| opendevreview | Tushar Trambak Gite proposed openstack/openstack-ansible-os_cinder master: Stop configuring install_command in tox. https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/811076 | 06:51 |
|---|---|---|
| fresta | I found that you can give neutron bridge_mappings in addition to interface mappings. https://docs.openstack.org/neutron/latest/configuration/linuxbridge-agent.html#linux-bridge | 13:04 |
| fresta | But it's not implemented in OSA: https://github.com/openstack/openstack-ansible-os_neutron/blob/master/templates/plugins/ml2/linuxbridge_agent.ini.j2 | 13:04 |
| fresta | Anyone know if its been left out for a reason or just forgotten? I have created veth-pairs to solve some issues since neutron only accepts interfaces but this would be nicer. | 13:04 |
| jrosser | fresta: the template to generate the neutron config suggests that you can create bridge mappings https://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/templates/plugins/ml2/ml2_conf.ini.j2#L11 | 13:08 |
| jrosser | oh, well under very specific conditions it seems | 13:09 |
| jrosser | you can also use a config override to put in any config you need, there does not need to be specific support in the templates for every possible option | 13:11 |
| jrosser | like this https://docs.openstack.org/openstack-ansible/wallaby/reference/configuration/using-overrides.html#overriding-conf-files | 13:11 |
| fresta | Yeah it's only implemented for OpenDaylight it seems, so I thought maybe there was a reason for that | 13:14 |
| fresta | But config override looks nice, I will play around with that a bit | 13:14 |
| spatel | Question general question, does anyone has suggestion for good linux based firewall like vyos or Mikrotik or pFsense etc.. i want to deploy this in remote datacenter so it should be able to run in Dell 1U server :) | 13:28 |
| jonher | pfSense is BSD based, but all of the ones mentioned will probably do the job. pfSense as you may know has a web ui, so does mikrotik (check license for features), vyos there is only nigthly or paid "stable" (only cli) | 13:52 |
| spatel | jonher Thanks for input, you are saying vyos is free for nightly build only? | 14:02 |
| jonher | "stable" is paywalled, rolling (beta) is available to download freely | 14:03 |
| spatel | I am looking for little advance firewall which support VPN, some kind of HA and connection mirroring during failover short of thing.. | 14:03 |
| jonher | i'd probably go pfSense as it's very competent, but take your other requirements and evaluate what works best for you | 14:04 |
| spatel | can i install pFsense on Dell servers? | 14:06 |
| spatel | Does it support HA short of thing/ | 14:06 |
| jrosser | if i was wanting an HA remote firewall and it was my OOB / disaster recovery i'd probably not use a server, but thats just my preference i guess | 14:16 |
| spatel | Agreed but this is remote rental datacenter for small time and they won't provide your personal hadware in their racks | 14:26 |
| spatel | We are running services in AWS/GCP and cost is very high so planning to bring them on rental datacenter to take cost. anyway i will find some workaround or may use iptables + keepalive with conntrack mirror module | 14:27 |
| spatel | jrosser do you guys keep public ip on infra server? | 15:09 |
| jrosser | no | 15:09 |
| jrosser | everything is pretty much in a dmz | 15:09 |
| spatel | how does outside world talk to public IP? | 15:09 |
| jrosser | via network nodes | 15:10 |
| jrosser | and dedicated haproxy nodes | 15:10 |
| spatel | i meant openstack API services, Horrizon etc... | 15:10 |
| jrosser | yes | 15:10 |
| jrosser | we have haproxy on its own node | 15:10 |
| jrosser | and thats the only one with a public IP | 15:10 |
| jrosser | and iptables all over it | 15:10 |
| spatel | hmmm | 15:11 |
| jrosser | plus router ACL, it's in its own subnet | 15:11 |
| spatel | I don't have dedicated HAProxy in remote rental DC (limited hardware so i may use public IP on infra nodes_ | 15:11 |
| spatel | jrosser does OSA support 21.04 Ubuntu release? | 15:19 |
| jrosser | spatel: theres no testing of 21.04, and i think the ansible will detect it's not a tested OS and bail out | 15:38 |
| spatel | hmm | 15:38 |
| jrosser | thats not to say it wont work, but there will certainly be things to fix up | 15:39 |
| jrosser | but like i say theres no testing of it in CI for OSA nor any of the other components of openstack, like nova/keystone/cinder/.... | 15:39 |
| spatel | do we have plan to support net big ubuntu LTS release 22.x ? | 15:39 |
| jrosser | thats how the openstack development happens in general, yes | 15:39 |
| spatel | perfect! if we are on it :) i think in April month 22 coming out | 15:40 |
| spatel | ofc next year | 15:40 |
| spatel | jrosser how do i change default domain name in OSA ? | 15:54 |
| spatel | jrosser did we break something? | 16:19 |
| spatel | https://paste.opendev.org/show/809623/ | 16:19 |
| spatel | Installing new openstack and hit this error | 16:20 |
| jrosser | why use the system interpreter? | 16:20 |
| jrosser | inventory_manage should be executable | 16:20 |
| spatel | without that i am getting this error - https://paste.opendev.org/show/809624/ | 16:21 |
| spatel | This is fresh OS ubuntu 20.04.3 | 16:22 |
| spatel | I haven't seen this error before | 16:25 |
| spatel | hang on... | 16:27 |
| spatel | it was my error :( | 16:27 |
| spatel | the way i set used_ip: | 16:28 |
| spatel | i am good! thanks for checking | 16:28 |
| spatel | jrosser quick question, if i install OSA with single node infra then does OSA install keepalive or not? | 17:04 |
| -opendevstatus- NOTICE: Gerrit and Zuul services are being restarted briefly for configuration and code updates but should return to service momentarily | 20:09 | |
| spatel | Timeout in RPC method security_group_info_for_devices. Waiting for 1668 seconds before next attempt. If the server is not down, consider increasing the rpc_response_timeout option as Neutron server(s) may be overloaded and unable to respond quickly enough | 20:29 |
| spatel | did you see this error? | 20:29 |
| spatel | is this rabbitMQ issue or neutron-server (i am not seeing any issue with rabbitMQ and neutron load is normal ) | 20:30 |
| spatel | jrosser around? | 21:49 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!