Friday, 2021-06-25

« Thursday, 2021-06-24 Index Saturday, 2021-06-26 »
noonedeadpunkmorning05:35
* noonedeadpunk looking at haproxy05:35
jrosserlooks like buster is working again05:45
noonedeadpunklol05:46
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Revert "Set buster jobs to non-voting"  https://review.opendev.org/c/openstack/openstack-ansible/+/79795205:47
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Revert "Set buster jobs to non-voting"  https://review.opendev.org/c/openstack/openstack-ansible/+/79795205:48
noonedeadpunkwait, wtf zuul did in https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/796940 - why patchset 9 got even reported now...05:51
noonedeadpunkalso feels like https://review.opendev.org/c/openstack/openstack-ansible/+/797892 doesn't really work05:54
noonedeadpunkoh well, maybe it works as now debian fails the way futher 05:57
jrosseryeah cinder db migration again06:22
jrosseryes that is confusing with ps9 results but ps13 being the latest to complete06:23
jrosserwonder if it's all to do with the restart/upgrade of zuul yesterday, something may be broken06:26
noonedeadpunkI have same thought actually.06:35
noonedeadpunknice thing that haproxy eventually should pass06:35
noonedeadpunkalso I tested it with user provided certs and it was fine I think06:35
jrosserawesome06:36
* noonedeadpunk running buster aio atm06:40
noonedeadpunkeventually debian failed not on cinder but on nova from what i saw06:41
noonedeadpunkhttps://zuul.opendev.org/t/openstack/build/9b332681e54644a091faaeb1e497aa93/log/job-output.txt#2066406:42
noonedeadpunkwell, godd thing that ci failure reproduced07:03
jrosseroh thats probably becasue it's using command and not shell07:05
noonedeadpunkhm, no, not really....07:05
noonedeadpunkah, my fault. I thought that I can just source /etc/environmnat :(07:06
noonedeadpunk`export REQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"` and `/openstack/venvs/nova-23.0.0.0b2.dev20/bin/nova-status upgrade check` works07:07
noonedeadpunkinteresting part is why this only raised for debian07:07
noonedeadpunkI mean https://opendev.org/openstack/openstack-ansible-os_nova/src/branch/master/tasks/nova_db_post_setup.yml#L22-L26 is not failing and just passing07:08
noonedeadpunkbacuase it doesn't connect to api I guess...07:09
noonedeadpunkand might be smth related to become....07:10
jrosserperhaps sudo config env_keep might help with that07:13
noonedeadpunkyep, it's become07:13
*** rpittau|afk is now known as rpittau07:15
noonedeadpunk`Defaults        env_reset`07:16
jrosseryeah, thats going to clobber our var i think07:17
noonedeadpunkI believe same is set for ubuntu as well...07:19
noonedeadpunkwell, I don't actually want to patch all roles now for patching sudoers...07:26
noonedeadpunkI bet sudo should get env from /etc/environment after reset normally....07:27
noonedeadpunkthat's result on bionic http://paste.openstack.org/show/806943/07:35
noonedeadpunkoh, well, it's same on debian...07:37
noonedeadpunkbut it's not used by command?07:37
jrossertry command vs. shel07:38
jrosser*shell07:38
noonedeadpunkdoesn't work either07:39
noonedeadpunkif you want to look into and around - same ip as yestarday07:40
noonedeadpunks/around/have time/07:40
noonedeadpunkthere's /root/openstack-ansible/test.yml I'm playing with07:41
opendevreviewOpenStack Proposal Bot proposed openstack/openstack-ansible master: Imported Translations from Zanata  https://review.opendev.org/c/openstack/openstack-ansible/+/79805207:41
noonedeadpunkenv_keep doesn't help either btw07:44
noonedeadpunkmaybe become_method is wrong07:44
jrosserdid you change anything?07:49
jrosserit's working now somehow....07:49
noonedeadpunkum...07:51
jrosseri tried it once, failed, added some debug and tried again, now it's ok.....07:51
noonedeadpunkI set `Defaults        env_keep="REQUESTS_CA_BUNDLE"` instead of doing it specificly for nova user07:51
jrosseroh, well it has to be for the root user?07:52
jrosseras we're doing root->nova07:52
noonedeadpunkat least `Defaults:nova env_keep="REQUESTS_CA_BUNDLE"` doesn't work07:52
noonedeadpunkoh, yes, indeed, it should be for root, stupid me07:52
jrosseranyway \o/07:52
jrosserbut super odd it doesnt do this on ubuntu07:53
noonedeadpunkwell, still not super clear why ansible does see env var when become07:53
noonedeadpunkbut it's not taken into account07:53
noonedeadpunkyeah and ubuntu actually the same07:54
jrosseri added a task just like the nova-status one which ran /usr/bin/env07:54
jrosserand you can see the vars there when run with -vv, "stdout_lines": ["SUDO_GID=0", "MAIL=/var/mail/nova", "USER=nova", "HOME=/var/lib/nova", "SUDO_UID=0", "LOGNAME=nova", "TERM=unknown", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt", "LANG=en_US.UTF-8", "SUDO_COMMAND=/bin/sh -c echo BECOME-SUCCESS-bmpwqtzqouwizivbpofjbhrvlrxtltbp ; 07:55
jrosser/usr/bin/python3", "SHELL=/bin/bash", "SUDO_USER=root", "PWD=/var/lib/nova/.ansible/tmp/ansible-moduletmp-1624607180.1686323-b4zjj8pw"]07:55
noonedeadpunkoh07:56
noonedeadpunkI think it might be because of pam.d session for sudo...07:56
noonedeadpunkubuntu has `session    required   pam_env.so readenv=1 user_readenv=0` in /etc/pam.d/sudo07:57
noonedeadpunkalso I think become_method su will also fix issue07:58
noonedeadpunkyeah...07:59
noonedeadpunkeventually we can specificly provide envfile with `session    required   pam_env.so readenv=1 envfile=/etc/environment user_readenv=0` 08:03
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Set REQUESTS_CA_BUNDLE env var  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/79712908:12
noonedeadpunkit's super weird it's not done for sudo but done for su...08:13
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Set REQUESTS_CA_BUNDLE env var  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/79712908:15
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Set REQUESTS_CA_BUNDLE env var  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/79712908:15
jrossernoonedeadpunk: you have ansible_facts['distribution'] | lower == 'Debian' which looks wrong?08:16
noonedeadpunkyeah...08:16
noonedeadpunkalready fixed08:16
jrosserah ok08:16
noonedeadpunkalso nice things to merge might be https://review.opendev.org/c/openstack/openstack-ansible/+/798001 as it was one of goals for release08:19
opendevreviewJonathan Heathcote proposed openstack/openstack-ansible stable/victoria: Bump SHAs for stable/victoria  https://review.opendev.org/c/openstack/openstack-ansible/+/79500008:54
noonedeadpunkfeels like 796809 going to pass now :)10:03
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Enable senlin tempest plugin when senlin is deployed  https://review.opendev.org/c/openstack/openstack-ansible/+/75410510:05
jrossercool - need to push to merge all these small fixes that it needs10:09
noonedeadpunkwill monitor them and ping ppl once they pass ci10:15
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Add centos-8 support for ovs-dpdk  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/76272910:16
mjwalesHi, we have completed an upgrade from Train to Ussuri but neutron is playing up. As far as we can tell the l3 agent is not creating any routers. Are there any known issues?10:22
noonedeadpunkand what does l3 agent logs say?10:23
mjwalesNot a lot it stops logging after running for 10 minutes or so10:24
noonedeadpunkare agents even running?10:25
noonedeadpunkalso are you checking journald logs, right?10:25
noonedeadpunkactually I may think about some rootwrap issue, but logs would help a lot10:25
mjwalesThe agents are showing as active via a systemctl status10:26
noonedeadpunkas well as openstack network agent list?10:27
mjwalesWe rebooted a controller node at 08:20 this morning. The l3 agent then outputs logs to journald until 08:31 then nothing since that10:27
mjwalesopenstack network agent list shows them as active10:27
noonedeadpunkand happy smile as well?:)10:28
mjwalesand a happy smile too 10:29
noonedeadpunkwell, at least that means that it's not rabbitmq communication issue. 10:29
noonedeadpunkbut not so sure....10:29
noonedeadpunkas node reboot might trigger rabbitmq issue10:30
noonedeadpunkand if there're no logs then l3 agent doesn't recieve any messages...10:31
mjwalesWe enabled debug logging for l3 on one of the nodes. That does continually log but only items such as "Lock "_check_child_processes" acquired by " 10:32
mjwalesWe initially thought this might be because we have a large number of networks and routers (700+)10:32
noonedeadpunkand issues are only with l3s? so instance are created and managed normaly without issues?10:34
mjwalesLogs from the controller that was rebooted at http://paste.openstack.org/show/806950/10:35
opendevreviewMerged openstack/openstack-ansible master: Revert "Set buster jobs to non-voting"  https://review.opendev.org/c/openstack/openstack-ansible/+/79795210:36
mjwalesInstances launch as show in a running state10:37
mjwalesTrying to look at the console in horizon just show "Connecting"10:37
noonedeadpunk`oslo.messaging._drivers.impl_rabbit` are actually concerning10:37
noonedeadpunkand you can telnet to rabbit ports from controller node?10:38
mjwalesI put those down to rabbit starting on the node10:38
noonedeadpunkmight be actually. I think there should be message tha connection was re-initiated though...10:40
noonedeadpunkand all l3 agents are not creating new namspaces and do nothing?10:40
mjwalesTrying to telnet using 'telnet infra3-rabbit-mq-container-15d1d426 5672' gives a response of 'Connection closed by foreign host.'10:42
noonedeadpunkand what does rabbitmqctl cluster_status say? if run it from rabbit container?10:42
mjwalesThat says everything is fine. 3 disk nodes, 3 running nodes, all on the same version and no alarms or partitions10:43
mjwalesRunning a host 'host infra1-rabbit-mq-container-45cefef2' give two entires however a 'infra1-rabbit-mq-container-45cefef2 has address 172.29.239.195' and 'Host infra1-rabbit-mq-container-45cefef2 not found: 3(NXDOMAIN)'10:45
mjwalesThere are connections to each of the rabbit nodes. Checked via rabbitmqctl status10:52
mjwalesnoonedeakpunk: the l3 agents do create a handful of namespaces after a restart but that then stops11:06
noonedeadpunkwell... I'm not sure it will work, but worth trying? with some messages related issues that helps11:08
noonedeadpunkrunning openstack-ansible rabbitmq-install.yml -e rabbitmq_upgrade=true11:08
mjwalesWill give it a shot 11:10
*** rpittau is now known as rpittau|bbl11:17
opendevreviewMerged openstack/openstack-ansible master: Imported Translations from Zanata  https://review.opendev.org/c/openstack/openstack-ansible/+/79805212:09
noonedeadpunkspotz: jrosser ebbex would be great to get votes on https://review.opendev.org/q/topic:%22osa%252Fpki%22+(status:open)+label:Verified12:20
jrossernoonedeadpunk: we set this to False https://review.opendev.org/c/openstack/openstack-ansible/+/796809/8/inventory/group_vars/all/keystone.yml12:25
jrosserbut the default in group vars is still http https://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/all/all.yml#L8712:26
noonedeadpunkagree- stupid12:26
noonedeadpunkah, well, not really12:26
noonedeadpunkbecause it more about what we do by default vs what we want to test?12:26
noonedeadpunkbecause insecure makes sense only when https+cert untrusted12:27
jrosseroh right of course12:28
jrosserso now it is an actual error when the cert is not trusted12:28
jrosserrather than something to hack around12:28
noonedeadpunkyep12:28
noonedeadpunkalso votes on https://review.opendev.org/c/openstack/openstack-ansible/+/798001 https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/797991 and https://review.opendev.org/c/openstack/ansible-config_template/+/796151 would be a plus12:34
jrosserurgh linters on stable/victoria need attention https://zuul.opendev.org/t/openstack/build/8682a29bfa74484bb5a450696e74326012:41
noonedeadpunkyeah...12:41
noonedeadpunkI saw that, will take a look now. I guess it's related to integrated repo only12:41
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Enable senlin tempest plugin when senlin is deployed  https://review.opendev.org/c/openstack/openstack-ansible/+/75410512:41
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Don't set keystone URI as unsecure  https://review.opendev.org/c/openstack/openstack-ansible/+/79680912:46
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Enable senlin tempest plugin when senlin is deployed  https://review.opendev.org/c/openstack/openstack-ansible/+/75410512:46
noonedeadpunkdamn12:46
noonedeadpunkI meant to rebase only top patch :(12:46
opendevreviewMerged openstack/openstack-ansible-openstack_openrc master: Add OS_CACERT env variable  https://review.opendev.org/c/openstack/openstack-ansible-openstack_openrc/+/79781812:52
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump SHAs for master  https://review.opendev.org/c/openstack/openstack-ansible/+/79499812:55
*** rpittau|bbl is now known as rpittau12:56
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/victoria: Workaround linting issue  https://review.opendev.org/c/openstack/openstack-ansible/+/79808313:10
spotznoonedeadpunk: Looking13:21
opendevreviewAmy Marrich proposed openstack/openstack-ansible-openstack_hosts master: Set REQUESTS_CA_BUNDLE env var  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/79712913:25
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Set REQUESTS_CA_BUNDLE env var  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/79712913:26
spotzAck hope we didn't collide!13:27
noonedeadpunkjust edited your small typo) https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/797129/10..11/releasenotes/notes/requests_ca_bundle-1a678a22b3375976.yaml13:27
spotzhehe, II really need a new keyboard. Sometimes I'm better at catching the extra letters then other times13:28
spotzAnd sometimes I just hit enter in chhats cause my friends read through it:)13:28
noonedeadpunkyeah, and I totally need to attend more english classes :( or buy smth like grammarly at least13:29
opendevreviewAmy Marrich proposed openstack/openstack-ansible-haproxy_server master: Generate self-signed SSL per listen IP  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/79694013:30
spotzOk no typos there:)13:30
spotzI add some the's I change afeew words out. It's not that the words are wrong but for a smoother flow. And it's why you keep me around:)13:31
spotz+2'd cause the code did look good on both of those. The other one is already +w13:32
noonedeadpunkwe eventually do this for https://review.opendev.org/c/openstack/openstack-ansible/+/796809 13:33
noonedeadpunk(which stopps us from finally releasing W)13:33
noonedeadpunkbtw would be also awesome to merge nspawn deprecation :) https://review.opendev.org/c/openstack/openstack-ansible-nspawn_container_create/+/797726 https://review.opendev.org/c/openstack/openstack-ansible-nspawn_hosts/+/79772413:35
opendevreviewMerged openstack/ansible-role-uwsgi master: Use the system trust store for python requests rather than certifi  https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/79760013:51
opendevreviewMerged openstack/openstack-ansible-haproxy_server master: Add variable to disable stick-table  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/79764214:19
*** rpittau is now known as rpittau|afk14:47
noonedeadpunkhopefully stuff will land today and wil be able to push branching PR for roles tomorrow15:01
jrosserwe need another vote on this https://review.opendev.org/c/openstack/openstack-ansible/+/797890/15:31
jrosserand a little care with small changes/nits just now on anything to avoid interfering with the currently running jobs15:33
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible/+/796809 is 90% passed in CI...15:36
opendevreviewMerged openstack/openstack-ansible-os_nova stable/train: Use version from repo_packages for SPICE HTML5  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/79731216:01
noonedeadpunkspotz: can you please check these 2 patches as well if still around ?:)16:10
noonedeadpunkand https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/797991 :)16:11
noonedeadpunkjrosser: btw https://review.opendev.org/c/openstack/openstack-ansible/+/798083 seems to ublock V16:14
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/victoria: Bump SHAs for stable/victoria  https://review.opendev.org/c/openstack/openstack-ansible/+/79500016:15
jrossercommit message is saying tempest is commented out, which the patch doesnt do16:41
opendevreviewJonathan Rosser proposed openstack/openstack-ansible stable/victoria: Workaround linting issue  https://review.opendev.org/c/openstack/openstack-ansible/+/79808316:42
opendevreviewJonathan Rosser proposed openstack/openstack-ansible stable/victoria: Bump SHAs for stable/victoria  https://review.opendev.org/c/openstack/openstack-ansible/+/79500016:42
opendevreviewMerged openstack/openstack-ansible-openstack_hosts master: Set REQUESTS_CA_BUNDLE env var  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/79712916:44
opendevreviewMerged openstack/openstack-ansible-haproxy_server master: Generate self-signed SSL per listen IP  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/79694017:21
spotznoonedeadpunk: I think I got them all19:27
jrosserspotz: theres a bunch on the dashboard needing approval too http://bit.ly/osa-review-board-v319:29
spotzjrosser: bit.ly is rrerouting me to my dashboard:)19:32
spotzHa cliicking vs copying worked:)19:32
opendevreviewMerged openstack/openstack-ansible-nspawn_hosts master: Deprecate OpenStack-Ansible nspawn repositories  https://review.opendev.org/c/openstack/openstack-ansible-nspawn_hosts/+/79772419:41
opendevreviewMerged openstack/openstack-ansible-nspawn_container_create master: Deprecate OpenStack-Ansible nspawn repositories  https://review.opendev.org/c/openstack/openstack-ansible-nspawn_container_create/+/79772619:43
opendevreviewMerged openstack/openstack-ansible master: Allow proxy zuul job to connect to any port  https://review.opendev.org/c/openstack/openstack-ansible/+/79789020:07
opendevreviewMerged openstack/openstack-ansible master: Reset deploy host SSH connection after running openstack_hosts role  https://review.opendev.org/c/openstack/openstack-ansible/+/79789221:02
opendevreviewMerged openstack/openstack-ansible-os_barbican master: Allow to symlink barbican_user_libraries  https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/79799121:09
opendevreviewMerged openstack/ansible-config_template master: Add PKI role to functional testing  https://review.opendev.org/c/openstack/ansible-config_template/+/79615121:26
opendevreviewMerged openstack/ansible-config_template master: Use ansible_facts[] instead of fact variables  https://review.opendev.org/c/openstack/ansible-config_template/+/78075321:26
opendevreviewMerged openstack/openstack-ansible-os_neutron master: Add centos-8 support for ovs-dpdk  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/76272922:11
opendevreviewMerged openstack/openstack-ansible master: Split neutron server and neutron agent hosts  https://review.opendev.org/c/openstack/openstack-ansible/+/79800123:34
« Thursday, 2021-06-24 Index Saturday, 2021-06-26 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!