15:03:36 <noonedeadpunk> #startmeeting openstack_ansible_meeting
15:03:36 <opendevmeet> Meeting started Tue Jul  2 15:03:36 2024 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:03:36 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:03:36 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting'
15:03:40 <noonedeadpunk> #topic rollcall
15:04:08 <mgariepy> hey
15:04:08 <noonedeadpunk> semi-around - feel terrible this week, so kinda on sick-leave
15:05:29 <jrosser> o/ hello
15:05:56 <noonedeadpunk> #topic office hours
15:06:56 <damiandabrowski> hi!
15:06:57 <noonedeadpunk> so about OSA_HOME - what's the reason for this except location of playbooks?
15:07:42 <jrosser> nothing
15:08:19 <jrosser> playbook_dir changes to point to the collection location when you import_playbook: some.fqcn.playbook
15:09:03 <jrosser> then if inside some.fcqn.playbook you want to (for eample) import_playbook: playbooks/haproxy-install.yml, it cannot be found
15:09:49 <noonedeadpunk> yeah, this needs to be carefull with
15:10:07 <noonedeadpunk> I guess it can, in case there's a playbooks dir under collection
15:10:39 <jrosser> so eventually in the openstack-ansible-ops collection i can use `import_playbook: "{{ lookup('ansible.builtin.env', 'OSA_HOME') ~ '/playbooks/haproxy-install.yml' }}"`
15:11:29 <noonedeadpunk> but what I was thinking about for a while - wouldn't in make sense just to move playbooks as a whole from the integrated repo to plugins?
15:11:39 <jrosser> yep we could do that
15:11:45 <noonedeadpunk> with that also renaming them a bit...
15:11:48 <jrosser> the repo name is a bit unclear though
15:11:58 <jrosser> as it's really a collection now not plugins
15:12:01 <noonedeadpunk> ie os-cinder-install.yml -> cinder.yml
15:12:26 <jrosser> this would fix it completely tbh
15:12:39 <noonedeadpunk> and then in intergrated repo just have same old naming but they would include just import_playbook
15:13:01 <noonedeadpunk> for compatability/mindset/migration/etc
15:13:19 <noonedeadpunk> about repo name... yeah...
15:13:33 <noonedeadpunk> but we failed to find a better one back then when tried
15:13:52 <noonedeadpunk> as it was really intercecting with ansible-collections-openstack a lot whatever we tried
15:16:20 <frickler> in case anyone missed this: https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/AT6TIHJU3SKPYKCOED54XML2SF6HABRA/
15:17:10 * noonedeadpunk subscribed to embargo-notice
15:17:53 <noonedeadpunk> we need to land a bugfix release once patches in topics will land to projects
15:18:24 <noonedeadpunk> and seems cinder one already got a negative review: https://review.opendev.org/c/openstack/cinder/+/923244
15:18:45 <noonedeadpunk> But thanks for mentioning that!
15:22:21 <noonedeadpunk> With that, I'm not sure how healthy gates on stable branches are, as seems that 2023.1 is not very. But likely due to moving Zed to unmaintained
15:22:29 <noonedeadpunk> rest seems better...
15:23:15 <noonedeadpunk> So we'd need to try to land backports for stable branches we wanna include with the next bugfix release
15:23:18 <noonedeadpunk> #link https://review.opendev.org/q/parentproject:openstack/openstack-ansible+branch:%5Estable/.*+status:open+
15:24:19 <noonedeadpunk> does anybody has anything to discuss?
15:26:07 <jrosser> i did not get time yet to look again at ansible 2.17
15:26:13 <jrosser> ceph-ansible 8.0
15:26:18 <noonedeadpunk> I think it _should_ be fine?
15:26:24 <noonedeadpunk> except upgrade part, right?
15:26:31 <noonedeadpunk> ceph rgw upgrade part
15:26:33 <jrosser> or the galera stuff so we have lots of half finished things atm
15:26:40 <jrosser> yes that needs some attention
15:26:51 <noonedeadpunk> as otherwise 2.17 looks good
15:27:01 <noonedeadpunk> for galera I think I tried to have a look
15:27:07 <noonedeadpunk> though what I found was not great
15:27:27 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Remove xinetd clean-up tasks  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/922819
15:30:08 <noonedeadpunk> but seems another issue with mariadb 11.4: WSREP has not yet prepared node for application use
15:30:11 <noonedeadpunk> https://zuul.opendev.org/t/openstack/build/45007148636c43baa1756c3d9c6f97c7/log/logs/openstack/aio1-keystone-container-d89fba87/keystone-wsgi-public.service.journal-12-21-46.log.txt#8167
15:30:19 <noonedeadpunk> and seems to happen only on jammy....
15:30:29 <noonedeadpunk> #link https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/922377
15:30:42 <noonedeadpunk> if we forget the need to issue a cert for `DNS:localhost`
15:31:13 <noonedeadpunk> and I didn't look into what would it take to change default connection to socket from tls to plain text
15:31:25 <noonedeadpunk> but more I wonder what the plan behind that was....
15:31:46 <noonedeadpunk> or maybe, it's worth to just don't verify cert for socket connections?
15:34:40 <noonedeadpunk> so yeah, couple of things to work on
15:34:46 <noonedeadpunk> plus ubuntu 24.04
15:38:02 <jrosser> it would be nice to be able to tell galera that local socket does not need verification, yes
15:38:07 <noonedeadpunk> I recall reading recently that they've fixed smth in apparmour that fixed plenty of apps...
15:38:29 <noonedeadpunk> so maybe it's somehow related with LXC as well...
15:40:32 <noonedeadpunk> ok, will try to check on mariadb bits once get somehow better...
15:40:52 <noonedeadpunk> sorry, will conclude the meeting now...
15:41:05 <noonedeadpunk> #endmeeting