#openstack-ansible log

15:03:03 <noonedeadpunk> #startmeeting openstack_ansible_meeting
15:03:03 <opendevmeet> Meeting started Tue Jul 11 15:03:03 2023 UTC and is due to finish in 60 minutes.  The chair is noonedeadpunk. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:03:03 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:03:03 <opendevmeet> The meeting name has been set to 'openstack_ansible_meeting'
15:03:09 <noonedeadpunk> #topic rollcall
15:03:11 <noonedeadpunk> o/
15:03:38 <damiandabrowski> mgariepy: FYI, not sure if it's exactly the same thing you want to achieve, but docs say it's not supported
15:03:39 <damiandabrowski> https://docs.openstack.org/openstack-ansible/latest/user/security/index.html#:~:text=When%20enabled%20haproxy%20will%20use%20the%20same%20TLS%20certificate%20on%20all%20interfaces%20(internal%20and%20external).%20It%20is%20not%20currently%20possible%20in%20OpenStack%2DAnsible%20to%20use%20different%20self%2Dsigned%20or%20user%2Dprovided%20TLS%20certificates%20on%20different%20haproxy%20interfaces.
15:03:40 <damiandabrowski> hi!
15:04:27 <mgariepy> hey
15:04:49 <noonedeadpunk> I actually have exactly same usecase as you mgariepy, or well, "I", I know folks who needs the same :)
15:05:11 <noonedeadpunk> #topic office hours
15:05:15 <mgariepy> we can talk after the meeting then ;)
15:05:42 <noonedeadpunk> SO I worked a bit on quorum-queues, and things looks quite green
15:05:57 <noonedeadpunk> But I don't really like workarounds that had to take place for that
15:06:05 <noonedeadpunk> especially, for Nova
15:06:49 <noonedeadpunk> as it appears we're messing up with template for cells, by adding extra `/`, as these got parsed out from config
15:07:02 <noonedeadpunk> likely nova bug, but not sure if it was even reported
15:07:27 <noonedeadpunk> talking about this https://opendev.org/openstack/openstack-ansible-os_nova/src/branch/master/tasks/nova_db_setup.yml#L53
15:08:22 <noonedeadpunk> so had to add nasty logic with nova_migrate_cell_quorum_vhost: https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/887849/4/tasks/nova_db_setup.yml
15:08:45 <noonedeadpunk> but feel free to review that: https://review.opendev.org/q/topic:osa%252Fquorum_queues
15:09:08 <noonedeadpunk> I will be able to push patches to rest of the roles during the week if this looks like fair approach
15:10:14 <noonedeadpunk> Next thing I'm working on - update of linters, and that's /o\
15:10:30 <noonedeadpunk> Was able to get 2/5 stars :D
15:10:32 <jrosser> so many errors :(
15:10:46 <damiandabrowski> noonedeadpunk: this workaround isn't that bad IMO, maybe we can live with this :D
15:12:09 <noonedeadpunk> I also wonder how getting rid of leading / in vhost names will affect monitoring toolset in deployments
15:12:36 <noonedeadpunk> As I can easily assume things being hardcoded and being relied on this `/`
15:13:33 <noonedeadpunk> yeah, there're plenty errors in linter, and really a lot of them are valid, to be fair
15:14:05 <noonedeadpunk> I will invest some time in going through roles and patching them with new linter requirements, it's super time-consuming though...
15:14:44 <noonedeadpunk> Also I've spotted, that we're quite inconsistent in playbooks regarding haproxy-endpoints-manage, unbound-clients and prepare-lxc-containers (or smth)
15:14:48 <jrosser> do you run the linters tox job to work on this locally?
15:15:18 <noonedeadpunk> Nah, I just run ansible-lint against role folder, excluding tests
15:15:25 <jrosser> ahha ok
15:15:53 <noonedeadpunk> but I have collections installed locally as well - that kinda requirement
15:16:08 <noonedeadpunk> And sourcing some things from openstack-ansible.rc
15:16:39 <noonedeadpunk> so do smth like `ansible-lint ../haproxy_server/ --exclude ../haproxy_server/tests/`
15:16:43 <mgariepy> sounds simple enough..
15:17:24 <noonedeadpunk> It's not hard, it's time-consuming due to number of roles and issues
15:17:32 <jrosser> maybe we can crowd-source this a bit
15:17:45 <noonedeadpunk> that would be nice
15:17:47 <mgariepy> can we split via a etherpad or something ?
15:18:03 <noonedeadpunk> will create one
15:18:42 <spotz[m]> o/
15:21:26 <noonedeadpunk> #link https://etherpad.opendev.org/p/osa-6.17-linters
15:22:23 <opendevreview> Dmitriy Rabotyagov proposed openstack/openstack-ansible master: [DNM] Bump ansible-core to 2.15.1 and collections  https://review.opendev.org/c/openstack/openstack-ansible/+/886527
15:22:51 <noonedeadpunk> another good catch by damiandabrowski, is that not working triggering handlers from handlers is a bug, not a feature :)
15:23:03 <noonedeadpunk> so with 2.15.2 this should be fixed
15:23:18 <noonedeadpunk> as we use that more then just in galera role
15:25:16 <noonedeadpunk> Ah.... Also I've used my patch for 6.17.2 of ansible-lint, to overcome issue in integrated repo, where gather_facts can't be a variable. It's already merged to linters
15:26:15 <noonedeadpunk> https://github.com/ansible/ansible-lint/pull/3606
15:30:45 <noonedeadpunk> I don't have any progress on PKI pipe thingy yet :(
15:30:52 <damiandabrowski> I have a question, where can we save etherpad describing TLS performance impact for a future reference? Just to not forget why we decided not to enable it by default :D
15:30:52 <damiandabrowski> https://etherpad.opendev.org/p/openstack-ansible-tls-performance-impact
15:31:06 <noonedeadpunk> our wiki?)
15:31:32 <damiandabrowski> i still can't login to wiki and INFRA team is not really willing to help :D can you do that please?
15:31:56 <damiandabrowski> (but they confirmed that they saw this issue before and never fixed it)
15:32:27 <noonedeadpunk> added to https://wiki.openstack.org/wiki/OpenStack-Ansible#Etherpads
15:32:57 <damiandabrowski> thanks!
15:41:49 <noonedeadpunk> anything else we wanna to talk about?
15:42:27 <mgariepy> can you had the steps to run the linter in the etherpad ?
15:43:06 <mgariepy> just to streamline the some sourcing and stuff a bit :D
15:45:49 <mgariepy> thanks a lot.
15:46:07 <noonedeadpunk> Will do that
15:47:28 <mgariepy> it's all for me. :)
15:48:34 <noonedeadpunk> ok, will end up then slightly early
15:48:37 <noonedeadpunk> #endmeeting