| opendevreview | Matthew Thode proposed openstack/openstack-ansible-os_ceilometer master: remove loadbalancer from installed definitions https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/864962 | 02:31 |
|---|---|---|
| opendevreview | Matthew Thode proposed openstack/openstack-ansible-os_aodh master: Install git into aodh containers https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/864966 | 02:49 |
| prometheanfire | I think that octavia is failing in master due to https://storyboard.openstack.org/#!/story/2010099 | 04:04 |
| prometheanfire | tracked in https://review.opendev.org/864553 heh | 04:04 |
| *** akahat|ruck is now known as akahat | 04:12 | |
| *** ysandeep|out is now known as ysandeep|ruck | 05:00 | |
| *** ysandeep|ruck is now known as ysandeep|ruck|afk | 10:22 | |
| *** ysandeep|ruck|afk is now known as ysandeep|ruck | 10:45 | |
| noonedeadpunk | Ugh, SSL and Java - tons of fun | 10:52 |
| noonedeadpunk | all these keystores/truststores | 10:54 |
| noonedeadpunk | I can even hardly read docs on how to set it up or what it does want to work... | 11:03 |
| noonedeadpunk | https://zookeeper.apache.org/doc/r3.5.5/zookeeperAdmin.html#Quorum+TLS | 11:04 |
| noonedeadpunk | Why in the world they generate cert with keytool.... ugh | 11:04 |
| noonedeadpunk | most confusing, that you can set zookeeper.ssl.keystore.type = PEM | 11:05 |
| noonedeadpunk | I bet it doesn't mean you can just place PEM files and provide path to it.... | 11:08 |
| noonedeadpunk | I think you still need to import them | 11:09 |
| noonedeadpunk | but then why you need to define path if they're imported | 11:12 |
| noonedeadpunk | (╯°□°)╯︵ ɐʌɐᒋ | 11:12 |
| noonedeadpunk | Docs like https://support.ptc.com/help/thingworx/platform/r9/en/index.html#page/ThingWorx/Help/ThingWorxHighAvailability/configuringssltlsforzookeeper.html doesn't say anything about import though | 11:13 |
| noonedeadpunk | THough they use safe certs for cluster and for clients from what I can tell | 11:14 |
| noonedeadpunk | s/safe/same | 11:14 |
| *** dviroel|out is now known as dviroel | 11:21 | |
| dok53 | HI all, I have set up cinder with quobyte and can create, delete and snapshot volumes no problem. However when I try to attach them I get an error in the horizon dashboard as seen here with logs. https://paste.openstack.org/show/bL2coOmPxbxFMuEmwtDj/ I also can't see my default_volume_type in the dropdown when creating a volumt (config line also in the paste) The logs don't tell me anything so any pointers where to look or what might be causing it? | 12:30 |
| *** frenzy_friday is now known as frenzy_friday|lunch | 12:31 | |
| frickler | noonedeadpunk: opendev sets up zookeeper with ssl for zuul, not sure how much that helps you, but maybe worth a look https://opendev.org/opendev/system-config/src/branch/master/playbooks/roles/zookeeper | 12:33 |
| noonedeadpunk | frickler: that is helpful | 12:34 |
| noonedeadpunk | will need to check what's you put inside keystore/trustore | 12:35 |
| frickler | that should be essentially https://opendev.org/zuul/zuul/src/branch/master/tools/zk-ca.sh | 12:36 |
| frickler | and then this setup for the zk container https://opendev.org/zuul/zuul/src/branch/master/tools/docker-compose.yaml#L27-L41 | 12:39 |
| frickler | and the matching zoo.cfg https://opendev.org/zuul/zuul/src/branch/master/tools/zoo.cfg | 12:40 |
| frickler | the latter links are for the zuul testing environment, which might be a bit simpler than the production setup, though | 12:41 |
| frickler | feel free to ask in #opendev if you need more info, I also only deployed this in a local install without really understanding all the bits and pieces | 12:42 |
| *** ysandeep|ruck is now known as ysandeep|ruck|afk | 12:46 | |
| *** dviroel_ is now known as dviroel | 12:57 | |
| noonedeadpunk | frickler: yeah, zk-ca is what I was looking for:) seems you indeed don't use any keytool -importcert | 13:06 |
| noonedeadpunk | but reading openssl commands is way better then keytool :D | 13:08 |
| noonedeadpunk | so truststore is simply CA cert and keystore is cert/private key | 13:10 |
| noonedeadpunk | which is everything I needed to know :) | 13:10 |
| frickler | cool, glad it was useful | 13:24 |
| *** ysandeep|ruck|afk is now known as ysandeep|ruck | 13:30 | |
| *** frenzy_friday|lunch is now known as frenzy_friday | 13:32 | |
| noonedeadpunk | XneWv963!rg91w | 13:56 |
| noonedeadpunk | well.... need to rotate some passwords... | 13:57 |
| *** ysandeep|ruck is now known as ysandeep|out | 14:42 | |
| mgariepy | at least it wasn't password1234 | 15:06 |
| *** dviroel is now known as dviroel|lunch | 15:07 | |
| Mouaa | Hi guys, I'm working for a client for upgrading his openstack platform which is based on Ubuntu 18.04 and openstack-ansible in train version, all in distro install method... Initialized at the time in stein, it seemed simpler at the time for the people who set it up to start with a distro method. Since then, you have warned me here several times that the test coverage was minimal in distro + ubuntu mode... | 15:18 |
| Mouaa | Facing difficulties in distro install method (python3 on 18.04 is limited to 3.6.9 and playbooks for upgrade reclaims min 3.8 for venv build utility containers, I mounted a DEV platform (openstack DEV over openstack PRODUCTION) in source mode to compare. | 15:18 |
| Mouaa | Is it normal in source mode not to find a "repo" container on any controllers? In any case, no container contains a "/var/www/repo" directory. | 15:18 |
| Mouaa | Did I miss something? | 15:18 |
| Mouaa | See: https://docs.openstack.org/openstack-ansible/victoria/admin/upgrades/distribution-upgrades.html | 15:18 |
| noonedeadpunk | Mouaa: in source install repo containers are quite important | 15:38 |
| noonedeadpunk | they're not needed for distro install | 15:38 |
| noonedeadpunk | Mouaa: you can check for example on how to define it here https://opendev.org/openstack/openstack-ansible/src/branch/master/etc/openstack_deploy/openstack_user_config.yml.example#L328-L351 | 15:39 |
| noonedeadpunk | they should be explicitly stated in openstack_user_config | 15:39 |
| Mouaa | I know, no repo on distro method...On my test platform in source method, no container repo, no container with /var/www/repo, surprising ! | 15:40 |
| Mouaa | root@osa-deployer-tlse:/opt/openstack-ansible# grep -i method /etc/openstack_deploy/user_variables.yml | 15:46 |
| Mouaa | install_method: source | 15:46 |
| Mouaa | No group repo in inventory, no container repo on controllers, no conatainer who have /var/www/repo | 15:46 |
| Mouaa | the install doc say to define install_method in user_variables.yml | 15:50 |
| Mouaa | https://docs.openstack.org/project-deploy-guide/openstack-ansible/train/configure.html | 15:50 |
| Mouaa | It therefore seems mandatory to define the hosts of the repository in the inventory in the source method... My error seems to be found! Thanks | 15:54 |
| jrosser | Mouaa: there are a bunch of example configs in this directory https://opendev.org/openstack/openstack-ansible/src/branch/master/etc/openstack_deploy/openstack_user_config.yml.example | 15:55 |
| Mouaa | The config yaml are inherited from a platform deployed in production since 4 years in distro mode, so they are valid. | 16:00 |
| Mouaa | I took over these, just changed the install method to source, but in fact I didn't create any repo containers in the ansible inventories... This must be why I don't have a CT created repo | 16:00 |
| jrosser | they must be defined in openstack_user_config | 16:03 |
| jrosser | like this https://opendev.org/openstack/openstack-ansible/src/branch/master/etc/openstack_deploy/openstack_user_config.yml.example#L342-L350 | 16:03 |
| Mouaa | OK, but documentation said in v train to put it in user var | 16:04 |
| Mouaa | for the method install param | 16:05 |
| jrosser | yes, install_method goes in user varliables | 16:05 |
| jrosser | the IP of the repo hosts must go in openstack_user_config | 16:05 |
| jrosser | you need both | 16:05 |
| Mouaa | ok thank you | 16:05 |
| *** dviroel|lunch is now known as dviroel | 16:16 | |
| nixbuilder | Does anyone know where to set the cinder timeouts for volume creation? I have tried the 'block_device_creation_timeout=300' in nova.conf, but I am still getting the error "Build of instance a84c1741-a443-4d4f-a754-fe92c418caec aborted: Volume 01d84acf-3671-4628-8e63-ddba43692e09 did not finish being created even after we waited 21 seconds or 8 attempts. And its status is error.: nova.exception.BuildAbortException: Build of in | 16:26 |
| nixbuilder | stance a84c1741-a443-4d4f-a754-fe92c418caec aborted: Volume 01d84acf-3671-4628-8e63-ddba43692e09 did not finish being created even after we waited 21 seconds or 8 attempts. And its status is error." Where does the 20 seconds variable get set? | 16:26 |
| prometheanfire | looks like external ceph isn't working with rocky-9, it calls ceph-client role which tries to install a gpg file that doesn't exist | 16:45 |
| noonedeadpunk | nixbuilder: I think you need both to expand nova timeout and in cinder as well from what I can recall | 16:58 |
| noonedeadpunk | I can recall I was doing that but can't find that variable in cinder for some reason.... | 17:01 |
| noonedeadpunk | Maybe I'm wrong and I've adjusted only nova.... | 17:01 |
| noonedeadpunk | Hm.... | 17:01 |
| noonedeadpunk | prometheanfire: try setting `ceph_pkg_source: distro` | 17:02 |
| noonedeadpunk | But I think we need to patch ceph role actually... | 17:02 |
| nixbuilder | noonedeadpunk: Thanks... I will check in cinder. | 17:03 |
| noonedeadpunk | prometheanfire: but isn't ansible_facts['distribution_major_version'] != 9? | 17:03 |
| noonedeadpunk | for rocky? | 17:03 |
| noonedeadpunk | nixbuilder: btw nova should have not only timeout, but also number of attempts | 17:04 |
| noonedeadpunk | nixbuilder: btw I don't see such thing as block_device_creation_timeout in nova | 17:05 |
| noonedeadpunk | there're block_device_allocate_retries_interval and block_device_allocate_retries | 17:06 |
| damiandabrowski | regarding tls for haproxy backends. Is it even possible to secure glance API with TLS when uWSGI is not used? | 17:28 |
| damiandabrowski | I can't find anything about it in docs | 17:28 |
| nixbuilder | noonedeadpunk: Thanks... I am finding out that, for some reason, I am getting the error 'Requested image 7ac8cef3-37d4-4882-b117-9d2ddcf80ed9 is not in raw format.' That particular image is the cirros image that has always worked on our Pike cloud but now does not seem to work in the Yoga cloud. I am changing the format to raw and see what happens. | 17:34 |
| nixbuilder | noonedeadpunk: Changing the image to raw got rid of the error, but did not get rid of the problem with instance creation. Got to dig in to this further I guess. Thanks again for the help. | 17:42 |
| prometheanfire | noonedeadpunk: ya, needed to add the ceph quincy package to the default container packages too | 17:46 |
| *** dviroel is now known as dviroel|out | 20:13 | |
| damiandabrowski | there's one more thing: I think we may have broken gating for glance(and probably for cinder) due to openstack-ansible-deploy-aio_nfs-ubuntu-jammy job | 21:42 |
| damiandabrowski | this job failed on 2 latest patches: https://review.opendev.org/q/project:openstack%252Fopenstack-ansible-os_glance | 21:43 |
| damiandabrowski | worth looking into this next week | 21:43 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!