| opendevreview | Merged openstack/openstack-ansible-plugins master: Allow to run openstack_resources with tags https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/974202 | 10:29 |
|---|---|---|
| opendevreview | Ivan Anfimov proposed openstack/openstack-ansible-plugins stable/2025.2: Allow to run openstack_resources with tags https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/976218 | 10:31 |
| opendevreview | Ivan Anfimov proposed openstack/openstack-ansible-plugins stable/2025.1: Allow to run openstack_resources with tags https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/976219 | 10:33 |
| opendevreview | Merged openstack/openstack-ansible-os_magnum stable/2025.2: Do not remove policy.yaml file https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/974824 | 10:45 |
| opendevreview | Merged openstack/openstack-ansible-plugins master: Use Display for deprecated filter https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/975146 | 11:08 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible master: Migrate k8s cluster from osa ops into main tree https://review.opendev.org/c/openstack/openstack-ansible/+/975277 | 14:31 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-os_magnum master: Migrate capi driver installation from osa-ops https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/976261 | 14:31 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-os_magnum master: Migrate capi driver installation from osa-ops https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/976261 | 14:33 |
| opendevreview | Andrew Bonney proposed openstack/openstack-ansible-os_magnum master: Migrate capi driver installation from osa-ops https://review.opendev.org/c/openstack/openstack-ansible-os_magnum/+/976261 | 14:36 |
| noonedeadpunk | #startmeeting openstack_ansible_meeting | 15:00 |
| opendevmeet | Meeting started Tue Feb 10 15:00:18 2026 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'openstack_ansible_meeting' | 15:00 |
| noonedeadpunk | #topic rollcall | 15:00 |
| noonedeadpunk | I'm semi around today tbh | 15:00 |
| noonedeadpunk | need to sort out some personal things :( | 15:00 |
| jrosser | o/ hello | 15:05 |
| damiandabrowski | hi! | 15:05 |
| jrosser | should we talk about www_authenticate_uri | 15:07 |
| jrosser | andrewbonney: ^ did you see this | 15:08 |
| jrosser | https://review.opendev.org/q/topic:%22use-public-www-authenticate-uri%22 | 15:08 |
| andrewbonney | yes I did - how has that not come up before? | 15:08 |
| noonedeadpunk | #topic www_authenticate_uri | 15:10 |
| noonedeadpunk | I kinda failed to look into the keystoneauthtoken code yesterday | 15:10 |
| noonedeadpunk | But reading around it sounds like it make sense overall, if we do have a way to ensure that services themselves would not use it to talk to the keystone | 15:11 |
| noonedeadpunk | I think we can be adding some simple firewall rule for AIO/CI for that? | 15:11 |
| noonedeadpunk | as I bet we're missing services' defenition here and there | 15:12 |
| opendevreview | Ivan Anfimov proposed openstack/openstack-ansible-plugins stable/2025.1: wip https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/976115 | 15:15 |
| opendevreview | Ivan Anfimov proposed openstack/openstack-ansible-plugins stable/2025.1: Pin setuptools https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/976115 | 15:16 |
| opendevreview | Ivan Anfimov proposed openstack/openstack-ansible-plugins stable/2025.1: Pin setuptools https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/976115 | 15:17 |
| opendevreview | Ivan Anfimov proposed openstack/openstack-ansible-plugins stable/2025.1: Pin setuptools https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/976115 | 15:18 |
| noonedeadpunk | is there anything specific we wanna to talk regarding www_authenticate_uri ? | 15:18 |
| noonedeadpunk | during this/next week I'm having really limited availability, so in fact won't be able to pull up some testing for it | 15:18 |
| noonedeadpunk | Like most important thing to check wrt the topic, is that this doesn't make services to talk over public endpoints | 15:22 |
| noonedeadpunk | #topic gate health | 15:29 |
| noonedeadpunk | I think our gates are just broken now | 15:29 |
| noonedeadpunk | I did not check much detauls, and if that is related to setuptools, like for all other projects | 15:29 |
| noonedeadpunk | But it seems to fail on horizon deployment | 15:30 |
| noonedeadpunk | which is like... some git issue? | 15:30 |
| noonedeadpunk | #link https://zuul.opendev.org/t/openstack/build/9f446f5c7a2a459280ea4b6e138c7246/log/job-output.txt#13623 | 15:31 |
| noonedeadpunk | this needs kinda some investigation, as it seems to be consistent right now | 15:34 |
| noonedeadpunk | #topic office hours | 15:34 |
| noonedeadpunk | it would be nice to have another vote on https://review.opendev.org/c/openstack/openstack-ansible/+/976116 | 15:37 |
| noonedeadpunk | as I did not actually released previous buymnp, as this includes quite nice fixes as well | 15:37 |
| noonedeadpunk | I wonder if I should make it as X.1.0 | 15:38 |
| jrosser | sorry got distracted | 15:44 |
| jrosser | yes i was also thinking that we should forcibly blackhole the public endpoint IP from the mgmt network | 15:44 |
| noonedeadpunk | ++ ok, that makes sense then | 15:49 |
| jrosser | iirc we already have iptables stuff doing nat there so there should be an obvious place to add it | 15:55 |
| noonedeadpunk | #endmeeting | 16:00 |
| opendevmeet | Meeting ended Tue Feb 10 16:00:54 2026 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:00 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2026/openstack_ansible_meeting.2026-02-10-15.00.html | 16:00 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/openstack_ansible_meeting/2026/openstack_ansible_meeting.2026-02-10-15.00.txt | 16:00 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/openstack_ansible_meeting/2026/openstack_ansible_meeting.2026-02-10-15.00.log.html | 16:00 |
| hamburgler3 | hey hey - ran into a bit of an issue with the os neutron role - expanding an ovn cluster or perhaps even if a member needed its addresses updated - existing nodes will not get an updated db list and for example taking a cluster from 3 > 5 if a leader for nb or sb is running on the new node 4 or 5, 1,2,3 will not have the updated client list because the template to create /etc/default/ovn-central has a | 17:56 |
| hamburgler3 | when condition that prevents it from running and updating - note that this is not for raft peering but for client connections to leader - it ends up just creating a non stop cycle of 2026-02-06T18:00:04.637Z|5012324|ovsdb_cs|INFO|ssl:10.103.215.20:6641: clustered database server is not cluster leader; trying another server because they are unaware of the updated list. This under the right circumstances | 17:56 |
| hamburgler3 | where an election cycled a leader caused ovn controller/metadata agents to still be in an up state - but not an alive state - no heartbeats - though an additional note is that the hypervisor hosts were all aware of all client addresses in the list for SB connections but it was the northd cluster where original nodes had been expanded that having not been updated caused the issue - https://paste.openstac | 17:56 |
| hamburgler3 | k.org/show/boFMEi237jDeAXXx38c5/ | 17:56 |
| hamburgler3 | oops - https://paste.openstack.org/show/boFMEi237jDeAXXx38c5/ | 17:56 |
| jrosser | hamburgler3: is it just that there are too many conditions on the task? | 18:45 |
| jrosser | well or the line you highlight `_check_cluster_db.rc != 0` is just not needed at all | 18:46 |
| hamburgler2 | jrosser: I think it's the when condition - though I do understand that it would also make the task/template not fully idempotent in that the current leader could change on part of the template above it - and there is a set fact check to see who the leader is at run time - I don't think that is a big issue but seeing the template change for users without knowing context (even if it wasnt the ip list | 18:54 |
| hamburgler2 | being updated) could cause concern but I don't really think that should matter in terms of cluster stability | 18:54 |
| hamburgler2 | https://paste.openstack.org/show/bar4BmJYhHd07gNekmpK/ | 18:55 |
| hamburgler2 | added comments to the other part that would change if the when condition is removed | 18:56 |
| hamburgler2 | i dont think that should be an issue though | 18:56 |
| hamburgler2 | the second ansible task in my first pb snippet runs after the cluster is already up and running so should not be problematic | 18:57 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!