| noonedeadpunk | NeilHanlon: yeah, I was trying to understand from whose prespective discussion is :D | 08:29 |
|---|---|---|
| noonedeadpunk | is it rhel who's trying to convince that all is cool or it's non-rhel view | 08:29 |
| anskiy | noonedeadpunk: hey. I answered here: https://review.opendev.org/c/openstack/openstack-ansible/+/884662, but only after I did it, I saw your comment :( You're trying to say, that this configuration should be totally possible already? With SSL? | 09:51 |
| noonedeadpunk | anskiy: I'm pretty sure it should be, yes, for quite a while. https://paste.openstack.org/show/bJ8JB4AnkL7qDlGlPEMB/ | 10:10 |
| noonedeadpunk | this we have on Xena, and it didn't change since Victoria at least | 10:10 |
| noonedeadpunk | if that's what you're trying to do | 10:11 |
| anskiy | noonedeadpunk: I wonder how haproxy is fine with binding on FQDN instead of IP Oo | 10:12 |
| noonedeadpunk | haproxy pretty much is. keepalived is not | 10:17 |
| noonedeadpunk | but then there's also a variable on how to bind haproxy | 10:17 |
| noonedeadpunk | but actually, you might be right that patch has a value | 10:19 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Allow using domain name as internal_lb_vip_address https://review.opendev.org/c/openstack/openstack-ansible/+/884662 | 10:20 |
| noonedeadpunk | I assume the main problem with the patch, is that haproxy_bind_internal_lb_vip_address is defined outside of scope where variable gets renderred | 10:21 |
| noonedeadpunk | *evaluated | 10:21 |
| noonedeadpunk | as haproxy_bind_internal_lb_vip_address is only a valid thing in haproxy role, while you're defining vars outside of it. But let's see fresh CI results | 10:22 |
| noonedeadpunk | anskiy: one other thing - is that when haproxy can not resolve internal_lb_vip_address or you _really_ want it to avoid from doing that, what you might want to do is to bind haproxy to the interface instead of IP. And for that you would still need to override all these defenitions | 10:38 |
| noonedeadpunk | I'm talking about this ability: https://opendev.org/openstack/openstack-ansible-haproxy_server/src/branch/master/templates/service.j2#L24-L25 | 10:38 |
| noonedeadpunk | that haproxy_bind can be a dict as well | 10:39 |
| anskiy | noonedeadpunk: I can retest that thing (even was already going to do so for this thing: https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/884660) | 10:51 |
| noonedeadpunk | but as I said - we're having FQDN for internal_lb_vip_address I guess close to forever and it was never an issue. Though we're using haproxy that's shipped with distro packages, so if you're using latest one there could be some changes | 10:52 |
| anskiy | noonedeadpunk: nope, that's standard ubuntu one for me. I see now, that I need to reconsider those patches, thanks! | 10:56 |
| anskiy | I guess, I'll put back WIP on it | 10:58 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-pki master: Convert loop labels to strings https://review.opendev.org/c/openstack/ansible-role-pki/+/887374 | 12:50 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_service master: Reduce output by leveraging loop labels https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/876302 | 12:57 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-hardening master: Remove warn argument for command/shell https://review.opendev.org/c/openstack/ansible-hardening/+/887376 | 13:05 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_mount master: Remove warn argument for command/shell https://review.opendev.org/c/openstack/ansible-role-systemd_mount/+/887378 | 13:28 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use include_role in task to avoid lack of access to vars https://review.opendev.org/c/openstack/openstack-ansible/+/887082 | 14:18 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use include_role in task to avoid lack of access to vars https://review.opendev.org/c/openstack/openstack-ansible/+/887082 | 14:19 |
| anskiy | noonedeadpunk: I get this: https://paste.opendev.org/show/brLHoif16WO5qM38Jm6J/ | 14:20 |
| anskiy | it's SSL cert path, that's broken for me, not `bind` | 14:20 |
| noonedeadpunk | well, it's completely different story kind of | 14:21 |
| anskiy | yeah, sorry :( It's been a while | 14:21 |
| noonedeadpunk | but that requires bigger output. Cert is generated as a handler to haproxy role | 14:21 |
| noonedeadpunk | right here https://opendev.org/openstack/openstack-ansible-haproxy_server/src/branch/master/handlers/main.yml#L16-L26 | 14:22 |
| anskiy | so it's broken for all the backends with `haproxy_bind: "{{ [internal_lb_vip_address] }}"`: galera, nova_api_metadata, repo_all and rabbitmq. | 14:22 |
| noonedeadpunk | and it should contain whatever bind address is - in this case it should be same as internal_lb_vip_address | 14:22 |
| noonedeadpunk | but do you override internal bind address for haproxy? | 14:22 |
| noonedeadpunk | as maybe you shouldn't ? :D | 14:23 |
| anskiy | haproxy_bind_internal_lb_vip_address? Yeah, I did it | 14:23 |
| noonedeadpunk | try just to comment that out | 14:23 |
| anskiy | the reasoning was this: https://paste.opendev.org/show/bmE2sTIEQLt4zWH47LKL/ if you could get the idea | 14:33 |
| anskiy | I can totally use some other variable/or just put `openstack_host_custom_hosts_records` to group_vars for each AZ | 14:33 |
| noonedeadpunk | aha, az with different networks | 14:34 |
| noonedeadpunk | then why not to bind just on the interface? | 14:34 |
| noonedeadpunk | well. I probably can show how we done this usecase | 14:35 |
| anskiy | I do still have your pastes :) so that's fine | 14:36 |
| anskiy | I've been trying to prototype this thing, but now it's postponed | 14:36 |
| anskiy | I'll just rework it on my side without overriding `haproxy_bind_internal_lb_vip_address`, should be okay :) | 14:37 |
| anskiy | not only prototyping, I do remember I've got it working with different Ceph clusters and such | 14:38 |
| noonedeadpunk | we did smth like that for haproxy specifically https://paste.opendev.org/show/bvaBgtpDTBZCLEHi1X4v/ | 14:38 |
| noonedeadpunk | but we used DNS RR basically, with 3 VIPs each unique for it's own AZ | 14:39 |
| noonedeadpunk | that will failover between AZs | 14:40 |
| noonedeadpunk | anycast for poor :D | 14:40 |
| anskiy | well, I'm doing DNS for poor :P | 14:41 |
| noonedeadpunk | but I think your patch makes sense in this context | 14:41 |
| noonedeadpunk | you probably should just add default there to internal_vip if it;s not available due to context | 14:42 |
| noonedeadpunk | though you totally should write better commit message to explain the intent | 14:42 |
| noonedeadpunk | fwiw, we're pretty much broken with this new setuptools for projects who "adopted" pyproject.toml but then failed to maintain their stuff in a good way.... | 14:44 |
| noonedeadpunk | I'm quite clueless about how to workaround these failures | 14:44 |
| noonedeadpunk | ceilometer is also broken for isntallation | 14:44 |
| noonedeadpunk | jrosser: damiandabrowski ^ | 14:44 |
| damiandabrowski | so there are 2 separate issues? pyproject.toml and rally/Tempita? | 14:55 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build master: Remove warn argument for command/shell https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/887384 | 14:56 |
| noonedeadpunk | I think this is related in a way | 14:56 |
| noonedeadpunk | Since they all error out in exactly same way | 14:57 |
| noonedeadpunk | But I will be able to look into that only next week | 14:57 |
| noonedeadpunk | most scary that our cosntaints logic is not working anymore and there seems no way to override what's written in pyproject.toml, which is jsut /o\ | 14:59 |
| noonedeadpunk | So the only way to fix issues - merge some fixes to all dependencies of all projects, and then backport pins to u-c and I bet it won't be possible in many cases. | 15:00 |
| noonedeadpunk | I feel like pip/setuptools tries to fight users back from being flexible to - developers should know and care about all constraints on their own. And I can hardly name a project which really does and it will "backport" nicely for them... | 15:01 |
| jrosser | this suggests there is a big gap in the requirements testing stuff? | 15:02 |
| noonedeadpunk | I'm not even sure how that should be tested to be frank | 15:04 |
| noonedeadpunk | like gnocchi added pyproject.toml more then a year ago. And using SHA before that - fixes gnocchi installation | 15:05 |
| noonedeadpunk | basically `gnocchi_git_install_branch: 6f35ea5413a9f78551d8193b8d2a6d77c49b6372` | 15:05 |
| noonedeadpunk | but then there's also ceilometer, which also depends on smth, that uses pyproject.toml, that fails to build/install now | 15:06 |
| noonedeadpunk | and rally | 15:06 |
| noonedeadpunk | dunno... will continue on that next week... | 15:07 |
| noonedeadpunk | btw, ansible-core 2.15 is almost passing now | 15:07 |
| anskiy | noonedeadpunk: `you probably should just add default there to internal_vip if it;s not available due to context` -- I'm afraid, I didn't get your point :( | 15:08 |
| noonedeadpunk | anskiy: ` haproxy_bind: "{{ [haproxy_bind_internal_lb_vip_address | default(internal_lb_vip_address)] }}"` | 15:10 |
| noonedeadpunk | for https://review.opendev.org/c/openstack/openstack-ansible/+/884662 | 15:10 |
| noonedeadpunk | as CI obviously fails on the change | 15:12 |
| noonedeadpunk | and I asusme that's because haproxy_bind_internal_lb_vip_address is simply undefined when variable get's evaluated | 15:12 |
| * noonedeadpunk sign outs for the weekends | 15:14 | |
| damiandabrowski | see you on Monday! | 15:20 |
| opendevreview | Merged openstack/openstack-ansible-os_neutron master: Switch driver jobs to Jammy https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/884361 | 16:16 |
| damiandabrowski | ah, I partially solved the issue with Tempita(rally dependency) that fails to install | 16:27 |
| damiandabrowski | we're using '--pre' parameter with pip install that targets also development versions. | 16:29 |
| damiandabrowski | latest stable tempita version is 0.5.2 and latest dev is 0.5.3dev | 16:29 |
| damiandabrowski | pip installs stable versions from wheels, while dev versions need to be built from tar archive - that is an important difference | 16:30 |
| damiandabrowski | in fact, all tempita versions cannot be built because they all use 'use_2to3' command that was dropped in setuptools>58.0 | 16:33 |
| damiandabrowski | but it doesn't affect wheels as they are already built | 16:33 |
| damiandabrowski | but i still have no clue why gates install tempita==0.5.2 and local AIO tempita==0.5.3dev | 16:42 |
| jrosser | possibly to do with the infra wheel builds? | 16:45 |
| damiandabrowski | ahhh, that would make sense, but i still can't reproduce the gating behavior :/ | 17:25 |
| damiandabrowski | https://zuul.opendev.org/t/openstack/build/16192120de1e4e0b959df64e11d866db/log/logs/etc/host/pip.conf.txt#1 | 17:26 |
| damiandabrowski | i copied this content to utility container(and to be sure also to the host and repo container) and pip still tries to install 0.5.3dev | 17:26 |
| noonedeadpunk | well, if it's not constrained, then it makes sense to install 0.5.3dev as from pbr prespective it's "latest" | 18:51 |
| noonedeadpunk | the question here if it's constrained or not | 18:57 |
| noonedeadpunk | or the project that brings tempita as requirement has specified it in pyprject.toml - then it will always attempt to install latest | 18:58 |
| noonedeadpunk | and the only possible fix to adjust the project that bring tempita as a requirement | 18:58 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump ansible-core to 2.15.1 and collections https://review.opendev.org/c/openstack/openstack-ansible/+/886527 | 19:01 |
| *** ultra3 is now known as ThiagoCMC | 19:31 | |
| damiandabrowski | noonedeadpunk: but it doesn't explain why it works fine in gating | 19:49 |
| hamburgler | Apologies if I missed something here - but noticed that when testing osa tag 27.0.0 - ansible-role-requirements for etcd/corosync have changed versions to (master) and date to a much older one than in the Zed branch causing bootstrap to fail. Temporarily added same values as Zed and works. Was this intentional? | 21:33 |
| jrosser | hamburgler: i thought there was a patch to fix that but i can't see it right now | 22:05 |
| hamburgler | jrosser: no worries at all right now just testing before we look to upgrade to antelope :) | 22:07 |
| jrosser | perhaps submit a bug then it will get picked up | 22:07 |
| hamburgler | will do - I'll make a note to add in the next day or two | 22:08 |
| hamburgler | nm - had time - filed :) | 22:28 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!