15:01:24 <noonedeadpunk> #startmeeting openstack_ansible_meeting 15:01:24 <opendevmeet> Meeting started Tue Jan 10 15:01:24 2023 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:24 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:01:24 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting' 15:01:33 <noonedeadpunk> #topic rollcall 15:02:28 <jamesdenton> o/ 15:02:32 <noonedeadpunk> o/ 15:03:23 <NeilHanlon> o/ 15:03:29 <NeilHanlon> \o, even 15:03:38 <noonedeadpunk> :D 15:03:39 <damiandabrowski> hi! 15:06:33 <noonedeadpunk> #topic office hours 15:07:06 <noonedeadpunk> Tbh I don't really have an agenda for todays meeting :-) 15:07:56 <opendevreview> Andrew Bonney proposed openstack/ansible-role-systemd_networkd master: Handle omitted variables which appear as empty strings https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/869736 15:08:03 <noonedeadpunk> I'm waiting for https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/868177 and https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/868176 to issue role/services bump to tag new releases 15:09:53 <damiandabrowski> and I was disrupted by some internal things, but this week i resumed work on internal TLS 15:09:54 <noonedeadpunk> And I didn't have a chance to look at PKI role regarding usage of pipes 15:10:16 <jamesdenton> last day to get submissions in for Vancouver 15:10:51 <noonedeadpunk> yes good point ^ 15:11:18 <noonedeadpunk> I've sumbitted osa onboarding at very least and hope to be there 15:11:25 <jamesdenton> i saw that, thanks 15:12:29 <noonedeadpunk> But I might have tricky situation with travels, or it might get sorted out by summit 15:12:30 <jamesdenton> so, based on recent activity in the channel it's prob a good idea for me to put together an OVN Quick Start guide, or at a minimum improve whatever docs we have 15:12:45 <jamesdenton> let's hope you get sorted 15:13:01 <noonedeadpunk> yeah, I saw docs you pushed, but didn't finish reviewing 15:13:18 <noonedeadpunk> and yep, it's quite some activity regarding OVN happening 15:13:43 <jamesdenton> after mgariepy comments yesterday, i may have some more tweaks 15:13:52 <noonedeadpunk> And I think it's mostly due to breaking changes we made for Zed, so spatel's blog post not valid for Z+ 15:14:01 <jamesdenton> right. his blog is quite popular 15:14:17 <spatel> noonedeadpunk i validated in my lab and fixing my blog for zed :) 15:14:21 <jamesdenton> nice 15:14:30 <noonedeadpunk> maybe they can reflact state somewhere there ^_^ 15:14:39 <noonedeadpunk> ah, awesome! 15:15:14 <noonedeadpunk> jamesdenton: you should get new revision of your book to beat spatel's blog success :p 15:15:35 <jamesdenton> authoring is a young mans game 15:15:48 <jamesdenton> s/mans/persons 15:15:51 <spatel> Me and james should come up with new book.. OVN on your way :) 15:15:54 <jamesdenton> :) 15:16:15 <jamesdenton> i have much to learn 15:19:23 <NeilHanlon> I was hoping i could make it to vancouver this year.. but I don't think it'll end up happening :( 15:19:55 <noonedeadpunk> sad news :( 15:20:24 <NeilHanlon> we will see. if I can get work to pay that might happen 15:20:37 <spatel> who else going to Vancouver? 15:20:37 <NeilHanlon> I will be at FOSDEM next month, if anyone is around :) 15:22:06 <noonedeadpunk> it's quite close to where am I, but a bit tired of traveling at the moment, so was going to skip fosdem tbh 15:22:16 <NeilHanlon> that's fair. it's quite busy 15:24:29 <mgariepy> hey i'm late. 15:25:43 <jamesdenton> there's no large trout button in this irc client 15:25:49 <noonedeadpunk> but will see actually... 15:26:59 <mgariepy> i probably won't be in vancouver i got some major home renovation during this time. 15:27:03 <noonedeadpunk> There's one small thing. ansible-core 2.14 requires python >=3.9. And Ubuntu 20.04 does have 3.8 out of the box 15:27:43 <noonedeadpunk> And since we should keep 20.04 support for Antelope for upgrade path from Y, my proposal would be to stay on 2.13 for now 15:28:06 <spatel> what are we going to get with 2.14? 15:32:11 <jrosser> o/ sorry late 15:33:10 <noonedeadpunk> not much I guess - plenty of changes but it's not we want smth specific 15:33:33 <noonedeadpunk> except will to keep closer to latest versions of used software 15:34:36 <jrosser> andrewbonney: do we need https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/868177 in Zed? Like it's broken without? 15:35:03 <jrosser> argh 15:35:11 <jrosser> i mean https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/869736 15:35:54 <andrewbonney> No I don't think it's broken, you just get errors in the log. The static route one does cause brokenness if it's required by a deployment though 15:36:59 <noonedeadpunk> So you're trying to override _lxc_container_systemd_networks? 15:37:18 <opendevreview> Merged openstack/openstack-ansible master: Block unauthenticated Ironic API endpoints from untrusted networks https://review.opendev.org/c/openstack/openstack-ansible/+/868075 15:37:22 <jrosser> no we have a static route defined in provider_networks and it results in broken config 15:37:29 <noonedeadpunk> ah 15:37:54 <noonedeadpunk> yeah, fair... We should backport that then as well 15:38:01 <jrosser> andrewbonney is doing a multinode Zed upgrade this week so we will find some bugs i expect 15:38:34 * noonedeadpunk crosses fingers 15:38:49 <opendevreview> Jonathan Rosser proposed openstack/openstack-ansible stable/zed: Block unauthenticated Ironic API endpoints from untrusted networks https://review.opendev.org/c/openstack/openstack-ansible/+/869641 15:38:58 <noonedeadpunk> we're going to upgrade straight to AA 15:40:38 <jrosser> moha7: i have a passing test with multiple keystone / rsync https://zuul.opendev.org/t/openstack/build/992d02393eac48faa2ef13d180949eb8/log/job-output.txt#13455-13457 15:41:54 <spatel> noonedeadpunk I have question related shared keystone deployment with OSA. I have openstack RegionOne up and running and i wants to add new cloud RegionTwo 15:42:21 <spatel> what i should tell new Openstack that use old openstack for keystone? 15:43:27 <noonedeadpunk> I think we should also backport AIO fix for keystone - when we randomly were failing temepst 15:43:38 <spatel> I added this in user_var* file on new openstack - https://paste.opendev.org/show/bimxztCDsaMGpXVj1yxY/ 15:43:42 <noonedeadpunk> we merged 2 things on master and seems it doesn't happen anymore 15:44:10 <spatel> if we are in meeting then i will talk later...sorry 15:44:20 <noonedeadpunk> one was https://opendev.org/openstack/openstack-ansible/commit/078c82b03456d46641a3ec05e3d14bd3ac6d1cd5 15:45:19 <opendevreview> Andrew Bonney proposed openstack/ansible-role-systemd_networkd master: Handle omitted variables which appear as empty strings https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/869736 15:46:06 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Increase thread/process to 2 for keystone https://review.opendev.org/c/openstack/openstack-ansible/+/869642 15:46:52 <noonedeadpunk> And I think we changed smth for tempest as well.... 15:47:37 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Increase thread/process to 2 for keystone https://review.opendev.org/c/openstack/openstack-ansible/+/869642 15:48:14 <noonedeadpunk> As I see random failures of tempest for Y 15:49:04 <jrosser> there were a bunch of other places we reduced threads/workers in roles where that was forgotton 15:49:20 <jrosser> i think mgariepy made a lot of patches like that 15:51:59 <jrosser> would be worth at some point deciding what we want to implement this cycle 15:52:37 <jamesdenton> Refresher: https://etherpad.opendev.org/p/osa-antelope-ptg 15:52:41 <jrosser> https://etherpad.opendev.org/p/osa-antelope-ptg 15:52:44 <jrosser> oh snap :) 15:52:50 <jamesdenton> mind meld 15:53:41 <jrosser> the only thing i have to add to that is checking we are doing the right thing with whatever system/reader scope stuff is now 15:54:00 <jrosser> as we are trying to use the ironic ansible modules here and failing pretty badly 15:54:21 <jamesdenton> not familiar, sorry 15:54:26 <jrosser> all to do with system / not system scope tokens needed for that service somehow differently to other services 15:54:30 <jamesdenton> ahh 15:55:26 <noonedeadpunk> I _think_ we should be doing it quite right. or well, except we're not enforcing usage of system scopes for services. But I'm not sure we should, given that for services separate "service" role is needed. 15:55:44 <noonedeadpunk> But eventually there's quite a mess in this topic right now and it's not really aligned 15:55:58 <jrosser> right 15:56:23 <jrosser> perhaps need to look at what the default setup in openrc is as well 15:56:31 <noonedeadpunk> so eventually, we should end up not giving service users admin role at all 15:57:03 <noonedeadpunk> it should be service role, but likely system scoped - but service role was just a discussion point last time I checked 15:57:31 <noonedeadpunk> for openrc we have a way to enable system scope iirc 15:58:00 <noonedeadpunk> but from what I recall - system scopes should not be enforced, unless I missed smth 15:58:10 <mgariepy> jrosser, noonedeadpunk threads.. https://review.opendev.org/c/openstack/openstack-ansible/+/850942 15:59:05 <noonedeadpunk> so I wonder if that could be an issue with just ansible modules 15:59:07 <mgariepy> arf, 15:59:23 <mgariepy> no comments.. again :S 15:59:33 <opendevreview> Merged openstack/openstack-ansible stable/zed: Sync ZFS pool names https://review.opendev.org/c/openstack/openstack-ansible/+/869633 15:59:33 <jrosser> i took a look and think it is policy in ironic 15:59:53 <jrosser> thinks like "list nodes" was only available with a system scoped token 16:00:13 <jrosser> and it was very confusing how this was all changed between yoga/zed.. 16:00:22 <noonedeadpunk> the problem is thta system scopes were not implemented in cinder if I'm right. So enforcing them could be not safe for other services 16:01:16 <noonedeadpunk> well, yeah, there was a plan to enforce them in Z, but as it was not aligned I can recall postponing this 16:01:23 <noonedeadpunk> but again, I could miss smth 16:01:36 <noonedeadpunk> #endmeeting