| jrosser | that sed error from moha7 is odd indeed | 07:01 |
|---|---|---|
| jrosser | moha7: would be very interesting if you can run ‘/opt/ansible-runtime/bin/python -c "from importlib.metadata import version; print(version('openstack-ansible'))")’ on the 22.04 install that fails | 07:06 |
| jrosser | also very helpful if you tell us which branch you use and what kind of OS install you have (like cloud-image or ISO installer etc) | 07:07 |
| moha7 | Hi; I passed the first deployment step, but I get the following error while running`openstack-ansible setup-infrastructure.yml` ---> https://ibb.co/ngqxSKT | 08:29 |
| moha7 | https://www.irccloud.com/pastebin/Ngyfbbms/ | 08:31 |
| noonedeadpunk | moha7: I assume you have some connectivity issues between repo containers | 08:33 |
| noonedeadpunk | or some trafic being firewalled | 08:33 |
| moha7 | this is the etc/hosts file of the container "infra1-repo-container-6496250d" --> https://ibb.co/T4TS87b --> But I don't know why it is using the ranges 172.17.245.0 and 172.17.247.0 while I've set 172.17.246.0 as br-mgmt | 08:35 |
| moha7 | The 1st section of my openstack_user_config.yml file: https://p.teknik.io/Raw/jL45m where 172.17.246.0 is set | 08:38 |
| moha7 | infra1_horizon_container-64c2e3be on 172.17.245.221 | 08:41 |
| moha7 | but there's no 172.17.245.0/x range in my networks! | 08:42 |
| jrosser | moha7: are you sure that 172.17.246.0/22 is on a proper /22 boundary? you can't just choose these arbitrarily | 08:45 |
| jrosser | also if you are deploying a multinode lab on esxi you must turn off whatever mac/ip security there is between VMs as otherwise you will run into many problems like you see with glusterfs | 08:46 |
| jrosser | each node has many IP and many mac addresses and the virtualisation environment doesnt know about them and drops the traffic by default | 08:46 |
| jrosser | moha7: also did you solve the problem on ubuntu 22.04? if there is a bug we need to know how to reproduce it in order to fix it | 08:47 |
| jrosser | moha7: you br-mgmt range is actually 172.17.244.0 to 172.17.247.255 with the config you have made | 08:53 |
| moha7 | OMG! Unbelievable mistake; It should be /24. Thanks | 09:16 |
| moha7 | For the Ubuntu issue, I'll try it again on a fresh Ubuntu | 09:18 |
| *** akahat|ruck is now known as akahat|ruck|lunch | 09:42 | |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-lxc_hosts stable/zed: Ensure tar is installed on LXC host https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/868176 | 10:40 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-lxc_hosts stable/yoga: Ensure tar is installed on LXC host https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/868177 | 10:41 |
| *** dviroel|out is now known as dviroel | 10:58 | |
| *** akahat|ruck|lunch is now known as akahat|ruck | 11:05 | |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Define name for all collections in a-r-r https://review.opendev.org/c/openstack/openstack-ansible/+/868205 | 12:37 |
| mgariepy | good morning everyone | 12:57 |
| damiandabrowski | hi! | 12:57 |
| mgariepy | how are you doing? | 12:59 |
| damiandabrowski | a bit tired of clearing snow from the yard basically every day :D | 13:00 |
| mgariepy | haha | 13:00 |
| mgariepy | where are you located ? | 13:00 |
| mgariepy | i'm in quebec. i prefer having snow instead of slush and water/ice everywhere :D | 13:00 |
| damiandabrowski | Poland, Cracow | 13:01 |
| damiandabrowski | haha, that's true :D | 13:01 |
| mgariepy | i guess you do have snow every winter there :) | 13:02 |
| mgariepy | you are a bit upper north than me :P | 13:02 |
| damiandabrowski | we do but this year is special...didn't see that much snow since at least 5 years :D | 13:04 |
| mgariepy | winter is relaxing :D | 13:04 |
| mgariepy | i do a big vegetable garden in the summer. so during winter i'm way less busy with various tasks :D | 13:05 |
| damiandabrowski | having your own vegetables sounds awesome, need to think about it one day :D | 13:07 |
| mgariepy | last summer was aweful tho lot's of rains and not much heat.. | 13:07 |
| mgariepy | so all the heat loving crop didn't produce much | 13:08 |
| mgariepy | i had like 8 or 10kg of tomatoes from the garden, previous year was more like 45. | 13:08 |
| damiandabrowski | :( | 13:10 |
| mgariepy | at some point i'll build a greenhouse :) | 13:10 |
| * noonedeadpunk has only rains now ;( | 13:10 | |
| noonedeadpunk | on the bright side it's oranges and lemons season now | 13:11 |
| mgariepy | that must be awesome fresh oranges must be so good. | 13:11 |
| noonedeadpunk | yeah, that's true | 13:12 |
| mgariepy | it's day and night for apples when in seasons. so it must be really good for oranges as well :D | 13:12 |
| noonedeadpunk | Quite mindblowing for me tbh | 13:12 |
| mgariepy | are there a lot for different varieties ? | 13:13 |
| noonedeadpunk | Um, have very little idea to be honest. As I used to the climate with proper winters, and it's first time spending winter in lcimate where lowest temperature by now was +4 | 13:14 |
| mgariepy | here in the store we do not have much varieties for oranges. like 2 or 3 | 13:14 |
| noonedeadpunk | ah, in stores. I don't think it's a lot. Or well. Each store seems to have it's own supplier so they all slightly different. And can also differ by week in the same store | 13:15 |
| noonedeadpunk | Also you can see how ppl selling their own oranges from cars on the streets | 13:15 |
| mgariepy | for apples there are quite a few in stores but there are places where they do grow more kind of apples | 13:15 |
| mgariepy | nice :D | 13:15 |
| noonedeadpunk | and landlord has couple of lemon and orage trees as well, so he gave couple just from the tree | 13:16 |
| opendevreview | Kirill Tyugaev proposed openstack/openstack-ansible-ops master: Improve venv cleanup regexp discovery https://review.opendev.org/c/openstack/openstack-ansible-ops/+/868212 | 13:16 |
| noonedeadpunk | But I think all apples here are Polish. At least they're not local for sure | 13:17 |
| mgariepy | on a side note, chatgpt is impressive imo.. | 13:19 |
| mgariepy | https://paste.openstack.org/show/bXWsCsyJla5uiCaB7pLR/ | 13:22 |
| noonedeadpunk | I usually jsut use https://regex101.com/ lol | 13:25 |
| noonedeadpunk | but yes, that;s quite impressive | 13:25 |
| mgariepy | it's just fun :D haha. | 13:25 |
| noonedeadpunk | soon we all will loose our jobs and AI will just manage k8s | 13:25 |
| mgariepy | much better than any other assistant. | 13:25 |
| noonedeadpunk | that's true | 13:26 |
| noonedeadpunk | you're using it as chrome extension or smth? | 13:26 |
| mgariepy | nop | 13:27 |
| mgariepy | i don't like extension. | 13:27 |
| mgariepy | they can change hands too easily .. lol | 13:27 |
| noonedeadpunk | `OpenAI's services are not available in your country.` ;( | 13:28 |
| mgariepy | ** insert vpn pub here ** | 13:28 |
| noonedeadpunk | but it checks by phone number. | 13:29 |
| noonedeadpunk | so VPN not helpful | 13:29 |
| noonedeadpunk | And google voice has banned me :D | 13:29 |
| mgariepy | voip.ms ? | 13:29 |
| noonedeadpunk | that is interesting.... | 13:31 |
| mgariepy | not free but kinda cheap | 13:31 |
| noonedeadpunk | I bet they'll block me as well once I try to add my UA credit card... | 13:32 |
| noonedeadpunk | worth a shot though | 13:32 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Allow to skip clone process for some repos https://review.opendev.org/c/openstack/openstack-ansible/+/868217 | 13:59 |
| noonedeadpunk | 868205 is quite painful for me atm... | 14:17 |
| jrosser | noonedeadpunk: you mean you need the feature or the patch is difficult? | 14:25 |
| noonedeadpunk | need feature :) | 14:26 |
| noonedeadpunk | have totally isolated env - no proxies. And realized I can't really do bootstrap | 14:26 |
| noonedeadpunk | (in proper way) | 14:26 |
| jrosser | ahha interesting | 14:26 |
| jrosser | my deploy host at least has always had a proxy | 14:27 |
| jrosser | even if through a bastion to the targets was isolated | 14:27 |
| noonedeadpunk | yeah, so we do mirror git repos now | 14:27 |
| noonedeadpunk | and basically need to say that all we need should be taken from them and original content should be ignored | 14:27 |
| jrosser | yeah we do have that for the targets | 14:28 |
| jrosser | pip/pypi must be hard though | 14:28 |
| noonedeadpunk | Luckily it wasn't me who had to clone pypi :D | 14:29 |
| noonedeadpunk | I think it's kind of proxy though for pypi | 14:29 |
| jrosser | this is from some time ago but does that https://github.com/bbc/rd-ansible-devpi-proxy | 14:30 |
| noonedeadpunk | I think that pulp was leveraged for that | 14:30 |
| *** cloudnull5 is now known as cloudnull | 14:31 | |
| noonedeadpunk | Looks like we just followed https://docs.pulpproject.org/pulp_python/workflows/pypi.html manually | 14:36 |
| noonedeadpunk | #startmeeting openstack_ansible_meeting | 15:00 |
| opendevmeet | Meeting started Tue Dec 20 15:00:48 2022 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'openstack_ansible_meeting' | 15:00 |
| noonedeadpunk | #topic rollcall | 15:00 |
| noonedeadpunk | o/ | 15:00 |
| jamesdenton | o/ | 15:01 |
| damiandabrowski | hi! | 15:01 |
| mgariepy | hey o/ | 15:01 |
| noonedeadpunk | #topic office hours | 15:02 |
| noonedeadpunk | So, congrats and thanks for all contributors who put an effort for Zed release | 15:03 |
| noonedeadpunk | I wanted to count contributors but failed in a way time-wise for that :( | 15:03 |
| jamesdenton | \o/ | 15:03 |
| damiandabrowski | \o/ | 15:03 |
| jamesdenton | big thanks to the heavy hitters who keep it all together | 15:04 |
| noonedeadpunk | We obviously have issue with neutron :D | 15:05 |
| noonedeadpunk | The thing that hits us on Zed with updated SHA for neutron, also hits for master | 15:05 |
| noonedeadpunk | So we need to find the reason for https://review.opendev.org/c/openstack/openstack-ansible/+/867954 | 15:05 |
| jamesdenton | is there a known upstream bug by chance? | 15:06 |
| jamesdenton | i can try to look into that | 15:06 |
| noonedeadpunk | I reached neutron folks but they were not helpful and were saying that we try to do weird things liek create network multiple times. But likely I just need to narrow down to specific commit that brings this regression... | 15:06 |
| noonedeadpunk | The thing is that only metal deploy does fail | 15:07 |
| noonedeadpunk | and LXC is good | 15:07 |
| jamesdenton | it's the lock wait timeout issue, right? | 15:07 |
| noonedeadpunk | so it's smth when running neutron-server outside of the container | 15:07 |
| noonedeadpunk | well... I guess | 15:07 |
| noonedeadpunk | at least that's what I see in neutron logs. | 15:07 |
| noonedeadpunk | I'd assume it can be realted to the sqlalchemy changes... | 15:08 |
| jamesdenton | ok, i will try one locally today and see what's upo | 15:08 |
| noonedeadpunk | As there was a workaround during branching/initial release that afterwards should be replaced with proper fix | 15:08 |
| noonedeadpunk | I won't have time for that until end of the week for sure | 15:09 |
| noonedeadpunk | Also I'm not really sure what we are testing until 867954 lands. So I'd say it's better to sort it out | 15:11 |
| noonedeadpunk | Once it's done I'm thinking to check ansible-core 2.14 for 2023.1 | 15:12 |
| noonedeadpunk | I'm not sure what to do with openstack collection though | 15:13 |
| noonedeadpunk | Also in terms of Zed. They were planning release of 2.0 early 2023 | 15:14 |
| noonedeadpunk | And now we have SHA in the middle of the master that obviously has some bugs and things in progress | 15:14 |
| NeilHanlon | o/, here & late (as usual) | 15:15 |
| noonedeadpunk | But I guess it would be good to backport usage of 2.0 after it get's tagged to Z | 15:15 |
| noonedeadpunk | other then that we should add upgrade jobs from Yoga which means updating our upgrade script in some way | 15:16 |
| noonedeadpunk | that will allow selection of destination? | 15:17 |
| noonedeadpunk | or well, ask for the input? | 15:17 |
| noonedeadpunk | I wonder if it should be smth like dialog or just super simple | 15:18 |
| jamesdenton | meaning, Y->Z or Y->A? | 15:18 |
| noonedeadpunk | Yup | 15:18 |
| noonedeadpunk | or well | 15:18 |
| noonedeadpunk | yes, options are correct, but I've jsut realized that for upgrade script we just checkout to destination and then run it | 15:19 |
| noonedeadpunk | so it sounds, like we should detect just where we are based on the current git state and verify if it's valid or not.... | 15:20 |
| damiandabrowski | +1 for backporting openstack ansible collection later if 1.x works fine with Zed | 15:20 |
| damiandabrowski | but as I can see, it does not officially support Zed :/ | 15:20 |
| damiandabrowski | "1.x.x releases of Ansible OpenStack collection are compatible with OpenStack SDK 0.x.x prior to 0.99.0 only (OpenStack Yoga and earlier)." | 15:20 |
| noonedeadpunk | We use >1 but <2.0. So we use SHA from master, and they will create 2.0 from master as well, but in fairly later commit | 15:21 |
| noonedeadpunk | 2.0 simply doesn't exist atm | 15:21 |
| damiandabrowski | ah okok | 15:21 |
| damiandabrowski | fine for me | 15:22 |
| noonedeadpunk | so we're using even not alpha but some "work in progress" version that is stable enough according to our CI | 15:22 |
| noonedeadpunk | the more I think about upgrsade jobs the more I feel complexity | 15:23 |
| noonedeadpunk | Oh. Also we discussed yestarday that for PKI role it would be great to allow using *_pipe modules from crypto. Which means that module can accept cert or private key from variable rather from file. And variable can be set to any lookup plugin eventually. | 15:25 |
| noonedeadpunk | That would enable us to store certs/private keys in vault/sops/encrypted with ansible-vault | 15:25 |
| noonedeadpunk | The only thing is how to save/create/generate certs for the first time. as while reading them is relatively easy, creating is not in fact | 15:26 |
| noonedeadpunk | I think question I have for everyone is - how do you save/store/manage certs? Hashi vault? | 15:28 |
| noonedeadpunk | trying to narrow down options that we want to implement outside of file as it is today | 15:28 |
| damiandabrowski | ouh, these *_pipe modules look promising | 15:31 |
| jrosser | our deployments just have their certs using the pki role files on the deploy node today | 15:39 |
| jrosser | but any other certs we have in hashi vault | 15:40 |
| jrosser | i think that we should refactor the PKI role a bit as it stands to make a `file` backend and switch to the *_pipe modules | 15:40 |
| noonedeadpunk | oh, btw, interesting question - how does hashi lookup module perform? | 15:40 |
| jrosser | that should put in place all the structure needed to make the backend pluggable | 15:41 |
| jrosser | we make it be in pre_tasks so it only calls it once, using lookup rather than the native module, but that is just history really | 15:41 |
| noonedeadpunk | so while I do understand how to store in Vault, but I don't really understand how to store using sops for example, or ansible-vault | 15:42 |
| jrosser | ansible vault is difficult - i did not find an example for using ansible to create a new ansible-vault-encrypted var | 15:42 |
| *** dviroel is now known as dviroel|lunch | 15:43 | |
| noonedeadpunk | sops should support that though.... | 15:44 |
| noonedeadpunk | well, I guess creating such var/file can be matter of command, given that you've defined password file in ENV var | 15:46 |
| jrosser | yeah community.sops.sops_encrypt | 15:46 |
| noonedeadpunk | but it's tricky/nasty indeed | 15:46 |
| jrosser | so what i was thinking is we should make tasks/standalone/{{backend}}_read.yml / _write.yml | 15:46 |
| jrosser | and in the middle of including those is some 'generate' function that is conditional on if the read worked or not | 15:47 |
| jrosser | abstract away how/where the private key comes from, it just needs to end up in some well known var and a status fact be set | 15:48 |
| noonedeadpunk | and feed result of that to pipe... Yeah, that can work, though will be super complex | 15:48 |
| noonedeadpunk | I wonder if we want to resurrect our idea with roles testing before messing up with that? | 15:49 |
| noonedeadpunk | or well, your idea :) | 15:49 |
| jrosser | that would be a great thing to do | 15:49 |
| noonedeadpunk | that way we can try to ensure that we won't break current deplooyments very badly | 15:49 |
| noonedeadpunk | as workflow sounds quite complex | 15:50 |
| noonedeadpunk | btw we also might want to get our vault role in for tests of integration for that backend | 15:50 |
| noonedeadpunk | (or use some 3rd party at worst) | 15:51 |
| noonedeadpunk | well.. this has now quite solid list of pre-requisitives | 15:51 |
| noonedeadpunk | but that's for good I think | 15:53 |
| noonedeadpunk | I do like the idea | 15:56 |
| damiandabrowski | btw. as I mentioned today, we have broken gating for xena, this patch aims to fix it: https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/868107 | 15:57 |
| damiandabrowski | yesterday* | 15:57 |
| noonedeadpunk | damiandabrowski: well, you can't do that I think | 15:57 |
| noonedeadpunk | max supported erlang is 24.2 for rabbit 3.9.8 | 15:58 |
| noonedeadpunk | https://www.rabbitmq.com/which-erlang.html | 15:58 |
| damiandabrowski | awwww, you're right :| | 16:00 |
| noonedeadpunk | well, time is over, so will wrap this up | 16:00 |
| damiandabrowski | so i have to bump rabbitmq version as well | 16:00 |
| noonedeadpunk | Also want to remind, that next 2 meetings are cancelled | 16:00 |
| noonedeadpunk | So see you all on next meeting in 2023 :) | 16:01 |
| noonedeadpunk | #endmeeting | 16:01 |
| opendevmeet | Meeting ended Tue Dec 20 16:01:17 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:01 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-12-20-15.00.html | 16:01 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-12-20-15.00.txt | 16:01 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-12-20-15.00.log.html | 16:01 |
| noonedeadpunk | damiandabrowski: I'd rather not | 16:01 |
| damiandabrowski | any other ideas? | 16:03 |
| noonedeadpunk | oh. they've dropped all 24.2? | 16:03 |
| noonedeadpunk | damn it | 16:03 |
| noonedeadpunk | How I'm tired of these rabbit repos thing | 16:04 |
| damiandabrowski | yup | 16:04 |
| damiandabrowski | https://cloudsmith.io/~rabbitmq/repos/rabbitmq-erlang/packages/?q=distribution%3Aubuntu+AND+distribution%3Afocal+AND+version%3A1%3A24.2* | 16:04 |
| noonedeadpunk | pfffff | 16:08 |
| noonedeadpunk | the only idea I have is a terrible one which is switch back to https://www.erlang-solutions.com/downloads/ for erlang | 16:09 |
| noonedeadpunk | but yes, likely we need to update both then | 16:11 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-rabbitmq_server stable/xena: Upgrade rabbitmq and erlang version https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/868107 | 16:17 |
| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-rabbitmq_server stable/xena: Upgrade rabbitmq and erlang version https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/868107 | 16:20 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Do not run dstat by default https://review.opendev.org/c/openstack/openstack-ansible/+/868224 | 16:42 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Do not run dstat by default https://review.opendev.org/c/openstack/openstack-ansible/+/868224 | 16:55 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Do not run dstat by default https://review.opendev.org/c/openstack/openstack-ansible/+/868224 | 16:58 |
| *** dviroel|lunch is now known as dviroel | 16:59 | |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Unset OSA-defined variables for bootstrap https://review.opendev.org/c/openstack/openstack-ansible/+/868227 | 17:11 |
| noonedeadpunk | that is proper bug ^ | 17:11 |
| noonedeadpunk | well, both of these are proper bugs :( | 17:14 |
| BobZAnnapolis | folks, any accurate documentation on how to successfully set up and run Rally/Tempest ? The openstack.org and rally read the docs instructions aren't working as smoothly as we'd like, wrong github urls, missing scenarios and tests after pip installs, etc, tia | 17:38 |
| BobZAnnapolis | trying not to bother you unnecessarily, is there an openstack-rally irc ? | 17:39 |
| jrosser | BobZAnnapolis: not exactly Rally/Tempest but we use refstack | 17:49 |
| opendevreview | Merged openstack/openstack-ansible-ops master: Improve venv cleanup regexp discovery https://review.opendev.org/c/openstack/openstack-ansible-ops/+/868212 | 20:52 |
| spatel | jamesdenton around | 21:02 |
| *** dviroel is now known as dviroel|out | 21:42 | |
| *** rgunasekaran_ is now known as rgunasekaran | 21:54 | |
| opendevreview | Merged openstack/ansible-role-pki stable/yoga: Ensure CA privatekey permissions https://review.opendev.org/c/openstack/ansible-role-pki/+/867632 | 22:22 |
| opendevreview | Merged openstack/openstack-ansible master: Unset OSA-defined variables for bootstrap https://review.opendev.org/c/openstack/openstack-ansible/+/868227 | 22:51 |
| opendevreview | Merged openstack/openstack-ansible master: [doc] Fix document on dymanic_inventory tox usage https://review.opendev.org/c/openstack/openstack-ansible/+/867973 | 22:51 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!