Thursday, 2021-10-07

« Wednesday, 2021-10-06 Index Friday, 2021-10-08 »
opendevreviewws proposed openstack/openstack-ansible-os_keystone master: Add vars file for Rocky Linux distribution  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/81276802:31
opendevreviewws proposed openstack/openstack-ansible master: Add support for Rocky Linux distro to some playbooks and scripts  https://review.opendev.org/c/openstack/openstack-ansible/+/81277003:22
opendevreviewMerged openstack/openstack-ansible-galera_server master: Use ansible-role-pki to generate SSL certificates  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/80771711:58
*** raukadah is now known as chandankumar12:28
opendevreviewMerged openstack/openstack-ansible-os_mistral master: Refactor galera_use_ssl behaviour  https://review.opendev.org/c/openstack/openstack-ansible-os_mistral/+/81023413:01
jamesdentonis the auth_url available as an ansible variable?13:28
noonedeadpunkkeystone_service_(admin|internal|public)url13:29
jamesdentonperfect, thank you13:30
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/all/keystone.yml13:30
jamesdentonthanks, i was lazy :(13:35
opendevreviewJames Denton proposed openstack/openstack-ansible master: Implements framework for ironic_neutron_agent and Neutron 'baremetal' plugin  https://review.opendev.org/c/openstack/openstack-ansible/+/81300613:40
mgariepyjamesdenton, are you using ironic ?13:42
jamesdentonyes13:42
mgariepyfor clients ?13:42
jamesdentonyes, but fairly basic13:42
jamesdentoni use networking_generic_switch plugin in the lab13:42
jamesdentonw/ ironic.13:43
mgariepyis there a way to block bmc or firmware/bios upgrade on the hosts?13:43
mgariepyi guess you need to manage the switches via ironic if you want to make sure that the client don't mess with the network and stuff ?13:45
jamesdentonhmm, well, users don't necessarily have access to OOB (ipmi) network  of the hosts, so no iLo/Drac/etc. Only the ironic conductor would have access to that AFAIK. The alternative to using a switch plugin would be to just put all of the baremetal instances on a flat network13:47
jamesdentonand without credentials, i don't think users can manage the BMC from within the host13:47
mgariepyaren't the users root on the box ?13:49
mgariepywith ipmitool you can set whatever your want13:50
jamesdentonwould you not need the actual ipmi credentials, too?13:51
mgariepyi guess it's ok if your users can be thrusted but not really ok for public cloud.13:51
mgariepyno.13:51
jamesdentoni admit, i have not verified this13:51
jamesdentonwell, i know RAX has baremetal nodes in public cloud, so there must be a way13:51
jamesdentonnot sure if the decom process has some kind of restore., though13:52
opendevreviewJames Denton proposed openstack/openstack-ansible-os_neutron master: Implements ironic_neutron_agent and baremetal ML2 driver  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/81301113:54
mgariepyok 13:55
mgariepythanks13:55
spatelkeepalived question, i am seeing only MASTER generating VRRP multi-cast traffic not BACKUP is that correct?13:55
spatelI thought VRRP multicast traffic should be generated by both node MASTER and BACKUP13:56
jamesdentonmgariepy i will kick one now and verify13:57
mgariepy`ipmitool lan print`13:59
jamesdentonspatel only the master AFAIK13:59
spatelhmm! really, how does master know Backup is available? 13:59
jamesdentonit doesn't care13:59
jamesdentonhttps://datatracker.ietf.org/doc/html/rfc3768#section-6.4.214:01
spatelInteresting... 14:02
spatelThank you!! jamesdenton 14:04
spatelmy problem is floating IP generating VRRP traffic even i configured net.ipv4.ip_nonlocal_bind=114:07
jamesdentonis this an active/active type situation? 14:10
spatelyes, but after rebooting both node looks good now VRR originating from local interface14:18
jamesdentongood deal14:19
spateljamesdenton something is odd, after reboot again it started using VIP address to send VRRP 15:19
spateljamesdenton can you see anything wrong here - https://paste.opendev.org/show/809844/15:20
opendevreviewMarc GariĆ©py proposed openstack/openstack-ansible stable/stein: fix double-double-quotes  https://review.opendev.org/c/openstack/openstack-ansible/+/81304415:25
mgariepynot sure it worth fixing it.. but.. lol "" is not good there haha15:25
noonedeadpunkI hope we don't have that on master :)15:34
mgariepynop15:36
mgariepyit was fixed 15:37
jamesdentonspatel strange. maybe try configuring the virtual address as a /32 - "10.0.0.3/32"15:47
spateljamesdenton i tried that also but same issue, its using VIP address for VRRP :(16:17
spateljamesdenton i think i found my problem.. its my SNAT rule in iptables 16:41
jamesdentonreally.17:00
spatelstill trying to understand... 17:22
spateli have noticed as soon as i put this rules it will start using VIP address for VRRP17:22
spateliptables -A FORWARD -i ens4 -m state --state ESTABLISHED,RELATED -j ACCEPT17:22
spatelnot sure why and what is the connection with FORWARD rules with VIP17:22
spateljamesdenton everything working now :)18:26
spateli am able to sync iptables conntrack table and not a single connection drop during failover 18:26
spatelso connection mirroring working.. tonight i will blog that piece out 18:27
jamesdentonyes, please do@18:49
spatelsure18:58
opendevreviewJames Denton proposed openstack/openstack-ansible-os_neutron master: Implements ironic_neutron_agent and baremetal ML2 driver  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/81301119:02
opendevreviewJames Denton proposed openstack/openstack-ansible-os_neutron master: Implements ironic_neutron_agent and baremetal ML2 driver  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/81301119:09
opendevreviewJames Denton proposed openstack/openstack-ansible-os_neutron master: Implements ironic_neutron_agent and baremetal ML2 driver  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/81301120:45
« Wednesday, 2021-10-06 Index Friday, 2021-10-08 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!