Wednesday, 2020-08-19

« Tuesday, 2020-08-18 Index Thursday, 2020-08-20 »
*** brinzhang0 has joined #openstack-kolla00:09
*** brinzhang_ has quit IRC00:12
*** markmcclain has quit IRC00:13
*** markmcclain has joined #openstack-kolla00:15
*** markmcclain has quit IRC00:24
*** keper7 has quit IRC00:49
*** brinzhang0 has quit IRC00:51
*** zhanglong has joined #openstack-kolla00:52
*** xinliang has joined #openstack-kolla00:54
*** kevko has quit IRC01:13
*** devfaz has quit IRC02:03
*** devfaz has joined #openstack-kolla02:04
*** rphillips_ has joined #openstack-kolla02:05
*** zzzeek has quit IRC02:05
*** mgoddard has quit IRC02:05
*** weshay|ruck has quit IRC02:05
*** timburke has quit IRC02:05
*** weshay has joined #openstack-kolla02:06
*** rphillips has quit IRC02:06
*** benj_ has quit IRC02:06
*** benj_ has joined #openstack-kolla02:07
*** ricolin has quit IRC02:09
*** dciabrin has quit IRC02:10
*** dciabrin has joined #openstack-kolla02:10
*** zzzeek has joined #openstack-kolla02:11
*** timburke has joined #openstack-kolla02:11
*** mgoddard has joined #openstack-kolla02:13
*** ricolin has joined #openstack-kolla02:19
*** dave-mccowan has quit IRC02:44
*** jcmdln has quit IRC03:29
*** vishalmanchanda has joined #openstack-kolla03:30
*** suryasingh has joined #openstack-kolla03:51
*** zhanglong has quit IRC04:07
*** bengates has joined #openstack-kolla04:10
*** bengates has quit IRC04:15
*** xinliang has quit IRC04:28
*** evrardjp has quit IRC04:33
*** evrardjp has joined #openstack-kolla04:33
*** skramaja has joined #openstack-kolla04:37
*** abdysn has joined #openstack-kolla05:00
*** zhanglong has joined #openstack-kolla05:17
openstackgerritcaoyuan proposed openstack/kolla-ansible stable/ussuri: Mount /etc/timezone based on host OS  https://review.opendev.org/74601705:19
openstackgerritcaoyuan proposed openstack/kolla-ansible stable/train: Mount /etc/timezone based on host OS  https://review.opendev.org/74601805:19
openstackgerritcaoyuan proposed openstack/kolla-ansible master: Standardize use and construction of endpoint URLs  https://review.opendev.org/65215705:20
*** brinzhang has joined #openstack-kolla05:42
*** cah_link has joined #openstack-kolla06:06
*** dmellado has quit IRC06:11
*** zijlboot has joined #openstack-kolla06:11
*** zhanglong has quit IRC06:29
*** dmellado has joined #openstack-kolla06:41
*** patchbot has quit IRC06:41
*** happyhemant has joined #openstack-kolla06:42
oyrogergBack to chewing on OSA vs KA, I see that OSA recommend and include the use of https://docs.openstack.org/ansible-hardening - has that been discussed here before?06:52
*** patchbot has joined #openstack-kolla06:52
*** xinliang has joined #openstack-kolla06:54
yoctozeptooyrogerg: it does not cover containerised services; we seem to have the hardening discussion from time to time but noone really picks it up to do something06:56
*** brinzhang_ has joined #openstack-kolla06:56
*** jbadiapa has joined #openstack-kolla06:57
oyrogergAh right, so I guess they use it to harden hosts, not containers. Would it make sense to do the same for a KA deployment?06:58
oyrogerg(Or maybe since they are using system containers they do it for them as well, but that's a side issue for this question.)06:59
yoctozeptooyrogerg: I guess it would not hurt; nah, they speak openly it affects only the hosts06:59
*** brinzhang has quit IRC07:00
yoctozeptoI don't know whether it would cause hiccups with docker or not; if you try, please let us know07:00
oyrogergThanks, will do if we go that way.07:00
*** dmellado has quit IRC07:07
*** bengates has joined #openstack-kolla07:10
*** nikparasyr has joined #openstack-kolla07:15
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible master: Skip broken ansible-lint  https://review.opendev.org/74684707:20
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible master: Fix tz handling for newly introduced services  https://review.opendev.org/74679107:21
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible master: Standardize use and construction of endpoint URLs  https://review.opendev.org/65215707:22
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible master: Fix ownership and permissions of admin-openrc.sh  https://review.opendev.org/74507107:24
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible master: Use iSCSI multipath for libvirt  https://review.opendev.org/70091007:24
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible master: Add cinder auth config to nova-cell nova.conf.j2  https://review.opendev.org/74603907:25
*** hjensas has joined #openstack-kolla07:27
*** born2bake has joined #openstack-kolla07:33
*** e0ne has joined #openstack-kolla07:51
*** dmellado has joined #openstack-kolla07:53
*** muhaha has joined #openstack-kolla07:56
openstackgerritMerged openstack/kolla-ansible master: Skip broken ansible-lint  https://review.opendev.org/74684708:02
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible stable/ussuri: Skip broken ansible-lint  https://review.opendev.org/74685208:02
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible stable/ussuri: Mount /etc/timezone based on host OS  https://review.opendev.org/74601708:03
*** gfidente has joined #openstack-kolla08:05
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible master: Fix fernet bootstrap and key distribution - follow up  https://review.opendev.org/70708008:24
oklhost`zxcvbm,./ m,./uiop[]08:29
oklhostups, sorry08:29
*** brtknr has quit IRC08:36
*** brtknr has joined #openstack-kolla08:38
yoctozeptooklhost: thanks for the passw0rd08:42
*** brtknr has quit IRC08:42
yoctozepto:D08:42
oklhost:D08:43
*** brtknr has joined #openstack-kolla08:43
oklhostkeybord cleaning :P08:43
oklhostkeyboard*08:43
*** bengates has quit IRC08:43
*** bengates has joined #openstack-kolla08:44
*** bengates has quit IRC08:49
*** gfidente has quit IRC08:59
*** gfidente has joined #openstack-kolla08:59
*** eliaswimmer has joined #openstack-kolla09:03
*** ewimmer_ has quit IRC09:04
*** k_mouza has joined #openstack-kolla09:14
*** eliaswimmer has quit IRC09:28
*** muhaha has quit IRC09:36
*** bengates has joined #openstack-kolla09:36
openstackgerritZihao Wang proposed openstack/kolla-ansible master: Fix sysctl config not live until reboot  https://review.opendev.org/74687210:04
openstackgerritZihao Wang proposed openstack/kolla-ansible master: Fix sysctl config not live until reboot  https://review.opendev.org/74687210:06
openstackgerritMerged openstack/kolla-ansible master: Standardize use and construction of endpoint URLs  https://review.opendev.org/65215710:28
*** xinliang has quit IRC10:29
*** eliaswimmer has joined #openstack-kolla10:39
*** stingrayza has joined #openstack-kolla10:48
*** also_stingrayza has quit IRC10:49
*** bengates has quit IRC11:02
*** bengates has joined #openstack-kolla11:09
*** bengates_ has joined #openstack-kolla11:12
*** bengates has quit IRC11:12
*** eliaswimmer has quit IRC11:18
*** kevko has joined #openstack-kolla11:21
*** kevko_ has joined #openstack-kolla11:23
*** kevko has quit IRC11:23
*** kevko_ has quit IRC11:26
*** kevko has joined #openstack-kolla11:26
*** k_mouza has quit IRC11:30
openstackgerritPierre Riteau proposed openstack/kayobe master: Skip broken ansible-lint  https://review.opendev.org/74689611:31
*** eliaswimmer has joined #openstack-kolla11:36
*** wuchunyang has joined #openstack-kolla11:42
JamesBensonmorning all, is there an easy way to deploy the certificates but keep the cluster up?11:43
*** gfidente has quit IRC12:07
*** ewimmer_ has joined #openstack-kolla12:08
*** gfidente has joined #openstack-kolla12:09
*** ewimmer_ has quit IRC12:10
*** ewimmer_ has joined #openstack-kolla12:10
*** eliaswimmer has quit IRC12:11
*** wuchunyang has quit IRC12:15
openstackgerritPierre Riteau proposed openstack/kayobe stable/ussuri: Skip broken ansible-lint  https://review.opendev.org/74690612:28
r3ap3rJamesBenson: I've been wondering that as well. I intend on using Letsencrypt for my Stack but was also thinking I may be able to just "refresh" the certs during a normal "maintenance" window one of the four times a month I would be doing that? Won't know until I try I guess?12:28
openstackgerritPierre Riteau proposed openstack/kayobe stable/train: Skip broken ansible-lint  https://review.opendev.org/74690712:28
JamesBensonr3ap3r: I was a new deploy, so I just decided to destroy and re-deploy.  But please keep me posted ;-)12:29
r3ap3rJamesBenson: will add it to my list. ;-D12:30
*** k_mouza has joined #openstack-kolla12:34
*** muhaha has joined #openstack-kolla12:37
*** dave-mccowan has joined #openstack-kolla12:38
*** wuchunyang has joined #openstack-kolla12:39
*** weshay is now known as weshay|interview12:47
*** k_mouza has quit IRC12:59
openstackgerritMerged openstack/kolla-ansible stable/train: Mount /etc/timezone based on host OS  https://review.opendev.org/74601813:04
*** k_mouza has joined #openstack-kolla13:05
*** wuchunyang has quit IRC13:09
*** weshay|interview is now known as weshay13:10
r3ap3rJamesBenson: I guess the other question to ask would be if you were just wanting the Horizon Dashboard to be accessed via HTTPS or are you also wanting to encrypt the API's as well? If you are leaning toward the former, probably no need to restart anything but maybe the Horizon container. Anything dealing with the API's, you probably want to do a "reboot" of the entire stack for something at that level.13:14
*** weshay is now known as weshay|ruck13:21
*** priteau has joined #openstack-kolla13:31
*** wuchunyang has joined #openstack-kolla13:36
*** cah_link has quit IRC13:40
openstackgerritwu.chunyang proposed openstack/kolla-ansible master: remove obsolete configurations  https://review.opendev.org/74673213:40
*** TrevorV has joined #openstack-kolla13:46
*** bengates_ has quit IRC13:48
*** bengates has joined #openstack-kolla13:50
*** gfidente has quit IRC14:03
*** KeithMnemonic has joined #openstack-kolla14:09
*** gfidente has joined #openstack-kolla14:12
*** abdysn has quit IRC14:15
*** happyhemant has quit IRC14:22
openstackgerritMerged openstack/kolla-ansible master: CI: enable Ansible SSH pipelining  https://review.opendev.org/74601914:38
*** nikparasyr has left #openstack-kolla14:46
yoctozeptokolla meeting in 10 minutes : mgoddard mnasiadka hrw egonzalez yoctozepto rafaelweingartne cosmicsound osmanlicilegi bbezak14:50
priteaumgoddard and mnasiadka are both on holiday14:51
yoctozeptopriteau: yeah, sadly I know :-( the list is prerendered and we never modify it14:52
*** gfidente has quit IRC14:53
yoctozeptoI guess you, priteau, and dougsz and jovial[m] should be on that list14:53
yoctozeptoguessing the Szumskis are not around either :-)14:53
hrwmorning14:55
*** chensa has joined #openstack-kolla14:58
osmanlicilegimorning14:59
*** jovial[m] has joined #openstack-kolla14:59
chensadid anyone manage to install ceph osb on a compute node? i cant make it work because ceph-ansible wants docker.io to be present and kolla needs docker-ce14:59
yoctozeptochensa: you can configure ceph-ansible not to install it15:00
yoctozeptoanyhow, meeting time15:01
yoctozepto#startmeeting kolla15:01
openstackMeeting started Wed Aug 19 15:01:09 2020 UTC and is due to finish in 60 minutes.  The chair is yoctozepto. Information about MeetBot at http://wiki.debian.org/MeetBot.15:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:01
*** openstack changes topic to " (Meeting topic: kolla)"15:01
openstackThe meeting name has been set to 'kolla'15:01
yoctozepto#topic rollcall15:01
*** openstack changes topic to "rollcall (Meeting topic: kolla)"15:01
priteauo/15:01
yoctozepto\o/15:01
yoctozeptoroll in15:01
osmanlicilegio/15:01
headphoneJameso/15:01
JamesBensono/15:01
chensao/15:01
jovial[m]0/15:02
yoctozeptoguessing that's it :-)15:03
yoctozepto#topic agenda15:03
*** openstack changes topic to "agenda (Meeting topic: kolla)"15:03
yoctozepto* Roll-call15:03
yoctozepto* Announcements15:03
yoctozepto** Kolla Kall tomorrow (2020-08-20)15:03
yoctozepto* Review action items from the last meeting15:03
yoctozepto* CI status15:03
yoctozepto* Victoria release planning (kayobe)15:03
yoctozepto* Victoria release planning (kolla ansible)15:03
yoctozepto* Victoria release planning (kolla)15:03
yoctozepto#topic announcements15:03
*** openstack changes topic to "announcements (Meeting topic: kolla)"15:03
yoctozepto#info Kolla Kall tomorrow (2020-08-20)15:04
yoctozeptoany others?15:04
yoctozeptoguess not!15:05
yoctozepto#topic Review action items from the last meeting15:05
*** openstack changes topic to "Review action items from the last meeting (Meeting topic: kolla)"15:05
yoctozeptomgoddard to message openstack-discuss about focal & victoria upgrade15:05
openstackgerritPierre Riteau proposed openstack/kayobe stable/stein: Skip broken ansible-lint  https://review.opendev.org/74695215:05
hrwo\15:05
yoctozeptopretty sure he did not :-)15:05
yoctozepto#action mgoddard to message openstack-discuss about focal & victoria upgrade15:05
yoctozeptofeels like stuck in the queue!15:05
yoctozepto#topic CI status15:06
*** openstack changes topic to "CI status (Meeting topic: kolla)"15:06
priteauKayobe is RED15:06
yoctozeptolast time new ansible15:06
yoctozeptothis time new ansible-lint :-)15:06
priteaubecause of ansible-lint too15:06
yoctozeptopriteau: ack15:06
priteauI shamelessly stole your fix15:07
yoctozeptopriteau: all branches?15:07
yoctozeptopriteau: I may forgive you15:07
priteauI submitted all the way back to stein15:07
yoctozeptook15:07
priteauansible-lint is not in upper-constraints unfortunately15:07
yoctozeptopriteau: yeah :-(15:07
yoctozeptowe could pin it completely15:08
*** kberger_ has joined #openstack-kolla15:08
yoctozeptokolla-ansible master got fixed15:08
openstackgerritPierre Riteau proposed openstack/kayobe stable/rocky: Skip broken ansible-lint  https://review.opendev.org/74695515:08
yoctozeptoussuri blocked by a funny situation that we branched off ussuri during victoria cycle15:08
yoctozeptoand reqs-check for ussuri never checked its deps and now it got stuck due to yamllint not being ignored :-)15:09
yoctozeptohopefully it's only yamllint...15:09
yoctozeptoanyhow, all fixes checking/gating15:09
yoctozeptokolla master and ussuri green15:09
yoctozeptoolder red; I guess mnasiadka won't be fixing that too soon :-)15:09
*** skramaja has quit IRC15:10
*** KeithMnemonic has quit IRC15:10
yoctozeptohrw: care to massage train and older kolla branches to make them GREEN? (or any other volunteers for that matter)15:11
hrw-ENOTIME a bit15:11
yoctozeptohrw: ack, no problem15:11
yoctozepto#topic Victoria release planning (kayobe)15:12
*** openstack changes topic to "Victoria release planning (kayobe) (Meeting topic: kolla)"15:12
yoctozeptopriteau, jovial[m]: anything to discuss regarding kayobe?15:12
priteauNothing big going on at the moment.15:13
jovial[m]nothing from me I'm afraid15:13
yoctozeptosure, we are all waiting till the end of cycle :-)15:13
priteauI could highlight a few patches that I submitted recently:15:14
priteauhttps://review.opendev.org/#/c/746459/15:14
patchbotpatch 746459 - kayobe - Add support for custom Aodh configuration - 1 patch set15:14
priteauhttps://review.opendev.org/#/c/746465/15:14
patchbotpatch 746465 - kayobe - Support setting ethtool options on network interfaces - 2 patch sets15:14
jovial[m]exactly - it's the only way to work ;-)15:14
priteau(no need to W+1 them yet, we need to fix CI first)15:14
priteauBut having another +2 would be nice15:14
yoctozeptopriteau: enjoy my +1s, changes look sane from far perspective15:16
yoctozepto#topic Victoria release planning (kolla ansible)15:17
*** openstack changes topic to "Victoria release planning (kolla ansible) (Meeting topic: kolla)"15:17
priteaujovial[m]: I said no need to W+1 :P15:17
yoctozeptoanyone willing to discuss kolla-ansible?15:17
jovial[m]too busy looking at your patch to see that :D15:17
yoctozeptohaha15:17
hrwI was on holidays15:17
yoctozeptoguess not much about kolla-ansible without mgoddard and mnasiadka :-)15:19
yoctozepto#topic Victoria release planning (kolla)15:19
*** openstack changes topic to "Victoria release planning (kolla) (Meeting topic: kolla)"15:19
yoctozeptoand for kolla itself?15:19
hrwno one looks at infra so nothing from my side15:20
hrwand no one started tier stuff15:20
yoctozeptoyeah, lack of time, low priority, always something more urgent to deal with15:20
yoctozeptothe big little issues15:20
yoctozepto(and I don't mean endianess)15:21
hrwyoctozepto: do not mention big.little15:21
yoctozeptoxD15:21
yoctozeptoI felt late it might be hrw-triggering15:21
hrwgood side: disallowed in servers ;D15:22
yoctozeptohrw, in Polish: duże problemiki :-)15:22
yoctozeptosad that English does not use proper diminutives15:22
yoctozeptoanyhow, not much to discuss15:22
yoctozepto#topic Open discussion15:22
*** openstack changes topic to "Open discussion (Meeting topic: kolla)"15:22
headphoneJamesI started considering how to integrate let's encrypt into openstack.15:23
headphoneJamesIt doesn't seem trivial, and maybe warrants its own separate meeting15:23
chensai've got some bugs that happend to me with centos and rhel distributions if its relevant now15:24
yoctozeptoheadphoneJames: we could use tomorrow's Kall; but without mgoddard and mnasiadka I would have to proxy the thoughts to them :-)15:24
hrwI think that we need to train some new cores15:24
yoctozeptoheadphoneJames: yeah, it's not trivial15:24
yoctozeptoheadphoneJames: anyway, how do you imagine it?15:24
yoctozeptoI can tell you my expectation15:24
yoctozeptoat least manual refresh of certs via commands15:25
yoctozeptowhich could be run from some simple cron15:25
yoctozeptopremium version that refreshes by itself15:25
yoctozeptobut for that we need some reload machinery15:25
hrwonce you have a way to replace them automation will be easy15:25
yoctozeptowe seem to be approaching this topic from another angle as well (the reload thingy)15:25
wuchunyanghi , the octavia bp really really need to review15:26
yoctozeptochensa: it's relevant, please speak up; our launchpad also always welcomes bug reports :-)15:26
hrwheadphoneJames: do you have a way to replace certificates with new files?15:26
hrwheadphoneJames: 1. do a way to replace certificates 2. create a way to refresh LE certs 3. automate LE refresh 4. use 1st step after 3rd one15:27
headphoneJamesNot yet to all15:27
chensain centOS 8 I had a bug that kolla-toolbox did not install and it affected mariaDB by not configuring the db users15:27
hrwheadphoneJames: if Henry comes from MoneyCorp and they have own SSL certs then he would use 1st to refresh certs with his own ones15:27
chensacouldn't find any fix15:27
hrwheadphoneJames: at same time Bob will use LE15:28
yoctozeptochensa: odd, this is the most basic and the most well tested part of kolla-ansible :-)15:28
headphoneJamesMy impression is that the ansible host will need to redistribute certificates and inform containers to pick up fanook certificates15:28
yoctozeptochensa: was it ussuri release with ussuri kolla-ansible run from centos 8 against centos 8?15:28
yoctozeptochensa: did you report that to launchpad? it's best documented well15:28
hrwheadphoneJames: so small steps15:29
*** brinzhang0 has joined #openstack-kolla15:29
*** gfidente has joined #openstack-kolla15:29
yoctozeptoheadphoneJames: the brutal way is to keep doing restarts but that's normally not so feasible15:29
yoctozeptowe need reloads also for regular refreshes15:29
chensaI don't know the protocols i'm very new to kolla (2 weeks) so i didn't report anything15:29
yoctozeptochensa: ok, no problem; the gates to bug reporting machine are here: https://bugs.launchpad.net/kolla-ansible15:30
headphoneJamesIn the scenario that ansible distribute certificates, also indicates that that certbot would run on the ansible host15:31
yoctozeptohrw, priteau, jovial[m]: would you be joining tomorrow's Kall? we could use it to review kolla/kolla-ansible bugs - the more, the merrier (as you might recognise the symptoms)15:31
yoctozeptowuchunyang: still in my queue15:31
*** brinzhang_ has quit IRC15:32
wuchunyangyoctozepto thanks15:32
yoctozeptowuchunyang: I am not knowledgeable about octavia so it gets postponed pretty much every time, hence the delay, I am really sorry about that15:32
priteauyoctozepto: if not too busy I'll join15:32
hrwyoctozepto: ok15:32
chensayoctozepto second bug was when I tried deploying openstack on rhel 8.2 ansible reports ansible_distribution variable as RedHat and not RHEL which breaks deployment15:32
chensaits only FYI i'll report them to launchpad15:33
yoctozeptoif there is anyone around familiar with octavia, then please take a look at wuchunyang's set of patches: https://review.opendev.org/#/q/project:openstack/kolla-ansible+topic:bp/implement-automatic-deploy-of-octavia15:33
wuchunyang i have updated octavia docs,  https://review.opendev.org/#/c/746409/ , you can refer to this docs15:33
patchbotpatch 746409 - kolla-ansible - update octavia doc - 3 patch sets15:33
yoctozeptochensa: that could be a real issue - we don't test against rhel because it's not freely available15:34
johnsomI can also raise this at the Octavia meeting later this morning so Octavia folks can also help review.15:34
yoctozeptojohnsom: thanks, that would be awesome!15:35
yoctozeptowuchunyang: ^^15:35
wuchunyangjohnsom thanks15:36
yoctozeptothe goal is to make kolla-ansible really deploy ready-to-use octavia rather than just throwing basic config and containers around :-)15:36
johnsomOn the agenda. Thank you for the work!15:36
yoctozeptoyes, thanks wuchunyang for making this happen15:36
hrwchensa: and we check for RHEL?15:36
hrwchensa: then send a patch15:36
yoctozeptohrw: we do have some RHEL conditionals15:37
JamesBensonside note:  before meeting I asked exactly about the certs, so def. +1 on getting this integrated15:37
yoctozeptohrw: there were some users running centos7 containers on rhel715:37
chensahrw sorry I am very new, what does it mean to send a patch?15:37
hrwchensa: git clone, do a change, test it, git commit changed-file;git review15:38
yoctozeptochensa: please get acquainted with https://docs.openstack.org/kolla-ansible/latest/contributor/index.html15:38
hrwo! better15:38
yoctozeptoit explains some of the things we already said and draws the whole picture linking to other relevant docs15:39
JamesBensonI've found a bug also with enable_cinder: "yes" & enable_cinder_backend_*: "no"15:39
yoctozeptoif anything is unclear, then please reach out to us15:39
JamesBensonthe prechecks will fail stating it needs a backend15:39
JamesBensonthis is on centos distro15:39
hrwchensa: you mean RHEL in ansible/roles/prechecks/vars/main.yml file?15:39
yoctozeptoJamesBenson: ah, yeah; it prevents doing a out-of-kolla backend config as a sole one15:40
*** bengates has quit IRC15:40
JamesBensonyeah15:40
yoctozeptoJamesBenson: it might have been reported; please report to launchpad if not15:40
yoctozeptoJamesBenson: or ping in the current one15:40
JamesBensonI'll double check, I didn't see it earlier when I check15:40
openstackgerritMichal Arbet proposed openstack/kolla-ansible master: Fix kolla-ansible not reflect environment changed  https://review.opendev.org/74696515:40
openstackgerritPierre Riteau proposed openstack/kolla-ansible master: Add workaround for keystonemiddleware/neutron memcached issue  https://review.opendev.org/74696615:41
headphoneJamesregarding certs / letsencrypt - perhaps first step is simply just developing a certificate distribution command that is separate from deploy. Deal with lets encrypt second15:41
yoctozeptoJamesBenson: it might have been told me on irc, I have weird memory15:41
hrwheadphoneJames: yes.15:41
hrwheadphoneJames: look at Henry usecase I gave before15:41
yoctozeptohrw: that totally makes sense15:41
JamesBensonheadphoneJames: totally agree15:41
chensa@hrw yes, but I think they changed it only for the latest versions of RHEL.. might need to accept both15:41
yoctozeptototally totally15:41
hrwchensa: sure15:42
hrwchensa: at sme time it is trivial enough change for new contributor to learn how stuff works15:42
JamesBensonregarding certs:  will there have to be a usecase for when the certs are pulled into the images as well?  "kolla_copy_ca_into_containers"15:42
yoctozeptochensa, hrw: I guess it could be ansible that changed things; or it was just broken and rhel users just brute-patched it for themselves15:43
yoctozepto:-)15:43
JamesBensonyoctozepto: I think I might have mentioned it earlier too, I've been a bit scattered as of late, juggling a ton atm.15:43
hrwJamesBenson: I think it depends on how many certs you plan to have.15:43
yoctozeptoJamesBenson: welcome in the club15:43
hrwsome systems will want 1 cert for horizon frontend and other for infra. some may want cert per service?15:44
hrwsome will just use one for everything including frontend15:44
hrwjust to have TLS on connections15:44
JamesBensonhrw: Plan for everything, that's my saying...15:44
hrwplan for simple. implement. plan bigger. implement15:45
hrwHow to eat an elephant?15:45
yoctozeptoplan for planning... oh wait15:45
hrwPiece by piece.15:45
headphoneJamesWould there have to be a mapping file to indicate where certs should be distributed? Could it be done by directory? Is it just a new config property per service?15:45
yoctozeptoheadphoneJames: would the current deploy approach be bad? just focused on getting certs though15:46
*** patchbot has quit IRC15:47
JamesBensonCould the certs just be in a directory like on the deploy node /kolla/certificates and have the containers pull them in on start?15:47
JamesBensonthen it could just be a simple restart the container?15:47
*** patchbot has joined #openstack-kolla15:47
yoctozepto(and reload in the future)15:47
openstackgerritDoug Szumski proposed openstack/kolla-ansible master: Add workaround for keystonemiddleware/neutron memcached issue  https://review.opendev.org/74696615:47
headphoneJamesJust pull all certs over to each service?15:47
hrw"docker run -v/etc/kolla/certs:/etc/kolla/certs nova-compute"15:48
hrwheadphoneJames: what is already implemented?15:48
JamesBensonyeah, distribute certs to folder on nodes, then issue the command above from hrw15:48
*** dougsz has joined #openstack-kolla15:49
headphoneJamescurrently, we search for a cert and copy it modifying the name15:49
JamesBensonmaybe 2 certs folders, one for previous to roll back if issues, and another for current15:49
headphoneJameshttps://www.irccloud.com/pastebin/kdUOL362/15:49
JamesBensonAlso with my deploy yesterday/today I noticed that if certs are there, they wont overwrite.15:50
headphoneJamesansible/roles/service-cert-copy/tasks/main.yml15:50
JamesBensonAnd that certs are deleted upon destroy.15:50
yoctozeptoI guess the discussion stalled with that sad news :-)15:55
openstackgerritPierre Riteau proposed openstack/kolla-ansible master: Add workaround for keystonemiddleware/neutron memcached issue  https://review.opendev.org/74696615:55
yoctozeptothank you all for participating; and remember about the Kolla Kall tomorrow: same time, different place: https://wiki.openstack.org/wiki/Meetings/Kolla/Kall15:56
yoctozepto#endmeeting15:56
*** openstack changes topic to "Vote on Victoria priorities https://bit.ly/2ActPtx | IRC meetings on Wednesdays @ 15:00 UTC - agenda @ https://goo.gl/OXB0DL | Whiteboard: https://bit.ly/2MM7mWF | IRC channel is *LOGGED* @ http://goo.gl/3mzZ7b"15:56
openstackMeeting ended Wed Aug 19 15:56:11 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:56
openstackMinutes:        http://eavesdrop.openstack.org/meetings/kolla/2020/kolla.2020-08-19-15.01.html15:56
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/kolla/2020/kolla.2020-08-19-15.01.txt15:56
openstackLog:            http://eavesdrop.openstack.org/meetings/kolla/2020/kolla.2020-08-19-15.01.log.html15:56
headphoneJamesyoctozepto: thanks15:56
openstackgerritPierre Riteau proposed openstack/kolla-ansible master: Add workaround for keystonemiddleware/neutron memcached issue  https://review.opendev.org/74696615:56
hrwtensorflow works ;d15:57
openstackgerritzhoulinhui proposed openstack/kayobe master: Remove XenAPI integration  https://review.opendev.org/74697116:00
*** muhaha has quit IRC16:09
*** keper7 has joined #openstack-kolla16:09
openstackgerritwu.chunyang proposed openstack/kolla-ansible master: remove obsolete configurations  https://review.opendev.org/74673216:12
*** gfidente is now known as gfidente|afk16:18
*** zijlboot has quit IRC16:20
*** wuchunyang has quit IRC16:22
*** gfidente|afk has quit IRC16:23
*** gfidente has joined #openstack-kolla16:25
*** _Cyclone_ has joined #openstack-kolla16:34
*** dougsz has quit IRC16:36
openstackgerritMerged openstack/kolla-ansible master: Fix ownership and permissions of admin-openrc.sh  https://review.opendev.org/74507116:46
*** gfidente has quit IRC16:48
*** chensa has quit IRC17:02
*** k_mouza has quit IRC17:05
*** gfidente has joined #openstack-kolla17:13
*** k_mouza has joined #openstack-kolla17:15
*** k_mouza has quit IRC17:20
*** e0ne has quit IRC17:44
yankcrimeanyone hit any problems with the upgrade to libvirt that's package as part of ussuri images?17:47
*** brinzhang_ has joined #openstack-kolla17:47
yankcrime"Failed to start libvirt guest: libvirt.libvirtError: Requested operation is not valid: format of backing image '/var/lib/nova/instances/_base/c3395c4245b7573c83342d68a0d0ea675b7a1722' of image '/var/lib/nova/instances/947df0d3-5aab-456d-a200-63b055934a43/disk' was not specified in the image metadata"17:48
yankcrimehttps://bugs.launchpad.net/nova/+bug/1864020 looks like a fix for new images, if i'm reading it correctly17:49
openstackLaunchpad bug 1864020 in OpenStack Compute (nova) "libvirt.libvirtError: Requested operation is not valid: format of backing image %s of image %s was not specified in the image metadata (See https://libvirt.org/kbase/backing_chains.html for troubleshooting)" [Undecided,Fix committed] - Assigned to Lee Yarwood (lyarwood)17:49
*** brinzhang0 has quit IRC17:51
*** k_mouza has joined #openstack-kolla17:54
*** k_mouza has quit IRC17:59
*** k_mouza has joined #openstack-kolla18:08
*** ladrua has joined #openstack-kolla18:11
*** k_mouza has quit IRC18:14
*** gfidente has quit IRC18:21
*** k_mouza has joined #openstack-kolla18:23
*** k_mouza has quit IRC18:26
openstackgerritMichal Arbet proposed openstack/kolla-ansible master: Fix kolla-ansible not reflect environment changed  https://review.opendev.org/74696518:31
yankcrimeyeah looks like this is a problem for anyone that's updated to ussuri and is using an image with libvirt 6.018:36
yankcrimeif you have an instance that was created a pre-train and it's been stopped and then started again for the first time under ussuri, users aren't going to be able to boot their instance18:36
*** k_mouza has joined #openstack-kolla18:40
*** k_mouza has quit IRC18:40
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible stable/ussuri: Fix ownership and permissions of admin-openrc.sh  https://review.opendev.org/74701618:43
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible stable/ussuri: Fix ownership and permissions of admin-openrc.sh  https://review.opendev.org/74701618:43
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible stable/ussuri: CI: enable Ansible SSH pipelining  https://review.opendev.org/74701718:43
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible stable/ussuri: CI: enable Ansible SSH pipelining  https://review.opendev.org/74701718:43
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible stable/train: CI: enable Ansible SSH pipelining  https://review.opendev.org/74702118:43
openstackgerritPedro Henrique Pereira Martins proposed openstack/kolla-ansible master: Add support to OpenID Connect Authentication flow  https://review.opendev.org/69543218:44
*** vishalmanchanda has quit IRC18:49
*** kevko has quit IRC18:50
*** priteau has quit IRC19:44
openstackgerritJames Kirsch proposed openstack/kolla master: Enable mod_wsgi in Ironic API and Inspector container  https://review.opendev.org/74277620:03
*** wathoom has joined #openstack-kolla20:50
*** klippo has quit IRC20:54
*** dmsimard7 has joined #openstack-kolla21:14
*** dmsimard has quit IRC21:15
*** dmsimard7 is now known as dmsimard21:15
*** hjensas has quit IRC21:18
*** rphillips_ has quit IRC22:24
*** rphillips has joined #openstack-kolla22:27
*** TrevorV has quit IRC22:31
*** born2bake has quit IRC22:49
openstackgerritJames Kirsch proposed openstack/kolla master: Enable mod_wsgi in Ironic API and Inspector container  https://review.opendev.org/74277623:11
JamesBensonI'm consistently getting this error "ERROR! The requested handler 'Restart swift-api container' was not found in either the main handlers list nor in the listening handlers list" under "service-cert-copy : swift | Copying over extra CA certificates"23:18
*** suryasingh has quit IRC23:37
« Tuesday, 2020-08-18 Index Thursday, 2020-08-20 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!