| Elnaz | Hi | 01:00 |
|---|---|---|
| Elnaz | Do you separate any partition when you go to setup a Linux OS on the nodes? | 01:01 |
| Elnaz | I mean, for example, do you create a partition for /var? or you leave them all to be a directory in the root partition? | 01:04 |
| Mohaa | Rackspace is hiring OpenStack Ubuntu Architect: https://t.co/yu02pEADmt ! | 04:53 |
| Mohaa | ChatGPT generates config files for an OSA deployment scenario: https://twitter.com/cloudnull/status/1628191600374317056?t=VclkRaGHPtaI-_bmb4KFuw&s=19 | 05:00 |
| Mohaa | Ansible 2 Cloud Automation Cookbook: https://www.amazon.com/dp/B076X4RL6K | 05:04 |
| Mohaa | OPS env built with OSA, a Japanese blog post: https://valinux-hatenablog-com.translate.goog/entry/20220908?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp | 05:07 |
| admin1 | i know this is not osa specific, but is there a osa way to enable 2fa for keystone ? | 14:50 |
| admin1 | i found keystone_auth_methods: "password,token,application_credential" .. .. i guess just add totp there and see where it goes .. | 14:53 |
| jrosser | admin1: i think youve asked this before and its per user isnt it? rather that just "enable"..... | 15:00 |
| jrosser | so as OSA doesnt provision users beyond the service users and admin user i'm not sure realy | 15:01 |
| jrosser | but if you mean 2FA for the admin user - thats a different and more complicated topic | 15:01 |
| admin1 | yeah .. last time asked of curiosity and if its possible .. now have an opportunity to actually implement it | 15:17 |
| admin1 | thank you .. i will take a look into the howto | 15:17 |
| jrosser | it's an API call to keystone as far as i remember | 15:18 |
| jrosser | enforcing 2fa for admin on the external endpoint whilst not break other things like deployment tooling is maybe not possible | 15:20 |
| admin1 | so first step will still be to to do keystone_auth_methods and add totp .. and then once its there, use the api to enable it per user | 15:20 |
| admin1 | i found some examples here .. https://docs.openstack.org/keystone/latest/user/multi-factor-authentication.html#multi-factor-authentication-user-guide .. will give it a try | 15:20 |
| Losraio | Hello everyone | 15:41 |
| Losraio | I've ran into a problem once again with my deployment :( | 15:41 |
| Losraio | I ran the setup-openstack.yml but it failed at some point, it had to do something with nova | 15:42 |
| Losraio | Then I ran it again and this is what I get: | 15:42 |
| Losraio | https://paste.openstack.org/show/bkPHnRDFFCvddddPVLZZ/ | 15:42 |
| admin1 | Losraio, from the util container, if you do mysql ENTER , do you get logged into mysql ? | 15:44 |
| Losraio | Remind me again please, how do I gain access to an lxc container? | 15:45 |
| admin1 | ssh ( one of the controller) ; lxc-attach -n <tab>_util<tab> :) | 15:45 |
| Losraio | okay im in the util | 15:46 |
| Losraio | Nope | 15:47 |
| Losraio | Typing mysql failes | 15:47 |
| Losraio | fails* | 15:47 |
| Losraio | ERROR 2002 (HY000): Can't connect to server on '10.1.0.12' (115) | 15:47 |
| Losraio | :( | 15:48 |
| Losraio | The setup-hosts.yml and setup-infrastructure.yml have ran succesfully prior | 15:50 |
| admin1 | do you have different ips in the controller | 16:07 |
| admin1 | different ip ranges, lots of ips .. its a mysql whitelist issue | 16:07 |
| admin1 | you need to whitelist your ips via galera_monitoring_allowed_source .. | 16:08 |
| admin1 | re-run galera .. and test again via util container | 16:09 |
| jrosser | Losraio: it’s a good to trace through in a logical manner…. can the utility container ping the internal VIP | 16:26 |
| jrosser | check that you’ve not missed entries in “used_ips” and accidentally got something now using your VIP address for a container | 16:27 |
| jrosser | if that’s ok then check if haproxy thinks that the database is working - is the backend “UP” in hatop/haproxy log | 16:27 |
| Losraio | Im back | 17:24 |
| Losraio | Hmm let me check the used_ips and VIPs of the config | 17:24 |
| Losraio | I think it's okay... Right? | 17:25 |
| Losraio | https://paste.openstack.org/show/bpExKg4y5szr58oC95SX/ | 17:26 |
| Losraio | FYI, the internal and external VIPs are of the control node | 17:27 |
| Losraio | And the HAproxy host is also the controller, the .11 IP is also assigned to the controller | 17:28 |
| jrosser | Losraio: what is hua-openstack-lb? | 18:02 |
| Losraio | It is the hua-openstack-controller host, just a different alias | 18:02 |
| Losraio | because I wanted to use a different IP address and | 18:03 |
| Losraio | It wouldn't let me do so with the same hostname | 18:04 |
| jrosser | thats kind of unusual setup so i don't know really if that has any effect | 18:06 |
| jrosser | also personally i would have the VIP be a unique address that is not the address if any host in openstack_user_config | 18:06 |
| jrosser | but regardless of this, you need to see if haproxy thinks that the database backend is up, or not | 18:07 |
| Losraio | I see | 18:07 |
| Losraio | I changed the haproxy host, let me try running the playbooks again | 18:07 |
| Losraio | Oh boy, this is gonna take a loooong time | 18:09 |
| Losraio | In the meantime, how can I check what you recommended? | 18:10 |
| jrosser | you can look either in the log of haproxy with journalctl, or use the `hatop` program to see it's status | 18:12 |
| Losraio | Okay | 18:12 |
| Losraio | Other than that, is my user_config correct? | 18:13 |
| Losraio | In terms of used ips and such? | 18:13 |
| admin1 | on used ips, you only give the ips on the cidr_networks | 19:21 |
| admin1 | other ips, osa does not use/know about | 19:21 |
| admin1 | i see you have put - "10.100.59.215,10.100.59.217" which is not the cidr_networks, so there is no need for it | 19:22 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!