08:02:02 #startmeeting TripleO 08:02:03 Meeting started Wed Feb 4 08:02:02 2015 UTC and is due to finish in 60 minutes. The chair is tchaypo. Information about MeetBot at http://wiki.debian.org/MeetBot. 08:02:04 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 08:02:06 The meeting name has been set to 'tripleo' 08:02:28 #topic agenda 08:02:28 * bugs 08:02:28 * reviews 08:02:28 * Projects needing releases 08:02:28 * CD Cloud status 08:02:28 * CI 08:02:29 * Specs 08:02:29 * open discussion 08:02:30 Remember that anyone can use the link and info commands, not just the moderator - if you have something worth noting in the meeting minutes feel free to tag it 08:02:30 #topic bugs 08:02:59 I believe we only have a few people here today so I’m not sure if it’s worth running the full agenda. 08:03:05 So first question: who’s here? 08:03:08 O/ 08:03:11 second question: anything you particularly want to discuss? 08:03:31 o/ 08:03:32 #topic open discussion 08:03:36 o/ 08:03:41 we can go back to other topics later 08:04:21 o/ 08:05:11 * lsmola2 has nothing on his mind 08:06:32 okay. I’m going to suggest we have a quick check for major bugs, have a quick look for old reviews we could move along, and then move with our week 08:06:35 sound good? 08:07:15 so, https://bugs.launchpad.net/tripleo/+bug/1401300 is a big deal 08:07:20 I dont think im going to have time to work on it 08:07:28 o/ sorry am late 08:07:32 although I think the people who id like to point that to arent around 08:07:54 tchaypo: +1 08:08:01 #topic bugs 08:08:14 #link https://bugs.launchpad.net/tripleo/+bug/1401300 08:09:15 #info Keystone Private Key not securely sent to host - greghaynes is probably not going to have time to work on this, would be good if someone could pick it up 08:10:12 so this one https://bugs.launchpad.net/tripleo/+bug/1411809 is fix committed 08:11:56 marios: is there something we still need to do on that? 08:12:40 tchaypo: (looking) but that;s kind of what i was asking, we could probably close out 08:13:50 yeah; we don’t do releases of tripleo-image-elements, do we? 08:13:58 so there’s no reason not to mark it released already 08:14:43 we do 08:15:02 I just released it ~5min ago 08:15:05 yeah was checking cos couldn't remember 08:15:09 https://wiki.openstack.org/wiki/TripleO/ReleaseManagement 08:15:32 https://bugs.launchpad.net/tripleo/+bug/1374626 has a fix, in https://review.openstack.org/#/c/141217/, but that’s in merge conflict 08:16:04 I’ll put that on my list and see if I can un-conflict it today 08:17:09 https://bugs.launchpad.net/diskimage-builder/+bug/1407828 is marked incomplete/critical 08:17:16 I’m going to downgrade that 08:17:29 I was thinking about changing (not in a non-backwards-compatible way) the script in os-cloud-config, so we can move -incubator to using it 08:18:58 And then changing the incubator scripts to looking up by *name*, so we can stop throwing the IDs around 08:19:21 tchaypo: yeah +1 that is a docs bug 08:19:22 StevenK: do you want to un-conflict that patch then? 08:19:39 tchaypo: Sure. 08:19:45 StevenK: <3 08:21:10 o/ 08:21:17 sorry, baby etc 08:21:30 I’m not seeing any other critical bugs 08:21:34 lifeless: welcome :) 08:23:28 Okay, moving on 08:25:07 #info There's a dashboard linked from https://wiki.openstack.org/wiki/TripleO#Review_team - look for "TripleO Inbox Dashboard" 08:25:07 #link http://russellbryant.net/openstack-stats/tripleo-openreviews.html 08:25:07 #link http://russellbryant.net/openstack-stats/tripleo-reviewers-30.txt 08:25:07 #link http://russellbryant.net/openstack-stats/tripleo-reviewers-90.txt 08:27:28 dangnabbit. 08:27:31 #topic reviews 08:28:08 https://review.openstack.org/#/c/142270/ is our oldest-since-negative-review 08:28:33 it’s a simple new document. It should be simple to get this landed today if one or two people can look at it. 08:28:57 will do 08:29:12 https://review.openstack.org/#/c/108168/ is a spec, also about selinux; needs more cores to give their stamp. 08:29:22 greghaynes: commented on that bug 08:29:28 * tchaypo notes that he has been guilty of not taking the time to read it 08:29:51 greghaynes: I think it should be downgraded, its a known defect, not an OMG moment - we knowingly made the choice to get there, its not a surprise 08:31:08 and third on the list is https://review.openstack.org/#/c/112039/ - looks like a more complex change 08:31:10 lifeless: mmm, well it basically means the auth on our cluster is not so valid 08:31:44 greghaynes: we should switch to https of course 08:31:54 Im more concerned that the data is in heat at all 08:32:03 we should just scp over that file 08:32:11 using what credentials? 08:32:11 (until a sane solution arises) 08:32:17 or do oyu mean, push it over? 08:32:24 greghaynes: that would mean we have to be directly involved on every deploy 08:32:25 tchaypo: stackuser which is how we were doing it previously 08:32:59 greghaynes: if we can't trust the source of our config data, its game over anyway 08:33:15 greghaynes: heat can give itself root on our machines trivially 08:33:31 I don’t think it’s about trusting the source, it’s about the fact that it’s trivial for other machines to get the secret 08:34:02 other machines in the stack? 08:34:17 I thought we had per machine creds, that they couldn't read the entire config, only admins can 08:35:21 I think as a compute node you just have to spoof the ip of a control node and hit cfn api 08:37:03 We can discuss this on the bug though 08:37:58 oh, right, you have the os* creds as you said 08:38:18 * greghaynes will comment on there 08:38:33 very good. 08:38:43 Do we have any other topics worth covering today? 08:44:20 okay 08:44:25 #endmeeting