| *** metral_zzz is now known as metral | 00:10 | |
| *** sdake_ has joined #openstack-ansible | 00:28 | |
| *** sdake has quit IRC | 00:31 | |
| *** bitblt has quit IRC | 00:44 | |
| *** javeriak has quit IRC | 01:09 | |
| *** darrenc is now known as darrenc_afk | 01:36 | |
| *** CheKoLyN has quit IRC | 01:40 | |
| *** markvoelker has quit IRC | 01:54 | |
| openstackgerrit | Miguel Grinberg proposed stackforge/os-ansible-deployment: [WIP] Keystone SP configuration https://review.openstack.org/194395 | 01:57 |
|---|---|---|
| *** darrenc_afk is now known as darrenc | 01:57 | |
| *** markvoelker has joined #openstack-ansible | 02:00 | |
| *** alop has quit IRC | 02:00 | |
| *** markvoelker has quit IRC | 02:18 | |
| *** mmasaki has quit IRC | 02:26 | |
| *** mmasaki has joined #openstack-ansible | 02:26 | |
| *** CheKoLyN has joined #openstack-ansible | 02:33 | |
| *** sdake_ is now known as sdake | 02:34 | |
| *** annashen has joined #openstack-ansible | 02:39 | |
| *** CheKoLyN has quit IRC | 02:39 | |
| *** sacharya has joined #openstack-ansible | 02:40 | |
| *** sdake_ has joined #openstack-ansible | 02:43 | |
| *** sdake__ has joined #openstack-ansible | 02:46 | |
| *** sdake has quit IRC | 02:46 | |
| *** annashen has quit IRC | 02:48 | |
| *** sdake_ has quit IRC | 02:50 | |
| *** tlian2 has joined #openstack-ansible | 02:51 | |
| *** tlian has quit IRC | 02:53 | |
| *** annashen has joined #openstack-ansible | 02:58 | |
| *** sdake__ is now known as sdake | 02:58 | |
| *** markvoelker has joined #openstack-ansible | 03:35 | |
| *** mmasaki has quit IRC | 03:36 | |
| *** mmasaki has joined #openstack-ansible | 03:37 | |
| *** markvoelker_ has joined #openstack-ansible | 03:38 | |
| *** dabernie has joined #openstack-ansible | 03:39 | |
| *** markvoelker has quit IRC | 03:40 | |
| *** markvoelker has joined #openstack-ansible | 04:04 | |
| *** markvoelker_ has quit IRC | 04:07 | |
| *** markvoelker_ has joined #openstack-ansible | 04:08 | |
| *** markvoelker has quit IRC | 04:09 | |
| *** mmasaki has quit IRC | 04:20 | |
| *** mmasaki has joined #openstack-ansible | 04:21 | |
| *** annashen has quit IRC | 04:29 | |
| *** sacharya has quit IRC | 04:33 | |
| *** sacharya has joined #openstack-ansible | 04:34 | |
| *** markvoelker has joined #openstack-ansible | 05:06 | |
| *** markvoelker_ has quit IRC | 05:06 | |
| *** tlian2 has quit IRC | 05:07 | |
| *** markvoelker_ has joined #openstack-ansible | 05:08 | |
| *** markvoelker has quit IRC | 05:11 | |
| *** annashen has joined #openstack-ansible | 05:14 | |
| *** sacharya has quit IRC | 05:36 | |
| *** annashen has quit IRC | 05:48 | |
| *** fawadkhaliq has joined #openstack-ansible | 05:54 | |
| *** annashen has joined #openstack-ansible | 06:10 | |
| *** fawadkhaliq has quit IRC | 06:33 | |
| *** annashen has quit IRC | 06:46 | |
| *** fawadkhaliq has joined #openstack-ansible | 06:54 | |
| *** fawadk has joined #openstack-ansible | 06:55 | |
| *** gcivitella has joined #openstack-ansible | 06:57 | |
| *** fawadkhaliq has quit IRC | 06:58 | |
| *** fawadkhaliq has joined #openstack-ansible | 06:59 | |
| *** fawadk has quit IRC | 07:00 | |
| *** sdake has quit IRC | 07:07 | |
| *** annashen has joined #openstack-ansible | 07:15 | |
| *** annashen has quit IRC | 07:26 | |
| *** odyssey4me has quit IRC | 07:51 | |
| *** odyssey4me has joined #openstack-ansible | 07:52 | |
| openstackgerrit | Andy McCrae proposed stackforge/os-ansible-deployment: Add a ring vs contents file consistency check https://review.openstack.org/201642 | 07:52 |
| *** fawadkhaliq has quit IRC | 08:05 | |
| odyssey4me | morning all y'all | 08:09 |
| *** markvoelker_ has quit IRC | 08:21 | |
| *** fawadkhaliq has joined #openstack-ansible | 08:22 | |
| *** markvoelker has joined #openstack-ansible | 08:36 | |
| *** markvoelker has quit IRC | 08:45 | |
| *** markvoelker has joined #openstack-ansible | 08:51 | |
| *** markvoelker has quit IRC | 08:56 | |
| openstackgerrit | Andy McCrae proposed stackforge/os-ansible-deployment: Add a ring vs contents file consistency check https://review.openstack.org/201642 | 09:00 |
| *** markvoelker has joined #openstack-ansible | 09:06 | |
| *** markvoelker has quit IRC | 09:10 | |
| *** markvoelker has joined #openstack-ansible | 09:20 | |
| *** markvoelker has quit IRC | 09:25 | |
| *** markvoelker has joined #openstack-ansible | 09:35 | |
| *** markvoelker has quit IRC | 09:40 | |
| odyssey4me | hughsaunders fyi, with a few tweaks I have the SP patch working against testshib (external IdP) - I'm just figuring out one last bug and will update the patch | 09:48 |
| hughsaunders | odyssey4me: great | 09:48 |
| *** markvoelker has joined #openstack-ansible | 09:49 | |
| *** markvoelker has quit IRC | 09:54 | |
| *** markvoelker has joined #openstack-ansible | 10:04 | |
| *** markvoelker has quit IRC | 10:08 | |
| openstackgerrit | Hugh Saunders proposed stackforge/os-ansible-deployment: [WIP] Keystone IdP configuration https://review.openstack.org/194259 | 10:15 |
| *** markvoelker has joined #openstack-ansible | 10:19 | |
| *** markvoelker has quit IRC | 10:23 | |
| *** javeriak has joined #openstack-ansible | 10:25 | |
| *** markvoelker has joined #openstack-ansible | 10:33 | |
| *** markvoelker has quit IRC | 10:38 | |
| *** markvoelker has joined #openstack-ansible | 10:48 | |
| *** markvoelker has quit IRC | 10:54 | |
| odyssey4me | hughsaunders any chance you can work on an update to https://review.openstack.org/197677 which adds the new v3 api role mapping capabilities? | 10:56 |
| odyssey4me | we're missing the equivalent of 'openstack role add --project fedproject --group fedgroup _member_' in our sp setup process, which I'll add to the SP patch but the library needs to be updated to handle the ability to add a role assignment to a project and group | 10:57 |
| *** markvoelker has joined #openstack-ansible | 11:02 | |
| *** markvoelker has quit IRC | 11:07 | |
| odyssey4me | otherwise, no worries - I'll get to it in a bit | 11:09 |
| *** markvoelker has joined #openstack-ansible | 11:17 | |
| openstackgerrit | Hugh Saunders proposed stackforge/os-ansible-deployment: Read affinity from environment https://review.openstack.org/201560 | 11:21 |
| *** markvoelker has quit IRC | 11:21 | |
| *** fawadkhaliq has quit IRC | 11:23 | |
| *** markvoelker has joined #openstack-ansible | 11:24 | |
| *** openstack has joined #openstack-ansible | 11:39 | |
| *** markvoelker has joined #openstack-ansible | 11:39 | |
| *** markvoelker has quit IRC | 11:44 | |
| *** javeriak has joined #openstack-ansible | 11:44 | |
| *** fawadkhaliq has quit IRC | 11:45 | |
| openstackgerrit | Andy McCrae proposed stackforge/os-ansible-deployment: Add a ring vs contents file consistency check https://review.openstack.org/201642 | 11:52 |
| *** javeriak has quit IRC | 11:53 | |
| *** markvoelker has joined #openstack-ansible | 11:54 | |
| *** markvoelker has quit IRC | 11:58 | |
| *** Ti-mo has joined #openstack-ansible | 12:00 | |
| dabernie | question, is it now possible to deploy with OVS versus Linux Bridge only ? | 12:03 |
| *** markvoelker has joined #openstack-ansible | 12:08 | |
| *** markvoelker has quit IRC | 12:13 | |
| *** markvoelker has joined #openstack-ansible | 12:23 | |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395 | 12:27 |
| *** markvoelker has quit IRC | 12:28 | |
| odyssey4me | hughsaunders ^ that works with the TestShib IdP - I'll start work on revising the WebSSO bits to make them less nasty, but if you can test with that it'd be great | 12:30 |
| odyssey4me | we may still need a few tweaks for the Keystone IdP example settings | 12:30 |
| odyssey4me | dabernie At this stage no-one has submitted a patch for the implementation of OVS in os-ansible-deployment. | 12:31 |
| *** markvoelker has joined #openstack-ansible | 12:37 | |
| *** markvoelker has quit IRC | 12:42 | |
| dabernie | thnx odyssey4me | 12:44 |
| *** tlian has joined #openstack-ansible | 12:51 | |
| *** markvoelker has joined #openstack-ansible | 12:52 | |
| *** markvoelker has quit IRC | 12:56 | |
| *** jaypipes has joined #openstack-ansible | 12:59 | |
| *** markvoelker has joined #openstack-ansible | 13:01 | |
| *** javeriak has joined #openstack-ansible | 13:03 | |
| *** javeriak has quit IRC | 13:06 | |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395 | 13:07 |
| *** markvoelker has quit IRC | 13:09 | |
| *** markvoelker has joined #openstack-ansible | 13:09 | |
| *** markvoelker_ has joined #openstack-ansible | 13:10 | |
| *** markvoelker has quit IRC | 13:14 | |
| cloudnull | mornings | 13:56 |
| odyssey4me | o/ | 13:57 |
| alextricity | howdy | 13:59 |
| *** spotz_zzz has joined #openstack-ansible | 14:02 | |
| *** spotz_zzz is now known as spotz | 14:02 | |
| *** TheIntern has joined #openstack-ansible | 14:03 | |
| *** gcivitella_ has joined #openstack-ansible | 14:06 | |
| *** Bjoern_ has joined #openstack-ansible | 14:07 | |
| *** gcivitella has quit IRC | 14:07 | |
| *** sigmavirus24_awa is now known as sigmavirus24 | 14:12 | |
| *** sdake has joined #openstack-ansible | 14:23 | |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395 | 14:28 |
| *** markvoelker has joined #openstack-ansible | 14:28 | |
| *** markvoel_ has joined #openstack-ansible | 14:31 | |
| *** markvoelker has quit IRC | 14:31 | |
| *** markvoelker_ has quit IRC | 14:32 | |
| *** markvoel_ has quit IRC | 14:33 | |
| *** Mudpuppy has joined #openstack-ansible | 14:33 | |
| openstackgerrit | Merged stackforge/os-ansible-deployment: Add v3 calls for federation to keystone module https://review.openstack.org/197677 | 14:40 |
| *** alop has joined #openstack-ansible | 14:45 | |
| openstackgerrit | Kevin Carter proposed stackforge/os-ansible-deployment: Moved user_group_vars to defaults https://review.openstack.org/199216 | 14:47 |
| openstackgerrit | Kevin Carter proposed stackforge/os-ansible-deployment: Moved user_group_vars to defaults https://review.openstack.org/199216 | 14:48 |
| sigmavirus24 | odyssey4me: miguelgrinberg care to explain the best way to thoroughly test these IdP/ServP patches? | 14:49 |
| odyssey4me | sigmavirus24 I'm busy documenting exactly that - just doing a run-through of my procedure :) | 14:49 |
| sigmavirus24 | :D | 14:50 |
| sigmavirus24 | So what we're saying is if your procedure is wrong, we'll have false positive everywhere? | 14:50 |
| sigmavirus24 | =P | 14:50 |
| odyssey4me | sigmavirus24 I haven't a clue how to do the K2K thingy, but I'm prepping a procedure for testing the SP with an external IDP | 14:51 |
| sigmavirus24 | mhm | 14:51 |
| odyssey4me | (and finding a few bugs along the way) | 14:51 |
| *** markvoelker has joined #openstack-ansible | 14:53 | |
| *** yaya has joined #openstack-ansible | 14:54 | |
| sigmavirus24 | WOO | 14:54 |
| *** markvoelker_ has joined #openstack-ansible | 14:54 | |
| sigmavirus24 | Are they the crunch creme filled kind? | 14:55 |
| *** rcarrillocruz has joined #openstack-ansible | 14:57 | |
| *** markvoelker has quit IRC | 14:58 | |
| odyssey4me | sigmavirus24 no, your sinuses are :p | 15:00 |
| sigmavirus24 | My sinuses aren't crunch | 15:00 |
| sigmavirus24 | My snot may be, but not my sinuses | 15:00 |
| sigmavirus24 | I suspect that'snot funny | 15:00 |
| odyssey4me | sigmavirus24 so I don't get this: http://paste.openstack.org/show/377786/ | 15:01 |
| odyssey4me | maybe I'm being silly, but it looks like it should work - but doesn't | 15:02 |
| *** galstrom_zzz is now known as galstrom | 15:02 | |
| sigmavirus24 | odyssey4me: "role [ _member_ ] was not found." | 15:03 |
| hughsaunders | odyssey4me: sorry missed your pings earlier, still want me to add group to ensure_user_role or are you doing that? | 15:03 |
| odyssey4me | sigmavirus24 yeah, how is that even possible | 15:03 |
| odyssey4me | hughsaunders it's already done, thanks :) | 15:03 |
| sigmavirus24 | odyssey4me: That's a good question | 15:03 |
| sigmavirus24 | odyssey4me: did you maybe pull a hughsaunders ? | 15:04 |
| odyssey4me | hughsaunders well, I didn't add it to ensure_user_role because I wanted something different :p | 15:04 |
| odyssey4me | sigmavirus24 heh, I just checked - as it turns out at this stage of the game _member_ does not exist | 15:04 |
| *** metral is now known as metral_zzz | 15:04 | |
| odyssey4me | we have a ordering issue :) | 15:05 |
| sigmavirus24 | odyssey4me: hahah | 15:06 |
| odyssey4me | hmm, when does the _member_ role get created? | 15:06 |
| odyssey4me | is it automatic? | 15:06 |
| sigmavirus24 | odyssey4me: this is why I've started going through the trouble of always running from scratch | 15:06 |
| palendae | I thought so | 15:06 |
| *** metral_zzz is now known as metral | 15:06 | |
| palendae | ^ is for odyssey4me | 15:06 |
| * sigmavirus24 wasn't sure | 15:06 | |
| odyssey4me | I thought it got created in the db sync, but apparently not. | 15:06 |
| palendae | I thought that was a default Keystone thing, but I could be wrong | 15:06 |
| sigmavirus24 | I don't see us creating it in the playbooks though | 15:07 |
| sigmavirus24 | oh | 15:07 |
| sigmavirus24 | is it maybe not done by default in v3? /cc dstanek dolphm ? | 15:07 |
| dolphm | reading back... | 15:07 |
| palendae | dolphm: main Q: hmm, when does the _member_ role get created? | 15:07 |
| dolphm | _member_ is created automatically when needed by v2 - specifically, when you implicitly assign authorization to a user in v2 by giving them a "default tenant" | 15:08 |
| odyssey4me | dolphm ah, and in v3? | 15:08 |
| dolphm | a _member_ role is then explicitly created automatically and an explicit role assignment is created | 15:08 |
| dolphm | in v3, there is no implicit authorization -- everything is explicit. so create your own member role, and do the role assignments explicitly | 15:09 |
| odyssey4me | dolphm thank you :) | 15:10 |
| sigmavirus24 | odyssey4me: want that we should create a separate patch for that or no? | 15:10 |
| sigmavirus24 | "Fix thing that we didn't realize v3 changed" | 15:10 |
| dolphm | v2's user.tenant_id also differs from v3's user.default_project_id in that v2 implicitly assigns authorization, and v3 explicitly requires authorization, but grants none automatically. so a user created with v3 user.default_project_id might not have authorization on their default project, and will receive an unscoped token instead of a scoped one | 15:11 |
| odyssey4me | sigmavirus24 for now I'm bundling it, but yeah - it probably deserves being in a separate patch... the review for the SP config will have a few patches broken out, so for now bundling is fine | 15:11 |
| sigmavirus24 | odyssey4me: okay | 15:12 |
| *** CheKoLyN has joined #openstack-ansible | 15:12 | |
| odyssey4me | sigmavirus24 check the review comments in the history and you'll see what I mean :) | 15:13 |
| dolphm | poke me whenever y'all want a review from me | 15:14 |
| odyssey4me | sigmavirus24 actually, for the SP we specify a role so this will be specific to the SP config | 15:15 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395 | 15:19 |
| sigmavirus24 | odyssey4me: so we'll probably need a separate patch for _member_ anyway | 15:21 |
| odyssey4me | sigmavirus24 yep, may as well file a bug | 15:22 |
| sigmavirus24 | already on it =P | 15:22 |
| *** sacharya has joined #openstack-ansible | 15:23 | |
| *** sdake has quit IRC | 15:32 | |
| *** sdake has joined #openstack-ansible | 15:32 | |
| palendae | Question for those of you working on the keystone Fernet stuff - is it possible to change the default from Fernet? | 15:33 |
| palendae | Via user(_extra)_variables? | 15:33 |
| cloudnull | yes you can | 15:33 |
| cloudnull | why ? | 15:33 |
| palendae | SHA we pulled already made it default, not sure we want it that way for our very next version. Asking so I have an answer if someone comes back to me and asks | 15:34 |
| cloudnull | if you set `keystone_token_provider` in user_variables.yml you can override it | 15:35 |
| palendae | Ok | 15:36 |
| cloudnull | that said, if you dont use fernet your options are sql or memcached which both suffer from their own terribad set of problems. | 15:36 |
| claco | I was under the impression that with the federation/adfs code, it would need to be uuid | 15:37 |
| palendae | cloudnull: Sure, but is that a change from Juno? | 15:37 |
| claco | which seams that we should set it back now outside of osad | 15:37 |
| cloudnull | odyssey4me, lbragstad, dolphm: can better answer that | 15:38 |
| cloudnull | for OSAD fernet is the default. | 15:38 |
| palendae | cloudnull: Yep, not asking you to change it | 15:38 |
| palendae | Just asking if we can | 15:38 |
| openstackgerrit | Merged stackforge/os-ansible-deployment: Restart mysql when config changed https://review.openstack.org/200054 | 15:38 |
| cloudnull | yes. it can be changed. http://docs.openstack.org/developer/keystone/configuration.html has more on the options you can use. | 15:39 |
| palendae | Thanks | 15:39 |
| *** ig0r__ has quit IRC | 15:39 | |
| cloudnull | claco: i think for federation it does need to be uuid w/ sql or memcached , but federation is not the default setup nor should it be. IMO. | 15:39 |
| claco | right | 15:40 |
| claco | again, just tracking an upstream vs rpc change | 15:40 |
| cloudnull | i believe that there are issues with unscoped tokens. | 15:40 |
| dolphm | cloudnull: my understanding is that it's scoped tokens that have the issue | 15:40 |
| *** ig0r_ has joined #openstack-ansible | 15:40 | |
| cloudnull | ^ that one | 15:40 |
| cloudnull | :) | 15:40 |
| claco | ha | 15:41 |
| dolphm | cloudnull: fernet supports *unscoped* federated tokens, but not *scoped* federated tokens... which weren't a thing until recently | 15:41 |
| cloudnull | long of the short rpc should adopt fernet as the default unless using federations, for now. | 15:41 |
| palendae | We're welcome :) | 15:42 |
| claco | are we advocating that the value change depending if you do or don't do federation? | 15:42 |
| claco | seems like that will never get remembered | 15:43 |
| claco | :-) | 15:43 |
| palendae | claco: Gotta doc it | 15:43 |
| palendae | And maybe provide 2 different config examples | 15:43 |
| palendae | So when people forget we can point them to it | 15:43 |
| cloudnull | claco: it will get remembered when the user attempts to enable federation and it doesnt work. :) | 15:45 |
| odyssey4me | palendae cloudnull yeah, for kilo we need to ensure that the uuid token provider is used - this may change once the upstream stuff is sorted out | 15:46 |
| cloudnull | also that ^ | 15:46 |
| *** alop has quit IRC | 15:49 | |
| palendae | Is that set in user_variables? acking for 'token' osad's etc shows me rabbitmq_cookie_token and keystone_auth_admin_token | 15:49 |
| palendae | Oh, it's probably set in the keystone role's defaults | 15:50 |
| cloudnull | its a default. | 15:50 |
| odyssey4me | palendae: echo 'keystone_token_provider: "keystone.token.providers.uuid.Provider"' >> /etc/openstack_deploy/user_variables.yml | 15:50 |
| cloudnull | within keystone | 15:50 |
| palendae | Thanks | 15:50 |
| *** Bjoern_ is now known as BjoernT | 15:51 | |
| *** galstrom is now known as galstrom_zzz | 15:51 | |
| *** jaypipes has quit IRC | 15:58 | |
| *** annashen has joined #openstack-ansible | 16:00 | |
| *** logan2 has quit IRC | 16:00 | |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395 | 16:02 |
| openstackgerrit | Merged stackforge/os-ansible-deployment: Add openstackclient to the keystone containers https://review.openstack.org/199730 | 16:03 |
| *** sdake has quit IRC | 16:08 | |
| *** sdake has joined #openstack-ansible | 16:11 | |
| dolphm | palendae: cloudnull: first pass at scoped federated fernet tokens https://review.openstack.org/#/c/202176/ | 16:21 |
| palendae | dolphm: Cool beans | 16:23 |
| *** richoid has joined #openstack-ansible | 16:29 | |
| *** markvoelker_ has quit IRC | 16:40 | |
| *** annashen has quit IRC | 16:42 | |
| *** markvoelker has joined #openstack-ansible | 16:42 | |
| *** TheIntern has quit IRC | 16:42 | |
| *** alop has joined #openstack-ansible | 16:45 | |
| *** annashen has joined #openstack-ansible | 16:46 | |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395 | 16:51 |
| *** weezS has joined #openstack-ansible | 16:51 | |
| *** jwagner is now known as jwagner_away | 16:51 | |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Add openstackclient to the keystone containers https://review.openstack.org/202189 | 16:55 |
| *** TheIntern has joined #openstack-ansible | 16:58 | |
| odyssey4me | miguelgrinberg sigmavirus24 ok, those updates fix things I broke and finalise my changes for the day - sorry about changing them up as you got going on them | 17:06 |
| openstackgerrit | Ian Cordasco proposed stackforge/os-ansible-deployment: Ensure that the _member_ role is always present https://review.openstack.org/202194 | 17:08 |
| *** sigmavirus24 is now known as sigmavirus24_awa | 17:10 | |
| * cloudnull lunching | 17:10 | |
| *** logan2 has joined #openstack-ansible | 17:10 | |
| *** b3rnard0 is now known as b3rnard0_lunch | 17:11 | |
| *** jaypipes has joined #openstack-ansible | 17:35 | |
| *** yaya has quit IRC | 17:43 | |
| *** TheIntern has quit IRC | 17:54 | |
| *** jwagner_away is now known as jwagner | 17:56 | |
| *** TheIntern has joined #openstack-ansible | 17:59 | |
| *** sigmavirus24_awa is now known as sigmavirus24 | 18:06 | |
| sigmavirus24 | cloudnull: https://review.openstack.org/#/q/project:openstack/releases,n,z looks interesting | 18:13 |
| *** alextricity has quit IRC | 18:15 | |
| *** klindgren_ is now known as klindgren | 18:27 | |
| *** annashen has quit IRC | 18:30 | |
| *** galstrom_zzz is now known as galstrom | 18:32 | |
| *** yaya has joined #openstack-ansible | 18:38 | |
| *** annashen has joined #openstack-ansible | 18:42 | |
| *** yaya has quit IRC | 18:45 | |
| *** markvoelker has quit IRC | 18:58 | |
| *** b3rnard0_lunch is now known as b3rnard0 | 18:59 | |
| cloudnull | sigmavirus24: whats that ? | 19:03 |
| sigmavirus24 | cloudnull: looks like they're using that to track release numbers and hashes for each project in each cycle | 19:04 |
| cloudnull | ah nice | 19:04 |
| cloudnull | that'll be handy in the future | 19:05 |
| *** wmlynch has joined #openstack-ansible | 19:05 | |
| *** annashen has quit IRC | 19:06 | |
| sigmavirus24 | yep | 19:11 |
| sigmavirus24 | also, I saw a bug come across for the openstackclient and marked it as affecting us | 19:11 |
| sigmavirus24 | because it looks like keystoneclient is once again changing option names /cc Sam-I-Am | 19:11 |
| sigmavirus24 | so that'll affect some of the neutronclient config in nova at least (which I'm aware because of the federation work that odyssey4me miguelgrinberg hughsaunders and I have been toying with) | 19:12 |
| sigmavirus24 | cloudnull: was ceilometer not backported to the kilo branch? | 19:13 |
| claco | seems like a punishment who-last-greivenced-me style | 19:13 |
| cloudnull | its pending https://review.openstack.org/#/c/201244/ | 19:13 |
| *** alop has quit IRC | 19:14 | |
| *** yaya has joined #openstack-ansible | 19:14 | |
| sigmavirus24 | cloudnull: so if the keystone v3 stuff goes in first, then that patch will need to update the ceilometer_service_add bits | 19:14 |
| sigmavirus24 | because that went in before the v3 patch that I'm backporting now and will not include it because cherry-pick conflicts =P | 19:15 |
| openstackgerrit | Ian Cordasco proposed stackforge/os-ansible-deployment: Upgrade the Keystone library to use v3 https://review.openstack.org/202242 | 19:16 |
| openstackgerrit | Ian Cordasco proposed stackforge/os-ansible-deployment: Add v3 calls for federation to keystone module https://review.openstack.org/202243 | 19:16 |
| lbragstad | odyssey4me: o/ | 19:19 |
| cloudnull | :( | 19:21 |
| lbragstad | odyssey4me: we (dolphm and marekd) have a couple patches up that work towards addressing the Federated scoped tokens, project or domain. https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:202190,n,z | 19:23 |
| lbragstad | odyssey4me: it's a relatively small change if you're able to test it in your environment? | 19:23 |
| mgariepy | quick questions, i am starting to deploy with OSAD, and the inventory got generated but none of the container have an ip. | 19:26 |
| mgariepy | is that normal ? | 19:26 |
| openstackgerrit | Kevin Carter proposed stackforge/os-ansible-deployment: Implement Ceilometer https://review.openstack.org/201244 | 19:29 |
| openstackgerrit | Kevin Carter proposed stackforge/os-ansible-deployment: Wait until mongo responds after restart https://review.openstack.org/201245 | 19:29 |
| cloudnull | sigmavirus24: those bits need a review or you can dep on those patches . | 19:29 |
| sigmavirus24 | cloudnull: I don't think we want to depend on /more/ unrelated patches | 19:30 |
| cloudnull | mgariepy: in your openstack_user_config file you should have networks defined which the inventory parser will use to assign ip addresses. | 19:30 |
| cloudnull | sigmavirus24: the alternitive is for us to bang that backport through first ? | 19:31 |
| sigmavirus24 | cloudnull: not necessarily. You can update the backport to do the right things in cinder_service_add | 19:31 |
| sigmavirus24 | It won't pass the gate without that | 19:31 |
| sigmavirus24 | Also the patch without those bits is already up | 19:31 |
| cloudnull | so basically add https://review.openstack.org/#/c/202242/1/playbooks/roles/os_cinder/tasks/cinder_service_add.yml to the ceilometer patch ? | 19:33 |
| sigmavirus24 | Not yet, because then the ceilometer patch will just fail until 202242 is merged | 19:33 |
| mgariepy | cloudnull, http://paste.ubuntu.com/11884367/ | 19:33 |
| cloudnull | so i can make ceilo dep on https://review.openstack.org/#/c/202243/ | 19:34 |
| cloudnull | and add those bits in | 19:35 |
| mgariepy | i also have: used_ips: and provider_networks: | 19:35 |
| cloudnull | mgariepy: /me looking | 19:35 |
| mgariepy | how is the inventory generated ? | 19:35 |
| cloudnull | mgariepy: do all of the containers not have IP addresses or only some of them ? | 19:36 |
| mgariepy | none of the containers have ips | 19:36 |
| cloudnull | mgariepy: this is what a baseline openstack_user_config should look like http://paste.openstack.org/show/378369/ this is on an all in one. also the generated inventory looks like http://paste.openstack.org/show/374737/ | 19:39 |
| cloudnull | the inventory is generated by the execution of the ansible playbooks via config as found here: https://github.com/stackforge/os-ansible-deployment/blob/master/playbooks/ansible.cfg#L7 | 19:40 |
| klindgren | sigmavirus24, - YT? | 19:40 |
| cloudnull | which run the dynamic_inventory.py script. | 19:40 |
| sigmavirus24 | hey klindgren | 19:40 |
| klindgren | sigmavirus24, did anything ever come from: http://lists.openstack.org/pipermail/openstack-dev/2015-July/068430.html | 19:40 |
| cloudnull | o/ klindgren | 19:40 |
| klindgren | o/ | 19:41 |
| *** sdake_ has joined #openstack-ansible | 19:41 | |
| sigmavirus24 | klindgren: sort of | 19:41 |
| *** markvoelker has joined #openstack-ansible | 19:43 | |
| klindgren | seems like The deb packaging guy is trying to inject things that prevent him pain - but are not helpful to anyone else using source. I am noticing this as well as was wondering if if somethign had been decided. Personlly working on packaging stuff in venv's - however would like for that venv to still be usefull. Of which rootwrap filters, config templates ect ect being put *somewhere* would be immensely helpful | 19:43 |
| cloudnull | ++ | 19:44 |
| klindgren | or in that example bash completion crap for clients.... | 19:44 |
| cloudnull | deb and rpm are the impedement to progress on the front. | 19:45 |
| *** sdake has quit IRC | 19:45 | |
| *** markvoelker has quit IRC | 19:45 | |
| *** markvoelker has joined #openstack-ansible | 19:46 | |
| klindgren | coming from the anvil side which has always done rpm packaging - fixing that up so that it works to your distro's expectations is trivial work - atleast in RPM, it has to be in .deb land as well. | 19:46 |
| klindgren | imho - I think sigmavirus24 put it pretty well the last time something came up around this was - .rpm .deb should not be dictating how we do python packaging | 19:47 |
| harlowja_ | klindgren stop trying to take peoples jerbs | 19:47 |
| * harlowja_ runs away | 19:47 | |
| sigmavirus24 | lol | 19:47 |
| mgariepy | cloudnull, indentation, my provider_networks wasn't under global_overrides. Thanks | 19:47 |
| klindgren | however - I think listening to their concerns is a valid one - as I am all about reducing pain.... but at some point they can't prevent making raw python stuff from working because something makes their life hard. | 19:48 |
| klindgren | in theory - if we install eveyrting to a common location thats reusable for everything - it should make hteir life easy | 19:48 |
| klindgren | so anyway - cloudnull sigmavirus24 - what came out of that thread - as I didn't seem to get anything that came out of the thread - aside from picking up again later? | 19:50 |
| sigmavirus24 | klindgren: tony will be picking that up later | 19:51 |
| sigmavirus24 | Tony's on our team and he is determined to pick up again soon and do it "the right way" | 19:51 |
| sigmavirus24 | Which I think Bandit just figured out so if you want to crib code, you can crib it from openstack/bandit | 19:52 |
| *** sdake_ has quit IRC | 19:52 | |
| cloudnull | np mgariepy hit us up when you have questions there generally someone always around. | 19:55 |
| openstackgerrit | Merged stackforge/os-ansible-deployment: Enable all services to use Keystone 'insecurely' https://review.openstack.org/201070 | 19:59 |
| openstackgerrit | Merged stackforge/os-ansible-deployment: SSL support for haproxy https://review.openstack.org/201468 | 19:59 |
| *** sdake has joined #openstack-ansible | 20:00 | |
| sigmavirus24 | Sweet. Those two were fast merges | 20:01 |
| klindgren | sigmavirus24, is tony on irc? | 20:01 |
| * klindgren not sure whos irc alias goes to what names | 20:02 | |
| sigmavirus24 | klindgren: if he is, he's probably in #openstack-nova | 20:02 |
| sigmavirus24 | I think his IRC is tbreeds or tonybreeds | 20:02 |
| sigmavirus24 | (Tony is the guy who started the thread in the first place) | 20:02 |
| *** javeriak has joined #openstack-ansible | 20:06 | |
| openstackgerrit | Nolan Brubaker proposed stackforge/os-ansible-deployment: Document the required repository hosts confi info https://review.openstack.org/202258 | 20:08 |
| palendae | damn it | 20:08 |
| palendae | Of course I typo the commit message | 20:08 |
| openstackgerrit | Nolan Brubaker proposed stackforge/os-ansible-deployment: Document required repository hosts config info https://review.openstack.org/202258 | 20:08 |
| palendae | cloudnull: ^ added you to for repo domain knowledge. Trying to add Sam-I-Am for docs consistency | 20:10 |
| openstackgerrit | Nolan Brubaker proposed stackforge/os-ansible-deployment: Document required repository hosts config info https://review.openstack.org/202258 | 20:11 |
| sigmavirus24 | palendae: what kind of consistency should the docs have? Soupy? Firm? | 20:11 |
| palendae | sigmavirus24: angry | 20:12 |
| sigmavirus24 | So... fireball? | 20:15 |
| sigmavirus24 | /cc claco ^ | 20:15 |
| sigmavirus24 | klindgren: https://review.openstack.org/#/c/201053/5 is that prior art I was talking about in openstack/bandit | 20:21 |
| *** jmckind has joined #openstack-ansible | 20:27 | |
| openstackgerrit | Kevin Carter proposed stackforge/os-ansible-deployment: [WIP] Container create and system tunning https://review.openstack.org/202268 | 20:27 |
| openstackgerrit | Kevin Carter proposed stackforge/os-ansible-deployment: [WIP] Container create and system tunning https://review.openstack.org/202268 | 20:28 |
| openstackgerrit | Kevin Carter proposed stackforge/os-ansible-deployment: [WIP] Container create and system tunning https://review.openstack.org/202268 | 20:29 |
| sigmavirus24 | claco: "tunning"? | 20:42 |
| *** alop has joined #openstack-ansible | 20:44 | |
| palendae | sigmavirus24: tabfail | 20:45 |
| *** jwagner is now known as jwagner_away | 20:45 | |
| *** yaya has quit IRC | 20:46 | |
| sigmavirus24 | lolol | 20:46 |
| sigmavirus24 | \t is not my friend | 20:47 |
| *** yaya has joined #openstack-ansible | 20:52 | |
| cloudnull | it seems spelling is not my friend :) | 20:54 |
| openstackgerrit | Kevin Carter proposed stackforge/os-ansible-deployment: [WIP] Container create and system tuning https://review.openstack.org/202268 | 20:55 |
| *** yaya has quit IRC | 20:56 | |
| sigmavirus24 | cloudnull: I'll get you a tunning fork | 20:59 |
| cloudnull | im guessing that would look ilke a spork | 21:00 |
| cloudnull | :0 | 21:00 |
| *** yaya has joined #openstack-ansible | 21:01 | |
| * sigmavirus24 waves to yaya | 21:02 | |
| openstackgerrit | Merged stackforge/os-ansible-deployment: Add md5sum check for swift rings after ring-sync https://review.openstack.org/201528 | 21:04 |
| *** fawadkhaliq has joined #openstack-ansible | 21:15 | |
| *** jmckind has quit IRC | 21:24 | |
| *** yaya has quit IRC | 21:29 | |
| *** sdake_ has joined #openstack-ansible | 21:30 | |
| *** sdake_ has quit IRC | 21:30 | |
| *** sdake_ has joined #openstack-ansible | 21:30 | |
| *** sdake has quit IRC | 21:33 | |
| openstackgerrit | Matthew Kassawara proposed stackforge/os-ansible-deployment: Document required repository hosts config info https://review.openstack.org/202258 | 21:34 |
| *** yaya has joined #openstack-ansible | 21:36 | |
| *** sdake has joined #openstack-ansible | 21:43 | |
| *** sdake_ has quit IRC | 21:46 | |
| *** javeriak has quit IRC | 21:48 | |
| sigmavirus24 | cloudnull: is a recheck ninja | 21:52 |
| *** fawadkhaliq has quit IRC | 21:55 | |
| *** jaypipes has quit IRC | 21:57 | |
| *** Mudpuppy has quit IRC | 21:59 | |
| *** britthouser has quit IRC | 22:07 | |
| *** yaya has quit IRC | 22:09 | |
| openstackgerrit | Andy McCrae proposed stackforge/os-ansible-deployment: Add a ring vs contents file consistency check https://review.openstack.org/201642 | 22:11 |
| *** weezS has quit IRC | 22:11 | |
| openstackgerrit | Merged stackforge/os-ansible-deployment: Cleanup unused functions in swift_rings.py https://review.openstack.org/201531 | 22:19 |
| openstackgerrit | Merged stackforge/os-ansible-deployment: Update for PLUMgrid Metadata configuration parameters https://review.openstack.org/201449 | 22:19 |
| *** sacharya has quit IRC | 22:32 | |
| *** annashen has joined #openstack-ansible | 22:34 | |
| *** annashen has quit IRC | 22:35 | |
| *** annashen has joined #openstack-ansible | 22:38 | |
| *** galstrom is now known as galstrom_zzz | 22:41 | |
| *** javeriak has joined #openstack-ansible | 22:43 | |
| *** rromans is now known as rromans_afk | 22:46 | |
| *** javeriak has quit IRC | 22:49 | |
| *** sigmavirus24 is now known as sigmavirus24_awa | 22:51 | |
| openstackgerrit | Merged stackforge/os-ansible-deployment: Added openstack_kernel options for gc_thresh https://review.openstack.org/200179 | 22:57 |
| *** spotz is now known as spotz_zzz | 23:01 | |
| *** KLevenstein has joined #openstack-ansible | 23:04 | |
| *** BjoernT has quit IRC | 23:05 | |
| openstackgerrit | Miguel Grinberg proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395 | 23:10 |
| *** CheKoLyN has quit IRC | 23:11 | |
| *** KLevenstein has quit IRC | 23:24 | |
| *** javeriak has joined #openstack-ansible | 23:41 | |
| *** TheIntern has quit IRC | 23:50 | |
| *** alop has quit IRC | 23:58 | |
| *** annashen has quit IRC | 23:58 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!