| *** raukadah is now known as chandankumar | 03:10 | |
| noonedeadpunk | mornings | 07:45 |
|---|---|---|
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Move ceph-install to setup-everything https://review.opendev.org/c/openstack/openstack-ansible/+/862508 | 08:25 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Move ceph-install to setup-everything https://review.opendev.org/c/openstack/openstack-ansible/+/862508 | 08:28 |
| noonedeadpunk | damiandabrowski: anskiy so based on yestarday discussion I made adjustments to the patch. Would be great if you could review it as active users of ceph-ansible, as to be fair - I hardly used it in production deployments. Also feel free to -1 it as we can just add documentation changes at the end to explain upgrade path for such deployments | 08:30 |
| noonedeadpunk | but it does make sense to me tbh to split out things | 08:32 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Move ceph-install to setup-everything https://review.opendev.org/c/openstack/openstack-ansible/+/862508 | 08:39 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Better document integrated usage of ceph-ansible https://review.opendev.org/c/openstack/openstack-ansible/+/862676 | 09:30 |
| noonedeadpunk | damiandabrowski: I proposed only documentation update as well ^ but I'm still not convinced fwiw. | 09:32 |
| *** dviroel|afk is now known as dviroel | 11:28 | |
| nixbuilder | I need to be able to access the various containers via ssh, however I cannot find where the private keys for the containers are stored. | 11:51 |
| *** kleini_ is now known as kleini | 12:23 | |
| noonedeadpunk | nixbuilder: there are no ssh installed on containers by default, thus no keys | 12:47 |
| noonedeadpunk | Why you need that? | 12:47 |
| nixbuilder | noonedeadpunk: I need that because I manage all of our clouds via ansible from my laptop. The previous installation was all on bare metal so ssh is easy. But so far, at least on the galera and util containers, ssh is installed. I just had to edit the sshd_config files to allow password access. But I would rather use the key so I can give keys to others in my group who may need access. | 12:51 |
| noonedeadpunk | do you know that these all is very-very bad idea ? :D | 12:52 |
| noonedeadpunk | And I still don't understand why ssh on containers is needed. | 12:53 |
| nixbuilder | Our clouds are not public... they are all behind our corporate firewall with no outside access unless you have VPN credentials. | 12:53 |
| noonedeadpunk | If you manage with ansible from localhost - you still should be using inventory | 12:53 |
| nixbuilder | It's worked for us going on 8 years or so. | 12:54 |
| noonedeadpunk | Or unless you have compromised machine :D | 12:54 |
| noonedeadpunk | anyway | 12:54 |
| noonedeadpunk | And if you're using same inventory - you can also easily use our connection plugin to connect to containers through hosts like osa does | 12:55 |
| noonedeadpunk | running ansible from localhost is bad idea for plenty of reasons. Including that every team member may have different ansible versions, different version of collections/roles on their localhost, different requirements installed with ansible | 12:56 |
| nixbuilder | This is my first go-around with bringing up openstack-ansible installation.... so is there a document where I can read about this connection plugin. | 12:56 |
| noonedeadpunk | Each of these things can affect behaviour and you can't get consistent result kind of | 12:56 |
| noonedeadpunk | I don't want to touch observability/audit even | 12:56 |
| noonedeadpunk | nixbuilder: well, I don't think we have a document for that as we assume OSA deployment is managed with OSA bootstrapped ansible. | 12:57 |
| noonedeadpunk | But you can find it here https://opendev.org/openstack/openstack-ansible-plugins/src/branch/master/plugins/connection/ssh.py | 12:57 |
| noonedeadpunk | openstack-ansible-plugins can be installed as collection | 12:58 |
| noonedeadpunk | nixbuilder: I mean - you can also deploy openstack on bare metal with openstack-ansible and not use lxc containers at all | 12:58 |
| noonedeadpunk | but if you use containers - I can hardly imagine how are you going to run anything against them not using dynamic inventory... | 12:59 |
| noonedeadpunk | and dymanic_inventory has container_name/physical_host for all containers, so it provides info for connection plugin on how to reach each container through host without directly SSHing to it | 13:00 |
| noonedeadpunk | But you technically can reproduce all that in your local copy on inventory as well... | 13:01 |
| noonedeadpunk | So if you want to use that connection plugin you can do it like that: https://opendev.org/openstack/openstack-ansible/src/branch/master/scripts/openstack-ansible.rc#L50 | 13:02 |
| nixbuilder | I am not the greatest on using ansible... but I am learning... but I think I see where you are going with this... give me a minute to absorb all of this. | 13:03 |
| nixbuilder | So on my laptop do I install the ssh.py via python or pip? | 13:06 |
| noonedeadpunk | well, on laptop you would need to create requirements.yml and place there these lines https://opendev.org/openstack/openstack-ansible/src/branch/master/ansible-collection-requirements.yml#L10-L12 | 13:07 |
| noonedeadpunk | (given you run ansible>=5.0.0) | 13:08 |
| noonedeadpunk | and then run `ansible-galaxy collection install -r requirements.yml` | 13:09 |
| noonedeadpunk | But tbh we never-ever assumed containers will be managed on host without properly bootstrapped/configured openstack-ansible | 13:10 |
| noonedeadpunk | You can ofc run bootstrap-ansible.sh on localhost as well and put same config there as well | 13:10 |
| noonedeadpunk | But maybe you also want to consider deploying without containers and just on bare metal... | 13:11 |
| nixbuilder | So for bare metal install I would just use '/etc/openstack_deploy/env.d/aio_metal.yml.example' and define all containers on metal? | 13:18 |
| jamesdenton | I think it's as easy as defining "no_containers: True" in openstack_user_config.yml prior to the deploy | 13:24 |
| nixbuilder | jamesdenton: OK... that's easy... I'll give that a shot! | 13:26 |
| noonedeadpunk | like that https://opendev.org/openstack/openstack-ansible/src/branch/master/etc/openstack_deploy/openstack_user_config.yml.aio.j2#L46 | 13:37 |
| noonedeadpunk | you will also need to clean up already created containers and clean out generated inventory | 13:38 |
| nixbuilder | noonedeadpunk: Will do... wiping out all of the blades and starting from scratch. Thanks for all your help! | 14:23 |
| *** dviroel is now known as dviroel|lunch | 15:08 | |
| *** dviroel|lunch is now known as dviroel | 16:26 | |
| *** dviroel is now known as dviroel|afk | 20:03 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!