Monday, 2023-01-09

« Sunday, 2023-01-08 Index Tuesday, 2023-01-10 »
jrossermorning08:35
*** priteau_ is now known as priteau08:58
noonedeadpunkmornings09:00
noonedeadpunkah. all rechecks are issued - thanks :)09:28
noonedeadpunkHm, I wonder if that is correct for zfs scenario: https://zuul.opendev.org/t/openstack/build/030e6482a2094616bf2a44866495ca75/log/logs/host/syslog.txt#309209:33
jrossernoonedeadpunk: on my nodes /var/lib/machines is ext4, and i think that the base image is then copied to pool/var/lib/lxc when it is imported into lxc09:56
noonedeadpunkyeah, likely you're right....09:57
jrossera tar file is created then imported into lxc here https://github.com/openstack/openstack-ansible-lxc_hosts/blob/master/tasks/lxc_cache_create.yml#L7109:58
jrosser`pool/var/lib/lxc/ubuntu-focal-amd64                           369M   836G      369M  /var/lib/lxc/ubuntu-focal-amd64/rootfs`09:58
noonedeadpunkthat is exactly the task that fails fwiw09:59
jrosseryes i was just seeing that here https://zuul.opendev.org/t/openstack/build/9933567162054355a53c5e137127e38e/log/job-output.txt#792810:00
jrosser`--quiet` may not be helping there to see what is wrong10:01
jrossermaybe we need a hold on that job10:03
jrosserat least the command that it tried is printed, so can be done manually to see what is going on10:03
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-plugins master: Add variable to control no_log in db_setup role  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/86954610:10
noonedeadpunkWell, I can't reproduce the issue in aio - I tried 5 times for sure10:14
noonedeadpunkBut yeah, removing --quiet might be helpful 10:16
admin1radosgw-admin bucket list  will return something like: 711138fc95764303b83002c567ce0972/demo  ( where the uuid is with the bucket name) .. I have an openstack where ceph is done separately using ceph-ansible and even using the exact same configs in ceph.conf,  bucket list returns just the bucket name without the UUID ..  what this is doing is10:17
admin1when I try to make the bucket public, it says NoSuckBucket ... checking if anyone has seen this before or knows a fix 10:17
admin1the first one (working) is from an AIO . 10:18
opendevreviewMerged openstack/openstack-ansible-os_octavia stable/xena: Use focal amphora test image by default  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/86903710:21
noonedeadpunkAre you sure that uuid is bucket name and not project uuid?10:32
noonedeadpunkjrosser: nasty typo in 86954610:34
jrosserdoh10:34
noonedeadpunkbtw I don't really see how to drop quiet from lxc command :(10:34
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-plugins master: Add variable to control no_log in db_setup role  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/86954610:34
noonedeadpunkit's hardcoded, doh https://github.com/ansible-collections/community.general/blob/main/plugins/modules/lxc_container.py#L82610:35
noonedeadpunkthe hold it is10:36
admin1noonedeadpunk, it is project uuid in aio .. and i am trying to replicate that somehow 10:51
noonedeadpunkAre you sure you have rgw_swift_account_in_url = true in your conf?10:52
noonedeadpunkAlso keystone endpoint format matters there10:52
admin1endpoint is  https://domain.com:8080/swift/v1/AUTH_%(tenant_id)s 10:53
admin1and config is exactly the same as AIO -> https://lists.ceph.io/hyperkitty/list/ceph-users@ceph.io/thread/EY47EPAAUL5W6U2MQNWEO5F3ITFHUZB3/10:53
admin1using openstackcli, and also horizon, i can create buckets, upload objects, download objects etc and it works .it breaks when the bucket is set to mode public 10:55
noonedeadpunkHm, we have `rgw_enable_apis = swift` not `rgw_enable_apis = swift,s3` in AIO?10:55
noonedeadpunkyeah, only swift, you're right10:56
admin1what i have is one aio up and running, and i have replicated all configs from there 10:57
noonedeadpunkyeah. I see10:57
noonedeadpunkmaybe smth in openrc....10:58
noonedeadpunkbut horizon is valid argument10:58
noonedeadpunkEventually, I faced issues with trying to make bucket public, but it was quite a while ago and iirc related to bug in rgw that was fixed10:59
hamburglerhey all! Was wondering with the openstack-ansible zed release as of December if the OVN deployment is considered production ready now? TIA :)11:48
opendevreviewMerged openstack/openstack-ansible-os_octavia stable/wallaby: Use focal amphora test image by default  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/86903812:06
admin1noonedeadpunk, does a service name make a difference ? service name swift vs  radosgw  ? 12:09
moha7Is it necessary to `have nova_nova_conf_overrides:\n   DEFAULT:\n   force_config_drive: true` in the user_variables file? I don't have it currently and metadata (as in hostname) is not assigned to the instances! the log an instance (Cirros): checking http://169.254.169.254/2009-04-04/instance-id, failed 1/20: up 5.69. request failed12:09
admin1i think that is the diff i have 12:10
jrosserradosgw is providing the swift service12:10
jrossermoha7: that should not be necessary12:11
noonedeadpunkmoha7: it depends on your networking actually. In case metadata is accessed through net - there should be either l3 router or dhcp server exist for the network12:11
jrosser^ neturon l3 router / dhcp agent12:11
admin1i mean in endpoint list,     i added object-storage with service name: switft    . in AIO i see it added as radosgw 12:12
admin1so maybe that is what is causing mine to not work ..  ( not creating buckets with the project uuid ) 12:12
admin1that is, if service-name makes a difference 12:13
jrosseri would not expect that to make a difference12:14
admin1changed to radosgw .. did not made any diff 12:20
noonedeadpunkand I assume ceph versions output is the same?12:50
noonedeadpunkpleasent thing here is that aio works :D12:50
moha7which one is correct for: `neutron_plugin_base` --> `neutron.services.ovn_l3.plugin.OVNL3RouterPlugin` or `networking_ovn.l3.l3_ovn.OVNL3RouterPlugin`?12:52
opendevreviewMerged openstack/openstack-ansible stable/zed: Add gate_log_requirements function  https://review.opendev.org/c/openstack/openstack-ansible/+/86902512:53
moha7jrosser: then what's the reason of `checking http://169.254.169.254/2009-04-04/instance-id, failed`, any previous experience? (ref: https://serverfault.com/a/1114711 )12:56
jrosser if for some reason 169.254.169.254 is not accessible from your instance then cloud-init will fail to get the metadata12:57
jrosseryou can choose to use either http or config drive12:57
jrosserthe default in openstack-ansible is http12:58
moha7noonedeadpunk: Regarding accessing metadata through net or locally, what's the default behavior? I did not set any special config in user_variables.yml12:58
jrossermoha7: the default is to use http12:59
jrosserthere would not be anything in user variables as cloud-init is baked into the images you use12:59
jrosserit will try the http method12:59
jrossermoha7: do you have a neutron router in your network?13:00
moha7no, I don't created a router yet.13:02
moha7didn't have*13:02
moha7Is it related to the issue?13:03
jrosseryes13:06
noonedeadpunkdamn, I'm again struggling without host_containers /o\13:06
jrossermoha7: the neutron router is the thing that understands where 169.254.169.254 is13:06
jrosserand this relies on the gateway of your network having a route to that IP13:07
noonedeadpunkI need suuuuper simple thing.....13:09
mgariepyhey i'm back !13:09
mgariepyhappy new year everyone.13:10
jrosseropendev.org cloning is sooooo slow for met today13:10
noonedeadpunkAnd I made it working for Xena ;(13:12
moha7I would appreciate it if it's possible to see sample config files (`user_variables.yml`, `openstack_user_config.yml`) of your lab environments (Zed with the OVN networking stack.).13:12
jrossermoha7: did you make an all-in-one? this is the reference13:13
moha7jrosser: I created an internal network (for example, named netint) that is necessary to create an instance. In this case, it can not inject hostname and key pairs (metadata) into the instance, but the instance selects an IP from the `netint` subnet range.13:17
moha7Then, I created a router, named r1, that one of its hand is in the *netin* network, what about the other hand of router?13:17
jrosserthat does not really matter for metadata13:18
jrosserdid you get an IP from dhcp?13:18
moha7jrosser: I tried several times, but I have more problems with AIO and finally it was not deployed! At least now I have brought up the Muktinode environment without errors, but there is no reference for its network settings13:19
moha7jrosser: Yes, it gets IP from DHCP of netint13:20
jrosserthe thing is we run the AIO multiple times every day as our CI job, it is exactly the same13:20
jrosserif you are having trouble with it then either 1) we have a bug with the AIO 2) the documentation is wrong 3) something in your environment13:20
jrosseranywan13:20
jrosseranyway....13:20
moha7Previously I had same issue with OVS, and solved with this solution: https://serverfault.com/a/111471113:21
jrosserif you are getting an IP with DHCP then the neutron DHCP agent will give the instance some routes13:21
jrosserbut you don't have a router?13:21
jrossersorry but i keep saying that without a neutron router then i don't think you are going to have success with the metadata over http13:22
moha72) The documentation does not explain the issue well. I went exactly from the document and every time I did not succeed even though I posted the problems here.13:23
noonedeadpunkjrosser: but isn't without router metadata spawned in dhcp namespace?13:23
jrosserperhaps i don't understand properly13:24
jrosserbut i have `169.254.169.254 via 132.185.118.101 dev eno1np0 proto dhcp src 132.185.118.225 metric 101`13:24
jrosserthis route sends the metadata request to the router IP13:24
jrosseroh well... let me check that actually13:25
noonedeadpunkIt depends 13:25
jrosserif there is no router then is that the IP of the dhcp agent?13:25
noonedeadpunkYou can force metadata from dhcp. But default is server from l3 if l3 exists and from dhcp if it doesn't13:25
jrosserthere must be a route though, else how can you curl that IP?13:26
moha7jrosser> to check if I have arouter there, on which LXC container I should run `ip netns`? I tried on utility and neutron_server and didn't returned anything!13:26
noonedeadpunkbut route can be provided by dhcp?13:27
jrosseroh yes sure13:27
noonedeadpunkor well, it's provided by dhcp anyway13:27
jrossermoha7: the neutron agents are not in containers, just on the hosts13:28
noonedeadpunkhttps://docs.openstack.org/neutron/latest/configuration/dhcp-agent.html#DEFAULT.force_metadata13:28
jrossermoha7: if you can give specific issues with the AIO then we can try to replicate them and help13:28
noonedeadpunkOh, sorry, https://docs.openstack.org/neutron/latest/configuration/dhcp-agent.html#DEFAULT.enable_isolated_metadata13:28
jrosserwell anyway those both default to false13:29
noonedeadpunkbut we have that enabled by default13:29
jrosseroh :)13:29
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/templates/dhcp_agent.ini.j2#L1913:29
jrosseranyway isnt this all different for OVN anyway?13:29
noonedeadpunkit is )13:30
moha7jrosser: Sure, I'll install AIO again and reports issues here13:30
jrossermoha7: you are using the Zed release?13:31
moha7Yes, stable/zed13:31
moha7> neutron agents are on the hosts13:32
moha7So, `ip netns` on the controller hosts?13:32
jrosserwell yes but i don't know how this works for OVN at all13:33
noonedeadpunkit's all in OVN somewhere somehow...13:35
noonedeadpunkworth summoning jamesdenton13:36
moha7The author of this blog post https://satishdotpatel.github.io/openstack-ansible-multinode-ovn/ uses this option `neutron_metadata_checksum_fix: False` in its user_variables.yml. I'm going to add it there, maybe solved!13:36
moha7`ip netns` has no output on all hosts. @jamesdenton 13:37
noonedeadpunkblogpost ^ it's not fully relevant for Zed13:37
jrosseri'm not sure `neutron_metadata_checksum_fix` even exists?13:39
jrossercodesearch suggests that it does not13:39
moha7)': I need a network config file as a reference!13:40
jrossernot for an AIO :)13:40
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-plugins master: Limit maximum number of threads for parallel git clone  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/86956413:48
jrosser^ ampere fix13:49
andrewbonneynoonedeadpunk: might there be something wrong with the git sha bump script? Just noticed the stable/zed hash for Neutron is quite a way behind, and didn't move forward in https://github.com/openstack/openstack-ansible/commit/b2b61f792eae06a3b5042065f9ef0f5439ca356e14:03
moha7by adding `neutron_metadata_checksum_fix` to user_variables.yml file and running `os-neutron-install.yml`, now the metadata issue solved!14:03
moha7spatel: ^14:04
spatelnoonedeadpunk i am having issue with zed - https://paste.opendev.org/show/bXer4dyXV5911o8aWBrU/14:04
noonedeadpunkandrewbonney: we had a bug in Neutron so I manually bumped it behind14:04
spatelmoha7 +114:04
andrewbonneyAh fair enough - I must have missed it14:04
noonedeadpunkspecifically https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86904214:05
noonedeadpunkwtf is neutron_metadata_checksum_fix....14:05
jamesdentonmornin14:07
moha7spatel: Have you updated the blog post you wrote to reflect the latest changes in Zed? It does not have some features, for example: ‍‍`network-northd_hosts: *controller_hosts‍‍` and `network-gateway_hosts: *compute_hosts`14:07
spatelmoha7 i started playing with zed but stuff in git clone issue which i want to discuss with noonedeadpunk 14:08
jamesdentoni do not think it's updated, yet. seeing issues, moha7?14:08
spatelMy blog lab only tested on wallaby release. I want to test on zed 14:10
moha7I deployed a multinode env successfully. I had an issue with injecting metadata in instances that is solved by `neutron_metadata_checksum_fix: false` as is used in that blog posts. The only remaining issue is the provider network that seems there's no config set in the neutron settings!14:10
jamesdentonin ml2_conf.ini you don't see anything under ml2_type_vlan?14:12
spatelmoha7 what is the deal of provider network? 14:12
moha7Everything works other than the external network. Not possible to create external network saying: ` Error: Failed to create network netext. Details: Invalid input for operation: physical_network 'provider' unknown for VLAN provider network. Neutron server returns request_ids: ['req-88e75dd5-f176-4de2-8582-4b160b9761f2'] `14:12
moha7Should I have create any bridge manually?14:13
jamesdentonin openstack_user_config.yml did you setup provider_networks?14:13
jamesdentonor did you do that in user_variables.yml?14:13
opendevreviewMerged openstack/openstack-ansible stable/yoga: Disable sahara tempest tests  https://review.opendev.org/c/openstack/openstack-ansible/+/86715214:14
moha7jamesdenton: http://ix.io/4kJ5 <-- openstack_user_config.yml14:15
jamesdentonperfect. see the one whose container_bridge is br-provider?14:15
jamesdentonand see how the net name is 'vlan'?14:15
jamesdentonnet_name is the label14:15
moha7user_variables.yml: http://ix.io/4kJ614:15
jamesdentonthe provider label. so, create your provider network with --provider-physical-network vlan instead of --provider-physical-network provider14:16
moha7I didn't get this : "see the one whose container_bridge is br-provider", May you explain it more?14:16
jamesdenton        container_bridge: "br-provider"14:16
jamesdentonline 3814:17
jamesdentonhttps://paste.opendev.org/show/bdxw1T43FYhc1wON4mpf/14:17
jamesdentonline 44 is 'net_name'. 14:17
jrosserspatel: i am just doing stable/zed AIO and i have no problem with git clone at all14:18
spatelI tried on 3 machine and encounter same error 14:19
spatelI am using ubuntu 20.04.5 release14:19
moha7Yesssssssss! the name was 'vlan'. Created.14:20
spatelif i switch to 25.x.x tag then no error but switch to 26.0.0 encounter git error 14:20
spatelI am clueless :(14:20
jamesdentonmoha7 nice!14:20
moha7Thanks14:20
jrosserspatel: what is `neutron_metadata_checksum_fix`14:20
jamesdentonsure. If you run 'ovs-vsctl list open_vswitch', and look at external_ids, you'll see the label:interface mapping in ovn-bridge-mappings. ie. ovn-bridge-mappings="vlan:br-provider"14:21
spatelI am trying to recall.. what the heck is checksum_fix 14:22
jrosserspatel: well this is the thing - i can't find it14:22
spatelmoha7 can you remove neutron_metadata_checksum_fix and try.. because you said you encounter error 14:23
spatelIts been long time now do i have no recollection of that flag. 14:23
moha7Ok, I remove `neutron_metadata_checksum_fix` again and see what happens for the metadata14:24
jamesdentonFYI: with OVN you should see some 'ovnmeta' namespaces, likely on the computes. The traditional DHCP and Metadata agents should not be running, though someone mentioned they might be installed and i need to look into that14:25
jrosserjamesdenton: i'm just running a stable/zed AIO so can check some of this14:26
jamesdentonkk14:26
spateljrosser let me give you full output of bootstrap-ansible14:28
spateljrosser holy crap! it works now.. without error 14:30
spatelthat is freaking odd... 14:30
spatelshould i blame internet for it? 14:30
spatelor git?14:31
jamesdentonthe internet is a series of tubes. and sometimes those tubes have problems.14:35
spatelVery odd that yesterday 3 time i got same error on 3 different machine.. but this morning every just works. scary 14:36
spateljamesdenton we have no way to migrate from lxb to ovn correct? (even with small downtime) 14:37
jamesdentonhttps://www.jimmdenton.com/migrating-lxb-to-ovn/14:37
jamesdentonno automated way14:37
spatelso there are no way we can put your blog steps in playbook :) 14:41
jamesdentonWell, someone prob could. There's nothing too crazy from what i recall. I would not want OSA responsible for that14:42
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_ironic master: Update IPA image for the Zed release  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/86957014:49
jrosserandrewbonney: ^14:49
noonedeadpunkjrosser: oh... zfs thingy is interesting....14:53
jrosserhmm14:53
noonedeadpunkSeems like pool name is trimmed somehow https://paste.openstack.org/show/bH7ZMrIXYbkj4IoZCGNm/14:54
noonedeadpunkBut yes, I think it depends on volume or not https://opendev.org/openstack/openstack-ansible/src/branch/master/tests/roles/bootstrap-host/tasks/prepare_loopback_zfs.yml#L29-L3714:55
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Add reminder to contributor docs to update amphora/IPA images  https://review.opendev.org/c/openstack/openstack-ansible/+/86957414:55
jrosserwe gave a custom pool name i think?14:55
noonedeadpunkYup14:56
noonedeadpunkWill push patch now14:57
jrosserwell here for the loopback case https://github.com/openstack/openstack-ansible/blob/e697bed2cea5ea5e49ae7f03c10650b8aec77bc8/tests/roles/bootstrap-host/tasks/prepare_loopback_zfs.yml#L3014:57
jrosserargh https://github.com/openstack/openstack-ansible/blob/e697bed2cea5ea5e49ae7f03c10650b8aec77bc8/tests/roles/bootstrap-host/tasks/prepare_data_disk.yml#L11714:57
jrosseri see14:57
jrosserwhy did this not break a load before14:58
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Sync ZFS pool names  https://review.opendev.org/c/openstack/openstack-ansible/+/86957515:07
noonedeadpunk I think we've "fixed" another path not that long ago15:08
noonedeadpunkjrosser: for https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/869546 - I guess we want also same patches for service_setup and mq_setup?15:15
noonedeadpunkor maybe worth using same var for all these cases?15:15
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/zed: Prevent bootstrap failure when all roles/collections are overriden  https://review.opendev.org/c/openstack/openstack-ansible/+/86945815:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Prevent bootstrap failure when all roles/collections are overriden  https://review.opendev.org/c/openstack/openstack-ansible/+/86945915:17
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/zed: Define name for all collections in a-r-r  https://review.opendev.org/c/openstack/openstack-ansible/+/86946015:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Unify vars for glusterfs RHEL variants and remove rocky-8 workaround.  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/86611615:26
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins stable/zed: Update TOX_CONSTRAINTS_FILE for stable/zed  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/86749815:26
jrosserdarman: did you find why your deployment was slow in the end?16:03
spatelnoonedeadpunk If i deploy ldap backed keystone on multi-region cloud  just for identity. in that case how does horizon provide multi-region support?16:18
spatelIn that case can i have drop-down menu in horizon to select region and my token will get pass automatically to other region?16:18
noonedeadpunkspatel: you will still need to configure horizon from what I can recall and tell it which regions should it supprot16:21
noonedeadpunkI'm not sure if there is autodetection of regions - maybe there is but I just never used that16:22
spatelOk, i will put those region entry in horizon but my question is how does they pass token between region ?16:22
noonedeadpunkbut yes, you should be able to do that16:22
noonedeadpunkum, your token is in cookies16:22
noonedeadpunkso it's always in browser, and horizon just set cookies for you upon login16:23
spatelyou are saying if LDAP is backend and sharing password between region then horizon will do magic with cookies and just redirect to other region without login screen16:23
noonedeadpunkin theory - yes16:23
noonedeadpunkin practise - never used ldap16:24
noonedeadpunk(for keystone)16:24
spatelhmm! I am using LDAP but never thought i can do this setup :)16:24
spatelNow thinking to do that because its easy to handover single horizon instead 5 horizon URL16:24
spatelWhat if i sync user/password in mysql using ansible script between region ? 16:25
spatelin that case it should work correct?16:25
noonedeadpunkWell, you can configure any horizon to serve any openstack deployment, even for some third-party provider16:25
noonedeadpunkand any amount of providers. But yes, question if how good switching between regions will be16:26
spatelnoonedeadpunk do you have handy horizon variable to set muti-region using OSA? 16:55
spatelI believe just need to set AVAILABLE_REGIONS = [ foo, bar] correct?16:56
opendevreviewMerged openstack/openstack-ansible-plugins master: Limit maximum number of threads for parallel git clone  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/86956417:20
admin1not sure if you guys know, but telling anyway .. when a bucket is created in horizon, what project is actually connecting to ceph and sending the bucket-create command ? 17:31
admin1but asking*17:31
jrossernoonedeadpunk: for your isolated deployment, did you override all of the openstack service repo URLs individually?17:34
opendevreviewMerged openstack/openstack-ansible-os_nova master: Enable rbd download when nova_glance_rbd is in use  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/86907318:01
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-plugins stable/zed: Limit maximum number of threads for parallel git clone  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/86946318:53
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-plugins stable/yoga: Limit maximum number of threads for parallel git clone  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/86946418:53
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_ironic stable/zed: Update IPA image for the Zed release  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/86946518:55
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_nova stable/zed: Enable rbd download when nova_glance_rbd is in use  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/86946618:55
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_nova stable/yoga: Enable rbd download when nova_glance_rbd is in use  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/86946718:56
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Bump ansible version to 2.14.1  https://review.opendev.org/c/openstack/openstack-ansible/+/86959919:13
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-plugins master: Add variable to control no_log in mq_setup role  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/86960219:19
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-plugins master: Add variable to control no_log in service_setup role  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/86960419:26
prometheanfiredamiandabrowski: that worked, thanks19:45
opendevreviewMerged openstack/ansible-role-pki stable/wallaby: Ensure CA privatekey permissions  https://review.opendev.org/c/openstack/ansible-role-pki/+/86763420:01
mgariepyjamesdenton, what is the purpose of the br-tunnel here: https://review.opendev.org/c/openstack/openstack-ansible/+/867577/5/doc/source/reference/figures/networking-openvswitch-cn.drawio.png20:21
mgariepyooops : https://review.opendev.org/c/openstack/openstack-ansible/+/867577/5/doc/source/reference/figures/networking-ovn-cn.drawio.png20:22
mgariepythis one .. ;)20:22
mgariepywhen using ovs with iptables firewall driver you need a bridge for it but when using openvswitch fw driver you can just bind it to the interface ip directly.20:23
mgariepywith ovn you don't really have an option for iptables20:23
jamesdentonlet me see...20:32
jamesdentonahh, so it's really just meant to replace the bridge we had called 'br-vxlan'20:33
jamesdentonwhich, depending on your setup, may not really be a bridge20:34
jamesdentonit just needs to be a layer 3 interface20:34
jamesdentonthe interface where the TEP (vtep) is configured20:34
mgariepywhat i do it usualy only create a vlan on top of the bond20:34
jamesdentonyep, same thing, really.20:34
jamesdentoni didn't rock the boat here, and went based on the original diagram: https://review.opendev.org/c/openstack/openstack-ansible/+/867577/5/doc/source/reference/figures/networking-neutronagents.png20:35
jamesdentonbr-vxlan near the bottom20:35
jamesdentonbut we can forgo br-vxlan/br-tunnel altogether and just recommend a tagged interface20:35
mgariepyyep good.20:37
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: [doc] Update repositiories for mirroring  https://review.opendev.org/c/openstack/openstack-ansible/+/86850621:38
prometheanfirejamesdenton: oh, for ovn, how do we tell it which interface to use for the overlay network?22:27
jamesdentonovn-encap-ip is a parameter for ovs, that specifies the local tunnel endpoint addr22:28
jamesdentonthe playbooks set that automagically22:29
jamesdentonsame mechanism that was used for lxb and ovs in the past22:29
jamesdentonhttps://github.com/openstack/openstack-ansible-os_neutron/blob/c00039c7b0c6006ad5feff1254d99c4245b9cd3e/tasks/providers/setup_ovs_ovn.yml#L3822:29
prometheanfireok, I'll look for the magic bits22:29
prometheanfireoh, thanks :D22:30
jrosserthe way that neutron_local_ip is determined there is exactly the same as it always was for linuxbridge etc22:31
prometheanfirehttps://github.com/openstack/openstack-ansible/blob/master/playbooks/common-tasks/dynamic-address-fact.yml22:33
opendevreviewMerged openstack/openstack-ansible stable/zed: Unset OSA-defined variables for bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/86827022:36
jamesdentonIIRC you will want 'tunnel' defined under cidr_networks in o_u_c, then if you have an interface configured with an IP in that CIDR, its addr is used for neutron_local_ip22:41
jamesdentonotherwise, the default is the mgmt ip of the host. likely undesirable, but works22:42
prometheanfireah, think we have that ya22:42
prometheanfirereused the same network from vxlan22:42
jamesdentonyou can see what the host is using with the following: ovs-vsctl --columns=external-ids list open_vswitch22:44
prometheanfireok, no issue then, nice to know how it works though, (ref of a ref, kinda)22:46
opendevreviewMerged openstack/openstack-ansible stable/yoga: Install ZFS packages for bootstrap-host if needed  https://review.opendev.org/c/openstack/openstack-ansible/+/86827422:46
« Sunday, 2023-01-08 Index Tuesday, 2023-01-10 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!