| jheikkin | Hi, I have a question about openstack-ansible. Does it always deploy lxc containers when installing openstack? Is it possible to deploy openstack without using lxc when using openstack-ansible? | 06:18 |
|---|---|---|
| jrosser | jheikkin: yes it is possible to deploy entirely without the lxc containers | 06:21 |
| jheikkin | Thank you! | 06:22 |
| jrosser | jheikkin: out of interest, which would you find preferable? | 06:22 |
| jheikkin | In the context of what we are planning now, either podman or systemd-nspawn. | 06:24 |
| jrosser | perhaps good job I asked | 06:24 |
| jrosser | in osa the lxc are analogous to virtual machines, not anything like podman conceptually | 06:25 |
| jrosser | consider them es extra fully fledged hosts which just happen to use the kernel of the physical host | 06:26 |
| jrosser | if you deploy osa without using lxc (what we call a “metal” deploy) then there is no separation of any of the services from the host, everything runs straight on the host | 06:28 |
| noonedeadpunk | we actually used to have nspawn, though we sunsetted it due to the limit of interest | 07:21 |
| noonedeadpunk | (and there were some complications with EL iirc as well) | 07:21 |
| noonedeadpunk | this is smth also worth backporting and merging: https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/921796 | 07:41 |
| jrosser | nspwan was also very very difficult to set up the networking on | 07:42 |
| kleini | jrosser, do we have details on why the network setup for nspawn was difficult? I always thought, this is very easy as it is tightly integrated into systemd-networkd | 07:44 |
| jrosser | there was, iirc, difficulty with having multiple interfaces | 07:45 |
| kleini | interesting. I am going to have a look on that | 07:46 |
| noonedeadpunk | frankly, I never tried it for real... But iirc there was smth fishy around passing physical interfaces inside containers | 07:47 |
| jrosser | i guess you would be able to see by looking in the old ansible roles for this | 07:47 |
| noonedeadpunk | like if you have SR-IOV | 07:47 |
| jrosser | and i can't remember if we also used macvlan with it, which is also not the most striaghtforward | 07:47 |
| noonedeadpunk | but to be fair - I guess there was just nobody interested enough to maintain/evolve it | 07:48 |
| kleini | oh, didn't have SR-IOV in my mind. that might be tricky. and macvlan is very tricky if host to container connectivity is necessary | 07:48 |
| * noonedeadpunk uses sr-iov in some envs | 07:48 | |
| jrosser | huh so ansible 2.17 `<172.29.236.100> ESTABLISH SSH CONNECTION FOR USER: None` | 07:49 |
| jrosser | thats not going to work | 07:49 |
| opendevreview | Christian Berendt proposed openstack/ansible-hardening master: Rename internal parameter user_list to hardening_user_list https://review.opendev.org/c/openstack/ansible-hardening/+/921827 | 08:12 |
| noonedeadpunk | ah | 08:17 |
| noonedeadpunk | I think I have a bug report for this one actually | 08:18 |
| noonedeadpunk | https://bugs.launchpad.net/openstack-ansible/+bug/2044229 | 08:18 |
| noonedeadpunk | I think that;s kinda related | 08:18 |
| noonedeadpunk | or may be not... | 08:20 |
| jrosser | i think this is a case for git bisect on ansible | 08:24 |
| jrosser | they added type annotations recently, thats the only thing i can see obviously different in the ssh plugin | 08:24 |
| jrosser | this commit breaks it https://github.com/ansible/ansible/commit/21a987b8b6a6c3da24941d0450ddb195f65b04f5 | 08:44 |
| noonedeadpunk | we should switch default I assume | 08:45 |
| noonedeadpunk | https://github.com/ansible/ansible/blob/21a987b8b6a6c3da24941d0450ddb195f65b04f5/lib/ansible/plugins/connection/ssh.py#L314C8-L314C23 | 08:46 |
| noonedeadpunk | none for us: https://opendev.org/openstack/openstack-ansible-plugins/src/branch/master/plugins/connection/ssh.py#L235-L246 | 08:46 |
| jrosser | ah good catch | 08:51 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-plugins master: Update ssh_transfer_method parameter definition to match upstream https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/921837 | 08:57 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Update ansible to 2.17 https://review.opendev.org/c/openstack/openstack-ansible/+/921735 | 08:58 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Update ansible to 2.17 https://review.opendev.org/c/openstack/openstack-ansible/+/921735 | 10:06 |
| noonedeadpunk | damiandabrowski: if around - can you check if https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/921796 makes sense to you? | 10:25 |
| noonedeadpunk | would be nice to backport that asap as well... | 10:25 |
| damiandabrowski | approved! | 10:27 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone stable/2024.1: Define oslo_messaging_rabbit section if either RPC or Notifications are enabled https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/921845 | 11:19 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Remove handler delegation for DB contract https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/921851 | 11:50 |
| noonedeadpunk | catched that during 20.04->22.04 upgrade | 11:50 |
| opendevreview | Merged openstack/openstack-ansible-os_keystone master: Define oslo_messaging_rabbit section if either RPC or Notifications are enabled https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/921796 | 12:19 |
| jrosser | maybe we need to copy the old ceph-nfs role into the plugins repo | 12:40 |
| noonedeadpunk | or whole ceph-ansible to ops... | 12:42 |
| jrosser | i was just testing out ceph-ansible 8.0 again | 12:42 |
| jrosser | as there is 2.17 invalid ansible syntax in stable-7.0 | 12:42 |
| noonedeadpunk | well, what strikes me is that they intended to replace it with smth | 12:42 |
| noonedeadpunk | is 8 any better? | 12:42 |
| noonedeadpunk | except nfs part | 12:42 |
| noonedeadpunk | and absent clients | 12:42 |
| noonedeadpunk | and ... many more :D | 12:43 |
| jrosser | well, all that is fixed, up to date linter seems to have been applied | 12:43 |
| jrosser | tbh i was hoping to find out if it works by just trying it in AIO | 12:43 |
| noonedeadpunk | feels worth having another slack round about intentions and where we can help with nfs | 12:43 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build master: Ignore repo container facts gathering errors https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/921858 | 13:00 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-os_cinder master: Start iscsid on cinder-volume hosts using LVM backend https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/921872 | 14:56 |
| opendevreview | Merged openstack/openstack-ansible stable/2024.1: Grammar and OS corrections https://review.opendev.org/c/openstack/openstack-ansible/+/921795 | 16:03 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!