| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-plugins master: DNM: - Debug ssh connection to centos docker image https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/940772 | 10:16 |
|---|---|---|
| opendevreview | Merged openstack/ansible-role-systemd_networkd master: Allow to apply only overrides to the network interface https://review.opendev.org/c/openstack/ansible-role-systemd_networkd/+/940324 | 10:39 |
| opendevreview | Merged openstack/openstack-ansible-os_octavia master: Switch from focal to jammy based amphora image for CI testing https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/939697 | 10:49 |
| noonedeadpunk | jrosser: have you ever seen that? https://github.com/ansible-collections/community.general/blob/main/plugins/connection/lxc.py | 10:56 |
| noonedeadpunk | There's also for lxd and incus... | 10:56 |
| noonedeadpunk | I wonder if our connection plugin is kind of replaceable by this | 10:57 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia stable/2024.2: Switch from focal to jammy based amphora image for CI testing https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/940775 | 10:58 |
| jrosser | noonedeadpunk: i think that the limitation is this https://github.com/ansible-collections/community.general/blob/main/plugins/connection/lxc.py#L55 | 12:08 |
| jrosser | this plugin has been around for a very long time but i am not sure it has any concept like our "physical_host" | 12:08 |
| noonedeadpunk | huh, ok, as it seems it's not a limitation for incus | 12:14 |
| noonedeadpunk | https://github.com/ansible-collections/community.general/blob/main/plugins/connection/incus.py#L35-L42 | 12:15 |
| noonedeadpunk | btw I was told there's a way for making argument spec with nested structures (like list of mappings), it's just not documented very well | 12:38 |
| noonedeadpunk | and ansible-lint has autofix feature - so we can move to fqcn quite easily | 12:39 |
| jrosser | yes the incus remote relies on a API, so you'd have to have suitable connectivity between your deploy hosts and the incus hosts to make that work | 13:25 |
| jrosser | ssh bastion -> sad times i think | 13:25 |
| opendevreview | Jonathan Heathcote proposed openstack/openstack-ansible-os_ironic master: Migrate to from removed idrac-wsman to idrac-redfish https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/940797 | 15:23 |
| jrosser | noonedeadpunk: here is why we cannot login to centos docker image https://paste.opendev.org/show/bKc8ENa6FVCDNJsui6jQ/ | 16:44 |
| frickler | root bad. nice ;) | 17:15 |
| jrosser | on the host i see this [ 6705.486208] audit: type=1400 audit(1738774556.213:125): apparmor="DENIED" operation="capable" class="cap" profile="unix-chkpwd" pid=7709 comm="unix_chkpwd" capability=1 capname="dac_override" | 17:18 |
| jrosser | as immediately before the PAM error inside the container there is `unix_chkpwd[578]: could not obtain user info (root)` | 17:19 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-plugins master: DNM: - Debug ssh connection to centos docker image https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/940772 | 18:15 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-plugins master: DNM: - Debug ssh connection to centos docker image https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/940772 | 18:24 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-plugins master: DNM: - Debug ssh connection to centos docker image https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/940772 | 18:55 |
| opendevreview | Jonathan Rosser proposed openstack/openstack-ansible-plugins master: DNM: - Debug ssh connection to centos docker image https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/940772 | 19:20 |
| noonedeadpunk | jrosser: so, that pretty much kind of same issue in both cases? | 20:02 |
| noonedeadpunk | as another failure for cetnos - was sudo requires password for root? | 20:02 |
| jrosser | noonedeadpunk: you see the apparmor error on the host | 20:02 |
| jrosser | and the pam error in the docker container | 20:02 |
| jrosser | and now i am stuck with disabled sudo | 20:02 |
| jrosser | becasue i think of this https://opendev.org/zuul/zuul-jobs/src/branch/master/playbooks/tox/run.yaml#L3 | 20:03 |
| jrosser | but i still have no real idea at all about the root cause of the failure, why for example rocky is ok | 20:03 |
| jrosser | but it seems that `aa-teardown` is sufficient to make it work in my held node | 20:04 |
| jrosser | but of course i can login there as root | 20:04 |
| noonedeadpunk | I;m really thinking if we should be using ansible-dev-environment also in CI... as then we should be able to match controller OS with "host" os - which you may normally see in production | 20:06 |
| noonedeadpunk | but this unlikely to solve sudo issue in any way | 20:07 |
| noonedeadpunk | (as then same issue will be on "control" container) | 20:08 |
| noonedeadpunk | btw Iwas asked quite some times today about our roles and if they could be used without openstack. In context of systemd and PKI at the very last. | 20:10 |
| noonedeadpunk | *least | 20:10 |
| noonedeadpunk | so seams what we do in general makes quite some sense to people | 20:10 |
| jrosser | thats nice to hear | 20:22 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!