Monday, 2020-09-14

« Sunday, 2020-09-13 Index Tuesday, 2020-09-15 »
openstackgerritSophie Huang proposed openstack/openstack-helm-infra master: [WIP] Add support for Cinder external ceph backend  https://review.opendev.org/75162401:24
openstackgerritSophie Huang proposed openstack/openstack-helm master: [WIP] Add support for Cinder external ceph backend  https://review.opendev.org/75162501:39
*** yingjisun has joined #openstack-helm02:11
*** evrardjp has quit IRC04:33
*** evrardjp has joined #openstack-helm04:33
*** yingjisun has quit IRC04:40
*** yingjisun has joined #openstack-helm05:47
*** dasp has quit IRC05:48
*** yingjisun has quit IRC10:06
mnaseris there a way to handle release differences inside loci?  building the libvirt image i'm noticing that bionic and xenial have different images12:56
mnasers/images/package names/12:57
mnaserso the bindep.txt that works for one doesnt work for another12:57
openstackgerritSophie Huang proposed openstack/openstack-helm master: [WIP] Configuration for external ceph backend  https://review.opendev.org/75052013:05
*** irclogbot_0 has quit IRC13:19
*** irclogbot_3 has joined #openstack-helm13:25
*** mnaser has quit IRC13:32
*** mnaser has joined #openstack-helm13:32
*** mnaser has quit IRC13:32
*** mnaser has joined #openstack-helm13:32
*** mfixtex has joined #openstack-helm13:47
*** mfixtex has quit IRC13:47
openstackgerritGage Hugo proposed openstack/openstack-helm master: [WIP] Test multinode gating  https://review.opendev.org/75181614:11
*** lamt has joined #openstack-helm14:16
*** mfixtex has joined #openstack-helm14:18
*** mfixtex has quit IRC14:45
openstackgerritMerged openstack/openstack-helm-infra master: [update] Node problem detector path for conntrack  https://review.opendev.org/75106414:51
*** ianychoi has joined #openstack-helm15:24
openstackgerritPrateek Dodda proposed openstack/openstack-helm master: [WIP] Add missing security context to Placement pods/containers  https://review.opendev.org/75184616:01
*** dasp has joined #openstack-helm16:46
openstackgerritPrateek Dodda proposed openstack/openstack-helm master: Implement missing security context for placement container  https://review.opendev.org/75184616:55
*** dasp has quit IRC16:58
*** dasp has joined #openstack-helm17:00
openstackgerritPrateek Dodda proposed openstack/openstack-helm master: Implement missing security context for placement container  https://review.opendev.org/75184617:12
openstackgerritMerged openstack/openstack-helm-images master: Hide the password in nagios error message  https://review.opendev.org/74828017:29
openstackgerritPrateek Dodda proposed openstack/openstack-helm master: Implement missing security context for placement container  https://review.opendev.org/75184617:51
openstackgerritPrateek Dodda proposed openstack/openstack-helm master: Implement missing security context for placement container  https://review.opendev.org/75184618:03
openstackgerritStephen Taylor proposed openstack/openstack-helm-infra master: [ceph-osd] Don't set CEPH_LVM_PREPARE to 0 for colocated db/wal  https://review.opendev.org/75141018:06
openstackgerritDmitrii Kabanov proposed openstack/openstack-helm-infra master: [WIP] Add Ceph CSI plugin  https://review.opendev.org/75084418:13
openstackgerritDmitrii Kabanov proposed openstack/openstack-helm-infra master: [WIP] Add Ceph CSI plugin  https://review.opendev.org/75084418:23
openstackgerritMerged openstack/openstack-helm master: Add force cron jobs test run  https://review.opendev.org/75103518:24
openstackgerritChi Lo proposed openstack/openstack-helm-addons master: WIP - Create region retries when Ranger server not available  https://review.opendev.org/75130919:03
mnaserhas anyone seen an issue where log lines are duplicated?19:25
mnaseri can confirm it even by seeing /var/log/containers/...19:26
portdirectsrwilkers: ^19:26
mnaseralso https://review.opendev.org/#/c/751556/ is a small and simple osh fix19:27
mnaserhttps://review.opendev.org/#/c/751582/ is a loci patch that helps us when we already have a pypi wheel or trying to use an external one (we cheated, we use opendev's with that patch to speed up requirements image build)19:27
mnaserfor https://review.opendev.org/#/c/751580/ -- i'm wondering if there was ever an established pattern for images where one OS release doesn't match another in bindep (libvirt package underwent changes from xenial to bionic..)19:28
mnaserportdirect: would you remember why 2.5 years sago you decided to change listen_addr to 127.0.0.1 from 0.0.0.0 in the libvirt chart? :) https://github.com/openstack/openstack-helm/commit/3f8895b2b7cb96b5690a06aad97f5893ebd113c0#diff-be7832f8cbd1813f5776285e8ce8cba6R4719:36
mnaserbecause of that change, live migrations stop working (but it's also a more secure setup too)19:37
portdirectyes - to avoid having to set up auth for it ;)19:37
mnaserportdirect: so you don't do live migrations or use tunneled live migrations then?19:37
portdirectspeaking in a work capacity - no19:38
mnaseri've been trying to avoid having to play with setting up libvirt tls19:38
mnaserbut i think this might be the nail that forces me to do it :)19:38
portdirectyeah - things are a lot better now than they were19:39
mnaseri wonder if cert-manager might be the thing to use for this trick, or ill have to look into osh's existing infra19:39
portdirectnot that osh uses cert-manager to look after certs this should be a lot simpler today than it would have been a couple of years ago19:39
mnaseras a stop gap, maybe tunneled could be the solution19:39
portdirectwe had ssh tunnels with a single pre-shared key as a poc, but id go the tls route if looking to do this properly19:40
mnaseri mean given that for cold migration we already setup ssh (i haven't played with that), we could just leverage that for that. i'm unsure at how libvirt works in tls world right now19:40
mnasersorry, i mean osh in tls world.  i see some lines about "certificates" but yeah.19:41
portdirectlamt & gagehugo would be the best to help there19:41
srwilkersLol portdirect - why you pinging me?20:01
portdirectoh, just its not only me wondering about double logging from container std out ;)20:02
portdirectyou got any advice for mnaser ?20:02
mnaseryeah i tried to observe if there was anything causing it and the only thing that was coming to me was perhaps the fact we do an exec20:03
srwilkersazure logging is great20:03
srwilkersThere, /advice20:03
mnaserand so exec prints stdout but also the service itself prints to stdout?20:03
srwilkersJokes aside, I’ve seen it occasionally but never quite found out the root cause20:04
portdirectmnaser: i supect thats the wrong tree20:04
portdirectquite a lot of stuff is done in here for example: https://github.com/openstack/openstack-helm/blob/master/heat/values.yaml#L503-L56220:05
portdirectfor a time, i know things were writing both to stderr and stdout...20:05
mnaserportdirect: i was just looking there actually20:05
mnaserin nova, loggers/keys=root,nova,os.brick20:05
mnaserlogger_root handles level WARNING to stdout, logger_nova handles level INFO to stdout too20:06
mnaserWARNING is not repeated but INFO is20:07
mnaserINFO is not*20:08
mnaserhttps://github.com/openstack/nova/blob/master/etc/nova/logging_sample.conf20:09
mnaserin nova upstream, handlers = null for logger_root20:09
mnaserwhich i am going to guess is there to stop the double logs..20:09
srwilkersmegheisler / stevthedev20:09
srwilkerscan you guys chime in there? you're a little closer to all this than i am at this point20:09
srwilkersmnaser is a cool guy - he dont bite20:09
mnaserso i think maybe its a matter of syncing up the logging config to the nova defaults and we can all have half our log storage space back :)20:10
srwilkersjust use the mangodb logging driver and you gucci20:11
mnasersrwilkers: web scale :)20:11
srwilkers:D20:11
mnaserOpen10K8S: can you see discussion above and push up a patch to openstack-helm charts to update the values for logging to match the ones upstream? (e.g the ones for nova above?)20:11
srwilkersi'll +1 the hell out of it20:12
srwilkersthat's all i can do anymore20:12
Open10K8Smnaser: ok20:17
* mnaser hmms out loud20:19
mnaserhttps://github.com/openstack/openstack-helm/blob/master/nova/templates/bin/_ssh-start.sh.tpl20:19
mnaserfirst i removed readonlyfilesystem which should have fixed things but now the issue is20:19
mnaseri (assume) the container runs as 42424 which cannot run ssh-keygen /etc/ssh/...20:20
mnaserseeing "Saving key "/etc/ssh/ssh_host_rsa_key" failed: Permission denied"20:20
mnaseri wonder if this should be `runAsUser: 0`20:20
portdirectmnaser: honestly i dont think that code has been tested in >18 months, and is not gated...20:20
mnaserportdirect: oh yeah, i'm well aware :P20:20
mnaseri'm just wondering what's the best osh-y fix that can be implemented20:21
mnaseras i slowly pick up those patterns20:21
srwilkersjust throw up a change and we can discuss it in code review - probably the best way to do it20:22
srwilkersterms like "best osh-y fix" are pretty loaded20:22
mnaser:) fair enough20:22
openstackgerritOleksandr Kozachenko proposed openstack/openstack-helm master: Sync logging values with upstream repos  https://review.opendev.org/75189620:37
Open10K8Smnaser: made a PS20:38
openstackgerritMerged openstack/openstack-helm-infra master: [ceph-osd] Don't set CEPH_LVM_PREPARE to 0 for colocated db/wal  https://review.opendev.org/75141020:44
openstackgerritChi Lo proposed openstack/openstack-helm-addons master: WIP - Create region retries when Ranger server not available  https://review.opendev.org/75130920:52
mnaserOpen10K8S: i guess now we can wait for CI and see if it's happy with it doing double logs20:54
openstackgerritDmitrii Kabanov proposed openstack/openstack-helm-infra master: [WIP] Add Ceph CSI plugin  https://review.opendev.org/75084421:01
Open10K8Smnaser: ok21:10
openstackgerritRahul Khiyani proposed openstack/openstack-helm-infra master: Ingress: Configure ingress dhparam secret  https://review.opendev.org/75190221:18
openstackgerritMerged openstack/openstack-helm-infra master: [ceph-client] Update queries in wait_for_pgs function  https://review.opendev.org/75108421:24
openstackgerritRahul Khiyani proposed openstack/openstack-helm-infra master: [WIP]Ingress: Configure ingress dhparam secret  https://review.opendev.org/75190221:38
openstackgerritRahul Khiyani proposed openstack/openstack-helm-infra master: [WIP]Ingress: Configure ingress dhparam secret  https://review.opendev.org/75190221:49
openstackgerritChi Lo proposed openstack/openstack-helm-addons master: WIP - Create region retries when Ranger server not available  https://review.opendev.org/75130921:57
openstackgerritMerged openstack/openstack-helm master: neutron: fix default value for tungsten fabric  https://review.opendev.org/75155622:06
openstackgerritMerged openstack/openstack-helm master: Do not pass extra config files to neutron agents  https://review.opendev.org/73943022:06
megheislersorry mnaser missed this earlier, I've occasionally seen doubles as well but hadn't figured out the common thread to track down the cause.22:12
mnasermegheisler: see https://review.opendev.org/751896 :) i think that might be it22:13
megheislergreat! I'll check it out22:14
openstackgerritRahul Khiyani proposed openstack/openstack-helm-infra master: [WIP]Ingress: Configure ingress dhparam secret  https://review.opendev.org/75190222:20
*** portdirect has quit IRC23:13
*** portdirect has joined #openstack-helm23:13
*** ChanServ sets mode: +o portdirect23:13
openstackgerritDmitrii Kabanov proposed openstack/openstack-helm-infra master: [WIP] Add Ceph CSI plugin  https://review.opendev.org/75084423:41
openstackgerritDmitrii Kabanov proposed openstack/openstack-helm-infra master: [WIP] Add Ceph CSI plugin  https://review.opendev.org/75084423:41
*** yingjisun has joined #openstack-helm23:47
« Sunday, 2020-09-13 Index Tuesday, 2020-09-15 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!