| *** arxcruz is now known as arxcruz|ruck | 08:06 | |
| noonedeadpunk | admin1: you will need to override fully `haproxy_glance_api_service` https://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/haproxy/haproxy.yml#L152-L162 | 08:24 |
|---|---|---|
| admin1 | noonedeadpunk, do you see any issues if its changed to tcp ( which solved the issue) from current http ? | 08:40 |
| noonedeadpunk | except it's nasty? | 08:43 |
| noonedeadpunk | oh, well, and not sure how TLS will be handled then as well | 08:44 |
| noonedeadpunk | since you would need to configure glance to terminate SSL | 08:44 |
| noonedeadpunk | And eventually I have some feeling that issue is in different place there tbh. | 08:44 |
| noonedeadpunk | and maybe disabling uwsgi for glance would also solve that | 08:45 |
| noonedeadpunk | (which is super easy to do with overriding a single variable) | 08:45 |
| admin1 | as i am using packer from my system and the cluster is remote, i did not got any ssl issues .. | 08:55 |
| noonedeadpunk | so you have only http endpoint from keystone catalog prespective? | 08:56 |
| noonedeadpunk | even public one? | 08:56 |
| admin1 | its https:// .. curl https://cloud.domain.io:9292 -- returns fine without giving me any ssl errors | 08:58 |
| admin1 | since nova -> glance is happening in the backend, i think it could also be safe to change the backend to tcp and frontend to keep it in http | 09:06 |
| admin1 | noonedeadpunk, i opened this yesterday to check what could be the best solution to fix this .. https://bugs.launchpad.net/openstack-ansible/+bug/1965986 | 09:08 |
| noonedeadpunk | but for tcp haproxy does not handle SSL termination, which makes me really wondering how it's working | 09:09 |
| admin1 | one thing i did notice, when you asked me about public endpoints is, when i do an endpoint list and filter out public, everything is in https:// except alarming (aodh) which added itself in http:// .. not sure if its how its working or a bug | 09:11 |
| noonedeadpunk | I guess it's bug | 09:49 |
| noonedeadpunk | or maybe it was created long time ago and since you don't use aodh wasn't updated or dropped | 09:50 |
| noonedeadpunk | yeah, saw that bug you created:) | 09:50 |
| noonedeadpunk | But I personally catched same, when haven't defined chunk size for cinder, but you're creating image from local drive, which means it's unrelated to what I saw | 09:51 |
| admin1 | its 24.0.1 tag .. new install | 10:03 |
| noonedeadpunk | oh | 10:43 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_aodh master: Use openstack uri proto https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/834845 | 10:51 |
| noonedeadpunk | admin1: ^ | 10:51 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_aodh master: Remove keystone_authtoken section for aodh https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/571402 | 11:12 |
| *** dviroel|out is now known as dviroel | 11:19 | |
| opendevreview | Merged openstack/openstack-ansible-rabbitmq_server master: Verify if hosts file already managed with OSA https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/828929 | 12:14 |
| opendevreview | Merged openstack/openstack-ansible-rabbitmq_server master: Remove affecting rabbitmq hosts record https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/830172 | 12:14 |
| jrosser | why is it only centos fails on rally | 12:41 |
| jrosser | The conflict is caused by: osprofiler 3.4.2 depends on PrettyTable>=0.7.2 The user requested (constraint) prettytable===2.0.0 | 12:41 |
| jrosser | it's caused by openstack_requirements/tests/files/upper-constraints.txt disagreeing with openstack / rally-openstack/upper-constraints.txt | 12:43 |
| noonedeadpunk | jrosser: I was pushing commit to change that but it wasn't accepted | 12:48 |
| jrosser | i'm not really seeing how it breaks | 12:49 |
| noonedeadpunk | https://review.opendev.org/c/openstack/requirements/+/821388 | 12:49 |
| jrosser | rally has it's own venv and we don't install much into it | 12:49 |
| noonedeadpunk | I think it's kind of missmatch of PrettyTable vs prettytable that pip resolver gets confused aout | 12:49 |
| noonedeadpunk | while it's still same package in fact and jsut redirect exist | 12:50 |
| jrosser | oooooh thats horrid | 12:50 |
| jrosser | i was wondering what it was that is pulling osprofier into the rally venv | 12:51 |
| admin1 | noonedeadpunk, thanks .. i will try the patch and +1 | 12:52 |
| jrosser | hmm https://github.com/openstack/rally-openstack/blob/master/requirements.txt#L13 | 12:53 |
| jrosser | and then why only this breaks on centos :( | 12:54 |
| noonedeadpunk | maybe because of python 3.6? | 12:55 |
| noonedeadpunk | just a guess though | 12:56 |
| jrosser | could be - though should the resolver care about if it is just downloading vs. building wheels | 12:57 |
| noonedeadpunk | hm, might be... but then it also evaluates requirements and constraints as well? Not sure though | 13:02 |
| jrosser | oh i am making a stuipd mistake | 13:02 |
| jrosser | looking at the wrong logfile /o\ | 13:02 |
| jrosser | it is actually this pip._internal.exceptions.DistributionNotFound: No matching distribution found for futures>=3.0; python_version == "3.6" | 13:02 |
| jrosser | this is back to powervm stuff on stable/xena | 13:03 |
| noonedeadpunk | oh, yep | 13:03 |
| noonedeadpunk | this one was merged | 13:03 |
| jrosser | ERROR: Could not find a version that satisfies the requirement futures>=3.0; python_version == "3.6" (from pypowervm) | 13:04 |
| noonedeadpunk | I bet we should just backport https://review.opendev.org/c/openstack/requirements/+/832131 ? | 13:04 |
| jrosser | feels like it if the W version is that last one that works | 13:05 |
| jrosser | yep that should do it | 13:07 |
| noonedeadpunk | already did https://review.opendev.org/c/openstack/requirements/+/834724 | 13:07 |
| jrosser | i think we need to land a requirements bump on master as the same futures thing is failing here https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/824405 | 13:33 |
| spatel | my one of mariadb node die with oom and now when i restarting getting this error, any idea? - https://paste.opendev.org/show/bKlxSDCeTwkzjXr1XSOc/ | 13:38 |
| noonedeadpunk | spatel: you have lines being split? | 13:54 |
| noonedeadpunk | I bet ` WSREP: Failed to start mysqld for wsrep recovery` is not full | 13:55 |
| spatel | noonedeadpunk this is what i did to fix rm -fr /var/lib/mysql/* | 13:55 |
| spatel | systemctl start mariadb | 13:55 |
| spatel | now its back in cluster | 13:55 |
| noonedeadpunk | pretty radical | 13:56 |
| spatel | yes.. i tried everything to fix but then thought this is the last option left :( | 13:56 |
| spatel | but glad this option works | 13:57 |
| jrosser | noonedeadpunk: can you do a sha bump for master? | 13:59 |
| noonedeadpunk | sure | 13:59 |
| jrosser | we just missed getting the futures requriements patch in last time i think | 14:00 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump SHAs for master https://review.opendev.org/c/openstack/openstack-ansible/+/834889 | 14:20 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-os_aodh master: Use common service setup tasks from a collection rather than in-role https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/824405 | 14:27 |
| *** dviroel is now known as dviroel|lunch | 15:36 | |
| *** dviroel|lunch is now known as dviroel | 16:46 | |
| spatel | NeilHanlon hey! | 18:59 |
| spatel | In this doc related octavia ingress controller - https://superuser.openstack.org/articles/guide-octavia-ingress-controller-for-kubernetes/ | 19:00 |
| spatel | What is this certificate for? | 19:01 |
| NeilHanlon | looks to be for mTLS spatel | 19:37 |
| spatel | TLS between k8s and octavia? | 19:39 |
| spatel | That doc is little cryptic.. | 19:39 |
| johnsom | Yeah, it looked to me like the ingress controller code is doing mutual TLS authentication with the K8S API, but I am not 100% sure either as I have not deployed this. | 19:40 |
| spatel | what are those user/name/project etc.. for? assuming its for octavia authentication | 19:40 |
| johnsom | Maybe the video presentation at the bottom fills in some answers. (I haven't watched it a while) | 19:41 |
| spatel | I saw that video and it has lots of steps un-explained :) | 19:41 |
| spatel | no sure i need to do everything or just part of it.. | 19:42 |
| spatel | I am surprised on there is no good doc about this step (I meant only that link show up when i google :) ) | 19:42 |
| spatel | look like not many folks using octavia with k8s | 19:43 |
| johnsom | Well, not many that are hanging out on chat maybe. | 19:44 |
| spatel | lol.. i am talking about in google search :) | 19:45 |
| spatel | very few or none talking about integration of octavia with k8s ( some folks using dedicated nginx for this task which is yike) | 19:46 |
| spatel | anyway lets me try all those steps and see where i am going to get stuck | 19:46 |
| *** dviroel is now known as dviroel|afk | 20:59 | |
| *** dviroel|afk is now known as dviroel\ | 23:44 | |
| *** dviroel\ is now known as dviroel | 23:44 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!