| opendevreview | Aleksandr Chudinov proposed openstack/openstack-ansible-os_glance master: Add property protection configuration https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/909820 | 07:15 |
|---|---|---|
| gokhan__ | hello folks, I am getting connection refused error on galera install when setting haproxy service state. https://paste.openstack.org/show/b73YzaYuUVT001L6BJWn/ Any thoughts for that ? I am deploying antelope 27.4.0 | 07:17 |
| jrosser | gokhan__: what did you try already for debugging? | 07:23 |
| gokhan__ | jrosser, I run ansible playbook with -vvv | 07:25 |
| gokhan__ | after running setup-infrastructure, I run with -vvv to see error in wide | 07:26 |
| jrosser | so it says there “Failed to connect to the host via ssh” | 07:28 |
| jrosser | did you test that ssh without ansible? the ip it tries to connect to is there in the log | 07:28 |
| gokhan__ | jrosser, yes I tried it and without ansible I can connect test-infra1 and test-infra2 with ssh | 07:30 |
| jrosser | no - to the ip, not the hostname | 07:30 |
| jrosser | I have no idea is that ip is the correct one | 07:31 |
| gokhan__ | sorry yes I can connect with ips | 07:31 |
| gokhan__ | jrosser, when running ssh -C -o ControlMaster=auto -o ControlPersist=300 -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=5 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=64 -o ServerAliveCountMax=1024 -o Compression=no -o TCPKeepAlive=yes -o | 07:36 |
| gokhan__ | VerifyHostKeyDNS=no -o ForwardX11=no -o ForwardAgent=yes -T 10.13.0.22 '/bin/sh -c '"'"'/usr/bin/python3'"'"'' it is waiting and there is no response | 07:36 |
| jrosser | is haproxy running correctly on the infra nodes? | 07:37 |
| jrosser | for example, you can see the status correctly with hatop | 07:39 |
| gokhan__ | jrosser, https://paste.openstack.org/show/bbNXQWchVjNUCgGWy5ND/ it gives insufficient permissions. may be I run wrong command | 07:46 |
| gokhan__ | jrosser, thanks I solved issue. fistly haproxy status is active but when restart it, it throws error because of skyline configs in haproxy. I resolved it and now it is working. | 07:51 |
| jrosser | ok so the error from ansible about the ssh connection was misleading | 07:52 |
| jrosser | the actual connection error was to the haproxy stats socket as the module wanted to adjust the haproxy through that | 07:53 |
| jrosser | gokhan__: do you make skyline work? | 07:53 |
| gokhan__ | jrosser, yes we have used your skyline role and make a little changes on it. But we have changed skyline role for working on victoria. | 07:55 |
| gokhan__ | we have been using skyline for nearly 1 year and used your role for installation. | 07:56 |
| gokhan__ | I upgraded my env from victoria to antelope. now I am making distribution upgrade from focal to jammy. after finished core service upgrade, we will work on skyline role on antelope. | 07:59 |
| noonedeadpunk | gokhan__: oh, this is actually would be good to get finalized | 08:03 |
| noonedeadpunk | we already have 80% working role fwiw | 08:04 |
| gokhan__ | noonedeadpunk, yes after upgrade our env we can work on this https://review.opendev.org/c/openstack/openstack-ansible/+/859446 and we have already working skyline role | 08:07 |
| noonedeadpunk | gokhan__: huh, there's also a role fwiw: https://opendev.org/openstack/openstack-ansible-os_skyline | 08:09 |
| gokhan__ | noonedeadpunk, yes I know it. in our first installation we have used jrosser skyline role. | 08:14 |
| noonedeadpunk | yeah, ok, it's the same one | 08:14 |
| noonedeadpunk | it's forked from his github | 08:14 |
| noonedeadpunk | but last time I tried it, I failed to auth in skyline... | 08:14 |
| jrosser | i have just no time at all to work on this | 08:17 |
| gokhan__ | my team also is skyline contributor and in our env it is working. we will test this asap. I hope probably next week | 08:17 |
| jrosser | if you find things that need changing in the skyline role for OSA then please make patches or share a diff with us | 08:17 |
| gokhan__ | jrosser, it is in our plan, we will look at differences and make patches for skyline role.we can make it work. | 08:20 |
| noonedeadpunk | that would be really awesome, as I also have kinda no time/prio for that as we've beeing using in-house UI as of today | 08:39 |
| jrosser | oh my what mess is the tempest role :( | 08:45 |
| jrosser | so much complexity and stuff with needing to supply both public network name and ID (sometimes) | 08:46 |
| jrosser | and if you create public network outside os_tempest its mandatory to provide the ID | 08:46 |
| jrosser | except then later (sometimes) os_tempest looks up the ID for itself https://github.com/openstack/openstack-ansible-os_tempest/blob/master/tasks/tempest_resources.yml#L219-L229 | 08:47 |
| noonedeadpunk | yeah, I know... | 09:25 |
| noonedeadpunk | and it's super tough to do anything without really breaking changes to it | 09:26 |
| noonedeadpunk | which would more be like - create a new tempest role | 09:26 |
| gokhan__ | do we really need http://ubuntu-cloud.archive.canonical.com/ repo for source install method ? | 10:41 |
| jrosser | gokhan__: there are quite some things in there apart from the openstack services | 10:46 |
| jrosser | typically that might be libvirt, or perhaps ovs or something like that newer than you would usually get with the ubuntu LTS | 10:47 |
| jrosser | but it would be the one you need for some version of openstack | 10:47 |
| gokhan__ | jrosser, thanks for information. | 10:51 |
| ThiagoCMC | I do rely on having UCA for source install method, because it'll bring new versions of Libvirt, Ceph, sometimes even OpenvSwitch. Which also makes it a lot easier to roll out major upgrades one after another. | 11:28 |
| mgariepy | hey -c | 13:18 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-plugins stable/2023.2: Add override for gluster host used for bootstrap operations https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/909827 | 13:55 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-plugins stable/2023.1: Add override for gluster host used for bootstrap operations https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/909868 | 13:57 |
| hamburgler | ThiagoCMC: you shouldn't need to use the UCA for Ceph if you're using 22.04 https://download.ceph.com/debian-18.2.1/dists/ - jammy is supported in the ceph community repo, this would give you more control over versions than with the UCA | 15:05 |
| hamburgler | unless you're not using reef :) | 15:06 |
| spatel | Folks, trying to understand how does Cinder talk to thrid party storage system. How do I know wether it has support or not? | 16:02 |
| spatel | https://www.ngxstorage.com/ | 16:02 |
| spatel | we are arranging NGX storage system and I want to check if cinder has support or not | 16:03 |
| spatel | If cinder support then how does it handover iscsi to instances? | 16:04 |
| noonedeadpunk | spatel: well, I don't see it in a support matrix at least: https://docs.openstack.org/cinder/latest/reference/support-matrix.html | 16:25 |
| noonedeadpunk | doesn't mean there's no driver though... but then worth asking these questions to the vendor directly | 16:25 |
| spatel | noonedeadpunk cool! | 16:56 |
| spatel | noonedeadpunk let me understand, cinder-volume driver will make API call to storage and create iscsi lun and pass it to vm instance right? | 16:57 |
| noonedeadpunk | I would assume so, yes | 16:58 |
| noonedeadpunk | Or well. It talk to Nova saying the path to the volume | 16:59 |
| noonedeadpunk | but yes, sotrage interaction is on cinder-volume | 16:59 |
| spatel | noonedeadpunk perfect! | 17:16 |
| spatel | I will work with vendor to find out support | 17:17 |
| jrosser | spatel: ……. https://www.ngxstorage.com/solutions/openstack/ | 17:23 |
| jrosser | just like google :) | 17:23 |
| spatel | Got mesg from vendor also :) They have support | 17:24 |
| jrosser | you should check it’s current | 17:25 |
| jrosser | and not only for whatever old version RH currently sell | 17:25 |
| spatel | Its paid storage so I am sure vendor will help to implement. | 17:26 |
| jrosser | hah | 17:26 |
| jrosser | juniper Cisco and everyone else who | 17:26 |
| jrosser | abandoned their drivers don’t agree with that | 17:26 |
| spatel | I will run some test with they and hope its workout | 17:26 |
| jrosser | fwiw I am suuuuper wary of these things | 17:26 |
| spatel | Agreed, that is why we love ceph | 17:28 |
| jrosser | and if they are not running 3rd party ci against cinder patches…. why not would be the question | 17:28 |
| spatel | good question | 17:29 |
| ThiagoCMC | hamburgler, there's an internal policy in which we can not install packages outside of Ubuntu's official repositories. This is to not mess up with our "supply chain trust". | 18:04 |
| ThiagoCMC | I'm very grateful for the work Canonical does with UCA and also HWE! It makes it smooth to perform major upgrades from one OpenStack and Ceph to another, and then from one Ubuntu LTS to another. | 18:05 |
| noonedeadpunk | ThiagoCMC: but UCA is kinda Canonical official supply? | 18:19 |
| ThiagoCMC | Yes, it is... =P | 18:20 |
| ThiagoCMC | That's why we can only use packages from UCA, not from third-party repos. Not even from ceph.com. | 18:21 |
| noonedeadpunk | so you use also shipped distro rabbit and mariadb? | 18:23 |
| noonedeadpunk | But I kinda feel you - we also have a tough process of allowing/trusting sources | 18:25 |
| ThiagoCMC | Well, there are exceptions. lol - But those must be well documented, rare, and keep properly tracked... And it seems that rabbitmq-server and erlang-base are from Ubuntu repos (I just checked the LXC container in my OSA). And yeah, we would prefer to use MariaDB from Ubuntu as well, but not there yet. | 18:42 |
| hamburgler | ThiagoCMC: gotcha :), that makes sense | 19:37 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!