Tuesday, 2020-03-31

« Monday, 2020-03-30 Index Wednesday, 2020-04-01 »
*** pcaruana has quit IRC00:04
*** pcaruana has joined #openstack-ansible00:16
*** macz_ has joined #openstack-ansible01:00
*** macz_ has quit IRC01:05
*** DanyC has joined #openstack-ansible01:13
*** DanyC has quit IRC01:18
*** DanyC has joined #openstack-ansible01:47
*** DanyC has quit IRC01:52
*** spatel has joined #openstack-ansible02:03
*** openstacking_123 has quit IRC02:41
*** macz_ has joined #openstack-ansible02:49
*** macz_ has quit IRC02:53
*** threestrands has joined #openstack-ansible03:39
*** DanyC has joined #openstack-ansible03:48
*** DanyC has quit IRC03:53
*** spatel has quit IRC04:11
*** DanyC has joined #openstack-ansible04:24
*** DanyC has quit IRC04:29
snadgeERROR: Could not find a version that satisfies the requirement rally===3.0.004:33
snadgeoh i see.. im not the only one04:33
*** evrardjp has quit IRC04:36
*** evrardjp has joined #openstack-ansible04:36
*** udesale has joined #openstack-ansible04:42
*** dave-mccowan has joined #openstack-ansible05:14
*** miloa has joined #openstack-ansible05:18
*** DanyC has joined #openstack-ansible06:15
*** DanyC has quit IRC06:54
*** rpittau|afk is now known as rpittau07:17
*** mensis has joined #openstack-ansible07:19
CeeMacmorning07:21
*** tosky has joined #openstack-ansible07:29
*** kleini has joined #openstack-ansible07:35
ioniaio setups can be rebooted and all the networking comes up correctly ?07:43
*** jbadiapa has joined #openstack-ansible07:50
*** DanyC has joined #openstack-ansible08:16
*** DanyC has quit IRC08:24
*** DanyC has joined #openstack-ansible08:24
*** threestrands has quit IRC08:26
openstackgerritArx Cruz proposed openstack/openstack-ansible master: DNM - POC - Collect logs  https://review.opendev.org/70267608:32
*** andrewbonney has joined #openstack-ansible08:33
*** thuydang has joined #openstack-ansible08:48
*** mensis has quit IRC09:00
openstackgerritArx Cruz proposed openstack/openstack-ansible master: DNM - POC - Collect logs  https://review.opendev.org/70267609:18
*** thuydang has quit IRC09:18
*** thuydang has joined #openstack-ansible09:24
*** gshippey has joined #openstack-ansible09:30
jrosserioni: i'm not sure about that, it's certainly not tested09:30
*** sshnaidm|afk is now known as sshnaidm09:30
jrossernoonedeadpunk: any conclusion on rally? I have been testing out using meta: end_play to make it not deploy on < py 3.609:32
noonedeadpunkioni: on reboot loop drives are not get up09:33
jrosserdid we have a patch for that?09:33
noonedeadpunkjrosser: haven't finished yet. ended up on deploying sandbox, will continue in several minutes.09:33
ioninoonedeadpunk, ok, thanks09:33
noonedeadpunkI'm concerned a bit about not deploying rally, as this will result in non-working rally for users09:34
noonedeadpunkon train and stein09:34
noonedeadpunkand I know ppl are deploying it...09:34
openstackgerritMerged openstack/openstack-ansible-ops master: Expose Journalbeat queue configuration  https://review.opendev.org/71596909:43
kleiniInteresting discovery: My deployment of Keystone works if I use OSA 19.0.8 and Keystone logs have the same warning messages. So there is something wrong in stable/stein HEAD with Keystone bootstrapping.09:50
noonedeadpunkkleini: that's interesting thing...09:51
noonedeadpunkWill test that out09:51
noonedeadpunkand will hold off new release then09:51
jrossernoonedeadpunk: i was looking at the failing jobs last night and say something broken with keystone09:55
jrosseri have a meeting right now but can dig it out shortly09:55
noonedeadpunkwondering how https://review.opendev.org/#/c/714309/ has passed the CI then...09:56
noonedeadpunkkleini: was you trying stable/stein with https://review.opendev.org/#/c/714309/ or without it?09:56
noonedeadpunkit it updated keystone...09:56
noonedeadpunkoh... actually it didn't...09:57
kleiniI tested including that change.09:58
*** DanyC has quit IRC10:16
*** DanyC has joined #openstack-ansible10:16
*** DanyC has quit IRC10:20
kleinibtw openstack_service_setup_host on utility containers does not work 19.0.8, as it is missing then openstacksdk in that container10:32
kleiniGeneral question: Should OpenStack-Ansible always work with arbitrary values for all the possible configuration options? This results in a nearly untestable options matrix and I doubt to get a hopefully stable deployment...10:33
*** weshay|ruck has quit IRC10:35
*** weshay_ has joined #openstack-ansible10:35
jrosserkleini: this is working in my environment for the setup host http://paste.openstack.org/show/791390/10:43
kleiniSo I need both settings? I only added the first one.10:47
*** DanyC has joined #openstack-ansible10:56
*** DanyC has quit IRC10:56
*** DanyC has joined #openstack-ansible10:56
*** thuydang has quit IRC11:04
*** rpittau is now known as rpittau|bbl11:05
openstackgerritMerged openstack/openstack-ansible-os_neutron master: Missing document start "---"  https://review.opendev.org/71510311:06
*** DanyC has quit IRC11:12
*** DanyC has joined #openstack-ansible11:13
*** DanyC has quit IRC11:17
*** DanyC has joined #openstack-ansible11:19
jrosserkleini: yes i think you need both to pick up the python libraries installed into the utility venv inside the utility container11:22
kleiniokay, thanks11:23
jrosserkleini: regarding your question about many possible config values, OSA provides "sensible defaults" which are tested in CI. It is expected that you'll need adjust those for your particular deployment, referring to the documentation for the openstack services11:23
jrosserin addition we allow arbitrary key/value to be injected into pretty much all the config files from your user variables, so you are very much in control of what config goes where11:24
kleinithanks for your help and your answer. But failing a lot with clean deployments from scratch makes me suspicious whether we can use it to run a productive system. Or we need to learn much more as we currently now.11:30
*** kopecmartin has quit IRC11:51
*** kopecmartin has joined #openstack-ansible11:52
openstackgerritArx Cruz proposed openstack/openstack-ansible master: DNM - POC - Collect logs  https://review.opendev.org/70267611:56
*** kopecmartin has quit IRC11:58
*** weshay_ has quit IRC11:59
*** kopecmartin has joined #openstack-ansible12:01
*** rh-jelabarre has joined #openstack-ansible12:03
jrosserkleini: there are lots of people using OSA for production clouds right now, don't worry12:05
*** kopecmartin has quit IRC12:06
jrosserhowever it is still up to you to make a lot of decisions about networking and storage just like it would be with any other openstack deployment12:06
*** kopecmartin has joined #openstack-ansible12:07
kleinistorage is an existing Ceph. I only need to add the according configuration to OSA. ceph.conf is described but it is not described, how to add glance ceph client passwords and so on.12:08
kleiniephemeral will be on local SSDs12:08
kleiniimages and volumes on Ceph12:08
jrosseryou need to point OSA to your existing ceph cluster12:09
kleininetwork is currently 10G fiber, tagged VLAN, redundant switches and Open vSwitch on every node for bridges12:09
jrosserhere is what I have in user_variable_storage.yml to set up access to an external ceph cluster http://paste.openstack.org/show/791393/12:10
kleinisure, I need to point OSA to the existing ceph cluster, but this is not described anywhere12:10
*** weshay_ has joined #openstack-ansible12:10
kleinithanks for your paste, I found something similar. again missing is, how to configure passwords12:11
*** weshay_ is now known as weshay|ruck12:12
jrosserthere is a very small note about external ceph here https://docs.openstack.org/openstack-ansible/latest/user/ceph/full-deploy.html12:13
jrosserbut that really should be better12:13
jrosserwhich passwords do you need to configure?12:13
kleiniglance_ceph_client: glance configures, that glance authenticates as user glance on Ceph. and where does the password for this glance user in Ceph come from?12:14
*** rpittau|bbl is now known as rpittau12:15
kleinithat base64 encoded string in the client.glance.keyring file in /etc/ceph12:15
noonedeadpunkit's auth not via password but with cephx12:16
noonedeadpunkhttps://docs.ceph.com/docs/emperor/rados/operations/auth-intro/12:16
jrossersetting up the ceph pools and permissions on an external cluster is outside the scope of OSA, and if you were using ceph-ansible to do that it would be via something like this https://github.com/ceph/ceph-ansible/blob/4ac99223b2dff5cf264e1b1632bf89583bff3a25/roles/ceph-defaults/defaults/main.yml#L726-L73112:17
noonedeadpunkand token should be generated with ceph_client12:17
noonedeadpunks/generated/taken/12:17
jrossergiving the ip of the ceph mons to OSA, the expectation is that ansible can connect to the mon and retrieve the keyrings12:17
jrosserthat is not always possible, so you can also provide the keyrings manually if you are not allowed to connect to the mon with your OSA ansible12:18
jrossernoonedeadpunk: we really need better docs for *all* of this :/12:18
noonedeadpunk++ cant agree more12:18
kleiniokay, need to read about that, I though it was a username and a password. Maybe OSA can fetch the keyrings but I doubt it. Then everybody would be able to access the Ceph just by knowing the user glance exists there.12:19
jrosseri don't think thats how it works12:20
jrosserthey keyring needs to be present on the ceph client12:20
kleiniokay, so ceph client is in my case a glance container and glance in it, created by OSA. How does OSA place the keying in this container?12:20
noonedeadpunkand osa reaches mon where admin keyring is present...12:20
noonedeadpunkso it gets keyring from there and place inside osa container12:21
kleinisorry, mon is not reachable by OSA. very different system, where I have no access at all12:21
noonedeadpunkactually in train you can jsut provide keyrings folder to osa12:21
noonedeadpunkand don't give it access to mons12:21
kleinithat's what I need12:21
jrosserkleini: like i said earlier there are two possible mechanisms supported in OSA for external ceph clusters12:22
jrossereither you allow ansible to ssh into the mon and grab the key, or you provide the keys manually on the deploy host12:22
jrosserthey are then copied to the necessary places12:22
jrosserin your case you need to request that the necessary keys are generated by the ceph cluster admin12:23
jrosserthe example in ceph-ansible is probably exactly what you need12:23
noonedeadpunkI guess we didn't have option to provide keys in stein?12:23
noonedeadpunkor we did backport that...12:24
jrosserhere is the patch? https://review.opendev.org/#/c/671762/12:25
noonedeadpunkoh, it's even in master....12:25
noonedeadpunkbut I think it's pretty safe to take this exact role from master...12:26
jrosseror we backport it12:26
noonedeadpunkor this, yes:)12:26
jrosserbecasue this is a very reasonable use case12:26
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-ceph_client stable/train: Importing keyrings from files rather than from mons  https://review.opendev.org/71627412:26
jrosserkleini: which branch are you using?12:27
noonedeadpunkstein12:27
jrosserthats not a clean backport12:27
jrosserlet me quickly see how bad the conflict is12:28
kleiniI am currently testing with 19.0.8, 19.0.11, stable/stein. But I will test 20.0.2, too.12:30
*** rh-jelabarre has quit IRC12:31
*** rh-jelabarre has joined #openstack-ansible12:31
kleiniwhatever runs better with my necessary configuration changes: Users domain with LDAP auth, existing Ceph, dedicated network hosts, nspawn containers, neutron OVS12:32
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-ceph_client stable/stein: Importing keyrings from files rather than from mons  https://review.opendev.org/71627812:33
kleiniwhat is the nspawn equivalent for lxc_container_allow_restarts=false?12:34
jrosserkleini: perhaps this? https://github.com/openstack/openstack-ansible-nspawn_container_create/blob/master/defaults/main.yml#L58-L6212:38
maharg101I'm setting openstack_venv_python_executable: python3 in all.yml, but finding that the lxc containers don't have a python3. Is there a simple fix ? Python3 appears to be required by some roles now e.g. rally12:38
jrossermaharg101: which branch are you deploying?12:38
*** udesale_ has joined #openstack-ansible12:38
*** thuydang has joined #openstack-ansible12:38
jrosserkleini: you should find that the file defaults/main.yml in each of the OSA ansible roles is the "external interface" to the role. variables that are intended for you to override should all be listed in the defaults12:39
kleinithanks, that's a good hint12:40
*** udesale has quit IRC12:41
maharg101jrosser: stable/train12:43
jrosseron centos7?12:43
maharg101yep12:43
jrosserthat is a known issue, rally is "branchless", i.e it does not respect the standard openstack release cycles12:43
*** rh-jelabarre has quit IRC12:44
jrosserthere was a new version released this week which needs >= py3.6 so that has broken12:45
jrosserif you do not need rally please just comment out the rally playbook from playbooks/setup-openstack.yml12:45
maharg101gotcha - thanks jrosser12:45
jrossernoonedeadpunk is currently looking to see if we have a solution12:46
*** jamesden_ has quit IRC12:47
maharg101so setting openstack_venv_python_executable: python3 in all.yml didn't seem to work so well regardless of rally12:47
kleini20.0.2 fails building the venv in the utility container with Python3: "Failed building wheel for ujson". Is that a known issue on Ubuntu 18.04?12:47
maharg101kleini: yes that's what I'm hitting, in the wheel build virtualenv12:49
maharg101TASK [python_venv_build : Create the wheel build virtualenv (if it does not exist)]12:49
kleiniTASK [python_venv_build : Build wheels for the packages to be installed into the venv]12:50
kleinionly some little steps further12:50
*** jamesden_ has joined #openstack-ansible12:53
jrosseryeah ujson..... just a moment12:53
*** rh-jelabarre has joined #openstack-ansible12:54
jrossermaharg101: i don't think you should adjust the python executable like that12:58
jrosserthe deployment is python2 on centos for very good reason12:59
jrosserwhich is why on stable/train is says openstack_venv_python_executable: "{{ (ansible_distribution == 'CentOS') | ternary('python2', 'python3') }}"12:59
maharg101jrosser: yep was just trying to get it past the rally error, have reverted !12:59
jrosserkleini: can you give some more context for your 20.0.2 error, maybe paste the relevant things to paste.opentstack.org? like the few tasks leading up to it failing?13:02
kleinihttp://paste.openstack.org/show/791398/13:03
kleinisorry, I tried to upgrade my 19.0.8 deployment to 20.0.2, just to test, whether that works...13:03
*** weshay has joined #openstack-ansible13:23
*** weshay|ruck has quit IRC13:25
noonedeadpunkseems that paste is not full...13:26
noonedeadpunklast line stripped13:26
jrosseri am just starting a stable/train lxc aio here to see if i can repoduce13:28
jrosseri have to meeting now so will let that just run in the background for a while13:28
maharg101huge thanks for your help jrosser and sending best wishes to all in the OSA community13:31
jrosserthankyou :)13:31
kleinihuge thanks from me, too!13:32
kleinithis helps a lot!13:32
*** macz_ has joined #openstack-ansible13:38
*** thuydang has left #openstack-ansible13:38
*** openstacking_123 has joined #openstack-ansible13:40
*** macz_ has quit IRC13:42
noonedeadpunkjrosser: I'm thinking if we should better use py2 for stretch because of py3.5 on board rather than py3 venvs?13:43
jrosserwe could move it into the same class of deploy as centos713:44
jrosserand we have a transition already on stable/train?13:44
noonedeadpunkAt least we've dropped it on master13:44
noonedeadpunkso yeah13:45
jrosserthat would mean a breaking change on train?13:45
jrosseror can we just do part of it13:45
noonedeadpunkI'm just afraid that with some time number of packages which will break for it will grow...13:46
*** openstacking_123 has quit IRC13:49
jrosserkleini: maharg101 my AIO is past the utility container setup without error13:56
jrosserthis is from checking out stable/train13:56
jrosserif things are going strange on a multinode deployment its sometimes useful to have an AIO build handy to compare against13:57
maharg101jrosser: containerised ?14:00
jrosserwith lxc, yes14:02
jrosserok setup-infrastructure just finished OK14:02
maharg101I don't know what difference AIO could make..14:03
jrosserthis is what i did http://paste.openstack.org/show/791401/14:03
jrosseran AIO will use the auto-generated config, thats probably the largest difference14:04
jrosserhere is where ujson is needed http://paste.openstack.org/show/791403/14:07
noonedeadpunkoh, btw14:14
noonedeadpunkujson has been fixed with 2.0.3 version released in beggining of march14:15
noonedeadpunk(or even 2.0.0)14:15
noonedeadpunkso we probably shoud write it down to our overrides of contraints14:15
noonedeadpunkI'll offer some patch I guess14:16
jrossernoonedeadpunk: thats already in requirements u-c i think14:16
noonedeadpunkbut not for stable14:16
noonedeadpunkfor master only14:17
jrosseri was interested to try to reproduce why that might fail on train14:17
jrosserbut i can't14:17
noonedeadpunkIt depends on hardware and things14:17
noonedeadpunkLast week here was another folk who has faced with the same issue14:17
jrosseroh is this a compiler specific thing?14:17
noonedeadpunkyeah14:17
noonedeadpunkthere was even a ML regarding that...14:17
noonedeadpunkhttp://lists.openstack.org/pipermail/openstack-discuss/2020-February/012376.html14:18
noonedeadpunksorry it's not beggiining of the thread:(14:18
*** jamesden_ has quit IRC14:21
*** dave-mccowan has quit IRC14:23
jrossernoonedeadpunk: i have a patch for ujson14:25
jrossershould we do master and backport or direct to the stable branches?14:25
noonedeadpunkI think direct but thought to inlcude it to https://review.opendev.org/#/c/715215/14:26
noonedeadpunknot sure about stein though - it seems that it raises issue only for py3 compiler...14:26
noonedeadpunkwe don't need it for master as it's already in u-c14:27
jrossershall i leave for you to add there?14:27
jrosserit's just one line after all14:27
noonedeadpunkI just edit global-requiremnts as well so it may be a conflict there...14:27
jrosseralso we need to unblock the lxc_<> roles14:28
noonedeadpunkyeah14:28
jrosserthose are now preventing other things from merging14:28
noonedeadpunkjrosser: or actually, we can build py3.6 for stretch with pyenv....14:32
noonedeadpunkbut not sure if it's not to much effort...14:33
*** dave-mccowan has joined #openstack-ansible14:33
jrosserstretch is the biggest corner case we have as it's py3.514:37
jrosseri figure we'd have to add pyenv to openstack-hosts?14:39
*** spatel has joined #openstack-ansible14:48
spatelIs there any vendor ethernet nic support SR-IOV with security-group feature?14:49
spatelMellanox doesn't support security-group with sriov14:49
jrosserafaik the security group part sits either in iptables or ovs14:50
jrosserso it doesnt really exist when using normal SRIOV14:50
jrosseri would be checking out what the current state is with mellanox ASAP2 with regard to security groups14:51
*** Adri2000 has quit IRC14:51
kleiniI doubt, that security groups can be run on hardware through SR-IOV. That is too complex.14:55
*** Adri2000 has joined #openstack-ansible14:56
jrossermellanox have an openflow switch on the nic14:57
jrosserin terms of the silicon a lot of this is possible, depending on things being wired up correctly into ovs offloading14:57
kleiniinteresting15:00
*** macz_ has joined #openstack-ansible15:03
*** dave-mccowan has quit IRC15:04
*** dave-mccowan has joined #openstack-ansible15:06
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible stable/train: Fix python2 support  https://review.opendev.org/71521515:09
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible stable/train: Bump SHAs for stable/train  https://review.opendev.org/71431015:13
noonedeadpunkjrosser: I missed - what was the result for keystone on stable/stein?15:14
noonedeadpunkHave we things to fix there or I can suggest a release?15:14
*** spatel has quit IRC15:14
jrosseri need to find it again - not sure which branch actually15:17
noonedeadpunkI guess kleini had problems with stable/stein15:19
noonedeadpunkwhile on the latest tag things were working15:19
noonedeadpunkI can spawn another snadbox in case you've lost yours15:19
jrosserthis was in a zuul job perhaps a one off15:20
jrosserstacktrace in the keystone log15:20
kleiniThis happened for me with stable/stein including that mentioned commit. it does not happen with 19.0.8. will test tomorrow 19.0.1115:21
*** spatel has joined #openstack-ansible15:22
jrossernoonedeadpunk: i cannot find the job with the odd keystone error15:25
jrosseri'm fairly sure the exception was "slice indices must be integers or None"15:28
*** tsturm2 has joined #openstack-ansible15:28
*** DanyC has quit IRC15:46
*** DanyC has joined #openstack-ansible15:46
jrossernoonedeadpunk: this is part of the problem with the lxc roles https://review.opendev.org/#/c/707943/13/test-vars.yml15:49
jrosserone of the lxc_container_create tests checks for there being no apparmor profile present15:49
jrosserbut we now define one unconditionally15:50
*** DanyC has quit IRC15:51
* noonedeadpunk tries to recall the reason why I added that15:52
jrosserthe unconfined profile is necessary to make buster work15:53
noonedeadpunkbut it breaks everything else?15:53
noonedeadpunknot everything, but our tests I guess15:54
*** DanyC has joined #openstack-ansible15:54
jrosseryes, the side effect is breaking this https://github.com/openstack/openstack-ansible-lxc_container_create/blob/master/tests/test-containers-functional.yml#L53-L5815:54
jrosserbecasue it is included with vars_file: common/test-vars.yml it is very hard to override for a specific host15:56
jrosserand even then, it might be necessary to make a container start at all on buster15:56
jrosserin which case that test can never pass15:56
*** udesale_ has quit IRC16:01
noonedeadpunk#startmeeting openstack_ansible_meeting16:04
openstackMeeting started Tue Mar 31 16:04:37 2020 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.16:04
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:04
*** openstack changes topic to " (Meeting topic: openstack_ansible_meeting)"16:04
openstackThe meeting name has been set to 'openstack_ansible_meeting'16:04
noonedeadpunk#topic office hours16:04
*** openstack changes topic to "office hours (Meeting topic: openstack_ansible_meeting)"16:04
arxcruzo/16:04
jrossero/16:05
noonedeadpunko/16:06
*** rpittau is now known as rpittau|afk16:07
noonedeadpunkok, so, arxcruz, take a world:)16:08
noonedeadpunk*word16:08
noonedeadpunklol16:08
arxcruzhehe16:08
arxcruzso, we are working in consolidate our skip list in one single repository16:08
arxcruzhttps://opendev.org/openstack/openstack-tempest-skiplist16:09
arxcruzthe idea is have a tool that will give you a list of tests to be skiped based on job, release, and installer (tripleo, osa, etc)16:09
arxcruzalso, a ansible module to call it directly on ansible16:09
arxcruzwe want it integrated with os_tempest as much as possible as well16:09
arxcruzthe idea is call something like tempest-skip --release master --job bla16:10
arxcruzand it return the skipped tests that we can pass to tempest16:10
arxcruzif anyone is interested in help, you are more than welcome, we are now in phase of discuss what the tool will do, and how16:11
arxcruzso it's a good start point :)16:11
arxcruzwe are doing this, because now, tripleo have jobs per component16:11
arxcruztripleo-component-compute16:11
arxcruztripleo-component-network16:11
arxcruzand sometimes we see tests failing in one job, but not in the other, because the component have a bug or whatever other reason16:12
arxcruzso we need now to be able to have a skip list per job/release16:12
arxcruzand we were for a long time wanting to have the skip list in their own repository16:12
arxcruzinstead of use the one we are using right now, that is from our now deprecated validate-tempest role16:12
arxcruzif osa are interested on this approach, it would be nice to coordinate collaboration :)16:13
arxcruzthat's it :)16:13
noonedeadpunkok, I see. Not really sure I got how ansible module should act. Like what it should do except running that command and what output it will provide?16:14
arxcruzthe mvp is call this command, and it return a list of the tests to be skipped, that can be saved in a txt file and pass to tempest16:14
arxcruzas we are doing today16:15
arxcruzhave an ansible module is just an idea if that will be done, or it would be easier to just call the command we are discussing16:15
jrosservars_files: "{{ release ~ '/' ~ job '/' skiplist.yml }}"16:15
noonedeadpunkOk, so it's output can be registered and passed to tempest role include as a variable?16:15
arxcruzyes16:16
arxcruzprobably can be done16:16
arxcruzas i said, we are in the beginning16:16
arxcruzplanning everything16:16
noonedeadpunkactually yes, I like jrosser's way of thinking...16:16
jrosserthis can probably be an ansible role that is called with branch/job and a var name16:16
jrosserit then set_fact that var name16:17
jrosserthen everything is nicely decoupled16:17
arxcruzyup, can be done in this way16:18
arxcruzbut i really looking for more integration between tripleo and osa :D16:18
jrossermaybe these can all co-exist16:18
arxcruzand have it integrated in os_tempest role16:18
arxcruznot only for us, but to osa16:18
jrosseri expect OSA would prefer something natively ansible in preference to a cli tool16:18
arxcruzand that's why I wanted to have an ansible module or role16:19
jrossersure16:19
jrosseris there anything you would like to specifically integrate in os_tempest?16:19
jrosserroles calling roles can get messy16:20
arxcruzI would like that the skip list used by osa be there as well :)16:20
arxcruzof course cores would be by both groups16:20
jrosserright - so if we could set a var with a role that generated the skip list we can pass it to os_tempest today16:20
arxcruzyup16:21
arxcruzwe can work in this direction16:21
jrosserand that would get wired in somewhere like this https://github.com/openstack/openstack-ansible/blob/master/playbooks/os-tempest-install.yml#L31-L3316:21
jrosseri have to be afk for a while16:22
arxcruzsure16:22
jrossernoonedeadpunk maybe you have some thoughts too?16:22
arxcruzanyway, we are working now in how the tool, so it might take a while until we are in a position to make everything work together16:23
arxcruzso, all help are welcome :)16:23
arxcruzthat's all from me16:23
noonedeadpunkYeah, I actually think that roles should remain as lightweight as possible. As we have option to write blacklists it's good to use it. IF somesthing needs to be adjusted in os_tempest regarding format of passed variables it it - it's good16:24
noonedeadpunkBut not sure that we should add this module as a requirement to the role16:24
noonedeadpunkAs it will influence not so well in case of role standalone usage16:24
arxcruzI see16:24
arxcruzyeah, we can think about it in the future16:25
arxcruzwhen we have something to show :D16:25
noonedeadpunkactually even if we make such dependendy - another var should be passed to notify whether use it or not16:26
noonedeadpunkBut I think that we also may be using your blacklisting role for our CI jobs as well16:27
noonedeadpunkso I probably pretty interested to have such tooling16:29
arxcruzcool :)16:30
arxcruzglad to hear :)16:30
*** evrardjp has quit IRC16:36
*** evrardjp has joined #openstack-ansible16:36
velmeranSo I got everything up and running last night, could login to the web interface and even uploaded an image.  This morning looking at things I found my compute node is not there.16:39
velmeranlooking at the system, the service for the neutron agent crashing/restarting constantly16:39
velmeranneutron-linuxbridge-agent: 2020-03-31 09:38:10.766 18509 ERROR neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Interface eth12 for physical network flat does not exist. Agent terminated!16:39
noonedeadpunkvelmeran: sorry we have kinda meeting here :p16:40
noonedeadpunkat least trying to have:)16:40
velmeranah no problem16:40
noonedeadpunkOk, so another thing I wanted to say is that our rocky finally entered EM16:40
noonedeadpunkand I hope that train bump will be merged soon as well16:41
noonedeadpunkbtw, openstack seems not to be supporting python 3.5 which comes with debian stretch16:41
noonedeadpunkhowever, we deploy venvs on py3.5 there and CI says it's wrking16:41
noonedeadpunkso we can kinda continue doing that or can actually rollback to py2...16:42
noonedeadpunkwhich will be kinda regression for users16:42
* jrosser back16:53
*** pcaruana has quit IRC16:56
noonedeadpunkjrosser: do you have some thoughts on this?16:59
jrosserthe easiest thing would be to not deploy rally, on stretch16:59
noonedeadpunkIn terms of rally, it can be deployed on py3 I believe17:00
*** ryneq has quit IRC17:00
jrosserso the issue there is the lack of py3 support on train17:01
noonedeadpunkthe thing is that py3.5 has not been tested according to https://governance.openstack.org/tc/reference/runtimes/train.html#python-runtime-for-train17:01
jrosserhrrm well yes then the whole business of deploying on stretch is not supported on that basis?17:01
noonedeadpunksmth like that17:02
noonedeadpunkdespite it works now17:02
jrossermaybe we start small17:02
noonedeadpunk(probably)17:02
jrosserbackport the necessary changes to python_venv build, which are are going to need anyway17:02
jrosserand then switch over just the utility host stuff17:02
jrosserbut it will still fail though?17:02
jrosserbecasue 3.517:03
noonedeadpunknope. but we don't run tempest against all projects tbh17:03
jrosseri thought the main issue was the installation of rally requiring >= py3.617:03
noonedeadpunkwhat do you what to backport for python_venv_build?17:03
noonedeadpunkjrosser: yeah, in case it's from master17:04
jrosseri fear we may be talking about different things :)17:04
noonedeadpunkbut I think we can bump rally to 1.7 and live with it17:04
noonedeadpunkAlso we maybe should do it in better way but currently it's not easy without circullar dependency17:05
noonedeadpunkok. so I think we have 2 problems now. Rally that's support only py3.6+17:05
noonedeadpunkand openstack not tested with 3.5 (but it seems to work as for now)17:06
*** andrewbonney has quit IRC17:07
noonedeadpunkI think between not being able to deploy rally and deploy <3.0.0 it's better to chose deploy <3.0.0?17:08
jrosseryes i would agree17:08
noonedeadpunkAnd actually https://review.opendev.org/#/c/715215/ passes for debian17:08
jrosserand that patch also fixes centos17:09
noonedeadpunkyeah17:09
noonedeadpunkit's a bit messy17:09
noonedeadpunkbut can't imagine another cleaner patch without disabling half of the ci17:09
jrosserit's ok - these are all external things that have changed underneath us17:10
*** pcaruana has joined #openstack-ansible17:10
jrosseri think we would better spend the time getting the backlog of patches in good shape than worry too much about stretch17:10
jrosserunless there are some deployments that are depending on something we are missing17:11
noonedeadpunkyeah, agree17:11
noonedeadpunkso I think we almost have clean branches then17:12
jrosseri need to go AFK again (TZ changed this is now an hour later for me)17:12
noonedeadpunkexcept lxc thing17:12
noonedeadpunkchanged for me as well...17:12
noonedeadpunkok, then I think we've done17:12
noonedeadpunk#endmeeting17:12
*** openstack changes topic to "Launchpad: https://launchpad.net/openstack-ansible || Weekly Meetings: https://wiki.openstack.org/wiki/Meetings/openstack-ansible || Review Dashboard: https://bit.ly/2SAcGAn"17:13
openstackMeeting ended Tue Mar 31 17:12:57 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)17:13
jrosseryes there are still small things - like my cleanup for infra pip/virtualenv has broken again17:13
openstackMinutes:        http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2020/openstack_ansible_meeting.2020-03-31-16.04.html17:13
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2020/openstack_ansible_meeting.2020-03-31-16.04.txt17:13
openstackLog:            http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2020/openstack_ansible_meeting.2020-03-31-16.04.log.html17:13
noonedeadpunkjrosser: sorry:(17:13
jrosserdon't worry :)17:13
noonedeadpunkoh, seems we're cleaning up too good now https://zuul.opendev.org/t/openstack/build/337476d000a74b0da7e8ff9ea7fc26b5/log/job-output.txt#487617:15
noonedeadpunkoh, btw, regarding zun, I think we should try to merge that https://review.opendev.org/#/c/692407/17:20
noonedeadpunkand work futher only with zun role17:20
noonedeadpunkI guess intergration itself is usefull and according to sandbox it works ok17:20
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible stable/train: Set bionic upgrade job to voting  https://review.opendev.org/70823817:21
*** jbadiapa has quit IRC17:52
mnasernoonedeadpunk: simple backport https://review.opendev.org/71627417:59
mnaserhttps://review.opendev.org/655331 another simple change18:00
mnaserhttps://review.opendev.org/690664 another trivial change18:03
mnaserand https://review.opendev.org/665238 :)18:04
noonedeadpunklast two not so simple as have conflicts18:04
mnaser(sorry, i'm going over all of oru chagnes)18:04
mnaseroh they do? crap18:05
mnaseri don't see them in gertty18:05
mnaseroh they do.18:05
openstackgerritMohammed Naser proposed openstack/openstack-ansible-lxc_container_create master: Use lxc-3 syntax for tests  https://review.opendev.org/66523818:05
mnaserthat's a rebase18:06
noonedeadpunkthe last one will fail I guess as tets are broken now:(18:06
noonedeadpunkbut yeah18:06
mnaseri thougth they were broken for train only?18:06
noonedeadpunkI guess we just didn't try to land anything for master18:07
noonedeadpunkbut not sure though18:07
noonedeadpunkI can rebase these ones18:08
noonedeadpunkif you wish18:08
noonedeadpunkvelmeran: I guess we've lost your questions while meeting(18:08
noonedeadpunkwhat's in yours provider_networks?18:08
noonedeadpunkI guess you've set br-vlan on eth12?18:09
mnasernoonedeadpunk: yeah.. can you also do the retirement of pip_install and repo_build so we don't "Release" them when we don't use them?18:10
velmeranHi, I think I figured out the issue, its to do with the mapping of physical_interface_mappings = vlan:eth12,flat:br-vlan18:10
noonedeadpunkyeah18:10
noonedeadpunkvelmeran: yep and it's set in openstack_user_config.yml in provider_networks18:10
noonedeadpunkI guess you have this https://opendev.org/openstack/openstack-ansible/src/branch/master/etc/openstack_deploy/openstack_user_config.yml.aio.j2#L98-L10618:11
noonedeadpunkSo you should use only valid interfaces that you do have on your hosts18:11
velmeranI'm on centos, so I don't have a /etc/network/interfaces where some one showed how to make a fake eth12 on the interface for it to bind, so trying to sort that out18:11
noonedeadpunkin terms of br-vlan (flat) you can just omit it18:11
noonedeadpunkand use vxlan isntead18:11
velmeranlike, just remove the whole -network section for the flat part?18:12
noonedeadpunkyep18:12
velmeranokay, let me give that a try.18:12
noonedeadpunkand re run os-neutron-install.yml18:13
noonedeadpunkvelmeran: flat part which relies to br-vlan)18:13
*** mgariepy has quit IRC18:15
*** miloa has quit IRC18:19
*** mgariepy has joined #openstack-ansible18:21
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-galera_server master: tox: Keeping going with docs  https://review.opendev.org/69066418:23
velmeranOkay, that seems to have gotten the systems happier with the linuxbridge, but on the compute node I'm now getting errors about the oslo.messaging drivers referencing rabbit, giving me a connection failed.  compute node still doesn't seem to show up in any services/agent queries from openstack.18:27
velmeranI only did the neutron install playbook, maybe I need to do the full openstack install to fix rabbit?18:28
noonedeadpunkand how do they look like?:)18:30
noonedeadpunkerrors I mean. can you paste them?18:31
velmeranMar 31 11:25:48 opnstack-cmpute-01 neutron-linuxbridge-agent: 2020-03-31 11:25:48.025 1519 ERROR oslo.messaging._drivers.impl_rabbit [req-4e0413d1-054e-4b3b-9bca-f5c4e574d6fe - - - - -] Connection failed: [Errno 113] EHOSTUNREACH (retrying in 6.0 seconds): error: [Errno 113] EHOSTUNREACH18:32
velmeranthe main controller doesn't have any errors at the moment.18:32
noonedeadpunkthis looks like some networking issue....18:32
noonedeadpunkSo is mgmt network present on compute nodes and are cotrollers reachable through it?18:33
noonedeadpunkand actually are rabbit containers laucnhed18:34
*** mgariepy has quit IRC18:35
velmeranhumm. so rabbit container is running, but I can't ping it from compute.18:36
velmeranshould I have a lxcbr0 on compute?18:36
noonedeadpunkno18:37
noonedeadpunkbut you should have mgmt network there18:37
noonedeadpunkthe one which is on eth1 of rabbit container18:37
noonedeadpunk(generally)18:37
velmeranyea, controller can ping the rabbit mgmt network address.18:37
noonedeadpunkand another controller?18:38
noonedeadpunkif you have several ofc18:38
noonedeadpunklike management network should be present and reachable on every host and container18:39
noonedeadpunknice, train bump passed ci https://review.opendev.org/#/c/714310/18:40
velmeranjust a single controller, compute, storage system.  storage can't ping rabbit either18:41
noonedeadpunkI guess storage can miss mgmt network if it's required18:42
noonedeadpunkstorage is connected generally with storage net18:43
noonedeadpunkSo I think you should look into your networking and how mgmt net is configured18:43
velmeranyea, something strange is up. I have that mgmt network setup as a /22 on the switch, router, and on each server, and everything seems to talk to the 10.0.60.X subnet, but the 10.0.61,62,63 aren't talking.18:45
jrosservelmeran: is this physical hosts?18:46
velmeranno, all three host are just VM's, I am mostly just testing deployment before I get some hardware in to do a real deploy.18:47
*** mgariepy has joined #openstack-ansible18:48
jrosseryou will need to make sure that whatever you are using to provide the VM does not do any kind of mac address security18:50
jrosser"just VMs" brings a whole load of baggage that you don't get with physical hosts, and what you describe happens very commonly when people try to test out multinode openstack in vmware, for example18:50
*** DanyC has quit IRC18:52
velmeranyea, I wouldn't be surprised if that was causing issues.  right now it seems the containers on the controller can see each other, can see the controller, and can get internet, but they aren't seeing anything else.18:53
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-repo_build master: Retire openstack-ansible-repo_build role  https://review.opendev.org/71638918:55
jrosservelmeran: it is likley becasue the VM is only allowed to send from the mac address that the hypervisor thinks it has18:56
*** d34dh0r53 has quit IRC18:56
jrosserbut these many more interfaces you've created have a bunch of mac/ip which that doesnt understand18:57
*** cloudnull has quit IRC18:57
velmeranokay. I'll do some research, its a Vmware setup with a dvSwitch, using a trunk port setup to pass vlans into that then get defined by the host.18:58
jrosserjamesdenton: ^ do you have any tips here for vmware?18:59
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-repo_build master: Retire openstack-ansible-repo_build role  https://review.opendev.org/71638919:00
*** tsturm2 has quit IRC19:06
*** Soopaman has joined #openstack-ansible19:08
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-repo_build master: Retire openstack-ansible-repo_build role  https://review.opendev.org/71638919:16
noonedeadpunkmnaser: my turn to ping you for a vote :p https://review.opendev.org/#/c/715215/ https://review.opendev.org/#/c/714310/ https://review.opendev.org/#/c/708238/19:17
mnasernoonedeadpunk: nice, +3, does that mean once this lands, stable/train should be unblocked?19:19
noonedeadpunkyeah19:21
noonedeadpunkactually only https://review.opendev.org/#/c/715215/ would be enough19:22
noonedeadpunk(to unblock train)19:22
mnasercool, once that lands, lets do a mass-recheck19:23
*** DanyC has joined #openstack-ansible19:24
*** DanyC has quit IRC19:29
openstackgerritMerged openstack/openstack-ansible-galera_server master: tox: Keeping going with docs  https://review.opendev.org/69066419:30
*** mgariepy has quit IRC20:21
openstackgerritMerged openstack/openstack-ansible-ceph_client stable/train: Importing keyrings from files rather than from mons  https://review.opendev.org/71627420:26
*** mgariepy has joined #openstack-ansible20:34
*** kleini has quit IRC20:40
*** gshippey has quit IRC20:46
*** spatel has quit IRC21:44
*** jamesden_ has joined #openstack-ansible22:21
*** DanyC has joined #openstack-ansible22:33
*** jamesden_ has quit IRC22:37
*** DanyC has quit IRC22:39
velmeranOkay. I got it working...  99% reading, 1% making three simple changes on the dvswitch in vcenter...22:44
*** Soopaman has quit IRC22:49
*** tosky has quit IRC22:54
*** macz_ has quit IRC23:06
*** ianychoi has quit IRC23:15
*** ianychoi has joined #openstack-ansible23:16
*** rh-jelabarre has quit IRC23:43
openstackgerritMerged openstack/openstack-ansible-ceph_client master: Updated from OpenStack Ansible Tests  https://review.opendev.org/71235923:49
velmeranSo here are my notes on getting things "working" on ESXi/vCenter 6.7 and Centos7 Latest:  http://paste.openstack.org/show/791427/23:49
velmeranHope that helps people out.23:49
« Monday, 2020-03-30 Index Wednesday, 2020-04-01 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!