Tuesday, 2023-03-07

« Monday, 2023-03-06 Index Wednesday, 2023-03-08 »
jrossermorning08:32
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Deploy step-ca when 'stepca' is part of the deployment scenario.  https://review.opendev.org/c/openstack/openstack-ansible/+/87663708:41
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Add a /etc/hosts entry for the external IP of an AIO  https://review.opendev.org/c/openstack/openstack-ansible/+/87663808:41
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Use certbot to generate SSL cert for the external VIP in 'stepca' scenario  https://review.opendev.org/c/openstack/openstack-ansible/+/87669308:41
noonedeadpunko/09:09
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Do not use 'always' tag in inappropriate places  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/87597109:10
noonedeadpunkthese patches are interesting...09:11
noonedeadpunkI thought we'd need integration with pki role for smth like that?09:11
jrossernoonedeadpunk: well - these patches just test the external VIP getting a cert with the haproxy acme/LE code09:13
noonedeadpunkaha09:13
jrosserand the step-ca installation is there in place of using actual LE endpoint09:13
jrosseri think i'm particularly interested in what you think of 87663809:14
jrosserthis is all a bit "first attempt" btw so if you can see any improvements then we can do that09:14
noonedeadpunkWell. I can recall having ipv6 only providers for opendev CI09:15
noonedeadpunkSo default_ipv4 might not be a thing09:15
noonedeadpunkI'm not sure if they're still present, but smth to take into consideration09:15
jrosserthats just totally copy/pasted from the way `external_lb_vip_address` is defined09:17
jrosserhttps://opendev.org/openstack/openstack-ansible/src/branch/master/etc/openstack_deploy/openstack_user_config.yml.aio#L3709:18
noonedeadpunkoh, huh09:31
jrosseri need to think about that a bit more09:43
jrosserwe need to support the old way with with an IP, also `external.openstack.local` for testing ACME as certbot refuses to issue for an IP, and also you might have a legitimate `aio.example.org` proper DNS entry that you want to use09:45
noonedeadpunkwell. same would apply for internal then09:46
noonedeadpunkand we don't have anything to cover it anyway.09:46
noonedeadpunkSo I won't relate legit FQDN for aio with test of step-ca - these are different things we should address09:47
jrosserit affects how the variables are set up i think09:47
jrosserneed the right point to be able to override your own FQDN and i think i've not allowed that right now in these patches09:48
jrosserbut not sure tbh09:48
jrosserstill concerned about horizon and the new haproxy setup tbh which is why i started this09:49
jrosserdefault_backend: 'horizon' -> this fails if the horizon backend is not defined09:49
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server stable/wallaby: Bump erlang versions  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/87670809:52
noonedeadpunkYeah, I'd need to update things with your findings to pass only specific variables to haproxy rather then adding it to group09:53
noonedeadpunkI'm just trying to finilize role for generic resource creation, that everyone said is quite easy and useless to have in plugins... But I've already spent a day and it covers only half of what's needed...09:54
noonedeadpunkBut I think since TripleO is deprecated, we can now easily drop crap out of tempest role :D09:56
jrosseroh yes i also thought of that09:56
jrosseri am also looking at what to do about compute.example.com / dashboard.example.com approach for haproxy09:57
jrosserbecause even though it seems like more complexity, actually i think an implementation that supports that will bring further simplification to the work damiandabrowski has done already09:57
jrosserin particular for this tricky horizon case09:57
jrosseri will try to do something that moves the ACL definitions we currently have on the haproxy frontend out to a map file rather than have them directly in the config09:59
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_tempest master: Remove tripleo CI jobs  https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/87671110:06
LosraioHello13:04
LosraioAre you seeing this?13:04
mgariepyLosraio, yes..13:06
LosraioGreat13:06
LosraioI would like some help regarding my openstack-ansible deployment13:07
LosraioWhen I try to run the setup-hosts.yml I get the following error:13:09
Losraio[WARNING]: Unable to parse /etc/openstack_deploy/inventory.ini as an inventory source13:09
LosraioWhich is a problem because at some point later during the run I get this error:13:09
LosraioTASK [lxc_container_create : Gather container facts] ******************************************************************* [WARNING]: Unhandled error in Python interpreter discovery for host hua-openstack-controller_glance_container-42a67e6c: Failed to connect to the host via ssh: ssh: Could not resolve hostname inventory_hostname: Temporary failure in name resolution [WARNING]: Unhandled error in Python interpreter discovery for host hua-opensta13:09
LosraioAnd it prints for each container13:09
noonedeadpunkLosraio: inventory.ini is red herring, you can ignore that as it should not affect deployment anyhow13:12
noonedeadpunkAlso for pastes we use https://paste.openstack.org/ as it gets trimmed13:12
Losraiooh13:13
noonedeadpunkBut I assume you've posted paste in a bug report yestarday?13:13
LosraioYes13:13
LosraioLet me paste it again13:13
Losraiohttps://paste.openstack.org/show/bB83GCum5mN0thj8aLvr/13:13
LosraioFYI, the deployment host is also the the controller node of the whole deployment13:14
noonedeadpunkEventually pasting your configuration would be helpful here13:14
LosraioSure13:15
noonedeadpunkYeah, deployment host == controller should not cause any troubles13:15
LosraioHere you go:13:16
Losraiohttps://paste.openstack.org/show/b2XcmStbbD3STqes1uoW/13:16
noonedeadpunkSo first thing - internal_lb_vip_address and external_lb_vip_address can not be exact same. They can be from the same network, but different13:17
LosraioAlright13:17
LosraioLet me change that real quick13:18
noonedeadpunkBut it's not that causes this failure13:18
noonedeadpunk*the issue13:18
LosraioI see...13:18
opendevreviewMerged openstack/openstack-ansible-galera_server stable/yoga: Allow maridbcheck socket to FreeBind  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/87473313:18
noonedeadpunkIt will fail in setup-infrastructure with that )13:19
LosraioOK13:20
LosraioFixed13:20
LosraioWhat else could be the culprit then13:20
jrosseri wonder if there is a limit on hostname length being exceeded somewhere13:23
jrosserLosraio: does the contents of /etc/hosts look sensible for those hostnames you have, like `hua-openstack-controller_memcached_container-13:25
jrosserab2ed959`13:25
LosraioYeah13:26
LosraioHere's another paste of it13:26
Losraiohttps://paste.openstack.org/show/bqJGBCkG02oemhjWaYZR/13:27
jrosseroh well there we are! see all the 'None' in there13:27
LosraioAha13:28
noonedeadpunkjrosser: eventually we should verify length with dynamic_inventory script13:28
jrosseriirc there is some comment in the code about length13:28
LosraioShould I perhaps delete the openstack entries from the hosts file?13:29
LosraioAnd trying to run the deployment again?13:29
noonedeadpunkLosraio: do you have bridges created on the host?13:29
LosraioLet me check13:29
noonedeadpunkAs there should be br-mgmt at very least with IP on it13:29
LosraioI only have an lxcbr0 bridge13:29
noonedeadpunkOk, that's the issue13:30
LosraioBut I thought these bridges were created automatically?13:30
opendevreviewMerged openstack/openstack-ansible-os_nova stable/yoga: Add authentication for [cinder] section of nova.conf  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/87357013:30
noonedeadpunkSo until very lately on master we don't manage network configuration and don't have option to do that with osa13:30
noonedeadpunkSo we leave net config to deployers13:30
LosraioRight13:30
noonedeadpunkI'm not even sure if it was merged on master or not13:31
noonedeadpunkThe only thing that is managed is lxcbr0 but it can be disabled as well13:31
jrosseralso i think that having all `cidr_networks` be the same CIDR is not going to end well13:31
jrosseri can't say how, but multi-homing several interfaces in the same subnet usually avoided13:32
noonedeadpunkYeah, if you're going to use same interface for storage/mgmt/tenent - you can do that but then you'll need to drop these extra interfaces and cidrs13:32
LosraioYes, I know that its suboptimal but I'm just testing right now13:32
jrosserLosraio: have you tried an all-on-one deployment?13:33
noonedeadpunkas it can live just fine with just br-mgmt13:33
LosraioYes I have. It works but I need a multi-node deployment13:33
noonedeadpunkYeah, that's where impression about interfaces come from :D13:33
noonedeadpunkAs in AIO we indeed create them for quite some tome13:33
noonedeadpunk*time13:33
LosraioOh13:33
jrosserthere is an advantage to keeping the setup kind of similar between the AIO and your multinode13:33
LosraioI see13:34
jrosserthen you can compare one vs. the other when something is broken13:34
LosraioSo, I should setup the bridges according the deployment guide?13:34
noonedeadpunkyeah13:34
jrosserLosraio: https://docs.openstack.org/project-deploy-guide/openstack-ansible/latest/targethosts.html13:34
LosraioAnd just attach them to my NIC13:34
noonedeadpunkYou can have only 1 bridge as well if you want13:34
noonedeadpunkEventually you can have pretty much any setup you want, guides describe jsut most common options13:35
LosraioBut the documentation says otherwise13:35
LosraioI thought these bridges were mandatory13:35
jrosserthe documentation describes a set of "sensible defaults"13:35
jrosserbut you can make pretty much any valid deployment that you like13:35
LosraioI see13:36
jrosseropenstack-ansible is not a tool that has "only one way" - everything is customisable, but that means there is not "one right answer"13:36
noonedeadpunkFor example - you might want to deploy on bare metal without lxc at all - then you don't need any bridges at all13:36
jrosserthe sensible defaults described in the documentation are a great starting point for something that will cover 95% of use cases13:37
LosraioYeah I was looking for the option to deploy osa on bare metal without containers13:38
LosraioBut I couldn't find it13:38
jrosserhttps://docs.openstack.org/openstack-ansible/latest/reference/inventory/configure-inventory.html#deploying-directly-on-hosts13:39
jrosseragain depending on your use case that might, or might not be what you want to do13:39
jrosserpros/cons with all of these things13:39
LosraioYes I know, I just want to set it up without containers for the sake of simplicity13:40
jrosserright - sure13:40
LosraioI will give it a shot13:41
jrosseryou can look at simplicity multiple ways too, so without containers you have less things involved13:41
jrosserbut then you might say "how to a completely delete / reprovision the galera database on one infra node"13:41
jrosserthats very easy with containers, less so without13:41
LosraioSo without containers, I don't need to declare networks in the user_config.yml?13:41
jrosserso it's not always a simple judgement13:42
noonedeadpunkI think you can define `no_containers` just in global_overrides?13:42
LosraioI didn't see such option13:43
jrosserlike this https://github.com/openstack/openstack-ansible/blob/17a37653e69282112eccc8416112f1253d7cf3d2/etc/openstack_deploy/openstack_user_config.yml.aio.j2#L4613:43
noonedeadpunkso your openstack_user_config for bare metal may look like that: https://paste.openstack.org/show/byPvye0l04ZeNzWeYfk8/13:44
LosraioRight13:44
noonedeadpunkYou can fully skip defining provider_networks, but then you need to define neutron_provider_networks in user_variables, which is way more clear IMO https://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/defaults/main.yml#L386-L39713:46
LosraioLet's see how that goes13:46
noonedeadpunkJust don't forget to drop /etc/openstack_deploy/openstack_inventory.json if you're switching to bare metal from containers13:46
noonedeadpunkBut don't drop it if containers are already created13:47
LosraioWell, now that I have messed up so much I might as well clean install Ubuntu on my VMs and try a bare metal deployment13:47
noonedeadpunk:D13:47
LosraioxD13:47
noonedeadpunkI don't think you've messed to much13:48
noonedeadpunk /etc/hosts will be cleaned if you run setup-hosts.yml playbook13:48
noonedeadpunkAs it's dynamicaly generated based on the inventory13:48
LosraioNow I'm running the bare metal deployment config that you recommened13:49
Losraiolet's see how long it will take until it crashes13:49
LosraioHuh13:52
LosraioNope, it didn't work14:06
LosraioOh well, I will definitely reset these Vms14:06
LosraioCould someone please paste the page where the bare metal option is described because I can't find it?14:07
jrosserLosraio: https://docs.openstack.org/openstack-ansible/latest/reference/inventory/configure-inventory.html#deploying-directly-on-hosts14:13
LosraioThanks a lot14:13
jrosserkind of a good example of when there is not "one right answer"14:14
jrosser`no_containers` is an ansible variable, and you can apply that to one host, or the whole deployment depending what you want to happen14:15
jrosserthat doc shows applying it at the level of a host or a component on a host14:15
jrosserbut equally you can put it in `global_overrides` of your `openstack_user_config.yml` to apply to the whole deployment14:16
LosraioI see14:20
LosraioSo, if I do that then I don't need to declare a network in that file?14:20
noonedeadpunkYes14:27
LosraioHmm, I see14:30
LosraioIt seems like I have to do a lot more reading14:31
LosraioThank you both so much though14:31
noonedeadpunkno worries14:38
opendevreviewMerged openstack/ansible-role-python_venv_build stable/yoga: Drop empty elements from constraint/requirement files  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/87473514:40
noonedeadpunk#startmeeting openstack_ansible_meeting15:00
opendevmeetMeeting started Tue Mar  7 15:00:19 2023 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'openstack_ansible_meeting'15:00
noonedeadpunk#topic rollcall15:00
noonedeadpunko/15:00
ebbexo/15:02
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server stable/xena: Restore integrated jobs  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/87674815:03
noonedeadpunk#topic office hours15:04
noonedeadpunkWe don't have any new reported bugs for discussion15:04
NeilHanlono/ heyo15:04
noonedeadpunkBut we're having broken stables branches due to rabbit and changes to the neutron tempest plugin 15:05
noonedeadpunkAlso this becomes harder to sort out due to upgrade jobs that require to fix prior branches as well15:05
noonedeadpunkSo we can't merge Xena fix due to Wallaby that is currently under EM15:05
noonedeadpunkI'm going to push changes to W now, but I assume that prior ones are also broken.15:06
ebbexprobably15:06
noonedeadpunkWith that I do have a proposal to remove upgrade jobs from releases that are already on EM15:06
noonedeadpunkWhich would mean we should stop testing from Wallaby to Xena and all prior ones as of today15:07
noonedeadpunkAs EM basically means community support, so it should not blocking actively supported ones from my perspective15:08
ebbexYep, is victoria in em aswell?15:08
noonedeadpunkYep15:08
noonedeadpunkV, U, W....15:09
ebbexah, then disable upgrade-jobs from EM seems fair15:09
noonedeadpunklol, sorry, U, V, W ofc15:10
noonedeadpunkbut you got the gist :)15:10
ebbexyup15:10
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Add support for haproxy map files  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87674915:11
noonedeadpunkAt the same time I will try to fix what is possible to fix with little blood15:11
jrossero/ hello15:11
noonedeadpunkNext thing - we should pick up time for the PTG. 15:14
noonedeadpunkI wonder how much time we need. As it feels we have plenty of things going on, but not sure if we have much to discuss on them rather then keep working on implementation15:15
jrossergetting these haproxy changed landed is enough maybe15:15
noonedeadpunkWell. How about breaking smth last minute? :D15:16
noonedeadpunkBut eventually I'm also thinking about covering systemd bug when services are not restarted15:17
noonedeadpunkAnd new mariadb LTS15:17
noonedeadpunkAnd quorum queues....15:17
noonedeadpunkBut I'm fine cutting smth out15:18
noonedeadpunkSo maybe we should be fine withing 3 hours? Alss it seems there's no operator hours this year15:19
noonedeadpunkSo I'm thinking 15-17 UTC?15:20
jrosserfeels like none of the things you list are totally unknown15:21
jrosserso thats good15:21
noonedeadpunkWe have quite uknown which is modular libvirt...15:22
noonedeadpunkBut things seems to be working as of today, so maybe there's no rush...15:22
noonedeadpunkAh, lol, and PKI to use pipes. But realistically - there's no time for that15:23
jrossertbh i am the most concerned about the haproxy changes15:24
jrosserand not making a huge mess15:24
noonedeadpunk++15:24
jrosseri would like to merge the stepca stuff soon so we have some coverage in CI for all certbot stuff15:24
jrosserand then 876749 is the starting point for a bunch more tidyness15:25
noonedeadpunkOk, improving coverage is always good thing to do15:27
noonedeadpunkSo, should we vote on vPTG time ? :)15:28
noonedeadpunkMarch 28, 15-17 UTC?15:29
noonedeadpunkor any alternative proposals?15:29
jrosserthats ok for me15:29
ebbexsame15:30
noonedeadpunkok, great15:30
noonedeadpunkI'll try to invest some more time into haproxy stuff later this week or early next one15:31
noonedeadpunkWe're also in shortage of reviewers right now, so all cores are welcome to do some15:32
noonedeadpunk#link http://bit.ly/osa-review-board-v4_115:33
Elnazrunning `ansible-playbook site.yml $USER_VARS`, It encounters with these errors:15:43
Elnaz`ansible.errors.AnsibleUndefinedVariable: 'ansible_memtotal_mb' is undefined`15:43
Elnaz`ansible.errors.AnsibleUndefinedVariable: {{ (((ansible_memtotal_mb | int) * 0.35) // 1) | int }}: 'ansible_memtotal_mb' is undefined`15:44
Elnazthat seems something has not been loaded!15:44
jrosserElnaz: that might mean that facts have not been gathered15:47
noonedeadpunk#endmeeting15:49
opendevmeetMeeting ended Tue Mar  7 15:49:31 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:49
opendevmeetMinutes:        https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-03-07-15.00.html15:49
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-03-07-15.00.txt15:49
opendevmeetLog:            https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-03-07-15.00.log.html15:49
Elnaz(I was disconnected for seconds)15:54
ElnazI'm running it as described in the README file:15:54
Elnaz`cd /opt/openstack-ansible-ops/elk_metrics_7x`15:54
Elnaz`ansible-playbook site.yml $USER_VARS`15:55
Elnaz"If required add `-e@/opt/openstack-ansible/inventory/group_vars/all/all.yml`"15:55
Elnazjrosser: Am I missing something?15:55
Elnazfull log: https://paste.ubuntu.ir/xgsre15:58
ElnazAre the conversations here on IRC logged somewhere?15:59
noonedeadpunkElnaz: they are - https://meetings.opendev.org/irclogs/%23openstack-ansible/16:00
ElnazGreat16:01
jrosserthe error is "ansible_memtotal_mb"16:03
jrosseris undefined16:03
jrosserand thats probably because of "Refresh minimal facts"16:04
jrosser^ not including that16:04
jrosserElnaz: can you edit this line https://opendev.org/openstack/openstack-ansible-ops/src/branch/master/elk_metrics_7x/roles/elastic_data_hosts/tasks/main.yml#L1816:06
jrosserand add "hardware" to that list16:06
jrosserand try again16:06
Elnazyes16:14
ElnazPassed:16:18
Elnaz`TASK [elasticsearch : Drop jvm conf file(s)] ***********************************` 16:18
Elnaz`changed: [logging1_elastic-logstash_container-8c1f4468] => (item={'src': 'jvm.options.j2', 'dest': '/etc/elasticsearch/jvm.options'})`16:18
Elnazjrosser: ^16:19
jrosserElnaz: would you like to make a patch to fix that?16:20
ElnazDo you mean like sending a PR on GitHub?16:23
Elnazjrosser: It's odd! I can't find any login button in https://opendev.org/16:27
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Add releasenote for ANSIBLE_INJECT_FACT_VARS defaulting to false  https://review.opendev.org/c/openstack/openstack-ansible/+/87676416:28
jrosserElnaz: it's a bit like github, but also a bit different - there is documentation here https://docs.openstack.org/contributors/code-and-documentation/quick-start.html16:29
noonedeadpunkElnaz: but in short login button is here https://review.opendev.org/16:36
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Use certbot to generate SSL cert for the external VIP in 'stepca' scenario  https://review.opendev.org/c/openstack/openstack-ansible/+/87663916:36
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Deploy step-ca when 'stepca' is part of the deployment scenario.  https://review.opendev.org/c/openstack/openstack-ansible/+/87663716:59
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Add a /etc/hosts entry for the external IP of an AIO  https://review.opendev.org/c/openstack/openstack-ansible/+/87663816:59
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Use certbot to generate SSL cert for the external VIP in 'stepca' scenario  https://review.opendev.org/c/openstack/openstack-ansible/+/87663916:59
opendevreviewJonathan Rosser proposed openstack/openstack-ansible stable/zed: Fix comment typo in nova install playbook  https://review.opendev.org/c/openstack/openstack-ansible/+/87667817:08
opendevreviewJonathan Rosser proposed openstack/openstack-ansible stable/yoga: Fix comment typo in nova install playbook  https://review.opendev.org/c/openstack/openstack-ansible/+/87667917:08
opendevreviewJonathan Rosser proposed openstack/openstack-ansible stable/xena: Fix comment typo in nova install playbook  https://review.opendev.org/c/openstack/openstack-ansible/+/87668017:08
jrossernoonedeadpunk: have you done "add compute node" recently - like this https://docs.openstack.org/openstack-ansible/latest/admin/scale-environment.html#add-a-compute-host17:09
noonedeadpunkNope, but I'm right now re-orginizing our internal stuff to make use of it17:09
jrossergetting a bit of this https://paste.opendev.org/show/bqFfHPztJ5CrA3oFD6Ql/17:10
noonedeadpunkhm. Is `ansible_local` smth potentially related to us disabling everything except ansible_facts?17:12
noonedeadpunkNot sure if we merged that or no...17:12
jrosserthis is on Z17:14
noonedeadpunkSo I assume it's failing somewhere here? https://opendev.org/openstack/openstack-ansible/src/branch/master/playbooks/os-nova-install.yml#L52-L5617:17
jrosseryeah right there17:17
jrosseri find that code quite obscure17:18
noonedeadpunkIt hasn't changed for ages17:18
noonedeadpunkAnd we leverage it to proceed with migrations iirc17:19
noonedeadpunkSo I assume by that time we should have facts for `groups['nova_all']`17:20
Elnazjrosser: I created an account but It takes me a while to get familiar with this system. If possible, please edit it yourself this time.17:20
noonedeadpunkObviously, that new compute should not have that.... 17:20
jrosserwhat i'm surprised by is that ansible_local appears in the facts cache for the new compute node17:20
jrossernot for localhost17:20
noonedeadpunkand compute1a01 is exactly the new compute?17:20
jrosserso i think i misunderstand how this is supposed to work17:20
jrosseryes thats right17:21
jrosseroh17:21
jrosserso it delegates to `localhost` but accesses the hostvars of everything else from there17:21
jrosseri wonder if there is an interaction with --limit here17:23
noonedeadpunkeventually, I've checked what our ops are doing, and they're doing exactly the same17:23
jrosserregarding implicit localhost17:23
noonedeadpunkbut we're still on X17:23
noonedeadpunkopenstack-ansible playbooks/setup-hosts.yml --limit "localhost,$limit_hosts" && openstack-ansible playbooks/setup-openstack.yml --limit "localhost,$limit_hosts"17:24
opendevreviewMerged openstack/ansible-role-systemd_service master: Fix tags usage for included tasks  https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/87632117:25
noonedeadpunkSo I might assume smth has changed in the meanwhile17:26
noonedeadpunkwith ansible-core versions. But I'm not sure why it's not happy, as we have both localhost and compute in play. And that works without limits...17:26
noonedeadpunk(I assume)17:27
jrosserok, will dig some more17:27
noonedeadpunkUnless... It tires to resolve that for everything that is not part of limit17:28
noonedeadpunkAnd fail there....17:28
jrosserwe've not done this for a very long time, like just add one host17:28
jrosserright `Implicit localhost does not appear in the hostvars magic variable unless demanded, such as by "{{ hostvars['localhost'] }}"`17:28
jrosseraccording to https://docs.ansible.com/ansible/latest/inventory/implicit_localhost.html17:28
noonedeadpunkWe did added couple of computes like that week ago or so, but again on X17:28
noonedeadpunkYes, but we're checking not localhost hostvars17:29
noonedeadpunkBut we're trying to fetch hostvars from each member of groups['nova_all']17:29
noonedeadpunkI wonder if refreshing facts for nova_all will just help...17:29
noonedeadpunkAs this reffer to `/etc/ansible/facts.d/openstack_ansible.fact` content on computes17:31
noonedeadpunkor well, everywhere17:31
jrosseryeah17:31
noonedeadpunkOh, huh, so by this time every compute should have that17:31
jrosserit does :)17:31
noonedeadpunkeven new one17:31
jrosserthats the wierd thing17:31
noonedeadpunkand we collect facts right before as well17:32
noonedeadpunkYeah, no idea17:32
jrosserno worries - will investigate17:33
prometheanfireya, may have to17:35
opendevreviewMerged openstack/openstack-ansible-haproxy_server master: Fix tags usage for letsencrypt setup  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87577217:40
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server stable/zed: Fix tags usage for letsencrypt setup  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87668117:42
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server stable/yoga: Fix tags usage for letsencrypt setup  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87668217:42
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server stable/xena: Fix tags usage for letsencrypt setup  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87668317:42
opendevreviewMerged openstack/openstack-ansible master: Remove support for calico ml2 driver.  https://review.opendev.org/c/openstack/openstack-ansible/+/86611918:03
opendevreviewMerged openstack/openstack-ansible-haproxy_server master: Serialise initial issuing of LetsEncrypt certificates  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87578118:12
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server stable/zed: Serialise initial issuing of LetsEncrypt certificates  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87668418:12
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server stable/yoga: Serialise initial issuing of LetsEncrypt certificates  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87668518:16
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server stable/xena: Serialise initial issuing of LetsEncrypt certificates  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87668618:16
opendevreviewMerged openstack/openstack-ansible master: Disable fact variables  https://review.opendev.org/c/openstack/openstack-ansible/+/77839618:16
opendevreviewMerged openstack/openstack-ansible master: Add validation zuul job for hosts setup  https://review.opendev.org/c/openstack/openstack-ansible/+/84300218:16
opendevreviewMerged openstack/openstack-ansible master: Bump OpenStack-Ansible master  https://review.opendev.org/c/openstack/openstack-ansible/+/87604318:26
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Deploy step-ca when 'stepca' is part of the deployment scenario.  https://review.opendev.org/c/openstack/openstack-ansible/+/87663719:08
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Add a /etc/hosts entry for the external IP of an AIO  https://review.opendev.org/c/openstack/openstack-ansible/+/87663819:09
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Use certbot to generate SSL cert for the external VIP in 'stepca' scenario  https://review.opendev.org/c/openstack/openstack-ansible/+/87663919:09
opendevreviewMerged openstack/openstack-ansible-haproxy_server stable/yoga: Use let's encrypt standalone flag only for http-01  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87462020:25
« Monday, 2023-03-06 Index Wednesday, 2023-03-08 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!