Friday, 2023-02-17

« Thursday, 2023-02-16 Index Saturday, 2023-02-18 »
jrosserNeilHanlon: pretty encouraging with cloud-init 22.2 https://paste.opendev.org/show/b6qQu6zRx1MAfiRnaYEZ/09:17
ElnazSalam12:38
ElnazWhat if I manually install mariadb packages from Ubuntu repo not from the MariaDB repo?12:40
ElnazI read that limited connectivity, but could find a proper way to mirror the MariaDB repository12:41
ElnazWhy you don't use Ubuntu packages for installing mariadb in Galera LXCes?12:42
Elnazcould not* find12:42
ElnazIt s3eems I have connectivity issue with stuff hosted by GCP!12:43
jrosserElnaz: I use debmirror here but there are lots of other tools https://help.ubuntu.com/community/Debmirror12:44
jrosserElnaz: and it is kind of risky to use the mariadb package except for the version we actually test. there have been bad bugs in the past and tying to a specific version gives you something known12:45
ElnazTwo days ago I tried to localize its repo, but I think I ran into the problem that this possibility was available for the enterprise version. I will check again now. (I use aptmirror.)12:49
ElnazAnd if it becomes local, what will be its variable to tell the deployer to use the local dir?12:51
noonedeadpunkElnaz: we mirrored mariadb repos jsut a month ago and there were no issues with that13:23
noonedeadpunkI think we've used aptly, but not 100% sure13:25
ElnazProbably I'm following the wrong link: https://mariadb.com/docs/xpand/deploy/deployment-methods/repo-mirror/ that taks about the enterprise repo!13:26
Elnaztalks*13:26
noonedeadpunkSo we used http://downloads.mariadb.com/MariaDB/mariadb-10.6.10/repo/ubuntu13:28
noonedeadpunkBasically it's constructed here https://opendev.org/openstack/openstack-ansible-galera_server/src/branch/master/vars/debian.yml#L7613:28
noonedeadpunkBut I assume you can define galera_repo: {} and override galera_mariadb_server_package - that might be enough to install from system ones13:30
noonedeadpunkwell, maybe also galera_distro_package_pins: []13:30
NeilHanlonjrosser: yay! 13:31
jrosserNeilHanlon: seems those packages worked nicely13:31
NeilHanlonok, great. i will talk with the RHEL maintainer and see if we can rebase to 22.213:32
jrossercool - it looked like there were a good number of RH bugs open with related things13:33
jrosserand some of the "fixes" applied are really not good13:33
NeilHanlonhttps://bugzilla.redhat.com/show_bug.cgi?id=216365713:39
NeilHanlonjust re-using this ticket to talk to the maintainer13:39
ElnazThere' lots of mirror here: https://mirmon.mariadb.org13:53
ElnazWhat if I set `galera_repo_host: mirror.serverion.com` in var file? (https://mirror.serverion.com/mariadb/)13:55
Elnaznoonedeadpunk: will it work?13:56
Elnazby moving from downloads.mariadb.org to mirror.serverion.com13:57
noonedeadpunkElnaz: well, the thing is that next part of URL is /MariaDB14:23
noonedeadpunkSo I'd suggest to fully override `galera_repo`14:24
noonedeadpunkor at least galera_repo_url14:24
spatelnoonedeadpunk jrosser look like i have some locking issue in ceph causing VM filesystem error15:06
noonedeadpunkYou mean the ones that listed with `rbd lock ls`?15:08
spatelI did but not sure if i miss something - https://paste.opendev.org/show/b8V5D73u4cBYMDFPlKbv/15:08
noonedeadpunkie https://docs.ceph.com/en/latest/rbd/rbd-exclusive-locks/15:08
noonedeadpunkoh, I don't think you want to blacklist clients?15:09
noonedeadpunkas I'd assume this is one of computes15:09
spatelbut how it will remove lock?15:09
noonedeadpunkrbd lock rm ?15:09
spatelif i shutdown VM then it should release lock automatically correct?15:09
spatelsee - https://paste.opendev.org/show/bUJDQhq6gOea6iKkyLNq/15:10
spatelstill exist.. after rm 15:10
noonedeadpunksmth like `rbd lock rm vms/ec6044e6-2231-4906-9e30-1e2e72573e64_disk 139643345791728 client.1211875`?15:11
noonedeadpunkwhat is 192.168.3.12?15:11
noonedeadpunkBefore removing lock ensure you don't have any VM with disk attached running15:12
spatelrbd: releasing lock failed: (2) No such file or directory15:12
spatelgetting error15:12
spatel192.168.3.12 is compute node IP15:12
noonedeadpunkmaybe auto instead of 139643345791728...15:12
spatelrbd lock rm vms/ec6044e6-2231-4906-9e30-1e2e72573e64_disk auto client.121187515:13
noonedeadpunkcommand format is `rbd lock rm <image-spec> <lock-id> <locker>`15:13
spatelsame errr - rbd: releasing lock failed: (2) No such file or directory15:13
spatellet me try that15:13
noonedeadpunkyeah, maybe `-p vms ec6044e6-2231-4906-9e30-1e2e72573e64_disk`15:14
noonedeadpunkinstead of vms/ID15:14
spatelrbd lock rm -p vms ec6044e6-2231-4906-9e30-1e2e72573e64_disk ?15:15
spatelnone working tried couple of combination 15:15
spatelYou gotta be kidding me... this is the command 15:20
spatelrbd lock rm -p vms ec6044e6-2231-4906-9e30-1e2e72573e64_disk "auto 139643345791728" client.121187515:20
noonedeadpunkah, yes15:23
noonedeadpunkyou're right!15:23
noonedeadpunkI can recall it was tricky, but it was quite a while I ran that hehe15:23
mgariepyi seen this once or twice but it was years ago.15:23
mgariepyrbd lock issue15:24
spatelNo joke!!! all my vms up without any filesystem error now :)15:25
mgariepyspatel, what version os ceph was the cluster installed ?15:25
spatelThis is epic win for me 15:26
mgariepyof ceph ** 15:26
spatelQuincy (latest version)15:26
spatelCeph is new to me.. so not sure in past what was the behavior but this is not good15:28
mgariepyi think it was an issue with luminous back in the old days.15:29
spatelI can't remove lock for 100s of VM.. 15:29
mgariepywhat profile does your client has  ? 15:29
mgariepyceph auth get client.[nova|cinder|other?] 15:30
jrosserthough i think if you have a power loss to your whole cluster it's not surprising that its disaster-recovery situation rather than everything just comig back cleanly15:31
spatelmgariepy - https://paste.opendev.org/show/bsfnNZ3OmrB8t3iWbfIl/15:32
spateljrosser i thought ceph should release lock if VM shutdown (i may be wrong)15:32
mgariepyset profile to osd.15:32
jrosserbut it depends where the lock-id is stored15:33
mgariepyalso do not paste keys next time.15:33
jrosserif it's temporary in the memory of the rbd client on the compute node then it will be difficult to manage15:33
spatelmgariepy those keys are fake.. i copy paste random number15:34
mgariepyhaha ok :)15:34
spatelmgariepy what profile i should set?15:34
mgariepyhttps://paste.opendev.org/show/b88DjHwbbHSDhY1i2FXf/15:36
mgariepythis is what i have.15:37
Elnazhttps://releases.openstack.org/constraints/upper/fc7e2105e81c352602085bd2928a706d0ab8a80d 🤦🤦🤦15:37
spatelwhat is the advantage of it?15:38
spateli meant what are these options for15:38
mgariepythe profile will git the client the caps it needs.15:38
ElnazThat link is redirected to an opendev link where I have isuue to connect to!15:39
ElnazErr: https://paste.ubuntu.ir/peacv15:40
mgariepyspatel, https://docs.ceph.com/en/latest/rados/operations/user-management/15:40
noonedeadpunkElnaz: it's quite easy to override this path IIRC15:40
noonedeadpunkuser_requirements_git_url is the variable you need15:41
noonedeadpunkElnaz: but be careful! As you want specific version always15:43
noonedeadpunkSo include requirements_git_install_branch in path15:43
Elnazinfra1-repo-container-22a71eff:~# `wget https://releases.openstack.org/constraints/upper/fc7e2105e81c352602085bd2928a706d0ab8a80d -O /etc/openstack_deploy/upper-constraints/upper_constraints_fc7e2105e81c352602085bd2928a706d0ab8a80d.txt` didn't help!15:43
noonedeadpunkElnaz: iirc you have github available there?15:43
Elnazyes, it's fine here15:44
noonedeadpunkOk, then you can define following in user_variables - `user_requirements_git_url: "https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt"`15:45
ElnazThank you, I run it again to see what happens including this new address15:49
ElnazDo you know what email address I should contact to inform about this connectivity problem with opendev.org?15:57
ElnazOf course, if it is hosted on GCP, there is no solution, because it is Google that is blocking me!16:02
jrosserElnaz: whoever provides your internet connectivity ultimately16:07
jrosserand provide a reproducible test case and some traceroutes / mtr to both working and broken things16:08
ElnazThen I'll try to gather some data by comparing opendev vs github.16:09
noonedeadpunkElnaz: well, opendev is hosted in multiple providers, but I think they're mainly in US16:09
jrosseras an end user theres no point trying to contact cogent or zayo or whichever transit provider we think is problematic16:10
noonedeadpunkI'd assume that these are possibly some regional limitations at where Elnaz at16:11
noonedeadpunkcause by sanctions or stuff like that16:11
jrosserpotentially yes16:11
Elnaz👌16:12
jrosserit's a shame we don't manage to merge the patches to easily switch * to github16:12
noonedeadpunkI think we need another vote for that?16:12
jrosserwell actually for a ton of stuff16:12
jrosserneed to remember we are not having andrew here for months so everthings got a bit stuck16:13
noonedeadpunkthat was the one at least? https://review.opendev.org/c/openstack/openstack-ansible/+/86974816:14
jrosserhttps://review.opendev.org/q/topic:osa-mirrors16:15
jrosserthough i wonder actually if we cover the u-c URL that Elnaz would need there16:16
jrosserthat seems like something else again16:16
noonedeadpunkNo, we don't cover that16:16
ElnazThe weird The strange thing is that I can easily and quickly open opendev web pages in the browser, but Ansible can't fetch things from opendev!16:17
jrosserthats a more interesting patch as the URL is completely different between opendev/github16:17
jrosseri can probably come up with something for that16:18
jrosserthats needing to cover 3 conditions - opendev, github and local mirror16:19
noonedeadpunkjrosser: I think that it's better to just document u-c case16:19
noonedeadpunkas for some gitlab or local fork it will be different again16:19
jrosserwell, that too :)16:19
jrosserwe can give a github example in the doc16:19
noonedeadpunkElnaz: well, you can talk to fungi - he knows way more about how infra things work then we are16:20
jrosserElnaz: is it the same network for your browser and the deploy host though? like not split-tunnel VPN or something?16:20
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Update hatop to latest release, 0.8.2  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87226216:22
noonedeadpunkI think that git and web may end up in different locations16:22
noonedeadpunkThey're behind LB after all16:23
Elnazjrosser: yes, they're different, but let me connect to our infrastructure by `sshuttle` where the ansible is running. 16:23
jrossernoonedeadpunk: aaahh i mistook opendev web pages for looking at the git repos at opendev.org16:25
jrosserElnaz: i think you were investigating with `mtr` before - are you able to share the output from that?16:28
ElnazOh, passing traffic through our datacenter, it's really slow for opening opendev link16:28
ElnazThe link https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/872262 finally opened, but after about 1 minute!16:29
Elnazjrosser: for `mtr`; w8 plz.16:30
fungihttps git and web browsing from the same ip address will get load-balanced to the same backend16:31
fungiif you're doing it from different source addresses you may end up going to one of 8 (currently) different backend servers16:31
fungiyou can tell from the cn in the ssl cert which backend you ended up with16:31
fungibut also we've seen some very high latency and moderate packet loss traversing the zayo backbone through what seems to be both the london and atlanta networks16:33
fungidepending on which backbone providers you end up routed through, you may see dreadful performance as of the past week or two16:33
fungiodds are the performance difference between one place and another when pulling files from opendev.org is really a problem somewhere out on the internet between the client and server16:35
fungithough if you let me know which backend server the client ends up hitting when they see poor performance, i can take a closer look at that backend too16:35
noonedeadpunkElnaz: ^16:36
fungiecho|openssl s_client -connect opendev.org:https|openssl x509 -text|grep gitea16:36
fungithe gitea0X is the backend16:37
fungiecho|openssl s_client -connect opendev.org:https|grep ^subject16:39
fungislightly shorter16:39
Elnazfungi: that `echo...` output: https://paste.ubuntu.ir/dskto16:43
fungithanks, so whatever machine you ran that on is being directed to gitea04 currently. i'll check to see if it's having any resource problems16:46
Elnazjrosser: not possible to copy mtr output, then please see them here: https://mega.nz/folder/VsgwkDxZ#h_aDc0qv4cXl7oH39wDkbA16:46
fungigitea04 doesn't seem to be under any unusual stress or resource contention: http://cacti.openstack.org/cacti/graph_view.php?action=tree&tree_id=1&leaf_id=882&nodeid=node1_882&host_group_data=16:50
ElnazCan I manually change it somewhere not to be directed to Gitea04?16:59
jrosserElnaz: the link breaks now for me but google and github used a cdn and were served for you in EU, opendev needed a transatlantic hop to US, thats the most obvious difference17:01
Elnazsorry; mtr: https://mega.nz/folder/lxxUBA4D#OE7rhdCd7zOsLvQAsYeHVg17:06
fungiElnaz: you can try manually connecting to another backend, for example https://gitea01.opendev.org:3000/openstack/nova17:07
fungibut i expect you'll see the same routing performance since they're all on the same network17:08
ElnazI'll try it too.17:15
Elnazgalera-install.yml: https://paste.ubuntu.ir/hsnlj Could this error that I am getting now have anything to do with the constraints file that I had a problem with before (that problem of getting the constraints/requirements file was solved by setting a variable to get it from github)17:18
noonedeadpunkum, no, that looks like some weirdness with haproxy management17:20
noonedeadpunkspecifically on infra117:20
Elnazvvv: https://paste.ubuntu.ir/fxmry17:21
ElnazI have st two different network for internal and external: `br-mgmt` and `br-end`17:22
Elnazthere's no route between these to network, completely isolated, is it ok?17:22
Elnazthese two*17:22
Elnazhave set*17:23
noonedeadpunkdo you have /run/haproxy.stat on infra1?17:23
noonedeadpunkyes, totally17:24
noonedeadpunkalso make sure that haproxy runs there17:24
Elnaz`ls: cannot access '/run/haproxy.stat': No such file or directory`17:24
ElnazThe haproxy service is `Active: active (running)` on infra1.17:25
noonedeadpunkhuh17:36
noonedeadpunkI think we're enabling stats socket regardlessly...17:37
noonedeadpunkmaybe /var/run/haproxy.stat ?17:37
noonedeadpunkalso - is it same on all infra nodes? meaning - is it absent everywhere?17:39
noonedeadpunkor jsut infra1?17:39
Elnazinfra1: `ls: cannot access '/var/run/haproxy.stat': No such file or directory`17:40
Elnazboth `/var/run/haproxy.stat` and `/run/haproxy.stat`exist on the infra2, but not infra1!17:41
noonedeadpunkwell. I'd suggest restarting haproxy then17:42
Elnaznoonedeadpunk: Also available on infra317:42
noonedeadpunkas it sounds not healthy to me17:42
noonedeadpunk /var/run is likely a symlink to /run17:42
noonedeadpunkrestarting on infra1 ofc17:43
ElnazOk, (none of the are not a symlink, checked by `ls -l`)17:44
noonedeadpunkI meant directories themselves - on modern OS `/var/run: symbolic link to /run`17:52
noonedeadpunkanyway17:52
noonedeadpunkYou should figure out why haproxy don't want to create socket17:52
noonedeadpunkas in config it is defined `stats socket /var/run/haproxy.stat level admin mode 600` 17:53
noonedeadpunkI'd assume that haproxy is just dead or does not like it's configuration on infra117:54
cloudnull👋 what's good cloud ?18:14
mgariepyhey cloudnull what's up ?18:15
cloudnulljust living the dream ,, you ?18:15
mgariepymostly need sleep :P18:16
cloudnullagain updated my home cloud to the head of master, things are running wonderfully :D 18:16
cloudnullmgariepy sleep is overrated 18:16
mgariepyyeah you can't die for lack of sleep.18:16
mgariepyso it must be useless 18:16
cloudnullright! that's just science 18:16
cloudnullmgariepy how's life? doing ok? 18:18
mgariepyyep my yougest son just got 5.18:18
mgariepyi'm getting old ;) haha18:18
cloudnulldang!!! 5!? time flys for sure 18:19
mgariepyyeah18:22
noonedeadpunk\o/18:28
noonedeadpunkoh, congrats on that! It means they will go to school soon18:30
mgariepyyeah in september 18:32
cloudnull💯 more time to sleep :D 18:57
fungicloudnull: whoa, good to see you again! glad you're still alive ;)19:10
fungi(at our age that's decreasingly guaranteed)19:25
« Thursday, 2023-02-16 Index Saturday, 2023-02-18 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!