Friday, 2015-06-26

« Thursday, 2015-06-25 Index Saturday, 2015-06-27 »
*** sdake_ has joined #openstack-ansible00:17
*** sdake has quit IRC00:21
*** markvoelker has joined #openstack-ansible00:24
*** sdake_ has quit IRC00:27
*** markvoelker has quit IRC00:30
*** daneyon has joined #openstack-ansible00:50
*** sdake has joined #openstack-ansible01:00
*** daneyon_ has joined #openstack-ansible01:02
*** daneyon has quit IRC01:05
*** phoenix__ has joined #openstack-ansible01:31
*** javeriak has quit IRC01:32
*** heww has joined #openstack-ansible01:33
*** heww has quit IRC01:40
*** heww has joined #openstack-ansible01:41
*** javeriak has joined #openstack-ansible01:45
*** javeriak has quit IRC01:47
*** tlian has joined #openstack-ansible01:55
openstackgerritMiguel Grinberg proposed stackforge/os-ansible-deployment: [WIP] Keystone IdP configuration  https://review.openstack.org/19425901:59
*** daneyon_ has quit IRC02:09
*** markvoelker has joined #openstack-ansible02:14
*** javeriak has joined #openstack-ansible02:15
*** daneyon has joined #openstack-ansible02:17
*** markvoelker has quit IRC02:18
*** daneyon has quit IRC02:18
*** annashen has joined #openstack-ansible02:32
*** javeriak has quit IRC03:06
*** javeriak has joined #openstack-ansible03:23
*** javeriak has quit IRC03:25
openstackgerritKevin Carter proposed stackforge/os-ansible-deployment: Updated default fernet key usage  https://review.openstack.org/19585303:33
openstackgerritKevin Carter proposed stackforge/os-ansible-deployment: Updated default fernet key usage  https://review.openstack.org/19585303:39
*** annashen has quit IRC03:57
*** markvoelker has joined #openstack-ansible04:02
*** markvoelker has quit IRC04:07
*** heww has quit IRC04:10
*** annashen has joined #openstack-ansible04:11
*** annashen has quit IRC04:14
*** annashen has joined #openstack-ansible04:19
*** tlian has quit IRC04:21
*** JRobinson__ is now known as JRobinson__afk04:50
openstackgerritKevin Carter proposed stackforge/os-ansible-deployment: Updated default fernet key usage  https://review.openstack.org/19585305:04
*** JRobinson__afk is now known as JRobinson__05:15
*** jmccrory has quit IRC05:27
*** jmccrory has joined #openstack-ansible05:28
*** toddnni has quit IRC05:28
*** annashen has quit IRC05:29
*** sdake has quit IRC05:35
*** toddnni has joined #openstack-ansible05:36
*** markvoelker has joined #openstack-ansible05:51
*** markvoelker has quit IRC05:56
*** sdake has joined #openstack-ansible06:00
*** sdake has quit IRC06:16
*** sdake has joined #openstack-ansible06:18
*** annashen has joined #openstack-ansible06:30
*** JRobinson__ has quit IRC06:36
*** javeriak has joined #openstack-ansible06:37
*** sdake has quit IRC06:41
*** sdake has joined #openstack-ansible06:41
*** sdake has quit IRC06:41
*** annashen has quit IRC07:23
*** jmccrory has quit IRC08:19
*** jmccrory has joined #openstack-ansible08:34
*** husanu4 has joined #openstack-ansible09:09
*** husanu4 has quit IRC09:18
*** husanu8 has joined #openstack-ansible09:23
*** husanu8 has quit IRC09:28
*** javeriak has quit IRC09:28
*** markvoelker has joined #openstack-ansible09:29
*** markvoelker has quit IRC09:33
*** annashen has joined #openstack-ansible10:24
*** annashen has quit IRC10:28
*** markvoelker has joined #openstack-ansible11:17
*** markvoelker has quit IRC11:22
openstackgerritAndy McCrae proposed stackforge/os-ansible-deployment: Allow Swift middleware to be set via a variable  https://review.openstack.org/18156011:24
evrardjphello everyone11:30
odyssey4meo/11:30
evrardjpI'm getting sometimes annoying errors like galera_container-c0f26807] => SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh11:32
evrardjpthe host is well accessible, so it's purely an ansible bug11:33
evrardjpI've tried to change the timeouts11:33
evrardjpin ansible.cfg11:33
evrardjpdoesn't seem to fix it11:33
evrardjpdo you think I should change values for the ssh_args in ansible.cfg?11:34
evrardjplike the -o ServerAliveInterval=5 -o ServerAliveCountMax=311:34
odyssey4meevrardjp we've put quite a lot of time into trying to solve that issue, but haven't found a satisfactory resolution - the best we've managed to do is to implement a retry11:39
evrardjpis the retry included in openstack-ansible command?11:39
odyssey4meso we've added a patch upstream (in ansible) to implement an ssh restry automatically, but it'll only be in ansible 2 when it ships :(11:40
evrardjpok :/11:40
evrardjpbut ansible already has a retry feature, right?11:41
odyssey4mebut for now, then only real option other than to try and figure out the openssh/ssh tweaks to improve the situation, is to retry when it fails11:41
odyssey4meevrardjp in the gate check script we implement an automated retry if a playbook execution fails... it's not great, but that's the best we can do until ansible 2 ships11:42
evrardjpYeah, I don't complain, just wondering if I had to work on it or not11:46
odyssey4medstanek so hughsaunders has two keystone services running, and is trying to setup an IDP/SP relationship11:46
evrardjpfor ansible, v2 is out in dev IIRC11:46
odyssey4mebut for me shibboleth redirects to keystone, which just returns a 40111:47
odyssey4mefor hughsaunders ... (over to you)11:48
hughsaundersdstanek: "shib_check_user found no per-request structure" <-- is that the error that makes no sense to you?11:49
hughsaundersif so, I agree11:49
dstanekthat and the other one about the ECP urls not matching11:52
openstackgerritAndy McCrae proposed stackforge/os-ansible-deployment: Make swift_proxy_vars not a required variable  https://review.openstack.org/19601211:54
openstackgerritAndy McCrae proposed stackforge/os-ansible-deployment: Make swift_proxy_vars not a required variable  https://review.openstack.org/19601211:56
*** markvoelker has joined #openstack-ansible12:00
dstanekodyssey4me: hughsaunders: come to #openstack-keystone and ask your k2k questions12:03
*** tlian has joined #openstack-ansible12:28
*** jaypipes has joined #openstack-ansible12:41
*** fawadkhaliq has joined #openstack-ansible13:18
*** lkoranda_ has joined #openstack-ansible13:27
*** fawadkhaliq has quit IRC13:28
*** lkoranda has quit IRC13:32
*** lkoranda_ has quit IRC13:33
*** KLevenstein has joined #openstack-ansible13:37
*** lkoranda has joined #openstack-ansible13:37
*** Mudpuppy has joined #openstack-ansible13:50
cloudnullmornin13:56
cloudnullodyssey4me dstanek sigmavirus24_awa dolphm https://review.openstack.org/#/c/195853/ <fernet with auto rotation13:58
*** ayoung has quit IRC14:00
*** fawadkhaliq has joined #openstack-ansible14:04
dstanekcloudnull: why rotate for every playbook execution?14:06
cloudnullit allows the user to rotate through ansible playbooks using a tag. it also should enfore a consistency on subsequent reruns of the playbooks.14:07
cloudnulllike if a new node is added in14:08
*** fawadk has joined #openstack-ansible14:08
cloudnullwe're also regenerating the ssh keys on every playbook execution so they're rotating all the time too.14:08
dstanekis there any chance that you'd run the playbooks a few times in a row and start to invalidate keys?14:09
*** fawadkhaliq has quit IRC14:09
cloudnullin the current config you'd have to do that 7+ times14:09
cloudnullbut yes.14:09
cloudnullhowever i'd hope that the run would've converged by the 7th run .14:10
*** ayoung has joined #openstack-ansible14:12
palendaeYou would hope14:13
cloudnullalso i tested this last night with 11 keystone nodes, 7 keys, an API worker beating on a nova api, and a script rotating the keys on a for loop for a few minutes i never got a 401 .14:13
cloudnullso kudos to you guys. :)14:13
dstanekthat's 7 times in 12 hours though14:14
dstaneki don't have any problem with it if you think it's operationally sound - was just curious14:15
cloudnulli think it should be good, however if we can make it better we should do that =)14:15
cloudnullalso i set the default auto rotation to daily, do you think it should be more frequent than that?14:17
*** sigmavirus24_awa is now known as sigmavirus2414:19
*** fawadk has quit IRC14:19
sigmavirus24cloudnull: looking14:20
dstaneki would expect daily to be more than enough for a key rotation14:23
cloudnullok14:23
*** yaya has joined #openstack-ansible14:42
openstackgerritTom Cameron proposed stackforge/os-ansible-deployment: Upgrade to ansible 1.9.2  https://review.openstack.org/19608314:44
*** jaypipes is now known as leakypipes14:56
*** yaya has quit IRC15:04
*** yaya has joined #openstack-ansible15:08
openstackgerritKevin Carter proposed stackforge/os-ansible-deployment: Updated default fernet key usage  https://review.openstack.org/19585315:13
sigmavirus24dstanek: yeah, I was saying even weekly should be often enough but daily is probably the most future-proof (security-wise) default15:22
openstackgerritKevin Carter proposed stackforge/os-ansible-deployment: Updated default fernet key usage  https://review.openstack.org/19585315:32
*** sdake has joined #openstack-ansible15:52
evrardjpI'm off for today! Enjoy the week-end everyone!15:59
cloudnullevrardjp:  have a great one.16:00
*** fawadkhaliq has joined #openstack-ansible16:03
openstackgerritKevin Carter proposed stackforge/os-ansible-deployment: Implement Ceilometer  https://review.openstack.org/17306716:12
openstackgerritJesse Pretorius proposed stackforge/os-ansible-deployment: [WIP] Keystone SP configuration  https://review.openstack.org/19439516:29
odyssey4mehughsaunders miguelgrinberg ^16:29
openstackgerritAndy McCrae proposed stackforge/os-ansible-deployment: Allow Swift middleware to be set via a variable  https://review.openstack.org/18156016:30
hughsaundersodyssey4me: thanks16:36
hughsaundersodyssey4me: oh, so those location matches were supposed to be outside the vhost?16:38
openstackgerritAndy McCrae proposed stackforge/os-ansible-deployment: Allow Swift middleware to be set via a variable  https://review.openstack.org/18156016:43
openstackgerritKevin Carter proposed stackforge/os-ansible-deployment: Upgrade to ansible 1.9.2  https://review.openstack.org/19614416:52
*** yaya has quit IRC16:56
openstackgerritMerged stackforge/os-ansible-deployment: Upgrade to ansible 1.9.2  https://review.openstack.org/19608316:56
*** annashen has joined #openstack-ansible17:03
*** yaya has joined #openstack-ansible17:05
*** yaya has quit IRC17:15
openstackgerritKevin Carter proposed stackforge/os-ansible-deployment: Remove hardcoded config drive enforcement  https://review.openstack.org/19540317:16
*** sigmavirus24 is now known as sigmavirus24_awa17:27
*** fawadk has joined #openstack-ansible17:37
*** javeriak has joined #openstack-ansible17:37
*** fawadkhaliq has quit IRC17:40
*** sigmavirus24_awa is now known as sigmavirus2417:41
*** jwagner_away is now known as jwagner18:00
*** annashen has quit IRC18:08
*** annashen has joined #openstack-ansible18:08
*** sdake has quit IRC18:13
openstackgerritKevin Carter proposed stackforge/os-ansible-deployment: Remove hardcoded config drive enforcement  https://review.openstack.org/19540318:30
*** yaya has joined #openstack-ansible18:36
*** sdake has joined #openstack-ansible18:36
*** sdake has quit IRC18:36
*** sdake has joined #openstack-ansible18:38
*** kelvk has joined #openstack-ansible18:51
*** markvoelker has quit IRC19:20
*** markvoelker has joined #openstack-ansible19:26
*** sigmavirus24 is now known as sigmavirus24_awa19:31
*** markvoelker has quit IRC19:32
*** markvoelker has joined #openstack-ansible19:32
*** sigmavirus24_awa is now known as sigmavirus2419:38
*** markvoelker_ has joined #openstack-ansible19:38
*** markvoelker has quit IRC19:40
*** markvoelker has joined #openstack-ansible19:44
*** markvoelker_ has quit IRC19:45
annashenrunning a playbook with the final task being calling shell module performing a command in this format "cd somefolder; /usr/local/bin/some-api --config-file /etc/someapi/some.conf --debug 2>&1 | tee /opt/logs/someapi.log"19:48
annashenbut ansible never returns and the playbook just hang there19:49
palendaeannashen: Is it from os-ansible-deployment?19:49
*** daneyon has joined #openstack-ansible19:50
palendaeThe playbook, that is19:50
annashenhave no idea whethre it comes from...19:50
annashenno..19:50
annashenthe playbook i wrote it myself19:50
palendaeAh. You may get better feedback from the #ansible channel, then19:50
annashenoh.. thanks19:51
openstackgerritShu Shen proposed stackforge/os-ansible-deployment: Ensure flush-net-cache on local host  https://review.openstack.org/19621619:52
*** markvoelker has quit IRC19:54
*** markvoelker has joined #openstack-ansible19:58
*** Mudpuppy has quit IRC20:02
*** Mudpuppy_ has joined #openstack-ansible20:03
*** markvoelker_ has joined #openstack-ansible20:09
*** markvoelker has quit IRC20:11
*** markvoelker_ has quit IRC20:12
*** Mudpuppy_ has quit IRC20:14
*** yaya has quit IRC20:16
*** KLevenstein has quit IRC20:21
*** KLevenstein has joined #openstack-ansible20:40
*** fawadk has quit IRC20:42
*** fawadkhaliq has joined #openstack-ansible20:43
*** fawadkhaliq has quit IRC20:44
*** daneyon_ has joined #openstack-ansible20:46
*** daneyon has quit IRC20:49
*** kelvk is now known as kelv20:50
*** kelv has left #openstack-ansible20:50
*** markvoelker has joined #openstack-ansible20:51
openstackgerritKevin Carter proposed stackforge/os-ansible-deployment: Remove all of the rpc_release.link files  https://review.openstack.org/19624221:02
*** tlian has quit IRC21:16
*** KLevenstein has quit IRC21:16
*** yapeng has joined #openstack-ansible21:17
*** markvoelker has quit IRC21:19
cloudnullim out guys have a good weekend21:23
*** sigmavirus24 is now known as sigmavirus24_awa21:23
*** openstack has joined #openstack-ansible21:26
*** markvoelker has joined #openstack-ansible21:28
*** markvoelker has quit IRC21:30
*** yapeng has quit IRC21:37
*** metral is now known as metral_zzz21:46
*** javeriak has quit IRC22:09
*** fawadkhaliq has joined #openstack-ansible22:17
*** fawadk has joined #openstack-ansible22:19
*** fawadkhaliq has quit IRC22:20
*** annashen has quit IRC22:22
*** annashen has joined #openstack-ansible22:22
*** annashen has quit IRC22:39
*** fawadk has quit IRC22:40
*** annashen has joined #openstack-ansible22:50
*** annashen has quit IRC23:14
*** sdake_ has joined #openstack-ansible23:21
*** sdake has quit IRC23:25
*** yapeng has joined #openstack-ansible23:25
*** annashen has joined #openstack-ansible23:26
*** yapeng has quit IRC23:30
*** annashen has quit IRC23:31
*** sdake_ has quit IRC23:42
« Thursday, 2015-06-25 Index Saturday, 2015-06-27 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!