| opendevreview | Jeffrey Zhang proposed openstack/kolla-ansible master: Continue to run all actions if one action failed in curator https://review.opendev.org/c/openstack/kolla-ansible/+/821633 | 01:07 |
|---|---|---|
| opendevreview | lixuehai proposed openstack/kolla-ansible master: Add logrotate configuration for placement service https://review.opendev.org/c/openstack/kolla-ansible/+/821642 | 02:04 |
| opendevreview | Michal Nasiadka proposed openstack/kolla stable/ussuri: Ensure nvme-cli is present in nova-compute images https://review.opendev.org/c/openstack/kolla/+/821173 | 06:51 |
| *** amoralej|off is now known as amoralej | 08:15 | |
| opendevreview | Michal Nasiadka proposed openstack/kolla stable/ussuri: Add Swift lock path in Swift containers https://review.opendev.org/c/openstack/kolla/+/818895 | 08:22 |
| opendevreview | Michal Nasiadka proposed openstack/kayobe master: WIP: Use openstack-ci-mirrors in ipa image build https://review.opendev.org/c/openstack/kayobe/+/821675 | 08:49 |
| kevko | \o/ | 09:09 |
| shyamb | Hi | 09:24 |
| shyamb | enable_horizon variable is not uncommented in my globals.yml file | 09:25 |
| shyamb | still horizon service is getting deployed | 09:25 |
| shyamb | Here is my globals.yml file: https://paste.openstack.org/show/811647/ | 09:26 |
| guesswhat | guys? its not possible to reload haproxy with docker kill -s HUP haproxy ( when cert is changed for example ), its here https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/loadbalancer/templates/haproxy/haproxy.json.j2#L2, but seems its fixed for tripleo https://review.opendev.org/c/openstack/tripleo-heat-templates/+/504412/, any chance to fix this ? | 09:27 |
| holtgrewe | shyamb: try placing `false` there or `"no"` | 09:27 |
| shyamb | holtgrewe: Hi, I am looking for a variable which indicates if horizon is installed or not | 09:28 |
| shyamb | I relied on 'enable_horizon' variable and it turns to be not defined | 09:29 |
| shyamb | even if horizon is installed. | 09:29 |
| holtgrewe | shyamb: https://opendev.org/openstack/kolla-ansible/src/branch/master/etc/kolla/globals.yml#L322 | 09:38 |
| holtgrewe | probably you can use `{{ enable_horizon | default(enable_openstack_core) }}`? | 09:39 |
| opendevreview | Merged openstack/kolla stable/ussuri: Ensure nvme-cli is present in nova-compute images https://review.opendev.org/c/openstack/kolla/+/821173 | 09:45 |
| kevko | shyamb: i have wallaby branch cloned ..and if I set enable_horizon: "no" ..it's not going to be installed .. so..you have something somewhere bad :D | 09:51 |
| shyamb | kevko: okay | 09:52 |
| shyamb | Let me re-verify | 09:52 |
| holtgrewe | But if the default of enable_horizon is true then this would explain the behaviour? | 09:54 |
| shyamb | holtgrewe: Yes | 10:04 |
| shyamb | Issue looks something else | 10:04 |
| shyamb | One more query here, how can I access this condition on some other role than horizon: inventory_hostname in groups[horizon.group] | 10:04 |
| shyamb | looks like this horizon group variable is defined in horizon defaults yaml | 10:05 |
| shyamb | and only accessible to horizon role | 10:05 |
| shyamb | I want to access it in my role | 10:05 |
| holtgrewe | you could in dumping all variables where you want to access it | 10:05 |
| holtgrewe | I'm not sure how to do this with ansible | 10:06 |
| holtgrewe | maybe host vars? | 10:06 |
| shyamb | holdgrewe: I have written one more role for our trilio service. | 10:06 |
| shyamb | it's horizon plugin | 10:06 |
| shyamb | So, we just want to execute our code on horizon nodes only | 10:07 |
| shyamb | Is there any way that one service's inventory group variable can be accessed in other service's role? | 10:08 |
| shyamb | like, If I want to use nova.group in cinder ansible role, how can I use that? | 10:09 |
| holtgrewe | shyamb: depends on the architecture of your ansible code | 10:12 |
| holtgrewe | you probably need to use the same inventory as for kolla? | 10:14 |
| opendevreview | Michal Nasiadka proposed openstack/kayobe master: WIP: Use openstack-ci-mirrors and centos-minimal in ipa image build https://review.opendev.org/c/openstack/kayobe/+/821675 | 10:28 |
| guesswhat | what is difference between kolla and kolla-ansible launchpad ? i need to report a bug. thanks | 10:41 |
| mgoddard | guesswhat: kolla for images, kolla-ansible for ansible | 10:42 |
| opendevreview | Mark Goddard proposed openstack/kolla-ansible stable/victoria: Revert "CI: Temporarily disable rabbitmq internal tls" https://review.opendev.org/c/openstack/kolla-ansible/+/779148 | 11:00 |
| opendevreview | Dr. Jens Harbott proposed openstack/kolla master: Cap elasticsearch gem for fluentd https://review.opendev.org/c/openstack/kolla/+/821695 | 12:12 |
| ignaziocassano | HELLO Evveryone, please I'd like to know in l2gw is supported in kolla | 12:16 |
| holtgrewe | Does anyone successfully boot baremetal compute hosts with UEFI? I somehow get "bootx64.efi" from the neutron DHCP server to boot from but that file is present nowhere on my controllers. | 12:26 |
| ignaziocassano | Hello Everyone,please I'd like to know if opendaylight and l2gw are supported in kolla | 12:29 |
| kevko | yoctozepto: i was checking "Modernize swift role" review you've already commented some time ago | 12:34 |
| kevko | right now I'm trying to tempest kolla built swift .. | 12:34 |
| kevko | and it's working on 90 percent ..found some bugs in configuration .. | 12:34 |
| kevko | and probably i will also change few things .. | 12:34 |
| kevko | so, then we should merge that "Modernize swift role" | 12:35 |
| *** amoralej is now known as amoralej|lunch | 13:16 | |
| guesswhat | mgoddard: i am not sure, where to create issue... can you help, please? its not possible to reload haproxy with docker kill -s HUP haproxy ( when cert is changed for example ), its here https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/loadbalancer/templates/haproxy/haproxy.json.j2#L2, but seems its fixed for tripleo https://review.opendev.org/c/openstack/tripleo | 13:18 |
| guesswhat | -heat-templates/+/504412/, any chance to fix this ? | 13:18 |
| mgoddard | guesswhat: sounds like a kolla-ansible issue, please raise on launchpad | 13:22 |
| kevko | mgoddard: 3 days i'm trying to figure out why "swift capabilities" command is not working and getting 401 unauthorized | 13:26 |
| kevko | mgoddard: now I found that kolla added option swift_delay_auth_decision: "False" to swift ... | 13:26 |
| kevko | mgoddard: https://bugs.launchpad.net/kolla/+bug/1768795 << | 13:26 |
| mgoddard | kevko: rings a bell | 13:26 |
| kevko | why this option is not set to true ? :/ ? | 13:27 |
| kevko | mgoddard: i've just pushed you, because you are author of last comment :P | 13:29 |
| guesswhat | mgoddard: ty, i created https://bugs.launchpad.net/kolla-ansible/+bug/1954774 | 13:32 |
| mgoddard | kevko: there is probably a reason why we did not change the default, but I don't remember it | 13:34 |
| mgoddard | and don't really have time to check now | 13:34 |
| mgoddard | have to looked at relevant gerrit reviews and commit messages? | 13:35 |
| kevko | mgoddard: yes :D - this is in commit message -> Added delay_auth_decision config option for swift | 13:43 |
| kevko | The authtoken config variable delay_auth_decision must be set to True. | 13:43 |
| kevko | The default is False, but that breaks public access, StaticWeb, FormPost, | 13:43 |
| kevko | TempURL, and authenticated capabilities requests (using Discoverability). | 13:43 |
| kevko | "must be set to true" | 13:43 |
| kevko | but kolla has default false | 13:44 |
| kevko | which is same as before it was merged (because not present in config is the same - default value ) | 13:44 |
| mgoddard | kevko: if it's that simple then there wouldn't be an option | 13:44 |
| kevko | mgoddard: well, i think kolla decided to preserve false and make it optional for users .. | 13:45 |
| kevko | because when it's true .. swift capabilities works (which show various info about swift stack) | 13:45 |
| mgoddard | kevko: clearly, yes - but what I'm saying is that there is probably some tradeoff - otherwise swift would just make it default to true | 13:46 |
| mgoddard | so we need to understand what that is | 13:46 |
| kevko | mgoddard: https://docs.openstack.org/mitaka/config-reference/object-storage/proxy-server.html << | 13:46 |
| kevko | mgoddard: delay_auth_decision defaults to False, but leaving it as false will prevent other auth systems, staticweb, tempurl, formpost, and ACLs from working. This value must be explicitly set to True. | 13:46 |
| kevko | official swift docs | 13:46 |
| mgoddard | kevko: " This value must be explicitly set to True." != "This value must be set to True." | 13:47 |
| kevko | mgoddard: ok, so question is, does kolla want to prevent other auth systems, staticweb, tempurl, formpost, and ACLs from working or NOT ? | 13:49 |
| frickler | kevko: IMHO the real question is: does kolla want to be backwards compatible? if yes, then the current solution is correct afaict | 13:51 |
| kevko | frickler: ./ansible/roles/swift/defaults/main.yml:swift_delay_auth_decision: "{{ enable_swift_s3api | bool }}" | 13:51 |
| kevko | ./ansible/group_vars/all.yml:enable_swift_s3api: "no" | 13:51 |
| kevko | ./etc/kolla/globals.yml:#enable_swift_s3api: "no" | 13:51 |
| kevko | Funny is, that if I was turned on s3api ..that option is True | 13:52 |
| frickler | hmm, that's a weird combo indeed | 13:53 |
| kevko | :D | 13:53 |
| kevko | yeah :D | 13:53 |
| kevko | that's the reason why I am asking .. | 13:53 |
| kevko | because it looks like there is no argument to not have it set to True | 13:53 |
| kevko | 1. False - discoverability is not working - 401 from swift, required refstack-client tests are not working (needed for openstack certification on Market place - so it's quite big argument), case only if s3api is turned off | 13:55 |
| kevko | 1. True - discoverability is working - 200 from swift, required refstack-client testr are passing and everything is OK , only if S3api is turned on | 13:55 |
| kevko | *2 | 13:55 |
| kevko | so, If i turn s3api ..I secretly fix other issues ? That's weird .. :D | 13:56 |
| frickler | I really don't know enough about swift to judge and I also don't understand why anyone is using it at all, but likely changing the default together with an upgrade warning should be possible then | 13:56 |
| kevko | if it is not problem for case when s3api is turned on ..let's set to true so both cases are working ..and leave it optional so user can change it ..and add reno | 13:57 |
| kevko | frickler: don't forget that we have more bright jewelry in kolla :D - freezer for example :D | 13:58 |
| *** amoralej|lunch is now known as amoralej | 14:04 | |
| holtgrewe | Could someone look into their ironic_pxe container into /tftboot and tell me which *.efi files they see. Somehow, neutron ironic agent wants snponly.efi but I have ipxe-snponly-x86_64.efi... | 14:13 |
| kevko | openstack-swift channel >> | 14:22 |
| kevko | <kevko> delay_auth_decision is this dangerous in swift ? | 14:22 |
| kevko | <kevko> or why it is default false ? | 14:22 |
| kevko | <kevko> i found that if it is false ..discoverability not working | 14:22 |
| kevko | <zaitcev> IIRC it defaults to false because tempauth does not need it, so SAIO works without. But basically all it does is letting 2 auths coexist, or have an auth that has 2 middlewares like authtoken (obtains the tokens) and keystone (makes the decision). | 14:22 |
| kevko | <zaitcev> So it's "delayed" in a sense that it invokes the auth hook after all the middlewares had a chance to execute. | 14:22 |
| kevko | <zaitcev> But of course it occurs before the request proceeds. | 14:22 |
| holtgrewe | It looks like the ironic-conductor image does not have the "genisoimage" installed. This looks similar to https://bugs.launchpad.net/kolla/+bug/1686227 | 16:17 |
| holtgrewe | Hm, probably I'll just file a bug report. https://bugs.launchpad.net/kolla/+bug/1954808 | 16:22 |
| *** amoralej is now known as amoralej|off | 17:26 | |
| *** hrww is now known as hrw | 19:23 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!