Monday, 2020-10-26

« Sunday, 2020-10-25 Index Tuesday, 2020-10-27 »
*** tosky has quit IRC00:28
*** csmart has joined #openstack-ansible00:29
*** prometheanfire has quit IRC00:44
*** prometheanfire has joined #openstack-ansible00:45
*** suryasingh has joined #openstack-ansible01:11
*** karanveersingh56 has joined #openstack-ansible01:13
*** MickyMan77 has quit IRC01:20
*** cshen has quit IRC02:15
*** karanveersingh56 has quit IRC03:01
*** MickyMan77 has joined #openstack-ansible03:33
*** MickyMan77 has quit IRC04:07
*** MickyMan77 has joined #openstack-ansible04:40
*** MickyMan77 has quit IRC05:06
*** yasemind has joined #openstack-ansible05:11
*** evrardjp has quit IRC05:33
*** evrardjp has joined #openstack-ansible05:33
*** NewJorg has quit IRC06:26
*** NewJorg has joined #openstack-ansible06:33
*** sshnaidm|off is now known as sshnaidm07:00
*** sshnaidm is now known as sshnaidm|rover07:01
noonedeadpunkmorning07:31
ptomorning07:36
*** rpittau|afk is now known as rpittau07:57
ptoI think there is still something wrong with federated identity in os_keystone i ussuri. Who can help to clarify if its a configuration issue or an actual bug?08:06
*** andrewbonney has joined #openstack-ansible08:16
ebbexmornin'08:23
*** cshen has joined #openstack-ansible08:25
*** pto_ has joined #openstack-ansible08:53
*** pto has quit IRC08:56
pto_Anyone know when the SQL trigger idp_insert_read_only is dropped?09:04
*** pto_ is now known as pto09:05
*** MickyMan77 has joined #openstack-ansible09:12
*** fresta has joined #openstack-ansible09:18
*** pto has quit IRC09:23
*** pto has joined #openstack-ansible09:24
noonedeadpunkpto: I think #openstack-keystone folks are most competent here09:33
jrossermorning10:23
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_swift master: Define condition for the first play host one time  https://review.opendev.org/75442810:26
noonedeadpunkso, we're having ptg in 2.5 hours10:27
noonedeadpunkwe're having mitaka room https://www.openstack.org/ptg/rooms/mitaka10:36
jrosserso we should unblock these lxc images then10:40
noonedeadpunkI wasn't able to find what's wrong with centos10:42
noonedeadpunkso we need to pick the chair...10:43
noonedeadpunkah 759229 ok)10:44
*** pto has quit IRC10:44
*** pto has joined #openstack-ansible10:45
noonedeadpunkwell, dib does exactly the same https://opendev.org/openstack/diskimage-builder/src/branch/master/diskimage_builder/elements/ubuntu/root.d/10-cache-ubuntu-tarball#L2210:57
noonedeadpunkexcept for centos they get qcow image o_O10:58
*** pto has quit IRC11:12
*** pto has joined #openstack-ansible11:13
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-rabbitmq_server master: Bump rabbitmq version  https://review.opendev.org/75966411:17
ptonoonedeadpunk: I tried multiple times in #openstack-keystone but the channel seems totally dead11:19
ptonoonedeadpunk: But i have isolated the issue to be a timing problem in the ansible play. commenting out part of the play, run the play and then commenting it in again, make it install successful11:20
jrosserpto: my team are running openid federation here but we do not run into the same issue11:21
ptojrosser: I have made a fresh install to two nodes, running the boiler plate example from tasks/default.yml and it breaks at Ensure external IDP - because the keystone tables have an trigger which rejects inserts. I cant quite figure out what makes migration trigger to be dropped. I think its the keystone-manage db_sync --contracts but its not always the case.11:23
jrossersure, i've seen your description of this11:23
ptojrosser: Commenting out the import_tasks: keystone_federation_sp_idp_setup.yml and then run the os-keystone-install.yml makes it succeed, then commenting it in again and run os-keystone-install.yml again works11:24
jrosserdo you add keystone federation to the fresh install or do you add the keystone_sp config afterwards?11:24
*** tosky has joined #openstack-ansible11:25
ptojrosser: yes. Fresh installed Ubuntu 20.04 from MAAS, and then a fresh bootstraped ussiri/stable checkout (21.1.0 is broken). user_variables.yml: http://paste.openstack.org/show/799373/11:26
jrosserhave you tried initially installing without the keystone_sp, then re-running os_keystone to add the federation after the initial deploy?11:28
jrosserpto: what do you find broken with 21.1.0?11:28
ptojrosser: Ubuntu 20.04 support in keystone (/etc/ansible/roles/os_keystone/vars/ubuntu-20.04.yml) unless its has been merged recently.11:29
jrosseroh yes, the libcurl thing11:30
ptojrosser: I think the keystone_federation_sp_idp_setup.yml should be run after https://github.com/openstack/openstack-ansible/blob/47e5a90a7fcc78adc44bbd0803e0faabb56197b6/playbooks/os-keystone-install.yml#L135 - or the idp_insert_read_only trigger (https://docs.openstack.org/keystone/ussuri/_modules/keystone/common/sql/expand_repo/versions/012_expand_add_domain_id_to_idp.html) will be active and the Ensure Exte11:31
ptornal IDP fail11:31
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_senlin master: Updated from OpenStack Ansible Tests  https://review.opendev.org/75289211:46
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_zun master: Add placement client to zun config file  https://review.opendev.org/74149411:47
*** rfolco has joined #openstack-ansible11:50
*** gshippey has joined #openstack-ansible11:50
*** persia_ is now known as persia11:52
*** pfsmorigo has joined #openstack-ansible12:17
gillesMoHello. Upgrading to Ussuri, Aodh DB migration fails with "Row size too large". I already see WARNINGs concerning some sizes due to TABLE FORMAT TYPE (Compact instead of Dynamic or Compressed). Is ther a specific task outside playbooks to run ?12:19
* noonedeadpunk never run aodh....12:20
ptojrosser: Any suggestions on how to fix this? Cloud/should the keystone_federation_sp_idp_setup.yml be moved to after the db migration has been done?12:20
*** gillesMo has quit IRC12:20
*** gillesMo has joined #openstack-ansible12:21
openstackgerritMerged openstack/openstack-ansible-os_ironic master: Add iPXE support to Ironic Conductor  https://review.opendev.org/73633612:36
noonedeadpunkuh, for stein we have circular dependency...12:41
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/stein: Pin virtualenv<20 for python2 functional tests  https://review.opendev.org/75930812:43
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/stein: Pin virtualenv<20 for python2 functional tests  https://review.opendev.org/75930812:45
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/stein: Return bionic jobs to voting  https://review.opendev.org/75967612:45
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-tests stable/rocky: Pin virtualenv<20 for python2 functional tests  https://review.opendev.org/75967712:49
jrosserpto: you can't move the tasks like that12:49
jrosserthey are all inside the os_keystone role and the db migrations are finalised in the playbook12:49
*** sshnaidm|rover has quit IRC12:50
ptojrosser: I am aware of that. Any suggestion on how to fix the issue then?12:51
ptoRerun the role with a special flag?12:51
jrosserimho this is an issue to do with the keystone db migrations, though i've not looked in any detail12:52
jrosserlike i suggested earlier you could do an initial deployment without federation then add it in afterwards with a second run of os_keystone12:52
jrosserit is unfortunate that no-one is helping in the keystone irc channel12:53
dmsimardjrosser, noonedeadpunk: just checking in, have you noticed playbooks getting stuck due to ara since friday ?12:59
noonedeadpunkI'm not12:59
noonedeadpunkseems pretty green12:59
dmsimardgreat, thanks12:59
*** sshnaidm has joined #openstack-ansible12:59
*** rh-jelabarre has joined #openstack-ansible13:00
*** sshnaidm is now known as sshnaidm|rover13:00
* noonedeadpunk feels a bit lonely13:00
jamesden_hi13:05
*** jamesden_ is now known as jamesdenton13:05
jamesdentonnoonedeadpunk is there a schedule for ptg?13:15
noonedeadpunkit's right now)13:16
noonedeadpunkhttps://www.openstack.org/ptg/rooms/mitaka13:17
jamesdentonthank you13:17
ptoIs the file /etc/keystone/sso_callback_template.html supposed to be installed?13:21
*** dave-mccowan has joined #openstack-ansible13:22
spotznoonedeadpunk: I'll be there as soon as my meeting is over. Do we have an etherpad?13:25
noonedeadpunksure it's https://etherpad.opendev.org/p/osa-wallaby-ptg13:25
spotzThanks13:25
openstackgerritJames Denton proposed openstack/openstack-ansible-os_tempest master: WIP - Allow deployer to skip default resource creation  https://review.opendev.org/73389213:29
openstackgerritJames Denton proposed openstack/openstack-ansible-os_tempest master: WIP - Allow deployer to skip default resource creation  https://review.opendev.org/73389213:29
openstackgerritJames Denton proposed openstack/openstack-ansible master: WIP - Create OSA-specific tempest resources  https://review.opendev.org/73389413:30
openstackgerritJames Denton proposed openstack/openstack-ansible-os_tempest master: Allow deployer to skip default resource creation  https://review.opendev.org/73389213:30
openstackgerritJames Denton proposed openstack/openstack-ansible master: Create OSA-specific tempest resources  https://review.opendev.org/73389413:30
gshippey@pto, have a look at https://github.com/openstack/openstack-ansible-os_keystone/blob/2b125eca319271b9ad8fc700f5b5aba00dc09037/defaults/main.yml#L501, on your deploy host you need to create your sso_callback_template and set keystone_sso_callback_file_path to it. This is the example keystone give https://github.com/openstack/keystone/blob/master/etc/sso_callback_template.html - you can use that/modify/make13:30
gshippeyyour own13:30
ptogshippey: But the shouldnt it default if its not defined?13:33
*** spatel has joined #openstack-ansible13:39
*** nurdie has joined #openstack-ansible13:40
gshippeyhttps://github.com/openstack/openstack-ansible-os_keystone/commit/62d9f9c10d18fcf9e6a6b5b4039a1f3b54137c03 - this is the most recent relevant commit, might be possible to default it to the file in the keystone venv13:49
*** d34dh0r53 has joined #openstack-ansible13:51
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_tempest master: Added tempest ironic resources setup.  https://review.opendev.org/72070514:04
*** strattao has joined #openstack-ansible14:12
openstackgerritJames Denton proposed openstack/openstack-ansible-os_neutron master: Implement uWSGI for neutron-api  https://review.opendev.org/48615614:23
*** macz_ has joined #openstack-ansible14:24
openstackgerritMerged openstack/openstack-ansible-os_tempest master: Re-adding redhat-7.yml distro var  https://review.opendev.org/75882314:46
*** cshen has quit IRC15:00
*** gyee has joined #openstack-ansible15:04
noonedeadpunkdmsimard: are you around15:32
dmsimardI am15:32
noonedeadpunkcan you join us on https://www.openstack.org/ptg/rooms/mitaka ?:)15:33
dmsimarduh oh, what did I break this time15:33
noonedeadpunkno, nothing:)15:33
noonedeadpunkjust discussing ara for osa deployers15:33
dmsimardjoining in a sec15:33
dmsimardit's because of the browser15:38
dmsimardlemme install the app15:38
noonedeadpunkah....15:38
noonedeadpunksorry:(15:38
*** munimeha1 has joined #openstack-ansible15:40
gillesMoDuring Train upgrade, the relase notes says that the placement API is moved from nova to a specific contener. But my inventory continues to have an entry for nova_api_plaement, and so haproxy is configured with a frontend/backend for it...15:49
* prometheanfire wonders if there's a timeline for victoria greenfield and/or upgrade (from ussuri)15:57
* dmsimard uninstalls zoom app15:58
prometheanfirelol16:01
openstackgerritJames Denton proposed openstack/ansible-role-systemd_networkd master: Add GPG Key for EPEL8 Repo  https://review.opendev.org/75914516:03
prometheanfireoh, didn't know there was a networkd role now16:04
*** yolanda has quit IRC16:06
jamesdentoncongrats! you are now moderator of networkd role16:06
mgariepylol16:22
prometheanfirelol16:24
prometheanfiresounds about right16:24
prometheanfireI do push it at work though16:24
openstackgerritMerged openstack/openstack-ansible-os_senlin master: Use the utility host for db setup tasks  https://review.opendev.org/75603916:34
*** MickyMan77 has quit IRC16:44
*** MickyMan77 has joined #openstack-ansible16:45
*** MickyMan77 has quit IRC16:54
*** rpittau is now known as rpittau|afk17:09
*** tosky has quit IRC17:17
*** MickyMan77 has joined #openstack-ansible17:27
*** ThiagoCMC has joined #openstack-ansible17:29
*** cshen has joined #openstack-ansible17:34
*** MickyMan77 has quit IRC17:35
*** recyclehero has quit IRC17:59
*** recyclehero has joined #openstack-ansible18:10
*** munimeha1 has quit IRC18:12
*** cshen has quit IRC18:14
*** cshen has joined #openstack-ansible18:27
openstackgerritMerged openstack/openstack-ansible-os_senlin master: Updated from OpenStack Ansible Tests  https://review.opendev.org/75289218:31
*** MickyMan77 has joined #openstack-ansible18:31
*** cshen has quit IRC18:45
*** andrewbonney has quit IRC18:51
*** recyclehero has quit IRC18:52
*** cshen has joined #openstack-ansible18:53
*** recyclehero has joined #openstack-ansible18:58
*** MickyMan77 has quit IRC19:06
*** recyclehero has quit IRC19:53
openstackgerritJames Denton proposed openstack/ansible-role-systemd_networkd master: Add GPG Key for EPEL8 Repo  https://review.opendev.org/75914519:53
*** spatel has quit IRC19:57
*** MickyMan77 has joined #openstack-ansible20:02
jrosserjamesdenton: the neutron uwsgi patch looks close, they all fail similarly20:19
jrosserhttps://zuul.opendev.org/t/openstack/build/f04fac2bc188470596e2e6552063854e/log/logs/host/neutron-l3-agent.service.journal-15-41-46.log.txt#6920:20
jamesdentonnot bad for a 3 yr old patch20:21
jamesdenton:D20:21
jamesdentoni guess the service isn't starting20:22
*** MickyMan77 has quit IRC20:36
*** tosky has joined #openstack-ansible20:43
*** mmercer has quit IRC20:45
*** melwitt has quit IRC20:45
*** mmercer has joined #openstack-ansible20:45
spotzjrosser jamesdenton - Because I was in and out today did we cover the gerrit incident at all today?20:54
jamesdentoni don't recall anything about it20:59
*** MickyMan77 has joined #openstack-ansible21:03
*** cshen has quit IRC21:10
jamesdentonrepo cloning in this aio... could've walked to starbucks and back and it still wouldn't be done21:10
*** cshen has joined #openstack-ansible21:10
*** MickyMan77 has quit IRC21:11
spotzjamesdenton: ooh Starbucks.... I need to run down to SA in a few hadn't made it to the barn yet and it's gotten cold! Need to put a blanky on the pony!21:11
jamesdentonwhere are you at?21:12
spotzNB21:12
*** jralbert has joined #openstack-ansible21:13
jralbertIs it expected/intended that OSA applies the ansible-hardening role to metal hosts only, and not to containers?21:14
jamesdentonthe notes seem to imply only physical hosts21:21
jamesdentonhttps://docs.openstack.org/openstack-ansible/latest/user/security/hardening.html21:21
jralbertI'm curious about that. It seems to me that at least things like sshd hardening should be applied to every OSA-managed system, physical or container. I was surprised to discover the containers running default sshd configs21:25
jamesdentonnot sure what the thinking was there21:27
*** spatel has joined #openstack-ansible21:30
jralbertDo you think it would be appropriate to raise a bug on this?21:32
jamesdentonwouldn't hurt. the channel is more lively in the AM, UTC21:36
spotzjamesdenton: was it a major thing?21:43
*** spatel has quit IRC21:45
jamesdentoni know Major was a big contributor. Not sure who maintains it these days21:50
spotzThat I don't know, he just did a lot of the hardening I remember from reviewing them21:51
openstackgerritJames Denton proposed openstack/ansible-role-systemd_networkd master: Add GPG Key for EPEL8 Repo  https://review.opendev.org/75914521:56
jralbertIs that role not maintained anymore?21:59
*** aedc has joined #openstack-ansible22:15
*** aedc has quit IRC22:15
*** aedc has joined #openstack-ansible22:15
*** cshen has quit IRC22:32
jrosserjralbert: it’s probably more accurate to say that no one has contributed updates to the ansible-hardening role for a while22:42
jrosserthe CI is kept functional though, so in that sense the role is maintained22:43
jrosserjamesdenton: I have a patch to parallelise the git clone, was discussed earlier22:44
jrosserwould be interested to see if that works for you22:45
*** aedc has quit IRC23:05
*** aedc has joined #openstack-ansible23:09
*** gshippey has quit IRC23:10
jamesdentonjrosser please share when you have the chance. i do seem to recall this being discussed this morning, maybe?23:15
jrosserjamesdenton: https://review.opendev.org/#/c/588372/23:16
jrosserreally wants to be in an ansible collection nowadays23:16
jamesdentonthank you.23:17
jamesdentonit's late!23:17
jrosserit is!23:18
*** cshen has joined #openstack-ansible23:28
*** tosky has quit IRC23:28
*** cshen has quit IRC23:33
*** rh-jelabarre has quit IRC23:48
*** jralbert has quit IRC23:56
« Sunday, 2020-10-25 Index Tuesday, 2020-10-27 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!