#openstack-kolla log

13:01:45 <mnasiadka> #startmeeting kolla
13:01:45 <opendevmeet> Meeting started Wed May 24 13:01:45 2023 UTC and is due to finish in 60 minutes.  The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:01:45 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:01:45 <opendevmeet> The meeting name has been set to 'kolla'
13:01:47 <mnasiadka> #topic rollcall
13:01:55 <frickler> \o
13:01:56 <mnasiadka> o/
13:02:01 <mattcrees> o/
13:02:13 <mhiner> o/
13:02:16 <mmalchuk> \o
13:02:20 <ihalomi> \o
13:02:43 <mgoddard> \o
13:03:46 <SvenKieske> o/
13:04:02 <mnasiadka> #topic agenda
13:04:02 <mnasiadka> * CI status
13:04:02 <mnasiadka> * Release tasks
13:04:02 <mnasiadka> * Regular stable releases (first meeting in a month)
13:04:02 <mnasiadka> * Current cycle planning
13:04:03 <mnasiadka> * Additional agenda (from whiteboard)
13:04:03 <mnasiadka> * Open discussion
13:04:05 <mnasiadka> #topic CI Status
13:04:11 <frickler> lots of last minute fun ;)
13:04:19 <mnasiadka> So, not counting the OpenSearch breakage, I think it's not bad
13:04:58 <SvenKieske> and we have more tests now not in experimental, no? so should stay better?
13:05:30 <mnasiadka> at least we'll notice that something is wrong
13:05:49 <frickler> more debian testing might still be nice https://review.opendev.org/c/openstack/kolla-ansible/+/879132?usp=dashboard
13:06:01 <mnasiadka> we should probably aim to mark more jobs as voting (prometheus-opensearch should be stable)
13:06:15 <mnasiadka> frickler: octavia seems unhappy?
13:06:29 <frickler> I just saw that, will check later, ack
13:07:11 <mnasiadka> ok then
13:07:16 <mnasiadka> #topic Release tasks
13:07:33 <mnasiadka> So, kolla, kolla-ansible and ansible-collection-kolla are on the way for rc1
13:07:53 <mnasiadka> kayobe needs some patches to be in that shape
13:08:10 <mnasiadka> but doesn't sound very bad, at least for now ;-)
13:08:53 <mnasiadka> mgoddard is looking at reworking the mariadb role to get around the Ansible breakage - because it seems they think it shouldn't work the way we used it ;-)
13:09:31 <mnasiadka> #link https://github.com/ansible/ansible/issues/80848
13:09:43 <mnasiadka> do we have any other urgent things to fix?
13:09:56 <mgoddard> https://review.opendev.org/c/openstack/kolla-ansible/+/884182
13:10:01 <mgoddard> (mariadb restart)
13:10:14 <mgoddard> doesn't work yet
13:11:29 <mmalchuk> we have CI issue with images build
13:11:34 <mnasiadka> nice
13:11:47 <mmalchuk> fix: https://review.opendev.org/c/openstack/kayobe/+/881679
13:12:18 <mmalchuk> jobs non-voting so it ok for now but blocks other changes
13:12:29 <opendevreview> Michal Nasiadka proposed openstack/kolla master: mariadb: Bump to current LTS (10.11)  https://review.opendev.org/c/openstack/kolla/+/882924
13:12:49 <mnasiadka> mattcrees, mgoddard can you have a look in that kayobe patch?
13:13:52 <SvenKieske> mgoddard: is https://review.opendev.org/c/openstack/kolla-ansible/+/884182 ready for review? didn't really understand your comment "doesn't work yet" as zuul says it's all good?
13:14:25 <mnasiadka> not good, check the failed mariadb and multinode jobs
13:15:21 <mgoddard> mmalchuk: will take a look
13:15:33 <mmalchuk> mgoddard thanks
13:15:36 <SvenKieske> mhm, we really should make more jobs voting, it's very confusing for new contributors..
13:15:45 <mmalchuk> +1
13:16:12 <mnasiadka> SvenKieske: that's what we should aim in B cycle
13:16:22 <mnasiadka> let's focus on releasing for now
13:16:33 <SvenKieske> sure :)
13:18:04 <frickler> just teach new contributors that "non-voting" != "ignore me"
13:19:18 <frickler> also remind old cores of that from time to time again ;)
13:19:23 <SvenKieske> (but only sometimes; it's really easy ;) )
13:19:41 <mnasiadka> true, but jobs like prometheus-opensearch or others that are relatively stable could be marked as voting
13:20:10 <mnasiadka> and we could try to focus to get the multinode jobs less failing
13:21:29 <frickler> ack
13:22:10 <mnasiadka> anyway, kolla and kolla-ansible don't seem to have any more RP+1 patches
13:23:20 <mmalchuk> there have couple from me)
13:23:26 <Fl1nt> RP?
13:23:44 <mmalchuk> https://review.opendev.org/c/openstack/kolla-ansible/+/882100
13:23:52 <mmalchuk> https://review.opendev.org/c/openstack/kolla-ansible/+/883495
13:24:02 <SvenKieske> Fl1nt: review priority
13:24:07 <Fl1nt> aaah yes ^^
13:24:35 <SvenKieske> mmalchuk: I gave all the +1 I had :)
13:24:47 <mmalchuk> cool
13:24:58 <SvenKieske> actually I didn't, looking at the second changeset
13:25:28 <Fl1nt> I still need another +1 in here: https://review.opendev.org/c/openstack/kolla-ansible/+/878270
13:26:19 <mmalchuk> done
13:26:38 <Fl1nt> nice, thx!
13:26:42 <mnasiadka> ok then
13:26:44 <mnasiadka> let's move on
13:26:52 <mnasiadka> #topic Additional agenda (from whiteboard)
13:27:11 <mnasiadka> ihalomi: it's podman and /run again - what's up?
13:27:25 <opendevreview> Michal Nasiadka proposed openstack/kolla-ansible master: Drop support for openEuler  https://review.opendev.org/c/openstack/kolla-ansible/+/879129
13:28:14 <ihalomi> i had exams so i didnt have time to look more into it but basically the only option i see is to manually create all subdirs inside run before running deployment
13:28:54 <SvenKieske> yeah, pretty ugly; I even asked upstream podman, but have not seen any indication of change to be more compatible with docker :/
13:29:09 <Fl1nt> gave all my +1 available on the two ticket mnasiadka and SvenKieske
13:30:01 <mnasiadka> ihalomi: ok, so docker creates them by itself, podman doesn't - can we create it in kolla_container Ansible module?
13:30:11 <mnasiadka> the other question is - why are those /run subdirs absent?
13:31:07 <SvenKieske> well, technically podman can create them, but it's a security thing regarding one subdir which is incompatible how we spawn the container..
13:33:09 <SvenKieske> this is the issue: https://github.com/containers/podman/issues/16305#issuecomment-1299810004
13:33:14 <opendevreview> Mark Goddard proposed openstack/kolla-ansible master: Refactor MariaDB restart procedure  https://review.opendev.org/c/openstack/kolla-ansible/+/884182
13:33:26 <ihalomi> i guess we can create it inside module but wouldnt it be better to create all of them at once before deployment and not try to do it before each container?
13:33:35 <SvenKieske> we mount "shared" and this doesn't work the second time, because it's a tmpfs, AFAIK
13:34:26 <mnasiadka> so - docker is not using /run/secrets - or what is the difference?
13:34:53 <SvenKieske> I _think_ docker shares secrets via ENV? but not 100% sure
13:35:51 <mnasiadka> ihalomi: didn't somebody give you a list of all /run dirs that are required for libvirt?
13:36:47 <ihalomi> yes, but there are some others that are needed under specific conditions
13:37:19 <SvenKieske> uhm, I might have found a workaround, if really only /run/secret is the problem
13:37:22 <mnasiadka> what specific conditions?
13:37:35 <SvenKieske> you can configure recent podman versions to supply secrets via env: https://docs.podman.io/en/latest/markdown/options/secret.html#secret-secret-opt-opt
13:37:48 <ihalomi> for example openvswitch and linuxbridge
13:38:00 <SvenKieske> "type=mount|env" default is mount
13:38:52 <SvenKieske> at least since podman 4.3
13:38:56 <ihalomi> yes but from what i understood you have to mount each secret manually
13:39:17 <SvenKieske> with the "env" variant you don
13:39:25 <SvenKieske> 't have to mount anything
13:39:40 <SvenKieske> let's discuss this seperately, maybe?
13:40:26 <ihalomi> and second problem is it that it will mount all secrets from user to container anyway and thats security issue i guess
13:40:34 <mnasiadka> hmm, how tripleo is/was doing that
13:40:36 <mnasiadka> https://opendev.org/openstack/tripleo-heat-templates/src/branch/stable/train/deployment/nova/nova-libvirt-container-puppet.yaml
13:40:41 <mnasiadka> maybe that will shed some light
13:41:19 <mnasiadka> (they supported podman in train)
13:42:20 <ihalomi> they are mounting run as not shared and only mounting /run/libvirt as shared
13:42:50 <mnasiadka> maybe that's a solution - but that needs testing
13:42:54 <ihalomi> or /var/run/libvirt to be precise
13:42:57 <SvenKieske> and they are running virsh commands to set nova secrets: https://opendev.org/openstack/tripleo-heat-templates/src/branch/stable/train/deployment/nova/nova-libvirt-container-puppet.yaml#L797
13:44:16 <mnasiadka> SvenKieske: I think we push that in a file
13:45:58 <mnasiadka> anyway, some homework to do on podman ;-)
13:46:12 <mnasiadka> #topic Open discussion
13:46:18 <mnasiadka> Anybody anything?
13:46:22 <mmalchuk> Kayobe still lack of reviewers
13:46:38 <kevko> o/ sorry, another meeting :(
13:46:38 <opendevreview> Merged openstack/kolla-ansible master: opensearch: alter path after using rpm/deb packaging  https://review.opendev.org/c/openstack/kolla-ansible/+/883942
13:46:56 <mmalchuk> who can review my changes?
13:47:11 <mmalchuk> https://review.opendev.org/c/openstack/kayobe/+/883867
13:47:20 <mmalchuk> https://review.opendev.org/c/openstack/kayobe/+/879554
13:47:37 <mmalchuk> https://review.opendev.org/c/openstack/kayobe/+/793697
13:47:45 <mmalchuk> https://review.opendev.org/c/openstack/kayobe/+/840033
13:47:51 <mmalchuk> enough for now
13:48:01 <opendevreview> Mark Goddard proposed openstack/kayobe master: dev: Improve error checking for config check functions  https://review.opendev.org/c/openstack/kayobe/+/884202
13:48:37 <opendevreview> Michal Nasiadka proposed openstack/kolla stable/zed: opensearch-dashboards: Fix permissions  https://review.opendev.org/c/openstack/kolla/+/883928
13:49:06 <opendevreview> Michal Nasiadka proposed openstack/kolla stable/zed: opensearch-dashboards: Fix permissions  https://review.opendev.org/c/openstack/kolla/+/883928
13:49:21 <opendevreview> Michal Nasiadka proposed openstack/kolla-ansible stable/zed: opensearch: alter path after using rpm/deb packaging  https://review.opendev.org/c/openstack/kolla-ansible/+/883929
13:49:40 <opendevreview> Michal Nasiadka proposed openstack/kolla-ansible stable/zed: opensearch: alter path after using rpm/deb packaging  https://review.opendev.org/c/openstack/kolla-ansible/+/883929
13:50:05 <mnasiadka> ok then, thanks for coming :)
13:50:07 <mnasiadka> #endmeeting