Wednesday, 2021-08-11

« Tuesday, 2021-08-10 Index Thursday, 2021-08-12 »
opendevreviewSven Anders proposed openstack/openstack-ansible-os_keystone master: use keystone custom certificates from remote host  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/80420206:21
opendevreviewSven Anders proposed openstack/openstack-ansible-os_keystone master: Handle host with unset ansible_host  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/80420606:42
opendevreviewSven Anders proposed openstack/openstack-ansible-os_keystone master: Make Keystone_all group configurable  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/80420706:44
*** rpittau|afk is now known as rpittau07:23
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_neutron master: Add support of OVN for CentOS-8-Stream  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/80398707:49
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_neutron master: Use list of cluster member for ovn ml2 agent to directly connect  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/80399008:00
opendevreviewMerged openstack/openstack-ansible stable/train: Remove Debian Stable testing  https://review.opendev.org/c/openstack/openstack-ansible/+/80340509:49
opendevreviewMerged openstack/openstack-ansible-os_neutron master: Replace centos-8.x jobs with centos-8-stream  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/80403610:09
opendevreviewMerged openstack/openstack-ansible-os_neutron master: Set ovn hostname using nodename facts  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/80398810:09
opendevreviewMerged openstack/openstack-ansible-os_neutron master: Fix OVN metadata protocol to point https  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/80398910:09
*** rpittau is now known as rpittau|afk11:28
admin1anyone here using ceph with 2 different pools ( hdd/ssd) with 2 different pools ..  i have 2 types of cinder backends . but no matter what i select, it only goes to one .. here is my cinder.conf on how its set .. https://pastebin.com/imQ8LawX11:33
agemuendHi all, we're new to openstack-ansible but have managed RDO based clusters manually before. On a new deployment we're seeing issues with image upload. On the dashboard we just receive a generic error message, through the CLI we get: "('Connection aborted.', BrokenPipeError(32, 'Broken pipe')". There are no glance log files in the container and the journal is empty as well. How do I normally debug such things with openstack-ansible?11:37
admin1i think you need to enable a special heat variable  in order to enable image upload via dashboard 11:39
admin1via cli it will work well 11:39
agemuendOkay, but first more generally, what is the log strategy in osa with lxc. Should it be in the hosts journal, the containers journal, in log files, or where?11:40
agemuendI'm a bit confused by that11:41
agemuendRegarding CLI, the debug log shows that it communicates with glance successfully before, but when it comes to the PUT request `/v2/images/{ID}/file` it fails with BrokenPipeError11:44
agemuendUnfortunately I cant find any server logs as mentioned11:45
admin1the logs are in the journal and not log file11:48
admin1journalctl -u "username" would give you access to the logs 11:48
admin1neutron i think still has logs in the log files .. for the rest, its journal11:48
admin1agemuend, what is the backend ? 11:48
admin1ceph ? 11:49
admin1you can set the debug = true to get more output 11:49
admin1are you seeing the error when you do openstack  --debug  image create ...  from the util container ? 11:50
agemuendYes, its ceph indeed11:51
agemuendSo its in the journal inside the lxc container, right?11:51
admin1yes 11:51
agemuendIs there some kind of best practice or even included role to configure a logserver?11:53
agemuendDue to the 3 management nodes its quiet a hassle to attach to all the containers and log into the journal there11:53
agemuend*look11:54
agemuendBut thank you 11:54
agemuendAh indeed, I see a rbd.PermissionError: [errno 1] RBD permission error (error creating image) now11:54
admin1if you are getting an  error like this , its easy .. you can shut down or put in MAINT 2 nodes via hapropxy and just check the logs in the active one 11:54
admin1there used ot be a good logging rule, but i am also looking for one good role myself 11:55
admin1i think there is a way you can say you want the old style logs back, which you can send to something like graylog 11:55
admin1its some variable, which does the logs in file .. but i don't recall that exact variable name11:55
agemuendOkay, I'll check that, we could just send them to our existing graylog server then which would be easier for us11:57
agemuendThanks again11:57
admin1this issue solved ? 11:57
agemuendI think so, at least I see in ceph auth ls that the glance user has only rx instead of rwx on the glance pool. probably a typo11:59
agemuendYes, that worked indeed, thanks12:04
jrosseragemuend: the container journals are all bind mounted onto the hosts12:06
jrosseryou do not need to collect journals from within the containers12:06
jrosserso you can pick whichever tool you like (I use elasic journalbeat) to collect from the host if you set the paths up correctly, and the tool understands collecting from multiple journals12:06
jrosserOSA is not opinionated about how log collection is done, we find everyone has their own preference so baking in a particular log collection stack is not helpful12:07
jrosseragemuend: if you want to use graylog there is some stuff here https://github.com/openstack/openstack-ansible-ops/tree/master/graylog - deployment of graylog which you wont want, forwarding to graylog which may be helpful12:09
jrosserthe openstack-ansible-ops repo is contributed code and not part of the formal OSA release, so 'it-is-what-it-is' but hopefully useful12:10
agemuendah nice12:13
agemuendthanks for the pointer12:13
kleinihow can I read the journal log files on the host written for containes in /openstack/log/containername?12:14
admin1those are text files12:20
admin1you can just cat/more/less12:20
tabachaHi I am Sven Anders I am working at ScaleupTech GmbH in Hamburg Germany and we want to use Ansible to Deploy our new OpenStack Cluster. We have already two old Cluster which were set up manualy. 12:21
tabachaWe do not want to set up out Cluster with the guide from OpenStack-Ansible but "cherry-pick" some Ansible roles which are suiteable for us. As the roles are small/distinct this looks very good.12:22
admin1tabacha, in the long run, you will be playing catch-up with maintenance and keeping up the cherry picking 12:23
jrosseradmin1: the journals are binary not next12:24
admin1that i know .. i was only referrring to the saved log files 12:24
jrosseroh sorry12:24
tabachaLast week we set up Keystone with the os_keystone role, this looks good, but we found some small thinks that we would like to change. I am new to OpenStack but I use Ansible for "a long" :-) time.12:25
kleinihttps://paste.opendev.org/show/808009/ <- those are journals and not text. how can I read those journals as they contain the logs of the OpenStack services12:25
admin1try maybe journalctl --file   $path .. may work 12:25
admin1tabacha, for those small things , you can always override 12:26
jrossertabacha: it is sad you do not want to use the openstack-ansible framework to use those roles - is there a good reason for this?12:26
agemuendFor me those journal folders are actually empty12:27
admin1well upto you .. in our org we use openstack ansible as-is .. no changes .. this means we don't have to worry about update testing, upgrade testing,  documentation, etc .. as we even follow the IP ranges as-is .. that way, a very small team is able to manage a lot of platforms 12:27
admin1and because we don't do any changes, we don't have to worry about if the new version will break our changes .. 12:27
agemuendWhile talking about this, whats the easiest way to insert a configuration file change in lets say, cinder.conf?12:28
jrosseragemuend: you should learn about our config_template ansible module12:29
agemuendAnd while testing, a couple of times changes didnt arrive in the containers, we had to specifically delete them12:29
agemuendCould you give me a pointer to some docs?12:29
jrosserhere is the documentation for config_template https://docs.openstack.org/ansible-config_template/latest/12:30
jrosserfor example here is how it is used for cinder config https://github.com/openstack/openstack-ansible-os_cinder/blob/master/tasks/cinder_post_install.yml#L25-L4012:30
agemuendThat documentation is not very extensive ;)12:31
jrosserhold on12:31
jrosserwell, to be fair that is the documentation for that ansible module12:31
agemuendSo config_overrides is a dict of key values?12:31
jrosserwhat you want to know about is how it is used in the context of OSA12:31
jrosserwhich would be this https://docs.openstack.org/openstack-ansible/wallaby/reference/configuration/using-overrides.html12:32
tabacha@jrosser one  reason is that we already have a Company wide Ansible Repo and want to integrate openstack into this. As I told you bevore we have 3 distinct clusters. So its problematic when there is for example one group called: keystone_all as we need keystone_all_cluster1, keystone_all_custer2 ...12:32
jrosserconfig_template is a derivative of the ansible template module with the ability to 'sideload' an extra set of key/values in a dict12:32
agemuendnice, the last link is exactly what I needed, thanks. I'll go test this for a while12:34
tabachaAn other reason is that we want to understand who our cluster is setup in depth so we install one service after an other and we have already some good ansible roles which conflicts with os.12:34
jrosseri would encourage you to get involved with openstack-ansible as a whole rather than take the roles individually12:35
jrosserthere is a *lot* of orchestration in our the playbooks which use the roles which make upgrades and general cluster management tractible12:35
jrosserand the 'wiring' that is done in the openstack-ansible group_vars is another key piece which glues all the roles together with sensible settings12:36
tabachaOkay I have created change 804202 , 804206 and 804207 in gerrit via git review jrosser you told me to run git review again after I changed the commit message. How do I do this? When I run git review i got:   ! [remote rejected] HEAD -> refs/for/master%topic=keystone_all_group_configurable (no new changes)12:37
tabachaerror: failed to push some refs to 'ssh://tabacha@review.opendev.org:29418/openstack/openstack-ansible-os_keystone.git'12:37
jrosseryou would edit your local files to update the change12:37
jrossergit commit --amend to get them into the commit12:37
tabachaI have modified commit message via Web Interface12:37
jrosserthen git review to push a new revision12:37
jrossercan you give me the link?12:38
tabachahttps://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/80420712:39
tabachaI manged it by: git commit --amend --no-edit && git push origin HEAD:refs/for/master12:40
jrosserthere is only the first patchset there12:40
jrosseroh, well you don't ever git push12:40
tabachayes I will update the other later on.12:40
jrosserno, i mean i only see the first revision12:40
tabachaI have only changed the commit message12:41
jrosserok, have you pressed 'publish edit' ?12:42
opendevreviewSven Anders proposed openstack/openstack-ansible-os_keystone master: Make Keystone_all group configurable  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/80420712:42
jrosserthe commit message is part of the patch so changing it will make a new revision12:42
jrosser^ thats it :)12:42
opendevreviewSven Anders proposed openstack/openstack-ansible-os_keystone master: Handle host with unset ansible_host  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/80420612:43
opendevreviewSven Anders proposed openstack/openstack-ansible-os_keystone master: use keystone custom certificates from remote host  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/80420212:44
tabachaokay, thank you12:44
jrosserok, so this is all fairly big changes, particularly if you need to do it across all the roles12:44
jrosserand i hope i have been clear about the SSL changes, that the code you want to change will be removed with the introduction of our new pki role12:46
jrosseras others have pointed out we are definately going to be making breaking changes in your context, which will not be breaking changes for someone deploying "normally" with openstack-ansible12:47
tabachaWe will review and test any change bevore it goes to our repo.12:47
tabachaThe alternative for us is not to push back some changes which could be also good for openstack-ansible in general.12:49
jrosserspatel: hey o/12:58
spatelhey12:59
jrossergot a bunch of those os_neutron patches merged12:59
spatelsweet!!! 12:59
jrosserlooks like it's still failing in a strange way on calico here https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/803987/512:59
spatellet me take a look 13:00
jrosserwhat is most odd is that https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/803990/5 is passing, and as far as i can see this doesnt touch anything to do with calico13:04
spateljrosser look like not able to get IP - https://f0bccbeb237308849467-c4783fd37c32977d9e7087e921c209d3.ssl.cf1.rackcdn.com/803987/5/check/openstack-ansible-deploy-aio_metal_calico-ubuntu-bionic/03acf86/logs/host/utility/tempest_run.log.txt13:06
spatelvery odd.. i can spin up my lab and give it a try.. but if we are running out of time then we can do NV 13:07
mgariepyhttps://zuul.opendev.org/t/openstack/build/03acf862e4eb4d9582e54f491e381a71/log/logs/host/etcd.service.journal-09-06-34.log.txt#11313:10
mgariepythat's kinda weird. but i don't know anything about etcd or calico .13:10
mgariepybeside that they exist. and do ""stuff""13:11
spatelwe need boots on ground to fix.. based on logs hard to know.. i am trying to spin up aio to see what is going on 13:17
opendevreviewSatish Patel proposed openstack/openstack-ansible-openstack_hosts master: Add nova dependency repo for distro install  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/80347513:20
agemuendBy the way guys, we also had this bug: https://bugs.launchpad.net/openstack-ansible/+bug/192269913:26
agemuendI just added fmt to the includepkgs list in roles/lxc_hosts/tasks/lxc_install_dnf.yml to fix it13:27
jrosseragemuend: are you able to make a patch for that?13:30
jrosserwhich is to here i guess https://opendev.org/openstack/openstack-ansible-lxc_hosts/src/branch/master/tasks/lxc_install_dnf.yml#L67 ?13:31
jrosserit's a shame we don't have any testing of centos/ceph to pick that up, needs people interested in centos deployments to step up and look after that13:33
spatelI can be centos tester but mostly i do test related all core service and not storage but i can setup lab 13:40
spateljrosser curious why do we have calico for only ubuntu-bionic ?13:41
spatelbut not focal ?13:41
jrosserjust tech debt really13:41
jrosserneeds updating13:41
jrosserthats a really simple patch just to see how far it gets13:41
spatelcan we set NV and merge that patch for now and later we can do followup because i can see that Job passed yesterday so look like some stupid reason its failing 13:42
jrosseras it's calico, yes thats fine to make it NV13:42
jrosserwe need to resolve the OVN stuff as priority13:42
spateli haven't heard anyone running calico networking :) ovn is most popular and defacto now 13:42
jrosserlots still missing from OVN13:43
jrosseripv6 is a big gap13:43
jrosseranyway13:43
spatelyes ipv6 is missing 13:45
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_neutron master: Make calico non voting  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/80424013:45
jrosserspatel: ^ there13:45
spotzThanks spatel for volunteering!13:45
agemuendjrosser: yes thats the place13:46
spatelnp :) happy to help wherever possible and actually i am helping myself :) 13:46
spateljrosser did you see my comment here? - https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/80363013:48
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_neutron master: Switch calico job from bionic to focal  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/80424213:49
jrosserspatel: you could put the creation of that dir somewhere like this https://github.com/openstack/openstack-ansible-lxc_hosts/blob/master/templates/prep-scripts/centos_8_prep.sh.j2#L2713:50
spatel in that patch /etc/yum/vars is symlink that is why i have included both yum and dnf dir  - https://paste.opendev.org/show/808012/13:50
jrosseri wonder why they are not there in the container image13:51
spatelthere is nothing wrong to include whole directory.. if has just few files inside, who knows somewhere they are dependent 13:52
spatelif you want i can do mkdir -p /etc/yum/vars and just include that and exclude dnf (in future redhat may remove yum then we will stuck again)13:53
spateljrosser i manage to finish my upgrade from V -> W but mysql was big hit.. 14:03
spatelfinally i upgraded mysql to 10.6.4 14:03
jrosserah yes you missed my comment yesterday14:03
jrossernaaaah14:03
jrosserlook at this https://github.com/openstack/openstack-ansible-galera_server/blob/master/handlers/galera_upgrade_hook.yml14:04
jrosseryour first attempt at upgrade failed becasue of too many connections14:04
jrosserso it will have never run the handers at the end of the playbook14:04
jrosserthe handlers fix up the mess left by 10.5.9 bugs14:04
spatelhmm 14:05
spatelthen i un-install mysql and re-install but still had that permission issue.. 14:05
spatelfinally this is how i solved that - https://paste.opendev.org/show/808013/14:06
spatelplaybook was failing to add admin account and i did by hand then 14:06
spatelI am going to do this exercise again to see if i can re-produce14:07
spateljrosser this patch also ready for merge - https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/80347515:05
spateldo you still think we should fix this patch before merge or we are good? - https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/80363015:06
admin1checking here  I have 2 ceph pools ..   and 2 cinder backends . but when i create volumes, it only goes to 1 backend .. Here is my ceph.conf config and the ceph pools ..   https://pastebin.com/imQ8LawX15:09
spatelthat is cinder job to decide not ceph right?15:11
admin1yes15:19
admin1this is what is in my variables  https://pastebin.com/LbqTtmX115:19
admin1based on that when i create a fast-io volume, it should go to the svolumes pool . but not the case15:20
jrosseryou've made the volume types with the cli?15:20
admin1no 15:20
admin1osa did it for me 15:20
admin1i only add images, flavors and network from cli 15:20
jrosserwhat does `openstack volume type list` show?15:22
admin1shows this -> https://pastebin.com/hgEMYGDd15:25
admin1volume type show  shows this -> https://pastebin.com/h7dJgceJ15:26
admin1do i need to put a diff volume_backend_name ? 15:27
admin1i only have  rbd_pool: svolumes  vs  rbd_pool: hvolumes15:27
admin1while i put the same volume_backend_name 15:27
jrosservolume_backend_name is the thing it needs to know15:27
admin1oh .. 15:27
admin1ok15:27
admin1i will make those to match  the rbd_pool name15:28
admin1one more .. regarding overriding varibles by using group_vars ..   config here: https://pastebin.com/3tGGS8Zp15:28
admin1for only 1 server, i want to use a diff allocation ratio .. 15:28
admin1im is a shortcut i made for $path/inventory-manage -l 15:34
spatelcurious what disk cache mode you guys set for good performance? 15:34
jrosserlook at ansible variable precedence15:34
jrosseranything in user_*.yml overiddes all of host/group vars15:34
*** sshnaidm is now known as sshnaidm|afk15:35
admin1oh .. then i did and expected the opposite :) 15:35
admin1what is the recommended way to override variables for just 1 host 15:36
jrosseruser_*.yml is passed to ansible-playbook using -e15:36
jrosserthis is the highest precedence15:36
jrosseryou need to move your nova_nova_conf_overrides out of user_variables.yml completely15:37
admin1so create nova_compute.yml in group_vars and put the config there, and also put the host.yaml also there ? 15:39
admin1for just 1 line, i used to use host_vars in the user_config directly 15:41
jrossergroup_vars/<group_name>.yml and host_vars/<host_name>.yml15:44
jrosseryou can test it with ansible debug module15:44
jrosseror a trivial playbook to print the value15:45
jrosserspatel: \o/ calico passes on focal https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/80424215:56
spatel:)15:56
spatelnice!15:56
spatellook like it was bionic issue then 15:57
jrosserperhaps, it's strange that it does pass sometimes15:58
spateli think something handling it back to handover ip and sometime it get timeout 16:00
spatelnew OS is way to go for all new technologies 16:02
spateljrosser do you have any idea here, on Host machine i am getting write 32k IOPS but on VM i am getting 3k IOPS 16:15
spateli think issue is somewhere cache mode, my vm using cache mode = none16:16
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-lxc_hosts master: Allow fmt package to be installed from epel repo  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/80427316:16
jrosserspatel: for what, ceph?16:18
spatelno ceph 16:18
spatelall local disk 16:18
spatelI have SSD on compute nodes 16:18
jrosseryou use virtio-scsi?16:18
jrosseroh right so nova epemeral disks then16:19
jrossernot cinder16:19
spatelYes virtio-scsi option is set in my image metadata16:20
spatelhttps://documentation.suse.com/sles/11-SP4/html/SLES-kvm4zseries/cha-qemu-cachemodes.html16:20
spatelmay be this is what i can try and see if i helps 16:21
jrosseryou use lvm?16:23
spatelno LVM16:23
spateloh wait i do have LVM 16:23
spatelbut if i get 30k IOPS on compute machine directly but getting 3k IOPS on VM running on it that means something else going on16:24
spateli am running fio benchmark tool 16:24
jrosserwell you're going through the virtualisation layer which is going to have some kind of overhead16:25
spatelyes but this is very big difference 16:26
spatel30k vs 3k :)16:26
spateli am going to try out this and see - Cache=writebackI/O from the guest is cached on the host.16:26
jrosseryou could see if there are any iops limits with virsh16:29
spatelsure! let me get bottom of this issue.. 16:30
spateli set disk_cachemodes = writeback in nova.conf and re-build vm but it doesn't do anything 16:33
spateli found this but its old bug - https://bugs.launchpad.net/nova/+bug/172755816:46
spateljrosser epic win!!! 17:06
spatelnow i am getting same IOPS on vms 17:07
spateldisk_cachemodes="file=writeback" 17:07
spatelThis is very important option i think :) 17:07
spatelwrite: IOPS=31.3k, BW=122MiB/s (128MB/s)(7910MiB/64688msec); 0 zone resets17:07
opendevreviewMerged openstack/openstack-ansible-os_cloudkitty stable/train: Updated from OpenStack Ansible Tests  https://review.opendev.org/c/openstack/openstack-ansible-os_cloudkitty/+/69035217:17
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-galera_server master: Update galera to 10.9.12  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/80428417:41
spateljrosser your galera patch headline saying Update galera to 10.9.12 :)17:48
spatelit should be 10.5.12 17:48
jrosseroh!17:48
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-galera_server master: Update galera to 10.5.12  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/80428417:48
jrosserwaaay to optimistic there with 10.9.x17:49
spatelit freaked me out, because yesterday i updated 10.6.4 which is most latest version :)17:50
spatelis this for wallaby right?17:51
jrossernope, wallaby is released17:51
jrossergiven the horror we had with both 10.5.8 and 10.5.9 i'd rather not touch W17:52
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-galera_server master: Partial Revert "Bump MariaDB version to 10.5.9"  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/80428917:54
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-galera_server master: Partial Revert "Bump MariaDB version to 10.5.9"  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/80428917:58
spateljrosser soon i will do upgrade on production may be in 2 weeks, i am thinking to not upgrade my 10.5.6 version of mysql which is stable at present. (do you think that will cause any issue)?18:39
jrosserit's up to you really19:05
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-galera_server master: Partial Revert "Bump MariaDB version to 10.5.9"  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/80428919:08
spateljrosser sure! i will try to not upgrade then, will do when next Xena release come out19:14
jrosseryou know the deal with the upgrade jobs, they run on every patch so the 10.5.8 -> .9 path is well understood19:27
jrosseryou were just unlucky in the lab with connection limit19:27
jrosserit would be bad to create FUD about galera upgrades19:27
spatelhmm19:39
« Tuesday, 2021-08-10 Index Thursday, 2021-08-12 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!