15:01:57 <noonedeadpunk> #startmeeting openstack_ansible_meeting 15:01:57 <opendevmeet> Meeting started Tue Sep 27 15:01:57 2022 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:57 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:01:57 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting' 15:02:02 <noonedeadpunk> #topic rollcall 15:02:06 <jrosser_> o/ hello 15:02:09 <noonedeadpunk> \o/ 15:02:17 <damiandabrowski> hi! 15:02:28 <ThiagoCMC> jrosser_, you mean, without Inspector containers? 15:03:46 <ThiagoCMC> i.e., no "ironic-inspector_hosts:" declared in openstack_deploy dir...? 15:04:42 <noonedeadpunk> #topic office hours 15:05:18 <noonedeadpunk> So, recently I've worked a bit on improving testing for cinder volumes. Eventually, we did not test if it was working or not in aio at all 15:05:43 <noonedeadpunk> as we never run any tempest scenario that would use bfv or jsut attach volumes 15:06:40 <noonedeadpunk> At the same time I'm not sure how we really want to run this as we still want to check ephemerals and reduce jobs timing 15:06:47 <noonedeadpunk> (or at least not increasing it 15:07:08 <noonedeadpunk> I pushed couple of patches here https://review.opendev.org/q/topic:osa%252Ftest_volumes 15:07:46 <noonedeadpunk> Next thing I looked into is ansible 2.13. We're suuuper close now, but now a bit blocked by not having infra mirrors for moder ceph 15:08:11 <jrosser_> how is that connected? 15:08:16 <noonedeadpunk> By now we were installing octopus and jrosser_'s patch for pacific was never merged. 15:08:42 <noonedeadpunk> jrosser_: well, it's connected to ceph-ansible steable-7.0 that tries to install quincy by default 15:08:49 <noonedeadpunk> *stable-7.0 15:09:19 <jrosser_> oh i see - and we need 7.0 for the newer ansible to be ok? 15:09:30 <damiandabrowski> btw. what issues we had with bfv? I assume there's a reason why you're so motivated to cover it with tempest now :D 15:09:40 <noonedeadpunk> and stable-7.0 does install our config_template collection rather their own fork 15:10:48 <noonedeadpunk> damiandabrowski: it was not working?:) Denys was trying to spin up aio_ceph and cinder-volume was not starting at all because of backend naming started with rbd 15:11:03 <NeilHanlon> i'm looking into that ansible python / rocky / ceph thing as well as getting back to my integration for rocky 9. re-downloaded the VM and hoping to get it merged this week 15:11:26 <jrosser_> i'm sure we came across that backend naming thing a loooong time ago for rbd 15:11:29 <damiandabrowski> ah ok 15:11:53 <noonedeadpunk> oh yes we did. But we never fixed aio as it never bothered us (as we didn't test it) 15:12:01 <jrosser_> ahha of course 15:12:12 <noonedeadpunk> so that was motivation :) 15:12:47 <NeilHanlon> tests?! who needs tests 15:12:52 <NeilHanlon> tests only cause problems :D 15:12:58 <noonedeadpunk> NeilHanlon: well, as of now I've rejected our bug, as it can be quite simply worked around (and in fact it's not our bug). But in general ansible might be worth fixing... 15:13:38 <NeilHanlon> agreed, just not sure "what" needs fixing just yet.. in any case that one I'm taking back to rocky 15:14:07 <noonedeadpunk> NeilHanlon: another question to you (or your team) - maybe you're also itnerested in helping out MariaDB to build/have packages and repo for CentOS/Rocky... https://jira.mariadb.org/browse/MDEV-28842 15:14:48 <noonedeadpunk> As when I talked to monty - they said there's no interest from ppl to have that 15:14:48 <NeilHanlon> totally. i will comment on that issue with support and offer to help :) 15:16:08 <noonedeadpunk> I can help out with Rocky 9 if needed - I jsut downloaded images and was about to spawn VMs to see what's wrong. 15:16:57 <NeilHanlon> iirc from zuul, ansible in the virtualenv was unable to find libselinux to disable it 15:17:38 <jrosser_> this is something that was changed in recent ansibles, how selinux is handled 15:17:45 <noonedeadpunk> I wonder that maybe it does need libselinux binary to realize that it's not needed?:) 15:17:56 <jrosser_> specifically how the python<>.so interface is done 15:18:05 <noonedeadpunk> yeah, they do use c bindings now 15:18:33 <NeilHanlon> that lib should definitely be.. available, since the package is installed on the system 15:18:47 <noonedeadpunk> jrosser_: there was issue regardign your patch that fixed keystone bootstrap when proxy was used. It's fixed now with https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/859232 but not sure if this doesn't break anything for you (and idp stuff). 15:18:59 <jrosser_> ah yes i saw that 15:19:03 <noonedeadpunk> and Andrew was not around to ask to test out. 15:19:11 <jrosser_> i think andrew might be back next week 15:19:31 <noonedeadpunk> But I _think_ it should be fine 15:19:51 <jrosser_> i could try that easily with an AIO on our internal instance, thats behind a proxy 15:20:12 <noonedeadpunk> NeilHanlon: maybe it also goes back to ansibles' discovery that is failing 15:20:47 <noonedeadpunk> (and python discovery that does not happen for $reason) 15:21:20 <jrosser_> theres been quite some discussion of ironic recently too - we're really not in great shape there and it would be good if we can make things more working out-of-the-box for Z 15:21:25 <noonedeadpunk> but not sure - did not have chance to check out. Though I believe we do have couple of users by now that try or do use Rocky with OSA 15:22:17 * noonedeadpunk still haven't got to ironic deployment so quite clueless 15:22:49 <jrosser_> well, ironic itself is hugely configurable and pluggable 15:23:26 <jrosser_> and the existing os_ironic has one particular view about how the deployment should be (single tenant, metal deploy, some others, ......) 15:23:53 <jrosser_> and none of those things are documented in the role and i think jamesdenton mentioned making some docs which should cover that 15:24:21 <jrosser_> stuartgr has done an LXC deployment here and there is really a lot that doesnt work 15:24:46 <noonedeadpunk> that's sad to hear :( but indeed role before did not have enough love... 15:25:12 <jrosser_> good news is we have it kind of working now, but there are a bunch more patches needed 15:25:21 <noonedeadpunk> also to reming about PTG doc - here's etherpad: 15:25:24 <noonedeadpunk> #link https://etherpad.opendev.org/p/osa-antelope-ptg 15:25:27 <jrosser_> including for IPMI serial consoles working in horizon 15:26:12 <jrosser_> i would really like to get this in better shape for Z release if there is time 15:27:53 <noonedeadpunk> I'd love to help - but can help only with reviews now. 15:28:29 <noonedeadpunk> If look optimistically at ours internal backlog - I'm not sure if we get to it until Antelope... Likely yes, but not 100% 15:29:22 <noonedeadpunk> What I'd really to get progress on - internal SSLs. As a lot was already done (read - concept) but I'm not sure where and why this has stuck. 15:29:28 <jrosser_> well it's kind of similar here - we can work on ironic patches as we are deploying it 15:29:51 <jrosser_> SSL has got stuck because it was really being driven by james gibson and sadly he has moved to another job now 15:29:56 <jrosser_> and i don't have any replacement 15:30:06 <noonedeadpunk> I guess we can take it and move forward if it's the only reason 15:30:13 <opendevreview> Kevin Carter proposed openstack/openstack-ansible master: feat: Add skyline deployment capability https://review.opendev.org/c/openstack/openstack-ansible/+/859446 15:30:27 <jrosser_> there is not really any technical issue other than needed to have time to work on it 15:30:36 <prometheanfire> elk logstash container too small at 8G? 15:31:40 <noonedeadpunk> and we're quite happy with the concept? as we haven't landed even blueprint for $reason 15:33:03 <jrosser_> well it is complex 15:33:22 <jrosser_> the transition from backends being http -> https across and upgrade is pretty difficult 15:33:30 <noonedeadpunk> yeah, migration is quite complex indeed 15:33:31 <jrosser_> and understanding is needed by whoever takes it on 15:34:07 <jrosser_> well the code makes the transition simple for an operator 15:34:08 <cloudnull> o/ jrosser_ I PR'd your role for skyline into the openstack-ansible repo. any thoughts on seeing that role brought into the os namespace? 15:34:11 <jrosser_> but the mechanism is complex 15:34:27 <jrosser_> cloudnull: that would be fine - just lacking time from my POV 15:34:33 <noonedeadpunk> cloudnull: the only issue I see is that skyline is not official project yet 15:34:41 <noonedeadpunk> not sure if that should tighten us though 15:35:00 <cloudnull> ¯\_(ツ)_/¯ 15:35:01 <jrosser_> not sure they have branches or releases yet really which we'd have to be careful about 15:35:19 <noonedeadpunk> it's still "emerging" 15:35:34 <jrosser_> but the velocity seems high so having it at least as "experimental" would be great 15:35:36 <cloudnull> works i n dev 😉 15:35:57 <jrosser_> personally i am stuck with horizon because of federation 15:36:11 <jrosser_> and i did the role to bootstrap interest from others 15:36:12 <cloudnull> my only complaint is that all the VMs need a volume, but besides that its really nice alt to horizon 15:37:18 <jrosser_> cloudnull: i think CI might be interesting, because the "yarn" (?) bits needed many Gb of ram 15:37:38 <prometheanfire> heh, tested in chrome only it seems 15:37:40 <noonedeadpunk> I'm kind of fine bringing i as experimental 15:37:54 <cloudnull> All of the static files are shipped with the python bits so we dont have to build the Node things. 15:38:32 <noonedeadpunk> but I;m not sure they're following u-c and requirements yet. 15:38:43 <noonedeadpunk> but yeah, good as experimental 15:39:04 <noonedeadpunk> should we gain some interest during ptg/operational hours or jsut agree to add it? 15:39:10 <cloudnull> the current skyline role doesn't do any of the node building. it probably would be a good thing to add so that we can force a rebuild of static files if required? 15:39:55 <cloudnull> I'm in no rush to see it merged, just was committing things I have running in my environments. 15:40:09 <cloudnull> also trying to highlight jrosser_ excellent work on that role :D 15:40:11 <jrosser_> i think my first patches did have the node build stuff so it should be there in the history 15:40:42 <jrosser_> i converted the skyline "install from source" instructions pretty verbatim into ansible iirc 15:41:06 <cloudnull> I'm going to take another pass at trying to make it work in apache 15:41:15 <noonedeadpunk> I'd personally hate to mess up with npm... 15:41:17 <cloudnull> at the moment its nginx or bust 15:41:38 <jrosser_> yeah, i didnt dive deep enough into making the equivalent reverse proxy setup 15:41:46 <cloudnull> I sadly cant make it work in uwsgi 😢 15:41:49 <noonedeadpunk> I also wonder if we should make skyline mutualy exclusive with horizon 15:42:17 <noonedeadpunk> or we should have some acls on haproxy 15:42:31 <cloudnull> noonedeadpunk +1 probably a good idea. in that initial pr i used 8443 for ssl and 9999 for non-ssl (9999 is their default) 15:44:32 <noonedeadpunk> btw we have couple of backports to stable branches - so if anybody have time for reviews - super welcome 15:45:12 <jrosser_> cloudnull: https://github.com/jrosser/openstack-ansible-os_skyline/commit/82b1f5a5e6eff9df441c96677e0aa6d578bc8552#diff-7ae20663f88c2ee2e49e28cecf7c0eeb99efdb53ec0faf27c0a50ce3dcaf2370 15:45:35 <jrosser_> i expect this would benefit from doing all the npm-ness on the repo container 15:45:44 <jrosser_> only wants to be done once as it's super heavyweight 15:46:41 <cloudnull> for sure! 15:47:10 <NeilHanlon> noonedeadpunk: any idea on how to actually get into this DIB image? I tried injecting my ssh key but I get denied lol 15:47:32 <cloudnull> I found I didn't need to actually run that when doing the deployment as all the generated node bits are part of the skyline-console repo. however, having the option to rebuild is probably a really good thing to have. 15:47:40 <jrosser_> ah interesting 15:48:16 <cloudnull> yeah for my local builds I just pip installed my way to success. 15:48:21 <jrosser_> i wonder if that is deliberate, or just a .gitignore accident :) 15:48:34 <cloudnull> however, who knows how that will shape up as they get closer to an actual relesae 15:48:47 <cloudnull> yeah exactly my thoughts too 15:49:01 <noonedeadpunk> NeilHanlon: I think it depends on set of elements you've used to build it. As under normal conditions some cloud-init element should be explicitly included 15:49:55 <noonedeadpunk> we can also ask infra folks to create a hold for this patch/job and they can place a key to the VM spawned by zuul 15:50:06 <jrosser_> do you need config-drive? 15:50:37 <jrosser_> iirc there is glean instead of cloud-init? 15:50:48 <noonedeadpunk> oh. pf. yes 15:51:02 <noonedeadpunk> though I thought it's only for latest fedora... 15:51:14 <noonedeadpunk> But maybe it's indeed since 34... 15:51:40 <NeilHanlon> hrm yeah I see glean in the bootup logs 15:54:18 <NeilHanlon> ... i think the documentation on config drives is just a loop 15:56:22 <jrosser_> should be `openstack server create --use-config-drive ....` 15:57:01 <NeilHanlon> yeah was trying to launch in qemu but seems I'd need to make my own ISO with the right data.. probably easier to just do in openstack 16:00:26 <noonedeadpunk> #endmeeting