Tuesday, 2025-01-14

« Monday, 2025-01-13 Index Wednesday, 2025-01-15 »
opendevreviewMerged openstack/openstack-ansible stable/2023.1: Set correct language for docs  https://review.opendev.org/c/openstack/openstack-ansible/+/93916108:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915108:21
opendevreviewIvan Anfimov proposed openstack/ansible-config_template master: Incorrect example in ansible-config_template docs  https://review.opendev.org/c/openstack/ansible-config_template/+/93920308:39
opendevreviewIvan Anfimov proposed openstack/ansible-config_template master: Incorrect example in ansible-config_template docs  https://review.opendev.org/c/openstack/ansible-config_template/+/93920408:51
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915108:51
opendevreviewIvan Anfimov proposed openstack/ansible-config_template master: Incorrect example in ansible-config_template docs  https://review.opendev.org/c/openstack/ansible-config_template/+/93920408:53
opendevreviewIvan Anfimov proposed openstack/ansible-config_template master: Incorrect example in ansible-config_template docs  https://review.opendev.org/c/openstack/ansible-config_template/+/93920408:55
opendevreviewIvan Anfimov proposed openstack/ansible-config_template master: Incorrect example in ansible-config_template docs  https://review.opendev.org/c/openstack/ansible-config_template/+/93920408:56
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915109:23
jrossero/ morning09:24
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915109:25
noonedeadpunko/09:28
opendevreviewMerged openstack/ansible-role-httpd master: Initial commit to the role  https://review.opendev.org/c/openstack/ansible-role-httpd/+/93824509:32
opendevreviewMerged openstack/ansible-role-systemd_networkd master: Replace functional tests with molecule  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/93851709:36
jrossershould we recheck this? https://review.opendev.org/c/openstack/project-config/+/93569509:38
opendevreviewMerged openstack/ansible-role-systemd_networkd master: Install role pre-requisite packages  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/93856009:46
noonedeadpunkjrosser: nope, governance patch is still not merged....09:49
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Optimize generation of required roles/collections  https://review.opendev.org/c/openstack/openstack-ansible/+/93922110:43
noonedeadpunkdoh, I didn't cover upgrade case in 93915111:18
opendevreviewMerged openstack/openstack-ansible stable/2023.1: Remove senlin/sahara/murano roles from required project  https://review.opendev.org/c/openstack/openstack-ansible/+/93907311:50
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915112:22
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915112:34
birbilakosHi good folks. I'm trying to deploy octavia using the following guide: https://docs.openstack.org/openstack-ansible-os_octavia/latest/configure-octavia.html13:56
birbilakosHaving a question about what the host_bind_override should be. 13:57
birbilakosI have a dedicated bridge (br-lbaas) in my hosts that should serve this network. This has already vlan config set on the servers13:58
opendevreviewMerged openstack/ansible-config_template master: Incorrect example in ansible-config_template docs  https://review.opendev.org/c/openstack/ansible-config_template/+/93920413:59
birbilakosI can't understand what this should be in my case:    host_bind_override: "bond0"  # Defines neutron physical network mapping14:00
opendevreviewMerged openstack/openstack-ansible-tests stable/2023.1: Remove sahara from zuul required projects  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/93905614:06
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915114:13
kleinibirbilakos, you don't need to override, if you already have the br-lbaas bridges.14:29
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915114:55
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915114:56
noonedeadpunk#startmeeting openstack_ansible_meeting15:00
opendevmeetMeeting started Tue Jan 14 15:00:18 2025 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'openstack_ansible_meeting'15:00
noonedeadpunk#topic rollcall15:00
noonedeadpunko/15:00
damiandabrowskihi!15:04
noonedeadpunk#topic office hours15:05
noonedeadpunkso, it seems all current patches for molecule has been landed15:06
noonedeadpunk#link https://review.opendev.org/q/topic:%22osa/molecule%2215:06
noonedeadpunkmeaning, that only plugins repo left on the old functional tests. And we can deprecate the repo once it's done15:06
noonedeadpunkafaik there were some complications with running lxc inside of docker :D15:07
noonedeadpunkjrosser was working on that, so not sure if there are more updates15:07
jrosseroh i am looking at the just now15:08
jrosser(keep getting distracted so slooow progress)15:08
jrosserbut i basically have lxc containers being created in docker now and am just trying to port how things work in the test repo inventory to molecule, so that lxc_containers_create will work15:09
noonedeadpunkbtw, damiandabrowski, presence of molecule should help out while creating change for the pki role for support of vault "driver"15:09
noonedeadpunkbut I guess you'd need to create a new scenario for that path15:09
noonedeadpunkjrosser: ok, amazing, sounds like really good progress15:10
damiandabrowskiawesome! 15:10
noonedeadpunkand we will be able to finally drop tests repo after so many years15:10
noonedeadpunk(drop -> deprecate)15:10
damiandabrowskijust to let everyone know: I plan to start work on adding hashicorp vault support to ansible-role-pki in like 2 weeks15:10
noonedeadpunknext thing - httpd role15:12
noonedeadpunk#link https://review.opendev.org/q/topic:%22osa/httpd_role%2215:12
noonedeadpunkwhile repo still not officially reconginzed by TC (https://review.opendev.org/c/openstack/governance/+/935694)15:13
noonedeadpunkit has all required votes to land15:14
noonedeadpunkthen I've seen a review on https://review.opendev.org/c/openstack/openstack-ansible/+/93827515:19
noonedeadpunkI'm not 100% sure, but it somehow feels being a chicken-egg rather then anything else15:20
jrosserthat seems so15:23
noonedeadpunkthough I do see same issue with skyline15:24
noonedeadpunkso I'm thinking if it would makse to disable upgrade jobs and try to land requirements15:28
noonedeadpunkas I ws not able to replicate issue running upgrade job locally15:28
jrosserthat sounds sensible15:28
noonedeadpunkok, will try to edit the patch and propose a follow-up with re-enabling upgrade jobs15:30
noonedeadpunkbtw, on weekends I was working on some "healthchecks" and come up with a playbook (well, playbook and an include task for it, so more of a role) for testing network connectivity15:31
noonedeadpunkwhich I aimed to run after setup-hosts15:31
noonedeadpunkso it discovers hosts/networks from inventory and runs pings and iperf between hosts[0] and hosts[1:]15:32
jrosserMTU check would be another good thing to test15:32
noonedeadpunkgood point15:32
noonedeadpunkwill add that.15:32
noonedeadpunkand I was also thinking if it's worth adding to plugins/healtchecks or ops repo?15:33
noonedeadpunkor nobody cares about stuff like that ?:D15:33
jrosserwell we have something similar already15:33
jrosserbut i expect that not all deployments have the same interfaces to test between15:34
noonedeadpunkwell, it's getting data from openstack_inventory15:34
noonedeadpunkSo if there's a `container_networks` defined - it would work nicely15:35
jrosserwe also do 'negative testing' to ensure that the different networks are not accidentally routed together15:35
noonedeadpunkthat would be an interesting one15:36
jrosserbut on the subject of networking15:36
noonedeadpunkand tricky given they could be just firewalled15:36
jrosserremoval of linuxbridge will bring for us some giant migration need15:36
noonedeadpunkI was just leveraging systemd_networkd for network setup so realized that would need some kind of test to ensure that all vlans are actually reachable in expected places15:37
jrosseryes this would be interesting to see15:38
noonedeadpunknegative testing should be also doable though, except when we're talking about networks that are not defined in osa, but present on hosts15:38
noonedeadpunkas then it would know nothing about them15:38
noonedeadpunkok, I can try to push smth (at my free time) and will be totally fine if it's rejected or abandoned15:39
noonedeadpunkand next probably worth starting looking into CentOS 10....15:42
noonedeadpunkoh, btw15:43
noonedeadpunkthere was an interesting ML regarding rabbitmq quorum queues15:43
noonedeadpunk#link https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/XRS3IQFHWX6LHYMUI4XIFPDLYIQGPYHD/15:44
noonedeadpunkand sounds like we need to do some improvements/health checks there 15:44
opendevreviewMerged openstack/openstack-ansible master: Fix inventory adjustment for legacy container naming  https://review.opendev.org/c/openstack/openstack-ansible/+/93911015:53
NeilHanlono/ better late than never? 🙃15:57
noonedeadpunksure thing!15:58
noonedeadpunk#endmeeting15:59
opendevmeetMeeting ended Tue Jan 14 15:59:59 2025 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:59
opendevmeetMinutes:        https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-01-14-15.00.html15:59
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-01-14-15.00.txt15:59
opendevmeetLog:            https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-01-14-15.00.log.html15:59
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-lxc_container_create master: Re-introduce functional tests with molecule  https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/93925716:25
jrossernoonedeadpunk: this is WIP (it doesnt verify anything) but should give you enough to play with docker + the lxc roles16:25
birbilakoskleini: does that look like a valid config for octavia? I basically want to use the br-lbaas bridge which is already in the hosts16:28
birbilakos    - network:         container_bridge: "br-lbaas"         container_type: "veth"         container_interface: "eth14"         network_interface: "br-lbaas"                                                     ip_from_q: "octavia"         type: "flat"         net_name: "octavia"         group_binds:           - neutron_linuxbridge_agent           - octavia-worker           - octavia-housekeeping           - octavia-health-manager16:28
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-lxc_container_create master: Re-introduce functional tests with molecule  https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/93925716:29
birbilakossyntax highlighed got messed up, here's how it should look: https://pastebin.com/rRRPh7sd16:30
noonedeadpunkare you doing linux bridges?16:32
birbilakosyes, relevant netplan config: https://pastebin.com/L1qxCqjJ16:35
noonedeadpunki mean - as neutron driver16:35
noonedeadpunkml2.lxb16:35
birbilakosah, no, I'm using ovs16:35
noonedeadpunkthen it should be neutron_openvswitch_agent - not neutron_linuxbridge_agent fwiw16:36
birbilakosgot it16:36
birbilakosis the 'network_interface' setting correct?16:37
birbilakosI'm not quite sure if I need to use host_bind_override or network_interface to be honest :S16:44
birbilakosI reckon based on this: 'The host_bind_override override is used for LinuxBridge-based deployments, and requires a physical interface name which will then be used by the LinuxBridge agent for flat and vlan-based provider and tenant network traffic.'16:49
birbilakosI nned to use network_interface instead. But I'm unsure of the value16:49
noonedeadpunkso host_bind_override is kinda useful when you do need to define an interface for some host that doesn't use containers16:50
noonedeadpunkor well16:50
noonedeadpunkI think I;ve used that some time back for passing SR-IOV network cards into LXC containers without bridges16:50
jrosseri would also say that if you already have some vlan based provider networks, then don't add another flat network to neutron for lbaas16:50
noonedeadpunkyeah, vlan should be doing jsut fine16:51
jrosserjust create the provider network as a vlan in neutron by picking an existing free vlan16:52
jrosserand also connect that up to br-lbaas on your controllers for the control plane services to connect to16:53
jrosserwhat did i miss here ? https://zuul.opendev.org/t/openstack/build/d8884a8323e74284a07586cbc646c23c16:56
noonedeadpunkgood question16:57
noonedeadpunkI'd expect this being pulled by molecule 16:57
jrosserme too and it seems ok locally16:58
birbilakosI'm not sure I understand :( What I have is a linux bridge in m hosts, namely br-lbaas. I want to use this bridge for octavia and not mess with vlans. Is that doable?16:58
jrosserbirbilakos:  is you external network a flat network?17:00
noonedeadpunkbirbilakos: you need to ensure connectivity between octavia-api which runs in containers with VMs in openstack, which will be running AMphora17:00
noonedeadpunkthat's why br-lbaas is existing17:00
birbilakosyes, ext is flat17:00
jrosserhmm ok17:00
birbilakoslet me share the full config17:00
noonedeadpunkso you need to put in it a network which can be present in vms17:01
jrosserimho, it is never a good idea to use flat for provider networks17:01
noonedeadpunk(and I'm not sure you can do that with flat, unless flat is a "static" vlan)17:01
jrosser^ yes you can do it with flat17:01
birbilakoshttps://pastebin.com/rvjAdBUE17:01
noonedeadpunkwell, I kinda used flat nicely, jsut my flats were mappings to vlans17:01
jrosserbut it requires a reconfiguratoin of literally everything each time you want to add/remove one?17:02
birbilakoseverything besides the lbaas stuff works just fine for my env now. I cannot have vlans through the ext unfortunately17:03
birbilakosbtw, br-ext is how my env reaches the outside world17:04
noonedeadpunkI wonder how this is happening as well... Shouldn't ansible_user_dir be always defined? https://zuul.opendev.org/t/openstack/build/1f550326229941f2b43b3f2a045302eb17:04
noonedeadpunkwell. kind of - you need to add a new mapping indeed17:04
noonedeadpunkbut given that external net3s are added not frequently and some might want to have a control over it - it could be used17:05
birbilakosexternal net never changes - its a flat /22 network we get17:06
noonedeadpunkI can totally recall actually issue like that, but it was the case when molecule-plugin wasn't installed or smth like that (returning to your issue)17:06
jrosserthat should be coming from tox i think17:06
noonedeadpunkI'd expect this to be added to the list of collections: https://github.com/ansible-community/molecule-plugins/blob/95141070006d996a5d43ce1f9301873342c9bfc1/src/molecule_plugins/docker/driver.py#L27917:09
noonedeadpunkand be appended during run or smth: https://github.com/ansible/molecule/blob/23200bc984a8f9eb4bc5c20f7292632b75ca52c5/src/molecule/shell.py#L88-L9117:10
opendevreviewJonathan Rosser proposed openstack/ansible-role-systemd_service master: DNM - test molecule jobs  https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/93926317:12
jrosser^ sanity check17:12
noonedeadpunkjrosser: --destroy=never ?17:14
noonedeadpunkhttps://zuul.opendev.org/t/openstack/build/d8884a8323e74284a07586cbc646c23c/log/job-output.txt#100017:14
jrosseroh whoops17:14
noonedeadpunkbut I don't see it in tox itself17:14
noonedeadpunkr well. I do :D17:15
jrosserthat should not matter in a clean vm tbh17:15
noonedeadpunkit could be it's skipping requirements part then... but dunno17:15
jrosserleft over from speeding up the hack cycles :)17:15
noonedeadpunkor well, driver requirement parts17:15
birbilakosBased on the following from the docs: "Octavia needs connectivity between the control plane and the load balancing VMs. For this purpose a provider network should be created which gives L2 connectivity between the octavia services on the controllers (either containerised or deployed on metal) and the octavia amphora VMs." i understand that this is what the br-lbaas network will be responsible for. Is that accurate?17:16
noonedeadpunkas it kinda `Running default > dependency\n WARNING  Skipping, missing the requirements file.`17:16
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-lxc_container_create master: Re-introduce functional tests with molecule  https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/93925717:18
jrosserbirbilakos: br-lbaas is an artefact really of how the CI tests are structured, and also conflates what has to happen on the control plane and on the computes which is not necessarily always the same17:18
jrosserfor the control plane, you need an interface which somehow brings the lbaas-mgmt network to the controllers, and if it's an LXC based control plane then you need that to be a bridge so that the containers can be hooked up to it17:20
jrosseron the computes, it needs to match up with how you describe it in neutron as a provider network17:20
jrosserand it's up to you if you make that flat or vlan17:21
jrosserand there is perhaps no need for it actually to be a bridge on the computes, becasue ultimately you give an interface to neutron17:22
birbilakosso how is the control plane (i.e. octavia containers) are supposed to be able to reach the load balancing VMs? I though the above network_provider definition of br-lbaas would server that purpose17:23
jrosseryou provision a network (however you want to) on your network infrastructure to do that17:23
birbilakosi did provision this network already, no? All servers can communicate through it -> br-lbaas linux bridge17:24
birbilakos172.29.232.0/2217:26
noonedeadpunkand VMs spawned in openstack need to able to connect to it as well17:26
jrosseryou already made that a vlan 40 on bond1?17:27
noonedeadpunkas octavia spwans it's balancers as regular openstack vms17:27
jrosseri dont think you need to assign any IP to br-lbaas anywhere - in fact thats probably a security disaster17:28
birbilakosso, this needs to be defined similarly to my br-public interfaces. Yes, br-lbaas is on vlan 40 on bond 117:32
jrosseris there a reason you cannot combine these networks all onto a trunk port?17:34
jrosserlbaas, public and public2?17:34
jrossernoonedeadpunk: molecule jobs look all broken on systemd_service role too https://zuul.opendev.org/t/openstack/build/4168176ce1a646a79235bbe3e1bf17ed17:36
jrosseri just picked systemd_service completely randomly to check there was not some underlying issue17:37
noonedeadpunkdoh17:40
noonedeadpunkit was fast17:40
noonedeadpunkwtf has changed to make things break17:41
noonedeadpunklike this ran today morning: https://zuul.opendev.org/t/openstack/build/782419d5ce5649c9a49a972b9677536f17:42
noonedeadpunkbtw the task is just skipped here: https://zuul.opendev.org/t/openstack/build/782419d5ce5649c9a49a972b9677536f/log/job-output.txt#1082-108417:43
noonedeadpunkbut then again - dependency must exist and be installed somehow17:43
noonedeadpunkI can only guess some issues with galaxy that are just hidden by molecule17:49
noonedeadpunklike https://galaxy.ansible.com/ui/search/?keywords=community.docker17:49
noonedeadpunkalso interestingly - https://galaxy.ansible.com/community/docker gives 404 at first and then redirects17:51
noonedeadpunknot sure though if it can be an issue or just me assuming search working like that17:51
jrosserok i can reproduce this locally now17:55
jrossercommunity.docker is cached in my ~/.ansible17:55
noonedeadpunklocally now I got even `ERROR    ERROR! Unexpected Exception, this is probably a bug: Non integer values in LooseVersion ('master')`17:55
noonedeadpunkfor `ansible-galaxy collection install --pre -r /home/dr5005/Documents/ansible/ansible-role-systemd_service/requirements.yml`17:56
jrosseryeah you can'y put "master" as a collection version17:56
noonedeadpunkyou can but with force iirc17:56
noonedeadpunkhttps://opendev.org/openstack/ansible-role-systemd_service/src/branch/master/requirements.yml#L617:57
noonedeadpunkand that worked couple of days ago17:57
noonedeadpunkand we should have a very specific version of ansible-core 17:57
noonedeadpunkansible-galaxy collection install --force  -r /home/dr5005/Documents/ansible/ansible-role-systemd_service/requirements.yml does work17:58
noonedeadpunkhttps://opendev.org/openstack/ansible-role-systemd_service/src/branch/master/molecule/default/molecule.yml#L617:58
noonedeadpunkso wtf...17:58
jrosserwe are also very specific about the versions of molecule18:00
jrosserso that should not have changed18:00
noonedeadpunkthere was none released18:00
jrosserjamesdenton__: are you doing anything with ironic + neutron segmented networks?18:07
noonedeadpunkI really don't get what has changed in molecule so it's now ignoring quite a list of things18:16
jrosseri just confirmed that the version of molecue and molecule-plugins in the tox venv are the ones we specify in test-requirements.yml18:18
birbilakosjrosser: would the following config work? a) get rid of the br-lbaas bridge, b) hook up another veth pair to br-ext (similar veth pairs I use for nets br-public and br-public2 already)18:18
noonedeadpunkit could be some requirement, but I'm not getting which one18:19
jrosserbirbilakos: well i think i'm still trying to understand why you have done br-public and br-public2 like that18:19
birbilakosc) use the new veth pair to  host_bind_override18:19
birbilakosactually in reality only br-public is used18:20
jrosserveth pairs should not be necessary, nor bridges18:20
birbilakosbr-public2 is not used for external network access18:20
jrosserok sure18:20
birbilakosthe reason I opted for the veth pairs was because I could not use the br-ext interface itself18:21
jrosserbut i am still trying to understand why it is more favourable to have multiple falt networks rather than a trunk18:21
birbilakoswhich is practically the management interface of said hosts18:21
jrosserooohhh right18:21
jrosserewwwwww18:21
birbilakosvia these pairs I can define the ext networks in openstack and assign floating ips18:21
birbilakoswhich are in the 10.x range18:22
jrosserif it was me, i would be treating all of public, public2, whatever else, and lbaas as a trunk port18:23
birbilakosbut how would you assign an ip to the servers then?18:24
birbilakosin order to have them be reachable (e.g. management plane)18:24
jrosserby having some netplan or whatever that de-encapsulates one vlan from the trunk, and connects it to an interface with an ip18:24
noonedeadpunkjrosser: hmmmmm https://pypi.org/project/ansible-compat/18:26
noonedeadpunk3 hours ago18:26
noonedeadpunk`Refactor search_galaxy_paths to use pathlib` among changes18:27
birbilakosi'm not sure I understand :( at the moment there's just single physical interface which has vlan segregation to host all openstack networks, including ext net18:27
jrosserok18:28
jrosserso why do you want to use flat networks rather than let neutron deal with the encap/decap?18:29
birbilakoswell, I'm not that experienced with openstack i guess :)18:29
birbilakosI'm not looking for a redesign here tbh so I'm thinking how I can expand the curent config to support the new use case of lbaas18:30
jrosserof course it's your choice18:30
birbilakoswhat I'm still unclear about is whether the communication / network of the controller nodes to the VMs needs to happen over the br-ext net (10.x) or can do this over some internal net (e.g. 172.29.232.0/22)18:31
jrosserbut i wanted to show how that adding the lbaas network as a new flat network will require a reconfiguration of every compute/network node and new physnet mappings adding to all the neutron config files, so that is pretty invasive18:32
jrosserhowever, if you instead had your provider networks as a trunk into OVS you could do that with a single CLI operation to neutron, to define a new provider network for lbass and tell it which vlan-id to use18:33
jrosserif you think there might be a need to ever add more provider networks, or change the ones you have, it would be operationally much much eaiser if they are not flat networks18:34
jrosserso about communication between controllers and VMs18:35
jrosserthat is done over a new "provider network", which is basically the same as you external network, except it is carrying an internal network18:35
birbilakosok, if you can help me how to implement this in my env, I can try it. From a networking point of view, all servers have 1 NIC, vlan segregation for 172.x networks is done on the switch level18:36
jrosserthere is quite a nice blog post here https://satishdotpatel.github.io/openstack-ansible-octavia/18:37
jrosserin your case you will need to switch out br-vlan for whatever your single interface is18:38
jrosseranyway18:38
jrosserreally nothing stops you doing it also as an additional flat network18:38
jrosserit is just more things to get right in openstack_user_config and more complexity, in my opinion18:39
jrosserthere should be enough info there for you to make it work either way18:39
birbilakosthank you jrosser, I will study this link18:40
jrosseryou might also need some adjustment for ovs perhaps, as that example is linuxbridge based for the openstack_user_config part18:42
birbilakoscorrect, basically: 10.102.194.10218:55
birbilakosI mean to say:         group_binds:           - neutron_openvswitch_agent18:55
birbilakosthe problem i see with the solution in the link is that it requires a br-vlan which I dont have18:59
jrosserjrosser> in your case you will need to switch out br-vlan for whatever your single interface is19:00
jrossersorry if this is too complicted19:01
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Pin ansible-compat up to 25.0.0  https://review.opendev.org/c/openstack/openstack-ansible/+/93927419:06
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_container_create master: Re-introduce functional tests with molecule  https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/93925719:09
noonedeadpunkhuh, https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html made me smile19:16
noonedeadpunk`"ansible_user_dir": "/home/zuul"`19:16
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915119:19
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_container_create master: Re-introduce functional tests with molecule  https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/93925719:21
noonedeadpunkso the only difference between the job that succeeded in the morning and which failing now - ansible-compat-24.10.0 vs 25.0.019:31
noonedeadpunkbut feels like something more has changed....19:32
noonedeadpunkah, damn19:32
noonedeadpunkdepends-on doesn't work....19:33
noonedeadpunkjrosser: you said you could reproduce issue locally?19:33
jrosseryeah i can19:33
noonedeadpunkcan you check if this helps? https://review.opendev.org/c/openstack/openstack-ansible/+/939274/1/test-requirements.txt19:33
noonedeadpunkas I somehow don't see it still...19:34
jrosseri'm just trying to use that as a local test-requirements.yml19:36
jrossermaybe i still have some underlying error19:36
jrosserok this at least gets past the community.docker error and is now running the prepare/converge19:37
noonedeadpunk++19:37
jrosseri do not yet have a good idea how to make that work with depends-on19:37
jrosserunless we can write some externally called shell script to retrieve that file either via http or from a file, depending on some env var19:38
noonedeadpunkwell. that what was the most pita with functional jobs - is that dependencies didn't really work19:42
noonedeadpunkbut hopefully test-requirements won;t be chaning too frequently, so it might be not _that_ annoying19:43
jrosserwell19:47
jrosserright now in the molecule env definition in tox.ini, we have a var for TOX_CONSTRAINTS_FILE19:48
jrosserwe could have a similar one for TEST_REQUIREMENTS_FILE, and just define that in our zuul jobs19:48
jrosserand let it default to the usual url othewise19:48
noonedeadpunkso I think the issue would be, that repo is on "localhost" while tox is running on node19:51
noonedeadpunkso we'd need also to copy the file19:51
noonedeadpunkbut then there's also a question about requirements.yml, as we define there our own collections and roles from time to time19:52
jrosserbut thats in the repo under test, so that should work out ok19:52
jrosserunless there is a further case of depends-on19:53
noonedeadpunkI was thinking abotu this usecase as next one that can be problematic: https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/939257/5/requirements.yml19:53
noonedeadpunkbut yeah, I agree that test-requirements.txt should be solvable...19:54
jrosserthe repos are on the test node though?19:54
noonedeadpunkoh.19:54
noonedeadpunkprobably you're right19:54
noonedeadpunkso you think we can also generate a proper requirements file instead of using one that's in-repo?19:55
jrosseryou are right though that there is no embedded ansible in this case19:55
jrosserwe almost have that code anyway in get-role/collection requirements19:56
noonedeadpunkwell19:56
noonedeadpunkI was just moving it out lol19:56
noonedeadpunkin https://review.opendev.org/c/openstack/openstack-ansible/+/93915119:57
jrosserright but perhaps thats actually good19:57
noonedeadpunkas now there's a separate playbook doing that...19:57
jrosseras our base molecule job is defined in the openstack-ansible repo we could have a pre playbook that reformats any requirements.yml file19:57
noonedeadpunkyeah19:58
jrosserand then that would automatically apply to all molecule jobs19:58
noonedeadpunktrue19:58
jrosserand same trick with an env var to switch to it in tox.ini19:58
jrosserthat really gives some direction into how to move/refactor that code to make it most useful19:59
noonedeadpunksounds doable...19:59
noonedeadpunkso, now I'm calling (at least trying to call) this one https://review.opendev.org/c/openstack/openstack-ansible/+/939151/19/zuul.d/playbooks/pre-osa-requirements.yml from run-upgrade.sh20:00
noonedeadpunkwe can make just src and dest configurable for collections20:01
noonedeadpunkanother thing I was looking at, is that ansible-collection-requirements do no allow to deal with `roles` stanza, which we might need to fix as well20:02
jrossersure - that sounds good20:08
jrosserand configurable src/dest are probably most of what we need so long as the files are all proper galaxy requirements format20:08
jamesdenton__jrosser I am not yet doing anything with ironic+segments, but I do recall testing it with some success20:41
jrosserinteresting - we have found networking-generic-switch to be missing some understanding of segments20:42
jamesdenton__that is true. i am not using NGS in this case20:43
jamesdenton__curious if networking-baremetal would be better?20:43
jrosserwell - that us all very confusing20:43
jamesdenton__:D20:43
jamesdenton__TBH i have not tested networking-baremetal, yet.20:44
jrosserbecause you need ironic-neutron-agent (which is part of netowrking-baremetal) to fill out the relevant database bits about segments20:44
jrosserand extremely confusingly networking-baremetal has grown the ability to twiddle netconf things, and also understands segments quite well20:44
jrosserbut for !netconf you need n-g-s, and thats not so good for segments20:45
jrosserwe made a start here https://review.opendev.org/c/openstack/networking-generic-switch/+/93921120:45
jrosserbut it seems there are also changes needed in neutron and nova20:45
jamesdenton__i found NGS in practice to be a bit slow for me20:47
jamesdenton__thanks for the patch, i will try and look at it in Q320:48
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Molecule to respect depends-on for test-requirements update  https://review.opendev.org/c/openstack/openstack-ansible/+/93929022:49
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_container_create master: Re-introduce functional tests with molecule  https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/93925722:52
noonedeadpunkso you're saying that it was that easy and should jsut work?22:52
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-systemd_service master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/93929222:56
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-systemd_service master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/93929222:57
noonedeadpunkit seems it indeed "just works"23:00
noonedeadpunkpython -I -m pip install -r /home/zuul/src/opendev.org/openstack/openstack-ansible/test-requirements.txt -c /home/zuul/src/opendev.org/openstack/requirements/upper-constraints.txt23:01
noonedeadpunkok, that was way easier then I thought when we were discussing it23:01
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915123:20
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Optimize generation of required roles/collections  https://review.opendev.org/c/openstack/openstack-ansible/+/93922123:21
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-apt_package_pinning master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/openstack-ansible-apt_package_pinning/+/93929923:25
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-frrouting master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/ansible-role-frrouting/+/93930023:27
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-pki master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/ansible-role-pki/+/93930123:28
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-config_template master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/ansible-config_template/+/93930223:29
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-systemd_mount master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/ansible-role-systemd_mount/+/93930323:29
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-systemd_networkd master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/93930423:30
« Monday, 2025-01-13 Index Wednesday, 2025-01-15 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!