Friday, 2021-12-17

opendevreview	xinliang proposed openstack/kolla master: Use distro provided GRUB efi https://review.opendev.org/c/openstack/kolla/+/724630	03:56
opendevreview	Dr. Jens Harbott proposed openstack/kolla master: Cap elasticsearch gem for fluentd https://review.opendev.org/c/openstack/kolla/+/821695	07:07
*** amoralej\|off is now known as amoralej		08:23
kevko	mnasiadka: hi, i've replied to your cron question in my review ..let me know if you got it ..	11:47
mnasiadka	replied	11:50
kevko	mnasiadka: also :)	11:58
kevko	i really don't understand what is bad ? why to not merge feature which is not breaking anything ?	11:58
kevko	frickler: do you think it's bad idea ? https://review.opendev.org/c/openstack/kolla-ansible/+/813039	12:00
kevko	you've commented depends-on patch, so you maybe have it in your memory :)	12:01
*** amoralej is now known as amoralej\|lunch		13:19
*** amoralej\|lunch is now known as amoralej		14:01
frickler	kevko: there's a need to keep a balance between adding features and keeping the code maintainable. in particular with the current lack of maintainers, we need to judge between these two sides. in this specific case, I'm really unsure, which is why I voted in neither direction	14:23
mnasiadka	kevko: It's not bad, I just don't know how many people need that, and I don't really like the implementation in Kolla as a script (but that's my personal opinion) ;-) There are other core reviewers, you know - try asking them for opinion ;-)	14:29
jamesbenson	Question: We have an automated testing setup and we realized that we are failing a bunch of refstack tests when we have TLS enabled. We are using the kolla certs since it's testing. We have read the docs https://docs.openstack.org/kolla-ansible/victoria/admin/tls.html#quick-start and enabled the options and set the correct paths. But once enabled, we can't SSH into the VM's. What exactly are	14:47
jamesbenson	we missing?	14:47
gueswhat	guys? i am using this config https://pastebin.com/raw/m658Lyk9 ( external tls with specific pem certificate for haproxy, for internal tls ), but haproxy can not start, because its looking for haproxy-internal.pem certificate ( ERROR:__main__:MissingRequiredSource: /var/lib/kolla/config_files/haproxy.pem file is not found ), but not sure why its not working if i am using kolla_internal_fqdn_cert	15:22
opendevreview	John Garbutt proposed openstack/kolla-ansible master: Change rabbit ha-all poicly for transient queues https://review.opendev.org/c/openstack/kolla-ansible/+/822132	16:03
opendevreview	John Garbutt proposed openstack/kolla-ansible master: Change rabbit ha-all policy for transient queues https://review.opendev.org/c/openstack/kolla-ansible/+/822132	16:07
*** holtgrewe is now known as holtgrewe^gone		16:13
opendevreview	Michal Nasiadka proposed openstack/kolla-ansible master: cinder: start using active-active for rbd https://review.opendev.org/c/openstack/kolla-ansible/+/763011	16:24
opendevreview	John Garbutt proposed openstack/kolla-ansible master: Tune RabbitMQ HA for availability over consistency https://review.opendev.org/c/openstack/kolla-ansible/+/822135	16:28
gueswhat	guys? i am using this config https://pastebin.com/raw/m658Lyk9 ( external tls with specific pem certificate for haproxy, for internal tls ), but haproxy can not start, because its looking for haproxy-internal.pem certificate ( ERROR:__main__:MissingRequiredSource: /var/lib/kolla/config_files/haproxy.pem file is not found ), but not sure why its not working if i am using kolla_internal_fqdn_cert	16:40
jingvar	gueswhat: As I rememmber kolla_internal_fqdn_cert is for openstacr.rc file, you shoul place cert into config directory	16:40
gueswhat	jingvar: its should be keypair in pem format for haproxy	16:41
gueswhat	according to the docs	16:41
jingvar	yes	16:41
jingvar	let me see my config	16:41
jingvar	https://paste.opendev.org/show/811751/	16:46
jingvar	maybe it woluld be helpfull	16:46
jingvar	It is how does kayobe generate keys and ca , pem	16:48
gueswhat	hmm, so it has to be always haproxy.pem filename with hardcoded filepath, right ? then kolla_internal_fqdn_cert is probably not working as expected..	16:48
jingvar	kolla_internal_fqdn_cert it is for internal.rc file	16:49
gueswhat	i guess that i need still kolla_enable_tls_external: yes, right ?	16:54
gueswhat	and then haproxy-internal.pem must be also somehow precreated, otherwise haproxy container will fail to start	16:54
opendevreview	John Garbutt proposed openstack/kolla-ansible master: Improve RabbitMQ performance by reducing ha replicas https://review.opendev.org/c/openstack/kolla-ansible/+/822187	17:36
jingvar	I uses internal and external tls, in your case only have to set kolla_enable_tls_internal: yes	17:38
*** amoralej is now known as amoralej\|off		17:55
jamesbenson	Will kolla-ansible certificates generate all of the certs necessary for tls internal and external?	18:09
opendevreview	John Garbutt proposed openstack/kolla-ansible master: Add rabbitmq message-ttl and queue expiry https://review.opendev.org/c/openstack/kolla-ansible/+/822191	18:18
jingvar	jamebensor: yes , for a test env	18:29
jingvar	grep -r "Creating external Server Certificate signing request"	18:30
jingvar	my example is a ansible playbook interpretations	18:31
gueswhat	what is use case for internal/external VIP/TLS ? its only meant for listening on different interfaces ?	18:57
supamatt	ls	19:13
supamatt	sorry wrong window	19:13
gueswhat	why haproxy fails to /var/lib/kolla/config_files/haproxy.pem when i am using kolla_externally_managed_cert: "true" ? thats weird, why it is looking to /var/lib/kolla/config_files/ dir ?	21:11
gueswhat	i have certs ready in /etc/kolla/certificates/	21:12
-opendevstatus- NOTICE: The review.opendev.org server is being rebooted to validate a routing configuration update, and should return to service shortly		22:28

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!