15:00:15 #startmeeting ansible dev meeting 15:00:15 Meeting started Thu Sep 28 15:00:15 2017 UTC. The chair is thaumos. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:15 Useful Commands: #action #agreed #halp #info #idea #link #topic. 15:00:15 The meeting name has been set to 'ansible_dev_meeting' 15:00:23 #chair jtyr 15:00:23 Current chairs: jtyr thaumos 15:00:36 * ryansb waves 15:00:40 #chair ryansb 15:00:40 Current chairs: jtyr ryansb thaumos 15:00:45 * shertel waves 15:00:51 #chair shertel 15:00:51 Current chairs: jtyr ryansb shertel thaumos 15:00:51 \o 15:00:55 #chair Qalthos 15:00:55 Current chairs: Qalthos jtyr ryansb shertel thaumos 15:01:27 o/ 15:01:47 #chair albertom 15:01:47 Current chairs: Qalthos albertom jtyr ryansb shertel thaumos 15:01:51 * mikedlr wonders 'wot is a dev meeting - does it have an agenda ticket' then waves anyway. 15:02:05 * bcoca was using ansible_core_meeting 15:02:16 #chair mikedlr 15:02:16 Current chairs: Qalthos albertom jtyr mikedlr ryansb shertel thaumos 15:02:29 can the name be changed after the fact? 15:02:37 end + start? 15:02:43 yeah, eff that 15:02:48 I'll call it core next time 15:02:52 maybe it's a better name? 15:03:08 I just got feedback to not call it community meeting or something close to that, maybe to call it the dev meeting 15:03:16 since this is all about merging stuff into devel and what not. 15:03:26 there's just too many meetings now, I can't keep track. 15:03:49 We should hold a meeting to discuss what to call the meetings. 15:03:53 #topic set missing default values for ec2 inventory 15:03:55 #link https://github.com/ansible/ansible/pull/28375 15:03:59 meta meeting 15:04:30 @jtyr this is your first one. @shertel and @ryansb either of you have more to review for this? I see that @sdoran has chimed in on it as well. 15:04:36 yes, that one just needs review 15:04:45 +1 to merge that 15:04:51 Just waiting on ryansb to +1 it 15:04:55 +1 to merge from me 15:04:56 * ryansb will do 15:05:02 cool, 15:05:10 #action PR to be merged by ryansb or shertel 15:05:30 jtyr: do you still need your second topic looked at? I am confused by your last comment 15:05:49 yes 15:06:03 we discussed it briefly yesterday 15:06:27 is this carry over from #ansible-devel you mean 15:06:36 jimi|ansible agreed that there is currently no solution that could replace 'params` 15:07:12 mostly we dont want anything that does it the way that params does it 15:07:36 we do have existing ways to provide some of the functionality, just not in a way that bypasses our validation and security 15:07:57 it's all about removing 'params' from multiple modules although this option was there since the beginning of the existence of the modules ... 15:08:10 #topic follow up discussion to params 15:08:35 jtyr: i would argue that it a consequence of being missed in review 15:08:41 bcoca: I would prefer to get rid of 'params' and have better implementation in args ... 15:09:17 ansible could then validate if args contain some option which shouldn't be logged (using nolog in AnsibleModule definition) 15:10:11 as bcoca said yesterday, args are still here; it's still being discussed about what's going to happen with "improving" args. 15:10:21 bcoca: missed in a review in multiple modules even if that behavior was documented in EXAMPLES? ... unlikely ... 15:10:52 args are marked as "deprecated" ... 15:10:58 @jtyr, there are A LOT of modules... Things will get missed. Plus now, we have automerge of community modules so things will go through the pipe as well. 15:11:19 does not mean we shouldn't correct things we find that are wrong 15:11:27 I also like to mention, at one point there were only two people that truly curated the project. 15:12:14 bcoca: 'wrong' is not the right word 15:12:39 we disagree on that 15:13:20 params allow to do a bit more than args ... both are not doing any validation whether the options should be obfuscated in logs ... 15:13:41 if we add the obfuscation, why we couldn't keep args supported? 15:13:59 and perhaps extend it to allow task options overrides? 15:14:04 args does NOT bypass validation, does not need to do it itself, params bypasses it 15:14:17 that's the actually only difference between params and args 15:14:17 args is 'general' and implemented for all tasks, params is specific to the plugin 15:14:33 not really, but those are the ones that matter the most to me 15:14:46 and enough to justify removal, imo 15:15:45 the thing is that you removing functionality with no alternative solution ... that's not good as it breaks a lot of roles using that feature ... 15:16:17 the whole concept of 'overriding optoins' is something i cannot get behind, providing defaults .. yes, but not overrides, its too much magic in the wrong direction 15:16:41 jtyr: I normally try to avoid that, but i think this is a case in which we must 15:17:23 OK, if I would ignore the override thing ... how do we add options to task after args is removed in 2.6? 15:17:46 default options for module won't cut it ... 15:18:07 or are you gonna lift the args deprecation? 15:18:31 pointed you yesterday at 2 of the options we are looking at 15:18:43 and i would be willing to discuss the deprecation 15:19:11 IF args are to be removed in 2.6, which by the way isn't planned yet, we will definitely think of how to improve it. 15:19:27 'module defaults' and 'auth plugins' won't cut it ... 15:19:52 jtyr: only if you want 'overrides' .. which i think the whole team has been clear on, we dont 15:20:09 forget about overrides now ... 15:20:11 module defaults should be able to provide everything args does today 15:20:15 imagine file module ... 15:20:16 thaumos: I think it is. 15:20:23 you don't want to set defaults for that module 15:20:24 thaumos: We deprecated those in 2.0. 15:21:18 and you still have yaml anchors, which while 'not pretty' i believe are a good choice as the problem you have with them 'file locality' i find as a feature, keep the 'magic' a bit more obvious and the user can audit easily 15:21:32 #chair abadger1999 15:21:32 Current chairs: Qalthos abadger1999 albertom jtyr mikedlr ryansb shertel thaumos 15:21:44 bcoca: we discussed anchors with jimi|ansible and he agreed that that's not a solution ... 15:22:02 i did not agree that, they're useful but maybe not exactly what you want 15:22:21 i was going to say, that was not exactly what he said 15:22:43 jimi|ansible: you said that I would have to generate task files dynamically to get the same functionality args are providing ... 15:23:05 that is not wrong, but not the same thing as 'not a solution' 15:23:10 just not the same functionality 15:23:18 #chair jimi|ansible 15:23:18 Current chairs: Qalthos abadger1999 albertom jimi|ansible jtyr mikedlr ryansb shertel thaumos 15:23:22 you may be mixing up convos from yesterday, because i'm pretty sure i didn't say that 15:23:37 yeah, then the solution could also be not to use Ansible at all ... that's not the right approach ... 15:23:38 also, there is a way around that by making the yaml anchor 'dynamic' based on vars passed in 15:23:50 jtyr: Aren't we ignoring overrides now? 15:23:57 yes 15:24:18 So don't anchors work if you ignore overrides? 15:24:25 also, aren't we drifting away from the topic? which is removing params from the plugin? 15:24:28 jtyr: (it was agaffney who said dynamically generating the playbook) 15:24:45 ^ and again, there is easy way around that 15:24:50 how do you pass defaults or vars variable to an anchor? 15:25:14 in the anchor you make it depend on the vars/defaults 15:25:24 the anchor itself is just yaml 15:25:25 abadger1999: oh, yeah ... different nick ... sorry jimi|ansible ;o) 15:26:13 bcoca: so the anchor must have static list of options ... that doesn't help much ... 15:26:37 why? 15:26:44 also, not true 15:26:49 thaumos: Just checked... yes, Using variables for the args dict is going away in 2.6. 15:26:57 if I cannot make the whole anchor's content as a variable then it makes no sense ... 15:27:05 jtyr: again, not true 15:27:20 (individual args is okay. it's setting args: "{{ dict }}" that's going away) 15:27:23 and yes, you can 15:27:38 abadger1999: but that is exactly what he wants 15:27:52 bcoca: I'm clarifying for thaumos 15:28:00 roger 15:28:07 abadger1999: thx for looking at that. My point is, we're only discussing what's going to be in 2.5. We're ahead of ourselves. 15:28:10 bcoca: please could you show me how I can define an anchor whose content is another variable? ... no keys defined inside that anchor ... 15:28:13 k 15:28:28 helo: &helo "{{var}}" ? 15:29:01 * jtyr is checking 15:30:08 bcoca: it doesn't work 15:30:19 anchor must be a dict not string 15:31:34 not true, it can be any yaml var type 15:31:58 https://gist.github.com/bcoca/a9d373c2520dbf03bfbb07aa5aaa2719 15:32:18 I am still strongly infavor of saying that using default(omit) is the best practice/recommendation 15:32:26 ok: [localhost] => { 15:32:27 "test1": "helo" 15:32:28 } 15:32:30 sivel: agreed 15:32:56 jtyr: none of your statements about anchors are accurate 15:33:14 even if they were, i would still not consider keeping 'params' 15:33:15 sivel: not if the module has 30+ options ... 15:33:31 of course it is 15:34:22 sivel: I don't agree ... it's a nightmare to parametrize all 30+ possible options only because there is no other way how to do it ... 15:34:40 it's a 1 time thing, and more accurately reflects what is going to happen, as opposed to arbitrary vars passing that isn't explicit 15:35:00 and breaks auditabilty, one of the things i most like about ansible 15:35:11 manging something like "params" makes things much more confusing and difficult to troubleshoot 15:35:23 Alright, I am going to have to put a hold on this conversation in a little bit. We aren't getting anywhere. 15:35:30 ++ 15:35:36 thaumos: need a vote I think 15:35:44 +1 to remove 15:35:50 what are we voting on, it's going to get removed. 15:36:05 bcoca: https://pastebin.com/GLg35MKz ... this is syntax error ... 15:36:08 +1 remove 15:36:46 there may be a use case here but params as a solution is worse than the problem. 15:37:11 +1 to remove 15:37:39 abadger1999: I'm not against removing params ... I just would like agrs stay as a replacement ... although it doesn't do replacements ... 15:38:26 jtyr, args are being revisited. 15:38:33 params are being removed. 15:38:45 args will be discussed in the future before deprecated. 15:38:46 thaumos: they they should be not marked as deprecated ... 15:38:55 they were marked in the past. 15:39:11 thaumos: then let's undo it ;o) 15:39:29 jtyr: setting htem via a dict is marked as deprecated because it is unsafe. security trumps convenience. 15:39:37 I'd rather improve than step backwards. 15:39:44 we step back way too much as it is. 15:40:17 we can look at whether there's a way around the security concerns that lets us kep that functionality, but can't reprioritize convenience over security. 15:40:34 +1 to remove, sorry. Looked away 15:40:45 abadger1999: it's unsafe the same way like params ... this is why I wanted to implement some security checking (check for nolog=True in AnsibleModule) ... 15:41:55 In any case jimi said params was being removed regardless, due to a CVE 15:42:04 not sure a vote was really needed in that context 15:42:16 only because abadger1999 called for one :-) 15:42:35 he keeps me from turning into The Hyde BDFL 15:42:45 I like BDFL :) 15:42:49 sivel: the CVE is related but different. 15:43:54 abadger1999: if args will stay then I'm happy to remove params ... 15:44:09 okay, moving on from this topic. we will revisit the args discussion at a later day. 15:44:22 we have one more topic to cover that albertom has been patiently waiting to discuss 15:44:39 #action discussion to continue over args at a later day for 2.6. 15:44:41 sup! 15:44:46 * jtyr is sad 15:44:58 #topic os keystone endpoint module submission 15:45:04 * albertom passes a puppy to jtyr 15:45:06 dont be 15:45:17 #link https://github.com/ansible/ansible/pull/29031 15:45:55 * jtyr bited the puppy's head off 15:46:06 ... 15:46:08 I think we need input from one of the openstack module maintainers. I'd review, but it would only be code review 15:46:43 although looks like there are 2 shipits from people who were pinged 15:47:01 but only 1 since recent updates 15:47:20 albertom: like dag said, we just need one more shipit from the Openstack community to have this considered to be merged. 15:47:28 same person said shipit twice, @sivel 15:47:32 does the bot pick up shipits in review comments? 15:48:20 thaumos: ah, thought I saw one from mgale, but was wrong 15:48:32 I had to doubletake on it as well, sivel 15:48:45 shertel: unknown, 15:48:52 I don't believe it does shertel 15:49:24 jtanner doesn;t seem to be in here, and I beliefe thaumos is correct 15:49:26 that being said, it's a new module so it still needs us to merge it. 15:49:28 i can look at the keystone module 15:49:30 probably tomorrow 15:49:34 albertom: ^ 15:49:37 good! 15:49:54 @sdoran you interested in looking at this too? 15:50:05 Yup 15:50:39 Iirc bot does see shipits in review coomoents as of a few weeks ago 15:51:17 oh right on 15:51:33 nice! 15:51:59 either way, rcarrillocruz is on the team_openstack list. If he gives it a shipit we're good to have it merged. 15:52:18 since it's new it'll still be a manual ack 15:52:21 yah, promise to look early in my morning and merge it if all good 15:52:26 otherwise albertom ping me directly 15:53:11 ack 15:53:11 #action rcarrillocruz and sdoran to look at the PR 15:53:28 #action albertom to poke at rcarrillocruz if needed 15:53:34 #topic Open Floor 15:53:49 any last items not covered to be discussed? 15:54:14 review my RDS modules pls. It's a strategic feature for 2.5 since we want to deprecate the old rds module.. 15:54:42 #info play with the new shiny RDS module and provide feedback folks! 15:54:57 @mikedlr, link to the PR? 15:55:01 #link https://github.com/ansible/ansible/pull/30746 15:55:16 thx abadger1999 15:55:18 thanks abadger1999 15:55:52 N.B. that's got multiple modules in it so that I can run proper integration tests and thus includes some merge commits; the final PRs will be separated and clean. 15:58:27 👍 15:58:36 alrighty, if nothing else I am going to end the meeting 15:58:41 thanks everyone! 15:58:47 #endmeeting