Wednesday, 2024-01-31

« Tuesday, 2024-01-30 Index Thursday, 2024-02-01 »
*** jph7 is now known as jph01:40
opendevreviewPierre Riteau proposed openstack/kayobe stable/2023.2: Handle removal of Docker devicemapper  https://review.opendev.org/c/openstack/kayobe/+/90706407:40
mnasiadkamorning07:42
opendevreviewPierre Riteau proposed openstack/kayobe stable/2023.1: Handle removal of Docker devicemapper  https://review.opendev.org/c/openstack/kayobe/+/90729207:42
opendevreviewPierre Riteau proposed openstack/kayobe stable/zed: Handle removal of Docker devicemapper  https://review.opendev.org/c/openstack/kayobe/+/90729307:42
opendevreviewPierre Riteau proposed openstack/kayobe stable/yoga: Handle removal of Docker devicemapper  https://review.opendev.org/c/openstack/kayobe/+/90729407:49
opendevreviewPierre Riteau proposed openstack/kayobe stable/yoga: Handle removal of Docker devicemapper  https://review.opendev.org/c/openstack/kayobe/+/90729407:56
mnasiadkafrickler, bbezak, kevko: What did I miss?08:00
kevkomnasiadka: morning 08:00
kevkomnasiadka: we were testing upgrade jobs from master->master 08:00
kevkomnasiadka: some podman CI fixes 08:01
kevkomnasiadka: upper constrainsts were bumped so horizon was broken which is now fixed ..but i had an inspiration to little bit rework horizon https://review.opendev.org/q/topic:%22kolla-horizon-fix%22  ..reviews welcome :) 08:03
kevkomnasiadka: designate rework merged 08:03
kevkomnasiadka: we had to add some exceptions for ansible lint as it was also bumped and linters were failing 08:06
kevkonothing else i think08:06
fricklermnasiadka: welcome back. https://bugs.launchpad.net/kolla/+bug/2051575 may be interesting for you (/me says that with the hope you may want to actually fix it ;)08:13
frickleralso stable/yoga should no longer get new patches, which people still do (hello priteau), and will hopefully migrate to unmaintained very soon08:14
fricklerthere was also some discussion about moving to EOL right away, but it seems shpc/kayobe isn't quite ready for that yet?08:15
kevkofrickler: are u sure that it's really tox issue and not related with user setup or something ? because my tox 4 is working .... https://paste.openstack.org/show/bKfrRUZqxonzCOrIMgfV/08:18
mnasiadkaI think for now SHPC is interested in not moving to EOL directly, but let's discuss that on the meeting today08:18
opendevreviewPierre Riteau proposed openstack/kayobe stable/zed: Handle removal of Docker devicemapper  https://review.opendev.org/c/openstack/kayobe/+/90729308:22
fricklerkevko: check the generated file, does it contain more than one line?08:23
kevkofrickler: good point :D 08:23
fricklermnasiadka: also, not directly related to kolla, but do you use ceph-ansible? https://github.com/ceph/ceph-ansible/commit/a9d1ec844d24fcc3ddea7c030eff4cd6c414d23d08:25
mnasiadkadon't use it anymore, we moved to cephadm08:25
opendevreviewRafal Lewandowski proposed openstack/kolla-ansible master: [WIP] Enable ML2/OVN and distributed FIP by default  https://review.opendev.org/c/openstack/kolla-ansible/+/90495908:30
kevkobtw, guys, do you use some wysiwig .rst editor ? i mean ..for docs :P 08:40
kevkowith some cheatsheet ideally :D 08:40
mnasiadkasome people use vs code08:54
mnasiadkafrickler: that was long coming09:07
opendevreviewRafal Lewandowski proposed openstack/kayobe master: Add Redfish rules to Ironic introspection  https://review.opendev.org/c/openstack/kayobe/+/90277209:36
*** zigo_ is now known as zigo09:43
opendevreviewWill Szumski proposed openstack/kayobe master: Remove docker devicemapper support  https://review.opendev.org/c/openstack/kayobe/+/90638609:50
SvenKieskeI use vs code, the diff and rendered preview are quite nice. for quick edits I just stick with vim on the cli.09:53
SvenKieskefor questions regarding restructuredText I just look at the spec09:56
SvenKieskehttps://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html09:56
SvenKieskeor look at the quick ref: https://docutils.sourceforge.io/docs/user/rst/quickref.html09:57
SvenKieskemarkdown is somewhat simpler, but can't do everything rst can do09:57
opendevreviewRafal Lewandowski proposed openstack/kayobe master: Add Redfish rules to Ironic introspection  https://review.opendev.org/c/openstack/kayobe/+/90277210:01
opendevreviewRafal Lewandowski proposed openstack/kayobe master: Add Redfish rules to Ironic introspection  https://review.opendev.org/c/openstack/kayobe/+/90277210:04
opendevreviewMatt Crees proposed openstack/kayobe master: Fix: configure etc-hosts for overcloud group  https://review.opendev.org/c/openstack/kayobe/+/90730610:39
mnasiadkakevko: https://review.opendev.org/c/openstack/kolla/+/906516 - have a minute to take a look? or frickler 10:42
opendevreviewPiotr Parczewski proposed openstack/kolla stable/2023.2: trivial: fix typos in let's encrypt status logs  https://review.opendev.org/c/openstack/kolla/+/90726511:10
opendevreviewRafal Lewandowski proposed openstack/kayobe master: Add Redfish rules to Ironic and Bifrost introspection  https://review.opendev.org/c/openstack/kayobe/+/90277211:20
opendevreviewVerification of a change to openstack/kayobe stable/2023.2 failed: Handle removal of Docker devicemapper  https://review.opendev.org/c/openstack/kayobe/+/90706411:28
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Refactor external ceph  https://review.opendev.org/c/openstack/kolla-ansible/+/90716611:35
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Copy all keyrings and configs to cinder-backup  https://review.opendev.org/c/openstack/kolla-ansible/+/90716711:35
kevkomnasiadka: let me check11:39
mnasiadkakevko: we're using that now, so might be more fixes will come later ;-)11:46
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Disable new defaults and scope for Ironic (RBAC)  https://review.opendev.org/c/openstack/kolla-ansible/+/90685811:49
kevkomnasiadka: haha, hope that not  :) 11:49
opendevreviewMichal Arbet proposed openstack/kolla master: [follow-up] Use full binary path when invoking ip  https://review.opendev.org/c/openstack/kolla/+/90731512:43
kevkomnasiadka: approved, but i realized that there is also another place where ip is used ... so patch here ^^^12:43
mnasiadkawhat about rsync sed and ssh - are we sure those work? :-)12:45
kevkobbezak12:45
kevkoWe will see 12:45
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Disable new defaults and scope for Ironic (RBAC)  https://review.opendev.org/c/openstack/kolla-ansible/+/90685812:52
fricklerwhy on earth is "ip" in sbin?13:03
mnasiadkaWell, it's in sbin on RH derivatives13:05
mnasiadkawonder if we didn't break Debian/Ubuntu13:05
fricklerno, it is in sbin there, too. I'm just wondering why13:07
frickleralso thankfully /sbin is a symlink to /usr/sbin on modern systems, else I'd have suggested to use /sbin/ip instead. although one could still prefer that since it is shorter13:08
mnasiadkadon't ask me :)13:09
opendevreviewMerged openstack/kolla master: Use full binary path when invoking ip  https://review.opendev.org/c/openstack/kolla/+/90651613:27
mmalchukfrickler just compare 'find /sbin -perm -4000' and 'find /usr/bin -perm -4000' and you will find no ordinary user tools which need root permissions in /sbin13:52
mmalchukip needs root permissions almost for all operations13:53
mmalchukso in in /sbin because not ordinary user tool, but tool for root)13:54
mmalchukip*13:54
bbezakmeeeting in 4 mgoddard mnasiadka bbezak frickler kevko SvenKieske mmalchuk gkoper jangutter jsuazo jovial osmanlicilegi mattcrees13:56
opendevreviewPierre Riteau proposed openstack/kayobe stable/2023.2: Deprecate devicemapper due to removal in Docker  https://review.opendev.org/c/openstack/kayobe/+/90706413:58
frickleractually on ubuntu I have lrwxrwxrwx 1 root root 7 Jun 29  2022 /usr/sbin/ip -> /bin/ip13:58
fricklerand all show commands should not require root13:58
opendevreviewPierre Riteau proposed openstack/kayobe stable/2023.1: Deprecate devicemapper due to removal in Docker  https://review.opendev.org/c/openstack/kayobe/+/90729213:59
bbezak#startmeeting kolla14:00
opendevmeetMeeting started Wed Jan 31 14:00:34 2024 UTC and is due to finish in 60 minutes.  The chair is bbezak. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
opendevmeetThe meeting name has been set to 'kolla'14:00
bbezak#topic rollcall14:00
mmalchuk\o14:00
janguttero/14:00
jovial\o14:00
mattcreeso/14:00
mnasiadkao/14:01
SvenKieskeo/14:01
frickler\o14:01
bbezak#topic agenda14:02
bbezak* Roll-call14:02
bbezak* Agenda14:02
bbezak* Announcements14:02
bbezak* Review action items from the last meeting14:02
bbezak* CI status14:02
bbezak* Release tasks14:02
bbezak* Regular stable releases (first meeting in a month)14:02
bbezak* Current cycle planning14:02
bbezak* Additional agenda (from whiteboard)14:02
bbezak* Open discussion14:02
bbezak#topic CI status14:03
bbezakKayobe is red, because of Ironic RBAC14:03
bbezakbut workaround is raised in k-a14:03
mnasiadkalink to a patch?14:04
bbezakhttps://review.opendev.org/c/openstack/kolla-ansible/+/90685814:04
mnasiadka#link https://review.opendev.org/c/openstack/kolla-ansible/+/90685814:04
bbezakI addressed review comments14:04
mnasiadka+2ed14:04
bbezakand I outlined the status in bug #link https://bugs.launchpad.net/kolla-ansible/+bug/205183714:05
mnasiadkaremember to raise a revert after it merges and RP+1, so we don't forget :-)14:05
bbezakok14:05
bbezakI'll track this. When ironic fixes its policy, we should add service role14:06
bbezakeven we should do it regardless of ironic case14:06
mnasiadkaWell, only Ironic does system scope14:06
bbezakbut it should work also with project scope service role14:06
mnasiadka(and Keystone because of Ironic)14:06
bbezakafter the patch in progress14:06
bbezakat least for nova-compute-ironic14:07
bbezakthe other question is kayobe and its baremetal management14:07
bbezakKayobe also has a issue with devicemapper being dropped in docker14:08
bbezak#link https://review.opendev.org/c/openstack/kayobe/+/90638614:08
mnasiadkaif project scope will work, that seems optional14:08
mnasiadkabut if anybody wants to work on this - then sure, why not14:08
bbezakenabling system scope support would need rewrite a big service-ks role to use ansible-collection-openstack modules for role assignment, as they support system scope14:09
bbezak(not big of course, just a rewrite) :)14:09
mnasiadkasince our CI is ansible-core now, then we use ansible-collection-openstack now14:10
mnasiadkawe would just need some not-so-big-rewrite ;)14:10
bbezakyeap14:10
jovialbbezak, good point about the kayobe baremetal management playbooks. I guess the admin user configured public-openrc.sh won't have the right permissions?14:10
bbezaknot a big deal, and probably we need to do it at some point anyway14:10
mnasiadkaI doubt more projects are going to do system scope14:11
bbezakjovial probably there will be some issues with project scoped admin14:11
bbezakwhich reminds me that kayobe don't have proper depends-on support on kolla-ansible?14:12
bbezak(to test it later in CI)14:12
mnasiadkait does I think, but not in all cases14:12
bbezakok14:13
jovialI see references to the zuul project at least: https://github.com/openstack/kayobe/blob/395bd34f645da28600fdd84eaf6bf4075a3d5636/playbooks/kayobe-overcloud-base/overrides.yml.j2#L1214:14
bbezakI recalled that somebody was complaining about it14:14
bbezak#topic Current cycle planning14:14
mnasiadkaI did, I think it didn't work with kolla patches14:15
mnasiadkakolla-ansible worked ok, and I don't know what about a-c-k14:15
jovialahh, how could we make that work?14:16
mnasiadkaI'm speculating, don't really remember :)14:16
mnasiadkafor kolla patches it would only need to build images and use them14:16
bbezakok, worth a bug then in kayobe to make test coverage better14:17
jovial+114:17
jovialIs that how you do it k-a? Build the images locally then? We can't consume the ones built from the kolla patch?14:18
mnasiadkano, the images are not pushed anywhere, just the local registry on the CI node14:19
mnasiadkathere is some intermediate registry in Zuul, I don't remember how it works14:19
jovialOK, I'll make a bug in kayobe for the backlog. Thanks for the details.14:21
bbezakthx jovial mnasiadka14:21
bbezaksorry for changing the topic in a middle of conversation14:22
bbezak(I thought we finished the discussion)14:22
mnasiadkano problem :)14:22
bbezakI guess we finished CI chat for now14:22
mattcreesIn CI status, the ansible-collection-kolla tox linters are also failing, due to a dependency change it seems: https://zuul.opendev.org/t/openstack/build/6cda783bcd2e4e21bdebc87d2a8692ba14:23
bbezakok, so a-c-k CI in red status14:23
mnasiadkaso we might need to bump lint14:23
opendevreviewRafal Lewandowski proposed openstack/kayobe master: Add Redfish rules to Ironic and Bifrost introspection  https://review.opendev.org/c/openstack/kayobe/+/90277214:24
mnasiadkaI'll have a look, unless somebody else wants to14:24
mattcreesI can have a look, but probably won't have the time until Friday14:24
bbezakit looks like we need branch status for a-c-k in the kolla whiteboard14:25
opendevreviewMichal Nasiadka proposed openstack/ansible-collection-kolla master: CI: Bump ansible-core and ansible-lint versions  https://review.opendev.org/c/openstack/ansible-collection-kolla/+/90732914:26
mnasiadkayeah, would be also nice to find a volunteer to get proper grafana dashboards for CI14:26
mnasiadkaso we don't have to click our way through Zuul14:26
bbezakyou mean grafana.opendev.org ?14:27
mnasiadkayup14:27
mnasiadkacan point a volunteer to proper place - https://review.opendev.org/c/openstack/project-config/+/60502614:28
mnasiadkasomewhere in those files - my old patch14:28
bbezakI recall fixing it couple of years ago14:28
kevko\o14:28
bbezakany volunteer? :)14:29
bbezakok, maybe somebody show up later on, let's move on then14:31
bbezak(I'll make a not for it)14:31
SvenKieskeit's not entirely clear from your request what you want these dashboards to display, exactly, maybe it would be good to write that up, somewhere?14:32
bbezakand thx mattcrees for pointing out a-c-k issue14:32
mattcreesnp14:33
opendevreviewRafal Lewandowski proposed openstack/kayobe master: Add Redfish rules to Ironic and Bifrost introspection  https://review.opendev.org/c/openstack/kayobe/+/90277214:33
bbezakyeah, I'll write it up in the whiteboard14:34
bbezakthx SvenKieske14:34
bbezak#topic Current cycle planning14:35
bbezakunfortunately not much of a progress from my side at least on tasks with mine name below14:36
bbezakit looks like we need asignee for Kayobe podman support jovial https://etherpad.opendev.org/p/KollaWhiteBoard#L25114:36
jovialWould be good. Is anyone keen to take that on?14:37
mnasiadkaL259 - those are done and can be crossed out - right?14:38
bbezaklooks all merged14:38
bbezakso yes mnasiadka14:39
mnasiadkadone14:40
mnasiadkaI'll try to push forward on OVN BGP agent next week14:40
mnasiadkaand maybe add support for OVN VPNaaS because there's an RFE with a description14:40
mnasiadkamattcrees: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/907329 - seems that works14:41
mattcreesNice 14:41
mnasiadkawhile we're at bumping Ansible14:42
mnasiadkaShould we have a list of what needs bumping on the Whiteboard?14:42
bbezakat minimum I think14:43
mattcreesSounds useful to me14:43
mnasiadkaanybody did have a look in my SLURP patch?14:43
mnasiadkaah, it's failing14:44
mnasiadkaI'll bring it to shape and we can discuss14:44
mnasiadka#link https://review.opendev.org/c/openstack/kolla-ansible/+/90532214:44
bbezakI'm wondering about test coverage. i.e. if all services will like SLURP14:45
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: Run SLURP upgrade job  https://review.opendev.org/c/openstack/kolla-ansible/+/90532214:45
bbezakof course we can't test every service in CI14:45
mnasiadkawell, we don't have upgrade jobs for octavia and others14:45
mnasiadkabut I was thinking of adding octavia and testing to the core job14:45
mnasiadkasince octavia is not really optional :)14:46
SvenKieskesounds like a good plan to extend coverage14:46
mnasiadkaok, so will add that, then we test that in slurp as well14:46
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: Run SLURP upgrade job  https://review.opendev.org/c/openstack/kolla-ansible/+/90532214:46
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: Run SLURP upgrade job  https://review.opendev.org/c/openstack/kolla-ansible/+/90532214:48
bbezakok then. please progress the caracal priority changes if possible then. thx14:48
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: Run SLURP upgrade job  https://review.opendev.org/c/openstack/kolla-ansible/+/90532214:48
bbezak#topic Additional agenda (from whiteboard)14:50
bbezakwe've got there only one task which I forgot to clean up last time :)14:50
bbezaknamely (mhiner) Container engine migration - https://review.opendev.org/c/openstack/kolla-ansible/+/83694114:50
bbezakwe've decided to move discussion to the patch itself14:51
bbezakno additional agenda, so next topic then14:51
bbezak#topic Open discussion14:51
SvenKieskeanybody at FOSDEM, Brussels, this weekend?14:52
SvenKieskehttps://fosdem.org/2024/ for those not familiar :)14:53
mmalchukhttps://www.youtube.com/watch?v=_OC0n7Hefpw14:53
mmalchukfor online watch CentOS Connect 202414:54
mmalchukthe part of FOSDEM14:54
mmalchukSvenKieske i'm online watcher)14:54
SvenKieskenice :) I make sure to wave at the cameras :D14:55
bbezak:)14:56
mmalchuk;)14:57
opendevreviewWill Szumski proposed openstack/kayobe master: Remove docker devicemapper support  https://review.opendev.org/c/openstack/kayobe/+/90638614:58
bbezaknice, thx for the links14:58
bbezaksome nice sessions there14:59
bbezakgood that Rocky and Alma is there too14:59
bbezakanything else to discuss for today?14:59
SvenKieskeI guess that's it for today :)15:00
bbezakcool, thx everybody15:00
bbezak#endmeeting15:00
opendevmeetMeeting ended Wed Jan 31 15:00:35 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:00
opendevmeetMinutes:        https://meetings.opendev.org/meetings/kolla/2024/kolla.2024-01-31-14.00.html15:00
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/kolla/2024/kolla.2024-01-31-14.00.txt15:00
opendevmeetLog:            https://meetings.opendev.org/meetings/kolla/2024/kolla.2024-01-31-14.00.log.html15:00
mmalchukthanks bbezak 15:00
SvenKieskethanks bbezak!15:01
kevkothx15:01
opendevreviewDawud proposed openstack/kayobe master: Fix wipe-disks role to work on newer distros  https://review.opendev.org/c/openstack/kayobe/+/90710515:59
SvenKieskekevko: mhm, should we backport https://review.opendev.org/c/openstack/kolla-ansible/+/905852 ? if yes, how far?16:01
mnasiadkaSvenKieske: this changes behaviour from what I see, we don't backport such things usually16:11
SvenKieskemnasiadka: true, but the new behaviour is imho better, could we backport when we change it to use the old behaviour by default or doesn't that really add anything? mhmm16:16
fricklerthe patch only makes sense for new deployments I think, so why would you need it on stable branches?16:17
kevkomnasiadka: well, it's compatible ..but i don't care ..16:17
kevkosame thing can be fullfilled with config overrides and read neutron designate docs :) 16:18
mnasiadkaah right, neutron_dns_integration is set to enable_designate16:18
mnasiadkabut designate_ns_record change is not backwards compatible16:19
mnasiadkaso anybody that wants this backported, would need to adapt it16:19
kevkomnasiadka: yeah, but there is a precheck 16:19
mnasiadkamaking something backwards compatible is not about failing in precheck :D16:20
kevkomnasiadka: well, if anyone using it ...he had to use confg-override 16:20
kevkoso even if you backport this change ..nothing will change ..because he is using override 16:20
kevko(if using designate )16:21
mnasiadkaoverride what?16:21
kevkodesignate_ns_record is used in pools.yaml but also in neutron.conf 16:21
kevkoso if user set designate_ns_record ..it's rendered in neutron ... but he needed to provide custom pools.yaml 16:21
kevkobut if it is a list .. pools.yaml is rendered correctly ...but missing in neutron :D 16:22
mnasiadkayeah well ;)16:22
kevkoso all of koalas needed to workaround somehow :D 16:22
kevkodid you get it right ? :D 16:22
mnasiadkain theory this is right, but we don't know all the edge cases16:23
kevkoso I am ok to not backport as anyone can cherry-pick 16:23
kevkoBUT 16:23
mnasiadkaI prefer to be on the safe side16:23
kevkothe first patch from the chain should be backported i think16:23
kevkomnasiadka: this one https://review.opendev.org/c/openstack/kolla-ansible/+/905502/1916:24
mnasiadkait seems backports are in gerrit16:24
mnasiadkawe are just bad in reviewing, as always16:24
mnasiadkahttps://review.opendev.org/q/(project:openstack/kolla-ansible+OR+project:openstack/ansible-collection-kolla)+status:open+NOT+label:Workflow%3C%3D-1+NOT+label:Code-Review%3C%3D-2+branch:%5Estable/.*+status:open+NOT+label:Review-Priority%3D-116:25
kevkoyeah - just saying that those patches are safe to backport and should be backported 16:25
kevkoshare some bookmarks with me and i will try to do better work :) 16:26
mnasiadkakollawhiteboard - there are gerrit dashboard links on L27 and L2816:26
mnasiadkathose in theory should make our work better 16:26
mnasiadkaI see craploads of priority changes :)16:27
opendevreviewWill Szumski proposed openstack/kayobe master: Remove docker devicemapper support  https://review.opendev.org/c/openstack/kayobe/+/90638616:43
opendevreviewMartin Hiner proposed openstack/kolla-ansible master: Add container engine migration scenario  https://review.opendev.org/c/openstack/kolla-ansible/+/83694116:46
SvenKieskemhm, gerrit gui is slow for me today, am I the only one?16:48
mnasiadkanot slower than usual16:55
opendevreviewWill Szumski proposed openstack/kayobe master: Remove docker devicemapper support  https://review.opendev.org/c/openstack/kayobe/+/90638616:58
opendevreviewMaksim Malchuk proposed openstack/kolla-ansible master: Fix gnocchi-metricd when TLS and Swift enabled  https://review.opendev.org/c/openstack/kolla-ansible/+/90725416:59
kevkoanyone here ? 17:21
kevkomnasiadka: if i have nova_ceph_user != cinder_ceph_user  why we are copying both keyrings into nova-compute/libvirt ? 17:22
mnasiadkadoes it hurt?17:22
kevkomnasiadka: because only one user is used always17:22
kevkono no ..it don't hurts ...17:22
kevkoroot@compute0:~# grep -ri b1352eba-154e-4e9c-acc1-741b8657efad /etc/kolla/17:22
kevkoroot@compute0:~# grep -ri 34629c81-1c5d-4761-aa21-7a9b825a02b6 /etc/kolla/17:22
kevkomnasiadka: i am just refatoring because i need to 17:23
kevkomnasiadka: and found that we have two secrets in libvirt but i can found only one used ...17:23
mnasiadkawell, you're the one that touched ceph code recently, I haven't looked into that one for ages17:23
kevkomnasiadka: well, it just means that we are copying two keyring but need only one 17:24
kevkomnasiadka: i am just confused :) 17:24
kevkomnasiadka: i mean this -> https://paste.openstack.org/show/bKvZ0ArywDNOUX5f7VUK/17:26
kevkomnasiadka: b1352eba-154e-4e9c-acc1-741b8657efad is not used ...17:26
mnasiadkaare you sure it's not used when nova_key != cinder_key for cinder volumes?17:26
kevkomnasiadka: well, I am asking ..where to find any reference for second libvirt secret ? 17:27
kevkomnasiadka: because as you can see above ..grep didn't help :P 17:28
SvenKieskedid you look at the git log? maybe the commit introducing it has a hint?17:28
mnasiadkakevko: https://github.com/openstack/kolla-ansible/blob/f0b7bf33abb6faff506599c99863b823ca108ef5/ansible/roles/cinder/templates/cinder.conf.j2#L15917:30
mnasiadkawe set that for cinder and I assume cinder uses that for cinder volumes, right?17:30
kevkomnasiadka: okay i now got it 17:34
kevkomnasiadka: from this article 17:34
kevkohttps://superuser.openinfra.dev/articles/ceph-as-storage-for-openstack/17:34
kevkomnasiadka: I thought I had lost my way, thanks for the help 17:37
SvenKieskeseems this is the commit? https://github.com/openstack/kolla-ansible/commit/d06efcecc52b00f3e26dce3016accd04f6a52793 "Booting from volume require cinder's ceph client secret now. Move cinder before nova in site.yml, because nova depends on cinder ceph client key now."17:37
SvenKieskehttps://review.opendev.org/c/openstack/kolla-ansible/+/44251917:38
kevkoSvenKieske: yep -> it's connected ..17:39
kevkoSvenKieske: thanks for commit 17:41
SvenKieskegot to love git blame :) also that's actually a good commit message that explains why it's needed! :)17:42
SvenKieskeit could also just say "fix ceph auth" or something like that :)17:43
SvenKieskemnasiadka: guess we need to look again at service_users: https://bugs.launchpad.net/kolla-ansible/+bug/2049762/comments/117:51
kevkoSvenKieske: but , if the keyrings are stored in libvirt as secrets xmls ...then keyrings are not needed :D 17:54
SvenKieskeI added it to the Whiteboard, maybe our handling of service tokens in cinder is a little wrong, when reading seans comment at least. I didn't look at the code again.17:55
kevkoSvenKieske: are u talking about service token roles rquired ? <-> nova cinder ? 17:57
kevkoSvenKieske: i have it in backlog :D 17:57
kevkoSvenKieske: point is that code has service_token_roles_required = something ... and we have admin there 17:58
kevkoSvenKieske: point is that in a code is some type of hack which is checking if it is admin/service ..and even if it is admin and not service role ...it will disable action ...but you will get different reply 17:59
kevkotempests are failing on that if it's kolla deployment 17:59
SvenKieskekevko: I talk about the bug report I linked above: https://bugs.launchpad.net/kolla-ansible/+bug/2049762/comments/118:00
kevkoSvenKieske: yeah, I've read already 18:00
SvenKieskeyeah, service_role admin seems wrong, at least to seans comments, and he is usually right, as far as I know :D18:01
kevkoSvenKieske: aaaa yeah ..that patch refered is bad 18:03
kevkoSvenKieske: from you actually :) 18:04
kevkoSvenKieske: there definitely shouldn't be admin role as role required ..because then normal admin can do the stuff as service user ..18:04
opendevreviewMerged openstack/kolla-ansible stable/2023.2: Fix OpenSearch upgrade tasks idempotency  https://review.opendev.org/c/openstack/kolla-ansible/+/90649321:58
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Refactor external ceph  https://review.opendev.org/c/openstack/kolla-ansible/+/90716623:14
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Copy all keyrings and configs to cinder-backup  https://review.opendev.org/c/openstack/kolla-ansible/+/90716723:14
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Refactor external ceph  https://review.opendev.org/c/openstack/kolla-ansible/+/90716623:31
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Copy all keyrings and configs to cinder-backup  https://review.opendev.org/c/openstack/kolla-ansible/+/90716723:31
« Tuesday, 2024-01-30 Index Thursday, 2024-02-01 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!