Tuesday, 2023-10-10

« Monday, 2023-10-09 Index Wednesday, 2023-10-11 »
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-zookeeper master: Add upgrade jobs for zookeeper  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/89775406:55
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Always use on-disk openstack service git repos in CI jobs  https://review.opendev.org/c/openstack/openstack-ansible/+/89770706:59
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-ceph_client stable/2023.1: Add AppArmor configuration for ceph read/write caching  https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/89773007:00
jrosserwow https://zuul.opendev.org/t/openstack/build/b9556a690bc341e0a75cebb40b3ca9b9/log/job-output.txt#2142507:54
jrossernoonedeadpunk: typo in the commit message here which i can't decode https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89770107:56
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build master: Use distribution_major_version for Debian and CentOS  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89770107:58
noonedeadpunkdone07:58
jrosseraaaha07:59
noonedeadpunksounds like I need to look into the tests repo and functional tests....07:59
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build master: Use distribution_major_version for Debian and CentOS  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89770108:00
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: WIP - test Vexxhost CAPI driver for magnum  https://review.opendev.org/c/openstack/openstack-ansible/+/89324008:02
opendevreviewMerged openstack/openstack-ansible-os_neutron master: [doc] Update example on how to define neutron_vpnaas_custom_config  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/89743109:04
opendevreviewJonathan Rosser proposed openstack/ansible-role-zookeeper master: Add upgrade jobs for zookeeper  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/89775409:28
damiandabrowskii noticed that it's nearly impossible to pass gating(at least for magnum repo) due to the rocky timeouts09:38
damiandabrowskiexamples:09:38
damiandabrowskihttps://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/89752609:38
damiandabrowskihttps://review.opendev.org/c/openstack/openstack-ansible-os_magnum09:38
damiandabrowskiis it something that already has a fix proposed?09:39
damiandabrowskihttps://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/893362 *09:39
noonedeadpunkdamiandabrowski: it looks like loaded infra... but not sure09:41
noonedeadpunkas ubuntu takes also 3h09:41
noonedeadpunkand same tls job 2h19m09:41
damiandabrowskiahh, that would make sense09:42
jrossertheres nothing very obvious on the grafana dashboards either09:45
jrosserexcept that the runtimes are generally creeping upward09:45
jrossersad we don't have "old" ARA where you could quickly sort by task runtime09:46
noonedeadpunkAnd I haven't managed to work on new ara :(09:51
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Define install_method default when hosts resolution depend on it  https://review.opendev.org/c/openstack/openstack-ansible/+/89169709:57
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Remove unreadable unicode symbols  https://review.opendev.org/c/openstack/openstack-ansible/+/88421909:59
jrosseri might have a quick hack on seeing what we can get out of the sqlite file10:03
jrosserlike what the heaviest roles are10:03
opendevreviewMerged openstack/ansible-role-zookeeper master: change to using archive.apache.org for source downloads  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/89767310:26
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-zookeeper stable/2023.1: change to using archive.apache.org for source downloads  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/89780110:30
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-zookeeper stable/2023.1: change to using archive.apache.org for source downloads  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/89780110:31
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-zookeeper stable/zed: change to using archive.apache.org for source downloads  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/89780210:31
opendevreviewMerged openstack/openstack-ansible-os_nova stable/2023.1: Add barbican_service_user section  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89745710:40
opendevreviewMerged openstack/openstack-ansible-os_keystone master: Fix example playbook linters  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/89690810:43
opendevreviewMerged openstack/openstack-ansible-galera_server stable/yoga: Added vars to override systemd for mariabackup  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/89766511:11
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Bump ansible-core to 2.12.8  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/89740311:16
opendevreviewMerged openstack/openstack-ansible-lxc_hosts master: Add ca-certificates into debian base image during debootstrap.  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/89455711:16
opendevreviewMerged openstack/ansible-role-zookeeper master: update zookeeper to 3.8.3  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/89767211:22
opendevreviewMerged openstack/openstack-ansible-ceph_client master: Allow to distribute custom key with the role  https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/89704611:34
jrossernoonedeadpunk: first go at stats from ara sqlite - not sure if it's helpful? https://paste.opendev.org/show/bJTmzPJb8xrlSR6Au0r0/11:45
opendevreviewMerged openstack/ansible-role-zookeeper master: Use TOX_CONSTRAINTS_FILE  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/89087712:04
ThiagoCMCHey folks, is OSA 2023.2 Bobcat still under development?12:46
opendevreviewMerged openstack/openstack-ansible-os_keystone master: oidc: fix recognition of x forwarded headers from v2.4.11  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/89461613:00
noonedeadpunkThiagoCMC: yes, pretty much is13:00
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-os_keystone stable/2023.1: oidc: fix recognition of x forwarded headers from v2.4.11  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/89780613:01
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-os_keystone stable/zed: oidc: fix recognition of x forwarded headers from v2.4.11  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/89780713:03
noonedeadpunkWe;re still finalizing couple of work areas13:06
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-os_keystone stable/zed: oidc: fix recognition of x forwarded headers from v2.4.11  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/89780713:07
ThiagoCMCnoonedeadpunk, okdok! No problem, just curious... Thanks!  ^_^13:17
opendevreviewJonathan Rosser proposed openstack/ansible-role-python_venv_build master: Remove OS specific variable inclusion  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89783013:31
noonedeadpunkso, bookworm seems to be passing for metal, huh?13:33
NeilHanlon🥳13:33
noonedeadpunkhttps://zuul.opendev.org/t/openstack/build/215c90152a2247588fc213b4a2bced2a13:33
NeilHanlonrocky/centos jobs continue to be unstable due to centos mirror issues (at least they're not rocky mirror issues this time)13:33
noonedeadpunkbut yeah, fails for horizon in lxc :(13:33
NeilHanloni had to recheck the zookeeper backports for two different reasons :\13:34
NeilHanlonrdo-deps, and then a package _in_ rdo deps13:34
opendevreviewJonathan Rosser proposed openstack/ansible-role-systemd_service master: Remove conditions on systemd version  https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/89783213:42
noonedeadpunkand now that needs to land on stable branches as well....13:44
NeilHanlonfor https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/897754/2 - does this require we land the 2023.1 backport for the archive.apache.org? I see zuul upgrade job failed because it was trying to download the old url for zk13:44
noonedeadpunkyes, backport and version bump13:45
NeilHanlon👍13:45
NeilHanlonbtw please give me a ping if anyone needs reviews or anything. i'll try to keep my eye on the gerrit dashboard, too :)13:46
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-ceph_client stable/2023.1: Allow to distribute custom key with the role  https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/89780813:57
noonedeadpunksure, thanks a lot!13:57
NeilHanlonalso if you want me to take a stab at any docs stuff, i can make time :) 14:01
noonedeadpunkalso zookeeper on stable branches block things like this: https://review.opendev.org/c/openstack/openstack-ansible/+/89728414:07
NeilHanlonbleh14:09
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Bump ansible-core to 2.12.8  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/89740314:14
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Convert haproxy_service_config_external.yml to a symlink  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/89784114:35
opendevreviewMerged openstack/openstack-ansible stable/yoga: Gather extra networking facts for keepalived  https://review.opendev.org/c/openstack/openstack-ansible/+/89728514:40
noonedeadpunk#startmeeting openstack_ansible_meeting15:04
opendevmeetMeeting started Tue Oct 10 15:04:13 2023 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:04
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:04
opendevmeetThe meeting name has been set to 'openstack_ansible_meeting'15:04
noonedeadpunk#topic rollcall15:04
noonedeadpunko/15:04
damiandabrowskihi!15:04
NeilHanlono/15:05
NeilHanlonsorry, last meeting running long 🙃15:05
noonedeadpunk#topic office hours15:06
noonedeadpunkPTG.15:06
noonedeadpunkI've booked a room for us on Tuesday, Oct 24, 14:00 - 17:00 UTC15:07
NeilHanlonawesome15:07
noonedeadpunkIs that fine for everyone or you have some input on how better to re-schedule that?15:08
NeilHanlonthat works fine for me15:08
NeilHanlon#link https://ptg.opendev.org/ptg.html15:08
NeilHanlon#link https://etherpad.opendev.org/p/oct2023-ptg-os-ansible15:08
noonedeadpunkAnother thing, is that I didn't book operator hours this time, but then TC wrote a ML asking for projects to do so.15:08
noonedeadpunkI might re-name etherpad fwiw :)15:09
noonedeadpunkI haven't populated it yet15:09
NeilHanlonfair :) 15:09
damiandabrowskiI'll perform openstack upgrade during that time so not sure if i'll be able to join, but i'll try to 15:09
noonedeadpunkWhat we think about operator hours? Do we see having any benefit from running these?15:09
noonedeadpunkThey don't have a lot of attendance, though I can appear for really an hour on Wednesday just to make an opprotunity for ppl to show up15:10
damiandabrowskiIIRC last time it was only you, me and amy :|15:11
noonedeadpunkThough I don't think anybody will15:11
NeilHanlondo we have a list of operators we can email directly and let them know about them? 15:11
NeilHanlonbesides just posting on the -discuss list15:11
NeilHanloni feel as though they could be useful, if we got people to show up15:12
noonedeadpunkI'm not sure really...15:12
noonedeadpunkAnd besides openstack marketing...15:12
noonedeadpunkBut ok, let's try the last time.15:12
NeilHanloni can probably try and drum up some interest with Rocky, but. yeah. let's give it a shot :) 15:13
noonedeadpunkAnd maybe do that on Monday as it's pretty much free15:13
jamesdentonTBH i end up with a conflict or simply forget. Apologies15:13
noonedeadpunkand like 17UTC doesn't have a conflict with anything else yet15:13
NeilHanlonsounds good to me 15:14
noonedeadpunkok, good. I will book and send a ML15:15
noonedeadpunk#action noonedeadpunk to book operator hour and send ML 15:15
noonedeadpunkOther then that, today we got debian 12 passing for metal jobs. It's failing on horizon though and I'm spawning a sandbox to check what's there15:15
noonedeadpunkCI stability is not great - we're having TIMEOUTs and broken CentOS mirrors now15:16
noonedeadpunkSo quite hard to land anything15:16
jrosseri think there was some discussion in horizon irc about debian12 broken with django 415:16
noonedeadpunk#link https://review.opendev.org/c/openstack/horizon/+/89731015:17
noonedeadpunkI wonder why only Deb 12 is affected. Just py3.11?15:18
noonedeadpunkAs u-c are quite explicit about Django===3.2.1815:19
noonedeadpunkSO it's really interesting what's going on 15:20
jrosserwell, debian12 might have other ideas about that15:20
noonedeadpunkThen we have landed quite some bugfixes and some were already backported.15:21
noonedeadpunkSo I'm thinking of pushing bumps for stable branches soon15:21
noonedeadpunkHowever, bump for master seems to be failing with weird nova issue15:22
noonedeadpunkduring upgrade check15:22
noonedeadpunk#link https://review.opendev.org/c/openstack/openstack-ansible/+/89743415:22
noonedeadpunkI haven't checked what;'s up yet, but that looks like missing uuid for computes in /var/lib/nova/15:23
noonedeadpunk`Compute node objects without service_id linkage were found in the database. Ensure all non-deleted compute services  have started with upgraded code.`15:24
noonedeadpunkSo that is a blocker for landing 2023.2 for sure and needs sorting out15:25
noonedeadpunkAlso very weird issue with mariadb upgrade, which I wasn't able to reproduce15:26
jrosseri did start today looking for bogus/old tasks in roles we use a lot15:26
jrosserbut feels like really not going to be the solution to making CI faster15:26
noonedeadpunk#link https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/89474015:26
noonedeadpunkyeah, those are nice clean-ups15:26
noonedeadpunkI wonder if we should revive parallel execution of things at least for CIs15:27
jrosseri wonder if theres some 12 vs 12.1 stuff going on in the galera role15:27
noonedeadpunkLike make some python script that would parse setup-infrastructure and setup-openstack and execute in threads openstack-ansible binary...15:27
noonedeadpunkBut it fails for jammy?15:28
noonedeadpunkIt somehow tries to isntall 10.6 instead of 10.11.515:28
noonedeadpunklike use built-in repos ignoring pinned priority15:29
jrosser894740 fails in repo server for jammy15:29
jrosseroh well actually15:30
noonedeadpunkis it? https://zuul.opendev.org/t/openstack/build/204c318c9e204e01a6f48064ab9060d7/log/job-output.txt#2572415:30
jrosserits 894561 where we need to look15:30
noonedeadpunk'mariadb-server=1:10.6.12-0ubuntu0.22.04.1'' failed: E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).15:30
noonedeadpunkwell... that fails differently...15:31
jrosseroh no /o\15:31
jrosserits that systemd_mount rescue task that keeps catching me out15:32
noonedeadpunkbut I wonder what mariadb it has installed15:32
noonedeadpunkWe should do smth to it I guess....15:32
noonedeadpunkbut that's different topic15:32
noonedeadpunkSo. 894561 has 10.6.12 at the end15:33
noonedeadpunkwhen it fails to re-bootstrap the cluster15:33
noonedeadpunkhttps://zuul.opendev.org/t/openstack/build/5086e874a1dc4ef0b13c072e3e3d4886/log/logs/host/dpkg.log.txt#303215:33
jrosserwtf https://zuul.opendev.org/t/openstack/build/5086e874a1dc4ef0b13c072e3e3d4886/log/logs/host/dpkg.log.txt#294815:35
noonedeadpunkit somehow looks like the infra cache mirror just doesn't have required version15:35
noonedeadpunkit's before upgrade15:35
noonedeadpunkon 2023.115:35
noonedeadpunkand then it gets removed in favor of 10.615:35
jrosserthat line is like only 2 seconds before all the 10.6 stuff15:36
noonedeadpunkhuh15:36
jrosser`install mariadb-common:all 1:10.11.2+maria~ubu2204 1:10.6.12-0ubuntu0.22.04.1`15:37
jrosser^ what is this i wonder15:37
noonedeadpunkaha, and previous run is L109815:37
noonedeadpunkmaybe we don't clean up enough?15:37
noonedeadpunkand some more packages needs to be wiped for upgrade now15:38
noonedeadpunkAnd L2931 it's being removed...15:39
noonedeadpunkstatus half-installed mariadb-common15:39
noonedeadpunkso no, it really installs 10.6 from default repos ignoring mariadb one15:40
jrossermaybe we need a patch that inserts a `fail:` at the point it should be cleaned up15:40
jrosserand get a held node to see what actually is there15:40
noonedeadpunkSo I really wonder if smth is off with repo proxy15:41
noonedeadpunkhttps://zuul.opendev.org/t/openstack/build/5086e874a1dc4ef0b13c072e3e3d4886/log/logs/etc/host/apt/sources.list.d/MariaDB.list.txt15:41
jrossercan always try to use `http://mirror.iad.rax.opendev.org:8080/MariaDB/mariadb-10.11.5/repo/ubuntu/` in a local build15:43
noonedeadpunkis it available from outside?15:44
noonedeadpunkbut yeah, will check that15:45
noonedeadpunkAnd hopefully I will be able to continue pshing stuff for quorum queues and identify more linter failures....15:45
jrosseryes take the `-int` out of it15:46
noonedeadpunkfwiw, horizon didn't fail in my sandbox15:46
noonedeadpunkaha15:46
noonedeadpunkso maybe horizon will feel better on 2023.2 branch...15:48
noonedeadpunkor well... Maybe we're using specific SHA atm...15:49
noonedeadpunk(in gates)15:49
noonedeadpunkanyway...15:50
noonedeadpunkanything else to raise/talk about?15:50
jrosserwe say it every year but would be good not to have a huge rush to release :)15:52
jrosserso anything that can fix up the CI reliability a bit would be a bonus15:52
noonedeadpunkYeah, and each year I'm pretty much in agreement with that but it somehow doesn't work out at the end :(15:56
noonedeadpunkI think we really should not attempt to land smth extra other then what was already promised/agreed15:56
noonedeadpunkAnd if CI gods will be nice - it should give us to not be in rush15:57
NeilHanlon🤞16:00
noonedeadpunk#endmeeting16:00
opendevmeetMeeting ended Tue Oct 10 16:00:12 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:00
opendevmeetMinutes:        https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-10-10-15.04.html16:00
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-10-10-15.04.txt16:00
opendevmeetLog:            https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-10-10-15.04.log.html16:00
NeilHanlonthank you noonedeadpunk for running, as always :) 16:00
noonedeadpunkthanks for taking time to join!16:00
jrosserwhy do we not run ARA in upgrade jobs16:01
noonedeadpunkI actually don't remember16:01
jrosseri was going to run my script over the db to see if theres anything obvious for slowness16:02
jrosserbut no db :(16:02
*** louis is now known as Guest286816:04
noonedeadpunkit was smth related to it's going crazy about verison upgrade or smth like that...16:07
noonedeadpunkbut probably just didn't care anough as upgrade jobs were pretty much supplementary at first16:09
opendevreviewMerged openstack/openstack-ansible-lxc_hosts master: Switch to native systemd-resolved from resolv.conf  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/89455816:09
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_hosts master: Stop installing openssh and rsync to containers  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/88994516:11
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-lxc_hosts master: Remove old cleaup task  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/89785516:25
Guest2868Hi, im trying to install osa on my infrastructure im running setup-openstack.yml playbook and I got this error: https://paste.openstack.org/show/bxIf6SQ8nDFTw5clQhrE/ when I try to curl htpp://192.168.100.10:5000/ this is the output: https://paste.openstack.org/show/bYlSLdCuuIebzKdU5O4l/ I don't understand why sometimes I got a SSL handshake failure.16:26
noonedeadpunkGuest2868: How does your endpoint list look like?16:34
opendevreviewMerged openstack/ansible-role-python_venv_build master: Use distribution_major_version for Debian and CentOS  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89770116:34
noonedeadpunkas it might be that public endpoint is using TLS and keystone log just shows them with handshake error16:34
noonedeadpunklike if someone tries to access TLS with plain HTTP16:35
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build stable/2023.1: Use distribution_major_version for Debian and CentOS  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89781016:35
Guest2868noonedeadpunk: like that https://paste.openstack.org/show/bsiRDH16GsxF8l034nq6/16:36
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build stable/2023.1: Use distribution_major_version for Debian and CentOS  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89781016:36
noonedeadpunkGuest2868: and you can do curl not only from the deploy host, but also from infra1 server?16:38
noonedeadpunkAlso - you're running metal install, right?16:38
Guest2868yes its a metal install and no I cant curl from infra1 i got a SSL handshake error in haproxy logs16:39
noonedeadpunkah, so you do curl multiple times but once in a while you get empty reply16:40
noonedeadpunkAnd 192.168.100.10 is on infra1?16:40
Guest2868Oh, I just retry curl and now I got result from haproxy16:40
noonedeadpunkand basially - you have more then 1 controller?:)16:41
noonedeadpunkor that is some kind of AIO setup16:42
Guest2868my LB is alone on 192.168.100.10 and infra1 is 192.168.100.11 , and no I have only one controller on infra1, I tried to create a cluster with infra1, infra2, infra3 but I got an error with glusterfs, so I decided to have a working install on only one infra server16:42
noonedeadpunkGlusterfs can be disabled, but then it need to be replaced with some other shared storage, like nfs or smth like that. Or, you can jsut define to have `repo-infra_hosts` be on infra116:44
Guest2868noonedeadpunk: this is my terminal output: https://paste.openstack.org/show/bKSwzKMI2yk1VSuLO3B2/16:44
noonedeadpunkso, LB is a standalone host?16:44
Guest2868yes with only haproxy on it16:44
noonedeadpunkI wonder if you can somehow accidentally have same IP both for internal and external endpoints?16:45
noonedeadpunkor well, internal vip and external VIP are different?16:45
Guest2868I will give you my openstack_user_config16:45
Guest2868here: https://paste.openstack.org/show/b2SJX9RBx5z7YISLEm30/16:47
noonedeadpunkchecking16:49
noonedeadpunkwell, the only comment there I have to networking definition16:51
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-lxc_hosts master: Remove old tasks and vars from image download process  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/89786016:51
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-lxc_hosts master: Remove lxc_cache_map variable  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/89786116:51
noonedeadpunkI'm not sure that you can define `network-gateway_hosts` twice16:51
noonedeadpunkand then I guess it's worth to be `network-infra_hosts` rahter then `network_hosts`16:52
noonedeadpunkI have some weird feeling that your internal_lb_vip_address might be migrating between hosts somehow16:54
noonedeadpunkThough I would expect that you should not have keepalived installed on haproxy host.16:54
noonedeadpunkCan you check if you do have keepalived there or not to be sure?16:54
noonedeadpunkneither on any other hosts...16:54
Guest2868on user_variable.yml i have a key: haproxy_use_keepalived: False16:55
noonedeadpunkif you do smth like `arp -n 192.168.100.10` - would it be the same MAC?16:56
Guest2868interesting16:56
noonedeadpunk(like between getting empty reply and not)16:57
opendevreviewMerged openstack/ansible-role-zookeeper stable/2023.1: change to using archive.apache.org for source downloads  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/89780117:05
Guest2868I change the MAC address and I have some SSL handshake failed17:05
Guest2868*changed17:06
jrossernoonedeadpunk: oh hmm https://github.com/openstack/openstack-ansible-tests/blob/master/zuul.d/jobs.yaml#L7817:06
opendevreviewMerged openstack/openstack-ansible-os_nova stable/yoga: Add barbican_service_user section  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89772217:07
opendevreviewMerged openstack/openstack-ansible-os_nova stable/zed: Add barbican_service_user section  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89772117:07
noonedeadpunkjrosser: that would explain hussle i'm into right now I guess17:08
jrosseri was half way to change your patch to be master there17:08
jrosserand then i dont knwo what the deal will be with older ansible17:08
noonedeadpunkI think that also adding test-vars.yml shouldn't be done through tox...17:09
noonedeadpunkas they're included inside playbooks17:09
jrosserwe have a big big mess here17:09
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible-tests/src/branch/master/test-install-tempest.yml#L2917:09
noonedeadpunkalso that override-checkouts is only for requirements....17:10
noonedeadpunkbut yes, I think worth dropping that and see17:10
jrosseryeah i saw that broken on another job17:10
noonedeadpunkthough for me locally things crash in a completely different way on pki stuff17:11
jrosseractually here https://review.opendev.org/c/openstack/openstack-ansible-tests/+/89740317:12
opendevreviewMerged openstack/ansible-role-zookeeper stable/zed: change to using archive.apache.org for source downloads  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/89780217:12
jrosserprobably needs one massive patch on master to sort all that out and bring it to current ansible / current u-c all at once17:12
jrosserotherwise it will never pass17:13
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Bump ansible-core to 2.12.8  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/89740317:14
noonedeadpunkI've actually tried to recall how that all worked back then but couldn't make myself to keep focused on all that crap...17:14
jrosserthere is still services_branch set to yoga in there17:15
noonedeadpunkugh17:15
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Bump ansible-core to 2.12.8  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/89740317:15
noonedeadpunkand that will obviously fail17:16
noonedeadpunkor not...17:16
noonedeadpunkreally very fishy part is why test-vars were not respected....17:17
noonedeadpunkfeels like some include/import thingy17:17
noonedeadpunkas it passed nicely until tempest...17:17
Guest2868noonedeadpunk: i think you are pretty busy right now17:20
noonedeadpunkGuest2868: sorry :( so, you changed mac.... on haproxy host? and you got the issue with ssl handshake?17:21
noonedeadpunkand arp on the host you was using curl from shows new mac?17:21
noonedeadpunkor I misunderstood what you did?17:22
Guest2868i had a doubt on duplicated MAC address, so I changed it on my LB server. When I run the apn i got the same MAC from the apn cmd and a `ip a` on lb server17:24
noonedeadpunkso it didn't change after all?17:25
Guest2868the issue? yes same shit, sometimes i got ssl handshake error17:26
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server stable/2023.1: Add possibility to override haproxy_ssl_path  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/89716717:26
Guest2868the ssl error is from keystone_service-front-1/1 and when the response is ok is from keystone_service-front-2. Maybe its not relevant17:27
noonedeadpunkand if you check haproxy.cfg - you have different frontend for internal and external vips, right?17:27
noonedeadpunkI assume, that on lb1 you don't have any host record that would make to resolve lb00.airtop.io into 192.168.100.10 ?17:29
Guest2868this i my /etc/hosts on lb1 https://paste.openstack.org/show/b3q9Yl3RBPBrJsaL10bB/17:30
noonedeadpunkGuest2868: last line17:35
noonedeadpunkyou can never have extrnal_lb_vip_address be same as internal17:35
noonedeadpunkYou can explicitly define IP or interface for haproxy to listen on for extenral vip by defininig haproxy_bind_external_lb_vip_address17:36
noonedeadpunkor you can bind it to interface as well: https://opendev.org/openstack/openstack-ansible-haproxy_server/src/branch/master/defaults/main.yml#L277-L28517:37
noonedeadpunkSo I guess depending on how your fqdn will be resolved - you go either to internal endpoint which is plain HTTP or to external which is TLS17:37
Guest2868should i add it on user_variables?17:39
noonedeadpunkyup17:40
noonedeadpunkand re-run os-keystone-install.yml if you're on 2023.1 (antelope) or haproxy-server.yml if earlier17:41
Guest2868i dont really understad what should i put on theses keys17:41
Guest2868i should rerun setup-infra?17:42
noonedeadpunkSo somehow, in your /etc/hosts, 192.168.100.10 record  is mapped to the external fqdn lb00.airtop.io17:43
Guest2868i removed it but now, haproxy cant start17:44
noonedeadpunkand you have this in openstack_user_config: external_lb_vip_address: lb00.airtop.io17:44
noonedeadpunkand internal_lb_vip_address: 192.168.100.1017:44
noonedeadpunkwhich under certain circumstances can make internal_lb_vip_address == external_lb_vip_address17:45
noonedeadpunkwhich should never happen17:45
Guest2868i think i dont understand this key what is "external_lb_vip_address"17:45
noonedeadpunkSo you need to have at least 2 IPs to handle internal_lb_vip_address and external_lb_vip_address independently17:45
noonedeadpunkIt's many things17:46
Guest2868this ip could be on the same range like 192.168.100.10 and 192.168.100.20 ? 17:46
noonedeadpunkAmong them it is a default external frontend for haproxy it binds to17:46
noonedeadpunkYes, it can be from the same range, but they jsut must be different17:46
Guest2868my domain should be mapped on which one?17:46
Guest2868which service will use the external ip?17:47
noonedeadpunkAnother usecase for *_lb_vip_address is provide default for your endpoints17:47
noonedeadpunkSo, openstack service APIs get discovered from the catalog, which is part of the keystone. When you define a new service it get's created in the catalog along with it's endpoints17:48
noonedeadpunkTher're multiple type of endpoints, like public and internal/admin17:48
Guest2868ok and now, i should rerun setup-infra? or start with new setup-hosts?17:49
noonedeadpunkSo external_lb_vip_address will participate in creation of public endpoint17:49
noonedeadpunkAnd internal_lb_vip_address will make an internal/admin endpoints17:49
noonedeadpunkAnd both of them can be domains, just in case17:49
noonedeadpunkre-run os-keystone-install.yml if you're on 2023.1 (antelope) or haproxy-server.yml if earlier17:50
noonedeadpunkAnd then haproxy also has 2 type of frontends - to handle public and internal traffic separately17:51
noonedeadpunkBy default public one is covered with TLS while private one is not, though it's simple enough to enable TLS on both17:51
Guest2868but the public endpoint should have my domain name url no?17:54
Guest2868I have now un error on regenerate haproxy configuration 'bind' : invalid address: 'lb00.airtop.io' in 'lb00.airtop.io:80'17:56
noonedeadpunkUm but you set `haproxy_bind_external_lb_vip_address: 192.168.100.20`, or?17:59
NeilHanlonhave to bind to an IP, not a FQDN17:59
Guest2868i decide to have internal_lb_vip_address: 192.168.100.100 and external_lb_vip_address: 192.168.100.1018:00
noonedeadpunk> but the public endpoint should have my domain name url no: haproxy_bind_external_lb_vip_address is affecting only haproxy. Endpoint will be still created with domain as long as external_lb_vip_address defined to domain18:00
noonedeadpunkUm. Well. For endpoints to be FQDN you need to keep external_lb_vip_address same, but define haproxy_bind_external_lb_vip_address on top of that18:02
noonedeadpunklet me find a doc for that...18:02
noonedeadpunkhttps://docs.openstack.org/openstack-ansible-haproxy_server/latest/configure-haproxy.html#overriding-the-address-haproxy-will-bind-to18:04
Guest2868i do this https://paste.openstack.org/show/bSW7jMmx0Ql6tM2jSl6f/18:05
noonedeadpunkSo, both haproxy_bind_external_lb_vip_address and haproxy_bind_internal_lb_vip_address are already defaulting to these values18:05
noonedeadpunkon top of that, you won't have your domain to be in public endpoint this wasy18:05
noonedeadpunklet me edit it for you:)18:06
Guest2868sorry but im just a web dev with no school skills with lan/network/linux/etc... Just learning by myself18:06
noonedeadpunkhttps://paste.openstack.org/show/bsFAwP8MenSzEsBEKB7y/18:07
noonedeadpunkno worries :)18:07
Guest2868its pretty hard to understand and find ressources on openstack, they is a lot of knowledges18:08
noonedeadpunkbut community is rather friendly on other hand18:09
noonedeadpunkand nobody loves to write docs :D18:09
Guest2868ok now im trying to run os-keystone-install ?18:11
noonedeadpunkyeah... but maybe it's wor18:12
Guest2868its what?18:12
noonedeadpunk*worth to run setup-infrastructure as well just in case...18:12
Guest2868ok18:12
noonedeadpunkthere should be a tag to make it fast18:13
noonedeadpunklike openstack-ansible playbooks/setup-infrastructure.yml --tags haproxy-service-config,haproxy-config or smth like that18:14
Guest2868the setup is retrying on Install HAProxy Pacakges18:14
noonedeadpunkugh18:15
Guest2868I know why my server have not internet anymore18:16
Guest2868failed to start haproxy18:20
Guest2868Starting frontend placement-front-1: cannot bind socket (Cannot assign requested address) [176.162.233.210:8780]18:20
noonedeadpunkwait. how you ended up with 176.162.233.210 there...18:21
Guest2868this is the ip of lb00.airtop.io18:21
noonedeadpunkthough I do see a potential issue with our new design of haproxy role damiandabrowski18:21
noonedeadpunkit's not easy to just reconfigure * when you have configuration that is broken18:22
noonedeadpunkwe should add a flag to like - start from scratch18:23
noonedeadpunkGuest2868: can you just manually wipe content of `/etc/haproxy/conf.d/` on your lb01?18:24
noonedeadpunkwe've changed the way we do configure haproxy to address issues in logic there and reduce potential issues during major upgrades, but new things arise :(18:25
noonedeadpunkand then run again the role18:25
Guest2868ok running setup-infra18:26
noonedeadpunk(or other way around would be to return hosts records as it was until haproxy is re-configured properly)18:28
noonedeadpunksorry I need to sign out for today 18:29
Guest2868should i wipe /etc/hosts?18:29
noonedeadpunknah18:30
noonedeadpunkit's controlled by the role18:30
noonedeadpunkyou might update them using openstack-hosts-setup.yml playbook if that's needed18:31
noonedeadpunkand use --tags openstack_hosts-file to make it fast18:32
Guest2868everything was good with no error18:34
Guest2868now should i run setup-openstack or only os-keystone?18:34
noonedeadpunksetup-openstack will execute all opensatck services setup18:35
noonedeadpunkos-keystone-install only keysrtone18:35
noonedeadpunksry, really need to run now18:35
Guest2868yes no pb18:35
Guest2868really appreciate your help18:36
Guest2868thank you18:36
opendevreviewMerged openstack/openstack-ansible-os_rally stable/xena: Restore rally tests  https://review.opendev.org/c/openstack/openstack-ansible-os_rally/+/89752118:52
« Monday, 2023-10-09 Index Wednesday, 2023-10-11 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!