Tuesday, 2025-07-15

« Monday, 2025-07-14 Index
noonedeadpunkNeilHanlon: hm, are you sure about EL10? as I don't see build? https://koji.fedoraproject.org/koji/packageinfo?packageID=3090605:59
noonedeadpunkshould it be another request to build it?05:59
noonedeadpunkI also wonder how this did work actually: https://opendev.org/openstack/ansible-role-systemd_networkd/src/branch/master/vars/redhat-9.yml#L3406:01
-opendevstatus- NOTICE: the gerrit service (https://review.opendev.org) is currently down, please be patient while we work on restoring it07:33
noonedeadpunkI think it might be worth to write a doc around our pki role as well, so that we could replace this tripleO guide for instance: https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/tls-everywhere.html10:21
noonedeadpunkwhich is referenced in https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/tls-everywhere.html10:22
fricklerthat was the same URL twice?10:23
noonedeadpunkoh, sorry10:23
noonedeadpunksecond meant to be https://docs.openstack.org/nova/latest/admin/secure-live-migration-with-qemu-native-tls.html10:23
noonedeadpunk“TLS everywhere” link10:24
noonedeadpunkas pki role is quite osa-agnostic and we use it internally as well. so it could be a fit for replacement which does not have havile dependence on deployment tooling10:25
noonedeadpunkor just do openssl cli guide...10:25
fricklermaybe https://docs.openstack.org/security-guide/secure-communication.html would be a good generic location. but then I'm not sure how much refreshing that whole guide would be needing10:34
noonedeadpunkoh, actually this might be a realy good one10:35
noonedeadpunkI guess if add as a separate section, it might not need refactoring?10:36
fricklerthat might work, yes10:37
darkhackernchttps://bugs.launchpad.net/openstack-ansible/+bug/211693411:12
noonedeadpunkdarkhackernc: not sure if that paste issuue or not, but you seems have an indent issue for manila_backends11:13
darkhackerncnoonedeadpunk, let me double check11:14
darkhackerncyeah, you are right11:15
darkhackerncchanged, let me rerun 11:15
darkhackerncnoonedeadpunk, thanks, deployment moved, breaking at other point11:26
-opendevstatus- NOTICE: the gerrit service (https://review.opendev.org) is back up. We believe the restoration is complete. If you notice any issues please report them in #opendev ASAP11:54
darkhackerncnoonedeadpunk, https://bugs.launchpad.net/openstack-ansible/+bug/2116934 can you check, user is not creating and permission issue, manually setting up fixed the issue, 12:00
darkhackerncdo we need to hardcode this as well like octavia?12:00
noonedeadpunknot sure what do you mean under "this"12:42
opendevreviewJonathan Rosser proposed openstack/ansible-role-pki master: Allow certificates to be installed by specifying them by name  https://review.opendev.org/c/openstack/ansible-role-pki/+/95423912:45
noonedeadpunk#startmeeting openstack_ansible_meeting15:00
opendevmeetMeeting started Tue Jul 15 15:00:45 2025 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'openstack_ansible_meeting'15:00
noonedeadpunk#topic rollcall15:00
noonedeadpunko/ hey there15:00
DavidGomezo/ 15:01
damiandabrowskihi!15:04
noonedeadpunk#topic office hours15:04
noonedeadpunkso, I think the first thing I wanted to raise is review state overall - we have quite some things waiting for approval, including some bug fixes15:05
damiandabrowskiack, I'll have a look15:05
jrossero/ hello15:06
jrosserwe really do need more activity on reviews all the time15:07
jrosseras noonedeadpunk and i seem to make a lot of patches and do a lot of reviews we can't merge each others stuff alone15:07
noonedeadpunkright15:08
noonedeadpunkunless we change the project rules15:08
noonedeadpunkwhich would be better to avoid 15:08
noonedeadpunkbut I'm getting tempted from time to time to be frank15:08
jrosserandrew will be back in ~1 week15:09
noonedeadpunk┌(° ͜ʖ͡°)┘15:09
noonedeadpunkok, then I'll manage my temptation :)15:10
noonedeadpunkI see some work has started on adding Debian 13 job?15:10
noonedeadpunkthough we have an issue in hardening module15:10
noonedeadpunkand python 13 compatability15:10
noonedeadpunk3.14=3 ofc, sorry15:12
noonedeadpunk* 3.1315:12
jrosseri have it in a vm here15:13
jrosserthere is a super strange pip error in the patch i pushed that i dont understqand15:13
jrosserand i dont get locally15:13
noonedeadpunkalso, it seems that C10S at least nodesets are around15:15
noonedeadpunkso probably we should check on adding CI for it as well15:15
noonedeadpunkat least from what I see in kolla recent patches: https://review.opendev.org/c/openstack/kolla/+/950392/78/.zuul.d/centos.yaml15:15
noonedeadpunk(I was searching for rocky10 though in gerrit)15:15
noonedeadpunkI think that LXC was built for EPEL testing at least15:16
noonedeadpunkhttps://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-87f14463e715:16
noonedeadpunkinterestingly, it seems that EL is gonna have more modern LXC then Noble does15:17
noonedeadpunkjrosser: what lxc is shipped in debian - did you checked?15:17
noonedeadpunkor can you if have VM handy :)15:18
jrosseryeah one moment15:18
jrossercarry on whist i look :)15:18
noonedeadpunksure15:18
noonedeadpunkDo we have any updates or smth to discuss on PKI topic?15:19
noonedeadpunkdamiandabrowski: ?15:19
damiandabrowskiI'm working on the things we agreed on and testing them on my AIO15:20
jrosseri have left the os_glance change as an example for where we might start the vault stuff15:20
damiandabrowskiso nothing to discuss, until I push updates to my patches :D 15:20
damiandabrowskihttps://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/95426915:21
damiandabrowskiyeah I saw, thanks a lot15:21
noonedeadpunkok, cool, then no obvious blockers so far at least :)15:22
noonedeadpunkand this is pki-side patch, I assume15:22
jrosserdebian 13 lxc `Installed: 1:6.0.4-4+b1`15:23
noonedeadpunkbtw, just today I was thinking if we should add some better documentation around the role with real-life examples, like generating certs for libvirt/nova, if to use it as a standalone role15:23
noonedeadpunkok, so it's the same with what C10S and EL10 gonna have15:23
noonedeadpunkjust noble seems to be still on 515:24
noonedeadpunkso I was a bit curious how badly 6 gonna break15:24
jrosseras far as lxc goes it did just work (+/- a few bugfixes i pushed) on trixie15:24
jrosserbut those are our bugs in ansible code15:24
noonedeadpunkright15:25
noonedeadpunkShould we be mergning https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/954976 now?15:26
noonedeadpunkAs it's more of - get all patches out vs start merging things regardless15:27
noonedeadpunkdon't have anything against any approach, just checking how you wanna handle that 15:29
jrosserit might not hurt, we can merge that even if trixie is experimental/broken15:29
NeilHanlonbleh, sorry.. distracted today15:30
noonedeadpunkI kinda wonder, if we might actually do a list of OS as a variable....15:30
noonedeadpunkso that to be able to override in AIO/CI, but not allow in actual deployments15:31
NeilHanlonregarding systemd-extras for el10: yes we should request it if not there. I'd asked about el9 specifically to the group and sorta assumed it was there for 10, too.. I can file that request quickly on my laptop15:31
NeilHanlonregarding how the includepkgs: systemd-networkd from EPEL worked/works, it's because the package is "provided" by the systemd-extras, so it's addressable in it's own right. similar to how normally the `systemd` package provides all it's subcomponents 15:32
NeilHanlonalso hi :) o/ 15:32
noonedeadpunkaha, ok, makes sense then15:32
noonedeadpunkbut I kinda wonder from standpoint of ecosystem... Why would epel need having it, if it's in SIG?15:33
noonedeadpunkOr SIGs are only CentOS oriented?15:33
noonedeadpunkand EPEL is also EL?15:33
NeilHanlonwell the Hyperscale SIG itself is only focused on centos stream15:33
NeilHanlonso they wouldn't "allow" a build for systemd atop RHEL (and friends) in that SIG15:33
noonedeadpunkI just kinda a little bit confused about versions provided by these15:33
NeilHanlonso it'd have to be another SIG like cloud or nfv15:34
noonedeadpunkaha, ok15:34
NeilHanlonor, a rocky sig. or epel15:34
NeilHanloncause epel is against RHEL build roots, not Stream ones15:34
noonedeadpunkso like epel shouldn't say smth like - go and use hyperscale sig now?15:34
NeilHanlonno cause EPEL is maintaining compatibility with RHEL, not Stream15:35
noonedeadpunkok, then I think having a request to build networkd for el10 would be really nice15:35
NeilHanlon👍i'm gonna put in the request15:35
noonedeadpunkamazing, thanks!15:35
NeilHanlonlooks like there's already one in: https://bugzilla.redhat.com/show_bug.cgi?id=230389215:36
NeilHanloni'll poke rsc about it15:36
noonedeadpunkyeah, it didn't go too far :(15:36
noonedeadpunklxc in it's turn should be around anytime I guess15:38
noonedeadpunkmariadb has builders for both rocky and c10s, but they did not build packages yet...15:39
noonedeadpunkand I wouldn't exepct any until next minor version is out15:39
NeilHanlonyep i need to test the lxc packages and give them some karma so they will move thru faster15:40
noonedeadpunkso next mariadb release is planned on July 24th if my eyes don't fail me15:41
NeilHanloni believe ya15:42
noonedeadpunkso I think once we solve CI/LXC/MariaDB we can tell about EL10 support also on Epoxy15:43
noonedeadpunkbut will see :)15:43
noonedeadpunkand systemd ofc15:43
noonedeadpunkso 4 things15:43
noonedeadpunkI will try to poke at CI sometime this week15:44
NeilHanlonsweet :) 15:45
NeilHanloni'm gonna work on ceph this week... promise15:45
noonedeadpunkeven lxc is probably not a blocker, as we getting it from your corp15:45
noonedeadpunk*copr15:45
noonedeadpunkok, great then :)15:46
noonedeadpunkthere's also one topic about magnum and capi drivers which was raised yesterday15:47
noonedeadpunkas there's really good chance to get compatability with azimuth driver quite easy15:47
noonedeadpunkthough some minor changes, except capo>=0.12, to collection which produces control cluster would be needed15:48
noonedeadpunkwill try to check on that during these weekeends15:49
noonedeadpunkand then - we can move out capi parts from ops repo15:49
noonedeadpunkas I think magnum was gonna drop heat driver this cycle15:49
noonedeadpunkso we should be right in time :)15:51
NeilHanlonwonderful :D 15:53
noonedeadpunkanything else we wanna discuss?15:54
NeilHanlonnothing from me i don't think15:54
jrosserno, i dont think so15:56
noonedeadpunkok, then thanks everyone for taking time and for your contributions :)15:56
noonedeadpunk#endmeeting15:56
opendevmeetMeeting ended Tue Jul 15 15:56:36 2025 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:56
opendevmeetMinutes:        https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-07-15-15.00.html15:56
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-07-15-15.00.txt15:56
opendevmeetLog:            https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-07-15-15.00.log.html15:56
« Monday, 2025-07-14 Index

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!