Friday, 2020-04-03

« Thursday, 2020-04-02 Index Saturday, 2020-04-04 »
*** mrda has joined #openstack-ansible00:12
*** prometheanfire has quit IRC00:29
*** prometheanfire has joined #openstack-ansible00:35
*** macz_ has joined #openstack-ansible00:39
openstackgerritMerged openstack/openstack-ansible-os_barbican stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69034800:42
*** macz_ has quit IRC00:44
openstackgerritMerged openstack/openstack-ansible-memcached_server stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69034300:56
openstackgerritMerged openstack/openstack-ansible-galera_server stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69033901:06
openstackgerritMerged openstack/openstack-ansible-os_blazar stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69034901:07
openstackgerritChason Chan proposed openstack/openstack-ansible master: [doc] Add firewall configuration step of quickstart guide  https://review.opendev.org/71716001:09
openstackgerritMerged openstack/openstack-ansible-galera_client stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69033801:57
*** macz_ has joined #openstack-ansible02:27
*** macz_ has quit IRC02:32
*** andrewbonney has quit IRC02:44
*** evrardjp has quit IRC04:36
*** evrardjp has joined #openstack-ansible04:37
*** miloa has joined #openstack-ansible05:09
*** udesale has joined #openstack-ansible05:55
*** kleini has joined #openstack-ansible06:38
*** DanyC has joined #openstack-ansible07:15
*** fghaas has joined #openstack-ansible07:25
*** tosky has joined #openstack-ansible07:44
*** jbadiapa has joined #openstack-ansible07:45
*** rpittau|afk is now known as rpittau07:56
*** andrea15 has quit IRC08:17
*** DanyC has quit IRC08:18
*** DanyC has joined #openstack-ansible08:25
openstackgerritOpenStack Proposal Bot proposed openstack/openstack-ansible master: Imported Translations from Zanata  https://review.opendev.org/71722608:31
*** andrea15 has joined #openstack-ansible08:33
*** rmart04 has joined #openstack-ansible08:48
*** chigang_ has quit IRC08:51
jannoHi, we are currently on Stein with Openstack-Ansible 19.0.1. When updating to Train: Do we need to Update to 19.0.6 first or can we go directly to Train?09:00
*** fghaas has quit IRC09:05
*** gshippey has joined #openstack-ansible09:08
*** fghaas has joined #openstack-ansible09:19
openstackgerritMerged openstack/openstack-ansible master: Imported Translations from Zanata  https://review.opendev.org/71722609:25
openstackgerritMerged openstack/openstack-ansible-rsyslog_client stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/71475309:39
openstackgerritMerged openstack/openstack-ansible-os_mistral stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69036509:39
openstackgerritMerged openstack/openstack-ansible-repo_server stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/71475209:42
openstackgerritMerged openstack/openstack-ansible-os_cinder stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69035109:42
openstackgerritMerged openstack/openstack-ansible-os_nova stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69036709:45
openstackgerritMerged openstack/openstack-ansible-openstack_hosts stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69034409:46
openstackgerritMerged openstack/openstack-ansible-os_octavia stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69036809:50
openstackgerritMerged openstack/openstack-ansible-os_masakari stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69036409:50
openstackgerritMerged openstack/openstack-ansible-os_tempest stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69037709:54
openstackgerritMerged openstack/openstack-ansible-os_gnocchi stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69035810:03
*** DanyC has quit IRC10:17
*** DanyC has joined #openstack-ansible10:21
*** rpittau is now known as rpittau|bbl10:29
openstackgerritMerged openstack/openstack-ansible-os_ceilometer stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69035010:42
*** udesale_ has joined #openstack-ansible10:43
*** udesale has quit IRC10:46
*** DanyC has quit IRC11:38
*** DanyC has joined #openstack-ansible11:55
*** rpittau|bbl is now known as rpitau12:08
*** rpitau is now known as rpittau12:09
mgariepyjanno, usually there is not issue with skipping a point release. but do your tests on your testbed first :D12:19
*** jamesden_ has joined #openstack-ansible12:27
*** heikkine has quit IRC12:29
jannomgariepy: we will :) thx12:30
*** rh-jelabarre has joined #openstack-ansible12:38
*** carlosmss has joined #openstack-ansible12:40
*** zigo has quit IRC12:48
carlosmssHi12:49
carlosmsssomeone has this issue on branch rocky? https://bugs.launchpad.net/openstack-ansible/+bug/186611112:50
openstackLaunchpad bug 1866111 in openstack-ansible "Rocky, horizon options missing" [Undecided,New]12:50
*** zigo has joined #openstack-ansible12:50
openstackgerritMerged openstack/openstack-ansible-os_congress stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69035313:03
jrossercarlosmss: I think that is present on stein branch https://review.opendev.org/#/c/622256/13:10
openstackgerritMerged openstack/openstack-ansible-os_nova stable/train: Align vars/redhat.yml with other distros  https://review.opendev.org/71515913:15
*** macz_ has joined #openstack-ansible13:16
*** macz_ has quit IRC13:20
noonedeadpunkjrosser: I believe I saw patch implementing OPENSTACK_KEYSTONE_DOMAIN_CHOICES ?13:33
noonedeadpunkyeah https://review.opendev.org/#/c/607474/13:34
*** macz_ has joined #openstack-ansible14:07
*** macz_ has quit IRC14:07
*** macz_ has joined #openstack-ansible14:08
*** Chaserjim has quit IRC14:16
miloacarlosmss: We are using rocky and here the patch we use and exemple of what we add user_variables.yml http://paste.openstack.org/show/791592/14:31
*** fghaas has quit IRC14:39
openstackgerritMerged openstack/openstack-ansible-os_designate stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69035514:45
openstackgerritMerged openstack/openstack-ansible-os_magnum stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69036314:51
prometheanfireis ansible-hardening still in development?14:51
noonedeadpunkI'd say still trying to fix it..14:52
prometheanfireok, was wondering as I suspect we'd like to use it :P14:54
noonedeadpunkI don't think we do add new things there at the moment14:55
noonedeadpunkbut trying to maintain existing14:55
prometheanfireright'14:57
prometheanfireif it's deployable on train/usuri then it's fine14:57
noonedeadpunkyeah, its working:)14:59
openstackgerritMerged openstack/openstack-ansible-openstack_openrc stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69034515:00
prometheanfireupdating to more modern stigs may be harder :P15:01
prometheanfirenoonedeadpunk: so, is it deployed before osa or after,  iirc the hardening role used to be deployed before15:02
* prometheanfire guesses he'll just have to read the docs again :P15:02
noonedeadpunkit's still used by default while setup-hosts.yml15:02
noonedeadpunk(so before)15:02
prometheanfirecool15:04
*** DanyC has quit IRC15:05
*** DanyC has joined #openstack-ansible15:06
kleiniWith stable/stein I have actually a problem with the Heat deployment http://paste.openstack.org/show/791594/. The user stack_domain_admin exists in the heat domain but Keystone does not find this user. If I trigger the exact same command using the users ID, it works: openstack role add --domain 643df5bcc2db4ccdb243979c29374871 --user stack_domain_admin admin. What may cause Keystone not to find the user by its name in the15:07
kleiniheat domain?15:07
*** DanyC has joined #openstack-ansible15:07
noonedeadpunkI guess I know....15:08
kleiniKeystone is confused by LDAP domain Users?15:09
noonedeadpunkhttps://github.com/ansible/ansible/pull/5987615:10
noonedeadpunkbut not sure if it's the case for you...15:10
noonedeadpunkoh, actually I think you have another issue15:11
noonedeadpunkas it's another module...15:13
*** andrewbonney has joined #openstack-ansible15:13
*** yoctozepto has quit IRC15:17
*** yoctozepto8 has joined #openstack-ansible15:18
kleiniwhere are all the Ansible modules gone on the devel branch? I was looking for clouds/openstack module15:18
*** andrea10 has joined #openstack-ansible15:18
noonedeadpunkhuh, not really sure what your problem is :(15:19
kleiniOkay, maybe latest os_user_role.py will not help here15:19
kleiniopenstack role add --domain 643df5bcc2db4ccdb243979c29374871 --user stack_domain_admin --user-domain heat admin <- this command works in my setup15:20
mgariepyhttps://bugs.launchpad.net/openstack-ansible/+bug/180734615:21
openstackLaunchpad bug 1807346 in openstack-ansible "[heat] Installations fails during Update Q->R" [Undecided,New] - Assigned to Guilherme Steinmuller Pimentel (guilhermesp)15:21
*** gyee has joined #openstack-ansible15:22
*** andrea15 has quit IRC15:23
mgariepykleini, maybe as a workaround just comment the bit from #8.15:24
kleiniyes, possible. but this would require a manual step in an automated deployment. and os_user_role does not even allow to define the user-domain...15:25
kleinithis would require first to fix the Ansible module15:26
kleinior extend it15:26
mgariepyhttps://github.com/ansible/ansible/pull/6574315:31
mgariepywhat a mess.15:31
mgariepykleini, does that seems to fix your issue ?15:32
kleinithere are two possible options: a) reference the stack_domain_admin with its ID instead of name, b) allow to define user-domain, so Keystone searches in correct domain for the user name15:33
kleinia would be solvable maybe in os_heat/tasks/heat_service_setup.yml if I am able to lookup the ID of the stack_domain_admin after it is created15:34
mgariepyhttps://github.com/ansible/ansible/pull/42913/commits/405c5698ebae8de3fdeee34620e2b9581c1aeb7d15:36
mgariepyisn't that already applied ?15:36
kleinithat is applied to my os_user_role.py on my deployment host. It does not seem to solve the issue15:38
kleiniokay, the user ID is returned by the os_user module. I just need to write the code, to extract the user ID15:40
mgariepyit's not working because you are passing the domain id instead of the name ?15:41
kleiniit is not working because I have a LDAP domain configured in Keystone. Searching for stack_domain_admin falls then back to default domain, where it does not exist: User stack_domain_admin is not valid15:43
*** rpittau is now known as rpittau|afk15:43
kleinithe client needs to tell Keystone either to search for user stack_domain_admin in heat domain when adding the grant or to use the users ID to uniquely identify him15:44
mgariepyhmm ok.15:45
jrosseris this relevant? https://github.com/openstack/openstack-ansible-os_heat/commit/2c0323c9efa2d3b95a4d264ea9dc0e5155250ca915:46
mgariepyon stein it should already be like that.15:47
kleiniI am trying to deploy stable/stein 19.0.12.dev215:47
*** udesale_ has quit IRC15:50
kleinijrosser: it is kind of relevant. again: os_user_role now uses domain: 643df5bcc2db4ccdb243979c29374871, user: stack_domain_admin, role: admin. this works without an LDAP Users domains but not with it, as Keystone searches for stack_domain_admin in default domain, but it exists in heat domain16:01
kleinisolution would be, that os_user_role uses domain: 643df5bcc2db4ccdb243979c29374871, user: stack_domain_admin, user-domain: heat, role: admin. But this is not implemented. This works with the command line tools client16:03
kleinimy workaround should be: os_user_role uses  domain: 643df5bcc2db4ccdb243979c29374871, user: <ID of stack_domain_admin>, role: admin. Therefore I need to extract the user ID from the result of the os_user module executed just before.16:04
mgariepyha, the call to get the user doesn't have the domain.16:12
mgariepyin os_user_role,.py16:13
mgariepykleini, can you pastebin your os_user_role.py ?16:16
kleinihttp://paste.openstack.org/show/791598/16:18
mgariepydidn you had the https://github.com/ansible/ansible/pull/42913/commits/405c5698ebae8de3fdeee34620e2b9581c1aeb7d applied?16:19
mgariepyon line 140, you need to pass the domain along to resolv the user.16:21
kleinino, I did not patch the os_user_role.py16:26
kleinibut I see, that you mean16:26
*** ioni is now known as wonder16:27
*** wonder is now known as ioni16:27
kleiniMy solution was now to extract the stack_domain_admin users ID from the os_user module result and use that then for the os_user_role16:28
kleiniPlease advice, which solution is better? Patching os_user_role.py or os_heat/tasks/heat_service_setup.yml16:29
mgariepyfrom my experience, making upstream change in OSA is way faster.16:34
mgariepynoonedeadpunk, jrosser would you mind if we push a workaround for this ?16:35
* noonedeadpunk reading back16:36
*** evrardjp has quit IRC16:36
*** evrardjp has joined #openstack-ansible16:37
mgariepykleini, what is your ldap config ? do you put your ldap in the default domain ?16:37
kleinino, I put LDAP configuration in a extra domain called Users16:37
mgariepyk16:37
*** pcaruana has quit IRC16:37
kleiniI see three domains in Keystone: default, heat and Users16:38
noonedeadpunkI don't mind pathich but still not sure I understood what the patch is going to be...16:38
noonedeadpunkoh, btw, openstack modules are in collection now, so patching upstream as as fast as osa16:39
noonedeadpunkhowever we don't use it yet:(((16:39
mgariepyis heat deployed in the aio by default ?16:40
mgariepyho. it's not.16:41
noonedeadpunkI think it's not16:41
noonedeadpunkso if we can get working patch for osa i'd say to land it with note to re-work once we'll be using colections16:42
noonedeadpunkand we also should patch them I think16:42
mgariepybecause i'm not sure why it should work without the ldap domain but not with it.16:42
noonedeadpunkhttps://opendev.org/openstack/ansible-collections-openstack16:42
mgariepysince the role is in the heat domain no mather what.16:42
noonedeadpunkunless it creates domain not in ldap...16:43
*** yoctozepto8 is now known as yoctozepto16:43
mgariepykleini, the heat user is in which domain ?16:43
noonedeadpunkbtw, actually this stuff shouldn't run at all https://opendev.org/openstack/openstack-ansible-os_heat/src/branch/stable/stein/tasks/heat_service_setup.yml#L12716:44
mgariepywhat is the {{heat_stack_domain_admin}} ? in ldap or in default ?16:45
mgariepywhat/where..16:45
noonedeadpunkit's created here https://opendev.org/openstack/openstack-ansible-os_heat/src/branch/stable/stein/tasks/heat_service_setup.yml#L90-L11416:45
noonedeadpunkwhich also should be skipped....16:45
noonedeadpunkor heat_service_in_ldap is smth different?16:45
noonedeadpunksorry just don't have much expertise on ldap things...16:46
mgariepyha it's in heat_stack_user_domain_name16:46
kleinistack_domain_admin is in heat domain. LDAP is in Users domain. they don't affect each other16:46
mgariepyso even without the ldap config it will fail.16:46
mgariepyso the ldap config is merely there as a distraction16:47
noonedeadpunkbut I think it dont in ci?16:47
noonedeadpunkbut actually we probably didn't test stein for some time16:47
mgariepyit's not part of aio16:47
kleiniKeystone seems not to search for user stack_domain_admin in heat domain, once the Users domain exists.16:47
kleininot sure, why this is, but this is my experience16:48
noonedeadpunkoh, yeah, last patch landed last year16:48
mgariepyyep16:48
kleinihttp://paste.openstack.org/show/791599/ <- this is my idea to solve it16:48
mgariepyusing the user id to bypass the ansible module.16:49
noonedeadpunkwe should place noop patch to see what happens16:49
mgariepythe heat_service_in_ldap thing would be skipped if you have these users in ldap most deployer won't do that tho.16:51
kleini"User c0ad4f34c41c4b9f9cd551026c5bf508 is not valid"16:51
kleinimy fix does not help16:51
mgariepywhat ?16:51
mgariepyhmm16:52
mgariepyfun..16:52
kleinidebugging now Keystone HTTP requests16:52
kleinioh, this is a message from os_user_role.py, that "User something is not valid"16:56
mgariepyis it only stein or train is also affected ?16:56
kleinihttp://paste.openstack.org/show/791598/ <- line 14216:57
mgariepyyep16:57
kleiniI tested only stein this far. I think, train fails much earlier, but I can try on Monday16:57
mgariepycan you try pactching os_user_role.py wit hthe domain fix ?16:58
kleinihow is it possible, that get_user with an ID fails? Okay, I never tried to use openstacksdk, I just used command line tools yet16:58
kleiniwill patch os_user_role.py16:59
kleiniworks17:03
mgariepygreat17:05
kleiniso, please get that on the stable/stein branch or tell me, how I need to provide a fix17:06
kleinihttps://review.opendev.org/#/c/716971/ <- this was doable for me17:07
mgariepynot sure how to fix that in osa17:08
mgariepyi thought that by passing the uuid of the user it would have worked.17:09
kleinithe os_user_role.py still lists the users only in the default domain and then it bails out with "User xyz is not valid"17:10
kleiniI had a look at the HTTP response from Keystone just before the error message17:10
jrosserkleini: it is an ansible bug, not OSA17:11
jrosserso it is not possible to make a fix inside OSA for that17:11
kleiniyeah, right17:11
jrosserhowever17:11
kleiniI can live with replacing the os_user_role.py on my deployment host17:12
jrosserit is quite straightforward for you to make a fork of ansible and apply that patch17:12
jrosserthe OSA bootstrap-ansible can use your fork rather than the official ansible17:12
kleiniany documentation for this somewhere? otherwise I will have a look at that script and hopefully find a way to fork ansible for my use case17:13
carlosmssjrosser: thanks, I've waited for an update on rocky branch, but I will apply these patches in horizon template.17:13
carlosmssnoonedeadpunk: thanks, I've waited for an update on rocky branch, but I will apply these patches in horizon template.17:14
carlosmssmiloa: thanks, I've waited for an update on rocky branch, but I will apply these patches in horizon template.17:14
carlosmssKeep save from flu!17:15
jrosserkleini: here you go, first example is providing a custom repo for ansible https://docs.openstack.org/openstack-ansible/latest/user/source-overrides/index.html17:15
jrosserthe ansible version used depends on the release of OSA you deploy, so apply that patch onto the right ansible version and refer to your patched branch in that variable17:17
kleininice! thank you very much again, jrosser & mgariepy17:17
kleiniyes, thought something like that.17:18
jrossercarlosmss: the rocky branch is now in extended maintenance so unlikely to get much work done to it17:20
mgariepyyou are welcome kleini17:23
*** jbadiapa has quit IRC17:29
carlosmssjrosse: nice, no problem, thanks for the workaround. I am satisfied.17:32
* fridtjof[m] sent a long message: < https://matrix.org/_matrix/media/r0/download/matrix.org/nucBSpaxgIyvAlgnknFQVoIF >17:32
*** miloa has quit IRC17:37
openstackgerritMerged openstack/openstack-ansible-os_horizon master: Config options around federation URLs  https://review.opendev.org/71602617:51
*** DanyC has quit IRC18:11
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/ansible-hardening master: [ussuri][goal] Updates for python 2.7 drop  https://review.opendev.org/71059818:19
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_magnum stable/train: Add ability to create COE template  https://review.opendev.org/71351118:19
*** andrewbonney has quit IRC18:23
*** rmart04 has quit IRC18:38
*** macz_ has quit IRC18:59
*** kleini has quit IRC19:04
*** DanyC has joined #openstack-ansible19:33
*** DanyC has quit IRC19:38
*** macz_ has joined #openstack-ansible19:57
openstackgerritJonathan Rosser proposed openstack/openstack-ansible master: [WIP] Use the Mitogen connection method in OSA  https://review.opendev.org/59123620:00
*** macz_ has quit IRC20:02
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-galera_server master: Ensure python3 mysql client libraries are present  https://review.opendev.org/71738120:11
*** macz_ has joined #openstack-ansible20:23
*** jamesden_ has quit IRC20:39
openstackgerritMerged openstack/openstack-ansible-os_sahara stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/69037221:03
*** gshippey has quit IRC21:23
*** KeithMnemonic has quit IRC21:34
*** velmeran has joined #openstack-ansible21:39
*** weifan has joined #openstack-ansible21:44
*** weifan has quit IRC21:48
*** fghaas has joined #openstack-ansible21:54
openstackgerritJonathan Rosser proposed openstack/openstack-ansible master: [WIP] Use the Mitogen connection method in OSA  https://review.opendev.org/59123622:05
*** macz_ has quit IRC22:13
*** fghaas has quit IRC22:19
Nick_Aanyone using ceph volumes with ssd/nvme caching + hdd? Curious about performance. Ceph docs seem strongly against it.22:33
*** rh-jelabarre has quit IRC22:38
*** carlosmss has quit IRC22:47
*** tosky has quit IRC23:16
openstackgerritMerged openstack/openstack-ansible stable/train: Bump SHAs for stable/train  https://review.opendev.org/71431023:52
« Thursday, 2020-04-02 Index Saturday, 2020-04-04 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!