| *** cshen has joined #openstack-ansible | 01:15 | |
| *** cshen has quit IRC | 01:19 | |
| *** spatel has joined #openstack-ansible | 01:26 | |
| *** spatel has quit IRC | 01:30 | |
| *** jamesdenton has quit IRC | 02:30 | |
| *** jamesdenton has joined #openstack-ansible | 02:30 | |
| *** cshen has joined #openstack-ansible | 02:49 | |
| *** cshen has quit IRC | 02:53 | |
| *** spatel has joined #openstack-ansible | 04:18 | |
| *** evrardjp has quit IRC | 04:33 | |
| *** evrardjp has joined #openstack-ansible | 04:33 | |
| *** cshen has joined #openstack-ansible | 04:49 | |
| *** cshen has quit IRC | 04:54 | |
| *** miloa has joined #openstack-ansible | 05:45 | |
| *** spatel has quit IRC | 05:56 | |
| *** andrewbonney has joined #openstack-ansible | 06:59 | |
| *** cshen has joined #openstack-ansible | 07:14 | |
| *** shyamb has joined #openstack-ansible | 07:30 | |
| *** owalsh has quit IRC | 07:48 | |
| *** owalsh has joined #openstack-ansible | 07:52 | |
| *** pcaruana has quit IRC | 07:58 | |
| *** pcaruana has joined #openstack-ansible | 07:58 | |
| *** shyamb has quit IRC | 08:01 | |
| *** shyamb has joined #openstack-ansible | 08:12 | |
| *** maharg101 has quit IRC | 08:12 | |
| openstackgerrit | OpenStack Proposal Bot proposed openstack/openstack-ansible master: Imported Translations from Zanata https://review.opendev.org/750137 | 08:30 |
|---|---|---|
| openstackgerrit | Dmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_senlin master: Initial commit to os_senlin https://review.opendev.org/749365 | 08:48 |
| *** shyamb has quit IRC | 08:51 | |
| openstackgerrit | Merged openstack/openstack-ansible-os_glance master: Fix native service path https://review.opendev.org/749907 | 08:51 |
| openstackgerrit | Dmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_glance stable/ussuri: Fix native service path https://review.opendev.org/750139 | 08:57 |
| openstackgerrit | Dmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_glance stable/train: Fix native service path https://review.opendev.org/750140 | 08:57 |
| openstackgerrit | Merged openstack/openstack-ansible master: Bump SHAs for master https://review.opendev.org/750105 | 09:36 |
| *** shyamb has joined #openstack-ansible | 09:47 | |
| *** shyamb has quit IRC | 10:16 | |
| *** shyamb has joined #openstack-ansible | 10:23 | |
| *** shyamb has quit IRC | 10:27 | |
| *** shyamb has joined #openstack-ansible | 10:28 | |
| *** tosky has joined #openstack-ansible | 10:33 | |
| *** jawad_axd has joined #openstack-ansible | 10:50 | |
| openstackgerrit | Merged openstack/openstack-ansible-os_swift master: Delegate gnocchi retrievement task to setup host https://review.opendev.org/748217 | 11:13 |
| *** shyamb has quit IRC | 11:34 | |
| *** shyamb has joined #openstack-ansible | 11:35 | |
| openstackgerrit | Merged openstack/openstack-ansible-ceph_client stable/train: Remove trailing '/' from ceph_apt_repo_url https://review.opendev.org/750063 | 11:51 |
| *** shyam89 has joined #openstack-ansible | 12:25 | |
| *** shyam89 has quit IRC | 12:27 | |
| *** shyamb has quit IRC | 12:28 | |
| openstackgerrit | Erik Berg proposed openstack/openstack-ansible-ceph_client stable/stein: Remove trailing '/' from ceph_apt_repo_url https://review.opendev.org/750167 | 12:56 |
| openstackgerrit | Dmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible master: Add integrated test for Ubuntu using ML2/OVN driver https://review.opendev.org/733017 | 13:03 |
| openstackgerrit | Dmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_swift stable/ussuri: Delegate gnocchi retrievement task to setup host https://review.opendev.org/750169 | 13:07 |
| openstackgerrit | Merged openstack/openstack-ansible-os_neutron master: Add Initial NSX Integration https://review.opendev.org/748357 | 13:10 |
| *** jawad_axd has quit IRC | 13:29 | |
| *** cshen has quit IRC | 13:37 | |
| *** jbadiapa has joined #openstack-ansible | 14:06 | |
| *** cshen has joined #openstack-ansible | 14:13 | |
| openstackgerrit | Merged openstack/openstack-ansible stable/train: Bump SHAs for stable/train https://review.opendev.org/750106 | 14:16 |
| openstackgerrit | Merged openstack/openstack-ansible stable/stein: Bump SHAs for stable/stein https://review.opendev.org/750107 | 14:16 |
| openstackgerrit | Merged openstack/openstack-ansible master: Imported Translations from Zanata https://review.opendev.org/750137 | 14:16 |
| openstackgerrit | Merged openstack/openstack-ansible-os_glance stable/train: Fix native service path https://review.opendev.org/750140 | 14:42 |
| *** SecOpsNinja has joined #openstack-ansible | 15:08 | |
| *** pcaruana has quit IRC | 15:25 | |
| *** cshen has quit IRC | 15:35 | |
| *** miloa has quit IRC | 15:39 | |
| openstackgerrit | Merged openstack/openstack-ansible-ceph_client stable/stein: Remove trailing '/' from ceph_apt_repo_url https://review.opendev.org/750167 | 16:01 |
| *** cshen has joined #openstack-ansible | 16:06 | |
| *** BlackFX has quit IRC | 16:08 | |
| *** openstackgerrit has quit IRC | 16:11 | |
| *** cshen has quit IRC | 16:46 | |
| *** SecOpsNinja has left #openstack-ansible | 16:52 | |
| *** SecOpsNinja has joined #openstack-ansible | 16:53 | |
| *** cshen has joined #openstack-ansible | 17:17 | |
| *** jpward has joined #openstack-ansible | 17:19 | |
| *** cshen has quit IRC | 17:22 | |
| *** jbadiapa has quit IRC | 17:22 | |
| *** andrewbonney has quit IRC | 17:42 | |
| *** SecOpsNinja has left #openstack-ansible | 18:04 | |
| *** cshen has joined #openstack-ansible | 18:35 | |
| *** MickyMan77 has joined #openstack-ansible | 18:56 | |
| MickyMan77 | When I run this command, openstack-ansible setup-openstack.yml, it fails on (TASK [os_keystone : Create database for service]). | 18:58 |
| MickyMan77 | with msg, | 18:58 |
| MickyMan77 | failed: [controller01_keystone_container-94d17e6e -> xx.xx.xx.xx] (item=None) => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}fatal: [controller01_keystone_container-94d17e6e]: FAILED! => {"censored": "the output has been hidden due to the fact that 'no_log: true' was | 18:59 |
| MickyMan77 | specified for this result", "changed": false} | 18:59 |
| MickyMan77 | how can I unhide so | 19:02 |
| MickyMan77 | *so I can find the error ? | 19:02 |
| *** ChiTo has joined #openstack-ansible | 19:23 | |
| ChiTo | Hi everybody, I have some questions about my external HAProxy and Internal HAProxy, my question is if I can create two set of HAProxy clusters to load balance one for external VIP APIs connectivity and the other for Internal VIP services, should I create two set of host groups for this use case? | 19:25 |
| *** gregwork has joined #openstack-ansible | 19:27 | |
| *** cshen has quit IRC | 19:32 | |
| *** openstackgerrit has joined #openstack-ansible | 20:25 | |
| openstackgerrit | Merged openstack/openstack-ansible-os_nova master: Set Bridge Information for NSX Integration https://review.opendev.org/748751 | 20:25 |
| admin0 | ChiTo, is that required ? | 20:30 |
| admin0 | i mean you can easily have the same server do the internal and external IP (whcih can be internal) and then NAT/Forward/manage that from an external cluster | 20:30 |
| admin0 | for example, i use 10.x for my external LB IP and the 172.29 for internal .. then from an external LB cluster, nat a public IP to the 10.x | 20:31 |
| ChiTo | admin0: Unfortunately in the past I have a lot of problems in terms of load from external clients vs the internal clients, and that is why I would like to separate two domains, but not sure if I have to create a separated hosst group for the HAproxy-external | 20:32 |
| ChiTo | admin0: at the end of the day is just duplicating HAproxies, and I get it but I just wonder if from the openstack-ansible I can just add a new haproxy besides the internal one | 20:33 |
| admin0 | how about ( haproxy cluster , managed by you that holds the public IP) -> NAT 1:1 to the 3 controllers | 20:35 |
| admin0 | that is something near to what you want | 20:38 |
| admin0 | 2 groups of haproxies .. but without a change in the ansible | 20:38 |
| admin0 | and good thing is if those 3 externals are also not good enough, can upgrade to hardware | 20:38 |
| ChiTo | admin0: Understood, that sounds good, so then I would have to deploy my own haproxy right without depending on openstack-ansible? | 20:39 |
| ChiTo | admin0: And what about if I deploy two groups of HAProxy from the user yaml perspective and assign two different VIPs? | 20:39 |
| ChiTo | from the same internal domain | 20:39 |
| admin0 | this gives you multiple options .. your own haproxy .. or vyos, or a physical router, or anything .. where you host the publc IP .. and then just NAT 1:1 to the external IP | 20:40 |
| ChiTo | but just separate that through my NAT from my router to one of the VIP | 20:40 |
| ChiTo | and the other one to endpoints that are admin/internal | 20:40 |
| admin0 | my thought on this is .. if haprpoxy is not enough for you now .. chances are you need to go hardware | 20:40 |
| ChiTo | totally agreed | 20:42 |
| admin0 | is your public IP directly in the haproxy in openstack now ? | 20:42 |
| ChiTo | not so far, because actually I route through a NAT entry in my router | 20:42 |
| ChiTo | that is why I was thinking of a two internal VIPs | 20:42 |
| admin0 | what is the actual issue ? is it the number of connections ? | 20:43 |
| ChiTo | that is correct, it is a lot of number of connections to the HAproxy externally and it gets a high load | 20:43 |
| ChiTo | and that impacts the internal users, that not necessarily saturate the service but those users are more important than the external ones | 20:44 |
| admin0 | how many connections are we talking about here ? 100k plus ? | 20:46 |
| ChiTo | is a mix between number of connections plus CPU capacity on those HAproxies (which are VMs actually) | 20:46 |
| ChiTo | they are in the order of thousands not even tens of thousands | 20:47 |
| admin0 | in osa, the haproxy runs on metal on the contollers ... so if its virtual in your case, maybe increase resources there and tune the host kernel or something | 20:48 |
| admin0 | order of thousands sounds not that much high tbh | 20:48 |
| ChiTo | admin0: I totally agreed, has to do with my host capabilities, unfortunately are not great | 20:48 |
| ChiTo | admin0: Perhaps moving those to run on metal should work better to avoid the hypervisor overhead as well | 20:49 |
| admin0 | because what i think is .. even if you add 3 more haproxies .. if the controllers itself are under load, then it will not solve anything | 20:49 |
| ChiTo | admin0: Yes, I agree, I need to reprovision some servers to make sure HAProxy is on a metal as you propose with less burden | 20:51 |
| admin0 | maybe possible to add some cpu or ram to the current ones ? | 20:52 |
| ChiTo | admin0: Unfortunately they are very loaded so far with some other internal infrastructure VMs | 20:52 |
| ChiTo | admin0: But I will see if I can get a couple of new servers | 20:53 |
| ChiTo | well three ideally | 20:53 |
| admin0 | yeah | 20:53 |
| ChiTo | admin0: Do you know by chance if I can modify manually the inventory json? | 20:53 |
| admin0 | i recommend not :D | 20:53 |
| ChiTo | to assign specific IP Addresses to my lxc containers | 20:53 |
| ChiTo | instead of letting to assign them automatically | 20:54 |
| ChiTo | based on my container ip pool segment | 20:54 |
| admin0 | its a cloud .. treat it like cattle like it should be :) | 20:54 |
| admin0 | you are now making it a pet :) | 20:54 |
| ChiTo | :) agreed | 20:54 |
| ChiTo | thanks a lot for your comments and feedback admin0, they were very useful! | 20:55 |
| admin0 | you are welcome | 20:56 |
| *** cshen has joined #openstack-ansible | 21:28 | |
| *** cshen has quit IRC | 21:32 | |
| *** tosky has quit IRC | 23:16 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!