Wednesday, 2020-12-09

« Tuesday, 2020-12-08 Index Thursday, 2020-12-10 »
*** tosky has quit IRC00:00
*** luksky has quit IRC00:29
*** nurdie has joined #openstack-ansible00:35
*** macz_ has quit IRC00:39
*** nurdie has quit IRC00:45
*** zigo has quit IRC00:54
-openstackstatus- NOTICE: The Gerrit service on review.opendev.org is being restarted quickly to make heap memory and jgit config adjustments, downtime should be less than 5 minutes01:08
*** cshen has joined #openstack-ansible01:25
*** cshen has quit IRC01:29
openstackgerritMerged openstack/openstack-ansible-ceph_client stable/ussuri: Allow to proceed with role if ceph_conf_file is set  https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/76595201:52
*** macz_ has joined #openstack-ansible02:31
*** rfolco has joined #openstack-ansible02:34
*** macz_ has quit IRC02:36
*** nurdie has joined #openstack-ansible02:42
*** nurdie has quit IRC02:46
*** nurdie has joined #openstack-ansible02:58
*** nurdie has quit IRC03:03
*** jamesdenton has quit IRC03:17
*** jamesdenton has joined #openstack-ansible03:18
*** cloudnull has quit IRC03:18
*** cloudnull has joined #openstack-ansible03:18
*** rfolco has quit IRC03:24
*** cshen has joined #openstack-ansible03:25
*** cshen has quit IRC03:30
*** nurdie has joined #openstack-ansible03:38
*** nurdie has quit IRC04:10
*** nurdie has joined #openstack-ansible04:10
*** nurdie has quit IRC04:15
*** cshen has joined #openstack-ansible05:26
*** simondodsley has quit IRC05:27
*** simondodsley has joined #openstack-ansible05:29
*** pto has quit IRC05:30
*** pto_ has joined #openstack-ansible05:30
*** cshen has quit IRC05:30
*** evrardjp has quit IRC05:33
*** evrardjp has joined #openstack-ansible05:33
*** cshen has joined #openstack-ansible06:15
*** pto has joined #openstack-ansible06:17
*** pto_ has quit IRC06:17
*** pto_ has joined #openstack-ansible06:17
*** pto_ has quit IRC06:19
*** cshen has quit IRC06:20
*** pto_ has joined #openstack-ansible06:20
*** pto_ has quit IRC06:21
*** pto has quit IRC06:21
*** pto_ has joined #openstack-ansible06:21
*** gyee has quit IRC06:28
*** miloa has joined #openstack-ansible07:00
*** jbadiapa has joined #openstack-ansible07:09
*** cshen has joined #openstack-ansible07:11
*** pto_ has quit IRC07:49
*** pto has joined #openstack-ansible07:49
*** pto_ has joined #openstack-ansible08:01
*** tosky has joined #openstack-ansible08:02
*** pto has quit IRC08:04
jrossermorning08:05
jrosseri wonder why my centos environment var patch works on lxc deploys but not metal08:05
jrosserperhaps because the gate check script runs in a shell that exists before /etc/environment is modified08:07
*** mmethot has joined #openstack-ansible08:07
*** mmethot_ has quit IRC08:10
*** pto_ has quit IRC08:11
*** pto has joined #openstack-ansible08:11
*** andrewbonney has joined #openstack-ansible08:13
*** rpittau|afk is now known as rpittau08:14
*** pto_ has joined #openstack-ansible08:21
*** pto has quit IRC08:24
*** rfolco has joined #openstack-ansible09:00
*** SiavashSardari has joined #openstack-ansible09:01
*** CeeMac has quit IRC09:07
snadgehow is the centos stream news going to affect openstack-ansible ?09:07
noonedeadpunksnadge: have not decided yet, but I think we will eventually drop centos support in several releases09:08
snadgei was going to deploy the next one on centos 8.. but it ends support next year, and i can get RHEL licenses for free09:08
snadgeits just laziness to deal with tracking registrations etc09:08
*** luksky has joined #openstack-ansible09:10
jrossersnadge: we did have a bit of discussion about this on irc yesterday09:18
jrosserone of the issues is that no one on the openstack-ansible core team is running centos clouds09:19
jrosserso it is a lot of maintenance overhead taken from peoples day job on something that they are not benefitting from09:19
jrosserif we were to have a set of committed contributors who supported the centos OS then things would certainly be easier09:20
snadgeyeah that's understandable.. i don't think I would be able to do that, but I could ask around at work09:24
snadgecompanies like IBM and RedHat should see value in something like openstack-ansible, I know their employees do.. people use open source solutions all the time, simply because its easier even if you can get "free" licensing there's still a process you have to go through for registration etc09:25
jrosserand also i don't really know much about how RHEL works, if it's going to be the same rolling release as Centos will become09:26
snadgei think the basic idea is that that centos stream because RHEL upstream.. so the changes in that will filter through to RHEL09:26
snadgebecause/become09:26
jrosserit is pretty scary from a CI point of view to know that the thing that passed tests today is less reproducible than you would like09:27
snadgeit might push people away from using centos in the enterprise.. as a way of basically getting RHEL stability for free09:28
snadgeif stream is quality wise, somewhere in between fedora and rhel, it might become popular09:28
noonedeadpunksnadge: we had kind of proof last year that RHEL does not care about OSA at all09:38
snadgethey have their own redhat branded openstack yes.. which helps people who want to pay for that in a commercial environment, and that's fine09:39
noonedeadpunkI don't recall avbout the details, but we had some simple request for Ansible at their Ansible Fest last year and they just ingored it and said they are not interested. I guess it's because they have tripleo and products to sell09:40
SiavashSardarimorning09:40
SiavashSardariI wanna update openstack_openrc SHA on stable/ussuri, should I go on and upload a patch or there is some other process for stable branches?09:40
noonedeadpunkSiavashSardari: we do bumps of SHAs in automated way once in 2 weeks09:40
noonedeadpunkand do releases based on that09:40
noonedeadpunkyou can update in manually if you wish, but dunno why you would do that09:41
noonedeadpunkjrosser: I was thinkin what we could replace centos with and have no idea. The best thing was suse, but it was not stable as well and we've already dropped it...09:42
SiavashSardarinoonedeadpunk oh didn't know that09:42
snadgei dont think this has fully played out yet, there are a lot of people within these commercial organisations that value open source, including fedora etc09:42
SiavashSardariI did a minor upgrade and wanna take advantage of https://review.opendev.org/c/openstack/openstack-ansible-openstack_openrc/+/76350809:43
jrosserSiavashSardari: you can just change the SHA in your user_variables if you like09:43
jrosserfor that one repo, all of the data is in playbooks/defaults/... so is very low precedence for ansible variables09:43
jrosserit is designed this way so that you can customise it easily in your config09:44
snadgei know that redhat want to sell their commercially supported versions of openstack/openshift etc, but they also want people to install open source versions and use it as well because thats more people who will potentially upgrade to a supported version later09:44
SiavashSardarijrosser yeah, I'll do that till the next bumping. thanks09:44
noonedeadpunkFedora is not an option, lol. it super unstable even comparing to centos stream. and it's support term is 6 month iirc09:44
snadgei know, i just used it as an example because there are people within these commercial organisations, who are enthusiastic about fedora and use it internally for development purposes etc09:45
snadgethey're not running clouds off it no09:45
jrosseri think that this comes down to "would anyone choose to use centos stream to deploy openstack-ansible in a production environment"09:46
jrosserif there are sufficient of those folk who exist and want to take on maintainance then that is all fine09:46
noonedeadpunkyeah, exactly09:46
snadgethats right, and I think that remains to be seen.. and im usually optimistic, but I'm not sure if I am this time09:46
jrosserfrom a practical POV, we have already seen one *massive* OSA contributor migrate off centos09:47
noonedeadpunkI think we probably end up dropping CI for centos, and leave things as is in an unsupported way09:47
jrosserand with the centos stream news yesterday spatel already says he will look for alternatives09:47
noonedeadpunkwondering what he will come up with...09:48
snadgethe guys at work have finally switched to openstack train on cent 7, which frees up the previous production system for something new09:48
snadgethats a project that will start early in the new year some time09:49
*** macz_ has joined #openstack-ansible10:02
*** macz_ has quit IRC10:07
jrossernoonedeadpunk: do you have any good ideas for metal jobs with this LIBSYSTEMD_VERSION environment variable?10:26
jrosserseems to be either add it to the environment in zuul pre-gate playbook, or perhaps export an env var in the gate-check-commit script.....10:26
noonedeadpunkhm, and https://zuul.opendev.org/t/openstack/build/aac08c7b31b047408fc1ab239b600130 has passed.....10:28
jrosseroh wait10:29
noonedeadpunkand the next recheck failed...10:29
noonedeadpunkso maybe this one had non updated image...10:30
noonedeadpunkbut I suppose we would update it...10:30
noonedeadpunkand we eventually placed the var https://51a12b4e70c36e2ff198-353a8055100be238a18e62fdcc374ef1.ssl.cf5.rackcdn.com/766030/4/check/openstack-ansible-deploy-aio_metal-centos-8/3ff1f97/logs/ara-report/results/218.html10:31
jrosseri was thinking that the var may not be present in the shell running ansible10:32
jrosserbecasue that is the same one that runs gate-check-commit.sh, and starts before the env var is written10:32
noonedeadpunkoh, yes, probably you're right....10:32
jrosserbut then why does the job you linked pass, this is strange10:33
noonedeadpunkalso we would need to backport this to U :(10:34
jrosseryes - just thankful that the centos upgrade job is nv right now otherwise we would be in even more difficulty10:39
noonedeadpunkbut, we change /etc/environment during setup-hosts, then we re-run openstack-ansible in shell script... So shouldn't ansible load correct env while we launch it? or because we call with the script it will share env...10:40
noonedeadpunkwell, that's pretty easy to check actually :)10:40
noonedeadpunkyeah, I was thinking that centos 8 is pretty stable in terms of upgrade jobs and maybe it's time to make them voting :))10:41
noonedeadpunkreally regret about these thoughts10:41
*** gshippey has joined #openstack-ansible10:44
pto_Have anyone here integrated openstack with Windows AD/LDAP?10:59
*** pto_ is now known as pto10:59
admin0pto, yes11:09
ptoadmin0: I dont see any config in openstack ansible to enable tls. Do you know if its possible?11:10
admin0not sure pto .. i had a config and it worked :D .. so never looked into it11:10
ptoadmin0: Could you share the working sample?11:11
admin0sure11:11
admin0one moment please11:11
admin0pto, https://gist.github.com/a1git/1f9b9e438c78683b900ff85d36d6ecc7 .. then after that, they can use domain.com and their AD user/pass11:14
admin0in our case, its internal traffic on a private vlan, so it worked on ldap .. never looked into anything else11:14
ptoadmin0: Awsome! Thx. But i dont think you run secure ldap11:15
admin0though i am building a new one where i need to do ldaps11:15
admin0this one was AD on a secure vlan11:15
admin0in 1 week, i have to do a ldaps on openldap11:15
admin0i will know more in 1 week11:15
ptoadmin0: I dont think its supported in the current config of openstack ansible. Cant find any reference to it11:16
admin0oh11:17
ptoadmin0: nvm. https://github.com/openstack/openstack-ansible-os_keystone/blob/dcc16da7e20f50e1f9e9cd56170427ec9491d15c/tasks/keystone_ldap_setup.yml#L3411:17
ptoadmin0: Its just passing a dict to the template, so you can put anything in11:17
admin0did you tried ldaps and it failed ?11:18
ptoadmin0: Its not accepting ldaps:// and if I enable tls and ldaps i get: AssertionError: Invalid TLS / LDAPS combination11:20
admin0oh11:23
admin0maybe best to check in #openstack-keystone11:23
*** SecOpsNinja has joined #openstack-ansible11:25
ptoadmin0: Channel is dead :-(11:25
kleinipto: I am using ldaps: http://paste.openstack.org/show/800888/11:38
kleiniIs it possible to use some wildcard to limit e.g. setup-hosts.yml to some host and all its containers? Something like --limit infra3,infra3_*11:40
kleinianswering again my own question: infra3-host_containers11:42
ptokleini: thx! I will have a look at it11:45
ptoLDAP error: http://paste.openstack.org/show/800889/11:45
kleinierror message very clearly states, that the connection is not possible. did you check ports of LDAP and encryption for example with openssl s_client and ldapsearch?11:48
ptoopenssl s_client -connect ADLDAP.srv.aau.dk:3269 gives http://paste.openstack.org/show/800890/11:49
ptoSeems to be tls1.211:50
ptoI guess i need to run startls and not ssl?11:51
kleiniI only heard about startls with IMAP, never with LDAP11:51
kleinioutput of openssl s_client looks good11:52
kleinican you have a look at the network traffic from Keystone to LDAP, whether at least some SSL handshakes take place?11:52
admin0 -l "infra3_*"11:52
noonedeadpunkpto https://docs.openstack.org/openstack-ansible-os_keystone/latest/configure-keystone.html#implementing-ldap-or-active-directory-backends worked for me with AD perfectly11:55
ptonoonedeadpunk: Thx! I have already been through it multiple times. I am no expert in AD, and the customer is running an AD forest and I think its different from a traditional AD11:58
jrosserdo you need to ensure that the CA cert from AD is installed into keystone container?11:59
jrosserpto: actually in your paste 'Verification error: self signed certificate in certificate chain'12:01
ptojrosser: Nice spotted.12:02
jrosserbeen there - done that..... i made this https://github.com/openstack/openstack-ansible-openstack_hosts/blob/master/tasks/openstack_hosts_ca_certificates.yml12:02
jrosserheres the whole patch so you can see which variables you need to use https://github.com/openstack/openstack-ansible-openstack_hosts/commit/1498d0d61de3ee8cea4b4e0ba8deb18c274ab1fe12:03
SecOpsNinjahi to all.  if you have multiple haproxy's and glance containers what do you use to have all the files sincronided? ceph/nfs? because i dont what NFS (for its non redundancy) and dont have expirence with ceph does anyone tried with glusterfs? i tried to see openstack-ansible but it doesn't seem to have any info regarding that12:05
noonedeadpunkI'd use ceph tbh12:07
noonedeadpunkit can brovide you not only block storage, but also object storage and fs (and even combined with ganesha nfs)12:08
noonedeadpunkobejct storage is compatible both with S3 and Swift12:09
SecOpsNinjanoonedeadpunk,  yep i do have cepth in my todo list but atm to resolve this problem regarding the 2º and 3º haproxy and glance hosts. whats the correct way to remove them until i have the HA filesystem installed?  the gance would be destroying 2 and 3 containers and them remove them with inventory-manage.py -r parameter?12:11
ptojrosser: Is it possible to rerun the tasks openstack-ansible-openstack_hosts by running openstack-hosts-setup.yml or will it break the installtion?12:13
admin0since glance does not change much, you can very much set it up in raid filesystem and rsync every X hour12:13
admin0it does not change much .. works just fine12:13
*** waverider has joined #openstack-ansible12:13
admin0and nothing will break if glance breaks ..  all that you lose is the limit to launch new vms12:13
noonedeadpunkyeah was thinking abou lsync eventually, but with lsync you need to set one glance as master one where all uploads would happen12:14
*** kukacz has quit IRC12:15
admin0pto, its safe to run  the ansible playbooks multiple times12:15
ptoopenssl s_client gives:Verify return code: 19 (self signed certificate in certificate chain) is that still a problem?12:21
SecOpsNinjayep i understand the rsync part, but atm i have 3 infra hosts with keepalive and with 1 replica of glance and haproxy in each infra. because of that i have some lets encrypt certificates and glance images spread by all the infra nodes  and aren't acessible in the current master. So to resolve this i was thinking to add a glusterfs volume but after thinking how to configure the glance contain12:22
SecOpsNinjaer to use i think its easier to remove the 2ª and 3ª replicas atm and put the openstack cluster working again (to create new vms)12:22
SecOpsNinjaand the openstack-ansible documentation is not very clear regarding removing this extra services/containers. I see the info regarding recreating them but not removing them12:23
kleinipto: this self signed certificate is the only problem your keystone is not connecting properly12:29
ptokleini: That is also my understanding, man if i can make ubuntu trust the cert, the it should work12:36
*** shyamb has joined #openstack-ansible12:38
admin0why not *not* use self signed and use a signed one ?12:51
admin0meh . why not use a signed one ?12:51
admin0hmm.. The `lxc` module is not importable. Check the requirements. - what error is this ?12:55
admin0never seen this before .12:55
admin0so i had a poc on ubutu 20.04 .. tag 21.1.0 .. poc went in good .. now reformatted, added new hosts .. and this came up12:56
admin0deploy is unchanged  ( just the facts and the old inventory removed)12:56
*** d34dh0r53 has quit IRC12:56
jrosserpto: yes you can use openstack-hosts-setup.yml --limit <containername> and it can be run as many times as you like13:06
*** shyamb has quit IRC13:06
*** d34dh0r53 has joined #openstack-ansible13:13
*** dave-mccowan has joined #openstack-ansible13:15
*** waverider has quit IRC13:18
*** maharg101 has joined #openstack-ansible13:19
*** dave-mccowan has quit IRC13:21
*** shyamb has joined #openstack-ansible13:22
noonedeadpunkjust in case decided to place PR https://github.com/systemd/python-systemd/pull/8913:25
ptoSSL trust is working, and the bare minimal config keystone is in plance, but its not working: http://paste.openstack.org/show/800894/13:27
ptodap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': '(unknown error code)'}13:28
*** kukacz has joined #openstack-ansible13:28
noonedeadpunkthe won't help us though....13:28
noonedeadpunkjust noticed that it hasn't been released for ages13:29
*** shyamb has quit IRC13:29
jrosserpto: may be another step in your certificates adventure....13:38
mgariepypto, try connecting fro python in from the virtual env.13:39
ptoGood idea. Thx for helping13:39
admin0hi all . what could this error be, and anyone seen it before ? https://gist.githubusercontent.com/a1git/0f6c81533d45bd0781f2a9b324c4eefd/raw/6fbf26d40dec844c4816d1a84a4477a426adfa9b/gistfile1.txt13:39
mgariepyalso, maybe add some debug to ldap . it might log the ldap query so it might help you debug it a bit13:40
mgariepydebug_level under the ldap section.13:41
SecOpsNinjais tere a easy way to remove a role from being install in a node?  or do i need to recreate the machine from scratch? i don't see the option to remove in the specificed roles like haproxy_server and magnum13:41
SecOpsNinjasupposly i can use absent option but having a bit of dificulty who to disable it...13:44
ptohmnn... SimpleLDAPObject.simple_bind is successful13:45
jrosserpto: there is a bunch of detail here https://docs.openstack.org/keystone/latest/admin/configuration.html#secure-the-openstack-identity-service-connection-to-an-ldap-back-end13:46
ptoIm out of time today and will dig deeper tomorrow. Thanks you all for helping! It has been very useful so far13:48
mgariepypto, then ldappool ;) or try to disable ldappool in the config.13:53
*** rfolco is now known as rfolco|brb13:59
*** waverider has joined #openstack-ansible14:04
*** spatel has joined #openstack-ansible14:08
spatelwhat variable i should use to change region globally ?14:20
mgariepyspatel, service_region ?14:21
spatelif i put that in user_variables then it will change it for every single service?14:22
mgariepyi do beleive so since it will override :  https://github.com/openstack/openstack-ansible/blob/master/inventory/group_vars/all/all.yml#L9414:23
*** johanssone has quit IRC14:23
*** crazzy has quit IRC14:24
*** crazzy has joined #openstack-ansible14:25
*** johanssone has joined #openstack-ansible14:26
spatelmgariepy: in my case i already cooked my openstack using ReigonOne default and now trying to change it. do you think if i put service_region: foo and re-run all playbook will fix it?14:28
admin0hi all.. what exactly does this error mean ?  https://gist.github.com/a1git/0e100976a09669d01eecdd6ad0333fdb14:30
*** noonedeadpunk has quit IRC14:30
*** noonedeadpunk_ has joined #openstack-ansible14:33
*** ierdem has joined #openstack-ansible14:34
ierdemHi everyone, can you explain me how can I list of queues in rabbitmq? Thanks14:35
ierdemWhen I execute "rabbitmqctl list-queues <Name>" command it returns empty, I do not know why. .14:36
spatelierdem: rabbitmqctl list_queues -p /nova14:36
*** SiavashSardari has quit IRC14:36
spatelrabbitMQ use vhost so you need to use -p key14:37
ierdemOh, thank you, it works now14:37
jrosseradmin0: i am guessing that whichever host 172.29.236.13 is not setup correctly14:38
jrosseri.e it has not had the lxc_hosts role run against it successfully for some reason14:38
admin0does having - in the hostname have any effect on this ?14:39
admin0that was the only diff from poc -> prod14:39
admin0reinstall with ubuntu 20, hostname had a lot of (dashes)14:39
jrosserthe error message seems unrelated to that really14:39
jrosseri don't know what the task is as that is missing from the paste14:39
admin0jrosser, this one has more debug and detail https://gist.githubusercontent.com/a1git/0f6c81533d45bd0781f2a9b324c4eefd/raw/6fbf26d40dec844c4816d1a84a4477a426adfa9b/gistfile1.txt14:40
jrosserbut it looks to be an ansible lxc module, and the error message suggests that the lxc python bindings are missing from the target host14:40
admin0wouldn't setup host take care of that ?14:41
jrosserthat should be installed by the lxc_hosts role https://github.com/openstack/openstack-ansible-lxc_hosts/blob/master/vars/ubuntu-20.04-host.yml#L4214:41
jrosseryou can check with apt if it is there14:41
admin0thanks for this link .. i will try to manually add these and see if it moved ahead14:41
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Fix libsystemd version for Centos  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/76603014:47
jrosser^ are you sure?14:48
jrosseris pkg-config always there?14:48
noonedeadpunk_well, yes. in your option I got `LIBSYSTEMD_VERSION=(239-41.el8_3)`14:48
noonedeadpunk_systemctl --version - `systemd 239 (239-41.el8_3)`14:48
jrosseroh no i mean the command pkg-config, won't we have to install that first?14:49
noonedeadpunk_not sure it's always there though.... but python-systemd relies on it...14:49
jrosseronly at build time though, and we target these tasks at all hosts right now14:49
noonedeadpunk_yeah, you're right14:50
noonedeadpunk_but we need another strange split then14:50
*** nurdie has joined #openstack-ansible14:50
noonedeadpunk_also I've noticed, that ansible do not consume /etc/environment so you was right about it as well14:51
jrosserhad loads of distraction today, still poking around at that14:51
noonedeadpunk_even when I sourced it - that does not help14:51
jrosserbroke my AIO and had to start again as well14:51
noonedeadpunk_ansible was able to do lookup only after I did relogin14:52
jrosserso do we perhaps want split[1] on the systemctl --version output?14:52
noonedeadpunk_http://paste.openstack.org/show/800900/14:52
jrosseractually its worse than that14:54
openstackgerritMarc Gariépy proposed openstack/openstack-ansible-os_horizon master: DNM simple test  https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/76623414:54
jrosseryou need pkg-config and systemd-devel everywhere that needs to run14:54
noonedeadpunk_agree. maybe we can use rpm then....14:54
jrosserso systemctl --version gives systemd 239 (239-41.el8_3)14:55
noonedeadpunk_yep14:55
jrosserso we take the [1] element from split?14:55
jrosserrather than -1 as my patch was which incorrectly takes the last thing14:55
* jrosser totally confused again becasue i'm sure we saw it do the right thing earlier14:58
noonedeadpunk_maybe they changed it again lol14:58
noonedeadpunk_and that's why we saw it passing14:58
jrosserhttps://51a12b4e70c36e2ff198-353a8055100be238a18e62fdcc374ef1.ssl.cf5.rackcdn.com/766030/4/check/openstack-ansible-deploy-aio_metal-centos-8/3ff1f97/logs/ara-report/results/218.html14:59
noonedeadpunk_maybe worth checking `rpm -qa systemd` and split on `-`14:59
noonedeadpunk_true14:59
jrossergood call on the regexp though14:59
*** waverider has quit IRC15:01
*** waverider has joined #openstack-ansible15:03
*** nurdie has quit IRC15:06
jrossernoonedeadpunk_: the only other route we have is deployment_environment_variables but i'm not so sure there is any way we can add something extra to that15:07
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Fix libsystemd version for Centos  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/76603015:08
jrosserok that looks good15:08
jrosserbut still the issue of the metal jobs i think15:08
noonedeadpunk_yeah, most likely it is15:09
jrosseri wonder if just using the zuul.d pre-gate playbook would do it15:10
jrosserif theres enough between that and gate-check-commit.sh for there to be a new login shell15:10
*** macz_ has joined #openstack-ansible15:10
jrosserthe same tasks could go there15:10
noonedeadpunk_but issue would still occur on real deployments then...15:11
noonedeadpunk_on real aio metal lol15:11
jrosserright, but i think we have a wierd case becasue the target is localhost?15:11
jrosserwould be interesting to see if your test you pasted behaves the same if the target is not local15:12
jrosserbut i agree that this is all really not nice15:12
SecOpsNinjain opnestaqck-ansible is there a easy way to remove installed componentes from especific host? or the only way is to reinstall host from scratch? the only info that i found was https://docs.openstack.org/openstack-ansible/pike/admin/maintenance-tasks/scale-environment.html#remove-a-compute-host but nothing regarding infra or storage nodes.15:13
*** nurdie has joined #openstack-ansible15:14
*** macz_ has quit IRC15:15
jrosserSecOpsNinja: to remove a service you would destroy the containers, then use the inventory-manage tool in the scripts directory to remove them from the inventory, and also you have to clean up openstack_user_config stuff does not come back15:15
jrosserafter that you would have some cleanup to do on haproxy15:16
SecOpsNinjajrosser,  but it the problem it seams in services that aren't installed in containers like haproxy15:16
jrosserwell, i think thats really a symptom of ansible (and configuration managment tools in general)15:17
SecOpsNinjafor that kind of services it seems there aren't a easy way to remove them15:17
SecOpsNinjasome roles have the option to remove them but it doesn't seem to be the case in openstack ansible haproxy_Server role15:17
jrosserreally the only thing we have is deleting lxc containers, nothing else really handles uninstalling15:18
SecOpsNinjaok i will try to remove it manually and then try to see i came make a commit with the option to have the uninstall option available15:18
SecOpsNinjait was my mistake creating a cluster with only 1 infra + 1 compute + 1 storage and after tryied to add multiple ones without having distributed storaged like glusterfs/ceph/nfs.... and now it seems hard to add ceph in the current state. so it seems best to remove the extra replcias and then with time try to add ceph storage to all the services15:20
jrosseri think its a balance between trying to keep an environment like that running through huge structural change15:22
jrosseror to just clean it and start again15:23
SecOpsNinjayep it been a learning phase for me regardiing openstack-ansible and openstack management :D15:24
noonedeadpunk_jrosser: I think we shoud just somehow source /etc/environment in the shell session (after setup-hosts) the only thing is that it is missing export (which is correct) and just source of the file doesn't work - it should be export15:25
*** miloa has quit IRC15:29
jrosserbit of stackoverflow suggests smt like for env in $( cat /etc/environment ); do export $(echo $env | sed -e 's/"//g'); done15:32
noonedeadpunk_this should work as well15:33
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Apply /etc/environment for runtime after adjustment  https://review.opendev.org/c/openstack/openstack-ansible/+/76624415:33
jrosserthats ok even without export?15:33
noonedeadpunk_gerrit is so laggy, that I can nowadays run `git review` and write in IRC about patch before it got pushed...15:33
noonedeadpunk_well set -a does export I think15:34
noonedeadpunk_at least that worked in my tiny script15:34
jrosseroh yeah, i find now its just slow enough that i start doing something else whilst waiting for the gerrit ui15:34
jrosserthats ruined productivity as i forget to go back to it15:34
noonedeadpunk_well if applying env will work, then  we probably just should mark centos metal job as nv for 76603015:37
jrosserah yes set -a /me reads man page15:37
spateljrosser: noonedeadpunk_ i am getting this rabbitMQ error on production cluster - http://paste.openstack.org/show/800902/15:47
spatellook like everyone saying restart cluster so what is the best way to restart, i did systemctl restart rabitmq but didn't help15:47
spatelI think i need to re-build cluster or something15:47
spateldoes rabbitmqctl stop_app  / rabbitmqctl reset / rabbitmqctl join would be enough ?15:48
spatelor use nuke way to fix15:49
*** macz_ has joined #openstack-ansible15:52
mgariepywow, how is metal check supposed to work? for my horizon patch, osa setup repo role, whcih install nginx, default config bind to 80, then haproxy fails to bind to 80 then dies there..15:56
mgariepyonly happens when testing horizon because it's the only service binding to 80. :/15:56
jamesdentoni guess one of those is binding to 0.0.0.0?15:59
mgariepynginx from repo15:59
mgariepythe order of stuff is not quite correct :D16:00
mgariepylol16:00
jrossermgariepy: perhaps we never quite finished the work for haproxy / metal / more things / horizon combination16:00
mgariepyyep, i'll fix repo role.16:00
mgariepyit does try to remove the nginx confg, then install the pkg..16:01
jrosserwell also horizon really should not bind to :80 either16:01
mgariepyno it's not horizon the issue here.16:01
jrosserhmm well actually thats...16:01
jrosseryeah theres now an internal vip on .101 for metal jobs16:01
mgariepyit's that the port is already occupied to by nginx from repo_server16:01
*** nurdie has quit IRC16:02
mgariepywhen haproxy tries to bind to it.16:03
admin0spatel, nuking works :)16:04
jrossermgariepy: it should be taking these https://github.com/openstack/openstack-ansible-repo_server/blob/master/defaults/main.yml#L51-L5216:04
admin0but you have to run the setup-openstack again after that16:04
spateladmin0: that is my last option, currently trying to see if i can recover16:05
admin0except database, i just nuke and redo it ..16:05
admin0save time16:05
spateli would use manual method to create all service account16:05
spatelrunning full setup-openstack will be big deal16:05
mgariepyit does for the slusshee servie16:06
mgariepyit does for the slusshee service16:06
mgariepyhttps://zuul.opendev.org/t/openstack/build/5bf01bb6687a41e0970220c461489297/log/logs/etc/host/nginx/sites-enabled/default.txt16:07
mgariepyjrosser, ^^16:07
jrosserdo we even need that?16:08
mgariepyhttps://github.com/openstack/openstack-ansible-repo_server/blob/master/tasks/repo_pre_install.yml#L8016:09
mgariepyin pre, so the file is removed (but doesn't exist) then the pkg is installed.16:09
*** waverider has quit IRC16:09
jrosserright16:10
openstackgerritMarc Gariépy proposed openstack/openstack-ansible-repo_server master: Fix order for removing nginx file.  https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/76625716:10
jrosserinterestingly it used to be in post-install https://github.com/openstack/openstack-ansible-repo_server/commit/330459bc39113321e56f9fc28c126e961e25fc6216:11
mgariepywell. stuff changes ;D16:12
mgariepyi was wondering how my changes failed all the metal job..16:13
mgariepynow i know.16:13
openstackgerritMarc Gariépy proposed openstack/openstack-ansible-repo_server master: Fix order for removing nginx file.  https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/76625716:13
kleiniI failed to extend a single node Galera to two nodes. I just ran the setup-infrastructure.yml without any additional options. after that MariaDB on already existing node failed after restart.16:13
jrosseri am not sure galera is able to elect a primary node when there are only two16:14
kleiniOkay, now I kept MariaDB on existing node and just deployed Galera on second node and it joined successfully16:16
kleiniNow that I have two working nodes, I can try to redeploy first one16:16
jrosserthere is some explanation here https://galeracluster.com/library/kb/two-node-clusters.html16:17
openstackgerritMarc Gariépy proposed openstack/openstack-ansible-os_horizon master: Add ability to configure ALLOWED_HOSTS for horizon.  https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/76599816:23
openstackgerritAndrew Bonney proposed openstack/openstack-ansible master: Ensure kuryr repo is available within CI images  https://review.opendev.org/c/openstack/openstack-ansible/+/76576516:24
*** nurdie has joined #openstack-ansible16:24
noonedeadpunk_uh now, it doesn't work :(16:39
noonedeadpunk_*no16:39
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Apply /etc/environment for runtime after adjustment  https://review.opendev.org/c/openstack/openstack-ansible/+/76624416:45
*** rfolco|brb is now known as rfolco16:46
kleinijrosser: okay, so it would be better to have a 3 node cluster. my problem was more, that the first galera was restarted and that restart completely failed somehow. maybe due to starting Galera on second node and then a missing quorum16:48
jrosseryes, as that doc says if something happens to one node (like a restart) then they both will become inactive16:48
jrosserwe had the same situation outside of openstack-ansible and had to add a third node16:49
noonedeadpunk_another solution is to add garbd like to deploy host16:51
noonedeadpunk_I was using it when don't have capacity for the third host, but it prevents split brain16:52
noonedeadpunk_https://galeracluster.com/library/documentation/arbitrator.html16:52
kleinideployment node is in my case not a physical node, just a systemd-nspawn container16:53
kleiniwhat about rabbitmq? does it require then three nodes, too, or is two good enough?16:54
*** nurdie has quit IRC16:54
kleinianswering my own question: "Two node clusters are highly recommended against"16:56
noonedeadpunk_I'm not sure that rabbit does classic clstering in terms that it shouldn't be too much issues in case of 2 nodes for rabbit16:56
noonedeadpunk_ah, well, yeah16:57
kleinihttps://www.rabbitmq.com/clustering.html#node-count16:58
noonedeadpunk_quorum queues are pretty modern and not sure was ever using mqtt16:58
noonedeadpunk_and having quorum is anyay 3.8 requirement for mqtt16:59
kleiniI need 3 Galera instances, so there is no real additional effort to have 3 rabbitmq instances, too17:00
noonedeadpunk_so even in stein that worked for me17:00
kleiniinfra1: 1 galera, 2 rabbitmq and infra2: 2 galera and 1 rabbitmq17:00
spatelOh boy, i have removed rabbitmq-server and trying to re-run playbook but getting this issue - http://paste.openstack.org/show/800903/17:03
spatellook like broken repo17:03
spateli am using queen17:03
spateldoes OSA use public repo to install rabbitMQ or store rpm to local repo container?17:03
fridtjof[m]re: the whole centos mess - i'm interested to see what will come out of this: https://github.com/hpcng/rocky17:04
jrosserhe's the originator of centos?17:05
fridtjof[m]yup17:05
spateljrosser: can i manually install rabbitMQ rpm and tell OSA to configure?17:05
jrosserif you have the rpm probably17:06
spateli do have RPM i can install17:06
noonedeadpunk_you can provide better url I thing17:06
jrosseri depends how the ansible works, if it taked it from a repo or url17:06
spatelhere is the RPM - http://mirror.centos.org/centos/7/cloud/x86_64/openstack-queens/Packages/r/17:06
jrosserthere has been a big mix of things in the past because the packages had to come from all different places depending on the OS / version / ...17:06
noonedeadpunk_spatel:  btw https://opendev.org/openstack/openstack-ansible-rabbitmq_server/src/branch/stable/queens/vars/redhat.yml#L1717:06
noonedeadpunk_queens has different url nowadays17:06
spatellet me check17:07
spatelso we do hard code URL in OSA?17:07
noonedeadpunk_ah, rabbitmq_install_method: external_repo17:07
noonedeadpunk_I think you can set rabbitmq_install_method: file and it should work then17:07
spatelwhere i should set rabbitmq_install_method ?17:08
noonedeadpunk_oh, well, you have issue with erlang url actually17:08
spateltrying to understand what is going on.. my my yum doesn't like repo17:09
noonedeadpunk_spatel: btw https://dl.bintray.com/rabbitmq/rpm/erlang/19/el/7/repodata/repomd.xml works for me17:12
*** rpittau is now known as rpittau|afk17:12
spatelit works for me if i do curl but yum doesn't like, may be i have proxy issue - http://paste.openstack.org/show/800904/17:12
spatelwhat is the repo pointing to proxy?17:13
noonedeadpunk_I think you should comment that out....17:13
spatelremoving it and see if it works17:13
noonedeadpunk_I think one day we were having rpm proxy on repo server or smth like this...17:13
*** kukacz has quit IRC17:14
jrosserthere was a cache on the repo server17:14
spatelnoonedeadpunk_: what is this one - http://paste.openstack.org/show/800905/17:15
spatelthis is also causing issue17:15
spatelor may be i have broken repo container17:15
spatelThis is broken URL - https://packagecloud.io/rabbitmq/rabbitmq-server/el/7/17:17
spatelits trying to install RabbitMQ from that repo17:17
noonedeadpunk_I'm not sure if it's broken17:18
noonedeadpunk_we use the same repo till now and it's working17:19
noonedeadpunk_It has been never browsable though17:19
spatelbaseurl = https://packagecloud.io/rabbitmq/rabbitmq-server/el/7/$basearch17:19
spatelgo to that URL17:19
spatelit failed17:19
spatellook like they moved everyone to  https://packagecloud.io/rabbitmq/rabbitmq-server/   and remove /el/7 director17:20
noonedeadpunk_yeah but repo url looks still valid for me17:21
noonedeadpunk_and heere are docs https://packagecloud.io/rabbitmq/rabbitmq-server/install#manual-rpm17:21
*** cshen has quit IRC17:22
spatelin my case its trying to reach this place and getting 404 error - https://packagecloud.io/rabbitmq/rabbitmq-server/repodata/repomd.xml17:23
spatelnoonedeadpunk_: should i use  -e rabbitmq_upgrade=true  option to run or without that?17:29
spatel my playbook getting stuck here TASK [rabbitmq_server : Lock package versions]17:29
noonedeadpunk_well, you can set `rabbitmq_install_method` file I guess to install rabbitmq itself from URL17:31
noonedeadpunk_`rabbitmq_install_method: file`17:31
spatel -e `rabbitmq_install_method: file`17:31
spatelis this correct?17:32
noonedeadpunk_yep17:32
spatelrunning openstack-ansible rabbitmq-install.yml -e 'rabbitmq_install_method: file'17:32
noonedeadpunk_for centos 8 I have `baseurl = https://packagecloud.io/rabbitmq/rabbitmq-server/el/8/$basearch`...17:33
spatelI have centos 7 :(17:33
spatelnow its getting stuck at  TASK [rabbitmq_server : Gather a list of the currently locked versions]17:34
noonedeadpunk_but by the logic, https://packagecloud.io/rabbitmq/rabbitmq-server/repodata should be the same?17:34
spateli think yum still keep looking for bad repo17:34
*** luksky has quit IRC17:35
spateldamn it totally stuck here - Gather a list of the currently locked versions17:36
spatelnot sure what its doing let me try -vvv17:36
noonedeadpunk_jrosser: I'm not sure what has happened, but https://review.opendev.org/c/openstack/openstack-ansible/+/766244 failed at the exactly sqame place, but when I added debug - it passed o_O17:36
noonedeadpunk_and now gerrit timeouts...17:37
spatelnoonedeadpunk_: is there a way in OSA i can disable RabbitMQ.repo for sometime :(17:41
noonedeadpunk_eventually if you set `rabbitmq_install_method: file` shoudld not add it17:42
noonedeadpunk_but if it's already there....17:42
spatelits already there currently17:43
spateldo you think i should mv it and then re-run?17:43
spatellet me try that17:43
spatelels-erlang.repo also borken to moving it17:44
spatelhope OSA won't install back17:44
noonedeadpunk_you wil need erlang17:45
spatelthat one also broken :(17:45
noonedeadpunk_I'm aboslutely sure it's not17:45
noonedeadpunk_from what you've posted17:45
noonedeadpunk_have you commented out proxy setting?17:45
spateli did17:45
spatellet me check again..17:46
noonedeadpunk_well you posted working url....17:46
spatelnoonedeadpunk_: it put RabbitMQ.repo back :(17:46
spateleven i used file option17:46
noonedeadpunk_uh...17:46
spateldamn it17:46
*** kukacz has joined #openstack-ansible17:47
spatelcan i just comment this line in ansible role  "Lock package versions"17:47
spatelthis is where its getting stuck17:48
*** gyee has joined #openstack-ansible17:57
spatelnoonedeadpunk_: if i install rpm by hand then does OSA look for yum?17:57
spatelThis is totally messed up :(17:57
noonedeadpunk_yep it will18:01
noonedeadpunk_unless you comment it out18:01
*** noonedeadpunk_ is now known as noonedeadpunk18:01
spatelcomment out this playbook task right "Lock package versions" ?18:02
noonedeadpunkit's pretty weird task tbh18:06
noonedeadpunkI think you should check your current yum versionlock list18:07
noonedeadpunkand clear all matches18:07
noonedeadpunkand comment out task18:08
noonedeadpunkmaybe that's it which is preventing you from using repo18:08
spatelnoonedeadpunk: this is what i have http://paste.openstack.org/show/800910/18:09
noonedeadpunkand btw, you should not get repo installed when set rabbitmq_install_method=file18:09
spatelis this correct command openstack-ansible rabbitmq-install.yml -e 'rabbitmq_install_method: file' ?18:09
noonedeadpunkas task run only when `rabbitmq_install_method == 'external_repo'`18:09
noonedeadpunk-e rabbitmq_install_method=file18:09
spateldamn it18:09
noonedeadpunk`rabbitmq_install_method: file ` is proper for placing in user_variables.yml18:10
spatelopenstack-ansible rabbitmq-install.yml -e rabbitmq_install_method=file18:11
noonedeadpunkhonestly there's a bit of mess in queens role...18:11
spatelwithout any quotes right?18:11
noonedeadpunkmay add quotes if you wish non critical18:11
spatelnoonedeadpunk: this is the error i got - http://paste.openstack.org/show/800911/18:12
spatelThe checksum for /opt/rabbitmq-server.rpm did not match18:12
spatelwhere is that checksum coming from?18:13
noonedeadpunkrabbitmq_package_sha25618:13
noonedeadpunkjsut set then -e rabbitmq_package_sha256=f98a69b2c82c72c3e98bab263da5673e262c9148abb066ec5e9b0599bf280fdc18:13
spateladding that option with command18:14
-openstackstatus- NOTICE: The Gerrit service on review.opendev.org is currently responding slowly or timing out due to resource starvation, investigation is underway18:14
spatelre-running..18:14
spatelSame error The checksum for /opt/rabbitmq-server.rpm did not match18:15
spatelcan i comment out that line in Download the RabbitMQ package18:16
*** kukacz has quit IRC18:18
noonedeadpunkfeel free18:19
noonedeadpunkbut ensure that url provides real rpm package...18:20
spatellook like not18:20
spatelrpm -ivh https://packagecloud.io/rabbitmq/rabbitmq-server/packages/el/7/rabbitmq-server-3.6.14-1.el7.noarch.rpm18:20
spatelthey changed something there18:20
spatelthis is webpage18:20
spatelwget https://packagecloud.io/rabbitmq/rabbitmq-server/packages/el/7/rabbitmq-server-3.6.14-1.el7.noarch.rpm18:20
spatelThis is real path look like - https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.14/rabbitmq-server-3.6.14-1.el7.noarch.rpm18:21
noonedeadpunkyou can use https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.14/18:21
noonedeadpunkyeah18:21
spatellet me change it18:21
noonedeadpunkyou can set it with variable18:22
noonedeadpunkrabbitmq_package_url18:22
spatelin -e option right18:22
*** cshen has joined #openstack-ansible18:22
noonedeadpunkwith -e or in user_variables18:22
spateldone in user_variables  rabbitmq_package_url: https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.14/rabbitmq-server-3.6.14-1.el7.noarch.rpm18:23
spatellet me re-run18:23
*** cshen has quit IRC18:26
spateldidn't work18:29
spatellook like its trying to install  3.6.16-1.el718:29
spatelwhy it didn't used URL provided link18:30
spatelnoonedeadpunk:  - http://paste.openstack.org/show/800912/18:30
noonedeadpunkwell output claims on erlang, not rabbit...18:31
spatelI have disabled this repo [rabbitmq_els-erlang]18:32
noonedeadpunkand erlang is possible to install only from repo that has been installed18:32
noonedeadpunksystem repo does not contain erlang of required version18:32
spatelhmm18:33
spatelI have install this manually   [root@ostack-infra-02-rabbit-mq-container-aa705644 root]# rpm -ivh rabbitmq-server-3.6.14-1.el7.noarch.rpm18:34
spatellet me see if OSA just configure my cluster18:35
spateli don't know why its trying to install erlang18:35
-spatel- [root@ostack-infra-02-rabbit-mq-container-aa705644 root]# rpm -qa | grep erlang18:35
-spatel- erlang-19.3.6.8-1.el7.centos.x86_6418:35
spateli do have erlang already there18:36
spatellook like rpm -ivh rabbitmq-server-3.6.14-1.el7.noarch.rpm  works.. now its doing configuration of rabbit18:37
spatellook like OSA just trying to upgrade erlang18:37
openstackgerritMarc Gariépy proposed openstack/openstack-ansible-os_horizon master: Add ability to configure ALLOWED_HOSTS for horizon.  https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/76599818:38
*** kukacz has joined #openstack-ansible18:43
kleiniIs that true, that CentOS 8 will go EOL end 2021?19:00
noonedeadpunkyep - everybody is ranting for a while now19:00
kleiniyou put so much work into CentOS8 support and this is all dog's breakfast. damn19:02
noonedeadpunkyeah :(19:02
noonedeadpunkthat's really a dissapointment. but even more for ppl who have upgraded CentOS 7 -> CentOS 819:03
*** andrewbonney has quit IRC19:03
noonedeadpunkluckily neither of us using centos in prod19:03
spatelnoonedeadpunk: thank you so much!19:03
spatelmy rabbitMQ is back19:03
spatelthis is not fun but :(19:03
spatelWhy don't OSA keep these binary in local repo so we don't need to deal with public servers19:04
noonedeadpunkbecause we don't have local repo?19:04
noonedeadpunkeven in terms of resources19:04
spatelwhat is repo container for?19:04
spatelwe can turn that to repo right?19:04
jrosserspatel: there are all the hooks for you to host locally as file or to have mirrors locally19:05
noonedeadpunkah, well, it was for cache and that's why you had proxy19:05
noonedeadpunkbut we don't cache in repo anymore19:05
noonedeadpunkand yes - you can define your own mirrors :)19:05
jrosserin more recent releases all the caching is removed from the repo server because the assumption is if you want to host local versions you’ll need a local mirror anyway19:06
jrosserso the repo cache was kind of pointless for that19:06
spatelseriously something totally went wrong today, first rabbitmq.repo was broken.. i am going to investigate.19:06
spatelLook like these public repo move their repo and put Redirect on http so they work on browser but yum doesn't know how to handle it19:07
jrosseralso for queens the branch is extended-mainatainace now so really no one is watching CI for it19:08
jrosserthings like rabbit url moving will go unnoticed19:09
spatelagreed! i want to move out but there are 1000 vm running on it and it would disaster to upgrade19:09
spateljrosser: may be i need to host my local CI server to keep checking these bugs19:10
jrossera local Jenkins job building the tag you care about might catch most major issues like repos moving19:10
jrosserjust AIO would do19:10
spatelAIO would be good19:10
spatelI like rabbitmq_install_method=file this option default :)19:11
noonedeadpunkWe're about to drop it....19:13
spateldrop what?19:13
noonedeadpunkrabbitmq_install_method=file19:13
spatelwhy ?19:13
noonedeadpunkspecificly file method19:14
noonedeadpunkbecause adds much complexity. moreover you still need repo for erlang, so doesn't make much sense19:14
spatelbut it does work when you want to re-build cluster quickly.19:15
noonedeadpunkwell we never saw any issues with dropped packages from current repos in CI since Rocky at least19:15
*** cshen has joined #openstack-ansible19:16
noonedeadpunkcan't say about before that19:16
spatelagreed.. we can't keep feeding older shit...19:16
noonedeadpunkalso distro version of rabbit nowadays is valid, so you can probably use distro instead19:17
noonedeadpunk(but not on centos 7)19:17
spatelOSA use distro version to install rabbitmq right?19:18
spatelwhat do you mean by use distro version?19:18
noonedeadpunkno, we don't but it's available option for rabbitmq_install_method19:19
spateli think i should go back to lab and trying to play with it..19:20
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible-rabbitmq_server/src/branch/master/releasenotes/notes/rabbit_install_method-b1defcd376f3bf87.yaml19:20
*** cshen has quit IRC19:20
spatelits hard to maintain openstack without knowledge of all playbooks and their function19:20
spatelhmmm19:21
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Apply /etc/environment for runtime after adjustment  https://review.opendev.org/c/openstack/openstack-ansible/+/76624419:25
*** newtim has joined #openstack-ansible19:29
*** mike44333 has joined #openstack-ansible19:33
newtimHas anyone found any workarounds for the systemd-python issue in Centos8?19:38
noonedeadpunkI think we're about to land patches19:38
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/76603019:38
newtimawesome19:39
jrossernoonedeadpunk: did you find why it apparently didnt work?19:39
jrossernewtim: you can take that environment variable from the patch and use it locally if you need19:39
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible/+/766244 has 1 passed and 1 failed centos 8 metal jobs...19:39
noonedeadpunkbut, what debug showed, that env var is set properly now19:40
jrosseri looked in the venv build log on one of the failed jobs and you could see the CFLAGS being set to the wrong version string19:41
*** cshen has joined #openstack-ansible19:41
jrosserthough the centos-8 job which passed was distro, so that won't be doing the venv build19:42
*** waverider has joined #openstack-ansible19:47
*** waverider has quit IRC19:47
*** waverider has joined #openstack-ansible19:47
noonedeadpunkI hope 766244 will pass, which means we can just set centos job to nv for 76603019:48
noonedeadpunkI haven't saved link for the results of the last run(19:48
*** waverider has quit IRC19:48
*** waverider has joined #openstack-ansible19:48
*** waverider is now known as adrian-a19:49
jrosserhttps://zuul.opendev.org/t/openstack/build/f94cbff02b194c6fb2a307c07383ab3a/log/logs/host/python_venv_build.log.txt19:50
*** adrian-a has quit IRC19:51
*** adrian-a_ has joined #openstack-ansible19:54
*** adrian-a_ has quit IRC19:54
*** adrian-a has joined #openstack-ansible19:55
spatelnoonedeadpunk: do you think after fixing centos-8 job we can release with victoria ?19:58
admin0i had a hypervisor h1, which had to be renamed to h2 . but now its old entry is in hypervisors .. is there a way to delete it ?19:59
spatelyes we have playbook to clean up20:01
spateladmin0: https://docs.openstack.org/openstack-ansible/newton/developer-docs/ops-remove-computehost.html20:02
*** maharg101 has quit IRC20:23
*** adrian-a has quit IRC20:24
*** adrian-a has joined #openstack-ansible20:25
admin0how does volume attachment works when cinder is using ceph, but nova is using local storage ?20:36
spateljrosser: can you explain me why do we add  proxy=http://172.28.0.9:3142 in /etc/yum.conf ?20:36
admin0will that compute node have /etc/ceph ?20:36
ThiagoCMCadmin0, I have that20:36
admin0i am trying to troubleshoot when instance is on non-ceph hypervisor, cinder is not attaching20:37
admin0while if the instance is on a ceph backed hypervisor, volume attaches as well20:37
spatelnoonedeadpunk: I found issue why my all repo was messed up and nothing was working20:38
ThiagoCMCHmm... Well, my compute node as /dev/ceph and I can launch instances on local storage, and attach ceph volumes. Or I can launch instances directly on ceph pool vms too20:38
spatelbecause of this  proxy=http://172.28.0.9:3142  in /etc/yum.conf20:38
jrosserspatel: on queens the repo server runs apt-cacher-ng and the nodes have config to get packages from there, iirc20:38
spateltrying to understand why do we need that setting on rabbitMQ container?20:38
spatelwhat kind of packages it need for rabbitMQ?20:39
jrosserit was on everything for queens I believe20:39
jrosserthe rabbitmq package and erlang20:39
spatelso we do keep those binaries on repo-container?20:40
jrosserno, it’s a cache20:40
jrosserthe repo container runs a package cache20:40
*** nurdie has joined #openstack-ansible20:41
jrosserwhich does the upstream fetch of the package, so only done once for all hosts to then use20:41
spatelSo my rabbit-container ----------->[repo-container]------------>[public_repo_server] ?20:41
*** ThiagoCMC has left #openstack-ansible20:41
*** ThiagoCMC has joined #openstack-ansible20:41
jrosseryes I think so20:41
spatelif it download package then it keep in cache for somedays20:41
jrosserI forget which release that all got removed20:42
*** nurdie has quit IRC20:42
spatelLook like my whole issue was repo server not rabbitMQ20:42
jrosserthere is a releasing W for the removal of the package cache20:43
spatelas soon as i removed that proxy all yum repo looking good and freaking fast..20:43
jrosserand I remember some extra tasks had to be added to clean up the proxy config to get rid of it20:43
spateljrosser: that would be great to not have that dependency.. these days internet is so fast so no point to keep in cache20:43
jrosserqueens is ancient :)20:44
jrosserit is not there any more for many releases now20:44
spateljrosser: totally but its in my production and i have to keep feeding until it die.20:44
spatelglad we removed that dependency :)20:45
jrosserwell I guess you know where to debug now, service on port 3142 of the repo server20:45
jrosserbecause the same config will be laid down next time you run ansible, and probably exists everywhere else too20:45
spateldebugging repo server, i think i need some good monitoring script to keep checking health20:46
jrosserit’s via haproxy so that would be your first stop20:46
jrosserI use Prometheus exporters for all of this stuff to get status20:47
spatelI am using zabbix20:47
spatelDo you using rally for continue creating vm and deleting.. that kind of monitoring?20:48
spatelI am looking for that kind of solution which create vm and delete every 15 minute (That way i can catch issue if anything break in cluster)20:49
jrosserwe made a jenkins job to do that too :)20:54
jrosserjust with the ansible openstack modules20:54
ierdemHi, I am trying to create sahara cluster and I am encountering this error "reason: Heat stack failed with status Resource CREATE failed: ResourceInError: resources.new-master2.resources[0].resources.inst: Went to status ERROR due to "Message: No valid host was found. , Code: 500"". I have enough resources, nova services works fine. Do you have any20:55
ierdemidea? Thkans20:55
*** newtim has quit IRC21:00
admin0is there a way to have 2fa in keystone ?21:01
spateljrosser: does jenkins run that job periodically ?21:01
admin0i mean for users . in kind of a publicly open page21:01
admin0err .. in public facing clouds21:02
spatelierdem: Message: No valid host was found i would look for nova logs like nova-scheduler conductor etc..21:03
spateladmin0: try to google, i never thought about 2FA for keystone, it should work21:05
jrosseradmin0: there is some documentation for keystone here and 2FA https://docs.openstack.org/keystone/latest/admin/multi-factor-authentication.html#multi-factor-authentication21:05
jrosserbut also if you use some external identity provider SSO then that might also be a route to getting 2FA21:06
*** rfolco has quit IRC21:08
*** kukacz has quit IRC21:11
spateljrosser: after restarting systemctl restart apt-cacher-ng.service fixed issue21:20
spatellooking logs why it was not happy even i can see that in ps output21:20
*** gshippey has quit IRC21:28
*** cshen has quit IRC21:50
*** cshen has joined #openstack-ansible21:52
*** adrian-a has left #openstack-ansible21:54
spatelEveryone here please sign the petition: https://www.change.org/p/centos-governing-board-do-not-destroy-centos-by-using-it-as-a-rhel-upstream22:11
admin0it might also split and become something else22:13
admin0centos i mean22:14
ThiagoCMCI bet that now people will realize the same thing I realized back in 1998: Debian is the only way to go!   :-P22:16
spatelUntil some big giant come and buy Debian22:16
ThiagoCMCNah22:17
ThiagoCMCDebian is truly awesome! It's light years ahead of everything else.22:18
spatelnot sure how many folks running Debian on production cloud22:19
ThiagoCMCOnly the smart ones...  lol22:20
ThiagoCMC=P22:20
ThiagoCMCJokes apart, man, come on... CentOS is so hard.22:20
ThiagoCMCIt is not just a matter of opinion!22:20
ThiagoCMCI'm happy it's gone.22:21
spatelBelieve me CentOS was very stable distro until IBM came in picture, only issue with ubuntu etc.. they changes a lot. every year new distriution and its hard in production to catchup with all those changes22:25
*** cshen has quit IRC22:34
spatelis https://review.opendev.org/ down?22:38
*** kukacz has joined #openstack-ansible22:53
*** jbadiapa has quit IRC22:54
admin0i don't like ubuntu using snap in everything .. i migrated my servers to debian23:03
admin0ubuntu server is no bad though :)23:04
admin0if you have good resources, just works fine23:05
admin0in my case were centos + cpanel -> directadmin + debian23:07
*** spatel has quit IRC23:12
*** SecOpsNinja has left #openstack-ansible23:17
ThiagoCMCMy main problem with CentOS is that its repository is (was) so small, that you have to use third party repos, or worse, maintain the repos yourself, or even worse, install things from tarballs... The Debian repo is huge, virtually everything is there for you to just "apt install it". An example, when I was working with DPDK, with Ubuntu, just "apt install dpdk", on CentOS? forget it.23:21
ThiagoCMCAnd you can stick with LTS for years, don't have to update it every year... Even my Desktop is Ubuntu LTS, I don't care about the non-LTS flavors, at all.23:22
ThiagoCMCThe DPDK example is classic for me... Even OVS on Ubuntu come with DPDK if you want.. Soooo easy and stable! I saw people suffering to try to make it work on CentOS and I was just rolling my eyes lol23:23
ThiagoCMCadmin0, I'll migrate to Debian soon as they fix this: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768073  ;-)23:24
openstackDebian bug 768073 in wnpp "ITP: lxd -- The Linux Container Daemon" [Wishlist,Open]23:24
ThiagoCMCBig fan of LXD! But hate snapd...  lol23:25
admin0my octavia final test is blocked due to this: https://review.opendev.org/c/openstack/neutron/+/740588/ :D23:26
admin0after that will be trove23:26
*** lemko3 has joined #openstack-ansible23:28
ThiagoCMCadmin0, you have to teach me about Octavia!23:30
ThiagoCMCYou can manually change the arp_protect.py, I'm doing this in my cloud.23:30
ThiagoCMChttps://bugs.launchpad.net/neutron/+bug/1887281 <- hit there, it affects you too!23:31
openstackLaunchpad bug 1887281 in neutron "[linuxbridge] ebtables delete arp protect chain fails" [Medium,Fix released] - Assigned to Lukas Steiner (steinerlukas)23:31
*** lemko has quit IRC23:31
*** lemko3 is now known as lemko23:31
admin0no manual work man .. manual means you forget and introduce a drift .. i better have it merged and do it the proper way23:44
admin0there seems to be another way that jrosser  was telling me to clone the whole repo and use that checksum .. i will wait till tomorrow to see if it merges .. and if not, try it out23:49
ThiagoCMCTrue but, it was printing errors, I had to fix it manually.  :-/23:50
ThiagoCMCCool!23:50
« Tuesday, 2020-12-08 Index Thursday, 2020-12-10 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!