#airshipit log

14:59:59 <mattmceuen> #startmeeting airship
15:00:01 <openstack> Meeting started Tue Dec  3 14:59:59 2019 UTC and is due to finish in 60 minutes.  The chair is mattmceuen. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:02 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:03 <mattmceuen> #topic Rollcall
15:00:04 <openstack> The meeting name has been set to 'airship'
15:00:11 <mattmceuen> Hello everyone - time for our weekly IRC meeting!
15:00:11 <uzumaki> o/
15:00:13 <souradage> o/
15:00:15 <howell> o/
15:00:16 <alexanderhughes> o/
15:00:20 <mattmceuen> Here's the agenda:  https://etherpad.openstack.org/p/airship-meeting-2019-12-03
15:00:21 <ian-pittwood> o/
15:00:24 <michael-beaver> o/
15:00:29 <mattmceuen> please add any additional items, we'll wait a couple minutes to get giong
15:00:47 <aaronsheffield> o/
15:00:55 <seaneagan> o/
15:02:17 <nishantkr> o/
15:02:42 <kskels> o/
15:02:50 <mattmceuen> Thanks for joining everyone
15:02:58 <mattmceuen> #topic Some interfaces between airshipctl and kustomize are not avaialble yet
15:03:13 <mattmceuen> We have several items left from last week which we didn't have time to get to
15:03:26 <mattmceuen> And I'm not certain now who added them to the agenda :)
15:04:06 <mattmceuen> re:  interface between airshipctl and kustomize, I know Alan had been working to get a patchset in for that before the holidays, and I'm not sure where that landed
15:04:12 <uzumaki> treasuremap 2.0 thing, I added it, it got answered last week, so, we can skip that
15:04:20 <mattmceuen> ok awesome - thanks uzumaki
15:04:50 <mattmceuen> I think we covered the Treasuremap 2.0 general topic last well - any other discussion you'd like to have on that uzumaki?
15:05:23 <uzumaki> Not yet, so we're good
15:05:51 <mattmceuen> ok cool
15:05:58 <mattmceuen> #topic Image and Userdata parameters are missing in baremetal.yaml in airshipctl under spec Baremetalhost
15:06:53 <mattmceuen> Are those missing fields due to old/incomplete generated code in airshipctl, do you know?  Or, are they not in the upstream Metal3 spec yet?
15:07:52 <openstackgerrit> diwakar thyagaraj proposed airship/porthole master: Mysqlclient UC Python and Ubuntu upgrade.  https://review.opendev.org/696184
15:08:46 <mattmceuen> Hmm I'm also not finding a baremetal.yaml in airshipctl, so I'm unclear on this topic.  Is anyone familiar with it?
15:09:19 <howell> mattmceuen: the file is testdata. It's located at pkg/document/testdata/baremetal.yaml
15:09:34 <howell> I'm not too familiar with the issue though..
15:11:13 <mattmceuen> alright, let's hold off on that till the owner is here and we can talk through it
15:11:39 * ildikov is lurking :)
15:11:43 <mattmceuen> #topic what is equivalent to openshift-machine-api
15:11:47 <mattmceuen> o/ ildikov :)
15:11:59 <ildikov> mattmceuen: hi :)
15:12:15 <mattmceuen> Do we have the owner of this openshift-machine-api topic here this week?
15:12:31 <mattmceuen> "    what is equivalent to openshift-machine-api (https://github.com/metal3-io/baremetal-operator/blob/master/examples/worker-0.yaml#L27) in metal3"
15:13:17 <mattmceuen> the question seems to be around the last line in there, defining the namespace
15:14:19 <mattmceuen> I think next time we carry over a bunch of topics to the next meeting, we can start by having the topic owners signal they are here and still want to discuss -- lesson learned :)
15:15:06 <mattmceuen> alright, moving on to new topics this week:
15:15:09 <mattmceuen> #topic Revisit use of root user in Airship containers - Pegleg, Spyglass, others? Can these be changed to either generic "airship" project or to project specific user?
15:15:24 <mattmceuen> alexanderhughes, is this one your shade of lavender?
15:15:38 <alexanderhughes> lavender is the best color
15:16:03 <mattmceuen> +1
15:16:04 <alexanderhughes> yes, so I was looking at projects again after reading some articles over the break.  I'd like to change containers to run as a non-root user in Airship where possible
15:16:31 <portdirect> sounds good to me
15:16:47 <alexanderhughes> currently Pegleg and Spyglass are root.  I don't see a reason for this so I'd like to change them if there aren't any concerns from community.  in doing so if we plan to continue accepting documents in Pegleg container from Promenade should we consider changing both Promenade and Pegleg to a generic "airship" user to avoid chowns?
15:17:04 <alexanderhughes> or let operators use chowns between containers as has been in the case up til this point
15:17:41 <portdirect> id advocate for a generic user
15:17:54 <portdirect> this is what was done in the loci project to address similar concerns
15:17:57 <mattmceuen> I don't have any concerns with that - sounds good to me
15:18:01 <michael-beaver> I like the idea of them having a generic 'airship' user
15:18:24 <portdirect> 42424 is what loci used
15:18:37 <portdirect> so 42425 sounds good to me ;)
15:18:42 <mattmceuen> lol
15:18:47 <souradage> Don't most projects currently use the 'nobody' user?
15:19:08 <portdirect> nobody has some baggage around it
15:19:22 <portdirect> and where we are, we can make use of a 'real' user
15:19:36 <portdirect> which makes it much easier to set up ownership etc
15:20:01 <souradage> Right. Then I think an airship user would also be a good thing to move towards
15:20:03 <alexanderhughes> I'm all for "airship" user across all the projects
15:20:06 <portdirect> if we made airship use `nobody` then everyone who uses `nobody` would have the same rights for files
15:20:21 <mattmceuen> I would still think they should be overridable though
15:20:22 <alexanderhughes> this went to design call a few weeks ago, and we couldn't get consensus
15:20:23 <howell> +1 for "airship"
15:20:33 <portdirect> mattmceuen: ++ this is how we did it for loci
15:20:38 <openstackgerrit> Merged airship/porthole master: Enable runtime-default Apparmor Profile to Openstack-Utility Container.  https://review.opendev.org/696186
15:20:39 <mattmceuen> And I don't think we should add dependencies between containers
15:20:57 <mattmceuen> I.e., don't want one container to assume another container is running as a particular user
15:21:15 <mattmceuen> w.r.t your promenade + pegleg concern alexanderhughes- can you please dive into that issue?
15:21:47 <alexanderhughes> the end goal is that pegleg is the access point for promenade commands - render, generate bundle, gen certs etc. but we haven't finished that transition yet
15:22:12 <alexanderhughes> as a result operators are rendering in promenade/collecting.  then sending those documents to pegleg,  but they have different owners "root" "promenade" and causes issues without chown
15:22:36 <alexanderhughes> in the case of pegleg->promenade in particular the files pegleg generates for promenade to consume can't be used because of the 640 permissions on root owned files
15:23:01 <alexanderhughes> standardizing the users or chown documents shared between containers are only paths forward I see until the transition to all pegleg is complete
15:23:41 <mattmceuen> I am less concerned about the promenade CLI portion (since it's deprecated)
15:23:47 <openstackgerrit> diwakar thyagaraj proposed airship/porthole master: Enable runtime-default Apparmor Profile to  Calicoctl Utility Container.  https://review.opendev.org/694793
15:24:10 <mattmceuen> The promenade API portion is already configurable, so we should avoid tying it down to a uid along with the CLI: https://opendev.org/airship/promenade/src/branch/master/charts/promenade/values.yaml#L180
15:24:19 <mattmceuen> how does that sound?
15:26:04 <mattmceuen> i.e., I'm ok with locking down the prom CLI to a specific UID (temporarily, till transitioned to pegleg), provided we keep the API uid configurable
15:26:17 <alexanderhughes> sure
15:26:26 <mattmceuen> ok awesome
15:27:19 <mattmceuen> #topic Moving issues from Jira to Github
15:27:29 <mattmceuen> uzumaki I think this one is yours
15:27:54 <uzumaki> yup, we had a discussion last week about the issue movement. Any updates from the WC/TC?
15:27:54 <mattmceuen> From my perspective, no progress since last week, when everyone seemed to be pretty positive around a change to github issues
15:28:32 <mattmceuen> The holiday got in the way last week sorry :)  I will send out a note on the ML to make sure there aren't any concerns
15:28:47 <uzumaki> well, how do we plan to pursue it, the actual movement itself?
15:28:53 <uzumaki> mattmceuen, that's alright, no worries
15:29:12 <mattmceuen> I guess we have three choices
15:29:23 <mattmceuen> 1. manual copy and paste to move items
15:29:37 <mattmceuen> 2. "drain" jira and finish out work there while adding new work in github issues
15:29:56 <mattmceuen> 3. put work into an automated job to migrate stuff into github
15:30:28 <mattmceuen> any preference from your side uzumaki?
15:30:48 <openstackgerrit> Prateek Dodda proposed airship/porthole master: [WIP]  https://review.opendev.org/697113
15:31:04 <uzumaki> My concern is, if people are joining in the community, during the migration, is there a way to make it easier for them to understand what is what?
15:31:18 <mattmceuen> +1
15:31:40 <mattmceuen> +1 to acknowledge that's a very good concern
15:31:59 <uzumaki> Otherwise, if it's only for us, the current members, any option out of 2/3 is fine (1 is too much work)
15:32:32 <mattmceuen> I suspect 3 may also be too much work ;-)
15:32:47 <uzumaki> haha
15:33:04 <mattmceuen> Rodolfo has a weekly meeting on JIra scope tracking, I think it would be a good place to pitch the "drain" idea
15:33:09 <mattmceuen> There may be a good "cut" point
15:33:27 <uzumaki> Escalate this, along with this concern to the other WC/TC members, this needs to be thought through
15:33:31 <mattmceuen> i.e., maybe starting with e.g. Airship 2.0 beta, scope moves to github, or something like this
15:33:39 <uzumaki> mattmceuen, yeah, drain idea seems fine, least work
15:33:59 <mattmceuen> for sure, we have a WC meeting next week, I will bring this up there as well
15:34:11 <uzumaki> that'd be great!
15:34:15 <dwalt> o/
15:34:39 <mattmceuen> o/ dwalt - just to confirm (since I had to miss it) - you didn't discuss this yesterday, right?
15:35:09 <dwalt> we did not. As a WC member, it would be really helpful to get input from those already working scope in Jira
15:35:38 <dwalt> Since we want to cause as little disruption as possible
15:36:04 <uzumaki> indeed
15:37:00 <dwalt> as I am catching up, I see you said option 2 or option 3 :)
15:37:19 <uzumaki> we're open to suggestions!
15:37:24 <dwalt> We will discuss this next Monday (12/9) then. The meeting is open to anyone to join
15:37:42 <uzumaki> i'll be there, great!
15:37:50 <dwalt> great! Thanks uzumaki
15:37:51 <ildikov> can I ask a dumb question around the decision to use GitHub issues?
15:37:59 <mattmceuen> sure can ildikov
15:38:03 <uzumaki> go ahead!
15:38:03 <dwalt> additionally, the etherpad is here. You can also leave comments if you cannot attend: https://wiki.openstack.org/wiki/Airship/Airship-WC
15:38:12 <ildikov> if I know correctly you use Git/Gerrit for code development
15:38:22 <mattmceuen> yup
15:38:34 <ildikov> so I wonder if it doesn't get confusing to use GitHUb for issues but not for the rest of the flow?
15:38:48 <srwilkers> ildikov asking the good questions
15:38:57 <mattmceuen> I think that's a fair point
15:39:08 <ildikov> I assume you talked this through so if you have meeting logs somewhere for my understanding I can catch up on that as opposed to keep up the meeting on this :)
15:39:30 <mattmceuen> we would associate the issues with the github mirror of our opendev projects, so it wouldn't be "completely divorced"
15:40:00 <ildikov> it just looked confusing to me, who's not deeply involved at this point
15:40:17 <ildikov> that part makes sense, however the mirror is read only
15:40:19 <srwilkers> it'd be difficult to fight off the urge to open a pull request via github, i'll admit
15:40:38 <mattmceuen> we've had a couple brief conversations, but haven't gotten deep - I'll capture some of the potential gotchas/concerns in an etherpad, along with some feedback from the kubecon meetup
15:40:40 <openstackgerrit> Samuel Pilla proposed airship/promenade master: Upgrade Tiller version for k8s 1.16  https://review.opendev.org/693395
15:40:41 <mattmceuen> o/ srwilkers
15:40:44 <srwilkers> o/
15:40:45 <ildikov> and my memories from OpenStack is that people get confused by the mirror even when you don't use any GitHub feature besides browsing the code
15:42:04 <mattmceuen> I admit it's not my favorite approach.  However the pros/cons need to be weighed against overwhelming developer preference (so far) to using github issues for tracking scope, seems to hit a sweet spot of ease of use + functionality
15:42:31 <ildikov> mattmceuen: I'm happy to add this to a pro/con etherpad if/when you create one
15:42:45 <mattmceuen> I think in the wash it'll be "what's the least annoying of N evils" :)
15:42:54 <mattmceuen> so pros/cons lists will help with that
15:43:17 <ildikov> lol, I'm with you on the least annoying note
15:43:35 <mattmceuen> thanks much ildikov - will share w/ you as soon as I get it up, and will post it to the ML
15:43:40 <ildikov> I brought this up more from forward looking perspective and with new comers in mind
15:43:41 <openstackgerrit> Samuel Pilla proposed airship/treasuremap master: Upgrade Tiller version for k8s 1.16  https://review.opendev.org/694604
15:43:55 <ildikov> mattmceuen: sounds great, thank you!
15:44:02 <ildikov> I'll keep an eye on the ML
15:44:17 <mattmceuen> #topic Roundtable
15:44:35 <mattmceuen> That's it as far as the agenda goes, team - any additional topics, feedback, or requests for code review?
15:45:25 <uzumaki> nope, looking forward to the pros/cons list on the ML
15:45:55 <mattmceuen> awesome - I will prioritize that to the top of my overdue todo items :D
15:46:03 <uzumaki> I'm sure you will :D
15:46:08 <mattmceuen> hoping to catch up before xmas holidays
15:46:24 <openstackgerrit> Samuel Pilla proposed airship/treasuremap master: Upgrade Tiller version for k8s 1.16  https://review.opendev.org/694604
15:46:25 <mattmceuen> on that note, then - I'll give us 14 minutes back!
15:46:33 <mattmceuen> Thanks everyone for your time and the great discussion
15:46:48 <mattmceuen> have a great week, and see you here in IRC/ML in the meantime
15:46:50 <alexanderhughes> thanks all :)
15:47:01 <mattmceuen> #endmeeting