16:00:03 <mhayden> #startmeeting OpenStack-Ansible
16:00:04 <openstack> Meeting started Thu Aug  4 16:00:03 2016 UTC and is due to finish in 60 minutes.  The chair is mhayden. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:05 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:08 <openstack> The meeting name has been set to 'openstack_ansible'
16:00:10 <mhayden> #topic Roll Call
16:00:10 <evrardjp> o/
16:00:34 <andymccr> o/
16:00:39 <asettle> o/
16:00:42 <michaelgugino> here.  Afk for a few minutes, back in 10.
16:00:51 <eil397_> o/
16:00:56 <ngraf> o/
16:01:02 <messy> o/
16:01:14 <logan-> o/
16:01:35 <spotz> \o/
16:02:45 <cloader89> Hello
16:03:05 <cloudnull> o/
16:03:33 <mhayden> alrighty, let's do the thing
16:03:39 <mhayden> #topic Action items
16:03:50 <mhayden> first up, i was supposed to be testing xenial in the lab
16:03:55 <jmccrory> o/
16:03:57 <mhayden> but alas, i've had almost no cycles available for this
16:03:59 <palendae> o/
16:04:09 <mhayden> would anyone like to pick this up or should i keep it in my bucket?
16:04:35 <odyssey4me> o/
16:04:55 <d34dh0r53> o/
16:04:56 <odyssey4me> mhayden there are experimental jobs in the gate for testing xenial/centos now - in the integrated build
16:04:57 <jmccrory> testing an aio on xenial?
16:05:05 <mhayden> jmccrory: multi-node deployment in xenial
16:05:14 <palendae> An actual deploy
16:05:51 <cloudnull> mhayden: I've been running xenial for a bit w/ osa.
16:05:54 <cloudnull> it seems to work.
16:05:54 <mhayden> i'll keep it in my bucket and will hopefully get some time to spin it up during the mid-cycle timeframe
16:06:00 <mhayden> cloudnull: good to hear :)
16:06:15 <cloudnull> though the integrated gate seems to be having issues with it
16:06:23 <mhayden> the other thing i was supposed to do is email rackspace's security folks with a list of attendees -- i'll be sending that today
16:06:26 <adreznec> mhayden: I have a small Xenial multi-node running in the lab as well
16:06:28 <cloudnull> at least it did last time i did an expremental check
16:06:41 <mhayden> adreznec: ah, that's good to hear -- on x86 or ppc?
16:06:46 <adreznec> A mix
16:06:49 <mhayden> woot
16:06:56 <cloudnull> ++ adreznec thats cool
16:07:05 <mhayden> okay, odyssey4me was going to email the ML about the stable:follows-policy tag
16:07:05 <evrardjp> indeed
16:07:25 <mhayden> i don't remember seeing that mail, but i might have missed it
16:07:37 <odyssey4me> yeah, sorry - I haven't gotten to it
16:07:41 <odyssey4me> carry that item please
16:08:01 <mhayden> #action odyssey4me to send something to the ML about stable:follows-policy tag
16:08:13 <mhayden> also, odyssey4me is going to request creation of the tests repo
16:08:17 <mhayden> is that still in progress?
16:08:23 <odyssey4me> yep, that's done - merged this morning
16:08:27 <mhayden> rockin!
16:08:39 <mhayden> okay, that's it for action items
16:08:39 <odyssey4me> we need to lay down the test infrastructure to ensure that changes there get tested
16:08:51 <mhayden> #topic Mascot
16:09:02 <mhayden> sounds like we're decided and locked in, right?
16:09:11 <palendae> Thought so
16:09:13 <mhayden> is there a timeframe on when the artwork comes out?
16:09:17 <odyssey4me> yep, that's done
16:09:25 <odyssey4me> at the summit I think
16:09:27 <mhayden> last i heard, the legal folks were examining the list
16:09:34 <mhayden> either way, our part's done
16:09:36 <mhayden> woot
16:09:42 <spotz> Cape Buffalo!
16:09:52 <mhayden> #topic Applying for the stable:follows-policy governance tag
16:10:03 <mhayden> did we want to touch on this topic once more or hold off until the ML/mid-cycle?
16:10:22 <palendae> I saw some liberty reviews floating around this week
16:10:25 <mhayden> #info OSA Mascot is the cape buffalo! (pending legal approval)
16:10:31 <palendae> Those are probably relevant to this
16:10:56 <odyssey4me> we can chat about it at the mid cycle as agreed last week
16:11:08 <odyssey4me> we have an item on the list for that
16:11:18 <mhayden> sounds good
16:11:33 <mhayden> mid-cycle is coming up soon! :)
16:11:48 <mhayden> #topic Mid-cycle planning
16:12:00 <mhayden> is everyone good on travel arrangements and things?
16:12:06 <asettle> Yerp
16:12:12 <odyssey4me> yep, I think so :)
16:12:16 <palendae> Sure hope so
16:12:20 <odyssey4me> looking forward to seeing y'all
16:12:34 <odyssey4me> hoping to find a pool - I believe it's very hot!
16:12:35 <mhayden> be sure to bring layered clothing :)  it's hot outside but like a fridge inside :P
16:12:43 <asettle> Of course it is.
16:12:44 <cloader89> looking forward  to  meeting everyone
16:12:50 <spotz> Please remember to sign up on eventbrite if you plan on doing any of the dinners. Especially Thursday night as I'll need to call the restaurant
16:12:52 <evrardjp> same here
16:12:59 <odyssey4me> spotz link?
16:13:01 <palendae> spotz, Have links?
16:13:01 <asettle> Oh shit, yeah, spotz link?
16:13:03 <evrardjp> :D
16:13:04 <asettle> Snap.
16:13:10 <evrardjp> same for everyone :D
16:13:16 <palendae> I had no idea there were eventbrites
16:13:21 <adreznec> Same
16:13:23 <mhayden> it's a brite idea
16:13:30 <odyssey4me> please add a link to the agenda
16:13:35 <spotz> Updated the etherpad but pulling them out if it loads
16:13:36 <odyssey4me> sorry - the etherpad
16:13:47 <asettle> Wow mhayden
16:14:12 <spotz> WED - https://www.eventbrite.com/myevent?eid=26891499198
16:14:13 <odyssey4me> heh, ok found them
16:14:14 <mhayden> asettle: i'm known for dad jokes in some spotz
16:14:20 <asettle> mhayden: omg no
16:14:24 <spotz> Thurs - https://www.eventbrite.com/myevent?eid=26891505216
16:14:29 <odyssey4me> no permission for this event :p
16:14:32 <spotz> FRI - https://www.eventbrite.com/myevent?eid=26891538315
16:14:47 <asettle> No permission at all
16:14:48 <adreznec> spotz: Those all say "You do not have permission for this event."
16:14:53 <spotz> odyssey4me: Bah I made them public
16:15:26 <evrardjp> same for me
16:15:41 <mhayden> #action everyone sign up for dinner on the eventbrite links from spotz (which should hopefully work soon)
16:15:51 <spotz> heheh
16:16:06 <evrardjp> links will be on the etherpad if updated I guess?
16:16:10 <cloader89> mhayden: even the castle folks??
16:16:21 <mhayden> cloader89: yeah, i believe spotz is making reservations
16:16:35 <odyssey4me> spotz it's possible that you haven't linked the *guest* link, but instead the *organiser* link
16:16:42 <mhayden> if you don't get on spotz' list, you'll be stuck at the children's table with me
16:16:44 <spotz> mhayden: Thursday night we'll need to I think the others we should be ok
16:17:03 <cloader89> mhayden: we act like children though
16:17:07 <mhayden> true
16:17:12 <spotz> see if this works http://www.eventbrite.com/e/openstack-ansible-mid-cycle-wednesday-outing-tickets-26891499198?aff=affiliate1
16:17:12 <michaelgugino> back
16:17:15 <mhayden> thanks for putting the links together, spotz
16:17:22 <odyssey4me> 'ray!
16:17:26 <ngraf> mhayden: can I join you. I want some dinosaur chicken nuggets
16:17:27 <adreznec> yep
16:17:29 <asettle> Yay spotz
16:17:29 <evrardjp> yup it works
16:17:36 <spotz> ok I'll do it that way
16:17:42 <mhayden> ngraf: gonna make it rain Capri Suns in there
16:17:46 <palendae> spotz, Works, but it says Saturday the 10th
16:18:01 <mhayden> palendae: that's just a time zone difference
16:18:01 <odyssey4me> eh, they all say they're on saturday :p
16:18:09 <spotz> palendae: grr where's b3rnardo when we need him
16:18:43 <mhayden> okay, should we keep rolling and cross our fingers for eventbrite to be correct later? :)
16:18:50 <odyssey4me> yeah, I think so
16:18:52 * asettle stops registering...
16:19:07 <mhayden> #topic Release Planning and Decisions
16:19:13 * mhayden passes the mic to odyssey4me
16:19:17 <palendae> mhayden, I have one more thing on the midcycle
16:19:32 <cloader89> maybe send an e-mail later?
16:19:33 * odyssey4me hands the mic to palendae
16:19:38 <mhayden> palendae: sure -- what's up?
16:19:42 <palendae> Wanna move my inventory discussion to Tuesday and set a time
16:20:00 <palendae> I've invited the craton team, they're sending a rep
16:20:30 <palendae> fI figured first thing Tuesday morning, whatever time "first thing" is
16:20:49 <asettle> palendae: starts on Wednesday?
16:20:53 <spotz> dates are fixed to match the day listed in the title
16:20:56 <odyssey4me> palendae ok, tue is before the mid cycle - but some of us will be there already
16:21:10 <palendae> asettle, It does? Derp.
16:21:11 <palendae> Ok, day 2
16:21:19 <odyssey4me> day 2 is thu
16:21:21 <mhayden> palendae: Thursday?
16:21:24 <asettle> palendae: yeah we're all just arriving early.
16:21:33 <odyssey4me> negotiate a time with them and just add it - we'll work around it
16:21:35 <palendae> Ok, yeah, whatever day 2 is.
16:21:38 <palendae> odyssey4me, Alright.
16:21:40 <mhayden> sweet
16:21:44 <palendae> I'll update the ehterpad when I have it
16:21:53 <evrardjp> ok
16:22:12 <palendae> I'm done :)
16:22:21 <spotz> Go sign up!:)
16:22:27 <mhayden> odyssey4me: want to talk releases now?
16:22:29 * odyssey4me takes the mic back :)
16:22:44 <odyssey4me> ok, so it appears we broken liberty & mitaka quite badly
16:22:58 <odyssey4me> we fixed the upper constraints thing, then other bugs broke out
16:23:17 <odyssey4me> a proper fix in master got finalised and merged yesterday
16:23:38 <odyssey4me> I have backports ready - but there's a bunch of python in there and I need help verifying that we're doing some sane things
16:24:06 <odyssey4me> I'm particularly not happy with https://review.openstack.org/350612 - I had to do a full copy from master because I couldn't figure out how to do a minimal one
16:24:24 <odyssey4me> ideally I'd like some help trying to not backport everything - but just bits needed
16:24:40 <odyssey4me> either that or we're ok backporting the Ansible 2.1 support and all that
16:24:58 <odyssey4me> I managed to get it right for Liberty it seems: https://review.openstack.org/350605
16:25:22 <odyssey4me> so, I need input - do we just go with what we have or should we revise the mitaka backport?
16:25:35 <odyssey4me> jmccrory automagically cloudnull d34dh0r53 stevelle mattt hughsaunders andymccr mhayden evrardjp ^
16:25:42 <michaelgugino> no backporting ansible, IMO
16:25:43 <evrardjp> tough question
16:25:58 <odyssey4me> michaelgugino not ansible, just the plugin support for Ansible 2.1
16:26:32 <mhayden> i don't see a huge problem with backporting *support* for ansible 2.1 in plugins to older branches
16:26:38 <mhayden> since that shouldn't change how 1.9.x operates
16:26:54 <odyssey4me> yeah, we know it works both ways because we test that in master anyway
16:27:04 <mhayden> good point -- i've run into that a few times ;)
16:27:07 <odyssey4me> it's also only the py_pkgs lookup plugin
16:27:31 <odyssey4me> I think the risk is managed enough.
16:27:58 <cloudnull> odyssey4me: I'm good with the full backport, it brings in "2.1" support but its very consistent behaviour.
16:28:02 <jmccrory> that sounds fine, other plugins were already 2.1 compatible in mitaka and probably safer to keep it closer to what's working in master
16:28:47 <odyssey4me> ok, I'll take off the -w
16:28:56 <mhayden> yeah, i tend to agree with jmccrory -- manual backports with some code backported seems scary
16:29:05 <mhayden> might as wel bring back as much of the original newton work as we can
16:29:08 <odyssey4me> and I'll look into why that repo build is failing - it's likely a problem with test vars
16:29:45 <odyssey4me> can we get some reviews on that ASAP so that we have as much time as possible to test before the next tag
16:30:06 <evrardjp> I agreed with mhayden and jmccrory
16:30:27 <odyssey4me> thanks - I wanted to raise awareness and ensure we're all good with this
16:30:46 * mhayden slaps a star on it for today
16:32:05 <michaelgugino> it's hard to judge that patch.  I don't know the entire rationale behind that particular code.
16:33:03 <logan-> sorry was afk a few but if we are looking at having mitaka use 2.1 there are some untested paths that break currently when used with 2.1
16:33:05 <evrardjp> michaelgugino: I just think we are not judging the patch yet - we are just talking about the context
16:33:24 <logan-> ceph_client is currently broken with 2.1: https://review.openstack.org/#/c/349780/
16:33:35 <odyssey4me> logan- no we're not looking at mitaka using 2.1
16:33:44 <logan-> ok nevermind then sorry
16:33:47 <evrardjp> logan-: it's not about bringing 2.1 - it's about porting code that is working for 1.9 and 2.1 into stable branch
16:33:51 <logan-> got it
16:33:52 <odyssey4me> there's just a backport patch which happens to include a plugin which can support 1.9 and 2.1
16:34:57 <odyssey4me> ok, I'm done - I'll revise the repo_build backport shortly
16:36:17 <michaelgugino> I've never been a fan of the repo build process.  It has too many moving parts, too much generated dynamically.  There's very little way to survey the code base and know for certain what's going to end up on that thing.
16:36:50 <odyssey4me> michaelgugino the changes recently done in master reduce the moving parts and have made it a little more understandable
16:37:39 <odyssey4me> but ok, if you're at the mid cycle then I'll be happy to explain it
16:37:50 <odyssey4me> if not, I can ake some time if you're interested
16:38:02 <mhayden> time for open discussion?
16:38:58 <michaelgugino> I won't be at the mid cycle unfortunately.  My teams travel budget is in limbo, and unfortunately I was not able to get the travel approved.
16:39:08 <spotz> :(
16:39:20 <evrardjp> :/
16:39:21 <mhayden> #topic Open discussion
16:39:25 <mhayden> michaelgugino: sorry to hear that :(
16:39:47 * mhayden has two security-related things to chat about briefly
16:39:49 <michaelgugino> but, things are looking up for the summit, so hopefully I'll be able to catch up with some of you then.
16:40:39 <michaelgugino> I would like to add, I'm seeing consistent failures on xenial builds related to ssl errors.  This may be sni related, may be cert related, or odyssey4me seems to think it's connectivity related.
16:40:46 <mhayden> on the security side, i'm working on telling a more complete security story in our documentation and putting most of the security-related configurables there
16:41:03 <michaelgugino> I'm unsure, but it is failing quite regularly on the patch sets I have produced, and I have no idea why.
16:41:23 <odyssey4me> michaelgugino yeah, we have some patches in waiting to resolve the SNI errors
16:41:27 <mhayden> i may need some help identifying all of the good security-related things that we're already doing -- i'll reach out for help when that comes around
16:41:30 <odyssey4me> we had to get bindep fixed upstream first
16:41:43 <odyssey4me> related: https://review.openstack.org/#/q/project:%255Eopenstack/openstack-ansible.*+topic:add-sni-pkgs
16:41:57 <odyssey4me> once we have a working patch in one repo, mhayden will replicate to all repositories
16:42:08 * mhayden will do that
16:42:30 <evrardjp> mhayden: what's your approach on top of what we currently do in the security role?
16:42:42 <odyssey4me> mhayden it's likely best to actually setup some scaffolding, or perhaps add a quick discussion at the mid cycle for it
16:42:44 <evrardjp> you plan to discuss with openstack security team to have best practices?
16:42:45 <mhayden> evrardjp: well we do plenty of security things in OSA outside the hardening role
16:42:52 <mhayden> such as separate creds for db users
16:42:54 <mhayden> rabbitmq users
16:42:56 <mhayden> etc
16:43:02 <mhayden> we need to articulate that story better
16:43:07 <michaelgugino> great.  Any reason we're using packages instead of pip?
16:43:20 <mhayden> odyssey4me: i plan on getting a scaffold together asap
16:43:33 <mhayden> the other half of the security discussion is specific to the role itself
16:43:53 <mhayden> at the moment, support for all four OSes are based on the RHEL 6 STIG, which isn't ideal for 16.04/CentOS7/RHEL7
16:44:13 <mhayden> the RHEL7 stig is due out *very* soon, but its numbering scheme is ENTIRELY different :|
16:44:28 <mhayden> some of the configurations in the RHEL 7 stig match the 6 stig, but some don't
16:44:40 <mhayden> i could use some feedback on how to best organize that
16:45:30 <evrardjp> ok
16:46:29 <mhayden> i don't think we need more than one role or anything
16:46:49 <odyssey4me> michaelgugino you mean python packages instead of distro packages?
16:46:56 <michaelgugino> right
16:47:00 <evrardjp> you want to have different versioning of the role mhayden?
16:47:01 <mhayden> i had considered putting something in the main.yml that would do a big fork to say "are we doing the RHEL 6 or 7 stig"
16:47:03 <odyssey4me> if so, then yes I think that's a story we need to articulate too.
16:47:08 <logan-> i have 2 things.. 1) I posted a message about this in the channel the other day, but I have an example repo integrating ceph-ansible with OSA at https://logan.protiumit.com/2016/08/02/openstack-ansible-ceph.html
16:47:10 <logan-> 2) I pushed an example of a repo that facilitates operator management and extension of OSA (additional playbooks, roles) without forking OSA but using a consolidated inventory and configuration. Info here https://logan.protiumit.com/2016/07/31/openstack-ansible-overlay.html
16:47:12 <mhayden> evrardjp: i'm wondering if we can avoid that
16:47:20 <evrardjp> ok
16:47:35 <mhayden> evrardjp: ideally, when newton releases, i'd like to have 14.04 on the RHEL 6 stig and everything else on the RHEL 7 stig
16:47:42 <evrardjp> I understand better your questions now: if we do it, how we do it
16:47:45 <palendae> logan-, Nice
16:47:49 <mhayden> evrardjp: right
16:48:03 <mhayden> so i thought about having main.yml, rhel6/main.yml, and rhel7/main.yml
16:48:07 <odyssey4me> logan- nice - will try and look through it early next week
16:48:13 <evrardjp> mhayden: I guess you need operators feedback so the midcycle seems nice to have opinions
16:48:16 <mhayden> and there would be a big fork in the road in the main main.yml
16:48:21 <mhayden> right
16:48:26 <mhayden> i'll get something cohesive out to the ML
16:48:35 <evrardjp> seems logical
16:48:45 <mhayden> #action mhayden to send something to the ML about the feedback he wants for the RHEL 6/7 stig switcheroo
16:49:34 * mhayden concludes his rambling
16:49:40 <mhayden> any other topics for today?
16:49:52 <odyssey4me> mhayden does it prhaps make sense to switch wholesale?
16:50:01 <michaelgugino> lxd support is pretty much done, IMO, just working on getting the testing finished.
16:50:02 <logan-> one last thing i almost forgot.. the neutron role gate seems kind of flaky
16:50:05 <odyssey4me> ie Newton is STIG7, earlier versions are STIG6 ?
16:50:09 <mhayden> odyssey4me: RHEL 7 stig makes little sense for 14.04 :|
16:50:11 <logan-> I can't get a pass on https://review.openstack.org/#/c/340174/
16:50:18 <mhayden> michaelgugino: nice on LXD
16:50:18 <michaelgugino> so, if people want to test out nova-lxd on trusty, please have at it.
16:50:27 <logan-> the whole patch is disabled and out of the testing path
16:50:27 <evrardjp> I'll read what you did logan- just to see if we could share our best practices from rpc
16:50:32 <palendae> michaelgugino, Link?
16:50:45 <michaelgugino> https://review.openstack.org/#/c/346984/
16:50:56 <michaelgugino> https://review.openstack.org/#/c/350226/
16:51:12 <michaelgugino> I think those are the two functional bits you need to patch in until they are approved and merged.
16:51:13 <odyssey4me> https://review.openstack.org/#/q/topic:bp/nova-lxd-support
16:51:26 <logan-> if anyone has any input on the neutron stuff I am all ears. I am getting the same fail about 1/5 of the time with a vanilla master checkout of neutron locally. But it seems to fail like 99% of the time in the gate on trusty
16:51:30 <odyssey4me> michaelgugino if you're doing other related bits, please ensure they use the same topic
16:51:35 <michaelgugino> ok
16:51:38 <odyssey4me> it makes it easier to track and relate the work
16:51:57 <odyssey4me> logan- odd, hmm :/
16:52:11 <odyssey4me> I haven't looked yet - haven't really had the time. :(
16:52:18 <logan-> evrardjp: cool thanks, i'd love to get some feedback on it. there's a lot of RPC concepts in there but I think in some ways the configuration management is much more flexible
16:52:42 <jmccrory> logan- : maybe those tests should be replaced with tempest
16:53:26 <michaelgugino> I have a small proposal
16:53:45 <logan-> yeah jmccrory maybe indeed.. some more logging would help too maybe
16:54:01 <logan-> I am trying to debug locally where I can access logs but it is hard when I can't get it to fail :)
16:54:20 <odyssey4me> logan- I'm working on getting the role tests to give logs - almost there.
16:54:21 <mhayden> 5 min warning
16:54:25 <michaelgugino> So, I copied pretty much all the configs from nova's tests to tempest's.  I think we should try to keep things like ip's, subnets, etc all the same.  What's going on with the unified testing?  Is there a patch against that?
16:54:27 <logan-> awesome odyssey4me
16:54:51 <odyssey4me> michaelgugino the repo only merged this morning, so work can begin once we've got the repo ready to accept patches
16:55:15 <logan-> that should help a lot. i'm not in a huge rush to get it merged other than I want it in before the feature freeze. code's basically done its just a matter of getting the gate working
16:55:31 <michaelgugino> is there a blueprint or anything so I can get an idea on direction?
16:55:51 <odyssey4me> michaelgugino not at this stage
16:56:03 <odyssey4me> although it's likely a good idea to have one to track the work against
16:56:07 * odyssey4me makes a note
16:56:23 <odyssey4me> #action odyssey4me to create blueprint for common testing repo
16:56:54 <michaelgugino> great, I got a few ideas, and I think we should put our heads together.  Now that I've been dipping into the testing side of things ;)
16:57:40 <mhayden> okay, i'd probably better close up the mtg
16:58:00 <odyssey4me> michaelgugino will you be making the mid cycle?
16:58:27 <michaelgugino> no, my travel was not approved
16:58:28 <mhayden> can we carry the conversation over to #openstack-ansible? :)
16:58:42 <odyssey4me> bummer, ok we'll work something out
16:58:47 <odyssey4me> mhayden yep
16:58:50 <mhayden> woot
16:58:54 <mhayden> thanks everyone :)
16:58:57 <mhayden> #endmeeting