16:00:28 <mattmceuen> #startmeeting airship 16:00:29 <openstack> Meeting started Tue Jun 25 16:00:28 2019 UTC and is due to finish in 60 minutes. The chair is mattmceuen. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:30 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:32 <mattmceuen> #topic Rollcall 16:00:33 <openstack> The meeting name has been set to 'airship' 16:00:45 <mattmceuen> Hey everyone, we will be starting our weekly team meeting in a few minutes 16:00:54 <openstackgerrit> Roman Gorshunov proposed airship/airshipctl master: [WIP] Add basic gates and docs build https://review.opendev.org/667393 16:00:59 <mattmceuen> Please add anything you'd like to discuss to our agenda here: https://etherpad.openstack.org/p/airship-meeting-2019-06-25 16:01:01 <dwalt> o/ ! 16:01:09 <michael-beaver> o/ 16:02:05 <kskels> o/ 16:02:46 <alexanderhughes> o/ 16:03:08 <mattmceuen> alright, let's get movin' 16:03:11 <howell> o/ 16:03:29 <mattmceuen> #topic Meeting time voting 16:03:41 <mattmceuen> Just a reminder that we currently have a vote open here: https://etherpad.openstack.org/p/airship-meeting-vote-2019 16:03:54 <mattmceuen> To vote for the meeting time(s) for this meeting 16:04:03 <mattmceuen> If you have an opinion, please vote in there! 16:04:27 <mattmceuen> We are set to close by EOD. Does anyone feel like that's not enough time, or would need some more time to gather valuable votes? 16:05:10 <alexanderhughes> it's been up for some time, imo close at EOD and revisit later if we're suffering low attendance regularly 16:05:20 <mattmceuen> +1 to that 16:05:45 <mattmceuen> Alright, I will tally them up and send out results EOD (I honestly haven't reviewed them yet) 16:06:03 <mattmceuen> Unless anything else on the meeting time topic, I will plow ahead 16:06:40 <mattmceuen> #topic Revisit OpenSUSE Airskiff integration approach 16:06:50 <mattmceuen> Just to close the loop on this from last week 16:07:29 <mattmceuen> a few weeks ago, we'd decided that OpenSUSE support for Airskiff could be accomplished by using a fourth deckhand layer, below site (named `cicd`) 16:07:49 <mattmceuen> last week, we decided to think that through a bit again, just to make sure there were no issues 16:07:56 <mattmceuen> arunkant are you around by chance? 16:09:09 <mattmceuen> (or any of the other opensuse gurus) 16:10:20 <mattmceuen> In this morning's design call, we started discussing how we can "do this right" in Airship 2.0, since we're moving toward reworking our manifest layering using Kustomize anyway 16:11:23 <mattmceuen> That makes a good opportunity to get new features in, like "service layer" type things that let you pull documents into a site from different sources, e.g. one source for your hardware, once or more sources for your workload and overrides 16:11:35 <mattmceuen> Next week we'll start reviewing some details 16:12:04 <mattmceuen> So I guess my question is, is "a cicd layer off of airskiff site" good enough for opensuse until that lands 16:12:15 <openstackgerrit> PRATEEK REDDY DODDA proposed airship/promenade master: Inculde a post-run to the airship-promenade-genesis-gate https://review.opendev.org/666645 16:12:23 <mattmceuen> But I think we'll need to table it for now :) 16:12:56 <mattmceuen> However, on a related topic - another one from last week we were going to think about 16:13:17 <mattmceuen> #topic Tungsten Fabric Integration 16:13:35 <mattmceuen> obravo, you around? 16:14:03 <obravo> Yeah , hello! 16:14:25 <mattmceuen> The points above I made about "we want to do this right in Airship 2.0" applies to Tungsten Fabric in the same way that it applies to OpenSUSE 16:14:30 <obravo> Suddenly i`m still working in migrating to treasuremap 16:14:35 <mattmceuen> haha 16:14:54 <mattmceuen> oh awesome - do you have a patchset for treasuremap? I missed it 16:14:58 <mattmceuen> can you share that? 16:15:20 <mattmceuen> in the etherpad would be perfect 16:15:30 <obravo> it`s still in progress , i`ll try to share it before next Tuesday 16:15:38 <mattmceuen> Sounds great 16:16:40 <mattmceuen> So I will ask you for your thoughts on how we should manage Tunsten Fabric overrides in Airship, until Airship 2.0 makes it easier :) here are some options: 16:18:10 <mattmceuen> 1. Do what we want to do with Airskiff + OpenSUSE: make another layer underneath of a site (e.g. underneath `aiab`) that applies TF overrides on top of that site. This would be a great example for folks and is in line with work you've already done; however it wouldn't demonstrate a full example multinode site exactly 16:18:42 <mattmceuen> 2. Create a new `type` in Treasuremap that adds TF overrides, making it easy to base other sites off of it 16:19:09 <mattmceuen> the downside of that is it would have a lot of copy & paste overlap with other types, e.g. with `sloop` 16:20:14 <mattmceuen> 3. Create reference manifests outside of Treasuremap. They could even be layered on top of Treasuremap `globals`, basically same as #2 but split out into a different repo 16:20:29 <mattmceuen> The benefit of #3 would be that you'd have a lot of control over what's in that separate repository 16:20:45 <mattmceuen> We can go one or more of these routes 16:21:14 <mattmceuen> I would suggest we start with #1 and then go forward from there, but am certainly open to good ideas from you obravo or the rest of the team! 16:21:52 <kskels> My vote would probably be #2 - but would really need to think more also.. 16:22:42 <mattmceuen> #2 / #3 is certainly the more correct way to do it. And if we did start with #1, it might be good to pivot to #2 / #3 afterwards 16:23:00 <kskels> ok, sounds good 16:23:10 <mattmceuen> It comes with its own additional technical debt associated with having a new type -- but that's the world we'll live in till we have service layers 16:23:45 <mattmceuen> Hopefully I explained those ok obravo - please let me know if it sounds like crazy talk or if you have questions 16:23:50 <obravo> Well , if you ask for my opinion - i would prefer #1 . #2 is too difficult for temporary decision , and #3 makes layering system a little more tricky 16:24:53 <mattmceuen> Sounds good to me. The person doing the work gets a big vote ;-) we can take a look at it as a `cicd` layer implementation once it's done, and then pivot from there if we want 16:25:25 <mattmceuen> Then you'll also be going down a similar path to airskiff-opensuse as well 16:26:02 <mattmceuen> Hey jamesgu_, I think I may have seen you slip in as well? 16:26:32 <jamesgu_> @mattmceuen: hello 16:26:35 <mattmceuen> I captured some thoughts above on Airship 1.0 vs 2.0 OpenSUSE integration, for airskiff or otherwise 16:26:48 <mattmceuen> If you can give that a look at some point and let me know your thoughts that would be awesome 16:26:52 <AlexNoskov> Hey guys! Could you please review changes for promenade https://review.opendev.org/664467. Thanks! 16:27:03 <jamesgu_> sounds good.. catching up the notes here 16:27:13 <mattmceuen> o/ AlexNoskov will do - I'll add that to the review request list 16:28:09 <mattmceuen> Alright, thanks guys - moving on 16:28:17 <mattmceuen> #topic New AIAB in TM - ready to promote as *the* AIAB? 16:28:42 <mattmceuen> Since last week I've run through the new, Treasuremap-rehomed AIAB (single node), and it's been doing great in my testing 16:29:08 <mattmceuen> has anyone else had a chance to give it a spin? Any issues / concerns seen with it? 16:29:21 <openstackgerrit> PRATEEK REDDY DODDA proposed airship/promenade master: Inculde a post-run to the airship-promenade-genesis-gate https://review.opendev.org/666645 16:29:23 <kskels> I've tried it also - only 2x - worked good both cases. 16:29:37 <mattmceuen> excellent 16:29:55 <mattmceuen> we've also been pointing people who have been having problems with the "old" AIAB toward the new one 16:30:31 <mattmceuen> Are we ready then to start pointing people toward the new AIAB, from the airshipit.org home page, from documentation, etc? 16:30:35 <kskels> I think this is awesome - and should provide much better care and uplifts for AIAB compare to the old 16:30:38 <mattmceuen> I am leaning that way 16:30:39 <mattmceuen> ++ 16:31:16 <kskels> +1 for docs 16:32:28 <mattmceuen> As far as deprecating the "old" aiab, I suggest we do it phased, and put a note in the project readme / instructions saying something like "Note: airship-in-a-bottle has moved to the treasuremap project <link>. The aiab in this project is deprecated and will be removed at some point in the future" 16:32:38 <mattmceuen> or some such. does that sound reasonable 16:32:52 <dwalt> That sounds like a reasonable approach 16:32:59 <openstackgerrit> PRATEEK REDDY DODDA proposed airship/promenade master: Inculde a post-run to the airship-promenade-genesis-gate https://review.opendev.org/666645 16:33:03 <evgenyl> ++ deprecation note should suffice for now. 16:33:16 <dwalt> Really excited to see the long-awaited transition :) 16:33:25 <mattmceuen> same 16:33:47 <mattmceuen> cool, we have a path forward! 16:34:16 <mattmceuen> anything else to bring up on the aiab front this week? 16:34:25 <dwalt> one qq, are there areny outstanding changes? 16:34:36 <dwalt> To the old AIAB repo 16:35:13 <mattmceuen> There is obravo's tungsten fabric patchset, but he said he's working on a transition to treasuremap, so I think if he's ok with it he can abandon the old one 16:35:13 <dwalt> Noticing some where we may need to inform the authors: https://review.opendev.org/#/q/project:airship/airship-in-a-bottle 16:35:37 <openstackgerrit> Dan Crank proposed airship/promenade master: [DO NOT MERGE] combination PS for testing https://review.opendev.org/667402 16:35:55 <mattmceuen> yes - we'll need to try to reach out to them to make them aware 16:35:59 <obravo> sure, i`ll abandon it after this meeting 16:36:01 <mattmceuen> good catch dwalt 16:36:04 <mattmceuen> thanks obravo 16:36:22 <mattmceuen> I'll send out a heads-up on the mailing list 16:36:34 <mattmceuen> #action mattmceuen will send out a heads-up on the mailing list for aiab transition 16:36:38 <dwalt> Sure thing. I have one too that I need to reconcile :) 16:37:37 <mattmceuen> alright, moving on 16:37:44 <mattmceuen> #topic Patchset Review Requests 16:37:49 <mattmceuen> https://review.opendev.org/#/c/665667/ - Treasuremap Uplift PostgreSQL 16:37:49 <mattmceuen> https://review.opendev.org/#/c/664045/ - Check sync of only active MaaS rack controllers 16:37:49 <mattmceuen> https://review.opendev.org/664467 - Treasuremap Promenade Uplift 16:38:17 <mattmceuen> the middle one was on our list last week as well I believe, let's get some review on it for sure (as well as the uplifts) 16:38:30 <mattmceuen> any other patches you guys would like to call out? 16:39:12 <nishantkr> This one please - https://review.opendev.org/#/q/topic:add-release-annotation+(status:open+OR+status:merged) 16:39:19 <nishantkr> small change :) 16:39:58 <dwalt> thx nishantkr, I'll look into those 16:40:01 <mattmceuen> good one - thanks nishantkr 16:40:19 <nishantkr> Thank you 16:40:40 <alexanderhughes> I've got some work I'll be doing on Shipyard/Pegleg to accept an auth token passed rather than having the user provide their credentials to let the code auth against keystone and generate it's own token https://review.opendev.org/#/c/666402/ 16:40:52 <alexanderhughes> looking for thoughts on how to implement shipyard side before I dig into pegleg's piece 16:41:51 <alexanderhughes> and forcing pegleg to use 640 permissions on any file it creates, just to make sure none of the secrets are ever overly permissive and future proofing against anything that doesn't have secrets now as an output but might depending on use case https://review.opendev.org/#/c/666319/ 16:43:00 <mattmceuen> thanks alexanderhughes, good ones. Can you walk through the use case a bit for using an auth token rather than user credentials? 16:43:51 <nishantkr> well i thought this token was generated by keystone and to be used by services for proceeding ahead in the execution flow if token was valid 16:44:12 <alexanderhughes> sure, Darren reached out to me recently and was concerned about people using automation (Jenkins) for pegleg's upload command to shipyard. currently you provide the --os-auth-<> flags, including a password. this leads to tracking issues and exposing the password. he'd rather have the option for a user to get their own token and then provide it w 16:44:13 <alexanderhughes> ithout their credentials 16:44:58 <mattmceuen> yep, that makes a lot of sense 16:45:01 <alexanderhughes> I thought if we changed shipyard to look for an environment variable 'OS_AUTH_TOKEN' and use that if present it would solve our issue, then update pegleg's shipyard_helper code to match 16:45:13 <alexanderhughes> if not present, use existing code requiring the auth variables 16:46:26 <mattmceuen> sounds great, thanks! always good to understand the "why", appreciate the description 16:46:35 <mattmceuen> #topic Roundtable 16:46:53 <mattmceuen> Any other topics that you'd like to bring up today team? 16:47:58 <openstackgerrit> James Gu proposed airship/election master: Adding James Gu candidacy for TC role https://review.opendev.org/667409 16:49:34 <mattmceuen> in that case, we will call it a meeting. thanks everybody! 16:49:39 <alexanderhughes> thanks! 16:49:47 <mattmceuen> #endmeeting