Wednesday, 2023-02-22

« Tuesday, 2023-02-21 Index Thursday, 2023-02-23 »
opendevreviewMerged openstack/ansible-role-python_venv_build master: Drop empty elements from constraint/requirement files  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/87320800:05
opendevreviewMerged openstack/ansible-role-python_venv_build master: Always build wheels by default  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/87298702:47
MohaaDo you install HAProxy on controllers themselves or do you have some separate nodes for HAProxy?05:36
noonedeadpunkMohaa: thanks for reporting back on network_hosts!08:01
noonedeadpunkMohaa: we install it on controllers by default but you can use separate group of hosts easily08:02
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server stable/zed: Allow maridbcheck socket to FreeBind  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/87473208:07
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server stable/yoga: Allow maridbcheck socket to FreeBind  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/87473308:07
noonedeadpunkI need 1 more vote on https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/873286 and it's backport to Yoga as well to unblock gates08:10
noonedeadpunkunblock gates for stable branches08:19
opendevreviewJonathan Rosser proposed openstack/ansible-role-python_venv_build stable/zed: Drop empty elements from constraint/requirement files  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/87473408:27
opendevreviewJonathan Rosser proposed openstack/ansible-role-python_venv_build stable/yoga: Drop empty elements from constraint/requirement files  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/87473508:27
opendevreviewJonathan Rosser proposed openstack/ansible-role-python_venv_build stable/xena: Drop empty elements from constraint/requirement files  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/87473608:28
jrosserdamiandabrowski: I tried to review the haproxy patches again but I am still really having a tough time with it09:58
jrosserimho it is still far too much change in one patch - rearranging group vars, taking “service” out of the data structures and moving where the role is called all gets changed together10:00
jrosseryou should take a look at one of the “patch series” that gets merged to something like nova, many small changes in a sequence with each one easy to understand10:01
jrosserI also think we should be able to do something better regarding handlers in the haproxy role10:03
opendevreviewMerged openstack/openstack-ansible-openstack_hosts stable/zed: Install curl by defining binary that is provided  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/87328610:06
opendevreviewMerged openstack/openstack-ansible-openstack_hosts stable/yoga: Install curl by defining binary that is provided  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/87328710:06
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Install curl by defining binary that is provided  https://review.opendev.org/c/openstack/openstack-ansible/+/87328910:11
opendevreviewMerged openstack/openstack-ansible-os_neutron master: Fix typo in ansible_facts['pkg_mgr']  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/87468710:31
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron stable/zed: Fix typo in ansible_facts['pkg_mgr']  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/87474210:39
harunhey all, I am trying to install OpenStack, but I have an issue, the utility container can not access MySQL, so the database was not able to be created in os-keystone-install. Therefore, the installation failed. The problem is likely in haproxy because galera containers work very well.10:39
harunuser variables: (https://paste.openstack.org/show/bOQ5w0vVxEeimdqQqTi4/)10:39
harunopenstack user conf: (https://paste.openstack.org/show/bnb5EohXfUUYRpj8jyC1/)10:39
harunmysql error in utility container: (https://paste.openstack.org/show/bl6KSLEZLxgLB4Tlt177/)10:40
noonedeadpunkharun: hey there10:42
noonedeadpunkI think that issue you have is that haproxy don't have online backends for mariadb10:42
noonedeadpunkThat can be if haproxy trying to reach socket from IP that is not expected10:43
noonedeadpunkharun: what do you have as an output of `echo 'show stat' | nc -U /run/haproxy.stat | grep galera`?10:48
noonedeadpunkharun: you can also try to place that to user_variables `galera_monitoring_allowed_source: 10.13.15.0/20` and re-run galera-install.yml10:51
noonedeadpunkI do wonder why ppl having issues with our default though....10:55
harunthis is the output: https://paste.openstack.org/show/bB94s2w0uv9Fe0QMsmDA/10:55
haruni will add it and rerun 10:56
noonedeadpunkIt's actually interesting from which IP your haproxy is coming to galera then11:01
harunit worked thanks to `galera_monitoring_allowed_source: 10.13.15.0/20`. it is interesting. what is the cause of this problem?11:05
noonedeadpunkSo. By default we allow access only IPs that are set as `ansible_host` for galera containers and haproxy_hosts. So in case your SSH address != mgmt address or for some reason haproxy reach galera from some unexpected IP - access will be refused11:07
noonedeadpunkYou can some dummy debug playbook to print out result of these to see default https://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/galera_all.yml#L34-L3911:08
harunokey, thank you so much, should i add another config to the user variables?11:13
noonedeadpunkIt highly depends on results you want to get :D11:19
noonedeadpunkI would tried to find out what the problem with defaults though.11:19
noonedeadpunkBut maybe we have weird defaults after all..11:19
harunthank you, it is going very well for now, if I have a problem, I might need your help. 11:23
damiandabrowskii have a question: nova compute/metadata api service does not work without uwsgi because it doesn't have execstarts/execreloads defined. Is it a bug?11:36
damiandabrowskiHow about other services? do we guarantee that all of them can be deployed with and without uwsgi?11:37
noonedeadpunkWe have plenty of services that work only with uwsgi now. I'd say even majority of apis work only through uwsgi11:37
damiandabrowskiahh okok, thanks11:37
noonedeadpunkGlance and neutron are more exceptions as they just don't work through uwsgi11:37
damiandabrowskiis it our decision or some openstack limitation?11:38
admin1noonedeadpunk, if people have more than one IP in the same range ( br-mgmt) then this issue comes 11:38
damiandabrowski(that most services work only through uwsgi)11:38
admin1and people do have more than 1 ip for multiple reasons ..  base(ssh-ip), internal vip, external vip -- that is 3 already 11:38
noonedeadpunkdamiandabrowski: well, it was recommended not to run through native services11:39
noonedeadpunkthere were even discussions if it's worth keeping native services at all11:39
damiandabrowskiokok, thanks12:10
noonedeadpunkdamiandabrowski: btw I think we will replace uwsgi quite soon :D12:14
damiandabrowskiyeah...do you have this topic in schedule for today's TC meeting? :D 12:17
noonedeadpunkI don't think we do but I'm quite sure it will be raised12:26
spateljamesdenton i saw you are in speaker list for coming summit. Bravo!! 14:28
jamesdentonthanks!14:28
spatelI am pushing my company to send me there :) if i get budget then see you there14:28
jamesdentonhey, join the club :D14:30
spatelHope!!! i wish next summit happen in USA 14:30
spatelis DPU for pure storage stuff or overall packet performance using L2/L3 offloading on HW?14:32
jamesdentonWell, i think those are two popular use cases14:33
spatelGot it pretty much offloading all packet processing off the kernel. 14:33
jamesdentonbut the goal of my presentation was to focus on the use of a DPU w/ ironic - namely, the ability to abstract it away and offer the baremetal node to participate on geneve/vxlan networks and implement security14:34
noonedeadpunkoh, you're using DPUs.. Fancy stuff14:34
jamesdentonwell, let's agree on the term "using" :D14:35
spatelOh wait.. why geneve/vxlan in picture when we are talking about baremetal? 14:35
noonedeadpunkhehe14:35
spatelnoonedeadpunk are you coming? 14:35
noonedeadpunksummit? yeah14:35
spatelyes14:35
noonedeadpunkat least I do have ticket and costs approved14:36
spatelwow! good 14:36
jamesdentonspatel the ability for the DPU to manage the virtual networking via OVS/OVN and just give the node a "virtual" interface - but the DPU manages flows and interfaces with neutron14:36
noonedeadpunkI don't have visa yet though14:36
jamesdentonthis is/was based on previous work by Mellanox, but my sails may have been deflated recently and i need to dig deeper14:36
spatelYou will get it without issue.. don't worry :)14:36
spateljamesdenton are you going to show us some demo?14:37
jamesdentonhopefully14:37
*** lowercase_ is now known as lowercase14:37
spatelassuming you are using ConnectX®-6 Dx hw14:37
jamesdentonright now i'm dealing with this: https://bugs.launchpad.net/neutron/+bug/200716714:38
jamesdentonThis would be BlueField-214:38
spateljamesdenton I am new for ironic but as far as i know OVN use flow based DHCP correct? it doesn't have real dhcp server. 14:43
spatelBut ironic pxe required DHCP packet to kickstart and doesn't work with OVN flow based DHCP14:43
jamesdentonyes, that's true. and i think DHCP is OK but the NICs I've used so far don't see to like the tftp server string being handed out14:44
jamesdentonsecondly, the DHCP replies coming from OVN aren't sourced from the IP I would expect them to source from, which is causing ARP conflicts or no arp at all14:44
lowercasewhats the tftp string? i can validate it against our own config14:44
jamesdentonWell, if i compare OVN DHCP to DNSMASQ DHCP, the latter ends with a null character: ^@14:45
jamesdentonfor instance, "10.20.0.22" vs "10.20.0.22^@". The latter works. But, it may be NIC dependent. I am testing Mellanox NIC now14:46
lowercasemellanox nic's support ipxe nativly. you could try using that instead14:46
lowercaseinstead of offering via tftp, you could offer via http14:46
jamesdentoni think we're using tftp to bootstrap ipxe14:46
lowercaseah, the ole, pxe to ipxe. we do that with some older nics14:47
admin1jamesdenton, any books this year ? 14:59
jamesdentoni'm lucky if i can read a book these days15:00
admin1:) 15:00
noonedeadpunkYou're lucky indeed - haven't time for any good reading in last coule of years for sure...15:55
admin1i subscribed to packtpub .. so i do read  but only enough for me to get the task done 16:11
admin1too many stuffs 16:11
admin1any k8s experts among us ? i am not finding good docs on how to use the octavia lb on k8s created by magnum ..    magnum works fine, k8s is deployed .. all looks good ..except when it comes to the ingress part 16:13
admin1also wanted to try osa + trove 16:13
noonedeadpunkMagnum should work just out of the box with octavia...16:17
noonedeadpunkAs basically it leverages heat to create LB16:17
noonedeadpunkor well, maybe I'm talking about having multiple masters that uses octavia16:18
admin1k8s is deployed just fine by magnum and it also deployes 2 LB using octavia   for its api and etcd enpoint .. the issue is when i want to use the ingress directly 16:37
admin1it starts to create, but just get stuck without anything in the logs 16:37
noonedeadpunkah, no idea about that, sorry16:46
spateladmin1 i did that in past, i believe you have to create deployment.yml which use octavia LB for you application17:14
admin1spatel, got docs/notes for it anywhere ? 19:24
spatelI did for POC but didn't make any notes.. i will see if any notes.. 19:25
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-haproxy_server master: Prepare haproxy role for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87118821:00
opendevreviewMerged openstack/openstack-ansible stable/zed: Install curl by defining binary that is provided  https://review.opendev.org/c/openstack/openstack-ansible/+/87328821:04
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible master: Define some temporary vars for haproxy  https://review.opendev.org/c/openstack/openstack-ansible/+/87232821:06
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible master: Prepare service roles for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible/+/87118921:06
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible master: Prepare service roles for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible/+/87118921:07
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_nova master: Add TLS support to nova API backends  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/87481021:17
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_neutron master: Add TLS support to neutron_server backends  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/87365421:22
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_glance master: Add TLS support to glance backends  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/82101121:24
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible master: Do not use openstack.osa.linear strategy plugin  https://review.opendev.org/c/openstack/openstack-ansible/+/87448221:39
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-plugins master: Do not use openstack.osa.linear strategy plugin  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/87442521:43
« Tuesday, 2023-02-21 Index Thursday, 2023-02-23 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!