Tuesday, 2020-04-21

« Monday, 2020-04-20 Index Wednesday, 2020-04-22 »
openstackgerritPhil Sphicas proposed airship/shipyard master: Armada DAG: increase retries from 3 to 5  https://review.opendev.org/71679100:25
openstackgerritdiwakar thyagaraj proposed airship/porthole master: Fix Deployment Scripts  https://review.opendev.org/72024600:56
openstackgerritJagan Mohan Kavva proposed airship/porthole master: [WIP] Unable to execute utilscli commands  https://review.opendev.org/72136401:03
openstackgerritAlexey Odinokov proposed airship/airshipctl master: WIP: use apache for http-server to share iso  https://review.opendev.org/72064301:20
openstackgerritKostyantyn Kalynovskyi proposed airship/airshipctl master: [WIP] Add clusterctl integration  https://review.opendev.org/72135301:21
openstackgerritPhil Sphicas proposed airship/promenade master: Add schema validation CLI option  https://review.opendev.org/69988701:29
openstackgerritStas Egorov proposed airship/airshipctl master: no runtime error handler for container module  https://review.opendev.org/72151303:39
openstackgerritStas Egorov proposed airship/airshipctl master: no runtime error handler for container module  https://review.opendev.org/72151303:44
*** evrardjp has quit IRC04:35
*** evrardjp has joined #airshipit04:35
airship-irc-bot1<kk6740> @dmy04:54
openstackgerritAlexey Odinokov proposed airship/airshipctl master: WIP: use apache for http-server to share iso  https://review.opendev.org/72064305:09
openstackgerritAlexey Odinokov proposed airship/airshipctl master: WIP: use apache for http-server to share iso  https://review.opendev.org/72064305:34
*** avolkov has joined #airshipit05:55
*** dpawlik has joined #airshipit06:08
*** KeithMnemonic has quit IRC08:05
*** born2bake has joined #airshipit08:27
*** happyhemant has joined #airshipit09:17
openstackgerritVamsi Savaram proposed airship/airshipctl master: Add initinfra gating tests  https://review.opendev.org/72110509:24
openstackgerritDmitry Ukov proposed airship/airshipctl master: [WIP] Add bmh generator plugin  https://review.opendev.org/72045509:57
openstackgerritVamsi Savaram proposed airship/airshipctl master: Add initinfra gating tests  https://review.opendev.org/72110510:21
openstackgerritVamsi Savaram proposed airship/airshipctl master: Add initinfra gating tests  https://review.opendev.org/72110510:57
openstackgerritDmitry Ukov proposed airship/airshipctl master: Introduce document plugin subcommand  https://review.opendev.org/71993111:00
openstackgerritDmitry Ukov proposed airship/airshipctl master: Add replacement transformer  https://review.opendev.org/72077211:00
openstackgerritDmitry Ukov proposed airship/airshipctl master: Add replacement transformer  https://review.opendev.org/72077211:02
openstackgerritMerged airship/airshipctl master: Add simple proxy guidelines  https://review.opendev.org/72134012:42
openstackgerritDmitry Ukov proposed airship/airshipctl master: [WIP] Add Teplater plugin  https://review.opendev.org/72160212:45
*** georgk has joined #airshipit12:54
*** SRao has joined #airshipit12:58
openstackgerritMerged airship/airshipctl master: Add iDRAC ephemeral boot media support  https://review.opendev.org/71371112:58
*** _kukacz has joined #airshipit13:07
openstackgerritDmitry Ukov proposed airship/airshipctl master: Add replacement transformer  https://review.opendev.org/72077213:10
*** toabctl has quit IRC13:25
*** toabctl has joined #airshipit13:27
*** sreejithp has joined #airshipit13:41
*** mikefix has joined #airshipit13:41
*** KeithMnemonic has joined #airshipit13:44
airship-irc-bot1<alexander.hughes> hello all!  IRC meeting starting in ~10 minutes, agenda link here: https://etherpad.opendev.org/p/airship-meeting-2020-04-2113:47
*** ab2434_ has joined #airshipit13:50
ian-pittwood#startmeeting airship14:00
openstackMeeting started Tue Apr 21 14:00:03 2020 UTC and is due to finish in 60 minutes.  The chair is ian-pittwood. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
*** openstack changes topic to " (Meeting topic: airship)"14:00
openstackThe meeting name has been set to 'airship'14:00
ian-pittwoodGood morning everyone!14:00
mattmceueno/ GM!14:00
airship-irc-bot1<dwalt> o/14:00
howello/14:00
ian-pittwood#topic rollcall14:00
*** openstack changes topic to "rollcall (Meeting topic: airship)"14:00
ian-pittwoodHere's our agenda in case anyone wasn't in here when alex sent it https://etherpad.opendev.org/p/airship-meeting-2020-04-2114:00
airship-irc-bot1<alexander.hughes> o/14:01
ian-pittwoodI'll give everyone a few minutes to look it over and add anything they would like14:01
*** jtwill98 has joined #airshipit14:01
ian-pittwoodI'm not seeing any activity on the agenda so we can go ahead and get into it14:03
ian-pittwood#topic Announcement: Cluster API dev env instructions posted to blog14:03
*** openstack changes topic to "Announcement: Cluster API dev env instructions posted to blog (Meeting topic: airship)"14:03
ian-pittwoodI believe this is alexander.hughes14:03
ian-pittwood#link https://www.airshipit.org/blog/cluster-api-development-environment/14:03
airship-irc-bot1<alexander.hughes> Yep, just a quick announcement that we've opened up the blog to showcase work done to spread lessons learned.  the first post in that category is setting up a CAPI dev environment.14:04
airship-irc-bot1<alexander.hughes> If you have other work you'd like to showcase, airship blog is a great place to do it14:04
ian-pittwoodAwesome, thanks for taking the time to make those instrucutions14:04
ian-pittwoodSounds like we're good to go onto the next topic14:05
ian-pittwood#topic Announcement: Retire AIAB repo14:05
*** openstack changes topic to "Announcement: Retire AIAB repo (Meeting topic: airship)"14:05
ian-pittwoodNot sure who this one is14:05
*** SRao has quit IRC14:05
ian-pittwood#link https://review.opendev.org/72015514:05
*** SRao has joined #airshipit14:05
ian-pittwood#link https://review.opendev.org/72016014:05
airship-irc-bot1<alexander.hughes> I believe these are Roman's, perhaps we move them to call for reviews14:06
ian-pittwoodLooks like these changes will deprecate AIAB. As always, reviews are appreciated!14:06
mattmceuenI think we should go forward with that if AIAB project is no longer in use.  Do we know whether that's the case?14:06
ian-pittwoodSure, we can link them there again as well14:06
ian-pittwoodDoes anyone here make use of AIAB?14:07
mattmceuenOr is e.g. the multinode gate scripting still in use?14:07
airship-irc-bot1<alexander.hughes> I got a message about a week ago asking if AIAB was still up to date, that the individual wanted to get their feet wet with Airship114:07
airship-irc-bot1<alexander.hughes> Is there a better alternative to AIAB for this?14:07
mattmceuenyeah, aiab single node was moved to treasuremap project a while back14:07
airship-irc-bot1<sirajudeen.yasin> We were using aiab for virtual airtship gating, now we moved to treasuremap14:08
mattmceuenand for multinode, there were plans/wip to do the same14:08
mattmceuenbut I'm not sure on the status14:08
ian-pittwoodSo essentially this is just finishing up a repository migration?14:08
airship-irc-bot1<alexander.hughes> so still using AIAB, just moved to a new home14:08
mattmceuen@sirajudeen.yasin that's great to know14:08
mattmceuenyep @alexander.hughes exactly14:08
mattmceuenI would suggest we give this a one-week soak period before merging14:08
ian-pittwood+114:08
mattmceuenand I'll take an action item to communicate this out and make sure everyone's looped in14:09
ian-pittwoodThanks, mattmceuen14:09
ian-pittwoodSounds like we can move to the next topic and maybe follow-up on this in the next meeting to check its status14:09
ian-pittwood#topic Announcement: Upcoming OSF PTG June 1-514:09
*** openstack changes topic to "Announcement: Upcoming OSF PTG June 1-5 (Meeting topic: airship)"14:10
*** StaceyF has joined #airshipit14:10
mattmceuenah yes, that's me14:10
ian-pittwoodAll yours mattmceuen14:10
ian-pittwood#link     https://ethercalc.openstack.org/126u8ek25noy14:10
*** roman_g has joined #airshipit14:10
*** pramchan has joined #airshipit14:10
mattmceuenAs has been brought up in the mailing list, we have an OSF-wide virtual PTG event coming up, June 1-514:10
mattmceueneveryone's still early in the planning process - if you keep an eye on that calendar, more teams will continue to sign up for slots14:10
mattmceuenAirship will be meeting on Thurs/Fri, US am / Europe PM14:11
mattmceuenBut there will likely be some cross-project meetings earlier in the week that we'll want to join14:11
mattmceuenAs it gets closer we can start to put an agenda together14:11
mattmceuenThat's all I have on that, any questions?14:11
airship-irc-bot1<alexander.hughes> just a suggestion that as we plan the agenda we try to plan it in blocks so people can join specific blocks for specific topics if they can't make full day14:12
ian-pittwood+114:12
airship-irc-bot1<alexander.hughes> will also make recordings more manageable14:12
mattmceuengood thought, and the OSF folks planning it already put a 4-hour cap on it to prevent burnout as well :)14:13
mattmceuenso when I said Thurs/Fri, what I should have said was 4 hours each day14:13
mattmceuenbut your point still holds - let's aim for that when we agenda-ize14:13
airship-irc-bot1<alexander.hughes> :slightly_smiling_face:14:13
ian-pittwoodAny other questions?14:13
ian-pittwoodIf not, then we can go to the next topic. Thanks, mattmceuen!14:14
ian-pittwood#topic airship2 security14:14
*** openstack changes topic to "airship2 security (Meeting topic: airship)"14:14
ian-pittwoodI believe this is alexander.hughes14:14
airship-irc-bot1<alexander.hughes> A while back we discussed in Airship1 projects moving all the projects away from root as default container user, and instead floated the idea of a common "airship" user.  I looked through the newer projects airshipctl, images, ui to see if we were using root again and found these two docker images14:15
airship-irc-bot1<alexander.hughes> is there any reason that debian-isogen or ipa-downloader-image can't be run as an airship user?14:15
airship-irc-bot1<alexander.hughes> or any non-root user?14:15
airship-irc-bot1<alexander.hughes> dockerfiles for context in case you don't have agenda open:14:16
airship-irc-bot1<alexander.hughes> https://opendev.org/airship/images/src/branch/master/debian-isogen/Dockerfile14:16
airship-irc-bot1<alexander.hughes> https://opendev.org/airship/images/src/branch/master/ipa-downloader-image/Dockerfile14:16
mattmceuenI suspect they don't need to run as root14:16
mattmceuen+1 to converting them away from root14:16
jtwill98+1 as well14:17
airship-irc-bot1<alexander.hughes> any disagreement?  if not I'll push a quick patch addressing each of these14:17
mattmceuenthanks Alex!14:17
airship-irc-bot1<alexander.hughes> the other item related to security is file permissions.  in pegleg we took a strict approach of creating all files with 640 permissions14:17
mattmceuenI suppose any disagreements we missed can be sorted in the patchset conversation14:17
ian-pittwoodSounds good! Thanks, alexander.hughes!14:17
ian-pittwoodYeah agreed14:18
airship-irc-bot1<alexander.hughes> have we started thinking about doing the same, or taking a more relaxed approach and only doing 640 for secrets in airshipctl?  things like testing kustomize build for example will generate to a file, if specified, as 66414:18
jtwill98640 permissions is good.14:18
mattmceuenInteresting.  Do you know if the kustomize permissions are configurable?14:19
airship-irc-bot1<alexander.hughes> I don't, but would be happy to look into configuration and report back14:19
mattmceuenI haven't thought this through with kustomize, but my gut sure doesn't like 644 permissions14:20
jtwill98there always umask14:20
portdirectwhat value does this provide?14:20
portdirectif the directory that the repos etc are checked out in has the appropriate perms14:20
portdirectwould it not be better to get users to set appropriately restrictive perms on the root of their working dir14:21
mattmceuenif it's configurable, seems like a reasonable thing to get for free14:21
mattmceuenso you don't make as many assumptions14:22
airship-irc-bot1<alexander.hughes> what's to stop me from kustomize build -o ~/test_dir14:22
*** michael-beaver has joined #airshipit14:22
portdirectnothing14:23
portdirect~ implys your working on something in your home dir14:23
portdirectso you should have complete authority over everything under it14:23
airship-irc-bot1<alexander.hughes> my concern was that the driving force behind Pegleg switching to all 640 permissions on every file it generated was security entities from companies such as AT&T wanted to ensure all files had restrictive permissions14:24
portdirectah - yes thats as it has files all over the place14:24
portdirecteg /tmp etc14:24
portdirectif you keep everything under say ~/test_dir14:24
portdirectyou shuld be good14:24
portdirectand if you did somching like chmod 0700 ~/test_dir14:24
portdirectyou should be better14:25
airship-irc-bot1<alexander.hughes> agreed, but we can't guarantee user behavior.  only software.  so the question is do we make an effort to restrict to 640 at file creation time?14:25
portdirectid say probably not14:25
mattmceuenLet's at least see what options Kustomize has, alexander.hughes14:26
portdirectbut you could have a check that the working directoy was only readable by the current user14:26
airship-irc-bot1<alexander.hughes> that solves for kustomize, but are we interested in say airshipctl document init14:26
mattmceuenI would love not to have to explain to folks over and over why it's ok to have world-readable secrets, if that's an avoidable conversation :)14:26
portdirectchmod 0700?14:27
ian-pittwoodShould the file permissions conversation perhaps be carried over to a design call?14:28
mattmceuenSince airshipctl is in our control, I think it makes sense to create them with the permissions we want14:28
mattmceuenSure - design call sounds good14:28
airship-irc-bot1<alexander.hughes> my thoughts too - especially as we progress to creating secrets via airshipctl14:28
jtwill98I agree create them with correct permissions14:28
ian-pittwoodOk, we can follow-up on this there. It would probably be easier to discuss verbally14:29
ian-pittwoodAnything else security-wise alexander.hughes?14:29
airship-irc-bot1<alexander.hughes> ok to summarize then dockerfiles are getting adjusted to non-root users, file permissions going to Thursday design call14:29
airship-irc-bot1<alexander.hughes> nope14:29
ian-pittwoodYeah that sounds right14:29
mattmceuenty for bringing it up alexander.hughes14:29
ian-pittwoodOk, on to free discussion14:29
ian-pittwood#topic roundtable14:30
*** openstack changes topic to "roundtable (Meeting topic: airship)"14:30
ian-pittwoodAnybody have anything they'd like to talk about?14:30
ian-pittwoodI will take the silence as a no14:32
ian-pittwood#topic Review requests14:32
*** openstack changes topic to "Review requests (Meeting topic: airship)"14:32
ian-pittwoodSo here's the AIAB retirement changes again14:32
ian-pittwood#link     https://review.opendev.org/72015514:32
ian-pittwood#link https://review.opendev.org/72016014:32
ian-pittwoodand that's all I have here on the etherpad14:32
ian-pittwoodAnyone else?14:33
ian-pittwoodIf not, thanks for joining everybody! Have a good week!14:34
ian-pittwood#endmeeting14:34
*** openstack changes topic to "https://opendev.org/airship || https://wiki.openstack.org/wiki/Airship || https://review.opendev.org/#/q/projects:airship+status:open+NOT+label:Verified%253D-1+NOT+label:Workflow%253D-1+NOT+message:DNM+NOT+message:WIP"14:34
openstackMeeting ended Tue Apr 21 14:34:07 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:34
openstackMinutes:        http://eavesdrop.openstack.org/meetings/airship/2020/airship.2020-04-21-14.00.html14:34
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/airship/2020/airship.2020-04-21-14.00.txt14:34
openstackLog:            http://eavesdrop.openstack.org/meetings/airship/2020/airship.2020-04-21-14.00.log.html14:34
airship-irc-bot1<alexander.hughes> thanks all14:34
mattmceuenThanks ian-pittwood!14:35
*** pramchan has quit IRC14:41
*** jtwill98 has quit IRC14:43
openstackgerritAlexander Hughes proposed airship/images master: [WIP] Specify user for Docker containers  https://review.opendev.org/72164014:57
openstackgerritMerged airship/airshipctl master: Introduce document plugin subcommand  https://review.opendev.org/71993115:27
*** mikefix has quit IRC15:30
openstackgerritAlexander Hughes proposed airship/images master: Specify user for Docker containers  https://review.opendev.org/72164015:35
*** SRao has quit IRC15:47
openstackgerritIan Howell proposed airship/airshipctl master: Define a standard for creating commands  https://review.opendev.org/72030115:47
openstackgerritVamsi Savaram proposed airship/airshipctl master: Add initinfra gating tests  https://review.opendev.org/72110515:50
openstackgerritStas Egorov proposed airship/airshipctl master: Added error handler for empty runtime entry  https://review.opendev.org/72151315:53
*** ab2434_ has quit IRC15:54
openstackgerritDmitry Ukov proposed airship/airshipctl master: Fix documentation for document plugin command  https://review.opendev.org/72168216:09
*** _kukacz has quit IRC16:14
openstackgerritJames Gu proposed airship/airshipctl master: [#30] Implement document info command  https://review.opendev.org/70748316:21
*** kklimonda has quit IRC16:28
*** kklimonda has joined #airshipit16:30
*** evrardjp has quit IRC16:35
*** evrardjp has joined #airshipit16:35
*** howell has quit IRC16:37
*** jemangs has quit IRC16:37
*** michael-beaver has quit IRC16:37
*** kklimonda has quit IRC16:38
*** happyhemant has quit IRC16:38
*** srwilkers has quit IRC16:39
*** michael-beaver has joined #airshipit16:40
*** kklimonda has joined #airshipit16:40
*** howell has joined #airshipit16:40
*** happyhemant has joined #airshipit16:40
*** jemangs has joined #airshipit16:40
*** hemanth_n has quit IRC16:41
*** howell has quit IRC16:41
*** mnaser has quit IRC16:41
*** howell has joined #airshipit16:42
*** alexanderhughes has quit IRC16:42
*** TheJulia has quit IRC16:42
*** srwilkers has joined #airshipit16:42
*** howell has quit IRC16:43
*** hemanth_n has joined #airshipit16:43
*** howell has joined #airshipit16:43
*** v1k0d3n has quit IRC16:43
*** alexanderhughes has joined #airshipit16:44
*** TheJulia has joined #airshipit16:44
*** howell has quit IRC16:44
*** howell has joined #airshipit16:44
*** mnaser has joined #airshipit16:44
*** v1k0d3n has joined #airshipit16:45
*** howell has quit IRC16:45
*** howell has joined #airshipit16:45
*** vdrok has quit IRC16:45
*** mnaser has quit IRC16:46
*** howell has quit IRC16:46
*** vdrok has joined #airshipit16:47
*** howell has joined #airshipit16:47
*** mnaser has joined #airshipit16:47
*** howell has quit IRC16:47
*** howell has joined #airshipit16:48
*** srwilkers has quit IRC16:48
*** mnaser has quit IRC16:49
*** mnaser has joined #airshipit16:50
*** srwilkers has joined #airshipit16:51
*** SRao has joined #airshipit17:23
openstackgerritDmitry Ukov proposed airship/airshipctl master: Add template based generator plugin  https://review.opendev.org/72160217:32
openstackgerritDmitry Ukov proposed airship/airshipctl master: Fix documentation for document plugin command  https://review.opendev.org/72168217:34
*** StaceyF has quit IRC18:08
openstackgerritDmitry Ukov proposed airship/airshipctl master: Add 3 nodes control plane composite  https://review.opendev.org/71876918:24
openstackgerritAlexander Hughes proposed airship/airshipctl master: etcd encryption addition  https://review.opendev.org/72081218:38
openstackgerritIan Howell proposed airship/airshipctl master: Define a standard for creating commands  https://review.opendev.org/72030118:39
*** muhaha has joined #airshipit18:56
muhahaguys? is there any vagrantfile example for multiple nodes?>18:56
openstackgerritAlbin Vass proposed airship/images master: Use ensure-* roles  https://review.opendev.org/71932319:16
*** SRao has quit IRC19:17
openstackgerritIan Howell proposed airship/airshipctl master: Define a standard for creating commands  https://review.opendev.org/72030119:39
openstackgerritMerged airship/airshipctl master: Fix documentation for document plugin command  https://review.opendev.org/72168220:14
openstackgerritIan Howell proposed airship/airshipctl master: Define a standard for creating commands  https://review.opendev.org/72030120:19
openstackgerritDrew Walters proposed airship/airshipctl master: WIP: Add management support to non-ephemeral hosts  https://review.opendev.org/72030420:32
openstackgerritIan Pittwood proposed airship/docs master: [WIP] Add issue tracking conventions  https://review.opendev.org/72136121:01
*** muhaha has quit IRC21:04
openstackgerritDrew Walters proposed airship/airshipctl master: Add management configuration module  https://review.opendev.org/72084321:12
openstackgerritDrew Walters proposed airship/airshipctl master: WIP: Add management support to non-ephemeral hosts  https://review.opendev.org/72030421:12
*** dpawlik has quit IRC21:34
*** michael-beaver has quit IRC21:52
openstackgerritStas Egorov proposed airship/airshipctl master: Refactored airshipctl config  https://review.opendev.org/71856722:05
openstackgerritStas Egorov proposed airship/airshipctl master: [#116]: added sub-commands to set/get bootstrap info  https://review.opendev.org/72057622:05
*** sreejithp has quit IRC22:05
*** timClicks has joined #airshipit22:08
*** avolkov has quit IRC23:25
openstackgerritPhil Sphicas proposed airship/shipyard master: [wip] Add a delay after nodes are joined  https://review.opendev.org/70961123:47
« Monday, 2020-04-20 Index Wednesday, 2020-04-22 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!