16:01:21 <noonedeadpunk> #startmeeting openstack_ansible_meeting 16:01:22 <openstack> Meeting started Tue Jul 28 16:01:21 2020 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:01:23 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:01:25 <openstack> The meeting name has been set to 'openstack_ansible_meeting' 16:01:37 <noonedeadpunk> #topic office hours 16:02:02 <noonedeadpunk> o\ 16:03:08 <jrosser> hello 16:06:00 <noonedeadpunk> Hey, I'm from phone at the moment, so... 16:06:27 <noonedeadpunk> I guess we've backported most of the things for centos8 16:06:51 <noonedeadpunk> Except Murano (which start timeouting) 16:07:15 <noonedeadpunk> And zun which I'm taking look at (maybe just few several things) 16:08:21 <noonedeadpunk> Don't have really much things to share as was doing mostly some personal stuff:( 16:09:06 <jrosser> similar, we just need to keep on top of the backports and get everything merged 16:09:31 <noonedeadpunk> But I hope I'll be more productive and less lazy this week, and we should do final release I guess on 2 weeks? Due date was 10th of August iirc 16:10:31 <noonedeadpunk> And I'd love to finish bind-to-mgmt thing 16:11:11 <noonedeadpunk> And also work on ci things, to get upgrade jobs finally merged 16:11:25 <noonedeadpunk> (I mean their fix) 16:11:27 <jrosser> yes, been so busy i've kind of paged-out where we were up to with bind-to-mgmt 16:11:50 <noonedeadpunk> I think on db from utility still 16:12:33 <noonedeadpunk> And need to patch every role for that 16:14:37 <jrosser> oh yes thats it 16:14:44 <jrosser> that does not sound like a job for U 16:19:04 <noonedeadpunk> Uh, it was planned a different way, but yeah... 16:19:24 <noonedeadpunk> I think a have a lot of time on my hands at the moment anyway:) 16:20:53 <noonedeadpunk> BTW, dmsimard (sorry for misspelling) gave great suggestion to allow users to deploy Ara with OSA 16:21:13 <noonedeadpunk> To keep track on playbook execution in better way than just logs 16:21:26 <noonedeadpunk> And I think that's really great idea:) 16:22:17 <jrosser> if you want to bash on bind-to-mgmt thats cool 16:22:43 <dmsimard> \o 16:23:47 <dmsimard> if you're interested there's an ansible role to deploy the API server here: https://github.com/ansible-community/ara-collection or docker images: https://hub.docker.com/r/recordsansible/ara-api 16:24:59 <dmsimard> happy to help otherwise point you in the right direction or answer questions 16:25:34 <noonedeadpunk> Oh, so we can even just include the role 16:25:52 <noonedeadpunk> During ansible bootstrap or something 16:26:38 <dmsimard> you can take inspiration from the playbook used to deploy the live demo: https://github.com/ansible-community/ara-infra/blob/master/playbooks/live-demo.yaml 16:26:38 <noonedeadpunk> jrosser, yeah, I was about to do that right tomorrow, but as I was not so deep in that topic I might ping you 16:27:00 <dmsimard> note that ara-web isn't required (and is neglected right now) 16:27:43 <dmsimard> noonedeadpunk: the role sets up the API server, there needs to be a part on the ansible control node where you install the ara callback and set it up to point to the api server 16:28:12 <dmsimard> which should be easy enough, something like pip install ara; export ANSIBLE_CALLBACK_PLUGINS=$(python3 -m ara.setup.callback_plugins) 16:28:41 <dmsimard> oh, and then export ARA_API_CLIENT=http and ARA_API_SERVER=http://api-server 16:28:51 <noonedeadpunk> Sounds neat. Does role deploy web UI as well? 16:28:54 <jrosser> noonedeadpunk: sure just ask as it's really not that far off 16:29:14 <dmsimard> the API server comes with a built-in UI, this one: https://api.demo.recordsansible.org/ 16:29:32 <jrosser> noonedeadpunk: i think what i was working towards in a AIO was this https://review.opendev.org/#/c/733408/ 16:29:39 <dmsimard> the CLI will be bundled with the main 'ara' package 16:30:07 <dmsimard> it's not released yet but it's in master 16:30:23 <noonedeadpunk> Ok, will try to take a look a bit later that week, and will ping you for sure:) 16:30:34 <dmsimard> sure, you know where to find me 16:30:40 <noonedeadpunk> Yeah:) 16:31:19 <noonedeadpunk> I think we should probably add a separate inventory group for Ara API and Ara web 16:32:08 <noonedeadpunk> And by default offer to set it to deploy host? Oh, BTW, is there any possibility to restrict access? 16:32:17 <dmsimard> sure -- for ara-web this is https://web.demo.recordsansible.org/ and I can't quite recommend it yet so don't bother with it for now :p 16:32:44 <dmsimard> It makes sense to create an inventory group, sure 16:33:17 <dmsimard> by default everything is opened read/write without authentication but you can turn on authentication only for writes or for both read/write, this is explained here: https://ara.readthedocs.io/en/latest/api-security.html 16:34:01 <dmsimard> There is no concept of permission granularity/RBAC/groups/etc -- either you have access or you don't 16:35:56 <noonedeadpunk> I mean I'm not sure if we can/should put Ara under our haproxy and deploy it in container, or just independent web server on deploy host or in container on private ips... 16:36:36 <noonedeadpunk> But yeah, that are details:) 16:36:42 <dmsimard> I don't have a strong opinion as my experience with OSA is limited 16:37:09 <dmsimard> another thing to consider is where to store the data -- by default this is in a sqlite database but the role supports mysql/postgresql as well 16:37:17 <noonedeadpunk> That's totally fine, I'm probably thinking out loud 16:38:07 <noonedeadpunk> Ok, I think that should be in our infra stuff then - we have a galera cluster which might work just nice for that 16:38:42 <noonedeadpunk> BTW, can it work under uwsgi? 16:38:42 <dmsimard> that might lead to some chicken/egg if ansible tries to use ara before mysql is setup 16:39:07 <noonedeadpunk> Oh, that's good point 16:39:08 <dmsimard> surely ? would love to have support for it in the role, there's only gunicorn right now 16:40:00 <dmsimard> should be simple enough to add, the role was structured to eventually support uwsgi/mod_wsgi 16:40:08 <dmsimard> I just don't know uwsgi a lot :) 16:40:50 <noonedeadpunk> Hm, but how ansible role does setup Ara without chicken/egg situation? 16:41:15 <noonedeadpunk> I mean I think plugins are set during role execution? 16:41:53 <noonedeadpunk> But yeah, I see what you mean, that we'll setup Ara only after launching massive amount of roles 16:42:13 <noonedeadpunk> So we'd miss data for them 16:42:15 <dmsimard> if ansible is setup to use ara with ANSIBLE_CALLBACK_PLUGINS but ara hasn't been installed yet, it will just skip it 16:42:30 <dmsimard> i.e, nothing to load, moving on 16:42:45 <dmsimard> there might be a warning but it's not fatal and has no impact 16:43:04 <noonedeadpunk> Oh, I think then we're ok 17:30:41 <noonedeadpunk> #endmeeting