| *** noonedeadpunk_ is now known as noonedeadpunk | 07:29 | |
| gokhan_ | good morning folks, can we create multiple deployments with one deployment host? how can we use multiple /etc/openstack_deploy files like /etc/openstac_deploy_r1 and /etc/openstack_deploy_r2 ? | 07:37 |
|---|---|---|
| noonedeadpunk | o/ | 07:46 |
| noonedeadpunk | yes you can | 07:47 |
| noonedeadpunk | there's an environment variable OSA_CONFIG_DIR which you can use to adjust openstack_deploy path | 07:47 |
| noonedeadpunk | BUT, you can't have multiple versions of OSA running there unfortunatelly | 07:47 |
| noonedeadpunk | so you can `export OSA_CONFIG_DIR=/etc/openstac_deploy_r1` | 07:48 |
| gokhan_ | noonedeadpunk, ok thanks I will use same version of osa. | 07:51 |
| grauzikas | Hello, regarding designate in most examples i can see that mdns is configured as master and comunicates with pdns via api as they would be slaves (there is one more issue because my external pdns servers already has one master). As i understand in that case mdns servers should be reachable for comunication from slaves, but lxc containers has nated ip addresses (br-mgmnt), so now im thinking what best practice in this | 08:20 |
| grauzikas | situation? Use haproxy (br-vip if udp is needed then this will not work)? use NAT port forwarding (i woul like to avoid this and we have 3x mdns servers so nat will connect to only one)? provide internal access to external dns servers from mdns servers? or probably for openstack cluster create seperate pdns servers what will be on same lxc containers and to pdns servers what will be in lxc containers provide external | 08:20 |
| grauzikas | ip? I have VIP configured and on br-vip on every infra node and i have additional ip address on every node br-vip and via tcpdump i can see that mdns trying to connect to external pdns servers via these additional ip addresses. | 08:20 |
| grauzikas | and one more question. i have been updated OSA https://paste.openstack.org/show/bHtq55YAn5UrOjjbRIMM/ and then launched /scripts/bootstrap-ansible.sh and then freshly installed openstack by running playbooks and after that as some of you remember i was asking about octavia that it is not working. There was TYPO issue in octavia ovn driver, but i was sure that tgis typo was fixed and i have updated OSA, but later notied | 08:26 |
| grauzikas | that that typo issue i stil have, i updated on friday, but typo was not updated. May be im updating OSA some how wrong? issue what im talking as i understand was fixed on aug 30 https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/927521 | 08:26 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-openstack_hosts master: Manage apt repositores and keys using deb822_repository module https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/907434 | 08:56 |
| jrosser | grauzikas: for designate there you would need some extra networking stuff doing if pdns actually needs to be able to contact the mdns directly. I use bind in this situation, so it is definatly required as designate notifies bind that an update is available, then bind transfers the zone. | 09:01 |
| jrosser | grauzikas: do you know what the actual interaction is when pdns is used? | 09:01 |
| jrosser | also just be careful about where the NAT is for the LXC containers, eth0 will normally be the default route to the container hosts, which then NAT that | 09:03 |
| jrosser | if you have separately NAT the mgmt network then thats something else again | 09:03 |
| grauzikas | by examining pdns logs i can see two issues, that pdns can notice mdns and regarding master that mdns is not master | 09:06 |
| grauzikas | may be run mdns on metal so then it will be directly on infra node? | 09:07 |
| jrosser | unfortuntely i have zero experience with pdns | 09:07 |
| grauzikas | i mean not mdns but designate | 09:07 |
| jrosser | but from a networking perspective you have a couple of options | 09:07 |
| jrosser | you could extend the mgmt network to your pdns server as an extra interface, then you would have direct connectivity between the two | 09:08 |
| jrosser | you could create an extra interface on the designate containers with a dedicated network between them and the pdns server if you want extra isolation there | 09:09 |
| jrosser | ^ does this help? i don't think that haproxy or the VIP is at all relevant here | 09:12 |
| grauzikas | so in other words best way is to define one more network and make only 3 ips as free with help of used ips and bind this network to designate and attack this network to br-vip ? | 09:13 |
| grauzikas | attach* | 09:13 |
| jrosser | what is br-vip? | 09:14 |
| grauzikas | i created seperate bridge for VIP ip address what has public access | 09:14 |
| jrosser | is this on actual external internet? | 09:14 |
| grauzikas | yes | 09:14 |
| jrosser | my personal preference is to do this with an internal network - but that really depends a lot on what your whole architecture is | 09:16 |
| grauzikas | or simply cretae nat in node | 09:17 |
| jrosser | noonedeadpunk: do you have designate + pdns? | 09:18 |
| noonedeadpunk | nope | 09:18 |
| noonedeadpunk | no designate at all | 09:18 |
| jrosser | we do make this kind of difficult with integration with upstream dns | 09:19 |
| jrosser | grauzikas: unfortunately i have done this with bind but not pdns so i don't know what your exact issue is | 09:21 |
| jrosser | grauzikas: here is an example https://satishdotpatel.github.io/designate-integration-with-powerdns/ | 09:25 |
| jrosser | although it doesnt say explicity, it looks like there is some part of pdns running on the infra nodes there | 09:25 |
| jrosser | which would be able to see the mdns services through the mgmt network | 09:25 |
| jrosser | and those would have external connectivity with your IP on br-vip | 09:26 |
| grauzikas | yes i was reading this too so the idea is nat mdns port or move powerdns in to lxc container and provide external ip to these lxc | 09:28 |
| jrosser | nat? | 09:28 |
| grauzikas | port forward sorry not nat | 09:29 |
| jrosser | i think be really careful about applying external IP on the mgmt network | 09:29 |
| grauzikas | but i will not provide to mgnt network external ip. | 09:30 |
| grauzikas | ammm an lxc container what has two interfaces 1: management, 2 public. on that lxc container i will have running pdns. on public interfaces allow only tcp,udp port 53 | 09:31 |
| jrosser | you can make a new lxc container for that, sure | 09:31 |
| jrosser | i did some hacking for similar purposes here https://github.com/jrosser/openstack-ansible-ops/blob/designate-bind/designate-bind/groupvars/dnsaas-bind.yml | 09:34 |
| jrosser | if you want a container dedicated for powerdns then make an new entry in /etc/openstack_deploy/env.d | 09:35 |
| jrosser | the tricky bit is ensuring that the public interface gets a consistent/statically assigned IP as you have to reference that in the pools config for designate | 09:36 |
| jrosser | grauzikas: so for your second question about the octavia fix | 09:37 |
| jrosser | you are correct that this patch is merged https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/927521 | 09:38 |
| jrosser | but what defines a particular release of openstack-ansible is the contents of this file https://github.com/openstack/openstack-ansible/blob/stable/2024.1/ansible-role-requirements.yml#L239 | 09:39 |
| jrosser | and also the SHA of all the actual services that are deployed | 09:39 |
| jrosser | so if you checked out stable/2024.1 on friday, you will get the versions of the ansible roles specified in that file | 09:40 |
| grauzikas | i see | 09:40 |
| jrosser | you can override any of this as necessary https://docs.openstack.org/openstack-ansible/latest/reference/configuration/extending-osa.html#adding-new-or-overriding-roles-in-your-openstack-ansible-installation | 09:41 |
| jrosser | and periodically we make a new point release (see the specific tags) on each stable branch and all these versions get updated together | 09:41 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-plugins master: Add infrastructure playbooks to openstack-ansible-plugins collection https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/924171 | 09:50 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-apt_package_pinning master: Add ability to control the state of apt pins. https://review.opendev.org/c/openstack/openstack-ansible-apt_package_pinning/+/927903 | 09:53 |
| grauzikas | is this correct? https://paste.openstack.org/show/bXCnWkcIYFAZmj2VbXLL/ | 09:57 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-ops master: Revert "Ensure that python3-cryptography is present in k8s control plane hosts" https://review.opendev.org/c/openstack/openstack-ansible-ops/+/921400 | 09:58 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2024.1: Verify OS for containers installation https://review.opendev.org/c/openstack/openstack-ansible/+/928589 | 10:01 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2024.1: Verify OS for containers installation https://review.opendev.org/c/openstack/openstack-ansible/+/928589 | 10:03 |
| opendevreview | Merged openstack/openstack-ansible-apt_package_pinning master: Fix linters https://review.opendev.org/c/openstack/openstack-ansible-apt_package_pinning/+/927910 | 10:04 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Verify OS for containers installation https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/928591 | 10:09 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Verify OS for containers installation https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/928591 | 10:10 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Add Ubuntu 24.04 to supported by playbook versions https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/928592 | 10:11 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Verify OS for containers installation https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/928591 | 10:13 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Add Ubuntu 24.04 to supported by playbook versions https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/928592 | 10:14 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins master: Add Ubuntu 24.04 to supported by playbook versions https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/928592 | 10:14 |
| opendevreview | Merged openstack/openstack-ansible-os_skyline stable/2024.1: Enable SSLProxyProtocol for internal backends behind TLS https://review.opendev.org/c/openstack/openstack-ansible-os_skyline/+/928481 | 11:32 |
| opendevreview | Merged openstack/openstack-ansible-plugins master: Add setup_hosts playbook to plugins collection. https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/927826 | 11:37 |
| grauzikas | i did that by following your example https://github.com/jrosser/openstack-ansible-ops/blob/designate-bind/designate-bind/groupvars/dnsaas-bind.yml | 11:45 |
| opendevreview | Merged openstack/openstack-ansible master: Add Ubuntu Noble to the list of supported LXC operating systems https://review.opendev.org/c/openstack/openstack-ansible/+/927909 | 11:50 |
| opendevreview | Merged openstack/openstack-ansible master: Test on Ubuntu Noble https://review.opendev.org/c/openstack/openstack-ansible/+/924342 | 11:50 |
| noonedeadpunk | nice ^ | 11:55 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Use hosts setup playbooks from openstack-ansible-plugins repo https://review.opendev.org/c/openstack/openstack-ansible/+/924259 | 11:57 |
| opendevreview | Merged openstack/openstack-ansible-apt_package_pinning master: Add ability to control the state of apt pins. https://review.opendev.org/c/openstack/openstack-ansible-apt_package_pinning/+/927903 | 12:12 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_keystone master: Ensure correct order for credential rotate/migrate https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/925673 | 12:17 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_magnum master: Define lock directory for oslo_concurrency https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/921690 | 12:21 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible master: Bump SHAs and pinned versions https://review.opendev.org/c/openstack/openstack-ansible/+/927841 | 12:22 |
| opendevreview | Merged openstack/openstack-ansible-os_octavia stable/2024.1: Define ovn provider agent when OVN is used https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/927718 | 12:43 |
| jrosser | grauzikas: it could be ok - the only thing will be you can't really add more things on the public network like that in future as nothing controls which IP is assigned to which service | 12:52 |
| jrosser | that is why there was more complexity in the group_vars for my example as i wanted specific IP to be assigned in specific places in order to match up correctly with iptables rules etc etc | 12:53 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-rabbitmq_server master: Manage apt repositores and keys using deb822_repository module https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/907833 | 12:56 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-rabbitmq_server master: Improve handling of rabbitmq_install_method changing https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/927906 | 12:57 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-galera_server master: Manage apt repositores and keys using deb822_repository module https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/907752 | 12:57 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-openstack_hosts master: Manage apt repositores and keys using deb822_repository module https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/907434 | 12:58 |
| opendevreview | Merged openstack/openstack-ansible-os_magnum master: Add test for high availability k8s control plane on ubuntu noble https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/924702 | 13:46 |
| opendevreview | Merged openstack/openstack-ansible-os_magnum master: Add high availability k8s control plane test on Ubuntu Noble https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/927911 | 13:46 |
| opendevreview | Merged openstack/openstack-ansible-ops master: Revert "Ensure that python3-cryptography is present in k8s control plane hosts" https://review.opendev.org/c/openstack/openstack-ansible-ops/+/921400 | 13:50 |
| opendevreview | Merged openstack/openstack-ansible-ops master: Update magnum-cluster-api version https://review.opendev.org/c/openstack/openstack-ansible-ops/+/926347 | 13:56 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-ops master: Update magnum-cluster-api version https://review.opendev.org/c/openstack/openstack-ansible-ops/+/928613 | 14:01 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_neutron master: Improve OVN cluster setup idempotence report https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/928618 | 14:51 |
| jrosser | well how did that happen :( https://review.opendev.org/c/openstack/openstack-ansible/+/924259 | 14:55 |
| noonedeadpunk | yeah | 15:35 |
| noonedeadpunk | I already proposed https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/928591 earlier today | 15:36 |
| noonedeadpunk | sorry, https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/928592/3 | 15:36 |
| jrosser | i was convinced i'd also done that :) | 15:43 |
| jrosser | oooooh but here https://review.opendev.org/c/openstack/openstack-ansible/+/927909 | 15:43 |
| jrosser | right we got things a bit out of order there | 15:43 |
| jrosser | should have merged that before moving the playbooks | 15:44 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Use hosts setup playbooks from openstack-ansible-plugins repo https://review.opendev.org/c/openstack/openstack-ansible/+/924259 | 17:14 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible master: Bump SHAs and pinned versions https://review.opendev.org/c/openstack/openstack-ansible/+/927841 | 17:15 |
| opendevreview | Merged openstack/openstack-ansible master: [doc] Add support for Ubuntu 24.04 to docs https://review.opendev.org/c/openstack/openstack-ansible/+/924829 | 17:43 |
| opendevreview | Merged openstack/openstack-ansible-rabbitmq_server master: Include feature flags enablement only during upgrades https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/928124 | 19:00 |
| jrosser | feels like we should be close to being able to implement "this deployment has services on subdomains true/false" and "this deployment has services on subpaths true/false" | 19:13 |
| jrosser | woukd be really great to be able to figure out how to make that a very simple opt-in without a ton of overrides | 19:14 |
| opendevreview | Merged openstack/openstack-ansible-rabbitmq_server master: Add retries for feature flags check https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/928133 | 20:23 |
| opendevreview | Merged openstack/openstack-ansible-os_neutron master: Use cgroupsv2 for L3 cleanup https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/927989 | 21:26 |
| opendevreview | Merged openstack/openstack-ansible-os_keystone stable/2023.2: Do not install uWSGI as part of Keystone https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/927155 | 22:47 |
| opendevreview | Merged openstack/openstack-ansible stable/2024.1: Remove the get_md5 parameter from ansible stat tasks https://review.opendev.org/c/openstack/openstack-ansible/+/927719 | 23:29 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!