Wednesday, 2026-03-25

opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: CI: Test for leaked passwords in syslog https://review.opendev.org/c/openstack/kolla-ansible/+/981068	05:03
mnasiadka	Yay, lint fixing done	05:08
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: CI: Test for leaked passwords in syslog https://review.opendev.org/c/openstack/kolla-ansible/+/981068	06:01
opendevreview	Merged openstack/kolla-ansible stable/2024.2: prometheus: Sort blackbox exporters https://review.opendev.org/c/openstack/kolla-ansible/+/978383	06:25
mnasiadka	blanson[m]: regarding https://review.opendev.org/c/openstack/kolla-ansible/+/971801 - what the heck do we do with podman? :)	06:36
opendevreview	Merged openstack/kolla master: Update ProxySQL 3.0.x RPM repo to use almalinux 10 https://review.opendev.org/c/openstack/kolla/+/978911	06:38
opendevreview	Michal Nasiadka proposed openstack/ansible-collection-kolla master: docker/podman_sdk: use become for checking if virtualenv exists https://review.opendev.org/c/openstack/ansible-collection-kolla/+/974300	06:50
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: Standardize API health check endpoints https://review.opendev.org/c/openstack/kolla-ansible/+/962785	06:52
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: Standardize API health check endpoints https://review.opendev.org/c/openstack/kolla-ansible/+/962785	06:52
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: blazar: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981455	06:55
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: manila: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981458	06:56
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: mistral: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981460	06:56
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: trove: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981467	06:56
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: zun: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981468	06:56
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: cyborg: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981470	06:56
opendevreview	Seunghun Lee proposed openstack/kolla master: WIP: Update Ceph Squid RPM repo to centos-10-stream https://review.opendev.org/c/openstack/kolla/+/980114	06:57
opendevreview	Michal Nasiadka proposed openstack/kolla master: Update Ceph Squid RPM repo to centos-10-stream https://review.opendev.org/c/openstack/kolla/+/980114	06:57
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: CI: Test for leaked passwords in syslog https://review.opendev.org/c/openstack/kolla-ansible/+/981068	06:59
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: CI: Test for leaked passwords in syslog https://review.opendev.org/c/openstack/kolla-ansible/+/981068	07:02
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: kolla_container: Add support for user and security_opt parameters https://review.opendev.org/c/openstack/kolla-ansible/+/975065	07:13
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: kolla_container: Return annotation of comparison failures https://review.opendev.org/c/openstack/kolla-ansible/+/978162	07:13
opendevreview	Merged openstack/kolla master: horizon: add django-redis dependency https://review.opendev.org/c/openstack/kolla/+/980779	07:23
opendevreview	Merged openstack/kolla stable/2025.2: Add Open vSwitch/OVN versions to support matrix https://review.opendev.org/c/openstack/kolla/+/978744	07:23
blanson[m]	mnasiadka: Those ulimits are not used in podman, they're retained for documentation, but I can't really find anything on the "why" we forbid users from changing those values	07:43
blanson[m]	podman being fairly recent, I would suspect that sometime ago, it broke stuff ?	07:43
blanson[m]	but tbh I have no idea why these would get dropped, maybe we stop dropping them ?	07:44
blanson[m]	I think I'll send a patch to allow them back	07:47
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: grafana: ensure custom dashboards are properly synchronized https://review.opendev.org/c/openstack/kolla-ansible/+/963567	07:50
blanson[m]	can I get those chains backported pretty please mnasiadka ? :) https://review.opendev.org/c/openstack/kolla-ansible/+/972836/3 and https://review.opendev.org/c/openstack/kolla-ansible/+/972839/3 our older clusters need some love	07:51
mnasiadka	blanson[m]: love on the way ;)	07:55
mnasiadka	blanson[m]: https://review.opendev.org/c/openstack/kolla-ansible/+/978162 - you can upgrade to +2 ;-)	07:56
blanson[m]	oh yes I have privileges now	07:57
blanson[m]	done	07:57
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: mistral: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981460	07:57
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: trove: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981467	07:57
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: zun: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981468	07:57
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: cyborg: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981470	07:57
blanson[m]	priority queue really dropped some pathces that look better now :D	07:58
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: blazar: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981455	07:58
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: blazar: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981455	07:58
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: manila: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981458	07:58
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: mistral: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981460	07:58
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: trove: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981467	07:58
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: zun: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981468	07:58
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: cyborg: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981470	07:58
mnasiadka	blanson[m]: I started remove some old unattended patches - if you have any you feel are important - give them RP+1	07:59
mnasiadka	I’d like to also finish the uwsgi crusade	07:59
mnasiadka	So we can drop apache+mod_wsgi usage	07:59
opendevreview	Piotr Milewski proposed openstack/kolla master: Add OCI standard labels to container images https://review.opendev.org/c/openstack/kolla/+/971681	08:03
Vii	https://review.opendev.org/c/openstack/kolla-ansible/+/974515 - Fix log file permissions for MariaDB and Pacemaker	08:05
Vii	look, I know it's not the best solution but I don't think there's a better way to have these logs	08:06
mnasiadka	Vii: what about an extend_start.sh approach in hacluster-pacemaker?	08:08
mnasiadka	Vii: resending - the standard approach is precreating an empty log file in extend_start.sh and ensuring permissions are correct in kolla-ansible config.json (kolla_set_configs manages this) - maybe we should think of adding precreation option to kolla_set_configs so we can manage this all in one place	08:13
Vii	I don't remember exactly now, but I think it's the same problem as with mariadb, i.e., the 4 for "other" is always missing when "creating a file" or when it's rotated by cron.	08:14
Vii	ignore, I'll check it again, old topic	08:15
Vii	https://review.opendev.org/c/openstack/kolla-ansible/+/935704 <- barbican vault ;) If you can, look at it better and maybe it will go away :)	08:16
Vii	pass*	08:16
Vii	https://review.opendev.org/c/openstack/kolla-ansible/+/976653 <- prometheus: add valkey exporter support (and this is probably what's missing since we switched to valkey)	08:19
opendevreview	Taavi Ansper proposed openstack/kolla-ansible master: Fix keystone with IDP configured. https://review.opendev.org/c/openstack/kolla-ansible/+/975901	08:20
tafkamax	Changed keystone_wsgi_provider to apache for testing in CI	08:20
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: CI: Test for leaked passwords in syslog https://review.opendev.org/c/openstack/kolla-ansible/+/981068	08:20
opendevreview	Merged openstack/kolla-ansible master: Fix ulimit defaults for Debian family container engines https://review.opendev.org/c/openstack/kolla-ansible/+/971801	08:55
opendevreview	Merged openstack/kolla-ansible master: ovn-db: add support for ovn-northd extra command-line arguments https://review.opendev.org/c/openstack/kolla-ansible/+/977469	08:55
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Added vault support to barbican as back-end secret https://review.opendev.org/c/openstack/kolla-ansible/+/935704	08:57
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Added vault support to barbican as back-end secret https://review.opendev.org/c/openstack/kolla-ansible/+/935704	08:58
mikal	Is there a historical reason that nova_cell's qemu.conf template set's stdio_handler to "file"? Would that decision be documented anywhere?	09:04
mikal	The net effect of doing that is that console log files for nova are not rotated ever, which means you can end up with the instance directory becoming very large.	09:07
mnasiadka	mikal: I’m sure you can find something in https://review.opendev.org/q/project:openstack/kolla-ansible+path:%22ansible/roles/nova/templates/qemu.conf.j2%22	09:18
mnasiadka	But it seems it’s older even than breaking out kolla-ansible from kolla	09:18
mikal	Yeah, git blame says its from the 2019 split out into cells...	09:19
mnasiadka	mikal:https://review.opendev.org/c/openstack/kolla/+/308749	09:19
mnasiadka	That one	09:19
mnasiadka	Oh boy	09:19
mnasiadka	It seems it’s older than this, but before we had a sed one-liner in the dockerfile	09:19
mnasiadka	https://review.opendev.org/c/openstack/kolla/+/279910	09:20
blanson[m]	I was still in school at that time that's pretty funny	09:20
mnasiadka	That reminds me we should have stopped doing monolithic libvirtd long time ago :)	09:20
mikal	Yeah, "file" is simply not a good choice. That's why I am asking for a reason. It opens you up to relatively trivial denial of service attacks if you don't rotate that file -- you just need to smash out a lot of data on the serial console and hope the cloud has relatively small filesystems for that bit which in this case seems to be inside a docker	09:20
mikal	volume.	09:20
mikal	blanson[m]: well, what were you doing when ocata was released? That's when virtlogd was added to nova.	09:21
mikal	The irony is the Debian containers at least have virtlogd installed because they're pulled in my libvirt. Not sure about the Rocky containers though.	09:21
mikal	I guess I'd whip something up and see what happens.	09:21
mikal	s/I'd/I'll/	09:22
blanson[m]	"Documentation for Ocata (February 2017)" so I was barely into uni lol	09:22
mikal	Mate, we're going to have to have a very depressing (for me) conversation about where you were when I had my first OpenStack patch land one day...	09:22
blanson[m]	hahahahahaha some of you contributed before I even had a computer at home I'm pretty sure	09:23
blanson[m]	playing lego in my bedroom while you guys were doing python 2 contribs	09:24
mikal	I think this was my first commit:	09:24
mikal	commit 605c22b1804f0a34d400eb57e1954c3fc3a20c88	09:24
mikal	Author: Michael Still <mikal@stillhq.com>	09:24
mikal	Date: Wed Feb 1 11:41:22 2012 +1100	09:24
mikal	When do you guys intend to cut a stable/2026.1 branch? Soon I assume?	09:27
blanson[m]	I think this was talked about last week. from what I remember, about a month after project releases is the deadline for trailing projects ? you can probbly find it from last wed in the channel, under the pile of ansible-lint patches	09:28
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Added vault support to barbican as back-end secret https://review.opendev.org/c/openstack/kolla-ansible/+/935704	09:29
blanson[m]	mikal: so I'd say late april ? but I've been on the job for like a week so idk much about this stuff :D	09:30
mnasiadka	mikal: there has not been a coordinated release of non-cycle-trailing deliverables - so yes, soon - but soon in Kolla world means around June 1st, maybe earlier :)	09:31
chembervint	hi! if somebody has a few mins - take a look please on our micro-patch :) https://review.opendev.org/c/openstack/kolla-ansible/+/978869	09:31
mikal	mnasiadka / blanson[m]: cool, no rush, just trying to work out when you're going to stop landing things etc.	09:32
opendevreview	Michael Still proposed openstack/kolla master: Implement container image build for kerbside. https://review.opendev.org/c/openstack/kolla/+/975495	09:33
opendevreview	Michael Still proposed openstack/kolla-ansible master: Add additional SPICE configuration options. https://review.opendev.org/c/openstack/kolla-ansible/+/967800	09:33
opendevreview	Michael Still proposed openstack/kolla-ansible master: Allow requiring secure channels with SPICE. https://review.opendev.org/c/openstack/kolla-ansible/+/967802	09:33
opendevreview	Michael Still proposed openstack/kolla-ansible master: Simplify cron jobs for log rotate. https://review.opendev.org/c/openstack/kolla-ansible/+/969138	09:33
opendevreview	Michael Still proposed openstack/kolla-ansible master: Deploy Kerbside with Kolla-Ansible. https://review.opendev.org/c/openstack/kolla-ansible/+/976889	09:33
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: manila: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981458	09:34
*** jhorstmann is now known as Guest5852		09:39
opendevreview	Verification of a change to openstack/kolla-ansible master failed: blazar: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981455	09:42
egonzalez	o/ long time not joining in here. Hows everything going? Glad to see the project still rocking high	09:43
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Added vault support to barbican as back-end secret https://review.opendev.org/c/openstack/kolla-ansible/+/935704	09:44
opendevreview	Merged openstack/kolla master: kolla-toolbox: Add ansible-runner https://review.opendev.org/c/openstack/kolla/+/980788	09:47
opendevreview	Merged openstack/kolla master: Drop Telegraf https://review.opendev.org/c/openstack/kolla/+/974319	09:47
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: kolla_container: Add support for user and security_opt parameters https://review.opendev.org/c/openstack/kolla-ansible/+/975065	09:53
opendevreview	Bertrand Lanson proposed openstack/kolla-ansible master: keystone: Setup fernet credentials encryption keys https://review.opendev.org/c/openstack/kolla-ansible/+/970861	10:01
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: kolla_container: Add support for user and security_opt parameters https://review.opendev.org/c/openstack/kolla-ansible/+/975065	10:02
mikal	mnasiadka / blanson[m]: herm, I have conflated two uses of virtlogd. I am going to have to dig deeper into this when it is not bed time.	10:09
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Standardize API health check endpoints https://review.opendev.org/c/openstack/kolla-ansible/+/962785	10:10
blanson[m]	mikal: sure, you have patches to review in the meantime ? if so you can link I will put some of them RP+1 :)	10:11
opendevreview	Verification of a change to openstack/kolla-ansible stable/2025.1 failed: Fix idempotence on comparing capabilities for podman https://review.opendev.org/c/openstack/kolla-ansible/+/972836	10:11
opendevreview	Verification of a change to openstack/kolla-ansible stable/2025.1 failed: Fix podman idempotence on comparing container dimensions https://review.opendev.org/c/openstack/kolla-ansible/+/972837	10:11
opendevreview	Verification of a change to openstack/kolla-ansible stable/2025.1 failed: Fix idempotence on podman volume comparison https://review.opendev.org/c/openstack/kolla-ansible/+/972838	10:11
blanson[m]	(I saw you upload a bunch earlier that's why I'm asking)	10:11
blanson[m]	oh no I broke ci	10:11
mikal	blanson[m]: most of those are the kerbside support patches, which seem unlikely to land in 2026.1. That said, I'd say that https://review.opendev.org/c/openstack/kolla-ansible/+/967800, https://review.opendev.org/c/openstack/kolla-ansible/+/967802, and https://review.opendev.org/c/openstack/kolla-ansible/+/969138 are _not_ kerbside specific and are	10:12
mikal	generally desirable. Especially the last one.	10:12
blanson[m]	yh the last one seems pretty cool	10:14
mikal	blanson[m]: by way of context, kerbside is the SPICE protocol native proxy envisaged by https://specs.openstack.org/openstack/nova-specs/specs/2025.1/implemented/libvirt-spice-direct-consoles.html	10:14
mikal	blanson[m]: which is basically about delivering Citrix-like VDI capabilites to OpenStack, but has been very hard to land because as best as I can tell that's not a thing people actually want.	10:15
blanson[m]	I'll read this spec	10:16
blanson[m]	oh this is your spec	10:16
blanson[m]	lol that explains why you know so much about it	10:16
opendevreview	Seunghun Lee proposed openstack/kolla master: Update Ceph Squid RPM repo to centos-10-stream https://review.opendev.org/c/openstack/kolla/+/980114	10:19
mikal	blanson[m]: yeah, this has been the least rewarding hobby ever for like three years now. if I'd known it was going to take this long to land I wouldn't have bothered.	10:21
opendevreview	Bertrand Lanson proposed openstack/kolla-ansible master: keystone: Setup fernet credentials encryption keys https://review.opendev.org/c/openstack/kolla-ansible/+/970861	10:37
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: blazar: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981455	10:51
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: manila: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981458	10:51
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: manila: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981458	10:51
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: mistral: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981460	10:52
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: mistral: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981460	10:52
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: trove: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981467	10:52
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: zun: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981468	10:53
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: zun: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981468	10:53
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: trove: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981467	10:53
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: zun: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981468	10:53
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: cyborg: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981470	10:53
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: cyborg: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981470	10:53
opendevreview	Pierre Riteau proposed openstack/kolla-ansible master: Add Prometheus integration for Docker https://review.opendev.org/c/openstack/kolla-ansible/+/936742	10:56
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: CI: Test for leaked passwords in syslog https://review.opendev.org/c/openstack/kolla-ansible/+/981068	10:57
opendevreview	Taavi Ansper proposed openstack/kolla-ansible master: Fix keystone with IDP configured. https://review.opendev.org/c/openstack/kolla-ansible/+/975901	10:57
tafkamax	OK I think I have an idea for apache wsgi provider.	10:57
tafkamax	Let's see :-)	10:57
tafkamax	it's like a pandoras box	10:57
mnasiadka	Other option is to drop apache+mod_wsgi after my uwsgi patches land ^^	10:58
tafkamax	True. I just am hoping the pandoras box will be empty soon and it can land faster that way :D	11:00
tafkamax	also it needs to be backported	11:00
tafkamax	to 2025.2	11:01
blanson[m]	mnasiadka: how'd you know this would break keystone_wsgi_provider apache ?	11:07
tafkamax	It might not break it for non-federation, but it would for federation enabled...	11:10
tafkamax	Keystone-httpd is not used if keystone wsgi is apache. Because httpd and apache are the same things	11:11
tafkamax	The httpd is needed mostly for the redirect afaik to oidc	11:11
tafkamax	There is the mod_oidc plugin or whatever it is called in apache	11:11
opendevreview	Merged openstack/kolla-ansible stable/2024.2: Fix idempotence on comparing capabilities for podman https://review.opendev.org/c/openstack/kolla-ansible/+/972839	11:15
mnasiadka	blanson[m]: I did the original keystone uwsgi patch and I think I didn’t do a good job :) Basically when provider=apache - we do it the old way, and when it’s uwsgi we stand up keystone-httpd in front for federation	11:15
tafkamax	I think another plugin like mod_oidc needs to be found for uwsgi?	11:16
tafkamax	Or what would be the solution?	11:16
opendevreview	Merged openstack/kolla-ansible stable/2024.2: Fix podman idempotence on comparing container dimensions https://review.opendev.org/c/openstack/kolla-ansible/+/972840	11:19
opendevreview	Merged openstack/kolla-ansible stable/2024.2: Fix idempotence on podman volume comparison https://review.opendev.org/c/openstack/kolla-ansible/+/972841	11:19
tafkamax	https://github.com/OpenIDC/mod_auth_openidc this is the module i am talking about	11:20
mnasiadka	We don’t do federation in uwsgi, it doesn’t support that and is not for that - that’s why we run apache in front if you have federation enabled	11:21
tafkamax	I think uwsgi itself is too low-level or barebones, what you wanna call it...	11:21
tafkamax	yeah	11:21
tafkamax	Somekind of proxy is needed	11:21
tafkamax	I have deployed recently this proxy https://github.com/oauth2-proxy/oauth2-proxy	11:23
tafkamax	but all-in-all I think if the apache one works there is no point in changing it	11:23
tafkamax	I have deployed the oauth2-proxy for another use case. Serving static docs pages with authentication pretty much.	11:24
tafkamax	If the oauth2-proxy does not give any benefits	11:24
mnasiadka	Apache is fine, there’s oidc and saml2 support, so let’s not break people that have custom configs for federation :)	11:30
tafkamax	Yep	11:34
tafkamax	Just expanding ze view	11:34
opendevreview	Piotr Milewski proposed openstack/kolla master: Add Dockerfile for neutron-ovn-vpn-agent https://review.opendev.org/c/openstack/kolla/+/924302	11:36
opendevreview	Merged openstack/kolla master: rabbitmq: Update to 4.2 https://review.opendev.org/c/openstack/kolla/+/966017	12:05
opendevreview	Merged openstack/kolla master: Update component list and versions https://review.opendev.org/c/openstack/kolla/+/979306	12:06
opendevreview	Merged openstack/kayobe stable/2025.1: Split Python installation from user bootstrap https://review.opendev.org/c/openstack/kayobe/+/978474	12:06
opendevreview	Merged openstack/kayobe stable/2025.2: Support Python installation through Apt proxy https://review.opendev.org/c/openstack/kayobe/+/978476	12:06
opendevreview	Verification of a change to openstack/kolla-ansible master failed: kolla_container: Return annotation of comparison failures https://review.opendev.org/c/openstack/kolla-ansible/+/978162	12:06
tafkamax	I don't know exactly, but would it be possible to import globals in test run.yml?	12:12
tafkamax	Or is there any reason not to reference them that early?	12:12
tafkamax	cant reference keystone_wsgi_provider in run.yml :D	12:14
opendevreview	Merged openstack/kolla-ansible master: Ensure neutron_bridge_name and neutron_external_interface have the same length https://review.opendev.org/c/openstack/kolla-ansible/+/943799	12:15
tafkamax	ok i have an radical idea just for testing in ci	12:20
opendevreview	Taavi Ansper proposed openstack/kolla-ansible master: Fix keystone with IDP configured. https://review.opendev.org/c/openstack/kolla-ansible/+/975901	12:21
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Implement neutron-ovn-vpn-agent https://review.opendev.org/c/openstack/kolla-ansible/+/924575	12:33
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: manila: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981458	12:52
opendevreview	Verification of a change to openstack/kolla-ansible master failed: kolla_container: Return annotation of comparison failures https://review.opendev.org/c/openstack/kolla-ansible/+/978162	13:01
opendevreview	Doug Szumski proposed openstack/kolla-ansible master: Support multiple Nova Compute Ironic instances https://review.opendev.org/c/openstack/kolla-ansible/+/973881	13:11
opendevreview	Seunghun Lee proposed openstack/kolla-ansible master: Make RabbitMQ stream retention policy configurable https://review.opendev.org/c/openstack/kolla-ansible/+/953297	13:22
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Fix: Update outdated documentation https://review.opendev.org/c/openstack/kolla-ansible/+/982089	13:30
opendevreview	Seunghun Lee proposed openstack/kolla-ansible stable/2025.1: [2025.1 only] Support ProxySQL 3.0.x on 2025.1 https://review.opendev.org/c/openstack/kolla-ansible/+/974712	13:48
mnasiadka	Apologies, meeting will be late, my sickness kicked in to a new level	14:00
mnasiadka	#startmeeting kolla	14:04
opendevmeet	Meeting started Wed Mar 25 14:04:09 2026 UTC and is due to finish in 60 minutes. The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.	14:04
opendevmeet	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	14:04
opendevmeet	The meeting name has been set to 'kolla'	14:04
mnasiadka	#topic rollcall	14:04
darmach1	o/	14:04
darmach1	o7	14:04
butjar	o/	14:04
seunghunlee	o/	14:04
frickler	\o	14:04
dougszu	\o	14:05
mnasiadka	#topic announcements	14:06
mnasiadka	I booked PTG slots for Kolla/Kolla-Ansible/Kayobe	14:06
mnasiadka	And created an etherpad	14:06
mnasiadka	#link https://etherpad.opendev.org/p/kolla-hibiscus-ptg	14:06
mnasiadka	#link https://ptg.opendev.org/ptg.html	14:06
mnasiadka	It’s 20-24 April 2026	14:07
blanson[m]	hello	14:07
mnasiadka	#topic CI status	14:07
mnasiadka	Looks good, some occasional noble-upgrade and bookworm-upgrade failures, would be nice to analyse them one day :)	14:08
mmalchuk	o/	14:08
mnasiadka	#topic Release tasks	14:08
mnasiadka	It’s R-1 week, we should be starting to think about branching - but first we need to start using stable/2026.1 in Kolla	14:09
mnasiadka	This patch	14:09
mnasiadka	#link https://review.opendev.org/c/openstack/kolla/+/981123	14:09
mmalchuk	mnasiadka what about Kayobe PTG? it would be combined with Kolla?	14:10
opendevreview	Michal Nasiadka proposed openstack/kolla master: Switch to Gazpacho/2026.1 sources https://review.opendev.org/c/openstack/kolla/+/981123	14:10
mmalchuk	which day?	14:10
mnasiadka	mmalchuk: It’s on Thursday, as usual	14:11
mnasiadka	It’s all in the etherpad	14:11
mnasiadka	#topic Current cycle planning	14:11
mmalchuk	great. thanks	14:11
mnasiadka	So, we merged RMQ 4.2 finally	14:11
mnasiadka	Are there any other things Kolla wise (than 981123) that we need to merge?	14:11
Vii	#link https://review.opendev.org/c/openstack/kolla-ansible/+/935704	14:12
Vii	? :)	14:12
mnasiadka	That’s kolla-ansible - I wanted to focus on Kolla first :D	14:12
Vii	ok :)	14:12
Vii	vault exporter	14:12
Vii	*valkey	14:13
Vii	#link https://review.opendev.org/c/openstack/kolla/+/976650	14:13
seunghunlee	https://review.opendev.org/c/openstack/kolla/+/980114 This one?	14:14
seunghunlee	oh you already put PR +1	14:14
seunghunlee	RP*	14:14
mnasiadka	Ok, I think we have enough RP+1 on Kolla side	14:14
mnasiadka	Let’s try to go through them, fellow cores	14:14
mnasiadka	And then we’ll focus on Kolla-Ansible next week, I want to try get Kolla out through the door first (although there are K-A patches related to K patches - but let’s see how that goes)	14:15
mnasiadka	#topic Open discussion	14:15
mnasiadka	Anybody wants to discuss anything?	14:16
chembervint	hi, could you please review out tiny-patch https://review.opendev.org/c/openstack/kolla-ansible/+/978869 ?:)	14:16
seunghunlee	Thanks for reviewing https://review.opendev.org/c/openstack/kolla-ansible/+/953297 I made changes based on the reviews	14:17
Vii	have a topic related to VPN in Kolla Ansible - is there a chance it’ll be accepted, or probably not?	14:17
chembervint	thanks!	14:17
Vii	#link https://review.opendev.org/c/openstack/kolla-ansible/+/924575	14:18
Vii	test moving to Debian and Ubuntu	14:18
mnasiadka	Vii: I have that on my radar, but we need the security_opt patch as well, right?	14:18
Vii	but there is a problem with rocylinux, there is a new package in the system	14:18
Vii	and a fix for OpenStack Neutron probably won't be released anytime soon	14:19
Vii	#link https://bugs.launchpad.net/neutron/+bug/2146308	14:19
Vii	EL10 ships with libreswan >= 5.x. The Libreswan upstream project has completely removed the _stackmanager script in the 5.x series. ....	14:20
mnasiadka	What about moving to strongswan?	14:21
Vii	its similar but testing	14:21
Vii	https://github.com/openstack/kolla/blob/6a1d383c48eda9fd9c1c55474d29bdba0f06a52f/docker/neutron/neutron-l3-agent/Dockerfile.j2#L12	14:21
Vii	I'm worried about that because it's here too ^	14:21
blanson[m]	chembervint: will take a look at it td hopefully I have some time	14:21
Vii	I don't use it, but it might be a problem	14:22
chembervint	blanson: thank you!	14:22
mnasiadka	Vii: well, ideally we should have some vpnaas tests, but I don’t know how feasible this is	14:23
Vii	The container now works without privileges: true	14:23
Vii	Theoretically, you could mark it BETA? and say it only works for Debian/Ubuntu :P :P	14:23
Vii	logs test-ovn #link https://zuul.opendev.org/t/openstack/build/34adeebcb14643dbaf5fe53e11aa5137/logs	14:24
mnasiadka	Well, the fun is it’s buildable, but not functional	14:26
Vii	I using this code since 2024.2 and it works in production	14:27
Vii	on ubuntu	14:27
mnasiadka	Well, we could do a precheck that it’s not working on Rocky	14:27
mnasiadka	And point to the bug	14:27
Vii	It should work on Rocky Linux 9, but we probably don't want to make an exception	14:28
blanson[m]	that would work	14:28
mnasiadka	You raised it 3 hours ago, I guess the vpn agent needs some love, question if Neutron team has capacity to fix it :)	14:28
Vii	I know, but there probably won't be a fix for 2026.1	14:28
mnasiadka	Well, fixes should be backported	14:28
Vii	so another half year of waiting	14:28
mnasiadka	Anyway, it’s not for us to decide for now	14:29
mnasiadka	I’ll put some of my thoughts in gerrit	14:29
blanson[m]	quick question while we're on neutron, do we need to do anything extra for the native ovn bgp thing coming to neutron to work on our side ?	14:29
Vii	OK, so we wait thx	14:29
blanson[m]	the one that replaces ovn-bgp-agent	14:29
mnasiadka	blanson[m]: probably we do, because something needs to run frr - but I haven’t looked into that yet	14:29
blanson[m]	we asked in neutron channel and it should be coming in a 2026.1 point release, so I was wondering	14:30
blanson[m]	does it still need frr ?	14:30
mnasiadka	blanson[m]: https://review.opendev.org/c/openstack/neutron-specs/+/952872 - that’s the spec - IIRC it does need FRR	14:30
mnasiadka	L57 - Each compute node requires a running FRR instance	14:31
chembervint	we have implementation for ovn-bgp-agent and frr roles in kolla-ansible + kolla. could it be interesting?	14:31
mnasiadka	chembervint: we don’t want to implement ovn-bgp-agent, just go with the native bgp integration in OVN - check the spec	14:31
mnasiadka	blanson[m]:it seems bgp extension should land/has landed in OVN Agent	14:32
mnasiadka	We don’t use it really, but the deployment support is there	14:32
chembervint	mnasiadka: ok, interesting. will see. thanks	14:32
mmalchuk	waiting for a native BGP in OVN	14:33
mnasiadka	But yeah, we might want to extract the frr role - but I don’t think it’s 2026.1 material - there’s not enough time	14:33
mmalchuk	chembervint you can ask me offline)	14:33
blanson[m]	so "all there is to do" would in theory be make a kolla-frr container	14:33
blanson[m]	(and deploy it and test it and whatnot)	14:33
chembervint	mmalchuk: I will :)	14:33
Vii	I also use this role of frr and bgp in production, which someone once suggested, and it works	14:34
Vii	#link https://review.opendev.org/c/openstack/kolla-ansible/+/937066	14:35
mnasiadka	blanson[m]: well, in theory yes - but somebody would need to spend time to have that working (and ideally testable in our CI)	14:35
mnasiadka	Ok, I think we’ve had enough of a discussion :)	14:38
mnasiadka	Thank you all for coming, see you next week :)	14:39
mnasiadka	#endmeeting	14:39
opendevmeet	Meeting ended Wed Mar 25 14:39:05 2026 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	14:39
opendevmeet	Minutes: https://meetings.opendev.org/meetings/kolla/2026/kolla.2026-03-25-14.04.html	14:39
opendevmeet	Minutes (text): https://meetings.opendev.org/meetings/kolla/2026/kolla.2026-03-25-14.04.txt	14:39
opendevmeet	Log: https://meetings.opendev.org/meetings/kolla/2026/kolla.2026-03-25-14.04.log.html	14:39
blanson[m]	I mean we will need it otherwise ovn is not happening for us, so most likely I will (or someone from my company) end up spending time on it	14:39
Vii	ahh trivial: https://review.opendev.org/c/openstack/kolla-ansible/+/982089	14:39
Vii	spring cleaning ;)	14:40
mmalchuk	mnasiadka thanks	14:40
opendevreview	Merged openstack/kayobe stable/2025.1: Support Python installation through Apt proxy https://review.opendev.org/c/openstack/kayobe/+/978477	14:41
opendevreview	Merged openstack/kolla-ansible master: blazar: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981455	14:41
opendevreview	Merged openstack/kolla-ansible stable/2025.1: Fix idempotence on comparing capabilities for podman https://review.opendev.org/c/openstack/kolla-ansible/+/972836	14:41
opendevreview	Merged openstack/kolla-ansible master: manila: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981458	14:41
opendevreview	Merged openstack/kolla-ansible stable/2025.1: Fix podman idempotence on comparing container dimensions https://review.opendev.org/c/openstack/kolla-ansible/+/972837	14:42
opendevreview	Merged openstack/kolla-ansible stable/2025.1: Fix idempotence on podman volume comparison https://review.opendev.org/c/openstack/kolla-ansible/+/972838	14:42
opendevreview	Piotr Milewski proposed openstack/kolla master: Prometheus: add valkey exporter image https://review.opendev.org/c/openstack/kolla/+/976650	14:44
blanson[m]	for people that mentioned having working frr implementations, I'd be interested to work on integrating it to kolla(-ansible), so if you can share your work I'll take it :D	14:46
opendevreview	Taavi Ansper proposed openstack/kolla-ansible master: Fix keystone with IDP configured. https://review.opendev.org/c/openstack/kolla-ansible/+/975901	14:46
opendevreview	Michal Nasiadka proposed openstack/kolla master: Switch to Gazpacho/2026.1 sources https://review.opendev.org/c/openstack/kolla/+/981123	14:46
opendevreview	Michal Nasiadka proposed openstack/kolla master: Switch to Gazpacho/2026.1 sources https://review.opendev.org/c/openstack/kolla/+/981123	14:47
opendevreview	Michal Nasiadka proposed openstack/kolla master: Switch to Gazpacho/2026.1 sources https://review.opendev.org/c/openstack/kolla/+/981123	14:49
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: mistral: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981460	14:50
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Fix: Update outdated documentation https://review.opendev.org/c/openstack/kolla-ansible/+/982089	14:51
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: mistral: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981460	14:52
Vii	blanson[m]: https://review.opendev.org/c/openstack/kolla-ansible/+/937066	14:54
Vii	I've been using this since 2024.1	14:55
Vii	in production and so far we haven't had any problems	14:55
blanson[m]	I bookmarked this one, I'll try to do something with it. You're using it right ?	14:55
blanson[m]	as-is or are there patches that need to be added on top ?	14:55
Vii	I use it as is	14:56
blanson[m]	ok great, thanks !	14:57
Vii	:)	14:58
Vii	openstack.kolla/frr:2025.2-ubuntu-noble "dumb-init --single-…" 5 weeks ago 5 weeks ago (healthy) frr	14:58
Vii	:)	14:58
Vii	openstack.kolla/ovn-bgp-agent:2025.2-ubuntu-noble "dumb-init --single-…" 5 weeks ago 5 weeks ago ovn_bgp_agent	14:58
Vii	but as I wrote, I also used it in earlier versions	14:59
chembervint	we've implemented very close to https://review.opendev.org/c/openstack/kolla-ansible/+/93706 in 2022, and using to till today	15:00
chembervint	if anybody are interested in it - I can ask the team to prepare commit	15:00
blanson[m]	chembervint: I mean if you have the bandwidth to do so it'd be very cool, we can also probbly allocate some time to work on it but it'd be better to start from somewhere if you already have something (hopefully it's not too much work as only frr should be required?)	15:13
blanson[m]	Vii: we're most likely only going to use it on releases where the bgp-agent is dropped just because we can afford to do so, but knowing it runs it pretty helpful :D	15:15
opendevreview	Owen Jones proposed openstack/kayobe master: Build Rocky based IPA images https://review.opendev.org/c/openstack/kayobe/+/982109	15:15
blanson[m]	chembervint: I think your patch link is missing a digit	15:20
Vii	this is the same link only the last digit has been removed	15:24
blanson[m]	oh	15:26
blanson[m]	well	15:26
tafkamax	So two different parties are using it already?	15:27
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: mistral: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981460	15:34
blanson[m]	Taavi Ansper: apparently so	15:36
opendevreview	Bertrand Lanson proposed openstack/kolla-ansible master: keystone: Improve fernet/credential key bootstrap and distribution https://review.opendev.org/c/openstack/kolla-ansible/+/982113	15:40
blanson[m]	I now made a chain for my eternal crusade to encrypt database credentials https://review.opendev.org/c/openstack/kolla-ansible/+/982113/1 I have no idea if it works or not yet, but feel free to chime in :)	15:46
blanson[m]	Vii chembervint: do I understand correctly the ovn-bgp thing ? you only need to have frr on the machine for it to work, then it's either directly baked into ovn or via the bgp-agent that you interact with it ? I'm not sure I understand the spec correctly but I'm asking because we already do bgp to the host so we already have frr installed (just not containerized but the frr install predates kolla it's essentially installed during	16:05
blanson[m]	the host initial configuration)	16:05
blanson[m]	so we could just reuse this daemon ?	16:05
Vii	Yes, your understanding is spot on.	16:08
Vii	ovn-bgp-agent itself doesn't actually speak BGP. It acts as a middleman: it watches the OVN databases (NB/SB) for things like Floating IPs or provider networks that need to be exposed, and then it translates them and configures FRR to actually advertise those routes to your physical fabric.	16:09
Vii	you can absolutely reuse your existing daemon You don't have to use the containerized FRR provided by this Kolla patch.	16:09
Vii	The only requirement is that the containerized ovn-bgp-agent needs to be able to talk to your host's FRR	16:10
Vii	If you look at the patch, the agent container mounts /var/run/frr/:/run/frr/.	16:10
blanson[m]	yh that's when I started to connect my 3 neurons together	16:10
blanson[m]	that's very cool, well, now I want to work on this thing	16:11
Vii	it works, I don't know why this patch didn't go through, I wasn't that interested	16:12
opendevreview	Taavi Ansper proposed openstack/kolla-ansible master: Fix keystone with IDP configured. https://review.opendev.org/c/openstack/kolla-ansible/+/975901	16:13
blanson[m]	I think the reason is that it was "late" and bgp-agent was already being sunset by neutron in favor or the native bgp driver in ovn	16:14
blanson[m]	so people didn't want to maintain the ovn-bgp-agent for just 1 cycle	16:14
Vii	maybe	16:15
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: CI: Test for leaked passwords in syslog https://review.opendev.org/c/openstack/kolla-ansible/+/981068	16:18
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: CI: Test for leaked passwords in syslog https://review.opendev.org/c/openstack/kolla-ansible/+/981068	16:19
opendevreview	Michal Nasiadka proposed openstack/kolla master: Switch to Gazpacho/2026.1 sources https://review.opendev.org/c/openstack/kolla/+/981123	16:24
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: trove: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981467	16:26
opendevreview	Will Szumski proposed openstack/kolla stable/2025.1: Install iptables-nft in Rocky 9 containers https://review.opendev.org/c/openstack/kolla/+/981096	16:34
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: trove: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981467	16:58
opendevreview	Merged openstack/kolla-ansible master: mistral: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981460	16:58
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: zun: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981468	17:32
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: cyborg: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981470	17:32
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Add Galera cluster event notifications to Alertmanager https://review.opendev.org/c/openstack/kolla-ansible/+/982142	18:18
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Add Galera cluster event notifications to Alertmanager https://review.opendev.org/c/openstack/kolla-ansible/+/982142	18:36
opendevreview	Verification of a change to openstack/kolla master failed: Prometheus: add valkey exporter image https://review.opendev.org/c/openstack/kolla/+/976650	18:39
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Add Galera cluster event notifications to Alertmanager https://review.opendev.org/c/openstack/kolla-ansible/+/982142	18:43
opendevreview	Taavi Ansper proposed openstack/kolla-ansible master: Fix keystone with IDP configured. https://review.opendev.org/c/openstack/kolla-ansible/+/975901	19:13
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: CI: Test for leaked passwords in syslog https://review.opendev.org/c/openstack/kolla-ansible/+/981068	19:15
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: kolla_toolbox: fix secrets leaking https://review.opendev.org/c/openstack/kolla-ansible/+/980787	19:15
opendevreview	Michal Nasiadka proposed openstack/kolla master: Switch to Gazpacho/2026.1 sources https://review.opendev.org/c/openstack/kolla/+/981123	19:20
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: CI: Test for leaked passwords in syslog https://review.opendev.org/c/openstack/kolla-ansible/+/981068	19:21
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: trove: Switch to uWSGI https://review.opendev.org/c/openstack/kolla-ansible/+/981467	19:31
opendevreview	Piotr Milewski proposed openstack/kolla-ansible master: Fix: Update outdated documentation https://review.opendev.org/c/openstack/kolla-ansible/+/982089	20:07
opendevreview	Hao Wang proposed openstack/kolla-ansible master: Support deploy Zaqar with kolla-ansible https://review.opendev.org/c/openstack/kolla-ansible/+/892615	21:26

Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!