19:00:11 #startmeeting Ansible Molecule Working Group 19:00:11 Meeting started Wed Mar 6 19:00:11 2019 UTC. 19:00:11 This meeting is logged and archived in a public location. 19:00:11 The chair is gundalow. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:11 Useful Commands: #action #agreed #halp #info #idea #link #topic. 19:00:11 The meeting name has been set to 'ansible_molecule_working_group' 19:00:34 #chair themroc pabelanger zbr decentral1se fabianvf 19:00:35 Current chairs: decentral1se fabianvf gundalow pabelanger themroc zbr 19:00:37 * alongchamps here but also in another meeting 19:00:56 Who else is around? 19:01:21 * tima waves 19:01:34 hello 19:01:50 hey all 19:02:08 hi! 19:02:11 So on the agenda I think we have 19:02:11 1) Are we ready to call feature freeze on v2.20 and get the pre-release done and advertised 19:02:12 2) Review other items on v2.20 board, are we pushing them to v2.21? (I guess this is part of (1)) 19:02:12 3) Zuul 19:02:14 What else? 19:02:22 #chair alongchamps tima 19:02:22 Current chairs: alongchamps decentral1se fabianvf gundalow pabelanger themroc tima zbr 19:02:45 yep, perfect. One more: decision on https://github.com/ansible/molecule/issues/1779 for the change log issue from me 19:03:08 Review of the ansible verifier PR by @fabianvf? 19:03:19 * tima looks up PR number 19:03:39 OK, lets start with 2.20 19:03:46 https://github.com/ansible/molecule/projects/2 19:03:48 #topic Molecule v2.20 pre release 19:03:55 #info https://github.com/ansible/molecule/projects/2 19:04:04 https://github.com/ansible/molecule/pull/1714 19:04:12 found it ^^^ 19:04:16 #info Q: Has everything we care about been merged (apart from changelog) 19:04:30 i believe so 19:04:32 https://github.com/ansible/molecule/pull/1745 has been agreed to go in since a few WGs ago 19:04:37 #info Q: Are we now ready to cut and announce the pre-release so we can get some real feedback 19:04:48 and is the only other one we have on the v2.20 train 19:05:29 yep, in addition to the 1714 which i hope to see merged today, only the changelog is scheduled for 2.20 19:05:56 +1 for annoucement and feedback after #1714 is decided on 19:06:10 can people triage now or what is the feeling? 19:07:15 Q: Could we add`Add Ansible verifier #1714` after pre-release is cut? 19:07:33 Trying to get the balance between getting the release out and feedback vs keep on merging stuff 19:07:49 should we add Mitigate against PyYaml CVE-2017-18342? https://github.com/ansible/molecule/pull/1808/files 19:07:49 fabianvf: what are your thoughts? 19:07:58 yeah, so Ansible verifier was reviewed a bunch and was put on the 2.21 schedule 19:08:07 i'm fine with 1714 coming later for the reasons you list @gundalow. 19:08:11 but that is totally up for change 19:08:37 themroc: #1808 looks fine to leave since we don't have any dodgy `load` calls 19:08:47 ok 19:09:08 I'm here now 19:09:30 AFAIK, there is a design issue remaining with Ansible verifier 19:09:33 no? 19:09:39 https://github.com/ansible/molecule/pull/1714#discussion_r262619088 19:09:45 fabianvf: we OK to push Add Ansible verifier #1714 into v2.21 (we are working on v2.20 at the moment) 19:10:06 Yes, I think it makes sense to target it for 2.21 19:10:24 #agreed Ansible verifier #1714 for v2.21 19:10:45 cool. I think we'll make it since we've already got many eye balls on it :) 19:10:57 and of course, fabianvf is doing good things :) 19:10:58 Assuming we get our release cadence a little more cadence-y :P 19:11:53 so, just #1714 then? Are there reservations? 19:12:27 fabianvf, +1 19:12:34 sorry, #1745 I meant ... 19:12:41 https://github.com/ansible/molecule/pull/1745 19:14:06 makes sense to me 19:15:56 +1 from me, as per last comment 19:16:07 +1 also 19:16:23 is that +1 for it going in v2.20 or +1 to merge? 19:16:39 merge 19:17:21 both :) 19:18:23 :) 19:18:32 See final agreement in https://meetbot-raw.fedoraproject.org/teams/ansible_molecule_working_group/ansible_molecule_working_group.2019-02-20-19.01.html 19:19:04 but there is of course still space for concerns! 19:19:07 OK, I see +1's and green CI. Should I hit merge? 19:19:32 💣 19:19:47 zbr: your head on the chopping block for fixes ;) 19:20:03 MERGED 19:20:04 decentral1se: sure 19:20:22 https://github.com/ansible/molecule/projects/2 now only shows release notes, so I guess we are good 19:20:28 woot woot 19:20:56 bah, why is Travis Red https://travis-ci.com/ansible/molecule/builds 19:21:28 It's just https://github.com/ansible/molecule/issues/1799 19:21:36 I've been babysitting the builds against this flakyness ... 19:22:14 ah, thank you :) 19:22:24 sure thing 19:22:42 So should I tag pre release now? 19:22:53 \o/ 19:22:59 gundalow: yeah. 19:23:05 yes please 19:23:21 we can take case of release notes after. 19:23:42 i am curious about the next agenda items, like zuul 19:23:52 #topic Zuul 19:23:57 release notes -> https://github.com/ansible/molecule/issues/1779 19:23:58 pabelanger: all yours 19:24:06 hello 19:24:32 I'm mostly here to help answer questions about zuul CI and why we'd want to use it for molecule 19:24:39 #info https://github.com/ansible/molecule/issues/1770 19:24:49 #info https://github.com/ansible/molecule/pull/1773 19:24:54 this was all in context to the idea of moving a way from travisci 19:25:17 with travis feature under serious questions and considering that I am zuuling every day for openstack, I am in favour. 19:25:35 but, bascially, we in ansible-network have access to a zuul, and are in the process of now buiding out own zuul for ansible org, and happy to help see how to onboard molecule to it 19:25:53 questions: is zuul-github integration usable as I suspect gerrit would be too much for most people ;) 19:26:06 zbr: done and has been working for a while 19:26:09 What is the relationship of ansible-network with ansible? What resources are available? 19:26:27 yes, github works with zuul, we've been using it for some time 19:26:39 #info Zuul is being used for the Ansible Network's repos, see https://github.com/ansible-network 19:26:50 for resources, we have capacity in 4 regions, 2 openstack cloud providers 19:26:59 pabelanger: great, so nothing to worry about. and the best is that we can run them in parallel without problems. if we have infra to run we are good. 19:27:05 this budget today is being funded my community 19:27:15 #info Example PR being tested and merged via Zuul https://github.com/ansible-network/network-engine/pull/231 19:27:30 ah! community funding ... 19:27:42 I expect molecule builds to only get heavier and heavier 19:27:56 as we build the new zuul control plane, it has been noted that more projects testing, need more capacity 19:27:56 so we will surely be expected to contribute at some point in funding, no? 19:28:11 we'll need to cover integration tests for 5+ drivers or something ... 19:28:16 Molecule's test bill will be covered by Red Hat 19:28:19 already something like 5 hours today, without support of any cloud provider :/ 19:28:41 ok, that is good 19:28:44 right, funding should be coverged by redhat 19:28:53 pabelanger: it seems that these are using comments and not the github checks api, not a deal-breaker. 19:28:59 if we need more capacity, to ensure testing is working and making molecule stable, that is a good problem to have 19:29:19 sure. what access would we have to build configuration / admin / etc. 19:29:20 and capacity for running tests in public openstack cloud or aws, is there 19:29:22 zbr: jlk is working on GitHub Checks API (though he's busy with lots of stuff) 19:29:41 decentral1se: all test definitions are in GitHub repos 19:29:41 decentral1se: you'll have full root access to the vms to do what you want for testing 19:29:50 tbh, I do not think that molecule would a huge resource hog. 19:30:00 https://github.com/ansible-network/sandbox/pull/27 19:30:14 for example, is 2 molecule jobs I setup to run in zuul 19:30:19 and what is the social contract on that? Is there some code of conduct? 19:30:22 https://ansible-network.softwarefactory-project.io/zuul/status 19:30:26 is where you see them run 19:30:41 which, should be happening now 19:30:55 (maybe not) 19:30:58 there we go 19:31:04 nice 19:31:17 but those tests, it is running, are all in tree atop of tox jobs we've build 19:31:24 so it was very minimal getting them up and running 19:31:25 once we have the "seed" jobs I wll be able to provide help with zuul work as I use it a lot. 19:31:30 waw, how to transform a bad news in a good one 19:31:41 ;) 19:31:50 the cool part of this, is job content is written in ansible 19:32:04 pabelanger: are there meetings / place of contact to discuss usage of zuul? 19:32:11 or monitor how resources are being utilised? 19:32:14 #zuul 19:32:17 so, you write your playbooks / role for production, then use different inventory file for testing, and it should work the same 19:32:22 i learned about zuul reading about the integration of molecule in redhat, the convergence is awesome 19:32:42 decentral1se: yes, #zuul is a good place also http://lists.zuul-ci.org/pipermail/zuul-discuss/ 19:32:57 themroc: yah, I have ansible roles, that use molecule, run by zuul 19:33:00 works well 19:33:07 ok, hammering questions on here ;) 19:33:13 but what would a migration look like? 19:33:24 we can retain our tox configuration? 19:33:41 yes, your tox.ini should be able to be the same 19:34:03 decentral1se: overall, working with zuul jobs is easier than you may think, the only barrier is creation of first set of jobs, after this is not harder than travis.yml 19:34:06 then, we basically create in-tree configuration like: https://github.com/ansible-network/sandbox/pull/27/files 19:34:34 from what I seen, tox was the entry point to testing for you, which makes this straightforward 19:34:38 however 19:34:40 what we could do 19:34:44 looks pretty 19:34:45 i will try to keep as much as possible inside tox.ini to allow developers to run tests locally, so zuul jobs will mainly only orchestrate tox executions. 19:35:13 for the next step, if interested, is add github app to molecule and run some example jobs on PRs 19:35:26 you'll get repos back on how things work 19:35:41 then have another discussion about how to cut over to have zuul gate your repo, if wanted 19:35:48 i am looking forward the first functional tests running on zuul ! 19:36:02 the main things with zuul gating, is it becomes the the only one to merge code 19:36:11 so, humans would have to stop doing that 19:36:15 note that some tests have been specially disabled when on travis 19:36:41 that all sounds really nice then 19:36:42 themroc: yes, you'll have full root access to vm to setup the way you want 19:36:48 thanks for so much information 19:36:54 np 19:37:05 one question is how to prioritise this then 19:37:12 but maybe we can't answer that now 19:37:34 right, so on my side, we are actually building a new zuul control plane, so busy with that 19:37:39 we can agree to continue the investigation with your proposal though! :) 19:37:52 however, for the step about about having you demo PRs with zuul, we could do that this week 19:37:59 on your side, it is just adding a github app 19:38:17 well that seems like the thing to do then 19:38:25 but yes, happy to set aside some time to help more investigation 19:38:37 i just made a request to enable softwarefactory-project-zuul app on molecule project, not sure who is approving it. 19:38:47 and is there some further back and forth needed with ansible-network? 19:39:06 I mean, is there still questions of feasability from that side? 19:39:10 decentral1se: yah, we'll need to onboard you into our zuul tenant, I can be point for that 19:39:33 i think the step here are, show it working well with molecule 19:39:43 make sure mgmt is okay with bring you into our zuul 19:39:45 profit 19:39:53 we can do first step now 19:40:08 #2, I don't see an issue becaue awx is also doing zuul today 19:40:29 well then, bring on the zuul hegemony 19:40:31 Once ansible-network is setup with the new hosts etc we can look at this 19:40:47 gundalow: yah, i think for final cutover that makes sense 19:41:11 which on your side, will be a different github app to allow and revoke sf github app 19:41:24 all the configuration in-tree will be the same 19:42:00 zbr: Please don't try and install Zuul in our GitHub org 19:42:18 gundalow: i cannot do it anyway. 19:42:32 final concern: what is the roadmap of zuul? 19:42:46 ansible/* are banking on it being around for a while, I assume ;) 19:42:51 yup 19:42:58 and it's an important part of OpenStack :) 19:43:10 ok, all clear, thanks again pabelanger 19:43:41 np! 19:43:58 yah, zuul is a top level project in the openstack foundation now 19:44:07 only going to get larger IMO now 19:44:11 pabelanger: thanks! this was a really productive meeting. 19:44:45 pabelanger: yep, via https://opendev.org/ which is still in its early stages. 19:45:04 Dare I squeeze in one final topic? 19:45:37 pabelanger: Thanks 19:45:41 decentral1se: sure do #topic 19:46:14 cool 19:46:16 #topic https://github.com/ansible/molecule/issues/1779 19:46:24 can we move ahead with towncrier for change log? 19:46:37 what are the concerns. I'm happy to defer to webknjaz in this regard 19:47:55 * gundalow is happy to use whatever people think is easy 19:49:40 Just seeing if webknjaz is around and can join 19:50:01 ah, nop, he's busy in another meeting at the moment 19:51:26 parking lot on that one then? 19:51:34 i am not very keep about towncrier just because i do not know it and because is not used by any project that I know. so newtech, bit pessimistic. 19:52:07 any ansible core lurkers? Can someone provide support for Reno? 19:52:08 does anyone know what the other ansible projects use? 19:52:19 Reno apparently ... zbr, you mentioned this? 19:52:39 support = a comment here and there ;) 19:53:21 I have a bias for using what the rest of the Ansible community projects are using unless the is a really strong case to deviate. 19:54:09 I can help give a demo on reno / zuul integration 19:54:13 we actually have a job for that 19:54:43 https://zuul-ci.org/docs/zuul/releasenotes.html is example sphinx integration 19:54:45 tima: https://github.com/ansible/ansible/blob/3433ca286db87ff50b9c93fa9330b6318386af7e/docs/docsite/rst/community/development_process.rst#creating-a-changelog-fragment 19:54:56 @pabelenger: how is reno? meaning, does it work well? stable? buggy? missing features. 19:55:01 at least in openstack reno is used. i am just trying to avoid diverging the toolset, so my comments are limited to risk mitigation and not the quality of the tools themselves. 19:55:07 oh yes, sphinx integration is good 19:55:31 ok, I'm +1 on Reno, ansible/ansible using it and pabelanger assisting! 19:55:37 tima: yes, works very well. Born out of openstack project and use across all the projects there 19:55:38 ugh. sorry @pabelanger. need coffee. 19:55:39 and zbr swaying the tide 19:55:44 easy to work with too, imo 19:55:50 clearly support is a big plus 19:56:10 agreed @zbr 19:56:15 I can mock up a demo for next week if you'd like 19:56:25 heroic 19:56:48 I'd be interested in that. 19:57:17 i am agnostic on this topic, i learn 19:57:30 Has anyone here used towncrier to compare it to Reno? 19:57:36 (For the sake of comparison) 19:58:30 I've not, was just going on webknjaz report ... 19:59:13 thing is, we need this to finalise v2.20 (we need to build the change log) 19:59:54 or well, manually compiling is probably less work right now ... 20:01:04 decentral1se: for 2.20 lets do it manually. much easier. 20:01:40 ok, let's get the Reno demo / try out then and take it from there? 20:01:44 You mean holding up a release over how we generate a changelog is not a blocker? ;) 20:02:05 hehe 20:02:25 ok, happy to leave this now then 20:02:42 +1 leaving this for now 20:03:46 #agreed we will manually create the changelog fr v2.20 20:03:57 pabelanger: Thanks :) 20:06:11 Anything else today? 20:06:23 think we're good 20:06:23 I'm going to have to drop off really soon. 20:06:38 @gundalow? 20:06:43 I think we are good 20:06:50 I had to poke quay.io 20:07:07 oh, finally, just to be clear: we code freeze until pre-release feedback? 20:07:18 decentral1se: I think so 20:07:25 grand job 20:07:33 agreed @decentral1se 20:07:41 great day 20:07:52 solid stuff, I'm out the door 20:07:56 Thanks as always everybody! 20:07:56 thanks all, great stuff 20:07:59 #endmeeting