Monday, 2020-06-01

« Sunday, 2020-05-31 Index Tuesday, 2020-06-02 »
dcapone2004nvm....found the correct path in the playbook files and once I put the override file there everything works as expected00:51
*** wuchunyang has joined #openstack-kolla00:58
*** wuchunyang has quit IRC01:02
*** cah_link1 has joined #openstack-kolla01:32
*** cah_link has quit IRC01:33
*** cah_link1 is now known as cah_link01:33
dmsimardI'm still hacking on it but here's some info about the 25 longest playbooks and tasks from kolla-ansible: http://paste.openstack.org/show/794185/01:51
dmsimarddata is from https://api.trunk.demo.recordsansible.org/?path=kolla-ansible&order=-duration01:52
*** alanmeadows_ has joined #openstack-kolla02:20
*** crindi_ has joined #openstack-kolla02:21
*** alanmeadows has quit IRC02:28
*** crindi has quit IRC02:28
*** rm_work has quit IRC02:28
*** alanmeadows_ is now known as alanmeadows02:28
*** crindi_ is now known as crindi02:28
*** yankcrime has quit IRC02:56
*** wuchunyang has joined #openstack-kolla03:01
*** hongbin has joined #openstack-kolla03:19
*** e0ne has joined #openstack-kolla03:23
*** e0ne has quit IRC03:28
*** wuchunyang has quit IRC03:30
*** e0ne has joined #openstack-kolla03:43
*** e0ne has quit IRC03:47
*** Torel has quit IRC03:55
*** e0ne has joined #openstack-kolla04:03
*** ykarel|away is now known as ykarel04:07
*** e0ne has quit IRC04:07
*** wuchunyang has joined #openstack-kolla04:12
*** wuchunyang has quit IRC04:17
*** skramaja has joined #openstack-kolla04:18
*** e0ne has joined #openstack-kolla04:23
*** e0ne has quit IRC04:27
*** evrardjp has quit IRC04:33
*** evrardjp has joined #openstack-kolla04:33
*** wuchunyang has joined #openstack-kolla04:58
*** vishalmanchanda has joined #openstack-kolla05:04
*** wuchunyang has quit IRC05:04
*** abdysn has joined #openstack-kolla05:04
*** wuchunyang has joined #openstack-kolla05:16
*** ricolin has joined #openstack-kolla05:19
*** wuchunyang has quit IRC05:20
*** k_mouza has joined #openstack-kolla05:24
*** k_mouza has quit IRC05:28
*** seco has joined #openstack-kolla05:51
*** hongbin has quit IRC05:57
*** xinliang has joined #openstack-kolla06:02
*** xinliang has quit IRC06:06
osmanlicilegimorning06:14
yoctozeptomorning06:39
openstackgerritRadosław Piliszek proposed openstack/kolla master: [DNM] test neutron patch  https://review.opendev.org/73198506:44
*** sorin-mihai has joined #openstack-kolla06:46
secomorning06:48
sorin-mihaimaybe i'm repeating myself, have been asking this in different forms in different channels. i'm trying to understand what is the best way to use multiple public provider subnets along with private subnets. if this is not the best place to ask, please let me know where to move this discussion06:56
sorin-mihaiat the moment i have a /30 in the router/firewall and another /28 provided by the ISP. if i add the /28 in the router, i can DNAT/SNAT to IPs in a private /16 that is used as DMZ. this seems to be working fine as i can keep an eye on the traffic on thse IPs using the IDS functionality of the router06:57
sorin-mihaithe private /16 is also the subnet used for 'management' in the server, i use it to ssh in the openstack server but also in other servers behind that router. this /16 is also set as external network using physnet106:57
sorin-mihaiwhat is the best way to add multiple public subnets so that i can use/manage them in openstack, including with designate, but still keep them monitored through the IDS that is in front of the openstack server? maybe it's a multiprocess, maybe this question looks incomplete, i'm stil trying to wrap my head around the issue, trying to keep the IDS in front of the openstack, use the private /16 for both physical and virtual07:03
sorin-mihaidevices, but to still be able to expose certain instances to the internet. it looks like designate at least will nork properly if i do NAT, so what would be the best way to achieve all these?07:03
sorin-mihais/nork/not\ work/07:08
*** bengates has joined #openstack-kolla07:09
mnasiadka morning07:09
*** dougsz has joined #openstack-kolla07:14
*** born2bake has joined #openstack-kolla07:28
*** wuchunyang has joined #openstack-kolla07:31
*** wuchunyang has quit IRC07:41
*** amoralej|off is now known as amoralej07:42
*** iniazi_ has quit IRC07:56
*** kevko has joined #openstack-kolla07:58
kevkohi, i have few notes on the kolla debian binary install - horizon08:04
kevkowhen kolla installed with debian binary , it is unable to login to horizon08:05
kevkoit is caused by default cache set by a package in /etc/kolla/local_settings.d/08:05
kevkoi think everything under local_settings.d/ what is installing debian packages should be removed and installed by a kolla08:06
kevkoanother note is regarding static_root ... when i remove all local_settings.d/* from debian package ..kolla should be installed OK .. but is not ..after this removal STATIC_URL pointing to /var/lib/openstack-dasjboard/static is missing in local_settings.py08:07
kevkoon ubuntu it is working because they are doing symlinks ..08:07
kevkoanother note is regarding symlink local_settings -> local_settings.py in /etc/openstack-dashboard ..it is working ..but it is ugly .. i think better will be if symlink to /etc/openstack-dashboard/local_settings.py provided by debian/ubuntu packages will be replaced to symlink to local_settings directly08:09
kevkoand last note is that debian package is symlinking policy files direct to /etc/openstack-dashboard/policy ..kolla have option where it is overriden to /etc/openstack-dashboard , it is OK , but /etc/openstack-dashboard/policy is unused ..08:10
kevkoi think above should be fixed firstly because it is not working under debian/binary ..and secondly for better look in /etc/openstack-dashboard/08:11
*** radek has joined #openstack-kolla08:13
*** e0ne has joined #openstack-kolla08:15
*** ykarel is now known as ykarel|lunch08:23
*** eliaswimmer has quit IRC08:24
mnasiadkamgoddard: https://review.opendev.org/#/c/710213/ - I see Dincer is happy to merge it - any last minute thoughts? :)08:30
patchbotpatch 710213 - kolla-ansible - Custom haproxy script for monitoring galera - 56 patch sets08:30
mgoddardmnasiadka: I'll take a looksie08:33
mgoddardsorin-mihai: how about just using the firewall as a firewall, removing the NAT, and giving the /28 to openstack to use as a public network?08:46
mgoddardsorin-mihai: as soon as you add NAT, your floating/public IPs are no longer directly accessible08:47
sorin-mihaimgoddard, that's what i want to do, to get rid of the NAT but i'm not sure how nor where is the problem now08:47
mgoddardsorin-mihai: here's a old blog: https://www.mirantis.com/blog/configuring-floating-ip-addresses-networking-openstack-public-private-clouds/#:~:text=But%20OpenStack%20also%20introduces%20another,reachable%20from%20the%20outside%20world.08:49
mgoddardsorin-mihai: you normally just have one (or more) external networks which are marked as external=true in neutron. You can create floating IPs on these08:49
mgoddardthen other neutron networks are generally internal08:50
sorin-mihaido i need to change the external VIP to be from that /28?08:50
sorin-mihaifor some reason i can't add another external network, as i have flat network and only 1 physnet available08:51
sorin-mihaimaybe i'm doing it the wrong way08:51
mgoddardsorin-mihai: you can only have one flat network per physnet. You either need multiple physnets or use VLANs08:53
mgoddardexternal VIP is separate to neutron.08:53
mgoddardit could be on the same subnet, if it is excluded from the allocation pool08:53
sorin-mihaithat's how i did it, i kept some of that /16 out of the pool08:54
sorin-mihaibut to be sure i got it right, given the current flat network setup, i have no way to use the /28 inside openstack?08:56
hrwkevko: ideas look good. can you help with it?08:57
hrwkevko: to be honest I never used debian/binary target as I target aarch64 not x86-6408:58
hrwmorning08:58
*** k_mouza has joined #openstack-kolla09:02
mgoddardsorin-mihai: you can have multiple subnets per network09:05
mgoddardnot sure if it will cause issues though09:06
*** sheldonhu has joined #openstack-kolla09:06
sorin-mihaii tried to add the public /28 as a 2nd subnet to the external network along the /16 one, adding it as subnet worked, added a floating IP to a instance and made sure there's no NAT for that IP, but it's not working. i suspect it could also be a thing related to the firewall limitations and the flat network setup, not sure what to look into09:10
*** ykarel|lunch is now known as ykarel09:10
*** wuchunyang has joined #openstack-kolla09:11
*** e0ne_ has joined #openstack-kolla09:11
*** muhaha has joined #openstack-kolla09:11
*** e0ne has quit IRC09:11
mgoddardyoctozepto: thanks for pushing on the neutron issue. I spoke to slaweq about it last week but didn't have time to investigate myself09:11
*** gfidente has joined #openstack-kolla09:12
mgoddardsorin-mihai: I don't think you want to expose the /16 as external do you?09:12
sorin-mihaithe /16 being behind firewall and set as DMZ i'm using it as external so that i can access all floating IPs over a vpn that is set in the firewall09:13
sorin-mihaibut this forces me to use NAT if i want to expose any of the floating IPs to the internet09:14
kevkohrw: yes , of course, i will proces it , i give a task to my brother ( now he is working with us in our company :) ) and we together will send a patchsets to review09:16
*** seco has quit IRC09:18
openstackgerritMark Goddard proposed openstack/kayobe master: Fix external API interface with out an IP address  https://review.opendev.org/73175409:18
*** e0ne_ has quit IRC09:19
sorin-mihaifrom my point of view, with the current flat setup, i have external public IPs (static, usable only with NAT), external private IPs (DHCP pool, floating, same /16 for all domains/projects) and internal private IPs (DHCP, unique /24 per project, didn't test if it could overlap with the /16)09:19
hrwkevko: thanks!09:20
kevkohrw: last 2 questions09:20
hrwkevko: do not ask to ask but ask09:21
*** sheldonhu has quit IRC09:22
*** e0ne has joined #openstack-kolla09:22
*** jbadiapa has joined #openstack-kolla09:23
kevkohrw: kolla is installing policy files to /etc/openstack-dashboard/ , i'm just wondering that maybe it would be nice to use conf folder directly as it is in upstream https://github.com/openstack/horizon/tree/master/openstack_dashboard/conf09:23
kevkoand have symlink to /etc/openstack-dashboard/policy09:23
kevkono need to change local settings and overriding policy path ..and + ist that when i check /etc/openstack-dashboard ..there is no mess in config files ...09:24
hrwkevko: I have to admit that I mostly work on building part (kolla) while it looks like you ask about installing part (kolla-ansible)09:25
hrwmgoddard: ^^09:25
kevkosecond question is ..that if it is really good solution to have include to custom_local_settings ..firstly horizon upstream RECOMMENDS to use local_settings.d ... secondly .. local_settings.d has bigger priority ..or let's say it is overriden09:25
mgoddardkevko: I didn't know about local_settings.d. That sounds better. We're probably stuck with custom_ for backwards compat reasons though09:26
mgoddardwe could drop it into .d though09:26
mgoddardkevko: on the policies, we ended up doing some massaging to make things consistent between different distros and source/binary. Possibly it could be better09:27
kevkomgoddard: well, i think it is more clear to use default horizon path and just symlink to /etc/openstack-dashboard/ as defining it in local_settings.py09:29
kevkosorry /etc/openstack-dashboard/policy for example09:29
kevkomgoddard: local_settings.d is in horizon for a long time ... https://github.com/openstack/horizon/tree/master/openstack_dashboard/local/local_settings.d09:30
kevkomgoddard: it is loading configs in alphabetical order .. so kolla should have somehing like _9999_kolla_custom_config.py09:30
mgoddardkevko: is there a problem that this would fix?09:31
* hrw out09:31
kevkomgoddard: well, half of my ideas is fixing small problem with debian binary ..and half is cosmetic things ..  i can omit cosmetic things and only fix a problem ..read above what i wrote ...it is "kevko 10:04:46"09:36
openstackgerritMark Goddard proposed openstack/kolla stable/ussuri: Switch to RDO Ussuri release on CentOS  https://review.opendev.org/73179809:38
*** yankcrime has joined #openstack-kolla09:39
*** ricolin_ has joined #openstack-kolla09:44
*** ricolin has quit IRC09:47
*** seco has joined #openstack-kolla09:50
*** chenyingnan01 has joined #openstack-kolla09:55
mgoddardkevko: ok, if there are genuine issues we should fix them09:55
*** seco has quit IRC09:56
mgoddardkevko: in general I've found that the debian packages seem to go in their own direction09:56
kevkomgoddard: well, i am author of redefining debian package ..because it was bad in both dists ubuntu and debian09:59
*** chenyingnan01 has quit IRC10:00
kevkomgoddard: this is that ugly thing which i fixed by rework -> http://paste.openstack.org/show/794199/   symlink from usr share to python libraries :/10:00
*** sorin-mihai_ has joined #openstack-kolla10:04
*** sorin-mihai has quit IRC10:05
*** wuchunyang has quit IRC10:09
*** e0ne has quit IRC10:15
*** k_mouza has quit IRC10:18
*** witek has joined #openstack-kolla10:23
*** e0ne has joined #openstack-kolla10:29
mnasiadkamgoddard, yoctozepto: Is this the neutron ovslib error we've been chasing? https://zuul.opendev.org/t/openstack/build/f5e8a73e3eae4c519bca060332c55dba/log/primary/logs/kolla/all-ERROR.txt#22410:32
yoctozeptomnasiadka: yeah, I handled this and Terry found a fix https://bugs.launchpad.net/neutron/+bug/188142410:33
openstackLaunchpad bug 1881424 in kolla-ansible victoria "Neutron ovs agent fails on rpc_loop iteration:1" [Critical,Triaged]10:33
mnasiadkameh, so then let's wait10:33
yoctozeptomgoddard, mnasiadka: we can temp-pin ovsdbapp to 1.1.0 to fix our gate10:34
yoctozeptoor wait for release with fix10:34
yoctozeptobut it could take some time10:34
yoctozeptotheir CI fubar10:34
mnasiadkalet me go kick somebody10:35
mnasiadkayoctozepto: yeah, let's temp-pin... seems it's not gonna go in today (or probably even this week)10:37
yoctozeptomnasiadka: ok, doing it10:37
openstackgerritRadosław Piliszek proposed openstack/kolla master: [to-revert] Pin ovsdbapp in neutron to 1.1.0  https://review.opendev.org/73215310:40
yoctozeptomnasiadka, mgoddard: ^10:41
mgoddardyoctozepto: what about binary?10:44
*** witek has quit IRC10:45
*** k_mouza has joined #openstack-kolla10:54
*** kevko has quit IRC10:56
*** kemopq has joined #openstack-kolla10:56
*** rgogunskiy has joined #openstack-kolla10:57
*** kevko has joined #openstack-kolla10:58
*** e0ne has quit IRC10:59
yoctozeptomgoddard: binary not released afaik11:01
*** kevko_ has joined #openstack-kolla11:01
*** kevko has quit IRC11:04
*** faizy98 has joined #openstack-kolla11:04
*** sorin-mihai_ has quit IRC11:05
*** sorin-mihai has joined #openstack-kolla11:08
*** also_stingrayza is now known as stingrayza11:11
*** e0ne has joined #openstack-kolla11:14
*** e0ne_ has joined #openstack-kolla11:17
*** e0ne has quit IRC11:17
*** e0ne_ has quit IRC11:19
*** e0ne has joined #openstack-kolla11:20
*** wuchunyang has joined #openstack-kolla11:22
*** seco has joined #openstack-kolla11:26
*** xinliang has joined #openstack-kolla11:34
*** e0ne has quit IRC11:36
*** e0ne has joined #openstack-kolla11:40
*** amoralej is now known as amoralej|lunch11:41
*** sorin-mihai has quit IRC11:48
yoctozeptomgoddard: rdo released, thankfully we are not blocked by binary11:52
*** e0ne has quit IRC11:59
*** dmellado has quit IRC12:02
*** e0ne has joined #openstack-kolla12:02
*** xinliang has quit IRC12:03
*** dmellado has joined #openstack-kolla12:06
yoctozeptodoes etherpad work for you?12:07
yoctozeptook, it works for me, but takes a looong time to load12:07
yoctozepto;/12:07
*** wuchunyang has quit IRC12:11
*** amoralej|lunch is now known as amoralej12:19
*** skramaja has quit IRC12:20
*** wuchunyang has joined #openstack-kolla12:25
mnasiadkamgoddard: will be a bit late for PTG12:26
*** wuchunyang has quit IRC12:30
*** ricolin_ is now known as ricolin12:31
*** erolg has joined #openstack-kolla12:34
dcapone2004I am trying out a hyper-converged openstack train deployment and I am running into a network issue …. I think / thought I have everything configured correctly however my internal networks are receiving DHCP addresses, so maybe I am misunderstand how neutron works with VLANs...12:38
dcapone20043 node setup with Ceph on the backend for storage, 2 physical network interfaces, eno2 is external and mapped to physnet1 and eno1 which is all the other interfaces (including the ceph public network)12:39
dcapone2004eno2 is connected to an external network switch that has the switch in access mode, eno1 is connected to the same switch with its ports configured in trunk mode to allow VLANS 800-900 and a native vlan port that is the same as the the other interfaces12:40
dcapone2004ml2_conf.ini was overridden and contains.... https://pastebin.com/hASKPKy812:42
*** sorin-mihai has joined #openstack-kolla12:45
dcapone2004I love this channel....it has a magically power that the moment I start typing an issue I'm stuck on for over an hour to it, I suddenly realize my error12:47
yoctozeptodcapone2004: not many folks around because ptg (project team gathering) is in 13 minutes12:47
yoctozeptodcapone2004: but I'm glad you solved your issue using the rubber duck method :-)12:47
*** priteau has joined #openstack-kolla12:48
yoctozeptohttps://etherpad.opendev.org/p/kolla-victoria-ptg etherpad for ptg12:48
dkingAlso, it's not a bad idea to post the solution, even if it became obvious, if nothing more than potentially helping somebody else.12:48
yoctozepto^ ++12:48
*** ykarel is now known as ykarel|afk12:51
openstackgerritRadosław Piliszek proposed openstack/kolla stable/ussuri: Switch to RDO Ussuri release on CentOS  https://review.opendev.org/73179812:53
hrwwhat is meeting password?12:53
*** ricolin has quit IRC12:54
*** ricolin has joined #openstack-kolla12:55
openstackgerritRadosław Piliszek proposed openstack/kolla stable/ussuri: Switch to RDO Ussuri release on CentOS  https://review.opendev.org/73179812:55
openstackgerritMark Goddard proposed openstack/kolla stable/ussuri: Switch to RDO Ussuri release on CentOS  https://review.opendev.org/73179812:56
openstackgerritRadosław Piliszek proposed openstack/kolla stable/ussuri: Switch to RDO Ussuri release on CentOS  https://review.opendev.org/73179812:56
mgoddardyoctozepto: I think we are fighting over it ^12:56
yoctozeptomgoddard: loll, sorry, did not notice you12:57
dcapone2004the solution was I defined the wrong physical interface in ml2_conf.ini … I defined the external network interface (which wasn't configured for trunking) … still in the process of reconfiguring the deployment to ensure that brings a resolution but it makes sense as the problem :-)12:57
yoctozeptomgoddard: but hmm it's actually you did not notice me12:57
erolghrw +112:58
hrwmgoddard: what is meeting password?12:58
mgoddardhrw: PTG202012:58
PrinzElvisHi all12:59
hrwthx13:00
mnasiadkaIs zoom working for anybody? mine just says "Connecting..." for 5 minutes :D13:05
*** TrevorV has joined #openstack-kolla13:06
dougszmnasiadka: seems fine13:07
hrwworks fine13:07
hrwmnasiadka: 17 people joined so far13:07
kplanthey whoever thought to add container specific footers and a generic footer to the dockerfiles: thank you!13:07
kplantsome good forethought13:08
mnasiadkadoes not work for me, zoom enters some diabolical loop and stops responding13:08
hrwmnasiadka: use a phone?13:08
mnasiadkahrw: come on, it can't be so simple13:08
*** mattia has joined #openstack-kolla13:12
*** arxcruz is now known as arxcruz|qa_room13:14
mgoddard#kolla now reflection13:28
yoctozeptomgoddard: reflecting on my life13:32
mgoddarddangerous13:32
yoctozeptomgoddard: :O I said mine, not yours13:33
mnasiadkaso, it seems latest security update on Mac has killed Zoom - if anybody has a similar problem :)13:34
*** JamesBenson has joined #openstack-kolla13:40
dcapone2004ok, so the problem I have is definitely the wrong interface being defined in ml2_conf.ini, however, I cannot figure out what is the correct physical interface name to use in ml2_conf.ini that references the other interface …. in looking at ovs-vsctl I see port eno2 added to br-ex and the mapping for physnet1 to br-ex, but I do not see eno113:59
dcapone2004defined in any bridges13:59
dcapone2004do I create another mapping for physnet2:br-int and use that or physnet2:br-tun? or something completely different14:05
*** e0ne has quit IRC14:11
*** e0ne has joined #openstack-kolla14:12
dmsimardis zoom available without a client ? i.e, browser based ?14:16
noxoidyes but they make it difficult to find in my experience14:17
noxoidive only seen the link when i click "open zoom client" or whatever and wait a few seconds. they'll display the browser link at that point14:17
hrwdmsimard: yes14:17
openstackgerritMerged openstack/kolla master: [to-revert] Pin ovsdbapp in neutron to 1.1.0  https://review.opendev.org/73215314:18
kplantis there a relay to less-evil software?14:19
kplantor a dial in number14:19
dmsimardnoxoid: wow yeah they'd really prefer you use the client14:19
*** Torel has joined #openstack-kolla14:21
dmsimardkplant: I see a phone call option when joining over the browser14:21
dcapone2004I think zoom was founded on the premise of specifically not using a browser based interface..one of the reasons the founder left Cisco/webex to create zoom14:24
kplanti don't understand how zoom is still thriving with all of the security holes14:25
kplantdmsimard: you said you got it to prompt you to join via browser?14:25
dmsimardkplant: yeah it only displays a link at the bottom to join with your browser as a last resort14:26
kplanti've been sitting here for a few minutes14:26
kplantno join from browser link14:26
dmsimardlike it will try to open the app with xdg-open, you respectfully decline and it will show a link at the bottom14:26
dmsimardwhat browser ? it wouldn't work for me in firefox, had to use chrome14:26
kplantah, have to try the manual download option first14:27
*** Limech has quit IRC14:27
yoctozeptokplant: "I don't understand how google is still thriving despite we all know how much info it gathers on us"14:28
dcapone2004lol14:28
yoctozeptojust paraphrased14:28
dmsimardyoctozepto: privacy is a nightmare nowadays :(14:28
yoctozeptowhat is privacy? :D14:28
kplantfair enough14:28
kplantalthough zoom is not an ecosystem14:28
yoctozeptotrue that, and not that monopolist14:29
yoctozeptobut still, got popular, stayed popular14:29
*** sorin-mihai has quit IRC14:30
openstackgerritRadosław Piliszek proposed openstack/kolla master: Revert "[to-revert] Pin ovsdbapp in neutron to 1.1.0"  https://review.opendev.org/73239114:30
*** sorin-mihai has joined #openstack-kolla14:31
*** abdysn has quit IRC14:36
kplantlol14:47
*** ykarel|afk is now known as ykarel14:58
*** e0ne_ has joined #openstack-kolla14:58
*** e0ne has quit IRC14:59
*** diurnalist has joined #openstack-kolla15:06
dmsimardI don't have to bandwidth to be core but I'm hoping to help in different ways15:08
hrwgood15:08
*** e0ne_ has quit IRC15:11
*** dcapone2004 has quit IRC15:17
*** rgogunskiy has quit IRC15:22
*** Torel has quit IRC15:24
*** Torel has joined #openstack-kolla15:26
*** rm_work has joined #openstack-kolla15:45
*** ykarel is now known as ykarel|away15:45
*** wuchunyang has joined #openstack-kolla15:46
*** dcapone2004 has joined #openstack-kolla15:54
dcapone2004idk if anyone responded to my question as my IRC session disconnected ...15:54
hrwdmsimard: ask it again?15:55
hrwdcapone2004: but consider that we are in virtual PTG mode so most of us is either busy on zoom or at break in it15:56
dcapone2004yeah I was here earlier for that notice :-)15:56
dcapone2004essentially, I am looking to setup a hyper-converged openstack environment.....I only have 2 interface eno1 and eno2 (for the moment in the lab situation)….eno2 is assigned as the neutron external interface15:57
dcapone2004eno1 is the public interface for the ceph cluster only running on this 3 node deployment and is where the internal/external VIP is for openstack….can I also use that interface for the internal network to network traffic for neutron internal networks using vlans?15:58
dcapone2004I cannot find the physnet name assigned that interface to override ml2_conf.ini and update the ml_type_vlan section and the network_vlan_ranges option16:00
*** wuchunyang has quit IRC16:07
*** seco has quit IRC16:15
*** dougsz has quit IRC16:22
*** sluna has joined #openstack-kolla16:24
*** bornie2bake has joined #openstack-kolla16:27
bornie2bakeHi, is octavia-api broken in ussuri? http://paste.openstack.org/show/794211/16:28
*** slunav has joined #openstack-kolla16:29
*** sluna has quit IRC16:29
bornie2bakecant create lb via horizon HttpException: 500: Server Error for url: http://10.0.1.5:9876/v2.0/lbaas/loadbalancers, Internal Server Error16:29
johnsomThat error implies that the [service_auth] or [neutron] section in the Octavia API configuration file is not correct: https://docs.openstack.org/octavia/latest/configuration/configref.html#service-auth16:34
bornie2bakehttp://paste.openstack.org/show/794212/ octavia conf file16:36
*** dougsz has joined #openstack-kolla16:36
bornie2bakels /etc/kolla/config/octavia/16:37
bornie2bakeclient_ca.cert.pem  client.cert-and-key.pem  server_ca.cert.pem  server_ca.key.pem16:37
johnsomIt might be worth setting up the openstack client with those credentials and see if the account can list the neutron extensions.16:42
*** sluna has joined #openstack-kolla16:43
bornie2bakeoctavia account cant access openstack :/ hm...16:44
*** bengates has quit IRC16:57
*** bengates has joined #openstack-kolla17:00
*** bornie2bake has quit IRC17:01
*** jonaspaulo has joined #openstack-kolla17:01
*** k_mouza has quit IRC17:03
*** also_stingrayza has joined #openstack-kolla17:03
*** bengates has quit IRC17:04
*** stingrayza has quit IRC17:06
*** dougsz has quit IRC17:08
*** muhaha has quit IRC17:14
*** k_mouza has joined #openstack-kolla17:16
mgoddardborn2bake: we recently merged https://review.opendev.org/#/c/720243/, which I had suspicions might cause problems. Could you try adding the octavia user to the admin project and try again?17:16
patchbotpatch 720243 - kolla-ansible - Remove octavia user from admin project (MERGED) - 8 patch sets17:16
mgoddardborn2bake: there is also https://review.opendev.org/#/c/727160/, which is related (read the comments)17:17
patchbotpatch 727160 - kolla-ansible - Make sure octavia uses service project in service_... - 1 patch set17:17
*** sorin-mihai_ has joined #openstack-kolla17:17
*** amoralej is now known as amoralej|off17:18
*** sorin-mihai has quit IRC17:18
born2bakemgoddard thank you, will do17:19
*** sorin-mihai__ has joined #openstack-kolla17:19
*** k_mouza has quit IRC17:20
*** sorin-mihai_ has quit IRC17:22
*** TrevorV has quit IRC17:23
born2bakejohnsom https://prnt.sc/sru9dj I ve created certs via off guide...does it mean that I did something wrong during certs creation?17:23
johnsomborn2bake Yes, one moment and I can probably figure out the step that has the issue17:24
johnsomborn2bake So, in your octavia.conf, [certificates] section, there are two setting related to the error you see.  ca_private_key and ca_private_key_passphrase.17:28
*** TrevorV has joined #openstack-kolla17:28
born2bakeyeah, both are there :) http://paste.openstack.org/show/794212/17:28
johnsomborn2bake Here is a command line to test the values: openssl rsa -in /etc/octavia/certs/server_ca.key.pem and use the ca_private_key_passphrase as the passphrase. You should see the key output in PEM format (text). Also, double check your file permissions such that the account the Octavia process is running under has permission to read the file.17:31
born2bakeohh right...permissions. let me check. passphrase is fine just checked17:32
*** sluna has quit IRC17:34
*** gfidente is now known as gfidente|afk17:45
*** erolg has quit IRC18:03
*** e0ne has joined #openstack-kolla18:11
born2bakejohnsom dunno set perms to 700...passphrase is the correct one :/ hm18:22
born2bakegetting same error... does anybody tried ussuri k-a octavia?18:22
johnsomAre the files and directories to get there owned by "octavia" and are the octavia processes running under the "octavia" account?18:23
*** kplant has quit IRC18:23
*** kplant has joined #openstack-kolla18:23
johnsomborn2bake Sorry, I don't use kolla.18:23
born2bakehttp://paste.openstack.org/show/794216/18:28
*** ricolin has quit IRC18:33
johnsomborn2bake and "ps -U octavia" shows the worker process?18:33
mgoddardborn2bake: did you try my suggestion?18:34
*** sorin-mihai__ has quit IRC18:35
*** sorin-mihai has joined #openstack-kolla18:37
*** e0ne has joined #openstack-kolla18:37
*** also_stingrayza is now known as stingrayza18:38
*** TrevorV has quit IRC19:03
*** e0ne has quit IRC19:03
*** e0ne has joined #openstack-kolla19:03
born2bakejohnsom19:06
born2bake(octavia-worker)[octavia@zhavoronok /etc/octavia/certs]$ ps -U octavia19:06
born2bake    PID TTY          TIME CMD19:06
born2bake      1 ?        00:00:00 dumb-init19:06
born2bake      6 ?        00:00:04 octavia-worker:19:06
born2bake     20 ?        00:00:02 octavia-worker:19:06
born2bake     23 ?        00:00:00 octavia-worker:19:06
born2bake     35 pts/0    00:00:00 bash19:06
born2bake     79 pts/0    00:00:00 ps19:06
*** arxcruz|qa_room is now known as arxcruz19:07
born2bakemgoddard I didnt update k-a but I ve added octavia user to admin proj...I can start creation of lb now but getting that error - https://prnt.sc/sru9dj19:07
johnsomOk, so that should be ok. Hmm, maybe I am reading the context of the error wrong. Can you do "openssl rsa -in client.cert-and-key.pem" and get output without a pass phrase?19:09
*** dcapone2004 has quit IRC19:11
johnsomI don't think that is the problem, it still seems like there is something wrong with that key file, but thought I would check19:12
born2bakeopenssl rsa -in client.cert-and-key.pem - yeah all good without passphrase19:14
johnsomAlso, check that the output from the other command, with the pass phrase, outputs "-----BEGIN RSA PRIVATE KEY-----". This would make sure the key isn't in DER format or something strange like that.19:14
born2bakewriting RSA key19:15
born2bake-----BEGIN RSA PRIVATE KEY-----19:15
johnsomYeah, that is what you should get for both commands19:15
born2bakehm weird... I will try to create new certs from scratch and re-deploy k-a19:15
*** e0ne has quit IRC19:16
johnsomYeah, pretty puzzled. All I can think is there is some permission issue, but if you su - octavia and can read the key with a passphrase, .... Or a typo in the key file path in the config maybe.19:16
*** TrevorV has joined #openstack-kolla19:18
openstackgerritMerged openstack/kolla-ansible master: [Community goal] Update the contributor guide  https://review.opendev.org/72964219:21
*** diurnalist has quit IRC19:29
*** jonaspaulo has quit IRC19:55
*** diurnalist has joined #openstack-kolla20:02
*** radek has quit IRC20:04
diurnalistmgoddard: i have interest in a few kolla topics, but have a lot of conflicts during the Kolla meeting times. tomorrow i can likely only make it to the back half of the first session, and the front half of the next. I have some agenda items to weigh in on, so I will plan on being in the meeting to say hello then20:05
diurnalisti am not sure of the agenda for each session but i suppose it is proceeding down the etherpad, in which case this should still allow me to participate in the federation/letsencrypt/tls bit20:06
*** dcapone2004 has joined #openstack-kolla20:13
*** priteau has quit IRC20:38
*** dcapone2004 has quit IRC20:44
*** rouk has joined #openstack-kolla20:46
born2bakemgoddard johnsom added k-a patches, created certs from scratch https://docs.openstack.org/octavia/latest/admin/guides/certificates.html ; same issue octavia.common.exceptions.CertificateGenerationException: Could not sign the certificate request: Bad decrypt. Incorrect password? I will wait in case if someone will try to deploy octavia in ussuri...20:57
johnsomborn2bake Ok. Many of us have it going with the Ussuri release, just not necessarily via Kolla. So curious20:59
*** k_mouza has joined #openstack-kolla21:04
*** k_mouza has quit IRC21:08
*** vishalmanchanda has quit IRC21:24
*** diurnalist has quit IRC22:22
*** TrevorV has quit IRC22:37
*** diurnalist has joined #openstack-kolla22:56
*** diurnalist has quit IRC23:50
« Sunday, 2020-05-31 Index Tuesday, 2020-06-02 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!