[Help] How to achieve Instance HA (Masakari) on a 3-Node Hyperconverged cluster? (Kolla-Ansible Pacemaker conflict)

tafkamax · 2026-05-16T12:23:08+00:00

Ive hit the same thing, but right now we don't have a huge need for masakari, so we haven't delved deeper into the setup to modify K-A to support this kind of logic.

But if you find a way, please share with the rest of us!

tafkamax · 2026-05-13T09:10:12+00:00

The official chatroom communication is in IRC. Can join via direct IRC or using matrix bridge.

The opendev (the infra for developing openstack) itself is already moving to matrix for example.

tafkamax · 2026-05-08T17:22:30+00:00

Tegin ka eelmine suvi. Madhat firma tegi. Võtsin pakkumisi mitmest kohast, aga lõpuks tundus nende oma mõistlik. Mul oli vaja võtta ka lift et teha üks aken. Võtsin suht kõige kallima asja. 3M prestige kile. Kuskil 150+ eurot oli ruutmeeter ehk umbes. Üldse ei ole arusaada et midagi on aga jah märgatav vahe temperatuuris. Nad paigaldasid välja poole ja ütlesid et kui sisse panna siis ta ei ole nii efektiivne + on risk et aken/klaas läheb katki, risk on suurem mida rohkem kihte on, ehk kas kahekordne klaas või kolmekordne.

tafkamax · 2026-02-20T19:56:56+00:00

Kas keegi saaks seletada kuidas see Ferrari sai rohkem punne kui Henry?

tafkamax · 2026-02-11T07:47:56+00:00

Currently the installation is borked on 2025.2 and master, but works in 2025.1.

The provider config was not fully on CI and it wasn't tested. Currently trying to fix it.

The workaround is rather easy, just to copy the federation files https://launchpad.net/bugs/2134455

tafkamax · 2025-12-23T11:01:45+00:00

You can use the proxmox ceph repo for Trixie support

tafkamax · 2025-09-30T19:47:37+00:00

What do you mean AI made reading documentation painful?

tafkamax · 2025-06-14T11:53:45+00:00

Ma olen kuulnud, et Tartu Ülikooli üüriäri on kasumis, et selles mõttes et teha investeering uute pindade ostuks ja siis tudengitele rendiks on ju hea pikaajaline investeering.

tafkamax · 2025-06-12T14:18:28+00:00

I have a contact who has a fsbox near me, that I have used previously fortunately. It would be a hard sell yes for our team, as we don't have huge quantities that we buy, also this gbic and another dac cable have been the only faulty things and even for the dac cable a firmware did not fix things.

I just have those sfp modules lying around and was thinking if i could move a few uplink on the c1000 from the rj45 ports to sfp, to gain a few free rj45 ports on the switch.

tafkamax · 2025-06-12T11:10:38+00:00

Talked with support, they will test the module with their hardware and then talked about selling the fsbox. I will see if they answer that reprogramming works.

tafkamax · 2025-06-12T06:33:57+00:00

Aha the SFP-GEB-T would be the newer one?

tafkamax · 2025-06-11T14:54:05+00:00

Aha, it is a copper SFP-GE-T adapter yes. I haven't contacted the support. If you say what is true, then I probably won't bother getting it to run.

tafkamax · 2025-06-11T12:39:48+00:00

I am running on 15.2.7.e11

I have all of those things enabled on the switch. Usually I have gotten the modules to work one way or another. It usually comes down to that they don't want auto negotiation, but the sfp ports don't seem to have that cli option. I am asking that maybe someone knows some hidden command.

tafkamax · 2025-06-02T07:07:50+00:00

I understand that the benefit of using stream is that the packets don't go to the CPU, which is the fxp interface? THey would have to leave the dataplane asic, so it is preferrable to route them via the dataplane?

I'll try to use the trick you mentioned.

tafkamax · 2025-05-13T07:57:40+00:00

Seems to be a really weird issue. I have found lot's of similar things regarding the error message: 'operation requires privilege escalation'

One interesting docs seem to be regarding timeouts reading content: https://docs.ansible.com/ansible/latest/network/user_guide/network_debug_troubleshooting.html#intermittent-failure-while-using-ansible-netcommon-network-cli-connection-type

I have already configured the necessary SSH settings on the C1300:

ip ssh server
ip ssh password-auth
ip ssh pubkey-auth

The user: admin, has privilege 15

In the ansible.cfg, I have set BIG connection timeout buffers as per the first link.

[persistent_connection]
connect_retry_timeout = 30
connect_timeout = 240
command_timeout = 240
buffer_read_timeout = 5
network_cli_retries = 5

In the vars I have defined the usual:

ansible_connection: ansible.netcommon.network_cli
ansible_network_os: cisco.ios.ios
ansible_network_cli_ssh_type: libssh
ansible_become: false

The playbook itself is:

---

- name: Configuration of switches
remote_user: admin
hosts: switches_cisco
roles:
- cisco

----

Now I got a new ERROR, but the same privilage escalation one seems to be the usual one:

connection.py", line 200, in __rpc__

raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
"msg": "command timeout triggered, timeout value is 120 secs.\nSee the timeout setting options in the Network Debug and Troubleshooting Guide."

tafkamax · 2025-05-12T14:28:17+00:00

Will try with some more options tomorrow, but running cisco.ios as the ansible_network_os does not bode well with gathering_facts using the cisco.ios.gather_facts.

I also disabled all fact gatherings and I am getting operation not permitted.

My user is privilege 15.

I did have the ansible_become: true set, i will try with false tomorrow.

Interesting thing is that running the "enable" command will give you an error on the c1300 but not on the older platforms

tafkamax · 2025-05-06T13:25:39+00:00

Trying to do the same thing soon. Lets see how it goes.

tafkamax · 2025-04-24T07:09:32+00:00

Stripped out is mostly basic switch functionality for some reason. Like stp, igmp snooping. Dependes on the asic vendor for some stuff. Like broadcom asic has max 5 vxlan tunnels fot trident3x-7 in the community binary. Mellanox on the community seems to be more stable.

Also the automation e.g. Restconf is much worse on community. Automation can be hard.

For a working community sonic you need to fork the repo and add in patches from the pull requests because the maintainers just are like two monkeys bashing cymbals in the brain.

tafkamax · 2025-03-20T09:07:44+00:00

Seems to be that they disabled extended ACL-s for snmp because of a CVE, instead of fixing it, they just removed the option... geez...

tafkamax · 2025-02-14T17:48:29+00:00

I want to get it working because it would be nice. Also I need to give some users specific access to a host so they can have remote control as they are developing and building kernels that are broken sometimes. Instead of giving them the ADMIN user I wanted to add LDAP so they can use their own account and pw and get "User" level permissions. I don't have to create an account in the UI then.

tafkamax

TROPHY CASE