Tuesday, 2021-02-16

*** macz_ has joined #openstack-ansible		00:07
*** macz_ has quit IRC		00:11
*** tosky has quit IRC		00:30
*** macz_ has joined #openstack-ansible		00:49
*** macz_ has quit IRC		00:53
*** noonedeadpunk has quit IRC		01:19
*** noonedeadpunk has joined #openstack-ansible		01:20
*** maharg101 has joined #openstack-ansible		02:01
*** maharg101 has quit IRC		02:05
*** dmsimard has quit IRC		02:16
*** dmsimard has joined #openstack-ansible		02:17
*** macz_ has joined #openstack-ansible		02:49
*** macz_ has quit IRC		02:54
*** prometheanfire has quit IRC		02:58
*** prometheanfire has joined #openstack-ansible		03:39
*** maharg101 has joined #openstack-ansible		04:02
*** rohit02 has joined #openstack-ansible		04:05
*** maharg101 has quit IRC		04:06
*** raukadah is now known as chandankumar		04:37
*** evrardjp has quit IRC		05:33
*** evrardjp has joined #openstack-ansible		05:33
*** LowKeys has quit IRC		06:09
*** djhankb has quit IRC		06:18
*** djhankb has joined #openstack-ansible		06:19
*** brad[] has quit IRC		06:20
*** brad[] has joined #openstack-ansible		06:23
*** mugsie has quit IRC		06:37
*** miloa has joined #openstack-ansible		07:04
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible master: Use infra mirror for ceph_client role in CI https://review.opendev.org/c/openstack/openstack-ansible/+/775695	07:50
*** maharg101 has joined #openstack-ansible		07:57
*** luksky has joined #openstack-ansible		08:07
*** MickyMan77 has left #openstack-ansible		08:11
*** MickyMan77 has joined #openstack-ansible		08:11
*** macz_ has joined #openstack-ansible		08:19
*** jbadiapa has joined #openstack-ansible		08:22
*** andrewbonney has joined #openstack-ansible		08:23
*** macz_ has quit IRC		08:23
*** rohit02 has quit IRC		08:23
*** rohit02 has joined #openstack-ansible		08:23
*** rpittau\|afk is now known as rpittau		08:37
*** tosky has joined #openstack-ansible		08:44
frickler	is rally being actually executed anywhere or is it just being installed into utility? I'm asking because for me, the venv is broken, it is missing pymysql in order to be able to use rally	08:48
jrosser	it's just installed	08:49
noonedeadpunk	so... admin lacks privileges to bootstrap galera....	08:52
MickyMan77	hmm, next issue with the upgrade.. "Ensure nginx does not listen on 80 port" http://paste.openstack.org/show/802660/	08:57
noonedeadpunk	oh, what was with lxc?	08:58
noonedeadpunk	oh, hm, that is interesting... it's nginx validation error....	09:00
noonedeadpunk	interestingly why it's trying to load uwsgi_params from ansible temp	09:03
noonedeadpunk	is it imported relatively?	09:03
noonedeadpunk	oh, yes... https://opendev.org/openstack/openstack-ansible-os_keystone/src/branch/master/templates/keystone_nginx.conf.j2#L50	09:06
noonedeadpunk	that looks like valid bug	09:07
noonedeadpunk	jrosser: should be set absolute path or jsut drop validate there? https://opendev.org/openstack/openstack-ansible-os_keystone/src/branch/master/tasks/keystone_nginx.yml#L44	09:08
frickler	noonedeadpunk: I'd say setting "include /etc/nginx/uwsgi_params;" is the correct solution	09:13
noonedeadpunk	yeah... Already doig that	09:14
jrosser	is it because the place that the validation is done isnt the usual location of the file?	09:14
noonedeadpunk	I think it tries to validate on fly	09:14
frickler	jrosser: yes, the path is relative to the config file location	09:14
noonedeadpunk	to it adjusted config in tmp and before placing it to the destination - verify it	09:15
jrosser	so long as the path is consistent across OS making it absolute sounds good	09:15
noonedeadpunk	I actually thought that ansible before was just reverting the change	09:15
noonedeadpunk	Well, according to https://opendev.org/openstack/openstack-ansible-os_keystone/src/branch/master/tasks/keystone_nginx.yml#L91 it seems it is now	09:16
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Use absolute path for uwsgi_params include https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/775776	09:18
noonedeadpunk	MickyMan77: can you try this out? ^	09:18
noonedeadpunk	so, rally needs patching? Was it the only issue with venv?	09:20
frickler	rally needs pymsql installed in order to be able to create its db. after that it seems fine so far. I was just wondering why there's no testing in place. maybe at least "rally db create; rally deployment create --fromenv" could be done to verify the installation	09:21
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-lxc_hosts master: Update Centos-8 LXC image to 8.3 https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/775778	09:24
frickler	actually I didn't check with your latest patch to use rally u-c instead of global ones yet, let me try that first	09:24
MickyMan77	noonedeadpunk: yes, I can try it.	09:25
jrosser	frickler: i would expect you need to add any extra packages here https://github.com/openstack/openstack-ansible-os_rally/blob/master/defaults/main.yml#L52-L53	09:26
MickyMan77	noonedeadpunk: it's failed with the patch.. http://paste.openstack.org/show/802675/	09:47
noonedeadpunk	ok, so `Ensure nginx does not listen on 80 port` runs before `Configure virtual hosts` where it can be applied...	09:50
noonedeadpunk	wait...	09:52
*** macz_ has joined #openstack-ansible		09:55
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Use absolute path for uwsgi_params include https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/775776	09:57
noonedeadpunk	MickyMan77: ^ changed order of the tasks	09:58
*** macz_ has quit IRC		09:59
MickyMan77	noonedeadpunk: it's working now... :)	10:23
noonedeadpunk	can you kindly place a cooment for the patch then?:)	10:26
MickyMan77	do I need to sign in to add an comment ?	10:33
*** ioni has quit IRC		10:33
*** ioni has joined #openstack-ansible		10:35
*** mugsie has joined #openstack-ansible		11:13
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible master: Add infra zuul job with reduced required_projects https://review.opendev.org/c/openstack/openstack-ansible/+/775809	11:22
admin0	morning	11:26
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible master: Add hosts zuul job with reduced required_projects https://review.opendev.org/c/openstack/openstack-ansible/+/775812	11:27
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible master: Add 'which' package to utility container https://review.opendev.org/c/openstack/openstack-ansible/+/775813	11:31
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-lxc_hosts master: Update Centos-8 LXC image to 8.3 https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/775778	11:31
noonedeadpunk	hm, why in the world horizon tests are not triggered here https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/775330	12:00
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Switch gnocchi release to 4.4 https://review.opendev.org/c/openstack/openstack-ansible/+/772485	12:14
*** macz_ has joined #openstack-ansible		12:29
*** macz_ has quit IRC		12:33
MickyMan77	noonedeadpunk: The upgrade deployment is now done without any issue. But when try to access the horizon gui I get this error..	12:36
MickyMan77	Something went wrong! An unexpected error has occurred. Try refreshing the page. If that doesn't help, contact your local administrator.	12:36
noonedeadpunk	needs looking at apache log. it means there's 500 somewhere	12:37
andrewbonney	That sounds like the compression race issue we saw	12:43
andrewbonney	If so, it would be fixed by https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/775086, but as a simpler workaround just re-running os-horizon-install should work too	12:47
MickyMan77	re-run of os-horizon-install did not help..	13:00
admin0	MickyMan77, do you have AD/LDAP integration setup ?	13:01
MickyMan77	yes, but I do not use it.	13:01
admin0	that is the issue :)	13:02
admin0	if you don't use it but only declare it .. it breaks horizon	13:02
admin0	remove that line, and you can then rerun the playbooks	13:02
admin0	i also faced the same issue when i set multidomain to true but not specify any ldap/ad	13:02
MickyMan77	what about "Collect and compress static files" should i fix that ?	13:03
admin0	i don't know .. i am more in deployments then in development :(	13:03
noonedeadpunk	well you should check what is the issue that is raised first of all	13:03
mgariepy	morning.	13:03
noonedeadpunk	apache error log should contain stack trace which causes 500	13:03
noonedeadpunk	o/	13:03
*** macz_ has joined #openstack-ansible		13:29
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-lxc_hosts master: Update Centos-8 LXC image to 8.3 https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/775778	13:30
*** macz_ has quit IRC		13:33
MickyMan77	I can't found any log that say 500 error.	13:45
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible master: Add 'which' package to utility container https://review.opendev.org/c/openstack/openstack-ansible/+/775813	13:52
admin0	MickyMan77, there is an error in apache ..	13:53
admin0	i don't have the setup right now to copy/paste it . but its reproducable even in aio	13:53
*** rohit02 has quit IRC		13:56
*** rohit02 has joined #openstack-ansible		13:56
*** tbarron\|out has quit IRC		13:59
admin0	MickyMan77, my fix was to remove horizon_keystone_multidomain* variables when not actually using any AD/LDAP	13:59
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican master: [doc] Add sample of Barbican/HSM configuration https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/775837	14:04
openstackgerrit	Merged openstack/openstack-ansible master: Trigger deploy guide rebuild on a-r-r update https://review.opendev.org/c/openstack/openstack-ansible/+/775673	14:08
openstackgerrit	Merged openstack/openstack-ansible master: Do not apply force flag to git.reset https://review.opendev.org/c/openstack/openstack-ansible/+/775665	14:08
admin0	while upgrading from u -> v , i get this error: "msg": "{'simple_crypto_plugin': {'kek': '{{ barbican_simple_crypto_key \| b64encode }}'}}: 'barbican_simple_crypto_key' is undefined .. anyone else received the same ?	14:09
admin0	hmm.. this is a new addition it seems	14:09
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican master: [doc] Add barbican configuration page https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/768513	14:28
noonedeadpunk	admin0: it should have been added to user_secrets.yml with https://opendev.org/openstack/openstack-ansible/commit/83eaf03d990c73c597b49419dc38fdc08ecabcb6	14:29
noonedeadpunk	sorry, meant with this code https://opendev.org/openstack/openstack-ansible/src/branch/master/scripts/upgrade-utilities/deploy-config-changes.yml#L66-L91	14:30
noonedeadpunk	patch just added variable to secrets.yml	14:31
noonedeadpunk	*user_secrets.yml	14:31
admin0	i can add this key there and populate it and re-run the playbook .. only question is if it breaks existing lbs	14:33
noonedeadpunk	you hsould set it to the same value it used to be...	14:33
noonedeadpunk	let me find relevant release note...	14:34
admin0	between 21.2.0 -> 22.0.1 this is a new variable added	14:35
noonedeadpunk	yeah, it should just be set to specific value... and I can recall pushing patch to cover that in reno...	14:36
admin0	so just add this variable, populate it with a random 32 string value and that should be it ?	14:37
noonedeadpunk	NOPE	14:37
noonedeadpunk	value should be the same you had before.	14:37
admin0	if this variable does not exist in older version .. how do I know what value it should be ?	14:38
noonedeadpunk	damn it, can't find...	14:38
noonedeadpunk	it existed	14:38
noonedeadpunk	it was hardcoded	14:38
noonedeadpunk	https://opendev.org/openstack/openstack-ansible-os_barbican/src/branch/stable/ussuri/templates/barbican.conf.j2#L279	14:40
noonedeadpunk	sorry it really didn't	14:40
noonedeadpunk	the thing it was the same for all deployments, which was super insane thing to have	14:40
admin0	let me grep -ri the configs to find if its also the value i have	14:41
admin0	or it does not go into configs and something else	14:41
noonedeadpunk	it goes to barbican/conf only	14:41
*** rohit02 has quit IRC		14:42
noonedeadpunk	uh I can recall discussion about patch to cover upgrade	14:42
noonedeadpunk	but can't find it....	14:42
noonedeadpunk	I can recall frickler comments on it lol	14:43
admin0	so I need to set barbican_simple_crypto_key to this key and re-run the playbooks ?	14:44
admin0	looking into the configs, i see a lot of default simple passwords	14:44
noonedeadpunk	aha https://review.opendev.org/c/openstack/openstack-ansible/+/771833	14:44
noonedeadpunk	but it's for designate...	14:45
admin0	this is for designate, but good to know	14:45
admin0	i also find password123 and mypassword hardcoded :D	14:45
openstackgerrit	Merged openstack/openstack-ansible stable/ussuri: Bump SHAs for stable/ussuri https://review.opendev.org/c/openstack/openstack-ansible/+/775522	14:46
noonedeadpunk	ok, than I just missed to have simmilar thing for barbican	14:46
openstackgerrit	Merged openstack/openstack-ansible master: Use ceph package mirror during CI jobs https://review.opendev.org/c/openstack/openstack-ansible/+/775598	14:46
admin0	if you know on the top of your head, should i use the value as-is, or i have to decode/encode it first ?	14:48
noonedeadpunk	as is	14:48
admin0	thanks	14:48
* noonedeadpunk goes to write reno		14:48
noonedeadpunk	btw would be awesome to merge https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/768513	14:50
noonedeadpunk	at least to review :p	14:50
*** macz_ has joined #openstack-ansible		14:50
admin0	i already have one comment :)	14:52
admin0	since when did our infra ips change from 172.29.236.11 to 172.20.236.111 :D	14:52
admin0	i thought our examples were uniform	14:52
admin0	with 172.29.236	14:52
noonedeadpunk	oh, good to know, since I took it from https://opendev.org/openstack/openstack-ansible/src/branch/master/etc/openstack_deploy/conf.d/barbican.yml.example	14:53
noonedeadpunk	what a mess....	14:54
*** rh-jlabarre has joined #openstack-ansible		14:54
admin0	noonedeadpunk, the orignal file had kek = 'YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=' while using the value asis, the new file has kek = 'WVdKalpHVm1aMmhwYW10c2JXNXZjSEZ5YzNSMWRuZDRlWG94TWpNME5UWT0='	14:54
*** rh-jelabarre has quit IRC		14:54
*** macz_ has quit IRC		14:55
admin0	noonedeadpunk, i think it should be abcdefghijklmnopqrstuvwxyz123456	14:55
noonedeadpunk	oh, I see what you mean..	14:55
noonedeadpunk	yeah	14:55
admin0	which is the base64 encoded value	14:55
noonedeadpunk	sorry :(	14:55
noonedeadpunk	it's indeed passed through base64 filter	14:55
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican master: [doc] Add barbican configuration page https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/768513	14:58
* noonedeadpunk should stop multitasking so much		15:00
*** rh-jelabarre has joined #openstack-ansible		15:00
*** rh-jlabarre has quit IRC		15:00
*** spatel has joined #openstack-ansible		15:02
* frickler gets woken up and tries to understand the backlog		15:04
frickler	for barbican, I don't understand why anyone would want to deploy it with simple_crypto plugin except maybe in the CI, it is soo unsafe	15:07
noonedeadpunk	well, not everyone ready to pay for hsm I guess	15:07
noonedeadpunk	and needs ssl termination for octavia made as simple as possible	15:08
noonedeadpunk	I just mixed up things with designate where we had pretty much the same situation...	15:08
noonedeadpunk	oh, well, and vault integration was working pretty bad if you wanted to use it for encryption at rest	15:12
noonedeadpunk	(it was eventually just broken)	15:12
noonedeadpunk	oh, I think it's actually still broken with https://review.opendev.org/c/openstack/barbican/+/763835	15:13
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible master: Add 'which' package to utility container https://review.opendev.org/c/openstack/openstack-ansible/+/775813	15:16
*** rohit02 has joined #openstack-ansible		15:17
* jrosser takes deep breath and looks at centos-8 stream again		15:19
noonedeadpunk	haha	15:19
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/victoria: Add reno about barbican_simple_crypto_key https://review.opendev.org/c/openstack/openstack-ansible/+/775856	15:19
noonedeadpunk	they still don't have images we can simply use	15:19
jrosser	/o\ i know	15:19
jrosser	i have made a chroot at the cli	15:19
jrosser	which isn't so much bigger than the centos-8 layer we get currently	15:19
noonedeadpunk	ah, right	15:20
noonedeadpunk	I can recall some patch you offered	15:20
noonedeadpunk	to make chroots as a source for all distros	15:20
noonedeadpunk	or it was only discussion?	15:20
noonedeadpunk	because I think it's great idea	15:20
jrosser	yes just discussion, but now i find a good example for how to do it with dnf	15:20
jrosser	odyssey4me: do you have an ansible way to distinguish centos-8 vs. centos-8 stream?	15:37
*** spatel has quit IRC		15:48
*** spatel has joined #openstack-ansible		15:48
noonedeadpunk	I think we will need to just consider every centos as stream...	15:53
jrosser	i am remembering now, the version is reported as 8	15:54
jrosser	but centos classic reports 8.3	15:54
noonedeadpunk	not sure how usable that is... we can't check for the version comparison that way...	15:54
jrosser	yeah, and we already have ternary for version < 8.3	15:55
jrosser	kernel modules madness	15:55
noonedeadpunk	like if it's lower then 8.1 then it's stream?	15:55
MickyMan77	where can I found the apache log for horizon ?	15:56
noonedeadpunk	inside horizon container in /var/log. You can check virtualhost conf as well for location of the error log	15:56
*** spatel has quit IRC		15:59
noonedeadpunk	#startmeeting openstack_ansible_meeting	16:00
openstack	Meeting started Tue Feb 16 16:00:16 2021 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.	16:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	16:00
*** openstack changes topic to " (Meeting topic: openstack_ansible_meeting)"		16:00
openstack	The meeting name has been set to 'openstack_ansible_meeting'	16:00
noonedeadpunk	#topic bug triage	16:00
*** openstack changes topic to "bug triage (Meeting topic: openstack_ansible_meeting)"		16:00
noonedeadpunk	I'm wondering why this issue raised https://bugs.launchpad.net/openstack-ansible/+bug/1805630	16:01
openstack	Launchpad bug 1805630 in openstack-ansible "Keystone install fail because it put node in maintenance and question it (503 unavailable)" [Undecided,New]	16:01
*** gshippey has joined #openstack-ansible		16:01
noonedeadpunk	I was never facing this tbh...	16:02
noonedeadpunk	I don't run IDP though...	16:02
jrosser	i have never seen anything like that	16:03
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder stable/victoria: Fix cert verification logic for cinder api https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/775771	16:03
jrosser	however we've never deployed with federation in the config initially	16:03
jrosser	i think it's always been something we layer on afterwards once the cloud is up	16:04
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder stable/victoria: Fix cert verification logic for cinder api https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/775771	16:04
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder stable/ussuri: Fix cert verification logic for cinder api https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/775772	16:05
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder stable/train: Fix cert verification logic for cinder api https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/775773	16:06
noonedeadpunk	ok	16:06
noonedeadpunk	then re-raised this one https://bugs.launchpad.net/openstack-ansible/+bug/1848245	16:07
openstack	Launchpad bug 1848245 in openstack-ansible "Deletion of routers with HA enabled fails" [Undecided,New] - Assigned to James Denton (james-denton)	16:07
jrosser	if it's a real bug i guess that this may fix it https://github.com/openstack/openstack-ansible/commit/457447431fe0c46e67b91717897e89fb971b753a	16:07
jrosser	as it moves all the federation setup to a second play, after keystone is active again in the LB	16:08
noonedeadpunk	hm, I guess I've mentioned that patch in the bug	16:08
*** macz_ has joined #openstack-ansible		16:10
*** spatel has joined #openstack-ansible		16:10
*** rpittau is now known as rpittau\|afk		16:10
jrosser	so back in rocky we carried a policy template inside the os_neutron role	16:11
noonedeadpunk	no I haven't	16:11
jrosser	perhaps this is somehow leftover policy from an old version	16:11
jrosser	for the keystone thing it would also need https://github.com/openstack/openstack-ansible/commit/2bb60193028fc848e87cdc7f416019482b8cf2cb	16:12
* jrosser messed up first time :(		16:12
noonedeadpunk	well that one I mentioned in bug)	16:13
jrosser	ok	16:15
noonedeadpunk	regarding rootwrap, I think we use smart_sources?:)	16:16
*** rohit02 has quit IRC		16:16
*** rohit02 has joined #openstack-ansible		16:16
noonedeadpunk	so we should just take this https://opendev.org/openstack/neutron/src/branch/master/etc/neutron/rootwrap.d/l3.filters	16:17
noonedeadpunk	well, they have this https://opendev.org/openstack/neutron/src/branch/stable/stein/etc/neutron/rootwrap.d/l3.filters#L72-L77	16:18
openstackgerrit	Merged openstack/ansible-role-python_venv_build stable/victoria: Remove preflight checks https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/775234	16:18
noonedeadpunk	Ok, I guess that's it in terms of bugs?	16:20
jrosser	yes	16:20
noonedeadpunk	oh. one thing. I introduced bug with dropping default barbican kek and https://review.opendev.org/c/openstack/openstack-ansible/+/775856 to ccover this	16:21
jrosser	could we go through this https://etherpad.opendev.org/p/osa-ci-failures	16:21
noonedeadpunk	totally!	16:22
jrosser	first one seems like progress on mariadb	16:22
jrosser	hopefully 10.5.9 will fix the failure to startup	16:22
jrosser	then next one "Fail to retrieve upper constraints"	16:22
jrosser	i have some patches but kind of not sure on the approach	16:23
noonedeadpunk	change of root -> admin fails on cluster bootstrap with missing permissions	16:23
jrosser	do we need to split the bootstrap and user creation to be root vs. admin user?	16:23
noonedeadpunk	I still don't like passing u-c as a content...	16:23
noonedeadpunk	I don't really know why it takes admin user for bootstrap.. because of my.cnf?	16:24
noonedeadpunk	needd to check this out	16:24
jrosser	do you have a neater way for the u-c stuff	16:24
jrosser	i was wanting to leave it overridable, to have several different SHA of u-c available on the repo server if needed	16:25
noonedeadpunk	but what stopps us from jsut passing local path here? https://review.opendev.org/c/openstack/openstack-ansible/+/774518/4/playbooks/repo-install.yml	16:26
noonedeadpunk	need of checkout?	16:26
jrosser	outside of CI the path isnt local	16:26
jrosser	actually does not exist at all	16:27
*** gyee has joined #openstack-ansible		16:27
MickyMan77	noonedeadpunk: when i check the /var/log/httpd/error_log, I can only see log entrys from the start of the httpd service.	16:27
MickyMan77	the access_log is empty	16:28
noonedeadpunk	but we can use get_url instead of uri?	16:28
jrosser	except in CI when it's file:///	16:29
noonedeadpunk	there's anyway `when: requirements_git_repo is search('http')`	16:29
jrosser	yes so this is all about making a clean interface to the repo server role	16:29
jrosser	which doesnt matter if CI or not	16:29
*** pcaruana has quit IRC		16:30
MickyMan77	noonedeadpunk: the VirtualHost have this setting...	16:30
MickyMan77	CustomLog "\|/usr/bin/env logger -p daemon.info -t httpd" "%h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""	16:30
*** miloa has quit IRC		16:30
jrosser	but something still not really feeling right about my patches, not sure really why	16:30
noonedeadpunk	yes, totally, but what I mean is - why we can't always provide it with local file path?	16:30
jrosser	on the deploy host?	16:30
noonedeadpunk	yep	16:30
noonedeadpunk	and instead of content it will be just src	16:31
jrosser	i had considered making /etc/openstack_deploy/u-c/	16:31
jrosser	and anything in there just gets put to the repo server	16:31
noonedeadpunk	and we won't need to retrieve u-c later as well, because we can use it all the time then	16:31
noonedeadpunk	or that...	16:32
noonedeadpunk	for realy deployments it's also a profit because in case of mirrors issues your deployment won't stuck	16:32
noonedeadpunk	or I'm missing that on repo container it won't be retrived anymore?	16:33
jrosser	see, this is more complicated than it seems on the surface :)	16:34
noonedeadpunk	yeah...	16:34
noonedeadpunk	I just really didn't have time to properly look this through...	16:34
noonedeadpunk	and play around with code	16:34
jrosser	ok, so related i left a comment here https://review.opendev.org/c/openstack/openstack-ansible/+/775095	16:35
noonedeadpunk	ah damn it	16:35
jrosser	ok cool	16:37
jrosser	next one i wanted an opinion on was this https://review.opendev.org/c/openstack/openstack-ansible/+/775695	16:37
noonedeadpunk	I need to spent time and configure gerrit email filters...	16:37
jrosser	ceph_client role seems to define the vars kind of oddly	16:37
* noonedeadpunk has 6k emails from gerrit in folder		16:37
jrosser	lots of things exist only in vars/blah.yml rather than defaults	16:37
*** LowKey has joined #openstack-ansible		16:38
openstackgerrit	Merged openstack/openstack-ansible master: Collect contents of /etc/dnf from CI jobs https://review.opendev.org/c/openstack/openstack-ansible/+/775677	16:38
jrosser	either i have a mistake with the override i make, or it's not possible to override that role var	16:38
noonedeadpunk	because it's included during runtime	16:39
noonedeadpunk	yeah, I think we should move things to default...	16:39
jrosser	right, so -e would only have precedence over vars/main.yml?	16:39
noonedeadpunk	I'm not 100% sure but might be...	16:40
jrosser	ok cool i will try to take a look at tidying up ceph_client vars a bit	16:40
jrosser	thats the CI errors that i've looked into	16:41
jrosser	the rest not so much yet	16:41
noonedeadpunk	let me quikly test it out...	16:41
jrosser	the "Keystone/memcached error" i think we need to talk to the oslo people	16:42
jrosser	something funky there with the connection to memcached from keystone in a way i don't understand	16:42
*** rohit02 has quit IRC		16:43
mgariepy	noonedeadpunk, added a comment on https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/768513	16:45
noonedeadpunk	ok, cool, thanks!	16:45
noonedeadpunk	jrosser: well, no, even when vars are included they can be overriden	16:46
jrosser	interesting	16:46
jrosser	must be something else i've got wrong there, just just wrong var name or somthing	16:47
noonedeadpunk	http://paste.openstack.org/show/802699/	16:47
noonedeadpunk	but, if you define in play vars it will be overriden	16:48
noonedeadpunk	http://paste.openstack.org/show/802700/	16:49
noonedeadpunk	so -e have prescedence over everything	16:50
noonedeadpunk	but maybe it's not the case here	16:50
* jrosser facepalm		16:50
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible master: Use infra mirror for ceph_client role in CI https://review.opendev.org/c/openstack/openstack-ansible/+/775695	16:51
jrosser	1 character wrong	16:51
noonedeadpunk	ah:)	16:51
noonedeadpunk	well)	16:51
*** pcaruana has joined #openstack-ansible		16:52
jrosser	the only other thing on the CI list which is pretty easy is adding erlang-solutions repo to the infra mirror	16:52
jrosser	though i did spend some time wading around system-config repo trying to figure that all out	16:52
noonedeadpunk	for focal we use native repo though, right?	16:53
noonedeadpunk	eventually whatever...	16:54
noonedeadpunk	we probably should ask fungi or clarkb ?	16:55
noonedeadpunk	just to ssave up some time?	16:55
jrosser	ah yes it was a buster job that broke	16:55
jrosser	seems every time they release a new package the repo is bust until someone tweets them	16:55
mgariepy	create a bot script to tweet them when it breaks !	16:56
mgariepy	haha	16:56
jrosser	i think that the infra reprepro stuff may shield us from that as it needs to repo to be good in order to mirror it	16:56
noonedeadpunk	well yes, that would be probably nice to have	16:57
jrosser	thats probably all on the CI fixes, but if anyone wants to dig at some of the more obtuse errors please do	16:57
jrosser	imho this is the best way we can reduce the CI load for OSA	16:58
noonedeadpunk	yeah But atm maria brings the most issues with ci	16:58
jrosser	final thing from me would be centos-8 stream	16:59
jrosser	i tried some stuff again in a VM today	16:59
jrosser	i could install networkd from epel and lxc copr repo without a ton of install conflicts like i got before	17:00
jrosser	and i got a chroot built with `sudo dnf --installroot=/home/centos/foobar install --setopt=install_weak_deps=False --nodocs rootfiles`	17:00
noonedeadpunk	I think idea to have all of lxc images build from chroot instead all that nasty searches is really awesome	17:01
jrosser	i will hack around in an AIO next to see what i can do	17:01
noonedeadpunk	and it should be faster as well	17:01
jrosser	agreed, was just looking at lxc_hosts and there is tons of complexity	17:01
jrosser	could be really simplified	17:02
noonedeadpunk	I was also thinking if we should add some centos forks support like AlmaLinux?	17:02
noonedeadpunk	I used to rely on cloudlinux a lot previously...	17:03
odyssey4me	jrosser not as far as I know - I can dig around for you if you like	17:03
jrosser	well, it's still very much the case that we don't have an active contributor for centos stuff	17:03
mgariepy	https://goo.gl/maps/mGtpF5rcW1T52rvU9 ?	17:03
jrosser	odyssey4me: that would be great, there are some differences we need to handle but the regualar ansible vars don't seem very helpful	17:04
odyssey4me	jrosser https://github.com/ansible/ansible/issues/73027	17:04
noonedeadpunk	oh so it's patched https://github.com/relrod/ansible/commit/44f8b8b56929df1b81852b73f862f3254b3bde2e	17:05
odyssey4me	yeah, that one may be worth proposing as a backport to the stable releases	17:05
jrosser	yes that would be useful, as 2.10 kind of exists and centos changes underneath it	17:06
* noonedeadpunk should finally write up tests for systemctl ansible module....		17:07
noonedeadpunk	#endmeeting	17:07
*** openstack changes topic to "Launchpad: https://launchpad.net/openstack-ansible \|\| Weekly Meetings: https://wiki.openstack.org/wiki/Meetings/openstack-ansible \|\| Review Dashboard: http://bit.ly/osa-review-board-v3"		17:07
openstack	Meeting ended Tue Feb 16 17:07:34 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	17:07
openstack	Minutes: http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2021/openstack_ansible_meeting.2021-02-16-16.00.html	17:07
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2021/openstack_ansible_meeting.2021-02-16-16.00.txt	17:07
openstack	Log: http://eavesdrop.openstack.org/meetings/openstack_ansible_meeting/2021/openstack_ansible_meeting.2021-02-16-16.00.log.html	17:07
mgariepy	i'm trying to have someone (again) to help a bit on the centos stuff	17:10
noonedeadpunk	maybe spatel decide to leave on centos after all :p	17:17
spatel	i am very happy after leaving centOS	17:17
noonedeadpunk	doh :(	17:17
spatel	I still have 2 large cloud running on CentOS 7.5 but onward everything will be on ubuntu	17:18
spatel	mgariepy I am happy to help out for any centOS stuff (soon planning to setup lab on centOS stream to play)	17:20
*** zul has joined #openstack-ansible		17:21
mgariepy	i know a relatively big user of centos.. will see if they start pushing patches and help out.	17:21
spatel	We are only focusing on centOS stream right and leaving centOS 8.x as it is. right?	17:25
*** maharg101 has quit IRC		17:25
noonedeadpunk	well, yes. As no reason to support unsupported distro	17:26
spatel	+1	17:27
mgariepy	are the SIG for centos continue/switch to alma/rocky after ?	17:59
spotz	mgariepy: which SiG?	18:12
spotz	RDO is in the process of switching to Stream for Wallaby and beyond	18:13
mgariepy	isn't the virtual sig used for centos?	18:13
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican master: [doc] Add barbican configuration page https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/768513	18:15
LowKey	Hi, i'm having an issue after remove haproxy and keepalived on infra server, i ran playbooks, seem fail to start haproxy but keepalived is working. here full details : http://paste.openstack.org/show/yj15qN4q99fLvPEWr0r1/	18:19
spotz	mgariepy: Not sure to be honest, and then I wasn't sure if you were talking about a CentOS SiG:)	18:22
mgariepy	i was talking about centos sigs ;) haha	18:22
mgariepy	how are you doing spotz ?	18:23
spotz	mgariepy: I'm cold! But I have power and water so can't complain. You?	18:23
mgariepy	you are cold?	18:23
mgariepy	here is't around 0F it's warmer than last week :D	18:24
mgariepy	0C.	18:24
mgariepy	lol	18:24
spotz	We have 4-6 inches of snow, it's 19 F with a high of 29 F. It will be 60 on Saturday and 70 next week	18:24
spotz	We're not equioed for this:(	18:25
mgariepy	last week we had like -13F / -25C	18:25
mgariepy	yeah i can understand :D haha	18:25
mgariepy	here we are supposed to be but schools are closed today.. because of snow..	18:26
prometheanfire	spotz: got to -14°C here, high of 1° though	18:27
prometheanfire	our water got very close to freezing	18:27
mgariepy	prometheanfire, where are you located?	18:28
prometheanfire	san antonio	18:28
spotz	prometheanfire: Our pump did freeze yesterday, mudpuppy got it defrosted and we found an infrared heat lamp bulb we had and put that in there so we have water again	18:30
mgariepy	i guess your water pipe are not too deep in your area, i live in quebec and we need to have the pipe at least 4-5 feet deep.	18:30
prometheanfire	well, the problem is that my water softener is in the garage, with exposed piping in the garage	18:31
spotz	We have a lot of rock/limestone under us. We can't get that deep	18:31
prometheanfire	heh, ya, that too	18:31
mgariepy	you need to isolate the garage then haha	18:31
mgariepy	don't you isolate to keep the heat out a bit ?	18:32
prometheanfire	ya, I just let it drip and flushed things every few hours	18:32
prometheanfire	nope	18:32
prometheanfire	attached garage	18:32
mgariepy	k	18:32
spotz	we have a slow stream now running in the kitchen	18:33
prometheanfire	some areas have no wall insulation, sometimes where pipes were, so can't help that	18:33
mgariepy	yeah here i don't have much insulation in the wall but that's because i have a very old house that is much in need of renovation ;)	18:35
prometheanfire	yep, built in about 68 here	18:36
mgariepy	1896 here	18:36
prometheanfire	oooo	18:36
mgariepy	when i say old it's old haha	18:36
prometheanfire	yep	18:37
mgariepy	i don't need ghost tour to see ghost around here haha	18:38
*** andrewbonney has quit IRC		18:54
noonedeadpunk	jrosser: ok, so the thing with maria is that `/usr/local/bin/galera_new_cluster` tries to use .my.cnf file that contain admin user while these users are created later	19:03
jrosser	maybe that should contain root instead of admin	19:05
jrosser	as the only things we should use that for are bootstrap and adding the users	19:05
noonedeadpunk	we probably can just omit having my.cnf on galera hosts	19:06
noonedeadpunk	since root is socket auth	19:07
noonedeadpunk	but not sure...	19:07
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Do not configure client as part of server role https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/775893	19:15
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use admin user instead of root for galera https://review.opendev.org/c/openstack/openstack-ansible/+/775684	19:16
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use admin user instead of root for galera https://review.opendev.org/c/openstack/openstack-ansible/+/775684	19:19
*** maharg101 has joined #openstack-ansible		19:22
*** maharg101 has quit IRC		19:27
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_tempest master: Use new openstack.cloud collection names https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/775895	19:29
*** jpvlsmv has quit IRC		19:31
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: Use new openstack.cloud collection names https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/775916	19:33
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_magnum master: Use new openstack.cloud collection names https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/775917	19:34
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_gnocchi master: Delete gnocchi_identity_setup https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/775918	19:37
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_designate master: Use new openstack.cloud collection names https://review.opendev.org/c/openstack/openstack-ansible-os_designate/+/775919	19:38
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Fix tags usage https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/775921	19:48
openstackgerrit	Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Use new openstack.cloud collection names https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/775923	19:50
*** luksky has quit IRC		19:55
*** luksky has joined #openstack-ansible		19:55
openstackgerrit	Merged openstack/openstack-ansible-os_horizon master: Use Tempest for dashboard test instead of tempest-horizon https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/774719	20:10
*** jpvlsmv has joined #openstack-ansible		20:24
*** zul has quit IRC		20:42
admin0	is there a place where i can see the cloud-init script passed to a vm ?	20:50
djhankb	admin0: i am pretty sure its buried in the http://169.254.169.254/latest/meta-data/ information, which you can retrieve with curl	21:12
djhankb	I don't remember the key offhand	21:13
*** maharg101 has joined #openstack-ansible		21:23
*** maharg101 has quit IRC		21:28
*** jbadiapa has quit IRC		21:36
openstackgerrit	Merged openstack/openstack-ansible-os_zun master: Remove pre-flight checks https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/775682	22:29
openstackgerrit	Merged openstack/openstack-ansible-os_horizon stable/victoria: Install barbican-ui when the barbican service is deployed https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/775638	22:43
*** arxcruz\|rover has quit IRC		22:46
*** arxcruz has joined #openstack-ansible		22:47
*** LowKey has quit IRC		23:20
*** luksky has quit IRC		23:22
*** spatel has quit IRC		23:48
*** tosky has quit IRC		23:57

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!