Thursday, 2019-01-10

« Wednesday, 2019-01-09 Index Friday, 2019-01-11 »
*** macza has quit IRC00:01
*** cshen has joined #openstack-ansible00:09
*** hwoarang has quit IRC00:13
*** hwoarang has joined #openstack-ansible00:13
*** cshen has quit IRC00:15
*** mathlin has joined #openstack-ansible00:16
*** tosky has quit IRC00:21
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_keystone master: Cleanup files and templates using smart sources  https://review.openstack.org/58896000:30
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_cinder master: Cleanup files and templates using smart sources  https://review.openstack.org/58895300:40
*** cshen has joined #openstack-ansible00:45
*** mathlin has quit IRC00:50
*** cshen has quit IRC00:51
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance master: Cleanup files and templates using smart sources  https://review.openstack.org/58895900:56
*** mathlin has joined #openstack-ansible01:13
*** macza has joined #openstack-ansible01:38
*** markvoelker has joined #openstack-ansible01:40
*** markvoelker has quit IRC01:45
*** mathlin has quit IRC01:47
*** gyee has quit IRC01:50
*** macza has quit IRC01:50
*** cshen has joined #openstack-ansible02:06
*** mathlin has joined #openstack-ansible02:10
*** hwoarang has quit IRC02:11
*** cshen has quit IRC02:11
*** hwoarang has joined #openstack-ansible02:11
*** macza has joined #openstack-ansible02:17
*** hwoarang has quit IRC02:19
partlycloudyA quick question regarding the OSA documentation (Rocky) at https://docs.openstack.org/openstack-ansible/rocky/user/prod/example.html.02:20
partlycloudyThe figure shows two dedicated load balancers in use, but the configuration file sets HAProxy onto three infra nodes. Is that a typo?02:20
*** macza has quit IRC02:22
*** hwoarang has joined #openstack-ansible02:23
jamesdentonpartlycloudy the image is more representative of hardware load balancers, i think, where there tend to be a active/standby pair02:36
cloudnullsadly looks like the centos percona repo is down ... http://logs.openstack.org/60/588960/13/check/openstack-ansible-functional-distro_install-centos-7/858b5b0/job-output.txt.gz#_2019-01-10_00_59_52_07027902:38
*** broken_one has joined #openstack-ansible02:38
partlycloudyjamesdenton: thanks you James. So, the figure on the page does not represent the HAProxy settings in the openstack_user_config.yml below, I think?02:41
*** cshen has joined #openstack-ansible02:41
jamesdentonthat's correct. For the example file, shove a red load balancer into the infrastructure control plane host box02:42
jamesdentontimes 302:42
jamesdentoncloudnull you should write a strongly worded letter02:42
cloudnull ?02:43
jamesdentonpercona. repo. n/m02:43
* cloudnull begins monologue of why i hate centos 02:43
jamesdentonbut it's Enterprise, sir.02:43
*** mathlin has quit IRC02:44
partlycloudyjamesdenton: got it. Btw, I have thoroughly enjoyed reading your latest book on Neutron networking (the 3rd edition). Great work!02:44
jamesdentonthanks, partlycloudy! that's a great way to get help around here! lol02:45
partlycloudyoh yeah! haha02:46
*** cshen has quit IRC02:46
broken_onegood evening everyone02:46
cloudnullo/02:47
broken_onei am having problems dialing in my osa install.  I cant tell if i am just not configuring something right or if there is some other issue,  this does center around networking and neutron though.  Is it ok to ask for support in this channel?02:49
jamesdentonwe'll do our best. whats up?02:50
broken_oneon the upside I can log into horizon and create networks and routers.  but I think my vxlan and ha configs may be not quite right02:50
*** markvoelker has joined #openstack-ansible02:51
broken_oneso i switch from using linux bridges over to OpenVSwitch02:51
jamesdentonon a new deploy?02:51
broken_oneyes, i wiped all the hosts and started with a fresh OS02:51
jamesdentonok, good. still having issues, though?02:52
broken_oneso a deploy node, a cobbler node, 3 controller nodes, and 4 compute nodes02:52
broken_oneso i have 4 nics on the systems 2 x 1gb and 2x10Gbe02:53
broken_onethey are bonded02:53
broken_onebr-vlan is on bond102:53
broken_onebr-vxlan in on bond1.100302:54
jamesdentonk02:54
broken_onebr-vlan does not have an ip, and br-vxlan does02:54
jamesdentonright.02:54
jamesdentonwhat are you seeing now that you're on OVS?02:54
broken_onethe ultimate issue right now02:55
broken_onei create an HA router02:55
broken_onebut all 3 interfaces are DOWN02:55
broken_onein horizon02:55
broken_oneso before with linuxbridges, i only tested a non-HA router02:56
jamesdentonhave you been able to successfully test a single VM? Does DHCP work? Can you test a standalone router?02:56
broken_oneso the configs could have been broken for HA in linux bridges02:56
broken_oneDHCP is working02:56
broken_onewhen i deploy a test subnet all 3 dhcp agents start up with an IP02:57
jamesdentonok. Does a spun up VM get its IP from the DHCP server?02:57
jamesdentonwhen you check console log02:57
broken_oneyes the cirros image gets an IP, recently deployed 5 vm's and all 5 got an IP form the test subnet02:58
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance master: Cleanup files and templates using smart sources  https://review.openstack.org/58895902:58
broken_oneanother thing I feel is happening is that all traffic is being sent through the br-mgmt interface and nothing over br-vxlan02:58
jamesdentonwell, what is the network type for the network your VM is on? is it vxlan or vlan or flat?03:00
broken_onevxlan03:00
jamesdentonok. you can confirm the IP that Neutron is using for the VTEP by looking at... the openvswitch_agent.ini file and see what local_ip is set to. It should match the addr on br-vxlan03:01
jamesdentonwhat version of OSA is this?03:01
broken_oneits rocky so 18.1.203:01
jamesdentonk03:01
broken_oneso i did recently change the local_ip on the controller nodes to match the br-vxlan ip03:02
broken_oneand now things are starting to report down03:02
jamesdentonwhat was local_ip set to before?03:02
broken_onewhen i did the deploy originally it was the br-mgmt ip and everything was UP03:02
broken_onehence why i feel something could be wrong in my configs03:03
broken_onei will also mention03:03
jamesdentonhmmm. yeah, that wouldn't have been correct to use br-mgmt. Are you able to ping between your infras and computes via their br-vxlan IPs?03:03
jamesdentonand can you share your openstack_user_config.yml via https://pasted.tech/03:04
broken_oneto get the local_ip to change to the br-vxlan i had to heavily modify the dynamic-address-facts.yml playbook because the find_bridge variable was coming up undefined when doing the tunnel_address fact set03:04
broken_onecertainly03:04
broken_oneand yes we check all pings03:05
jamesdentonyeah, you shouldn't have to do that. maybe we can find something missing03:05
broken_oneno issues03:05
broken_oneok give me a minute...need to hop on vpn :D03:05
broken_oneso i might disconnect03:05
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_cinder master: Cleanup files and templates using smart sources  https://review.openstack.org/58895303:06
*** broken_one has quit IRC03:06
*** mathlin has joined #openstack-ansible03:07
*** broken_one has joined #openstack-ansible03:08
broken_onesorry about that03:08
jamesdentonno prob03:08
broken_onehttps://pasted.tech/pastes/67f1ba9703482ddd185e059920f93b715b156400 -- config file03:09
jamesdentonlooking03:10
broken_onethankl you03:11
jamesdentoncan you also share your openstack_inventory.json?03:15
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_heat master: Cleanup files and templates using smart sources  https://review.openstack.org/58895403:15
broken_oneno problem03:16
broken_onehttps://pasted.tech/pastes/b7d2955a191a976cb5386bacc9bf545759c05264 -- inventory.json03:20
jamesdentonthanks03:23
*** broken_one has quit IRC03:24
*** broken_one has joined #openstack-ansible03:24
broken_onethank you for taking the time03:25
cloudnullnice use of pasted :)03:25
jamesdentoncloudnull do you have an older environment around.. like P or Q?03:26
cloudnullnope, my home cloud is running the head of master.03:27
jamesdentonk03:27
cloudnulli could make one though03:27
cloudnullneed to test something ?03:27
jamesdentoneh, i was wanting to see if ./inventory-manage.py --list-host would return the tunnel_address for respective containers03:28
cloudnullnot a lot of changes happen to that script03:29
jamesdentonya03:29
cloudnullthe output should be the same regardless03:29
jamesdentonlooking at an old pike inventory, the only thing that had a legit tunnel_address was neutron_agents_container. the baremetal compute node has an entry but it's missing the IP03:32
broken_oneif that command is there in rocky i could run it on my cloud03:32
jamesdentonlong story short, it looks like ansible_host is being used in the absence of a tunnel address, which would potentially not work.03:34
broken_oneyes that is what is happening03:34
broken_onejust not sure what is causing it03:34
broken_onethe above command lists None in the tunnel_address column on my cloud03:35
jamesdentonyeah, unfortunately that's not a good indicator. but i think i see the same behavior03:36
broken_onewould also having the user_variables.yml be helpful?03:37
jamesdentonwouldn't hurt03:38
broken_oneok one moment03:38
*** mathlin has quit IRC03:41
broken_onehttps://pasted.tech/pastes/14493ca75cebc62891551a21a3ed62166e8a0260 -- user_vars03:42
cloudnull`pip install pasted-client --isolated; pasted /etc/openstack_deploy/user_variables.yml`03:42
broken_onehad to remove ldap things but rest is complete03:42
* cloudnull shameless plug 03:42
jamesdentonniiiiice03:42
broken_oneyour code cloudnull?03:43
cloudnullyup03:43
cloudnullpasted is me :)03:43
jamesdentoncloudnull do you know.. if there is or was a mechanism to grab the IP address(es) off a host's bridge (the br-vxlan IP, br-storage IP, etc) in the event it wasn't auto-assigned by ansible?03:44
broken_onevery nice...i see we can spin up pasted on our own infra...we do have a need for a pastebin03:44
cloudnullthe python client will always return the RAW paste too, so its nice when sharing things or wanting to do things with the pastes, IE: something like a git-diff03:44
broken_onea nice "feature" would be a preview mode...in case something was pasted with credentials or confidential stuffs...before a paste03:45
broken_onemaybe even an expiry on some pastes if possible03:46
cloudnullwill look into it03:46
cloudnulljamesdenton nothing built in03:46
cloudnullyou could ansible -m shell it ?03:46
broken_onejamesdenton is the preferred method to leave the interfaces unassigned and have one of the playbooks do magic?03:47
jamesdentonhmm. Well, I'm just trying to figure out where we'd be pulling the respective tunnel address from for say, a compute node03:47
cloudnullthe inventory will have all of the IPs but if you want to check that the IPs on the host are the same in the inventory there's nothing that specifically scans and validates that03:47
jamesdentonsince those interfaces are hand created in e/n/i or whereveer03:47
jamesdentonok, i see it's collected as a fact03:49
cloudnullthe tunnel addresses are scanned for and fed into the role03:49
cloudnullin the newton playbook , if im not mistaken03:49
cloudnullbroken_one the pastes will auto expire after 90 days of no access03:49
cloudnullthough a configurable expire would be nice03:49
broken_onei found some task in dynamic-address-fact.yml in common-tasks/03:50
cloudnull^ that one03:50
broken_onethat seemed to do some tunnel_address fact set, but it is not working for me03:50
broken_onefind_bridge return undefined a lot in the metal_query03:51
broken_onethat is the yml i modified to flip to local_ip in the openvswitch.ini file03:52
*** markvoelker has quit IRC03:53
*** DanyC has joined #openstack-ansible04:01
*** cshen has joined #openstack-ansible04:02
*** DanyC has quit IRC04:06
*** cshen has quit IRC04:13
jamesdentonif i'm understanding this correctly, the addrs will never be in the inventory and dynamically determined at runtime playbooks/common-playbooks/neutron.yml based on the facts.04:14
jamesdentonsorry, i'm dense04:14
broken_onethat is the behaviour i am witnessing,  just not sure if it is correct04:15
broken_onemaybe there is something that i need to set in host_vars for each of the nodes?04:16
jamesdentonso, broken_one - i've got to hang this one up for tonight, but given that i'm able to replicate the behavior i'll dig into more tomorrow morning. i have a multi-node install going right now, so that will help confirm04:16
broken_oneso they are added to facts04:16
broken_oneor inventory04:16
jamesdentonthere's nothing you should have to do. it should behave. if it's not, then there's a bug somewhere04:17
*** partlycloudy has quit IRC04:17
*** hwoarang has quit IRC04:17
broken_onesure thing jamesdenton,  i was about to spin up a vm to idle here and will check back tomorrow after work, unless i can get around some port blocks at the office :D04:17
*** partlycloudy has joined #openstack-ansible04:17
broken_oneanything i can do to help run down the bug let me know04:17
jamesdentoni'm about 30% thru an MNAIO for something else, but it will be good to validate with tomorrow.04:18
broken_oneand ill check back in with yall tomorrow as well04:18
jamesdentonthanks04:18
broken_oneAIO installs may work just cuz... testing with lots of bare metal nodes seem to bring out the issue04:18
broken_onethank you again for looking into this.04:19
jamesdentonyeah, it's worked on production deploys for a long time. I just don't use much vxlan anymore so it may have been broken along the way and i wouldn't know. or it's using the wrong interface unknowingly. can confirm tomorrow04:20
jamesdentonyep yep. see ya tomorrow04:20
broken_onenot using vxlan anymore...will have to talk more about that as well tomorrow.  would be interested as to why04:21
jamesdentonlegacy reasons mostly, but there are a few things we can discuss. see ya04:25
*** mathlin has joined #openstack-ansible04:30
*** broken_one is now known as broken_one_04:30
*** broken_one_ has quit IRC04:37
*** broken_one has joined #openstack-ansible04:44
*** udesale has joined #openstack-ansible04:50
*** cshen has joined #openstack-ansible04:53
*** markvoelker has joined #openstack-ansible04:59
*** mathlin has quit IRC05:04
*** cshen has quit IRC05:07
*** lbragstad has quit IRC05:12
*** mathlin has joined #openstack-ansible05:27
*** fatdragon has quit IRC05:34
*** fatdragon has joined #openstack-ansible05:35
*** fatdragon has quit IRC05:40
*** shyamb has joined #openstack-ansible05:42
*** radeks_ has joined #openstack-ansible05:42
*** TxGirlGeek has joined #openstack-ansible05:45
*** radeks__ has joined #openstack-ansible05:45
*** radeks_ has quit IRC05:47
*** radeks__ has quit IRC05:55
*** mathlin has quit IRC06:00
*** markvoelker has quit IRC06:03
*** cshen has joined #openstack-ansible06:04
*** markvoelker has joined #openstack-ansible06:05
*** cshen has quit IRC06:08
*** macza has joined #openstack-ansible06:10
*** cshen has joined #openstack-ansible06:11
*** macza has quit IRC06:14
*** cshen has quit IRC06:16
*** mathlin has joined #openstack-ansible06:24
*** vnogin has joined #openstack-ansible06:31
*** radeks__ has joined #openstack-ansible06:33
*** vnogin has quit IRC06:35
*** hamzaachi has joined #openstack-ansible06:57
*** mathlin has quit IRC06:58
*** TxGirlGeek has quit IRC07:03
*** shyamb has quit IRC07:09
*** kopecmartin has joined #openstack-ansible07:10
*** kopecmartin has quit IRC07:10
*** goldenfri has quit IRC07:12
*** kopecmartin has joined #openstack-ansible07:14
*** cshen has joined #openstack-ansible07:15
*** DanyC has joined #openstack-ansible07:15
*** goldenfri has joined #openstack-ansible07:17
*** DanyC has quit IRC07:20
*** mathlin has joined #openstack-ansible07:21
*** macza has joined #openstack-ansible07:27
*** macza has quit IRC07:31
*** goldenfri has quit IRC07:38
*** gkadam has joined #openstack-ansible07:43
*** goldenfri has joined #openstack-ansible07:45
*** tosky has joined #openstack-ansible07:49
*** pcaruana has joined #openstack-ansible07:51
*** mathlin has quit IRC07:55
*** fatdragon has joined #openstack-ansible08:01
*** czunker has joined #openstack-ansible08:08
*** fatdragon has quit IRC08:10
*** mathlin has joined #openstack-ansible08:17
*** hamzaachi_ has joined #openstack-ansible08:17
*** hamzaachi has quit IRC08:20
*** cshen has quit IRC08:24
*** hamzaachi_ has quit IRC08:25
*** hamzaachi_ has joined #openstack-ansible08:25
*** cshen has joined #openstack-ansible08:25
*** radeks_ has joined #openstack-ansible08:27
*** radeks__ has quit IRC08:29
*** cshen has quit IRC08:30
*** czunker has quit IRC08:32
*** cshen has joined #openstack-ansible08:32
*** cshen has quit IRC08:37
*** cshen has joined #openstack-ansible08:43
*** shyamb has joined #openstack-ansible08:45
*** cshen has quit IRC08:47
*** nsmeds has quit IRC08:51
*** mathlin has quit IRC08:51
*** thuydang has joined #openstack-ansible08:52
*** markvoelker has quit IRC08:52
*** thuydang has quit IRC08:53
*** thuydang has joined #openstack-ansible08:53
*** shyam89 has joined #openstack-ansible08:54
*** shyamb has quit IRC08:57
*** thuydang has quit IRC09:00
*** fatdragon has joined #openstack-ansible09:03
*** shyam89 has quit IRC09:05
*** shyam89 has joined #openstack-ansible09:05
*** fatdragon has quit IRC09:08
*** ygk_12345 has joined #openstack-ansible09:09
*** shardy has joined #openstack-ansible09:10
*** shardy has quit IRC09:13
*** shardy has joined #openstack-ansible09:13
*** mathlin has joined #openstack-ansible09:13
*** cshen has joined #openstack-ansible09:17
*** thuydang has joined #openstack-ansible09:18
*** jawad_axd has joined #openstack-ansible09:20
*** logan- has quit IRC09:21
*** cshen has quit IRC09:22
*** thuydang has quit IRC09:22
*** cshen has joined #openstack-ansible09:23
*** logan- has joined #openstack-ansible09:28
*** logan- has quit IRC09:28
*** shyam89 has quit IRC09:29
*** vnogin has joined #openstack-ansible09:31
*** dcdamien has joined #openstack-ansible09:31
*** vnogin has quit IRC09:35
*** dcdamien has quit IRC09:35
*** shyamb has joined #openstack-ansible09:38
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_cinder master: Ensure public volume type option is evaluated as a boolean  https://review.openstack.org/62981509:43
jrosserodyssey4me: ^ i did wonder about that09:46
*** mathlin has quit IRC09:48
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/ansible-hardening master: Chrony: add an option to sync the hardware clock  https://review.openstack.org/62933009:49
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/ansible-hardening master: Chrony: new NTP server defaults  https://review.openstack.org/62968409:49
*** markvoelker has joined #openstack-ansible09:49
*** DanyC has joined #openstack-ansible09:49
*** markvoelker has quit IRC09:51
*** luksky has joined #openstack-ansible09:52
odyssey4mejamesdenton when you're online, I need to share how you can use MNAIO images to save yourself a lot of time and keep some environments available for testing without having to do a full setup each time09:55
odyssey4mecloudnull perhaps you should approach infra to get pasted installed on paste.openstack.org ;)09:57
odyssey4mejrosser wow, mitogen really makes that metal test go fast!10:01
*** shyamb has quit IRC10:02
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_barbican master: Only implement policy.json if an override is configured  https://review.openstack.org/62928010:03
*** shyamb has joined #openstack-ansible10:06
*** cshen has quit IRC10:06
*** priteau has joined #openstack-ansible10:08
*** hamzaachi_ has quit IRC10:09
*** hamzaachi_ has joined #openstack-ansible10:09
*** hamzaachi_ has quit IRC10:12
*** hamzaachi_ has joined #openstack-ansible10:12
*** mathlin has joined #openstack-ansible10:19
*** cshen has joined #openstack-ansible10:21
odyssey4mejrosser about that heat issue, note that https://review.openstack.org/629544 passed with flying colours10:23
odyssey4meoh, I'm an idiot - I didn't add heat to the services10:23
*** hwoarang has joined #openstack-ansible10:25
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_heat master: Test using integrated build  https://review.openstack.org/62954410:30
*** cshen has quit IRC10:31
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-ceph_client master: Test using integrated build  https://review.openstack.org/62325310:32
*** cshen has joined #openstack-ansible10:39
deployer2odyssey4me, jrosser, Hi! guys may I ask 2 short questions:1)should fresh OSA Rocky deployment rsyslog containers listen on syslog port? Investigating why those do not but setup playbooks ran without issue. Cannot find how logs are forwarded to rsyslog containers.10:41
deployer22)can you reccomend any good documentation corner regarding domains? Wishing to set up "domain admins", but documentation regarding domains is quite scarse.10:41
odyssey4medeployer2 from rocky onwards, for all distributions other than suse, systemd journals are used instead of rsyslog for centralising the log files as far as I know10:42
odyssey4mefor 2 - not really, perhaps best to ask in #openstack-keystone if you can't find appropriate docs10:43
deployer2odyssey4me, regarding logs that could be it! Thanks, need to dig in! I was cought on changes queens->rocky as well regarding that dhcp services moved from containers to namespaces and could not find those :)10:46
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-galera_server master: Update RPM-GPG-KEY-Percona  https://review.openstack.org/62983010:48
*** mathlin has quit IRC10:54
deployer2odyssey4me I guess I need to report a bug in doc then here https://docs.openstack.org/openstack-ansible-rsyslog_server/latest/ops-logging.html as that still points to log paths that do not exist.10:54
*** vnogin has joined #openstack-ansible10:57
*** strobelight has quit IRC11:02
*** fatdragon has joined #openstack-ansible11:04
*** openstackgerrit has quit IRC11:05
*** fatdragon has quit IRC11:10
*** udesale has quit IRC11:14
*** shardy has quit IRC11:14
*** udesale has joined #openstack-ansible11:14
*** mathlin has joined #openstack-ansible11:16
*** electrofelix has joined #openstack-ansible11:28
*** shyamb has quit IRC11:29
*** cshen has quit IRC11:40
*** shyamb has joined #openstack-ansible11:42
*** shyamb has quit IRC11:44
*** shyamb has joined #openstack-ansible11:44
*** cshen has joined #openstack-ansible11:44
*** shardy has joined #openstack-ansible11:46
*** mathlin has quit IRC11:50
*** dcdamien has joined #openstack-ansible11:57
*** rgogunskiy has joined #openstack-ansible12:04
odyssey4medeployer2 well, that might exist if that role is used at all - not sure12:10
*** shyamb has quit IRC12:12
*** shyamb has joined #openstack-ansible12:12
*** mathlin has joined #openstack-ansible12:13
*** luksky has quit IRC12:15
*** strobelight has joined #openstack-ansible12:22
*** openstackgerrit has joined #openstack-ansible12:23
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-galera_server master: Update RPM-GPG-KEY-Percona and add PERCONA-PACKAGING-KEY  https://review.openstack.org/62983012:23
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-galera_server master: Add PERCONA-PACKAGING-KEY  https://review.openstack.org/62983012:24
*** thuydang has joined #openstack-ansible12:26
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-galera_server master: Add PERCONA-PACKAGING-KEY  https://review.openstack.org/62983012:27
openstackgerritlvxianguo proposed openstack/openstack-ansible-os_nova master: modify the features description  https://review.openstack.org/62984212:28
*** cshen has quit IRC12:29
*** thuydang has quit IRC12:31
*** thuydang has joined #openstack-ansible12:34
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-galera_server master: Add PERCONA-PACKAGING-KEY  https://review.openstack.org/62983012:34
*** cshen has joined #openstack-ansible12:37
*** thuydang has quit IRC12:38
*** cshen has quit IRC12:42
*** cshen has joined #openstack-ansible12:46
*** priteau has quit IRC12:48
*** mathlin has quit IRC12:48
odyssey4meother than that, I guess you'd need to figure out what the priority areas are for your env and focus them on efforts in that space in particular12:48
odyssey4meoops, wrong window :p12:48
*** cshen has quit IRC12:51
*** shyamb has quit IRC12:57
odyssey4meok cores, it looks to me like https://review.openstack.org/629830 resolves the issue with centos builds failing - reviews asap please, because that'll also require porting back13:00
*** fatdragon has joined #openstack-ansible13:06
ygk_12345jrosser: my installation of rocky is failing13:07
ygk_12345jrosser: http://paste.openstack.org/show/741573/13:07
ygk_12345jrosser: http://paste.openstack.org/show/741574/13:09
*** rgogunskiy has quit IRC13:09
*** mathlin has joined #openstack-ansible13:11
*** fatdragon has quit IRC13:11
*** luksky has joined #openstack-ansible13:16
*** dave-mccowan has joined #openstack-ansible13:18
*** fnpanic has quit IRC13:19
*** ygk_12345 has quit IRC13:25
*** stuartgr has joined #openstack-ansible13:28
*** cshen has joined #openstack-ansible13:29
*** cshen has quit IRC13:34
*** ansmith_ has joined #openstack-ansible13:41
*** priteau has joined #openstack-ansible13:42
*** mathlin has quit IRC13:45
*** dave-mccowan has quit IRC13:48
*** dave-mccowan has joined #openstack-ansible13:51
*** ygk_12345 has joined #openstack-ansible13:52
*** priteau has quit IRC13:54
ygk_12345guilhermesp: the playbook failed again due this bug http://paste.openstack.org/show/741579/13:54
*** lbragstad has joined #openstack-ansible13:58
*** priteau has joined #openstack-ansible14:04
odyssey4meevrardjp can you review https://review.openstack.org/629830 please to unblock master? otherwise hopefully mnaser will be in soon14:05
*** mathlin has joined #openstack-ansible14:08
evrardjpodyssey4me: yes just a minute14:10
*** fnpanic has joined #openstack-ansible14:10
fnpanichi14:10
odyssey4mefnpanic o/14:12
*** TxGirlGeek has joined #openstack-ansible14:23
*** vnogin has quit IRC14:30
*** electrofelix has quit IRC14:31
openstackgerritMerged openstack/openstack-ansible-galera_server master: Add PERCONA-PACKAGING-KEY  https://review.openstack.org/62983014:40
*** mathlin has quit IRC14:42
ygk_12345odyssey4me: is anyone working on this bug https://bugs.launchpad.net/openstack-ansible/+bug/180734614:46
openstackLaunchpad bug 1807346 in openstack-ansible "[heat] Installations fails during Update Q->R" [Undecided,New] - Assigned to Guilherme Steinmuller Pimentel (guilhermesp)14:46
ygk_12345odyssey4me: still the playbook is failing on a fresh  rocky install14:47
odyssey4meygk_12345 this is an open source community - people work on bugs when they have the time to do so... and if you need a fix urgently, then you should either diagnose the issue and provide the requisite details to someone who can prepare a patch, or you should prepare a patch if you can14:48
odyssey4mecurrently the bug is assigned to guilhermesp - but he hasn't responded to your prompts, so he's possibly on holiday or busy elsewhere14:49
ygk_12345odyssey4me: ok14:50
*** ygk_12345 has quit IRC14:51
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-galera_server stable/rocky: Add PERCONA-PACKAGING-KEY  https://review.openstack.org/62987914:52
jenglischi'm currently using this patch for LXC wiring with ovs https://review.openstack.org/#/c/518230/2/ . i'd like to integrate it into upstream if possible, since the autodetection is quite unreliable, i'd leave it to the user by introducting a new config option14:53
jenglischwhat do you think?14:53
jenglisch*the proposed detection mechanism14:53
odyssey4mejenglisch that may be of interest for mnaser and jamesdenton to look through when they come online14:53
jamesdentonaye14:54
*** cshen has joined #openstack-ansible14:56
*** shardy_ has joined #openstack-ansible14:57
*** jawad_axd has quit IRC14:58
*** shardy has quit IRC15:00
*** cshen has quit IRC15:01
mnaserthanks for the unblock catch odyssey4me15:03
*** TxGirlGeek has quit IRC15:03
jamesdentonmarkos has a good point. there does not appear to be a way to define the bridge type (linuxbridge vs ovs). I would think a config option could be added that would default to 'bridge' for backwards compatibility. Interestingly enough, the docs call out using OVS bridges instead of linux bridges, but i can't see where the wiring would happen to support that. https://docs.openstack.org/openstack-ansible-os_neutron/latest15:04
jamesdenton/app-openvswitch.html15:04
*** mathlin has joined #openstack-ansible15:05
*** TxGirlGeek has joined #openstack-ansible15:06
*** fatdragon has joined #openstack-ansible15:07
jenglischanother thingy on nova: nova_dhcp_domain has been deprecated from nova BUT nova still uses this config option and it is the only way to fix the metadata for nova instances, sind the fqdn is always novalocal (the default from nova) if it's not confiured by OSA15:08
jenglischhttps://github.com/openstack/openstack-ansible-os_nova/blob/9d558a5922465b50d7fd924d23a0ef8e78e75bcd/releasenotes/notes/nova-ocata-conf-deprecations-0a99d13c97424c51.yaml15:08
jenglischhttps://github.com/openstack/nova/blob/c6218428e9b29a2c52808ec7d27b4b21aadc0299/nova/api/metadata/base.py#L53815:08
jenglischsince the option is still in use, is reintroducing it into OSA a bad thing?15:08
mnaseri wonder why we deprecated it15:10
*** TxGirlGeek has quit IRC15:10
mnaserjenglisch: any reason why you don't want to use overrides for this?15:10
jenglischwell nova itself deprecated it aswell15:10
jenglischbut they're still using it in their code, so the variable is not dead15:10
mnaseri'm trying to push to minimize the # of values we predefine to avoid moving away from upstream15:11
*** deployer2 has quit IRC15:11
mnaserbecause what happens if we define it with a value of novalocal. .. if that changes, we'll probably miss it15:11
*** fatdragon has quit IRC15:12
jenglischindeed, i'm just looking through some patch-sets i made previously (in my lab) - however config overrides are certainly the better option, thanks !15:12
jamesdentonlooks like dhcp_domain deprecation in nova was.. premature.. https://etherpad.openstack.org/p/YVR18-novaneutron-ops-cross-project-session15:14
jenglischjamesdenton: yes. i don't think it's good to depend on the installed packages, since ovs and bridge-tools are quite common ones, and especially brctl is deprecated in favour of 'bridge' already. if a config option is fine, i'd propose a change for that, defaulting to bridge wiring, and add the possibility to change it to the docs / examples of ovs15:14
jamesdenton*thumbs up*15:15
odyssey4mejenglisch you can put *any* .conf/.ini/.json/.yaml file entry in place with https://docs.openstack.org/openstack-ansible/latest/reference/configuration/using-overrides.html#overriding-openstack-configuration-defaults regardless of whether there is a specific var to override something in a role15:15
jenglischi could just imaginge to implement a default if only one of them is installed, and fail on runtime if both are detected, but i'm not sure if this is a good solution15:15
jamesdentoni just noticed that patch is like, over a year old :o15:17
jamesdentoni vote for keeping it simple... w/o autodection.15:17
jamesdenton*detection15:17
*** mattt has left #openstack-ansible15:18
jenglischi'd add it in the 'global_overrides' section https://github.com/openstack/openstack-ansible/blob/708b51d6d37574d73b1cd4eb666986c9707fa2d1/etc/openstack_deploy/openstack_user_config.yml.prod-ceph.example#L2315:22
jenglischin theory this variable could be a host_variable, if someone decides to deploy a mixed env of linux bridges and ovs15:23
broken_oneadding fallback behaviour doesnt sound right ot me15:23
broken_onei mean if I as a user want OVS then why give me linuxbridge functionality?15:23
jenglischbroken_one: hm?15:24
broken_onejenglisch: something i saw mentioned in the chat to default to bridge15:25
broken_oneand good morning everyone unless you are on the otherside of the world then good evening o/15:26
jenglischwell, this is the current behaviour, ovs is currently broken/unsupported actually15:26
jamesdentonit's related to keeping compatibility with existing behavior, which means that control plane bridges (br-mgmt, br-storage, etc.) default to linux bridges rather than openvswitches.15:26
jenglischso the default wouldn't require current installations to set this explicit15:27
broken_oneovs is broken in OSA currently?  ( rocky )15:27
jamesdentonnot that i'm aware15:27
broken_onejenglisch: can you elaborate?15:28
jenglischthe last time i checked, the lxc-wiring script doesn't work for ovs15:28
jenglischsince brctl addif likes to operate on linux bridges only15:28
jamesdentontraditionally, OVS has been used only for the neutron provider networks and the control plane (containers) remained connected to linuxbridges15:28
*** vnogin has joined #openstack-ansible15:30
broken_onei dont remember reading any of this in the OSA docs.  Did i miss it?15:30
*** vnogin has quit IRC15:31
jenglischhttps://docs.openstack.org/openstack-ansible-os_neutron/latest/app-openvswitch.html ; configuring bridges (open vswitch)15:31
*** priteau has quit IRC15:31
jenglischthe lxc container create role creates the lxc container and uses the lxc-wiring script afterwards to attach the lxc container to the required bridges (as defined in global_overrides/network/*)15:32
jenglischhttps://github.com/openstack/openstack-ansible-lxc_container_create/blob/927fcae2ac01e5d4594111df197f1d32f42fbbff/tasks/lxc_container_config.yml#L18715:33
jenglischhttps://github.com/openstack/openstack-ansible-lxc_container_create/blob/master/files/lxc-veth-wiring.sh#L55 -> this only works for linux bridges15:33
broken_onethere is only 1 mention of an issue with OVS in ubuntu 16 witha work around15:34
broken_onenothing mentions issues with OVS specifically15:34
broken_onei will note15:34
broken_oneinside any of the containers...i noticed none of the spcified veth devices are there15:34
jenglischthe fix is quite easy, since you only need to call 'ovs-vsctl add-port' instead of 'brctl addif'15:34
broken_oneand the veth pairs in OVS never get created15:34
jenglischhttps://review.openstack.org/#/c/518230/2/files/lxc-veth-wiring.sh15:34
odyssey4mejenglisch essentially the OSA control plane should run linuxbridge and OpenStack can use OVS - there's no real reason to make the OSA containers use OVS as far as I can see15:35
mnaserjenglisch, odyssey4me: indeed, i have alway used normal linux bridges for the OSA containers15:35
odyssey4metrying to force everything to use OVS seems somewhat pointless15:35
mnaserbut OVS for the actual networking15:35
broken_onemakes the entire system homogenous15:36
broken_onei can see arguments both ways15:36
mnasermy concern with that is neutron and lxc using the same ovs instance15:36
mnaseri think neutron usually assumes it owns ovs so that might make weird things happen15:36
jenglischi decided to setup an environment with OVS only, since i don't wanted to introduce the complexity of two different switching planes15:36
mnaserodyssey4me: https://review.openstack.org/#/c/628718/ -- can we replicate this across all other roles?15:37
odyssey4mejenglisch sure, but then you walk into a situation where you're using something totally untested in all OSA testing15:37
broken_onejenglisch: trying to do that as well, and having a bit of issues15:37
mnaseri can have someone do it, but it pretty much means developer mode seems broken15:37
jenglischhm, i hadn't any issues in my env with ~40 nodes and ovs only15:38
*** vicky84 has joined #openstack-ansible15:38
odyssey4memnaser if you'd like, sure15:38
jenglischbut that doesn't mean there aren't any15:38
mnaserjenglisch: that's awesome15:38
mnaserodyssey4me: i just wanted to make sure it was a valid change, as python_venv_build is your domain :)15:38
odyssey4memnaser ok, I haven't really had time to look at it properly15:38
mnaserbefore we throw it a zillion patches15:38
odyssey4melemme do that in a bit - meetings for the next few hours :/15:39
broken_onejenglisch: currently deploying rocky OVA and having issues with things wiring up to br-vxlan...everything is moving traffic through br-mgmt and L3 HA routers are showing down on all interfaces15:39
jrosserI guess we pay no attention to isolation between control plane and neutron in that kind of converged deployment15:39
jrosserI’d be quite worried about that15:39
mnaserodyssey4me: no worries but pretty much https://github.com/openstack/ansible-role-python_venv_build/blob/master/tasks/python_venv_wheel_build.yml#L19-L20 vs https://review.openstack.org/#/c/628718/1/tasks/nova_install_source.yml15:39
*** mathlin has quit IRC15:39
jamesdentonbroken_one i will be looking into that later this morning15:39
evrardjpjrosser: +1 . That for me is a no-go15:39
evrardjpbut ppl might be different :)15:39
broken_onejrosser: isolation happens with netowrks either in vlan tagging or the flow tables in OVS15:40
mnaserthey mismatch and it tries to do the wrong thing and delegates to something that doesn't exist (possibly)15:40
odyssey4memnaser there we. go -that's what I wanted to verify15:40
odyssey4meok, good to go - let's do it15:40
evrardjpit's also possible to have two different ovs at the same time IIRC15:40
mnaserodyssey4me: the other tiny one ill do is that we use `/opt/developer-pip-constraints.txt` everywhere15:40
broken_onejamesdenton: i appreciate that.15:40
mnaserbut that leads to roles being non idempotent15:40
mnaserbecause if you run two roles on the same node, they overwrite each othre15:40
odyssey4memnaser don't bother changing that - that's going to go away15:40
mnaserah15:40
mnaserokay15:40
mnaser:)15:40
odyssey4meI've got work part-done to change that up15:40
mnaserawesome15:41
mnasergood sync :)15:41
broken_onejenglisch: would you mind haring your configs and any customization you have done to get your 40 node cloud up and running?15:41
odyssey4meI'll hopefully put time into that tomorrow.15:41
broken_ones/haring/sharing15:41
*** priteau has joined #openstack-ansible15:46
jenglischbroken_one:  yep, it's currenly running queens, i just have to leave now, so i'll come back to you later/tomorrow15:54
broken_onejenglisch: would help out.  have a good one :)15:55
*** vnogin has joined #openstack-ansible15:56
cloudnullmornings15:58
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_cinder master: Cleanup files and templates using smart sources  https://review.openstack.org/58895315:59
broken_onemorning cloudnull o/16:03
*** udesale has quit IRC16:06
evrardjpmnaser: about releases, I propose I do a first release of OSA stein, then bump master branches of upstream projects, because I didn't bump for a while (my bad)16:07
cloudnullo/ broken_one16:08
cloudnullevrardjp +116:08
openstackgerritMerged openstack/openstack-ansible-galera_server stable/rocky: Add PERCONA-PACKAGING-KEY  https://review.openstack.org/62987916:10
*** TxGirlGeek has joined #openstack-ansible16:14
*** hamzaachi_ has quit IRC16:17
mnaserevrardjp: how far back are right now? also, i think our gate is broken or maybe just recently fixed16:19
jrosserceph jobs are still sad16:26
mnaserreeee16:27
mnaserokay16:27
mnaseri need to finish up something related to keystone and ill try to look into it16:28
jrosseri have this in progress https://review.openstack.org/#/c/629317/ but i've made a rookie error on the task i added16:28
*** mathlin has joined #openstack-ansible16:28
* jrosser not able to push code right now16:29
*** macza has joined #openstack-ansible16:37
*** nsmeds has joined #openstack-ansible16:37
*** macza_ has joined #openstack-ansible16:40
*** macza has quit IRC16:42
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible master: Call ceph-facts role as required by changes to ceph-ansible  https://review.openstack.org/62931716:44
cloudnulljrosser ^ pushed a change to quote the octal16:45
*** strattao has joined #openstack-ansible16:50
*** luksky has quit IRC16:56
*** cshen has joined #openstack-ansible16:57
*** fatdragon has joined #openstack-ansible17:00
*** DanyC has quit IRC17:00
*** cshen has quit IRC17:02
*** mathlin has quit IRC17:03
*** DanyC has joined #openstack-ansible17:03
jamesdentonbroken_one I think I found the issue. The single quotes here, https://github.com/openstack/openstack-ansible/blob/master/playbooks/common-tasks/dynamic-address-fact.yml#L22, result in a path of "'ansible_br_vxlan'.ipv4.address" instead of "ansible_br_vxlan.ipv4.address". Doesn't match the path in the facts, and defaults to ansible_host17:06
broken_onejamesdenton: i can agree with that somewhat17:06
broken_onethe next part would be17:07
jamesdentonAhh, it was this: https://github.com/openstack/openstack-ansible/commit/9f6bf94d1a922553f7bc9b3a614b857b666822db#diff-255f0b55f1833e385fc3b3edbe74013517:07
broken_onenone of the containers are wired to those networks17:07
*** DanyC has quit IRC17:07
*** vnogin has quit IRC17:07
jamesdentonwell, it's not really related to the containers as much as it's the method in which the playbook determines the address to use for tunnel address (local_ip)17:08
openstackgerritMerged openstack/openstack-ansible-os_nova master: venv: use inventory_hostname instead of ansible_hostname  https://review.openstack.org/62871817:08
*** vnogin has joined #openstack-ansible17:08
broken_oneok so that will fix the local_ip issue17:08
jamesdentonyes17:08
*** jpward1981 has joined #openstack-ansible17:08
broken_onei am certain of this17:09
broken_oneso i did it as well17:09
jamesdentonbut, i'll have to talk to noonedeadpunk and see how to go about it17:09
broken_oneof course :)17:09
broken_oneso as a further test17:09
broken_oneeven if you manually flip the IP17:09
broken_onethen things really start breaking17:09
broken_onethe dhcp agents17:10
broken_onei made the manual ip change17:10
noonedeadpunkAm I missed smth?17:10
broken_onerebooted a controller node17:10
broken_oneand the dhcp agent from my test subnet on that controller17:10
broken_oneis now down17:10
broken_oneso what i think the issue is now17:11
broken_oneis what jenglisch proposed17:11
broken_onehttps://review.openstack.org/#/c/518230/2/files/lxc-veth-wiring.sh17:11
broken_onesince i am not doing linux bridges anywhere17:11
broken_oneeverything is OVS17:11
jamesdentonhey noonedeadpunk. That patch seems to have a side effect of causing the dynamic address determination fail and default to ansible_host17:11
noonedeadpunkjamesdenton once you pass "'ansible_br_vxlan'.ipv4.address" to json_query(), quotes should be interpreted correctly17:11
broken_onenoonedeadpunk: the find_bridge fails in my setup17:12
broken_onereturns undefined for br-vxlan and others17:12
jamesdentonit appears to just silently fail and fallback to ansible_host17:12
*** vnogin has quit IRC17:13
noonedeadpunkhm, that's strange...17:13
jamesdentonbroken_one are you using OVS bridges for everything, including br-mgmt?17:14
broken_onei am17:14
jamesdentonand do you have the local_ip configured on an interface? Which one?17:14
broken_onethe ip i want is on br-vxlan17:14
noonedeadpunkoh, I haven't tested OVS, only linuxbridges...17:14
jamesdentonnoonedeadpunk disregard ovs vs lb.17:14
broken_onelet me show you how i overcame the issue in the playbook17:14
broken_oneone moment17:15
noonedeadpunkjamesdenton so my point of the patch was to be able to use aliases, like br0.0, as in this case json_query() interprets this dot in the interface name as an extra element in the dictionary17:16
broken_onehttp://paste.openstack.org/show/741594/ -- dynamic-address-fact.yml17:17
broken_oneso i allow the wrong IP to be facted,then the following tests "fix" the ip issue17:18
openstackgerritMerged openstack/openstack-ansible-os_neutron master: vars: stop placing neutron_developer_constraints in vars  https://review.openstack.org/62874717:18
noonedeadpunkI think, that ansible_host  may be set either in case when json_query(find_bridge) or replace('-','_') fails17:21
*** gkadam has quit IRC17:21
jamesdentonhttp://paste.openstack.org/show/741595/17:21
jamesdentonfirst example wrapped in quotes, second without17:22
*** gyee has joined #openstack-ansible17:24
*** mathlin has joined #openstack-ansible17:25
evrardjpmnaser: far back, beginning of cycle17:32
evrardjpI want to have a working master before bumping it and see the fallout17:32
evrardjpI need to focus on automating this with a proposal bot17:33
*** priteau has quit IRC17:33
noonedeadpunkjamesdenton it seems, you're right....17:34
noonedeadpunkI'm trying to do smth with it, or, probably, will just revert this commit17:42
jamesdentoni'm trying a few permutations ,but no luck so far17:43
noonedeadpunkjamesdenton: so the problem I've tried to fix (debug is just printing metal_query): http://paste.openstack.org/show/741597/17:44
*** thuydang has joined #openstack-ansible17:45
broken_onenoonedeadpunk: does it also fail on vlan tagged subinterfaces?17:46
broken_onei.e.  bond0.25617:46
broken_one?17:46
noonedeadpunkbroken_one: this dot inside interface in interpreted incorrectly by json_query(), so yep, it should17:47
noonedeadpunkbut now I'm already not 100% sure in anything...17:47
broken_onenot sure how to rejoin the tokenized string back together with ansible17:48
broken_oneeasy in python17:48
broken_oneansible not so much17:48
*** vnogin has joined #openstack-ansible17:48
openstackgerritMichael Vollman proposed openstack/openstack-ansible-os_manila master: Basic working os_manila role  https://review.openstack.org/61193017:50
*** vnogin has quit IRC17:50
*** dcdamien has quit IRC17:52
broken_onenoonedeadpunk: i messed with it for about 3 hours yesterday and could only keep functionality by hacking together my paste17:52
broken_onei still ahve more conditions to test i think but it "works"17:53
*** shardy_ has quit IRC17:53
noonedeadpunkI think, I'll revert patch as for know and will think about solution after.17:55
*** DanyC has joined #openstack-ansible17:58
*** DanyC has quit IRC17:59
broken_oneok i will test your patch after the merge for sure17:59
broken_onethe next issue is the veth wiring17:59
*** DanyC has joined #openstack-ansible17:59
broken_onei will also put the patch from jenglisch for the script file18:00
*** mathlin has quit IRC18:00
openstackgerritGuilherme  Steinmuller Pimentel proposed openstack/openstack-ansible-os_placement master: [WIP] Create base files to install placement  https://review.openstack.org/61882018:01
*** TxGirlGeek has quit IRC18:02
*** TxGirlGeek has joined #openstack-ansible18:03
openstackgerritMohammed Naser proposed openstack/openstack-ansible-os_keystone master: Allow messaging to be disabled  https://review.openstack.org/62255118:03
*** thuydang has left #openstack-ansible18:05
noonedeadpunkhave some idea, but need to test it.18:05
broken_oneif you need a 2nd tester for your idea then paste the code and I will be happy to18:07
*** cshen has joined #openstack-ansible18:12
*** kopecmartin is now known as kopecmartin|off18:13
*** electrofelix has joined #openstack-ansible18:15
*** electrofelix has quit IRC18:20
noonedeadpunkbroken_one: for sure I will. I'm not the fastest one, and have to participate in a meeting now....18:20
*** mathlin has joined #openstack-ansible18:23
*** luksky has joined #openstack-ansible18:24
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible master: Make OVN track master branch  https://review.openstack.org/62991418:25
broken_onenoonedeadpunk: sure thing, just let me know when  :)18:25
broken_onejamesdenton: would it be a large effort to have OSA assume all things are OVS instead of a mixture of linuxbridges and ovs?18:26
jamesdentonat this point? yes, i think so.18:26
jamesdentonthere's getting it to work (probably straightforward) and having it be supported (not likely to happen any time soon)18:27
broken_onewhat would be the criteria to get it supported?18:27
jamesdentontesting18:27
jamesdentonand adoption18:27
broken_one<--- first candidate :)18:28
jamesdentonand development18:28
jamesdentonheh18:28
broken_onei have a couple of people interested18:28
jrosserand confidence that architecturally we're happy18:28
jamesdenton^^18:28
jrossergiven that the current controlplane linuxbridge + compute/neutron OVS works just fine18:29
broken_oneso we want to use OSA instead of triple0 in production18:29
evrardjpI don't think it would be that bad to implement18:29
evrardjpit's just that nobody really cared that much18:29
broken_onetrust me18:29
broken_onei/we care18:29
evrardjpThen I guess we'll see the code :)18:29
evrardjpfor OSA you probably need to have a different scenario that deploys OSA with different networks using OVS. Shouldn't be that hard, but that's a first step. the bootstrap host role need change there to adapt this.18:30
broken_oneok will meet with the team in about an hour and we will determine the amount of effort required18:30
jrosserinteresting to understand properly why its a big deal18:31
evrardjpThen with that in mind, you'll probably need to wire things properly. Assuming you want minimum effort, and avoid containers, you could be ready to go very fast, just need a few overrides in openstack_hosts I'd say18:31
jrosserpartiuclarly as you'd be in a small club with that setup, when it comes to getting help / comparing issues18:31
evrardjpbut like jrosser said -- There are many fallouts you'll have in prod. with one OVS if you are not careful, and you'll be alone18:32
broken_onei havent seen a big issue with going all OVS18:32
evrardjpI guess it depends on how noisy your neighbours are :D18:33
broken_onei dont see neutron messing with the sdn bridges18:33
evrardjpyeah that thing has been solved in 14.04 IIRC18:33
jamesdentonit's absolutely doable. For OSA, though, it's a bit of an effort to go that direction, that's all. Like you said, TripleO/OSP and some of the others do it.18:33
evrardjpyeah18:33
broken_oneyeah18:33
broken_onewe just like OSA modularity18:34
broken_oneso beautifully designed imo18:34
evrardjpthanks18:34
evrardjpthat's always nice to hear18:34
jamesdentoni have yet to justify the effort to personally make it happen and work out all of the tests, AIO/MNAIO scripts, etc. to make it go.18:34
broken_onewell if all goes sideways, we do have linuxbridges working...i think without neutron router HA18:35
broken_oneso we have a fallback18:35
*** DanyC_ has joined #openstack-ansible18:35
broken_oneand can stick with OSA18:35
broken_onebut we want OVS and HA routers18:35
jrosserbroken_one: can i just check we are all talking about the same thing18:36
broken_onesure18:36
jamesdentonwell, it should be pointed out that there is a pretty good separation of control and data plane networks with OSA. You *can* have linuxbridge for control plane (only thing we do) and OVS for data plane (VM networks). They can co-exist quite well18:36
jrosseryou can have neutron OVS today and the control plane containers using linuxbridge18:36
jrosserthats all completely OK afaik18:36
broken_onei agree with that18:36
jrosserthe only sticky bit for OSA is bringing the whole control plane onto OVS18:36
jrosserif you are prepared to compromise on that you follow a tested supported path here18:37
evrardjpbroken_one: you can have ha routers without OVS18:37
jamesdentonyour vxlan issues may be a result of the bug we found earlier with IP detection and something else undetermined. Rest assured, we manage many working production setups in pure LB and hybrid LB/OVS scenarios18:37
jrosserjamesdenton: i was interested in comparing notes on that VXLAN stuff with you18:38
jrosseri'm doing VXLAN and HA with linucbridge so it all seems OK here18:38
*** DanyC has quit IRC18:38
broken_oneok then my team will look at both scenarios18:39
broken_onethe tested/supported way with LBR and OVS18:39
broken_oneand then going full OVS18:39
*** DanyC_ has quit IRC18:39
jamesdentonjrosser the issues we had may be legacy issues related to lack of multicast support (on our end), l2population issues (w/ allowed-address-pairs), MTUs, etc. I think a lot of that has been addressed in recent (post Newton) versions, but we pretty much standardized on vlan at that point18:39
jrosserjamesdenton: ah ok - i'm doing full multicast so might not see the same things18:40
broken_oneah yes jamesdenton, was wondering why you decided on vlan and not somuch vxlan18:40
jamesdentonplus, tenant networking requires neutron routers and the HA story there is sometimes not great. router failover can be delayed due to keepalived issues we found at the time.18:41
jamesdentonkinda one of those.. burn me once, shame on me type things.18:41
broken_oneunderstandable18:42
jamesdentoni messed that quote up, but you get the point.18:42
jamesdentonhehe18:42
broken_onehas it not been revisited?18:42
broken_onei know it was horrid prior to liberty18:42
broken_onem and n were suppose to make it more reliable18:42
broken_onewith that said I do still see some issues in a pike tripleO18:43
broken_onebut hadnt had to touch that cloud for almost a year before the issue cropped up18:43
jamesdentonyeah, we were having the failover issues thru mitaka and it was resolved in newer keepalived version that is/was not yet backported. and we don't like to carry changes/packages that aren't mainstream18:43
jamesdentonwe have a range of environments from kilo thru queens, so a lot to manage and keep track of.18:44
broken_oneso now yall are just on the , if aint broke...dont fix it trail?18:44
noonedeadpunkbroken_one just concept: http://paste.openstack.org/show/741607/18:44
jamesdentonbroken_one We subscribe to that, sure. Always keeping one eye on upcoming changes/tech but needing to maintain stable environments at the same time18:45
broken_onenoonedeadpunk: will test after this rancher 2.0 demo18:45
jamesdentonnoonedeadpunk did that work for you? i was on the same path trying to call out the full dict18:45
jamesdenton"tunnel_address": "10.0.240.120 || container_networks.tunnel_address.address || ansible_host"18:46
noonedeadpunkjamesdenton: Error in metal_query... Correct one is metal_query: "{{ hostvars[inventory_hostname]['ansible_' ~ (hostvars[inventory_hostname] | json_query(find_bridge) | replace('-','_'))]['ipv4']['address'] }}"18:50
noonedeadpunknot correct, but which works)18:50
*** vnogin has joined #openstack-ansible18:51
jamesdentongotcha.18:51
noonedeadpunknot sure right now how to correctly combine the old logic now. probably, via default()18:52
noonedeadpunkand if this doesn't suite no reason to search18:53
jamesdentonso default(ansible_host)?18:55
*** vnogin has quit IRC18:56
jamesdentondoes the query have to change? Seems to work ok with the new metal_query (in my limited test)18:56
*** rholloway has joined #openstack-ansible18:58
noonedeadpunkjamesdenton: so you just pass this dict structure to json_query()?18:58
*** strattao has quit IRC19:01
noonedeadpunkjamesdenton I was meaning smth like this http://paste.openstack.org/show/741614/19:01
*** electrofelix has joined #openstack-ansible19:02
*** electrofelix has quit IRC19:04
*** strattao has joined #openstack-ansible19:07
noonedeadpunkbroken_one jamesdenton check this one pls http://paste.openstack.org/show/741616/ as +- final option19:09
jamesdentonworks for is_metal, not for container19:12
jamesdentonfails against neutron_server container, which doesn't have a tunnel_address and should pick up ansible_host19:13
*** rholloway has quit IRC19:13
noonedeadpunkyeah... I see19:13
openstackgerritMerged openstack/ansible-hardening master: Switch to using import_tasks for static inclusion  https://review.openstack.org/61432919:14
openstackgerritMerged openstack/ansible-hardening master: Chrony: make ntp server options configurable  https://review.openstack.org/62931819:15
openstackgerritMerged openstack/ansible-hardening master: Chrony: add an option to sync the hardware clock  https://review.openstack.org/62933019:15
openstackgerritMerged openstack/ansible-hardening master: Chrony: new NTP server defaults  https://review.openstack.org/62968419:15
noonedeadpunkit seems, it goes to metal_query despite the fact is_metal is false...19:17
openstackgerritJonathan Rosser proposed openstack/openstack-ansible master: Call ceph-facts role as required by changes to ceph-ansible  https://review.openstack.org/62931719:17
jrossernoonedeadpunk: wonder if you need a | bool in there19:18
noonedeadpunkI guess, that's the reason, why json_query was used - probably, as it's set in vars, ansible tries to get both variables on ternary?19:20
noonedeadpunkjrosser: doesn't help here...19:20
jrosserIt would be worth looking back at how this code used to be before json_query19:27
jrosserThere was a huge pile of inline jinja iirc19:27
noonedeadpunkyeah, I saw it, and it was nesty...19:28
noonedeadpunkit move to json_query during R cycle..19:28
*** cshen has quit IRC19:54
*** strattao has quit IRC19:59
openstackgerritDmitriy Rabotjagov (noonedeadpunk) proposed openstack/openstack-ansible master: Revert "Fixed ability of usage interfaces/bridges with dots (aliases)" due to found problem in it  https://review.openstack.org/62992420:11
openstackgerritDmitriy Rabotjagov (noonedeadpunk) proposed openstack/openstack-ansible stable/rocky: Revert "Fixed ability of usage interfaces/bridges with dots (aliases)" due to found problem in it  https://review.openstack.org/62992520:12
noonedeadpunkjamesdenton: no ideas left, just reverting ^20:29
noonedeadpunkoh, come on.....20:34
noonedeadpunkplease try this out http://paste.openstack.org/show/741619/20:34
noonedeadpunkjamesdenton broken_one ^20:36
*** cshen has joined #openstack-ansible20:37
openstackgerritDmitriy Rabotjagov (noonedeadpunk) proposed openstack/openstack-ansible master: Fixes empty metal_query  https://review.openstack.org/62993020:40
*** cshen has quit IRC20:42
broken_one ok checking out 74161920:46
jamesdentonnoonedeadpunk i just tore down that environment, but i have another. will be a few min20:46
*** openstackgerrit has quit IRC20:50
jamesdentonnoonedeadpunk +120:51
jamesdentonworks as advertised20:52
noonedeadpunkjamesdenton glad to hear. Just so stupid mistake and spent hours for it's debug...20:53
jamesdentonlol i know. escaped double quotes. who knew...20:53
broken_onelooks to be working on my end as well20:53
* jrosser despairs at centos, what does this mean? http://logs.openstack.org/17/629317/7/check/openstack-ansible-deploy-aio_lxc-centos-7/0c862e9/job-output.txt.gz#_2019-01-10_20_14_13_36812720:53
cloudnullthere was an issue with the gpg key, i think ?20:54
broken_onenoonedeadpunk: thank you for that fix20:54
jrosserthis fix for that merged earlier i think, which is what i'm a bit wtf about that20:54
jrosseryes earlier in that log it pulls in the new key http://logs.openstack.org/17/629317/7/check/openstack-ansible-deploy-aio_lxc-centos-7/0c862e9/job-output.txt.gz#_2019-01-10_20_10_39_42546820:55
noonedeadpunkbroken_one: I'd broken, I've fixed:) So it just needs to be merged....20:55
broken_one:D20:56
broken_onehaving the meeting with team in 15 mins about OVS in OSA  :)20:59
noonedeadpunkoh, so it seemed, i was just in time:)21:00
noonedeadpunkbut now have to go - it's already 11pm on my clock...21:01
jrossermore centos stuff - do we think this looks right https://github.com/openstack/openstack-ansible-galera_server/blob/master/tasks/galera_install_yum.yml#L117-L12821:01
jrosserclear the repo metadata after adding the galera repo but *before* adding the percona repo21:02
jamesdentonthanks for knocking that out noonedeadpunk21:05
*** SimAloo has joined #openstack-ansible21:06
*** radeks_ has quit IRC21:12
*** openstackgerrit has joined #openstack-ansible21:14
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-galera_server master: Tidy yum repository setup  https://review.openstack.org/62993421:14
*** radeks has joined #openstack-ansible21:15
*** cshen has joined #openstack-ansible21:18
*** jpward1981 has quit IRC21:21
*** cshen has quit IRC21:22
*** priteau has joined #openstack-ansible21:26
*** priteau has quit IRC21:35
*** ansmith_ has quit IRC21:40
broken_oneso the team has a few questions regarding linuxbridge and ovs for OSA first21:41
broken_onehow many and which interfaces need to be created for linuxbridges21:41
*** radeks has quit IRC21:42
broken_oneand then which interfaces will live in OVS21:42
broken_oneif the deploy is the supported linux bridge + OVS combination21:43
broken_onethere is some contention among what the team considers data vs control21:43
*** cshen has joined #openstack-ansible21:44
jamesdentonthe terminology may be abused, but we define control as management/api/storage (i.e. non-neutron) and data as neutron traffic (vm)21:45
*** pcaruana has quit IRC21:46
jamesdentonso in a standard two-bond deploy, bond0 and related subinterfaces would be connected to linuxbridges, while bond1 would be connected to ovs provider bridge21:46
jamesdentonjust an example21:46
jamesdentonnow that neutron agents are installed on metal and not a container, the br-vxlan bridge isn't really bridging anything, but it does have the IP used for VTEP.21:47
broken_onethat makes sense21:49
broken_oneso then we have br-mgmt and br-storage on say bond0 ( linux bridges ) and we put br-vlan and br-vxlan on bond1 ( ovs )21:50
broken_onethat is the standard deploy OSA expects yes?21:50
jamesdentonmore or less21:51
*** cshen has quit IRC21:51
broken_oneyeah i mean not getting into vlan subinterfaces etc etc21:52
jamesdentonyeah, in newer releases the provider bridge gets created automatically and you can define the interface (bond1) that gets plugged in21:52
jamesdentonand by newer i mean master, currently.21:53
broken_oneok thsi will be something in the stein release of OSA?21:53
jamesdentonYou can do OVS now w/ Newton+, there's just a little more automation there now for some things21:54
broken_oneso we decided that21:54
broken_onewe will do a deploy of OSA rocky in the standard supported way first21:55
broken_oneusing lb and ovs21:55
broken_onethen we will do a deploy using pure OVS for all21:55
jamesdenton++21:55
broken_oneand see what is the best bang for the buck21:55
jrosserbroken_one: one of the neat things is you can integrate or separate all of the control plane functions across as many hosts as you like21:57
jrosserso if you had dedicated network nodes for example, there would be a very clearly defined OVS world on the computes/network nodes21:58
jrosserand all your infra stuff would look like linuxbridge21:58
jrosserso it would still be nice and tidy21:58
broken_onejrosser: yup that is what we plan to do21:58
broken_oneand have hardware already racked for production with that model in mind21:58
jrossermy control plane is on 16 nodes - i've taken a many/small approach rather than few/large21:59
broken_onethe control plane design is kind of over kill right now21:59
broken_onebut its built to scale to about 10k computes21:59
broken_onethat is about the size of our prod control plane22:00
mnaserbroken_one: 10,000 vms or 10,000 compute nodes22:02
broken_one10k computes22:02
broken_one10k vm's is nothing22:02
mnaserwhat sort of environment are you building out if you can share?22:03
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ops master: remove dynamic ns.enable generators  https://review.openstack.org/62993922:04
broken_onebuilding an IaaS that will run out PaaS and also get our org out of AWS, GCE, and Azure22:05
broken_ones/out/our22:05
broken_oneultimately we are trying to remove vmware from our environment :)22:06
mnaserbroken_one: nice22:08
mnaseron top of openstack?22:08
broken_oneyeah we plan to run Rancher 2.x on top of OpenStack22:09
jrossermnaser: one for you here https://review.openstack.org/#/c/629934/122:11
*** priteau has joined #openstack-ansible22:14
*** priteau has quit IRC22:21
mnaserjrosser: looking22:22
mnaseri see - > + and i like22:22
mnaserjrosser: lgtm22:23
*** strobelight has quit IRC22:32
*** strattao has joined #openstack-ansible22:45
*** dcdamien has joined #openstack-ansible22:45
guilhermesphuum looks like this continues to be relevant https://bugs.launchpad.net/openstack-ansible/+bug/178073323:03
openstackLaunchpad bug 1780733 in openstack-ansible "Neutron rootwrap error" [High,Triaged] - Assigned to David Wilde (david-wilde-rackspace)23:03
*** SimAloo has quit IRC23:05
*** jbadiapa has quit IRC23:10
*** ansmith_ has joined #openstack-ansible23:11
*** gyee has quit IRC23:11
*** strattao has quit IRC23:17
*** priteau has joined #openstack-ansible23:27
*** dcdamien has quit IRC23:27
*** hwoarang has quit IRC23:30
*** hwoarang has joined #openstack-ansible23:31
*** priteau has quit IRC23:32
*** luksky has quit IRC23:36
*** vicky84 has quit IRC23:36
*** cshen has joined #openstack-ansible23:47
*** cshen has quit IRC23:52
*** macza_ has quit IRC23:57
« Wednesday, 2019-01-09 Index Friday, 2019-01-11 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!