Tuesday, 2025-11-11

« Monday, 2025-11-10 Index Wednesday, 2025-11-12 »
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-os_magnum master: DNM: Test mcapi CI  https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/96656409:02
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-ops master: DNM: Test updating mcapi versions to latest  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/96656309:03
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-os_magnum master: DNM: Test mcapi CI  https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/96656409:04
noonedeadpunkI will try to work on magnum thing during these weekends09:06
noonedeadpunkthe only concern I have so far, if current collections/roles do allow to get custom helm charts in09:09
noonedeadpunkbut it's bad that we've broken the pattern09:13
opendevreviewMerged openstack/openstack-ansible-os_tacker master: Remove functional test environments from tox.ini  https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/96090309:18
jrossernoonedeadpunk: if you think we can start to move the cluster api stuff out of the ops repo, then there are more options for fixing the current breakage09:29
jrosserandrew and i were just discussing how to fix templating the k8s conf.d file, and its pretty difficult to do that from a pre playbook that runs on the zuul executor09:30
jrosserit would be a lot easier to move that into the main repo, but that kind of is the starting point to migrate other stuff09:30
jrosserimho the CI setup for this is really opaque how it works for mcapi and it would be better to simplify rather than add more complexity09:31
noonedeadpunkI think we can, but I want to ensure we have both capi drivers supported with that09:32
noonedeadpunkand it's a matter of some kind of switch which one to use09:32
noonedeadpunk(or both)09:32
jrosseryes indeed09:33
jrosserso first problem is really simple of just deciding if we want to create the k8s lxc containers / conf.d entries09:33
jrosserif that were a common thing to vexxhost/azimuth then it can rightly be in the main repo09:33
noonedeadpunkyes, this is a common thing09:35
noonedeadpunkthere were some extra steps required for k8s cluster deployment though09:38
noonedeadpunkI think it was smth like 2 extra tasks or smthj09:38
noonedeadpunkI have notes somewhere....09:38
jrosseryeah, so we need a way of distinguishing the job name09:38
jrossermagnum_<vexxhost> / magnum_<stackhpc> or whatever the most proper terms for these are 09:39
jrosseronce magnum drops the heat driver it will then be implicit that any job deploying magnum needs at least the control plane k8s cluster09:39
jrosserthen some specialisation depending on which driver is wanted09:40
noonedeadpunkI think you can do even both at the same time if you want to09:40
noonedeadpunkthey made a workaround to avoid image naming tags conflict09:40
noonedeadpunkand inside of k8s a different namespaces are being used09:41
jrosserok cool we'll start to simplify the CI setup a bit09:45
noonedeadpunkI think these 2 steps were: 1. helm repo add capi-addons https://azimuth-cloud.github.io/cluster-api-addon-provider 2. kubectl create namespace capi-addons09:50
jrosserok, so as step zero we will take the part that bootstraps the deployment of the k8s control plane cluster (just the conf.d and AIO scenario handling) and move that to the main repo09:51
jrosserindependant of whatever driver, that can still be in the ops repo09:52
jrosserfor now09:52
noonedeadpunkhere's the full paste https://paste.openstack.org/show/bE9DCpZifNollLjbqXAw/09:57
noonedeadpunkright, I think the main concern for me so far if vexxhost.kubernetes collection could be used to execute these 2 steps09:58
jrosseryeah, or we have to handle that in our own code09:58
opendevreviewAndrew Bonney proposed openstack/openstack-ansible master: DNM: Add minimal AIO files for k8s clusters  https://review.opendev.org/c/openstack/openstack-ansible/+/96666610:00
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-ops master: DNM: Test updating mcapi versions to latest  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/96656310:01
noonedeadpunk(or use a forked collection)10:06
jrossernoonedeadpunk: did we ever manage to have it so that depends-on for collections (like the ops repo) works properly?11:01
noonedeadpunk[e]No, I don't think we ever tried for ops repo tbh. It does work for plugins repo though11:04
jrosserhmm ok i wonder how it only works for one of them11:26
noonedeadpunkwe probably don't have ops in required-projects?11:27
noonedeadpunkand there's a different naming for collection path, which I have no idea if it's compatible11:27
noonedeadpunkhaving repo here is required iirc: https://opendev.org/openstack/openstack-ansible/src/branch/master/zuul.d/jobs.yaml#L21811:29
jrosserits more complicated sadly11:33
jrosserwe dont have it in ansible-collection-requirements so it's never a candidate to use the zuul copy rather than upstream11:34
noonedeadpunkright....11:34
jrosserand then both the integrated repo and the also the many hacks in the ops repo are both wanting to control the contents of user-collection-requirements11:34
noonedeadpunkand we don't mess up with user-collection-requirements11:34
jrosserso thats just horribly and we need to undo that mess11:34
opendevreviewAndrew Bonney proposed openstack/openstack-ansible master: DNM: Add minimal AIO files for k8s clusters  https://review.opendev.org/c/openstack/openstack-ansible/+/96666611:35
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-ops master: DNM: Test updating mcapi versions to latest  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/96656311:36
jrosseri think that for the long term there might be a missing concept, where an AIO scenario needs extra collections to be installed11:36
jrosserwe don't have a way to cleanly define that currently11:36
opendevreviewAndrew Bonney proposed openstack/openstack-ansible master: DNM: Add minimal AIO files for k8s clusters  https://review.opendev.org/c/openstack/openstack-ansible/+/96666611:48
andrewbonneymnaser: would it be possible to release that ansible-collection-containers fix? having a tagged version would save me doing a temporary clone from url12:49
noonedeadpunk#startmeeting openstack_ansible_meeting15:00
opendevmeetMeeting started Tue Nov 11 15:00:03 2025 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'openstack_ansible_meeting'15:00
noonedeadpunk#topic rollcall15:00
damiandabrowskihi!15:00
noonedeadpunko/15:00
noonedeadpunkcourtesy ping janno15:02
noonedeadpunkoops15:02
noonedeadpunkjrosser: 15:02
damiandabrowskiWould be nice to discuss two things regarding https://review.opendev.org/c/openstack/ansible-role-pki/+/94888115:03
damiandabrowski1. change default vault path names `pki` -> `pki_root` (for path containing pki root)15:03
damiandabrowski`pki_int` -> `pki` (for path containing intermediate cert and all service certs)15:03
damiandabrowskiOriginally suggested by noonedeadpunk. I'm fine with this.15:03
damiandabrowski2. Rename `vault_root_ca_path` to `signed_by`15:03
damiandabrowskiwe can rename vault_root_ca_path to signed_by15:03
damiandabrowskiI didn't do this before because I wanted to avoid a situation where we have the same variable(signed_by) that accepts different values depending on the backend(cert name for standalone, vault path for hashi_vault).15:03
damiandabrowskibut maybe you don't see it as a problem15:04
damiandabrowskiand its name - vault_root_ca_path was more explicit that this variable is about the vault path15:04
damiandabrowskiso that was the reason why I implemented it that way, but I don't have a strong opinion here.15:04
damiandabrowskiIf you think it's better to rename it to signed_by, I'm okay with this15:04
noonedeadpunkI frankly don't have strong opinion on it either. as we're not passing a cert name via signed_by in this case, but really a vault mount path15:05
noonedeadpunkregarding pki / pki_root - I just find current example being a bit unobvious to read15:06
damiandabrowskiyeah, you may be right about that15:06
noonedeadpunkbut using `signed_by` would also solve this ambiguity for me15:07
noonedeadpunkso it's matter of just agreeing on some option15:07
noonedeadpunkbut I'm not sure if that what jrosser meant when mentioned signed_by15:07
damiandabrowskiokay, so maybe lets wait for his opinion until we make some decision about 2.15:08
damiandabrowskiand regarding 1. - I'll fix it tomorrow15:08
noonedeadpunkBut I think second thing we need to sort out, is actually aboput support for debian 1215:09
damiandabrowskiah yes...15:09
noonedeadpunkand hcl requirement (or how it's called)15:09
damiandabrowskihvac :D 15:09
noonedeadpunkright15:09
damiandabrowskiso yes, TLDR; if we want to support debian 12 we need to install hvac with pip using --break-system-packages15:10
damiandabrowski(debian 12 has too old hvac version in its repositories)15:10
noonedeadpunk#link https://review.opendev.org/c/openstack/openstack-ansible/+/948888/10/requirements.txt15:10
noonedeadpunkI don't like this ^ at all15:10
damiandabrowskiis there any other place where we can place this requirement?15:11
noonedeadpunkwell. we can do multiple things I guess...15:12
noonedeadpunk1. Add it as extras ie https://opendev.org/openstack/openstack-ansible/src/branch/master/setup.cfg#L29-L32, and then assume somebody doing `pip install .[hvac]`  or smth. But it kinda sucks, as not obvious and complex15:13
noonedeadpunk2. Add documentation/alert/reno that the following module is requiredspecifically for debian 1215:13
noonedeadpunk3. Inside of the pki role create a spearate venv, install requirements there, and use different pki_setup_host_python_interpreter for debian 1215:15
noonedeadpunkfor 1. we can ofc modify the bootstrap script or smth....15:17
damiandabrowskijust to clarify: this package is required for all OS15:17
damiandabrowskibut for all other OS it can be installed from system repositories. And I'm not sure if we want to do that if there's an option to install it just in /opt/ansible-runtime15:18
damiandabrowskiwhich is enough15:18
NeilHanlono/ sorry, triple booked today15:18
noonedeadpunkand for 2. we can document adding the module to openstack_deploy/user-ansible-venv-requirements.txt15:18
damiandabrowskibut maybe let's start from scratch. Why do you think requirements.txt is a bad place for it? :D 15:19
damiandabrowskirequirements.txt is used when building /opt/ansible-runtime venv, so it looked like a valid place for it15:19
jrossero/ sorry i'm late15:20
noonedeadpunkno worries - there's a question to you above I believe15:23
noonedeadpunkwhile I'm thinking on hvac :)15:23
jrosserfor signed_by it seemed that using the name of the root to sign the intermediate is quite "obvious"15:23
jrosserand also for which intermediate signs a cert15:23
jrosserhow that maps to internals (i.e the mount point in vault of a particular CA) we can choose however we wish15:23
noonedeadpunkI think the problem there, is that you can't actually select a root or intermediate directly15:23
noonedeadpunkas intermediate should be stored in the same place as certs I assume15:24
jrosseryou do it via the mount point?15:24
noonedeadpunkyeah15:24
noonedeadpunkso same mount point for intermediate as the cert, same or different for root15:24
jrosserright, so its like `{{ vault_mount_point_prefix }}/{{ item.signed_by }}` or something15:25
damiandabrowskii tried to explain it in this diagram: https://ibb.co/6R3rGYBC15:25
jrosseri am just wanting to keep the data abstract in the input to the role15:25
noonedeadpunkI have no idea if you can do it like that though15:25
damiandabrowskiwe don't point to any specific issuer15:25
noonedeadpunkas from what I got, you're limited only to `vault_mount_point_prefix` - what you can actually define15:26
damiandabrowskiyeah15:26
jrosseroh right15:26
noonedeadpunkso it's {{ item.signed_by }}/some/other/api/call15:26
jrosserwell regardless, if we can keep the input data not being shaped by the implementation in vault, that would be excellent15:27
noonedeadpunkthe problem here, is that it feels, that for intermediate you still need to introduce smth15:30
noonedeadpunkfor standalone we were using just `name` to identify the path15:30
jrosserindeed15:30
damiandabrowskiyeah, I'm afraid that for hashi_vault we just cannot keep the logic from standalone backend, where we explicitly specify issuing certificate15:30
noonedeadpunkI'm not sure this is gonna be applicable for vault15:30
damiandabrowskiat least I couldn't find a way to achieve this15:31
noonedeadpunkand then root also needs some "signed_by" which makes limited sense15:31
noonedeadpunkand then certs themselves don't have any choice15:31
noonedeadpunkas they will be signed with whatever available on their mount point15:32
noonedeadpunkBut we can call that `signed_by` though15:32
noonedeadpunkit's a matter of relation kinda.15:32
noonedeadpunksec15:33
noonedeadpunkhttps://paste.openstack.org/show/bKHPlUr8lddmPwa1b1XF/15:34
noonedeadpunksmth like that?15:34
damiandabrowskiyeah, we can do that15:35
noonedeadpunkdamiandabrowski: I have an answer to you why I don;t like  requirements.txt - because `pki_setup_host` can be anything. and we're not ensuring that role does necessary things to get itself independent for osa 15:35
noonedeadpunkIe - we can use repo or utility containers even for pki_setup_host and vault15:36
noonedeadpunkand then - connectivity from osa deploy host to vault becomes more of a requirement if we don't have a self-contained mechanism to install hvac15:36
noonedeadpunkso installing a package sounds like a way easier thing to do15:37
damiandabrowskiahh right, makes sense15:37
noonedeadpunkbut sure - we can actually spawn a separate venv on the pki_setup_host with hvac15:38
jrosserthat might be a good thing to do anyway as then we can be in more control of the version of cryptography or whatever else we might need15:39
noonedeadpunkit's pinned by u-c, but yeah15:39
noonedeadpunkso "control" :)15:39
noonedeadpunkok, so are we in agreement about the paste above?15:39
damiandabrowskibut we want to spawn a separate venv only for debian12, do I get it right?15:39
noonedeadpunkit makes sense to do it universally then?15:40
noonedeadpunkDunno15:40
noonedeadpunkI actually hate this situation, as we're to add complexity for OS which we should have deprecated if were in time for adding Debian 13 support for Epoxy15:40
damiandabrowskiwhen we will drop support for debian 12?15:40
noonedeadpunkwe have to carry it through 2026.1 at this point15:41
noonedeadpunkso early 2026.215:41
damiandabrowskibecause I'm afraid of the situation when support for debian 12 will be dropped but we'll still keep this "dedicated venv" thing for no reason15:41
noonedeadpunkwell, reason is "control" of versions15:41
damiandabrowskiokay, I'll try implement this15:42
noonedeadpunkit's possible that we get into this versioning situation again in the future15:42
noonedeadpunkwhen we'd need to implement smth newer, which some os does not support15:42
damiandabrowskiyeah...ack15:43
noonedeadpunkso it could be good to have in general, even for standalone backend, as jrosser mentioned15:43
noonedeadpunkdamiandabrowski: btw I've also spotted that you don;t use pki_setup_host_python_interpreter anywhere for the vault code15:44
noonedeadpunk* just spotted15:44
damiandabrowskiack, I'll look into that15:45
noonedeadpunkjrosser: about the swift library - seems that https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/966515 kinda helps a bit with that15:46
noonedeadpunkbut Ironic still feeling bad15:46
jrosseroh theres a depends on is there15:47
damiandabrowskisorry guys, I'll drop off :D it's public holiday in Poland, I just joined to discuss PKI stuff15:47
noonedeadpunkah, sure, take care15:47
jrosserwe also still need to remove inspector?15:47
noonedeadpunkIt fails on `msg: Source /usr/share/ipxe/ipxe-x86_64.efi not found` for EL1015:48
jrossererrrr15:48
noonedeadpunkand for ubuntu on tempest tests15:48
jrosserwhich parch are we looking at15:48
jrosser*patch15:48
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/95100315:48
noonedeadpunkBut it could be we need to break relation chain15:49
noonedeadpunkand rebase https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/950508 on top of master15:50
noonedeadpunkand add depends-in15:50
noonedeadpunk*depends-on15:50
noonedeadpunkright...15:50
jrosserironic service is down i think15:50
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_ironic master: Switch from wsgi script to wsgi module  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/95050815:50
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Switch from wsgi script to wsgi module  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/95050815:51
noonedeadpunkit won't solve this one though: https://zuul.opendev.org/t/openstack/build/04300573a8434d26935a36fcaccd9bc7/log/job-output.txt#14411-1441515:51
noonedeadpunkhave no idea what provides this one15:52
jrosserhmm https://opendev.org/openstack/ironic/src/branch/master/doc/source/install/configure-pxe.rst#L29815:53
jrosseroh unhelpful link, but that doesnt help15:54
noonedeadpunkwill check if might be just the path is different15:54
jrosseryeah15:55
noonedeadpunkI think almost the last think - what do you think about uv patch here:15:55
jrosserit didnt fail at installing `grub2-efi-x64`15:55
jrosserso the firmware should be somewhere15:55
noonedeadpunk#link https://review.opendev.org/c/openstack/openstack-ansible/+/96640915:55
jrosseri thought this was good15:56
jrosserbut we have to be careful of how we test this, and if we decide to change the default15:56
noonedeadpunkthe problem is that uv has no way of building wheels so far15:56
noonedeadpunkand one thing which would be beneficial to do, if uv would be creating venvs as well. as it's doing it quite faster15:57
noonedeadpunkbut now what I was doing, is installing uv inside of the existing venv15:57
noonedeadpunkas it's installation process is not really easy outside of venv15:57
jrosserhah if python_venv_build needs its own venv with pip to install uv to then make a venv15:58
jrosserthats quite something15:58
jrossertheres a danger of adding a *lot* of tasks that ensure that is present on * places15:59
noonedeadpunkwell, so I made uv to operate inside already created venv by `python3 -m venv`15:59
noonedeadpunkand then instead of upgrading pip in that venv, I'm installing uv there16:00
noonedeadpunkbut we're not benefitting from venv creation process16:00
noonedeadpunkso uv usage is really minimal right now....16:00
noonedeadpunkand about testing - yes, sure, I was thinking to add molecule coverage to the role16:01
jrosserit could also be that the ever-present pip resolver errors happen in different ways16:03
jrosseri think thats my bigger concern that we need to be using that one way, or the other16:03
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Switch from wsgi script to wsgi module  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/95050816:03
jrossermaking it switchable gives 2x (currently) the options for people to try and us to debug16:04
noonedeadpunkbut if we can save ~5mins on each CI job....16:04
noonedeadpunkbut indeed I get the concern...16:05
jrosseryeah, we need, imho, to be comfortable enough to commit to "now we use uv" rather than make another tunable16:05
noonedeadpunkI was trying to think of more ways for us to leverage uv, but I wasn't able to come up wit hanything decent enough16:06
noonedeadpunkwell, we can't for wheels at least16:06
noonedeadpunkas it does not support building things for requirements, like pip does16:06
noonedeadpunkit can build only wheels for "current" project16:06
noonedeadpunkmaybe we can skip wheels part with uv as a whole, dunno16:07
noonedeadpunkas it does some efficient local caching...16:07
noonedeadpunkand then drop whole repo part....16:08
noonedeadpunkbut I'm not sure about that16:08
noonedeadpunk#endmeeting16:08
opendevmeetMeeting ended Tue Nov 11 16:08:46 2025 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:08
opendevmeetMinutes:        https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-11-11-15.00.html16:08
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-11-11-15.00.txt16:08
opendevmeetLog:            https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-11-11-15.00.log.html16:08
noonedeadpunkbtw, we a reminder, that we are having a bug fighting day this Thursday16:09
noonedeadpunkI've sent a ML with announcement yesterday16:09
noonedeadpunkand the we agreed on the date on the PTG16:09
opendevreviewMerged openstack/openstack-ansible-os_zun master: Switch from wsgi script to wsgi module  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/95052016:24
opendevreviewMerged openstack/openstack-ansible-os_nova master: Extend apparmor overrides for custom nova folder  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/96625716:49
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Remove EL9 compatability  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/96672116:59
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic stable/2025.1: Use correct path for ipxe on EL10  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/96672517:00
opendevreviewMerged openstack/openstack-ansible-os_aodh master: Switch from wsgi script to wsgi module  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/95050117:09
opendevreviewMerged openstack/ansible-role-python_venv_build master: Allow to re-create wheels build venv  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/96616217:35
opendevreviewMerged openstack/openstack-ansible master: Set ANSIBLE_LOCAL_TEMP to /tmp to prevent remote_tmp warnings  https://review.opendev.org/c/openstack/openstack-ansible/+/95321817:43
jrosserwe need to switch ironic ipxe to use ipxe-snponly-x86_64.efi18:01
jrosserthats the answer to unblock that18:01
noonedeadpunkI think I already push a patch?18:02
jrosserah ok18:02
noonedeadpunkbut it's somehow not passing fast18:03
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/950508/6..7/vars/redhat.yml18:03
jrosserit looks like perhaps that should be the default now18:03
jrosserbut we can make that a seperate patch18:03
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Switch from wsgi script to wsgi module  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/95050818:04
noonedeadpunkyeah, I made it that way for the sake of "backport" https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/96672518:05
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Remove EL9 compatability  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/96672118:05
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Remove EL9 compatability  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/96672118:05
noonedeadpunkbut eventually, it could be that we have issue just with inspecotr as well18:06
noonedeadpunkI wonder why some jobs are failing, but not otheres18:06
noonedeadpunklike debian one passed18:07
jrosserI wonder if we should strip out inspector18:38
jrosseror if that has to wait due to slurp18:39
noonedeadpunkI think it was dropped by Ironic? or was it?18:39
noonedeadpunkI frankly have no idea what it takes to move to ironic integrated inspector thing18:40
noonedeadpunkas in 2025.2 we can drop deprecated things actually18:40
jrosserI think we just delete the old thing18:40
noonedeadpunkgiven 2025.1 has features and can be used as upgrade release18:40
jrosserthe functionality is now in ironic itself18:40
jrosserbut difficulty will be testing the config and functionailty18:41
jrosserwe do t use inspector here18:41
jrosserso unless I find time to work on that it’ll be difficult18:41
noonedeadpunkI never got to Iroinc tbh18:42
noonedeadpunkI was just assuming some extra config might be needed for integrated into ironic functionality18:48
noonedeadpunkbut I have no idea18:48
jrossermnaser: did Andrew ask for a release of the containers collection?20:00
noonedeadpunkso we can't use sha?20:01
noonedeadpunkor it's internal-related thing?20:01
jrosserI think it’s tricky because it’s a galaxy dependency from ansible-collection-kubernetes20:04
jrosserwhich is “version at least <blah>” which o my talks about released versions i think, i.e not master20:04
jrosser*only talks20:05
noonedeadpunkdoh20:05
noonedeadpunkand this is a new collection or smth?20:05
jrosserno it’s just that there’s now a fix merged but I’m not sure how we can use that in AIO without a release20:06
jrossergood ideas welcome :)20:06
noonedeadpunkI think we were just using ansible-collection-kubernetes directly,. that's why I've asked if it's a new one20:06
noonedeadpunknah, if it's galaxy dependency, then no idea20:07
noonedeadpunkI wonder though, if it's stated as version >=, then I'd assume mentioning both in ansible-collection-requirements should work20:09
noonedeadpunkbut order does matter20:09
noonedeadpunkso dependencies should be mentioned first20:09
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic stable/2025.1: Use correct path for ipxe on EL10  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/96672520:11
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Switch from wsgi script to wsgi module  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/95050820:12
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic stable/2025.1: Use correct path for ipxe on EL10  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/96672520:12
noonedeadpunkbtw, about ironic thing - it fails quite trivially: https://zuul.opendev.org/t/openstack/build/c40e02b71a4b421d87843a3be339e711/log/logs/host/ironic-inspector-dnsmasq.service.journal-19-36-11.log.txt20:13
noonedeadpunkI think it's an apparmor actually20:13
noonedeadpunkor maybe not....20:15
noonedeadpunkas upgrade job passed...20:15
noonedeadpunkbut it looks trivial :)20:16
jrosseroh I have patch for apparmor don’t I?20:17
noonedeadpunkright...20:17
noonedeadpunkso we need to squash them at this point it seems...20:18
jrosserthat does look familiar20:18
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/95100320:18
noonedeadpunkso wsgi was on top of it...20:18
noonedeadpunkbut now it does not work, as there's no wsgi script anymore20:18
noonedeadpunkso we either need to set ironic back, or squash them I guess20:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Add apparmor rules for ironic inspector  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/95100320:19
noonedeadpunklet's see if it's solving the thing...20:20
noonedeadpunkand then will combine20:20
noonedeadpunk*squash20:20
jrosseryeah20:20
noonedeadpunkand upgrade works, as your patch is merged in 2025.120:20
noonedeadpunkso makes total sense20:20
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_zun master: Use loop label for deb822_repository  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/95903120:23
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder master: Use loop label for deb822_repository  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/95903020:23
« Monday, 2025-11-10 Index Wednesday, 2025-11-12 »

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!