| snadge | https://arstechnica.com/gadgets/2021/06/centos-replacement-distro-rocky-linuxs-first-general-release-is-out/ | 05:57 |
|---|---|---|
| snadge | i might be able to help test and look into supporting that | 05:58 |
| snadge | looking into stream support currently, need to use an elrepo kernel to support the hardware, which is a little sketchy | 05:59 |
| noonedeadpunk | mornings | 05:59 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova stable/train: Use version from repo_packages for SPICE HTML5 https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/797312 | 06:00 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova stable/train: Use version from repo_packages for SPICE HTML5 https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/797312 | 06:01 |
| arxcruz | noonedeadpunk: morning, when you have time, please https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/796818 :) | 06:29 |
| arxcruz | jrosser: ^ | 06:29 |
| noonedeadpunk | arxcruz: well, honestly, I still feel unsure about this patch. | 06:29 |
| noonedeadpunk | As eventually I'd love tests to fail when we don't have tests in the list, instead of passing them and testing basically nothing | 06:30 |
| arxcruz | noonedeadpunk: what can i do? We have a implementation that will avoid this | 06:30 |
| arxcruz | but it will take some time for us to implement it competelly | 06:30 |
| arxcruz | noonedeadpunk: and we will set the variable that set the extra test on our side | 06:30 |
| arxcruz | after we implement our include list, i remove it from os_tempest | 06:31 |
| noonedeadpunk | ah, ok, you commented default out | 06:31 |
| noonedeadpunk | sorry missed that change ( | 06:31 |
| arxcruz | np | 06:31 |
| noonedeadpunk | arxcruz: and why we do https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/796818/5/tasks/tempest_run.yml change? | 06:34 |
| noonedeadpunk | so we don't want test-lisdt to be generated when tempest fails? | 06:38 |
| opendevreview | Arx Cruz proposed openstack/openstack-ansible-os_tempest master: Add tempest_test_extra_test variable https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/796818 | 06:48 |
| *** rpittau|afk is now known as rpittau | 07:06 | |
| jrosser | morning | 07:15 |
| jrosser | noonedeadpunk: what more do we need to do for a release? did you get on OK with the requests CA bundle stuff? | 07:22 |
| noonedeadpunk | jrosser: I think that's the only thing I would love to land before branching | 07:23 |
| jrosser | i see you have -W on it, was there still some to do? | 07:23 |
| noonedeadpunk | but nope, I haven't finished it | 07:23 |
| noonedeadpunk | eventually integrated repo fails CI | 07:24 |
| noonedeadpunk | with the same issue with requests | 07:24 |
| noonedeadpunk | https://review.opendev.org/c/openstack/openstack-ansible/+/796809 | 07:24 |
| * jrosser looks | 07:25 | |
| jrosser | so just so i understand, this is making the internal VIP SSL too | 07:25 |
| noonedeadpunk | also I haven't tested if my patch breaks user provided SSL or not | 07:25 |
| jrosser | what about the services themselves? | 07:26 |
| jrosser | i wonder if ansible tasks have /etc/environment available | 07:29 |
| noonedeadpunk | well in sandbox they were working, but I did some manuall stuff as well there, so need to clean up environment and try again | 07:29 |
| jrosser | as it's failing on running an ansible module on the utility host rather than one of the services failing | 07:30 |
| jrosser | noonedeadpunk: doh https://github.com/openstack/openstack-ansible-openstack_hosts/blob/master/tasks/main.yml#L134 | 07:35 |
| noonedeadpunk | ok, I thought about smth like that..... | 07:35 |
| noonedeadpunk | well, yes, services seem to fail anyway on centos :( | 08:16 |
| noonedeadpunk | weird though - I checked urllib3 directly and it worked with system trust nicely :( | 08:17 |
| noonedeadpunk | and cinder seems to fail to reach with urllib https://zuul.opendev.org/t/openstack/build/af90691573184edc94ea50274a7b6ded/log/logs/host/cinder-api.service.journal-16-29-07.log.txt#3517 | 08:17 |
| arxcruz | jrosser: noonedeadpunk now should be working :) | 10:39 |
| opendevreview | Merged openstack/openstack-ansible-os_nova stable/stein: Use version from repo_packages for SPICE HTML5 https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/797293 | 11:03 |
| *** prometheanfire is now known as Guest184 | 12:25 | |
| *** ChanServ changes topic to "Launchpad: https://launchpad.net/openstack-ansible || Weekly Meetings: https://wiki.openstack.org/wiki/Meetings/openstack-ansible || Review Dashboard: http://bit.ly/osa-review-board-v3" | 12:29 | |
| opendevreview | Merged openstack/openstack-ansible-os_nova stable/ussuri: Use version from repo_packages for SPICE HTML5 https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/797272 | 12:47 |
| dmsimard | o/ btw in case you missed it, the next Ansiblefest is Sept 29-30th and the CFP is open until June 29th if you'd like to propose a talk | 13:01 |
| noonedeadpunk | o/ | 13:11 |
| noonedeadpunk | it's remote I guess again? | 13:11 |
| dmsimard | noonedeadpunk: yeah, no choice with the pandemic at various levels of control worldwide but things are looking up so I think we can hope for the next one to be in person | 13:33 |
| dmsimard | there's pros and cons to remote conferences but I think the virtual conference fatigue is real | 13:34 |
| noonedeadpunk | yeah, I mean such kind of conferences is usually more about hanging out even, and getting some info out of sessions rather then on sessions | 13:35 |
| dmsimard | the famous hallway track, yes :) | 13:36 |
| spotz | We should be back in person in 2022 | 13:43 |
| * noonedeadpunk can't wait for it | 13:44 | |
| spotz | I'm crossing fingers to be at Open Sourrce Summit end of September, no longerr in Dublin though:( | 13:45 |
| spotz | I am planning on another virtual social at the PTG, folks enjoyed it last time | 13:49 |
| opendevreview | Merged openstack/openstack-ansible master: [doc] Add OS compatability matrix https://review.opendev.org/c/openstack/openstack-ansible/+/789376 | 14:11 |
| fridtjof[m] | it's compat_i_bility, no one caught it :( | 14:54 |
| noonedeadpunk | doh.... | 15:01 |
| noonedeadpunk | fridtjof[m]: would you like to suggest patch with fix?:) | 15:01 |
| noonedeadpunk | #startmeeting openstack_ansible_meeting | 15:02 |
| opendevmeet | Meeting started Tue Jun 22 15:02:12 2021 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:02 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:02 |
| opendevmeet | The meeting name has been set to 'openstack_ansible_meeting' | 15:02 |
| noonedeadpunk | #topic rollcall | 15:02 |
| noonedeadpunk | o/ | 15:02 |
| *** Guest184 is now known as prometheanfire | 15:10 | |
| noonedeadpunk | #topic office hours | 15:12 |
| noonedeadpunk | So currently what holds us a bit is haproxy patch https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/796940 regarding SSL. I didn't have any time today but going to spend next few days on landing stuff | 15:13 |
| noonedeadpunk | Also, I'm going to push deprecation patch for nspawn repos tomorrow (before branching) | 15:18 |
| noonedeadpunk | I should have done far ago but clean forgot about it | 15:18 |
| noonedeadpunk | another topic is monasca - there're patches that were internaly tested and should be working I guess. They need some work at glance, but hope they should be doable | 15:21 |
| noonedeadpunk | https://review.opendev.org/c/openstack/openstack-ansible-os_monasca/+/796616 and https://review.opendev.org/c/openstack/openstack-ansible-os_monasca-agent/+/796620 | 15:21 |
| noonedeadpunk | It's basiucally re-adding roles in state they were with some adjustments from what I already saw | 15:22 |
| noonedeadpunk | I think I will take a look on them once we release | 15:29 |
| jrosser | o/ hello | 15:30 |
| noonedeadpunk | \o/ | 15:31 |
| jrosser | i will try to find some time to look again at the SSL stuff | 15:34 |
| jrosser | though this will be tomorrow | 15:34 |
| noonedeadpunk | I think it's super close actually, but yeah, I will most likely ping you asking for some advice :) | 15:35 |
| noonedeadpunk | I believe I should have enough time tomorrow for that, if nothing else will happen | 15:35 |
| jrosser | the idea is to make the internal VIP https as well? | 15:36 |
| noonedeadpunk | I think so. otherwise we will test nothing | 15:36 |
| noonedeadpunk | as we use internal only everywhere | 15:37 |
| noonedeadpunk | eventually how I saw that smth weird is going on - senlin tempest patch - it was still failing tempest because of untrusted SSL | 15:38 |
| jrosser | oh yes and the whole business with tempestconf too | 15:38 |
| noonedeadpunk | yeah | 15:38 |
| noonedeadpunk | so I think internal vip over ssl is a good marker and test for pki role at least | 15:39 |
| jrosser | theres also another step later, to make the services in the venvs be https too | 15:39 |
| noonedeadpunk | well, yes... but lets at least make services be happy with haproxy ssl :) | 15:39 |
| noonedeadpunk | it would be a bit more tricky I guess as well | 15:41 |
| noonedeadpunk | eventually I think we mostly need to adjust uwsgi role? | 15:41 |
| noonedeadpunk | hm, might be not so tough... except maybe haproxy balancing part? | 15:42 |
| noonedeadpunk | as we'd need smth like l3 balancing, so we won't be able to figure out if service is alive or returning 500 for $reason (or etc) - as far as uwsgi listens on port it will be considered as okeyish | 15:44 |
| jrosser | i think we can have haproxy act as MITM | 15:47 |
| jrosser | decrypt/re-crypt and stay as L7 LB | 15:47 |
| noonedeadpunk | I wonder if it makes sense to cover services with ssl.... | 15:49 |
| jrosser | https://www.gilesorr.com/blog/reencrypting-haproxy.html | 15:49 |
| jrosser | i guess it depends what paperwork you need to comply with | 15:49 |
| noonedeadpunk | well, yes | 15:50 |
| noonedeadpunk | I think that encrypting live migrations might be more interesting goal though, but dunno... | 15:51 |
| noonedeadpunk | anyway agree, that cover services with SSL should be implemented | 15:51 |
| noonedeadpunk | as well as adding some support for toolings for managing CA | 15:52 |
| noonedeadpunk | but yeah, let's handle at least what we already have :) | 15:53 |
| noonedeadpunk | #endmeeting | 16:00 |
| opendevmeet | Meeting ended Tue Jun 22 16:00:19 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:00 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2021/openstack_ansible_meeting.2021-06-22-15.02.html | 16:00 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2021/openstack_ansible_meeting.2021-06-22-15.02.txt | 16:00 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2021/openstack_ansible_meeting.2021-06-22-15.02.log.html | 16:00 |
| *** rpittau is now known as rpittau|afk | 17:11 | |
| fridtjof[m] | noonedeadpunk: I was about to, but realized i'm not familiar enough with the gerrit workflow to do it quickly %) and the interactive step-by-step doesn't suggest the repo to me when searching for it | 18:41 |
| fridtjof[m] | so unlikely to happen today... | 18:41 |
| fridtjof[m] | (re fixing the docs typo) | 18:41 |
| noonedeadpunk | that is super simple actually:) | 18:44 |
| noonedeadpunk | eventually there's a doc regarding how to setup gerrit account (you need to login, add ssh key, set username, install git-review python package in short) https://docs.openstack.org/contributors/common/setup-gerrit.html | 18:46 |
| noonedeadpunk | once that is done - you clone repo, do change, do commit, run `git-review`, profit. https://docs.openstack.org/contributors/code-and-documentation/using-gerrit.html | 18:46 |
| spatel | noonedeadpunk i found very strange issue, when i was trying to upgrade my lab env to minor version of victoria it removed /etc/openstack_deploy/group_vars and host_var directories | 19:10 |
| spatel | is that normal ? | 19:11 |
| noonedeadpunk | if you re-ran bootstrap-aio.sh, it could be | 19:18 |
| noonedeadpunk | as it was never designed to be able to re-run without breaking things (and cleanly deploing self) | 19:19 |
| spatel | hmm i was following upgrade doc | 19:20 |
| spatel | my lab isn't aio, its multi-node | 19:21 |
| spatel | close to production | 19:21 |
| spatel | i was following this steps - https://docs.openstack.org/openstack-ansible/ocata/upgrade-guide/minor-upgrade.html | 19:22 |
| jrosser | a minor upgrade doesn’t touch the config | 19:38 |
| opendevreview | Merged openstack/openstack-ansible-os_tempest master: Add tempest_test_extra_test variable https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/796818 | 20:40 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!