14:00:59 <mnasiadka> #startmeeting kolla 14:00:59 <opendevmeet> Meeting started Wed Feb 15 14:00:59 2023 UTC and is due to finish in 60 minutes. The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:59 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:59 <opendevmeet> The meeting name has been set to 'kolla' 14:01:04 <mnasiadka> kevko: mmalchuk - now ;) 14:01:05 <mnasiadka> o/ 14:01:10 <mnasiadka> oops 14:01:12 <mnasiadka> #topic rollcall 14:01:14 <mnasiadka> now 14:01:15 <mnasiadka> o/ 14:01:27 <kevko> \o/ 14:01:41 <mhiner> o/ 14:01:55 <bbezak> o/ 14:02:01 <frickler> o( 14:02:20 <frickler> oops, off-by-one ;) 14:03:00 <kevko> #help 14:03:05 <mnasiadka> #topic agenda 14:03:05 <mnasiadka> * Review action items from the last meeting 14:03:05 <mnasiadka> * CI status 14:03:05 <mnasiadka> * Release tasks 14:03:05 <mnasiadka> * Regular stable releases (first meeting in a month) 14:03:07 <mnasiadka> * Current cycle planning 14:03:07 <mnasiadka> * Additional agenda (from whiteboard) 14:03:09 <mnasiadka> * Open discussion 14:03:15 <mnasiadka> #topic Review action items from the last meeting 14:03:19 <ramona-beermann[m]> o/ 14:03:21 <mnasiadka> bbezak was to upload monthly releases 14:03:25 <mnasiadka> done 14:03:28 <bbezak> I did 14:03:34 <mnasiadka> #topic CI status 14:03:43 <mnasiadka> zun CI broken by Docker 23 - pursuing a pin to 20.* 14:03:58 <mnasiadka> setuptools broke Horizon builds - pinning to previous release (and backporting) 14:04:09 <mnasiadka> #topic Release tasks 14:04:25 <mnasiadka> cycle highlights behind the corner 14:04:48 <mnasiadka> (as in next week) 14:04:58 <mnasiadka> nothing else on the release tasks calendar for now 14:05:06 <mnasiadka> #topic Current cycle planning 14:05:17 <mnasiadka> Ok then, let's have a look on the priorities 14:05:34 <mnasiadka> mhiner: how is podman? 14:06:31 <mhiner> main patch is still in merge conflict but ContainerWorker refactor is ready 14:06:37 <mnasiadka> there's also let's encrypt that would be nice to land - but it's in merge conflict (https://review.opendev.org/c/openstack/kolla-ansible/+/741340) 14:06:46 <mnasiadka> if there's anybody willing to rebase and pick it up - would be nice 14:07:20 <kevko> mnasiadka: i will take an eye on it 14:07:39 <mnasiadka> nothing else on the prio list 14:07:58 <mnasiadka> no additional agenda on the whiteboard 14:08:01 <mnasiadka> #topic open discussion 14:08:25 <mnasiadka> if anybody has patches that he would like to prioritise reviewing, or any other discussion - now is the time :) 14:08:54 <mmalchuk> https://review.opendev.org/c/openstack/kolla/+/872005 14:09:09 <mmalchuk> mnasiadka have a look? 14:09:45 <mnasiadka> yeah, I remember that 14:09:56 <mnasiadka> no other option I guess? 14:10:02 <mmalchuk> ok 14:10:27 <mnasiadka> hrw: https://review.opendev.org/c/openstack/kolla/+/872005 - time to merge I guess 14:13:02 <mmalchuk> this is not kolla/kayobe, but would be great to review: 14:13:05 <mmalchuk> https://review.opendev.org/c/openstack/diskimage-builder/+/872430 14:13:09 <mmalchuk> https://review.opendev.org/c/openstack/diskimage-builder/+/869270 14:13:14 <mmalchuk> thx a lot 14:14:16 <mnasiadka> https://review.opendev.org/q/topic:assert - there's a series of patches by ebbex that we could merge (replacing fail: with assert:) 14:15:07 <hrw> elo 14:15:31 <hrw> https://review.opendev.org/c/openstack/kolla/+/872005 - I have a mixed feelings about this one so will hold 14:16:01 <mnasiadka> well, I think we broke people, that build in a semi-offline environment 14:16:17 <mnasiadka> so either we revert, or provide similar functionality 14:17:34 <mnasiadka> the only alternative I can think of is moving .repo files to a template and adding a flag to not use public gpg keys? 14:17:35 <hrw> if they replace *.repo files then they can add gpgkey line there. if they rely on keys being present in base/Dockerfile.j2 then template overrides exist 14:18:43 <mnasiadka> ok, so how do they replace *.repo files without editing code? 14:18:46 <mnasiadka> ah, rpm_setup_config 14:18:57 <mmalchuk> we build weithout any problems before. this is not feature but fix which brings nothing new 14:19:22 <hrw> mmalchuk: this is revert of removal of not needed code 14:19:44 <mnasiadka> mmalchuk: have you tried providing your own .repo files? 14:19:46 <mmalchuk> but with it we lost an ability to override repos. because of static files 14:20:06 <hrw> mmalchuk: how do you override repos? 14:20:28 <mmalchuk> thorugh blocks feature ofcourse 14:21:09 <mnasiadka> https://docs.openstack.org/kolla/latest/admin/image-building.html#custom-repos - there's this 14:21:12 <hrw> you mean template overrides? 14:21:12 <mmalchuk> commit message provide the links to docs 14:21:16 <mmalchuk> sure 14:22:01 <mmalchuk> with this change the only way to exec sed in the overrides 14:22:10 <hrw> mmalchuk: I never used kayobe 14:22:16 <mmalchuk> sad 14:22:29 <mmalchuk> it simplifies life) 14:23:09 <mmalchuk> even without kayobe you can use overrides wia kollabuild parameters 14:23:17 <hrw> mmalchuk: define block for base to override base_yum_repo_keys with own values? 14:23:41 <mmalchuk> with this change we lost them for redhat based systems, only debian based works 14:23:49 <mmalchuk> yep 14:24:25 <mnasiadka> apparently kayobe only supports templates-overrides, not rpm_setup_config 14:24:28 <hrw> mmalchuk: can you share some logs from failed run? 14:24:47 <mnasiadka> well, at least out of the box 14:24:48 <mmalchuk> right now can't 14:25:34 <hrw> :( 14:25:34 <mmalchuk> we move to ubuntu 14:26:03 <hrw> from what I understand kayobe run is not easy to replicate when all you have is one machine, right? 14:26:19 <mmalchuk> no 14:26:19 <opendevreview> Michal Arbet proposed openstack/kolla-ansible master: Add support for LetsEncrypt-managed certs https://review.opendev.org/c/openstack/kolla-ansible/+/741340 14:28:48 <mnasiadka> so - basically - let's revert it now, and add rpm_setup_config support to Kayobe? 14:28:54 <mnasiadka> and then we can revert the revert? ;) 14:28:56 <opendevreview> Michal Arbet proposed openstack/kolla-ansible master: Add support for LetsEncrypt-managed certs https://review.opendev.org/c/openstack/kolla-ansible/+/741340 14:29:04 <mnasiadka> (plus add proper docs how it should be overridden) 14:29:15 <mnasiadka> or option b - just revert and leave it as is forever 14:30:46 <mmalchuk> mnasiadka good idea for rpm_setup_config 14:31:21 <mnasiadka> sed is a workaround that we all have been using for long time (including Kolla CI) 14:31:24 <mmalchuk> but I can't create it because of ubuntu 14:31:37 <mnasiadka> well, Ubuntu/Debian is purely repos.yaml 14:31:56 <hrw> mnasiadka: and keys fetched in base 14:32:06 <mmalchuk> sed is a crutch ;) 14:32:09 <mnasiadka> so maybe we should rather aim to unify that in repos.yaml? 14:32:19 <mmalchuk> about repos.yml 14:32:26 <mnasiadka> like write out RH style .repo (like we do with Debian/Ubuntu) 14:32:33 <mnasiadka> and add functionality in there to download the keys? 14:32:37 <mmalchuk> https://review.opendev.org/c/openstack/kayobe/+/845338 14:32:42 <mmalchuk> please have a look 14:33:21 <mnasiadka> added review priority +1, will have a look later 14:33:36 <mmalchuk> good idea but it take more time 14:33:55 <mmalchuk> +1 for unify solutions based on repos.yml 14:34:08 <mnasiadka> takes more time, makes more sense 14:34:23 <hrw> mnasiadka: good idea 14:34:41 <hrw> mnasiadka: and move keys from base/Dockerfile.j2 to repos.yaml 14:34:51 <mmalchuk> sure 14:35:13 <mnasiadka> added that to the whiteboard into priorities 14:35:43 <mnasiadka> hrw: are you willing to look into that, or should we look for a different volunteer? 14:36:21 <mmalchuk> I can, if we don't need this so quick) 14:36:22 <hrw> mnasiadka: I am going for some time off so if someone can look then it would be better 14:36:49 <mmalchuk> so assing me) 14:37:00 <mnasiadka> I might have some time to look into that in the coming weeks 14:37:03 <mmalchuk> assign* 14:37:09 <mnasiadka> Anyway, I'll assign mmalchuk 14:37:39 <mnasiadka> So - do we merge this revert? 14:37:42 <hrw> remember that in EL systems there are several repo files which comes from packages 14:38:01 <mmalchuk> why not 14:38:20 <mnasiadka> yup, we only add those, that do not come from centos-extras or are not downloadable iirc 14:38:20 <hrw> so we just enable/disable them instead of adding new repo files like we do on Debuntu world 14:38:24 <mmalchuk> it don't break anything 14:38:55 <mnasiadka> ok, so we have consensus 14:38:56 <hrw> and we disable most of EL distro ones after we install their distro-release-* packages 14:39:56 <hrw> for example CRB or EPEL are installed from distro instead of being added by us (as a file) 14:40:26 <mnasiadka> yes, special treatment needed 14:40:31 <mnasiadka> but it's doable 14:40:44 <hrw> and it also solves dependencies for us - centos-release-openstack-yoga brings few other centos-release-* packages so we do not have to list them to install (but list to disable) 14:41:21 <mnasiadka> ok, unfortunately I have to run 14:41:27 <mnasiadka> feel free to continue the discussion 14:41:31 <mnasiadka> #endmeeting