Wednesday, 2023-01-11

« Tuesday, 2023-01-10 Index Thursday, 2023-01-12 »
hamidlotfiHi friends, I set up a multi-node environment with stable/ZED on OSA, after deploying an instance, the instance can not fetch metadata and all retries failed. 05:56
jrosserhamidlotfi: can I check, is this the first time you’ve reported that here?06:45
hamidlotfiactually this is a first time I've deployed OSA. (note: I didn't set any option in the config file,did I?)06:50
hamidlotfiYes, you can. what did you need to check.I can send any log file.06:52
hamidlotfijrosser: ^06:52
hamidlotfiIf I any change in the YAML file such as `os-neutron-install.yml`, it is enough to run playbook.yml or anything else?06:59
hamidlotfiI mean adding  new options in the ‍`user_variables.yml`and then deploying `os-neutron-install.yml`, is it correct?07:03
hamidlotfiwont it be messed up if I deployed again?07:04
jrosserhamidlotfi: you can make changes just to neutron yes by running only that playbook07:50
jrosserthere are also ansible tags that will skip everything except deploying config file changes too in order to speed things up07:50
jrosseryou should be able to make any changes you like to user_variables and run the playbooks as you need, that won’t mess up the deployment07:52
opendevreviewAndrew Bonney proposed openstack/ansible-role-systemd_networkd master: Handle omitted variables which appear as empty strings  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/86973608:09
hamidlotfijrosser: Thanks; I don't know what was the origin of the metadata problem and I don't know what does`neutron_vxlan_group: "239.0.0.1"`do, but now instances gets metadata stuff after 4 failed tries (https://pastebin.com/uuyYZKJH) after adding that option to the user_variables and deploying the neutron playbook. Do you have any idea? If it's the broadcasting neutron OVN IP, why it's not hard-coded by default?! 08:13
jrosserhamidlotfi: is this OVN? kinuxbridge?08:15
hamidlotfiYes OVN.08:15
jrosserhmm well in OVN each compute should be providing metadata locally08:18
hamidlotfiIn making the next servers, it doesn't even give a few limited errors anymore and builds quickly 08:19
jrosseris that on the same compute host?08:20
hamidlotfiI have two compute and all instance on them  is OK, now.08:23
hamidlotfi(Note: I'm using vxlan for the self-service network in the openstack_user_config)08:26
jrosserso your question about neutron_vxlan_group08:27
jrosserbroadcast traffic in vxlan is usually converted to multicast so it is sent to all tunnel endpoints, just like a L2 broadcast packet would be on a normal network08:28
jrosserand that variable is specifying the multicast group that should be used08:28
noonedeadpunkmornings09:11
noonedeadpunkmore OVN stuff coming in... Quite time to review docs then :D09:11
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Restore dynamic_inventory unit testing  https://review.opendev.org/c/openstack/openstack-ansible/+/86977609:24
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-haproxy_server master: Fix dict object key error when haproxy interfaces not defined  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/86979909:27
hamidlotfi>that variable is specifying the multicast group that should be used 09:35
noonedeadpunkandrewbonney: that patch is weird... There always should be an interface in the object and be at least an empty string (I guess)09:36
noonedeadpunkOh... Maybe not for extra_lb_tls_vip_addresses09:36
andrewbonneyYeah, I think that was the issue09:36
noonedeadpunkBut maybe jsut adjust this then https://opendev.org/openstack/openstack-ansible-haproxy_server/src/branch/master/vars/main.yml#L22 ?09:37
noonedeadpunknah, forget it, you;'re right09:37
hamidlotfijrosser: I deleted neutron_vxlan_group: "239.0.0.1" from the user_variables file and deployed again; Now there's no error related to metadata. Isn't it odd? Maybe it needs to run one time even you override deployment! 09:38
noonedeadpunkwe shouldn't require to supply key if it's not required09:38
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Restore dynamic_inventory unit testing  https://review.opendev.org/c/openstack/openstack-ansible/+/86977609:54
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Restore dynamic_inventory unit testing  https://review.opendev.org/c/openstack/openstack-ansible/+/86977610:14
jrosserlooks like centos mirror wierdness again10:26
jrosserhamidlotfi: well i'm not sure, making a config change to neutron will have the side effect of restarting some serivces10:26
jrosserso it could easily be we have some ordering issue with starting / restarting neutron and ovn things during deployment10:27
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Allow empty records for container_skel  https://review.opendev.org/c/openstack/openstack-ansible/+/86976210:52
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Prevent bootstrap failure when all roles/collections are overriden  https://review.opendev.org/c/openstack/openstack-ansible/+/86945910:56
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Sync ZFS pool names  https://review.opendev.org/c/openstack/openstack-ansible/+/86963410:56
moha7Hey11:02
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-haproxy_server master: Fix dict object key error when haproxy interfaces not defined  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/86979911:04
moha7My issue with the provider (external) network: The router gateway is not pingable from outside! Here is the provider network config used for deployment: http://ix.io/4kSN and this is what has been deployed: http://ix.io/4kSQ11:09
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/xena: Bump OpenStack-Ansible Xena  https://review.opendev.org/c/openstack/openstack-ansible/+/86981011:09
noonedeadpunkmoha7: So the thing is that not everyone here is aware about OVN specifics, so I can hardly answer if anything is wrong and how to debug OVN. So worth pinging someone with OVN expertise, like jamesdenton or mgariepy11:13
noonedeadpunkor spatel 11:13
noonedeadpunkor you can try out ovs driver in which more community members have expertise  :-)11:17
moha7+111:18
moha7jamesdenton, mgariepy: ^11:18
moha7https://www.irccloud.com/pastebin/fqevsdkm/11:29
moha7noonedeadpunk: Indeed, destiny led me to OVN! The first time I installed Zed, I realized that I'm facing something called OVN and I got suggestion to continue with it since this is the future path.11:29
moha7The problem with OVS is that it is not documented anywhere. I will have to write the OVS configuration all by myself, which I can't handle!11:30
jrossermoha7: there is an OVS scenario in the AIO - we test this11:30
noonedeadpunkAnd I bet there're docs for ovs as well11:35
noonedeadpunkmoha7: have you checked that? https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-openvswitch.html11:35
moha7Oh, Thanks; I'll give it a try12:13
noonedeadpunkif you're spinning up aio, then you can use SCENARIO=aio_ovs or smth like that12:26
moha7Is it necessary to have openvswitch-switch installed on the hosts? At moment, it's not installed on controllers.12:49
mgariepymoha7, your ip is not pignable do you know where it's hosted ?13:06
mgariepyif you have a bunch of network nodes and computes and do use the magical ovn dvr thing. step 1 is to look where it's scheduled. 13:06
mgariepymoha7, usually with this you will see the gateway chassis it's hosted on  `ovn-nbctl show`13:08
moha7I was not using `neutron_plugin_base:   - ovn-router` in the user_variables; Now I run another deploy to see what happens for the provider network.13:08
mgariepyanyhow, when you know where the ip is scheduled you can check if you see the packet on the physical interface and so on13:17
mgariepyhttps://blog.russellbryant.net/2016/11/11/ovn-logical-flows-and-ovn-trace/13:17
moha7mgariepy: This document: https://docs.openstack.org/project-deploy-guide/openstack-ansible/latest/targethosts.html does not explains how to create bridges on the hosts; For the OVN/OVS scenarios, should them be created by Open vSwitch, or this Ubuntu netplan configuration is ok: http://ix.io/4kTn ?13:20
mgariepyovs or ovn ? also if ovs what firewall driver are you using ?13:21
moha7mgariepy: I don't understand this phrases: "where the IP is hosted / where the ip is scheduled"!13:21
opendevreviewMerged openstack/openstack-ansible-lxc_hosts master: Remove "warn" paramter from command module  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/86965813:21
moha7I have issue with the external IPs. The hand of routers that is in the provider network is not pingable.13:23
mgariepywhat's your deployment ? aio ? or on a couple of machines? 13:23
moha7I mean, when I set a floating IP on an instance, I can not see it from outside of the OpenStack. 13:24
moha7Deployment: 3 Controller nodes and 2 Compute nodes13:24
moha7Os: Ubuntu 22.0413:24
mgariepyfor ovn some network can be created via ansible playbook here: https://github.com/openstack/openstack-ansible-os_neutron/blob/master/tasks/providers/setup_ovs_ovn.yml#L55-L8313:25
mgariepysame for ovs here: https://github.com/openstack/openstack-ansible-os_neutron/blob/master/tasks/providers/ovs_config.yml#L16-L4213:25
mgariepyok on ovn-northd container/host can you run `ovn-nbctl show` ?13:25
mgariepyfrom this page : https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-ovn.html#useful-open-virtual-network-ovn-commands13:27
mgariepyif you paste the output of `ovn-nbctl show` i can help you understand it.13:29
opendevreviewMerged openstack/openstack-ansible stable/yoga: Increase thread/process to 2 for keystone  https://review.opendev.org/c/openstack/openstack-ansible/+/86964213:30
moha7mgariepy: I run a deploy; I'm waiting to be finished! I'll send you the output ASAP.13:34
mgariepyok no worries. 13:34
opendevreviewMerged openstack/openstack-ansible stable/zed: Block unauthenticated Ironic API endpoints from untrusted networks  https://review.opendev.org/c/openstack/openstack-ansible/+/86964113:47
jamesdentongood morning. i have a call right now, moha7, but happy to help after13:51
jamesdentonFYI - OVS and OVN playbooks can create the ovs bridges for you, and connect them, there are some directives on that13:51
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/xena: Increase thread/process to 2 for keystone  https://review.opendev.org/c/openstack/openstack-ansible/+/86983013:57
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/xena: Increase thread/process to 2 for keystone  https://review.opendev.org/c/openstack/openstack-ansible/+/86983013:58
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/xena: Bump OpenStack-Ansible Xena  https://review.opendev.org/c/openstack/openstack-ansible/+/86981013:59
moha7I finally found an Open vSwitch configuration for Ubuntu netplan: https://github.com/canonical/netplan/blob/main/examples/openvswitch.yaml14:02
opendevreviewMerged openstack/openstack-ansible-os_cinder master: Remove rsync requirement for cinder  https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/86972514:03
moha7jamesdenton: "can create the ovs bridges"; On which config files and how I should tell those playbooks to creates bridges?14:06
jamesdentonsure14:06
jamesdentonwhich docs are you following for the install?14:07
moha7https://docs.openstack.org/openstack-ansible-os_neutron/zed/app-ovn.html14:07
moha7and: https://docs.openstack.org/project-deploy-guide/openstack-ansible/latest/targethosts.html14:08
jamesdentonperfect, let's look at the first one14:08
jamesdentonhttps://docs.openstack.org/openstack-ansible-os_neutron/zed/app-ovn.html#openstack-ansible-user-variables14:08
jamesdentonI assume you have the `neutron_provider_networks` key defined? 14:09
moha7jamesdenton: the config you introduced me, this one: `network-northd_hosts`, is not used in the first document.14:11
jamesdentonright - i was expecting it to not be necessary, but if it is, then i will need to update docs and/or make it automatic14:12
jamesdentonso, keep it there for now in your config, and i'll see what we need to do to make it not necessary to keep14:12
moha7jamesdenton: http://ix.io/4kU1 <-- `neutron_provider_networks`14:13
moha7Ah, I'm not sure if it's necessary!14:14
jamesdentonok, couple of things14:14
jamesdentonnetwork_mappings: "vlan:br-provider" --> with this, you are creating a provider label named 'vlan' and associating it with an OVS bridge named 'br-provider'. That's OK. In a lot of upstream documentation, the provider label is named 'physnet1'. The 'vlan' label is OSA specific and is a legacy identifier. You can name it whatever you want, and when you create provider networks, you will refer to the label name14:17
jamesdentonnetwork_interface_mappings: "br-provider:br-vlan" --> with this, you are directing OSA playbooks to create an OVS bridge named 'br-provider' and attach an interface named 'br-vlan' to that bridge. The 'br-vlan' linux bridge (probably defined in outdated, yet current, docs), is probably not the way I would go. Instead, define the interface you would've connected to br-vlan (ie. eth3 or bond1)14:18
jamesdentonExample: network_interface_mappings: "br-provider:bond1" --> That will instruct OSA playbooks to create OVS bridge named br-provider and connect bond114:18
jamesdentonnetwork_vlan_ranges: "vlan:1:4095" --> with this, you are directing OSA to configure the Neutron config files to allow tenant networks on the 'vlan' provider label to allocate any VLAN ID between 1 and 4095. Probably way too large of a range, especially for automatic tenant network allocation14:20
jamesdentonIf you look at the example neutron_provider_networks on that page, there should be some comments outlining why the settings are the way they are14:21
moha7`network_mappings: "vlan:br-provider" --> Can I use star `*` instaead of the vlan in this syntax?14:21
moha7`network_mappings: "vlan:br-provider"` --> Can I use star `*` instaead of the vlan in this syntax?14:21
moha7Thank you jamesdenton for the complete explanation you provided; I'll consider them14:24
jamesdentonfor network mappings? no, you cannot use a star. The mapping of 'label' to 'bridge' is required14:24
jamesdentonthat's a Neutron requirement, not OSA14:25
moha7to have differenet external network, then this would be the syntax: `"ext1:br-provider, ext2:br-provider"`, right?14:26
jamesdentonalmost; you need a separate bridge for each provider 'label'14:26
moha7Aha14:26
jamesdentonext1:br-provider, ext2:br-provider214:26
jamesdentonnetwork_interface_mappings: "br-provider:eth1,br-provider2:eth2"14:27
jamesdentonfor example, would be the corresponding interface mappings14:27
jamesdentonnetwork_mappings: "ext1:br-provider,ext2:br-provider2", for example, if your label to bridge mapping14:27
jamesdentonthe playbooks will automatically create the OVS bridges and connect the interfaces. That config is stored in the OVS DB and you do *not* need to configure netplan or ifupdown for that14:28
moha7In the future, when we need an extra external network, should be deployed by OSA, or we should create it (by ovs-vsctl) and add it to the ml2/openvswitch config file?14:28
jamesdentonideally, you would create it within OSA configs and rerun the appropriate playbooks14:28
jamesdentonin a pinch, we have been known to do both - update config files and then do it by hand, to avoid running playbooks in certain environments. But, that's a risk.14:29
jrosserfor extra external networks it might help to think about them all as vlans on a single interface if you can14:31
jrosserthen there is nothing to do when adding a new one except to issue the relevant openstack commands to create the network in neutron14:32
jamesdenton^^^ exactly.14:32
jamesdentona single provider bridge with an interface configured as a trunk allows Neutron to handle the VLAN tagging14:32
jrosserif you have to add a new phyiscal interface each time you want a new external interface then you are in for a bad time14:32
jrosserlike just don't ever use flat type networks14:33
jrossereven if you only have one, make it vlan type and specify the vlan id14:33
spatelaio default use OVN correct but what about manual deployment i believe it still use lxb correct?14:40
spatelI meant manual deployment of zed OSA on 3 node cluster14:40
spatelI meant manual deployment of zed OSA on 3 node cluster14:41
mgariepyspatel, https://github.com/openstack/openstack-ansible/commit/79fc2a604d6bdd9f5fc17bd170829f85c93a523914:43
spatelJust asking because i noticed it didn't install deploy ovn northd so assuming it still LXB (Doesn't it confuse people when they go to production?)14:43
spatelmgariepy i am confused now :D14:45
mgariepymaybe we should update the examople configs in etc/openstack_deploy/**14:45
spatelI deployed AIO and it used OVN then i deploy 3 node cluster using zed and its using LXB :(14:46
mgariepyyou did copy example openstack_user_config from the repo ?14:46
opendevreviewAndrew Bonney proposed openstack/openstack-ansible master: Add Glance tempest plugin repo to testing SHA pins list  https://review.opendev.org/c/openstack/openstack-ansible/+/86985014:47
spatelNo... I didn't copy anything all default (i assumed it will use OVN default driver)14:47
spatelThis is what i have - https://paste.opendev.org/show/b1B7uM9XS4KpuzzrtrL5/14:49
spatelIn short i have to manually tel ml2.ovn in user_variables.yml to deply ovn in Zed (3 node cluster scenario) 14:50
spatelor i missed something in notes.. 14:50
spatelI have to leave now.. I will check again but agreed we need to make doc little more clear about Zed and OVN relationship :D14:51
jamesdenton@spatel i think there's a bug with northd group not being defined automatically. i need to look at it15:35
noonedeadpunkUm, northd won't appear on it's own - it needs to be defined in openstack_user_config for sure15:52
noonedeadpunkthere's no magic there15:52
jamesdentonok then, i wasn't sure if it was something we could (or should) associate with the network hosts automatically15:53
jamesdentoni'll update the docs15:54
jrosseris northd a network hosts thing or an infra hosts thing?15:56
jrosserthis sounds a bit like bfore when we had neutron-api running on network nodes which didnt make total sense15:56
jamesdentonwell, if i had to pick, i'd prob say infra15:56
jrossersounds right15:58
mgariepyinfra also here :p15:59
mgariepycontroller is the only network one haha15:59
opendevreviewJames Denton proposed openstack/openstack-ansible-os_neutron master: Update OVN northd group documentation  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86985616:12
opendevreviewMerged openstack/openstack-ansible-ceph_client master: Define libvirt secrets from keyring files in ceph_extra_confs  https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/86797016:15
opendevreviewMerged openstack/openstack-ansible master: Fix comment typo in nova install playbook  https://review.opendev.org/c/openstack/openstack-ansible/+/86968616:24
NeilHanlonwe haven't seen any CI failures for rocky, have we ? someone mentioned it wasn't working from the instructions... something to do this afternoon16:25
opendevreviewMerged openstack/openstack-ansible master: Bump pip and wheel to latest versions  https://review.opendev.org/c/openstack/openstack-ansible/+/86971516:26
noonedeadpunkno, I don't think we have. I've seen epel being out sync for short time, but that's it16:27
noonedeadpunkI'd say it's likely config thing then OS-related16:28
NeilHanlonepel does be like that sometimes, doesn't it..16:33
noonedeadpunkoh yes, no kidding it does16:41
spatelI am back folks..17:01
spatelWhat is the default ML2 driver for zed? 17:02
spateljamesdenton ^^17:04
spatelhttps://docs.openstack.org/releasenotes/openstack-ansible/zed.html17:05
prometheanfirespatel: ovn https://github.com/openstack/openstack-ansible-os_neutron/blob/stable/zed/defaults/main.yml#L36117:05
spatelIts saying OVN but when i deployed on 3 node cluster why it didn't created ovn-northd container? 17:05
noonedeadpunkbecause `network-northd_hosts` must be mentioned in openstack_user_config17:06
spatelhttps://paste.opendev.org/show/b1hx5pxtT76kPyQ2liKi/17:06
noonedeadpunksee https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/869856/1/doc/source/app-ovn.rst#8117:07
spateloh that was missing in my case.. 17:07
noonedeadpunkspatel: and what has you defined in your openstack_user_config?17:07
spateli don't have network-northd_hosts in config.17:08
spatelLet me add and run playbook 17:08
prometheanfiresetup-hosts/infra first, forgot that myself17:09
spatelwhere are the example files? 17:10
spateli didn't see that in any example files.. 17:10
noonedeadpunkWell, we're trying to catch up with docs17:10
noonedeadpunkI've sent you a patch that does add it17:11
spatelI think we should rollout example file because that was my issue...17:11
noonedeadpunkyeah, sure...17:12
noonedeadpunkwe should update tons of things to be frank17:12
spatel+1 17:12
prometheanfireyep, always more work :D patches welcome17:13
spatelwe should create network-northd_hosts by default if didn't mention.. just put it next to neutron-server container 17:13
spatelthat is essential component of OVN 17:14
spatelif user want to move it anywhere else then he can... 17:14
spatellet me add and run... and verify functionality.. 17:14
jrosseri wonder if this is helpful really https://opendev.org/openstack/openstack-ansible/src/branch/master/etc/openstack_deploy/conf.d/neutron.yml.aio17:19
prometheanfireya, that's what tipped me off to that section being missing17:19
jrosserand i guess what i mean by helpful / unhelpful is why is that not in here https://opendev.org/openstack/openstack-ansible/src/branch/master/etc/openstack_deploy/openstack_user_config.yml.aio.j217:20
jrosseri see the point of the conf.d/*.aio files for peripheral services but maybe not so much for core things17:21
spateljrosser yes.. first thing i do delete all aio file when i deploy in production and that is what i did :(17:22
jrosserfor example identity_hosts is defined in the AIO template but also in keystone.yml.aio17:22
spatelso i lost that example..17:22
jrosserjamesdenton: what do you think about that ^17:22
jrosseris the neutron.yml.aio being separate counterproductive?17:23
spatelI would say we should make some stuff default in this example network-northd_hosts:  (if not define then install in infra* nodes)  it will reduce typing and error 17:23
jrosserdo we want to backport these ceph_client fixes?17:33
spatelnoonedeadpunk oh boy.. i have add this but still it didn't create ovn_northd container - https://paste.opendev.org/show/b05Zx6h5RPAkRfvLk0Jg/17:45
spatelI will debug later because its consuming my lots of time :(17:45
jamesdentonthats the wronggroup name17:46
noonedeadpunkjrosser: well, I'd say that aio.j2 is usually not refferenced as example17:46
noonedeadpunkBut openstack_user_config.yml.aio can and should contain network-northd_hosts for instance17:47
jamesdentonjrosser lemme get back to you shortly17:47
jamesdentonyou may have put it in env.d17:47
spatelwthhh17:48
noonedeadpunkis it wrong? 17:48
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/env.d/neutron.yml#L13017:48
spateldamn it... neutron_ovn_northd vs network-northd_hosts 17:49
jrosserimho aio.j2 is the most tested thing we have as it's used for all role tests17:49
noonedeadpunkBut it's not inlcuded into docs anywhere17:49
jrosserhmm17:49
spatelits easy to miss _ and - :(17:49
noonedeadpunkWhile many of others openstack_user_config.yml.* are17:50
noonedeadpunkLike for AIO we suggest copying stuff from conf.d at all https://docs.openstack.org/openstack-ansible/latest/user/aio/quickstart.html#bootstrap-the-aio-configuration17:51
jrosserhah i never read that before17:52
jrosserread/remembered17:52
jrosseri always set SCENARIO17:53
noonedeadpunkFor production example we do literal include17:53
noonedeadpunkhttps://github.com/openstack/openstack-ansible/blob/master/doc/source/user/prod/example.rst#deployment-configuration17:53
noonedeadpunkSo I'd say we should adjust these first, and j2 that we use in CI doesn't matter much as for documentation purposes17:54
noonedeadpunkalso we actually need northd conditionally, which is the main issue...17:54
noonedeadpunkOtherwise we could add it to `network-infra_containers` 17:55
jamesdentonhttps://github.com/openstack/openstack-ansible/blob/master/etc/openstack_deploy/conf.d/neutron.yml.aio17:55
noonedeadpunkbut then northd will be spawned for lxb/ovs as well which is wrong...17:55
jamesdentonthat's what i was referring to, conf.d, sorry17:55
jamesdentonspatel it's not just dash vs underscore, but prefix is network- not neutron-17:56
spatelyes.. just fixed that 17:56
jamesdentoncool, that should do it. 17:56
spateljamesdenton we should default set that on network_hosts:  instead of specify. 17:57
spatelIf user want to run somewhere else then he/she can use override 17:58
spatelit will make life easier 17:58
jamesdentonjrosser i don't see it being counter productive, but could be confusing if overlooked.17:58
jamesdentonor, just configure the group w/ alias and move on17:58
noonedeadpunkspatel: we can't do that18:01
spateluhu18:02
noonedeadpunkas I said earlier - this will result in creation of northd for lxb/ovs as well18:02
noonedeadpunkwhile it won't be utilized - contaier will be created18:02
jamesdentonthose are things i sometimes overlook, since aren't using lxc18:04
spatelwhy if ml2.ovn is set then merge group with network_hosts:  18:07
spatelor may be there factor complicate it.. 18:07
BobZAnnapolissorry folks, sorry to bug ya (again)...follow-up to yesterday's 'we rebooted our controllers and we're having issues' issue - we got the controllers back in sync, all the lxc-* containers on the controllers back in sync as well (we think) except now we can't create instances or volumes, we're having cinder issues :-( on the controllers, the cinder-api containers are logging. . .but. . .nothing is being logged i18:10
spatelIt must be mysql or rabbitmq out of cluster, i would check that first BobZAnnapolis 18:12
BobZAnnapolislxc-ls -f says all containers are up & running on all 3 controllers, rabbitmq clusterctl cmds indicate it is working fine - we're going to recheck keepalived & ha-proxy (again) but at last check, they were indicating "I'm ok"18:12
BobZAnnapolisspatel : thanks, will try that too18:12
opendevreviewMerged openstack/openstack-ansible-os_neutron master: Update OVN northd group documentation  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86985618:48
opendevreviewMerged openstack/openstack-ansible stable/yoga: Sync ZFS pool names  https://review.opendev.org/c/openstack/openstack-ansible/+/86963419:18
opendevreviewMerged openstack/ansible-role-systemd_networkd master: Fix static routes to use Destination rather than Source key  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/86973319:52
opendevreviewMerged openstack/ansible-role-systemd_networkd master: Handle omitted variables which appear as empty strings  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/86973619:55
opendevreviewMerged openstack/openstack-ansible-haproxy_server master: Fix dict object key error when haproxy interfaces not defined  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/86979920:27
BobZAnnapolisanother silly question, after sourcing openrc, i'm executing several CLI "openstack. . .list" commands - just "list" commands to retrieve running information, i was just now informed that "The account is locked for . . . ." (admin) ? What causes this condition, and is there some default upper limit # of cmds an admin user is allowed to execute ? tia20:40
mgariepynot in default install no.20:41
mgariepynot sure it's possible to rate-limit commands like that 20:41
BobZAnnapolisyeah it's a weird one, we have over a handful of systems up & running, i've been retrieving info from all of them - the other 4-5 are having no issues - just this 1 says that 'admin' a/c is now locked :-(20:45
mgariepyit's possible to have some config in  keystone for lockout_failures but it's not default for sure.20:46
BobZAnnapolisthx, looks like there is a "20 minute timeout when locked" condition in place somewhere as well - i was just able to get back in - i'll check keystone - 20:51
BobZAnnapolisfyi, keystone.conf "lockout_duration = 900"20:57
mgariepyanyone else uses that in keystone ?20:58
opendevreviewMerged openstack/openstack-ansible master: Add Glance tempest plugin repo to testing SHA pins list  https://review.opendev.org/c/openstack/openstack-ansible/+/86985021:12
opendevreviewMerged openstack/openstack-ansible stable/yoga: Prevent bootstrap failure when all roles/collections are overriden  https://review.opendev.org/c/openstack/openstack-ansible/+/86945921:12
opendevreviewMerged openstack/openstack-ansible stable/xena: Increase thread/process to 2 for keystone  https://review.opendev.org/c/openstack/openstack-ansible/+/86983021:12
spatelI never heard and had issue with lockout in keystone 21:15
spatelBobZAnnapolis What was the issue with controller, did you manage to find it? 21:16
BobZAnnapolisspatel : Sort of, not entirely tho. We have multiple separate systems running, the controller reboots worked flawlessly on 1 but when we repeated the procedure on another system, dumpster fire :-) we used existing troubleshooting docs,online docs, local knowledge to get the controllers back up - controllers looked ok but then we started having neutron & cinder issues, had to go down that rabbit hole (wink wink)21:36
mgariepythe dev systems always work flawlessly :P21:40
BobZAnnapolismgariepy : :-) close, 1 dev, 1 production worked flawlessly, 1 production went belly up21:44
mgariepyhaha :)21:44
mgariepyjust when you are super confident it will work. boom21:44
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_neutron stable/zed: Update OVN northd group documentation  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/86983422:15
opendevreviewJonathan Rosser proposed openstack/ansible-role-systemd_networkd stable/zed: Fix static routes to use Destination rather than Source key  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/86983522:15
opendevreviewJonathan Rosser proposed openstack/ansible-role-systemd_networkd stable/yoga: Fix static routes to use Destination rather than Source key  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/86983622:15
opendevreviewJonathan Rosser proposed openstack/ansible-role-systemd_networkd stable/xena: Fix static routes to use Destination rather than Source key  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/86983722:15
opendevreviewJonathan Rosser proposed openstack/ansible-role-systemd_networkd stable/wallaby: Fix static routes to use Destination rather than Source key  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/86983822:15
opendevreviewJonathan Rosser proposed openstack/ansible-role-systemd_networkd stable/zed: Handle omitted variables which appear as empty strings  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/86983922:16
opendevreviewJonathan Rosser proposed openstack/ansible-role-systemd_networkd stable/yoga: Handle omitted variables which appear as empty strings  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/86984022:16
opendevreviewJonathan Rosser proposed openstack/ansible-role-systemd_networkd stable/xena: Handle omitted variables which appear as empty strings  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/86984122:16
opendevreviewJonathan Rosser proposed openstack/ansible-role-systemd_networkd stable/wallaby: Handle omitted variables which appear as empty strings  https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/86984222:17
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server stable/zed: Fix dict object key error when haproxy interfaces not defined  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/86984322:17
« Tuesday, 2023-01-10 Index Thursday, 2023-01-12 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!