Monday, 2022-09-12

« Sunday, 2022-09-11 Index Tuesday, 2022-09-13 »
opendevreviewSteve Baker proposed openstack/tripleo-image-elements master: Simplify openvswitch, remove os-svc-install  https://review.opendev.org/c/openstack/tripleo-image-elements/+/83863600:15
opendevreviewSteve Baker proposed openstack/tripleo-image-elements master: Remove the remaining os-*-config elements  https://review.opendev.org/c/openstack/tripleo-image-elements/+/83863700:15
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: Verify RsyslogExtraLoggingSource in CI  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/83113000:48
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: Remove leftover of MongoDB support  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/84768200:50
opendevreviewTakashi Kajinami proposed openstack/tripleo-common master: Remove password migrations for placement and rpc services  https://review.opendev.org/c/openstack/tripleo-common/+/84607300:51
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: Validate CollectdConnectionType  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/84723600:52
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: Octavia: remove unused mocking of nova_flavor  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/84533200:52
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: Ironic: Remove unused step_config from base class  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85697401:02
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: Revert "Disable pxe_tftp systemd services during upgrade"  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85688401:16
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: Revert "Disable pxe_tftp systemd services during upgrade"  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85697601:19
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: Revert "Disable pxe_tftp systemd services during upgrade"  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85688401:19
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: Ironic: Remove old clean up tasks for xinetd  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85697701:22
tkajinamstevebaker[m], hi. May I ask for you review about https://review.opendev.org/c/openstack/tripleo-heat-templates/+/846083 when you have time ?01:23
stevebaker[m]tkajinam: sure thing, looks good to me01:32
tkajinamstevebaker[m], thanks !01:35
opendevreviewTakashi Kajinami proposed openstack/ansible-role-collect-logs master: Get OVS DB query results  https://review.opendev.org/c/openstack/ansible-role-collect-logs/+/85697801:43
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: Manage CA certificates using ansible  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/83929601:47
lecris[m]tkajinam: about CA management, you should check this issue https://bugs.launchpad.net/tripleo/+bug/1988578?01:50
lecris[m]It realistically happens when ipa CA roots are renewed01:51
tkajinamthat CA management does not related to IPA afaik. that task installs a static cert01:52
lecris[m]Yes, but when installing CA certs, it should be filtered of any invalid certs01:54
lecris[m]Otherwise you can get that issue in rabbitmq01:54
lecris[m]Granted it is an upstream issue, but who knows when similar issues will pop up01:55
tkajinamvalidation certs is out of scope of individual tasks imho.01:58
tkajinameven if we add the capability, that is completely different from the above patch which just replaces puppet by ansible01:59
tkajinamI mean it should be a completely separate topic.01:59
lecris[m]So where should something like that be patched? Afaiu, the heat templates for ipa use preexisting CA files on the hosts, which could be patched in the enrollment stage. But this issue could happen with self-signed or other third party CAs02:03
lecris[m]Or is tls-e via ipa the only one that uses tls for rabbitmq and other services?02:04
tkajinamI don't get your point. If CA cert expires then you need to update the template to include the new cert and run deploy to install the new certs02:09
opendevreviewBrendan Shephard proposed openstack/tripleo-heat-templates master: Move update_tasks for tripleo-packages  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/83860502:12
lecris[m]The issue with rabbitmq is if there exists expired certificates together with the renewed one. This happened to me because ipa added the renewed one, not replaced the bundle02:12
lecris[m]So even if you did that, this issue would appear02:14
lecris[m]I think this is done so on the freeipa to check old pki signed objects like S/MIME emails02:16
tkajinamfor management of static CA, the task should replace the existing file in /etc/pki/ directory as long as you use the same name. AFAIK update-ca-trust extract should remove the key which was removed from the directory so it's not likely to cause the same problem as long as you keep the same name.02:18
lecris[m]Public or private key?02:20
lecris[m]Does the update task support having external signed CA?02:22
lecris[m]If so, then this issue can occur higher up in the chain02:23
tkajinamI was talking about CA cert, which is public02:24
tkajinamTripleO supports using static TLS cert + CA cert to use TLS in public endpoints.02:24
tkajinamas well as TSL-e02:24
tkajinamwhat do you mean by "the update task" ?02:25
lecris[m]the `uptdate-ca-trust` you mentioned02:27
lecris[m]<tkajinam> "I was talking about CA cert..." <- Indeed the issue I am referencing is occurring in the CA cert, i.e. somewhere in the CA trust chain there exists expired certificate, not the leaf/newly deployed certificate being expired02:29
tkajinamIn TLS-e certmonger is responsible to manage certificates installed in each node02:31
tkajinamwhile in case you use static certs you inject certs using tht parameters, part of which I'm fixing in my patch above02:32
opendevreviewRabi Mishra proposed openstack/python-tripleoclient master: Add role split feature to extract provisioned  https://review.opendev.org/c/openstack/python-tripleoclient/+/85692902:32
tkajinamyour problem is likely the one causes by something wrong with certmonger or regeneration process but I don't think that is really related to the task to install the static cert, which is NOT used in TLS-e02:34
tkajinamthe command I mention updates the local cert repositories from the keys installed in /etc/pki directory 02:34
tkajinamI guess certmonger might use it internally but I don't have enough understanding to tell you how/whether it is used in TLS-e02:35
lecris[m]tkajinam: I don't think this is a certmonger issue, because the leaf certificates are valid. The intermediate CA certificate in `/etc/ipa/ca.crt` is the problem.03:07
lecris[m]And my concern is if the CA cert chain bundle (excluding the leaf) is being updated using the same logic as ipa's (add renewed CA, but keep old expired ones), then if that new certificate is added to the trust chain `/etc/pki/CA/certs` and rabbitmq or other similarly faulty components use it, than it can create deployment issues03:10
lecris[m]So just to confirm 2 things about static certs:03:12
lecris[m]- Are they used in service components like rabbitmq as well?03:12
lecris[m]- does `update-ca-trust` role update the CA chain and/or the leaf certificate. (The naming suggests it only updates the former, in which case the issue I had can occur)03:12
tkajinamif you use TLS-e then internal certificates are used in most components, not only rabbitmq03:13
tkajinamagain the task I'm updating is not used in TLS-e. update-ca-trust extact is the command, used in the role to install the static CA certificate, and it only handles CA cert. does not affect leaf certificates. but again the task/role is not used in TLS-e03:14
lecris[m]Yes, and the issue with expired certificates is about expired intermediate CA certificates, not leaf certificates03:15
lecris[m]But static certs (outside TLS-e) are not used for components?03:16
tkajinamin case you use static certs instead of tls-e then you can update all certificates by updating the ones in your deployment templates03:17
tkajinamas long as you modify templates with keeping certificate names then it should replace the existing ones. it should not leave expired ones03:17
lecris[m]But you said static certs support being externally signed. So let's say the deployment template downloads the CA chain from `/etc/pki/CA/certs/external_root.crt` or `http://my_provider.com/root_ca.crt`. Then it should check for expired certificates in this downloaded chain. I.e. even if the certificates are replaced, if the replaced chain contains expired ones that's the issue.03:21
lecris[m]The issue is not that the CA certificates are expired before the deployment, but after the deployment due to externally managed root CA chian.03:22
lecris[m]Something like `/etc/pki/CA/certs/external_root.crt` has:... (full message at https://matrix.org/_matrix/media/r0/download/matrix.org/SzJvlaGcWsxIgrKWasMXNehk)03:26
lecris[m]But I think the thing I am trying to figure out is: is there some step where I can edit the file in the Heat parameter: `InternalTLSCAFile`, to do some sanity checks on it: check for validity and so on?03:29
tkajinamwe might be able to implement some validation but that's not something we have now03:30
lecris[m]Kay, which step should I look at for that? I can try to see if I can do these03:31
tkajinamI understand it can be a good improvement but I've been saying that's a different topic from the change to replace puppet by ansible03:31
lecris[m]Yes indeed, sorry for the confusion. I am only concerned if the same issue can occur outside of the tls-e setup due to external CAs03:32
tkajinamthere are two implementations to install cert certs now. one is puppet and the other is ansible. I'm replacing puppet by ansible now so once that is completed then you can add validation task in tripleo-ansible03:32
tkajinamand for > The issue is not that the CA certificates are expired before the deployment, but after the deployment due to externally managed root CA chian.03:33
lecris[m]Ok, I understand03:33
tkajinamIMO replacing the static certs automatically is quite overkilling IMHO. If a user decides to use static certs then he/she is responsible to install a new cert before the current one expires.03:34
opendevreviewBrendan Shephard proposed openstack/python-tripleoclient master: Change git user for config-download  https://review.opendev.org/c/openstack/python-tripleoclient/+/85659103:41
opendevreviewMerged openstack/tripleo-heat-templates master: ironic: Remove tasks for image migration  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/84608304:32
*** ysandeep|out is now known as ysandeep04:36
opendevreviewchandan kumar proposed openstack/tripleo-common master: Add an Ansible execution environment to our Build  https://review.opendev.org/c/openstack/tripleo-common/+/77667404:38
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: MySQL: Use common volumes in containers  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85622804:41
opendevreviewchandan kumar proposed openstack/tripleo-common master: Add an Ansible execution environment to our Build  https://review.opendev.org/c/openstack/tripleo-common/+/77667405:10
opendevreviewchandan kumar proposed openstack/tripleo-ci master: Add support for tcib_extra_config  https://review.opendev.org/c/openstack/tripleo-ci/+/85073605:50
*** ysandeep is now known as ysandeep|afk05:54
opendevreviewchandan kumar proposed openstack/tripleo-common master: Add an Ansible execution environment to our Build  https://review.opendev.org/c/openstack/tripleo-common/+/77667405:55
opendevreviewchandan kumar proposed openstack/tripleo-common master: [DNM] Build tripleo-ansible-ee container  https://review.opendev.org/c/openstack/tripleo-common/+/85045806:20
*** ysandeep|afk is now known as ysandeep06:30
opendevreviewCedric Jeanneret proposed openstack/tripleo-ansible master: New roles for apache/httpd management  https://review.opendev.org/c/openstack/tripleo-ansible/+/85348106:38
chandankumarTengu: https://review.opendev.org/c/openstack/tripleo-ansible/+/856339 is good to go06:43
opendevreviewCedric Jeanneret proposed openstack/tripleo-ansible master: New tripleo_ironic role  https://review.opendev.org/c/openstack/tripleo-ansible/+/85587306:43
Tenguchandankumar: heya! lemme check06:43
*** jm1|ruck is now known as jm1|rover06:45
opendevreviewCedric Jeanneret proposed openstack/tripleo-heat-templates master: Convert httpd ironic_api configurations to new role  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85456807:05
*** jpena|off is now known as jpena07:10
Tengufolks, care to have a look at https://review.opendev.org/c/openstack/tripleo-ansible/+/856487 ?07:21
opendevreviewTakashi Kajinami proposed openstack/python-tripleoclient master: Remove unused arguments from generate_passwords  https://review.opendev.org/c/openstack/python-tripleoclient/+/85700007:30
opendevreviewTakashi Kajinami proposed openstack/tripleo-common master: Remove unused arguments from generate_passwords  https://review.opendev.org/c/openstack/tripleo-common/+/85700207:40
opendevreviewchandan kumar proposed openstack/tripleo-common master: Add an Ansible execution environment to our Build  https://review.opendev.org/c/openstack/tripleo-common/+/77667407:57
opendevreviewMerged openstack/puppet-tripleo master: Add etcd3gw api_version to cinder backend_urlĀ   https://review.opendev.org/c/openstack/puppet-tripleo/+/85236808:13
opendevreviewBhagyashri Shewale proposed openstack/openstack-tempest-skiplist master: Revert "Update "hard_reboot_after_vol_snap_deletion" entry"  https://review.opendev.org/c/openstack/openstack-tempest-skiplist/+/85688608:13
opendevreviewchandan kumar proposed openstack/tripleo-common master: [DNM] Build tripleo-ansible-ee container  https://review.opendev.org/c/openstack/tripleo-common/+/85045808:15
opendevreviewBhagyashri Shewale proposed openstack/openstack-tempest-skiplist master: Revert "Update "hard_reboot_after_vol_snap_deletion" entry"  https://review.opendev.org/c/openstack/openstack-tempest-skiplist/+/85688608:20
opendevreviewTakashi Kajinami proposed openstack/puppet-tripleo master: cinder + etcd3gw: Remove logic for CentOS/RHEL 8  https://review.opendev.org/c/openstack/puppet-tripleo/+/85700608:22
opendevreviewBhagyashri Shewale proposed openstack/openstack-tempest-skiplist master: Revert "Update "hard_reboot_after_vol_snap_deletion" entry"  https://review.opendev.org/c/openstack/openstack-tempest-skiplist/+/85688608:44
*** amoralej is now known as amoralej|afk08:51
opendevreviewBhagyashri Shewale proposed openstack/tripleo-quickstart-extras master: Adding temporary workaround for libvirt-failures  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85624408:56
opendevreviewBhagyashri Shewale proposed openstack/tripleo-quickstart-extras master: Adding temporary workaround for libvirt-failures  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85624409:01
opendevreviewBhagyashri Shewale proposed openstack/tripleo-quickstart-extras master: Adding temporary workaround for libvirt-failures  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85624409:06
opendevreviewchandan kumar proposed openstack/tripleo-common master: Add an Ansible execution environment to our Build  https://review.opendev.org/c/openstack/tripleo-common/+/77667409:24
opendevreviewBhagyashri Shewale proposed openstack/tripleo-quickstart-extras master: Adding temporary workaround for libvirt-failures  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85624409:43
opendevreviewManojkatari proposed openstack/tripleo-heat-templates master: new t-h-t template for Cinder NFS backend  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85439809:53
opendevreviewJiri Podivin proposed openstack/validations-libs master: Removing unused imports and variable  https://review.opendev.org/c/openstack/validations-libs/+/85703710:04
lecris[m]jpodivin: About #1989247 (keystoned_db_sync erroring with unable to send audit message). I have added the logs to that10:05
jpodivinlecris[m]: thanks. As I've said in the comment it was a mistake not to make proper note of the fix. Hopefully not much time was lost.10:06
lecris[m]Can you give me a hint on how to change the Caps of a container and/or add podman flags to how that container is called?10:06
lecris[m]Is it an issue with the containers upstream?10:08
jpodivinlecris[m]: for that I would have to know the circumstances. This failed on your personal deployment? 10:08
lecris[m]What I am encountering is that this issue only occurs for tls-e, which I don't understand how that one is affecting there10:09
lecris[m]Yes, personal deployment10:09
jpodivinlecris[m]: ok, that narrows things down a bit. Could you put the config you have used in the bug description?10:10
jpodivinso we can properly triage it. 10:10
jpodivinEspecially things like release, topology and services. 10:10
lecris[m]Should I upload the full `config-download`?10:11
lecris[m]or `overcloud-deploy`10:12
jpodivinlecris[m]: I don't think that's necessary atm. It should be enough to note release and arguments you have given to quickstart10:12
jpodivinso we can replicate if needed.10:12
jpodivinfull dirs would be nice, but it's not necessary per se. 10:12
lecris[m]Not using quickstart, using manual provision steps10:12
jpodivinbhagyashris|ruck: do we have this in upstream ^ ? I don't think we do.10:13
jpodivinlecris[m]: ok, that's another thing to note10:13
lecris[m]`network_data.yaml`, `vip_data.yaml`, and such files are ok?10:13
jpodivinlecris[m]: it can help. But the most important facts are: release of openstack, deployment procedure. services and topology10:14
jpodivinthat's the basics. 10:14
lecris[m]Ok, I'll try to add them10:14
lecris[m]release wise, both master and yoga10:14
jpodivinlecris[m]: which one? Yoga is slightly behind master(zed) 10:15
lecris[m]What do you mean by which one? Both on stable/yoga and master (tripleo-repos command wise)10:16
lecris[m]I am not sure if the containers are updated to become yoga though10:17
jpodivinlecris[m]: I'm looking at the logs. I see quite of few other errors in there. Am I correct that you have successfully diagnosed and rectified them? 10:19
lecris[m]The ansible log might include older deployments. If it's after a step of `overcloud node provision` it should be the most recent10:20
lecris[m]Also I've added the configuration details10:21
jpodivinlecris[m]: thanks a lot. I'll take a look.10:25
lecris[m]Thanks for the support10:25
lecris[m]I think the relevant log begins at `2022-09-12 03:08:26,009`10:26
lecris[m]But jpodivin, do you have any hint of how to add/change the container execution to add the `CAP_AUDIT_WRITE` to the current deployment to see if that's the cause?10:28
bhagyashris|ruckjpodivin, ?10:28
bhagyashris|ruckthis one  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85624410:28
jpodivinlecris[m]: honestly I don't. At this point I'm fairly certain this is a different beast to that in the older bug10:28
jpodivinbhagyashris|ruck: is that the same thing? 10:29
jpodivinours is permission error10:29
bhagyashris|ruckjpodivin, hey i am not clear what you are asking 10:30
jpodivinbhagyashris|ruck: https://bugs.launchpad.net/tripleo/+bug/198924710:30
jpodivinbhagyashris|ruck: lecris[m] has been deploying manually and keystone container got in trouble10:30
lecris[m]It's about `keystone_db_sync` container not being able to execute due to permission error10:30
bhagyashris|ruckjpodivin, hey i am not sure will need to check i am currently focusing downstream 10:31
bhagyashris|ruckjm1, may know this^10:31
jpodivinbhagyashris|ruck: thanks. Container just needs permissions to write audit msg. But the question is how to set them up.10:31
*** ysandeep is now known as ysandeep|lunch10:34
opendevreviewLuca Miccini proposed openstack/tripleo-ansible master: Ensure /run/frr is present after (re)boot  https://review.opendev.org/c/openstack/tripleo-ansible/+/85703810:35
lecris[m]jpodivin: I've added a quick dirty runtime "fix?" for that in the bug report10:43
opendevreviewchandan kumar proposed openstack/tripleo-common master: Add an Ansible execution environment to our Build  https://review.opendev.org/c/openstack/tripleo-common/+/77667410:48
opendevreviewRabi Mishra proposed openstack/tripleo-heat-templates master: Support actual hostnames in DeploymentServerBlacklist  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85703911:16
opendevreviewManojkatari proposed openstack/tripleo-heat-templates master: new t-h-t template for Cinder RBD backend  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85707111:17
opendevreviewVijayalakshmi proposed openstack/tripleo-ansible master: Restart tuned service to apply tuned boot options  https://review.opendev.org/c/openstack/tripleo-ansible/+/85704011:17
bogdandohi, ykarel, slaweq, do you know anything about those neutron/ovn related failures https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_6cd/855187/3/check/tripleo-ci-centos-8-9-multinode-mixed-os/6cd1757/logs/subnode-2/var/log/containers/neutron/ovn-metadata-agent.log ? those looked unlreated to 855187 to me11:18
bogdandohttps://review.opendev.org/c/openstack/tripleo-heat-templates/+/85518711:18
ykarelbogdando, ahhk seems caused by recent update for ovs/ovn in c9 wallaby11:37
ykarelas there is different version for these in C811:37
bogdandoyay11:37
ykarelcontroller version - 21.12.3-20.21.0-61.4 mismatch with northd version - 22.06.1-20.23.0-63.411:37
bogdandoso, the job related, not the patch11:37
bogdandothanks11:37
ykarelyes right, ^ the reason of failure11:38
ykarelbhagyashris|ruck, jm1|rover is ^ already known?11:40
*** dviroel_ is now known as dviroel11:45
jm1lecris[m]: thank you for reporting that bug! actually i saw that issue a couple of times before but it usually intermittent and as such had no time to hunt it down. example: https://logserver.rdoproject.org/57/44657/9/check/periodic-tripleo-ci-centos-9-ovb-3ctlr_1comp-featureset001-clients-master/3fb6e42/logs/overcloud-controller-0/var/log/containers/stdouts/keystone_db_sync.log.txt.gz11:46
lecris[m]It is rather weird that it is being intermittent. It indicates that sometimes podman does not properly check permission? Or is it that podman sometimes adds `CAP_AUDIT_WRITE` and sometimes not?11:48
lecris[m]Right now I am trying to run with `privileged: true` in https://opendev.org/openstack/tripleo-ansible/src/branch/master/tripleo_ansible/roles/tripleo_keystone/templates/keystone_db_sync.yaml.j2#L411:49
opendevreviewMerged openstack/tripleo-heat-templates master: Neutron: Deprecate unmaintained features  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/84624911:50
lecris[m]Otherwise, I do not see in https://opendev.org/openstack/tripleo-ansible/src/commit/96e9b135cdabf6d51cd5d107774d2b1c8e9efffc/tripleo_ansible/ansible_plugins/modules/tripleo_container_manage.py how to `--cap-add` or add custom flags11:52
opendevreviewCedric Jeanneret proposed openstack/tripleo-ansible master: New roles for apache/httpd management  https://review.opendev.org/c/openstack/tripleo-ansible/+/85348111:54
opendevreviewCedric Jeanneret proposed openstack/tripleo-ansible master: New tripleo_ironic role  https://review.opendev.org/c/openstack/tripleo-ansible/+/85587311:55
opendevreviewchandan kumar proposed openstack/tripleo-common master: [DNM] Build tripleo-ansible-ee container  https://review.opendev.org/c/openstack/tripleo-common/+/85045812:03
opendevreviewMerged openstack/tripleo-heat-templates master: Remove old network_data examples  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85634312:09
opendevreviewMerged openstack/tripleo-heat-templates master: Add parameter OVNEncapTos  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85412712:09
opendevreviewMerged openstack/tripleo-ansible master: TripleO os_net_config playbooks should allow re-run  https://review.opendev.org/c/openstack/tripleo-ansible/+/84841112:09
*** amoralej is now known as amoralej|lunch12:18
jm1ykarel, bogdando: we are facing this issue in periodic jobs since friday as well, will create a bug report. thanks for reporting it!12:22
bogdandocool, thanks!12:23
bogdandochandankumar: hi, I can see https://review.opendev.org/c/openstack/tripleo-ansible/+/855358 is still blocked by /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta: no such file or directory12:23
ykareljm1, ack Thanks, we would need to update versions for c8 stream to clear this12:23
bogdandohasn't  https://review.opendev.org/c/openstack/tripleo-ansible/+/856283 fixed it?12:23
ykarelbut that would take some time, i was discussion with amoralej|lunch on #rdo12:24
chandankumarbogdando: can you recheck the patch? https://zuul.opendev.org/t/openstack/builds?job_name=tripleo-ansible-centos-stream-molecule-test_deps&project=openstack/tripleo-ansible seems to be good today12:27
chandankumarthe fix merged on 8th12:28
chandankumarbogdando: we again merged one more fix https://review.opendev.org/c/openstack/tripleo-ansible/+/85675812:30
chandankumarrecheck would fix it12:30
opendevreviewBogdan Dobrelya proposed openstack/tripleo-ansible master: Add openssh test_deps as container manager needs it  https://review.opendev.org/c/openstack/tripleo-ansible/+/85535812:35
opendevreviewBogdan Dobrelya proposed openstack/tripleo-ansible master: tripleo_nova_libvirt: add for standalone roles  https://review.opendev.org/c/openstack/tripleo-ansible/+/84215212:35
opendevreviewBogdan Dobrelya proposed openstack/tripleo-ansible master: tripleo_nova_compute: add for standalone roles  https://review.opendev.org/c/openstack/tripleo-ansible/+/84365912:35
opendevreviewMerged openstack/openstack-tempest-skiplist master: Skip neutron_tempest_plugin.api.test_port_forwardings.PortForwardingTestJSON  https://review.opendev.org/c/openstack/openstack-tempest-skiplist/+/85676412:36
opendevreviewSandeep Yadav proposed openstack/tripleo-quickstart-extras master: Create a yaml with custom CI rules for Firewall  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85709612:44
*** ysandeep|lunch is now known as ysandeep12:44
opendevreviewSandeep Yadav proposed openstack/tripleo-quickstart-extras master: Create a yaml with custom CI rules for Firewall  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85709612:46
opendevreviewyatin proposed openstack/puppet-tripleo stable/wallaby: [DNM] Test mis match northd version  https://review.opendev.org/c/openstack/puppet-tripleo/+/85710112:46
*** amoralej|lunch is now known as amoralej12:51
opendevreviewSandeep Yadav proposed openstack/tripleo-quickstart-extras master: Create a yaml with custom CI rules for Firewall  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85709612:51
jm1ykarel, bogdando: https://bugs.launchpad.net/tripleo/+bug/198934112:54
ykarelThanks jm1 12:57
opendevreviewSandeep Yadav proposed openstack/tripleo-quickstart master: Include custom ci firewall rule in deployment  https://review.opendev.org/c/openstack/tripleo-quickstart/+/85712812:59
opendevreviewSandeep Yadav proposed openstack/tripleo-quickstart-extras master: Create a yaml with custom CI rules for Firewall  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85709613:02
opendevreviewchandan kumar proposed openstack/tripleo-common master: Add an Ansible execution environment to our Build  https://review.opendev.org/c/openstack/tripleo-common/+/77667413:02
opendevreviewSandeep Yadav proposed openstack/tripleo-quickstart-extras master: Create a yaml with custom CI rules for Firewall  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85709613:04
opendevreviewCedric Jeanneret proposed openstack/tripleo-heat-templates master: Convert httpd ironic_api configurations to new role  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85456813:04
opendevreviewchandan kumar proposed openstack/tripleo-ci master: Add support for tcib_extra_config  https://review.opendev.org/c/openstack/tripleo-ci/+/85073613:04
opendevreviewMarios Andreou proposed openstack/tripleo-ci master: Mark tripleo-ci-centos-8-9-multinode-mixed-os non voting  https://review.opendev.org/c/openstack/tripleo-ci/+/85714213:05
mariosjm1: bogdando: ykarel: amoralej: rlandy: as discussed ^^ non voting 13:05
amoralejmarios, ykarel i did a scratch build of rdo-openvswitch-2.17 and looks good, i'm doing a final build and i'll propose the update13:06
ykarelThanks amoralej marios 13:06
mariosthank you amoralej 13:06
amoralejykarel, there is some way to test the update in the mix job with a temp repo?13:06
opendevreviewSandeep Yadav proposed openstack/tripleo-quickstart master: Include custom ci firewall rule in deployment  https://review.opendev.org/c/openstack/tripleo-quickstart/+/85712813:06
rlandymarios: thanks - voted13:07
ykarelamoralej, atleast should work with release file updates13:08
ykarelwallaby release file in this case13:08
opendevreviewchandan kumar proposed openstack/tripleo-common master: [DNM] Build tripleo-ansible-ee container  https://review.opendev.org/c/openstack/tripleo-common/+/85045813:18
opendevreviewyatin proposed openstack/tripleo-quickstart master: [DNM] Test c8s wallaby with rdo-openvswitch-2.17  https://review.opendev.org/c/openstack/tripleo-quickstart/+/85717113:27
opendevreviewCedric Jeanneret proposed openstack/tripleo-heat-templates master: Switch default firewall engine  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85280813:31
opendevreviewyatin proposed openstack/tripleo-heat-templates stable/wallaby: [DNM] Test c8s wallaby with rdo-openvswitch-2.17  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85718213:31
*** dasm|off is now known as dasm13:33
opendevreviewRodolfo Alonso proposed openstack/tripleo-heat-templates stable/wallaby: Add parameter OVNEncapTos  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85718913:34
opendevreviewyatin proposed openstack/tripleo-heat-templates stable/wallaby: [DNM] Test c8s wallaby with rdo-openvswitch-2.17  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85718213:38
opendevreviewCedric Jeanneret proposed openstack/tripleo-ansible master: New roles for apache/httpd management  https://review.opendev.org/c/openstack/tripleo-ansible/+/85348113:58
opendevreviewCedric Jeanneret proposed openstack/tripleo-ansible master: New tripleo_ironic role  https://review.opendev.org/c/openstack/tripleo-ansible/+/85587313:58
opendevreviewBrendan Shephard proposed openstack/python-tripleoclient master: Change git user for config-download  https://review.opendev.org/c/openstack/python-tripleoclient/+/85659114:03
opendevreviewSandeep Yadav proposed openstack/tripleo-quickstart-extras master: Create a yaml with custom CI rules for Firewall  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85709614:19
opendevreviewJuan Larriba proposed openstack/tripleo-ansible stable/wallaby: [RFE] Add a new Snapshot And Revert feature to Backup and Restore  https://review.opendev.org/c/openstack/tripleo-ansible/+/85705614:23
opendevreviewJuan Larriba proposed openstack/tripleo-ansible stable/wallaby: [RFE] Add a new Snapshot And Revert feature to Backup and Restore  https://review.opendev.org/c/openstack/tripleo-ansible/+/85705614:26
opendevreviewchandan kumar proposed openstack/tripleo-common master: Add an Ansible execution environment to our Build  https://review.opendev.org/c/openstack/tripleo-common/+/77667414:31
opendevreviewTakashi Kajinami proposed openstack/tripleo-heat-templates master: Nova: Set unprivileged_userfaultfd only when post-copy is enabled  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85602514:35
jm1Tengu: hello :) do you know how to add a capability to podman containers in tripleo? https://bugs.launchpad.net/tripleo/+bug/1989247 (lecris[m] fyi)14:41
Tengujm1: you can have a look at nova containers in tripleo heat templates. Im off duty now, we can check back tomorrow if you want/need14:48
opendevreviewTakashi Kajinami proposed openstack/python-tripleoclient master: admin authorize: Deprecate ineffective --overcloud-ssh-network  https://review.opendev.org/c/openstack/python-tripleoclient/+/85719614:56
jm1Tengu: ack, lets talk about this tomorrow. have a nice evening :)14:59
opendevreviewJiri Podivin proposed openstack/validations-libs master: Logging facility for VF  https://review.opendev.org/c/openstack/validations-libs/+/85719815:00
opendevreviewMerged openstack/tripleo-quickstart master: Exclude kernel from dnf update  https://review.opendev.org/c/openstack/tripleo-quickstart/+/85660315:07
opendevreviewMikolaj Ciecierski proposed openstack/tripleo-heat-templates master: Fix Update ovn_controller. from external-update playbook  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85719915:08
*** ysandeep is now known as ysandeep|out15:16
*** ysandeep|out is now known as ysandeep15:16
*** ysandeep is now known as ysandeep|out15:20
opendevreviewyatin proposed openstack/tripleo-quickstart-extras master: Fix resolution of tripleo_ceph_deploy_container_namespace  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85720115:24
rlandyslaweq: ykarel: hi - could someone on your team take a look at https://trello.com/c/ornI3NOX/2703-cixlp1989197tripleociproa-tempest-test-neutrontempestpluginapitestportforwardingsportforwardingtestjson-failing-on-periodic-trip? I think we promoted that up from the network component to clear another issue15:31
rlandythere is a skiplist - so it's not super urgent15:31
rlandybut we'd like to clear the skip if possible15:31
rlandyjm1: ^^15:31
rlandyfyi15:31
opendevreviewMerged openstack/tripleo-heat-templates stable/train: [Train-Only] Restore nova_api_db_sync_stein vols  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85653115:33
ykarelrlandy, /me leaving for today, i will check in my morning tomorrow if no one else picks up15:36
rlandyykarel: thank you15:37
ykarellooks related to changes https://review.opendev.org/q/topic:bug%252F197164615:37
*** marios is now known as marios|out15:47
opendevreviewMerged openstack/python-tripleoclient master: Use host network for db_sync  https://review.opendev.org/c/openstack/python-tripleoclient/+/85622615:51
*** dviroel is now known as dviroel|lunch15:55
opendevreviewOliver Walsh proposed openstack/tripleo-heat-templates master: Use python to template cell urls  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85191716:03
*** dhill is now known as Guest11716:04
*** jpena|off is now known as jpena16:09
*** jpena is now known as jpena|off16:10
sdanniHi! We are working on deploying overcloud with SSL. We use letsencrypt certificates which will expire in 90 days. I wonder what is the common way to renew ssl certificates in openstack environment without redeploying overcloud?16:23
opendevreviewSandeep Yadav proposed openstack/tripleo-quickstart master: Include custom ci firewall rule in deployment  https://review.opendev.org/c/openstack/tripleo-quickstart/+/85712816:43
*** dviroel|lunch is now known as dviroel16:52
*** amoralej is now known as amoralej|off16:52
opendevreviewMerged openstack/tripleo-heat-templates master: Add role specific settings for ovn_bgp_agent parameters  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85457419:23
opendevreviewDouglas Viroel proposed openstack/tripleo-heat-templates master: Test custom cpu_model on nested virt job  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85722619:33
opendevreviewMerged openstack/tripleo-quickstart master: Mixed OS conditional dlrn_hash_tag for component line  https://review.opendev.org/c/openstack/tripleo-quickstart/+/85386020:07
opendevreviewMerged openstack/tripleo-ci master: Mark tripleo-ci-centos-8-9-multinode-mixed-os non voting  https://review.opendev.org/c/openstack/tripleo-ci/+/85714220:07
*** dviroel is now known as dviroel|afk20:28
opendevreviewMerged openstack/tripleo-quickstart-extras master: Adding temporary workaround for libvirt-failures  https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/85624420:48
opendevreviewBrendan Shephard proposed openstack/python-tripleoclient master: Change git user for config-download  https://review.opendev.org/c/openstack/python-tripleoclient/+/85659121:25
opendevreviewLukas Bezdicka proposed openstack/tripleo-heat-templates stable/wallaby: WIP: FFWD3: enample templated haproxy/heat images  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85289821:37
opendevreviewBrendan Shephard proposed openstack/tripleo-heat-templates master: Move update_tasks for tripleo-packages  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/83860522:41
*** dasm is now known as dasm|off22:59
opendevreviewMerged openstack/tripleo-quickstart master: Revert "Downgrade python3-sqlalchemy"  https://review.opendev.org/c/openstack/tripleo-quickstart/+/85056823:13
opendevreviewBrendan Shephard proposed openstack/tripleo-ansible master: Add standalone ovn-controller role  https://review.opendev.org/c/openstack/tripleo-ansible/+/84565323:30
opendevreviewBrendan Shephard proposed openstack/tripleo-ansible master: Add external update tasks to tripleo_ovn role  https://review.opendev.org/c/openstack/tripleo-ansible/+/85724223:49
opendevreviewBrendan Shephard proposed openstack/tripleo-heat-templates master: Move OVN external_update_tasks to tripleo-ansible  https://review.opendev.org/c/openstack/tripleo-heat-templates/+/85724323:56
« Sunday, 2022-09-11 Index Tuesday, 2022-09-13 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!