#openstack-ansible log

16:01:33 <evrardjp> #startmeeting openstack_ansible_meeting
16:01:34 <openstack> Meeting started Tue May  8 16:01:33 2018 UTC and is due to finish in 60 minutes.  The chair is evrardjp. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:01:35 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:01:37 <openstack> The meeting name has been set to 'openstack_ansible_meeting'
16:02:01 <evrardjp> #topic last week highlights
16:02:09 <evrardjp> evrardjp has introduced workarounds in ocata branch to still test N to O upgrades
16:02:19 <evrardjp> evrardjp has started removing support of python3 for Queens and will do all stable branches: https://review.openstack.org/#/q/topic:remove_python3+(status:open+OR+status:merged)
16:02:25 <evrardjp> evrardjp reminds that most upgrades are broken and need work.
16:02:30 <evrardjp> hwoarang has been working on the 'distribution packages' spec: https://review.openstack.org/#/q/topic:bp/openstack-distribution-packages . Reviews are highly appreciated!
16:02:57 <evrardjp> leaving a few minutes for people to process this
16:03:02 * prometheanfire wasn't aware we didn't support python3
16:04:06 <evrardjp> prometheanfire: nobody works on it. Let's discuss this after the meeting. It doesn't prevent you from using it, or bringing it in.
16:04:27 <prometheanfire> ok, I'm sure you've seen the python3 thread on -dev then
16:04:33 <evrardjp> I'd welcome a gentoo python3 only.
16:04:41 <evrardjp> Yes I did.
16:05:02 <evrardjp> also master and stable branches are different :)
16:05:15 <prometheanfire> ya, now that I'm back I can start working on things again :D
16:05:27 <evrardjp> perfect
16:05:45 <evrardjp> ok I think we waited enough time for the roll call, let's continue with next topic!
16:05:49 <evrardjp> #topic bug triage
16:06:06 <spotz> o/
16:06:17 <evrardjp> we've got a few bugs today, https://etherpad.openstack.org/p/osa-bugtriage, so let's tackle them right away
16:06:23 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1769665
16:06:24 <openstack> Launchpad bug 1769665 in openstack-ansible "rsyslog_client uses incorrect owner/perms on Centos7" [Undecided,New]
16:06:51 <evrardjp> cloudnull: does that still applies ?
16:07:04 <evrardjp> now that we've moved to journal logging?
16:07:46 <cloudnull> evrardjp it does still apply until rsyslog is gone
16:08:16 <cloudnull> its now optional, likely something we could fix in the stable branches.
16:08:26 <odyssey4me> it also still applies until rsyslog is no longer used in all stable branches we have ;)
16:08:36 <evrardjp> it's just a permissions issue, so it should be simple to fix I guess, but I have the impression we had that dance in the past
16:08:41 <odyssey4me> so it'll be around for at least another 12-18 months
16:08:56 <evrardjp> no branch is mentioned in the bug. For me that's master by default :)
16:09:12 <openstackgerrit> Merged openstack/openstack-ansible-os_octavia stable/queens: Adds certificate generation  https://review.openstack.org/565845
16:09:26 <evrardjp> I will ask where this happens, to see if that hasn't been fixed by any chance.
16:09:36 <evrardjp> Let's mark this as incomplete, shall we?
16:10:32 <evrardjp> ok next
16:10:34 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1769567
16:10:35 <openstack> Launchpad bug 1769567 in openstack-ansible "OpenSUSE Ceph client Define libvirt nova secret issue" [Undecided,New]
16:10:59 <evrardjp> I think we can mark it as confirmed critical, because it breaks gates.
16:11:25 <evrardjp> ok everyone?
16:12:13 <evrardjp> 5
16:12:15 <evrardjp> 4
16:12:17 <evrardjp> 3
16:12:19 <evrardjp> 2
16:12:21 <evrardjp> 1
16:12:24 <evrardjp> ok next
16:12:38 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1769195
16:12:39 <openstack> Launchpad bug 1769195 in openstack-ansible "Ocata Series Release Notes in openstack-ansible" [Undecided,New]
16:12:48 <mnaser> (sorry i'm late)
16:13:25 <evrardjp> that would be really nice if we could have someone confirming this
16:13:50 <evrardjp> the bug fix has been rushed, and now that we seem to have more time, it would be nice to know if the fix only works in gates.
16:13:57 <mnaser> i think someone pushed a change about that no?
16:14:17 <evrardjp> I have a patch that tests the release note, in Ocata.
16:14:17 <odyssey4me> evrardjp ok, I'll pick that up
16:14:27 <evrardjp> merging this would be just enough
16:14:34 <evrardjp> to at least triage the issue
16:14:41 <evrardjp> https://review.openstack.org/#/c/566587/
16:15:02 <evrardjp> ok next
16:15:39 <evrardjp> (I've assigned odyssey4me but not triaged it, we'll see the evolution next week)
16:15:47 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1769100
16:15:49 <openstack> Launchpad bug 1769100 in openstack-ansible "Use json_query whenever possible" [Undecided,New]
16:16:12 <evrardjp> that's definitely a confirmed wishlist
16:16:18 <mnaser> ++
16:16:24 <evrardjp> low-hanging-fruit if I do a first commit
16:16:41 <evrardjp> ok let's move to next one
16:17:00 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1768725
16:17:01 <openstack> Launchpad bug 1768725 in openstack-ansible "Ansible hardening takes comments into account for some checks" [Undecided,New]
16:17:33 <evrardjp> oh my god, are the bugs only my bugs? :)
16:17:48 <mnaser> that should be a low hanging fruit, easily by changing it to grep ^nameserver instead?
16:17:59 <evrardjp> indeed
16:18:12 <evrardjp> confirmed low?
16:18:20 <mnaser> patch coming up from my way too :)
16:18:22 <odyssey4me> sgtml
16:18:30 <evrardjp> ok
16:18:38 <evrardjp> next
16:18:40 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1768654
16:18:41 <openstack> Launchpad bug 1768654 in openstack-ansible "Dead Link in -- Deviations from the Security Technical Implementation Guide (STIG) in ansible-hardening" [Undecided,New]
16:19:04 <openstackgerrit> Mohammed Naser proposed openstack/ansible-hardening master: Ensure that comments are not counted  https://review.openstack.org/566936
16:19:10 * mnaser looks
16:19:12 <evrardjp> confirmed high
16:19:27 <evrardjp> or medium because the feature doesn't break, just the interface with the users.
16:19:49 <mnaser> id say its pretty high, if you dont know whats gonna happen by using this role, it's pretty useless
16:19:55 <evrardjp> that's fir
16:19:57 <evrardjp> fair
16:20:00 <odyssey4me> yeah, fair enough
16:20:12 <evrardjp> confirmed high it is!
16:20:20 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1768554
16:20:21 <openstack> Launchpad bug 1768554 in openstack-ansible "None images (architecture diagrams) loaded within the page "Storage architecture in openstack-ansible"" [Undecided,New]
16:20:38 <evrardjp> my bad.
16:20:41 <evrardjp> that must be me.
16:20:47 <evrardjp> confirmed high
16:20:53 <evrardjp> I will fix it.
16:21:07 <evrardjp> next
16:21:09 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1768231
16:21:10 <openstack> Launchpad bug 1768231 in openstack-ansible "Cinder filter scheduler not enabled with multiple storage back ends" [Undecided,New]
16:21:50 <evrardjp> oh we could indeed have some kind of convenience thing there, based on cinder_backends|length
16:22:19 <mnaser> i ran into this too in queens oddly enough
16:22:33 <mnaser> restart did fix it and it disappeared never to appear agian
16:22:41 <evrardjp> we'd need to clean that cinder_backends dict, to remove the limit_container_type
16:22:47 <evrardjp> mnaser: huh?
16:23:08 <mnaser> the same issue
16:23:20 <mnaser> two backends, one working and one down, restart made them both go up and it was okay after that
16:23:40 <evrardjp> so you didn't have to change the default section ?
16:23:45 <evrardjp> adding scheduler_default_filters = DriverFilter
16:23:55 <mnaser> didn't touch a thing
16:24:03 <evrardjp> interesting
16:24:10 <mnaser> and both are up
16:24:22 <mnaser> according to cinder service-list
16:24:25 <evrardjp> worth investigating a little more?
16:24:27 <jrosser> i think the question here is if there is a misconfiguration in cinder, as in that missing config line
16:24:38 <jrosser> or that something wierd happens on deployment thatis fixed with a restart
16:25:09 <evrardjp> that is indeed my question
16:25:47 * evrardjp is amazed that jrosser starts to translate evrardjp's words like odyssey4me :)
16:26:37 <evrardjp> let's mark this as confirmed and medium? It would be nice to add a test scenario for it
16:26:56 <evrardjp> ok everyone?
16:27:12 <jrosser> we had two deploys that exhibited that, so fairly confident it's repeatable
16:27:18 <evrardjp> confirmed then
16:29:05 <mnaser> yeah it happened to me too do its confirmed but not sure root cause
16:29:08 <evrardjp> I don't think that scheduler_default_filters = DriverFilter is required
16:29:28 <mnaser> likewise
16:29:43 <jrosser> mnaser: there could well be hints in the log becasue it moans hugely about the DB being incorrect when cinder is first started
16:30:01 <evrardjp> what's wrong with the cinder restarts? It seems it's the only service causing us pain :)
16:30:12 <mnaser> "The driver filter and weigher scheduling can help ensure that the scheduler chooses the best back end based on requested volume properties as well as various back-end specific properties."
16:30:20 <odyssey4me> there's a fair chance that we're setting things that no longer need setting
16:30:29 <evrardjp> mnaser: I think we are on the same page :)
16:31:36 <evrardjp> for triage, do we consider that medium or high?
16:31:44 <evrardjp> I think medium is fine
16:33:03 <evrardjp> ok let's continue
16:33:06 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1768129
16:33:07 <openstack> Launchpad bug 1768129 in openstack-ansible "Default self-signed cert does not include IP SAN" [Undecided,New]
16:33:47 <evrardjp> that's something we could do indeed.
16:34:05 <evrardjp> It's not a feature in itself we've promoted, but it would make life simpler for many
16:34:14 <mnaser> could be aligned with some of the work that cloudnull has been doing
16:34:22 <mnaser> about self signed cert generation with openssl module
16:34:31 <evrardjp> we should clarify that we should use fqdn though
16:34:43 <evrardjp> yes it could
16:35:00 <evrardjp> confirmed wishlist?
16:35:37 <evrardjp> I don't think we can consider this as a bug, as we never promoted the use of self-signed certificates with IPs.
16:35:45 <evrardjp> I'd never do that myself :p
16:35:57 <evrardjp> ok
16:36:01 <evrardjp> next
16:36:05 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1758144
16:36:06 <openstack> Launchpad bug 1758144 in openstack-ansible "resolv.conf in containers set too late" [Undecided,New]
16:36:20 <evrardjp> anyone wants to take this?
16:36:43 <evrardjp> 5
16:36:45 <evrardjp> 4
16:36:47 <evrardjp> 3
16:36:49 <evrardjp> 2
16:36:51 <evrardjp> 1
16:36:53 <evrardjp> ok next
16:36:55 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1755821
16:36:56 <openstack> Launchpad bug 1755821 in openstack-ansible "config_template fails to parse template if it contains a comment with leading spaces" [High,New]
16:37:14 * mnaser hit this yesterday upgrading to queens with neutron.conf.j2 :(
16:37:17 <evrardjp> same question: Anyone interested by confirming it/working on it?
16:37:30 <mnaser> i can confirm it 100%
16:37:41 <mnaser> but dont know if i understand teh whole config_template plugin structure enough to fix it
16:37:54 <evrardjp> yes but you are also the bug submitter :)
16:38:02 <evrardjp> but that's fine, I trust you!
16:38:05 <mnaser> aha :)
16:38:25 <evrardjp> mmm I can help you the config_template part
16:38:31 <mnaser> set neutron_lbaasv2: true and watch it crash and burn
16:38:34 <evrardjp> it's not that hard, it's a tempate copy
16:38:53 <evrardjp> mnaser: could you have this as a scenario then?
16:38:55 <mnaser> the issue occurs when the python ini parser gets an ini file that starts with someting that is not a section
16:39:00 <evrardjp> isn't that octavia scenario btw?
16:39:11 <mnaser> because the iini file starts with '   # General, applies to all host groups' rather than '# General, applies to all host groups'
16:39:19 <mnaser> if we literally dropped '# General, applies to all host groups' it'll be fine
16:39:26 <evrardjp> haha
16:40:07 <mnaser> the thing is like the extra spaces mess up the python ini parser
16:40:13 <evrardjp> mnaser: so not failing on the ansible managed part?
16:40:17 <mnaser> so the exception doesn't even happen in config_template world
16:40:34 <mnaser> if you try to parse an ini file with leading spaces and a comment it'll crash too (outside of ansible etc)
16:40:50 <evrardjp> mnaser: should we remove the whitespaces there: http://git.openstack.org/cgit/openstack/openstack-ansible-os_neutron/tree/templates/neutron.conf.j2#n2 ?
16:40:57 <evrardjp> adding - everywhere?
16:41:17 <mnaser> evrardjp: i think that is the way to go, but the - trickery confuses me a lot so :P
16:41:20 <mnaser> thats beyond me :P
16:41:26 <mnaser> but indeed that would solve it
16:41:56 <evrardjp> I think it's not fair to assume that config_template should scramble the files
16:42:13 <mnaser> yeah sanitize it somehow
16:45:14 <evrardjp> I am curious and I will try to work on it
16:45:31 <evrardjp> ok next
16:45:33 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1743032
16:45:35 <openstack> Launchpad bug 1743032 in openstack-ansible "Galera cluster maintenance in OpenStack-Ansible" [Undecided,New]
16:48:14 <evrardjp> don't rush on the bugs guys :)
16:48:24 <evrardjp> or ladies :)
16:48:34 <evrardjp> let's say folks, for the ease of language!
16:48:39 <odyssey4me> :p
16:49:56 <evrardjp> ok let's wrap up
16:50:01 <evrardjp> #topic open discussion
16:50:24 <evrardjp> we have 10 minutes for open discussion if someone wants to have a quick chat about a painful issue or anything else.
16:50:44 <evrardjp> It's good weather outside here, so I am not particularily willing to stay more behind a keyboard
16:50:46 <evrardjp> :)
16:50:56 <prometheanfire> :D
16:52:56 <evrardjp> ok I am done for the day
16:53:03 <evrardjp> thanks everyone!
16:53:14 <evrardjp> #endmeeting