16:00:02 <Jeffrey4l> #startmeeting kolla 16:00:07 <openstack> Meeting started Wed Mar 7 16:00:02 2018 UTC and is due to finish in 60 minutes. The chair is Jeffrey4l. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:08 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:10 <openstack> The meeting name has been set to 'kolla' 16:00:11 <Jeffrey4l> #topic roll-call 16:00:23 <spsurya__> w00t 16:00:29 <pbourke> o/ 16:00:32 <hrw> o/ 16:00:41 <rwellum> o/ 16:00:44 <chason> o/ 16:01:21 <hrw> I will be partially as have other confcall at same time 16:01:38 <Jeffrey4l> #topic Announcements 16:02:07 <caoyuan> hi guys 16:02:09 <Jeffrey4l> have a nice trip at dublin gus 16:02:35 <Jeffrey4l> 1. we have release kolla queens rc1 and rc2 will be released next weekly. 16:02:56 <Jeffrey4l> so this is the last time to fix the bug and test upgrade. 16:03:34 <Jeffrey4l> feel free to call the kolla cores to review the emergency patches. 16:04:03 <Jeffrey4l> 2. along with the rc1 release, queens branch is created too. So the master branch is opened for pb. 16:04:43 <Jeffrey4l> if you get a -2 for feature freeze reason, you can ask core to remove it. 16:04:56 <Jeffrey4l> any other annoucements? 16:05:05 <pbourke> minor announcement, I'm currently in possession of a stack of kolla stickers from the PTG. I missed the chance to hand them out so will bring them to the next event :) 16:05:20 <duonghq> o/ 16:05:46 <Jeffrey4l> cool thanks pbourke 16:06:00 <Jeffrey4l> any others? 16:06:11 <rwellum> If we send you a SAE will you send them over pbourke :) 16:06:47 <Jeffrey4l> lol 16:06:50 <pbourke> if anyone wants to paypal me postage I'll happily post them to you 16:07:17 <rwellum> +1 16:07:23 <Jeffrey4l> let us move on, we have lots of things to do today ;D 16:07:29 <Jeffrey4l> # topic kolla queens release requirements 16:07:34 <Jeffrey4l> #topic kolla queens release requirements 16:08:00 <Jeffrey4l> since we don't have much time before release dead line 16:08:13 <Jeffrey4l> and we have several critical issue to resolve. 16:08:25 <Jeffrey4l> so i want to post them here. 16:08:36 <Jeffrey4l> first is https://review.openstack.org/530208 16:08:47 <Jeffrey4l> chason is working on it. 16:08:58 <Jeffrey4l> and it break queens branch image building. 16:09:38 <Jeffrey4l> vpnnas images does not exist and it work as a l3 extenstion. 16:09:40 <pbourke> is there no option to leave things as is for queens? 16:10:15 <pbourke> seems late for an architectural change like that 16:10:34 <Jeffrey4l> pbourke, no. either drop the vpnass support in queens for kolla. or backport the bp 16:10:48 <Jeffrey4l> yeah, this is a general issue for kolla now. 16:11:22 <Jeffrey4l> when the poroject marked some feature as deprected. narmally kolla doesn't aware this until this feature is remove. 16:11:45 <Jeffrey4l> this happen on keyston uuid token too. 16:11:58 <Jeffrey4l> no good idea to resolve such kinda issue. :( 16:12:29 <Jeffrey4l> anyway, i think we haven't to backport this pb to queens branch like a FFE. 16:12:40 <Jeffrey4l> any question for this? ^ 16:13:09 <pbourke> sounds ok to me 16:13:35 <Jeffrey4l> cool, thanks 16:13:40 <caoyuan> it ok for me 16:14:08 <Jeffrey4l> there is also some other patches, like bump repo or openstack service version here 16:14:08 <Jeffrey4l> https://review.openstack.org/#/q/status:open+project:openstack/kolla+branch:stable/queens 16:14:43 <Jeffrey4l> mostly it should be merged before release, so please keep eyes on it cores. :D 16:14:47 <hrw> review https://review.openstack.org/#/c/550378/ https://review.openstack.org/#/c/550367/ to have centos/aarch64 repos fixed properly (in master) and then backport one to have ceph/luminous for aarch64/centos 16:15:12 <Jeffrey4l> yes ^^ some are still on master 16:15:54 <Jeffrey4l> ok, that's all for queens release. 16:15:57 <Jeffrey4l> let us move on. 16:16:03 <Jeffrey4l> #topic snowpenstack recap / debrief 16:16:30 <pbourke> one or two things on this then we can move onto the goals etc. 16:16:42 <Jeffrey4l> first of all, thanks pbourke to hold the meeting at ptg, since i am absent. 16:16:55 <pbourke> Id like to apologise on behalf of Ireland for the weather :) 16:17:01 <gema> LOL 16:17:08 <Jeffrey4l> could you take this pbourke ? 16:17:11 <pbourke> sure 16:17:29 <pbourke> so we didn't get to discuss everything we wanted, or at least as well as we might have liked 16:17:38 <pbourke> but we did cover a good bit of ground given the circumstances 16:17:43 <spsurya__> pbourke: i am unhappy ;) 16:17:46 <Jeffrey4l> #link https://etherpad.openstack.org/p/kolla-rocky-ptg-planning 16:17:54 <pbourke> I'm writing up a summary report that I can send round on the mailing list 16:18:02 <pbourke> to save people trying to parse the etherpads 16:18:13 <pbourke> that said there is some good info in the pads so its worth looking at them as well 16:18:14 <duonghq> thank Paul 16:18:37 <pbourke> I think the main thing we need now is to take what was discussed and distill it into a list of goals for rocky 16:18:53 <pbourke> as we wont be able to cover everything and some have more priority 16:19:12 <pbourke> Jeffrey4l: does sound ok? 16:19:14 <pbourke> *that sound 16:19:18 <spsurya__> +1 pbourke 16:19:21 <Jeffrey4l> yes 16:19:37 <rwellum> thanks pbourke 16:19:43 <pbourke> I cant remember how we've done this in the past 16:19:53 <pbourke> etherpad or just let the PTL decide 16:20:17 <gema> I guess you put out the goals and see if there is someone willing to work on them? 16:20:21 <gema> take volunteers? 16:20:35 <pbourke> true, no point in having goals if there's no one to take them up 16:20:37 <Jeffrey4l> iirc, we need review the current actions. and convert them to a bp. 16:20:56 <Jeffrey4l> then priority the bp and take volunteers 16:21:20 <pbourke> how about I'll send out the summary mail and Jeffrey4l can take it from there? 16:21:58 <Jeffrey4l> pbourke, sure. i think we can do this in ML. after you sent the mail. 16:22:06 <pbourke> sounds good 16:22:26 <Jeffrey4l> yeah. 16:22:30 <pbourke> the other thing from the PTG that we didn't get to discuss before things were called off was kolla-k8s 16:22:35 <pbourke> did the call on friday go ahead? 16:23:12 <Jeffrey4l> since all the attendee have no idea for kolla-k8s, it is ended soon. 16:23:34 <pbourke> ok, good to know either way 16:23:44 <Jeffrey4l> we are agree re-scheduler another meeting to talk about it when k8s active contributor is in 16:23:57 <Jeffrey4l> rwellum, around? 16:24:24 <rwellum> Yeah - apologies for my remoteness, some changes with my $$job etc. 16:24:35 <gema> Jeffrey4l: you may want to sync up with kevin zhang from my team 16:24:43 <rwellum> The meeting on Friday was 3am for me I think 16:24:55 <Jeffrey4l> rwellum, yes. the time is bad 16:25:03 <Jeffrey4l> gema, i will , thanks. 16:25:04 <gema> kevin zhao , sorry 16:25:22 <Jeffrey4l> spsurya__ have add some info on the ptg planing etherpad. 16:25:46 <Jeffrey4l> rwellum, could you talk about kolla-k8s ? 16:26:15 <spsurya__> Jeffrey4l: also had discussion with OSH PTL and flapper87 of TripleO team 16:26:31 <spsurya__> about Openstack on kubernetes 16:26:51 <Jeffrey4l> spsurya__, any conclusion? 16:27:03 <spsurya__> but would be better if we have discussion with few key contributors og kk8s 16:27:11 <rwellum> Sure but I don't have too much to add, I think the same questions we had pre-PTG are still the same. I have noticed that I no longer can run kolla-k8s, seem to be various image issues. I know ansible seeing some of the same. 16:27:28 <spsurya__> Jeffrey4l: it is kind of biased 16:27:38 <spsurya__> from each project side 16:27:53 <spsurya__> evry project is quite similar 16:28:02 <Jeffrey4l> spsurya__, yeah 16:28:16 <spsurya__> as per discussion with other project contributors 16:29:17 <spsurya__> Jeffrey4l: some kk8s has more control over services but complex deployment 16:29:29 <spsurya__> w.r.t to OSH 16:29:38 <Jeffrey4l> spsurya__, and i will check the current status of different openstack over k8s project. 16:30:05 <Jeffrey4l> if you are intereting this, welcome join us. 16:30:06 <spsurya__> Jeffrey4l: i already added few in eatherpad 16:30:14 <spsurya__> rocky PTG 16:30:47 <Jeffrey4l> yeah, i saw them. But i will try to run the project and compare it ;D 16:31:02 <spsurya__> Jeffrey4l: +1 16:31:20 <spsurya__> I will also like to run the project 16:31:32 <rwellum> I think one question is, do you want a kolla-k8s project that is uniquely tied to kolla? 16:31:47 <Jeffrey4l> rwellum, are you saying the image? 16:31:57 <rwellum> If the answer is yes then as a team we should commit to it. 16:32:59 <rwellum> No I mean currently it's: kolla->kolla-k8s and kolla->ansible. They are both sub-projects of kolla. If we decide that osh is the way forward then we would break that relationship. 16:33:01 <Jeffrey4l> yes. we hope kolla-k8s to be success as kolla-ansible. 16:34:03 <duonghq> but we are lacking of contributor? 16:34:06 <spsurya__> +1 Jeffrey4l & rwellum 16:34:15 <duonghq> aren't we? 16:34:21 <pbourke> duonghq: yes 16:34:49 <Jeffrey4l> rwellum, any suggestion how? the issue is which way (or deploy philosophy) is correct and we will follow. 16:35:05 <pbourke> a problem I see is there is currently confusion from new comers to kolla as to the differences between kolla-k8s and openstack-helm 16:35:08 <spsurya__> we shouldn't compare with OSH if we want to make kk8s successful as kolla-ansible 16:35:19 <pbourke> also when people ask for help around kolla-k8s they rarely get a reply 16:35:25 <pbourke> so overall its making kolla look bad 16:35:38 <Jeffrey4l> pbourke, yes. 16:35:54 <gema> Jeffrey4l, pbourke: maybe we should refocus kolla-k8s 16:35:58 <spsurya__> pbourke: agree 16:36:00 <rwellum> I agree. I think kfox and sbezverk have dropped out a lot and no-one is answering 16:36:01 <pbourke> there are also people wasting time investigating kolla-k8s without the knowledge it may not be around much longer 16:36:03 <gema> state clear goals, how long there is to go 16:36:06 <caoyuan> agree 16:36:10 <gema> and whether it makes sense to continue 16:36:17 <gema> and ask for volunteers 16:36:18 <rwellum> We had fairly clear goals for Rocky 16:36:23 <gema> if there is nobody 16:36:23 <gkadam> duonghq, pbourke hi, I would like to contribute here. this is my second kolla meeting. I missed last week, was down with viral fever and cough. but for many again a questions arises is , how a newbie can start? 16:36:29 <inc0> hello everyone (I'm alive!) one thing I was considering, instead of killing 16:36:30 <inc0> project 16:36:37 <inc0> was to just separate it 16:36:44 <pbourke> inc0: +1 16:36:45 <caoyuan> when contributor commit a ps, seems no body review it.. 16:36:49 <gema> rwellum: we didn't get to discuss them because of snow 16:36:50 <inc0> and let it live it's own life 16:37:08 <Jeffrey4l> gkadam, welcome 16:37:13 <pbourke> if poeple want to work on it of course that's fine. but currently it doesn't seem in a good position to be under the kolla namespace 16:37:16 <gkadam> Jeffrey4l, :) 16:37:29 <inc0> separation would mean separate core team (already exists), separate governance (team meetings etc) and separate PTL 16:37:35 <ktibi> hum kolla-k8s success as kolla-ansible ? and people like me with a production platform on kolla-ansible ? I need to redeploy ? what is the plan ? 16:37:53 <pbourke> ktibi: you don't have to do anything if you dont want to :) 16:37:59 <gema> ktibi: TBD 16:38:03 <Jeffrey4l> ktibi, that is far from current goal i think. 16:38:05 <inc0> ktibi: as far as I know kolla-ansible is not going anywhere in forseeable future 16:38:29 <Jeffrey4l> inc0, +1 for separate 16:38:32 <inc0> both can and will live in pararell 16:38:39 <ktibi> what is for you "far" ? because I work for 1-2 year :/ 16:38:43 <inc0> parallel, hate this word 16:39:17 <gkadam> inc0, stranger things had parallel worlds too :D 16:39:17 <inc0> ktibi: since I'm no longer PTL I don't want to make any statements, but kolla-ansible was always meant to be stable and prod 16:39:31 <spsurya__> +1 inc0 for governance thing for kk8s 16:39:32 <Jeffrey4l> i understand you in wrong. kolla-ansible will not retire 16:39:39 <inc0> that means it's going to be maintained and I don't think anyone ever considered just blank move to k8s 16:39:58 <rwellum> Guys I have to leave unfortunately - but will check the thread when I am back. I am available to discuss k8s more this afternoon. 16:39:59 <Jeffrey4l> inc0, i will start to do the seperate thing recently, but may need you help :D 16:40:08 <inc0> Jeffrey4l: I'm here if you need me 16:40:08 <pbourke> rwellum: thanks for checking in 16:40:13 <Jeffrey4l> rwellum, thanks 16:40:50 <inc0> so ktibi don't worry, we won't leave you and other opearators;) 16:41:09 <ktibi> inc0 ok thx ;) 16:41:21 <Jeffrey4l> so what we need now is: 1. seperate 2. clear goals and 3. volunteers 16:41:38 <spsurya__> rwellum: thanks for coming and update 16:41:52 <duonghq> I like inc0 idea 16:42:19 <gema> will be a hard sell for me if it is outside kolla 16:42:26 <gema> we may not be able to contribute anymore 16:42:29 <inc0> it wouldn't be bad to consider kolla-ansible to be separate as well, both projects have enough scope for one PTL 16:42:48 <duonghq> over and over, I got question about kolla-k8s vs ovh as much as kolla-ansible vs tripleo (especially when tripleo undercloud is moving to containerized fully) 16:42:48 <Jeffrey4l> gema, it is not outstid of kolla. just another team. you can also join it . 16:43:14 <Jeffrey4l> the deep reason is: kolla-ansible and kolla-k8s are totally different on tech arch. 16:43:14 <inc0> I had a lot of kolla-ansible vs openstack-ansible 16:43:14 <gema> Jeffrey4l: we work for a committee, it's easier to be part of an established team than to go and join a new one 16:43:21 <inc0> confusion will always be there 16:43:35 <gema> inc0: +1 16:43:48 <inc0> gema: thing is, if one person can focus just on kolla-k8s 16:43:53 <inc0> (as in separate PTL) 16:44:15 <inc0> and separate governance 16:44:30 <inc0> this one person can be more focused on re-invigorating community 16:44:45 <gema> inc0: true, I understand that 16:44:45 <Jeffrey4l> inc0, +1 16:45:07 <duonghq> it'll be hard time for kolla-k8s when people come to questioning about this on its feet vs ovh, etc, 16:45:07 <inc0> it's already separate team effectively 16:45:44 <Jeffrey4l> duonghq, ovh? osh? 16:45:54 <duonghq> Jeffrey4l, osh, sorry for my typo 16:46:31 <Jeffrey4l> so, the next action for kolla-k8s will be: 1. seperate 2. clear goals and 3. volunteers 16:46:45 <Jeffrey4l> i will report the progress in next meeting. 16:46:48 <spsurya__> +1 inc0 Jeffrey4l 16:47:04 <Jeffrey4l> let move on. 16:47:09 <duonghq> Jeffrey4l, inc0 do you think we can (should) bring our goal from last cycle(s) to the-new-kolla-k8s? 16:47:35 <Jeffrey4l> hrm? that's that mean? 16:47:43 <spsurya__> duonghq: yes 16:47:50 <inc0> there is quite clear list of goals for k8s 16:48:06 <Jeffrey4l> ah, duonghq sure. 16:48:20 <spsurya__> https://etherpad.openstack.org/p/kolla-kubernetes-todo 16:48:35 <spsurya__> https://etherpad.openstack.org/p/kolla-queens-ptg-k8s-release-roadmap 16:48:40 <spsurya__> duonghq: 16:48:41 <inc0> separation will be quite interesting, as I don't think anyone ever done that 16:48:58 <duonghq> spsurya__, thanks 16:49:02 <inc0> we should discuss it with TC how to do it best 16:49:02 <pbourke> inc0: nova? ;) 16:49:15 <inc0> ok. yes it has been done;) 16:49:23 <duonghq> spsurya__, I think we can move it to the-new project 16:49:50 <duonghq> hmm, project separation doesn't too rare in OpenStack world? 16:49:50 <spsurya__> duonghq: yes inc0 idea is good 16:50:37 <Jeffrey4l> ok, time to move on. 16:51:01 <Jeffrey4l> #topic Security bug in gates 16:51:07 <Jeffrey4l> #link https://bugs.launchpad.net/kolla-ansible/+bug/1749326 16:51:08 <openstack> Launchpad bug 1749326 in kolla-ansible "Exploitable services exposed on community test nodes" [Critical,Confirmed] 16:51:18 <Jeffrey4l> pbourke, do you have any update for this? 16:51:32 <pbourke> Jeffrey4l: unfortunately not, it totally slipped my mind last week 16:51:46 <pbourke> that's why I added it to the agenda 16:52:00 <pbourke> looks like you have a patch? 16:52:16 <Jeffrey4l> i think the only possible solution is add iptables rules and only allow konwn vm to access 16:52:21 <Jeffrey4l> yes. 16:52:26 <Jeffrey4l> #link https://review.openstack.org/550325 16:52:44 <Jeffrey4l> recently there a is memcached ddos attack, 16:52:54 <Jeffrey4l> you can get more from http://www.openwall.com/lists/oss-security/2018/03/02/1 16:53:01 <ktibi> ho T_T 16:53:14 <ktibi> https://bugs.launchpad.net/kolla-ansible/+bug/1753425 https://review.openstack.org/#/c/549715/ 16:53:15 <Jeffrey4l> i just disabled the udp protocol support in memcached. since we don't use it. 16:53:15 <openstack> ktibi: Error: malone bug 1753425 not found 16:53:25 <pbourke> so does this fix the problem or just partially? 16:53:50 <inc0> it doens't really fix problem 16:53:51 <Jeffrey4l> partically. or not, it not solve the problem. 16:53:59 <inc0> it lowers potential of exploitation 16:54:13 <Jeffrey4l> memcached port is still open for whole intenet world 16:54:49 <Jeffrey4l> the only way i think is: " add iptables rules and only allow konwn vm to access " 16:54:59 <pbourke> that or do we need it in the gates? 16:55:02 <Jeffrey4l> so need implement this in or ci jobs. 16:55:16 <pbourke> what services currently need memcache 16:55:48 <Jeffrey4l> nova-consoleauth 16:55:59 <pbourke> hmm ok so we need it 16:56:02 <ktibi> I apply my patch for udp and all works for me. UDP is not need to be enable. 16:56:26 <Jeffrey4l> there are also palce use memcached as cache tier. it is helpful for performance. 16:56:38 <Jeffrey4l> so we shouldn't remove it. 16:56:56 <Jeffrey4l> ktibi, your patch? which patch? 16:57:16 <ktibi> Jeffrey4l, I make a bug security and a review for this issue since 2 day 16:57:24 <ktibi> I think you miss it and recreate a review with same change 16:57:32 <pbourke> i'll look at Jeremy's iptables rules 16:57:54 <Jeffrey4l> cool. i am think there should be the same solution in devstack gate. 16:58:09 <Jeffrey4l> but i am not sure where the code is. 16:58:34 <pbourke> looks like he linked it in the bug 16:58:39 <ktibi> I used the solution of redhat https://access.redhat.com/solutions/3369081 16:58:48 <Jeffrey4l> ok. i will check it later. 16:58:55 <Jeffrey4l> time is up. 16:59:14 <Jeffrey4l> ktibi, thanks 16:59:23 <Jeffrey4l> thanks for coming. 16:59:27 <Jeffrey4l> have a good day 16:59:35 <Jeffrey4l> #endmeeting