| opendevreview | Takashi Kajinami proposed openstack/ansible-role-uwsgi master: Drop openstack-ansible-linters-ubuntu-bionic https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/909486 | 01:10 |
|---|---|---|
| noonedeadpunk | good morning | 08:35 |
| noonedeadpunk | I was looking at neutron yesterday for adding ovn-bgp plugin, and realized that we have to run some services as root because we connect to ovs socket which has quite restricted ownership. But instead, we can connect on port.... | 08:36 |
| noonedeadpunk | ie https://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/templates/neutron_ovn_metadata_agent.ini.j2#L17 | 08:37 |
| noonedeadpunk | https://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/vars/main.yml#L515-L516 | 08:37 |
| noonedeadpunk | So I'm really thinking about replacing that with `tcp:127.0.0.1:6640` as a default | 08:41 |
| jrosser | {{ management_address }} ? | 08:42 |
| noonedeadpunk | It's kinda even more logical, as ovs shows manager to be exactly that | 08:42 |
| jrosser | ah right it only needs to be a socket listening on localhost? | 08:42 |
| noonedeadpunk | nah, it listens exactly on 127.0.0.1 | 08:42 |
| noonedeadpunk | https://paste.openstack.org/show/bxYqLYJ91a1HIZCE7VUY/ | 08:42 |
| jrosser | right | 08:42 |
| noonedeadpunk | maybe we can configure OVS to listen on management_address indeed though... But I assume it never expects remote connection | 08:43 |
| jrosser | if we don't need it, then it should listen as minimally as possible | 08:45 |
| noonedeadpunk | So far it's needed only for OVN I assume, like metadata, vpnaas, bgp agent under ovn which would run locally | 08:46 |
| noonedeadpunk | so yeah | 08:46 |
| noonedeadpunk | as /var/run/openvswitch/db.sock having 750 and owned by root:root | 08:47 |
| noonedeadpunk | jamesdenton: do you know any good reason why we should connect to ovs manager via socket rather then port? | 08:48 |
| opendevreview | Merged openstack/ansible-role-uwsgi master: Drop openstack-ansible-linters-ubuntu-bionic https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/909486 | 10:11 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Run neutron OVN agents as neutron user https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/909525 | 12:34 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Add VPNaaS OVN support https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/908341 | 12:35 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Add VPNaaS OVN support https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/908341 | 12:36 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Add VPNaaS OVN support https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/908341 | 12:37 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Add variable to control distributed FIP choice https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/909470 | 12:37 |
| maxim | hey fellas, i was reading the OSA Caracal vPTG summary - Oct'23. Its been mentioned Incus could be a manager for osa lxc. Is there any work or updates regarding its implementation ? | 13:55 |
| ThiagoCMC | That sounds cool! Today I'm already using Ubuntu/LXD for OSA+Ceph. The thing is that OSA/Ceph aren't "aware" that I'm using LXD behind the scenes (I pretend LXD are "regular machines" and point the Inventory to them, works great). I'm planning to build a setup based on Debian/Incus soon as it becomes available. | 14:28 |
| noonedeadpunk | maxim: no, not really. there's quite old DNM patch for LXD that jrosser made a while ago, but no recent work was done in fact | 14:29 |
| jrosser | maxim: if you are able to work on LXC support it would be interesting to see | 14:32 |
| jrosser | similarly ThiagoCMC this stuff does not just happen without contribtions :) | 14:33 |
| jrosser | at the moment i do not have time to work on this myself, but anyone else is welcome to make patches | 14:33 |
| ThiagoCMC | jrosser, sure, I want to contribute. But I'm more of a "beta tester" or "QA guy"... I'm not a software developer (but I do know a bit of Bash, Python and Ansible). | 14:38 |
| ThiagoCMC | I'm playing around with Ceph Ansible. I'll see if we can still use it with Ubuntu 24.04. | 14:38 |
| mgariepy | ThiagoCMC, i'm also a sysadmin also :) doesn't prevent you of doing patches, etc. you only need to learn to use git with gerrit mostly. | 14:59 |
| noonedeadpunk | #startmeeting openstack_ansible_meeting | 15:02 |
| opendevmeet | Meeting started Tue Feb 20 15:02:00 2024 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:02 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:02 |
| opendevmeet | The meeting name has been set to 'openstack_ansible_meeting' | 15:02 |
| noonedeadpunk | #topic roll call | 15:02 |
| mgariepy | hey | 15:02 |
| noonedeadpunk | o/ hey everyone | 15:02 |
| NeilHanlon | o/ | 15:04 |
| NeilHanlon | running a bit late will be at my computer in 10 | 15:04 |
| noonedeadpunk | #topic office hours | 15:11 |
| noonedeadpunk | Frankly speaking - I don't have much | 15:11 |
| NeilHanlon | (made it) | 15:11 |
| noonedeadpunk | We had really teriffic bug fighting day | 15:11 |
| noonedeadpunk | super nice to see bugs fitting just 2 pages :) | 15:11 |
| NeilHanlon | :D super sorry i wasn't able to participate.. that was.. a day | 15:12 |
| noonedeadpunk | hopefully soonish will be able to iterate over ones on the etherpad | 15:12 |
| NeilHanlon | great job everyone | 15:12 |
| noonedeadpunk | other then that - I failed to add us access to unmaintained branches. And Brians ML really confused me a lot | 15:12 |
| * noonedeadpunk looking through the review board | 15:14 | |
| noonedeadpunk | some backports are still pending to merge: https://review.opendev.org/q/parentproject:openstack/openstack-ansible+branch:%5Estable/.*+status:open+ | 15:14 |
| noonedeadpunk | or pending for recheck... | 15:15 |
| NeilHanlon | i will poke at those in a bit | 15:17 |
| noonedeadpunk | I guess once most important land - it should be time for another point releases and first minor release for 2023.2 | 15:20 |
| noonedeadpunk | it was never _that_ late frankly speaking... | 15:20 |
| noonedeadpunk | The only known issue for upgrade might be missing rabbitmq flags actually | 15:21 |
| noonedeadpunk | But they should be covered in OS upgrade right now at least... | 15:21 |
| noonedeadpunk | We also had quite good progress on landing capi stuff | 15:21 |
| opendevreview | Merged openstack/openstack-ansible stable/2023.1: [doc] Remove guidance to drain RMQ which can result in failures https://review.opendev.org/c/openstack/openstack-ansible/+/908801 | 15:27 |
| noonedeadpunk | but it feels that other goals for the release might not be met :( | 15:28 |
| noonedeadpunk | ie - proxysql, incus, pki + vault integration | 15:29 |
| noonedeadpunk | mainly because of me having hard times lately with ENOTIME | 15:29 |
| jrosser | o/ sorry in too many meetings, here now | 15:29 |
| noonedeadpunk | Though, we can potentially add some things for OVN | 15:32 |
| noonedeadpunk | like vpnaas support | 15:32 |
| jrosser | magnum stuff too | 15:32 |
| noonedeadpunk | Ah, Octavia OVN support was in our list as well, and I think this patch is not fair enough to go | 15:33 |
| noonedeadpunk | https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/868462 | 15:33 |
| jrosser | feels like endless yak shaving right now with that :/ | 15:33 |
| noonedeadpunk | ugh, magnum actually fails with openstack_resources role on upgrade | 15:33 |
| noonedeadpunk | I was never able to really reproduce the thing :( | 15:34 |
| noonedeadpunk | it's not that I was able to spend enough time though :( but it was tricky to do so | 15:34 |
| noonedeadpunk | maybe now when openstack_resources landed, it will be easier to do... | 15:35 |
| jrosser | there is also still the patch for OVN + octavia, regardless of the ovn provider | 15:36 |
| jrosser | thats totally broken right now in AIO | 15:36 |
| noonedeadpunk | oh, btw. all fixes for quorum landed to oslo.messaging: https://review.opendev.org/q/topic:%22bug-2031497%22 | 15:36 |
| noonedeadpunk | yes, true. | 15:37 |
| noonedeadpunk | but it kinda works out of AIO | 15:37 |
| jrosser | that is pretty much OK except that the patch needs to also work for !debians | 15:37 |
| jrosser | i think it's ovs installation during bootstrap_host now working on centos/rocky | 15:37 |
| jrosser | *not working | 15:37 |
| noonedeadpunk | so... neutron was not failing on that | 15:38 |
| noonedeadpunk | like this passed today: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/908341?tab=change-view-tab-header-zuul-results-summary | 15:38 |
| jrosser | this https://review.opendev.org/c/openstack/openstack-ansible/+/894811 | 15:39 |
| noonedeadpunk | no idea what it testing though | 15:39 |
| jrosser | the lbaas network is just not a thing currently in AIO | 15:39 |
| jrosser | like totally broken | 15:39 |
| noonedeadpunk | I guess we'd need a SIG for openvswitch? | 15:40 |
| noonedeadpunk | It's not present in default repos | 15:40 |
| noonedeadpunk | But also... It's weird we need to create ovs bridges in advance for octavia | 15:41 |
| jrosser | we need to plumb the container bridges into the provider network | 15:41 |
| noonedeadpunk | Shouldn't defining neutron_provider_networks do the trick? | 15:41 |
| jrosser | well i'm not sure, this is why i asked jamesdenton and the result was that patch | 15:41 |
| noonedeadpunk | https://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/tasks/providers/ovs_config.yml#L16 | 15:41 |
| noonedeadpunk | I think this runs both for OVS and OVN... But like not 100% sure. >90 though | 15:42 |
| noonedeadpunk | ok, for OVN it's here: https://opendev.org/openstack/openstack-ansible-os_neutron/src/branch/master/tasks/providers/setup_ovs_ovn.yml#L64-L86 | 15:43 |
| noonedeadpunk | but kinda same thing? | 15:43 |
| jrosser | well also octavia role runs after neutron | 15:43 |
| noonedeadpunk | yeah | 15:43 |
| jrosser | so also i wonder if there is chicken/egg trouble | 15:43 |
| jrosser | as there is network stuff defined in the octavia role | 15:43 |
| noonedeadpunk | but if it's after - it should be fine... | 15:43 |
| noonedeadpunk | and yes, octavia does create a neutron networks | 15:44 |
| opendevreview | Merged openstack/openstack-ansible stable/zed: [doc] Remove guidance to drain RMQ which can result in failures https://review.opendev.org/c/openstack/openstack-ansible/+/908802 | 15:44 |
| noonedeadpunk | so I think defining decent neutron_provider_networks should be jsut fine | 15:44 |
| jrosser | anyway this is pretty big deal, i think it means we're not really testing octavia properly right now | 15:44 |
| noonedeadpunk | I can try to look into that actually and compary with what I have in our full-scale OVN sandbox | 15:45 |
| jrosser | that would be very helpful, i don't have anything like that as reference | 15:46 |
| noonedeadpunk | ok, good | 15:56 |
| noonedeadpunk | as frankly for sandbox it worked really out of the box once I've defined proper mappings. | 15:57 |
| noonedeadpunk | just matter of doing that through provider_networks in openstack_user_config... But I guess at worst we can just define neutron_provider_networks in user_vars_octavia or smth | 15:57 |
| admin1 | the octavia patch just worked out of the box .. and everyone copied it over as a procedure, so until now no one tested it like you guys :) | 15:58 |
| admin1 | i meant since br-vxlan br-vlan etc were necessary to be defined, even though br-lbaas was just a tag/patch on br-vlan, it took itself as a procedure | 15:59 |
| noonedeadpunk | admin1: well. I made quite some clean-up of it, as there were never used variables added | 15:59 |
| admin1 | and its not a biggie also that people complained | 15:59 |
| noonedeadpunk | but yeah | 16:00 |
| admin1 | out of dozens of steps to prepare the server and netplan, it became 1 more block of code | 16:00 |
| admin1 | its like don't fix unless broken type of procedure :) | 16:00 |
| admin1 | though an automated one will be nice as well .. no more /etc/rc.local stuff | 16:01 |
| noonedeadpunk | #endmeeting | 16:01 |
| opendevmeet | Meeting ended Tue Feb 20 16:01:33 2024 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:01 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2024/openstack_ansible_meeting.2024-02-20-15.02.html | 16:01 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2024/openstack_ansible_meeting.2024-02-20-15.02.txt | 16:01 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2024/openstack_ansible_meeting.2024-02-20-15.02.log.html | 16:01 |
| maxim | sorry for the delay. noonedeadpunk: thanks for the info. | 16:14 |
| maxim | jrosser: i can definitely look into LXC support but i am but a beginner at OS and OSA. Been using lxd and now incus for some time. I have an eye on pylxd and to port to incus compatible api. Maybe that will teach me something about what can be done for lxc support here. Let me take baby steps | 16:15 |
| jrosser | sure - i also use LXD to deploy supporting things around my openstack setup | 16:16 |
| maxim | jrosser: where would be a good place for me to start regarding incus support ? noonedeapunk mentioned about DNM patch, can you then point me to it ? | 16:38 |
| jrosser | maxim: i have this https://review.opendev.org/c/openstack/openstack-ansible/+/738599 | 16:39 |
| jrosser | and this https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/738657 | 16:39 |
| jrosser | both most certainly out of date now | 16:40 |
| jrosser | lxd/incus offer much functionality over LXC, so there is opportunity for a large refactoring of how things like bind mounts and networking are setup | 16:41 |
| jrosser | perhaps moving a large number of our existing ansible tasks to native functionality | 16:41 |
| jrosser | such as the use of cloud-init for first-boot configuration of containers, and so on | 16:42 |
| jrosser | there is this also but it uses snap which is basically not acceptable https://github.com/jrosser/openstack-ansible-lxd_hosts/tree/master | 16:43 |
| jrosser | and this https://github.com/jrosser/openstack-ansible-lxd_container_create/blob/master/tasks/main.yml | 16:44 |
| jrosser | but it is 4 years since i looked at this so really cannot remember much of it | 16:44 |
| maxim | thanks. good to have these links and sure its old but a good starting point. | 16:47 |
| maxim | as far as i see, lxd and incus are bound to diverge moving forward due to varying licenses. This means its either or and both. I would personally prefer taking the direction of incus implementation as lxd will eventually find its way in OS throgh charms and juju. Does OSA have any preferences ? | 16:51 |
| maxim | *either or and not both | 16:52 |
| jrosser | well snap installation is not OK | 16:53 |
| jrosser | so that has some impact on use of LXD | 16:53 |
| opendevreview | Merged openstack/ansible-role-systemd_networkd stable/2023.1: Use OriginalName instead of Name in systemd.link https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/908814 | 16:56 |
| noonedeadpunk | maxim: basically, snap was always a blocker for us to have a go with LXD | 17:03 |
| noonedeadpunk | maxim: there's some WIP patches made looong ago: https://review.opendev.org/c/openstack/openstack-ansible/+/738599 and https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/738657 | 17:04 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Allow general purpose resources to be created during setup-openstack https://review.opendev.org/c/openstack/openstack-ansible/+/909411 | 17:23 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Always use physnet1 as external network name in AIO and examples https://review.opendev.org/c/openstack/openstack-ansible/+/908766 | 17:26 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Allow general purpose resources to be created during setup-openstack https://review.opendev.org/c/openstack/openstack-ansible/+/909411 | 17:26 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova stable/2023.1: Evaluate my_ip address once https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/908699 | 17:46 |
| jrosser | hmm looks like there is an OSA related question on the ML which i'm not sure about | 18:30 |
| jrosser | https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/34QCMTBXTQERWX2QQMEMHXPEKIAQZRUF/ | 18:30 |
| noonedeadpunk | yep, saw it | 18:47 |
| noonedeadpunk | I'm also not sure in fact. | 18:47 |
| noonedeadpunk | except obvious issue with proto ofc | 18:48 |
| noonedeadpunk | but again - shouldn't cause connection refused... | 18:48 |
| noonedeadpunk | and I would get if it's mariadb.... | 18:49 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!