#openstack-tc log

16:00:10 <gmann> #startmeeting tc
16:00:10 <opendevmeet> Meeting started Wed Nov 30 16:00:10 2022 UTC and is due to finish in 60 minutes.  The chair is gmann. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:10 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:10 <opendevmeet> The meeting name has been set to 'tc'
16:00:16 <gmann> #topic Roll call
16:00:17 <JayF> o/
16:00:18 <gmann> o/
16:00:19 <slaweq> o/
16:00:22 <knikolla[m]> o/
16:00:30 <dansmith> o/
16:01:05 <jungleboyj> Hello all.
16:01:47 <ade_lee> o/
16:02:21 <gmann> let's wait for a min if rosmaita spotz arne_wiebalck noonedeadpunk join, i cannot see any name in absence section
16:02:31 <gmann> meanwhile this is today agenda #link https://wiki.openstack.org/wiki/Meetings/TechnicalCommittee#Agenda_Suggestions
16:02:35 <arne_wiebalck> o/
16:04:02 <gmann> let's start
16:04:06 <gmann> #topic Follow up on past action items
16:04:14 <gmann> gmann to check with foundation about zoom pro account if any and can be shared with TC monthly video call
16:04:36 <gmann> still did not get the response from foundation staff, I will send the reminder
16:04:40 <gmann> #action gmann to check with foundation about zoom pro account if any and can be shared with TC monthly video call
16:04:59 <gmann> other followup is about election things
16:05:21 <gmann> I have pushed the TC charter change to reflect what we discussed in PTG
16:05:22 <gmann> #link https://review.opendev.org/c/openstack/governance/+/865367
16:05:25 <spotz> o/ here for a few minutes but as mentioned when this time slot was chosen I have a conflict
16:05:28 <gmann> please review ^^
16:05:44 <gmann> spotz: ack
16:05:58 <gmann> as soon as we can merge it, will be good to plan for next election in advance
16:06:36 <rosmaita> o/
16:06:42 <gmann> I will keep eyes on gerrit if any comment on that
16:06:54 <gmann> #topic Gate health check
16:07:21 <gmann> volume detach timeout is happening 100% in lvm job (nova-lvm) and we had to disable those failing test for now
16:07:30 <dansmith> other than the nova thing, no gate health concerns from me this time, but with the holiday my data is limited
16:07:31 <gmann> it started when migrated to Jammy
16:07:39 <gmann> ok
16:07:48 <dansmith> volume detach seems to be a constant problem
16:08:22 <slaweq> we had one issue with trunk ports and live-migration on Neutron but it should be fixed already
16:08:22 <gmann> yeah, even those failing tests are preparing server with ssh-able and make it ready before volume is attached/detached
16:08:31 <gmann> slaweq: +1
16:09:22 <gmann> any other issues/item to highlight for gate health ?
16:10:20 <gmann> #topic 2023.1 TC tracker checks
16:10:29 <gmann> #link https://etherpad.opendev.org/p/tc-2023.1-tracker
16:10:45 <gmann> one update from me is on election things which I already mentioned the patch to review
16:11:03 <gmann> and other is about i18 SIG discussion in board meeting on Dec 6th.
16:11:13 <gmann> rosmaita: ^^ can you give brief update on this
16:11:32 <rosmaita> sure
16:11:58 <rosmaita> we will propose to the Foundation Board that they fund a hosted version of Weblate
16:12:13 <rosmaita> which the SIG i18n has idenitified as the best platform to use
16:12:56 <rosmaita> we also proposed that the Foundation Staff should help us find a volunteer to change the Zanata-to-gerrit plumbing to use weblate
16:13:24 <rosmaita> this will free up the i18n team to do the content migration and ultimately focus on doing translations
16:15:21 <gmann> yeah, it will be discussed in Dec 6th board meeting and let's see how it goes
16:16:06 <gmann> rosmaita: anything else on this? or any query form any other tc-members ?
16:16:10 <gmann> *from
16:16:31 <rosmaita> nothing from me
16:16:54 <noonedeadpunk> o/
16:17:07 <noonedeadpunk> sorry, was side-pinged last moment :(
16:17:18 <gmann> np!
16:17:26 <gmann> ok, let's move
16:17:44 <gmann> any other updates from anyone on the tracker items ?
16:18:26 <gmann> #topic FIPS testing on ubuntu paid subscription
16:18:30 <gmann> #link https://review.opendev.org/c/openstack/project-config/+/861457
16:19:13 <gmann> as we discussed it in PTG also, with currently available options to test FIPS, using ubuntu paid subscription is one of the option where we can make FIPS jobs voting
16:19:26 <gmann> centos stream is not stable enough to test FIPS on gate
16:19:47 <gmann> opendev is looking for TC official agreement on this.
16:20:13 <fungi> note that tinwood, the openstack charms ptl, was able to negotiate a free subscription for our test jobs to use
16:20:22 <gmann> I would like to start the voting on this but before that if we need more discussion/questions, we have ade_lee here to explain the situation
16:20:43 <fungi> so while people normally pay for access to ubuntu's fips-enabled packages, we're getting gratis access to them
16:21:04 <JayF> I'll note I had a conversation with smoe of the opendev folks about this when it surfaced, and my impression is that a developer would be able to access the actual-fips-packages to do local testing of a failing job, just without support.  As long as this is accurate (developers can troubleshoot broken fips jobs locally), I am on board.
16:21:50 <noonedeadpunk> I wonder if they would need to have this free subscribtion that covers 5 machines for that?
16:22:00 <ade_lee> thats correct.  the agreement was that the subscrption is free for use for fips testing , but with no support
16:22:51 <fungi> note that the canonical folks didn't say they were providing free access to developers, just to our ci jobs
16:23:07 <frickler> can that agreement be made public?
16:23:12 <fungi> and they acknowledge that we can't reasonably *secure* that access due to the way our jobs are run
16:23:15 <JayF> How could we expect developers to be able to maintain FIPS support if they cannot test that outside of zuul?
16:23:37 <gmann> yeah I was wondering on that we will not be able to test it locally right? its is just in CI
16:23:55 <fungi> do we expect developers to maintain osc support for rackspace's api without a paid account in rackspace?
16:24:09 <dansmith> I feel like most of the things you'd need to 'debug' from a fips job failure is not something you'd really necessarily have to reproduce locally. It'd be like an exception complaining that md5 isn't available or something
16:24:26 <fungi> or is the free rackspace account we arranged for osc testing not acceptable practice either?
16:24:28 <dansmith> which is pretty straightforward and once we're gating on these, would be when you add a new feature that is using something like that
16:24:58 <dansmith> fungi: the same goes for all the special hardware support we have in lots of places
16:25:08 <dansmith> fungi: I have zero $10k nvidia GPUs locally
16:25:19 <gmann> true, all backends
16:25:23 <fungi> correct, though for the most part we don't currently test those upstream because they're not available to us
16:25:35 <noonedeadpunk> do we test gpus for reall? huh...
16:25:36 <dansmith> I'm still waiting for my s/390 machine in the mail
16:25:43 <JayF> I'll note that many of those special-hardware-support tests are non-blocking, too (at least in Ironic they don't get to vote)
16:25:52 <slaweq> dansmith but isn't it like things which requires e.g. special hardware for testing are in 3rd party jobs?
16:26:19 <noonedeadpunk> but are we making fips as required to pass for all projects?
16:26:21 <slaweq> at least in neutron it is like that  - if something require special hardware, we don't gate with such job
16:26:28 <dansmith> slaweq: yeah, but I think in most projects if a patch causes a particular driver to fail, a core team would expect that to be fixed before merge, no?
16:26:37 <noonedeadpunk> I guess it's up to projects to decide if add them or not after all?
16:26:57 <fungi> that's why i brought up osc's testing. the client/sdk team has arranged gratis accounts with public cloud providers for use in upstream testing, something which an individual developer would not have access to without similar negotiations
16:26:58 <gmann> but will it be hard to fix the FIPS things just from CI failure and even we are not able to produce them locally?
16:27:02 <slaweq> dansmith sure
16:27:03 <dansmith> the FIPS thing seems much easier to debug than hardware
16:27:08 <gmann> yeah
16:27:14 <dansmith> gmann: right, I think it's much easier
16:27:24 <dansmith> "sorry MD5 not allowed, *sad trombone*" is pretty straightforward
16:28:31 <slaweq> we can always try to add it and if there will be too many issues with it and it will be hard to debug without access to the FIPS env for developers, we can always remove that job(s) from gate
16:28:38 * jungleboyj is happy to see someone else use sad trombone.  :-)
16:28:53 <dansmith> right, well, that's what we've done up until now.. we've added them and then when centos breaks, we make them n-v
16:28:56 <slaweq> but probably it will be as dansmith says - it will be pretty easy to fix issues related to FIPS
16:29:01 <gmann> true, we can re-iterate it based on future situations
16:29:03 <dansmith> so if this becomes a problem, it's easy to do the same
16:29:08 <gmann> ok, so this does not seems blocking to allow CI testing on it
16:29:48 <dansmith> AFAIK, none of the times we've had to do that have been due to fips problems, just CS problems
16:29:49 <gmann> and if any other distro (free version) become stable/available then we can always move FIPS jobs to that
16:30:01 <dansmith> also that ^ :)
16:30:03 <JayF> I'll note that in the review posted here earlier; debian was listed as an alternative
16:30:11 <JayF> but a nonviable one because we don't use it for many other things (yet)
16:30:25 <fungi> though it is in the pti for 2023.1
16:30:27 <JayF> So; I don't think it's resonable to say "if a free version becomes available" -- it is aavailable
16:30:37 <dansmith> JayF: becomes "viable"
16:30:51 <gmann> also *stable* enough to test everywhere
16:31:04 <gmann> FIPS goal is to add jops in every project as voting
16:31:05 <dansmith> part of the problem has been that CS9 breaks or behaves differently than *all* the other tests, and so it becomes a problem for people who are set up to test on ubuntu
16:31:12 <JayF> I mean, viability is all in a matter of if we want to spend time on it. And debian is incredibly stable. I'm not suggesting we change it, I just don't want us to couch this as us having no choice; we do have a choice
16:31:25 <JayF> we're just prioritizing using existing infra + a token over revamping the infra to use a more free solution
16:31:27 <fungi> right, someone needs to work out the logistics for it and make sure the baseline testing on that platform without fips is also running and in good shape so that fips-specific issues can be differentiated from general platform-related issues
16:31:29 <dansmith> debian is similar in that it becomes some work if someone has to bootstrap the debian environment to see if it's a debian problem or a FIPS on
16:31:30 <dansmith> *one
16:31:43 <gmann> question is what are current best and stable/viable options to start it
16:31:58 <dansmith> debian being stable isn't the concern, it's debian being different than all the other jobs
16:32:09 <dansmith> we had a debian failure for a few weeks recently
16:32:21 <dansmith> which wasn't a debian problem (AFAIK) but just a "different than focal" problem
16:32:27 <JayF> Which I'm fine with; I just don't want us to pretend like we don't have fully-foss options when we would if we prioritized debian CI support.
16:32:52 <dansmith> I'm prioritizing this purely as a "minimal change from our other jobs" perspective... right.
16:33:02 <fungi> note that nobody has said ubuntu's packages for this aren't fully foss, they just charge money for access to them (that doesn't make then not free/libre open source)
16:33:13 <noonedeadpunk> to be fair, we have debian and ubuntu jobs running in osa and we haven't seen debian being much different or failing differently rather then ubuntu for quite a while
16:33:35 <dansmith> noonedeadpunk: we had an example in the devstack gate just a couple weeks ago
16:33:39 <noonedeadpunk> but yes, that we're currently running ubuntu we can't use debian only for fips
16:34:04 <fungi> open source licenses don't preclude someone from charging money when distributing the software
16:34:15 <JayF> that's fair; I should've been more precise with my choice of words
16:34:22 <noonedeadpunk> Well, I used devstack last time 3 years ago or so, so hard to judge on it
16:34:37 <dansmith> noonedeadpunk: https://review.opendev.org/c/openstack/devstack/+/864135
16:35:07 <dansmith> (turned out to be within our control, we just didn't know it, because it was different)
16:35:20 <gmann> at least in current situation, if debian become much tested in projects side also and have voting jobs then nobody stop us to move FIPS jobs on that
16:35:23 <dansmith> sounds like we're circling the drain of agreement, shall we vote?
16:35:33 <frickler> getting charged for something to me sounds like the opposite of free
16:35:43 <dansmith> frickler: beer and speech :)
16:35:51 <jungleboyj> :-)
16:35:54 <gmann> key part is we want to wait for FIPS testing or can start with ubuntu paid(free for us) for now?
16:36:23 <gmann> any other point/discussion ? otherwise let's vote
16:37:21 <noonedeadpunk> gmann: Can you post question for vote before starting vote ? :)
16:37:27 <gmann> seems we are good to vote, just to make sure and to avoid invalid voting :) this is wording of vote "Considering the currently available options, Is it ok to use the Ubuntu paid subscription for FIPS testing?"
16:37:32 <gmann> noonedeadpunk: yeah ^^
16:37:38 <dansmith> fine with me
16:38:33 <noonedeadpunk> silence means no objections I guess?
16:38:35 <rosmaita> i am ready
16:38:44 <slaweq> ++
16:38:46 <gmann> yeah, let's start
16:38:47 <gmann> #startvote Considering the currently available options, Is it ok to use the Ubuntu paid subscription for FIPS testing? Yes, No
16:38:47 <opendevmeet> Begin voting on: Considering the currently available options, Is it ok to use the Ubuntu paid subscription for FIPS testing? Valid vote options are Yes, No.
16:38:47 <opendevmeet> Vote using '#vote OPTION'. Only your last vote counts.
16:39:00 <noonedeadpunk> #vote Yes
16:39:00 <dansmith> #vote Yes
16:39:04 <slaweq> #vote Yes
16:39:04 <gmann> #vote Yes
16:39:06 <arne_wiebalck> #vote Yes
16:39:11 <JayF> #vote yes
16:39:21 <rosmaita> #vote yes
16:40:25 <spotz_> #vote yes
16:40:28 <gmann> I think knikolla[m] spotz left to vote, waiting for a min if they will.
16:40:43 <knikolla[m]> #vote Yes
16:40:48 <gmann> cool
16:40:52 <gmann> #endvote
16:40:52 <opendevmeet> Voted on "Considering the currently available options, Is it ok to use the Ubuntu paid subscription for FIPS testing?" Results are
16:40:52 <opendevmeet> Yes (9): spotz_, knikolla[m], gmann, slaweq, arne_wiebalck, rosmaita, dansmith, JayF, noonedeadpunk
16:40:53 <knikolla[m]> sorry, am in two meetings at the same time.
16:40:59 <gmann> knikolla[m]: ack, np
16:41:20 <gmann> ok so we have the agreement now, I will post the link to project-config patch
16:41:27 <gmann> moving to next topic
16:41:28 <dansmith> fungi: can you send it?
16:41:44 <gmann> #topic Adjutant situation (not active)
16:41:52 <gmann> Last change merged Oct 26, 2021 (more than 1 year back)
16:41:59 <gmann> Gate is broken
16:42:01 <fungi> dansmith: send what"
16:42:04 <fungi> ?
16:42:16 <dansmith> fungi: merge the fips patch
16:42:21 <fungi> oh, sure
16:42:40 <ade_lee> thanks all
16:42:47 <gmann> it seems Adjutant situation is not improved since we abandon the proposal of marking it 'inactive'
16:42:49 <fungi> after the meeting adjourns i'll include a link to the minutes in the change approval
16:42:50 <gmann> #link https://review.opendev.org/c/openstack/governance/+/849153
16:42:57 <gmann> ade_lee: thanks for all effort on this goal
16:43:01 <gmann> fungi: thanks
16:43:32 <gmann> and I pinged PTL on IRC I think couple of times but no response
16:43:41 <gmann> even no response on gerrit
16:44:20 <gmann> I feel we should mark it as 'Inactive' (restoring the above patch) and then we will see if we can retire it if no maintainer or not ?
16:44:42 <JayF> I would vote +1 to such a patch given the current situation
16:44:57 <knikolla[m]> ++
16:45:01 <dansmith> sounds fine to me
16:45:17 <fungi> out of curiosity, has anyone sent e-mail to the ptl? i suppose it's possible they're just unaware of the responsibilities they signed up for or what they should be paying attention to
16:45:30 <knikolla[m]> Unfortunately we have stopped using Adjutant in our cloud in favor of a different solution so I can't justify the time to track its state as I used to a few years ago.
16:45:32 <slaweq> overall stats of the Adjutant are like https://paste.opendev.org/show/b4OWBZ74G8t6QKKs4Fqq/
16:45:47 <slaweq> I'm +1 for marking it as "inactive"
16:46:07 <gmann> fungi: I do not think they are unware, they ack in the governance patch (marking inactive) and we abandon the same
16:46:23 <noonedeadpunk> according paste it jobs are not really broken :D
16:46:25 <fungi> got it
16:46:32 <gmann> but anyways let me propose it for inactive and will send email also to PTL to ack it
16:46:38 <noonedeadpunk> Last time I looked at adjutant it was broken mainly due to django version
16:46:40 <slaweq> yeah, and I think that it was someone who was ptl for many cycles already, not someone pretty new
16:46:49 <gmann> yeah
16:47:12 <fungi> oh, thanks, for some reason i thought adjutant ended up with a volunteer new ptl eventually
16:47:14 <gmann> #action gmann to mark Adjutant a 'inactive' and send notification to PTL
16:47:30 <gmann> ok, moving next
16:47:34 <gmann> #topic Recurring tasks check
16:47:39 <gmann> Bare 'recheck' state
16:47:48 <gmann> #link https://etherpad.opendev.org/p/recheck-weekly-summary
16:47:55 <gmann> slaweq: over to you
16:47:56 <slaweq> all good there I think
16:48:09 <slaweq> average number of recheckes before merge is a bit higher this last week
16:48:26 <slaweq> but as we had issue in neutron and there were some other issues also, I think it's just related
16:48:32 <slaweq> and should be better next week
16:48:37 <gmann> yeah
16:48:39 <slaweq> bare rechecks are good
16:48:48 <gmann> thanks for monitoring
16:49:01 <slaweq> especially for projects where there is more rechecks - most of them aren't bare
16:49:07 <slaweq> that's all
16:49:14 <gmann> that is nice
16:49:14 <jungleboyj> That is a good improvement.
16:49:31 <gmann> #topic Open Reviews
16:49:31 <dansmith> sweet
16:49:34 <gmann> #link https://review.opendev.org/q/projects:openstack/governance+is:open
16:49:40 <gmann> tc charter change we already talked
16:50:00 <noonedeadpunk> sounds like 865367 ready for merge?
16:50:05 <gmann> fungi: for all other project updates, we are waiting for project-config patches to merge, can you please check
16:50:11 <noonedeadpunk> or we need 2/3 of tc for this one?
16:50:34 <gmann> noonedeadpunk: yeah
16:50:49 <gmann> ok that is all from today agenda, anything anyone would like to bring ?
16:50:52 <fungi> gmann: i can take a look
16:50:57 <gmann> fungi: thanks
16:51:23 <gmann> FYI, next meeting is video call on Dec 7.
16:51:32 <dansmith> so,
16:51:59 <dansmith> I will be out the rest of the year before our next meeting, just FYI so I shan't be around for lively discussion or to open a video call on our gmeet, if we still do that
16:52:24 <dansmith> hopefully rosmaita slaweq or spotz  can do it, if we still need it pending the zoom stuff
16:52:29 <gmann> dansmith: ack
16:52:32 <gmann> sure
16:52:34 <slaweq> sure
16:52:40 <rosmaita> i should be around
16:53:35 <gmann> if nothing else, let's close the meeting. Thanks everyone for joining.
16:53:39 <gmann> #endmeeting