Tuesday, 2024-02-06

« Monday, 2024-02-05 Index Wednesday, 2024-02-07 »
mnasiadkaatmark: xena is eol, I'm afraid we can't help you, try pinning fluent-plugin-elasticsearch08:13
kevkomnasiadka: https://review.opendev.org/c/openstack/kolla-ansible/+/904566 ... would be fine to merge :) 08:48
mnasiadkabbezak, frickler ^^ pretty please08:49
mnasiadkaI'm the author, so I shouldn't merge it :D08:49
kevkoaa , yeah08:49
kevkomnasiadka: i've also updated horizon patches ..so please check ..and comment where to add som reno etc :D 08:50
mnasiadkawill do08:50
mnasiadkabut on calls for the next 2-3 hours :(08:50
kevkomnasiadka: no problem08:52
opendevreviewMerged openstack/kolla-ansible master: openvswitch: use Ansible modules to set up bridge  https://review.opendev.org/c/openstack/kolla-ansible/+/90169509:02
opendevreviewVerification of a change to openstack/kolla stable/2023.2 failed: [follow-up] Use full binary path when invoking ip  https://review.opendev.org/c/openstack/kolla/+/90757509:05
*** darmach9 is now known as darmach09:11
SvenKieskemnasiadka: can you comment on https://review.opendev.org/c/openstack/kolla-ansible/+/904090/comments/0bb0539a_ec5a328a ?09:17
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Fix mariadb role when used with check mode  https://review.opendev.org/c/openstack/kolla-ansible/+/90797110:00
kevkofrickler: can u comment neutron_state review again  please ? I really would like to know if this will be merged or not ..because i have it merged in downstream git repo ..and in near future i am going to upgrade such big openstack :) 10:07
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557710:10
opendevreviewSven Kieske proposed openstack/kolla-ansible master: precheck: also check fanout and reply queues  https://review.opendev.org/c/openstack/kolla-ansible/+/90797710:13
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557710:25
kevkobbezak: https://review.opendev.org/c/openstack/kolla-ansible/+/904566 can u also check please ? 10:25
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557710:45
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557710:54
kevkofrickler: replied 10:54
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557711:05
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557711:07
fricklermnasiadka: priteau: there have been changes merged to the kayobe stable/yoga branch after the yoga-eom tag was made. this causes the release automation to give a warning when trying to delete that branch, as those commits would get lost11:12
fricklerthe simplest solution would be to simply repropose those changes against the unmaintained/yoga branch now, can you do that?11:12
fricklerpriteau: (sorry for offtopic) the same holds for cloudkitty11:13
mnasiadkafrickler: that's kayobe we're talking about?11:15
mnasiadkaah right, I'm blind11:15
mnasiadkajovial: ^^11:15
mnasiadkajovial: can you have a look?11:15
jovialsure - thanks for the heads up11:21
kevkohmm, ansible-collections-kolla was moved from stable/yoga to unmaintained/yoga ..but now install_deps not working :( 11:25
kevkohttps://paste.openstack.org/show/b0XVRZxY9ocHHVkn8jYQ/11:25
kevkohttps://github.com/openstack/kolla-ansible/blob/2e552b22db31607843bbe8beca35022d90e600de/requirements.yml#L511:27
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557711:28
opendevreviewMerged openstack/kolla stable/2023.2: [follow-up] Use full binary path when invoking ip  https://review.opendev.org/c/openstack/kolla/+/90757511:29
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557711:47
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Keystone: Remove duplicate CLI --os-system-scope line  https://review.opendev.org/c/openstack/kolla-ansible/+/90799411:53
fricklerkevko: yes, talk to the unmaintained-cores, not a kolla problem anymore11:57
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Revert "Disable new defaults and scope for Ironic (RBAC)"  https://review.opendev.org/c/openstack/kolla-ansible/+/90727411:59
kevkofrickler: okay, no problem ..fixed downstream ..thanks 12:12
guesswhat[m]How is possible to use ceph-rgw role https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/ceph-rgw/defaults/main.yml#L8, when the rgw is listening on all interfaces ? Thanks12:24
opendevreviewMatúš Jenča proposed openstack/kolla-ansible master: Implement Redis as caching backend  https://review.opendev.org/c/openstack/kolla-ansible/+/90397813:09
jovialNoticed we seem to be using master upper constraints in unmaintained/yoga in the tox job. We don't set override checkout here: https://github.com/openstack/kayobe/blob/unmaintained/yoga/zuul.d/jobs.yaml#L25. Is that failing because unmaintained/yoga doesn't yet exist for requirements yet?13:15
jovialOr rather it is falling back to master as unmaintained/yoga does not exist yet13:17
jovialSeems so as we used to see: `Switched to branch 'stable/yoga'`13:24
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Ironic: enable elevated access for users with service role  https://review.opendev.org/c/openstack/kolla-ansible/+/90800713:39
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Ironic: enable elevated access for users with service role  https://review.opendev.org/c/openstack/kolla-ansible/+/90800713:40
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Ironic: enable elevated access for users with service role  https://review.opendev.org/c/openstack/kolla-ansible/+/90800713:41
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Revert "Disable new defaults and scope for Ironic (RBAC)"  https://review.opendev.org/c/openstack/kolla-ansible/+/90727413:41
SvenKieskebbezak: regarding the above change (I also commented there): are you really sure this is not a slightly different incarnation of https://bugs.launchpad.net/kolla-ansible/+bug/2049762 (which is on the whiteboard for tomorrow)14:10
SvenKieskebbezak: I'll also dig in and see if my first impression is maybe wrong (might very well be the case - I hope!) :)14:11
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557714:11
SvenKieskeokay, looks fine on first glance, great.14:14
bbezakScenKieske: At this point it looks like the alternative is to implement system-scoped service user for ironic (used by nova-compute-ironic for example).  Both options have similar security implications at first glance. but yeah, we need to analyze it more14:15
bbezakthat is to create system scope role of course14:16
bbezakI think that creating global system scoped role has higher possible impact then project scoped service role, that would be system-scoped-like only for ironic14:17
SvenKieskebbezak: you are talking about the ironic change to "rbac_service_role_elevated_access" no? because afaik this change this requires a system-scoped service user - and we should definitively implement those regardless any other issues, so thanks for working on that again.14:17
bbezakhmm, according to this one https://review.opendev.org/c/openstack/ironic/+/907148 - it doesn't need to be system-scoped service role14:18
SvenKieskeagreed a project scoped service role would be better, but it seems it's needed for ironic, because other services need access to that. thinking about it, isn't it possible to simply allowlist the required services instead of a system scope?14:18
bbezakbut let's see14:18
SvenKieskemhm looking at the comments, there seems to be some stuff also still unclear in ironic project, at least those were never resolved14:21
SvenKieskehttps://review.opendev.org/c/openstack/ironic/+/907148?tab=comments14:21
atmarkmnasiadka: No worries. It's fixed. Pinned fluent-plugin-elasticsearch:5.2.5 instead of 5.3.0 14:28
SvenKieskebbezak: I took the liberty and asked over in #openstack-ironic, seems your approach is correct, sorry for being a little paranoid :) now I'll do some rereading of keystone docs regarding this, so we maybe can fix https://bugs.launchpad.net/kolla-ansible/+bug/2049762 as well14:32
bbezakyeah I say that, thx14:33
bbezakI'll look into removing cinder service token part next14:35
opendevreviewMark Goddard proposed openstack/kayobe master: Support credentials for custom DNF repositories  https://review.opendev.org/c/openstack/kayobe/+/90814215:07
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Ironic: enable elevated access for users with service role  https://review.opendev.org/c/openstack/kolla-ansible/+/90800715:09
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Revert "Disable new defaults and scope for Ironic (RBAC)"  https://review.opendev.org/c/openstack/kolla-ansible/+/90727415:09
opendevreviewSven Kieske proposed openstack/kolla-ansible master: WIP: remove service_token_role admin from cinder  https://review.opendev.org/c/openstack/kolla-ansible/+/90814515:37
SvenKieskebbezak: feel free to also hack/push on https://review.opendev.org/c/openstack/kolla-ansible/+/908145 I'm sure there is still stuff missing15:37
opendevreviewMerged openstack/kayobe master: Reload NetworkManager on DNS config change  https://review.opendev.org/c/openstack/kayobe/+/90774015:52
opendevreviewPierre Riteau proposed openstack/kayobe stable/2023.2: Reload NetworkManager on DNS config change  https://review.opendev.org/c/openstack/kayobe/+/90792615:57
opendevreviewPierre Riteau proposed openstack/kayobe stable/2023.1: Reload NetworkManager on DNS config change  https://review.opendev.org/c/openstack/kayobe/+/90792715:57
opendevreviewPierre Riteau proposed openstack/kayobe stable/zed: Reload NetworkManager on DNS config change  https://review.opendev.org/c/openstack/kayobe/+/90792815:58
mnasiadkafrickler, bbezak, kevko: I guess we should do https://review.opendev.org/c/openstack/kolla/+/907901 now (since we merged the change in k-a yesterday) ;-)16:14
fricklermnasiadka: hmm, ovn jobs are failing for that ... :-/16:27
frickleractually were failing on https://review.opendev.org/c/openstack/kolla-ansible/+/901695 already without anyone noticing (blaming myself). might need a revert unless there's an easy fix16:29
mnasiadkafrickler: it's not only that patch that we're failing on OVN, I'll have a look tomorrow why16:30
mnasiadkaI doubt that caused those failures16:31
mnasiadkabut let's try a revert if that fixes16:32
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Revert "openvswitch: use Ansible modules to set up bridge"  https://review.opendev.org/c/openstack/kolla-ansible/+/90793116:32
SvenKieskemhm, can we make these jobs voting then, maybe? I still don't get when to look at failed non voting jobs, and when not to. it also seems nobody else does it right as well, because apparently no one looked at that jobs.16:35
fricklermnasiadka: well there were some successful runs yesterday16:35
frickleryes, we should make them voting again, but there's the proposal to switch the default anyway, which would implicitly do that I guess16:36
mnasiadkayup16:36
SvenKiesketrue, should I prepare a special patch for that or should that be handled by the "make ovn default" patch?16:37
mnasiadkalet's handle that in make ovn default, and ensure ovs jobs will also be voting16:39
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: openvswitch: Use fail_mode standalone for br-ex  https://review.opendev.org/c/openstack/kolla-ansible/+/90816616:40
mnasiadkaand let's see if that fixes OVN as well16:40
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Template system scoped admin-openrc and clouds.yml files  https://review.opendev.org/c/openstack/kolla-ansible/+/90816816:41
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Template system scoped admin-openrc and clouds.yml files  https://review.opendev.org/c/openstack/kolla-ansible/+/90816816:42
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Revert "Disable new defaults and scope for Ironic (RBAC)"  https://review.opendev.org/c/openstack/kolla-ansible/+/90727416:42
opendevreviewMichal Nasiadka proposed openstack/kolla master: Add ovn-bgp-agent / FRR / Horizon BGPVPN dashboard  https://review.opendev.org/c/openstack/kolla/+/89161716:47
opendevreviewDawud proposed openstack/kolla-ansible master: Remove the `grafana` volume  https://review.opendev.org/c/openstack/kolla-ansible/+/89913617:41
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Template system scoped admin-openrc and clouds.yml files  https://review.opendev.org/c/openstack/kolla-ansible/+/90816817:54
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Revert "Disable new defaults and scope for Ironic (RBAC)"  https://review.opendev.org/c/openstack/kolla-ansible/+/90727417:54
mnasiadkafrickler: https://review.opendev.org/c/openstack/kolla-ansible/+/908166 seems to fix ovn20:10
opendevreviewBartosz Bezak proposed openstack/kayobe master: DNM: ironic secure rbac test  https://review.opendev.org/c/openstack/kayobe/+/90819820:16
opendevreviewBartosz Bezak proposed openstack/kayobe master: DNM: ironic secure rbac test  https://review.opendev.org/c/openstack/kayobe/+/90819820:18
« Monday, 2024-02-05 Index Wednesday, 2024-02-07 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!