#openstack-kolla log

15:00:20 <mnasiadka> #startmeeting Kolla
15:00:20 <opendevmeet> Meeting started Wed Feb 16 15:00:20 2022 UTC and is due to finish in 60 minutes.  The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:20 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:20 <opendevmeet> The meeting name has been set to 'kolla'
15:00:28 <mnasiadka> #topic rollcall
15:00:30 <mnasiadka> o/
15:01:34 <yoctozepto> o/
15:02:46 <mgoddard> |O
15:02:54 <mgoddard> 01
15:04:20 <yoctozepto> !!!!1111oneoneoneeleven
15:04:20 <opendevmeet> yoctozepto: Error: "!!!1111oneoneoneeleven" is not a valid command.
15:04:36 <opendevreview> Michal Nasiadka proposed openstack/kolla-ansible master: haproxy: support different internal/external ports  https://review.opendev.org/c/openstack/kolla-ansible/+/823395
15:04:47 <mnasiadka> lol
15:04:55 <mnasiadka> #topic agenda
15:05:05 <mnasiadka> * Announcements
15:05:05 <mnasiadka> * Review action items from the last meeting
15:05:05 <mnasiadka> * CI status
15:05:05 <mnasiadka> * Release tasks
15:05:05 <mnasiadka> * Current cycle planning
15:05:07 <mnasiadka> * Additional agenda (from whiteboard)
15:05:07 <mnasiadka> * Open discussion
15:05:16 <mnasiadka> #topic Announcements
15:05:44 <mnasiadka> It seems I'm the PTL for Zed cycle - in case anyone wonders ;-)
15:05:50 <mnasiadka> #topic Review action items from the last meeting
15:06:21 <mnasiadka> mnasiadka post a patch for docs - standard topics that should be discussed over PTG and then revisited in mid-cycle
15:06:21 <mnasiadka> mnasiadka to triage security bugs and update them with resolution plan (if needed)
15:06:21 <mnasiadka> hrw to discuss with pynacl upstream to release binary wheel of 1.4.0 for aarch64
15:06:29 <mnasiadka> I haven't progressed on mine, hrw is not here
15:06:36 <mnasiadka> #action mnasiadka post a patch for docs - standard topics that should be discussed over PTG and then revisited in mid-cycle
15:06:41 <mnasiadka> #action mnasiadka to triage security bugs and update them with resolution plan (if needed)
15:06:47 <mnasiadka> #action hrw to discuss with pynacl upstream to release binary wheel of 1.4.0 for aarch64
15:06:51 <mnasiadka> #topic CI Status
15:07:12 <mgoddard> congrats mnasiadka on winning the election
15:07:24 <mgoddard> long may your PTLship last!
15:07:25 <mnasiadka> CI looks fairly ok, not counting the ansible-lint blowout and centos-rabbitmq-38 repo missing on centos8s :)
15:07:27 <mnasiadka> thanks mgoddard
15:08:29 <mnasiadka> Can we update Kolla-Ansible to GREEN? Any objections yoctozepto or mgoddard?
15:08:37 <mgoddard> go ahead
15:08:43 * frickler sneaks in late and joins in congratulations
15:08:50 <yoctozepto> yeah, congrats, mnasiadka
15:09:01 <yoctozepto> and yeah, no objections
15:09:22 <mnasiadka> updated
15:09:29 <mnasiadka> #topic Release tasks
15:09:54 <mnasiadka> This week is R-6
15:10:26 <mnasiadka> R-2 is Feature Freeze
15:10:44 <mnasiadka> #topic Current cycle planning
15:11:07 <mnasiadka> Anyone has anything on this topic? Changes needing reviews? Something to discuss?
15:11:29 <mgoddard> Should we look at the priorities list?
15:11:52 <yoctozepto> better not
15:11:56 <yoctozepto> let's live happier lives
15:12:17 <mgoddard> some are complete
15:12:27 <mgoddard> and still 4 weeks to go!
15:12:37 <mnasiadka> Drop binary images seems to be missing something, hmm
15:12:50 <yoctozepto> missing enthusiasm
15:12:52 <mnasiadka> TODO(): add release note in Xena informing that since Yoga binary images will be deprecated
15:12:55 <mnasiadka> Do we really need that?
15:13:04 <yoctozepto> nope
15:13:20 <mnasiadka> so let's cross that out
15:13:43 <mnasiadka> TODO(frickler): Look into "What do we need to make sure that users like kevko are not left on ice with their issues with source images?"
15:13:54 <mnasiadka> But kevko proposed something by himself IIRC
15:13:59 <mgoddard> kevko proposed some patches for patching
15:14:06 <mgoddard> I left some comments
15:14:31 <mgoddard> tl;dr: I would like a way to get arbitrary files into images
15:14:41 <mgoddard> they could be patches
15:14:53 <mgoddard> which could be applied in overrides
15:15:21 <mgoddard> I think that would be a good starting point, and maybe we build on it if there is interest
15:15:53 <mnasiadka> Sure, let's see how this evolves
15:16:14 <mgoddard> well, how do you want it to evolve?
15:16:55 <mnasiadka> I mean where the discussion in the patch evolves, we need to try to make it user friendly and good documented, doesn't really need to be state of the art :)
15:17:21 <mnasiadka> Another one is Elasticsearch to OpenSearch (AWS fork of ES) - but I don't think I've seen any progress with it
15:17:28 <mnasiadka> parallax has been busy with $work
15:18:13 <mgoddard> is it likely to make yoga?
15:18:35 <mnasiadka> I don't think so, unless there's somebody else that wants to help him
15:18:55 <yoctozepto> ah, too bad
15:19:13 <mnasiadka> I'll try to find a candidate internally at SHPC, let's see
15:19:22 <yoctozepto> I think we will backport whatever we achieve at any point in time
15:19:36 <yoctozepto> we can't run outdated ES forever xD
15:20:03 <mgoddard> how about systemd
15:20:18 <mgoddard> yoctozepto: I saw you put some time into it
15:22:44 <yoctozepto> mgoddard: yeah, I directed the unit testing
15:22:56 <mnasiadka> unit testing director
15:22:59 <mgoddard> how close is it?
15:23:00 <yoctozepto> yeah
15:23:09 <mgoddard> (IYHO)
15:23:32 <yoctozepto> hard to say, I did not dig deep enough, just to get rid of failing units tests and any tricker to achieve that
15:23:40 <yoctozepto> trickery*
15:25:57 <mgoddard> secure RBAC got a bit stalled
15:26:06 <mnasiadka> Rocky Linux host support is waiting for nodepool patches to merge, so we can add proper CI with that
15:26:19 <mnasiadka> I saw similar patches for AlmaLinux and OpenEuler
15:26:35 <mgoddard> openeuler was for the container images, right?
15:27:06 <mnasiadka> ah yes, that one won't go in surely
15:27:22 <mnasiadka> ALma Linux is for Host OS only
15:27:48 <yoctozepto> yeah, but openeuler for kolla-ansible would be quick I guess
15:27:50 <mnasiadka> it's a RHEL/CentOS/Rocky clone, but I don't know if we should allow anything that's not tested in CI - althought the difference probably is none
15:27:51 <frickler> openeuler has a devstack job, so that image should be available already
15:28:17 <mgoddard> we do need to draw the line somewhere
15:28:20 <yoctozepto> mnasiadka: yeah, like between 8.2, 8.3, 8.4 and stream
15:28:32 <yoctozepto> really "no difference" ;-)
15:29:00 <yoctozepto> and we can't test all the clones
15:29:14 <yoctozepto> it probably does not make sense
15:29:18 <yoctozepto> and just wastes resources
15:29:29 <mgoddard> indeed
15:29:40 <mgoddard> we probably need some policy on it
15:29:54 <mgoddard> we could be more relaxed about the host IMO
15:30:08 <mnasiadka> either we let it in, but claim in support matrix it's not tested
15:30:12 <mnasiadka> or we don't let it in at all
15:30:15 <mgoddard> and have some untested supported distros e.g. alma
15:30:24 <mnasiadka> for the sake of community, we could do the first
15:30:45 <mgoddard> but container images we should be more strict about
15:31:39 <mnasiadka> correct
15:32:50 <yoctozepto> we could test rocky as it's to be different from stream by design
15:32:57 <yoctozepto> then alma should work the same
15:33:05 <yoctozepto> so we say it's supported but not tested
15:33:23 <yoctozepto> and annotation: "please try on rocky before reporting the issue"
15:33:34 <mnasiadka> makes sense
15:33:44 <yoctozepto> then we have popular Chinese OS - openeuler
15:33:44 <mnasiadka> but first let's merge Rocky :)
15:33:49 <yoctozepto> which we can test independently
15:33:52 <yoctozepto> mnasiadka: exactly
15:34:14 <mnasiadka> openeuler patch proposal is only in Kolla I think - we would need to convince the author to only pursue Host OS support in kolla-ansible
15:34:29 <mnasiadka> ok, I think we all agree on the topic
15:34:41 <yoctozepto> seems so
15:34:47 <mnasiadka> mgoddard: how is the Let's Encrypt one?
15:34:53 <mgoddard> the image merged
15:35:13 <mgoddard> I reviewed the k-a side, left lots of comments
15:35:33 <mnasiadka> I remember James notified us that there's a bug in haproxy 2.2 that complicates things again
15:35:36 <mgoddard> I'm still not 100% how it works
15:35:55 <mgoddard> or whether it makes sense to use LE for the internal VIP
15:36:26 <mnasiadka> not really, since you would need to do a DNS based auth
15:36:56 <mnasiadka> and as I mentioned in the image review - certbot and it's DNS plugins are marriage made in hell
15:37:01 <mgoddard> which it doesn't support
15:38:29 <mgoddard> could be close, could be far, depending on a few things
15:39:00 <mnasiadka> I've used lego in my recent deployment, been more than happy with it - and since it's written in Go, it's just one small binary - but anyways
15:39:19 <mnasiadka> I'll try to look at the K-A patch
15:40:37 <frickler> lego works fine with designate, yes
15:41:54 <mgoddard> VMware nsxp has had some reviews
15:42:03 <mgoddard> I thought it was ok, radek disagreed
15:42:32 <mgoddard> I think my standards have slipped over the years :)
15:42:45 <yoctozepto> mgoddard: yeah, you even mention my name all in lowercase
15:42:47 <mgoddard> too many stalled patches
15:42:55 <mgoddard> INDEED
15:42:59 <mnasiadka> haha
15:43:10 <mnasiadka> ok, seems we know what needs to be reviewed
15:43:21 <yoctozepto> vmware patches are close to merge
15:43:30 <yoctozepto> and they are simple enough to understand that they are fine enough
15:43:41 <mgoddard> openstack.kolla collection has lots of patches
15:43:42 <yoctozepto> obviously no idea how appropriate this is for actual vmware deployment
15:44:11 <mgoddard> would be nice to get https://review.opendev.org/c/openstack/kolla-ansible/+/819430 merged, to stop people changing the baremetal role
15:44:25 <yoctozepto> mgoddard: and Radek has lots of unrelated work to do :-(
15:44:39 <mgoddard> don't we all
15:44:57 <yoctozepto> mgoddard: whoa, the "merge conflicts" list is.... long
15:44:59 <mgoddard> maybe if you spent less time correcting grammar you'd have more free time? :p
15:45:19 <mgoddard> yoctozepto: well, any patch that touches the baremetal role gets hit
15:45:19 <yoctozepto> mgoddard: maybe!
15:45:25 <yoctozepto> mgoddard: yeah
15:45:49 <wuchunyang> Is there any documentation on  openstack.kolla collection?
15:46:06 <mgoddard> good question wuchunyang
15:46:26 <mgoddard> https://docs.openstack.org/ansible-collection-kolla/latest/
15:46:28 <mgoddard> it exists
15:46:36 <mgoddard> but there is not much content
15:46:48 <mnasiadka> there's contributor guide!
15:47:03 <mgoddard> I added info about how to install it in https://review.opendev.org/c/openstack/kolla-ansible/+/819430
15:47:09 <yoctozepto> mnasiadka: to encourage people to contribute the docs!
15:47:17 <wuchunyang> just a contributor guide  lol..
15:47:17 <mgoddard> unsure what docs we would want on it
15:47:40 <mgoddard> but I could probably come up with something
15:47:50 <mnasiadka> probably variables from defaults/ would be a start ;-)
15:47:54 <mgoddard> maybe a list of included content
15:48:01 <wuchunyang> i will try to deploy it. thanks.
15:48:02 <mgoddard> we don't provide that for kolla-ansible
15:48:35 <mnasiadka> mgoddard: I was thinking of doing that for per role variables - but we can discuss that over PTG ;-)
15:48:42 <mnasiadka> let's move to next topic
15:48:53 <mnasiadka> #topic Additional agenda (from whiteboard)
15:49:11 <mnasiadka> (yoctozepto) Singlenode cephadm job, multinode ipv6 job voting and gating
15:49:17 <mnasiadka> ideal plan: https://etherpad.opendev.org/p/KollaAnsibleScenarios-2022
15:49:22 <mnasiadka> see also our previous notes: https://etherpad.opendev.org/p/KollaAnsibleScenarios
15:49:59 <yoctozepto> indeed
15:50:18 <yoctozepto> this idea happened after a short comment by mnasiadka that we are able to deploy ceph on a single node
15:50:26 <yoctozepto> (with cephadm)
15:51:41 <mgoddard> lol yoctozepto proposes switching all CI to debian
15:52:20 <mnasiadka> well, that was expected :)
15:52:25 <yoctozepto> not all
15:52:37 <yoctozepto> but the things that don't need to be tested across the boad
15:52:39 <yoctozepto> board*
15:52:41 <mgoddard> the list of current gating jobs is wrong - no ceph jobs gate
15:53:06 <mnasiadka> yes, they still are a bit flaky sometimes, but hopefully it gets better with upgrade to Pacific
15:53:24 <yoctozepto> so gate on singlenode ceph?
15:53:32 <yoctozepto> I would accept that amendment
15:53:51 <mgoddard> when was this list written? debian is gating too
15:54:15 <mnasiadka> well, I think ceph or not ceph is irrelevant, we wanted to have HA multinode jobs to check if it works
15:54:26 <mnasiadka> Ceph is used, because that's the obvious choice for multinode
15:54:31 <yoctozepto> mgoddard: my mistake
15:54:40 <mnasiadka> and that's what most users choose to use as storage backend
15:55:14 <yoctozepto> mnasiadka: yeah, my point precisely
15:55:30 <yoctozepto> we are unlikely to break ceph with our changes but ceph likes to break us with their changes
15:56:05 <mnasiadka> well, that was a bit of my fault, to rely on /etc/hosts, now it should be a lot better :)
15:56:36 <yoctozepto> mnasiadka: :-)
15:57:44 <mnasiadka> anyway, time is running up - let's maybe rethink if there are any fundamental changes we'd like to do for CI - and discuss next week or on PTG?
15:58:34 <yoctozepto> ++
15:58:49 <mnasiadka> great
15:59:00 <mnasiadka> Thanks for the meeting :)
15:59:13 <mnasiadka> #endmeeting