Thursday, 2023-10-12

« Wednesday, 2023-10-11 Index Friday, 2023-10-13 »
opendevreviewMerged openstack/openstack-ansible-os_neutron stable/zed: Fix typo for  vpnaas_custom_config distribution  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/89671100:22
opendevreviewMerged openstack/openstack-ansible-lxc_hosts master: Remove lxc_cache_map variable  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/89786105:03
opendevreviewMerged openstack/ansible-role-python_venv_build master: Drop unneeded become overrides  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89794805:35
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build stable/2023.1: Drop unneeded become overrides  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89806207:03
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build stable/zed: Drop unneeded become overrides  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89806307:03
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build stable/yoga: Drop unneeded become overrides  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89806407:03
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron stable/zed: Check length of network_mappings  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/89395207:04
noonedeadpunkmornings07:05
Guest2868hi thank you for your help, now I have a ceph cluster OK07:25
noonedeadpunkhurray \o/07:25
Guest2868now I have a pb with my compute2 when I ran setup-openstack error: internal error: a secret with UUID 7e707ace-9279-4c6c-a12f-7e9dafc63a4d already defined for use with client.cinder secret07:26
jrossergood morning07:28
jrosserGuest2868: could you describe where that error was from?07:28
Guest2868maybe a previous installation atempt create this problem07:28
Guest2868TASK [ceph_client : Define libvirt nova secret]07:28
noonedeadpunkSo does the output of `virsh secret-list` on compute contain `nova_ceph_client_uuid` value from user_secrets?07:35
noonedeadpunkOr well... what's the output of `virsh secret-list|grep 7e707ace-9279-4c6c-a12f-7e9dafc63a4d ; echo $?`?07:36
noonedeadpunkI kind of wonder if grep can exist with a code rather then 0 when accurance was matched07:40
noonedeadpunk(or command overall)07:41
noonedeadpunkmaybe we should do smth like safe pipelining there, to ensure that it's grep exit code we're looking at07:41
Guest2868im in meeting right now07:41
noonedeadpunkme too ヽ(。_°)ノ07:42
Guest2868 7e707ace-9279-4c6c-a12f-7e9dafc63a4d   ceph client.cinder secret07:48
noonedeadpunkwhat;s the exit code?07:48
noonedeadpunkecho $? 07:48
noonedeadpunkshould be executed right after the grep07:48
Guest2868007:48
Guest2868sorry07:48
noonedeadpunkI'd suggest to re-run os-nova-install.yml.. Or well, it failed during nova installation, right? 07:49
Guest2868with --limit on compute2?07:50
Guest2868should i remove the file in /tmp ? 07:51
noonedeadpunkyeah. you can do that with limit, sure08:00
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_hosts master: Stop installing openssh and rsync to containers  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/88994508:01
Guest2868same error08:02
Guest2868https://paste.openstack.org/show/bXRxImrgetMq3zWdhoyF/08:03
admin1Guest2868, you should remove it with virsh secret-undefine and retry 08:03
admin1when a secret is already defined, it has to be manually undefined 08:03
Guest2868Hi, do you have the correct cmd?08:04
admin1just gave it to you :) 08:04
Guest2868error: command 'secret-undefine' requires <secret> option08:04
admin1yes08:04
admin1virsh secret-list to list the secret08:04
Guest2868ok thank you I deleted it08:05
noonedeadpunkBut I guess most question is - why at all it tries to execute08:05
noonedeadpunkCan you provide couple of previous tasks as well?08:05
admin1Guest2868, now if you re-run the playbook, it will not get stuck here 08:05
Guest2868Im re-running right now08:06
noonedeadpunkLike starting from `Check if nova secret is defined in libvirt`08:06
admin1it will re-add the necessary secret and continue 08:06
Guest2868Do you think it's because of an old installation?08:07
Guest2868Thank you admin1 setup is now OK08:07
noonedeadpunkWell, eventually, this task has condition when to run. And it should not run if the same secret is already present in virsh08:07
noonedeadpunkAccording to output you've provided it should be there and this task should not run simply08:08
Guest2868Now, im in the dasboard08:09
Guest2868dashboard08:09
Guest2868I got this error: Policy doesn't allow os_compute_api:os-simple-tenant-usage:show to be performed. (HTTP 403) (Request-ID: req-1729b576-791b-4646-8762-1de5c39d3ec7) 08:10
admin1as admin ? 08:11
Guest2868yes08:12
admin1i guess you are in service and if its newer 27 tag .. admin is not present in service tenant as admin08:12
admin1so you have to switch to admin, edit admin role for service to add admin and then switch back 08:12
noonedeadpunkOr use admin project I assume08:12
admin1yeah .. by default it logs you in to service project08:12
noonedeadpunkoh? I wonder why though....08:13
admin1and if you are first timer or trying out, you get hit with this error .. 08:13
Guest2868yes I just view this, now on admin project everything are good08:13
admin1in new ones, i have found that admin is not as admin role in service 08:13
noonedeadpunkIt should be pretty much easy to fix that actually...08:13
Guest2868yes that was my conclusion08:13
Guest2868how? noonedeadpunk 08:13
Guest2868to be admin in the service project?08:13
admin1Guest2868, he meant via the code /playbooks 08:13
admin1you edit the project members and for admin user, select the admin role 08:14
noonedeadpunkWell, I would not expect it to be admin in service project... Though I wouldn't expect service to be the default either08:14
noonedeadpunkGuest2868: somewhere in upper dropdowns you should have selection of projects08:14
noonedeadpunkadmin1: actually, looking at nova policies, you should have a project reader role08:15
Guest2868ok good, what the goal of the service project?08:15
noonedeadpunkand reader is implied by member...08:15
noonedeadpunkGuest2868: all "services" are assigned to the "service" project08:15
admin1Guest2868, for those, you need to google and read  a bit about it 08:15
noonedeadpunklike nova/glance/cinder/etc to interact with each other08:16
Guest2868ok, thank you for your time guys. Have a nice day08:16
noonedeadpunkso... if admin has access to service project at all (which I guess it should not?) - it should be able to read as well...08:16
admin1it used to be admin role in service as well 08:16
noonedeadpunkI'd really need to reproduce the env and see what's happening there...08:17
admin1now its something else .. depending on what you install 08:17
* noonedeadpunk haven't checked on horizon for last 2 years08:17
admin1:) 08:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova stable/yoga: Install libvirt-deamon for RHEL systems  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89806808:48
noonedeadpunkHuh10:03
noonedeadpunkFailed to download packages: Status code: 503 for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=BaseOS-9 (IP: 199.232.198.132)10:03
noonedeadpunkNeilHanlon: ?:)10:03
noonedeadpunkAt same time some pass10:04
noonedeadpunkhttps://zuul.opendev.org/t/openstack/build/566d23466d56482b819b0e88d9e46c0a/log/job-output.txt#13877-1389410:04
noonedeadpunkI guess these are some individual repos though...10:05
noonedeadpunkThe only way on how to solve that I guess to use infra mirrors actually10:05
jrosserdo we yet mirror rocky?10:06
noonedeadpunkI think not10:11
opendevreviewMerged openstack/openstack-ansible master: Always use on-disk openstack service git repos in CI jobs  https://review.opendev.org/c/openstack/openstack-ansible/+/89770711:03
noonedeadpunkjrosser: I assume that should be backported to 2023.1 to see any benefit on master for upgrade jobs?11:05
jrosserI think so yes11:06
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Always use on-disk openstack service git repos in CI jobs  https://review.opendev.org/c/openstack/openstack-ansible/+/89807111:09
opendevreviewMerged openstack/openstack-ansible master: Define install_method default when hosts resolution depend on it  https://review.opendev.org/c/openstack/openstack-ansible/+/89169711:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Define install_method default when hosts resolution depend on it  https://review.opendev.org/c/openstack/openstack-ansible/+/89807211:23
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/zed: Define install_method default when hosts resolution depend on it  https://review.opendev.org/c/openstack/openstack-ansible/+/89807311:23
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Define install_method default when hosts resolution depend on it  https://review.opendev.org/c/openstack/openstack-ansible/+/89807411:23
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/xena: Define install_method default when hosts resolution depend on it  https://review.opendev.org/c/openstack/openstack-ansible/+/89807511:23
NeilHanlonnoonedeadpunk: hm. looking, but I didn't get any pages... i wonder if we're having some micro outages12:15
opendevreviewMarc Gariépy proposed openstack/openstack-ansible-openstack_hosts stable/2023.1: Remove rsyslog since we should use journald instead  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/89807613:08
noonedeadpunkNeilHanlon: well... 503 is that no backend available? So... they go down all at same time or smth in connection btw LB to backend that flaps?13:29
noonedeadpunk(or you ignore DOWN backends until only 1 is left?:)13:30
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/xena: Define install_method default when hosts resolution depend on it  https://review.opendev.org/c/openstack/openstack-ansible/+/89807513:31
noonedeadpunkI wanna ask to do some reviews of stable branches: https://review.opendev.org/q/parentproject:openstack/openstack-ansible+branch:%255Estable/.*+status:open+13:32
NeilHanlonit is _probably_ no backend available; i had one endpoint out of the balancer because I was testing CDN code, but I think it could lead to a situation where the other one restarts and leads to a 503. however, CDN is configured to serve a static backup response, which should mean no one ever "sees" a 503 when one of the services is restarting. I may13:32
NeilHanlonhave broke that fallback code, though ... lol13:32
noonedeadpunkWas hoping to push version bumps this week, as I guess we've pretty much settled with existing bugs13:32
NeilHanloni can take a look at reviews today13:32
noonedeadpunkAh, damn. We also have that for 2023.1 kinda13:34
noonedeadpunkhttps://review.opendev.org/q/topic:bugfix-203458313:35
noonedeadpunkjrosser: I'm not sure if reply to your comment in https://review.opendev.org/c/openstack/openstack-ansible/+/897568 is fine or not?13:36
jrosseryes it's fine, sorry forgot to update that13:38
jamesdentonanyone here using a centralized keystone deployment for multiple regions?13:40
noonedeadpunkI actually dropped that section at once, until didn't come to compute part and realized it was needed for api as well...13:40
noonedeadpunknot anymore for me13:41
jamesdentonnoonedeadpunk did you run into issue with that sort of deployment? what are you doing now? simply federated?13:41
noonedeadpunkright now simply standalone....13:41
noonedeadpunkBut yeah, looking towards switching to federation13:41
jamesdentongotcha13:42
noonedeadpunkit's just a /o\ when you loose network connection to the  region where keystone is13:42
jamesdentonyes, i could see that being an issue :D13:42
noonedeadpunklike due to upstream provider failures or anything like that13:42
noonedeadpunkOr if smth happened to galera... Or memcached in that region...13:43
jamesdentonyeah, it's a risk for sure13:43
NeilHanlonsomething something oauth2? 13:43
noonedeadpunkLike all your HA cross-region deployment becomes a rubish13:43
noonedeadpunkYeah, and KeyCloak. But our biggest issue is is that we have tons of domains13:44
noonedeadpunkAnd federation as of today is not designed a lot for that scenario13:44
jamesdenton1 per "customer"?13:44
noonedeadpunkyeah13:44
NeilHanlonsaw this last night, which is kinda neat https://github.com/anderspitman/obligator13:44
noonedeadpunkWe were looking at this blueprint actually as long as yesterday https://review.opendev.org/c/openstack/keystone-specs/+/748042/12/specs/keystone/2023.1/versioning-for-attribute-mapping-schema.rst13:45
noonedeadpunkWhich _supposedly_ could solve that multi-domain hussle13:45
* NeilHanlon adds that to his 'to read' list13:45
noonedeadpunkOr well, there's also a keystone provider from vexxhost that can jsut proxy keystone requests directly to keycloak without need of federation, but then you kinda loose pretty much of oauth features13:46
mgariepyhmm anyway to override uwsgi of nova-api-os-compute but not of nova-api-metadata ?13:47
noonedeadpunknova_api_os_compute_uwsgi_ini_overrides ?13:51
noonedeadpunkor what do you mean by uwsgi override?13:51
mgariepyexactly that lol.13:52
mgariepydefault config needs some tweaks for the load i get from some users ..13:54
noonedeadpunkwould be interesting to hear what tweks :)13:54
noonedeadpunk(one day)13:55
mgariepynova is tracebacking and overloaded..13:56
mgariepyso i want to set the nova_api_db_max_overflow,  nova_api_db_max_pool_size and uwsgi_processes a bit higher.13:57
noonedeadpunkah, and nova_wsgi_processes is indeed same for api/metadata13:59
mgariepyyeah default works ok for most of my case.. but not that one.13:59
opendevreviewMerged openstack/openstack-ansible-os_zun stable/zed: Install kata containers from source  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/88371114:25
-opendevstatus- NOTICE: The lists.openstack.org site will be offline over the next few hours for migration to a new server15:30
opendevreviewMerged openstack/openstack-ansible-os_keystone stable/zed: oidc: fix recognition of x forwarded headers from v2.4.11  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/89780720:53
opendevreviewMerged openstack/openstack-ansible-openstack_hosts stable/2023.1: Remove rsyslog since we should use journald instead  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/89807621:03
opendevreviewMerged openstack/openstack-ansible-os_nova stable/yoga: Install libvirt-deamon for RHEL systems  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89806821:27
opendevreviewMerged openstack/openstack-ansible-os_neutron stable/zed: Check length of network_mappings  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/89395221:33
opendevreviewMerged openstack/ansible-role-python_venv_build stable/2023.1: Drop unneeded become overrides  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/89806221:38
opendevreviewMerged openstack/openstack-ansible stable/2023.1: Always use on-disk openstack service git repos in CI jobs  https://review.opendev.org/c/openstack/openstack-ansible/+/89807121:42
opendevreviewMerged openstack/openstack-ansible-os_neutron stable/zed: Stop haproxy on ovn-controller nodes  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/89345121:43
« Wednesday, 2023-10-11 Index Friday, 2023-10-13 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!