Wednesday, 2022-01-19

« Tuesday, 2022-01-18 Index Thursday, 2022-01-20 »
opendevreviewBuddhika Sanjeewa proposed openstack/kolla-ansible master: Deploy Zun with Cinder Ceph support  https://review.opendev.org/c/openstack/kolla-ansible/+/82472202:39
opendevreviewBuddhika Sanjeewa proposed openstack/kolla-ansible master: Deploy Zun with Cinder Ceph support  https://review.opendev.org/c/openstack/kolla-ansible/+/82472202:43
opendevreviewBuddhika Sanjeewa proposed openstack/kolla-ansible master: Deploy Zun with Cinder Ceph support  https://review.opendev.org/c/openstack/kolla-ansible/+/82472203:15
frickleryoctozepto: mnasiadka: checking https://review.opendev.org/c/openstack/openstack-manuals/+/825171 I noticed that kolla is also still commented out for xena. I guess we want to fix that and also update our release process to include this? I can propose a similar patch for k-a if you agree07:12
yoctozeptofrickler: yeah, let's do it, thanks for noticing08:09
opendevreviewjinyuanliu proposed openstack/kolla-ansible master: ADD venus for kolla-ansible  https://review.opendev.org/c/openstack/kolla-ansible/+/79389708:34
frickleryoctozepto: wow, you were fast with reviewing, I was just adding some questions https://review.opendev.org/c/openstack/openstack-manuals/+/82526608:38
fricklerwe can of course amend in a followup if needed, also deal with older releases08:39
opendevreviewlikui proposed openstack/kolla-ansible master: Use Docker healthchecks for ironic-neutron-agent services  https://review.opendev.org/c/openstack/kolla-ansible/+/81770608:43
opendevreviewRadosław Piliszek proposed openstack/kolla-ansible master: [CI] Test Ironic when touching Neutron  https://review.opendev.org/c/openstack/kolla-ansible/+/82528910:06
opendevreviewRadosław Piliszek proposed openstack/kolla-ansible master: Use Docker healthchecks for ironic-neutron-agent services  https://review.opendev.org/c/openstack/kolla-ansible/+/81770610:06
opendevreviewRadosław Piliszek proposed openstack/kolla-ansible master: Use Docker healthchecks for ironic-neutron-agent services  https://review.opendev.org/c/openstack/kolla-ansible/+/81770610:06
mgoddardyoctozepto: do I remember you having a dnm patch to switch to host libvirt?13:20
yoctozeptomgoddard: not one that I heard of!13:36
yoctozeptoonly this one about stricter insulation https://review.opendev.org/c/openstack/kolla-ansible/+/79426213:36
yoctozeptoit seems not to change behaviour13:36
yoctozeptomight be fixing polkit for parallax but I think he did not finish testing it13:37
parallaxno, sorry13:43
mgoddardyoctozepto: worth a try13:51
ironfootSomehow just enabling `kolla_enable_tls_external` doesn't redirect horizon to https://. I was expecting that to be enough, but looks like https:// will only work if i also set `kolla_enable_tls_internal`14:30
ironfootIs that right?14:30
spatelguys help me with command line. 14:54
spatelcan i restart all container start with or regex with keystone using command like this docker restart --filter keystone ?14:54
hrwmeeting?15:00
yoctozeptomgoddard mnasiadka hrw egonzalez yoctozepto rafaelweingartne cosmicsound osmanlicilegi bbezak parallax Fl1nt frickler adrian-a15:00
yoctozeptomeeting15:00
yoctozepto#startmeeting kolla15:00
opendevmeetMeeting started Wed Jan 19 15:00:40 2022 UTC and is due to finish in 60 minutes.  The chair is yoctozepto. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'kolla'15:00
yoctozepto#topic Roll-call15:00
yoctozeptoo/15:00
o_horecny2o/15:01
mgoddard\o15:01
halomiva\o15:01
hrw /o]15:01
hinermaro/15:01
yoctozeptocrowds today, welcome!15:02
yoctozepto#topic Agenda15:02
yoctozepto* Roll-call15:02
yoctozepto* Agenda15:02
yoctozepto* Announcements15:02
yoctozepto* Review action items from the last meeting15:02
yoctozepto* CI status15:02
yoctozepto* Release tasks15:02
yoctozepto* Current cycle planning15:02
yoctozepto* Additional agenda (from whiteboard)15:02
yoctozepto* Open discussion15:02
yoctozepto#topic Announcements15:02
yoctozeptoI got my 3rd vaccine last weekend15:02
yoctozeptovaccine shot*15:02
yoctozeptoand have no other announcements :-)15:03
hrwyoctozepto: good!15:03
yoctozeptohrw: :-015:03
yoctozepto:-) *15:03
yoctozepto(typos, typos everywhere :D )15:03
mgoddardcongrats15:03
yoctozeptomgoddard: yeah, though I feel more like "please accept my condolences" for the time being15:04
hrwwelcome to the club etc15:04
yoctozeptoanyhow, no announcements - we be moving forward15:04
yoctozepto#topic Review action items from the last meeting15:04
hrwmy 2nd and 3rd dose went same way - all fine, arm hurting 2-3 days15:04
yoctozeptomnasiadka to triage security bugs and update them with resolution plan (if needed)15:05
yoctozeptomnasiadka post a patch for docs - standard topics that should be discussed over PTG and then revisited in mid-cycle15:05
yoctozeptokevko to let frickler know whether osism's solution is fine for his use case15:05
yoctozeptohrw: I wish it was arm only :-)15:05
yoctozeptokevko is not around15:05
yoctozeptomnasiadka not around either15:05
yoctozeptoand they likely did not do these15:06
yoctozeptorestating15:06
yoctozepto#action mnasiadka to triage security bugs and update them with resolution plan (if needed)15:06
yoctozepto#action mnasiadka post a patch for docs - standard topics that should be discussed over PTG and then revisited in mid-cycle15:06
yoctozepto#action kevko to let frickler know whether osism's solution is fine for his use case15:06
yoctozepto#topic Release tasks15:06
yoctozeptooopsie15:06
yoctozepto#undo15:06
opendevmeetRemoving item from minutes: #topic Release tasks15:06
yoctozepto#topic CI status15:06
yoctozeptoso, regarding CI15:07
yoctozeptowe had one fire15:07
yoctozeptoin the centos department15:07
yoctozeptoa good followup would be to deprecate this department15:07
yoctozeptobut I know some like it enough to endure all the pain15:07
hrwping one?15:07
yoctozeptoanyhow, the fire has been extinguished15:07
yoctozeptowe can sip our sodas and watch the CI work again15:08
yoctozeptohrw: yeah15:08
yoctozeptoso... that would be the status for k and k-a15:08
yoctozeptoI've seen k-o-b stuff merging as well15:08
yoctozeptoso would assume it's good too15:08
yoctozeptoany kayobian to confirm?15:08
priteau_Maybe some stable branches of kayobe are still be broken15:09
priteau_s/be //15:09
yoctozeptoack15:09
yoctozeptoplease update the whiteboard when you feel like it15:10
yoctozepto#topic Release tasks15:10
yoctozeptoit's R-1015:11
yoctozeptostill waiting for R-8: "Switch binary images to current release"15:11
yoctozeptonothing else to report15:11
yoctozepto#topic Current cycle planning15:11
yoctozeptoin here we can already tackle the "additional agenda" as it's related today15:11
hrwI tested R-8 situation and images are buildable15:11
yoctozepto(o.horecny2) Podman support15:11
yoctozeptohrw: oh, great! finally some good news :-)15:12
o_horecny2Hi guys, we would like to move forward with Podman things15:12
yoctozeptoo_horecny2 halomiva hinermar ^^15:13
yoctozeptoon podman15:13
yoctozeptoyou wrote:15:13
yoctozeptoAsking for code review:15:13
yoctozeptoDockerWorker class refactor - https://review.opendev.org/c/openstack/kolla-ansible/+/82378315:13
yoctozeptoSystemd container control - https://review.opendev.org/c/openstack/kolla-ansible/+/81672415:13
yoctozeptoNext steps?15:13
yoctozeptoDeadline?15:13
yoctozeptocode freeze for Yoga release15:13
yoctozeptoit's good to remind ourselves it's one of major priorities for this cycle15:13
mgoddardKolla feature freeze: Mar 21 - Mar 2515:13
o_horecny2yes, we would like to ask you about some code review, because we have already prepared change with podman on top of this changes15:14
yoctozeptoand we can have an exception if we *really* need it15:14
yoctozeptobut this should be merged by the next ptg in april15:14
mgoddardI would suggest that we aim for systemd managed docker in yoga15:14
yoctozeptoso that we can throw a little podman party15:14
mgoddard(just setting expectations based on past team review performance)15:15
yoctozeptohmm15:15
mgoddardbear in mind that podman might bring such questions as 'how to install it', 'how to migrate from docker to podman'15:16
mgoddarddoes that seem like a reasonable target?15:16
o_horecny2in case that change with docker managed by systemd is ok for you then we have same thing with podman.15:16
mgoddardfeel free to propose your podman change15:17
mgoddardbut I would suggest that we focus review effort on the systemd patch15:17
o_horecny2yes, I understand. That is what we would like to focus now, but firsly we need to know that way how it is prepared is ok for you15:17
yoctozeptomgoddard: we can have a preview15:17
yoctozeptowith no migration path15:17
mgoddardpossibly, although that is an easy way to end up with unfinished features :)15:18
yoctozeptoI can action myself to review these patches15:18
o_horecny2halomiva hinermar what do you think? Do you expect some troubles with migration?15:18
mgoddardsame15:18
yoctozeptomgoddard: I think it is possible to end up the other way around - people losing interest because of yet another cycle15:19
mgoddardone issue may be with having both podman and docker installed15:19
yoctozepto#action yoctozepto to review going-podman patches15:19
yoctozepto#action mgoddard to review going-podman patches15:19
hinermari believe you can't have both docker and podman installed simutaneously15:19
yoctozeptomgoddard, hinermar: last time I checked they can work side by side15:20
yoctozeptobut we should not mix the containers this way15:20
mgoddardI've seen troubles with containers15:20
mgoddard*containerd15:20
yoctozeptoyeah, something could misbehave, though I think they put things in containerd in two different namespaces15:21
yoctozeptoor whatever containerd calls that internal isolation15:21
yoctozeptoyup15:21
yoctozeptohttps://github.com/containerd/containerd/blob/main/docs/namespaces.md15:21
yoctozeptothe biggest issue I see is with volumes15:22
mgoddard+115:22
yoctozeptoespecially those multi-mounted ones15:22
yoctozeptobecause for single-mounted ones one can create a simple migration path15:23
yoctozeptobut for multi-mounted it's not possible15:23
yoctozeptoso we need to down all containers with that mount15:23
yoctozeptomigrate volume15:23
yoctozeptoand redo them15:23
yoctozeptorestart*15:23
yoctozeptowhich might be trickier than you think15:23
yoctozepto:-)15:23
yoctozeptothankfully we run host networking so no "fun" there15:24
o_horecny2that is right, so we need to test and try to find some trail15:25
hinermarI take it we should prevent users from having both managers and create migration tasks, right?15:25
yoctozeptohinermar: we need to figure out a sensible migration path15:26
mgoddardyes - if we ever have both installed it should only be for migration15:26
yoctozeptobut my take on that is that it's important, that's true, but should not prevent us from supporting podman for new installations15:27
o_horecny2yes, that is right15:28
mgoddardI wouldn't want to paint us into a corner though15:28
mgoddardanyway, let's see how we get on with systemd15:29
yoctozeptoindeed15:30
o_horecny2Do you guys think that this can be done inside upgrade action? Or should be for that prepared something new?15:30
yoctozeptobtw, the systemd poc is red15:30
yoctozeptoon CI15:30
mgoddardo_horecny2: I expect it will need a new action15:30
yoctozeptoo_horecny2: I would imagine a separate action15:30
yoctozeptomgoddard ++15:30
o_horecny2yoctozepto: yes, some unite tests need to be finished, but guys firstly wanted to know if it is right way and not spend time on something which can be abandoned15:32
halomivasystemd poc was reverted to version without container worker so you can decide if you want to go with abstract class or not15:33
yoctozeptoah, ok15:34
mgoddardI think abstract class probably makes sense when we introduce podman15:34
o_horecny2mgoddard: yes, it is preparation for podman15:35
mgoddardbut it's not necessary for systemd, and it's hard to see what the interface should be without podman15:35
o_horecny2so do you think that this abstract class patchset is not needed now? And we should focus onlu on systemd patchset?15:37
mgoddard+1 - focus on systemd15:37
mgoddardwe can return to the container worker afterwards15:37
yoctozepto+115:37
o_horecny2and what next? implement podman on top of systemd? or thirstly do that refactoring with abstract class?15:38
o_horecny2*firstly15:38
o_horecny2I mean this flow systemd change -> abstract class -> podman ?15:39
mgoddardI'd just share the podman patch that you have, whichever way it is15:39
mgoddardthat is probably the right order15:39
mgoddardbut we need to see the podman patch to review the abstract class patch15:39
halomivanow we have 3 version capable of basic deployment, docker worker + systemd worker, docker worker + container worker + systemd worker, podman worker + docker worker + container worker + systemd worker15:40
o_horecny2with that abstract class or without it? because I believe that when we introduce podman together with abstract class, then you will want to split it again :)15:40
halomivashould we push all of them and then we decide what we want to do first?15:40
yoctozeptohalomiva: that works for me15:41
mgoddardif you have a patch that is separate already, then push that15:41
o_horecny2ok, so halomiva and hinermar do you know what to do next?15:42
o_horecny2is it clear for you?15:43
halomivayes15:43
hinermaryes15:44
o_horecny2#action halomiva/hinermar propose change for podman15:45
yoctozepto#action halomiva/hinermar propose change for podman15:45
yoctozeptothanks o_horecny2 halomiva hinermar15:45
yoctozepto#topic Open discussion15:45
o_horecny2thanks too15:46
mgoddardon the secure RBAC front, there is this one: https://review.opendev.org/c/openstack/kolla-ansible/+/81557715:46
mgoddardadds the service role to service users15:47
mgoddardI started a discussion on the ML about it15:47
yoctozeptoyeah, seen the hi15:47
mgoddard#link http://lists.openstack.org/pipermail/openstack-discuss/2022-January/026777.html15:47
yoctozepto:D15:47
mgoddardfat fingered the first one15:48
yoctozepto#link http://lists.openstack.org/pipermail/openstack-discuss/2022-January/026777.html15:48
mgoddardessentially, keystone gonna break us if we do nothing15:48
mgoddardso we should do something15:48
mgoddardunclear right now when they will change the default for enforce_scopes15:49
mgoddardjust putting it out there15:50
mgoddardwe can discuss in the ML, or on the patch15:50
yoctozeptowe can save ourselves for the time being by pinning keystone of course15:51
yoctozeptobut yeah, we need to address this15:51
yoctozeptoI am lacking the time resources to handle it though15:51
yoctozeptoI think we are out of other topics today15:53
mgoddard+115:54
yoctozeptothank you all for attending15:55
yoctozeptoand see you next time15:55
yoctozepto#endmeeting15:55
opendevmeetMeeting ended Wed Jan 19 15:55:14 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:55
opendevmeetMinutes:        https://meetings.opendev.org/meetings/kolla/2022/kolla.2022-01-19-15.00.html15:55
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/kolla/2022/kolla.2022-01-19-15.00.txt15:55
opendevmeetLog:            https://meetings.opendev.org/meetings/kolla/2022/kolla.2022-01-19-15.00.log.html15:55
mgoddardthanks yoctozepto 15:56
opendevreviewJames Kirsch proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557717:30
opendevreviewMark Goddard proposed openstack/kolla-ansible master: libvirt: make it possible to disable nova_libvirt container  https://review.opendev.org/c/openstack/kolla-ansible/+/82535717:42
opendevreviewMark Goddard proposed openstack/kolla-ansible master: libvirt: make it possible to disable nova_libvirt container  https://review.opendev.org/c/openstack/kolla-ansible/+/82535717:46
opendevreviewMark Goddard proposed openstack/kayobe master: libvirt: deploy libvirt on the host  https://review.opendev.org/c/openstack/kayobe/+/82535917:47
opendevreviewJames Kirsch proposed openstack/kolla-ansible master: Enable Keystone scope enforcement  https://review.opendev.org/c/openstack/kolla-ansible/+/82540623:14
« Tuesday, 2022-01-18 Index Thursday, 2022-01-20 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!