16:00:16 <spotz> #startmeeting openstack_ansible_meeting 16:00:16 <spotz> #link https://wiki.openstack.org/wiki/Meetings/openstack-ansible#Agenda_for_next_meeting 16:00:16 <spotz> #topic Roll Call 16:00:18 <openstack> Meeting started Thu Aug 3 16:00:16 2017 UTC and is due to finish in 60 minutes. The chair is spotz. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:19 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:23 <openstack> The meeting name has been set to 'openstack_ansible_meeting' 16:01:49 <andymccr> o/ 16:01:52 <evrardjp> o/ 16:01:54 <asettle> o/ 16:01:55 <spotz> :) 16:02:23 <spotz> We'll give folks a few minutes before things get turned over to evrardjp 16:02:52 <logan-> o/ 16:03:32 <spotz> #topic Review action items from last week 16:03:36 <spotz> #topic evrardjp working on doc for a phasing out bugs as opinion schedule 16:03:46 <spotz> You're up evrardjp 16:04:00 <evrardjp> I didn't get the chance to work on that, let's keep that for next week 16:04:21 <evrardjp> next topic? 16:04:23 <evrardjp> :D 16:04:25 <spotz> #action evrardjp working on doc for a phasing out bugs as opinion schedule 16:04:30 <spotz> #topic evrardjp to update the 'hack day' to be follow the sun 16:04:46 <evrardjp> ok, so for that we have one date that works for most ppl that answered the poll 16:04:51 <evrardjp> it's the 17th of august. 16:04:53 <evrardjp> I 16:05:00 <evrardjp> sorry for the typo there :p 16:05:29 <spotz> Cool we got a day! 16:05:46 <evrardjp> We'll play it by hear 16:06:04 <spotz> Okie 16:06:07 <andymccr> ok that sin 2 weeks! 16:06:09 <andymccr> *in 16:06:09 <evrardjp> depending on how shows up, probably only talking with each other on the chan, or I'll write an etherpad with priorities, and we can put our names on bugs 16:06:33 <evrardjp> If we have another session, that would be either the 5 or the 7th of September. 16:06:44 <evrardjp> (equal amount of votes) 16:07:21 <evrardjp> let's see what we can do for the 17th, and schedule at that time. If need be, we can use these two extra dates to prepare the PTG. 16:07:35 <evrardjp> (depending on ppl's availability I guess! :D) 16:07:44 <evrardjp> that's all I had to say. 16:07:48 <spotz> And we can hangout if needed 16:07:48 <andymccr> good good 16:08:07 <spotz> #topic Topics for Discussion 16:08:13 <spotz> #topic PTG - 11-15 September - Denver, Colorado 16:08:19 <andymccr> ok! 16:08:23 <spotz> #link https://etherpad.openstack.org/p/osa-denver-PTG-planning 16:08:28 <andymccr> 2 announcements on that 16:08:53 <andymccr> 1. Travel support 2nd round is open until the 6th, so if you are interested in going and don't currently have funding - apply before the 6th (which is this weekend!) 16:09:29 <andymccr> #link https://openstackfoundation.formstack.com/forms/travelsupportptg_denver 16:10:04 <andymccr> also there are still rooms available in the block book hotel for the summit - so if you are going and havnt got accommodation check that out. 16:10:39 <andymccr> it would be cool if we could get a count of who will be there, so if youre going and could let us know that'd be appreciated :) 16:11:13 <andymccr> so far we have 5 ppl, its tracked on the etherpad, but logan- jmccrory mgariepy hwoarang - and anybody else, if you're going would be good to know :) 16:11:42 <andymccr> i think that is all for the PTG from my side. put ideas in the etherpad, look at the ideas in the etherpad, etherpad. 16:11:54 <evrardjp> pad pad pad! 16:12:07 <andymccr> sweet we have a logan :D nice 16:12:18 <logan-> :D 16:12:21 <evrardjp> woot! 16:12:28 <evrardjp> Let's talk CI at the PTG. 16:12:30 <evrardjp> :D 16:13:20 <spotz> Gonna miss you guys:( 16:13:42 <evrardjp> :( 16:14:06 <evrardjp> Maybe at the summit! :D 16:14:21 <andymccr> its ok spotz we know you have priorities... ... 16:14:40 <spotz> Uh huh, you get me video link yet?:) 16:14:45 <andymccr> haha oh yeah damnit 16:14:47 <andymccr> lemme email 16:14:57 <spotz> priorities...... :) 16:15:15 <spotz> Ready to move on to Summit? 16:15:41 <andymccr> i believe so spotz! 16:15:45 <xgerman_> o/ 16:15:48 <spotz> #topic Sydney Summit talks - voting phase closes soon 16:15:59 <spotz> #link https://etherpad.openstack.org/p/osa-sydney-summit 16:16:11 <andymccr> so i put a list of some OSA talks that i found - added to an etherpad 16:16:18 <andymccr> voting closes soon, like tonight i think 16:16:26 <andymccr> but i encourage you all to go and vote for whatever looks interesting to you! 16:16:37 <spotz> Anne will be doing the talk solo if it gets through, I'm not going:( 16:17:01 <andymccr> NB - definitely dont just vote for it if its on the etherpad, it was more just a way to catalogue some talks that are OSA related that may be interesting, so vote for wahtevers interesting to you :) 16:17:23 <andymccr> my talk didnt get my name against it weirdly :P so its not being given by anybody apparently! 16:17:42 <andymccr> anyway - sydney is far away, but talk voting closes so go and vote for talks! 16:18:12 <spotz> Voting closes tomorrow I believe but I just clicked all the links so it's easy! 16:19:19 <spotz> #topic Release Planning and Decisions 16:19:26 <spotz> You're still up boss 16:20:13 <andymccr> haha 16:20:16 <andymccr> SO! 16:20:24 <andymccr> we released newton/ocata versions that should be stable 16:20:35 <andymccr> feature freeze is next week followed by RC1 so we're finishing up features and getting the last things in 16:20:53 <andymccr> i think we'll have to push the py3 work to next cycle for the majority of cases, but the wsgi work is going along quite well (for projects that support it) 16:22:00 <andymccr> that is all! 16:22:03 <evrardjp> Do you have a topic for reviews? 16:22:25 <evrardjp> Well, all reviews are good to take right :) 16:22:45 <xgerman_> I like to draw attention to https://review.openstack.org/#/c/484440/6 16:23:05 <andymccr> https://review.openstack.org/#/q/topic:bp/goal-deploy-api-in-wsgi is the api-wsgi blueprint 16:23:19 <andymccr> we also have majors dnf work in https://review.openstack.org/#/q/topic:bp/centos-and-dnf 16:23:43 <evrardjp> ok 16:23:50 <logan-> https://review.openstack.org/#/c/490482/ will unblock the master gate 16:26:04 <spotz> Not sure we want to push this through but I've got comments on https://bugs.launchpad.net/openstack-ansible/+bug/1703621 16:26:04 <openstack> Launchpad bug 1703621 in openstack-ansible "Appendix A conflict with /etc/openstack_deploy/openstack_user_config.yml.example" [Medium,Confirmed] - Assigned to Amy Marrich (amy-marrich) 16:26:32 <cloudnull> o/ 16:26:35 <cloudnull> sorry im late 16:27:50 <spotz> cloudnull == slacker 16:28:33 <spotz> moving on... 16:28:37 <spotz> #topic Blueprint work 16:29:31 <spotz> cloudnull: You ever do your thingy? 16:30:12 <evrardjp> that sounded weird, and I'm suprised I don't see a gif from major. 16:30:40 <spotz> I don't think mhayden is actually here cause he's the only otherone I know with a blueprint/spec 16:30:48 <evrardjp> it's about hyper converged I guess? 16:30:50 * mhayden stumbles in 16:30:54 <spotz> yeah 16:30:59 <andymccr> i covered the dnf bp before, i think thats going well 16:31:02 <andymccr> and otherwise its the wsgi work! 16:31:06 <evrardjp> ok 16:31:20 <mhayden> the dnf stuff is moving along quickly -- just dealing with finicky gates 16:31:23 <andymccr> xgerman_: i'll review that patch today before i leave 16:31:30 <xgerman_> thx 16:31:31 <mhayden> thanks to logan- for more firewall spec feedback 16:31:31 <andymccr> mhayden: yeah we need to . swift is being a pain 16:31:46 <andymccr> xgerman_: btw - i have added a patch to use uwsgi for the octavia api service 16:31:49 <mhayden> i'll revise the firewall spec to use a templated iptables ruleset instead 16:33:20 <cloudnull> spotz: no. 16:33:24 <xgerman_> this is what I do for templating: https://github.com/openstack/openstack-ansible-os_octavia/blob/master/defaults/main.yml#L317-L370 16:33:32 <cloudnull> we will / have removed the hyperconverged bits 16:33:46 <spotz> cool 16:33:46 <evrardjp> mhayden: I think it's a good idea 16:33:57 <logan-> cool mhayden. i am working on publishing some internal iptables stuff I lay down on our infra here, but https://github.com/ansible/ansible/issues/27494 is blocking me on that, so we'll see what happens. otherwise if ansible worked I would have had everything published by now :( 16:33:58 <mhayden> thanks xgerman_ 16:34:23 <evrardjp> yeah, I think we should come up with an universal way of doing it. 16:34:35 <xgerman_> +1 16:34:37 <evrardjp> so octavia could use it 16:37:54 <evrardjp> logan-: fun stuff. 16:39:47 <spotz> Ready for Open Discussion? 16:40:31 <spotz> guess so:) 16:40:39 <spotz> #topic Open Discussion 16:41:59 <andymccr> yay open! 16:42:00 <andymccr> discussion! 16:42:36 <logan-> as most have probably noticed there is now a 3rd party CI from Limestone Networks running integrated builds on the master and stable/ocata branches. it exercises some untested paths in OSA such as the unbound resolvers and calico networking. the configuration it lays down is published here https://gist.github.com/Logan2211/61395dfd05af1819673bb5232d14077f and noted in the console log. I am the POC if anyone has questions or concerns about 16:42:36 <logan-> this CI 16:42:45 <jmccrory> https://review.openstack.org/#/c/448850/ ready for reviews, if anyone could help there 16:43:16 <evrardjp> logan-: that's great, that's the only thing I want to say. 16:43:58 <evrardjp> jmccrory: will review. 16:45:03 <andymccr> logan-: are we good to go on https://review.openstack.org/#/q/topic:bridge-nf-call 16:45:14 <andymccr> the master one merged, but you ok for the backports? I see you accepted the master one 16:45:22 <logan-> imo needs a reno 16:45:27 <logan-> on the backports 16:45:27 <andymccr> cloudnull: ^ 16:45:36 <andymccr> is that something you could add in? 16:45:37 <logan-> thats my only concern on those currently 16:45:42 <logan-> thanks evrardjp 16:46:22 <evrardjp> I am not sure about the impact of this bridge-nf-call, but that should be in the reno if possible. 16:47:21 <logan-> it has a potentially large impact on deployers using firewall rules on the control plane hosts depending on their firewall configuration 16:47:54 <logan-> since it causes the lxc bridged traffic to be exposed to netfilter rules on the host i think? 16:48:11 <logan-> someone can correct me if i'm wrong there but thats my understanding 16:48:31 <andymccr> hopefully cloudnull will be about to discuss that 16:48:33 <evrardjp> oh. 16:48:52 <logan-> as long as thats understood and folks are comfortable backporting it i'm fine with it. it makes good sense in master at least 16:48:53 <cloudnull> we talking about this https://review.openstack.org/#/q/topic:bridge-nf-call 16:49:17 <evrardjp> yes 16:49:52 <cloudnull> this came about because it was discovered that sec group rules on compute nodes we're meaningless if that option was reset 16:50:05 <cloudnull> we set it to 0 in the initial deployment 16:50:20 <cloudnull> and the lxb agent sets it to 1 on start 16:50:32 <cloudnull> however if you rerun the openstack-hosts role it resets the value to 0 16:50:52 <cloudnull> which then ignores all of the sec group rules in place on a given compute node 16:50:54 <logan-> i think a fix needs to be made in the stable branches for sure, but im not sure if the fix is backporting this change or simply removing the setting from stable 16:51:15 <logan-> not sure if the fix should be* 16:51:26 <cloudnull> I think it should be backported as is. 16:51:46 <cloudnull> on an existing deployment folks would have the setting in the sysctl file 16:52:14 <cloudnull> which would on boot set it back to 0 and the agent would then set it to 1 but if that file is reloaded for any reason 16:52:19 <cloudnull> it could expose a deployment 16:52:32 <cloudnull> in master I could make the argument that we drop the setting all together 16:52:49 <cloudnull> just let the deployer/host deal with whatever they want 16:53:06 <cloudnull> however in existing clouds I think it makes sense to lock things down 16:53:53 <cloudnull> all that said, my personal opinion is that we lock it down by default. 16:53:56 <logan-> we could remove the sysctl in stable+master and reno it as a critical fix -- "restart your neutron lxb agent" 16:54:07 <cloudnull> ++ 16:54:45 <andymccr> consensus reached? 16:54:46 <cloudnull> simply running sysctl -w ... fixes the issue on effeted nodes where the setting has flapped 16:55:48 <cloudnull> we could reno the adhoc ansible command in master for upgrades and remove the setting all together. 16:56:04 <cloudnull> I'm good no matter. 16:56:42 <logan-> the kernel defaults it to 1 right? 16:57:00 <logan-> if there's no override in our sysctl 16:57:27 <cloudnull> I believe so 16:58:09 <spotz> 2 minute warning 16:58:31 <cloudnull> we can carry over to the channel 16:58:48 <evrardjp> yeah I think it would be best. 16:59:08 <spotz> Ok shutting us down 16:59:12 <spotz> #endmeeting