Tuesday, 2024-08-06

« Monday, 2024-08-05 Index Wednesday, 2024-08-07 »
opendevreviewMerged openstack/openstack-ansible master: Use the 'generated' apparmor profile for all containers  https://review.opendev.org/c/openstack/openstack-ansible/+/92466100:46
plattaChecking out 29.0.1 and running scripts/bootstrap-ansible.sh is giving an error when it tries to check out a commit with hash 49e70b6511812b61ebe1d61107ab5413b79ec7ba from https://opendev.org/openstack/openstack-ansible-os_skyline. I've been testing with the same steps for a few days and just tonight this error started happening. Any chance the01:58
plattaabove merges could be the cause?01:58
plattaI checked the repo and it does not have a commit with that hash. Wondering if the merge squashed away that specific commit. I'm hand-changing ansible-role-requirements.yml locally to reference master instead of that commit hash just to get things working. That's the only repo that caused an issue.02:05
noonedeadpunkhey there07:24
noonedeadpunkhuh, that's really weird...07:26
noonedeadpunkIndeed I don't see the SHA in repo either...07:26
noonedeadpunkWe will fix this obviously in the next release07:27
noonedeadpunkoh wait, here it is: https://opendev.org/openstack/openstack-ansible-os_skyline/commit/49e70b6511812b61ebe1d61107ab5413b79ec7ba07:29
noonedeadpunkplatta: ^07:29
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2024.1: Bump SHAs for 2024.1 (Caracal)  https://review.opendev.org/c/openstack/openstack-ansible/+/92573208:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump SHAs for master  https://review.opendev.org/c/openstack/openstack-ansible/+/92499708:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron stable/2024.1: Correct 'neutron-policy-override' tag  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/92573308:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron stable/2023.2: Correct 'neutron-policy-override' tag  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/92573408:19
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron stable/2023.1: Correct 'neutron-policy-override' tag  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/92573508:19
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Respect depends-on for collection installation  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/92574609:03
opendevreviewMerged openstack/ansible-role-uwsgi stable/2023.1: Ensure uWSGI is built with pcre support  https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/92568309:32
opendevreviewMerged openstack/ansible-role-uwsgi stable/2023.2: Ensure uWSGI is built with pcre support  https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/92568209:32
jrossercan we merge https://review.opendev.org/c/openstack/openstack-ansible-tests/+/925719 to unblock other unmaintained branches09:51
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.2: Bump SHAs for 2023.2 (Bobcat)  https://review.opendev.org/c/openstack/openstack-ansible/+/92575109:59
opendevreviewMerged openstack/openstack-ansible master: Remove the get_md5 parameter from ansible stat tasks  https://review.opendev.org/c/openstack/openstack-ansible/+/92556410:01
jrossernoonedeadpunk: there is some kind of circular dep here on bookworm https://zuul.opendev.org/t/openstack/build/e2bc03b60bd84ba09225cd9e3af3cf96/log/logs/openstack/aio1-keystone-container-c4eb5e23/keystone-wsgi-public.service.journal-08-37-41.log.txt10:52
jrosserthat failed patch is a depends-on here https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/92492210:52
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Add documentation on spawning HAProxy inside LXC  https://review.opendev.org/c/openstack/openstack-ansible/+/92435310:54
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Add documentation on spawning HAProxy inside LXC  https://review.opendev.org/c/openstack/openstack-ansible/+/92435310:55
noonedeadpunkjrosser: well.... uwsgi is not directly dependent10:57
noonedeadpunkprobavbly, I should reverse the dependency other way around10:57
noonedeadpunkI just wanted to ensure that both of them lead to uwsgi being built with pcre10:58
jrosseryeah looks like on bookworm uwsgi in the keystone container is built expecting pcre but for some reason it's not there10:59
jrosserand confusingly 924922 is the thing that should make it be there..... i wasnt really understanding why this does not fail for the other OS11:00
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-uwsgi master: Install pcre on destination hosts  https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/92492211:01
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Do not install uWSGI as part of Keystone  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/92492811:01
noonedeadpunkI've just reverted the dependency now to if it it's going to work out better11:02
plattanoonedeadpunk: Thanks for finding it. I’m not sure why it doesn’t seem to show up when browsing commits, or why ansible can’t seem to find it.11:02
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Respect depends-on for collection installation  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/92574611:29
jrosserplatta: if you delete/rename the os_skyline repo that bootstrap-ansible creates, does it then work?11:55
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Respect depends-on for collection installation  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/92574612:00
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Ensure haproxy_service_config targets right host group  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/92434112:10
plattajrosser: I re-imaged my machine and started from scratch. Yesterday when I did that it still wasn't working. Today, it seems to be working fine!12:49
jrosserplatta: i was wondering if the issue was that the code did not fetch the up to date repo contents when it already existed12:50
jrosserif you clone from fresh it might be different behaviour and you always get the latest repo content12:50
plattaI do always start fresh. I took an image of my server after a fresh Debian install, and I always start there, cloning the openstack-ansible repository. Maybe something was somehow out of sync for a time, but it does look ok now. If I see any other oddities I'll let you know here.12:52
plattajrosser: Following your advice from the other day, I've actually made my own customized version of the prepare_networking.yml that AIO uses. Basically I swapped out dummy-vlan for my real interface and adjusted the CIDRs accordingly. The issue I hit yesterday was the only thing preventing me from seeing if it actually worked.12:54
jrossercool - the idea is that openstack-ansible is completely decoupled from how you choose to setup the host networking12:55
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Respect depends-on for collection installation  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/92574612:56
jrosseryou can have anything you want, with whichever config tool is best for you12:56
noonedeadpunk(though you can configure host networking with openstack-ansible if you really want to)12:56
jrosseroh yes this is new isnt it12:56
jrosseri keep forgetting about that12:56
plattaHahaha, that's exactly what I decided to do.12:57
noonedeadpunkjrosser: since 2023.1: https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/86853412:57
noonedeadpunkso not _that_ new, but relatively to how long we're running osa internally - quite new xD12:58
jrosserplatta: ^ make sure you've seen that too12:58
opendevreviewMerged openstack/openstack-ansible-os_cinder stable/2023.1: Disable heartbeat_in_pthread by default  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/92483312:59
plattaThat is excellent! I am using the systemd_networkd role the same way AIO does. For now, I'm trying to build things a few pieces at a time, but it's good to know I might be able to just incorporate that into my overall configuration.13:00
noonedeadpunkI have some sample doc somewhere....13:00
noonedeadpunkhttps://docs.openstack.org/openstack-ansible/latest/user/network-arch/example.html#configuring-network-interfaces13:00
plattaI'm very much out of my depth on the majority of what I'm trying to do. The documentation and examples have been crucial for me, and very helpful. I'm learning a lot!13:01
noonedeadpunkand there was another sample here: https://review.opendev.org/c/openstack/openstack-ansible/+/924353/7/doc/source/user/prod/haproxy_in_lxc.rst13:02
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Always escalate privileges for attaching to containers  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/92527213:26
noonedeadpunkso https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/924928 seems better now13:38
noonedeadpunkbut https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/924922 needs to be re-voted now13:38
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Ensure Octavia communicates with Neutron through internal URL  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/92577013:49
opendevreviewMerged openstack/openstack-ansible-tests unmaintained/zed: Remove use of debian-buster job  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/92571914:10
noonedeadpunk#startmeeting openstack_ansible_meeting15:00
opendevmeetMeeting started Tue Aug  6 15:00:12 2024 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'openstack_ansible_meeting'15:00
noonedeadpunk#topic rollcall15:00
noonedeadpunko/15:00
jrossero/ hello15:00
hamburglero/15:00
noonedeadpunk#topic office hours15:03
noonedeadpunkSo, I think we're ready to have new bugfix releases for stable branches15:03
noonedeadpunkthough, I realized that it's probably worth pinging/bumping config_template collection for that15:04
noonedeadpunk#link https://review.opendev.org/c/openstack/releases/+/92575015:04
noonedeadpunkor, we can include it in the next one15:04
noonedeadpunkthere's 1 "bugfix" that mainly affects 1 nova thing15:04
noonedeadpunkso this topic is useless without config_template update15:05
noonedeadpunk#link https://review.opendev.org/q/Ifc1239e4ef768e94c44d8d07df7a0b93c73638f915:05
noonedeadpunkIm kinda fine with both options15:05
jrosserah so in order to be able to use that we need to bump the version of config_template on stable branches?15:07
noonedeadpunkyeah15:07
noonedeadpunkmaybe frickler will be able to help landing it when around :D15:08
jrosserwell - the change it needs to config_template is kind of small15:08
jrossernot like a large change15:08
noonedeadpunkyeah, so it should be not an issue to update it's version15:09
noonedeadpunkjust matter of time15:09
jrosseri think thats OK if your happy with that15:09
noonedeadpunkthen, I just found an outstanding topic, that's been a while after initial discussion.15:10
noonedeadpunk#link https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/92283715:10
noonedeadpunkwas going to ask if probably you have a better workaround already in place?15:10
jrosserthat would be a question best for andrewbonney i think15:11
noonedeadpunkas I wasn;t able to iterate on that and even already forgot what the problem was :(15:12
andrewbonneyJust reminding myself...15:12
noonedeadpunkand that sounds like smth worth backporting to 2024.1 at very least15:12
jrosserwell yes - i think that at the moment the code doesnt really account for the deploy host being seperate15:12
jrosser^ sort of15:12
jrosserand that you want to treat the utility containers as deleteable15:13
noonedeadpunkyeah, true15:13
noonedeadpunknow I've recalled15:13
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Enchance reference_group logic for inventory  https://review.opendev.org/c/openstack/openstack-ansible/+/92359615:13
jrosserperhaps it is actually better that the keypair is created on the deploy host, completely seperate15:13
hamburglerFor this since we use an ansible role to deploy OSA to our deployment host, we copy over the octavia private key to deployment host, which then gets deployed to utility lxc, and added a task to utility playbook to deploy the key to utility lxc in event it is deleted15:14
hamburglerMaybe doesn't fit the use case here15:15
jrosseri think the issue here is that in the past it worked kind of like that15:15
jrosserbut refactoring to use the openstack_resources role to handle creating the keypair has pretty different behaviour15:16
noonedeadpunkbut to be fair - location on the deploy host was also very unfortunate, as it was under ${HOME}15:16
jrosseroh indeed yes15:16
andrewbonneyYeah, I think I worked around this when upgrading to C making sure the existing keys were manually in the right places to prevent tasks running, but that doesn't fix things if we needed to do a fresh deploy with our model15:16
noonedeadpunkso, we had some envs, where keypair was created under certain user home directories rather then "assumed" /root15:17
jrosserwe could move to the ssh_keypairs role we have in the plugins repo15:17
jrosserthen i think this all gets regularised with the other autogenerated keys15:17
noonedeadpunkbut I think this is smth we'd need to fix before doing 29.1.0? as this totally will mess upgrades...15:17
noonedeadpunkand thinking about that... I guess I will get some time this week to look into the patch as part of upgrade preparation..15:18
jrosserimho it is just making things more difficult by having nova generate the keypair15:19
noonedeadpunkSo openstack_resources role does not rely on nova for that anymore15:19
noonedeadpunkmoreover - this behaviour is deprecated in nova15:20
noonedeadpunkso current microapi will refuse to generate a keypair for you15:20
jrosseroh then we need to fix `comment: Generated-by-Nova`15:20
noonedeadpunkwell. the problem with the comment is... that for existing keys module will either fail or rewrite the key depending on options15:21
noonedeadpunkso it's done to make it idempotent for upgrades case...15:21
jrosserah15:21
noonedeadpunk(but as we know - upgrades are borked out of aio anyway)15:21
jrosserwe should just patch octavia to have an ssh CA :)15:21
jrosserthen you could make the key only when you need it15:22
noonedeadpunkhehe15:22
noonedeadpunkthat would be too good15:22
noonedeadpunkok, another thing, is that we have a lot of CI failures recently15:23
jrosserhmm well if you have some time to think about it - i don't think we will fix it here just now15:23
jrosseryes i was trying to keep a list of whats failing15:23
jrossera bunch of failing to retrieve u-c which i think could be some regression as i thought we got that locally15:24
jrossera bunch of failing to download cirros which needs openstack_resources to have a concept of a cache directiry15:24
noonedeadpunkone big change is that nginx got replaced with apache15:24
jrosserceph seems fragile15:24
noonedeadpunkand there was obvious issue with rocky tls jobs which is now fixed15:25
noonedeadpunkyeah, openstack_resources totally needs a bit more love regarding images...15:25
noonedeadpunkAnd I also spotted ceph, but it seems to fail somewhere on tempest15:26
jrosserright - we did discuss caching / format conversion / which SHA to specify previously15:26
noonedeadpunkyeah, though was not able to check on that specifically15:28
noonedeadpunkwas trying to fix the tests repo - utter waste of time :(15:29
noonedeadpunkwe're doing so much things differently now....15:29
noonedeadpunkah. btw I've tried to propose some change to the apache role which we could potentially use, but seems it didn't went particulary well: https://github.com/geerlingguy/ansible-role-apache/pull/25615:31
noonedeadpunkand yeah. there's quite some complexity needed not to break existing deployments15:32
noonedeadpunkso likely we'd need to come up with own one (as usual)15:32
noonedeadpunkand it's still on me to document how to run services on domain.com/<service_type>15:33
noonedeadpunkpretty much got that example working :D15:34
noonedeadpunkended pretty much with this for services that use uwsgi: https://paste.openstack.org/show/bExMotkR2J2rZFmR9AzH/15:37
noonedeadpunkbut for those, that are not, I have to add `public_endpoint` option, ie for glance https://paste.openstack.org/show/bTA86aXPXL5rjHOJ6njP/15:37
noonedeadpunkso having subdomains is way more neat, imo...15:38
noonedeadpunkbut question stands - how to make such setup neat enough15:40
noonedeadpunkor just let it be documentation only15:41
hamburglersubdomains are much neater - especially when dealing with multiple regions, prefer this too 15:44
noonedeadpunkthe problem I was trying to solve - have single let's encrypt certificate15:45
noonedeadpunkBut well, it's possible to specify all subdomains in the list as well...15:46
noonedeadpunkthough until you will want to have different certs for internal and external endpoints... 15:47
noonedeadpunkbut yeah - I wasn't able to make RGW to work under URI at all15:49
hamburglerone thing you can do, if you place behind cloudflare using advance cert subscription, it proxys all. Still uses lets encrypt but makes management very simple and only a small fee15:49
noonedeadpunkwell - we can't use cloudflare compliance wise15:49
hamburglerah :(15:49
noonedeadpunkbut yeah, I have 2 options here, so hopefully will document both of them soon15:50
plattaI successfully modified the network configuration of an AIO in between deployment steps and ended up with an environment where I can create floating IPs that live on my physical network. Now I'll re-image and try using the same configuration files for a standard install.15:50
* frickler is reading backlog, but not sure about the context, which change needs more power?15:53
noonedeadpunkwith the release hat on:) https://review.opendev.org/c/openstack/releases/+/92575015:54
noonedeadpunk#endmeeting16:02
opendevmeetMeeting ended Tue Aug  6 16:02:32 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:02
opendevmeetMinutes:        https://meetings.opendev.org/meetings/openstack_ansible_meeting/2024/openstack_ansible_meeting.2024-08-06-15.00.html16:02
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2024/openstack_ansible_meeting.2024-08-06-15.00.txt16:02
opendevmeetLog:            https://meetings.opendev.org/meetings/openstack_ansible_meeting/2024/openstack_ansible_meeting.2024-08-06-15.00.log.html16:02
jrossernoonedeadpunk: about rgw and putting it on a sub uri, imho it’s always better to give that its own fqdn/san16:18
noonedeadpunkand I think it was discontinued in S3 API as well16:19
noonedeadpunkso yeah16:19
jrosserespecially if you want to do s316:19
jrosseryeah16:19
fricklernoonedeadpunk: ah, easy task then, done ;)16:19
jrosseralso it’s then super easy to move onto its own hardware if you have a bunch of object traffic16:19
noonedeadpunkyeah, true16:20
noonedeadpunkI was doing that mainly out of interest and was wondering if it's even possibly to do consistently16:20
noonedeadpunkso #not-a-technical-advice16:21
jrosserI think eventually we run 3 sets16:21
jrosserone for s3 one for swift and one for static sites16:21
opendevreviewMerged openstack/openstack-ansible master: Use gather_extra_facts role from plugins collection  https://review.opendev.org/c/openstack/openstack-ansible/+/92340517:13
opendevreviewMerged openstack/ansible-role-uwsgi master: Install pcre on destination hosts  https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/92492217:13
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.2: Bump SHAs for 2023.2 (Bobcat)  https://review.opendev.org/c/openstack/openstack-ansible/+/92575117:30
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2024.1: Bump SHAs for 2024.1 (Caracal)  https://review.opendev.org/c/openstack/openstack-ansible/+/92573217:30
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Bump SHAs for 2023.1 (Antelope)  https://review.opendev.org/c/openstack/openstack-ansible/+/92579217:39
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Clone Ansible roles to /etc/ansible  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/92579418:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Ensure Octavia communicates with Neutron through internal URL  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/92577018:23
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Do not install uWSGI as part of Keystone  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/92492818:47
plattaI'm doing SSL termination on my own NGINX server, so I want to disable SSL on Horizon. There's a setting called horizon_external_ssl, but also a comment from odyssey4me that says "This variable is actually badly named, as it applies settings which have nothing to do with SSL." Is there a better recommended way to disable SSL on Horizon?19:47
jrosserplatta: would be interested to know why you'd like to use an extra nginx?20:07
plattajrosser: I already have it running for other services I run on my local network, and I have it acting as a reverse proxy so I can hit my one IP address from different domain names and have NGINX route to the appropriate service internally.20:11
jrosseralso haproxy does all the api as ssl20:13
jrosserso thinking only about horizon is just part of the picture20:14
plattaHmm. Well, my thought with Horizon is that I don't want to get certificate warnings when I pull it up in a browser. I do all my certs with certbot, and although I know OSA supports that, my little one-node cloud isn't exposed directly to the internet for the ACME challenge. The only path for that is through the NGINX setup I have already.20:17
plattaI haven't gotten far enough to start thinking about automating OpenStack actions with the APIs, but I probably will. I guess I should just wait for now and deal with the certificate warnings until I get things up and running a bit more.20:17
jrosserpersonally i would stick with the something that works for a while 20:18
jrosseri think the comments you see in the horizon role point to legacy stuff that needs some more work20:19
jrosserand i think there is ugliness with x-forwarded-proto which will trip you up20:20
plattaOh I've definitely run into some issues like that. If I decide to do it, it'll probably take a week of digging to figure out. I think I'll leave it for now.20:20
jrosserif you do manage something like that it would be great to do a "home lab" section of the docs20:21
plattaIn the meantime, I've got to work through my current installation. Looks like the repo container isn't working properly, and the setup-infrastructure playbook is failing when the utility container tries to pull upper_constraints_cached.txt. Getting connection refused, so I assume the repo container isn't working properly.20:21
jrosseras we do get a fair few queries about things like that20:22
plattaI'll gladly contribute to the documentation once I get things working. So far it's really not far from the AIO configuration, but it took a while to understand the exact tweaks I needed to make.20:22
jrosserusual way to debug that is to look at haproxy, see if it thinks the backend is up20:23
plattaActually, there's a fair chance you could build something similar to the bootstrap-aio script just for a single node home lab.20:23
plattaI'll take a look at haproxy. Whole new set of tools I need to learn. I tend to work in AWS at my day job.20:24
jrosserhaproxy is "center of the universe" in an osa deployment20:26
jrosserall services call each other via haproxy on the internal endpoint20:27
jrosserand your users hit the external endpont20:27
plattaI guess maybe the fact that I don't have haproxy_hosts in my config might be part of the issue? I based my config on the AIO template, and it doesn't include that.20:29
jrosserplatta: it will be like this https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_cab/924311/3/check/openstack-ansible-deploy-aio_lxc-ubuntu-jammy/cab496a/logs/etc/host/openstack_deploy/conf.d/20:35
opendevreviewMerged openstack/openstack-ansible master: Bump SHAs for master  https://review.opendev.org/c/openstack/openstack-ansible/+/92499721:55
plattaI got as far as the setup-openstack playbook. Keystone install is failing. I traced it as far as line 74 here https://opendev.org/openstack/openstack-ansible-os_keystone/src/commit/429dfbea39f0695f072a7dc339e3c772cc39df7d/tasks/main.yml but not entirely sure where the code for that role is. I also found this post22:15
plattahttps://bugs.launchpad.net/openstack-ansible/+bug/2017689. HAProxy seems to think Galera is up, and that user_variable suggestion did not work.22:15
plattaI had a hiccup in the middle of one of the playbooks where I lost connectivity and had to reboot the server. I'm going to try re-imaging and starting from the beginning with all my updated configuration files in case that caused an issue.22:16
plattaAlso, the actual error from ansible is: {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false}22:16
« Monday, 2024-08-05 Index Wednesday, 2024-08-07 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!