Tuesday, 2023-02-28

« Monday, 2023-02-27 Index Wednesday, 2023-03-01 »
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Test on ARM64  https://review.opendev.org/c/openstack/openstack-ansible/+/87242308:43
noonedeadpunkmornings09:09
noonedeadpunkBobZannapolis: well, to spawn a vm on a specific hypervisor you can use scheduler hints. So likely you can iterate over hypervisor list and supply it as a hint to server create command09:10
jrossererlang on arm is unfortunate - looks like the only reasonable place to get the pacakges from is here http://packages.erlang-solutions.com/ubuntu/pool/09:44
jrosseridk if we should move back to that, and ask again if we can have an infra mirror of it09:45
noonedeadpunkwell. I wonder if mirroring will help actually. As it was out of sync iirc? And for mirroring it should also support rsync09:59
noonedeadpunkie we were struggling from broken metadata09:59
noonedeadpunkwhich will likely jsut be pulled in to mirrors as is?10:00
jrosserhmm depends what tool makes the mirror i think - if it recomputes the Packages file or just blindly rsyncs everything10:02
jrosserlooks like it is reprepro10:05
jrossernoonedeadpunk: if you have good ideas about how we can get arm64 jobs running would be interested - we're about to deploy arm nodes so i'd like to get some coverage of that10:06
noonedeadpunkI don't have any better idea then to add repos conditionally based on arch though10:14
noonedeadpunkbut yes, rabbit quite a mess overall10:14
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Allow to manage more the one vhost with mq_setup  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/87539910:33
opendevreviewMerged openstack/openstack-ansible-galera_server stable/zed: Allow maridbcheck socket to FreeBind  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/87473210:47
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-rabbitmq_server master: Support erlang installation for arm64 hosts  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/87562910:48
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Test on ARM64  https://review.opendev.org/c/openstack/openstack-ansible/+/87242310:48
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-rabbitmq_server master: Support erlang installation for arm64 hosts  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/87562911:26
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-rabbitmq_server master: Support erlang installation for arm64 hosts  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/87562912:09
noonedeadpunkhm, looks like plugins repo does not really test patch content 12:52
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/zed: Do not run dstat by default  https://review.opendev.org/c/openstack/openstack-ansible/+/87560812:54
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-ceph_client master: Improve regexp for fetching nova secret from files  https://review.opendev.org/c/openstack/openstack-ansible-ceph_client/+/87181912:57
*** lowercase is now known as Guest617313:42
*** lowercase_ is now known as lowercase13:42
opendevreviewMerged openstack/openstack-ansible-os_neutron stable/zed: Generate OVN certs only for OVN scenario  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/87483714:26
noonedeadpunkno way! zuul now does spot nested ansible and prints output of issue with regards to it?14:56
noonedeadpunkLike valuable output here - https://zuul.opendev.org/t/openstack/build/b7778621493d4f9cb5551850eaf984be14:56
noonedeadpunkbut yeah - seems like plugins repo testing is broken14:56
noonedeadpunk#startmeeting openstack_ansible_meeting15:00
opendevmeetMeeting started Tue Feb 28 15:00:04 2023 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'openstack_ansible_meeting'15:00
noonedeadpunk#topic rollcall15:00
noonedeadpunko/15:00
jrossero/ hello15:00
noonedeadpunk#topic office hours15:02
noonedeadpunkI don't have much this time. I've started looking into quorum queues and by far found that plugins repo does not test actual code. Repo is in required-projects but likely we don't install collection from zuul path for some reason15:04
noonedeadpunkjrosser: I know you've proposed patch to change approach there a bit but it failed as well - I didn't have time to check what went wrong there15:04
noonedeadpunkwill have some deeper look during the week15:05
jrosseri've not had time to look either15:05
noonedeadpunkAlso I've spawned 3VMs aio to play with haproxy patches, but haven't started playing much15:05
noonedeadpunkWe've breifly discussed yestarday where it's worth to pay attention - like handler dynamic naming and virtual groups15:06
noonedeadpunkIt's also absolutely worth splitting changes of haproxy_services format and adoption for splitting configs into 2 patches15:07
noonedeadpunkAs of now I tried sandbox without LE, and it seems like approach overall working. The only thing that came to my mind - it will be way trickier to expand pool of haproxies or add some new host15:08
noonedeadpunkas basically you'll need to run setup-everything. Might be not a big deal given documentation and working tags though15:09
noonedeadpunkI've also tried bumping mariadb version to 10.11 and it obviously didn't "just worked" as package names seems to have changed. 15:16
noonedeadpunkAnd now it seems to be aligned with distro names ie not having major version at the end15:17
noonedeadpunkIt seems they've stopped doing that since 10.8. So some work is needed there for sure15:18
noonedeadpunkI also need these 2 features to inventory land or have some decent alternative to them for 2023.115:20
noonedeadpunk#link https://review.opendev.org/c/openstack/openstack-ansible/+/87011315:20
noonedeadpunk#link  https://review.opendev.org/c/openstack/openstack-ansible/+/86976215:20
noonedeadpunkAs we rely on them as of today in concept deployment15:20
noonedeadpunk(which should become prod by summer)15:21
noonedeadpunkAnother possibly sad topic is uwsgi. I assume some might have read MLs regarding this. In short uwsgi is in maintenance only as of today (and for the last year)15:22
noonedeadpunkThere're discussions ongoing on what should we all do with regards to that and if there should be some tested by default wsgi backend15:28
noonedeadpunkOr at very least I'd love that this was a thing ^15:28
jamesdenton_o/15:32
noonedeadpunkI was thinking that at worst it might be worth renaming uwsgi role to jsut wsgi and have an option to setup gunicorn as well15:32
jrossersorry also in another meeting right now15:35
noonedeadpunkno worries15:35
noonedeadpunkI think that's kind of it from my side. I don't think we have any new bugs to discuss15:37
noonedeadpunkBut reviews on stable branches backports are super welcome to get new releases15:37
jrosseri will also try to look at the haproxy stuff15:41
jrosseri'd like to try the add_host approach15:41
noonedeadpunkSo basically get rid of delegate_to approach?15:45
noonedeadpunkThe thing I'm concerned about, is that with dynamic group, when adding haproxy hosts to glance_api, for example, it will result in placing template on hosts that are not intended for that. But maybe indeed there's a way for that15:47
noonedeadpunkI was trying to focus on handlers thing now as it's quite annoying as well.15:47
noonedeadpunkat least concept overall is working from what I can tell.15:48
jrosseri was hoping that `add_host` would let you do new_group = haproxy_all hosts [also member of glance_all]15:54
jrosserthen be able to run against `new_group` which would just be haproxy_all hosts but also with glance vars15:54
noonedeadpunkwell, then role will run against all hosts in this new group, isn't it?16:03
noonedeadpunkSo it will deploy haproxy.conf on both haproxy_all and glance_all16:03
jrosseri don't know - i need to make some quick test playbook to see16:05
noonedeadpunkMaybe, if add haproxy_all to glance_all temporary instead of new_group and run against haproxy_all will do the trick... But it kind of depends in glance_all is group that consist of children or not...16:06
noonedeadpunkbut yeah, worth checking this for sure16:06
noonedeadpunk#endmeeting16:06
opendevmeetMeeting ended Tue Feb 28 16:06:58 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:06
opendevmeetMinutes:        https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-02-28-15.00.html16:06
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-02-28-15.00.txt16:06
opendevmeetLog:            https://meetings.opendev.org/meetings/openstack_ansible_meeting/2023/openstack_ansible_meeting.2023-02-28-15.00.log.html16:06
noonedeadpunkjrosser: setting handlers as variables looks like working nicely16:55
jrosseroh cool16:55
noonedeadpunkI was a bit o_O but it works :)16:56
jrosserdo you think that completely indpendant of the haproxy work we should change make `cert installed` overridable in the PKI role16:56
noonedeadpunkyes, totally16:56
jrosserthen make the handler names specific in the service roles16:56
noonedeadpunkWell.16:56
noonedeadpunkWe can make it specific only for haproxy for now16:56
noonedeadpunkAs you can pass `handler name` on the pki role include16:57
jrosseroh well i meant really as we add TLS to the roles16:57
noonedeadpunkBut yeah, we can provide role specific handler names everywhere if we want to16:57
noonedeadpunkBut we don't have to except for haproxy16:57
jrosserthen that will make the need for the dummy handlers file go away?16:58
noonedeadpunkyup16:58
jrosserand also remove that kind of duplicate tasks file16:58
noonedeadpunkWell. I was going to do include there16:58
noonedeadpunkas we might indeed need to inlcude vars as an extra16:59
noonedeadpunkDunno if damiandabrowski will be mad at me but I'm going to push some updates...16:59
noonedeadpunkAlso I've found weird things going on with tags - I "accidentally" spawned only 1 haproxy host and then added 2 more, so had to test how haproxy-service-config tag does work. While it works - rabbit role somehow fails as it's start being executed17:00
noonedeadpunkBut I'd blame role itself17:00
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-pki master: Allow to provide custom handler names  https://review.opendev.org/c/openstack/ansible-role-pki/+/87575717:15
noonedeadpunkthis ^17:15
jrosserout of interest can that be a list?17:21
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Simplify haproxy_service_configs structure  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87118817:30
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Fix tags usage for letsencrypt setup  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87577217:38
noonedeadpunkjrosser: hm......17:38
noonedeadpunklet me see....17:39
jrosseri was just checking the definition of notifiy and its string or list17:39
noonedeadpunkThe most tricky thing how to define meta in handlers/main.yml17:39
noonedeadpunkAnd whether it would like meta handler in loop17:40
jrosseroh yes17:40
jrosseri was wondering if there was ever a use case for in the playbook calling the PKI role you want to make it trigger several handlers17:40
noonedeadpunkWell, maybe there is but I don't know yet about them17:41
jrosserit's kind of two things17:41
jrosseras they're noop handlers then if it's a list it can be hander_list[0] othewise the string17:43
jrosseri don't have a example of where it being a list would be useful but it just replicates the underlying behaviour of notify:17:44
noonedeadpunklol, yes, you can 17:44
noonedeadpunkshould I change it to be a list though?17:45
noonedeadpunkbut yeah... probably...17:45
jrosserwell in defaults/main it can be a string for sure17:46
jrosserbut passing as notify: - {{ string-or-list }} looked a bit suspicious17:46
jrosserinstead notify: "{{ string-or-list }}"17:47
noonedeadpunkhm, I wonder if we need these meta handlers...17:47
jrosseri think we do in case the calling role doesnt have any17:48
noonedeadpunkah! I got what you mean17:48
noonedeadpunkbut that would be tricky for these meta...17:48
noonedeadpunkas then you should kind of pick if it's a list or string we're listening to17:49
noonedeadpunkas you can't do {{ var[0] }} for example17:49
jrosser`{{ ((handlers is not string) and (handlers is iterable)) | ternary(handlers[0], handlers) }}`17:51
jrosser^ guess17:51
noonedeadpunkwell...17:51
noonedeadpunkwhat is more suspicious....17:51
noonedeadpunkjrosser: you can;t do handlers[0] as then handlers[1:] are undefined and role is unhappy17:56
jrossereven if those exist in the calling playbook?17:57
noonedeadpunkand yeah, you can't do loop in handlers either17:57
jrosserwell i don't mean playbook do i17:57
noonedeadpunknah, it's for usecase when they don't exist in playbook17:58
noonedeadpunk*role17:58
noonedeadpunkwelll.17:59
noonedeadpunkI have an idea :D17:59
noonedeadpunkwhy in the world I didn't try to use listen there at first18:00
noonedeadpunknah, variable in listen is not renderred 18:01
noonedeadpunkSo. To be frank I'd prefer restrict this to be a string rather string or list, as for some roles where handlers are undefined this might be quite breaking18:02
jrosserok - just so we don't misunderstand this is what i was thinking https://etherpad.opendev.org/p/pki-handlers18:03
noonedeadpunkAnd well, given that variables are not respected in listen - you can't use them in service role handlers anyway18:03
jrosserlets keep it simple then :)18:09
noonedeadpunkIt would be quite simple to change that anytime to be frank18:11
noonedeadpunkbut not from string-or-list to just string....18:11
jrossergrrr https://github.com/esl/packages/issues/1518:21
mgariepystill better than some other project .. 18:31
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-haproxy_server master: Prepare haproxy role for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87577918:31
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Test on ARM64  https://review.opendev.org/c/openstack/openstack-ansible/+/87242318:31
noonedeadpunkhuh, old good erlang repo...18:32
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Prepare service roles for separated haproxy config  https://review.opendev.org/c/openstack/openstack-ansible/+/87118918:33
noonedeadpunkI've decided to push changes to reflect progress on handlers - will try to check dynamic groups tomorrow18:34
noonedeadpunkhopefully they will pass lol18:35
noonedeadpunkI'm still not fully understand https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/875779/1/tasks/haproxy_service_config_temporary.yml but since it's marked as temporary and if we can drop this right after all changes land - I'm good to leave it as is18:37
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-haproxy_server master: Serialise initial issuing of LetsEncrypt certificates  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/87578118:46
jrossernoonedeadpunk: here is a placeholder patch for race condition with LE - i realise that i've never seen this becasue we have 2 haproxy nodes and the OSA playbook has serial: 50% so it is sequential by good luck for me18:47
jrossernot quite sure what happens with 3 haproxy in a more standard setup......18:48
noonedeadpunkaha I can recall you discussing that18:54
noonedeadpunkHm18:56
noonedeadpunkSeems like erlang 24 has fully dissapeared from cloudsmith18:56
noonedeadpunkat least for centos.18:59
noonedeadpunkdogh18:59
noonedeadpunk23 is still present....19:17
noonedeadpunkpackagecloud does have 24....19:18
noonedeadpunkpffff19:18
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server stable/xena: Install erlang from packagecloud for RHEL  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/87578219:25
noonedeadpunkI'm quite open to ideas. Like building these from sources19:28
noonedeadpunkOr having apt/rpm proxy on repo hosts19:28
jrosseras we version it specifically we could grab the file and install it just with apt directly19:39
jrosserthere used to be a thing to do that in the rabbitmq role i think19:39
spateljamesdenton_ around 19:49
spatelI have stupid question about LACP 19:49
spatelDo you configure LACP active on one side and passive on other side? or both active - active mode 19:50
jamesdenton_either or19:51
jamesdenton_i guess it depends on which side you want to initiate the bundle, or either side19:52
spatelI am running both side active when i connect to switches..19:52
jamesdenton_that's prob fine19:52
spatelHmm just thinking about advantage of doing passive19:53
spatelwhy passive mode invented :)19:53
jamesdenton_prob a good question for google19:53
jamesdenton_https://techdocassets.pluribusnetworks.com/netvisor/nv1_700/CG/UnderstandingtheLinkAggregationC.html19:54
jamesdenton_In active mode LACP always (unconditionally) sends frames along the configured links that are intended to be bundled together. In passive mode, instead, LACP does not initiate a conversation/negotiation until it hears from the peer (this is typically the default configuration). Hence, for the negotiation to start at least one of the peers needs to be switched to active mode by the network administrator.19:54
spatel+119:57
spateli was trying to find usage case where passive is very important :) 19:57
spatelGood read - https://www.reddit.com/r/networking/comments/39x8qw/do_you_have_a_use_case_for_lacp_in_passive_mode/19:58
spatelWe have Cisco switch and other end HP switch so thought i can make HP passive if its best practice to fix hardware19:58
noonedeadpunkjrosser: was it for rabbit though? I'm looking at rocky and it was packagecloud 20:14
noonedeadpunkI can recall smth like that but  think it was galera or smth....20:15
jrosserhmm yes I’m sure there was a “file”20:15
noonedeadpunkor smth that has not that many dependant packages...20:15
jrossermethod for one of these20:15
jrosserbut taken out long ago I think20:15
noonedeadpunkah, yes, it was rabbit you're right20:16
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible-rabbitmq_server/src/tag/queens-eol/vars/debian.yml20:16
noonedeadpunkso it was only rabbit but not erlang....20:16
noonedeadpunkand we were still downloading from packagecloud....20:16
noonedeadpunkPackagecloud don't have erlang for deb, cloudsmith rotate things, and packages.erlang-solutions.com jsut almost always broken20:18
noonedeadpunkfor rpm we can indeed get things from github even - they publish .rpms there in releases20:19
noonedeadpunkbut not deb...20:19
noonedeadpunk /o\20:19
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-rabbitmq_server master: Support erlang installation for arm64 hosts  https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/87562920:41
MohaaCool: https://openapm.io/landscape21:28
spatelnoonedeadpunk did we eve thought about to implement OpenSearch with OSA? https://opensearch.org/21:43
spatelor not really osa but have playbook in ops-tool21:44
« Monday, 2023-02-27 Index Wednesday, 2023-03-01 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!