Wednesday, 2024-04-24

« Tuesday, 2024-04-23 Index Thursday, 2024-04-25 »
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-ops master: Do not duplicate the in-repo example files inside the documentation  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/91687008:47
opendevreviewMerged openstack/openstack-ansible-os_neutron master: Add debian package libstrongswan-standard-plugins  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/91683209:07
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-ops master: Do not duplicate the in-repo example files inside the documentation  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/91687009:11
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Add Tempest test for OVN Octavia driver  https://review.opendev.org/c/openstack/openstack-ansible/+/91687209:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron stable/2023.2: Add debian package libstrongswan-standard-plugins  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/91676509:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron stable/2023.1: Add debian package libstrongswan-standard-plugins  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/91676609:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Add Tempest test for OVN Octavia driver  https://review.opendev.org/c/openstack/openstack-ansible/+/91687209:22
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Implement support for octavia-ovn-provider driver  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/86846209:24
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-ops master: Do not duplicate the in-repo example files inside the documentation  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/91687009:39
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Add service policies defenition  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/91687409:42
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Add variable to globally control notifications enablement and disable RPC  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/91687809:47
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Implement variables to address oslo.messaging improvements  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/91687909:52
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican master: Add service policies defenition  https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/91688110:10
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican master: Add variable to globally control notifications enablement  https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/91688210:13
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican master: Implement variables to address oslo.messaging improvements  https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/91688410:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Switch service repos to track 2024.1  https://review.opendev.org/c/openstack/openstack-ansible/+/91418810:43
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-ops master: Do not duplicate the in-repo example files inside the documentation  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/91687010:51
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_magnum master: Allow zuul job variables to be inserted into user_variables  https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/91664711:48
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_sahara master: Preserve actual production playbook in examples  https://review.opendev.org/c/openstack/openstack-ansible-os_sahara/+/91689012:08
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_murano master: Preserve actual production playbook in examples  https://review.opendev.org/c/openstack/openstack-ansible-os_murano/+/91689112:11
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_senlin master: Preserve actual production playbook in examples  https://review.opendev.org/c/openstack/openstack-ansible-os_senlin/+/91689212:12
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move Murano/Senlin/Sahara to Inactive state  https://review.opendev.org/c/openstack/openstack-ansible/+/91690012:58
noonedeadpunkI'm really not sure about if I'm doing right thing here ^12:58
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move Murano/Senlin/Sahara to Inactive state  https://review.opendev.org/c/openstack/openstack-ansible/+/91690012:59
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-ops master: Do not duplicate the in-repo example files inside the documentation  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/91687013:07
spatelHey! folks.. any idea what is going on here 13:22
spatel# openstack coe cluster config dev213:22
spatelPolicy doesn't allow certificate:get to be performed (HTTP 403) (Request-ID: req-7445ef3c-52a3-4911-97f6-1fb25d9fac1f)13:22
noonedeadpunkspatel: what are you using for auth?13:23
noonedeadpunkpassowrd/application credentials?13:23
spatelI have LDAP for username13:24
spatelFreeIPA13:24
spatelI am not using app creds13:24
noonedeadpunkdoes the user has `reader` role then?13:24
spatelMy keystone talk to freeIPA ldap and I have assigned user to reader role..13:25
noonedeadpunkas I think this is provided by LDAP as well...13:25
spatelopenstack role add --user spatel --user-domain eng --project eng reader13:25
noonedeadpunkhuh. and can you do that this way with ldap?13:26
spatelLDAP is only for username/password (all roles etc still handle by SQL )13:26
noonedeadpunkas I thought roles for user also provided from ldap13:26
noonedeadpunkI frankly never did that specific setup13:26
noonedeadpunkthough I though that with ldap there's no local users created?13:27
noonedeadpunkor they are on first login as well?13:27
spatelYes LDAP can fully integrate with keystone but I didn't configure that way.. LDAP only handling auth (just validate password)13:28
spatelauthorization should be handle by SQL 13:28
spatelThis is what I have - https://satishdotpatel.github.io/openstack-ldap-integration/13:29
noonedeadpunkaha13:29
spatel[identity]13:29
spateldriver = ldap13:29
spatelAssignment handle by SQL 13:29
spatel loadbalancer_memeber roles works that means keystone properly looking for roles mapping 13:31
noonedeadpunkyeah, ok, fair13:31
noonedeadpunkwell, `member` by default should imply `reader` anyway....13:32
noonedeadpunkbut I don't really have good obvious ideas otherwise.13:33
spatelLet me try to create local account outside LDAP and see how does it behave.. 13:33
andrewbonneynoonedeadpunk: I think jrosser_ mentioned our oslo.messaging fun yesterday. If you get chance to look I have some patches in https://review.opendev.org/q/topic:%22osa/rmq-policy%22 for pre-quorum-queue deployments13:56
noonedeadpunkandrewbonney: so basically it also means that deployments without HA queues are even more broken?13:59
andrewbonneyAt present if you don't use HA queues for reply queues, but have a multi-node RMQ cluster then failover causes big issues from 2023.1 onwards14:00
noonedeadpunkyeah14:04
noonedeadpunkbut probably even bigger if you don't use HA queues at all?14:04
andrewbonneyYes absolutely, assuming a multi-node RMQ14:10
jrosser_we figured at the scale we run at here, moving the reply queues to also be HA was acheiveable and would make upgrades much less full of surprise failures14:30
jrosser_however - that might not be the case if you don't have capacity in your rabbitmq to acommodate moving the reply queues to be ha14:31
noonedeadpunkyeah, fair14:35
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Update OpenStack Release to Caracal  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/91691714:43
noonedeadpunkThiagoCMC: we may see how distro install works soonish with this ^ :)14:43
opendevreviewStuart Grace proposed openstack/openstack-ansible-ops master: Clarifications to mcapi_vexxhost README  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/91681715:32
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-ops master: Do not duplicate the in-repo example files inside the documentation  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/91687015:43
ThiagoCMCnoonedeadpunk, Wheee!!!  :-D16:07
jrosser_i think there is new RDO for caracal as well if we want to move those jobs over16:16
noonedeadpunkyeah16:22
noonedeadpunkthat's exactly what https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/916917 does16:22
ThiagoCMCBTW, it seems OSA will skip Ceph 18, right? Since Caracal repos brings Ceph 19 already. Still with Ceph Ansible `stable-7.0`, BTW...16:30
ThiagoCMC=P16:30
jrosser_ThiagoCMC: we have talked about this :) We need to bump OSA caracal to use ceph 1816:43
jrosser_i was hoping you were going to make a patch for it16:43
ThiagoCMCYep, I know. Just confirming... =P16:44
jrosser_if ceph 19 is in the UCA repos we need to make sure we still pay attention to the apt pinning16:44
ThiagoCMCI'm really busy with lots of personal issues going on right now (condo owner is selling the place and kicked me out, so I have to figure this out now, just to begin the issues lol)... :-(16:45
ThiagoCMCAnd yes, Ceph 19 is in UCA for Caracal.16:45
jrosser_if it is difficult i can change the ceph version16:46
ThiagoCMCI REALLY want to contribute! But I might need a couple of weeks to sort things out on my side...  :-/16:47
jrosser_switching the ceph version really is just a couple of lines to change, i'll try to take a look at it tomorrow16:51
spatelnoonedeadpunk I found the problem :) 16:56
spatelI forgot to set following in keystone.conf16:56
spatel[assignment]16:56
spateldriver = sql16:56
noonedeadpunkyeah, that would explain it :D17:05
noonedeadpunkI even clean forgot about ceph bump on ptg :(17:06
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Add rabbitmq distro install support for EL  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/91693617:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Add distro infra jobs  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/91469217:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Do not pin packages nor install gpgs for distro method  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/91693817:22
jrosser_there is a stack of ops repo docs changes if anyone can look https://review.opendev.org/c/openstack/openstack-ansible-ops/+/91665017:37
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Respect is_management_address for provider_networks  https://review.opendev.org/c/openstack/openstack-ansible/+/91519517:40
mgariepyhmm.. https://www.reuters.com/markets/deals/ibm-nearing-buyout-deal-hashicorp-wsj-reports-2024-04-23/19:08
jrosser_mgariepy: there’s a fork I think already19:09
jrosser_openbao it’s called19:11
mgariepystill.19:11
mgariepythey will ruin everything :(19:11
opendevreviewMerged openstack/openstack-ansible-os_skyline master: Add EL distro support and ssl configuration for DB connection  https://review.opendev.org/c/openstack/openstack-ansible-os_skyline/+/91237019:15
jrosser_that’s a fork of vault, I mean19:15
jrosser_and for fun, take a look at who is contributing most to that repo recently…..19:15
mgariepyhmm fun19:18
mgariepyincus have a new deploy tool19:19
mgariepysimple ansible playbook ;)19:19
opendevreviewMerged openstack/openstack-ansible-os_skyline master: Support large uploads via Skyline  https://review.opendev.org/c/openstack/openstack-ansible-os_skyline/+/91414919:23
opendevreviewMerged openstack/openstack-ansible-os_nova stable/2023.2: Ensure TLS is enabled properly for cell0 mapping DB connection  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/91645319:28
opendevreviewMerged openstack/openstack-ansible-rabbitmq_server master: Remove RabbitMQ restart when changing policy  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/91604119:37
« Tuesday, 2024-04-23 Index Thursday, 2024-04-25 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!