Tuesday, 2024-01-16

« Monday, 2024-01-15 Index Wednesday, 2024-01-17 »
gthiemongetkajinam: Hi Takashi, I think we have to backport https://review.opendev.org/c/openstack/octavia/+/903674 , it started to fail on stable branches too08:54
gthiemongetkajinam: do you think it is fine to unpin flake8-import-order on stable branches? or do we need to take another approach?08:54
tkajinamgthiemonge, There would be two approaches. Backporting that fix to stable branch, which I think is row risk, or pin flake8 to < 6.0.0 in stable branch according to https://github.com/PyCQA/flake8-import-order/issues/18909:10
tkajinamafaik flake8 is not capped by global requirements and that's why the issue is affecting stable branches09:11
tkajinamit seems the other repos such as neutron are not hitting this problem because flake8 version is capped by hacking.09:11
tkajinamCollecting flake8<3.8.0,>=3.6.0 (from hacking<3.1.0,>=3.0.1->-r /home/zuul/src/opendev.org/openstack/neutron-lib/test-requirements.txt (line 5))09:12
tkajinamthis is what I've found in pep8 job for neutron-lib09:12
gthiemongetkajinam: thanks, maybe caping flake8 is the correct approach here, I'm going to check if it fixes the errors09:13
tkajinamgthiemonge, you can probably cap hacking then it should cap flake809:14
tkajinamor cap flake8 which is more direct approach09:15
gthiemongetkajinam: ack09:16
tkajinamso... it turned out very old hacking versions are still pulled in multiple test-requirements. /me sighs09:16
tkajinampython-octaviaclient/test-requirements.txt:hacking>=3.0.1,<3.1.0 # Apache-2.009:17
opendevreviewTakashi Kajinami proposed openstack/python-octaviaclient master: Bump hacking  https://review.opendev.org/c/openstack/python-octaviaclient/+/90565909:21
opendevreviewTakashi Kajinami proposed openstack/octavia master: Cap hacking  https://review.opendev.org/c/openstack/octavia/+/90566009:22
gthiemongetkajinam: thanks!09:23
opendevreviewTakashi Kajinami proposed openstack/octavia stable/2023.2: Stable-only: Pin hacking to < 6.1.0  https://review.opendev.org/c/openstack/octavia/+/90566209:27
opendevreviewGregory Thiemonge proposed openstack/octavia stable/2023.2: Cap hacking on stable branches  https://review.opendev.org/c/openstack/octavia/+/90566309:27
gthiemongeoh, almost same thing09:27
gthiemongelet's see if yours passes the CI maybe going from 3.0 to 6.0 will trigger new issues09:28
tkajinamgthiemonge, If I read the history in hacking. hacking 6.1.0 is the one which starts pulling flake8 >= 609:28
tkajinamso we can probably use 6.0.x, though yours would also work09:29
tkajinamI have no strong opinion and am file with either upper constraint, as long as it works09:30
gthiemongeI would rather not bump it on stable but maybe some other folks will have a different opinion09:32
tkajinamI'm ok with a lower bound. my concern is the fact that we haven't capped hacking so even old branches have been consumed new version recently and having too low cap might cause different problems.09:42
tkajinamanyway we can check the outcome in CI and use the one which fixes pep8 without different problems :-)09:42
opendevreviewTakashi Kajinami proposed openstack/python-octaviaclient master: Bump hacking  https://review.opendev.org/c/openstack/python-octaviaclient/+/90565909:47
opendevreviewTakashi Kajinami proposed openstack/octavia master: Cap hacking  https://review.opendev.org/c/openstack/octavia/+/90566009:49
opendevreviewTakashi Kajinami proposed openstack/python-octaviaclient master: Bump hacking  https://review.opendev.org/c/openstack/python-octaviaclient/+/90565910:12
opendevreviewTakashi Kajinami proposed openstack/octavia master: Cap hacking  https://review.opendev.org/c/openstack/octavia/+/90566010:40
opendevreviewTom Weininger proposed openstack/octavia-tempest-plugin master: WIP test rebase of below patch  https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/90568311:33
opendevreviewTom Weininger proposed openstack/octavia-tempest-plugin master: WIP test rebase of below patch  https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/90568311:58
gthiemongetweining: johnsom: question for you guys, what do you prefer to fix a pep8 issue on stable branch13:42
gthiemonge- capping the current requirements: https://review.opendev.org/c/openstack/octavia/+/905663/1/test-requirements.txt13:42
gthiemonge- bumping and capping the requirements: https://review.opendev.org/c/openstack/octavia/+/905662/1/test-requirements.txt13:42
gthiemonge?13:42
tweiningI'd prefer the latter13:43
tweiningalthough... you said stable branches. in that case I guess it is probably fine either way.13:48
opendevreviewTakashi Kajinami proposed openstack/python-octaviaclient master: Bump hacking  https://review.opendev.org/c/openstack/python-octaviaclient/+/90565916:17
johnsomYeah, I would prefer to move the version forward if it passes16:23
opendevreviewTakashi Kajinami proposed openstack/octavia master: Cap hacking  https://review.opendev.org/c/openstack/octavia/+/90566016:57
opendevreviewTakashi Kajinami proposed openstack/octavia stable/yoga: Stable-only: Pin hacking to < 6.1.0  https://review.opendev.org/c/openstack/octavia/+/90571917:15
opendevreviewTakashi Kajinami proposed openstack/octavia stable/xena: Stable-only: Pin hacking to < 6.1.0  https://review.opendev.org/c/openstack/octavia/+/90572017:17
spateljohnsom did you see this error - https://ibb.co/zR4TscQ19:49
spatelopenstack role add --project myproject --user-domain Default --user myuser1  load-balancer_member19:50
spatelI did run above command to add into role but still getting error 19:50
johnsomWell, there could be a few reasons. One was openstacksdk broke with keystone. How new of a deployment is this?19:50
spatelThis is new deployment but when I spin up k8s cluster it creates LB etc... 19:51
spatelbut when enduser try to create LB then throwing error 19:51
johnsomSee if these errors match yours: https://bugs.launchpad.net/octavia/+bug/204671119:52
johnsomGreg has a fix for that issue here: https://review.opendev.org/c/openstack/octavia-dashboard/+/90385619:52
johnsomBut that may not be your issue.19:52
johnsomThat role looks fine to me, but there have been a bunch of RBAC changes in Openstack over the last two years that are... funky19:53
spatelreading... I have zed release which is working fine.. This is 2023.1 release causing issue.. 19:55
johnsomYeah, this breakage in openstacksdk is fairly new19:55
spatelhmm 19:58
johnsomWhat is the error in horizon_error.log? That should point us in the right direction19:58
spatellet me check logs 19:58
spatelhold on 19:59
spatel[Tue Jan 16 20:02:46.626689 2024] [wsgi:error] [pid 24:tid 140187792516672] [remote 192.168.8.14:59002] Forbidden: /api/octavia-barbican/secrets/20:02
spatelthis is keep pop'ing 20:03
spatellook like its barbican related issue.. 20:03
johnsomOh, ok, yeah, that is another issue. Give a minute20:03
johnsomhttps://review.opendev.org/c/openstack/octavia-dashboard/+/88702720:04
johnsomAlso, I think users need a "consumer" role in barbican to use it. Hmm, I wonder if that is a bug in this patch20:05
spatelso this is horizon patch20:05
spatel?20:07
johnsomHmm, no doesn't appear to be the issue as that patch is only in 2023.220:08
johnsomHmmm, looking at that error again, that is odd, it's like horizon isn't allowing access to the internal secrets endpoint (the barbican library)20:11
spatelhmmm 20:12
spatelI remember now.. Octavia was working fine.. until I install barbican 20:13
spatelSo definitely barbican broke something 20:13
johnsomYeah, that changes how horizon works. You may need to add a role to the user for barbican. Try "consumer"20:13
spateladd role consumer? 20:14
johnsomopenstack role add --project myproject --user-domain Default --user myuser1  consumer20:14
johnsomI think that is what they called it.20:14
spatellet me check first if role already exist or not20:15
johnsomOh, looking at barbican docs, it might be "creator"20:15
spatelNo consumer role 20:15
spatelhmmm20:16
spatelThere is a role called creator 20:16
johnsomYeah, try that20:16
spatelok 20:17
spatelit works :)20:18
spatelno error 20:18
johnsomYeah, so some oddness with how barbican sets up it's roles.20:19
spatel:( indeed 20:20
spatelevery rev come with some extra pieces in puzzle 20:20
johnsomOh I know....  It's a lot of work to track down who broke what in which repo.... lol20:24
spatelagain, thank you for the help :)20:25
johnsomSure, NP20:25
spateljohnsom is it possible to created single role and add creator and load-balancer_member role in it?20:40
johnsomYes20:41
spatelso in single command we can assign both role 20:41
johnsomI typically setup a single "user" role that has everything in it that all users need20:41
johnsomspatel https://docs.openstack.org/octavia/latest/configuration/policy.html#keystone-group-roles20:42
johnsomI wrote it up in our docs20:42
spatelThis is awesome 20:44
spatelso create group and assign roles to that group right? 20:45
johnsomyep, if a group doesn't already exist20:45
spatellater add user to that group :)20:45
spatelI will give it a try 20:45
opendevreviewMohammed Naser proposed openstack/octavia master: Revert "Fix remaining usage of [neutron] endpoint_type"  https://review.opendev.org/c/openstack/octavia/+/90572421:23
opendevreviewMohammed Naser proposed openstack/octavia master: fix: use oslo_conf when getting neutron client  https://review.opendev.org/c/openstack/octavia/+/90579422:13
mnaserhttps://bugs.launchpad.net/octavia/+bug/204955122:21
mnaseranyone ran into something like this?22:21
mnaseri've been stuck for a few hours trying to unbork this.22:21
« Monday, 2024-01-15 Index Wednesday, 2024-01-17 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!