#openstack-kolla log

15:00:19 <mnasiadka> #startmeeting kolla
15:00:19 <opendevmeet> Meeting started Wed Mar 16 15:00:19 2022 UTC and is due to finish in 60 minutes.  The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:19 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:19 <opendevmeet> The meeting name has been set to 'kolla'
15:00:25 <mnasiadka> #topic rollcall
15:00:26 <mnasiadka> o/
15:00:29 <frickler> \o
15:00:47 <jinyuanliu_> o\
15:01:04 <yoctozepto> o/
15:03:01 <mgoddard> \o
15:03:36 <mnasiadka> #topic agenda
15:03:36 <mnasiadka> * Announcements
15:03:36 <mnasiadka> * Review action items from the last meeting
15:03:36 <mnasiadka> * CI status
15:03:36 <mnasiadka> * Release tasks
15:03:37 <mnasiadka> * Current cycle planning
15:03:37 <mnasiadka> * Additional agenda (from whiteboard)
15:03:39 <mnasiadka> * Open discussion
15:03:41 <mnasiadka> #topic Announcements
15:04:06 <mnasiadka> I've proposed frickler to gain core reviewer privileges in both Kolla and Kolla-Ansible - please vote on the mailing list.
15:04:16 <mnasiadka> #topic Review action items from the last meeting
15:04:32 <mnasiadka> mnasiadka to triage security bugs and update them with resolution plan (if needed)
15:04:32 <mnasiadka> mnasiadka to update kolla review dashboard with kolla collection
15:04:32 <mnasiadka> hrw Enable osbpo in Debian APT sources, abandon extrepo command use then?
15:04:39 <mnasiadka> I updated the review dashboard
15:05:20 <mnasiadka> sec bugs in progress, I proposed a patch to use testssl.sh to validate haproxy ssl ciphers (one of the bugs mentions ssl ciphers)
15:05:42 <mnasiadka> needs some update, but should ensure this is covered a bit better than in past
15:05:58 <mnasiadka> hrw is not here, so let's reapply this action item
15:06:21 <mnasiadka> #action mnasiadka to triage security bugs and update them with resolution plan (if needed)
15:06:28 <mnasiadka> #action hrw Enable osbpo in Debian APT sources, abandon extrepo command use then?
15:06:33 <mnasiadka> #topic CI status
15:06:48 <mnasiadka> We've seen breakage from ansible-lint complaining on us not using FQCNs for core modules
15:07:03 <mnasiadka> it has been capped to <6 - it's fine now
15:07:07 <frickler> ubuntu-binary seems also broken
15:07:16 <frickler> some issue with trove-dashboard afaict
15:07:26 <frickler> https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_de8/793897/33/check/kolla-ansible-ubuntu-binary/de8b1e3/primary/logs/kolla/horizon/horizon.txt
15:07:29 <yoctozepto> that's why we are dropping support for binary
15:07:36 <yoctozepto> well, one of the reasons
15:08:02 <frickler> but as of now we still should try to fix it?
15:08:05 <mnasiadka> I think i've seen something similar in the Magnum CI job (where we enable Trove I think)
15:08:23 <mnasiadka> frickler: at least we should raise a Launchpad bug in UCA
15:08:28 <mnasiadka> that's what we've done in the past
15:09:11 <yoctozepto> yeah, raise a bug in UCA
15:09:15 <frickler> ah, o.k., I can do that and ping some ubuntu-server ppl
15:09:49 <mnasiadka> but they're usually not the fastest, so it will drag around
15:09:59 <mnasiadka> and IIRC Trove doesn't have a PTL for Z
15:10:12 <yoctozepto> yes
15:10:22 <mnasiadka> So I don't know how long will it stay with us ;)
15:10:27 <mnasiadka> anyway, let's continue
15:10:37 <mnasiadka> #topic Release tasks
15:11:25 <mgoddard> wuchunyang stepped up for trove PTL
15:11:46 <yoctozepto> oh, good to know, I missed that
15:12:05 <yoctozepto> so it's only adjutant going away
15:12:20 <mnasiadka> anyway it would be good to understand if we don't hit that in source as well - I've seen trove being enabled in magnum jobs
15:12:23 <yoctozepto> thankfully, we did not merge its support
15:12:45 <mnasiadka> Kolla feature freeze: Mar 21 - Mar 25
15:12:47 <wuchunyang> yes, we will maintain trove in z
15:12:55 <mnasiadka> It's next week
15:13:11 <mnasiadka> #topic Current cycle planning
15:13:26 <mnasiadka> So, what is possibly going to get merged?
15:13:39 <yoctozepto> mnasiadka: we always have all horizon plugins around so it would break source already, no?
15:13:56 <yoctozepto> mnasiadka: I've reviewed venus
15:14:06 <yoctozepto> i've also added it to the other topics for today
15:14:07 <wuchunyang> venus +2 from me
15:14:10 <yoctozepto> feel free to skip then
15:14:16 <mnasiadka> yoctozepto: True, we only enable plugins per project I think, but who knows what fails
15:14:19 <mnasiadka> ok
15:14:22 <mnasiadka> so - what about - Systemd containers: https://review.opendev.org/c/openstack/kolla-ansible/+/816724
15:14:36 <mnasiadka> mgoddard, yoctozepto: you've been actively reviewing, right?
15:14:56 <mgoddard> I haven't looked recently
15:15:16 <yoctozepto> me neither
15:15:23 <mnasiadka> Ok, would be nice to get this in though, right?
15:15:49 <yoctozepto> right
15:16:01 <yoctozepto> and my ironic patches
15:16:04 <yoctozepto> :-)
15:16:35 <mnasiadka> we'll get to that (if those are listed on the whiteboard) :)
15:17:11 <mnasiadka> kolla collection long list of patches - yoctozepto you promised to review two, haven't done that :D
15:17:23 <mnasiadka> https://review.opendev.org/c/openstack/ansible-collection-kolla/+/821015
15:17:23 <mnasiadka> https://review.opendev.org/c/openstack/ansible-collection-kolla/+/821016
15:17:36 <mnasiadka> and there are like 5 more on the list
15:17:45 <mnasiadka> L433 on the whiteboard
15:17:49 <yoctozepto> mnasiadka: oh noez, so many things to do
15:18:09 <mnasiadka> need reviewers, if not - it's not going to get in
15:18:25 <mnasiadka> maybe there are some other cores happy to assist?
15:19:04 <mnasiadka> anyway, let's move on - libvirt on host the same - I'll do reviews and need a second core
15:19:13 <opendevreview> Will Szumski proposed openstack/kolla-ansible master: Adds keystone_authtoken.service_type  https://review.opendev.org/c/openstack/kolla-ansible/+/834035
15:19:21 <mnasiadka> and magically Ironic appeared on the whiteboard!
15:19:24 <mgoddard> I think kevko approved libvirt on the host
15:19:43 <mnasiadka> but not the kolla collection patch
15:19:46 <yoctozepto> mnasiadka: yup, it's magix
15:20:14 <mgoddard> true
15:21:20 <mnasiadka> ok, let's review Radek's Ironic patches, and he'll be happy to review all the rest! ;-)
15:22:19 <mnasiadka> Kayobe seems we have a lot of patches that need updates
15:22:40 <mnasiadka> probably the multiple environments part 2 won't be merged in Yoga
15:22:49 <priteau> :(
15:23:15 <mnasiadka> Haven't seen updates on those patches, and there's a lot to improve judging by mgoddard's comments
15:23:50 <priteau> Will was planning to update but he's been busy
15:24:00 <mnasiadka> As we all are unfortunately
15:24:15 <mnasiadka> Let's go through additional agenda
15:24:18 <mnasiadka> #topic Additional agenda (from whiteboard)
15:24:35 <mnasiadka> (yoctozepto) Venus
15:25:01 <mnasiadka> So what's up with Venus?
15:26:57 <yoctozepto> mnasiadka: already discussed, move on
15:27:00 <mnasiadka> ok
15:27:08 <mnasiadka> If we're at Venus - what's up with skyline?
15:27:30 <yoctozepto> I did not have time / it was less active/ready?
15:27:32 <yoctozepto> let's check
15:27:40 <wuchunyang> i can try to add a ci for skyline.
15:27:59 <wuchunyang> follow by venus.
15:28:09 <yoctozepto> wuchunyang: that would be appreciated
15:28:44 <wuchunyang> https://review.opendev.org/c/openstack/kolla-ansible/+/828464
15:29:08 <yoctozepto> (fwiw, I'm reviewing various changes atm)
15:29:54 <mnasiadka> wuchunyang: the Kolla part has some comments, like why it's not using upper-constraints, I see Skyline would need more work than Venus to get in
15:30:56 <opendevreview> Pierre Riteau proposed openstack/kayobe master: Use naming convention to infer VLAN tagging  https://review.opendev.org/c/openstack/kayobe/+/833052
15:30:59 <mnasiadka> Ok, let's keep reviewing - hope the authors will update
15:31:02 <wuchunyang> yes, skyline need more work.
15:31:22 <mnasiadka> Next additional topic is (mgoddard): Libvirt SASL issues
15:31:50 <mgoddard> I had some issues today when rolling out the libvirt SASL change
15:32:10 <mgoddard> I'm still not really sure exactly what happened, but wanted to bring it up
15:32:52 <mgoddard> Possibly there is a window when enabling SASL where it breaks the connection from nova-compute to libvirt
15:33:03 <mgoddard> and some instances get broken
15:33:09 <mnasiadka> oops
15:33:30 <yoctozepto> oh my
15:33:43 <yoctozepto> how broken are we talking about?
15:33:45 <yoctozepto> data loss?
15:33:59 <mnasiadka> or just powered off / wrong state in Nova?
15:34:39 <mgoddard> libvirt VM stopped
15:35:01 <mgoddard> I managed to get it running again with an openstack server stop, openstack server start
15:35:18 <yoctozepto> hmm
15:35:24 <mgoddard> but it took me a while to figure it out
15:35:30 <yoctozepto> I don't see how it would stop the instance by itself
15:35:39 <yoctozepto> maybe it was on user req?
15:35:44 <yoctozepto> but the sync back did not happen
15:35:56 <yoctozepto> I'm not entirely sure when nova compute updates its state
15:36:34 <mnasiadka> when backporting the libvirt sasl patch - did we enable sasl by default?
15:36:38 <mgoddard> yes
15:36:54 <mnasiadka> so basically this can now happen to anyone?
15:37:06 <yoctozepto> yes
15:37:10 <mgoddard> potentially, but haven't reproduced it
15:37:32 <mnasiadka> interesting
15:38:02 <mgoddard> if my theory is correct, we could stop nova-compute first, then restart nova-libvirt, then start nova-compute
15:38:16 <mgoddard> that would be a simple fix to backport
15:38:55 <mgoddard> but really I'd like to reproduce it to be confident
15:39:25 <yoctozepto> ++
15:39:37 <mnasiadka> Sure, we'll be waiting for updates mgoddard
15:40:51 <mgoddard> ok
15:42:15 <mnasiadka> #topic Open discussion
15:42:21 <choooze> Hello guys. Wanna ask your advice about separating LB for several groups. My colleague tried to do some [https://review.opendev.org/c/openstack/kolla-ansible/+/833535]. But for now we can't decide which way to choose, simple one (just a small patch to separate ELK's LB (what we want to achieve for now)) or hard one (provide some way to have an option for several LB groups with service groups mapping to them). Thanks in advance for
15:43:40 <mnasiadka> mgoddard: seems you've been giving your thoughts on this one ^^
15:44:23 <mgoddard> yes
15:44:57 <mgoddard> the generic solution would be to have some flag per service
15:45:14 <choooze> yup sounds reasonable
15:45:15 <mgoddard> elasticsearch_enable_loadbalancer
15:45:42 <mgoddard> then incorporate that into elasticsearch_services.elasticsearch.haproxy
15:45:52 <yoctozepto> but loadbalancer might not be on the same nodes as these services
15:45:57 <yoctozepto> and it's fine
15:46:08 <yoctozepto> it's even on network nodes, not control nodes
15:46:21 <mgoddard> yes, that was my comment
15:46:25 <jingvar> what about hostgroup_vip
15:46:35 <choooze> but in that case VIP will be attached to host_group?
15:46:55 <mgoddard> the VIP is associated with haproxy hosts
15:47:05 <jingvar> yep
15:47:08 <yoctozepto> i.e., we have one loadbalancer solution
15:47:16 <yoctozepto> that is HA
15:47:24 <yoctozepto> and shuffles VIP to ensure that HA
15:47:39 <jingvar> to separete newtwork flow
15:47:46 <mgoddard> if you have your own LB for elastic, you'd need to set elasticsearch_enable_loadbalancer=false and elasticsearch_internal_endpoint to point to your LB
15:47:49 <yoctozepto> the proxied services might exists anywhere
15:48:20 <jingvar> I have monitoring_vip and a several services on this group
15:48:46 <mgoddard> or perhaps you could just set elasticsearch_address
15:48:54 <jingvar> I did
15:49:40 <choooze> so the way where there might be more than 1 LB in HA placed on control nodes isn't the way you want to see? :]
15:49:40 <jingvar> why we cant have itsown loadbalancer on group
15:50:36 <mgoddard> oh, so you want kolla to deploy multiple LBs?
15:50:40 <jingvar> I had Virtual contrail Plane at least 9 nodes with
15:50:42 <jingvar> yes
15:50:49 <jingvar> I have it already
15:50:54 <choooze> to have that possibility
15:51:21 <yoctozepto> what do you use multiple LBs for? only es?
15:51:43 <wuchunyang> we have the same scenario. i use kolla to deploy two lbs, but es exists in both them.
15:51:45 <jingvar> as first run
15:51:46 <choooze> by default okay. everything is going thorugh control-nodes. by for some cases it might be unnecessary and should be avoidable. like ELK-case
15:52:05 <yoctozepto> choooze: it goes through network nodes
15:52:15 <yoctozepto> you can have a separate network node from control nodes
15:52:25 <yoctozepto> (or multiple for that matter)
15:52:38 <choooze> anyway I hope you've got the point :]
15:54:12 <yoctozepto> so-so I'd say
15:54:44 <yoctozepto> to me it makes sense to have a separate loadbalancer for elk
15:54:52 <yoctozepto> well, more like efk
15:54:56 <jingvar> there are core components of Openstack and additional services - And I want' mix traffic
15:55:57 <mnasiadka> But that means, you'd want to have a second instance of keepalived and haproxy - and possibly on a different set of physical hosts?
15:56:11 <choooze> yup
15:56:51 <jingvar> 2 strings into haproxyconfig.j2 :0
15:56:56 <mnasiadka> Well, sounds like a nice feature, that we could discuss over PTG for the Z cycle.
15:57:43 <yoctozepto> ++
15:58:05 <choooze> Nice guys!
15:58:16 <mgoddard> sounds similar to the multiple mariadb feature, which was quite fiddly to get right
15:58:38 <choooze> We could help somehow if you'll show the right way :]
15:59:10 <mnasiadka> Sure, please add a topic on the bottom of Zed etherpad - https://etherpad.opendev.org/p/kolla-zed-ptg
15:59:39 <mnasiadka> and of course show up for the discussion :)
15:59:48 <mgoddard> Update on the libvirt SASL issue discussed earlier: I think this was actually caused by some previous failed evacuations. nova-compute restart caused them to get cleaned up, which destroyed the instances
16:00:22 <opendevreview> Imran Hussain proposed openstack/kolla-ansible master: [external-ceph] Use template instead of copy  https://review.opendev.org/c/openstack/kolla-ansible/+/824566
16:00:44 <choooze> mnasiadka next Wed you mean? or some other time?
16:00:46 <mnasiadka> mgoddard: should we make an update in the reno - that this might cause unplanned instance downtime?
16:01:03 <mgoddard> mnasiadka: no, it was unrelated to libvirt SASL AFAICT
16:01:24 <mgoddard> I will keep investigating
16:01:36 <mnasiadka> choooze: PTG (Project Teams Gathering) is 4-6 April (Kolla-Ansible topics 4-5 April)
16:01:37 <yoctozepto> thanks
16:01:58 <choooze> okaaaay sounds nice
16:02:06 <choooze> thank you guys!
16:03:01 <mnasiadka> choooze: I added an Eventbrite link for the event, make sure you order a virtual ticket ;-)
16:03:26 <mnasiadka> ok, we're over time.
16:03:28 <mnasiadka> Thanks for coming!
16:03:30 <mnasiadka> #endmeeting