Thursday, 2021-05-20

« Wednesday, 2021-05-19 Index Friday, 2021-05-21 »
*** openstack has joined #openstack-ansible00:24
*** ChanServ sets mode: +o openstack00:24
*** prometheanfire has quit IRC00:34
*** prometheanfire has joined #openstack-ansible00:34
*** MrClayPole_ has quit IRC01:07
*** MrClayPole has joined #openstack-ansible01:18
*** d34dh0r53 has quit IRC01:40
*** gyee has quit IRC02:31
*** rohit02 has joined #openstack-ansible03:26
*** rohit02 has quit IRC03:32
*** rohit02 has joined #openstack-ansible03:32
*** rohit02 has quit IRC03:41
*** rohit02 has joined #openstack-ansible04:02
*** rohit02 has quit IRC04:04
*** miloa has joined #openstack-ansible04:33
*** miloa has quit IRC04:38
sakharkarnoonedeadpunk: Deployed OSA Ussuri with all endpoints on ssl successfully. All features are working as expected except cinder. nova-api failed to attach cinder volume 'ssl-handshake error'. Tried to curl from nova-api container and curl is working fine04:58
sakharkarnoonedeadpunk: logs http://paste.openstack.org/show/805505/04:58
*** jawad_axd has joined #openstack-ansible05:01
jrossersakharkar: can you show how you have made this work? From your paste the error is coming still from the python requests library05:15
*** jbadiapa has joined #openstack-ansible06:15
sakharkarjrosser: http://paste.openstack.org/show/805506/06:29
zbrnoonedeadpunk: let me know if you need more help with the linter upgrade06:32
jrossersakharkar: i gave you a bunch of tips already about how to make python services trust your CA - how did you get on with that?06:55
jrosserputting your cert and CA on haproxy though those variables only deals with making haproxy use that certificate06:56
jrosserit does nothing for making the clients (like nova/cinder/...) trust that CA06:57
noonedeadpunkmornign06:59
jrossermorning06:59
noonedeadpunklinters seems to work on tests repo, but feels like it's not smth we can depends-on :(06:59
jrosseriirc there is complexity that the tests repo picks up some stuff out of the openstack-ansible repo07:00
jrosseri think this got kind of messy last time we updated the linter07:00
noonedeadpunkyep07:09
*** ioni has joined #openstack-ansible07:12
jrossernoonedeadpunk: do we need to merge the tests repo change then fix up whatever breaks elsewhere07:15
jrosseri'm kind of wary of how much that will be :(07:16
noonedeadpunkI checked that and it should be super minimal07:17
noonedeadpunkjust bird, murano, octavia and sahara07:18
jrosserhmm well ok, so maybe we just merge and move on?07:18
noonedeadpunkand I already posted "pathces" for octavia and sahara07:18
noonedeadpunkYeah, I think that's the best we can do anyway07:18
noonedeadpunkBut a bit worried about status of linters on other branches, like V07:19
*** dpawlik8 is now known as dpawlik07:20
noonedeadpunknot sure if we should also update linter there as well, probably worth just working around with adjusting requirements (adding ansible<3.0.0)07:20
*** rpittau|afk is now known as rpittau07:24
sakharkarjrosser: Tried the steps you provided. logs http://paste.openstack.org/show/805507/07:27
sakharkarjrosser: Is there any way to overcome this error?07:27
jrosserand did you try what i suggested with setting REQUESTS_CA_BUNDLE environment variable07:28
noonedeadpunknot use self-signed certificate is one of the ways )07:28
jrosseror just disable validation07:28
noonedeadpunkyeah07:28
jrosserlots of ways here, really need to understand that this is a problem of https client trust, nothing really to do with haproxy07:28
jrosserso the client must either ignore the cert validation07:28
jrosserto be taught how to trust it07:29
jrosserand becasue it's python-requests thats not as simple as just adding to the local CA trust store07:29
jrosser^ sakharkar this is the key point really07:29
*** cyberpear has quit IRC07:34
*** fyx has quit IRC07:34
*** gouthamr has quit IRC07:34
sakharkarjrosser: How we can disable certificate validation so that client should ignore the cert validation?07:35
*** mnaser has quit IRC07:36
*** guilhermesp has quit IRC07:36
*** vkmc has quit IRC07:36
*** gmann has quit IRC07:36
*** nicolasbock has quit IRC07:36
noonedeadpunkthere're variables keystone_service_internaluri_insecure and keystone_service_adminuri_insecure07:37
*** fyx has joined #openstack-ansible07:37
*** vkmc has joined #openstack-ansible07:37
*** nicolasbock has joined #openstack-ansible07:37
*** mnaser has joined #openstack-ansible07:37
*** gouthamr has joined #openstack-ansible07:37
*** cyberpear has joined #openstack-ansible07:38
*** guilhermesp has joined #openstack-ansible07:38
sakharkarnoonedeadpunk: we have set the same as suggested. For reference : http://paste.openstack.org/show/805506/07:38
*** gmann has joined #openstack-ansible07:38
noonedeadpunkhm, that's interesting. then we might miss somewhere to add insecure option in configs...07:39
sakharkarnoonedeadpunk: deployment is successful and all the components are working except attaching cinder volume to instances07:39
sakharkarnoonedeadpunk: error while attaching cinder volume to instance : http://paste.openstack.org/show/805505/07:41
noonedeadpunktry to set smth like that just to test http://paste.openstack.org/show/805508/07:43
sakharkarnoonedeadpunk: You mean to set these variables in user_variable.yaml?07:45
noonedeadpunkyep07:45
sakharkarok will give a try and let you know the output07:46
*** tosky has joined #openstack-ansible07:46
*** jbadiapa has quit IRC08:06
*** macz_ has joined #openstack-ansible08:10
openstackgerritMerged openstack/ansible-role-python_venv_build stable/train: Do not drop all wheels with venv_rebuild  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/77397308:13
*** macz_ has quit IRC08:14
*** jnamdar has joined #openstack-ansible08:33
*** andrewbonney has joined #openstack-ansible08:34
jnamdaro/08:39
noonedeadpunko/08:39
jnamdarno luck for me yesterday on my sahara haproxy '=(08:40
jnamdarkeep getting 300 multiple choices on sahara backend, which seem to bring haproxy down for sahara08:40
jnamdarhence the 503 code08:41
noonedeadpunkum, but patch I made is making haproxy to expect 300 as return code?08:41
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible/+/791999/1/inventory/group_vars/haproxy/haproxy.yml08:41
jnamdarwould youu have a link for that? :D08:41
jnamdarthx08:41
jnamdartrying it rn08:42
noonedeadpunkyou won't be able to just cherry-pick it for U though, but you can manually apply I think08:42
jnamdaryeah i'll try to add it to /etc/haproxy/conf.d/sahara_api directly08:43
noonedeadpunkI think worth adjusting config and re-run haproxy rle08:44
noonedeadpunk /opt/openstack-ansible/inventory/group_vars/haproxy/haproxy.yml08:45
*** jbadiapa has joined #openstack-ansible09:06
openstackgerritMerged openstack/openstack-ansible-os_manila master: Remove ceph-fuse requirement  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/78773709:17
jnamdarnoonedeadpunk alright so it made the CLI work, horizon is giving me a bunch of SSL exceptions `certificate verify failed` on the sahara dahsboard though09:18
jnamdarthe cli is already more than enough though so thanks for that09:22
jnamdarBtw does anyone know where I can find built sahara images?09:46
jnamdaroh it's just a basic ubuntu image, my bad09:49
jnamdarfor vanilla at leasr09:49
*** macz_ has joined #openstack-ansible10:11
*** macz_ has quit IRC10:16
*** mgariepy has quit IRC10:49
noonedeadpunkcan I summon another vote for https://review.opendev.org/c/openstack/openstack-ansible-tests/+/784751 ?10:52
*** mathlin has joined #openstack-ansible11:20
*** jnamdar has quit IRC11:37
*** d34dh0r53 has joined #openstack-ansible11:38
*** mgariepy has joined #openstack-ansible12:16
*** dwilde has joined #openstack-ansible12:19
*** d34dh0r53 has quit IRC12:48
openstackgerritMerged openstack/openstack-ansible-tests master: Bump ansible-lint and ansible version  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/78475112:51
toskydoes it mean the recheck on the os-sahara module is going to work for real now?12:56
admin0checking if anyone here has faced an issue where they had accidently renamed a compute host and all instances disappeared from reporting, and also unable ot migrate instances off that compute node13:02
admin0new instances are reported ( in the cup.disk usage) ... .. old insances keep running, can be start/shutdown etc13:02
admin0jut that they cannot be migrated or are being reported for resource calculation13:03
*** snapdeal has joined #openstack-ansible13:07
*** pcaruana has quit IRC13:28
*** schwicht has joined #openstack-ansible13:33
*** jawad_axd has quit IRC13:43
*** spatel_ has joined #openstack-ansible13:44
*** spatel_ is now known as spatel13:44
*** schwicht has quit IRC13:44
*** schwicht has joined #openstack-ansible13:44
*** snapdeal has quit IRC13:47
spateljamesdenton are you around?13:48
noonedeadpunktosky: it should13:49
spateljamesdenton I am seeing still issue with this patch - https://bugs.launchpad.net/openstack-ansible/+bug/180562613:59
openstackLaunchpad bug 1805626 in openstack-ansible "ML2 OVN port binding failures due to hostname mismatch" [Undecided,Fix released] - Assigned to James Denton (james-denton)13:59
*** jawad_axd has joined #openstack-ansible14:00
spatelhttp://paste.openstack.org/show/805518/14:03
*** jawad_axd has quit IRC14:06
*** macz_ has joined #openstack-ansible14:13
jamesdentonspatel i will try to address that today14:17
*** macz_ has quit IRC14:17
spatel+114:17
spateli believe we should use FQDN whatever your Linux OS giving you14:18
jamesdentoni think the fix may be just removing that task completely14:18
spatelI have file bug also - https://bugs.launchpad.net/openstack-ansible/+bug/192908014:18
openstackLaunchpad bug 1929080 in openstack-ansible "OVN still seeing mismatch hostname issue " [Undecided,New]14:18
jamesdentonbut we'll see14:18
*** jawad_axd has joined #openstack-ansible14:20
*** ioni has quit IRC14:21
*** ioni has joined #openstack-ansible14:22
*** ioni has quit IRC14:26
*** ioni has joined #openstack-ansible14:26
*** mgariepy has quit IRC14:31
*** jawad_axd has quit IRC14:44
*** jawad_axd has joined #openstack-ansible14:44
*** jawad_axd has quit IRC14:44
*** macz_ has joined #openstack-ansible15:02
*** mgariepy has joined #openstack-ansible15:17
*** rpittau is now known as rpittau|afk15:50
*** pcaruana has joined #openstack-ansible17:18
*** andrewbonney has quit IRC17:48
*** ioni has quit IRC18:12
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Add role-name lint check to warnings  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/79246918:20
noonedeadpunkjrosser: this one is also needed in regards to the linters ^18:21
jrossernoonedeadpunk: the link in the commit message is 40418:32
noonedeadpunkdoh18:33
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Add role-name lint check to warnings  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/79246918:34
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: Set manila_backends to empty dict by default  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/78735418:52
*** jawad_axd has joined #openstack-ansible20:01
*** oleksandry has joined #openstack-ansible20:05
*** jawad_axd has quit IRC20:06
*** oleksandry has quit IRC20:13
*** spatel has quit IRC20:22
*** jbadiapa has quit IRC22:03
fridtjof[m]...i think i found a bug23:02
fridtjof[m]Is the part that creates all the infrastructure containers supposed to exclude your internal lb vip address?23:04
fridtjof[m]because it didn't and now I have a nice IP conflict between that VIP on my 1st infra host and an rsyslog container on the 2nd infra host23:05
fridtjof[m]you can ping the lb vip from the 2nd host, but it will always end up with that container23:05
fridtjof[m]guess i'll just redeploy again for now and hope the dice are cast in my favor this time...23:06
*** macz_ has quit IRC23:17
*** tosky has quit IRC23:52
« Wednesday, 2021-05-19 Index Friday, 2021-05-21 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!