| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron stable/2024.2: Enable ovs_use_veth when gateway_ip_qos is used https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/937226 | 07:57 |
|---|---|---|
| noonedeadpunk | we can also discuss if we might want to provide the role as part of security hardening, for instance, and then pull code in... not sure if it's good idea or not, but just thinking aloud | 08:26 |
| noonedeadpunk | (talking about iptables role) | 08:26 |
| noonedeadpunk | and then make some "reasonable" defaults for it | 08:26 |
| noonedeadpunk | but it could be indeed tricky... | 08:26 |
| noonedeadpunk | or do that for ops as well as some docs around | 08:28 |
| gillesMo | Hi there ! Is there "standard" way of deploy a patch with OSA ? I need to path a keystone file, to retrieve multi-domain management capacity in Horizon (https://bugs.launchpad.net/horizon/+bug/2067075) | 09:19 |
| gillesMo | Rhaaa s/way of/way to/ s/to path/to patch/ ... | 09:19 |
| gillesMo | Hi there ! Is there "standard" way to deploy a patch with OSA ? I need to patch a keystone file, to retrieve multi-domain management capacity in Horizon (https://bugs.launchpad.net/horizon/+bug/2067075) | 09:20 |
| noonedeadpunk | gillesMo: yeah, there kind of is | 10:43 |
| noonedeadpunk | well, it depends if patch is merged or not though :) | 10:45 |
| noonedeadpunk | gillesMo: if the patch is not merged, what you effectivelly would need to to is to create an own fork. you can do that on github for instance | 10:48 |
| noonedeadpunk | then, you will need to cherry-pick a patch to the branch - either master or what you're currently running | 10:48 |
| noonedeadpunk | there's a cherry-pick command in gerrit download menu that you'd need to copy/paste | 10:49 |
| noonedeadpunk | if you're not doing cherry-pick to the master branch - you might need to resolve conflicts as well | 10:49 |
| noonedeadpunk | once it's done, you need to copy-paste the commit SHA of your cherry-picked commit to your fork and override 2 variables | 10:50 |
| noonedeadpunk | horizon_git_repo to the url of your fork and horizon_git_install_branch to sha of the commit | 10:50 |
| noonedeadpunk | and then run `openstack-ansible playbooks/os-horizon-install.yml -e venv_rebuild=true` | 10:51 |
| gillesMo | noonedeadpunk: Thanks a lot. I hope there was an alternative to fork in github. (btw it's not in horizon, but keystone). | 10:55 |
| noonedeadpunk | gillesMo: are you talking about https://review.opendev.org/c/openstack/keystone/+/900028 ? | 10:56 |
| noonedeadpunk | as this was merged and backported | 10:56 |
| noonedeadpunk | I'm not sure about what specific thing you're talking about unfortunatelly | 10:57 |
| noonedeadpunk | as I somehow feel this was fixed in horizon... | 10:57 |
| gillesMo | Yes, that's th commit | 11:06 |
| gillesMo | Horizon is using domain scoped requests, and so, with that commit, we only can see our own domain | 11:07 |
| gillesMo | I tried to enable system scope, but its not ready in Horizon, and I could not see all domains. | 11:07 |
| noonedeadpunk | gillesMo: and what version are you running? | 11:14 |
| noonedeadpunk | as if patch has merged - you can just update a variable to reffer to the correct SHA | 12:43 |
| noonedeadpunk | and run the playbook with venv_rebuild | 12:44 |
| gillesMo | Sorry for the delay... I'm using OSA 27.5.1 | 13:15 |
| gillesMo | Ah, misunderstanding here, the backported patch is the one that cause the problem, not solve it. I muste revert it | 13:17 |
| noonedeadpunk | gillesMo: then set keystone_git_install_branch: 084eeec60b259f2852002881cdb171a3f20584d4 | 13:18 |
| noonedeadpunk | this should be the commit right before the one that affects yoiu | 13:18 |
| noonedeadpunk | and rerun os-keystone-install -e venv_rebuild=true | 13:19 |
| gillesMo | Oh, correct ! I'll check if I loose something else, if I stick on that SHA | 13:26 |
| noonedeadpunk | nah, you actually won't | 13:28 |
| noonedeadpunk | as version assumes that you're on c725173cff | 13:28 |
| noonedeadpunk | and then this 1 commit above what breaks you: https://opendev.org/openstack/keystone/commits/branch/unmaintained/2023.1 | 13:29 |
| noonedeadpunk | and related to CI from what I see | 13:29 |
| gillesMo | Perfect ! | 13:30 |
| gillesMo | noonedeadpunk: It works ! But... I'm again with that credential migration error on first container : keystone.exception.CredentialEncryptionError: Credential could not be decrypted... | 13:53 |
| gillesMo | As always I see that, I wiped /etc/keystone/credential-keys in my 3 containers and reran the os-keystone-install playbook | 14:31 |
| -opendevstatus- NOTICE: Gerrit on review.opendev.org is being upgraded to version 3.10 and will be offline. We have allocated an hour for the outage window lasting until 1700 UTC. | 15:01 | |
| -opendevstatus- NOTICE: Gerrit on review.opendev.org is being upgraded to version 3.10 and will be offline starting at 1600 UTC. We have allocated an hour for the outage window lasting until 1700 UTC. | 15:05 | |
| noonedeadpunk | gillesMo: I really wonder what is off with it | 15:07 |
| noonedeadpunk | as I literally never had such issues.... | 15:07 |
| noonedeadpunk | it would be super interesting to find and fix the root cause | 15:08 |
| noonedeadpunk | but I was never able to reproduce it | 15:08 |
| gillesMo | noonedeadpunk: I have a LAB env and production, it happened only on my LAB, not in prod... | 15:24 |
| noonedeadpunk | my only guess is that periodic rotation/sync is failing in env | 15:28 |
| noonedeadpunk | so at time when you run the role, there're already no valid keyrings to start with | 15:28 |
| noonedeadpunk | like if there's no ssh connection between keystone containers for rsync to work | 15:28 |
| -opendevstatus- NOTICE: Gerrit on review.opendev.org is being upgraded to version 3.10 and will be offline momentarily. We have allocated an hour for the outage window lasting until 1700 UTC. | 16:00 | |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Add logs created when clusterapi create fails https://review.opendev.org/c/openstack/openstack-ansible/+/936625 | 21:22 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!