#openstack-ansible log

15:00:23 <noonedeadpunk> #startmeeting openstack_ansible_meeting
15:00:23 <opendevmeet> Meeting started Tue Oct 26 15:00:23 2021 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:23 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:23 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting'
15:00:36 <noonedeadpunk> #topic office hours
15:01:13 <noonedeadpunk> \o/
15:01:29 <mgariepy> hey !
15:02:00 <damiandabrowski[m]> hi ;)
15:03:54 <noonedeadpunk> I want to discuss patch that has been pushed as a result of discussion in PTG
15:04:08 <noonedeadpunk> btw I haven't send a PTG results yet - will do that right after the meeting
15:04:13 <noonedeadpunk> the topic in gerrit https://review.opendev.org/q/topic:%22bp%252Fprotecting-plaintext-configs%22+(status:open%20OR%20status:merged)
15:05:13 <noonedeadpunk> eventually it's a concept patch that has been done https://specs.openstack.org/openstack/openstack-ansible-specs/specs/xena/protecting-plaintext-configs.html
15:14:43 <SiavashSardari> Hi there
15:15:38 <SiavashSardari> this is interesting, how we should upgrade from plain text to vault on existing setups?
15:17:22 <SiavashSardari> I guess it should work, but never done sth like this before
15:21:41 <noonedeadpunk> I think upgrade is less of concern here
15:21:57 <noonedeadpunk> Evnetually it should be just matter of setting variable
15:22:04 <noonedeadpunk> because secrets are the same
15:22:25 <noonedeadpunk> it's just matter of storing them correctly
15:26:13 <noonedeadpunk> Do you think we should move tasks/vault_setup.yml to it's own thing?
15:27:06 <noonedeadpunk> And I guess we can run this on the utility? or where?
15:27:47 <noonedeadpunk> also should it be it's role or?
15:28:38 <noonedeadpunk> And I'd suggest merging vault role tbh and iterate on it later on
15:41:16 <noonedeadpunk> Question - where do we see https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/814865/1/tasks/vault_setup.yml ?
15:41:31 <noonedeadpunk> Do we see it the same thing as db_setup?
15:41:38 <noonedeadpunk> Or it should be independent role?
15:41:51 <noonedeadpunk> Or just a tasks_from from vault role?
15:42:37 <noonedeadpunk> And it feels like we should just write a collection/plugin to store things in vault
15:45:54 <noonedeadpunk> I posted my comment but I'd love to see another opinions on this
15:48:14 <noonedeadpunk> I think I don't have anything else for today...
15:48:20 <noonedeadpunk> #endmeeting