Tuesday, 2022-11-29

« Monday, 2022-11-28 Index Wednesday, 2022-11-30 »
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Install ZFS packages for bootstrap-host if needed  https://review.opendev.org/c/openstack/openstack-ansible/+/86595208:27
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Install ZFS packages for bootstrap-host if needed  https://review.opendev.org/c/openstack/openstack-ansible/+/86595208:28
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_container_create master: Replace systemd_service templates with role  https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/86139408:28
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Do not install neutron venv if not needed.  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86354608:40
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Set default plugin type to OVN  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86596109:12
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Set default plugin type to OVN  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86596109:19
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Set default plugin type to OVN  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86596110:43
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Implement OVN inventory changes and deploy by default  https://review.opendev.org/c/openstack/openstack-ansible/+/86292410:43
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Add lxb jobs instead of ovn  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86597310:47
* noonedeadpunk wonders what can posisbly can go wrong with these ^10:48
*** dviroel|afk is now known as dviroel11:12
jrossernoonedeadpunk: how does zookeeper end up in the scenario? i'm sure i'm missing something :)12:09
noonedeadpunkbecause current repo is also paresed and added to scenario12:09
noonedeadpunkso we take out of r"ansible-role-(.*)"12:10
jrosserwe do also run an infra job on every integrated repo patch now12:10
jrosserbecasue we broke them before when adjusting healthchecks12:10
noonedeadpunkBut yes, zookeeper gets to be installed only when we run jobs against it's repo. Or designate...12:11
noonedeadpunkwe do it here fwiw https://opendev.org/openstack/openstack-ansible/src/branch/master/zuul.d/playbooks/pre-gate-scenario.yml#L45-L4812:11
noonedeadpunkwell. we can add zookeeper to integrated as well I guess...12:12
jrosserit just needs to be for infra jobs12:12
jrosser?12:12
noonedeadpunkSo what I wanted to avoid - adding zookeeper everywhere as I'm not sure it must be in envirnment rather then it's worth being present12:13
noonedeadpunkbut for infra I think we can add it12:13
jrosseri think that currently https://review.opendev.org/c/openstack/openstack-ansible/+/864750/19/etc/openstack_deploy/openstack_user_config.yml.aio.j2#246 this will only run it for designate & it's own repo jobs12:14
*** frenzy_friday is now known as frenzy_friday|rover12:15
jrosserand then this https://review.opendev.org/c/openstack/openstack-ansible/+/864750/19/etc/openstack_deploy/openstack_user_config.yml.aio.j2#250 only for infra jobs in it's own repo12:16
jrosseri think we should cover it with at least this https://github.com/openstack/openstack-ansible/blob/master/zuul.d/jobs.yaml#L263-L27312:17
noonedeadpunkok, will push update now then12:21
noonedeadpunksounds quite fair12:21
noonedeadpunkor worth doing as follow up?12:21
jrosseri think it has to be a follow up or its circular patches12:22
jrosseralso we should work on merging things :)12:22
noonedeadpunkyeah, for sure...12:26
noonedeadpunknot sure if it will be circular though...12:27
noonedeadpunkbut yeah, since it's passing it's worth to make a follow-up I guess12:27
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Implement OVN inventory changes and deploy by default  https://review.opendev.org/c/openstack/openstack-ansible/+/86292412:31
noonedeadpunkdamiandabrowski: would be great if you could spend some time on reviews today :)12:36
noonedeadpunkdamn, I'm not sure how to add zookeeper to validate only  :D12:38
noonedeadpunkI can add it to infra only regardless12:39
noonedeadpunkor well...12:39
noonedeadpunkneed some bigger patch12:39
jrosserif we are happy to have it on all infra jobs then it should be ok13:12
*** frenzy_friday|rover is now known as frenzy_friday|rover|food13:43
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Fix default of neutron_plugin_type  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/86601113:46
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Implement OVN inventory changes and deploy by default  https://review.opendev.org/c/openstack/openstack-ansible/+/86292413:49
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Explicitly define neutron_plugin_base for OVS  https://review.opendev.org/c/openstack/openstack-ansible/+/86601213:54
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Set default plugin type to OVN  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86596113:54
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Implement OVN inventory changes and deploy by default  https://review.opendev.org/c/openstack/openstack-ansible/+/86292413:55
NeilHanlonthe latest rockylinux-9 image on the nodepool is on 9.1. I'll keep an eye on CI in case, but my testing seems OK13:59
* jrosser tries to understand how we broke zfs jobs on rax - this used to work14:04
jrosserNeilHanlon: i've not tried it yet but would you expect i should get on OK with rocky on arm systems?14:05
NeilHanlonyep, should be fine there14:05
noonedeadpunkjrosser: I already placed a fix14:06
noonedeadpunkhttps://review.opendev.org/c/openstack/openstack-ansible/+/86595214:06
noonedeadpunkmaybe it was pre-installed in infra images...14:07
jrossernoonedeadpunk: do you know how it broke? i remember writing the code in the first place to account for that14:07
jrosseroh hmm14:07
noonedeadpunkwell, we covered in one place but not in another14:07
jrosserright i see - there are two paths for either a loopback or the extra device14:11
jamesdentonnoonedeadpunk i'll be testing the ovn ssl patches today and hopefully have it reviewed later or tomorrow. I spent some time testing non-ssl -> ssl upgrade and it did not go as well as i'd hoped14:45
NeilHanlonOOP is probably really really important there, i'm guessing?14:54
noonedeadpunk#startmeeting openstack_ansible_meeting15:03
opendevmeetMeeting started Tue Nov 29 15:03:06 2022 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:03
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:03
opendevmeetThe meeting name has been set to 'openstack_ansible_meeting'15:03
noonedeadpunk#topic rollcall15:03
noonedeadpunksorry for being late - was on a short walk and realized that it's already time for meeting :)15:03
noonedeadpunko/15:03
damiandabrowskihi!15:03
jamesdentono/15:04
NeilHanlono/15:04
noonedeadpunk#topic office hours15:05
noonedeadpunkI don't think we have new and not addressed bugs15:05
jamesdentoni have 1 but have not submitted yet. not a big one15:06
noonedeadpunkOk, good.15:06
noonedeadpunkAlso there was one unsubmitted from ML but it was said that https://review.opendev.org/c/openstack/openstack-ansible-os_designate/+/865701 worked nicely15:06
noonedeadpunkI haven't checked failures though so dunno if they're related or not15:07
jamesdentonmy designate deploy was pre-wallaby so did not run into that.15:07
noonedeadpunkfailures seem unrelated at first glance15:11
noonedeadpunkwill try to re-check15:11
noonedeadpunkso, we have 3 huge topics15:11
noonedeadpunk1. osa/zookeeper 2. osa/ovn 3. osa-ironic-tidy15:12
noonedeadpunkregarding osa/zookeeper I think it's ready for review. I will add a follow-up patch to trigger zookeeper deployment for integrated repo as well (for validate job)15:12
jrossero/ hello15:13
jrosserzookeeper looks ok i just found one tiny typo15:13
jamesdentonnoonedeadpunk for later: https://bugs.launchpad.net/openstack-ansible/+bug/199822315:13
noonedeadpunkI tried to work on ovn, I have quite limited knowledge overall but I think it should work generaly15:15
noonedeadpunkI posted updates to jamesdenton patch to set default at the end (but it will be defined in neutron role only) and some upgrade path15:16
jamesdentoni installed the patches over a working install and it seemed to land OK, but i was really pushing a non->ssl upgrade and didn't get it. I'm doing a fresh deploy now and will kick the tires15:16
jamesdentonthis is a 6-node environment so i'll flesh it out15:16
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-zookeeper master: Add SSL support for zookeeper  https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/86544915:16
noonedeadpunkyeah, that is smth worth testing15:17
spatellove people started using OVN, can't wait to see it default on AIO 15:18
noonedeadpunkand I still wasn't able to look into ironic - has this in my todo list but simply ENOTIME. Despite jrosser explained very good what the issue is still need to think what can be done not in rush 15:18
jamesdentoni will try to revisit the osa/ovn default patches today, too. 15:18
jrosserthere are many things addressed in ironic patches15:19
jrossermostly small but the consoles is the bog one15:19
jrosser*big15:19
jrosserthough this is blocking a lot https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/86556615:19
jamesdentonis the console code still maintained? i can't recall15:19
jrosserfor ironic or osa?15:20
jamesdentonironic15:20
jrosseripmi-sol seems to work fine, with also talk of adding some graphical stuff too15:20
jamesdentoncool. i guess i was thinking of something else15:20
jamesdentonshellinabox.15:21
jrosserah yes15:21
noonedeadpunkActually for 865566 I think there was some fix for centos8....15:21
noonedeadpunkBut I can't recall what it was15:22
noonedeadpunkoh, wow, it's failed on rally...15:23
jrosseroh rally - i thought it was tempest /o\15:23
jrosseralso ENOTIME here making keeping on top of all this pretty tricky15:23
jamesdentonwe should ask santa nicely for more15:24
noonedeadpunkThe tricky thing with all that that we kind of need to branch roles asap15:24
noonedeadpunkor well next week latest15:24
damiandabrowskii'll spend some time tomorrow on reviews15:25
noonedeadpunkSo we need to review things that already passing CI and decide what we want to land for sure15:25
noonedeadpunkI think that internal TLS is out of scope at this point15:25
noonedeadpunkI really want to land ironic fixes as well15:25
noonedeadpunkthe question is likely about ovn and if we feel comfortable to land that big change so late 15:26
jamesdentonovn default or ovn ssl or both?15:26
noonedeadpunkovn default15:26
mgariepyovn ssl please15:26
noonedeadpunkor both :D15:26
mgariepyalso.15:26
mgariepyso we don't have to swap it live !15:27
noonedeadpunkthough I feel quite fine about migration path for ovn default15:27
noonedeadpunkI won't expect too much issues if ppl use our upgrade script or follow upgrade guide15:27
jamesdentonWell, i think that a "preflight" check for neutron could help mitigate operators forgetting to specify ml2.lxb. Just a check at the beginning of neutron playbook that looks for the var and fails if it isn't there. my biggest worry is that LXB folks would accidentally deploy ovn on top and break everything15:28
damiandabrowskii received a question from my company about OVS/OVN TLS. Do we plan to encrypt only management traffic or everything?15:28
noonedeadpunkThe only issue I see is that we don't have proper ovn docs and all diagrams would refference only ovs/lxb15:28
jamesdenton:(    docs are.. slow. lemme check where i'm at on that15:28
noonedeadpunkI think it covers only management traffic15:29
noonedeadpunkFrom what I understood15:29
jrosserit has never been about data plane?15:29
damiandabrowskiack, thanks15:29
noonedeadpunkwell, we can land docs a bit later as well15:29
jamesdentonalso, i just saw your 'define-neutron-plugin' playbook. sorry15:30
spatelwe should put some check where people don't accidentally apply ovn playbook on lxb infra 15:31
noonedeadpunkI checked that upgrade playbook both on ovs (on our sandbox) and lxb (on aio) and it looked quite fair15:33
noonedeadpunkI don't think we can/should do more rather then write release note and update upgrade docs to include step for defining variables if they're not yet present15:34
spatelDo we have successful path / dock of converting LXB to OVN? 15:35
jamesdentondefine... successful15:35
noonedeadpunkjamesdenton has a blog describing it - was shared in ML quite recently as well15:35
noonedeadpunkbut yeah :D15:35
spatelLike playbook to convert running production to ovn :)15:36
noonedeadpunkoh, wow, quite ambitious :D15:36
spateljamesdenton send me that link i would like to give it a try in my deployment env 15:36
jamesdentonplaybook? naw. but you could make one from the steps15:36
jamesdentonhttps://www.jimmdenton.com/migrating-lxb-to-ovn/15:36
spatel+115:37
spateljamesdenton no kidding :) - https://www.jimmdenton.com/assets/images/2022-08-31-migrating-lxb-to-ovn/walk-away.gif15:37
noonedeadpunkI can only imagine what playbook that would be15:37
jamesdentonthe gifs are the best part15:37
damiandabrowskithere was also a talk about it in Berlin: https://www.youtube.com/watch?v=O68Fzry50ic15:38
jamesdentonnot a playbook for faint of heart15:38
noonedeadpunkit was from ovs though iirc15:38
noonedeadpunkmigration from ovs is simple (comparing)15:38
jamesdentonyes, i think there may even be scripts for that15:38
spatelovs to ovn is easy but lxb to ovn tricky 15:38
damiandabrowskiahh sorry, i missed that we're talking about LXB15:39
jamesdentonspatel has volunteered to write the playbook15:39
noonedeadpunkNow it's in the meeting logs ;)15:39
spatelI wish.. trust me.. 15:39
damiandabrowski\o/15:39
spatelI am underwater last few month.. building new datacenter so migrating all my openstack cloud to new DC 15:40
jamesdentonbusy is good15:40
spatelnot fun when you move your DC 15:40
noonedeadpunkoh ,well. we have one more thing that is named sahara15:41
jamesdentonoh?15:41
noonedeadpunkso sahara is simply broken on Zed as upstream service15:41
noonedeadpunkAnd eventually it's not passing our tempest either (mostly becuase of jsonschema version)15:41
noonedeadpunkSo kind of 2 things we can do - disable tempest tests for sahara or use Yoga u-c for it15:42
noonedeadpunkI even proposed some patch to fix it https://review.opendev.org/c/openstack/sahara/+/864728 but meh... 15:43
noonedeadpunkit seems a bit more tricky then expected.15:43
noonedeadpunk(or better say complex)15:44
jamesdentonHmm, well maybe just a release note to say.. don't upgrade to Zed until Sahara is fixed and move on?15:44
jrosseri wonder if anyone uses it15:45
noonedeadpunkyeah. but we won't be able to merge any patches to our repos15:45
noonedeadpunkor well, to os_sahara15:45
noonedeadpunkjrosser: that's good quetsion, but sahara has osa integration test in their pipeline as well15:46
noonedeadpunkso it's quite a rabbit hole tbh15:46
damiandabrowski(i have one thing to discuss regarding internal tls, so please let me know if we're done discussing other things)15:46
jrosseri would say tc maybe declare project dead if a working release is not exsting for Zed?15:46
noonedeadpunkI think I will go on and propose to comment out https://opendev.org/openstack/openstack-ansible/src/branch/master/tests/roles/bootstrap-host/templates/user_variables_sahara.yml.j2#L13-L1415:47
noonedeadpunkjrosser: yup, that's smth we're on tbh15:47
jrossergood idea15:47
noonedeadpunkbut it's not that easy either15:47
noonedeadpunk(and sahara not the only project)15:47
noonedeadpunkI think one of main issues that there was a PTL volunteer for sahara but we don't see much activity but want to give some chance...15:49
noonedeadpunkso ugh15:49
noonedeadpunkdamiandabrowski: go on I guess :)15:49
damiandabrowskithanks!15:49
damiandabrowskiAs Dmitriy suggested, we are not aiming to implement internal TLS in Zed due to the lack of time. We'll implement it in Antelope instead. (but I'm not stopping working on it)15:49
damiandabrowskiIt gives us plenty of time so I came up with a slightly different idea of implementing it.15:50
damiandabrowskiAs you may know, the biggest challange is to provide a way for a smooth transition from unencrypted to encrypted traffic.15:50
damiandabrowskiIt's tricky because we configure all haproxy endpoints at once during haproxy-install.yml.15:50
damiandabrowskiAt the beginning we planned to implement a temporary feature to handle both HTTP & HTTPS traffic by haproxy.15:50
damiandabrowskiUnfortunately it's quite complex and do not solve all our current issues(for ex. haproxy uses variables from different roles which may be not accessible in haproxy hostgroup).15:50
damiandabrowskiSo I was thinking about avoiding haproxy endpoint configuration directly when running haproxy-install.yml playbook and move it to the service roles.15:50
damiandabrowskiIn this case, for ex. os_glance would contain import_role pointing to the subset of tasks from haproxy-install.yml to configure endpoints for glance(the same as we do for pki role).15:50
damiandabrowskiIt may give us 2 main benefits:15:50
damiandabrowskiWhat do you think? do you see any blockers? For sure we'll need to work on playbooks/common-tasks/haproxy-endpoint-manage.yml to avoid managing non-existent haproxy endpoint, but except this I don't see any real issues.15:50
damiandabrowskiIt would look pretty similar to kolla-ansible, except the fact I don't think we need a separate role for this. https://github.com/openstack/kolla-ansible/tree/master/ansible/roles/haproxy-config15:50
damiandabrowski2. No more problems with trying to access unavailable variables when running haproxy-install.yml15:50
damiandabrowski1. No need to worry about http->https transition for backends.15:50
jrosserwherever we have variables that must be accessed across roles those need to be in group_vars15:52
jrosserhaproxy or not haproxy15:52
noonedeadpunkThe one problem I see is that os_glance role is not running against haproxy_all hosts. While we do delegating for pki/python_venv_build we delegate only to 1 host15:52
noonedeadpunkAnd I don't think ansible can delegate to groups (but I never tried)15:52
damiandabrowskihttps://paste.openstack.org/show/bvi2iSjNMbJrCyM51bw1/15:53
damiandabrowskiyou can use loop, i tested it yesterday15:53
jrosser:( we should use proper var scopes when we need15:54
damiandabrowskibut it actually solves our issue, isn't it?15:54
damiandabrowskiso according to my test, if os_glance role includes haproxy role - it has glance vars available15:54
noonedeadpunkanother hassle I see is certs/let's encrypt. But maybe we can issue them during haproxy-install playbook and just somehow utilize later15:54
noonedeadpunkyeah, you can delegate_facts I guess or smth15:55
noonedeadpunkI kind of like the idea as it would solve some of our issues. I'm not sure it won't bring another ones though :D15:55
jrosserlooping over delegate_to just feels like re-inveting the host loop of a playbook too15:55
noonedeadpunkBut we wil lnever know until we try15:56
noonedeadpunkWell, even thinking about moving haproxy service configuration to the service playbook sounds like improvement, isn't it?15:56
damiandabrowskiso to summarize: this idea may require some tweaks but you don't have anything against that and I can prepare some PoC?15:56
damiandabrowskifor me it definitely sounds like an improvement :D 15:57
noonedeadpunkMy opinion is that I'm not sure if we will gain any profit and will be able not to make role even more complex, but it might be worth trying to see if it's ok15:58
jrosserthere will be also some corner cases15:58
noonedeadpunkAs it might result in quite a simplification as well15:58
jrosserLE is somehow tied to horizon15:58
jrosserand consoles are not tied to one service15:58
jrosserso there are some plusses, but it will also have tricky parts which are similar to the things that are tricky today15:59
noonedeadpunkI guess for LE we did some trick for keystone as well? Not sure though....15:59
jrosserport 80 and 443 are there for the benefit of horizon15:59
noonedeadpunkah, yes, true16:00
jrosserbut it is not making much sense to deploy LE as part of horizon16:00
jrosserthats like step zero before everything else16:00
damiandabrowskiokok thanks for your input! I made some notes and will look into that soon16:01
noonedeadpunk#endmeeting16:02
opendevmeetMeeting ended Tue Nov 29 16:02:55 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:02
opendevmeetMinutes:        https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-11-29-15.03.html16:02
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-11-29-15.03.txt16:02
opendevmeetLog:            https://meetings.opendev.org/meetings/openstack_ansible_meeting/2022/openstack_ansible_meeting.2022-11-29-15.03.log.html16:02
spatelI would like to upgrade my production openstack running on wallaby to Xena or Yoga. Is there anything i should be worry or care about before i start upgrade?16:03
spatelI will read release notes before make any move but just curious if anyone notice anything outside doc16:04
spatelAny problem doing directly  W->Y upgrade? 16:05
damiandabrowskii've performed V->X upgrades in 4 regions this autumn, no big issues at all16:06
noonedeadpunkI wrote Marc some hassle with nova yestarday when jumping through releases. I haven't tried W->Y but we had that during V->X. So it can still apply to your path as well16:06
noonedeadpunkso you can check out logs :)16:06
damiandabrowskithere was one minor thing but it's already merged: https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/85774916:06
damiandabrowskiah, and nova upgrade was a bit tricky16:07
damiandabrowskii had to upgrade all nova components at once and then execute `mysql -e "update nova.services set version = 57 where deleted = 0;"`16:07
noonedeadpunkBtw, any thoughts folks on https://review.opendev.org/c/openstack/openstack-ansible/+/863423 ?16:08
damiandabrowski(nova-conductor was refusing to start before applying this sql command)16:08
noonedeadpunkAs I faced with issue of being hard to add compute node (or any other host) to inventory without running dynamic_inventory for real on production deploy host which is meh....16:09
damiandabrowskiat first glance it looks ok16:10
jrossernoonedeadpunk: what is the difference beweeen "running for real"?16:10
cloudnullđź‘‹ chai 16:11
cloudnull**ohai 16:11
jamesdentonmr. cloudnull 16:11
*** dviroel is now known as dviroel|lunch16:11
cloudnullwhat's good ?16:12
noonedeadpunkjrosser: so I can place tox.ini in git repo with openstack_deploy folder16:12
noonedeadpunkand run tox locally on any machine16:12
noonedeadpunkwithout need to fork openstack-ansible repo, bootstrap it, etc16:12
noonedeadpunkOr maybe I'm missing some easy way for that?16:13
jrosseri think i was maybe not seeing the difference with `ansible-inventory -i ./inventory/dynamic_inventory.py --list`16:14
jrosseroh right yes but without bootstrap - i see16:15
noonedeadpunkyup16:15
cloudnullany chance I could get eyes on https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/855996 ? 16:15
cloudnullNothing super important, just a patch I'm running locally. 16:15
noonedeadpunkand without direct clone of osa repo even (well - tox will do that kind of, but you don't need to clean it up)16:15
noonedeadpunkcloudnull: can you please tell more about reason behind the patch?16:16
noonedeadpunk(also from 60 to 640 is not doubling :D)16:17
cloudnulloriginally I doubled it, I'll update the message. As for the story, I replied in the comments. its just to make the error messages go away 16:18
opendevreviewMerged openstack/openstack-ansible-os_neutron master: Allow to set dnsmasq configuration options  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86487216:18
noonedeadpunkah16:19
noonedeadpunksorry I haven't checked comments16:19
*** frenzy_friday|rover|food is now known as frenzy_friday|rover16:21
noonedeadpunktbh I'd rather made these setting configurable... Ultimately, add add some simple way to define extra options to config would be also great...16:21
noonedeadpunkI will also try to rebase your patch cloudnull for disabling net configuration for lxc16:22
opendevreviewKevin Carter proposed openstack/openstack-ansible-rabbitmq_server master: Update the heartbeat and handshake timeout  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/85599616:22
cloudnullnoonedeadpunk I think you had a better change for lxc networking?16:22
noonedeadpunkYeah, it's merged but I didn't add condition to the patch16:23
spateldamiandabrowski good to know, then i will go directly to Yoga (hope its stable and production ready)16:23
cloudnullah. 16:23
spateldamiandabrowski what is this and for what? - i had to upgrade all nova components at once and then execute `mysql -e "update nova.services set version = 57 where deleted = 0;"`16:25
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_hosts master: Add option to disable lxc interface management  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/86167616:27
damiandabrowskithere was(or maybe still is) a bug in nova-conductor which prevented it to start even all nova services are upgraded16:27
damiandabrowskiunfortunately i don't have any details, maybe noonedeadpunk recalls something16:27
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_neutron master: Do not install neutron venv if not needed.  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86354616:28
noonedeadpunkspatel: https://meetings.opendev.org/irclogs/%23openstack-ansible/%23openstack-ansible.2022-11-28.log.html#t2022-11-28T14:43:4516:28
spatelIf its that critical then shouldn't be part of upgrade doc? 16:29
spatelreading...16:29
noonedeadpunksoooo much typos in there....16:29
mgariepytypos where ?:P16:30
mgariepywho cares.. 16:30
mgariepyi surely dont hahah16:30
spatelnoonedeadpunk very interesting issue. its its not a big deal to bump version then why put it in upgrade doc. 16:33
noonedeadpunkcloudnull: please check if this will be fine for your usecase after update: https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/861676 :)16:33
spatelI am glad i ask before started upgrading, imagine who didn't ask :D16:33
noonedeadpunkspatel: beguase upgrade trough releases is not supported?16:34
noonedeadpunkat least until Y16:34
spatelYou are saying i won't see issue if i do W->X  and X-Y right? 16:34
noonedeadpunkYup16:35
spateli see16:35
noonedeadpunkI'm not sure you will for W->Y either. But you will for V->X16:35
cloudnullnoonedeadpunk I think that works fine. 16:35
noonedeadpunkAs they've bumped rpc version somewhere for W I guess. So if you're already on W it might be fine16:36
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Implement OVN inventory changes and deploy by default  https://review.opendev.org/c/openstack/openstack-ansible/+/86292416:42
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: [doc] Document better requirement for keepalived vip_cidr  https://review.opendev.org/c/openstack/openstack-ansible/+/86604616:53
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Run zookeeper installation for validate job  https://review.opendev.org/c/openstack/openstack-ansible/+/86604717:03
*** dviroel|lunch is now known as dviroel17:12
spatelnoonedeadpunk Thank you!!! i will let you know next week how my upgrade goes :) 17:17
opendevreviewMerged openstack/openstack-ansible-os_nova stable/yoga: Isolate vif for ovs backend by default  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/86498417:57
opendevreviewMerged openstack/openstack-ansible master: Do not duplicate vers in nfs mount options  https://review.opendev.org/c/openstack/openstack-ansible/+/86580518:06
opendevreviewMerged openstack/openstack-ansible-os_heat stable/yoga: Install git into heat containers  https://review.opendev.org/c/openstack/openstack-ansible-os_heat/+/86556418:11
noonedeadpunkmmmm... Have anybody tried out ovn driver for octavia? :D18:17
noonedeadpunkalso octavia does not use tooz for jobboard but has invented it's own thing...18:20
mgariepyI havent18:25
johnsomnoonedeadpunk: What do you mean “invented it’s own”? It is using Taskflow code and drivers, which uses tooz.18:30
noonedeadpunkjohnsom: well I looked briefly through code and haven't spotted tooz usage. Eventually there's even no tooz requirement, but instead in extras you can ask for redis/zookeeper independntly https://opendev.org/openstack/octavia/src/branch/master/setup.cfg#L114-L12118:37
johnsomYes, because tooz is a requirement of Taskflow and not Octavia directly.18:38
johnsomThe extras let you pick your backend for tooz18:39
noonedeadpunkhm.....18:39
noonedeadpunkI don't see tooz requirement there either18:41
noonedeadpunkI think I thought why no tooz is used, becuase otherwise you won't need that pile of config variables, like jobboard_backend_hosts, jobboard_backend_port, jobboard_backend_namespace as the only thing that's needed is coordination_url that is just passed to tooz and parsed there18:42
noonedeadpunkAnother point why I'm under impression that tooz is not used, because jobboard_zookeeper_ssl_options is not a thing in tooz for zookeeper - I've proposed https://review.opendev.org/c/openstack/tooz/+/865532/4 quite recently to cover that18:44
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Add coordination to octavia  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/86605818:47
noonedeadpunkSo basically that's usually all config when tooz is used - https://docs.openstack.org/designate/latest/admin/config.html#coordination18:48
noonedeadpunkbut yeah, might be you needed smth that's simply not implemented there or it was hard to adopt or smth...18:49
johnsomTooz is mentioned in the docs here: https://docs.openstack.org/taskflow/latest/user/engines.html is why I thought it was using it, but yeah, I don't see an import either. It could be that Taskflow existed before tooz did.18:50
johnsomWhat I can tell you for sure is Octavia didn't invent something unique for jobboard, we just used what Taskflow had setup.18:51
johnsomJosh was a key developer on both Taskflow and Tooz, but sadly he isn't around anymore to ask why....18:52
noonedeadpunkWell in terms of integration with zookeeper way of octavia configuration is very different from cinder, designate and gnocchi at least. But anyway:)18:58
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Allow to define condition for DB creation  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/86605919:02
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Add coordination to octavia  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/86605819:02
noonedeadpunkTo be frank I'm not very familiar with taskflow overall....19:04
noonedeadpunkjohnsom: wait. am I reading that right https://docs.openstack.org/taskflow/latest/user/persistence.html#zookeeper can be used for persistence_connection url? 19:06
johnsomYes, I think so. I don't think Octavia tests with that, but it should work19:09
noonedeadpunkyeah, it tests with mysql for sure...19:10
johnsomYeah, I just checked, it is using mysql19:10
noonedeadpunkBut driver in octavia seems to be supporting only mysql somehow https://opendev.org/openstack/octavia/src/branch/master/octavia/controller/worker/v2/taskflow_jobboard_driver.py#L3619:13
noonedeadpunkThough I'm not sure if zookeeper won't "jsut work"19:14
noonedeadpunkhm19:14
noonedeadpunkI need to play with that19:14
johnsomScroll down to line 6319:14
noonedeadpunkBut it's flwo driver19:14
johnsomAh, nope that is the "other" driver for taskflow19:14
noonedeadpunknot persistance19:14
noonedeadpunkI'm looking at taskflow persistance right now https://opendev.org/openstack/taskflow/src/branch/master/taskflow/persistence/backends/__init__.py19:15
noonedeadpunkAnd tbh I don't see why it won't work if pass it with zookeeper url... except missing some ssl-related kwargs19:16
noonedeadpunkugh19:16
noonedeadpunkYeah, likely I will leave that alone for now...19:16
johnsomYeah, if you need a zookeeper persistence, maybe open a story for it. 19:16
johnsomAnn or Greg would be best to address that19:17
noonedeadpunkWell, it would simplfy things? As you don't need another database, migrations for it...19:17
noonedeadpunkyup. done. https://storyboard.openstack.org/#!/story/201045519:22
noonedeadpunkMaybe will pick it up one day :D19:22
johnsomThanks19:23
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Add coordination to octavia  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/86605819:29
noonedeadpunkI probably still should try to provide zookeeper url yolo style in a sandbox....19:30
jamesdentonmgariepy you around?19:33
mgariepysomewhat!19:33
mgariepywhat can i do for you19:33
jamesdentonrunning the ovn ssl patches, and it looks like the certs are not being generated. I see your new "Create and install SSL certificates" task go by but nothing appears to happen19:34
jamesdenton<mnaio-compute2> Task "Create and install SSL certificates" has been omitted from the job because the conditional "['neutron_ovn_ssl', "'network_all' in group_names"]" was evaluated as "False"19:34
jamesdentonthat could be why. lol19:35
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Disable octavia anti-affinity for AIO builds  https://review.opendev.org/c/openstack/openstack-ansible/+/86606119:35
mgariepyhmm should it be filtered on something else?19:35
jamesdentonwell, a compute is not a network host19:36
jamesdentonthe openstack controllers appear to have the keys19:36
jamesdentonand in an AIO, that would prob be OK19:36
jamesdentonso maybe filtering on the actual ovn groups would be better? northd and controller, or whatever they are19:37
mgariepyhmm yep i guess it would be better.19:38
jamesdentoni'll try it and see19:38
jamesdentonthanks 19:39
mgariepyi remember when horizon network security group were not in the network tab..19:39
mgariepygood times.. 19:39
mgariepyi knew it wasn't perfect :D haah19:41
jamesdentonseems close!19:43
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Change defaults for octavia topology and affinity  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/86606219:43
noonedeadpunksince everyone around - some review on https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/855074/3 would be helpful to unblock octavia19:44
jamesdentondone19:46
noonedeadpunkany idea wtf can be with https://zuul.opendev.org/t/openstack/build/6393f9a8f57e4857a9213ce793a6ca32/log/job-output.txt#17334 ?19:47
noonedeadpunksounds like smth is missing in openstack_user_config or smth...19:48
jamesdentonhmm19:50
noonedeadpunkI think it's this task https://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/tasks/providers/setup_ovs_ovn.yml#L5619:50
jamesdentonhmm, might be container_bridge is undefined or null?19:50
jamesdentonlooking19:51
jamesdentondid this only fail in jammy?19:52
noonedeadpunknah, everywhere19:52
noonedeadpunkexcept upgrade jobs :D19:52
noonedeadpunkSo upgrade hook looks like working19:52
jamesdentonhmm, strange. it never failed with this error before, though, IIRC19:52
noonedeadpunkwell, I can assume that smth wrong is here specifically https://review.opendev.org/c/openstack/openstack-ansible/+/86292419:53
jamesdentonagreed19:53
noonedeadpunkI haven't touched env.d/o_u_c from your patchset19:53
noonedeadpunk(as can hardly judge on them)19:54
noonedeadpunkWell, I've dropped ovn overrides for aio19:55
noonedeadpunkbut I moved everything (I think)19:55
jamesdentonok i know what it is19:57
noonedeadpunk?19:58
noonedeadpunkAs I can't find neutron_provider_networks being defined at all...19:59
jamesdentonprovider bridge is setup for neutron-ovn-gateway group, but that task is failing on the neutron-ovn-controller group (since there's no provider bridge mapping)19:59
jamesdentonso, i think we may need to add an OR statement... to include both neutron-ovn-controller and neutron-ovn-gateway19:59
jamesdentonhttps://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/76064720:00
jamesdentonhttps://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/tasks/providers/setup_ovs_ovn.yml#L6520:00
jamesdentonhttps://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/tasks/providers/setup_ovs_ovn.yml#L7720:00
jamesdentonhttps://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/tasks/providers/setup_ovs_ovn.yml#L8420:00
noonedeadpunkyou're saying we have circular dependency?20:00
jamesdentonnot quite 20:01
jamesdentonour current OVN setup assume an ovn controller (compute node) is also an ovn gateway node20:01
jamesdentonbut we want that split out20:01
noonedeadpunknot sure I'm following why aio metal is affected though20:01
jamesdentongood question, i'm not quite sure either20:02
noonedeadpunkbecause it shouldn't matter kind of - all groups are there anyway20:02
jamesdentonbut it's related to this, i think.20:02
jamesdentonagreed20:02
jamesdentoni'll spin up an AIO and see if i can fix this20:02
noonedeadpunk(and bridges)20:02
noonedeadpunkyes, would be awesome, thanks!20:02
noonedeadpunk(and it gets a bit late here)20:03
noonedeadpunkI have several dependancies for https://review.opendev.org/c/openstack/openstack-ansible/+/862924 (and relations chains in some of them)20:04
noonedeadpunkSo basically it also depends on ovn ssl patch20:04
jamesdentonmgariepy https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86240320:07
opendevreviewMerged openstack/openstack-ansible-openstack_hosts master: Revert "Use pam_env for su commands on Centos-9"  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/86065820:07
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts stable/yoga: Revert "Use pam_env for su commands on Centos-9"  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/86599720:08
jamesdentonSSL patch successful w/ that change. VM accessible20:09
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Disable fact variables  https://review.opendev.org/c/openstack/openstack-ansible/+/77839620:09
* noonedeadpunk heads out for today20:10
jamesdentonsee ya20:10
admin1is there a tag for all services to only add rabbitmq after a rabbitmq rebuild ? 20:17
opendevreviewMarc GariĂ©py proposed openstack/openstack-ansible-os_neutron master: add ovn ssl config  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86240321:19
mgariepyjamesdenton, done ^^21:21
jamesdentonthanks!21:22
mgariepyyou are welcome21:22
mgariepydo you have something to add to noonedeadpunk comment here  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/862403/comments/240adc70_5aa9d59f21:23
mgariepynot 100% sure about the handler stuff.21:25
opendevreviewMerged openstack/openstack-ansible-os_octavia master: Adopt output structure to new collections version  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/85507421:29
opendevreviewMerged openstack/openstack-ansible-os_octavia master: Adding octavia_provider_network_mtu-parameter parameter  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/86481921:29
*** dviroel is now known as dviroel|out22:00
« Monday, 2022-11-28 Index Wednesday, 2022-11-30 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!