Wednesday, 2022-11-30

*** pojadhav|out is now known as pojadhav|ruck04:23
*** frenzy_friday|rover is now known as frenzy_friday|rover|doc06:56
*** frenzy_friday|rover|doc is now known as frenzy_friday|rover08:17
*** dasm|off is now known as dasm12:43
*** frenzy_friday|rover is now known as frenzy_friday|rover|lunch12:58
*** pojadhav|ruck is now known as pojadhav|dr_appt13:41
*** frenzy_friday|rover|lunch is now known as frenzy_friday|rover13:50
gmanntc-members: meeting time16:00
gmann#startmeeting tc16:00
opendevmeetMeeting started Wed Nov 30 16:00:10 2022 UTC and is due to finish in 60 minutes.  The chair is gmann. Information about MeetBot at http://wiki.debian.org/MeetBot.16:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:00
opendevmeetThe meeting name has been set to 'tc'16:00
gmann#topic Roll call16:00
JayFo/16:00
gmanno/16:00
slaweqo/16:00
knikolla[m]o/16:00
dansmitho/16:00
jungleboyjHello all.16:01
ade_leeo/16:01
gmannlet's wait for a min if rosmaita spotz arne_wiebalck noonedeadpunk join, i cannot see any name in absence section16:02
gmannmeanwhile this is today agenda #link https://wiki.openstack.org/wiki/Meetings/TechnicalCommittee#Agenda_Suggestions16:02
arne_wiebalcko/16:02
gmannlet's start16:04
gmann#topic Follow up on past action items16:04
gmanngmann to check with foundation about zoom pro account if any and can be shared with TC monthly video call16:04
gmannstill did not get the response from foundation staff, I will send the reminder16:04
gmann#action gmann to check with foundation about zoom pro account if any and can be shared with TC monthly video call16:04
gmannother followup is about election things16:04
gmannI have pushed the TC charter change to reflect what we discussed in PTG16:05
gmann#link https://review.opendev.org/c/openstack/governance/+/86536716:05
spotzo/ here for a few minutes but as mentioned when this time slot was chosen I have a conflict16:05
gmannplease review ^^16:05
gmannspotz: ack16:05
gmannas soon as we can merge it, will be good to plan for next election in advance16:05
rosmaitao/16:06
gmannI will keep eyes on gerrit if any comment on that16:06
gmann#topic Gate health check16:06
gmannvolume detach timeout is happening 100% in lvm job (nova-lvm) and we had to disable those failing test for now16:07
dansmithother than the nova thing, no gate health concerns from me this time, but with the holiday my data is limited16:07
gmannit started when migrated to Jammy16:07
gmannok16:07
dansmithvolume detach seems to be a constant problem16:07
slaweqwe had one issue with trunk ports and live-migration on Neutron but it should be fixed already16:08
gmannyeah, even those failing tests are preparing server with ssh-able and make it ready before volume is attached/detached 16:08
gmannslaweq: +116:08
gmannany other issues/item to highlight for gate health ?16:09
gmann#topic 2023.1 TC tracker checks16:10
gmann#link https://etherpad.opendev.org/p/tc-2023.1-tracker16:10
gmannone update from me is on election things which I already mentioned the patch to review16:10
gmannand other is about i18 SIG discussion in board meeting on Dec 6th. 16:11
gmannrosmaita: ^^ can you give brief update on this 16:11
rosmaitasure16:11
rosmaitawe will propose to the Foundation Board that they fund a hosted version of Weblate16:11
rosmaitawhich the SIG i18n has idenitified as the best platform to use16:12
rosmaitawe also proposed that the Foundation Staff should help us find a volunteer to change the Zanata-to-gerrit plumbing to use weblate16:12
rosmaitathis will free up the i18n team to do the content migration and ultimately focus on doing translations16:13
gmannyeah, it will be discussed in Dec 6th board meeting and let's see how it goes16:15
gmannrosmaita: anything else on this? or any query form any other tc-members ?16:16
gmann*from16:16
rosmaitanothing from me16:16
noonedeadpunko/16:16
noonedeadpunksorry, was side-pinged last moment :(16:17
gmannnp!16:17
gmannok, let's move16:17
gmannany other updates from anyone on the tracker items ?16:17
gmann#topic FIPS testing on ubuntu paid subscription16:18
gmann#link https://review.opendev.org/c/openstack/project-config/+/86145716:18
gmannas we discussed it in PTG also, with currently available options to test FIPS, using ubuntu paid subscription is one of the option where we can make FIPS jobs voting16:19
gmanncentos stream is not stable enough to test FIPS on gate16:19
gmannopendev is looking for TC official agreement on this.16:19
funginote that tinwood, the openstack charms ptl, was able to negotiate a free subscription for our test jobs to use16:20
gmannI would like to start the voting on this but before that if we need more discussion/questions, we have ade_lee here to explain the situation 16:20
fungiso while people normally pay for access to ubuntu's fips-enabled packages, we're getting gratis access to them16:20
JayFI'll note I had a conversation with smoe of the opendev folks about this when it surfaced, and my impression is that a developer would be able to access the actual-fips-packages to do local testing of a failing job, just without support.  As long as this is accurate (developers can troubleshoot broken fips jobs locally), I am on board.16:21
noonedeadpunkI wonder if they would need to have this free subscribtion that covers 5 machines for that?16:21
ade_leethats correct.  the agreement was that the subscrption is free for use for fips testing , but with no support16:22
funginote that the canonical folks didn't say they were providing free access to developers, just to our ci jobs16:22
fricklercan that agreement be made public?16:23
fungiand they acknowledge that we can't reasonably *secure* that access due to the way our jobs are run16:23
JayFHow could we expect developers to be able to maintain FIPS support if they cannot test that outside of zuul?16:23
gmannyeah I was wondering on that we will not be able to test it locally right? its is just in CI16:23
fungido we expect developers to maintain osc support for rackspace's api without a paid account in rackspace?16:23
dansmithI feel like most of the things you'd need to 'debug' from a fips job failure is not something you'd really necessarily have to reproduce locally. It'd be like an exception complaining that md5 isn't available or something16:24
fungior is the free rackspace account we arranged for osc testing not acceptable practice either?16:24
dansmithwhich is pretty straightforward and once we're gating on these, would be when you add a new feature that is using something like that16:24
dansmithfungi: the same goes for all the special hardware support we have in lots of places16:24
dansmithfungi: I have zero $10k nvidia GPUs locally16:25
gmanntrue, all backends 16:25
fungicorrect, though for the most part we don't currently test those upstream because they're not available to us16:25
noonedeadpunkdo we test gpus for reall? huh...16:25
dansmithI'm still waiting for my s/390 machine in the mail16:25
JayFI'll note that many of those special-hardware-support tests are non-blocking, too (at least in Ironic they don't get to vote)16:25
slaweqdansmith but isn't it like things which requires e.g. special hardware for testing are in 3rd party jobs?16:25
noonedeadpunkbut are we making fips as required to pass for all projects?16:26
slaweqat least in neutron it is like that  - if something require special hardware, we don't gate with such job16:26
dansmithslaweq: yeah, but I think in most projects if a patch causes a particular driver to fail, a core team would expect that to be fixed before merge, no?16:26
noonedeadpunkI guess it's up to projects to decide if add them or not after all?16:26
fungithat's why i brought up osc's testing. the client/sdk team has arranged gratis accounts with public cloud providers for use in upstream testing, something which an individual developer would not have access to without similar negotiations16:26
gmannbut will it be hard to fix the FIPS things just from CI failure and even we are not able to produce them locally?16:26
slaweqdansmith sure16:27
dansmiththe FIPS thing seems much easier to debug than hardware16:27
gmannyeah16:27
dansmithgmann: right, I think it's much easier16:27
*** pojadhav|dr_appt is now known as pojadhav|out16:27
dansmith"sorry MD5 not allowed, *sad trombone*" is pretty straightforward16:27
slaweqwe can always try to add it and if there will be too many issues with it and it will be hard to debug without access to the FIPS env for developers, we can always remove that job(s) from gate16:28
* jungleboyj is happy to see someone else use sad trombone. :-)16:28
dansmithright, well, that's what we've done up until now.. we've added them and then when centos breaks, we make them n-v16:28
slaweqbut probably it will be as dansmith says - it will be pretty easy to fix issues related to FIPS16:28
gmanntrue, we can re-iterate it based on future situations 16:29
dansmithso if this becomes a problem, it's easy to do the same16:29
gmannok, so this does not seems blocking to allow CI testing on it16:29
dansmithAFAIK, none of the times we've had to do that have been due to fips problems, just CS problems16:29
gmannand if any other distro (free version) become stable/available then we can always move FIPS jobs to that16:29
dansmithalso that ^ :)16:30
JayFI'll note that in the review posted here earlier; debian was listed as an alternative16:30
JayFbut a nonviable one because we don't use it for many other things (yet)16:30
fungithough it is in the pti for 2023.116:30
JayFSo; I don't think it's resonable to say "if a free version becomes available" -- it is aavailable16:30
dansmithJayF: becomes "viable"16:30
gmannalso *stable* enough to test everywhere 16:30
gmannFIPS goal is to add jops in every project as voting16:31
dansmithpart of the problem has been that CS9 breaks or behaves differently than *all* the other tests, and so it becomes a problem for people who are set up to test on ubuntu16:31
JayFI mean, viability is all in a matter of if we want to spend time on it. And debian is incredibly stable. I'm not suggesting we change it, I just don't want us to couch this as us having no choice; we do have a choice16:31
JayFwe're just prioritizing using existing infra + a token over revamping the infra to use a more free solution16:31
fungiright, someone needs to work out the logistics for it and make sure the baseline testing on that platform without fips is also running and in good shape so that fips-specific issues can be differentiated from general platform-related issues16:31
dansmithdebian is similar in that it becomes some work if someone has to bootstrap the debian environment to see if it's a debian problem or a FIPS on16:31
dansmith*one16:31
gmannquestion is what are current best and stable/viable options to start it16:31
dansmithdebian being stable isn't the concern, it's debian being different than all the other jobs16:31
dansmithwe had a debian failure for a few weeks recently16:32
dansmithwhich wasn't a debian problem (AFAIK) but just a "different than focal" problem16:32
JayFWhich I'm fine with; I just don't want us to pretend like we don't have fully-foss options when we would if we prioritized debian CI support.16:32
dansmithI'm prioritizing this purely as a "minimal change from our other jobs" perspective... right.16:32
funginote that nobody has said ubuntu's packages for this aren't fully foss, they just charge money for access to them (that doesn't make then not free/libre open source)16:33
noonedeadpunkto be fair, we have debian and ubuntu jobs running in osa and we haven't seen debian being much different or failing differently rather then ubuntu for quite a while16:33
dansmithnoonedeadpunk: we had an example in the devstack gate just a couple weeks ago16:33
noonedeadpunkbut yes, that we're currently running ubuntu we can't use debian only for fips16:33
fungiopen source licenses don't preclude someone from charging money when distributing the software16:34
JayFthat's fair; I should've been more precise with my choice of words16:34
noonedeadpunkWell, I used devstack last time 3 years ago or so, so hard to judge on it16:34
dansmithnoonedeadpunk: https://review.opendev.org/c/openstack/devstack/+/86413516:34
dansmith(turned out to be within our control, we just didn't know it, because it was different)16:35
gmannat least in current situation, if debian become much tested in projects side also and have voting jobs then nobody stop us to move FIPS jobs on that16:35
dansmithsounds like we're circling the drain of agreement, shall we vote?16:35
fricklergetting charged for something to me sounds like the opposite of free16:35
dansmithfrickler: beer and speech :)16:35
jungleboyj:-)16:35
gmannkey part is we want to wait for FIPS testing or can start with ubuntu paid(free for us) for now?16:35
gmannany other point/discussion ? otherwise let's vote16:36
noonedeadpunkgmann: Can you post question for vote before starting vote ? :)16:37
gmannseems we are good to vote, just to make sure and to avoid invalid voting :) this is wording of vote "Considering the currently available options, Is it ok to use the Ubuntu paid subscription for FIPS testing?"16:37
gmannnoonedeadpunk: yeah ^^16:37
dansmithfine with me16:37
noonedeadpunksilence means no objections I guess?16:38
rosmaitai am ready16:38
slaweq++16:38
gmannyeah, let's start 16:38
gmann#startvote Considering the currently available options, Is it ok to use the Ubuntu paid subscription for FIPS testing? Yes, No16:38
opendevmeetBegin voting on: Considering the currently available options, Is it ok to use the Ubuntu paid subscription for FIPS testing? Valid vote options are Yes, No.16:38
opendevmeetVote using '#vote OPTION'. Only your last vote counts.16:38
noonedeadpunk#vote Yes16:39
dansmith#vote Yes16:39
slaweq#vote Yes16:39
gmann#vote Yes16:39
arne_wiebalck#vote Yes16:39
JayF#vote yes16:39
rosmaita#vote yes16:39
spotz_#vote yes16:40
gmannI think knikolla[m] spotz left to vote, waiting for a min if they will.16:40
knikolla[m]#vote Yes16:40
gmanncool16:40
gmann#endvote16:40
opendevmeetVoted on "Considering the currently available options, Is it ok to use the Ubuntu paid subscription for FIPS testing?" Results are16:40
opendevmeetYes (9): spotz_, knikolla[m], gmann, slaweq, arne_wiebalck, rosmaita, dansmith, JayF, noonedeadpunk16:40
knikolla[m]sorry, am in two meetings at the same time. 16:40
gmannknikolla[m]: ack, np16:40
gmannok so we have the agreement now, I will post the link to project-config patch16:41
gmannmoving to next topic16:41
dansmithfungi: can you send it?16:41
gmann#topic Adjutant situation (not active)16:41
gmannLast change merged Oct 26, 2021 (more than 1 year back)16:41
gmannGate is broken16:41
fungidansmith: send what"16:42
fungi?16:42
dansmithfungi: merge the fips patch16:42
fungioh, sure16:42
ade_leethanks all16:42
gmannit seems Adjutant situation is not improved since we abandon the proposal of marking it 'inactive'16:42
fungiafter the meeting adjourns i'll include a link to the minutes in the change approval16:42
gmann#link https://review.opendev.org/c/openstack/governance/+/84915316:42
gmannade_lee: thanks for all effort on this goal16:42
gmannfungi: thanks 16:43
gmannand I pinged PTL on IRC I think couple of times but no response16:43
gmanneven no response on gerrit16:43
gmannI feel we should mark it as 'Inactive' (restoring the above patch) and then we will see if we can retire it if no maintainer or not ?16:44
JayFI would vote +1 to such a patch given the current situation16:44
knikolla[m]++16:44
dansmithsounds fine to me16:45
fungiout of curiosity, has anyone sent e-mail to the ptl? i suppose it's possible they're just unaware of the responsibilities they signed up for or what they should be paying attention to16:45
knikolla[m]Unfortunately we have stopped using Adjutant in our cloud in favor of a different solution so I can't justify the time to track its state as I used to a few years ago. 16:45
slaweqoverall stats of the Adjutant are like https://paste.opendev.org/show/b4OWBZ74G8t6QKKs4Fqq/16:45
slaweqI'm +1 for marking it as "inactive"16:45
gmannfungi: I do not think they are unware, they ack in the governance patch (marking inactive) and we abandon the same 16:46
noonedeadpunkaccording paste it jobs are not really broken :D16:46
fungigot it16:46
gmannbut anyways let me propose it for inactive and will send email also to PTL to ack it16:46
noonedeadpunkLast time I looked at adjutant it was broken mainly due to django version16:46
slaweqyeah, and I think that it was someone who was ptl for many cycles already, not someone pretty new16:46
gmannyeah16:46
fungioh, thanks, for some reason i thought adjutant ended up with a volunteer new ptl eventually16:47
gmann#action gmann to mark Adjutant a 'inactive' and send notification to PTL16:47
gmannok, moving next16:47
gmann#topic Recurring tasks check16:47
gmannBare 'recheck' state16:47
gmann#link https://etherpad.opendev.org/p/recheck-weekly-summary16:47
gmannslaweq: over to you16:47
slaweqall good there I think16:47
slaweqaverage number of recheckes before merge is a bit higher this last week16:48
slaweqbut as we had issue in neutron and there were some other issues also, I think it's just related16:48
slaweqand should be better next week16:48
gmannyeah16:48
slaweqbare rechecks are good16:48
gmannthanks for monitoring 16:48
slaweqespecially for projects where there is more rechecks - most of them aren't bare16:49
slaweqthat's all16:49
gmannthat is nice16:49
jungleboyjThat is a good improvement.16:49
gmann#topic Open Reviews16:49
dansmithsweet16:49
gmann#link https://review.opendev.org/q/projects:openstack/governance+is:open16:49
gmanntc charter change we already talked16:49
noonedeadpunksounds like 865367 ready for merge?16:50
gmannfungi: for all other project updates, we are waiting for project-config patches to merge, can you please check16:50
noonedeadpunkor we need 2/3 of tc for this one?16:50
gmannnoonedeadpunk: yeah16:50
gmannok that is all from today agenda, anything anyone would like to bring ?16:50
fungigmann: i can take a look16:50
gmannfungi: thanks 16:50
gmannFYI, next meeting is video call on Dec 7. 16:51
dansmithso,16:51
dansmithI will be out the rest of the year before our next meeting, just FYI so I shan't be around for lively discussion or to open a video call on our gmeet, if we still do that16:51
dansmithhopefully rosmaita slaweq or spotz  can do it, if we still need it pending the zoom stuff16:52
gmanndansmith: ack16:52
gmannsure16:52
slaweqsure16:52
rosmaitai should be around16:52
gmannif nothing else, let's close the meeting. Thanks everyone for joining.16:53
gmann#endmeeting16:53
opendevmeetMeeting ended Wed Nov 30 16:53:39 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:53
opendevmeetMinutes:        https://meetings.opendev.org/meetings/tc/2022/tc.2022-11-30-16.00.html16:53
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/tc/2022/tc.2022-11-30-16.00.txt16:53
opendevmeetLog:            https://meetings.opendev.org/meetings/tc/2022/tc.2022-11-30-16.00.log.html16:53
slaweqo/16:53
rosmaitabye16:53
noonedeadpunkwe also have quite bad situation with sahara. Gates are broken for Zed and master (and they never passed for Zed actually). There're patches to fix main issues, but there're couples of them that needs to be merged. I tried to invest some time fixing and sorting things out and came to the point when only one tempest job is not passing16:54
noonedeadpunkdidn't have time to dig more. 16:54
noonedeadpunkAnd didn't mail PTL yet16:54
noonedeadpunkWill try to invest some time into that, otherwise it has quite big chances to follow adjutant16:55
noonedeadpunkBtw tooz gates are also broken16:55
fricklerthere's also some other candidates if you look at e.g. https://review.opendev.org/q/topic:reno-zed+status:open or https://review.opendev.org/q/topic:add-antelope-python-jobtemplates+status:open16:59
noonedeadpunkyeah. freezer is another good example17:03
noonedeadpunk(not limited to it ofc)17:05
gmannnoonedeadpunk: good point, I have also observed sahara case. let's discuss it in next meeting. 17:12
gmannfreezer seems merging the patch when I add ptl in review17:12
gmannfrickler: ack, those are good starting point to know about such projects17:13
opendevreviewGhanshyam proposed openstack/governance master: Add Adjutant in inactive project list  https://review.opendev.org/c/openstack/governance/+/84915319:41
opendevreviewMerged openstack/governance master: Add Skyline repository for OpenStack-Ansible  https://review.opendev.org/c/openstack/governance/+/86316620:53
opendevreviewMerged openstack/governance master: Add the manila-infinidat charm to Openstack charms  https://review.opendev.org/c/openstack/governance/+/86406820:53
opendevreviewMerged openstack/governance master: Add the cinder-infinidat charm to Openstack charms  https://review.opendev.org/c/openstack/governance/+/86395820:53
*** dasm is now known as dasm|off22:23

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!