#openstack-ansible log

16:00:01 <noonedeadpunk> #startmeeting openstack_ansible_meeting
16:00:02 <openstack> Meeting started Tue Mar 30 16:00:01 2021 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:03 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:06 <openstack> The meeting name has been set to 'openstack_ansible_meeting'
16:00:10 <noonedeadpunk> o/
16:00:18 <noonedeadpunk> #topic rollcall
16:01:54 <jrosser> o/ hello
16:03:59 <noonedeadpunk> #topic bug triage
16:04:15 <noonedeadpunk> Let's start from https://bugs.launchpad.net/openstack-ansible/+bug/1921354/
16:04:17 <openstack> Launchpad bug 1921354 in openstack-ansible "Value Error for Multiple Swift Services" [High,In progress] - Assigned to Dmitriy Rabotyagov (noonedeadpunk)
16:05:33 <jrosser> errr
16:05:42 <noonedeadpunk> ok, according to the last comment, I think he just pulled instead of cherry-picked
16:07:25 <jrosser> but also the last task is 'install python packages into the venv' but we still see the src url to install git+https://opendev.org/openstack/swift@26a20516005b1eca162da7f1d203c413e27c6104#egg=swift
16:07:28 <jrosser> thats wrong
16:07:55 <noonedeadpunk> yeah, that's from master
16:09:14 <noonedeadpunk> btw, there's another topic from the same user in ML
16:09:40 <noonedeadpunk> http://lists.openstack.org/pipermail/openstack-discuss/2021-March/021144.html
16:09:51 <noonedeadpunk> there're quite a lot mails atm...
16:10:38 <noonedeadpunk> http://lists.openstack.org/pipermail/openstack-discuss/2021-March/021386.html that's by far the last one....
16:15:42 <noonedeadpunk> ok, let's go forward
16:15:45 <noonedeadpunk> https://bugs.launchpad.net/openstack-ansible/+bug/1921861
16:15:46 <openstack> Launchpad bug 1921861 in openstack-ansible "Add table encryption support?" [Undecided,New]
16:15:59 <noonedeadpunk> that;'s really interesting, and looks pretty valid
16:16:02 <noonedeadpunk> what do you think?
16:16:17 <jrosser> i just tried to reply to the lxc/dnsmasq mail and deleted it instead :(
16:16:50 <noonedeadpunk> I think I missed that one as ususal:(
16:17:40 <jrosser> oh actually i think he fixed it
16:18:04 <jrosser> i need to improve my mail filter, i'm missing a lot of these
16:20:10 <jrosser> yes so the db encryption stuff looks good - would probably want some value from user_secrets to be used as the key
16:22:10 <noonedeadpunk> yeah
16:22:24 <noonedeadpunk> I miss so _much_ stuff
16:22:47 <noonedeadpunk> but my biggest issue are gerrit email and have no idea how to filter out zuul there... but oftopic
16:22:48 <jrosser> though it's a bit odd though, encryption-at-rest with the decryption key also stored on the node?
16:23:35 <jrosser> from: <review@openstack.org>
16:24:25 <noonedeadpunk> But I mean it would filter both zuul and comments the same way. It's just sender name that differs, not email
16:25:06 <noonedeadpunk> hm, yeah, I guess key should be on the deploy host?
16:25:40 <jrosser> file_key_management_filekey = FILE:/etc/mysql/encryption/.keyfile.key
16:25:46 <jrosser> ^ that just can't be right
16:26:09 <jrosser> but it then leads on to what you do to restart the service
16:26:45 <jrosser> (we've been messing with vault today, all this crypto chicken/egg stuff is fresh in my mind)
16:27:41 <noonedeadpunk> well, according to doc, vault is not supported there yet, only file, aws and Eperi?
16:28:36 <noonedeadpunk> so not huge amout of options
16:28:55 <noonedeadpunk> Well, I think that he should fire up a patch, and we will be able to comment it then?
16:29:53 <jrosser> yes thats probably best
16:30:04 <jrosser> maybe need a good explanation of the use case
16:30:17 <jrosser> becasue if someone steals your server they have the db and the key
16:30:54 <jrosser> but perhpas the risk is some adjacent process getting compromised and being able to read the disk
16:30:55 <noonedeadpunk> well, I think if we have that set, and AWS key storage is an option, it would be better
16:31:47 <noonedeadpunk> would require to insall extra plugin though
16:32:21 <jrosser> timezone shift means i need to be out for a bit now
16:32:45 <noonedeadpunk> ok
16:32:59 <jrosser> https://etherpad.opendev.org/p/osa-wallaby still relevant for what needs pushing forward
16:33:20 <jrosser> i looked at some of the policy patches and there were some handlers not all the same, didnt know if that was intended
16:33:21 <noonedeadpunk> #topic office hours
16:33:37 * jrosser has to go
16:34:16 <noonedeadpunk> trove is also unblocked
16:34:39 <noonedeadpunk> but it has so much to adjust...
16:34:58 <noonedeadpunk> Today I pushed some patches to add support of image tags to collections and openstacksdk
16:35:35 <noonedeadpunk> because what we have in octavia is not cool regarding image upload https://opendev.org/openstack/openstack-ansible-os_octavia/src/branch/master/tasks/octavia_amp_image.yml
16:36:35 <noonedeadpunk> Also we need to merge https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/782963 for V
16:51:37 <noonedeadpunk> And vote for https://review.opendev.org/c/openstack/openstack-ansible/+/783720 would be awesome, since it fixes fuctional jobs
16:52:03 <noonedeadpunk> that I just learned, used not only in osa, but also for sahara, and they're voting
16:52:12 <noonedeadpunk> https://zuul.opendev.org/t/openstack/build/fe2c21b0087b4d81b9d5503f23984f6b
17:00:36 <noonedeadpunk> #endmeeting