| opendevreview | OpenStack Proposal Bot proposed openstack/openstack-ansible master: Imported Translations from Zanata https://review.opendev.org/c/openstack/openstack-ansible/+/871929 | 03:24 |
|---|---|---|
| *** akahat is now known as akahat|ruck | 07:01 | |
| *** akahat|ruck is now known as akahat|rover | 07:01 | |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/yoga: Bump OSA for stable/yoga to cover CVE-2022-47951 https://review.opendev.org/c/openstack/openstack-ansible/+/871834 | 08:32 |
| moha7 | Do you update-upgrade hosts' operating systems? For example, if Ubuntu has been installed on controller&compute nodes, do you regularly run `apt update && apt -y upgrade`? | 09:33 |
| noonedeadpunk | I wouldn't run upgrade on compute hosts and net nodes without evacuating vms/namespaces from them | 09:59 |
| kleini | I think, OSA configures through ansible-hardening role unattended upgrades in Ubuntu by default. | 10:07 |
| moha7 | Ah, net nodes; I remembered a question (: | 10:11 |
| moha7 | jamesdenton: Do you recommend separating network nodes in an OVN-based production env? | 10:11 |
| noonedeadpunk | kleini: oh, does it ? :D | 10:15 |
| noonedeadpunk | I'm not sure it's default? | 10:15 |
| noonedeadpunk | https://opendev.org/openstack/ansible-hardening/src/branch/master/defaults/main.yml#L312 | 10:17 |
| noonedeadpunk | it's disabled by default, yeah | 10:17 |
| moha7 | there's no more line for Ubuntu having `automatic_package_updates`in that link! | 10:20 |
| moha7 | If you were going to employ someone to join to your OpenStack team, what would the questions you asked him? What about a 1-week project you asked for? | 10:22 |
| noonedeadpunk | lol, we're trying to hire someone for last 2 years without good results - are you sure you want my advice? :D | 10:37 |
| opendevreview | Merged openstack/openstack-ansible stable/zed: Bump OSA for stable/zed to cover CVE-2022-47951 https://review.opendev.org/c/openstack/openstack-ansible/+/871830 | 10:51 |
| opendevreview | Merged openstack/openstack-ansible master: Imported Translations from Zanata https://review.opendev.org/c/openstack/openstack-ansible/+/871929 | 10:51 |
| moha7 | noonedeadpunk: ((= | 11:46 |
| *** tosky_ is now known as tosky | 12:55 | |
| admin1 | i have hired a lot of people for openstack roles in the past .. look for their knowledge in openstack based on the role .. support or infra | 13:20 |
| admin1 | if support, how to handle customers and common tasks ( level 1/ 2 ) | 13:20 |
| admin1 | if infra, more on troubleshoting , how much they know in depth | 13:21 |
| admin1 | also some can be hired with no knowledge of openstack, but good knowlege on virtualization, storage, api, bits of programming etc | 13:21 |
| admin1 | at the end ( for me ) its a bunch of apis provided by microservices .. but if the person knows about kvm, iscsi, nfs , ovs etc , he can understand and do well .. at least, that has been my experience | 13:22 |
| noonedeadpunk | It's so hard to find proper linux engineer even these days... | 13:31 |
| noonedeadpunk | As everyone are "devops" | 13:31 |
| noonedeadpunk | openstack can be taught indeed quite fast if needed | 13:31 |
| noonedeadpunk | but again then you would need to spent quite some time for learning and once they learn - they leave D | 13:33 |
| mgariepy | it's not easy to find ppl. | 13:40 |
| noonedeadpunk | would be sweet to get reviews on https://review.opendev.org/q/topic:bump_osa+status:open | 13:56 |
| jamesdenton | moha7 If you can swing pulling down provider networks to each compute, that's probably the way to go. Meaning, make the computes gateway chassis | 14:35 |
| mgariepy | how far are you pushing for the CVE? are you waiting on the patches to merge then update down to V ? os U T S ? | 14:37 |
| moha7 | Generally, is it a good idea to separate the net nodes? I checked the documentation of Red Hat, Ubuntu and others, except for one case about Mirantis, this isolation from controllers is not done anywhere else. | 14:37 |
| admin1 | moha7, it depends on your network domains and how you expect traffic .. if internal, you do not have to .. if you are doing public and expect ddos or probes or slow tcp that can affect other traffic ( if sharing the same network card ) then you might want to isolate those domains | 14:39 |
| admin1 | if single bond or network card, and you are doing vxlan and vlan with mgmt, then vxlan ( east-west) can eat the bandwidth when users copy large files or do stuff - -which is totally beyond your control | 14:39 |
| admin1 | so you want to think about isolating that in the design | 14:39 |
| jamesdenton | for a small-medium environment, having network+controller co-located is usually not a problem. But, if you find resource contention then you can consider breaking them out. It's really that simple | 14:41 |
| jamesdenton | that goes for any of the services | 14:41 |
| mgariepy | medium is up to how many nodes ? | 14:52 |
| mgariepy | the line is kinda blury | 14:53 |
| noonedeadpunk | I guess that depends on the throughput mostly? | 14:53 |
| noonedeadpunk | And well, if you allow external network conenction directly through VMs or oblige users to use floating ips | 14:54 |
| mgariepy | yeah | 14:55 |
| mgariepy | depending on the usecase it depend greatly , collect metric on everything and adjust for the future :) | 14:55 |
| *** dviroel|out is now known as dviroel|ruck | 15:08 | |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Generate OVN certs only for OVN plugin https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/872024 | 15:24 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Generate OVN certs only for OVN scenario https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/872024 | 15:30 |
| noonedeadpunk | jamesdenton: if around, could you vote on https://review.opendev.org/q/topic:bump_osa+status:open ? | 16:45 |
| jamesdenton | ack | 17:10 |
| noonedeadpunk | thanks! | 17:28 |
| prometheanfire | is there any facility to install a master version of horizon into an older release? (I know we can override UC url, horizing install branch, and venv tag, but the repo container shows version conflicts in the constraints it's trying to install still) | 17:52 |
| prometheanfire | I feel like I'm missing something... | 17:52 |
| jrosser | prometheanfire: are you setting horizon_upper_constraints_url to something appropriate for master? | 18:07 |
| prometheanfire | ya, I think I needed to set rebuild-wheels/venvs | 18:07 |
| opendevreview | Merged openstack/openstack-ansible stable/xena: Bump OSA for stable/xena to cover CVE-2022-47951 https://review.opendev.org/c/openstack/openstack-ansible/+/871839 | 19:24 |
| noonedeadpunk | I'm going to be mostly offline next week. So if somebody will have couple of minutes and spot that https://review.opendev.org/c/openstack/openstack-ansible/+/871834 is merged - would be great to update with it's SHA here https://review.opendev.org/c/openstack/releases/+/871281 | 20:24 |
| jamesdenton | ack | 20:26 |
| admin1 | anyone played with skyline yet ? or using it in prod instead of horizon | 20:40 |
| *** dviroel|ruck is now known as dviroel|ruck|afk | 20:53 | |
| spatel | admin1 i am running in dev but not in prod | 20:54 |
| admin1 | does it have everything to not miss horizon ? | 20:54 |
| spatel | because that project is little slow.. to catch up with all requirements | 20:54 |
| admin1 | and only 1-2 devs from china | 20:55 |
| spatel | Does anyone know how cinder-backup works? | 20:55 |
| spatel | If i have cinder on ceph and cinder-backup on NFS or POSIX local filesystem, in that case how does data copy from ceph to NFS or POSIX filesystem? | 20:56 |
| spatel | How data flow will look like? | 20:56 |
| spatel | Trying to understand this flow but very confused - https://gorka.eguileor.com/inside-cinders-incremental-backup/ | 21:01 |
| spatel | does controller nodes come into path during backing up???? | 21:05 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!