Tuesday, 2024-11-05

« Monday, 2024-11-04 Index Wednesday, 2024-11-06 »
opendevreviewMerged openstack/kolla-ansible master: Add removal of --key parameter to CLI rewrite note  https://review.opendev.org/c/openstack/kolla-ansible/+/93386406:50
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible stable/2024.2: Add removal of --key parameter to CLI rewrite note  https://review.opendev.org/c/openstack/kolla-ansible/+/93410006:53
opendevreviewMerged openstack/kolla-ansible stable/2024.2: Add removal of --key parameter to CLI rewrite note  https://review.opendev.org/c/openstack/kolla-ansible/+/93410007:15
yosefmnasiadka: Hi, can you check out my reply on: https://review.opendev.org/c/openstack/kolla-ansible/+/92964608:16
mnasiadkaWill do later today, it's 9am here :)08:16
mnasiadkaneed my coffee08:16
yosefthank you :)08:17
opendevreviewJan Horstmann proposed openstack/kolla-ansible master: Improve grafana dashboard deployment  https://review.opendev.org/c/openstack/kolla-ansible/+/92109708:18
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Add TLS support for MariaDB Connections  https://review.opendev.org/c/openstack/kolla-ansible/+/93392408:53
opendevreviewPierre Riteau proposed openstack/kayobe master: Align Kayobe Ansible version with Kolla Ansible  https://review.opendev.org/c/openstack/kayobe/+/92663909:05
opendevreviewyosef proposed openstack/kolla-ansible master: Add election-timer option to ovn-db role  https://review.opendev.org/c/openstack/kolla-ansible/+/93410609:08
opendevreviewPierre Riteau proposed openstack/kayobe master: Align Kayobe Ansible version with Kolla Ansible  https://review.opendev.org/c/openstack/kayobe/+/92663909:11
opendevreviewPierre Riteau proposed openstack/kayobe master: Align Kayobe Ansible version with Kolla Ansible  https://review.opendev.org/c/openstack/kayobe/+/92663909:20
opendevreviewRoman Krcek proposed openstack/kolla-ansible master: Move to high level client in DockerWorker  https://review.opendev.org/c/openstack/kolla-ansible/+/90829510:07
opendevreviewPierre Riteau proposed openstack/kayobe master: Align Kayobe Ansible version with Kolla Ansible  https://review.opendev.org/c/openstack/kayobe/+/92663910:21
opendevreviewMatt Crees proposed openstack/kolla-ansible stable/2023.2: Prevent accidental downgrades of RabbitMQ  https://review.opendev.org/c/openstack/kolla-ansible/+/93387511:02
opendevreviewMatt Crees proposed openstack/kolla-ansible stable/2023.2: Fix: add common options to RabbitMQ version check  https://review.opendev.org/c/openstack/kolla-ansible/+/93411311:02
opendevreviewMatt Crees proposed openstack/kolla-ansible stable/2023.1: Prevent accidental downgrades of RabbitMQ  https://review.opendev.org/c/openstack/kolla-ansible/+/93387611:07
opendevreviewMatt Crees proposed openstack/kolla-ansible stable/2023.1: Fix: add common options to RabbitMQ version check  https://review.opendev.org/c/openstack/kolla-ansible/+/93411411:07
mattcrees[m]Any cores fancy a second +2 for a Bobcat bugfix? The Caracal one merged, so should be trivial :) https://review.opendev.org/c/openstack/kolla-ansible/+/93375711:18
SvenKieskedone11:21
mattcrees[m]Cheers11:25
opendevreviewPierre Riteau proposed openstack/kayobe master: Remove upgrade note about Rocky Linux 9 support  https://review.opendev.org/c/openstack/kayobe/+/93411811:41
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Add TLS support for MariaDB Connections  https://review.opendev.org/c/openstack/kolla-ansible/+/93392411:46
kevkofolks, do you think it's ok if we are generating two separate TLS certs for kolla_internal_vip  ? 11:46
kevkohaproxy and proxysql ? 11:47
kevkoshouldn't they use the same cert as it's same internal VIP ? 11:47
kevkolike, it's working ... there is no reason why it shouldn't ... as it's generate against same CA ...but just wondering ... shouldn't be the cert same ? 11:48
fricklerdifferent services should use different certs IMO. you could even tie these to different IPs in larger deployments?11:48
kevkofrickler: I am not sure if I can agree with you ...for example kolla is now generating backend.crt and backend.key ...and it's copied into the container for specific service ...keystone , cinder, glance ...etc ...etc ..... but it's same cert ...11:50
kevkofrickler: I can agree that different IP = different TLS cert ... i am okay with this 11:51
kevkofrickler: but let's say i am connecting to     internal_vip:5000 for keystone ... cert A .... mysql connect to same internal_vip:3306  ...cert B 11:51
kevkosame VIP different port 11:52
kevkofrickler: it's similar as you have horizon on port 443 which is providing dashboard ...but you have nova vnc or spice on 6032 (if I remember correctly the port) ...which is also under the same TLS cert 11:52
kevkofrickler: *same11:54
kevko(it's 6082 regarding above... )11:56
fricklermaybe more certs would be better indeed. also backend TLS might be yet another question. but anyway, I think the current state as you describe it wouldn't be improved by using a smaller number of certs11:57
kevkofrickler: It would improve because the code would be simplified and unified.12:00
kevkoTLS validation is verified against fqdn or IP 12:01
kevkoI'm not saying it doesn't work, but it simply doesn't make sense to make life harder for yourself.12:02
opendevreviewMerged openstack/kolla-ansible stable/2023.2: Fix Octavia service upgrade failure from 2023.1  https://review.opendev.org/c/openstack/kolla-ansible/+/93375712:47
opendevreviewMerged openstack/kolla-ansible master: Fix cinder etcd3gw backend_url  https://review.opendev.org/c/openstack/kolla-ansible/+/93372612:47
opendevreviewPierre Riteau proposed openstack/kolla-ansible stable/2024.2: Fix cinder etcd3gw backend_url  https://review.opendev.org/c/openstack/kolla-ansible/+/93412212:56
opendevreviewPierre Riteau proposed openstack/kolla-ansible stable/2024.1: Fix cinder etcd3gw backend_url  https://review.opendev.org/c/openstack/kolla-ansible/+/93412312:56
opendevreviewPierre Riteau proposed openstack/kolla-ansible stable/2023.2: Fix cinder etcd3gw backend_url  https://review.opendev.org/c/openstack/kolla-ansible/+/93412412:57
zigokevko: Hey there! Could you tell me where's the topic agenda stuff for the Kolla meetings?13:11
zigo(unrelated to what we discussed yesterday)13:11
opendevreviewMickael Razzouk proposed openstack/ansible-collection-kolla master: add docker_apt_key_set_env variable to docker role  https://review.opendev.org/c/openstack/ansible-collection-kolla/+/93412613:46
mattcrees[m]zigo: We keep the agenda on the whiteboard: https://etherpad.opendev.org/p/KollaWhiteBoard#L8013:53
zigomattcrees[m]: Cheers !13:53
opendevreviewMerged openstack/kayobe master: Align Kayobe Ansible version with Kolla Ansible  https://review.opendev.org/c/openstack/kayobe/+/92663914:26
opendevreviewBertrand Lanson proposed openstack/kolla-ansible master: set haproxy for cyborg module  https://review.opendev.org/c/openstack/kolla-ansible/+/89064214:38
opendevreviewMatt Crees proposed openstack/kolla-ansible master: Add retries to `Waiting for rabbitmq to start`  https://review.opendev.org/c/openstack/kolla-ansible/+/93413514:51
opendevreviewBertrand Lanson proposed openstack/kolla-ansible master: set haproxy for cyborg module  https://review.opendev.org/c/openstack/kolla-ansible/+/89064215:00
kevkozigo: https://etherpad.opendev.org/p/KollaWhiteBoard15:13
zigoYeah, got it.15:13
kevkozigo: sorry, I had a meeting 15:13
zigoSure, no pb.15:13
kevkoI'm really desperate at this point ,  I'm using Neutron with OVN, and OVS starts spinning at 100% CPU, with the log showing entries  https://paste.openstack.org/show/bnleYUdDaH5W7Ohk1LiS/  and the time just keeps increasing. The ovs-appctl command hangs, so I can’t use coverage. While ovs-vsctl show works, any attempt to change anything causes it15:13
kevkoto freeze. If I delete OVS (including the volume) and restart the server, when I reconfigure OVS (re-create it), everything is initially fine because there are no rules in OVS. At this stage, if I remove the interface from br-ex and call reconfigure on OVN (which sets the metadata), everything is still OK. However, as soon as I put the interface15:13
kevkoback into br-ex, it crashes again15:13
kevkoKolla-ansible, kolla, images ubuntu 22.04, ovs 3.3.0 , 24.03.215:13
kevkobtw zigo ^^ ? 15:13
kevkofor me it sounds like an ovs bug or something 15:13
zigoMaybe.15:14
zigoAre we talking about OVS + OVN Debian packages?15:14
zigoThese days, they are maintained in Debian by Ubuntu people.15:14
zigo(the Ubuntu server team)15:15
zigoI have no experience with OVN, so I can't tell...15:15
kevkoopenvswitch-common             3.3.0-1ubuntu3~cloud015:15
kevkoovn-common                     24.03.2-0ubuntu0.24.04.1~cloud015:15
zigoIn Bookworm, we have 3.1.0-2+deb12u115:16
zigoand 23.03.1-1~deb12u215:16
zigoIt's been a *very* long time since we had issues with OVS (though, as I mentioned, we aren't using OVN)15:17
shermanmhey, I had a question about the best way to include arm64 ipxe binaries in the ironic_pxe container. It looks like I'd need to modify the extend_start script to load them into the correct path during bootstrap?15:19
kevkozigo: yes, we also haven't seen issues until now :D 15:20
SvenKieskekevko: maybe you can try our osism downstream images? afaik we rebuild ovs and ovn ourselves, just in case you want to rule out some compilation bugs15:21
SvenKieskebut don't know how easily you can swap images in that deployment15:21
zigokevko: Is there a way you can use Debian packages instead of the Ubuntu ones?15:22
fricklerkevko: also which kernel version?15:22
SvenKieskeyes, if I would need to throw a stone at someone to blame, I would aim for the kernel before ovs :D15:23
kevkofrickler: Linux controller0 5.15.0-124-generic #134-Ubuntu SMP Fri Sep 27 20:20:17 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux15:23
SvenKieskeI'd recommend running the ubuntu HWE kernels (not hwe edge, those don't get security updates)15:23
kevkozigo: it's easy ... but I am out of time ..so don't want to try everything at once ..as I am in serious trouble :/15:23
SvenKieskeas a datapoint we have ovn 24.3.3 and ovs 3.3.115:25
kevkoSvenKieske: do you have images somewhere publicly ? 15:29
SvenKieskekevko: yes, e.g. https://quay.io/repository/osism/openvswitch-db-server15:29
SvenKieskeyou can search in that org etc15:30
opendevreviewMatt Crees proposed openstack/kolla-ansible master: Add retries to `Waiting for rabbitmq to start`  https://review.opendev.org/c/openstack/kolla-ansible/+/93413515:31
SvenKieskeor you can use our mirror, see our sboms here: https://github.com/osism/sbom/blob/main/8.0.2/openstack.yml (this is the latest official release)15:31
kevkoSvenKieske: some specific tags ? 15:31
SvenKieskekekvo: that would be the tag, e.g. for ovn: osism.harbor.regio.digital/kolla/release/ovn-controller:24.3.3.20240909 (see above sbom link)15:32
kevkoSvenKieske: thank you 15:32
kevkoI will try it probably 15:32
SvenKieskekevko: you're welcome :) hope it works, and if it also triggers a bug, happy to hear about that too and we can try to fix it then, at least it's not distro specific then15:33
SvenKieskeafaik we compile sources directly from upstream15:33
SvenKieskekevko: if you want to look into the ovs build process yourself, you can find it here: https://github.com/osism/deb-packaging15:35
kevkoSvenKieske:  do you use ubuntu also ? 15:35
kevkoas base ? 15:35
SvenKieskestill ubuntu, but debian and centos stuff should also work in general15:36
SvenKieskefrickler wants to switch to debian, which I kind of agree with :D but many people want/need ubuntu15:36
SvenKieskeand some need centos, so that is the latest addition. there are some issues, especially with ARM :D15:37
kevkoSvenKieske: well yeah, I like also debian more ... 15:38
kevkoSvenKieske: Yuck, CentOS15:39
kevkoSvenKieske: https://review.opendev.org/c/openstack/kolla-ansible/+/890642 << 15:57
SvenKieskekevko: was that related to your issue? or just a bugfix where another +2 is needed?16:27
kevkoSvenKieske: just bugfix ..mnasiadka gave +2 before ..16:28
SvenKieskeok. looking into ti16:34
SvenKieskeit*16:34
SvenKieskekevko: how much do you care about TLS in cyborg? see reply on the change16:44
kevkoSvenKieske: i replied :) 16:45
kevkoSvenKieske: check my answer 16:45
yosefkevko: reading your issue with ovn-ovs, what is your workload? recently upgraded to ovs 3.3.0 without any problem although had a problem with ovn 24.03.2, forced me to bump to 24.03.416:46
kevkoSvenKieske: i think the commiter did what he proposed as patch and added reno ... fixed availability of cyborg on VIP ... TLS can be added in separate patch 16:46
kevkoyosef: what issue did you have ? 16:47
yosefkevko: https://github.com/ovn-org/ovn/issues/26116:48
SvenKieskekevko: ack, got your +2 :) but wait for CI for W+116:50
kevkoSvenKieske: of course 16:52
kevkoSvenKieske: btw, after we will release D ...there is whole relation chain to merge i think 16:52
kevkoSvenKieske: https://review.opendev.org/c/openstack/kolla-ansible/+/93392416:52
kevkoSvenKieske: to merge/to review16:54
mnasiadkaD final release is done17:06
opendevreviewMichal Arbet proposed openstack/kolla-ansible master: Add TLS support for MariaDB Connections  https://review.opendev.org/c/openstack/kolla-ansible/+/93392417:06
mnasiadkaTime to start merging things in master - E cycle for Kolla/Kolla-Ansible is now open ;-)17:07
kevkooh, i see https://review.opendev.org/c/openstack/releases/+/93405417:08
kevkomnasiadka: Awesome, I love this freedom of a fresh master branch where reviews will be quick and the vibe relaxed, after all, it’s just master again! :) :D 17:09
SvenKieskekevko: :D well I like that optimism :)17:18
kevkoSvenKieske: I'm such a spammer; I'll always remind you of myself, and I'll always try to break the ice to be more smooth  :)17:20
kevko:D 17:20
kevkoSvenKieske: Subtle sarcasm is close to my heart, and so is humor. :) 17:21
mnasiadkakevko: can you add a reno to https://review.opendev.org/c/openstack/kolla/+/930152 - so we can merge that one as well?17:43
mnasiadkafix handling configs is gating17:44
kevkomnasiadka: thanks, yeah of course 17:50
kevkomnasiadka: I will in few minutes, right after I will have a keyboard under my hands 17:50
mnasiadkaNo problem, will have a look then17:51
mnasiadkaOther patches for tomorrow ;-)17:51
mnasiadkakevko: we just need to state that the logging format changed from THIS to THAT, so users are aware (maybe somebody is parsing those logs or something)17:52
kevkoYep17:53
opendevreviewMichal Arbet proposed openstack/kolla master: Enhance logging format for better readability  https://review.opendev.org/c/openstack/kolla/+/93015218:13
kevkomnasiadka: ^^ i am not good at reno writing ..so please ..check it :D 18:13
opendevreviewBertrand Lanson proposed openstack/kolla-ansible master: set haproxy for cyborg module  https://review.opendev.org/c/openstack/kolla-ansible/+/89064219:02
opendevreviewVerification of a change to openstack/kolla master failed: Fix handling configs in base image  https://review.opendev.org/c/openstack/kolla/+/91544019:11
opendevreviewMerged openstack/kayobe stable/2024.1: CI: Fix Ubuntu 24.04 version check  https://review.opendev.org/c/openstack/kayobe/+/93388119:37
opendevreviewMichal Arbet proposed openstack/kolla master: Fix handling configs in base image  https://review.opendev.org/c/openstack/kolla/+/91544021:43
« Monday, 2024-11-04 Index Wednesday, 2024-11-06 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!