Tuesday, 2021-05-18

« Monday, 2021-05-17 Index Wednesday, 2021-05-19 »
openstackgerritMerged openstack/openstack-ansible master: Remove Debain python workaround  https://review.opendev.org/c/openstack/openstack-ansible/+/79104200:26
*** spatel_ has joined #openstack-ansible00:39
*** spatel_ is now known as spatel00:39
*** gyee has quit IRC01:31
*** spatel has quit IRC01:37
*** spatel_ has joined #openstack-ansible01:48
*** spatel_ is now known as spatel01:48
*** spatel has quit IRC01:57
*** spatel_ has joined #openstack-ansible02:09
*** spatel_ is now known as spatel02:09
*** spatel has quit IRC03:17
*** zbr has quit IRC03:21
*** zbr0 has joined #openstack-ansible03:22
*** zbr0 has quit IRC03:30
*** zbr has joined #openstack-ansible03:30
*** macz_ has joined #openstack-ansible03:31
*** macz_ has quit IRC03:36
*** macz_ has joined #openstack-ansible05:08
*** macz_ has quit IRC05:12
*** jawad_axd has joined #openstack-ansible06:13
*** pto has joined #openstack-ansible06:19
*** miloa has joined #openstack-ansible06:21
*** sakharkar has quit IRC06:23
*** miloa has quit IRC06:26
*** pto_ has joined #openstack-ansible07:04
*** pto has quit IRC07:08
*** pto_ has quit IRC07:09
*** pto has joined #openstack-ansible07:09
*** andrewbonney has joined #openstack-ansible07:13
noonedeadpunkwell, seems like valid failure07:17
noonedeadpunkhttps://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_84f/791769/2/check/openstack-ansible-deploy-aio_metal-debian-bullseye/84f43ca/logs/ara-report/results/964.html07:17
jrosseryes, and i was just starting to take a look at whats failed the lxc one07:19
jrosserthats not so obvious right now07:19
noonedeadpunkI think it was just infra repo not synced or smth?07:19
noonedeadpunkI just not sure what replaces zlibc... As zlib is present for 1107:19
jrosserhttps://e46e349bd8ccdafe8c80-5b4233ce682298a00859e3398b583332.ssl.cf1.rackcdn.com/791769/2/check/openstack-ansible-deploy-infra_lxc-debian-bullseye/54ccb14/logs/ara-report/results/304.html07:20
noonedeadpunkhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=95829307:20
openstackDebian bug 958293 in ftp.debian.org "RM: zlibc -- ROM; package obsolete and FTBS" [Normal,Open]07:20
noonedeadpunkand no lxc logs....07:23
jrosserno, something odd happening there07:24
*** rpittau|afk is now known as rpittau07:27
*** macz_ has joined #openstack-ansible07:30
openstackgerritOpenStack Proposal Bot proposed openstack/openstack-ansible master: Imported Translations from Zanata  https://review.opendev.org/c/openstack/openstack-ansible/+/79167407:32
*** macz_ has quit IRC07:34
jrosseri've got a bullseye VM here now i'll try an LXC aio07:36
*** tosky has joined #openstack-ansible07:46
noonedeadpunkoh, ok. I had uploaded image somewhere, but still trying to find it....07:47
jrosserhuh interestingly it is already onto creating the lxc containers just fine07:52
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-rabbitmq_server master: Add debian bullseye support  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/79176907:54
openstackgerritJonathan Rosser proposed openstack/openstack-ansible master: [DNM] Add Debian Bullseye support  https://review.opendev.org/c/openstack/openstack-ansible/+/78360607:55
noonedeadpunkbtw I did so stupid thing with min facts gathering....07:56
*** jnamdar has joined #openstack-ansible08:31
noonedeadpunkor not.... why in the world subset "!all,min,mounts" collects all hardware facts....08:33
noonedeadpunkthat is so stupid....08:33
jnamdarHey noonedeadpunk08:37
noonedeadpunkhey!08:37
jnamdarI almost got to install my "translations" scenario08:38
jnamdarMet a few errors that were already logged in on the launchpad but I got around it08:39
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Gather minimal facts in CI  https://review.opendev.org/c/openstack/openstack-ansible/+/79004208:39
jnamdarNow though I'm stuck on some tempest unit tests08:39
jnamdarI think tempest is ran at the end of the install so I guess I'm close08:39
noonedeadpunkYep, it runs after all services are installed08:40
jnamdarBut I was wondering how I could analyze the failed tempest test. I have the tempest log file08:40
jnamdarBut it's really verbose lol08:40
jnamdarand I guess there are some "nominal" errors in there since those are unit tests08:40
jnamdarmaybe it's looking to confirm some failing cases as well08:40
noonedeadpunkI think you can also run it manually to see stdout. But originally we don't run all tempest tests - only specific pretty minimal subset08:41
noonedeadpunkbut stdout also contain all request log actually08:41
jnamdarWhat's weird is ansible doesn't output me any stderr or stdout08:42
jnamdaron this task08:42
jnamdarbasically I got "msg": "non-zero return code", "rc": 1, "start": "2021-05-18 01:18:02.939391", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []08:42
noonedeadpunkyeah, as we runn command and forward this all to a file08:42
jnamdarah yes true08:42
jnamdari'll try to run it manually then08:43
noonedeadpunkyou will see tempest_run.log eventually as well.....08:43
jnamdaryeah..08:43
jnamdarDoesn't tempest also generate some report? Maybe I can take a look at it, it's probably more human readable?08:43
noonedeadpunkwell, we also generate stestr report08:43
noonedeadpunkwhich is the way more helpful once converted to html08:43
jnamdaryes there are some generate html subunit results tasks played after the failed test08:44
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible-os_tempest/src/branch/master/tasks/tempest_run.yml#L47-L10108:44
noonedeadpunkshould be stestr_results.html08:44
jnamdaruhhh that would be written in /root/workspace/logs/ in the lxc container right08:46
jnamdarI only have tempest.log :(08:46
jnamdarAh I think I found it08:47
jnamdarin /var/log/utility08:47
jnamdarmmh I got something I can read :P08:48
noonedeadpunkyeah, sorry, logs path are not trivial there...08:48
jnamdarno worries08:48
jnamdarSo I met the swift fallocate issue again though during my install08:49
jnamdarWith the 1% vs 1%% variable08:49
noonedeadpunkthat's some curse....08:49
jnamdarAccording to the launchpad that should be fixed, should I comment on the launchpad?08:49
noonedeadpunkand you have https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/786790 applied?08:50
jnamdarmmh how can I make sure ?08:51
noonedeadpunkwell, check that in /etc/ansible/roles/os_swift/templates you don;'t have container-server-2.conf.j2 for example08:52
jnamdarI do have those -2 conf files :S08:52
noonedeadpunkThe you probably don't have fix mentioned in the bug08:52
jnamdaryeah08:53
noonedeadpunkyou can copy branch command from download menu of the patch08:53
jnamdarHow can one know in which branches the fix has been meged?08:53
noonedeadpunkit's in stable/victoria already and in master08:53
jnamdarI run stable/ussuri :(08:54
noonedeadpunkoh08:54
jnamdarthat would be why ll08:54
jnamdarlol08:54
jnamdarit's ok though, I just removed a % in some config files that should be good for my tests08:54
jnamdarinstall resumed ok08:54
noonedeadpunkyou can also use config overrides in your user_varialbes08:55
jnamdartrue08:55
jnamdarI did not choose the clean way lol08:55
noonedeadpunkwell, yes...08:55
jnamdar*modified the jinja templates*08:55
noonedeadpunkhttp://paste.openstack.org/show/805448/08:57
jrossersomething wierd with lxc on bullseye09:05
jrosserworks for some of the setup-hosts then the containers are all somehow broken09:05
jnamdarsweet thanks noonedeadpunk09:07
jawad_axda little query: Is there a way  to restrict vxlans (vni) assignment for networks in different domains? Scenario is: We want to restrict pool of compute hosts to host specific vxlans and restrict access to vxlans, in pool of hosts, in other domain because of "vxlan security issue". Any comments on this? Thanks09:15
jawad_axd@jrosser @noonedeadpunk09:16
*** rohit02 has joined #openstack-ansible09:19
rohit02hi team,is OSA ussuri support all endpoints on ssl?09:20
noonedeadpunkjawad_axd: um, I don't think you can? Well, you can limit vxlan per tenant only, and you can limit computes for this tenant as well with aggregates09:26
noonedeadpunkbut I think you can't do this directly09:26
noonedeadpunkoh, well, probably you can create also availability zones, and share cinder between AZ09:27
jrosserjawad_axd: what is your "vxlan security issue?"09:30
*** macz_ has joined #openstack-ansible09:30
admin0mornings09:31
jawad_axd@noonedeadpunk when we define the vxlan range, it resides behind one network (br-vxlan). Vxaln security issue is: if a compute node is compromised by an attacker so it can generate/flood vxlans packets(with some random vni) on the network behind br-vxlan. Since there is no filtering in between packets will reach other vxlans.09:32
jawad_axdhttps://www.youtube.com/watch?v=5PcDCPNTL1409:32
admin0jawad_axd, when your compute node is compromised, you have bigger issues then this :)09:33
admin0you prevent this by having the vxlan carrying vlan restricted to only the necessary nodes ( i.e compute nodes ) and not beyond that09:34
jawad_axd@admin0 I agree, this is the worst case scenario, and we want to protect other hosts.09:34
admin0suppose your vxlan is running on top on br-vxlan which is on say vlan 3003 --  ... from the switch, you restrict vlan 3003 only to the compute nodes09:34
*** macz_ has quit IRC09:35
noonedeadpunkyou can use regular vlans instead of vxlans :)09:35
admin0that too09:35
jrosserwell that has exactly the same issue, as the compute nodes have the whole trunk09:35
noonedeadpunkyeah09:35
admin0but this talk is about how vxlan is used over public internet to connect 2 datacenters09:35
admin0in OSA case, and in osa design, the vlan where vxlan runs on is restricted only to the local switch and is locally connected to other computes in the network09:36
noonedeadpunkI really wouldn't use vxlan outside of the isolated network...09:36
admin0so this does not actually affect osa design09:36
jawad_axdone solution could be, use vlans for tenants, and map to vxlans on switch(some switch level control) using vxlan bgp evpn. That might solve the problem. But we want to keep the vxlans..09:37
jrosserif the compute node is compromised you have the same issue regardless of vlan or vxlan09:38
admin0jawad_axd, quick question .. what vlan does your vxlan run on top of ? is that vlan also outside of your osa environment ?09:38
jawad_axd@admin I followed OSA docs for deployment..using trunk port --> br-mgt, br-vxlan, br-storage etc.09:40
jawad_axdall br-X are using vlans, lets say 100,200,30009:41
admin0right .. so if your br-vxlan is 300, and its only tagged in the interfaces connected to the openstack switch and ( NOT in any of your other datacenter switch or routers)09:41
admin0then you are good09:41
noonedeadpunkyeah, agree, that won't matter for vlan/vxlan. As eventually whatever network is shared between computes will be "vulnerable" So it's only the way is to limit range of vxlans available on compute, but that would mean you can't use these computes for other instances. So you end up in kid of separate kvm hosts with shared storage09:41
noonedeadpunk*kind of09:42
jnamdarnoonedeadpunk alright so I got to read my tempest log. The culprit is a test with magnum (magnum_tempest_plugin.tests.api.v1.test_cluster.ClusterTest.test_create_cluster_with_zero_nodes)09:43
jawad_axd@admin0 those vlans are specific to openstack, not used anywhere else.09:43
jnamdarThe test ends with a 400 Bad Request "Invalid input for field/attribute node_count. Value: '0'. Value should be gr09:43
jnamdareater or equal to 1"09:43
jrosserjnamdar: i believe there is a patch to magnum tempest plugin for that09:44
noonedeadpunkjnamdar: we blacklisted this test later, as it's vlauble only on master (or W)09:44
jnamdaroh ok nice09:44
jrosseroh well, "patch" in that the test is basically broken09:44
admin0that its the same thing with vlan as well .. . we can say that via any compromized compute node, an attacker can easily flood the vlan network by sending broadcast and multicast traffic09:44
jnamdarmmh so I should update the blacklist file then09:44
jnamdarand take the one in master?09:44
admin0so similar with the vxlan case, the affect will only be limited to the ports where that specific vlan is tagged09:44
jnamdaror can I just disable this test lol09:44
noonedeadpunkor just ignore that test :)09:44
noonedeadpunkeventually blacklist just disables test from whole tempest subset09:45
admin0jawad_axd, also this whole presentation is about a routed vxlan network ( where a gateway is present for vxlan traffic to go outside ) .. while in OSA, vxlan network is unrouted09:46
jawad_axd@admin0 that vlan will be on all compute hosts, so ..thats the thing.09:47
noonedeadpunkjawad_axd: as I said, you can set only single vxlan available on compute, but that mean you can't migrate or evacuate instances from the node that has that vxlan09:47
noonedeadpunkor vlan09:47
noonedeadpunkso you will have to pin vms to specific computes09:48
jnamdarI'll just add the line with this test in the blacklist file I guess09:48
admin0vms, their networks and thier router -- all to single or specific ones09:48
noonedeadpunkthere's also a variable for blacklist file09:48
jawad_axd@noonedeadpunk thats exactly we need, pin vms to specific hosts. while keep them completely isolated from other vxlans. I guess this is how it is. Perhaps my boss is thinking too much ;)09:49
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible-os_tempest/src/branch/master/defaults/main.yml#L102-L11209:49
jnamdarnoonedeadpunk thx09:49
noonedeadpunkjawad_axd: so I think you can set network_vxlan_ranges for specific host somehow...09:50
jrosseri wonder how the nova scheduler is going to understand this though09:50
admin0jawad_axd, if your compute node is hacked, attacker can also flood stuff on br-vlan, br-mgmt, br-storage09:50
noonedeadpunkI think it won't tbh... so some scheduler tip will be need to set or dunno...09:51
admin0and your most imp task will be to migrate/backup instances to another node and re-do this node as soon as possible09:51
jrosserthis kind of gets to the point you may not have bothered with a multitenant cloud setup when the requirements are old-school virtualisation09:51
noonedeadpunkyeah, exactly. jsut set of kvm hosts09:52
jawad_axd@jrosser I completely agree.09:52
admin0but again, if your one compiute can be hacked, your other computes can also be hacked similar way .. so I really don't see how doing anything can actually help09:52
noonedeadpunkadmin0: well, considering that there's ssh key atm for live migration that would be even easier....09:53
noonedeadpunkand you can get to vnc consoles as well09:53
noonedeadpunkso yeah, just black box is the safest thing :)09:54
jawad_axd@admin0 thing is: some compute hosts are open to public, and some compute hosts, in different AZ, are sensitive. We are considering public compute hosts  vulnerable, since we dont really know the users, and we want to protect other sensitive hosts. Thats the whole point.09:55
noonedeadpunkbut wait... for AZ you can use different networks/vlans even?09:56
noonedeadpunkso create separate vlan, use different range of vxlans and just don't pass this vlan to az09:57
jawad_axd@noonedeadpunk is that so? can we use different networks for specific AZ?09:57
*** admin0 has quit IRC09:57
noonedeadpunkyou can create specific set of l3 agents even afaik09:57
noonedeadpunkhttps://docs.openstack.org/neutron/latest/admin/config-az.html09:58
jrosserit just takes some reading up i think nova AZ != neutron AZ09:59
jrosserso confusion can happen10:00
noonedeadpunkyes, sure10:00
jawad_axdOk, I look into it. Thanks10:00
jrosserjawad_axd: it still solves no issues for a shared control plane though if a compute node is compromised10:03
noonedeadpunkunless you have dedicated network nodes?10:03
jrosserthere are db credentials, ssh keys, loads of stuff which are still there10:04
noonedeadpunkah, well, yes...10:04
jawad_axd@noonedeadpunk  there dedicated network nodes..HA10:04
jrosseri just think that from the POV of considering what happens for a compromised compute node, worrying about vxlan stuff is maybe not top of the list10:05
noonedeadpunkbut eventually I'd just build separate private cloud for internal needs. as this adds just extra controllers to the setup, but the way more control and isolation imo10:05
jawad_axd@jrosser probably my boss is old school. Hope he is not around. ;)10:06
*** admin0 has joined #openstack-ansible10:06
jawad_axd@noonedeadpunk or maybe nova cells ?10:06
noonedeadpunkcells are not gonna help with network isolation10:07
jawad_axdokay.10:07
noonedeadpunkI mean mixing private cloud with public one from security prespective is not ideal10:08
jawad_axd@noonedeadpunk last thing, cumulus ml2 plugin with neutron kind of creates vxlans on switch .. will that help?10:13
jawad_axdor using SDN controller in environment maybe..10:14
jrosseryou'd still have to isolate tenants per compute node10:14
jrosseras you'd have one vlan per tenant coming down from the switch to each compute node10:15
jnamdarnoonedeadpunk I didn't quite get how to use `tempest_test_blacklist`10:26
jnamdarIf I put in `tempest.scenario.test.minimum_basic` would that skip my failing test?10:27
noonedeadpunkyou should put `tempest_test_blacklist: ['magnum_tempest_plugin.tests.api.v1.test_cluster.ClusterTest.test_create_cluster_with_zero_nodes']`10:29
jnamdaroh ok, I wasn't sure whether to put the full path or not10:30
noonedeadpunkyou can do both10:30
jnamdarwas trying something like `tempest.scenario.test_cluster.ClusterTest.test_create_cluster_with_zero_nodes` lol10:30
noonedeadpunkI mean you can put `magnum_tempest_plugin` to avoid all magnum tests for example10:30
noonedeadpunkyou can check actually whitelist file10:31
jnamdaryeah it does begin with that prefix10:31
noonedeadpunkit's actually standalone plugin which is installed with pip from https://github.com/openstack/magnum-tempest-plugin10:32
noonedeadpunkhere's what we exclude in CI https://opendev.org/openstack/openstack-ansible/src/branch/master/tests/roles/bootstrap-host/templates/user_variables_magnum.yml.j2#L58-L6410:33
openstackgerritMerged openstack/openstack-ansible-os_adjutant master: Remove incorrect horizon_post_install example  https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/78442010:38
jnamdarok thx10:40
jrossernoonedeadpunk: have you noticed there is an unusual list in the 'reply-to' of the gerrit emails?10:59
jrossermaybe it's fine and a bunch of people have notifications set on our repos11:00
noonedeadpunkjrosser: um, no, never noticed. Looking at the last gerrit email don't see either (except In-Reply-To: <gerrit.1619619419000.Iff2017d4fbc5ede0686afa20998f0b1f0c00470e@review.opendev.org>11:02
noonedeadpunkwhich I guess smth gerrit itself-related11:03
noonedeadpunkso you could just reply email to comment11:03
*** pto_ has joined #openstack-ansible11:12
*** pto has quit IRC11:15
*** pto_ has quit IRC11:20
*** pto has joined #openstack-ansible11:20
jrossernoonedeadpunk: for PKI patch, i was wondering about this https://review.opendev.org/c/openstack/openstack-ansible/+/788031/7/tests/roles/bootstrap-host/files/user_variables_pki.yml11:38
jrosserperhaps that should go in user_variables AIO template as an example11:38
jrossersomehow a bit hidden / not in the documentation at all otherwise11:39
jrosserwell, or maybe group_vars somehere, not sure11:39
noonedeadpunkwe don't really inlcude aio templates into the docs as well?11:40
jrosserno, but it seems to be where lots of people look11:40
noonedeadpunkmaybe we should add it in https://opendev.org/openstack/openstack-ansible/src/branch/master/etc/openstack_deploy/user_variables.yml11:41
jrosseryeah, thats pretty much what i mean11:42
*** jbadiapa has joined #openstack-ansible11:42
noonedeadpunkor actually create new file there and inlcude it in doc11:42
jrosserbut we'd also want it in the .aio.j2 verson instead of user_variables_pki.yml perhaps11:42
noonedeadpunkyeah, I think makes sense11:43
jrosserif we put it in group_vars then every deployment would get a reasonable CA without any change anywhere11:44
noonedeadpunknot super crucial, but yeah11:44
jrosserbut user_variables needs actually to pay attention and put at least the default stuff there11:44
noonedeadpunkno, I don't think we should really put that in group-Vars? as it's smth that ppl would like to customize in 99%11:44
noonedeadpunkand won't by default I guess?11:44
noonedeadpunkfrom other side, they will end up with broken deployment because of the rabbit11:45
jrosseryeah11:45
noonedeadpunkor not ssl secured rabbit...11:45
jrosseractually i think that the rabbit role might make it's own CA if the deployment wide one is not configured11:46
jrosseri set that up with enough stuff in it's own defaults/main.yml to at least be working with no extra variables11:46
jrossersame for haproxy11:47
noonedeadpunkyeah, I saw that and really dunno if that's good idea...11:55
noonedeadpunkfrom some prespective it is from other....11:55
noonedeadpunkI mean that during upgrade you will get just random CA11:57
noonedeadpunkor disabled SSL which is even worse I think...11:57
noonedeadpunkI think we should more widely link the variables need to be set to generate proper CA12:00
*** rohit02 has quit IRC12:00
noonedeadpunkie in deploy guide12:00
*** rohit02 has joined #openstack-ansible12:00
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: DNM Gather additional required facts to min  https://review.opendev.org/c/openstack/openstack-ansible/+/78977612:17
jnamdarFYI I met this bug too with magnum. https://bugs.launchpad.net/openstack-ansible/+bug/185868512:18
openstackLaunchpad bug 1858685 in openstack-ansible "magnum: certificate verify failed" [Undecided,New]12:18
jnamdarApplies the workaround to continue my install, but yeah not sure why magnum has a problem with that12:19
jnamdarother services seem to do fine with insecure=False12:19
jrosseris that your external endpoint that magnum has hit and been unhappy with the certificate?12:23
jrosser(magnum is all kinds of special in this regard)12:23
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: DNM Gather additional required facts to min  https://review.opendev.org/c/openstack/openstack-ansible/+/78977612:24
jrosserjnamdar: if you are using a self signed cert then you need to install the CA into at least the magnum container trust store12:26
jrosserjnamdar: see the variable openstack_host_ca_certificates here https://docs.openstack.org/openstack-ansible-openstack_hosts/latest/12:28
jnamdar@jrosser the error was pointing to connections between magnum and keystone IIRC12:28
noonedeadpunkwell, we should have insecure https://opendev.org/openstack/openstack-ansible-os_magnum/src/branch/master/templates/magnum.conf.j2#L4312:28
jnamdarI didn't really configure anything regarding certificates, so everything is left to default12:29
jrosserright, well you'd expect that to occur really between the magnum code and the internal endpoint12:29
jrosserbut as i say this stuff is all kind of a bit random in magnum12:29
noonedeadpunkbut magnum asks public endpoint only from inside of the cluster?12:29
jnamdarnoonedeadpunk yeah but the variable is False by default12:29
jrosserunless this is an all-ssl deployment?12:29
jnamdarso all my other services seem to run fine with that12:30
noonedeadpunkI wonder if oyu have that patch in place? https://opendev.org/openstack/openstack-ansible-os_magnum/commit/7c90bb17291f6662c6995ee728eadaed52b976e612:30
noonedeadpunkI guess no, since it's Victoria only12:32
jnamdarYeah indeed12:32
jnamdarI do not have it12:32
noonedeadpunkI think the most crucial thing is this change https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/755569/6/templates/magnum.conf.j212:32
jnamdarhonest question, for instance why would this patch only concern victoria+12:32
jnamdarwhy would it not be reversed in ussuri as well ?12:33
noonedeadpunkcan you check if it works and we will backport then? :)12:33
jnamdar:D12:33
noonedeadpunkWe simply lack of resources to keep track properly on things that require backporting12:34
jnamdarno worries, I understand12:35
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_masakari master: Remove references to unsupported operating systems  https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/77974012:39
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_masakari master: Use ansible_facts[] instead of fact variables  https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/78064912:39
*** spatel_ has joined #openstack-ansible12:46
*** spatel_ is now known as spatel12:46
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_zun master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/79174212:55
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_ceilometer master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/79170012:56
*** snapdeal has joined #openstack-ansible13:01
rohit02while deploying OSA ussuri on centos 8 deployment failed at http://paste.openstack.org/show/805457/13:16
noonedeadpunkI wonder if this might be realted to https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/77810413:21
noonedeadpunkjnamdar: let us know if you will have a chance to test magnum13:22
noonedeadpunkalso is it fresh deployment?13:24
noonedeadpunkAs it also might be https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/77397113:27
spatelrohit02 did you check your python_venv_wheel_build logs ? look like something is failing in your while build way13:28
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_magnum stable/ussuri: Use internal url for auth  https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/79196213:31
*** gshippey has quit IRC13:31
openstackgerritDamian DÄ…browski proposed openstack/openstack-ansible-os_nova master: Dynamically compute nova_scheduler_host_subset_size value  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/79196513:33
*** rh-jlabarre has quit IRC13:37
*** rh-jlabarre has joined #openstack-ansible13:37
*** gshippey has joined #openstack-ansible13:37
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Gather additional required facts to min  https://review.opendev.org/c/openstack/openstack-ansible/+/78977613:44
*** ThiagoCMC has joined #openstack-ansible13:44
openstackgerritMerged openstack/openstack-ansible-os_neutron master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/79003613:47
admin0hi all .. i am facing a migration issue ..  issue described here:  https://gist.github.com/a1git/ce400f1084a184fa5c805ee72554a6e313:48
admin0if someone has seen this before, please let me know13:48
admin0basically, when i want to migrate from one host to another, it says host not found13:48
mgariepyadmin0, try with and without the domain ?13:50
mgariepyconsistency was not a hard requirement on some stuff.13:50
jnamdarmmh trove ansible install didn't output any errors, though in trove logs I am getting some nasty ssl errors (similar to magnum it seems)13:51
jnamdaralthough it seems to be with nova this time `ERROR trove.common.wsgi [-] 4186f859-29fd-4d2e-8b61-2bef46ad6f93: SSL exception connec13:51
jnamdarting to https://10.0.2.15:8774/v2.1/servers/detail: HTTPSConnectionPool(host='10.0.2.15', port=8774): Max retries exceeded with url: /v2.1/servers/detail (Caused by SSLError(SSLError("bad handshake: Error([13:51
jnamdar('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))): keystoneauth1.exceptions.connection.SSLError: SSL exception connecting to https://10.0.2.15:8774/v2.1/servers/detail: H13:51
jnamdarTTPSConnectionPool(host='10.0.2.15', port=8774): Max retries exceeded with url: /v2.1/servers/detail (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'c13:51
jnamdarertificate verify failed')])")))`13:51
jnamdarwhoops sorry for the formatting13:52
noonedeadpunkjnamdar: I believe trove is working atm only in master branch13:52
noonedeadpunkI did really lot of changes there13:53
jnamdaryeah I remember now13:53
noonedeadpunkand they are not really backportable like https://opendev.org/openstack/openstack-ansible-os_trove/commit/c92b99d3f431eddc51e85457c8e214a601f77f1c13:54
admin0mgariepy, there is no domain option .. (its ocata )13:54
jnamdarmay I upgrade trove? for instance if I checkout the latest version in the role in /etc/ansible/roles and I play os-trove-install again13:54
jnamdaroh13:54
mgariepyadmin0, usualy the hypervisor can be h7.openstack.local or something like that.13:55
jnamdarso that would be a no I guess :D13:55
mgariepyadmin0, openstack hypervisor show h9 ? does it output the hypervisor?13:55
noonedeadpunkjnamdar: um, that would be not super trivial. first of all because of the newer pip version, which has different resolver, and so has another format of constraints (and thus requirements) which are not compatible13:57
*** openstack has joined #openstack-ansible14:10
*** ChanServ sets mode: +o openstack14:10
openstackgerritMerged openstack/openstack-ansible-os_tacker master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/79174114:10
*** openstackstatus has joined #openstack-ansible14:11
*** ChanServ sets mode: +v openstackstatus14:11
openstackgerritMerged openstack/openstack-ansible-os_swift master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/79174014:15
openstackgerritMerged openstack/openstack-ansible-os_senlin master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_senlin/+/79173414:17
openstackgerritMerged openstack/openstack-ansible-os_mistral master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_mistral/+/79172514:17
*** dpawlik7 is now known as dpawlik14:19
openstackgerritMerged openstack/openstack-ansible-os_sahara master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_sahara/+/79173214:22
openstackgerritMerged openstack/openstack-ansible-os_designate master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_designate/+/79170314:26
openstackgerritMerged openstack/openstack-ansible-os_magnum master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/79171814:28
openstackgerritMerged openstack/openstack-ansible-os_masakari master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/79172314:31
jnamdarmmh it seems like my sahara install is not detected somehow14:32
jnamdarservices run fine in the container14:32
jnamdarbut I'm getting some `sahara_api-front-2 sahara_api-back/<NOSRV>` in haproxy14:32
jnamdaralso the sahara horizon dahsboard doesn't work either14:33
* noonedeadpunk no idea about sahara14:35
noonedeadpunkwe didn't have a look for a while on the role as well14:35
jnamdarhaproxy config looks fine14:35
noonedeadpunkmaybe service just not started ?14:36
jnamdarbut I'm getting `haproxy[8601]: backend sahara_api-back has no server available!` as well14:36
noonedeadpunkor fails to start14:36
jnamdarmmh I just spotted a nice error stack in sahara-engine14:36
jnamdargonna look at it lol14:36
noonedeadpunkit should be api anyway14:37
noonedeadpunkdon;t see obvious errors in CI logs14:38
jnamdarweird14:38
jnamdar`Database connection was found disconnected; reconnecting: oslo_db.exception.DBConnectionError: (pymysql.err.OperationalError) (2013, 'Lost connection to MySQL server during query')`14:38
jnamdarI think it happened when I restarted haproxy somehow14:38
noonedeadpunkmysql is proxied through haproxy14:39
jnamdaroh alright14:39
noonedeadpunk*balanced14:39
jnamdarI can probably discard it ehn14:39
jnamdarthen*14:39
jnamdarwell other than that, nothing much14:39
jnamdarsahara services are up14:39
noonedeadpunkand can you just curl to sahara backend port/host?14:39
jnamdaryup14:40
noonedeadpunkand it's 200 return code?14:40
*** snapdeal has quit IRC14:40
jnamdarI can `curl 172.29.239.76:8386/` fine14:40
jnamdarother routes need authentication obvsly14:40
noonedeadpunkoh, well14:41
noonedeadpunkand `curl 172.29.239.76:8386/healthcheck`?14:41
jnamdargetting a 401 on that14:42
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible/src/branch/stable/ussuri/inventory/group_vars/haproxy/haproxy.yml#L22814:42
noonedeadpunkI wonder if this url is even implemented for sahara...14:42
jrosserit's an api-paste middleware sometimes isnt it?14:44
noonedeadpunkyeah, it is...14:46
jnamdarthat's so frustrating lol, I think the service is running fine14:46
noonedeadpunkoh, and we don't have smart sources14:46
jnamdarjust can't reach it14:46
jrosserdoes adjusting the haproxy config so that it tries / rather than /healthcheck help?14:48
noonedeadpunkfwiw no healthcheck here https://opendev.org/openstack/sahara/src/branch/master/etc/sahara/api-paste.ini14:48
jnamdaruhh14:49
jnamdarso weird14:49
jnamdarit did for like a second14:49
jnamdarwith / instead of /healthcheck14:49
jnamdarand then 503 again14:49
jnamdarGot some requests through on :8386 as soon as I restart haproxy14:50
jnamdarthen nothing after a few sec14:51
noonedeadpunkare you sure curl returns 200 as a return code?14:51
jnamdaroof actually it returns a 300 Multiple choices14:52
jnamdaron /14:52
jnamdarthat's a new code to me lol14:53
noonedeadpunk`/v2`?14:53
jnamdargetting a 401 on that14:53
jnamdarIll try sending some keystone token14:54
*** jamesdenton has joined #openstack-ansible14:59
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Fix sahara backend URL  https://review.opendev.org/c/openstack/openstack-ansible/+/79199915:00
noonedeadpunk#startmeeting openstack_ansible_meeting15:00
openstackMeeting started Tue May 18 15:00:41 2021 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
*** openstack changes topic to " (Meeting topic: openstack_ansible_meeting)"15:00
openstackThe meeting name has been set to 'openstack_ansible_meeting'15:00
noonedeadpunk#topic rollcall15:00
*** openstack changes topic to "rollcall (Meeting topic: openstack_ansible_meeting)"15:00
noonedeadpunko/15:00
jnamdarI'm getting a 404 on /v1 or /v215:02
*** jamesden_ has quit IRC15:02
*** macz_ has joined #openstack-ansible15:05
noonedeadpunk#topic office hours15:06
*** openstack changes topic to "office hours (Meeting topic: openstack_ansible_meeting)"15:06
noonedeadpunkI can't actually recall new bugs that were submitted recentl;y, so skipping that topic15:07
noonedeadpunkI want to return to the topic of dropping branches. For some reason I thought that ocata will be just dropped, but seems like we need to mark it eol15:08
noonedeadpunkSo I wonder if we should limit to ocata? or take pike with it? as at the end it feels up to us to pick stuff to drop15:08
noonedeadpunkwe kind of discussed that later and stopped only on Ocata15:09
noonedeadpunkso I will proceed with marking it as eol15:10
noonedeadpunkand abandon all patches that were submitted for it15:10
admin0i am in the process of upgrading one env from ocata -> latest , so please dont delete files :D15:10
noonedeadpunkoh...15:11
noonedeadpunkI was going to drop branch and tags related to ocata15:11
admin0how can i request more time on this15:11
* admin0 will send pizzas :) 15:12
noonedeadpunkabout what time period are we talking about?15:12
admin0can i pm ?15:12
noonedeadpunkum, yes, but descision has to be taken in channel :)15:12
admin0there is a very important cloud .. but in ocata that needs to be upgraded .. i am setting up a lab to replicate that this week .. within 15-20 days i will be able to tell ..15:13
noonedeadpunkI can imagine how challenging it would be to spawn ocata deployment in 202115:14
admin0it is15:14
admin0if its deleted, if there can be way how I can clone an earlier branch/tag or preserve it , that would be great15:15
admin0is asking till end of the year a big deal ?15:15
noonedeadpunkI think you will still be able to checkout to sha from master....15:15
jrosserthe tags arent deleted are they?15:15
admin0can i bribe you with a pizza to keep it till end of year :)15:15
admin0and beer15:16
spatelcurious what is the rush to delete old tags?15:16
noonedeadpunkjrosser: but tags are on branch? Actually along with sha's...15:16
spatelwhy don't we keep them if they don't cost $$15:16
admin0i have one critial infrastructure handling some government infrastrucutre to be upgraded from ocata -> latest till end of year15:17
admin0so if it can be kept till end of year, i would be very grateful15:17
admin0"an undisclosed" government will be very grateful15:17
jrosseri was trying to follow the discussion in other channels about this15:17
noonedeadpunkadmin0: I think that would be super challenging also because really other projects are dropping their branches super actively nowadays15:18
noonedeadpunkI wasn't following discussions, but was following ML15:18
jrosserwhen l look in the nova repo (on github) there are still tags for <branch>-em on really ancient branches15:19
jrosserbut the branches themselves are removed15:19
jrosserafaik it's just a pointer to a sha15:19
noonedeadpunkyeah, it's a pointer to sha.... but sha in specific tree?15:20
noonedeadpunkI mean if you merge old branch with master, then SHA will be valid15:20
jrosserthough the point about the other repos is totally valid for admin0 case15:20
jrosserit's just generally happening that the old branches are being removed15:21
admin0if its have to be dropped, i cannot stop it .. but i would need some help to figure out what i can do now to clone or do stuff so that i will be able to deploy ocata15:21
*** zul has joined #openstack-ansible15:21
noonedeadpunkactually now I wonder if I did right by checkout to stable/train for EM... I think I should have checkout to train-em instead15:22
noonedeadpunkadmin0: well, there's no rush for us specifically15:22
jrosserbut look i think this isnt necessarly a problem15:22
jrosserhttps://github.com/openstack/nova/tree/kilo-eol15:22
jrosserthe code is there, the branch is deleted15:22
jrosserbut the tags remain as references15:23
noonedeadpunkthen I've missed about hob git works...15:23
noonedeadpunkwell, ok, then it solves everybody problems I think15:24
jrosseryes, i think it's fine15:24
noonedeadpunkadmin0: you will be able to checkout to ocata-em instead of stable/ocata15:24
admin0that is fine15:25
admin0can i checkout tags also ? or are tags also gone15:25
admin0i usually checkout tags15:25
admin0like x.y.z15:25
admin0i don't checkout the branches like stable/X15:25
noonedeadpunknow I don't know:) if em is working then tags should be also fine15:25
noonedeadpunkI think I should actually do more research then15:26
jrossertheres em and eol15:26
jrossersome projects already em and eol stein15:26
noonedeadpunkah!15:26
noonedeadpunkok, now I got how this works:)15:26
admin0as long as tags remain, i am not too worried about branch-names15:27
noonedeadpunkI mean new tag is created on top of the branch that is dropped15:27
jrosseryeah15:27
admin0so tags will work ?15:28
noonedeadpunknova has all tags in place15:28
noonedeadpunkwell, anyway we can probably postpone dropping ocata as well?15:28
noonedeadpunkI think nothing would happen if we drop branch somewhere autumn with X release? Especially it's so important15:29
jrosserthis sounds fine15:29
admin0thank you15:30
noonedeadpunkok, cool.15:31
noonedeadpunknext thing I want to discuss is how we see root CA generation. I mean - should we disable SSL or don't enable CA when variables not set, or jsut create dummy default CA?15:32
noonedeadpunkAs I think we should then say about these variables as like required ones?15:32
noonedeadpunkand underline how important is to set them both during upgrade to W and for new setup?15:33
*** jamesden_ has joined #openstack-ansible15:33
noonedeadpunkfwiw W deadline is July 215:34
jrosseri guess that always creating the internal self-signed CA is good15:34
jrossereven when there is a proper certificate for the public endpoint15:34
jrosserit would still be needed for rabbitmq regardless, unless the deployer also provided their own certificates for each rabbit node15:35
noonedeadpunklet's probably then include reference to the sample with these variables _everywhere_ - in deploy guide, in aio guide, in release notes...15:35
jrosserthe problem we have is that there is so many possible ways that this could be done15:36
jrosserand i think we have to choose a "sensible default", as usual15:36
*** jamesdenton has quit IRC15:36
jrosserif we want to move on and do further work for ssl on galera and internal endpoint then the certs become a key component15:37
noonedeadpunkyeah. but the main concern here is that rotate CA is not so easy I guess. And in case it's missed during upgrade, you will get your production deployment with dummy info in CA15:37
jrosseri think that rotating the intermediate is actually quite easy15:38
jrosserthe root CA itself is another matter15:38
noonedeadpunkand info is not in root but in intermediate?15:38
noonedeadpunkI just thought that all these org stuff and country and etc are in root?15:39
jrosserroot signs intermediate, intermediate signs server cert15:39
jrosserso if there is a requirement to replace the trust chain for whatever reason, then thats easy up to the point of wanting to rotate the actual root CA certificate15:39
noonedeadpunkAh, ok, openstack_pki_authorities contain both root and intermediate15:40
jrosseryes, as many of either as you want15:40
jrosserit's a list15:40
noonedeadpunkand I think intermediate can be even skipped for $reason ?15:41
jrosserso i had in mind that we could have intermediates for services, SSH certs, <whatever>15:41
noonedeadpunkyeah, that make sense15:41
jrosserthen you can split the risk/cost of replacing an intermediate easily without having to change everything15:41
noonedeadpunkwell, that's in case we have intermediate per service?15:42
jrosserand as it stands now, you could extend the list of intermediates trivially15:42
jrosserand have new certs made off the new intermediate, and their trust chain will validate against the original root CA15:42
jrosserso keeping the root CA super-safe is perhaps key15:43
noonedeadpunksounds like it is15:43
jrosserand thats something i've not tested here, supplying the root CA, plus intermediate and it's key out-of-band to the PKI role15:43
jrosseras that would be the totally best way15:43
jrosseri think thats it should be a case of copying the files to the right dirs in /etc/openstack_deploy/pki/roots/ and then not defining the variable that creates CA in the PKI role15:45
jrossertbh this is why i kind of paused at the documentation part15:46
noonedeadpunkok, thinking about reasonable defaults, probably you was right about placing https://review.opendev.org/c/openstack/openstack-ansible/+/788031/7/tests/roles/bootstrap-host/files/user_variables_pki.yml to group_vars instead15:47
jrosserthere is something self-contained we need for CI15:47
jrosserand then there is whatever points we need for overriding these variables for production deployments15:47
jrosserthat might want a self-contained CA, or derived from a company CA, or whatever else15:47
noonedeadpunkright, agred15:49
noonedeadpunk*agreed15:49
jrosseryes, so setting openstack_pki_authorities: [] in user_variables would stop any new CA being made15:49
*** tosky_ has joined #openstack-ansible15:49
jrosserthis potential complexity is a reason to keep this simple just for rabbit/haproxy for W and try to shake out some of the production use-cases during X15:50
*** tosky has quit IRC15:52
noonedeadpunkyeah, the point with docs, is to make ppl aware that they will get `Example Corporation` CA by default, and they really need to change that15:52
noonedeadpunkas for upgrades I bet this will be confusing15:52
noonedeadpunkalso15:53
noonedeadpunkshould we enable ssl for all endpoints by default?15:53
jrosserperhaps during X cycle?15:53
noonedeadpunkyeah, might be.15:53
jrosseri'm not sure how that should be done at haproxy15:54
noonedeadpunkAs I guess we need to write upgrade path for that15:54
jrosseri mean it can be done today of course with setting all endpoints to SSL15:54
jrosserbe if the same certificate is the right thing to do on the inside and outside15:54
jrosser*but if15:55
noonedeadpunkwhich is only the case with wildcards  Iguess...15:55
noonedeadpunkand with lets encrypt that would be tough15:55
jrosserif we want to eventually also do mutual-tls on the internal endpoint then we must use the internal CA i think15:55
jrosserand seperatly have LE or whatever on the external15:56
noonedeadpunkyeah, let's leave it for now, agree15:56
noonedeadpunkI just thought that we can just use internal ca for internal/admin endpoint by default15:57
jrosseryes, i think that would be a good thing15:57
noonedeadpunkand do mutual-tls later on15:57
jrosserwe can put an IP: SAN in there and it should just work with what we have already15:57
noonedeadpunk#endmeeting16:00
*** openstack changes topic to "Launchpad: https://launchpad.net/openstack-ansible || Weekly Meetings: https://wiki.openstack.org/wiki/Meetings/openstack-ansible || Review Dashboard: http://bit.ly/osa-review-board-v3"16:00
openstackMeeting ended Tue May 18 16:00:54 2021 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:00
openstackMinutes:        http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2021/openstack_ansible_meeting.2021-05-18-15.00.html16:00
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2021/openstack_ansible_meeting.2021-05-18-15.00.txt16:00
openstackLog:            http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2021/openstack_ansible_meeting.2021-05-18-15.00.log.html16:00
openstackgerritMerged openstack/openstack-ansible-openstack_hosts master: Only install python3 virtualenv package  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/79124216:02
openstackgerritMerged openstack/openstack-ansible-galera_server master: Add support for Debian Bullseye  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/79128016:07
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Gather additional required facts to min  https://review.opendev.org/c/openstack/openstack-ansible/+/78977616:09
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Gather minimal facts in CI  https://review.opendev.org/c/openstack/openstack-ansible/+/79004216:09
*** jamesdenton has joined #openstack-ansible16:12
openstackgerritMerged openstack/openstack-ansible-os_barbican master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/79167716:12
*** jamesden_ has quit IRC16:15
openstackgerritMerged openstack/openstack-ansible-os_cloudkitty master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_cloudkitty/+/79170116:18
*** jamesdenton has quit IRC16:18
openstackgerritMerged openstack/openstack-ansible-os_blazar master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_blazar/+/79167816:23
*** jamesdenton has joined #openstack-ansible16:24
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Gather additional required facts to min  https://review.opendev.org/c/openstack/openstack-ansible/+/78977616:27
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Don't collect virtual facts  https://review.opendev.org/c/openstack/openstack-ansible/+/78992616:28
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Gather minimal facts in CI  https://review.opendev.org/c/openstack/openstack-ansible/+/79004216:28
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: Switch default virtualenv to python3  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/77967916:30
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/79172216:31
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: Remove references to unsupported operating systems  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/77973916:32
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: Use ansible_facts[] instead of fact variables  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/78064616:32
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: Remove ceph-fuse requirement  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/78773716:33
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: [reno] Stop publishing release notes  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/77203616:34
admin0hostname => h7 ; hostname -f => h7 ; virsh hostname => h7 ;  openstack hypervisor list => h7 ; migrate command still says => Compute host h7 could not be found.16:38
admin0i have a strange issue .. i think osa first installed it as h7 .. then at some point changed it to h7.16:38
*** rpittau is now known as rpittau|afk16:45
*** rohit02 has quit IRC17:02
openstackgerritMerged openstack/openstack-ansible-os_aodh master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/79167617:10
openstackgerritMerged openstack/openstack-ansible master: Bump SHAs for master  https://review.opendev.org/c/openstack/openstack-ansible/+/79035717:14
openstackgerritMerged openstack/openstack-ansible master: Imported Translations from Zanata  https://review.opendev.org/c/openstack/openstack-ansible/+/79167417:15
*** andrewbonney has quit IRC17:32
*** strattao has quit IRC17:32
*** spatel has quit IRC17:42
*** evrardjp has joined #openstack-ansible18:05
*** evrardjp has quit IRC18:29
*** evrardjp has joined #openstack-ansible18:31
*** dwilde has joined #openstack-ansible18:39
*** zbr has quit IRC18:48
*** zbr has joined #openstack-ansible19:00
*** tosky_ is now known as tosky19:25
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Gather additional required facts to min  https://review.opendev.org/c/openstack/openstack-ansible/+/78977619:27
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Gather minimal facts in CI  https://review.opendev.org/c/openstack/openstack-ansible/+/79004219:36
*** spatel_ has joined #openstack-ansible19:42
*** spatel_ is now known as spatel19:42
*** cloudnull has quit IRC19:48
*** hjohnson1 has joined #openstack-ansible19:51
*** hjohnson1 has left #openstack-ansible19:54
*** evrardjp has quit IRC20:18
*** evrardjp has joined #openstack-ansible20:21
*** evrardjp has quit IRC20:27
*** jnamdar has quit IRC21:05
openstackgerritMerged openstack/openstack-ansible-os_manila master: Switch default virtualenv to python3  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/77967921:07
*** cloudnull has joined #openstack-ansible21:13
*** cloudnull has quit IRC21:30
*** spatel has quit IRC21:42
*** dave-mccowan has quit IRC22:17
*** dave-mccowan has joined #openstack-ansible22:22
*** jbadiapa has quit IRC22:38
*** tosky has quit IRC23:05
*** masterpe has quit IRC23:27
*** fridtjof[m] has quit IRC23:27
*** manti has quit IRC23:27
*** manti has joined #openstack-ansible23:44
*** fridtjof[m] has joined #openstack-ansible23:53
*** masterpe has joined #openstack-ansible23:55
« Monday, 2021-05-17 Index Wednesday, 2021-05-19 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!