Monday, 2024-01-29

« Friday, 2024-01-26 Index Tuesday, 2024-01-30 »
hamidlotfi_Hi there,07:12
hamidlotfi_I set up skydive with Kolla deployment, but every user I checked to log in showed me login failed, please help for find a username and password to log in to the analyzer.07:12
hamidlotfi_https://www.irccloud.com/pastebin/ldysIvY2/07:12
hamidlotfi_That is the skydive.conf content.07:12
hamidlotfi_Please help me.07:12
opendevreviewIvan Halomi proposed openstack/kolla-ansible master: Refactor of getting list of containers that will also prepare function for migration scenario  https://review.opendev.org/c/openstack/kolla-ansible/+/90583708:03
opendevreviewVerification of a change to openstack/kolla-ansible stable/yoga failed: Correct glance.conf example in external Ceph guide  https://review.opendev.org/c/openstack/kolla-ansible/+/90690208:53
fricklerbbezak: kolla cores: please stop merging things to stable/yoga. cf. https://review.opendev.org/c/openstack/releases/+/906573 and https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/V7H6M5ANYOMFWSZ5BJSWAXVNQCUXI6D7/ . you can merge all you want into unmaintained/yoga once that is created08:55
bbezaksure frickler. let's do that08:57
bbezak(got wrong impression to merge/abandon everything before creating unmaintained/yoga)08:57
bbezakapparently08:57
opendevreviewMerged openstack/kolla-ansible stable/zed: Correct glance.conf example in external Ceph guide  https://review.opendev.org/c/openstack/kolla-ansible/+/90690108:58
opendevreviewMerged openstack/kolla-ansible stable/2023.1: Correct glance.conf example in external Ceph guide  https://review.opendev.org/c/openstack/kolla-ansible/+/90688008:58
fricklerbbezak: abandon is good, merge would need yet another update of the release patch08:58
bbezakyeah08:59
hamidlotfi_There is no one here to answer other people's questions?09:04
kevkofrickler: ok09:05
kevkofrickler, bbezak: what about my designate and horizon patches - master ... I think it's ready with all docs and renos and everything :P 09:06
kevkohamidlotfi_: sorry but I really don't have any experiences with skydive 09:06
fricklerkevko: yeah, need to get back to those, will try to do that today or tomorrow at least09:08
kevkofrickler: thank you 09:08
bbezakyeah, will take a look. btw friday I got deeper into ironic failures in CI, it is caused because of that - https://review.opendev.org/c/openstack/ironic/+/902009. it looks we should use system scoped member (or new service role) for nova-compute-ironic service to be able to reach all ironic nodes. I'll propose sth this week -09:12
bbezakhttps://specs.openstack.org/openstack/ironic-specs/specs/17.0/secure-rbac.html#system-scope09:12
bbezakfor now we could do that - https://review.opendev.org/c/openstack/kolla-ansible/+/906858. however I don't think is a good way forward, as it impacts only master09:14
kevkovote for first option09:16
fricklerwasn't that whole system-scope thing reverted? at least that's what I saw in devstack and tempest09:20
hamidlotfi_kevko: Thank you for your answer.09:24
hamidlotfi_I am happy that someone is responsible.09:25
kevkohamidlotfi_: but what is your exact issue ? 09:25
kevkohamidlotfi_: you are asking help to find out username and pass to analyzer ..but you pasted config where is block analyzed and user/password is present there 09:26
kevkobbezak: what about you .. do you have a time for https://review.opendev.org/q/topic:%22kolla-neutron-dns-integration%22 and https://review.opendev.org/q/topic:%22kolla-horizon-fix%2209:28
bbezakfrickler I didn't find information that it was reverted for ironic service. I'll dig into that.09:33
bbezakI'll try to find time for it kevko09:38
kevkobbezak: thanks, it's quite short patch (except that one with tests ...)09:38
kevkobbezak: but that tests are just copy from neutron docs 09:39
kevkoall cases09:39
opendevreviewWill Szumski proposed openstack/kolla master: Support CAP_DAC_READ_SEARCH capability  https://review.opendev.org/c/openstack/kolla/+/90557910:13
opendevreviewVerification of a change to openstack/kayobe stable/yoga failed: Switch IPA builds to CentOS Stream 9 for yoga  https://review.opendev.org/c/openstack/kayobe/+/90324210:16
SvenKieskebbezak: we already wrote it down somewhere to use system-scope for everythink IIRC? but we never really did it.10:31
SvenKieskebbezak: frickler: there's even an older patch for that: https://review.opendev.org/c/openstack/kolla-ansible/+/81557710:35
fricklerSvenKieske: ah, yes, but that is for using the service role. system-scope is indeed only being used by ironic anymore for weird reasons10:48
bbezaknice find SvenKieske. Indeed, ironic would need service role but system scoped10:53
SvenKieskefunnily I'm just in a customer call who has a keystone warning in glance-api which led me to this abandoned change: https://review.opendev.org/c/openstack/kolla-ansible/+/44988910:56
kevkoguys, do you know if one cinder-backup can handle several AZs ? 11:12
SvenKieskekevko: about which metric are you asking? is this a functional or a performance or a security question?11:48
kevkofunctional 11:49
SvenKieskekevko: redhat seems to say it's possible, but backups are stored in the central AZ from cinder-backup: https://access.redhat.com/documentation/de-de/red_hat_openstack_platform/16.1/html/block_storage_backup_guide/using-cinder-backup#proc_backup-and-restore-across-edge-sites_using-backup-service11:50
kevkoSvenKieske: because, for example for cinder-volume  you just specify enabled_backends = az1,az2,az3 and then you define block of config for each az, where you can specify different ceph clusters and each block has option backend_availability_zone = az*11:50
SvenKieskeI myself have not much done with cinder backup tbf.11:51
kevkoproblem is that cinder_backup as a service has configuration in [DEFAULT]11:51
kevkoand it seems that if you want to have cinder-backup for az1 (as example) ..you need to put it on controller0, az2  controler1, az3 controller2 ...and when you want to have HA ..you have problem 11:52
kevkowhile in cinder-volume you can specify cinder-volume-service -> handle -> { az1-rbd, az2-rbd, az3-rbd } and you can copy this configuration for 3 controllers11:53
kevkoit seems cinder-backup can't handle 3 backends per one service ..just one backend per one service11:54
SvenKieskecinder active active HA is still not implemented in kolla last time I looked11:57
SvenKiesketriple-o has it, with pacemaker11:57
kevkoSvenKieske: it's implemented ..you need just use config override :) 12:16
kevkoSvenKieske: it's not working out of the box  ..but you just add config-override for cluster = ceph12:16
kevkothen your cinder-volumes are clustered 12:16
kevkoredis is implemented for a long time 12:17
kevkoSvenKieske: https://review.opendev.org/c/openstack/kolla-ansible/+/763011   << this patch just adding one line ... i don't know why we didn't merged ..but we using config-override in /etc/kolla/config/host/cinder.conf with [default] cluster=ceph12:18
kevkoprobably because you need to migrate volumes to use new approach :) 12:19
kevkoand we are - as koalas  afraid that users don't read upgrade notes .. :D 12:19
SvenKieskewell it's a catch 22: devs don't write upgrade notes because nobody reads them and nobody reads them because they are incomplete/lacking/empty..12:27
SvenKieskewe have to start somewhere :)12:27
kevkoSvenKieske: i am totally ok to do it via config override :D 12:29
SvenKieskeI'm totally ok with any approach that works out of the box without manual intervention :)12:31
SvenKieske"Multinode Kolla Ansible deployments provide HA and scalability for services." https://docs.openstack.org/kolla-ansible/latest/admin/production-architecture-guide.html#openstack-services12:32
SvenKieskethis is wrong for some core openstack services, currently. :(12:32
SvenKieskeI guess this was written, thinking "well we have haproxy in front of everything, so everything is HA now" which is just wrong.12:33
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: [DNM] disable enforce scope ironic  https://review.opendev.org/c/openstack/kolla-ansible/+/90685812:34
kevkowhat is not clustered ? 12:35
kevkoha ? 12:35
SvenKieskewe have no cinder active-active by default, no?12:36
kevkotrue12:36
SvenKieskedepending on your setup your networking might also be not as HA as you like :)12:36
kevkoSvenKieske: well, for cinder there is only need to provide migrate path by some ansible script ...12:38
kevkoSvenKieske: or just mention it in some upgrade reno 12:38
kevkoSvenKieske: add prechecks for control ..and that's it 12:38
opendevreviewPedro Henrique Pereira Martins proposed openstack/kolla-ansible master: Fix the docker container dimensions comparison for short notation  https://review.opendev.org/c/openstack/kolla-ansible/+/88650013:11
opendevreviewRafael Weingartner proposed openstack/kolla-ansible master: Customize the authentication error timeout page in modOIDC  https://review.opendev.org/c/openstack/kolla-ansible/+/83280613:28
opendevreviewRafael Weingartner proposed openstack/kolla-ansible master: Customize the authentication error timeout page in modOIDC  https://review.opendev.org/c/openstack/kolla-ansible/+/83280613:41
opendevreviewPierre Riteau proposed openstack/kayobe stable/2023.2: Pin Docker Engine package to latest 24.x release  https://review.opendev.org/c/openstack/kayobe/+/90706414:12
kevkoSvenKieske: haha, what browsert do you have ? :D 14:26
kevkoSvenKieske: hmm, you are right ...i checkd only --tags in a code block ..second one is with single -- ...will fix 14:28
SvenKieskekevko: Firefox :D I originally just wanted to check if the table is rendered correctly. this might also be dependent on the used font, I guess. I'm no frontend person :)14:32
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: [DNM] disable enforce scope ironic  https://review.opendev.org/c/openstack/kolla-ansible/+/90685814:47
opendevreviewAlex Welsh proposed openstack/kolla-ansible master: Update keystone service user passwords  https://review.opendev.org/c/openstack/kolla-ansible/+/90317815:05
opendevreviewAlex Welsh proposed openstack/kolla-ansible master: Add OpenSearch upgrade flush timeout var  https://review.opendev.org/c/openstack/kolla-ansible/+/90611915:17
atmarkhello, when building container image from source, is it necessary to specify in kolla-build.conf where to get source https://docs.openstack.org/kolla/xena/admin/image-building.html#build-openstack-from-source ? 15:22
atmarki tried without specifying and i was able to successfuly build an image15:23
atmarkis the default getting the source from  master branch or it's based on version of kolla python package ( in my case it's 13.10.x ) 15:25
frickleratmark: the default depends on the kolla version. running "tox -e genconfig" generates a template file that shows all the defaults. also note that kolla 13.x/xena is EOL and yoga will soon be, too15:32
kevko+115:39
kevkofrickler: btw, i had some discussion with SvenKieske , what do you think about install oslos and other *openstack* libraries from tarballs, or gits as services are ..15:40
kevkofrickler: depends on some option as --source git or similar 15:40
atmarkfrickler: Just confirmed, I ran an nova-base, checked /nova-.x.x.x and version is based on kolla version. I'll try the tox again cuz last time it only generated 4 lines in the config. Yeah, trying to bring the env  Xed in next 2 months15:40
fricklerkevko: we should not do that by default, but as an option it might be fine. it does allow ppl to deviate from upper-constraints though, so I fear it may generate a lot of support issues if we make that too easy to apply15:46
kevkofrickler: well, my point is ..that there are several bugfixes in stable branches ... but released from time to time ...15:47
kevkofor projects15:47
kevkoand libs 15:47
kevkoand we do this for services ..15:47
fricklerkevko: yes, I understand the use case, but I still consider it risky. also with my TC hat on I'd rather focus on helping library projects make timely stable backports and releases if needed15:53
SvenKieskefrickler: yes, that's true, and also a potential issue (the misuse aspect). I still think it would be good to have in general. maybe document it with a "here be dragons" danger sign? :D16:08
atmarkI cloned kolla@stable/yoga , `ran tox -e genconfig` and it generated etc/kolla/kolla-build.conf which only contains [DEFAULT]16:08
atmarkhttps://paste.openstack.org/show/b6WlbvqeJjQmIV3DIYDe/16:12
frickleratmark: seems there is something wrong with your setup, it does work fine for me. "WARNING:stevedore.named:Could not load kolla" is an error in this context16:14
frickleris your /tmp mounted with noexec maybe?16:14
opendevreviewRafael Weingartner proposed openstack/kolla-ansible master: Customize the authentication error timeout page in modOIDC  https://review.opendev.org/c/openstack/kolla-ansible/+/83280616:18
atmarkfrickler: nope. I tried moving it to /root/kolla/, same issue 16:20
atmarkthought that warning is unrelated 16:22
atmarki'll look it up16:23
atmarkwhat version is your stevedore?16:24
fricklerstevedore==3.5.2 that should all be pinned by yoga upper-constraints.txt16:29
fricklerexcept ... which version of tox do you use? 3.21.4 here16:30
atmarktox==4.12.116:32
frickleratmark: ack, can reproduce this, genconfig is broken with tox 4, even on master. do you want to create a bugreport yourself? then we could track fixing this16:34
kevkoatmark: yeah, it's broken 16:42
kevkohmm16:43
atmark3.21.4 works 16:44
atmarki'll create a bug report 16:44
kevkofrickler: regarding libs git ...well, you probably agree with me that there are several customers/teams/companies using older version of openstack ..and release team will just not release new version for lib ..nor service ... then you are in situation that you can't fix your deployment 16:46
kevkofrickler: it can be super helpful to fix something in your downstream git and just refer in kolla 16:46
frickleratmark: thx16:46
fricklerkevko: oh, so you are talking about EOL releases? I won't care about a patch that gets added to every unmaintained branch, if you want that16:47
kevkofrickler: no, i am talking about that option which should be possible I think 16:48
kevkofrickler: i will propose something in future when i will have some time :D 16:50
atmarkfrickler: https://bugs.launchpad.net/kolla/+bug/205157517:02
atmarkThanks for looking into it17:02
opendevreviewDawud proposed openstack/kayobe master: Fix wipe-disks role to work on newer distros  https://review.opendev.org/c/openstack/kayobe/+/90710517:35
opendevreviewMatt Crees proposed openstack/ansible-collection-kolla master: Fix: include missing docker log-opts in config  https://review.opendev.org/c/openstack/ansible-collection-kolla/+/90710717:49
opendevreviewRafael Weingartner proposed openstack/kolla-ansible master: Customize the authentication error timeout page in modOIDC  https://review.opendev.org/c/openstack/kolla-ansible/+/83280619:23
opendevreviewPierre Riteau proposed openstack/kayobe stable/2023.2: Handle removal of Docker devicemapper storage driver  https://review.opendev.org/c/openstack/kayobe/+/90706421:34
« Friday, 2024-01-26 Index Tuesday, 2024-01-30 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!