15:00:19 <noonedeadpunk> #startmeeting openstack_ansible_meeting 15:00:19 <opendevmeet> Meeting started Tue Aug 22 15:00:19 2023 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:19 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:19 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting' 15:00:24 <noonedeadpunk> #topic rollcall 15:00:25 <NeilHanlon> o/ hi 15:00:25 <noonedeadpunk> o/ 15:02:43 <damiandabrowski> hi! 15:04:15 <noonedeadpunk> #topic office hours 15:04:42 <noonedeadpunk> I think right now we have ourself unblocked 15:04:54 <noonedeadpunk> Except adjutant and senlin roles that are failing upgrades 15:05:24 <noonedeadpunk> So we need to define what we wanna merge for Antelope for 27.1.0 release 15:05:44 <NeilHanlon> is my sanity available for merge? i seem to have lost it 15:06:05 <noonedeadpunk> huh? not sure what's that :( 15:06:34 <NeilHanlon> joking about me being a bit crazy lately lol 15:07:03 <noonedeadpunk> ah lol 15:07:26 <noonedeadpunk> I can totally realate to that, as pretty much things are going on right now 15:08:28 <noonedeadpunk> For 2023.1 releasing, I think the most thing we might want to wait for - is keystone patch 15:08:44 <noonedeadpunk> #link https://review.opendev.org/c/openstack/keystone/+/891521 15:08:48 <noonedeadpunk> and then it's backport 15:09:22 <noonedeadpunk> As I guess from our side we've backported (maybe not merged on 2023.1 but at least on master) everything we wanted 15:12:33 <noonedeadpunk> For fixing adjutant we need to bump Zed SHAs, then it will fix atnelope upgrade jobs and allow to merge antelope patches 15:12:44 <damiandabrowski> yup, at least all my patches are already merged to 2023.1 which is pretty awesome 15:13:10 <noonedeadpunk> for senlin - I;m going to check why it's failing in aio. As it's db upgrade that fails in jobs 15:13:44 <noonedeadpunk> regarding db upgrade - it seems we're missing online upgrade command for placement 15:14:20 <noonedeadpunk> has started working on that https://review.opendev.org/c/openstack/openstack-ansible-os_placement/+/892159 15:15:00 <noonedeadpunk> Then let's move to discussing current development 15:15:16 <noonedeadpunk> Ansible-core 2.15 is about to pass this time 15:15:18 <noonedeadpunk> #link https://review.opendev.org/c/openstack/openstack-ansible/+/886527 15:15:29 <noonedeadpunk> We still need some patches to land that are fixing linters 15:15:43 <noonedeadpunk> (and I guess bringing bugs) 15:17:02 <noonedeadpunk> then as a follow-up to discussion regarding TLS performance degradation - I've pushed a patch that proposes to enable http/2 when TLS is enabled on all backends 15:17:29 <noonedeadpunk> though it also capable of enabling http/2 only when there is no TLS 15:17:33 <noonedeadpunk> #link https://review.opendev.org/q/topic:osa/h2 15:21:24 <noonedeadpunk> I guess having HTTP/2 without TLS is quite arguable decision 15:21:35 <noonedeadpunk> Though I'm not sure we should prevent anyone from doing that 15:22:06 <noonedeadpunk> But I kinda wonder if we might want to split these variables to enable http/2 only for TLS and for non-tls 15:23:07 <noonedeadpunk> Or do that just for TLS, given that redirects and stuff are not covered anyway 15:23:13 <damiandabrowski> i was going to suggest that, as most browsers support HTTP/2 only over TLS 15:23:18 <NeilHanlon> that's a tricky one, yeah 15:23:32 <damiandabrowski> https://www.haproxy.com/documentation/hapee/latest/load-balancing/protocols/http-2/#:~:text=Most%20browsers%20support%20HTTP/2%20over%20HTTPS%20only%2C%20but%20you%20may%20find%20it%20useful%20to%20enable%20h2c%20between%20backend%20services%20(e.g.%20gRPC%20services) 15:25:09 <noonedeadpunk> I was actually thinking for consistency between behaviour for frontends and backends 15:26:50 <damiandabrowski> and backends? do they support http/2? 15:27:15 <noonedeadpunk> not openstack backends 15:27:36 <noonedeadpunk> but role is kinda used outside of openstack as well 15:27:46 <noonedeadpunk> well, ok. 15:27:51 <noonedeadpunk> then let's simplfy 15:28:03 <noonedeadpunk> we use http/2 for frontends only if TLS is enabled 15:28:20 <noonedeadpunk> for backends - we rely on `haproxy_backend_h2`? 15:28:33 <damiandabrowski> sounds good for me 15:29:13 <noonedeadpunk> ok, will update patches then 15:29:28 <damiandabrowski> or maybe we can skip haproxy_backend_h2 because it can be passed in backend args? 15:29:33 <noonedeadpunk> and maybe even limit to a single patch and default `haproxy_frontend_h2` to True? 15:30:53 <damiandabrowski> ah yes, alpn should do the job then 15:33:36 <noonedeadpunk> then we have openstack_resources role that is finally passing 15:33:38 <noonedeadpunk> https://review.opendev.org/q/topic:osa%252Fopenstack_resources 15:33:49 <noonedeadpunk> it seems, that even octavia migration is done accurately 15:34:24 <noonedeadpunk> what I don't really like about that (octavia compatibility), that new deployments will be messed up with a short rsa key and old algo... 15:36:37 <noonedeadpunk> not sure what to do about that though 15:37:06 <noonedeadpunk> don't really want to implement a variable that needs to be overriden on upgrade, but probably that's smth worth actually doing 15:47:39 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Fix linters to satisfy ansible-lint 6.18 https://review.opendev.org/c/openstack/openstack-ansible/+/886527 15:51:36 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump ansible-core to 2.15.3 and ansible-lint https://review.opendev.org/c/openstack/openstack-ansible/+/892371 15:52:11 <opendevreview> Damian DÄ…browski proposed openstack/openstack-ansible stable/2023.1: Gather facts before including common-playbooks https://review.opendev.org/c/openstack/openstack-ansible/+/889023 15:53:06 <damiandabrowski> ahhh, I missed this change: https://review.opendev.org/c/openstack/openstack-ansible/+/889023 15:53:11 <damiandabrowski> for sure it needs to land before 27.1.0 :D 15:54:05 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump ansible collection versions https://review.opendev.org/c/openstack/openstack-ansible/+/892373 15:54:47 <noonedeadpunk> damiandabrowski: you can't apply depends-on to another branch 15:54:58 <noonedeadpunk> or well. it will unlikely get merged like that iirc 15:55:19 <noonedeadpunk> but yes, good point that we'd need that 15:55:36 <damiandabrowski> awww thanks, i completely missed that these 2 changes are in different branches :D 15:55:43 <opendevreview> Damian DÄ…browski proposed openstack/openstack-ansible stable/2023.1: Gather facts before including common-playbooks https://review.opendev.org/c/openstack/openstack-ansible/+/889023 15:56:16 <noonedeadpunk> so the summury of what's waiting to land for 2023.1 is here 15:56:21 <noonedeadpunk> #link https://review.opendev.org/q/parentproject:openstack/openstack-ansible+branch:%255Estable/2023.1+status:open+ 15:56:46 <noonedeadpunk> and yeah, I disk full is another good topic to cover 15:56:57 <noonedeadpunk> so this happens due to the bug in ovs itself 15:57:24 <noonedeadpunk> it has been resolved for quite a while though, but rdo has stopped building ovs 2.17 15:57:43 <noonedeadpunk> so we either need let major upgrade of ovs to happen for stable branches 15:57:48 <noonedeadpunk> or trimm logs. 15:57:56 <noonedeadpunk> not sure what's best tbg... 15:58:09 <noonedeadpunk> trimming logs kinda make sense to me regardelss 15:58:37 <noonedeadpunk> but maybe we should also let stable branches to get latest ovs that's supplied by rdo for the branch.... 15:59:21 <noonedeadpunk> as it's probably also not best solution from security prespective to stick with old unmaintained version for too long... 15:59:55 <damiandabrowski> i'm ok with both solutions 16:01:36 <noonedeadpunk> #endmeeting