Wednesday, 2022-01-26

opendevreviewMerged openstack/kolla-ansible master: Fix bad openstack command while registering IDP  https://review.opendev.org/c/openstack/kolla-ansible/+/82632207:14
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible stable/xena: Fix bad openstack command while registering IDP  https://review.opendev.org/c/openstack/kolla-ansible/+/82637507:26
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible stable/wallaby: Fix bad openstack command while registering IDP  https://review.opendev.org/c/openstack/kolla-ansible/+/82637607:28
jingvar\o07:49
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible stable/wallaby: Fix bad openstack command while registering IDP  https://review.opendev.org/c/openstack/kolla-ansible/+/82637607:53
opendevreviewKevin Rasmussen proposed openstack/kolla-ansible stable/xena: Fix bad openstack command while registering IDP  https://review.opendev.org/c/openstack/kolla-ansible/+/82637509:32
opendevreviewMarcin Juszkiewicz proposed openstack/kolla stable/train: CI: make it work again  https://review.opendev.org/c/openstack/kolla/+/82603309:55
opendevreviewlikui proposed openstack/kolla-ansible stable/wallaby: update the default value of node_custom_config  https://review.opendev.org/c/openstack/kolla-ansible/+/82594110:45
opendevreviewlikui proposed openstack/kolla-ansible stable/wallaby: update the default value of node_custom_config  https://review.opendev.org/c/openstack/kolla-ansible/+/82594110:48
opendevreviewlikui proposed openstack/kolla-ansible stable/victoria: update the default value of node_custom_config  https://review.opendev.org/c/openstack/kolla-ansible/+/82594010:50
opendevreviewlikui proposed openstack/kolla-ansible stable/xena: update the default value of node_custom_config  https://review.opendev.org/c/openstack/kolla-ansible/+/82594210:53
opendevreviewMerged openstack/kolla-ansible master: openvswitch: add option to set hw offload  https://review.opendev.org/c/openstack/kolla-ansible/+/81925410:55
opendevreviewMerged openstack/kolla-ansible stable/xena: Revert "Use friendly target names in Prometheus"  https://review.opendev.org/c/openstack/kolla-ansible/+/82621610:55
opendevreviewMerged openstack/kolla-ansible stable/train: CI: make it work again (k-a side)  https://review.opendev.org/c/openstack/kolla-ansible/+/82626910:55
opendevreviewMerged openstack/kolla-ansible stable/xena: Fix bad openstack command while registering IDP  https://review.opendev.org/c/openstack/kolla-ansible/+/82637512:29
jingvarI've added a few new compute nodes, after container image pull, I've lost containers on working nodes12:59
jingvarimages from local registry13:00
jingvarIs it expected?13:00
mnasiadkamgoddard: might be a bit late for the meeting, would you be able to start it if I'm not around?13:19
opendevreviewMarcin Juszkiewicz proposed openstack/kolla-ansible stable/train: CI: trust Let's Encrypt certificates on CentOS  https://review.opendev.org/c/openstack/kolla-ansible/+/82646413:24
opendevreviewMarcin Juszkiewicz proposed openstack/kolla stable/train: CI: make it work again  https://review.opendev.org/c/openstack/kolla/+/82603313:25
dswebbhey all, are there any plans to support Rocky Linux as the baseOS going forward?  Or are you sticking with CentOS streams?   13:30
dswebb(the reason I'm asking is we're planning a new DC and trying to figure out what path we want go from our normal CentOS 8 installation)13:32
hrwdswebb: there is one patch for RL as host OS.13:37
hrwdswebb: there are no plans for RL as in-container-os13:38
dswebbre: container-os, that is fine.  We've made our peace with the debian only containers, but it would require a bunch of retooling to move away from a rhel derivative for our host OS setup.  13:39
hrwdswebb: so run C8S?13:39
dswebbI was just wondering if stream was going to be a long term commitment from kolla.  Last I had heard (arguably at the beginning of the stream debacle) it was a wait and see game.  What we don't want to do is go down a path that requires us at a later date to rejig everything to stay in a supported setup.13:43
dswebbif that makes sense13:43
hrwwe plan to limit in-container-os choices and get rid of binary images. k-a will allow to deploy on c8s/debian/rockylinux/ubuntu (and if someone provide patches for other rhel rebuilds then we may consider)13:45
hrwc8 is eol already and we moved c8->c8s already13:45
dswebbperfect, thanks for that.  13:47
opendevreviewMarcin Juszkiewicz proposed openstack/kolla stable/train: CI: make it work again  https://review.opendev.org/c/openstack/kolla/+/82603314:06
mnasiadkamgoddard: actually I'm back ;)14:07
hrwupgrade jobs are no longer in train14:10
mnasiadkamgoddard mnasiadka hrw egonzalez yoctozepto rafaelweingartne cosmicsound osmanlicilegi bbezak parallax Fl1nt frickler adrian-a - meeting in 3 minutes14:57
jingvarI've added a few new compute nodes, after container image pull, I've lost containers on working nodes - is it expected?14:58
mnasiadka#startmeeting kolla15:00
opendevmeetMeeting started Wed Jan 26 15:00:09 2022 UTC and is due to finish in 60 minutes.  The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'kolla'15:00
mnasiadka#topic rollcall15:00
yoctozeptoo/15:00
mnasiadkao/15:00
mgoddardO\15:04
mnasiadkaoh, and I wanted to write two person meeting ;-)15:04
hrw ]o[15:04
mnasiadkafour, hooray15:04
mnasiadka#topic agenda15:04
mnasiadka* Announcements15:04
mnasiadka* Review action items from the last meeting15:04
mnasiadka* CI status15:04
mnasiadka* Release tasks15:04
mnasiadka* Current cycle planning15:04
mnasiadka* Additional agenda (from whiteboard)15:04
mnasiadka* Open discussion15:04
mnasiadka#topic Announcements15:05
mnasiadkaNone from me15:05
mnasiadka#topic Review action items from the last meeting15:06
mnasiadka1. mnasiadka to triage security bugs and update them with resolution plan (if needed)15:06
mnasiadka2. mnasiadka post a patch for docs - standard topics that should be discussed over PTG and then revisited in mid-cycle15:06
mnasiadka3. kevko to let frickler know whether osism's solution is fine for his use case15:06
mnasiadka4. yoctozepto to review going-podman patches15:06
mnasiadka5. mgoddard to review going-podman patches15:06
mnasiadka6. halomiva/hinermar propose change for podman15:06
mnasiadka1. is in progress - haproxy tls ciphers bug doesn't seem to be a bug, I have a WIP change for using testssl.sh on our ciphers to detect issues earlier15:07
mgoddardI reviewed the systemd patch15:07
mnasiadka2. still to be done15:07
yoctozeptoI did not have time to review15:07
mnasiadkaOk then15:08
mnasiadka#action mnasiadka to triage security bugs and update them with resolution plan (if needed)15:09
mnasiadka#action mnasiadka post a patch for docs - standard topics that should be discussed over PTG and then revisited in mid-cycle15:09
mnasiadka#action kevko to let frickler know whether osism's solution is fine for his use case15:09
mnasiadka#action yoctozepto to review going-podman patches15:09
mnasiadkadid halomiva/hinermar propose changes for podman?15:10
mnasiadka(I guess not only the systemd ones)15:10
mnasiadka#action halomiva/hinermar propose changes for podman15:11
mnasiadkaThey are not here, so let's add it back as well.15:12
mnasiadka#topic CI status15:12
* hrw 15:13
mgoddardthey did push the podman changes, although they need a rebase15:14
hrwI hope that current train fixes make it pass.15:14
hrwonce they merge I do not want to touch train again15:14
yoctozeptohrw: nobody does15:14
mnasiadkaOk, Train situation is clear more or less15:15
mnasiadkaWhat about CentOS Linux 8 retirement in CI - is it done on Kolla/Kolla-Ansible side?15:15
yoctozeptowe have some cephadm issues on ubuntu15:15
yoctozeptomnasiadka: pending at least due to bifrost15:15
yoctozeptobut I have green light from dtantsur to drop the offending CI config15:16
mnasiadkaOk, I also need to take a look in the Kayobe patches.15:16
mgoddardmnasiadka: I think the ussuri kayobe patch is stuck15:16
mgoddardpossibly we need to drop upgrade jobs, or backport cs8 to train15:17
mnasiadkamgoddard: I noticed it's failing on post upgrade vm tests, but cirros seems to get up - so I don't really know what is the issue15:17
mnasiadkaBut yes, dropping upgrade jobs seems like a good solution (and an easy one).15:18
mnasiadkaAnyway, let's keep an eye on the CI related work that needs to be done...15:18
mnasiadka#topic Release tasks15:19
mnasiadkaIt's R-9 week,15:19
yoctozeptoso close to R-815:20
mnasiadkaR-8: Switch binary images to current release¶15:20
hrweasy and worked last time I checked15:21
mnasiadkaSo that's next week - any volunteer?15:21
hrwcan prepare patch for it15:21
mnasiadkathanks15:21
mnasiadka#action hrw to prepare patches for R-8 Switch binary images to current release15:21
mnasiadka#topic Current cycle planning15:22
hrwhttps://review.opendev.org/c/openstack/kolla/+/826033 - train is +1 on zuul15:23
mnasiadkaSo, we have some features here and there, I see Podman has gained some traction, so I guess we're on the right track.15:23
mnasiadkaAt some point last cycle we promised to look at VMware NSXP support patches - we all know there's no CI for that, but I guess we can't leave those patches hanging there.15:25
mnasiadkaAdd support for VMware NSXP https://review.opendev.org/c/openstack/kolla-ansible/+/80740415:25
mnasiadkaAdd support for VMware First Class Disk (FCD) https://review.opendev.org/c/openstack/kolla-ansible/+/80876015:25
mnasiadkaIs there any volunteer to look into those?15:25
opendevreviewMarcin Juszkiewicz proposed openstack/kolla master: Switch to use Yoga binary packages  https://review.opendev.org/c/openstack/kolla/+/82648815:26
mgoddardI could take a look15:27
mgoddardlooks like you already did mnasiadka 15:27
mnasiadkaYes, I already did some time ago, I'll sign us both into that.15:27
mnasiadkaAnsible core 2.12 - I think I saw a change around bumping it up15:28
mnasiadkaYes, merged already, crossing it out.15:28
mgoddarddo we have one for kayobe?15:28
yoctozeptomnasiadka: yeah, done15:29
yoctozeptoworks perfectly15:29
yoctozeptoI love such changes15:29
hrw+1 for FCD15:29
mgoddarddidn't 2.12 come with the requirement of python 3.8+?15:29
yoctozeptohrw: FCD?15:29
yoctozeptoah15:29
yoctozeptovmware15:29
mnasiadkamgoddard: they claimed in the docs - that it will require it, but it seems to work...15:30
mgoddardwe do test max & min versions in CI15:30
yoctozeptowe test max only on ubuntu15:30
mgoddardI think centos gets min15:30
yoctozeptowhere it is 3.815:30
yoctozeptoyeah15:30
mgoddardok15:30
mgoddardprobably we could do it using version-specific deps in requirements.txt for kayobe15:31
mnasiadkaOk, so Kayobe part is to be done15:31
mnasiadkaAdded to the Kayobe list15:32
mnasiadkaWhat about Let's Encrypt? It would be nice to get that merged, but it seems we would need to discuss that again - I personally don't like the supervisor approach (and we probably don't need it anymore - since we bumped haproxy to 2.2)15:33
mgoddardis that part still present in the current patch?15:33
mnasiadkaIt's in the Kolla patch to add supervisor packages15:34
mgoddardI thought we dropped/split out  the contentious haproxy bits15:34
mnasiadkaIt would be nice to discuss if headphoneJames would have time to put cycles in it15:34
mnasiadkaor is he more interested in Keystone System Scope15:35
mnasiadkaI'll try to reach out to him outside of this meeting.15:35
mgoddardI think he's put some time into it recently15:35
mgoddardsecure RBAC work is in fairly good shape for yoga I think15:36
mnasiadkaThat's nice.15:36
mnasiadkaI haven't seen any progress in the AWS OpenSearch topic - I'll bug parallax later about that.15:37
mnasiadkaOk, that's probably enough on the planning side.15:37
mnasiadkaNo additional topics on the whiteboard (for the meeting today)15:38
mnasiadka#topic Open discussion15:38
mnasiadkaAny topic anyone? ;-)15:39
mgoddardLibvirt on the host15:39
mgoddardI've been working on some kolla-ansible & kayobe patches to run libvirt on the host, rather than in a container15:39
mgoddardwe see this as a step towards decoupling the host & container OS15:40
mgoddardhttps://review.opendev.org/c/openstack/kayobe/+/82535915:40
mgoddardhttps://review.opendev.org/c/openstack/kolla-ansible/+/82535715:40
yoctozeptoyet we rely on host's libvirt then15:40
yoctozeptowhy is it better?15:40
mgoddardthe client-server relationship is loose15:41
mgoddardlibvirt-kernel less so15:41
mgoddardwe have seen some issues even between CentOS minor version mismatches15:42
yoctozeptointeresting15:42
yoctozeptoI thought it was kernel-independent15:42
yoctozeptoas libvirt only manages the qemu processes15:42
mnasiadkaI'm not personally convinced it's a better way than libvirt in container, maybe an alternative for Kayobe users15:42
yoctozeptoperhaps it's actually the issue with qemu15:42
yoctozeptoi.e., the thing we should be using from the host is qemu15:43
mnasiadkaAround kernel mismatches - yes, we've had one or two occurences, but maybe because we haven't been pinning images to CentOS minor release15:43
mgoddardmost likely15:43
mgoddardmnasiadka: but doesn't that suggest that a good match is required?15:43
yoctozeptoI guess I don't mind it this way, newer libvirt+qemu rarely offer enough if the kernel is old15:43
yoctozeptoand people preferring less stress will run homogenous hosts15:44
yoctozeptoso no need to homogenise at the container level15:44
mgoddardif we were to consider mixing container & OS distros, it seems more sensible to keep libvirt on the host, right?15:45
mgoddardanother change that is coming down the line is modular libvirt daemons15:45
mgoddardhttps://libvirt.org/daemons.html15:45
mgoddardat some point libvirt will make this mandatory15:46
mnasiadkaWell, I would be happy to see at least proper logging in the containerised libvirt (currently we don't support virtlogd)15:46
mgoddardso you'd need a few virt*d containers15:46
yoctozeptoyeah, I agree going host is smarter15:47
yoctozeptomore so that we are likely the only project containerising libvirt15:48
yoctozeptokhekhe15:48
yoctozeptoso all dog food there is our dog food15:48
mgoddardmy current approach makes the libvirt container optional in kolla-ansible15:48
yoctozeptoand it's usually nice to share this kind of bowl with others15:48
mgoddardswitching to host paths (/var/lib/libvirt etc) when disabled15:49
mgoddardkayobe handles config & deploy of libvirt15:49
mgoddardbut it uses the stackhpc.libvirt-host ansible role, which could easily be picked up by kolla-ansible if it so desired15:49
yoctozeptomakes sense15:49
yoctozeptoI don't mind15:50
mgoddardjust thought I'd share what will be coming down the pipe15:50
yoctozeptobut let's make this optional anyway15:50
mgoddard+115:50
mgoddard</libvirt on host>15:52
DK4it is currently possible to place the haproxy on separate nodes or do i need to turn off haproxy completely and do the lbs on my own?15:55
mnasiadkaok, let's finish the meeting15:56
mnasiadkathanks guys for attending15:56
yoctozeptothanks mnasiadka for chairing15:56
mnasiadka#endmeeting15:56
opendevmeetMeeting ended Wed Jan 26 15:56:30 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:56
opendevmeetMinutes:        https://meetings.opendev.org/meetings/kolla/2022/kolla.2022-01-26-15.00.html15:56
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/kolla/2022/kolla.2022-01-26-15.00.txt15:56
opendevmeetLog:            https://meetings.opendev.org/meetings/kolla/2022/kolla.2022-01-26-15.00.log.html15:56
mnasiadkaDK4: just edit the inventory and change members of the haproxy group?15:56
hrwnow, cores: +2+W train fixes (both)15:56
mgoddardDK4: possible, via the loadbalancer group (or haproxy group in wallaby & earlier)15:57
hrwhttps://review.opendev.org/c/openstack/kolla/+/826033https://review.opendev.org/c/openstack/kolla-ansible/+/82646415:57
hrwhttps://review.opendev.org/c/openstack/kolla/+/826033 https://review.opendev.org/c/openstack/kolla-ansible/+/82646415:57
DK4Sorry - didnt want to crash into the meeting. Thanks i was looking for haproxy in the inventory but it is indeed loadbalancer15:58
* yoctozepto off15:58
* hrw off15:58
opendevreviewRadosław Piliszek proposed openstack/kolla-ansible master: [DNM] [CI] Test Zun with Ceph  https://review.opendev.org/c/openstack/kolla-ansible/+/82552016:03
jingvarI've added a few new compute nodes, after container image pull, I've lost containers on working nodes - is it expected?16:24
mgoddardjingvar: not expected16:26
opendevreviewRadosław Piliszek proposed openstack/kolla-ansible master: Deploy Zun with Cinder Ceph support  https://review.opendev.org/c/openstack/kolla-ansible/+/82472216:28
opendevreviewRadosław Piliszek proposed openstack/kolla-ansible master: [DNM] [CI] Test Zun with Ceph  https://review.opendev.org/c/openstack/kolla-ansible/+/82552016:28
jingvarmgoddard: thaks , will reproduce16:29
opendevreviewMerged openstack/kolla-ansible master: fluentd: remove legacy parsing config  https://review.opendev.org/c/openstack/kolla-ansible/+/82316117:07
opendevreviewMerged openstack/kolla-ansible stable/train: CI: trust Let's Encrypt certificates on CentOS  https://review.opendev.org/c/openstack/kolla-ansible/+/82646417:07
opendevreviewMerged openstack/kolla stable/train: CI: make it work again  https://review.opendev.org/c/openstack/kolla/+/82603317:16
opendevreviewRadosław Piliszek proposed openstack/kolla master: Use distro provided GRUB efi  https://review.opendev.org/c/openstack/kolla/+/72463019:48
opendevreviewMerged openstack/kolla master: Use distro provided GRUB efi  https://review.opendev.org/c/openstack/kolla/+/72463023:33

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!