| opendevreview | Maksim Malchuk proposed openstack/kolla-ansible master: Make certificates role more configurable https://review.opendev.org/c/openstack/kolla-ansible/+/934514 | 00:33 |
|---|---|---|
| EugenMayer440180 | Hello. Upgrading from 2024.1 to 2024.1 i'am suprised that the "-i" inventory flag no longer exists for kollab-ansible? It is still documented at https://docs.openstack.org/kolla-ansible/latest/user/operating-kolla.html#kolla-ansible-cli | 18:09 |
| EugenMayer440180 | But running the pull fails | 18:09 |
| EugenMayer440180 | kolla-ansible -i /etc/kw-openstack/ansible-inventory pull | 18:09 |
| EugenMayer440180 | kolla-ansible: '-i /etc/kw-openstack/ansible-inventory pull' is not a kolla-ansible command. See 'kolla-ansible --help'. | 18:09 |
| EugenMayer440180 | Did you mean one of these? | 18:09 |
| EugenMayer440180 | help | 18:09 |
| EugenMayer440180 | pull | 18:09 |
| EugenMayer440180 | stop | 18:09 |
| EugenMayer440180 | --- | 18:10 |
| EugenMayer440180 | Basically i'am at the step of prepulling my docker images, then prechec then upgrade - the usual procedure | 18:11 |
| EugenMayer440180 | running 'kolla-ansible --help` does no longer list the option https://gist.github.com/EugenMayer/ddc34894388228c279801ac5b335fe4b | 18:12 |
| EugenMayer440180 | Cannot really find anything on https://docs.openstack.org/kolla-ansible/2024.2/ neither in https://docs.openstack.org/releasenotes/kolla/2024.2.html#upgrade-notes | 18:15 |
| EugenMayer440180 | Do i miss something obvious? Some docs i missed this time (those are the sources i usually use) | 18:15 |
| EugenMayer440180 | i'am installing ansible via the repo from the stable/2024.2 branch: | 18:16 |
| EugenMayer440180 | kolla-ansible --version | 18:16 |
| EugenMayer440180 | kolla-ansible 19.0.1.dev2 | 18:16 |
| EugenMayer440180 | Ok, checking the commits on the repo and the diffs i found https://github.com/openstack/kolla-ansible/commit/95166909e0ec45333b84fc167e577acb0922a49f#diff-7d78a22dd4d8e841997abc06a28d2c596044286833bbea09113e1401ede129aeR11 | 18:18 |
| EugenMayer440180 | so it needs to be: kolla-ansible pull -i /etc/kw-openstack/ansible-inventory | 18:19 |
| EugenMayer440180 | I assume this needs some doc updates | 18:19 |
| EugenMayer440180 | I see, those notes here https://docs.openstack.org/releasenotes/kolla-ansible/unreleased.html#upgrade-notes do hint, but the official docs still use the other order. Well i guess it is WIP in progress and known | 18:35 |
| EugenMayer440180 | --- | 18:35 |
| EugenMayer440180 | different issue, seen that proxysql got an update in https://docs.openstack.org/releasenotes/kolla/2024.2.html#upgrade-notes .. when i run kollab-ansible upgrade proxysql fails to start : https://gist.github.com/EugenMayer/9076583b85399c101b5db8b9c44c4f17 | 18:39 |
| EugenMayer440180 | 2024-11-09 19:38:13.582 ERROR MissingRequiredSource: /var/lib/kolla/config_files/ca-certificates/root.crt file is not found .. i'am using TLS, it seems ome kind of migratrion failed here? | 18:39 |
| EugenMayer440180 | I assume, by https://docs.openstack.org/kolla-ansible/latest/admin/tls.html#quick-start i might have been missing 'kolla_copy_ca_into_containers: "yes"' in my globals.yaml | 18:45 |
| EugenMayer440180 | No, actually since i use offially signed certs, that should not be needed. Odd now i'am stuck. | 18:53 |
| EugenMayer440180 | Anybody able to hint me where to follow up with the proxsql issue? | 18:53 |
| EugenMayer440180 | on my controller under `/etc/kolla/proxysql` there is no `ca-certificates` folder ( i have seen that this folder is mounted into /var/lib/kolla/config_files) | 18:56 |
| EugenMayer440180 | This is my setup https://gist.github.com/EugenMayer/2d48f79ccb69e57de8008beee99b4057 - this worked for 2024.1 and now proxysql broke during the upgrade to 2024.2 and proxy - any help or hint would be appritated | 19:00 |
| EugenMayer440180 | The configuration changed from 2024.1 to 2024.2 - (2024.1 https://github.com/openstack/kolla-ansible/blob/stable/2024.1/ansible/roles/loadbalancer/templates/proxysql/proxysql.json.j2) vs 2024.2 https://github.com/openstack/kolla-ansible/blob/2b61c956e1e236c24905b5ee49786e70d4b2e145/ansible/roles/loadbalancer/templates/proxysql/proxysql.json.j2#L30 | 19:08 |
| EugenMayer440180 | seems like this is not somehow expected to exist, but not ensured beforehand? | 19:08 |
| EugenMayer440180 | copying /etc/kw-openstack/certificates/ca/root.crt manually to the controller under /etc/kolla/{proxysql,mariadb}/ca-certificates/root.crt seems to fix both startup issues, but that cannot be the intention. Did the TLS/SSL configuration change somehow and my config has not been properly adapted? Now, when running the upgrade, i fail at | 19:16 |
| EugenMayer440180 | TASK [mariadb : Wait for MariaDB service to be ready through VIP] ************************************************************************************************************************************************************* | 19:16 |
| EugenMayer440180 | Assuming that some configuration is not either not aware of the root.crt or it is the wrong one in the first place | 19:16 |
| EugenMayer440180 | (assuming Haproxy?) If anybody can point me somewhere, i would be happy :) not sure i cannot push it myself any further | 19:18 |
| EugenMayer440180 | kind of assuming the reason to be https://gist.github.com/EugenMayer/2d48f79ccb69e57de8008beee99b4057#file-globals-yaml-L8 .. since i want to use official certificates, i actually do not need to run `kolla-ansible certificates` to generate those. This worked until now | 19:30 |
| EugenMayer440180 | Open for any suggestions :) | 19:31 |
| EugenMayer440180 | (i would love to switch to Lets Encrypt, but since only http-challanges are supported, not DNS, it is a no-go https://docs.openstack.org/kolla-ansible/latest/admin/acme.html) | 19:34 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!