| opendevreview | OpenStack Proposal Bot proposed openstack/openstack-ansible master: Imported Translations from Zanata https://review.opendev.org/c/openstack/openstack-ansible/+/851786 | 02:39 |
|---|---|---|
| *** NeilHanlon_ is now known as NeilHanlon | 03:57 | |
| *** NeilHanlon is now known as neil | 03:59 | |
| *** neil is now known as NeilHanlon | 03:59 | |
| *** ysandeep|out is now known as ysandeep | 05:18 | |
| opendevreview | Merged openstack/openstack-ansible master: Imported Translations from Zanata https://review.opendev.org/c/openstack/openstack-ansible/+/851786 | 07:27 |
| mrf | Hi, i continue in troubles with TASK [pki : Generate certificate private key | 07:44 |
| mrf | https://pastebin.com/PL29MGiv | 07:46 |
| jrosser_ | mrf: do you mean this happens before? | 07:50 |
| mrf | i re-running again setup-hosts.yml | 07:51 |
| mrf | i think this recreate the pki certs | 07:51 |
| admin13 | mrf, how many controllers do you have ? if its 3, then that task might fail 3 times, so you just need to run it again as it moves from 1 to next | 07:52 |
| jrosser_ | admin1: it shouldnt fail at all - if it does then thats wrong | 07:53 |
| admin1 | that was my observation and workaround .. just rerun and it will recreate and move on | 07:54 |
| jrosser_ | but it's still wrong :( | 07:55 |
| jrosser_ | and it then generates fokelore as a result - we were in this position with the long standing bug with venv_rebuild=true as well | 07:55 |
| jrosser_ | mrf: if you have the log for the previous tasks there in the pki role it would be useful, particularly this https://github.com/openstack/ansible-role-pki/blob/master/tasks/main_certs.yml#L20 | 07:57 |
| jrosser_ | noonedeadpunk: agreed about ironic_server looking bogus - as i remember merging the inspector stuff was pretty terrible so i am not surprised there is a mess | 08:17 |
| noonedeadpunk | this can be done as follow-up indeed | 08:17 |
| jrosser_ | looking at the ironic role i want to refactor a lot of it | 08:21 |
| jrosser_ | ironic / inspector tasks are interleaved all through it making it very confusing | 08:22 |
| jrosser_ | really they should be dedicated playbooks even if there is a bit of duplicate code becasue it's very hard to follow | 08:22 |
| noonedeadpunk | yeah, inspector was jsut copy/pasting | 08:22 |
| noonedeadpunk | We were going to look into ironic later this year, smth like October... | 08:23 |
| jrosser_ | right - we are just running it up in the lab now | 08:23 |
| jrosser_ | stuart is taking a look at it | 08:23 |
| *** ysandeep is now known as ysandeep|lunch | 09:05 | |
| *** anskiy1 is now known as anskiy | 09:07 | |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server stable/ussuri: Use cloudsmith repo for rabbit and erlang https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/850350 | 09:08 |
| mrf | question, in production do you move the network roles to dedicated nodes? or mantain in the controller nodes? | 09:22 |
| noonedeadpunk | Depends on scale and design kind of. | 09:23 |
| noonedeadpunk | If you don't plan to pass public network to compute nodes and will access public nets only through floating ips/l3 routers - you should totally consider having dedicated net nodes | 09:24 |
| noonedeadpunk | Also depends on the network backend, as with ovn you don't have concept of net node | 09:25 |
| noonedeadpunk | it's also a thing with lxb and ovs | 09:25 |
| noonedeadpunk | *it's only a thing | 09:25 |
| mrf | good point | 09:25 |
| mrf | i continue stuck on [pki : Generate certificate private key for haproxy looks like its not generating certificaste in previus steps? | 09:37 |
| jrosser_ | mrf: can you paste some more of the output from that? | 09:46 |
| jrosser_ | we need to see the previous tasks from the pki role | 09:46 |
| jrosser_ | *all the previous tasks | 09:46 |
| mrf | ok let me copy to somewhere | 09:47 |
| mrf | logs: https://pastebin.com/i9ahj7su | 10:05 |
| *** ysandeep|lunch is now known as ysandeep | 10:21 | |
| opendevreview | Merged openstack/openstack-ansible master: Increase ControlPersist timeout to 300 seconds https://review.opendev.org/c/openstack/openstack-ansible/+/851426 | 10:23 |
| *** tosky_ is now known as tosky | 10:24 | |
| opendevreview | Merged openstack/openstack-ansible master: Add networking-baremetal repo overrides https://review.opendev.org/c/openstack/openstack-ansible/+/851558 | 10:25 |
| mrf | did you see anything @jrosser_ ? | 10:27 |
| jrosser_ | mrf: sorry in and out of meetings a bit | 10:41 |
| jrosser_ | mrf: i think that the trouble is here `TASK [pki : Generate certificate private key for haproxy_haproxy01-172.29.236.6/32] ` | 10:43 |
| jrosser_ | see that it has `/32` on the end? | 10:43 |
| jrosser_ | i think that this would be a great time to compare what you are doing with what the standard setup in an all-in-one would do, thats the reference deployment | 10:44 |
| mrf | mmm this is my openstack_user_config i think is a copy of an example: https://pastebin.com/P32wTtmZ | 10:49 |
| mrf | nothing strange atleast for me | 10:49 |
| mrf | ok you're correct | 10:52 |
| *** dviroel|out is now known as dviroel | 11:25 | |
| opendevreview | Merged openstack/openstack-ansible-openstack_hosts master: Allow to add extra records to /etc/hosts https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/851428 | 11:59 |
| *** priteau_ is now known as priteau | 12:38 | |
| mrf | haproxy roll can enable monitoring of haproxy ? | 12:57 |
| anskiy | mrf: yes: https://opendev.org/openstack/openstack-ansible-haproxy_server/src/branch/master/defaults/main.yml#L29-L41 | 12:59 |
| mrf | yes just checked online! thanks!! | 12:59 |
| anskiy | there is an options to expose prometheus metrics too: https://docs.openstack.org/openstack-ansible-haproxy_server/latest/configure-haproxy.html#adding-prometheus-metrics-to-haproxy | 13:00 |
| *** frenzyfriday|rover is now known as frenzyfriday|rover|lunch | 13:28 | |
| *** frenzyfriday|rover|lunch is now known as frenzyfriday|rover | 14:05 | |
| *** ysandeep is now known as ysandeep|dinner | 14:47 | |
| noonedeadpunk | #startmeeting openstack_ansible_meeting | 15:00 |
| opendevmeet | Meeting started Tue Aug 2 15:00:43 2022 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'openstack_ansible_meeting' | 15:00 |
| noonedeadpunk | #topic rollcall | 15:00 |
| noonedeadpunk | o/ | 15:00 |
| damiandabrowski | hi! | 15:00 |
| jrosser_ | o/ hello | 15:03 |
| mgariepy | o/ hi ! | 15:03 |
| noonedeadpunk | #topic office hours | 15:04 |
| noonedeadpunk | so seems, that rocky jobs have not returned back | 15:04 |
| NeilHanlon | o/ | 15:05 |
| noonedeadpunk | or well, it's only for Yoga I guess. So I likely is wrong here :) | 15:05 |
| NeilHanlon | they should be resolved today. ianw was working on a dib release, I believe | 15:05 |
| noonedeadpunk | aha, would that involve r9? | 15:05 |
| NeilHanlon | no, just fixing the r8 ones. but my change for r9 should be able to come pretty quickly, I hope | 15:06 |
| noonedeadpunk | ok, great! | 15:07 |
| noonedeadpunk | another thing we were reported recently, is that we have duplicated records in hosts file, if deploy_host == controller as an example | 15:07 |
| noonedeadpunk | basically we likely should be somehow smarter in https://opendev.org/openstack/openstack-ansible-openstack_hosts/src/branch/master/defaults/main.yml#L40 | 15:08 |
| noonedeadpunk | not really sure how to check for that. as an inventory this host won't be == to 'localhost' | 15:09 |
| noonedeadpunk | *in inventory | 15:09 |
| NeilHanlon | hrm.. | 15:09 |
| noonedeadpunk | can't say it brings a lot of issues, as records are identical, but that's confusing at very least | 15:10 |
| NeilHanlon | maybe instead of the join, we could filter the list or unique it | 15:11 |
| mrf | Openstack installed ! :D tomorrow will learn how to add more nodes to a deployment thank so much for your work and help! | 15:12 |
| noonedeadpunk | nah, it's a bit different. So this variable jsut controlls if to run this task or not https://opendev.org/openstack/openstack-ansible-openstack_hosts/src/branch/master/tasks/openstack_update_hosts_file.yml#L48-L57 | 15:12 |
| NeilHanlon | _etc_hosts_content | unique | join('\n') or so https://opendev.org/openstack/openstack-ansible-openstack_hosts/src/commit/f26fbe4c6aef11cc17c4a9e7be37a7b89ae74326/tasks/openstack_update_hosts_file.yml#L51 | 15:12 |
| noonedeadpunk | So we jsut place same content twice | 15:12 |
| noonedeadpunk | under different blocks | 15:12 |
| NeilHanlon | yeah | 15:12 |
| noonedeadpunk | on L40 and L48. and it's not that content is wrong, we should just somehow avoid doing that | 15:13 |
| *** dviroel is now known as dviroel|lunch | 15:14 | |
| NeilHanlon | oh. my bad, I understand the problem now | 15:14 |
| noonedeadpunk | anyway, it doesn't hurt much and there's a control, so maybe we should just document that better | 15:16 |
| NeilHanlon | only thing I can think of doing is looping over the list and doing a lineinfile to ensure the lines are inserted once and only once; but that's computationally annoying :) | 15:16 |
| noonedeadpunk | well, the bigger problem with that approach is how to cleanup obsolete lines | 15:17 |
| noonedeadpunk | in case compute node is dropped or container re-created with different IP | 15:17 |
| noonedeadpunk | and you can not really clean-up everything not in your list, as ppl might have some custom records there | 15:18 |
| noonedeadpunk | Yestarday jrosser_ also spotted weird behaviour in our dynamic_inventory script. While we should patch it right now, this brings me to think what should be our futher plan for this> | 15:19 |
| noonedeadpunk | as dynamic_inventories are being deprecated. One way would be moving it to inventory plugin. But maybe we should jsut have a static inventory, that's being generated/managed with help of inventory-manage script | 15:20 |
| NeilHanlon | Simple way would be not supporting the controller == deploy host scenario, but that's not ideal :D | 15:20 |
| jrosser_ | i don't think that the odd inventory behaviour will affect many deployments, but it's just wrong and extremely confusing | 15:21 |
| jrosser_ | though it does make a really wierd deployment of ironic on LXC | 15:21 |
| noonedeadpunk | well, it affects all deployments, but unlikely you will notice that unless do deep dive into it | 15:21 |
| jrosser_ | i think we now understand what is happening, but not necessarily yet how to fix it | 15:22 |
| noonedeadpunk | so it's more of a corner-case usage I would say | 15:22 |
| noonedeadpunk | yeah | 15:22 |
| noonedeadpunk | regarding publishing config_template to galaxy - my original didn't work, as you can not read secrets that are stored in different project except it is project-config. | 15:27 |
| noonedeadpunk | I tried to push jobs to project-config, and agreed with keys-keeper to share secret with us, but this job got -1 from infra stuff with suggestion to move it partially to zuul-jobs. | 15:28 |
| noonedeadpunk | I didn't have time to follow-up on that, but getting it to zuul-jobs sounds weird to me, mainly because of the code and I bet I will get -2 there... | 15:29 |
| *** ysandeep|dinner is now known as ysandeep | 15:29 | |
| noonedeadpunk | at the same time I do not want to copy-paste jobs code, but well... this is other way around | 15:29 |
| noonedeadpunk | We've also landed almost everything to stable/xena to do bump and next release. This in turn would unblock Yoga upgrade jobs. | 15:31 |
| jrosser_ | we have done another X->Y upgrade today | 15:31 |
| jrosser_ | andrewbonney may have a few small things to fix | 15:31 |
| jrosser_ | i think we have some docs errors around upgrades | 15:32 |
| noonedeadpunk | yeah, we don't mention octavia at very least | 15:32 |
| noonedeadpunk | in terms of moving certs to be usable by pki role | 15:32 |
| noonedeadpunk | I don't think I have anything extra to add though | 15:38 |
| *** ysandeep is now known as ysandeep|out | 15:43 | |
| jrosser_ | no - do we have any new bugs? | 15:44 |
| noonedeadpunk | I don't think we do? | 15:48 |
| jrosser_ | i've not looked :) | 15:48 |
| * jrosser_ might have fixed the inventory | 15:48 | |
| jrosser_ | ^ extremely unlikley, but possible | 15:48 |
| noonedeadpunk | we have not closed some recent ones though, but we didn't have new since few weeks I guess | 15:49 |
| noonedeadpunk | and last one is assigned to damiandabrowski :) | 15:49 |
| noonedeadpunk | oh | 15:49 |
| damiandabrowski | yeah sorry, will try to come back to it during this week :/ | 15:51 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Do not create {hostname}-host_containers group as child of other groups https://review.opendev.org/c/openstack/openstack-ansible/+/851764 | 15:55 |
| noonedeadpunk | Just did some extra cleanup to the removal of host_containers - not fixing state unfortunately | 15:57 |
| noonedeadpunk | #endmeeting | 15:58 |
| opendevmeet | Meeting ended Tue Aug 2 15:58:58 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:58 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-08-02-15.00.html | 15:58 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-08-02-15.00.txt | 15:58 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-08-02-15.00.log.html | 15:58 |
| *** dviroel|lunch is now known as dviroel| | 16:15 | |
| *** dviroel| is now known as dviroel | 16:15 | |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Do not create {hostname}-host_containers group as child of other groups https://review.opendev.org/c/openstack/openstack-ansible/+/851764 | 16:52 |
| NeilHanlon | coming soon to a nodepool builder near you.. https://review.opendev.org/c/openstack/diskimage-builder/+/848901 | 19:09 |
| *** dviroel is now known as dviroel|biab | 19:56 | |
| *** dviroel|biab is now known as dviroel | 20:31 | |
| *** dviroel is now known as dviroel|afk | 20:58 | |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Do not create {hostname}-host_containers group as child of other groups https://review.opendev.org/c/openstack/openstack-ansible/+/851764 | 21:06 |
| *** anskiy1 is now known as anskiy | 21:33 | |
| opendevreview | Merged openstack/openstack-ansible-lxc_hosts master: Prevent lxc.service from being restarted on package update https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/851071 | 22:50 |
| opendevreview | Merged openstack/openstack-ansible master: Allow to provide serial for lxc_hosts https://review.opendev.org/c/openstack/openstack-ansible/+/851049 | 23:40 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!