| mnasiadka | andrewbogott_: I have no clue when it's going to happen, so best to point to Azimuth cloud now I guess | 07:21 |
|---|---|---|
| opendevreview | Michal Nasiadka proposed openstack/magnum-capi-helm master: CI: Add magnum-capi initial CI job https://review.opendev.org/c/openstack/magnum-capi-helm/+/957702 | 07:31 |
| opendevreview | Michal Nasiadka proposed openstack/magnum-capi-helm master: CI: Add magnum-capi initial CI job https://review.opendev.org/c/openstack/magnum-capi-helm/+/957702 | 07:54 |
| jakeyip | hi all | 07:58 |
| dalees | #startmeeting magnum | 08:00 |
| opendevmeet | Meeting started Tue Aug 19 08:00:13 2025 UTC and is due to finish in 60 minutes. The chair is dalees. Information about MeetBot at http://wiki.debian.org/MeetBot. | 08:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 08:00 |
| opendevmeet | The meeting name has been set to 'magnum' | 08:00 |
| dalees | #topic roll call | 08:00 |
| dalees | hi jakeyip ! | 08:00 |
| dalees | do we have folk present for a meeting? | 08:00 |
| jakeyip | o/ | 08:00 |
| jakeyip | I'm just here for a bit, apologies, waiting to board | 08:00 |
| hemanth | o/ | 08:01 |
| dalees | jakeyip: oh, have a nice flight! you're off imminently? | 08:01 |
| dalees | imminently | 08:01 |
| jakeyip | yeah boarding soon lift off in 30 mins | 08:02 |
| jakeyip | maybe we can just run thru "Propose credential refresh spec"? | 08:03 |
| dalees | yeah, sure. keen to hear thoughts on that as we're progressing with implementation | 08:04 |
| dalees | #topic credential refresh spec | 08:04 |
| mnasiadka | o/ | 08:04 |
| mnasiadka | sorry for being late | 08:04 |
| dalees | hi mnasiadka , welcome | 08:04 |
| dalees | #link https://review.opendev.org/c/openstack/magnum-specs/+/955448 | 08:04 |
| jakeyip | one concern I have is that we'll need to wipe all traces of original app cred / trust in the cluster; else this will allow someone using this to get the old app cred and trust and essentially masquerade as the original user | 08:05 |
| dalees | jakeyip: the implementation sends a delete to keystone for the old app cred, so it should be invalidated. | 08:05 |
| mnasiadka | well, if the app cred is removed keystone API wise, so it should be fine | 08:05 |
| mnasiadka | trusts - those are going to disappear together with Heat driver | 08:06 |
| mnasiadka | (which reminds me to add removing trusts to the list of things we need to tell the users to do) | 08:06 |
| dalees | yes, i've been meaning to make trusts a config option so they aren't created for most. | 08:06 |
| jakeyip | does that require the implementation of reloader first, to make sure anything using the old app cred is kicked, before the app cred is deleted? | 08:07 |
| mnasiadka | yes, we need to first reconfigure the app cred on the cluster, and then remove the old one | 08:07 |
| mnasiadka | that's in the spec IIRC | 08:07 |
| mnasiadka | dalees: I think the spec is fine, I commented some nits yesterday, but I'm fine merging without addressing my comments | 08:08 |
| dalees | jakeyip: reloader patchset is up, but imho if you're rotating creds it's likely already invalid so you wouldn't break an app cred more, and the short time there's an invalid one in use isn't a big deal for reconciliation loops. | 08:08 |
| dalees | mnasiadka: thank you, appreciate your review and thoughts. Matt and I will review your comments and possibly address. | 08:09 |
| mnasiadka | My worry is - do you want to merge both spec and technical implementation this cycle? | 08:09 |
| mnasiadka | Feature freeze is Aug 29 | 08:10 |
| dalees | mnasiadka: yes, but if that's too rushed for reviews then so be it, perhaps it can still be reviewed and only merge next cycle. | 08:11 |
| mnasiadka | I'm fine with reviewing the code next week if we can merge the spec until end of this | 08:11 |
| mnasiadka | So if you guys will be fast with responses, I think that's fine | 08:12 |
| dalees | I've been reviewing Matts draft implementation this week (with potential changes from spec in mind), and it's working well. | 08:12 |
| mnasiadka | I still prefer to patch bugs next cycle and backport them, than to delay improvements ;) | 08:12 |
| dalees | mnasiadka: yes, we will be fast on this topic to address reviews as we're actively looking to use it ourselves :) | 08:13 |
| jakeyip | I've been out of the loop for this, so I won't raise any objections, as long as 2 cores think it's good to go, then go for it | 08:14 |
| mnasiadka | Ok then, the other spec looks fine | 08:14 |
| dalees | I do have one question though - there's an 'owner' field on Cluster - should this change when creds are refreshed? | 08:15 |
| jakeyip | yeah I thought about that too, will be fair to assume it changes | 08:15 |
| dalees | it feels like it should, but it has implications for keystone trusts i think - which we're not currently planning on rotating (as they aren't used in capi-helm driver) | 08:15 |
| mnasiadka | I think if we can make owner change work in the process that's nice - I wouldn't worry about trusts - we're dropping Heat driver anyway | 08:16 |
| jakeyip | I think I had the thought on whether we could just use a set of that field to trigger this and not have another api endpoint | 08:16 |
| mnasiadka | And I'd like to drop it this cycle actually, or at latest beginning of next | 08:16 |
| mnasiadka | well, with SLURP it needs to go next release | 08:17 |
| dalees | jakeyip: the 'set' of fields is so awkward (i've been working to make some mutable - which wont make Flamingo). At this point I'd rather the PATCH endpoint | 08:17 |
| jakeyip | hahaha | 08:17 |
| jakeyip | yes, it's a hot messs | 08:17 |
| jakeyip | I had a feeling I commented on all this somewhere but I couldn't find it! not sure if I was dreaming | 08:18 |
| dalees | the implementation library leaks into the api too; yuck. | 08:18 |
| dalees | jakeyip: maybe a draft somewhere. | 08:18 |
| jakeyip | ok nothing for me | 08:19 |
| dalees | mnasiadka: i'd also like to drop it; but we probably still need a way to manage (and delete!) old heat clusters for a little bit longer. out of tree is fine by me though. | 08:20 |
| jakeyip | nothing else from me | 08:20 |
| mnasiadka | dalees: we can drop the driver in SLURP release, which is G, not current (F) - so that's fine | 08:21 |
| dalees | cool, then we'll merge the spec shortly and remove draft from the implementation patches this week. | 08:21 |
| dalees | mnasiadka: ok, that's helpful to know. | 08:21 |
| dalees | any other topics? I see a review we've discussed last week from hemanth | 08:22 |
| mnasiadka | But I think it's time to stop testing, the version we're testing against is EOL | 08:22 |
| mnasiadka | #link https://review.opendev.org/c/openstack/magnum/+/957709/10 | 08:22 |
| hemanth | dalees: its more like a request to review, nothing to discuss | 08:22 |
| hemanth | we agreed on the approach in the last meeting, so any reviews are appreciated when someone gets time | 08:23 |
| dalees | hemanth: ack, yes i think we were ok on direction of the patch, just needs some eyes ( https://review.opendev.org/c/openstack/magnum-capi-helm/+/955984 ) | 08:24 |
| dalees | #topic reviews | 08:24 |
| dalees | ^ belated topic change ;) | 08:24 |
| hemanth | ok | 08:25 |
| dalees | that covers hemanth's | 08:25 |
| dalees | mnasiadka: want to discuss heat and testing? I see you're working on CI? (thank you!) | 08:26 |
| mnasiadka | Yes, I'd like to drop testing of the Heat driver test-cluster job - it's breaking now, and version we're testing is EOL | 08:26 |
| mnasiadka | I'm working on a CI job in magnum-capi-helm that would do the same using devstack-plugin-container for deploying the CAPI mgmt cluster - so that should be ready-ish soon | 08:27 |
| mnasiadka | The same goes with the container images in https://hub.docker.com/u/openstackmagnum | 08:27 |
| mnasiadka | (building and publishing new ones) | 08:27 |
| dalees | as in; ready before flamingo releases? | 08:28 |
| mnasiadka | That's my goal | 08:28 |
| mnasiadka | It doesn't really help us that we have ever-failing CI jobs - and it doesn't make any sense to keep them running since 1.28 is EOL | 08:29 |
| dalees | I know Heat is old, but not doing any cluster creations might leave us lacking if we don't have anything CAPI testing by Flamingo release. Perhaps there aren't many Magnum core changes to come in though. | 08:29 |
| dalees | having said that I'm okay dropping them if we have a plan/timeline for the capi ones. I don't want to spend any time on the Heat ones | 08:30 |
| mnasiadka | That was my intention - nobody wants to spend time on it. | 08:30 |
| mnasiadka | Should I add a release note that we're dropping testing for Heat driver, since it's deprecated? | 08:32 |
| dalees | Seems like a reasonable note to add | 08:33 |
| opendevreview | Merged openstack/magnum-specs master: Propose adding Reloader to workload clusters. https://review.opendev.org/c/openstack/magnum-specs/+/957191 | 08:37 |
| dalees | any other topics? we can end early if not | 08:38 |
| mnasiadka | I'll add the note in some minutes and ping for reviews :) | 08:38 |
| dalees | I assume jakeyip is now in flight | 08:38 |
| mnasiadka | That's all from me | 08:38 |
| dalees | thanks all for joining | 08:40 |
| dalees | #endmeeting | 08:40 |
| opendevmeet | Meeting ended Tue Aug 19 08:40:10 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 08:40 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/magnum/2025/magnum.2025-08-19-08.00.html | 08:40 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/magnum/2025/magnum.2025-08-19-08.00.txt | 08:40 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/magnum/2025/magnum.2025-08-19-08.00.log.html | 08:40 |
| opendevreview | Michal Nasiadka proposed openstack/magnum master: CI: Drop Heat driver and container build/publish jobs https://review.opendev.org/c/openstack/magnum/+/957709 | 08:42 |
| mnasiadka | dalees: ^^ added reno | 08:42 |
| opendevreview | Michal Nasiadka proposed openstack/magnum master: CI: Drop Heat driver and container build/publish jobs https://review.opendev.org/c/openstack/magnum/+/957709 | 08:43 |
| opendevreview | Massimiliano Favaro-Bedford proposed openstack/magnum master: Update flannel-cni image source https://review.opendev.org/c/openstack/magnum/+/957434 | 08:48 |
| opendevreview | Massimiliano Favaro-Bedford proposed openstack/magnum master: Rename Fedora CoreOS image name https://review.opendev.org/c/openstack/magnum/+/957209 | 08:48 |
| opendevreview | Massimiliano Favaro-Bedford proposed openstack/magnum master: Rename Fedora CoreOS image name https://review.opendev.org/c/openstack/magnum/+/957209 | 08:48 |
| opendevreview | Michal Nasiadka proposed openstack/magnum master: CI: Drop Heat driver and container build/publish jobs https://review.opendev.org/c/openstack/magnum/+/957709 | 11:45 |
| *** darmach47 is now known as darmach4 | 14:58 | |
| opendevreview | Michal Nasiadka proposed openstack/magnum master: CI: Remove container build/publish tools https://review.opendev.org/c/openstack/magnum/+/952124 | 20:17 |
| opendevreview | Matthew Northcott proposed openstack/magnum-specs master: Propose credential rotation spec. https://review.opendev.org/c/openstack/magnum-specs/+/955448 | 23:52 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!