| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-ops master: Add backup capability to Cluster API setup https://review.opendev.org/c/openstack/openstack-ansible-ops/+/971511 | 08:05 |
|---|---|---|
| damiandabrowski | Hey! noonedeadpunk jrosser I think we're ready for next round of reviews in https://review.opendev.org/q/topic:%22osa_hashi_vault%22+and+status:open | 09:40 |
| damiandabrowski | I changed few things which were discussed some time ago: | 09:40 |
| damiandabrowski | - changed default pki paths(pki/ -> pki_root), `pki_int/` stays as is | 09:40 |
| damiandabrowski | - renamed `vault_root_ca_path` in hashi_vault backend to `signed_by`, to share the same var with standalone backend | 09:40 |
| damiandabrowski | - improved docs, added some diagram explaining how pki paths work and where certificates are stored | 09:40 |
| damiandabrowski | - removed `openstack_pki_san` definition from integrated repo | 09:41 |
| damiandabrowski | - added task for hashi_vault backend which ensures that python3-hvac is installed on `pki_setup_host` | 09:41 |
| f0o | Morning; What's the reason for RabbitMQ mgmt's UI being always enabled and seemingly no easy way to disable it? Is it used for something internally? reason I ask is because our Rabbit is very busy churning through internal metrics/stats (channel_queue_exchange_metrics_metrics and queue_metrics_metrics_collector according to `rabbitmq-diagnostics observer`) and I'd like to | 10:59 |
| f0o | either limit those or straight up disable them if they're unused | 10:59 |
| noonedeadpunk | I think you can disable it, right? https://opendev.org/openstack/openstack-ansible-rabbitmq_server/src/branch/master/defaults/main.yml#L100-L102 | 11:08 |
| f0o | noonedeadpunk: yeah usually there's an easy switch for things to en/disable but for management there's your linked rabbitmq_plugins, plus rabbitmq_management_* which suggest it's always sorta enabled, plus group-vars that always configure HAProxy | 11:10 |
| noonedeadpunk | I'm not sure if it's in fact used by anything internal.... | 11:10 |
| noonedeadpunk | but it is in case you're using rabbitmqadmin tool | 11:10 |
| f0o | that's why I wonder, it seems so "expected to be always available" | 11:10 |
| f0o | just by the way it is configured regardless | 11:11 |
| f0o | I dont want to nuke my rabbit haha | 11:11 |
| noonedeadpunk | Hm, I thought that if you don't enable the plugin - you can have it in config, just with no effect | 11:11 |
| noonedeadpunk | But I never tried that tbh | 11:11 |
| f0o_ | Oo | 11:16 |
| f0o_ | how does Cinder instruct Nova to mount an NFS share? I have some discrepancy between the nfs_mount_options supplied in cinder.conf and the effective mount options used on the compute nodes | 14:17 |
| noonedeadpunk | through the api call | 14:18 |
| noonedeadpunk | there are some helper methods which do that | 14:19 |
| f0o_ | I have "rw,nolock,nconnect=8,hard,tcp,rsize=1048576,wsize=1048576,timeo=1200,actimeo=120,noatime,nodiratime" specified but `/proc/mounts` return "rw,relatime,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,local_lock=none" - the big differences are `relatime` instead of the wanted `noatime` as well as different `timeo` settings and the | 14:19 |
| f0o_ | absence of `nconnect` | 14:19 |
| f0o_ | so I wonder if those settings are simply 'stripped'/sanitized from the options somewhere and then the kernel goes ahead and assumes defaults | 14:19 |
| noonedeadpunk | eh, I can't recall these bits now unfortunatelly :( | 14:19 |
| f0o_ | guess I'll check the cinder driver? :D | 14:20 |
| noonedeadpunk | um, I think it's not in the driver itself.... | 14:22 |
| noonedeadpunk | I guess I'd check Nova API which is called during the mount... | 14:23 |
| noonedeadpunk | But in case of NFS it might be, that Nova just do the mount with default options, and indeed cinder does not pass them at all | 14:23 |
| noonedeadpunk | As it's passing basically the storage "object" and Nova figures out what to do with it in it's own | 14:24 |
| noonedeadpunk | So I'd be looking at nova to begin with | 14:24 |
| f0o_ | ok, I just started with os_brick/remotefs object. Hoping it had sometihng to do with it. Maybe I find it in nova again | 14:24 |
| f0o_ | https://github.com/openstack/nova/blob/4b71dab239b4f82d50297ec5bd887c207b43b7ea/nova/virt/libvirt/volume/nfs.py#L41 down the rabbithole I go! | 14:27 |
| f0o_ | I think I found it | 14:36 |
| f0o_ | cinder.volume_attachment SQL table, has connection_info field that describes the NFS mount, however the `options` field of that is set to `null` which means https://github.com/openstack/nova/blob/4b71dab239b4f82d50297ec5bd887c207b43b7ea/nova/virt/libvirt/volume/nfs.py#L46 is null and thus kernel defaults are taken | 14:38 |
| f0o_ | This should be a bug right? | 14:38 |
| noonedeadpunk | f0o_: yes, I think that should be it :) | 14:44 |
| f0o_ | why do I find these things on friday afternoons? I seem to have some weird track record about this by now (: | 14:49 |
| f0o_ | but I have found something odd https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/remotefs.py#L99 | 14:50 |
| f0o_ | so nfs_mount_options is only for cinder-volume to mount the share; nas_mount_options is being loaded into the shares object | 14:51 |
| f0o_ | https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/nfs.py#L149-L150 << this shares object is what goes into the options of connections | 14:51 |
| f0o_ | (ref where nas_mount_options is loaded instead of nfs_mount_options: https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/remotefs.py#L595 ) | 14:52 |
| f0o_ | nas_mount_options also replaces nfs_mount_options if found in https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/nfs.py#L107-L115 | 14:53 |
| f0o_ | https://codesearch.opendev.org/?q=nas_mount_options << nas_mount_options has no documentation | 14:54 |
| f0o_ | but TLDR; I should use nas_mount_options and not nfs_mount_options | 14:54 |
| f0o_ | or rather safest way would be to define both nas_ and nfs_ versions. Because it does just feel like nas_ is a leftover considering the onyl reference I found is a ML entry from 2017 | 15:07 |
| f0o_ | nope that didnt do it either | 15:45 |
| noonedeadpunk | I don;t think this part responsible for mounts on compute hosts | 15:47 |
| noonedeadpunk | it's only for cinder-vo,.lume part afaik | 15:47 |
| noonedeadpunk | and indeed nas_mount_options looks kinda redundant and nfs_mount_options should be enough, imo | 15:47 |
| f0o_ | well both nas_ and nfs_ options still yield `null` in the SQL' connection_info option field | 15:59 |
| f0o_ | really hoped that would be it | 15:59 |
| f0o_ | I can always just go nuclear and set libvirt.nfs_mount_options in nova | 15:59 |
| f0o_ | but that seems... wrong... | 15:59 |
| f0o_ | https://github.com/openstack/nova/blob/4b71dab239b4f82d50297ec5bd887c207b43b7ea/nova/virt/libvirt/volume/nfs.py#L41-L50 << Something I do not udnerstand here. The libvirt check adds the -o flag for the options. The connection_info block does not. So would that even work? Which one is correct? | 16:01 |
| f0o_ | I've wrote my findings into #openstack-cinder since I found a 3rd way of defining mount options | 16:13 |
| noonedeadpunk | well, cinder does not and will not do any mounts on compute nodes, unless cinder-volume is installed there | 16:14 |
| f0o_ | right but that's what the connection_info field in volume_attachments is for right? to instruct nova on how to consume the volume | 16:14 |
| noonedeadpunk | but the possible conflict of options... | 16:14 |
| noonedeadpunk | I think current subset is kind of systemd default tbh | 16:15 |
| noonedeadpunk | um | 16:15 |
| noonedeadpunk | So nova uses it's own volume attachments table, which is stored in cell database | 16:15 |
| noonedeadpunk | And data between is passed only via api calls | 16:16 |
| f0o_ | why do you hate me? | 16:16 |
| noonedeadpunk | nova can not look for info in cinder database | 16:16 |
| f0o_ | gues I'll make a coffe and go digging into nova's attachment db | 16:16 |
| noonedeadpunk | And eventually these tables are expected to be in sync between cinder and novca | 16:16 |
| f0o_ | because I know libvirt nfs driver thingy looks for `options` field in a json in a connection_info object that looks virtually identical to the one I found in volume_attachment at cinder | 16:17 |
| noonedeadpunk | you should check connection_info inside of the block_device_mapping in the nova database | 16:18 |
| noonedeadpunk | it is likely simmilar, but not necessarily identical | 16:19 |
| f0o_ | FIrst Win: I ahve no a populated options field in cinder's volume_attachment table. My nfs_shares are now `share: "/foo/bar -o opts"` in openstack_user_config | 16:21 |
| f0o_ | now* | 16:21 |
| f0o_ | ok the same options are also in nova.block_device_mappings - they were previously null as well | 16:21 |
| f0o_ | so it seems https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/remotefs.py#L601-L604 is the correct way and nas/nfs_mount_options are bogus | 16:22 |
| f0o_ | as a bonus headscratcher I noticed that all my OS drives are RAW while all ephemeral are QCOW - https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/remotefs.py#L530 that explains it, all images are always RAW regardless of disktype | 16:28 |
| f0o_ | anyway beer o'clock; noonedeadpunk if you havent tried yet go to systembolaget and grab that "Stark Julmust". It's Julmust but with 4.5%! | 16:29 |
| noonedeadpunk | eh, well, systembolagets are like 3h flight from my place of residence :D | 16:33 |
| * noonedeadpunk resides in Croatia so far | 16:34 | |
| f0o_ | hope you got better weather than we got here right now | 16:34 |
| f0o_ | for some reason I thought you were in Sweden, huh | 16:34 |
| * noonedeadpunk had +16 outside today and had a very comfy walk in t-shirt and sun shining whole day | 16:34 | |
| f0o_ | must be nice :D | 16:35 |
| f0o_ | just shitty rain here | 16:35 |
| noonedeadpunk | I have a contract with Swedish org, so travel there from time to time:) | 16:35 |
| f0o_ | aaah | 16:35 |
| f0o_ | well next time you're around stockholm by any chance let me know and I'll pay for some beers | 16:36 |
| noonedeadpunk | ah, well, never been there (except single transfer in airport), so good reason to stop by :D | 16:40 |
| * noonedeadpunk goes and grabs some beers as well | 16:41 | |
| opendevreview | Merged openstack/openstack-ansible-os_tempest master: Fix(tempest): Register tempest_router_details to resolve undefined variable _add_router https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/970360 | 22:18 |
| opendevreview | Merged openstack/openstack-ansible-plugins master: Check for a supported Operating System - add information about AlmaLinux https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/969125 | 22:30 |
| opendevreview | Merged openstack/openstack-ansible-plugins master: Remove Create ganesha log dir https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/970703 | 22:41 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!