16:00:01 <noonedeadpunk> #startmeeting openstack_ansible_meeting 16:00:02 <openstack> Meeting started Tue Mar 30 16:00:01 2021 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:03 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:06 <openstack> The meeting name has been set to 'openstack_ansible_meeting' 16:00:10 <noonedeadpunk> o/ 16:00:18 <noonedeadpunk> #topic rollcall 16:01:54 <jrosser> o/ hello 16:03:59 <noonedeadpunk> #topic bug triage 16:04:15 <noonedeadpunk> Let's start from https://bugs.launchpad.net/openstack-ansible/+bug/1921354/ 16:04:17 <openstack> Launchpad bug 1921354 in openstack-ansible "Value Error for Multiple Swift Services" [High,In progress] - Assigned to Dmitriy Rabotyagov (noonedeadpunk) 16:05:33 <jrosser> errr 16:05:42 <noonedeadpunk> ok, according to the last comment, I think he just pulled instead of cherry-picked 16:07:25 <jrosser> but also the last task is 'install python packages into the venv' but we still see the src url to install git+https://opendev.org/openstack/swift@26a20516005b1eca162da7f1d203c413e27c6104#egg=swift 16:07:28 <jrosser> thats wrong 16:07:55 <noonedeadpunk> yeah, that's from master 16:09:14 <noonedeadpunk> btw, there's another topic from the same user in ML 16:09:40 <noonedeadpunk> http://lists.openstack.org/pipermail/openstack-discuss/2021-March/021144.html 16:09:51 <noonedeadpunk> there're quite a lot mails atm... 16:10:38 <noonedeadpunk> http://lists.openstack.org/pipermail/openstack-discuss/2021-March/021386.html that's by far the last one.... 16:15:42 <noonedeadpunk> ok, let's go forward 16:15:45 <noonedeadpunk> https://bugs.launchpad.net/openstack-ansible/+bug/1921861 16:15:46 <openstack> Launchpad bug 1921861 in openstack-ansible "Add table encryption support?" [Undecided,New] 16:15:59 <noonedeadpunk> that;'s really interesting, and looks pretty valid 16:16:02 <noonedeadpunk> what do you think? 16:16:17 <jrosser> i just tried to reply to the lxc/dnsmasq mail and deleted it instead :( 16:16:50 <noonedeadpunk> I think I missed that one as ususal:( 16:17:40 <jrosser> oh actually i think he fixed it 16:18:04 <jrosser> i need to improve my mail filter, i'm missing a lot of these 16:20:10 <jrosser> yes so the db encryption stuff looks good - would probably want some value from user_secrets to be used as the key 16:22:10 <noonedeadpunk> yeah 16:22:24 <noonedeadpunk> I miss so _much_ stuff 16:22:47 <noonedeadpunk> but my biggest issue are gerrit email and have no idea how to filter out zuul there... but oftopic 16:22:48 <jrosser> though it's a bit odd though, encryption-at-rest with the decryption key also stored on the node? 16:23:35 <jrosser> from: <review@openstack.org> 16:24:25 <noonedeadpunk> But I mean it would filter both zuul and comments the same way. It's just sender name that differs, not email 16:25:06 <noonedeadpunk> hm, yeah, I guess key should be on the deploy host? 16:25:40 <jrosser> file_key_management_filekey = FILE:/etc/mysql/encryption/.keyfile.key 16:25:46 <jrosser> ^ that just can't be right 16:26:09 <jrosser> but it then leads on to what you do to restart the service 16:26:45 <jrosser> (we've been messing with vault today, all this crypto chicken/egg stuff is fresh in my mind) 16:27:41 <noonedeadpunk> well, according to doc, vault is not supported there yet, only file, aws and Eperi? 16:28:36 <noonedeadpunk> so not huge amout of options 16:28:55 <noonedeadpunk> Well, I think that he should fire up a patch, and we will be able to comment it then? 16:29:53 <jrosser> yes thats probably best 16:30:04 <jrosser> maybe need a good explanation of the use case 16:30:17 <jrosser> becasue if someone steals your server they have the db and the key 16:30:54 <jrosser> but perhpas the risk is some adjacent process getting compromised and being able to read the disk 16:30:55 <noonedeadpunk> well, I think if we have that set, and AWS key storage is an option, it would be better 16:31:47 <noonedeadpunk> would require to insall extra plugin though 16:32:21 <jrosser> timezone shift means i need to be out for a bit now 16:32:45 <noonedeadpunk> ok 16:32:59 <jrosser> https://etherpad.opendev.org/p/osa-wallaby still relevant for what needs pushing forward 16:33:20 <jrosser> i looked at some of the policy patches and there were some handlers not all the same, didnt know if that was intended 16:33:21 <noonedeadpunk> #topic office hours 16:33:37 * jrosser has to go 16:34:16 <noonedeadpunk> trove is also unblocked 16:34:39 <noonedeadpunk> but it has so much to adjust... 16:34:58 <noonedeadpunk> Today I pushed some patches to add support of image tags to collections and openstacksdk 16:35:35 <noonedeadpunk> because what we have in octavia is not cool regarding image upload https://opendev.org/openstack/openstack-ansible-os_octavia/src/branch/master/tasks/octavia_amp_image.yml 16:36:35 <noonedeadpunk> Also we need to merge https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/782963 for V 16:51:37 <noonedeadpunk> And vote for https://review.opendev.org/c/openstack/openstack-ansible/+/783720 would be awesome, since it fixes fuctional jobs 16:52:03 <noonedeadpunk> that I just learned, used not only in osa, but also for sahara, and they're voting 16:52:12 <noonedeadpunk> https://zuul.opendev.org/t/openstack/build/fe2c21b0087b4d81b9d5503f23984f6b 17:00:36 <noonedeadpunk> #endmeeting