10:00:40 <strigazi> #startmeeting containers 10:00:41 <openstack> Meeting started Tue Mar 20 10:00:40 2018 UTC and is due to finish in 60 minutes. The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot. 10:00:42 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 10:00:45 <openstack> The meeting name has been set to 'containers' 10:00:50 <strigazi> #topic Roll Call 10:01:00 <slunkad> hi 10:01:13 <strigazi> hello slunkad 10:02:22 <strigazi> Looks like it is me and you slunkad :) 10:02:36 <strigazi> #link https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2018-03-20_1000_UTC 10:02:37 <slunkad> yep 10:02:44 <strigazi> #link https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2018-03-20_1000_UTC 10:02:48 <strigazi> #topic Announcements 10:03:13 <strigazi> I updated most of the blueprints in: 10:03:17 <strigazi> #link https://blueprints.launchpad.net/magnum 10:03:49 <slunkad> oh nice 10:04:02 <strigazi> Blueprints with no one workig on them have the targeted release, milestone and priority removed 10:05:02 <strigazi> I created the rocky release and its milestone and started to add bluprints. Let's try to set the list for rocky this week 10:05:15 <strigazi> We can target bugs too. 10:05:23 <strigazi> This is a good landing page. 10:05:28 <slunkad> yes 10:05:43 <strigazi> #link https://launchpad.net/magnum 10:05:58 <strigazi> and here you can see what is assigned to Rocky 10:06:26 <strigazi> #link https://launchpad.net/magnum/rocky 10:07:01 <strigazi> Three blueprints and 1 bug, I'll through the bugs too. 10:07:29 <slunkad> ok 10:07:30 <strigazi> #topic Blueprints/Bugs/Ideas 10:08:33 <strigazi> ** Rocky blueprints review 10:08:52 <strigazi> https://blueprints.launchpad.net/magnum/rocky 10:09:13 <strigazi> slunkad: do you want to add opensuse for Rocky and a bp for the works on docs? 10:09:45 <slunkad> strigazi: yes 10:10:10 <slunkad> for the docs one I don't think we need a bp though 10:10:13 <strigazi> ok, I'll add the driver work and add a bp for docs 10:10:46 <slunkad> not sure, because I did take a look at the docs and what I see is most projects have a glossary section 10:11:15 <strigazi> slunkad: do you have milestone in mind for opensuse? 10:12:07 <slunkad> strigazi: Rocky I would imagine 10:12:37 <strigazi> slunkad: here are the dates https://releases.openstack.org/rocky/schedule.html 10:13:49 <slunkad> strigazi: I would target it to m3 if that's alright 10:15:06 <strigazi> slunkad: it's ok 10:15:55 <strigazi> slunkad: https://blueprints.launchpad.net/magnum/+spec/k8s-opensuse-support done 10:16:17 <slunkad> thanks! 10:16:40 <strigazi> about docs, don't we need a bp? I imagine there will be multiple patches 10:17:25 <strigazi> We can have glossary, architecture, how to interact with clusters 10:17:35 <slunkad> yes about docs, I\'m not sure how much work is there. I have a patch which removes what I think can go into the glossary, maybe I push that first and then we can discuss on it? 10:17:47 <strigazi> ok 10:18:05 <slunkad> strigazi: ok if you have more things in mind already would make sense to put it down in a bp 10:18:25 <strigazi> ok, I'll right them down and assign to you? 10:18:30 <strigazi> will you have time? 10:19:03 <slunkad> strigazi: yes I should, but I would need help with some of the stuff on it I guess like the architecture 10:19:46 <strigazi> slunkad: of course, I can do that part or I'll help you with it 10:20:07 <slunkad> strigazi: cool then:) 10:20:27 <strigazi> #action strigazi to draft a blueprint for docs refactoring 10:20:47 <strigazi> Next item: 10:20:56 <strigazi> ** strigazi to report back on cluster upgrades 10:21:37 <strigazi> I started the implementation for upgrading with cluster-templates and faced to issues. 10:21:53 <strigazi> The most important one is labels. 10:23:01 <slunkad> what exactly are the issues? 10:23:11 <strigazi> In queens we added labels to cluster and in the driver template definition 10:23:23 <slunkad> yes 10:23:27 <strigazi> we take the labels from cluster 10:24:15 <strigazi> which means when trying to upgrade some values that come from labels via a cluster template change 10:24:24 <strigazi> those value are not changed. 10:26:19 <strigazi> The pupropose of letting users overwrite labels on cluster create is to give them choice on which features they want to use. eg enable dashboard etc 10:27:05 <strigazi> As a solutions I was thinking to have another set of fields that it is not possible to overwrite 10:27:35 <slunkad> but we want it to be overwritable right? 10:27:41 <strigazi> eg the tag of kubernetes or other tags, etcd, calico, and so on 10:28:22 <strigazi> So, the operator can have some public templates with two set of labels. 10:28:48 <strigazi> One with versions and features that he wants to offer to users 10:29:20 <strigazi> features that the operators wants all users to have 10:29:52 <slunkad> ah yes, I think we spoke about this briefly at the ptg 10:29:53 <strigazi> and another one, that users can enable or disable on cluster creation 10:31:02 <strigazi> The second type is those that can be overwritten and it's the current labels. 10:31:29 <strigazi> The first one can be a new field that can not be overwritten. 10:32:13 <strigazi> This way the operator controls what users get in their clusters. 10:32:25 <strigazi> Makes sense? 10:32:26 <slunkad> sounds good 10:32:29 <strigazi> good 10:32:35 <strigazi> I'll add it to the spec 10:33:24 <strigazi> ok, next 10:33:43 <strigazi> ** slunkad to report on "trust invalid when user is disabled" https://bugs.launchpad.net/magnum/+bug/1752433 10:33:44 <openstack> Launchpad bug 1752433 in Magnum "trust invalid when user is disabled" [Undecided,New] - Assigned to Sayali Lunkad (sayalilunkad) 10:34:16 <slunkad> yes, so I started implementing this but I wanted to clarify some things before going further 10:35:00 <slunkad> as I see it now this change is mostly on the client side, that is we create new trusts and somehow push it into the cluster 10:35:39 <slunkad> I am wondering if this also needs some db changes because there is the trust_id and trustee field in the cluster object 10:36:09 <slunkad> and if you already have an idea of how we push the new trust_id to the cluster? 10:36:42 <strigazi> slunkad: yes, we need to change the values in the db 10:37:02 <strigazi> slunkad: we will pass the new values with a software deployment 10:37:28 <strigazi> slunkad: the new trust generation will be done by magnum 10:37:44 <strigazi> slunkad: in the cert-manager 10:37:52 <slunkad> what do you mean with a software deployment? 10:38:04 <slunkad> cert-manager? 10:38:34 <slunkad> or trust-manager? 10:39:41 <strigazi> this is a software deployment http://git.openstack.org/cgit/openstack/magnum/tree/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml#n582 10:39:58 <strigazi> yes, trust-manager sorry 10:40:27 <strigazi> in software deployement you can also pass values: 10:41:23 <slunkad> ok and do these values get automatically updated when changed? 10:41:24 <strigazi> slunkad: https://review.openstack.org/#/c/514960/1/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml@424 10:44:10 <slunkad> ok 10:44:35 <strigazi> You start by the conductor changes 10:44:58 <strigazi> updating the db and so on, and we can do the heat-template together 10:45:21 <slunkad> ok cool 10:45:33 <strigazi> aslo, check which api call will do it 10:45:45 <strigazi> we could use the remove-cert api 10:45:57 <slunkad> will do what? 10:46:23 <strigazi> how the user will trigger the rotation of the trust 10:46:47 <slunkad> ah yes 10:47:14 <slunkad> I saw some rotate ca stuff 10:47:49 <strigazi> it could be done by openstack coe certificate rotate 10:48:42 <strigazi> http://git.openstack.org/cgit/openstack/magnum/tree/doc/source/user/index.rst#n1912 10:49:09 <slunkad> yes that's what I was thinking 10:49:15 <strigazi> cool 10:50:09 <slunkad> do we already have that implemented as a osc command also? 10:50:19 <strigazi> yes 10:50:53 <strigazi> http://git.openstack.org/cgit/openstack/python-magnumclient/tree/magnumclient/osc/v1/certificates.py#n36 10:51:12 <slunkad> cool 10:52:33 <strigazi> I'm addint the action again and the one for cluster upgrades 10:52:42 <slunkad> ok 10:52:53 <strigazi> #action slunkad to report on "trust invalid when user is disabled" https://bugs.launchpad.net/magnum/+bug/1752433 10:52:55 <openstack> Launchpad bug 1752433 in Magnum rocky "trust invalid when user is disabled" [High,New] - Assigned to Sayali Lunkad (sayalilunkad) 10:53:30 <strigazi> #action strigazi to update the spec for cluster upgrades with a new type of "immutable" labels 10:54:52 <strigazi> I'll merge with the actions of the previous week since Feilong is not here and I didn't push the patch for flannel. 10:55:30 <strigazi> Since we have 5 minutes, do you have anything else got the meeting slunkad ? 10:56:01 <slunkad> no, that's all, thanks! 10:56:56 <strigazi> Thanks slunkad, see you next week. Since you are in Europe next week it will be one hour later for us. still utc 1000 10:57:23 <strigazi> see https://www.timeanddate.com/worldclock/fixedtime.html?msg=Magnum+Team+Meeting&iso=20180327T10 for conversion 10:57:41 <strigazi> See you 10:57:42 <slunkad> strigazi: oh yes, thanks for that 10:57:44 <slunkad> bye! 10:57:47 <strigazi> #endmeeting