| spatel | Folks, I am trying to upgrade my one of wallaby cloud to Xena-em and encounter this error - https://paste.opendev.org/show/bXyVvR5aARkEz4ypH7pr/ | 02:14 |
|---|---|---|
| spatel | found this, will try and see - https://bugs.launchpad.net/openstack-ansible/+bug/1971606 | 02:19 |
| spatel | Look like this is something else.. | 02:25 |
| spatel | After this bug report solution it move little bit and got this error now - https://bugs.launchpad.net/openstack-ansible/+bug/1971606 | 02:32 |
| noonedeadpunk | I've replied to the bug | 06:44 |
| jrosser | o/ good morning | 07:20 |
| jrosser | noonedeadpunk: https://review.opendev.org/c/openstack/openstack-ansible/+/923596 looks good - did you have an example of where that is helpful? we have an l3 deployment....... | 07:22 |
| jrosser | andrewbonney: did you see this? https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/924474 | 07:33 |
| andrewbonney | I'd seen the issue, hadn't looked a the fix yet | 07:34 |
| jrosser | i think that affects some of our internal code too | 07:37 |
| andrewbonney | Yeah, I've added a note to review | 07:37 |
| noonedeadpunk | jrosser: what I did is smth like that: https://paste.openstack.org/show/bycWEM0cveqUWWxRv4DQ/ | 07:40 |
| noonedeadpunk | the only thing I miss is kinda jinja parsing of file, to be able to use variables to replace variables, but I kinda get why it's not possible | 07:41 |
| jrosser | ah right, were previously you could only do things like network nodes | 07:41 |
| noonedeadpunk | as otherwise I'd need to make a separate env.d for cinder/nova/etc... | 07:42 |
| noonedeadpunk | (I guess) | 07:42 |
| noonedeadpunk | but also for net nodes it makes kind of limited sense | 07:43 |
| noonedeadpunk | as you can define neutron_provider_networks in group_vars at all | 07:43 |
| jrosser | ok looks like ours is slightly different as we have kind of a centralised control plane (it's not distributed L3, it's in its own 'pod') | 07:49 |
| jrosser | but we do need something very much like what you show for br-mgmt, and we have something like https://paste.opendev.org/show/bspusBHP5zbne2fw9sv9/ | 07:51 |
| noonedeadpunk | and does it work today? | 07:52 |
| jrosser | seems to | 07:52 |
| noonedeadpunk | hm.. then maybe this patch is not needed.... | 07:52 |
| jrosser | well, "all_containers" is very blunt though, and you want to be specific | 07:53 |
| noonedeadpunk | or well, it should filter out all_containers | 07:53 |
| jrosser | as br-mgmt is really everywhere, always | 07:53 |
| noonedeadpunk | yeah | 07:53 |
| noonedeadpunk | but maybe I can instead to do instead of az1_all az1_hosts... | 07:54 |
| noonedeadpunk | but iirc, it would leave cinder_volume without storage network as of today | 07:54 |
| noonedeadpunk | but then maybe it would be fine to bind to storage_hosts instead of cinder_volume... | 07:54 |
| noonedeadpunk | but then I do have more containers on storage_hosts then cinder :D | 07:55 |
| jrosser | tbh i think we have not tried something quite like yours, as actually there are no lxc involved in compute hosts | 07:55 |
| noonedeadpunk | yeah, anyway, I'd say that including containers to filtering list makes some sense at least... | 07:55 |
| opendevreview | Merged openstack/openstack-ansible master: reno: Update master for unmaintained/zed https://review.opendev.org/c/openstack/openstack-ansible/+/924140 | 11:16 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible stable/2024.1: Use UCA mirror in CI for ubuntu https://review.opendev.org/c/openstack/openstack-ansible/+/924602 | 11:20 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible stable/2023.2: Use UCA mirror in CI for ubuntu https://review.opendev.org/c/openstack/openstack-ansible/+/924603 | 11:21 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible stable/2023.1: Use UCA mirror in CI for ubuntu https://review.opendev.org/c/openstack/openstack-ansible/+/924604 | 11:21 |
| jrosser | hmmm gerrit ui seems suuuuuper slow to make cherry picks | 11:21 |
| noonedeadpunk | it seems just very slow now overall | 11:26 |
| noonedeadpunk | takes half a minute to save a comment | 11:26 |
| noonedeadpunk | but yes, cherry-picking itself got really bad for quite some time now | 11:26 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Add hosts setup playbooks to openstack-ansible-plugins collection https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/924257 | 11:31 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Combine Ubuntu/Debian vars together https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/924146 | 11:32 |
| jrosser | mnaser: would you have time to look at https://github.com/vexxhost/ansible-collection-kubernetes/pull/127 ? we need something like this in OSA to support mcapi on debian-12/ ubuntu noble | 11:51 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Test on Ubuntu Noble https://review.opendev.org/c/openstack/openstack-ansible/+/924342 | 12:04 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_adjutant master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_adjutant/+/924608 | 12:22 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_aodh master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/924609 | 12:26 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/924610 | 12:27 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_blazar master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_blazar/+/924611 | 12:32 |
| jrosser | noonedeadpunk: can you do me a sanity check - if you clone osa from opendev.org is master what you expect it to be? | 12:33 |
| noonedeadpunk | wait, what? | 12:36 |
| noonedeadpunk | you mean sha? | 12:37 |
| noonedeadpunk | https://paste.openstack.org/show/bvJ3ms4M4rcQ4JTHBRhR/ | 12:38 |
| opendevreview | Merged openstack/openstack-ansible-os_keystone master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/924474 | 12:39 |
| jrosser | noonedeadpunk i see this https://paste.opendev.org/show/bW0YDYFVBZc6eOpJmeY8/ | 12:44 |
| * jrosser uses github clone for now | 12:52 | |
| noonedeadpunk | I don't think I have that in tree | 12:52 |
| noonedeadpunk | ah, I do | 12:53 |
| noonedeadpunk | but it's quite down the line | 12:53 |
| noonedeadpunk | like one pagedown below | 12:54 |
| jrosser | see #opendev btw | 12:54 |
| noonedeadpunk | ah | 12:55 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_ceilometer master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/924616 | 13:07 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/924617 | 13:11 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_cloudkitty master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_cloudkitty/+/924618 | 13:16 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_designate master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_designate/+/924621 | 13:18 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_glance master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_glance/+/924622 | 13:22 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_gnocchi master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_gnocchi/+/924624 | 13:27 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_heat master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_heat/+/924625 | 13:31 |
| jrosser | ok so noble lxc issues are down to the `lxc-openstack` profile that we drop and use by default | 13:33 |
| jrosser | sticking to what the upstream noble lxc image uses `lxc.apparmor.profile = generated` then the containers can start just fine | 13:34 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/924626 | 13:37 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_magnum master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/924627 | 13:38 |
| noonedeadpunk | I bet Isaw patch for that? | 13:40 |
| noonedeadpunk | or depends-on doesn't work? | 13:40 |
| jrosser | so there is two things | 13:40 |
| jrosser | this is how it is setup out-of-the-box https://paste.opendev.org/show/bRJN51j0g8E6IpnkDn7D/ | 13:41 |
| jrosser | and i have a patch to duplicate that in /etc/lxc/lxc-openstack.conf https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/924340/2 | 13:42 |
| jrosser | but then we come along and do this later https://github.com/openstack/openstack-ansible/blob/master/inventory/group_vars/all_containers.yml#L19 | 13:43 |
| noonedeadpunk | I guess the question here if we do need anything from our own template | 13:43 |
| jrosser | and this is pretty gross, because for some time the apparmor stuff never worked on debian | 13:43 |
| jrosser | so we just make it "unconfined" | 13:44 |
| jrosser | yes so thats totally the question, if anything here is actually needed https://github.com/openstack/openstack-ansible-lxc_hosts/blob/master/templates/lxc-openstack.apparmor.j2 | 13:44 |
| noonedeadpunk | eventually, even if we do, we can likely place override/extend the default profile rather then just use our own | 13:45 |
| jrosser | so the changes in that file are really quite ancient, for things like allowing nfs mount inside the container | 13:46 |
| noonedeadpunk | well, that might be still needed for cinder-volumes | 13:47 |
| jrosser | i just remade my AIO from scratch | 13:47 |
| jrosser | so tht i can test if this is the root cause https://github.com/lxc/lxc/commit/32f88c8fecaa1f909d0aeb5ff3132932138fe692 | 13:48 |
| noonedeadpunk | frankly - I'm really thinking of what it would take to get nova-compute and ovn-controller to work inside lxc as well.... | 13:49 |
| noonedeadpunk | though might be it's quite useless idea, at least regarding ovn | 13:50 |
| noonedeadpunk | so maybe having a way to extend lxc apparmor profile is reasonable at least | 13:51 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_masakari master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/924629 | 13:53 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_mistral master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_mistral/+/924632 | 13:59 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/924633 | 14:05 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/924635 | 14:07 |
| noonedeadpunk | so we have plenty of intersects/unions, but in almost all cases we really don't care about order | 14:08 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/924636 | 14:10 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/924637 | 14:11 |
| noonedeadpunk | though will need to check integrated repo one more time.... | 14:12 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_placement master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_placement/+/924638 | 14:16 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_swift master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/924639 | 14:18 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_tacker master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/924640 | 14:19 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_tempest master: Ensure tempest enclude/exclude lists are idempotent https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/924641 | 14:23 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/924642 | 14:25 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_zun master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/924643 | 14:34 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican master: Move database configuration to it's own section https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/924649 | 15:03 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_barbican master: Ensure that first/last host detection is deterministic https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/924610 | 15:03 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-os_tempest master: Ensure tempest enclude/exclude lists are idempotent https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/924641 | 15:54 |
| jrosser | looks like tacker is a db migrate mess | 15:55 |
| opendevreview | Merged openstack/ansible-hardening master: Rename internal parameter user_list to hardening_user_list https://review.opendev.org/c/openstack/ansible-hardening/+/921827 | 16:29 |
| jrosser | oh my /o\ https://wiki.debian.org/LXC/SystemdMountsAndAppArmor | 16:31 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use the 'generated' apparmor profile for all containers https://review.opendev.org/c/openstack/openstack-ansible/+/924661 | 16:51 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: DNM - test ubuntu noble with generated apparmor profile https://review.opendev.org/c/openstack/openstack-ansible/+/924663 | 16:55 |
| opendevreview | Jimmy McCrory proposed openstack/openstack-ansible-os_neutron master: Correct 'neutron-policy-override' tag https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/924681 | 21:32 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!