Wednesday, 2026-01-14

« Tuesday, 2026-01-13 Index Thursday, 2026-01-15 »
opendevreviewMerged openstack/kolla-ansible master: ansible-lint: fix yaml[line-length] in barbican  https://review.opendev.org/c/openstack/kolla-ansible/+/97088006:28
opendevreviewMerged openstack/kolla-ansible master: Add logrotate configuration for OpenSearch Dashboards  https://review.opendev.org/c/openstack/kolla-ansible/+/97269806:36
opendevreviewMichal Nasiadka proposed openstack/kolla stable/2024.2: Update repo GPG key for influxdata.  https://review.opendev.org/c/openstack/kolla/+/97299907:56
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Enable TLS backend for designate  https://review.opendev.org/c/openstack/kolla-ansible/+/86652409:09
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Enable TLS backend for designate  https://review.opendev.org/c/openstack/kolla-ansible/+/86652409:09
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Adapt notifying handlers message  https://review.opendev.org/c/openstack/kolla-ansible/+/94042809:15
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Adapt notifying handlers message  https://review.opendev.org/c/openstack/kolla-ansible/+/94042809:16
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: Add back openstack-python3-jobs-arm64  https://review.opendev.org/c/openstack/kolla-ansible/+/94548509:17
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: Add back openstack-python3-jobs-arm64  https://review.opendev.org/c/openstack/kolla-ansible/+/94548509:17
opendevreviewMerged openstack/kolla-ansible master: Standardize naming for MariaDB recovery and backup files  https://review.opendev.org/c/openstack/kolla-ansible/+/95281809:19
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Ensure neutron_bridge_name and neutron_external_interface have the same length  https://review.opendev.org/c/openstack/kolla-ansible/+/94379909:19
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Ensure neutron_bridge_name and neutron_external_interface have the same length  https://review.opendev.org/c/openstack/kolla-ansible/+/94379909:20
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: docs: Add information about possible password leaking  https://review.opendev.org/c/openstack/kolla-ansible/+/95922209:22
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: docs: Add information about possible password leaking  https://review.opendev.org/c/openstack/kolla-ansible/+/95922209:24
mnasiadkafrickler: I’d like to finally push the password leaking note forward - https://review.opendev.org/c/openstack/kolla-ansible/+/959222 - can you have a look?09:35
fricklerack. btw that's another good location to add a "build your own containers" note I guess09:48
mnasiadkaI guess so09:49
mnasiadkafrickler: https://review.opendev.org/c/openstack/kolla-ansible/+/962419 - should we disable requirements-check or what’s the best path forward?09:49
mnasiadkaah09:50
mnasiadkaWe probably should merge it in 2025.209:50
mnasiadkaBcrypt was removed from reqs in master09:50
mnasiadkaSo we need to get rid of it09:50
mnasiadkaAh no, I confused it with passlib09:51
mnasiadkabcrypt is 4.3.0 in reqs09:52
fricklerhmm, difficult question. what became of the "curate a deployment-constraints.txt" SIG?09:55
fricklerif we want to disable the reqs check, I think we would need to discuss it at the TC level first09:56
opendevreviewLeonie Chamberlin-Medd proposed openstack/kayobe master: Add support for fail2ban in Kayobe  https://review.opendev.org/c/openstack/kayobe/+/97309009:56
mnasiadkafrickler: we were supposed to draft a spec, which I failed to have time to do :)10:02
mnasiadka(Re the deployment constraints)10:03
opendevreviewMerged openstack/kolla-ansible master: docs: Add information about possible password leaking  https://review.opendev.org/c/openstack/kolla-ansible/+/95922210:06
opendevreviewPierre Riteau proposed openstack/kayobe-config-dev master: CI: Configure ansible0 as Ansible control host  https://review.opendev.org/c/openstack/kayobe-config-dev/+/97284210:45
opendevreviewPierre Riteau proposed openstack/kayobe master: CI: Add kayobe-ansible-control-host-configure jobs  https://review.opendev.org/c/openstack/kayobe/+/97284310:45
opendevreviewPierre Riteau proposed openstack/kayobe master: CI: Add kayobe-ansible-control-host-configure jobs  https://review.opendev.org/c/openstack/kayobe/+/97284311:22
opendevreviewMerged openstack/kolla stable/2024.2: Update repo GPG key for influxdata.  https://review.opendev.org/c/openstack/kolla/+/97299911:24
opendevreviewLeonie Chamberlin-Medd proposed openstack/kayobe master: Add support for fail2ban in Kayobe  https://review.opendev.org/c/openstack/kayobe/+/97309012:08
opendevreviewPierre Riteau proposed openstack/kolla-ansible master: keystone: support OIDCOutgoingProxy parameter  https://review.opendev.org/c/openstack/kolla-ansible/+/97337012:36
opendevreviewLeonie Chamberlin-Medd proposed openstack/kayobe master: Add support for fail2ban in Kayobe  https://review.opendev.org/c/openstack/kayobe/+/97309013:18
opendevreviewSeunghun Lee proposed openstack/kolla-ansible master: Improve Let's encrypt settings logic  https://review.opendev.org/c/openstack/kolla-ansible/+/95677113:41
bbezakmnasiadka bbezak frickler kevko mmalchuk gkoper jovial mattcrees dougszu darmach pabloclsn ravlew amir58118 r-krcek blanson[m] - meeting in 813:52
opendevreviewSeunghun Lee proposed openstack/kolla-ansible master: Make RabbitMQ stream retention policy configurable  https://review.opendev.org/c/openstack/kolla-ansible/+/95329713:56
bbezak#startmeeting kolla14:00
opendevmeetMeeting started Wed Jan 14 14:00:39 2026 UTC and is due to finish in 60 minutes.  The chair is bbezak. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
opendevmeetThe meeting name has been set to 'kolla'14:00
bbezak#topic rollcall14:00
enick_604o714:00
jpho714:01
bbezak#topic agenda14:02
bbezak* Roll-call14:02
bbezak* Agenda14:02
bbezak* Announcements14:02
bbezak* Review action items from the last meeting14:02
bbezak* CI status14:02
bbezak* Release tasks14:02
bbezak* Regular stable releases (first meeting in a month)14:02
bbezak* Current cycle planning14:02
bbezak* Additional agenda (from whiteboard)14:02
bbezak* Open discussion14:02
bbezak#topic CI status14:02
mmalchuk_o/14:02
seunghunleeo/14:03
mnasiadkao/ (with 3g internet!)14:03
fprzewoznyo/14:03
bbezakLooking at CI front - after recent secrets rotation14:03
bbezakLooking ok14:03
bbezak#topic - Regular stable releases14:03
bbezakI’ll look into that, as I think we merged in all branches influx fixes14:04
bbezak#topic Additional agenda (from whiteboard)14:04
bbezakI deliberately leaving those entries on whiteboard - until they are reviewed14:05
*** mmalchuk_ is now known as mmalchuk14:05
bbezakUnfortunately I’m a bit busy on customer’s work14:05
bbezakBut trying my best to review stuff14:05
bbezakI wanted to say that I remember about all of you, and try to progress as much as I can :)14:06
bbezakOther reviewers as well14:06
bbezakThere is new entry by frickler14:06
bbezak#link - https://etherpad.opendev.org/p/KollaWhiteBoard#L9514:07
bbezakI agree, that is basically a reality for a long time14:07
bbezakImages on quay.io are not meant to be consumed directly. i.e. only for testing purposes14:08
bbezakmnasiadka14:09
bbezakAlso did make notes on whiteboard14:09
bbezakPlease take a look on your entries14:09
bbezakAs I can see there are some patches in merge conflicts there14:09
blanson[m]Been using kolla for a while now, I agree at first sight that's not entirely obvious imo that the quay images aren't meant for production (aside from a single line I believe in the documentation stating it? )14:09
bbezakYes, that is the goal of frickler’s readme change I believe14:11
bbezakTo reflect reality better14:11
mnasiadkaI need to check if we could have some description in quay.io14:11
mnasiadkaAnd we should drop docker hub content and account14:11
mnasiadkaAnybody disagrees?14:11
blanson[m]we had dockerhub uploads ?14:12
mnasiadkaLong time ago14:12
mnasiadka#link https://hub.docker.com/u/kolla14:12
mnasiadkaLast working 2025.1 publish was 3 months ago14:13
bbezak+114:13
blanson[m]I think dropping it is fine I don't think it was ever mentioned in the documentation ? everything points to quay now, so +114:13
mnasiadkaIt was mentioned long time ago, we switched to quay.io before I became PTL :)14:14
mnasiadkaWhich was around… Xena?14:14
bbezak#topic Open discussion14:14
yuvalI didnt fully understand the issue with quay. its not for production, only for testing. is there an image that is good for production or each user need to creates its own?14:15
mnasiadkaEach user should build his own, we can’t guarantee that the images in quay.io are fit for production (vulnerabilities, etc)14:16
jphI would like mention that I am exploring adding OpenBao as a service within kolla/kolla-ansible. I think it would be nice addition as it would provide a common solution for PKI and Barbican integration.14:17
blanson[m]I think there was a review to add vault support for barbican a while ago idk if it's been merged 14:18
blanson[m]#link https://review.opendev.org/c/openstack/kolla-ansible/+/93570414:18
blanson[m]I think that's the one 14:18
mnasiadkajph: openbao is MPL 2.0, wondering what are the implications - but that should be fine14:19
bbezakI think for deployment project mixing licenses is ok14:19
bbezakEven non compatible ones14:19
mnasiadkaWell, Ansible modules are complicated :)14:20
mnasiadkaBut yes, I agree14:21
jphGood to know. I am just having an issue with sources definition they don't match ${debian_arch}.14:21
fprzewoznyIf anyone here is open to check / test, you are welcome: https://review.opendev.org/c/openstack/kolla-ansible/+/970594 :) I'm running this virtual routing config in multiple clusters, and it was kinda game changer 14:21
mnasiadkaAdded RP+1 and will try to review14:25
fprzewoznythanks! 14:25
mnasiadkabbezak, frickler: I’ve cleaned up RP+1 for patches that had merge conflict, so the list should be usable now to do reviews - so if you have time - just focus on these for this/next week14:25
mnasiadkaLet’s treat it as a weekly list to go through, we can’t really review everything14:26
mnasiadkablanson[m]: it would be beneficial if you could also review the patches from RP+1 list and whiteboard - that would help us a lot14:26
blanson[m]I will 14:26
blanson[m]it's in the kolla/kolla-ansible dashboard ? 14:26
mnasiadkayes14:27
mnasiadkaThe links to dashboards are on the whiteboard14:27
mnasiadka(More boards!)14:27
mnasiadkaThat’s all from me and bbezak I guess14:27
blanson[m]yes I have themn bookmarked, will try to go through a bunch 14:27
bbezakcool14:28
bbezakLet’s try to improve review velocity :)14:28
bbezakThank you for joining today!14:30
bbezak#endmeeting14:30
opendevmeetMeeting ended Wed Jan 14 14:30:04 2026 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:30
opendevmeetMinutes:        https://meetings.opendev.org/meetings/kolla/2026/kolla.2026-01-14-14.00.html14:30
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/kolla/2026/kolla.2026-01-14-14.00.txt14:30
opendevmeetLog:            https://meetings.opendev.org/meetings/kolla/2026/kolla.2026-01-14-14.00.log.html14:30
blanson[m]thank you ! 14:30
mnasiadkathanks bbezak14:30
fprzewoznythanks!14:30
mnasiadkaOf course if others have time for doing meaningful reviews  (especially on patches that have RP+1) - that’s all appreciated - we need to make the project running at some steam again :)14:32
fprzewoznyregarding streams, I really hope we could push a bit that one: https://review.opendev.org/c/openstack/kolla-ansible/+/95329714:33
*** mmalchuk_ is now known as mmalchuk14:33
mmalchukthanks all14:34
axeljacquet[m]hello i will try  to help for reviews of patches from RP+1 :) 14:35
mnasiadkafprzewozny: it’s been a topic for a while, and I don’t seem to understand if the default retention policy is bad or not :)14:36
opendevreviewSeunghun Lee proposed openstack/kolla-ansible master: Improve Let's encrypt settings logic  https://review.opendev.org/c/openstack/kolla-ansible/+/95677114:36
fprzewoznydefault one fot streams is not existing? messages are kept in queues forever 14:37
fprzewoznywithout stream queues (so old behaviour) number of messages may show potential issues 14:38
fprzewoznyand being honest it looks just bad to have it there14:38
seunghunleeThere is one for stream queues but they're very generous, so until some number of stream ready messages are gone, the number of ready messages will grow a lot14:39
seunghunleeHence the patch link: https://review.opendev.org/c/openstack/kolla-ansible/+/95329714:40
fprzewoznyasked a collegue from other company, and there were totally not aware of 250k+ ready messages in cinder-scheduler_fanout 14:40
fprzewoznyand I don't want to ask what will happen in case of single RabbitMQ restart ... 14:41
seunghunleeI couldn't find the effect of having large number of ready messages for stream queues but it would be better to remove them earlier than currently retention period to prevent this large number of messages hides actual problem (if there's one)14:41
fprzewoznyI can only suspect that this can be potential memory leak issue? And what happens if one of the MQ nodes needs resyncing?14:43
*** mmalchuk_ is now known as mmalchuk14:46
seunghunleeI also expected some kind of performance issue but couldn't verify that. oslo.messaging guys also says this large number of ready messages is expected and encouraging the use of custom retention policy.14:51
opendevreviewLeonie Chamberlin-Medd proposed openstack/kayobe master: Add support for fail2ban in Kayobe  https://review.opendev.org/c/openstack/kayobe/+/97309015:13
opendevreviewSeunghun Lee proposed openstack/kolla-ansible master: Make RabbitMQ stream retention policy configurable  https://review.opendev.org/c/openstack/kolla-ansible/+/95329716:09
opendevreviewPiotr Milewski proposed openstack/kolla-ansible master: Pin bcrypt to < 4.0.0 to fix Prometheus configuration failure  https://review.opendev.org/c/openstack/kolla-ansible/+/97340916:17
*** jhorstmann is now known as Guest3586316:23
opendevreviewLeonie Chamberlin-Medd proposed openstack/kayobe master: Add support for fail2ban in Kayobe  https://review.opendev.org/c/openstack/kayobe/+/97309017:08
opendevreviewMatt Anson proposed openstack/kolla master: Add purity_fb to python deps for manila-base  https://review.opendev.org/c/openstack/kolla/+/97341717:21
opendevreviewPierre Riteau proposed openstack/kayobe master: Sync host configuration with Ansible defaults  https://review.opendev.org/c/openstack/kayobe/+/97342218:17
opendevreviewPierre Riteau proposed openstack/kolla-ansible master: keystone: support OIDCOutgoingProxy parameter  https://review.opendev.org/c/openstack/kolla-ansible/+/97337018:21
mnasiadkafrickler, bbezak: I think the bcrypt problem comes from the 72 characters limit, which was a warning (and automatically truncated in the past) and now is an error - we need to limit what we pass to bcrypt to be only 72 chars18:31
Viinot 7x characters, only 72-byte password limit18:49
ViiThis triggers an incorrect error message regarding password length (72 bytes limit), even if the password is much shorter (in this case, 40 characters).18:50
Viifrom what I understand, when Kolla-Ansible uses password_hash('bcrypt'), Ansible relies on passlib as the underlying engine. The misleading '72 bytes' error happens because passlib fails to detect the backend version in bcrypt 4.0.0+ and falls back to a generic error message based on the native bcrypt/Blowfish limit of 72 characters. Downgrading to bcrypt<4.0.0 fixes the handshake between these libs18:56
Viihttps://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt_sha256.html18:57
Viihttps://foss.heptapod.net/python-libs/passlib/-/issues?show=eyJpaWQiOiIxOTYiLCJmdWxsX3BhdGgiOiJweXRob24tbGlicy9wYXNzbGliIiwiaWQiOjIyMjYxMX0%3D19:00
mnasiadkaWell, passlib is dead, so we should rather be moving away from it.19:50
mnasiadkaAnsible devel has added support for libcrypt/libxcrypt, but that doesn’t help anyone using a stable release.19:52
Viior make bcrypt>=3.0.0,<4.0.0 for older versions, and in new ones switch to libcrypt/libxcrypt20:04
ViiOr, as a note for older versions, generate a hash and put it in the passwords file. And in the code, add an exception stating that if there's a hash, copy it.20:06
niuxI would be ok to work on this. So what would be the best approach ?21:27
opendevreviewMichael Still proposed openstack/kolla master: Re-enable SPICE support on Debian.  https://review.opendev.org/c/openstack/kolla/+/97244122:29
opendevreviewMichael Still proposed openstack/kolla-ansible master: Simplify cron jobs for log rotate.  https://review.opendev.org/c/openstack/kolla-ansible/+/96913822:33
« Tuesday, 2026-01-13 Index Thursday, 2026-01-15 »

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!