| *** tosky has quit IRC | 00:09 | |
| *** maharg101 has joined #openstack-ansible | 00:44 | |
| *** maharg101 has quit IRC | 00:49 | |
| *** d34dh0r53 has quit IRC | 01:34 | |
| *** macz_ has joined #openstack-ansible | 02:01 | |
| *** macz_ has quit IRC | 02:06 | |
| *** jhesketh has joined #openstack-ansible | 02:34 | |
| *** maharg101 has joined #openstack-ansible | 02:46 | |
| *** maharg101 has quit IRC | 02:50 | |
| *** jfan has left #openstack-ansible | 03:44 | |
| *** d34dh0r53 has joined #openstack-ansible | 04:45 | |
| *** maharg101 has joined #openstack-ansible | 04:46 | |
| *** maharg101 has quit IRC | 04:51 | |
| *** johnsom has quit IRC | 04:58 | |
| *** johnsom has joined #openstack-ansible | 04:58 | |
| *** evrardjp has quit IRC | 05:33 | |
| *** evrardjp has joined #openstack-ansible | 05:33 | |
| *** d34dh0r53 has quit IRC | 06:09 | |
| *** d34dh0r53 has joined #openstack-ansible | 06:10 | |
| *** miloa has joined #openstack-ansible | 06:36 | |
| *** rohit02 has joined #openstack-ansible | 06:38 | |
| *** miloa has quit IRC | 06:40 | |
| rohit02 | hi team,can we deploy openstack endpoints(admin,public,internal) on diffrent diffrent network | 06:40 |
|---|---|---|
| *** maharg101 has joined #openstack-ansible | 06:47 | |
| *** maharg101 has quit IRC | 06:52 | |
| *** d34dh0r53 has quit IRC | 07:50 | |
| *** jbadiapa has joined #openstack-ansible | 07:53 | |
| *** luksky has joined #openstack-ansible | 08:07 | |
| *** klamath_atx has quit IRC | 08:08 | |
| *** prometheanfire has quit IRC | 08:10 | |
| *** poopcat has quit IRC | 08:19 | |
| *** andrewbonney has joined #openstack-ansible | 08:22 | |
| openstackgerrit | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Switch gnocchi release to 4.4 https://review.opendev.org/c/openstack/openstack-ansible/+/772485 | 08:28 |
| *** poopcat has joined #openstack-ansible | 08:35 | |
| *** poopcat has quit IRC | 08:41 | |
| *** prometheanfire has joined #openstack-ansible | 08:42 | |
| *** maharg101 has joined #openstack-ansible | 08:45 | |
| *** prometheanfire has quit IRC | 08:47 | |
| *** prometheanfire has joined #openstack-ansible | 08:49 | |
| noonedeadpunk | rohit02: well, yes, you can. by default we separate only publicwith admin/internal. If you want to separate also admin with internal, you will need to adjust keepalived as well, and add another VIP to it | 08:54 |
| frickler | not that admin endpoints make any sense other than for keystone. and even there it is only still needed because of broken consumers | 08:55 |
| noonedeadpunk | but honestly speaking I don't see profit from separating admin with internal networks | 08:55 |
| openstackgerrit | Merged openstack/ansible-hardening stable/victoria: Make possible to avoid aide installation https://review.opendev.org/c/openstack/ansible-hardening/+/775342 | 09:01 |
| *** prometheanfire has quit IRC | 09:02 | |
| *** arxcruz|ruck is now known as arxcruz|rover | 09:03 | |
| *** rpittau|afk is now known as rpittau | 09:03 | |
| *** prometheanfire has joined #openstack-ansible | 09:11 | |
| *** ianychoi_ has joined #openstack-ansible | 09:18 | |
| *** bverschueren has quit IRC | 09:21 | |
| *** ianychoi has quit IRC | 09:21 | |
| *** bverschueren has joined #openstack-ansible | 09:22 | |
| rohit02 | noonedeadpunk: thanx...yes i want to separate admin with internal can u please help me with that | 09:23 |
| *** tosky has joined #openstack-ansible | 09:24 | |
| noonedeadpunk | first of all you will need to override keepalived_instances to make keepalived to listen on the extra network and failover it https://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/haproxy/keepalived.yml#L56-L74 | 09:26 |
| MickyMan77 | hello, I have isseu with the upgrade deploment at the task lxc_container_create, what can the issue be ? see the link. | 09:28 |
| MickyMan77 | http://paste.openstack.org/show/802626/ | 09:28 |
| noonedeadpunk | `ssh: Could not resolve hostname log1-osint: Name or service not known` | 09:31 |
| noonedeadpunk | rohit02: also you will need to add this new VIP to `extra_lb_vip_addresses` https://docs.openstack.org/openstack-ansible-haproxy_server/latest/configure-haproxy.html#adding-additional-global-vip-addresses for haproxy to listen on it | 09:34 |
| noonedeadpunk | oh, well, you probably will also need to add that network to all containers and all hosts as well | 09:34 |
| noonedeadpunk | and you will need to override all <servicename>_service_adminuri as well | 09:36 |
| noonedeadpunk | but frankly, I dunno why you want this... | 09:36 |
| noonedeadpunk | it's kind of pointless | 09:37 |
| MickyMan77 | noonedeadpunk: yes, which node can't resolve the hostname log1-osint ? | 09:40 |
| MickyMan77 | when i check log1-osint-rsyslog-container-ee3657da i do get this... | 09:40 |
| MickyMan77 | http://paste.openstack.org/show/802627/ | 09:40 |
| MickyMan77 | it can resolve via ping but not when I check via "host" command. | 09:41 |
| noonedeadpunk | deploy host can't | 09:42 |
| noonedeadpunk | yeah, but you're checking container | 09:42 |
| noonedeadpunk | and we're reaching container by ssh to host first | 09:42 |
| noonedeadpunk | and that's the issue here | 09:42 |
| noonedeadpunk | So I think you're missing log1-osint record in hosts file on the deploy host | 09:43 |
| MickyMan77 | in the log1-osint-rsyslog-container-ee3657da ?? | 09:43 |
| MickyMan77 | aha you meen the node that deploy the OSA.. | 09:44 |
| MickyMan77 | the deploy node can ssh in to the log1-osint without any problem. | 09:46 |
| MickyMan77 | all task before this task, the script is able to login to the node, log1-osint | 09:47 |
| *** sshnaidm|off is now known as sshnaidm | 09:54 | |
| openstackgerrit | Merged openstack/openstack-ansible-os_barbican master: Fix crypto_plugin defenition https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/768201 | 09:59 |
| openstackgerrit | Merged openstack/openstack-ansible-os_cinder master: Fix cert verification logic for cinder api https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/775079 | 10:00 |
| openstackgerrit | Andrew Bonney proposed openstack/openstack-ansible-os_zun master: Reinstate voting for upgrade jobs https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/775563 | 10:02 |
| openstackgerrit | Merged openstack/openstack-ansible-os_glance master: Cleanup glance variables https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/772927 | 10:03 |
| jrosser | morning | 10:03 |
| * jrosser updates the ci failures etherpad with this weekends stuff | 10:04 | |
| openstackgerrit | Merged openstack/ansible-role-python_venv_build master: Factor out unnecessary set_fact https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/774421 | 10:10 |
| openstackgerrit | Merged openstack/openstack-ansible-galera_server stable/victoria: Install xinetd clustercheck after mariadb is installed and setup https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/775343 | 10:18 |
| openstackgerrit | Andrew Bonney proposed openstack/openstack-ansible-os_zun master: Improve image and network cleanup procedure https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/771218 | 10:36 |
| MickyMan77 | jrosser : can you help me out with a thing. | 10:47 |
| MickyMan77 | http://paste.openstack.org/show/802626/ | 10:47 |
| MickyMan77 | http://paste.openstack.org/show/802627/ | 10:47 |
| MickyMan77 | I can ping the node and ssh in to it.. | 10:48 |
| MickyMan77 | All task in OSA does work except for TASK [lxc_container_create : Ensure journal directory exists] | 10:49 |
| MickyMan77 | so the deploy-node can ssh in to the log1-osint and log1-osint_rsyslog_container-ee3657da | 10:49 |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible master: Use ceph package mirror during CI jobs https://review.opendev.org/c/openstack/openstack-ansible/+/775598 | 10:52 |
| *** macz_ has joined #openstack-ansible | 11:01 | |
| *** macz_ has quit IRC | 11:06 | |
| *** rohit02 has quit IRC | 11:29 | |
| *** rohit02 has joined #openstack-ansible | 11:30 | |
| admin0 | anyone integraded keystone with external sso/oauth ? | 11:52 |
| admin0 | \o | 11:52 |
| admin0 | also anyone used ceph as backend for swift, where the ceph is externally managed by ceph-anisble | 11:53 |
| *** MickyMan77 has left #openstack-ansible | 12:15 | |
| *** MickyMan77 has joined #openstack-ansible | 12:15 | |
| jrosser | admin0: we do openid-connect and also have external rgw/ceph-ansible | 12:34 |
| jrosser | do you have something specific? | 12:35 |
| noonedeadpunk | MickyMan77: can you ping/ssh log1-osint from the host where you run ansible but not from containers? | 12:37 |
| admin0 | jrosser, this is my config: https://gist.github.com/a1git/3ca6ac90690d52a9ba40d965b5f1c82a --- and when i clock the containers, it logs me out | 12:38 |
| noonedeadpunk | aha, just saw that. just in paste you tried different thing | 12:38 |
| admin0 | in horizon | 12:38 |
| openstackgerrit | Merged openstack/openstack-ansible-os_horizon master: Install barbican-ui when the barbican service is deployed https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/774054 | 12:38 |
| openstackgerrit | Merged openstack/openstack-ansible-os_horizon master: Fix race condition in compression of static files https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/775086 | 12:38 |
| admin0 | when i click* | 12:38 |
| noonedeadpunk | and in case you re-run playbook it hangs at the same place right? | 12:38 |
| noonedeadpunk | oh, right... so this specific task uses delegate | 12:39 |
| jrosser | admin0: so first thing swift != s3, just a detail but important to avoid confusion | 12:40 |
| admin0 | that i know | 12:40 |
| admin0 | the domain name is just an example | 12:40 |
| MickyMan77 | noonedeadpunk: Yes, I can login to the node log1-osint from the server that run the ansible script.. the script work in other task when it connect to the node log1-osint. | 12:40 |
| jrosser | and second the internal endpoint should really be on your mgmt network, or routable from your mgmt network | 12:41 |
| admin0 | though its actually what i used .. got any suggestions @jrosser for an appropriate endpoint name ? | 12:41 |
| admin0 | it runs on 172.29.244.21/22/23:8080 | 12:41 |
| admin0 | which is load balnaced on that endpoint via nginx with ssl | 12:41 |
| jrosser | but thats not what your endpoint list says? | 12:41 |
| admin0 | that is correct .. i just wanted it to work ( thinking a public ssl endpoint will work anyway) before i tinker it further | 12:42 |
| admin0 | a lot of documentation found online creates the same one, so i just followed them | 12:43 |
| jrosser | well i already said what i think you need | 12:43 |
| jrosser | jrosser> and second the internal endpoint should really be on your mgmt network, or routable from your mgmt network\ | 12:43 |
| jrosser | our setup has internal and external VIP for rgw, just like OSA | 12:44 |
| jrosser | and the endpoint list refers correctly to internal on http and external on https | 12:44 |
| admin0 | i will change them to the internal endpoint .. but because those endpoints are routable ( curl -I https://s3.domain.com/) returns .. are those really the issue ? | 12:45 |
| jrosser | i don't know, we just copied the architecture that OSA does when ceph is integrated, but in a seperated deployment with ceph-ansible | 12:46 |
| noonedeadpunk | MickyMan77: ok, it seems we use different destination hosts there. So in first case we're running task really against `log1-osint` and it's reall reachable. And what fails - we run against `log1-osint_rsyslog_container-ee3657da` so we connect to the `log1-osint` wit our connection wrapper https://opendev.org/openstack/openstack-ansible-plugins/src/branch/master/connection/ssh.py | 12:47 |
| admin0 | is it possible to share the content of ceph.conf override on the group_vars | 12:47 |
| admin0 | my override is under client.radosgw.gateway: ... while documentations .. point to i should do client.radosgw.<hostname> | 12:48 |
| noonedeadpunk | can you probably run it with -vvv? | 12:48 |
| jrosser | admin0: http://paste.openstack.org/show/802639/ | 12:49 |
| admin0 | jrosser, . i am working to make it like this .. | 12:50 |
| admin0 | but i think the overrides in my ceph.conf is in the wrong place | 12:50 |
| admin0 | for example, mine is under [client.radosgw.gateway] .. while i see a section [client.rgw.c3.rgw0] where i think it should go | 12:51 |
| admin0 | so i need a way to somehow target client.rgw.(hostname).rgw0 in ceph-ansible | 12:52 |
| openstackgerrit | Merged openstack/openstack-ansible master: Use Tempest for dashboard test instead of tempest-horizon https://review.opendev.org/c/openstack/openstack-ansible/+/775328 | 12:52 |
| jrosser | admin0: here's a ceph.conf from one of the radosgw http://paste.openstack.org/show/802640/ | 12:53 |
| admin0 | i see what my issue is | 12:54 |
| jrosser | historical cruft in there i expect too | 12:54 |
| admin0 | i have the overrides under client.rgw.gateway and not client.rgw.$HOSTNAME.rg0 | 12:54 |
| admin0 | thank you jrosser | 12:55 |
| jrosser | no problem - hope it helps | 12:56 |
| admin0 | regarding ss02 .. i have seen in horizon an external auth ( another dropdown ) .. i already have done AD and LDAP .. but in this new requirement, i have to do a saml/openID ( either of those ) | 12:56 |
| admin0 | i found this URL as a starting point: https://docs.openstack.org/openstack-ansible-os_keystone/latest/configure-federation-sp.html | 12:57 |
| *** macz_ has joined #openstack-ansible | 13:02 | |
| admin0 | jrosser, if you can also let me see a glimpse of that config, ( with urls all masked) that would help a lot | 13:03 |
| jrosser | i am not sure really how much it will help | 13:05 |
| jrosser | there are very many things which will be specific to the deployment and the individual OIDC identity provider | 13:06 |
| *** macz_ has quit IRC | 13:07 | |
| admin0 | ok .. does it go under user_variables and keystone_sp: ? | 13:10 |
| admin0 | that would be a starting point for me | 13:11 |
| jrosser | keystone_sp: is a variable you can put in user_variables, just like in the link you gave | 13:11 |
| *** LowKey has quit IRC | 13:24 | |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible-os_horizon stable/ussuri: Fix race condition in compression of static files https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/775592 | 13:27 |
| openstackgerrit | Andrew Bonney proposed openstack/openstack-ansible-os_horizon stable/victoria: Fix race condition in compression of static files https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/775339 | 13:29 |
| admin0 | 3rd thing i faced during the weekend.. i setup gnocchi_ceph_pool: metrics .. and gnocchi_ceph_username: gnocchi .. . but i see in the gnocchi containers that there is no ceph support and the default is set to file | 13:30 |
| admin0 | so are there any extra settings for gnocchi to use ceph for its metrics | 13:30 |
| jrosser | admin0: this is at least part of it https://docs.openstack.org/openstack-ansible-ceph_client/latest/configure-ceph.html#configure-os-gnocchi-with-ceph-client | 13:44 |
| admin0 | thanks jrosser .. seems to have missed this | 13:50 |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible stable/ussuri: Use nodepool epel mirror in CI for systemd-networkd package https://review.opendev.org/c/openstack/openstack-ansible/+/775636 | 13:55 |
| *** macz_ has joined #openstack-ansible | 13:56 | |
| admin0 | jrosser, i tried client.rgw.$HOSTNAME.rgw0: in group_vars/all.yml .. but could not override those settings .. can u confirm if in yours its done manually or via ceph-ansible .. if if its ceph-ansible, what is the exact key that add those keystone stuff to that section | 13:57 |
| admin0 | its only 3 mons .. i think i will just do it manually first | 13:58 |
| *** macz_ has quit IRC | 14:00 | |
| jrosser | admin0: sorry i have meetings now | 14:00 |
| *** gshippey has joined #openstack-ansible | 14:04 | |
| *** d34dh0r53 has joined #openstack-ansible | 14:12 | |
| *** pcaruana has quit IRC | 14:15 | |
| *** rohit02 has quit IRC | 14:19 | |
| *** rohit02 has joined #openstack-ansible | 14:19 | |
| *** pcaruana has joined #openstack-ansible | 14:20 | |
| openstackgerrit | Merged openstack/openstack-ansible-os_tempest master: remove master standalone upgrade https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/774916 | 14:25 |
| openstackgerrit | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_horizon stable/victoria: Install barbican-ui when the barbican service is deployed https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/775638 | 14:25 |
| MickyMan77 | noonedeadpunk: i have now start the deploy with -vvv option.. i think it will take 30 min untill i see the error. | 14:31 |
| djhankb | Hey folks - Is anyone able to point me to any troubleshooting tips for Galera nodes that are repeatedly failing HAProxy health checks and being marked down? I added a new Galera node a couple days ago and ever since then I've been having frequent "outages" | 14:39 |
| admin0 | hi all .. this is my error and config for cinder .. what line did I miss: https://gist.githubusercontent.com/a1git/53720f9d0f3a0df250eea0a1577dead9/raw/bfe9f0c4259c6afeabc1a63a27f5de9908550e4d/gistfile1.txt | 14:40 |
| admin0 | i do not see anything that says enabled_backends in the config examples we have | 14:41 |
| admin0 | my mistake :( | 14:42 |
| djhankb | it seems like the TCP/9200 HTTPChk is periodically throwing a 503 | 14:43 |
| admin0 | i typed container_backends vs cinder_backends: | 14:44 |
| MickyMan77 | noonedeadpunk: here is the info.. http://paste.openstack.org/show/802644/ | 14:49 |
| *** tosky has quit IRC | 14:55 | |
| noonedeadpunk | so.... deploy host runs basically `ssh log1-osint lxc-attach --clear-env --name log1-osint_rsyslog_container-ee3657da` | 14:55 |
| noonedeadpunk | I'm wondering if it's smth weird with connection plugin, but it connects to other hosts... | 14:58 |
| *** d34dh0r53 has quit IRC | 15:00 | |
| *** LowKey has joined #openstack-ansible | 15:02 | |
| openstackgerrit | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Do not apply force flag to git.reset https://review.opendev.org/c/openstack/openstack-ansible/+/775665 | 15:03 |
| openstackgerrit | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican stable/victoria: Fix crypto_plugin defenition https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/775639 | 15:08 |
| *** waxfire8 has joined #openstack-ansible | 15:31 | |
| *** waxfire has quit IRC | 15:31 | |
| *** waxfire8 is now known as waxfire | 15:31 | |
| admin0 | anyone else using qnap(iscsi) with cinder ? | 15:33 |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible master: Use ceph package mirror during CI jobs https://review.opendev.org/c/openstack/openstack-ansible/+/775598 | 15:34 |
| openstackgerrit | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Fix Docker latest_tag parser https://review.opendev.org/c/openstack/openstack-ansible/+/775670 | 15:48 |
| *** macz_ has joined #openstack-ansible | 15:48 | |
| *** tosky has joined #openstack-ansible | 16:02 | |
| *** d34dh0r53 has joined #openstack-ansible | 16:02 | |
| openstackgerrit | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Trigger deploy guide rebuild on a-r-r update https://review.opendev.org/c/openstack/openstack-ansible/+/775673 | 16:03 |
| openstackgerrit | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Trigger deploy guide rebuild on a-r-r update https://review.opendev.org/c/openstack/openstack-ansible/+/775673 | 16:03 |
| *** rohit02 has quit IRC | 16:20 | |
| *** rohit02 has joined #openstack-ansible | 16:20 | |
| openstackgerrit | Merged openstack/openstack-ansible master: [doc] Add ceph_mons note https://review.opendev.org/c/openstack/openstack-ansible/+/775085 | 16:21 |
| *** d34dh0r53 has quit IRC | 16:21 | |
| *** cloudnull has quit IRC | 16:25 | |
| *** cloudnull has joined #openstack-ansible | 16:28 | |
| *** ioni has left #openstack-ansible | 16:29 | |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible master: Collect contents of /etc/dnf from CI jobs https://review.opendev.org/c/openstack/openstack-ansible/+/775677 | 16:32 |
| *** ioni has joined #openstack-ansible | 16:32 | |
| *** prometheanfire has quit IRC | 16:34 | |
| *** macz_ has quit IRC | 16:36 | |
| *** prometheanfire has joined #openstack-ansible | 16:39 | |
| *** d34dh0r53 has joined #openstack-ansible | 16:44 | |
| *** rohit02 has quit IRC | 16:56 | |
| *** rohit02 has joined #openstack-ansible | 16:57 | |
| *** d34dh0r53 has quit IRC | 17:00 | |
| jrosser | noonedeadpunk: can you see why we don't seem to collect any container journals here https://zuul.opendev.org/t/openstack/build/5837348ee8c44a1d976211356dbb65a9/logs | 17:02 |
| jrosser | oh maybe becasue the job times out? perhaps that means we never get to log collection? | 17:02 |
| jrosser | hmmm well except it does do the log collection..... | 17:04 |
| djhankb | found my issue - ran out of "max_connections" in Galera. | 17:04 |
| *** rohit02 has quit IRC | 17:05 | |
| noonedeadpunk | hm , yes, we do collect logs... | 17:07 |
| jrosser | i was going looking for the galera/mariadb log, and seems to be nothing | 17:09 |
| noonedeadpunk | logs collection looks legit... | 17:14 |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible stable/ussuri: Use nodepool epel mirror in CI for systemd-networkd package https://review.opendev.org/c/openstack/openstack-ansible/+/775636 | 17:18 |
| noonedeadpunk | ok, so at least it was not https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/774918 the reason why galera got stuck... | 17:18 |
| noonedeadpunk | jrosser: any reason we create galera_monitoring_user for both localhost and %? | 17:19 |
| noonedeadpunk | But actually I think that smth goes wrong during root creation | 17:19 |
| jrosser | is one for tcp and the other unix socket? | 17:19 |
| jrosser | you are right it was not the xinetd thing | 17:20 |
| noonedeadpunk | % is for all hosts (ie wildcard)? | 17:20 |
| noonedeadpunk | I think for socket it would not need password then? | 17:20 |
| noonedeadpunk | I can recall some recomendations not touch root user... | 17:21 |
| noonedeadpunk | If you need root - create with another username | 17:21 |
| noonedeadpunk | maybe we should try changing galera_root_user..... | 17:21 |
| noonedeadpunk | like here https://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/all/infra.yml#L36 | 17:22 |
| * jrosser wonders how much that will break :) https://codesearch.opendev.org/?q=galera_root_user | 17:24 | |
| jrosser | but yes, it can't really hurt to make a specific user | 17:24 |
| jrosser | osa-root or something | 17:25 |
| noonedeadpunk | yeah | 17:25 |
| noonedeadpunk | we can eventually use admin as well) | 17:30 |
| jrosser | yeah, thats good | 17:33 |
| * jrosser watches in #maria | 17:33 | |
| openstackgerrit | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_zun master: Remove pre-flight checks https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/775682 | 17:33 |
| noonedeadpunk | Can you recall why we switched to utility container to setup galera users at the first place? because we have venv there? | 17:45 |
| noonedeadpunk | Also I think if we need % as well.... | 17:46 |
| noonedeadpunk | we can probably limit to mgmt network? | 17:46 |
| openstackgerrit | Jonathan Rosser proposed openstack/ansible-role-pki master: Add boilerplate ansible role components https://review.opendev.org/c/openstack/ansible-role-pki/+/774620 | 17:46 |
| jrosser | it was all to do with bind-to-mgmt i think | 17:47 |
| *** rpittau is now known as rpittau|afk | 17:47 | |
| jrosser | and the decision was to use utility host and the LB VIP to talk to the db always | 17:48 |
| jrosser | i remember quite a involved discussion about this | 17:48 |
| noonedeadpunk | yeah me too. | 17:49 |
| noonedeadpunk | And delegate to galera was among options iirc... | 17:49 |
| noonedeadpunk | well, whatever | 17:49 |
| jrosser | things like db hosts maybe on a different subnet and not always reachable | 17:49 |
| noonedeadpunk | ah, yes | 17:49 |
| noonedeadpunk | indeed | 17:49 |
| jrosser | firwall rules stuff, like standard access pattern was via the VIP and should already exist | 17:49 |
| jrosser | and also things got messy on the galera hosts becasue we don't have a reliable python venv there either | 17:50 |
| noonedeadpunk | yeah, I think it was about venv at the frst place but not sure | 17:51 |
| noonedeadpunk | whatever, it works fine now | 17:51 |
| noonedeadpunk | except that small part | 17:51 |
| *** d34dh0r53 has joined #openstack-ansible | 17:53 | |
| openstackgerrit | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use admin user instead of root for galera https://review.opendev.org/c/openstack/openstack-ansible/+/775684 | 17:54 |
| noonedeadpunk | We totally mess out with default stuff http://paste.openstack.org/show/802654/ | 17:55 |
| noonedeadpunk | I'm wondering if things stuck when we get unlucky and galera performs some kind of sync or dunno | 17:56 |
| noonedeadpunk | (paste from cleanly installed mariadb) | 17:56 |
| jrosser | the var galera_root_user is now kind of confusing | 17:58 |
| noonedeadpunk | as we always catch it right after adjusting root for localhost... | 17:58 |
| jrosser | becasue its not the root user :) | 17:58 |
| noonedeadpunk | it still has "root" permissions?:) | 17:58 |
| noonedeadpunk | While I agree, I'm afraid of refactoring that variable name... | 17:59 |
| jrosser | yes, this seems like a reasonable change, just the root->admin | 18:00 |
| jrosser | it perhaps also has no impact at upgrade time | 18:00 |
| noonedeadpunk | yeah, except that you don't need root user anymore... | 18:00 |
| *** johnsom has quit IRC | 18:01 | |
| jrosser | i wonder if there is a safe way to put that back to be unconfigured | 18:01 |
| jrosser | would be bad to introduce a similar but opposite error trying that | 18:01 |
| *** rpittau|afk has quit IRC | 18:01 | |
| *** maharg101 has quit IRC | 18:02 | |
| *** johnsom has joined #openstack-ansible | 18:02 | |
| *** rpittau|afk has joined #openstack-ansible | 18:04 | |
| noonedeadpunk | I don't think there is actually... | 18:05 |
| jrosser | sounds like good news on a new 10.5 though | 18:07 |
| noonedeadpunk | yeah, was just writing that 10.5.9 might help as well | 18:07 |
| jrosser | it broke 2nd try for me on lxc AIO so hopefully it can be tested quite quickly to be better or not | 18:07 |
| *** d34dh0r53 has quit IRC | 18:20 | |
| *** cloudnull has quit IRC | 18:24 | |
| *** cloudnull has joined #openstack-ansible | 18:28 | |
| *** LowKey has quit IRC | 18:29 | |
| *** macz_ has joined #openstack-ansible | 18:30 | |
| *** andrewbonney has quit IRC | 18:34 | |
| *** macz_ has quit IRC | 18:35 | |
| * jrosser wonders if this can be overidden in user_variables https://opendev.org/openstack/openstack-ansible-ceph_client/src/branch/master/vars/debian.yml#L50 | 18:37 | |
| *** openstackgerrit has quit IRC | 18:38 | |
| *** openstackgerrit has joined #openstack-ansible | 18:42 | |
| openstackgerrit | Jonathan Rosser proposed openstack/openstack-ansible master: Use infra mirror for ceph_client role in CI https://review.opendev.org/c/openstack/openstack-ansible/+/775695 | 18:42 |
| *** LowKeys has joined #openstack-ansible | 18:48 | |
| *** macz_ has joined #openstack-ansible | 18:51 | |
| *** ioni has quit IRC | 18:51 | |
| openstackgerrit | Merged openstack/openstack-ansible-os_ironic master: Move ironic pip packages from constraints to requirements https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/772284 | 18:53 |
| *** macz_ has quit IRC | 18:55 | |
| *** cloudnull has quit IRC | 19:05 | |
| *** cloudnull has joined #openstack-ansible | 19:08 | |
| openstackgerrit | Merged openstack/openstack-ansible-os_barbican stable/victoria: Fix crypto_plugin defenition https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/775639 | 19:15 |
| openstackgerrit | Merged openstack/openstack-ansible-os_horizon stable/victoria: Fix race condition in compression of static files https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/775339 | 19:48 |
| *** macz_ has joined #openstack-ansible | 19:51 | |
| *** macz_ has quit IRC | 19:56 | |
| *** luksky has quit IRC | 19:58 | |
| *** luksky has joined #openstack-ansible | 19:58 | |
| *** openstackgerrit has quit IRC | 20:06 | |
| *** openstackgerrit has joined #openstack-ansible | 20:08 | |
| openstackgerrit | Merged openstack/openstack-ansible master: Disable octavia ipv6 tempest test by fixing config error https://review.opendev.org/c/openstack/openstack-ansible/+/772379 | 20:08 |
| *** luksky has quit IRC | 20:17 | |
| *** luksky has joined #openstack-ansible | 20:30 | |
| *** ioni has joined #openstack-ansible | 20:33 | |
| MickyMan77 | next issue with the upgrade.. "Ensure nginx does not listen on 80 port" http://paste.openstack.org/show/802660/ | 20:45 |
| *** prometheanfire has quit IRC | 20:46 | |
| *** cloudnull has quit IRC | 20:46 | |
| *** fanfi has quit IRC | 20:47 | |
| *** cloudnull has joined #openstack-ansible | 20:48 | |
| *** prometheanfire has joined #openstack-ansible | 20:52 | |
| *** rh-jelabarre has quit IRC | 20:55 | |
| openstackgerrit | Merged openstack/openstack-ansible-openstack_hosts master: Use integrated tests https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/774688 | 20:58 |
| *** luksky has quit IRC | 21:00 | |
| *** rh-jelabarre has joined #openstack-ansible | 21:01 | |
| *** rh-jelabarre has quit IRC | 21:01 | |
| *** rh-jelabarre has joined #openstack-ansible | 21:02 | |
| openstackgerrit | Merged openstack/openstack-ansible stable/train: Bump SHAs for stable/train https://review.opendev.org/c/openstack/openstack-ansible/+/775523 | 21:02 |
| *** prometheanfire has quit IRC | 21:06 | |
| *** prometheanfire has joined #openstack-ansible | 21:12 | |
| *** luksky has joined #openstack-ansible | 21:12 | |
| *** cloudnull has quit IRC | 21:26 | |
| *** cloudnull has joined #openstack-ansible | 21:28 | |
| *** waxfire has quit IRC | 22:09 | |
| *** waxfire has joined #openstack-ansible | 22:10 | |
| *** noonedeadpunk has quit IRC | 22:24 | |
| *** cloudnull has quit IRC | 22:26 | |
| *** cloudnull has joined #openstack-ansible | 22:28 | |
| *** noonedeadpunk has joined #openstack-ansible | 22:30 | |
| *** jbadiapa has quit IRC | 22:44 | |
| *** cloudnull has quit IRC | 23:05 | |
| *** cloudnull has joined #openstack-ansible | 23:06 | |
| *** luksky has quit IRC | 23:17 | |
| *** macz_ has joined #openstack-ansible | 23:25 | |
| *** macz_ has quit IRC | 23:30 | |
| *** gshippey has quit IRC | 23:54 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!