| opendevreview | Merged openstack/openstack-ansible-os_gnocchi master: Control amount of metricd workers https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/846347 | 00:39 |
|---|---|---|
| opendevreview | Merged openstack/openstack-ansible-os_gnocchi master: Support service tokens https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/846030 | 00:39 |
| opendevreview | Merged openstack/openstack-ansible-os_ironic master: Allow redhat vars file to cover different RHEL derivatives https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/844021 | 07:25 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_magnum master: Fixed dest typo in config_template https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/845993 | 07:42 |
| noonedeadpunk | sooo. by far what needs reviews are: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/846440 https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/846035 and https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/845913 | 07:43 |
| noonedeadpunk | And I guess that's kind of it? Except also some potential love that is needed for https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/844041 | 07:44 |
| noonedeadpunk | jrosser_: btw we can't use config_template here ^ Templates are ini sysctl/weird format https://opendev.org/openstack/neutron-vpnaas/src/branch/master/neutron_vpnaas/services/vpn/device_drivers/template | 07:53 |
| noonedeadpunk | so this is potentially best thing we can do | 07:53 |
| noonedeadpunk | or well... | 07:54 |
| jrosser_ | morning | 07:56 |
| jrosser_ | right - also templating out a template which needs to be full of {{ }} in the output is going to be ugly | 07:58 |
| jrosser_ | not sure theres anything i can vote on | 07:59 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Allow to provide custom configuration for VPNaaS https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/844041 | 08:00 |
| noonedeadpunk | nah, you did what you could and even more ;) | 08:00 |
| jrosser_ | if you want to push stuff through to get an rc then i'm sure thats fine | 08:01 |
| noonedeadpunk | except 846440 I believe | 08:02 |
| noonedeadpunk | damiandabrowski[m]: mgariepy spotz[m] if you have several spare minutes today would be great if you could do just few reviews (patches mentioned 10msgs above) | 08:03 |
| noonedeadpunk | I won't be able to push for RC until evening, anyway. Also I need to recall how I did things :D As I guess we do branching of roles first, and then RC only | 08:05 |
| noonedeadpunk | As likely from rc1 even we can do final release. as anyway stable is made from some rc | 08:06 |
| noonedeadpunk | but likely we need rc2 as after roles branching we need to update docs and merge gitreviews and stuff... | 08:08 |
| noonedeadpunk | but seeing how relatively good staff passed, I think we're good time-wise | 08:09 |
| noonedeadpunk | ccccccvcvrvvvcbifvujceutgfttlvjbvlvtrbcljbfl | 08:13 |
| noonedeadpunk | uh | 08:13 |
| noonedeadpunk | hate this stuff.. | 08:14 |
| damiandabrowski[m] | noonedeadpunk: done ;) | 09:28 |
| noonedeadpunk | regarding horizon and centos 9 it's interesting. I beleive it has smth to do with selinux as look at this https://paste.openstack.org/show/bH8zfbLDgdQ1ihbIff9V/ | 10:39 |
| noonedeadpunk | if check also haproxy log it's even better https://paste.openstack.org/show/blHJA3NiFBI7ZVctjTQX/ | 10:42 |
| noonedeadpunk | just in case - selinux is "permissive" | 10:42 |
| noonedeadpunk | but I see it "acting" at least in logs... | 10:45 |
| noonedeadpunk | not for this case though | 10:46 |
| opendevreview | Merged openstack/openstack-ansible-plugins master: Let git choose the branch when cloning a repo https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/846440 | 10:53 |
| noonedeadpunk | smth is super messed about apache in centos9 stream... | 10:54 |
| noonedeadpunk | Ok, I spotted huge problem with https://opendev.org/openstack/ansible-role-systemd_service/src/commit/46185f389eb8dc14c70b82b820cfe288df4a20e8/tasks/main.yml#L33 | 10:59 |
| noonedeadpunk | basically after reboot of host services do not start as that directory under run does not exist | 10:59 |
| jrosser_ | should we use RuntimeDirectory= in the unit for that instead? | 11:01 |
| noonedeadpunk | well, we rely on systemd-tmpfiles to create that | 11:02 |
| noonedeadpunk | And basically there's no systemd-tmpfiles-setup.service | 11:03 |
| noonedeadpunk | only systemd-tmpfiles-setup-dev.service | 11:03 |
| jrosser_ | right - i had to patch that out of the centos-9 lxc container creation stuff | 11:03 |
| jrosser_ | as the services were missing | 11:03 |
| noonedeadpunk | or well... | 11:04 |
| noonedeadpunk | for some reason it's dead | 11:04 |
| noonedeadpunk | https://paste.openstack.org/show/bQxbT1G6aZWLgbBLNNez/ | 11:05 |
| noonedeadpunk | I have metal aio fwiw | 11:05 |
| jrosser_ | ah ok | 11:05 |
| jrosser_ | btw here is what happened for the lxc stuff https://opendev.org/openstack/openstack-ansible-lxc_hosts/commit/fd23eeedfc2a28556278abc03f722ae17dd77990 | 11:05 |
| noonedeadpunk | yeah, you can't just enable it as it has no installation target? | 11:07 |
| noonedeadpunk | well, as I started it manually it jsut worked... | 11:07 |
| noonedeadpunk | I believe it also misses some dependency and that's why it failed... | 11:07 |
| noonedeadpunk | Uh, CentOS | 11:07 |
| noonedeadpunk | ok, so I fully disabled selinux, but this is still the case https://paste.openstack.org/show/blHJA3NiFBI7ZVctjTQX/ | 11:09 |
| opendevreview | Merged openstack/openstack-ansible-os_masakari master: Support service tokens https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/846035 | 11:11 |
| noonedeadpunk | wtf.... | 11:12 |
| noonedeadpunk | I wonder if that's actualy CSP that interferres | 11:15 |
| noonedeadpunk | it's not. But direct connection to apache works | 11:17 |
| noonedeadpunk | ah, yes | 11:17 |
| noonedeadpunk | it's content security | 11:17 |
| opendevreview | Merged openstack/openstack-ansible-os_ironic master: Support service tokens https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/846033 | 11:21 |
| noonedeadpunk | It can lead to haproxy version, as centos 9 stream has 2.4.7 haproxy | 11:23 |
| opendevreview | Merged openstack/openstack-ansible-os_octavia master: Support service tokens https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/845913 | 11:27 |
| noonedeadpunk | I wnder if same will happen in Jammy | 11:30 |
| noonedeadpunk | and report only doesn't help to avoid 500... | 11:37 |
| noonedeadpunk | I have no idea why this fails with current CSP.... | 11:44 |
| noonedeadpunk | And why report only still results in 500 | 11:44 |
| noonedeadpunk | I believe it's smth specific to haproxy changes rahter then rules | 11:44 |
| jrosser_ | isnt CSP all decided in the browser though, it's just headers at the server side | 12:01 |
| jrosser_ | all the fixing of that i needed to do was with chrome/firefox debug console | 12:02 |
| noonedeadpunk | well yes... But likely smth is now done on haproxy part. As soon as I comment `http-response set-header Permissions-Policy` OR `http-response set-header Content-Security-Policy-Report-Only` I recieve content instead of 500 | 12:04 |
| noonedeadpunk | at the same time it's even more wierd | 12:04 |
| noonedeadpunk | https://paste.openstack.org/show/b5hJjAjcIn0mhak5qmSK/ | 12:04 |
| noonedeadpunk | So I really no idea wtf | 12:05 |
| noonedeadpunk | Need to test on Ubuntu 22.04... My guess would be it has same thing | 12:06 |
| noonedeadpunk | But now need to go, so later today... | 12:07 |
| noonedeadpunk | so maybe these are some buffers or dunno what... As 500 occurs when it's content, but absolutely fine if you ask jsut for headers | 12:08 |
| opendevreview | Merged openstack/openstack-ansible-os_magnum master: Fixed dest typo in config_template https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/845993 | 12:22 |
| jrosser_ | this looks relevant https://github.com/haproxy/haproxy/issues/1597 | 15:48 |
| jrosser_ | there is some quite good explanation in the comments | 15:49 |
| noonedeadpunk | it's interesting | 18:07 |
| noonedeadpunk | but wrew counter is empty fwiw | 18:07 |
| noonedeadpunk | but! that really did work | 18:12 |
| noonedeadpunk | thanks jrosser_, I kind of checked counter and moved on... | 18:13 |
| noonedeadpunk | but likely I checked wrong one.... | 18:13 |
| jrosser_ | oh that haproxy bug already references OSA as triggering it | 18:27 |
| noonedeadpunk | well... not sure is it good or bad... | 18:57 |
| noonedeadpunk | hm, it also hits ubuntu 20.04 | 18:59 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Don't restrict haproxy tunable options https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/846473 | 19:05 |
| noonedeadpunk | I hope that would cover it ^ | 19:05 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_horizon master: Fix ALLOWED_HOSTS https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/844815 | 19:06 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Don't restrict haproxy tunable options https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/846473 | 19:10 |
| noonedeadpunk | realized that ubuntu 20.04 was still runnign haproxy 2.5 | 19:11 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Don't restrict haproxy tunable options https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/846473 | 19:12 |
| opendevreview | Merged openstack/openstack-ansible-os_aodh master: Support service tokens https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/846010 | 23:39 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!