| *** dviroel is now known as dviroel|out | 01:04 | |
| *** ysandeep|out is now known as ysandeep | 05:38 | |
| noonedeadpunk | Folks, I will merge patches on EM branches with just one +2 on CR - we don't have releases there and support is "best effort" anyway | 07:15 |
|---|---|---|
| noonedeadpunk | so stein and rocky left to address out of EM | 07:19 |
| noonedeadpunk | btw I'm quite happy about how reliable things is - most problems are about let's encrypt root ca with python27 (as there's no certifi version containing new root) and erlang rabbitmq repo | 07:21 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-tests stable/ussuri: Return CentOS 7 jobs to voting https://review.opendev.org/c/openstack/openstack-ansible-tests/+/861788 | 07:29 |
| opendevreview | Merged openstack/openstack-ansible-lxc_hosts stable/ussuri: Do not user urljoin for deprecated script https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/862143 | 07:37 |
| opendevreview | Merged openstack/openstack-ansible-lxc_hosts stable/ussuri: Return CentOS 7 jobs to voting https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/861789 | 07:37 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_rally stable/ussuri: Return jobs to voting https://review.opendev.org/c/openstack/openstack-ansible-os_rally/+/861790 | 07:53 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/ussuri: Add mistra-extra repo https://review.opendev.org/c/openstack/openstack-ansible/+/849521 | 07:55 |
| opendevreview | Jakob Meng proposed openstack/openstack-ansible-os_tempest master: [DNM] Debugging test https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/862256 | 07:55 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Fixing minor issue when no inspector is deployed https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/862232 | 07:57 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican stable/train: Trigger uwsgi restart https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/768162 | 07:58 |
| opendevreview | Merged openstack/openstack-ansible-tests stable/train: Return jobs to voting https://review.opendev.org/c/openstack/openstack-ansible-tests/+/861855 | 07:59 |
| opendevreview | Merged openstack/openstack-ansible-tests stable/train: Bump pluggy back to support py27 https://review.opendev.org/c/openstack/openstack-ansible-tests/+/862173 | 07:59 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/stein: Remove periodic jobs https://review.opendev.org/c/openstack/openstack-ansible/+/847966 | 07:59 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-tests stable/stein: Bump pluggy back to support py27 https://review.opendev.org/c/openstack/openstack-ansible-tests/+/862233 | 08:02 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-tests stable/stein: Bump pluggy back to support py27 https://review.opendev.org/c/openstack/openstack-ansible-tests/+/862233 | 08:05 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server stable/stein: Use cloudsmith repo for rabbit and erlang https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/862104 | 08:06 |
| *** frenzyfriday|rover is now known as frenzyfriday | 08:18 | |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-tests stable/stein: Bump pluggy back to support py27 https://review.opendev.org/c/openstack/openstack-ansible-tests/+/862233 | 08:31 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_hosts stable/stein: Use legacy image retrieval for CentOS 7 https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/862234 | 08:37 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server stable/stein: Use cloudsmith repo for rabbit and erlang https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/862104 | 08:50 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Mark Victoria as EM https://review.opendev.org/c/openstack/openstack-ansible/+/862281 | 08:58 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Mark Ocata/Pike/Queens as EOL https://review.opendev.org/c/openstack/openstack-ansible/+/862283 | 09:03 |
| *** ysandeep is now known as ysandeep|afk | 09:47 | |
| *** ysandeep|afk is now known as ysandeep | 11:16 | |
| *** dviroel|out is now known as dviroel | 11:26 | |
| opendevreview | Jorge San Emeterio proposed openstack/openstack-ansible-os_tempest master: [DNM] Restarting glance before running tempest https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/862304 | 12:46 |
| *** ysandeep is now known as ysandeep|afk | 13:10 | |
| *** ysandeep|afk is now known as ysandeep | 13:23 | |
| *** ysandeep is now known as ysandeep|PTO | 14:54 | |
| mgariepy | i am looking at pki for ovn stuff. do we want to have a new CA for it or we use the openstack one? | 14:55 |
| admin1 | why use 2 when one can work ? | 15:00 |
| NeilHanlon | more CAs the better | 15:02 |
| NeilHanlon | job security, or something | 15:02 |
| mgariepy | you have have a cert for the controller part for sb/nb and another ca for the ovs switch.. | 15:02 |
| mgariepy | lol job security haha | 15:03 |
| mgariepy | Switch Key Generation with a Switch PKI (More Secure) | 15:03 |
| mgariepy | hopefully at the end it will not be more complicated to manage than the internal CA for openstack . | 15:06 |
| jrosser_ | if it is mutual TLS i'm not sure having another CA is more secure? | 15:06 |
| noonedeadpunk | I don;t think we need another one? We were not making another for nova iirc | 15:07 |
| mgariepy | isn't it something like the idp one from this? https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/830179 | 15:07 |
| noonedeadpunk | we also do have intermediates that likely can/should differ | 15:07 |
| jrosser_ | ^ this | 15:07 |
| jrosser_ | mgariepy: if you want to "partition" the certificates then making a new intermediate is ++100 on having a different CA | 15:08 |
| jrosser_ | and there might be value in that if we have a whole bunch of OVS and the only thing they should talk to is some other part of neutron | 15:09 |
| jrosser_ | neutron/OVN, ykwim | 15:10 |
| jrosser_ | but idk really what the right answer is here | 15:11 |
| mgariepy | i'm not sure either lol. | 15:11 |
| jrosser_ | if there is an entire closed world in OVN which should only talk amongst itself and nothing else, then a unique CA for that might be legitimate | 15:11 |
| jrosser_ | and having no possible chain of trust to anything else would be the best protection against anything else connecting | 15:12 |
| mgariepy | i'll try to find more doc on that part from ovn. | 15:13 |
| *** chandankumar is now known as raukadah | 15:19 | |
| opendevreview | Merged openstack/openstack-ansible stable/ussuri: Switch to tracking stable/ussuri for EM release https://review.opendev.org/c/openstack/openstack-ansible/+/853029 | 15:27 |
| *** dviroel is now known as dviroel|lunch | 15:51 | |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_mistral stable/ussuri: Add mistral-extra in the mistral venv https://review.opendev.org/c/openstack/openstack-ansible-os_mistral/+/849522 | 15:57 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server stable/stein: Use cloudsmith repo for rabbit and erlang https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/862104 | 16:13 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server stable/stein: Use cloudsmith repo for rabbit and erlang https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/862104 | 16:19 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server stable/stein: Use cloudsmith repo for rabbit and erlang https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/862104 | 16:19 |
| *** dviroel|lunch is now known as dviroel | 16:24 | |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-tests stable/stein: Return functional jobs to voting https://review.opendev.org/c/openstack/openstack-ansible-tests/+/862377 | 16:28 |
| opendevreview | Merged openstack/openstack-ansible-tests stable/ussuri: Return CentOS 7 jobs to voting https://review.opendev.org/c/openstack/openstack-ansible-tests/+/861788 | 16:30 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_tempest stable/ussuri: Remove tripleo jobs from stable/ussuri branch https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/849973 | 17:12 |
| opendevreview | Merged openstack/openstack-ansible-lxc_hosts stable/train: Use legacy image retrieval for CentOS 7 https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/861849 | 17:20 |
| opendevreview | Merged openstack/openstack-ansible-tests stable/stein: Bump pluggy back to support py27 https://review.opendev.org/c/openstack/openstack-ansible-tests/+/862233 | 17:41 |
| opendevreview | Merged openstack/openstack-ansible-rabbitmq_server stable/ussuri: Bump rabbitmq version back https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/861729 | 17:43 |
| opendevreview | Marc GariƩpy proposed openstack/openstack-ansible-os_neutron master: [WIP] add ovn ssl config https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/862403 | 19:50 |
| mgariepy | not working yet. so don't be too enthusiastic | 19:51 |
| mgariepy | on this have a nice weekend. | 19:51 |
| noonedeadpunk | yup, have nice weekend too | 19:52 |
| nixbuilder1 | Another dumb question... once I have all my containers built, how do I build an inventory file to use on my laptop so that I can run scripts that include with_items: "{{ hostvars['localhost']['groups']['infra1-host_containers'] }}" | 20:22 |
| TheDude | Hi all, does anyone know of a good 'how to' and/or site that explains the proper startup order for a cluster, or shutdown in the event of a total power outage (planned or not)? We're still on rocky, and I see https://docs.openstack.org/openstack-ansible/rocky/admin/maintenance-tasks.html covers some stuff, but I can't find a definitive way to accomplish this. | 20:59 |
| TheDude | Saw that it matters whether or not you have ceph, etc.. but in general hoping to find a way to prove that we can both shutdown and startup gracefully, for now. eg: neutron_server group, then controllers, then compute nodes (for power down) and the reverse for startup? | 21:01 |
| TheDude | identify | 21:09 |
| TheDude | IDENTIFY | 21:09 |
| jrosser_ | nixbuilder: you can do ansible-playbook -i /opt/openstack-ansible/inventory/dynamic-inventory.py <more-parameters> | 21:16 |
| jrosser_ | TheDude: i don't believe there is any documented graceful shutdown/startup documentation - and from and openstack-ansible perspective i don't think that is a 'feature' we attempt to have | 21:19 |
| jrosser_ | TheDude: i expect that is why the maintainance tasks docs takl mostly about recovery from unavoidable failure, like broken nodes, rather than a deliberate stop/start operation | 21:20 |
| jrosser_ | having said that, following the rabbit and galera cluster recovery notes is probably most of what you need, but i think you'd need to refer to ceph documentation to being a ceph cluster back online from a complete outage | 21:21 |
| nixbuilder | jrosser: Thank you. | 21:22 |
| TheDude | Jrosser_: much appreciated and understood. I appreciate the responses. Realizing that there are so many edge cases makes it tough. Lots to consider but I'm hoping to put something together. I considered trying to figure out the service start orders in setup-openstack and go from there for starters. | 21:22 |
| jrosser_ | i think that most things are reasonably loosely coupled, so i would not worry too much about service ordering | 21:23 |
| jrosser_ | the tightest coupling and statefulness is in the clustered aspects of the message queue and database, those are the things to really take notice of during planned or unplanned maintainance | 21:24 |
| TheDude | perfect, thanks!!! that is good to know.. | 21:30 |
| opendevreview | Merged openstack/openstack-ansible stable/train: Disable upgrade jobs on EM branch https://review.opendev.org/c/openstack/openstack-ansible/+/861858 | 21:34 |
| *** dviroel is now known as dviroel|out | 21:39 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!