| *** gmann_afk is now known as gmann | 00:35 | |
| noonedeadpunk | spatel: well, it's epel design to start from scratch for each release. And depends only on package maintainers if and when package will appear on EPEL | 02:42 |
|---|---|---|
| noonedeadpunk | So eventually package might be maintained, released for el6,el7,el8 and all new fedoras, but it doesn't mean that it will be for el9, despite for fedonra34 it's there | 02:43 |
| noonedeadpunk | But I'm not sure it means we should bring in mess to ubuntu as well because of that :D | 02:43 |
| *** ianw is now known as ianw_pto | 07:55 | |
| noonedeadpunk | 24.0.0 has finally landed! | 08:45 |
| noonedeadpunk | well, that was wrong section for release note https://docs.openstack.org/releasenotes/openstack-ansible/xena.html#security-issues | 08:49 |
| noonedeadpunk | because it's feature, not issue... | 08:51 |
| noonedeadpunk | I wonder if we can change that now... | 08:51 |
| damiandabrowski[m] | good job guys! | 09:20 |
| jrosser_ | “OVN-related endpoints will be completely removed in the Z release” in the release notes, should that actually be Y? | 09:20 |
| noonedeadpunk | well, depends on how long we want to carry legacy :) | 09:36 |
| noonedeadpunk | huh, ansible 2.12 failed on centos with lxc just on tempest execution... | 10:11 |
| noonedeadpunk | `ModuleNotFoundError: No module named 'libvirtmod'` | 10:12 |
| noonedeadpunk | in compute... | 10:12 |
| jrosser_ | that would need this to work out as expected https://github.com/openstack/openstack-ansible-os_nova/search?q=nova_compute_kvm_packages_to_symlink | 10:17 |
| jrosser_ | i wonder if the libvirt python bindings are specific to the python version | 10:17 |
| jrosser_ | we are also very specific on the version here https://github.com/openstack/openstack-ansible-os_nova/blob/master/vars/redhat.yml#L77 | 10:20 |
| noonedeadpunk | I bet they are, as well as ceph ones as well | 10:33 |
| noonedeadpunk | I'm surprised about lxc though | 10:35 |
| noonedeadpunk | but I think we're trying to run 3.8 only for deploy now, it's just aio that results in compute using 3.8 as well. | 10:36 |
| noonedeadpunk | (but we likely should run 3.8 everywhere) | 10:38 |
| admin1 | \o/ .. will be testing 24.0.0 on lab . | 10:55 |
| jrosser_ | noonedeadpunk: maybe we do the wrong thing for now with setting the system default python to 3.8 on centos | 11:05 |
| jrosser_ | perhaps leaving that as default, and making a different workaround for ensuring ansible-runtime is 3.8 would be better | 11:06 |
| jrosser_ | particuarly as i think that some people use infra1 as the deploy host so thats going to go kind of broken for them if we need to keep the services on 3.6 | 11:06 |
| noonedeadpunk | jrosser_: oh, well, I just saw Yoga without that patch https://review.opendev.org/c/openstack/governance/+/820195/3/reference/runtimes/yoga.rst | 11:08 |
| noonedeadpunk | so I kind of thought that 3.6 is not supported for Y | 11:08 |
| noonedeadpunk | so yes, I agree that we should jsut use it for runtime | 11:09 |
| noonedeadpunk | but I'd say that replacing virtualenv with venv might be still good idea? | 11:10 |
| jrosser_ | worth checking the ML about 3.6, I have a feeling that the RH people realised they backed themselves into a corner | 11:13 |
| jrosser_ | yes I think we should drop the use of virtualenv | 11:14 |
| noonedeadpunk | Just briefly checked and yeah, they resulted in that patch | 11:15 |
| jrosser_ | now that the python release cadence is >> faster than RHEL this is going to be interesting to see how they deal with that in the future | 11:15 |
| noonedeadpunk | but I kind of dunno what they were expecting... | 11:15 |
| noonedeadpunk | Might be stream concept would help them.... | 11:16 |
| noonedeadpunk | to be fair - ubuntu does not bringing in modules as well while adding new python versions timely | 11:17 |
| noonedeadpunk | it's just releasing faster then python goes to eol:) | 11:17 |
| noonedeadpunk | wow, we still do have suse in bootstrap-ansible... | 11:19 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use the python venv module to build the ansible runtime venv https://review.opendev.org/c/openstack/openstack-ansible/+/822273 | 11:20 |
| noonedeadpunk | doh, we haven't merged https://review.opendev.org/c/openstack/openstack-ansible/+/782557 | 11:21 |
| *** dviroel|afk is now known as dviroel | 11:24 | |
| *** sshnaidm|afk is now known as sshnaidm | 11:26 | |
| jrosser_ | it needs a fix, removed an extra 'fi' in the most recent PS | 11:27 |
| noonedeadpunk | yeah, saw that... | 11:27 |
| jrosser_ | and likley a fairly big rebase in light of the other patches to remove OS | 11:27 |
| noonedeadpunk | (just saw that) | 11:27 |
| noonedeadpunk | I kind of thought it's merged for X | 11:28 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use python3.8 for CentOS 8 https://review.opendev.org/c/openstack/openstack-ansible/+/822260 | 11:39 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [WIP] Update ansible-core to 2.12.1 https://review.opendev.org/c/openstack/openstack-ansible/+/822063 | 11:39 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [WIP] Update ansible-core to 2.12.1 https://review.opendev.org/c/openstack/openstack-ansible/+/822063 | 11:39 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Remove references to unsupported operating systems https://review.opendev.org/c/openstack/openstack-ansible/+/782557 | 11:47 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use python3.8 for CentOS 8 https://review.opendev.org/c/openstack/openstack-ansible/+/822260 | 11:53 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [WIP] Update ansible-core to 2.12.1 https://review.opendev.org/c/openstack/openstack-ansible/+/822063 | 11:53 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Remove references to unsupported operating systems https://review.opendev.org/c/openstack/openstack-ansible/+/782557 | 11:55 |
| opendevreview | James Gibson proposed openstack/openstack-ansible-os_nova master: Disable TLS on VNC by default https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/822663 | 12:03 |
| opendevreview | James Gibson proposed openstack/openstack-ansible master: Update notes on how to enable TLS for VNC https://review.opendev.org/c/openstack/openstack-ansible/+/822690 | 12:14 |
| opendevreview | James Gibson proposed openstack/openstack-ansible master: Update notes on how to enable TLS for VNC https://review.opendev.org/c/openstack/openstack-ansible/+/822690 | 12:15 |
| kleini | Reading W release notes: Do I need a migration in a running deployment from iptables_hybrid to openvswitch for neutron_firewall_driver? | 12:30 |
| noonedeadpunk | JamesGibo: am I right that if you upgrade with nova_qemu_vnc_tls enabled, you won't be able to run openstack console url get? | 12:30 |
| noonedeadpunk | or at least console wont work? | 12:30 |
| kleini | Trying to answer my own question: As the firewall driver is only configured on neutron agent nodes, switching the driver should at least be possible when taking that node out of production. | 13:23 |
| JamesGibo | noonedeadpunk: You won't be able to access existing VM's until they are either migrated or rebooted, console access to new VMs will work | 13:42 |
| noonedeadpunk | so it's not that vms are really broken, and there're 2 solutions for that | 13:42 |
| noonedeadpunk | either to disble tls or restart VM if you want to go safe | 13:43 |
| noonedeadpunk | So I'd actually vote to leave it enabled by default | 13:43 |
| JamesGibo | Yeah, the VM's will be running fine, its just you can't use the VNC server | 13:44 |
| noonedeadpunk | and live migration I guess should work as well? | 13:44 |
| JamesGibo | Ok, should I leave enabled and just add an release note issue to the xena branch? | 13:45 |
| noonedeadpunk | yeah, I'd say to do that tbh | 13:45 |
| JamesGibo | Yeah that is not affected | 13:45 |
| noonedeadpunk | jrosser_: wdyt? | 13:45 |
| jrosser_ | seems reasonable, the release note can say what to do to disable vnc tls if it's important to anyone, i guess some things can't migrate (sriov, gpu...) | 13:47 |
| jamesdenton | kleini switching from iptables_hybrid to openvswitch firewall driver is doable in production, but you will have to script out veth/bridge/vif stuff | 14:09 |
| jamesdenton | and possibly stop/start or hard reboot instances to get the xml where it needs to be | 14:10 |
| kleini | jamesdenton: thanks. so I will stick to evacuating a host before switching the firewall driver for it | 14:16 |
| jamesdenton | are you currently doing that now? | 14:17 |
| kleini | nope, I am still planing my upgrade to W | 14:18 |
| admin1 | what could be some good reasons to switch from iptables -> ovs firewall ? | 14:21 |
| opendevreview | James Gibson proposed openstack/openstack-ansible-os_nova stable/xena: Add release note issue for no console access when TLS for VNC enabled https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/822713 | 14:23 |
| opendevreview | James Gibson proposed openstack/openstack-ansible master: Update notes on how to enable TLS for VNC https://review.opendev.org/c/openstack/openstack-ansible/+/822690 | 14:29 |
| noonedeadpunk | wow, that is good actually https://review.opendev.org/c/openstack/openstack-ansible/+/822063 | 14:45 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Update ansible-core to 2.12.1 https://review.opendev.org/c/openstack/openstack-ansible/+/822063 | 14:48 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Update ansible-core to 2.12.1 https://review.opendev.org/c/openstack/openstack-ansible/+/822063 | 14:52 |
| *** dviroel is now known as dviroel|lunch | 15:41 | |
| noonedeadpunk | So, we stuck atm with zun https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/820679 | 15:51 |
| noonedeadpunk | hm... | 15:51 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_zun master: [DNM] https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/822728 | 15:54 |
| *** dviroel|lunch is now known as dviroel | 16:39 | |
| noonedeadpunk | damn, we're blocked with adjutant.... | 16:42 |
| noonedeadpunk | we probably should filter django there.... | 16:48 |
| noonedeadpunk | oh damn... and we should backport neutron filtering to xena I believe | 16:48 |
| noonedeadpunk | ah. no, we fixed that in master as well | 16:53 |
| jrosser_ | adjutant looks like a bug? the django version in u-c is outside the range in their requirements | 16:54 |
| noonedeadpunk | yeah | 16:54 |
| noonedeadpunk | I doubt they will fllow that tbh | 16:54 |
| noonedeadpunk | *follow | 16:54 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_adjutant master: Filter out Django version https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/822745 | 16:58 |
| kleini | admin1: release notes for W promise increasing scalability and performance with security groups as flows in OVS | 17:17 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_adjutant master: Remove static parameter for import https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/822256 | 18:06 |
| *** dviroel is now known as dviroel|afk | 19:31 | |
| admin1 | jamesdenton, if i read one of your books online on packt subscription, do you get paid for it ? | 22:16 |
| admin1 | i already have your signed book, but if you do get paid, i can click and read it there :) | 22:16 |
| jamesdenton | good question... probably | 22:34 |
| jamesdenton | in a few years i can buy a coffee :D | 22:35 |
| admin1 | :D | 22:46 |
| admin1 | next time i meet you, coffee on me then .. | 22:46 |
| jamesdenton | sounds good :) | 22:48 |
| jamesdenton | hopefully the book is still useful, sorta long in the tooth, as they say | 22:48 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!