15:00:27 #startmeeting openstack_ansible_meeting 15:00:27 Meeting started Tue Nov 18 15:00:27 2025 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:27 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:27 The meeting name has been set to 'openstack_ansible_meeting' 15:00:30 #topic roll call 15:00:41 hi! 15:00:45 o/ 15:04:32 o/ hello 15:04:52 #topic office hours 15:05:24 so I think the biggest issue right now, except approaching deadling for 2025.2 release, is broken rabbitmq repos 15:05:33 which affects stable and master branch 15:05:53 while for master it's easy to fix, everything before 2025.1 (and deb822) is not 15:06:23 as changing URI for the repo will add just a new record to the existing file, rather then replace it 15:06:54 is that how the deb822 module works? 15:07:26 yeah, deb822 will just update the URI in the existing repo file I believe 15:07:54 thats strange isnt it 15:08:16 oh you mean deb822 module is additive or is not additive for uri 15:08:22 but in old /etc/apt/sources.list.d/RabbitMQ.list you'll get just 2 records 15:08:54 ie https://paste.openstack.org/show/btvdsjM7xIvaztJOv0cH/ 15:10:08 I don't see any description of "exclusive" for https://docs.ansible.com/projects/ansible/latest/collections/ansible/builtin/apt_repository_module.html 15:10:50 so we need to somehow handle a clean-up on older backports 15:13:21 we can probably lineinfile delete the old things 15:13:27 yeah... 15:13:48 I think it might be the best option 15:14:11 using the name of the var for the repo, as it might be overidden 15:14:31 we should use the default value to avoid this, not var 15:14:41 or well. old default 15:14:46 yep 15:14:53 as we're changing the var 15:15:06 ok, will do that 15:15:21 we're coming really to a point we need to do role branching 15:15:32 it's jsut 2 week till the deadling now 15:15:47 we really should merge that big bunch of policy patches 15:15:51 yeah 15:16:02 and I think at this point we have to branch 15:16:09 https://review.opendev.org/q/topic:%22bug/2112559%22 15:16:18 ^ andrewbonney 15:16:30 the gnocchi one should be "fixed" though... but yeah 15:17:36 there are also some other bug fixes I proposed last week worth looking at, like consoles slight refactoring... 15:18:20 https://review.opendev.org/q/topic:%22bug/2122778%22 15:19:02 and at this point I think we have to leave openbao for pki to 2026.1 :( 15:20:48 that's super sad :/ 15:21:30 but it seems there are quite some comments left to be addressed at this point? 15:21:44 do we feel like merging all the topic by end of the week? 15:23:10 Dmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Clean-up rabbitmq_gpg_keys variable https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/967508 15:23:10 only 3 I guess, I aimed to propose patches tomorrow 15:23:40 we can merge the most important patches, that adds hashi_vault support to ansible-role-pki and to the integrated repo 15:23:43 well, let's see, but we have to branch like early next week to have a chance to be in time 15:23:54 and we already like one week behind with this 15:24:14 we probably won't be able to merge patches in all services, but maybe they can be merged in 25.0.2? 15:24:27 but can it be used without the roles patches? as I think it makes sense to have everything or nothing? 15:25:34 like we are not passing a backend to pki role otherwise 15:26:02 so you can't use `openstack_pki_backend` 15:26:11 yo ucan try with `pki_backend` 15:27:11 tbh i think we need to spend time this week making all the roles working 15:28:00 manila and magnum seem to be most problematic this time 15:28:11 based of polic patches 15:28:24 andrewbonney has been looking at magnum in the last week 15:28:37 * noonedeadpunk failed to spend any time on weekend 15:29:07 yeah, you can't just switch openstack_pki_backend if we don't merge patches in service roles 15:29:22 , but with overriding *_certificates and *_install_certificates for each service, you would be able to leverage hashi_vault support 15:29:27 anyway, I'll work on this tomorrow 15:32:32 ok, anything else? 15:32:36 gnocchi role looks sad too 15:32:44 well, it's result of the patch 15:33:01 (I think it is) 15:33:03 oh ok 15:33:31 it has weird logic which no other role has regarding policy files 15:33:46 `msg: No user [ src ] or [ content ] was provided` 15:33:53 for /etc/gnocchi/policy.yaml-32.0.0.0b2.dev34 15:33:55 actually 15:34:11 it has completely different approach as I said 15:34:27 at that was the reason for it: 15:34:29 #link https://opendev.org/openstack/openstack-ansible-os_gnocchi/src/commit/87cc1bf816689230f9678378c824dd48d5cd480d/handlers/main.yml#L36-L42 15:34:48 so it's completely opposite from what we;'re doing everywhere else 15:35:27 as here is a tradeoff between upgrade vs operations 15:35:44 🤦well i've actually updated my calendar now, so that's good 15:35:45 and I think I'm in favor of operations right now 15:35:55 hehe 15:36:47 and I'm thinking to align gnocchi to others as well 15:37:05 * NeilHanlon stares at Thunderbird thinking it is Sunday, Nov 16 still 15:37:33 I wish it was... It would give way more time on hands to work on things... 15:37:38 same... 15:37:56 so it's smart :) 15:38:19 re: gnocchi -- that sounds reasonable re: favoring ops 15:38:37 ++ k, will propose patche then 15:39:24 so if that's it, I'd propose to wrap it up 15:39:40 and as cloudflare seems to recover - we may do bunch of rechecks now 15:40:28 seems good to me 15:44:03 #endmeeting