#ansible-azure log

00:00:46 <nitzmahone> #startmeeting Ansible Azure Working Group
00:00:46 <zodbot> Meeting started Thu Aug  2 00:00:46 2018 UTC.
00:00:46 <zodbot> This meeting is logged and archived in a public location.
00:00:46 <zodbot> The chair is nitzmahone. Information about MeetBot at http://wiki.debian.org/MeetBot.
00:00:46 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
00:00:46 <zodbot> The meeting name has been set to 'ansible_azure_working_group'
00:01:07 <yungezz> Kylie and yuwei will not join today, on vacation
00:01:19 <nitzmahone> #chair jborean93 yungezz
00:01:19 <zodbot> Current chairs: jborean93 nitzmahone yungezz
00:02:09 <jborean93> Will Zim be joining us?
00:02:11 <yungezz> I have 2 topics: keyvault secret lookup plugin, PR
00:02:30 <yungezz> He should be there, but not sure
00:03:13 <yungezz> Hi yuwei
00:03:17 <yuwei> hi
00:03:29 <yungezz> I thought you will not join us today
00:03:35 <nitzmahone> #chair yuwei
00:03:35 <zodbot> Current chairs: jborean93 nitzmahone yungezz yuwei
00:04:26 <yungezz> First
00:04:40 <yungezz> Keyvault lookup plugin https://github.com/ansible/ansible/pull/42295
00:05:03 <nitzmahone> PS- the spambots haven't hit this channel yet, but if they do, I'll have to force this channel to registered users only- have you all registered your nicks with the chanserv?
00:05:03 <nitzmahone> (nickserv I mean)
00:05:03 <yungezz> This is for key vault integration we discussed before
00:05:39 <yungezz> Yes
00:07:53 <yungezz> I have sent out keyvault integration design doc via email before
00:08:01 <nitzmahone> The non-MSI path needs the cloud inventory stuff; also, definitely needs tests with a keyvault
00:08:15 <nitzmahone> Oh, I saw that, but there was a retraction or something
00:08:36 <nitzmahone> So I assumed you had meant not to send it
00:08:47 <nitzmahone> (retractions don't actually work)
00:08:48 <yungezz> Besides the lookup plugin, this https://github.com/ansible/proposals/issues/135 proposal submitted
00:09:39 <yungezz> Yes non msi path fits into cloud inventory scenarios
00:10:07 <nitzmahone> Altering the Ansible YAML dialect for this will almost certainly be rejected
00:10:38 <yungezz> So for lookup plugin can we get it reviewed and merged?
00:12:18 <nitzmahone> I can review independent of other things, but without "the big picture" being implemented, we're probably not going to want to merge it
00:13:10 <yungezz> Seems cloud inventory not start implementing yet, is there any plan ?
00:13:14 <nitzmahone> We could possibly merge with the non-MSI case removed, since the UI for that is independent of cloud inventory... Problem there is that we probably can't test the MSI case from CI
00:13:35 <nitzmahone> I asked ryansb about it this afternoon, but haven't heard back. He was planning to work on it this week, but not sure
00:14:36 <yungezz> As plugin, the msi path actually one of advantages of using azure key vault
00:15:18 <nitzmahone> Agreed
00:16:07 <nitzmahone> But in order to test that path from CI, we'd have to start a VM under a role and run Ansible inside it. Possible, but a *very* expensive integration test
00:16:07 <yungezz> So I think the plugin could be merged first, when cloud inventory ready, we could do support then
00:16:34 <jborean93> one of the issues is that we can't test in CI, is this something we want to continue with?
00:16:36 <yungezz> Otherwise the work is pending on cloud inventory
00:17:11 <yungezz> I can figure out some way to add test to test it
00:18:12 <jborean93> it just seems like without the non MSI path (which is waiting on the cloud inventory), is it worth adding into the Ansible core or should it stay outside for now
00:19:18 <yungezz> Even as lookup plugin?
00:19:47 <nitzmahone> We're not generally accepting plugins that don't have tests; that's the biggest issue at the moment
00:20:10 <yungezz> I will add test
00:20:37 <jborean93> can you, without ANsible running on an MSI enabled host, how is it possible?
00:20:47 <nitzmahone> The non-MSI path args shouldn't be there- I don't think we want to support discrete authentication in anything new
00:21:34 <nitzmahone> (should all go through cloud inventory, but of course it's blocked on that right now)
00:22:10 <yungezz> Got the concern, and understand that you’re trying to use cloud inventory for cloud auth
00:22:31 <nitzmahone> The current non-MSI authentication is very incomplete- to make it complete will require a byzantine array of arguments that will make the lookup nearly unusable
00:22:36 <yungezz> So what’s your suggestion for keyvault integration ?
00:23:22 <nitzmahone> Don't ship a half-baked implementation in Ansible core- wait to merge until everything is in place to do it properly
00:23:35 <yungezz> I see
00:23:59 <yungezz> So next topic, PRs
00:24:04 <nitzmahone> Otherwise we'll be immediately deprecating a huge swath of functionality
00:25:01 <yungezz> Ok. Looking forward to the cloud inventory, want to try it
00:25:24 <nitzmahone> You can ship that lookup in your roles with whatever functionality you want, but not sure if that's being actively worked on or not?
00:25:35 <yungezz> Role?
00:25:50 <yungezz> Yes we’re working actively on it
00:25:56 <jborean93> isn't there a preview Azure role that people can use
00:26:17 <jborean93> You can include a "preview" keyvault plugin to get it out there in the public for MSI based authenticatoin
00:26:19 <nitzmahone> That's where customers were supposed to be vetting all this stuff before it's getting sent to us?
00:27:04 <yungezz> Sure, we will put it in role
00:27:43 <yungezz> @zikalino82: do you have pr list?
00:27:46 <nitzmahone> (the preview role was what I was asking about with the "actively worked on" thing)
00:29:26 <yungezz> Yes we’re actively working on the preview role
00:29:57 <yungezz> I will put the lookup plugin there
00:30:54 <yungezz> For prs: app service plan https://github.com/ansible/ansible/pull/40906
00:31:16 <yungezz> Web app https://github.com/ansible/ansible/pull/40005
00:31:19 <zikalino82> i have a few prs as well...
00:31:42 <zikalino82> made updates to app gateway: https://github.com/ansible/ansible/pull/39940
00:32:04 <yungezz> @yuwei: pls share your prs also
00:32:45 <yuwei> 2 new modules https://github.com/ansible/ansible/pull/41175 and https://github.com/ansible/ansible/pull/41533
00:33:11 <zikalino82> and also adding more missing facts modules:
00:35:03 <zikalino82> first one is here: https://github.com/ansible/ansible/pull/43328
00:36:49 <yungezz> Btw, seems Ansible fest CFP hasn’t public submission result
00:38:04 <zikalino82> i heard they will publish something this week...
00:38:31 <yungezz> Ok
00:39:37 <nitzmahone> Yeah, I think it's supposed to be this week
00:39:56 <nitzmahone> We should be able to get all those turned around for 2.7
00:40:29 <nitzmahone> Were you guys aware that the freeze date moved up for 2.7?
00:40:48 <yungezz> Someday around beginning of September
00:40:50 <jborean93> I don't think we've had a meeting since it was made official?
00:40:51 <nitzmahone> The release manager decided to bring it in by two weeks, so freeze is now August 30
00:41:06 <yungezz> Ok
00:42:04 <yungezz> We will some new modules want to catch in 2.7, as Kylie shared in one of syncup meetings, mainly for complete web app scenarios
00:42:37 <nitzmahone> The sooner they're in PR, the more likely that is
00:42:48 <yungezz> Will send out prs soon
00:43:06 <yungezz> Pls help on reviewing
00:44:02 <jborean93> will do
00:44:14 <yungezz> Thx
00:44:59 <yungezz> I haven’t other topic today
00:45:19 <yungezz> @zikalino82: anything from you?
00:45:23 <nitzmahone> Nor me
00:45:38 <jborean93> I'm good
00:45:39 <yungezz> @yuwei ?
00:45:41 <yuwei> no
00:45:59 <zikalino82> not much, just mentioned 2 modules :-)
00:46:16 <zikalino82> i will have more prs regarding facts, but should be easy to review
00:46:45 <nitzmahone> Sounds good
00:46:54 <yungezz> Thanks all
00:46:55 <nitzmahone> Thanks all- until next week!
00:46:58 <nitzmahone> #endmeeting