| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-hardening stable/2023.1: Apply architecture specific audit rules https://review.opendev.org/c/openstack/ansible-hardening/+/930678 | 07:22 |
|---|---|---|
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-rabbitmq_server master: Map all relevant architectures for deb822 repository setup https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/930283 | 07:28 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Enable UCA repo for ubuntu noble https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/929631 | 07:30 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Map all relevant architectures for deb822 repository setup https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/930278 | 07:30 |
| opendevreview | Merged openstack/ansible-hardening stable/2024.1: Apply architecture specific audit rules https://review.opendev.org/c/openstack/ansible-hardening/+/930592 | 08:03 |
| noonedeadpunk | another review is needed for https://review.opendev.org/c/openstack/openstack-ansible/+/929892 to land skyline mpm thing | 10:14 |
| opendevreview | Merged openstack/ansible-hardening stable/2023.2: Apply architecture specific audit rules https://review.opendev.org/c/openstack/ansible-hardening/+/930593 | 10:53 |
| opendevreview | Merged openstack/ansible-hardening stable/2023.1: Apply architecture specific audit rules https://review.opendev.org/c/openstack/ansible-hardening/+/930678 | 10:53 |
| opendevreview | Merged openstack/openstack-ansible-os_masakari master: Rename Masakari service type https://review.opendev.org/c/openstack/openstack-ansible-os_masakari/+/930329 | 11:23 |
| opendevreview | Merged openstack/ansible-role-systemd_networkd stable/2024.1: Don't make VLAN/VXLAN/MACVLAN mutually exclusive https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/930410 | 11:50 |
| opendevreview | Merged openstack/openstack-ansible master: Use node FQDN for nova-restore-compute-id https://review.opendev.org/c/openstack/openstack-ansible/+/930292 | 12:07 |
| opendevreview | Merged openstack/ansible-role-uwsgi master: Add libpython definition for ubuntu noble distro install https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/929609 | 12:08 |
| opendevreview | Merged openstack/openstack-ansible-os_keystone master: Ensure that selected Apache MPM is enforced https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/929691 | 12:25 |
| opendevreview | Merged openstack/openstack-ansible-haproxy_server stable/2023.1: Respect defined interface for external VIP with LE https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/930386 | 12:35 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_nova master: Allow to apply custom configuration to Nova SSH config https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/930505 | 12:58 |
| kleini | OS upgrade from 20.04 to 22.04 with Antelope was really smooth. The extended distribution upgrade guide is really helpful. I only had a hard time to get PXE netboot working on top of bond and tagged VLAN. | 12:58 |
| kleini | thanks to OSA! | 12:58 |
| opendevreview | Merged openstack/openstack-ansible-os_horizon master: Ensure that selected Apache MPM is enforced https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/929695 | 13:14 |
| WireLost | Also thanks Canonical for providing UCA so we can upgrade Ubuntu from 20.04 to 22.04 while keeping same OpenStack and Ceph, and then upgrade these using newer UCA repos for 22.04. Ubuntu is really unique to build clouds! | 13:19 |
| WireLost | And yes, PXE on interfaces using bond at the switch is tricky hehe | 13:19 |
| noonedeadpunk | WireLost: well, to be fair, you use UCA in terms of ceph/openstack only if going with a `distro` path. You don't care much about that for `source` | 13:32 |
| noonedeadpunk | as these packages do not matter in fact, as we use only some newer libvirt and ovs versions, to be "up to the date" | 13:33 |
| noonedeadpunk | kleini: awesome, nice to hear! | 13:33 |
| noonedeadpunk | though you could be more challanged if you'd use OVN, as there we were reported issues which we haven't looked at yet | 13:34 |
| * noonedeadpunk really need to look into that with adoption of 24.04 for sure | 13:35 | |
| WireLost | I understand. I use `distro` to minimize exposure to potential supply chain attacks, whether from bad actors or rogue governments. These are definitely concerning times. | 13:38 |
| kleini | noonedeadpunk, I am missing the OVS to OVN migration guide ... | 13:39 |
| WireLost | OVS/OVN is on my radar as well! I think it's fantastic, especially when you combine it with DPDK. | 13:40 |
| noonedeadpunk | WireLost: I assume you're aware that for DPDK you need for app to explicitly support it? | 13:42 |
| noonedeadpunk | kleini: oh yes, that's on a backlog as well. But still on path of learning OVN operations. And migration is the next step | 13:43 |
| WireLost | Yes, I worked with DPDK years ago. Ubuntu offers OVS with DPDK, package `openvswitch-switch-dpdk`. | 13:44 |
| noonedeadpunk | WireLost: also about supply chain... well, I guess it depends whom you trust more - some enterprise which messes around with code to do some backports under closed door, or original developers and maintainers, and code that ytou can see, changes that you can track | 13:44 |
| noonedeadpunk | becouse second is not the case with packages. and if you do unattended upgrades - you might just get wierd stuff in without spotting it | 13:45 |
| noonedeadpunk | but yeah, from other prespective you get security patches really fast and in-time | 13:46 |
| WireLost | I think the more sources you pull/download things from, the more entities you have to trust. So I prefer to not do that, and use as much as possible from a smaller number of trusted sources, and the `distro` seems to help achieve that | 13:46 |
| noonedeadpunk | btw, talking about UCA - there is not Dalmatian for 22.04 there, and I think there will not be. And Dalmatian is gonna be only for 24.04 | 13:46 |
| WireLost | Yes, that's sounds like how Canonical maintains the UCA | 13:47 |
| noonedeadpunk | with that we bring 24.04 only starting Dalmatian... | 13:47 |
| noonedeadpunk | So there's gonna be no good upgrade path this time | 13:47 |
| noonedeadpunk | (for distro) | 13:48 |
| noonedeadpunk | and we technically could not add 24.04 earlier, as Caracal was released before 24.04 was | 13:49 |
| noonedeadpunk | so meh about how Canonical is amazing :D | 13:50 |
| noonedeadpunk | Also just in case - I totally get the point you;re making, which is the reason I stand by osa commitment to continue providing distro path | 13:51 |
| noonedeadpunk | though we lack maintainers for it to evolve and bring to more services | 13:51 |
| noonedeadpunk | (and cover Debian) | 13:51 |
| noonedeadpunk | (and watch for CI failures if they happen) | 13:52 |
| WireLost | Wait... The upgrade path is: Ubuntu 22.04 with Caracal, then Ubuntu 24.04 which Caracal is the default... Right? | 13:52 |
| noonedeadpunk | OpenStack Caracal internally was never tested with 24.04 | 13:53 |
| noonedeadpunk | Moreover, it's known to have issues with Python 3.12 which is shipped with 24.04 | 13:53 |
| WireLost | Yeah, I saw that in previous messages here... But it's there lol | 13:53 |
| noonedeadpunk | Also - there's no claimed support in https://ubuntu.com/openstack/docs/supported-versions | 13:54 |
| noonedeadpunk | So if that's true and it's shipped - it should have a decent amount of hackery behind closed doors | 13:54 |
| WireLost | Scary... Does OSA supports 22.04 with Caracal UCA? | 13:54 |
| noonedeadpunk | yep | 13:55 |
| WireLost | Cool! | 13:55 |
| noonedeadpunk | I think so :D | 13:55 |
| WireLost | :-D | 13:55 |
| WireLost | It might be wise to wait 26.04 then lol | 13:55 |
| noonedeadpunk | yeah, ci does run 22.04 and caracal: https://zuul.opendev.org/t/openstack/build/1c864bc8259644fea3d7b930610e6897/log/logs/etc/host/apt/sources.list.d/uca.sources.txt | 13:56 |
| WireLost | Beautiful! | 13:56 |
| noonedeadpunk | but again - this case with ubuntu/caracal/distro packages - kinda why I don't find that trusting OpenInfra as an org is a bad idea, and get sources directly from them, rather re-dsitributed ones. | 13:57 |
| noonedeadpunk | but I get your points, as I said :) | 13:57 |
| WireLost | =P | 13:57 |
| WireLost | Do you know the OpenStack plans for Python 3.12? | 13:59 |
| noonedeadpunk | it's covered fully for Dalmatian | 14:00 |
| noonedeadpunk | so py3.12 was fixed shortly after ubuntu 24.04 release, when we could start testing against it | 14:01 |
| WireLost | Great! So, perhaps then the happy upgrade path from 22.04/Caracal will be to upgrade to 24.04/Caracal, and then quickly upgrade again to 24.04/Dalmatian. Since 24.04/Caracal is not good for production with Python 3.12, it might be good as a "upgrade step" only... What do you think? | 14:04 |
| WireLost | Or, reinstall ... lol | 14:04 |
| noonedeadpunk | if there's a 24.04/Caracal - then yeah.. | 14:04 |
| noonedeadpunk | and maybe wait for Epoxy, to jump from Caracal to it isntantly :D | 14:05 |
| WireLost | That's its default, 24.04 comes with Caracal | 14:05 |
| noonedeadpunk | yeah, ok, it was just never metnioned anywhere as supported, that's why I/m unsure | 14:06 |
| WireLost | IT's mentioned here: https://wiki.ubuntu.com/OpenStack/CloudArchive "When 24.04's default OpenStack version (Caracal) ..." | 14:06 |
| noonedeadpunk | also we don't have 24.04 support for caracal either | 14:06 |
| WireLost | Ouch! O_O | 14:06 |
| WireLost | I didn't know that. | 14:07 |
| noonedeadpunk | as I said - Caracal was released BEFORE 24.04 was | 14:07 |
| WireLost | Got it | 14:07 |
| noonedeadpunk | 2024-04-03 is openstack release date, 2024-04-25 is 24.04 release date | 14:08 |
| noonedeadpunk | so there's no way they were tested together from Openstack prespective | 14:08 |
| WireLost | true | 14:08 |
| noonedeadpunk | so likely - you'll need to jump to 2024.2, and which for 22.04 will have still Caracal, and then upgrade Ubuntu together with OpenStack | 14:10 |
| WireLost | Sounds complicated and risky hehe | 14:12 |
| noonedeadpunk | or, somebody needs to work on retroactively backporting 24.04 support to caracal | 14:12 |
| noonedeadpunk | we did such thing once with Rocky, when 8 support was prematurely announced as dead | 14:13 |
| noonedeadpunk | (for CentOS) | 14:13 |
| noonedeadpunk | we have a topic with patches which were needed on master for support: https://review.opendev.org/q/topic:osa/noble | 14:16 |
| kleini | anybody have an idea, how to transfer zones from Designate to newly deployed PowerDNS on control plane? creating new zones works but all existing zones got lost during OS upgrade due to complete reinstall | 14:37 |
| * noonedeadpunk not using designate so very little experience | 14:38 | |
| noonedeadpunk | kleini: have you tried `designate-manage powerdns sync`? | 14:39 |
| noonedeadpunk | oh, it's probably not there anymore .... | 14:39 |
| kleini | invalid choice powerdns | 14:39 |
| noonedeadpunk | It was a thing on rocky though :D https://docs.openstack.org/designate/rocky/admin/designate-manage.html#designate-manage-powerdns | 14:41 |
| johnsom | https://docs.openstack.org/api-ref/dns/dns-api-v2-index.html#pool-move-zone | 14:42 |
| johnsom | That might help you | 14:42 |
| johnsom | I.e. you didn't have a backup of your powerDNS DB. The other option, is zone export and re-import. | 14:44 |
| kleini | really I need to backup secondary DNS databases? | 14:44 |
| noonedeadpunk | it's a pity there's no sync trigger, like there's for OVN nb/sb DBs | 14:44 |
| noonedeadpunk | and I also saw octavia adding same for OVN driver | 14:45 |
| noonedeadpunk | *provider | 14:45 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2024.1: Use node FQDN for nova-restore-compute-id https://review.opendev.org/c/openstack/openstack-ansible/+/930718 | 14:50 |
| johnsom | Hmm, that is kind of interesting that it was removed. I think you can make it work with the pool zone move, but not ideal. The other thing to consider is using catalog zones, that would trigger powerDNS to recreate the secondary zone stubs. | 14:51 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.2: Use node FQDN for nova-restore-compute-id https://review.opendev.org/c/openstack/openstack-ansible/+/930719 | 14:51 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible stable/2023.1: Use node FQDN for nova-restore-compute-id https://review.opendev.org/c/openstack/openstack-ansible/+/930720 | 14:51 |
| kleini | I copied sqlite database from other infra node, need to run some migration script and not all zone immediately become ACTIVE | 14:54 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Ensure quota is set for BFV amphoras https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/930749 | 16:13 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!