| jrosser | o/ morning | 08:46 |
|---|---|---|
| noonedeadpunk | good morning! | 08:53 |
| jrosser | noonedeadpunk: something to watch out for - ~/.ansible is shared between everything that you use molecule for on the same host | 09:04 |
| noonedeadpunk | yeah... | 09:06 |
| noonedeadpunk | I already realized that yesterday evening | 09:06 |
| noonedeadpunk | stil seems systemd roles were not cleaned up | 09:06 |
| kleini | mgariepy, things get moving! | 09:30 |
| opendevreview | Jonathan Rosser proposed openstack/ansible-role-httpd master: Initial commit to the role https://review.opendev.org/c/openstack/ansible-role-httpd/+/938245 | 09:46 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_service master: Replace functional tests with molecule https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/938492 | 09:47 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_mount master: Replace functional tests with molecule https://review.opendev.org/c/openstack/ansible-role-systemd_mount/+/938489 | 09:56 |
| jrosser | do we want to standardise on ansible-role-requirements.yml or requirements.yml ? | 10:01 |
| noonedeadpunk | given that we're feeding it to galaxy - ansible-role-requirements.yml doesn't make much sense to me | 10:02 |
| noonedeadpunk | as a-r-r in integrated repo isn't really in galaxy compatible format iirc | 10:02 |
| noonedeadpunk | *feeding to ansible0galaxy through molecule | 10:03 |
| opendevreview | Jonathan Rosser proposed openstack/ansible-config_template master: Replace functional tests with molecule https://review.opendev.org/c/openstack/ansible-config_template/+/938513 | 10:05 |
| jrosser | i do like how you can use the same vm (or your laptop) to test many roles very quickly | 10:07 |
| jrosser | without messing up the local environment | 10:07 |
| * jrosser wonders what kind of adventure lxc-inside-docker might be | 10:08 | |
| noonedeadpunk | yeah, that is really nice. I'm just not sure how valuable that's gonna be for openstack roles | 10:14 |
| noonedeadpunk | or well. that depends on tests we wanna do for them kinda | 10:15 |
| noonedeadpunk | but yes, I'm kind of very happy of progress we have with molecule, as it's very neat | 10:16 |
| noonedeadpunk | worth also updating contributor docs wrt to it... | 10:16 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_ceilometer master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/938444 | 10:23 |
| opendevreview | Merged openstack/openstack-ansible master: [doc] Document pretty endpoint namings https://review.opendev.org/c/openstack/openstack-ansible/+/934536 | 10:24 |
| jrosser | the only thing we might have to maintain is lots more places with collection versions | 10:24 |
| noonedeadpunk | oh yes. especially on stable branches | 10:28 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-os_manila master: Switch ubuntu zuul jobs from jammy to noble https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/938642 | 10:29 |
| noonedeadpunk | so in fact for molecule we might indeed need to take a-c-r or smth from integrated repo. but having generic requirements.yml still makes sense for non-opinionated roles | 10:29 |
| jrosser | it might be possible in zuul to have a pre job that prepares the on-disk collections (like we do for the integrated repo), and the we point an env var to those | 10:31 |
| jrosser | that would make depends-on work | 10:31 |
| noonedeadpunk | this actually can work, yes | 10:32 |
| noonedeadpunk | and we can control that in integrated repo, I assume | 10:32 |
| jrosser | something like that, yes | 10:33 |
| noonedeadpunk | but also I guess important part - to keep ability to run molecule locally without zuul hackery... | 10:40 |
| noonedeadpunk | and that's a tricky part and balance to keep | 10:41 |
| noonedeadpunk | and also would be great to finally figure out publishing to galaxy... | 10:45 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_service master: Replace functional tests with molecule https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/938492 | 10:45 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-frrouting master: Use FQCN for module calls https://review.opendev.org/c/openstack/ansible-role-frrouting/+/938273 | 10:59 |
| harun | hi all, I am trying to run cluster API but getting an error on magnum-conductor. Logs are in the below. I would appreciate it if you help me. Thank you. | 11:03 |
| harun | https://paste.openstack.org/show/bpHDD146Z0YJBneD7zmZ/ | 11:03 |
| noonedeadpunk | I can recall having same issue with absent namespace in k8s cluster | 11:04 |
| noonedeadpunk | but already can't recall how I've worked around that :D | 11:04 |
| noonedeadpunk | it could be I've just manually created namespace.... | 11:05 |
| jrosser | that didnt happen in the CI jobs though | 11:05 |
| noonedeadpunk | could be related to certs ofc... | 11:05 |
| jrosser | harun - which versions of OSA etc are you using there? | 11:05 |
| harun | jrosser caracal | 11:12 |
| harun | 29.0.2 | 11:12 |
| noonedeadpunk | I do recall having exact same thing though..... | 11:12 |
| opendevreview | Merged openstack/openstack-ansible-lxc_container_create master: Solving naming issue of OVS ports for lxc https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/938424 | 11:13 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_container_create stable/2024.2: Solving naming issue of OVS ports for lxc https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/938645 | 11:14 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-lxc_container_create stable/2024.1: Solving naming issue of OVS ports for lxc https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/938646 | 11:14 |
| noonedeadpunk | harun: btw, did you try to use later version of driver? ie - override magnum_magnum_cluster_api_git_install_branch | 11:15 |
| noonedeadpunk | as right now I have it set to smth like v0.24.0 | 11:15 |
| noonedeadpunk | or well, I'm using own fork which is very close to 0.24.0 | 11:16 |
| noonedeadpunk | and then also have overrides like this: https://paste.openstack.org/show/bV6xaaUFX93zXnPd26S8/ | 11:17 |
| harun | this is my user variables magnum file: https://paste.openstack.org/show/bdPEaIYe8RweYfdfMiI9/ | 11:21 |
| harun | i use 0.24.0 | 11:21 |
| noonedeadpunk | so ca_file and openstack_ca_file canb totally be problematic points | 11:21 |
| noonedeadpunk | that would work only if you;re using self-signed certs for both public and internal url | 11:22 |
| noonedeadpunk | in my variant we use lte's encrypt for public and self-signed for internal | 11:23 |
| jrosser | i think the AIO tests this all pretty well? | 11:24 |
| jrosser | though what is the default for internal TLS at the moment? | 11:24 |
| jrosser | tbh the error that harun is getting does not look like tls trouble | 11:24 |
| noonedeadpunk | yeah, true | 11:25 |
| jrosser | there is an actual response from curl with fields in it | 11:25 |
| noonedeadpunk | though I really can't recall how I've fixed it... But recall that I had around same defenitions for TLS when I had it | 11:25 |
| jrosser | so i would be checking that the magnum-system namespace is properly present | 11:25 |
| noonedeadpunk | and magnum-system namespace should be created by the driver iirc | 11:26 |
| jrosser | yes it should | 11:26 |
| noonedeadpunk | (and still worh fixing TLS setup for them) | 11:26 |
| jrosser | something on our to-do list is implement k8s RBAC so the driver only has access to the magnum-system namespace | 11:27 |
| harun | magnum-system namespace is present and was created by driver | 11:27 |
| jrosser | that would need creation of the namespace moving out to the playbooks | 11:27 |
| harun | i got also the same error when i did insecure = True | 11:27 |
| jrosser | like i say this does not look like TLS, you would get a much more obvious SSL error | 11:28 |
| jrosser | `cannot get resource \"openstackmachinetemplates\" in API group \"infrastructure.cluster.x-k8s.io\"` this suggests some problem with cluster-api installation in the management k8s cluster | 11:29 |
| jrosser | harun: you should be able to use something like `kubectl api-resources` to check that the cluster-api resources are present (perhaps with | grep cluster.x) | 11:33 |
| harun | jrosser - this is the output https://paste.openstack.org/show/bzOgFScGVPPyKcz8A4om/ | 11:34 |
| harun | there are present but i don't know why i am getting an error | 11:36 |
| jrosser | you have the kubeconfig file in place on magnum-conductor? | 11:37 |
| harun | yes, the path is /var/lib/magnum/.kube/config | 11:38 |
| jrosser | it's perhaps getting beyond my understanding but does `system:anonymous` feel right? | 11:41 |
| jrosser | as the user in your paste which is getting access denied | 11:41 |
| jrosser | when the user defined in the kube config file is 'kubernetes-admin' | 11:42 |
| jrosser | oh /o\ sorry i'm misreading this - harun you can't use curl like that on the k8s api | 11:45 |
| jrosser | that will never work as it wont be using the credentials in the kube config file | 11:45 |
| harun | i got it but i don't understand why magnum is getting an error, it says that 'not found for url: https:<IP>:6443/apis...' | 12:38 |
| harun | What do you suggest i do | 12:41 |
| jrosser | well, magnum-conductor is trying to access a k8s resource that does not exist | 13:01 |
| jrosser | noonedeadpunk: so i have lxc_hosts running in molecule/docker, including able to start an lxc inside docker | 13:04 |
| jrosser | this is just hacking for now but the only thing i had to do was https://paste.opendev.org/show/bC3PWjNzWb8BEYQ4H3VD/ | 13:05 |
| noonedeadpunk | maybe apparmor is just not installed in docker? Or it refuses to start? | 13:18 |
| noonedeadpunk | so well. this kind of means we indeed can do mnaio in molecule? | 13:18 |
| noonedeadpunk | as given we can pass and wire multiple interfaces, systemd_networkd works to configure bridges in docker... | 13:19 |
| noonedeadpunk | and then lxc can utilize these bridges | 13:19 |
| noonedeadpunk | we totally will be short on ram though | 13:19 |
| jrosser | it refuses to start, but i think i can work around that | 13:22 |
| jrosser | if you do `aa-teardown` then restart the service, it comes up | 13:23 |
| jrosser | i wonder if it's a mismatch between loaded profiles on the host vs those supposedly present in the docker container | 13:26 |
| jrosser | noonedeadpunk: do you have an example of networking with molecule - we would need to ssh in (with our custom plugin) rather than use the docker connection to actually use lxc_container_create | 13:31 |
| noonedeadpunk | I had _some_ for frrouting: https://opendev.org/openstack/ansible-role-frrouting/src/branch/master/molecule/default/molecule.yml#L17-L23 | 14:26 |
| noonedeadpunk | but then we'd kinda need to generate some kind of openstack_user_config or so... not sure in fact | 14:27 |
| noonedeadpunk | as for our connection plugin to work, it expects some extras in inventory | 14:27 |
| jrosser | spatel: for magum + gpu you need to make a gpu flavor that your reference in your magnum cluster template for the worker nodes, it really is very simple | 14:37 |
| jrosser | if you have nova + gpu working today, really nothing much to do to have magnum workers with gpu | 14:38 |
| opendevreview | Merged openstack/openstack-ansible-apt_package_pinning master: Replace functional tests with molecule https://review.opendev.org/c/openstack/openstack-ansible-apt_package_pinning/+/938476 | 14:39 |
| * jrosser feels like am missing some part of the molecule documentation | 14:58 | |
| noonedeadpunk | regarding drivers - is in drivers kinda... | 15:07 |
| noonedeadpunk | in code :D | 15:08 |
| noonedeadpunk | https://github.com/ansible-community/molecule-plugins/blob/main/src/molecule_plugins/docker/driver.py#L32 | 15:08 |
| noonedeadpunk | and then they run playbooks where create/delete networks | 15:10 |
| noonedeadpunk | https://github.com/ansible-community/molecule-plugins/blob/main/src/molecule_plugins/docker/playbooks/tasks/create_network.yml | 15:10 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_mount master: Replace functional tests with molecule https://review.opendev.org/c/openstack/ansible-role-systemd_mount/+/938489 | 15:27 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-httpd master: Initial commit to the role https://review.opendev.org/c/openstack/ansible-role-httpd/+/938245 | 15:36 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-httpd master: Initial commit to the role https://review.opendev.org/c/openstack/ansible-role-httpd/+/938245 | 15:37 |
| spatel | jrosser Thank you for the reply on GPU magnum support. I will give it a try as soon as I have GPU in my DC | 15:46 |
| opendevreview | Merged openstack/ansible-role-systemd_networkd master: Liberalize static_route defenition https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/937623 | 15:50 |
| opendevreview | Merged openstack/openstack-ansible-os_nova master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/938458 | 15:53 |
| opendevreview | Merged openstack/openstack-ansible-os_designate master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_designate/+/938447 | 16:05 |
| opendevreview | Merged openstack/openstack-ansible-os_keystone master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/938452 | 16:06 |
| opendevreview | Merged openstack/openstack-ansible-os_ironic master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/938451 | 16:06 |
| opendevreview | Merged openstack/openstack-ansible-os_tacker master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/938460 | 16:08 |
| opendevreview | Merged openstack/openstack-ansible-repo_server master: Remove access limitations to repo vhost https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/938440 | 16:10 |
| opendevreview | Merged openstack/openstack-ansible-os_heat master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_heat/+/938449 | 16:13 |
| opendevreview | Merged openstack/openstack-ansible-os_magnum master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/938453 | 16:13 |
| opendevreview | Merged openstack/openstack-ansible-os_aodh master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_aodh/+/938441 | 16:17 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-repo_server stable/2024.2: Remove access limitations to repo vhost https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/938676 | 16:17 |
| opendevreview | Merged openstack/openstack-ansible-os_mistral master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_mistral/+/938456 | 16:18 |
| opendevreview | Merged openstack/openstack-ansible-os_trove master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/938461 | 16:32 |
| opendevreview | Merged openstack/openstack-ansible-os_neutron master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/938457 | 16:37 |
| opendevreview | Merged openstack/openstack-ansible-os_cinder master: Remove support for amqp1 https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/938445 | 16:38 |
| opendevreview | Merged openstack/openstack-ansible master: Remove deployment of qdrouterd https://review.opendev.org/c/openstack/openstack-ansible/+/938060 | 16:44 |
| opendevreview | Merged openstack/openstack-ansible master: Add release note for retirement of qdrouterd and amqp1 messaging https://review.opendev.org/c/openstack/openstack-ansible/+/938474 | 16:44 |
| opendevreview | Merged openstack/openstack-ansible master: Add noop molecule job to the integrated repo https://review.opendev.org/c/openstack/openstack-ansible/+/938450 | 16:44 |
| opendevreview | Merged openstack/openstack-ansible master: Add RockyLinux to molecule testing https://review.opendev.org/c/openstack/openstack-ansible/+/938571 | 16:48 |
| jrosser | here is how to use the osa connection plugin in molecule converge playbook https://paste.opendev.org/show/bzydAerczMup4pBHOqLp/ | 18:43 |
| noonedeadpunk | well | 19:02 |
| noonedeadpunk | have mixed feelings | 19:04 |
| noonedeadpunk | I guess we can use ssh_keypair role there as well... not sure it will make things much cleaner though | 19:05 |
| jrosser | that is doing some of the things we expect the operator to do in host-preparation for a real deploy | 19:07 |
| jrosser | so it's not completely unrealistic | 19:07 |
| jrosser | maybe the ssh key belongs in prepare.yml really | 19:08 |
| jrosser | but it looks like we can add extra inventory content for hosts that are not managed by molecule | 19:08 |
| noonedeadpunk | why new group is needed? is it different from what molecule can provide? | 19:08 |
| jrosser | oh you may be right there | 19:09 |
| jrosser | hmm but the IP needs to be somewhere for the ssh connection | 19:09 |
| jrosser | and you don't know what it's going to be up-front as the docker network is created dynamically | 19:10 |
| noonedeadpunk | but regarding inventory I was thinking more about extra data, like container_tech or management_address or resulting stanza for lxc container itself (which is provided by our dynamic_inventory) | 19:11 |
| jrosser | yes, so i think we would do what the old style tests would do | 19:11 |
| noonedeadpunk | it depends on what is tested there | 19:11 |
| jrosser | which is define that in some group/host vars for like container1/container2 etc | 19:11 |
| noonedeadpunk | as openstack.osa.ssh mainly tricky for lxc_host -> lxc_container rather then deploy_host -> lxc_host connection | 19:12 |
| noonedeadpunk | or well... | 19:12 |
| jrosser | this is doing deploy_host (my vm) ssh -> lxc_host (the docker container) -> then into lxc | 19:12 |
| jrosser | ^ i only got half way down that so far | 19:13 |
| noonedeadpunk | I guess my question there would be - where you get from lxc container details? | 19:13 |
| jrosser | i make an extra static hosts in the molecule inventory | 19:14 |
| noonedeadpunk | as there are so many assumptions based on dynamic_inventory in lxc_container_create | 19:14 |
| noonedeadpunk | aha | 19:14 |
| noonedeadpunk | ok, and together with host_vars - this may work indeed | 19:14 |
| jrosser | i think it would be best to ignore the dynamic inventory and copy the much simpler stuff from how the tests repo used to do this | 19:15 |
| noonedeadpunk | true | 19:15 |
| jrosser | which really was just setting physical_host and some other minimal thing | 19:15 |
| noonedeadpunk | and then cover dynamic_inventory with python tests instead | 19:15 |
| noonedeadpunk | (if it's not yet) | 19:15 |
| jrosser | what i was aiming to do was replace `openstack-ansible-functional-ubuntu-*` in the plugins repo | 19:17 |
| jrosser | which needs as a minimum lxc_hosts / lxc_container_create to test the ssh connection plugin | 19:17 |
| jrosser | the others are much simpler | 19:18 |
| noonedeadpunk | so I guess that's why I was surprised - I don't see functional jobs for lxc_hosts | 19:19 |
| noonedeadpunk | neither for lxc_container_create | 19:19 |
| noonedeadpunk | as I was kind of under impression that all functional ones that present are already replaced | 19:20 |
| jrosser | ahhh i see | 19:20 |
| noonedeadpunk | I was checking with https://codesearch.openstack.org/?q=openstack-ansible-role-jobs&i=nope&literal=nope&files=&excludeFiles=&repos= though | 19:20 |
| jrosser | i was just working initially in the lxc_hosts repo as its much easier to debug that role + molcule like that, rather than as an installed dependancy | 19:20 |
| noonedeadpunk | or well. last one was plugins actually... | 19:21 |
| jrosser | probably a shift over into lxc_container_create tomorrow for that bit, then finally have something ready to drop into plugins | 19:22 |
| noonedeadpunk | ah, and you're likely was working speicifcally on plugins | 19:22 |
| *** jamesdenton_ is now known as jamesdenton | 19:24 | |
| opendevreview | Merged openstack/openstack-ansible-lxc_container_create stable/2024.2: Solving naming issue of OVS ports for lxc https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/938645 | 19:53 |
| opendevreview | Merged openstack/openstack-ansible-os_skyline stable/2024.2: Ensure proper db connection string with SSL enabled https://review.opendev.org/c/openstack/openstack-ansible-os_skyline/+/938464 | 19:57 |
| opendevreview | Merged openstack/ansible-role-pki master: Add molecule testing https://review.opendev.org/c/openstack/ansible-role-pki/+/831236 | 20:44 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_networkd master: Replace functional tests with molecule https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/938517 | 20:59 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/ansible-role-systemd_networkd master: Install role pre-requisite packages https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/938560 | 20:59 |
| opendevreview | Jonathan Rosser proposed openstack/ansible-role-systemd_networkd stable/2024.2: Restart systemd-networkd on routes changes https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/938699 | 21:02 |
| opendevreview | Jonathan Rosser proposed openstack/ansible-role-systemd_networkd stable/2024.1: Restart systemd-networkd on routes changes https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/938700 | 21:02 |
| opendevreview | Merged openstack/openstack-ansible-lxc_container_create stable/2024.1: Solving naming issue of OVS ports for lxc https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/938646 | 23:16 |
| opendevreview | Merged openstack/openstack-ansible-repo_server master: Remove not used paths on repo-server https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/938268 | 23:21 |
| opendevreview | Merged openstack/openstack-ansible-repo_server master: Fix tags usage for the role https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/938269 | 23:21 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!