Friday, 2024-06-28

opendevreviewDawud proposed openstack/kolla master: Change logic for plugins in grafana image build  https://review.opendev.org/c/openstack/kolla/+/91318400:19
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible stable/2023.2: Fix kolla-ansible systemd restart behaviour  https://review.opendev.org/c/openstack/kolla-ansible/+/92302005:49
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible stable/2023.1: Fix kolla-ansible systemd restart behaviour  https://review.opendev.org/c/openstack/kolla-ansible/+/92302105:49
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible stable/2023.1: Fix kolla-ansible systemd restart behaviour  https://review.opendev.org/c/openstack/kolla-ansible/+/92302105:50
opendevreviewRoman Krček proposed openstack/kolla-ansible master: Performance: use filters for service dicts  https://review.opendev.org/c/openstack/kolla-ansible/+/91499707:15
SvenKieskemorning07:44
SvenKieske\o/07:44
mnasiadkaSvenKieske: so tell me - what's the chance that we break people that don't use docker live-restore with that patch? ;-)08:02
SvenKieskeit's alright, I shouldn't comment that late apparently :D08:02
SvenKieskeI already had the start of a headache, I should've left it at that point, I suppose.08:03
mnasiadkahaha :)08:04
SvenKieskeI added 4 small patches to the whiteboard, I'll not be present next week, except monday (vacation, yay!) but these are only asking for review/RP+1, so I guess no input needed from my side.08:04
mnasiadkaI will be off on Monday, but will have a look next week ;)08:04
SvenKieskeany stuff you guys need reviews on? I guess I'll look over the stuff from other people on the whiteboard08:08
opendevreviewMatúš Jenča proposed openstack/kolla-ansible master: Patch service-cert-copy role to be used w/o HAProxy  https://review.opendev.org/c/openstack/kolla-ansible/+/91590108:22
kevkomorning \o/08:49
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Fix prechecks for interfaces with dashes  https://review.opendev.org/c/openstack/kolla-ansible/+/92247808:49
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: test interface names with dashes  https://review.opendev.org/c/openstack/kolla-ansible/+/79454508:49
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: test interface names with dashes  https://review.opendev.org/c/openstack/kolla-ansible/+/79454508:50
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: test interface names with dashes  https://review.opendev.org/c/openstack/kolla-ansible/+/79454508:50
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: [DNM] Debug podman failed if healthcheck is disabled  https://review.opendev.org/c/openstack/kolla-ansible/+/92303208:57
kevkoguys, i found a problem in our kolla-ansible code and i really don't know how to deal with it 09:00
kevkoit's problem with ansible_python_interpreter and venv ... and i think there is no fix for it :/09:02
kevkoi have some ideas how to fix ..but it's little bit exotic fixes :D 09:02
kevkoand we probably need to resolve somehow with debian bookworm and ubuntu mantic coming :/09:04
jovialWhat is the problem?09:05
kevkowell, for now i am implementing some stuff for testing ... tempest/rally ...but that's not interisting for now ...main problem is that in some places in  a code i am using openstack.cloud module which has dependency for openstacksdk ... as you know ..the workflow for openstack.cloud is   -> use the module -> delegate_to localhost ...etc ... but i09:07
kevkohave openstacksdk installed in python environment ..so ansible_python_interpreter doesn't fit the location 09:07
kevkomoreover in CI we are using global override in globals to ansible_python_interpreter: /usr/bin/python3 09:07
kevkobut this is not issue only for my patch currently writing ...it's problem globally with ansible_python_interpreter and if user installing in virtualenv or not ...09:08
kevkoon newest distros as you know .. install pip globally it's prohibited ...lastly we fxed this .... i've built debian package and we installed globally 09:09
kevkoin my case ...openstack.cloud modules are just fauling ..because kolla-ansible with openstacksdk are installed in venv ...but ansible by default is trying to use global system interpreter 09:10
kevkoso simply said ..we need to somehow resolve this question globally ..if using venv or not ..09:10
kevkoi don't know if i described well ..ask please ...09:10
jovialWas a pretty clear explanation - thanks. To me it seems like we should recommend to always use a virtualenv and do that in the CI too.09:12
jovialIf we weren't recommending setting it at the extra vars level, we could set ansible_python_interpreter at the task level and that could use a venv with openstacksdk installed09:19
kevkojust want to point that this is not only for openstacksdk ...but also for docker/podman currenctly using and it's crucial dependency 09:22
kevkojovial: yeah, as you said ...we should use everywhere same location of venv and install stuff there ...then we can use our globally /var/lib/kolla/venv/python3 09:26
kevkojovial: another question how to deal with kolla-ansible is running on some host where we are installing packages in venv ... so docker/podman and potentionally others packages are installed in /var/lib/kolla/venv ...but in CI for example kolla-ansible code and openstacksdk etc needs to be installed also in this venv ..so interpreter can be set09:37
kevkoglobally ..and this can be broken ..09:37
SvenKieskeI would just install everything into a venv if possible at the current state.09:39
SvenKieskebut yes, might be problematic with libraries which are directly interfacing with host packages like docker/podman09:40
SvenKieskeit also would have some benefits though.09:40
SvenKieskewe might need to be able to select e.g. docker-py version in venv in order to match package docker outside venv, as it could be that different library versions support different distro package version ranges09:41
SvenKieskemaybe not a good example in the docker case, afaik we use upstream docker repo, no?09:41
kevkoSvenKieske: no :D 09:42
kevkoSvenKieske: it's packages from me I've uploaded to  debian directly (yes) ...but debian hias 2 years cycle ...so it's hosted on zigo's server I asked him for host 09:43
SvenKieskeok, i always have to look this stuff up, I don't like memorizing stuff that's in git :D09:43
SvenKieskekevko: I know :)09:43
kevkoSvenKieske: yeah, another option is to open new terminal window and prepare openstacksdk apt package and again ask zigo to host for me :D 09:44
SvenKieskeah wait, ok, was not aware we are using docker from zigos server? nice09:44
kevkoSvenKieske: i don't know if docker ...but 100 % sure that podman yes 09:44
SvenKieskeI have also some prior experience building packages etc. from my time with gentoo, debian and ubuntu. but I would say we rather should not build more debs I guess? :D09:44
SvenKieskeI mean that's why we stopped providing binary images, wasn't it? (I was not really around at that time, only as a user)09:45
kevkoSvenKieske: https://github.com/openstack/ansible-collection-kolla/blob/cf7b405c4aa788bb307020b739c93094ae0050a9/roles/podman_sdk/defaults/main.yml#L3709:46
SvenKieskebut only for non venv deployments it seems :)09:46
kevkoSvenKieske: yeah ! :D that's the point ...new debian and new ubuntu forbid to install without env :D 09:47
SvenKieskeI would just like to have everything be the same, where possible. greatly reduces variability, maintenance burden and test matrix09:47
kevkoSvenKieske: okay, you can say, fine ..we will finally use virtualenv everywhere09:47
SvenKieskeat least I would like to. I'm pretty sure there are also nice problems with venv everywhere :D09:48
SvenKieskebut maybe we can solve them, don't know just yet :D09:48
kevkoSvenKieske: but then you have to know that if you install minimal requirements for kolla run on hosts /var/lib/kolla/venv  ...you also need to install dependencies for kolla-ansible itself (and openstacksdk, and clients for CI ..etc) .... then you have exactly one venv ...that venv you previously installed ...why ? because you have to need09:49
kevkoansible_python_interpreter to be the same 09:49
kevkogot the point ? 09:49
kevkoand there can be potentional conflicts ...and also ...normally you don't need to mix those rquirements for kolla-ansible itself and remote hosts reuqirements 09:50
kevkoanother solution is finally have kolla-ansible container and use same path for virtualenv ...09:50
SvenKieskeyes, I would suggest we have/create a playbook, or rather bootstrap script for that, don't you think? so users don't get insane from dozens of installation instructions, just good old "curl $foo | sudo " :D09:50
kevkothat's not about playbook 09:51
SvenKieskeactually I like the container idea more :)09:51
kevkoyou just need to have everything in one venv 09:51
kevkofor example ...i don't have a problem ..because i am using container 09:51
SvenKieskejust do "docker pull kolla-ansible-bootstrap" or something and you are good to go09:51
SvenKieskebut do we use a venv inside the container, or not? ;)09:51
kevkoso my python interpreter is set to /usr/bin/python3 09:51
kevko(because i have kolla-ansible installed globally in container ..with dependencies also )09:52
kevkoand also i have gloablly installed everything on host 09:52
kevkoso on every place i have /usr/bin/python3 09:52
kevkoi found this problem just on CI :D 09:52
SvenKieskekevko: we use https://github.com/osism/container-image-kolla-ansible09:53
kevkoSvenKieske: i have my own 09:53
kevkohmmmm, probably i can install openstacksdk in kolla-toolbox as it's isolated and call there 09:54
kevkolet me try 09:54
kevkothanks god it's there :D 09:55
SvenKieskeI fuzzily remember the sdk already being installed there? But maybe I mix up the container with one of our downstreams09:56
kevkoi hope you are right 09:57
kevkohate if i need to resolve bunch of problems because something simple :D 09:57
SvenKieskehttps://github.com/openstack/kolla/blob/master/docker/kolla-toolbox/Dockerfile.j2#L7309:57
SvenKieskeit's there, from pip09:57
kevkocool09:58
kevko(kolla-toolbox)[root@controller0 /]# pip3 freeze | grep -i openstacksdk09:58
kevkoopenstacksdk==3.1.009:58
kevkobut then i need to also install openstack.cloud cloud collections :( 09:58
kevkotrap next to a trap09:59
SvenKieskecheck requirements.yaml it's also there10:00
SvenKieskehttps://github.com/openstack/kolla/blob/master/docker/kolla-toolbox/requirements.yml#L1110:00
kevkoanother trap :D 10:05
kevko<310:05
kevko:D10:05
kevkoSvenKieske: but coooool, working 10:22
SvenKieskeso, we shove everything into toolbox now? :D10:24
kevkowell, kolla-toolbox was designed for this :D 10:35
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Add rally role  https://review.opendev.org/c/openstack/kolla-ansible/+/92290010:42
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Try to test via rally  https://review.opendev.org/c/openstack/kolla-ansible/+/92290110:42
kevkopodman broken if user override healthcheck_enabled: "no"10:43
kevkohttps://review.opendev.org/c/openstack/kolla-ansible/+/92303210:43
opendevreviewMatúš Jenča proposed openstack/kolla-ansible master: Add support for RabbitMQ internode tls  https://review.opendev.org/c/openstack/kolla-ansible/+/92138110:51
jovial:q11:46
opendevreviewMichal Arbet proposed openstack/kolla master: Trivial fix letsencrypt base image  https://review.opendev.org/c/openstack/kolla/+/92304512:19
opendevreviewMerged openstack/kolla-ansible master: Patch service-cert-copy role to be used w/o HAProxy  https://review.opendev.org/c/openstack/kolla-ansible/+/91590112:26
bbezakkevko, frickler: got a sec to look into https://review.opendev.org/c/openstack/kolla/+/913184 ?12:44
dougszuA small one that's been blocked on minor changes for a while: https://review.opendev.org/c/openstack/kolla/+/91318412:44
kevkobbezak: yep12:46
bbezakthx kevko12:47
kevkobbezak: commented 12:48
kevkobbezak: btw, >> can u ? >> https://review.opendev.org/c/openstack/kolla/+/923045 << typo only12:49
bbezaksyre12:49
bbezaksure :)12:49
bbezakanother typo12:49
bbezakand then cherry pick to 2023.2. probably worthy a launchpad bug kevko if I'd be super picky :)12:53
kevkobbezak: well, it's bug ..yeah ..but not affecting users ... 12:54
kevkobbezak: so i would prefer to not create launchpad 12:54
kevkoi just think it can be quickly cherry-picked to stable ...12:54
bbezakack12:54
kevkobbezak: check the cooment about those plugins install ..i think reasonable 12:55
bbezakk12:56
SvenKieskethat's a weird "typo" almost all characters are different, how do you type "cinder" instead of "letsencrypt"? ;) but just another case in point that nobody will spot all errors in +600lines long changesets13:28
SvenKieskeso we really should do smaller changes where possible, split stuff up. :)13:29
SvenKieskemhm, should we backport https://review.opendev.org/c/openstack/kolla-ansible/+/915901 ? I did vote +1 on backport and nobody objected, but the change actually doesn't have any associated bug.13:30
SvenKieskeif we agree on backporting I can create a bugreport for that13:30
kevkoSvenKieske:  I replied to your comment ... how you can split the patch which is depends-on in kolla-ansible ? 13:31
SvenKieskekevko: for example the addition of rsync package can be split out13:32
SvenKieskeI guess the complete ssh stuff could be split as well13:33
kevkoSvenKieske: what is this ? i think it's bugfix ... as it is in master ..and also in 2024.1 and 2023.2 https://review.opendev.org/c/openstack/kolla/+/920279  <<< 13:33
kevkoplease explain to me 13:33
kevkoSvenKieske: no it can't ... how ? 13:33
kevkoSvenKieske: if you remove haproxy-ssh ..job for letsencrypt will fail ...13:34
kevkoSvenKieske: i really didn't get it ...another example ? 13:34
SvenKieskeit's not about removing but adding. if $a implies $b that doesn't necessarily mean $b implies $a. so if you say "I can't remove foo, else bar will break" that doesn't mean you can't also "introduce foo without introducing bar"13:35
SvenKieskehttps://review.opendev.org/c/openstack/kolla/+/920279 was a bit special, because gating and publish jobs where broken13:36
SvenKieskeand ftr I strongly dislike having "special" patches which have different rules. I wouldn't have them if I could rule everything. But I can look at it from other people's point of view and understand that unbrekaing gate has higher prio for them then following some rule.13:37
kevkoSvenKieske: so you are saying that this was special because it didn't affect users ...13:37
kevkoSvenKieske: this is same story ...13:37
SvenKieskekevko: I'm unsure about the impact on users wrt your LE patch, that's why I didn't -1 it :)13:38
SvenKieskeso I tend to believe you that there is no impact, thus no -1. I still think a reno is good everytime.13:38
SvenKieskeand I also understand being frustrated when rules are not applied to every patch always the same, no matter the author or content.13:39
SvenKieskebut I think I wouldn't attribute to malice which can be equally explained by us all just being poor imperfect humans who make mistakes all the time with applying rules. that's why we invented computers I think ;913:40
kevkoSvenKieske: A little lightheartedness - do you know what rules are for? They are there to be broken :)13:41
SvenKieskethat's why I personally would just have a bot scan commit messages and if it says "fixes" and there is no reno -> no merge possible W-1. so it's enforced everytime and nobody can complain, well reality would be everyone would complain ;)13:41
SvenKieskeyes, we always need escape hatches, because rules are, well for general cases, there will always be the super special case where some rule doesn't apply. "checks and balances" like the us americans like to say.13:43
kevkoSvenKieske: I just want to say that you need a certain amount of sensitivity when evaluating; release notes are primarily for users. That means, from my perspective, they shouldn't be filled with nonsense, but with real bug fixes.13:43
SvenKieskestill I would like to see most rules be enforced by CI bots, humans are very poor at it, and it's a lot of work that can be automated. you can always have a core reviewer overrule a bot in special cases imho.13:43
SvenKieskekevko: absolutely agree! as I said: I'm really unsure about the impact of that LE change. why didn't anybody notice? what is it good for if it didn't break anybody? :D13:44
SvenKieskeI find the more interesting part how we introduce this bug, by these huge patches, where nobody reads every line with 100% scrutiny and bugs slip through. I'm more interested in preventing bugs in the first place.13:45
kevkoSvenKieske: firstly, it's base image ..so if anyone found that mistake ..he just didn't used base_image variable for additional install ..but used another two variables (in case he wanted to install something additional into images )13:46
SvenKieskekevko: any opinion on backporting the service-cert-copy stuff? https://review.opendev.org/c/openstack/kolla-ansible/+/915901 I can handle bug creation and backports. just don't want to do it, if a backport is deemed to high risk13:47
kevkoSvenKieske: and I am not sure ... but i think this is only about naming convention ...if you will add 'foo' as name ..it will be working in same way 13:47
kevkoSvenKieske: because there is | customizable(packages)13:47
SvenKieskeyeah, I guess I need to have a look myself, my question is, what is in "letsencrypt_base_packages" that is so useless that nobody noticed that it wasn't installed?13:50
kevkoAs you know, I'm lenient about this :) ^^ 13:50
SvenKieskemhm, weird, that seems to be completely unused?Is my tree out of date? :D13:51
kevkoSvenKieske: yeah :D 13:52
opendevreviewMichal Arbet proposed openstack/kolla master: Trivial fix letsencrypt base image  https://review.opendev.org/c/openstack/kolla/+/92304513:52
kevkoSvenKieske: we were blind again :D 13:52
kevkoSvenKieske: That means even extremely small patches don't help :D :D :D 13:53
SvenKieskewell, we did spot it in this one liner, because that made me actually grep for both variables in the code base. you don't do that with every variable in 500 line changes, do you?13:54
SvenKieskeso I would say it really helped :)13:55
SvenKiesketake my +113:55
kevkoSvenKieske: i am checkouting the change and yeah ..i am doing it , grepping for unused vars in kolla-ansible ..and some other stuff13:56
kevkoand 600 lines it's not too much 13:56
SvenKieskevery honorable, I try to do that as well, but it seems 4-6 people missed that, and that's even easy to spot, right? I mean why would "cinder" crop up in a LE only dockerfile?13:57
SvenKieskethat could've already been spotted even without any grepping the codebase. just by looking at it. I'm just mad at myself I didn't see it :D13:57
kevkobecause i written that patch ...and i am just lazy to write them all ..so i am doing cp xyz/ new-image/13:58
kevkoand then i am rewriting 13:58
kevkosomething as reno new templates/bugfix   ...or how it is that command :D 13:58
SvenKieskethat reinforces something I learned some years ago: there are _no_ trivial changes, like at all. That day I learned that by reviewing a one line change from the main author of a codebase with over 20 years of experience. he had 3 bugs on this one line.13:59
SvenKieskemankind is not built for computers, we are too error prone :)13:59
kevkoSvenKieske: i am open to git commit --amend and git review every time even if need to fix some comment ...but that means for example loose of one +2 ..which will result in month delay actually (sometimes )14:00
SvenKieskekevko: sure :D I know that pain14:09
SvenKieskemhm I can't check if the base package var for cinder is empty when only building le base container, need to repair my kolla venv first..I guess I changed something in the requirements file..14:20
kevkoi have more important work :D 14:26
opendevreviewMatúš Jenča proposed openstack/kolla-ansible master: Add documentation for caching.  https://review.opendev.org/c/openstack/kolla-ansible/+/91828515:08
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Fix prechecks for interfaces with dashes  https://review.opendev.org/c/openstack/kolla-ansible/+/92247816:45
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: test interface names with dashes  https://review.opendev.org/c/openstack/kolla-ansible/+/79454516:46
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: test interface names with dashes  https://review.opendev.org/c/openstack/kolla-ansible/+/79454516:46
opendevreviewMerged openstack/kolla master: Trivial fix letsencrypt base image  https://review.opendev.org/c/openstack/kolla/+/92304517:24
opendevreviewMerged openstack/kolla master: Change logic for plugins in grafana image build  https://review.opendev.org/c/openstack/kolla/+/91318418:23
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: Fix prechecks for interfaces with dashes  https://review.opendev.org/c/openstack/kolla-ansible/+/92247818:38
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: CI: test interface names with dashes  https://review.opendev.org/c/openstack/kolla-ansible/+/79454518:38
BalsaRunning Kolla 18 (2024.1) I want to use ACME/LetsEncrypt certs for SSL, is there a guide floating around to do this22:01
BalsaI looks like its built in, but I'm getting deployment errors about invalidated certs when haproxy comes up22:02
Balsathe "Generating TLS certificates with Let’s Encrypt" part of the docs doesn't seem complete, its missing what dependencies in the configs it needs it seems 22:12

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!