| *** dviroel is now known as dviroel|out | 00:04 | |
| spatel | what do we think about this bug? - https://bugs.launchpad.net/openstack-ansible/+bug/1969473 | 02:10 |
|---|---|---|
| *** ysandeep|out is now known as ysandeep | 03:31 | |
| *** ysandeep is now known as ysandeep|lunch | 08:47 | |
| jrosser_ | morning | 09:07 |
| *** ysandeep|lunch is now known as ysandeep | 09:29 | |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-os_ironic master: Allow redhat vars file to over different RHEL derivatives https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/844021 | 09:36 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-os_ironic master: Allow redhat vars file to cover different RHEL derivatives https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/844021 | 10:01 |
| opendevreview | shahab taee proposed openstack/openstack-ansible-os_neutron stable/victoria: custom configuration for vpnaas https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/844030 | 11:03 |
| *** ysandeep is now known as ysandeep|break | 11:03 | |
| *** ysandeep|break is now known as ysandeep | 11:19 | |
| mgariepy | morning jrosser_ | 11:22 |
| jrosser_ | hello | 11:22 |
| mgariepy | want to laught ? | 11:22 |
| mgariepy | https://paste.openstack.org/show/byfnUEcXnbCXzj4VSMJS/ | 11:22 |
| jrosser_ | oh man | 11:23 |
| jrosser_ | so after_targets for systemd_service role should be a list then | 11:24 |
| mgariepy | yep i guess so :D | 11:24 |
| opendevreview | Marc Gariépy proposed openstack/openstack-ansible-galera_server master: Provide a list for systemd_service. https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/844037 | 11:26 |
| mgariepy | computer is hard lol | 11:27 |
| mgariepy | it's kinda weird that sometimes it works.. | 11:29 |
| mgariepy | but it might be just because of the race condition tho. | 11:29 |
| *** dviroel|out is now known as dviroel | 11:29 | |
| mgariepy | not sure how systemd cope with non-existent service in After= :/ | 11:30 |
| mgariepy | jrosser_, https://github.com/openstack/openstack-ansible-galera_server/blob/master/tasks/galera_server_post_install.yml#L60-L61 | 11:32 |
| mgariepy | not sure it does make a lot of sense to have the same list in both. | 11:33 |
| jrosser_ | i think it's like firewall rules | 11:33 |
| jrosser_ | where the first rule is always to deny * | 11:33 |
| mgariepy | the socket allow connection from haproxy on the host, but the service should only allow from localhost i guess since the local socker will connect ? | 11:34 |
| jrosser_ | for an AIO it should come out like this https://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/galera_all.yml#L33-L39 | 11:36 |
| jrosser_ | this is really the ACL for which things we allow to connect to the healthcheck itself, so has to include all the LB nodes | 11:36 |
| mgariepy | from my previous paste it's not quite working then | 11:37 |
| mgariepy | hmm it's working it's in user_variable. | 11:38 |
| jrosser_ | oh https://opendev.org/openstack/openstack-ansible/src/branch/master/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2#L32 | 11:38 |
| jrosser_ | i wonder why we do that | 11:38 |
| opendevreview | Marc Gariépy proposed openstack/openstack-ansible stable/wallaby: [DNM] test default galera_monitoring_allowed_source https://review.opendev.org/c/openstack/openstack-ansible/+/844040 | 11:40 |
| opendevreview | Marc Gariépy proposed openstack/openstack-ansible stable/wallaby: [DNM] test default galera_monitoring_allowed_source https://review.opendev.org/c/openstack/openstack-ansible/+/844040 | 11:41 |
| opendevreview | shahab taee proposed openstack/openstack-ansible-os_neutron master: custom configuration for vpnaas https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/844041 | 11:49 |
| jrosser_ | noonedeadpunk: ^ new contributor patch there but i don't know much about vpnaas...... | 12:06 |
| jrosser_ | looks like we never updated openstack-ansible-tests to use python3.8 on centos | 12:21 |
| mgariepy | hmm.. | 12:45 |
| mgariepy | https://github.com/openstack/openstack-ansible/blob/master/playbooks/defaults/repo_packages/openstack_services.yml | 12:45 |
| mgariepy | why so many yoga in the master repo ? :/ | 12:45 |
| mgariepy | scratch that. i realized that z is not yet released.. and yoga is not also for osa .. lol :D | 12:51 |
| *** ysandeep is now known as ysandeep|afk | 12:53 | |
| SiavashSardari | @jrosser_, He is my colleague, we needed to have some logs for each vpn site connection. vpnaas has some configs for each driver which allows the driver (strongswan in our case) uses a predefined template for generating the configuration files for each site conn. | 12:56 |
| SiavashSardari | he is off for the rest of the day, I will help him join the irc tomorrow so he can clarify more | 12:58 |
| opendevreview | Marc Gariépy proposed openstack/openstack-ansible master: Add mistra-extra repo https://review.opendev.org/c/openstack/openstack-ansible/+/844048 | 12:59 |
| jrosser_ | SiavashSardari: are those templates suitable to carry in the role? I think noonedeadpunk is maybe also using vnpaas so it would be good to make sure we make it as universal as possible, whilst also having good sensible defaults that work out-of-the-box | 13:00 |
| opendevreview | Marc Gariépy proposed openstack/openstack-ansible-os_mistral master: Add mistra-extra in the mistral venv https://review.opendev.org/c/openstack/openstack-ansible-os_mistral/+/844049 | 13:01 |
| * jrosser_ curses selinux | 13:01 | |
| SiavashSardari | we didn't intend them to be carry in the role, the copy template accepts absolute path. we added the files in /etc/openstack_deploy dir | 13:01 |
| mgariepy | jrosser_, https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf | 13:01 |
| jrosser_ | SiavashSardari: sure, i saw. like i say i don't use vpnaas so am not in a great position to comment | 13:02 |
| jrosser_ | extra documentation would be great though :) | 13:02 |
| SiavashSardari | sure it is kinda vague, we should add some documents too. | 13:04 |
| jrosser_ | mgariepy: thats totally cleared it up for me :) | 13:04 |
| mgariepy | i know right ? | 13:05 |
| mgariepy | lol | 13:05 |
| mgariepy | that's how i train my kids to selinux ! | 13:05 |
| SiavashSardari | @mgariepy, :)) the coloring book is awesome, and i'm learning more than i wanna admit :)) | 13:06 |
| SiavashSardari | @jrosser_, I have some questions about CURRENT_OSA_VERSION in https://opendev.org/openstack/openstack-ansible/src/branch/master/scripts/bootstrap-ansible.sh#L150, would you help me please? | 13:09 |
| jrosser_ | i can try :) | 13:09 |
| SiavashSardari | let me start by a bit of how we used osa, we used osa as our boilerplate and have added more to the playbooks and role requirements for log, monitoring, etc. and that will mess with the CURRENT_OSA_VERSION everytime we bootstrap | 13:11 |
| jrosser_ | ok | 13:12 |
| SiavashSardari | so after every run of the bootstrap script we have to run the utulity_install.yml and the old venv_tag won't be valid any more | 13:13 |
| SiavashSardari | so every wheel should get created from scratch, again | 13:13 |
| jrosser_ | i guess i would advise not to modify what is in the openstack-ansible directory really | 13:13 |
| jrosser_ | if you want to overlay logging and monitoring that can be done in a seperate directory | 13:14 |
| SiavashSardari | actually, now I couldn't agree with you more. but unfortunately when we started we didn't know as much as we do now. | 13:15 |
| jrosser_ | you may be able to unwind this | 13:16 |
| SiavashSardari | maybe but I think we used too many osa related variables in our repo. but your right this worth a try | 13:18 |
| jrosser_ | perhaps | 13:18 |
| jrosser_ | you know that the inventory should be valid and work in other directories, something like /opt/openstack-ansible-extras or whatever you want to call it | 13:19 |
| jrosser_ | this is how the stuff in https://github.com/openstack/openstack-ansible-ops works | 13:19 |
| jrosser_ | we deploy our ELK stack from there ^^^ without it being in the openstack-ansible repo at all | 13:19 |
| jrosser_ | i just tested making a /opt/openstack-ansible-extras/playbooks/test.yml and ran it with --list-hosts and it showed the proper inventoty | 13:20 |
| SiavashSardari | anyway just more universal question is if i wanna use our won repo for one of the services (for example neutron) in openstack_services.yml. changing that would cause the venv_tag to change and while all of other wheels are valid the should get created again. any idea how to avoid this? | 13:21 |
| jrosser_ | isnt venv-tag a global for the whole deployment? | 13:22 |
| SiavashSardari | @jrosser_, thanks for the hint. | 13:22 |
| jrosser_ | also this is *super* useful https://github.com/openstack/openstack-ansible-ops/tree/master/overlay-inventories | 13:22 |
| jrosser_ | it allows you to bring inventory groups from the OSA inventory into a second inventory, perhaps your monitoring stack | 13:23 |
| jrosser_ | i don't think that venv_tag will get changed if you use a fork of the neutron service, for example | 13:24 |
| SiavashSardari | yeah venv_tag is global. which will slow down other roles that didn't change | 13:24 |
| SiavashSardari | yeah it changes after every commit in osa | 13:25 |
| SiavashSardari | 22.4.1.dev1 | 13:25 |
| SiavashSardari | for example ^^ | 13:25 |
| jrosser_ | right, but there should be no commit necessary to use a fork of neutron | 13:25 |
| jrosser_ | that can all be done in user_variables | 13:25 |
| SiavashSardari | oh yep that's how we should do this. thanks | 13:26 |
| opendevreview | Marc Gariépy proposed openstack/openstack-ansible master: [DNM] test default galera_monitoring_allowed_source https://review.opendev.org/c/openstack/openstack-ansible/+/844053 | 13:26 |
| jrosser_ | SiavashSardari: the openstack_service.yml file is included as ansible variables https://github.com/openstack/openstack-ansible/blob/master/playbooks/os-aodh-install.yml#L33 | 13:28 |
| jrosser_ | so the normal rules of variable precedence will apply to everything in there https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#understanding-variable-precedence | 13:29 |
| *** ysandeep|afk is now known as ysandeep | 13:37 | |
| jrosser_ | SiavashSardari: for the immediate problem you can of course override this in user_variables https://github.com/openstack/openstack-ansible/blob/master/inventory/group_vars/all/all.yml#L17 | 13:38 |
| jrosser_ | but then somehow i think you maybe just digging the hole deeper and deeper! | 13:39 |
| SiavashSardari | yeah i should start to making it right. the sooner the better | 13:41 |
| jrosser_ | hmm i am quite stuck making openstack-ansible-tests work on centos-8s again | 14:17 |
| jrosser_ | running ansible under python3.8 in the tox environments fails in a way that doesnt occur with the openstack-ansible based tests | 14:19 |
| jrosser_ | wrt selinux | 14:19 |
| mgariepy | jrosser_, do you have some logs / a way to reproduce ? | 14:43 |
| jrosser_ | i think just typing that has helped unstick it :) | 14:43 |
| mgariepy | lol ok | 14:44 |
| jrosser_ | a forgot that ansible now handles selinux entirely internally and actually we break things by installing the 'selinux' pip package | 14:44 |
| jrosser_ | also my recent changes to os_keystone need to be accounted for in openstack-ansible-tests | 14:44 |
| *** ysandeep is now known as ysandeep|out | 14:48 | |
| noonedeadpunk | #startmeeting openstack_ansible_meeting | 15:00 |
| opendevmeet | Meeting started Tue May 31 15:00:10 2022 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'openstack_ansible_meeting' | 15:00 |
| noonedeadpunk | #topic rollcall | 15:00 |
| noonedeadpunk | o/ | 15:00 |
| mgariepy | hello | 15:00 |
| noonedeadpunk | hey | 15:00 |
| jrosser_ | hello | 15:00 |
| noonedeadpunk | seems I've missed some discussions | 15:00 |
| mgariepy | how comes i cannot do : openstack workflow list and openstack endpoint list does work ? https://paste.openstack.org/show/bZCjn99FTDJtOsP8mkHr/ | 15:03 |
| jrosser_ | try with --debug and see if it uses the same classes to connect | 15:05 |
| jrosser_ | so we merged centos9s support then | 15:07 |
| mgariepy | centos9s is failing on healthceck mariadb for the service list stuff. | 15:10 |
| mgariepy | https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/844037 | 15:11 |
| noonedeadpunk | #topic office hours | 15:13 |
| noonedeadpunk | sorry got distracted :) | 15:13 |
| noonedeadpunk | so, seems like we landed most of stuff we wanted to for beta? | 15:13 |
| jrosser_ | not jammy yet | 15:14 |
| noonedeadpunk | oh, rly? | 15:14 |
| * jrosser_ checks | 15:14 | |
| jrosser_ | oh merge conflict https://review.opendev.org/c/openstack/openstack-ansible/+/839483 | 15:14 |
| jrosser_ | probably because it touched places very close to the centos-9 addition | 15:14 |
| noonedeadpunk | ah, ok. that's easy part :) | 15:15 |
| noonedeadpunk | do we have some CI broken atm? | 15:15 |
| jrosser_ | yeah | 15:15 |
| jrosser_ | wierdness with galera that mgariepy is looking at | 15:15 |
| jrosser_ | i'm trying to fix openstack-ansible-tests | 15:16 |
| jrosser_ | and i expect there to be some fall-out from the centos9s merge too in the role jobs | 15:19 |
| *** dviroel is now known as dviroel|lunch | 15:22 | |
| noonedeadpunk | well yeah, I guess. But I think we should be able to land beta like tomorrow.... | 15:40 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-tests master: Add SERVICES_BRANCH variable for better control https://review.opendev.org/c/openstack/openstack-ansible-tests/+/843140 | 15:50 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-tests master: Fix python installation for centos 8 stream https://review.opendev.org/c/openstack/openstack-ansible-tests/+/844101 | 15:50 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-tests master: Fix python installation for centos 8 stream https://review.opendev.org/c/openstack/openstack-ansible-tests/+/844101 | 15:54 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-tests master: Add SERVICES_BRANCH variable for better control https://review.opendev.org/c/openstack/openstack-ansible-tests/+/843140 | 15:54 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-tests master: Run main_pre.yml tasks as initial keystone installation step https://review.opendev.org/c/openstack/openstack-ansible-tests/+/844102 | 15:54 |
| jrosser_ | ^ this works locally on c8s but it might need more work for rocky and c9s | 15:55 |
| noonedeadpunk | ok, awesome | 15:59 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-tests master: Fix python installation for centos 8 stream https://review.opendev.org/c/openstack/openstack-ansible-tests/+/844101 | 16:00 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-tests master: Add SERVICES_BRANCH variable for better control https://review.opendev.org/c/openstack/openstack-ansible-tests/+/843140 | 16:00 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Add experimental Ubuntu 22.04 support https://review.opendev.org/c/openstack/openstack-ansible/+/839483 | 16:02 |
| noonedeadpunk | #endmeeting | 16:02 |
| opendevmeet | Meeting ended Tue May 31 16:02:13 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:02 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-05-31-15.00.html | 16:02 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-05-31-15.00.txt | 16:02 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-05-31-15.00.log.html | 16:02 |
| noonedeadpunk | I rebased yammy as well | 16:02 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Add CentOS 9 Stream to supported https://review.opendev.org/c/openstack/openstack-ansible/+/844104 | 16:19 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/xena: [doc] Fix supporeted Debian version for Xena https://review.opendev.org/c/openstack/openstack-ansible/+/844105 | 16:20 |
| *** dviroel|lunch is now known as dviroel | 16:24 | |
| spatel | Quick question, Does covid negative test required to enter Germany by air even you are fully vaccinated? | 17:08 |
| mgariepy | jrosser_, https://paste.openstack.org/show/blipZbgdkylY4XXDcFhj/ | 17:09 |
| mgariepy | mistral client works.. | 17:09 |
| mgariepy | but not the openstackclient :/ | 17:10 |
| jrosser_ | mgariepy: thats hitting two different endpoints isnt it? | 17:18 |
| mgariepy | well.. ti does seems to be quite unmaitained.. | 17:18 |
| jrosser_ | https://172.29.236.101:5000/v3 is working | 17:18 |
| mgariepy | both works. | 17:18 |
| jrosser_ | and https://172.16.0.69:8989/v2/ | 17:18 |
| jrosser_ | ^ this breaks | 17:18 |
| mgariepy | https://github.com/openstack/python-mistralclient/blob/8b9f313e3b9ddf3f057d2bf0a885070adcacb725/mistralclient/osc/plugin.py | 17:18 |
| jrosser_ | seems it uses curl under the hood and the ca store path looks the same | 17:19 |
| mgariepy | the mistralclient code doesn't use the cert.. | 17:19 |
| mgariepy | i thing the curl stuff is only for debuging purpose :D.. | 17:19 |
| jrosser_ | oooh | 17:19 |
| mgariepy | meh. too bad but whatever | 17:20 |
| mgariepy | wow. the code is not that great :D haha | 17:21 |
| jrosser_ | https://github.com/openstack/python-mistralclient/blob/63e20bff29f1765b3953e0165ebd8a7aab0b6a87/mistralclient/api/httpclient.py#L28 | 17:23 |
| jrosser_ | it is pretty surprising that a lot of python-<foo>client implement their own http client | 17:25 |
| jrosser_ | surely the whole point of having a pluggable openstack client is to factor out all of that nonsense | 17:25 |
| mgariepy | well if you are only working under openstack probably.. | 17:26 |
| mgariepy | but it does seems like they don't care much about openstack. | 17:26 |
| mgariepy | not much release since a couple release. | 17:26 |
| mgariepy | also the uca mistral package doesn't even contains the openstack actiosn. | 17:28 |
| opendevreview | Marc Gariépy proposed openstack/openstack-ansible-os_mistral master: Add mistra-extra in the mistral venv https://review.opendev.org/c/openstack/openstack-ansible-os_mistral/+/844049 | 17:32 |
| jrosser_ | *mistal typo there in the commit message | 17:40 |
| spatel | jrosser_ thank for this - https://bugs.launchpad.net/openstack-ansible/+bug/1969473 | 17:43 |
| opendevreview | Marc Gariépy proposed openstack/openstack-ansible-os_mistral master: Add mistral-extra in the mistral venv https://review.opendev.org/c/openstack/openstack-ansible-os_mistral/+/844049 | 17:43 |
| mgariepy | jrosser_, fixed :D haha | 17:45 |
| jrosser_ | spatel: does that affect you on stable branches too? | 17:50 |
| spatel | Yes stable/wallaby impacted | 17:50 |
| spatel | This is second deployment i hit that error | 17:51 |
| spatel | Can we cherry pick this patch to Wallaby 23.3.0 ? | 17:51 |
| spatel | Next week i am going to build one more cloud so hope won't see that error by anyway i know how to fix it.. just remove os_rally from setup-openstack.yml :) | 17:52 |
| jrosser_ | noonedeadpunk: shall we backport https://review.opendev.org/c/openstack/openstack-ansible/+/840686 | 17:53 |
| jrosser_ | well you will see it if you use a stable branch | 17:53 |
| mgariepy | jrosser_, do you have a magic way to run like the aio-lxc-infra with a patch from galera_server, automatically ? | 17:57 |
| jrosser_ | like a script? | 17:58 |
| mgariepy | like the gate-check-commit | 17:58 |
| jrosser_ | no i don't | 17:58 |
| mgariepy | but to add an additional patch for a role. | 17:58 |
| jrosser_ | this would be a nice thing to add | 17:58 |
| jrosser_ | we could have a file that had a list of dicts that described some of these `git fetch https://review.opendev.org/openstack/openstack-ansible refs/changes/86/840686/1 && git cherry-pick FETCH_HEAD` | 17:59 |
| jrosser_ | and those got applied after boostrap-ansible | 17:59 |
| jrosser_ | i got in quite a mess trying to do this for upgrade jobs as well | 18:00 |
| mgariepy | where is it done in the gate ? | 18:00 |
| jrosser_ | by zuul beforehand | 18:00 |
| mgariepy | isn't all the depends-on stuff only this .. | 18:00 |
| mgariepy | ha | 18:00 |
| jrosser_ | the relevant branches are all pre-prepared in the on-disk repos | 18:00 |
| mgariepy | ok | 18:02 |
| mgariepy | it would be handy for sure. | 18:02 |
| jrosser_ | the other way is to fork the repos somewhere and use user-role-requirements.yml to override | 18:03 |
| mgariepy | i think it would be better to just be able to use the reviews :D | 18:04 |
| mgariepy | https://bugs.launchpad.net/python-mistralclient/+bug/1804064 | 18:57 |
| mgariepy | well i did try to run the c9s test in a lxd vms over here but it failed at lxc-create .. so i asked for another hold from opendev :D | 19:12 |
| *** dviroel is now known as dviroel|afk | 20:25 | |
| jrosser_ | stack of 3 patches ready which seems to fix functional tests for centos8s https://review.opendev.org/c/openstack/openstack-ansible-tests/+/843140/4 | 21:28 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!