Thursday, 2023-04-20

« Wednesday, 2023-04-19 Index Friday, 2023-04-21 »
noonedeadpunkmornings07:38
noonedeadpunk1 more vote needed for this one https://review.opendev.org/c/openstack/openstack-ansible/+/88060707:38
noonedeadpunkAnd I will push Y release on top of it07:38
noonedeadpunkAlso these are required for Z bump https://review.opendev.org/q/parentproject:openstack/openstack-ansible+branch:%255Estable/zed+status:open+07:39
noonedeadpunkadjutant is already being re-checked07:39
damiandabrowskihi07:54
jrossermorning08:05
noonedeadpunkregarding haproxy - I think this is the next thing to land https://review.opendev.org/c/openstack/openstack-ansible/+/88077510:03
opendevreviewMerged openstack/openstack-ansible stable/yoga: Gather generic masakari facts  https://review.opendev.org/c/openstack/openstack-ansible/+/88060710:24
opendevreviewMerged openstack/openstack-ansible-os_octavia master: Do not limit IP prefix for DHCP rule  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/88080410:41
opendevreviewMerged openstack/openstack-ansible-os_octavia master: Change default CIDR for security_group  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/88054410:41
opendevreviewMerged openstack/openstack-ansible-ceph_client stable/zed: Improve regexp for fetching nova secret from files  https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/88049310:56
KSRHi'11:07
noonedeadpunko/11:07
KSRI'm about to upgrade a Openstack Ussuri to Victoria - I've understood the most recent stable openstack-ansible victoria branch is victoria-em, but is that based on 22.4.4 or 22.4.0 which is the most recent according to https://docs.openstack.org/releasenotes/openstack-ansible/victoria.html ?11:09
KSRI mean.. It seems like there might be a deviation between what is released, and what is announced on the docs site 11:12
noonedeadpunkugh...11:31
noonedeadpunkgot distracted :(11:31
opendevreviewMerged openstack/openstack-ansible stable/zed: bump openstack_hosts role to resolve openvswitch3.1 problem on Rocky  https://review.opendev.org/c/openstack/openstack-ansible/+/88082611:46
opendevreviewMerged openstack/openstack-ansible stable/zed: Gather generic masakari facts  https://review.opendev.org/c/openstack/openstack-ansible/+/88060611:46
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Define backup randomized delay in defaults  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/88095012:09
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Define backup randomized delay in defaults  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/88095012:10
opendevreviewMerged openstack/openstack-ansible master: Fix blazar haproxy service  https://review.opendev.org/c/openstack/openstack-ansible/+/88077512:53
noonedeadpunkAdjuntant passed now https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/87985813:09
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Add way to periodically trim Nova DB  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/88097113:13
noonedeadpunk^ this is a thing I was thinking to do for quite a while now, but never had a time13:13
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Add way to periodically trim Nova DB  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/88097113:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder master: Add way to periodically trim Cinder DB  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/88097514:02
opendevreviewMerged openstack/openstack-ansible master: Add is_nest property for container_skel  https://review.opendev.org/c/openstack/openstack-ansible/+/86976214:51
spatelnoonedeadpunk jamesdenton question with OVS it use LinuxBridge for security group so too many layers here. why don't use OVS built-in firewall? is there any issue to use native firewall of OVS and remove linuxbridge?15:41
noonedeadpunkI think it's jsut historical and/or due to some limitations. Maybe James know more. And there was option to use native firewalling for OVS as well15:42
mgariepyi use ovs flow and it works just fine .15:43
noonedeadpunkyeah, so likely it's jsut default that should be easy to override15:45
mgariepyour doc does deploy ovs on top of a lxb. so i guess it's why it's like that. 15:45
mgariepyi have my tunnel interface > ovs direcly. no lxb between them,15:46
spatelWhere is that setting to tell don't use lxb and use ovs firewall? is that in ml2 file? 15:47
noonedeadpunk`neutron_firewall_driver`?15:48
noonedeadpunkDefault is 'iptables_hybrid' but you can set it to 'openvswitch': https://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/releasenotes/notes/override-ovs-firewall-driver-0ba4dee50aff725c.yaml15:49
mgariepyhttps://paste.openstack.org/show/bf08d5bx8YL4UVQ6GZVF/15:50
noonedeadpunkspatel: btw this release not also explains the reason why it was like that15:50
noonedeadpunkmgariepy: yeah, there's easier way now...15:50
mgariepyon victoria there was a small issue but it's fixed in neutron now:15:51
mgariepyyeah, i'll revisit at some point :D 15:51
noonedeadpunkmgariepy: was you migrating from hyprid or initial setup was like that?15:51
mgariepyinitial like that15:51
noonedeadpunkI kinda wonder if I can just switch to native firewall...15:52
spatelThis is awesome if we can switch with just config option 15:52
noonedeadpunkI never tried that but eager to know :D15:52
mgariepynot sure if it would flush the iptables15:53
spatelOVN deployment by default use OVS based ACL so its not new anymore :) 15:53
noonedeadpunkwell, flush iptables is not a rocket science. I think it won't 15:53
noonedeadpunkBut I kinda wonder how long it might take to apply rules in ovs15:54
NeilHanlonpoor Linux bridges, always getting hate15:54
spatelhow does existing rules get consume by OVS ? 15:54
noonedeadpunkI love LXB 15:54
NeilHanlonhehe15:54
noonedeadpunkAnd hate ovs  - it's so troublesome...15:54
spatelLXB is amazing... no doubt but poor thing end of life 15:54
noonedeadpunkit's so much more clear and straightforwad with lxb...15:55
spatelif OVS is troublesome then just think of OVN.. hehehe!! 15:55
noonedeadpunkWell, ovn at least does not have namespaces...15:56
spatelagreed!! +115:56
noonedeadpunkexcept metadata...15:56
spatelI don't understand why metadata isn't part of OVN, why its so hard to implement in flow? 15:57
noonedeadpunkI have literally no idea and wasn't trying to understand that yet15:57
spatelUpgrading today my cloud from Wallaby to Xena :) hope today is good day!! 15:58
noonedeadpunkthat should be quite straighforward15:59
noonedeadpunkspatel: fwiw https://review.opendev.org/c/openstack/releases/+/87811815:59
noonedeadpunkthere're quite some changes from last release15:59
noonedeadpunkand that's close to last one - next will be just EM16:00
spatelso go with 2646.0 16:00
spatel24.6.016:00
noonedeadpunkor you can `git checkout 6d863d13458bd185550f3c8ea457b9fda821c7c5` as well, which will be the same content. But might mess up venv names16:01
spateloh wait.. what is that mess?16:02
noonedeadpunkwell, names will be like 24.5.1.dev**16:03
noonedeadpunkor smth16:03
jrosseryou can always apply your own custom tag if you want16:04
noonedeadpunkOR, after bootstrap you can edit /usr/local/bin/openstac-ansible and replace value for `OSA_VERSION`16:05
noonedeadpunkbut yeah, still in pip freeze output would not be neat...16:05
noonedeadpunkOR! You can just create a local tag after checkout :)16:06
spatelwhy do i need to go through this process? what if people just following official upgrade doc? 16:07
noonedeadpunkLike `git checkout 6d863d13458bd185550f3c8ea457b9fda821c7c5; git tag -a 24.6.0 -m "Local osa tag"`16:07
noonedeadpunkspatel: it's if you want to do this today16:07
noonedeadpunkAs it's unlikely that patch I've provided for releasing will be merged16:08
noonedeadpunkAnd no new version is created until it's merged16:08
NeilHanlonnoonedeadpunk: btw re https://review.opendev.org/c/openstack/openstack-ansible/+/880826 - was that the 'bump versions' script you were talking about yesterday? would love to follow along to see how it's done 16:10
spateloh ok.. so if i just do -> git checkout 6d863d13458bd185550f3c8ea457b9fda821c7c5; git tag -a 24.6.0 -m "Local osa tag"  in that case I don't need to do anything else and just regular upgrade process correct?16:10
noonedeadpunkNeilHanlon: https://docs.openstack.org/openstack-ansible/latest/contributor/periodic-work.html#osa-cli-tooling 16:10
NeilHanlonty! reading :) 16:10
noonedeadpunkJust replace `evrardjp` with `noonedeadpunk`16:11
mgariepyi wonder if the iptables rules would be flushed or not if you change the config and restart the agent.16:13
mgariepysorry i was busy in another meeting.16:14
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Update releasing tool location  https://review.opendev.org/c/openstack/openstack-ansible/+/88103016:14
mgariepywhen i deployed my ovs one my plan was to switch to ovn at some point so i did use the flow directly.16:14
noonedeadpunkWell, if you change to firewall to ovs I bet iptables won't be flushed on it's own16:15
mgariepybut i got hit by this : https://bugs.launchpad.net/neutron/+bug/191265116:15
NeilHanlonOVS makes me flashback to working with XenServer on a daily basis16:15
noonedeadpunklooks like it's baclported a well16:16
mgariepyalso if you switch the firewall you might want to get rid of the lxb that is not needed.16:16
mgariepyyep. it was fixed correctly :D16:16
mgariepywhen you invest time poking ppl it does happens. 16:16
NeilHanlonwho needs firewalls, anyways. i thought it was all zero trust now16:16
noonedeadpunkNeilHanlon: I was lucky and had old-school Xen with LXB :)16:16
noonedeadpunklol16:16
NeilHanlonnoonedeadpunk: i'm quite friendly with the XCP-NG folks still... happy they're doing good things with the garbage state Citrix left it in16:17
NeilHanlonbut gosh OVS was always such a PITA. mostly due to the version. newer OVS is a lot better16:18
NeilHanlonwe'd have flow tables just.. drop out ? 16:18
noonedeadpunkwell we had terrible struggle with OVS due to it's gcc compatability issues16:20
noonedeadpunkSo it was getting stuck from time to time and each restart was painful due to flow being lost iirc.16:20
noonedeadpunkSuch a nightmare16:21
noonedeadpunkThe solution they've proposed was gcc update :)16:21
NeilHanlonoof16:22
admin1spatel, i did a 22 -> 26 recently, following offical upgrade docs .. the only point where i had to override was for new erlang versions for rabbitmq that was not the tags 18:22
admin1i just went to the last tag of every release 18:22
spatelThat is a very big jump 22 to 2618:33
admin122 -> 23 -> 24 -> 25 -> 26 :D 18:35
opendevreviewMerged openstack/openstack-ansible-os_keystone master: Rename keystone_ssl to keystone_backend_ssl  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/87937918:46
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_glance master: Move _glance_available_stores to defaults  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/88087219:10
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible master: Add support for TLS backends  https://review.opendev.org/c/openstack/openstack-ansible/+/87908519:10
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_zun master: Add TLS support to zun backends  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/88114019:40
psyminWhich distribution and version am I likely to have the most success with while using openstack-ansible?20:15
damiandabrowskipsymin: we currently test ubuntu, debian and rocky in our CI so I'd pick one of them20:32
psyminis the output for CI public somewhere?20:33
damiandabrowskiwhen it comes to openstack-ansible version, I'd recommend latest stable(so zed)20:34
damiandabrowskiyes, you can check the results for each patch for ex. here: https://review.opendev.org/c/openstack/openstack-ansible/+/880775/1?tab=change-view-tab-header-zuul-results-summary20:34
damiandabrowskibut I'm not aware of any periodic CI jobs20:35
damiandabrowskiyou can also find some graphs from our CI here: https://grafana.opendev.org/d/8cbc9d7032/openstack-ansible?orgId=1&from=now-7d&to=now20:35
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_adjutant master: Ensure service is restarted on unit file changes  https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/87982920:46
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_adjutant master: Add TLS support to adjutant backends  https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/88114720:55
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_magnum master: Ensure service is restarted on unit file changes  https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/87997021:03
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_magnum master: Add TLS support to magnum backends  https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/87991821:04
psyminShould Rocky Linux 8 work with openstack-ansible to deploy Yoga as hinted on this page?  https://docs.openstack.org/project-deploy-guide/openstack-ansible/yoga/deploymenthost.html21:35
« Wednesday, 2023-04-19 Index Friday, 2023-04-21 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!