#openstack-meeting-4 log

16:00:16 <spotz> #startmeeting openstack_ansible_meeting
16:00:16 <spotz> #link https://wiki.openstack.org/wiki/Meetings/openstack-ansible#Agenda_for_next_meeting
16:00:16 <spotz> #topic Roll Call
16:00:18 <openstack> Meeting started Thu Aug  3 16:00:16 2017 UTC and is due to finish in 60 minutes.  The chair is spotz. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:19 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:23 <openstack> The meeting name has been set to 'openstack_ansible_meeting'
16:01:49 <andymccr> o/
16:01:52 <evrardjp> o/
16:01:54 <asettle> o/
16:01:55 <spotz> :)
16:02:23 <spotz> We'll give folks a few minutes before things get turned over to evrardjp
16:02:52 <logan-> o/
16:03:32 <spotz> #topic Review action items from last week
16:03:36 <spotz> #topic evrardjp working on doc for a phasing out bugs as opinion schedule
16:03:46 <spotz> You're up evrardjp
16:04:00 <evrardjp> I didn't get the chance to work on that, let's keep that for next week
16:04:21 <evrardjp> next topic?
16:04:23 <evrardjp> :D
16:04:25 <spotz> #action evrardjp working on doc for a phasing out bugs as opinion schedule
16:04:30 <spotz> #topic evrardjp to update the 'hack day' to be follow the sun
16:04:46 <evrardjp> ok, so for that we have one date that works for most ppl that answered the poll
16:04:51 <evrardjp> it's the 17th of august.
16:04:53 <evrardjp> I
16:05:00 <evrardjp> sorry for the typo there :p
16:05:29 <spotz> Cool we got a day!
16:05:46 <evrardjp> We'll play it by hear
16:06:04 <spotz> Okie
16:06:07 <andymccr> ok that sin 2 weeks!
16:06:09 <andymccr> *in
16:06:09 <evrardjp> depending on how shows up, probably only talking with each other on the chan, or I'll write an etherpad with priorities, and we can put our names on bugs
16:06:33 <evrardjp> If we have another session, that would be either the 5 or the 7th of September.
16:06:44 <evrardjp> (equal amount of votes)
16:07:21 <evrardjp> let's see what we can do for the 17th, and schedule at that time. If need be, we can use these two extra dates to prepare the PTG.
16:07:35 <evrardjp> (depending on ppl's availability I guess! :D)
16:07:44 <evrardjp> that's all I had to say.
16:07:48 <spotz> And we can hangout if needed
16:07:48 <andymccr> good good
16:08:07 <spotz> #topic Topics for Discussion
16:08:13 <spotz> #topic PTG - 11-15 September - Denver, Colorado
16:08:19 <andymccr> ok!
16:08:23 <spotz> #link  https://etherpad.openstack.org/p/osa-denver-PTG-planning
16:08:28 <andymccr> 2 announcements on that
16:08:53 <andymccr> 1. Travel support 2nd round is open until the 6th, so if you are interested in going and don't currently have funding - apply before the 6th (which is this weekend!)
16:09:29 <andymccr> #link https://openstackfoundation.formstack.com/forms/travelsupportptg_denver
16:10:04 <andymccr> also there are still rooms available in the block book hotel for the summit - so if you are going and havnt got accommodation check that out.
16:10:39 <andymccr> it would be cool if we could get a count of who will be there, so if youre going and could let us know that'd be appreciated :)
16:11:13 <andymccr> so far we have 5 ppl, its tracked on the etherpad, but logan- jmccrory mgariepy hwoarang - and anybody else, if you're going would be good to know :)
16:11:42 <andymccr> i think that is all for the PTG from my side. put ideas in the etherpad, look at the ideas in the etherpad, etherpad.
16:11:54 <evrardjp> pad pad pad!
16:12:07 <andymccr> sweet we have a logan :D nice
16:12:18 <logan-> :D
16:12:21 <evrardjp> woot!
16:12:28 <evrardjp> Let's talk CI at the PTG.
16:12:30 <evrardjp> :D
16:13:20 <spotz> Gonna miss you guys:(
16:13:42 <evrardjp> :(
16:14:06 <evrardjp> Maybe at the summit! :D
16:14:21 <andymccr> its ok spotz we know you have priorities... ...
16:14:40 <spotz> Uh huh, you get me video link yet?:)
16:14:45 <andymccr> haha oh yeah damnit
16:14:47 <andymccr> lemme email
16:14:57 <spotz> priorities...... :)
16:15:15 <spotz> Ready to move on to Summit?
16:15:41 <andymccr> i believe so spotz!
16:15:45 <xgerman_> o/
16:15:48 <spotz> #topic Sydney Summit talks - voting phase closes soon
16:15:59 <spotz> #link https://etherpad.openstack.org/p/osa-sydney-summit
16:16:11 <andymccr> so i put a list of some OSA talks that i found - added to an etherpad
16:16:18 <andymccr> voting closes soon, like tonight i think
16:16:26 <andymccr> but i encourage you all to go and vote for whatever looks interesting to you!
16:16:37 <spotz> Anne will be doing the talk solo if it gets through, I'm not going:(
16:17:01 <andymccr> NB - definitely dont just vote for it if its on the etherpad, it was more just a way to catalogue some talks that are OSA related that may be interesting, so vote for wahtevers interesting to you :)
16:17:23 <andymccr> my talk didnt get my name against it weirdly :P so its not being given by anybody apparently!
16:17:42 <andymccr> anyway - sydney is far away, but talk voting closes so go and vote for talks!
16:18:12 <spotz> Voting closes tomorrow I believe but I just clicked all the links so it's easy!
16:19:19 <spotz> #topic Release Planning and Decisions
16:19:26 <spotz> You're still up boss
16:20:13 <andymccr> haha
16:20:16 <andymccr> SO!
16:20:24 <andymccr> we released newton/ocata versions that should be stable
16:20:35 <andymccr> feature freeze is next week followed by RC1 so we're finishing up features and getting the last things in
16:20:53 <andymccr> i think we'll have to push the py3 work to next cycle for the majority of cases, but the wsgi work is going along quite well (for projects that support it)
16:22:00 <andymccr> that is all!
16:22:03 <evrardjp> Do you have a topic for reviews?
16:22:25 <evrardjp> Well, all reviews are good to take right :)
16:22:45 <xgerman_> I like to draw attention to https://review.openstack.org/#/c/484440/6
16:23:05 <andymccr> https://review.openstack.org/#/q/topic:bp/goal-deploy-api-in-wsgi is the api-wsgi blueprint
16:23:19 <andymccr> we also have majors dnf work in https://review.openstack.org/#/q/topic:bp/centos-and-dnf
16:23:43 <evrardjp> ok
16:23:50 <logan-> https://review.openstack.org/#/c/490482/ will unblock the master gate
16:26:04 <spotz> Not sure we want to push this through but I've got comments on https://bugs.launchpad.net/openstack-ansible/+bug/1703621
16:26:04 <openstack> Launchpad bug 1703621 in openstack-ansible "Appendix A conflict with /etc/openstack_deploy/openstack_user_config.yml.example" [Medium,Confirmed] - Assigned to Amy Marrich (amy-marrich)
16:26:32 <cloudnull> o/
16:26:35 <cloudnull> sorry im late
16:27:50 <spotz> cloudnull == slacker
16:28:33 <spotz> moving on...
16:28:37 <spotz> #topic Blueprint work
16:29:31 <spotz> cloudnull: You ever do your thingy?
16:30:12 <evrardjp> that sounded weird, and I'm suprised I don't see a gif from major.
16:30:40 <spotz> I don't think mhayden is actually here cause he's the only otherone I know with a blueprint/spec
16:30:48 <evrardjp> it's about hyper converged I guess?
16:30:50 * mhayden stumbles in
16:30:54 <spotz> yeah
16:30:59 <andymccr> i covered the dnf bp before, i think thats going well
16:31:02 <andymccr> and otherwise its the wsgi work!
16:31:06 <evrardjp> ok
16:31:20 <mhayden> the dnf stuff is moving along quickly -- just dealing with finicky gates
16:31:23 <andymccr> xgerman_: i'll review that patch today before i leave
16:31:30 <xgerman_> thx
16:31:31 <mhayden> thanks to logan- for more firewall spec feedback
16:31:31 <andymccr> mhayden: yeah we need to . swift is being a pain
16:31:46 <andymccr> xgerman_: btw - i have added a patch to use uwsgi for the octavia api service
16:31:49 <mhayden> i'll revise the firewall spec to use a templated iptables ruleset instead
16:33:20 <cloudnull> spotz: no.
16:33:24 <xgerman_> this is what I do for templating: https://github.com/openstack/openstack-ansible-os_octavia/blob/master/defaults/main.yml#L317-L370
16:33:32 <cloudnull> we will / have removed the hyperconverged bits
16:33:46 <spotz> cool
16:33:46 <evrardjp> mhayden: I think it's a good idea
16:33:57 <logan-> cool mhayden. i am working on publishing some internal iptables stuff I lay down on our infra here, but https://github.com/ansible/ansible/issues/27494 is blocking me on that, so we'll see what happens. otherwise if ansible worked I would have had everything published by now :(
16:33:58 <mhayden> thanks xgerman_
16:34:23 <evrardjp> yeah, I think we should come up with an universal way of doing it.
16:34:35 <xgerman_> +1
16:34:37 <evrardjp> so octavia could use it
16:37:54 <evrardjp> logan-: fun stuff.
16:39:47 <spotz> Ready for Open Discussion?
16:40:31 <spotz> guess so:)
16:40:39 <spotz> #topic Open Discussion
16:41:59 <andymccr> yay open!
16:42:00 <andymccr> discussion!
16:42:36 <logan-> as most have probably noticed there is now a 3rd party CI from Limestone Networks running integrated builds on the master and stable/ocata branches. it exercises some untested paths in OSA such as the unbound resolvers and calico networking. the configuration it lays down is published here https://gist.github.com/Logan2211/61395dfd05af1819673bb5232d14077f and noted in the console log. I am the POC if anyone has questions or concerns about
16:42:36 <logan-> this CI
16:42:45 <jmccrory> https://review.openstack.org/#/c/448850/ ready for reviews, if anyone could help there
16:43:16 <evrardjp> logan-: that's great, that's the only thing I want to say.
16:43:58 <evrardjp> jmccrory: will review.
16:45:03 <andymccr> logan-: are we good to go on https://review.openstack.org/#/q/topic:bridge-nf-call
16:45:14 <andymccr> the master one merged, but you ok for the backports? I see you accepted the master one
16:45:22 <logan-> imo needs a reno
16:45:27 <logan-> on the backports
16:45:27 <andymccr> cloudnull: ^
16:45:36 <andymccr> is that something you could add in?
16:45:37 <logan-> thats my only concern on those currently
16:45:42 <logan-> thanks evrardjp
16:46:22 <evrardjp> I am not sure about the impact of this bridge-nf-call, but that should be in the reno if possible.
16:47:21 <logan-> it has a potentially large impact on deployers using firewall rules on the control plane hosts depending on their firewall configuration
16:47:54 <logan-> since it causes the lxc bridged traffic to be exposed to netfilter rules on the host i think?
16:48:11 <logan-> someone can correct me if i'm wrong there but thats my understanding
16:48:31 <andymccr> hopefully cloudnull will be about to discuss that
16:48:33 <evrardjp> oh.
16:48:52 <logan-> as long as thats understood and folks are comfortable backporting it i'm fine with it. it makes good sense in master at least
16:48:53 <cloudnull> we talking about this https://review.openstack.org/#/q/topic:bridge-nf-call
16:49:17 <evrardjp> yes
16:49:52 <cloudnull> this came about because it was discovered that sec group rules on compute nodes we're meaningless if that option was reset
16:50:05 <cloudnull> we set it to 0 in the initial deployment
16:50:20 <cloudnull> and the lxb agent sets it to 1 on start
16:50:32 <cloudnull> however if you rerun the openstack-hosts role it resets the value to 0
16:50:52 <cloudnull> which then ignores all of the sec group rules in place on a given compute node
16:50:54 <logan-> i think a fix needs to be made in the stable branches for sure, but im not sure if the fix is backporting this change or simply removing the setting from stable
16:51:15 <logan-> not sure if the fix should be*
16:51:26 <cloudnull> I think it should be backported as is.
16:51:46 <cloudnull> on an existing deployment folks would have the setting in the sysctl file
16:52:14 <cloudnull> which would on boot set it back to 0 and the agent would then set it to 1 but if that file is reloaded for any reason
16:52:19 <cloudnull> it could expose a deployment
16:52:32 <cloudnull> in master I could make the argument that we drop the setting all together
16:52:49 <cloudnull> just let the deployer/host deal with whatever they want
16:53:06 <cloudnull> however in existing clouds I think it makes sense to lock things down
16:53:53 <cloudnull> all that said, my personal opinion is that we lock it down by default.
16:53:56 <logan-> we could remove the sysctl in stable+master and reno it as a critical fix -- "restart your neutron lxb agent"
16:54:07 <cloudnull> ++
16:54:45 <andymccr> consensus reached?
16:54:46 <cloudnull> simply running sysctl -w ... fixes the issue on effeted nodes where the setting has flapped
16:55:48 <cloudnull> we could reno the adhoc ansible command in master for upgrades and remove the setting all together.
16:56:04 <cloudnull> I'm good no matter.
16:56:42 <logan-> the kernel defaults it to 1 right?
16:57:00 <logan-> if there's no override in our sysctl
16:57:27 <cloudnull> I believe so
16:58:09 <spotz> 2 minute warning
16:58:31 <cloudnull> we can carry over to the channel
16:58:48 <evrardjp> yeah I think it would be best.
16:59:08 <spotz> Ok shutting us down
16:59:12 <spotz> #endmeeting