17:00:25 <evrardjp> #startmeeting openstack_ansible_meeting 17:00:25 <openstack> Meeting started Tue Mar 20 17:00:25 2018 UTC and is due to finish in 60 minutes. The chair is evrardjp. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:00:26 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:00:29 <openstack> The meeting name has been set to 'openstack_ansible_meeting' 17:00:40 <d34dh0r53> o/ 17:00:52 <Tahvok> o/ 17:01:05 <RandomTech> Hey i have an instance that would finish deleting, any suggestions on were to look for errors? 17:01:10 <evrardjp> #topic What happened since last meeting 17:01:14 <hwoarang> o/ 17:01:18 <RandomTech> oops sorry didnt notice the meeting started 17:01:25 <odyssey4me> o/ 17:01:29 <jmccrory> o/ 17:01:33 <cjloader> o/ 17:01:39 <evrardjp> Under this section we are just friendly reminding what went on last week 17:01:50 <evrardjp> cloudnull and evrardjp talked about the integration of external roles 17:01:56 <evrardjp> #link http://eavesdrop.openstack.org/irclogs/%23openstack-ansible/%23openstack-ansible.2018-03-14.log.html#t2018-03-14T15:05:20 17:02:02 <cloudnull> o/ 17:02:07 <evrardjp> evrardjp worked with tonyb on newton EOLing 17:02:14 <evrardjp> #link http://lists.openstack.org/pipermail/openstack-dev/2018-March/128313.html 17:02:21 <evrardjp> evrardjp's regular bump was not done last week, due to already pending O/P bump patches 17:02:31 <evrardjp> https://review.openstack.org/#/c/550599/ https://review.openstack.org/#/c/550593/ 17:02:40 <evrardjp> spotz introduced the idea of office hours, but no formal office hours will be held for now. 17:02:47 <evrardjp> #link http://eavesdrop.openstack.org/irclogs/%23openstack-ansible/%23openstack-ansible.2018-03-14.log.html#t2018-03-14T16:38:58 17:03:11 <evrardjp> I know that's a lot to process, but it's not over yet! 17:03:15 <evrardjp> evrardjp promoted the Vancouver Forum brainstorming etherpad and would love some brainstorm to happen 17:03:21 <evrardjp> #link https://etherpad.openstack.org/p/YVR-openstack-ansible-brainstorming 17:03:33 <evrardjp> evrardjp added gokhan as core member of the telemetry roles 17:03:34 <spotz> hola 17:03:39 <evrardjp> #link http://eavesdrop.openstack.org/irclogs/%23openstack-ansible/%23openstack-ansible.2018-03-19.log.html#t2018-03-19T13:37:53 17:03:48 <evrardjp> niraj_singh is working on the inclusion of masakari into OSA 17:03:54 <evrardjp> #link http://eavesdrop.openstack.org/irclogs/%23openstack-ansible/%23openstack-ansible.2018-03-19.log.html#t2018-03-19T13:46:12 17:04:01 <evrardjp> odyssey4me would like some input for the two approaches outlined in the etherpad for the python build simplification 17:04:09 <evrardjp> #link https://etherpad.openstack.org/p/osa-source-deploy-role-planning 17:04:15 <andymccr> o/ 17:04:37 <evrardjp> Now that you have all those links opened in your browsers.... Did I miss something? 17:04:51 <evrardjp> If not, we can go ahead with the triage. 17:05:01 <evrardjp> We can discuss those topics after the triage 17:05:13 <logan-> o/ 17:05:27 <odyssey4me> evrardjp thanks for pulling all that together - it's useful to get a quick summary to digest 17:05:41 <hwoarang> yeah awesome work 17:06:07 <hwoarang> evrardjp: yes mbuil is core in neutron too ;p 17:06:17 <evrardjp> odyssey4me: the format is not easy, but at least it would leave the ppl the time to digest things after the meeting. Any addition for next week should go into the meeting page https://wiki.openstack.org/wiki/Meetings/openstack-ansible 17:06:23 <hwoarang> mbuil: wake up meeting time! 17:06:41 <evrardjp> hwoarang: that's not this week, I think it was previous week, but I might have the dates wrong! 17:06:46 <hwoarang> ah could be 17:06:56 <evrardjp> but thanks for the reminder hwoarang 17:07:24 <evrardjp> could we go ahead with the triage? I know we have lots of bugs, and I know odyssey4me would like to discuss his etherpad link after the triage 17:07:57 <evrardjp> 5 17:07:59 <evrardjp> 4 17:08:01 <evrardjp> 3 17:08:03 <evrardjp> 2 17:08:05 <evrardjp> 1 17:08:08 <evrardjp> #topic bug triage 17:08:23 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1756005 17:08:24 <openstack> Launchpad bug 1756005 in openstack-ansible "cinder_volumes_container bind mount for /var/log not configured" [Undecided,New] 17:09:55 <evrardjp> I don't know why we have cinder_backend_lvm_inuse | bool there 17:10:01 <andymccr> yeah 17:10:07 <andymccr> id say high on that- not confirmed it though 17:10:43 <andymccr> seems sensible based ont he report though 17:11:01 <odyssey4me> agreed 17:11:03 <evrardjp> oh we did like that everywhere: we say we run containers based on backend x or y, not based on is_metal or not 17:14:03 <evrardjp> I think we should just add another task that does the same kind of things, but without the unconfined profile I guess 17:14:31 <evrardjp> when cinder_volume is in group_names and is_metal is False 17:14:37 <evrardjp> sounds plausible? 17:14:51 <evrardjp> confirmed high? 17:15:13 <andymccr> yeah 17:15:17 <evrardjp> ok next 17:15:19 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1755929 17:15:21 <openstack> Launchpad bug 1755929 in openstack-ansible "Octavia config drop fails on multiple hosts" [Undecided,New] 17:16:37 <evrardjp> that sound like bad orchestration 17:16:54 <andymccr> yeah 17:17:08 <odyssey4me> yeah, not very good validation either 17:17:21 <evrardjp> it looks legit 17:17:23 <odyssey4me> can't confirm, but seems like it needs someone to pick that up pronto 17:17:32 <evrardjp> yup 17:17:39 <evrardjp> xgerman_: could you check at this? 17:17:42 <odyssey4me> xgerman_ ^ that looks like something that needs urgent follow up 17:17:48 <odyssey4me> heh 17:17:52 <evrardjp> :) 17:18:09 <odyssey4me> I'd say High 17:18:14 <evrardjp> ok Let's mark it as confirmed and high. 17:18:26 <odyssey4me> It's pretty serious for production. 17:18:26 <andymccr> yeah 17:18:27 <xgerman_> k 17:18:57 <xgerman_> have a patch up for that but need ot review 17:19:19 <evrardjp> Could you mark the bug in your patch? 17:19:26 <evrardjp> It would be listed then 17:19:26 <xgerman_> yep, will do 17:19:29 <evrardjp> ok next 17:19:31 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1755821 17:19:32 <openstack> Launchpad bug 1755821 in openstack-ansible "config_template fails to parse template if it contains a comment with leading spaces" [Undecided,New] 17:20:25 <evrardjp> I haven't tested this myself 17:20:29 <evrardjp> but that sounds very serious 17:20:30 <odyssey4me> me neither 17:20:36 <cloudnull> yea that doesnt sound good 17:20:44 <evrardjp> cloudnull: could you have a look? 17:21:04 <cloudnull> you can add me to that 17:21:12 <cloudnull> I wont be able to look at it today 17:21:28 <openstackgerrit> Andy McCrae proposed openstack/openstack-ansible-plugins stable/queens: Utilise sorted to ensure no random changes https://review.openstack.org/554301 17:21:40 <evrardjp> it's alright, I am leaving it unconfirmed for now, so that if you forget it would reappear next week 17:21:48 <evrardjp> leaving the triage status at high though 17:22:00 <evrardjp> next 17:22:02 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1755790 17:22:03 <openstack> Launchpad bug 1755790 in openstack-ansible "vxlan ttl defaults to 1" [Undecided,New] 17:22:26 <evrardjp> opinion? 17:22:52 <evrardjp> I think vxlan ttl default behavior is to have ttl to 1 though, to avoid traffic crossing through routers, on purpose 17:23:13 <andymccr> hmm 17:23:47 <evrardjp> but the pod example is exactly the opposite, you need to cross routers 17:23:48 <jrosser> this is 17:23:54 <jrosser> multicast 17:24:12 <jrosser> sorry on crap 3g 17:24:19 <evrardjp> oh yeah true 17:24:23 <evrardjp> but still 17:24:40 <evrardjp> jrosser: haha 17:24:54 <jrosser> ttl 1 is usually set for things like mdns which are explocitly link local 17:24:54 <evrardjp> I think this deserves confirming and adapting in the docs 17:26:03 <evrardjp> The deployer will evaluate what's best for his/her case. 17:26:18 <evrardjp> I am fine with adapting the documentation, fine for you jrosser ? 17:26:36 <jrosser> tes it needs to certatainly go in the pods example 17:26:41 <evrardjp> I am not sure it's a good idea to change the ttl by default 17:26:53 <andymccr> documentation sounds like the way 17:26:55 <evrardjp> jrosser: I'd do it ONLY for the pods example 17:27:16 <jrosser> the unicast part of vxlan will be generally routtable 17:27:59 <evrardjp> jrosser: but it doesn't need to be on non-pod 17:28:09 <jrosser> so as it stands the behaviour will be different for generally encapsualted packets and any BUM like dhcp or arp 17:28:34 <evrardjp> yes 17:28:52 <evrardjp> I think we agree and we can discuss in the bug and patches. 17:28:59 <evrardjp> I'll assign that to me 17:29:01 <jrosser> yes 17:29:18 <evrardjp> next 17:29:19 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1755609 17:29:20 <openstack> Launchpad bug 1755609 in openstack-ansible "Galera xinetd only_from listens to load balancers' "ansible_host" rather than container management IP" [Undecided,New] 17:30:13 <evrardjp> tricky one this one 17:30:26 <evrardjp> due to our extreme configurability 17:31:13 <andymccr> hmm 17:32:18 <jmccrory> are there facts that could be used to list interface addresses on haproxy_hosts? 17:32:20 <cloudnull> I think it makes sense to whitelist the cidrs 17:32:22 <evrardjp> so in its example, the ip used for ansible_host doesn't matter 17:32:34 <evrardjp> jmccrory: yes 17:33:05 <evrardjp> jmccrory: I think that's a good solution in fact, whitelist all the haproxy interfaces ip 17:33:10 <evrardjp> same for galera ips 17:33:16 <evrardjp> good thinking there! 17:33:35 <evrardjp> cloudnull: I think it would be okay, but opening very wide, I prefer jmccrory solution :) 17:33:46 <evrardjp> if that's possible 17:33:56 <cloudnull> we shouldn't just limit it to haproxy 17:34:03 <odyssey4me> if jmccrory says it, it must be possible ;) 17:34:15 <spotz> heheheh 17:34:21 <evrardjp> yeah, it should be a setup delegate_facts delegate_to 17:34:32 <evrardjp> to get the fact of the interfaces facts 17:34:40 <evrardjp> cloudnull: why? 17:34:48 <cloudnull> at rax we have external LBs which are not haproxy 17:35:00 <cloudnull> so limiting to haproxy would break me 17:35:23 <evrardjp> cloudnull: you can still add the hosts 17:35:31 <evrardjp> of your load balancers 17:35:41 <cloudnull> but ansible wont have access to them 17:35:48 <cloudnull> so there are no facts to gather 17:35:59 <odyssey4me> assuming an override is available, surely any environment can override the defaults? 17:36:13 <evrardjp> that's what I meant 17:36:27 <cloudnull> so long as we can set the networks and are not forced to use facts from a given host, +1 17:37:00 <odyssey4me> perhaps we could have a smart default - use haproxy addresses if there are haproxy hosts, otherwise fall back to the CIDR's? 17:37:08 <cloudnull> ^ ++ 17:37:30 <odyssey4me> Use the inventory Luke... 17:37:32 <evrardjp> sounds good. The fallback would require work, because networks_cidr aren't directly exposed IIRC 17:37:36 <evrardjp> only the ips 17:38:18 <evrardjp> oh yes we do 17:38:19 <cloudnull> maybe the fall back is like the hap whitelist where it just any rfc1918 address 17:38:24 <evrardjp> {name}_cidr 17:38:56 <evrardjp> cloudnull: great security :p 17:38:59 <odyssey4me> seems sensible, given that the whitelist is well established 17:39:13 <evrardjp> ok we agree on the idea anyway, let's triage this: confirmed and medium? 17:39:16 <evrardjp> or low 17:39:20 <odyssey4me> if you care about security, you'd have a whitelist override in place 17:39:22 <evrardjp> it's a very edge case 17:39:40 <odyssey4me> confirmed/medium methinks 17:39:44 <cloudnull> something like https://github.com/openstack/openstack-ansible/blob/master/inventory/group_vars/haproxy_all/haproxy.yml#L63 17:40:02 <cloudnull> https://github.com/openstack/openstack-ansible/blob/master/inventory/group_vars/haproxy_all/haproxy.yml#L25-L28 17:40:33 <evrardjp> next 17:40:35 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1755593 17:40:36 <openstack> Launchpad bug 1755593 in openstack-ansible "Rally can't install encapsulated Tempest verifier" [Undecided,New] 17:40:47 <cloudnull> so use hap hosts by default, fall back to somethign that will work providing a minimal level of security but is configurable. 17:41:13 <evrardjp> cloudnull: we agree. 17:41:18 <cloudnull> cool 17:41:18 <evrardjp> Rally? 17:42:12 <odyssey4me> ja, apparently rally does its own preparation of some kind 17:42:20 <evrardjp> indeed 17:42:26 <evrardjp> installing ansible and all that jazz! 17:42:30 <odyssey4me> we had a discussion in channel about it 17:42:35 <evrardjp> oh 17:42:37 <evrardjp> ? 17:42:42 <evrardjp> about this bug? 17:42:48 <odyssey4me> yeah, me and the bug reporter 17:43:00 <evrardjp> what was the summary of that? It's not written in the bug 17:43:11 <odyssey4me> he's been looking into hacks and things but it doesn't look like he's reported back into the bug 17:43:18 <evrardjp> ok 17:43:39 <evrardjp> how do we triage this then? 17:43:51 <odyssey4me> well, it's definitely true - so confirmed 17:44:03 <odyssey4me> it seems to affect using rally, so I'd say medium 17:44:26 <odyssey4me> not high because this is the first we've heard of it - so either no-one uses rally, or this is a new issue in pike 17:44:40 <evrardjp> sold! 17:44:44 <evrardjp> next 17:44:51 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1755241 17:44:52 <openstack> Launchpad bug 1755241 in openstack-ansible "The Documentation for Pike is conistantly telling users to pull the wrong version" [Undecided,New] 17:45:27 <evrardjp> confirmed and medium, it's telling the right version, but the version is confusing 17:45:45 <evrardjp> ok for everyone? 17:45:47 <andymccr> yeah 17:46:05 <odyssey4me> ja 17:46:22 <evrardjp> next 17:46:24 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1754591 17:46:25 <openstack> Launchpad bug 1754591 in openstack-ansible "Neutron agent delete: remove the wrong argument" [Undecided,New] 17:47:03 <andymccr> i dont see what we can do abotu that 17:47:25 <evrardjp> yeah, so? 17:47:48 <andymccr> it'll be fixed in a future version of 16.0.x? 17:47:57 <evrardjp> oh it doesn't say it's part of the deploy of our playbooks 17:48:15 <evrardjp> andymccr: most likely it won't get fixed 17:48:26 <evrardjp> because we are still constrained 17:48:28 <andymccr> its backported to stable/pike? 17:48:30 <evrardjp> so we'll not get that bump 17:48:44 <evrardjp> I doubt it 17:48:49 <andymccr> https://review.openstack.org/#/c/518371/ 17:49:01 <evrardjp> oh it was 17:49:09 <andymccr> i guess the point im makgin is its not an OSA issue 17:49:10 <odyssey4me> looks like it merged into the stable branch, so there needs to be a release, then a u0c bump 17:49:16 <andymccr> ^ yeah 17:49:23 <odyssey4me> then we get it for free 17:49:35 <evrardjp> it's merged into stable branch 17:49:42 <evrardjp> it's just not bumped into u-c 17:49:53 <odyssey4me> yes, but it still has to be released - then bumped in u-c 17:49:58 <andymccr> yeah 17:50:05 <evrardjp> the patch for inclusion in pike is 2017. 17:50:09 <odyssey4me> u-c doesn't bump libraries to SHA's ;) 17:50:26 <odyssey4me> well, someone needs to be chased to do the release then 17:50:37 <evrardjp> "This issue was fixed in the openstack/python-openstackclient 3.13.0 " 17:50:43 <evrardjp> (2017-12-13) 17:50:46 <odyssey4me> or we need to implement our own git source usage for it 17:50:59 <evrardjp> it's just that this hasn't been bumped into requirements 17:51:04 <evrardjp> so I am not sure what we can do 17:51:26 <odyssey4me> we can push the review to bump u-c 17:51:42 <odyssey4me> for stable branches that's not an automatic process 17:52:07 <evrardjp> I thought that was kinda taboo 17:52:09 <evrardjp> :p 17:52:21 <evrardjp> "do not bump osc on stable branches!" 17:52:36 <evrardjp> I guess we can ask prometheanfire 17:52:37 <odyssey4me> you can always push up a review - it may not be accepted 17:52:47 <evrardjp> prometheanfire: can you have a look? 17:52:51 <odyssey4me> I've done it before 17:52:54 <jmccrory> why do they have stable branches otherwise? 17:53:05 <andymccr> yeah you can have a discussion about it at least. 17:53:08 <evrardjp> I've done it once, and it was not very welcomed by tonyb 17:53:14 <odyssey4me> for this bug though, I'd mark it as a duplicate and link the original bug to openstack-ansible 17:53:23 <evrardjp> good point 17:53:51 <evrardjp> next 17:54:01 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1754139 17:54:02 <openstack> Launchpad bug 1754139 in openstack-ansible "openvswitch does not start on new AIO deployment" [Undecided,New] 17:54:34 <evrardjp> ovs... mbuil could you by chance have a look at this? 17:55:07 <evrardjp> except if someone else is willing to have a look? 17:55:42 <evrardjp> leaving it as is in 5 seconds! 17:55:45 <evrardjp> 4 17:55:47 <evrardjp> 3 17:55:50 <evrardjp> 2 17:55:53 <evrardjp> 1 17:55:57 <evrardjp> (large seconds!) 17:56:03 <evrardjp> next 17:56:05 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1753801 17:56:07 <openstack> Launchpad bug 1753801 in openstack-ansible "Galera connection contention on full base deployment on Xeon E3 " [Undecided,New] 17:57:28 <evrardjp> I guess we'll wait for logan- 's report and patches :) 17:57:35 <evrardjp> good job there 17:57:47 <evrardjp> let's move on, shall we? 17:57:52 <andymccr> yeah 17:57:54 <evrardjp> #link https://bugs.launchpad.net/openstack-ansible/+bug/1753790 17:57:55 <openstack> Launchpad bug 1753790 in openstack-ansible "spurious 'no space left on device' errors during venv build" [Undecided,New] 17:57:55 <logan-> im not sure if it is valid, gnocchi is totally broken on pike currently and restarts endlessly 17:58:03 <hwoarang> hmm 17:58:03 <prometheanfire> wat 17:58:08 <hwoarang> that may have been fixed 17:58:11 <evrardjp> logan-: oh so we'll wait for your feedback :) 17:58:26 <evrardjp> hwoarang: are we sure it's done now? 17:58:29 <prometheanfire> evrardjp: bumping thing in stable branches is fine, if it a stable branch release 17:58:33 <hwoarang> i haven't seen it lately 17:58:36 <hwoarang> have you? 17:58:38 <odyssey4me> no, I've still seen disk space issues come up 17:58:43 <hwoarang> ok then... 17:58:48 <evrardjp> odyssey4me: on which branch? 17:58:59 <odyssey4me> master 17:59:02 <evrardjp> I have seen things on Q 17:59:08 <evrardjp> oh 17:59:16 <evrardjp> yeah let's leave that open then 17:59:21 <evrardjp> as a reminder! 17:59:34 <odyssey4me> cloudnull and I discussed it... but couldn't figure it out 17:59:43 <odyssey4me> I didn't think I'd seen it on Queens though. 17:59:54 <evrardjp> mmm. Let's rollback to standard lxc image managemnt then :p 18:00:01 <odyssey4me> might need to dig into logstash to see how frequently that's happening 18:00:14 <evrardjp> I still need to learn that thing. 18:00:29 <evrardjp> next time you do it, let's discuss on the channel 18:00:31 <evrardjp> ok 18:00:36 <odyssey4me> sure 18:00:38 <evrardjp> It's time to wrap up 18:00:56 <evrardjp> #endmeeting