Tuesday, 2015-06-23

*** markvoelker has joined #openstack-ansible		00:00
*** darrenc_afk is now known as darrenc		00:20
*** abitha has quit IRC		00:24
*** stevemar has joined #openstack-ansible		01:19
*** JRobinson__ has joined #openstack-ansible		01:22
*** sdake has joined #openstack-ansible		01:24
*** davidself has joined #openstack-ansible		01:25
*** dkalleg has quit IRC		01:27
*** sdake_ has joined #openstack-ansible		01:27
*** sdake has quit IRC		01:31
*** georgem1 has joined #openstack-ansible		01:36
*** javeriak has quit IRC		01:40
*** sdake_ has quit IRC		01:58
*** sdake has joined #openstack-ansible		01:58
*** javeriak has joined #openstack-ansible		02:05
*** tlian has joined #openstack-ansible		02:07
*** sdake has quit IRC		02:07
*** javeriak has quit IRC		02:23
*** javeriak has joined #openstack-ansible		02:32
*** javeriak has quit IRC		02:35
*** annashen has joined #openstack-ansible		02:42
openstackgerrit	Miguel Grinberg proposed stackforge/os-ansible-deployment: Support SSL certs for Keystone https://review.openstack.org/194474	02:48
openstackgerrit	Miguel Grinberg proposed stackforge/os-ansible-deployment: Support SSL certs for Keystone https://review.openstack.org/194474	02:51
*** tlian has quit IRC		03:16
*** tlian has joined #openstack-ansible		03:17
*** annashen has quit IRC		03:19
*** sdake has joined #openstack-ansible		03:25
*** sdake_ has joined #openstack-ansible		03:27
*** sdake has quit IRC		03:31
*** sdake__ has joined #openstack-ansible		03:31
*** sdake_ has quit IRC		03:35
*** tlian has quit IRC		03:44
*** abitha has joined #openstack-ansible		03:54
*** georgem1 has quit IRC		03:59
*** andreb has joined #openstack-ansible		04:01
*** JRobinson__ is now known as JRobinson__afk		04:03
andreb	stevelle : you around ?	04:05
stevelle	yes	04:05
stevelle	welcome	04:05
andreb	stevelle: any idea what the costing for support is ?	04:06
stevelle	no idea	04:06
andreb	stevelle : ok... i am going over some docs from the rackspace site and teh stuff you shared with me earlier... going to see if i can get a full understanding of it all... if not i hope i can find a vendor out there that is not going to screw me over with charges to do a setup and training	04:07
stevelle	andreb: good plan	04:09
andreb	stevelle : the dell reps in my country are off that list :(	04:10
andreb	stevelle : thanks for all the help so far :)	04:16
stevelle	yeah, hope you figure something out	04:17
andreb	stevelle : i will reading some docs now... and also searching for a vendor that does installs and training	04:18
*** abitha has quit IRC		04:18
*** sdake__ has quit IRC		04:24
*** JRobinson__afk is now known as JRobinson__		04:28
*** andreb has quit IRC		04:29
*** bcoca has quit IRC		04:45
*** jmccrory has quit IRC		05:15
*** jmccrory has joined #openstack-ansible		05:16
*** OldCrowEW has joined #openstack-ansible		05:28
OldCrowEW	hello	05:29
*** fawadkhaliq has joined #openstack-ansible		05:38
*** shausy has joined #openstack-ansible		05:53
*** stevemar has quit IRC		05:54
*** stevemar has joined #openstack-ansible		05:54
openstackgerrit	Steve Lewis proposed stackforge/os-ansible-deployment: Config memcached connections limit and threads https://review.openstack.org/194499	05:57
*** JRobinson__ has quit IRC		05:59
*** annashen has joined #openstack-ansible		06:01
stevelle	Hello OldCrowEW	06:04
OldCrowEW	hi	06:04
OldCrowEW	hows it going?	06:04
stevelle	fair I guess. about time for me to depart though	06:04
OldCrowEW	i figured everyone was sleeping	06:04
OldCrowEW	have a good night? :)	06:04
stevelle	we should have some of the folks in here become active in the next two hours or so	06:05
OldCrowEW	oh, cool	06:05
OldCrowEW	i'll be around	06:05
stevelle	I figured out what I was doing wrong, so yeah it went ok	06:05
OldCrowEW	i am just updating all of my images to use the local repos i setup	06:05
stevelle	how are things for you?	06:05
OldCrowEW	pretty good	06:06
OldCrowEW	wish i understood openstack dns better	06:06
stevelle	as in designate?	06:06
OldCrowEW	yup	06:07
OldCrowEW	i am in that channel but no one appears to be around	06:07
OldCrowEW	i dont really want to pull the "hi i'm new, answer all my questions"	06:08
OldCrowEW	i'll lurk for a bit	06:08
stevelle	fair enough. I don't know it	06:08
stevelle	of it, but that's all	06:08
OldCrowEW	i was hoping it behaved like AWS	06:08
OldCrowEW	not sure that it does or doesnt at this point :D	06:08
stevelle	I won't speculate, but if it worked like Route53 that would be pretty nice	06:09
*** stevemar2 has joined #openstack-ansible		06:10
*** stevemar has quit IRC		06:12
*** stevemar2 is now known as stevemar		06:17
*** markvoelker has quit IRC		06:40
*** javeriak has joined #openstack-ansible		06:41
*** fawadkhaliq has quit IRC		06:55
*** fawadkhaliq has joined #openstack-ansible		06:55
*** annashen has quit IRC		07:16
*** javeriak has quit IRC		07:23
OldCrowEW	agreed.	07:24
*** fawadkhaliq has quit IRC		07:39
*** markvoelker has joined #openstack-ansible		07:41
*** stevemar has quit IRC		07:43
*** fawadkhaliq has joined #openstack-ansible		07:44
*** markvoelker has quit IRC		07:46
*** persia has quit IRC		07:53
*** persia has joined #openstack-ansible		07:53
*** persia has quit IRC		07:53
*** persia has joined #openstack-ansible		07:53
*** vdo_ has joined #openstack-ansible		08:00
evrardjp	good morning everyone	08:08
svg	hi evrardjp	08:08
svg	how's it going	08:08
evrardjp	atm everything is fine :) and for you?	08:09
svg	still struggling with dozens of issues	08:09
svg	I take it you didn;t start deploying osad yet?	08:10
evrardjp	I'm configuring OSAD	08:10
evrardjp	we have an ipv6 issue right now	08:11
evrardjp	again	08:11
evrardjp	but we should have the first part of the playbook runs today	08:11
svg	omg, I wouldn't even think of trying ipv6 too	08:11
evrardjp	:)	08:11
*** shausy has quit IRC		08:20
*** shausy has joined #openstack-ansible		08:20
vincent_vdk	evrardjp: living on the wild side..	08:25
evrardjp	:)	08:26
*** shausy has quit IRC		08:34
svg	vincent_vdk: what are you doing here, you renegade	08:38
*** markvoelker has joined #openstack-ansible		09:17
*** shausy has joined #openstack-ansible		09:18
*** OldCrowEW has quit IRC		09:20
*** markvoelker has quit IRC		09:22
odyssey4me	lol	09:24
*** mancdaz has quit IRC		09:25
*** mancdaz has joined #openstack-ansible		09:25
*** OldCrowEW has joined #openstack-ansible		09:44
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Add Keystone SSL key/cert generation & distribution https://review.openstack.org/194474	10:01
*** ctgriffiths_ has quit IRC		10:05
*** ctgriffiths has joined #openstack-ansible		10:05
*** fawadkhaliq has quit IRC		10:15
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: [WIP] Keystone idp configuration https://review.openstack.org/194259	10:25
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: [WIP] Keystone SP configuration https://review.openstack.org/194395	10:34
evrardjp	hey odyssey4me: the 194474... is there a reason why self generated certificates are hardcoded to be from Texas? ;)	10:35
odyssey4me	evrardjp existing convention, really... self-signed certs are not expected to be used for anything other than testing	10:36
*** OldCrowEW has quit IRC		10:36
evrardjp	True	10:36
odyssey4me	evrardjp we really need to revise all the SSL stuff to implement SSL offloading on haproxy instead of at Apache	10:37
odyssey4me	that would be more production-like... at least for us where we do the SSL offloading on the f5 load balancers	10:37
*** vdo_ is now known as vdo		10:58
*** markvoelker has joined #openstack-ansible		11:06
*** markvoelker has quit IRC		11:11
*** sdake has joined #openstack-ansible		11:46
*** sdake_ has joined #openstack-ansible		11:47
*** sdake has quit IRC		11:50
*** sdake_ has quit IRC		11:54
*** fawadkhaliq has joined #openstack-ansible		11:57
evrardjp	odyssey4me: I completely agree on this, although I understand the use case to have SSL everywhere, having for example EV certificates on load balancers, and self-signed everywhere else local	11:57
odyssey4me	evrardjp self-signed certs give you absolutely no security - what is the point?	11:58
odyssey4me	the only option for internally signed certs would be to have an internal CA and issue certs from there - that makes more sense	11:59
evrardjp	I'm not sure to get what you mean... self-signed aren't validated so it's not secure but it seems it's not inherently insecure: you still encrypt what's going over the wire, to the end component...	12:02
evrardjp	BTW, I though with an internal CA, not really self-signed standalones...	12:03
evrardjp	I meant not validated by an external provider	12:03
evrardjp	if it's your CA, you're still signing them yourself ... (Sorry if english is not my mother tongue, I don't subtilities)	12:04
odyssey4me	evrardjp if you're using self-signed certs, what prevents someone impersonating the server and thereby gaining the credentials?	12:05
*** markvoelker has joined #openstack-ansible		12:05
odyssey4me	if you're using an internal CA which is on another server, then you still have a chain of trust in order to verify that the server is who they say they are.	12:06
evrardjp	that's true, but it also mean you have other problems... Eavesdropping is doable when you don't have encryption, without impersonating the server. If you impersonate the server, that's a complete different story, that's about the complete chain of trust	12:06
evrardjp	I agree with you	12:06
odyssey4me	evrardjp so I prefer to take the approach of coming from the outside and coming in - start at the edge, get that right, then work your way in	12:08
*** willemgf has joined #openstack-ansible		12:09
odyssey4me	but yeah, we don't have the haproxy ssl offloading right, nor do we have the apache ssl bits done well... and we should really start with getting the keystone bits right - that's where the primary need for encryption is as that traffic holds the keys to the kingdom	12:09
evrardjp	indeed	12:10
evrardjp	what's the relative priorities on these items	12:10
evrardjp	first haproxy ssl offloading?	12:10
odyssey4me	within the project thus far, haproxy is used for dev/test only	12:11
evrardjp	yeah I read that... my question was wrongly written	12:11
odyssey4me	so I expect that perhaps we should get keystone ssl right first	12:11
odyssey4me	the haproxy setup could do with an overhaul by someone who's interested in using it for production	12:12
odyssey4me	or at least for some sort of long-lived cluster, not necessarily for anything too serious	12:12
evrardjp	so a summary: keystone > apache ssl bits > haproxy (if someone wants it in prod)	12:12
odyssey4me	evrardjp simply, keystone's apache ssl bits > haproxy ssl offloading for anyone who cares	12:14
evrardjp	:)	12:14
evrardjp	Are there other hardware load-balancer vendors than f5 looking for integration in OSAD?	12:15
evrardjp	I guess rackspace did the f5 integration	12:16
evrardjp	Maybe vendors are willing to do it too...	12:16
odyssey4me	evrardjp no offers just yet - it's still early days though	12:17
evrardjp	ok thanks for all that info	12:18
odyssey4me	evrardjp of course you can quite capably improve the ssl bits :)	12:20
evrardjp	Yeah I brought the contributor's agreement on the topic today to my management	12:20
evrardjp	if we look into the ssl things, we'll also look at haproxy first	12:22
odyssey4me	evrardjp either way works :)	12:22
odyssey4me	is there resistance to the CLA in your work environment?	12:23
*** fawadkhaliq has quit IRC		12:32
evrardjp	not the CLA particularily, just needs to go through our legal unit (which is a bottleneck atm)	12:43
evrardjp	should it?	12:43
evrardjp	I mean, did you experience resistance to the CLA in the past?	12:44
odyssey4me	evrardjp it shouldn't - the CLA just basically says that things you contribute to the project are not something you can try and sue anyone for later - essentially if you contribute IP, the IP is part of the public domain and no longer yours	12:45
odyssey4me	it should only incur resistance if you materially produce patentable IP every day - and I do question any patents registered in operations software these days	12:45
evrardjp	:)	12:46
evrardjp	Yeah, that's what I also thought	12:47
odyssey4me	fyi hughsaunders the log file you're looking for is /var/log/shibboleth/shibd.log and if the xml files are changed, the shibd service needs to be restarted to pick up the changes	12:47
evrardjp	I didn't read the paper so I was curious when you mentionned resistance	12:47
odyssey4me	evrardjp I was just wondering why it was taking so long :)	12:47
*** jwagner is now known as jwagner_away		12:52
cloudnull	Morning	12:55
evrardjp	good morning cloudnull	12:56
cloudnull	How goes it?	12:56
cloudnull	Svg did you ever get the token issues resolved ? (Too many sql connections) ?	12:57
* cloudnull was rather occupied yesterday and didn't check back with you , sorry.		12:58
svg	I changed the config to mysql backend, but since then we again had several issues - testing a heat deploy that went well with memcached tokens + everything up, nof miserably failss	12:58
svg	to the point we can't manage to delete the stacks	12:59
svg	so far not sure what the causing issue is now..	12:59
cloudnull	Is it an api error?	13:00
cloudnull	Or something else?	13:01
svg	client side point of view, no errors, pretty much 50% of the stacks end in a fail status	13:01
svg	so far I haven't been able to pinpoint something specific that caused it	13:01
svg	coworker told me there were some amqp issues, and he couldnt restart the rabbit, had to force kill it....	13:02
svg	all in all this is getting frustrating over here I'm afraid	13:02
cloudnull	I'd imagine.	13:02
*** davidself has quit IRC		13:03
cloudnull	Miguelgrinberg has worked a lot with heat , when he wakes up maybe he can help if you've not nailed it down by then.	13:04
svg	So far we still didn;t manage to get an agreement for support, but Kevin is doing a bit of suppor tby mail for now	13:05
svg	He suggested it wasn't a good idea to try running the kilo release, and that we should stick to the better tested juno/10/rpc stack	13:05
svg	Do you have thoughts on that?	13:05
*** tlian has joined #openstack-ansible		13:06
cloudnull	Rax support doesn't run kilo yet.	13:06
*** yaya has joined #openstack-ansible		13:06
cloudnull	They need to train everyone up before they ad a new product.	13:07
svg	sure	13:08
cloudnull	From a tested / stability standpoint IMO kilo is where you should be. But others might have thoughts on that.	13:08
svg	ok	13:08
cloudnull	The memcached tokens thing is a problem though. And we've redoubled our efforts on fernet.	13:17
*** KLevenstein has joined #openstack-ansible		13:17
svg	Yes, I noticed that, thanks for that.	13:17
cloudnull	In kilo you could run fernet , just like you can run sql, you can cherry pick the review from master to enable the functionality in the roles. But most of the big players are switching over to it. Due to the endless issues with the other drivers.	13:17
cloudnull	However that wouldn't be tested at this point.	13:17
svg	might be an alternate path here and now, ut yes, perhaps too soon	13:17
*** openstack has quit IRC		13:17
*** openstack has joined #openstack-ansible		13:20
*** yaya has quit IRC		13:25
cloudnull	It's exactly what you have now with the change to sql.	13:25
*** sdake_ has joined #openstack-ansible		13:32
*** fawadkhaliq has joined #openstack-ansible		13:33
svg	ah	13:36
*** fawadkhaliq has quit IRC		13:39
*** yaya has joined #openstack-ansible		13:49
*** willemgf has quit IRC		14:02
*** sigmavirus24_awa is now known as sigmavirus24		14:07
*** jmccrory has quit IRC		14:10
*** jmccrory has joined #openstack-ansible		14:11
*** sdake_ has quit IRC		14:12
openstackgerrit	git-harry proposed stackforge/os-ansible-deployment: Fix errors when enabling SSL for apache https://review.openstack.org/194672	14:14
*** jrniemijr has joined #openstack-ansible		14:14
*** jwagner_away is now known as jwagner		14:42
*** stevemar has joined #openstack-ansible		14:46
*** sdake has joined #openstack-ansible		14:51
*** alextricity_h has joined #openstack-ansible		14:55
*** galstrom_zzz is now known as galstrom		14:56
*** shausy has quit IRC		15:12
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Add Keystone SSL key/cert generation & distribution https://review.openstack.org/194474	15:21
cloudnull	so this is a new thing in master http://logs.openstack.org/44/193844/4/check/os-ansible-deployment-dsvm-check-commit/b7b622c/console.html#_2015-06-22_23_39_01_753	15:34
cloudnull	it seems there have been changes in tempest / nova v2.1 that we're going to need to account for, luckily that a liberty thing.	15:35
miguelgrinberg	svg: heat problems resolved, or still have trouble?	15:37
cloudnull	^ heat guru =)	15:38
svg	not resolved, but scratched the heat db...	15:40
*** sdake has quit IRC		15:42
svg	though I tried redeploying some stacks, and some go in failed state again	15:43
*** Mudpuppy has joined #openstack-ansible		15:44
svg	so far I just checked the nova logs, but seems they don;t hit that yet	15:44
svg	this started happening just after we changed the keystone token backend from memcache to mysql, so chances are big that is related	15:45
miguelgrinberg	svg: what do the heat logs say?	15:46
svg	I didn't had the chance to check those yet, heading home by train right now	15:47
svg	let me see if I can access that	15:47
miguelgrinberg	any time a stack fails the heat-engine service should say something	15:47
miguelgrinberg	ok	15:47
miguelgrinberg	I suspect if this is token related you may see 401s	15:48
svg	Conflict: Unable to complete operation on subnet 9664e1e1-5efb-494b-b882-3f30da65fb6b. One or more ports have an IP allocation from this subnet.	15:49
svg	but this is from later, after I tried deleting a failed stack	15:50
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource InternalServerError: Request Failed: internal server error while processing your request.	15:52
miguelgrinberg	is there a stack trace on the internal server error?	15:52
miguelgrinberg	actually no, the stack trace is going to be on the other side	15:53
svg	hold on flacky network :)	15:53
miguelgrinberg	does it tell you what resource type gave that error?	15:53
svg	2015-06-23 17:08:15.917 3099 INFO heat.engine.resource [-] CREATE: Port "node1_port" Stack "test-stack1" [e6e5bc1b-dc2b-4da8-b494-2870bbc40163]	15:53
*** fawadkhaliq has joined #openstack-ansible		15:53
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource Traceback (most recent call last):	15:53
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/heat/engine/resource.py", line 489, in _action_recorder	15:53
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource yield	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/heat/engine/resource.py", line 559, in _do_action	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource yield self.action_handler_task(action, args=handler_args)	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/heat/engine/scheduler.py", line 296, in wrapper	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource step = next(subtask)	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/heat/engine/resource.py", line 530, in action_handler_task	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource handler_data = handler(*args)	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/heat/engine/resources/openstack/neutron/port.py", line 279, in handle_create	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource port = self.neutron().create_port({'port': props})['port']	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 99, in with_params	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource ret = self.function(instance, args, *kwargs)	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 507, in create_port	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource return self.post(self.ports_path, body=body)	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 295, in post	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource headers=headers, params=params)	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 208, in do_request	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource self._handle_fault_response(status_code, replybody)	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 182, in _handle_fault_response	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource exception_handler_v20(status_code, des_error_body)	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 67, in exception_handler_v20	15:54
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource status_code=status_code)	15:55
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource InternalServerError: Request Failed: internal server error while processing your request.	15:55
svg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource	15:55
svg	oops	15:55
palendae	Gah	15:55
svg	sorry, that should have been http://paste.ubuntu.com/11762898/	15:55
miguelgrinberg	okay, so neutron returned a 500	15:55
miguelgrinberg	now you need to check the neutron logs :)	15:55
openstackgerrit	Hugh Saunders proposed stackforge/os-ansible-deployment: [WIP] Keystone SP configuration https://review.openstack.org/194395	15:58
svg	I seem to only find errors on the delete operations	15:58
miguelgrinberg	this was specifically on a port creation call	16:00
miguelgrinberg	this call:	16:01
miguelgrinberg	2015-06-23 17:08:15.917 3099 TRACE heat.engine.resource port = self.neutron().create_port({'port': props})['port']	16:01
b3rnard0	we having any bug triaging?	16:01
cloudnull	meeting cloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, mancdaz, dolphm, _shaps_, BjoernT, claco, echiu, dstanek, jwagner	16:02
* dstanek is lurking from my phone		16:02
palendae	Present	16:03
odyssey4me	o/ although mainly lurking :p	16:03
andymccr	o/	16:03
b3rnard0	hello	16:04
sigmavirus24	hi	16:04
*** sdake has joined #openstack-ansible		16:05
cloudnull	so there are only three new items	16:06
cloudnull	fisrt up https://bugs.launchpad.net/openstack-ansible/+bug/1466930	16:06
openstack	Launchpad bug 1466930 in openstack-ansible "Ensure user task happens before LDAP config is in place" [Undecided,New]	16:06
cloudnull	this looks incomplete	16:07
*** Bjoern__ has joined #openstack-ansible		16:08
*** Bjoern__ is now known as BjoernT		16:08
svg	miguelgrinberg: db deadlock : http://paste.ubuntu.com/11762977/	16:08
svg	darn	16:08
BjoernT	even with active/passive load balancing for galera ?	16:08
odyssey4me	cloudnull I would agree. BjoernT may be right that an attribute wasn't set to ensure that stuff was in place.	16:08
cloudnull	this is likely however paui hasn't replied back to BjoernT comment so at this point im inclined to mark it as incomplete.	16:09
cloudnull	or invalid	16:10
andymccr	id go with incomplete	16:11
andymccr	give it a bit for paul to reply then invalid if nothing comes up :)	16:11
BjoernT	which bug are we talking off ?	16:11
cloudnull	https://bugs.launchpad.net/openstack-ansible/+bug/1466930	16:11
openstack	Launchpad bug 1466930 in openstack-ansible "Ensure user task happens before LDAP config is in place" [Undecided,Incomplete]	16:11
BjoernT	thanks	16:12
cloudnull	Next https://bugs.launchpad.net/openstack-ansible/+bug/1467118	16:13
openstack	Launchpad bug 1467118 in openstack-ansible "Missing packages after ./scripts/teardown.sh" [Undecided,New]	16:13
cloudnull	it looks like the issue was an intermitent failure with the "http://ppa.launchpad.net/adiscon/v8-stable/ubuntu/dists/utopic/main/binary-amd64/Packages" repo .	16:13
cloudnull	i think we should just remove that ppa	16:14
cloudnull	in master/kilo we dont need it	16:14
*** Mudpuppy has quit IRC		16:14
odyssey4me	cloudnull I would agree to that - it's an external dependancy which adds no value	16:15
cloudnull	+1	16:15
andymccr	+1	16:16
*** Mudpuppy has joined #openstack-ansible		16:16
andymccr	if its an external dependency adding nothing why is it even there?!	16:16
cloudnull	we had the v8 repo ppa in juno	16:17
cloudnull	it was used for newer versions of rsyslog	16:17
openstackgerrit	Merged stackforge/os-ansible-deployment: Add support for deploying Keystone with Fernet https://review.openstack.org/194194	16:17
andymccr	ahh got you	16:17
cloudnull	which was required for all our old logging bits	16:17
andymccr	yeh i remember	16:17
cloudnull	ok	16:18
cloudnull	triaged to remove that ppa	16:18
cloudnull	Last https://bugs.launchpad.net/openstack-ansible/+bug/1467773	16:19
openstack	Launchpad bug 1467773 in openstack-ansible "python-openstackclient install failed in kilo 11.0.4" [Undecided,New]	16:19
odyssey4me	that looks like it's using the upstream repo sync, and that's missing something	16:20
cloudnull	yea	16:21
*** annashen has joined #openstack-ansible		16:22
cloudnull	it may not be a recent build though, looking at the report http://rpc-repo.rackspace.com/reports/kilo.json	16:22
cloudnull	all of the entries for "oslo.config" are the same ">=1.11.0"	16:22
cloudnull	which includes openstackclient	16:23
cloudnull	so ill ask for more data and to see if a rerun helps.	16:28
andymccr	sounds good - if we can recreate it'd be easy to confirm but we havnt seen that issue on any of the gates?	16:31
odyssey4me	andymccr yeah, the gate builds its own repo - so this is only to do with the sync from rpc-repo	16:31
cloudnull	ok. we;re done here	16:33
cloudnull	unless we want to talk about more things	16:33
odyssey4me	better to add 'more things' to the agenda for thu	16:34
cloudnull	we got time	16:35
cloudnull	theres no need to stand on ceremony :)	16:35
*** daneyon has left #openstack-ansible		16:40
*** fawadk has joined #openstack-ansible		16:42
cloudnull	svg: going back to your deadlocks, is your galera cluster running in all active mode from the lb ?	16:42
*** fawadkhaliq has quit IRC		16:42
miguelgrinberg	cloudnull: svg is offline for about an hour	16:43
cloudnull	if so that'll make neutron very unhappy. in liberty i believe that upstream (liberty) has fixed most of those issus however i dont think those fixes will ever make it back to kilo.	16:44
cloudnull	miguelgrinberg: ah	16:44
miguelgrinberg	cloudnull: absolutely no relation to the token storage changes he's made, right?	16:45
cloudnull	i dont believe so .	16:46
cloudnull	but would explain some of the other issues that have been talked about.	16:46
miguelgrinberg	right	16:48
*** vdo has quit IRC		16:48
cloudnull	what is the channel tempest is developed in ?	16:51
cloudnull	openstack-tempest seems empty	16:51
cloudnull	#openstack-qa im thinking	16:53
palendae	A heads up - http://lists.openstack.org/pipermail/openstack-dev/2015-June/067795.html	16:55
openstackgerrit	Miguel Alejandro Cantu proposed stackforge/os-ansible-deployment: Implement Ceilometer[WIP] https://review.openstack.org/173067	16:56
alextricity_h	Interesting...	16:57
alextricity_h	Might be the reason behind this: + echo 'TEMPEST FAIL scenario heat_api cinder_backup (15 tests)'	16:57
alextricity_h	Ah..nevermindm e	16:59
*** dontalton has joined #openstack-ansible		17:01
*** fawadk has quit IRC		17:06
*** alextricity_h has quit IRC		17:11
openstackgerrit	David Alfano proposed stackforge/os-ansible-deployment: Rename group rpc to openstack https://review.openstack.org/194749	17:13
*** sacharya has joined #openstack-ansible		17:18
*** yaya has quit IRC		17:18
svg	cloudnull: miguelgrinberg should be, but yes, one of the nextthings to check	17:26
svg	though 'deadlock' seems to imply something else	17:26
svg	in the mean time, since all troubles we had and all manual sql cleanups my colleague had to do, it might be frackup too	17:27
svg	so I'm considering retesting from a clean plate	17:27
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: [WIP] Keystone SP configuration https://review.openstack.org/194395	17:29
*** javeriak has joined #openstack-ansible		17:29
odyssey4me	miguelgrinberg ^ I've added some more bits after hughsaunders' work putting together much of what we figured out today. I've begun testing using https://www.testshib.org to give a known working IDP/SP to test against, which you may also wish to do.	17:30
*** dkalleg has joined #openstack-ansible		17:31
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Revert "changed container bind mounts to use abspath" https://review.openstack.org/194759	17:38
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Revert "changed container bind mounts to use abspath" https://review.openstack.org/194760	17:38
cloudnull	guys. these two commits went in and sadly they're breaking the bindmounts for logging.	17:39
cloudnull	example http://logs.openstack.org/74/194474/4/check/os-ansible-deployment-dsvm-check-commit/6c0a1eb/logs/	17:39
cloudnull	we have no gate logs except whats on the host	17:39
cloudnull	and in test lxc accepts the abs path but does not actually bind mount the things.	17:40
cloudnull	so we need to revert those commits with a quickness. :\	17:43
miguelgrinberg	odyssey4me: awesome. I'm now trying to figure out how to do the haproxy bit for Keystone, so that we can have the SSL keystone working on our AIOs.	17:45
*** fawadkhaliq has joined #openstack-ansible		17:54
annashen	anyone knows where can i find sample dynamic inventory scripts mentioned in this page http://docs.ansible.com/intro_dynamic_inventory.html ?	17:55
*** Mudpuppy_ has joined #openstack-ansible		18:05
*** yaya has joined #openstack-ansible		18:05
*** TheIntern has joined #openstack-ansible		18:07
*** Mudpuppy has quit IRC		18:08
cloudnull	annashen: https://github.com/ansible/ansible/tree/devel/plugins/inventory	18:09
cloudnull	thats a large collection of dyn inv scripts	18:09
*** Mudpuppy has joined #openstack-ansible		18:09
annashen	thanks cloudnull!	18:09
cloudnull	anytime	18:09
*** Mudpuppy_ has quit IRC		18:09
cloudnull	odyssey4me: miguelgrinberg: we'll need to upgrade haproxy to 1.5 which will need to come from source or from some other repo .	18:12
*** fawadkhaliq has quit IRC		18:16
*** jwagner is now known as jwagner_away		18:22
jmccrory	Is haproxy 1.5 required for SSL support?	18:28
*** annashen has quit IRC		18:33
*** jwagner_away is now known as jwagner		18:34
cloudnull	yes	18:41
cloudnull	ssl termination didnt land in haproxy until 1.5.x	18:41
cloudnull	version 1.5 : the most featureful version, supports SSL, IPv6, keep-alive, DDoS protection, etc	18:44
cloudnull	version 1.4 : the most stable version for people who don't need SSL. Still provides client-side keep-alive	18:44
cloudnull	from http://www.haproxy.org/	18:44
jmccrory	hmm good to know, working through PCI readiness for next couple months at least...	18:48
cloudnull	that sounds like a lot of fun	18:48
jmccrory	heh a whole lot	18:49
*** KLevenstein has quit IRC		18:59
*** davi8784 has joined #openstack-ansible		18:59
*** TheIntern has quit IRC		19:00
*** davi8784 is now known as TheIntern		19:00
*** yaya has quit IRC		19:03
palendae	PCI is always fun	19:07
sigmavirus24	PCI is more fun than PKI	19:11
sigmavirus24	Just saying	19:11
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Remove the v8 repos because they're not needed https://review.openstack.org/194790	19:12
*** KLevenstein has joined #openstack-ansible		19:13
cloudnull	cores please make these go https://review.openstack.org/#/c/194760/ https://review.openstack.org/#/c/194759/	19:15
palendae	cloudnull: A clarification - this is version 8 of rsyslog, not v8 the runtime?	19:16
*** yaya has joined #openstack-ansible		19:16
cloudnull	yes	19:16
palendae	Ok	19:17
cloudnull	the repo is "v8-stable"	19:17
*** yaya has quit IRC		19:19
sigmavirus24	cloudnull: why are we reverting those?	19:21
*** openstackgerrit has quit IRC		19:21
cloudnull	palendae: its a revert pr i guess we could change the pr commit message.	19:22
*** yaya has joined #openstack-ansible		19:22
*** openstackgerrit has joined #openstack-ansible		19:22
palendae	sigmavirus24: There's a note in the ticket that 'it breaks' :p	19:22
palendae	Er bug, issue...thing	19:22
sigmavirus24	which one?	19:22
palendae	https://bugs.launchpad.net/openstack-ansible/+bug/1462068	19:23
openstack	Launchpad bug 1462068 in openstack-ansible trunk "lxc container create bind mounts should use the full path" [Medium,In progress] - Assigned to Kevin Carter (kevin-carter)	19:23
cloudnull	sigmavirus24: compare http://logs.openstack.org/60/194760/1/check/os-ansible-deployment-dsvm-check-commit/0f191a7/logs/ and http://logs.openstack.org/74/194474/4/check/os-ansible-deployment-dsvm-check-commit/6c0a1eb/logs/	19:23
palendae	But your questions are exactly why I was asking	19:23
cloudnull	the bind mounts are broken	19:23
palendae	Had to go to commit -> reverted commit -> LP	19:23
sigmavirus24	got it	19:23
cloudnull	palendae: thats the commit message generated from the gerrit revert button	19:23
palendae	Ah	19:23
palendae	gfj gerrit	19:23
sigmavirus24	Yeah, it looks like a typically git revert message	19:23
palendae	Oh, yeah, that's bad	19:23
sigmavirus24	+ Change-Id	19:24
sigmavirus24	not going to lie, the gerrit flow has really grown on me	19:24
palendae	Ok, then I'll ignore it	19:24
palendae	Since it's what the tooling does, and wasn't a manual message	19:24
sigmavirus24	Typically git gives you the option to append to the message to	19:24
sigmavirus24	or rewrite it	19:24
sigmavirus24	git revert --no-edit is probably what gerrit is using	19:24
palendae	Probably	19:24
sigmavirus24	or whatever the equivalent is in the JGit bindings	19:24
palendae	Makes it push button	19:24
* sigmavirus24 thinks it's still called JGit		19:25
sigmavirus24	pssst, people should look at https://review.openstack.org/#/c/181007/ because it'll be crucial for our ADFS/Keystone federation work	19:26
stevemar	sigmavirus24, ask in #openstack-keystone :\	19:28
* sigmavirus24 was hoping people here could look at it too		19:28
sigmavirus24	Has a whole bunch of +1s and figured I'd bug our people before bugging the Keystone folk	19:28
sigmavirus24	In case there is something someone picks up on	19:28
sigmavirus24	Just in case	19:28
sigmavirus24	;)	19:28
sigmavirus24	stevemar: I like to outsource the nitpicking to other projects =P	19:29
*** annashen has joined #openstack-ansible		19:34
*** annashen has quit IRC		19:40
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Added a nova.conf option for instance_passwords https://review.openstack.org/194796	19:42
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Updated master to the latest SHAs - 06.20.2015 https://review.openstack.org/193844	19:44
*** sdake has quit IRC		19:54
odyssey4me	sigmavirus24 stevelle miguelgrinberg dolphm dstanek Do you guys know how it is that the exaple/sample config files are generated? (eg: keystone.cfg, etc?)	19:54
sigmavirus24	tox -e genconfig	19:54
odyssey4me	*example	19:54
sigmavirus24	What's up odyssey4me ?	19:54
odyssey4me	sigmavirus24 so it's simply git clone the project, then 'tox -e genconfig' ?	19:55
sigmavirus24	Yessir	19:55
odyssey4me	thanks sigmavirus24 - I'm taking some personal time to look into doing the tunable configs a different way... our vars are growing and getting out of hand - there has to be a better way of catering fo rthe generally obscure and ever-changing options available	19:56
stevelle	odyssey4me: unless it's cinder in which case lol	19:56
odyssey4me	stevelle oh? is that because of all the drivers?	19:57
sigmavirus24	drivers + quotas	19:57
dolphm	odyssey4me: in keystone i think it's tox -e config	19:57
sigmavirus24	the quotas are pretty dynamic	19:57
stevelle	odyssey4me: yes, including postgres	19:57
dolphm	odyssey4me: check the project's tox.ini file	19:57
sigmavirus24	dolphm: why does keystone have to be so unique? =P	19:58
stevelle	can't generate a config file w/o postgres installed	19:58
dolphm	sigmavirus24: i guess ours is genconfig now https://github.com/openstack/keystone/blob/master/tox.ini#L112-L113	19:58
dstanek	dolphm: yeah, it was changed to conform	19:59
sigmavirus24	I bet swift has it as gifnocneg just to stick it to the conformance checker	19:59
cloudnull	odyssey4me: neutron doesnt use the genconfig either.	20:00
cloudnull	all of there example files are created by hand	20:00
odyssey4me	cloudnull sigh	20:00
sigmavirus24	artisinal	20:00
sigmavirus24	glance doesn't exactly use genconfig either	20:00
sigmavirus24	although it exists	20:00
cloudnull	hand crafted config files for the win	20:00
sigmavirus24	kragniz tried to fix that last cycle but there wasn't much attention paid to that effort	20:01
odyssey4me	well, with what I have in mind it won't matter too much - let's see if I can make it go	20:01
cloudnull	i think Sam-I-Am worked on the neutron side too	20:01
cloudnull	tc meeting for bigtent today in #openstack-meeting	20:03
cloudnull	starting now	20:03
*** alextricity_h has joined #openstack-ansible		20:14
*** KLevenstein has quit IRC		20:19
stevemar	dolphm, we changed it to genconfig so we can match up with nova	20:20
stevemar	i had a patch to get the proposal bot to propose new config changes	20:21
dolphm	stevemar: around the same time we switch to oslo-config-generator?	20:21
stevemar	dolphm, no, well after	20:21
openstackgerrit	Merged stackforge/os-ansible-deployment: Revert "changed container bind mounts to use abspath" https://review.openstack.org/194760	20:21
stevemar	early liberty	20:21
stevemar	dolphm, https://review.openstack.org/#/c/177620/	20:21
*** KLevenstein has joined #openstack-ansible		20:21
alextricity_h	Hey, has anybody had any issues with the tempest cinder_backup tests on the AIO? I'm running the gate-check-commit.sh script on my code but recieving this: http://pastebin.com/GPP7JYsP	20:30
alextricity_h	Can somebody take a quick look to see if it looks familiar?	20:31
*** dontalton has quit IRC		20:32
*** dontalton has joined #openstack-ansible		20:33
sigmavirus24	alextricity_h: looking	20:34
alextricity_h	@sigmavirus24 thanks	20:34
*** KLevenstein has quit IRC		20:34
sigmavirus24	alextricity_h: that's weird that it's timing out	20:34
*** yaya has quit IRC		20:35
alextricity_h	hmm..it's just a standard AIO build on a public cloud VM	20:35
alextricity_h	I didn't do anything fancy	20:35
*** jwagner is now known as jwagner_away		20:36
sigmavirus24	What happens if you create a cinder volume from the CLI	20:36
alextricity_h	I created one about 10 min ago. It's stilli in the 'creating' status	20:37
alextricity_h	I'm going to verify my cinder services	20:37
alextricity_h	Nothing significant in the cinder logs :/	20:39
alextricity_h	and the services are up and running	20:39
alextricity_h	Hmm..I don't see my logical volumes being created in the cinder_volumes_container	20:41
odyssey4me	alextricity_h if you're kicking the tires and experimenting, gate-check-commit is not the best tool... it's built for a one-time-run	20:46
alextricity_h	Even after a teardown?	20:46
palendae	I don't think teardown accounts for tempest	20:46
palendae	Also, teardown requires a reboot if you rebuild	20:47
odyssey4me	it's better to clone the repo, checkout the branch/tag, run the bootstrap-aio and bootstrap-ansible scripts... then use run-playbooks to kick off the playbooks	20:47
alextricity_h	odyssey4me I typically run scripts/teardown.sh before running gate-check-commit	20:47
palendae	Because the kernel won't let go of the volume groups	20:47
odyssey4me	teardown does a reasonable job, but you only need to do it if you actually need to destroy everything - and with a cloud server you're better off just rebuilding the cloud server	20:48
alextricity_h	palendae oh i didn't know that. Well right now cinder_volumes_container is showing I have the cinder-volumes volume group, but no logical volmues	20:48
palendae	alextricity_h: Yeah, it gets...weird.	20:48
palendae	I've spent a few hours trying to force the kernel to let go without a reboot, but to no avail	20:48
palendae	So I generally do what odyssey4me just suggested	20:48
odyssey4me	palendae we should probably drop the cloudserver-aio script and change the docs to recommend using this method instead	20:49
alextricity_h	palendae, odyssey4me: I'm seeing this error on the jenkin slaves though. So it must be a problem with the addition of ceilometer	20:49
alextricity_h	I'm also seeing it on my local AIO cloud VM	20:50
palendae	alextricity_h: Is this master?	20:50
alextricity_h	my cloud VM*	20:50
cloudnull	big tent here we come - https://review.openstack.org/#/c/191105/2	20:50
alextricity_h	palendae: i rebased master this morning.	20:50
alextricity_h	so yes	20:50
palendae	Ok	20:50
palendae	alextricity_h: But master with changes?	20:51
alextricity_h	palendae: What do you mean?	20:51
*** annashen has joined #openstack-ansible		20:51
odyssey4me	alextricity_h so, if you're using RAX cloud and the standard 8cpu-8G RAM image then it probably has one disk and uses a loopback image for the cinder-volumes	20:51
*** KLevenstein has joined #openstack-ansible		20:52
palendae	alextricity_h: Was it master, or your own change set rebased on master?	20:52
odyssey4me	alextricity_h oh yes, you should look at all the changes in master - a ton of restructures of where configs live and stuff have gone in	20:52
alextricity_h	odyseey4me: right. I didn't change anything in the gate scripts that would affect those configurations	20:52
alextricity_h	palendae: I git pulled/fetch from master, then rebased my bp/ceilometer branch with master	20:53
alextricity_h	That was this morning	20:53
palendae	Ok	20:53
odyssey4me	cloudnull woohoo! :)	20:53
palendae	I ask because, afaik, the gate is passing on commit checks	20:53
odyssey4me	palendae alextricity_h but the ceilometer review has not been: https://review.openstack.org/173067	20:54
palendae	Right, kind of what i was getting at	20:54
palendae	Wonder if there's something in that patch that's throwing a wrench in cinder tests somehow	20:54
*** yaya has joined #openstack-ansible		20:56
alextricity_h	palendae. That's what i'm trying to pin point :/ I'll try this on a fresh VM just in case	20:58
alextricity_h	But as of now my cinder volumes are just hanging on the 'creating' status	20:59
palendae	Yeah, I would say first thing I'd check is a fresh one without doing teardown.sh	20:59
*** Mudpuppy has quit IRC		21:00
odyssey4me	alextricity_h I've also added some review comments which I'd advise looking into as they may help	21:02
*** Mudpuppy has joined #openstack-ansible		21:03
*** Mudpuppy has quit IRC		21:03
*** Mudpuppy has joined #openstack-ansible		21:04
alextricity_h	odyssey4me: Thanks :)	21:04
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Remove the adiscon/v8 ppa because it's not needed https://review.openstack.org/194790	21:12
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Remove the adiscon/v8 ppa https://review.openstack.org/194790	21:16
*** fawadkhaliq has joined #openstack-ansible		21:17
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Remove the adiscon/v8 ppa https://review.openstack.org/194790	21:17
*** fawadkhaliq has quit IRC		21:21
*** abitha has joined #openstack-ansible		21:28
openstackgerrit	Merged stackforge/os-ansible-deployment: Revert "changed container bind mounts to use abspath" https://review.openstack.org/194759	21:30
*** jrniemijr has quit IRC		21:38
*** tlian2 has joined #openstack-ansible		21:38
*** tlian has quit IRC		21:41
*** sacharya has quit IRC		21:45
*** JRobinson__ has joined #openstack-ansible		21:49
sigmavirus24	alextricity_h: try a performance 1-15	21:50
sigmavirus24	I've been using those for AIOs instead	21:50
palendae	2-15	21:50
palendae	If you're using RAX ones	21:50
palendae	1 maxes at 8	21:50
cloudnull	++ 2-15 is what i dev on	21:51
alextricity_h	Okay. I was running the run_playbooks.sh script just now and it keeps failing because my containers are unreachable :/	21:51
*** annashen has quit IRC		21:51
alextricity_h	I did what you suggested, odyssey4me	21:51
palendae	yeah, 2-15 seems most comfortable. Too bad it's not 'standard'	21:51
sigmavirus24	er yeah	21:51
sigmavirus24	2-15 sorry	21:51
openstackgerrit	Steve Lewis proposed stackforge/os-ansible-deployment: Configurable memcached connections limit & threads https://review.openstack.org/194499	21:58
*** yaya has quit IRC		21:58
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Updated tempest isolation options https://review.openstack.org/194344	21:59
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: [WIP] Updated keystone to use fernet as the default https://review.openstack.org/193729	21:59
openstackgerrit	Steve Lewis proposed stackforge/os-ansible-deployment: Configurable memcached connections limit & threads https://review.openstack.org/194499	22:00
*** Mudpuppy has quit IRC		22:09
*** alextricity_h has quit IRC		22:11
*** tlian2 has quit IRC		22:11
*** annashen has joined #openstack-ansible		22:13
*** annashen has joined #openstack-ansible		22:13
*** dontalton2 has joined #openstack-ansible		22:19
*** KLevenstein has quit IRC		22:24
*** sigmavirus24 is now known as sigmavirus24_awa		22:26
*** TheIntern has quit IRC		22:30
*** yaya has joined #openstack-ansible		22:34
*** annashen has quit IRC		22:35
*** galstrom is now known as galstrom_zzz		22:41
*** annashen has joined #openstack-ansible		22:58
*** sdake has joined #openstack-ansible		23:07
*** dontalton2 has quit IRC		23:16
*** dontalton has quit IRC		23:16
*** sdake_ has joined #openstack-ansible		23:23
*** BjoernT has quit IRC		23:25
*** sdake has quit IRC		23:26
*** stevemar has quit IRC		23:29
*** sdake_ has quit IRC		23:40
*** annashen has quit IRC		23:42

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!