| *** stingrayza has joined #openstack-kolla | 00:22 | |
| *** also_stingrayza has quit IRC | 00:23 | |
| *** hongbin has quit IRC | 00:29 | |
| *** threestrands has joined #openstack-kolla | 00:43 | |
| *** hongbin has joined #openstack-kolla | 00:43 | |
| *** born2bake has quit IRC | 00:58 | |
| *** wuchunyang has joined #openstack-kolla | 01:05 | |
| *** e0ne has joined #openstack-kolla | 01:10 | |
| *** e0ne has quit IRC | 01:16 | |
| *** srinn has joined #openstack-kolla | 01:33 | |
| *** srin has quit IRC | 01:35 | |
| *** e0ne has joined #openstack-kolla | 01:51 | |
| *** e0ne has quit IRC | 01:56 | |
| *** srinn has quit IRC | 02:01 | |
| *** wuchunyang has quit IRC | 02:04 | |
| *** ricolin has joined #openstack-kolla | 02:06 | |
| *** srin has joined #openstack-kolla | 02:08 | |
| *** e0ne has joined #openstack-kolla | 02:12 | |
| *** srinn has joined #openstack-kolla | 02:16 | |
| *** e0ne has quit IRC | 02:16 | |
| *** srin has quit IRC | 02:17 | |
| *** wuchunyang has joined #openstack-kolla | 02:22 | |
| *** srin has joined #openstack-kolla | 02:31 | |
| *** srinn has quit IRC | 02:31 | |
| *** JangwonLee__ has joined #openstack-kolla | 02:41 | |
| *** JangwonLee_ has quit IRC | 02:45 | |
| *** wuchunyang has quit IRC | 03:04 | |
| *** wuchunyang has joined #openstack-kolla | 03:05 | |
| *** EmilienM is now known as EmilienM|off | 03:16 | |
| *** srinn has joined #openstack-kolla | 03:39 | |
| *** srin has quit IRC | 03:41 | |
| *** srin has joined #openstack-kolla | 03:42 | |
| *** cah_link has joined #openstack-kolla | 03:43 | |
| *** srin_ has joined #openstack-kolla | 03:44 | |
| *** srinn has quit IRC | 03:44 | |
| *** srin has quit IRC | 03:47 | |
| *** ykarel|away is now known as ykarel | 03:58 | |
| *** srin has joined #openstack-kolla | 04:01 | |
| *** wuchunyang has quit IRC | 04:02 | |
| *** srin_ has quit IRC | 04:03 | |
| *** srinn has joined #openstack-kolla | 04:09 | |
| *** srin_ has joined #openstack-kolla | 04:11 | |
| *** srin has quit IRC | 04:12 | |
| *** srinn has quit IRC | 04:14 | |
| *** nathharp has joined #openstack-kolla | 04:25 | |
| *** nathharp has quit IRC | 04:30 | |
| *** skramaja has joined #openstack-kolla | 04:31 | |
| *** evrardjp has quit IRC | 04:33 | |
| *** evrardjp has joined #openstack-kolla | 04:33 | |
| *** wuchunyang has joined #openstack-kolla | 04:40 | |
| *** JangwonLee_ has joined #openstack-kolla | 04:47 | |
| *** wuchunyang has quit IRC | 04:50 | |
| *** JangwonLee__ has quit IRC | 04:50 | |
| *** hongbin has quit IRC | 04:53 | |
| openstackgerrit | jacky06 proposed openstack/kolla-cli master: Cleanup py27 support https://review.opendev.org/720754 | 05:20 |
|---|---|---|
| *** seco has joined #openstack-kolla | 05:20 | |
| *** seco has quit IRC | 05:25 | |
| *** seco has joined #openstack-kolla | 05:30 | |
| openstackgerrit | Merged openstack/kolla-cli master: Cleanup py27 support https://review.opendev.org/720754 | 05:44 |
| *** srinn has joined #openstack-kolla | 05:50 | |
| *** srin_ has quit IRC | 05:53 | |
| *** ricolin has quit IRC | 06:08 | |
| *** ricolin has joined #openstack-kolla | 06:17 | |
| *** ricolin_ has joined #openstack-kolla | 06:18 | |
| *** ricolin_ has quit IRC | 06:18 | |
| openstackgerrit | Radosław Piliszek proposed openstack/kolla-ansible stable/train: CI: Discern between Ironic client and grep failure https://review.opendev.org/728748 | 06:20 |
| openstackgerrit | Radosław Piliszek proposed openstack/kolla-ansible stable/stein: CI: Discern between Ironic client and grep failure https://review.opendev.org/728749 | 06:21 |
| *** skramaja has quit IRC | 06:24 | |
| *** skramaja has joined #openstack-kolla | 06:24 | |
| *** wuchunyang has joined #openstack-kolla | 06:28 | |
| *** abdysn has joined #openstack-kolla | 06:33 | |
| *** dciabrin has joined #openstack-kolla | 06:34 | |
| *** muhaha has joined #openstack-kolla | 06:37 | |
| yoctozepto | morning | 06:44 |
| yoctozepto | mnasiadka: Eric's asking about our ceph migration guide - is there one? | 06:44 |
| *** cah_link has quit IRC | 06:44 | |
| yoctozepto | mnasiadka: "[kolla] Ceph transition plan" | 06:44 |
| mnasiadka | yoctozepto: no, we planned to do one it seems, but never did | 06:45 |
| *** hrw has quit IRC | 06:46 | |
| *** cah_link has joined #openstack-kolla | 06:47 | |
| *** srin_ has joined #openstack-kolla | 06:47 | |
| *** cah_link has quit IRC | 06:48 | |
| *** srinn has quit IRC | 06:50 | |
| *** hrw has joined #openstack-kolla | 06:51 | |
| *** srin has joined #openstack-kolla | 07:04 | |
| *** srin_ has quit IRC | 07:04 | |
| *** gkadam has joined #openstack-kolla | 07:04 | |
| *** gkadam has quit IRC | 07:05 | |
| *** dougsz has joined #openstack-kolla | 07:08 | |
| openstackgerrit | XiaojueGuan proposed openstack/kolla-ansible master: Fix some error of j2 syntax https://review.opendev.org/728756 | 07:18 |
| mgoddard | morning | 07:20 |
| muhaha | guys ? iknow that this is kolla channel (helm channel is almost empty..), but what is status of openstack-helm ? there are a lot of charts/components missing , is it some PoC, or ? | 07:20 |
| *** srinn has joined #openstack-kolla | 07:21 | |
| *** born2bake has joined #openstack-kolla | 07:23 | |
| *** srin has quit IRC | 07:24 | |
| mgoddard | muhaha: helm has been around for a few years now, I'd expect it to be fairly mature but not as mature as kolla. I would ask in their channel though | 07:25 |
| muhaha | helm support is really bad.. , there are a lot of broken things and if you will look at https://github.com/openstack/openstack-helm , there like half components of openstack that kolla can provide | 07:26 |
| *** evrardjp has quit IRC | 07:28 | |
| *** rpittau|afk is now known as rpittau | 07:29 | |
| muhaha | mgoddard is openstack-ansible and kolla setup swarm for you, or are these nodes just a plain dockerd hosts ? | 07:29 |
| mgoddard | muhaha: openstack-ansible is a different project. kolla-ansible uses plain docker hosts | 07:30 |
| *** evrardjp has joined #openstack-kolla | 07:30 | |
| muhaha | yes , thanks, sometimes naming is really confusing ;x | 07:30 |
| muhaha | and is there any reverese proxy with tls ( acme + dns challenge support ) or should I deploy it on my own ? I noticed that it exposes http:// by default | 07:31 |
| mgoddard | muhaha: you can enable tls on the external network. From train release you can also expose the internal API via TLS | 07:32 |
| muhaha | does it handle letsencrypt with dns challenge ? | 07:33 |
| mgoddard | muhaha: not explicitly | 07:33 |
| muhaha | is it documented somewhere ? | 07:42 |
| muhaha | I did not find anything .. | 07:43 |
| muhaha | I want to get signed certs for internal services via cloudflare ( i am owning domain ) | 07:44 |
| *** kevko_ has quit IRC | 07:49 | |
| *** kevko has joined #openstack-kolla | 07:50 | |
| *** srin_ has joined #openstack-kolla | 07:51 | |
| *** srinn has quit IRC | 07:55 | |
| *** gfidente has joined #openstack-kolla | 08:04 | |
| mgoddard | muhaha: we don't document it | 08:09 |
| mgoddard | muhaha: if you find a process that works, you could propose some documentation | 08:09 |
| *** lvdombrkr has joined #openstack-kolla | 08:12 | |
| *** e0ne has joined #openstack-kolla | 08:13 | |
| lvdombrkr | morning guys. someone have tested train + centos8 + linuxbridge? | 08:13 |
| *** threestrands has quit IRC | 08:13 | |
| mnasiadka | morning | 08:16 |
| mnasiadka | lvdombrkr: it won't work | 08:16 |
| lvdombrkr | mnasiadka: you tested? | 08:18 |
| lvdombrkr | mnasiadka: and morning ) | 08:19 |
| *** nathharp has joined #openstack-kolla | 08:19 | |
| mnasiadka | lvdombrkr: there are some bits missing on CentOS 8 for linuxbridge, we tried to test that in CI :) | 08:20 |
| *** nathharp has quit IRC | 08:21 | |
| mnasiadka | lvdombrkr: https://bugs.launchpad.net/neutron/+bug/1863909 | 08:21 |
| openstack | Launchpad bug 1863909 in neutron "linuxbridge-agent on centos8 throws Exit code: 255; Stdin: ; Stdout: ; Stderr: Unknown argument: '--among-src'." [Undecided,Invalid] | 08:21 |
| mnasiadka | lvdombrkr: https://bugzilla.redhat.com/show_bug.cgi?id=1720637 | 08:22 |
| openstack | bugzilla.redhat.com bug 1720637 in nftables "Ebtables don't have support for the among match" [Medium,Closed: duplicate] - Assigned to psutter | 08:22 |
| mnasiadka | lvdombrkr: the comment here states it might be better in 8.3 | 08:22 |
| lvdombrkr | mnasiadka: i meet excactly this issue.. thanks in quick assist | 08:23 |
| hrw | morning | 08:25 |
| lvdombrkr | mnasiadka: and for ubuntu 20.04 will be the same error? | 08:26 |
| mnasiadka | lvdombrkr: I don't think we support ubuntu 20.04 :) | 08:26 |
| hrw | cause we do not | 08:27 |
| lvdombrkr | mnasiadka : sorry i mean ubuntu 18.04 | 08:28 |
| yoctozepto | ubuntu 18.04 supports linux bridge | 08:29 |
| lvdombrkr | yoctozepto: can i leave host machine as centos8 but pull openstack ubuntu 18.04 docker images ? | 08:31 |
| yoctozepto | mgoddard: https://bugs.launchpad.net/kolla-ansible/+bug/1878328/comments/8 - I am pretty sure you wanted to say we are an open source project :D | 08:32 |
| openstack | Launchpad bug 1878328 in kolla-ansible train "Rocky prechecks - template error while templating string: no filter named 'search'" [Medium,New] | 08:32 |
| yoctozepto | lvdombrkr: that's very not recommended :-) | 08:32 |
| mgoddard | yoctozepto: lol | 08:33 |
| yoctozepto | the answer is you can but it opens pandora boxes | 08:33 |
| *** nathharp has joined #openstack-kolla | 08:33 | |
| *** adeberg has quit IRC | 08:33 | |
| *** mchlumsky has quit IRC | 08:33 | |
| *** wuchunyang has quit IRC | 08:35 | |
| lvdombrkr | yoctozepto: ok. is there any known issues with train + ubuntu 18.04 + linuxbridges? its well tested. i mean | 08:36 |
| *** adeberg has joined #openstack-kolla | 08:37 | |
| *** mchlumsky has joined #openstack-kolla | 08:37 | |
| openstackgerrit | Mark Goddard proposed openstack/kolla-ansible stable/train: Document and test maximum supported version of Ansible https://review.opendev.org/728783 | 08:37 |
| lvdombrkr | as i undertood centos its tested more then ubuntu | 08:38 |
| muhaha | @mgoddard usually i am using traefik as reverse proxy ( it has acme support ), for k8s iam using cert-manager and traefik | 08:39 |
| muhaha | mgoddard what reverse proxy is involved in kolla instalation , nginx ? | 08:39 |
| rockey | mnasiadka: there shouldn't be any issues running ubuntu focal as base os tho? | 08:39 |
| mgoddard | muhaha: haproxy | 08:40 |
| muhaha | is it tcp proxy, or http ? | 08:40 |
| mgoddard | http | 08:40 |
| hrw | rockey: it was not tested | 08:43 |
| hrw | rockey: we may switch to focal during v-cycle. | 08:44 |
| yoctozepto | lvdombrkr: yeah, we have ci running ubuntu 18.04 with linuxbridge | 08:44 |
| openstackgerrit | Mark Goddard proposed openstack/kolla-ansible stable/train: multipath requires udev-rules in host https://review.opendev.org/728787 | 08:44 |
| yoctozepto | lvdombrkr: do note majority thinks ovs is the way forward, i.e. networking in the userspace in general, so make sure you really want/need linuxbridge ;-) | 08:45 |
| openstackgerrit | Mark Goddard proposed openstack/kolla-ansible stable/stein: multipath requires udev-rules in host https://review.opendev.org/728788 | 08:45 |
| yoctozepto | lvdombrkr: as for centos testing, it just stems from the fact that majority of most active cores do mostly deploys on centos | 08:45 |
| openstackgerrit | Mark Goddard proposed openstack/kolla-ansible stable/train: Configure RabbitMQ user tags in nova-cell role https://review.opendev.org/724324 | 08:46 |
| yoctozepto | lvdombrkr: but we don't discriminate in CI | 08:46 |
| *** nathharp has quit IRC | 08:46 | |
| yoctozepto | lvdombrkr: yet we obviously can't test linuxbridge when it's known to not work by upstream decisions :-) | 08:46 |
| yoctozepto | lvdombrkr: (I mean in centos8 that is) | 08:46 |
| rockey | hrw: understandable, focusing on release has higher priority than target system upgrades :) | 08:47 |
| hrw | rockey: no UCA, no upgrade | 08:48 |
| lvdombrkr | yoctozepto: yes i see. now its clear. thanks! | 08:48 |
| openstackgerrit | Mark Goddard proposed openstack/kolla-ansible stable/train: Improve fernet_token_expiry precheck https://review.opendev.org/728790 | 08:48 |
| muhaha | mgoddard: well there is also lego ( go binary ) or acme.sh ( bash) for issuing certificates ( you can setup sytstem.timer for reissuing ), but traefik, envoy, caddy ( most modern proxies ) have integrated acme support... is there any particular reason why are you using haproxy? of course its C vs golang, its faster.. | 08:48 |
| rockey | hrw: as far as i know tho, there "shouldn't be any breaking changes", with a huge emphasize on "shouldn't" | 08:48 |
| openstackgerrit | Mark Goddard proposed openstack/kolla-ansible stable/stein: Improve fernet_token_expiry precheck https://review.opendev.org/728791 | 08:48 |
| rockey | famous last words etc | 08:48 |
| hrw | rockey: I prefer to not comment ubuntu. | 08:49 |
| mgoddard | muhaha: I think the other proxies you mentioned didn't exist when kolla-ansible started :) | 08:49 |
| hrw | rockey: I was hired by Canonical for 3 years. | 08:49 |
| hrw | rockey: and now I work at Red Hat for 6.5y | 08:49 |
| rockey | check :) | 08:50 |
| muhaha | mgoddard how are you handling loadblancers for multinode setup ? with haproxy+keepalived ? | 08:50 |
| muhaha | maybe with consul backend? | 08:51 |
| muhaha | * consul based dns discovery | 08:51 |
| mgoddard | muhaha: keepalived manages a VIP via VRRP | 08:51 |
| *** nathharp has joined #openstack-kolla | 08:51 | |
| rockey | hrw: just curious, because thinking about upgrading a customer cluster shortly, which is based on ubuntu | 08:51 |
| hrw | rockey: wait for 20.04.2 | 08:51 |
| muhaha | mgoddard and backends are hardcoded or discovered ? | 08:51 |
| mgoddard | muhaha: hardcoded | 08:52 |
| mgoddard | muhaha: if you're expecting cloud-native, we're not really that :) | 08:52 |
| mgoddard | we build the cloud | 08:52 |
| hrw | rockey: xx.04 is 'uf, we managed to release' xx.04.1 is 'uf, lts to lts finally work', xx.04.2 is 'uf, we think that those bugs found by users are fixed' | 08:52 |
| mgoddard | others can be native in it | 08:52 |
| hrw | rockey: with pile of sarcasm on top | 08:53 |
| rockey | hrw: it's a dev cluster, so don't mind running it even right now, but i get your point | 08:53 |
| rockey | and yes, i would agree with that .X release cycle | 08:53 |
| muhaha | mgoddard hm, usually it works on premise ( with discovery) like layer4 tcp/vip ( haproxy + keepalived + consul backend ) + layer7 http ( traefik + consul backend ), then you can do ssl offloading with traefik ( with acme support ) | 08:54 |
| muhaha | and its prettly like cloud native | 08:54 |
| *** ykarel is now known as ykarel|lunch | 08:54 | |
| *** nathharp has quit IRC | 08:56 | |
| *** wuchunyang has joined #openstack-kolla | 08:57 | |
| *** nathharp has joined #openstack-kolla | 08:58 | |
| mgoddard | hrw: arm looks broken (sounds painful) | 09:01 |
| hrw | mgoddard: yeah, noticed yesterday. will look later | 09:03 |
| *** k_mouza has joined #openstack-kolla | 09:03 | |
| hrw | INFO:kolla.common.utils.openstack-base:ERROR: No matching distribution found for protobuf===3.12.0 (from -c /requirements/upper-constraints.txt (line 353)) | 09:04 |
| hrw | fucking morons. | 09:05 |
| hrw | did not uploaded source tarball | 09:05 |
| hrw | https://github.com/protocolbuffers/protobuf/issues/7520 | 09:06 |
| *** greuceanu has joined #openstack-kolla | 09:11 | |
| *** greuceanu has left #openstack-kolla | 09:11 | |
| *** Manheim has joined #openstack-kolla | 09:11 | |
| yoctozepto | hrw: lolz when google forgets such things | 09:12 |
| openstackgerrit | LEDUC Florian proposed openstack/kolla-ansible master: Deploy mariaDB Galera arbitrator https://review.opendev.org/728796 | 09:12 |
| *** vishalmanchanda has joined #openstack-kolla | 09:13 | |
| yoctozepto | mnasiadka: https://review.opendev.org/#/c/728756/1 looks like ansible-lint does not lint j2 templates | 09:15 |
| patchbot | patch 728756 - kolla-ansible - Fix some error of j2 syntax - 1 patch set | 09:15 |
| hrw | 11:15 < openstackgerrit> Marcin Juszkiewicz proposed openstack/requirements master: CI: add requirements-tox-py3x-check-uc jobs on AArch64 https://review.opendev.org/728798 | 09:16 |
| patchbot | patch 728798 - requirements - CI: add requirements-tox-py3x-check-uc jobs on AAr... - 1 patch set | 09:16 |
| mnasiadka | yoctozepto: yeah - https://github.com/ansible/ansible-lint/issues/441 | 09:16 |
| yoctozepto | mnasiadka: do we want to includes this too? sounds like some nice static coverage tests for things we don't try to deploy as it will catch both syntax and style errors | 09:17 |
| yoctozepto | oh, I actually already subscribed to that issue | 09:18 |
| mnasiadka | yoctozepto: would make sense | 09:18 |
| yoctozepto | mnasiadka: correcting myself - syntax errors, seems tripleo does not try to check style there | 09:19 |
| hrw | 11:20 < openstackgerrit> Marcin Juszkiewicz proposed openstack/requirements master: downgrade protobuf to version available on all architectures https://review.opendev.org/728800 | 09:20 |
| patchbot | patch 728800 - requirements - downgrade protobuf to version available on all arc... - 1 patch set | 09:20 |
| hrw | this patch will unbreak aarch64 | 09:20 |
| hrw | or google will be faster with source upload | 09:20 |
| *** klindgren_ has quit IRC | 09:21 | |
| *** klindgren has joined #openstack-kolla | 09:21 | |
| *** jbadiapa has joined #openstack-kolla | 09:21 | |
| *** scottsol has joined #openstack-kolla | 09:24 | |
| openstackgerrit | LEDUC Florian proposed openstack/kolla-ansible master: Deploy mariaDB Galera arbitrator https://review.opendev.org/728796 | 09:27 |
| openstackgerrit | LEDUC Florian proposed openstack/kolla-ansible master: Deploy mariaDB Galera arbitrator https://review.opendev.org/728796 | 09:39 |
| lvdombrkr | guys, train + centos8 + ovn is tested and should work? | 09:45 |
| *** k_mouza has quit IRC | 09:47 | |
| mgoddard | lvdombrkr: only supported on master, will be available in ussuri | 09:49 |
| *** nathharp has quit IRC | 09:49 | |
| *** nathharp has joined #openstack-kolla | 09:53 | |
| lvdombrkr | mgoddard: thanks for quick assit | 09:53 |
| openstackgerrit | LEDUC Florian proposed openstack/kolla-ansible master: Deploy mariaDB Galera arbitrator https://review.opendev.org/728796 | 09:54 |
| *** srin_ has quit IRC | 09:58 | |
| *** srin_ has joined #openstack-kolla | 09:58 | |
| *** wuchunyang has quit IRC | 10:00 | |
| *** rpittau is now known as rpittau|bbl | 10:06 | |
| *** jbadiapa has quit IRC | 10:08 | |
| *** Manheim has quit IRC | 10:09 | |
| *** Manheim has joined #openstack-kolla | 10:10 | |
| *** k_mouza has joined #openstack-kolla | 10:11 | |
| openstackgerrit | Merged openstack/kolla master: Switch to Ussuri release tarballs https://review.opendev.org/727810 | 10:12 |
| lvdombrkr | mgoddard: if i will use openvswich as plugin anyway between VMs and OVS will be linuxbridge, right? is there possibility connect VMS directly to OVS? (without involving linuxbridge in the middle)? | 10:14 |
| *** Manheim has quit IRC | 10:15 | |
| *** wuchunyang has joined #openstack-kolla | 10:15 | |
| mgoddard | lvdombrkr: I think the OVS native firewall does that, but not sure | 10:15 |
| lvdombrkr | mgoddard: thanks, will test now | 10:17 |
| mnasiadka | lvdombrkr: yes, you can use native OVS firewall instead of iptables hybrid one - but you need some fresh OS/kernel version for that IIRC | 10:17 |
| mnasiadka | lvdombrkr: or use OVN | 10:17 |
| lvdombrkr | mnasiadka: i tried OVN but its not working on Train + centos8 | 10:18 |
| mnasiadka | lvdombrkr: yeah, only in Ussuri | 10:18 |
| lvdombrkr | mnasiadka: will try now ovs with native firewall | 10:19 |
| *** wuchunyang has quit IRC | 10:19 | |
| openstackgerrit | Marcin Juszkiewicz proposed openstack/kolla master: Switch to versioned tarballs part 2 https://review.opendev.org/728809 | 10:21 |
| hrw | novajoin and python-tempestconf to latest releases | 10:21 |
| *** cah_link has joined #openstack-kolla | 10:22 | |
| rockey | hrw: novajoin planned to be integrated with kolla? | 10:28 |
| hrw | rockey: we have images | 10:28 |
| rockey | ok, cool | 10:31 |
| rockey | thanks for the info | 10:31 |
| openstackgerrit | Merged openstack/kolla stable/train: switch to official CentOS 8 repositories https://review.opendev.org/721329 | 10:38 |
| openstackgerrit | Merged openstack/kolla-ansible master: CI: Add ansible-lint to tox https://review.opendev.org/694779 | 10:38 |
| openstackgerrit | Merged openstack/kolla master: Remove pypy job https://review.opendev.org/728683 | 10:38 |
| *** adeberg has quit IRC | 10:40 | |
| *** ykarel|lunch is now known as ykarel | 10:43 | |
| *** Manheim has joined #openstack-kolla | 10:44 | |
| *** Manheim has quit IRC | 10:49 | |
| *** wuchunyang has joined #openstack-kolla | 10:52 | |
| *** adeberg has joined #openstack-kolla | 10:55 | |
| *** kevko has quit IRC | 10:59 | |
| *** kevko has joined #openstack-kolla | 10:59 | |
| *** jaicaa has quit IRC | 11:01 | |
| *** jaicaa has joined #openstack-kolla | 11:02 | |
| openstackgerrit | Merged openstack/kolla master: Upgrade Monasca Fluentd output plugin https://review.opendev.org/728638 | 11:02 |
| openstackgerrit | Merged openstack/kolla-ansible master: fix can not generate ovs-dpdk.conf https://review.opendev.org/728680 | 11:02 |
| *** wuchunyang has quit IRC | 11:13 | |
| *** scottsol has quit IRC | 11:21 | |
| *** dougsz has left #openstack-kolla | 11:22 | |
| *** jaicaa has quit IRC | 11:22 | |
| *** jaicaa has joined #openstack-kolla | 11:22 | |
| openstackgerrit | Merged openstack/kayobe master: Allow OVS bridges to connect directly to interface https://review.opendev.org/705037 | 11:23 |
| openstackgerrit | Merged openstack/kayobe stable/train: CI: Add overcloud host configure jobs https://review.opendev.org/722661 | 11:23 |
| openstackgerrit | Merged openstack/kayobe stable/train: Fix ironic inspector rule creation idempotency https://review.opendev.org/724397 | 11:25 |
| openstackgerrit | Merged openstack/kayobe stable/train: CentOS 8: Fix network configuration persistence https://review.opendev.org/727841 | 11:25 |
| hrw | ARGH. | 11:26 |
| hrw | I hate how zuul uses py2 for ansible... | 11:26 |
| *** JangwonLee_ has quit IRC | 11:26 | |
| *** JangwonLee_ has joined #openstack-kolla | 11:27 | |
| *** muhaha has quit IRC | 11:28 | |
| *** ftarasenko has quit IRC | 11:30 | |
| openstackgerrit | Michal Nasiadka proposed openstack/kolla master: octavia: Add ovn-octavia-driver https://review.opendev.org/717296 | 11:31 |
| openstackgerrit | Radosław Piliszek proposed openstack/kolla-ansible master: Fix some error of j2 syntax https://review.opendev.org/728756 | 11:34 |
| *** Manheim has joined #openstack-kolla | 11:36 | |
| *** Manheim has quit IRC | 11:37 | |
| *** Manheim has joined #openstack-kolla | 11:37 | |
| mnasiadka | hrw: does Debian OpenStack package maintainers live in some normal world, or do I have to submit a bug via mail? :D | 11:37 |
| hrw | mnasiadka: #debian-openstack on oftc? | 11:38 |
| *** amoralej has joined #openstack-kolla | 11:38 | |
| amoralej | hi | 11:38 |
| mnasiadka | ok, let's try | 11:38 |
| mnasiadka | hi amoralej | 11:38 |
| hrw | mnasiadka: zigo and kevko sit there | 11:38 |
| hrw | hi amoralej | 11:38 |
| hrw | zuul-- | 11:38 |
| amoralej | you have plans for ussuri branching and some RC tag soon? | 11:38 |
| hrw | amoralej: master now uses ussuri tarballs | 11:38 |
| hrw | mgoddard: when we branch? | 11:39 |
| mgoddard | hrw: soon | 11:39 |
| amoralej | we are preparing last packages for RDO Ussuri release | 11:39 |
| *** srin has joined #openstack-kolla | 11:39 | |
| mgoddard | amoralej: and you want kolla to be included? | 11:40 |
| amoralej | so pending on tags to includ on it | 11:40 |
| amoralej | mgoddard, yes | 11:40 |
| mgoddard | usual chicken and egg :) | 11:40 |
| mgoddard | we wait for RDO release to switch repos | 11:40 |
| amoralej | we've included it since ocata | 11:40 |
| hrw | centos-release-openstack-ussuri ;D | 11:40 |
| amoralej | yeah, usually there is some initial rc, then we build it, we prepare the release rpm and you switch | 11:41 |
| mgoddard | I don't think RDO has depended on the kolla release | 11:41 |
| amoralej | would that work? | 11:41 |
| mgoddard | ok | 11:41 |
| mgoddard | we can go through the release checklist this week | 11:41 |
| amoralej | mgoddard, well, we'd like to be able to build tripleo containers | 11:41 |
| amoralej | as part of GA preparation | 11:41 |
| amoralej | that depends on kolla | 11:41 |
| mgoddard | just a reminder that anyone can do this (although please sync up) https://docs.openstack.org/kolla/latest/contributor/release-management.html | 11:42 |
| *** srin_ has quit IRC | 11:43 | |
| yoctozepto | mgoddard: re rmq tls - does it need the fixes from dnm? | 11:44 |
| *** amoralej is now known as amoralej|lunch | 11:56 | |
| *** scottsol has joined #openstack-kolla | 12:04 | |
| *** abdysn has quit IRC | 12:08 | |
| *** scottsol has quit IRC | 12:09 | |
| *** scottsol has joined #openstack-kolla | 12:11 | |
| openstackgerrit | LEDUC Florian proposed openstack/kolla-ansible master: Deploy mariaDB Galera arbitrator https://review.opendev.org/728796 | 12:12 |
| *** rpittau|bbl is now known as rpittau | 12:12 | |
| openstackgerrit | Michal Nasiadka proposed openstack/kolla-ansible master: Custom haproxy script for monitoring galera https://review.opendev.org/710213 | 12:13 |
| *** scottsol has quit IRC | 12:14 | |
| openstackgerrit | Michal Nasiadka proposed openstack/kolla master: octavia: Add ovn-octavia-driver https://review.opendev.org/717296 | 12:16 |
| *** srinn has joined #openstack-kolla | 12:16 | |
| *** srin has quit IRC | 12:19 | |
| *** scottsol has joined #openstack-kolla | 12:20 | |
| *** scottsol has quit IRC | 12:22 | |
| *** srinn has quit IRC | 12:25 | |
| *** scottsol has joined #openstack-kolla | 12:28 | |
| *** srin has joined #openstack-kolla | 12:28 | |
| *** Luzi has joined #openstack-kolla | 12:33 | |
| openstackgerrit | Pedro Henrique Pereira Martins proposed openstack/kolla-ansible master: Add suport to OpenID Connect Authentication flow https://review.opendev.org/695432 | 12:36 |
| *** evrardjp has quit IRC | 12:36 | |
| *** abdysn has joined #openstack-kolla | 12:36 | |
| *** scottsol has quit IRC | 12:43 | |
| *** scottsol has joined #openstack-kolla | 12:45 | |
| *** gfidente is now known as gfidente|off | 12:46 | |
| *** nathharp has quit IRC | 12:48 | |
| *** evrardjp has joined #openstack-kolla | 12:49 | |
| openstackgerrit | LEDUC Florian proposed openstack/kolla-ansible master: Add ability to use the Neutron packet logging framework https://review.opendev.org/700895 | 12:50 |
| *** dswebb has joined #openstack-kolla | 12:52 | |
| *** amoralej|lunch is now known as amoralej | 12:52 | |
| openstackgerrit | LEDUC Florian proposed openstack/kolla-ansible master: Deploy mariaDB Galera arbitrator https://review.opendev.org/728796 | 12:55 |
| *** jbadiapa has joined #openstack-kolla | 13:03 | |
| *** ykarel is now known as ykarel|afk | 13:06 | |
| openstackgerrit | Merged openstack/kolla-ansible stable/stein: Improve fernet_token_expiry precheck https://review.opendev.org/728791 | 13:08 |
| openstackgerrit | Merged openstack/kolla-ansible stable/stein: multipath requires udev-rules in host https://review.opendev.org/728788 | 13:08 |
| openstackgerrit | Merged openstack/kolla-ansible stable/train: multipath requires udev-rules in host https://review.opendev.org/728787 | 13:10 |
| openstackgerrit | Merged openstack/kolla-ansible stable/train: Document and test maximum supported version of Ansible https://review.opendev.org/728783 | 13:11 |
| openstackgerrit | LEDUC Florian proposed openstack/kolla-ansible master: Deploy mariaDB Galera arbitrator https://review.opendev.org/728796 | 13:12 |
| *** JamesBenson has joined #openstack-kolla | 13:16 | |
| *** cah_link has quit IRC | 13:18 | |
| *** wuchunyang has joined #openstack-kolla | 13:24 | |
| openstackgerrit | LEDUC Florian proposed openstack/kolla-ansible master: Add ability to use the Neutron packet logging framework https://review.opendev.org/700895 | 13:25 |
| *** kplant has joined #openstack-kolla | 13:28 | |
| *** TrevorV has joined #openstack-kolla | 13:30 | |
| *** skramaja has quit IRC | 13:31 | |
| *** srinn has joined #openstack-kolla | 13:32 | |
| *** srin has quit IRC | 13:35 | |
| *** Fl1nt has joined #openstack-kolla | 13:36 | |
| Fl1nt | Good afternoon everyone! | 13:36 |
| openstackgerrit | Michal Nasiadka proposed openstack/kolla-ansible master: WIP: Initial jinja2 templates syntax checks https://review.opendev.org/728894 | 13:40 |
| *** Luzi has quit IRC | 13:43 | |
| Fl1nt | So, few updates from the crypt ^^ | 13:43 |
| Fl1nt | I've found out from the docs and notes within sources (thx for your commitment to those NOTES: within source ^^), that binray RPM installation miss a few things because CentOS repositories miss some binary. | 13:46 |
| Fl1nt | What would be our best chance to get them created and updated within the repositories? | 13:47 |
| Fl1nt | like | 13:47 |
| Fl1nt | openstack-barbican-ui | 13:47 |
| Fl1nt | & | 13:48 |
| Fl1nt | freezer-base | 13:48 |
| Fl1nt | especially ^^ | 13:48 |
| Fl1nt | I still can add them using override and sources in the meantime | 13:48 |
| Fl1nt | but yet, it kind of make us (operators) creating multiple CI jobs. | 13:49 |
| Fl1nt | which on my own isn't a pain, but yet my customer's operators will definitely not appreciate to get two parallel images build just for one image. | 13:50 |
| Fl1nt | Oh, and I'd like to thanks a lot the guys at StackHPC who did that: https://github.com/stackhpc/pam-keystone <-- THANKS A LOT!! | 13:53 |
| *** muhaha has joined #openstack-kolla | 13:57 | |
| openstackgerrit | Mark Goddard proposed openstack/kolla-ansible stable/stein: Document and test maximum supported version of Ansible https://review.opendev.org/728898 | 13:57 |
| muhaha | mgoddard I have question, is there any scheduler in kolla stack ? running scheduled ( https://hub.docker.com/r/certbot/certbot ) certbot with post-hook ( if is acme cert reissued -> reload haproxy container ) can work for enabling acme certs ( with dns challenge ) | 14:01 |
| mgoddard | muhaha: what do you mean by a scheduler? | 14:02 |
| Fl1nt | @muhaha, it can't work, you gonna need to issue DNS Challenge certs for most of the services, which certbot can't handle properly if you don't get a specific RFC 2136 somewhere within your infrastucture. | 14:03 |
| muhaha | mgoddard: some component that can run scheduled jobs for kolla stack, instead of using plain crontab or system.timer | 14:03 |
| muhaha | Fl1nt you can configure it for http or tls challenge then.. its pretty flexible | 14:04 |
| Fl1nt | won't work for wildcard | 14:04 |
| Fl1nt | and you'll reach the 50 certs threshold pretty easily | 14:05 |
| muhaha | its working for wildcard, of course with some limitations | 14:05 |
| Fl1nt | yep, that what I was pointing out upper, the DNS Challenge issue. | 14:05 |
| muhaha | is it problem so sign 50 standalone certs ? | 14:06 |
| muhaha | wildcards are dangerous | 14:06 |
| Fl1nt | lol | 14:06 |
| muhaha | lol what | 14:06 |
| Fl1nt | wildcards aren't more dangerous than other certs, it's intrinsec to your infrastructure security | 14:07 |
| mgoddard | muhaha: kolla doesn't provide anything like that explicitly. There is an openstack service called mistral, but I expect it won't do what you want as you'll need to restart the docker engine | 14:07 |
| mgoddard | cron or systemd timers seem like a reasonable choice for this? | 14:08 |
| muhaha | i guess that problem is that you will have to configure 50* certificate in haproxy config, right ? | 14:08 |
| Fl1nt | 50 certs to manage is a problem as soon as it's not automated, many openstack deployments will actually require more than 50 certs to work. so rather than using more and more certs, you just create a *.subdomain.domain.tld one. | 14:08 |
| mgoddard | why do we need 50 certs? | 14:08 |
| Fl1nt | if you publish your APIs endpoints | 14:09 |
| Fl1nt | like | 14:09 |
| Fl1nt | here is an exemple | 14:09 |
| Fl1nt | I've got cloud.domain.tld which is a cert, then I have one per service.cloud.domain.tld API which is available | 14:09 |
| muhaha | well, if you will use haproxy+keepalive as tcp proxy and traefik as http proxy, then you dont need to handle this type of things and you are free to use selfsigned, supply our own or use acme ( http,tls,dns challenge ) | 14:10 |
| Fl1nt | then you've got the internals one | 14:10 |
| Fl1nt | @muhaha, at that point of complexity, you should goes with K8s whatever. | 14:10 |
| mgoddard | Fl1nt: why a separate hostname per service? | 14:11 |
| muhaha | yes, iam using cert-manager operator and traefik as ingress for it ( openstack is not ready on k8s ..), thats why I am here and I want my green url line in my browser with dns challenge support ( internal lan ) | 14:12 |
| Fl1nt | because some departments use them, other don't, that a mnemonic. like firebase for exemple, you've got firebase.com then storage.firebase.com, functions.firebase.com etc | 14:12 |
| muhaha | *for k8s | 14:12 |
| Fl1nt | dns challenge is only required if you use wildcard | 14:12 |
| muhaha | false | 14:13 |
| muhaha | its not posible to get acme without dns challenge if you are behind firewall | 14:14 |
| muhaha | in internal lan | 14:14 |
| muhaha | very common use case | 14:14 |
| muhaha | thats why i am wondering why are you so bad about it | 14:14 |
| Fl1nt | I'm not mad about it, just trying to give you information: https://certbot.eff.org/docs/install.html#running-with-docker <-- about DNS Challenge. | 14:15 |
| Fl1nt | the only usecase where DNS challenge is REQUIRED is for wildcard. | 14:15 |
| Fl1nt | from the doc | 14:15 |
| muhaha | yes, but i am not talking about wildcard right know | 14:16 |
| Fl1nt | ok, I'll explain more clearly. | 14:16 |
| Fl1nt | if you want to automatically regenerate certs using certbot, you can't do it behind a firewall except if your network admin is allowing traffic to let's encrypt platform. | 14:17 |
| Fl1nt | whatever challenge you use | 14:17 |
| *** ykarel|afk is now known as ykarel | 14:18 | |
| Fl1nt | you gonna have to do it the certonly way. | 14:18 |
| Fl1nt | and then manually validate the challenge | 14:18 |
| muhaha | i was not aware of wildcard certificate | 14:18 |
| muhaha | and of course its bad... | 14:19 |
| muhaha | lol | 14:19 |
| muhaha | you can easily change infrastructure and let modern reverse proxy to handle acme certificates for every service as standalone certificate | 14:19 |
| Fl1nt | no it's not, this is not because someone on the internet told you that with a wildcard you can impersonate any service on your infrastructure that it is bad, "if it exist it ain't stupid" ;-) | 14:20 |
| muhaha | whatever man :d point is that i can not have acme certificates on kolla... | 14:20 |
| Fl1nt | what's bad is someone that gain enough privilege on your infrastructure to be able to reach your certificate and keys in the first place. | 14:20 |
| mgoddard | muhaha: I'm pretty sure I know someone using letsencrpyt with kolla, so it should work | 14:21 |
| Fl1nt | @muhaha, it's not a kolla issue here, ACME is a challenge protocol, if your company banned it from your security endpoints (firewall or others) it isn't a kolla issue. | 14:22 |
| muhaha | oh | 14:22 |
| muhaha | nevermind :) | 14:22 |
| muhaha | thanks | 14:22 |
| *** ftarasenko has joined #openstack-kolla | 14:23 | |
| mgoddard | headphoneJames: around? | 14:24 |
| Fl1nt | @mgoddard, regarding TLS support for endpoints and end-to-end, that question at least raised a good question, do you rather prefer to support certs that get a long lifetime or a way to use short time certs like those 3 months renewal window with let's encrypt. | 14:25 |
| *** KeithMnemonic has joined #openstack-kolla | 14:25 | |
| mgoddard | Fl1nt: are you asking me as an operator or kolla dev? | 14:26 |
| Fl1nt | kolla dev | 14:26 |
| mgoddard | it's probably more of a policy issue | 14:26 |
| Fl1nt | as an operator both are equally painfull as it depends on the level of automation and tooling in the end ^^ | 14:26 |
| mgoddard | trick question :) | 14:27 |
| Fl1nt | yeah | 14:27 |
| muhaha | btw, if i can advice you something, i would go ( for service discovery and more cloud native aproach ) to handle tcp with haproxy/keepalived with consul backend and http with traefik and consul backend, or if you want to use dns roundrobin with tcp healtchecks, then you can go with coredns, then you can use dns challenge -> cert per service | 14:27 |
| Fl1nt | @muhaha, coredns isn't RFC 2136 compliant, so you can't ;-) | 14:28 |
| muhaha | well it is not requirement | 14:28 |
| Fl1nt | do you want me to link you the official doc again? | 14:28 |
| muhaha | are you working in redhat ? | 14:28 |
| Fl1nt | nope, why that? | 14:29 |
| Fl1nt | @muhaha, all in all, the kolla purpose isn't to be as cloud native as what you could get with a K8s based openstack deployment IMHO, it would highly complexify the deployment process by bringing more and more dependencies and requirements. | 14:31 |
| Fl1nt | which is exactly what most of kolla's operators are trying to avoid with kolla. | 14:31 |
| Fl1nt | kolla is an elegant way for operators to solve one tricky issue | 14:31 |
| Fl1nt | openstack segmented deployment and lifecycle. | 14:32 |
| mgoddard | agreed | 14:32 |
| Fl1nt | at least, that's the value that I can see in kolla/k-a | 14:32 |
| mgoddard | if you want to run your openstack on a wobbly jelly, go talk to openstack-helm | 14:32 |
| Fl1nt | Do one thing, but it well, and it's exactly what it is currently. | 14:33 |
| Fl1nt | +do | 14:33 |
| muhaha | Thanks :) | 14:33 |
| Fl1nt | @muhaha, sorry if I sounded harsh on you, but your question was a bit fuzzy | 14:34 |
| muhaha | Kolla is currently most "modern&flexible" way of deployment, right ? openstack-helm is unfinished and i dont know anything similar... | 14:34 |
| mnasiadka | wobbly jelly, that's the new codename for kubernetes? :) | 14:34 |
| Fl1nt | @mnasiadka, ^^ Officially since today :D | 14:34 |
| openstackgerrit | Merged openstack/kolla master: Switch to versioned tarballs part 2 https://review.opendev.org/728809 | 14:34 |
| Fl1nt | @muhaha, depends, if you're looking for a "modern" but yet flawed way to deploy your openstack over k8s you can also have a look at airship | 14:35 |
| Fl1nt | talking about gaz factory :p | 14:35 |
| muhaha | k8s is good and it created a lot of jobs ... | 14:37 |
| muhaha | i dont really know what exaclty airship is... is it some platform like openshift ? like including ci/cd and things for developers? web page is really confusing | 14:37 |
| Fl1nt | coal mining too back in time ;-) | 14:38 |
| ysirndjuro | All deployment methods look and sound great on paper, until you try to deploy with it. Then it's really up to how that software suite is supported. | 14:38 |
| timss | created a lot of jobs, or created a lot of work? :D (a bit tongue in cheek) | 14:38 |
| Fl1nt | In my humble opinion, all current solution to deploy and really operate openstack over k8s are flawed because they're over engineered... like, airship for instance try to do it all, HW bootstrap, provisioning, installation, services etc. | 14:38 |
| Fl1nt | @ysirndjuro, +1 | 14:38 |
| Fl1nt | but it try to do it the wrong way | 14:38 |
| muhaha | but kolla is on docker, so it has common ground for sure... | 14:39 |
| Fl1nt | yeah, containers are great, k8s too to some extends. | 14:39 |
| Fl1nt | Don't get me wrong, I'm not anti-k8s, I'm working with everyday, I like it for some situation. | 14:40 |
| ysirndjuro | I'm curious, anyone from RH here? How heavily is podman being pushed on kolla? I see cephadm is already defaulting to it. | 14:40 |
| Fl1nt | Not with RH but yet I really like podman and buldha | 14:40 |
| Fl1nt | it's efficient, elegant, use a less as possible intermediary layers of complexity (software). | 14:41 |
| muhaha | airship is further than openstack-helm ? | 14:42 |
| Fl1nt | Airship actually use openstack-helm artifacts | 14:42 |
| muhaha | oh, so its not complete too, right ? Like look at https://github.com/openstack/openstack-helm , there are a lot of charts/components missing | 14:44 |
| *** cdearborn has joined #openstack-kolla | 14:45 | |
| mnasiadka | better check how many releases of openstack-helm have been ever made :) | 14:45 |
| muhaha | i dont know, its really hard to start somehow, seems that openstack on k8s in not that well supported, then kolla looks really good | 14:49 |
| muhaha | this https://github.com/openstack/kolla#infrastructure-components is just a optional list of deployable 3rdparty services? or what is a point to deploy influx,prometheus,sensu togheter ? | 14:50 |
| Fl1nt | @muhaha, those are optional services, but the point is to get monitoring and traceability battery included. | 14:51 |
| Fl1nt | for instance I only use FluentD/E*K and Prometheus/Grafana. | 14:52 |
| Fl1nt | I don't use sensu on my own. | 14:52 |
| muhaha | yes, that is a good answer :) | 14:52 |
| muhaha | one more :) i am looking at vagrant deployment, and there is info: "1 storage node (Note: ceph requires at least 3 storage nodes)" , what does it mean? will it work ? | 15:00 |
| Fl1nt | you should use an external ceph installation as internal management from kolla is now deprecated. | 15:00 |
| Fl1nt | and with an external installation having one node works, you'll just need to adapt your crushmap with appropriate rulesets and profiles. | 15:01 |
| muhaha | so default multinode install requires exteranl ceph cluster ? | 15:03 |
| Fl1nt | which version of kolla do you use? | 15:04 |
| muhaha | latest is train, right ? so i guess train | 15:07 |
| Fl1nt | So a single node should work | 15:09 |
| Fl1nt | @muhaha, BTW, regarding your HAProxy, you don't have to specify your TLS Certs each time you use them, you can specify a tls certificat directory as a global directive that will instruct HAProxy to find the appropriate cert within. | 15:12 |
| lvdombrkr | Hello guys, trying to deploy Train + Centos8 + OVS (native firewall driver firewall_driver = openvswitch) kernel version - 4.18.0-147.8.1.el8_1.x86_64 | 15:15 |
| openstackgerrit | Mark Goddard proposed openstack/kolla-ansible stable/train: fix can not generate ovs-dpdk.conf https://review.opendev.org/728923 | 15:15 |
| openstackgerrit | Mark Goddard proposed openstack/kolla-ansible stable/stein: fix can not generate ovs-dpdk.conf https://review.opendev.org/728924 | 15:15 |
| Fl1nt | @lvdombrkr, Hey! | 15:17 |
| Fl1nt | what's your question tho? | 15:18 |
| lvdombrkr | but when trying lunch instance getting this error inside neutron-openvswitch-agent.log | 15:18 |
| lvdombrkr | http://paste.openstack.org/show/793741/ | 15:18 |
| lvdombrkr | Fl1nt: hey ^^^^ | 15:18 |
| Fl1nt | seems you're missing a library here, which version of kolla do you use? | 15:20 |
| muhaha | Fl1nt is there any eta for ussuri relase for kolla ? i will probably start with latest relase, if its feasible in next few weeks... | 15:20 |
| Fl1nt | @lvdombrkr, oh and seems you get a client version conflict too. | 15:21 |
| Fl1nt | @muhaha, I don't know, @mgoddard could give you more insight, but that shouldn't be that far away. | 15:21 |
| lvdombrkr | Fl1nt: i use git https://github.com/openstack/kolla https://github.com/openstack/kolla-ansible openstack_release: "train" | 15:25 |
| *** seco has quit IRC | 15:26 | |
| Fl1nt | In order to help you further, we will need to know more about your setup, like your inventory file and your globals.yml file if possible. | 15:26 |
| Fl1nt | Do you use any template-overrides.j2 when building your images too ? | 15:27 |
| mgoddard | muhaha: I would start your testing on train. It's hard to predict when the release will be out - we are often held up by things out of our control | 15:28 |
| mgoddard | ideally it will be a few weeks, but could be more | 15:29 |
| noxoid | if you're unfamiliar with kolla its a good idea to become familiar with the upgrade process while you're just starting out :P its relatively easy for what it does | 15:29 |
| muhaha | ok, thanks | 15:29 |
| lvdombrkr | Fl1nt: share globals and inventory with you? | 15:30 |
| Fl1nt | with everyone | 15:30 |
| Fl1nt | By the way, talking about lifecycle management, did anyone here already try a downgrade? Like, I know, bad juju but yet that something that customers ask me those days ^^ | 15:30 |
| *** wuchunyang has quit IRC | 15:34 | |
| lvdombrkr | Fl1nt: Centos8 (4.18.0-147.8.1.el8_1.x86_64) + Train + OVS ( firewall_driver = openvswitch) 1controller + 1compute node, globals, inventory -> http://paste.openstack.org/show/793743/ | 15:35 |
| Fl1nt | @lvdombrkr, hum, from your globals.yml you didn't activated openvsitch | 15:41 |
| openstackgerrit | jacky06 proposed openstack/kolla-ansible master: Modify api-paste.ini v1 to v2 for cyborg https://review.opendev.org/728688 | 15:43 |
| lvdombrkr | Fl1nt : neutron_plugin_agent: "openvswitch" | 15:43 |
| Fl1nt | yeah, the neutron agent, but yet your enable_openvswitch is commented. | 15:44 |
| lvdombrkr | but if i set neutron_plugin_agent: "openvswitch" | 15:45 |
| lvdombrkr | this line should be not enabled ? #enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}" | 15:45 |
| Fl1nt | that two different things | 15:46 |
| lvdombrkr | by default | 15:46 |
| Fl1nt | one enable the agent for neutron, the other one indicate that you're basing your network on openvswitch. | 15:46 |
| openstackgerrit | Merged openstack/kolla-ansible master: Fix some error of j2 syntax https://review.opendev.org/728756 | 15:46 |
| Fl1nt | if you only enable the agent, but that your node isn't openvswitch managed, it will not work. | 15:47 |
| Fl1nt | so | 15:47 |
| openstackgerrit | Mark Goddard proposed openstack/kolla-ansible stable/rocky: Document and test maximum supported version of Ansible https://review.opendev.org/728928 | 15:47 |
| Fl1nt | either your openvswitch is host managed (outside of kolla) or you activate it and kolla will take care of the network part. | 15:48 |
| Fl1nt | but the issue that can rise | 15:48 |
| Fl1nt | is for your host to actually use linux bridge instead of openvswitch | 15:48 |
| Fl1nt | or | 15:48 |
| Fl1nt | your host having an openvswitch version that isn't supported by the agent. | 15:49 |
| *** ykarel is now known as ykarel|away | 15:49 | |
| lvdombrkr | Fl1nt: so should be like enable_openvswitch: "yes" | 15:49 |
| lvdombrkr | , neutron_plugin_agent: "openvswitch" | 15:49 |
| lvdombrkr | correct? | 15:49 |
| mgoddard | headphoneJames: around? | 15:50 |
| Fl1nt | @lvdombrkr, I don't know, do you want kolla to manage OVS or do you want to deploy/manage it using your distro packages? | 15:51 |
| lvdombrkr | Fl1nt: kolla to manage ovs | 15:52 |
| headphoneJames | hi | 15:53 |
| Fl1nt | @lvdombrkr, so you need to activate enable_openvswitch | 15:55 |
| Fl1nt | TBN, doing that means your dummy0 interface will be handled by OVS and became unreachable, so be carefull as you can literally lock you out ^^ | 15:55 |
| *** seco has joined #openstack-kolla | 15:57 | |
| hrw | mgoddard: aarch64 ci will work soon | 15:58 |
| lvdombrkr | Fl1nt : both neutron_plugin_agent: "openvswitch" and enable_openvswitch: "yes | 15:58 |
| lvdombrkr | correct? | 15:58 |
| mgoddard | hrw: great :) | 15:58 |
| hrw | mgoddard: protobuf gets downgraded in requirements | 15:58 |
| hrw | mgoddard: adding aarch64 ci to requirements in progress ;D | 15:59 |
| openstackgerrit | Merged openstack/kolla-ansible stable/train: Improve fernet_token_expiry precheck https://review.opendev.org/728790 | 15:59 |
| Fl1nt | @lvdombrkr, just uncomment the enable_openvswitch, use enable_neutron: yes and neutron_plugin_agent: "openvswitch" | 15:59 |
| lvdombrkr | Fl1nt: perfect, thanks! | 16:00 |
| Fl1nt | sure, my pleasure ;-) | 16:02 |
| *** seco has quit IRC | 16:02 | |
| Fl1nt | @mgoddard, oh gosh, the CentOS process to add a RPM within the openstack cloud repository (RDO) is so fuzzy... Trying to find how can I contribute and publish my openstack-barbican-ui and openstack-freezer RPMs | 16:03 |
| Fl1nt | that's starting to making me nuts ^^ | 16:04 |
| mgoddard | yeah, haven't tried that but can imagine | 16:04 |
| mgoddard | maybe amoralej can point you in the right direction | 16:04 |
| Fl1nt | gosh, that's exactly how you lost contributors, entry barriers, endless cryptic documentation and so many SIG that handle the same things ^^ but anyway, I'll try to make it work ^^ | 16:05 |
| amoralej | Fl1nt, did you check https://www.rdoproject.org/documentation/add-packages/ ? | 16:05 |
| *** rpittau is now known as rpittau|afk | 16:06 | |
| amoralej | join us in #rdo so that we can support you in the process | 16:06 |
| Fl1nt | @amoralej, thanks a lot, I didn't, directly thought about the CentOS repo itself since it's hosted in there ^^ | 16:09 |
| amoralej | yes, i understand it can be tricky the first time | 16:09 |
| amoralej | but hopefully that doc helps you | 16:10 |
| Fl1nt | yep, it will help a lot thank you very much :D | 16:10 |
| openstackgerrit | gugug proposed openstack/kolla-ansible master: Use script module to simplify the ovs-dpdk initiazation https://review.opendev.org/728677 | 16:18 |
| openstackgerrit | gugug proposed openstack/kolla-ansible master: Use script module to simplify the ovs-dpdk initiazation https://review.opendev.org/728677 | 16:20 |
| *** Manheim has quit IRC | 16:23 | |
| *** Manheim has joined #openstack-kolla | 16:23 | |
| *** jonaspaulo has joined #openstack-kolla | 16:23 | |
| *** Manheim has quit IRC | 16:26 | |
| openstackgerrit | gugug proposed openstack/kolla-ansible master: Use script module to simplify the ovs-dpdk initi and destroy https://review.opendev.org/728677 | 16:26 |
| openstackgerrit | gugug proposed openstack/kolla-ansible master: Use script module to simplify the ovs-dpdk init and destroy https://review.opendev.org/728677 | 16:28 |
| Fl1nt | @mgoddard, ok, so thanks for having mentionned @amoralej that helped a lot ^^ | 16:28 |
| *** lvdombrkr has quit IRC | 16:36 | |
| *** abdysn has quit IRC | 16:43 | |
| openstackgerrit | jacky06 proposed openstack/kolla-ansible master: Use script module to simplify the ovs-dpdk init and destroy https://review.opendev.org/728677 | 16:47 |
| *** k_mouza has quit IRC | 16:48 | |
| *** k_mouza has joined #openstack-kolla | 16:49 | |
| *** ricolin_ has joined #openstack-kolla | 16:53 | |
| *** k_mouza has quit IRC | 16:54 | |
| *** lvdombrkr has joined #openstack-kolla | 16:55 | |
| *** ricolin has quit IRC | 16:56 | |
| *** abdysn has joined #openstack-kolla | 16:58 | |
| *** ricolin_ has quit IRC | 17:00 | |
| *** ricolin has joined #openstack-kolla | 17:01 | |
| openstackgerrit | Radosław Piliszek proposed openstack/kolla-ansible stable/stein: Document and test maximum supported version of Ansible https://review.opendev.org/728898 | 17:02 |
| openstackgerrit | Radosław Piliszek proposed openstack/kolla-ansible stable/rocky: Document maximum supported version of Ansible https://review.opendev.org/728928 | 17:02 |
| openstackgerrit | James Kirsch proposed openstack/kolla-ansible master: DNM: enable TLS for all jobs https://review.opendev.org/718628 | 17:09 |
| openstackgerrit | Radosław Piliszek proposed openstack/kolla-ansible master: [DNM] DVR https://review.opendev.org/728954 | 17:09 |
| *** mchlumsky has quit IRC | 17:14 | |
| *** mchlumsky has joined #openstack-kolla | 17:14 | |
| *** dking has joined #openstack-kolla | 17:14 | |
| *** abdysn has quit IRC | 17:16 | |
| *** amoralej is now known as amoralej|off | 17:18 | |
| *** seco has joined #openstack-kolla | 17:22 | |
| *** k_mouza has joined #openstack-kolla | 17:24 | |
| openstackgerrit | Pedro Henrique Pereira Martins proposed openstack/kolla-ansible master: Add suport to OpenID Connect Authentication flow https://review.opendev.org/695432 | 17:24 |
| *** seco has quit IRC | 17:28 | |
| *** k_mouza has quit IRC | 17:28 | |
| openstackgerrit | Merged openstack/kolla master: octavia: Add ovn-octavia-driver https://review.opendev.org/717296 | 17:41 |
| lvdombrkr | Fl1nt : now i have this error in neutron-openvswitch-agent.log | 17:56 |
| lvdombrkr | . http://paste.openstack.org/show/793747/ any clues? | 17:56 |
| *** Manheim has joined #openstack-kolla | 18:17 | |
| openstackgerrit | Radosław Piliszek proposed openstack/kolla-ansible master: [DNM] DVR https://review.opendev.org/728954 | 18:31 |
| *** muhaha has quit IRC | 18:40 | |
| *** also_stingrayza has joined #openstack-kolla | 18:53 | |
| *** stingrayza has quit IRC | 18:56 | |
| *** scottsol has quit IRC | 18:56 | |
| hrw | mgoddard: and merged. aarch64 will work again | 19:08 |
| hrw | https://review.opendev.org/#/c/707599 sent for recheck | 19:09 |
| patchbot | patch 707599 - kolla - WIP: introduce non-infra-base image - 7 patch sets | 19:09 |
| *** scottsol has joined #openstack-kolla | 19:36 | |
| *** k_mouza has joined #openstack-kolla | 19:50 | |
| *** k_mouza has quit IRC | 19:50 | |
| *** seco has joined #openstack-kolla | 19:56 | |
| *** seco has quit IRC | 20:01 | |
| openstackgerrit | Radosław Piliszek proposed openstack/kolla-ansible master: [DNM] DVR https://review.opendev.org/728954 | 20:06 |
| *** Fl1nt has quit IRC | 20:37 | |
| openstackgerrit | Merged openstack/kolla-ansible master: Modify api-paste.ini v1 to v2 for cyborg https://review.opendev.org/728688 | 20:45 |
| *** e0ne has quit IRC | 20:47 | |
| *** scottsol_ has joined #openstack-kolla | 21:07 | |
| *** scottsol has quit IRC | 21:09 | |
| openstackgerrit | Scott Solkhon proposed openstack/kayobe master: Upgrade Vagrant VM to CentOS 8 https://review.opendev.org/729046 | 21:24 |
| *** scottsol_ has quit IRC | 21:29 | |
| *** born2bake has quit IRC | 21:30 | |
| *** dking has quit IRC | 21:31 | |
| *** JamesBenson has quit IRC | 21:46 | |
| *** dswebb has quit IRC | 21:47 | |
| *** scottsol has joined #openstack-kolla | 21:53 | |
| *** lvdombrkr has quit IRC | 21:56 | |
| *** scottsol has quit IRC | 21:57 | |
| *** threestrands has joined #openstack-kolla | 22:06 | |
| *** TrevorV has quit IRC | 22:14 | |
| *** JamesBenson has joined #openstack-kolla | 22:24 | |
| *** Manheim has quit IRC | 22:29 | |
| *** Manheim has joined #openstack-kolla | 22:30 | |
| *** jonaspaulo has quit IRC | 22:31 | |
| *** dking has joined #openstack-kolla | 22:33 | |
| *** Manheim has quit IRC | 22:34 | |
| *** dking has quit IRC | 22:37 | |
| *** vishalmanchanda has quit IRC | 23:22 | |
| *** Manheim has joined #openstack-kolla | 23:26 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!