Monday, 2021-04-26

*** k_mouza_ has quit IRC		00:10
*** LinPeiWen45 has joined #openstack-kolla		00:55
*** mchlumsky has joined #openstack-kolla		01:19
*** k_mouza has joined #openstack-kolla		02:10
*** k_mouza has quit IRC		02:15
*** zzzeek has quit IRC		02:48
*** zzzeek has joined #openstack-kolla		02:50
*** e0ne has joined #openstack-kolla		02:57
*** e0ne has quit IRC		02:57
*** LinPeiWen45 has quit IRC		03:01
*** LinPeiWen74 has joined #openstack-kolla		03:17
*** LinPeiWen74 has quit IRC		03:31
*** LinPeiWen90 has joined #openstack-kolla		04:51
*** vishalmanchanda has joined #openstack-kolla		04:52
*** LinPeiWen90 has quit IRC		05:00
*** cah_link has joined #openstack-kolla		05:22
*** LinPeiWen92 has joined #openstack-kolla		05:26
*** LinPeiWen92 has quit IRC		05:31
*** strigazi has quit IRC		05:37
*** strigazi has joined #openstack-kolla		05:39
*** LinPeiWen has quit IRC		05:48
*** LinPeiWen has joined #openstack-kolla		05:49
yoctozepto	mgoddard: yw	05:59
yoctozepto	morning	05:59
*** k_mouza has joined #openstack-kolla		05:59
*** k_mouza has quit IRC		06:04
*** luksky has joined #openstack-kolla		06:09
*** LinPeiWen92 has joined #openstack-kolla		06:17
*** luksky has quit IRC		06:17
*** luksky has joined #openstack-kolla		06:18
*** k_mouza has joined #openstack-kolla		06:23
*** k_mouza has quit IRC		06:27
mnasiadka	morning	06:32
openstackgerrit	Michal Nasiadka proposed openstack/kayobe master: Use OpenStack Wallaby release https://review.opendev.org/c/openstack/kayobe/+/787923	07:04
*** andrewbonney has joined #openstack-kolla		07:07
openstackgerrit	Michal Nasiadka proposed openstack/kayobe-config master: Sync kayobe-config with kayobe changes https://review.opendev.org/c/openstack/kayobe-config/+/787924	07:07
*** rpittau\|afk is now known as rpittau		07:12
mnasiadka	mgoddard, yoctozepto: CI cephadm ubuntu job started failing, due to backlevel Ceph client version - https://review.opendev.org/c/openstack/kolla-ansible/+/787753	07:16
yoctozepto	mnasiadka: uh-oh, can we get newer clients in ubuntu perhaps?	07:18
mnasiadka	yoctozepto: well, we install them from distro packages, as on all other distros	07:18
yoctozepto	ok, makes sense	07:18
yoctozepto	UCA probably does not bump it then :D	07:19
mnasiadka	https://packages.ubuntu.com/focal-updates/python3-rbd	07:19
mnasiadka	and 15.2.11 fixes a security flaw	07:19
mnasiadka	probably it will show up sooner or later in Ubuntu repos, but...	07:19
yoctozepto	oh well	07:20
*** k_mouza has joined #openstack-kolla		07:24
openstackgerrit	Merged openstack/kayobe master: Add release note for multiple environments https://review.opendev.org/c/openstack/kayobe/+/786023	07:24
yoctozepto	"When this option is set to false, then an unpatched client will not be able to reconnect to the cluster after an intermittent network disruption breaking its connect to a monitor"	07:26
yoctozepto	hmm	07:26
yoctozepto	I truly wonder how it applied to our CI	07:26
*** bengates has joined #openstack-kolla		07:26
yoctozepto	ah	07:26
yoctozepto	auth_expose_insecure_global_id_reclaim	07:26
yoctozepto	so monitors are ugly here	07:27
*** shyamb has joined #openstack-kolla		07:27
*** shyam89 has joined #openstack-kolla		07:28
*** k_mouza has quit IRC		07:29
yoctozepto	mgoddard: when you have a sec to make our gerrit bot more talkative https://review.opendev.org/c/openstack/project-config/+/787887	07:33
openstackgerrit	Merged openstack/kolla-ansible master: Add global tag variables for Panko and Skydive https://review.opendev.org/c/openstack/kolla-ansible/+/782525	07:43
openstackgerrit	Merged openstack/kolla-ansible master: docs: Improve policy documentation https://review.opendev.org/c/openstack/kolla-ansible/+/783809	07:44
openstackgerrit	Merged openstack/kayobe master: zuul: add more irrelevant files https://review.opendev.org/c/openstack/kayobe/+/783819	07:44
*** openstack has joined #openstack-kolla		07:53
*** ChanServ sets mode: +o openstack		07:53
*** brinzhang_ has quit IRC		07:55
*** dougsz has joined #openstack-kolla		08:02
*** jbadiapa has joined #openstack-kolla		08:02
*** shyam89 has quit IRC		08:05
*** shyamb has quit IRC		08:05
mnasiadka	yoctozepto: btw, Debian seems to be special - https://packages.debian.org/search?keywords=python3-rbd	08:08
mnasiadka	still on Nautilus	08:08
yoctozepto	oh, duck my cluster	08:08
yoctozepto	well, nautilus performs well	08:08
*** parallax has joined #openstack-kolla		08:08
*** k_mouza has joined #openstack-kolla		08:09
mnasiadka	well, 14.2.20 has the security fix, but it's only in Sid	08:09
mnasiadka	https://docs.ceph.com/en/latest/security/CVE-2021-20288/	08:09
yoctozepto	perhaps not enough ceph love there	08:09
yoctozepto	we don't even test ceph on debian	08:10
openstackgerrit	Pierre Riteau proposed openstack/kayobe master: Use released version of mrlesmithjr.mdadm https://review.opendev.org/c/openstack/kayobe/+/787934	08:10
*** e0ne has joined #openstack-kolla		08:10
*** openstackgerrit has quit IRC		08:11
*** hrw has joined #openstack-kolla		08:21
*** hrw has joined #openstack-kolla		08:22
*** openstackgerrit has joined #openstack-kolla		08:23
openstackgerrit	Pierre Riteau proposed openstack/kayobe stable/stein: Use released version of mrlesmithjr.mdadm https://review.opendev.org/c/openstack/kayobe/+/787936	08:23
hrw	morning	08:23
*** lxkong has quit IRC		08:24
*** emccormick has quit IRC		08:25
openstackgerrit	Pierre Riteau proposed openstack/kayobe stable/train: Use released version of mrlesmithjr.mdadm https://review.opendev.org/c/openstack/kayobe/+/787937	08:25
*** PrinzElvis has quit IRC		08:25
openstackgerrit	Pierre Riteau proposed openstack/kayobe stable/ussuri: Use released version of mrlesmithjr.mdadm https://review.opendev.org/c/openstack/kayobe/+/787938	08:25
openstackgerrit	Pierre Riteau proposed openstack/kayobe stable/victoria: Use released version of mrlesmithjr.mdadm https://review.opendev.org/c/openstack/kayobe/+/787939	08:26
*** gfidente\|afk is now known as gfidente		08:26
*** emccormick has joined #openstack-kolla		08:29
*** PrinzElvis has joined #openstack-kolla		08:30
priteau	Another week, another CI breakage /o\	08:30
*** lxkong has joined #openstack-kolla		08:30
*** k_mouza has quit IRC		08:31
mnasiadka	priteau: somehow we need to reach 80% firefighting :)	08:35
hrw	tia	08:41
openstackgerrit	Michal Nasiadka proposed openstack/kayobe master: Use OpenStack Wallaby release https://review.opendev.org/c/openstack/kayobe/+/787923	08:45
yoctozepto	I'm not saying anything	08:45
mgoddard	FIRE! FIRE! FIRE!	08:45
yoctozepto	here he comes	08:46
mgoddard	EVERYONE CALM DOWN!	08:46
mgoddard	THERE'S A SMALL FIRE WE NEED TO PUT OUT	08:46
mnasiadka	it's not small, it's on all branches! ;)	08:46
yoctozepto	is it only me or is mgoddard acting like I should?	08:46
mgoddard	PANIC! PANIC! PANIC!	08:46
* mgoddard segfaults		08:47
mnasiadka	yoctozepto: mgoddard is in yoctozepto emulation mode	08:47
mnasiadka	are all the CI Issues on the whiteboard valid, or are we just putting stuff in there and never removing?	08:47
yoctozepto	so I'm now getting implemented, huh?	08:48
yoctozepto	nice	08:48
yoctozepto	mnasiadka: the cephadm one is likely fixed	08:48
mnasiadka	yoctozepto: it fixed itself	08:48
yoctozepto	others true	08:48
mnasiadka	:D	08:48
*** shyamb has joined #openstack-kolla		08:48
*** shyam89 has joined #openstack-kolla		08:48
yoctozepto	:D	08:49
yoctozepto	now, that's what we call self-healing	08:49
mgoddard	well we normally go through them in the IRC meeting, hopefully cleaning things up	08:50
hrw	https://review.opendev.org/q/topic:%22prepare-for-kolla-wallaby-release%22+(status:open%20OR%20status:merged) - any review plans?	08:55
hrw	as it looks like only patches are there now ;D	08:55
*** shyam89 has quit IRC		09:03
*** shyamb has quit IRC		09:03
*** shyam89 has joined #openstack-kolla		09:03
*** shyamb has joined #openstack-kolla		09:03
*** k_mouza has joined #openstack-kolla		09:04
hrw	yoctozepto: as you dropped neutron plugins from source images, then maybe it is time to drop them from binary too? that way one relnote	09:06
yoctozepto	hrw: relnote talks about source only	09:08
yoctozepto	and also about mlnx and ansible	09:08
yoctozepto	ansible never in binary	09:08
yoctozepto	mlnx still in binary	09:08
*** k_mouza has quit IRC		09:08
hrw	I meant 'drop from binary and then one note will cover both'	09:10
openstackgerrit	Mark Goddard proposed openstack/kolla-ansible stable/wallaby: docs: Improve policy documentation https://review.opendev.org/c/openstack/kolla-ansible/+/787849	09:11
openstackgerrit	Mark Goddard proposed openstack/kolla-ansible stable/victoria: docs: Improve policy documentation https://review.opendev.org/c/openstack/kolla-ansible/+/787850	09:12
openstackgerrit	Mark Goddard proposed openstack/kolla-ansible stable/ussuri: docs: Improve policy documentation https://review.opendev.org/c/openstack/kolla-ansible/+/787851	09:13
openstackgerrit	Mark Goddard proposed openstack/kolla-ansible stable/train: docs: Improve policy documentation https://review.opendev.org/c/openstack/kolla-ansible/+/787852	09:13
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla master: docs: deprecate ppc64le in Wallaby https://review.opendev.org/c/openstack/kolla/+/787947	09:15
mnasiadka	yoctozepto: do we want mlnx to be still in binary? :D	09:17
mnasiadka	yoctozepto: and by the way, mlnx has no branch, but has a Wallaby tag :D	09:17
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla master: docs: deprecate ppc64le in Wallaby https://review.opendev.org/c/openstack/kolla/+/787947	09:17
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla master: Drop ppc64le support https://review.opendev.org/c/openstack/kolla/+/787265	09:17
yoctozepto	mnasiadka: yeah, it's a mess	09:17
hrw	this way drop depends on deprecate	09:17
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla master: drop leftovers of RHEL support https://review.opendev.org/c/openstack/kolla/+/785569	09:19
hrw	yoctozepto: replied to your commend in APT keys change	09:27
openstackgerrit	Michal Nasiadka proposed openstack/kayobe-config master: Sync kayobe-config with kayobe changes https://review.opendev.org/c/openstack/kayobe-config/+/787924	09:30
yoctozepto	mgoddard: replied on project-config	09:33
openstackgerrit	Michal Nasiadka proposed openstack/kayobe-config master: Sync kayobe-config with kayobe changes https://review.opendev.org/c/openstack/kayobe-config/+/787924	09:37
*** shyam89 has quit IRC		09:39
*** shyamb has quit IRC		09:39
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla master: drop leftovers of RHEL support https://review.opendev.org/c/openstack/kolla/+/785569	09:44
yoctozepto	mgoddard: replied again, there was a misunderstanding	09:44
hrw	yoctozepto: thx for comments	09:44
yoctozepto	hrw: yw	09:44
yoctozepto	hrw: you forgot about metatype in docs still	09:45
hrw	ah	09:46
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla master: drop leftovers of RHEL support https://review.opendev.org/c/openstack/kolla/+/785569	09:47
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla master: drop leftovers of RHEL support https://review.opendev.org/c/openstack/kolla/+/785569	10:20
hrw	tox fixed	10:22
*** k_mouza has joined #openstack-kolla		10:23
*** k_mouza has quit IRC		10:27
*** shyam89 has joined #openstack-kolla		10:27
*** shyamb has joined #openstack-kolla		10:27
*** shyamb has quit IRC		10:29
*** shyamb has joined #openstack-kolla		10:30
*** shyamb has quit IRC		10:31
*** shyamb has joined #openstack-kolla		10:31
*** k_mouza has joined #openstack-kolla		10:32
*** shyam89 has quit IRC		10:32
*** shyam89 has joined #openstack-kolla		10:33
*** k_mouza has quit IRC		10:36
openstackgerrit	Merged openstack/kolla-ansible master: Avoid an Ansible quirk in hacluster role https://review.opendev.org/c/openstack/kolla-ansible/+/787858	10:37
openstackgerrit	Merged openstack/kolla-ansible stable/victoria: docs: Improve policy documentation https://review.opendev.org/c/openstack/kolla-ansible/+/787850	10:37
openstackgerrit	Merged openstack/kolla-ansible stable/ussuri: docs: Improve policy documentation https://review.opendev.org/c/openstack/kolla-ansible/+/787851	10:37
openstackgerrit	Merged openstack/kolla-ansible stable/train: docs: Improve policy documentation https://review.opendev.org/c/openstack/kolla-ansible/+/787852	10:37
openstackgerrit	Merged openstack/kolla-ansible stable/wallaby: docs: Improve policy documentation https://review.opendev.org/c/openstack/kolla-ansible/+/787849	10:37
openstackgerrit	Merged openstack/kolla master: docs: deprecate ppc64le in Wallaby https://review.opendev.org/c/openstack/kolla/+/787947	10:37
*** Luzi has joined #openstack-kolla		10:40
*** ivan_lin has joined #openstack-kolla		11:00
*** k_mouza has joined #openstack-kolla		11:00
*** LinPeiWen has quit IRC		11:02
openstackgerrit	Pierre Riteau proposed openstack/kayobe stable/stein: Use released version of mrlesmithjr.mdadm https://review.opendev.org/c/openstack/kayobe/+/787936	11:02
*** strigazi has quit IRC		11:05
hrw	guys: can we finally merge bullseye patch?	11:10
hrw	or should I send patch to disable trove for buster?	11:10
hrw	as I would like to see debian-binary green on CI and would like to know which way to fix it	11:11
hrw	anyway we need trove disable for victoria	11:14
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla master: Disable trove for Debian/binary https://review.opendev.org/c/openstack/kolla/+/787958	11:17
openstackgerrit	Mark Goddard proposed openstack/kayobe master: Ubuntu: define implied VLAN parent interfaces in networkd https://review.opendev.org/c/openstack/kayobe/+/787960	11:34
*** shyamb has quit IRC		11:36
*** shyam89 has quit IRC		11:36
*** shyam89 has joined #openstack-kolla		11:36
*** shyamb has joined #openstack-kolla		11:36
openstackgerrit	Mark Goddard proposed openstack/kayobe master: Ubuntu: define implied VLAN parent interfaces in networkd https://review.opendev.org/c/openstack/kayobe/+/787960	11:41
openstackgerrit	Mark Goddard proposed openstack/kolla stable/wallaby: docs: deprecate ppc64le in Wallaby https://review.opendev.org/c/openstack/kolla/+/787855	11:45
hrw	+2	11:46
*** jamesbenson has joined #openstack-kolla		11:50
*** jamesbenson has quit IRC		11:58
*** jamesbenson1 has joined #openstack-kolla		11:58
*** shyam89 has quit IRC		12:02
*** shyamb has quit IRC		12:02
*** k_mouza has quit IRC		12:04
*** shyamb has joined #openstack-kolla		12:09
*** shyam89 has joined #openstack-kolla		12:09
*** jamesbenson1 has quit IRC		12:19
*** k_mouza has joined #openstack-kolla		12:27
*** shyam89 has quit IRC		12:28
*** shyamb has quit IRC		12:28
yoctozepto	mgoddard: https://review.opendev.org/c/openstack/project-config/+/787887	12:29
*** shyamb has joined #openstack-kolla		12:29
*** shyam89 has joined #openstack-kolla		12:29
*** k_mouza has quit IRC		12:32
ozzzo	is there a searchable archive of this channel?	12:35
ozzzo	or I guess I should ask; how can I search the archive?	12:36
yoctozepto	mgoddard: https://review.opendev.org/c/openstack/bifrost/+/787605 - y no approve?	12:37
yoctozepto	ozzzo: there is not afaik	12:37
mgoddard	yoctozepto: the job failed	12:37
priteau	ozzzo: try using "site:eavesdrop.openstack.org kolla <your-query>", though I can't guarantee you will find what you are looking for	12:38
priteau	You can also download all of http://eavesdrop.openstack.org/irclogs/%23openstack-kolla/ using recursive wget and search into that	12:38
yoctozepto	mgoddard: good catch	12:38
ozzzo	ok I'll try that, ty	12:39
*** shyam89 has quit IRC		12:42
*** shyamb has quit IRC		12:42
*** shyamb has joined #openstack-kolla		12:43
*** shyam89 has joined #openstack-kolla		12:43
*** shyam89 has quit IRC		12:44
*** shyamb has quit IRC		12:44
*** wuchunyang has joined #openstack-kolla		12:59
openstackgerrit	Radosław Piliszek proposed openstack/kolla-ansible stable/wallaby: Avoid an Ansible quirk in hacluster role https://review.opendev.org/c/openstack/kolla-ansible/+/787976	13:00
*** k_mouza has joined #openstack-kolla		13:01
openstackgerrit	Merged openstack/kolla stable/wallaby: docs: deprecate ppc64le in Wallaby https://review.opendev.org/c/openstack/kolla/+/787855	13:04
hrw	https://review.opendev.org/c/openstack/kolla/+/787958 waits for brave cores	13:12
mnasiadka	hrw: support matrix? ;)	13:17
hrw	good point	13:23
mnasiadka	actually it's already N :D	13:24
hrw	mnasiadka: yep	13:25
hrw	trove--	13:27
openstackgerrit	wu.chunyang proposed openstack/kolla-ansible master: Fix incorrect config of linuxbridge multiple external networks https://review.opendev.org/c/openstack/kolla-ansible/+/787996	13:31
*** Anthraxs has joined #openstack-kolla		13:32
Anthraxs	Hello all,	13:35
Anthraxs	Can anyone help me debug the following problem?	13:35
Anthraxs	I have an all in one installation and I'm have deployed Octavia using the dev. env. guidelines (https://docs.openstack.org/kolla-ansible/latest/reference/networking/octavia.html#development-or-testing). When creating a new load balancer it's getting stuck in pending create and from what I can see, the octavia-worked cannot connect to the amphora:	13:35
Anthraxs	2021-04-26 13:34:12.374 18 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.: requests.exceptions.ConnectionError: HTTPSConnectionPool(host='10.0.0.40', port=9443): Max retries exceeded with url: // (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9e29ac7400>:	13:35
Anthraxs	Failed to establish a new connection: [Errno 113] No route to host'))	13:35
*** Luzi has quit IRC		13:38
openstackgerrit	wu.chunyang proposed openstack/kolla-ansible master: [doc] fix a typo https://review.opendev.org/c/openstack/kolla-ansible/+/787998	13:40
*** vishalmanchanda has quit IRC		13:41
*** Anthraxs has quit IRC		13:46
yoctozepto	mgoddard: https://review.opendev.org/c/openstack/bifrost/+/787605 green	14:02
*** jamesbenson has joined #openstack-kolla		14:04
*** vishalmanchanda has joined #openstack-kolla		14:21
*** openstackgerrit has quit IRC		14:23
wuchunyang	Anthraxs Is it out of time ?	14:24
wuchunyang	and if your distro is centos8, you may need to set flavor vcpu greater than 1 core. there is a know issue about this.	14:28
*** jamesbenson has quit IRC		14:37
*** antonym has quit IRC		14:37
*** antonym has joined #openstack-kolla		14:39
yoctozepto	I wonder if we started any work on retrying pulls? mnasiadka?	14:45
yoctozepto	it seems they can sometimes fail, possibly due to mirror being overloaded	14:45
yoctozepto	https://044ee3b17e71d562c28d-27ba51e152f37c2c550101a1da9a359d.ssl.cf2.rackcdn.com/787976/1/check/kolla-ansible-centos8s-source-upgrade/fc70b4b/primary/logs/ansible/pull	14:45
mnasiadka	yoctozepto: I guess not	14:47
yoctozepto	hmm, perhaps I just dreamed of them	14:47
*** openstackgerrit has joined #openstack-kolla		14:57
openstackgerrit	Merged openstack/kolla-ansible master: [doc] fix a typo https://review.opendev.org/c/openstack/kolla-ansible/+/787998	14:57
*** kevko has joined #openstack-kolla		14:58
kevko	hi	14:58
*** Fl1nt has joined #openstack-kolla		15:01
Fl1nt	Howdy everyone!	15:01
kevko	hmm, I'm not possible to create multi-region edge-cloud with Google as authentification/authorization ... 800 ms latence between region , am I ?	15:05
*** jamesbenson has joined #openstack-kolla		15:05
openstackgerrit	Lin PeiWen proposed openstack/kolla master: Modify healthcheck_mariadb https://review.opendev.org/c/openstack/kolla/+/785401	15:08
*** wuchunyang has quit IRC		15:13
*** jamesbenson has quit IRC		15:31
*** jamesbenson has joined #openstack-kolla		15:35
*** rpittau is now known as rpittau\|afk		15:55
*** jamesbenson has quit IRC		15:58
*** jamesbenson1 has joined #openstack-kolla		15:58
*** jamesbenson1 has quit IRC		16:02
*** dciabrin_ has quit IRC		16:13
*** jamesbenson has joined #openstack-kolla		16:13
Fl1nt	kevko, depends on your services.	16:15
kevko	well, we have potentional customer ..but he has 15 areas worldwide with ~850ms latency	16:16
Fl1nt	what does that means? 850ms between regions? between all of them? Google is no longer than few ms away from anyone anywhere in the world.	16:17
kevko	Fl1nt: so, he probably want 15 separate openstacks .. separate mariadbs, rabbitmqs, etc etc etc ..but to be able authentify/authorize on some keystone and have token valid on another keystone in another region..	16:17
kevko	Fl1nt: well, google is google :D	16:18
Fl1nt	no no no, Google is not the important part in here OpenID Connect is made from your browser and the whole authentication process wait for your response before login in, so even if 15s away, it work.	16:19
Fl1nt	the question is rather	16:19
Fl1nt	does it want 15 keystone?	16:19
Fl1nt	or one spanned across 15 locations?	16:19
hrw	or 15 synchronizing?	16:20
kevko	they want 15 keystones ..	16:20
kevko	and has regions as independent as they can be from each others ...	16:20
Fl1nt	so what's the issue here?	16:20
Fl1nt	hrw, keystone federation of keystones is... a nightmare ^^	16:21
Fl1nt	kevko, simple way to do that, get a kolla-config repository, fork 15 differents repos from it, one per region, get your identity federation individually set on each of them ^^ end of your trouble ^^	16:22
kevko	Fl1nt: well yes, that was my idea before I asked :D	16:23
kevko	Fl1nt: but, I have to also modify fernet-push script in fernet rotate container, right ?	16:23
Fl1nt	nope, why that?	16:23
Fl1nt	If you can't get a spanned network in between location that gave you at least a sub 30ms response time, then don't do replicated/synced keystone, goes with independent regions and a central identity manager such as your plan.	16:25
Fl1nt	If your customer can afford a globally spanned sub 30ms network, then get a spawn (main) region and every other part of it.	16:26
kevko	Fl1nt: well, honestly I am not biggest keystone expert :P	16:27
Fl1nt	fernet token don't need to be synced between regions as long as those regions are autonomous, the only issue that your users will face will be that they'll have different token granted for each region, meaning	16:28
Fl1nt	if you authenticate to region A	16:28
Fl1nt	then want to perform an action on region B	16:28
kevko	Fl1nt: but my colleguage said they want to have also some service user which has to be authentified/authorized against random keystone ... and therefore has to have synced fernets	16:28
Fl1nt	you'll need to authenticate again.	16:28
kevko	Fl1nt: well, I think this is exactly what they want proabably ..	16:29
Fl1nt	not possible the way you want to implement your regions.	16:29
kevko	*also	16:29
Fl1nt	except to use an underlying shared storage	16:29
openstackgerrit	Merged openstack/kolla master: Disable trove for Debian/binary https://review.opendev.org/c/openstack/kolla/+/787958	16:29
*** bengates has quit IRC		16:29
kevko	If I understood correctly	16:29
Fl1nt	which isn't recommended at all	16:29
Fl1nt	as it would then screw your rotation process.	16:30
kevko	Fl1nt: well, what If i will rotate to every keystone in every region ?	16:30
*** bengates has joined #openstack-kolla		16:30
Fl1nt	you can't do it like that with the current shape of the rotation script.	16:30
Fl1nt	I did it once	16:31
*** gouthamr has joined #openstack-kolla		16:31
kevko	Fl1nt: i was checking k-a code and there is for cycle through keystone group in inventory ..so If i modify that script ..I am ok ..	16:31
*** gouthamr has quit IRC		16:31
*** gouthamr has joined #openstack-kolla		16:31
*** gouthamr has quit IRC		16:31
kevko	am I right ? or what do you mean by "current shape " ?	16:31
Fl1nt	using a third party tool in between (hashicorp consul) but it's definitely an ugly solution as is drastically increase your platform complexity.	16:31
*** gouthamr has joined #openstack-kolla		16:31
Fl1nt	this is for multi-region deployment where you have one central keystone for all regions.	16:32
*** gouthamr has joined #openstack-kolla		16:32
Fl1nt	or even multinode on one region	16:32
*** gouthamr has joined #openstack-kolla		16:33
Fl1nt	but then you'll have an issue where you'll need to create a monstruous script that will check each of your repos inventory, then cycle through them, but even there, it doesn't solve the issue that each region will at time	16:33
*** gouthamr has quit IRC		16:33
Fl1nt	rotate the fernet_keys	16:33
Fl1nt	and then your regions are unsynced	16:33
*** gouthamr has joined #openstack-kolla		16:34
*** gouthamr has quit IRC		16:34
Fl1nt	fernet_token is a special token that craft a payload containing your token lifetime and other informations in it, it's derivated and controlled with those so called fernet_keys	16:34
Fl1nt	hence why they periodically rotate	16:34
Fl1nt	in order to avoid an attacker to be able to forge tokens	16:35
*** gouthamr has joined #openstack-kolla		16:35
*** bengates has quit IRC		16:35
kevko	hmm	16:35
Fl1nt	so tokens on Region A have two requirements	16:35
Fl1nt	being rotated periodically	16:35
Fl1nt	and	16:36
Fl1nt	if you want to share them a global shared storage amoung regions	16:36
Fl1nt	which with 850ms is unrealistic	16:36
kevko	understand :/	16:36
Fl1nt	you'll also need to only get one keystone node to rotate the keys at the same time.	16:36
*** dougsz has quit IRC		16:37
Fl1nt	at some point, when you build cloud that span across the world openstack or any other services, (even kubernetes) aren't made for that, because they lack efficient P2P shared services layers because of the DB Backend used.	16:39
Fl1nt	One of my previous employer spanned across the globe, then asked MariaDB for a solution as they use active/active mariadb clusters and a distributed keystone. Even MDB engineers told them it's not currently possible without at least using proxysql	16:41
Fl1nt	which bring other issues ^^	16:41
Fl1nt	another solution would have been to use galera segments but meh ^^	16:43
admin0	does kolla setup ceph in the latest version or not ?	16:44
admin0	and if not and ceph+rgw is setup via ceph-ansible, does kolla adds rgw endpoints in keystone for swift	16:45
Fl1nt	nope	16:45
Fl1nt	admin0, but I've a downstream patch for that.	16:45
kevko	ok Fl1nt , thank you for examplanation :)	16:46
openstackgerrit	Merged openstack/kayobe stable/stein: Use released version of mrlesmithjr.mdadm https://review.opendev.org/c/openstack/kayobe/+/787936	16:46
admin0	i want to know how to enable swift apis with ceph backend	16:46
admin0	starting with adding the entries in keystone	16:46
*** jamesbenson has quit IRC		16:47
Fl1nt	you just create entrypoint on haproxy config, then point your keystone swift service to that entrypoint, if you've correctly set your ceph RGW then it will be able to serve Object-Storate	16:47
Fl1nt	storage	16:48
Fl1nt	kevko, you're welcome :D	16:50
*** jamesbenson has joined #openstack-kolla		16:51
Fl1nt	hrw, I've digged a bit about this live migration thingy on nova. It's not (from my understanding and research) possible to split live migration interface from the nova-compute used my_ip interface without breaking cold migration and instance resize.	16:54
openstackgerrit	Radosław Piliszek proposed openstack/kolla master: Pin erlang https://review.opendev.org/c/openstack/kolla/+/788045	16:54
*** k_mouza has quit IRC		16:57
*** jamesbenson has quit IRC		16:57
openstackgerrit	Radosław Piliszek proposed openstack/kolla stable/ussuri: rabbitmq: Move to packagecloud https://review.opendev.org/c/openstack/kolla/+/787984	16:57
*** jamesbenson has joined #openstack-kolla		16:58
*** jamesbenson has quit IRC		17:01
openstackgerrit	Radosław Piliszek proposed openstack/kolla stable/ussuri: rabbitmq: Move to packagecloud https://review.opendev.org/c/openstack/kolla/+/787984	17:03
openstackgerrit	Radosław Piliszek proposed openstack/kolla stable/ussuri: rabbitmq: Move to packagecloud https://review.opendev.org/c/openstack/kolla/+/787984	17:06
openstackgerrit	Radosław Piliszek proposed openstack/kolla stable/train: rabbitmq: Move to packagecloud https://review.opendev.org/c/openstack/kolla/+/787985	17:08
*** gfidente is now known as gfidente\|afk		17:09
*** jonaspaulo has joined #openstack-kolla		17:19
*** kevko has quit IRC		17:21
openstackgerrit	Radosław Piliszek proposed openstack/kolla stable/train: rabbitmq: Move to packagecloud https://review.opendev.org/c/openstack/kolla/+/787985	17:23
openstackgerrit	Merged openstack/kayobe stable/train: Use released version of mrlesmithjr.mdadm https://review.opendev.org/c/openstack/kayobe/+/787937	17:31
*** andrewbonney has quit IRC		17:37
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla stable/victoria: Disable trove for Debian/binary https://review.opendev.org/c/openstack/kolla/+/787986	17:41
openstackgerrit	Radosław Piliszek proposed openstack/kolla stable/wallaby: Disable trove for Debian/binary https://review.opendev.org/c/openstack/kolla/+/787987	17:56
openstackgerrit	Gaël THEROND proposed openstack/kolla-ansible master: [WIP] - Fix broken cold_migration based actions when using migration_interface value which differ from the nova-compute host_ip. https://review.opendev.org/c/openstack/kolla-ansible/+/788058	17:59
openstackgerrit	Merged openstack/kayobe stable/ussuri: Use released version of mrlesmithjr.mdadm https://review.opendev.org/c/openstack/kayobe/+/787938	18:00
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla master: move to Debian 'bullseye' https://review.opendev.org/c/openstack/kolla/+/772479	18:03
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla master: Debian/Ubuntu: handle APT keys in proper way https://review.opendev.org/c/openstack/kolla/+/784923	18:03
openstackgerrit	Marcin Juszkiewicz proposed openstack/kolla master: base: do not overwrite APT sources.list https://review.opendev.org/c/openstack/kolla/+/786938	18:03
*** jamesbenson has joined #openstack-kolla		18:08
admin0	Fl1nt, can i see the patch ?	18:15
admin0	of ceph, endpoints etc	18:15
Fl1nt	admin0, not today ^^ I need to transfer it from our downstream repo first.	18:16
admin0	ok	18:17
Fl1nt	mp me your mail and I'll make you a CC of the patch	18:19
Fl1nt	admin0, -î	18:19
admin0	shashi.eu@gmail.com	18:19
* admin0 waits for spam from other bots :)		18:19
*** vishalmanchanda has quit IRC		18:21
Fl1nt	I'll be kind and not do that ^^	18:21
Fl1nt	anyway, see ya folks, and GN	18:22
*** Fl1nt has quit IRC		18:22
*** bsanjeewa has joined #openstack-kolla		18:25
*** jamesbenson has quit IRC		18:29
openstackgerrit	Verification of a change to openstack/kolla failed: rabbitmq: Move to packagecloud https://review.opendev.org/c/openstack/kolla/+/787383	18:35
*** stand has joined #openstack-kolla		18:42
*** jamesbenson has joined #openstack-kolla		18:43
*** jamesbenson has quit IRC		18:58
*** k_mouza has joined #openstack-kolla		18:58
*** jamesbenson1 has joined #openstack-kolla		18:58
*** k_mouza has quit IRC		19:02
*** jamesbenson1 has quit IRC		19:10
*** Chaserjim has joined #openstack-kolla		19:14
*** jamesbenson has joined #openstack-kolla		19:16
*** jamesbenson has quit IRC		19:18
*** jamesbenson has joined #openstack-kolla		19:19
*** cah_link has quit IRC		19:23
*** zzzeek has quit IRC		19:44
*** jamesbenson has quit IRC		19:46
*** zzzeek has joined #openstack-kolla		19:47
*** bsanjeewa has quit IRC		19:50
*** jamesbenson has joined #openstack-kolla		19:54
*** jamesbenson has quit IRC		19:58
*** jamesbenson1 has joined #openstack-kolla		19:58
*** jamesbenson1 has quit IRC		20:00
*** jamesbenson has joined #openstack-kolla		20:04
*** zzzeek has quit IRC		20:09
openstackgerrit	Stanislav Dmitriev proposed openstack/kolla master: Add Swift lock path in Swift containers https://review.opendev.org/c/openstack/kolla/+/788073	20:16
*** zzzeek has joined #openstack-kolla		20:16
*** jamesbenson has quit IRC		20:20
*** jamesbenson has joined #openstack-kolla		20:23
*** jamesbenson has quit IRC		20:32
*** jamesbenson has joined #openstack-kolla		20:34
*** zzzeek has quit IRC		20:40
*** zzzeek has joined #openstack-kolla		20:41
*** zzzeek has quit IRC		20:46
*** zzzeek has joined #openstack-kolla		20:48
*** bsanjeewa has joined #openstack-kolla		20:53
*** e0ne has quit IRC		20:55
openstackgerrit	Merged openstack/kayobe stable/victoria: Use released version of mrlesmithjr.mdadm https://review.opendev.org/c/openstack/kayobe/+/787939	21:01
openstackgerrit	Buddhika Sanjeewa proposed openstack/kayobe stable/stein: Document Update Specify Branch When Cloning https://review.opendev.org/c/openstack/kayobe/+/788081	21:02
openstackgerrit	Buddhika Sanjeewa proposed openstack/kayobe stable/train: Document Update Specify Branch When Cloning https://review.opendev.org/c/openstack/kayobe/+/788082	21:03
openstackgerrit	Buddhika Sanjeewa proposed openstack/kayobe stable/ussuri: Document Update Specify Branch When Cloning https://review.opendev.org/c/openstack/kayobe/+/788083	21:03
openstackgerrit	Buddhika Sanjeewa proposed openstack/kayobe stable/victoria: Document Update Specify Branch When Cloning https://review.opendev.org/c/openstack/kayobe/+/788084	21:04
openstackgerrit	Buddhika Sanjeewa proposed openstack/kayobe stable/victoria: Document Update Specify Branch When Cloning https://review.opendev.org/c/openstack/kayobe/+/788084	21:08
*** bsanjeewa has quit IRC		21:33
*** jamesbenson has quit IRC		21:34
*** jonaspaulo has quit IRC		21:41
*** jamesbenson has joined #openstack-kolla		22:29
*** jamesbenson has quit IRC		22:30
*** bsanjeewa has joined #openstack-kolla		22:36
*** zzzeek has quit IRC		22:42
*** zzzeek has joined #openstack-kolla		22:43
*** k_mouza has joined #openstack-kolla		22:58
*** k_mouza has quit IRC		23:03
*** bsanjeewa has quit IRC		23:17
*** jobewan has joined #openstack-kolla		23:39

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!