Thursday, 2021-12-23

« Wednesday, 2021-12-22 Index Friday, 2021-12-24 »
admin1hi experts ..  in codesearch, how do I search for a term,, but limit it to openstack-ansible only ? 12:22
noonedeadpunkadmin1: you can select projects to look at12:47
noonedeadpunkthere's "advanced" below search bar12:48
noonedeadpunkso, we can merge https://review.opendev.org/q/topic:%22osa%252Fcore-2.12%22+(status:open%20OR%20status:merged) I guess?12:55
noonedeadpunkI thought it would be harder tbh...12:55
admin1if we want to have all urls under 443 .. like  nova.domain.com,   neutron.domain.com    , etc under *.domain.com   SSL cert, how/where are such things defined ? 13:11
admin1the 443 is because in some orgs only 22 and  443 outbound is allowed .. so other ports are blocked 13:11
noonedeadpunkI think you would need to set haproxy acls for that13:13
noonedeadpunkbut actually it's good question, and we don't have doc for it13:13
noonedeadpunkwe actually want to look for support of that one day, bu we haven't yet 13:19
admin1its just a matter for public endpoint (haproxy) and the corresponding entry in keystone 13:20
admin1i am trying to check how to do this .. 13:20
noonedeadpunkI think you would need override each <service>_service_publicuri13:25
noonedeadpunk(and keep an eye on _service_publicurl)13:25
admin1gnocchi failed to upgrade when upgrading from 23.1.0 > 23.2.0 ..   https://paste.opendev.org/show/bpI276IGrhQ7TUtE0901/     2nd run gives   contraints not found .. how do i force it to rebuild again for gnocchi only 13:26
noonedeadpunkIt sounds like upper-constraints are not present on repo.... or we just broke smth for minor upgrades...13:27
noonedeadpunkbut actually, you can run os-gnocchi-install.yml -e venv_rebuild=true13:28
noonedeadpunk(have you run repo-server role while upgrading?13:29
admin1i copy paste from here: https://docs.openstack.org/openstack-ansible/wallaby/admin/upgrades/minor-upgrades.html :) 13:30
admin1it did have the setup infra setp 13:30
admin1i put a # on gnocchi and above and ran it again .. so that the rest can upgrade .. then will work on gnocchi separately 13:30
admin1i found the overrides .. thanks noonedeadpunk .. i will setup a new aio with the publicurl override and see how good it goes13:34
admin1and after that, will try to do it in production .. and i guess i have to manually update existing public endpoints in the db 13:34
noonedeadpunkwell, playbook will create more emndpoints, but you ould need to delete old ones13:36
admin1i plan to override the variables before the aio runs 13:37
noonedeadpunkbut you will need to have haproxy acls defined as well13:38
admin1i did not know about those 13:38
noonedeadpunkhttps://www.haproxy.com/blog/how-to-map-domain-names-to-backend-server-pools-with-haproxy/13:41
noonedeadpunkhaproxy role has ACL support, but you would need to redefine all services as well to add ACL there13:42
admin1found that in /etc/ansible/roles/haproxy_server/templates/service.j2 13:46
noonedeadpunkhttps://docs.openstack.org/openstack-ansible-haproxy_server/latest/configure-haproxy.html#adding-access-control-lists-to-haproxy-front-end13:46
admin1for gnocchi, i think something wrong with one dependency: https://paste.opendev.org/show/811830/ 13:50
admin1python-rados13:50
noonedeadpunkoh, it is13:50
noonedeadpunkcheck this out https://opendev.org/openstack/openstack-ansible-os_gnocchi/commit/2938fadcf3bc662495c5a135ba3fcd63b1e2040b13:51
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_gnocchi stable/wallaby: Do not provide ceph_alternative extra for ceph  https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/82279313:51
noonedeadpunkor that ^13:52
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_glance master: Add support for TLS to Glance  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/82101113:57
admin1another thing noticed during upgrade is   it kind of hangs/stuck out on this [os_octavia Download image from artefact server ] .. waiting for it to timeout .. ( maybe for hours ) 14:09
opendevreviewJames Gibson proposed openstack/openstack-ansible master: [WIP] Add support for TLS to Glance backends  https://review.opendev.org/c/openstack/openstack-ansible/+/82109014:17
noonedeadpunkwell, I'd say there might be some connectivity issues... Basically this task downloads http://tarballs.openstack.org/octavia/test-images/test-only-amphora-x64-haproxy-ubuntu-bionic.qcow214:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Use focal amphora test image by default  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/82283414:20
*** dviroel is now known as dviroel|afk14:22
opendevreviewJames Denton proposed openstack/openstack-ansible-os_ironic master: Update Ironic Documentation  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/82220314:37
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Disable shell for nova when tunneled migration not used  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/82283814:37
opendevreviewJames Denton proposed openstack/openstack-ansible-os_ironic master: Remove glance_api_servers from ironic.conf  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/82283915:02
admin1i don't recall selecting rally .. its a test suite isn't it ?  .. but uprade fails on  ERROR rally ModuleNotFoundError: No module named 'pymysql'", "2021-12-23 14:43:44.971 37185 ERROR rally \u001b [00m"]}                                                               15:22
noonedeadpunkyep, it is15:22
admin1os_rally : Check for db - fails in this task15:23
noonedeadpunkit's weird, as we run rally for all ci15:23
admin1this is all on ubuntu-focal ..  previous version was 23.1.2 .. being upgrded to 23.2.0 15:24
noonedeadpunkoh well https://opendev.org/openstack/openstack-ansible-os_rally/commit/e1b13a1e448d99363217d49da3fef194b5a91c0915:24
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_rally stable/wallaby: Install PyMySQL as rally commands may not work without it  https://review.opendev.org/c/openstack/openstack-ansible-os_rally/+/82280215:24
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_rally stable/victoria: Install PyMySQL as rally commands may not work without it  https://review.opendev.org/c/openstack/openstack-ansible-os_rally/+/82280315:24
noonedeadpunkI wonder if we should add another label, like backport-candidate15:25
noonedeadpunkso we could keep track on things that worth backporting15:26
admin1i am going to add it manually now and rerun that playbook to continue .. 15:26
*** dviroel|afk is now known as dviroel|afk|lunch15:29
kleiniDoes review.opendev.org not accept RSA keys any more? I get 'send_pubkey_test: no mutual signature algorithm' for my 4096 RSA key.15:40
noonedeadpunkUm, there were some issues with git-review module and git 2.3415:41
noonedeadpunkmy rsa works fwiw15:42
noonedeadpunkbut might be set of ciphers limited15:42
kleiniSSH login does not work at all for me. but it can be some month ago, I used that. To all my other servers this SSH key still works and the Gerrit frontend accepts it when removing and re-adding it.15:48
kleinioh, it is a client setting. good to know15:50
kleiniPubkeyAcceptedKeyTypes +ssh-rsa15:51
noonedeadpunkyou have ubuntu xenial ?:)15:51
kleinimanjaro stable15:51
noonedeadpunkIt's too stable imo...15:51
noonedeadpunkI can recall need to set that like 5 years ago....15:52
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Remove references to unsupported operating systems  https://review.opendev.org/c/openstack/openstack-ansible/+/78255716:05
*** dviroel|afk|lunch is now known as dviroel16:10
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_zun master: Update Zun api-paste  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/82284716:30
opendevreviewMerged openstack/openstack-ansible-plugins master: Add pkcs11_provider defenition  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/82225516:32
opendevreviewJames Gibson proposed openstack/openstack-ansible-specs master: Add proposal for enabling TLS on all internal communications  https://review.opendev.org/c/openstack/openstack-ansible-specs/+/82285016:50
admin1my gnocchi upgrade is stuck on os_gnocchi : Perform a Gnocchi DB sync .. for ages ( like 1+hour ) .. any ideas on how to move ahead17:07
opendevreviewMerged openstack/ansible-role-python_venv_build master: Use the native python module to create virtual environments  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/82227417:25
opendevreviewMerged openstack/openstack-ansible-os_adjutant master: Filter out Django version  https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/82274517:30
opendevreviewMerged openstack/openstack-ansible-os_adjutant master: Remove static parameter for import  https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/82225617:32
opendevreviewMerged openstack/openstack-ansible master: Replace obsoleted include with import_task/include_task  https://review.opendev.org/c/openstack/openstack-ansible/+/82222717:53
*** akahat|ruck is now known as akahat|out17:57
opendevreviewMerged openstack/openstack-ansible master: Use the python venv module to build the ansible runtime venv  https://review.opendev.org/c/openstack/openstack-ansible/+/82227317:58
spatelanyone here build openstack for HPC environment? I meant work on infiniband network?18:05
spateli am getting involved to build university HPC cluster using Openstack so collecting information18:06
opendevreviewMerged openstack/openstack-ansible master: Use python3.8 for CentOS 8  https://review.opendev.org/c/openstack/openstack-ansible/+/82226018:19
admin1i have this in my log .. '<r1c2_gnocchi_container-33d80ba5> Task "Perform a Gnocchi DB sync" has been omitted from the job because the conditional "["(gnocchi_storage_driver == 'file') | ternary(True, _gnocchi_is_first_play_host)", 'not gnocchi_identity_only | bool']" was evaluated as "False" -- does this mean its not going to do a db sync .. as18:39
admin1the process gets stuck at this state and does not even move ahead .. for hours 18:39
admin1i don't suppose nuking the gnocchi containers and the db and restarting might help ? 18:52
admin1nuking the containers is also the same .. stuck in the db sync ...     Task "Perform a Gnocchi DB sync" has been omitted from the job because the conditional "["(gnocchi_storage_driver == 'file') | ternary(True, _gnocchi_is_first_play_host)", 'not gnocchi_identity_only | bool']" was evaluated as "False"19:38
admin1i have one queestion .. if i set db storage driver = file , there are 3 controllers .. does gnocchi save the files in the container itself ? 19:38
admin1and if that is the case, won't the files be in one and not in another based on which api server creates it 19:38
admin1unless the gnocchi fs is on nfs mount or something 19:38
admin1i opened up a bug report  .. https://bugs.launchpad.net/openstack-ansible/+bug/1955676 19:42
*** dviroel is now known as dviroel|brb19:57
*** dviroel|brb is now known as dviroel20:20
*** dviroel is now known as dviroel|out20:23
admin1noonedeadpunk, when you have time, can you please view this ? https://bugs.launchpad.net/openstack-ansible/+bug/1955676 ...     i am kind of stuck 20:57
admin1well, not kind of stuck . but really stuck :) 20:57
jrosser_admin1: you’ve followed this? https://docs.openstack.org/openstack-ansible-ceph_client/latest/configure-ceph.html#configure-os-gnocchi-with-ceph-client21:03
admin1jrosser_, yes and ceph itself is not an issue .. its failing to create database when installing 21:11
jrosser_then I would try running the db setup command manually21:12
jrosser_these usually produce output, or have verbose flags, or write stuff to the system log21:12
admin1doing it manually you mean ? 21:13
admin1first it got stuck here, so i took the gnocchi db backup, and then deleted the gnocchi user and database .. and then deleted the containers .. so that everything is like new .. but it gets stuck in the same place .. like its not even trying to do anything 21:14
admin1i will check how to do a manual db setup .. and see if its stuck in something 21:14
admin1the error says that step has been omitted  .. if that is  what it says its doing ..21:15
jrosser_not quite21:16
jrosser_it is only omitted on your second and third controllers21:17
jrosser_“is_first_play_host” is your clue there21:18
jrosser_this should be done once, on the first host that is targeted21:18
admin1the file where this is done is /etc/ansible/roles/os_gnocchi/tasks/gnocchi_db_sync.yml  . . .. i will try to capture the output and then display it 21:19
jrosser_well that’s just one command it runs21:20
jrosser_that you can do easily yourself in a terminal to try to see why it does not work21:21
admin1well, i do not know fully what this is supposed to be .. {{ gnocchi_db_sync_options }} 21:21
jrosser_use codesearch21:21
admin1RuntimeError: Redis Python module is unavailable21:29
admin1ok .. so i found my culprit21:29
admin1codesearch is in my bookmarks now :) 21:31
admin1i updated the bug to mark it as invalid 21:33
admin1actually, i am going to mark it as a bug and submit a patch for it 21:55
*** sshnaidm is now known as sshnaidm|afk21:57
opendevreviewSashi Dahal proposed openstack/openstack-ansible-os_gnocchi master: when incoming driver used is redis - which is typical in big/public cloud deployments, without this package, the installation is stuck on db sync operation and never times out  https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/82286022:17
opendevreviewSashi Dahal proposed openstack/openstack-ansible-os_gnocchi master: add redis package to gnocchi.  https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/82286022:21
opendevreviewJames Denton proposed openstack/openstack-ansible-os_ironic master: Remove glance_api_servers from ironic.conf  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/82283922:24
« Wednesday, 2021-12-22 Index Friday, 2021-12-24 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!