| f0o | how can I re-generate the inventory? I removed some hosts but ansible still attempts to do stuff on them | 07:30 |
|---|---|---|
| f0o | scripts/inventory-manage.py -r seems to have done the trick after finding all of the occurences | 08:03 |
| f0o | also TIL northd cannot be deployed in 2 nodes - by that I mean OSA happily will deploy it on 2 nodes but northd uses RAFT underneath which will at some point completely break northd and prevent any of the two to ever recover | 08:21 |
| f0o | all I wanted is to debug haproxy and here I am migrating northd to a 3 node controller cluster because it cant run with the rest of the networking stuff on a 2 node active/failover scheme | 08:22 |
| jrosser | f0o: your control plane really should be one node for non-HA and 3 for HA | 10:33 |
| jrosser | otherwise you have trouble with the database too | 10:33 |
| f0o | the controllers are 3 nodes; I assumed OVN being networking would follow networking conventions; Active-Standby | 10:38 |
| f0o | didnt know OVN uses RAFT which implicitly requires odd number nodes for quorum | 10:38 |
| f0o | so now I'm moving northd away from the TOR and onto the controllers while keeping the gateway chassis on the TOR | 10:39 |
| f0o | silly if you ask me, because the TOR could run northd just fine if it supported 2 node setup | 10:40 |
| f0o | gonna see if I can alter northd to use a full-mesh with active-standby instead... ovs does it, just ovn doesnt | 12:59 |
| f0o | jrosser noonedeadpunk I have also discovered my HAProxy issue, and part of it is because I have defined an entry in haproxy_service_configs - that apparently made it ignore _everything_ else | 13:00 |
| f0o | even on a full fresh install it would only deploy what I defined in haproxy_service_configs and none of the openstack configs | 13:00 |
| f0o | that was an interesting gotcha there; sadly I need haproxy_service_configs for letsencrypt/certbot - but all in due time. first things first, move northd or make it not use RAFT | 13:02 |
| f0o | I think I just shouldn't have configured that variable in the user_vars and instead created a role for it and called that instead | 13:07 |
| jrosser | f0o: you should not need to redefine haproxy_service_configs for LetsEncrypt - there is native support in the haproxy role | 13:39 |
| f0o | that's not what the docs said | 14:33 |
| f0o | https://docs.openstack.org/openstack-ansible-haproxy_server/latest/configure-haproxy.html#using-certificates-from-letsencrypt even shows the additional services | 14:34 |
| f0o | but I just saw half a page down haproxy_extra_services so that solves that | 14:37 |
| f0o | Offtopic; is there a good way to restrict cpu/memory cgroups of the lxc containers through OSA? | 15:33 |
| f0o | I'm looking at lxc_container_config_list from the docs but it has no real docs so I'm crawling through the playbook now to understand what it does | 15:34 |
| f0o | or if it's as simple as popping something into "properties" object | 15:35 |
| jrosser | f0o: there are no defaults to override for cpu/memory on the lxc containers | 16:21 |
| jrosser | also the docs might not be up to date for letsencrypt there, i can check tomorrow | 16:21 |
| jrosser | the enablement for LE is here https://github.com/openstack/openstack-ansible/blob/master/inventory/group_vars/haproxy/haproxy.yml#L22 | 16:24 |
| jrosser | the haproxy service which supports LE is here https://github.com/openstack/openstack-ansible/blob/master/inventory/group_vars/haproxy/haproxy.yml#L71-L91 | 16:25 |
| f0o | appreciate it! | 16:33 |
| jrosser | we changed the haproxy setup very recently and it looks like this was missed | 16:33 |
| jrosser | on the cgroup stuff, whilst we have no specific vars for that many things in OSA provide you generic hooks to apply any config you want | 16:35 |
| jrosser | though i don't know of anyone who has wanted to do that before | 16:35 |
| opendevreview | Jimmy McCrory proposed openstack/openstack-ansible-os_nova stable/2023.2: Ensure nova_device_spec is templated as JSON string https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/913501 | 21:34 |
| opendevreview | Jimmy McCrory proposed openstack/openstack-ansible-os_nova stable/2023.1: Ensure nova_device_spec is templated as JSON string https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/913502 | 21:34 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!