| opendevreview | OpenStack Proposal Bot proposed openstack/project-config master: Normalize projects.yaml https://review.opendev.org/c/openstack/project-config/+/892257 | 02:39 |
|---|---|---|
| opendevreview | Merged openstack/openstack-zuul-jobs master: Remove ocata branch filters https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/825353 | 05:11 |
| opendevreview | Merged openstack/project-config master: Normalize projects.yaml https://review.opendev.org/c/openstack/project-config/+/892257 | 05:14 |
| dpawlik2 | fungi, clarkb: hey, did you change something related to the afs mirror/kerberos auth etc. recently? | 10:46 |
| dpawlik2 | fungi: I got some troubles to connect to openstack afs mirror via openafs client and it seems that it missing the kerberos token | 12:17 |
| dpawlik2 | according to the doc: https://docs.opendev.org/opendev/system-config/latest/afs.html#client-configuration | 12:17 |
| dpawlik2 | it says that there is some $USERNAME | 12:18 |
| dpawlik2 | but when I try to run the kinit $USERNAME@OPENSTACK.ORG it just write "not found in Kerberos database while getting initial credentials" | 12:20 |
| frickler | dpawlik2: I'm not aware of any changes, iiuc only infra-roots have kerberos accounts | 12:26 |
| frickler | most read-only ops also should work without auth, as mentioned in that doc | 12:27 |
| dpawlik2 | ack | 12:30 |
| fungi | dpawlik2: just install an afs client (openafs, kafs...) and go to /afs/openstack.org/ in your filesystem tree. it should simply work | 12:37 |
| fungi | those read-only volumes are accessible publicly/anonymously | 12:38 |
| fungi | you don't need to configure kerberos at all | 12:38 |
| fungi | that client configuration document you found is for our systems administrators, explaining how to configure authenticated write access to the tree | 12:39 |
| fungi | i suppose we can clarify that in the document | 12:40 |
| frickler | ah, I guess I misread dpawlik2's question as "it fails now, but worked earlier, what did you change?" | 12:43 |
| fungi | oh, that's how i read it, but i suspect whatever changed was on the client side | 12:44 |
| fungi | and then additional steps were tried based on a misunderstanding of the requirements | 12:44 |
| dpawlik2 | that's the issue. Even on clean host, I'm not able to open "/afs/openstack.org/ " | 12:47 |
| dpawlik2 | and wondering if you have some part of afs mirror located in Vexxhost or somewhere else | 12:47 |
| fungi | it's working for me with openafs-client 1.8.10-1 on debian/sid | 12:48 |
| dpawlik2 | hmm, I have openafs-client-1.8.9-1.el7.x86_64 | 12:48 |
| dpawlik2 | I will do local VM deployment to verify that | 12:49 |
| fungi | it's also working from a random mirror server i jumped onto, which is using our 1.8.8.1-2~ppa0~focal backport on ubuntu jammy (i wonder why) | 12:49 |
| fungi | dpawlik2: all of the afs servers are in rackspace (mostly in the dfw region) | 12:50 |
| fungi | also keep in mind that afs uses udp over ipv4, so make sure your firewalls/routing aren't blocking it for some reason i guess | 12:51 |
| dpawlik2 | aha, good point | 12:52 |
| dpawlik2 | very very good hint | 12:52 |
| fungi | okay, https://meetings.opendev.org/irclogs/%23opendev/%23opendev.2023-06-05.log.html explains why we're using a forward port of openafs 1.8.8 from focal on jammy servers | 12:54 |
| fungi | never mind, i misread, the mirror i was looking at actually is running focal | 12:59 |
| fungi | we're using jammy's normal 1.8.8.1-3ubuntu2~22.04.2 builds on the zuul executors | 13:00 |
| fungi | dpawlik: ^ so looks like at least openafs 1.8.8 or later should work fine, modulo any bugs | 13:01 |
| *** d34dh0r5- is now known as d34dh0r53 | 13:09 | |
| clarkb | fungi: we did/do have a jammy packge in our ppa but what we backported from debian I think? Is slightly older than what jammy ships for itself so apt chooses the normal distro package on jammy | 14:53 |
| fungi | yeah, we ended up not using it, i think i deleted it after we identified the problem was on the zuul/python side of things | 14:58 |
| opendevreview | James E. Blair proposed openstack/project-config master: Switch opendev tenant to Ansible 8 https://review.opendev.org/c/openstack/project-config/+/892405 | 19:51 |
| opendevreview | Merged openstack/project-config master: Switch opendev tenant to Ansible 8 https://review.opendev.org/c/openstack/project-config/+/892405 | 20:14 |
| *** timburke_ is now known as timburke | 21:28 | |
| mnaser | following up to the messages above | 23:37 |
| mnaser | i'm in the box that doesnt seem to be able to list /afs/openstack.org and it doesnt seem to work. i can see udp traffic making its way all the way out to the afs server | 23:37 |
| mnaser | im seeing this kind of traffic: `23:38:12.094290 IP 38.102.83.237.7001 > 104.130.138.161.7000: rx version (29)` and seeing responses too `23:38:13.051578 IP 104.130.138.161.7000 > 38.102.83.237.7001: rx ack first 2 serial 0 reason ping (65)` | 23:38 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!