09:59:57 <strigazi> #startmeeting containers
09:59:57 <openstack> Meeting started Tue Apr 17 09:59:57 2018 UTC and is due to finish in 60 minutes.  The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot.
09:59:59 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
10:00:00 <strigazi> #topic Roll Call
10:00:01 <openstack> The meeting name has been set to 'containers'
10:00:47 <flwang1> o/
10:01:11 <strigazi> hi flwang1
10:01:21 <slunkad> hi
10:01:24 <flwang1> good to see you
10:01:29 <flwang1> "see"
10:01:47 <strigazi> yeah see is relative :)
10:02:05 <strigazi> #topic Blueprints/Bugs/Ideas
10:02:41 <strigazi> From my side,
10:03:34 <strigazi> I pushed a patch for moving all SoftwareConfigs to SoftwareDeployments, I'll do the same for master
10:03:52 <strigazi> #link https://review.openstack.org/#/c/561858/
10:03:57 <flwang1> strigazi: awesome, love it
10:04:36 <strigazi> the only not great part is the to install the syscontainer we need to be in the same fs
10:04:38 <ricolin> o/
10:04:50 <strigazi> hi ricolin
10:05:00 <flwang1> ricolin: waves from NZ
10:05:01 <strigazi> so I did what ansible does...
10:05:05 <strigazi> ssh
10:05:27 <flwang1> hmm....
10:05:30 <strigazi> https://review.openstack.org/#/c/561858/1/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh@16
10:06:10 <flwang1> strigazi: i will pay attention on that
10:06:11 <strigazi> It must be either ssh or a systemd unit to do atomic install
10:07:27 <strigazi> alternatively we can use ansible, https://docs.ansible.com/ansible/2.5/modules/atomic_container_module.html
10:08:04 <strigazi> ansible is the same principle, it executes stuff over ssh
10:08:15 <flwang1> strigazi: i see
10:08:25 <strigazi> see here the config https://review.openstack.org/#/c/561858/1/magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
10:08:38 <flwang1> i mean when I review the patch, i will do more research about that
10:09:10 <brtknr> Hi all
10:09:52 <strigazi> The tricky point is that, atomic creates hard links from /var/lib/containers/atomic to ostree, hard link means, same fs, means no mount namespace
10:09:56 <strigazi> hi brtknr
10:10:11 <strigazi> Also from my side,
10:10:53 <strigazi> I tested the eventlet fix: https://github.com/eventlet/eventlet/commit/1d6d8924a9da6a0cb839b81e785f99b6ac219a0e for the periodic task
10:11:10 <strigazi> flwang1: we will have an eventlet release soon I guess
10:12:04 <strigazi> That's it from me, this week I owe, api-ref for upgrades and the rest of the functionality
10:12:07 <flwang1> strigazi: cool, is there any relationship between doug's patch with our issue?
10:12:25 <strigazi> flwang1: coincidence :)
10:12:33 <flwang1> strigazi: gotcha
10:12:56 <strigazi> flwang1: And I hope no troubles when we want to inc the eventlet version
10:13:16 <flwang1> strigazi: finger cross ;)
10:13:36 <strigazi> flwang1: do you want to go next? I saw authz and authn :)
10:13:45 <flwang1> strigazi: oh, yes
10:14:15 <flwang1> for my side, i'm testing the keystone authN/authZ, hopefully i can finish the patch this week
10:14:47 <flwang1> and internally, Catalyst Cloud is planning the production release for Magnum, so I need to get the calico patch done ASAP
10:15:00 <flwang1> strigazi: sorry for all the pushing ;)
10:15:36 <strigazi> flwang1: yeah, i found an issue with the tolerations to spawn on the master
10:15:59 <flwang1> strigazi: with my calico patch?
10:16:03 <strigazi> yes
10:16:21 <flwang1> can you add more details on my patch or we can discuss offline?
10:16:31 <brtknr> strigazi: sorry i didnt mean to explain kubelet to you, misunderstood the question
10:17:07 <strigazi> flwang1: ok
10:17:45 <flwang1> and i'm starting to work on the cluster monitoring
10:18:28 <flwang1> that's all
10:18:57 <strigazi> brtknr: np, we can talk about it in a bit
10:19:40 <strigazi> slunkad? you have something?
10:20:14 <slunkad> yes
10:20:52 <slunkad> I was testing ricolin patch, it seems to have broken something, still looking into it. ricolin have you tired it out?
10:21:20 <slunkad> https://review.openstack.org/#/c/557337/
10:22:04 * strigazi will test it too
10:22:11 <slunkad> tried*
10:22:25 <strigazi> slunkad: what was the problem?
10:22:37 <strigazi> slunkad: What did you try?
10:22:39 <ricolin> slunkad yeah, I tested it against master
10:23:33 <slunkad> The broker has blocked the connection: connection blocked, see broker logs but I'm not sure yet that this is caused by the pacth, but happened after I applied the patch so was wondering if anyone tested it already
10:23:53 <slunkad> that was in the heat logs
10:23:56 <ricolin> If you can provide the test scenario that break, I can try that in my environment
10:24:59 <slunkad> I just tried to create a cluster after applying the changes, but if it worked for you  I will check again maybe just something to do with my env
10:25:43 <ricolin> Let me know if any more information:)
10:25:51 <slunkad> sure!
10:26:32 <slunkad> other than that I think this patch is ready https://review.openstack.org/#/c/552099/
10:26:50 <slunkad> the glossary I will take another look before we can merge it.
10:26:59 <strigazi> slunkad:  cool
10:27:02 <strigazi> ricolin:
10:27:30 <strigazi> The trust id is in the db right?
10:27:51 <ricolin> Yes
10:27:58 <strigazi> After a stack update we should expect that it is changed
10:28:07 <strigazi> right?
10:28:41 <ricolin> Yep
10:28:54 <ricolin> That’s the scenario
10:29:08 <strigazi> ricolin: And this will happen everytime?
10:29:50 <strigazi> ricolin: User A creates stack, userB does stack update (trust rotate), userA does stack update (trust rotate)
10:30:02 <ricolin> If the provided user changed
10:30:43 <slunkad> so we just need to call stack update to renew trusts?
10:30:57 <strigazi> slunkad: fo the heat trusts ye
10:30:59 <strigazi> slunkad: fo the heat trusts yes
10:31:24 <ricolin> Yes
10:31:27 <strigazi> for magnum you need to generate a new trust and pass it to heat
10:31:57 <slunkad> I see
10:32:04 <strigazi> pass it to heat: do a stack update passing the new trust as a stack parameter
10:33:07 <ricolin> Use another user to update stack, Heat will generate the new trust and replace the old
10:37:35 <strigazi> slunkad: anything else?
10:37:51 <slunkad> no not for this topic
10:38:48 <strigazi> cool, thanks
10:39:57 <strigazi> brtknr: I tried your fix in two different nodes. in one it worked in the other no.
10:40:41 <strigazi> Can you do atomic host status in the node it worked for you?
10:41:12 <strigazi> @all I'm talking about this one: https://review.openstack.org/#/c/561605/1/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh,unified
10:42:33 <strigazi> brtknr: are you still here?
10:42:48 <brtknr> strigazi: yes im here
10:46:57 <strigazi> brtknr: let's take https://review.openstack.org/#/c/561605 offline
10:46:59 <brtknr> strigazi: please discuss something else, i cant access the machine right now
10:47:11 <strigazi> @all anything else for the meeting?
10:47:15 <slunkad> has anyone seen this error before http://paste.openstack.org/show/719367/?
10:47:19 <strigazi> brtknr: np
10:48:05 <slunkad> I'm not sure which config file it is looking into for the auth_url
10:48:16 <slunkad> when running the k8s functional tests
10:48:35 <slunkad> (in pike)
10:49:48 <strigazi> slunkad: do you want to discuss it after the meeting? We don't have to log this
10:49:53 <slunkad> sure
10:50:17 <strigazi> Let's end it then, objections?
10:50:41 <strigazi> none :) See you
10:50:45 <strigazi> #endmeeting