Wednesday, 2026-06-03

« Tuesday, 2026-06-02 Index Thursday, 2026-06-04 »
opendevreviewMichael Still proposed openstack/kolla master: Revert "Switch to Gazpacho/2026.1 sources".  https://review.opendev.org/c/openstack/kolla/+/99124900:14
mikal^--- mnasiadka, that change is my attempt to get the nova images building again. They need the master requirements.txt because nova bumped the version of oslo.privsep they require.00:21
*** Viii5 is now known as Viii00:22
opendevreviewMichael Still proposed openstack/kolla master: Implement container image build for kerbside.  https://review.opendev.org/c/openstack/kolla/+/97549503:13
opendevreviewMichael Still proposed openstack/kolla master: Add opt-in SPICE support for Rocky via COPR.  https://review.opendev.org/c/openstack/kolla/+/98628303:13
opendevreviewMichael Still proposed openstack/kolla-ansible master: Deploy Kerbside with Kolla-Ansible.  https://review.opendev.org/c/openstack/kolla-ansible/+/97688903:14
opendevreviewMichael Still proposed openstack/kolla-ansible master: Use a routable IP for qemu SPICE consoles.  https://review.opendev.org/c/openstack/kolla-ansible/+/96780103:14
opendevreviewMichael Still proposed openstack/kolla-ansible master: Add kerbside CI scenario jobs.  https://review.opendev.org/c/openstack/kolla-ansible/+/98818903:14
opendevreviewMichael Still proposed openstack/kolla-ansible master: Run the spice-direct tempest test in the kerbside scenario.  https://review.opendev.org/c/openstack/kolla-ansible/+/98891303:14
opendevreviewMichael Still proposed openstack/kolla-ansible master: Run a Kerbside-fronted SPICE tempest test in the kerbside scenario.  https://review.opendev.org/c/openstack/kolla-ansible/+/98961403:14
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: fluentd: Use group_add to grant systemd journal access  https://review.opendev.org/c/openstack/kolla-ansible/+/99081904:15
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Replace /etc/localtime bind mount with TZ env variable  https://review.opendev.org/c/openstack/kolla-ansible/+/98943504:16
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Replace /etc/localtime bind mount with TZ env variable  https://review.opendev.org/c/openstack/kolla-ansible/+/98943504:17
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: fluentd: Use group_add to grant systemd journal access  https://review.opendev.org/c/openstack/kolla-ansible/+/99081905:08
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: fluentd: Use group_add to grant systemd journal access  https://review.opendev.org/c/openstack/kolla-ansible/+/99081905:11
*** jhorstmann is now known as Guest1070909:38
opendevreviewMichel Raabe proposed openstack/kolla-ansible master: keystone: allow multiple OIDCXForwardedHeaders options  https://review.opendev.org/c/openstack/kolla-ansible/+/99131010:55
opendevreviewMichel Raabe proposed openstack/kolla-ansible master: keystone: allow multiple OIDCXForwardedHeaders options  https://review.opendev.org/c/openstack/kolla-ansible/+/99131011:14
opendevreviewMichel Raabe proposed openstack/kolla-ansible master: keystone: allow multiple OIDCXForwardedHeaders options  https://review.opendev.org/c/openstack/kolla-ansible/+/99131011:16
opendevreviewMatt Crees proposed openstack/kayobe master: Drop kolla-tags and kolla-limit  https://review.opendev.org/c/openstack/kayobe/+/98352712:08
opendevreviewMatt Crees proposed openstack/kayobe master: Drop kolla-tags and kolla-limit  https://review.opendev.org/c/openstack/kayobe/+/98352712:10
opendevreviewWilliam Tripp proposed openstack/kolla-ansible master: Change keystone_federation_oidc_response_type default to "code"  https://review.opendev.org/c/openstack/kolla-ansible/+/99134113:02
mnasiadka#startmeeting kolla13:02
opendevmeetMeeting started Wed Jun  3 13:02:45 2026 UTC and is due to finish in 60 minutes.  The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.13:02
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.13:02
opendevmeetThe meeting name has been set to 'kolla'13:02
mnasiadka#topic rollcall13:02
butjaro/13:02
frickler\o13:03
eduardomorais[m]o/13:03
* frickler was just trying to remember whether we had cancelled this week ;)13:03
isaacvicente[m]o/13:03
bbezako/13:03
mnasiadkasorry, got caught by a wall of rain on the way to my laptop ;)13:04
mnasiadka#topic agenda13:04
mnasiadka* CI status13:05
mnasiadka* Release tasks13:05
mnasiadka* Current cycle planning13:05
mnasiadka* Additional agenda (from whiteboard)13:05
mnasiadka* Open discussion13:05
mnasiadka#topic CI status13:05
mnasiadkaAnybody has any grudges against the CI?13:05
mnasiadkaNone? Fine :)13:06
bbezak:)13:07
mnasiadka#topic Release tasks13:07
mnasiadkaIt’s R-17 this week13:07
mnasiadka#link https://docs.openstack.org/kolla/latest/contributor/release-management.html#r-17-switch-source-images-to-current-release13:07
mnasiadkaI think mikal already posted a revert13:07
mnasiadka#link https://review.opendev.org/c/openstack/kolla/+/99124913:08
frickleryes, seems nova has breaking reqs by now13:08
mnasiadkaI’m fine with pure revert, but we need a followup - the codename is used by Debian OpenStack13:09
mnasiadkaCommented on the patch13:10
mnasiadka#topic Current cycle planning13:10
mnasiadkaLet’s have a look at Kolla RP+113:11
mnasiadkaWe have the revert that was discussed already13:11
mnasiadkaThere’s also getting rid of kolla_el10 because EPEL 10.2 finally has mod-auth-mellon13:11
mnasiadka#link https://review.opendev.org/c/openstack/kolla/+/98779513:12
mnasiadkaThere’s also YAML support for kolla_set_configs - but that is waiting on the author (or a willing core) to update it13:12
mnasiadka#link https://review.opendev.org/c/openstack/kolla/+/98227513:12
mnasiadkaAnd a lot of RP+1 in Kolla-Ansible13:13
mnasiadkaI’m mostly interested in introducing service-config role13:13
bbezakWill try to look into those when I get the chance13:14
mnasiadka#link https://review.opendev.org/c/openstack/kolla-ansible/+/989961/1313:14
mnasiadkaAnybody else wants to discuss anything that would likely be merged this cycle?13:14
mnasiadkaSeems not13:16
mnasiadkaThere’s additional agenda item by blanson[m] - but he’s not here13:16
mnasiadkaSo I’ll leave that for some other weekly meeting13:16
blanson[m]oh13:17
blanson[m]hello I was banging my head against some work I missed the meeting 13:17
mnasiadkaOk then, so let’s do it13:17
mnasiadka#topic Additional agenda (from whiteboard)13:18
mnasiadka(blanson) improve certificate management for TLS stuff. I've worked on an addon to k-a that generates a full CA with per-host certificates etc... handles renewal, all the goodies.13:18
mnasiadkamaybe this could be put in place of the current certificate management system ?13:18
mnasiadkarenewal is I think especially important13:18
mnasiadkaallow to configure the CA, do additional SANs, etc...13:18
mnasiadkaor keep it separate and open source the kolla-ca thingy ?13:18
blanson[m]what did I put up the white board13:18
blanson[m]oh it's the TLS thingy yes so basically 13:18
blanson[m]we had some needs to maintain internal cluster CAs for possibly multiple clusters, and poking around at the certificate generation from k-a I though it was lacking some features for customization 13:19
blanson[m]so I made a quick ansible-collection that does pretty much the exact same but we can customize the CA to our liking 13:19
blanson[m]maybe it could be bundled into a replacement role for the current one ? 13:19
blanson[m]or just open source it and let it live outside k-a 13:20
mnasiadkaWell, in the past there was a discussion of properly doing auto certificates renewal using PKI such as OpenBao?13:20
mnasiadkaI’m fine with extending what we have now, but we had multiple discussions that it shouldn’t be the production-ready solution13:21
mnasiadkaWhich I basically agree13:21
mnasiadkawith13:21
mnasiadkabbezak, frickler - opinions?13:22
blanson[m]yh, well we tried this but it's more of a pain that we though cause it means lots of external dependencies on openbao/vault and so on + something on every node to rotate them like consul-template or some other magic ( I think vault has an acme-like api now)13:22
mnasiadka(I hate calling people to the board) :D13:22
frickler5 different customers have 6 different CA solutions anyway, yes. so anything needed to get the CI to work is good enough for me13:22
mnasiadkaYeah, acme-like API is probably better13:22
mnasiadkaThere’s no really open-source consul alternative13:22
isaacvicente[m]i dont know if im missing something, this solution is for self-assign certs? or theres a renew request to a CA?13:22
mnasiadkaAnd I think there’s work already to package openbao in Kolla13:22
blanson[m]I think it's just work for barbican secret backend ? 13:23
mnasiadkaisaacvicente[m]: we still generate CA for self-signed certs used only for CI, so that’s basically the same13:23
blanson[m]I reviewed this sometime this week 13:23
mnasiadkablanson[m]: yes, but we can extend it13:23
mnasiadkaBut I understand that it’s probably not trivial task13:23
mnasiadkaAnyway - if you want to propose what you have - we can take it off from there for now13:24
mnasiadkaBut I can’t promise we’re going to maintain it forever13:24
mnasiadka(Or at all)13:24
blanson[m]isaacvicente: so my understanding is that currently the certificate role is mainly used for CI, and anyone who wants production CA does its own thing. so we made our own thing which turns out is an ansible collection, that manages all of our certificates for the cluster. so maybe this new one could replace the current one if anyone thinks it'd be good 13:25
blanson[m]mnasiadka: I will try to bundle everything up and send it so you guys can take a look 13:25
mnasiadkaOk, thanks13:25
mnasiadkano other topics on the whiteboard13:25
mnasiadka#topic Open discussion13:25
mnasiadkaAnybody anything?13:25
butjarI have a general question13:25
eduardomorais[m]me13:25
butjarWe are currently reworking our upgrading processes and we wanted to ask why the version of the container engine is not pinned in kolla.13:26
mnasiadkabutjar: that’s up to the operator, we provide ansible-collection-kolla as a convenience - you can use anything else13:26
blanson[m]use podman so that upgrading is transparent to the cluster :))))13:27
mnasiadkaAnd transparently breaks everything? :)13:27
blanson[m]we'll find out soon enough 2026.1 upgrade is approaching :D 13:27
butjarI mean why the version of docker/ podman are not pinned to a certain version13:27
mnasiadkabutjar: why would they be?13:28
butjarBecause it can break things, we just had the ulimit thing couple of weeks ago :)13:28
mnasiadkaFirst of all - are you asking about the container runtime or docker-py and podman-py?13:28
butjarContainer runtime. The podman or docker release.13:29
mnasiadkaBecause we’re not pinning, we never pinned, managed the breakage in CI13:29
mnasiadkaWe would need to manage the pin in stable branches - and nobody volunteered to do this13:30
mnasiadkaAnd that would be problematic, because somebody else would come and ask why are we pinning :)13:30
mnasiadkaAs I said, that’s up to the deployer/operator13:30
mnasiadkaeduardomorais[m]: now it’s your turn13:30
isaacvicente[m]A requirements.txt solves this issue, and the operator can pin to whichever version they like13:31
eduardomorais[m]ok13:31
butjarOk, so its a general decicion not to pin dependencies in k-a (heavy maintanance) 13:31
eduardomorais[m]I'm working on the ovs-to-ovn migration and I was facing a error with ovn-metadata. The logs are https://paste.openstack.org/show/833857/13:31
isaacvicente[m]ack13:31
mnasiadkaisaacvicente[m]: requirements.txt is for python packages13:31
isaacvicente[m]oh I see13:31
mnasiadkaAnd the mechanism in OpenStack for testing is upper-constraints.txt from openstack/requirements repository - but still for python packages13:32
eduardomorais[m]in 2025.2 and backwards i dont get it? anyone know anything ?13:32
blanson[m]butjar: tho the bootstrap steps in k-a are fairly light, so you could imagine moving them to an in-house playbook that pins stuff 13:32
mnasiadkaeduardomorais[m]: that question would rather be for #openstack-neutron channel13:32
eduardomorais[m]the first phrase its no a question sorry13:32
eduardomorais[m]mnasiadkaok 13:33
mnasiadkaOk then, I think all is clear13:33
mnasiadkaeduardomorais[m]: any outlook when you’ll propose a patch for the OVN migration tooling?13:34
butjarblanson[m]: Yep, this is probably what we are going to do. Thanks for the advice. Im still analyzing, the container engine is only touched on bootstrap?13:34
blanson[m]yup 13:34
opendevreviewWilliam Tripp proposed openstack/kolla-ansible master: Change keystone_federation_oidc_response_type default to "code"  https://review.opendev.org/c/openstack/kolla-ansible/+/99134113:34
isaacvicente[m]mnasiadkawe are working on it13:34
butjarblanson[m]: perfect, so should not break an upgrade anyway.13:34
isaacvicente[m]its in WIP right now13:35
mnasiadkaisaacvicente[m]: url?13:35
isaacvicente[m]I will drop, just a sec13:35
eduardomorais[m]we need work more because of the new version mnasiadka13:35
eduardomorais[m]https://review.opendev.org/c/openstack/kolla-ansible/+/98983013:35
mnasiadkathanks13:35
mnasiadkaOk, that’s probably enough for today13:36
mnasiadkaThank you all for coming13:36
mnasiadkaAh!13:36
mnasiadkaThe meeting next week will be cancelled13:36
mnasiadkaMe and bbezak are on full-day meetings next week13:36
mnasiadkaI’ll send notification to the ML13:37
fricklerenjoy ;)13:37
mnasiadkaThat’s it for today :)13:37
butjarhave fun :)13:37
mnasiadkafrickler: we will NOT13:37
mnasiadka#endmeeting13:37
opendevmeetMeeting ended Wed Jun  3 13:37:17 2026 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)13:37
opendevmeetMinutes:        https://meetings.opendev.org/meetings/kolla/2026/kolla.2026-06-03-13.02.html13:37
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/kolla/2026/kolla.2026-06-03-13.02.txt13:37
opendevmeetLog:            https://meetings.opendev.org/meetings/kolla/2026/kolla.2026-06-03-13.02.log.html13:37
blanson[m]that sounds like a full-day of fun :)13:37
blanson[m]mnasiadka: I sent some review for service-config patch 13:37
blanson[m]earlier this week I think 13:38
mnasiadkablanson[m]: thanks, I’ll have a look13:40
mnasiadkablanson[m]: full week of full day negligible fun13:41
blanson[m]oh no it's meeting week next week ? 13:47
opendevreviewMatt Crees proposed openstack/kayobe master: Drop kolla-tags and kolla-limit  https://review.opendev.org/c/openstack/kayobe/+/98352714:57
opendevreviewMatt Crees proposed openstack/kayobe master: Drop kolla-tags and kolla-limit  https://review.opendev.org/c/openstack/kayobe/+/98352715:26
opendevreviewWilliam Tripp proposed openstack/kolla-ansible master: Change keystone_federation_oidc_response_type default to "code"  https://review.opendev.org/c/openstack/kolla-ansible/+/99134115:27
opendevreviewMaksim Malchuk proposed openstack/kayobe stable/2025.2: Adds support for custom watcher configuration files  https://review.opendev.org/c/openstack/kayobe/+/99148017:18
opendevreviewMaksim Malchuk proposed openstack/kayobe stable/2025.1: Adds support for custom watcher configuration files  https://review.opendev.org/c/openstack/kayobe/+/99148117:20
opendevreviewPierre Riteau proposed openstack/kayobe stable/2026.1: CI: Remove override-checkout for stable/2026.1  https://review.opendev.org/c/openstack/kayobe/+/99079118:24
opendevreviewMichael Still proposed openstack/kolla master: Master is now Hibiscus OpenStack release.  https://review.opendev.org/c/openstack/kolla/+/99124919:22
opendevreviewPierre Riteau proposed openstack/kayobe master: CI: Stop using image from Docker Hub  https://review.opendev.org/c/openstack/kayobe/+/99150520:59
jwitkoHey All!  I'm looking at kolla-ansible for valkey implementation and I'm noticing there doesn't seem to be any valkey or valkey-sentinel TLS configuration options.  Is this an accurate assessment or maybe I'm missing something?  If so does anyone know of any reason why this may be or is it simply that it didn't get done and someone could submit a PR?  21:01
opendevreviewPierre Riteau proposed openstack/kayobe master: Replace `which` with `command`  https://review.opendev.org/c/openstack/kayobe/+/99150721:17
« Tuesday, 2026-06-02 Index Thursday, 2026-06-04 »

Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!