#openstack-kolla log

15:02:31 <mgoddard> #startmeeting kolla
15:02:31 <opendevmeet> Meeting started Wed Jul 21 15:02:31 2021 UTC and is due to finish in 60 minutes.  The chair is mgoddard. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:02:31 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:02:31 <opendevmeet> The meeting name has been set to 'kolla'
15:02:36 <mgoddard> #topic rollcall
15:02:36 <yoctozepto> \o/
15:03:19 <mgoddard> 0
15:03:21 <mgoddard> --
15:03:23 <mgoddard> |
15:03:37 <headphoneJames> o/
15:03:37 <mgoddard> \/\
15:04:36 <haerwu> [o]
15:04:37 <mgoddard> #topic agenda
15:04:44 <mgoddard> * Roll-call
15:04:46 <mgoddard> * Agenda
15:04:48 <mgoddard> * Announcements
15:04:50 <mgoddard> * Review action items from the last meeting
15:04:52 <mgoddard> * CI status
15:04:54 <mgoddard> * Release tasks
15:04:56 <mgoddard> * Xena cycle planning
15:04:58 <mgoddard> * Open discussion
15:05:05 <mgoddard> #topic announcements
15:05:42 <mgoddard> None here
15:07:01 <mgoddard> #topic Review action items from the last meeting
15:07:25 <mgoddard> mgoddard email openstack-discuss about holiday and to cancel next week's meeting
15:07:27 <mgoddard> mgoddard propose stable releases when backports merge
15:07:29 <mgoddard> y
15:07:41 <mgoddard> still waiting on those backports
15:07:59 <yoctozepto> what should I merge?
15:08:10 <mgoddard> anything on stable
15:09:23 <yoctozepto> oh my
15:09:27 <mgoddard> at least bugfix backports
15:09:39 <yoctozepto> ok, I will have a look
15:09:44 <mgoddard> cool
15:10:43 <yoctozepto> https://review.opendev.org/c/openstack/kolla-ansible/+/799110 still not merge
15:10:48 <mgoddard> #topic CI status
15:10:52 <yoctozepto> would be good to include in wallaby to unduck it
15:11:15 <mgoddard> nothing has merged recently :)
15:11:34 <yoctozepto> well, many others merged :-(
15:11:57 <mgoddard> and many more didn't
15:12:34 <mgoddard> people are on holiday, busy, etc.
15:13:04 <mgoddard> Kayobe CI broken
15:13:29 <mgoddard> This approach seems to work: https://review.opendev.org/c/openstack/kayobe/+/800273
15:13:39 <mgoddard> with dependent k-a fix: https://review.opendev.org/c/openstack/kolla-ansible/+/801267
15:14:45 <mgoddard> I fixed the ipxe healthcheck issue yoctozepto spotted
15:14:51 <mgoddard> https://review.opendev.org/c/openstack/kolla-ansible/+/801605/1
15:15:02 <mgoddard> So waiting on reviews for that chain
15:15:10 <mgoddard> I don't think there are any other CI issues?
15:16:00 <yoctozepto> I'm not up to date w.r.t CI nowadays
15:16:19 <mgoddard> ok
15:16:27 <mgoddard> #topic Release tasks
15:16:49 <mgoddard> Can we just merge the new release process already? https://review.opendev.org/c/openstack/kolla/+/795320/3/doc/source/contributor/release-management.rst
15:18:36 <mgoddard> Next milestone is R-8 Switch binary images to current release
15:18:38 <mgoddard> in 3 weeks
15:18:53 <mgoddard> also, request for cycle highlights went out on the ml
15:19:01 <mgoddard> not due until september though
15:19:17 <yoctozepto> yup
15:19:32 <mgoddard> #topic Xena cycle planning
15:19:45 <mgoddard> I booked us some slots for the PTG
15:19:48 <mgoddard> same as usual
15:20:02 <mgoddard> 13:00 - 17:00 UTC Monday and Tuesday for Kolla & Kolla Ansible
15:20:12 <mgoddard> 13:00 - 15:00 UTC Wednesday for Kayobe
15:20:37 <mgoddard> #link http://lists.openstack.org/pipermail/openstack-discuss/2021-July/023540.html
15:20:49 <mgoddard> PTG is Monday, October 18 to Friday, October 22, 2021
15:21:24 <mgoddard> If anyone cannot make those slots and would like to change, please speak up and we can consider rescheduling
15:22:33 <mgoddard> Anything else we should discuss for Xena?
15:22:46 <headphoneJames> I have two things
15:22:46 <mgoddard> I suppose technically that was a Yoga topic
15:23:14 <headphoneJames> not sure if we are talking about functionality we want in Xena yet though
15:23:28 <yoctozepto> we should be ;-)
15:23:32 <mgoddard> that's a valid topic
15:24:07 <headphoneJames> ok - 1. I'm still trying to get let's encrypt func into xena. Step one of this is https://review.opendev.org/c/openstack/kolla-ansible/+/741340
15:26:48 <headphoneJames> 2. To move towards enabling scope for keystone (and enforce_new_defaults), we need be able to assign system scope to a role. AFAIK, this currently cannot be done using openstack ansible commands
15:28:08 <headphoneJames> 2b - I wrote an email to openstack-discuss, and was told to use clouds.yaml file (based on OS_CLOUD environment variables). This is how it is done in devstack.
15:29:10 <headphoneJames> In the meantime, I have https://review.opendev.org/c/openstack/kolla-ansible/+/692179 updated and passing
15:32:57 <mgoddard> we're still interested in letsencrypt
15:33:18 <mgoddard> I'm trying to find a way to prioritise work on features
15:33:33 <mgoddard> but we're quite under resourced at the moment
15:33:52 <mgoddard> partially due to summer holidays
15:34:04 <mgoddard> but also reduced reviewer activity
15:34:07 <mgoddard> HELP WANTED
15:34:56 <mgoddard> I missed your openstack-discuss mail
15:36:38 <headphoneJames> http://lists.openstack.org/pipermail/openstack-discuss/2021-July/023746.html
15:36:42 <mgoddard> thanks
15:38:41 <opendevreview> Merged openstack/kolla master: docs: Update release management for Xena process  https://review.opendev.org/c/openstack/kolla/+/795320
15:38:45 <mgoddard> woop
15:40:41 <mgoddard> I'm not sure what else to say on those topics
15:40:52 <mgoddard> my brain is melting in 30 degree heat
15:41:12 <headphoneJames> boo to that!
15:41:14 <mgoddard> bring back my English rain
15:41:41 <mgoddard> Any more Xena topics?
15:42:26 <yoctozepto> I'm glad heat ended here
15:43:51 <mgoddard> #topic Open discussion
15:43:57 <mgoddard> Anything else today?
15:46:00 <yoctozepto> nuffing, I need to get back on review track
15:46:10 <headphoneJames> as a starting point - would it a possible pivot to move to clouds.yaml for KA deployment, or is that something we want to avoid?
15:46:42 <yoctozepto> clouds.yaml is the future; where do you want to put it here?
15:46:59 <headphoneJames> KA generates clouds.yaml
15:47:37 <mgoddard> my only concern with clouds.yaml is admin credentials on disk
15:47:38 <headphoneJames> instead of each component registering user/role during deployment
15:48:00 <mgoddard> I think openstack exporter does it too, but that is optional
15:48:08 <yoctozepto> ah, now I remember the issue
15:48:20 <headphoneJames> it would be a configuration option
15:48:58 <mgoddard> clouds.yaml defines the creds to talk to keystone. Each component would still have to register users & roles
15:50:15 <mgoddard> also kolla-toolbox runs on computes
15:50:24 <mgoddard> I wouldn't want admin creds there
15:51:01 <mgoddard> they are already in openstack config files I suppose
15:59:04 <yoctozepto> yeah, a compromised nova-compute is a gameover now
15:59:54 <mgoddard> well, at least we should restrict where kolla-toolbox runs
16:00:01 <mgoddard> wouldn't want to make the problem any worse
16:00:06 <yoctozepto> ++
16:00:15 <mgoddard> and ideally in future those creds could be constrained
16:00:32 <mgoddard> we're out of time
16:00:34 <mgoddard> thanks all
16:00:36 <mgoddard> #endmeeting