Monday, 2023-09-18

« Sunday, 2023-09-17 Index Tuesday, 2023-09-19 »
*** NewJorg_ is now known as NewJorg05:06
jrossergood morning07:47
damiandabrowskihi!08:15
damiandabrowskijrosser: can you please have a look here? you never replied to my answer :D https://review.opendev.org/c/openstack/openstack-ansible/+/88519408:15
admin1\o08:30
noonedeadpunkmornings09:52
* noonedeadpunk catching up with what I've missed during last week09:52
jrosserdamiandabrowski: i think my comment really was from the code not being obvious what it is doing just from the var names09:53
jrosserwhen you read this `{% if lookup('env', 'UPGRADE_TARGET_BRANCH') == '' %}` it is not clear what is happening without understanding/remembering lots about how the test vars work09:54
derekokeeffeMorning all. Could anyone shed some light on this https://paste.openstack.org/show/bU1E0joDdf4eWiV8wjlj/ maybe you might know noonedeadpunk as you have it working. What crypto plugin is it looking for?10:14
derekokeeffePlease of course10:14
noonedeadpunkderekokeeffe: what do you have in your config?10:17
derekokeeffeChrystoki.conf?10:17
noonedeadpunknah, barbican_backends_config10:18
noonedeadpunkspecifically value of `secret_store_plugin`10:19
derekokeeffeAh ok, two sec10:19
derekokeeffeThere you go noonedeadpunk https://paste.openstack.org/show/bxLxTmA8WiTwkZ61DHvQ/10:21
noonedeadpunkhm10:26
noonedeadpunkderekokeeffe: is that error raised when admin creates a secret or a user?10:29
noonedeadpunkthough it shouldn't matter...10:30
noonedeadpunkas maybe the user just missing required role to store keys?10:31
KarniDoes  Source Nat only happen on network nodes?10:37
KarniIf I send traffic from an instance on Comp1 to another instance on Comp2, while they are in different tenants, traffics goes through network nodes. True?10:37
KarniWhat If thoes two instances be in the same tenant? Then the traffic won't go to the network nodes, right?10:38
derekokeeffeSorry noonedeadpunk, laptop needed to be restarted. when I do openstack secret store --name mysecret1 --payload testPayload or openstack volume create --size 1 --type LUKS 'encrypted volume I get that error10:39
noonedeadpunkderekokeeffe: you do that as user or admin?10:41
jrosserKarni: have you done an experiment with iperf or something to generate a lot of traffic and see where it goes?10:41
noonedeadpunkAs in case of user, my guess would be that the user don't have required role assigned  to use barbican10:41
noonedeadpunkhttps://docs.openstack.org/barbican/latest/admin/access_control.html#default-policy10:42
jrosserKarni: this really is all about how OVN works (if thats what you are using), see https://www.ovn.org/support/dist-docs/ovn-architecture.7.html10:42
noonedeadpunkderekokeeffe: what we did was to make `creator` role as implied to `member`10:42
Karnijrosser: I used `iperf`, but didn't track it; Actually the system is in production and it's to track where the traffic goes as there are ather traffics too.10:43
KarniThanks for the link10:43
derekokeeffeI do that as admin from the utility container10:43
derekokeeffeIs there a link to show how to create a @creator@ role to make it work noonedeadpunk?10:45
noonedeadpunkIIRC it should be like that: openstack implied role create member  --implied-role creator10:46
derekokeeffeOk thanks for that noonedeadpunk, how do I then tell barbican that the 'creator' is the one cretaing the secret?10:49
noonedeadpunkIt's a default role10:52
noonedeadpunkand with implied role you made all `member` to be also `creator`10:52
noonedeadpunkand admin implies member same way10:53
derekokeeffeAh ok, I get ya now. Thanks noonedeadpunk10:54
noonedeadpunkdoes it work now?:)10:54
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron stable/zed: Stop haproxy on ovn-controller nodes  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/89345110:57
derekokeeffeNope same thing "crypto plugin not found"11:06
opendevreviewDamian DÄ…browski proposed openstack/openstack-ansible master: Add tls upgrade jobs  https://review.opendev.org/c/openstack/openstack-ansible/+/88519411:19
damiandabrowskijrosser: i added a comment that explains my intentions11:20
noonedeadpunkderekokeeffe: hm... that's quite weird....11:36
noonedeadpunkderekokeeffe: you have [secretstore] / enabled_secretstore_plugins = store_crypto and [crypto] / enabled_crypto_plugins = p11_crypto in barbican.conf?11:44
noonedeadpunkand then `[p11_crypto_plugin]` section with library_path, slot_id and etc?11:45
mgariepygood morning everyone !11:49
noonedeadpunk\o/11:49
derek__yep noonedeadpunk https://paste.openstack.org/show/bIOQaIYvGu8goUCmoAco/ I made sure the path exists as well12:32
derek__my name got changed here for some reason12:33
noonedeadpunkhuh.... I don't know then...12:53
noonedeadpunkTo get answers I'd need to reporduce first and debug code afterwards12:54
noonedeadpunkand why this returns empty list: https://opendev.org/openstack/barbican/src/branch/master/barbican/plugin/crypto/manager.py#L11812:55
opendevreviewMerged openstack/openstack-ansible-galera_server stable/2023.1: Replace libgcc1 with libgcc-s1 for Debian  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/89459613:03
derek__Ok thanks noonedeadpunk, wonder would a reinstall make any difference in case I did something wrong13:08
noonedeadpunknah, I don't think it will... It's some logical issue I don't get tbh13:08
noonedeadpunkAt least I don't see any right now13:08
noonedeadpunkI also checked that things working properly in our lab with Antelope13:09
derek__Ok so, thanks for taking a look noonedeadpunk13:09
noonedeadpunkmaybe you can ask in barbican channel....13:09
noonedeadpunkit's not very active, but still13:09
noonedeadpunkworth a shot13:09
derek__Ok I'll try that so13:14
semanticHello! We have faced high cpu usage by beam.smp (rabbitmq) on our hosts, deployed with openstack-ansible. We colocate different services including neutron, glance, nova, ceilometer and horizon on these hosts. High cpu usage may be solved by using the next parameter: RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="+sbwt none +sbwtdcpu none +sbwtdio none" /etc/rabbitmq/rabbitmq-env.conf file, and it seems this was already adopted by tripleo and kolla but 13:31
semanticnot by openstack-ansible. Maybe there were specific reasons for not adding the parameter, or somebody could advice against adding it?13:31
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Define mode for journald configuration file  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/89568113:32
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_glance master: Split lines to not exceed 160 characters limit  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/89568213:38
noonedeadpunksemantic: hey13:41
noonedeadpunkI think, there's a hack that would allow to do same thing....13:42
noonedeadpunkit's a hack though13:42
noonedeadpunklike define in user_variables.yml following: `rabbitmq_process_limit: "1048576 +sbwt none +sbwtdcpu none +sbwtdio none"`13:43
noonedeadpunktbh I never looked into these flags and what they do.13:44
noonedeadpunkI think in my experience high load usually is directly connected to some queues without consumer, like some notification queue. As having millins of message in a queue always result in high cpu usage.13:51
semanticYes, it would be understandable. But in our case high load exist virtually without any significant load, like 1-4 messages/s on just deployed openstack with just a couple of test VMs.13:54
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Add ability to define extra arguments for erlang  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/89568613:57
noonedeadpunksemantic: I've pushed the patch to explicitly support feature you're talking about ^13:57
noonedeadpunkin the menawhile I believe the suggested workaround should just work13:59
noonedeadpunksuch load is quite werid to be frank. We don't see anything really outstanding on our production deployments without these flags...14:07
noonedeadpunkSo I guess we didn't have that as nobody asked for them before14:08
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder master: Split lines to not exceed 160 characters limit  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/89568814:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Split lines to not exceed 160 characters limit  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89568914:19
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump ansible-core to 2.15.3 and ansible-lint  https://review.opendev.org/c/openstack/openstack-ansible/+/89237114:20
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump ansible collection versions  https://review.opendev.org/c/openstack/openstack-ansible/+/89237314:20
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump ansible-core to 2.15.3 and ansible-lint  https://review.opendev.org/c/openstack/openstack-ansible/+/89237114:21
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump ansible collection versions  https://review.opendev.org/c/openstack/openstack-ansible/+/89237314:21
jrossersemantic: did you check the rabbitmq monitoring dashboard to see if you have a backlog of messages anywhere?14:25
opendevreviewshahab taee proposed openstack/openstack-ansible-os_neutron stable/wallaby: Fix typo for  vpnaas_custom_config distribution  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/89566514:31
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_aodh master: Add quorum support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/89569014:32
opendevreviewshahab taee proposed openstack/openstack-ansible-os_neutron stable/xena: Fix typo for  vpnaas_custom_config distribution  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/89566614:32
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican master: Add quorum support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/89569314:44
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_blazar master: Add quorum support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_blazar/+/89569414:49
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ceilometer master: Add quorum support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/89569615:16
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump ansible-core to 2.15.3 and ansible-lint  https://review.opendev.org/c/openstack/openstack-ansible/+/89237117:23
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump ansible-core to 2.15.3 and ansible-lint  https://review.opendev.org/c/openstack/openstack-ansible/+/89237117:24
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump ansible collection versions  https://review.opendev.org/c/openstack/openstack-ansible/+/89237317:24
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump ansible collection versions  https://review.opendev.org/c/openstack/openstack-ansible/+/89237317:25
« Sunday, 2023-09-17 Index Tuesday, 2023-09-19 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!