00:00:46 #startmeeting Ansible Azure Working Group 00:00:46 Meeting started Thu Aug 2 00:00:46 2018 UTC. 00:00:46 This meeting is logged and archived in a public location. 00:00:46 The chair is nitzmahone. Information about MeetBot at http://wiki.debian.org/MeetBot. 00:00:46 Useful Commands: #action #agreed #halp #info #idea #link #topic. 00:00:46 The meeting name has been set to 'ansible_azure_working_group' 00:01:07 Kylie and yuwei will not join today, on vacation 00:01:19 #chair jborean93 yungezz 00:01:19 Current chairs: jborean93 nitzmahone yungezz 00:02:09 Will Zim be joining us? 00:02:11 I have 2 topics: keyvault secret lookup plugin, PR 00:02:30 He should be there, but not sure 00:03:13 Hi yuwei 00:03:17 hi 00:03:29 I thought you will not join us today 00:03:35 #chair yuwei 00:03:35 Current chairs: jborean93 nitzmahone yungezz yuwei 00:04:26 First 00:04:40 Keyvault lookup plugin https://github.com/ansible/ansible/pull/42295 00:05:03 PS- the spambots haven't hit this channel yet, but if they do, I'll have to force this channel to registered users only- have you all registered your nicks with the chanserv? 00:05:03 (nickserv I mean) 00:05:03 This is for key vault integration we discussed before 00:05:39 Yes 00:07:53 I have sent out keyvault integration design doc via email before 00:08:01 The non-MSI path needs the cloud inventory stuff; also, definitely needs tests with a keyvault 00:08:15 Oh, I saw that, but there was a retraction or something 00:08:36 So I assumed you had meant not to send it 00:08:47 (retractions don't actually work) 00:08:48 Besides the lookup plugin, this https://github.com/ansible/proposals/issues/135 proposal submitted 00:09:39 Yes non msi path fits into cloud inventory scenarios 00:10:07 Altering the Ansible YAML dialect for this will almost certainly be rejected 00:10:38 So for lookup plugin can we get it reviewed and merged? 00:12:18 I can review independent of other things, but without "the big picture" being implemented, we're probably not going to want to merge it 00:13:10 Seems cloud inventory not start implementing yet, is there any plan ? 00:13:14 We could possibly merge with the non-MSI case removed, since the UI for that is independent of cloud inventory... Problem there is that we probably can't test the MSI case from CI 00:13:35 I asked ryansb about it this afternoon, but haven't heard back. He was planning to work on it this week, but not sure 00:14:36 As plugin, the msi path actually one of advantages of using azure key vault 00:15:18 Agreed 00:16:07 But in order to test that path from CI, we'd have to start a VM under a role and run Ansible inside it. Possible, but a *very* expensive integration test 00:16:07 So I think the plugin could be merged first, when cloud inventory ready, we could do support then 00:16:34 one of the issues is that we can't test in CI, is this something we want to continue with? 00:16:36 Otherwise the work is pending on cloud inventory 00:17:11 I can figure out some way to add test to test it 00:18:12 it just seems like without the non MSI path (which is waiting on the cloud inventory), is it worth adding into the Ansible core or should it stay outside for now 00:19:18 Even as lookup plugin? 00:19:47 We're not generally accepting plugins that don't have tests; that's the biggest issue at the moment 00:20:10 I will add test 00:20:37 can you, without ANsible running on an MSI enabled host, how is it possible? 00:20:47 The non-MSI path args shouldn't be there- I don't think we want to support discrete authentication in anything new 00:21:34 (should all go through cloud inventory, but of course it's blocked on that right now) 00:22:10 Got the concern, and understand that you’re trying to use cloud inventory for cloud auth 00:22:31 The current non-MSI authentication is very incomplete- to make it complete will require a byzantine array of arguments that will make the lookup nearly unusable 00:22:36 So what’s your suggestion for keyvault integration ? 00:23:22 Don't ship a half-baked implementation in Ansible core- wait to merge until everything is in place to do it properly 00:23:35 I see 00:23:59 So next topic, PRs 00:24:04 Otherwise we'll be immediately deprecating a huge swath of functionality 00:25:01 Ok. Looking forward to the cloud inventory, want to try it 00:25:24 You can ship that lookup in your roles with whatever functionality you want, but not sure if that's being actively worked on or not? 00:25:35 Role? 00:25:50 Yes we’re working actively on it 00:25:56 isn't there a preview Azure role that people can use 00:26:17 You can include a "preview" keyvault plugin to get it out there in the public for MSI based authenticatoin 00:26:19 That's where customers were supposed to be vetting all this stuff before it's getting sent to us? 00:27:04 Sure, we will put it in role 00:27:43 @zikalino82: do you have pr list? 00:27:46 (the preview role was what I was asking about with the "actively worked on" thing) 00:29:26 Yes we’re actively working on the preview role 00:29:57 I will put the lookup plugin there 00:30:54 For prs: app service plan https://github.com/ansible/ansible/pull/40906 00:31:16 Web app https://github.com/ansible/ansible/pull/40005 00:31:19 i have a few prs as well... 00:31:42 made updates to app gateway: https://github.com/ansible/ansible/pull/39940 00:32:04 @yuwei: pls share your prs also 00:32:45 2 new modules https://github.com/ansible/ansible/pull/41175 and https://github.com/ansible/ansible/pull/41533 00:33:11 and also adding more missing facts modules: 00:35:03 first one is here: https://github.com/ansible/ansible/pull/43328 00:36:49 Btw, seems Ansible fest CFP hasn’t public submission result 00:38:04 i heard they will publish something this week... 00:38:31 Ok 00:39:37 Yeah, I think it's supposed to be this week 00:39:56 We should be able to get all those turned around for 2.7 00:40:29 Were you guys aware that the freeze date moved up for 2.7? 00:40:48 Someday around beginning of September 00:40:50 I don't think we've had a meeting since it was made official? 00:40:51 The release manager decided to bring it in by two weeks, so freeze is now August 30 00:41:06 Ok 00:42:04 We will some new modules want to catch in 2.7, as Kylie shared in one of syncup meetings, mainly for complete web app scenarios 00:42:37 The sooner they're in PR, the more likely that is 00:42:48 Will send out prs soon 00:43:06 Pls help on reviewing 00:44:02 will do 00:44:14 Thx 00:44:59 I haven’t other topic today 00:45:19 @zikalino82: anything from you? 00:45:23 Nor me 00:45:38 I'm good 00:45:39 @yuwei ? 00:45:41 no 00:45:59 not much, just mentioned 2 modules :-) 00:46:16 i will have more prs regarding facts, but should be easy to review 00:46:45 Sounds good 00:46:54 Thanks all 00:46:55 Thanks all- until next week! 00:46:58 #endmeeting