16:00:27 <strigazi> #startmeeting containers
16:00:27 <openstack> Meeting started Tue Dec  5 16:00:27 2017 UTC and is due to finish in 60 minutes.  The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:28 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:31 <openstack> The meeting name has been set to 'containers'
16:00:52 <strigazi> #link https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2017-12-05_1600_UTC
16:00:57 <strigazi> #topic Roll Call
16:01:18 <slunkad_> Sayali Lunkad
16:03:40 <strigazi> I will go quickly through some items I think are useful
16:03:49 <slunkad_> ok
16:03:51 <strigazi> #topic Announcements
16:04:16 <strigazi> For fedora-atomic users: Test kube 1.9 with magnum Pike/Master https://hub.docker.com/r/openstackmagnum/kubernetes-kubelet/tags/ (use kube_tag=v1.9.0-beta.1)
16:04:32 <strigazi> #topic Review Action Items
16:04:37 <strigazi> None
16:04:42 <strigazi> #topic Blueprints/Bugs/Ideas
16:05:42 <strigazi> A common problem in many magnum deployments is communication of the nodes to the openstack control which *must* behind ssl
16:05:51 <strigazi> Add pre_hook interface https://review.openstack.org/#/c/525662/1
16:06:41 <strigazi> This patch adds the possibility to execute a small operator defined script in very start of the node deployment
16:07:05 <strigazi> The first targer of course is installing the OS certificates
16:07:13 <strigazi> something like:
16:07:47 <strigazi> http://paste.openstack.org/raw/628186/
16:08:50 <strigazi> there are additional patches to set the CA for the heat-agent like so:
16:08:57 <strigazi> https://review.openstack.org/#/c/468816/24..25/magnum/drivers/common/image/heat-container-agent/config.json.template and https://review.openstack.org/#/c/468816/24..25/magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
16:09:35 <strigazi> All this work is needed for upgrades and to extend the data we can pass to the nodes using heat
16:10:00 <strigazi> to them to heat securely :)
16:10:23 <slunkad_> ok good to know
16:11:00 <strigazi> And most importantly without any patch to magnum, we, at CERN, carry a patch to install the certs
16:11:42 <strigazi> That is it from me, slunkad_ do you need any help with your patch? can I test anything?
16:11:58 <slunkad_> actually I do need some help with the image
16:12:08 <slunkad_> so this patch https://review.openstack.org/#/c/520063/
16:12:28 <slunkad_> I am not very familiar with dib and stuff and I am kind of stuck on what needs to be done here
16:12:47 <slunkad_> if you know, I could use the help
16:13:30 <strigazi> What is the problem exactly can give me a hint?
16:14:28 <slunkad_> well in the ci job I see something fail because of os-collect-config
16:14:37 <strigazi> log?
16:14:50 <slunkad_> http://logs.openstack.org/63/520063/3/experimental/magnum-dib-buildimage-opensuse-423/4ca9de5/job-output.txt.gz
16:15:58 <slunkad_> and also how can I build this locally?
16:16:30 <strigazi> slunkad_ similar to https://github.com/openstack/magnum/tree/master/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes
16:17:41 <slunkad_> ok
16:18:19 <strigazi> slunkad_ this line is outdated, https://review.openstack.org/#/c/520063/3/playbooks/magnum-buildimages-base.yaml@37
16:18:43 <strigazi> I think the problem is that the dib base elements are not sources properly
16:19:43 <strigazi> with these two lines:
16:19:43 <strigazi> export PATH="${PWD}/dib-utils/bin:$PATH"
16:19:44 <strigazi> export ELEMENTS_PATH=$(python -c 'import os, diskimage_builder, pkg_resources;print(os.path.abspath(pkg_resources.resource_filename(diskimage_builder.__name__, "elements")))')
16:19:50 <strigazi> it should work
16:20:11 <strigazi> these lines are from https://github.com/openstack/magnum/tree/master/magnum/drivers/k8s_fedora_ironic_v1/image/kubernetes
16:20:25 <strigazi> I can give it a go locally as well
16:20:34 <strigazi> slunkad_: makes sense?
16:20:38 <slunkad_> ok yes that does
16:20:49 <strigazi> cool
16:21:00 <slunkad_> thanks!
16:21:05 <strigazi> slunkad_: Do you want to discuss anything else?
16:21:22 <slunkad_> I think once we have the image we can move forward with the drivers patch too
16:21:30 <strigazi> excellent
16:21:35 <slunkad_> no I'm good
16:21:44 <strigazi> how you will install kubernetes?
16:21:51 <strigazi> is in the images?
16:22:02 <slunkad_> its not
16:22:17 <strigazi> from the tarballs?
16:22:19 <slunkad_> I will have to check with dirk for that
16:22:24 <strigazi> ok
16:23:14 <strigazi> to make it appealing to users I would say to also keep in mind that in certain deployment people might not have connectivity outside their DC
16:23:55 <slunkad_> okay
16:24:02 <slunkad_> dirk: ping?
16:24:06 <strigazi> this is why for the fedora-atomic driver we have options to pass local registries
16:24:31 <slunkad_> I see
16:25:05 <strigazi> if kube is gonna run as a container we can do the same
16:26:01 <strigazi> slunkad_: let's wrap up?
16:26:06 <slunkad_> yes
16:26:18 <strigazi> thanks for joining
16:26:30 <strigazi> #endmeeting