Thursday, 2025-06-19

« Wednesday, 2025-06-18 Index Friday, 2025-06-20 »
tonybOkay I'm confused and missing $something.    For the DIB+Nodepool functional testing the devstack we create has public and private networks and assigns a floating IP to the node.  What I can't see is how the demo user/project gets access to private network and router.01:55
tonybI see the network/subnet/router being added via the 'devstack-demo-admin' cloud but it isn't visible to the demo user in the demo project01:56
tonyb(when I say isn't I mean in my devstack setup, it is visible in the nodepool testing)02:02
ianwi don't know if it helps but i feel like the job only ever looked for the floating ip and ssh'd to that?02:14
tonybianw: sort of  In the nodepool case the devstack cloud which is the demo project and demo user.  An instance spawned by nodepool gets an IP in the private network (which has a running DHCP server) and then neutron maps that (private) Fixed-IP to an assigned Floating IP02:28
tonybSo yeah we only ever really talk to the floating IP but the provate network is essential to get that going02:28
tonybMy devstack setup looks to have the same config but the devstack cloud (again demo project and user) can't see the private network02:29
tonybbut the admin user on the demo project *can* see the private network02:30
tonyb`openstack --os-cloud devstack-admin-demo server create --flavor dib1024 --image test-image  --key-name root --network private --use-config-drive test-admin;03:00
tonybopenstack --os-cloud devstack-admin-demo floating ip create --fixed-ip-address 10.1.0.49 --port 098b5e8b-d5c0-48df-9b98-7e72308d5402 public` works but trying the same thing as a regular user says no such network private (or words to that effect)03:00
tonybI could just use the devstack-admin-demo cloud but that seems silly03:01
JayFto be explicit: what is the cloud that doesn't work?03:17
JayFI would expect --os-cloud devstack to work, but not devstack-admin or devstack-system-admin03:19
tonybJayF: `--os-cloud devstack`  AFACIT cloud=devstack maps to project demo, user demo and cloud=devstack-admin-demo maps to project demo, user admin.03:20
JayFyep that's what I was looking at, and you are right afaik03:20
JayFI am not an expert in devstack generally, but that's the behavior I'd expect too.03:20
JayFSorry if that's not helpful just making sure scope mixups weren't happening; we get that a lot since Ironic rbac went default (baremetal node list returns nothing unless you are admin scoped)03:21
tonybJayF: `openstack --os-cloud devstack network list` only has the 'public' but `openstack --os-cloud devstack-admin-demo network list` has both public and private.03:22
JayFinteresting, maybe perms are different by default and that's expected for testing scenario purposes?03:22
tonybI don't know.   The part I'm struggling with is when devstack is installed as part of the nodepool testing (which admitedly is a different role) the 'devstack' cloud shows both networks.03:25
tonybso clearly there is something I need to do, or not do, with the devstack role but I can't find it03:25
JayFI pointed claude at the devstack codebase to see if it could figure how to make private network visible03:26
tonybit doesn't look to be RBAC as the 2 comfigs are comprable there ?03:26
tonybclaude?03:26
JayFas in claude-code03:27
JayFjust seeing how well it does with devstack; so far, not very03:27
tonybLOL03:27
JayFgiant files are extra hard because it doesn't want to load the whole thing into context03:28
JayFit claims "openstack network set --share private" as demo-admin should do it 03:29
JayFI am skeptical03:29
tonybYeah that's not it03:29
tonybthe (working) nodepool setup doesn't share the provate network03:30
JayFwell I can tell you in the ironic devstack configuration, it's sharing the private network03:31
JayFat least in the one I have on my local VM, devstack user can see private network, and private network shows as shared03:31
JayFs/user/os-cloud/03:31
JayFbut we change enough about networking who knows :( it's late here I'm gonna step away, good luck, sorry I couldn't help03:32
tonyb`openstack --os-cloud devstack-admin-demo network show -f value -c shared private` says False (everywhere)03:34
tonybJayF: I appreciate the help.   It never hurts to double/triple check things03:35
ianwhrm, it really does seem to just use "devstack" cloud https://opendev.org/zuul/nodepool/src/branch/master/playbooks/nodepool-functional-container-openstack/templates/nodepool.yaml.j2#L2003:53
ianwbut then yeah, private -> https://opendev.org/zuul/nodepool/src/branch/master/playbooks/nodepool-functional-container-openstack/templates/nodepool.yaml.j2#L3203:53
tonybianw: Yup.   And I can't find the difference important difference in devstack setup between https://fac63a6a94019ab8151d-353a8055100be238a18e62fdcc374ef1.ssl.cf2.rackcdn.com/openstack/3ff15981db0847079b8948f7b066eafa/job-output.txt (nodepool/working) and https://c77aa8f87e095b99b6e6-3a828353f8ae4adcb13d9c2988d28730.ssl.cf2.rackcdn.com/openstack/5385c2051a904ad48f8b3bbda187ec57/job-output.txt (devstack/not working)05:47
ianwis it something about the way nodepool launches it with it's --net command?06:02
tonybI do need to be able to do that, but right now if add --net private all I get is "can't locate network private" (or similar)06:04
ianwlike nodepool does 2025-06-18 11:27:59,764 DEBUG nodepool.OpenStackAdapter.devstack: API call get_network in 0.09363511099991229 and then iirc launches it maybe with an id?06:05
tonybHmmm I can try that06:05
ianwhttps://opendev.org/zuul/nodepool/src/branch/master/nodepool/driver/openstack/adapter.py#L636 -- so i think it's setting that there06:06
fricklerto me this looks like devstack is working fine, the job is ubuntu noble is passing, just almalinux is acting weird?06:06
fricklerweird as in "networkmanager fails to configure the interface in the instance"06:07
tonybianw: https://paste.opendev.org/show/biAsRqRLzdcfng29PQiw/06:07
ianwi feel like i've never seen devstack-admin-demo used at all06:08
tonybfrickler: Yes I think there are two issues here 1) Almalinux is weird and not writing out a network config at all (where as Ubuntu does) ; and 2) the devstack testing setup is different to the nodepool setup and those differences hide "1".06:09
ianwi feel like nodepool is only ever given the "openstack" cloud to work from in the clouds.yaml?06:10
tonybianw: devstack uses it "a bunch"  eg https://opendev.org/openstack/devstack/src/branch/master/lib/neutron_plugins/services/l3#L26606:10
fricklerwell it does boot the almalinux instance just fine in both logs you posted earlier, doesn't it? so I don't see this "network private not found" error there06:10
ianw(sorry - "devstack" - https://fac63a6a94019ab8151d-353a8055100be238a18e62fdcc374ef1.ssl.cf2.rackcdn.com/openstack/3ff15981db0847079b8948f7b066eafa/nodepool/nodepool.yaml).  so it can't have been acting as anyone else, like the admin?06:11
tonybianw: Yes that's true but in this case "testing", we also build the devstack so I'm looking for $something06:11
tonybianw: not AFAICT, unless nodepool is using a different clouds.yaml06:11
tonybfrickler: Yes in the gate it boots but that's because I'm directly attaching the VM to the public network which doesn't work because of item 1 a few lines back.   Ubuntu does work.06:12
tonybfrickler: nodepool doesn't directly attach to the public network, instead is attaches to the private network and then adds a floating IP to the port on the private network.06:13
tonybfrickler: which I can make work but not for the cloud "devstack" which /etc/openstack/clouds.yaml maps to demo/demo06:14
ianwhttps://c77aa8f87e095b99b6e6-3a828353f8ae4adcb13d9c2988d28730.ssl.cf2.rackcdn.com/openstack/5385c2051a904ad48f8b3bbda187ec57/controller/logs/etc/openstack/clouds.yaml i guess you mean there06:17
tonybCorrect06:17
ianw2025-06-18 10:46:58.356 | ++ lib/neutron_plugins/services/l3:create_neutron_initial_network:202 :   oscwrap --os-cloud devstack --os-region RegionOne network create private -f value -c id06:18
ianwhttps://c77aa8f87e095b99b6e6-3a828353f8ae4adcb13d9c2988d28730.ssl.cf2.rackcdn.com/openstack/5385c2051a904ad48f8b3bbda187ec57/controller/logs/devstacklog.txt06:18
ianwthat really seemed like it created "private" :/06:19
tonyb2025-06-18 11:13:44.150433 | ubuntu-jammy | ++ lib/neutron_plugins/services/l3:create_neutron_initial_network:202 :   oscwrap --os-cloud devstack --os-region RegionOne network create private -f value -c id06:20
tonybhttps://fac63a6a94019ab8151d-353a8055100be238a18e62fdcc374ef1.ssl.cf2.rackcdn.com/openstack/3ff15981db0847079b8948f7b066eafa/job-output.txt (nodepool devstack install)06:20
tonybwait06:20
tonybit was created in the 'devstack' cloud and now it's not found in the 'devstack' cloud ?06:21
fricklerah, yes, in the public network dhcp would be failing, so that part is to be expected. do you have a devstack run where the private network failure can be seen? maybe hold a node for that to look at things in place, I can check in my afternoon then06:24
tonyb158.69.71.406:25
ianwone other thing to try might be to add in https://opendev.org/zuul/nodepool/src/commit/47193a46b91f8b4f220b455c93c876d389ce0802/playbooks/nodepool-functional-container-openstack/run.yaml#L29 to create the unmanaged vm first.  that dumps out the networks etc.06:25
tonybit's the node I'm currently working on/debugging with06:25
tonybianw: I can add that but I felt like that was mostly there to test that nodepool didn't impact any non-nodepool nodes06:32
tonybthat unmanaged-vm ends up in error state anyway06:32
fricklerso the private network belongs to the admin tenant, not to the demo tenant. so it is expected that the demo tenant cannot see it. the question is why this happens06:33
tonybfrickler: where did you see that?06:33
tonybfrickler: I swear I looked for that type of mistake06:34
frickler"openstack --os-cloud devstack-admin network show private -c project_id" and compare with "... project list"06:34
frickleron 158.69.71.406:34
frickleroh, wait, that could be the osc wrapper daemon06:37
fricklerit essentially ignores the --os-cloud option06:37
fricklerprobably this isn't seen in normal CI because nothing actually uses the private network, tempest creates its own06:38
ianwanother weird thing -> https://opendev.org/zuul/nodepool/src/commit/47193a46b91f8b4f220b455c93c876d389ce0802/playbooks/nodepool-functional-openstack/write_clouds_yaml.yaml ... this re-writes clouds.yaml to force ipv406:39
ianwbut that is not in 158.69.71.4 ... suggesting the file isn't updated?06:39
tonybI don't call that playbook on the devstack node06:40
ianwahh, ok06:42
ianwcan you just do this all as "devstack-admin"?06:45
fricklertonyb: try to disable the openstack-cli-server service in local.conf06:46
frickleroh, it doesn't get used when "if use_library_from_git "python-openstackclient"" is true, that also explains lack of CI coverage I guess https://opendev.org/openstack/devstack/src/branch/master/stack.sh#L1014-L102306:49
tonybianw: I can, but I was hoping to be as close to "correct" as possible06:49
tonybfrickler: Noted.06:49
ianwhrm, i'm starting to think that may be correct :)06:50
frickleressentially when you call "openstack --os-cloud xyz" in devstack with cli-server active, the command gets executed with "devstack-admin" creds06:50
tonybianw: LOL06:51
fricklerand I seem to see a lot of code in neutron plugins that doesn't test the right thing as a result06:51
fricklerthough likely this should be treated as bug in the cli server. maybe we can work around it in the oscwrap function06:56
tonybYeah it does seem like a bug in the cli-server.  Once we've proven that's the problem I can chase that up06:56
fricklerwell I think essentially I did prove this? the log says "openstack --os-cloud devstack network create private", but the network ends up in the admin tenant06:58
tonybThat's very true.06:58
fricklerI've also known about the wrong clouds issue for years, I just need to find where I added a workaround06:58
tonybAh06:59
tonybWell I'll get a new revisions of the devstack stuff going, which includes floating IPs and disabling the cli-server06:59
fricklerah, it is in a wip patch of mine https://review.opendev.org/c/openstack/devstack/+/923944/4/lib/keystone#44507:00
tonybAh07:01
fricklerI just wasn't aware that it also affects existing parts of devstack, because ... well everything did seem to work?07:01
tonybYeah.  yay us finding hidden bugs07:01
fricklerwell currently I'm a bit afraid of how many bugs might be uncovered when we fix this. like a whole lot of srbac stuff might be not testing what it expects to test07:03
tonybergh07:04
*** tosky is now known as Guest1839707:37
*** tosky_ is now known as tosky07:37
opendevreviewTony Breeds proposed openstack/diskimage-builder master: Add new openstack/devstack based functional testing  https://review.opendev.org/c/openstack/diskimage-builder/+/94994207:38
fricklertonyb: ^^ doesn't work that way, not sure about the right option though07:52
fricklerah, "devstack_services:\nopenstack-cli-server: false" with proper indentation07:52
tonybI'll figure it out, just got to grab my son from a class07:53
fricklerstumbled upon this independently, but it somehow fits. sorry if this is well known already. "Two of the most famous products of Berkeley are LSD and Unix. I don’t think that this is a coincidence." https://web.mit.edu/~simsong/www/ugh.pdf08:09
opendevreviewTony Breeds proposed openstack/diskimage-builder master: Add new openstack/devstack based functional testing  https://review.opendev.org/c/openstack/diskimage-builder/+/94994208:25
*** amoralej_ is now known as amoralej12:06
fungitechnically bsd was a product of bell labs (at&t), uc berkeley licensed it from them and then expanded on it, diverging from at&t's own continued development for system v12:30
opendevreviewMerged opendev/base-jobs master: Enable ovh log uploads in test  https://review.opendev.org/c/opendev/base-jobs/+/95287312:34
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: DNM: use base-test to validate log uploads  https://review.opendev.org/c/zuul/zuul-jobs/+/95290515:44
opendevreviewJames E. Blair proposed opendev/system-config master: DNM: Test "Lit" version of zuul-results-plugin  https://review.opendev.org/c/opendev/system-config/+/95290716:03
opendevreviewJames E. Blair proposed openstack/project-config master: Add gerrit project stanzas  https://review.opendev.org/c/openstack/project-config/+/95293416:31
corvusinfra-root, config-core: ^ if anyone happens to be around to approve that, paladox is currently updating that plugin and it'd be cool to get a depends-on build with it.16:33
fungidone16:41
opendevreviewMerged openstack/project-config master: Add gerrit project stanzas  https://review.opendev.org/c/openstack/project-config/+/95293416:47
opendevreviewJames E. Blair proposed opendev/zone-opendev.org master: Replace zl01 and zl02  https://review.opendev.org/c/opendev/zone-opendev.org/+/95294117:32
opendevreviewJames E. Blair proposed opendev/system-config master: Replace zl01 and zl02  https://review.opendev.org/c/opendev/system-config/+/95294217:32
corvusfungi: ^ i launched 2 new zuul-launcher nodes; they are 2GB instead of 8GB, since it looks like that should be enough.  this also replaces our existing zl01 jammy node.17:33
fungilgtm, approved both, thanks!17:36
opendevreviewMerged opendev/zone-opendev.org master: Replace zl01 and zl02  https://review.opendev.org/c/opendev/zone-opendev.org/+/95294117:48
corvusfungi: according to https://review.opendev.org/952905 ovh looks good, i think we can merge https://review.opendev.org/952874 to re-enable them17:51
fungiagreed, will do17:54
fungiand approved as well, thanks again!17:55
opendevreviewMerged opendev/system-config master: Replace zl01 and zl02  https://review.opendev.org/c/opendev/system-config/+/95294218:19
fungigonna go grab a late lunch/early dinner, back in an hour-ish18:33
corvus#status log replaced zl01-02 with new 2GB noble vms; deleted old servers20:16
opendevstatuscorvus: finished logging20:18
corvusthat appeared here: https://fosstodon.org/@opendevinfra/11471187642530684120:19
opendevreviewMerged opendev/base-jobs master: Enable ovh log uploads  https://review.opendev.org/c/opendev/base-jobs/+/95287420:20
corvusthat seems to confirm the access token fix20:20
corvusi've gone ahead and launched 8 new zm servers; we can probably knock those out pretty easily too.20:21
fungiexcelent20:21
fungil20:21
fungiinfra-prod-remote-puppet-else failed in the deploy for 952942: https://zuul.opendev.org/t/openstack/build/0f1ef685cc6247b285bdc3850fa4cd2420:27
fungiTASK [puppet-setup-ansible : Run puppet module install on bridge] ... fatal: could not read Username for 'https://github.com': No such device or address20:29
corvushttps://paste.opendev.org/show/b48WHFIfZ9AxpJGJEVOS/20:29
corvusyeah, that series of errors seems strange...20:29
fungigot me scratching my head too20:29
corvusinstall_modules.sh: line 19: puppet: command not found20:30
corvusthat line is apparently fine20:30
corvusit shows up in previous successful runs20:30
corvusmaybe there was a momentary dns snafu20:31
fungii think that "could not read Username" error can also be a misleading indicator for when a repository has been renamed or made private20:31
corvusmm yeah.  also, there were 4 repos that updated in that pass; that may be an unusually high amount of activity20:32
corvushttps://github.com/puppetlabs/puppetlabs-rabbitmq is a 40420:33
corvusmaybe they made that private20:33
corvusthat's for storyboard20:34
fungiwe could just stick it in the emergency disable list if the problem persists, and see if that solves it20:35
corvusmaybe we can/should migrate to https://github.com/voxpupuli/puppet-rabbitmq20:35
fungioh probably20:35
fungipuppetlabs is shedding everything and anything20:35
fungithat makes sense, it's a community module now20:35
corvusi'll write some changes20:39
opendevreviewJames E. Blair proposed opendev/system-config master: Update rabbitmq puppet module  https://review.opendev.org/c/opendev/system-config/+/95294620:40
fungii think that'll be self-testing20:40
corvuspuppet-storyboard needs a change too... not sure if they can be sequenced....20:40
opendevreviewJames E. Blair proposed opendev/puppet-storyboard master: Update rabbitmq puppet module  https://review.opendev.org/c/opendev/puppet-storyboard/+/95294720:43
corvusnow that i wrote that... i don't actually know if that's necessary for us to run it.  i guess we'll see.20:43
opendevreviewJames E. Blair proposed opendev/system-config master: DNM: Test "Lit" version of zuul-results-plugin  https://review.opendev.org/c/opendev/system-config/+/95290720:45
opendevreviewJames E. Blair proposed opendev/zone-opendev.org master: Replace zuul mergers  https://review.opendev.org/c/opendev/zone-opendev.org/+/95294820:49
opendevreviewJames E. Blair proposed opendev/system-config master: Replace zuul mergers  https://review.opendev.org/c/opendev/system-config/+/95294920:50
corvusthose two changes for the mergers are ready to go, along with the testing update: https://review.opendev.org/95269620:50
fungione thing that should have dawned on me with the zl replacements... in the past we've avoided recycling server names because ansible facts get cached on bridge. maybe that's no longer an issue?20:52
fungior maybe the (now long ago) switch to using ip addresses for `ansible_host` solved it20:54
corvusi can clear them out... i'd rather do the extra work and reuse them.  i spend way too much time ssh-ing into n01... nl02... nl03... nl04... nl05 yes that's the one...20:54
fungiyeah20:54
opendevreviewMerged opendev/zone-opendev.org master: Replace zuul mergers  https://review.opendev.org/c/opendev/zone-opendev.org/+/95294820:55
fungiand at least we don't preserve root's ssh known_hosts entries on bridge20:55
corvusi haven't cleaned out any facts yet, and ansible hasn't seemed to have a problem so far20:55
fungiit's worth taking the easier path here to see if anything still breaks20:56
corvusyeah, and we write out a global known_hosts file on bridge that ansible uses20:56
corvus++ these are good test hosts20:56
opendevreviewMerged opendev/system-config master: Replace zuul mergers  https://review.opendev.org/c/opendev/system-config/+/95294921:51
opendevreviewTony Breeds proposed openstack/diskimage-builder master: Add new openstack/devstack based functional testing  https://review.opendev.org/c/openstack/diskimage-builder/+/94994222:02
corvusthe update to the zuul-results-summary plugin that paladox made checks out in our test jobs.  https://gerrit-review.googlesource.com/c/plugins/zuul-results-summary/+/48528123:00
paladoxNice!23:01
paladoxmerged!23:02
corvuscool! we may want to keep than in mind for our next gerrit update (might be worth updating it soon afterwords, just to make sure everything's okay).  it should be a noop -- it's a build and javascript modernization change23:02
corvuspaladox: thanks again! :)23:03
paladoxyw!23:03
corvus#status log replaced all zuul mergers with new noble vms; deleted old servers23:03
opendevstatuscorvus: finished logging23:04
fungisounds gere23:10
fungigreat23:10
opendevreviewTony Breeds proposed openstack/diskimage-builder master: Add new openstack/devstack based functional testing  https://review.opendev.org/c/openstack/diskimage-builder/+/94994223:26
corvuszm01 graphs on cacti look as expected; except that apparently we have a /boot partition now, and we did not before23:41
corvushopefully we don't start running out of space due to kernels23:42
opendevreviewMerged opendev/system-config master: Switch zuul-mergers to noble  https://review.opendev.org/c/opendev/system-config/+/95269623:48
« Wednesday, 2025-06-18 Index Friday, 2025-06-20 »

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!