Tuesday, 2023-07-18

« Monday, 2023-07-17 Index Wednesday, 2023-07-19 »
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_hosts master: Add retries to LXC base build command  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/88875006:41
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Bump ansible-core to 2.15.1 and collections  https://review.opendev.org/c/openstack/openstack-ansible/+/88652706:46
noonedeadpunkfwiw, I haven't catched any issue with rocky on my AIO06:52
noonedeadpunk(today in the morning)06:52
hamidlotfi_Hello,07:39
hamidlotfi_I added a compute node added by this manual: https://docs.openstack.org/openstack-ansible/latest/admin/scale-environment.html#add-a-compute-host07:39
hamidlotfi_but after adding this compute node, all of the instance located in this compute does not ping the network!07:39
hamidlotfi_can you help me?07:39
noonedeadpunkhamidlotfi_: what neutron driver is it using?07:44
hamidlotfi_OVN07:44
hamidlotfi_and ZED version07:44
noonedeadpunkand regarding network - you mean external network, or also internal network (ie between VMs for the same tenant)?07:45
hamidlotfi_ external network07:46
noonedeadpunkbut VMs are reachable from other VMs?07:46
noonedeadpunkincluding between computes?07:47
noonedeadpunkas in this case I'm completely clueless, as have very vague understanding how external connectivity is done in OVN07:47
hamidlotfi_oh ok07:48
hamidlotfi_but let me check interconnect between the VMs.07:48
noonedeadpunkbut I assume that if VMs are getting spawned, then ovn-agent runs on compute properly, otherwise it would fail to bind port07:48
noonedeadpunkbut if interconnection between VMs on the same internal network does not work - I assume that smth is wrong with the interface that should be used for geneve07:49
noonedeadpunkAs I guess external connectivity is done through geneve still, it just goes to gateway nodes and then somehow routed/terminated/etc07:50
hamidlotfi_I have 3 compute nodes (compute01, compute02, compute03) and I just added compute02.08:01
hamidlotfi_All compute01 and compute03 instances see each other but not compute02 instances and vice versa.08:01
hamidlotfi_as I said before compute02 was added newly.08:02
noonedeadpunkaha08:14
noonedeadpunkOk, then it should be easy :)08:15
anskiyhamidlotfi_: you should see in `ovs-vsctl show` all of your computes -- that's between what geneve is set up08:15
hamidlotfi_what's happen08:16
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Installing systemd-udev with NVR  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/88875308:16
anskiyhamidlotfi_: ovn-agent noonedeadpunk's mentioned is `ovn-controller` in case of OVN, you can check its logs.08:16
noonedeadpunkanskiy: I think in OVN you need to add interface to the bridge or smth, right? Or at least have an IP address on it?08:17
* noonedeadpunk jsut don't have any ovn sandbox handy08:18
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-systemd_mount master: Installing systemd-udev with NVR  https://review.opendev.org/c/openstack/ansible-role-systemd_mount/+/88875408:19
anskiynoonedeadpunk: external one? yeah.08:19
hamidlotfi_yes, my problem on external network 08:20
noonedeadpunkAs I guess this is the issue08:20
noonedeadpunkhamidlotfi_: btw, can you ping between compute nodes by IP assigned on the external interface that is used for geneve?08:21
noonedeadpunkhuh, but where it's defined?08:22
anskiyhamidlotfi_: you should see it here `ovs-vsctl list open` in `ovn-encap-ip`08:23
hamidlotfi_compute01: vn-encap-ip="172.17.222.21", compute02:ovn-encap-ip="172.17.222.22", compute03:ovn-encap-ip="172.17.222.23"08:35
hamidlotfi_but just difference between in all of them is ovs_version in the new node is "2.17.7" and on the other node "2.17.5"08:35
hamidlotfi_And all ovn_encap_ip ping each other08:36
anskiyhamidlotfi_: did you reinstall compute02?08:38
hamidlotfi_yes, completely remove compute02 from cluster and install new compute0208:39
anskiydo you see it here: `openstack network agent list` and in which state it is now? For each compute there should be two entries: `OVN Metadata agent` and `OVN Controller Gateway agent`08:42
noonedeadpunkI'd say that if agent was not there - it won't be able to bind port to the VM09:07
noonedeadpunkSo VM creation would fail09:07
hamidlotfi_Because the ovs_version do not match, I deleted and reinstalled it, but now in neutron-ovn-metadata-agent.service show me this error:09:11
hamidlotfi_"Error executing command (DbAddCommand): ovsdbapp.backend.ovs_idl.idlutils.RowNotFound: Cannot find Chassis_Private with name"09:11
hamidlotfi_I think it's better to install compute02 from the beginning, right?09:13
noonedeadpunkI don't think it's due to version missmatch to be frank - too minor difference09:17
noonedeadpunkhamidlotfi_: oh, `Cannot find Chassis_Private with name` is actually interesting09:17
noonedeadpunkhamidlotfi_: is the name of compute in `openstack hypervisor list` is following same naming convention? And is it same with `openstack compute service list`?09:18
anskiyAFAIR, ovs-vswitchd/ovn-controller should be adding info into southbound database, so you might try just restarting those09:18
noonedeadpunkas we sometimes have a mess with .openstack.local vs bare hostnames which can lead to smth like that09:18
hamidlotfi_https://www.irccloud.com/pastebin/o31xoueA/09:20
anskiyso, nova-compute is down too?09:21
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Bump ansible-core to 2.15.2 and collections  https://review.opendev.org/c/openstack/openstack-ansible/+/88652709:24
hamidlotfi_it's manually stopped by myself09:25
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-zookeeper master: Fix linters and metadata  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/88861009:31
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-zookeeper master: Fix linters and metadata  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/88861009:32
anskiyhamidlotfi_: I would suggest checking ovn-controller logs on compute node (`/var/log/ovn/ovn-controller.log`) and `/var/log/openvswitch/ovs-vswitchd.log` as it could have some clue about what went wrong on adding chassis into OVN SB DB.09:34
anskiynext place would be checking `chassis` and `chassis_private` tables in OVN with something like `ovn-sbctl --db tcp:<IP1>:6642,tcp:<IP2>:6642,tcp:<IP3>:6642 list chassis`09:36
anskiyto see, if there is anything with `compute02` name and how does it differ from the others.09:38
anskiyLast time I saw something similar was bootstrapping compute with wrong OVS version (2.13 vs 2.17) and it clearly was broken upon trying to add itself to SB, which was running 2.17 too.09:39
hamidlotfi_OK, I will check09:40
hamidlotfi_   Thank you very much for your help with the details.09:40
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-zookeeper master: Do not use notify inside handlers  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/88876009:58
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Do not use notify inside handlers  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/88876210:37
Tadmgariepy Here is my neutron and connectivity issue, instances can communicate with each other on their private addresses, i.e. 192.168.10.144 is able to ping 192.168.10.160 and vice versa, but they are not able to go out to the internet, i.e. ping 8.8.8.810:38
TadMy configuration files are located at https://github.com/TadiosAbebe/OSA/blob/master/etc/openstack_deploy and  I have modified the openstack_user_config.yml, user_variables.yml, ./group_vars/network_hosts, /env.d/neutron.yml and /env.d/nova.yml files.10:39
TadHere is a detail description of what i tried and how my enviroment is setup https://pastebin.com/W9xy0EWC10:39
noonedeadpunkTad: first thing I can tell - `is_container_address` should be defined only once. And that supposed to be br-mgmt10:42
Tadokay great i'll fix that.10:43
noonedeadpunkone small nit - br-vxlan is super confusing given that this is geneve - 2 different overlay protocols. 10:43
noonedeadpunkThat all is unrelated (likely) to your issue though10:43
noonedeadpunkAlso - you have all bridges except br-storage as linux bridges, and br-storage as ovs one?10:44
Tadhow so? do i need to specifiy openvswitch on my netplan for all bridges?10:45
noonedeadpunkthen, log_hosts is likely will not have any effect - we've dropped rsyslog roles as logs are managed with journald10:45
noonedeadpunkTad: well, I don't know, I'm asking you :D You have `container_bridge_type: "openvswitch"` only for 1 bridge https://github.com/TadiosAbebe/OSA/blob/master/etc/openstack_deploy/openstack_user_config.yml#L51C9-L51C4510:46
Tadnice, i'll remove the log_hosts too10:46
noonedeadpunkso was kinda wondering why not to align that to same tech :) But that's not critical as well10:46
noonedeadpunkWhat is critical, is that I don't see some required definitions of groups for OVN10:47
Tadlike what definitions?10:48
noonedeadpunkTad: I think you're missing `network-gateway_hosts` and `network-northd_hosts`10:49
noonedeadpunkhttps://docs.openstack.org/openstack-ansible-os_neutron/latest/app-ovn.html#deployment-scenarios10:50
noonedeadpunkand ovn gateway is exactly the thing that is repsonsible for external connectivity10:51
Tadyes, i have seen that from the docs but i supposed it will create them automatically. and i can see OVN Controller Gateway agent on my compute node when issuing openstack network agent list10:52
noonedeadpunkI think that controller gateway is implicitly included in network-hosts10:53
noonedeadpunkbut ovn gateway is totally not10:53
noonedeadpunkas there're multiple scenarios where to place them, and usually that's not control plane10:54
noonedeadpunkeither compute nodes or standalone network nodes10:54
TadOhh good to know, I’ll specify network-gateway_hosts on my compute node, what else do you see that is off right away?10:56
noonedeadpunkactually, that's what made northd available https://github.com/TadiosAbebe/OSA/blob/master/etc/openstack_deploy/env.d/neutron.yml10:59
noonedeadpunkthat actually looks like beingf taken from Yoga, as it should not be needed since zed11:01
Tadi did that from the following suggestion https://bugs.launchpad.net/openstack-ansible/+bug/2002897 so should i remove the neutron.yml config and just place my network-gateway_hosts on openstack_user_config.yml?11:03
noonedeadpunkWell, I'd drop both that and nova.yml as well11:03
noonedeadpunkand then defined network-gateway_hosts and network-northd_hosts11:04
Tadgreat, what else?11:04
Tadthis "Also - you have all bridges except br-storage as linux bridges, and br-storage as ovs one?" is a good point out but i don't know what i should do? 11:05
noonedeadpunkWell, I would either have all bridges on controllers as OVS or all as just linux bridges, not mix of them. But there is technically nothing wrong in mixing them if there is a reason for that11:06
noonedeadpunkin your case it should be likely easier to drop `container_bridge_type: "openvswitch"` and re-configure br-storage as simple bridge11:07
noonedeadpunkalso - once you will change env.d/conf.d/openstack_user_config you will likely need to re-run lxc-containers-create.yml playbook11:08
Tadi don't have any reason for mixing that. "We opted to move over to the new OVN provider. This solved our issues and left the deprecated LinuxBrdige driver outside of the equation. Also, VXLAN was replaced with Geneve. Relevant configuration files were adjusted as follows:" is taken from https://bugs.launchpad.net/openstack-ansible/+bug/2002897 that is why i opted for ovs11:09
noonedeadpunkTad: well, this is in the context of neutron driver. Linux bridges are indeed deprecated as a neutron drivers. But they are still part of the Linux :D11:10
noonedeadpunkand OSA is quite agnostic of tech - you can even passthrough physical interfaces inside LXC containers and not having bridges at all11:11
noonedeadpunkso it's kinda matter of prefference and taste11:11
Tadohh okay, then i'll drop the container_bridge_type: "openvswitch"11:13
Tadwhat about the host_bind_override: "bond1" is this necessary?11:15
noonedeadpunkTad: to be frank - I don't remember :D But idea behind that, is that there might be no bridge as br-vlan - as it's absolutely fine to have just interface instead of the bridge on network/compute hosts11:26
noonedeadpunkand it is not needed on storage/controller hosts at all11:26
noonedeadpunkso to avoid creating br-vlan bridge, you can just have an interface and mark that with `host_bind_override`11:26
noonedeadpunkI can't recall if you can simply use interface in `container_bridge` or not...11:27
opendevreviewMerged openstack/openstack-ansible-galera_server master: Do not use notify inside handlers  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/88752011:27
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Do not use notify inside handlers  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/88876211:30
Tadoh okay.11:30
noonedeadpunkbut if you have br-vlan bridge on compute/network hosts - you don't need host_bind_override then11:31
noonedeadpunkit's just a bit weird, as basically what will happen with that bridge - it will be added as "interface" to another bridge, while br-vlan would have only 1 interface in it. It was named as "bridge" only for consistency and naming things in the same way across all docs11:32
noonedeadpunksame with br-vxlan actually11:32
noonedeadpunkbut it would work both ways :)11:33
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Do not use notify inside handlers  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/88876611:33
Tadoh okay. When specifying network-northd_hosts network-gateway_hosts in openstack_user_config do i need to remove the network_hosts: portion or should i keep it?11:36
noonedeadpunkno, keep that11:36
noonedeadpunkit is needed for neutron-server11:37
Tadoh okay, I'm now running the playbooks after changing what you suggested11:37
Tadand when running the playbook what i have been doing so far is running all seutp-host, infrastructure and openstack after changing any configuration, is that the proper way.11:39
noonedeadpunkwell. it's long way :)11:41
noonedeadpunkit would work though11:41
noonedeadpunk(with that pace you could run setup-everything.yml as well)11:42
noonedeadpunkshort path would be to run lxc-containers-create and then affected roles. For example, if you're changing neutron configuration - run os-neutron-install.yml afterwards11:42
noonedeadpunkand lxc-containers-create is needed only when you expect changes in inventory, that would result in creating new containers11:43
Tadya it takes me about more that 4 hours, to deploy openstack on 3 nodes every time i make a change :) i'll try the lxc-containers-create route next time11:43
noonedeadpunkin current case, as you've dropped some env.d I would likely also re-create neutron-server containers, as some ovn services ended up there, while it shouldn't11:44
noonedeadpunkwow, that's too long kinda...11:44
Tadya image doing it when you have a lot to learn and experiment11:44
noonedeadpunkI wouldn't expect setup-everything to run more then 2h to be frank, but it's still really long11:44
Tadi think it took that long for me because it is installing the control plain on all three hosts11:45
noonedeadpunkand what you can do - run `openstack-ansible lxc-containers-destroy.yml --limit neutron_server`11:45
noonedeadpunkand re-create these with `openstack-ansible lxc-containers-create.yml --limit neutron_server,localhost`11:46
Tadokay great, that would be handy, for now since i have changed my netplan and reapplied it i am running setup-everything to be on the safe side11:47
Tadnoonedeadpunk: on another note when experimenting with OSA with three nodes and after successful deployment, if there is a power interruption and all my 3 servers losses power, galera cluster won’t start up and I have to go and manually do galera_new_cluster on the node where safe_to_bootstrap is 1 inside the /var/lib/mysql/grastate.dat am I doing something wrong or is there a more permanent solution.11:57
anskiyTad: yeah, it did. I would suggest revisit your openstack_user_config, as, for example this bit: https://github.com/TadiosAbebe/OSA/blob/master/etc/openstack_deploy/openstack_user_config.yml#L68-L74 -- you're installing infrastructure services for control plane (eg galera cluster) on you compute and storage nodes.11:57
noonedeadpunkI think it's intentional POC deployment ;)11:58
anskiycould be it, but that's an oportunity to speed thing up a little bit :)11:59
noonedeadpunkTad: nah, I guess it's "relatively" fair recovery process of galera. Same actually happens in split-brain, when it did not record last sequence number (due to unexpected shutdown) - it doesn't know where latest data is11:59
noonedeadpunkso yes, you need to tell it which one should act as "master"12:00
noonedeadpunkTad: well ,actually, I dunno if you knew that or not, but you can create multiple containers of same type on a single host: https://docs.openstack.org/openstack-ansible/latest/reference/inventory/configure-inventory.html#deploying-0-or-more-than-one-of-component-type-per-host12:01
noonedeadpunkso you can have 3 galera containers on the 1 host to play with clustering, for instance12:02
Tadoh okay, I guess you wouldn't encounter power interruption in production environment. The thing is I am experimenting with openstack at my office where all 3 baremetal servers are located here and no UPS. and we often encounter power interruption12:04
noonedeadpunkWell, power loss of all DC can happen, ofc, but mysql would be your least problem in case of this happening12:05
Tadanskiy as noonedeadpunk pointed out it is a POC thing, but I think I could also leave out the HA thing until i get neutron to work properly as you said it might speed things up a little12:09
Tadnoonedeadpunk what else should be i concerned with on power interruption12:10
noonedeadpunkstorage?:)12:10
Tadwhat could go wrong with storage, i'am using cinder with lvm backend and i'm not doing anything serious with the openstack cloud12:13
noonedeadpunkwell, instances that are runnning using buffers, so they can easily get broken FS inside them12:27
Tadoh you are right, i should really get a UPS for the future but currently i am at the stage where i'm just running cirros image12:31
TadHaving this openstack_user_config now https://pastebin.com/XLduZ9uK setup-openstack fails on TASK [os_neutron : Setup Network Provider Bridges] with the error "ovs-vsctl: cannot create a bridge named br-vlan because a port named br-vlan already exists on bridge br-provider"12:43
noonedeadpunkUm... honestly I'm not sure here. And you have pre-created the br-vlan with netplan config?12:47
Tadyes i have br-vlan on bond1 of my netplan12:49
NeilHanlonnoonedeadpunk: how are rocky jobs looking? i tagged new ovn yesterday12:51
noonedeadpunkI did some rechecks today but haven't checked their status yet. but my aio was good :)12:54
noonedeadpunkAnd CI seems way greener today12:54
mgariepyhey good morning.12:58
NeilHanlongood to hear :) 12:59
NeilHanloni'll follow up with amorlej to find out what I did wrong lol12:59
NeilHanlonmorning mgariepy12:59
mgariepyNeilHanlon, how did your moving all your stuff went ?13:00
NeilHanlonwent pretty well, all things considered! starting to have some semblance of normalcy now 13:01
NeilHanlonmovers cost almost 2x what they estimated us... but13:01
mgariepyhaha dust takes some time to settle :)13:01
mgariepywow.13:01
NeilHanlonoh the dust is another thing altogether lol... my asthma hates me13:01
NeilHanlonI've always moved in the fall/spring, so I didn't account for that it would take them on the longer end of their time estimate... since it was so hot13:02
NeilHanlonplus they charged me $160 for moving my sofa lol13:02
mgariepy160 only for 1 sofa ? 13:03
mgariepymust be a huge sofa ;)13:03
NeilHanlonsupposedly because it was heavy (it's a powered recliner)13:03
NeilHanlonanother $100 for a fridge they moved downstairs...13:03
NeilHanloni get the feeling they knew it was the last time they were gonna move me and wanted to get their last $$$13:04
mgariepyhow much does it cost, well it depends, how much do you have, let me get you a personalized quote ? 13:05
mgariepywell pretty much like anything else i guess.13:05
NeilHanlonthey had been good to me in the past, which is why I used them. it was like my 5th move with this same group13:06
NeilHanlonbut yeah, it felt a bit like a bait and switch13:07
mgariepythey offer good service/price for moving between appartement but do charge way more for a house ?13:07
mgariepyhaha13:07
Tadnoonedeadpunk: when i put back host_bind_override: "bond1" on container_bridge: "br-vlan" os-neutron-install.yml completed without error13:11
mgariepycan i have some review on : https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/888314 and https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/88849813:14
* NeilHanlon nods13:15
Tadmgariepy: when you got time, here is the problem I was referring yesterday: https://pastebin.com/W9xy0EWC and here is my latest openstack_user_config.yml fine after making changes suggested by noonedeadpunk https://pastebin.com/XLduZ9uK but the issue still persist any help would be appreciated13:58
jamesdentondoes the haproxy role provide the ability for each endpoint to have a unique fqdn using port 443?14:05
jamesdenton@Tad did you create a neutron router and connect it to the external network as well as the tenant network? can you ping the default gateway from the VM?14:06
jamesdenton(sorry, looks like i missed that on line 8)14:06
jamesdentonIf your public network truly is 10.20.30.0/24, do you have an upstream NAT? that network is not routable14:07
mgariepyjamesdenton, haproxy does supports SNI14:07
noonedeadpunkjamesdenton: you can do that with haproxy maps since Antelope relatively easily14:07
jamesdenton but 2023.1 is the key there, huh?14:08
Tadjamesdenton even though instances can ping each other they are not able to ping their gateway.14:08
Tadand i don't have any nat on that network it is a vlan 102 network created on the router14:08
noonedeadpunkI've heard folks doing that even before, but with maps it should become relatively easily14:09
jamesdentonTad if you expect your tenant network to reach the internet, then the external network needs to either be routable or have some NAT upstream. The provider network itself needs a default gateway that can reach the internet14:09
jamesdentonthanks noonedeadpunk mgariepy 14:09
jamesdentonTad did you attach the router to the tenant network? openstack router add subnet <router> <tenant subnet>14:10
noonedeadpunkTad: so from VM you can't reach router gateway, right?14:10
noonedeadpunkopenstack router I mean14:10
Tadjamesdenton yes i, but the vms are'nt able to ping either their gateway or the interface on the other end which is my provider network. 14:12
Tadnoonedeadpunk yes they cant reach the gateway14:12
jamesdentonsure, so the first problem, then is getting them to ping the tenant gateway14:12
jamesdentonthere's only 1 compute?14:12
Tadyes14:12
jamesdentoncan you do me a favor and provide the output of "ovs-vsctl list open_vswitch" from all 3 nodes?14:13
Tadjamesdenton here you go https://pastebin.com/Hz3UP6u214:16
jamesdentonthanks14:17
jamesdentoncan you also please provide: openstack network show and openstack subnet show for the 2 networks?14:20
Tadjamesdenton here you go https://pastebin.com/70LJggp514:25
jamesdentonand just to confirm, your VM IPs are really 10.0.0.x not 192.169.10.x right?14:26
Tadyes they where on 192.168.10.0 but they are on 10.0.0.0 network now14:27
jamesdentonDHCP seems to be working?14:28
Tadyes it is14:28
Tadjamesdenton can you see any problem on my openstack_user_config file here https://pastebin.com/XLduZ9uK or is it about right14:29
jamesdentonNot sure if you intended on spreading out services across all three nodes or not14:30
jamesdentonat a glance, the OVN bits seem OK14:31
jamesdentonon the compute, can you show me the 'ovs-vsctl show' output?14:31
Tadyes i wanted to test a hyperconverged control plane14:33
Tadhere you go https://pastebin.com/WCzpS4bA14:33
Tadbut when Having this openstack_user_config https://pastebin.com/XLduZ9uK setup-openstack fails on TASK [os_neutron : Setup Network Provider Bridges] with the error "ovs-vsctl: cannot create a bridge named br-vlan because a port named br-vlan already exists on bridge br-provider" but when i add host_bind_override: "bond1" on container_bridge: "br-vlan" os-neutron-install.yml completed without error14:36
jamesdentonok, so i lied. I see ovn-bridge-mappings="vlan:bond1", which implies bond1 is a bridge, and that vsctl show output confirms that. I suspect you mean for bond1 to be the interface used, and that should be connected to a bridge (likely br-provider)14:36
jamesdentonthe openstack_user_config.yml shows br-vlan, though, so maybe br-provider was rolled by hand later?14:37
anskiythere is bridge called br-provider, which contanins port br-vlan (like in the error you mentioned before), and in your netplan config, br-vlan is the linux bridge with bond1. At the same time, bond1 is a port in OVS bridge bond1...14:37
anskiyYou might need to delete OVS bridge br-provider, maybe?.. As I don't really see, where it's been used14:38
jamesdentonMine looks like this: https://paste.opendev.org/show/bLkYnCApAH4vXAULykQk/. Playbooks would create br-provider (if it doesn't exist) and connect bond1 to br-provider (bond1 must be an existing interface)14:40
Tadso there is a bunch of "failed to add bond1 as port: File exists" inside ovs-vswitchd.log and i think this is happing because i added back the host_bind_override: "bond1" on my config. but without that the playbook fails14:40
jamesdentonhost_bind_override should only be for linuxbridge, IIRC14:41
jamesdentontry using "network_interface: bond1" instead. In the meantime, you should be able to delete br-provider bridge. br-vlan is probably also unnecessary14:42
jamesdentonalso, if you have the playbook error that would be helpful14:42
Tadhow did the the br-provider get created in the first place though?14:44
jamesdenton¯\_(ツ)_/¯ 14:46
Tadand the thing about deleting br-provider of br-vlan is i dont want to go and manually remove these things because i want this to be a repeatable process. so when i move to testing deployment on different machine i want to be able to run the playbooks and make them work. any way i could control this from openstack ansible configs?14:48
jamesdentonWell, the environment is in an incompatible state at the moment. The playbooks don't delete anything network related, only create/modify - but ideally you would setup openstack_user_config.yml and the correct bits would be done the first time14:50
jamesdentonfor OVS/OVN, you want an OVS provider bridge connected directly to a physical interface. The snippet i sent would result in the playbooks creating br-provider and connecting bond1.14:51
Tadohh great, it might me something that was created before so, let me clean install the enviroment run the script with the my latest openstack_user_config and let me get back to you then.14:51
jamesdentonwanna ship that config over first so we can glance at it?14:51
Tadsure, https://pastebin.com/XLduZ9uK14:52
jamesdentonand your netplan?14:52
Tadlet me collect them in one file, give me a min14:53
Tadnetplan: https://pastebin.com/6erRikBP  user_variable https://pastebin.com/7qxF9rBG14:55
Tadjamesdenton: do i need to use openvswitch bridges on my host machines?14:56
jamesdentonno14:56
Tadso the above configs seems okay?14:56
jamesdentonok, so my suggestion would be to remove br-vlan from netplan14:56
jamesdentonthen, in openstack_user_config, in the br-vlan network block, add 'network_interface: "bond1"' under 'container_bridge: "br-vlan"'14:58
jamesdentonbr-vlan will end up being created as an OVS bridge14:58
jamesdentoneverything else looks pretty sane at a glance14:58
jamesdentonwhich version of OSA?14:59
Tadzed14:59
Tad26.1.215:00
jamesdentonk15:00
jamesdentoncool, give that a go and let us know. should be around for a bit15:00
Tadgreat, i'll do that and get back to you later. i have learned a lot today. jamesdenton anskiy noonedeadpunk thank you very much for your time.15:01
jamesdentonand you going to wipe and redeploy?15:01
Tadwhat i usually do is i have a timeshift snapshot before i run anything on the machines, so i restore to that point and go on from there15:01
noonedeadpunk#startmeeting openstack_ansible_meeting15:02
opendevmeetMeeting started Tue Jul 18 15:02:18 2023 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:02
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:02
opendevmeetThe meeting name has been set to 'openstack_ansible_meeting'15:02
jamesdentonoh cool15:02
noonedeadpunk#topic rollcall15:02
noonedeadpunko/15:02
jamesdentono/15:02
mgariepyhey o/15:03
damiandabrowskihi!15:03
NeilHanlono/ 15:04
noonedeadpunk#topic office hours15:05
noonedeadpunkso, gates look green now - thanks NeilHanlon for fixing OVN stuff!15:06
jamesdentonyay15:06
noonedeadpunkWe are free to recheck things now15:06
NeilHanlonwee15:06
jamesdentonon the topic of OVN, looks like there's a new OVN agent coming in Bobcat. I will try and get that implemented ASAP15:07
jamesdentonunless someone else gets to it first15:07
* noonedeadpunk was not planning to do that at least15:07
noonedeadpunkI've also pushed 2 patches to fix CentOS LXC (systemd-udev), as it doesn't seem like they're going to do that from their side: https://review.opendev.org/q/topic:osa%252Fcentos_lxc15:08
* NeilHanlon will also follow up on that bugzilla ticket with the stream product manager because this is absurd15:08
noonedeadpunkI see literally 0 move in the bug report15:08
noonedeadpunkdo they still reply you NeilHanlon? :D15:09
NeilHanlonunclear :) 15:09
NeilHanlonto quote a friend... I don't want to live in interesting times anymore15:09
jamesdentonloosely following along... Rocky has a path forward?15:10
* noonedeadpunk wonders why they still have IRC channels and not only customer portal15:10
NeilHanlonjamesdenton: until our lawyers tell us otherwise and/or RH cuts off the means by which we are accessing the sources, yep15:10
jamesdentonright on15:10
NeilHanloni'm vaguely interested in trying to keep the stream stuff out of Experimental for our jobs, but will admit my fervor to do so has been ... lost15:11
noonedeadpunkI really wonder who in their sane mind would deploy Stream in production...15:13
noonedeadpunkEspecially these days15:13
NeilHanlonostensibly, Meta (facebook) does. they contribute a lot to Stream. I just... often question if a hyperscaler's interests are aligned with everyone else. their needs aren't typical of 99% of operators of infrastructure IME15:14
mgariepysomeone with too much political leverage over the distro choise ;)15:14
mgariepychoice** 15:15
noonedeadpunkNeilHanlon: they are? o_O then I have some questions, why things, like mcrouter are build only for Ubuntu...15:15
NeilHanlone.g., ELN (Fedora Rawhide but for Stream, which will become Stream 10), is upping the x86 microarch _again_ -- so you'll need a processor supporting at least x86v3 to run EL10 (Stream/RHEL... whatever exists downstream of it now)15:16
jamesdentonx86-64-v3 is what, Haswell? Or newer?15:17
NeilHanlonhaswell and newer15:19
noonedeadpunkI'm not sure I have running aything earlier then Hasswell to be frank, but I for sure know ones who have 15:20
NeilHanlonyeah, and there's a long legacy of supporting... legacy devices in the CentOS world15:20
noonedeadpunkOn another topic - I've pushed all (or close to all) changes for new ansible-lint: https://review.opendev.org/q/topic:osa%252Fcore-2.15 Bad news - we still need new tag for ansible-lint to pass tests. 15:21
NeilHanlonthat's a lot of patches :) 15:21
noonedeadpunkyeah, some of them are legitemally failing, some would need rechecks15:21
noonedeadpunkI'm also afraid of accidental mistakes that were made 15:22
noonedeadpunkLike forgotten quotes or splitting into multiple lines wrongly15:22
noonedeadpunkI also have no idea why focal fails here: https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/88813215:23
noonedeadpunkWhile we should probably jsut drop focal by now, with https://review.opendev.org/c/openstack/openstack-ansible/+/886517, but fact it is failing is concerning15:23
noonedeadpunkAlso quorum queues kinda ready for reviews: https://review.opendev.org/q/topic:osa/quorum_queues Only base services covered by now - don't want to invest more time until approach is not accepted15:26
noonedeadpunkSome time has been spent on fixing Zed as well. We have a circular dependency there, so had to disable CI and restore it afterwards: https://review.opendev.org/q/parentproject:openstack/openstack-ansible+branch:%255Estable/zed+status:open++label:Verified15:27
NeilHanloni'll try and take a look at the ansible lint stuff for 'human mistakes' and such for you15:30
noonedeadpunkShould do same for Yoga I believe15:30
noonedeadpunkNeilHanlon: Yeah, at some point I become feeling sick of doing these patches, so there are obviously some mistakes were made...15:30
noonedeadpunkand YAML is damn hard to be frank15:30
NeilHanlonyep, i know what you mean :) 15:31
noonedeadpunkin terms of all these spacing things with `|` and `>` and `-` in tags...15:31
noonedeadpunkugh15:31
NeilHanloni need a drink just hearing you discuss it!15:33
noonedeadpunkBut that's kinda it I guess. Will try to have some progress with opensatck_resources role during next week15:33
noonedeadpunkTalkign about this patch https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/87879415:34
noonedeadpunkwanna add some image-related things15:34
NeilHanlonoh, nice!15:35
NeilHanlonpossibly/probably relevant -- https://bugzilla.redhat.com/show_bug.cgi?id=222182015:53
noonedeadpunk`RHEL 8.9 will still use 2.15 with python 3.11`16:00
noonedeadpunkmakes total sense (no)16:00
noonedeadpunk#endmeeting16:00
opendevmeetMeeting ended Tue Jul 18 16:00:59 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:00
opendevmeetMinutes:        https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-07-18-15.02.html16:00
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-07-18-15.02.txt16:00
opendevmeetLog:            https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-07-18-15.02.log.html16:00
spatelAre you guys using ceilometer + gnocchi for billing or Ceilometer + Monasca = Ceilosca ?16:10
spatelI am confused what to use for billing and why?16:11
spatelI was thinking to use prometheus but its not true billing tool 16:11
spatelGnocchi is unmaintained so not worth deploying for new cloud16:14
noonedeadpunkI'd say gnocchi is pretty much maintained as of today16:16
noonedeadpunkit could be better maintained ofc, but it's not fully unmaintained either16:17
noonedeadpunkLike monasca is waaay less maintained 16:18
NeilHanlonno or few commits doesn't always mean unmaintained16:22
spatelHmm! noonedeadpunk so you prefer gnocchi 18:29
noonedeadpunkI can't say I am fan of gnocchi, but it works quite nicely. But it's heavy as hell18:30
noonedeadpunkCan't say monasca with whole that software stack it requires is lightweight...18:31
noonedeadpunkbut fwiw, moansca was one step from getting a deprecated project previous cycle18:31
NeilHanloni like gnocchi the food18:32
noonedeadpunkas gnocchi the tech - you need to know how to cook it :D18:34
NeilHanlon:)18:36
opendevreviewMerged openstack/openstack-ansible-haproxy_server master: Add ability to have different backend port.  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/88831422:18
« Monday, 2023-07-17 Index Wednesday, 2023-07-19 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!