Wednesday, 2019-06-19

*** weifan has quit IRC		00:09
*** gyee has quit IRC		00:32
*** tosky has quit IRC		00:36
*** spatel has joined #openstack-ansible		00:48
*** kplant has quit IRC		00:50
*** hwoarang has quit IRC		01:10
*** hwoarang has joined #openstack-ansible		01:11
*** tinwood has quit IRC		02:08
*** tinwood has joined #openstack-ansible		02:10
*** markvoelker has joined #openstack-ansible		03:00
*** ansmith_ has joined #openstack-ansible		03:04
*** markvoelker has quit IRC		03:06
*** ansmith has quit IRC		03:06
*** weifan has joined #openstack-ansible		03:08
*** weifan has quit IRC		03:12
*** spatel has quit IRC		03:17
*** ansmith has joined #openstack-ansible		03:29
*** ansmith_ has quit IRC		03:31
*** hwoarang has quit IRC		03:50
*** hwoarang has joined #openstack-ansible		03:51
*** markvoelker has joined #openstack-ansible		04:01
*** markvoelker has quit IRC		04:06
*** markvoelker has joined #openstack-ansible		04:21
*** hwoarang has quit IRC		04:25
*** hwoarang has joined #openstack-ansible		04:25
*** raukadah is now known as chandankumar		04:31
*** udesale has joined #openstack-ansible		04:31
*** weifan has joined #openstack-ansible		05:17
*** weifan has quit IRC		05:22
*** irclogbot_2 has quit IRC		05:30
*** irclogbot_2 has joined #openstack-ansible		05:30
*** spsurya has joined #openstack-ansible		06:16
*** cshen has joined #openstack-ansible		06:23
*** threestrands has joined #openstack-ansible		06:27
*** kopecmartin\|off is now known as kopecmartin		06:32
openstackgerrit	Dmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/stein: Stop deleting-and-creating RabbitMQ account https://review.opendev.org/666230	06:34
*** miloa has joined #openstack-ansible		07:00
miloa	Morning	07:00
cshen	morning	07:00
*** luksky has joined #openstack-ansible		07:06
*** ivve has joined #openstack-ansible		07:07
*** luksky has quit IRC		07:11
*** tosky has joined #openstack-ansible		07:15
*** markvoelker has quit IRC		07:22
*** luksky has joined #openstack-ansible		07:23
miloa	about Rabbitmq : https://docs.openstack.org/openstack-ansible/rocky/admin/maintenance-tasks.html I've got the "HOSTNAME problem" but I am using Ansible 2.5.4.	07:23
miloa	s/2.5.4/2.5.14/	07:24
jrosser	Morning	07:25
jrosser	miloa: you might need to give a bit more context there?	07:25
miloa	When I run the infrastructure playbook, the rabbitmq task failed. When I attach to the lxc container and run rabbitmqctl cluster_status I've got this message : unable to connect to epmd (port 4369) on hostname-of-the-host-not-the-hostname-of-lxc-container.	07:29
miloa	in the lxc container echo $HOSTNAME, give the hostname of host not the hostname of container	07:30
miloa	jrosser: so I was wondering if as said in the note in documentation the problem is resolved in Ansible 2.3.	07:31
ohwhyosa	Morning!	07:31
*** key-networks has joined #openstack-ansible		07:32
*** key-networks has quit IRC		07:34
miloa	jrosser: when i attach with to the container with --clear-env the HOSTNAME is correct.	07:48
ChosSimbaOne	Good morning. So how I think i figured out the Haproxy issues I had yesterday. I set the haproxy_keepalived_external/internal_interface to the same interface.	07:48
jrosser	miloa: i just looked on one of my nodes and HOSTNAME isnt defined either on the host nor in the container	07:49
ChosSimbaOne	Now the galera cluster is acting up. It fails at setting up the cluster, and it seems like there is no access between the galera containers on the br-mgmt. I tried to ping but no answer acress the hosts.	07:50
miloa	ChosSimbaOne: On the same host, can you ping the galera container from an other container ?	07:51
ChosSimbaOne	So on my infrastructure host 2 (os-if02) the infra2-utility-container-d1c87ad3 container has ip 17.19.20.207 if i attach to container infra2-utility-container-d1c87ad3 i can ping that ip.	07:56
ChosSimbaOne	but not the infra1-utility-container-XXXX container on os-if01	07:57
*** trident has quit IRC		07:57
*** threestrands has quit IRC		07:59
*** gkadam has joined #openstack-ansible		08:00
miloa	ChosSimbaOne: the infrastructure host 2 (os-if02) is it a VM ?	08:00
miloa	or a physical server ?	08:01
*** trident has joined #openstack-ansible		08:01
*** Adri2000 has quit IRC		08:01
*** Adri2000 has joined #openstack-ansible		08:02
ChosSimbaOne	It is a VM running in KVM/Qemu	08:11
*** oligau has quit IRC		08:12
ChosSimbaOne	miloa: the kvm is attach to a openvswitch.	08:14
miloa	ChosSimbaOne: I had the same problem, with VMs on Openstack, what I have to do is to declare allowed_address_pair on the port of the VM.	08:18
miloa	ChosSimbaOne: or in Openstack you can deactivate port_security. This article explain how to it https://superuser.openstack.org/articles/managing-port-level-security-openstack/	08:21
*** markvoelker has joined #openstack-ansible		08:22
ChosSimbaOne	I am not running this within openstack. I have a physical host which runs kvm, on this i have 1 deploy 3 infrastructure 2 compute and 1 syslog running as kvm's. These are attached to an OpenVswitch.	08:24
ChosSimbaOne	So i have tried to make a small "data center" within the host to test run OSA.	08:25
*** pcaruana has quit IRC		08:27
*** markvoelker has quit IRC		08:27
jrosser	ChosSimbaOne: this sort of thing does come up quite a bit when people try to use vmware in particular	08:28
ChosSimbaOne	but i guess it would be a good place to start figureing out why the two containers cannot ping eachother.	08:28
jrosser	the environment has to be set up so that the virtual switch, whatever it is, allows traffic that is not from the mac/ip of the host, but all the containers as well	08:29
jrosser	so i would expect that you need to make a similar config on your OVS that networks your KVM VM together	08:29
ChosSimbaOne	hmm, yeah i guess physical hw would be better, but the turn arround time on reinstalling when things go south is a bit high for us right now.	08:30
jrosser	you could just attach the KVM VM to linuxbridges, that works	08:30
*** oligau has joined #openstack-ansible		08:30
miloa	ChosSimbaOne: can the hosts themselves ping each other throught the br-mgmt ? ping -I br-mgmt ...	08:30
jrosser	we actually have tooling that stands up exactly this kind of environment here https://github.com/openstack/openstack-ansible-ops/tree/master/multi-node-aio	08:31
ohwhyosa	Hey guys! Does the public, default network in openstack need to be in a particular range? I routed it with an internal net (pretty random ip, though), and I can ping the router from the machine but i can't ping google from neither the VM nor from the host in the qrouter or qdhcp ip netns	08:35
noonedeadpunk	mornings:)	08:35
jrosser	hi noonedeadpunk	08:36
ChosSimbaOne	jrosser: Okay I will try the bridge solution. So my though by doing it this way, was that it would be closer to a real world senario, where I can use the playbook to integrate with SAML2 federation, ceph, ACI.	08:36
ohwhyosa	supp	08:36
jrosser	ChosSimbaOne: the multi-node-aio in the ops repo sets up a suitable KVM environment then runs the OSA plays against it	08:36
jrosser	it's exactly what you're trying to do i think	08:36
ChosSimbaOne	miloa: yeah from OS-IF01 i can ping OS-IF02 03, os-comp01 os-comp02 and syslog.	08:37
ohwhyosa	Also, if I want to add say, magnum, post AIO deployed, do i have to do the cp etc/openstack-deploy/conf.d ... and then setup everything?	08:37
ChosSimbaOne	jrosser: I think you are right, will have a loog at th AIO.	08:38
ChosSimbaOne	look*	08:40
*** pcaruana has joined #openstack-ansible		08:45
*** arxcruz is now known as arxcruz\|brb		08:47
ChosSimbaOne	jrosser: so the deploy-osa.yml will run setup-{host,infrastructure,openstack} which checks for configuration in user_variable and openstack_user_config and various overrides aswell?	08:50
ChosSimbaOne	for the multi-aio playbooks.	08:51
jrosser	ChosSimbaOne: it's beena while since i used the MNAIO, but i think it creates user config and use variables to some degree	08:51
jrosser	and then runs the usual playbooks	08:51
ChosSimbaOne	okay, thank you for the input. Will see if I can have it working with linux bridges instead.	08:52
*** markvoelker has joined #openstack-ansible		08:53
*** markvoelker has quit IRC		08:58
openstackgerrit	Dirk Mueller proposed openstack/openstack-ansible-galera_client master: Fix galera_client installation for openSUSE Leap 15.1 https://review.opendev.org/666249	09:07
openstackgerrit	Dirk Mueller proposed openstack/openstack-ansible-os_nova master: Switch to openSUSE Leap 15.1 https://review.opendev.org/666062	09:08
CeeMac	morning	09:08
*** chhagarw has joined #openstack-ansible		09:14
*** luksky has quit IRC		09:24
ohwhyosa	indeed, none of the netns pings google	09:29
*** janno has joined #openstack-ansible		09:29
*** af_tim has joined #openstack-ansible		09:31
*** yolanda has quit IRC		09:41
*** tosky has quit IRC		09:47
ohwhyosa	And should I install ara on a particular virtulenv or should it be available systemwide?	09:47
*** tosky has joined #openstack-ansible		09:48
*** markvoelker has joined #openstack-ansible		09:53
*** ironfoot has left #openstack-ansible		09:56
*** markvoelker has quit IRC		09:58
openstackgerrit	Merged openstack/openstack-ansible stable/queens: Bump SHAs for stable/queens https://review.opendev.org/665544	09:58
*** electrofelix has joined #openstack-ansible		10:03
*** electrofelix has quit IRC		10:03
*** luksky has joined #openstack-ansible		10:07
*** electrofelix has joined #openstack-ansible		10:09
CeeMac	jrosser: do you use project specific provider / external networks?	10:14
jrosser	CeeMac: sort of	10:14
jrosser	i have some provider networks that are private to the admin user, and then shared with specific projects	10:15
jrosser	CeeMac: take a look at this https://docs.openstack.org/neutron/rocky/admin/config-rbac.html	10:17
CeeMac	that rings a bell actually, maybe I've configured this one backwards	10:23
CeeMac	i created at against a user project and set it to not shared, but its still visible across projects	10:23
*** dave-mccowan has joined #openstack-ansible		10:31
CeeMac	jrosser: and you use these as external networks that can have a router attached?	10:38
CeeMac	nvm	10:39
jrosser	in my use case they are for projects to connect VM directly to, but i don't see why they shouldnt have a router	10:39
* CeeMac scrolled down		10:39
CeeMac	jrosser: got it working, i'd seen how to do it a while back just completely forgot and went with the quick/stupid option of creating it as admin not sharead external, which apparently makes it global	10:47
jrosser	excellent	10:47
CeeMac	ive re-created it and used rbac to change it to shared and external for 1 project, its now invisible to the other ones :D	10:47
CeeMac	jrosser: thanks, I was in a pickle there!	10:47
CeeMac	i'm a bit frustrated i couldn't get fwaas working properly :(	10:48
jrosser	CeeMac: i'd be interested to see if you can maintain the separation of networks that all come to the network node	10:48
CeeMac	on the other hand, first customer online today	10:48
CeeMac	jrosser: how do you mean?	10:48
CeeMac	at what level?	10:48
jrosser	i.e can you guarantee that the project specific network you've just made can't talk to anything else	10:49
CeeMac	oh, i see	10:49
jrosser	no accidental routing introduced	10:49
*** chhagarw has quit IRC		10:50
*** markvoelker has joined #openstack-ansible		10:54
ohwhyosa	Should the demo project public network be able to reach google?	10:57
noonedeadpunk	jrosser: can you take a look at https://review.opendev.org/#/c/666174/ ?	10:58
noonedeadpunk	oh, sorry, missed that you already set +2	10:58
*** markvoelker has quit IRC		10:59
*** kplant has joined #openstack-ansible		11:08
*** yolanda has joined #openstack-ansible		11:17
*** rgogunskiy has joined #openstack-ansible		11:21
openstackgerrit	Dirk Mueller proposed openstack/openstack-ansible-galera_client master: Fix galera_client installation for openSUSE Leap 15.1 https://review.opendev.org/666249	11:24
dirk	can we get https://review.opendev.org/#/c/657233/ reviewed+merged? it is such a trivial patch it literally hurts to have it idling around for over a month	11:26
*** ansmith has quit IRC		11:37
mnaser	hi everyone	11:41
jrosser	o/ hello	11:47
jrosser	mnaser: you got a minute?	11:47
*** udesale has quit IRC		11:53
*** arxcruz\|brb is now known as arxcruz		11:53
*** udesale has joined #openstack-ansible		11:53
*** markvoelker has joined #openstack-ansible		11:55
*** markvoelker has quit IRC		12:00
mnaser	jrosser: sure	12:03
jrosser	mnaser: what do you make of this? https://github.com/openstack/openstack-ansible-os_keystone/blob/master/tasks/keystone_pre_install.yml#L77-L86	12:04
mnaser	Oh boy	12:05
mnaser	A bad idea	12:05
jrosser	as i see it that nukes the /etc/keystone/* directory (including your fernet keys!) each time the playbook is run? or do i miss something?	12:05
noonedeadpunk	I think it's related to smart sources	12:05
jrosser	this feels like the root cause of my tokens all getting invalidated yesterday	12:05
mnaser	I think it might be trying to convert it into a symlink	12:05
noonedeadpunk	and /etc/keystone is supposed to be a symlink	12:05
mnaser	Which I dunno if I think a symlink is a good idea for that but..	12:06
jrosser	i have the ansible log from my R->S upgrade and it nuked the whole dir	12:06
jrosser	and then set things up again as if it were a fresh install	12:06
noonedeadpunk	oh, yeah, that's the case as in R it's a directory....	12:06
noonedeadpunk	we probably should somehow cover this in upgrade script....	12:07
jrosser	it wouldnt otherwise matter expect for this https://github.com/openstack/openstack-ansible-os_keystone/blob/master/defaults/main.yml#L73-L86	12:07
noonedeadpunk	in S it's ok as well I think	12:08
mnaser	I felt like the smart sources thing was a very complicated set of steps	12:09
noonedeadpunk	but upgrade makes inpleasant things....	12:09
jrosser	is it right that we're keeping those tokens in /etc at all	12:09
noonedeadpunk	they're not kept in etc, since /etc/keystone/ is a symlink to /opt	12:09
noonedeadpunk	* somewhere to opt	12:10
jrosser	oh crap well thats even worse :)	12:10
jrosser	becasue the keys are now in the venv?	12:10
noonedeadpunk	I think they are	12:11
jrosser	so you are guaranteed to lose them across an upgrade	12:11
jrosser	major or minor	12:11
noonedeadpunk	not 100% sure about minor ones... There was some trick, but can instantly recall...	12:12
noonedeadpunk	Probably we should ask cloudnull?:)	12:12
openstackgerrit	Dirk Mueller proposed openstack/openstack-ansible-galera_server master: Fix galera_server installation for openSUSE Leap 15.1 https://review.opendev.org/666272	12:12
cloudnull	o/	12:12
openstackgerrit	Dirk Mueller proposed openstack/openstack-ansible-os_nova master: Switch to openSUSE Leap 15.1 https://review.opendev.org/666062	12:12
* cloudnull reading back		12:12
noonedeadpunk	s/can/can't/	12:13
cloudnull	yes, most if not all, of the openstack services etc directories are linked to the venv in /openstack/venvs/$NAME/etc/...	12:14
*** mgariepy has joined #openstack-ansible		12:15
noonedeadpunk	so we're really rotating fernet keys during every minor upgrade...	12:15
cloudnull	in the case of keystone that would mean the keys would be forced to be regenerated on upgrade.	12:15
jrosser	right, but the issue i think i have is that the rotation is not "clean"	12:15
mnaser	Yeah that's not a rotation that's a full reinitialization in this case	12:16
jrosser	so i was left with ec2 tokens that couldnt be decrypted	12:16
mnaser	The old keys are gone so all tokens fail and even worse the credential keys disappear too	12:16
mnaser	Yesh that's the much worse case	12:16
jrosser	and this causes a huge stacktrace from keystone when you try to use them	12:16
cloudnull	keystone could use a more statically defined location so that keys always remain	12:16
mnaser	i think keystone and ever distro kinda relies on /etc/keystone/{fernet,credential}-keys pretty much	12:17
mnaser	so we'd probably the anti pattern	12:18
*** chhagarw has joined #openstack-ansible		12:18
cloudnull	the config in the venv was to allow for rollback with versioned config and packaging config for folks who are producing their own venvs. sadly it sounds like that is creating issues with fernet keys :(	12:19
jrosser	i guess the issue is that the keys require a lifecycle that isnt linked to the lifecycle of the venvs	12:20
*** udesale has quit IRC		12:20
cloudnull	+1	12:21
mnaser	well if you think about it, if you're making a config change and running it with the same osa, the 'old' copy will still exist	12:21
mnaser	err, will not exist	12:21
*** udesale has joined #openstack-ansible		12:21
mnaser	because the venv name will be the same	12:21
mnaser	if you are covering a minor/major upgrade case, then you'll likely have to change your OSA version again and rerun it anyways to get it to point towards the existing venv	12:21
cloudnull	yes, it will only be replaced on upgrade (both major and minor)	12:21
mnaser	(or the older one in this case)	12:22
mnaser	and if you're rerunning the deploy anyways, it will probably generate the same configs, implying you weren't doing a lot of other changes i guess	12:22
mnaser	and even if the smart sources are there, it will overwrite them with the changes you had done at the time	12:22
jrosser	so my specific 'bug' is around the R->S transition to smart sources	12:25
mnaser	and it also means that every keystone deploy brekas all users/services	12:25
*** udesale has quit IRC		12:25
jrosser	but then there is a different issue for smart sources becasue it now discards the keys all the time	12:25
*** udesale has joined #openstack-ansible		12:25
trident	If I have a variable in user_variables.yml that I want to be default and then want to override it for a couple of compute nodes, what is the recommended way of doing that? Is it expected that the variable in user_variables.yml will take precedent before a variable in the host_vars or container_vars sections of a few hosts in openstack_user_config.yml?	12:28
trident	Seems to be the same thing with variables in host_vars/<hostname>.yml files....	12:29
trident	I would very much prefer not having to completely remove the variable from user_variables.yml and add to all hosts in openstack_user_config.yml...	12:30
jrosser	trident: user_*.yml is the highest priority and will override everything	12:31
*** mmercer has quit IRC		12:31
noonedeadpunk	trident: you may also use ternary filter, like "{{ (inventory_hostname in groups['compute_hosts']) \| ternary('one', 'two') }}"	12:31
jrosser	in this case i would suggest you put your setting into a group_var for all the compute nodes	12:31
jrosser	and then override specifically via host vars as you need	12:31
jrosser	^ or do that :)	12:31
noonedeadpunk	^ good idea	12:31
trident	Ah, ok, that makes sense. Thanks!	12:32
jrosser	just pick the right group_vars file to make sure the original variable from user_variables targets everything you need, be that all, or all computes, or whatever	12:33
jrosser	mnaser cloudnull bug for R->S upgrade https://bugs.launchpad.net/openstack-ansible/+bug/1833414	12:44
openstack	Launchpad bug 1833414 in openstack-ansible "Fernet keys are lost during Rocky->Stein upgrade" [Undecided,New]	12:44
*** rgogunskiy has quit IRC		12:49
*** ansmith has joined #openstack-ansible		12:53
*** rgogunskiy has joined #openstack-ansible		12:55
*** markvoelker has joined #openstack-ansible		12:56
*** markvoelker has quit IRC		13:00
*** rgogunskiy has quit IRC		13:03
ChosSimbaOne	Hi. so now i can ping from galera container to galera container, with bridges.	13:03
ChosSimbaOne	ahh thought i had uncommented the part about galera cluster name in user_variable.yml, but aparently not. Will re run and see if the naming isue disapears :-)	13:06
*** miloa has quit IRC		13:08
*** yolanda has quit IRC		13:13
*** yolanda has joined #openstack-ansible		13:17
*** schwicht has joined #openstack-ansible		13:25
*** BjoernT has joined #openstack-ansible		13:44
*** fresta has joined #openstack-ansible		13:46
*** joshualyle has quit IRC		13:49
*** markvoelker has joined #openstack-ansible		13:57
*** markvoelker has quit IRC		14:01
*** BjoernT_ has joined #openstack-ansible		14:01
*** BjoernT has quit IRC		14:03
openstackgerrit	Dirk Mueller proposed openstack/openstack-ansible-os_placement master: Fix aio_distro_metal jobs for openSUSE https://review.opendev.org/666298	14:04
openstackgerrit	Dirk Mueller proposed openstack/openstack-ansible-os_nova master: Switch to openSUSE Leap 15.1 https://review.opendev.org/666062	14:04
openstackgerrit	Dirk Mueller proposed openstack/openstack-ansible-galera_client master: Fix galera_client installation for openSUSE Leap 15.1 https://review.opendev.org/666249	14:14
*** nurdie has joined #openstack-ansible		14:21
*** nurdie_ has joined #openstack-ansible		14:22
*** ivve has quit IRC		14:23
*** sreejithp has joined #openstack-ansible		14:25
*** nurdie has quit IRC		14:25
openstackgerrit	Merged openstack/openstack-ansible-galera_client master: Replace git.openstack.org URLs with opendev.org URLs https://review.opendev.org/657233	14:38
*** miloa has joined #openstack-ansible		14:44
*** miloa has quit IRC		14:46
*** luksky has quit IRC		14:50
*** nurdie_ has quit IRC		14:50
*** markvoelker has joined #openstack-ansible		14:58
*** markvoelker has quit IRC		15:02
*** Original_ElGuapo has joined #openstack-ansible		15:08
*** cshen has quit IRC		15:18
*** gkadam has quit IRC		15:19
*** gyee has joined #openstack-ansible		15:32
noonedeadpunk	folks, can we get +w for https://review.opendev.org/#/c/666174/ ?	15:36
mnaser	noonedeadpunk: you should be able to workflow it	15:39
noonedeadpunk	hm, I thought, that once second +2 without +w, patch is waiting for another core ?	15:40
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_cloudkitty master: Sync Sphinx requirement https://review.opendev.org/666321	15:41
noonedeadpunk	or I'm not right with that?	15:42
jrosser	noonedeadpunk: done - looks like i didnt hit enough buttons earlier	15:42
noonedeadpunk	jrosser: thanks)	15:43
mnaser	noonedeadpunk: if someone put a +2 after you, it's okay to do a +w at that point	15:44
noonedeadpunk	ok, thanks for explantion	15:46
noonedeadpunk	btw, mnaser, what do you think regarding https://review.opendev.org/#/q/topic:osa/service-refactor ?	15:48
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_nova master: tess https://review.opendev.org/666323	15:52
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-haproxy_server master: Sync Sphinx requirement https://review.opendev.org/666325	15:53
*** markvoelker has joined #openstack-ansible		15:58
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-nspawn_container_create master: Sync Sphinx requirement https://review.opendev.org/666326	15:59
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-ceph_client master: Sync Sphinx requirement https://review.opendev.org/666327	15:59
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-lxc_hosts master: Sync Sphinx requirement https://review.opendev.org/666328	15:59
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-apt_package_pinning master: Sync Sphinx requirement https://review.opendev.org/666329	15:59
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-lxc_container_create master: Sync Sphinx requirement https://review.opendev.org/666330	15:59
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_barbican master: Sync Sphinx requirement https://review.opendev.org/666331	15:59
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-galera_server master: Sync Sphinx requirement https://review.opendev.org/666332	15:59
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-memcached_server master: Sync Sphinx requirement https://review.opendev.org/666333	15:59
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-nspawn_hosts master: Sync Sphinx requirement https://review.opendev.org/666334	15:59
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-openstack_hosts master: Sync Sphinx requirement https://review.opendev.org/666335	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-openstack_openrc master: Sync Sphinx requirement https://review.opendev.org/666336	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-galera_client master: Sync Sphinx requirement https://review.opendev.org/666337	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_aodh master: Sync Sphinx requirement https://review.opendev.org/666338	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible master: Sync Sphinx requirement https://review.opendev.org/666339	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_blazar master: Sync Sphinx requirement https://review.opendev.org/666340	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_cinder master: Sync Sphinx requirement https://review.opendev.org/666341	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_designate master: Sync Sphinx requirement https://review.opendev.org/666342	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-ops master: Sync Sphinx requirement https://review.opendev.org/666343	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_ceilometer master: Sync Sphinx requirement https://review.opendev.org/666344	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_heat master: Sync Sphinx requirement https://review.opendev.org/666345	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_horizon master: Sync Sphinx requirement https://review.opendev.org/666346	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_ironic master: Sync Sphinx requirement https://review.opendev.org/666347	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_cloudkitty master: Sync Sphinx requirement https://review.opendev.org/666348	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_gnocchi master: Sync Sphinx requirement https://review.opendev.org/666349	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_congress master: Sync Sphinx requirement https://review.opendev.org/666350	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_magnum master: Sync Sphinx requirement https://review.opendev.org/666351	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_manila master: Sync Sphinx requirement https://review.opendev.org/666352	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_masakari master: Sync Sphinx requirement https://review.opendev.org/666353	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_glance master: Sync Sphinx requirement https://review.opendev.org/666355	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_neutron master: Sync Sphinx requirement https://review.opendev.org/666356	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_keystone master: Sync Sphinx requirement https://review.opendev.org/666357	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_panko master: Sync Sphinx requirement https://review.opendev.org/666358	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_octavia master: Sync Sphinx requirement https://review.opendev.org/666359	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_placement master: Sync Sphinx requirement https://review.opendev.org/666360	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_sahara master: Sync Sphinx requirement https://review.opendev.org/666361	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_swift master: Sync Sphinx requirement https://review.opendev.org/666362	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_rally master: Sync Sphinx requirement https://review.opendev.org/666363	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_trove master: Sync Sphinx requirement https://review.opendev.org/666364	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_tempest master: Sync Sphinx requirement https://review.opendev.org/666365	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-os_zun master: Sync Sphinx requirement https://review.opendev.org/666366	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-pip_install master: Sync Sphinx requirement https://review.opendev.org/666367	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-repo_server master: Sync Sphinx requirement https://review.opendev.org/666368	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-rabbitmq_server master: Sync Sphinx requirement https://review.opendev.org/666369	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-repo_build master: Sync Sphinx requirement https://review.opendev.org/666370	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-rsyslog_client master: Sync Sphinx requirement https://review.opendev.org/666371	16:00
openstackgerrit	zhulingjie proposed openstack/openstack-ansible-tests master: Sync Sphinx requirement https://review.opendev.org/666372	16:00
*** markvoelker has quit IRC		16:03
*** udesale has quit IRC		16:12
logan-	what should we do with the smart sources stuff? it seems like versioning the configs inside the venv is pretty unnecessary since the configs are inherently versioned by the OSA tag being deployed. so the deployment host is a centralized, versioned config source. there's no need to have multiple versions of these things on the deploy targets	16:13
logan-	and jrosser yes great find, wiping fernet is bad but wiping credentials keys is a huge problem. at least they're not "wiped" but that is terrifyingly close to it :/	16:14
jrosser	logan-: well R->S upgrade you lose everything	16:14
logan-	oh gotcha	16:15
jrosser	becasue it goes from real directory to synlink-to-venv at that point	16:15
logan-	yup	16:15
logan-	yikes	16:15
logan-	that is absolutely a release blocker imo. we should not release stein until that is resolved	16:16
jrosser	i'm not sure how yet how to expunge all the existing but now non-deryptable tokens i have	16:16
jrosser	becasue keystone blows up if you try to use them	16:16
logan-	yep	16:16
logan-	we used to have a bug where it did this if you rebuilt your keystone[0] container	16:16
jrosser	i think i found your bug on LP about that	16:16
logan-	afaik you just have to throw away all of your credential keys in the DB and start over	16:16
jrosser	if you have any thoughts on a good mechanism for the R->S upgrade then pitch in on that bug i made	16:18
*** spsurya has quit IRC		16:18
logan-	i wouldn't be opposed to reverting smart sources	16:18
logan-	but that is going to be a mess too i guess	16:18
jrosser	also i think subsequent runs of the keystone playbook might do bad things too	16:18
jrosser	but i've not had a change to test that out	16:18
jrosser	*chance	16:18
jrosser	perhaps for keystone we adjust the way the smart-sources is setup to keep /etc/keystone elsewhere on the host rather than in the venv	16:20
*** chandankumar is now known as raukadah		16:21
logan-	maybe even /etc/keystone ;)	16:21
jrosser	oh well isnt there some funny business with distro installs putting stuff there	16:22
logan-	yeah I wonder how that works with smart sources? do we only use the smart sources stuff in source installs?	16:22
logan-	(i guess we must since there would be no venvs in a distro install)	16:22
logan-	a couple tasks to migrate back out of smart sources is probably not too difficult actually if we decide to revert, since we have the current deployed tag in local facts etc.	16:27
logan-	check if /etc/service is a link to /openstack/venvs/; delete it if it is; create a directory; copy /openstack/venvs/<service>-<venv tag>/etc/whatever to /etc/service, and just do that at the beginning of the role	16:29
logan-	that way ppl who have stein deployed will go back to the normal way of doing things, and upgrading from rocky will not be an issue	16:30
jrosser	yeah, and simulaneously back out the part which creates the symlink to the venv	16:31
*** kopecmartin is now known as kopecmartin\|off		16:31
jrosser	we already get the state of /etc/keystone here anyway https://github.com/openstack/openstack-ansible-os_keystone/blob/master/tasks/keystone_pre_install.yml#L70	16:32
logan-	yep	16:33
*** rgogunskiy has joined #openstack-ansible		16:34
jrosser	so i'd say fiddle with this a bit to make it always a dir https://github.com/openstack/openstack-ansible-os_keystone/blob/master/tasks/keystone_pre_install.yml#L114-L117	16:35
jrosser	and then add a conditional task right at the end of that file which copies anything that might exist in the venv /etc/keystone	16:36
jrosser	then it should do the right thing for new installs, and rescue existing ones	16:36
jrosser	only tricky thing is you wouldnt necessarily have the path to the old venv	16:37
jrosser	ah yes you would, keystone_conf_dir_stat.lnk_target	16:38
*** rgogunskiy has quit IRC		16:38
logan-	ahh yep	16:38
*** aludwar has joined #openstack-ansible		16:43
*** sreejithp has quit IRC		16:43
*** sreejithp has joined #openstack-ansible		16:44
*** tosky has quit IRC		16:47
*** weifan has joined #openstack-ansible		16:49
*** markvoelker has joined #openstack-ansible		16:59
*** trident has quit IRC		17:02
*** markvoelker has quit IRC		17:04
*** trident has joined #openstack-ansible		17:04
*** tuxjohnson has joined #openstack-ansible		17:14
*** tuxjohnson has left #openstack-ansible		17:16
*** goldenfri has quit IRC		17:32
*** mmercer has joined #openstack-ansible		17:45
NobodyCam	Good Morning OSA folks, I made a manual change to my glance lxc containers mount points, is there a way for me to record this in the config	17:51
jrosser	NobodyCam: maybe this https://github.com/openstack/openstack-ansible-lxc_container_create/blob/master/defaults/main.yml#L46 ?	17:54
NobodyCam	ahh :) Thank you, looks like I can set that in cond.d/glance.yml?	17:59
*** markvoelker has joined #openstack-ansible		18:00
jrosser	I’d put it in group_vars/something.... because it’s more ansible-ey	18:04
*** markvoelker has quit IRC		18:05
*** electrofelix has quit IRC		18:08
*** pcaruana has quit IRC		18:11
*** sreejithp has quit IRC		18:16
*** sreejithp has joined #openstack-ansible		18:16
*** cshen has joined #openstack-ansible		18:23
*** luksky has joined #openstack-ansible		18:30
NobodyCam	ahh	18:31
*** BjoernT has joined #openstack-ansible		18:32
*** BjoernT_ has quit IRC		18:34
*** cshen has quit IRC		18:50
*** ivve has joined #openstack-ansible		18:50
*** chhagarw has quit IRC		18:50
*** BjoernT_ has joined #openstack-ansible		18:51
*** BjoernT has quit IRC		18:52
*** markvoelker has joined #openstack-ansible		19:01
openstackgerrit	Dmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible master: Remove credential sharing with nova https://review.opendev.org/658178	19:08
*** ivve has quit IRC		19:16
*** markvoelker has quit IRC		19:20
openstackgerrit	Merged openstack/openstack-ansible-os_manila master: Updated from OpenStack Ansible Tests https://review.opendev.org/666111	19:27
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Fix loss of fernet tokens on Rocky to Stein upgrade for source installs https://review.opendev.org/666428	19:44
jrosser	mnaser: logan- i hacked that together for this keystone token stuff ^	19:44
jrosser	it's totally untested but its getting late here so if you are able to nurse/fix that as needed it would be very helpful	19:44
*** kplant has quit IRC		19:47
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Fix loss of fernet tokens on Rocky to Stein upgrade for source installs https://review.opendev.org/666428	19:47
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Fix loss of fernet tokens on Rocky to Stein upgrade for source installs https://review.opendev.org/666428	19:51
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Fix loss of fernet tokens on Rocky to Stein upgrade for source installs https://review.opendev.org/666428	20:02
*** hamzaachi has joined #openstack-ansible		20:03
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Fix loss of fernet keys on Rocky to Stein upgrade for source installs https://review.opendev.org/666428	20:07
*** schwicht has quit IRC		20:08
*** hwoarang has quit IRC		20:16
*** markvoelker has joined #openstack-ansible		20:17
*** hwoarang has joined #openstack-ansible		20:17
*** hamzaachi has quit IRC		20:20
*** hamzaachi has joined #openstack-ansible		20:21
*** schwicht has joined #openstack-ansible		20:30
*** markvoelker has quit IRC		20:36
*** schwicht has quit IRC		20:46
openstackgerrit	Merged openstack/openstack-ansible-os_ironic master: Updated from OpenStack Ansible Tests https://review.opendev.org/666109	20:51
*** dirk has quit IRC		20:55
openstackgerrit	Merged openstack/openstack-ansible-os_blazar master: Updated from OpenStack Ansible Tests https://review.opendev.org/666101	20:57
*** sreejithp has quit IRC		21:02
*** sreejithp_ has joined #openstack-ansible		21:03
*** hamzaachi has quit IRC		21:05
*** ansmith has quit IRC		21:05
*** schwicht has joined #openstack-ansible		21:08
openstackgerrit	Merged openstack/openstack-ansible-os_aodh master: Updated from OpenStack Ansible Tests https://review.opendev.org/664713	21:09
openstackgerrit	Merged openstack/openstack-ansible-os_masakari master: Updated from OpenStack Ansible Tests https://review.opendev.org/666112	21:13
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Fix loss of fernet keys on Rocky to Stein upgrade for source installs https://review.opendev.org/666428	21:14
*** kplant has joined #openstack-ansible		21:18
*** hamzaachi has joined #openstack-ansible		21:20
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Fix loss of fernet keys on Rocky to Stein upgrade for source installs https://review.opendev.org/666428	21:32
*** markvoelker has joined #openstack-ansible		21:33
*** BjoernT_ has quit IRC		21:49
CeeMac	Can an aio be configured for ovs instead of lxb?	21:52
*** markvoelker has quit IRC		21:53
openstackgerrit	Merged openstack/openstack-ansible-os_mistral master: Updated from OpenStack Ansible Tests https://review.opendev.org/666113	21:54
*** mkuf has quit IRC		22:01
*** mkuf has joined #openstack-ansible		22:02
openstackgerrit	Jimmy McCrory proposed openstack/openstack-ansible-os_neutron master: Install python-systemd package for journal logging https://review.opendev.org/666458	22:15
*** zbr\|ruck has quit IRC		22:17
*** hamzaachi has quit IRC		22:30
*** sreejithp_ has quit IRC		22:31
*** luksky has quit IRC		22:39
*** ansmith has joined #openstack-ansible		22:47
*** markvoelker has joined #openstack-ansible		22:50
*** markvoelker has quit IRC		23:05
*** dmsimard0 has joined #openstack-ansible		23:08
*** dmsimard has quit IRC		23:08
openstackgerrit	Jimmy McCrory proposed openstack/openstack-ansible-os_nova master: Only clone console repos on source based installs https://review.opendev.org/666463	23:32

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!