#ansible-network log

16:00:24 <Qalthos> #startmeeting Ansible Network Working Group
16:00:24 <zodbot> Meeting started Wed Aug 24 16:00:24 2022 UTC.
16:00:24 <zodbot> This meeting is logged and archived in a public location.
16:00:24 <zodbot> The chair is Qalthos. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions.
16:00:24 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:00:24 <zodbot> The meeting name has been set to 'ansible_network_working_group'
16:01:16 <Qalthos> #chair Sagar Paul Sagar  Paul
16:01:16 <zodbot> Current chairs: Paul Qalthos Sagar
16:01:46 <Qalthos> Hopefully that does something
16:01:57 <Qalthos> #topic Agenda https://github.com/ansible/community/issues/542
16:02:33 <Qalthos> You can add topics to the agenda whenever you like, no need to wait for the meeting
16:02:41 <Qalthos> #link https://github.com/ansible/community/labels/network is where you can always find the latest agenda
16:02:51 <Qalthos> #topic Core Updates
16:03:14 <SagarPaul[m]1> Hello, everyone
16:04:08 <Qalthos> oh zodbot, I know you're trying so hard
16:05:05 * wayt pats zodbot on the head - good zodbot
16:05:11 <Qalthos> #info AnsibleFest is coming up in a few months, October 18-19 in Chicago, IL
16:05:49 <Qalthos> #info If you submitted a talk you should probably have a notification if you were accepted or not soon if not already
16:07:37 <Qalthos> #info The upcoming major release of networking collections is now scheduled, we're aiming for our October release
16:08:43 <Qalthos> #info Again, this will include the removal of a lot of deprecated content that has been replaced for more than two years.
16:09:31 <SagarPaul[m]1> #info we are looking forward to update the supported IOS/XE version for Cisco IOS collection from 15.2 to 17.3+ with a major release planned October end.
16:09:31 <Qalthos> #info It was also brought to my attention that this also means the death of provider in our collections. Hooray 🎉
16:10:19 <Qalthos> #topic Cisco IOS supported version increase
16:11:15 <Qalthos> Sagar  Paul: Do you want to go into any more detail about what that's going to entail?
16:16:19 <SagarPaul[m]1> well, as Cisco IOS 15.2 versions are EOL'd and considering the supported ssh libraries, image upgrade would enable us to use enhanced algorithms.
16:19:04 <Qalthos> #info Older versions are EOL by Cisco and use SSH algorithms not supported by default on a lot of systems
16:20:19 <Qalthos> I don't think there's anything else I have to share this week
16:20:54 <Qalthos> Sagar  Paul: anything else you want to mention before I move to open floor?
16:21:21 <wayt> The primary reasoning is SSH algorithm support? I do agree those versions are EoL on Cisco's end. What was the reasoning for grabbing the 17.3 train, 16.12 just to close to EoL as well?
16:21:27 <SagarPaul[m]1> I am good Qalthos Thank you
16:23:26 <SagarPaul[m]1> @wayt yes, 16.x versions are EOL'd
16:25:14 <Qalthos> Historically, we don't commit to supporting any device that is EOL by the manufacturer. In practice, if it doesn't break anything, we don't usually worry about it
16:25:52 <wayt> cool thx for the clarification - no version checks per-say in the code
16:27:25 <Qalthos> We have to bump the version here because of the SSH issue, so we're just skipping to the first non-EOL version as that is all we support. Anything that still works on older devices is essentially a bonus that shouldn't be relied on
16:28:31 <Qalthos> Occasionally we do include hard version checks in code when functionality drastically changes between versions with no recourse, but we try to limit that to only when necessary
16:28:51 <wayt> cool - is the ssh issue because the crusty 15.x algos are actually pulled from RHEL 9 and can't get a connection even w/a legacy crypto policy?
16:29:55 <wayt> (i'll have to try to my 2 physical lab switches still running 15.2 here at home courtesy of ebay ... I think the best I could get them to do was sha1-dh14 or something
16:30:20 <Qalthos> I don't know about that specifically, but things like that are definitely not a mark in favor of keeping it
16:30:29 <SagarPaul[m]1> there are no version checks to restrict operations in code, but yes there are tiny enhancements, based on the newer supported image those are mostly module specific.
16:31:54 <wayt> thx for the clarification it'll help as i turn inward to others using cisco.ios internally here
16:32:04 <Qalthos> Even on other platforms where the algorithms are still present it can be an absolute pain to convince your system that you really want to be insecure enough to connect
16:32:43 <Qalthos> Alright then, let's move on
16:32:44 <Qalthos> #topic Open Floor
16:32:49 <wayt> qalthos ya i've lived that for a long time - sorry - yup move on
16:33:00 <Qalthos> If anyone else has something they want to discuss, let's hear it
16:34:23 <Qalthos> wayt: I mean we can keep grumbling about SSH algos too, I just wanted to give anyone else an opportunity to bring something up before we strayed too far
16:34:28 <Qalthos> (:
16:34:38 <wayt> :)
16:38:34 <Qalthos> Alright, then. If nobody has anything else they want to talk about, I'm gonna close this
16:38:56 <Qalthos> Thanks for coming by
16:39:07 <Qalthos> #endmeeting