Tuesday, 2020-01-14

« Monday, 2020-01-13 Index Wednesday, 2020-01-15 »
*** sshnaidm has quit IRC00:06
*** sshnaidm has joined #openstack-ansible00:07
*** ahosam has quit IRC00:08
*** ianychoi_ has joined #openstack-ansible00:09
*** ianychoi has quit IRC00:11
*** macz has quit IRC00:17
*** DanyC has quit IRC00:21
*** schwicht has quit IRC00:26
openstackgerritMohammed Naser proposed openstack/openstack-ansible-os_neutron master: Update vpnaas rootwrap filters  https://review.opendev.org/70231100:36
openstackgerritMohammed Naser proposed openstack/openstack-ansible-os_neutron stable/train: Update vpnaas rootwrap filters  https://review.opendev.org/70231200:37
openstackgerritMohammed Naser proposed openstack/openstack-ansible-os_neutron stable/stein: Update vpnaas rootwrap filters  https://review.opendev.org/70231300:38
openstackgerritMohammed Naser proposed openstack/openstack-ansible-os_neutron stable/rocky: Update vpnaas rootwrap filters  https://review.opendev.org/70231400:39
*** nicolasbock has quit IRC01:18
*** gyee has quit IRC01:34
*** schwicht has joined #openstack-ansible03:47
*** macz has joined #openstack-ansible03:56
*** udesale has joined #openstack-ansible04:21
*** jhesketh has quit IRC04:23
*** jhesketh has joined #openstack-ansible04:24
*** macz has quit IRC05:06
*** macz has joined #openstack-ansible05:07
*** evrardjp has quit IRC05:33
*** evrardjp has joined #openstack-ansible05:34
*** schwicht has quit IRC05:52
*** macz has quit IRC06:06
*** pcaruana has quit IRC06:17
*** elenalindq has joined #openstack-ansible06:34
*** hamzy has quit IRC06:49
*** hamzy has joined #openstack-ansible06:50
*** rgogunskiy has joined #openstack-ansible07:39
*** cshen has joined #openstack-ansible07:40
*** tosky has joined #openstack-ansible08:08
*** zbr|rover has quit IRC08:14
*** zbr has joined #openstack-ansible08:16
*** shyamb has joined #openstack-ansible08:20
*** DanyC has joined #openstack-ansible08:53
*** pcaruana has joined #openstack-ansible08:56
*** shyamb has quit IRC09:02
*** shyamb has joined #openstack-ansible09:04
*** rpittau|afk is now known as rpittau09:16
*** shyamb has quit IRC09:46
*** ygk_12345 has joined #openstack-ansible10:23
*** pcaruana has quit IRC10:23
*** CeeMac has joined #openstack-ansible10:30
CeeMacmorning10:31
ygk_12345can anyonen tell me how to bypass the default repo container for installing  packages thru apt in the OSA ?10:31
ygk_12345i am trying to install mysqldb library for python in the utility contianer but its not installing it saying appropriate version not found10:32
ygk_12345pip -vvv  install MySQL-python10:32
ygk_12345could not find a version that satisfies the requirement MySQL-python (from versions: )10:33
ygk_12345Could not fetch URL http://example.com:8181/simple/mysql-python/: 404 Client Error: Not Found for url: http://example.com:8181/simple/mysql-python/ - skipping10:33
*** yolanda has joined #openstack-ansible10:37
ygk_12345can anyone let me know if the mysql-python pkg is already installed in OSA ?10:49
ygk_12345i dont find it10:50
*** shyamb has joined #openstack-ansible10:53
*** pcaruana has joined #openstack-ansible11:02
*** rpittau is now known as rpittau|bbl11:11
noonedeadpunkygk_12345: do you mean distro install or source one? I think it might be placed inside virtualenvs for packages that do require it11:15
noonedeadpunkfor distro install I'm not really sure - worth checking11:16
ygk_12345noonedeadpunk i am able to install the pkg now. Thanks to CeeMac. However when I try connecting to it through the python, it is refusing the connection, but when I just say mysql at the command prompt of util container, it is logging in11:17
ygk_12345donno why ?11:17
ygk_12345how to connect using the python connector ?11:17
ygk_12345i am trying the python stuff from the util contianer itself11:18
noonedeadpunkso mysql command is provided by mysql_client distro package11:18
ygk_12345yes11:18
noonedeadpunkBut this package do not provide any python library - if you need one, it should be installed independently.11:19
ygk_12345db = MySQLdb.connect("localhost","root","heat" ) is failing11:19
ygk_12345import MySQLdb is successful11:20
noonedeadpunkYou can either create a separate virtualenv for your application (which is probably the safest recommended option), try to use utility virtualenv, or install package for system python11:20
ygk_12345i have already installed the pkg11:20
ygk_12345now the connection is the problem11:20
noonedeadpunkI think you shoulkd connect not to localhost but to external vip11:20
ygk_12345ok let me try11:20
noonedeadpunk*internal11:20
ygk_12345ok11:21
ygk_12345>>> db = MySQLdb.connect("172.29.236.9","root","heat")11:22
ygk_12345mysql_exceptions.OperationalError: (1045, "Access denied for user 'root'@'example.cloud' (using password: YES)")11:22
ygk_12345but from command prompt just a 'mysql' is working and logging me in11:23
noonedeadpunkso .my.cnf file should be placed in /root which provides login credentials11:23
ygk_12345it is in the root already11:24
ygk_12345how do I use it in the MySQLdb.connect ?11:24
noonedeadpunkyou can just use the same credentials provided there (or you may try to parse it with configparser)11:25
ygk_12345ahh it worked now11:26
ygk_12345thanks11:26
*** udesale has quit IRC11:28
*** shyam89 has joined #openstack-ansible11:29
*** shyam89 has quit IRC11:30
*** shyam89 has joined #openstack-ansible11:30
*** shyamb has quit IRC11:32
*** shyam89 has quit IRC12:08
*** DanyC has quit IRC12:20
*** DanyC has joined #openstack-ansible12:29
*** ygk_12345 has left #openstack-ansible12:37
*** ansmith has quit IRC12:42
*** DanyC_ has joined #openstack-ansible12:59
*** DanyC__ has joined #openstack-ansible13:01
*** DanyC has quit IRC13:02
*** DanyC_ has quit IRC13:05
openstackgerritMerged openstack/openstack-ansible-os_neutron master: Update vpnaas rootwrap filters  https://review.opendev.org/70231113:15
openstackgerritMerged openstack/openstack-ansible-os_tempest stable/stein: Fix stackwiz venv pip install args  https://review.opendev.org/70081713:15
*** schwicht has joined #openstack-ansible13:22
*** rpittau|bbl is now known as rpittau13:26
*** ansmith has joined #openstack-ansible13:28
*** schwicht has quit IRC13:29
*** schwicht has joined #openstack-ansible13:30
*** shyamb has joined #openstack-ansible13:37
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible master: [WIP] ceph-mds setup  https://review.opendev.org/70242413:42
*** DanyC has joined #openstack-ansible13:53
*** schwicht has quit IRC13:54
*** DanyC__ has quit IRC13:55
*** shyamb has quit IRC13:59
*** DanyC has quit IRC14:10
openstackgerritMerged openstack/ansible-role-uwsgi master: Test linters with integrated repo  https://review.opendev.org/67924514:24
*** schwicht has joined #openstack-ansible14:29
*** udesale has joined #openstack-ansible14:30
guilhermespnoonedeadpunk: i guess -w can be removed? https://review.opendev.org/#/c/702135/14:34
noonedeadpunkwhy so? I was thinking about backporting https://review.opendev.org/#/c/702234/ and adding that sha to the bump14:35
guilhermespor we want the rootwrap oh ok, it is not verified yet, i miss that14:36
noonedeadpunkOr we can leave that fix for the next bump....14:36
guilhermesprepheasing: ok, i missed that patch is not verified14:37
noonedeadpunkyeah, I'd bump vpn staff as well, but it's not so critical for ppl14:37
noonedeadpunkas horizon is14:37
*** gokhani has quit IRC14:41
*** sshnaidm is now known as sshnaidm|mtg14:44
*** DanyC has joined #openstack-ansible14:50
*** DanyC has joined #openstack-ansible14:51
*** vesper has quit IRC14:53
*** vesper11 has joined #openstack-ansible14:53
*** DanyC has quit IRC15:10
*** fyx has quit IRC15:13
*** rgogunskiy has quit IRC15:17
*** fyx has joined #openstack-ansible15:17
*** tacco has joined #openstack-ansible15:18
taccohi there.. what is the recomended way of doing a galera cluster backup?15:18
taccoi guess simple mysqldump won't help much.15:18
*** DanyC has joined #openstack-ansible15:26
openstackgerritMerged openstack/openstack-ansible-os_horizon master: Make use of horizon_git_track_branch  https://review.opendev.org/70223415:34
*** udesale_ has joined #openstack-ansible15:34
*** schwicht has quit IRC15:35
*** udesale has quit IRC15:37
*** fyx has quit IRC15:48
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_horizon stable/train: Make use of horizon_git_track_branch  https://review.opendev.org/70246415:50
*** fyx has joined #openstack-ansible15:51
noonedeadpunktacco: actually myslqdump also works :) but ofc it's better to use mariabackup tool https://mariadb.com/kb/en/mariabackup/15:52
*** cshen has quit IRC15:54
noonedeadpunk#startmeeting openstack_ansible_meeting16:02
openstackMeeting started Tue Jan 14 16:02:06 2020 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.16:02
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:02
*** openstack changes topic to " (Meeting topic: openstack_ansible_meeting)"16:02
openstackThe meeting name has been set to 'openstack_ansible_meeting'16:02
noonedeadpunk#topic office hours16:02
*** openstack changes topic to "office hours (Meeting topic: openstack_ansible_meeting)"16:02
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_horizon stable/stein: Make use of horizon_git_track_branch  https://review.opendev.org/70246716:10
*** theintern_ has joined #openstack-ansible16:12
*** arxcruz is now known as arxcruz|off16:13
noonedeadpunkanyone for meeting?16:14
*** elenalindq has quit IRC16:16
*** elenalindq has joined #openstack-ansible16:16
*** dave-mccowan has joined #openstack-ansible16:17
*** rh-jelabarre has joined #openstack-ansible16:17
guilhermespo/16:29
guilhermesplate i guess :P16:29
noonedeadpunknot so much:)16:29
guilhermespso currently we are waiting https://review.opendev.org/#/c/702135/ to release 20.0.0.1?16:30
noonedeadpunkI kinda have the same question regarding backporting py3 centos 7 stuff into train...16:30
noonedeadpunk20.0.116:30
noonedeadpunkYes, I think we should wait for horizon patch to merge, as it's pretty serious bugfix16:31
guilhermespit's  merged https://review.opendev.org/#/c/702234/16:31
guilhermespso we need to backport it to train16:31
noonedeadpunkIt;s already backported https://review.opendev.org/#/c/702464/116:31
guilhermespnohttps://review.opendev.org/#/c/702234/16:31
guilhermespyes16:31
noonedeadpunkalso I was thinking about freezing calico version and setting some tag with manual updates.16:32
*** hamzy has quit IRC16:33
noonedeadpunkAs they are instantly breaking pbr and installation by SHA (or from master) by assigning several tags on the same commit16:33
noonedeadpunkso https://review.opendev.org/#/c/702313/1 is not going to merge because of it16:34
noonedeadpunkOr we can backport setting it to non-voting ofc...16:34
guilhermesphum.. not sure tbh... that's a fix for those who uses vpnaas and as this bug stands for a long time means no one is using vpnaas.16:36
*** dave-mccowan has quit IRC16:36
noonedeadpunkfix for vpnaas, yes, but we do not test vpnaas, but we do test calico driver.16:36
noonedeadpunkhttps://bugs.launchpad.net/networking-calico/+bug/184911016:37
openstackLaunchpad bug 1849110 in networking-calico "Tagging several versions on a single commit breaks installation" [Undecided,New]16:37
*** dave-mccowan has joined #openstack-ansible16:38
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_manila master: Add manila CI  https://review.opendev.org/67593416:41
*** gyee has joined #openstack-ansible16:42
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_manila master: Add manila CI  https://review.opendev.org/67593416:43
*** udesale_ has quit IRC16:43
*** schwicht has joined #openstack-ansible16:46
*** macz has joined #openstack-ansible16:54
*** rpittau is now known as rpittau|afk17:01
jrosseri think thats a good idea about freezing the networking-calico SHA17:06
jrosserbecasue this is happening a lot and they don't actually seem to change the code much, just put on a lot of tags to match the upstream service, i think17:06
noonedeadpunkyeah, this how I feel it as well...17:07
noonedeadpunk#endmeeting17:07
*** openstack changes topic to "Launchpad: https://launchpad.net/openstack-ansible || Weekly Meetings: https://wiki.openstack.org/wiki/Meetings/openstack-ansible || Review Dashboard: http://bit.ly/2xA1eZC"17:07
openstackMeeting ended Tue Jan 14 17:07:56 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)17:07
openstackMinutes:        http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2020/openstack_ansible_meeting.2020-01-14-16.02.html17:07
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2020/openstack_ansible_meeting.2020-01-14-16.02.txt17:08
openstackLog:            http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2020/openstack_ansible_meeting.2020-01-14-16.02.log.html17:08
jrossersorry for lateness btw!17:08
*** ryan3 has joined #openstack-ansible17:09
noonedeadpunkyou actually didn't miss anything :p17:10
ryan3Hey all had a question about how to configure my openstack ansible deploy for stein. I'm using the NFS backend for cinder but I'm noticing that cinder isn't getting the nova configuration which I think I need for getting snapshots to work.17:15
ryan3I'm running qcow2 on NFS.17:15
ryan3Looking for a way to tell the ansible deploy to create a role or user for cinder so it can talk to nova17:17
noonedeadpunkryan3: so cinder has it's own 'cinder' user in keystone with kinda 'admin' privileges (assigned to service project')17:20
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible master: Set fixed version for networking-calico  https://review.opendev.org/70248817:20
ryan3I'm probably missing something but I wasn't able to get a snapshot to process until I manually put https://pastebin.com/X26eX81K in the cinder config.17:22
noonedeadpunkok, you can use config overrides so ansible would place that block of code for you17:23
noonedeadpunkwith cinder_cinder_conf_overrides variable17:24
ryan3I was trying to avoid doing that since I'd have to generate that stanza17:24
ryan3Is there a place in the ansible config I can say cinder gets nova access?  or something17:25
noonedeadpunkYou can use cinder credentials in that section17:25
noonedeadpunkActually, I thought that providing keystone_authtoken should be enough (with setting interface in nova section)17:26
noonedeadpunkeven more - most of these params are not valid for [nova] section accoording to cinder docs17:28
noonedeadpunkIf default do not work for you - you can provide auth_section and set it to keystone_authtoken17:29
noonedeadpunkryan3: have you changed region name to some custom one?17:30
ryan3I have not changed the region17:30
noonedeadpunkJust in paste you have "region_name = region" - that's why I've asked17:31
ryan3ah yeah sorry I guess I didn't need to change that part lol17:31
ryan3so when you say auth_section to keystone_authtoken where is that getting set?17:32
noonedeadpunkAnyway like providing username and password seems not to be supported options for this section according to https://docs.openstack.org/cinder/stein/configuration/block-storage/config-options.html#id717:32
ryan3oh I see it17:33
ryan3yeah looks like my config is just wrong17:33
*** hamzy has joined #openstack-ansible17:33
*** evrardjp has quit IRC17:33
*** evrardjp has joined #openstack-ansible17:34
ryan3ok I think I see what you're saying17:35
ryan3so I use overrides to make the [nova] stanza and set auth-section to keystone_authtoken17:35
ryan3if I'm reading this correctly17:35
ryan3that's all in the cinder.conf17:36
*** elenalindq has quit IRC17:37
noonedeadpunkYep17:44
ryan3https://pastebin.com/RNv3avVY17:44
ryan3so I put that in and restarted cinder17:44
ryan3seem to be back to throwing the original error17:45
noonedeadpunkand how keystone_authtoken section does look like? As it seems nothing to do with nova section....17:46
*** theintern_ has quit IRC17:46
ryan3ah crap yeah I found the problem17:46
ryan3my vip is throwing ssl errors now17:46
ryan3I guess specifying http instead of https was the reason my original config worked17:47
noonedeadpunkYeah, that might be the case17:47
noonedeadpunkso generally you don't need to add anything into nova section17:47
noonedeadpunkfor cinder.conf17:48
noonedeadpunkso you can set backend to http or set "insecure = True" to ignore ssl errors17:48
ryan3Ah ok17:48
*** DanyC_ has joined #openstack-ansible17:50
*** DanyC_ has quit IRC17:50
*** DanyC has quit IRC17:53
*** elenalindq has joined #openstack-ansible17:54
ryan3hey @noonedeadpunk thanks for the help17:55
noonedeadpunkyou're welcome17:55
*** sshnaidm|mtg is now known as sshnaidm|afk18:00
*** elenalindq has quit IRC18:01
*** theintern_ has joined #openstack-ansible18:15
*** ahosam has joined #openstack-ansible18:33
*** theintern_ has quit IRC18:47
*** theintern_ has joined #openstack-ansible18:59
*** pcaruana has quit IRC19:16
*** macz has quit IRC19:50
*** macz has joined #openstack-ansible19:51
*** theintern_ has quit IRC20:05
*** hamzy_ has joined #openstack-ansible20:08
*** hamzy has quit IRC20:11
*** gshippey has quit IRC20:23
*** rgogunskiy has joined #openstack-ansible20:26
*** hamzy__ has joined #openstack-ansible20:43
*** hamzy_ has quit IRC20:46
*** hamzy_ has joined #openstack-ansible20:51
*** hamzy__ has quit IRC20:53
*** rgogunskiy has quit IRC20:54
*** eat_those_lemons has joined #openstack-ansible20:58
*** hamzy__ has joined #openstack-ansible21:02
*** hamzy_ has quit IRC21:04
*** hamzy_ has joined #openstack-ansible21:10
eat_those_lemonscould anyone help me with the `internal_lb_vip_address`? I cant seem to figure out the syntax and am stuck at that particular step of:21:13
eat_those_lemonshttps://docs.openstack.org/project-deploy-guide/openstack-ansible/latest/run-playbooks.html21:13
eat_those_lemons#521:13
*** hamzy__ has quit IRC21:13
eat_those_lemonsopenstack-ansible setup-openstack.yml21:13
openstackgerritMerged openstack/openstack-ansible-os_neutron stable/train: Update vpnaas rootwrap filters  https://review.opendev.org/70231221:16
*** hamzy has joined #openstack-ansible21:22
*** hamzy_ has quit IRC21:23
jrossereat_those_lemons: i have the defined that as internal_lb_vip_address: 10.11.128.3021:24
jrosserwhere thats the ipv4 address i have chosen for the internal VIP in my lab21:24
eat_those_lemonsI have that chosen I thought in the openstack_user_config.yml file however `openstack-ansible setup-openstack.yml` complains that that variable is not set21:26
*** ansmith has quit IRC21:26
eat_those_lemonsusing (can put it in a paste if you want but for just 2 lines seems overkill)21:26
eat_those_lemonsglobal_overrides:21:26
eat_those_lemons    internal_lb_vip_address: 10.0.0.5121:27
eat_those_lemonsalthough that is the actual ip of the machine21:27
*** ryan3 has quit IRC21:27
eat_those_lemonsso assuming I need to setup vlans first? (have only one NIC on each machine so no separate management network (assuming that is what the vip network is the management network))21:27
*** ryan3 has joined #openstack-ansible21:39
*** schwicht has quit IRC21:40
ryan3Is there an configuration setting in openstack-ansible stein to set the deploy to not use TLS on the internal and external vip?21:42
*** hamzy_ has joined #openstack-ansible21:50
ryan3Basically due to limitations with the load balancer I'm using I can't do some of the ports required for TLS termination21:51
eat_those_lemonsjrosser: I am working on setting up the vlans just was trying to get a test setup before hand21:51
eat_those_lemonsryan3: what loadbalancer are you using?21:51
ryan3it's the load balancers provided by gcp21:52
*** hamzy has quit IRC21:53
eat_those_lemonsah I don't know about that one unfortunately21:53
ryan3no worries it's lame21:53
eat_those_lemonsis the issue that your services on the openstack instance don't know how to handle the tls from google cloud platform?21:53
eat_those_lemonsAssuming that google cloud platform requires all communications to be done with tls21:53
ryan3no I can't terminate ssl on port 5000 in their service21:53
eat_those_lemonsah21:54
ryan3they have a list of ports they'll do it on and that's not one21:54
eat_those_lemonswhy are you using port 5000 for tls?21:54
jrossereat_those_lemons: if you have more than one controller then the VIP is not one of the IP you have assigned21:54
jrosserit is another IP entirely that is managed/dynamically assigned with keepalived21:54
ryan3it's the default port for keystone my understanding21:54
ryan3the "public vip"21:54
eat_those_lemonsjrosser: I only have 1 controller21:54
jrosseryou do need to have some kind of mgmt network21:55
eat_those_lemonsso should just be the ip that I statically set with dnsmasq?21:55
eat_those_lemonsie separate management network?21:55
jrosserhave you run an all-in-one?21:56
eat_those_lemonsI have not run an all on one machine I am attempting a multi-node deployment, physical machines for: controller, storage, compute, router21:57
eat_those_lemonstrying to follow this guide21:57
eat_those_lemonshttps://magicalyak.org/openstack-multi-node-with-single-nic/21:57
eat_those_lemonsand the openstack-ansible guide21:57
eat_those_lemonshttps://docs.openstack.org/project-deploy-guide/openstack-ansible/rocky/index.html21:57
ryan3I'm running 5 controllers and keepalive is also not an option since gcp doesn't actually allow any layer 2 control in the vm21:58
eat_those_lemonsdon't have the vlans setup yet though21:58
eat_those_lemonsjust wanted a test setup before the vlans21:58
ryan3which is making this ansible deploy hard since it either wants an external vip or to run haproxy and keepalived21:58
*** hamzy_ has quit IRC21:58
eat_those_lemonsryan3: your saying between the vm's within google cloud you cant use port 5000 for tls terminations?21:59
ryan3gcp ssl termination isn't possible at all on port 500021:59
ryan3they don't support it21:59
*** hamzy has joined #openstack-ansible21:59
jrossereat_those_lemons: i would recommend that you start with this https://docs.openstack.org/openstack-ansible/train/user/aio/quickstart.html22:00
ryan3since this is all on private ips anyways I sort of want to just turn off deploying expecting SSL22:00
ryan3is that possible?22:00
eat_those_lemonsjosser: ie use that setup for verifying configurations and then move to multi-node?22:01
jrosserthat setup is the one that is run many times per day as part of the openstack-ansible development process22:02
jrosserand also serves as a reference config22:03
*** ansmith has joined #openstack-ansible22:03
jrosserall our CI jobs to merge code must run that successfully22:03
eat_those_lemonsso should be able to pull the configs from there directly into a multi-node deployment?22:03
jrossereat_those_lemons: to a degree yes because you are not proposing an HA setup so the controller is fairly similar to an AIO22:04
jrosserbut the all-in-one creates it's own networking environment all behind one IP which is ideal for a test setup, but less so for multinode22:05
*** hamzy_ has joined #openstack-ansible22:06
eat_those_lemonsSo sounds like I would learn less than I was hoping for with the AIO since I need to still learn the networking portion and the configuration would need to be changed for the networking correctly?22:06
jrosseryou would instead be wanting a cut down version of this https://github.com/openstack/openstack-ansible/blob/master/etc/openstack_deploy/openstack_user_config.yml.prod.example22:06
*** hamzy has quit IRC22:09
jrosseri think i would be sticking as close to the reference config as possible, particularly if you want to learn all the networking stuff22:10
eat_those_lemonsah so base my config on prod.example instead of the openstack_user_config.yml.example22:10
eat_those_lemonsso basically only modify the networking portion of prod.example22:11
eat_those_lemonsmakes sense22:11
jrosserthere is a production network config here https://github.com/openstack/openstack-ansible/blob/master/etc/network/interfaces.d/openstack_interface.cfg.prod.example22:11
jrosserwhich you can strip out the bits you maybe don't need like the bonds22:11
jrosserbut the idea there is you lay down the same interfaces across all your nodes and make everything look the same22:11
eat_those_lemonsI have been trying to base things on the yam.example which I assume doesn't have a correct config to base off of22:12
eat_those_lemonsgot it22:12
eat_those_lemonsdo you know if there is a netplan version of this for ubuntu? Or do you run all your systems on a debian image that still has interfaces.d22:13
eat_those_lemons?22:13
jrosseropenstack_user_config.yml.example is also ok, but you need to fill out yourseld22:13
jrosserit's up to you how you configure the networking, OSA doesnt care so long as the required br-mgmt, br-storage as per the documentation are there22:13
jrosserthough some poeple have had a good experience with netplan, others have not22:14
eat_those_lemonsah so don't start with example start with prod.example got it22:14
eat_those_lemonsIt looks like the example scripts all use ifupdown instead of netplan so will just use ifupdown22:14
jrosseryou can use the old type network interface files on bionic by installing ifupdown22:14
eat_those_lemonswhat os do you run on?22:15
jrosserpersonally on ubuntu bionic but we also have a fair few folk on centos22:15
jrossereat_those_lemons: OSA doesnt try to interfere with any host provisioning or ideas the deployer might have about how the network is setup22:17
eat_those_lemonsdo you have anyone on strait debian?22:17
jrossera lot of that is left up to you deliberalty as everyone has a different use case22:18
eat_those_lemonsstrait debian is my OS of choice but seems that isn't very common22:18
eat_those_lemonsso don't want to stray too much of the beaten path for a first setup22:18
eat_those_lemonsespecially a hobby project one22:18
jrosserthat does make it difficult to provide a one-size-fits-all deployment but the production examples are the best starting point22:18
openstackgerritMerged openstack/openstack-ansible stable/rocky: Bump SHAs for stable/rocky  https://review.opendev.org/70074822:19
jrosseryou can see here an example of the deployments that are tested in CI https://review.opendev.org/#/c/702135/22:20
jrosserso we validate the deployment on stretch and buster today for the train branch, but i'm not sure how many people are using that for real22:20
eat_those_lemonsso it is tested just might not be used kind of thing?22:21
jrosseri would be confident that you could deploy the AIO and it would work, becasue those CI jobs have to pass a full test suite22:21
jrosserand by extension a multinode should be OK22:21
jrosserthere are gotchas at scale though like no official packages for ceph for modern debians22:22
jrosserwhich perhaps keeps people from switching22:23
eat_those_lemonsofficial packages for?22:23
eat_those_lemonsie which components will I probably have issues with?22:23
jrosserfor you probably nothing with 4 nodes22:24
jrosserbut if you were building a storage cluster with https://ceph.io/ceph-storage/ and wanted to use debian things are maybe not so straightforward22:24
eat_those_lemonsah I do want to use ceph22:24
eat_those_lemonsso good to know22:24
jrosserbut only one node?22:24
eat_those_lemonswell hopefully will be more nodes eventually22:25
eat_those_lemonsI have 2 san arrays I hope to populate when I get more time so hope to have HA22:25
eat_those_lemonsIts kinda overkill but want to eventually have a HA deployment22:25
jrossergiven that you have 4 nodes, the more commonly trodden path is for 3 controllers22:25
jrosserif you are planning to expand22:26
eat_those_lemonsI am more hoping to expand kinda depends on the homelab wife approval factor lol22:26
eat_those_lemons3 controllers for a HA deployment?22:26
eat_those_lemonsso jump from 1 to 3?22:26
jrosserfor a HA control plane22:27
eat_those_lemonsif I expand22:27
eat_those_lemonsah22:27
eat_those_lemonsgood to know22:27
jrosser1 to 3 isnt an obvious just becasue you need to reconfigure a bunch of stuff22:27
jrosserno keepalived -> keepalived, move the VIP, blah blah blah22:27
eat_those_lemonssounds like ceph likes 3 nodes, and controllers like 3 nodes22:28
eat_those_lemonsno keepalived -> keepalived? huh?22:28
eat_those_lemonsso do don't use keepalived?22:28
jrosserfor one controller thats not used, and the internal/external IP are actually on your interfaces22:28
jrosseras soon as you go >1 controller that all changes22:28
eat_those_lemonswhat does that change to?22:29
eat_those_lemonsor is that a really should just expand storage and compute if I expand don't worry about controllers?22:29
jrosserkeepalived owns the virtual IP and it floats between the controllers22:29
eat_those_lemonssince it sounds like the architecture changes22:29
eat_those_lemonsah22:29
eat_those_lemonsso each controller has an ip but the "virtual horizion ip" is passed around?22:30
jrosserbut really, try the AIO :)22:30
jrosseryes thats right, it's the IP for all the API endpoints, and horizon if you deploy that22:31
eat_those_lemonsIt sounds like the AIO won't give me knowlege for setting up a multinode deployment, should I still do an AIO?22:31
jrosserup to you - if you want to understand how OSA works without having to get all that other stuff completely right, then fiddle with an AIO for a bit22:32
eat_those_lemonsah ie the networking is done so don't have to worry about that can just learn osa22:33
eat_those_lemonsgot it22:33
eat_those_lemonsmakes sense22:33
jrosseryes, it does all that and makes a bunch of loopback devices to fake up the storage22:33
eat_those_lemonsso the storage "seems" redundant?22:34
jrosserso you get a potted envinroment thats trivally small, but functional22:34
eat_those_lemonsmakes sense22:35
eat_those_lemonsis there a good place to learn the networking side of Openstack? or is it just a know it already and/or figure it out?22:35
eat_those_lemonswell should have looked first lol22:36
eat_those_lemonsseems there is quite a bit of information on the docs22:36
eat_those_lemonsalthough looks like it might not have everything I need to know22:36
jrosserthe docs should give you a reference design based on a bunch of vlans22:36
jrosserthe docs should match very very closely what is in the example configs22:37
jrosser^ the OSA docs22:38
eat_those_lemonswould this be a doc you would recommend?22:39
eat_those_lemonshttps://docs.openstack.org/neutron/train/admin/22:39
eat_those_lemonsand https://docs.openstack.org/openstack-ansible/12.2.6/install-guide/overview-hostnetworking.html22:40
jrosserthat tells you about the neutron service itself22:40
jrosserthat is old docs22:41
jrosserhttps://docs.openstack.org/project-deploy-guide/openstack-ansible/latest/targethosts.html#configuring-the-network22:41
jrosseralso here https://docs.openstack.org/openstack-ansible/latest/user/network-arch/example.html22:42
eat_those_lemonsoh you mean just the small networking portion on the deploy guide?22:42
eat_those_lemonsI assumed it would be a many many page document/book22:43
eat_those_lemonsgood to know it is much smaller than that22:43
jrosserhere is an example almost totally like yours https://docs.openstack.org/openstack-ansible/latest/user/test/example.html22:43
eat_those_lemonswell the stuff that I need to know assumed I needed the neutron docs22:43
jrosserlike i say neutron docs tell you about the neutron service itself22:44
jrossernone of that will tell you the practicalities of building an actual deployment22:44
jrosserthats the value-add of projects like openstack-ansible22:44
eat_those_lemonsthat makes sense22:44
eat_those_lemonsso if you want deployment information look at osa docs if you want internal documentation look at openstack ones?22:45
jrosserosa is one choice with a certain set of goals, there are others like tripleo and kolla that take variously different approaches22:45
jrosserthere isn't one univerally agreed tool or architecture for deploying this stuff22:46
eat_those_lemonsfair enough22:46
eat_those_lemonsso would you say that tripleo, kolla and ansible are alternatives/competitors? Ie they for the most part are sovling the same issues with different results/architectures?22:47
jrosserpretty much22:48
* jrosser calls it a day here, late22:49
eat_those_lemonsThanks for all your help jrosser!22:49
eat_those_lemonsit really helped pointing me in the right direction!22:50
jrosserno worries, good luck :)22:50
eat_those_lemonsthanks! :)22:50
*** j^2 has quit IRC22:56
*** tosky has quit IRC23:15
*** hwoarang has quit IRC23:15
*** hwoarang has joined #openstack-ansible23:22
*** hamzy_ has quit IRC23:38
*** ahosam has quit IRC23:55
« Monday, 2020-01-13 Index Wednesday, 2020-01-15 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!