| opendevreview | Merged openstack/openstack-ansible unmaintained/2023.1: Update .gitreview for unmaintained/2023.1 https://review.opendev.org/c/openstack/openstack-ansible/+/940523 | 08:53 |
|---|---|---|
| opendevreview | Merged openstack/openstack-ansible master: reno: Update master for unmaintained/2023.1 https://review.opendev.org/c/openstack/openstack-ansible/+/940524 | 09:44 |
| jrosser | o/ morning | 10:32 |
| opendevreview | Merged openstack/ansible-role-python_venv_build stable/2024.2: Find wheel links inside of the directory https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/940511 | 10:42 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-ops master: Respect defined version and source of mcapi driver https://review.opendev.org/c/openstack/openstack-ansible-ops/+/940217 | 12:25 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-ops master: Fix a typo in mcapi_vexxhost_proxy_git_constraints https://review.opendev.org/c/openstack/openstack-ansible-ops/+/940218 | 12:26 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-ops master: Move variables defenition from playbook level for mcapi proxy https://review.opendev.org/c/openstack/openstack-ansible-ops/+/940220 | 12:26 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-ops master: [doc] Add brief documentation for mcapi proxy https://review.opendev.org/c/openstack/openstack-ansible-ops/+/940222 | 12:26 |
| opendevreview | Merged openstack/openstack-ansible-galera_server master: Extend example playbook to contain valid values https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/939740 | 12:54 |
| opendevreview | Merged openstack/openstack-ansible-plugins master: Fix remote_user with ssh connection plugin https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/939829 | 14:01 |
| jrosser | did we work out why molecule was failing a lot here https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/939898 | 14:06 |
| noonedeadpunk | no not really. I'ts also weird in exact same way here: https://zuul.opendev.org/t/openstack/build/b1a8d2f9352947ef930b8e7b473916bc | 14:09 |
| noonedeadpunk | btw, TIL: https://github.com/ansible/ansible-dev-environment | 14:10 |
| noonedeadpunk | it could be very useful for molecule runs | 14:11 |
| noonedeadpunk | as it takes care of python dependencies as well | 14:12 |
| jrosser | oh and i remember now - the functional tests are really very broken | 14:17 |
| * jrosser context switching | 14:18 | |
| noonedeadpunk | ah, functional tests... let's drop them right away from there, once we get molecule passing... | 14:20 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-plugins stable/2024.2: Fix remote_user with ssh connection plugin https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/940633 | 14:25 |
| alvinstarr | I was looking more at setting up l3 segments for my external providers. | 14:31 |
| noonedeadpunk | yeah, so I think you need to look at ovn-bgp-agent | 14:35 |
| noonedeadpunk | and latest version of osa should support it | 14:36 |
| jrosser | i think it depends exactly what is needed tbh | 14:36 |
| noonedeadpunk | though most tricky part is actually on how to configure it, as here osa acts just as a framework to install things for you and variables for configuration | 14:36 |
| jrosser | becasue you can have provider networks made up of multiple L3 without any bgp | 14:36 |
| noonedeadpunk | well, true, yes | 14:36 |
| jrosser | alvinstarr: do you have a more specific description of what you want to do? | 14:37 |
| jrosser | like instances directly connected to these segmented networks | 14:37 |
| jrosser | or floating IP, or whatever, as thats kind of super important to decide the right solution | 14:37 |
| noonedeadpunk | I realized today that I stuck somewhere in 2020 regarding Ansible overall... | 14:37 |
| * noonedeadpunk at cfgmgmt | 14:38 | |
| noonedeadpunk | I also learned about https://github.com/ansible-lockdown which kinda makes me wonder about our hardening stuff | 14:39 |
| jrosser | that looks 10000000x more active than ansible-hardening | 14:40 |
| noonedeadpunk | but it's somehow consist of too much things.... | 14:40 |
| noonedeadpunk | and STIG is hidden only under paid subscription or smth.... | 14:41 |
| opendevreview | Merged openstack/openstack-ansible master: Pretty-print Ansible log messages as YAML https://review.opendev.org/c/openstack/openstack-ansible/+/940443 | 15:03 |
| alvinstarr | jrosser: I have several L2 links to my local ISP that I would like to look like a single upstream feed to my users/projects. | 15:18 |
| alvinstarr | More or less as described in https://docs.openstack.org/neutron/latest/admin/config-routed-networks.html | 15:18 |
| jrosser | alvinstarr: but you want to route your entire L3 allocation down one/the other/both of these links to your ISP? | 15:20 |
| jrosser | neutron L3 segments divide some larger address space up into smaller spaces, then assign (for example) compute nodes in rack 1 to segement 1, rack 2 to segment 2 and so on | 15:22 |
| alvinstarr | jrosser: I have multiple smallish L3 networks assigned at this point and each one is separately routed. | 15:51 |
| alvinstarr | I would like them to look like a single external network for the users/projects | 15:51 |
| jrosser | i am not sure that neutron routed segments helps you there - it is there more to allow segmentation of a very large network into smaller networks, allowing a L3 datacenter topology rather than having large L2 domains | 15:54 |
| jrosser | you can put multiple neutron subnets inside one neutron network though, which perhaps sounds a bit more like what you want | 15:55 |
| jrosser | as an example, my external network was originally a /24, and later we added another /24 in a second neutron subnet | 15:55 |
| alvinstarr | That sounds like what we are looking for. | 15:56 |
| jrosser | so here in the external network config there are multiple subnets defined https://paste.opendev.org/show/bR1yB4477k9xSmMKDHW2/ | 16:01 |
| jrosser | the thing to note is that the network type (vlan for me) and segmentation id (vlan id) is defined at the neutron network level | 16:01 |
| jrosser | so your switches have to be happy to configure multiple subnets/gateway IP in the same vlan | 16:02 |
| jrosser | on nxos you would add additional `ip address <cidr> secondary` statements to your vlan interface config | 16:04 |
| jrosser | alvinstarr: it's quite possible that you could achieve the same thing with routed segments with all the segments on all the nodes, rather than spread around like the documentation suggests | 16:11 |
| jrosser | this would certainly need testing to see if it worked | 16:12 |
| alvinstarr | Currently I have the networks on separate VLANs but that could be reworked. | 16:21 |
| jrosser | right - so the very bottom of the page you linked has an example of that for neutron segments | 16:26 |
| alvinstarr | How would I create this in openstack-ansible? | 17:37 |
| jrosser | alvinstarr: if you already have the different provider networks in vlans, and you've configured a provider network as type vlan already in openstack, there is nothing really you need to do with openstack-ansible | 18:27 |
| jrosser | just use the neutron commands to define the networks/segments/subnets as described in the neutron documentation | 18:27 |
| jrosser | openstack-ansible configuration is more about defining the mapping between physical ports and logical networks in neutron | 18:28 |
| opendevreview | Merged openstack/openstack-ansible-os_ironic stable/2024.2: Fix quorum queue support for ironic-inspector https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/940520 | 20:14 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!