Wednesday, 2021-04-14

« Tuesday, 2021-04-13 Index Thursday, 2021-04-15 »
*** gyee has quit IRC00:38
*** cp- has quit IRC01:36
*** cp- has joined #openstack-ansible01:36
*** cp- has quit IRC01:45
*** cp- has joined #openstack-ansible01:47
*** evrardjp has quit IRC02:33
*** evrardjp has joined #openstack-ansible02:33
*** miloa has joined #openstack-ansible05:24
*** SiavashSardari has joined #openstack-ansible05:53
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible stable/victoria: Return PyMySQL installation for distro installs  https://review.opendev.org/c/openstack/openstack-ansible/+/78610706:08
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible stable/victoria: Return PyMySQL installation for distro installs  https://review.opendev.org/c/openstack/openstack-ansible/+/78610706:10
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible stable/victoria: Return PyMySQL installation for distro installs  https://review.opendev.org/c/openstack/openstack-ansible/+/78610706:12
*** tinwood has quit IRC06:22
*** tinwood has joined #openstack-ansible06:25
*** zbr has quit IRC06:30
*** zbr has joined #openstack-ansible06:32
*** macz_ has joined #openstack-ansible06:34
*** miloa has quit IRC06:34
*** PrinzElvis has quit IRC06:34
*** PrinzElvis has joined #openstack-ansible06:37
*** macz_ has quit IRC06:38
*** pto has quit IRC07:01
jrossermorning07:09
*** luksky has joined #openstack-ansible07:11
*** pto has joined #openstack-ansible07:12
*** andrewbonney has joined #openstack-ansible07:14
*** pto has quit IRC07:27
*** pto has joined #openstack-ansible07:38
*** miloa has joined #openstack-ansible07:40
*** miloa has quit IRC07:41
*** tosky has joined #openstack-ansible07:50
*** rpittau|afk is now known as rpittau07:55
zbro/08:34
*** macz_ has joined #openstack-ansible08:35
zbrcan someone explain me the history behind ansible-role-requirements.yml? apparently this seems to be unique to openstack and diverging from official ansible docs which only use requirements.yml08:36
*** macz_ has quit IRC08:39
SiavashSardarizbr openstack-ansible is kind of a wrapper for ansible commands and all features in general. maybe if you read https://opendev.org/openstack/openstack-ansible/src/branch/master/scripts/bootstrap-ansible.sh and https://opendev.org/openstack/openstack-ansible/src/branch/master/scripts/get-ansible-role-requirements.yml you can see that behind the09:09
SiavashSardariscene it is all pure ansible.09:09
zbrsome kind of reimplementation of ansible-galaxy cli, in pure ansible, even if ansible-galaxy is part of ansible core.09:11
zbri am not sure if the format is the same, but the logic seems very similar09:12
noonedeadpunkzbr: we don't publish our roles to galaxy and we clone them in parallel to save up time. But yes, that;'s pretty common to ansible-galaxy. Except I'm not sure if ansible-galaxy cli was implemented in ansible when ansible-role-requirements were introduced09:38
noonedeadpunkeventually we use ansible-galaxy cli for collections requirements https://opendev.org/openstack/openstack-ansible/src/branch/master/ansible-collection-requirements.yml09:40
noonedeadpunkbut cloning roles with https://opendev.org/openstack/openstack-ansible/src/branch/master/playbooks/library/git_requirements.py is so much faster then with ansible-galaxy cli....09:41
noonedeadpunkBut yes, technically we can I think move to usage of ansible-galaxy cli and merge these requirements files to just requirements.yml09:43
zbrgalaxy ci can install both roles/collection and can work even without the galaxy server (no need to rely on it, common concern)09:56
noonedeadpunkmain concern is clone speed at the moment09:56
noonedeadpunk(except historical)09:56
zbris outside my power to improve galaxy tool performance09:57
zbrmy concern was more about use of non standard filename, which breaks some tools that rely on standard.09:57
zbrfor example both ansible-lint and molecule do recognize these files and can install the deps declared in them, but have no clue about the ansible-role-requirements.yml one09:58
zbrprobably keeping the current custom installer is not a bad idea, but how about migrating it to use standard filenames?09:59
noonedeadpunkI've added discussion point to upcoming PTG :)10:00
zbrthanks.10:00
noonedeadpunkeventually for ansible-lint we prepare env in advance by clonning all roles10:00
zbrnoonedeadpunk: yep, but this means you ask developer to do extra preparation, it will never work fine right out of a clone.10:03
zbrfor example a tool like https://marketplace.visualstudio.com/items?itemName=zbr.vscode-ansible will never be able to recognize the deps on those repos.10:04
noonedeadpunkwell, it won't anyway, as we are also using custom modules that we don't have time to trnsform into collections, that needs to be cloned as well along with setting proper ENV vars10:04
noonedeadpunkWe have pretty long developer guide as well... Yeah, that's not ideal I know and hard for new ppl to do testing10:06
zbrthe linter does recognize modules from both roles and collections, and also provides a mock feature to mock roles/modules/collections in case making them available is too hard.10:07
noonedeadpunksounds quite good!10:07
zbrthere are few cases where mocking is easy path forward, i do not recommend it as you lose some checks but it is very easy to use.10:07
zbrsee https://github.com/ansible-community/ansible-lint/blob/master/.ansible-lint#L10-L1810:08
noonedeadpunkI think main issue for us is lack of the time to get things done10:09
noonedeadpunkAnd in case they are just working at the moment - they are left for later10:10
*** fresta has joined #openstack-ansible10:16
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: Use uWSGI for trove-api  https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/78420210:18
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: Update trove configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/78457110:18
*** snapdeal has joined #openstack-ansible10:26
evrardjpjrosser: I remember that some ppl wanted to use haproxy as a healthcheck for keepalived. So it made sense to bounce haproxy state to try to recover from split. I never used that bit in production, as I had my own haproxy configuration. Keepalived config was just a guideline, and it was expressed as such in the documentation, IIRC10:58
evrardjpIf you were to ask me how to do it right, I would drop the notification script, I would change the healthchecks in keepalived10:59
evrardjpThe simplest case is relying on VRRP, and if necessary act.11:01
evrardjpIf I really have to keep the notify script, I would not bounce back the haproxy to an "up" state. I would just stop haproxy. This way you avoid split brain cases. However, due to how we counfigured all our load-balanced services, I am not sure it matters11:02
evrardjpIn one of my PoC before I moved to my own haproxy role (due to requirements outside OSA's scope), I needed the bounce service because the addressed I pinged for health was behind haproxy.11:03
evrardjpThat should explain the whole story I hope :)11:04
*** snapdeal has joined #openstack-ansible11:05
snapdealTeam, Need little help to understand what I have messed up .. So I am using Ubuntu 20 for deploying Victoria and utilizing Open vSwitch for neutron.. in netplan config I have created bridges like br-vlan , br-storag, br-mgmt and in openstack_user_config i have just given already created bridge interface name..11:21
snapdealonce all setup was ready .. I can see ovs error as below :11:22
snapdealPort br-vlan11:22
snapdeal            Interface br-vlan11:22
snapdeal                type: internal11:22
snapdeal                error: "could not add network device br-vlan to ofproto (File exists)"11:22
snapdealDoes the OSA take care of bridge creation ? and my mistake was not to create bridge using netplan ?11:23
SiavashSardarisnapdeal I'm not sure but check brctl show. maybe something in netplan went wrong11:26
SiavashSardariand there was a linuxbridge br befor ovs one11:27
admin0snapdeal, how does your netplan config looks like ?11:27
admin0pastebin/gist11:27
admin0osa does not touch bridges .. but it would want to add containers to the right bridge11:28
admin0so what you need to do is only have ovs  in the compute/network nodes .. but not on the controllers11:28
snapdealnetwork:11:29
snapdeal  version: 211:29
snapdeal  renderer : networkd11:29
snapdeal  ethernets:11:29
snapdeal    enp6s0:11:29
snapdeal      dhcp4: no11:29
snapdeal      dhcp6: no11:29
snapdeal    ens15:11:29
snapdeal      dhcp4: no11:29
snapdeal      dhcp6: no11:29
snapdeal    eth5:11:29
snapdeal      dhcp4: no11:29
snapdeal      dhcp6: no11:29
snapdeal  bridges:11:29
snapdeal#Primary Network bridge to connect with all containers11:29
snapdeal    br-mgmt:11:29
snapdeal      interfaces: [enp6s0]11:29
snapdeal      addresses: [10.47.0.187/22]11:29
snapdealSiavashSardari : I guess you are right,....11:33
snapdealbrctl show show br-vlan as linux bridge and same is being added to ovs bridge11:33
SiavashSardariI think there is miss conf in your netplan11:34
SiavashSardaritry something like this http://paste.openstack.org/show/804456/ and reboot your server11:36
snapdealOkay .. This will make that ovs bridge instead of linux bridge ?11:37
SiavashSardarithis way netplan will create ovs bridges11:37
snapdealgot it..let me try .. thx11:37
SiavashSardariyep11:37
*** pto has quit IRC12:08
SiavashSardariI wanted to add [cors] to gnocchi and keystone conf. I did the same thing for both and run the playbook with config tag. keystone worked fine but gnochhi failed. I found https://review.opendev.org/c/openstack/openstack-ansible/+/728052 and https://github.com/ansible/ansible/issues/57529 and run the playbook without tags and problem solved. but I12:13
SiavashSardarididn't understand what happens here. to my eyes keystone and gnocchi playbooks looks the same in that matter.12:13
SiavashSardarinoonedeadpunk it was your patch, maybe you can help me understand what went wrong here?12:14
noonedeadpunkwell, probably for keystone your facts were relevant, since you was running some other playbook that gathered facts for the containers recently12:16
*** pto has joined #openstack-ansible12:17
noonedeadpunkthe issue here is that facts are expiring for ansible in 24 hours (that's default). You can disable facts expiration to overcome that. But then you will need to clean facts with any infra change manually12:17
jrossersnapdeal: have you read this about how OVS is intended to be used with openstack-ansible? https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-openvswitch.html12:18
noonedeadpunkand when you run with tags, facts gathering is not happening, because play has specific tag12:18
SiavashSardarinoonedeadpunk Thanks for explanation. that's what exactly happened here12:19
mgariepyto refresh the facts you can always run `ansible all -m setup`12:20
noonedeadpunkyeah12:20
*** luksky has quit IRC12:20
mgariepyyou can also add `-f 100` to make it faster !12:20
*** luksky has joined #openstack-ansible12:20
noonedeadpunkor not run all, but gnocchi_all :p12:21
*** luksky has quit IRC12:21
SiavashSardarimgariepy I did that. but nothing changed and running playbook with tag failed12:21
*** luksky has joined #openstack-ansible12:21
SiavashSardarinoonedeadpunk to be exact I did your version =D12:21
mgariepydepends on the playbook you run..12:21
snapdealJrosser: Yes.. I have gone through this earlier.. But missed to read the note that these bridges are created if network_interface  is defined... So best would be to not add it in netplan.. and let the OSA crate OVS bridge for us..12:21
mgariepysometimes it does matter if it's all or only a subset.12:21
noonedeadpunkSiavashSardari: for pre-V deployments I have smth like that in my tree http://paste.openstack.org/show/804464/12:22
noonedeadpunkand I run openstack-ansible test.yml -e hosts=gnocchi_all12:22
noonedeadpunkor smth like that12:23
SiavashSardarimgariepy I checked my history, I tried both and no luck either12:23
jrossersnapdeal: i think it's important to distinguish between how you deploy the networking/bridges on the controllers (usually 99% of the time this is never done with OVS) and what you do on compute/network nodes which may be OVS and auto-created bridges if you want for specific networks12:23
SiavashSardarinoonedeadpunk Thanks for the hint. I remember I had a similar issue when I added some new computes too. what changed at V about this?12:25
noonedeadpunkthe patch you mentioned has merged :)12:25
SiavashSardariit is backported to ussuri too12:26
snapdealJrosser: Controller and Network nodes are on same node here :)  .. We directly used VLAN based network for each project ... But yes I understood you point ..12:27
SiavashSardarijrosser I did all of my bridges including controllers with ovs. I did that since Q I gueses and it works fine too12:28
noonedeadpunkoh, well, I didn't have U anywhere, so...12:29
*** snapdeal has quit IRC12:30
*** macz_ has joined #openstack-ansible12:36
*** snapdeal has joined #openstack-ansible12:39
*** macz_ has quit IRC12:41
*** spatel_ has joined #openstack-ansible12:59
*** spatel_ is now known as spatel12:59
*** snapdeal has quit IRC13:13
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: [doc] Document how to use separate RabbitMQ cluster  https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/78478113:26
*** arxcruz has quit IRC13:57
*** arxcruz has joined #openstack-ansible13:59
*** SiavashSardari has quit IRC14:15
jrossercan anyone clueful with centos/dnf suggest what to do here http://paste.openstack.org/show/804473/14:37
jrosseras far as i can see the mirrorlist is sensible http://paste.openstack.org/show/804475/14:40
mgariepyjrosser, which version of centos 8 ?14:46
mgariepythe latest ?14:46
jrossercentos8-stream, booted from my image centos-stream-8-20201019.1-amd64.raw14:47
jrosserso new 'ish'14:48
jrosseractually its failing in the chroot made in lxc_hosts for the container image14:48
*** macz_ has joined #openstack-ansible14:49
mgariepytry to swicth to vault.centos.org14:49
*** macz_ has quit IRC14:49
mgariepyyour curl does works for the latest and greatest they probably don't keep the old version there14:49
mgariepy""enterprise""!!14:50
*** macz_ has joined #openstack-ansible14:50
jrossermad thing is i can dnf update just fine from the system itself15:03
jrosserand the yum repo config appears the same15:03
jrosserbut yes "enterprise" indeed15:03
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Use template URLs in Cell Mappings  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/78625815:06
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump SHAs for master  https://review.opendev.org/c/openstack/openstack-ansible/+/78580015:07
mgariepyjrosser, maybe some caching on the host that are not present in the chroot ?15:09
jrosserfeels like the chroot thats built is too new for the files we rsync across from the host, perhaps also some stuff missing from the chroot15:19
*** d34dh0r53 has quit IRC15:20
*** d34dh0r53 has joined #openstack-ansible15:22
mgariepyhmm sounds painful.15:26
mgariepyisn't rocky or alma linux available now ?15:27
spatelmgariepy i don't think rocky is read yet15:37
spatelQ2 2021 it will be available hope - https://rockylinux.org/news/community-update-february-2021/15:38
noonedeadpunkI put more trust into almalinux tbh15:41
noonedeadpunkAnd I think it's already available15:42
noonedeadpunkBut pretty sure that rhel lobby in OIF won't let creating alternative images in CI15:42
jrosserhuh right it needs centos-stream-release centos-stream-repos in the chroot15:42
jrosserpreviously it was good enough to rsync /etc/yum.repos.d across, but aparrently not any longer15:43
noonedeadpunkdoh.....15:43
noonedeadpunkwell, probably that would be ok, if we had stream based host?15:44
jrosserfinally i have side by side LXC AIO, one centos-8, one 8-stream15:44
jrosseroh this was all on the stream host15:44
noonedeadpunkwhaaat15:44
jrosseryup15:44
jrosserwas going to try to find WTF is making the stream one soooo slow for lxc15:45
jrosserbut apart from a bit off diff on the output of sysctl i'm not really sure where to start15:45
noonedeadpunk(╯°□°)╯︵ soʇuǝɔ15:46
jrossernice15:46
noonedeadpunkWell, I compared packages back then, but no luck there...15:47
jrosserthis is getting kind of problematic now, we really need to drop the centos8 jobs asap15:47
noonedeadpunkSo I have no idea what made that specific docker built working nicely...15:47
spateljrosser what is the status of parallel repo issue? any pending action item there?15:57
jrosseri've not done anything15:58
jrossertheres two things mixed up15:58
jrosserif we think there is a bug with the parallel git clone, its possible15:58
jrosserbut also really why we do shallow clones at all15:58
* noonedeadpunk is going to try asking in #centos-stream or #centos-devel15:59
spatelmay be Git shallow clone lets you pull down just the latest commits, not the entire repo history.15:59
spatelmay be that is our issue its not cloning entire repo16:00
jrosseras far as i know shallow clones can be really expensive for the git server to compute16:01
spatelI am curious why we hit that bug now not in past?16:01
jrosserthe parallel clone stuff is fairly recent16:01
spatelhmm! if its not adding lots of value then why don't we remove it :)16:02
noonedeadpunkso parallel clone fails again because of the missing tree? despite we extended depth?16:02
jrosserspatel did an upgrade which didnt work, and i think thats another case where #commits could easily be >2016:03
spatelnoonedeadpunk if you want error log i can try to rebuild lab and collect data16:04
jrosserspatel: it should be reproducible in an AIO be checking out an old tag, bootstrap-ansible, a much newer one then re-bootsrap16:05
jrossertheres no need for complex setup to do that16:05
jrosserbut you have to go from only having the old history to having one much newer, so needs to be a fresh build of an old tag16:05
jrosserimho i would rather remove the shallow clone16:06
spateljrosser noonedeadpunk found error logs here its - http://paste.openstack.org/show/804358/16:07
jrosserright, so it was always an error from the git command itself `git fetch --depth=20 --force\n  stderr: 'fatal: error in object: unshallow 94d56d23b256071b223a85085fbfa4ad9212c972`16:07
spatel+1 agreed to remove complexity.. i would prefer wait then troubleshooting16:08
jrosserit's not a problem directly related to the parallel-ness of this16:08
noonedeadpunkspatel: but eventually code just fallbacks to old process in case parallel fails16:09
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible/src/branch/master/scripts/get-ansible-role-requirements.yml#L135-L14916:09
noonedeadpunkbut with depth we had a different output16:10
spatelyes it will fallback but with RED error message so always worried16:10
noonedeadpunkthere tree wasn't found16:10
jrosserwell `We've identified that this is a bug with the git.exe client when running `git repack -adfl` - removed (unreachable) objects are not removed from the `.git\shallow`, causing git to think it has an object during shallow fetch that it actually doesn't. Until the bug is fixed, the workaround is to use a regular fetch rather than a shallow one.`16:13
jrosserfrom vscode bugs16:13
*** gyee has joined #openstack-ansible16:17
*** rpittau is now known as rpittau|afk16:21
noonedeadpunkjrosser: was told to check out cloud image in https://quay.io/repository/centos/centos?tag=stream8&tab=tags as it's official source as well o_O16:22
*** spatel has quit IRC16:22
jrosseri wonder how we download that without needing docker16:24
noonedeadpunknot sure...16:26
*** spatel_ has joined #openstack-ansible16:28
*** spatel_ is now known as spatel16:28
jrosseri guess that there is another factor which is the infra centos8-stream image16:37
jrosseri'm going to time setup-infrastructure on centos8 + stream with locally built chroot, and the current downloaded/unpacked image we have today16:38
*** andrewbonney has quit IRC17:59
*** ianychoi__ has quit IRC18:08
*** spatel has quit IRC18:15
*** spatel_ has joined #openstack-ansible18:19
*** spatel_ is now known as spatel18:19
jrosseroh wow the dnf built chroot is spectacularly slow18:32
jrosser35m11s for that vs 8m11s for the unpacked docker image as the rootfs18:32
*** gshippey has quit IRC18:37
noonedeadpunkis just simple lxc-attach and execute smth basic, like `w` is the same among them?19:38
jrosserthat’s next I think, benchmark lxc attach and also ansible with/without the connection plugin20:09
*** spatel has quit IRC20:15
*** luksky has quit IRC22:34
*** luksky has joined #openstack-ansible22:34
*** luksky has quit IRC22:40
*** mrda has quit IRC22:45
*** mrda has joined #openstack-ansible22:46
*** luksky has joined #openstack-ansible22:53
*** macz_ has quit IRC23:05
*** luksky has quit IRC23:18
*** tosky has quit IRC23:29
*** irclogbot_3 has quit IRC23:50
*** irclogbot_3 has joined #openstack-ansible23:55
« Tuesday, 2021-04-13 Index Thursday, 2021-04-15 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!