15:03:36 <noonedeadpunk> #startmeeting openstack_ansible_meeting 15:03:36 <opendevmeet> Meeting started Tue Jul 2 15:03:36 2024 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:03:36 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:03:36 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting' 15:03:40 <noonedeadpunk> #topic rollcall 15:04:08 <mgariepy> hey 15:04:08 <noonedeadpunk> semi-around - feel terrible this week, so kinda on sick-leave 15:05:29 <jrosser> o/ hello 15:05:56 <noonedeadpunk> #topic office hours 15:06:56 <damiandabrowski> hi! 15:06:57 <noonedeadpunk> so about OSA_HOME - what's the reason for this except location of playbooks? 15:07:42 <jrosser> nothing 15:08:19 <jrosser> playbook_dir changes to point to the collection location when you import_playbook: some.fqcn.playbook 15:09:03 <jrosser> then if inside some.fcqn.playbook you want to (for eample) import_playbook: playbooks/haproxy-install.yml, it cannot be found 15:09:49 <noonedeadpunk> yeah, this needs to be carefull with 15:10:07 <noonedeadpunk> I guess it can, in case there's a playbooks dir under collection 15:10:39 <jrosser> so eventually in the openstack-ansible-ops collection i can use `import_playbook: "{{ lookup('ansible.builtin.env', 'OSA_HOME') ~ '/playbooks/haproxy-install.yml' }}"` 15:11:29 <noonedeadpunk> but what I was thinking about for a while - wouldn't in make sense just to move playbooks as a whole from the integrated repo to plugins? 15:11:39 <jrosser> yep we could do that 15:11:45 <noonedeadpunk> with that also renaming them a bit... 15:11:48 <jrosser> the repo name is a bit unclear though 15:11:58 <jrosser> as it's really a collection now not plugins 15:12:01 <noonedeadpunk> ie os-cinder-install.yml -> cinder.yml 15:12:26 <jrosser> this would fix it completely tbh 15:12:39 <noonedeadpunk> and then in intergrated repo just have same old naming but they would include just import_playbook 15:13:01 <noonedeadpunk> for compatability/mindset/migration/etc 15:13:19 <noonedeadpunk> about repo name... yeah... 15:13:33 <noonedeadpunk> but we failed to find a better one back then when tried 15:13:52 <noonedeadpunk> as it was really intercecting with ansible-collections-openstack a lot whatever we tried 15:16:20 <frickler> in case anyone missed this: https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/AT6TIHJU3SKPYKCOED54XML2SF6HABRA/ 15:17:10 * noonedeadpunk subscribed to embargo-notice 15:17:53 <noonedeadpunk> we need to land a bugfix release once patches in topics will land to projects 15:18:24 <noonedeadpunk> and seems cinder one already got a negative review: https://review.opendev.org/c/openstack/cinder/+/923244 15:18:45 <noonedeadpunk> But thanks for mentioning that! 15:22:21 <noonedeadpunk> With that, I'm not sure how healthy gates on stable branches are, as seems that 2023.1 is not very. But likely due to moving Zed to unmaintained 15:22:29 <noonedeadpunk> rest seems better... 15:23:15 <noonedeadpunk> So we'd need to try to land backports for stable branches we wanna include with the next bugfix release 15:23:18 <noonedeadpunk> #link https://review.opendev.org/q/parentproject:openstack/openstack-ansible+branch:%5Estable/.*+status:open+ 15:24:19 <noonedeadpunk> does anybody has anything to discuss? 15:26:07 <jrosser> i did not get time yet to look again at ansible 2.17 15:26:13 <jrosser> ceph-ansible 8.0 15:26:18 <noonedeadpunk> I think it _should_ be fine? 15:26:24 <noonedeadpunk> except upgrade part, right? 15:26:31 <noonedeadpunk> ceph rgw upgrade part 15:26:33 <jrosser> or the galera stuff so we have lots of half finished things atm 15:26:40 <jrosser> yes that needs some attention 15:26:51 <noonedeadpunk> as otherwise 2.17 looks good 15:27:01 <noonedeadpunk> for galera I think I tried to have a look 15:27:07 <noonedeadpunk> though what I found was not great 15:27:27 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Remove xinetd clean-up tasks https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/922819 15:30:08 <noonedeadpunk> but seems another issue with mariadb 11.4: WSREP has not yet prepared node for application use 15:30:11 <noonedeadpunk> https://zuul.opendev.org/t/openstack/build/45007148636c43baa1756c3d9c6f97c7/log/logs/openstack/aio1-keystone-container-d89fba87/keystone-wsgi-public.service.journal-12-21-46.log.txt#8167 15:30:19 <noonedeadpunk> and seems to happen only on jammy.... 15:30:29 <noonedeadpunk> #link https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/922377 15:30:42 <noonedeadpunk> if we forget the need to issue a cert for `DNS:localhost` 15:31:13 <noonedeadpunk> and I didn't look into what would it take to change default connection to socket from tls to plain text 15:31:25 <noonedeadpunk> but more I wonder what the plan behind that was.... 15:31:46 <noonedeadpunk> or maybe, it's worth to just don't verify cert for socket connections? 15:34:40 <noonedeadpunk> so yeah, couple of things to work on 15:34:46 <noonedeadpunk> plus ubuntu 24.04 15:38:02 <jrosser> it would be nice to be able to tell galera that local socket does not need verification, yes 15:38:07 <noonedeadpunk> I recall reading recently that they've fixed smth in apparmour that fixed plenty of apps... 15:38:29 <noonedeadpunk> so maybe it's somehow related with LXC as well... 15:40:32 <noonedeadpunk> ok, will try to check on mariadb bits once get somehow better... 15:40:52 <noonedeadpunk> sorry, will conclude the meeting now... 15:41:05 <noonedeadpunk> #endmeeting