| mnasiadka | hrw: reminding :) | 07:22 |
|---|---|---|
| hrw | mnasiadka: about? | 07:26 |
| hrw | mnasiadka: https://copr.fedorainfracloud.org/coprs/hrw/erlang-25-for-rabbitmq/build/6113185/ started | 07:32 |
| mnasiadka | hrw: erlang 25 :) - it's Monday ;) | 07:32 |
| mnasiadka | nice, thanks | 07:32 |
| hrw | 25.3.2 or 25.2.3 - the latest 25.x one | 07:32 |
| hrw | 25.3.2 ;D | 07:33 |
| mnasiadka | 25.3.2 is fine ;) | 07:42 |
| hrw | 09:47 <fedora-notif___> hrw's erlang-25-for-rabbitmq copr build of erlang-25.3.2-1 for centos-stream-8-aarch64 finished with 'success' https://copr.fedoraproject.org/coprs/hrw/erlang-25-for-rabbitmq/build/6113185/ | 07:48 |
| hrw | 09:48 <fedora-notif___> hrw's erlang-25-for-rabbitmq copr build of erlang-25.3.2-1 for centos-stream-9-aarch64 finished with 'success' https://copr.fedoraproject.org/coprs/hrw/erlang-25-for-rabbitmq/build/6113185/ | 07:48 |
| hrw | mnasiadka: so feel free to use those repos where needed | 07:48 |
| mnasiadka | will do, thanks | 07:54 |
| hrw | yw | 07:58 |
| opendevreview | Michal Nasiadka proposed openstack/kolla stable/yoga: ovsdpdk: add libdpdk-dev https://review.opendev.org/c/openstack/kolla/+/880317 | 08:12 |
| opendevreview | Michal Nasiadka proposed openstack/kolla stable/yoga: Update support matrix https://review.opendev.org/c/openstack/kolla/+/875341 | 08:14 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: ubuntu: mark collectd and telegraf as buildable https://review.opendev.org/c/openstack/kolla/+/884001 | 08:15 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: ubuntu: mark collectd and telegraf as buildable https://review.opendev.org/c/openstack/kolla/+/884001 | 08:16 |
| opendevreview | Michal Nasiadka proposed openstack/kolla stable/yoga: opensearch: move to yum/apt repos https://review.opendev.org/c/openstack/kolla/+/883716 | 08:17 |
| opendevreview | Michal Nasiadka proposed openstack/kolla stable/yoga: opensearch: move to yum/apt repos https://review.opendev.org/c/openstack/kolla/+/883716 | 08:18 |
| opendevreview | Michal Nasiadka proposed openstack/kolla stable/yoga: opensearch-dashboards: Fix permissions https://review.opendev.org/c/openstack/kolla/+/884375 | 08:18 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: Use erlang-25 from copr on aarch64 https://review.opendev.org/c/openstack/kolla/+/886948 | 08:37 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: mariadb: Bump to current LTS (10.11) https://review.opendev.org/c/openstack/kolla/+/882924 | 08:48 |
| opendevreview | Matt Crees proposed openstack/kolla-ansible stable/yoga: Correct [pci] syntax in Nova SRIOV documentation https://review.opendev.org/c/openstack/kolla-ansible/+/885010 | 09:18 |
| opendevreview | Verification of a change to openstack/kolla stable/zed failed: opensearch: drop unnecessary workarounds https://review.opendev.org/c/openstack/kolla/+/886833 | 10:36 |
| opendevreview | Verification of a change to openstack/kolla stable/2023.1 failed: opensearch: drop unnecessary workarounds https://review.opendev.org/c/openstack/kolla/+/886832 | 10:37 |
| opendevreview | Verification of a change to openstack/kolla stable/zed failed: opensearch: drop unnecessary workarounds https://review.opendev.org/c/openstack/kolla/+/886833 | 11:20 |
| opendevreview | Verification of a change to openstack/kolla stable/2023.1 failed: opensearch: drop unnecessary workarounds https://review.opendev.org/c/openstack/kolla/+/886832 | 12:20 |
| mnasiadka | hmm, The repository 'https://launchpad.net/~rabbitmq/+archive/ubuntu/rabbitmq-erlang-25 jammy Release' does not have a Release file. | 12:37 |
| guesswhat[m] | Why is net.ipv4.ip_forward disabled for kolla and its requirement? Thanks | 12:37 |
| guesswhat[m] | I would like to spin additional containers, but host mode networking is quite tricky | 12:37 |
| mnasiadka | We just don't set it, right? https://review.opendev.org/c/openstack/kolla-ansible/+/809977 | 12:41 |
| mnasiadka | just set it on your own if you're happy with it | 12:41 |
| guesswhat[m] | docker package is setting it ( otherwise bridge network would not work ), but its 0 infact | 12:44 |
| guesswhat[m] | so kolla is setting it | 12:45 |
| guesswhat[m] | https://github.com/openstack/kolla-ansible/commit/da476a7fea9f4e32e76ba6b1fbb46a3e4b78dcff | 12:46 |
| SvenKieske | there's a todo comment to remove that in zed cycle, mhmm | 13:00 |
| guesswhat[m] | mgoddard: ping ^ | 13:06 |
| opendevreview | Adam Stackhouse proposed openstack/kolla-ansible master: Adding mariadb_port to wsrep sync status so alterative ports can be used https://review.opendev.org/c/openstack/kolla-ansible/+/886581 | 13:30 |
| opendevreview | Merged openstack/kolla stable/zed: opensearch: drop unnecessary workarounds https://review.opendev.org/c/openstack/kolla/+/886833 | 14:00 |
| guesswhat[m] | Is Skyline tested enough ? Trying to logging via admin, but getting Username or password is incorrect, while horizon auth is working correctly. Thanks | 14:09 |
| opendevreview | Merged openstack/kolla stable/2023.1: opensearch: drop unnecessary workarounds https://review.opendev.org/c/openstack/kolla/+/886832 | 14:15 |
| SvenKieske | guesswhat[m]: do you mean the k-a side or skyline in general? I'd be interested in an answer for skyline in general as well, as i've never used it personally, yet. | 15:00 |
| mnasiadka | SvenKieske: it has been removed AFAIK | 15:16 |
| mnasiadka | guesswhat[m]: we are not responsible for testing an OpenStack project, we just deploy it - if it's in early stages (like skyline) - expect a bumpy ride. | 15:16 |
| kevko | SvenKieske i've replied to your comment | 15:17 |
| mnasiadka | kevko, hrw, frickler: https://review.opendev.org/c/openstack/kolla/+/886948 rabbitmq centos/rocky aarch64 is happy, ubuntu needs to be solved with a separate patch | 15:18 |
| hrw | bumped to +2 | 15:21 |
| mnasiadka | thanks | 15:24 |
| frickler | ip_forward was removed in zed https://review.opendev.org/c/openstack/kolla-ansible/+/855259 | 15:46 |
| mnasiadka | frickler: I think you're designate savvy - any idea what to do with this https://review.opendev.org/c/openstack/kolla/+/886636 ? Either we switch the user to root - or add an option in kolla_docker to specify a user and in infoblox case run it as root | 16:00 |
| mnasiadka | and I think it's time for https://review.opendev.org/c/openstack/kolla-ansible/+/886485?tab=change-view-tab-header-zuul-results-summary | 16:01 |
| guesswhat[m] | SvenKieske: k-a as its proly not configured correctly, so just asking :) | 16:18 |
| frickler | mnasiadka: ack for the latter, -2 for the former | 16:19 |
| mnasiadka | frickler: ah, haven't noticed that we have a docs entry to build your own container | 16:19 |
| mnasiadka | let me update my comment ;) | 16:19 |
| SvenKieske | kevko: ah thank you! I didn't expect to have multiple checks in place for the same thing, so didn't bother to look elsewhere | 16:19 |
| guesswhat[m] | frickler: so since zed its always 0, and its not possible to use bridge networking for docker containers, right? | 16:20 |
| SvenKieske | you can if you set it manually to 1? | 16:21 |
| guesswhat[m] | not sure which host vulnerability relates to this, theres no mention | 16:24 |
| mnasiadka | if you don't have a firewall - and have forwarding enabled globally - this can be a security flaw | 16:26 |
| guesswhat[m] | i see, its not possible to enable forwarding per interface, right | 16:29 |
| SvenKieske | yes, it is possible to define that per interface: https://serverfault.com/a/857013 | 16:35 |
| SvenKieske | most network sysctls work that way | 16:35 |
| guesswhat[m] | edit: its possible, so if I enable it for non mangement, non external should do the trick | 16:36 |
| guesswhat[m] | Got single baremetal, two nics ( ip of server, range for for external network ), two dummy nics ( management, octavia ) | 16:37 |
| guesswhat[m] | I just need to create few containers , reverse proxy, openid provider, nfs, etc.. its doable with host networking , but binding it to management dummy interface ip is not always possible | 16:39 |
| opendevreview | Verification of a change to openstack/kolla master failed: Use erlang-25 from copr on aarch64 https://review.opendev.org/c/openstack/kolla/+/886948 | 16:53 |
| opendevreview | Merged openstack/kolla-ansible stable/2023.1: Refactor MariaDB and RabbitMQ restart procedure https://review.opendev.org/c/openstack/kolla-ansible/+/886485 | 17:37 |
| guesswhat[m] | hmm, this one ( docker_disable_default_iptables_rules ) https://github.com/openstack/kolla-ansible/blob/master/ansible/group_vars/all.yml#L116 is probably breaking networking for docker containers | 19:04 |
| guesswhat[m] | so kayobe custom containers probably also using host networking | 19:05 |
| guesswhat[m] | I dont understand to this (" A common problem is that Docker sets the default policy of the | 19:17 |
| guesswhat[m] | ``FORWARD`` chain in the ``filter`` to ``DROP``. " ) https://github.com/openstack/kolla-ansible/blob/1e9f19aa6b2278fe4cd6399a33dff130a48586de/releasenotes/notes/docker-disable-iptables-e9a248a0515f30a6.yaml#L8-L9 , so what would be the ideal state ? | 19:17 |
| guesswhat[m] | <mnasiadka> "if you don't have a firewall..." <- how this firewall rule should look like ? | 20:53 |
| guesswhat[m] | <guesswhat[m]> "how this firewall rule should..." <- or can I use docker_disable_default_iptables_rules: "no", which will enable iptables and forwarding ( for all interfaces ) and manually disable net.ipv4.conf.br-ex.forwarding and net.ipv4.conf.br-int.forwarding ? | 21:03 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!