Monday, 2025-03-10

« Friday, 2025-03-07 Index Tuesday, 2025-03-11 »
opendevreviewMerged openstack/python-octaviaclient master: Update master for stable/2025.1  https://review.opendev.org/c/openstack/python-octaviaclient/+/94373709:08
opendevreviewMerged openstack/python-octaviaclient stable/2025.1: Update .gitreview for stable/2025.1  https://review.opendev.org/c/openstack/python-octaviaclient/+/94373509:08
opendevreviewMerged openstack/python-octaviaclient stable/2025.1: Update TOX_CONSTRAINTS_FILE for stable/2025.1  https://review.opendev.org/c/openstack/python-octaviaclient/+/94373609:08
opendevreviewMerged openstack/octavia-lib master: Update master for stable/2025.1  https://review.opendev.org/c/openstack/octavia-lib/+/94373209:32
opendevreviewMerged openstack/octavia-lib stable/2025.1: Update .gitreview for stable/2025.1  https://review.opendev.org/c/openstack/octavia-lib/+/94372909:32
opendevreviewMerged openstack/octavia-lib stable/2025.1: Update TOX_CONSTRAINTS_FILE for stable/2025.1  https://review.opendev.org/c/openstack/octavia-lib/+/94373009:32
opendevreviewMerged openstack/octavia master: Drop VIRTUAL_ENV  https://review.opendev.org/c/openstack/octavia/+/94118812:58
kevkoHi folks, i want to just ask .. we found a bug in kolla config or better said combination of config and octavia redis sentinel implementation - Version of octavia - 2023.1 ... so I thought it will be enough to backport https://review.opendev.org/c/openstack/octavia/+/907669 and https://review.opendev.org/c/openstack/octavia/+/907676 and13:20
kevkohttps://review.opendev.org/c/openstack/octavia/+/912355 to octavia ... i've also installed taskflow taskflow==5.9.1 and redis==5.2.1 (as i have this dependencies on another stack where it's working - 2024.2 ) ...but still nothing :( ...what i am missing ? please can u help me ? here LOG and config13:20
kevkohttps://paste.openstack.org/show/bCcp7cDuspEmEIy5m69k/ I am asking also because i remember I was  discussing this with tkajinam in a past with connection to the kolla - thank you very much13:20
kevko+ patch for kolla-ansible working in master - https://review.opendev.org/c/openstack/kolla-ansible/+/942799 << Original bug i see in 2023.1 with original config is that if master dissapear.. jobboard is not working :/13:21
kevkodo i need to backport something else  ? i mean some patch ? 13:21
tkajinamkevko, "AUTH <password> called without any password configured for the default user."13:50
tkajinamthis is likely the cause and you may have to check any difference in redis version or its configuration13:51
tkajinamif you do not enable redis acl then you may not need the username parameter set, iirc13:51
tkajinamI don't see any options which may be relevant to ACL https://dd43e0f9601da5e2e650-51b18fcc89837fbadd0245724df9c686.ssl.cf1.rackcdn.com/942799/5/check/kolla-ansible-ubuntu-octavia/5415d9d/primary/logs/kolla_configs/redis-sentinel/redis.conf13:54
tkajinamand I guess you are using the legacy auth mechanism which does not accept user-based auth13:54
tkajinamanyway the error does not really look relevant to octavia or taskflow iiuc13:54
kevkotkajinam: check the kolla-ansible patch ... it is working in upstream 14:05
kevkotkajinam: and upstream didn't change the redis images ..or configuration ...14:05
kevkotkajinam: so it needs to be something in octavia or taskflow 14:06
kevkotkajinam: that's the reason why i am asking ..what i am missing 14:07
kevkotkajinam: what about sentinel auth-pass kolla prJdpxQpU4uYvY3h3kIWLt9u7fOSlANY74v49yUM14:08
kevko(as there is no user ..it should be default )14:08
tkajinamis that exactly same with the working configuration in master ?14:08
kevkoyeah ..14:09
tkajinamhm14:14
kevkotkajinam: we are using 2023.1 right ? and we found that if master is down ..jobboard is not working ...so what i've done ? spin the master stack and said to myself ..okay ..i know where is the problem and fix the kolla-ansible config for octavia.conf jobboard section and said heureka ..it's working 14:15
kevkotkajinam: ^^ (master patch for octavia.conf in kolla-ansible project )14:16
kevkotkajinam: then I backported to kolla-ansible 2023.1 and expected that it will work ..but it did't 14:16
kevkotkajinam: so i found that there are changes for user auth and ssl and sentinel_fallbacks ...14:16
kevkotkajinam: so i've taken that patches and patched 2023.1 octavia branch and build kolla-images  + of course the same redis-py and taskflow pip packages ... and still dont work ..but i expected it will 14:17
kevkotkajinam: so - that's the reason why i am asking ..and what i am missing ...14:17
kevkotkajinam: redis.conf or redis-sentinel.conf was not changed  during several version in kolla-ansible orchestration if i am correct14:18
tkajinamhmm wait do you enable auth in sentinel in master, right ?14:22
tkajinamhttps://review.opendev.org/c/openstack/taskflow/+/91234614:23
tkajinamI think we have no mechanism to enable auth for sentinel in taskflow now14:23
tkajinamI don't remember details but I was asked to not require auth for sentinel by someone from your group14:24
tkajinamand had to revert the change, IIRC14:24
tkajinamhttps://bugs.launchpad.net/python-tooz/+bug/205665614:26
kevkotkajinam: well, as i said ..check redis-sentinel config in master kolla job ..14:28
kevkotkajinam: it's there and working ..how it is possible ..no errors in octavia-worker 14:28
kevkotkajinam: it was me .. but it was something sligtly different maybe ? 14:28
tkajinamSome deployment tools such as kolla already rely on the previous14:29
tkajinambehavior which requires authentication for only redis.14:29
tkajinamI remember I checked actual config generated in kolla at that time which had auth enabled for redis but not for redis-sentinel14:29
tkajinambackport indicates it was 2024.1 release14:29
tkajinamso I expect the same for 2023.1 unless you "fix" it in older branches later14:30
kevkotkajinam: this is master -> https://dd43e0f9601da5e2e650-51b18fcc89837fbadd0245724df9c686.ssl.cf1.rackcdn.com/942799/5/check/kolla-ansible-ubuntu-octavia/5415d9d/primary/logs/kolla_configs/index.html14:32
kevkotkajinam: redis-sentinel https://dd43e0f9601da5e2e650-51b18fcc89837fbadd0245724df9c686.ssl.cf1.rackcdn.com/942799/5/check/kolla-ansible-ubuntu-octavia/5415d9d/primary/logs/kolla_configs/redis-sentinel/redis.conf14:32
kevkotkajinam: redis https://dd43e0f9601da5e2e650-51b18fcc89837fbadd0245724df9c686.ssl.cf1.rackcdn.com/942799/5/check/kolla-ansible-ubuntu-octavia/5415d9d/primary/logs/kolla_configs/redis/redis.conf14:32
kevkotkajinam: config octavia-worker https://dd43e0f9601da5e2e650-51b18fcc89837fbadd0245724df9c686.ssl.cf1.rackcdn.com/942799/5/check/kolla-ansible-ubuntu-octavia/5415d9d/primary/logs/kolla_configs/octavia-worker/octavia.conf14:34
tkajinamhmm so redis.conf for sentinel has no requirepass14:36
tkajinamwhich indicates no auth for sentinel14:36
kevkotkajinam: so what is this ? entinel auth-pass kolla prJdpxQpU4uYvY3h3kIWLt9u7fOSlANY74v49yUM14:41
kevkosentinel auth-pass kolla prJdpxQpU4uYvY3h3kIWLt9u7fOSlANY74v49yUM14:41
kevkoi think this is auth to the sentinel no ? 14:41
tkajinamthat the password used in communication between sentinel and redis14:41
tkajinamwhich is different from requireauth defining the password in redis sentinel itself14:41
kevkotkajinam: hmm14:42
kevkotkajinam: it's same 14:42
kevkotkajinam: i have a little gulash in it :( ... and still don't understand why it is working in master and not in my stack14:43
kevko + https://github.com/openstack/taskflow/commit/3fbd05078f84fc5b8190201fc6eeb7d005bf498814:45
tkajinamkevko, are you using the same dogpile.cache ?14:45
tkajinamredis_sentinel driver in oslo.cache uses consistent auth for redis and sentinel (because that's a new feature at that moment we didn't care incompatibility with kolla at that time)14:46
tkajinamand I see you use redis_sentinel cache driver in master now for example in nova.conf, so it indicates you fixed disabled auth in sentinel somehow14:47
tkajinamI could not really find a clear clue about it from config but I think you first dig into the history around introduction of redis_sentinel oslo.cache backend in kolla14:47
kevkotkajinam: this shouldn't be anything about oslo.cache no ? 14:48
tkajinamThe problem is not relevant to oslo.cache, but the current setting of oslo.cache I see in master is that you expect auth for sentinel14:49
tkajinamwhich it didn't in 2024.114:49
tkajinamwhich *you* didn't, I mean14:49
kevkotkajinam: lemme check 14:49
kevkotkajinam: are you talking about some redis_sentinel driver oslo.cache not merged gerrit review ? 14:51
kevkobecause in nova merged kolla-ansible templates we still using meemcached 14:51
tkajinamhmm wait I might be looking at a wrong file from too many tabs14:52
kevko:D 14:52
tkajinamhmm seems I do14:53
kevkotkajinam: so i really don't know what's wrong there :/ 15:06
kevkotkajinam: i was wondering that i will just upgrade octavia to newer images ..but on the other side..i want to fix it in currect version of octavia15:06
tkajinamI may check how https://review.opendev.org/c/openstack/kolla-ansible/+/943950/ goes into CI to see if auth is actually enabled in sentinel or it's ignored by octavia15:07
kevkotkajinam: I'll spare you the wait :) I think you will get this 15:11
kevkotkajinam: https://paste.openstack.org/show/bQ3ika8Rf14rUl7iZLKx/15:11
kevkotkajinam: this is my local cluster deployed 15:11
kevko^^15:11
tkajinamkevko, so you see now sentinel has its auth enabled, right ?15:12
tkajinamand can you check the same in that existing 2023.1 cluster ?15:12
tkajinamredis-cli -h <host> -p 26379 may be the thing you can try/check15:17
kevkotkajinam: so change the config as you proposed in DNM patch ? in my testing 2023.1 with octavia patched and taskflow redis ? 15:17
tkajinamkevko, I'm saying if you can try connecting to sentinel by a tool (not by octavia or actual service code) to see if auth is enabled15:18
tkajinamthat's why I'm suggesting redis-cli15:18
tkajinamto make sure redis-sentinel behaves in the same way15:19
kevkotkajinam: ah ok 15:19
kevkotkajinam: lemme check 15:19
kevkotkajinam: (octavia-worker)[root@controller0 /]# redis-cli -h 192.168.205.11 -p 26379 SENTINEL get-master-addr-by-name kolla15:22
kevko1) "192.168.205.10"15:22
kevko2) "6379"15:22
kevko^^ master15:22
kevko(redis-sentinel)[root@controller0 /]# redis-cli -h 192.168.205.11 -p 26379 SENTINEL get-master-addr-by-name kolla15:23
kevko1) "192.168.205.10"15:23
kevko2) "6379"15:23
kevko2023.115:23
tkajinamso... no auth15:24
kevkohmm15:24
kevkookay, so why it is working with the config in master ? 15:26
kevkoand the 2nd ...so you are saying ..you don't know why it's working in master ..but in my 2023.1 it should be enough to remove sentinel auth ? 15:31
tkajinamI have no idea about #1 but I suspect so for #215:33
kevkotkajinam: 2025-03-10 15:50:48.219 20 ERROR taskflow.jobs.backends.impl_redis [-] <redis.client.Redis(<redis.sentinel.SentinelConnectionPool(service=kolla(master))>)>15:51
kevkotkajinam: hmm, w8 a minute15:59
tkajinamkevko, so octavia jobs are passing without sentinel username/password options https://zuul.opendev.org/t/openstack/build/09105b4e69094938b4870beb71d9eecf16:18
kevkotkajinam: hmm 16:31
kevkotkajinam: i will check every result and try locally and will let you know ... thank you very much for the help16:32
opendevreviewSergey Kraynev proposed openstack/octavia master: Ignore load_balancer graph in task results to avoid break write data in jobboard DB  https://review.opendev.org/c/openstack/octavia/+/94398518:38
kevkotkajinam: okay, thanks Takashi, working on both stacks, removed sentinel auth from the conf 20:26
« Friday, 2025-03-07 Index Tuesday, 2025-03-11 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!