15:00:47 <noonedeadpunk> #startmeeting openstack_ansible_meeting
15:00:47 <opendevmeet> Meeting started Tue Feb 11 15:00:47 2025 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:47 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:47 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting'
15:00:50 <noonedeadpunk> #topic rollcall
15:00:52 <noonedeadpunk> o/
15:02:12 <damiandabrowski> hi!
15:04:37 <noonedeadpunk> #topic office hours
15:05:04 <noonedeadpunk> first I have a question - are there any volunteers to run to PTL for the next cycle?:)
15:05:14 <noonedeadpunk> *run for
15:05:54 <jrosser> o/ hello
15:07:10 <noonedeadpunk> also - looking at https://governance.openstack.org/election/ - this looks very scary
15:07:43 <noonedeadpunk> There're just no RH people there?
15:08:23 <spatel> noonedeadpunk fyi, - ovn-nbctl set ha_chassis 97077f76-46ae-4e15-9502-24fdb4ad0214 priority=32750
15:09:05 <noonedeadpunk> there's a whole week ofc for nominations...
15:10:13 <NeilHanlon> o/
15:11:26 <damiandabrowski> btw i have some good news, i finally started work on hashicorp vault integration for ansible-role-pki so you can expect some patches soon ;)
15:12:04 <noonedeadpunk> ok, so seems no other volunteers :)
15:12:19 <NeilHanlon> I can't see myself having the time to dedicate to it at this time, sadly
15:12:26 <NeilHanlon> but I am more than happy to assist you! :D
15:12:39 <noonedeadpunk> damiandabrowski: just don't forget about adding a new molecule scenario for testing that :)
15:14:01 <noonedeadpunk> I'm in general feel super concerned about more and more rumors about RH pulling back from openstack... and somehow the election looks like proving the point in a way
15:14:29 <NeilHanlon> Yeah, it definitely "feels" a sort of way.
15:14:53 <NeilHanlon> Including the call for maintaining RDO packaging, the C10S CI issues re: x86-v3... etc
15:15:04 <noonedeadpunk> yup
15:15:45 <NeilHanlon> Don't get me wrong, I think having the community more involved is good, but there is certainly a lot of work that RH is/was doing that I don't know if is fully picked up by others atm.
15:15:51 <noonedeadpunk> and then a call from foundation to move things under linuxfoundation
15:16:30 <noonedeadpunk> yeah, exactly, it would totally require quite some time to re-format things
15:17:25 <NeilHanlon> and then e.g. https://www.redhat.com/en/blog/evolving-our-middleware-strategy
15:18:21 <NeilHanlon> at the same time it's weird as OS has had great success the last year winning marketshare from Broadcom/VMWare, so.. 🤷
15:18:59 <noonedeadpunk> yeah, exactly, timeing also doesn't make much sense to me personally. Obviously, they're prioritizing openshift... But dunno
15:19:17 <noonedeadpunk> they put 2y into openstack on openshift project as well
15:20:36 <NeilHanlon> It does appear we're at a bit of an inflection point in the industry/world...
15:21:51 <noonedeadpunk> oh, yes, true...
15:22:14 <noonedeadpunk> anyway...
15:22:41 <noonedeadpunk> so, right now we have multiple issues with molecule tests
15:23:20 <noonedeadpunk> for plugins repo there's an apparmor issue for centos9 solely (doesn't affect rocky) which needs to be investigated
15:23:37 <noonedeadpunk> or, we can use centos9 node for running them, as alternative
15:23:48 <jrosser> i have not had time to look further at this yet
15:23:56 <NeilHanlon> apparmor ? on.. centos?
15:24:11 <noonedeadpunk> apparmor on host, where docker with centos
15:24:14 <jrosser> but likely stracing the sshd process and seeing what it does that upsets apparmor would be a next step
15:24:14 <NeilHanlon> ahh
15:24:59 <noonedeadpunk> another thing that `openstack-ansible-inventory` console_script doesn't work with py3.12 anymore: https://opendev.org/openstack/openstack-ansible/src/branch/master/setup.cfg#L30-L31
15:25:05 <jrosser> i suspect that there is some pam config can be adjusted, but kind of just guessing
15:25:54 <noonedeadpunk> I didn't have time to check either
15:26:25 <NeilHanlon> fwiw https://gitlab.com/redhat/centos-stream/rpms/openssh/-/blob/c9s/openssh.spec?ref_type=heads#L816-822 this is the changelog delta between Rocky 9 and C9S
15:27:29 <jrosser> this is what fails `unix_chkpwd[578]: could not obtain user info (root)`
15:31:20 <NeilHanlon> odd
15:32:10 <jrosser> it wants dac_override capability but apparmor denies that
15:32:34 <jrosser> and its odd becasue rocky doesnt do this
15:32:45 <jrosser> ^ rocky container on ubuntu noble host
15:32:56 <jrosser> but the centos container on a jammy host is just fine
15:39:24 <noonedeadpunk> it is indeed very weird
15:39:34 <NeilHanlon> super strange yeah
15:39:50 <noonedeadpunk> and I think there's another issue (but I think related) with sudo and in another patch
15:39:53 <noonedeadpunk> I think it's frr
15:40:06 <NeilHanlon> i wonder if related https://github.com/rocky-linux/sig-cloud-instance-images/issues/56
15:40:07 <noonedeadpunk> but I can imagine, it has the same root cause
15:41:58 <noonedeadpunk> What I wanted to test and check this week - how well ansible-lint autofix works wrt FQCNs
15:42:15 <noonedeadpunk> as potentially I can quickly automate migration to usage of FQCNs
15:42:28 <jrosser> that github issue looks extremely related
15:42:35 <noonedeadpunk> ++
15:44:45 <noonedeadpunk> but other then that, it feels I have to spend most of the time this week dowstream
16:13:47 <noonedeadpunk> #endmeeting