13:01:45 <mnasiadka> #startmeeting kolla 13:01:45 <opendevmeet> Meeting started Wed May 24 13:01:45 2023 UTC and is due to finish in 60 minutes. The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:01:45 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 13:01:45 <opendevmeet> The meeting name has been set to 'kolla' 13:01:47 <mnasiadka> #topic rollcall 13:01:55 <frickler> \o 13:01:56 <mnasiadka> o/ 13:02:01 <mattcrees> o/ 13:02:13 <mhiner> o/ 13:02:16 <mmalchuk> \o 13:02:20 <ihalomi> \o 13:02:43 <mgoddard> \o 13:03:46 <SvenKieske> o/ 13:04:02 <mnasiadka> #topic agenda 13:04:02 <mnasiadka> * CI status 13:04:02 <mnasiadka> * Release tasks 13:04:02 <mnasiadka> * Regular stable releases (first meeting in a month) 13:04:02 <mnasiadka> * Current cycle planning 13:04:03 <mnasiadka> * Additional agenda (from whiteboard) 13:04:03 <mnasiadka> * Open discussion 13:04:05 <mnasiadka> #topic CI Status 13:04:11 <frickler> lots of last minute fun ;) 13:04:19 <mnasiadka> So, not counting the OpenSearch breakage, I think it's not bad 13:04:58 <SvenKieske> and we have more tests now not in experimental, no? so should stay better? 13:05:30 <mnasiadka> at least we'll notice that something is wrong 13:05:49 <frickler> more debian testing might still be nice https://review.opendev.org/c/openstack/kolla-ansible/+/879132?usp=dashboard 13:06:01 <mnasiadka> we should probably aim to mark more jobs as voting (prometheus-opensearch should be stable) 13:06:15 <mnasiadka> frickler: octavia seems unhappy? 13:06:29 <frickler> I just saw that, will check later, ack 13:07:11 <mnasiadka> ok then 13:07:16 <mnasiadka> #topic Release tasks 13:07:33 <mnasiadka> So, kolla, kolla-ansible and ansible-collection-kolla are on the way for rc1 13:07:53 <mnasiadka> kayobe needs some patches to be in that shape 13:08:10 <mnasiadka> but doesn't sound very bad, at least for now ;-) 13:08:53 <mnasiadka> mgoddard is looking at reworking the mariadb role to get around the Ansible breakage - because it seems they think it shouldn't work the way we used it ;-) 13:09:31 <mnasiadka> #link https://github.com/ansible/ansible/issues/80848 13:09:43 <mnasiadka> do we have any other urgent things to fix? 13:09:56 <mgoddard> https://review.opendev.org/c/openstack/kolla-ansible/+/884182 13:10:01 <mgoddard> (mariadb restart) 13:10:14 <mgoddard> doesn't work yet 13:11:29 <mmalchuk> we have CI issue with images build 13:11:34 <mnasiadka> nice 13:11:47 <mmalchuk> fix: https://review.opendev.org/c/openstack/kayobe/+/881679 13:12:18 <mmalchuk> jobs non-voting so it ok for now but blocks other changes 13:12:29 <opendevreview> Michal Nasiadka proposed openstack/kolla master: mariadb: Bump to current LTS (10.11) https://review.opendev.org/c/openstack/kolla/+/882924 13:12:49 <mnasiadka> mattcrees, mgoddard can you have a look in that kayobe patch? 13:13:52 <SvenKieske> mgoddard: is https://review.opendev.org/c/openstack/kolla-ansible/+/884182 ready for review? didn't really understand your comment "doesn't work yet" as zuul says it's all good? 13:14:25 <mnasiadka> not good, check the failed mariadb and multinode jobs 13:15:21 <mgoddard> mmalchuk: will take a look 13:15:33 <mmalchuk> mgoddard thanks 13:15:36 <SvenKieske> mhm, we really should make more jobs voting, it's very confusing for new contributors.. 13:15:45 <mmalchuk> +1 13:16:12 <mnasiadka> SvenKieske: that's what we should aim in B cycle 13:16:22 <mnasiadka> let's focus on releasing for now 13:16:33 <SvenKieske> sure :) 13:18:04 <frickler> just teach new contributors that "non-voting" != "ignore me" 13:19:18 <frickler> also remind old cores of that from time to time again ;) 13:19:23 <SvenKieske> (but only sometimes; it's really easy ;) ) 13:19:41 <mnasiadka> true, but jobs like prometheus-opensearch or others that are relatively stable could be marked as voting 13:20:10 <mnasiadka> and we could try to focus to get the multinode jobs less failing 13:21:29 <frickler> ack 13:22:10 <mnasiadka> anyway, kolla and kolla-ansible don't seem to have any more RP+1 patches 13:23:20 <mmalchuk> there have couple from me) 13:23:26 <Fl1nt> RP? 13:23:44 <mmalchuk> https://review.opendev.org/c/openstack/kolla-ansible/+/882100 13:23:52 <mmalchuk> https://review.opendev.org/c/openstack/kolla-ansible/+/883495 13:24:02 <SvenKieske> Fl1nt: review priority 13:24:07 <Fl1nt> aaah yes ^^ 13:24:35 <SvenKieske> mmalchuk: I gave all the +1 I had :) 13:24:47 <mmalchuk> cool 13:24:58 <SvenKieske> actually I didn't, looking at the second changeset 13:25:28 <Fl1nt> I still need another +1 in here: https://review.opendev.org/c/openstack/kolla-ansible/+/878270 13:26:19 <mmalchuk> done 13:26:38 <Fl1nt> nice, thx! 13:26:42 <mnasiadka> ok then 13:26:44 <mnasiadka> let's move on 13:26:52 <mnasiadka> #topic Additional agenda (from whiteboard) 13:27:11 <mnasiadka> ihalomi: it's podman and /run again - what's up? 13:27:25 <opendevreview> Michal Nasiadka proposed openstack/kolla-ansible master: Drop support for openEuler https://review.opendev.org/c/openstack/kolla-ansible/+/879129 13:28:14 <ihalomi> i had exams so i didnt have time to look more into it but basically the only option i see is to manually create all subdirs inside run before running deployment 13:28:54 <SvenKieske> yeah, pretty ugly; I even asked upstream podman, but have not seen any indication of change to be more compatible with docker :/ 13:29:09 <Fl1nt> gave all my +1 available on the two ticket mnasiadka and SvenKieske 13:30:01 <mnasiadka> ihalomi: ok, so docker creates them by itself, podman doesn't - can we create it in kolla_container Ansible module? 13:30:11 <mnasiadka> the other question is - why are those /run subdirs absent? 13:31:07 <SvenKieske> well, technically podman can create them, but it's a security thing regarding one subdir which is incompatible how we spawn the container.. 13:33:09 <SvenKieske> this is the issue: https://github.com/containers/podman/issues/16305#issuecomment-1299810004 13:33:14 <opendevreview> Mark Goddard proposed openstack/kolla-ansible master: Refactor MariaDB restart procedure https://review.opendev.org/c/openstack/kolla-ansible/+/884182 13:33:26 <ihalomi> i guess we can create it inside module but wouldnt it be better to create all of them at once before deployment and not try to do it before each container? 13:33:35 <SvenKieske> we mount "shared" and this doesn't work the second time, because it's a tmpfs, AFAIK 13:34:26 <mnasiadka> so - docker is not using /run/secrets - or what is the difference? 13:34:53 <SvenKieske> I _think_ docker shares secrets via ENV? but not 100% sure 13:35:51 <mnasiadka> ihalomi: didn't somebody give you a list of all /run dirs that are required for libvirt? 13:36:47 <ihalomi> yes, but there are some others that are needed under specific conditions 13:37:19 <SvenKieske> uhm, I might have found a workaround, if really only /run/secret is the problem 13:37:22 <mnasiadka> what specific conditions? 13:37:35 <SvenKieske> you can configure recent podman versions to supply secrets via env: https://docs.podman.io/en/latest/markdown/options/secret.html#secret-secret-opt-opt 13:37:48 <ihalomi> for example openvswitch and linuxbridge 13:38:00 <SvenKieske> "type=mount|env" default is mount 13:38:52 <SvenKieske> at least since podman 4.3 13:38:56 <ihalomi> yes but from what i understood you have to mount each secret manually 13:39:17 <SvenKieske> with the "env" variant you don 13:39:25 <SvenKieske> 't have to mount anything 13:39:40 <SvenKieske> let's discuss this seperately, maybe? 13:40:26 <ihalomi> and second problem is it that it will mount all secrets from user to container anyway and thats security issue i guess 13:40:34 <mnasiadka> hmm, how tripleo is/was doing that 13:40:36 <mnasiadka> https://opendev.org/openstack/tripleo-heat-templates/src/branch/stable/train/deployment/nova/nova-libvirt-container-puppet.yaml 13:40:41 <mnasiadka> maybe that will shed some light 13:41:19 <mnasiadka> (they supported podman in train) 13:42:20 <ihalomi> they are mounting run as not shared and only mounting /run/libvirt as shared 13:42:50 <mnasiadka> maybe that's a solution - but that needs testing 13:42:54 <ihalomi> or /var/run/libvirt to be precise 13:42:57 <SvenKieske> and they are running virsh commands to set nova secrets: https://opendev.org/openstack/tripleo-heat-templates/src/branch/stable/train/deployment/nova/nova-libvirt-container-puppet.yaml#L797 13:44:16 <mnasiadka> SvenKieske: I think we push that in a file 13:45:58 <mnasiadka> anyway, some homework to do on podman ;-) 13:46:12 <mnasiadka> #topic Open discussion 13:46:18 <mnasiadka> Anybody anything? 13:46:22 <mmalchuk> Kayobe still lack of reviewers 13:46:38 <kevko> o/ sorry, another meeting :( 13:46:38 <opendevreview> Merged openstack/kolla-ansible master: opensearch: alter path after using rpm/deb packaging https://review.opendev.org/c/openstack/kolla-ansible/+/883942 13:46:56 <mmalchuk> who can review my changes? 13:47:11 <mmalchuk> https://review.opendev.org/c/openstack/kayobe/+/883867 13:47:20 <mmalchuk> https://review.opendev.org/c/openstack/kayobe/+/879554 13:47:37 <mmalchuk> https://review.opendev.org/c/openstack/kayobe/+/793697 13:47:45 <mmalchuk> https://review.opendev.org/c/openstack/kayobe/+/840033 13:47:51 <mmalchuk> enough for now 13:48:01 <opendevreview> Mark Goddard proposed openstack/kayobe master: dev: Improve error checking for config check functions https://review.opendev.org/c/openstack/kayobe/+/884202 13:48:37 <opendevreview> Michal Nasiadka proposed openstack/kolla stable/zed: opensearch-dashboards: Fix permissions https://review.opendev.org/c/openstack/kolla/+/883928 13:49:06 <opendevreview> Michal Nasiadka proposed openstack/kolla stable/zed: opensearch-dashboards: Fix permissions https://review.opendev.org/c/openstack/kolla/+/883928 13:49:21 <opendevreview> Michal Nasiadka proposed openstack/kolla-ansible stable/zed: opensearch: alter path after using rpm/deb packaging https://review.opendev.org/c/openstack/kolla-ansible/+/883929 13:49:40 <opendevreview> Michal Nasiadka proposed openstack/kolla-ansible stable/zed: opensearch: alter path after using rpm/deb packaging https://review.opendev.org/c/openstack/kolla-ansible/+/883929 13:50:05 <mnasiadka> ok then, thanks for coming :) 13:50:07 <mnasiadka> #endmeeting