#openstack-kolla log

13:00:16 <mnasiadka> #startmeeting kolla
13:00:16 <opendevmeet> Meeting started Wed Aug 21 13:00:16 2024 UTC and is due to finish in 60 minutes.  The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:00:16 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:00:16 <opendevmeet> The meeting name has been set to 'kolla'
13:00:18 <mnasiadka> #topic rollcall
13:00:19 <mnasiadka> o/
13:00:22 <SvenKieske> o/
13:00:22 <mmalchuk> o/
13:00:25 <mattcrees> o/
13:00:28 <bbezak_alt> o/
13:00:31 <IvanVnuko[m]> o/
13:00:35 <mhiner> o/
13:00:50 <frickler> \o
13:01:01 <r-krcek> o/
13:02:03 <mnasiadka> #topic agenda
13:02:03 <mnasiadka> * Announcements
13:02:03 <mnasiadka> * CI status
13:02:03 <mnasiadka> * Current cycle planning
13:02:03 <mnasiadka> * Additional agenda (from whiteboard)
13:02:04 <mnasiadka> * Open discussion
13:02:07 <mnasiadka> #topic Announcements
13:02:08 <jovial> o/
13:02:14 <darmach6> o/
13:02:41 <mnasiadka> I've decided to fill in for the PTL role for another cycle, the patch has been merged already - https://review.opendev.org/c/openstack/election/+/926285
13:02:57 <SvenKieske> \o/
13:03:12 <mnasiadka> #topic CI status
13:03:23 <mnasiadka> I haven't seen any obvious breakages, so I guess nothing to report here ;-)
13:03:28 <mnasiadka> #topic Current cycle planning
13:03:37 <jovial> Kayobe CI back to green as of this morning
13:03:51 <mnasiadka> ansible bump?
13:03:58 <jovial> Indeed
13:04:11 <mnasiadka> Ok, let's have a look on planned ''features'' this cycle
13:04:21 <mnasiadka> Ubuntu Noble - that's obvious, nearly getting there
13:04:43 <mnasiadka> OVN BGP agent - I haven't done anything - bbezak_alt - do you have some spare cycles?
13:05:02 <bbezak_alt> yeah, will revive that
13:05:13 <mnasiadka> great
13:05:19 <mnasiadka> Openinfra mirrors for some problematic packages - SvenKieske how's it going?
13:06:16 <SvenKieske> mhm nothing to report, as the downstream funding is running out I doubt I'll get servers/infra capacity from there. But I guess I can still bother opendev infra team if they can cough up some gigabytes? :)
13:06:26 <opendevreview> Merged openstack/kolla-ansible stable/2024.1: CI: drop RMQ reconfigure step in queue migrations  https://review.opendev.org/c/openstack/kolla-ansible/+/926127
13:07:02 <mnasiadka> yeah, I think we wanted to discuss with openinfra - but would be good to have a list what we want to mirror and some capacity calculations
13:07:13 <mnasiadka> so if you could update that on whiteboard - would be nice
13:07:19 <mnasiadka> Multiple RMQ versions per cycle  - mattcrees how's it going?
13:07:21 <SvenKieske> future funding of the downstream is a little unclear to me currently, so if we're lucky maybe there will still be capacity, but I guess I can only wait for end of year to report back
13:07:47 <SvenKieske> okay, I can certainly compile a list of currently external repositories :)
13:08:37 <mattcrees> We've got a topic set up now: https://review.opendev.org/q/topic:%22slurp-rabbitmq%22, been getting helpful reviews so far :). I'm making sure to respond asap so we can get these merged soon
13:09:18 <mnasiadka> Ok, I'll have a look into those later
13:09:27 <mattcrees> Cheers
13:09:28 <mnasiadka> if other cores can do the same - it would be nice
13:09:58 <mnasiadka> ok, I added that topic to whiteboard
13:10:23 <mnasiadka> I don't have anything more in the whitebaord, so let's move on
13:10:30 <mnasiadka> #topic Additional agenda (from whiteboard)
13:10:38 <mnasiadka> r-krcek [21th August] my wishlist :)
13:10:38 <mnasiadka> please review https://review.opendev.org/c/openstack/kolla-ansible/+/925714 and https://review.opendev.org/c/openstack/kolla/+/925712
13:10:38 <mnasiadka> This got us stumped with Sven, anyone with bandit knowledge? https://review.opendev.org/c/openstack/kolla-ansible/+/923110
13:10:38 <mnasiadka> Any feedback would be greatly appreciated https://review.opendev.org/c/openstack/kolla-ansible/+/924651
13:11:38 <SvenKieske> ah, thx for the reminder, need to check the bandit stuff.. but question is, if this function really needs to call arbitrary commands, afaik it's only used exactly once to call a single command iirc?
13:12:38 <kevko> bash to python ? it will be fun :D
13:12:42 <SvenKieske> ok I'm wrong, it's called twice.. maybe just use subprocess directly without a wrapper function? I mean it's two calls
13:13:17 <SvenKieske> not really worth the wrapper imho, would get rid of the bandit warning I guess
13:13:24 <mnasiadka> ok, the first two look heavy, second one also is not a light one - I added my review on the last one
13:13:33 <mnasiadka> bbezak_alt: willing to have a look in the last one as well?
13:14:13 <mnasiadka> SvenKieske: let's discuss in the patch, shall we?
13:14:22 <SvenKieske> fine :)
13:14:22 <bbezak_alt> 924651 that one?
13:14:32 <r-krcek> Thank you guys for the feedback :)
13:14:35 <bbezak_alt> will check
13:14:37 <mnasiadka> bbezak_alt: yup
13:14:40 <mnasiadka> ok, next one
13:14:42 <mnasiadka> ivnucko [21th August]
13:14:42 <mnasiadka> adding TLS for other than internal/external and backend (proxy to service API)
13:14:42 <mnasiadka> like galera replication - https://review.opendev.org/c/openstack/kolla-ansible/+/925317 or
13:14:42 <mnasiadka> rabbitmq internode - https://review.opendev.org/c/openstack/kolla-ansible/+/921381
13:14:42 <mnasiadka> ...handle them as part of backend - enable them with kolla_enable_tls_backend and use the same cert from certificate role?
13:14:44 <mnasiadka> ...or a separate type, create a new play in certificates role and enable to have distinct certificate for them?
13:14:44 <mnasiadka> is there a use case for separate certificates for MariaDB to ProxySQL and for inter-node replication, is it worth the complication (cannot use service-cert-copy)?
13:15:43 <mnasiadka> I don't think it's worth any complication - I would handle them as part of backend
13:16:06 <mnasiadka> if anybody needs anything more sophisticated in future - he can add that functionality in a separate patch?
13:16:10 <mnasiadka> Any opinions?
13:16:31 <IvanVnuko[m]> It's mainly about galera, rabbitmq needs distinct certificates for it uses names
13:17:13 <IvanVnuko[m]> but thax, I did it as a part of backend, but maybe galera replication is another beast, so I'm asking for advice...
13:17:33 <SvenKieske> agreed
13:17:51 <IvanVnuko[m]> and a bit of promotion for the TLS encryption change requests we have put up:)
13:17:52 <SvenKieske> I would use the same certs for a start where possible.
13:17:54 <IvanVnuko[m]> thank you
13:17:59 <SvenKieske> we can make it complicated later ;)
13:19:08 <IvanVnuko[m]> yeah, was my initial idea also, just that there are some rumors about a bit complicated restart of galera cluster when new certificates are set up, so...
13:19:40 <mnasiadka> ok, then agreed - keep it simple as possible
13:19:42 <mnasiadka> next one
13:19:45 <mnasiadka> jovial [21st] Should we lower minimum ansible as we should technically support python 3.9 in 2024.2
13:19:45 <mnasiadka> https://governance.openstack.org/tc/reference/runtimes/2024.2.html
13:19:45 <mnasiadka> 2.15.x is last version support on 3.9
13:19:45 <mnasiadka> Also affects kayobe
13:20:23 <jovial> Am I right in thinking we should be supporting 3.9 still?
13:20:29 <mnasiadka> we are supporting 3.9
13:20:30 <frickler> can't you use 3.11 on rocky?
13:20:32 <mnasiadka> on the destination hosts
13:20:38 <mnasiadka> you can use 3.11 or 3.12
13:20:49 <mnasiadka> my problem with relaxing the requirement is that we would need to have that running in CI
13:20:56 <mnasiadka> so that's a bit more jobs that we currently have
13:21:07 <mnasiadka> and we never supported more than two versions per release
13:22:10 <jovial> Just wondering if I should follow suit in Kayobe and drop 3.9 really
13:22:34 <SvenKieske> mhm, maybe ask TC (frickler? ;) ) if it's a breakage of the requirements? I mean technically you can run openstack with python 3.9, it's just not what we test or deploy? use another deployment tool? ;)
13:22:40 <mnasiadka> well, as I mentioned - Ansible requires 3.10+ only on the host where you're running Ansible
13:23:22 <frickler> yes, I don't think the PTI applies in this case
13:23:42 <mnasiadka> Python 3.9 (available as default in Debian 11 and Centos 9 Stream) Python 3.9 is the the minimum supported/required version for 2024.2. This does not imply that Debian 11 is the minimum supported distribution but it may be used for tox testing. supporting Python 3.9 does not require full tempest testing, but py39 unit tests are expected as a minimum requirement for all Python projects. The minimal requirement for testing jobs
13:23:42 <mnasiadka> against Python versions above is to ensure language compatibility, having more extensive testing is allowed.
13:23:56 <mnasiadka> not reminding that the PTI claims that you need to have passing unit tests on Py3.9 ;-)
13:24:03 <mnasiadka> and nothing more
13:24:13 <frickler> IMO kolla isn't a python project in the sense of that whole document
13:24:29 <mnasiadka> well, kolla-ansible more likely
13:24:38 <frickler> kolla* even
13:25:02 <mnasiadka> I don't think we should add additional work of supporting older Ansible release
13:25:17 <frickler> +1
13:25:18 <SvenKieske> +1
13:25:32 <kevko> hmm, are u sure that https://review.opendev.org/c/openstack/kolla-ansible/+/921743 didn't break anything ?
13:25:32 <mnasiadka> And for those sticking to SLURP - they will still need to upgrade to Rocky 10 before jumping from 2024.1 to 2025.1
13:26:15 <mnasiadka> kevko: I'll fix the rocky upgrade - missed that, but thanks for reminding
13:26:56 <SvenKieske> shortly afk..
13:27:04 <mnasiadka> well, actually it's not that patch that broke it
13:27:27 <jovial> OK, I will following suit in Kayobe then to keep the test matrix smaller (and it makes sense if we are aligned to kolla). Was just checking that it wasn't an oversight.
13:28:02 <mnasiadka> jovial: no, I was thinking about that in the past, but it just doesn't make any sense if you can install python3.11/3.12 on Rocky 9 and get it working that way
13:28:33 <kevko> mnasiadka: it's actually this one https://review.opendev.org/c/openstack/kolla/+/924245
13:28:43 <kevko> revert ? or what ?
13:29:02 <mnasiadka> what did it break?
13:29:10 <kevko> build rocky
13:29:19 <opendevreview> Merged openstack/kolla-ansible stable/2023.1: Fix post-config of OVS for manila-share servers  https://review.opendev.org/c/openstack/kolla-ansible/+/926030
13:29:19 <kevko> kolla-toolbox
13:29:28 <mnasiadka> where?
13:29:34 <mnasiadka> what's the error?
13:30:29 <kevko> mnasiadka: validating ..give me 5 minutes
13:30:46 <mnasiadka> kevko[21.st aug] https://review.opendev.org/q/owner:michal.arbet@ultimum.io+-status:abandoned+-status:merged+branch:master+(repo:openstack/kolla+OR+repo:openstack/kolla-ansible)
13:30:50 <mnasiadka> 5 minutes is too much
13:30:58 <mnasiadka> I'll leave it here - since kevko did not add any comments
13:31:35 <kevko> :D
13:31:42 <mnasiadka> #topic Open discussion
13:31:46 <mnasiadka> anybody anything?
13:31:51 <kevko> thank you very much
13:31:58 <SvenKieske> the usual begging for reviews ;)
13:32:07 <mmalchuk> orphaned backports
13:32:09 <mmalchuk> https://review.opendev.org/c/openstack/kolla-ansible/+/926186
13:32:13 <mmalchuk> https://review.opendev.org/c/openstack/kolla-ansible/+/924573
13:32:36 <mmalchuk> and also please review:
13:32:36 <SvenKieske> one question though, regarding my WIP prometheus config validation: https://review.opendev.org/c/openstack/kolla-ansible/+/926209
13:32:37 <mmalchuk> https://review.opendev.org/c/openstack/kolla/+/926084
13:32:41 <mmalchuk> https://review.opendev.org/c/openstack/kolla-ansible/+/926190
13:33:23 <SvenKieske> would it be ok for a start to only validate the prometheus.yml inside the main prometheus-server container? because we have dozens of exporters and constructing the loop for that makes my head hurt :)
13:33:34 <mnasiadka> it's unmaintained, it should be orphaned
13:34:14 <mnasiadka> SvenKieske: I would say we don't care about exporters - that should be validated in the CI if we're able to scrape from them
13:34:39 <mmalchuk> mnasiadka not all
13:34:44 <SvenKieske> alright, so that will simplify the validation a lot, I'll just check the main prometheus server configs then :)
13:34:47 <mmalchuk> https://review.opendev.org/c/openstack/kolla-ansible/+/924573
13:34:54 <mmalchuk> is the A
13:35:16 <mmalchuk> https://review.opendev.org/q/Ic8e2dd42b95a8f5c2141a820c55642a3ed7beabd
13:35:34 <mmalchuk> month ago merged all but A lost
13:36:50 <mnasiadka> bbezak_alt: can you have a look ^^?
13:37:04 <bbezak_alt> looking
13:37:16 <bbezak_alt> some already done
13:37:31 <mmalchuk> thanks a lot
13:38:06 <mmalchuk> still lack of Kayobe reviews :(
13:38:08 <mmalchuk> https://review.opendev.org/c/openstack/kayobe/+/921628
13:38:17 <mmalchuk> 2 months(
13:38:21 <mnasiadka> jovial: ^^
13:38:59 <mmalchuk> what about new core reviewers for Kolla/Kayobe ? outside the StackHPC ?
13:40:11 <mnasiadka> I'll leave that to jovial since he's more responsible for Kayobe
13:40:32 <mnasiadka> Ok, unfortunately I need to run - see you all next week!
13:40:35 <mnasiadka> #endmeeting