Tuesday, 2023-08-15

« Monday, 2023-08-14 Index Wednesday, 2023-08-16 »
jrossermorning08:13
opendevreviewKatarina Strenkova proposed openstack/openstack-ansible-os_manila master: Replacedeprecated terms  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/89020209:13
noonedeadpunko/10:10
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Stop reffering _member_ role  https://review.opendev.org/c/openstack/openstack-ansible/+/89140010:59
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Stop reffering _member_ role  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/89146111:03
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_adjutant master: Stop reffering _member_ role  https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/89146211:04
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_sahara master: Stop reffering _member_ role  https://review.opendev.org/c/openstack/openstack-ansible-os_sahara/+/89146311:07
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_horizon master: Stop reffering _member_ role  https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/89146411:08
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_swift master: Stop reffering _member_ role  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/89146511:10
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Stop reffering _member_ role  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/89146611:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Install distro_packages in pre-main  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/88993411:49
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Make `_member_` role to imply `member`  https://review.opendev.org/c/openstack/openstack-ansible/+/89147313:24
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_adjutant stable/zed: Install mysqlclient devel package  https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/89144713:27
jrosserwierd - someone else had this i think13:34
jrosser`fatal: [aio1_utility_container-efdc639c -> aio1_repo_container-effb8d8f(172.29.237.157)]: FAILED! => {"attempts": 5, "changed": false, "msg": "No package matching '{'name': 'ubuntu-cloud-keyring', 'state': 'latest'}' is available"}`13:34
jrosserlike somewhere a dict gets parsed as a string13:34
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump upstream SHAs  https://review.opendev.org/c/openstack/openstack-ansible/+/89147413:34
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_gnocchi master: Use proper galera port in configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/89010013:35
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump upstream SHAs  https://review.opendev.org/c/openstack/openstack-ansible/+/89147413:37
noonedeadpunkjrosser: ah, yes, I saw someone has reported that, but I didn't catch that it's indeed a string...13:41
noonedeadpunkI wonder if we should land this https://review.opendev.org/c/openstack/openstack-ansible/+/888517, as patches already voted depend on it, or abandon in favor of 891474?13:41
jrosserrather annoyingly i re-ran just utility-install.yml with -vvvv to see what was passed to the module, but of course it just-worked(tm)13:42
noonedeadpunkAnd in report it was same, actually13:42
jrossermy failure was in fresh AIO trying to run playbooks/setup-everything.yml13:43
noonedeadpunkmaster?13:43
jrosseryeah13:43
jrosserkind of ansible bug feeling somehow13:43
noonedeadpunkor import/inlcude13:45
jrosserhow would that be?13:45
noonedeadpunkas I see ubuntu-cloud-keyring only in openstack_hosts13:46
noonedeadpunkand your output - utility delegates to repo13:46
jrosseryes13:46
noonedeadpunkWhich I hardly imagine to be part of openstack_hosts?13:46
jrosserit's part of python_venv_build i think13:47
noonedeadpunkSo it's like `_package_list` is used elsewhere?13:47
jrosser"install distro packages for...."13:47
jrosseri think i might have lost it off my scrollback, /me looks13:47
noonedeadpunkopenstack_hosts doesn't run that? does it?13:47
jrosseroh i see what you mean13:47
jrosserlike some var name aliasing with _package_list?13:48
noonedeadpunkyeah13:49
jrosseri'll check the ansible log when this finishes and i can paste what it said13:49
noonedeadpunkwhere it assumes to be dict rather then list13:49
jrosserlost it off my scrollback now13:49
noonedeadpunk*string13:49
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Drop Ubuntu 20.04 support  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/89147513:51
noonedeadpunkjrosser: and yes, same _package_list variable is smth we try to define in python_venv_build13:52
noonedeadpunkhttps://opendev.org/openstack/ansible-role-python_venv_build/src/branch/master/tasks/python_venv_wheel_build.yml#L20-L3313:52
noonedeadpunkand these are the only places which intersect:)13:53
noonedeadpunkSo there're proper and easy way :D Easy - just rename vars in both places to include role names, which is kinda fair to do. Proper would likely be to ensure we do import/include properly.13:54
jrosserhttps://paste.opendev.org/show/buvg5E7IpqJdVH3ma1hA/13:54
noonedeadpunkAlso I wonder if we already might have patch that's not merged...13:55
jrossernot sure - i remember seeing the report but having no time to take a look13:55
noonedeadpunknah, I was jsut patching smth simmilar lately13:56
noonedeadpunkI guess I was thinking about this one: https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/88034413:58
noonedeadpunkapparently same happens with python_venv_build13:59
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-openstack_hosts master: Rename internal variable _package_list  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/89147614:03
opendevreviewJonathan Rosser proposed openstack/ansible-role-python_venv_build master: Rename _package_list variable  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89147814:08
jrosserhumm well yes we do need to merge either 888517 or 89147414:38
jrosserheat is broken either way14:38
noonedeadpunkand telemetry stack14:46
noonedeadpunk888517 sounds easier and then 891474 on top14:46
noonedeadpunklet me rebase accordingly14:47
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Define default value for _service_adminuri_insecure  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/88970714:47
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Add openstack_resources role skeleton  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/87879414:47
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Adopt for usage openstack_resources role  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/88987914:49
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_tempest master: Adopt for usage openstack_resources role  https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/88974114:53
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Update SHAs for Gnoochi and plugins  https://review.opendev.org/c/openstack/openstack-ansible/+/88851714:55
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump upstream SHAs  https://review.opendev.org/c/openstack/openstack-ansible/+/89147414:55
noonedeadpunk#startmeeting openstack_ansible_meeting15:00
opendevmeetMeeting started Tue Aug 15 15:00:34 2023 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'openstack_ansible_meeting'15:00
noonedeadpunk#topic rollcall15:00
noonedeadpunko/15:00
jrossero/ hello15:01
noonedeadpunk#topic office hours15:03
noonedeadpunkWe have couple of things going on15:03
noonedeadpunk1. Heat and telemetry are blocked, we need to land https://review.opendev.org/c/openstack/openstack-ansible/+/888517 to fix them15:03
noonedeadpunk2. Fix for keystone regarding passwords that are longer 54 symbols has landed to master. Backports are proposed but not merged yet15:04
noonedeadpunkThis blocks our stable bracnhes upgrade jobs15:04
noonedeadpunkI'm inlcined not to merge anything to our repos and just wait for keystone fixes15:05
NeilHanlono/15:05
noonedeadpunkRegarding _member_ role that's not invalid - I've proposed patch to mark the role as implied. And series of patches to stop reffering to _member_15:06
noonedeadpunk#link https://review.opendev.org/q/topic:osa%252Fmember_role15:06
jrosserthis is a big surprise at upgrade15:07
noonedeadpunkInterestingly, rocky failed a lot there. Either on tempest or with timeouts15:07
noonedeadpunkYeah... Keystone has brought plenty of surprises this time I would say15:07
jrosserdo we need a releasenote about the member changes, or should the patches take care of it automatically?15:07
noonedeadpunkNot saying about invalid tokens15:07
noonedeadpunkThat is very good question15:08
noonedeadpunkI was thinking about release note, but I failed to find when Keystone has marked _memeber_ as deprecated15:08
noonedeadpunkSo I got slightly confused on what to say in a release note15:08
jrosserwheres the implied role patch?15:08
noonedeadpunkum.... don't tell me I haven't pushed it and just did `git reset origin/master --hard`15:09
* jrosser not seeing it under the topic link15:10
noonedeadpunkah15:10
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible/+/89147315:10
jrosseraaaah ok so this is addressed at upgrade15:11
jrosserwe never skip 2023.1? :)15:11
noonedeadpunkAccording to officially supported upgrade process - we should not15:12
jrossermaybe *that* is actually where the releasenote needs to go15:12
noonedeadpunkok, what we wanna mention there? 15:15
noonedeadpunkrefference the keystone bug that application credentials are still borked?15:16
noonedeadpunk(with _member_ role)?15:16
jrossermaybe saying that this is the release which OSA transitions from _member_ to member15:16
jrosserhandled automatically in upgrade scripts blah blah15:17
jrosseror rather, existing deployments get an implied role added for backward compatibility15:17
noonedeadpunkalso, I'd say that ones who want skip slurp releases during upgrades - doing that on their own risk and will have plenty of other hacks. And should execute all upgrade steps regardless15:17
noonedeadpunkyeah, last one sounds good15:18
noonedeadpunkWill add reno then15:18
noonedeadpunkAnd I guess we'd need to backport https://review.opendev.org/q/topic:osa%252Fmember_role to 2023.1 as well15:19
jrosserlike you say about waiting for keytone to merge password length fixes....15:19
jrosserwe have also not taken 2023.1 upgrade past lab tests because of all the keystone things15:19
jrosseralso waiting for proper upstream fixes to merge15:20
noonedeadpunkyeah, I was going to look into flushing memcached after keystone upgrade as well15:20
noonedeadpunknot sure when exactly to run this though15:20
noonedeadpunkand where to add15:20
noonedeadpunksounds like adding a variable and running either in keystone playbook or in the role itself is by far only ways15:21
jrosserthough that might be not needed once the password length thing is addressed?15:21
noonedeadpunkI think these are 2 independent regressions15:21
noonedeadpunkcaused by different patches15:21
noonedeadpunkAnd I'm not sure how to fix this one on keystone side15:22
noonedeadpunk#link https://bugs.launchpad.net/keystone/+bug/202913415:24
noonedeadpunkI asked patch submitter to have a look into that, but not sure if they did...15:24
noonedeadpunkBut if that's trivial to workaround - probably we should do that then...15:25
noonedeadpunkor well - possible to workaround at very least.15:25
jrosseri did look at that with andrewbonney and it looks like something that needs patching in keystone15:26
noonedeadpunkbut issue goes after cache timeout, from what I've read?15:27
jrosseryes thats right15:27
noonedeadpunkso, if flush cache...?15:27
jrosserah so this is where memcached flush15:27
jrosseruyes15:27
noonedeadpunkI haven't tested though, as that sounds not super trivial to reproduce/witness and ensure that flushing cache is not a co-incidence15:28
noonedeadpunkBut was going to try it out later today15:29
jrosseryou need a deployed cloud with services running15:29
jrosseri suspect with no monitoring you wont see anything15:29
noonedeadpunkAlso openstack_resources role looks very close to get it's initial state. Tempest is passing now while using the role. Octavia was almost passing - keypair was owned by a wrong user.15:30
noonedeadpunkYeah, and monitoring should be also "proper" one15:30
* noonedeadpunk not even sure that their production monitoring will catch it either15:30
noonedeadpunkBut I guess, that if I run tempest test, then upgrade keystone, running tempest again should fail?15:31
noonedeadpunkas it's interaction between services that is affected?15:31
noonedeadpunklike nova can't query neutron or placement15:32
jrosserfrom our notes, as soon as you upgrade keystone then everything else fails to auth15:33
jrosserbecause it expects oauth2_thumbprint in the tokens, and it's missing15:33
noonedeadpunkbut not CLI? As cli does not cache tokens?15:34
noonedeadpunk(I assume)15:34
jrosseri assume not15:35
noonedeadpunkI guess anything that uses keystone_authtoken15:35
jrosserbut iirc our alerting (haproxy?) all went bananas at that point15:35
jrosserandrew is back tomorrow and might be able to say exactly what it did15:35
noonedeadpunkhm... maybe patch to keystone is more trivial then I thought 15:36
jrosserright - it just needs to not try to parse that field if it's absent15:36
jrosseror have some non-failing accessor method to get() it15:36
noonedeadpunkYeah, I will try to patch that actually as well15:38
noonedeadpunkAs it's failing here https://opendev.org/openstack/keystone/src/commit/f6a0cce4409232d8ade69b7773dbabcf4c53ec0f/keystone/common/render_token.py#L145-L14815:38
jrosserthats it15:39
noonedeadpunkNot sure if that's the only place that needs adjustment15:39
noonedeadpunkas such assumptions are everywhere in code kind of15:39
noonedeadpunkSo it could be just first place15:39
noonedeadpunkanyway, will see :)15:40
* noonedeadpunk hopes to get keystone fixes to land before September15:43
jrosseri think there is at least a regular keystone meeting now15:44
noonedeadpunkyup, was on previous one15:44
opendevreviewJames Denton proposed openstack/openstack-ansible-os_nova master: Allow Glance region to be set via variable  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89151515:47
noonedeadpunk#endmeeting16:01
opendevmeetMeeting ended Tue Aug 15 16:01:53 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:01
opendevmeetMinutes:        https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-08-15-15.00.html16:01
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-08-15-15.00.txt16:01
opendevmeetLog:            https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-08-15-15.00.log.html16:01
jrosserrunning a complicated aio scenario ends up with pretty random tempest test configuration]16:07
jrosserincludelist from role X and excludelist from role Y16:08
jrosseroh even better SCENARIO=aio_lxc_magnum_barbican_octavia blows up straight away16:11
jrossertempest_run.log `The specified regex doesn't match with anything`16:12
noonedeadpunkugh, yeah, I can imagine this happening...16:14
jrosserok i confirmed it's because of getting junk includelist / excludelist contents16:16
jrosseri think i should be able to make this aggregate all the tests from the enabled roles16:16
jrosseruse one of those specially prefixed var names16:17
noonedeadpunkwhat makes it non-trivial, as we're defining these lists in different files16:17
noonedeadpunk(unless it wasn't fixed and I guess it wasn't)16:18
noonedeadpunkand then we should have some "default" tests when nothing else is defined16:18
noonedeadpunkI do recall trying to improve things, but it was non-trivial 16:18
jrosseri think i can rename these vars https://github.com/openstack/openstack-ansible/blob/master/tests/roles/bootstrap-host/templates/user_variables_magnum.yml.j2#L5616:19
jrosserthen use a regex search through the vars names to gather them all, like we do in PKI role for CA definitions16:19
jrosserlike this https://github.com/openstack/ansible-role-pki/blob/master/vars/main.yml#L1716:20
noonedeadpunkah, yes, true16:25
noonedeadpunkyou're right16:25
noonedeadpunkthat should work really nicely16:25
-opendevstatus- NOTICE: Zuul job execution is temporarily paused while we rearrange local storage on the servers16:53
noonedeadpunkjrosser: https://review.opendev.org/c/openstack/keystone/+/891521 "just works"17:39
jamesdentonnice17:40
-opendevstatus- NOTICE: Zuul job execution has resumed with additional disk space on the servers17:43
opendevreviewMerged openstack/openstack-ansible-lxc_hosts master: Refactor LXC image expiration  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/88827819:26
opendevreviewMerged openstack/openstack-ansible master: Remove dynamic-address-fact call which is no longer required  https://review.opendev.org/c/openstack/openstack-ansible/+/89030619:49
opendevreviewMerged openstack/openstack-ansible master: haproxy: fix health checks for serialconsole in http mode  https://review.opendev.org/c/openstack/openstack-ansible/+/89052019:49
opendevreviewMerged openstack/openstack-ansible-os_rally master: Fix linters and metadata  https://review.opendev.org/c/openstack/openstack-ansible-os_rally/+/88860521:46
opendevreviewMerged openstack/openstack-ansible-os_keystone master: Install libldap-common for keystone  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/89053321:52
« Monday, 2023-08-14 Index Wednesday, 2023-08-16 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!