| opendevreview | James Kirsch proposed openstack/kolla-ansible master: Add support for LetsEncrypt-managed certs https://review.opendev.org/c/openstack/kolla-ansible/+/741340 | 00:58 |
|---|---|---|
| *** amoralej|off is now known as amoralej | 07:59 | |
| kevko | hrw: coincidentally you don't have any jenkins pipeline for kolla images ? | 09:44 |
| kevko | hrw: I have my internal jenkins pipeline but it's built in k8s and I need to rework it and they don't have k8s .. is somewhere some project I can inspire ? | 09:45 |
| bkra | hi community, is there a suitable way to render multiple dhcp-range entries for ironic dnsmasq? i checked source but cant seem to find a way, cheers. | 10:12 |
| bsanjeewa[m] | Hi, any news when xena will be available (kayobe) | 10:14 |
| bsanjeewa[m] | And anyone experience to be unable to build nova-base with current stable/xena branch? | 10:15 |
| mgoddard | bsanjeewa[m]: it's available | 10:20 |
| bsanjeewa[m] | mgoddard: oops I missed that announcement. Ok thanks. Any idea about the nova-base problem | 10:22 |
| mgoddard | unsure about the image issue, I haven't been checking much recently | 10:23 |
| bsanjeewa[m] | mgoddard: I will share the build log later, so someone can help. The overcloud container image build command is still running for more than 12 hours. | 10:26 |
| frickler | kevko: why is zuul not an option for you? | 10:34 |
| frickler | there's even some zuul-operator being worked upon, though not very stable yet from what I heard | 10:35 |
| kevko | frickler: because it will be delivered to client .. :/ | 10:37 |
| kevko | mgoddard hrw yoctozepto ? trivial healthcheck for neutron dragent https://review.opendev.org/c/openstack/kolla-ansible/+/805379 | 10:38 |
| mgoddard | kevko: haven't you learned not to say trivial yet? things are rarely trivial :p | 10:38 |
| * frickler has some non-trivial patches up, if you prefer that, mgoddard ;) | 10:46 | |
| hrw | kevko: moment | 10:55 |
| hrw | kevko: we use Jenkins Job Builder (iirC) plugin. https://git.linaro.org/ci/job/configs.git/tree/leg-kolla.yaml is definition of job, https://git.linaro.org/ci/job/configs.git/tree/leg-kolla holds build script etc | 10:57 |
| kevko | mgoddard: well, this is trivial :D it's just healthcheck :P | 11:55 |
| *** amoralej is now known as amoralej|lunch | 13:25 | |
| *** amoralej|lunch is now known as amoralej | 14:00 | |
| mgoddard | mgoddard mnasiadka hrw egonzalez yoctozepto rafaelweingartne cosmicsound osmanlicilegi bbezak parallax Fl1nt frickler adrian-a | 14:56 |
| mgoddard | meeting in 4 ^ | 14:56 |
| *** mgkwill_ is now known as mgkwill | 14:58 | |
| *** r3ap3r_ is now known as r3ap3r | 14:58 | |
| *** stackedsax_ is now known as stackedsax | 14:59 | |
| *** headphoneJames_ is now known as headphoneJames | 15:00 | |
| *** johnsom_ is now known as johnsom | 15:00 | |
| *** bbezak_ is now known as bbezak | 15:00 | |
| *** jopdorp_ is now known as jopdorp | 15:01 | |
| *** parallax_ is now known as parallax` | 15:01 | |
| frickler | irccloud hickups again? | 15:01 |
| parallax` | maybe | 15:01 |
| mgoddard | #startmeeting kolla | 15:01 |
| opendevmeet | Meeting started Wed Dec 15 15:01:47 2021 UTC and is due to finish in 60 minutes. The chair is mgoddard. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:01 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:01 |
| opendevmeet | The meeting name has been set to 'kolla' | 15:01 |
| mgoddard | #topic rollcall | 15:02 |
| parallax` | o/ | 15:02 |
| *** parallax` is now known as parallax | 15:02 | |
| hrw | [°][o][°] | 15:03 |
| *** parallax is now known as Guest8535 | 15:03 | |
| frickler | \o | 15:03 |
| bbezak | \o | 15:04 |
| mgoddard | \o | 15:05 |
| mgoddard | # topic agenda | 15:05 |
| mgoddard | #topic agenda | 15:05 |
| mgoddard | * Roll-call | 15:06 |
| mgoddard | * Agenda | 15:06 |
| mgoddard | * Announcements | 15:06 |
| mgoddard | * Review action items from the last meeting | 15:06 |
| mgoddard | * CI status | 15:06 |
| mgoddard | * Release tasks | 15:06 |
| mgoddard | * Current cycle planning | 15:06 |
| mgoddard | * (mnasiadka) - log4j vulnerability and Kolla - elasticsearch/logstash? | 15:06 |
| mgoddard | * Open discussion | 15:06 |
| mgoddard | #topic announcements | 15:06 |
| mgoddard | mnasiadka asked me to chair today as he is unavailable | 15:06 |
| mgoddard | anyone else? | 15:08 |
| mgoddard | #topic Review action items from the last meeting | 15:08 |
| mgoddard | mnasiadka to triage security bugs and update them with resolution plan (if needed) | 15:09 |
| mgoddard | mnasiadka post a patch for docs - standard topics that should be discussed over PTG and then revisited in mid-cycle | 15:09 |
| mgoddard | anybody not forget to go through backports for stable branches (L248 on Whiteboard) and do stable releases afterwards. | 15:09 |
| mgoddard | parallax look into Grafana Kolla build failures on Ussuri/CentOS | 15:09 |
| mgoddard | yoctozepto to send mail to openstack ML about dropping vmtp | 15:09 |
| mgoddard | yoctozepto to remove CentOS 8 based CI jobs and manage communication (ML and renos) | 15:09 |
| mgoddard | this list seems to just be growing :) | 15:09 |
| mgoddard | anyone complete any? | 15:09 |
| mgoddard | #action mnasiadka to triage security bugs and update them with resolution plan (if needed) | 15:10 |
| mgoddard | #action mnasiadka post a patch for docs - standard topics that should be discussed over PTG and then revisited in mid-cycle | 15:10 |
| mgoddard | #action anybody not forget to go through backports for stable branches (L248 on Whiteboard) and do stable releases afterwards | 15:11 |
| hrw | vmtp mail happened. no response | 15:11 |
| mgoddard | #action parallax look into Grafana Kolla build failures on Ussuri/CentOS | 15:11 |
| mgoddard | #action yoctozepto to remove CentOS 8 based CI jobs and manage communication (ML and renos) | 15:11 |
| mgoddard | ok | 15:11 |
| mgoddard | #topic CI status | 15:11 |
| mgoddard | whiteboard mostly green | 15:12 |
| hrw | kolla/ussuri is broken due to monasca-grafana iirc | 15:12 |
| hrw | there was some patch to fix it, failed on something else, not checked why | 15:12 |
| priteau | It was merged? https://review.opendev.org/c/openstack/kolla/+/821533 | 15:13 |
| hrw | cool ;) | 15:13 |
| mgoddard | #topic Release tasks | 15:14 |
| mgoddard | we are in R-15 | 15:14 |
| mgoddard | Nothing to do for now | 15:15 |
| mgoddard | #topic Current cycle planning | 15:15 |
| mgoddard | I think we're a bit low on numbers for planning today | 15:15 |
| mgoddard | #topic (mnasiadka) - log4j vulnerability and Kolla - elasticsearch/logstash? | 15:15 |
| mgoddard | priteau: I think you were involved in the internal discussion on this earlier | 15:16 |
| priteau | Yes, I can share | 15:16 |
| mgoddard | thanks | 15:16 |
| priteau | I only looked at victoria so far | 15:16 |
| priteau | The latest images on quay.io include the new release from elastic | 15:16 |
| priteau | elasticsearch-oss 6.8.21 | 15:17 |
| priteau | Also, even an old-ish image (built last summer) was not vulnerable because it was 6.8.9+ | 15:17 |
| priteau | And JDK11 | 15:18 |
| priteau | I am checking wallaby now, which is Elasticsearch 7 | 15:18 |
| priteau | I've not looked at Logstash | 15:18 |
| priteau | wallaby: elasticsearch-oss-7.10.2-1.x86_64 | 15:19 |
| priteau | Note I am only looking at centos-binary | 15:20 |
| priteau | So Wallaby (and above I suppose), theoretically not vulnerable because 7.8+, thanks to Java Security Manager | 15:20 |
| priteau | However we don't get the proper fix from Elastic, which would be 7.16.1 | 15:21 |
| priteau | Unless this was also backported to 7.10 | 15:21 |
| *** bsanjeewa[m] is now known as bsanjeewa | 15:21 | |
| priteau | Nope, looks like 7.10.2 is an old release | 15:22 |
| priteau | That's all I have to share so far | 15:23 |
| mgoddard | sounds like we are fairly safe for elastic in the maintained releases | 15:23 |
| mgoddard | we could apply the java option mitigation | 15:24 |
| priteau | That would make it safer indeed, especially for wallaby/xena | 15:24 |
| priteau | Since they don't get the new package which applies the java option | 15:25 |
| mgoddard | anyone want to pick it up? | 15:26 |
| parallax_ | me | 15:27 |
| mgoddard | #action parallax_ apply jvm option mitigation for log4shell in elasticsearch | 15:27 |
| mgoddard | thanks | 15:27 |
| parallax_ | np | 15:27 |
| mgoddard | #topic Open discussion | 15:27 |
| mgoddard | Does anyone have anything this week? | 15:28 |
| bbezak | There is a bug in k-a ovn implementation of system-id registration in ovs - which suppose to be in UUID format - impacting mostly neutron-ovn-metadata-agent - https://bugs.launchpad.net/kolla-ansible/+bug/1952550 | 15:28 |
| bbezak | related fix - https://review.opendev.org/c/openstack/kolla-ansible/+/818700 | 15:28 |
| bbezak | Changing back to UUID in running environment is tricky - I'm working on it currently | 15:29 |
| *** parallax_ is now known as parallax | 15:30 | |
| bbezak | changing to UUID works fine with that change above - however one needs to do manually cleanup of old chassis and chassis_private in ovn_sb_db, and then restart metadata agent, and cleanup entries in neutron via openstack network agent list | 15:31 |
| bbezak | which is something I'm not sure if we can automate in k-a easily | 15:31 |
| mgoddard | what happens if you don't do it? | 15:32 |
| bbezak | ovn-metadata agent won't work | 15:32 |
| bbezak | connectivity works fine as far as I can see | 15:33 |
| bbezak | similar to this - https://bugzilla.redhat.com/show_bug.cgi?id=1948472#c12 | 15:34 |
| mgoddard | ok, seems like the discussion is ongoing in the bug | 15:34 |
| mgoddard | and review | 15:34 |
| bbezak | yeap | 15:34 |
| bbezak | just to let you know | 15:34 |
| bbezak | this also has bigger impact when used with ovs 2.16 - which is doing automatic leadership transfer when doing snapshots of ovsdb - then ovn-metadata-agent cannot reconnect when non UUID system-id is used | 15:36 |
| mgoddard | sounds nasty | 15:40 |
| mgoddard | any other topics? | 15:40 |
| mgoddard | thanks all | 15:43 |
| mgoddard | #endmeeting | 15:43 |
| opendevmeet | Meeting ended Wed Dec 15 15:43:04 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:43 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/kolla/2021/kolla.2021-12-15-15.01.html | 15:43 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/kolla/2021/kolla.2021-12-15-15.01.txt | 15:43 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/kolla/2021/kolla.2021-12-15-15.01.log.html | 15:43 |
| bsanjeewa | Anyone can tell me why I am receiving this? INFO:kolla.common.utils.nova-base:pip._vendor.resolvelib.resolvers.ResolutionTooDeep: 2000000 | 15:47 |
| bsanjeewa | ^this comes immediately after INFO:kolla.common.utils.nova-base: Downloading oslo.reports-2.3.0-py3-none-any.whl (53 kB) | 15:47 |
| opendevreview | Piotr Parczewski proposed openstack/kolla-ansible master: [Security] Add log4j vulnerability mitigation https://review.opendev.org/c/openstack/kolla-ansible/+/821860 | 16:01 |
| jamesbenson | question, we are testing ussuri, victoria, wallaby, and xena. All the same configs and all pass refstack except for victoria. Is there something weird going on with victoria or something I need to look out for? | 16:07 |
| jamesbenson | We've been using kolla for a while, so I don't think there is anything I need to look out for, but just double checking. :-) | 16:07 |
| priteau | jamesbenson: not that I am aware. It would help if you shared which test is failing and how | 16:19 |
| jamesbenson | @priteau, I haven't dug super into it yet, but it is the compute tests that involve SSH into the VM's. I've double/triple checked the max microversions which was an issue previously. | 16:32 |
| jamesbenson | might be a question for #openstack-qa | 16:32 |
| jamesbenson | I just wanted to make sure the images were all green and it wasn't something specific to kolla since it's an older version | 16:33 |
| priteau | I don't think so | 16:33 |
| priteau | And when on Victoria, you can launch instances and connect to them fine? | 16:34 |
| jamesbenson | it's all in a testing environment, so I haven't debugged into it to double check that. But yes, I wanted to double check that. :-) | 16:36 |
| opendevreview | Mark Goddard proposed openstack/kolla-ansible master: cinder: restart services after upgrade https://review.opendev.org/c/openstack/kolla-ansible/+/821862 | 16:43 |
| *** amoralej is now known as amoralej|off | 17:42 | |
| opendevreview | Merged openstack/kayobe stable/xena: Fix installation prefix detection https://review.opendev.org/c/openstack/kayobe/+/820499 | 18:41 |
| opendevreview | Merged openstack/kayobe stable/ussuri: Fix installation prefix detection https://review.opendev.org/c/openstack/kayobe/+/820502 | 18:41 |
| opendevreview | Merged openstack/kayobe stable/wallaby: Fix installation prefix detection https://review.opendev.org/c/openstack/kayobe/+/820500 | 18:41 |
| opendevreview | Verification of a change to openstack/kayobe stable/victoria failed: Fix installation prefix detection https://review.opendev.org/c/openstack/kayobe/+/820501 | 20:20 |
| opendevreview | James Kirsch proposed openstack/kolla-ansible master: Use system scoped tokens with Keystone https://review.opendev.org/c/openstack/kolla-ansible/+/815577 | 21:49 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!