15:01:24 <noonedeadpunk> #startmeeting openstack_ansible_meeting
15:01:24 <opendevmeet> Meeting started Tue Jan 10 15:01:24 2023 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:24 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:01:24 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting'
15:01:33 <noonedeadpunk> #topic rollcall
15:02:28 <jamesdenton> o/
15:02:32 <noonedeadpunk> o/
15:03:23 <NeilHanlon> o/
15:03:29 <NeilHanlon> \o, even
15:03:38 <noonedeadpunk> :D
15:03:39 <damiandabrowski> hi!
15:06:33 <noonedeadpunk> #topic office hours
15:07:06 <noonedeadpunk> Tbh I don't really have an agenda for todays meeting :-)
15:07:56 <opendevreview> Andrew Bonney proposed openstack/ansible-role-systemd_networkd master: Handle omitted variables which appear as empty strings  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/869736
15:08:03 <noonedeadpunk> I'm waiting for https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/868177 and https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/868176 to issue role/services bump to tag new releases
15:09:53 <damiandabrowski> and I was disrupted by some internal things, but this week i resumed work on internal TLS
15:09:54 <noonedeadpunk> And I didn't have a chance to look at PKI role regarding usage of pipes
15:10:16 <jamesdenton> last day to get submissions in for Vancouver
15:10:51 <noonedeadpunk> yes good point ^
15:11:18 <noonedeadpunk> I've sumbitted osa onboarding at very least and hope to be there
15:11:25 <jamesdenton> i saw that, thanks
15:12:29 <noonedeadpunk> But I might have tricky situation with travels, or it might get sorted out by summit
15:12:30 <jamesdenton> so, based on recent activity in the channel it's prob a good idea for me to put together an OVN Quick Start guide, or at a minimum improve whatever docs we have
15:12:45 <jamesdenton> let's hope you get sorted
15:13:01 <noonedeadpunk> yeah, I saw docs you pushed, but didn't finish reviewing
15:13:18 <noonedeadpunk> and yep, it's quite some activity regarding OVN happening
15:13:43 <jamesdenton> after mgariepy comments yesterday, i may have some more tweaks
15:13:52 <noonedeadpunk> And I think it's mostly due to breaking changes we made for Zed, so spatel's blog post not valid for Z+
15:14:01 <jamesdenton> right. his blog is quite popular
15:14:17 <spatel> noonedeadpunk i validated in my lab and fixing my blog for zed :)
15:14:21 <jamesdenton> nice
15:14:30 <noonedeadpunk> maybe they can reflact state somewhere there ^_^
15:14:39 <noonedeadpunk> ah, awesome!
15:15:14 <noonedeadpunk> jamesdenton: you should get new revision of your book to beat spatel's blog success :p
15:15:35 <jamesdenton> authoring is a young mans game
15:15:48 <jamesdenton> s/mans/persons
15:15:51 <spatel> Me and james should come up with new book.. OVN on your way :)
15:15:54 <jamesdenton> :)
15:16:15 <jamesdenton> i have much to learn
15:19:23 <NeilHanlon> I was hoping i could make it to vancouver this year.. but I don't think it'll end up happening :(
15:19:55 <noonedeadpunk> sad news :(
15:20:24 <NeilHanlon> we will see. if I can get work to pay that might happen
15:20:37 <spatel> who else going to Vancouver?
15:20:37 <NeilHanlon> I will be at FOSDEM next month, if anyone is around :)
15:22:06 <noonedeadpunk> it's quite close to where am I, but a bit tired of traveling at the moment, so was going to skip fosdem tbh
15:22:16 <NeilHanlon> that's fair. it's quite busy
15:24:29 <mgariepy> hey i'm late.
15:25:43 <jamesdenton> there's no large trout button in this irc client
15:25:49 <noonedeadpunk> but will see actually...
15:26:59 <mgariepy> i probably won't be in vancouver i got some major home renovation during this time.
15:27:03 <noonedeadpunk> There's one small thing. ansible-core 2.14 requires python >=3.9. And Ubuntu 20.04 does have 3.8 out of the box
15:27:43 <noonedeadpunk> And since we should keep 20.04 support for Antelope for upgrade path from Y, my proposal would be to stay on 2.13 for now
15:28:06 <spatel> what are we going to get with 2.14?
15:32:11 <jrosser> o/ sorry late
15:33:10 <noonedeadpunk> not much I guess - plenty of changes but it's not we want smth specific
15:33:33 <noonedeadpunk> except will to keep closer to latest versions of used software
15:34:36 <jrosser> andrewbonney: do we need https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/868177 in Zed? Like it's broken without?
15:35:03 <jrosser> argh
15:35:11 <jrosser> i mean https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/869736
15:35:54 <andrewbonney> No I don't think it's broken, you just get errors in the log. The static route one does cause brokenness if it's required by a deployment though
15:36:59 <noonedeadpunk> So you're trying to override _lxc_container_systemd_networks?
15:37:18 <opendevreview> Merged openstack/openstack-ansible master: Block unauthenticated Ironic API endpoints from untrusted networks  https://review.opendev.org/c/openstack/openstack-ansible/+/868075
15:37:22 <jrosser> no we have a static route defined in provider_networks and it results in broken config
15:37:29 <noonedeadpunk> ah
15:37:54 <noonedeadpunk> yeah, fair... We should backport that then as well
15:38:01 <jrosser> andrewbonney is doing a multinode Zed upgrade this week so we will find some bugs i expect
15:38:34 * noonedeadpunk crosses fingers
15:38:49 <opendevreview> Jonathan Rosser proposed openstack/openstack-ansible stable/zed: Block unauthenticated Ironic API endpoints from untrusted networks  https://review.opendev.org/c/openstack/openstack-ansible/+/869641
15:38:58 <noonedeadpunk> we're going to upgrade straight to AA
15:40:38 <jrosser> moha7: i have a passing test with multiple keystone / rsync https://zuul.opendev.org/t/openstack/build/992d02393eac48faa2ef13d180949eb8/log/job-output.txt#13455-13457
15:41:54 <spatel> noonedeadpunk I have question related shared keystone deployment with OSA. I have openstack RegionOne up and running and i wants to add new cloud RegionTwo
15:42:21 <spatel> what i should tell new Openstack that use old openstack for keystone?
15:43:27 <noonedeadpunk> I think we should also backport AIO fix for keystone - when we randomly were failing temepst
15:43:38 <spatel> I added this in user_var* file on new openstack - https://paste.opendev.org/show/bimxztCDsaMGpXVj1yxY/
15:43:42 <noonedeadpunk> we merged 2 things on master and seems it doesn't happen anymore
15:44:10 <spatel> if we are in meeting then i will talk later...sorry
15:44:20 <noonedeadpunk> one was https://opendev.org/openstack/openstack-ansible/commit/078c82b03456d46641a3ec05e3d14bd3ac6d1cd5
15:45:19 <opendevreview> Andrew Bonney proposed openstack/ansible-role-systemd_networkd master: Handle omitted variables which appear as empty strings  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/869736
15:46:06 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Increase thread/process to 2 for keystone  https://review.opendev.org/c/openstack/openstack-ansible/+/869642
15:46:52 <noonedeadpunk> And I think we changed smth for tempest as well....
15:47:37 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Increase thread/process to 2 for keystone  https://review.opendev.org/c/openstack/openstack-ansible/+/869642
15:48:14 <noonedeadpunk> As I see random failures of tempest for Y
15:49:04 <jrosser> there were a bunch of other places we reduced threads/workers in roles where that was forgotton
15:49:20 <jrosser> i think mgariepy made a lot of patches like that
15:51:59 <jrosser> would be worth at some point deciding what we want to implement this cycle
15:52:37 <jamesdenton> Refresher: https://etherpad.opendev.org/p/osa-antelope-ptg
15:52:41 <jrosser> https://etherpad.opendev.org/p/osa-antelope-ptg
15:52:44 <jrosser> oh snap :)
15:52:50 <jamesdenton> mind meld
15:53:41 <jrosser> the only thing i have to add to that is checking we are doing the right thing with whatever system/reader scope stuff is now
15:54:00 <jrosser> as we are trying to use the ironic ansible modules here and failing pretty badly
15:54:21 <jamesdenton> not familiar, sorry
15:54:26 <jrosser> all to do with system / not system scope tokens needed for that service somehow differently to other services
15:54:30 <jamesdenton> ahh
15:55:26 <noonedeadpunk> I _think_ we should be doing it quite right. or well, except we're not enforcing usage of system scopes for services. But I'm not sure we should, given that for services separate "service" role is needed.
15:55:44 <noonedeadpunk> But eventually there's quite a mess in this topic right now and it's not really aligned
15:55:58 <jrosser> right
15:56:23 <jrosser> perhaps need to look at what the default setup in openrc is as well
15:56:31 <noonedeadpunk> so eventually, we should end up not giving service users admin role at all
15:57:03 <noonedeadpunk> it should be service role, but likely system scoped - but service role was just a discussion point last time I checked
15:57:31 <noonedeadpunk> for openrc we have a way to enable system scope iirc
15:58:00 <noonedeadpunk> but from what I recall - system scopes should not be enforced, unless I missed smth
15:58:10 <mgariepy> jrosser, noonedeadpunk threads.. https://review.opendev.org/c/openstack/openstack-ansible/+/850942
15:59:05 <noonedeadpunk> so I wonder if that could be an issue with just ansible modules
15:59:07 <mgariepy> arf,
15:59:23 <mgariepy> no comments.. again :S
15:59:33 <opendevreview> Merged openstack/openstack-ansible stable/zed: Sync ZFS pool names  https://review.opendev.org/c/openstack/openstack-ansible/+/869633
15:59:33 <jrosser> i took a look and think it is policy in ironic
15:59:53 <jrosser> thinks like "list nodes" was only available with a system scoped token
16:00:13 <jrosser> and it was very confusing how this was all changed between yoga/zed..
16:00:22 <noonedeadpunk> the problem is thta system scopes were not implemented in cinder if I'm right. So enforcing them could be not safe for other services
16:01:16 <noonedeadpunk> well, yeah, there was a plan to enforce them in Z, but as it was not aligned I can recall postponing this
16:01:23 <noonedeadpunk> but again, I could miss smth
16:01:36 <noonedeadpunk> #endmeeting