#openstack-ansible log

15:00:41 <noonedeadpunk> #startmeeting openstack_ansible_meeting
15:00:41 <opendevmeet> Meeting started Tue Jan  7 15:00:41 2025 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:41 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:41 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting'
15:00:47 <noonedeadpunk> #topic rollcall
15:01:17 <jrosser> o/
15:01:25 <noonedeadpunk> o/
15:01:26 * jrosser will be 5 mins
15:04:56 <noonedeadpunk> #topic office hours
15:05:33 <noonedeadpunk> so we're having a good progress for migration from tests repo to molecule testing
15:05:35 <noonedeadpunk> #link https://review.opendev.org/q/topic:%22osa/molecule%22
15:06:10 <noonedeadpunk> I've just issued re-checks for failing ones, as patch to integrsated repo was merged
15:06:48 <jrosser> it looks pretty reasonable tbh
15:07:03 <noonedeadpunk> there're were hiccups, like I have no idea how to run swapon inside docker, so commented out that test at all
15:07:07 <jrosser> though some things will be harder/impossible to test in docker
15:07:24 <noonedeadpunk> yeah, quite some time went down the pipe for systemd-networkd
15:07:55 <noonedeadpunk> from other side - we can run multiple containers and connect them with multiple networks
15:08:45 <noonedeadpunk> so technically - we can do some kind of mnaio in the future....
15:09:22 <noonedeadpunk> another thing that had a progress - httpd role
15:09:30 <noonedeadpunk> #link https://review.opendev.org/q/topic:%22osa/httpd_role%22
15:10:32 <NeilHanlon> o/
15:10:43 <noonedeadpunk> repo server does have a circular dependency with integrated repo
15:10:59 <noonedeadpunk> and some small portion of love needed for skyline and centos/rocky
15:11:22 <noonedeadpunk> NeilHanlon: o/ - good that you've joined :)
15:11:52 <NeilHanlon> heyo :) happy new year
15:11:54 <noonedeadpunk> I didn't look for httpd role wrt horizon and keystone yet. But I think a base is relatively solid now
15:12:38 <noonedeadpunk> challanges there would be installing extra packages which provides extra modules (federation)
15:13:36 <noonedeadpunk> and next thing we need to start thinking about is EL10
15:14:06 <noonedeadpunk> just today I've found out, that Storage SIG decided not to build gluster for centos, which is kind of a biggie for us
15:14:47 <noonedeadpunk> with that I was thinking, if NeilHanlon maybe you can make some kind of copr repo for gluster for now?:)
15:15:19 <NeilHanlon> ah yes.. i saw that as well. i think I saw a fedora packager that I am friendly with picked it up in Fedora (as RH disbanded from it there, too...)
15:15:34 <NeilHanlon> maybe i am misremembering though
15:15:37 <NeilHanlon> my brain still waking up
15:15:51 <NeilHanlon> nope... https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/D4QN2OFKQWN66HVKUG4CG4XPRW5ON62Z/#7JR2A5XTBFMQU2B6TW7XBEORF5O6OCXA
15:15:59 <NeilHanlon> anyways. yes, i will come up with a plan :)
15:16:43 <noonedeadpunk> while we're thinking on a more long-term solution... like minio or smth....
15:17:09 <NeilHanlon> i feel like it's probably not going away any time soon
15:17:13 <noonedeadpunk> but I'd really prefer not to do that this cycle while having EL10 support in
15:18:17 <NeilHanlon> yeah we have enough with modular libvirt and such
15:18:44 <noonedeadpunk> indeed
15:19:50 <noonedeadpunk> btw, any idea about rocky timeline for 10?
15:20:09 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible-repo_server master: Use FQCN for modules  https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/938272
15:20:31 <NeilHanlon> right now the only blockers are that we have to redo some stuff on how we sign secureboot artifacts because EL10 ripped out OpenSSL "Engine" support
15:20:42 <NeilHanlon> and our signing relies on pkcs11 stuff
15:21:30 <noonedeadpunk> wait, what?
15:21:52 <NeilHanlon> https://discussion.fedoraproject.org/t/f41-change-proposal-disable-openssl-engine-support-system-wide/107511
15:23:06 <noonedeadpunk> I kind of wonder if that affects our pki role
15:23:44 <opendevreview> Jonathan Rosser proposed openstack/ansible-config_template master: Replace functional tests with molecule  https://review.opendev.org/c/openstack/ansible-config_template/+/938513
15:23:58 <NeilHanlon> i don't think it should
15:24:00 <NeilHanlon> but, maybe
15:24:06 <noonedeadpunk> but probably not... not sure about things like barbican with HSM though
15:24:20 <noonedeadpunk> as it;s mainly relying on PKCS#11 as well
15:24:40 <NeilHanlon> yeah I think that is more the possible problematic points. we're at the intersection of HSM for signing which I don't even know that RH has an answer for at this point
15:24:43 <noonedeadpunk> but ok, I see. thanks for the update!
15:25:10 <noonedeadpunk> and I don't think they're willing to help either...
15:25:14 <NeilHanlon> of course! and I'm also still wanting to get mirrors setup of the content for opendev this year.. i took on too much the end of last year
15:26:10 <noonedeadpunk> btw, as we've switched from mirrorlist to the baseurl - we don't see broken mirrors anymore :)
15:29:57 <jrosser> fwiw barbican will talk directly to the vendor pkcs11 .so file, there should not be any openssl involved there
15:30:14 <jrosser> its a python <> C interface
15:30:16 <noonedeadpunk> yeah, right
15:30:30 <noonedeadpunk> ok, then I think it's good
15:33:30 <noonedeadpunk> NeilHanlon: btw, another question related to our molecule efforts. you publish rocky docker images only on dockerhub?
15:34:40 <noonedeadpunk> ah, I found on quay already, lol
15:34:45 <noonedeadpunk> #link https://quay.io/repository/rockylinux/rockylinux?tab=tags
15:36:05 <noonedeadpunk> I wonder if we actually can just install systemd there at prepare step....
15:36:30 <jrosser> doesnt it need to be the entrypoint
15:36:33 * jrosser handwaves
15:38:08 <noonedeadpunk> well, I'm doing docker describe right now, and it seems that entrypath is `/sbin/init`
15:41:41 <noonedeadpunk> but I think you're right and regular one may just not startup
15:43:23 <jrosser> https://github.com/eniocarboni/docker-rockylinux-systemd/blob/main/Dockerfile
15:43:46 <noonedeadpunk> yeah, I see
15:43:57 <NeilHanlon> if you need systemd you can maybe use the ubi image?
15:44:20 <NeilHanlon> https://github.com/rocky-linux/sig-cloud-instance-images/blob/main/Containerfile-init
15:44:21 <noonedeadpunk> well, we want to test debian, ubuntu and some el
15:44:42 <noonedeadpunk> aha
15:44:55 <noonedeadpunk> let me check that :)
15:45:29 <NeilHanlon> interesting, looks like we aren't publishing a 9.5-ubi-init. i will have to check on that...
15:45:55 <NeilHanlon> or maybe we don't, i forget. need to redo all this soon lol
15:46:36 <noonedeadpunk> there is 9-ubi-init
15:47:25 <NeilHanlon> yeah i think we just don't publish the ubi variants with a minor rev
15:47:44 <NeilHanlon> because they're descendants of the 9.5.20241118-ubi
15:49:01 <NeilHanlon> anyways yea that image should work alright for applications
15:51:14 <opendevreview> Jonathan Rosser proposed openstack/ansible-config_template master: Replace functional tests with molecule  https://review.opendev.org/c/openstack/ansible-config_template/+/938513
15:51:34 <noonedeadpunk> doh, there's no sudo even inside :D
15:52:01 <noonedeadpunk> but yes, otherwise it's working nicely!
15:53:15 <opendevreview> Dmitriy Rabotyagov proposed openstack/ansible-role-pki master: Add molecule testing  https://review.opendev.org/c/openstack/ansible-role-pki/+/831236
15:57:28 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Add RockyLinux to molecule testing  https://review.opendev.org/c/openstack/openstack-ansible/+/938571
15:59:08 <opendevreview> Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_networkd master: Replace functional tests with molecule  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/938517
16:00:43 <noonedeadpunk> #nedmeeting
16:00:48 <noonedeadpunk> #endmeeting