| *** tosky has quit IRC | 00:10 | |
| *** spatel_ has joined #openstack-ansible | 00:30 | |
| *** spatel_ is now known as spatel | 00:30 | |
| *** spatel has quit IRC | 00:31 | |
| *** macz_ has quit IRC | 00:58 | |
| *** ianychoi has joined #openstack-ansible | 01:24 | |
| *** ianychoi_ has quit IRC | 01:26 | |
| *** NewJorg has quit IRC | 01:28 | |
| snadge | dang.. the ussuri release notes say centos 7 is supported, but there is no rdo-release package for it found here: https://repos.fedorapeople.org/repos/openstack/openstack-ussuri/ | 01:43 |
|---|---|---|
| snadge | the RDO project says only Centos 8 is supported starting from ussuri onwards.. so maybe the documentation here: https://docs.openstack.org/project-deploy-guide/openstack-ansible/ussuri/deploymenthost.html .. is incorrect? | 01:47 |
| *** macz_ has joined #openstack-ansible | 02:10 | |
| *** LowKey has joined #openstack-ansible | 02:14 | |
| *** macz_ has quit IRC | 02:15 | |
| *** priteau has quit IRC | 03:03 | |
| *** tinwood has quit IRC | 03:11 | |
| *** tinwood has joined #openstack-ansible | 03:14 | |
| *** evrardjp has quit IRC | 03:33 | |
| *** evrardjp has joined #openstack-ansible | 03:33 | |
| *** jamesdenton has quit IRC | 03:37 | |
| *** jamesden_ has joined #openstack-ansible | 03:38 | |
| LowKey | Hi, I've failed task on horizon : http://paste.openstack.org/show/uMTolZwq7LeOuGfbtGqt/ current using 21.0.1 , need advise on how to fix this issue? | 03:49 |
| LowKey | fixed by added : -e venv_rebuild=yes , but there was another error happened http://paste.openstack.org/show/esOPA9FCUcJz5PTTTSVu/ | 04:07 |
| *** macz_ has joined #openstack-ansible | 04:29 | |
| *** mrda has quit IRC | 04:31 | |
| *** mrda has joined #openstack-ansible | 04:33 | |
| *** macz_ has quit IRC | 04:34 | |
| *** macz_ has joined #openstack-ansible | 04:50 | |
| *** macz_ has quit IRC | 04:54 | |
| *** yasemind has joined #openstack-ansible | 05:07 | |
| *** yasemind has quit IRC | 05:17 | |
| jrosser | snadge: is something specific missing and failing? remember RDO is not openstack-ansible so what releases are supported will not necessarily be the same | 06:15 |
| snadge | i did a bit of research and the tldr is.. train is the last release to support centos 7.. and the only one to support both? | 06:16 |
| snadge | ussuri apparently dropped python 2 support (it looks like) | 06:16 |
| snadge | so my determination from that is that ussuri just wont work on centos 7 at all | 06:16 |
| snadge | i haven't found any distribution of it anywhere that does.. apart from some vague mention that there's a backport somewhere that "probably doesn't work for other reasons.. kernel 3.10 is too old" | 06:17 |
| jrosser | snadge: you’re deploying openstack with OSA? | 06:17 |
| snadge | yes | 06:17 |
| jrosser | from source rather than using distribution packages? | 06:18 |
| snadge | umm.. the instructions only say to use the distro packages | 06:18 |
| jrosser | ? | 06:18 |
| snadge | on the installation page for ussuri.. configure deployment host | 06:19 |
| snadge | it says to dnf install https://repos.fedorapeople.org/repos/openstack/openstack-ussuri/rdo-release-ussuri.el8.rpm | 06:19 |
| snadge | for starters you cant dnf install on cent 7.. but even ignoring that.. if you go to that openstack-ussuri folder, there are only el8 rpms | 06:19 |
| snadge | but for train there is both | 06:19 |
| snadge | of course i tried to install the el8 rpm for entertainment purposes but it expectedly errors.. even though it installs | 06:20 |
| jrosser | it could be just a docs error | 06:20 |
| snadge | yeah.. my research basically tells me that train is the last supported version of openstack on Cent/EL7] | 06:21 |
| snadge | due to dropping python 2 compatibility | 06:21 |
| jrosser | imho pay less attention to what RDO say | 06:22 |
| jrosser | becasue we install from source code with OSA the same does not apply | 06:22 |
| snadge | really? | 06:22 |
| jrosser | look at the CO jobs run here under "zuul summary" https://review.opendev.org/c/openstack/openstack-ansible/+/780435 | 06:22 |
| snadge | because i installed over the top of an existing train install | 06:22 |
| jrosser | thats the current Ussuri branch for OSA running centos-7 jobs | 06:23 |
| snadge | and all the versions of everything installed is train.. i forgot i have the train RDO repo still installed | 06:23 |
| snadge | so i figured it just installed everything from that instead of compiling it | 06:23 |
| jrosser | only if you have set the install_method=distro, which i would highly discourage | 06:23 |
| jrosser | just to be totally clear, we're running CI jobs today on Ussuri installing onto centos-7, fully python3 | 06:24 |
| jrosser | OSA can do this where others cannot becasue of the source based insallation | 06:24 |
| snadge | interesting.. i must be missing something from the installation guide then | 06:25 |
| snadge | i dont have install method set to distro.. thats in user confi? | 06:25 |
| jrosser | build a centos-7/ussuri all-in-one | 06:25 |
| jrosser | yes but like i say i would really not recommend that as you are then stuck with whatever RDO decide they want you to do | 06:26 |
| snadge | i wonder if it autodetects that if you have the repo installed/configured | 06:26 |
| jrosser | no | 06:26 |
| * jrosser heads out for a bit..... | 06:26 | |
| snadge | well i didn't go out of my way to enable install method distro.. but thanks for the info, its given me something else to look into | 06:26 |
| jrosser | if theres something specific looking odd with the docs please link it here | 06:26 |
| jrosser | i think OSA is unique in offering centos7/ussuri | 06:27 |
| snadge | it must be.. and im excited theres a way to do that.. because, unfortunately the current documentations are not updated to reflect this | 06:27 |
| snadge | it just says to install the RDO package and there isn't one for 7 | 06:28 |
| jrosser | can you give me the link? | 06:28 |
| snadge | https://docs.openstack.org/project-deploy-guide/openstack-ansible/ussuri/deploymenthost.html | 06:28 |
| jrosser | it's likley en error, build an all-in-one and see what gets configured becasue thats exactly whats happening in the CI jobs | 06:29 |
| * jrosser really heads out :) | 06:29 | |
| snadge | ok sweet will do thanks | 06:29 |
| *** NewJorg has joined #openstack-ansible | 06:40 | |
| *** yasemind has joined #openstack-ansible | 06:41 | |
| *** yasemind has quit IRC | 06:57 | |
| *** miloa has joined #openstack-ansible | 07:08 | |
| *** miloa has quit IRC | 07:09 | |
| noonedeadpunk | mornings | 07:30 |
| openstackgerrit | Slawek Kaplonski proposed openstack/openstack-ansible-os_tempest master: Install nmap on the Redhat 8 and ncat on Debian https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/780588 | 07:43 |
| jrosser | morning | 08:01 |
| jrosser | noonedeadpunk: interesting discussion earlier about the docs saying to install RDO repo on the deploy host | 08:02 |
| jrosser | thats got to be just historic stuff i think? | 08:02 |
| noonedeadpunk | I think it was more centos 7 related since we used qemu from rdo? | 08:03 |
| noonedeadpunk | or smth like that.... | 08:03 |
| noonedeadpunk | but we might be using some things for centos 8 as well actually | 08:04 |
| noonedeadpunk | like system python3 packages | 08:04 |
| *** andrewbonney has joined #openstack-ansible | 08:09 | |
| jrosser | but not for the deploy host? | 08:11 |
| jrosser | and something is wierd here too https://docs.openstack.org/project-deploy-guide/openstack-ansible/ussuri/targethosts.html | 08:12 |
| jrosser | becasue that doesnt mention centos-7 | 08:12 |
| snadge | im running an aio install now on cent7 with ussuri | 08:14 |
| snadge | i got it install with my deploy host to a test cluster before.. but the versions of the openstack and nova client were the same as from train | 08:15 |
| jrosser | the ones in the utility container? | 08:15 |
| jrosser | or ones installed using yum? | 08:16 |
| snadge | in the utility container | 08:16 |
| jrosser | oh, well there was a bug actually which may not have had the fix backported to ussuri...... | 08:16 |
| jrosser | https://github.com/openstack/openstack-ansible/commit/5eeec731c48839123249a8bed9b1de56963475aa | 08:17 |
| snadge | ack.. thats my bad, its difficult to translate version of utilities to openstack or entire stack version because it doesn't work that way | 08:18 |
| snadge | when i checked the documentation it appeared the versions i was using were for train.. but the ones i have on train in production are indeed older | 08:18 |
| snadge | i was just looking for something anywhere in the web gui or in one of containers or something to say.. "yes this is ussuri and not train" | 08:19 |
| snadge | i just checked the versions of the openstack client and the output of nova --version | 08:19 |
| jrosser | that patch is present in the latest ussuri branch | 08:19 |
| snadge | so thats not in 21.2.3 or it is? | 08:20 |
| jrosser | in the utility container the openstack cli tools are installed for the branch you're installing | 08:21 |
| jrosser | so really thats independant of anthing from rdo | 08:21 |
| snadge | yeah thats what i was checking.. but i've just discovered that the versions installed were indeed newer than the ones i have from train in production | 08:22 |
| jrosser | yes it's there for 21.2.3 | 08:22 |
| snadge | and you cant simply translate versions of individual components to the distribution version | 08:22 |
| jrosser | no | 08:22 |
| snadge | there are pages which sort of allow you to do that for specific distributions.. but its obviously not universal | 08:22 |
| *** rpittau|afk is now known as rpittau | 08:23 | |
| snadge | i can at least confirm now i've installed ussuri on centos 7.. i just had a user error attempting to identify whether it was actually the new version or not, because everything seems to be the same as it was in train | 08:23 |
| jrosser | ah good, it should all be fine | 08:24 |
| jrosser | though centos-7/ussuri is the point you need to make a decision about what your next upgrade will be | 08:25 |
| jrosser | as centos-8 comes with it's own unique set of challenges right now | 08:25 |
| jrosser | so whilst OSA is running centos-8 jobs for ussuri and onward those only work because centos-8 is not yet EOL and everything we rely on for upstream repos is still there and working | 08:27 |
| noonedeadpunk | but does mention suse( | 08:34 |
| noonedeadpunk | Btw it might be me who dropped somehow centos7 mentioning from deployguide for ussuri | 08:35 |
| noonedeadpunk | I guess I did that as it was hard to organize configuration command both for centos7 and centos8 or dunno... | 08:35 |
| noonedeadpunk | https://opendev.org/openstack/openstack-ansible/commit/232bb43eb7bbc50f49ca2351a0dedc838bbfe5d1 | 08:36 |
| noonedeadpunk | we can partially revert it | 08:36 |
| jrosser | i expect that the need for the rdo repo is not needed? | 08:37 |
| noonedeadpunk | yeah, for deployment host we don't need it for sure | 08:37 |
| jrosser | yeah it's not in bootstrap-host at all so i think we can just get rid of that | 08:38 |
| jrosser | and i expect that the ansible roles should take care of repos on the target hosts | 08:38 |
| noonedeadpunk | yep | 08:38 |
| noonedeadpunk | btw I'm not sure why we even have these apt/dnf installs on the deploy host? except git? | 08:38 |
| jrosser | it just looks like very old docs i think | 08:39 |
| jrosser | perhaps from before there was the ansible-runtime venv a bunch of things needed distro packages? | 08:40 |
| noonedeadpunk | they kind of make _some_ sense in terms that we don't want to handle things like bridge-utils and etc... | 08:40 |
| noonedeadpunk | but yeah, they need more love... | 08:41 |
| jrosser | it even asks for debootstrap on ubuntu :) | 08:41 |
| *** zbr has joined #openstack-ansible | 08:42 | |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible-lxc_container_create master: Convert remaining ansible_ fact variables to ansible_facts[] https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/781038 | 08:43 |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible-lxc_container_create master: Remove references to unsupported operating systems https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/781039 | 08:43 |
| noonedeadpunk | isn't it something you used to build ubuntu images ?:) | 08:43 |
| *** NewJorg has quit IRC | 08:44 | |
| *** NewJorg has joined #openstack-ansible | 08:47 | |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible-lxc_hosts master: Remove references to unsupported operating systems https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/781041 | 08:49 |
| jrosser | it is | 08:49 |
| jrosser | but why this is needed for the deployment host i have no idea | 08:49 |
| jrosser | but perhaps an excellent question about what makes that installed for lxc_hosts to use...... | 08:50 |
| *** LowKey has quit IRC | 08:51 | |
| jrosser | oh it's already in the required distro packages for the host system in lxc_hosts vars | 08:51 |
| *** LowKey has joined #openstack-ansible | 08:52 | |
| snadge | what happens when centos 8 goes EOL.. are we going to assume that something else may become ready to drop in place? | 08:53 |
| snadge | we're in a position where we can probably just switch to RHEL 8.3 | 08:53 |
| snadge | but this rocky linux may also become a thing and I have not checked on the status of that.. also I think RHEL may become free as in beer, for some use cases.. academics and non profits and things like that | 08:54 |
| jrosser | snadge: we are in a difficult position really | 08:54 |
| jrosser | there is 'prototype' support for Centos-8 stream as unmerged patches to OSA master branch | 08:55 |
| jrosser | but those are not (any possibly never will be) in Ussuri or Victoria unless there is someone sufficiently motivated to backport a load of stuff | 08:55 |
| snadge | i think that might even be an option for us tbh.. just using stream that is, as long as we have support for the hardware we're using | 08:55 |
| snadge | thats fine, whatever the next version is could be the way to go.. ussuri will keep us going until then | 08:56 |
| snadge | on centos 7 that is | 08:56 |
| jrosser | yes, that will stay alive as far as i'm aware | 08:57 |
| jrosser | but I don't know what your upgrade path would be for the future, you may end up stuck on Centos-7/Ussuri | 08:57 |
| snadge | thats pretty reasonable actually, the competition is redhat openstack 16.1 .. which isn't supported with our particular hardware combination right now | 08:57 |
| snadge | i really like OSA though.. and i will advocate to use it on centos 8 stream if that works for us when it comes time to need it | 08:59 |
| jrosser | part of the trouble is we don't have any sizable contributors who are using centos in their environments | 09:01 |
| jrosser | so from my personal POV it is burden/overhead to support it | 09:01 |
| jrosser | we really need folk who are relying on it to help keep the centos support alive | 09:02 |
| *** tosky has joined #openstack-ansible | 09:03 | |
| snadge | thats fair.. if our outfit was a bit larger, im sure the guys in north america and london or whatever could contribute something.. but their corporate overlords might have other ideas, there are after all commercial products which are competing with these free community alternatives | 09:03 |
| snadge | like the one i just mentioned | 09:04 |
| jrosser | the centos-8 stream stuff has only made the situation worse, as it's pushed some big operators to change OS | 09:04 |
| jrosser | kind of been the tipping point they needed to just use something else | 09:04 |
| snadge | well.. i can at least commit resources to evaluating and testing the centos 8 stream stuff, for our small development environment | 09:06 |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible-memcached_server master: Remove references to unsupported operating systems https://review.opendev.org/c/openstack/openstack-ansible-memcached_server/+/781051 | 09:06 |
| jrosser | if you want to see whats involved there a patch here https://review.opendev.org/c/openstack/openstack-ansible/+/776226 | 09:07 |
| jrosser | all the 'depends-on' lines pull in the rest of the required changes | 09:07 |
| jrosser | though for some reason the runtime of those jobs has doubled with the changes we've had to make | 09:07 |
| jrosser | and thats really not cool as 3hours is the max runtime any of the CI jobs are allowed | 09:08 |
| snadge | i have bookmarked it.. so its very much wip? | 09:09 |
| jrosser | kind of | 09:09 |
| jrosser | if the runtime had not increased then this would be merged already i think | 09:09 |
| jrosser | need to understand why this happens, it's something to do with how the container base image is built | 09:10 |
| jrosser | for stream we've changed to using dnf to build a chroot from scratch rather than download/unpack a docker base image for the rootfs | 09:10 |
| jrosser | but for $reasons that runs really really slowly | 09:11 |
| jrosser | RH no longer supply a tar of the container rootfs for stream, so theres just no starting point like there was for previous centos | 09:11 |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible-openstack_hosts master: Remove references to unsupported operating systems https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/781054 | 09:16 |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible-openstack_openrc master: Remove references to unsupported operating systems https://review.opendev.org/c/openstack/openstack-ansible-openstack_openrc/+/781055 | 09:17 |
| snadge | it sounds like thats not really fixable unless you can cache the container rootfs between builds, and only rebuild that as necessary or every week or something | 09:18 |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible-tests master: Use ansible_facts[] instead of fact variables https://review.opendev.org/c/openstack/openstack-ansible-tests/+/781059 | 09:27 |
| *** yasemind has joined #openstack-ansible | 09:30 | |
| *** openstackgerrit has quit IRC | 09:33 | |
| jrosser | snadge: it's not the container build thats taking time, its the runtime execution speed of the ansible tasks which is slow | 09:39 |
| snadge | i see that will take some time to profile and an understanding of the entire process would obviously help | 09:44 |
| jrosser | noonedeadpunk: do you think openstack-ansible-deploy-aio_distro_metal-centos-8 is even a valid job on ussuri? | 09:56 |
| jrosser | for these https://review.opendev.org/q/project:openstack%252Fopenstack-ansible-os_horizon+branch:stable%252Fussuri+status:open | 09:56 |
| jrosser | for the last ussuri branch horizon patches to merge there was not a centos-8 job | 09:56 |
| noonedeadpunk | I think it should be valid, yes. It fails on apache restart which is weird actually | 10:00 |
| noonedeadpunk | but considering it passes till that point... | 10:00 |
| noonedeadpunk | I can recall doing some replace for apache on V | 10:01 |
| jrosser | this is the wierd thing though, the previous thing we merged to ussuri for os_horizon didnt run a centos 8 job https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/739260 | 10:01 |
| jrosser | i wonder if this is adjusting the jobs somewhere else has then made some previously untested situation be run for os_horizon | 10:01 |
| noonedeadpunk | it didn't run any centos 8 jobs... | 10:01 |
| jrosser | right | 10:02 |
| noonedeadpunk | I guess so... | 10:02 |
| * jrosser wants to suggest at PTG removing the distro support | 10:02 | |
| *** gshippey has joined #openstack-ansible | 10:09 | |
| jrosser | its this https://github.com/openstack/openstack-ansible-os_horizon/commit/9f9b66a985a44caef36e7af6695a2a6e25460a16 | 10:12 |
| jrosser | we have that patch in ussuri, but i'm not so sure we have the one that sets openstack_service_bind_address | 10:16 |
| *** LowKi has joined #openstack-ansible | 10:19 | |
| *** LowKi is now known as LowKey[A] | 10:21 | |
| admin0 | do you guys have an automated way to deploy AIO ? | 11:09 |
| admin0 | i am working on an openstack reporting panel .. which i might open source at some point .. or provide it for free .. and i want to test it in as many versions as possible | 11:10 |
| *** LowKey has quit IRC | 11:14 | |
| *** priteau has joined #openstack-ansible | 11:26 | |
| *** jamesden_ has quit IRC | 11:51 | |
| *** jamesdenton has joined #openstack-ansible | 11:51 | |
| snadge | admin0: is https://docs.openstack.org/openstack-ansible/victoria/user/aio/quickstart.html what you're looking for? | 11:57 |
| admin0 | nvm ..i am trying to use gitlab+ansible to bring up aios automatically | 12:00 |
| *** yasemind has quit IRC | 12:25 | |
| noonedeadpunk | admin0: in CI we run `./scripts/gate-check-commit.sh <scenario> <deploy/upgrade/linters> <source/distro> | 12:31 |
| noonedeadpunk | ./scripts/gate-check-commit.sh without arguments deploys aio_lxc source scenario | 12:32 |
| noonedeadpunk | Uh, I can really recall some patch we landed to cover apache issue in horizon with keystone... | 12:35 |
| *** rh-jelabarre has joined #openstack-ansible | 12:44 | |
| *** rh-jelabarre has quit IRC | 12:44 | |
| *** rh-jelabarre has joined #openstack-ansible | 12:45 | |
| jrosser | noonedeadpunk: i think it could well be that patch, but it relies on something else to set the service bind address i think, which we never did for U | 12:45 |
| jrosser | i'm a bit surprised that it works for the other distro installs but not centos-8, suggests maybe there is a default config file coming from somewhere thats only in the centos rpm..... | 12:46 |
| noonedeadpunk | yep, it was some difference in config we were evaluating.... | 12:48 |
| noonedeadpunk | but I guess that was nginx actually.. https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/775776 | 12:52 |
| jrosser | hmm | 12:52 |
| *** spatel_ has joined #openstack-ansible | 12:58 | |
| *** spatel_ is now known as spatel | 12:58 | |
| *** chandankumar has joined #openstack-ansible | 13:07 | |
| chandankumar | noonedeadpunk: please have a look https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/780588 when free, thanks! | 13:08 |
| *** yasemind has joined #openstack-ansible | 13:17 | |
| *** yasemind has quit IRC | 13:27 | |
| *** fanfi has quit IRC | 13:38 | |
| spotz | chandankumar: Do yo want me to hold off on the Workflow for others? | 13:43 |
| chandankumar | spotz: it would be great to get it merged | 13:45 |
| chandankumar | spotz: thanks for reviewing :-) | 13:46 |
| spotz | chandankumar: Ok workflowing:) | 13:46 |
| spotz | My pleasure, I can always be pinged for reviews. | 13:46 |
| chandankumar | spotz: I was not knowing you have super powers, time to bug more in future for os_tempest :-) | 13:47 |
| *** openstackgerrit has joined #openstack-ansible | 13:48 | |
| openstackgerrit | Merged openstack/openstack-ansible-os_glance master: Convert remaining ansible_ fact variable to ansible_facts[] https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/780722 | 13:48 |
| spotz | chandankumar: hehe | 13:48 |
| jamesdenton | noonedeadpunk Better late than never? https://review.opendev.org/c/openstack/openstack-ansible/+/733894. Let me know if you're still interested in pursuing this | 14:01 |
| noonedeadpunk | I don't really know atm :( | 14:02 |
| jamesdenton | no worries | 14:02 |
| jamesdenton | i'll check again... in November :D | 14:02 |
| noonedeadpunk | I agree that it's great aim, but I don't feel an opprotunity to agree with tripleo on that | 14:03 |
| chandankumar | noonedeadpunk: it is the same copy https://review.opendev.org/c/openstack/openstack-ansible/+/733894/4/playbooks/common-tasks/tempest-resources.yml of https://opendev.org/openstack/openstack-ansible-os_tempest/src/branch/master/tasks/tempest_resources.yml tripleo uses it, based on services | 14:08 |
| noonedeadpunk | jamesdenton: answered your questions | 14:09 |
| noonedeadpunk | (I hope) | 14:09 |
| jamesdenton | it is the same copy currently, but the idea would be OSA could modify vs tripleo and not impact os_tempest role | 14:09 |
| jamesdenton | and vice versa | 14:09 |
| noonedeadpunk | yeah, that^ | 14:09 |
| noonedeadpunk | to make role more agnostic | 14:09 |
| jamesdenton | right | 14:10 |
| jamesdenton | i believe this stemmed from an attempt to build some octavia resources 6+ months ago | 14:10 |
| jamesdenton | not octavia, but rather, ironic: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/720705 | 14:14 |
| openstackgerrit | Merged openstack/openstack-ansible-os_aodh master: Remove references to unsupported operating systems https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/779725 | 14:18 |
| openstackgerrit | Andrew Bonney proposed openstack/openstack-ansible-os_neutron stable/victoria: Prevent neutron-l3-agent restart killing metadata service https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/781109 | 14:19 |
| spatel | noonedeadpunk what is the deal here - https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/772245 | 14:28 |
| spatel | This is kind of blocker for designate deployment :) | 14:30 |
| spatel | frickler you had some concern but i am not sure how to deal with them | 14:31 |
| *** macz_ has joined #openstack-ansible | 14:35 | |
| *** macz_ has quit IRC | 14:40 | |
| frickler | spatel: well I think the main blocker are the tests failing, I've done a recheck now to check the current status. I can demote my remarks to just being comments for possible improvement, so you don't need to consider those as blockers | 14:52 |
| jamesdenton | spatel would be great to add some docs, if possible, to outline the caveats (i.e. the mutual exclusiveness) as I don't know if that's well known. Or at least a release note maybe? | 14:53 |
| spatel | frickler thank you! we can add new stuff in next patch if we need. | 14:53 |
| spatel | jamesdenton we can do reno for sure about new flags | 14:54 |
| *** mensis has joined #openstack-ansible | 14:56 | |
| *** macz_ has joined #openstack-ansible | 14:58 | |
| openstackgerrit | Merged openstack/openstack-ansible-os_aodh master: Use ansible_facts[] instead of fact variables https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/780594 | 14:58 |
| *** LowKey[A] is now known as LowKey | 15:07 | |
| *** jamesdenton has quit IRC | 15:22 | |
| *** jamesden_ has joined #openstack-ansible | 15:22 | |
| *** macz_ has quit IRC | 16:10 | |
| *** macz_ has joined #openstack-ansible | 16:10 | |
| openstackgerrit | Merged openstack/openstack-ansible-os_tempest master: Install nmap on the Redhat 8 and Debian https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/780588 | 16:40 |
| *** macz_ has quit IRC | 16:46 | |
| *** macz_ has joined #openstack-ansible | 16:48 | |
| *** macz_ has quit IRC | 16:53 | |
| *** rpittau is now known as rpittau|afk | 17:08 | |
| *** gyee has joined #openstack-ansible | 17:29 | |
| spatel | frickler look like it was clean pass, https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/772245 | 17:31 |
| spatel | Let me add reno in this patch and then we will try to get some reviews | 17:31 |
| *** mrda has quit IRC | 17:33 | |
| *** mrda has joined #openstack-ansible | 17:34 | |
| openstackgerrit | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron stable/victoria: Fix conditional for ovs https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/779928 | 17:47 |
| *** andrewbonney has quit IRC | 18:18 | |
| *** macz_ has joined #openstack-ansible | 18:31 | |
| *** macz_ has quit IRC | 18:36 | |
| openstackgerrit | Jonathan Rosser proposed openstack/ansible-hardening master: Remove references to unsupported operating systems https://review.opendev.org/c/openstack/ansible-hardening/+/781061 | 18:43 |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible-ceph_client master: Remove references to unsupported operating systems https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/780751 | 18:44 |
| *** gyee has quit IRC | 18:46 | |
| *** yolanda has joined #openstack-ansible | 18:48 | |
| *** gyee has joined #openstack-ansible | 18:53 | |
| CeeMac | Evening folks. | 19:28 |
| CeeMac | Quick question regarding horizon container. Is apache limited to a particular version in each release? We've noticed a couple ov CVEs exposed in an external vulnerability scan and may need to patch | 19:30 |
| CeeMac | Not entirely sure what the process for that would be | 19:33 |
| jrosser | it's whatever your OS provides | 19:38 |
| jrosser | so if you arrange however you like (compile your own, provide a PPA, private repo) then you'll be able to use something updated | 19:39 |
| CeeMac | Oh, it's not specific to the role? | 19:39 |
| jrosser | on ubuntu you might want to see if you're using the -security repos | 19:39 |
| CeeMac | I'll take a look, but basically I should be able to upgrade apache $somehow and that wouldn't break any os or OSA dependencies? | 19:41 |
| *** gmann is now known as gmann_afk | 19:41 | |
| jrosser | the role itself has no care for the version https://github.com/openstack/openstack-ansible-os_horizon/blob/master/vars/debian.yml#L28-L30 | 19:41 |
| jrosser | it's kind of up to you to arrange for an updated pacakge to get installed with 'apt install httpd' thats suitable | 19:42 |
| CeeMac | Perfect, thanks jrosser | 19:42 |
| jrosser | apt-install apache2 i mean | 19:43 |
| jrosser | we did something similar for a custom ceph by hosting a private apt repo | 19:43 |
| CeeMac | Ill try it out in our test environment first :) | 19:43 |
| jrosser | you can see the stock versions here https://packages.ubuntu.com/bionic-updates/web/apache2 | 19:45 |
| jrosser | and also the history and whats upcoming in the next proposed point version here https://launchpad.net/ubuntu/bionic/+source/apache2 | 19:48 |
| jrosser | CeeMac: you should also check that the fix for whatever problem you allegedly have is not already there via the distro package, just taking the major/minor version won't tell you whats been patched | 19:50 |
| *** spatel has quit IRC | 19:53 | |
| CeeMac | Thanks jrosser I'll dig into the cve detail and see if I can work out which release fixes it | 19:55 |
| *** spatel_ has joined #openstack-ansible | 19:57 | |
| *** spatel_ is now known as spatel | 19:57 | |
| *** spatel has quit IRC | 19:57 | |
| *** spatel_ has joined #openstack-ansible | 20:00 | |
| *** spatel_ is now known as spatel | 20:00 | |
| *** spatel has quit IRC | 20:11 | |
| *** fanfi has joined #openstack-ansible | 21:05 | |
| *** jamesden_ has quit IRC | 21:41 | |
| *** jamesdenton has joined #openstack-ansible | 21:42 | |
| *** janno has quit IRC | 21:51 | |
| *** janno has joined #openstack-ansible | 21:52 | |
| *** gshippey has quit IRC | 22:15 | |
| *** gmann_afk is now known as gmann | 22:39 | |
| *** mensis has quit IRC | 23:34 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!