Tuesday, 2025-01-21

« Monday, 2025-01-20 Index Wednesday, 2025-01-22 »
opendevreviewMerged openstack/openstack-ansible stable/2024.1: Bump SHAs for 2024.1  https://review.opendev.org/c/openstack/openstack-ansible/+/93891900:19
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_octavia master: Switch from focal to jammy based amphora image for CI testing  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/93969709:01
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Make sysctl configuration path configurable Defaults to /etc/sysctl.conf to retain current behavior  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/93960109:04
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Remove extra whitespace delimiter to satisfy ansible-lint  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/93960609:05
jrossermanila role os pretty unhappy09:13
jrossertheres something wrong with setting up the ceph apt repo09:13
noonedeadpunkyeah09:50
noonedeadpunkwith ganesha09:50
noonedeadpunkand it's been a while frankly speaking09:50
noonedeadpunkjust never had time to take a look09:50
noonedeadpunkjrosser: it seems we really need to review what we're doing with a PKI role. As there was a ML yesterday, and I've realized that likely certs we're issuing are 1y valid today10:30
noonedeadpunkwe've discuessed that on PTG I guess, though I didn't know we're actually on timer now with the topuc10:31
noonedeadpunkhttps://docs.ansible.com/ansible/latest/collections/community/crypto/x509_certificate_module.html#parameter-entrust_not_after10:32
noonedeadpunkand also seems like module now supports acme as well?10:32
noonedeadpunkbut in general we simply don't provide any value there: https://opendev.org/openstack/ansible-role-pki/src/branch/master/tasks/standalone/create_cert.yml#L54-L6910:33
jrossernoonedeadpunk: here https://github.com/openstack/openstack-ansible/blob/master/inventory/group_vars/all/ssl.yml#L4810:37
jrosserthe default should be 3560 days for the CA and intermediate10:39
jrosserbut are you concerned about server certs or the CA?10:40
jrosserand it's not entrust, its ownca https://docs.ansible.com/ansible/latest/collections/community/crypto/x509_certificate_module.html#parameter-ownca_not_after10:42
jrosserhaving said all this is would be great to have a "rotate server certs" playbook10:44
noonedeadpunkI guess I'm more worried about certs10:47
noonedeadpunkas then pretty much one should rotate them once a year, ie for computes and octavia?10:47
jrosserso as far as i can see the default is 3560 days from that module10:47
noonedeadpunkfor CA, not certs?10:47
jrosserwhere is this shorter default?10:48
noonedeadpunkah, wrong parameter....10:49
noonedeadpunkso it's applied based on the "provider" basically10:49
noonedeadpunkoh10:49
noonedeadpunk*ok10:49
jrosserbut regardless i think some work on rotating these would be really helpful10:50
noonedeadpunkYeah, I'd try to scope that for 2025.110:50
noonedeadpunkok, thanks for pointing to the correct one10:50
noonedeadpunkas I got terrified a bit10:50
jrosserthere are two very distinct things, reissuing the server certs with new private key from scratch, from the existing CA10:51
jrosserthat should be strightforward and perhaps just needs some tags adding10:51
jrosserand then there is updating the expiry time on the existing CA/Intermediate, without changing the private key10:52
noonedeadpunkpretty much what would `-e pki_regen_cert=true` do?10:52
jrosserthis is relatively easy, but not particulary rigorous10:52
jrosserthen there is issuing a new intermediate, or new CA cert entirely and re-issuing all the server certs signed by that new one10:53
jrosser^ without breaking everything horribly :)10:53
noonedeadpunkthat is the tricky one, yes10:53
jrosserone thing that i worry about is so many places specify a "ca_file", and that is really unhelpful for rotation10:54
jrosserbecause ideally there is a period where the new and old CA are both trusted10:55
noonedeadpunkyeah, true10:57
jrossersomething to test is if that ca_file can be a cert bundle with more than one CA inside10:58
jrosserand also we have tricky things like rotating certs on the novnc proxy and libvirt10:59
noonedeadpunkthere was some kind of mitigation you've shown me earlier10:59
jrosserbut i remember that mnaser was looking at that before10:59
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_horizon stable/2024.2: Add retries to u_c fetch  https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/93970912:01
opendevreviewAndrew Bonney proposed openstack/openstack-ansible master: Add additional commented RabbitMQ policy to manage segment sizes  https://review.opendev.org/c/openstack/openstack-ansible/+/93971313:28
opendevreviewMerged openstack/ansible-role-systemd_networkd master: Only restart non-networkd services when the role is configured to install them  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/93964013:45
noonedeadpunkI was also thinking if we should adjust default for stream queues...14:30
noonedeadpunkI can recall also lookiing into that14:31
jrosseri think that this is critical to merge now https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/93827014:33
jrosserbecasue we have merged this https://review.opendev.org/c/openstack/openstack-ansible/+/938275 upgrades are broken elsewhere for now14:33
noonedeadpunkdamiandabrowski: NeilHanlon can you please review these once have some time? ^14:40
opendevreviewMerged openstack/openstack-ansible master: Molecule to respect depends-on for test-requirements update  https://review.opendev.org/c/openstack/openstack-ansible/+/93929014:41
damiandabrowskisure thing! will do that in a moment14:41
opendevreviewMerged openstack/openstack-ansible master: Add noble to molecule testing  https://review.opendev.org/c/openstack/openstack-ansible/+/93930614:46
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-repo_server master: Use FQCN for modules  https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/93827214:48
noonedeadpunk#startmeeting openstack_ansible_meeting15:01
opendevmeetMeeting started Tue Jan 21 15:01:43 2025 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:01
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:01
opendevmeetThe meeting name has been set to 'openstack_ansible_meeting'15:01
noonedeadpunk#topic rollcall15:01
noonedeadpunko/15:01
NeilHanlono/ 15:02
NeilHanlonnoonedeadpunk: sure thing re: those reviews15:02
NeilHanlonNVM damiandabrowski did them :D 15:02
noonedeadpunksorry just pinged couple of ppl to be sure :)15:03
NeilHanlonhehe no worries15:04
noonedeadpunk#topic office hours15:05
damiandabrowskihi!15:06
noonedeadpunkok, so first of all, TC has merged the patch that confirms HTTP repo as recognized one by OpenStack: https://review.opendev.org/c/openstack/governance/+/93569415:06
jrossero/ hello15:07
noonedeadpunkretirement of qdrouterd is still pending though:15:07
noonedeadpunk#link https://review.opendev.org/c/openstack/governance/+/93819315:07
noonedeadpunkfrom our side everything merged except manila15:07
noonedeadpunkwhich is broken on ganesha setup15:08
noonedeadpunkso potentially some love is needed there15:08
jrosserwe are going to get CI breakage when qdrouterd is retired15:10
jrossershould we already start removing it from the stable branches?15:11
noonedeadpunkdoh, yes, we should....15:13
noonedeadpunkvery-very good point15:13
jrosserthis is just from requried-projects isnt it, nothing more than that15:15
noonedeadpunkyes15:15
noonedeadpunkthough let's not backport to 2023.1this removal https://opendev.org/openstack/openstack-ansible-tests/src/branch/master/zuul.d/jobs.yaml#L6915:16
noonedeadpunkas otherwise I'd had to update https://review.opendev.org/c/openstack/releases/+/938952 again, and it's long overdue15:16
* noonedeadpunk thinks unmaintained policy is huge overcomplication15:17
jrosseri am hoping that 2023.1 might be the first branch moved to unmaintaind that is not broken so badly we can't fix it15:18
noonedeadpunkbut also - once roles are switched to unmaintained - I'll propose shas update for integrated repo15:18
noonedeadpunkI think Zed was okeyish?15:18
jrosserish15:18
noonedeadpunkyeah15:19
jrosserthis sort of ish https://review.opendev.org/c/openstack/openstack-ansible/+/932921?tab=change-view-tab-header-zuul-results-summary15:19
noonedeadpunkhopefully it's a marker of effort put into roles stability15:19
noonedeadpunkhm15:20
noonedeadpunkI wonder what went wrong there15:20
noonedeadpunkas we don't do much in post_jobs15:21
jrosserit is very sad that our branches that transition to unmaintained are basically wrecked15:21
noonedeadpunkI guess it's matter of capacity to maintain them15:21
opendevreviewJonathan Rosser proposed openstack/openstack-ansible stable/2024.2: Remove ansible-role-qdrouterd from zuul required-projects  https://review.opendev.org/c/openstack/openstack-ansible/+/93972315:22
jrosserwell as i've said a few times we basically kept things working for some pretty long time15:22
jrosserbut i put really a massive effort into trying to fix the transitioned unmaintained branches, at the expense of working on new stuff15:23
jrosserand i pretty much failed on them all15:23
noonedeadpunkyes, true15:23
noonedeadpunkI frankly not sure what to suggest here. We can go EOL for these branches in 6 month after EOM15:24
noonedeadpunkbut it could also be un-ideal15:24
noonedeadpunkso basically drop all to Zed right away15:25
jrosserand the timing is so bad too15:25
jrosseras we have a huge fight with the just-made-unmainted branch right in the middle of the current cycle15:25
jrosserand distract from getting the new release sorted out in time15:25
jrosseranyway, <rant>15:26
noonedeadpunkso, we have a choice kinda. Previously we were very distracted as unmaintained timing was right during our preparation for the release15:26
jrosserwell like i say i am hopeful that 2023.1 will be much better15:26
noonedeadpunk I got understanding that we are having trailing release, so we can go to unmaintained in 1 month after our release or so15:26
jrosserthere is handling for automatically handling both stable and unmaintained branch names in the scripts now15:27
noonedeadpunkso basically that's the activity at the very beginning of "our" cycle15:27
jrosseryeah this is true15:28
jrosserperhaps we just need to be more strict about getting that transition done stright after our release15:28
noonedeadpunkand usually that's the least loaded time15:28
noonedeadpunkyeah, and that's pretty much on me 15:30
noonedeadpunk(and I'm failing with that from time to time)15:30
noonedeadpunkbut indeed - will try to be just more organized15:32
jrosserso molecule and tests repo?15:33
jrosserwe had some good progress and some bugs there this week15:33
noonedeadpunkyes. I think the only uncovered part is plugins, where tests repo runs15:33
noonedeadpunkat least according to this: https://codesearch.openstack.org/?q=openstack-ansible-role-jobs&i=nope&literal=nope&files=&excludeFiles=&repos=15:34
noonedeadpunkso given your work with LXC containers role - it should be doable now15:35
jrosseryes - i have got a bit distracted from that this week15:36
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible unmaintained/zed: [CI] Remove periodic jobs from unmaintained branch  https://review.opendev.org/c/openstack/openstack-ansible/+/93292115:36
jrosserbut i think that now everything should be in place to pretty quickly convert the old tests to molecule15:36
noonedeadpunkI frankly just didn't have time as summoned to finalize an ovn-bgp-agent setup15:36
* noonedeadpunk not very good in networking15:37
NeilHanlonheh15:37
jrosseri need to get back on with the lxc_container_create one15:37
* jrosser also been distracted from that15:38
noonedeadpunkbut it seems we're 99% done with functional tests at this point (given the whole scope over years)15:38
jrosserthere is also adding coverage for the other things in the plugins repo15:39
noonedeadpunkand not only there15:39
jrosserwhich could mean we don't necessarily need to run the full suite of integrated repo tests if we make a good job of that15:39
noonedeadpunklike rabbitmq and galera are also good candidates I guess15:39
noonedeadpunkbtw last week I also had a look into topic we've discussed long time ago - simplifying bootastrap process15:46
noonedeadpunkor better say - moving complexity around :D 15:46
noonedeadpunk#link https://review.opendev.org/c/openstack/openstack-ansible/+/939151/15:46
jrosserah yes i did see that15:46
noonedeadpunkI can't recall why I did set a WIP there though15:46
jrosseris this OK for upgrades?15:47
noonedeadpunkPart I liked more is the next patch, which replaces set_fact in loop with som jinja15:47
noonedeadpunka downside is being way less verbose15:48
noonedeadpunkbut user-facing stuff is way cleaner and readable, imo15:49
noonedeadpunkyeah, it does work for upgrades now15:49
noonedeadpunkthat was a nasty part to do for upgrades: https://review.opendev.org/c/openstack/openstack-ansible/+/939151/21/scripts/gate-check-commit.sh15:49
noonedeadpunkI'm really not sure I like it. But I can't come up with better thing to trigger role pull from zuul15:50
noonedeadpunkonce pre-task have finished and we're in gate-check-commit15:50
jrosserso we don't actually test the user facing script?15:50
noonedeadpunkwe do with shastest only15:51
noonedeadpunkhttps://zuul.opendev.org/t/openstack/build/9a806d6a192a424d816fe01288c1585015:51
noonedeadpunkbut it's same today15:51
noonedeadpunkor well, we test a very specific unrealistic version of it15:51
jrosseroh well actually we do use it15:53
jrosserwith a user-role / collection requirements setup by the pre- job15:53
noonedeadpunkah15:54
noonedeadpunkyes, we prepare user-requirements, true15:54
opendevreviewMerged openstack/openstack-ansible-apt_package_pinning master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/openstack-ansible-apt_package_pinning/+/93929915:54
jrosseri think thats what i'd missed15:54
jrosserit's not that we duplicate the functionality into the zuul pre job15:54
noonedeadpunkbut it's still like... not what every user will do15:54
noonedeadpunkno-no15:54
jrosserit's more preparing the input for the user overrides15:54
noonedeadpunkIve jsut moved zuul-specific things there15:55
jrosseryes that makes sense15:55
opendevreviewMerged openstack/ansible-role-systemd_service master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/93929215:55
* noonedeadpunk also having someobvious memory issues15:55
opendevreviewMerged openstack/ansible-config_template master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/ansible-config_template/+/93930215:55
jrosserand it previously it could swap in the zuul repos sort of in-line15:55
noonedeadpunkI kind of can recall adding some molecule jobs to the integrated repo....15:56
noonedeadpunkI never pushed that?15:56
jrosserit would be nice if that playbook kept a copy of the requirements files for the two branches in an upgrade15:57
noonedeadpunkregarding test of user-role-requirements.....15:57
noonedeadpunkso I'm not sure if it can use zuul stuff for N-115:57
noonedeadpunkor better say - I don't know how to do that15:57
opendevreviewMerged openstack/ansible-role-systemd_networkd master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/93930415:58
noonedeadpunkok, I can't find the patch for testing user-role-requirements locally either16:00
noonedeadpunkMaybe I dreamt of it...16:00
noonedeadpunkanyway16:00
noonedeadpunk#endmeeting16:00
opendevmeetMeeting ended Tue Jan 21 16:00:54 2025 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:00
opendevmeetMinutes:        https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-01-21-15.01.html16:00
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-01-21-15.01.txt16:00
opendevmeetLog:            https://meetings.opendev.org/meetings/openstack_ansible_meeting/2025/openstack_ansible_meeting.2025-01-21-15.01.log.html16:00
noonedeadpunkah, it was this one https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/93898016:02
noonedeadpunkor not...16:02
noonedeadpunkprobably it was just a dream after all16:04
noonedeadpunkjrosser: I think that pre-osa-requirements.yml never runs twice16:07
noonedeadpunkso on upgrade it's just skipped16:08
noonedeadpunkas `when: -  "'upgrade' not in action"`16:08
noonedeadpunkso on N-1 just regular a-r-r are used16:08
noonedeadpunkand then then's why this exist: https://review.opendev.org/c/openstack/openstack-ansible/+/939151/21/scripts/gate-check-commit.sh16:08
noonedeadpunk*that's16:09
noonedeadpunkit's already after N-1 is done, and checkout to N is performed16:09
spotz[m]You're making me work this morning noonedeadpunk :)16:34
noonedeadpunksorry for that :D16:38
noonedeadpunkI had busy weekends as you might see 16:38
noonedeadpunkjrosser: maybe you know... how in the world we make galera role to work in CI?16:44
jrosserhow do you mean? :)16:44
noonedeadpunkin terms - I was pinged internally, that on ubuntu there's no `admin` user created16:44
jrossermolecule?16:44
noonedeadpunkmolecule is smth I'm gonna try16:44
noonedeadpunkfor now - spawned 3 ubuntu 24.04 vms16:45
noonedeadpunkand ansible 2.18.1....16:45
jrosserso this is the role being used standalone?16:45
noonedeadpunkyeah16:45
noonedeadpunkso the user should be created with this16:45
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible-galera_server/src/branch/master/tasks/galera_install_apt.yml#L76-L8316:45
noonedeadpunkoh, I see16:46
jrosserthat code is 9 years old16:48
jrosseri wonder if that really is correct any more16:48
jrosserbecasue we should have root/local socket out of the box?16:48
noonedeadpunkI;m guessing if https://opendev.org/openstack/openstack-ansible-galera_server/src/branch/master/vars/debian.yml#L67 is right16:49
noonedeadpunkas it should be `mariadb-server` I believe16:49
noonedeadpunkbut how the hack it works in CI16:49
spotz[m]Ok first run through done, jrosser you're good at catching typos so let me know if I missed something:)16:49
jrosserso thats why i wonder really if that code is doing anything useful16:50
noonedeadpunkspotz[m]: I've used a linter this time in vscode :p16:50
noonedeadpunkbut how it works in ci16:50
jrosserbecasue it comes from the time that we (mis)used the root user for everything16:50
jrosserif the default install gives root/no-password/local-socket access16:50
jrosserthen we can come along and add the admin user with that16:51
noonedeadpunkyeah. so it's totally a good idea to refactor...16:51
jrosser^ this is guesswork, but i'm just wondering if when we changed things to not mess with the root user, this was forgotton to be removed16:51
jrosserspotz[m]: which patch is this?16:52
spotz[m]https://review.opendev.org/c/openstack/openstack-ansible/+/93960916:52
jrossercool thanks i will take a look16:52
noonedeadpunkjrosser: so the thing is, that we never create an admin user outside of this debconf16:52
spotz[m]I spent hours yesterday tracking down a YAML issue, I can not be trusted:)16:52
jrossernoonedeadpunk: what is this for? https://github.com/openstack/openstack-ansible-galera_server/blob/f773a8fb23a015969e886934649754a81d561601/vars/main.yml#L3116:53
noonedeadpunkhuh16:53
jrosserfrom just 2 mins trying to remember the code, this is what i expect to be making the users16:54
jrosseri didnt look much deeper than that though16:54
noonedeadpunkhow I haven;t found it16:54
noonedeadpunkthen, I think I do have news...16:55
jrosserhttps://github.com/search?q=repo%3Aopenstack%2Fopenstack-ansible-galera_server%20galera_root_user&type=code16:55
noonedeadpunkyou can't set galera_serial=100%16:55
opendevreviewMerged openstack/openstack-ansible-repo_server master: Use standalone httpd role  https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/93827016:55
noonedeadpunkas galera_all[1:] will never pass this handler: https://opendev.org/openstack/openstack-ansible-galera_server/src/branch/master/tasks/galera_server_main.yml#L103-L10416:55
jrosserand super confusingly there is also https://github.com/search?q=repo%3Aopenstack%2Fopenstack-ansible-galera_server%20galera_root_user&type=code16:55
jrosserthat seems to duplicate a bunch of what is in those ansible vars16:55
noonedeadpunkyeah, it's only for EL16:56
noonedeadpunkso yes, /o\16:56
jrosserwell only EL or not it's still dupliate?16:56
noonedeadpunkyeah16:57
jrosserso this maybe does come back to the question of what happens in CI16:57
jrosserbecause in the infra jobs we do run a 3 node database cluster16:57
noonedeadpunkin CI it works just because of this I think now https://opendev.org/openstack/openstack-ansible-plugins/src/branch/master/playbooks/galera_server.yml#L3916:58
noonedeadpunkso these flush_handlers do not run against [1:]16:58
noonedeadpunkI pretty much need to come up with molecule test there....17:00
jrosseri'm just trying to wrap my brain around why serial 100% does not work17:02
noonedeadpunkso, I can exmplain:)17:04
noonedeadpunkgalera_server_setup.yml is executed right after flush_handlers17:05
noonedeadpunkwhere admin user is created17:05
noonedeadpunkbut, admin user is also used as SST user17:05
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible-galera_server/src/branch/master/defaults/main.yml#L16017:05
noonedeadpunkif you run 100% - they are restarted, but they can not fetch data from the "master" as there's no user existing at the point of their restart17:06
noonedeadpunkso it's a race condition17:07
noonedeadpunkrealistically - you in fact don't want to run 100%17:08
noonedeadpunkever17:08
noonedeadpunkbut it shouldn't fail at least....17:08
jrossererrrr https://opendev.org/openstack/openstack-ansible-galera_server/src/branch/master/tasks/galera_server_main.yml#L108 ?17:08
noonedeadpunkbut L103 - executed for all17:08
noonedeadpunkand they already have in config this17:08
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible-galera_server/src/branch/master/templates/cluster.cnf.j2#L4017:09
noonedeadpunkso at L106 only galera_all[0] survives and comes to it, while rest are marked as FAILED during restart retries17:10
jrosserwell i guess that the code is pretty unobvious17:10
jrosserit is difficult to read and understand what is happening like this17:10
noonedeadpunksome refactoring is totally won't hurt17:11
jrosserit is however very obvious to have a task which immediately after install creates the users needed for the cluster to function, on all the nodes17:11
noonedeadpunkand other thing17:11
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible-plugins/src/branch/master/playbooks/galera_server.yml#L66-L6717:11
noonedeadpunkthat is unobvious as well17:11
noonedeadpunkbut if you set `galera_install_client: true` - server setup will fail as well17:12
noonedeadpunkat earlier step though17:12
jrosserso i was just looking at this root business17:12
jrosserand it might be that we have enough releases now where the admin user is created and used properly that we can strip out all the special cases17:12
noonedeadpunkas placing my.cnf with a user that does not exist - doesn't result in anything good17:12
noonedeadpunkand handling this only on playbook level not perfect kinda17:13
jrosserthere was a time when this was a mess becasue we had to handle an upgrade where the admin user was not there17:13
jrosserso perhaps now we can be more strict with the root user?17:14
noonedeadpunkI think we should be able to, yes17:14
jrosserthat would reduce the complexity17:14
noonedeadpunkbut if we'd think about isolated usecase - still some things to improve inside role logic17:15
noonedeadpunkas that race condition about root/non-root in playbook still will be true17:15
jrosserand it would be very nice for increased obviousness to create the users earlier17:15
noonedeadpunkyeah17:15
jrosserwell, there are more tools now, like throttle:17:15
jrosserwe didnt have that before17:15
jrosserso you can force the eqivalent of serial: 1 for a task even if the play does not specify that17:16
noonedeadpunkI'm not sure it will be helpful there? or it might be in an actual handler17:17
noonedeadpunkyeah. that can help17:17
noonedeadpunkgoodpoint17:17
jrosserits just a matter of opinion, but perhaps handlers are overused in the role17:17
noonedeadpunkI guess I'd need to come up with some basic role testing before all that...17:18
jrosseryes i think that would be great to have a molecule for the role standalone17:18
jrosserwe are using it like that for sure outside OSA17:18
noonedeadpunkme too17:18
noonedeadpunkwe also finally need to figure out way of publishing in galaxsy I guess17:19
jrosserin fact can probably also test upgrades in molecule pretty easily17:19
noonedeadpunkat least with molecule I feel a bit more confident about that17:19
jrossernot upgrades between branches maybe but certainly between versions on mariadb17:20
noonedeadpunkwell, we don't really know previos version on molecule for that17:20
noonedeadpunkwe can for rabbitmq though, I assume17:20
noonedeadpunkas there's mapping available for that https://opendev.org/openstack/openstack-ansible-rabbitmq_server/src/branch/master/vars/main.yml#L26-L3617:21
noonedeadpunkpotantially a good thing to add to mariadb 17:21
jrosseranswer seems to be that we could do some good cleanup17:21
noonedeadpunkyeah17:22
noonedeadpunkindeed17:22
noonedeadpunkI still owe a flag to re-bootstrap rabbitmq though :(17:22
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Extend example playbook to contain valid values  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/93974017:47
noonedeadpunkactually having functional tests in repos is handy as no need to fully re-invent testing...18:26
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Add molecule testing for the role  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/93975118:56
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-pki master: Install setuptools for noble  https://review.opendev.org/c/openstack/ansible-role-pki/+/93975219:07
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-pki master: Use OSA_TEST_REQUIREMENTS_FILE for molecule job  https://review.opendev.org/c/openstack/ansible-role-pki/+/93930119:07
opendevreviewMerged openstack/openstack-ansible master: Return upgrade jobs back to voting  https://review.opendev.org/c/openstack/openstack-ansible/+/93930719:55
jrossertheres a fairly repeatable error on here https://review.opendev.org/c/openstack/ansible-role-systemd_mount/+/93930320:13
opendevreviewMerged openstack/openstack-ansible-repo_server master: Use FQCN for modules  https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/93827222:16
« Monday, 2025-01-20 Index Wednesday, 2025-01-22 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!