| opendevreview | OpenStack Proposal Bot proposed openstack/puppet-openstack-integration master: Updated from Puppet OpenStack modules constraints https://review.opendev.org/c/openstack/puppet-openstack-integration/+/905169 | 03:02 |
|---|---|---|
| amoralej | i'm hitting a problem with p-o-i jobs related to mariadb that i suspect may affect you here | 10:11 |
| amoralej | apparently, we are configuring some certificates in mysqld config which does not exist, in the past that was a warning but now it's an error | 10:16 |
| amoralej | mmm but ssl is false | 10:17 |
| amoralej | yep, latest mariadb update changed behavior | 10:20 |
| amoralej | before, if it could not configure ssl when certificates were configured in config file, it simply gave a warning and continued without ssl, now it fails to start | 10:21 |
| amoralej | and ssl = false parameter is ignored | 10:21 |
| amoralej | we need to remove the ssl parameters from config file | 10:21 |
| amoralej | reported in upstream release notes https://mariadb.com/kb/en/mariadb-10-5-18-release-notes/#ssl | 10:23 |
| amoralej | tkajinam ^ probably all CS9 jobs will fail, i'm looking where to patch in p-o-i i guess | 10:24 |
| opendevreview | Alfredo Moralejo proposed openstack/puppet-openstack-integration master: Add ssl certificates to mariadb config only when SSL is enabled https://review.opendev.org/c/openstack/puppet-openstack-integration/+/905298 | 10:49 |
| opendevreview | Alfredo Moralejo proposed openstack/puppet-openstack-integration master: Add ssl certificates to mariadb config only when SSL is enabled https://review.opendev.org/c/openstack/puppet-openstack-integration/+/905298 | 11:14 |
| amoralej | ah, jobs are passing when ssl is enabled, i'm checking why in rdo jobs ssl is off | 11:49 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-openstack-integration master: Add ssl certificates to mariadb config only when SSL is enabled https://review.opendev.org/c/openstack/puppet-openstack-integration/+/905298 | 13:19 |
| tkajinam | amoralej, ah, that's a good catch. the change might be something we have to backport to old stable branches. I remember a similar problem seen in ubuntu jobs in old stable branches | 13:20 |
| tkajinam | amoralej, just refactored it a bit but will vote on it once zuul votes the result | 13:20 |
| amoralej | tkajinam, ^ iiuc your patch, that will leave default values from puppet-mysql for cert params right? i think defaults are bad for no-ssl config | 14:22 |
| amoralej | https://github.com/puppetlabs/puppetlabs-mysql/blob/main/manifests/params.pp#L94-L96 | 14:23 |
| amoralej | don't we need to explicitely undefine ? | 14:23 |
| amoralej | actually, in old releases, as xena, wich didn't support ssl in mysql it's failing with default values https://github.com/openstack/puppet-openstack-integration/blob/stable/xena/manifests/mysql.pp | 14:26 |
| tkajinam | amoralej, ugh, you are correct, I think | 14:31 |
| amoralej | i'm sending a patch to zed with appropiate patch for non-ssl case | 14:31 |
| opendevreview | Alfredo Moralejo proposed openstack/puppet-openstack-integration stable/zed: Undefine ssl certificate parameters for mariadb https://review.opendev.org/c/openstack/puppet-openstack-integration/+/905311 | 14:32 |
| amoralej | that ^ | 14:32 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-openstack-integration master: Add ssl certificates to mariadb config only when SSL is enabled https://review.opendev.org/c/openstack/puppet-openstack-integration/+/905298 | 14:33 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-openstack-integration master: Add ssl certificates to mariadb config only when SSL is enabled https://review.opendev.org/c/openstack/puppet-openstack-integration/+/905298 | 14:35 |
| tkajinam | ^^^ should restore overrides of key/cert files | 14:36 |
| tkajinam | wondering if this needs to be fixed in puppet-mysql as well | 14:37 |
| amoralej | i was wondering the same | 14:38 |
| tkajinam | anyway we can merge that fix now even if the problem is fixed in puppetlabs-mysql | 14:39 |
| tkajinam | the workaround is required in stable branches where we can't bump puppetlabs-mysql now | 14:39 |
| amoralej | yep | 14:39 |
| tkajinam | will later check how we can workaround the issue by any change in puppetlabs-mysql. we have to make sure we don't break compatibility with existing usage with only ssl => true overridden | 14:40 |
| opendevreview | Merged openstack/puppet-openstack-integration stable/2023.2: nova: Capture cell details https://review.opendev.org/c/openstack/puppet-openstack-integration/+/905093 | 15:05 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-openstack-integration stable/zed: Undefine ssl certificate parameters for mariadb https://review.opendev.org/c/openstack/puppet-openstack-integration/+/905311 | 16:19 |
| opendevreview | Takashi Kajinami proposed openstack/puppet-openstack-integration stable/2023.1: nova: Capture cell details https://review.opendev.org/c/openstack/puppet-openstack-integration/+/905328 | 16:26 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!