15:03:03 <noonedeadpunk> #startmeeting openstack_ansible_meeting 15:03:03 <opendevmeet> Meeting started Tue Jul 11 15:03:03 2023 UTC and is due to finish in 60 minutes. The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:03:03 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:03:03 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting' 15:03:09 <noonedeadpunk> #topic rollcall 15:03:11 <noonedeadpunk> o/ 15:03:38 <damiandabrowski> mgariepy: FYI, not sure if it's exactly the same thing you want to achieve, but docs say it's not supported 15:03:39 <damiandabrowski> https://docs.openstack.org/openstack-ansible/latest/user/security/index.html#:~:text=When%20enabled%20haproxy%20will%20use%20the%20same%20TLS%20certificate%20on%20all%20interfaces%20(internal%20and%20external).%20It%20is%20not%20currently%20possible%20in%20OpenStack%2DAnsible%20to%20use%20different%20self%2Dsigned%20or%20user%2Dprovided%20TLS%20certificates%20on%20different%20haproxy%20interfaces. 15:03:40 <damiandabrowski> hi! 15:04:27 <mgariepy> hey 15:04:49 <noonedeadpunk> I actually have exactly same usecase as you mgariepy, or well, "I", I know folks who needs the same :) 15:05:11 <noonedeadpunk> #topic office hours 15:05:15 <mgariepy> we can talk after the meeting then ;) 15:05:42 <noonedeadpunk> SO I worked a bit on quorum-queues, and things looks quite green 15:05:57 <noonedeadpunk> But I don't really like workarounds that had to take place for that 15:06:05 <noonedeadpunk> especially, for Nova 15:06:49 <noonedeadpunk> as it appears we're messing up with template for cells, by adding extra `/`, as these got parsed out from config 15:07:02 <noonedeadpunk> likely nova bug, but not sure if it was even reported 15:07:27 <noonedeadpunk> talking about this https://opendev.org/openstack/openstack-ansible-os_nova/src/branch/master/tasks/nova_db_setup.yml#L53 15:08:22 <noonedeadpunk> so had to add nasty logic with nova_migrate_cell_quorum_vhost: https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/887849/4/tasks/nova_db_setup.yml 15:08:45 <noonedeadpunk> but feel free to review that: https://review.opendev.org/q/topic:osa%252Fquorum_queues 15:09:08 <noonedeadpunk> I will be able to push patches to rest of the roles during the week if this looks like fair approach 15:10:14 <noonedeadpunk> Next thing I'm working on - update of linters, and that's /o\ 15:10:30 <noonedeadpunk> Was able to get 2/5 stars :D 15:10:32 <jrosser> so many errors :( 15:10:46 <damiandabrowski> noonedeadpunk: this workaround isn't that bad IMO, maybe we can live with this :D 15:12:09 <noonedeadpunk> I also wonder how getting rid of leading / in vhost names will affect monitoring toolset in deployments 15:12:36 <noonedeadpunk> As I can easily assume things being hardcoded and being relied on this `/` 15:13:33 <noonedeadpunk> yeah, there're plenty errors in linter, and really a lot of them are valid, to be fair 15:14:05 <noonedeadpunk> I will invest some time in going through roles and patching them with new linter requirements, it's super time-consuming though... 15:14:44 <noonedeadpunk> Also I've spotted, that we're quite inconsistent in playbooks regarding haproxy-endpoints-manage, unbound-clients and prepare-lxc-containers (or smth) 15:14:48 <jrosser> do you run the linters tox job to work on this locally? 15:15:18 <noonedeadpunk> Nah, I just run ansible-lint against role folder, excluding tests 15:15:25 <jrosser> ahha ok 15:15:53 <noonedeadpunk> but I have collections installed locally as well - that kinda requirement 15:16:08 <noonedeadpunk> And sourcing some things from openstack-ansible.rc 15:16:39 <noonedeadpunk> so do smth like `ansible-lint ../haproxy_server/ --exclude ../haproxy_server/tests/` 15:16:43 <mgariepy> sounds simple enough.. 15:17:24 <noonedeadpunk> It's not hard, it's time-consuming due to number of roles and issues 15:17:32 <jrosser> maybe we can crowd-source this a bit 15:17:45 <noonedeadpunk> that would be nice 15:17:47 <mgariepy> can we split via a etherpad or something ? 15:18:03 <noonedeadpunk> will create one 15:18:42 <spotz[m]> o/ 15:21:26 <noonedeadpunk> #link https://etherpad.opendev.org/p/osa-6.17-linters 15:22:23 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Bump ansible-core to 2.15.1 and collections https://review.opendev.org/c/openstack/openstack-ansible/+/886527 15:22:51 <noonedeadpunk> another good catch by damiandabrowski, is that not working triggering handlers from handlers is a bug, not a feature :) 15:23:03 <noonedeadpunk> so with 2.15.2 this should be fixed 15:23:18 <noonedeadpunk> as we use that more then just in galera role 15:25:16 <noonedeadpunk> Ah.... Also I've used my patch for 6.17.2 of ansible-lint, to overcome issue in integrated repo, where gather_facts can't be a variable. It's already merged to linters 15:26:15 <noonedeadpunk> https://github.com/ansible/ansible-lint/pull/3606 15:30:45 <noonedeadpunk> I don't have any progress on PKI pipe thingy yet :( 15:30:52 <damiandabrowski> I have a question, where can we save etherpad describing TLS performance impact for a future reference? Just to not forget why we decided not to enable it by default :D 15:30:52 <damiandabrowski> https://etherpad.opendev.org/p/openstack-ansible-tls-performance-impact 15:31:06 <noonedeadpunk> our wiki?) 15:31:32 <damiandabrowski> i still can't login to wiki and INFRA team is not really willing to help :D can you do that please? 15:31:56 <damiandabrowski> (but they confirmed that they saw this issue before and never fixed it) 15:32:27 <noonedeadpunk> added to https://wiki.openstack.org/wiki/OpenStack-Ansible#Etherpads 15:32:57 <damiandabrowski> thanks! 15:41:49 <noonedeadpunk> anything else we wanna to talk about? 15:42:27 <mgariepy> can you had the steps to run the linter in the etherpad ? 15:43:06 <mgariepy> just to streamline the some sourcing and stuff a bit :D 15:45:49 <mgariepy> thanks a lot. 15:46:07 <noonedeadpunk> Will do that 15:47:28 <mgariepy> it's all for me. :) 15:48:34 <noonedeadpunk> ok, will end up then slightly early 15:48:37 <noonedeadpunk> #endmeeting