15:00:01 #startmeeting kolla 15:00:01 Meeting started Wed Mar 2 15:00:01 2022 UTC and is due to finish in 60 minutes. The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:01 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:01 The meeting name has been set to 'kolla' 15:00:07 #topic rollcall 15:00:17 o/ 15:00:22 o/ 15:00:31 /._.\ 15:00:40 \._./ 15:00:57 /*-*\ 15:01:14 /^_*\ 15:03:38 #topic agenda 15:03:38 * Announcements 15:03:38 * Review action items from the last meeting 15:03:38 * CI status 15:03:38 * Release tasks 15:03:39 * Current cycle planning 15:03:39 * Additional agenda (from whiteboard) 15:03:41 * Open discussion 15:03:45 #topic Announcements 15:03:58 Cycle highlights merged 15:04:10 \o 15:04:51 Feature freeze in two weeks 15:04:56 #topic Review action items from the last meeting 15:05:29 mnasiadka to triage security bugs and update them with resolution plan (if needed) 15:05:29 hrw to discuss with pynacl upstream to release binary wheel of 1.4.0 for aarch64 15:05:29 mnasiadka to post patch for cycle highlights 15:05:37 I've done cycle highlights, no progress on sec bugs 15:05:42 pynacl needs to be sorted other way 15:05:46 #action mnasiadka to triage security bugs and update them with resolution plan (if needed) 15:06:00 I just lack time and motivation to work on it 15:06:12 should we still have it as an action item? 15:07:46 I guess it makes no sense to talk about this every week ;) 15:07:50 #topic CI Status 15:07:53 sort of 15:08:15 one more thing 15:08:23 hrw: Just one release, or the full of osbpo ? 15:08:33 zigo: both? 15:08:47 hrw: do we have a bug raised or something? we could just tie it to Yoga release milestone 15:08:56 mnasiadka: it was Wallaby 15:09:13 mnasiadka: just found during Yoga cycle by someone 15:09:30 have to find details (but above) 15:09:34 hrw: anyway, I guess we should have a bug 15:09:37 hrw: 16 GB for all releases since jessie-backports-liberty, not even 800 MB for a single release. 15:09:42 zigo: thanks 15:09:44 so, what's the CI status? apart Debian - seems green 15:09:51 yeah, green 15:10:06 hrw: does that mean we could try to mirror it in infra? 15:10:14 hrw: If you need to have a local cache, there's rsync which is publicly opened. 15:10:31 mnasiadka: I prefer to have numbers when infra team asks 15:10:40 sure 15:11:05 mnasiadka: but we do not publish debian/binary images so it is not so important to mirror imho 15:11:19 ok, back to meeting? 15:11:23 but we also use it for source 15:11:25 hrw: so tell me why debian-source is failing without extrepo 15:11:40 I believe it's bumping, e.g., ovs for us 15:11:41 because some of python stuff 15:11:57 it is like with RDO/UCA - we get updated stuff from there 15:12:25 well, just when it fails - and debian jobs are voting - we get a bit of a hell 15:12:27 Mark Goddard proposed openstack/kolla stable/train: Build CentOS Stream 8 images https://review.opendev.org/c/openstack/kolla/+/831266 15:12:27 Mark Goddard proposed openstack/kolla stable/train: CI: Fix epel url override https://review.opendev.org/c/openstack/kolla/+/831546 15:12:41 I wonder if debian general backports are not enough to get "newer stuff" 15:13:49 I would prefer them to be 15:13:58 zigo: your opinion? 15:14:10 anyway, before we get it back to voting - I would prefer we have a reliable mirror/other solution - so one server downtime doesn't stop us merging patches 15:14:12 also, osbpo was available all the time afaict, so mirroring it wouldn't have gotten us over the extrepo issue 15:14:56 the source of extrepo repo definitions is another spof 15:15:14 #action Enable osbpo in Debian APT sources, abandon extrepo command use then? 15:15:34 probably makes sense 15:15:36 just like UCA which is always enabled 15:15:50 anyway, let's move on 15:15:54 and then in addition we can set up a mirror in infra 15:16:38 hrw: will you take that action, or is it an unassigned action waiting for better times? :-) 15:16:52 mnasiadka: this one I can take. Infra stuff may not 15:17:21 yoctozepto/frickler: willing to help with infra stuff? 15:17:23 I'll look into the infra part 15:17:27 great 15:18:04 :-) 15:18:33 #topic Release tasks 15:18:45 Cycle highlights merged 15:18:49 no release tasks for this week 15:19:11 feature freeze in 2 weeks time if my math is correct 15:19:25 #topic Current cycle planning 15:20:05 let's look at the whiteboard 15:20:07 we should look at open patches and mark which ones to merge, which to postpone? 15:20:36 most probably, let's see 15:21:19 mgoddard/headphoneJames: Secure RBAC - is it done for this cycle? 15:21:24 no 15:22:04 I don't see keystone changing their default at this point in the cycle though 15:22:08 none of the changes on the whiteboard merged 15:22:15 do we mark them as RP+1? 15:22:29 in which case there would be no need for us to take action 15:22:45 so basically we can wait with those patches until Z 15:22:48 so no reason to do RP+1 15:22:58 thankfully 15:23:45 the OpenSearch stuff is somewhat in progress, but I doubt we'll be able to fit it in this cycle - since only a WIP of the Kolla patch is posted 15:24:14 they're basically ready to merge, I'm just not convinced the community has consensus on how to do it just yet, so I'd prefer to wait 15:24:23 Let's Encrypt - we've had some... misunderstandings and complications on last meeting 15:24:24 (re RBAC) 15:24:27 I didn't have time to look into it 15:25:19 no update since then 15:25:55 ok, I'll try to look into it and bring some thoughts to the next meeting 15:25:59 what about Podman? 15:26:21 mnasiadka: I don't see LE merging this cycle. should we focus elsewhere in these last two weeks? 15:26:30 mgoddard: I guess it makes sense 15:26:33 (halomiva,hinermar) structure of podman testing and moving baremetal role to openstack collection 15:26:45 hrw: No, general backports aren't enough, you could setup the osbpo repos without extrepo though, but I don't think the salsa thingy that happened last 3 days will occur again. 15:27:02 zigo: ok 15:27:13 The solution *IS* reliable, it's just a one time missfortune. 15:27:31 I'm working on having extrepo to work offline with my colleague, so it wont have to download from salsa. 15:27:35 That's IMO the better solution. 15:27:57 I don't think we have halomiva or hinermar 15:28:03 yeah, we don't 15:28:14 podman is unlikely to happen imho 15:28:16 need to postpone 15:28:19 ok then 15:28:22 how about systemd? 15:28:59 no idea, I did not have time to follow 15:29:35 would be nice to get sytemd merged, but it's so late in the cycle - we might not have enough time to test it thoroughly... 15:29:43 I agree it's too late for podman, (and said before that would be ambitious). A concerted effort could get systemd across the line, if we chose to do so 15:30:26 how much of an effort is to get sytemd working? can somebody look into it and try to push it over the line? ;-) 15:31:25 I wonder if we could add another class that keeps the existing behaviour 15:31:31 then make systemd optional 15:31:33 is that just https://review.opendev.org/c/openstack/kolla-ansible/+/816724 or is there more to it? 15:31:56 frickler: that's "it", where it == open heart surgery 15:32:06 indeed 15:32:46 well, systemd as optional probably would be a wise choice for now 15:32:59 if we can progress that in the next week or two, would be nice 15:33:25 Rocky Linux - waiting for a new DIB release to get nodepool nodes running 15:33:47 but now (thanks mgoddard!) I need to move some of the patch lines to kolla collection :) 15:34:01 ha 15:34:06 mgoddard: how is the collection work going? 15:34:26 lots of patches ready for review 15:34:41 we have the collection installing for both kolla-ansible and kayobe now 15:35:04 but currently just using the unchanged baremetal role 15:35:23 next patches split it up into more sensible roles 15:35:26 and add some CI 15:35:44 this would be a good one: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/820907 15:36:03 I see yoctozepto has already reviewed 15:36:34 yeah, bumped to +2 now 15:36:58 so merging, looks ok 15:37:12 so only two changes left from the whiteboard 15:37:31 check again :) 15:37:41 mgoddard: do we need a review dashboard for kolla collection, or just include it in kolla-ansible one? 15:38:04 I've listed all patches required to merge this: https://review.opendev.org/c/openstack/kayobe/+/824998 15:38:19 is git-review working for someone? 15:39:00 was earlier 15:39:03 hrw: it worked today 15:39:12 mnasiadka: maybe in kolla-ansible? 15:39:27 thx 15:39:31 mgoddard: I think that makes more sense, I'll update the dashboard 15:39:37 Marcin Juszkiewicz proposed openstack/kolla master: Debian: always enable osbpo repositories https://review.opendev.org/c/openstack/kolla/+/831548 15:39:41 finally 15:39:44 #action mnasiadka to update kolla review dashboard with kolla collection 15:40:12 ok, I'll make time to review all those patches, and post also one for Rocky Linux ;) 15:40:22 what about libvirt on the host? 15:41:07 two patches ready to review? 15:41:21 yup 15:42:01 ok then, will also review those 15:42:06 and try to go through Kayobe ones 15:42:24 we need to notify fellow Kayobians that they should update all their patches that need to be merged in Y 15:42:47 UPDATE YOUR PATCHES 15:42:49 please 15:43:49 ok 15:43:52 #topic Additional agenda (from whiteboard) 15:44:02 (yoctozepto) keystone changes that will affect us 15:44:09 will there be any? 15:45:16 yoctozepto: wake up :) 15:45:58 no 15:46:00 seems not 15:46:14 Mark Goddard proposed openstack/kayobe master: libvirt: deploy libvirt on the host https://review.opendev.org/c/openstack/kayobe/+/825359 15:46:30 next topic please 15:46:33 (yoctozepto) ironic-(i)pxe renaming for sanity 15:46:54 yeah, so we have the above profanity calling tftp - pxe, and http - ipxe 15:47:16 I wonder if it's worth renaming the containers to reflect their actual role 15:47:39 the only issue is we don't support renames - we would need to clean up old names 15:47:57 I see your point 15:48:02 unsure about cost/benefit 15:48:07 me too 15:48:25 tftp/pxe - meh 15:48:30 mgoddard: ansible-collection-kolla is not being synced to github? 15:48:36 yeah, it's worse for ipxe tbh 15:48:45 ipxe/http - more of an issue since it's used for deployment 15:48:58 precisely, it's for direct deploy 15:49:21 if someone wants to write the code I'll review it 15:49:23 but when renaming it's similar cost for one as for two 15:49:44 ok, I'll add to my own wishlist 15:49:48 going through all that fuss just to rename, I'm not convinced - but if somebody wants to write the code - so be it 15:50:26 #topic Open discussion 15:50:38 Anything? Anyone? 15:50:56 I'm almost finished with https://review.opendev.org/c/openstack/kolla-ansible/+/644271 15:51:34 nice work on that yoctozepto 15:51:47 Can we set a time to do a live discussion for let's encrypt? 15:51:53 now if you could get all of my other unfinished patches over the line that would be great 15:52:00 xD 15:52:16 we should merge this https://review.opendev.org/c/openstack/kolla-ansible/+/831055 15:52:20 as it's fixing the defaults 15:52:22 headphoneJames: let's discuss 15:52:31 the tenks testing revealed this issue early 15:52:39 I love it when testing actually catches bugs ;p 15:52:50 happens occasionally 15:54:21 headphoneJames: next week? 15:55:06 Sure. This time or later works. 15:55:39 Same time as this meeting, on Monday? 15:55:45 How does that work for everyone? 15:55:49 Works for me 15:55:58 Who wants to attend? 15:56:09 o/ 15:56:12 Michal Nasiadka proposed openstack/kolla-ansible master: Add Rocky Linux support as Host OS https://review.opendev.org/c/openstack/kolla-ansible/+/815104 15:56:14 I can attend 15:56:43 let me check 15:56:54 works for me 15:57:00 ok then 15:57:09 I think we have quorum 15:57:13 Great 15:57:56 I'll post a zoom link on the channel on Monday 15utc 15:58:00 frickler: you also had some opinion on the LE implementation? 15:58:09 I'll make a meeting invitation 15:58:27 Thanks 15:59:58 as long as you talk about HTTP-01, I don't care much 16:00:56 thanks mnasiadka for chairing 16:00:58 * yoctozepto off 16:01:05 We just need to implement HTTP-01 in a way, that DNS-01 can be added easily after. 16:01:09 #endmeeting