15:00:42 #startmeeting openstack_ansible_meeting 15:00:42 Meeting started Tue Jun 29 15:00:42 2021 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:42 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:42 The meeting name has been set to 'openstack_ansible_meeting' 15:00:54 #topic rollcall 15:00:57 o/ 15:03:03 o/ 15:05:09 #topic office hours 15:05:32 so, today roles have branched 15:05:43 and we are partially stuck because of the tests repo 15:06:11 we have this topic to track down progress 15:06:14 #link https://review.opendev.org/q/topic:%22create-wallaby%22+(status:open) 15:06:46 so eventually main failing point are: functional tests and linters 15:07:04 functional teests fail because of the pki role eventually 15:07:04 o/ hello 15:08:51 I kind of pushed https://review.opendev.org/c/openstack/ansible-role-pki/+/798685 but dunno how to test if functional are gonna like it 15:09:03 as depends-on doesn't work.... 15:09:16 and same issue go for linters actually.... 15:09:41 something else fails oddly now "Could not find or access '/etc/pki/rabbitmq-ca/roots/RabbitMQRoot/certs/RabbitMQRoot.crt' on the Ansible Controller 15:10:59 oh, indeed,,,, 15:11:12 it feels more like certs are not generated properly 15:11:39 oh i see whats happening 15:11:54 we're using defaults in rabbit role 15:11:56 its created at "path": "/etc/pki/rabbitmq-ca/roots/RabbitMQRoot/certs/RabbitMQRoot-1000.crt" 15:12:10 and maybe we have more stuff defined in integrated repo 15:12:19 yes 15:12:28 the rabbit repo will use the integrated tests 15:12:57 it's because the rabbit role will use the deployment wide Root CA in the integrated tests 15:12:59 well, we can probably also add overrides to tests repo to fit what we have 15:13:08 but maybe worth adjusting defaults if needed? 15:13:34 yeah 15:13:50 (but I don't still see what exactly fails there) 15:14:02 or how to avoid that... 15:15:17 when the CA cert is generated the serial number has been included in the filename 15:15:33 when it tries to install that CA it looks for it at a path without the serial number 15:16:29 but those two things should be symlinked to each other https://github.com/openstack/ansible-role-pki/blob/master/tasks/standalone/create_ca.yml#L108-L113 15:16:46 oh, ok, I see 15:17:22 but links seems to be created according to what I see? 15:18:16 https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_728/798638/5/check/openstack-ansible-functional-ubuntu-focal/728b8a7/logs/ara-report/results/452.html 15:18:46 it certainly looks correct 15:19:30 oh! Host: infra1 15:20:05 but it's copy module... 15:20:52 yes, but it expects the source to be on the controller node 15:21:18 but the CA stuff has been constructed on infra1 15:22:21 so thats kind of two issues - the CA isn't built on localhost..... and/or this doesn't cope with the case when the CA is built on something != localhost 15:22:54 Well looking at https://zuul.opendev.org/t/openstack/build/728b8a7ca5d64883b189c1f116eeceb8/log/job-output.txt it looks like delegated? 15:23:02 L5001 15:23:24 i was looking at the tasks at the end of here https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_728/798638/5/check/openstack-ansible-functional-ubuntu-focal/728b8a7/logs/ara-report/playbooks/1.html?status=failed&status=unreachable#results 15:23:50 well, maybe it's ara doesn't show delegate properly? 15:23:57 could be 15:24:10 dmsimard: anything known that ara doesn't respect delegate_to? 15:25:10 so I still didn't quite get why it fails.... ;( 15:25:25 i think these tasks fall outside the delegate? https://github.com/openstack/ansible-role-pki/blob/master/tasks/standalone/install_ca.yml 15:25:43 they are outside of the delegate 15:25:57 but it's fine, since we copy from localhost to remote host 15:26:02 so we run against remote host 15:26:19 (it doesn't respect `something != localhost` for sure) 15:27:45 i think i see why it fails though, the tasks to build the CA target infra1 and delegate to localhost 15:28:11 oh errm 15:28:59 Merged openstack/openstack-ansible-os_tempest stable/wallaby: Update .gitreview for stable/wallaby https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/798587 15:29:03 Merged openstack/openstack-ansible-os_tempest stable/wallaby: Update TOX_CONSTRAINTS_FILE for stable/wallaby https://review.opendev.org/c/openstack/openstack-ansible-os_tempest/+/798588 15:31:29 * noonedeadpunk tries to reproduce 15:32:06 but eventually doing final W release is smth we should look into (and thus unblocking functional stuff) 15:32:35 i am kind of confused with what is happening here tbh 15:32:39 I dunno if it's worth making RC1 with not merged .gitreview in roles for W 15:33:26 there is a difference that in the integrated repo it will target localhost though https://github.com/openstack/openstack-ansible/blob/master/playbooks/certificate-authority.yml#L16 15:34:58 openstack_pki_setup_host is not defined anywhere, so it should be like that in both cases? 15:35:55 in the integrated repo we never have it create a CA during the rabbit role though 15:35:59 but yes... 15:36:08 `included: /home/zuul/src/opendev.org/openstack/ansible-role-pki/tasks/main_ca.yml for infra1` 15:36:09 thats done up front 15:36:59 oh... 15:37:14 indeed... 15:37:58 we just include pki role as main there 15:38:08 and go through https://opendev.org/openstack/ansible-role-pki/src/branch/master/tasks/main.yml 15:38:21 the idea was it should be able to stand alone 15:39:00 well, good probably that we catched that... 15:40:01 but I think we can't delegate inlcude task... 15:41:32 um, I dunno how to fix that without adjusting playbook for rabbitmq 15:42:30 Jonathan Rosser proposed openstack/openstack-ansible-tests master: Gather /etc/pki directory https://review.opendev.org/c/openstack/openstack-ansible-tests/+/798703 15:42:33 or we need to make respect `pki_setup_host != localhost` during copy 15:43:36 Jonathan Rosser proposed openstack/openstack-ansible-tests master: Gather /etc/pki directory https://review.opendev.org/c/openstack/openstack-ansible-tests/+/798703 15:44:04 maybe it should be using slurp rather than copy 15:44:08 oh, smth weird is there... 15:44:26 yeah, might be actually 15:44:35 do you have this locally?\ 15:44:54 deploying 15:45:00 already on container creation 15:45:48 doh, no, lost connection to VM :( 15:46:06 (pretty common thing for functional tests actually) 15:49:42 ah, well I do have same net for br-mgmt and internal one :( 15:50:55 it feels like some of the patterns from python_venv_build are what is needed here, like where it collects the constraints file 15:52:00 this actually https://github.com/openstack/ansible-role-python_venv_build/blob/master/tasks/python_venv_install.yml#L16-L23 15:52:11 slurp / delegate / run_once / register 15:53:05 oh, well, yeah, looks pretty applicable 15:58:30 #endmeeting