| noonedeadpunk | I think we should try out https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/933769 after all, as landing rabbitmq stuff is super annoying.... | 10:41 |
|---|---|---|
| noonedeadpunk | *failures on releases.openstack.org | 10:42 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Update mariadb to 11.4.4 https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/922377 | 10:48 |
| noonedeadpunk | finally | 10:50 |
| noonedeadpunk | crap. there's no modern mariadb in current infra mirrors.... | 12:37 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Remove usage of mariadb.com infra mirror https://review.opendev.org/c/openstack/openstack-ansible/+/934037 | 12:46 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Use mirror.mariadb.org to install packages from https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/924354 | 12:46 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Switch to using mariadb.org infra cache https://review.opendev.org/c/openstack/openstack-ansible/+/934038 | 12:51 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Use mirror.mariadb.org to install packages from https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/924354 | 13:26 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Update mariadb to 11.4.4 https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/922377 | 13:40 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Remove HA queues defenition https://review.opendev.org/c/openstack/openstack-ansible/+/934042 | 14:12 |
| opendevreview | Merged openstack/openstack-ansible-repo_server master: Increase timeouts and add retries for UC fetching over HTTP https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/933769 | 14:25 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-repo_server stable/2024.1: Increase timeouts and add retries for UC fetching over HTTP https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/934046 | 14:38 |
| opendevreview | Merged openstack/openstack-ansible-rabbitmq_server master: Move verification of cluster_state to a separate file https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/931905 | 14:53 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Bump RabbitMQ version to 4.0 https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/934060 | 15:49 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Bump RabbitMQ version to 4.0 https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/934060 | 15:51 |
| sykebenX | Can anyone tell me what I might need to change in my configuration in order to get the generated LetsEncrypt certificate referenced correctly in haproxy? Right now, it is referencing haproxy_<hostname>-<interface_name>.pem when it should be referencing haproxy_<hostname>.pem. | 16:33 |
| sykebenX | I have hapoxy_bind_external_lb_vip_address = '*' and haproxy_bind_external_lb_vip_interface set to another interface that is not br-mgmt - I suspect this is where openstack-ansible might be getting confused, but we needed to use a separate interface to resolve a specific limitation in our hosting environment | 16:34 |
| jrosser | sykebenX: is this a single node controller, or high-availability with more nodes? | 16:42 |
| sykebenX | High availability with multiple nodes | 16:42 |
| jrosser | for a production deployment it would be completely normal to have the external vip on another interface | 16:43 |
| jrosser | the external IP is handled with keepalived when there are multiple controllers | 16:44 |
| jrosser | so i'm a bit confused why you need the haproxy bind settings | 16:45 |
| jrosser | sykebenX: so this talks specifically about haproxy https://opendev.org/openstack/openstack-ansible-haproxy_server/src/branch/master/defaults/main.yml#L284 | 16:48 |
| jrosser | and normally the external VIP is handled with keepalived | 16:48 |
| jrosser | thats just what i was wanting to check, if there is some confusion here about which thing/variables you should be using | 16:49 |
| sykebenX | We currently have a limitation in our hosting environment that makes use of keepalived undesirable. We are using an external loadbalancer to manage multiple controllers currently | 16:49 |
| jrosser | ok cool - that makes sense | 16:49 |
| jrosser | is that because the environment does not like an IP floating between nodes? | 16:50 |
| sykebenX | The root problem I'm having is that the letsencrypt certificate is not getting referenced as I am expecting by the haproxy service configuration for the the bind on port 443 | 16:50 |
| sykebenX | Yes there is a protection mechanism that doesn't like an IP floating between nodes iirc | 16:51 |
| jrosser | you will have some interesting experience with neutron i expect as a result] | 16:51 |
| sykebenX | Everything appears to be working okay aside from the cert at the moment, but maybe we haven't noticed an issue yet with neutron. Could you expand on those potential issues you're thinking about a bit? | 16:52 |
| jrosser | high availability neutron will have similar properties to keepalived | 16:53 |
| jrosser | like when routers fail over, and so on | 16:53 |
| sykebenX | I've identified that this is where the incorrect value is getting templated, but I'm not sure how to override it and if that's even the right approach in this circumstance. https://opendev.org/openstack/openstack-ansible-haproxy_server/src/commit/efaee49680542994a2b1d02ce9448f27f6618f6c/templates/service.j2#L56 | 16:56 |
| sykebenX | I think it's grabbing "service.haproxy_ssl_path" from somewhere | 16:56 |
| sykebenX | since I tried to override by setting the default value of `haproxy_ssl_path` | 16:56 |
| noonedeadpunk | fwiw, I've just catched `Connection failure: The read operation timed out", "url": "https://releases.openstack.org/constraints/upper/2f72094e9b8f690a3e3cc61d3d91305eb234d0a1` locally on an AIO vm | 17:29 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Use mirror.mariadb.org to install packages from https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/924354 | 19:07 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Use mirror.mariadb.org to install packages from https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/924354 | 19:22 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!