Monday, 2025-11-10

« Saturday, 2025-11-08 Index Tuesday, 2025-11-11 »
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/2025.1: Set Rocky 9 molecule test as non-voting  https://review.opendev.org/c/openstack/openstack-ansible/+/96625807:59
jrosserwe seem to be missing `liberasurecode` on rocky for swift role08:59
noonedeadpunkmornings09:19
noonedeadpunkdo we have a related failure somewhere?09:19
noonedeadpunktil: https://github.com/openstack/liberasurecode09:21
noonedeadpunkso we were taking it from the rdo?09:22
noonedeadpunkas it does not seem to be ever in some more widespread repos09:24
noonedeadpunkdamiandabrowski: btw. do you know if we have plans to add openbao driver to ssh_keypairs role? As that would kinda make sense for 2026.1?09:48
damiandabrowskididn't thought about it before, but it would make sense indeed09:49
jrossernoonedeadpunk: here on centos10 https://zuul.opendev.org/t/openstack/build/9cff0576602c426e958ceee85535df47/log/job-output.txt#1413209:56
jrossersame for rocky10 https://zuul.opendev.org/t/openstack/build/f21ae5f9ead142ac904826f5777c8f02/log/job-output.txt#1328109:56
jrosseri was just noticing that we have still a few of these to fix https://review.opendev.org/q/topic:%22osa-wsgi-module%22+status:open09:57
noonedeadpunkdamn, I clean forgot about this topic09:58
jrosseri think mistral and aodh are probably good now09:59
jrosserthe -1 might not be right10:00
noonedeadpunkyeah, I assume that it's wrong at this point - posted recheck already to get new logs10:05
noonedeadpunkbut I indeed not sure what to do with liberasurecode except build c code from source, which is /o\10:06
noonedeadpunkmaybe worth checking RDO on master....10:07
noonedeadpunkCI was very red there last time I checked10:07
noonedeadpunkand also RDO might not exist really soon. It's still unclear if there will be release for 2026.1 for it at all10:07
jrosseri wonder what swift does (maybe nothing?)10:13
noonedeadpunkit does in case of using EC10:19
jrosseri don't think there is any rhel-10-ish jobs though10:20
jrosseronly centos-9-stream10:20
noonedeadpunkwell there was smth? https://trunk.rdoproject.org/centos10-master/report.html10:21
noonedeadpunknot sure though10:21
noonedeadpunkhttps://trunk.rdoproject.org/centos10-master/consistent/10:22
noonedeadpunkbut probably not deps10:23
noonedeadpunkso it's here https://trunk.rdoproject.org/centos10-master/deps/latest/x86_64/10:24
noonedeadpunkand it's present10:24
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Install master RDO deps  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/96651510:29
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ironic master: Add apparmor rules for ironic inspector  https://review.opendev.org/c/openstack/openstack-ansible-os_ironic/+/95100311:06
noonedeadpunklet's see if that's gonna help11:07
opendevreviewDamian DÄ…browski proposed openstack/ansible-role-pki master: Add hashi_vault backend  https://review.opendev.org/c/openstack/ansible-role-pki/+/94888111:41
jrosserstill not sure why we don't use signed_by instead of these paths in the user facing data structure for vault12:10
jrossereven if it ends up pointing to `pki_{{ blah.signed_by }}` for the actual path in vault12:10
noonedeadpunkso like https://paste.openstack.org/show/bMqPFpZ8M3AX6qoODG46/ ?12:11
noonedeadpunkor well, it should be name, I guess...12:12
noonedeadpunkpretty much as name is irrelevant is there...12:15
noonedeadpunkso to create intermediate, request need to go to `pki_root/root/sign-intermediate`12:15
noonedeadpunkand when you issue root it is `pki_root/root/generate/internal`12:16
noonedeadpunkand `pki/intermediate/generate/internal` for intermediate generation (first one was to sign)12:17
noonedeadpunkbut indeed, we could rename vault_root_ca_path -> signed_by12:17
noonedeadpunkif that's what you meant12:18
noonedeadpunkdamiandabrowski: ^12:19
damiandabrowskiwe can rename vault_root_ca_path to signed_by12:27
damiandabrowskiI didn't do this before because I wanted to avoid a situation where we have the same variable(signed_by) that accepts different values depending on the backend(cert name for standalone, vault path for hashi_vault).12:27
damiandabrowskibut maybe you don't see it as a problem12:28
damiandabrowskiand its name -  vault_root_ca_path was more explicit that this variable is about the vault path12:28
damiandabrowskiso that was the reason why I implemented it that way, but I don't have a strong opinion here.12:29
damiandabrowskiIf you think it's better to rename it to signed_by, I'm okay with this12:29
noonedeadpunkwe'd need another vote on the bump: https://review.opendev.org/c/openstack/openstack-ansible/+/96649613:14
opendevreviewMerged openstack/openstack-ansible stable/2025.1: Set Rocky 9 molecule test as non-voting  https://review.opendev.org/c/openstack/openstack-ansible/+/96625813:20
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_tacker master: Fix usage of modules via FQCN  https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/96655313:35
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-pki master: Add hashi_vault backend  https://review.opendev.org/c/openstack/ansible-role-pki/+/94888114:20
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-ops master: DNM: Test updating mcapi versions to latest  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/96656314:22
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-os_magnum master: DNM: Test mcapi CI  https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/96656414:24
opendevreviewIvan Anfimov proposed openstack/openstack-ansible-os_tacker master: Remove deprecated run_tests/vagrantfile  https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/96090114:35
opendevreviewIvan Anfimov proposed openstack/openstack-ansible-os_tacker master: Remove functional test environments from tox.ini  https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/96090314:35
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-ops master: DNM: Test updating mcapi versions to latest  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/96656314:53
mnaserandrewbonney: hey!  just saw your pr for the facts, is there an ansible-lint option we can toggle to static scan this/14:54
andrewbonneyI'm not familiar enough I'm afraid, but jrosser or noonedeadpunk may know (this is re: inject facts)14:55
mnasercontext: https://github.com/vexxhost/ansible-collection-containers/pull/72 :)14:55
jrosserahha i was looking for that just earlier14:55
noonedeadpunkI'm not sure about the ansible-ling, but there is for molecule...14:56
jrosserlike not really according to this https://github.com/ansible/ansible-lint/discussions/345714:56
mnaserah we use molecule to run all these so we can flip that14:56
noonedeadpunkthat's what we have: https://opendev.org/openstack/ansible-role-pki/src/branch/master/molecule/default/molecule.yml#L30-L3214:57
noonedeadpunkso doing same for your molecule config should do the trick14:57
mnaserok cool cool14:58
mnaserbtw what we've been doing is using delegated inventory in molecule so we feed it the zuul inventory.yaml and we're able to have molecule exec natively directly into it14:58
mnaseressentially molecule.yml is as small as this: https://github.com/vexxhost/ansible-collection-containers/blob/main/extensions/molecule/docker/molecule.yml -- and the nwe copy the zuul inventory file in the task before the one that runs molecule14:59
mnaserand so we can just test against any platform against a native zuul vm14:59
noonedeadpunkoh, that's neat actually15:00
jrosserwhat do you do for local hacking?15:00
mnaserthat is the part that remains not user friendly lol15:00
mnaserbut i've come to terms with a big red warning in prepare.yml that says15:01
mnaserthis is going to blow up your system because it is going to run against localhost15:01
mnaserway too many quirks with docker based testing in my experience that gets you not a real experience :\15:01
jrosseroh yes we have also a bad experience with this15:02
mnaseralso the nice thing with this approach is its entirely ssh based, so any of those weird things that dont get uncovered bc it tries to use local or system python..15:02
mnaserthey are all eliminated because its pure ssh15:02
noonedeadpunkI kinda can recall some networking challanges if you'd want to have your hosts connected in a "special" way in zuul?15:02
mnaserso the build node usually has an ssh key that can ssh to itself15:02
mnaserand so that.. just works15:02
mnaserhttps://zuul.oss.vexxhost.dev/build/b0cda8ed24ee4b9e91060c8e39b78925/console15:03
noonedeadpunkwell, I'm more thinking about multi-node things15:03
mnaseryeah if you need to expose a network across multiple nodes or something like lets say keepalived, then yeah that will be tricky15:03
mnaserbut you can always use the multinode roles to get the vxlan/etc bridge wired and then use that in your role downstream15:04
noonedeadpunkoh, yes, true15:04
noonedeadpunkso then it's more tradeoff of local testing vs CI testing kinda15:05
jrosseri think i am still having nightmares about trying to test the connection plugin with molecule15:06
jrosserit so really does not want to do that15:06
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-ops master: DNM: Test updating mcapi versions to latest  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/96656315:07
mnaseranyways its an interesting approach that you can keep at the back of your mind if it comes in handy :) certainly made our testing easier and more "realistic"15:07
noonedeadpunkbut then for other chunk of stuff it's really neat to spend 5 mins on local test to ensure you didn't broke anything15:07
noonedeadpunkit's really nice one, and I didn't realize it's actually possible15:07
noonedeadpunkso thanks for sharing it!15:08
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-ops master: DNM: Test updating mcapi versions to latest  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/96656315:08
mnaserim gonna get the ci fixed since its trying to deploy python 3.14rc right now, and get andrew change landed, and then enable that ci option so we dont break again15:08
andrewbonneythanks!15:08
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-role-python_venv_build master: Define trusted host for wheels build  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/96640415:23
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-ops master: DNM: Test updating mcapi versions to latest  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/96656315:27
mnaserandrewbonney: looks like testing caught a few other instances, ill try an addres sthem in my pr15:28
mnaseraffecting rockylinux-915:28
andrewbonneyah ok, I was only testing on ubuntu so that makes sense15:28
mnaserhttps://github.com/vexxhost/ansible-collection-containers/pull/74 if curious15:29
noonedeadpunkit's so annoying that there's no nice way to test collections still...15:39
noonedeadpunkbut it's a smart layout :)15:39
opendevreviewAndrew Bonney proposed openstack/openstack-ansible-ops master: DNM: Test updating mcapi versions to latest  https://review.opendev.org/c/openstack/openstack-ansible-ops/+/96656315:59
mnaserdo you guys point to commits of the collection or releases?16:05
mnaseraka would you like a release for the collection or not necessary?16:05
noonedeadpunkI think we should be able to install just with SHA, so release is highly optional, imo16:05
jrosserhmmm `osa_toolkit.generate.MultipleIpForHostError: Host aio1 has both 162.253.55.186 and 162.253.55.70 assigned`16:36
jrosserwonder what that is16:36
jrosserargh doh https://github.com/openstack/openstack-ansible-ops/blob/master/mcapi_vexxhost/playbooks/files/openstack_deploy/conf.d/k8s.yml16:56
jrosserthat really needs to template in these two things https://opendev.org/openstack/openstack-ansible/src/branch/master/tests/roles/bootstrap-host/defaults/main.yml#L119-L12016:56
jrosser /o\ so much complexity here with the driver playbooks being out of tree16:56
jrossernot sure what to do about this tbh as it's just a `copy:` module currently to drop the config file into place17:04
jrossernoonedeadpunk: if you have any good idea here ^17:16
noonedeadpunk[e]I need to finally figure out missing part for azimuth and move that all together...17:20
noonedeadpunk[e]There was just some extra helm charts which needed to be present in k8s for it to work....17:21
jrosseri think we kind of broke things with this https://github.com/openstack/openstack-ansible/commit/31f12f54eaccd3ff5a458cb8593897a46b2d923a17:25
jrosserwe dont have access to the `bootstrap_*` variabled except in the bootstrap-host role17:26
opendevreviewMerged openstack/openstack-ansible-plugins stable/2025.1: Revert "Set Ansible config directory to /tmp for molecule"  https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/96624817:42
opendevreviewMerged openstack/openstack-ansible-os_tacker master: Fix usage of modules via FQCN  https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/96092020:29
opendevreviewMerged openstack/openstack-ansible-os_tacker master: tox: Remove ineffective ignore_basepython_conflict and bump minimum version  https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/96090220:29
opendevreviewMerged openstack/openstack-ansible-os_tacker master: Remove deprecated run_tests/vagrantfile  https://review.opendev.org/c/openstack/openstack-ansible-os_tacker/+/96090120:29
« Saturday, 2025-11-08 Index Tuesday, 2025-11-11 »

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!