Wednesday, 2022-01-26

« Tuesday, 2022-01-25 Index Thursday, 2022-01-27 »
noonedeadpunkso infra upgrade jobs seem to fail for $reason....07:44
noonedeadpunkwhich I bet is related to the plugins repo and some env that is set07:44
jrossermorning07:54
damiandabrowski[m]hey!07:54
jrossernoonedeadpunk: do you mean for everything or for https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/824042 ?07:54
jrosserbecasue i think i know what is wrong with the xinetd patch07:54
noonedeadpunkI saw some failurte for lxc07:54
jrosserah ok07:54
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/82434507:55
noonedeadpunkah, yes, it's different indeed07:57
jrosserwe had to fix that already didnt we07:57
jrosserthis https://zuul.opendev.org/t/openstack/build/7b49679fc0514ccb92edf4e98b1e5efb/log/job-output.txt#24105-2410907:57
jrosserfeels like we have old plugins with new ansible, or something like that07:57
noonedeadpunkBut rabbit fails same way https://zuul.opendev.org/t/openstack/build/15bffe62909843bc9c75ef934e0e74cb/log/job-output.txt#2383407:58
noonedeadpunkyes, exactly. And I can blame several things. First of all,  we changed ANSIBLE_TRANSPORT https://opendev.org/openstack/openstack-ansible/src/branch/master/scripts/openstack-ansible.rc#L5007:58
noonedeadpunkAnd we should unset this during run_upgrade https://opendev.org/openstack/openstack-ansible/src/branch/master/scripts/run-upgrade.sh#L17307:59
jrosserit no longer has this https://github.com/openstack/openstack-ansible-plugins/commit/5b2b38ea1cf2554b081e9638423d3d6b06308ec408:00
noonedeadpunkAs I guess that /etc/ansible/roles/plugins is used as transport and not collection08:01
noonedeadpunkAnd we stopped managing that path 08:02
noonedeadpunkLikely we should just drop it during upgrade, but well, not sure it will fix issue08:02
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Use openstack.cloud.config module instead of deprecated os_client_config  https://review.opendev.org/c/openstack/openstack-ansible/+/82642308:03
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Test infra upgrade  https://review.opendev.org/c/openstack/openstack-ansible/+/82642408:06
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Test infra upgrade  https://review.opendev.org/c/openstack/openstack-ansible/+/82642408:07
noonedeadpunkand eventually, we just ran whole setup-infrastructure without any issues... 08:13
jrosserthough the play exits and the first task fails08:20
jrosserso it may pick up different environment / config for ansible at that point08:20
jrosser*previous play08:20
noonedeadpunkso like ENV is persistant in scope of gate-check-commit.sh?08:21
noonedeadpunkand unset inside included script doesn't really affect it?08:21
jrosserif we set environment in a shell called by gate-check-commit, once that completes, it wont persist08:22
jrosseryou can't change the parent environment08:22
noonedeadpunkwe;re trying to unset instead. But I guess it still applies08:23
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-galera_server master: Convert xinetd clustercheck to systemd socket service  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/82404208:25
noonedeadpunkdamiandabrowski[m]: where did you catched this error you mentioned in https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/826345/1 ?08:26
noonedeadpunk*have you catched08:27
noonedeadpunkah, bullseye08:27
damiandabrowski[m]sorry, i should have be more specific ;) 08:27
noonedeadpunkyeah, for it we use special case as no external repo existed...08:28
noonedeadpunklikely that is not the case anymore08:29
noonedeadpunkoh.... So if you run unset inside script, it's not really applied to ENV....08:31
noonedeadpunkie https://paste.opendev.org/show/812361/08:32
noonedeadpunkwell, I didn't know that...08:32
noonedeadpunksomehow08:32
noonedeadpunkbut it works if you source instead08:33
*** anbanerj is now known as frenzyfriday08:35
jrossersource executes it in the current shell i think?08:37
noonedeadpunkyeah,  I guess it's the difference indeed08:38
starbornTime appropiate greeetings.  I am very very late to the party and really hate to ask this: Why has the nspawn support been deprecated? Any technical reasons?08:40
noonedeadpunkstarborn: not compatible with centos and lack of contributors/maintainers for it08:45
jrosseri think we maybe had one person we know of try it out08:46
starbornI see. Thanks for the information.08:48
jrosserit really is a long time ago but wasn't there also an issue that nspawn containers had much more limited networking08:50
jrosserlike you couldn't describe that it had multiple interfaces in the config08:50
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Test infra upgrade  https://review.opendev.org/c/openstack/openstack-ansible/+/82642409:09
opendevreviewMerged openstack/openstack-ansible-os_aodh master: Ensure libxml2 is installed on debian systems  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/82631110:05
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_nova master: Use ssh_keypairs role to generate cold migration ssh keys  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/82530610:08
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_aodh stable/xena: Ensure libxml2 is installed on debian systems  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/82637810:09
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_aodh stable/wallaby: Ensure libxml2 is installed on debian systems  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/82637910:10
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_aodh stable/victoria: Ensure libxml2 is installed on debian systems  https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/82638010:10
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Test infra upgrade  https://review.opendev.org/c/openstack/openstack-ansible/+/82642411:00
*** dviroel|afk is now known as dviroel11:21
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Use cloudsmith repo for rabbit and erlang  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/82644411:24
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Use cloudsmith repo for rabbit and erlang  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/82644411:25
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Allow different install methods for rabbit/erlang  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/82644511:40
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Update used RabbitMQ and Erlang  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/82644611:45
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Use journald logging for RabbitMQ  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/82634511:46
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-galera_server master: DNM - Add support for centos-9  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/82398312:05
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: WIP - Centos-9 Stream support  https://review.opendev.org/c/openstack/openstack-ansible/+/82341712:06
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-plugins master: Add ssh_keypairs role  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/82511312:08
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Test infra upgrade  https://review.opendev.org/c/openstack/openstack-ansible/+/82642412:26
*** odyssey4me is now known as Guest65212:40
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-galera_server master: DNM - Add support for centos-9  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/82398312:41
mathlinhi, on a Rocky + Ubuntu 18.04 installation and did an regular update on one of the controlplane nodes, now the lxcbr0 has status unknown, Any ideas, seems systemd+udev was updated (still running ifupdown) 13:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Use systemd_service role for overrides  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/82646313:21
opendevreviewAndrew Bonney proposed openstack/openstack-ansible stable/xena: Fix definition of ssl_protocol  https://review.opendev.org/c/openstack/openstack-ansible/+/82638113:25
opendevreviewAndrew Bonney proposed openstack/openstack-ansible stable/wallaby: Fix definition of ssl_protocol  https://review.opendev.org/c/openstack/openstack-ansible/+/82638213:26
opendevreviewAndrew Bonney proposed openstack/openstack-ansible stable/victoria: Fix definition of ssl_protocol  https://review.opendev.org/c/openstack/openstack-ansible/+/82638313:26
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Fix infra scenario repo server cluster  https://review.opendev.org/c/openstack/openstack-ansible/+/82646813:43
jrossermathlin: you could re-run playbooks/lxc-hosts-setup.yml and watch what happens with these tasks https://github.com/openstack/openstack-ansible-lxc_hosts/blob/stable/rocky/tasks/lxc_net.yml14:02
jrosseri would advise in general to get more up to date, we no longer test anything as old as rocky14:03
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Test infra upgrade  https://review.opendev.org/c/openstack/openstack-ansible/+/82642414:22
noonedeadpunkdamn, I really no idea why in the world it's not working as expected ^14:23
mathlinjrosser: we are reinstalling in March, latest LTS and OSA. playbook ran without errors but device still in unknown14:45
jrosseras far as i can see lxcbr0 is managed with ifupdown14:47
jrossera bridge is not up if there is nothing connected to it14:48
jrosserso you could use `brctl show` to see how that is14:48
mathlinso the lxc-containers can't start, maybe i am going the wrong way about this14:49
jrosserthere should be per-container logs in  /var/log/lxc/....14:56
mathlinonly very old logs in there15:00
*** dviroel is now known as dviroel|lunch15:01
NeilHanlonwas doing an install last night and noticed there appears to be a regression in rhel-like systems due to the lxc3.0 COPR repository providing the python3-lxc package for python3.6, but OSA is using python3.8 for ansible-core 2.12. Is that copr owned by someone in the community? 15:35
jrosserit is yes15:42
jrosseroh well "rhel-like community" is what i mean :)15:42
jrosserwe are only using python3.8 in the /opt/ansible-runtime virtualenv for ansible15:43
jrossertasks which are run against localhost should be using the default interpreter, which will be 3.6, precisely because of things like the lxc and selinux bindings15:43
jrosserinteresting if thats not happening though15:44
noonedeadpunkwe could drop smth vital for that to work with centos-8 removal...15:45
noonedeadpunkbut centos-8-stream should still work15:45
jrosserand i think we test this exact setup today on centos-8-stream for both lxc and metal15:46
noonedeadpunkyes, I think indeed we must have 3.8 just for osa venv15:47
jrosserNeilHanlon: ^^15:47
opendevreviewMerged openstack/openstack-ansible-os_horizon master: Adjust default configuration to support TLS v1.3  https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/82394615:47
jrosserdid we ever merge a patch to do 3.8 everywhere and then have to undo it partially?15:48
jrosseri would be surprised if that had passed the tests though15:48
NeilHanlonthe problem is that in that venv, there is no lxc available15:56
jrosserthere should not need to be15:56
NeilHanlonso you end up with `"The `lxc` module is not importable. Check the requirements." centos`15:57
NeilHanlonoh, probably important to mention.. this was an AIO 15:57
jrosserwhat should happen is ansible tasks from the controller (localhost) will ssh to the target (localhost) and use the normal python outside the venv15:57
jrosserthe thing to do will be to check what is happening in our existing CI15:57
jrosserbecasue that uses the *exact* same config as a default setup AIO15:58
NeilHanlongotcha. i will debug it a bit15:58
jrosserit might be interesting to just start an interactive python on the host and try `import lxc` for a real quick sanity check15:58
NeilHanlonhttps://rpa.st/L7GA16:00
jrosserthat looks reasonable16:00
NeilHanlonfrom what I can tell, when it ssh's to the host to run the lxc module, it's running it under python3.8, which doesn't have the lxc module installed16:01
mathlinjrosser: i was way off, turned out that my /var/log/journal/* entries where gone, a quick restore and we are up and running again. Thank you for setting me straight regarding dependencies here. Now to investigate why they where deleted16:05
jrosserNeilHanlon: here is the first attempt we had to use python3.8 on centos-8-stream https://review.opendev.org/c/openstack/openstack-ansible/+/822260/1/scripts/bootstrap-ansible.sh16:08
jrosserthat didnt work, for reasons like the ones you describe16:08
jrosserwhat got merged was this https://review.opendev.org/c/openstack/openstack-ansible/+/822260/4/scripts/bootstrap-ansible.sh16:09
jrosserwhich does not have `alternatives --set python3 /usr/bin/python3.8`16:09
noonedeadpunkthat also required switcxhing to venv from virtualenv16:10
jrosseryes16:10
opendevreviewMerged openstack/openstack-ansible master: Use openstack.cloud.config module instead of deprecated os_client_config  https://review.opendev.org/c/openstack/openstack-ansible/+/82642316:10
jrosserthere is of course also ansible python interpreter discovery at play here16:10
jrosser`ansible aio1 -m debug -a var=ansible_python`16:11
jrosserNeilHanlon: this is on Rocky?16:13
NeilHanlonjrosser, yeah16:15
NeilHanloni see what's happening now16:15
NeilHanlonANSIBLE_PYTHON_INTERPRETER is set to auto, and it's auto-discovering the python3.8 that's installed over the 3.616:15
jrosserit is not a surprise16:16
jrosserthere is spaghetti code inside ansible to choose the interpreter16:16
jrosserand if it doesnt specifically know about the OS then things can be wierd, or do an unexpected fallback16:16
NeilHanlonyeah, for sure16:17
jrosserwe had to deal with this for a previous debian until ansible learned about it properly16:17
NeilHanlongoing to try redoing this with that set explicitly to 3.6 and see how that goes16:18
noonedeadpunkI think we can leverage this somehow https://opendev.org/openstack/openstack-ansible/src/branch/master/scripts/bootstrap-ansible.sh#L15716:18
jrosserthere are clues in here about how we did it for debian buster https://github.com/openstack/openstack-ansible/commit/de16d1434b8529ba0d868baf023be7f39864b488#diff-4506379276173b431eda2adc244386d3d684511adb19e0b65f592ab77eed66b516:19
noonedeadpunkso likely `OSA_ANSIBLE_PYTHON_INTERPRETER` could be defined somewhere near https://opendev.org/openstack/openstack-ansible/src/branch/master/scripts/bootstrap-ansible.sh#L8016:20
noonedeadpunkas we set it to auto explicitly at the beginning of the script (on L58)16:21
*** dviroel|lunch is now known as dviroel16:23
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Fix infra scenario repo server cluster  https://review.opendev.org/c/openstack/openstack-ansible/+/82646816:26
NeilHanlonthank you noonedeadpunk, jrosser. Would it be ok to include that as part of my existing patch for rocky, or should I make a new patch you think?16:28
jrosseryou can either keep a giant patch, or if you want to 'stack' a series of patches on your master branch locally thats also completely possible16:29
noonedeadpunkI don't think why not to update existing one?16:29
noonedeadpunkI'd say without this it's unlikely that CI will pass anyway 16:30
NeilHanlonyep, true16:31
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Fix infra upgrade  https://review.opendev.org/c/openstack/openstack-ansible/+/82642416:48
jrossernoonedeadpunk: what do you make of this https://paste.opendev.org/show/812375/16:59
jrosserprototype of lsyncd converted into native systemd17:00
noonedeadpunkoh, PathChanged ?17:01
opendevreviewMerged openstack/openstack-ansible-os_horizon master: Fix default multidomain choices  https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/82631017:01
jrosseryeah17:01
noonedeadpunkI didn't know that was ever a case...17:01
jrosseri was going to lift the rsync command from the lsyncd debug log and see if it works17:01
jrossersee this https://man7.org/linux/man-pages/man5/systemd.path.5.html17:02
jrosseri expect there is all sorts of corner case handling in lsyncd, but this seems kind of simple17:02
noonedeadpunkand instead script.sh we run rsync?17:03
jrosserwe would need to write bash/python thing to do the rsync17:04
jrosseror in the most trivial case just call it direct17:04
jrosseri don't know if it need to repeatedly rsync until there are no changes17:04
jrosseras during a venv build i expect that the path unit will get triggered many many times17:05
noonedeadpunk`it is activated if the file which was open for writing gets closed` And I don't see any timeout there before running command. Maybe we can define that in repo_sync@.service though17:06
noonedeadpunkLike TimeoutStartSec17:06
jrosseri expect the biggest issue will be race between files being created/changed and the time it takes to rsync17:08
jrosserand if systemd queues up the running of the unit, or just does it one-off17:08
noonedeadpunkAlso I'm not sure I understood part with protection against busy looping17:19
opendevreviewMerged openstack/openstack-ansible-os_tempest master: Define variables for tempest plugins  https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/82612117:19
noonedeadpunkSo they enforce StartLimitIntervalSec and that results in basically stopping of file tracking as well?17:20
jrosserthats a bit unclear isnt it17:21
jrossermaybe i try that17:21
noonedeadpunkbut other then that it feels more convenient to manage at least)17:24
jrosserhttps://paste.opendev.org/show/812377/17:24
jrosserseems sensible17:24
noonedeadpunkand likely we can make this "multi-master" by splitting directories to sync for wheels17:24
noonedeadpunkso it keeps track of files that are changed while it's failing?17:25
jrosseri put StartLimitIntervalSec=5, ran it 10 times quickly, then waited, and ran it once more17:25
jrosserit is a different test to see if if tracks whilst failing17:26
noonedeadpunkah, I see17:26
jrosserwhich i think it does not do17:27
jrosserbut nothing stops us adding a timer unit to this as well17:27
jrosserand you are right, we can use multi master very easily17:27
jrosserand in the 'top level' service file we can specify target IP and architecture, you can have as many parameters as you need i believe17:28
noonedeadpunkso with lsyncd we have delay on running rsync in 15 sec https://opendev.org/openstack/openstack-ansible-repo_server/src/branch/master/templates/lsyncd.lua.j2#L60717:28
jrosserit does say that upon success the path unit will immediatley check again17:29
jrosserit's not so easy to make these simplified unit files with the systemd_service role17:30
jrosserit puts a ton of extra stuff in there17:30
noonedeadpunkwell... we already have templated services....17:30
noonedeadpunkwhat we miss is Path17:31
noonedeadpunkor I'm not seeing hidden troubles?17:32
jrosseri see this with the galera xinetd changes17:32
jrosserwhere i have a socket service that need to call a trivial unit which runs the mysql status check17:32
jrosserbut it does include all sorts of stuff in the j2 template that you can't remove17:32
noonedeadpunkI actually wonder if `ExecStartPre: /usr/bin/sleep 15` will jsut add same delay as lsyncd did?17:33
jrosseroh interesting, yes17:33
jrosseryou can't omit ExecStart17:33
jrosserso the /usr/bin/true is just a hack to keep it there17:33
jrosserwhat i really wanted was some sort of noop unit which just had dependancies on the others17:34
noonedeadpunkwell, it's just matter of `| default([])` here https://opendev.org/openstack/ansible-role-systemd_service/src/branch/master/templates/systemd-service.j2#L35 ?17:35
jrosseroh sorry no, it's an invalid `simple` type unit without it17:35
jrosserfrom systemd POV17:35
noonedeadpunkah17:35
jrosseri've not yet tried to use the systemd_service role to set this up, it's just hand crafted atm17:36
noonedeadpunkbut must it be simple?17:36
noonedeadpunkhm, maybe idle will even fit us....17:39
noonedeadpunkBut seems every type except notify requires ExecStart17:39
noonedeadpunkah, no, everything needs execstart17:42
*** sshnaidm is now known as sshnaidm|afk17:49
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Clean-up systemd overrides removal task  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/82650317:51
jrossernoonedeadpunk: commit message here is interesting https://review.opendev.org/c/openstack/swift/+/82119217:52
jrosseri wonder if that is also related to glance+uwsgi issues17:52
jrosseriirc that was chunked encoding trouble too?17:52
noonedeadpunkiirc yes, it was17:54
noonedeadpunk`transformation_chunked` huh17:54
jrosserindeed17:54
noonedeadpunkthis commit message should be put into uwsgi docs....17:55
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Drop cell1 upgrade to template format  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/82650417:59
NeilHanlonanyone seen this before? https://rpa.st/6PAA 18:14
jrosserNeilHanlon: if you run the (sub)playbook again with -vvv you'll see the parameters that were passed18:18
noonedeadpunkI bet it was just empty string in a list or empty element?18:44
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Fix infra upgrade  https://review.opendev.org/c/openstack/openstack-ansible/+/82642418:48
spatelnoonedeadpunk 24.0.0 vs 24.0.0.0rc2 ? 18:50
spatelwhich one i should give it a try 18:51
spatelgoing with 24.0.0 18:53
noonedeadpunkthey are exactly same just in case19:00
noonedeadpunkbtw we need to merge https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/826060 to proceed with dropping centos-819:00
noonedeadpunkoh, its backport, i think I can vote then?:)19:01
jrosserNeilHanlon: is your patch current? I might have a go with a Rocky cloud image tomorrow……19:06
noonedeadpunkalso - let's maybe merge https://review.opendev.org/c/openstack/openstack-ansible/+/782557 for real? :)19:39
noonedeadpunkNeilHanlon: also you might want to review as we might drop there smth important for Rocky 8 ^19:39
NeilHanlonjrosser: not super urgent. i have a patch into dib for adding a rocky container, though it appears to be failing in CI due to changes unrelated to mine19:40
NeilHanlonnoonedeadpunk - thank you! will crosscheck that with my patch and add back in if needed19:40
NeilHanlonactually, looks good at a glance.19:43
spatelnoonedeadpunk why do i need to run - openstack-ansible certificate-authority.yml  ? 19:45
jrosserok lets merge it19:45
spatelTo generate new CA, you will need to run the following command: 19:45
spatelwhy do i need to generate new CA for upgrade? 19:46
jrosserspatel: do you have some context - i am guessing this is upgrade notes?19:48
spatelYes - I am following this steps to upgrade from W->X  - https://docs.openstack.org/openstack-ansible/latest/admin/upgrades/major-upgrades.html19:48
spateljrosser my question is why do i need to Re-generate CA just for upgrade process? I already have CA running from previous upgrade.19:49
jrosserit is becasue the next command in the instructions is run with --limit19:51
jrosserbut i think that you may be right that this is only relevant for V->W upgrades19:51
spatelYes, i can understand that this step is required before PKI role introduce but now we already have running CA in wallaby so we don't need this19:52
spatelnot sure if this will generate SSL cert for Galera ... i doubt 19:53
jrosserwell its simple19:53
jrosserif we don't take stuff like this out of the docs then it will stay for the next release]19:54
jrosserso just a mistake really19:54
jrosserand you are right it will not generate an SSL cert for galera, thats expected19:54
jrosserit just sets up the CA19:54
spatelLets me ignore this step and move forward, i will submit patch and see if noonedeadpunk has any objection :)19:54
jrosserthe PKI role is called again in the galrea role to generate the cert from the CA19:54
jrosserthe pki role is multi-purpose19:55
spatelYes that is what i thought galera will just generate cert from your existing CA 19:55
jrosserit can manage the CA, and it can generate certs19:55
jrosserdepending on what variables you set it will do one/other/both19:55
jrosserit's used right at the start of setup-hosts to make the CA19:55
jrosserand then the roles like galera, rabbit and haproxy use it again as needed19:56
spatelthat is cool19:56
jrosserthat means there is no gigantic logic needed up front to work out what all the certs you need are for the whole deployment19:57
jrosserit's on-demand19:57
spatelcurrently i have set galera_use_ssl: false  (just for safe play because i have F5 in front door instead of haproxy)19:58
* noonedeadpunk already away20:00
spateljrosser  what is this for  -e package_state=latest ?20:03
jrosserosa defaults to using package_state=present20:03
jrosserso that you don't get surprise upgrades when running the playbooks day to day20:03
jrosserforcing state=latest when you specifically want an upgrade makes upgrades happen when you expect them20:04
spatelare these packages for distro binary correct?20:05
jrosserfor things like rabbit or whatever20:06
jrosserapt/rpm stuff20:06
spateli thought we have pinned version of packages like rabbit/mariadb/memcache etc20:06
jrosseryou can see how it is used here https://codesearch.opendev.org/?q=package_state&i=nope&literal=nope&files=&excludeFiles=&repos=20:07
spatelcopy that 20:11
spatelThis is going to do true upgrade not just upgrade openstack binaries :)20:12
spateljrosser what is your method to upgrade major release?  do you upgrade everything on same time or in pieces ?20:16
jrosserbasically follow the instructions20:16
spatellike day1 infra nodes only and day2 some compute and day3 rest of compute... etc..20:16
jrosserbut yes, we've got a schedule on a confluence page that gives the order we've done it previously, and notes of whats important20:17
spatelI am asking before when last time i upgraded from V->W  (it took 24 hour on 250 compute nodes) 20:18
jrosserbut if nothing goes wrong and it's not also an operating system upgrade then it might well get done in a day20:18
jrosserbut like you we do it all in the lab first for no big surprises20:19
spatelI found openstack-ansible stopped all service on compute node and then started them parellel (that created big mess)20:19
spateli wish osa do work in serial and not stop start compute service all in one shot that kind of scary 20:22
jrosserspatel: you can do it however you like https://github.com/openstack/openstack-ansible/blob/master/playbooks/os-nova-install.yml#L2720:23
jrossereverything is configurable ;)20:24
jrosserand soon it will be much easier to use --limit as well20:24
spateloh! wait.. so how do i use it ? nova_compute_serial ? 20:25
opendevreviewMerged openstack/openstack-ansible-os_zun master: Enable recursion in combine() filter  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/82421920:25
spatelwhat is 100% ?20:25
jrosserhttps://docs.ansible.com/ansible/latest/user_guide/playbooks_strategies.html#setting-the-batch-size-with-serial20:26
spatelsweet! so i can use - nova_compute_serial: 10% 20:27
spatelwe should create doc for upgrade cheat-sheet where we can put all these cool stuff and method for smooth upgrade.20:30
spatelcoding is easy but documentation is hardest part :(20:30
jrosseryou'd have to test all of this20:35
NeilHanlonTIL about codesearch. that will be helpful20:41
* NeilHanlon bookmarks20:41
spatellol i do have bookmark but always forgot to use when need it :)20:42
spateljrosser do you prefer this - openstack-ansible setup-infrastructure.yml -e 'galera_upgrade=true' -e 'rabbitmq_upgrade=true' -e package_state=latest 20:42
spatelor one at a time like  first galera and then rabbitmq and then next one etc..20:43
jrosserI can’t remember - not on the right system just now to look at our docs20:46
spatelno worry, but please share your experience when you get a time :) 20:49
*** dviroel is now known as dviroel|afk21:06
opendevreviewMerged openstack/openstack-ansible-os_tempest stable/xena: Define variables for tempest plugins  https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/82606021:10
opendevreviewMerged openstack/openstack-ansible-os_keystone master: Adjust default configuration to support TLS v1.3  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/82394521:14
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Fix infra upgrade  https://review.opendev.org/c/openstack/openstack-ansible/+/82642421:24
jrosserwhat happens to all these xena patches that fail wanting a rebase21:30
jrosserodd21:30
noonedeadpunkhm it really is actually...21:31
noonedeadpunkwell maybe it's because of https://review.opendev.org/c/openstack/openstack-ansible/+/824567 but unlikely though21:32
noonedeadpunkbut well, tomorrow is a new day :)21:33
jrosserindeed21:34
jrosserzuul restart just before as well so it could all be from that21:34
opendevreviewMerged openstack/openstack-ansible-os_keystone master: Fix ordering error enabling/disabling Apache modules  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/82400021:42
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_keystone stable/xena: Fix ordering error enabling/disabling Apache modules  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/82655021:46
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_keystone stable/wallaby: Fix ordering error enabling/disabling Apache modules  https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/82655121:46
opendevreviewMerged openstack/openstack-ansible master: Gather additional facts for haproxy playbook  https://review.opendev.org/c/openstack/openstack-ansible/+/82365522:11
opendevreviewMerged openstack/openstack-ansible master: Remove references to unsupported operating systems  https://review.opendev.org/c/openstack/openstack-ansible/+/78255722:33
prometheanfiredo I need to increase sync priority in galera?  having galera/mariadb constantly returning bad healthchecks and coming back23:30
prometheanfiremax_connections strikes again23:34
« Tuesday, 2022-01-25 Index Thursday, 2022-01-27 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!