Saturday, 2025-04-12

« Friday, 2025-04-11 Index Sunday, 2025-04-13 »
f0oMorning!06:12
f0oI noticed swift-object-expirer wasnt installed with distro on Ubuntu Jammy and it turns out it has its own package now. No idea how it is with Rocky/Centos06:12
f0oAlso saw that swift tries to deploy mlocate daily cron but doesnt actually install it. mlocate is deprecated (at least on ubuntu) for plocate. How is it used inside swift? Do we actually need it?06:13
f0oquick grep over the swift codebase didnt find any references to [mp]locate or locatedb or similar06:20
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-os_swift master: Remove seemingly unsused mlocate cronjob  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/94705006:22
opendevreviewMerged openstack/openstack-ansible master: [doc] Update docs on how to use inventory scripts  https://review.opendev.org/c/openstack/openstack-ansible/+/94603006:50
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-plugins master: Move regenerate handler into task to trigger more reliably  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/94699807:37
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-plugins master: Flush Handlers to regenerate trusted_ca early  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/94699807:37
noonedeadpunkf0o: are you using distro install? or was just checking different code paths?07:40
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Move zuul preparation for role/collection bootstrap  https://review.opendev.org/c/openstack/openstack-ansible/+/93915107:40
f0onoonedeadpunk: I am07:41
f0obut if you refer to the mlocate thing, I was looking at the swift codebase itself. The packages dont recommend/suggest m/plocate at all either07:42
f0oso this daily-cron is at best a noop since crontab isnt installed but in worst case it will just fail because [mp]locate isnt installed07:42
f0oand I cant find any references to it anywhere other than "by default mlocate excludes xfs" from the commit-msgs which doesnt explain why it was needed to start with07:43
noonedeadpunkyeah, might be fair to drop it07:43
noonedeadpunkI guess it was just added for operator to search for files on the storage07:44
f0opossibly07:44
f0owas a bit funny to see it checking for battery state07:44
noonedeadpunkI wonder if removal of mlocate really depends on all these other changes07:50
noonedeadpunkit looks safe to rebase it to master directly07:51
noonedeadpunkand also it's the easiest one to vote on right away :D07:51
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-haproxy_server master: Add custom errorfiles  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/94661707:52
f0o^ just now saw your comment on this one, sorry for the delay07:52
f0onoonedeadpunk: I can probably remove it from the set and make it a standalone change07:53
noonedeadpunkit;s also in merge conflict it seems07:53
f0o(the mlocate thing)07:53
noonedeadpunkyou can rebase i gerrit directly07:53
f0ooh neat07:53
noonedeadpunk*in gerrit07:53
f0onoonedeadpunk: regarding the whitespace, isnt it needed for the | block to continue? I'm not YAML native07:54
noonedeadpunkI think not?07:55
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-os_swift master: Remove seemingly unsused mlocate cronjob  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/94705007:55
f0ono clue :D07:55
f0obut I can remove it, it's only an example anyway07:55
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-haproxy_server master: Add custom errorfiles  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/94661707:56
noonedeadpunkbtw, you can also `content: lookup('file', 'etc/openstack_deploy/haproxy/500.http')`07:56
f0oAh yes that's what I was going to use for when its merged but I think the example should just show that the contents are almost verbatim07:57
noonedeadpunkoh, just "{{ lookup(...) }}" ofc07:57
noonedeadpunk++07:57
noonedeadpunkok, cool07:57
noonedeadpunkright07:57
f0oI mean either way. if it's verbatim then non-ansible people (like me) understand that its just a long string07:57
f0oif its a function you need to know what the function is07:57
noonedeadpunkyes, absolutely. jsut decided to mention that it's a thing07:57
noonedeadpunkwas not suggestign to change the example :)07:58
f0oI can add it in the comments too07:58
f0oadd a 2nd one with the func07:58
f0ojust to cover all bases07:58
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-haproxy_server master: Add custom errorfiles  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/94661707:59
noonedeadpunkabout generating rings on repo server - I was actually looking at imports here https://opendev.org/openstack/openstack-ansible-os_swift/src/branch/master/templates/swift_rings.py.j2#L18-L1908:02
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-haproxy_server master: Add custom errorfiles  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/94661708:03
f0orebased :)08:03
noonedeadpunkand realized that we'd need then to install swift on repo server, which is not good at all08:03
f0othat is true08:03
noonedeadpunkfrom other side - I realized why we needed to copy to the rings to deploy host and then to swift08:03
f0oyou can install swift on the utility server and then move the rings to the repo server :|08:03
noonedeadpunkas in case of distro upgrade - it's vital not to drop the first swift container08:04
noonedeadpunkas rings are pretty much stateful?08:04
f0oI dont think they are actually08:04
noonedeadpunkah, ok08:04
f0oif the same disks and zones and hosts exist then you can just rebuild them straight away08:04
f0oat least that's what my back of the head is telling me from Mitaka times08:05
noonedeadpunkbut still some safegurads are probably needed in case the first container is unreachable08:05
noonedeadpunk(but maybe not)08:05
f0othe rings will always rebuild entirely when the topology changes (add/remove hosts or disks or zones)08:05
f0oand then the object replicator will handle the shuffling of data afaik08:05
noonedeadpunkI need to keep thinking on it :D08:05
noonedeadpunkyeah, actually building on utitilty might be good08:05
noonedeadpunkas potentially swift-common is installed with pythonclient even... or maybe not...08:06
f0othat I dont know :S08:06
noonedeadpunkit's not08:09
noonedeadpunkok, so if it's safe to rebuild rings - then I guess what you did makes most sense08:09
f0oI guess we can always check with the swift people08:11
f0oI think I can also rebase the systemd timers out of the set, those are pretty standalone too08:14
noonedeadpunkyeah, probably08:23
noonedeadpunkbtw08:24
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-os_swift master: Migrate cronjobs to systemd-timers  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/94699108:24
noonedeadpunkI think you'd need to add task to clean-up old cron jobs?08:24
f0ohrm possibly08:24
f0oprobably the same with the mlocate thing then08:26
noonedeadpunkI left the comment08:26
noonedeadpunkjust also plase add some comment to drop this clean-up in 2025.208:26
noonedeadpunkyeah, makes sense for mlocate as well08:27
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-os_swift master: Migrate cronjobs to systemd-timers  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/94699108:28
f0o^ like this?08:28
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-os_swift master: Remove seemingly unsused mlocate cronjob  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/94705008:31
f0onoonedeadpunk: speaking of a different change; it seems that using meta:flush_handlers in the ssh_keypairs role does work; at least the CI is passing08:40
noonedeadpunkf0o: tbh I was thinking of adding it as the last task of main.yml09:37
f0othe flush_handlers? sure09:39
noonedeadpunkflush_handlers, yes09:40
noonedeadpunkand I left comment ofr https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/94699109:40
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-plugins master: Flush Handlers to regenerate trusted_ca early  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/94699809:40
f0o^ moved it to main.yml09:40
f0oFixing your remarks09:41
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-os_swift master: Migrate cronjobs to systemd-timers  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/94699109:42
f0onoonedeadpunk: I looked into why rocky is failing and the only thing I can think of is that sshd isnt restarted/reloaded after the swift principal config was added. I dont know why it would matter for rocky but not ubuntu but maybe there's some OS specific shenanigans going on there09:57
f0obut this is also the only step in the entire CI run that actively tries to use the sshca to log in09:59
f0okeystone's fernet distribution is skipped so that's not using it09:59
noonedeadpunkiirc - ssh.conf.d is not included for rocky by default11:12
noonedeadpunkor smth like that11:12
noonedeadpunkso sshd restart isrequired there11:12
noonedeadpunkbut I think you should be able to add `Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/946998` to the patch 11:13
noonedeadpunkf0o: ^11:13
noonedeadpunkthen these 2 will be tested together, and I'd guess it will also trigger ssh restart timely11:13
f0ogotcha11:25
f0oI'm a bit confused on which of the changes tho11:26
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-os_swift master: Migrate ring distribution to SSHCA  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/94705411:27
f0ohrm this didnt work11:27
opendevreviewDaniel Preussker proposed openstack/openstack-ansible-os_swift master: Migrate ring distribution to SSHCA  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/94699011:28
f0oso like this ^ ?11:28
noonedeadpunkyeah, that looks good11:39
f0othat didnt do the trick11:50
f0ooh nvmd non-voting failed unable to install stuff11:50
f0odoesnt seem to work12:06
f0oit still flushes all handlers12:06
f0oso it tries to restart the swift services before they're configured12:06
opendevreviewIvan Anfimov proposed openstack/openstack-ansible master: WIP  https://review.opendev.org/c/openstack/openstack-ansible/+/94705512:10
opendevreviewIvan Anfimov proposed openstack/openstack-ansible master: WIP  https://review.opendev.org/c/openstack/openstack-ansible/+/94705512:11
opendevreviewIvan Anfimov proposed openstack/openstack-ansible master: docs: fix for small error  https://review.opendev.org/c/openstack/openstack-ansible/+/94705512:11
f0onoonedeadpunk: I'm trying to alter the CORS headers in haproxy for only one service (Swift obviously) do you happen to know how easy/hard this is to accomplish? 13:14
f0oI can leverage `haproxy_backend_options` but I dont know where I should set this13:21
jrosserf0o: each haproxy service is setup in the inventory group vars like this https://github.com/openstack/openstack-ansible/blob/master/inventory/group_vars/swift_all/haproxy_service.yml13:22
f0ocan I just override that by defining haproxy_swift_proxy_service>haproxy_backend_options in my user_variables.yml ?13:25
jrosseryou have to override the whole thing13:25
f0o:<13:25
f0ohttps://github.com/openstack/openstack-ansible/blob/master/inventory/group_vars/swift_all/haproxy_service.yml#L35 how does this work?13:26
jrosserwait no thats wrong13:26
f0othe haproxy_swift_proxy_service_overrides  specifically13:26
jrosser^ yes that will do it13:26
f0ohaproxy_swift_proxy_service_overrides>haproxy_backend_options:[] ?13:26
f0oI mean I can just yolo it really.. nobody using this yet13:26
jrosserwell kind of - that pattern is used for all of the different haproxy services, swift or otherwise13:27
noonedeadpunkf0o: but isn't cors should be adjusted in swifgt config?13:49
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_swift master: Migrate ring distribution to SSHCA  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/94699013:57
f0onoonedeadpunk: hrm possibly? I cant remember tbh14:41
f0oit was quite easy to just inject the headers with the haproxy setting14:41
noonedeadpunkI just know that for glance, for instance, CORS is handled in a separate section: https://opendev.org/openstack/openstack-ansible-os_glance/src/branch/master/templates/glance-api.conf.j2#L159-L16416:21
noonedeadpunkand siwft also have cors-related options: https://docs.openstack.org/swift/latest/config/proxy_server_config.html#default16:22
f0onoonedeadpunk: yeah there is a cors middleware for swift but I dont think the role supports it16:58
f0oat least the role has nothing regarding cors16:59
f0oI'll add that in on monday16:59
noonedeadpunkWell, role supports everything :D16:59
noonedeadpunkJust use overrides16:59
f0ojust needed to take a break from the ansible stuff and get on with my PoC for swift workloads :D16:59
f0opossibly16:59
noonedeadpunk++16:59
f0oI think for swift it should be solved like horizon does CSP with an explicit setting17:00
f0obecause it's not uncommon to use object storage for SPAs and such which then relies on CORS to a degree17:00
f0ohttps://github.com/openstack/openstack-ansible-os_swift/blob/master/templates/proxy-server.conf.j2 doesnt seem to have overrides17:02
f0oor am I just blind?17:02
noonedeadpunkhttps://github.com/openstack/openstack-ansible-os_swift/blob/master/defaults/main.yml#L54617:12
noonedeadpunkdon't tell you never used overrides so far?17:12
f0oI'm not super used to the concept tbh17:13
noonedeadpunkpretty much the doc is here: https://docs.openstack.org/ansible-config_template/latest/17:13
noonedeadpunkso you can add/modifyu anything in template17:13
f0ooh ok17:13
noonedeadpunkas we're using custom module which supports that17:13
f0oI always assumed it was parsed in some way17:13
f0oand not just dumped into the config17:13
f0oTIL17:13
noonedeadpunkso you can do smth like https://paste.openstack.org/show/buXeWlZnA51Ua0j9hx5U/17:14
noonedeadpunkwe support that for yaml, json and regular conf files only though17:14
noonedeadpunkso in case of haproxy - we had to do tons of weird complexity, as haproxy conf files are in "weird" format17:15
noonedeadpunkbut, we have ability for such overrides for all systemd service files17:15
noonedeadpunkfor proxy server: https://github.com/openstack/openstack-ansible-os_swift/blob/master/defaults/main.yml#L36317:16
noonedeadpunkso you really don't need role support for some fine-tunning17:17
opendevreviewMerged openstack/openstack-ansible-os_swift master: Migrate cronjobs to systemd-timers  https://review.opendev.org/c/openstack/openstack-ansible-os_swift/+/94699117:20
f0o0makes sense17:30
opendevreviewMerged openstack/openstack-ansible master: Update roles for 31.0.0.0b1 release  https://review.opendev.org/c/openstack/openstack-ansible/+/94701420:38
« Friday, 2025-04-11 Index Sunday, 2025-04-13 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!