*** vinkman has joined #kolla | 00:00 | |
*** vinkman has left #kolla | 00:00 | |
*** rstarmer has joined #kolla | 00:02 | |
*** bmace has quit IRC | 00:07 | |
*** bmace has joined #kolla | 00:07 | |
*** SiRiuS_ has quit IRC | 00:08 | |
openstackgerrit | Sam Yaple proposed openstack/kolla: Add generate_passwords.py to generate passwords https://review.openstack.org/293728 | 00:11 |
---|---|---|
openstackgerrit | Sam Yaple proposed openstack/kolla: Move manila variable https://review.openstack.org/293797 | 00:11 |
openstackgerrit | Sam Yaple proposed openstack/kolla: Change deprecated options throughout Kolla https://review.openstack.org/294931 | 00:11 |
*** mbound has quit IRC | 00:14 | |
*** rstarmer has quit IRC | 00:15 | |
SamYaple | sdake: ping | 00:17 |
*** akwasnie1 has quit IRC | 00:22 | |
*** rstarmer has joined #kolla | 00:27 | |
*** mbound has joined #kolla | 00:31 | |
sdake | sup sam | 00:35 |
sdake | SamYaple ^ | 00:35 |
*** vishwanathj has joined #kolla | 00:50 | |
SamYaple | hey sdake | 00:58 |
sdake | what can i do for ya | 00:58 |
SamYaple | sdake: I have gone throw most/all the options and fixed the deprecated ones this cycle | 00:58 |
sdake | i saw that | 00:59 |
SamYaple | ive fixed alot of the smaller bugs throughout | 00:59 |
SamYaple | ive done a bunc hof deploys on all of this stuff now | 00:59 |
sdake | multinode? | 00:59 |
SamYaple | its really _really_ solid | 00:59 |
SamYaple | yup | 00:59 |
sdake | nice | 00:59 |
SamYaple | vm and baremetal | 00:59 |
sdake | except heat and magnum are busted ;) | 00:59 |
SamYaple | heat i found the bug | 00:59 |
SamYaple | havent submitted patch yet | 00:59 |
SamYaple | i also submitted a patch that builds _all_ images for ubuntu in 12m! | 01:00 |
sdake | oh nice i was going to start working on it tomorrow or monday | 01:00 |
sdake | on vacation atm | 01:00 |
sdake | been in flagstaff since thursday | 01:00 |
sdake | summer break for the kids | 01:00 |
SamYaple | well the outlook is solid for mitaka (with all the patches in the queue) | 01:00 |
SamYaple | its really really slick | 01:00 |
SamYaple | youll be happy when you get back from vaca | 01:01 |
sdake | i agree mitaka is fantastically better hten iberty | 01:01 |
sdake | i have deploeyd in thur and fri in vms single node | 01:01 |
sdake | and the for 3 weeks single node on real gear prior | 01:01 |
sdake | gave a demo of reconfigure and upgrade and deploy - all in under 15 minutes | 01:01 |
SamYaple | yup ive been doing that too | 01:02 |
sdake | people in the call were like "Wtf how is it so fast" | 01:02 |
SamYaple | i tested lights out, change passwords, the works | 01:02 |
sdake | funny thing during my demo i had a wireless dropout | 01:02 |
sdake | normally i use screen to deal with that | 01:02 |
sdake | but didn't this time | 01:02 |
sdake | so my deploy went south badly | 01:02 |
sdake | so i nuked it and was ready to go in 4 minutes | 01:02 |
sdake | its easier to nuke a deploy then fix a failure during deploy | 01:03 |
sdake | upgrade and reconfig is a totally different story | 01:03 |
SamYaple | i agree, though ive been "fixing failues" mode | 01:03 |
sdake | yup i've got two weeks on my 3 node gear to beat it up and get it rolling | 01:03 |
sdake | re heat fix, did you fix the lauching heat vms problem? | 01:03 |
SamYaple | i believe so | 01:04 |
SamYaple | but i dont have the patch running in my env atm to test | 01:04 |
sdake | nice | 01:04 |
SamYaple | i will in a bit | 01:04 |
sdake | i wont be able to test that until monday | 01:04 |
SamYaple | it was an endpoint issue like swift | 01:04 |
sdake | i can't actually launch vms in my alptop | 01:04 |
sdake | i did run reconfigure in a loop 500 times without failure | 01:05 |
sdake | atually it was a file with reconfigure pasted 500times | 01:05 |
sdake | but you get the idea | 01:05 |
sdake | should try same thing with update | 01:05 |
sdake | upgrade rather | 01:05 |
SamYaple | i actually did a master->master upgrade | 01:06 |
SamYaple | worked fantastic | 01:06 |
sdake | i did a master to mater upgrade in my demo | 01:06 |
SamYaple | like a true one | 01:06 |
SamYaple | 2 week old master to trunk | 01:06 |
sdake | nice | 01:06 |
SamYaple | running for 2 week environment | 01:06 |
SamYaple | it worked perfect | 01:06 |
SamYaple | it was great | 01:06 |
SamYaple | and so quick! | 01:07 |
sdake | i have a two week old openstack at this point , i can do that upgrade test as well over and over | 01:07 |
SamYaple | i included the docs in the password gen patch | 01:07 |
sdake | typically these lat copule of weeks i run things in loops 500 or 1000 times to make sure there are no wierd failure conditions | 01:07 |
sdake | i saw looks good | 01:07 |
SamYaple | having the rando passwords is fantastic too | 01:07 |
sdake | I think you should look into SystemRandom class | 01:07 |
sdake | but other hten that looks good | 01:08 |
*** rstarmer has quit IRC | 01:08 | |
SamYaple | no we cant use that (or maybe as an option) | 01:08 |
SamYaple | random blocks | 01:08 |
sdake | you mean /dev/urandom? | 01:08 |
SamYaple | no | 01:08 |
SamYaple | urandom is what my patch uses | 01:08 |
SamYaple | i commented as such in the review | 01:08 |
sdake | have you seen it block? | 01:08 |
sdake | the python docs seem to indicate that to get /dev/urandom rather then /dev/random you have to use systemrandom class | 01:09 |
sdake | nm i'm a moron | 01:10 |
sdake | i've got em backwards | 01:10 |
sdake | /dev/random is the secure one | 01:10 |
SamYaple | yes but random blocks | 01:12 |
SamYaple | like i said | 01:12 |
SamYaple | it can block forever | 01:12 |
SamYaple | if you dont have enough entropy | 01:12 |
SamYaple | urandom is planty safe, but that can be an option if people want | 01:12 |
*** mbound has quit IRC | 01:13 | |
sdake | Almost all module functions depend on the basic function random(), which generates a random float uniformly in the semi-open range [0.0, 1.0). Python uses the Mersenne Twister as the core generator. It produces 53-bit precision floats and has a period of 2**19937-1. The underlying implementation in C is both fast and threadsafe. The Mersenne Twister is one of the most extensively tested random number generators in existence. | 01:13 |
sdake | However, being completely deterministic, it is not suitable for all purposes, and is completely unsuitable for cryptographic purposes. | 01:13 |
sdake | so basically random python api uses a deterministic random() c library call | 01:14 |
sdake | /dev/urandom doesn't block /dev/random blocks | 01:14 |
SamYaple | correct | 01:14 |
SamYaple | thats waht ive been saying | 01:14 |
sdake | yes but the current code doens't use the os random | 01:14 |
sdake | its using one that the c library provides | 01:14 |
sdake | what i'm getting at is /dev/urandom is not determinstic in most reaosnable cases except after a reboot | 01:15 |
SamYaple | im pretty sure i use /dev/urandom | 01:15 |
sdake | and when entropy has run out | 01:15 |
SamYaple | but ill triplecheck | 01:15 |
sdake | it says right above in the python docs what random uses | 01:15 |
sdake | The underlying implementation in C is both fast and threadsafe. | 01:15 |
sdake | it would be helpful is the kernel used interrupts for entropy pool | 01:17 |
sdake | i dont know why it doesn't probaby a performance thing | 01:17 |
sdake | when i gen pgp keys it always takes forever on my machines where i don't have a mosue and keyboard connected | 01:17 |
SamYaple | remember im using random.choice | 01:18 |
SamYaple | i believe that grabs urandomm, but like i said ill triple check | 01:18 |
sdake | ya lets check the python lib code jsut to duble check | 01:18 |
sdake | i could do but i dont hae a vm booted atm ;) | 01:19 |
sdake | so by let i mean you :) | 01:19 |
sdake | lets | 01:19 |
sdake | you can still use random.choice | 01:21 |
sdake | SystemRandom inherits from the random class | 01:21 |
sdake | https://docs.python.org/3/library/random.html#random.SystemRandom | 01:22 |
*** weiyu_ has joined #kolla | 01:24 | |
*** weiyu_ has quit IRC | 01:28 | |
*** vhosakot has joined #kolla | 01:29 | |
sdake | the source on my mac says random.choice uses random.random from _random.Random | 01:29 |
sdake | looks like _random may be c code, i don't see it on my mac | 01:30 |
*** iceyao has joined #kolla | 01:32 | |
*** weiyu_ has joined #kolla | 01:33 | |
sdake | SamYaple line 30 is how random() is implemented: http://nullege.com/codes/show/src%40m%40a%40main-HEAD%40External.LCA_RESTRICTED%40Languages%40CPython%4027%40Lib%40random.py/71/_random.Random/python | 01:35 |
sdake | SamYaple from the source code here is how python gets _random: | 01:42 |
sdake | https://github.com/python/cpython/blob/master/Modules/_randommodule.c | 01:42 |
sdake | defined from here: https://github.com/python/cpython/blob/master/setup.py#L625 | 01:43 |
sdake | clearly that c code does not use any operating system primitives ;) | 01:43 |
sdake | ok off for a break | 01:43 |
*** vhosakot has quit IRC | 01:43 | |
*** vhosakot has joined #kolla | 01:45 | |
*** weiyu_ has quit IRC | 01:45 | |
*** vhosakot has quit IRC | 01:46 | |
*** vhosakot has joined #kolla | 01:48 | |
SamYaple | sdake: i have a patch up that speeds up the gate alot | 01:50 |
SamYaple | 12 min all images build for ubuntu | 01:50 |
sdake | how does it work | 01:51 |
SamYaple | trims off 5-10m for centos | 01:51 |
sdake | i'll look in queue | 01:51 |
SamYaple | https://review.openstack.org/#/c/294854/5 | 01:51 |
SamYaple | same script i used last cycle at the end | 01:51 |
sdake | is this just source or binary as well? | 01:51 |
SamYaple | basically install packages that are installed >=10 times by other contaienrs | 01:52 |
sdake | havn't actuallly looked a your code :) | 01:52 |
sdake | ya makes sense | 01:52 |
SamYaple | source, rhallisey said he wanted to do binary | 01:52 |
sdake | wfm | 01:52 |
SamYaple | but it was a 12m gate run time! | 01:52 |
SamYaple | the deploy gate for ubuntu was sub 10m now! | 01:52 |
SamYaple | also shaves of about 5% of total build size | 01:52 |
sdake | ought to get that script in the repo if you have one | 01:53 |
SamYaple | 600MB for centos | 01:53 |
SamYaple | its a one liner with manual intervention | 01:53 |
sdake | bummer | 01:53 |
SamYaple | yea | 01:53 |
SamYaple | i dont know its worth it to automate | 01:53 |
SamYaple | it requires manual tweaks | 01:53 |
sdake | my only concern is if deps get dropped | 01:53 |
SamYaple | well they wont this cycle | 01:53 |
sdake | but as long as someone looks after it -w fm ;) | 01:53 |
sdake | right | 01:53 |
sdake | i mean int he future | 01:53 |
SamYaple | and i dug through them from last cycle | 01:53 |
SamYaple | i diff'd | 01:54 |
SamYaple | nothing dropped, only adds | 01:54 |
sdake | i think pycrpto is going byebye | 01:54 |
SamYaple | but i agree, its a concern for the future | 01:54 |
sdake | or one of those crypto libs | 01:54 |
sdake | i can't tkeep track which one is blessed ;-) | 01:54 |
SamYaple | whatevers on there is installed 10+ times by all packages | 01:54 |
sdake | ya i just acked it | 01:55 |
sdake | 10 min delta between centos and ubuntu | 01:56 |
sdake | mirrors ftw | 01:56 |
SamYaple | isnt that crazy? | 01:56 |
SamYaple | 10m from build to vm | 01:56 |
sdake | ya 35% delta | 01:56 |
sdake | no i mean 30 min centoso source build and 20 min ubuntu build from source | 01:57 |
*** vhosakot has quit IRC | 01:57 | |
SamYaple | yea i get that | 01:57 |
SamYaple | but ubuntu deploy was 10m gate! | 01:57 |
SamYaple | build and deploy in 10mitues is crazy | 01:57 |
*** vhosakot has joined #kolla | 01:57 | |
*** vhosakot has quit IRC | 02:03 | |
*** vhosakot has joined #kolla | 02:03 | |
openstackgerrit | Hui Kang proposed openstack/kolla: Ceilometer needs pymongo to start https://review.openstack.org/294725 | 02:04 |
*** mbound has joined #kolla | 02:14 | |
*** vhosakot has quit IRC | 02:14 | |
*** weiyu_ has joined #kolla | 02:19 | |
*** banix has joined #kolla | 02:19 | |
*** mbound has quit IRC | 02:19 | |
*** vhosakot has joined #kolla | 02:36 | |
sdake | for folks that haven't watched the documntary "The Lottery of Life" I'd recommend it | 02:41 |
*** rstarmer has joined #kolla | 02:45 | |
rstarmer | what is this "recongifure" command you talk about. this sounds interesting. | 02:48 |
sdake | rstarmer hey there | 02:48 |
sdake | it reconigures your openstack environment | 02:48 |
sdake | so if you ahve bridge A setup nad you instead want it to be bridge B | 02:49 |
sdake | it does that | 02:49 |
sdake | it merges /etc/kolla/config/* files into the main configuration files | 02:49 |
sdake | and overrides existing entries if present | 02:49 |
sdake | it allows for complete customization of openstack on deploy | 02:49 |
rstarmer | oh. wow, that is cool. | 02:49 |
sdake | what we were lacking in liberty was a way to change those config options | 02:49 |
sdake | reconfigure allows runtime changing with minimal downtime | 02:49 |
rstarmer | Very very interesting. | 02:50 |
rstarmer | I will need to investigate further. | 02:50 |
SamYaple | rstarmer: it is a newer feature so it may have some bugs, but so far they are break-the-script bugs, not break-the-deploy bugs | 02:51 |
SamYaple | they way it works it would be hard/impossible to break the deploy anyway | 02:51 |
rstarmer | Most excellent. Will be playing with this as time permits this week! | 02:51 |
rstarmer | I'm becoming more and more of a fan of this new fangled container based world... :) | 02:52 |
sdake | its about 2 years old ;) | 02:52 |
*** vhosakot has quit IRC | 02:53 | |
sdake | finally we have delivered on upgrade | 02:53 |
sdake | which is the whole reason we headed down the container road for openstack to begin | 02:53 |
*** klint has joined #kolla | 02:53 | |
*** vhosakot has joined #kolla | 02:53 | |
rstarmer | yeah, I talk to so many people who are stuckc because upgrades, while "feasible" are just not something they actually want to touch. | 02:53 |
SamYaple | rstarmer: im an ops guy and i say with no bias this is the easiest upgrade process for openstack | 02:54 |
SamYaple | and ive used (and supported) most of them | 02:55 |
vhosakot | rstarmer: here are the steps to reconfigure OpenStack services in kolla - https://etherpad.openstack.org/p/kolla-mitaka-testing-reconfigure | 02:55 |
SamYaple | love containers | 02:55 |
rstarmer | vhosakot: thanks, I needed that :D | 02:56 |
vhosakot | rstarmer: cool, np :) | 02:56 |
rstarmer | SamYaple: yeah, I help people with their Ops problems, often by comiserating with the mess they have... | 02:56 |
SamYaple | kolla in the state it is in is actually alot of "man i hated doing xyz in <insert openstack tool>" | 02:57 |
SamYaple | so hopefully ops do like this | 02:57 |
rstarmer | I've got a project where I hope to be able to guide the customer into Kolla. They're using puppet ATM, and that's where my previous experiences lie, and so I hope to be able to show them the light. | 03:01 |
SamYaple | if they want 10minute multinode deploys, look no further! | 03:02 |
rstarmer | I'l be demoing this to them on Tuesday if all goes well... | 03:03 |
openstackgerrit | Hui Kang proposed openstack/kolla: Ceilometer needs pymongo to start https://review.openstack.org/294725 | 03:03 |
sdake | kolla doesn't createa a mess the first place to clean up ;) | 03:04 |
SamYaple | yes | 03:04 |
SamYaple | i actually think thats a big reason kolla has come so far so quickly | 03:05 |
SamYaple | because us devs can clean our environments so thorughly so quickly | 03:05 |
rstarmer | I'm acutally using a simmilar approach (well, similar in that it containerizes the application middleware) for a Kubernetes project I'm supporting as well. But there's no Kolla equivalent (at least that I've found) for Kubernetes, so that's something I might have to try as I get a better handle on the "system" of operation. | 03:06 |
*** sdake has quit IRC | 03:07 | |
vhosakot | rstarmer: kube.sh is pretty buggy ;) | 03:08 |
vhosakot | rstarmer: you using vagrant+kubernetes ? | 03:09 |
rstarmer | vhosakot: no, the docker container based master/minion multi-node setup. | 03:09 |
vhosakot | ah, cool.. docker.. the vagrant setup + kube is not stable | 03:10 |
rstarmer | it's all buggy. I only need it for some performance testing work, but I also need it to be re-produceable. | 03:10 |
*** sdake has joined #kolla | 03:10 | |
*** sdake has quit IRC | 03:10 | |
*** weiyu_ has quit IRC | 03:10 | |
*** sdake has joined #kolla | 03:11 | |
vhosakot | ah ok | 03:11 |
*** macsz has quit IRC | 03:36 | |
*** vhosakot has quit IRC | 03:42 | |
*** vhosakot has joined #kolla | 03:43 | |
*** rstarmer has quit IRC | 03:44 | |
*** weiyu_ has joined #kolla | 03:53 | |
*** weiyu_ has quit IRC | 03:57 | |
*** elmiko has quit IRC | 04:18 | |
*** elmiko has joined #kolla | 04:18 | |
*** dave-mcc_ has quit IRC | 04:24 | |
*** jasonsb has quit IRC | 04:34 | |
*** iceyao_ has joined #kolla | 04:39 | |
*** iceyao has quit IRC | 04:40 | |
*** iceyao has joined #kolla | 04:46 | |
*** sdake has quit IRC | 04:47 | |
*** iceyao_ has quit IRC | 04:50 | |
*** vhosakot has quit IRC | 04:51 | |
*** sdake has joined #kolla | 04:56 | |
*** banix has quit IRC | 05:32 | |
*** Windir has quit IRC | 05:45 | |
*** sdake has quit IRC | 06:11 | |
*** sdake has joined #kolla | 06:11 | |
*** sdake has quit IRC | 06:20 | |
*** achanda has joined #kolla | 06:33 | |
*** Marga_ has quit IRC | 07:13 | |
*** Marga_ has joined #kolla | 07:14 | |
*** ssurana has joined #kolla | 07:23 | |
*** stvnoyes has quit IRC | 08:03 | |
*** stvnoyes has joined #kolla | 08:04 | |
*** jmccarthy has quit IRC | 08:06 | |
*** jmccarthy has joined #kolla | 08:06 | |
*** achanda has quit IRC | 08:16 | |
*** vishwanathj has quit IRC | 08:16 | |
*** akwasnie has joined #kolla | 09:11 | |
*** akwasnie has quit IRC | 09:18 | |
*** akwasnie has joined #kolla | 09:19 | |
*** akwasnie has quit IRC | 09:19 | |
*** iceyao has quit IRC | 09:33 | |
*** SiRiuS_ has joined #kolla | 09:41 | |
*** akwasnie has joined #kolla | 09:44 | |
*** achanda has joined #kolla | 09:46 | |
akwasnie | sdake: ping | 09:48 |
akwasnie | SamYaple: ping | 09:49 |
*** starmer has joined #kolla | 09:53 | |
*** achanda has quit IRC | 09:53 | |
*** starmer has quit IRC | 09:53 | |
*** Serlex has joined #kolla | 09:54 | |
*** ssurana has quit IRC | 10:09 | |
*** pbourke has quit IRC | 10:13 | |
*** pbourke has joined #kolla | 10:14 | |
*** sdake has joined #kolla | 10:16 | |
*** ccesario has joined #kolla | 10:17 | |
*** iceyao has joined #kolla | 10:34 | |
*** ccesario has quit IRC | 10:34 | |
*** sdake has quit IRC | 10:48 | |
*** sdake has joined #kolla | 10:50 | |
*** achanda has joined #kolla | 10:50 | |
*** achanda has quit IRC | 10:56 | |
*** akwasnie has quit IRC | 10:58 | |
*** Serlex has quit IRC | 11:38 | |
*** dave-mccowan has joined #kolla | 12:00 | |
*** Jeffrey4l_ has joined #kolla | 12:06 | |
*** Jeffrey4l__ has quit IRC | 12:09 | |
*** Liuqing has joined #kolla | 12:36 | |
*** akwasnie has joined #kolla | 12:38 | |
*** sdake has quit IRC | 12:47 | |
*** achanda has joined #kolla | 12:54 | |
*** akwasnie has quit IRC | 12:55 | |
*** akwasnie has joined #kolla | 12:56 | |
*** achanda has quit IRC | 13:00 | |
*** klint has quit IRC | 13:01 | |
*** dave-mcc_ has joined #kolla | 13:01 | |
*** dave-mccowan has quit IRC | 13:02 | |
*** dave-mcc_ has quit IRC | 13:06 | |
*** rhallisey has quit IRC | 13:07 | |
*** rhallisey has joined #kolla | 13:08 | |
*** sdake has joined #kolla | 13:09 | |
*** akwasnie has quit IRC | 13:11 | |
*** akwasnie has joined #kolla | 13:16 | |
*** Jeffrey4l_ has quit IRC | 13:18 | |
*** sdake has quit IRC | 13:20 | |
*** sdake has joined #kolla | 13:21 | |
*** akwasnie has quit IRC | 13:32 | |
*** akwasnie has joined #kolla | 13:33 | |
*** Jeffrey4l_ has joined #kolla | 13:42 | |
*** akwasnie has quit IRC | 13:46 | |
*** akwasnie has joined #kolla | 13:46 | |
*** achanda has joined #kolla | 13:56 | |
SamYaple | akwasnie: pong | 13:57 |
*** achanda has quit IRC | 14:01 | |
*** akwasnie has quit IRC | 14:03 | |
*** akwasnie has joined #kolla | 14:03 | |
*** mbound has joined #kolla | 14:03 | |
openstackgerrit | Sam Yaple proposed openstack/kolla: Fix rax-ord gate https://review.openstack.org/295001 | 14:05 |
openstackgerrit | Andrei-Lucian Șerb proposed openstack/kolla: Attach external NIC to a NAT-Network if on Wi-Fi https://review.openstack.org/294340 | 14:17 |
*** mbound has quit IRC | 14:17 | |
*** akwasnie has quit IRC | 14:26 | |
*** akwasnie has joined #kolla | 14:27 | |
*** diogogmt has quit IRC | 14:36 | |
*** diogogmt has joined #kolla | 14:37 | |
*** akwasnie1 has joined #kolla | 14:39 | |
*** akwasnie has quit IRC | 14:39 | |
*** dims has joined #kolla | 14:40 | |
*** dwalsh has joined #kolla | 14:44 | |
*** diogogmt has quit IRC | 14:47 | |
akwasnie1 | sdake, SamYaple: it turns out that shield requires a licence - it starts with free 30 day trial, but after that additional licence is required. It is easy to install and configure (i tried and it works), but license stuff rather eliminates it from being used in kolla. | 14:53 |
akwasnie1 | so i think that we are back to nginx proxy | 14:53 |
SamYaple | akwasnie1: agreed | 14:54 |
SamYaple | nginx it is | 14:54 |
SamYaple | hey akwasnie1 is the central logging stuff... functional? | 14:54 |
SamYaple | i havent played with ti at all yet | 14:54 |
akwasnie1 | yes, it is :) | 14:55 |
SamYaple | awesome! thats very cool | 14:55 |
SamYaple | youve all done great work on that | 14:55 |
SamYaple | im going to build and install it now if thats the case | 14:55 |
SamYaple | elasicsearch and kibana are the only containers right? | 14:55 |
akwasnie1 | thanks! :) should we create seperate container for nginx proxy (we might use this proxy for other services that does not have any authentication) or should we stick with configuring it inside kibana container? | 14:56 |
openstackgerrit | Andrei-Lucian Șerb proposed openstack/kolla: Attach external NIC to a NAT-Network if on Wi-Fi https://review.openstack.org/294340 | 14:56 |
akwasnie1 | elasticsearch and kibana are the only ones | 14:56 |
akwasnie1 | does -> do | 14:57 |
SamYaple | akwasnie1: that depends, is nginx going to be a seperate process that needs to be watched? (i think it is) | 14:57 |
SamYaple | if so new container | 14:57 |
SamYaple | you know akwasnie1 haproxy also does basic auth.... | 14:58 |
SamYaple | we could just use that | 14:58 |
*** dims has quit IRC | 15:01 | |
akwasnie1 | will try this tomorrow, then | 15:01 |
*** dims has joined #kolla | 15:01 | |
SamYaple | im wondering is there any downsides to it? | 15:02 |
*** akwasnie1 has quit IRC | 15:06 | |
*** Liuqing has quit IRC | 15:07 | |
sdake | only requirement is password auth that is secure | 15:16 |
sdake | how its done, I don't care ;) | 15:16 |
sdake | if haproxy can do it that seems reasonable to me | 15:16 |
SamYaple | haproxy would do the same thing as nginx, Auth header | 15:17 |
SamYaple | pbourke: you around? | 15:17 |
*** dims has quit IRC | 15:23 | |
*** dims has joined #kolla | 15:27 | |
*** iceyao has quit IRC | 15:32 | |
*** ccesario has joined #kolla | 15:47 | |
*** ccesario has quit IRC | 15:53 | |
openstackgerrit | Merged openstack/kolla: Fix linuxbridge driver https://review.openstack.org/294936 | 15:57 |
*** vhosakot has joined #kolla | 15:57 | |
*** achanda has joined #kolla | 15:59 | |
*** vhosakot has quit IRC | 16:02 | |
*** vhosakot has joined #kolla | 16:03 | |
*** achanda has quit IRC | 16:04 | |
SiRiuS_ | vhosakot, ping | 16:11 |
openstackgerrit | Jeffrey Zhang proposed openstack/kolla: Fix the prechecks role idempotent https://review.openstack.org/295018 | 16:11 |
vhosakot | SiRiuS_: hi | 16:11 |
SiRiuS_ | vhosakot, I answered the questions inside patch 5 | 16:12 |
SiRiuS_ | vhosakot, Basically, the globals.yml file is part of kolla itself, while the Vagrantfile is not part of kolla , but is used to provision kolla nodes | 16:13 |
vhosakot | SiRiuS_: i don't see them. are they still in draft (red color). Could you hit "Reply" at the the top and click "post" | 16:13 |
*** akwasnie has joined #kolla | 16:14 | |
*** akwasnie has left #kolla | 16:15 | |
SiRiuS_ | vhosakot, is says Draft next to my answers | 16:15 |
SiRiuS_ | hmm | 16:15 |
vhosakot | SiRiuS_: cool, I was just thinking if the default values used (network_interface: "eth0" and neutron_external_interface: "eth1") in globals.yml need to change, or the same values are good ? | 16:15 |
SiRiuS_ | vhosakot, how do I get the answers submitted, if they are in Draft. I'm new, as you can probably tell :) | 16:16 |
openstackgerrit | Merged openstack/kolla: Fix race condition in haproxy https://review.openstack.org/292782 | 16:17 |
vhosakot | SiRiuS_: I found it unintuitive as well... so, select patch set 5 (where you see draft comments in red), click the green Up arrow at top right, click "Reply" at top, click "Post" | 16:18 |
vhosakot | SiRiuS_: in the gerrit homepage, at top right, it shows the patch set number ("Patch Sets 5/7) at top right next to Download | 16:19 |
SiRiuS_ | vhosakot, I think I did it, thanks for the help | 16:21 |
vhosakot | SiRiuS_: cool, np :) | 16:21 |
SiRiuS_ | vhosakot, if you have any followup questions, please ask :) | 16:24 |
vhosakot | cool, thanks for the replies... so, bootstrap.sh sets network_interface and neutron_external_interface.. cool | 16:24 |
vhosakot | SiRiuS_: https://github.com/openstack/kolla/blob/master/dev/vagrant/bootstrap.sh#L141-L142.. so, what is the value of network_interface here ? eth0 or eth1 ? | 16:24 |
SiRiuS_ | vhosakot, yup | 16:25 |
vhosakot | SiRiuS_: eth0 or eth1 ? | 16:25 |
SiRiuS_ | vhosakot, it would be ethic | 16:25 |
SiRiuS_ | *eth2 | 16:25 |
rhallisey | hello everyone | 16:25 |
vhosakot | SiRiuS_: neutron_external_interface is eth2, what about network_interface ? | 16:25 |
vhosakot | rhallisey: o/ | 16:25 |
SiRiuS_ | vhosakot, eth1 | 16:26 |
SiRiuS_ | vhosakot, just like the file | 16:26 |
vhosakot | SiRiuS_: ah, cool... just wanted to make sure that they are not affected.. cool, thanks for the new patch set.. it looks good | 16:26 |
SiRiuS_ | vhosakot, sure, that's why i configured the other 2 interfaces (NIC 1 and NIC2), because if I didn't then it would change the order | 16:27 |
*** dwalsh has quit IRC | 16:28 | |
SiRiuS_ | vhosakot, it's not documented in Vagrant, so I had to do it by trial and error | 16:28 |
vhosakot | SiRiuS_: I see that in the order and the comment about the order in code... cool | 16:28 |
SiRiuS_ | vhosakot, first time I tested it, I just set up NIC 3, but when the guest OS booted, it would connect NIC3 to eth0, which was not good at all | 16:29 |
vhosakot | ah ok... I have seen the guest OS pick the configured NIC and name it eth0 | 16:30 |
*** vhosakot has quit IRC | 16:32 | |
openstackgerrit | Merged openstack/kolla: Ceilometer needs pymongo to start https://review.openstack.org/294725 | 16:38 |
SamYaple | sdake: would you create teh stable/mitaka branch please? | 16:41 |
SamYaple | to unblock master | 16:42 |
SamYaple | also we need to pin the versions of the projects were using, but need the stable branch for that | 16:43 |
sdake | SamYaple iirc we had planned to branch at rc2 | 16:52 |
sdake | the rationale is to keep people focused on fixing bugs in mitaka | 16:52 |
sdake | of which there are plenty in nthe bug tracker | 16:53 |
SamYaple | well the issue is everyone else branched already | 16:53 |
SamYaple | and so now master is not mitaka | 16:53 |
SamYaple | it is newton | 16:53 |
SamYaple | so we need to pin versions | 16:53 |
SamYaple | you dont need to tag | 16:53 |
SamYaple | you need ot branch | 16:53 |
sdake | i understand | 16:54 |
sdake | do you not agree if mitaka is branched people will do dev rather then fix bugs? | 16:54 |
SamYaple | i dont think what i agree to matters, right now we arent gating mitaka | 16:54 |
SamYaple | other projects are deving right now and we are consuming | 16:54 |
sdake | i see | 16:55 |
SamYaple | i think branching is the best for stability | 16:55 |
sdake | ok that make sense | 16:55 |
SamYaple | i have a bunch of bug fixes in the queue | 16:55 |
sdake | see when i send emials to the mailing list, all you ahve to do is respond :) | 16:55 |
SamYaple | when did you send an email? | 16:55 |
sdake | basically dev is supposed to be done at mitaka-3 | 16:55 |
sdake | when mitaka-3 was released | 16:55 |
sdake | need subject? | 16:55 |
SamYaple | ah ok ill find it | 16:56 |
SamYaple | but i did not see it apaprently | 16:56 |
SamYaple | my email skills are not the best | 16:56 |
SamYaple | i just need better filters | 16:56 |
*** jasonsb has joined #kolla | 16:56 | |
sdake | ok well i'll send note that master has branched | 16:57 |
SamYaple | well if we can stable/mitaka on monday after the queue has been merged that would be best i think | 16:57 |
sdake | ok monday it is | 16:57 |
SamYaple | yea there are some critical things in the queue needing merging | 16:57 |
sdake | i think mitaka is in pretty good shape minus the fact that heat is broken | 16:57 |
SamYaple | yea ill fix that | 16:57 |
sdake | if vms can be launched in heat, i'd be all for branching :) | 16:57 |
SamYaple | i did test my fix | 16:57 |
sdake | backporting always fails on our end | 16:58 |
sdake | the idea with backports is you shouldn't do them unless absolutely necessary | 16:58 |
sdake | hehnce the idea of waiting to branch | 16:58 |
sdake | but our project isa bit odd that it consumes other upstream projects for gating purposes | 16:58 |
SamYaple | backporting for us fails because of lack of focus. we dont manage our bugs well | 16:59 |
sdake | cool so by test, did you llaunch a heat stack? | 16:59 |
SamYaple | yea | 16:59 |
sdake | i wholeheartedly agree | 16:59 |
SamYaple | even if focus wasnt there, good bug management could allow a single person to manage backports very easily | 16:59 |
*** vhosakot has joined #kolla | 17:00 | |
sdake | yes but with all the trivailfix stuff happening which are really bugs | 17:00 |
sdake | that is hard | 17:00 |
sdake | need to clamp down on that as a project, I think epople tend to abuse it | 17:00 |
SamYaple | yea i think weve all done it | 17:00 |
SamYaple | i agree | 17:00 |
sdake | i file bugs if its not docs or a one liner | 17:01 |
SamYaple | what we need instead of "trvialfix" is "AffectsMasterOnly" | 17:01 |
sdake | so people don't have to comb the git repo for fixes | 17:01 |
sdake | what we need is for people to file bugs ;) | 17:01 |
sdake | people use trivial fix for features, bugs, whatever suits their fancy ;) | 17:02 |
sdake | the big problem is it doesn't give us a true accounting of the bug work taking place | 17:03 |
SamYaple | well thats the thing. what do i do with something thats not a bug? its a feature, but not worthy of a blueprint? | 17:03 |
sdake | and no way to track = no way to backport | 17:03 |
sdake | those should be wishlist bugs | 17:03 |
sdake | i dont know why docs get autoassigned wishlist either, since they arenot features | 17:03 |
sdake | i prefer docs fixes get filed at high priority but i don't think there is control on that | 17:03 |
SamYaple | there is on the docs bot side | 17:04 |
SamYaple | but anyway yea we should just force bugs and not try to do a "affectsmasteronly" tag or anything | 17:04 |
*** dims_ has joined #kolla | 17:04 | |
SamYaple | and that means stop the trivalfix stuff | 17:04 |
SamYaple | because "fix" means bug | 17:04 |
*** dims has quit IRC | 17:05 | |
sdake | we implemented trivialfix because develoeprs were complaining about bug overhead | 17:05 |
SamYaple | eh that doesnt realyl work either | 17:05 |
SamYaple | yea | 17:05 |
sdake | because filing a bug takes 5-10 minutes of someones life :) | 17:05 |
SamYaple | honestly the masteronly thing might work better | 17:05 |
SamYaple | we dont need a bug for masteronly fix | 17:05 |
SamYaple | even wishlist-type feature | 17:05 |
openstackgerrit | Merged openstack/kolla: Increase usefulness of openstack-base https://review.openstack.org/294854 | 17:05 |
SamYaple | but we need a bug for anythign that doesnt affect just master | 17:05 |
sdake | the problem is eveyrone applies tags differently using different semantics | 17:06 |
sdake | thats why its better not to have any tags at all ;) | 17:06 |
sdake | this is the problem with process - different things to differnt people | 17:06 |
SamYaple | forcing bugs is something no other projcet does | 17:06 |
SamYaple | id be inclined to default to thier ways | 17:06 |
SamYaple | it works for the rest of openstack better than what we do | 17:06 |
sdake | nova allows features without a blueprint or bug tracker? | 17:06 |
SamYaple | nova doesnt even allow bug fixes | 17:07 |
SamYaple | but lets not base anything we do on "nova does it" | 17:07 |
vhosakot | how about bugs non non-one-liners and TrivialFix for _only_ one-liners ? | 17:07 |
SamYaple | they arent the pillar of working | 17:07 |
SamYaple | vhosakot: what about a one-liner that needs to be backported? | 17:07 |
sdake | well they do have a big pile of stuff to deal with :) | 17:07 |
sdake | vhosakot this issue that needs solving is hwo to manage backports | 17:07 |
sdake | the way I'd like to manage backports it just not do them by releasing sotwre that is good out of the gate ;) | 17:08 |
SamYaple | I do like this MasterOnly thing, something that doesnt need a bug, isnt a blueprint, wont be backported | 17:08 |
vhosakot | SamYaple: bug i that case.. one-liner in master but needed in older release in bug... | 17:08 |
sdake | vhosakot how does the backporter know | 17:08 |
sdake | comb the commit to figure out if its a bug that needsa a backport or what? | 17:08 |
vhosakot | sdake: right, the team needs to finalize/converge/freeze backports often | 17:09 |
sdake | the way other projects work is file a bug, then say affects which branches in launchpad | 17:09 |
sdake | or use a tag | 17:09 |
sdake | we are not using the bugs feature of launchpad very effectively as a team | 17:09 |
sdake | i can't even get people to triage properly much less sort out how to do a backport | 17:10 |
sdake | it would be nice if ayone could asig themselves a bug, but not actually do the triaging | 17:10 |
vhosakot | sdake: I think backport is a feaure-creep in older release and may un-stabilize the older release.. so, the team (at least the cores) need to know the status of backports.. | 17:10 |
sdake | then we could reduce the size of the drivers team | 17:10 |
sdake | because the drivers team's job is to do bug triage | 17:10 |
sdake | vhosakot right backports turn into features | 17:11 |
SamYaple | vhosakot: we commit to fixing bugs in backport | 17:11 |
sdake | rather then "heat doesn't work" | 17:11 |
sdake | or whateer | 17:11 |
SamYaple | vhosakot: not features | 17:11 |
sdake | our last release about 60 changes went in right after the branch which were not backports and not even slated for liberty | 17:11 |
vhosakot | bugs in backport is different.. _backport_ itself is a new feature in the older release | 17:12 |
sdake | it almost gave me a heartattack | 17:12 |
sdake | SamYaple since i dont have my gear in flagstaff (back tonight) i'll test monday/tuesday and we can branch then | 17:12 |
sdake | i want to test multinode on my own for centos | 17:12 |
sdake | I don't think kalot of folks are doing that | 17:12 |
SamYaple | sdake: you dont recall do you? we agree to the 1.1.0 release right after liberty. thats why those chages are there | 17:13 |
sdake | yup but it wasn't staffed properly | 17:13 |
*** dwalsh has joined #kolla | 17:13 | |
SamYaple | no it was on track | 17:13 |
sdake | i think agreeing to a 1.1.0 right after liberty was an error | 17:13 |
sdake | but we can't fix the past | 17:13 |
openstackgerrit | Jeffrey Zhang proposed openstack/kolla: Install neutron in manila-share group only when enable_manila is true https://review.openstack.org/295024 | 17:13 |
sdake | morning Jeffrey4l_ | 17:14 |
SamYaple | not following through was a bigger error | 17:14 |
*** vishwanathj has joined #kolla | 17:14 | |
SiRiuS_ | vhosakot, can I get a +1 if you are satisfied with the patch :) | 17:14 |
SamYaple | we need to be better at following through | 17:14 |
sdake | we are good at followthrough on master | 17:14 |
vhosakot | SiRiuS_: sure, 1 sec... was just testing your patch srt... looks great | 17:14 |
sdake | liberty was our first release where backporting was actually done | 17:15 |
Jeffrey4l_ | sdake, good night, it is 1 AM here :) | 17:15 |
SamYaple | Jeffrey4l_: go to sleep! | 17:15 |
SiRiuS_ | vhosakot, cool, I'll wait | 17:15 |
vhosakot | Jeffrey4l_: night night! | 17:15 |
Jeffrey4l_ | yea. I am going. | 17:15 |
vhosakot | SiRiuS_: done, +1, nice work | 17:16 |
SiRiuS_ | vhosakot, thanks \m/ :) | 17:16 |
sdake | i've been doing softwre for 20 years and have never seen backports handled properly | 17:17 |
vhosakot | Whenevr I used Vagrant, I'm wired (bridge) so did not see the issue... this time, I used wireless NAT to test.. cool | 17:17 |
Jeffrey4l_ | sdake, about the magnum v3 issue. There are trustee_domain_id and trustee_domain_admin_id in trust section. | 17:18 |
sdake | its not like I havnet seen people try a million things | 17:18 |
Jeffrey4l_ | which domain/admin should we use? | 17:18 |
sdake | Jeffrey4l_ recommend looking at how heat does it | 17:18 |
SamYaple | sdake: did you file a bug on that heat issue? | 17:18 |
sdake | yes | 17:18 |
Jeffrey4l_ | default domain or create a new domain ( for example magnum_domain ) | 17:18 |
Jeffrey4l_ | ok | 17:18 |
vhosakot | I am not a fan of backports.. why touch older software when it if good.... backport something if it is _really_ needed for most users | 17:19 |
sdake | "Heat doa in mitaka3" | 17:19 |
sdake | yup that is the only viable way to handle backports vhosakot | 17:19 |
sdake | as in don't do them unless absolutely necessary | 17:19 |
vhosakot | sdake: cool | 17:19 |
Jeffrey4l_ | heat use the default domain. I will copy that. | 17:20 |
openstackgerrit | Sam Yaple proposed openstack/kolla: Fix heat endpoint registration https://review.openstack.org/295025 | 17:20 |
SamYaple | there ya go sdake | 17:20 |
sdake | nice thanks SamYaple | 17:20 |
Jeffrey4l_ | need go to sleep. bye guys. | 17:24 |
sdake | later lei | 17:24 |
sdake | say SamYaple | 17:25 |
sdake | question relating to performance | 17:25 |
sdake | why is mitaka so much faster then liberty? | 17:25 |
*** vhosakot has quit IRC | 17:25 | |
*** vhosakot has joined #kolla | 17:26 | |
SamYaple | memcache all the things | 17:27 |
SamYaple | but if youre talking about horizon, thats thanks to jeffrey | 17:27 |
sdake | i am talking about deplooy time | 17:27 |
SamYaple | oh i optimized the crap outa it | 17:28 |
SamYaple | reduced number of tasks drastically | 17:29 |
SamYaple | did merge_configs | 17:29 |
SamYaple | et | 17:29 |
SamYaple | etc* | 17:29 |
sdake | so its just a reduction in number of tasks? | 17:29 |
SamYaple | mostly | 17:29 |
SamYaple | and sped up tasks | 17:29 |
sdake | i seem to recall there were about 300 tasks in liberty | 17:29 |
sdake | and about 300 in mitaka | 17:29 |
SamYaple | right but the number YOU use to deploy are less | 17:30 |
SamYaple | we added like 5 services | 17:30 |
SamYaple | gate deplys in ~150 tasks | 17:30 |
SiRiuS_ | vhosakot, can you please click on "This bug affects you" , if you managed to reproduce it, here https://bugs.launchpad.net/kolla/+bug/1558766 | 17:34 |
openstack | Launchpad bug 1558766 in kolla "neutron not working inside virtualbox on wi-fi" [Undecided,In progress] - Assigned to Andrei-Lucian Șerb (lucian-serb) | 17:34 |
vhosakot | SiRiuS_: as I said, I am always wired and _dont_ use vagrant for daily dev... I was not able to reproduce the bug, but I did not see the bug when I tested your patch set | 17:36 |
SiRiuS_ | vhosakot, I had a discussion with mandre about it, but he did not have VirtualBox, and was not able to reproduce it | 17:36 |
SiRiuS_ | vhosakot, oh, ok | 17:36 |
vhosakot | SiRiuS_: I use the Vagrant libvirt plugin | 17:36 |
vhosakot | SiRiuS_: I turned on wifi, shutdown my wired interface, tested your patch set, and did not see the bug.. | 17:37 |
vhosakot | SiRiuS_: are you using VirtualBox on Ubuntu or Mac/Windows ? | 17:38 |
SiRiuS_ | vhosakot, So practically it works on libvirt, without the patch, because libvirt was not patched | 17:38 |
SiRiuS_ | vhosakot, on Mac, but VirtualBox documentation did not specify Mac being the only one affected | 17:39 |
vhosakot | SiRiuS_: yep, I have seen ubuntu+virtualbox not stable and I had to uninstall libvirt for it (which I dont want to, my libvirt is pretty stable) | 17:39 |
vhosakot | SiRiuS_: ah ok | 17:39 |
SiRiuS_ | Bridging to a wireless interface is done differently from bridging to a wired interface, because most wireless adapters do not support promiscuous mode. All traffic has to use the MAC address of the host’s wireless adapter, and therefore VirtualBox needs to replace the source MAC address in the Ethernet header of an outgoing packet to make sure the reply will be sent to the host interface. When VirtualBox sees an incoming packet with a destination IP add | 17:39 |
SiRiuS_ | ress that belongs to one of the virtual machine adapters it replaces the destination MAC address in the Ethernet header with the VM adapter’s MAC address and passes it on. VirtualBox examines ARP and DHCP packets in order to learn the IP addresses of virtual machines. | 17:39 |
SiRiuS_ | vhosakot, that is what the docs say | 17:40 |
vhosakot | SiRiuS_: ah ok.. let me read | 17:40 |
vhosakot | SiRiuS_: isn;t this in the commit message | 17:40 |
SiRiuS_ | it is | 17:40 |
vhosakot | cool | 17:40 |
vhosakot | ok, gotta step out a bit... SiRiuS_, I think I have a Ubuntu+Vagrant image minus libvirt.. will let you know if I find time to use and test it... | 17:42 |
SiRiuS_ | vhosakot, nice, that would be awesome | 17:43 |
vhosakot | SiRiuS_: frankly, I don't spend much time debugging Vagrant issues as Vagrant is not used in production and no customer sees/worries about it mostly... a lot of devs use for daily dev/VM creation, teating and re-creating VMs easily | 17:44 |
SiRiuS_ | vhosakot, sure, it's mostly devs or people trying kolla for the first time | 17:44 |
vhosakot | yep, | 17:45 |
SiRiuS_ | vhosakot, not everyone has a lab where they can do deployment :) | 17:45 |
vhosakot | yep, use Ubuntu/Liux on laptop to begin with ;) | 17:45 |
SiRiuS_ | yeah | 17:46 |
vhosakot | most of the time, my host OS on laptop is Linux | 17:46 |
vhosakot | I have seen libvirt/qemu in the host kernel a _lot_ stabler than virtualization software that _emulate_ like virtualBox/vmware fusion, etc | 17:47 |
openstackgerrit | Merged openstack/kolla: Fix the prechecks role idempotent https://review.openstack.org/295018 | 17:48 |
vhosakot | plus, needless to say, the networking/nat magic these softwares do... but, yes, they are great if host OS on laptop is not Linux or without libvirt | 17:48 |
vhosakot | ok, gotta step out a bit... see you all | 17:49 |
sdake | virtualbox uses hardware virt if your mac is configured properly | 17:49 |
sdake | SiRiuS_ are yuo Anderi-Lucian? | 17:49 |
SiRiuS_ | sdake, yes | 17:50 |
sdake | SiRiuS_ could you explain how to manully setup virtualbox so that networking works properly? | 17:50 |
sdake | (with wifi) | 17:50 |
sdake | to me - so i can document it | 17:50 |
vhosakot | sdake: yes, agreed | 17:50 |
sdake | I use a mac for dev | 17:50 |
sdake | and i need to know :) | 17:50 |
SiRiuS_ | sdake, sure | 17:51 |
SiRiuS_ | I'll tell you the full story :D | 17:51 |
sdake | let me go get a monster drink ;) | 17:51 |
sdake | j/k ;) | 17:51 |
SiRiuS_ | basically I downloaded kolla, and managed to reply fine | 17:52 |
SiRiuS_ | deploy* | 17:52 |
SiRiuS_ | I ran the init-runonce | 17:52 |
SiRiuS_ | so I had everything set up properly | 17:52 |
SiRiuS_ | but I could not get internet connectivity inside the nova VMs | 17:53 |
SiRiuS_ | neither could I connect to the nova VMs from my host | 17:53 |
sdake | how did you get into your vm from your mac? | 17:53 |
SiRiuS_ | NOVNC | 17:53 |
sdake | so not ssh | 17:53 |
SiRiuS_ | nope | 17:53 |
SiRiuS_ | ssh did not work | 17:54 |
sdake | just as a side do you know how to access via ssh? | 17:54 |
SiRiuS_ | but I did not know that I had to set promiscuous mode to "allow-all" it's not in the kolla docs | 17:54 |
sdake | nm we ca ntalk about that after ou finish :) | 17:54 |
sdake | what is allow-all | 17:54 |
SiRiuS_ | I found out about promiscuous mode by reading through the OpenStack docs | 17:54 |
*** achanda has joined #kolla | 17:55 | |
SiRiuS_ | VirtualBox filters L2 traffic if promiscuous mode is set to deny | 17:55 |
SiRiuS_ | and Neutron needs to pass L2 traffic to the external network gateway | 17:56 |
SiRiuS_ | but even with promiscuous mode set to allow-all, it still did not work fully | 17:56 |
SiRiuS_ | I managed to connect from my host to the nova VMs | 17:56 |
sdake | was this all in the context of vagrant or did you do it via the virtualbox ui first? | 17:57 |
SiRiuS_ | but the nova VMs could still not connect to the external network gateway, or to any other computer on the wireless network | 17:57 |
SiRiuS_ | first manually, without vagrant | 17:57 |
sdake | where is the allow-all flag located? | 17:57 |
SiRiuS_ | Finally I read the VirtualBox docs | 17:58 |
SiRiuS_ | and the docs warned about Wi-Fi | 17:58 |
SiRiuS_ | where is it located in the docs? | 17:58 |
sdake | that would be rockin if they have already documented it - we could put that in our docs | 17:58 |
sdake | like how to get kolla running on virtualbox | 17:59 |
SiRiuS_ | I have virtualbox 5.0.14 | 17:59 |
sdake | me too | 17:59 |
SiRiuS_ | if you go to help -> contents | 17:59 |
SiRiuS_ | it opens up the docs | 17:59 |
SiRiuS_ | on page 101 it says about Wi-Fi promiscuous mode and Wi-Fi | 18:00 |
SiRiuS_ | there is a Note | 18:00 |
sdake | reading - continue on :) | 18:01 |
SiRiuS_ | practically it is impossible to send unmodified packages from neutron to the wifi router | 18:01 |
SiRiuS_ | so using the physical network as the neutron_external_network is not posible | 18:02 |
SiRiuS_ | luckily VirtualBox has the concept of a NAT-Network | 18:03 |
SiRiuS_ | which is practically a private network with its own virtual router | 18:03 |
sdake | familiar with that | 18:03 |
sdake | i want to be able to ssh into my vm :) | 18:04 |
sdake | do you know how to do that? | 18:04 |
sdake | not the nova vm, the vm i created originally | 18:04 |
SiRiuS_ | so we use the virtual router as the gateway for neutron | 18:04 |
SiRiuS_ | sdake, what VM exactly? | 18:05 |
sdake | i created a centos7 vm to install koll ain | 18:05 |
sdake | the only way i can access this is via novnc which is annoying | 18:05 |
sdake | i want to ssh into my vm | 18:05 |
sdake | but it is a nat network setup with wireless | 18:05 |
SiRiuS_ | what interfaces do you have connected to the vm ? | 18:05 |
sdake | a nat interface | 18:06 |
SiRiuS_ | you should do it like Vagrant does it, it is a very good setup | 18:06 |
sdake | SiRiuS_ you arn't just teaching me, this is going in the docs | 18:06 |
sdake | i dont understand vagrant too well unfortunately | 18:06 |
SiRiuS_ | you need a interface for internet connectivity | 18:06 |
sdake | so a host bridged network? | 18:07 |
SiRiuS_ | then another/multiple interfaces for internal stuff (management, are tunnel, storage) | 18:07 |
sdake | right | 18:07 |
SiRiuS_ | and another for the external network (which is usually the internet) | 18:07 |
sdake | so 4 nics then? | 18:08 |
SiRiuS_ | a minimum of 3 | 18:08 |
sdake | lets say i'm not setting up kolla | 18:08 |
sdake | i ust want centos vm to ssh into | 18:08 |
SiRiuS_ | 1 for internet connectivity inside the vm | 18:08 |
sdake | what does the network type have to be? | 18:08 |
SiRiuS_ | 2 for management, gre, storage | 18:08 |
SiRiuS_ | 3 for external neutron network | 18:08 |
sdake | ya got all that | 18:08 |
sdake | just want to focus on one thing at a time here :) | 18:09 |
SiRiuS_ | 1 should be a simple NAT | 18:09 |
sdake | how do you ssh into it then? | 18:09 |
SiRiuS_ | set port forward | 18:09 |
sdake | is that a virtualbox option? | 18:09 |
SiRiuS_ | yup | 18:09 |
sdake | sweet now we are getting somewhere | 18:09 |
sdake | got a pointer in the docs on that? | 18:09 |
SiRiuS_ | select "Attached to NAT" | 18:09 |
SiRiuS_ | then click "Advanced" | 18:09 |
SiRiuS_ | then click on "Port Forwarding | 18:10 |
SiRiuS_ | create a rule | 18:10 |
SiRiuS_ | Name: SSH | 18:10 |
SiRiuS_ | Protocol: TCP | 18:10 |
*** vhosakot has quit IRC | 18:10 | |
SiRiuS_ | Host IP: 127.0.0.1 | 18:10 |
SiRiuS_ | Guest IP: leave blank | 18:11 |
SiRiuS_ | Guest Port: 22 | 18:11 |
*** vhosakot has joined #kolla | 18:11 | |
SiRiuS_ | now you can use ssh centos@localhost -p 2222 | 18:11 |
SiRiuS_ | I forgot Host Port: 2222 | 18:11 |
SiRiuS_ | you can use any port you like for the Host Port, just make sure is not used by other apps | 18:12 |
sdake | right | 18:12 |
SiRiuS_ | you should be able to ssh into centos with no problems | 18:13 |
SiRiuS_ | with just one interface attached to NAT | 18:13 |
SiRiuS_ | and port forwarding set up | 18:13 |
SiRiuS_ | let me know if it works | 18:14 |
sdake | is there a firewall to turn off? | 18:16 |
SiRiuS_ | also you should really give Vagrant a try, it's great, especially if you want to do multinode | 18:16 |
SiRiuS_ | I haven't touched any firewall settings | 18:16 |
sdake | sweet it works!! | 18:17 |
sdake | wow now i can do laptop dev of kolla | 18:17 |
sdake | SiRiuS_ you rock! | 18:17 |
SiRiuS_ | :D | 18:17 |
sdake | ok on to the other network setups :) | 18:17 |
SiRiuS_ | glad to be of help | 18:17 |
sdake | how do i setup the other network interfaces? | 18:18 |
SiRiuS_ | so for NIC 2 | 18:18 |
SiRiuS_ | go to virtualbox global preferences | 18:19 |
SiRiuS_ | there is a Network tab | 18:19 |
sdake | yes very fmailiar with all this stuff | 18:19 |
SiRiuS_ | go there, then click on Host-Only networks | 18:19 |
sdake | just could never get it to work | 18:19 |
SiRiuS_ | and create a default host-only network | 18:20 |
sdake | vboxnet0 | 18:20 |
SiRiuS_ | with DHCP enabled | 18:20 |
SiRiuS_ | yes | 18:20 |
SiRiuS_ | while you are here | 18:20 |
SiRiuS_ | you can also set up a NAT Network | 18:21 |
SiRiuS_ | from the NAT Networks tab | 18:21 |
SiRiuS_ | give it a name and change the default CIDR | 18:21 |
SiRiuS_ | very important to change the default CIDR | 18:21 |
sdake | what should it be set to? | 18:21 |
SiRiuS_ | because it conflicts with the NAT interface you created earlier | 18:21 |
sdake | 10.0.3? | 18:22 |
SiRiuS_ | the default NAT of the first interface is 10.0.2.0/24 | 18:22 |
SiRiuS_ | you can change the CIDR to 192.168.x.x | 18:22 |
SiRiuS_ | like 192.168.2.0/24 | 18:22 |
sdake | any port forwards? | 18:23 |
SiRiuS_ | and disable DHCP for the NAT Network, | 18:23 |
SiRiuS_ | when you want to access nova VMS | 18:23 |
sdake | this will probably require its own document | 18:23 |
sdake | lots of steps - don't want to overload the QSG | 18:23 |
SiRiuS_ | to access nova VMs you need to set a port forward for each of the floating IPs | 18:24 |
SiRiuS_ | they will live inside the NAT Network | 18:24 |
SiRiuS_ | they will have IP like 192.168.2.123 | 18:25 |
sdake | 192.168.1.150? | 18:25 |
sdake | rather 2.150? | 18:25 |
SiRiuS_ | yes | 18:25 |
*** vishwanathj is now known as vishwanathj_away | 18:25 | |
SiRiuS_ | depends on how you create them in neutron | 18:25 |
sdake | host and gueest port are both 22? | 18:25 |
sdake | init-runocne starts floats at 150 | 18:25 |
SiRiuS_ | nope | 18:25 |
SiRiuS_ | you have to use other ports | 18:25 |
SiRiuS_ | guys is 22 | 18:26 |
SiRiuS_ | but host must be something other than 22 or 2222 set earlier | 18:26 |
sdake | i see | 18:26 |
SiRiuS_ | i use 5502 for 192.168.2.102 | 18:26 |
sdake | so host port should be 192.168.2.150 or guet ip? | 18:26 |
SiRiuS_ | 5503 for 192.168.2.103 | 18:26 |
SiRiuS_ | etc. | 18:26 |
SiRiuS_ | host port 5502..3..4.. | 18:27 |
SiRiuS_ | host ip 127.0.0.1 | 18:27 |
SiRiuS_ | you need to set guest ip (unlike the NAT adapter earlier) | 18:27 |
SiRiuS_ | Guest IP: 192.168.2.151 | 18:27 |
SiRiuS_ | (150 will be the neutron router if init-runonce is used) | 18:28 |
SiRiuS_ | Guest port: 22 | 18:28 |
sdake | ok i have two forwards setup | 18:28 |
sdake | whats next | 18:29 |
SiRiuS_ | click ok on everyhing | 18:29 |
SiRiuS_ | and run this | 18:29 |
SiRiuS_ | "VBoxManage list natnetworks" | 18:29 |
SiRiuS_ | inside the terminal | 18:29 |
SiRiuS_ | to see if the settings for the NAT Network are OK | 18:30 |
sdake | http://paste.openstack.org/raw/491203/ | 18:31 |
sdake | doesn't look quite right | 18:31 |
SiRiuS_ | Rule 1:tcp:[127.0.0.2]:5551:[192.168.2.151]:22 | 18:31 |
SiRiuS_ | it should be 127.0.0.1 | 18:32 |
sdake | yup fixed | 18:32 |
sdake | now whats next ;) | 18:32 |
* sdake likes learning :) | 18:32 | |
* sdake likes teaching too | 18:32 | |
SiRiuS_ | question: can we ssh into the neutron router? | 18:32 |
sdake | only if you enter the namespace i think | 18:33 |
sdake | via ip netns exec | 18:33 |
sdake | but that is a WAG tbh | 18:33 |
SiRiuS_ | i saw you made a rule for 192.168.2.150, and that is the router in init-runonce | 18:33 |
SiRiuS_ | well next we need to create new interfaces | 18:34 |
SiRiuS_ | and connect them to the networks we created | 18:35 |
sdake | http://paste.openstack.org/raw/491204/ | 18:35 |
SiRiuS_ | ssh:tcp:[127.0.0.1]:55502:[192.168.2.152]:22 | 18:35 |
SiRiuS_ | no good | 18:36 |
SiRiuS_ | that port is way to high | 18:36 |
sdake | oh typo | 18:36 |
sdake | thanks | 18:36 |
SiRiuS_ | i recumbent 550x | 18:36 |
sdake | ok fixed | 18:36 |
SiRiuS_ | if you are to have more floating IPs than 9 | 18:37 |
SiRiuS_ | 55XX rather | 18:37 |
sdake | what do you mean recumbent | 18:37 |
SiRiuS_ | *recommend | 18:38 |
sdake | got it | 18:39 |
sdake | ok the final steps are which? | 18:39 |
sdake | (btw this is all going in the docs as a separate doc - i'll add you as a coauthor since you figured all this stuff out :) | 18:39 |
SiRiuS_ | next we need to create new interfaces | 18:39 |
SiRiuS_ | (thanks :) ) | 18:39 |
sdake | adapter 2 should be setup how? | 18:40 |
SiRiuS_ | and connect them to the networks we created | 18:40 |
SiRiuS_ | for adapter 2 attach it to Host-only Adapter | 18:40 |
SiRiuS_ | with the name vboxnet0 | 18:40 |
sdake | and same deal for adapter 2 with nat network? | 18:41 |
SiRiuS_ | also I recommend setting the adapter type to virtio (for better performance) | 18:41 |
sdake | rather adatper 3 | 18:41 |
SiRiuS_ | virtio for all the adapters | 18:41 |
sdake | all adapters paravirtualized | 18:41 |
SiRiuS_ | for adapter 3 we attach it to NAT Network | 18:42 |
SiRiuS_ | and also for the 3rd adapter set promiscuous mode to "Allow All" | 18:42 |
sdake | and fire up the vm? | 18:43 |
SiRiuS_ | yup | 18:43 |
SiRiuS_ | should be ok | 18:43 |
SiRiuS_ | you still need to change globals.yml with the new settings | 18:43 |
*** vhosakot has quit IRC | 18:43 | |
SiRiuS_ | for deploying | 18:44 |
sdake | ok I have an eth0 and eth1 an some other interfaces | 18:45 |
SiRiuS_ | you should have 3 interfaces inside CentOS | 18:45 |
SiRiuS_ | eth0 with an ip like 10.0.2.15 | 18:45 |
SiRiuS_ | eth1 with an ip like 172.28.128.3 | 18:45 |
SiRiuS_ | and ethic with no ip | 18:46 |
SiRiuS_ | *eth2 | 18:46 |
sdake | eth2 didn't get a dhcp address it appears | 18:46 |
SiRiuS_ | yes | 18:46 |
sdake | rather eth1 i mean | 18:46 |
SiRiuS_ | it's good that way | 18:46 |
SiRiuS_ | eth1 | 18:46 |
sdake | eth2 isn't configured it all | 18:46 |
SiRiuS_ | needs an ip | 18:46 |
SiRiuS_ | make sure DHCP is on in the Host-only Network | 18:47 |
SiRiuS_ | eth2 needs no IP because it will be use by neutron for the external interface | 18:47 |
sdake | right, i dont have an eth2, let me debug for a moment | 18:48 |
sdake | what is this veth interfface | 18:48 |
sdake | found the problem , one of my devices was intel rather then virtio | 18:49 |
SiRiuS_ | weird | 18:49 |
SiRiuS_ | it should not cause any problems | 18:50 |
sdake | http://paste.fedoraproject.org/343095/84998301/ -> http://paste.fedoraproject.org/343095/84998301 | 18:50 |
sdake | looks right to me i think ;-) | 18:51 |
sdake | globals.yml should look like what for the interfaces? | 18:51 |
SiRiuS_ | did you manually change the IPs for the Host-only network | 18:52 |
SiRiuS_ | because it is usually 172.28.128.0/24 | 18:52 |
sdake | i dont think i did, but i may have in the past | 18:52 |
sdake | i looked and it is 192.168.56.1 | 18:52 |
sdake | for th eadapter ip | 18:53 |
sdake | dhcp server is 192.168.56.100 | 18:53 |
SiRiuS_ | oh, it's ok, mine was 172.28.128.0/24 by default | 18:53 |
sdake | does that part matter? | 18:54 |
sdake | what is eth1 used for, storage network and friends? | 18:54 |
SiRiuS_ | as long as the networks don't cross, it's fine | 18:54 |
SiRiuS_ | management, storage, gre tunnel | 18:54 |
*** achanda has quit IRC | 18:58 | |
sdake | deploying atm | 18:58 |
SiRiuS_ | kolla_internal_vip_address: "192.168.56.254" | 18:58 |
SiRiuS_ | network_interface: "eth1" | 18:59 |
SiRiuS_ | neutron_external_interface: "eth2" | 18:59 |
sdake | bummer i deployed on eth0 :( | 18:59 |
SiRiuS_ | :D | 18:59 |
sdake | seems to be working tho ;) | 18:59 |
SiRiuS_ | well you will probably lose networking | 19:00 |
sdake | so SiRiuS_ how did you figure all that out? | 19:00 |
SiRiuS_ | because eth0 is used for ssh | 19:00 |
SiRiuS_ | and neutron will mess it up | 19:00 |
sdake | network_interface is the management network | 19:00 |
SiRiuS_ | yes | 19:01 |
sdake | i dont think you really need 3 interfaces unless you want a storage network | 19:01 |
*** dwalsh has quit IRC | 19:01 | |
SiRiuS_ | eth1 is used for managemen+gre tunnel+storage (all in one) | 19:02 |
SiRiuS_ | eth0 is used only to have internet access inside the VM and to ssh to it | 19:02 |
sdake | groan msg: The requested image does not exist: localhost:4000/kollaglue/centos-binary-neutron-metadata-agent:2.0.0 | 19:02 |
sdake | ya lost networking :( | 19:03 |
SiRiuS_ | eth2 is used by neutron to provide access to the nova VMs and to give them internet access | 19:03 |
SiRiuS_ | told you so :) | 19:03 |
SiRiuS_ | just reboot the VM | 19:04 |
SiRiuS_ | change neutron_external_interface to ethic | 19:04 |
SiRiuS_ | *eth2 | 19:04 |
sdake | oh i lost networking because i was out of juice | 19:04 |
SiRiuS_ | eth0 should not be used for anything | 19:05 |
SiRiuS_ | it's just a utility network, not relevant to OpenStack | 19:05 |
sdake | ok | 19:05 |
sdake | rebuilding neutron - just a moment | 19:07 |
SiRiuS_ | sdake, On how did I figure all that out: trial and error :)) | 19:09 |
sdake | SamYaple i'd like to see genpwd in prior to the branch if you can address the remaining comment | 19:09 |
sdake | SiRiuS_ what are your thoughts on pain points related to kolla | 19:10 |
SiRiuS_ | sdake, it took me a while to figure out how to get neutron working on virtualbox on wifi | 19:11 |
sdake | ok well that will be fixed shortly | 19:11 |
SiRiuS_ | had no idea I need to set promiscuous mode to "allow-all" | 19:11 |
sdake | but thats a developer pain point - not really a real world use case ;) | 19:12 |
SiRiuS_ | for the neutron external interface | 19:12 |
sdake | what about other pain points | 19:12 |
SiRiuS_ | well sdake, not just developer, because lots of people that will try kolla for the first time, will probably do it inside a VM | 19:12 |
SiRiuS_ | sdake, it is the easiest way to get started | 19:12 |
sdake | right | 19:12 |
sdake | i think the easiest way to get started is bare metal ;) | 19:13 |
*** dims has joined #kolla | 19:13 | |
sdake | but people may be afraid kolla makes a mess of their system | 19:13 |
sdake | used to devstack thinking | 19:13 |
SiRiuS_ | sdake, well bare metal is not always available, not everyone has a lab, or are willing to do i directly on their computer | 19:14 |
*** sbezverk has quit IRC | 19:14 | |
sdake | ok acknowledged | 19:14 |
sdake | anything else? | 19:14 |
*** dims_ has quit IRC | 19:14 | |
SiRiuS_ | hmm, maybe ceph | 19:15 |
sdake | could you expand | 19:15 |
SiRiuS_ | I'm trying ceph as we speak | 19:15 |
sdake | i hoep you read the docs first ;) | 19:15 |
sdake | I thought ceph was pretty straightforward the first time i deployed it | 19:15 |
SiRiuS_ | I had to delete my VM because it got messed up by ceph :) | 19:15 |
sdake | it edits /etc/fstab | 19:16 |
SiRiuS_ | well this is my first time, so maybe it will go smoothly the second time | 19:16 |
SiRiuS_ | ceph_erasure_profile is k=4 m=2 | 19:17 |
SiRiuS_ | so I need 6 discs right ? | 19:17 |
SiRiuS_ | and with caching enable i need 12 ? | 19:17 |
*** dims has quit IRC | 19:17 | |
SiRiuS_ | 6 with KOLLA_CEPH_OSD_BOOTSTRAP label | 19:17 |
SiRiuS_ | and 6 with KOLLA_CEPH_OSD_CACHE_BOOTSTRAP | 19:18 |
sdake | hmm I haven't tried out erasure encoding since it was added | 19:18 |
sdake | my lab has been demolished for about 3 months unfortunately so i have only 1 macine availble to me bare metal atm | 19:18 |
sdake | SamYaple is your guy on ceph | 19:18 |
*** mbound has joined #kolla | 19:19 | |
SiRiuS_ | I'm curious about setting it up on one VM (all-in-one deployment) | 19:21 |
sdake | curious as in the docs need improvement? | 19:21 |
SiRiuS_ | ceph osd pool set rbd size 1 (does 1 here signify the number of machines available for ceph ?) | 19:22 |
sdake | 1 = number of OSDs | 19:22 |
sdake | or disks available in essence | 19:22 |
sdake | iirc each disk gets an OSD | 19:22 |
SiRiuS_ | Oh, so i can set it to 6 if i have 6 disc in my VM | 19:23 |
SiRiuS_ | sdake, did you manage to deploy ? | 19:23 |
sdake | i had to rebuild my neturon images | 19:23 |
sdake | but in process of deploying now | 19:23 |
sdake | then i'll ask for next steps ;) | 19:24 |
SiRiuS_ | ok | 19:24 |
SiRiuS_ | :D | 19:24 |
sdake | it takes about 5 minutes to deploy on my vm | 19:24 |
SamYaple | hola | 19:26 |
SamYaple | i got pinged | 19:26 |
SiRiuS_ | sdake, I got something like this from docker exec ceph_mon ceph -s -> http://paste.openstack.org/show/491210/ | 19:26 |
sdake | yar - genpwd can you get that in prior to branch plz | 19:26 |
sdake | and SiRiuS_ is looking for ceph support on AIO with erasure encoding | 19:27 |
SamYaple | sdake: just needs a rework to urandom, right? | 19:27 |
sdake | to SystemRandom I think | 19:27 |
*** achanda has joined #kolla | 19:27 | |
sdake | should be same code | 19:27 |
sdake | just different master class | 19:27 |
SamYaple | os.urandom probably but yea | 19:27 |
SamYaple | i can do that | 19:27 |
sdake | SystemRandom uses os.urandom | 19:27 |
sdake | but provides all the random() api calls | 19:27 |
sdake | rather random class api calls | 19:27 |
SamYaple | sdake: you seem to have a handle on this, do you want to take a crack at the patch? | 19:28 |
sdake | Systemrandom inherits from random but overrides random() api call | 19:28 |
sdake | i could update yours if you liek | 19:28 |
sdake | its a 1 liner i think ;) | 19:28 |
SamYaple | please do | 19:28 |
SamYaple | havent looked at it at all today | 19:28 |
sdake | ok - will be later tonight then | 19:28 |
sdake | we are going to be on the road shortly | 19:29 |
SamYaple | SiRiuS_: if you have AIO earasure coding, youll likely have to rekick your deploy to make this work | 19:29 |
sdake | 2 hour drie | 19:29 |
SamYaple | the reason is you have to change the pool creation type | 19:29 |
SamYaple | and you can't do that after the fact | 19:29 |
SamYaple | SiRiuS_: just fyi though, you can't do erasure coding without a cache tier | 19:29 |
SamYaple | SiRiuS_: ceph_erasure_profile: "k=4 m=2 ruleset-failure-domain=osd" <<< put that in your globals.yml | 19:30 |
sdake | ok SiRiuS_ got a deploy | 19:30 |
sdake | now init-runonce needs modification I assume? | 19:30 |
SiRiuS_ | sdake, yes | 19:31 |
*** Jeffrey4l__ has joined #kolla | 19:32 | |
SiRiuS_ | sdake, here is mine http://paste.openstack.org/show/491212/ | 19:32 |
SiRiuS_ | the networking part | 19:32 |
SiRiuS_ | what is important is the part: start=192.168.2.101,end=192.168.2.200 public-net 192.168.2.0/24 --gateway 192.168.2.1 | 19:33 |
SiRiuS_ | the gateway is the NAT-Network gateway | 19:33 |
*** Jeffrey4l_ has quit IRC | 19:33 | |
SiRiuS_ | SamYaple, the default is ceph_erasure_profile: "k=4 m=2 ruleset-failure-domain=host" | 19:35 |
SiRiuS_ | SamYaple, what does osd do if I change it to that? | 19:35 |
SamYaple | SiRiuS_: you have a single host, youll never be able to get proper object placement without a MINIMUM of 3 hosts with that ruleset | 19:36 |
SamYaple | or actually, 6 hosts | 19:36 |
SiRiuS_ | not even with 6 discs on my host? | 19:36 |
SamYaple | changing the failure domain to osd means you only need 6 osds | 19:36 |
SamYaple | no because the failure domain is hosts, not osds | 19:36 |
SiRiuS_ | OOOOh | 19:36 |
SiRiuS_ | got it | 19:37 |
SiRiuS_ | :) | 19:37 |
SamYaple | but you have t orekick | 19:37 |
SamYaple | you cant change that live | 19:37 |
SiRiuS_ | I'm starting fresh | 19:37 |
SiRiuS_ | SamYaple, sdake, that should be in the docs | 19:38 |
SamYaple | SS | 19:40 |
SamYaple | SiRiuS_: maybe. Its a ceph thing and its in the ceph docs | 19:40 |
SamYaple | erasure coding with cache tiers is some advanced ceph stuff | 19:40 |
SamYaple | ive made it easy in kolla, but its still advanced ceph stuff | 19:41 |
SamYaple | we cant document everything | 19:41 |
*** mbound has quit IRC | 19:41 | |
SiRiuS_ | SamYaple, there is already some stuff about all-in-one, that why i suggested it | 19:41 |
SamYaple | I rarely ever block docs patches S, you are free to write it | 19:42 |
SiRiuS_ | SamYaple, I looked over the ceph docs, and yes, it is quite advanced, thanks for making it easy :) | 19:42 |
SiRiuS_ | sdake, is everything working ? | 19:44 |
sdake | SiRiuS_ seems to be | 19:45 |
sdake | launching a vm now | 19:45 |
SiRiuS_ | tell me if you have internet access inside the VM | 19:45 |
SiRiuS_ | and if you can ssh into it | 19:45 |
SiRiuS_ | from your host | 19:45 |
sdake | groan no valid host found | 19:46 |
SiRiuS_ | hmmm | 19:47 |
sdake | why is that the only error that comes out of nova and is competely useless | 19:47 |
sdake | oh i'm ina vm | 19:47 |
sdake | let me reconfigure | 19:47 |
sdake | hrm that didn't seem to work | 19:52 |
sdake | itworked when i demoed it however | 19:52 |
sdake | maybe the patch hasn't hit the repo | 19:52 |
SamYaple | no valid host is likely a networking issue, or other resource issue | 19:53 |
SamYaple | check scheduler and compute logs | 19:53 |
SamYaple | it _will_ have the reason why | 19:53 |
sdake | ther ei no hypervisor in nova hypervisor-list | 19:53 |
SamYaple | check rabbitmq | 19:53 |
sdake | there is no | 19:53 |
sdake | well i just blew away my deploy | 19:53 |
SiRiuS_ | sdake, I suggest you start fresh with a blank VM | 19:53 |
sdake | dont need a blank vm | 19:53 |
sdake | just need to cleanup | 19:54 |
sdake | thats the beuty of iolla - it makes no mess :) | 19:54 |
SamYaple | it can make an uncleanup-able mess if you dont properly removed openvswitch between runs | 19:54 |
SamYaple | just fyi | 19:54 |
SamYaple | for bridge in $(docker exec -it openvswitch_vswitchd ovs-vsctl list-br); do for port in $(docker exec -it openvswitch_vswitchd ovs-vsctl list-ports ${bridge}); do docker exec -it openvswitch_vswitchd ovs-vsctl del-port ${bridge} ${port}; done; docker exec -it openvswitch_vswitchd ovs-vsctl del-br ${bridge}; done; ip a | awk -F'\''[: ]'\'' '\''/^[0-9]/ {print $3}'\'' | awk '\''/^q|^tap/'\'' | xargs -n1 ip l d dev; rmmod vport_vxlan openvswitch | 19:55 |
SamYaple | youre welcome | 19:55 |
SamYaple | or even; | 19:56 |
SamYaple | for bridge in $(docker exec -it openvswitch_vswitchd ovs-vsctl list-br); do for port in $(docker exec -it openvswitch_vswitchd ovs-vsctl list-ports ${bridge}); do docker exec -it openvswitch_vswitchd ovs-vsctl del-port ${bridge} ${port}; done; docker exec -it openvswitch_vswitchd ovs-vsctl del-br ${bridge}; done; ip a | awk -F'[: ]' '/^[0-9]/ {print $3}' | awk '/^q|^tap/' | xargs -n1 ip l d dev; rmmod vport_vxlan openvswitch | 19:56 |
sdake | i rebooted | 19:56 |
sdake | i'd think a reboot would get the job done | 19:56 |
SamYaple | sdake: if you want to cleanup inbteween runs, use that command above _BEFORE_ you tear down contaienrs | 19:56 |
SamYaple | it will | 19:57 |
SamYaple | but you ahve to reboot | 19:57 |
sdake | already deploying :) | 19:57 |
SiRiuS_ | sdake, I recommend enabling shared folders in VirtualBox | 19:57 |
sdake | this time with virt driver of qemu | 19:57 |
SiRiuS_ | and put your docker registry there | 19:57 |
sdake | SiRiuS_ are ou usin qemu driver? | 19:57 |
SiRiuS_ | yes, that is the only way | 19:58 |
SiRiuS_ | I forgot about that :) | 19:58 |
SiRiuS_ | you HAVE to use qemu | 19:58 |
sdake | /etc/kolla/config/nova/nova-compute.conf | 19:58 |
SiRiuS_ | in there, yes | 19:58 |
sdake | as already documented | 19:58 |
SiRiuS_ | anyway, try to use shared folders in VIrtualBox, and put your docker images in there | 19:59 |
SiRiuS_ | that way, you can completely destroy a vm, without having to rebuild images | 20:00 |
SiRiuS_ | all of this stuff is done automatically by Vagrant, by the way :) | 20:01 |
sdake | 2016-03-20 20:01:55.177 1 ERROR nova.virt.libvirt.host [req-9a4357b7-037e-4ac2-9e8c-8505d06f606c - - - - -] Connection to libvirt failed: unable to connect to server at '192.168.56.101:16509': Connection refused | 20:05 |
sdake | fantastic libvirt is in a restart loop | 20:06 |
SiRiuS_ | sdake, can i see the globals.yml and init-runonce ? | 20:07 |
sdake | let me debug for a bit | 20:07 |
sdake | [libvirt] | 20:09 |
sdake | connection_uri = "qemu+tcp://192.168.56.101/system" | 20:09 |
sdake | virt_type = qemu | 20:09 |
SamYaple | sdake: dont set connection_uri | 20:09 |
sdake | SiRiuS_ what does your file /etc/kolla/nova/nova.conf contain | 20:09 |
SamYaple | it should get set properly | 20:09 |
sdake | i am not setting it | 20:09 |
SamYaple | oh ok | 20:09 |
sdake | that is what is in /etc/kolla/nova/nova.conf | 20:10 |
sdake | SamYaple shouldn't that be set to the haproxy ip? | 20:10 |
*** vhosakot has joined #kolla | 20:10 | |
SamYaple | sdake: no | 20:11 |
sdake | SiRiuS_ http://paste.fedoraproject.org/343126/85047251/ -> http://paste.fedoraproject.org/343126/85047251 | 20:12 |
sdake | SamYaple so its a SPOF? | 20:12 |
sdake | well ya i guess libvirt would be | 20:12 |
sdake | nm | 20:12 |
SamYaple | sdake: is a compute node a SPOF? | 20:12 |
SiRiuS_ | [libvirt] | 20:12 |
SamYaple | yea | 20:12 |
SiRiuS_ | connection_uri = "qemu+tcp://172.28.128.3/system" | 20:12 |
SiRiuS_ | virt_type = qemu | 20:12 |
SiRiuS_ | looks good sdake | 20:13 |
sdake | ya well libvirt is in a restart loop - no idea why | 20:13 |
sdake | because we have no libvirt logging | 20:13 |
* sdake groans | 20:13 | |
sdake | is .3 yoru eth1? | 20:14 |
SiRiuS_ | yup | 20:14 |
sdake | i wonder why my system is choosing 101 | 20:14 |
SiRiuS_ | you had Host-Networking set up with DHCP giving address from 101 up | 20:15 |
SiRiuS_ | *Host-only Networking | 20:15 |
SiRiuS_ | mine is the default | 20:15 |
SamYaple | sdake: we have libvirt logging | 20:15 |
sdake | my ip address is not 101 | 20:15 |
sdake | http://paste.fedoraproject.org/343129/58504960/ -> http://paste.fedoraproject.org/343129/58504960 | 20:16 |
SiRiuS_ | inet 192.168.56.101 netmask 255.255.255.0 broadcast 192.168.56.255 | 20:16 |
SiRiuS_ | it says 101 | 20:16 |
sdake | oh right | 20:17 |
sdake | brain not woring well today it appears ;) | 20:17 |
SamYaple | btw sdake if you have a domain and want a cert for free https://hub.docker.com/r/samyaple/letsencrypt/ | 20:17 |
sdake | SamYaple where are the libvirt logs located | 20:18 |
sdake | I dont' see anything in the heka container | 20:18 |
SamYaple | in libvirt container | 20:18 |
SamYaple | we havent moved them yet | 20:18 |
sdake | right which is in a restart loop | 20:18 |
SiRiuS_ | sdake, by the way, because eth1 is a Host-only adapter, you can connect directly to IPs in the network 192.168.56.0/24 | 20:18 |
SiRiuS_ | try and ping 192.168.56.101 from your host | 20:18 |
SamYaple | get to them through /var/lib/docker sdake | 20:18 |
sdake | good idea sam | 20:19 |
sdake | 2016-03-20 19:57:51.454+0000: 10137: error : virPidFileAcquirePath:422 : Failed to acquire pid file '/var/run/libvirtd.pid': Resource temporarily unavailable | 20:19 |
sdake | well I wont even metnion what just happened | 20:20 |
*** achanda has quit IRC | 20:21 | |
SiRiuS_ | sdake, did you run out of free space ? :) | 20:22 |
SamYaple | sdake: is libvirtd runing in the vm already | 20:22 |
sdake | no i had libvirtd runnnig in my vm | 20:22 |
SamYaple | lol | 20:22 |
sdake | yah funny huh :) | 20:22 |
SamYaple | prechecks! | 20:22 |
sdake | i typically turn that off first step ;) | 20:23 |
sdake | but i mad ehtis vm several weeks ago | 20:23 |
SiRiuS_ | sdake, :D told you to start fresh :) | 20:23 |
*** achanda has joined #kolla | 20:24 | |
sdake | 7 minutes until deploy :) | 20:24 |
sdake | i'm so excited tho that going to be able to develop on a laptop | 20:25 |
SamYaple | i got an accout with dreamhost today | 20:25 |
sdake | who the hell knows when my lab will be back in order | 20:25 |
SamYaple | im goign to start doing the blog thing | 20:25 |
sdake | i use wordpress.com | 20:25 |
sdake | but they are all likely teh same | 20:25 |
SamYaple | this is using wordpress too | 20:25 |
SamYaple | but its more than that | 20:25 |
SamYaple | i got it because ayoung recommended it | 20:26 |
sdake | ya blogging helpful to share your thoughts with people and create a record | 20:26 |
ayoung | SamYaple, you on Twitter? | 20:26 |
SamYaple | ayoung: no | 20:26 |
SamYaple | its more "i dont rememebr how i fixed that a year ago" | 20:26 |
ayoung | SamYaple, Ok, was going to point people at it, to include the Dreamhost folks | 20:26 |
sdake | twitter is powerful if you know how to use it | 20:26 |
ayoung | sdake, I think he meant the blog... | 20:27 |
SamYaple | ayoung: i dont know how to twitter or facebook or social media | 20:27 |
ayoung | sdake, I was watching some of your old Heat presentations... | 20:27 |
sdake | my wife is a twitter pro | 20:27 |
sdake | ayoung learn anything old ? :) | 20:27 |
ayoung | sdake, heh...well, one question for you | 20:27 |
sdake | sure | 20:27 |
ayoung | how do I update a stack after deploy? | 20:27 |
ayoung | like, say I want to ship a new policy file out to all the keystone servers? | 20:28 |
ayoung | does Heat support that? | 20:28 |
sdake | no idea - update came after I left the project | 20:28 |
sdake | or a working implementation atlaets | 20:28 |
sdake | shardy is your go to on that one | 20:28 |
ayoung | Yeah, I'll bug him...but I have the same question on Kolla | 20:28 |
SamYaple | ayoung: i saw that ML thread | 20:28 |
sdake | ayoung you use reconfigure | 20:29 |
ayoung | What happens if we want to publish a newe Policy file? Does that mean we need new containers? | 20:29 |
SamYaple | ayoung: so basically we dont have a way to tweak policy file right now, but the infrastructure is there to do so | 20:29 |
sdake | policy files are not yet configurable | 20:29 |
SamYaple | ayoung: no, just container restart WHEN we configure them | 20:29 |
ayoung | Cool. And how about the notification when something changes in Keystone? | 20:29 |
SamYaple | ayoung: come newton release all of the paste/policy type files will be configurable, and then its just a container restart to do what you want | 20:29 |
SamYaple | that is a bit trickier | 20:30 |
sdake | ayoung i don't understand your last question | 20:30 |
SamYaple | because we dont have a deploy service always running it would be up to the deployer to run a reconfigure task | 20:30 |
ayoung | sdake, ok, flow is somethning like this | 20:30 |
ayoung | I upload a new policy file to Keystone...no change yet | 20:30 |
SamYaple | so technically keystone could trigger this task, but thats on the deploy to setup | 20:30 |
ayoung | then, I associate that new policy file with glance. Now I want to update all the glance servers with the new policy file | 20:31 |
ayoung | I can have Keystone send out a notification "policy for glance has changed" | 20:31 |
ayoung | but who would listen for it (besides ceilometer that listens to everythigng) and make it happen? | 20:31 |
sdake | ayoung I see - we dont have a daemon listening for oslo notifications at this time | 20:32 |
sdake | but i'm sure its pretty easy to write - the issue is having a daemon running | 20:32 |
ayoung | dake, so, I think that we are going to end up with Kolla as the Overcloud layer for Tripleo. I might push for it being the responsibility of the undercloud Heat server to do this | 20:32 |
sdake | we haven't quite figured out the use cases for all that yet | 20:32 |
ayoung | sdake, Kolla has no daemon at all, right? | 20:33 |
sdake | ayoung no daemon | 20:33 |
sdake | people have tried to add one in the past | 20:33 |
ayoung | sdake, So we could write a simple Keystone listener that does that. There have been requests for something like that for autoprovisioning as well, but it sounds like Mistral is supposed to be the workflow kickoff thing... | 20:33 |
sdake | but i think they didn't have a clear set of use cases of what the rest api should look like and how it should be secured | 20:33 |
*** achanda has quit IRC | 20:34 | |
sdake | that creates a bit of a circular dep on keystone triggering kolla-ansible | 20:34 |
*** dwalsh has joined #kolla | 20:34 | |
sdake | the right place for it is in kolla-ansible via a rest api | 20:35 |
sdake | but to date, no rest api exists | 20:35 |
ayoung | sdake, Well, Kolla could drive the initial setup, and then respond to notifications later | 20:35 |
ayoung | I don;t think is should | 20:35 |
sdake | rather not kolla-ansible | 20:35 |
sdake | but kolla i mean | 20:35 |
ayoung | We should push RH to Open up Tower and let that be the Ansible daemon | 20:35 |
ayoung | I am sure that is coming | 20:35 |
sdake | I think its wierd to have keystone run kolla commands :) | 20:35 |
ayoung | Heh | 20:35 |
sdake | ayoung i've pushed red hat around enough already :) | 20:36 |
ayoung | more like Kolla respond to Keystone notifications, but yeah | 20:36 |
sdake | ya that would be good, but then we are back at the kolla needs a a rest api discussion | 20:36 |
sdake | here is the thing about a rest api | 20:36 |
ayoung | sdake, I would be really surprised if an Open version of Tower was not announced at the RH summit | 20:36 |
sdake | we dont want to make one unless there is a legitimate need | 20:36 |
sdake | i think there is a need | 20:37 |
sdake | others dont | 20:37 |
sdake | its up in the air atm | 20:37 |
ayoung | Agreed, and I don;t think we need one. But something listening to Keystone notifications that can then make ansible calls ... sounds like Heat business to me | 20:37 |
sdake | you can't make ansible calls from python code | 20:37 |
ayoung | Of couirse I can. I do it all the time | 20:37 |
sdake | it viralizes the code base with gplv3 | 20:37 |
sdake | it has to be run as a subprocess | 20:37 |
ayoung | Nah, popen is just fine | 20:38 |
ayoung | agreed | 20:38 |
sdake | right popen is accceptable | 20:38 |
sdake | i thought you meant import ansible | 20:38 |
ayoung | I personally have no problem with gplv3. This would be a stand alone listener. | 20:38 |
ayoung | EIther way would work | 20:38 |
ayoung | OK, so the piece I need Kolla to tell me is: if I trigger a policy update, here is what you do... | 20:39 |
ayoung | and then I get Heat to kick that off in the Tripleo-Kolla future I envision | 20:40 |
sdake | i suppose we would send a notification of either policy updates were successful or failed | 20:42 |
sdake | a reconfigure can take about 1-2 minutes on bare metal | 20:42 |
sdake | real1m6.037s | 20:42 |
sdake | reconfigure in a vm | 20:42 |
sdake | so its not immediate - have to wait for a response | 20:42 |
sdake | i wrote the oslo port for heat | 20:43 |
SamYaple | sdake: yaple.net | 20:43 |
sdake | so i understand how notifications work | 20:43 |
SamYaple | first post ^ | 20:43 |
*** vhosakot has quit IRC | 20:44 | |
sdake | SamYaple nice recommend deleting your hello world post ;) | 20:44 |
SamYaple | i was thinking of leaving it | 20:44 |
SamYaple | i specifcally talk about the way of ceph bootstraping with external journals fyi | 20:45 |
sdake | the post before that one | 20:46 |
sdake | you have two posts in your blog | 20:46 |
SamYaple | i know | 20:46 |
SamYaple | i was thinking of leaving the default one | 20:46 |
sdake | i see | 20:46 |
sdake | well whatever works :) | 20:46 |
SiRiuS_ | sdake, any update on the status of the deployment ? | 20:47 |
SamYaple | even after typing up the steps, its crazy how few there are | 20:47 |
*** TheBall has joined #kolla | 20:48 | |
ayoung | Nah, drop the Hello world post SamYaple it makes you look like a Muggle | 20:48 |
SiRiuS_ | SamYaple, I think I fount a bug in globals.yml related to ceph | 20:49 |
SiRiuS_ | SamYaple, ceph_use_cache: "yes" instead of ceph_enable_cache: "yes" | 20:50 |
SamYaple | no post is going to tell me what to do ayoung! | 20:50 |
SamYaple | SiRiuS_: thats patched already | 20:50 |
SiRiuS_ | oh | 20:50 |
SiRiuS_ | ok, I haven't updated | 20:50 |
SamYaple | fine ayoung youve twisted my arm | 20:50 |
*** The_Ball has quit IRC | 20:51 | |
ayoung | SamYaple, So I have been using a plugin for code that I like | 20:53 |
ayoung | you are going to want soemthing for code samples | 20:53 |
SamYaple | that is a plugin | 20:53 |
SamYaple | syntaxhighlighter | 20:53 |
SamYaple | is hte name of it | 20:53 |
ayoung | Syntax Highlighter and Code Prettifier Plugin for WordPress | 20:53 |
ayoung | yep | 20:53 |
SamYaple | yea im using that there | 20:54 |
* SamYaple is not a web guy at all..... | 20:54 | |
ayoung | Sam so, if you are using that one, the way I do it is (in text view) <pre class="brush:bash"> stuff </pre> | 20:55 |
ayoung | Your might be better integrated... | 20:55 |
SamYaple | i did something. i did <pre>[bash]bash code[/bash]</pre> | 20:56 |
SamYaple | it has other languages too | 20:56 |
ayoung | Nice | 20:56 |
SamYaple | the [bash] block i wrote out and it just translates it it appears | 20:56 |
*** sdake has quit IRC | 20:56 | |
ayoung | SamYaple, the one gotcha I have found is that I often need to replace < and > inside the code with < and > | 20:57 |
SamYaple | ayoung: let me test that | 20:57 |
SamYaple | well no ayoung i have => in the ansible blocks | 20:58 |
SamYaple | it rendered fine | 20:58 |
ayoung | SamYaple, Yeah, it is not an all the time thing. It is more the < that messes up the rendering, but you will catch it in preview | 20:58 |
SamYaple | gotcha | 20:58 |
SamYaple | will watch out for it | 20:59 |
*** sdake has joined #kolla | 21:12 | |
sdake | SiRiuS_ my instance build timed out | 21:12 |
sdake | ayoung maybe I don't get it, but why bother having an under and overcloud | 21:14 |
sdake | why not just one cloud - two layers seems more complex and prone to failure | 21:14 |
ayoung | sdake, I was not part of that decision | 21:14 |
ayoung | sdake, however, I think the idea is that you need something to manage the cluster of hardware, separate from the services running on it. And Ironic was that. | 21:15 |
SamYaple | ayoung: excuses excuses | 21:15 |
SiRiuS_ | sdake, what do you mean by instance build? nova VMs ? | 21:15 |
sdake | i think ironic can be made to run in one cloud | 21:15 |
ayoung | Since the services running the undercloud are not exposed to end users, there is less pressure to keep them up-to-date security wise...you can fix them at a different cycle | 21:15 |
sdake | SiRiuS_ yes | 21:16 |
ayoung | sdake, what I would love to see is Tripleo supporting multiple overclouds on a single undercloud. Then the whole thing would make a lot more sense to me | 21:16 |
SiRiuS_ | sdake, weird, I never had trouble with nova | 21:16 |
SamYaple | ayoung: agree there | 21:17 |
SiRiuS_ | can you please upload globals.yml and init-runonce | 21:17 |
ayoung | And I would love the OverCloud to be Kolla. So, I'm going to be pushing for that | 21:17 |
sdake | i like ironic, and I think it can be made to work in a hybrid mode where it does bare metal deploy for cloud operators | 21:18 |
SiRiuS_ | sdake, did you deploy binary ? | 21:19 |
sdake | yup | 21:19 |
SiRiuS_ | sdake, does horizon work? | 21:20 |
SiRiuS_ | on 192.168.56.254 | 21:21 |
sdake | not from my mac | 21:21 |
SiRiuS_ | well, it should work | 21:21 |
SiRiuS_ | can you ping 192.168.56.101 ? | 21:22 |
sdake | SiRiuS_ it works within the vm | 21:22 |
sdake | but not outside the vm | 21:22 |
SiRiuS_ | it should work from the mac as well | 21:22 |
SiRiuS_ | that's the idea behind Host-only networking | 21:22 |
sdake | connectoin refused | 21:23 |
SiRiuS_ | there is something wrong with eth1 | 21:23 |
sdake | possibly a firwall issue | 21:24 |
sdake | turned off firewall - no go | 21:25 |
sdake | i see the vboxnet0 on the host | 21:26 |
SiRiuS_ | i can ping both the VM ip on eth1 and the VIP | 21:26 |
sdake | vboxnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 | 21:27 |
sdake | ether 0a:00:27:00:00:00 | 21:27 |
sdake | inet 192.168.56.1 netmask 0xffffff00 broadcast 192.168.56.255 | 21:27 |
sdake | well with that i can make a good start at the docs for setting up virtualbox | 21:28 |
sdake | sans vagrant | 21:28 |
SiRiuS_ | it looks good | 21:28 |
SiRiuS_ | can you ping 192.168.56.1 | 21:29 |
SiRiuS_ | ? | 21:29 |
sdake | yes and also 101 | 21:29 |
SiRiuS_ | can you ping 192.168.56.254 | 21:29 |
SiRiuS_ | ? | 21:29 |
SiRiuS_ | from the mac | 21:30 |
sdake | i can also ssh into 101 | 21:30 |
sdake | so I dont think the first interface is necessary at all | 21:30 |
sdake | only need the two interfaces | 21:30 |
sdake | eth1 and eth2 | 21:30 |
SiRiuS_ | sdake, you would be wrong :) | 21:30 |
sdake | possible could you expand | 21:30 |
SiRiuS_ | without the first one, you would not have internet inside the VM | 21:30 |
SiRiuS_ | Host-only network is just that | 21:31 |
sdake | no route out huh | 21:31 |
sdake | got it | 21:31 |
SiRiuS_ | "host-only" | 21:31 |
SiRiuS_ | can you ping 192.168.56.254 ? | 21:32 |
sdake | .254 responds to ping | 21:32 |
sdake | 253 does not respond to pign | 21:32 |
SiRiuS_ | well should it? I don't think you should have anything on 253 | 21:33 |
*** dwalsh has quit IRC | 21:33 | |
sdake | nope it shouldn't | 21:33 |
sdake | i didn't expect 254 to respond to ping either | 21:33 |
sdake | since 254 is a vip to haproxy | 21:33 |
SiRiuS_ | 254 attaches to eth1: inet 172.28.128.254/32 scope global eth1 | 21:35 |
SiRiuS_ | run ip addr | 21:35 |
SiRiuS_ | inside the vm | 21:35 |
SiRiuS_ | try to connect to horizon | 21:35 |
SiRiuS_ | 192.168.56.254 in your web browser | 21:36 |
SiRiuS_ | it should work | 21:36 |
sdake | yes i did try that | 21:39 |
sdake | it works inside vm but not on mac host | 21:39 |
sdake | but i turnedoff the firwall, i am going to reboot the vm | 21:40 |
*** rstarmer has joined #kolla | 21:40 | |
sdake | and try a fresh deploy | 21:40 |
SiRiuS_ | so you can ping 192.168.56.254 from the mac but can't connect to horizon on 192.168.56.254 from the mac | 21:40 |
SiRiuS_ | that is not normal | 21:40 |
sdake | right | 21:42 |
sdake | which webbrowser do you use? | 21:42 |
SiRiuS_ | safari | 21:42 |
sdake | i am thinking its the firewall - mcffree endpoint protection | 21:42 |
SiRiuS_ | disable all firewall on hot & VM | 21:43 |
SiRiuS_ | *host | 21:43 |
sdake | ya was the vm firewall | 21:44 |
sdake | doing fresh deploy | 21:44 |
sdake | possibly reason my vm was stuck not starting as well | 21:44 |
SiRiuS_ | probalby | 21:45 |
sdake | when i worked on corosync firewall was problem #1, #2, and #3 in most cases ;) | 21:46 |
SiRiuS_ | remember to disable it not just stop it, because you will probably forget to stop it again after a reboot | 21:47 |
SiRiuS_ | :) | 21:47 |
openstackgerrit | Ryan Hallisey proposed openstack/kolla: Improve openstack-base image for centos binary https://review.openstack.org/295048 | 21:47 |
sdake | ya i alread ydid that | 21:47 |
sdake | SiRiuS_ hae ou tried other deployment tools | 21:50 |
SiRiuS_ | sdake, nope, I looked at the options, and basically kolla was the only one for me, because of docker | 21:51 |
sdake | could you expand on that | 21:52 |
SiRiuS_ | the idea of deploying and then cleaning up sound like the best thing for me | 21:52 |
SiRiuS_ | not dirtying the OS is what I like | 21:53 |
sdake | yup horizon is working from the mac now | 21:53 |
sdake | \o/ | 21:53 |
SiRiuS_ | see if you can crete a nova instance | 21:53 |
sdake | 2016-03-20 21:39:13.749 1 ERROR nova.compute.manager [req-77362aa1-788a-489d-b44d-1d703e6c12d4 6ad2a7a93a664144a43f297262012ac6 33cec6588a1145bb9bd2b66fb8dbf522 - - -] Instance failed network setup after 1 attempt(s) | 21:57 |
sdake | which nova boot operation are you using? | 21:57 |
SiRiuS_ | directly from horizon | 21:57 |
sdake | never done that | 21:58 |
sdake | i dont see a create instance operation | 21:59 |
sdake | nm got it | 21:59 |
*** rstarmer has quit IRC | 22:01 | |
sdake | nope doesn't work from horizon | 22:02 |
*** asalkeld has joined #kolla | 22:05 | |
SiRiuS_ | with the same error ? | 22:05 |
sdake | no it doens't get that far | 22:06 |
sdake | horizon errors out immediately | 22:06 |
sdake | i am going to try booting with heat | 22:06 |
sdake | since sam fixed that and tested it boots there | 22:06 |
SiRiuS_ | what does it say ? | 22:06 |
sdake | not sure i hae to redeploy | 22:06 |
sdake | since its a bootstrap chane | 22:07 |
*** achanda has joined #kolla | 22:07 | |
sdake | bbin10mins | 22:08 |
SamYaple | rhallisey: i commented on your centos-binary openstack-base patch with my oneliner (changed for centos) | 22:11 |
*** vhosakot has joined #kolla | 22:11 | |
sdake | back | 22:17 |
sdake | SamYaple i just tested your patch and stack create fails | 22:19 |
sdake | | steak | 0c26741b-2eaa-4eef-98ff-4faef523fb17 | Authorization failed. | CREATE_FAILED | 2016-03-20T22:02:00 | | 22:20 |
sdake | http://paste.fedoraproject.org/343157/51253414/ -> http://paste.fedoraproject.org/343157/51253414 | 22:22 |
sdake | SamYaple endpoints ^^ | 22:22 |
sdake | nova boot with a --nic net-id= also fails to complete | 22:26 |
*** akwasnie has joined #kolla | 22:26 | |
*** akwasnie has left #kolla | 22:27 | |
SamYaple | sdake: you should probably look into that second one | 22:28 |
SamYaple | but the auth failed seems liek a trust thing | 22:28 |
sdake | [sdake@localhost heat]$ nova boot --image cirros --flavor m1.small --nic net-id=c01aea0d-9c5a-4d0e-8220-2c6ae35fa29e steak | 22:28 |
sdake | ERROR (ConnectFailure): Unable to establish connection to http://192.168.56.254:8774/v2/4d6e71ec5325427ebc9e939bf8959106/servers | 22:28 |
SamYaple | im not using trusts | 22:28 |
sdake | i should look into which second one | 22:28 |
SamYaple | ? | 22:29 |
sdake | the nova boot fails or heat fails | 22:29 |
SamYaple | nova boot | 22:29 |
sdake | ya no idea why that happens | 22:29 |
sdake | i can telnet to the server just fine | 22:29 |
*** Marga_ has quit IRC | 22:30 | |
sdake | nova boot without --nic net-id ends up in failed state as well | 22:31 |
SamYaple | wait without? | 22:32 |
SamYaple | net-id is requied | 22:32 |
SamYaple | oh nvm | 22:32 |
SamYaple | reread | 22:32 |
sdake | nova will boot without --nic netid= | 22:33 |
sdake | but it fails to boot | 22:33 |
sdake | can't allocate networks | 22:33 |
SamYaple | right | 22:33 |
sdake | although you have to dig through the logs to find the one line that says that | 22:34 |
sdake | i dont understand why nova can't fix these basic things | 22:34 |
sdake | you think if tht is what the problem was it woud be reported by nova show | 22:35 |
sdake | but nova boot --nic net-id= completely bombs as well | 22:35 |
sdake | how do you boot a vm SamYaple ? | 22:35 |
SamYaple | here is the command i normally use | 22:36 |
SamYaple | openstack server create --image $(openstack image list | awk '/trusty/ {print $2;exit}') --nic net-id=$(openstack network list | awk '/internal/ {print $2;exit}') --flavor 4 --key-name sam sy-test01 | 22:37 |
sdake | http://paste.fedoraproject.org/343161/14585134/ -> http://paste.fedoraproject.org/343161/14585134 | 22:37 |
sdake | [sdake@localhost heat]$ openstack server create --image cirros --nic net-id=c01aea0d-9c5a-4d0e-8220-2c6ae35fa29e --flavor m1.small steak | 22:39 |
sdake | looks like same story | 22:39 |
sdake | can you paste your openrc? | 22:39 |
SamYaple | sdake im not sure your keystone is working | 22:40 |
SamYaple | can you `openstack token issue` | 22:40 |
sdake | that returns something | 22:40 |
sdake | http://paste.fedoraproject.org/343163/85136821/ -> http://paste.fedoraproject.org/343163/85136821 | 22:41 |
SamYaple | do you have a compute endpoint? | 22:41 |
*** rhallisey has quit IRC | 22:41 | |
sdake | http://paste.fedoraproject.org/343164/13716145/ -> http://paste.fedoraproject.org/343164/13716145 | 22:42 |
sdake | yes admin public and internal | 22:42 |
sdake | i can also telnet to port 8774 | 22:42 |
sdake | and get a reponse back in if i type nonsense | 22:42 |
SamYaple | nova service-list is all good i assume? | 22:43 |
SamYaple | you did the normal trobuleshooting | 22:43 |
SamYaple | 8774 telnet would be from haproxy | 22:43 |
sdake | service list looks good | 22:43 |
sdake | http://paste.fedoraproject.org/343165/51384214/ -> http://paste.fedoraproject.org/343165/51384214 | 22:44 |
sdake | this worked for me last week | 22:44 |
sdake | but i was on bare metal | 22:44 |
sdake | i am in a vm atm | 22:44 |
*** rhallisey has joined #kolla | 22:44 | |
SamYaple | idk man | 22:44 |
*** Marga_ has joined #kolla | 22:46 | |
sdake | http://paste.fedoraproject.org/343166/14585140/ -> http://paste.fedoraproject.org/343166/14585140 | 22:47 |
sdake | check out the end of that log | 22:47 |
SamYaple | yup seems like a rabbitmq issue | 22:50 |
SamYaple | remember the ip has to resolve to the hostname | 22:50 |
SamYaple | not localhost | 22:51 |
SamYaple | if you want to merge this patch it would have caught it..... https://review.openstack.org/#/c/287969/ | 22:51 |
*** Marga_ has quit IRC | 22:51 | |
sdake | so /etc/hosts should resolve localhost to which ip then 254? | 22:51 |
SamYaple | i dont know your schema | 22:52 |
sdake | 254 is my floating ip | 22:52 |
sdake | 56.101 is my management network | 22:52 |
SamYaple | no, your hostname should never resolve to your vip | 22:52 |
sdake | bbi10min | 22:57 |
sdake | with a properly setup /etc/hosts file | 22:57 |
sdake | and hostname | 22:58 |
openstackgerrit | Andrei-Lucian Șerb proposed openstack/kolla: Attach external NIC to a NAT-Network if on Wi-Fi https://review.openstack.org/294340 | 23:03 |
*** sdake has quit IRC | 23:09 | |
openstackgerrit | Sam Yaple proposed openstack/kolla: Update to latest stable versions https://review.openstack.org/295050 | 23:09 |
openstackgerrit | Sam Yaple proposed openstack/kolla: Split versions onto new line https://review.openstack.org/295051 | 23:09 |
openstackgerrit | Andrei-Lucian Șerb proposed openstack/kolla: Attach external NIC to a NAT-Network if on Wi-Fi https://review.openstack.org/294340 | 23:10 |
*** sdake has joined #kolla | 23:11 | |
SiRiuS_ | sdake, I did the modification to the patch | 23:13 |
sdake | SiRiuS_ cool thanks :) | 23:13 |
*** Marga_ has joined #kolla | 23:13 | |
openstackgerrit | Sam Yaple proposed openstack/kolla: Update version pins for mitaka https://review.openstack.org/295052 | 23:17 |
*** vhosakot has quit IRC | 23:17 | |
*** Marga_ has quit IRC | 23:20 | |
*** Marga_ has joined #kolla | 23:21 | |
sdake | SamYaple this is with my hostname set | 23:22 |
sdake | http://paste.fedoraproject.org/343174/45851615/ -> http://paste.fedoraproject.org/343174/45851615 | 23:22 |
sdake | rabbitmq doesn't have much interesting in the way of logs | 23:22 |
openstackgerrit | Sam Yaple proposed openstack/kolla: Update version pins for mitaka https://review.openstack.org/295052 | 23:23 |
openstackgerrit | Sam Yaple proposed openstack/kolla: Split versions onto new line https://review.openstack.org/295051 | 23:23 |
*** alisonh has quit IRC | 23:38 | |
sdake | SiRiuS_ which distro are you on | 23:41 |
*** dave-mcc_ has joined #kolla | 23:41 | |
SiRiuS_ | centos 7 | 23:41 |
sdake | source or binary ? | 23:41 |
SiRiuS_ | source | 23:41 |
*** alisonh has joined #kolla | 23:42 | |
sdake | what is in your /etc/hosts file | 23:43 |
*** dave-mccowan has joined #kolla | 23:43 | |
SiRiuS_ | sdake, http://paste.openstack.org/show/491216/ | 23:44 |
sdake | what about when you did a manual setup? | 23:45 |
sdake | do you recall? | 23:45 |
*** vhosakot has joined #kolla | 23:45 | |
sdake | can you paste our ifconfig? | 23:45 |
sdake | fpaste /etc/ifconfig | 23:45 |
sdake | rather | 23:45 |
sdake | ifconfig | fpaste | 23:45 |
*** dave-mcc_ has quit IRC | 23:46 | |
SiRiuS_ | sdake, http://paste.fedoraproject.org/343179/14585180/ -> http://paste.fedoraproject.org/343179/14585180 | 23:53 |
sdake | SiRiuS_ can you paste your openrc plz | 23:58 |
SiRiuS_ | sdake, I didn't touch /etc/hosts when I did manual setup, iirc | 23:58 |
SiRiuS_ | http://paste.fedoraproject.org/343181/58518357/ -> http://paste.fedoraproject.org/343181/58518357 | 23:59 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!