| *** prometheanfire is now known as Guest1 | 01:48 | |
| *** Guest1 is now known as prometheanfire | 01:48 | |
| *** ysandeep|out is now known as ysandeep | 05:12 | |
| opendevreview | Jimmy McCrory proposed openstack/openstack-ansible-os_cinder master: Remove oslo_policy section from cinder.conf https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/852515 | 06:23 |
|---|---|---|
| noonedeadpunk | mornings | 06:53 |
| *** ysandeep is now known as ysandeep|afk | 07:02 | |
| jrosser_ | good morning | 07:11 |
| *** ysandeep|afk is now known as ysandeep | 08:25 | |
| *** ysandeep is now known as ysandeep|afk | 10:43 | |
| *** tosky is now known as Guest71 | 10:46 | |
| *** tosky_ is now known as tosky | 10:46 | |
| evrardjp | hello folks | 11:24 |
| evrardjp | I was browsing osa repo, and I found that we have plenty of vars in group_vars that are not necessary anymore | 11:25 |
| evrardjp | I will propose a patch to clean those if you don't mind | 11:25 |
| evrardjp | but in my way to that, I realised that some of those group vars changes were NOT documented in release notes | 11:26 |
| damiandabrowski | thanks JP | 11:26 |
| evrardjp | for example 678b14c21a completely changed the default behaviour of packages state, but didn't document in release notes | 11:27 |
| evrardjp | what's the approach you want to take? sweep it under the rug, now that it's been a certain time? | 11:27 |
| damiandabrowski | i think You're right and we should have written release note about that. At least we updated the docs. | 11:32 |
| damiandabrowski | Not sure if adding a release note now is a good thing though | 11:32 |
| *** dviroel|out is now known as dviroel | 11:32 | |
| evrardjp | well, the question for me is what is the intent behind this patch | 11:33 |
| evrardjp | because if it was for a quick fix and a revert, then it doesn't make sense to do a reno | 11:34 |
| evrardjp | but if it was to fundamentally say "we'll not use latest" , then the patch is not finished: The roles are not patched and still default to latest, and we have plenty of variables which are now useless | 11:34 |
| evrardjp | so my whole question is to clarify the intent and do the right patches afterwards | 11:34 |
| evrardjp | do you know more about the history of that patch noonedeadpunk? | 11:35 |
| damiandabrowski | "The roles are not patched and still default to latest", can't agree with that. Maybe we have a few leftovers, but I just had a quick look and I found `<service>_package_state: "{{ package_state | default('latest') }}"` for all roles i checked which looks fine | 11:39 |
| damiandabrowski | anyway, let's wait for Dmitriy's opinion ;) | 11:39 |
| evrardjp | exactly why I think it's not good | 11:44 |
| opendevreview | Jean-Philippe Evrard proposed openstack/openstack-ansible master: [WIP] Cleanup useless variables https://review.opendev.org/c/openstack/openstack-ansible/+/852563 | 11:44 |
| damiandabrowski | ah, after reading a commit message i see your point | 11:48 |
| evrardjp | :) | 11:49 |
| noonedeadpunk | " completely changed the default behaviour of packages state, but didn't document in release notes" > what did it changed except upgrade guide and upgrade script (which is representation of upgrade guide mainly)? | 11:50 |
| noonedeadpunk | ah, you mean getting consistent behaviour across all distors | 11:51 |
| noonedeadpunk | so having "latest" especially for ubuntu leads to system outages basically each second time you run a playbook. | 11:52 |
| noonedeadpunk | but yes, I would say we can create a release note for that, though it would be renderred quite wrongly now | 11:53 |
| evrardjp | exactly my point | 11:57 |
| evrardjp | so if you don't mind, I think it's worth changing the defaults in the different roles, to adapt to our point of view | 11:57 |
| evrardjp | then remove all the useless vars that come from it | 11:58 |
| evrardjp | it's a bit of a yak shaving compared to the project I am dealing with, but at least it cleans up the state | 11:58 |
| noonedeadpunk | can you be more specific about useless vars you have in mind and what default are you proposing?:) | 11:58 |
| noonedeadpunk | package_state can be removed, but still should be supported | 11:58 |
| noonedeadpunk | yes, we can switch default to present in roles, though time vs profit of that is quite arguable | 11:59 |
| evrardjp | anything that's defined only once in a playbook, and is only used for wiring can probably be removed now that roles can take reliably vars: argument | 11:59 |
| noonedeadpunk | But if you have free time - why not | 11:59 |
| noonedeadpunk | I am not really sure about that | 11:59 |
| evrardjp | profit is the clean variables, which is by far worth it in the long run, both in CI and in user deployments | 11:59 |
| noonedeadpunk | As then you have yet another place which changes behaviour of runtime | 12:00 |
| noonedeadpunk | So moving from group_vars to playbook doesn't really make much sense to me | 12:00 |
| evrardjp | It doesn't make sense to have a group_var if it's not used by different plays/roles ? | 12:01 |
| evrardjp | why wouldn't you set a sane default from the start if it's not used for differnet plays/roles? | 12:01 |
| noonedeadpunk | nah it's not. But _a lot_ of such things were already cleaned out quite recently | 12:01 |
| noonedeadpunk | still room for improvement though | 12:01 |
| *** tosky is now known as Guest77 | 12:01 | |
| *** tosky__ is now known as tosky | 12:01 | |
| evrardjp | exactly | 12:01 |
| evrardjp | no reason to block then ;) | 12:01 |
| noonedeadpunk | (like https://review.opendev.org/c/openstack/openstack-ansible/+/769974) | 12:02 |
| noonedeadpunk | but ones that left were used elsewhere at the moment | 12:02 |
| noonedeadpunk | or moving them to roles was too weird | 12:03 |
| noonedeadpunk | Like `heat_cinder_backups_enabled: "{{ hostvars['localhost']['cinder_service_backup_program_enabled'] }}"` make sense only with context | 12:04 |
| evrardjp | we can discuss in the different reviews | 12:04 |
| noonedeadpunk | But I personally don't like idea moving to the playbooks, as it's too implicit I would say. Or well, yet another place you need to check for each time | 12:05 |
| evrardjp | these are where some variables already are... | 12:07 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_hosts stable/yoga: Prevent lxc.service from being restarted on package update https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/852497 | 12:08 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_hosts stable/xena: Prevent lxc.service from being restarted on package update https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/852498 | 12:08 |
| noonedeadpunk | oh, seems we landed all backports to yoga | 12:10 |
| noonedeadpunk | exce | 12:10 |
| opendevreview | Jean-Philippe Evrard proposed openstack/openstack-ansible-openstack_hosts master: Define coherent safe default for package state https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/852567 | 12:10 |
| noonedeadpunk | * except this one | 12:10 |
| evrardjp | ouch that one hurts indeed | 12:10 |
| noonedeadpunk | I wonder if same should be done for ovs | 12:11 |
| evrardjp | it's kinda weird to have a policy to prevent restart, but it is what is | 12:12 |
| noonedeadpunk | My best idea was to add a variable to make it conditional... doesn't change things dramatically | 12:17 |
| opendevreview | Jean-Philippe Evrard proposed openstack/openstack-ansible master: [WIP] Cleanup useless variables https://review.opendev.org/c/openstack/openstack-ansible/+/852563 | 12:18 |
| opendevreview | Jean-Philippe Evrard proposed openstack/openstack-ansible-lxc_hosts master: Define coherent safe default for package state https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/852569 | 12:29 |
| opendevreview | Jean-Philippe Evrard proposed openstack/openstack-ansible master: [WIP] Cleanup useless variables https://review.opendev.org/c/openstack/openstack-ansible/+/852563 | 12:29 |
| *** tosky is now known as Guest78 | 12:30 | |
| *** tosky_ is now known as tosky | 12:30 | |
| opendevreview | Jean-Philippe Evrard proposed openstack/openstack-ansible master: [DNM] Remove glance variable inside cinder https://review.opendev.org/c/openstack/openstack-ansible/+/852571 | 12:40 |
| *** tosky is now known as Guest85 | 13:13 | |
| *** tosky__ is now known as tosky | 13:13 | |
| mrf | repo container is critical after deployment? | 13:22 |
| evrardjp | define "criticial" :) | 13:22 |
| evrardjp | critical* | 13:23 |
| mrf | mmm will openstack works without triple replica repo? | 13:23 |
| evrardjp | it's still useful, but if you lose it, afaik, you can rebuilt it. | 13:23 |
| mrf | good | 13:23 |
| mrf | then i can survive with 1 | 13:23 |
| evrardjp | yeah, I think so. Please ask other ppl that are more aware | 13:23 |
| evrardjp | if it didn't change compared to years ago, it should be okay ;) | 13:24 |
| mrf | i got a bug where gluster miss files on the setup and then dont bootstrap the clusters | 13:24 |
| evrardjp | I don't see yet how these are related | 13:24 |
| evrardjp | in fact, I have trouble grokking the whole sentence you just said ... | 13:25 |
| mrf | i dont know why but two of the 3 containers , miss match in the files needed to boot | 13:25 |
| evrardjp | sounds to me that you have things to fix :) | 13:25 |
| mrf | but in a clean install "copy" files from one node of glusterfs to another... | 13:26 |
| mrf | because the gfs-volume folder got missing files... | 13:26 |
| jrosser_ | mrf: it would be surprising if there were missing files in glusterfs as it is of course a shared filesystem | 13:56 |
| jrosser_ | it is much more possible that for some reason it is not mouted properly in the places it should be | 13:56 |
| evrardjp | jrosser_: do we carry glusterfs by default now? | 13:56 |
| jrosser_ | then you would end up with a mix of local files and the shared fs | 13:56 |
| jrosser_ | evrardjp: yes we now use it to keep the same content in all the repo servers | 13:57 |
| jrosser_ | lsyncd is unmaintained and there is also a huge mess with multiple architectures without a shared fs | 13:57 |
| evrardjp | what was the problem with rsync? | 13:57 |
| evrardjp | ok | 13:57 |
| jrosser_ | glusterfs is provided as an example | 13:58 |
| jrosser_ | you can substitute in any mount that you want if it's not preferred | 13:58 |
| jrosser_ | mrf: my guess is that you have proceeded with the playbooks past setup-infrastructure where something has failed there | 14:01 |
| mrf | i solved just leaving 1 glusterfs node | 14:04 |
| mrf | and now all works smooth :P | 14:04 |
| mrf | jrosser_ https://paste.opendev.org/show/bF6wQ3CfAcqDf3dr1YhF/ | 14:05 |
| mrf | that log indicate that gluster1 and gluster2 didnt miss somefiles of their peers | 14:06 |
| jrosser_ | well it should work | 14:10 |
| jrosser_ | and we test a 3 node cluster of this in our CI jobs | 14:10 |
| mrf | yeah i done too 3 days ago, but dont know why today gluster didnt bootstrap properly | 14:13 |
| jrosser_ | have you been deleting and re-creating the containers? | 14:13 |
| mrf | no, rollback with snapshoots | 14:14 |
| jrosser_ | of what? | 14:14 |
| mrf | All VMS (COntrollers1-3/Logs Machine/Haproxys1-2) | 14:14 |
| mrf | the onlyone i didnt rollback is the deployer machine | 14:14 |
| mrf | hope today at least access to horizon :P | 14:15 |
| mrf | currently running setup-openstack | 14:15 |
| jrosser_ | well ok | 14:16 |
| jrosser_ | just know that every patch we make has to pass all the CI so it is pretty hard to break things | 14:17 |
| jrosser_ | and just from today here is a CI run which verifies that the same file is visible in each repo container https://zuul.opendev.org/t/openstack/build/6a696b1091d44312a69ee95f16e32bf6/log/job-output.txt#25244-25252 | 14:17 |
| mrf | i downloaded openstack-ansible stable/yoga this also recive patches? | 14:18 |
| jrosser_ | if you check out stable/yoga on any particular day then that is the current head of the branch | 14:19 |
| jrosser_ | bugfixes are backported onto that branch from the master branch | 14:20 |
| mrf | ok, understood | 14:20 |
| jrosser_ | and roughly every two weeks a tag is generated on stable/<....>, and those mark the times that we pull in the latest stable branch code for nova/neutron/... as well | 14:20 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-ceph_client master: Provide opportunity to define cluster_name https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/852588 | 14:30 |
| * noonedeadpunk needs to fix bump bot finally | 14:31 | |
| opendevreview | Merged openstack/openstack-ansible stable/yoga: Increase ControlPersist timeout to 300 seconds https://review.opendev.org/c/openstack/openstack-ansible/+/852107 | 14:56 |
| NeilHanlon | o/ morning/afternoon/evening, all | 15:00 |
| noonedeadpunk | #startmeeting openstack_ansible_meeting | 15:00 |
| opendevmeet | Meeting started Tue Aug 9 15:00:21 2022 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'openstack_ansible_meeting' | 15:00 |
| noonedeadpunk | #topic rollcall | 15:00 |
| NeilHanlon | o/ again :P | 15:00 |
| noonedeadpunk | hey there! | 15:00 |
| damiandabrowski | hi! | 15:00 |
| noonedeadpunk | pefect timing :) | 15:00 |
| NeilHanlon | figured i'd be your alarm clock :P | 15:01 |
| noonedeadpunk | :D | 15:02 |
| mgariepy | hey half there | 15:02 |
| jrosser_ | o/ hello | 15:02 |
| noonedeadpunk | #topic bug triage | 15:03 |
| noonedeadpunk | So basically we have 1 new bug that we kind of already triaged | 15:03 |
| noonedeadpunk | #link https://bugs.launchpad.net/openstack-ansible/+bug/1973242 | 15:03 |
| noonedeadpunk | and likely this patch could fix it https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/852399/1/handlers/main.yml#16 | 15:04 |
| noonedeadpunk | but seems I made a mistake somewhere in bash I don't see.... | 15:04 |
| noonedeadpunk | jrosser_: can you remind me how to look at ara-reports ?:) | 15:05 |
| jrosser_ | oh well that is difficult | 15:05 |
| mgariepy | lol it wasn't when you showed me ;p | 15:06 |
| jrosser_ | well i maybe won't put the URL hre | 15:06 |
| jrosser_ | here | 15:06 |
| noonedeadpunk | ok, gotcha | 15:06 |
| noonedeadpunk | fair | 15:06 |
| jrosser_ | tricky thing with that now | 15:06 |
| jrosser_ | upstream ara are not liking my patch to make it speak to zuul | 15:07 |
| noonedeadpunk | should we summon the preson behind this ?:) | 15:07 |
| noonedeadpunk | *person | 15:07 |
| noonedeadpunk | so basically I guess that now for some reason ca.crt is not placed when it should and present... I will apply that to some aio to test out | 15:08 |
| noonedeadpunk | #topic office hours | 15:09 |
| noonedeadpunk | as you might hear, offline PTG has been canceled in favor of fully online | 15:09 |
| noonedeadpunk | I haven't signed us up yet, so thinking how much time we want to take | 15:10 |
| noonedeadpunk | right now I don't see loads of topics tbh, so likely we can manage in 2-3h | 15:10 |
| noonedeadpunk | any thoughts? | 15:10 |
| jrosser_ | we maybe don't have so many new things, perhaps most if it is looking at what to finish from previous PTG etherpads | 15:11 |
| noonedeadpunk | well yes, and probably one of big topics might be our dynamic_inventory | 15:12 |
| damiandabrowski | agree, so maybe one day is enough for us? | 15:13 |
| NeilHanlon | noonedeadpunk: re the bash thing. perhaps it is permission related rather than the file not being there. e.g., if one of those files is unreadable by the ansible user | 15:14 |
| noonedeadpunk | NeilHanlon: well, unlikely, as it was working before. And what has changed - I added `if [[ -f {{ item_base_path ~ '-ca.crt' }} ]]` just to place filename if it's not present | 15:15 |
| noonedeadpunk | since ca.crt is optional | 15:15 |
| NeilHanlon | ah, I see now | 15:15 |
| noonedeadpunk | damiandabrowski: yeah, I think I will jsut book 3h instead of regular 4h jsut to be safe | 15:15 |
| noonedeadpunk | not sure how echo is valid though.... | 15:16 |
| NeilHanlon | could maybe simplify to `$(test -f {{ item_base_path ~ '-ca.crt' }} && echo ... )`, but you're probably right about it just not being there in all likelyhood | 15:16 |
| NeilHanlon | shell quoting weirdness always seems to screw with me when I write ansible lol | 15:17 |
| noonedeadpunk | I really do like the idea of test | 15:17 |
| NeilHanlon | btw Rocky 9 should be available for use in nodepool builders now | 15:18 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Do not add cacert when it does not exist https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/852399 | 15:18 |
| noonedeadpunk | ok, that is great. then we can try adding jobs and see what will fail :) | 15:18 |
| noonedeadpunk | and I actually don't have much on agenda today | 15:21 |
| NeilHanlon | yeah, i know of at least one blocker that I wanted to ask about.. Rocky 9 doesn't have the centos-release-* packages available.. so my thought was to just try and drop in the CentOS Stream 9 Extas-common repository and filter all non centos-release-* packages. Technically, these packages aren't "built" for Rocky, but they should theoretically work. | 15:21 |
| NeilHanlon | And if I can validate their installation/use on Rocky, I will get them built into the Rocky Extras repo itself so it can be removed later on | 15:21 |
| noonedeadpunk | Well, I can't really recall where we use this and for what packages... | 15:22 |
| noonedeadpunk | ah, centos-release-nfv-openvswitch is quite good example | 15:23 |
| jrosser_ | centos-release-gluster9 as well | 15:23 |
| NeilHanlon | yep. gluster is the one I ran into first | 15:24 |
| NeilHanlon | i think maybe systemd-networkd comes from there too? or at least it did in 8.x | 15:24 |
| jrosser_ | oh well thats a story in itself | 15:24 |
| jrosser_ | i think we get it from EPEL? | 15:24 |
| noonedeadpunk | I think it's epel, yes | 15:25 |
| NeilHanlon | ah, good good | 15:25 |
| noonedeadpunk | dropping CentOS Stream 9 Extas might indeed work | 15:29 |
| noonedeadpunk | Though, I see that for Rocky 8 there was at very least centos-release-storage-common? | 15:29 |
| NeilHanlon | yeah we have them in rocky 8 but the stream 9 ones are built mostly on c9s build roots, so it's possible they may have some incompatibilities that we (I) need to iron out. Hopefully they just install from centos and then I can rebuild them to host in the Rocky repositories | 15:30 |
| NeilHanlon | "them" being the release packages pointing Rocky systems to the centos mirrors without any messing about with writing .repo files manually | 15:31 |
| noonedeadpunk | would be quite fair to call them rocky-release-storage-common though :p | 15:31 |
| jrosser_ | how do we got those though? | 15:31 |
| jrosser_ | we have to add a repo with those centos release packages to the rocky system? | 15:32 |
| * jrosser_ worries about franken-install happening | 15:32 | |
| NeilHanlon | jrosser_: yeah. i was intending to make it exclude all but the CentOS Sig release packages | 15:35 |
| NeilHanlon | or even better, probably, only the ones that are needed | 15:36 |
| jrosser_ | i think we have something already very much like that for EPEL / networkd | 15:36 |
| NeilHanlon | yeah, i thought i remembered seeing it a while back | 15:36 |
| *** dviroel is now known as dviroel|lunch | 15:39 | |
| NeilHanlon | I'll put a few changes in today probably for what I've found so far for review and you all can tell me what I've done badly :D | 15:41 |
| noonedeadpunk | telling ppl what they did wrong is smth we enjoy doing pretty much hehe | 15:42 |
| NeilHanlon | Lol ๐ | 15:42 |
| noonedeadpunk | or at least me:D | 15:42 |
| noonedeadpunk | ok sounds good then! | 15:42 |
| noonedeadpunk | btw, I won't be around for the next 2 weeks. Is there any volunteer to held meetings? | 15:43 |
| jrosser_ | i am away next week as well | 15:43 |
| noonedeadpunk | ok, then we can cancel next week | 15:44 |
| damiandabrowski | ack | 15:44 |
| noonedeadpunk | wah tabout Aug 23? | 15:44 |
| noonedeadpunk | *what | 15:44 |
| NeilHanlon | i'd be happy to volunteer but as you know, I know not what I do :P | 15:44 |
| damiandabrowski | I can do that if needed | 15:46 |
| noonedeadpunk | ok, awesome, then Aug 23 will take place :) | 15:47 |
| *** ysandeep is now known as ysandeep|out | 15:58 | |
| NeilHanlon | jrosser_: I think we were both thinking of https://opendev.org/openstack/ansible-role-systemd_networkd/src/branch/master/tasks/main.yml#L67-L82 | 16:01 |
| jrosser_ | yeah, thats it | 16:02 |
| noonedeadpunk | #endmeeting | 16:07 |
| opendevmeet | Meeting ended Tue Aug 9 16:07:32 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:07 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-08-09-15.00.html | 16:07 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-08-09-15.00.txt | 16:07 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-08-09-15.00.log.html | 16:07 |
| evrardjp | jrosser, it seems you have maintained the haproxy role, especially the redirects. | 16:34 |
| evrardjp | I am not particularly fond of the OSA configuration of haproxy (it really is bad for maintenance, IMO) | 16:34 |
| evrardjp | I am looking at how to refactor the role, so that it is far more flexible, but using my very flexible haproxy role | 16:34 |
| evrardjp | My hope would be to reduce the group vars, just have "safe defaults" which can be overriden | 16:35 |
| evrardjp | I would appreciate if you have some time to chat around the idea of the redirects, not really sure to understand why they appeared ... from the commit message | 16:36 |
| mgariepy | hey evrardjp it's been a while | 16:40 |
| jrosser_ | do you have a commit to look at? | 16:40 |
| jrosser_ | evrardjp: ^ | 16:40 |
| evrardjp | multiple | 16:41 |
| evrardjp | but the one I am looking at right now is https://github.com/openstack/openstack-ansible-haproxy_server/commit/d30bb2e6d12233a5a20a9b739c46e40cbabc5bf9 | 16:41 |
| evrardjp | hello mgariepy :) | 16:41 |
| evrardjp | and hello jrosser_ :) | 16:41 |
| evrardjp | it's been a while indeed | 16:42 |
| evrardjp | I have a few extra time so I am hanging around here | 16:42 |
| evrardjp | :) | 16:42 |
| evrardjp | reopening the things I never got the chance to investigate :D | 16:42 |
| jrosser_ | well the reasoninfg for that is here https://review.opendev.org/c/openstack/openstack-ansible-specs/+/822850 | 16:42 |
| jrosser_ | haproxy role has a very large amount of heavy liftng to do if we are to be able to transition internal endpoints to TLS | 16:43 |
| jrosser_ | so flexible role or not, there is some really quite difficult config needed when in the middle of that transition | 16:44 |
| evrardjp | well when I see that it confirms that the role is for me too complex :) | 16:46 |
| evrardjp | I don't see this as rocket science, quite the opposite, but I think it depends on what we do for the average OSA user | 16:46 |
| evrardjp | maybe it's me, but I don't see how one can run openstack without proper management of load balancers, whatever those are :) | 16:47 |
| jrosser_ | no-one else has come up with a simpler way to do that | 16:47 |
| evrardjp | I will give this a go | 16:47 |
| evrardjp | maybe it won't give results | 16:47 |
| evrardjp | but at least it _could_ give some | 16:48 |
| jrosser_ | "we need an OSA release that supports the LB backends being either http or https mixture, and not breaking everything during an upgrade which moves services from http to https one by one" | 16:48 |
| evrardjp | on browsing that role I saw deprecated variables, lack of tests ... | 16:48 |
| evrardjp | exactly | 16:49 |
| jrosser_ | well i would much rather see tests for anything than rewrite it all | 16:49 |
| evrardjp | well I have an haproxy role that's properly tested ;) | 16:49 |
| evrardjp | or that will be tested | 16:49 |
| evrardjp | (in here I mean) | 16:49 |
| jrosser_ | with a meaningful zuul job? | 16:49 |
| evrardjp | currently my role is tested with docker and tox | 16:50 |
| evrardjp | so that could work with zuul | 16:50 |
| evrardjp | but my idea is to just _leverage_ it inside our haproxy_server role | 16:50 |
| evrardjp | like you did for pki role | 16:50 |
| evrardjp | just set the right vars and off you go | 16:50 |
| * jrosser_ has to go..... | 16:51 | |
| *** dviroel|lunch is now known as dviroel | 16:51 | |
| evrardjp | sometimes I just realise that this would be _far simpler_ if we adapted the architecture to have a service discovery | 16:52 |
| evrardjp | then load balancer could just take the info from it.... | 16:52 |
| evrardjp | but even without service discovery, what you are asking is possible | 16:53 |
| admin1 | what is the need for internal endpoints to be in TLS ? | 16:58 |
| admin1 | i mean what benefits does it provides to an average osa operator like me that i might be missing now ? | 16:59 |
| admin1 | comment against "haproxy role has a very large amount of heavy liftng to do if we are to be able to transition internal endpoints to TLS" and "I don't see this as rocket science, quite the opposite, but I think it depends on what we do for the average OSA user" | 17:00 |
| noonedeadpunk | admin1: do you have internal networks fully phisically isolated from public networks? | 17:44 |
| noonedeadpunk | *physically | 17:44 |
| noonedeadpunk | IMO having TLS coverage for all the way is quite basic thing that must be present out of the box without too much hacks | 17:52 |
| noonedeadpunk | for me I don't see how haproxy role is actually broken right now. As well as I don't really feel potential simplification or improvement. But likely worth looking at proposal first. | 17:55 |
| noonedeadpunk | As basically what would happen is that we're moving messy template generation to the messy variable generation | 17:56 |
| noonedeadpunk | that would result in same config... | 17:56 |
| noonedeadpunk | and can't agree more about tests actually | 18:01 |
| dmsimard | noonedeadpunk: feel free to summon me anytime though there are no guarantees on latency :p | 18:02 |
| dmsimard | no hard feelings towards jrosser's patch, there is no precedent for ara talking to other components (such as zuul or swift) and I would prefer to keep it that way, especially if there are relatively simple solutions available | 18:04 |
| dmsimard | I empathize with your need, but IMO the blocker should be the lack of a single server to upload reports or databases too -- not the fact that ara doesn't know how to talk to zuul (it shouldn't have to) | 18:05 |
| dmsimard | if you provide a server somewhere, I can help set it up if necessary | 18:06 |
| dmsimard | I could have even potentially hosted it myself but alas the project's server sponsorship has been downsized such that this is no longer possible at this time | 18:10 |
| noonedeadpunk | dmsimard: well for it makes sense to make some ad-hoc read databaase from URL or smth like that | 18:14 |
| noonedeadpunk | without need for permanent big storage and something quite stateless | 18:14 |
| noonedeadpunk | as one thing to have some UI to which you can pass URL of sqlite db and other store all results for $time | 18:15 |
| noonedeadpunk | returning to haproxy topic, I wonder if it's jumping from 3 o'clock to 9 o'clock of complexity clock... | 18:16 |
| noonedeadpunk | as I think we also read ara results quite ocasionally. So pushing everything regardless is kind of pointless a bit | 18:17 |
| jrosser_ | I was pretty pleased with the statelessness of it | 18:43 |
| jrosser_ | I looked at what the new zuul log processing stuff does and itโs really very very complicated to keep track of which zuul jobs it has processed and which it has not | 18:43 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Allow haproxy to bind on the interface https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/852039 | 18:47 |
| noonedeadpunk | NeilHanlon: fwiw your idea worked nicely for https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/852399/2/handlers/main.yml, so thanks for the tip! | 18:48 |
| NeilHanlon | oh, neat! | 18:53 |
| * NeilHanlon was helpful | 18:53 | |
| mgariepy | hey NeilHanlon did you had time to look at : https://bugs.rockylinux.org/view.php?id=144 | 18:56 |
| *** dviroel is now known as dviroel|biab | 19:34 | |
| *** dviroel|biab is now known as dviroel | 20:13 | |
| NeilHanlon | yep, i'll have a fixed image out this wee | 20:19 |
| NeilHanlon | week* | 20:19 |
| *** dviroel is now known as dviroel|out | 21:17 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!