Wednesday, 2024-02-07

« Tuesday, 2024-02-06 Index Thursday, 2024-02-08 »
opendevreviewPierre Riteau proposed openstack/kayobe stable/zed: Handle transition of Yoga to unmaintained  https://review.opendev.org/c/openstack/kayobe/+/90824806:49
opendevreviewDr. Jens Harbott proposed openstack/kolla stable/zed: stable-only: Drop upgrade testing  https://review.opendev.org/c/openstack/kolla/+/90824906:54
fricklergood point, we need to stop testing upgrades from yoga06:55
opendevreviewPierre Riteau proposed openstack/kayobe master: Build letsencrypt images  https://review.opendev.org/c/openstack/kayobe/+/90772306:55
opendevreviewDr. Jens Harbott proposed openstack/kolla-ansible stable/zed: stable-only: Drop upgrade testing  https://review.opendev.org/c/openstack/kolla-ansible/+/90825007:00
opendevreviewPierre Riteau proposed openstack/kayobe-config-dev stable/2023.2: Use dummy1 as bridge port instead of eth1  https://review.opendev.org/c/openstack/kayobe-config-dev/+/90793907:02
opendevreviewPierre Riteau proposed openstack/kayobe-config-dev stable/2023.1: Use dummy1 as bridge port instead of eth1  https://review.opendev.org/c/openstack/kayobe-config-dev/+/90794007:03
opendevreviewPierre Riteau proposed openstack/kayobe-config-dev stable/zed: Use dummy1 as bridge port instead of eth1  https://review.opendev.org/c/openstack/kayobe-config-dev/+/90826107:03
frickleroh, gerritbot doesn't show unmaintained patches for kolla. this is kind of good I think, wanted to ask about that in the meeting07:09
fricklerbut just for reference: remote:   https://review.opendev.org/c/openstack/kolla/+/908251 Drop publishing and periodic jobs [NEW]        07:09
opendevreviewDr. Jens Harbott proposed openstack/kolla-ansible stable/zed: stable-only: Drop upgrade testing  https://review.opendev.org/c/openstack/kolla-ansible/+/90825008:11
mnasiadkafrickler: should we update dashboards with a separate section for unmaintained branches?08:26
opendevreviewMerged openstack/kolla stable/zed: stable-only: Drop upgrade testing  https://review.opendev.org/c/openstack/kolla/+/90824908:29
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Rework horizon role to support local_settings.d  https://review.opendev.org/c/openstack/kolla-ansible/+/90634708:29
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: [CI] Enable testing horizon  https://review.opendev.org/c/openstack/kolla-ansible/+/90771808:29
opendevreviewMark Goddard proposed openstack/kayobe master: CI: Test custom routes & rules on EL9  https://review.opendev.org/c/openstack/kayobe/+/89994108:45
opendevreviewPierre Riteau proposed openstack/kayobe master: Support credentials for custom DNF repositories  https://review.opendev.org/c/openstack/kayobe/+/90814208:55
fricklermnasiadka: I would rather prefer to have all unmaintained things out of my view, but that's also something we can discuss in the meeting09:04
opendevreviewPierre Riteau proposed openstack/kayobe master: Fix wording of confirm_deprovision docs  https://review.opendev.org/c/openstack/kayobe/+/90825909:16
mnasiadkafrickler: any idea why https://review.opendev.org/c/openstack/kolla/+/907824 is failing on contraints?09:20
fricklermnasiadka: yes, because requirements hasn't got the new branch yet, so things are falling back to master constraints. should be fixed soon I hope09:20
opendevreviewDawud proposed openstack/kayobe master: Fix wipe-disks role to work on util-linux > 2.37  https://review.opendev.org/c/openstack/kayobe/+/90710509:22
mnasiadkafrickler: ack09:23
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: openvswitch: Stop setting fail_mode for external bridges  https://review.opendev.org/c/openstack/kolla-ansible/+/90816609:38
opendevreviewMatt Crees proposed openstack/kayobe stable/2023.2: Fix: configure etc-hosts for overcloud group  https://review.opendev.org/c/openstack/kayobe/+/90826209:46
opendevreviewMatt Crees proposed openstack/kayobe stable/2023.1: Fix: configure etc-hosts for overcloud group  https://review.opendev.org/c/openstack/kayobe/+/90826309:46
opendevreviewMerged openstack/kolla-ansible master: Update keystone service user passwords  https://review.opendev.org/c/openstack/kolla-ansible/+/90317810:07
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557710:23
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Ironic: enable elevated access for users with service role  https://review.opendev.org/c/openstack/kolla-ansible/+/90800710:29
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Template system scoped admin-openrc and clouds.yml files  https://review.opendev.org/c/openstack/kolla-ansible/+/90816810:29
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Revert "Disable new defaults and scope for Ironic (RBAC)"  https://review.opendev.org/c/openstack/kolla-ansible/+/90727410:29
opendevreviewMerged openstack/kolla-ansible master: Enable HAProxy Prometheus metrics endpoint  https://review.opendev.org/c/openstack/kolla-ansible/+/87711810:33
SvenKieskebbezak: mnasiadka: and maybe anyone else: regarding https://review.opendev.org/c/openstack/kolla-ansible/+/815577 I'd like to hold down on merging please for a bit, because I quite don't understand why that patch is even necessary, the default keystone service user role should be "service" for a long time, so I don't know why this patch works the way it does10:52
SvenKieskecommented on the patchset, my understanding might still be incomplete but I'm 75% sure this should be solved in a simpler fashion, but maybe I overlooked something11:00
frickleradded some more -1 reasoning, thx for pointing that out SvenKieske 11:10
SvenKieskefrickler: thanks for the pointer about the etherpad, I was just about to comment that as well. It might also be worth to archive this etherpad somewhere longer lasting and/or update it. I did save a local copy just now.11:14
SvenKieskeI'll take a short nap, fosdem made me sick (again) -.- see you later11:16
fricklerunfiltered gaseous interchange with thousands of other humans makes ppl sick? what a surprise *scnr*11:17
opendevreviewVerification of a change to openstack/kayobe master failed: Fix: configure etc-hosts for overcloud group  https://review.opendev.org/c/openstack/kayobe/+/90730611:27
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to service users  https://review.opendev.org/c/openstack/kolla-ansible/+/81557711:28
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: openvswitch: Set fail_mode to standalone for external bridges  https://review.opendev.org/c/openstack/kolla-ansible/+/90816611:41
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: openvswitch: Set fail_mode to standalone for external bridges  https://review.opendev.org/c/openstack/kolla-ansible/+/90816611:41
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: openvswitch: Set fail_mode to standalone for external bridges  https://review.opendev.org/c/openstack/kolla-ansible/+/90816611:42
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: openvswitch: Set fail_mode to standalone for external bridges  https://review.opendev.org/c/openstack/kolla-ansible/+/90816611:44
mnasiadkafrickler, SvenKieske, bbezak: https://review.opendev.org/c/openstack/kolla-ansible/+/908166 - I hope this has enough background in commit message right now :)11:44
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Rework horizon role to support local_settings.d  https://review.opendev.org/c/openstack/kolla-ansible/+/90634711:45
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: [CI] Enable testing horizon  https://review.opendev.org/c/openstack/kolla-ansible/+/90771811:45
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Fix horizon deployment  https://review.opendev.org/c/openstack/kolla-ansible/+/90829311:45
opendevreviewAlex Welsh proposed openstack/kayobe stable/yoga: Fix ansible requirements  https://review.opendev.org/c/openstack/kayobe/+/90829411:47
fricklermnasiadka: now that's what I call a commit message ;) thx. but now I wonder if that setting is just a workaround masking some hidden bug in the setup. why would that standalone mode be needed if OVN is running properly?11:51
mnasiadkaso, in bash scripts we didn't supply fail_mode - so it was standalone11:51
mnasiadkaAnsible module seems to have some weird issue on reconfigure - see here: https://b15374aad6eb87dbf340-28a36564c8fcedcf018c712a9987c604.ssl.cf5.rackcdn.com/908166/2/check/kolla-ansible-debian/dceef6d/primary/logs/ansible/reconfigure11:51
fricklermnasiadka: so then it was an older bug, not a new one?11:51
mnasiadkayeah, I'll raise a bug in openvswitch collection for tracking11:53
frickler"cmd": "/usr/bin/ovs-vsctl -t 5 set-fail-mode br-ex None" that looks like a bug in that module, too11:53
fricklerbut still I don't see why we need standalone instead of secure?11:53
opendevreviewIvan Halomi proposed openstack/kolla-ansible master: Refactor of docker worker  https://review.opendev.org/c/openstack/kolla-ansible/+/90829511:53
mnasiadkafrickler: secure drops all flows if controller is not putting any flows in that bridge, seems in OVN case all flows are on br-int11:55
mnasiadkabr-int though needs to have fail_mode secure11:55
mnasiadkaas in https://patchwork.ozlabs.org/project/ovn/patch/20210507174947.1879798-1-flavio@flaviof.com/#267888611:56
fricklerah, one bridge to switch them all. I guess that's ok then, thx12:34
SvenKieskemhm12:58
SvenKieskethere's a recent ovn bug with regards to snat btw, just fyi12:58
opendevreviewJake Hutchinson proposed openstack/kayobe master: Add NTP parameter configuration  https://review.opendev.org/c/openstack/kayobe/+/89519913:13
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: openvswitch: Set fail_mode to standalone for external bridges  https://review.opendev.org/c/openstack/kolla-ansible/+/90816613:34
mnasiadkaSvenKieske: link?13:35
mnasiadkafrickler: https://github.com/ansible-collections/openvswitch.openvswitch/issues/86 - seems there's a bug opened since 2021 :)13:38
mnasiadkafrickler: and OSA does the same thing: https://github.com/openstack/openstack-ansible-os_neutron/commit/f94959745c59f8978d5ed2592b3f2007ff8b28aa13:39
mnasiadkamgoddard mnasiadka bbezak frickler kevko SvenKieske mmalchuk gkoper jangutter jsuazo jovial osmanlicilegi mattcrees dougszu - meeting in 9!13:51
mnasiadka#startmeeting kolla14:00
opendevmeetMeeting started Wed Feb  7 14:00:01 2024 UTC and is due to finish in 60 minutes.  The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
opendevmeetThe meeting name has been set to 'kolla'14:00
mnasiadka#topic rollcall14:00
mnasiadkao/14:00
mmalchuk\o14:00
osmanlicilegio/14:00
dougszu|o14:00
jovial\o14:00
frickler\o14:00
mhinero/14:00
kevko\o/14:00
bbezak\o14:01
mattcreeso/14:01
janguttero/14:01
SvenKieskeo/14:01
mnasiadka#topic agenda14:02
mnasiadka* CI status14:02
mnasiadka* Release tasks14:02
mnasiadka* Regular stable releases (first meeting in a month)14:02
mnasiadka* Current cycle planning14:02
mnasiadka* Additional agenda (from whiteboard)14:02
mnasiadka* Open discussion14:02
mnasiadka#topic CI status14:02
mnasiadkaSo, we broke OVN jobs - fixing that with https://review.opendev.org/c/openstack/kolla-ansible/+/90816614:02
mnasiadkaRocky9 Ironic CI is suffering from ironic-api vs ironic-inspector race14:02
mnasiadkaany other CI issues that I haven't noticed?14:02
mnasiadkaAnd centos9 decided to break libvirt14:03
bbezakcephadm jobs?14:03
bbezaklast time I checked those were failing14:03
mnasiadkayeah, those fail from time to time, but maybe there's something new in them14:03
mnasiadkaanyway, CI needs some love14:03
frickleryoga is gone to unmaintained, so upgrade jobs in zed will be failing, too. I pushed patches already14:03
mnasiadkaOk, let's merge those if they pass14:04
mnasiadka#topic Release tasks14:04
mnasiadkaR-8 week - nothing planned for it in release schedule14:04
mnasiadka#topic Regular stable releases14:05
mnasiadkaDid we get in the stable releases in Jan?14:05
bbezakyes14:05
mnasiadkafantastic, so then it's time for Feb releases (excluding Yoga of course)14:05
mnasiadkaAny volunteer?14:05
bbezakcan do14:06
bbezakaka will do14:06
fricklerupdating the docs to drop yoga would also be nice14:06
mnasiadkagood idea14:06
mnasiadka#topic Current cycle planning14:06
mnasiadkaWe bumped Ansible14:06
mnasiadkajovial: Would be nice to do the same in Kayobe14:07
jovialSounds like a good idea14:07
mnasiadkaI started working on the OVN BGP Agent14:07
mnasiadkaThe same for Ubuntu 24.04 LTS - so we don't do it last minute14:07
SvenKieskeslightly OT but might be good to be aware of, this OVN SNAT bug, if you haven't seen it already: https://bugs.launchpad.net/bugs/205193514:08
mnasiadkaSLURP patch would like some reviews I guess - https://review.opendev.org/c/openstack/kolla-ansible/+/90532214:08
bbezakI think I'll add secure RBAC for ironic to the release tasks, as it looks we need to push it there this release14:08
mnasiadkaSvenKieske: that's probably a bit unusual setup, as in two levels of routers14:08
SvenKieske+1 I'm happy to review the rbac and service role stuff, want to be done with it :D14:08
SvenKiesketrue, regarding the bug, but still a little bit disturbing.14:09
mnasiadkaanybody working on anything from the list?14:09
mnasiadkalist == whiteboard L23114:09
SvenKieskeI pestered some folks from OSBA regarding mirrors at fosdem14:10
mnasiadkaAny luck?14:10
SvenKieskemight be we actually get new mirrors for a more stable CI, but I believe it when I see it (I guess I will need to do more talking still)14:10
mnasiadkaOk then, good luck ;)14:11
SvenKieskeit was promised to me under the influence of some alcohol, so let's see how the promise holds up once everyone is sober ;)14:11
mnasiadkaOk, let's move to topics from whiteboard14:12
mnasiadka#topic Additional agenda (from whiteboard)14:12
mnasiadka(SvenKieske): https://bugs.launchpad.net/kolla-ansible/+bug/2049762 (service token verification in cinder wrong?)14:12
mnasiadkaSvenKieske: I guess after bbezak's work - we could just stop setting service_token = admin?14:12
SvenKieskeyeah14:12
kevkowe should 14:13
SvenKieskeI proposed a singular patch for that, I was curious if our CI would break, it didn't, at least not obvious. I guess it's a matter of taste if we want two patches for that14:13
mnasiadkaok, we should get all service roles/tokens/ironic system scope patches as RP+1 and start reviewing them14:14
SvenKieskeI'm fine either way, we probably need to discuss the service role patch distinctly. I think it can be much simpler than it currently is.14:14
mnasiadkabbezak: can you group them in a topic and do RP+1?14:14
SvenKieskebig +1 from me on getting this stuff over the line :)14:14
bbezakservice role is ready to review https://review.opendev.org/c/openstack/kolla-ansible/+/81557714:14
bbezakthe other one I have some more ideas14:14
bbezakbut yeah, I'll group them in the topic14:15
mnasiadkagoodie, thanks14:15
mnasiadka(bbezak): Service role discussion - https://review.opendev.org/c/openstack/kolla-ansible/+/815577/14:15
mnasiadkaanything to discuss here?14:15
bbezakindeed, there were some questions from frickler and SvenKieske if we need admin role still for service users14:16
bbezakand we probably don't for some services14:16
bbezakhowever not all projects implemented service role support14:16
bbezakhttps://etherpad.opendev.org/p/rbac-goal-tracking#L4814:17
fricklerbut if this isn't ready upstream, do we need to adopt it at all already?14:17
bbezakironic needs it, cinder apparently too for this service_token14:18
SvenKieskefrickler: well some projects (cinder/nova) do regard our current handling of admin role as a security bug, if you read https://bugs.launchpad.net/kolla-ansible/+bug/204976214:18
fricklerso then only change the accounts for those projects? also hurray for openstack doing wildly inconsistent stuff once again14:18
jovialSeems sane to adopt it for the projects that support it14:19
mnasiadkayeah, I think we should implement what works today, and track the rest of the projects14:19
SvenKieskeI think we should configure stuff with the minimum needed roles possible, obviously. and if we need to maybe split up the existing service_ks_register role for that, fine.14:19
mnasiadkabbezak: seems you went in a nice rabbit hole14:19
bbezak:)14:20
SvenKieskeI actually don't think we should let users override this, but if user are already using it, we can't of course deprecate this functionality this fast.14:20
bbezakI adopted old change that did the same thing and polished it with new services etc.14:20
SvenKieskeit is a rabbit hole, for sure. at least I learned some stuff about ironic and rbac in keystone :)14:20
bbezakI'm fine with going with service role only for ironic/cinder for now14:20
bbezaklet's see if it will work14:20
bbezakI'll focus on ironic14:21
mnasiadkaThere's Neutron mentioned in the rbac goals14:21
bbezakand SvenKieske could for cinder with his patch for service tokens14:21
mnasiadkaProblem with service tokens in cinder is that we need to backport this all the way to zed (unmaintained/yoga ?)14:21
mnasiadkaSo maybe the question is what is the minimum set cinder needs14:21
SvenKieskeokay for me, but then I guess I need to adapt it to explicitly use the "service" role. I'm not sure I understand our config merging code in this regard :D14:22
SvenKieskemnasiadka: ack14:22
bbezakI thought that adding service roles for all services is a solution that could would solve our issues in the future14:22
mnasiadkabbezak: as long as those services support it :)14:22
bbezakbut we could do that selectively too14:22
mnasiadkaand it seems some support it in 2023.1, some 2023.2, etc14:22
bbezakadding service role won't hurt :)14:23
mnasiadkaSo seems like fantastic mess14:23
mnasiadkayeah well, if it's not needed and supported, then maybe it doesn't make sense14:23
bbezakI agree14:23
mnasiadkaso maybe we should have per service/service group patches14:23
bbezak75% agree :)14:24
mnasiadkaI know that's more work, but this way we can decide what to backport14:24
bbezakbut yeah it is a mess. Ironic being in fact only service with system scope is somewhat breaking my mind14:24
SvenKieskebbezak: I think in the long run your approach is fine, I don't know if we need to patch each service for that, though. maybe have three widgets for this? $service_role_default=service $service_role_not_migrated_yet=admin $service_role_user_override_beware_here_be_dragons=foobar14:24
bbezakbut that's different story14:24
SvenKieskebbezak: you are not alone in that, I still don't know if I understood all this really (I think I didn't)14:25
SvenKieskemaybe someone needs to draw a nice flowchart how this works :D14:25
mnasiadkaWell, I think it might make sense to implement service roles for those projects, that support that today14:26
jovialI guess the service user doesn't get any more perms with the service role over admin. So I can see bbezak's point of doing it in a big bang.14:26
mnasiadkawe have a list on the etherpad14:26
mnasiadkaI don't think just adding the role fixes anything, still we need some per-service configuration (e.g. cinder.conf) entries, right?14:27
SvenKieskeI was under the impression bbezak did refresh that etherpad, is the information in there current, or stale?14:27
bbezakold etherpad with system scope is stale14:27
SvenKieskemnasiadka: at least for some services I think a customization is currently needed (not 100% sure)14:28
bbezakmnasiadka: adding service rolesis just initial thing yes14:28
bbezakironic for instance needs also that - https://review.opendev.org/c/openstack/kolla-ansible/+/90800714:28
bbezakif not then system scope member user14:28
mnasiadkayeah, I get that - and on Ironic side they enabled enforcing new defaults14:29
mnasiadkameaning enforcing system scope14:29
mnasiadkaI'm not a fan of adding a role to a user just because 7 years later they might support service roles14:29
bbezakok, I'll add it just for ironic. will check if it will cope with just service role, or it will need admin too14:30
mnasiadkaI can have a look on Neutron, as in how to switch it to use service role in service-to-service communication14:31
bbezakfurthermore the inital change for adding service roles to all projects was somewhat agreed within the comments of then PTL14:31
bbezakbut I agree that things pivoted since then14:32
bbezakout of system scope most importantly14:32
mnasiadkaWe assumed every project will implement it in a reasonable time14:33
mnasiadkaNow it seems it's not that simple14:33
mnasiadkascope implementation and service role are different phases14:33
bbezakand scope died, so :)14:34
mnasiadkawell, system scope died14:34
bbezakyeah14:34
bbezakok, I'm done with secure rbac for now thx :)14:34
SvenKieskexD14:34
mnasiadka#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#change-in-scope-implementation14:34
mnasiadkaok, let's move on14:35
mnasiadka(mnasiadka): Add unmaintained/* reviews to Gerrit dashboards (another section or stable backports)14:35
mnasiadkabasically gerrit bot doesn't announce patches to that branch14:35
mnasiadkaand we don't see them in the review dashboard as well14:36
mnasiadkaso either we get a new section in the review dashboard called Unmaintained branches14:36
mnasiadkaor we change the query for stable backports14:36
mnasiadkaor we basically don't care14:36
mnasiadkawhich one do we choose?14:36
SvenKieskeI'm confused (again) why do we want notifications on unmaintained branches? wasn't the point that the "unmaintained" team handles those?14:37
* frickler don't core14:37
SvenKieskeso I would opt for don't care, but maybe someone has a compelling reason? I can't think of any though.14:37
fricklerehm ... care even ... but core is also not wrong ;)14:37
mmalchukI'm confused with Kayobe - there is 2 commits in stable/yoga which are not in unmaintained/yoga14:37
mnasiadkaMaybe another question14:37
mnasiadkammalchuk: this one later14:37
mnasiadkaWho wants to maintain unmaintained/yoga for Kolla/Kolla-Ansible apart SHPC?14:38
mmalchukme14:38
mmalchukI'm always care for backports14:38
SvenKieskeI may contribute drive-by backports on a case by case basis, but I wouldn't count that officially :)14:38
fricklerthen likely you should create a kolla-unmaintained-core group and amend the gerrit acls14:39
fricklerI can find an example patch after the meeting14:39
SvenKieskemakes sense14:39
mnasiadkafrickler: what if we would prefer that the kolla-core group is core for unmaintained branches? :)14:40
fricklermnasiadka: well I would prefer to not be core for unmaintained14:40
SvenKieskeshouldn't kolla-core be cleaned up either way? I swear I've seen people in their where their last patch/contribution was somewhere in 2017 or so?14:41
fricklerthat's yet another topic14:41
SvenKieskethere*14:41
mnasiadkafrickler: but by default what are the ACLs? kolla-core has rights or some openstack-unmaintained-core?14:41
fricklerthe latter only14:41
mnasiadkaok14:41
mnasiadkaI'll create kolla-unmaintained-core and kayobe-unmaintained-core14:42
mnasiadkaand add current cores for starters, nobody is forced to review anything - just like in the usual EM branches14:42
fricklermnasiadka: cf. I169e52d5fb545c675549ce06fef1ca2f8eb1de8614:43
mnasiadkafrickler: thanks14:45
mnasiadkaok, let's go forward14:45
mnasiadka(dougszu): Discuss sending all service and infra logs to journald (don't shoot).14:45
mnasiadkadougszu: please elaborate ;-)14:45
mmalchukabout 2 commits above unmaintained/yoga in Kayobe?14:45
mnasiadkammalchuk: they will be merged in unmaintained/yoga once requirements repo has unmaintained/yoga14:46
dougszuSo basically, oslo.log can output additional logging info, that we don't currently get: https://docs.openstack.org/oslo.log/latest/admin/journal.html14:46
mnasiadkanow nothing is mergable14:46
dougszuThere are two ways to get the extra info - write out logs in JSON format, which means they are less readable on the box, or send everything to journald14:46
SvenKieskedougszu: I'm personally a big +1 on this, as it streamlines the logging infrastructure more. I don't know about the implementation though, but I guess I already commented on the patch.14:47
kevkoonly one +2 and +w for unmaintained branches ! :) 14:47
mmalchukmnasiadka stable/yoga would be dropped as after merge?14:47
mnasiadkammalchuk: yup14:47
mmalchukthanks14:47
mnasiadkakevko: once they start working we can go back to that14:47
dougszuthanks Sven - I could look at alternatives to writing direct to the journal in the patch14:47
mnasiadkaI have a slightly complicated question - you know that RH-clones do not persist journal across reboots?14:48
jovialIs there a link to the patch?14:48
dougszuthere is no patch yet - some thoughts on the etherpad: https://etherpad.opendev.org/p/KollaWhiteBoard#L6314:48
jovialPersisting the journal can be enabled though, right?14:48
fricklermnasiadka: well thats configurable, isn't it? just create /var/log/journal14:48
jovialIIRC all you need to do is create the default direcotry14:49
mnasiadkafrickler: true, but still that's something that needs to be included14:49
mnasiadkaI assume we're speaking about not logging anymore to /var/log/kolla?14:49
SvenKieskewell we should probably do a robust config, not just create the directory, that means taking care that it doesn't overflow etc.14:49
dougszuCorrect - I am proposing to stop logging to /var/log/kolla, and hand over everything to journald14:50
SvenKieskewe could also for the first part redirect /var/log/journal to /var/log/kolla, it's also configurable which directory to use, probably better for older users14:50
mnasiadkaSvenKieske: that's not the same format, not really human readable14:50
SvenKieskethe location is totally orthogonal to the mechanism being used..14:50
kevkoi like var/log/kolla :) 14:50
mmalchukme too14:50
fricklerit is not only a matter of the directory, also text format vs. journal format14:50
SvenKieskesure it's human readable, just use "journalctl" ;)14:50
mnasiadkaSvenKieske: cat vs journalctl, err... no14:51
kevkoif i need to choose beetween journalctl and tail ..i am voting for tail 14:51
SvenKieskebut this is still a third orthogonal problem, can we please stop mixing problem spaces all the time? :)14:51
dougszujournalctl is pretty good if you take time to read the man page14:51
jovialjournalctl has some nice filtering options such as log priority14:51
SvenKieskeso we have three problems: a) using journald b) which location on the FS to log to c) which binary format to use (utmp is also a binary log file btw)14:52
mnasiadkaWe all understand that, but you know that proposal is like dropping Docker?14:52
mmalchukfiltering bad with multiline logs14:52
dougszu mmalchuk: there is no multi-line regex with this approach, it should fix some issues with that14:53
SvenKieskeso which problem do we want to talk about? all at once? because you can of course configure journald to output plain text and the location is configurable, so this really has nothing to do14:53
mnasiadkaI'm pretty sure there will be a lot of people disliking that approach14:53
kevkowhy to not provide user and option if he want to do a or b ? 14:53
dougszumaintenance14:53
dougszuYou could perhaps configure fluentd to write back out kolla logs from the journal14:54
mnasiadkaSo, we have 6 more minutes.14:54
jovialDon't we only care about giving the the services access to the journal socket. Where the logs are stored are up to how you configure the host OS.14:54
mnasiadkaUnless dougszu can formulate the proposal in depth in a separate etherpad - we will need to discuss that at the PTG.14:54
dougszuPTG sounds good, thanks all14:55
mnasiadkaI can't see an option we stop writing text files to /var/log/kolla/$service without a proper research, asking users on the ML and providing long deprecation phase14:55
kevkogrep -ri error /var/log/kolla :D 14:55
SvenKieskewell the current state of affairs is at least very inconsistent, afaik, correct me if I'm wrong but: a) we have logs shipped with fluentd into opensearch b) we have(?) some local only logs in /var/log/{kolla}, c) we have stuff like docker logs which are not persistet anywhere afaik. d) I honestly don't know what podman does e) we have journald installed by default for stuff like kernel/systemd logs by 14:55
SvenKieskedefault afaik anyway..14:55
mnasiadkaSvenKieske: PTG14:55
mnasiadkaIt's a very big change14:55
mnasiadkaUnless we are going to support both modes14:55
SvenKieskeit doesn't have to be. stop making things complicated. like, really!14:56
dougszu:D14:56
jovialSupporting both looks like it may be possible, right?14:56
kevkoSvenKieske: yeah and only b is the place where you are sure where all logs are present :D 14:56
SvenKieskes/syslog-ng/journald/ works, you know. if you do the proper config dance.14:56
mmalchukmission impossible)14:56
mnasiadkaWell, yes - but one of them won't have test coverage :)14:56
jovialJust use log_file and use_journal at the same time?14:56
SvenKieskekevko: not true, there aren't all logs in b)14:56
kevkoSvenKieske: okay + docker logs 14:57
SvenKieskebut I agree it seems to be a PTG topic, or for some larger meeting at least14:57
kevkoSvenKieske: fluent + openserarch works ...but until we will not drop parsing and regexp and will not use python fluent logger  ...it's 75% working logging system14:57
SvenKieskethe current logging state is a mess, to be honest. but still we need some careful planning to improve upon it and don't make it worse :)14:57
halomivaI want to ask, i started working on refactoring docker worker to not use low level client and instead use client similar with podman, i guess logical steps are to first merge this refactor and then try to put as many functions into container worker. What do you think about it?14:58
SvenKieskekevko: last time I looked there are no kernel logs in fluentd? :D it's a mess! ;)14:58
mnasiadkahalomiva: I think we refactored Kolla to do the same, right?14:58
SvenKieskehalomiva: sounds sane on the surface at least14:59
mnasiadkaSvenKieske: nobody stops you to run syslog-ng and forward logs to fluentd14:59
halomivamnasiadka: i think yes 14:59
mnasiadkahalomiva: so fine, I've seen the patch - is it ready for reviews?14:59
SvenKieskemnasiadka: right, and you can do the very same thing with journald, so that's not really a big thing, if you just talk about using journald (without all the binary log file blabla)14:59
mnasiadkaok, it's 16:0015:00
halomivawaiting for tests to finish, i tested it locally on basic deployment and it worked so we will see after tests15:00
mnasiadkaIt's the first meeting in last 2 years when we did use the full hour15:00
mnasiadkaThanks for coming guys!15:00
mnasiadka#endmeeting15:00
opendevmeetMeeting ended Wed Feb  7 15:00:37 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:00
opendevmeetMinutes:        https://meetings.opendev.org/meetings/kolla/2024/kolla.2024-02-07-14.00.html15:00
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/kolla/2024/kolla.2024-02-07-14.00.txt15:00
opendevmeetLog:            https://meetings.opendev.org/meetings/kolla/2024/kolla.2024-02-07-14.00.log.html15:00
mnasiadkahalomiva: good, I'll have a look :)15:00
kevkoSvenKieske: kernel logs ? I meant openstack logging ... don't mix system logs 15:00
mmalchukmnasiadka gerrit dropped stable/yoga right now15:01
SvenKieskesorry, for extending the duration (I guess I'm partly to blame), but thanks for all the input15:01
mnasiadkammalchuk: nice15:01
mmalchukwe will lost 2 commits15:01
mnasiadkammalchuk: I'm sure jovial knows which ones need resubmitting15:01
SvenKieskekevko: today you want full traceability of all logs in a single system, of course you want system logs as well15:01
opendevreviewIvan Halomi proposed openstack/kolla-ansible master: Refactor of docker worker  https://review.opendev.org/c/openstack/kolla-ansible/+/90829515:01
mmalchukmnasiadka jovial they both in detached state already)15:02
jovialI know priteau submitted one to test the status of the CI: https://review.opendev.org/c/openstack/kayobe/+/90828115:03
kevkoSvenKieske: agree, but kolla-ansible is focused to openstack deployment ...15:04
mmalchukok then, there are both from Pierre15:04
kevkoSvenKieske: I just want to say that I agree that good logging of openstack stacks will be fine ....but this is huuuuge task 15:04
jovialmmalchuk: Indeed, we may have to bundle a few up to get CI to pass15:06
mmalchuki see15:07
kevkoSvenKieske: some time ago i proposed elegant logging for openstack services via fluent logger ... gerrit XL change -> drop :D 15:07
jovialWe did ask the release team if there was anyway to move the commits across, but apparently resubmitting the changes is the only option15:08
SvenKieskeokay, well then let's just take our time and get it right (or at least better). I'm sure we will find a good solution for everyone :)15:09
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Rework horizon role to support local_settings.d  https://review.opendev.org/c/openstack/kolla-ansible/+/90634715:13
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Fix horizon deployment  https://review.opendev.org/c/openstack/kolla-ansible/+/90829315:13
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: [CI] Enable testing horizon  https://review.opendev.org/c/openstack/kolla-ansible/+/90771815:13
mnasiadkabbezak: cephadm jobs have some cinder upgrade problem - https://7892a49fff80be41bd93-7937b4b8835d06e87bcc77aa86f44280.ssl.cf5.rackcdn.com/908166/7/check/kolla-ansible-rocky9-upgrade-cephadm/99f369f/primary/logs/ansible/upgrade16:22
mnasiadkaubuntu fails on the same https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_095/908166/7/check/kolla-ansible-ubuntu-upgrade-cephadm/095ca6d/primary/logs/ansible/upgrade16:22
spatelI am running yoga release and now I want to add Gnocchi/ceilometer services. Can add zed release of Gnocchi & ceilometer? 16:29
spatelAssuming it won't create any issue right? 16:29
spatelWe can mix release right? (ofc not for core services but atleast other services) 16:30
opendevreviewMerged openstack/kayobe master: reno: Update master for unmaintained/yoga  https://review.opendev.org/c/openstack/kayobe/+/90781920:58
« Tuesday, 2024-02-06 Index Thursday, 2024-02-08 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!