| opendevreview | Ghanshyam proposed openstack/octavia-tempest-plugin master: DNM: testing RBAC new defaults https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/926456 | 02:07 |
|---|---|---|
| zigo | johnsom: Hi there! I don't really understand this: | 13:18 |
| zigo | https://review.opendev.org/c/openstack/octavia/+/855441 | 13:18 |
| zigo | We had Octavia not working, in our Caracal deployment, and setting user_data_config_drive to True made it work for us. So why removing this option? | 13:18 |
| zigo | Is the plan to have this option always set to True ? | 13:19 |
| johnsom | I don't think that is the setting that fixed it. In fact, the amps should not boot when that setting is true as "user_data" is limited to 64kb, which with the configuration settings and CA cert and Amphora cert it is too small. | 15:00 |
| johnsom | zigo To my knowledge, setting that True does not work due to the certs being included and it has to be base64 encoded, 64kb is not enough | 15:01 |
| zigo | Well, it just did work for me! | 15:02 |
| johnsom | Are you using really small key sizes for your CA and amp certs? | 15:03 |
| zigo | I believe it's normal stuff... | 15:05 |
| zigo | We do this: https://salsa.debian.org/openstack-team/debian/openstack-cluster-installer/-/blob/debian/caracal/utils/usr/bin/oci-octavia-certs?ref_type=heads | 15:06 |
| johnsom | Hmm, I can try a upstream job run, but I don't think nova has expanded that DB field (user_data is stored in the database clear text, another reason it's not a great option) | 15:07 |
| johnsom | Yeah, those are 2k keys, so good. | 15:08 |
| zigo | personality files are deprecated, aren't they? | 15:08 |
| zigo | At least that's what I read... | 15:08 |
| johnsom | In some microversions, but they will never go away | 15:08 |
| opendevreview | Michael Johnson proposed openstack/octavia master: DNM: Testing user_data https://review.opendev.org/c/openstack/octavia/+/926478 | 15:16 |
| opendevreview | Michael Johnson proposed openstack/octavia master: DNM: Testing user_data https://review.opendev.org/c/openstack/octavia/+/926478 | 15:46 |
| opendevreview | Michael Johnson proposed openstack/octavia master: DNM: Testing user_data https://review.opendev.org/c/openstack/octavia/+/926478 | 15:49 |
| johnsom | zigo So I went and looked at this a bit. I think it's fine to keep using user_data. It looks like we are at ~16,000 if you bump up the RSA key sizes, so with 65k available, we have some room to grow. | 18:30 |
| johnsom | That is without long intermediate cert chains, but I don't think even that would push us over the edge. | 18:33 |
| johnsom | I do wish nova would raise that limit. It's purely a schema validation limit as the DB is already a larger size | 18:33 |
| johnsom | It looks like log offloading doesn't work with user_data, so I opened a bug on that | 19:04 |
| johnsom | https://bugs.launchpad.net/octavia/+bug/2077190 | 19:04 |
| opendevreview | Michael Johnson proposed openstack/python-octaviaclient master: Add SR-IOV support for members https://review.opendev.org/c/openstack/python-octaviaclient/+/914774 | 21:06 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!