| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Update ssh connection plugin paramters to match upstream https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/939899 | 07:46 |
|---|---|---|
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-plugins master: Automatically import ssh connection plugin options from the base class https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/939957 | 07:46 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Omit passing the project when no project scope is needed https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/944970 | 08:36 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-ops master: Define clusterctl_version explicitly https://review.opendev.org/c/openstack/openstack-ansible-ops/+/941114 | 08:40 |
| noonedeadpunk | gokhan_: about that ceph thing you asked back in the days. Do you have `rgw keystone implicit tenants = true` in ceph.conf? | 09:04 |
| gokhan_ | noonedeadpunk, I am checking | 09:23 |
| gokhan_ | rgw_keystone_implicit_tenants is false in my ceph environment | 09:24 |
| noonedeadpunk | so I think we were able to fix behavior by setting it to true :) | 09:25 |
| gokhan_ | noonedeadpunk, Ahh ok I am trying now | 09:26 |
| gokhan_ | noonedeadpunk, I changed it to true but same error. I also restarted radosgw services. https://paste.openstack.org/show/bhPWBiDg3N8AYdDj3o9w/ | 09:47 |
| noonedeadpunk | well... dunno then... I bet its actually a ceph rgw issue, as swift comp[atability there is not well maintained | 09:48 |
| noonedeadpunk | but here setting the value reportedly helped | 09:48 |
| gokhan_ | noonedeadpunk, my config is there https://paste.openstack.org/show/bHajngls7E6wp6tJbpb1/ | 09:49 |
| gokhan_ | noonedeadpunk, yes I think it is also ceph rgw issue. in quincy and pacific versions, it worked very well. | 09:56 |
| gokhan_ | noonedeadpunk, when running skyline behind haproxy, sometimes it get http 500 errors on haproxy, request can not reach skyline containers. but without haproxy, there is no problem when ı try with multi requests. ı played with timeout settings but It didn't help. Do you have any recommendation for this situation ? | 12:32 |
| noonedeadpunk | frankly speaking - I never ran skyline in production envs | 13:00 |
| noonedeadpunk | I'd guess there's some param to tune for apache tbh | 13:02 |
| mossblaser | sykebenX, noonedeadpunk: sorry I've not come back re: the SSH CA config we were discussing last week. After a lot more thought I've come to the conclusion that the best route out of this scenario is to make it possible to opt-out of OSA deploying CA config on a case-by-case basis leaving it up to you to deploy a suitable CA config outside OSA along with whatever you're actively doing | 16:42 |
| sykebenX | mossblaser: do worries, I think I'd agree with this approach. This is basically the conclusion I came to as well | 16:43 |
| sykebenX | no worries* | 16:43 |
| mossblaser | in our case, for example, it is only compute nodes running nova which run on bare metal and thus are simultaneously touched by our own automation and OSA; in this case we would manually use our own automation to load in the OSA SSH CA and suitable user/principals mapping | 16:43 |
| mossblaser | (other uses of the SSH CA stuff all live in containers which our automation never touch) | 16:43 |
| mossblaser | so at some point I'll put up a pair of patches to osa-plugins and osa-nova which add appropriate variables to control turning on/off CA config deployment | 16:44 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Move argument parsing for dynamic_inventory to generate https://review.opendev.org/c/openstack/openstack-ansible/+/945025 | 16:48 |
| noonedeadpunk | mossblaser: can't you just set nova_ssh_keypairs_install_ca: [] nova_ssh_keypairs_principals: [] nova_ssh_keypairs_install_keys: [] as of today? | 16:51 |
| noonedeadpunk | or smth like that? | 16:51 |
| noonedeadpunk | maybe you don't even need nova_ssh_keypairs_principals... | 16:51 |
| mossblaser | ah -- perhaps! I'd not looked closely enough yet | 16:51 |
| noonedeadpunk | mossblaser: eventually... you can be right... and worth adding also smth like ssh_keypairs_create_keys: "{{ nova_ssh_keypairs_create_keys }}" here: https://opendev.org/openstack/openstack-ansible-os_nova/src/branch/master/tasks/nova_compute.yml#L43 | 16:54 |
| noonedeadpunk | as today it will prevent them from installing, but will not prevent from generarting | 16:54 |
| mossblaser | actually in this case I'd prefer it to still generate the CAs -- its just the sshd config I'd want to turn off (e.g. I would prefer not to use our regular SSH CA for this task) | 16:58 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Move argument parsing for dynamic_inventory to generate https://review.opendev.org/c/openstack/openstack-ansible/+/945025 | 16:58 |
| noonedeadpunk | I think that then potentially all vars are likely present | 17:03 |
| noonedeadpunk | like - you can also set ssh_keypairs_install_authorities: False in /etc/openstack_deploy/group_vars/nova_compute.yml | 17:04 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Prevent inventory-manger failing with arbitrary groups https://review.opendev.org/c/openstack/openstack-ansible/+/945030 | 17:11 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Install inventory-manage as a console_script https://review.opendev.org/c/openstack/openstack-ansible/+/945032 | 17:25 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Symlink console_scripts to /usr/local/bin/ https://review.opendev.org/c/openstack/openstack-ansible/+/945033 | 17:27 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!