| SoroushKaviani | Hi | 04:12 |
|---|---|---|
| SoroushKaviani | I want to create a role with all privileges except deleting resources (instances and ...) . How i can do it? | 04:13 |
| SoroushKaviani | I read some tutorials but in my cluster i cant find policy.yaml or policy.json file | 04:14 |
| damnthem | Hello. I want to override python-openstackclient to repo url for utility venv but cannot find good way to do it. As far as i can tell the only right way it is to overwrite requirements_git_url but it leads to overwriting whole reqs obviously, not to mention need to serve it via http later. Is there better way to do it? | 09:45 |
| jrosser | damnthem: the python-openstackclient is installed as a python package, not from source..... can i ask why you need to do this? | 09:56 |
| damnthem | jrosser: yes, i know. I want to install it from my patched source. | 09:58 |
| jrosser | well, you can be more specific than requirements_git_url becasue you can override that just for the utility container https://opendev.org/openstack/openstack-ansible/src/branch/master/playbooks/utility-install.yml#L31 | 10:00 |
| jrosser | and you can have as many customised versions of the upper-constraints file as you like staged on the deploy host and hosted on the web server in the repo container https://github.com/openstack/openstack-ansible-repo_server/blob/master/tasks/repo_install_constraints.yml#L46-L52 | 10:02 |
| damnthem | Right, however in that case i still have to serve that url and maintain its contents. I hoped there is a way to overwrite one exact package instead of all reqs. | 10:16 |
| SoroushKaviani | Hi I want to create a role with all privileges except deleting resources (instances and ...) . I read some tutorials but in my cluster i cant find policy.yaml or policy.json file | 10:26 |
| depasquale | ciao everybody. I am facing for the first time an installation based on OVN networks with VLAN and not anymore on flat networks with Linuxbridge (as far as I understood no more mainteined) | 10:36 |
| depasquale | I have completed to whole installation | 10:36 |
| depasquale | I am able to create Geneve networks for internal VM communications | 10:37 |
| depasquale | but I am still not able to navigate to internet | 10:37 |
| depasquale | I think there is some point I am missing... | 10:37 |
| depasquale | any suggestion? | 10:38 |
| depasquale | I have vlan installed on switches. baremetal server can communicate via br-vlan interface and also contact the internet | 10:38 |
| depasquale | I am now navigating as a blind ship :) | 10:40 |
| jrosser | SoroushKaviani: you are able to create policy files if you need them, for example here is the variable you need to defined for nova https://github.com/openstack/openstack-ansible-os_nova/blob/master/defaults/main.yml#L387-L392 | 10:59 |
| jrosser | damnthem: you don;t have to serve the URL, if you stage a modified constraints file on the deploy host it is automatically put on the web server on the repo host | 11:04 |
| jrosser | damnthem: i thinl we would accept a patch to make the utility playbook install the openstack client from a git source rather than a python package if you were interested in making one | 11:13 |
| depasquale | guys if I want share my configuration for review with some expert with OpenStack and Openstack Ansible do you have suggestions? I think lanchpad is the wrong place | 11:15 |
| depasquale | what do you suggest? | 11:16 |
| jrosser | you can put something at paste.opendev.org | 11:32 |
| jrosser | though this week is openstack summit / PTG so it is going to be quiet here | 11:32 |
| jrosser | if you are struggling with the OVN setup then i would highly recommend having an all-in-one build to use as a reference/comparison for the deployment you are having trouble with | 11:33 |
| damnthem | jrosser: Yeah, already on it actually. Not yet sure how to pull it through without ugly hacks. | 12:31 |
| jrosser | damnthem: take inspiration from one of the other roles i think with defining the git source, it should not be too difficult | 12:33 |
| jrosser | so rather than just specify the package from pypi do something like this https://opendev.org/openstack/openstack-ansible-os_glance/src/commit/1f989219b404934164ec0107bd0e10b00ad6628c/defaults/main.yml#L249-L250 | 12:35 |
| jrosser | and then you need to remove python-openstackclient (and maybe others?) from the constraints list as the "new pip resolver" is very strict and won't allow the same thing to have a version specified in both requirements and constraints inputs, sort of like this https://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/tasks/neutron_install.yml#L75 | 12:36 |
| damnthem | jrosser: thank you for help and links! | 12:50 |
| jrosser | i see there that python-<blah>client is needed in the glance role | 12:52 |
| jrosser | and i'm sure this will repeat all over the deployment, so depending on what you are wanting to achieve with your patched version...... well could be interesting | 12:52 |
| damnthem | it's just additional option (--force) that available in nova api live-migration command (and openstacksdk actually). but nowhere to be found in glance and openstack cli. | 12:55 |
| depasquale | jrosser: thank you as always. Please look at this files maybe you can help me in understanding where I am wrong | 12:57 |
| jrosser | tbh it might be hugely easier to set yourself up an venv outside your deployment | 12:57 |
| depasquale | https://paste.opendev.org/show/bCLdB4dDHZvARsKPbrYX/ | 12:57 |
| depasquale | this is the configuration of a controller (or compute) allo of them have clearly a similar configuration | 12:58 |
| depasquale | I am running on top of Ubuntu 20.04 LTS | 12:58 |
| jrosser | damnthem: becasue the version of the openstack-sdk is extremely tightly coupled to the version of the ansible collection for openstack, so you risk breaking the ansible environment pretty badly | 12:58 |
| depasquale | https://paste.opendev.org/show/b5AoakwTGSCOZDLfwF3A/ | 12:58 |
| depasquale | jrosser: this is my configuration of openstack_user_config.yaml | 12:59 |
| depasquale | *yml | 12:59 |
| jrosser | damnthem: you should treat the verson control of the openstack-sdk in the utility container as being critical to the proper working of the ansible modules on your deploy host | 12:59 |
| depasquale | you can see I have commented out flat configuration I was used with previous versions | 12:59 |
| depasquale | for the network with container_bridge: "br-vlan" I am trying both to link directly provider0 net, or br-vlan bridge interface... no success for the moment :) | 13:01 |
| jrosser | well br-vlan is a bridge | 13:01 |
| jrosser | not an interface | 13:01 |
| jrosser | but i am no expert at all on OVN / OVS | 13:02 |
| depasquale | jrosser: you are in any case very gentle in supporting whoever has an issue in this channel. Thank you! | 13:03 |
| jrosser | depasquale: perhaps take a look here https://github.com/openstack/openstack-ansible/blob/master/etc/openstack_deploy/openstack_user_config.yml.aio.j2#L178-L192 | 13:03 |
| jrosser | this is the setup used in the all-in-one for OVN | 13:04 |
| jrosser | i think that network_interface might be important here for an OVS based setup | 13:05 |
| depasquale | oh I see | 13:05 |
| depasquale | there is a flat and a vlan definition for the network | 13:05 |
| depasquale | maybe I am wrong in this point | 13:05 |
| jrosser | well, remember this is the all-in-one configuration which has to collapse all the things into very few interfaces | 13:07 |
| jrosser | so for linuxbridge there was br-vlan, which carried tagged vlans for a `vlan` type network and also untagged traffic on the same bridge for `flat` type network | 13:08 |
| jrosser | i expect that something similar is happening here | 13:08 |
| damnthem | jrosser: I actually though about separate venv for openstack clli (python-openstackclient) or maybe special local dev env. And i was wrong abaout glance, i ment nova and openstack clis. | 13:08 |
| jrosser | damnthem: yeah, having thought about it unless you patch the same version as upper-constraints would have installed, things will go pretty bad for the ansible modules if you update the version of openstacksdk | 13:10 |
| anskiy | depasquale: https://paste.opendev.org/show/bVKpyb6d03erXUejzu1p/ here is a snippet from our bare-metal deployment configuration with OVN, if that helps. | 13:11 |
| jrosser | damnthem: take a look here https://galaxy.ansible.com/openstack/cloud at the `Branches and Non Backward Compatibility` section | 13:11 |
| jrosser | depasquale: there is a lot of documentation also in our neutron ansible role https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-openvswitch.html | 13:13 |
| jrosser | thats separate from the deploy guide, but it talks about all the different options you've got for neutron | 13:14 |
| depasquale | anskiy: thanks I am already studing :) | 13:15 |
| depasquale | jrosser: thank you I will look inside | 13:15 |
| depasquale | jrosser: I confirm this is the guide to create the configuration in ansible pre-deployment that I followed | 13:16 |
| depasquale | anskiy; it is very interesting there are no definition of host bind overrides | 13:18 |
| depasquale | I will try if a similar configuration for my environment | 13:18 |
| anskiy | depasquale: that's probably a sideeffect of not using LXC | 13:19 |
| jrosser | host bind override is to do with which interface is given to neutron iirc | 13:34 |
| jrosser | from the docs | 13:35 |
| jrosser | `The host_bind_override override is used for LinuxBridge-based deployments, and requires a physical interface name which will then be used by the LinuxBridge agent for flat and vlan-based provider and tenant network traffic.` | 13:35 |
| jrosser | and | 13:35 |
| jrosser | `The network_interface override is used for Open vSwitch and OVN-based deployments, and requires a physical interface name which will be connected to the provider bridge (ie. br-ex) for flat and vlan-based provider and tenant network traffic.` | 13:35 |
| mgariepy | https://paste.openstack.org/show/bMuHP8BnuP9VjYIZb8wf/ | 14:50 |
| mgariepy | anyone seen this with galera? | 14:50 |
| admin19 | depasquale, your br-vlan will not work | 15:00 |
| admin1 | the reason it will not work is because your br-vlan is on top of tag 40 | 15:00 |
| admin1 | so unless you are doing QinQ .. it will not work | 15:01 |
| depasquale | admin19: thank you I will investigate the point and opt for provider0 (lower level interface) | 16:01 |
| mgariepy | had to delete grastate.dat then restart mysql for it to restart correctly. | 17:37 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!