#openstack-ansible log

15:00:11 <noonedeadpunk> #startmeeting openstack_ansible_meeting
15:00:11 <opendevmeet> Meeting started Tue Jul  8 15:00:11 2025 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:11 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:11 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting'
15:00:17 <noonedeadpunk> #topic rollcall
15:00:27 <noonedeadpunk> o/ hey there
15:00:30 <damiandabrowski> hi!
15:03:14 <jrosser> o/ hello
15:05:16 <noonedeadpunk> #topic office hours
15:06:52 <noonedeadpunk> I want to start with ongoing things
15:07:17 <noonedeadpunk> and specifically adding hashi vault driver to PKI role
15:07:41 <noonedeadpunk> there was good amount feedback provided recently both in reviews and IRC.
15:08:20 <NeilHanlon> o/
15:08:25 <noonedeadpunk> damiandabrowski: do you wanna raise some discussion now to get unblocked on doing changes for the topic?
15:09:12 <damiandabrowski> maybe just to clarify: my main goal now is to try to get rid of the variables passed to the hashi_vault backend right?
15:10:15 <damiandabrowski> it would require improving standalone backend, to accept type as a list(the same way as hashi_vault backend does)
15:10:51 <jrosser> are we sure that a list is necessary?
15:11:06 <jrosser> there are only a well defined number of outputs that we need to write
15:12:01 <damiandabrowski> It's not strictly necessary, though it can be helpful.
15:12:56 <damiandabrowski> adding support for a list, would allow us to drop handlers like this: https://opendev.org/openstack/ansible-role-zookeeper/src/branch/master/handlers/main.yml#L16
15:13:14 <jrosser> well
15:13:16 <damiandabrowski> but I don't insist, as I said, it's not strictly necessary.
15:14:01 <jrosser> what we need is some `type` that defines cert + ca chain, be that a list or a constant
15:14:37 <noonedeadpunk> to be frank, zookepeer looks like being a bit special here (as a java app)
15:14:47 <noonedeadpunk> as it has a different order of cert/ca
15:14:59 <jrosser> i think there are a few examples like that, maybe octavia, neutron (ovn)
15:17:32 <jrosser> anyway, i think this is one of the key things to define
15:20:42 <noonedeadpunk> ok, then the next thing was refactoring of aio bootstrap
15:21:28 <damiandabrowski> and jrosser is working on a feature that would allow us to get rid of "cert" parameter for hashi_vault backend and stick just to `name` that would be accepted by both backends
15:21:28 <noonedeadpunk> and I think we agreed on a proxy approach to resolve chicken-egg situation with proxy?
15:22:02 <noonedeadpunk> jrosser: are you working on this or jsut pushed an example of how to do that for picking this up?
15:22:53 <jrosser> which one? :)
15:23:07 <noonedeadpunk> https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/954269
15:23:21 <damiandabrowski> i was referring to: https://review.opendev.org/c/openstack/ansible-role-pki/+/954239
15:23:43 <noonedeadpunk> yeah, glance one depending on PKI
15:24:00 <jrosser> ok sure yes - though this does need us to decide what to do with `type`, as i think i already don't quite use the same names as the vault patches (just needs unifying)
15:24:27 <jrosser> and also figuring out the allowed values/format for `type` and implementing anything missing in the standalone backend
15:25:26 <damiandabrowski> I think I can align hashi_vault plugin to the already existing types
15:25:47 <damiandabrowski> by applying these mappings I mentioned somewhere in gerrit
15:25:53 <noonedeadpunk> I guess it's type vs backend now, right?
15:26:10 <noonedeadpunk> or well
15:26:15 <noonedeadpunk> it's dfifferent
15:26:21 <jrosser> we don't have a spec for this so do we need at least an etherpad?
15:27:32 <noonedeadpunk> Let's starting to use this one?
15:27:34 <noonedeadpunk> #link https://etherpad.opendev.org/p/osa-pki-multiple-backends
15:27:56 <jrosser> i have a number of other minor patches to get the CI working again around this which could be reviewed now
15:28:01 <damiandabrowski> yeah, etherpad would be useful. I didn't prepare spec because I thought that adding new backend would be relatively simple
15:28:07 <damiandabrowski> (I was so wrong :D )
15:29:16 <noonedeadpunk> Yes, Debian CI is broken now due to backport repos
15:29:36 <noonedeadpunk> so this patch seemingly fixes it even before change to infra is merged
15:29:38 <noonedeadpunk> #link https://review.opendev.org/c/openstack/openstack-ansible/+/954316
15:36:15 <noonedeadpunk> ok, I added etherpad to the list: https://wiki.openstack.org/wiki/OpenStack-Ansible#Etherpads
15:36:20 <noonedeadpunk> so we won't loose it
15:37:51 <noonedeadpunk> ok, what else do we have on the table right now?
15:38:05 <noonedeadpunk> Adding EL10 CI I guess...
15:38:16 <NeilHanlon> yeah.. i need to come up with a plan for systemd-networkd
15:38:27 <noonedeadpunk> And I don't have any updates on image availability in CI
15:38:30 <noonedeadpunk> and this ofc ^
15:38:34 <NeilHanlon> which is probably just going to be building it in SIG/Cloud or something for Rocky.. idk...
15:39:04 <noonedeadpunk> it seems that overall there're more and more things that (un)intentionally broken
15:39:23 <NeilHanlon> yeah
15:39:31 <noonedeadpunk> I wonder if nobody just needs networked in RHEL
15:39:32 <NeilHanlon> i don't get what RDO folks are doing here tbh
15:39:57 <noonedeadpunk> and then ceph
15:40:04 <noonedeadpunk> and then many more things...
15:40:15 <NeilHanlon> yeah.. ceph at least I have a plan on already
15:40:21 <NeilHanlon> we'll have it in SIG/Storage in rocky
15:40:28 <NeilHanlon> what version do we need, btw?
15:40:32 <noonedeadpunk> NeilHanlon: btw, were there any progress with building LXC for EPEL? As I guess it's around time for the second ping in there?
15:40:48 <noonedeadpunk> reef?
15:40:52 <NeilHanlon> roger on reef
15:40:57 <NeilHanlon> and yeah i probably do need to ping
15:41:45 <NeilHanlon> did the reply and set myself a reminder for 2 weeks
15:42:05 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_skyline master: Ensure u-c are used for Skyline installation  https://review.opendev.org/c/openstack/openstack-ansible-os_skyline/+/954166
15:43:15 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_skyline stable/2025.1: Ensure u-c are used for Skyline installation  https://review.opendev.org/c/openstack/openstack-ansible-os_skyline/+/954355
15:45:14 <noonedeadpunk> NeilHanlon: regarding Ceph it also was about EL9 even
15:45:17 <noonedeadpunk> #link https://answers.launchpad.net/openstack-ansible/+question/821901
15:45:21 <NeilHanlon> yep yep
15:45:35 <NeilHanlon> we should be able to do r9 really easily, i just need to get out of my own way
15:45:55 <noonedeadpunk> it's not always that easy
15:46:05 <noonedeadpunk> ok, awesome, anything else?
15:46:58 <NeilHanlon> not from me.. though, on a personal note, I am currently open for employment opportunities, if anyone has any tips to jobs (contract or otherwise), I'd appreciate it! :)
15:48:42 <noonedeadpunk> ++
15:49:06 <noonedeadpunk> ok then, will end the meeting a bit early then :)
15:49:17 <noonedeadpunk> #endmeeting