Monday, 2023-02-13

« Sunday, 2023-02-12 Index Tuesday, 2023-02-14 »
Elnzsalam05:45
ElnzPlease have a look at: https://paste.ubuntu.ir/xwrjp05:51
jrossergood morning09:36
noonedeadpunkmornings. I'm semi-around today10:36
noonedeadpunkadmin1: Network is unreachable reminds me about dead lxc-dnsmasq as its outbound connection that is made10:39
noonedeadpunkNo idea if you've already sorted this out or not though...10:39
noonedeadpunkso connections goes through lxcbr0 and eth010:39
admin1noonedeadpunk, wget/curl works there fine .. just via the python it fails 10:55
noonedeadpunkum... I have no idea how that's technically possible to be frank. If it was url certs that's untrusted - I could explain that but not network unreachable....11:05
noonedeadpunkAnd curl works from exact repo container that task was delegated to?11:06
noonedeadpunkAs my guess was that just one of them can't reach network....11:06
jrosseradmin1: can you paste the actual output when it fails?11:33
admin1jrosser, https://gist.githubusercontent.com/a1git/d10b72f0305d32e4d780e20a7c42dd04/raw/902a053dc6fc185cb9d86142eab06fb5b3f41a28/gistfile1.txt11:46
admin1i see the issue 11:47
admin1<c1_repo_container-4cfcc286> Task is delegated to localhost.    .. my localhost is not resolving DNS .. 11:47
admin1localhost a.k.a deploy container11:47
admin1it works now .. 11:51
opendevreviewMerged openstack/openstack-ansible-openstack_hosts master: Return centos jobs to voting  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/87327312:03
opendevreviewMerged openstack/openstack-ansible-os_nova master: Add authentication for [cinder] section of nova.conf  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/87227912:22
opendevreviewMerged openstack/openstack-ansible-os_nova master: Use SSL database connections with nova-manage  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/52883712:22
*** priteau_ is now known as priteau12:25
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_nova stable/zed: Use SSL database connections with nova-manage  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/87346614:25
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_nova stable/yoga: Use SSL database connections with nova-manage  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/87346714:25
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_nova stable/xena: Use SSL database connections with nova-manage  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/87346814:26
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_nova stable/zed: Add authentication for [cinder] section of nova.conf  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/87346914:26
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_nova stable/yoga: Add authentication for [cinder] section of nova.conf  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/87357014:26
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_nova stable/xena: Add authentication for [cinder] section of nova.conf  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/87357114:26
jrosseri dont see why the lxc rocky9 distro job here is not n-v https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/87328714:30
ElnazSalam15:10
noonedeadpunko/15:10
noonedeadpunkjrosser: it's distro job that's failing 15:11
ElnazDo you know why I get such error: `fatal: [infra1_horizon_container-4c31534e -> infra1_repo_container-6b72e9f1(172.17.236.47)]: FAILED! => {"changed": false, "msg": "file not found: /var/www/repo/os-releases/26.0.1/ubuntu-22.04-x86_64/requirements/horizon-26.0.1-constraints.txt"}`15:11
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts stable/yoga: Install curl by defining binary that is provided  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/87328715:11
jrosserhi Elnaz - did you fix any of the trouble you had before?15:12
noonedeadpunkElnaz: I assume that wheels or venv build could fail for horizon at some prior run15:12
ElnazI checked and horizon-26.0.1-constraints.txt is not there!15:12
Elnazjrosser: NO, they solved by themselves! I rerun the scripts repeatedly and it finally reached to the Horizon step.15:13
jrosserhmm that sounds odd15:13
jrosserand thats not how it should be :)15:14
ElnazI had issue on keyston and. I run  os-keystone-install 3 or 4 times that finally succeded.15:15
Elnaznoonedeadpunk: Ok, I run setup-openstack again to see what would be the result15:16
jrosserit is probably worth double checking that you can `git clone https://opendev.org/openstack/keystone` manually to see if you get the same error, or if it completes in a "reasonable" time15:17
jrosserElnaz: take a look inside the setup-openstack playbook - https://github.com/openstack/openstack-ansible/blob/master/playbooks/setup-openstack.yml15:19
jrossersee that it is just calling others, so you can do any of them as you need individually15:20
noonedeadpunkElnaz: nah. that won't gonna help15:20
Elnazjrosser: `Receiving objects:  20% (24126/120627), 5.66 MiB | 36.00 KiB/s`15:20
noonedeadpunksimply re-running won't recover from that state15:21
jrosserElnaz: so it is very slow?15:21
Elnazdepending the size; I think so15:21
jrosserElnaz: ultimately this will cause the pip command doing the build to fail i think if there is some network problem between you and `opendev.org`15:23
ElnazYou mean it's an internet issue?15:23
jrosseri get `Receiving objects: 100% (120627/120627), 32.09 MiB | 1.74 MiB/s, done`15:23
jrosserElnaz: can you try `git clone https://github.com/openstack/keystone` instead?15:25
Elnazjrosser: `Receiving objects: 100% (120627/120627), 50.66 MiB | 4.23 MiB/s, done.`15:27
ElnazO_o15:27
jrosserhmm ok so that means its slow to opendev.org but OK to github15:27
jrosserfungi: ^ looks like another data point for poor connectivity to opendev.org here15:27
ElnazThen I'll be looking for a proxy or something to see what would be the speed test to opendev15:28
jrosserif you are able to do a `mtr opendev.org` there might be some useful info there15:29
ElnazYours: (120627/120627), 32.09 MiB15:30
ElnazMine: (120627/120627), 50.66 MiB - GitHub15:30
ElnazWhy two different size of downlod for the same repos?15:30
ElnazHow cool is `mtr`!15:31
jrosserwhen it's resolved most of the names of the intermediate hops you can put the output at paste.opendev.org15:32
fungihappy to take a look, yep15:34
admin1does using ovn only in octavia also require using vtep hacks like before ? 15:54
admin1sorry .. is it possible to use osa + octavia with ovn only backend15:54
jrosseras far as i know you can use it just like before with a vlan network15:57
jrosser"vtep hack" probably means bringing a vxlan neutron network to the controller?15:57
admin1yeah 15:57
jrosserthat sounds hard15:57
admin1ovn does its own LB , so i think those hacks are not required .. but i am not sure how to enable just that one15:58
admin1without the lbaas ip address that we use to configure15:59
jrosseradmin1: oh well thats different then - you'll perhaps be wanting this https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/86846216:02
noonedeadpunkIt seems it's time to switch our HA queues to quorum, as https://review.opendev.org/c/openstack/oslo.messaging/+/831058 is around since Zed16:03
noonedeadpunkI was kind of waiting for it, but obviously missed :(16:04
admin1jrosser, yes :) 16:11
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-haproxy_server master: Prepare haproxy role for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87118816:28
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Replace HA policies for RabbitMQ with quorum  https://review.opendev.org/c/openstack/openstack-ansible/+/87361816:52
*** jamesdenton_ is now known as jamesdenton16:56
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Replace HA policies for RabbitMQ with quorum  https://review.opendev.org/c/openstack/openstack-ansible/+/87361816:59
spatelHow do i transer openstack vm from one stack to totally different stack? 17:11
spateltransfer* 17:11
spatelcan i export VM or it has to be via snapshot ?17:13
admin1spatel, image and then using image 17:14
admin1snapshot 17:14
spatelimage and then using image????17:14
admin1or if you have hypervisor access, cp the backing disk and the qcow2 and then import in 17:14
spatelcan you explain?17:15
spatelI am admin in both cloud 17:15
spatelwith root access17:15
admin1rsync if you are admin in both :D17:15
spatelone cloud is non-ceph and second one has ceph 17:15
spateldo i export snapshot and import that snapshot in new cloud with glance?17:16
admin1yep 17:16
admin1and then use that as glance image to boot a new copy of it 17:16
admin1not sure what the vm is... make sure to setup a root pass17:16
admin1so that in case networking etc does not work due to static  being set, u can login as root and fix it 17:17
fungior boot a rescue image, or embed a small repair-style ramdisk image in the vm image's bootloader config17:19
admin1anyone using latest fedora to boot up k8s using magnum 17:28
admin1looking for tips 17:28
noonedeadpunkadmin1: well, magnum does support only specific match of fedora to k8s, I won't expect anything latest to work with any stable magnum17:31
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_glance master: Add quorum support for glance  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/87363217:37
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Use let's encrypt standalone flag only for http-01  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87363318:02
jrosser^ ahha interesting noonedeadpunk i was never sure if anything more needed to be added for dns-0118:06
jrosserthe one place i do something with dns-01 and haproxy_server in tcp rather than http mode so the certs are all done on the backends18:07
noonedeadpunkwell... I'm not sure either if we need to supprot dns-01 better, but looking quickly through it - there're quite a lot options18:07
jrosseri'm sure i have some ansible for it, but it kind of gets pretty specific pretty quick about what dns you've got18:07
noonedeadpunkwe don't or can't use let's encrypt due to complience, so I wasn't really digging too much to be frank18:08
jrosserfor example i might have some things for certbot + bind918:08
noonedeadpunk018:08
jrosserah right ok, but i think the patch is good anyway18:08
jrosseri tried (and never made work) bucket-name-as-hostname in ceph rgw which needed a wildcard - thats were we looked at dns-0118:09
noonedeadpunkwe're kind of allowed to use zerossl, but I find their terms of services quite cumbersome to use18:09
noonedeadpunkOh, our storage folks made it work I believe... At least in POC18:10
jrosserinteresting18:10
noonedeadpunkI didn't followed on that, but can ask them. They don't use osa haproxy role though for $reasons (that I don't fully understand)18:10
noonedeadpunkAnd they used zerossl iirc, but I need to double check with them18:11
*** jgwentworth is now known as melwitt18:33
jrosserdamiandabrowski: have you seen that you can set `vars:` on an `include_tasks:`.......18:45
jrosserthen there would be no need at all to have new things in the haproxy role like `haproxy_preconfigured_services`18:46
damiandabrowski(i need to leave in 3 min)18:46
damiandabrowskibut i'm sure we'll need to have it18:47
damiandabrowskilet me show you something18:47
jrosseryou could just set `haproxy_services` on each `include_tasks` to be the vars you want for that playbook18:47
jrossernot sure why we have to build all that into the haproxy_server role18:47
damiandabrowskiah i get it, i think i created 2 separate variables just for clarity18:51
admin1noonedeadpunk, do you know of the latest compatibiltiy matrix link 18:51
admin1the one i found is  https://wiki.openstack.org/wiki/Magnum#Compatibility_Matrix18:52
damiandabrowskiso that "preconfigured" services are configured on initial haproxy playbook execution18:52
damiandabrowskibut tomorrow i can evaluate if we can stick only with "haproxy_services"18:52
jrosserok we can look tomorrow18:52
noonedeadpunkadmin1: I usually reffer to https://docs.openstack.org/magnum/latest/user/index.html#supported-versions18:53
noonedeadpunkMy assumption - they didn't change anything from Yoga to Zed18:53
damiandabrowskiplease note that currently haproxy_preconfigured_services and haproxy_services are handled by 2 different files and i have not idea how they can share a single file18:53
damiandabrowskihttps://opendev.org/openstack/openstack-ansible-haproxy_server/src/commit/dec3906447655fb6c604bf07a77d4910fbfe04b6/tasks/haproxy_preconfigured_service_config.yml18:53
damiandabrowskihttps://opendev.org/openstack/openstack-ansible-haproxy_server/src/commit/dec3906447655fb6c604bf07a77d4910fbfe04b6/tasks/haproxy_service_config.yml18:53
noonedeadpunkoh, whaaat, gerrit SHAs are a valid thing in gitea?18:54
noonedeadpunkhow does that work given they should be in different refs...18:55
noonedeadpunkUm, I'm not sure I get how they're different though....18:59
noonedeadpunkDefining `haproxy_services` to a different value for each group_var is very confusing for me personally... It's defenitely not that easy to read to be frank19:06
noonedeadpunkI think you've discussed that already, but is there any reason why indeed haproxy_server can't be included from inside of the roles? 19:09
noonedeadpunkAs we already have things like `_cinder_is_first_api_play_host` which way better condition comparing to https://review.opendev.org/c/openstack/openstack-ansible/+/871189/7/playbooks/common-tasks/haproxy-service-config.yml#1819:11
noonedeadpunkor we need/want to add service before running haproxy-endpoint-manage.yml ?19:13
noonedeadpunkok, let's discuss that tomorrow during meeting :)19:14
noonedeadpunkI bet our operations won't be happy about changes as they're trying to avoid running haproxy role whenever possible not to accidentally trigger any changes that will lead to VIP failover :D19:15
noonedeadpunk(it's completely different topic for motivation part though)19:15
noonedeadpunk(and not sure how it's valid at all)19:16
*** dviroel is now known as dviroel|out19:26
jrosserhaving `vars: haproxy_services: "{{ glance_haproxy_services }}"` is clearer on some include_<whatever>:19:32
noonedeadpunk+1 ^19:39
admin1anyone has a workable magnum coe template ? 20:11
admin1for k8s 20:11
jrosseradmin1: welcome to magnum :) i can't help you with and real experience there but there is this https://docs.openstack.org/openstack-ansible-os_magnum/latest/20:15
jrosserbut you'd have to look at the commit history to see how old that doc is as it's not kept up to date20:16
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-os_glance master: Add quorum support for glance  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/87363220:35
admin1someone recommended me https://github.com/kubernetes-sigs/cluster-api-provider-openstack  .. anyone using this one ? 20:38
admin1kleini_ 21:21
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-haproxy_server master: Prepare haproxy role for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87118822:08
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible master: Prepare service roles for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible/+/87118922:54
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_glance master: Add TLS support to glance backends  https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/82101123:01
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_neutron master: Add TLS support to neutron_server backends  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/87365423:02
« Sunday, 2023-02-12 Index Tuesday, 2023-02-14 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!