#openstack-kolla log

14:00:59 <mnasiadka> #startmeeting kolla
14:00:59 <opendevmeet> Meeting started Wed Feb 15 14:00:59 2023 UTC and is due to finish in 60 minutes.  The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:59 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:59 <opendevmeet> The meeting name has been set to 'kolla'
14:01:04 <mnasiadka> kevko: mmalchuk - now ;)
14:01:05 <mnasiadka> o/
14:01:10 <mnasiadka> oops
14:01:12 <mnasiadka> #topic rollcall
14:01:14 <mnasiadka> now
14:01:15 <mnasiadka> o/
14:01:27 <kevko> \o/
14:01:41 <mhiner> o/
14:01:55 <bbezak> o/
14:02:01 <frickler> o(
14:02:20 <frickler> oops, off-by-one ;)
14:03:00 <kevko> #help
14:03:05 <mnasiadka> #topic agenda
14:03:05 <mnasiadka> * Review action items from the last meeting
14:03:05 <mnasiadka> * CI status
14:03:05 <mnasiadka> * Release tasks
14:03:05 <mnasiadka> * Regular stable releases (first meeting in a month)
14:03:07 <mnasiadka> * Current cycle planning
14:03:07 <mnasiadka> * Additional agenda (from whiteboard)
14:03:09 <mnasiadka> * Open discussion
14:03:15 <mnasiadka> #topic Review action items from the last meeting
14:03:19 <ramona-beermann[m]> o/
14:03:21 <mnasiadka> bbezak was to upload monthly releases
14:03:25 <mnasiadka> done
14:03:28 <bbezak> I did
14:03:34 <mnasiadka> #topic CI status
14:03:43 <mnasiadka> zun CI broken by Docker 23 - pursuing a pin to 20.*
14:03:58 <mnasiadka> setuptools broke Horizon builds - pinning to previous release (and backporting)
14:04:09 <mnasiadka> #topic Release tasks
14:04:25 <mnasiadka> cycle highlights behind the corner
14:04:48 <mnasiadka> (as in next week)
14:04:58 <mnasiadka> nothing else on the release tasks calendar for now
14:05:06 <mnasiadka> #topic Current cycle planning
14:05:17 <mnasiadka> Ok then, let's have a look on the priorities
14:05:34 <mnasiadka> mhiner: how is podman?
14:06:31 <mhiner> main patch is still in merge conflict but ContainerWorker refactor is ready
14:06:37 <mnasiadka> there's also let's encrypt that would be nice to land - but it's in merge conflict (https://review.opendev.org/c/openstack/kolla-ansible/+/741340)
14:06:46 <mnasiadka> if there's anybody willing to rebase and pick it up - would be nice
14:07:20 <kevko> mnasiadka: i will take an eye on it
14:07:39 <mnasiadka> nothing else on the prio list
14:07:58 <mnasiadka> no additional agenda on the whiteboard
14:08:01 <mnasiadka> #topic open discussion
14:08:25 <mnasiadka> if anybody has patches that he would like to prioritise reviewing, or any other discussion - now is the time :)
14:08:54 <mmalchuk> https://review.opendev.org/c/openstack/kolla/+/872005
14:09:09 <mmalchuk> mnasiadka have a look?
14:09:45 <mnasiadka> yeah, I remember that
14:09:56 <mnasiadka> no other option I guess?
14:10:02 <mmalchuk> ok
14:10:27 <mnasiadka> hrw: https://review.opendev.org/c/openstack/kolla/+/872005 - time to merge I guess
14:13:02 <mmalchuk> this is not kolla/kayobe, but would be great to review:
14:13:05 <mmalchuk> https://review.opendev.org/c/openstack/diskimage-builder/+/872430
14:13:09 <mmalchuk> https://review.opendev.org/c/openstack/diskimage-builder/+/869270
14:13:14 <mmalchuk> thx a lot
14:14:16 <mnasiadka> https://review.opendev.org/q/topic:assert - there's a series of patches by ebbex that we could merge (replacing fail: with assert:)
14:15:07 <hrw> elo
14:15:31 <hrw> https://review.opendev.org/c/openstack/kolla/+/872005 - I have a mixed feelings about this one so will hold
14:16:01 <mnasiadka> well, I think we broke people, that build in a semi-offline environment
14:16:17 <mnasiadka> so either we revert, or provide similar functionality
14:17:34 <mnasiadka> the only alternative I can think of is moving .repo files to a template and adding a flag to not use public gpg keys?
14:17:35 <hrw> if they replace *.repo files then they can add gpgkey line there. if they rely on keys being present in base/Dockerfile.j2 then template overrides exist
14:18:43 <mnasiadka> ok, so how do they replace *.repo files without editing code?
14:18:46 <mnasiadka> ah, rpm_setup_config
14:18:57 <mmalchuk> we build weithout any problems before. this is not feature but fix which brings nothing new
14:19:22 <hrw> mmalchuk: this is revert of removal of not needed code
14:19:44 <mnasiadka> mmalchuk: have you tried providing your own .repo files?
14:19:46 <mmalchuk> but with it we lost an ability to override repos. because of static files
14:20:06 <hrw> mmalchuk: how do you override repos?
14:20:28 <mmalchuk> thorugh blocks feature ofcourse
14:21:09 <mnasiadka> https://docs.openstack.org/kolla/latest/admin/image-building.html#custom-repos - there's this
14:21:12 <hrw> you mean template overrides?
14:21:12 <mmalchuk> commit message provide the links to docs
14:21:16 <mmalchuk> sure
14:22:01 <mmalchuk> with this change the only way to exec sed in the overrides
14:22:10 <hrw> mmalchuk: I never used kayobe
14:22:16 <mmalchuk> sad
14:22:29 <mmalchuk> it simplifies life)
14:23:09 <mmalchuk> even without kayobe you can use overrides wia kollabuild parameters
14:23:17 <hrw> mmalchuk: define block for base to override base_yum_repo_keys with own values?
14:23:41 <mmalchuk> with this change we lost them for redhat based systems, only debian based works
14:23:49 <mmalchuk> yep
14:24:25 <mnasiadka> apparently kayobe only supports templates-overrides, not rpm_setup_config
14:24:28 <hrw> mmalchuk: can you share some logs from failed run?
14:24:47 <mnasiadka> well, at least out of the box
14:24:48 <mmalchuk> right now can't
14:25:34 <hrw> :(
14:25:34 <mmalchuk> we move to ubuntu
14:26:03 <hrw> from what I understand kayobe run is not easy to replicate when all you have is one machine, right?
14:26:19 <mmalchuk> no
14:26:19 <opendevreview> Michal Arbet proposed openstack/kolla-ansible master: Add support for LetsEncrypt-managed certs  https://review.opendev.org/c/openstack/kolla-ansible/+/741340
14:28:48 <mnasiadka> so - basically - let's revert it now, and add rpm_setup_config support to Kayobe?
14:28:54 <mnasiadka> and then we can revert the revert? ;)
14:28:56 <opendevreview> Michal Arbet proposed openstack/kolla-ansible master: Add support for LetsEncrypt-managed certs  https://review.opendev.org/c/openstack/kolla-ansible/+/741340
14:29:04 <mnasiadka> (plus add proper docs how it should be overridden)
14:29:15 <mnasiadka> or option b - just revert and leave it as is forever
14:30:46 <mmalchuk> mnasiadka good idea for rpm_setup_config
14:31:21 <mnasiadka> sed is a workaround that we all have been using for long time (including Kolla CI)
14:31:24 <mmalchuk> but I can't create it because of ubuntu
14:31:37 <mnasiadka> well, Ubuntu/Debian is purely repos.yaml
14:31:56 <hrw> mnasiadka: and keys fetched in base
14:32:06 <mmalchuk> sed is a crutch ;)
14:32:09 <mnasiadka> so maybe we should rather aim to unify that in repos.yaml?
14:32:19 <mmalchuk> about repos.yml
14:32:26 <mnasiadka> like write out RH style .repo (like we do with Debian/Ubuntu)
14:32:33 <mnasiadka> and add functionality in there to download the keys?
14:32:37 <mmalchuk> https://review.opendev.org/c/openstack/kayobe/+/845338
14:32:42 <mmalchuk> please have a look
14:33:21 <mnasiadka> added review priority +1, will have a look later
14:33:36 <mmalchuk> good idea but it take more time
14:33:55 <mmalchuk> +1 for unify solutions based on repos.yml
14:34:08 <mnasiadka> takes more time, makes more sense
14:34:23 <hrw> mnasiadka: good idea
14:34:41 <hrw> mnasiadka: and move keys from base/Dockerfile.j2 to repos.yaml
14:34:51 <mmalchuk> sure
14:35:13 <mnasiadka> added that to the whiteboard into priorities
14:35:43 <mnasiadka> hrw: are you willing to look into that, or should we look for a different volunteer?
14:36:21 <mmalchuk> I can, if we don't need this so quick)
14:36:22 <hrw> mnasiadka: I am going for some time off so if someone can look then it would be better
14:36:49 <mmalchuk> so assing me)
14:37:00 <mnasiadka> I might have some time to look into that in the coming weeks
14:37:03 <mmalchuk> assign*
14:37:09 <mnasiadka> Anyway, I'll assign mmalchuk
14:37:39 <mnasiadka> So - do we merge this revert?
14:37:42 <hrw> remember that in EL systems there are several repo files which comes from packages
14:38:01 <mmalchuk> why not
14:38:20 <mnasiadka> yup, we only add those, that do not come from centos-extras or are not downloadable iirc
14:38:20 <hrw> so we just enable/disable them instead of adding new repo files like we do on Debuntu world
14:38:24 <mmalchuk> it don't break anything
14:38:55 <mnasiadka> ok, so we have consensus
14:38:56 <hrw> and we disable most of EL distro ones after we install their distro-release-* packages
14:39:56 <hrw> for example CRB or EPEL are installed from distro instead of being added by us (as a file)
14:40:26 <mnasiadka> yes, special treatment needed
14:40:31 <mnasiadka> but it's doable
14:40:44 <hrw> and it also solves dependencies for us - centos-release-openstack-yoga brings few other centos-release-* packages so we do not have to list them to install (but list to disable)
14:41:21 <mnasiadka> ok, unfortunately I have to run
14:41:27 <mnasiadka> feel free to continue the discussion
14:41:31 <mnasiadka> #endmeeting