Wednesday, 2020-04-22

« Tuesday, 2020-04-21 Index Thursday, 2020-04-23 »
openstackgerritJonathan Rosser proposed openstack/openstack-ansible master: Bump SHAs for master  https://review.opendev.org/72108900:02
*** threestrands has joined #openstack-ansible00:04
*** gyee has quit IRC01:04
*** rh-jelabarre has quit IRC01:28
*** tinwood has quit IRC02:10
*** tinwood has joined #openstack-ansible02:12
*** viks____ has joined #openstack-ansible02:17
*** spatel has quit IRC02:52
*** spatel has joined #openstack-ansible03:47
*** spatel has quit IRC03:53
*** evrardjp has quit IRC04:35
*** evrardjp has joined #openstack-ansible04:35
*** cshen has joined #openstack-ansible05:01
*** cshen has quit IRC05:07
*** udesale has joined #openstack-ansible05:39
*** miloa has joined #openstack-ansible06:10
*** d34dh0r53 has quit IRC06:12
*** cshen has joined #openstack-ansible06:17
*** this10nly has joined #openstack-ansible06:23
*** fghaas has joined #openstack-ansible06:41
*** jbadiapa has joined #openstack-ansible06:42
*** threestrands has quit IRC06:53
*** threestrands has joined #openstack-ansible06:54
*** threestrands has quit IRC06:55
*** threestrands has joined #openstack-ansible06:55
*** threestrands has quit IRC06:56
*** threestrands has joined #openstack-ansible06:56
*** threestrands has quit IRC06:58
*** threestrands has joined #openstack-ansible06:58
*** threestrands has quit IRC06:59
*** threestrands has joined #openstack-ansible06:59
*** threestrands has quit IRC07:01
*** threestrands has joined #openstack-ansible07:01
*** threestrands has quit IRC07:02
*** threestrands has joined #openstack-ansible07:02
*** threestrands has quit IRC07:04
*** threestrands has joined #openstack-ansible07:04
*** threestrands has quit IRC07:05
*** threestrands has joined #openstack-ansible07:06
*** threestrands has quit IRC07:07
*** threestrands has joined #openstack-ansible07:07
*** threestrands has quit IRC07:08
*** threestrands has joined #openstack-ansible07:08
*** threestrands has quit IRC07:10
*** threestrands has joined #openstack-ansible07:10
*** threestrands has quit IRC07:11
*** threestrands has joined #openstack-ansible07:12
*** threestrands has quit IRC07:13
*** threestrands has joined #openstack-ansible07:13
*** thuydang has joined #openstack-ansible07:14
*** threestrands has quit IRC07:14
*** threestrands has joined #openstack-ansible07:14
*** threestrands has quit IRC07:16
*** threestrands has joined #openstack-ansible07:16
*** threestrands has quit IRC07:17
*** threestrands has joined #openstack-ansible07:18
*** threestrands has quit IRC07:19
*** threestrands has joined #openstack-ansible07:19
*** threestrands has quit IRC07:20
*** threestrands has joined #openstack-ansible07:21
*** threestrands has quit IRC07:22
*** threestrands has joined #openstack-ansible07:22
*** threestrands has quit IRC07:23
*** threestrands has joined #openstack-ansible07:24
*** rpittau|afk is now known as rpittau07:24
*** threestrands has quit IRC07:25
*** threestrands has joined #openstack-ansible07:25
*** threestrands has quit IRC07:26
*** threestrands has joined #openstack-ansible07:27
*** threestrands has quit IRC07:28
*** threestrands has joined #openstack-ansible07:28
*** threestrands has quit IRC07:29
*** threestrands has joined #openstack-ansible07:30
*** yolanda has joined #openstack-ansible07:30
*** threestrands has quit IRC07:31
*** threestrands has joined #openstack-ansible07:31
*** threestrands has quit IRC07:32
*** threestrands has joined #openstack-ansible07:33
*** threestrands has quit IRC07:34
*** threestrands has joined #openstack-ansible07:34
*** threestrands has quit IRC07:35
*** threestrands has joined #openstack-ansible07:36
*** threestrands has quit IRC07:37
*** threestrands has joined #openstack-ansible07:37
*** threestrands has quit IRC07:38
*** threestrands has joined #openstack-ansible07:39
*** threestrands has quit IRC07:40
*** threestrands has joined #openstack-ansible07:40
*** threestrands has quit IRC07:41
*** threestrands has joined #openstack-ansible07:41
*** miloa has quit IRC07:43
*** threestrands has quit IRC07:43
*** threestrands has joined #openstack-ansible07:43
*** threestrands has quit IRC07:44
*** threestrands has joined #openstack-ansible07:45
*** tosky has joined #openstack-ansible07:45
*** threestrands has quit IRC07:46
*** threestrands has joined #openstack-ansible07:46
*** NewJorg has quit IRC07:47
*** threestrands has quit IRC07:47
*** threestrands has joined #openstack-ansible07:47
*** NewJorg has joined #openstack-ansible07:48
*** threestrands has quit IRC07:49
*** threestrands has joined #openstack-ansible07:49
*** threestrands has quit IRC07:50
*** threestrands has joined #openstack-ansible07:51
*** threestrands has quit IRC07:52
*** threestrands has joined #openstack-ansible07:52
*** threestrands has quit IRC07:53
*** spatel has joined #openstack-ansible07:53
*** threestrands has joined #openstack-ansible07:54
*** threestrands has quit IRC07:55
*** threestrands has joined #openstack-ansible07:55
noonedeadpunkjrosser: huh, I thought your patch is going to fix bionic distro as well, since it fails due to the same thing, isn't it?07:56
*** threestrands has quit IRC07:56
jrosserdon't we install distro tempest on bionic/distro?07:57
noonedeadpunkSo for bionic we do install tempest from source the same way as for source installs?07:57
*** threestrands has joined #openstack-ansible07:57
jrosserwe should check that.....07:57
noonedeadpunkoh... so we install tempest from distro package but plugins from source07:57
noonedeadpunkyeah, you are right07:57
*** threestrands has quit IRC07:58
*** threestrands has joined #openstack-ansible07:58
*** spatel has quit IRC07:58
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible master: Bump SHAs for master  https://review.opendev.org/72108907:59
*** threestrands has quit IRC07:59
jrosseri think we need to merge the os_tempest patch ASAP07:59
*** threestrands has joined #openstack-ansible08:00
jrosserbecasue the master SHA bump will never pass the upgrade job08:00
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible master: Bump SHAs for master  https://review.opendev.org/72108908:00
*** threestrands has quit IRC08:01
*** threestrands has joined #openstack-ansible08:01
*** threestrands has quit IRC08:02
*** threestrands has joined #openstack-ansible08:02
*** threestrands has quit IRC08:04
*** threestrands has joined #openstack-ansible08:04
*** threestrands has quit IRC08:05
*** threestrands has joined #openstack-ansible08:06
*** threestrands has quit IRC08:07
*** threestrands has joined #openstack-ansible08:07
*** threestrands has quit IRC08:08
*** thuydang has quit IRC08:36
*** thuydang has joined #openstack-ansible08:41
*** thuydang has quit IRC09:32
*** spatel has joined #openstack-ansible09:42
*** spatel has quit IRC09:46
*** thuydang has joined #openstack-ansible09:47
*** evrardjp has quit IRC09:51
*** evrardjp has joined #openstack-ansible09:51
*** rpittau is now known as rpittau|bbl10:42
*** cshen has quit IRC10:45
*** cshen has joined #openstack-ansible10:56
*** cshen has quit IRC11:23
*** cshen has joined #openstack-ansible11:38
openstackgerritAndreas Jaeger proposed openstack/openstack-ansible-galera_server master: Cleanup py27 support  https://review.opendev.org/72182411:46
*** rh-jelabarre has joined #openstack-ansible11:48
openstackgerritAndreas Jaeger proposed openstack/openstack-ansible-galera_server master: Cleanup py27 support  https://review.opendev.org/72182411:49
*** rpittau|bbl is now known as rpittau11:50
openstackgerritAndreas Jaeger proposed openstack/openstack-ansible-os_keystone master: Cleanup py27 support  https://review.opendev.org/72183411:52
openstackgerritAndreas Jaeger proposed openstack/openstack-ansible-os_murano master: Cleanup py27 support  https://review.opendev.org/72183511:55
openstackgerritAndreas Jaeger proposed openstack/openstack-ansible-plugins master: Cleanup py27 support  https://review.opendev.org/72183711:58
fridtjof[m]quick Q: is there anything I should keep in mind when I have an external (flat) provider network which already has a DHCP server and some used IPs?12:05
fridtjof[m]Is that something that only requires special configuration when "creating" the network in openstack itself? Or is there something to pay special attention to in the ansible configuration?12:06
noonedeadpunkfridtjof[m]: so it won't be easy I think. As then you will need to manually reserve ips on your dhcp and create neutron ports with specified ips....12:09
noonedeadpunkAs kinda anyway neutron will manage ip delegation for isntances wich should eventually match with your dhcp12:10
openstackgerritAndreas Jaeger proposed openstack/openstack-ansible-os_murano master: Cleanup py27 support  https://review.opendev.org/72183512:10
noonedeadpunkOr if you're thinking about setting static IPs for instances (instead of dhcp) that you'll need to use config drives for cloud-init https://docs.openstack.org/nova/train/user/metadata.html#config-drives12:10
fridtjof[m]would reserving a smaller portion of the DHCP subnet work, in conjunction with only telling neutron about that "sub-subnet"?12:11
noonedeadpunk* https://docs.openstack.org/nova/train/admin/config-drive.html12:11
noonedeadpunkI don't think 2 dhcp servers may work withing the sae network12:12
fridtjof[m]ohhh12:13
fridtjof[m]i see12:14
fridtjof[m]so technically, avoiding IP conflicts isn't the problem (i could just reserve a smaller subnet in the existing dhcp server for neutron) but then having two DHCP servers is12:14
noonedeadpunkyeah. so you actually can try using a space without dhcp for neutron - and I think that vms will be given static ips in case of configuration with config drives (but not 100% sure about that)12:15
noonedeadpunkAlso you can use floating ips - they will be added to l3 agent namespaces so do not require dhcp12:16
noonedeadpunkwhile create instances in private network12:16
fridtjof[m]yeah, static IPs it is then12:16
fridtjof[m]those employ NAT, right?12:17
noonedeadpunkyeah12:17
fridtjof[m]what i've always wondered was why ubuntu (18.04, at least) explicitly patches cloud-init to ignore network configuration coming from the metadata service12:18
noonedeadpunkor you may split your current net to 2 smaller ones:)12:18
fridtjof[m](good to know it works through config drives, though)12:18
noonedeadpunkfridtjof[m]: maybe because they use cloud-init in their new fancy setup tool?12:19
fridtjof[m]i'm talking about this specific patch: https://github.com/delphix/cloud-init/tree/master/.pc/openstack-no-network-config.patch12:25
fridtjof[m]i spent an entire day some months ago trying to find any reasoning as to why it's there, and all i ever found was it being mentioned in automated release diffs12:26
fridtjof[m] * i spent an entire day some months ago trying to find any reasoning as to why it's there, and all i ever found was it being mentioned in automated release diffs on launchpad12:26
fridtjof[m](oh wait, let me find a better view)12:26
fridtjof[m]those are files with the patch applied, not expecting you to compare it manually of course12:27
noonedeadpunkhuh interesting...12:28
noonedeadpunkbut have no idea as well:)12:28
openstackgerritAndreas Jaeger proposed openstack/openstack-ansible-plugins master: Cleanup py27 support  https://review.opendev.org/72183712:30
fridtjof[m]https://git.launchpad.net/cloud-init/tree/debian/patches/openstack-no-network-config.patch?h=ubuntu/bionic12:31
fridtjof[m]found it, noonedeadpunk12:31
fridtjof[m]it seems they patched it to not change old behavior12:31
openstackgerritAndreas Jaeger proposed openstack/openstack-ansible-os_murano master: Cleanup py27 support  https://review.opendev.org/72183512:32
fridtjof[m]yup, it's gone from 20.0412:32
*** cshen has quit IRC12:53
*** cshen has joined #openstack-ansible12:53
openstackgerritAndreas Jaeger proposed openstack/openstack-ansible-ops master: Cleanup py27 support  https://review.opendev.org/71994413:01
*** smorant has joined #openstack-ansible13:20
*** strattao has joined #openstack-ansible13:23
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible master: Use defined keepalived track_scripts  https://review.opendev.org/72195713:36
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible master: Use defined keepalived track_scripts  https://review.opendev.org/72195713:39
*** udesale_ has joined #openstack-ansible13:40
*** udesale has quit IRC13:42
*** cshen has quit IRC13:43
*** d34dh0r53 has joined #openstack-ansible13:59
*** gshippey has joined #openstack-ansible14:04
*** cshen has joined #openstack-ansible14:08
*** this10nly has quit IRC14:08
*** cshen has quit IRC14:12
*** smorant has quit IRC14:17
openstackgerritMerged openstack/openstack-ansible-os_tempest master: Refactor tempest plugin install from source  https://review.opendev.org/72164514:23
*** cshen has joined #openstack-ansible14:24
mgariepyhey, if i have a patch to do accross all the conf files on all the roles , is there a helper script that exist for that ?15:02
*** gyee has joined #openstack-ansible15:11
mnasermgariepy: i wrote a small tool aw hiel back15:11
mnasermgariepy: https://github.com/mnaser/squip15:11
mnasernoonedeadpunk: do you mind looking into resolving the config errors in the openstack tenant from the retirement of pip_install and friends? Andreas asked about that a few days ago15:12
noonedeadpunkOh, yeah, we have left stuff in queens and ealier15:15
noonedeadpunkSo will place patches and ask for force-push infra15:16
mgariepymnaser, thanks a lot, i'll try that :D15:19
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/queens: Retire repo_build and pip_install roles  https://review.opendev.org/72202015:31
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/pike: Retire repo_build and pip_install roles  https://review.opendev.org/72202115:32
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/ocata: Retire repo_build and pip_install roles  https://review.opendev.org/72202215:32
*** spatel has joined #openstack-ansible15:50
*** fghaas has quit IRC16:11
*** thuydang has quit IRC16:19
*** udesale_ has quit IRC16:27
*** stache has joined #openstack-ansible16:28
*** rpittau is now known as rpittau|afk16:29
*** evrardjp has quit IRC16:35
*** evrardjp has joined #openstack-ansible16:35
stacheHi, I'm currently participating in RHOSC and have been tasked with working on creating an ansible role/module for servers on openstack. I couldn't find an openstack ansible modules IRC or Repo, and this was the only official ansible IRC I could find for openstack. I was hoping someone here could guide me to the modules repo for openstack. Thanks!!16:39
noonedeadpunkstache: it's eventually #openstack-ansible-sig for such questions. But in case of ansible collection regarding openstack - the repo is https://opendev.org/openstack/ansible-collections-openstack16:43
stacheOh sorry I didn't know. Thanks for the help though noonedeadpunk!!16:46
noonedeadpunksure, np16:46
*** stache has left #openstack-ansible16:48
openstackgerritMerged openstack/openstack-ansible master: Disable test_list_user_groups temepst test  https://review.opendev.org/72069816:51
*** cshen has quit IRC16:52
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/ocata: Retire repo_build and pip_install roles  https://review.opendev.org/72202216:53
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/pike: Retire repo_build and pip_install roles  https://review.opendev.org/72202116:54
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/queens: Retire repo_build and pip_install roles  https://review.opendev.org/72202016:54
*** yolanda has quit IRC16:54
*** cshen has joined #openstack-ansible17:23
*** cshen has quit IRC17:27
masterpeI'm looking into ceph cache options I see in ./roles/ceph-defaults/defaults/main.yml that rbd_cache is set to true, but I don't see that variable is used in the rest of the OSA17:30
masterpeI'm using 18.1.12, is this an old variable?17:31
jrosserthat role is part of ceph-ansible17:31
jrosserso that variable would be consumed by the ceph-ansible playbooks, rather than the OSA ones17:32
jrosserplaybooks/roles etc17:32
masterpeif I do a egrep -Ri "rbd.cache" . in the directory /etc/ansible/roles/ceph-ansible I only see it in ./roles/ceph-defaults/defaults/main.yml and I don't see it used by a template, in a tasks or anything else17:38
*** mgariepy has quit IRC17:39
*** mgariepy has joined #openstack-ansible17:39
mgariepyjrosser, i'm looking a setting the www_authentication_uri to the public uri instead of internal one. as stated in the config ref: https://docs.openstack.org/neutron/train/configuration/neutron.html#keystone-authtoken17:41
jrosserewwww17:41
mgariepyand i saw you changed the heat config to use the internaluri in heat: https://github.com/openstack/openstack-ansible-os_heat/commit/288634ce0bf042bed614b3f764753d7b65a7170f17:42
jrossereverything breaks if you undo that17:42
mgariepyecause of certs ?17:42
mgariepybecause of certs ?17:42
jrosserthats one thing, yes17:42
jrosserself signed doesnt work17:43
mgariepyif the cert is self- signed can we add the insecure boot to true ?17:43
jrosserand then if theres no network path from the mgmt network to the external endpoint, everything is hosed17:43
mgariepywhat i'm willing to fix is the internal ip leakage of differents apis.17:44
jrossertook me the entire rocky cycle to fix heat for this17:44
jrosserthere is similar trouble in horizon with federation17:44
jrosserdo you have a specific problem to solve here?17:45
mgariepyif you `curl --head https://yourclouddnshere:9292/v2`17:47
mgariepyyou see the headers wit hthe keystone-uri poiting to the internal ip.17:47
jrosseryes you do17:49
mgariepywould be better to point to the publicuri17:50
jrosserso long as it doesnt break anything else17:50
jrossernone of this is tested at all in wider openstack ci / devstack17:50
jrosserit's just everything bound to localhost17:50
jrosserwhich is why heat was such a mess to untangle17:50
mgariepyheat is a mess on his own.17:51
jrosserthe issue there was internal endpoint getting put in cloud-init for VM created by heat17:51
jrosserso similar17:51
jrosseri'd like to test these changes very carefully17:51
mgariepymnaser, do you have an opinion on this ?17:51
jrossermy clouds are a bit strange in that there is no internal <> external IP route at all17:52
mgariepyor noonedeadpunk ^^17:52
mgariepyevery cloud are unique, just like everyone else :D17:52
jrosserhah yes17:53
jrosseri figure in a lot of cases this stuff is working by accident because of a NAT firewall between mgmt network and external endpoints17:53
jrossercould use another review on this https://review.opendev.org/#/c/721089/5 (before something else breaks!)17:55
* noonedeadpunk has no opinion :(17:55
mgariepynoonedeadpunk, lol17:56
mgariepyjrosser, done.17:56
jrossermgariepy: i guess changing them one by one in my environment then running refstack will tell the answer17:56
noonedeadpunklike I never was facing issues with heat in our environments...17:57
mgariepyno issue with heat ?17:57
noonedeadpunkmagnum was the reason for all of them I'd say:)17:57
mgariepyit's not just for heat..17:57
mgariepyi want to swap it to public uri for all the services.17:58
mgariepyso when you poke the apis, the headers won't leak the internal ips.17:58
jrosserthats fine so long as the services treat the variables correctly17:58
noonedeadpunkI can kinda recall this and with public there were issues, yes17:58
jrosserfor heat we made it use the service catalog instead of read the config file17:58
noonedeadpunkand jrosser's fix worked nicely...17:59
jrosserbut i don't know if we addressed anything to do with leaked IP in headers17:59
mgariepyheat config key seems only to be in heat, nova and neutron don't have them,17:59
mgariepyjrosser, does heat leak the ip now ?18:02
mgariepyon your setup ?18:02
jrosseri don't get a WWW-Authenticate header at all from port 800418:03
mgariepyneed uri/v118:03
mgariepyyou genre a multiple choice responss18:04
mgariepyyou genre a multiple choice response18:04
jrosseroh right18:04
*** sshnaidm is now known as sshnaidm|afk18:04
jrosseryes its there with an internal IP again18:04
jrosseri think that in the code for these services there is a giant mess18:04
mgariepylol.18:04
mgariepymajor understatement haha18:05
jrosserthe way we fixed heat was to make a new config variable that did the right thing in the right place when you enabled it18:05
mgariepyhmm.18:05
jrosserotherwise it left the "historical" behaviour the same becasue it was just too much to try to figure out what it all meant18:05
mgariepyi wonder if haproxy could prenvent the leak in the mean time.18:06
mgariepybut it's kinda bad also haha18:06
mgariepythe internal uri is working only because it's not ssl isn't it?18:07
jrosserthe internal VIP is not ssl - is that what you mean?18:10
mgariepyyep18:10
jrosserso thats another way this all goes wrong18:10
jrosserwhen you start switching up internal/external you get things trying to talk https to the internal vip, and that blows up too18:10
mgariepyin my case i listen on 2 ips. internal is not ssl and the external one is ssl.18:11
*** fghaas has joined #openstack-ansible18:20
*** thuydang has joined #openstack-ansible18:44
*** thuydang has quit IRC18:50
*** thuydang has joined #openstack-ansible19:05
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/pike: Retire repo_build and pip_install roles  https://review.opendev.org/72202119:12
fridtjof[m]a very stupid question from me19:27
fridtjof[m]so i'm building a deployment with two compute hosts19:27
fridtjof[m]and on one of them i just broke the network config to the point where I can't SSH into it. the server's remote management doesn't have a console license and I can't go in because the building's in lockdown.19:28
fridtjof[m]long story short, i'll set it up with one host less now, but due to naming consistency etc i'd like to still reserve "compute1" for that (now unreachable) host and call the remaining host "compute2"19:30
fridtjof[m]then when it's back online, i'll add it to the deployment19:30
fridtjof[m]does anything in os-ansible depend on the names for it to work nicely? i'm pretty sure the answer is no, but i'd love the extra assurance if someone knows this off the top of their head19:31
noonedeadpunkthe only thing is that this host is still in cached inventory, you you maybe would like to do smth like this while running roles19:38
noonedeadpunkopenstack-ansible setup-openstack.yml --limit 'all:!compute1'19:38
noonedeadpunkmnaser: jrosser mgariepy and all cores I didn't mention - are we going to participate in virtual ptg?19:43
noonedeadpunkI saw an email questioning that... but maybe we still want to chat a bit about things?19:47
*** cshen has joined #openstack-ansible20:02
*** fghaas has quit IRC20:05
*** cshen has quit IRC20:06
*** thuydang has quit IRC20:06
*** gshippey has quit IRC20:31
openstackgerritMerged openstack/openstack-ansible master: Bump SHAs for master  https://review.opendev.org/72108921:02
*** spatel has quit IRC21:31
*** mmethot_ has joined #openstack-ansible21:44
*** itsjg has quit IRC21:45
*** itsjg has joined #openstack-ansible21:47
*** mmethot has quit IRC21:48
*** spatel has joined #openstack-ansible22:44
*** spatel has quit IRC23:07
*** spatel has joined #openstack-ansible23:14
*** spatel has quit IRC23:45
*** tosky has quit IRC23:51
« Tuesday, 2020-04-21 Index Thursday, 2020-04-23 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!