| *** ysandeep|out is now known as ysandeep | 01:45 | |
| *** ysandeep is now known as ysandeep|afk | 03:42 | |
| *** ysandeep|afk is now known as ysandeep | 05:14 | |
| *** ysandeep is now known as ysandeep|sick | 08:27 | |
| matfechner | window 1 | 15:50 |
|---|---|---|
| gthiemonge | #startmeeting Octavia | 16:00 |
| opendevmeet | Meeting started Wed Sep 28 16:00:20 2022 UTC and is due to finish in 60 minutes. The chair is gthiemonge. Information about MeetBot at http://wiki.debian.org/MeetBot. | 16:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 16:00 |
| opendevmeet | The meeting name has been set to 'octavia' | 16:00 |
| gthiemonge | Hi! | 16:00 |
| oschwart | o/ | 16:00 |
| tweining | o/ | 16:00 |
| matfechner | o/ | 16:00 |
| johnsom | o/ | 16:00 |
| QG | o/ | 16:00 |
| gthiemonge | #topic Announcements | 16:04 |
| gthiemonge | I have no announcement this week, we are good with the RC1 for Zed (this week is the deadline for final RCs) | 16:04 |
| tweining | no news is good news | 16:05 |
| johnsom | +1 | 16:05 |
| gthiemonge | #topic CI Status | 16:07 |
| gthiemonge | regarding the CI, we still have those tests that are randomly failing on stable branches | 16:08 |
| gthiemonge | we need to review/approve this backport: https://review.opendev.org/q/Ib3f269cbe80222aafb22a36bb09444480a4bbb8d | 16:08 |
| gthiemonge | (I'll take a look after the meeting) | 16:08 |
| gthiemonge | johnsom: maybe you can also review them? | 16:09 |
| johnsom | ack | 16:09 |
| gthiemonge | thanks | 16:10 |
| gthiemonge | #topic Brief progress reports / bugs needing review | 16:12 |
| gthiemonge | I proposed a fix for a bug reported on storyboard: Octavia raises an exceptino when deleting a listener that has a deleted certificate | 16:13 |
| gthiemonge | #link https://review.opendev.org/c/openstack/octavia/+/859387 | 16:13 |
| johnsom | We should ping barbican team again on getting the register feature working for secrets. | 16:13 |
| gthiemonge | johnsom: what's that? | 16:14 |
| johnsom | So, when we used barbican "containers" to store certs, we "registered" that it was in-use with barbican so it could not be deleted. | 16:14 |
| dmendiza[m] | johnsom: the API side implementation landed in Zed | 16:15 |
| gthiemonge | I didn't know that | 16:15 |
| johnsom | When we moved to the secrets API for the pkcs12 bundles, they hadn't yet implemented the "register" feature for secrets. | 16:15 |
| dmendiza[m] | johnsom: we're working on the client bits now (including Castellan) | 16:15 |
| johnsom | dmendiza[m] Boom, there we go | 16:15 |
| johnsom | So we should add an RFE to implement that API in Octavia | 16:16 |
| QG | is this feature : https://specs.openstack.org/openstack/barbican-specs/specs/juno/api-add-container-registration.html ? | 16:16 |
| johnsom | Deleted certs are a problem for failover in addition to deletion. | 16:16 |
| gthiemonge | johnsom: right | 16:17 |
| johnsom | QC That is what we have implemented in Octavia for the old way of handling certs | 16:17 |
| dmendiza[m] | QG https://specs.openstack.org/openstack/barbican-specs/specs/train/secret-consumers.html | 16:17 |
| gthiemonge | that's intersting | 16:17 |
| QG | johnsom: the old way ? | 16:17 |
| johnsom | QG Yes, the method that does not use pkcs12 files. | 16:18 |
| johnsom | It still works, but is deprecated | 16:18 |
| gthiemonge | dmendiza[m]: thanks for the update on this ;-) | 16:19 |
| QG | ohhhh ok so creating a container with certificate; key and chain is deprecated secrets in it in favor of pkcs12 ? | 16:19 |
| johnsom | QG https://docs.openstack.org/octavia/pike/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer | 16:19 |
| johnsom | That is the old way | 16:19 |
| johnsom | Right, containers is deprecated in favor of using secrets with pkcs12 | 16:20 |
| QG | johnsom: ok thanks ! | 16:20 |
| johnsom | The switch happened in Queens | 16:21 |
| QG | and why this way has been depreciated ? | 16:22 |
| johnsom | Many user experience issues. For one, it's a heck of a lot more barbican API calls. But also, people would mix the wrong key for the cert in the container. PKCS12 is an industry standard and helps users not make as many mistakes | 16:23 |
| QG | johnsom: ohhhh ok thanks make sence :) | 16:24 |
| johnsom | Or not include all of the needed intermediate certs, etc. | 16:24 |
| johnsom | Oh, and it is compatible with Vault/castellan where containers are barbican proprietary | 16:26 |
| johnsom | Ok, I will stop now, we can keep the meeting moving | 16:26 |
| tweining | can you do me a favor and review a one-line change for me please. I added *.orig to .gitignore so that those files cannot get added accidentally after a merge conflict (which happened to me recently) | 16:27 |
| tweining | https://review.opendev.org/c/openstack/octavia/+/853875 | 16:27 |
| QG | I anyone wanted to test the ability to create Prometheus listener | 16:28 |
| gthiemonge | tweining: ack | 16:28 |
| QG | #link https://review.opendev.org/c/openstack/octavia-dashboard/+/858576 | 16:28 |
| johnsom | tweining Did you propose this on all of the Octavia repos? lib, client, etc? | 16:28 |
| tweining | johnsom: no, but I agree that I should | 16:29 |
| johnsom | +1 thanks! | 16:29 |
| gthiemonge | QG: I haven't tested it yet, but I'm going to take a look, and to the ESLint fix too | 16:29 |
| QG | gthiemonge: Thanks ! | 16:29 |
| tweining | #action tweining to propose change to add *.orig to .gitignore to other octavia repos like lib, client, etc. | 16:29 |
| tweining | ok, I have one more item, but for the open discussion | 16:32 |
| gthiemonge | #topic Open Discussion | 16:32 |
| tweining | thanks :) | 16:32 |
| tweining | so you might have noticed that I worked on a change that adds support for pre-commit to octavia | 16:33 |
| johnsom | #link https://storyboard.openstack.org/#!/story/2010333 | 16:33 |
| tweining | https://review.opendev.org/c/openstack/octavia/+/858739 | 16:33 |
| johnsom | Though that might be a duplicate to an existing story | 16:34 |
| gthiemonge | johnsom: the old story is probably lost in storyboard | 16:34 |
| tweining | it's kind of related to the one line change above. this time it's about avoiding things like trailing spaces in releasenotes yamls, which happens regularly to me | 16:35 |
| gthiemonge | tweining: how does it work? we would have to install pre-commit to install those rules? | 16:35 |
| tweining | pre-commit basically installs pre-push or pre-commit Git hooks that do some checks as configured in the yaml | 16:36 |
| tweining | it is very flexible. the way my configuration works is that it does basic super-fast checks for each commit, and more complex checks only for each push | 16:37 |
| tweining | and if pre-commit is not installed this does nothing | 16:37 |
| johnsom | Doesn't black modify the code? | 16:37 |
| tweining | yes, if it is not formatted yet. | 16:38 |
| tweining | about that one I am unsure too. | 16:38 |
| gthiemonge | but only in your patch? | 16:38 |
| tweining | yes, only changed files AFAIR | 16:38 |
| tweining | if code is pep8 compliant black should not change it I think | 16:39 |
| johnsom | I think I would prefer to have that in tox somewhere, rather than running at push time. | 16:39 |
| tweining | ok, I can remove that particular check then. | 16:39 |
| tweining | flake8 should be sufficient anyway for that purpose | 16:40 |
| tweining | (the purpose of rejecting the push operation if the code is not formatted) | 16:41 |
| gthiemonge | does it take a lot of time? I already run tox -epep8 before sending a patch (it includes flake8) | 16:42 |
| tweining | in theory we could make it even run tox I think. | 16:42 |
| johnsom | Yeah, that is a fair question, are we doubling up | 16:42 |
| tweining | we could make it run tox -epep8 instead maybe, or remove it | 16:43 |
| gthiemonge | I'll test the flake8 hook | 16:43 |
| opendevreview | Merged openstack/octavia-dashboard master: Update master for stable/zed https://review.opendev.org/c/openstack/octavia-dashboard/+/857841 | 16:43 |
| opendevreview | Merged openstack/octavia-dashboard master: Switch to 2023.1 Python3 unit tests and generic template name https://review.opendev.org/c/openstack/octavia-dashboard/+/857842 | 16:44 |
| tweining | I don't remember exactly how it works but AFAIR one has to install pre-commit's push hook explicitly or else only the pre-commit hook gets installed. but I can investigate that point. | 16:44 |
| tweining | I do remember, that in another project I was working on we ran the full test suite with tox using pre-commit | 16:45 |
| gthiemonge | tweining: ack, thanks for working on it | 16:46 |
| tweining | the other checks are super-fast however | 16:46 |
| gthiemonge | tweining: tox in pre-commit, that might be tough :D | 16:46 |
| tweining | tox -epy3,functional,pep8 seems okay to me | 16:47 |
| tweining | but only in pre-push then | 16:48 |
| gthiemonge | yeah I might use that | 16:48 |
| oschwart | Tobiko also uses pre-commit hooks https://opendev.org/x/tobiko/src/branch/master/.pre-commit-config.yaml | 16:49 |
| oschwart | So far it was confortable | 16:49 |
| tweining | you use mypy checks? cool | 16:49 |
| oschwart | Yeah and it runs pretty fast (1-2 seconds) | 16:50 |
| oschwart | (mypy) | 16:51 |
| tweining | btw. for Fedora pre-commit can be installed via "dnf install pre-commit" | 16:51 |
| tweining | when I had a look at it mypy created a lot of false positives, but I would like to try it out as well at some point | 16:52 |
| gthiemonge | good to know | 16:52 |
| johnsom | Yeah, too many linters become a problem. We already get push back on using pylint | 16:52 |
| tweining | and to install the hooks cd to the Git repo and execute "pre-commit install --hook-type pre-commit --hook-type pre-push" | 16:53 |
| johnsom | If this will require packages on the developer systems, we should update the contributor guide. | 16:53 |
| tweining | without the arguments it will only install the pre-commit hook | 16:53 |
| tweining | johnsom: good point. it's all optional but it makes sense to explain it in the guide at least. | 16:54 |
| gthiemonge | it seems that many projects use it: https://codesearch.opendev.org/?q=pre-commit&i=nope&literal=nope&files=.pre-commit-config.yaml&excludeFiles=&repos= | 16:55 |
| gthiemonge | ok folks, 4min before the hour... any other topics for this meeting? | 16:56 |
| oschwart | Can we close this story https://storyboard.openstack.org/#!/story/2007429 ? Looking for some low hanging fruits to implements/fix I found it | 16:57 |
| oschwart | Not urgent of course, but it looks to me like we already implemented/fixed it | 16:57 |
| gthiemonge | oschwart: ok, I'll take a look and will mark it as invalid if it is fixed | 16:58 |
| oschwart | gthiemonge thanks | 16:58 |
| oschwart | Nothing else from me | 16:59 |
| gthiemonge | ok | 17:00 |
| gthiemonge | thank you folks!! | 17:00 |
| gthiemonge | #endmeeting | 17:00 |
| opendevmeet | Meeting ended Wed Sep 28 17:00:17 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 17:00 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/octavia/2022/octavia.2022-09-28-16.00.html | 17:00 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/octavia/2022/octavia.2022-09-28-16.00.txt | 17:00 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/octavia/2022/octavia.2022-09-28-16.00.log.html | 17:00 |
| opendevreview | Tom Weininger proposed openstack/octavia master: test https://review.opendev.org/c/openstack/octavia/+/859653 | 17:04 |
| tweining | okay, I thought for a second that "git review" might not trigger the pre-push hook, but it does. | 17:05 |
| opendevreview | Merged openstack/octavia stable/yoga: Fix sporadic unit test failure https://review.opendev.org/c/openstack/octavia/+/858859 | 18:56 |
| opendevreview | Merged openstack/octavia stable/xena: Fix sporadic unit test failure https://review.opendev.org/c/openstack/octavia/+/858860 | 18:56 |
| opendevreview | Merged openstack/octavia stable/wallaby: Fix sporadic unit test failure https://review.opendev.org/c/openstack/octavia/+/858861 | 18:56 |
| opendevreview | Anton Kurbatov proposed openstack/octavia master: Fix full graph loadbalancer creation if jobboard is disabled https://review.opendev.org/c/openstack/octavia/+/859710 | 19:08 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!