| openstackgerrit | Merged stackforge/os-ansible-deployment: Update documentation for multiple VLAN ranges https://review.openstack.org/209598 | 00:02 |
|---|---|---|
| openstackgerrit | Merged stackforge/os-ansible-deployment: Enable admin level on the haproxy stats socket https://review.openstack.org/214110 | 00:02 |
| *** mpmsimo has quit IRC | 00:02 | |
| *** leakypipes has quit IRC | 00:11 | |
| *** woodard has joined #openstack-ansible | 00:16 | |
| *** woodard has quit IRC | 00:21 | |
| *** smallbig has quit IRC | 01:03 | |
| errr | with osad, on my deployment host, in /etc/openstack_deploy/user_secrets.yml are these passwords plain text or are they some kind of hash? | 01:19 |
| *** shoutm has joined #openstack-ansible | 01:24 | |
| palendae | https://review.openstack.org/#/c/215699/ <- auto deploy docs finally! | 01:28 |
| palendae | lbragstad, cloudnull fwiw, I'm working on documenting how our current inventory script differs from Ansible's general approach. I have some specs in mind to improve it, but wanna let them percolate a little | 01:29 |
| palendae | errr: Plaintext, written by the scripts/pw-token-gen.py script in most cases | 01:31 |
| errr | palendae: sweet, so if I want to change them I update that file with the new password in plain text then rerun the playbook right? | 01:42 |
| palendae | Yep | 01:42 |
| errr | awesome. thanks | 01:42 |
| palendae | Also, if you set values prior (say you have an existing environment, or already configured it), pw-token-gen.py will skip the already-populated keys | 01:43 |
| palendae | Though you can use the --regen flag to forcibly do it | 01:43 |
| errr | palendae: in the file, there are 7 entries for nova, is nova_service_password the password that the nova service account would use to auth to keystone? | 01:47 |
| palendae | errr: Yeah - set here https://github.com/stackforge/os-ansible-deployment/blob/kilo/playbooks/roles/os_nova/tasks/nova_service_setup.yml#L24, which goes into https://github.com/stackforge/os-ansible-deployment/blob/kilo/playbooks/roles/os_nova/tasks/nova_service_add.yml#L43 | 01:52 |
| errr | thanks | 01:53 |
| palendae | I assume you're using Kilo or master, since you have the openstack_deploy directory | 01:53 |
| errr | Im using kilo | 01:55 |
| openstackgerrit | Merged stackforge/os-ansible-deployment: Add default user role for Keystone & Horizon and tasks to create it https://review.openstack.org/202194 | 01:56 |
| openstackgerrit | Merged stackforge/os-ansible-deployment: Add libxslt1-dev to cinder apt package list https://review.openstack.org/215242 | 01:56 |
| errr | I keep getting this when running keystone user-list http://paste2.org/BEBgKgjJ | 01:56 |
| palendae | So greenfield kilo deploys use Keystone v3, which isn't supported by keystone-client yet; as line 2 there says, openstackclient supports it | 01:58 |
| palendae | Though admittedly I'm not super familiar with the Keystone v3 work, which was done to get federation support enabled | 01:58 |
| errr | I guess I dont have that command | 01:58 |
| palendae | Hm, that sounds like a bug then...are you on the host or in a container? | 01:59 |
| openstackgerrit | Merged stackforge/os-ansible-deployment: Implement /usr/bin/env as the shebang in all bash scripts https://review.openstack.org/211885 | 01:59 |
| errr | Im on the deploy host | 01:59 |
| palendae | All the clients *should* be in the utility container (lxc-ls -f to see them all, lxc-attach -n container_name) | 01:59 |
| palendae | s/the/a/ if you're on a multinode env | 02:00 |
| errr | Im on a single node | 02:00 |
| palendae | Ok | 02:00 |
| errr | ok, on the utility container I have the command openstack I guess this is it | 02:01 |
| palendae | Yeah | 02:01 |
| errr | ok thanks | 02:01 |
| palendae | The projects are supposed to be moving there, but I think a lot of projects are straddling with their old clients and the new one (http://docs.openstack.org/developer/python-openstackclient/) | 02:02 |
| palendae | keystone v2 to v3 is one of those exaples | 02:03 |
| *** alop has quit IRC | 02:14 | |
| *** woodard has joined #openstack-ansible | 02:16 | |
| *** woodard has quit IRC | 02:20 | |
| *** finchd has joined #openstack-ansible | 04:20 | |
| errr | Im trying to get keystone to use ldap but when I run the openstack playbook it fails at keystone every time with this: http://paste2.org/HJ3pk5hk | 04:24 |
| *** fawadkhaliq has joined #openstack-ansible | 04:47 | |
| *** fawadkhaliq has quit IRC | 05:08 | |
| *** xar- has joined #openstack-ansible | 05:08 | |
| xar- | greetings, anyone awake? :) | 05:12 |
| xar- | had some questions regarding loopback_create in scripts-library.sh, im not an expert (and new to OSAD), but im trying to understand what's happening there | 05:13 |
| xar- | also, as part of a (more or less standard) ubuntu deployment, I have unallocated physical extents available in the primary volume group, curious why that wasn't used instead | 05:17 |
| *** javeriak has joined #openstack-ansible | 06:50 | |
| *** javeriak has quit IRC | 06:52 | |
| odyssey4me | xar - you around? | 09:39 |
| odyssey4me | xar- ^ | 09:39 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Fixes deprecated arithmetic expansion for bashate https://review.openstack.org/215896 | 09:46 |
| *** javeriak has joined #openstack-ansible | 09:47 | |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Update the documented ceph user variables https://review.openstack.org/215897 | 09:48 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Update documentation for multiple VLAN ranges https://review.openstack.org/215898 | 09:48 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Enable admin level on the haproxy stats socket https://review.openstack.org/215899 | 09:48 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Add default user role for Keystone & Horizon and tasks to create it https://review.openstack.org/215900 | 09:49 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Fixes function declarations for bashate https://review.openstack.org/215901 | 09:51 |
| *** javeriak has quit IRC | 09:58 | |
| *** fawadkhaliq has joined #openstack-ansible | 09:59 | |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Read affinity from environment https://review.openstack.org/215903 | 10:00 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Fixes loops for bashate https://review.openstack.org/215904 | 10:00 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Container create/system tuning https://review.openstack.org/215905 | 10:00 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Implement /usr/bin/env as the shebang in all bash scripts https://review.openstack.org/215906 | 10:00 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Add regex check for ssh connection https://review.openstack.org/207793 | 10:21 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Add configurable ssh_delay https://review.openstack.org/215907 | 10:43 |
| *** b8se11 has joined #openstack-ansible | 10:46 | |
| *** b8sell has quit IRC | 10:47 | |
| *** fawadkhaliq has quit IRC | 11:04 | |
| *** woodard has joined #openstack-ansible | 11:17 | |
| *** woodard has quit IRC | 11:21 | |
| *** b8se11 has quit IRC | 11:22 | |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Update documentation for multiple VLAN ranges https://review.openstack.org/215898 | 11:29 |
| openstackgerrit | Jesse Pretorius proposed stackforge/os-ansible-deployment: Enable HAProxy Stats Web UI https://review.openstack.org/215019 | 11:44 |
| *** britthouser has joined #openstack-ansible | 12:16 | |
| *** britthouser has quit IRC | 12:29 | |
| *** britthouser has joined #openstack-ansible | 12:32 | |
| *** woodard has joined #openstack-ansible | 12:48 | |
| *** woodard has quit IRC | 12:52 | |
| *** gparaskevas has joined #openstack-ansible | 13:13 | |
| gparaskevas | odyssey4me: Hey there | 13:23 |
| gparaskevas | i see jenkins build fails again | 13:23 |
| gparaskevas | is there something i should do? | 13:23 |
| *** shoutm has quit IRC | 13:24 | |
| odyssey4me | gparaskevas I tweaked the patch a little. Let me take a look at the failure. | 13:25 |
| odyssey4me | I'll recheck it. If it fails again then we'll look into it properly on Monday. :) | 13:26 |
| odyssey4me | Thank you. :) | 13:26 |
| odyssey4me | If you're able to make some notes on how we can do better at documenting a deployment, then please do so - we'd be interested in the notes. | 13:27 |
| *** britthouser has quit IRC | 13:29 | |
| *** fawadkhaliq has joined #openstack-ansible | 13:38 | |
| *** markvoelker_ has joined #openstack-ansible | 14:06 | |
| *** darrenc_ has joined #openstack-ansible | 14:07 | |
| *** fawadkhaliq has quit IRC | 14:09 | |
| *** tobasco_ has joined #openstack-ansible | 14:11 | |
| *** darrenc has quit IRC | 14:11 | |
| *** markvoelker has quit IRC | 14:11 | |
| *** tobasco has quit IRC | 14:11 | |
| *** sdake has quit IRC | 14:11 | |
| *** gparaskevas has quit IRC | 14:12 | |
| *** mpmsimo has joined #openstack-ansible | 14:12 | |
| *** mpmsimo has quit IRC | 14:14 | |
| *** mpmsimo has joined #openstack-ansible | 14:14 | |
| *** woodard has joined #openstack-ansible | 15:03 | |
| *** woodard has quit IRC | 15:08 | |
| Sam-I-Am | xar-: osad is in #openstack-ansible | 15:15 |
| Sam-I-Am | xar-: oh, you found it :) | 15:15 |
| *** sdake has joined #openstack-ansible | 15:19 | |
| errr | can someone show me what the user_variables.yml file would need to have in it if I were wanting to use ldap for keystone? I cant seem to get the syntax right.. | 15:24 |
| errr | Im using kilo if that matters | 15:25 |
| *** sdake has quit IRC | 15:35 | |
| *** sdake has joined #openstack-ansible | 15:42 | |
| *** sdake has quit IRC | 15:49 | |
| odyssey4me | errr hold a sec, let me find the reference | 15:49 |
| odyssey4me | errr https://github.com/stackforge/os-ansible-deployment/blob/master/playbooks/roles/os_keystone/defaults/main.yml#L154-L165 | 15:50 |
| evrardjp | hello | 15:52 |
| odyssey4me | o/ evrardjp | 15:52 |
| evrardjp | odyssey4me: I'm really have mixed feeling about this one: https://review.openstack.org/#/c/215579/2 | 15:53 |
| evrardjp | I understand my point of view, I understand yours | 15:53 |
| evrardjp | should I remove the bindable test? | 15:53 |
| evrardjp | I'll add the sysctl in any case | 15:53 |
| evrardjp | I've even added a variable to remove the systcl behaviour | 15:54 |
| evrardjp | however when you notify something that needs to restart, I understand that ppl may think "oh it has restarted" when it hasn't with my patch | 15:54 |
| evrardjp | so it's a mis behaviour | 15:55 |
| evrardjp | (I don't know how to call this in English, I hope you understand me) | 15:55 |
| odyssey4me | yeah, it's not as obvious as one would like | 15:55 |
| evrardjp | btw, are you guys working on Saturday? Or it's just for fun? | 15:55 |
| odyssey4me | I understand what you're trying to do, but don't really have the head space to think it through right now | 15:56 |
| evrardjp | :) | 15:56 |
| odyssey4me | no we don't work on a Sat - I'm just working on some other stuff voluntarily | 15:56 |
| evrardjp | :) | 15:56 |
| *** sdake has joined #openstack-ansible | 15:57 | |
| evrardjp | I'll remove the bindable test, because the title of the bug is: Fixing haproxy-playbook fails when installing on multiple hosts | 15:58 |
| evrardjp | if people want other stuff (like me), they will have to do it separately, which is not that bad | 15:58 |
| evrardjp | this way we keep the role clean and nobody will wonder in 6 month time why we did this | 15:59 |
| odyssey4me | :) I appreciate that | 15:59 |
| odyssey4me | I'll add considering haproxy a first class citizen to the agenda for the summit | 15:59 |
| odyssey4me | evrardjp or, actually - perhaps add it yourself: https://etherpad.openstack.org/p/openstack-ansible-mitaka-summit | 16:00 |
| odyssey4me | regardless of whether you're there | 16:00 |
| evrardjp | mitaka summit is the one taking place in tokyo or the one in austin? | 16:01 |
| odyssey4me | evrardjp Tokyo | 16:01 |
| evrardjp | k | 16:02 |
| evrardjp | I'll let you add this the way you feel, on the etherpad | 16:02 |
| evrardjp | thanks | 16:06 |
| *** sdake has quit IRC | 16:06 | |
| *** sdake has joined #openstack-ansible | 16:07 | |
| odyssey4me | I'm shutting off - watching Firefly :) | 16:11 |
| openstackgerrit | Jean-Philippe Evrard proposed stackforge/os-ansible-deployment: Fixing haproxy-playbook fails when installing on multiple hosts https://review.openstack.org/215579 | 16:11 |
| evrardjp | have fun | 16:11 |
| evrardjp | didn't watch it | 16:11 |
| evrardjp | I heard it's cool | 16:11 |
| odyssey4me | It's a bit like a live version of Cowboy Bebop (if you ever watch anime). Action comedy I guess - fun, action but not serious. | 16:12 |
| odyssey4me | Sci-fi/cowboy | 16:12 |
| errr | odyssey4me: awesome! thanks! | 16:15 |
| *** sdake has quit IRC | 16:15 | |
| evrardjp | I liked cowboy bebop :) | 16:15 |
| odyssey4me | errr as a hint, anything in any role's defaults/main.yml can be overridden in user_variables.yml - we should do better at adding some sort of documentation to that effect | 16:16 |
| errr | odyssey4me: I was reading internal docs on this and they were wrong, Id suggest adding this samething from that main.yml into a comment in the user_var file too | 16:17 |
| odyssey4me | errr note that's a kilo-related config entry - if you're deploying juno then it won't be the same | 16:18 |
| errr | nah, Im on kilo | 16:18 |
| *** klindgren has joined #openstack-ansible | 16:22 | |
| odyssey4me | I'm out - have a great weekend all! | 16:23 |
| evrardjp | good weekend odyssey4me | 16:23 |
| evrardjp | see you Monday! | 16:24 |
| *** klindgren has quit IRC | 16:34 | |
| *** logan2 has quit IRC | 16:35 | |
| *** logan2 has joined #openstack-ansible | 16:38 | |
| errr | well that syntax also doesnt work. | 16:41 |
| errr | one or more undefined variables: 'str object' has no attribute 'items' | 16:42 |
| errr | doh, I had a typo :) | 16:45 |
| *** mpmsimo has quit IRC | 16:46 | |
| *** alejandrito has quit IRC | 17:00 | |
| *** klindgren has joined #openstack-ansible | 17:02 | |
| *** klindgren has quit IRC | 17:03 | |
| *** javeriak has joined #openstack-ansible | 17:14 | |
| openstackgerrit | Jean-Philippe Evrard proposed stackforge/os-ansible-deployment: Adds the ability to provide user certificates to HAProxy https://review.openstack.org/215525 | 17:15 |
| *** woodard has joined #openstack-ansible | 17:19 | |
| *** fawadkhaliq has joined #openstack-ansible | 17:22 | |
| *** woodard has quit IRC | 17:23 | |
| *** gparaskevas has joined #openstack-ansible | 17:35 | |
| gparaskevas | odyssey4me: i saw your changes thanks again! | 17:38 |
| *** gparaskevas has quit IRC | 17:49 | |
| *** fawadkhaliq has quit IRC | 18:13 | |
| *** k_stev has joined #openstack-ansible | 18:28 | |
| *** sdake has joined #openstack-ansible | 19:01 | |
| *** woodard has joined #openstack-ansible | 19:35 | |
| *** woodard has quit IRC | 19:39 | |
| *** k_stev has quit IRC | 19:47 | |
| errr | how do you restart the keystone service? When I log on the keystone containers there is no service called keystone when I try to do service keystone restart | 20:15 |
| *** k_stev has joined #openstack-ansible | 20:25 | |
| andymccr | errr: keystone is fronted by apache, so restart apache2 | 20:50 |
| errr | thanks andymccr | 21:06 |
| errr | I am trying to switch my auth provider to ldap. I think its working, but when I log on the util contain and run openstack user list I get a 401. When I was looking in the logs instead of sending "admin" as the user name it seems to be sending a UUID or something.. If I switch to one of my other ldap users it tells me that that user doesnt have access to the admin project so thats why I think my | 21:24 |
| errr | ldap auth is working.. | 21:24 |
| errr | it sends this: 32f5557a45ef3929425672fcd856552782f39efc0c100bb9cb20b862554c1a98 as the user name for admin instead of admin.. and I have no idea why | 21:27 |
| errr | ah, I have found in keystone.id_mapping that is where this is set. the nova service user also has a map here. Where is this setup, and do I need it? | 21:49 |
| *** javeriak has quit IRC | 22:02 | |
| *** daneyon has joined #openstack-ansible | 23:22 | |
| *** daneyon has quit IRC | 23:29 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!