08:02:02 <tchaypo> #startmeeting TripleO
08:02:03 <openstack> Meeting started Wed Feb  4 08:02:02 2015 UTC and is due to finish in 60 minutes.  The chair is tchaypo. Information about MeetBot at http://wiki.debian.org/MeetBot.
08:02:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
08:02:06 <openstack> The meeting name has been set to 'tripleo'
08:02:28 <tchaypo> #topic agenda
08:02:28 <tchaypo> * bugs
08:02:28 <tchaypo> * reviews
08:02:28 <tchaypo> * Projects needing releases
08:02:28 <tchaypo> * CD Cloud status
08:02:28 <tchaypo> * CI
08:02:29 <tchaypo> * Specs
08:02:29 <tchaypo> * open discussion
08:02:30 <tchaypo> Remember that anyone can use the link and info commands, not just the moderator - if you have something worth noting in the meeting minutes feel free to tag it
08:02:30 <tchaypo> #topic bugs
08:02:59 <tchaypo> I believe we only have a few people here today so I’m not sure if it’s worth running the full agenda.
08:03:05 <tchaypo> So first question: who’s here?
08:03:08 <greghaynes> O/
08:03:11 <tchaypo> second question: anything you particularly want to discuss?
08:03:31 <StevenK> o/
08:03:32 <tchaypo> #topic open discussion
08:03:36 <GheRivero> o/
08:03:41 <tchaypo> we can go back to other topics later
08:04:21 <lsmola2> o/
08:05:11 * lsmola2 has nothing on his mind
08:06:32 <tchaypo> okay. I’m going to suggest we have a quick check for major bugs, have a quick look for old reviews we could move along, and then move with our week
08:06:35 <tchaypo> sound good?
08:07:15 <greghaynes> so, https://bugs.launchpad.net/tripleo/+bug/1401300 is a big deal
08:07:20 <greghaynes> I dont think im going to have time to work on it
08:07:28 <marios> o/ sorry am late
08:07:32 <greghaynes> although I think the people who id like to point that to arent around
08:07:54 <marios> tchaypo: +1
08:08:01 <tchaypo> #topic bugs
08:08:14 <tchaypo> #link https://bugs.launchpad.net/tripleo/+bug/1401300
08:09:15 <tchaypo> #info Keystone Private Key not securely sent to host - greghaynes is probably not going to have time to work on this, would be good if someone could pick it up
08:10:12 <marios> so this one https://bugs.launchpad.net/tripleo/+bug/1411809 is fix committed
08:11:56 <tchaypo> marios: is there something we still need to do on that?
08:12:40 <marios> tchaypo: (looking) but that;s kind of what i was asking, we could probably close out
08:13:50 <tchaypo> yeah; we don’t do releases of tripleo-image-elements, do we?
08:13:58 <tchaypo> so there’s no reason not to mark it released already
08:14:43 <greghaynes> we do
08:15:02 <greghaynes> I just released it ~5min ago
08:15:05 <marios> yeah was checking cos couldn't remember
08:15:09 <marios> https://wiki.openstack.org/wiki/TripleO/ReleaseManagement
08:15:32 <tchaypo> https://bugs.launchpad.net/tripleo/+bug/1374626 has a fix, in https://review.openstack.org/#/c/141217/, but that’s in merge conflict
08:16:04 <tchaypo> I’ll put that on my list and see if I can un-conflict it today
08:17:09 <tchaypo> https://bugs.launchpad.net/diskimage-builder/+bug/1407828 is marked incomplete/critical
08:17:16 <tchaypo> I’m going to downgrade that
08:17:29 <StevenK> I was thinking about changing (not in a non-backwards-compatible way) the script in os-cloud-config, so we can move -incubator to using it
08:18:58 <StevenK> And then changing the incubator scripts to looking up by *name*, so we can stop throwing the IDs around
08:19:21 <marios> tchaypo: yeah +1 that is a docs bug
08:19:22 <tchaypo> StevenK: do you want to un-conflict that patch then?
08:19:39 <StevenK> tchaypo: Sure.
08:19:45 <tchaypo> StevenK: <3
08:21:10 <lifeless> o/
08:21:17 <lifeless> sorry, baby etc
08:21:30 <tchaypo> I’m not seeing any other critical bugs
08:21:34 <tchaypo> lifeless: welcome :)
08:23:28 <tchaypo> Okay, moving on
08:25:07 <tchaypo> #info There's a dashboard linked from https://wiki.openstack.org/wiki/TripleO#Review_team - look for "TripleO Inbox Dashboard"
08:25:07 <tchaypo> #link http://russellbryant.net/openstack-stats/tripleo-openreviews.html
08:25:07 <tchaypo> #link http://russellbryant.net/openstack-stats/tripleo-reviewers-30.txt
08:25:07 <tchaypo> #link http://russellbryant.net/openstack-stats/tripleo-reviewers-90.txt
08:27:28 <tchaypo> dangnabbit.
08:27:31 <tchaypo> #topic reviews
08:28:08 <tchaypo> https://review.openstack.org/#/c/142270/ is our oldest-since-negative-review
08:28:33 <tchaypo> it’s a simple new document. It should be simple to get this landed today if one or two people can look at it.
08:28:57 <marios> will do
08:29:12 <tchaypo> https://review.openstack.org/#/c/108168/ is a spec, also about selinux; needs more cores to give their stamp.
08:29:22 <lifeless> greghaynes: commented on that bug
08:29:28 * tchaypo notes that he has been guilty of not taking the time to read it
08:29:51 <lifeless> greghaynes: I think it should be downgraded, its a known defect, not an OMG moment - we knowingly made the choice to get there, its not a surprise
08:31:08 <tchaypo> and third on the list is https://review.openstack.org/#/c/112039/ - looks like a more complex change
08:31:10 <greghaynes> lifeless: mmm, well it basically means the auth on our cluster is not so valid
08:31:44 <lifeless> greghaynes: we should switch to https of course
08:31:54 <greghaynes> Im more concerned that the data is in heat at all
08:32:03 <greghaynes> we should just scp over that file
08:32:11 <tchaypo> using what credentials?
08:32:11 <greghaynes> (until a sane solution arises)
08:32:17 <tchaypo> or do oyu mean, push it over?
08:32:24 <lifeless> greghaynes: that would mean we have to be directly involved on every deploy
08:32:25 <greghaynes> tchaypo: stackuser which is how we were doing it previously
08:32:59 <lifeless> greghaynes: if we can't trust the source of our config data, its game over anyway
08:33:15 <lifeless> greghaynes: heat can give itself root on our machines trivially
08:33:31 <tchaypo> I don’t think it’s about trusting the source, it’s about the fact that it’s trivial for other machines to get the secret
08:34:02 <lifeless> other machines in the stack?
08:34:17 <lifeless> I thought we had per machine creds, that they couldn't read the entire config, only admins can
08:35:21 <greghaynes> I think as a compute node you just have to spoof the ip of a control node and hit cfn api
08:37:03 <greghaynes> We can discuss this on the bug though
08:37:58 <greghaynes> oh, right, you have the os* creds as you said
08:38:18 * greghaynes will comment on there
08:38:33 <tchaypo> very good.
08:38:43 <tchaypo> Do we have any other topics worth covering today?
08:44:20 <tchaypo> okay
08:44:25 <tchaypo> #endmeeting