| noonedeadpunk | mornings | 07:18 |
|---|---|---|
| kleini | morning | 07:20 |
| jrosser_ | morning | 07:25 |
| jrosser_ | noonedeadpunk: looks like we make a mistake - see 823785 and 823786 | 07:56 |
| noonedeadpunk | damn... that's unlucky | 07:58 |
| noonedeadpunk | means we still need to implement tls auth for ssh :( | 07:58 |
| jrosser_ | yes i think it does - though we probably also need that anyway for keystone | 08:16 |
| jrosser_ | i also cleaned up many many old patches last week so the dashboard is a bit less cluttered | 08:17 |
| noonedeadpunk | it indeed looks awesome! Sorry, I was taking time away previous week, I should have stated that but forgot and then was not able to as had super limited connectivity ( | 08:18 |
| noonedeadpunk | I see you also played with RH9 ?:) | 08:19 |
| jrosser_ | yeah actually i'm just hacking on it now | 08:24 |
| jrosser_ | no official mariadb so i need a DNM patch to make it use the distro one for now | 08:24 |
| jrosser_ | but i think that a metal deploy might be not so hard | 08:24 |
| jrosser_ | i backported the glance/nfs test changes to X and W for your boto3 patches | 08:25 |
| jrosser_ | W and V i mean | 08:25 |
| noonedeadpunk | it wasn't mine but I just voted :) | 08:26 |
| jrosser_ | then also we did have a very long discussion about rocky linux in the slot which would have been the meeting last week | 08:26 |
| jrosser_ | maybe worth going back over that in the irc logs | 08:27 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/victoria: Add nfs deployment scenario https://review.opendev.org/c/openstack/openstack-ansible/+/823538 | 08:27 |
| noonedeadpunk | gotcha | 08:27 |
| noonedeadpunk | well... I can hardly resist if Rocky TLs are around and ready to help out and solve OS-related issues we might face. Considering effort is not huge (and it shouldn't be) we can probably add some experimental support for it | 08:33 |
| jrosser_ | agreed | 08:33 |
| jrosser_ | and looks like infra images are currently WIP for that too | 08:33 |
| noonedeadpunk | yeah, sure, images should be around as well) | 08:34 |
| jrosser_ | just minor issue if we wish to remove centos-8 support this cycle, and what that means | 08:34 |
| jrosser_ | like we already start to merge those chagnes | 08:34 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server stable/xena: Allow galera_address to be FQDN https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/823839 | 08:38 |
| noonedeadpunk | oh, it's not minor actually. For some reason I thought they have based on rhel9 as well :( | 08:40 |
| noonedeadpunk | because what we need is py38 and selinux bindings for it | 08:40 |
| noonedeadpunk | I wonder if that is smth they can fix... | 08:41 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible master: Add defaults for TLS 1.3 and rename TLS <= 1.2 variable https://review.opendev.org/c/openstack/openstack-ansible/+/823943 | 08:42 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-haproxy_server master: Adjust default configuration to support TLS v1.3 https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/823944 | 08:43 |
| noonedeadpunk | ah, ok, we somehow workarounded libselinux requirement.... | 08:49 |
| noonedeadpunk | I fully forgot everything we merged last year after release :D | 08:49 |
| noonedeadpunk | I think we haven't used any specifci topic for clean-up patches this time? | 08:52 |
| noonedeadpunk | I found https://review.opendev.org/c/openstack/openstack-ansible/+/820854 but there's nothing usefull | 08:53 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-haproxy_server master: Adjust default configuration to support TLS v1.3 https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/823944 | 09:02 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-os_keystone master: Adjust default configuration to support TLS v1.3 https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/823945 | 09:02 |
| noonedeadpunk | also, I guess that Rocky we will be able to distinguish by some fact, other then version number comparing to stream? | 09:05 |
| noonedeadpunk | worth testing though | 09:05 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-os_horizon master: Adjust default configuration to support TLS v1.3 https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/823946 | 09:08 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-os_barbican master: Remove SSL variables which appear to be unused https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/823957 | 10:54 |
| jrosser_ | i wonder how i get a rabbitmq for centos-9 | 10:58 |
| jrosser_ | looks like we need this https://github.com/ansible-community/ansible-lint/issues/1795 | 11:19 |
| *** dviroel|afk is now known as dviroel | 11:22 | |
| noonedeadpunk | hopefully ansible-lint will be released soon :p | 11:23 |
| noonedeadpunk | but I already saw that, yes | 11:24 |
| noonedeadpunk | rabbit for centos 9 is interesting indeed... | 11:41 |
| noonedeadpunk | can't find a thing now :( | 11:42 |
| jrosser_ | no, i'm not finding anything either | 11:43 |
| noonedeadpunk | Oh, but for stable branches I guess we would need to bump rich indeed | 11:44 |
| noonedeadpunk | so yes, probably easier just to bump reach | 11:48 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Fix reach version for ansible-lint https://review.opendev.org/c/openstack/openstack-ansible/+/823971 | 11:53 |
| damiandabrowski[m] | Hey guys! I'm working on a few improvements to tempest and I'm thinking about dropping the possibility to create private network and a router by tempest role. | 12:05 |
| damiandabrowski[m] | These resources are only needed to be created when tempest_create_isolated_networks=false. But if someone does not want to create them by tempest itself, they probably shouldn't be created by tempest role at all and be fully managed by an user. | 12:05 |
| damiandabrowski[m] | https://opendev.org/openstack/openstack-ansible-os_tempest/src/branch/master/tasks/tempest_resources.yml#L149 | 12:05 |
| damiandabrowski[m] | What do You think? Is it ok also from the tripleO perspective? arxcruz chandankumar | 12:05 |
| jrosser_ | chandankumar: i see some centos-9 jobs in tripleo - do you know how much that works? i can't even find a rabbitmq for it..... | 12:05 |
| chandankumar | jrosser_: one min, | 12:06 |
| chandankumar | jrosser_: https://logserver.rdoproject.org/openstack-periodic-integration-main-cs9/opendev.org/openstack/tripleo-ci/master/periodic-tripleo-ci-build-containers-centos-9-push-master/19a35f8/logs/container-builds/cdbde7fa-9093-470b-848a-1d62c1143836/base/rabbitmq/rabbitmq-build.log | 12:07 |
| chandankumar | rabbitmq-server x86_64 3.9.10-1.el9s centos9-rabbitmq 14 M | 12:07 |
| chandankumar | jrosser_: repos : https://opendev.org/openstack/tripleo-quickstart/src/branch/master/config/release/tripleo-ci/CentOS-9/promotion-testing-hash-master.yml#L80 | 12:08 |
| chandankumar | here are the list of repos we are using | 12:08 |
| noonedeadpunk | hm, don't see centos9-rabbitmq there... is it part of rdo? | 12:09 |
| chandankumar | jrosser_: cs9 pipeline is working fine on tripleo side | 12:09 |
| chandankumar | noonedeadpunk: https://trunk.rdoproject.org/centos9-master/delorean-deps.repo | 12:09 |
| chandankumar | few of the packages are not yet built by sig | 12:09 |
| chandankumar | RDO team builts it and maintaining it | 12:09 |
| jrosser_ | does that mean that the rabbit packages are coming from the rdo repo | 12:09 |
| chandankumar | yes | 12:10 |
| jrosser_ | ahha | 12:10 |
| chandankumar | damiandabrowski[m]: we use it in tripleo side | 12:14 |
| chandankumar | may be you can make it optional for your use case | 12:15 |
| damiandabrowski[m] | thanks for Your input! | 12:25 |
| damiandabrowski[m] | Is there any reason why do we set `haproxy_balance_alg: source` for some services?(adjutant_api, ceph-rgw, cloudkitty_api, glance_api, horizon, nova_console, sahara_api, swift_proxy, zun_console). | 12:27 |
| damiandabrowski[m] | We are using stick tables for each backend by default anyway, so I think we can leave the default("leastconn") value everywhere. | 12:27 |
| jrosser_ | chandankumar: i think i'm missing something, it's coming from a repo centos9-rabbitmq but i can't find where thats defined | 12:31 |
| chandankumar | jrosser_: https://trunk.rdoproject.org/centos9-master/delorean-deps.repo | 12:31 |
| chandankumar | [centos9-rabbitmq] | 12:32 |
| jrosser_ | :) | 12:32 |
| jrosser_ | its like right in front of me all the time! | 12:32 |
| jrosser_ | thankyou | 12:32 |
| noonedeadpunk | hm, I was under impression that in test-requirements you can use whatever you want and not only stuff from global-requirements | 12:45 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Fix reach version for ansible-lint https://review.opendev.org/c/openstack/openstack-ansible/+/823971 | 12:53 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Fix rich version for ansible-lint https://review.opendev.org/c/openstack/openstack-ansible/+/823971 | 12:53 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Update ansible-lint version https://review.opendev.org/c/openstack/openstack-ansible/+/823979 | 12:54 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-galera_server master: DNM - Add support for centos-9 https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/823983 | 13:29 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-rabbitmq_server master: DNM - Add support for centos-9 https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/823985 | 13:30 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: WIP - Centos-9 Stream support https://review.opendev.org/c/openstack/openstack-ansible/+/823417 | 13:31 |
| jrosser_ | noonedeadpunk: something else missing from centos-9 is xinetd, which we use in galera | 13:37 |
| jrosser_ | it looks like we could modernise that to use a systemd socket service for the cluster heathcheck | 13:37 |
| jamesdenton | jrosser_ noonedeadpunk is there any appetite to resurrect this patch in some form? https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/381049. Testing (at a minimum) inspection and deployment of a "baremetal" VM with Ironic in CI | 13:39 |
| jamesdenton | I have virtualbmc and inspection working, but the role has changed a bit since that patch. | 13:39 |
| jrosser_ | jamesdenton: if it becomes some sort of reference for how ironic should work then i think it's really valuable | 13:40 |
| jamesdenton | it could represent at least one way of doing it. Might be able to get the 'neutron' piece working if OVS is used. | 13:40 |
| jrosser_ | currently our ironic role is a bit like magnum, in that you can deploy it but then some other unspecified stuff is needed to be useful | 13:40 |
| jamesdenton | right, ok | 13:40 |
| jrosser_ | yeah, and we can point to what you might want outside an AIO with the generic switch things | 13:41 |
| jamesdenton | it looks like testing is kicked off with this manual process: https://github.com/openstack/openstack-ansible-os_ironic/blob/master/manual-test.rc | 13:43 |
| jamesdenton | should we keep that process or try to test in CI? | 13:43 |
| jamesdenton | like, deploy this baremetal VM and ping it, sort of thing | 13:44 |
| jrosser_ | oh thats all old stuff which would have needed openstack-ansible-tests | 13:44 |
| jrosser_ | i think thats completely out of date | 13:44 |
| jamesdenton | ok | 13:44 |
| jrosser_ | ideally there is an existing tempest test which does what you describe | 13:44 |
| jrosser_ | then we could use that directly | 13:44 |
| jamesdenton | https://github.com/openstack/ironic-tempest-plugin/tree/master/ironic_tempest_plugin/tests/scenario | 13:45 |
| jrosser_ | BaremetalBasicOps looks reasonable | 13:46 |
| jamesdenton | yep | 13:46 |
| jrosser_ | theres been some possibly related chatter around the cirros image | 13:47 |
| jrosser_ | i don't know if thats suitable | 13:47 |
| jamesdenton | i don't see why not. | 13:47 |
| jamesdenton | it's the ramdisk image for deployment/introspection that is more troublesome - it will likely require ~2-2.5GB RAM | 13:48 |
| jamesdenton | i'm running 8GB for a local AIO and there's barely room, but it works | 13:48 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible master: Add defaults for TLS 1.3 and rename TLS <= 1.2 variable https://review.opendev.org/c/openstack/openstack-ansible/+/823943 | 13:52 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible master: Fix definition of ssl_protocol https://review.opendev.org/c/openstack/openstack-ansible/+/823990 | 13:52 |
| noonedeadpunk | btw I jsut commented other ironic related [atches | 13:54 |
| jamesdenton | thanks | 13:55 |
| mgariepy | happy new year everyone ! | 13:58 |
| mgariepy | (only 10 days late) | 13:59 |
| noonedeadpunk | \o/ | 14:00 |
| damiandabrowski[m] | happy new year! | 14:01 |
| mgariepy | how are you guys doing ? | 14:03 |
| opendevreview | James Denton proposed openstack/openstack-ansible master: Add Ironic-related bridges to AIO https://review.opendev.org/c/openstack/openstack-ansible/+/823426 | 14:03 |
| jamesdenton | noonedeadpunk so on that failed upgrade job(s), the br-ironic bridge is not being built, so there is nothing for the IP to bind to. That bridge is added via the dependency patch. The non-upgrade jobs work, though | 14:14 |
| opendevreview | James Denton proposed openstack/openstack-ansible-os_ironic master: Update Ironic Inspector for Metal Deployments https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/821503 | 14:17 |
| noonedeadpunk | ah | 14:19 |
| jamesdenton | damiandabrowski[m] at one point in time i was trying to make resource creation for tempest a bit more... strategic. Never finished. https://review.opendev.org/c/openstack/openstack-ansible/+/733894. There is an override, tempest_default_role_resources, that if set to 'no' won't deploy the resources in the role so OSA (or whoever) can create their own. | 14:20 |
| jamesdenton | noonedeadpunk does that upgrade vs non-upgrade ring any kind of bell? | 14:20 |
| noonedeadpunk | jamesdenton: yeah, as bootstrap-aio is run in Release-1 | 14:21 |
| noonedeadpunk | so we need aio be able to build brdiges on X to make upgrade jobs work | 14:21 |
| jamesdenton | so this needs to merge and backport? https://review.opendev.org/c/openstack/openstack-ansible/+/823426 | 14:22 |
| noonedeadpunk | yep either that or make upgrade jobs NV | 14:22 |
| jamesdenton | meh, it can probably wait | 14:23 |
| damiandabrowski[m] | jamesdenton: thanks, I've made it like this, which allows You to select which resources You want to spawn: https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/803477 | 14:24 |
| damiandabrowski[m] | but it needs few improvements though, I'm working on it | 14:24 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-os_horizon master: Adjust default configuration to support TLS v1.3 https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/823946 | 14:30 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-os_keystone master: Adjust default configuration to support TLS v1.3 https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/823945 | 14:30 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-os_keystone master: Fix ordering error enabling/disabling Apache modules https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/824000 | 14:30 |
| Adri2000 | hello! I wonder if I'm the only one annoyed with journal-remote logs not being rotated automatically? (that's on Ubuntu 18.04) - basically logs in /var/log/journal/remote/ do not get rotated/vaccumed automatically, this is the bug report I think: https://github.com/systemd/systemd/issues/5242 - I've been running a cron job with 'journalctl --vacuum-size=... -D | 14:44 |
| Adri2000 | /var/log/journal/remote/' as a workaround for some time but well... is there an actual solution or a better workaround? do you think we should add this in OSA until the systemd bug gets fixed? | 14:44 |
| opendevreview | James Denton proposed openstack/openstack-ansible master: Add Ironic-related bridges to AIO https://review.opendev.org/c/openstack/openstack-ansible/+/823426 | 14:50 |
| damiandabrowski[m] | Adri2000: yeah, I'm also affected :| so I added `journalctl -D /var/log/journal/remote --vacuum-size=5T` to my crontab | 14:55 |
| Adri2000 | happy to see I'm not alone :) | 15:01 |
| *** dviroel is now known as dviroel|lunch | 15:02 | |
| noonedeadpunk | maybe we should fix that with systemd-timer deployed by playbook? | 15:56 |
| damiandabrowski[m] | if focal is still affected(which i will be able to check by the end of the month) it may be a good idea | 15:59 |
| damiandabrowski[m] | I'm going to spend some time with this playbook anyway(planning to add a support for sending journal to multiple log hosts) | 16:00 |
| *** dviroel|lunch is now known as dviroel | 16:07 | |
| noonedeadpunk | Eventually we have one more interested party to use it outside of the OSA ;) So I was thinking to suggest to move it to it's own role so it can be re-used. | 16:13 |
| noonedeadpunk | Or make some ops collection maybe, but not sure | 16:13 |
| noonedeadpunk | worth discussing on the meeting :) | 16:14 |
| damiandabrowski[m] | okok | 16:21 |
| *** Guest2 is now known as prometheanfire | 16:35 | |
| jamesdenton | Seeing this error pretty consistently on linters: ImportError: cannot import name 'render_group' from 'rich.console'. Any suggestions? | 16:59 |
| jamesdenton | https://zuul.opendev.org/t/openstack/build/a4010140ff50405092adceb0b27f28b4 | 16:59 |
| damiandabrowski[m] | maybe I'm wrong but i thought it was created to fix this issue: https://review.opendev.org/c/openstack/openstack-ansible/+/823979 | 17:19 |
| jrosser_ | yes thats it | 17:20 |
| jrosser_ | jamesdenton: you should vote on that :) | 17:20 |
| jrosser_ | oh wait | 17:20 |
| jrosser_ | thats stacked on another patch | 17:21 |
| opendevreview | Jonathan Rosser proposed openstack/ansible-role-systemd_service master: Suppress 'Service' directive if ListenStream is specified https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/824041 | 17:50 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-galera_server master: Convert xinetd clustercheck to systemd socket service https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/824042 | 17:59 |
| *** odyssey4me is now known as Guest135 | 17:59 | |
| *** dviroel is now known as dviroel|out | 21:28 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!