Monday, 2024-11-11

opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder master: Remove cinder v2 references  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/93459308:03
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder master: Remove cinder v2 references  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/93459308:14
jrossernoonedeadpunk: i was just looking at the haproxy bind patches - do you expect this? https://codesearch.opendev.org/?q=haproxy_vip_binds08:27
noonedeadpunkjrosser: yeah, I just was taking this into account: https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/934553/108:31
noonedeadpunk(if it makes sense)08:31
jrosserooooh i see08:31
jrosserwe do have some use of `extra_lb_tls_vip_addresses` but that likley could be refactored08:32
jrosserit is to add an ipv6 address to the external vip as well as a v408:32
noonedeadpunkoh yes, we have. And we also have extra_lb_vip_addresses08:32
noonedeadpunkand that all is very confusing08:32
noonedeadpunkyeah08:33
jrosseri agree that the haproxy role could really do with a cleanup08:33
noonedeadpunkbut I would expect we can add these with haproxy_vip_binds or smth from what I saw08:33
jrosserandrewbonney: ^08:33
noonedeadpunkBut I didn't manage to finilize all that yesterday08:34
noonedeadpunkas `extra_lb_tls_vip_addresses` anyway end up being part of _haproxy_tls_vip_binds as of today08:35
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible-haproxy_server/src/branch/master/vars/main.yml#L22-L2308:35
noonedeadpunkand all rest are mainly just checks if vip in vips08:35
noonedeadpunksame with extra_lb_vip_addresses kinda but in different place: https://opendev.org/openstack/openstack-ansible-haproxy_server/src/branch/master/templates/service.j2#L1808:36
noonedeadpunkbut i can easily may miss a very valid need for these...08:36
noonedeadpunkbut all these patches were mainly to achieve that part: https://review.opendev.org/c/openstack/openstack-ansible/+/934536/4..6/doc/source/user/prod/pretty_endpoint_naming.rst08:36
noonedeadpunkalso not sure if `type` makes much sense... but it might be for let's encrypt as logic today does issue only for external endpoints08:39
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Add variables to control HSTS records  https://review.opendev.org/c/openstack/openstack-ansible/+/93462010:23
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Deny access to any paths including /. for console proxies.  https://review.opendev.org/c/openstack/openstack-ansible/+/93464012:02
gokhan_hello folks, I am trying to use netapp and ceph cinder backends together. But cinder volumes services which manage netapp backend will be deployed on metal and cinder volume which manage ceph backend will be deployed on containers. is it possible to seperate is_metal property with host vars ? 12:15
noonedeadpunkgokhan_: I guess I would jsut create another groups for both, but still making them part of cinder_volumes12:16
noonedeadpunkand yes you can do that with env.d I believe12:16
jrosserquestion could be does the netapp stuff actually need to be on metal, or can it be in a container with the ceph backend?12:16
noonedeadpunkat least I we did have same setup with ceph and NFS, where ceph was on LXC and NFS on bare metal12:16
noonedeadpunkthough there was no reason to have NFS on metal to be frank, except historical ones12:17
jrosseriirc this all comes about with things like nfs and lvm where in the past you could not serve nfs/iscsi from inside the container12:17
jrosserbut thats really not the same issue as managing some other device that provides the actual backend on nfs/iscsi12:17
gokhan_jrosser, there are some problems with active/active settings. for example netapp can not support active/active, we can not install together on same cinder volume service12:19
jrosserhuh https://kb.netapp.com/Cloud/OpenStack/Cinder_Driver%3A_Active%2F%2FActive_High_Availability_Support_for_iSCSI%2F%2FFCP12:21
jrosserso it's not really a question of metal vs container12:22
jrossermore one of needing a set of cinder-volume for active-active, and another for everything else12:24
noonedeadpunkso you can also spawn another series of containers12:25
noonedeadpunkI think I had a sample for rabbitmq12:25
noonedeadpunkhttps://docs.openstack.org/openstack-ansible-os_trove/latest/configure-trove.html#use-stand-alone-rabbitmq12:25
gokhan_noonedeadpunk, you made for trove rabbitmq if I recall correctly 12:25
jrosserthen you would be able to have two sets of group_vars, one for each to make the overrides that you want12:26
noonedeadpunkgokhan_: but from inventory view-point, rabbitmq and cinder are kinda same ;)12:27
noonedeadpunkjust need to put correct names12:27
gokhan_thanks noonedeadpunk jrosser I am deploying now.12:32
gokhan_noonedeadpunk, I write like this https://paste.openstack.org/show/byWmKvM88uf4ixwIUzel/. do I need to redefine ciner_volume on component skel 12:56
gokhan_?12:56
noonedeadpunkSo I usually do have openstack_deploy folder somewhere in Git and I run all changes locally on a laptop to track changes and see if it's doing what I actually want12:57
noonedeadpunkhttps://docs.openstack.org/openstack-ansible/latest/reference/inventory/generate-inventory.html#running-with-tox12:57
noonedeadpunkI think `cinder_volume` should be in belongs_to of component_skel12:59
noonedeadpunkalso don't name `container_skel`  alike to `physical_skel`12:59
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-ops master: Allow ELK7 roles to run with disabled ANSIBLE_INJECT_FACT_VARS  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/93454713:07
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-ops master: Allow to supply custom kibana backend to roles  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/93454814:19
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Document pretty endpoint namings  https://review.opendev.org/c/openstack/openstack-ansible/+/93453614:29
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Add variables to control HSTS records  https://review.opendev.org/c/openstack/openstack-ansible/+/93462014:44
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Document pretty endpoint namings  https://review.opendev.org/c/openstack/openstack-ansible/+/93453614:45
spotz[m]noonedeadpunk: at Kubecon this week I’ll look at your patch when I have some free time!15:01
noonedeadpunkah, sure!15:05
noonedeadpunkno urgency there15:06
spotz[m]Thanks!15:08
noonedeadpunkok, so now I don't see issue with u-c for repo container15:46
noonedeadpunkthough they're still appear for rally now15:46
noonedeadpunkie https://zuul.opendev.org/t/openstack/build/ba4f41978bec422ea2a0b42449ceea0315:47
noonedeadpunkI hope https://review.opendev.org/c/openstack/openstack-ansible-os_rally/+/934144 might get things better...15:47
noonedeadpunkI wonder if a "simple" fix might be to use github instead of gitea....15:47
*** Adri2000_ is now known as Adri200016:17
opendevreviewMerged openstack/openstack-ansible master: Deny access to any paths including /. for console proxies.  https://review.opendev.org/c/openstack/openstack-ansible/+/93464017:32
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2024.1: Deny access to any paths including /. for console proxies.  https://review.opendev.org/c/openstack/openstack-ansible/+/93468619:06
mgariepyhmm, this patch is not complete19:57
mgariepy@noonedeadpunk, @jrosser , wget -O - https://172.29.236.101:6080/%2F.git/HEAD19:57
jrosseroh20:08
jrossermgariepy: patches welcome :)20:08
mgariepydidn had the time to test it this morning.20:08
mgariepyi'm looking into it.20:08
jrosseralternative js something more complex that places a non git copy of the novnc repo20:09
jrossera difficulty is that this is served by websockify and that’s very basic20:10
mgariepyyep maybe git --work-tree=/path/to/outputdir checkout blabla20:13
mgariepylet me do a couple of tests.20:17
jrossercan we pass the path through this? https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#7.3.1-url_dec20:27
mgariepyfeels like we would be chasing issues, we could checkout in a dir and only a worktree in the other directory20:36
jrosserpossibly `"http-request deny if { path,url_dev -m sub /. }"20:39
jrosserpossibly `"http-request deny if { path,url_dec -m sub /. }"`20:39
mgariepyfixes the %2F20:45
jrosseri do think that placing the directory without .git would be pretty hard to make idempotent and robust for upgrades20:48
mgariepyyep probably20:54
mgariepyjrosser, do you want to pathc master or do you want me ?20:57
jrosseri'm away from my work computer right now, so if you can make a patch that would be good20:58
mgariepyok will do thanks 20:59
opendevreviewMarc Gariépy proposed openstack/openstack-ansible master: Fix encoded url bypass  https://review.opendev.org/c/openstack/openstack-ansible/+/93469321:03

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!