opendevreview | xinliang proposed openstack/kolla master: Use distro provided GRUB efi https://review.opendev.org/c/openstack/kolla/+/724630 | 03:56 |
---|---|---|
opendevreview | Dr. Jens Harbott proposed openstack/kolla master: Cap elasticsearch gem for fluentd https://review.opendev.org/c/openstack/kolla/+/821695 | 07:07 |
*** amoralej|off is now known as amoralej | 08:23 | |
kevko | mnasiadka: hi, i've replied to your cron question in my review ..let me know if you got it .. | 11:47 |
mnasiadka | replied | 11:50 |
kevko | mnasiadka: also :) | 11:58 |
kevko | i really don't understand what is bad ? why to not merge feature which is not breaking anything ? | 11:58 |
kevko | frickler: do you think it's bad idea ? https://review.opendev.org/c/openstack/kolla-ansible/+/813039 | 12:00 |
kevko | you've commented depends-on patch, so you maybe have it in your memory :) | 12:01 |
*** amoralej is now known as amoralej|lunch | 13:19 | |
*** amoralej|lunch is now known as amoralej | 14:01 | |
frickler | kevko: there's a need to keep a balance between adding features and keeping the code maintainable. in particular with the current lack of maintainers, we need to judge between these two sides. in this specific case, I'm really unsure, which is why I voted in neither direction | 14:23 |
mnasiadka | kevko: It's not bad, I just don't know how many people need that, and I don't really like the implementation in Kolla as a script (but that's my personal opinion) ;-) There are other core reviewers, you know - try asking them for opinion ;-) | 14:29 |
jamesbenson | Question: We have an automated testing setup and we realized that we are failing a bunch of refstack tests when we have TLS enabled. We are using the kolla certs since it's testing. We have read the docs https://docs.openstack.org/kolla-ansible/victoria/admin/tls.html#quick-start and enabled the options and set the correct paths. But once enabled, we can't SSH into the VM's. What exactly are | 14:47 |
jamesbenson | we missing? | 14:47 |
gueswhat | guys? i am using this config https://pastebin.com/raw/m658Lyk9 ( external tls with specific pem certificate for haproxy, for internal tls ), but haproxy can not start, because its looking for haproxy-internal.pem certificate ( ERROR:__main__:MissingRequiredSource: /var/lib/kolla/config_files/haproxy.pem file is not found ), but not sure why its not working if i am using kolla_internal_fqdn_cert | 15:22 |
opendevreview | John Garbutt proposed openstack/kolla-ansible master: Change rabbit ha-all poicly for transient queues https://review.opendev.org/c/openstack/kolla-ansible/+/822132 | 16:03 |
opendevreview | John Garbutt proposed openstack/kolla-ansible master: Change rabbit ha-all policy for transient queues https://review.opendev.org/c/openstack/kolla-ansible/+/822132 | 16:07 |
*** holtgrewe is now known as holtgrewe^gone | 16:13 | |
opendevreview | Michal Nasiadka proposed openstack/kolla-ansible master: cinder: start using active-active for rbd https://review.opendev.org/c/openstack/kolla-ansible/+/763011 | 16:24 |
opendevreview | John Garbutt proposed openstack/kolla-ansible master: Tune RabbitMQ HA for availability over consistency https://review.opendev.org/c/openstack/kolla-ansible/+/822135 | 16:28 |
gueswhat | guys? i am using this config https://pastebin.com/raw/m658Lyk9 ( external tls with specific pem certificate for haproxy, for internal tls ), but haproxy can not start, because its looking for haproxy-internal.pem certificate ( ERROR:__main__:MissingRequiredSource: /var/lib/kolla/config_files/haproxy.pem file is not found ), but not sure why its not working if i am using kolla_internal_fqdn_cert | 16:40 |
jingvar | gueswhat: As I rememmber kolla_internal_fqdn_cert is for openstacr.rc file, you shoul place cert into config directory | 16:40 |
gueswhat | jingvar: its should be keypair in pem format for haproxy | 16:41 |
gueswhat | according to the docs | 16:41 |
jingvar | yes | 16:41 |
jingvar | let me see my config | 16:41 |
jingvar | https://paste.opendev.org/show/811751/ | 16:46 |
jingvar | maybe it woluld be helpfull | 16:46 |
jingvar | It is how does kayobe generate keys and ca , pem | 16:48 |
gueswhat | hmm, so it has to be always haproxy.pem filename with hardcoded filepath, right ? then kolla_internal_fqdn_cert is probably not working as expected.. | 16:48 |
jingvar | kolla_internal_fqdn_cert it is for internal.rc file | 16:49 |
gueswhat | i guess that i need still kolla_enable_tls_external: yes, right ? | 16:54 |
gueswhat | and then haproxy-internal.pem must be also somehow precreated, otherwise haproxy container will fail to start | 16:54 |
opendevreview | John Garbutt proposed openstack/kolla-ansible master: Improve RabbitMQ performance by reducing ha replicas https://review.opendev.org/c/openstack/kolla-ansible/+/822187 | 17:36 |
jingvar | I uses internal and external tls, in your case only have to set kolla_enable_tls_internal: yes | 17:38 |
*** amoralej is now known as amoralej|off | 17:55 | |
jamesbenson | Will kolla-ansible certificates generate all of the certs necessary for tls internal and external? | 18:09 |
opendevreview | John Garbutt proposed openstack/kolla-ansible master: Add rabbitmq message-ttl and queue expiry https://review.opendev.org/c/openstack/kolla-ansible/+/822191 | 18:18 |
jingvar | jamebensor: yes , for a test env | 18:29 |
jingvar | grep -r "Creating external Server Certificate signing request" | 18:30 |
jingvar | my example is a ansible playbook interpretations | 18:31 |
gueswhat | what is use case for internal/external VIP/TLS ? its only meant for listening on different interfaces ? | 18:57 |
supamatt | ls | 19:13 |
supamatt | sorry wrong window | 19:13 |
gueswhat | why haproxy fails to /var/lib/kolla/config_files/haproxy.pem when i am using kolla_externally_managed_cert: "true" ? thats weird, why it is looking to /var/lib/kolla/config_files/ dir ? | 21:11 |
gueswhat | i have certs ready in /etc/kolla/certificates/ | 21:12 |
-opendevstatus- NOTICE: The review.opendev.org server is being rebooted to validate a routing configuration update, and should return to service shortly | 22:28 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!