16:03:21 #startmeeting Octavia 16:03:22 Meeting started Wed Feb 17 16:03:21 2021 UTC and is due to finish in 60 minutes. The chair is johnsom. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:03:23 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:03:25 The meeting name has been set to 'octavia' 16:03:29 #chair rm_work 16:03:30 Current chairs: johnsom rm_work 16:03:44 Ah, yes 16:03:53 o/ 16:04:09 Lol I was literally just here and got distracted with email 16:04:19 o/ 16:04:37 That is why I was giving you the opportunity to run the meeting. grin 16:05:12 hi 16:06:07 o/ 16:06:17 Not on my actual computer yet, too early, sec 16:06:53 It *is* too early, but sadly I have already been on an hour of meetings 16:07:52 #topic Announcements 16:07:59 I can get started with the boiler plate stuff 16:08:07 Final client release is first week in March 16:08:15 Feature freeze for everything else is the second week in March 16:08:23 We have a priority bug review list: 16:08:31 #link https://etherpad.openstack.org/p/octavia-priority-reviews 16:08:48 Any other announcements this week? 16:10:12 #topic Brief progress reports / bugs needing review 16:11:08 I added an RBAC topic later in the agenda, but my focus has been on updating our RBAC policies for the Keystone scoped tokens and default roles. 16:11:16 I will talk more about that in the later topic 16:12:13 I fixed the two-node job: https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/773888 16:12:34 Merged openstack/octavia master: Add SCTP support in Amphora https://review.opendev.org/c/openstack/octavia/+/753247 16:12:44 it will be useful to have it to merge the AZ tests in octavia-tempest-plugin 16:12:46 Nice 16:13:33 I also worked on the centos-8 job (dirty hack), we're still discussing it with cgoncalves 16:14:17 another interesting octavia-tempest-plugin commit: https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/774157 16:15:17 it fixes an issue with our ipv6 vip tests (ipv6 vip tests are using devstack non-shared/private network) 16:20:04 Thanks for working on that. 16:20:09 Any other updates? rm_work? 16:22:34 #topic RBAC work 16:22:40 Ok, I will move on 16:23:33 So, if you are not aware Keystone has two initiatives (token scopes and default roles). Even though this isn't a community goal, Red Hat is pushing to have these implemented across the services for Wallaby. 16:24:13 An initial set of patches were pushed 16:24:15 #link https://review.opendev.org/q/project:openstack/octavia+status:open+owner:lbragstad%2540redhat.com 16:24:47 however those were "blow it away" patches that removed all of the advanced RBAC Octavia has had. 16:25:34 I have point on getting these straightened out. The first step in that is: 16:25:41 #link https://review.opendev.org/c/openstack/octavia/+/775957 16:26:05 The intent here is to merge our more strict advanced RBAC with the new default roles and scopes. 16:26:51 Please take some time and carefully review that patch as it's the basis for the following patches and we don't want to make a mistake in our API Rules Based Access Control (RBAC). 16:27:04 That would be bad. (tm) 16:27:16 fortunately I think our testing on the RBAC stuff is pretty good 16:28:00 Yeah, it's going to need to be updated as well. It's on my list 16:28:39 Unfortunately this new stuff complicates the RBAC. So I also spent some time updating the docs to help with that. Let me know if we need more 16:29:55 I ran into an issue where Tempest was giving every credential the new "member" role, which .... means you can't test with non-member or reader roles via Tempest. A patch is pending to fix that. 16:30:05 #link https://review.opendev.org/c/openstack/devstack/+/774524 16:30:54 Ok, that is all I had. Please give it a good look over so we don't end up with some CVE or something. grin 16:31:38 Or non-backward compatible. 16:31:44 ack, I will take a look 16:31:44 #topic Open Discussion 16:31:59 Anything else today? 16:33:36 not much here 16:34:18 I still need to take a look at the bug about failover with subnets out of IPs causing VIP issues. It's top on my list. 16:36:44 Well, if there isn't anything else we can get on with reviews! 16:37:00 #endmeeting