15:00:23 #startmeeting openstack_ansible_meeting 15:00:23 Meeting started Tue Jan 18 15:00:23 2022 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:23 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:23 The meeting name has been set to 'openstack_ansible_meeting' 15:00:29 #topic rollcall 15:00:31 o/ 15:02:03 hey 15:02:07 hey! 15:02:24 hello 15:02:46 #topic office hours 15:03:05 We did pretty good job on moving things to plugs! 15:03:09 *plugins 15:03:29 The thing we miss now is proper CI testing of what we have there 15:03:54 there must be something "simple" we can use there in place of the tests repo 15:04:04 does anyone have experience with molecule? 15:04:15 While leveraging some standart ansible bootstraping 15:04:25 to ensure versions are same and all stuff is in place 15:04:46 not really. very basic only 15:05:26 I actually was thinking about even more simple things:) like a playbook/role inside tests that will do just functional testing 15:05:41 like we do for config_template. 15:05:48 But maybe molecule is indeed better 15:08:20 but I guess we still need the way to start jobs and make it in single place 15:09:01 i'm concerned with things like the PKI role that we have no test coverage and they are critical 15:09:48 well, we test it in an AIO, but thats not checking all the things in ansible-role-pki are not broken 15:10:34 yes, I agree we need some kind of "functional" testing anyway 15:11:48 I wonder if we can just limit things to tox considering we still run integrated pre-step (which does all bootstrapping) 15:12:35 yes - i mentioned before making some sort of exit point in the existing stuff 15:13:03 then perhaps call {{ role_name }}/tests/main.yml 15:13:21 yeah 15:13:24 I agree here 15:13:36 Sounds good for me. 15:13:53 I can't promise I will have time during this week to look into that though 15:13:54 though i remember that including tasks / playbooks based on a var name is kind of hard 15:14:13 ^ playbook 15:14:16 but we have project name in zuul vars? 15:14:58 but yeah, we run shell script actually (gate-check-commit) 15:15:05 But I think it's smth solvable tbh 15:15:09 ok 15:17:41 A had a quick look at https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/825113 and it looks good. 15:18:19 there are some things i need to add but yes the guts of it is there 15:18:45 and i've had it working here in a POC way, now i need to rework os_nova in my AIO to use it for real 15:19:11 I guess we need to draw some line to which extent we push things to plugins repo. Do we consider it as sandbox? 15:19:50 i think it is a great place as a sandbox, and somewhere to get POC code like this tested in zuul with zero effort 15:20:04 we can in parallel decide if we need a new repo / top level role 15:20:37 perhaps this role is similar enough to PKI role that it should be external 15:20:57 but for sure the mq/db setup stuff should stay in plugins, so there is a line to draw somewhere 15:21:05 perhaps based on re-usability 15:22:04 it's also not so clear for me, when something should be placed in -ops repo, and when in -plugins 15:23:05 for ex. we're going to put journald-remote in '-plugins' but repos like grafana or elk are placed in '-ops' 15:23:14 for ops repo we don't really provide any warranty that stuff works 15:23:22 it's best effort, or example code 15:23:39 Actually that's good question I was thinking about. 15:23:58 Tbh I think that journald code should probably be located also in -ops 15:24:19 but to make it re-usable we need to do huge work on ops repo to make it collection as well 15:24:29 which probably would be great thing to do 15:25:18 maybe the ops repo is also kind of an incubator 15:25:30 and there is an argument that ELK and MNAIO are mature enough to factor out 15:27:34 so maybe we should define what warranty we want to provide for sandbox/POC things in plugins repo :D 15:27:43 but I don't have any vision how should it work :/ 15:28:09 i think it is down to expectations 15:28:23 we have an ELK stack in our prod environment deployed from the ops repo 15:28:38 but i know we have to maintain/fix that ourselves to keep it being useful 15:29:19 thats different to OSA, where the expectation is that you can raise a LP bug and someone will triage/fix stuff thats broken 15:30:30 Tbh I see ops as incubator more but we need to tranform it to smth re-usable (collection) to make it usable that way 15:33:16 we should talk about the qdrouterd role 15:33:36 it still blocks the stable branch centos-8 removal and i have no time to look at it currently 15:34:33 a possibility is that we remove the depends-on and when the centos-8 removal happens, infra would probably force-push the patches to address zuul job errors 15:36:25 hm, yes 15:40:09 IIRC there was an issue with functional jobs in general... 15:40:20 right 15:40:34 I will try to look into there this week. If not, let's just disable test for it... 15:40:55 something was odd with the glance-nfs ones and i decided to backport the integrated test rather than sink more time into the functional ones 15:41:39 maybe a good time to make a reminder that contributors are always welcome :) 15:43:05 oh, btw, about that. 15:43:40 I pushed a patch to drop sub-osa groups which were made per-roles https://review.opendev.org/c/openstack/project-config/+/824230 15:45:09 They actually had some ppl I never knew, but also permissions for johnsom for os_octavia and some more repo.... 15:46:17 That was courtesy access as I was the Octavia PTL. 15:47:17 I am not really active there anymore, so it's not a problem if you remove it. 15:47:30 it's anyway great that you're always around and ready to help) 15:47:48 I try. grin 15:48:08 so I'm more about that we add ppl we know/trust as osa cores if they want to rather then maintain per-role ACLs 15:49:16 Definitely would be easier to audit/keep on top of 15:50:07 jrosser: wdyt? 15:51:06 i'm happy to add people 15:51:26 and also reducing the complexity in the ACL is good otherwise it will rot 15:51:27 ofc worth writing emails to the effected ppl.... 15:51:32 like it had done 15:51:39 it did... 15:52:09 ok, awesome then 15:52:24 I kind of doubt it will add active contributors though :( 15:56:17 Also Release-Candidate label is placed on top of that change as I was sooo lazy to add it to every role ACL which I wanted to drop... 15:57:04 *Backport-Candidate 15:57:11 speaking of release, we are probably due a point release 15:57:29 yes, I was just checking what we have on stable branches to run bumps 15:57:31 i think that the nova ssh config is the only major problem we had in the X release 16:00:55 would be nice to have though https://review.opendev.org/q/topic:%22cherrypick-combine-filter-recursion-b4njjwtez2%22+(status:open) 16:01:31 but yeah rest seems to be centos-8 drop so can be ignored 16:02:23 I think the only question for X - should we do bugfix (24.0.1) or minor (24.1.0) release? I'd say this bugfix and next can be minor... 16:03:05 bugfix is fine for me but I don't have a strong opinion here 16:04:29 the question here is that we ususally say that first point release is when it's known to be safe for upgrades 16:05:14 with current stable/xena I'd say it is. But still I'd way for another 2 weeks before doing point release 16:05:23 s/point/minor/ 16:05:39 oh, and we're out of time :) 16:05:41 #endmeeting