| stan | kevko Yes that is the patch indeed. https://youtu.be/lR5Odyr1efQ | 03:47 |
|---|---|---|
| stan | kevko wait you can do consul for masakari instead of pacemaker? | 03:49 |
| kevko | haha, interisting that oslo stuff with consul :D | 07:36 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Switch mariadb's loadbalancer from HAProxy to ProxySQL https://review.opendev.org/c/openstack/kolla-ansible/+/913724 | 07:37 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add backend TLS between MariaDB and ProxySQL https://review.opendev.org/c/openstack/kolla-ansible/+/909912 | 07:37 |
| opendevreview | Michal Arbet proposed openstack/kolla-ansible master: Switch mariadb's loadbalancer from HAProxy to ProxySQL https://review.opendev.org/c/openstack/kolla-ansible/+/913724 | 07:49 |
| opendevreview | Michal Arbet proposed openstack/kolla-ansible master: Add backend TLS between MariaDB and ProxySQL https://review.opendev.org/c/openstack/kolla-ansible/+/909912 | 07:49 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add frontend TLS ability to ProxySQL https://review.opendev.org/c/openstack/kolla-ansible/+/925500 | 07:49 |
| opendevreview | Matúš Jenča proposed openstack/kolla-ansible master: Add frontend database TLS for Keystone https://review.opendev.org/c/openstack/kolla-ansible/+/925507 | 07:51 |
| opendevreview | Michal Arbet proposed openstack/kolla-ansible master: Add frontend TLS ability to ProxySQL https://review.opendev.org/c/openstack/kolla-ansible/+/925500 | 07:56 |
| opendevreview | Michal Arbet proposed openstack/kolla-ansible master: Add frontend database TLS for Keystone https://review.opendev.org/c/openstack/kolla-ansible/+/925507 | 07:56 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible stable/2024.1: [2024.1-only] fluentd: don't check labels in check_mode https://review.opendev.org/c/openstack/kolla-ansible/+/930496 | 08:01 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible master: CI: Create cluster in Magnum jobs https://review.opendev.org/c/openstack/kolla-ansible/+/904493 | 08:06 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible master: CI: Create cluster in Magnum jobs https://review.opendev.org/c/openstack/kolla-ansible/+/904493 | 08:41 |
| opendevreview | Michal Arbet proposed openstack/kolla-ansible master: Drop support for py38, py39 https://review.opendev.org/c/openstack/kolla-ansible/+/929408 | 08:51 |
| opendevreview | Michal Arbet proposed openstack/kolla-ansible master: Add ansible-core as a dependency https://review.opendev.org/c/openstack/kolla-ansible/+/922369 | 08:51 |
| kevko | mnasiadka: is there a reason why we are not running apache as a user not root ? | 08:53 |
| kevko | morning btw | 08:53 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: CI: bump aarch64 job timeouts https://review.opendev.org/c/openstack/kolla/+/930541 | 09:00 |
| mnasiadka | kevko: I remember something regarding wsgi | 09:01 |
| kevko | mnasiadka: because i am very curious about that ...work on some controversial patch :) ..so i am looking into deeply | 09:01 |
| kevko | i think permissions ... | 09:01 |
| opendevreview | Jakub Darmach proposed openstack/kayobe master: CI: bump previous release to 2024.1 in Dalmatian https://review.opendev.org/c/openstack/kayobe/+/930277 | 09:01 |
| kevko | nevermind, would it be welcome ? | 09:03 |
| mnasiadka | I think the big question we need to ask, is if we want to use mod_wsgi | 09:06 |
| SvenKieske | kevko: only thing apache needs root for is open port 80/443 (not technically correct, you need just CAP_NET_BIND_SERVICE ) | 09:06 |
| kevko | mnasiadka: yeah, that's another question ... because of that wsgi script pbr (or what is it ... ) will not be generated anymore , right ? | 09:07 |
| kevko | but i think apache + wsgi working very nice, isn't it ? | 09:07 |
| SvenKieske | ok that seems to need root permissions if you want to change the user (for the user change of course): https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html | 09:08 |
| SvenKieske | but that's technically not apache needing it but wsgi | 09:08 |
| mnasiadka | kevko: but we don't really need Apache, we could think of using something like gunicorn (because uwsgi is basically dead) | 09:09 |
| mnasiadka | Apache/nginx could be used for Keystone because of OIDC/SAML2 | 09:09 |
| SvenKieske | if you look at gunicorn docs it still states: Gunicorn is a WSGI HTTP server. It is best to use Gunicorn behind an HTTP proxy server. We strongly advise you to use nginx. | 09:10 |
| SvenKieske | so not really a solution to replace nginx in front, if even the devs don't trust it ;) | 09:11 |
| SvenKieske | or outdated web page, IDK. | 09:11 |
| SvenKieske | but it doesn't inspire confidence, either way :) | 09:11 |
| kevko | In my opinion, it's quite cobbled together in the Kolla repository regarding Apache | 09:14 |
| kevko | so i am playing with it little bit | 09:14 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible master: octavia: Use valid_interfaces instead of endpoint_type https://review.opendev.org/c/openstack/kolla-ansible/+/912359 | 09:18 |
| kevko | SvenKieske: regarding apache ..don't you need also log directory to be writeable ? | 09:25 |
| SvenKieske | well yes, but you just set appropriate permissions on those or directly forward to a decent logshipper, e.g. via piped logs: https://httpd.apache.org/docs/current/logs.html#piped | 09:28 |
| SvenKieske | that's quite nice if you need e.g. to split access logs for different users with different permissions and different access log folders. but don't do it in bash, it's a performance and ordering nightmare | 09:30 |
| Fl1nt | Hi everyone! | 09:48 |
| Fl1nt | quick question, let say on a configuration template I want to retrieve the host management IP what is the variable name we use on kolla-ansible? | 09:49 |
| kevko | Hi | 09:49 |
| kevko | api_interface_address | 09:49 |
| Fl1nt | I want to do something like: hostvars[host]['mgmt_address'] | 09:49 |
| kevko | yep | 09:50 |
| Fl1nt | kevko, is api_interface the internal api interface and not the mgmt_net? | 09:50 |
| Fl1nt | Or maybe management network was deprecated long time ago? | 09:51 |
| kevko | maybe | 09:51 |
| kevko | api_interface_address is that address on internal network to which is for example send haproxy the traffic | 09:52 |
| Fl1nt | yes, the problem is I want to safely fallback on the host internal management interface, not really the interface where APIs services bind. | 09:52 |
| opendevreview | Jakub Darmach proposed openstack/kayobe master: Add support for Ubuntu Noble Numbat (24.04) LTS https://review.opendev.org/c/openstack/kayobe/+/930026 | 09:59 |
| opendevreview | Michal Nasiadka proposed openstack/kayobe master: kolla-build: Add support for cross-arch builds https://review.opendev.org/c/openstack/kayobe/+/930204 | 10:05 |
| kevko | SvenKieske: mnasiadka: What are u saying for oslo spec from bobcat ? http driver for rpc clients | 10:10 |
| kevko | https://opendev.org/openstack/oslo-specs/commit/b440f3dccd2edf6e55a5384b0364be69a291a8a2 << Consul :-O | 10:10 |
| kevko | :D | 10:10 |
| mnasiadka | I'm not going into the game of packaging Consul in Kolla :) | 10:11 |
| kevko | haha :D | 10:11 |
| kevko | no - i am really curious ... | 10:11 |
| kevko | i already implemented downstream :) | 10:11 |
| kevko | and working nice | 10:11 |
| opendevreview | Michal Nasiadka proposed openstack/kayobe master: kolla-build: Add support for cross-arch builds https://review.opendev.org/c/openstack/kayobe/+/930204 | 10:13 |
| kevko | Fl1nt so network_interface ? > https://docs.openstack.org/kolla-ansible/latest/admin/production-architecture-guide.html#address-family-configuration-ipv4-ipv6 | 10:16 |
| kevko | Fl1nt: api_interface is default = network_interface ...but i think you can specify it separately | 10:16 |
| Fl1nt | kevko, we use multiple vlans, so our network_interface default to the nic that handle address less neutron provider nic, api_interface use 10.2.0.0/24 where management use 10.1.0.0/24 but I'll use api_interface for the patch tho and discuss that point with you all on the review directly. | 10:18 |
| Fl1nt | if anyone have a better suggestion I'll be glad to implement it on the patch | 10:19 |
| kevko | Fl1nt: i am not sure if understand | 10:46 |
| Fl1nt | Don't worry, I'll push the patch and we can then discuss further on the review itself as it comes with docs/reno etc, that would be easier to understand ^^ | 10:48 |
| kevko | okay | 10:50 |
| kevko | I'm discovering chaos in permissions, in kolla the combination of set_configs, set gid for kolla logs, and the fact that every project uses it differently is terrifying me | 11:16 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: dev-mode: Run kolla_install_projects using sudo https://review.opendev.org/c/openstack/kolla/+/930559 | 11:40 |
| mnasiadka | kevko: we broke dev-mode ^^ ;-) | 11:41 |
| opendevreview | Rafal Lewandowski proposed openstack/kolla-ansible master: [WIP] Enable ML2/OVN and distributed FIP by default. https://review.opendev.org/c/openstack/kolla-ansible/+/904959 | 11:45 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible master: Add ansible-core as a dependency https://review.opendev.org/c/openstack/kolla-ansible/+/922369 | 11:48 |
| opendevreview | Michal Nasiadka proposed openstack/kolla-ansible master: CI: Create cluster in Magnum jobs https://review.opendev.org/c/openstack/kolla-ansible/+/904493 | 11:53 |
| Fl1nt | Just to be noticed, I'll rename the current prometheus_bmc_exporter patchset/effort to prometheus_ipmi_exporter in order to be more readable and allow for prometheus_redfish_exporter introduction letting user choose which interface they want to use. | 11:54 |
| SvenKieske | mnasiadka: doesn't this need a backport, or did we only break master? so add reno/bug pls if it's not only affecting master. | 11:54 |
| mnasiadka | only master | 11:54 |
| SvenKieske | ah, that's good | 11:55 |
| opendevreview | Michal Nasiadka proposed openstack/kayobe master: Revert "[release] Use OpenStack 2024.1 release" https://review.opendev.org/c/openstack/kayobe/+/930566 | 12:21 |
| opendevreview | Michal Nasiadka proposed openstack/kayobe master: Revert "[release] Use OpenStack 2024.1 release" https://review.opendev.org/c/openstack/kayobe/+/930566 | 12:24 |
| opendevreview | Jakub Darmach proposed openstack/kayobe master: CI: bump previous release to 2024.1 in Dalmatian https://review.opendev.org/c/openstack/kayobe/+/930277 | 12:32 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: DNM: Try building aarch64 on x86 https://review.opendev.org/c/openstack/kolla/+/930571 | 12:35 |
| opendevreview | Merged openstack/kolla-ansible master: Drop support for py38, py39 https://review.opendev.org/c/openstack/kolla-ansible/+/929408 | 12:50 |
| kevko | mnasiadka: I will check ... I don't think it will be something hard to fix... | 12:53 |
| kevko | mnasiadka: will be near PC in minutes | 12:53 |
| mnasiadka | kevko: https://review.opendev.org/c/openstack/kolla/+/930559 - fix here | 12:54 |
| kevko | mnasiadka: I would say that it's a bug that has been there, but just showed up now. | 12:59 |
| mnasiadka | kevko: not really, we merged patches that completely reworked dev-mode | 12:59 |
| mnasiadka | https://review.opendev.org/c/openstack/kolla/+/925712 - this one | 13:00 |
| kevko | ah , ok | 13:01 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: DNM: Try building aarch64 on x86 https://review.opendev.org/c/openstack/kolla/+/930571 | 13:13 |
| opendevreview | Gaël THEROND proposed openstack/kolla-ansible master: Add new hardware prometheus exporter: https://review.opendev.org/c/openstack/kolla-ansible/+/930579 | 13:15 |
| Fl1nt | raaaaah fuuu... it created a new review... | 13:18 |
| opendevreview | Jakub Darmach proposed openstack/kayobe master: Add support for Ubuntu Noble Numbat (24.04) LTS https://review.opendev.org/c/openstack/kayobe/+/930026 | 13:19 |
| opendevreview | Jakub Darmach proposed openstack/kayobe master: Bump previous release to 2024.1 in Dalmatian https://review.opendev.org/c/openstack/kayobe/+/930277 | 13:22 |
| opendevreview | Jakub Darmach proposed openstack/kayobe master: Bump previous release to 2024.1 in Dalmatian https://review.opendev.org/c/openstack/kayobe/+/930277 | 13:23 |
| opendevreview | Gaël THEROND proposed openstack/kolla-ansible master: Add new hardware prometheus exporter: https://review.opendev.org/c/openstack/kolla-ansible/+/922211 | 13:42 |
| Fl1nt | kevko, if you ever feel motivated to give a review to this patch :D Your remarks will be welcomed. | 13:44 |
| kevko | Fl1nt: this one ? ^ | 13:49 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: DNM: Try building aarch64 on x86 https://review.opendev.org/c/openstack/kolla/+/930571 | 13:49 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: DNM: Try building aarch64 on x86 https://review.opendev.org/c/openstack/kolla/+/930571 | 13:50 |
| Fl1nt | kevko, yep, this one :D https://review.opendev.org/c/openstack/kolla-ansible/+/922211 | 13:50 |
| Fl1nt | but feel free to ignore it if you ever have anything more urgent, I've it working on prod so it's basically just a contribution back to upstream :D | 13:51 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: DNM: Try building aarch64 on x86 https://review.opendev.org/c/openstack/kolla/+/930571 | 13:51 |
| kevko | Fl1nt: you can chech mine https://review.opendev.org/c/openstack/kolla/+/915440 < :) | 13:53 |
| kevko | Fl1nt: and this https://review.opendev.org/c/openstack/kolla/+/829295 | 13:53 |
| kevko | mnasiadka: btw, you mentioned yesterday that you will check my patches tomorrow (today) ...did you have a time ? | 13:54 |
| opendevreview | Michal Nasiadka proposed openstack/kolla master: DNM: Try building aarch64 on x86 https://review.opendev.org/c/openstack/kolla/+/930571 | 13:55 |
| opendevreview | Jakub Darmach proposed openstack/kayobe master: Add support for Ubuntu Noble Numbat (24.04) LTS https://review.opendev.org/c/openstack/kayobe/+/930026 | 13:55 |
| Fl1nt | kevko, sure | 14:00 |
| Fl1nt | kevko, nice work on the config.json reconciliation functions. | 14:05 |
| mnasiadka | SvenKieske: https://review.opendev.org/c/openstack/kolla-ansible/+/912420 - do you have time to have a look? I would prefer to have something instead of discussing about the ideal solutions. | 14:06 |
| kevko | Fl1nt: yeah, working ... | 14:06 |
| Fl1nt | kevko, regarding the monkey patching to, instead of using a specific patch block, why don't you just let the user leverage the footer block? That's indeed how we currently do it. | 14:08 |
| Fl1nt | I mean, keep the macro but located on footer. | 14:08 |
| opendevreview | Roman Krček proposed openstack/kolla-ansible master: Rewrite kolla-ansible CLI to python https://review.opendev.org/c/openstack/kolla-ansible/+/923110 | 14:15 |
| kevko | detail | 14:16 |
| Fl1nt | aaaah nevermind, I've catchup on why ^^ | 14:17 |
| Fl1nt | ok, gotsha. | 14:17 |
| Fl1nt | just for me to be sure kevko, do we agree that when you talk about patch, you talk about git diff patch right? Not just simple overrides right? | 14:18 |
| Fl1nt | seems so from the kolla_patch.sh script, but I do prefer to ask before making any comment :D | 14:20 |
| kevko | Fl1nt: yeah, the reason is that sometimes we find a really dangerous or breaks-everything bug ... for example oslo librarry ...instead of build your own pip package repo ...or complicated overrides ... or no need to modify upper constraints ..you just download a patch from gerrit ...fit to your file ....and build | 14:22 |
| kevko | Fl1nt: you can't build your version - can conflict, even if you will - you need to fix also requirements, ...like you need to do several things to fix something in image .... this is just about add a patchfile and run the build | 14:23 |
| Fl1nt | got it yep, that's pretty much how we currently do it on our side but with an external to kolla-ansible mecanism so glade someone worked on it on upstream cool | 14:28 |
| opendevreview | Roman Krček proposed openstack/kolla-ansible master: Reintroduce kolla-ansible check https://review.opendev.org/c/openstack/kolla-ansible/+/599735 | 14:29 |
| Fl1nt | kevko, which buddy are you on the patch? Can't Bartosz? | 14:31 |
| SvenKieske | mnasiadka: sorry, currently not really much time, on sunday maybe. but I'm not really blocking on that review, am I? :) | 14:31 |
| Fl1nt | -can't | 14:31 |
| Fl1nt | kevko, done | 14:34 |
| kevko | Fl1nt: /whois kevko :D | 14:38 |
| kevko | Michal Arbet | 14:39 |
| Fl1nt | Yeah I saw the review owner too late :p | 14:46 |
| Fl1nt | dumb me is sleepy ^^ Too much patching for today :D | 14:46 |
| kevko | I went to go sleep at 5 am ..and i woke up at 8 30 :D | 14:47 |
| Fl1nt | kevko, ah ah ah did a bit of a similar schedule, went to sleep at 9pm then woke up a 3am didn't sleep up till 4:30 and wake up at 9am again ^^ | 15:05 |
| opendevreview | Grzegorz Koper proposed openstack/kolla-ansible master: Fixing hardcoded ceph.conf paths in libvirt templates https://review.opendev.org/c/openstack/kolla-ansible/+/930603 | 15:33 |
| greatgatsby | kevko: thanks for the oslo http driver link, very interesting. Hope it gets some traction. | 16:07 |
| opendevreview | Verification of a change to openstack/kayobe stable/2024.1 failed: Avoid shared IPA image cache on Ansible control host https://review.opendev.org/c/openstack/kayobe/+/929637 | 16:22 |
| opendevreview | Roman Krček proposed openstack/kolla-ansible master: Rewrite kolla-ansible CLI to python https://review.opendev.org/c/openstack/kolla-ansible/+/923110 | 17:27 |
| opendevreview | Merged openstack/kayobe stable/2024.1: Avoid shared IPA image cache on Ansible control host https://review.opendev.org/c/openstack/kayobe/+/929637 | 23:19 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!