16:00:16 #startmeeting openstack_ansible_meeting 16:00:17 Meeting started Tue Feb 16 16:00:16 2021 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:18 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:20 The meeting name has been set to 'openstack_ansible_meeting' 16:00:23 #topic bug triage 16:01:10 I'm wondering why this issue raised https://bugs.launchpad.net/openstack-ansible/+bug/1805630 16:01:12 Launchpad bug 1805630 in openstack-ansible "Keystone install fail because it put node in maintenance and question it (503 unavailable)" [Undecided,New] 16:02:14 I was never facing this tbh... 16:02:38 I don't run IDP though... 16:03:10 i have never seen anything like that 16:03:56 Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder stable/victoria: Fix cert verification logic for cinder api https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/775771 16:03:57 however we've never deployed with federation in the config initially 16:04:15 i think it's always been something we layer on afterwards once the cloud is up 16:04:53 Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder stable/victoria: Fix cert verification logic for cinder api https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/775771 16:05:18 Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder stable/ussuri: Fix cert verification logic for cinder api https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/775772 16:06:07 Dmitriy Rabotyagov proposed openstack/openstack-ansible-os_cinder stable/train: Fix cert verification logic for cinder api https://review.opendev.org/c/openstack/openstack-ansible-os_cinder/+/775773 16:06:32 ok 16:07:03 then re-raised this one https://bugs.launchpad.net/openstack-ansible/+bug/1848245 16:07:04 Launchpad bug 1848245 in openstack-ansible "Deletion of routers with HA enabled fails" [Undecided,New] - Assigned to James Denton (james-denton) 16:07:44 if it's a real bug i guess that this may fix it https://github.com/openstack/openstack-ansible/commit/457447431fe0c46e67b91717897e89fb971b753a 16:08:07 as it moves all the federation setup to a second play, after keystone is active again in the LB 16:08:33 hm, I guess I've mentioned that patch in the bug 16:11:33 so back in rocky we carried a policy template inside the os_neutron role 16:11:35 no I haven't 16:11:51 perhaps this is somehow leftover policy from an old version 16:12:37 for the keystone thing it would also need https://github.com/openstack/openstack-ansible/commit/2bb60193028fc848e87cdc7f416019482b8cf2cb 16:12:47 * jrosser messed up first time :( 16:13:25 well that one I mentioned in bug) 16:15:04 ok 16:16:20 regarding rootwrap, I think we use smart_sources?:) 16:17:38 so we should just take this https://opendev.org/openstack/neutron/src/branch/master/etc/neutron/rootwrap.d/l3.filters 16:18:27 well, they have this https://opendev.org/openstack/neutron/src/branch/stable/stein/etc/neutron/rootwrap.d/l3.filters#L72-L77 16:18:31 Merged openstack/ansible-role-python_venv_build stable/victoria: Remove preflight checks https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/775234 16:20:07 Ok, I guess that's it in terms of bugs? 16:20:21 yes 16:21:18 oh. one thing. I introduced bug with dropping default barbican kek and https://review.opendev.org/c/openstack/openstack-ansible/+/775856 to ccover this 16:21:47 could we go through this https://etherpad.opendev.org/p/osa-ci-failures 16:22:08 totally! 16:22:23 first one seems like progress on mariadb 16:22:38 hopefully 10.5.9 will fix the failure to startup 16:22:52 then next one "Fail to retrieve upper constraints" 16:23:00 i have some patches but kind of not sure on the approach 16:23:03 change of root -> admin fails on cluster bootstrap with missing permissions 16:23:37 do we need to split the bootstrap and user creation to be root vs. admin user? 16:23:46 I still don't like passing u-c as a content... 16:24:29 I don't really know why it takes admin user for bootstrap.. because of my.cnf? 16:24:39 needd to check this out 16:24:59 do you have a neater way for the u-c stuff 16:25:19 i was wanting to leave it overridable, to have several different SHA of u-c available on the repo server if needed 16:26:10 but what stopps us from jsut passing local path here? https://review.opendev.org/c/openstack/openstack-ansible/+/774518/4/playbooks/repo-install.yml 16:26:36 need of checkout? 16:26:54 outside of CI the path isnt local 16:27:14 actually does not exist at all 16:27:51 noonedeadpunk: when i check the /var/log/httpd/error_log, I can only see log entrys from the start of the httpd service. 16:28:05 the access_log is empty 16:28:06 but we can use get_url instead of uri? 16:29:09 except in CI when it's file:/// 16:29:29 there's anyway `when: requirements_git_repo is search('http')` 16:29:48 yes so this is all about making a clean interface to the repo server role 16:29:54 which doesnt matter if CI or not 16:30:07 noonedeadpunk: the VirtualHost have this setting... 16:30:08 CustomLog "|/usr/bin/env logger -p daemon.info -t httpd" "%h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" 16:30:12 but something still not really feeling right about my patches, not sure really why 16:30:33 yes, totally, but what I mean is - why we can't always provide it with local file path? 16:30:49 on the deploy host? 16:30:51 yep 16:31:05 and instead of content it will be just src 16:31:48 i had considered making /etc/openstack_deploy/u-c/ 16:31:57 and anything in there just gets put to the repo server 16:31:57 and we won't need to retrieve u-c later as well, because we can use it all the time then 16:32:14 or that... 16:32:51 for realy deployments it's also a profit because in case of mirrors issues your deployment won't stuck 16:33:39 or I'm missing that on repo container it won't be retrived anymore? 16:34:00 see, this is more complicated than it seems on the surface :) 16:34:15 yeah... 16:34:35 I just really didn't have time to properly look this through... 16:34:48 and play around with code 16:35:02 ok, so related i left a comment here https://review.opendev.org/c/openstack/openstack-ansible/+/775095 16:35:44 ah damn it 16:37:02 ok cool 16:37:17 next one i wanted an opinion on was this https://review.opendev.org/c/openstack/openstack-ansible/+/775695 16:37:27 I need to spent time and configure gerrit email filters... 16:37:35 ceph_client role seems to define the vars kind of oddly 16:37:38 * noonedeadpunk has 6k emails from gerrit in folder 16:37:56 lots of things exist only in vars/blah.yml rather than defaults 16:38:02 Merged openstack/openstack-ansible master: Collect contents of /etc/dnf from CI jobs https://review.opendev.org/c/openstack/openstack-ansible/+/775677 16:38:57 either i have a mistake with the override i make, or it's not possible to override that role var 16:39:20 because it's included during runtime 16:39:46 yeah, I think we should move things to default... 16:39:54 right, so -e would only have precedence over vars/main.yml? 16:40:19 I'm not 100% sure but might be... 16:40:40 ok cool i will try to take a look at tidying up ceph_client vars a bit 16:41:03 thats the CI errors that i've looked into 16:41:10 the rest not so much yet 16:41:58 let me quikly test it out... 16:42:36 the "Keystone/memcached error" i think we need to talk to the oslo people 16:42:56 something funky there with the connection to memcached from keystone in a way i don't understand 16:45:04 noonedeadpunk, added a comment on https://review.opendev.org/c/openstack/openstack-ansible-os_barbican/+/768513 16:45:47 ok, cool, thanks! 16:46:30 jrosser: well, no, even when vars are included they can be overriden 16:46:44 interesting 16:47:06 must be something else i've got wrong there, just just wrong var name or somthing 16:47:13 http://paste.openstack.org/show/802699/ 16:48:57 but, if you define in play vars it will be overriden 16:49:43 http://paste.openstack.org/show/802700/ 16:50:14 so -e have prescedence over everything 16:50:21 but maybe it's not the case here 16:50:41 * jrosser facepalm 16:51:12 Jonathan Rosser proposed openstack/openstack-ansible master: Use infra mirror for ceph_client role in CI https://review.opendev.org/c/openstack/openstack-ansible/+/775695 16:51:21 1 character wrong 16:51:34 ah:) 16:51:36 well) 16:52:25 the only other thing on the CI list which is pretty easy is adding erlang-solutions repo to the infra mirror 16:52:59 though i did spend some time wading around system-config repo trying to figure that all out 16:53:58 for focal we use native repo though, right? 16:54:17 eventually whatever... 16:55:01 we probably should ask fungi or clarkb ? 16:55:11 just to ssave up some time? 16:55:30 ah yes it was a buster job that broke 16:55:43 seems every time they release a new package the repo is bust until someone tweets them 16:56:09 create a bot script to tweet them when it breaks ! 16:56:10 haha 16:56:40 i think that the infra reprepro stuff may shield us from that as it needs to repo to be good in order to mirror it 16:57:09 well yes, that would be probably nice to have 16:57:58 thats probably all on the CI fixes, but if anyone wants to dig at some of the more obtuse errors please do 16:58:27 imho this is the best way we can reduce the CI load for OSA 16:58:52 yeah But atm maria brings the most issues with ci 16:59:29 final thing from me would be centos-8 stream 16:59:39 i tried some stuff again in a VM today 17:00:11 i could install networkd from epel and lxc copr repo without a ton of install conflicts like i got before 17:00:36 and i got a chroot built with `sudo dnf --installroot=/home/centos/foobar install --setopt=install_weak_deps=False --nodocs rootfiles` 17:01:33 I think idea to have all of lxc images build from chroot instead all that nasty searches is really awesome 17:01:42 i will hack around in an AIO next to see what i can do 17:01:48 and it should be faster as well 17:01:56 agreed, was just looking at lxc_hosts and there is tons of complexity 17:02:08 could be really simplified 17:02:30 I was also thinking if we should add some centos forks support like AlmaLinux? 17:03:04 I used to rely on cloudlinux a lot previously... 17:03:21 jrosser not as far as I know - I can dig around for you if you like 17:03:21 well, it's still very much the case that we don't have an active contributor for centos stuff 17:03:46 https://goo.gl/maps/mGtpF5rcW1T52rvU9 ? 17:04:05 odyssey4me: that would be great, there are some differences we need to handle but the regualar ansible vars don't seem very helpful 17:04:15 jrosser https://github.com/ansible/ansible/issues/73027 17:05:04 oh so it's patched https://github.com/relrod/ansible/commit/44f8b8b56929df1b81852b73f862f3254b3bde2e 17:05:40 yeah, that one may be worth proposing as a backport to the stable releases 17:06:09 yes that would be useful, as 2.10 kind of exists and centos changes underneath it 17:07:11 * noonedeadpunk should finally write up tests for systemctl ansible module.... 17:07:34 #endmeeting