| gokhani | hi folks, | 08:14 |
|---|---|---|
| damiandabrowski | hi! | 08:42 |
| jrosser | morning | 09:11 |
| *** dviroel|afk is now known as dviroel | 09:48 | |
| mathlin | if i replace br-vlan with a openvswitch bridge in a AIO, do i get mandatory extra bridges br-tun and br-int? If not, how do i remove them, can't seem to find them in the configuration files | 11:58 |
| jrosser | mathlin: i'm not sure i can follow the question totally there | 12:42 |
| jrosser | if you dont get the bridges then then you would not be able to remove them? <- i'm confused | 12:43 |
| dokeeffe85 | Hi all, not an OSA question so if I need to ask somewhere else please let me know. We have a current openstack cluster and we can create snapshots of vm's no problem. We had to make a 200GB flavour for an instance and when we try to snapshot it it fails but we don't see much in the logs. Is there a timeout or size limit that need to be adjusted? We have more than 450GB free and it seems to use about 300GB of that space and fails. All other | 12:53 |
| dokeeffe85 | volumes snap successfully just not the 200GB | 12:53 |
| jrosser | dokeeffe85: are those snapshots created using temporary space on one of your infra nodes? It's not clear where you have >450G free..... | 13:09 |
| dokeeffe85 | We have a /mnt/nova-boot on all computes. that's where our nova boot instances are stored. We can see the space being used and all of a sudden it stops | 13:11 |
| mathlin | jrosser: i removed the lxbr br-vlan, and created the ovs br-vlan bridge and changed user_variables and openstack_user_variables to use openvswitch instead. Ran the playbooks and now i have openvswitch br-tun adn br-int. If i remove them they return somehow | 13:35 |
| jrosser | mathlin: is this controllers or computes? | 13:35 |
| mathlin | both its only one server | 13:38 |
| jrosser | ok so you need those bridges don't you? | 14:01 |
| mathlin | no and they get my trunk tests interfaces | 14:21 |
| mathlin | its in the agents table in the neutron database, not synced with whats in the config files then. I ran the neutron playbook, but that might not remove things | 14:45 |
| jrosser | i thought those bridges were required by neutron, but best asking jamesdenton i think | 14:58 |
| noonedeadpunk | #startmeeting openstack_ansible_meeting | 15:01 |
| opendevmeet | Meeting started Tue Nov 8 15:01:34 2022 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:01 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:01 |
| opendevmeet | The meeting name has been set to 'openstack_ansible_meeting' | 15:01 |
| noonedeadpunk | #topic rollcall | 15:01 |
| jrosser | o/ hello | 15:01 |
| damiandabrowski | hi! I'm back from vacation | 15:01 |
| noonedeadpunk | o\ I'm sema-around today, unfortunatelly | 15:02 |
| noonedeadpunk | #chair jrosser | 15:02 |
| opendevmeet | Current chairs: jrosser noonedeadpunk | 15:02 |
| noonedeadpunk | Will give chair if need to run or get distracted | 15:02 |
| noonedeadpunk | I'm on business trip this week so will be sem-around until friday ( | 15:03 |
| noonedeadpunk | #topic office hours | 15:04 |
| noonedeadpunk | actually, we likely have a bug to discuss as well... I wanted to play with it but was short on time | 15:04 |
| noonedeadpunk | It was already discussed one day though | 15:04 |
| noonedeadpunk | #link https://bugs.launchpad.net/openstack-ansible/+bug/1993575 | 15:05 |
| jrosser | hmm | 15:07 |
| jrosser | the searching for variable names to use kind of has to work | 15:08 |
| jrosser | as thats the only way that things like _pki_ca_defs get populated at all | 15:09 |
| noonedeadpunk | yeah, true | 15:09 |
| noonedeadpunk | maybe it was some misusage ofc, so I wanted to test this out one more time | 15:10 |
| noonedeadpunk | As I believe it should work indeed | 15:10 |
| noonedeadpunk | damiandabrowski: do you want to share you recent finding about mariadbbackup? | 15:14 |
| damiandabrowski | yeah, turns out that mariadb 10.6.8(used in some Xena tags) is affected by a mariabackup bug: https://jira.mariadb.org/browse/MDEV-28758 | 15:15 |
| damiandabrowski | i'll bump 10.6.8 to 10.6.9 later(10.6.9 is fixed) | 15:16 |
| damiandabrowski | there's one more thing: is it possible to merge this patch before Zed release? | 15:17 |
| damiandabrowski | https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/862171 | 15:17 |
| noonedeadpunk | +1 | 15:17 |
| damiandabrowski | dependent patch is already merged but it broke horizon direct image upload. We need to merge the above one to get it back working | 15:18 |
| noonedeadpunk | We have to release Zed before by 15 of December | 15:18 |
| noonedeadpunk | *16 | 15:19 |
| noonedeadpunk | And we should at least sort out glance image fully before that. What I mean - we should have full clearance if we should have 2 api spawned or not | 15:20 |
| damiandabrowski | ah ok, so i guess even we already created changes like this one: https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/860551 we're not going to release soon | 15:20 |
| noonedeadpunk | Maybe we should do that regardless, but make it configurable | 15:20 |
| noonedeadpunk | Yes. So we need some reviews/rechecks as well | 15:21 |
| noonedeadpunk | Also, Wallaby EM is coming | 15:21 |
| noonedeadpunk | I wanted to make final release based on https://review.opendev.org/c/openstack/openstack-ansible/+/861601 before EM-ing | 15:22 |
| damiandabrowski | regarding 2 separate glance apis: in my opinion we don't have to that that, but let me copy paste my statement from some previous meeting: | 15:23 |
| damiandabrowski | regarding glacnce OSSN-0090: I've read it once again and things are pretty clear for me now. | 15:23 |
| damiandabrowski | I think the most important paragraph for us is: https://wiki.openstack.org/wiki/OSSN/OSSN-0090#:~:text=This%20brings%20us,the%20image%20data. | 15:23 |
| damiandabrowski | So actually we've made a huge improvement by disabling show_multiple_locations - it was a real threat. | 15:23 |
| damiandabrowski | show_image_direct_url is just a potential issue. There is no confirmed attack vector. It's only about exposing image location which may help attackers. | 15:23 |
| damiandabrowski | On the other hand if we take RBD backend as an example, I believe most of the deployments have default config so direct URL isn't hard to guess(images/<image_id>/snap). | 15:23 |
| damiandabrowski | So is it worth to increase complexity of os_glance role because of this? I'm not sure... | 15:23 |
| damiandabrowski | Especially when I really hope it will be fixed properly at some point. Maybe mentioning it in docs like kolla did is enough. I leave it for discussion. | 15:23 |
| noonedeadpunk | My patches for zookeeper/skyline are still not merged fwiw. I've made a mistake in them and updated jsut yestarday. Will ping infra during the week | 15:23 |
| noonedeadpunk | I think I more meant if you was able to talk to glance folks :) | 15:30 |
| damiandabrowski | i was going to talk to them because i didn't fully understand OSSN-0090 but after reading it once again i realized it's not needed anymore because everything is clear for me now | 15:31 |
| noonedeadpunk | um. ok. Then maybe we can just add comment on show multistore variable to the role? | 15:32 |
| noonedeadpunk | Tbh why I'm concerned a bit, is that we might need to have to have and show multiple URLs for one of our projects... | 15:33 |
| damiandabrowski | what comment do you have in mind? just an information saying that this option is unsafe? yeah, that would be good | 15:37 |
| damiandabrowski | additionally, I just realized I probably made a mistake in my changes...glance_show_multiple_locations should be disabled by default but it's not really | 15:38 |
| damiandabrowski | I'll fix it tomorrow | 15:38 |
| damiandabrowski | but regarding making use of `show_multiple_locations`, please be aware of what glance docs say nowadays: 'This option is deprecated for removal since Newton. Its value may be silently ignored in the future.' | 15:40 |
| damiandabrowski | 'silently ignored' scares me a bit | 15:40 |
| noonedeadpunk | yeah, but it's obviously not... | 15:41 |
| noonedeadpunk | I have in mind AZ usecase | 15:42 |
| noonedeadpunk | that if you have 3 ceph clusters and want to have image uploaded once but available in all AZs - you might need to show multiple urls | 15:44 |
| damiandabrowski | yeah it's ok, i just wanted us to be aware that it can be silently ignored in the future without any release note :D at least that's how I understand it | 15:45 |
| damiandabrowski | but I guess we don't have any other option anyway | 15:45 |
| noonedeadpunk | Well, there're set of nasty solutions that available :D | 15:46 |
| noonedeadpunk | but yes, you're right about that | 15:46 |
| damiandabrowski | there's one more thing: as I promised on PTG, I'll start work on internal TLS soon | 15:54 |
| *** dviroel is now known as dviroel|lunch | 15:58 | |
| noonedeadpunk | #endmeeting | 16:00 |
| opendevmeet | Meeting ended Tue Nov 8 16:00:57 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:00 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-11-08-15.01.html | 16:00 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-11-08-15.01.txt | 16:00 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-11-08-15.01.log.html | 16:00 |
| opendevreview | Merged openstack/openstack-ansible-os_tacker master: Add deployment of tacker-scheduler https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/861870 | 16:36 |
| Ultra | Hi folks! Any tips to install OSA `master` on Alma 9? Maybe a recursive `sed` should do the trick? | 16:40 |
| *** dviroel|lunch is now known as dviroel | 16:59 | |
| opendevreview | Merged openstack/openstack-ansible-openstack_hosts master: Switch codename to Zed https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/860551 | 17:01 |
| jrosser | Ultra: have you tried it? | 17:06 |
| opendevreview | Merged openstack/openstack-ansible-os_neutron master: Enable experimental execution of LXB if required https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/862594 | 17:09 |
| jrosser | Ultra: when investigating new/different OS for openstack-ansible you should use this in a VM https://docs.openstack.org/openstack-ansible/latest/user/aio/quickstart.html | 17:12 |
| opendevreview | Merged openstack/openstack-ansible master: Make Ubuntu Jammy voting https://review.opendev.org/c/openstack/openstack-ansible/+/862869 | 17:43 |
| opendevreview | Merged openstack/openstack-ansible master: [doc] Mark Victoria as EM https://review.opendev.org/c/openstack/openstack-ansible/+/862281 | 17:43 |
| opendevreview | Merged openstack/openstack-ansible master: [doc] Mark Ocata/Pike/Queens as EOL https://review.opendev.org/c/openstack/openstack-ansible/+/862283 | 17:43 |
| opendevreview | Merged openstack/openstack-ansible master: Mark Zaqar as deprecated in role matrix https://review.opendev.org/c/openstack/openstack-ansible/+/861884 | 17:43 |
| opendevreview | Merged openstack/openstack-ansible master: Add release note about used ansible and ceph versions https://review.opendev.org/c/openstack/openstack-ansible/+/861889 | 17:43 |
| opendevreview | Damian DÄ…browski proposed openstack/openstack-ansible-galera_server stable/xena: Bump mariadb version. https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/864052 | 17:49 |
| Ultra | jrosser, I haven't tested on Alma 9 yet! I do have OSA AOI ready in hands... I'll try! | 18:40 |
| *** dviroel is now known as dviroel|afk | 19:23 | |
| opendevreview | Merged openstack/openstack-ansible stable/wallaby: Bump OpenStack-Ansible Wallaby https://review.opendev.org/c/openstack/openstack-ansible/+/861601 | 19:48 |
| opendevreview | Merged openstack/openstack-ansible stable/yoga: Switch Ceph for Ubuntu Jammy to distro https://review.opendev.org/c/openstack/openstack-ansible/+/862994 | 20:04 |
| prometheanfire | zed is still 20.04 for ceph? | 20:44 |
| jrosser | prometheanfire: maybe best to read this https://review.opendev.org/c/openstack/openstack-ansible/+/862676 | 22:12 |
| jrosser | and this https://review.opendev.org/c/openstack/openstack-ansible/+/862499 | 22:14 |
| jrosser | imho you are very wise to separate out your openstack and ceph | 22:15 |
| prometheanfire | jrosser: fair, maybe we should do that now before it's too late... | 22:38 |
| jrosser | prometheanfire: i think you have to be really clear about where you want to install ceph from | 22:40 |
| jrosser | becasue in an OSA+ceph setup you've got the distro itself, UCA and download.ceph.com repos all installed | 22:40 |
| jrosser | and which do you use...... and unless you take some actual steps to prevent it then over time they move ahead / behind each other concerning which has the "latest" version which is what will get installed | 22:41 |
| jrosser | and depending where you want to install them from you don't get complete coverage of all OS releases vs. all ceph versions | 22:42 |
| jrosser | and then for UCA the Q release of ceph was dropped in without warning | 22:44 |
| opendevreview | Merged openstack/openstack-ansible master: Switch master branch to track stable/zed https://review.opendev.org/c/openstack/openstack-ansible/+/860549 | 22:44 |
| jrosser | so my advice is to use apt pinning to constrain the repo and also the version you want | 22:44 |
| jrosser | example of part of that being here https://github.com/openstack/openstack-ansible-openstack_hosts/blob/master/defaults/main.yml#L190-L195 | 22:46 |
| prometheanfire | ack | 22:46 |
| jrosser | beware also that lxc and libvirt have dependancies on rbd, so you can get surprise "early" installation of ceph before the actual OSA ceph_client role has run and dropped its own apt pins | 22:47 |
| jrosser | consider setting up the apt pins for ceph as part of your host provisioning long before OSA stuff is run | 22:49 |
| prometheanfire | I do an ansible run across hosts before osa, so there's that | 22:49 |
| prometheanfire | ya | 22:49 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!