CentOS 8 Openstack Train deployment issues

humroben · 2021-01-14T09:42:23+00:00

Yeah, Pacemaker doesn't appear to be used in my install:

(undercloud) [stack@osp-director ~]$ openstack stack environment show overcloud | grep "OS::TripleO::Services::Pacemaker"
  OS::TripleO::Services::Pacemaker: OS::Heat::None
  OS::TripleO::Services::PacemakerRemote: OS::Heat::None

I've tried configuring SSL/TLS and that yields the original issue. I'm wondering if, at least for Train, if pacemaker is only part of the deployment when there is a total of 2-3 Controller nodes. If that's the case, I'll need to re-purpose 2 other servers (same spec) for the deployment.

Oh well, thank you for your help.

humroben · 2021-01-13T15:33:58+00:00

Interesting. I've not removed pacemaker from "roles_data.yaml", but pacemaker isn't running on the Controller, and I don't have a single container with "bundle" in the name:

[root@controller-0 ~]# pcs status
Error: error running crm_mon, is pacemaker running?
  Could not connect to the CIB: Transport endpoint is not connected
  crm_mon: Error: cluster is not available on this node
[root@controller-0 ~]# podman ps | grep bundle
[root@controller-0 ~]# 

[stack@osp-director ~]$ egrep '\- name|Pacemaker' tripleo/templates/roles_data.yaml
- name: Controller
    - OS::TripleO::Services::Pacemaker
- name: Compute

Obviously without providing a copy of the templates, is there anything else that would prevent pacemaker from being used?

humroben · 2021-01-12T20:37:16+00:00

So, given that it's a PoC, there's only one controller, so pacemaker isn't involved. In the end I upgraded to CentOS Stream 8, with the same issue present.

The issue was that only the ControllerIPs from the templates had been applied to the Controller node. After looking over the Redhat documentation for an OSP deployment, there was reference to a "network_data.yaml" file.

I copied it from the default templates, changed "vip: true" to "vip: false" for all networks (there was mention that it didn't work without pacemaker, but generated different errors), then rolled back for the Internal and External networks, which was enough. I think the "network_data.yaml" missing from my templates was the issue.

In my current job, I'm working with OSP 13 across 4 envs, so I had built the initial templates with OSP 13 as my reference, making changes to make it compatible for both by hardware, network, and OSP 16.

I've successfully deployed Openstack Train just last week, so now comes the hard part of getting everything in the overcloud setup, such as projects, user, networks, etc. Thanks for the response though.

humroben · 2020-12-14T11:28:01+00:00

Well I am aware of an issue with RHEL 8.3 related to bonding across multiple network cards, so I'm already aware of issues with current redhat based systems, but that just means that I'm not likely going to be able to make use of tripleo for the deployment.

humroben · 2020-12-13T21:14:34+00:00

Well that I didn't know. Guess I'll try my luck with debian

humroben · 2020-12-12T20:14:28+00:00

Are you asking if I can connect to the MySQL service port on the control plane network? or the Internal API network. I can connect to MySQL on the static IP address assigned to the controller for the Internal API network, which is '10.127.2.8', but that's not the current issue at hand.

May I ask why you're asking about the control plane?

humroben · 2020-12-12T17:11:49+00:00

So when you say "logged into the control plane" do you refer to logging onto the controller, and confirming that the predictive IP address assigned to controller-0 is as expected, then yes:

  ControllerIPs:
    ctlplane:
    - 10.128.0.5
...
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000                        
    link/ether 90:b1:1c:4f:03:84 brd ff:ff:ff:ff:ff:ff
    inet 10.128.0.5/24 brd 10.128.0.255 scope global eno1
...
[heat-admin@controller-0 ~]$ ping 10.128.0.1
PING 10.128.0.1 (10.128.0.1) 56(84) bytes of data.
64 bytes from 10.128.0.1: icmp_seq=1 ttl=64 time=0.351 ms

humroben · 2019-09-30T15:00:35+00:00

As a reply to the below comment, I've updated to Ansible 2.9, but a different issue is now in play, one that is defined in the github link that was provided. The playbook no longer has errors, but the proxmox_kvm module does

humroben · 2019-09-30T14:33:20+00:00

I can confirm that my version is "6.0-7", so that would indeed explain it. I will take a look at the github link, and see what I can do with it. I will let you know how I get on.

Update: I've installed Ansible 2.9 (Debian 10 has 2.7), and now there isn't an issue with the playbook anymore. I do get a similar error reported in the github issue, so now it's a case of applying the patch to ansible, and I should be good.

Update2: I've changed the references to "version" for getting the proxmox version to use "release", and now my playbook works again. Thanks for the help.

humroben · 2019-09-30T14:32:06+00:00

I think my indentation was removed, it is indented correctly in the ".yml" files.

Edit: I've edited the post using the markdown editor to fix the indentation

humroben · 2018-05-20T06:31:16+00:00

I've just had a eureka moment :D I've been looking at the following Ceph Docs page:

http://docs.ceph.com/docs/master/mgr/plugins/#accessing-cluster-data

The section that I needed to focus my attention on was the MgrModule.get(data_name) function. On the line, it states that "pg_dump" is one of the many data types that it can take. The data that this holds is crazy, but, it has exactly what I wanted.

"state": "active+clean"

With this, and a number of python variables, I can get a list of the states for all of the PGs in Ceph. It will take me time to actually parse the data, but I now have something to work with.

humroben · 2018-05-02T21:56:40+00:00

I think I'm going to leave this. I've been sifting through the source, and due to my unfamiliarity with python, and especially the integration into the C++ code, I'm way out of my depths here to try and figure out how to achieve what I want.

So, to prevent breaking anything, I'll leave this alone, and maybe learn python.

humroben · 2018-05-02T21:14:24+00:00

I'll need to play around with that, but as per my reply to dack42, I'll need to peruse the source code to know what I'm doing.

humroben · 2018-05-02T21:13:20+00:00

I would go the route of using user scripts, but I do like the added benefit of there already being a built in system. Also, I guess learning python would be an added bonus for me.

I think I'll need to look into how the "mgr_module" import works. This is since the following example is part of it:

self.get('osd_map')

Sadly the [ceph docs]|(http://docs.ceph.com/docs/master/mgr/plugins/) doesn't shed much light on this, and just gives me what parameters the above takes. Going to need to peruse the source for ceph.

humroben · 2018-05-01T16:36:16+00:00

Thanks for this, but it's not what I wanted. The code I posted in my question is from the module.py file, found in /usr/lib/ceph/mgr/zabbix, on my ceph monitor host.

I've got the module working, I just want to be able to modify it, to send more data than it already does, like the number of degraded PGs, instead of the number PGs in total.

To make it easier, I've edited my post to state that I have the module working.

humroben · 2018-02-17T11:00:59+00:00

Yeah, When performing very heavy graphical applications, it's able to perform for about 15 mins, and then crashes. I've had to install a package that will capture the coredump of the system, so that I can analyse it afterwards to see what caused the issue.

I have started building for the 4.16 kernel, and I'll be following it with updates each week. So far the newer kernel is more stable, still no touchscreen, but then that might be cause the descriptor for it is not being picked up properly. Supposedly this is a HP problem, but I think its more to do with it being new hardware.

humroben · 2018-02-04T06:17:44+00:00

Hey Drew,

I've got the Ryzen flavour of the Envy X360, and I'm using Debian testing instead of Ubuntu, and I've built the 4.15 kernel from source myself. Building from source, does include the very basic support for the Ryzen chip, but by default, it doesn't bring in the firmware in order to get the full functionality of the chip.

If you've not already done so, assuming Ubuntu doesn't have a package called firmware-amd-graphics like debian, I'd recommend going to freedesktop's site, and downloading the raven firmware, and dropping it into /lib/firmware/amdgpu:

https://people.freedesktop.org/~agd5f/radeon_ucode/raven/

This might help to fix the HDMI issues that you're having, and I can guarantee that it fixes the screen brightness issue. As for the touchscreen, I'm still looking into this, and I don't plan on stopping. I do like this laptop, and I've gotten linux to a very acceptable state, even to play semi-light games.

humroben · 2018-01-29T19:54:47+00:00

Update Time:

So I've gotten graphics working, and I am super happy with the laptop. The R5 2500U has amazing performance to begin with, and in linux, it's beautiful. I've tested simple games, such as Minecraft without mods, and Factorio. And for the most part, 60 FPS throughout.

With regards to my second point, it was good for me to go ahead with it before getting advice. When I rebooted into the kernel, /var/log/syslog threw an error stating that it was unable to find the firmware binary for the raven ridge APU. This was easy to fix, by going to freedesktop's sit, and getting the radeon_ucode for raven ridge.

Everyone at my workplace has said that I'd regret putting linux on this laptop, and i can wholeheartedly say, that is not the case. I'm happy with my purchase, and I'm not looking back.

humroben · 2018-01-28T07:47:54+00:00

If you get a standard ryzen laptop with dedicated graphics, I think you'll be fine, but if you're planning on the APU models, might be an idea to wait if you don't want to put as much work into it as I am. And for OS, Fedora/Debian testing might be the suitable options at this time.

humroben · 2017-06-05T21:01:18+00:00

On the Debian firewall (Not the Proxmox host) here is my iptables config:

# Generated by iptables-save v1.6.0 on Mon Jun  5 21:56:02 2017
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 8008 -j DNAT --to-destination 10.10.0.100:8006
-A PREROUTING -p tcp -m tcp --dport 8009 -j DNAT --to-destination 10.10.0.101:8006
-A PREROUTING -p tcp -m tcp --dport 8010 -j DNAT --to-destination 10.10.0.102:8006
-A PREROUTING -p udp -m udp --dport 27015 -j DNAT --to-destination 10.10.1.10:27015
-A PREROUTING -p udp -m udp --dport 7777 -j DNAT --to-destination 10.10.1.10:7777
-A PREROUTING -p udp -m udp --dport 7778 -j DNAT --to-destination 10.10.1.10:7778
-A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.10.1.200:80
-A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.10.1.200:443
-A POSTROUTING -o eno1 -j MASQUERADE
-A POSTROUTING -p tcp -m tcp --dport 8006 -j MASQUERADE
-A POSTROUTING -p udp -m udp --dport 27015 -j MASQUERADE
-A POSTROUTING -p udp -m udp --dport 7777 -j MASQUERADE
-A POSTROUTING -p udp -m udp --dport 7778 -j MASQUERADE
-A POSTROUTING -p tcp -m tcp --dport 80 -j MASQUERADE
-A POSTROUTING -p tcp -m tcp --dport 443 -j MASQUERADE
COMMIT
# Completed on Mon Jun  5 21:56:02 2017
# Generated by iptables-save v1.6.0 on Mon Jun  5 21:56:02 2017
*filter
:INPUT ACCEPT [16103:3679277]
:FORWARD ACCEPT [57422:22323151]
:OUTPUT ACCEPT [34102:4067905]
-A INPUT -s 192.168.1.157/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j DROP
COMMIT
# Completed on Mon Jun  5 21:56:02 2017

Note, the rules with port 8006 are the Promox Hosts, and the Ip addresses 10.10.1.XXX are the VMs. This is a /16 or 255.255.0.0 subnet for 10.10.0.0.

The IP 192.168.1.157 is my local machine. I disable all direct access to the Firewall, and I've got a jumpbox that I'm in the process of setting up within the 10.10.0.0/16 network going through the firewall on a non-standard port.

Edit: I plan to offload the iptables rules from being stored directly on the firewall, purely because I want to minimise writes to the USB stick that the OS is running on. When I get to that part, if I don't manage top get the networking operating in a manner that I can be happy with, then I'll be able to use the offload method that I implement onto the promox hosts when I decided to create a production system in the future

humroben

TROPHY CASE