Thursday, 2021-05-06

« Wednesday, 2021-05-05 Index Friday, 2021-05-07 »
*** rh-jelabarre has quit IRC00:50
*** kleini has quit IRC01:16
*** kleini has joined #openstack-ansible01:16
*** mcarden has quit IRC01:17
*** d34dh0r53 has quit IRC01:52
*** ebbex has quit IRC01:52
*** bverschueren has quit IRC01:52
*** NewJorg has quit IRC01:52
*** grabes has quit IRC01:52
*** chandankumar has quit IRC01:52
*** corvus has quit IRC01:53
*** d34dh0r53 has joined #openstack-ansible01:54
*** ebbex has joined #openstack-ansible01:54
*** bverschueren has joined #openstack-ansible01:54
*** NewJorg has joined #openstack-ansible01:54
*** grabes has joined #openstack-ansible01:54
*** chandankumar has joined #openstack-ansible01:54
*** corvus has joined #openstack-ansible01:54
*** evrardjp has quit IRC02:33
*** evrardjp has joined #openstack-ansible02:33
*** macz_ has joined #openstack-ansible02:43
*** macz_ has quit IRC02:47
openstackgerritYuehuiLei proposed openstack/openstack-ansible-os_designate master: setup.cfg: Replace dashes with underscores  https://review.opendev.org/c/openstack/openstack-ansible-os_designate/+/78998702:51
openstackgerritYuehuiLei proposed openstack/openstack-ansible-openstack_openrc master: setup.cfg: Replace dashes with underscores  https://review.opendev.org/c/openstack/openstack-ansible-openstack_openrc/+/78998802:53
*** openstackgerrit has quit IRC03:31
*** miloa has joined #openstack-ansible05:14
*** miloa has quit IRC05:29
*** pto_ has joined #openstack-ansible06:21
*** pto has quit IRC06:25
*** shyamb has joined #openstack-ansible06:28
*** shyamb has quit IRC06:46
*** shyamb has joined #openstack-ansible06:50
*** pto_ has quit IRC06:53
*** pto has joined #openstack-ansible06:55
*** oleksandry has joined #openstack-ansible07:06
*** andrewbonney has joined #openstack-ansible07:13
*** rpittau|afk is now known as rpittau07:14
*** pto has quit IRC07:26
*** pto_ has joined #openstack-ansible07:26
*** pto_ has quit IRC07:27
*** pto has joined #openstack-ansible07:27
*** oleksandry has quit IRC07:30
*** oleksandry has joined #openstack-ansible07:46
*** openstackgerrit has joined #openstack-ansible07:47
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_glance master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/79000607:47
*** tosky has joined #openstack-ansible07:47
jrossernoonedeadpunk: interested to know what you think of that ^07:47
jrosserwe have a choice of adding more and more stuff on the end of transport_url (it's already pretty ugly) or breaking it out into variables07:48
noonedeadpunkI think that's actually good in case it's working as expected (I think it does). This won;'t work for nova though, so we should be careful there07:50
jrosserwhat trouble will we have there (i've been testing this with nova-compute btw)07:51
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_glance master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/79000607:54
jrosserwhat i would like to do is patch enough roles that we can put together a big stack with the pki patches and turn the ssl back on07:56
jrosserit's a shame that currently its needing an extra var for tls1.207:56
*** pto has quit IRC08:07
*** pto has joined #openstack-ansible08:07
noonedeadpunkwill bring trouble with conductor08:09
noonedeadpunkIt's mostly because of https://opendev.org/openstack/openstack-ansible-os_nova/commit/c6d4c6207fa904f30e471c598884b7bce66cbc8f08:10
noonedeadpunkI've migrated to cells template - it parse URL in config and place into the conductor during runtime08:11
*** shyamb has quit IRC08:12
noonedeadpunkso in case we don't have `{query}` for cell, I'm not sure that conductor will be happy with having setting in oslo_messaging_rabbit08:23
jrosserperhaps we have to split the behaviour there08:29
jrosserleave the query for ssl=1 / ssl=008:29
jrosserand put the ssl_version in a variable08:30
noonedeadpunkyeah, I think this way it should work08:36
*** Premkumarar has joined #openstack-ansible08:43
*** shyamb has joined #openstack-ansible08:45
*** shyam89 has joined #openstack-ansible08:53
*** shyamb has quit IRC08:54
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Correct shibboleth apache module name for ubuntu 20.04  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/79001809:02
*** Premkumarar has quit IRC09:25
*** pto_ has joined #openstack-ansible09:31
*** pto has quit IRC09:31
*** shyam89 has quit IRC09:35
*** shyamb has joined #openstack-ansible09:40
*** shyamb has quit IRC10:05
*** shyamb has joined #openstack-ansible10:06
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_glance master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/79000610:13
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/79003410:15
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_cinder master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/79003510:17
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_neutron master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/79003610:18
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_nova master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/79003710:22
openstackgerritJonathan Rosser proposed openstack/openstack-ansible master: WIP - Test PKI role  https://review.opendev.org/c/openstack/openstack-ansible/+/78803110:27
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_glance master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/79000610:31
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/79003410:32
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_cinder master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/79003510:32
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_neutron master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/79003610:33
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_nova master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/79003710:34
jonherhttps://review.opendev.org/c/openstack/openstack-ansible-os_cloudkitty/+/789267 is an easy +W11:03
jrosserjonher: done!11:07
jonherthanks!11:07
*** recyclehero has quit IRC11:24
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Gather minimal facts in CI  https://review.opendev.org/c/openstack/openstack-ansible/+/79004211:30
noonedeadpunkjrosser: so, yestarday I come up with https://review.opendev.org/c/openstack/openstack-ansible/+/789776 and on the contrary we might have solve this withhttps://review.opendev.org/c/openstack/openstack-ansible/+/78978411:30
jrosserits tricky isnt it11:36
jrosserbecasue 6x the amount of data really is a lot11:36
jrosserbut balanced with actually how much difference it makes11:36
noonedeadpunkyeah...11:37
noonedeadpunkI'm also not really sure. And considering, that setup runs each time despite cache is valid or not...11:37
jrosseri think in general what bothers me a bit is there are bound to be places were some extra fact is needed and we've not spotted it11:40
openstackgerritMerged openstack/openstack-ansible-os_cloudkitty stable/victoria: Fix wsgi_venv path for cloudkitty-api  https://review.opendev.org/c/openstack/openstack-ansible-os_cloudkitty/+/78926711:58
*** pto has joined #openstack-ansible12:03
*** pto has quit IRC12:04
*** pto has joined #openstack-ansible12:05
*** pto_ has quit IRC12:06
*** pto has quit IRC12:07
openstackgerritDamian Dąbrowski proposed openstack/openstack-ansible master: Increase backend_fall value for haproxy_letsencrypt_service  https://review.opendev.org/c/openstack/openstack-ansible/+/79005112:10
openstackgerritDamian Dąbrowski proposed openstack/openstack-ansible master: Increase backend_fall value for haproxy_letsencrypt_service  https://review.opendev.org/c/openstack/openstack-ansible/+/79005112:11
*** pto has joined #openstack-ansible12:13
*** rh-jelabarre has joined #openstack-ansible12:29
*** shyamb has quit IRC12:36
*** pto has quit IRC12:38
*** pto has joined #openstack-ansible12:39
*** pto has quit IRC12:43
*** pto has joined #openstack-ansible12:43
openstackgerritMerged openstack/openstack-ansible-os_zun master: Use ansible_facts[] instead of fact variables  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/78073312:53
*** pto has quit IRC13:02
*** pto has joined #openstack-ansible13:03
*** pto has joined #openstack-ansible13:03
*** oleksandry has quit IRC13:32
openstackgerritMerged openstack/openstack-ansible-os_masakari master: Allow to configure corosync ports  https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/78924113:54
*** vakuznet has joined #openstack-ansible13:55
vakuznethi, having keystone issue with recent train releses: http://paste.openstack.org/show/804999/13:59
openstackgerritMerged openstack/openstack-ansible-os_keystone master: Correct shibboleth apache module name for ubuntu 20.04  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/79001814:00
openstackgerritMerged openstack/openstack-ansible-os_cloudkitty master: [goal] Deprecate the JSON formatted policy file  https://review.opendev.org/c/openstack/openstack-ansible-os_cloudkitty/+/78087414:01
*** oleksandry has joined #openstack-ansible14:04
*** dave-mccowan has joined #openstack-ansible14:05
noonedeadpunkno idea if that's deployment issue or keystone itself. feels actually more like code issue14:06
jrosservakuznet: i am taking a guess that the version of python-ldap is not compatible with the train version of keystone14:07
jrossermaybe there is a missing constraint (outside OSA) and an update to python-ldap has broken things14:07
noonedeadpunkbut I'd expect it to be constrained...14:07
*** akahat is now known as akahat|ruck14:07
noonedeadpunk`python-ldap===3.2.0`14:07
noonedeadpunkvakuznet: can you check that it's the version you have in venv?14:08
jrossernoonedeadpunk: you were right about transport_url template being problematic http://paste.openstack.org/show/805002/14:11
vakuznetversion did not chage since 20.2.0 http://paste.openstack.org/show/80500114:11
jrosseroh wait - it's my error in the code, not the template14:11
openstackgerritMerged openstack/openstack-ansible-galera_server master: Add galera devel packages installation  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/78978614:13
*** lemko is now known as lemko114:14
*** lemko1 is now known as lemko14:14
*** lemko is now known as lemko_114:15
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_glance master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/79000614:15
openstackgerritMerged openstack/openstack-ansible-os_glance master: [goal] Deprecate the JSON formatted policy file  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/78074914:15
*** lemko_1 is now known as lemko14:15
openstackgerritMerged openstack/openstack-ansible-os_masakari master: Replace deprecated host param for monitors  https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/78924314:16
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/79003414:16
openstackgerritMerged openstack/openstack-ansible-os_masakari master: Add masakari-introspectiveinstancemonitor support  https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/78924414:16
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_cinder master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/79003514:16
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_neutron master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/79003614:17
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_nova master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/79003714:18
openstackgerritJonathan Rosser proposed openstack/ansible-role-pki master: WIP - Create server certificates  https://review.opendev.org/c/openstack/ansible-role-pki/+/78802114:19
vakuznetjrosser: https://opendev.org/openstack/keystone/commit/105f95795f661f8106b3f33b87662024e5bf6dcb  might be a reason14:21
openstackgerritMerged openstack/openstack-ansible-os_aodh master: [goal] Deprecate the JSON formatted policy file  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/78084414:25
vakuznetnoonedeadpunk: commit references python-ldap-3.3.0 in commit message14:27
noonedeadpunkfor U it's already 3.2.0....14:29
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: WIP - Use external PKI role to manage haproxy self-signed certificates  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/79007814:29
noonedeadpunkbut still not 3.3.014:29
noonedeadpunkso it's has been not wises backport I guess....14:30
noonedeadpunkI think worth reaching them in #openstack-keystone14:31
fridtjof[m]hey again, in the setup-openstack stage of osa victoria right now, and I think I've hit a bug or misconfiguration14:31
jrossernoonedeadpunk: serious patch here https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/79007814:31
jrossernoonedeadpunk: it needs to support 1) user supplied certs 2) standalone use of haproxy_server role 3) haproxy_server role used in OSA 4) Certbot14:32
* jrosser head hurts14:32
noonedeadpunkshould it have depends-on?14:32
fridtjof[m]it gets past the keystone bootstrap step, and then waits for keystone to come up by checking http://<internal lb vip>:5000 for a valid response14:32
jrosseryeah :) well spotted!14:32
fridtjof[m]haproxy only serves https though, so this never succeeds - why would it try to talk HTTP here?14:33
vakuznet‌/join #openstack-keystone14:33
fridtjof[m]looking at the relevant variable here: https://opendev.org/openstack/openstack-ansible-os_keystone/src/branch/stable/victoria/defaults/main.yml#L16714:34
jrosserfridtjof[m]: in the standard configuration haproxy serves http on the internal endpoint14:34
jrosserand https on the external endpoint14:34
fridtjof[m]....oh14:34
fridtjof[m]let's continue with another question - do i need both an external and internal lb VIP?14:35
jrosserso i think here the debug steps are to try to replicate the request to internal_vip:5000 with curl14:35
fridtjof[m]In my environment there's not really a distinction14:35
jrossershort answer is yes14:35
fridtjof[m](my issue here is that I set both to the same IP then)14:35
jrosserah right, thats not going to work14:35
jrosseryou can't bind to the same port on the same IP for both the http and https services14:36
fridtjof[m]alright, i'll just change the external one to be another IP then14:36
fridtjof[m]of course, yeah14:36
fridtjof[m]thanks a lot for the pointer in the right direction :D14:37
jrosserno worries14:38
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: WIP - Use external PKI role to manage haproxy self-signed certificates  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/79007814:42
openstackgerritMerged openstack/openstack-ansible-os_aodh master: Updated from OpenStack Ansible Tests  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/78684214:47
openstackgerritMerged openstack/openstack-ansible-os_aodh master: [reno] Stop publishing release notes  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/77202314:47
noonedeadpunkvakuznet: in the meanwhile I believe you can try setting higher python-ldap version in `global-requirement-pins.txt`14:48
openstackgerritMerged openstack/openstack-ansible-specs master: Protecting plaintext configs  https://review.opendev.org/c/openstack/openstack-ansible-specs/+/78882914:49
vakuznetnoonedeadpunk: i'll try. python-ldap bumped to 3.3.1 in victoria. ussuri might have the same issue.14:56
noonedeadpunkoh... what python version do you have in venv?15:00
noonedeadpunkvakuznet: are you running centos? (sorry mixed channels)15:02
noonedeadpunkvakuznet: you can try setting `openstack_venv_python_executable: python3` as well, since nowadays centos 7 shipps py36 along with libselinux modules15:07
vakuznet2.7 /openstack/venvs/keystone-20.2.5/lib/python2.715:09
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_glance master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/79000615:13
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_keystone master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/79003415:14
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_cinder master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/79003515:15
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_neutron master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/79003615:15
jrosservakuznet: if you want to upgrade to ussri then you'd get a full python3 deployment out of the box even on centos-715:17
*** gyee has joined #openstack-ansible15:26
*** macz_ has joined #openstack-ansible15:35
*** macz_ has quit IRC15:35
*** macz_ has joined #openstack-ansible15:35
*** rpittau is now known as rpittau|afk15:42
jrossernoonedeadpunk: seems haproxy_server role still uses functional tests, thoughs on that?15:44
*** sshnaidm is now known as sshnaidm|afk15:44
noonedeadpunkyeah, I didn't really patched things for infra jobs :(15:45
jrosserok, ill change it15:47
*** oleksandry has quit IRC15:48
*** oleksandry has joined #openstack-ansible15:49
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: WIP - Use external PKI role to manage haproxy self-signed certificates  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/79007815:50
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Use integrated tests for haproxy_server  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/79009015:50
*** oleksandry has quit IRC15:56
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-os_cinder master: Add variables for rabbitmq ssl configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/79003516:02
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: WIP - Use external PKI role to manage haproxy self-signed certificates  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/79007816:15
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Gather minimal facts in CI  https://review.opendev.org/c/openstack/openstack-ansible/+/79004216:24
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Don't collect virtual facts  https://review.opendev.org/c/openstack/openstack-ansible/+/78992616:26
noonedeadpunkok, yes, that's kind of real situyation what we have out of ci right now https://review.opendev.org/c/openstack/openstack-ansible/+/790042/216:27
fridtjof[m]huh. I have separate external/internal VIPs now, but only the internal one works (but with HTTPS??). I can see on both infra hosts that neither of them has the external IP configured17:09
fridtjof[m]Both IPs are in the same subnet, and their _interface vars both have the same interface set. Could this be the problem, aka does it 100% expect there to be two interfaces?17:10
*** ThiagoCMC has joined #openstack-ansible17:11
*** andrewbonney has quit IRC17:13
*** macz_ has quit IRC17:15
fridtjof[m](or could it be caused by some idempotency issue? I just ran the playbooks again instead of reinstalling all half-deployed hosts)17:15
noonedeadpunkit can be the same interface, but must be different ip addresses17:18
noonedeadpunkworth checking keepalived, since it's responsible for handling VIPs17:18
fridtjof[m]ah, restarting keepalived did it17:26
fridtjof[m]looks to be working! :)17:28
fridtjof[m](should maybe wait for system testing tomorrow :P hope it's smooth sailing for that)17:30
*** macz_ has joined #openstack-ansible17:34
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible master: Split keepalived liveness checks for internal/external networks  https://review.opendev.org/c/openstack/openstack-ansible/+/78237417:36
jrossernoonedeadpunk:  i'm not really knowing what to suggest next here https://review.opendev.org/c/openstack/openstack-ansible/+/78803117:37
jrosserargh17:37
jrosserhere http://lists.openstack.org/pipermail/openstack-discuss/2021-May/022313.html17:37
jrosseri can't really decide if it's user error / ansible bug / failing to restart apache after disabling the shib mod.......17:39
noonedeadpunkoh, well I tried to follow it17:40
openstackgerritMerged openstack/openstack-ansible master: Increase backend_fall value for haproxy_letsencrypt_service  https://review.opendev.org/c/openstack/openstack-ansible/+/79005117:40
noonedeadpunkhaven't seen this specific reply though17:40
jrosseri'm not sure if --extra-vars '{"keystone_sp_distro_packages":["libapache2-mod-auth-openidc"]}'” is on a fresh deploy or somehow that fixes an exsiting one17:46
noonedeadpunkI'd bet that would be fresh one17:46
jrosseryeah, i think you're right17:46
jrosseri replicated the logic in a test playbook to make sure we didnt have some var_foo | ternary('true', 'false') thing always evaulating to true17:47
jrosserand it looked ok17:47
noonedeadpunkok, so. despite mod-auth-openidc and mod-shib are not conflicting based on the curl, they still should not be enabled at the same time, right?17:47
jrosserthe complexity is on bionic where you cannot have both becasue of libcurl3/417:48
jrosserbut on focal it is fine for both to be installed17:48
jrosserwe've not tested that here (not got a focal deploy yet)17:48
jrosseri guess i could drop our keystone OIDC config into an AIO though17:49
noonedeadpunkoh, ok, so this should disable module https://opendev.org/openstack/openstack-ansible-os_keystone/src/branch/master/tasks/keystone_apache.yml#L48-L5717:49
jrosseryes, thats right17:49
jrosserand it should restart apache when it's done that17:50
noonedeadpunkoh, hm17:55
noonedeadpunkFirst thing I don't like is shibd.service which is enabled. I'm not sure we disable it somewhere later?17:59
noonedeadpunkthe second is that when I try to remove module, after apache installation, it jsut fails18:00
noonedeadpunk"Error executing /usr/sbin/apache2ctl: AH00526: Syntax error on line 6 of /etc/apache2/conf-enabled/shib.conf:\nInvalid command 'ShibCompatValidUser', perhaps misspelled or defined by a module not included in the server configuration\n"}18:00
noonedeadpunkso feels like we need to clean up /etc/apache2/conf-enabled/shib.conf as well when keystone_sp_apache_mod_shib is false18:01
noonedeadpunksomewhere right after installation18:01
jrosserthere doesnt seem to be an ansible module for that18:03
jrosseris there some extra dependancy we're getting aside from the apache module?18:03
noonedeadpunkno, not really. I think it's part of the package18:08
noonedeadpunkhttps://packages.ubuntu.com/focal/amd64/libapache2-mod-shib/filelist18:09
jrosserah no shibd.service18:10
noonedeadpunkah, wait, yes, extra requirements18:10
noonedeadpunkhttp://paste.openstack.org/show/805009/18:11
noonedeadpunkI think main issue we have is indeed presence of /etc/apache2/conf-enabled/shib.conf once module is disabled18:12
noonedeadpunkso apache fails to restart18:12
jrosserthere doesnt seem to be an ansible a2enconf type module18:12
* jrosser away18:13
noonedeadpunklet's probably just unlink then... dunno...18:16
*** zul_ has joined #openstack-ansible18:56
openstackgerritDamian Dąbrowski proposed openstack/openstack-ansible stable/victoria: Increase backend_fall value for haproxy_letsencrypt_service  https://review.opendev.org/c/openstack/openstack-ansible/+/79015819:56
*** recyclehero has joined #openstack-ansible20:02
*** dirk has quit IRC20:31
*** zul_ has quit IRC21:55
*** macz_ has quit IRC23:14
*** tosky has quit IRC23:17
*** rh-jelabarre has quit IRC23:37
« Wednesday, 2021-05-05 Index Friday, 2021-05-07 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!