| opendevreview | Damian Dąbrowski proposed openstack/openstack-ansible-os_nova master: Apply always tag to nova_virt_detect.yml https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/885337 | 05:35 |
|---|---|---|
| noonedeadpunk | NeilHanlon: I actually think, that for CI we can ask infra, given that both us and kolla folks use these mirrors | 10:07 |
| jrosser | does that help when they break the Packages.gz file? reprepro remakes that? | 10:08 |
| noonedeadpunk | dunno to be frank... | 10:15 |
| noonedeadpunk | given that it's just rsynced, might be not | 10:15 |
| depasquale | ciao everyone. I had an issue with the execution of openstack-ansible yesterday evening and everything has been solved (was an issue related to the time mismatch between osa and hosts). I am now installing step by step the openstack services. I have an issue on octavia | 12:03 |
| depasquale | I am running stable/zed branch | 12:03 |
| depasquale | 2023-06-06 16:27:17,286 p=1555755 u=root n=ansible | fatal: [infra1_octavia_server_container-40070264 -> infra1_utility_container-750f99be(172.29.236.133)]: FAILED! => {"attempts": 5, "changed": false, "extra_data": {"data": null, "details": "503 Service Unavailable: No server is available to handle this request.", "response": "<html><body><h1>503 Service Unavailable</h1>\nNo server is available to handle this | 12:04 |
| depasquale | this the log of the failing task TASK [os_octavia : Create mgmt network] | 12:04 |
| depasquale | this is the status of the octavia-api service in the container (infra1-octavia...) | 12:05 |
| depasquale | Jun 06 11:46:32 infra1-octavia-server-container-40070264 uwsgi[2549]: /openstack/venvs/octavia-26.1.2.dev8/lib/python3.8/site-packages/oslo_policy/policy.py:1129: UserWar ning: Policy "context_is_admin": "role:load-balancer_admin or rule:system-admin" failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where | 12:05 |
| depasquale | do you have any suggestion? | 12:05 |
| jrosser | depasquale: i think you probably have some trouble with your neutron service | 12:07 |
| jrosser | when you see `503 Service Unavailable` that means that the loadbalancer thinks that the API backends for some service are all down | 12:08 |
| depasquale | jrosser: ok I still did not try anything but do you think this is a possible issue with neutron? | 12:08 |
| jrosser | becasue the task is `Create mgmt network` | 12:08 |
| jrosser | https://opendev.org/openstack/openstack-ansible-os_octavia/src/branch/master/tasks/octavia_mgmt_network.yml#L26 | 12:08 |
| depasquale | ok makes sense. I will try to checkup neutron | 12:10 |
| jrosser | it is probably best to check the status of the services as haproxy sees them (hatop on the haproxy nodes is good for that) | 12:10 |
| depasquale | they are all "green" | 12:10 |
| jrosser | well it can't be :) | 12:10 |
| jrosser | you got a 503 | 12:10 |
| jrosser | anyway - i don't believe this is actually to do with the octavia deployment | 12:11 |
| depasquale | ok | 12:11 |
| depasquale | I agree with you | 12:11 |
| depasquale | but you think the message related to the policy.py is not relevant in this case? | 12:11 |
| jrosser | thats a warning, not an error | 12:12 |
| depasquale | I was thinking about the missing of some "new config" in some conf files | 12:12 |
| jrosser | well, we run a CI job for these roles, and i believe that octavia works there | 12:12 |
| depasquale | I will deeply investigate the topic at neutron level | 12:12 |
| jrosser | so the config files should have sensible default values | 12:12 |
| jrosser | you will probably need to do some extra setup for host networking for octavia | 12:13 |
| depasquale | thanks for the moment for the pointer. I will go to investigate better the behaviour during the task executiong | 12:13 |
| depasquale | *execution | 12:13 |
| jrosser | this is unofficial docs so don't just copy all the things without understanding https://satishdotpatel.github.io/openstack-ansible-octavia/ | 12:14 |
| jrosser | but the diagram is very relevant | 12:14 |
| depasquale | jrosser: I see differences in user_variables | 12:18 |
| depasquale | I will deeply investigate and thanks for the sharing!! | 12:18 |
| NeilHanlon | noonedeadpunk, jrosser: if we sync with --delay-updates and/or --delete-delay, then no files should be swapped until the sync is finalized | 12:37 |
| jrosser | depasquale: please don’t just copy those user vars, you need ones that make sense for your deployment, not someone else’s | 13:19 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Start 2023.2 (Bobcat) development https://review.opendev.org/c/openstack/openstack-ansible/+/884924 | 13:50 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Start 2023.2 (Bobcat) development https://review.opendev.org/c/openstack/openstack-ansible/+/884924 | 13:51 |
| noonedeadpunk | #startmeeting openstack_ansible_meeting | 14:59 |
| opendevmeet | Meeting started Tue Jun 6 14:59:40 2023 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 14:59 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 14:59 |
| opendevmeet | The meeting name has been set to 'openstack_ansible_meeting' | 14:59 |
| noonedeadpunk | #topic rollcall | 14:59 |
| noonedeadpunk | o/ | 14:59 |
| NeilHanlon | o/ | 14:59 |
| mgariepy | o/ | 14:59 |
| NeilHanlon | wow. Summit is in just a week! | 15:02 |
| noonedeadpunk | oh yes | 15:02 |
| mgariepy | indeed. | 15:02 |
| noonedeadpunk | Already in slow-mode :D | 15:02 |
| NeilHanlon | :D i've got to finish a talk for a different conference this Friday lol | 15:02 |
| noonedeadpunk | Though need to make some small presentation for project onboarding | 15:02 |
| mgariepy | noonedeadpunk, are you going ? | 15:03 |
| noonedeadpunk | I guess I"m lucky as have at very least 10h in flight, where can totally do that lol | 15:03 |
| noonedeadpunk | mgariepy: yup, I do | 15:03 |
| mgariepy | ha nice | 15:03 |
| mgariepy | too bad i'm not. :/ | 15:03 |
| NeilHanlon | :( | 15:04 |
| noonedeadpunk | yeah, that's quite unfortunate | 15:04 |
| noonedeadpunk | #topic office hours | 15:05 |
| noonedeadpunk | So we eventually need to land https://review.opendev.org/c/openstack/openstack-ansible/+/884924 to continue development, as currently CI checking not what it should | 15:05 |
| noonedeadpunk | (antelope) | 15:06 |
| noonedeadpunk | with that we need to remove 20.04 support | 15:06 |
| noonedeadpunk | as Nova should have updated minimal libvirt version | 15:06 |
| noonedeadpunk | another thing we need to deprecate - amphorav1 for octavia, I know they've removed it early in 2023.2 cycle | 15:07 |
| noonedeadpunk | Bumps for stab;e branches haven't merged yet, so we still don't have "safe" version for zed/yoga (wrt latest OSSA) | 15:08 |
| noonedeadpunk | Other then that I wanna thank all contributors, who made 2023.1 possible (and on time!!!) | 15:08 |
| noonedeadpunk | Since I've signed-up team for the PTG time, I've got a Zoom room, so everyone who won't be able to join in-person, are warm welcome online | 15:10 |
| NeilHanlon | awesome! :) we'll just make sure to keep an eye on the zoom and chat in case | 15:12 |
| noonedeadpunk | All details on timing can be found here | 15:12 |
| noonedeadpunk | #link https://etherpad.opendev.org/p/vancouver-june2023-os-ansible | 15:12 |
| NeilHanlon | hybrid is difficult, but we'll make it happen | 15:12 |
| noonedeadpunk | ++ | 15:12 |
| noonedeadpunk | I do hope on operator attendance to be completely frank | 15:15 |
| noonedeadpunk | As I'm eager to hear some input | 15:15 |
| noonedeadpunk | I will send ML with details after the meeting | 15:15 |
| noonedeadpunk | I'm also working now on updating our doc regardig releasing | 15:15 |
| NeilHanlon | btw I scheduled Rocky's PTG to be at the same table right before our Operator Hours, so maybe I'll get some people to stay ;) | 15:16 |
| NeilHanlon | it conflicts with the onboarding Forum, so I'll float over to the forum for that time and come back after. we've got a few people who can handle the PTG without me :) | 15:17 |
| noonedeadpunk | ++ sounds good :) | 15:17 |
| noonedeadpunk | I was going to invite ppl who want to chat more from onboarding to our operators hour | 15:18 |
| NeilHanlon | awesome | 15:19 |
| NeilHanlon | good idea :) | 15:19 |
| noonedeadpunk | Btw, talking about docs, we have some leftovers, that need to end up for antelope | 15:22 |
| noonedeadpunk | #link https://review.opendev.org/c/openstack/openstack-ansible/+/885257 | 15:23 |
| noonedeadpunk | #link https://review.opendev.org/c/openstack/openstack-ansible/+/884925 | 15:23 |
| noonedeadpunk | and to reflect current Xena support status | 15:23 |
| noonedeadpunk | #link https://review.opendev.org/c/openstack/openstack-ansible/+/884920 | 15:23 |
| noonedeadpunk | (and probably some more, not sure) | 15:25 |
| NeilHanlon | ack | 15:32 |
| noonedeadpunk | I think that's it from my side | 15:33 |
| noonedeadpunk | anything else we wanna discuss? | 15:33 |
| NeilHanlon | I can't think of anything. I've been thinking about the modular libvirt situation some more, but haven't come up with any good ideas yet... | 15:34 |
| noonedeadpunk | yeah... I think it's kind of situation that needs hands on implementing that... | 15:40 |
| noonedeadpunk | By far I struggled to dedicate time to understand proposed setup | 15:40 |
| noonedeadpunk | ok, then I will end meeting :) | 15:41 |
| noonedeadpunk | #endmeeting | 15:41 |
| opendevmeet | Meeting ended Tue Jun 6 15:41:42 2023 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:41 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-06-06-14.59.html | 15:41 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-06-06-14.59.txt | 15:41 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-06-06-14.59.log.html | 15:41 |
| opendevreview | Merged openstack/openstack-ansible-os_keystone master: Fix SSL logic in keystone-httpd.conf.j2 https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/885193 | 15:57 |
| opendevreview | Merged openstack/openstack-ansible-rabbitmq_server master: bump rabbitmq and erlang to latest available https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/884782 | 16:38 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Update releasing documentation https://review.opendev.org/c/openstack/openstack-ansible/+/885376 | 17:06 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Start 2023.2 (Bobcat) development https://review.opendev.org/c/openstack/openstack-ansible/+/884924 | 17:08 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Update releasing documentation https://review.opendev.org/c/openstack/openstack-ansible/+/885376 | 17:08 |
| opendevreview | Merged openstack/openstack-ansible master: Allow to pass BOOTSTRAP_EXTRA_PARAMS to bootstrap-aio.yml https://review.opendev.org/c/openstack/openstack-ansible/+/885189 | 17:18 |
| mgariepy | how are you guys managing the password and secret files ? are you encrypting with ansible-vault all the files ? | 17:56 |
| mgariepy | i usually do a encrypt_string on the user secrets. but i wonder if i should encrypt other stuff as well.. | 17:58 |
| noonedeadpunk | We do just ansible-vault... | 18:02 |
| noonedeadpunk | But we do encrypt only ansible-vault | 18:03 |
| noonedeadpunk | *user_secrets | 18:03 |
| noonedeadpunk | and put secret stuff only there | 18:03 |
| mgariepy | i wonder if the new stuff cert signing and other would be better encrypted D: | 18:04 |
| mgariepy | you know.. just in case .. | 18:04 |
| noonedeadpunk | Well, it can't be as of today | 18:11 |
| noonedeadpunk | It needs more work, and that's one topic to iterate on for the upcoming ptg | 18:12 |
| NeilHanlon | you must encrypt the encryption with an encrypted key | 18:12 |
| noonedeadpunk | But simplified version of that - you can't feed encrypted with ansible-vault file path to the privatekey module | 18:12 |
| mgariepy | needs quantum encrypt. | 18:13 |
| noonedeadpunk | oh, yes, true | 18:13 |
| NeilHanlon | RFC-1925; (6) It is easier to move a problem around (e.g., by moving the problem to a different part of the overall architecture) than it is to solve it | 18:13 |
| NeilHanlon | https://www.rfc-editor.org/rfc/rfc1925 | 18:13 |
| noonedeadpunk | so basically here https://opendev.org/openstack/ansible-role-pki/src/branch/master/tasks/standalone/create_ca.yml#L57 you need to use openssl_privatekey_pipe instead | 18:14 |
| noonedeadpunk | and that created quite some challanges | 18:14 |
| noonedeadpunk | lol | 18:14 |
| noonedeadpunk | I need to bookmark that | 18:15 |
| * noonedeadpunk bad in knowing rfcs :( | 18:15 | |
| NeilHanlon | i remember them, for some reason | 18:20 |
| opendevreview | Merged openstack/openstack-ansible master: Do not override user_secrets.yml if it already exists https://review.opendev.org/c/openstack/openstack-ansible/+/885187 | 18:36 |
| opendevreview | Merged openstack/openstack-ansible stable/2023.1: [doc] Update upgrade guide to mention SLURP https://review.opendev.org/c/openstack/openstack-ansible/+/885257 | 18:36 |
| opendevreview | Merged openstack/openstack-ansible master: Add 2023.1 to the compatability matrix https://review.opendev.org/c/openstack/openstack-ansible/+/884925 | 18:36 |
| opendevreview | Merged openstack/openstack-ansible master: Mark Xena as EM in docs https://review.opendev.org/c/openstack/openstack-ansible/+/884920 | 18:36 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Add 2023.1 to the compatability matrix https://review.opendev.org/c/openstack/openstack-ansible/+/885399 | 18:38 |
| opendevreview | Merged openstack/openstack-ansible stable/zed: Bump OpenStack-Ansible SHAs for Zed https://review.opendev.org/c/openstack/openstack-ansible/+/884913 | 19:57 |
| opendevreview | Merged openstack/openstack-ansible stable/2023.1: Add 2023.1 to the compatability matrix https://review.opendev.org/c/openstack/openstack-ansible/+/885399 | 20:05 |
| opendevreview | Merged openstack/openstack-ansible stable/yoga: Bump OpenStack-Ansible SHAs for Yoga https://review.opendev.org/c/openstack/openstack-ansible/+/884918 | 23:43 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!