |
| opendevreview | Ivan Anfimov proposed openstack/ansible-role-systemd_networkd master: tox: Remove ineffective ignore_basepython_conflict and bump minimum version https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/963318 | 18:42 |
| opendevreview | Ivan Anfimov proposed openstack/ansible-role-systemd_networkd master: wip https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/963319 | 18:42 |
| opendevreview | Ivan Anfimov proposed openstack/ansible-role-systemd_networkd master: wip https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/963319 | 18:43 |
| opendevreview | Ivan Anfimov proposed openstack/ansible-role-systemd_networkd master: Use full service name in task name https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/963319 | 18:43 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-os_nova master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/949426 | 19:35 |
| opendevreview | Damian Dąbrowski proposed openstack/ansible-role-httpd master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/ansible-role-httpd/+/949430 | 19:37 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-os_placement master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-os_placement/+/948913 | 19:38 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-os_cinder master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/949427 | 19:38 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-os_neutron master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/949420 | 19:40 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-os_keystone master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/949425 | 19:41 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-os_glance master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/949428 | 19:41 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-os_horizon master: Change horizon_pki_san format https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/949429 | 19:42 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-os_octavia master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/949419 | 19:43 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-galera_server master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/949424 | 19:44 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-rabbitmq_server master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/949423 | 19:45 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-haproxy_server master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/949418 | 19:54 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-haproxy_server master: Fix 'Regen pem' handler https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/949417 | 20:03 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-haproxy_server master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/949418 | 20:05 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-haproxy_server master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/949418 | 20:07 |
| opendevreview | Damian Dąbrowski proposed openstack/ansible-role-zookeeper master: Add hashi_vault pki backend support https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/949422 | 20:08 |
| opendevreview | Damian Dąbrowski proposed openstack/ansible-role-pki master: Add hashi_vault backend https://review.opendev.org/c/openstack/ansible-role-pki/+/948881 | 20:17 |
| opendevreview | Ivan Anfimov proposed openstack/openstack-ansible master: docs: small fix for previous release number on main page https://review.opendev.org/c/openstack/openstack-ansible/+/960798 | 23:00 |
| opendevreview | Ivan Anfimov proposed openstack/openstack-ansible master: docs: small fix for previous release number on main page https://review.opendev.org/c/openstack/openstack-ansible/+/960798 | 23:00 |
| opendevreview | Ivan Anfimov proposed openstack/openstack-ansible master: docs: small fix for previous release number on main page https://review.opendev.org/c/openstack/openstack-ansible/+/960798 | 23:02 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!