#openstack-kolla log

15:00:01 <mnasiadka> #startmeeting kolla
15:00:01 <opendevmeet> Meeting started Wed Mar  2 15:00:01 2022 UTC and is due to finish in 60 minutes.  The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:01 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:01 <opendevmeet> The meeting name has been set to 'kolla'
15:00:07 <mnasiadka> #topic rollcall
15:00:17 <mnasiadka> o/
15:00:22 <yoctozepto> o/
15:00:31 <hrw> /._.\
15:00:40 <yoctozepto> \._./
15:00:57 <yoctozepto> /*-*\
15:01:14 <yoctozepto> /^_*\
15:03:38 <mnasiadka> #topic agenda
15:03:38 <mnasiadka> * Announcements
15:03:38 <mnasiadka> * Review action items from the last meeting
15:03:38 <mnasiadka> * CI status
15:03:38 <mnasiadka> * Release tasks
15:03:39 <mnasiadka> * Current cycle planning
15:03:39 <mnasiadka> * Additional agenda (from whiteboard)
15:03:41 <mnasiadka> * Open discussion
15:03:45 <mnasiadka> #topic Announcements
15:03:58 <mnasiadka> Cycle highlights merged
15:04:10 <mgoddard> \o
15:04:51 <mnasiadka> Feature freeze in two weeks
15:04:56 <mnasiadka> #topic Review action items from the last meeting
15:05:29 <mnasiadka> mnasiadka to triage security bugs and update them with resolution plan (if needed)
15:05:29 <mnasiadka> hrw to discuss with pynacl upstream to release binary wheel of 1.4.0 for aarch64
15:05:29 <mnasiadka> mnasiadka to post patch for cycle highlights
15:05:37 <mnasiadka> I've done cycle highlights, no progress on sec bugs
15:05:42 <hrw> pynacl needs to be sorted other way
15:05:46 <mnasiadka> #action mnasiadka to triage security bugs and update them with resolution plan (if needed)
15:06:00 <hrw> I just lack time and motivation to work on it
15:06:12 <mnasiadka> should we still have it as an action item?
15:07:46 <mnasiadka> I guess it makes no sense to talk about this every week ;)
15:07:50 <mnasiadka> #topic CI Status
15:07:53 <hrw> sort of
15:08:15 <mnasiadka> one more thing
15:08:23 <zigo> hrw: Just one release, or the full of osbpo ?
15:08:33 <hrw> zigo: both?
15:08:47 <mnasiadka> hrw: do we have a bug raised or something? we could just tie it to Yoga release milestone
15:08:56 <hrw> mnasiadka: it was Wallaby
15:09:13 <hrw> mnasiadka: just found during Yoga cycle by someone
15:09:30 <hrw> have to find details (but above)
15:09:34 <mnasiadka> hrw: anyway, I guess we should have a bug
15:09:37 <zigo> hrw: 16 GB for all releases since jessie-backports-liberty, not even 800 MB for a single release.
15:09:42 <hrw> zigo: thanks
15:09:44 <mnasiadka> so, what's the CI status? apart Debian - seems green
15:09:51 <yoctozepto> yeah, green
15:10:06 <mnasiadka> hrw: does that mean we could try to mirror it in infra?
15:10:14 <zigo> hrw: If you need to have a local cache, there's rsync which is publicly opened.
15:10:31 <hrw> mnasiadka: I prefer to have numbers when infra team asks
15:10:40 <mnasiadka> sure
15:11:05 <hrw> mnasiadka: but we do not publish debian/binary images so it is not so important to mirror imho
15:11:19 <hrw> ok, back to meeting?
15:11:23 <yoctozepto> but we also use it for source
15:11:25 <mnasiadka> hrw: so tell me why debian-source is failing without extrepo
15:11:40 <yoctozepto> I believe it's bumping, e.g., ovs for us
15:11:41 <hrw> because some of python stuff
15:11:57 <hrw> it is like with RDO/UCA - we get updated stuff from there
15:12:25 <mnasiadka> well, just when it fails - and debian jobs are voting - we get a bit of a hell
15:12:27 <opendevreview> Mark Goddard proposed openstack/kolla stable/train: Build CentOS Stream 8 images  https://review.opendev.org/c/openstack/kolla/+/831266
15:12:27 <opendevreview> Mark Goddard proposed openstack/kolla stable/train: CI: Fix epel url override  https://review.opendev.org/c/openstack/kolla/+/831546
15:12:41 <yoctozepto> I wonder if debian general backports are not enough to get "newer stuff"
15:13:49 <hrw> I would prefer them to be
15:13:58 <hrw> zigo: your opinion?
15:14:10 <mnasiadka> anyway, before we get it back to voting - I would prefer we have a reliable mirror/other solution - so one server downtime doesn't stop us merging patches
15:14:12 <frickler> also, osbpo was available all the time afaict, so mirroring it wouldn't have gotten us over the extrepo issue
15:14:56 <frickler> the source of extrepo repo definitions is another spof
15:15:14 <hrw> #action Enable osbpo in Debian APT sources, abandon extrepo command use then?
15:15:34 <mnasiadka> probably makes sense
15:15:36 <hrw> just like UCA which is always enabled
15:15:50 <mnasiadka> anyway, let's move on
15:15:54 <frickler> and then in addition we can set up a mirror in infra
15:16:38 <mnasiadka> hrw: will you take that action, or is it an unassigned action waiting for better times? :-)
15:16:52 <hrw> mnasiadka: this one I can take. Infra stuff may not
15:17:21 <mnasiadka> yoctozepto/frickler: willing to help with infra stuff?
15:17:23 <frickler> I'll look into the infra part
15:17:27 <mnasiadka> great
15:18:04 <yoctozepto> :-)
15:18:33 <mnasiadka> #topic Release tasks
15:18:45 <mnasiadka> Cycle highlights merged
15:18:49 <mnasiadka> no release tasks for this week
15:19:11 <mnasiadka> feature freeze in 2 weeks time if my math is correct
15:19:25 <mnasiadka> #topic Current cycle planning
15:20:05 <mnasiadka> let's look at the whiteboard
15:20:07 <hrw> we should look at open patches and mark which ones to merge, which to postpone?
15:20:36 <mnasiadka> most probably, let's see
15:21:19 <mnasiadka> mgoddard/headphoneJames: Secure RBAC - is it done for this cycle?
15:21:24 <mgoddard> no
15:22:04 <mgoddard> I don't see keystone changing their default at this point in the cycle though
15:22:08 <mnasiadka> none of the changes on the whiteboard merged
15:22:15 <mnasiadka> do we mark them as RP+1?
15:22:29 <mgoddard> in which case there would be no need for us to take action
15:22:45 <mnasiadka> so basically we can wait with those patches until Z
15:22:48 <mnasiadka> so no reason to do RP+1
15:22:58 <yoctozepto> thankfully
15:23:45 <mnasiadka> the OpenSearch stuff is somewhat in progress, but I doubt we'll be able to fit it in this cycle - since only a WIP of the Kolla patch is posted
15:24:14 <mgoddard> they're basically ready to merge, I'm just not convinced the community has consensus on how to do it just yet, so I'd prefer to wait
15:24:23 <mnasiadka> Let's Encrypt - we've had some... misunderstandings and complications on last meeting
15:24:24 <mgoddard> (re RBAC)
15:24:27 <mnasiadka> I didn't have time to look into it
15:25:19 <mgoddard> no update since then
15:25:55 <mnasiadka> ok, I'll try to look into it and bring some thoughts to the next meeting
15:25:59 <mnasiadka> what about Podman?
15:26:21 <mgoddard> mnasiadka: I don't see LE merging this cycle. should we focus elsewhere in these last two weeks?
15:26:30 <mnasiadka> mgoddard: I guess it makes sense
15:26:33 <mnasiadka> (halomiva,hinermar) structure of podman testing and moving baremetal role to openstack collection
15:26:45 <zigo> hrw: No, general backports aren't enough, you could setup the osbpo repos without extrepo though, but I don't think the salsa thingy that happened last 3 days will occur again.
15:27:02 <hrw> zigo: ok
15:27:13 <zigo> The solution *IS* reliable, it's just a one time missfortune.
15:27:31 <zigo> I'm working on having extrepo to work offline with my colleague, so it wont have to download from salsa.
15:27:35 <zigo> That's IMO the better solution.
15:27:57 <mnasiadka> I don't think we have halomiva or hinermar
15:28:03 <yoctozepto> yeah, we don't
15:28:14 <yoctozepto> podman is unlikely to happen imho
15:28:16 <yoctozepto> need to postpone
15:28:19 <mnasiadka> ok then
15:28:22 <mgoddard> how about systemd?
15:28:59 <yoctozepto> no idea, I did not have time to follow
15:29:35 <mnasiadka> would be nice to get sytemd merged, but it's so late in the cycle - we might not have enough time to test it thoroughly...
15:29:43 <mgoddard> I agree it's too late for podman, (and said before that would be ambitious). A concerted effort could get systemd across the line, if we chose to do so
15:30:26 <mnasiadka> how much of an effort is to get sytemd working? can somebody look into it and try to push it over the line? ;-)
15:31:25 <mgoddard> I wonder if we could add another class that keeps the existing behaviour
15:31:31 <mgoddard> then make systemd optional
15:31:33 <frickler> is that just https://review.opendev.org/c/openstack/kolla-ansible/+/816724 or is there more to it?
15:31:56 <mgoddard> frickler: that's "it", where it == open heart surgery
15:32:06 <yoctozepto> indeed
15:32:46 <mnasiadka> well, systemd as optional probably would be a wise choice for now
15:32:59 <mnasiadka> if we can progress that in the next week or two, would be nice
15:33:25 <mnasiadka> Rocky Linux - waiting for a new DIB release to get nodepool nodes running
15:33:47 <mnasiadka> but now (thanks mgoddard!) I need to move some of the patch lines to kolla collection :)
15:34:01 <mgoddard> ha
15:34:06 <mnasiadka> mgoddard: how is the collection work going?
15:34:26 <mgoddard> lots of patches ready for review
15:34:41 <mgoddard> we have the collection installing for both kolla-ansible and kayobe now
15:35:04 <mgoddard> but currently just using the unchanged baremetal role
15:35:23 <mgoddard> next patches split it up into more sensible roles
15:35:26 <mgoddard> and add some CI
15:35:44 <mgoddard> this would be a good one: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/820907
15:36:03 <mnasiadka> I see yoctozepto has already reviewed
15:36:34 <yoctozepto> yeah, bumped to +2 now
15:36:58 <mnasiadka> so merging, looks ok
15:37:12 <mnasiadka> so only two changes left from the whiteboard
15:37:31 <mgoddard> check again :)
15:37:41 <mnasiadka> mgoddard: do we need a review dashboard for kolla collection, or just include it in kolla-ansible one?
15:38:04 <mgoddard> I've listed all patches required to merge this: https://review.opendev.org/c/openstack/kayobe/+/824998
15:38:19 <hrw> is git-review working for someone?
15:39:00 <mgoddard> was earlier
15:39:03 <yoctozepto> hrw: it worked today
15:39:12 <mgoddard> mnasiadka: maybe in kolla-ansible?
15:39:27 <hrw> thx
15:39:31 <mnasiadka> mgoddard: I think that makes more sense, I'll update the dashboard
15:39:37 <opendevreview> Marcin Juszkiewicz proposed openstack/kolla master: Debian: always enable osbpo repositories  https://review.opendev.org/c/openstack/kolla/+/831548
15:39:41 <hrw> finally
15:39:44 <mnasiadka> #action mnasiadka to update kolla review dashboard with kolla collection
15:40:12 <mnasiadka> ok, I'll make time to review all those patches, and post also one for Rocky Linux ;)
15:40:22 <mnasiadka> what about libvirt on the host?
15:41:07 <mnasiadka> two patches ready to review?
15:41:21 <mgoddard> yup
15:42:01 <mnasiadka> ok then, will also review those
15:42:06 <mnasiadka> and try to go through Kayobe ones
15:42:24 <mnasiadka> we need to notify fellow Kayobians that they should update all their patches that need to be merged in Y
15:42:47 <mgoddard> UPDATE YOUR PATCHES
15:42:49 <mgoddard> please
15:43:49 <mnasiadka> ok
15:43:52 <mnasiadka> #topic Additional agenda (from whiteboard)
15:44:02 <mnasiadka> (yoctozepto) keystone changes that will affect us
15:44:09 <mnasiadka> will there be any?
15:45:16 <mnasiadka> yoctozepto: wake up :)
15:45:58 <yoctozepto> no
15:46:00 <yoctozepto> seems not
15:46:14 <opendevreview> Mark Goddard proposed openstack/kayobe master: libvirt: deploy libvirt on the host  https://review.opendev.org/c/openstack/kayobe/+/825359
15:46:30 <yoctozepto> next topic please
15:46:33 <mnasiadka> (yoctozepto) ironic-(i)pxe renaming for sanity
15:46:54 <yoctozepto> yeah, so we have the above profanity calling tftp - pxe, and http - ipxe
15:47:16 <yoctozepto> I wonder if it's worth renaming the containers to reflect their actual role
15:47:39 <yoctozepto> the only issue is we don't support renames - we would need to clean up old names
15:47:57 <mgoddard> I see your point
15:48:02 <mgoddard> unsure about cost/benefit
15:48:07 <yoctozepto> me too
15:48:25 <mgoddard> tftp/pxe - meh
15:48:30 <mnasiadka> mgoddard: ansible-collection-kolla is not being synced to github?
15:48:36 <yoctozepto> yeah, it's worse for ipxe tbh
15:48:45 <mgoddard> ipxe/http - more of an issue since it's used for deployment
15:48:58 <yoctozepto> precisely, it's for direct deploy
15:49:21 <mgoddard> if someone wants to write the code I'll review it
15:49:23 <yoctozepto> but when renaming it's similar cost for one as for two
15:49:44 <yoctozepto> ok, I'll add to my own wishlist
15:49:48 <mnasiadka> going through all that fuss just to rename, I'm not convinced - but if somebody wants to write the code - so be it
15:50:26 <mnasiadka> #topic Open discussion
15:50:38 <mnasiadka> Anything? Anyone?
15:50:56 <yoctozepto> I'm almost finished with https://review.opendev.org/c/openstack/kolla-ansible/+/644271
15:51:34 <mgoddard> nice work on that yoctozepto
15:51:47 <headphoneJames> Can we set a time to do a live discussion for let's encrypt?
15:51:53 <mgoddard> now if you could get all of my other unfinished patches over the line that would be great
15:52:00 <yoctozepto> xD
15:52:16 <yoctozepto> we should merge this https://review.opendev.org/c/openstack/kolla-ansible/+/831055
15:52:20 <yoctozepto> as it's fixing the defaults
15:52:22 <mgoddard> headphoneJames: let's discuss
15:52:31 <yoctozepto> the tenks testing revealed this issue early
15:52:39 <yoctozepto> I love it when testing actually catches bugs ;p
15:52:50 <mgoddard> happens occasionally
15:54:21 <mgoddard> headphoneJames: next week?
15:55:06 <headphoneJames> Sure. This time or later works.
15:55:39 <mgoddard> Same time as this meeting, on Monday?
15:55:45 <mgoddard> How does that work for everyone?
15:55:49 <headphoneJames> Works for me
15:55:58 <mgoddard> Who wants to attend?
15:56:09 <mgoddard> o/
15:56:12 <opendevreview> Michal Nasiadka proposed openstack/kolla-ansible master: Add Rocky Linux support as Host OS  https://review.opendev.org/c/openstack/kolla-ansible/+/815104
15:56:14 <mnasiadka> I can attend
15:56:43 <yoctozepto> let me check
15:56:54 <yoctozepto> works for me
15:57:00 <mgoddard> ok then
15:57:09 <mgoddard> I think we have quorum
15:57:13 <headphoneJames> Great
15:57:56 <headphoneJames> I'll post a zoom link on the channel on Monday 15utc
15:58:00 <mnasiadka> frickler: you also had some opinion on the LE implementation?
15:58:09 <mgoddard> I'll make a meeting invitation
15:58:27 <headphoneJames> Thanks
15:59:58 <frickler> as long as you talk about HTTP-01, I don't care much
16:00:56 <yoctozepto> thanks mnasiadka for chairing
16:00:58 * yoctozepto off
16:01:05 <mnasiadka> We just need to implement HTTP-01 in a way, that DNS-01 can be added easily after.
16:01:09 <mnasiadka> #endmeeting