| *** hongbin has quit IRC | 00:16 | |
| *** slaweq has joined #openstack-meeting-5 | 01:11 | |
| *** slaweq has quit IRC | 01:16 | |
| *** yamahata has quit IRC | 01:24 | |
| *** slaweq has joined #openstack-meeting-5 | 03:11 | |
| *** slaweq has quit IRC | 03:16 | |
| *** slaweq has joined #openstack-meeting-5 | 04:11 | |
| *** slaweq has quit IRC | 04:16 | |
| *** skazi has quit IRC | 05:03 | |
| *** slaweq has joined #openstack-meeting-5 | 05:11 | |
| *** slaweq has quit IRC | 05:15 | |
| *** slaweq has joined #openstack-meeting-5 | 06:11 | |
| *** slaweq has quit IRC | 06:16 | |
| *** slaweq has joined #openstack-meeting-5 | 06:55 | |
| *** spiette has quit IRC | 07:00 | |
| *** spiette has joined #openstack-meeting-5 | 07:03 | |
| *** markvoelker has quit IRC | 07:29 | |
| *** markvoelker has joined #openstack-meeting-5 | 07:29 | |
| *** ralonsoh has joined #openstack-meeting-5 | 07:29 | |
| *** markvoelker has quit IRC | 07:34 | |
| *** yamahata has joined #openstack-meeting-5 | 07:41 | |
| *** roman_g has joined #openstack-meeting-5 | 07:55 | |
| *** markvoelker has joined #openstack-meeting-5 | 08:30 | |
| *** derekh has joined #openstack-meeting-5 | 08:52 | |
| *** markvoelker has quit IRC | 09:03 | |
| *** yamahata has quit IRC | 09:06 | |
| *** persia has quit IRC | 09:27 | |
| *** persia has joined #openstack-meeting-5 | 09:28 | |
| *** markvoelker has joined #openstack-meeting-5 | 10:00 | |
| *** markvoelker has quit IRC | 10:34 | |
| *** roman_g has quit IRC | 11:21 | |
| *** roman_g has joined #openstack-meeting-5 | 11:22 | |
| *** markvoelker has joined #openstack-meeting-5 | 11:31 | |
| *** lemko has joined #openstack-meeting-5 | 11:54 | |
| *** markvoelker has quit IRC | 12:04 | |
| *** sgrasley has joined #openstack-meeting-5 | 13:37 | |
| *** mjturek has joined #openstack-meeting-5 | 13:42 | |
| *** yamahata has joined #openstack-meeting-5 | 14:01 | |
| *** hongbin has joined #openstack-meeting-5 | 14:05 | |
| *** munimeha1 has joined #openstack-meeting-5 | 14:20 | |
| *** jaesang has joined #openstack-meeting-5 | 14:48 | |
| *** gagehugo has joined #openstack-meeting-5 | 14:55 | |
| *** john_W has joined #openstack-meeting-5 | 15:00 | |
| *** mattmceuen has joined #openstack-meeting-5 | 15:00 | |
| evrardjp | o/ | 15:00 |
|---|---|---|
| mattmceuen | o/ | 15:00 |
| jayahn | o/ | 15:00 |
| lamt | \o | 15:00 |
| evrardjp | I have to run, enjoy the meeting | 15:00 |
| mattmceuen | see you evrardjp | 15:00 |
| srwilkers | o/ | 15:00 |
| john_W | o/ | 15:02 |
| portdirect | #startmeeting openstack-helm | 15:02 |
| openstack | Meeting started Tue Oct 16 15:02:21 2018 UTC and is due to finish in 60 minutes. The chair is portdirect. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:02 |
| openstack | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:02 |
| *** openstack changes topic to " (Meeting topic: openstack-helm)" | 15:02 | |
| openstack | The meeting name has been set to 'openstack_helm' | 15:02 |
| portdirect | sorry I'm late o/ | 15:02 |
| portdirect | #topic rollcall | 15:02 |
| *** openstack changes topic to "rollcall (Meeting topic: openstack-helm)" | 15:02 | |
| lamt | \o | 15:02 |
| *** DanCrank has joined #openstack-meeting-5 | 15:02 | |
| srwilkers | o/ | 15:03 |
| jaesang | o/ | 15:03 |
| portdirect | also - heres the agenda https://etherpad.openstack.org/p/openstack-helm-meeting-2018-10-16 | 15:03 |
| mattmceuen | no worries portdirect o/ \o (<- high five?) | 15:03 |
| portdirect | shall we begin? | 15:04 |
| portdirect | #topic Armada job in openstack-helm | 15:04 |
| *** openstack changes topic to "Armada job in openstack-helm (Meeting topic: openstack-helm)" | 15:04 | |
| portdirect | srwilkers: the floor is yours :D | 15:04 |
| srwilkers | morning! | 15:04 |
| srwilkers | so the past few weeks have been a mix of triaging jobs that have failed for one reason or another, and also trying to find ways to improve them a bit | 15:05 |
| srwilkers | i had a few points of discussion wrt the armada job | 15:05 |
| srwilkers | now that we've moved to deploy ocata by default instead of newton, it makes sense to go ahead and get the armada job updated to reflect this change | 15:05 |
| srwilkers | the change to do so is here: https://review.openstack.org/#/c/591808/ | 15:05 |
| srwilkers | semi related to this | 15:06 |
| srwilkers | the armada manifest has the overrides required to enable the fluentd handlers and formatters for logging for each openstack service, as this was put together when we still supported newton as the default | 15:07 |
| srwilkers | but now that's changed, do we want to consider enabling these handlers and formatters by default, which removes the need to override them in the armada manifest/ | 15:07 |
| roman_g | o/ | 15:08 |
| mattmceuen | sounds good to me naively - there's no real risk of breaking any dependencies on the old behavior, right? | 15:09 |
| portdirect | yeah this is my concern | 15:09 |
| portdirect | would this not mean, always trying to push logs to fluent, even it does not exist? | 15:10 |
| srwilkers | i'd prefer to keep things as is honestly, but wanted to bring it up now that we deploy a version that supports fluentd by default | 15:10 |
| portdirect | roger | 15:11 |
| portdirect | also with the work lamt did - are we not now deploying ocata in the armada check anyway? | 15:11 |
| portdirect | oh - sorry i saw your updated ps, ignore me | 15:12 |
| lamt | it should - (with a minor exception of ceilometer if that's being used) | 15:12 |
| srwilkers | :) | 15:12 |
| srwilkers | yeah, should probably update the commit message to reflect what's really happening now | 15:12 |
| portdirect | ++ ;) | 15:12 |
| srwilkers | and i think ive talked myself out of my last point wrt armada, so i think im done here | 15:14 |
| portdirect | does that also cover Logging configuration ? | 15:14 |
| srwilkers | yeah | 15:15 |
| portdirect | #topic New repos | 15:15 |
| *** openstack changes topic to "New repos (Meeting topic: openstack-helm)" | 15:15 | |
| portdirect | 1st i must applogise for not having got the docs repo up - I dropped the ball here | 15:15 |
| portdirect | and will pick it back up today, and get the repo done | 15:15 |
| jayahn | sorry to miss the previous meetings (two), pls let us know what you need. | 15:15 |
| portdirect | jayahn: at this point the action items are mine :( | 15:16 |
| portdirect | soon as its up - we'll need ps's and reviews | 15:16 |
| portdirect | :) | 15:16 |
| portdirect | another thing came up | 15:16 |
| portdirect | we have sveral images that are being built for osh | 15:16 |
| jayahn | okay. jaesang is also here today, the one who will do ps's reviews.. :) | 15:16 |
| portdirect | and i was going to start working on building these in the gate | 15:17 |
| portdirect | but evrardjp suggested a new repo to house these images | 15:17 |
| portdirect | I think that would be great - as it would clearly seperate concerns | 15:17 |
| portdirect | and let us reuse much of the logic from loci here | 15:17 |
| portdirect | i think as we have a qorum of cores here | 15:18 |
| portdirect | can we decide today if this is a sane path or not? | 15:18 |
| srwilkers | im all for it | 15:18 |
| lamt | portdirect: can we use that image repo to deal with things like that healthcheck issue with the loci repo? | 15:18 |
| lamt | I think I still have an outstanding patch set there | 15:19 |
| mattmceuen | I'm good with a separate repo too | 15:19 |
| jayahn | portdirect: separate repo would be good. just want to know so what images will be hosted there vs. what images we will consume from external repo (registry)? any guideline? | 15:21 |
| lamt | portdirect: if so I will abandon that ps and put the change in the new repo | 15:22 |
| portdirect | jayahn: ideally the images repo would be empty ;) | 15:22 |
| portdirect | and i think thats the best guidance we can follow for it unfortunately - as we know it wont be (eg libvirt etc) | 15:22 |
| portdirect | ok - so seems we have agreement | 15:23 |
| portdirect | #action portdirect to get images repo up. | 15:23 |
| portdirect | i think this brings us onto the last item today | 15:23 |
| portdirect | #topic Reviews | 15:24 |
| *** openstack changes topic to "Reviews (Meeting topic: openstack-helm)" | 15:24 | |
| portdirect | Remove fluentbit sidecars from ceph-mon and ceph-osd: https://review.openstack.org/#/c/608356/ | 15:24 |
| portdirect | Feedback for Apparmor init container: https://review.openstack.org/#/c/608826/ | 15:24 |
| portdirect | lamt: your one is interesting - I'd need to mull on it more | 15:25 |
| portdirect | but in simple terms is this not asking the workload to define its own security policy? | 15:25 |
| portdirect | which though it may work - seems a bit like asking a poacher to keep an eye on the livestock? | 15:25 |
| lamt | portdirect: thanks for the review. I thought about that. | 15:26 |
| srwilkers | good analogy | 15:26 |
| lamt | alternative might be we have an apparmor profiles utility to manage exceptional profiles | 15:27 |
| lamt | utility chart* | 15:27 |
| lamt | for things that fall out of the "default" | 15:27 |
| portdirect | yeah - is see issues any way we do it - thats certainly nicer from a seperation of concerns pov | 15:27 |
| portdirect | but could be a nightmare for management | 15:28 |
| portdirect | i suppose the tradeoff here is: | 15:28 |
| portdirect | do we make it easy (the init approach) that may have some issues, but people can use with little overhead | 15:28 |
| portdirect | or 'pure', were people may end up using it less? | 15:28 |
| mattmceuen | I haven't given the PS a review yet so I don't know the ins and outs but - are we really worried about protecting against the chart (e.g. init container), or are we trying to protect against a hijacked chart? | 15:29 |
| mattmceuen | Said differently, if we can trust that only trusted charts get deployed, and the init container approach fits into that well and protects against post-deployment shenanigans, then that seems reasonable? | 15:30 |
| portdirect | the latter really, though a chart could be hijacked by a lazy dev too ;) | 15:30 |
| lamt | :) | 15:30 |
| mattmceuen | lazy devs are the worst | 15:30 |
| * srwilkers whistles | 15:31 | |
| * mattmceuen and everyone else leaves the roome | 15:31 | |
| * jayahn left the room | 15:32 | |
| * lamt follows | 15:32 | |
| * portdirect now knows how to get some peace round here | 15:32 | |
| portdirect | :) | 15:32 |
| srwilkers | we can change that | 15:32 |
| portdirect | i think the point mattmceuen raises is valid | 15:33 |
| portdirect | and where im on the fence | 15:33 |
| portdirect | i just feel i need to highlight it | 15:33 |
| portdirect | frankly - I'm for security people use | 15:33 |
| portdirect | which puts me in the camp of saying lets use the init container | 15:33 |
| portdirect | but i need to strawman the alternative veiwpoint ;) | 15:34 |
| mattmceuen | yup | 15:34 |
| portdirect | we ok to hash it out in review from here on? | 15:35 |
| lamt | I lean that way - but that's why it was coded that way. but one can strongarm me to change that | 15:35 |
| lamt | portdirect: sounds good | 15:35 |
| mattmceuen | +1 | 15:35 |
| portdirect | ok - any other ps's that need review attention? | 15:35 |
| portdirect | (other than all of them...) | 15:35 |
| portdirect | ok - moving on | 15:36 |
| portdirect | #topic roundtable | 15:36 |
| *** openstack changes topic to "roundtable (Meeting topic: openstack-helm)" | 15:36 | |
| portdirect | 1st I'd really like to thank evrardjp - hes doing great work on the gates | 15:36 |
| portdirect | having a new set of eyes there has been fantasic | 15:36 |
| portdirect | as, as well as both improving our ansible | 15:37 |
| portdirect | hes been asking the hard questions | 15:37 |
| portdirect | eg: why? and 'but why?' | 15:37 |
| lamt | ++, the ansible looks more sane | 15:37 |
| mattmceuen | agree - great work evrardjp & thanks!! | 15:38 |
| lamt | at least when I need to add new jobs - I can just list the scripts vs. what was done before | 15:38 |
| portdirect | ok - we ok to wrap up for today i think | 15:44 |
| portdirect | #endmeeting | 15:44 |
| *** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/" | 15:44 | |
| openstack | Meeting ended Tue Oct 16 15:44:48 2018 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:44 |
| openstack | Minutes: http://eavesdrop.openstack.org/meetings/openstack_helm/2018/openstack_helm.2018-10-16-15.02.html | 15:44 |
| openstack | Minutes (text): http://eavesdrop.openstack.org/meetings/openstack_helm/2018/openstack_helm.2018-10-16-15.02.txt | 15:44 |
| openstack | Log: http://eavesdrop.openstack.org/meetings/openstack_helm/2018/openstack_helm.2018-10-16-15.02.log.html | 15:44 |
| *** gagehugo has left #openstack-meeting-5 | 15:47 | |
| *** skazi has joined #openstack-meeting-5 | 15:47 | |
| *** DanCrank has left #openstack-meeting-5 | 15:48 | |
| *** lemko has quit IRC | 16:14 | |
| *** john_W has quit IRC | 16:20 | |
| *** yamahata has quit IRC | 16:24 | |
| *** yamahata has joined #openstack-meeting-5 | 16:53 | |
| *** jaesang has quit IRC | 16:58 | |
| *** munimeha1 has quit IRC | 17:10 | |
| *** ralonsoh has quit IRC | 17:28 | |
| *** mjturek has quit IRC | 20:04 | |
| *** slaweq has quit IRC | 20:33 | |
| *** munimeha1 has joined #openstack-meeting-5 | 21:06 | |
| *** munimeha1 has quit IRC | 21:45 | |
| *** slaweq has joined #openstack-meeting-5 | 21:53 | |
| *** slaweq has quit IRC | 22:09 | |
| *** slaweq has joined #openstack-meeting-5 | 22:11 | |
| *** slaweq has quit IRC | 22:44 | |
| *** hongbin has quit IRC | 23:07 | |
| *** slaweq has joined #openstack-meeting-5 | 23:11 | |
| *** slaweq has quit IRC | 23:44 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!