fungi | OpenInfra Summit Europe will be October 17-19, 2025, at École Polytechnique near Paris, France: https://openinfra.dev/blog/openinfra-summit-2025 | 13:48 |
---|---|---|
fungi | tell your friends! | 13:49 |
opendevreview | Elod Illes proposed openstack/openstack-manuals master: WIP: [www] Update project data of 2024.2 Dalmatian https://review.opendev.org/c/openstack/openstack-manuals/+/945461 | 14:11 |
opendevreview | Elod Illes proposed openstack/openstack-manuals master: [www] Update project data of 2024.2 Dalmatian https://review.opendev.org/c/openstack/openstack-manuals/+/945461 | 15:32 |
noonedeadpunk | fungi: oh, nice! | 16:23 |
noonedeadpunk | oh, it's quite a nice place - as it;'s same as was for openinfra days last year | 16:26 |
noonedeadpunk | though transport to location is gonna be quite tough | 16:27 |
clarkb | you can take a train to a hiking trail that takes you there | 16:37 |
clarkb | get your workout in the morning and evening | 16:37 |
noonedeadpunk | oh, yes, I did almost that, except it was a bike | 16:37 |
noonedeadpunk | and it was really nice, as it was mid-May | 16:37 |
clarkb | nice | 16:38 |
fungi | i bet mid-october will be similarly pleasant weather | 16:41 |
* noonedeadpunk fingers crossed | 16:46 | |
frickler | tc-members: doc update for release related docs updates that should be done for each release https://review.opendev.org/c/openstack/releases/+/945348 , just fyi | 16:48 |
bauzas | fungi: well, Parisian weather in mid-october is not what I call 'pleasant' | 16:52 |
bauzas | go visit the Alps :p | 16:52 |
fungi | oh, too warm? | 16:52 |
noonedeadpunk | almost | 16:53 |
bauzas | umbrellas are expected | 16:53 |
noonedeadpunk | too wet I'd guess | 16:53 |
noonedeadpunk | but there's a chance for it to bee good | 16:53 |
bauzas | but with the global weather change, this is always flipping | 16:53 |
clarkb | if its like here then october is very much the transition month where summer fades away and fall winter show up | 16:53 |
bauzas | at least, I'm more than happy to ride by train to see a Summit, my carbon credit enjoys it :) | 16:54 |
fungi | i remember our first paris summit i got into town just before toussaint and found the weather to my liking, though this time will be a couple of weeks earlier than that | 16:54 |
bauzas | paris summit weather was indeed surprinsly good | 16:54 |
bauzas | I remember it, but this was raining one day if I recall correctly | 16:55 |
bauzas | anyway, this is North of France, don't expect a pleasant autumn :) | 16:55 |
* bauzas living close to the 45° meridian, everything headed north is basically North to me :) | 16:56 | |
fungi | rain doesn't bother me. i'm about 60% water already | 16:56 |
noonedeadpunk | it can be fine, I'd say - I was very lucky once at almost same timeframe in Brussles, but they have very alike weather afaik | 16:56 |
bauzas | oh, doh, s/meridian/latitude | 16:57 |
bauzas | my brain is so fried | 16:57 |
bauzas | x != y | 16:57 |
bauzas | (or rather, r, θ) | 16:58 |
bauzas | err, θ != φ | 16:59 |
gouthamr | tc-members: gentle reminder that our weekly IRC meeting will be held here in ~54 minutes | 17:06 |
opendevreview | Merged openstack/openstack-manuals master: [www] Setup 2025.2 Flamingo and add project data to Epoxy https://review.opendev.org/c/openstack/openstack-manuals/+/945318 | 17:24 |
opendevreview | Merged openstack/openstack-manuals master: [www] Update project data template https://review.opendev.org/c/openstack/openstack-manuals/+/945354 | 17:24 |
gouthamr | #startmeeting tc | 18:00 |
opendevmeet | Meeting started Tue Mar 25 18:00:52 2025 UTC and is due to finish in 60 minutes. The chair is gouthamr. Information about MeetBot at http://wiki.debian.org/MeetBot. | 18:00 |
opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 18:00 |
opendevmeet | The meeting name has been set to 'tc' | 18:00 |
gouthamr | Welcome to the weekly meeting of the OpenStack Technical Committee. A reminder that this meeting is held under the OpenInfra Code of Conduct available at https://openinfra.dev/legal/code-of-conduct. | 18:01 |
gouthamr | Today's meeting agenda can be found at https://wiki.openstack.org/wiki/Meetings/TechnicalCommittee | 18:01 |
gouthamr | #topic Roll Call | 18:01 |
bauzas | \o | 18:01 |
spotz[m] | o/ | 18:01 |
gtema | o/ | 18:01 |
frickler | \o | 18:01 |
noonedeadpunk | o/ | 18:01 |
mnasiadka | o/ | 18:02 |
gouthamr | courtesy-ping gmann cardoe | 18:03 |
gmann | o/ | 18:03 |
gouthamr | alright, its that magical time of 18:05 UTC, lets get started.. | 18:05 |
gouthamr | #topic Last Week's AIs | 18:05 |
gouthamr | we had a couple of things: | 18:07 |
gouthamr | 1) take operator engagement concerns to the PTG | 18:07 |
gouthamr | we added a topic to the etherpad: | 18:07 |
gouthamr | #link https://etherpad.opendev.org/p/apr2025-ptg-os-operators | 18:07 |
bauzas | +1 | 18:07 |
* gouthamr hopes that's the etherpad we'd use :) either case, save the date if you can attend: | 18:07 | |
gouthamr | 17 UTC on Friday April 11 | 18:07 |
gouthamr | 2) TC meeting time poll | 18:08 |
gouthamr | #link https://framadate.org/os-tc-2025-2 | 18:08 |
gouthamr | cardoe and spotz[m] haven't weighed in here | 18:09 |
spotz[m] | Dang though I had hang on | 18:09 |
gouthamr | okay, we can visit this topic at the end of this meeting | 18:10 |
gouthamr | that's all the AIs i was tracking, was anyone else working on anything? | 18:10 |
spotz[m] | Ok looking at my current meeting schedule it's bad:( But might be different after Kubecon | 18:12 |
gouthamr | #topic PTG Planning | 18:12 |
gouthamr | ^ a reminder to add topics to the etherpad here: | 18:12 |
gouthamr | #link https://etherpad.opendev.org/p/apr2025-ptg-os-tc (OpenStack Technical Committee vPTG etherpad) | 18:12 |
cardoe | sorry got stuck on a call. | 18:13 |
gouthamr | i'll slot these into specific times next week.. i'm hoping to get a split of topics that are good for the community to attend/participate in, and regular business where we'd take whatever participation we can get | 18:14 |
gouthamr | ack cardoe, please do fill out https://framadate.org/os-tc-2025-2 | 18:15 |
cardoe | doing it now | 18:15 |
spotz[m] | I'll be PTO that week | 18:15 |
gouthamr | ++ i've noted that about you and mnasiadka | 18:15 |
gouthamr | please feel free to add topics nevertheless if you think one of us can seed the discussion | 18:16 |
mnasiadka | Yeah, I'll be in NZST timezone that week | 18:16 |
gouthamr | #topic A check on gate health | 18:20 |
gouthamr | any CI updates to share this week? | 18:20 |
frickler | ubuntu kernel bug breaking jobs in neutron and kolla | 18:20 |
clarkb | the same issue that hit jammy in december | 18:20 |
frickler | we reverted to an old noble image and stopped rebuilds, so we are fine for now | 18:20 |
clarkb | and setuptools 78 rolled out breaking changes that broke many people though impact to openstack seemed minimal. They rolled back the change and now there is much discussion in python land about how to move forward | 18:21 |
clarkb | it is a good reminder that our packages should convert -'s in metadata names to _'s though | 18:21 |
gouthamr | ah, ty for both these updates.. | 18:21 |
mnasiadka | We managed to do it in Kolla before they did a revert, so maybe they did succeed ;-) | 18:21 |
noonedeadpunk | just seen a couple of timeouts last week which were not there for quite some time | 18:23 |
fungi | the centos 9 mirror was broken (sync'd an inconsistent state from an upstream mirror) for a few hours yesterday too | 18:24 |
gmann | one thing to update, devstack/grenade/tempest setup for new stable/2025.1 and current master is almost done. main setting are merged but a few more things are in gate | 18:25 |
gmann | #link https://review.opendev.org/q/topic:%22qa-2025-1-release%22 | 18:25 |
gouthamr | clarkb: my very quick search on codesearch.o.o shows me that all openstack setup.cfg files are fixed up, there is some boilerplate/tests/examples that need to be addressed.. i see lots of fixes possible for the non openstack/ though: like, https://opendev.org/zuul/zuul-jobs/src/branch/master/setup.cfg | 18:27 |
clarkb | gouthamr: ya an in theory pbr is doing the conversion for us but then setuptools did its own validation again and exploded | 18:28 |
clarkb | which is like we tried to do the right thing the easiest way possible and they broke us anyweay | 18:28 |
clarkb | gouthamr: within openstack I guess the problems were all in dependencies | 18:28 |
gouthamr | ++ | 18:29 |
fungi | well, and the aforementioned kolla patch | 18:30 |
gouthamr | ty for all the updates, the grenade one is important, and nice to knock it off as soon as the cycle begins | 18:30 |
gouthamr | #topic TC Tracker | 18:31 |
gouthamr | #link https://etherpad.opendev.org/p/tc-2025.1-tracker (Technical Committee activity tracker - 2025.1) | 18:31 |
gouthamr | frickler++ on the war footing merges last week :D | 18:32 |
frickler | yes, sadly even more zuul config errors now, need to do some follow ups | 18:33 |
gouthamr | #link https://review.opendev.org/c/openstack/releases/+/942218 (Yoga EOL) | 18:33 |
gouthamr | #link https://review.opendev.org/c/openstack/releases/+/942201 (Xena EOL) | 18:33 |
gouthamr | #link https://review.opendev.org/c/openstack/releases/+/941458 (Wallaby EOL) | 18:33 |
gouthamr | ah.. yes, we couldn't know if we didn't start cleaning up | 18:33 |
frickler | also no progress afaict on cleaning up issues for the things we did not eol | 18:34 |
gouthamr | ack | 18:34 |
gouthamr | these are repos that have (un) maintainers.. i suppose we can narrow things down at the PTG | 18:35 |
gouthamr | i'll go down the list and seek updates, because we'll close this etherpad and create a new tracker at the PTG | 18:36 |
gouthamr | https://etherpad.opendev.org/p/tc-2025.1-tracker | 18:36 |
gouthamr | please share any updates if you'd like on items that you've been tagged with | 18:36 |
gouthamr | anything else on the tracker? | 18:37 |
gouthamr | #topic Open Discussion and Reviews | 18:37 |
gouthamr | 18:37 | |
* gouthamr copy-pastes from teh agenda | 18:37 | |
gouthamr | Non-auditable process of skyline releases, ie: https://opendev.org/openstack/openstack-ansible-os_skyline/src/branch/master/tasks/skyline_install_yarn.yml#L126-L127 That is a result of building static files with yarn, but potentially it should be completely offloaded to Zuul to prevent malicious code injection during such manual patches. | 18:37 |
fungi | yeah, i recall we discussed it in #openstack-infra recently at length | 18:39 |
fungi | pep 770 will in time provide a mechanism for recording sboms as static data files shipped in sdists/wheels | 18:40 |
mnasiadka | FWIW I don't think we're building static files with yarn in kolla - but I haven't used skyline really. frickler do you have any... experience? | 18:40 |
fungi | there's a yarn plugin apparently to auto-generate cyclonedx sboms | 18:40 |
noonedeadpunk | well we do in osa | 18:41 |
fungi | but also, a short term stop-gap would be to amend the manifest to include the yarn.lock file used at build time | 18:41 |
noonedeadpunk | but the biggest problem is that they do a human made patch for the realease of the amount that is non-verifiable | 18:41 |
frickler | I never did that | 18:41 |
bauzas | I have no context either so far | 18:42 |
clarkb | noonedeadpunk: patch of what? Sorry I don't understand what is being patched | 18:42 |
noonedeadpunk | and that is actully somehow reminds me of xz being compromised in an alike way | 18:43 |
noonedeadpunk | #link https://review.opendev.org/c/openstack/skyline-console/+/945065 | 18:43 |
fungi | bauzas: the larger problem is that we have openstack projects (horizon does it too) shipping embedded copies of random libraries developed outside openstack, and these are not easily inspected or tracked for updates, often falling well out of date and including known vulnerabilities, which our users of those files are not notified about in any way | 18:43 |
noonedeadpunk | so they do prepare it for releasing skyline-console so that it was containing the rightfully built content | 18:43 |
clarkb | oh they are committing the build artifacts into the repo. they shouldn't do that either way | 18:43 |
noonedeadpunk | yup... | 18:44 |
clarkb | butthen I agree that is the same sort of vector used by xz. Use opaque gzip data as the transport layetr | 18:44 |
fungi | yeah, the more narrow problem in skyline is that they're committing compiled versions of those libs into git, not even doing it automated at build time | 18:44 |
gmann | If i am recalling correctly but isn't that one of the things to check when skyline project status changed from emerging to active projects ? | 18:45 |
bauzas | I see, a security attack vector indeed | 18:45 |
noonedeadpunk | So sorry if I mislead by original description | 18:45 |
noonedeadpunk | no I think we totally missed the process | 18:45 |
gouthamr | gmann: not the same issue: https://review.opendev.org/c/openstack/governance/+/924109/comments/510391ea_9cf4bc38 | 18:47 |
gmann | gouthamr: I mean we missed to check this in that change. I think that was one of the thing we discussed to take it as emerging project and not active | 18:47 |
gmann | and one of the few things they should solve before becoming the Active project | 18:48 |
bauzas | looks important indeed | 18:48 |
frickler | well we made it active, didn't we? | 18:48 |
gmann | yes, we made it active | 18:50 |
noonedeadpunk | I think we did | 18:50 |
gmann | this is good email thread I found where fungi mentioned all points for skyline team to solve | 18:51 |
gmann | #link https://lists.openstack.org/pipermail/openstack-discuss/2021-December/026254.html | 18:51 |
spotz[m] | cardoe: I know you all are using Skyline, is this something you all could possible help with? | 18:51 |
spotz[m] | My thought maybe they just need help and guidance to resolve this | 18:52 |
cardoe | I've really wanted our folks to get involved. | 18:52 |
fungi | it's wholly possible i missed things though, i had limited available time to audit the state of their projects | 18:55 |
noonedeadpunk | so I guess it's a question now on how we should proceed with this, given that project was made active | 18:55 |
noonedeadpunk | as apparently this is a case for TC to step in a way | 18:55 |
clarkb | step 0 might be trying to reproduce what was built | 18:55 |
bauzas | Should we signal it ? | 18:55 |
fungi | looks like i didn't bring up any of the javascript content at all | 18:55 |
clarkb | if that chceks out then the risk is probably low and they can work to fix in the next cycle | 18:55 |
clarkb | if that doesn't check out then you have bigger questions | 18:55 |
bauzas | like a disclosure | 18:56 |
frickler | pretty likely yarn builds are not reproducible bit-by-bit like when deps got updated, what then? | 18:57 |
clarkb | frickler: they should have a lockfile and the diff should probably be minimal if using the same version of the lock? | 18:58 |
clarkb | I mean its effort and I'm not signing up myself for this. But I think it is one path forward | 18:58 |
mnasiadka | Looking at the brief list of items from this Dec 2021 thread - shouldn't there be a resolution that this is the framework that all projects need to comply with? (briefly the list that fungi mentioned there and probably some more) | 18:58 |
fungi | we have a list: | 18:59 |
fungi | #link https://governance.openstack.org/tc/reference/new-projects-requirements.html Requirements for new OpenStack Project applications | 18:59 |
fungi | but it could certainly stand to be improved | 18:59 |
gouthamr | we're at the hour, but we can close out with this topic | 19:01 |
bauzas | please yeah | 19:01 |
gouthamr | can someone take a stab at bringing this issue to the ML? | 19:01 |
gouthamr | we've struggled to get conversations going with skyline contributors on the ML/IRC, but, i can't think of a better way to have a public discussion on something that's not a code change | 19:02 |
gouthamr | we'd do this also to bring attention to deployers/distros and operators apart from the contributors | 19:03 |
fungi | i think project leaders have reached out to them through wechat in the past | 19:03 |
noonedeadpunk | well, I can try to reproduce the process, sure, as we do perform yarn build in osa | 19:03 |
fungi | might at least be able to give them a heads up that it's being discussed | 19:03 |
fungi | (and where, in case they want to participate in the discussion) | 19:04 |
gouthamr | we can alert them wherever to come respond to the ML :D | 19:04 |
gmann | I think language is also one of the challenge for them to be less active on ML | 19:05 |
gmann | at least to read a lengthy emails or so | 19:05 |
gouthamr | yes, we need this to be broken down into problem and suggestion to be helpful.. i think we've identified problems with them in the past, and they don't know what they'd do to fix it? or they may not understand why they should care.. | 19:06 |
bauzas | language is a barrier for many of us :-) | 19:07 |
gouthamr | alright, 7 minutes over, don't mean to keep us on this.. let me end the meeting so we can chat async about this | 19:08 |
gouthamr | thank you all for attending | 19:08 |
gouthamr | #endmeeting | 19:08 |
opendevmeet | Meeting ended Tue Mar 25 19:08:14 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 19:08 |
opendevmeet | Minutes: https://meetings.opendev.org/meetings/tc/2025/tc.2025-03-25-18.00.html | 19:08 |
opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/tc/2025/tc.2025-03-25-18.00.txt | 19:08 |
opendevmeet | Log: https://meetings.opendev.org/meetings/tc/2025/tc.2025-03-25-18.00.log.html | 19:08 |
gouthamr | fungi: do you recall when the discussion happened on #openstack-infra, or have a handy way to search? | 19:08 |
fungi | gouthamr: sorry, it was a related discussion about security concerns with horizon's continued reliance on xstatic packages: https://meetings.opendev.org/irclogs/%23openstack-infra/%23openstack-infra.2025-03-13.log.html#t2025-03-13T19:36:57 | 19:11 |
gouthamr | ah! ty fungi | 19:11 |
fungi | as for skyline, picking a random example https://opendev.org/openstack/skyline-console/src/branch/master/skyline_console/static/base.bundle.1663167892.js.gz doesn't seem to have been updated in almost 3 years | 19:12 |
mnasiadka | Looking at Gerrit they do seem to be active, maybe it's just a matter of guidance and reaching out to them using the proper medium (but also that should be documented somewhere in skyline docs - currently there's nothing how to reach the project maintainers) | 19:12 |
gouthamr | mnasiadka: https://docs.openstack.org/skyline-console/latest/contributor/contributing.html | 19:14 |
gouthamr | some "default content" adapted to their context | 19:15 |
gouthamr | there are three core developers, all from 99cloud, and you can get their emails from the gerrit group linked.. but besides, they note that there is no weekly meeting, and IRC is their primary method of communication (it isn't) | 19:15 |
gouthamr | wu_wenxiang checks IRC messages though | 19:16 |
fungi | yeah, when i pinged wu_wenxiang about release highlights in #openstack-skyline i did get an "ok" a few days later | 19:17 |
fungi | (though still no release highlights, sadly) | 19:18 |
gouthamr | yes, that's the last encounter i see | 19:19 |
gouthamr | as you stated, this issue is shared with horizon - i see sean-k-mooney and tmazur chatting on #openstack-horizon as well, identifying the old old js/xstatic content and working on it as tech debt.. | 19:23 |
fungi | also zuul has some similar challenges i want to find a way to solve | 19:24 |
fungi | which got a mention in the #openstack-infra discussion | 19:24 |
gouthamr | spotz[m]: missed saying this during the meeting, please share availability for a generic week on https://framadate.org/os-tc-2025-2 .. it'd be after you return in the next month | 21:20 |
gouthamr | since the meeting time we pick will last until the end of this release | 21:21 |
spotz[m] | Besides the one I did during the meeting? | 21:21 |
spotz[m] | dangit! It's not there | 21:21 |
spotz[m] | Ok third time is the charm gouthamr ! Right now I've got a ton of meetings, some of them might shift after Kubecon but no guarantees | 21:23 |
gouthamr | tyty :) | 21:24 |
spotz[m] | I think my issue was hitting the button on the bottom of the page vs under my name | 21:24 |
gouthamr | okay, its between 1700 UTC where we won't have cardoe or 1800 UTC where we won't have gtema | 21:24 |
gouthamr | and both on Tuesday | 21:24 |
spotz[m] | So basically same day and timish | 21:25 |
cardoe | I’ll see if I can adjust. | 21:25 |
spotz[m] | I'd say we could rotate but that gets confusing and folks miss it because they show up at the wrong time | 21:25 |
gouthamr | yes :( | 21:26 |
gouthamr | cardoe++ i think it'd ease the EU folks' pain a teeny-bit to set this meeting to 1700 UTC on Tuesdays | 21:28 |
cardoe | Just gonna have to | 21:29 |
cardoe | Firm push at folks. It’s EU folks at work that are the problem | 21:29 |
cardoe | For me. Wrecking my calendar. | 21:29 |
cardoe | Which is what happened today. | 21:30 |
spotz[m] | I would confirm with them, some like to have family/dinner time with that earlier slot and others don't want to stay up later working:( It's kind of why I do a broken up day to try to be everywhere | 21:30 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!