#openstack-ansible log

15:00:27 <noonedeadpunk> #startmeeting openstack_ansible_meeting
15:00:27 <opendevmeet> Meeting started Tue Nov 18 15:00:27 2025 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:27 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:27 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting'
15:00:30 <noonedeadpunk> #topic roll call
15:00:41 <damiandabrowski> hi!
15:00:45 <noonedeadpunk> o/
15:04:32 <jrosser> o/ hello
15:04:52 <noonedeadpunk> #topic office hours
15:05:24 <noonedeadpunk> so I think the biggest issue right now, except approaching deadling for 2025.2 release, is broken rabbitmq repos
15:05:33 <noonedeadpunk> which affects stable and master branch
15:05:53 <noonedeadpunk> while for master it's easy to fix, everything before 2025.1 (and deb822) is not
15:06:23 <noonedeadpunk> as changing URI for the repo will add just a new record to the existing file, rather then replace it
15:06:54 <jrosser> is that how the deb822 module works?
15:07:26 <noonedeadpunk> yeah, deb822 will just update the URI in the existing repo file I believe
15:07:54 <jrosser> thats strange isnt it
15:08:16 <jrosser> oh you mean deb822 module is additive or is not additive for uri
15:08:22 <noonedeadpunk> but in old /etc/apt/sources.list.d/RabbitMQ.list you'll get just 2 records
15:08:54 <noonedeadpunk> ie https://paste.openstack.org/show/btvdsjM7xIvaztJOv0cH/
15:10:08 <noonedeadpunk> I don't see any description of "exclusive" for https://docs.ansible.com/projects/ansible/latest/collections/ansible/builtin/apt_repository_module.html
15:10:50 <noonedeadpunk> so we need to somehow handle a clean-up on older backports
15:13:21 <jrosser> we can probably lineinfile delete the old things
15:13:27 <noonedeadpunk> yeah...
15:13:48 <noonedeadpunk> I think it might be the best option
15:14:11 <jrosser> using the name of the var for the repo, as it might be overidden
15:14:31 <noonedeadpunk> we should use the default value to avoid this, not var
15:14:41 <noonedeadpunk> or well. old default
15:14:46 <jrosser> yep
15:14:53 <noonedeadpunk> as we're changing the var
15:15:06 <noonedeadpunk> ok, will do that
15:15:21 <noonedeadpunk> we're coming really to a point we need to do role branching
15:15:32 <noonedeadpunk> it's jsut 2 week till the deadling now
15:15:47 <jrosser> we really should merge that big bunch of policy patches
15:15:51 <noonedeadpunk> yeah
15:16:02 <noonedeadpunk> and I think at this point we have to branch
15:16:09 <jrosser> https://review.opendev.org/q/topic:%22bug/2112559%22
15:16:18 <jrosser> ^ andrewbonney
15:16:30 <noonedeadpunk> the gnocchi one should be "fixed" though... but yeah
15:17:36 <noonedeadpunk> there are also some other bug fixes I proposed last week worth looking at, like consoles slight refactoring...
15:18:20 <noonedeadpunk> https://review.opendev.org/q/topic:%22bug/2122778%22
15:19:02 <noonedeadpunk> and at this point I think we have to leave openbao for pki to 2026.1 :(
15:20:48 <damiandabrowski> that's super sad :/
15:21:30 <noonedeadpunk> but it seems there are quite some comments left to be addressed at this point?
15:21:44 <noonedeadpunk> do we feel like merging all the topic by end of the week?
15:23:10 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Clean-up rabbitmq_gpg_keys variable  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/967508
15:23:10 <damiandabrowski> only 3 I guess, I aimed to propose patches tomorrow
15:23:40 <damiandabrowski> we can merge the most important patches, that adds hashi_vault support to ansible-role-pki and to the integrated repo
15:23:43 <noonedeadpunk> well, let's see, but we have to branch like early next week to have a chance to be in time
15:23:54 <noonedeadpunk> and we already like one week behind with this
15:24:14 <damiandabrowski> we probably won't be able to merge patches in all services, but maybe they can be merged in 25.0.2?
15:24:27 <noonedeadpunk> but can it be used without the roles patches? as I think it makes sense to have everything or nothing?
15:25:34 <noonedeadpunk> like we are not passing a backend to pki role otherwise
15:26:02 <noonedeadpunk> so you can't use `openstack_pki_backend`
15:26:11 <noonedeadpunk> yo ucan try with `pki_backend`
15:27:11 <jrosser> tbh i think we need to spend time this week making all the roles working
15:28:00 <noonedeadpunk> manila and magnum seem to be most problematic this time
15:28:11 <noonedeadpunk> based of polic patches
15:28:24 <jrosser> andrewbonney has been looking at magnum in the last week
15:28:37 * noonedeadpunk failed to spend any time on weekend
15:29:07 <damiandabrowski> yeah, you can't just switch openstack_pki_backend if we don't merge patches in service roles
15:29:22 <damiandabrowski> , but with overriding *_certificates and *_install_certificates for each service, you would be able to leverage hashi_vault support
15:29:27 <damiandabrowski> anyway, I'll work on this tomorrow
15:32:32 <noonedeadpunk> ok, anything else?
15:32:36 <jrosser> gnocchi role looks sad too
15:32:44 <noonedeadpunk> well, it's result of the patch
15:33:01 <noonedeadpunk> (I think it is)
15:33:03 <jrosser> oh ok
15:33:31 <noonedeadpunk> it has weird logic which no other role has regarding policy files
15:33:46 <noonedeadpunk> `msg: No user [ src ] or [ content ] was provided`
15:33:53 <noonedeadpunk> for /etc/gnocchi/policy.yaml-32.0.0.0b2.dev34
15:33:55 <noonedeadpunk> actually
15:34:11 <noonedeadpunk> it has completely different approach as I said
15:34:27 <noonedeadpunk> at that was the reason for it:
15:34:29 <noonedeadpunk> #link https://opendev.org/openstack/openstack-ansible-os_gnocchi/src/commit/87cc1bf816689230f9678378c824dd48d5cd480d/handlers/main.yml#L36-L42
15:34:48 <noonedeadpunk> so it's completely opposite from what we;'re doing everywhere else
15:35:27 <noonedeadpunk> as here is a tradeoff between upgrade vs operations
15:35:44 <NeilHanlon> 🤦well i've actually updated my calendar now, so that's good
15:35:45 <noonedeadpunk> and I think I'm in favor of operations right now
15:35:55 <noonedeadpunk> hehe
15:36:47 <noonedeadpunk> and I'm thinking to align gnocchi to others as well
15:37:05 * NeilHanlon stares at Thunderbird thinking it is Sunday, Nov 16 still
15:37:33 <noonedeadpunk> I wish it was... It would give way more time on hands to work on things...
15:37:38 <NeilHanlon> same...
15:37:56 <noonedeadpunk> so it's smart :)
15:38:19 <NeilHanlon> re: gnocchi -- that sounds reasonable re: favoring ops
15:38:37 <noonedeadpunk> ++ k, will propose patche then
15:39:24 <noonedeadpunk> so if that's it, I'd propose to wrap it up
15:39:40 <noonedeadpunk> and as cloudflare seems to recover - we may do bunch of rechecks now
15:40:28 <NeilHanlon> seems good to me
15:44:03 <noonedeadpunk> #endmeeting