#openstack-kolla log

15:02:46 <mgoddard> #startmeeting kolla
15:02:47 <openstack> Meeting started Wed Aug 21 15:02:46 2019 UTC and is due to finish in 60 minutes.  The chair is mgoddard. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:02:48 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:02:50 <openstack> The meeting name has been set to 'kolla'
15:02:52 <mgoddard> #topic rollcall
15:03:05 <mgoddard> Raise those hands now
15:03:10 <yoctozepto> o/
15:03:12 <Wasaac> o/
15:03:18 <dougsz> Lo
15:03:27 <scottsol> o/
15:03:37 <generalfuzz> o/ (for about 30 mins)
15:04:00 <mnasiadka> o/
15:04:05 <mgoddard> #topic agenda
15:04:07 <mgoddard> * Roll-call
15:04:10 <mgoddard> * Announcements
15:04:12 <mgoddard> ** Kayobe RC1 and stable/stein branches created
15:04:14 <mgoddard> * Review action items from last meeting
15:04:16 <mgoddard> * Kolla whiteboard https://etherpad.openstack.org/p/KollaWhiteBoard
15:04:18 <mgoddard> * Kayobe Stein release status
15:04:20 <mgoddard> * Train release planning
15:04:22 <mgoddard> * Ceph ansible migration
15:04:24 <mgoddard> * Kolla Ansible TLS Internal API
15:04:26 <mgoddard> #topic announcements
15:04:28 <mgoddard> #info Kayobe RC1 and stable/stein branches created
15:04:32 <mgoddard> #info Kayobe RC1 and stable/stein branches created
15:04:53 <yoctozepto> finally :-)
15:05:00 <yoctozepto> congrats kayobees
15:05:05 <mgoddard> I think there are a couple more bug fixes we might want to fix and/or backport
15:05:14 <mgoddard> then we should be good to release
15:05:24 <mgoddard> Any others?
15:05:57 <mgoddard> #topic review action items from last meeting
15:06:00 <mgoddard> mgoddard to ask infra about restarting gerrit
15:06:03 <mgoddard> mgoddard or someone else to check stable backports
15:06:29 <mgoddard> 1 - just did it, clarkb said they will schedule one soon
15:06:40 <mgoddard> 2 - I backported a bunch of stuff last week, mostly merged now
15:06:55 <mgoddard> I guess we should do stable branch releases
15:06:58 * yoctozepto the merge ensurer
15:07:10 <mgoddard> #action mgoddard to release stable branches
15:07:19 <yoctozepto> sure, why not, just merge me those latest Zun fixes
15:07:20 <mgoddard> #topic Kolla whiteboard https://etherpad.openstack.org/p/KollaWhiteBoard
15:07:50 <mgoddard> had some CI hiccups last week, thanks for fixing
15:08:00 <mgoddard> I think we're green again now?
15:08:06 <yoctozepto> green again
15:08:17 <yoctozepto> I think TripleO is back in green as well
15:08:31 <yoctozepto> nope
15:08:38 <yoctozepto> was for a moment though for sure
15:08:43 <yoctozepto> could be something random
15:08:52 <yoctozepto> cloudnull will let us know when they fix themselves
15:09:25 <mgoddard> k
15:09:38 <mgoddard> please everyone keep priority feature status up to date
15:10:29 <mgoddard> moved ubuntu py3 to done
15:11:31 <mgoddard> ok, move on
15:11:34 <mgoddard> #topic Kayobe Stein release status
15:11:40 <mgoddard> Covered it earlier
15:12:10 <mgoddard> Any patches in particular we need?
15:12:21 <mgoddard> priteau, dougsz, jovial?
15:13:15 <priteau> Would be nice to get the venvs update merged for the release, still need to review it
15:13:17 <dougsz> https://review.opendev.org/#/c/666635/ could be nice
15:13:26 <mgoddard> priteau: +1
15:13:37 <dougsz> (that's the one)
15:13:46 <mgoddard> added RP+1
15:13:58 <mgoddard> I think that's the main one
15:14:09 <dougsz> What about https://review.opendev.org/#/c/670502/?
15:14:19 <dougsz> ( iPXE boot with UEFI compute nodes)
15:14:20 <priteau> I was about to suggest it
15:14:28 <priteau> It's quite useful to have it
15:14:30 <mgoddard> oh yeah
15:14:35 <mgoddard> that would also be good
15:14:53 <priteau> What about the Arista code from Stig?
15:15:48 <mgoddard> too late I think
15:15:51 <mgoddard> he's out this week
15:16:19 <priteau> If the code is ready, we could merge and add the release note ourselves?
15:16:36 <mgoddard> that's true
15:16:59 <mgoddard> is that something you have time for priteau ?
15:17:21 <priteau> Writing the release note? yes, shouldn't take long
15:17:25 <mgoddard> thanks
15:17:47 <priteau> We're fairly confident that the Arista code works well to be shipped?
15:18:02 <mgoddard> Well I assume Stig tested it...
15:18:11 <mgoddard> it looked ok to me
15:18:15 <priteau> I guess we can do a 6.0.1 if needed
15:18:19 <mgoddard> yeah
15:18:41 <mgoddard> ok, I think we're good. Let's aim to have a release before next meeting
15:18:50 <mgoddard> hi jovial
15:19:00 <mgoddard> just finishing up kayobe stein discussion
15:19:02 <jovial[m]> hey
15:19:27 <mgoddard> if there are any patches you want in the release, ping me
15:19:39 <mgoddard> #topic Train release planning
15:20:26 <mgoddard> #link https://releases.openstack.org/train/schedule.html
15:21:00 <mgoddard> It's probably a good time to define our own delayed release schedule
15:21:21 <mgoddard> Main feature freeze is Sep 09 - Sep 13
15:21:59 <mgoddard> I think for Stein we lagged by 3 weeks, so Sep 30 - Oct 04 ?
15:22:30 <mnasiadka> there is no new Ceph, so sounds reasonable :D
15:23:43 <mgoddard> let's be optimistic and aim for 3 week lag on release :)
15:23:44 <yoctozepto> sounds reasonable
15:23:49 <mgoddard> main release is Oct 14 - Oct 18
15:24:07 <mgoddard> so we should aim for Nov 04 - Nov 08
15:24:34 <mgoddard> of course we're limited by RDO and others here, so let's not kick ourselves if we miss :)
15:24:47 <mgoddard> but hopefully we don't have last minute mariadb issues
15:25:14 <yoctozepto> mgoddard: only binaries, sources should be safer
15:25:24 <yoctozepto> let's aim for that on our sources
15:26:20 <mgoddard> there is also CentOS 8 to trip us up this time
15:27:00 <mgoddard> I've added those dates to the release status section on the whiteboard
15:27:09 <mgoddard> and added some risks to release
15:27:22 <mgoddard> any other risks, apart from RDO and centos 8?
15:27:36 <mnasiadka> well, for binaries we can test packages from trunk.rdoproject.org for CentOS at least
15:27:38 <yoctozepto> centos 8 is not ready yet
15:27:56 <mnasiadka> yoctozepto: well, it's semi-ready, so in two weeks we might be in a different position
15:28:01 <yoctozepto> nor 7.7 for that matter, there is some serious lag
15:28:17 <mgoddard> #link https://wiki.centos.org/About/Building_8
15:28:45 <yoctozepto> do we have to promise releasing for centos 8? centos-7-based images should be fine for train
15:28:46 <mgoddard> only one step left incomplete
15:29:02 <mgoddard> it means we don't easily get py3 on centos
15:29:19 <mnasiadka> yoctozepto: for now rdo builds on top of centos7, so we are safe
15:29:22 <mgoddard> not sure if RDO train will support centos7
15:29:39 <mnasiadka> but I remember them claiming they will support centos 8 only
15:29:44 <mgoddard> +1
15:30:08 <yoctozepto> oh noez
15:30:14 <yoctozepto> -100
15:30:44 <mgoddard> anything else to discuss for train?
15:30:51 <stackedsax> oh, hi, sorry I'm late
15:30:59 <mgoddard> any feature progress need to be discussed?
15:31:02 <mgoddard> hi stackedsax, np
15:31:33 <mgoddard> ok, let's get to the main course
15:31:46 <mgoddard> #topic Ceph ansible migration
15:31:55 <mnasiadka> oh boy
15:31:58 <mgoddard> mnasiadka has been doing some good investigation here
15:32:21 <mnasiadka> yes, hacking ceph-ansible stable-4.0 so it works
15:32:33 <mnasiadka> but investigation is in the spec more or less
15:32:43 <mnasiadka> https://review.opendev.org/#/c/544980/
15:33:16 <mnasiadka> bottom line is - there are no ceph container images for Ubuntu
15:33:26 <yoctozepto> mnasiadka to provide them
15:33:28 <mnasiadka> there are for Debian, OpenSuse and CentOS
15:33:46 <mnasiadka> yoctozepto: if I'll be bored - then maybe :)
15:34:06 <yoctozepto> did you collect intel as to why they are gone
15:34:27 <mnasiadka> for now I propose to work on CentOS, so we have some experience regarding deployment, migration, etc
15:34:41 <yoctozepto> yes, definitely
15:34:44 <mnasiadka> yoctozepto: simply there was no maintainer, funny thing is ceph-ansible started with Ubuntu as the only platform supported
15:34:55 <yoctozepto> yeah, I heard so
15:34:56 <mnasiadka> yoctozepto: but you know, Red Hat and so on :)
15:35:45 <mnasiadka> Ubuntu shouldn't be hard to add back based on the PR to remove it - the problematic thing is nfs-ganesha 2.8 vs 2.7 in CentOS, and only built for xenial - but probably we could surive
15:35:47 <mnasiadka> survive
15:36:06 <yoctozepto> rebuild ganesha?
15:36:09 <yoctozepto> should not be hard
15:36:11 <mnasiadka> I don't think there is a lot of users of ceph-nfs
15:36:20 <yoctozepto> me neither
15:36:29 <mnasiadka> I think CephFS and Manila has bigger user base in OpenStack world
15:37:25 <mnasiadka> So, bottom line is - please review the spec, I'll share my deployment experiences in the form of updating the external Ceph docs
15:37:34 <mgoddard> I think we need to know what they would expect in terms of maintenance for ubuntu, and whether anyone is prepared to take it on
15:37:52 <mnasiadka> mgoddard: judging by the fact Debian has not been updated in 8 months - I don't think that's a lot :)
15:38:19 <mgoddard> perhaps not, but maybe they would want someone from their core team to be interested
15:38:45 <mgoddard> it's the key thing that could block the whole proposal, right
15:38:48 <mnasiadka> mgoddard: and still the ceph-container builder pushes only centos builds to docker hub - so we would need to add container image building on our side I think
15:39:14 <mnasiadka> mgoddard: I'll try to find out what means maintaining, if that's not a lot of work, I think I can do this
15:39:22 <mgoddard> is that process automated?
15:40:46 <mnasiadka> mgoddard: you mean the builds? there is a travis job that builds the centos ones, it's as simple as make FLAVORS="what do you want to build" build, and then push it somewhere
15:41:12 <mgoddard> would be better if they just published ubuntu
15:41:30 <mnasiadka> they don't publish debian, so I guess that's the same department
15:41:33 <mnasiadka> I'll ask about it
15:41:57 <yoctozepto> and what if we have to do baremetal ceph
15:42:07 <yoctozepto> how well is it supported there
15:42:13 <mgoddard> I suppose we'd need to document building their images, but wouldn't really want to start pushing them to our dockerhub or anything
15:42:26 <mgoddard> yoctozepto: better than containers I think :)
15:44:00 <mgoddard> any more to say on ceph?
15:44:12 <yoctozepto> mnasiadka: ^ baremetal
15:44:58 <mnasiadka> baremetal means not containerized, just packages installed in the OS?
15:45:07 <mgoddard> yes
15:46:41 <mnasiadka> well, that's two settings in group_vars less than containerized?
15:47:00 <mnasiadka> Do we want to have that tested in the CI as well? I don't think it goes well with Kolla philosophy :)
15:47:11 <yoctozepto> ceph is not openstack
15:47:16 <yoctozepto> if it feels better outside
15:47:24 <yoctozepto> then be it
15:48:04 <mgoddard> do we have any info on how many people use ceph containers vs baremetal?
15:48:05 <yoctozepto> though would prefer containers
15:49:15 <mnasiadka> mgoddard: nope, ceph user survey did not include that question in 2018
15:49:46 <mgoddard> ok
15:49:57 <mnasiadka> The free-of-charge Linux distributions – Ubuntu (65.9%), Debian (8.6%), CentOS (28%), openSUSE (0.34%) – combined make up the largest share of deployments. Red Hat Enterprise Linux is used by 8.9%, and SUSE Linux Enterprise by 2.3%.
15:50:05 <mnasiadka> but that shows Ubuntu is on the top :D
15:50:46 <mnasiadka> https://ceph.com/ceph-blog/ceph-user-survey-2018-results/
15:51:01 <mgoddard> that suggests either people are using old releases of ceph-containers, or not using ceph-containers
15:51:14 <mgoddard> i.e. baremetal
15:51:56 <mgoddard> unless we have any more, let's move onto the last topic
15:52:05 <mnasiadka> Most users are using ceph-deploy instead of ceph-ansible
15:52:12 <mnasiadka> so that answers your question
15:52:19 <mgoddard> ok
15:52:34 <mgoddard> #topic Kolla Ansible TLS Internal API
15:52:54 <mgoddard> stackedsax, scottsol, generalfuzz, kklimonda: how's it going?
15:53:16 <stackedsax> generalfuzz has been working away at this
15:53:24 <stackedsax> essentially, we'll be pursuing the pan that seemed to be the consensus from our discussion last week: enabling TLS termination with each and every service
15:53:53 <generalfuzz> I am working on bringing the already in progress transactions to completion
15:54:03 <stackedsax> (generalfuzz had to step away, so I'm speaking for him at the moment)
15:54:06 <stackedsax> oh, or that
15:54:11 <stackedsax> hi generalfuzz
15:54:19 <mgoddard> great, frontend patch is looking close
15:54:51 <generalfuzz> I replied to your comments about documentation, we can talk about that after the meeting
15:54:59 <mgoddard> sure
15:55:08 <mgoddard> so what's the next steps from here?
15:55:33 <stackedsax> after that, we wanted to help get some of scottsol's reviews worked through, and then start the long road of going through each service and getting them going with TLS
15:55:50 <generalfuzz> Next I am tackling https://review.opendev.org/548407 which introduces a new test that needs fixing
15:56:43 <generalfuzz> With the goal of completing all transactions in https://review.opendev.org/#/q/topic:bp/add-ssl-internal-network+(status:open+OR+status:merged
15:57:18 <mgoddard> generalfuzz: I think there's a bit of overlap between that one and https://review.opendev.org/664517
15:57:50 <mnasiadka> are all PRs linked to bp/add-ssl-internal-network? it would ease the pain of reviewing :)
15:58:28 <generalfuzz> Ok, do you have a recommendation on which one I should focus on?
15:59:54 <mgoddard> https://review.opendev.org/548407 uses a slightly different approach to the currently proposed design
16:00:28 <stackedsax> we really weren't keen on 548407's approach
16:00:57 <mgoddard> the changes to the tests and certificate generation are probably worth extracting, but I think much of the rest is covered in https://review.opendev.org/#/c/664517/2
16:01:04 <generalfuzz> I'm on board to be not keen
16:01:10 <stackedsax> or, scottsol and co. would prefer not to go that route for our own infrastructure
16:01:55 <mgoddard> I quite like that they are separate patches, so maybe we need a new patch (or two) with the internal certificate generation and test updates?
16:02:18 <mgoddard> keeping the self-signed certs patch as it is
16:02:21 <mgoddard> make sense?
16:02:45 <mgoddard> then we can abandon Clint's patch and stop confusing people :)
16:02:53 <generalfuzz> Yes. One patch for internal certificate generation and testing
16:03:25 <mgoddard> sure
16:04:03 <mgoddard> ok, we're out of time
16:04:16 <mgoddard> thanks for joining, everyone
16:04:23 <generalfuzz> Just FYI, I'm on vacation next week, but will be back at it on September 3rd
16:04:26 <yoctozepto> \o
16:04:29 <mgoddard> #endmeeting