Hi everyone, This year we didn't have many attendees, but I want to thank everyone who managed to join the discussion regarding further project plans and goals. 1. Things we'd love to work on to release 2023.1 (Antelope): * Documentation improvements. That includes: ** Since Zed we're using OVN as a default network driver, while most docs still refer to LXB in examples. We'd need to update architecture and most networking docs with regards to this change, as they might be misleading at the moment. ** Update Ironic documentation with regards to the latest changes to the role. ** Describe multi-arch deployments * Finalize internal TLS - encryption between haproxy and uwsgi backends that happens through the management network. We have couple of topics here ** Split haproxy configuration so that backends were configured per-service playbooks rather then while running haproxy one. https://review.opendev.org/q/topic:separated-haproxy-service-config ** Actually patching services to support TLS for backends https://review.opendev.org/q/topic:tls-backend ** Ensure we test in CI both TLS and non-TLS usecases for internal traffic. * Bump MariaDB version to the next LTS release - 10.11 * Adding support for leap upgrades to our upgrade script and CI * After switching to cloudsmith repo to be source for RabbitMQ and Erlang we struggle a lot with packages being obsoleted and removed randomly from the repo. With that we're going to execute following plan: ** Switch rabbitmq back to packagecloud - it contains packages for both deb and rpm ** Use minor releases of erlang rather than specific bugfix releases that will still come from cloudsmith. Hopefully that will fail less. ** File an issue to rabbitmq-erlang-deb to publish releases in github/packagecloud alike to rpms ** Track down state of ELS repo that could be used as alternative to cloudsmith given it's working reliably. * At the moment systemd services don't restart if only init overrides are applied. POC patch was proposed and this topic should track progress: https://review.opendev.org/q/topic:osa%252Fsystemd_restart_on_unit_change We will also attempt to backport this to stable branches with just the single vote as patches are quite trivial. 2. Bobcat goals * Pretty endpoint names. It's great to have a supported way of having pretty names in your endpoints, like compute.example.com. While this is completely possible to achieve with current codebase, we have ways to improve and ease the process of doing so. ** haproxy maps we've added should simplify the process a lot ** Add a boolean variable, that instead of concatenating vip_address + port, do service_type + vip_address in roles with ability of global override ** Fix certificates to include SAN or wildcard for all endpoint names ** document a way of doing that * There is a long-going confusion about variables external/internal_lb_vip_address as they could be either IP or an FQDN and then needing other vars for the IP in haproxy/keepalived. We can attempt to replace this variable with a more meaningful or intuitive one. ** With that change we also have a chance of fixing inconsistent service names (url vs. uri) across roles * At the moment PKI keys/certificates can't be stored in a trusted storage, as community.crypto.openssl_privatekey does require keys to be files on filesystem. With that we can replace such module with openssl_privatekey_pipe as then it can use different lookups. ** With that it would be also great to re-think/document a way of storing user-secrets outside of using ansible-vault (that's trivial). * With RabbitMQ 4.0 HA queues that are used now by default are going to be removed. Quorum queues can be used instead to provide HA for queues. Though they have quite different concepts. In order to migrate to them, the exchange needs to be re-created with the enabled persistence option. Easiest way to do that would be re-creating vhosts, which will result in significant downtime for services like nova or neutron, but that's the price that should be paid for the migration/upgrade. Topic can be tracked here: https://review.opendev.org/q/topic:osa%252Fquorum_queues * ansible-core 2.14 requires >=py39, so Ubuntu 20.04 support will be dropped early in the cycle. * We also discussed resuming efforts of fucntional testing with molecule. We came up with following requirements/pain ponts: ** avoid duplicated boilerplate in all repos ** a way to run tests locally, document that ** clean up current tox/test for projects to avoid confusion * We agreed on having a common role for managing openstack resources, like images, networks, flavors, etc. This is valuable not only for operators, but also for our service roles, like octavia or tempest, where we're creating specific resources in pretty different ways each time. Work has started in the plugins repo with ambition to move that to openstack collection in the future: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/878794 * We're not sure about current IPv6-only deployments at the moment, when talking about public networks. While private networks is not smth we want to focus on right now, we need to ensure that IPv6-only public networks are supported and documented. Volunteers are highly appreciated for this work. * Releasing skyline role. While we have a POC role, Skyline doesn't meet internal requirements of OSA maintainers. So while we'd love to see role being released, it's unlikely to be a priority for majority of current team. So we're calling for volunteers to make Skyline role ready for releasing in Bobcat. * We also agreed to work on Core reviewers promotion/demotion policies and process, that should be published on Core reviewers page: https://docs.openstack.org/openstack-ansible/latest/contributor/core-reviewe...