Wednesday, 2021-12-15

opendevreviewJames Kirsch proposed openstack/kolla-ansible master: Add support for LetsEncrypt-managed certs  https://review.opendev.org/c/openstack/kolla-ansible/+/74134000:58
*** amoralej|off is now known as amoralej07:59
kevkohrw: coincidentally you don't have any jenkins pipeline for kolla images ?09:44
kevkohrw: I have my internal jenkins pipeline but it's built in k8s and I need to rework it and they don't have k8s .. is somewhere some project I can inspire ? 09:45
bkrahi community, is there a suitable way to render multiple dhcp-range entries for ironic dnsmasq? i checked source but cant seem to find a way, cheers.10:12
bsanjeewa[m]Hi, any news when xena will be available (kayobe)10:14
bsanjeewa[m]And anyone experience to be unable to build nova-base with current stable/xena branch?10:15
mgoddardbsanjeewa[m]: it's available10:20
bsanjeewa[m]mgoddard: oops I missed that announcement. Ok thanks. Any idea about the nova-base problem10:22
mgoddardunsure about the image issue, I haven't been checking much recently10:23
bsanjeewa[m]mgoddard: I will share the build log later, so someone can help. The overcloud container image build command is still running for more than 12 hours.10:26
fricklerkevko: why is zuul not an option for you?10:34
fricklerthere's even some zuul-operator being worked upon, though not very stable yet from what I heard10:35
kevkofrickler: because it will be delivered  to client .. :/10:37
kevkomgoddard hrw yoctozepto ? trivial healthcheck for neutron dragent https://review.opendev.org/c/openstack/kolla-ansible/+/80537910:38
mgoddardkevko: haven't you learned not to say trivial yet? things are rarely trivial :p10:38
* frickler has some non-trivial patches up, if you prefer that, mgoddard ;)10:46
hrwkevko: moment10:55
hrwkevko: we use Jenkins Job Builder (iirC) plugin. https://git.linaro.org/ci/job/configs.git/tree/leg-kolla.yaml is definition of job, https://git.linaro.org/ci/job/configs.git/tree/leg-kolla holds build script etc10:57
kevkomgoddard: well, this is trivial :D it's just healthcheck :P 11:55
*** amoralej is now known as amoralej|lunch13:25
*** amoralej|lunch is now known as amoralej14:00
mgoddardmgoddard mnasiadka hrw egonzalez yoctozepto rafaelweingartne cosmicsound osmanlicilegi bbezak parallax Fl1nt frickler adrian-a14:56
mgoddardmeeting in 4 ^14:56
*** mgkwill_ is now known as mgkwill14:58
*** r3ap3r_ is now known as r3ap3r14:58
*** stackedsax_ is now known as stackedsax14:59
*** headphoneJames_ is now known as headphoneJames15:00
*** johnsom_ is now known as johnsom15:00
*** bbezak_ is now known as bbezak15:00
*** jopdorp_ is now known as jopdorp15:01
*** parallax_ is now known as parallax`15:01
fricklerirccloud hickups again?15:01
parallax`maybe15:01
mgoddard#startmeeting kolla15:01
opendevmeetMeeting started Wed Dec 15 15:01:47 2021 UTC and is due to finish in 60 minutes.  The chair is mgoddard. Information about MeetBot at http://wiki.debian.org/MeetBot.15:01
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:01
opendevmeetThe meeting name has been set to 'kolla'15:01
mgoddard#topic rollcall15:02
parallax`o/15:02
*** parallax` is now known as parallax15:02
hrw[°][o][°]15:03
*** parallax is now known as Guest853515:03
frickler\o15:03
bbezak\o15:04
mgoddard\o15:05
mgoddard# topic agenda15:05
mgoddard#topic agenda15:05
mgoddard* Roll-call15:06
mgoddard* Agenda15:06
mgoddard* Announcements15:06
mgoddard* Review action items from the last meeting15:06
mgoddard* CI status15:06
mgoddard* Release tasks15:06
mgoddard* Current cycle planning15:06
mgoddard* (mnasiadka) - log4j vulnerability and Kolla - elasticsearch/logstash?15:06
mgoddard* Open discussion15:06
mgoddard#topic announcements15:06
mgoddardmnasiadka asked me to chair today as he is unavailable15:06
mgoddardanyone else?15:08
mgoddard#topic Review action items from the last meeting15:08
mgoddardmnasiadka to triage security bugs and update them with resolution plan (if needed)15:09
mgoddardmnasiadka post a patch for docs - standard topics that should be discussed over PTG and then revisited in mid-cycle15:09
mgoddardanybody not forget to go through backports for stable branches (L248 on Whiteboard) and do stable releases afterwards.15:09
mgoddardparallax look into Grafana Kolla build failures on Ussuri/CentOS15:09
mgoddardyoctozepto to send mail to openstack ML about dropping vmtp15:09
mgoddardyoctozepto to remove CentOS 8 based CI jobs and manage communication (ML and renos)15:09
mgoddardthis list seems to just be growing :)15:09
mgoddardanyone complete any?15:09
mgoddard#action mnasiadka to triage security bugs and update them with resolution plan (if needed)15:10
mgoddard#action mnasiadka post a patch for docs - standard topics that should be discussed over PTG and then revisited in mid-cycle15:10
mgoddard#action anybody not forget to go through backports for stable branches (L248 on Whiteboard) and do stable releases afterwards15:11
hrwvmtp mail happened. no response15:11
mgoddard#action parallax look into Grafana Kolla build failures on Ussuri/CentOS 15:11
mgoddard#action yoctozepto to remove CentOS 8 based CI jobs and manage communication (ML and renos)15:11
mgoddardok15:11
mgoddard#topic CI status15:11
mgoddardwhiteboard mostly green15:12
hrwkolla/ussuri is broken due to monasca-grafana iirc15:12
hrwthere was some patch to fix it, failed on something else, not checked why15:12
priteauIt was merged? https://review.opendev.org/c/openstack/kolla/+/82153315:13
hrwcool ;)15:13
mgoddard#topic Release tasks15:14
mgoddardwe are in R-1515:14
mgoddardNothing to do for now15:15
mgoddard#topic  Current cycle planning15:15
mgoddardI think we're a bit low on numbers for planning today15:15
mgoddard#topic (mnasiadka) - log4j vulnerability and Kolla - elasticsearch/logstash?15:15
mgoddardpriteau: I think you were involved in the internal discussion on this earlier15:16
priteauYes, I can share15:16
mgoddardthanks15:16
priteauI only looked at victoria so far15:16
priteauThe latest images on quay.io include the new release from elastic15:16
priteauelasticsearch-oss 6.8.2115:17
priteauAlso, even an old-ish image (built last summer) was not vulnerable because it was 6.8.9+15:17
priteauAnd JDK1115:18
priteauI am checking wallaby now, which is Elasticsearch 715:18
priteauI've not looked at Logstash15:18
priteauwallaby: elasticsearch-oss-7.10.2-1.x86_6415:19
priteauNote I am only looking at centos-binary15:20
priteauSo Wallaby (and above I suppose), theoretically not vulnerable because 7.8+, thanks to Java Security Manager15:20
priteauHowever we don't get the proper fix from Elastic, which would be 7.16.115:21
priteauUnless this was also backported to 7.1015:21
*** bsanjeewa[m] is now known as bsanjeewa15:21
priteauNope, looks like 7.10.2 is an old release15:22
priteauThat's all I have to share so far15:23
mgoddardsounds like we are fairly safe for elastic in the maintained releases15:23
mgoddardwe could apply the java option mitigation15:24
priteauThat would make it safer indeed, especially for wallaby/xena15:24
priteauSince they don't get the new package which applies the java option15:25
mgoddardanyone want to pick it up?15:26
parallax_me15:27
mgoddard#action parallax_ apply jvm option mitigation for log4shell in elasticsearch15:27
mgoddardthanks15:27
parallax_np15:27
mgoddard#topic Open discussion15:27
mgoddardDoes anyone have anything this week?15:28
bbezakThere is a bug in k-a ovn implementation of system-id registration in ovs - which suppose to be in UUID format - impacting mostly neutron-ovn-metadata-agent - https://bugs.launchpad.net/kolla-ansible/+bug/195255015:28
bbezakrelated fix - https://review.opendev.org/c/openstack/kolla-ansible/+/81870015:28
bbezakChanging back to UUID in running environment is tricky - I'm working on it currently15:29
*** parallax_ is now known as parallax15:30
bbezakchanging to UUID works fine with that change above - however one needs to do manually cleanup of old chassis and chassis_private in ovn_sb_db, and then restart metadata agent, and cleanup entries in neutron via openstack network agent list15:31
bbezakwhich is something I'm not sure if we can automate in k-a easily15:31
mgoddardwhat happens if you don't do it?15:32
bbezakovn-metadata agent won't work15:32
bbezakconnectivity works fine as far as I can see15:33
bbezaksimilar to this - https://bugzilla.redhat.com/show_bug.cgi?id=1948472#c1215:34
mgoddardok, seems like the discussion is ongoing in the bug15:34
mgoddardand review15:34
bbezakyeap15:34
bbezakjust to let you know15:34
bbezakthis also has bigger impact when used with ovs 2.16 - which is doing automatic leadership transfer when doing snapshots of ovsdb - then ovn-metadata-agent cannot reconnect when non UUID system-id is used15:36
mgoddardsounds nasty15:40
mgoddardany other topics?15:40
mgoddardthanks all15:43
mgoddard#endmeeting15:43
opendevmeetMeeting ended Wed Dec 15 15:43:04 2021 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:43
opendevmeetMinutes:        https://meetings.opendev.org/meetings/kolla/2021/kolla.2021-12-15-15.01.html15:43
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/kolla/2021/kolla.2021-12-15-15.01.txt15:43
opendevmeetLog:            https://meetings.opendev.org/meetings/kolla/2021/kolla.2021-12-15-15.01.log.html15:43
bsanjeewaAnyone can tell me why I am receiving this? INFO:kolla.common.utils.nova-base:pip._vendor.resolvelib.resolvers.ResolutionTooDeep: 200000015:47
bsanjeewa^this comes immediately after INFO:kolla.common.utils.nova-base:  Downloading oslo.reports-2.3.0-py3-none-any.whl (53 kB)15:47
opendevreviewPiotr Parczewski proposed openstack/kolla-ansible master: [Security] Add log4j vulnerability mitigation  https://review.opendev.org/c/openstack/kolla-ansible/+/82186016:01
jamesbensonquestion, we are testing ussuri, victoria, wallaby, and xena.  All the same configs and all pass refstack except for victoria.  Is there something weird going on with victoria or something I need to look out for?16:07
jamesbensonWe've been using kolla for a while, so I don't think there is anything I need to look out for, but just double checking. :-)16:07
priteaujamesbenson: not that I am aware. It would help if you shared which test is failing and how16:19
jamesbenson@priteau, I haven't dug super into it yet, but it is the compute tests that involve SSH into the VM's. I've double/triple checked the max microversions which was an issue previously. 16:32
jamesbensonmight be a question for #openstack-qa16:32
jamesbensonI just wanted to make sure the images were all green and it wasn't something specific to kolla since it's an older version16:33
priteauI don't think so16:33
priteauAnd when on Victoria, you can launch instances and connect to them fine?16:34
jamesbensonit's all in a testing environment, so I haven't debugged into it to double check that.  But yes, I wanted to double check that. :-)16:36
opendevreviewMark Goddard proposed openstack/kolla-ansible master: cinder: restart services after upgrade  https://review.opendev.org/c/openstack/kolla-ansible/+/82186216:43
*** amoralej is now known as amoralej|off17:42
opendevreviewMerged openstack/kayobe stable/xena: Fix installation prefix detection  https://review.opendev.org/c/openstack/kayobe/+/82049918:41
opendevreviewMerged openstack/kayobe stable/ussuri: Fix installation prefix detection  https://review.opendev.org/c/openstack/kayobe/+/82050218:41
opendevreviewMerged openstack/kayobe stable/wallaby: Fix installation prefix detection  https://review.opendev.org/c/openstack/kayobe/+/82050018:41
opendevreviewVerification of a change to openstack/kayobe stable/victoria failed: Fix installation prefix detection  https://review.opendev.org/c/openstack/kayobe/+/82050120:20
opendevreviewJames Kirsch proposed openstack/kolla-ansible master: Use system scoped tokens with Keystone  https://review.opendev.org/c/openstack/kolla-ansible/+/81557721:49

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!