Thursday, 2023-10-19

« Wednesday, 2023-10-18 Index Friday, 2023-10-20 »
admin1controllers and hypervisors, basically all servers /etc/issue shows Ubuntu 22.04.3 LTS .. but when trying to do an upgrade from 26->27, I get  "You are trying to build wheels for the distribution or architecture that you don't have build host for. Please, ensure that you have at least 1 host in repo_all group with the following distribution: ubuntu08:15
admin120.04 x86_64 Otherwise, consider adding matching OS to the group or set `venv_wheel_build_enable: False`. Note, that you can run only in a serial manner when wheel build is disabled. Found venv_build_targets: {'ubuntu-22.04-x86_64': 'c1_repo_container-83f07d5e'}"" 08:15
admin1\o08:15
admin1do i need to delete the utility container and have it create it again ? 08:15
noonedeadpunkadmin1: so, you did upgrade of OS on controllers, but didn't re-create containers afterwards?08:16
admin1after upgrade, just ran the  playbook in full to ensure that things still work ..  and when they worked, moved for the upgrade08:17
admin124->25->26 did not complain  ..  26-27 caught this 08:17
noonedeadpunkYeah, so I assume all your containers are still running 20.0408:17
admin1so delete all except galera  ? 08:18
noonedeadpunkYou at least need to re-create 1 repo container08:18
noonedeadpunkto have it on 22.0408:18
admin1oh .. got it .. i can delete the repo container and have it re-cerate it 08:18
noonedeadpunkbut eventually - I think you'd need to rebuild all of them before moving to the release that don't have 20.04 among supported versions08:18
noonedeadpunk(which is bobcat)08:19
admin1well, i can delete all except galera .. 08:19
noonedeadpunkYou can delete them controller-by-controller actually08:19
noonedeadpunklike --limit infra01-host_containers08:20
noonedeadpunkProbably worth to mark all these services as DRAIN/MAINT in haproxy first though08:21
noonedeadpunkwe have thing like that for this specific purpose: https://paste.openstack.org/show/bSS4ao3i9xDSkt42evVD/08:22
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Cleanup upgrade to ssh_keypairs step  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/89880108:43
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Cleanup upgrade to ssh_keypairs step  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89880208:44
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Fix logic of discovering hosts by service  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89874908:47
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Drop ssh_keypairs_install_authorized_keys reference  https://review.opendev.org/c/openstack/openstack-ansible/+/89880409:18
noonedeadpunkjrosser: hey! can you kindly help me to understand ssh_keypairs role better? I'm right now trying to add it to the functional test for plugins repo09:59
jrossersure i can try :)10:00
noonedeadpunkSo there's a check, when you try to access a container from localhost through SSH10:00
noonedeadpunkAnd I wonder what kinda you need to set to allow SSH from localhost to that container, but not vice versa10:00
noonedeadpunkSo it's smth like that atm https://paste.openstack.org/show/bGHuAmV5wqmcmiQHar3x/10:01
noonedeadpunkWhat I'm missing to make it work?:)10:01
noonedeadpunkor principal should be installed everywhere?10:02
jrosserhmm i just have a meeting for 30mins10:03
noonedeadpunk++10:03
jrosserbut yes keystone role would be the kind of prototype for this10:03
jrosserprincipal is what decides if it is allowed to login10:03
jrosseron the localhost should need the public/private key/signed cert10:04
jrosseron the container only the CA, proper config in sshd.conf and principal which matches what the key was signed with10:04
noonedeadpunkYeah, that seems to match....10:05
noonedeadpunkmaybe cert is missing...10:06
noonedeadpunkReally don't see what's off...10:19
noonedeadpunkOh, well/..10:20
noonedeadpunkCould it be that `TrustedUserCAKeys /etc/ssh/trusted_ca` but CA is actually /etc/ssh/trusted_ca.d/OpenStack-Ansible-SSH-Signing-Key10:21
noonedeadpunkyup, that's the reason10:23
noonedeadpunkBut how things do work then?10:23
noonedeadpunkah10:30
noonedeadpunkI had some failure that didn't trigger `Regenerate trusted_ca file` handler :)10:30
noonedeadpunk(I guess that was it)10:30
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Generate SSH certificates for delegation test  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89880911:06
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Simplfy addition of keystone users to roles  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89601711:06
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Add openstack_resources role skeleton  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/87879411:06
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Define install_method default when hosts resolution depend on it  https://review.opendev.org/c/openstack/openstack-ansible/+/89807211:43
opendevreviewMerged openstack/openstack-ansible-os_aodh stable/2023.1: Use proper galera port in configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/89235511:43
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts stable/2023.1: Add ability to define a config for journald  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/89876911:50
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts stable/2023.1: Add ability to define a config for journald  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/89876911:51
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Apply rate limit for journald in AIO builds  https://review.opendev.org/c/openstack/openstack-ansible/+/89877011:52
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_gnocchi stable/2023.1: Use proper galera port in configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/89235611:54
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ceilometer master: Fix example playbook linters  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/89881411:57
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ceilometer master: Enable Ceilometer resource cache  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/88803211:57
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ceilometer master: Add quorum support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/89569611:58
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_cloudkitty master: Add quorum queues support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_cloudkitty/+/89881612:15
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_designate master: Add quorum queues support for service  https://review.opendev.org/c/openstack/openstack-ansible-os_designate/+/89881812:31
opendevreviewMerged openstack/openstack-ansible stable/2023.1: Run nova db post setup from nova playbook  https://review.opendev.org/c/openstack/openstack-ansible/+/89849412:37
*** Adri2000_ is now known as Adri200013:19
spatelFolks.. need help for ceph13:25
spatelwhat is the command to backfill setting ?13:25
spatelI want to add OSD in ceph but want to keep data trashing low... 13:26
spatellast time it fill my pipe :(13:26
jamesdentonnoonedeadpunk have you seen instances where the conditional check is being ignored? https://paste.opendev.org/show/bVSNa9kBIl5LBKf0nkXV/ - in this case, user.role is a string and the role assignment was made accordingly, but then it's failing when trying to perform the 'add keystone roles' task because it's not a list. But the conditional is the run that task "when not string"14:23
jrosseri have a patch for this i think14:24
noonedeadpunkyeah14:24
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89601714:24
jamesdentoncool cool14:24
jamesdentonthat's one way of doing it :D14:25
jrossergrmbl grmbl more rocky repo shennanigans there14:26
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Generate SSH certificates for delegation test  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89880914:26
jrosserin the end we can remove that logic14:26
jrosserbut i think you can't fix all the role stuff to be lists without needing to handle both14:27
jrosseras it's throughout all the roles everywhere14:27
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Generate SSH certificates for delegation test  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89880915:28
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Generate SSH certificates for delegation test  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89880915:30
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Generate SSH certificates for delegation test  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89880916:43
noonedeadpunkI really dunno why this is failing.... asked for a hold16:45
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Generate SSH certificates for delegation test  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89880916:49
NeilHanlonjrosser: hm. at least that one seems like the jobs just got a mirror that was offline, which could be any of them in the community. I will start the conversation again with infra about getting a local rocky mirror. i think that will 'solve' it. i do apologize for the noise and crap :( 17:26
noonedeadpunkYeah, problematic mirrors are kind of "fine"17:41
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Generate SSH certificates for delegation test  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89880917:43
noonedeadpunkthat happens everywhere actually17:44
noonedeadpunkwe see it less with other distros only because of using local infra repos. 17:44
noonedeadpunkBut even then couple of times per year they might get broken, especially EPEL ones, because there's hardly a reliable mirror that can be used for infra...17:45
noonedeadpunkFrom what I got from mirror maintainers, is that during some new version being released it's too much changes that mirrors can hardly deal with17:46
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Generate SSH certificates for delegation test  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89880918:06
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Generate SSH certificates for delegation test  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89880918:30
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Generate SSH certificates for delegation test  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89880918:47
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Add openstack_resources role skeleton  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/87879418:47
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Simplfy addition of keystone users to roles  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/89601718:48
« Wednesday, 2023-10-18 Index Friday, 2023-10-20 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!