Monday, 2023-03-06

« Sunday, 2023-03-05 Index Tuesday, 2023-03-07 »
noonedeadpunkmornings08:24
jrossergood morning09:09
jrossernoonedeadpunk: seems we will really struggle for code review for a couple of weeks09:27
noonedeadpunkyeah and damiandabrowski is now on vacation as well...09:28
noonedeadpunkI will ping EST based folks in the evening09:28
jrosseri was also wondering why i can't set the topic on this https://review.opendev.org/c/openstack/ansible-role-pki/+/87575709:29
noonedeadpunkI can...09:33
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_ironic master: Update ironic documentation  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/86754709:48
noonedeadpunkjrosser: is that ready or still WIP ^ ?10:17
jrossertheres one outstanding comment which i can't address until weds when other-Jonathan is working10:18
jrosserare we completely blocked by https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/876436 ?10:31
noonedeadpunkyup, we are10:33
opendevreviewJonathan Rosser proposed openstack/ansible-role-pki master: Allow to provide custom handler names  https://review.opendev.org/c/openstack/ansible-role-pki/+/87575711:46
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Allow default_backend to be specified  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87615711:57
jrosserdo we still need this at all? it looks like the changes to the haproxy role make it deal with old and new formats https://review.opendev.org/c/openstack/openstack-ansible/+/872328/412:03
noonedeadpunknot sure to be frank12:25
noonedeadpunkWhat I was thinkning about what made these not mappings but just strings.... https://opendev.org/openstack/openstack-ansible-plugins/src/branch/master/roles/service_setup/tasks/main.yml#L21-L5012:30
noonedeadpunks/what/when12:33
ElnazHi12:34
Elnazhttps://opendev.org/openstack/openstack-ansible-ops/src/branch/master/elk_metrics_7x12:34
noonedeadpunkAlso `is defined` is awful condition :(12:35
* noonedeadpunk trying to reuse role for spawning users/projects/roles in an automated manner12:35
ElnazKibana names, `infra0X`, that are used in /etc/openstack_deploy/conf.d/elk.yml, have conflict with controller's names.12:39
noonedeadpunkElnaz: Um, sorry, not really understanding that12:40
noonedeadpunkYou can name nodes in conf.d as you want - it's not constrained in any way12:41
jrosserElnaz: what that is saying is that you can use the infra nodes *if you want to*, to host parts of the ELK stack12:51
jrosserbut it is entirely up to you if you do that, or make it on different hosts12:51
jrosseri think that for this you need to 1) come up with the design you want 2) then use the playbooks to deploy that12:51
jrosseryou won't get anything really more than a proof of concept architecture from the host layout in the ops repo12:52
ElnazI used infras, but it gave an error. Now I will do a test again, maybe I was not careful.12:56
Elnazjrosser: What do you mean by "no more than a proof of concept"? Isn't it recommended for Production?12:58
jrosserElnaz: i have a pretty large deployment of ELK using that repo, so yes it's fine12:58
jrosserbut in general, you will need to have pretty good understanding of the ELK stack and how the openstack-ansible inventory works to make good use of it12:59
jrosserbut if you get errors, paste them here if it is helpful12:59
jrosserfor example, 3 ELK data nodes that also do all the other ELK node roles co-located on your controller might not be "recommended for production"13:00
jrosserthat doesnt mean that the code isn't OK - you need to have a good architecture for how you're going to build it "for production"13:01
jrosserfor a test lab to see how it works the suggestion to use infra0X is fine13:01
mgariepyhuh.. https://social.treehouse.systems/@psykose/10996746065088549313:13
noonedeadpunkI wonder why in the world you would do such comments...13:14
noonedeadpunkBUt yeah, I see frustration why sudoers don't work as expected :D13:14
mgariepylol.13:14
noonedeadpunk(while debugging this extra space)13:15
mgariepyit's just bad decision in the design i guess ;)13:15
noonedeadpunkBut still granting based on uids.... huh13:15
mgariepyyep.13:15
mgariepywhat type of farm were you thinking of ?13:16
noonedeadpunkhehe13:16
mgariepylol13:16
noonedeadpunkDefenitely not in Croatia - there's a shortage of farming land, too warm and not enough rains or water13:16
noonedeadpunkSo it's really tricky to have farm here unless you want to open a winery :D13:17
noonedeadpunkAnd farm grapes13:17
noonedeadpunkOr olives13:17
noonedeadpunkmgariepy: do you have couple of mins for reviews? we need to land rabbit bumps https://review.opendev.org/q/project:openstack/openstack-ansible-rabbitmq_server+status:open13:18
noonedeadpunkat very least :)13:18
mgariepyyep13:18
opendevreviewSebastian Gumprich proposed openstack/openstack-ansible-galera_server master: fix indentation for condition  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/87627613:23
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Prepare main repo for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible/+/87118913:32
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Prepare haproxy role for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87577913:51
jrosserwhat am i doing wrong here with the zuul error https://review.opendev.org/c/openstack/openstack-ansible/+/871189/2315:04
opendevreviewMerged openstack/openstack-ansible-rabbitmq_server stable/yoga: Update rabbitmq to 3.10.7  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/87639815:05
opendevreviewMerged openstack/openstack-ansible-rabbitmq_server master: Update erlang to 25.2.3 and rabbit to 3.11.10  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/87643615:05
opendevreviewMerged openstack/openstack-ansible-rabbitmq_server stable/xena: Update rabbitmq to 3.9.28  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/87578215:05
mgariepydoesn't it needs to have the depends merged first ?15:07
noonedeadpunkjrosser: have no idea....15:12
noonedeadpunkLike it seems zuul under impression that https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/871188/13 is in merge conflict, but it's not...15:12
jrossermgariepy: it should at least run the tests i figure15:13
jrossermaybe more of this cross-the-queues thing i wonder15:13
noonedeadpunkand it does depends on that one as well...15:13
noonedeadpunkNah, I don't think it's related to queues15:13
jrosserit would be nice if it dumped some kind of graph to show where it thought the error was15:13
noonedeadpunkjrosser: wait a second15:14
noonedeadpunkah damn, I 've copypasted wrong id15:15
jrosseri feel like i have done something stupid here but i cant see it15:15
noonedeadpunkI'm not sure you did... Or well, I don't see anything either15:28
noonedeadpunkAnd it used to work nicely...15:28
noonedeadpunkMaybe some depends-on somewhere else on conflicting patch...15:28
jrossermaybe i make some noop update to the conflicting one and it might flush it out15:47
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Simplify haproxy_service_configs structure  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87118815:48
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Prepare haproxy role for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87577915:49
jrosseroh well it's probably this isnt it https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87615715:52
jrosserthats also touching templates/service.j2 which is totally rewritten in the other patch15:53
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Simplify haproxy_service_configs structure  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87118816:02
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Prepare haproxy role for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87577916:02
spatelis freezer openstack still active project?16:55
noonedeadpunkI won't call it active....17:01
noonedeadpunkBut it still meets all criterias and does releases...17:02
prometheanfirejamesdenton: when setting up the LB with OVN, do you know how I can look up where it should be sending arps from? (I guess this is what host the neutron port lives on)17:37
jamesdentonit might depend on what network the VIP comes from17:48
jamesdentonbut TBH I am not sure17:49
jamesdentoni bet #openstack-neutron could help 17:49
prometheanfireack17:51
jamesdentontoo much context switching at the moment :|17:52
jrosseryou could also post to the ML with [neutron]17:53
Elnazjrosser: > 3 ELK data nodes that also do all the other ELK node roles co-located on your controller might not be "recommended..."18:19
ElnazAt present I'm useing 3 separate logging servers and 3 seperate Kibana servers that is default setting in /nv.d/elk.conf 18:19
jrosserElnaz: you mean that there a 3 physical servers for elasticsearch and 3 physical servers for kibana, or you make 3 LXC containers for each on the infra0X nodes?18:21
jrosserElnaz: is there something specific you're trying to find out here?18:22
Elnaz3 VMs for elastic and 3 VMs for Kibana; nothing is added to Physical infra servers18:22
jrosserright, but you host 3 extra LXC containers for elasticsearch and kibana on the infra nodes18:23
jrosserthat might be OK :) trouble is you need to know what you want to achieve18:23
ElnazNo, I just need to have an ELK stack; (I know there are other solutions as in elk-ansible or docker solution)18:24
jrosserElnaz: sorry i keep trying to answer but now i'm really not sure what the question is18:26
ElnazWhich of the various elk deploy solutions leads to a better result in terms of simpler maintenance and greater integration?18:27
jrosseri have no idea i'm sorry - i use and have contributed to the one in the openstack-ansible-ops repo.... pretty much means i've not used the others18:28
ElnazAnd if the OSA tool itself does proper deployment, what is the default (the structure I mentioned above) is enough to start? I will continue to read about ELK to achieve to an enhanced arch18:29
ElnazI see, thanks.18:29
jrosseryou can easily do a lab deployment with the instructions in the openstack-ansible-ops repo18:29
jrosserbut if you want to scale up your elk stack data nodes to get sufficient throughput for a large cloud or something, then that is a different matter18:30
jrosserbut the same playbooks can do either18:30
ElnazI'll consider your tip. The deployment on lab is in progress (:18:31
jrosserok, then just follow the ops repo18:31
jrosserexactly the same would be true for Ceph for example18:31
jrosserlab or small cloud use the ceph deployment that is integrated in openstack-ansible18:32
jrosserbut if you want to scale up or separate the concerns / failure domain then you'll need to customise18:32
jrosserOpenstack-Ansible is a toolkit that lets you build whatever you like, it is not expected that the default deployment will cover all use cases18:32
ElnazYou definitely head up not to deploy Ceph for production (in case of even a small cloud)18:34
Elnazhttps://docs.openstack.org/openstack-ansible/zed/user/ceph/full-deploy.html: "Warning!  Deploying ceph cluster as part of openstack-ansible is not recommended since"18:34
ElnazI understand. I need to get to know him more.18:36
Elnazbut, why the OSA installs ClamAV antivirus on nodes: `TASK [ansible-hardening : Check if ClamAV update process is already running]`? As I know, Linux does not need to any antivirus at all?18:37
Elnaz(https://help.ubuntu.com/stable/ubuntu-help/net-antivirus.html.en)18:38
jrosserElnaz: are you sure it installs it?18:41
Elnaz`TASK [ansible-hardening : Check if ClamAV is installed]`, If it's installed! meaningful.18:48
mgariepyElnaz, https://github.com/openstack/ansible-hardening/blob/master/defaults/main.yml#L249-L25018:52
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Deploy step-ca when 'stepca' is part of the deployment scenario.  https://review.opendev.org/c/openstack/openstack-ansible/+/87663720:46
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Add a /etc/hosts entry for the external IP of an AIO  https://review.opendev.org/c/openstack/openstack-ansible/+/87663820:46
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Use certbot to generate SSL cert for the external VIP in 'stepca' scenario  https://review.opendev.org/c/openstack/openstack-ansible/+/87663920:46
Elnazmgariepy: 21:41
ElnazThanks21:41
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Deploy step-ca when 'stepca' is part of the deployment scenario.  https://review.opendev.org/c/openstack/openstack-ansible/+/87663721:57
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Add a /etc/hosts entry for the external IP of an AIO  https://review.opendev.org/c/openstack/openstack-ansible/+/87663821:57
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Use certbot to generate SSL cert for the external VIP in 'stepca' scenario  https://review.opendev.org/c/openstack/openstack-ansible/+/87663921:58
« Sunday, 2023-03-05 Index Tuesday, 2023-03-07 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!