| stromgren | I'm working on adding monitoring for the MariaDB cluster via our external monitoring tool. "mariadb_monitor_password" doesn't work with the monitor user and I cannot figure out how I log in as root. Do anyone have some pointers or a link to where I can read about this? Thanks :) | 07:22 |
|---|---|---|
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Switch mariadb's loadbalancer from HAProxy to ProxySQL https://review.opendev.org/c/openstack/kolla-ansible/+/913724 | 07:59 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add backend TLS between MariaDB and ProxySQL https://review.opendev.org/c/openstack/kolla-ansible/+/909912 | 07:59 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add frontend TLS ability to ProxySQL https://review.opendev.org/c/openstack/kolla-ansible/+/925500 | 07:59 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Fix upgrade jobs failing on adding new certificates https://review.opendev.org/c/openstack/kolla-ansible/+/926284 | 07:59 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add frontend database TLS for Keystone https://review.opendev.org/c/openstack/kolla-ansible/+/925507 | 07:59 |
| opendevreview | Michel Nederlof proposed openstack/kolla-ansible stable/2024.1: Make managing Docker containers with systemd optional https://review.opendev.org/c/openstack/kolla-ansible/+/926402 | 10:07 |
| opendevreview | Michel Nederlof proposed openstack/kolla-ansible master: Make managing Docker containers with systemd optional https://review.opendev.org/c/openstack/kolla-ansible/+/926403 | 10:09 |
| kevko | stromgren: monitor user is without password if haproxy used for balancing ... it's used only if proxysql is used ... | 11:58 |
| kevko | stromgren: as far as I know ..maybe it's different nowadays .. | 11:58 |
| opendevreview | Michal Arbet proposed openstack/kolla-ansible master: Fix nova-libvirt's secrets - device or resource is busy https://review.opendev.org/c/openstack/kolla-ansible/+/924548 | 12:19 |
| opendevreview | Michal Arbet proposed openstack/kolla-ansible master: Refactor external ceph https://review.opendev.org/c/openstack/kolla-ansible/+/907166 | 12:19 |
| opendevreview | Michal Arbet proposed openstack/kolla-ansible master: Use more descriptive libvirt secret names corresponding to reality https://review.opendev.org/c/openstack/kolla-ansible/+/926408 | 12:19 |
| kevko | After consulting foundation legal counsel, this type of integration should not be a problem from a licensing perspective as long as no BSL licensed code is added into OpenStack code and as long as use of the HashiCorp product remains optional. <<< | 13:15 |
| kevko | What you are saying now ? Regarding consul and similar projects ? | 13:15 |
| kevko | This was discussed directly with openinfra ... | 13:17 |
| *** jhorstmann is now known as Guest536 | 13:55 | |
| deflated | Hi all, quick question, i need to connect to kollas haproxy from a separate haproxy instance so need to add accept-proxy to kollas haproxy implementation, just not sure where i would add this. Thanks in advance | 15:49 |
| kevko | deflated: just use config override ? | 16:04 |
| deflated | I could, and i know that i can just put overrides in global, just lost as to what that string would be to add accept-proxy to the default haproxy deployment | 16:07 |
| deflated | my google fu is failing me | 16:08 |
| deflated | Looking at this: https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/haproxy-config/defaults/main.yml would haproxy_frontend_http_extra: | 16:12 |
| deflated | - "option accept-proxy" work? | 16:12 |
| jovial | Might need to modify the template: https://github.com/openstack/kolla-ansible/blob/2fc15e6c82cbdf02a4b9828c6ae8d7c81fec35c7/ansible/roles/haproxy-config/templates/haproxy_single_service_split.cfg.j2 | 16:16 |
| jovial | Do you need it after bind? | 16:16 |
| jovial | i.e here: https://github.com/openstack/kolla-ansible/blob/2fc15e6c82cbdf02a4b9828c6ae8d7c81fec35c7/ansible/roles/haproxy-config/templates/haproxy_single_service_split.cfg.j2#L50 | 16:17 |
| deflated | From what i know of haproxy (im learning), send-proxy can go ON the bind line | 16:17 |
| kevko | deflated: give me example of before and after config you want to ...via paste.openstack.org for example and i will try to help you | 16:17 |
| deflated | sorry, accept-proxy i mean, kevko, i think jovial is on the right track and modifying that line to include accept-proxy would work, so {{ "bind %s:%s %s"|e|format(vip_address, service_port, tls_option accept=proxy)|trim() }} | 16:20 |
| deflated | man, i cant type this afternoon, accept-proxy even | 16:20 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!