| *** ysandeep|out is now known as ysandeep | 04:52 | |
| *** ysandeep is now known as ysandeep|afk | 05:41 | |
| *** ysandeep|afk is now known as ysandeep | 06:02 | |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server stable/yoga: Do not add cacert when it does not exist https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/855133 | 07:17 |
|---|---|---|
| anskiy | jamesdenton: I hope to file those bugs this week and gonna link them to you: that would be a nice base for a story :) | 07:21 |
| *** ysandeep is now known as ysandeep|afk | 07:36 | |
| *** ysandeep|afk is now known as ysandeep | 09:12 | |
| anskiy | I was thinking about adding `haproxy_horizon_allowlist_networks` variable, which would default to `[]` in haproxys group_vars. Then, I would need to add `or` for `[]` case in here: https://opendev.org/openstack/openstack-ansible-haproxy_server/src/branch/master/templates/service.j2#L59. | 09:20 |
| anskiy | I can default it to `0.0.0.0`, which would still result in rendering `acl`, which is kinda stupid. | 09:21 |
| noonedeadpunk | anskiy: I think condition then should be like `{% if 'haproxy_allowlist_networks' in item.service and item.service.haproxy_allowlist_networks %}` if that's what you meant? | 09:23 |
| anskiy | noonedeadpunk: yeah, something like that, didn't actually test that one. But the question is more like: is this the best approach? | 09:25 |
| noonedeadpunk | But eventually you can jsut override haproxy_horizon_service | 09:25 |
| anskiy | noonedeadpunk: that's what I do now, but you do this for just one additional key and lose all those changes to the defaults, if there would be any | 09:27 |
| anskiy | it's like this thing: https://review.opendev.org/c/openstack/openstack-ansible/+/854370 | 09:27 |
| anskiy | which came from the need to add: `unicast_src_ip`, `unicast_peers`, `virtual_routes` and `virtual_rules` :) | 09:29 |
| noonedeadpunk | the problem there is that haproxy_default_services is a list | 09:30 |
| anskiy | noonedeadpunk: if what you suggest is the desired approach to osa, that's fine, I just find it a little bit more maintenance heavy. | 09:30 |
| noonedeadpunk | what we can do is indeed to add here https://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/haproxy/haproxy.yml#L573-L612 things like "{{ haproxy_horizon_service | combine(haproxy_horizon_service_overrides | default({})) }}" | 09:31 |
| noonedeadpunk | s/add/edit/ | 09:32 |
| anskiy | would it be better to add combines to all the services at once? | 09:33 |
| noonedeadpunk | I think that would ineed be more neat then full variable override... | 09:33 |
| noonedeadpunk | I don't think you can do that with list properly? | 09:33 |
| anskiy | I mean, fix each line for each service | 09:34 |
| anskiy | not just horizon | 09:34 |
| noonedeadpunk | yeah, that's what I meant :) | 09:34 |
| noonedeadpunk | Just wrote horizon as an example | 09:34 |
| anskiy | yeah, that would look super nice, and in addition it could help with overriding backend/backup nodes. Thank you! Gonna submit a change in a while. | 09:36 |
| noonedeadpunk | and eventually I also faced that I need to override backend order and was about to think on how to do this in a better way | 09:45 |
| noonedeadpunk | So will wait for patch :D | 09:45 |
| opendevreview | Danila Balagansky proposed openstack/openstack-ansible master: Add merge with `haproxy_<service>_overrides` variables for all `haproxy_default_services` https://review.opendev.org/c/openstack/openstack-ansible/+/855184 | 10:59 |
| *** ysandeep is now known as ysandeep|break | 11:27 | |
| *** dviroel|out is now known as dviroel | 11:30 | |
| opendevreview | Merged openstack/openstack-ansible-os_keystone stable/yoga: Fix keystone_secure_proxy_ssl_header logic https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/853094 | 11:35 |
| noonedeadpunk | anskiy: can you kindly add a space before `}}` ? | 11:35 |
| anskiy | noonedeadpunk: oh, sure :) | 12:04 |
| opendevreview | Danila Balagansky proposed openstack/openstack-ansible master: Add merge with `haproxy_<service>_overrides` variables for all `haproxy_default_services` https://review.opendev.org/c/openstack/openstack-ansible/+/855184 | 12:07 |
| opendevreview | Ke Niu proposed openstack/ansible-role-uwsgi master: Use TOX_CONSTRAINTS_FILE https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/855055 | 12:15 |
| *** ysandeep|break is now known as ysandeep | 12:20 | |
| noonedeadpunk | Some reviews for backports to yoga on https://review.opendev.org/q/parentproject:openstack/openstack-ansible+branch:%255Estable/yoga+status:open+ would be great | 12:57 |
| *** ysandeep is now known as ysandeep|dinner | 14:39 | |
| *** dviroel is now known as dviroel|mtg | 14:43 | |
| opendevreview | Merged openstack/openstack-ansible-plugins stable/yoga: Use `journald_remote_systemd_prefix` for systemd prefix https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/855000 | 14:44 |
| opendevreview | Merged openstack/openstack-ansible-haproxy_server stable/yoga: Do not add cacert when it does not exist https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/855133 | 14:46 |
| opendevreview | Merged openstack/openstack-ansible-os_keystone stable/yoga: Add PKCE method for OIDC https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/852959 | 14:47 |
| *** ysandeep|dinner is now known as ysandeep | 15:00 | |
| noonedeadpunk | #startmeeting openstack_ansible_meeting | 15:02 |
| opendevmeet | Meeting started Tue Aug 30 15:02:47 2022 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:02 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:02 |
| opendevmeet | The meeting name has been set to 'openstack_ansible_meeting' | 15:02 |
| noonedeadpunk | #topic roll call | 15:02 |
| noonedeadpunk | o/ hello everyone | 15:02 |
| anskiy | hello :) | 15:03 |
| ebbex | o/ | 15:04 |
| noonedeadpunk | #topic bug triage | 15:07 |
| noonedeadpunk | I know that couple of bugs has landed during last previous weeks | 15:07 |
| noonedeadpunk | #link https://bugs.launchpad.net/openstack-ansible/+bug/1987405 | 15:08 |
| noonedeadpunk | hm, so it's about network-generic-switch which seems to be an ml2 driver | 15:09 |
| noonedeadpunk | While I kind of see reason for this bug report, it feels also a bit off | 15:12 |
| anskiy | this one was discussed a bit on last meeting | 15:13 |
| noonedeadpunk | ah | 15:13 |
| anskiy | it's the bug from jrosser_ team | 15:13 |
| noonedeadpunk | yeah, I know that. Then I guess I just should to wrap bug triage if it was already discussed | 15:13 |
| * noonedeadpunk forgot to read trough meeting notes | 15:13 | |
| noonedeadpunk | #topic office hours | 15:14 |
| noonedeadpunk | I think I should create another bug report about the way how we configure cinder | 15:14 |
| anskiy | there were actually no resolution on how to proceed with fixing it: https://meetings.opendev.org/irclogs/%23openstack-ansible/%23openstack-ansible.2022-08-23.log.html#t2022-08-23T15:07:09 | 15:15 |
| noonedeadpunk | yeah, I already found that, but still thanks | 15:16 |
| noonedeadpunk | so for cinder, there's issue with what we do for ceph backend, as we configure active/active without using tooz, which is not supposed to be that | 15:17 |
| noonedeadpunk | And the problem that it's quite hard to rollback from a/a since in DB all volumes have cluster already set | 15:18 |
| noonedeadpunk | and fixing that qould require deploying etcd or zookeeper | 15:18 |
| *** dviroel|mtg is now known as dviroel | 15:18 | |
| noonedeadpunk | I've already touched that slightly previously, but this needs proper thinking through | 15:19 |
| noonedeadpunk | though in fact in production envs we don't see issues with current setup, but I can imagine some nasty race conditions to happen though | 15:20 |
| noonedeadpunk | regarding neutron - probably we should jsut set default to not use uwsgi and backport it to Y | 15:21 |
| noonedeadpunk | jsut to check that neutron-rpc-server will get stopped as expected with that switch, as I can imagine it won't | 15:22 |
| noonedeadpunk | as it will be just filtered out instead of being stopped/disabled/masked | 15:23 |
| noonedeadpunk | other then that tbh I don't have much to discuss, as still trying to get in sync with all I've missed for 2 weeks | 15:25 |
| ebbex | yeah, just add ml2.genericswitch to the exeption in neutron_use_uwsgi. | 15:26 |
| noonedeadpunk | or that | 15:28 |
| noonedeadpunk | that is even faster | 15:28 |
| noonedeadpunk | though I can imagine there can be more things that does fail | 15:29 |
| ebbex | how? They'll be back to running plain non-uwsgi neutron-server. | 15:31 |
| ebbex | it probably worked for them before the uwsgi split. | 15:32 |
| *** dviroel is now known as dviroel|lunch | 15:40 | |
| noonedeadpunk | I meant there can be more ml2 plugins that does not work with uwsgi | 15:41 |
| noonedeadpunk | so except list can be wider in fact | 15:41 |
| noonedeadpunk | but yes, it's kind of safe and simple thing to do right now | 15:42 |
| ebbex | yeah, hehe :) i think pretty much everyting except lxb and ovs would have problems. | 15:42 |
| noonedeadpunk | Oh. One more thing. After switching to cloudsmith, it seems it was not that perfect decision, since they tend to clean-up repos quite freqently and in a bit weird manner | 15:43 |
| noonedeadpunk | (we get rabbit/erlang from there now) | 15:43 |
| noonedeadpunk | so if anybody have ideas of how or where to get rabbit/erlang from would be great. Eventually we switched to cloudsmith because native erlang repos for ubuntu are not stable, which causes CI and deployments to fail | 15:45 |
| noonedeadpunk | and with cloudsmith there's another problem in versions that we can get from there | 15:45 |
| noonedeadpunk | maybe, we should just pin major version, and get whatever minor version is present... | 15:45 |
| noonedeadpunk | but I don't really like that approach | 15:46 |
| anskiy | by native, you mean ppas? | 15:47 |
| anskiy | checked git log, sorry. I've found this thing: https://launchpad.net/~rabbitmq/+archive/ubuntu/rabbitmq-erlang, but I don't know if it's any better, and it seems, it's only Erlang too | 15:53 |
| ebbex | major, minor or patch? | 15:54 |
| ebbex | i think patch is ok, but minor doesn't change that often? | 15:55 |
| *** ysandeep is now known as ysandeep|out | 15:56 | |
| noonedeadpunk | ebbex: I think I meant patch | 16:01 |
| noonedeadpunk | anskiy: nah, ppa contains only single version, while what we want is to be able to pick and stick to the version | 16:01 |
| noonedeadpunk | anyway | 16:02 |
| noonedeadpunk | #endmeeting | 16:02 |
| opendevmeet | Meeting ended Tue Aug 30 16:02:10 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:02 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-08-30-15.02.html | 16:02 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-08-30-15.02.txt | 16:02 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-08-30-15.02.log.html | 16:02 |
| NeilHanlon_ | heya, sorry I missed the meeting today.. Had to reschedule the house cleaners last minute. I'll review the logs :) | 16:02 |
| *** NeilHanlon_ is now known as NeilHanlon | 16:03 | |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Bump OpenStack-Ansible Yoga https://review.opendev.org/c/openstack/openstack-ansible/+/855255 | 16:05 |
| *** dviroel|lunch is now known as dviroel | 16:33 | |
| *** dviroel is now known as dviroel|out | 22:37 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!