| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Add drain option to haproxy-endpoint-manage https://review.opendev.org/c/openstack/openstack-ansible/+/882124 | 07:37 |
|---|---|---|
| jrosser | good morning | 09:10 |
| noonedeadpunk | o/ | 09:24 |
| jrosser | we need to improve our ironic tests https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/880394 | 09:33 |
| jrosser | i would like to get virtualbmc installed and do an actual test as i'm pretty sure that we have already broken it with internal TLS and maybe break it more with backend TLS | 09:33 |
| noonedeadpunk | Yeah, I was looking at nova patch that adjusts consoles and was unsure about ironic case | 09:37 |
| jrosser | we have a very long standing patch to enable tempest test for vnc console that it would also be nice to get working | 09:39 |
| noonedeadpunk | oh, yes | 09:40 |
| noonedeadpunk | pushed by Melanie years ago | 09:40 |
| noonedeadpunk | It was super close to pass iirc | 09:40 |
| noonedeadpunk | but there was smth off that prevented from merging it | 09:41 |
| jrosser | huh wierd https://opendev.org/openstack/swift/commit/3053c53ef7e9dd3efea10c535021786f7e6e92f2 | 09:46 |
| noonedeadpunk | This raises a question if it's us who's doing smth weird or everyone around... | 09:49 |
| jrosser | thats like a 10yr old commit when maybe poeple cared less about encryption-on-the-wire | 09:50 |
| jrosser | and it would be kind of surprising if there was no use case which required swift to be encrypted on the network | 09:50 |
| jrosser | damiandabrowski: will we need to make a special job for swift role that enables TLS - or do we add `swift_backend_ssl: True` to `user_variables_tls.yml` in CI? | 09:59 |
| damiandabrowski | jrosser: sorry I'm not really around today. But do we really want to test `swift_backend_ssl` if this "feature" cannot be considered as "stable"? They explicitly say that it should be only used for testing purposes. | 10:04 |
| damiandabrowski | we also mention it here: https://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/swift_all.yml#L32-L35 | 10:05 |
| jrosser | not sure tbh - we should probably ask the swift team as that comment is from >10yr ago | 10:06 |
| damiandabrowski | ah, that's a valid point. I'll reach out to them | 10:09 |
| hamidlotfi_ | Hi there, | 10:17 |
| hamidlotfi_ | What should I do if I want to enable Osprofiler in the current installation environment with OSA? | 10:17 |
| hamidlotfi_ | @jrosser | 10:20 |
| noonedeadpunk | that is really good question | 10:21 |
| hamidlotfi_ | 😊 | 10:22 |
| jrosser | one moment i'm in a meeting | 10:23 |
| noonedeadpunk | I think at the moment you will need to define quite some overrides as we don't have config option to enable it throughout all services | 10:23 |
| noonedeadpunk | hamidlotfi_: https://opendev.org/openstack/openstack-ansible-ops/src/branch/master/elk_metrics_7x/README.rst#optional-add-osprofiler-to-an-openstack-ansible-deployment | 10:24 |
| hamidlotfi_ | thanks | 10:26 |
| noonedeadpunk | though I'm not sure if you need to do `ansible -m shell -a 'find /openstack/venvs/* -maxdepth 0 -type d -exec {}/bin/pip install osprofiler "elasticsearch>=6.0.0,<7.0.0" --isolated \;' all` | 10:29 |
| noonedeadpunk | as osprofiler is already there at very least | 10:30 |
| jrosser | yes that link to the variables for osprofiler will enable it for all services | 10:46 |
| jrosser | hamidlotfi_: ^ | 10:46 |
| jrosser | but you need a backend to send the metrics to which can be anything supported by osprofiler, elasticsearch just being one possibility | 10:47 |
| hamidlotfi_ | @jrosser I know that, thanks for the tip, I'll probably go for the Jaeger. | 10:49 |
| opendevreview | Merged openstack/openstack-ansible-os_trove master: Add TLS support to trove backends https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/880552 | 11:07 |
| opendevreview | Merged openstack/openstack-ansible-os_tacker master: Add TLS support to tacker backends https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/880555 | 11:08 |
| opendevreview | Merged openstack/openstack-ansible-os_designate master: Add TLS support to designate backends https://review.opendev.org/c/openstack/openstack-ansible-os_designate/+/880397 | 11:15 |
| opendevreview | Merged openstack/openstack-ansible-os_placement master: Add TLS support to placement backends https://review.opendev.org/c/openstack/openstack-ansible-os_placement/+/879380 | 11:15 |
| opendevreview | Merged openstack/openstack-ansible-os_blazar master: Add TLS support to blazar backends https://review.opendev.org/c/openstack/openstack-ansible-os_blazar/+/880652 | 11:17 |
| opendevreview | Merged openstack/openstack-ansible-os_mistral master: Add TLS support to mistral backends https://review.opendev.org/c/openstack/openstack-ansible-os_mistral/+/880550 | 11:27 |
| opendevreview | Merged openstack/openstack-ansible-os_cloudkitty master: Add TLS support to cloudkitty backends https://review.opendev.org/c/openstack/openstack-ansible-os_cloudkitty/+/880548 | 11:31 |
| opendevreview | Merged openstack/openstack-ansible-os_sahara master: Add TLS support to sahara backends https://review.opendev.org/c/openstack/openstack-ansible-os_sahara/+/880643 | 11:35 |
| opendevreview | Merged openstack/openstack-ansible-os_aodh master: Add TLS support to aodh backends https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/880395 | 11:37 |
| opendevreview | Merged openstack/openstack-ansible-os_adjutant master: Add TLS support to adjutant backends https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/881147 | 11:38 |
| opendevreview | Merged openstack/openstack-ansible-os_ironic master: Add TLS support to ironic backends https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/880394 | 11:41 |
| opendevreview | Merged openstack/openstack-ansible-os_neutron master: Add TLS support to neutron_server backends https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/873654 | 11:41 |
| opendevreview | Merged openstack/openstack-ansible-os_gnocchi master: Add TLS support to gnocchi backends https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/880549 | 11:49 |
| opendevreview | Merged openstack/openstack-ansible-os_cinder master: Add TLS support to cinder backends https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/874966 | 11:55 |
| opendevreview | Merged openstack/openstack-ansible-os_manila master: Add TLS support to manila backends https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/880551 | 12:03 |
| opendevreview | Merged openstack/openstack-ansible-os_glance master: Add TLS support to glance backends https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/821011 | 12:20 |
| opendevreview | Merged openstack/openstack-ansible-os_blazar stable/zed: Ensure service is restarted on unit file changes https://review.opendev.org/c/openstack/openstack-ansible-os_blazar/+/881990 | 12:29 |
| opendevreview | Merged openstack/openstack-ansible-os_masakari stable/zed: Ensure service is restarted on unit file changes https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/881992 | 12:30 |
| opendevreview | Merged openstack/openstack-ansible-os_tacker stable/zed: Ensure service is restarted on unit file changes https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/881993 | 12:37 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-os_magnum master: Ensure service is restarted on unit file changes https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/879970 | 12:40 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-os_magnum master: Add TLS support to magnum backends https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/879918 | 12:40 |
| opendevreview | Merged openstack/openstack-ansible-os_aodh stable/zed: Ensure service is restarted on unit file changes https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/881979 | 12:44 |
| opendevreview | Merged openstack/openstack-ansible-os_neutron stable/zed: Ensure service is restarted on unit file changes https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/881976 | 13:03 |
| opendevreview | Merged openstack/openstack-ansible-os_senlin master: Add TLS support to senlin backends https://review.opendev.org/c/openstack/openstack-ansible-os_senlin/+/880554 | 14:17 |
| opendevreview | Merged openstack/openstack-ansible-os_masakari master: Add TLS support to masakari backends https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/880398 | 14:18 |
| *** dviroel_ is now known as dviroel | 14:28 | |
| opendevreview | Merged openstack/openstack-ansible-os_rally master: Fix rally U-C retrieval from file https://review.opendev.org/c/openstack/openstack-ansible-os_rally/+/881954 | 14:53 |
| opendevreview | Merged openstack/openstack-ansible-os_nova master: Add TLS support to nova API backends https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/874810 | 14:57 |
| opendevreview | Merged openstack/openstack-ansible-os_placement stable/yoga: Ensure service is restarted on unit file changes https://review.opendev.org/c/openstack/openstack-ansible-os_placement/+/882009 | 15:00 |
| opendevreview | Merged openstack/openstack-ansible-os_nova stable/yoga: Ensure service is restarted on unit file changes https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/882017 | 15:00 |
| opendevreview | Merged openstack/openstack-ansible-os_horizon master: Add PKI support to horizon backends https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/879517 | 15:06 |
| opendevreview | Merged openstack/ansible-role-uwsgi stable/yoga: Ensure service is restarted on unit file changes https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/882019 | 15:13 |
| NeilHanlon | noonedeadpunk: met with NFV sig this morning and have a plan for OVS 3.1 and OVN 22.12 for Rocky 9 | 15:33 |
| noonedeadpunk | ┌(° ͜ʖ͡°)┘ | 15:50 |
| NeilHanlon | even better. i managed to get it built in an hour or so (mostly figuring out how to use the cbs command line) | 17:26 |
| NeilHanlon | https://buildlogs.centos.org/9/nfv/x86_64/openvswitch-common/ | 17:26 |
| noonedeadpunk | NeilHanlon: it's worth to be 3.1.1 though.... | 18:01 |
| noonedeadpunk | due to that https://bugzilla.redhat.com/show_bug.cgi?id=2182767 | 18:02 |
| noonedeadpunk | or no.... | 18:02 |
| noonedeadpunk | disregard, I said stupid thing | 18:02 |
| NeilHanlon | yeah the name having the version in it also messes with me lol | 18:13 |
| opendevreview | Merged openstack/openstack-ansible-os_trove stable/zed: Ensure service is restarted on unit file changes https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/881974 | 18:20 |
| opendevreview | Merged openstack/openstack-ansible-os_designate stable/yoga: Ensure service is restarted on unit file changes https://review.opendev.org/c/openstack/openstack-ansible-os_designate/+/882003 | 20:01 |
| jrosser | damiandabrowski: this looks like another thing to look at for tls https://zuul.opendev.org/t/openstack/build/349c75d805ae41e4b1fbc3e0b10e8b52/log/logs/etc/openstack/aio1_ceph-rgw_container-2cce9944/ceph/ceph.conf.txt#19 | 20:45 |
| damiandabrowski | ouh yes, thanks | 20:46 |
| jrosser | in the same job cinder-volume looks really unhappy too https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_349/881968/5/check/openstack-ansible-deploy-aio_ceph-ubuntu-jammy/349c75d/logs/openstack/aio1_cinder_volumes_container-4bdc3c98/cinder-volume.service.journal-13-02-55.log.txt | 20:49 |
| jrosser | this is on https://review.opendev.org/c/openstack/openstack-ansible/+/881968 btw | 20:49 |
| jrosser | i guess also the rgw backend itself should be using TLS - i think i have examples of that here | 20:51 |
| damiandabrowski | okok, ill have a look tomorrow | 20:55 |
| NeilHanlon | well - haven't booked the flight, but I will be in Vancouver :) | 22:04 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!