#openstack-kolla log

15:00:01 <mnasiadka> #startmeeting kolla
15:00:02 <opendevmeet> Meeting started Wed Mar 23 15:00:01 2022 UTC and is due to finish in 60 minutes.  The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:02 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:02 <opendevmeet> The meeting name has been set to 'kolla'
15:00:04 <mnasiadka> #topic rollcall
15:00:05 <mnasiadka> o/
15:01:17 <mgoddard> \oo
15:01:52 <yoctozepto> o/
15:03:16 <mnasiadka> Crowds today ;-)
15:03:32 <mnasiadka> #topic agenda
15:03:32 <mnasiadka> * Announcements
15:03:32 <mnasiadka> * Review action items from the last meeting
15:03:32 <mnasiadka> * CI status
15:03:32 <mnasiadka> * Release tasks
15:03:33 <mnasiadka> * Current cycle planning
15:03:33 <mnasiadka> * Additional agenda (from whiteboard)
15:03:35 <mnasiadka> * Open discussion
15:03:38 <mnasiadka> #topic Announcements
15:04:19 <mnasiadka> We've been invited to next OpenInfra Live to talk about Kolla features for Y (and planned for Z I think) - mgoddard will represent Kolla
15:04:39 <mnasiadka> (since I can't at that time)
15:04:49 <mnasiadka> #topic Review action items from the last meeting
15:05:03 <mnasiadka> mnasiadka to triage security bugs and update them with resolution plan (if needed)
15:05:03 <mnasiadka> hrw Enable osbpo in Debian APT sources, abandon extrepo command use then?
15:05:10 <mnasiadka> I haven't finished mine, hrw absent once again
15:05:16 <mnasiadka> #action mnasiadka to triage security bugs and update them with resolution plan (if needed)
15:05:21 <mnasiadka> #action hrw Enable osbpo in Debian APT sources, abandon extrepo command use then?
15:05:33 <mnasiadka> #topic CI status
15:05:41 <mnasiadka> Kolla/Kolla-Ansible seem to be green
15:05:48 <mnasiadka> Kayobe had some molecule related breakage but fixed
15:05:59 <mnasiadka> Anyone have different view?
15:06:27 <yoctozepto> nope
15:06:32 <mnasiadka> Ok then
15:06:39 <mnasiadka> #topic Release tasks
15:06:45 <mnasiadka> Feature freeze this week
15:07:33 <mnasiadka> Allegedly next week we should start preparing RC1
15:07:54 <yoctozepto> mhm
15:07:56 <mnasiadka> #topic Current cycle planning
15:08:18 <mnasiadka> So, is there anything we need to squeeze in (as in review needed)?
15:08:33 <mgoddard> hold on
15:08:38 <mgoddard> this week is feature freeze
15:09:13 <mgoddard> oh, prepare for RC1, not cut RC1
15:09:22 <mgoddard> carry on
15:09:40 <mnasiadka> prepare, one week later we should cut
15:09:44 <mnasiadka> at least according to the plan
15:09:46 <yoctozepto> yea
15:10:01 <yoctozepto> I want ironic patches to merge
15:10:20 <mnasiadka> let's start with priorities from the whiteboard
15:10:26 <mnasiadka> What are we doing with the systemd patch?
15:10:41 <mnasiadka> https://review.opendev.org/c/openstack/kolla-ansible/+/816724
15:10:53 <mnasiadka> Moving to Z?
15:11:18 <mgoddard> If we're cutting RC1 in 2 weeks, then it's too late, IMO
15:11:31 <mnasiadka> ok, should we mark it with RP -1?
15:12:18 <mnasiadka> (I also feel it's too big of a change, to merge it last minute)
15:12:24 <yoctozepto> agreed
15:13:29 <mgoddard> we should aim to merge it early in Zed though
15:13:35 <mnasiadka> makes perfect sense
15:13:42 <mnasiadka> ok then, what about that Kolla collection?
15:13:48 <mnasiadka> that's a long list of patches again :)
15:14:12 <mnasiadka> 7 to be specific
15:14:25 <mgoddard> I'd like for it to land, but at this point it seems unlikely
15:14:46 <mgoddard> it needs kolla cores to land 7, then kayobe cores to land a big one
15:15:02 <mgoddard> for it to be most useful
15:15:11 <yoctozepto> hmm
15:15:22 <mgoddard> still, any that land are a step in the right direction
15:15:24 <yoctozepto> I can review again
15:15:43 <mgoddard> appreciated
15:16:13 <mnasiadka> so now Ironic
15:18:23 <yoctozepto> indeed
15:19:04 <mnasiadka> https://review.opendev.org/c/openstack/kolla/+/832163 - those last comments are funny ;)
15:20:05 <yoctozepto> funny how?
15:20:17 <mnasiadka> well, funny that we don't know why it's there, but it's needed?
15:20:43 <yoctozepto> well, I know what lines 3 and 4 are for
15:21:11 <mnasiadka> mgoddard: are we good to merge it, or do you want to test it somewhere?
15:22:02 <mnasiadka> the toolbox patch is merging
15:22:09 <mnasiadka> so we're left with this and the rename patch
15:22:17 <yoctozepto> and some other k-a patches
15:22:37 <yoctozepto> the rename patch got a proposed solution to waiting on waits in the upgrade testing patch
15:22:50 <yoctozepto> I will "backport" once mgoddard  says it's ok
15:23:10 <mgoddard> backport which part?
15:23:25 <mgoddard> oh, the check
15:23:25 <yoctozepto> "backport" as in move the upgrade.yml part to the rename patch
15:23:29 <yoctozepto> yeah
15:23:35 <yoctozepto> the wait on waits
15:23:54 <mnasiadka> anyway, I'm not the resident Ironic expert, I'll leave you two to it :)
15:24:45 <mnasiadka> And then there's a whole lot in Kayobe land, but I think we need to tackle that internally in SHPC
15:25:05 <yoctozepto> mnasiadka: you mean you will rubberstamp anything ironic when one of us +2s? ;-)
15:25:33 <mnasiadka> well, you can't +2, because these are your patches :)
15:25:41 <yoctozepto> mnasiadka: I meant in general
15:26:40 <mnasiadka> in general - I'll rubberstamp what is logical and sensible, I only meant I don't have the time to test it anywhere :)
15:27:24 <mnasiadka> and the path change in tftp map file... I sense trouble with some museum-level hardware, but maybe it's nothing :)
15:27:39 <mnasiadka> nothing that can't be easily fixed
15:28:10 <mnasiadka> Ok, are we done with current cycle?
15:28:15 <mnasiadka> There are patches like ProxySQL
15:28:23 <mnasiadka> which are not added to Yoga priorities
15:28:30 <yoctozepto> it would be good to get them in but they serious reviews
15:28:47 <mnasiadka> so we move them to Z
15:29:34 <mnasiadka> So let's move on
15:29:38 <mnasiadka> #topic Additional agenda (from whiteboard)
15:29:53 <mnasiadka> There's one, since it's daylight savings change time (this weekend in Poland)
15:29:59 <yoctozepto> ah yes
15:30:02 <mnasiadka> And I'm not really a fan of having meetings at 5pm
15:30:07 <yoctozepto> me neither
15:30:13 <mnasiadka> I propose we do what Ironic did - move the meeting one hour earlier
15:30:18 <frickler> +1
15:30:27 <yoctozepto> that's also what I've done with masakari's back then
15:30:27 <yoctozepto> +2
15:30:31 <mnasiadka> ok
15:30:58 <mnasiadka> #agreed to move the meeting time one hour earlier (dst time change this weekend)
15:31:10 <mnasiadka> #topic Open discussion
15:31:18 <frickler> two things from me
15:31:32 <frickler> first I want to apologize for the backport mess I created
15:31:50 <frickler> I agree with yoctozepto that we should try to avoid such things in the future
15:32:21 <frickler> the second is that the libvirt sasl things seem to be broken with hosts that have long fqdns
15:32:30 <yoctozepto> argh
15:32:35 <frickler> saslpasswd creates a user entry with user@hostname
15:32:36 <mgoddard> hmm, how long?
15:32:49 <frickler> but libvirt checks for user@hostname.example.org
15:33:02 <yoctozepto> mgoddard: I guess "long" as "with domain part"
15:33:06 <frickler> any where hostname -s != hostname -f
15:33:12 <yoctozepto> guessed it
15:33:33 <frickler> at least that's what it looks like to me so far
15:33:45 <frickler> still looking at the implementations
15:33:53 <mnasiadka> let's raise a bug, target it to Yoga milestone and get it fixed?
15:34:27 <frickler> I'll create a bug at least, yes
15:34:43 <mgoddard> where exactly does it fail?
15:34:49 <frickler> I've tried to reproduce in CI where currently we only use short hostnames, but no success yet
15:35:04 <frickler> nova fails to auth against libvirt
15:35:06 <mnasiadka> great, I asked to for targeting it to milestone, so we can track such ,,last minute'' things that should get fixed before the release
15:35:20 <mgoddard> frickler: are you using libvirt TLS?
15:35:23 <frickler> no
15:36:03 <mnasiadka> I'll use the opportunity to welcome frickler amongst core reviewers, will add him rights to both kolla and kolla-ansible in a minute (and send a mail to ML)
15:36:29 <mgoddard> frickler: when not using libvirt TLS, nova should use IP to connect to libvirt
15:36:41 <mgoddard> congrats frickler :)
15:36:45 <frickler> thx
15:36:46 <mgoddard> (migration_interface_address)
15:37:03 <yoctozepto> congrats frickler (and finally!)
15:37:13 <frickler> mgoddard: nova connects to the IP, but libvirt uses the fqdn for that IP to construct the sasl_username
15:37:29 <mgoddard> hmm
15:37:51 <frickler> mgoddard: e.g.
15:37:52 <frickler> (nova-libvirt)[root@testbed-node-0 /]# sasldblistusers2
15:37:52 <frickler> fred@testbed-node-0: userPassword
15:38:13 <frickler> but libvirt check for fred@testbed-node-0.osism.xyz
15:38:28 <mgoddard> so there is some reverse name lookup against the IP used to connect, which resolves to your FQDN?
15:38:28 <frickler> if I add an account with "-u (nova-libvirt)[root@testbed-node-0 /]# sasldblistusers2
15:38:41 <frickler> ehm
15:38:57 <frickler> if I add an account with "-u testbed-node-0.osism.xyz" it works
15:38:59 <yoctozepto> frickler, mgoddard: does that mean that w/ TLS it would work?
15:39:11 <frickler> yes, libvirt does that lookup
15:39:15 <mgoddard> perhaps
15:40:06 <mgoddard> ok, maybe we need to add -u to the account creation then
15:40:20 <frickler> getnameinfo()
15:40:45 <yoctozepto> what does -u do?
15:40:58 <frickler> set the "domain" of the user
15:41:34 <yoctozepto> mhm
15:42:19 <frickler> I can propose a patch, I just wanted to reproduce the issue in CI first
15:44:16 <yoctozepto> would be good to
15:44:28 <yoctozepto> we can set long hostnames on the hosts
15:44:36 <yoctozepto> but note the base jobs run with tls
15:44:48 <yoctozepto> so if it helps, then they are not going to catch the issue anyway
15:44:53 <yoctozepto> good to verify though
15:44:57 <frickler> https://review.opendev.org/c/openstack/kolla-ansible/+/834662 is where I started
15:45:09 <frickler> but it didn't fail, I can try to disable tls
15:46:47 <yoctozepto> ++
15:46:54 <hrw> o/
15:47:18 <hrw> mnasiadka: #cancel action - we stay with extrepo
15:48:26 <mnasiadka> ok then
15:49:11 <mnasiadka> all is clear I guess
15:49:18 <mnasiadka> let's finish for today
15:49:22 <mnasiadka> thanks for attending!
15:49:24 <mnasiadka> #endmeeting