| georgk | mattmceuen in our case, barbican in fact tries to talk to keystone through the keystone ingress which gets tied to the d42.se domain. Please see https://hastebin.com/naxepoyahu.css | 00:01 |
|---|---|---|
| georgk | it might be a configuration problem on our side, however, not sure show to fix it | 00:02 |
| evgenyl | georgk: sorry if you already answered this question, but have you configured certificates for this domain? | 00:04 |
| georgk | mattmceuen a part of the certification troube is caused by the certificate being self-signed, ie. there is no trust chain to a valid root CA. We are wondering if a cert signed by a CA is really needed, even for lab deployments | 00:05 |
| georgk | evgenyl does my last post answer your question? | 00:05 |
| evgenyl | georgk: Oh, it does, this explains the error. | 00:05 |
| georgk | evgenyl we are currently waiting for getting a signed cert. | 00:06 |
| evgenyl | georgk: there is a way to configure it without ssl (we strongly do not recommend doing that even for labs). In order to configure it without ssl, you will need to change all these parameters from https to http and from 443 to 80 https://github.com/openstack/airship-treasuremap/blob/master/site/airship-seaworthy/software/config/endpoints.yaml#L72-L78 | 00:07 |
| georgk | what domain names and certs are you using in lab deployments? | 00:07 |
| georgk | evgenyl ok, thanks | 00:08 |
| evgenyl | We are using valid certificates and domain names. | 00:08 |
| evgenyl | Here is a place where you will need to put your certs, when you get them https://github.com/openstack/airship-treasuremap/blob/master/site/airship-seaworthy/secrets/certificates/ingress.yaml | 00:09 |
| georgk | evgenyl I don't mean the concrete domains and certs, but rather is every lab or CI deployment requires valid certs (I guess the answer is yes) | 00:09 |
| georgk | ok, ok | 00:09 |
| georgk | well, simple answer then and our approach was too simple then | 00:10 |
| georgk | thanks a lot | 00:10 |
| evgenyl | Yes, every lab requires a valid certs, but you can get a wildcard cert if all your labs are under same .subdomain | 00:10 |
| evgenyl | georgk: Sure, let me know if you get any other questions, I will probably need to update treasuremap docs to explicitly specify that valid certificates are required for the deployment. | 00:13 |
| georgk | I will. Again, thanks a lot! | 00:13 |
| *** aaronsheffield has quit IRC | 00:26 | |
| *** sthussey has quit IRC | 01:17 | |
| *** mbologna has quit IRC | 01:41 | |
| *** mbologna has joined #airshipit | 01:42 | |
| openstackgerrit | Jared Miller proposed openstack/airship-treasuremap master: Disable weak tls ciphers for kube-apiserver https://review.openstack.org/636754 | 01:55 |
| openstackgerrit | Craig Anderson proposed openstack/airship-divingbell master: Use common logger for consistent log output https://review.openstack.org/636816 | 02:31 |
| *** mbologna has quit IRC | 03:04 | |
| *** mbologna has joined #airshipit | 03:06 | |
| *** mbologna has quit IRC | 03:25 | |
| *** mbologna has joined #airshipit | 03:26 | |
| openstackgerrit | Merged openstack/airship-treasuremap master: airskiff: Update OSH-infra pin https://review.openstack.org/636747 | 03:36 |
| *** mbologna has quit IRC | 04:24 | |
| *** nishant_ has quit IRC | 04:24 | |
| *** mbologna has joined #airshipit | 04:25 | |
| *** jamesgu has quit IRC | 05:12 | |
| *** mbologna has quit IRC | 05:25 | |
| *** mbologna has joined #airshipit | 05:27 | |
| *** mbologna has quit IRC | 05:45 | |
| *** mbologna has joined #airshipit | 05:46 | |
| openstackgerrit | chittibabu proposed openstack/airship-pegleg master: Add CLI to create Salt Key https://review.openstack.org/636089 | 06:35 |
| openstackgerrit | chittibabu proposed openstack/airship-pegleg master: Add CLI to create Salt Key https://review.openstack.org/636089 | 07:21 |
| *** stefanb has joined #airshipit | 07:31 | |
| *** stefanb has left #airshipit | 07:50 | |
| openstackgerrit | chittibabu proposed openstack/airship-pegleg master: Add CLI to create Salt Key https://review.openstack.org/636089 | 07:54 |
| openstackgerrit | Dmitrii Kabanov proposed openstack/airship-maas master: Add package repositories https://review.openstack.org/636848 | 07:55 |
| openstackgerrit | Dmitrii Kabanov proposed openstack/airship-maas master: Add package repositories https://review.openstack.org/636848 | 07:59 |
| openstackgerrit | Dmitrii Kabanov proposed openstack/airship-maas master: Add package repositories https://review.openstack.org/636848 | 08:25 |
| *** lemko has joined #airshipit | 09:11 | |
| *** rihbb has joined #airshipit | 09:50 | |
| *** rihbb has quit IRC | 10:44 | |
| *** roman_g has joined #airshipit | 11:12 | |
| *** vdrok has joined #airshipit | 11:49 | |
| openstackgerrit | Roman Gorshunov proposed openstack/airship-deckhand master: Embed UML generated diagrams into docs https://review.openstack.org/635357 | 11:49 |
| openstackgerrit | Roman Gorshunov proposed openstack/airship-deckhand master: Embed UML generated diagrams into docs, fix docs build https://review.openstack.org/635357 | 13:12 |
| *** pkaralis has quit IRC | 13:30 | |
| *** pkaralis has joined #airshipit | 13:36 | |
| *** aaronsheffield has joined #airshipit | 13:53 | |
| openstackgerrit | chittibabu proposed openstack/airship-pegleg master: Add CLI to create Salt Key https://review.openstack.org/636089 | 14:41 |
| *** mbeierl has quit IRC | 15:04 | |
| *** roman_g has quit IRC | 15:16 | |
| *** peyunco has joined #airshipit | 15:30 | |
| *** michael-beaver has joined #airshipit | 15:32 | |
| *** rihbb has joined #airshipit | 15:33 | |
| *** peyunco has quit IRC | 15:39 | |
| *** rihbb has quit IRC | 15:39 | |
| openstackgerrit | Kaspars Skels proposed openstack/airship-treasuremap master: Secret rotation and validation https://review.openstack.org/635694 | 15:47 |
| *** michaelbeaver has joined #airshipit | 15:58 | |
| openstackgerrit | Drew Walters proposed openstack/airship-treasuremap master: airskiff: Pull rather than build Airship images https://review.openstack.org/635231 | 16:00 |
| *** michael-beaver has quit IRC | 16:01 | |
| *** mbeierl has joined #airshipit | 16:01 | |
| mbeierl | Is there a meeting at this time today? | 16:01 |
| dwalt | mbeierl: Airship Design call! Starts now: https://attcorp.webex.com/meet/rp2723 | 16:02 |
| mbeierl | thanks, dwalt | 16:02 |
| *** michael-beaver has joined #airshipit | 16:02 | |
| *** michaelbeaver has quit IRC | 16:05 | |
| *** michael-beaver has quit IRC | 16:06 | |
| *** michaelbeaver has joined #airshipit | 16:06 | |
| mbeierl | where's the etherpad? Sorry for being so scatterbrained. | 16:07 |
| *** michael-beaver has joined #airshipit | 16:09 | |
| *** michaelbeaver has quit IRC | 16:10 | |
| openstackgerrit | Bryan Strassner proposed openstack/airship-shipyard master: User context tracing through logging https://review.openstack.org/633873 | 16:43 |
| *** aagate has joined #airshipit | 17:04 | |
| *** sreejithp has joined #airshipit | 17:05 | |
| *** sthussey has joined #airshipit | 17:05 | |
| *** michael-beaver has quit IRC | 17:05 | |
| *** ianychoi has joined #airshipit | 17:06 | |
| *** dustinspecker has joined #airshipit | 17:08 | |
| openstackgerrit | Bryan Strassner proposed openstack/airship-shipyard master: User context tracing through logging https://review.openstack.org/633873 | 17:22 |
| *** mbeierl has quit IRC | 17:48 | |
| openstackgerrit | Jagan Mohan Kavva proposed openstack/airship-promenade master: UCP: Enable pod priority feature gate in K8s https://review.openstack.org/634780 | 17:54 |
| *** michael-beaver has joined #airshipit | 18:00 | |
| *** mbeierl has joined #airshipit | 18:02 | |
| *** shoaibwr has quit IRC | 18:26 | |
| *** shoaibwr has joined #airshipit | 18:26 | |
| *** dims has quit IRC | 18:47 | |
| dwalt | mbeierl: sorry, I didn’t see this earlier. It’s https://etherpad.openstack.org/p/Airship_OpenDesignDiscussions for future reference! | 18:55 |
| mbeierl | ya, I got it from the Webex screen | 18:55 |
| mbeierl | was easy to read/paste, thanks dwalt! | 18:56 |
| dwalt | sure thing mbeierl! | 18:56 |
| dwalt | I am looking for the best way to add certificates to nodes deployed by drydock. Would the best way to accomplish this be using a bootaction? I have not been able to find anything that says maas allows for this, so I’m assuming this is not a supported feature in drydock. | 18:59 |
| dwalt | I should clarify, though: I need the cert to be present during commissioning | 19:02 |
| *** mbologna has quit IRC | 19:13 | |
| *** mbologna has joined #airshipit | 19:14 | |
| *** sreejithp_ has joined #airshipit | 19:22 | |
| *** sreejithp has quit IRC | 19:24 | |
| openstackgerrit | chittibabu proposed openstack/airship-pegleg master: Add CLI to create Salt Key https://review.openstack.org/636089 | 19:25 |
| openstackgerrit | diwakar thyagaraj proposed openstack/airship-promenade master: UCP: Enable Audit Logging feature gate in K8s https://review.openstack.org/635568 | 19:42 |
| *** rihbb has joined #airshipit | 19:47 | |
| *** michael-beaver has quit IRC | 19:49 | |
| rihbb | Hello, While deploying site with shipyard the following command throws an error: + sudo docker run -t --rm --net=host -e http_proxy= -e https_proxy= -e no_proxy= -e OS_AUTH_URL=http://keystone.ucp.svc.cluster.local:80/v3 -e OS_USERNAME=shipyard -e OS_USER_DOMAIN_NAME=default -e OS_PASSWORD=password -e OS_PROJECT_DOMAIN_NAME=default -e OS_PROJECT_NAME=service quay.io/airshipit/shipyard:6bd02eea8477bba077848463e7e740efe12fa782 commit | 19:56 |
| rihbb | Error: Validations failed Reason: Validation - Error: Required substitution source document [deckhand/CertificateAuthority/v1] kubernetes was not found, yet is referenced by [armada/Chart/v1] kubernetes-scheduler | 19:56 |
| rihbb | Any hints on what could be throwing this error? Thanks | 19:57 |
| *** michael-beaver has joined #airshipit | 19:59 | |
| *** dustinspecker has quit IRC | 20:00 | |
| *** lemko has quit IRC | 20:09 | |
| openstackgerrit | Jenkins Uplifter proposed openstack/airship-treasuremap master: Auto chart/image uplift to latest https://review.openstack.org/637040 | 20:12 |
| dwalt | rihbb: is this in Airship-in-a-Bottle, treasuremap, or for a site you are authoring? | 20:50 |
| *** mbologna has quit IRC | 21:06 | |
| rihbb | dwalt: Its a multinode site using the instructions which we are setting up using instructions described in https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html | 21:06 |
| rihbb | However shipyard throws validation errors. Any idea about the reason for this issue? The genesis install was successful. | 21:09 |
| sthussey | It looks like you aren't including the certificates you generated for genesis in the site definition | 21:12 |
| *** mbologna has joined #airshipit | 21:15 | |
| *** mbologna has quit IRC | 21:19 | |
| openstackgerrit | Merged openstack/airship-in-a-bottle master: Disable start of local docker registry https://review.openstack.org/635985 | 21:29 |
| -openstackstatus- NOTICE: Jobs are failing due to ssh host key mismatches caused by duplicate IPs in a test cloud region. We are disabling the region and will let you know when jobs can be rechecked. | 21:30 | |
| *** mbologna has joined #airshipit | 21:53 | |
| *** lemko has joined #airshipit | 21:57 | |
| -openstackstatus- NOTICE: The test cloud region using duplicate IPs has been removed from nodepool. Jobs can be rechecked now. | 22:12 | |
| *** mbeierl has quit IRC | 22:18 | |
| *** rihbb has quit IRC | 22:20 | |
| openstackgerrit | Merged openstack/airship-treasuremap master: Auto chart/image uplift to latest https://review.openstack.org/637040 | 22:33 |
| *** shoaibwr has quit IRC | 22:37 | |
| *** sreejithp_ has quit IRC | 22:39 | |
| openstackgerrit | Michael Beaver proposed openstack/airship-armada master: Support in Armada for locking Tiller https://review.openstack.org/632483 | 23:08 |
| *** mbeierl has joined #airshipit | 23:13 | |
| *** michaelbeaver has joined #airshipit | 23:42 | |
| *** michael-beaver has quit IRC | 23:45 | |
| *** michaelbeaver has quit IRC | 23:46 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!