| *** jhorstmann is now known as Guest36244 | 03:09 | |
| mikal | Has anyone else noticed that a new version of bandit just released which is breaking linting for kolla-ansible master? If not, I'll have a go at a patch. | 05:13 |
|---|---|---|
| opendevreview | Michael Still proposed openstack/kolla-ansible master: Cap bandit version for linting. https://review.opendev.org/c/openstack/kolla-ansible/+/973748 | 05:17 |
| opendevreview | Michael Still proposed openstack/kolla-ansible master: Cap bandit version for linting. https://review.opendev.org/c/openstack/kolla-ansible/+/973748 | 05:19 |
| mikal | Looking at it some more, this fix will be need to be backported as well as the stable versions don't have an upper constraint either. | 06:08 |
| opendevreview | Michael Still proposed openstack/kolla-ansible master: Cap bandit version for linting. https://review.opendev.org/c/openstack/kolla-ansible/+/973748 | 07:37 |
| Vii | Hey, I’ve noticed that 21.0.0-6 is slowly starting to come together | 08:28 |
| Vii | I think it would be really good to get https://review.opendev.org/c/openstack/kolla-ansible/+/973469 | 08:29 |
| Vii | in before the release - this affects the Redis -> Valkey upgrade path. Right now the logic only works when the first node in the group is the master, if the master is on a different node, the upgrade can fail. Facts should be gathered across all nodes to determine the actual master. It’s also a pretty simple bug. | 08:29 |
| Vii | Also https://review.opendev.org/c/openstack/kolla-ansible/+/973484 | 08:30 |
| Vii | would be good to include as well - it’s a simple Neutron bugfix, but it can block upgrades on many deployments due to an incorrect variable. | 08:30 |
| Vii | cc: mnasiadka, bbezak | 08:31 |
| opendevreview | Bartosz Bezak proposed openstack/kolla-ansible master: valkey: Fix 'valkey_master_host' undefined error during upgrade https://review.opendev.org/c/openstack/kolla-ansible/+/973469 | 08:42 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible master: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973771 | 09:15 |
| opendevreview | Verification of a change to openstack/kolla-ansible stable/2025.2 failed: Add logrotate configuration for OpenSearch Dashboards https://review.opendev.org/c/openstack/kolla-ansible/+/973598 | 09:18 |
| mnasiadka | frickler: it seems new bandit broke us a bit - see https://review.opendev.org/c/openstack/kolla-ansible/+/973771 | 09:18 |
| mnasiadka | Geez, now pep8 fails these lines with line too long :D | 09:25 |
| frickler | meh. but thx for fixing this | 09:30 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible master: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973771 | 09:47 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible master: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973771 | 09:53 |
| mnasiadka | frickler: we could also exclude tests/ from bandit, which probably makes more sense | 09:54 |
| mnasiadka | But maybe next time ;) | 09:55 |
| opendevreview | Bartosz Bezak proposed openstack/kolla-ansible master: valkey: Fix 'valkey_master_host' undefined error during upgrade https://review.opendev.org/c/openstack/kolla-ansible/+/973469 | 09:57 |
| mnasiadka | frickler: and that’s probably bandit bug that None triggers B106, but whatever | 10:03 |
| opendevreview | Verification of a change to openstack/kolla-ansible master failed: neutron: decouple backend TLS certs from CA cert copying https://review.opendev.org/c/openstack/kolla-ansible/+/973484 | 10:19 |
| opendevreview | Piotr Milewski proposed openstack/kolla-ansible master: neutron: decouple backend TLS certs from CA cert copying https://review.opendev.org/c/openstack/kolla-ansible/+/973484 | 10:23 |
| blanson[m] | mnasiadka: I investigated the ovn jobs failing in https://review.opendev.org/c/openstack/kolla-ansible/+/970948/8 but I'm not sure my fix broke it, I think it's just broken right now. Shouldn't this https://opendev.org/openstack/kolla-ansible/src/branch/master/ansible/roles/service-check-containers/tasks/iterated.yml#L9 look for {{ service.container_name }}_{{ item }} ? From the looks of it ? do we have other ovn jobs failing in | 11:27 |
| blanson[m] | other reviews that would confirm this ? | 11:27 |
| blanson[m] | I'll take a look | 11:27 |
| opendevreview | Bertrand Lanson proposed openstack/kolla-ansible master: DNM: Making iterated container-check idempotent https://review.opendev.org/c/openstack/kolla-ansible/+/973803 | 11:41 |
| Vii | mnasiadka: I noticed your recent change, but I think the current logic for glance_copy_certs in main.yml is a bit too broad: glance_copy_certs: "{{ kolla_copy_ca_into_containers | bool or glance_enable_tls_backend | bool or glance_database_enable_tls_internal | bool }}". The problem is that if a user sets kolla_copy_ca_into_containers: true, the condition glance_copy_certs becomes true as well. As a result, the tasks | 11:52 |
| Vii | inside copy-certs.yml (wrapped in {% if glance_copy_certs | bool %}) are executed. These tasks often look for service-specific files like glance.crt and glance.key. If the user is NOT using TLS for the Glance backend, these files don't exist, and the Ansible play fails. | 11:52 |
| Vii | for glance and other services where you changed | 11:53 |
| mnasiadka | Vii: it might be, I think we should think of a test that uncovers such cases... | 11:55 |
| opendevreview | Bertrand Lanson proposed openstack/kolla-ansible master: DNM: Making iterated container-check idempotent https://review.opendev.org/c/openstack/kolla-ansible/+/973803 | 11:56 |
| opendevreview | Piotr Milewski proposed openstack/kolla-ansible master: Fix: Remove kolla_copy_ca_into_containers from _copy_certs logic https://review.opendev.org/c/openstack/kolla-ansible/+/973808 | 12:06 |
| Vii | mnasiadka: Simple fix for the _copy_certs logic: https://review.opendev.org/c/openstack/kolla-ansible/+/973808. It shouldn't break anything as the variable is not used elsewhere and it correctly decouples CA trust from internal service TLS. | 12:08 |
| Vii | doing so many tests for different SSL scenarios... a disaster :) | 12:09 |
| opendevreview | Merged openstack/kolla-ansible master: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973771 | 12:29 |
| opendevreview | Merged openstack/kolla-ansible master: valkey: Fix 'valkey_master_host' undefined error during upgrade https://review.opendev.org/c/openstack/kolla-ansible/+/973469 | 12:29 |
| opendevreview | Bartosz Bezak proposed openstack/kolla-ansible master: CI: use proper arch in tempest aarch64 jobs https://review.opendev.org/c/openstack/kolla-ansible/+/973817 | 12:44 |
| tafkamax | BTW, just to chime in, as you were talking about the dockerhub packages and changing the mission statement. Again it would be good to communicate these kinds of things in advance and maybe give a period when you will delete stuff. For example in #openstack-dev somebody already noticed that all kolla dockerhub packages were gone. | 13:26 |
| opendevreview | Maksim Malchuk proposed openstack/kolla-ansible stable/2025.1: ceilometer: Disable healthchecks for compute and central https://review.opendev.org/c/openstack/kolla-ansible/+/973834 | 14:01 |
| opendevreview | Maksim Malchuk proposed openstack/kolla-ansible stable/2024.2: ceilometer: Disable healthchecks for compute and central https://review.opendev.org/c/openstack/kolla-ansible/+/973835 | 14:01 |
| opendevreview | Piotr Milewski proposed openstack/kolla-ansible master: Trivial: glance: use glance_enable_tls_backend for service certs in JSON template https://review.opendev.org/c/openstack/kolla-ansible/+/973837 | 14:05 |
| opendevreview | Piotr Milewski proposed openstack/kolla-ansible master: Trivial: glance/neutron: use enable_tls_backend for service certs in JSON templates https://review.opendev.org/c/openstack/kolla-ansible/+/973837 | 14:13 |
| mnasiadka | tafkamax: We have switched to publishing them to quay.io long time ago - https://lists.openstack.org/pipermail/openstack-discuss/2021-September/024834.html | 14:40 |
| mnasiadka | September 2021 is long enough notice | 14:40 |
| mnasiadka | And we spoke about it on two PTGs in a row | 14:41 |
| mnasiadka | And we haven’t removed the org from Docker Hub, we planned on doing that, but didn’t have access to organisation - I reached out to DockerHub to get proper access to that org, and it vanished… | 14:42 |
| mnasiadka | Still have no answer from Docker Hub support | 14:42 |
| mnasiadka | tafkamax: so don’t assume wrongdoing ;-) | 14:43 |
| tafkamax | Ok, I just wanted to inform you that somebody noticed this and talked about it somewhere else. | 14:53 |
| tafkamax | So it is some weird docker hub issue huh | 14:53 |
| opendevreview | Bartosz Bezak proposed openstack/kolla-ansible master: CI: introduce dstat https://review.opendev.org/c/openstack/kolla-ansible/+/973845 | 15:10 |
| opendevreview | Bartosz Bezak proposed openstack/kolla-ansible master: CI: use proper arch in tempest aarch64 jobs https://review.opendev.org/c/openstack/kolla-ansible/+/973817 | 15:11 |
| mnasiadka | tafkamax: I’ve seen that, now I’m on #openstack-dev and happy to respond to such questions ;) | 15:15 |
| opendevreview | Merged openstack/kolla-ansible master: neutron: decouple backend TLS certs from CA cert copying https://review.opendev.org/c/openstack/kolla-ansible/+/973484 | 15:33 |
| opendevreview | Piotr Milewski proposed openstack/kolla-ansible stable/2025.2: neutron: decouple backend TLS certs from CA cert copying https://review.opendev.org/c/openstack/kolla-ansible/+/973850 | 15:50 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible stable/2025.2: neutron: decouple backend TLS certs from CA cert copying https://review.opendev.org/c/openstack/kolla-ansible/+/973850 | 15:50 |
| opendevreview | Piotr Milewski proposed openstack/kolla-ansible stable/2025.2: valkey: Fix 'valkey_master_host' undefined error during upgrade https://review.opendev.org/c/openstack/kolla-ansible/+/973854 | 15:51 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible stable/2025.2: docs: Add information about possible password leaking https://review.opendev.org/c/openstack/kolla-ansible/+/973855 | 15:52 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible stable/2025.1: docs: Add information about possible password leaking https://review.opendev.org/c/openstack/kolla-ansible/+/973856 | 15:52 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible stable/2024.2: docs: Add information about possible password leaking https://review.opendev.org/c/openstack/kolla-ansible/+/973857 | 15:53 |
| opendevreview | Piotr Milewski proposed openstack/kolla-ansible master: cinder/keystone: implement serial restart and healthcheck validation https://review.opendev.org/c/openstack/kolla-ansible/+/972678 | 16:01 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible stable/2025.2: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973862 | 16:07 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible stable/2025.2: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973862 | 16:08 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible stable/2025.1: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973863 | 16:09 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible stable/2024.2: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973864 | 16:10 |
| opendevreview | Pierre Riteau proposed openstack/kolla master: Remove remaining mentions of Docker Hub https://review.opendev.org/c/openstack/kolla/+/973868 | 16:21 |
| opendevreview | Pierre Riteau proposed openstack/kolla master: Remove remaining mentions of Docker Hub https://review.opendev.org/c/openstack/kolla/+/973868 | 16:36 |
| opendevreview | Piotr Milewski proposed openstack/kolla-ansible master: cinder/keystone: implement serial restart and healthcheck validation https://review.opendev.org/c/openstack/kolla-ansible/+/972678 | 17:11 |
| opendevreview | Jan Gutter proposed openstack/kolla-ansible master: Redact module parameters in kolla_toolbox https://review.opendev.org/c/openstack/kolla-ansible/+/973874 | 17:25 |
| opendevreview | Doug Szumski proposed openstack/kolla-ansible master: WIP: Add support for shards in Ironic deployments https://review.opendev.org/c/openstack/kolla-ansible/+/973881 | 17:54 |
| opendevreview | Verification of a change to openstack/kolla-ansible stable/2025.2 failed: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973862 | 19:14 |
| opendevreview | Verification of a change to openstack/kolla-ansible stable/2025.2 failed: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973862 | 20:06 |
| opendevreview | Merged openstack/kolla-ansible stable/2024.2: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973864 | 20:25 |
| opendevreview | Merged openstack/kolla-ansible stable/2025.1: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973863 | 20:32 |
| opendevreview | Merged openstack/kolla-ansible stable/2025.2: CI: Fix hardcoded passwords check introduced by bandit https://review.opendev.org/c/openstack/kolla-ansible/+/973862 | 22:16 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!