Wednesday, 2025-08-27

« Tuesday, 2025-08-26 Index Thursday, 2025-08-28 »
opendevreviewOpenStack Proposal Bot proposed openstack/openstack-ansible master: Imported Translations from Zanata  https://review.opendev.org/c/openstack/openstack-ansible/+/95800003:53
opendevreviewMerged openstack/openstack-ansible master: Imported Translations from Zanata  https://review.opendev.org/c/openstack/openstack-ansible/+/95800007:15
opendevreviewMerged openstack/ansible-role-pki master: Add default permissions for certificate, chain, and private key installation  https://review.opendev.org/c/openstack/ansible-role-pki/+/95779810:57
opendevreviewMerged openstack/ansible-role-pki master: Add defaults for ownership of installed files on the target  https://review.opendev.org/c/openstack/ansible-role-pki/+/95784811:54
damiandabrowskinoonedeadpunk: I think that this *-chain.crt problem is not the only issue with octavia right now :/12:29
damiandabrowskiwhen*-chain.crt issue is fixed, octavia CI fails with: https://zuul.opendev.org/t/openstack/build/a085f8e43c1740dbb2ec659838c2df0d12:29
damiandabrowskiit was failing with this error even before we merged https://review.opendev.org/c/openstack/ansible-role-pki/+/956576 (which introduced issue with *-chain.crt)12:30
damiandabrowskiI think it's caused by the fact that firstly, we create octavia endpoint(openstack.osa.service_setup) and then we run octavia_resources.yml which tries to set quotas12:31
damiandabrowskiso at the time when OSA tries to set quota for the service project, octavia endpoint is defined but octavia itself is not yet functional12:31
damiandabrowskiso setting quotas fail12:31
damiandabrowskithat's at least my theory, have we seen this behavior in any other service?12:32
jrossermaybe we had something similar with magnum, i'm not sure12:34
damiandabrowskiopenstack.cloud.quota module introduced support for load_balancer quotas quite recently, it may partially explains why it wasn't an issue before12:36
damiandabrowskihttps://opendev.org/openstack/ansible-collections-openstack/commit/57c63e7918659b4897cc39e50460aba6b40a5936#diff-ca4fad21675b7d9b029b213a9629606546fe700912:36
jrosserdamiandabrowski: there is also an example in keystone i think, where ther federation cannot be configured until the service is completely available12:59
jrosserso there is an extra set of tasks that only execute once the whole deployment is done13:00
jrosser*whole keystone deployment13:00
damiandabrowskihmm... technically speaking, octavia_resources does not create any octavia resources :D13:07
damiandabrowskii just changed tasks order to create resources for octavia(quotas, networks etc.) before octavia endpoint is created and it seems to be working13:08
noonedeadpunkoh, yes, I saw this one13:28
noonedeadpunkbut then on recheck I faced a different one13:30
noonedeadpunkI think we might actually move it to the very end instead13:36
noonedeadpunkif we can....13:37
noonedeadpunkand probably we can't....13:37
mgariepylecacy stuff is annoying..13:38
noonedeadpunkit lkely a new stuff, not legacy13:38
mgariepyi'm complaining about my legacy stuff haha13:38
noonedeadpunkah :D13:38
mgariepyhttps://github.com/openstack/openstack-ansible/blob/unmaintained/zed/playbooks/common-playbooks/neutron.yml#L70-L72 << this doesnt work on lxb network agent in lxc containers.13:39
noonedeadpunkeh13:40
noonedeadpunkI never ran lxb inside of lxc13:40
noonedeadpunkso can't comment at all13:40
mgariepy utils.c: open_without_symlink: 1085 Too many levels of symbolic links - lib in /usr/lib/x86_64-linux-gnu/lxc/lib/modules was a symbolic link!13:40
mgariepylegacy..13:41
mgariepyupgrading since.. kilo i think.13:41
noonedeadpunkI'd expecte that cgroupv2 should be involved there at point of Zed13:41
noonedeadpunkbut not sure13:41
noonedeadpunkor just slightly different caps....13:41
mgariepymeh. i will switch to ovn at some point..13:42
mgariepyjust need to upgrade a bit first..13:42
noonedeadpunkplease write notes on how you did that :)13:42
mgariepyonly vlan involved.13:42
noonedeadpunkah so no vxlans?13:42
mgariepyshould be **easy**13:42
mgariepynop.13:42
mgariepyonly straith VLAN :D we had other requirement for this setup and it was our workaround.13:43
noonedeadpunkdamiandabrowski: I think you're totally on spot with moving endpoints setup down the line, as we obviously need reosourced to be created before config is done13:45
noonedeadpunkand in many roles we have endpoint creation only after post_install13:46
damiandabrowskiokok, working on a patch13:46
noonedeadpunkglance have it even after db migration13:46
noonedeadpunkso does neutron13:46
opendevreviewDamian Dąbrowski proposed openstack/ansible-role-pki master: Fix creation of certs signed by selfsigned issuers  https://review.opendev.org/c/openstack/ansible-role-pki/+/95866114:36
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_octavia master: Create resources for octavia before creating octavia endpoints  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/95866214:38
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_octavia master: Create resources for octavia before creating octavia endpoints  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/95866214:39
noonedeadpunkdamiandabrowski: I commented on it14:45
noonedeadpunkas we're having openstack.osa.service_setup unnaturaly early comapring to other roles14:46
noonedeadpunkbut it will still solve an issue, because ordering of resources/endooints will change14:46
damiandabrowskihmm, i don't see any comment there14:50
noonedeadpunkeh14:51
noonedeadpunkweird14:51
noonedeadpunkbut basically it was about moving openstack.osa.service_setup down after ansible.builtin.import_tasks: octavia_db_sync.yml as we have it there for glance, neutron, placement, etc14:52
noonedeadpunkinstead of moving octavia_resources.yml up14:53
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_octavia master: Create resources for octavia before creating octavia endpoints  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/95866215:09
opendevreviewDamian Dąbrowski proposed openstack/openstack-ansible-os_octavia master: Create resources for octavia before creating octavia endpoints  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/95866215:11
noonedeadpunkdamiandabrowski: crap, we have chicken-egg with octavia16:44
noonedeadpunkwhich explains previous order of things16:44
noonedeadpunkas for octavia_resources we need an octavia user in keystone, to upload an SSH key for it16:45
noonedeadpunkand user is created with service_setup, which also create endpoints16:45
noonedeadpunkso we'll have to split smth...16:47
noonedeadpunkeither do quota later, or endpoint creation...16:48
jrosserput the outliers perhaps like quota into something we do at the end, like keystone/federation16:54
noonedeadpunkI'm thinking that service_setup does execute faster, so probably endpoint creation might be better thing to do16:59
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_octavia master: Create resources for octavia before creating octavia endpoints  https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/95866217:03
opendevreviewMerged openstack/openstack-ansible-tests unmaintained/zed: Remove absent jobs/projects from the project  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/95827017:05
damiandabrowskiah right :/17:17
« Tuesday, 2025-08-26 Index Thursday, 2025-08-28 »

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!