| noonedeadpunk | jrosser: but I've added alreasdy to https://review.opendev.org/c/openstack/openstack-ansible/+/923358/11 ? | 06:19 |
|---|---|---|
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic stable/2024.1: Fix Ironic IPA version for 2024.1 https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/923814 | 06:19 |
| noonedeadpunk | hm | 06:20 |
| noonedeadpunk | ah | 06:20 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use openstack.osa.install_defaults role instead of vars_files https://review.opendev.org/c/openstack/openstack-ansible/+/923358 | 06:22 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use openstack.osa.install_defaults role instead of vars_files https://review.opendev.org/c/openstack/openstack-ansible/+/923358 | 06:26 |
| jrosser | so i think i need to update the ops repo to match the same changes | 07:31 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-ops master: Update format of install_defaults https://review.opendev.org/c/openstack/openstack-ansible-ops/+/923392 | 07:33 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-ops master: Update format of install_defaults https://review.opendev.org/c/openstack/openstack-ansible-ops/+/923392 | 07:38 |
| noonedeadpunk | yeah, true | 07:47 |
| noonedeadpunk | clean forgot | 07:47 |
| jrosser | the mcapi jobs feel more (but not completely) reliable now i have broken up the playbook | 07:48 |
| jrosser | it now installs the control plane k8s as part of setup-infrastructure, so thats there before magnum | 07:48 |
| jrosser | then magnum and the capi driver go on next | 07:49 |
| jrosser | rather before where it did all of the steps right at the end on top of an existing deployment | 07:49 |
| noonedeadpunk | hm, I'm looking at https://review.opendev.org/c/openstack/openstack-ansible-ops/+/923447/8/mcapi_vexxhost/playbooks/mcapi_control_plane_k8s.yml now and feel unsure about `{{ ansible_facts['kernel'] }}` part | 07:51 |
| noonedeadpunk | as, in case, you've got kernel just updated during some openstack_hosts (or smth like that?) - things will fail with reboot? | 07:51 |
| noonedeadpunk | but from other side I get the catch here | 07:52 |
| jrosser | yep i don't have a good answer to that | 07:52 |
| noonedeadpunk | as otherwise, you'd install headers for updated kernel that's not yet used | 07:52 |
| jrosser | i came into exactly that situation testing here with a very old debian-12 image | 07:52 |
| noonedeadpunk | maybe worth to introduce some check in early if we're running the intended kernel version... but not sure how to make it frankly speaking | 07:53 |
| noonedeadpunk | without parsing grub.cfg | 07:53 |
| jrosser | is there also a meta package that makes the current kernel headers always be installed? | 07:53 |
| jrosser | so if the kernel was updated you'd get the headers by magic | 07:54 |
| noonedeadpunk | well. I think it would be "intended" one, not current | 07:54 |
| noonedeadpunk | so if you need a reboot - it will install headers for the next one iirc | 07:54 |
| jrosser | perhaps thats the answer then - if both of those were present youd have the headers for the current + intended kernels | 07:55 |
| noonedeadpunk | and yes - you will get all futher headers by magic | 07:55 |
| jrosser | the code as it is ensures that you have the headers for the running kernel | 07:55 |
| noonedeadpunk | oh. | 07:55 |
| noonedeadpunk | yes, I think that would work indeed | 07:55 |
| noonedeadpunk | as at worst meta package will resolve to the same one | 07:55 |
| jrosser | yes true | 07:56 |
| noonedeadpunk | for ubuntu/debian it should be `linux-headers-generic` | 07:56 |
| noonedeadpunk | but then again - it kinda depends on the kernel... | 07:56 |
| noonedeadpunk | as there's another meta for HWE kernel on ubuntu | 07:57 |
| jrosser | hwe :) | 07:57 |
| noonedeadpunk | yeah | 07:57 |
| jrosser | i will think about this | 07:57 |
| jrosser | there should be a way | 07:57 |
| noonedeadpunk | but then I think you can detect generic/hwe from facts... | 07:57 |
| noonedeadpunk | but that all is /o\ | 07:58 |
| noonedeadpunk | (as generic/hwe is part of uname) | 07:58 |
| opendevreview | Merged openstack/openstack-ansible master: [doc] Update role maturity matrix https://review.opendev.org/c/openstack/openstack-ansible/+/923712 | 08:11 |
| noonedeadpunk | a review on https://review.opendev.org/c/openstack/openstack-ansible/+/923768?usp=search would be great | 08:57 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use gather_extra_facts role from plugins collection https://review.opendev.org/c/openstack/openstack-ansible/+/923405 | 09:26 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Switch to ceph-ansible stable-8.0 https://review.opendev.org/c/openstack/openstack-ansible/+/921976 | 09:27 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use UCA mirror in CI for ubuntu https://review.opendev.org/c/openstack/openstack-ansible/+/923776 | 09:41 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use ceph mirror in CI jobs https://review.opendev.org/c/openstack/openstack-ansible/+/923777 | 09:41 |
| noonedeadpunk | so, about mariadb 11.4.... | 09:43 |
| noonedeadpunk | I've recalled why I got certificate for localhost rather then skip-ssl-verify-server-cert | 09:44 |
| noonedeadpunk | and it's all because of debian.cnf | 09:44 |
| noonedeadpunk | https://paste.openstack.org/show/bubCX416AjWB3OXCSdey/ | 09:44 |
| noonedeadpunk | while we do have some logic to replace it with a custom one, I'm really not sure if we want to... | 09:45 |
| noonedeadpunk | it's like picking between 2 bad decisions | 09:46 |
| noonedeadpunk | and it's being distributed under quite a specific condition: https://opendev.org/openstack/openstack-ansible-galera_server/src/branch/master/tasks/galera_server_post_install.yml#L127-L131 | 09:47 |
| jrosser | ah yes | 09:48 |
| jrosser | i was going to see if i could get some advice here about how good/bad the localhost certificate was | 09:48 |
| jrosser | it might be actually that there is no additional risk other than it "looking odd" | 09:48 |
| noonedeadpunk | well, I guess it kinda depends on what you have in /etc/hosts as well | 09:49 |
| noonedeadpunk | as then quite a variety of things can be "localhost" | 09:49 |
| jrosser | so the certificate on its own is useless | 09:50 |
| noonedeadpunk | well, true... | 09:50 |
| jrosser | only if you have the key, and you need to compromise the host pretty severely to get the key | 09:50 |
| jrosser | so we shoukld double check that the permissions on the key/directory are sensible | 09:51 |
| jrosser | i expect those may not be enforced as tightly as they are with openssh for example | 09:51 |
| noonedeadpunk | I think we should have 0600 | 09:51 |
| noonedeadpunk | on private keys | 09:51 |
| noonedeadpunk | https://paste.openstack.org/show/brtcqaCAVEoMTuwOr5tw/ | 09:52 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use mariadb client instead of mariadb for healthcheck https://review.opendev.org/c/openstack/openstack-ansible/+/922839 | 09:56 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use mariadb client instead of mysql for healthcheck https://review.opendev.org/c/openstack/openstack-ansible/+/922839 | 09:56 |
| opendevreview | Merged openstack/openstack-ansible-lxc_container_create stable/2023.2: Respect dhcp_use_routes in lxc_container_networks https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/923642 | 10:06 |
| opendevreview | Merged openstack/openstack-ansible master: Remove os-log-dir-setup common playbook https://review.opendev.org/c/openstack/openstack-ansible/+/923402 | 10:17 |
| opendevreview | Merged openstack/openstack-ansible master: Add nfs server exports file to log collection https://review.opendev.org/c/openstack/openstack-ansible/+/923203 | 10:19 |
| opendevreview | Merged openstack/openstack-ansible-lxc_hosts master: Ensure udev is installed in container image https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/923167 | 10:22 |
| opendevreview | Merged openstack/openstack-ansible-plugins master: Add gather_extra_facts role https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/923403 | 10:33 |
| jrosser | noonedeadpunk: so debian.cnf is going to be removed at some point? | 11:03 |
| * jrosser just trying to understand all the things here..... | 11:04 | |
| opendevreview | Merged openstack/openstack-ansible-os_ironic stable/2024.1: Fix Ironic IPA version for 2024.1 https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/923814 | 11:17 |
| noonedeadpunk | it's what said in debian.cnf... | 11:21 |
| noonedeadpunk | but it's still in heavy use by debian-start script | 11:21 |
| noonedeadpunk | and it's been explicitly passed as a config file at the moment | 11:22 |
| noonedeadpunk | so I'm a bit confused there | 11:22 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2024.1: Bump SHAs for 2024.1 (Caracal) https://review.opendev.org/c/openstack/openstack-ansible/+/923559 | 11:23 |
| noonedeadpunk | this is now ready I believe ^ | 11:23 |
| jrosser | i guess there never was an answer in #mariadb | 11:37 |
| noonedeadpunk | haven't seen any | 11:38 |
| noonedeadpunk | actually.... | 11:39 |
| noonedeadpunk | monty answered that they will ask maintainers for debian... | 11:39 |
| noonedeadpunk | crap | 11:39 |
| noonedeadpunk | but no follow-up | 11:43 |
| * noonedeadpunk forgets to join Libera these days | 11:43 | |
| opendevreview | Merged openstack/openstack-ansible unmaintained/yoga: Bump role SHAs for unamitained/yoga https://review.opendev.org/c/openstack/openstack-ansible/+/923768 | 11:49 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use UCA mirror in CI for ubuntu https://review.opendev.org/c/openstack/openstack-ansible/+/923776 | 12:39 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use ceph mirror in CI jobs https://review.opendev.org/c/openstack/openstack-ansible/+/923777 | 12:39 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use ceph mirror in CI jobs https://review.opendev.org/c/openstack/openstack-ansible/+/923777 | 12:40 |
| noonedeadpunk | so I've submitted a bug report: https://jira.mariadb.org/browse/MDEV-34563 | 13:26 |
| noonedeadpunk | they're gonna have a 11.4.3 release on 25th of July. And I was told that it's not intended behaviour. So if we're lucky - fix might be issued for the upcoming release... | 13:26 |
| noonedeadpunk | "the purpose of SSL certificate validation is to make sure you're talking to the correct server and nobody can intercept the connection. Which is always true for unix socket, and thus the client knows the certificate is coming from the correct server, ergo, it is valid. So the client doesn't actually validate certificates in socket connections" was the answer basically | 13:27 |
| jrosser | noonedeadpunk: what do you think about this? https://review.opendev.org/c/openstack/openstack-ansible/+/923358 | 13:35 |
| jrosser | the validate job - i wonder if somehow the vars defining install_method are not in scope there? | 13:35 |
| noonedeadpunk | jrosser: but it was passing patcheset 7... | 13:38 |
| noonedeadpunk | so it's weird | 13:38 |
| noonedeadpunk | "/bin/sh: 1: /openstack/venvs/utility-29.1.0.dev26/bin/python: not found\n" | 13:39 |
| noonedeadpunk | oh well | 13:40 |
| noonedeadpunk | it tires to find utility host on localhost | 13:40 |
| noonedeadpunk | *utility venv | 13:40 |
| noonedeadpunk | ok, it just slipped: https://opendev.org/openstack/openstack-ansible/src/branch/master/playbooks/healthcheck-infrastructure.yml#L105 | 13:41 |
| noonedeadpunk | ugh | 13:41 |
| jrosser | so we are missing `openstack_service_setup_host` | 13:42 |
| noonedeadpunk | yeah | 13:42 |
| noonedeadpunk | and I guess that's because it can't be in tasks | 13:42 |
| noonedeadpunk | or even in pre_tasks.... | 13:42 |
| noonedeadpunk | vars_files likely loaded before hosts are evaluated | 13:43 |
| noonedeadpunk | so maybe we must have import_role in that case | 13:43 |
| noonedeadpunk | when `hosts` depend on that import | 13:43 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use openstack.osa.install_defaults role instead of vars_files https://review.opendev.org/c/openstack/openstack-ansible/+/923358 | 13:45 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use UCA mirror in CI for ubuntu https://review.opendev.org/c/openstack/openstack-ansible/+/923776 | 14:02 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use ceph mirror in CI jobs https://review.opendev.org/c/openstack/openstack-ansible/+/923777 | 14:02 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use ceph mirror in CI jobs https://review.opendev.org/c/openstack/openstack-ansible/+/923777 | 14:03 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use openstack.osa.install_defaults role instead of vars_files https://review.opendev.org/c/openstack/openstack-ansible/+/923358 | 14:05 |
| jrosser | well that is something i have never seen before | 14:07 |
| jrosser | `Cloning file:///openstack/src/opendev.org/openstack/nova (to revision 11301e7e3f0d81a3368632f90608e30d9c647111) to ./pip-install-4rnani35/nova_72e7b9df3ca9470daf89969fbdc758fa\n\n:stderr: Running command git clone --filter=blob:none --quiet file:///openstack/src/opendev.org/openstack/nova /tmp/pip-install-4rnani35/nova_72e7b9df3ca9470daf89969fbdc758fa\n warning: filtering not recognized by server, ignoring\n error: | 14:08 |
| jrosser | inflate: data stream error (incorrect data check)\n fatal: serious inflate inconsistency` | 14:08 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Collect step-ca logs https://review.opendev.org/c/openstack/openstack-ansible/+/923855 | 14:22 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Collect letsencrypt logs https://review.opendev.org/c/openstack/openstack-ansible/+/923858 | 14:29 |
| opendevreview | Merged openstack/openstack-ansible-plugins master: Add unbound_clients role https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/923407 | 15:15 |
| noonedeadpunk | so regarding mariadb - likely we need just to wait.... | 15:26 |
| noonedeadpunk | or issue for localhost and then revert this part | 15:26 |
| jrosser | it sounds liek it should only be a couple of weeks? | 15:27 |
| noonedeadpunk | well. it's for mariadb server. and I'm not sure, as bug report was moved to C connector... | 15:27 |
| noonedeadpunk | which has different release cycle I assume | 15:27 |
| noonedeadpunk | at least there's no release date specified yet for this one | 15:28 |
| noonedeadpunk | ok, Zed finally passed: https://review.opendev.org/c/openstack/openstack-ansible/+/923619 | 15:31 |
| noonedeadpunk | this should unblock 2023.1 :D | 15:31 |
| opendevreview | Merged openstack/openstack-ansible-plugins master: Add dynamic_address_fact role https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/923410 | 16:13 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use openstack.osa.install_defaults role instead of vars_files https://review.opendev.org/c/openstack/openstack-ansible/+/923358 | 16:22 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Remove remove_container_journal common task file https://review.opendev.org/c/openstack/openstack-ansible/+/923366 | 16:22 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Remove dynamic-grouping common task file https://review.opendev.org/c/openstack/openstack-ansible/+/923367 | 16:22 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use haproxy_endpoint_manage role from osa collection rather than common-tasks https://review.opendev.org/c/openstack/openstack-ansible/+/923368 | 16:22 |
| noonedeadpunk | we need to set this either to `master` or just update once all things land to plugins repo: https://opendev.org/openstack/openstack-ansible/src/branch/master/ansible-collection-requirements.yml#L14 | 17:50 |
| noonedeadpunk | otherwise aio will be borked on VMs... | 17:50 |
| opendevreview | Merged openstack/openstack-ansible-ops master: Update format of install_defaults https://review.opendev.org/c/openstack/openstack-ansible-ops/+/923392 | 18:27 |
| opendevreview | Merged openstack/ansible-role-python_venv_build master: Ignore repo container facts gathering errors https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/921858 | 18:29 |
| opendevreview | Merged openstack/openstack-ansible-openstack_hosts master: Ensure git safe directory is templated properly https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/923654 | 18:33 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build stable/2024.1: Ignore repo container facts gathering errors https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/923883 | 18:55 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts stable/2024.1: Ensure git safe directory is templated properly https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/923884 | 18:55 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build stable/2023.2: Ignore repo container facts gathering errors https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/923885 | 18:56 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts stable/2023.2: Ensure git safe directory is templated properly https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/923886 | 18:56 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build stable/2023.1: Ignore repo container facts gathering errors https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/923887 | 18:56 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts stable/2023.1: Ensure git safe directory is templated properly https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/923888 | 18:56 |
| opendevreview | Merged openstack/openstack-ansible stable/zed: Switch u-c to SHA https://review.opendev.org/c/openstack/openstack-ansible/+/923619 | 19:31 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_hosts stable/2024.1: Ensure udev is installed in container image https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/923891 | 19:37 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!