Wednesday, 2015-10-07

*** sdake has joined #openstack-ansible		00:00
*** darrenc_afk is now known as darrenc		00:18
*** tlian has joined #openstack-ansible		00:37
openstackgerrit	Merged openstack/openstack-ansible: Use inventory instead of hostfile parameter https://review.openstack.org/231504	00:42
*** abitha has quit IRC		00:46
*** k_stev has quit IRC		00:46
*** spotz_zzz is now known as spotz		00:51
*** tlian has quit IRC		01:09
*** Mudpuppy has joined #openstack-ansible		01:12
*** jhesketh has quit IRC		01:15
*** jhesketh has joined #openstack-ansible		01:16
*** markvoelker has quit IRC		01:27
*** spotz is now known as spotz_zzz		01:35
*** elo1 has quit IRC		01:52
*** sdake has quit IRC		01:53
*** sdake has joined #openstack-ansible		01:55
*** fawadkhaliq has joined #openstack-ansible		01:58
*** fawadkhaliq has quit IRC		01:59
*** sdake has quit IRC		02:19
*** sdake has joined #openstack-ansible		02:21
*** sdake_ has joined #openstack-ansible		02:22
*** sdake has quit IRC		02:26
*** darrenc is now known as darrenc_afk		02:53
*** sdake_ is now known as sdake		02:54
*** markvoelker has joined #openstack-ansible		03:19
*** markvoelker_ has joined #openstack-ansible		03:23
*** markvoelker has quit IRC		03:25
*** markvoelker has joined #openstack-ansible		03:33
*** markvoelker has quit IRC		03:33
*** markvoelker_ has quit IRC		03:33
*** abitha has joined #openstack-ansible		03:34
*** sdake has quit IRC		03:37
*** sdake has joined #openstack-ansible		03:37
*** darrenc_afk is now known as darrenc		03:48
*** skamithi has joined #openstack-ansible		03:55
openstackgerrit	Merged openstack/openstack-ansible: Update rabbitmq-server to v3.5.5-3 https://review.openstack.org/229345	04:00
*** abitha has quit IRC		04:01
*** fawadkhaliq has joined #openstack-ansible		04:10
*** fawadk has joined #openstack-ansible		04:11
*** fawadkhaliq has quit IRC		04:15
*** fawadkhaliq has joined #openstack-ansible		04:18
*** fawadk has quit IRC		04:19
*** _hanhart has joined #openstack-ansible		04:38
*** markvoelker has joined #openstack-ansible		04:40
*** fawadk has joined #openstack-ansible		04:42
*** markvoelker has quit IRC		04:45
*** fawadkhaliq has quit IRC		04:45
*** elo has joined #openstack-ansible		04:46
*** markvoelker has joined #openstack-ansible		04:50
*** agireud has joined #openstack-ansible		04:51
*** markvoelker has quit IRC		04:55
*** markvoelker has joined #openstack-ansible		05:02
*** markvoelker has quit IRC		05:03
*** javeriak has joined #openstack-ansible		05:04
*** skamithi has quit IRC		05:06
*** markvoelker has joined #openstack-ansible		05:13
*** markvoelker has quit IRC		05:21
*** markvoelker has joined #openstack-ansible		05:28
*** markvoelker has quit IRC		05:36
*** markvoelker has joined #openstack-ansible		05:41
*** markvoelker_ has joined #openstack-ansible		05:42
*** markvoelker_ has quit IRC		05:43
*** markvoelker has quit IRC		05:45
*** markvoelker has joined #openstack-ansible		05:58
*** markvoelker_ has joined #openstack-ansible		06:00
*** markvoelker has quit IRC		06:00
*** markvoelker_ has quit IRC		06:05
*** markvoelker has joined #openstack-ansible		06:19
*** javeriak has quit IRC		06:19
*** javeriak has joined #openstack-ansible		06:23
*** markvoelker has quit IRC		06:25
*** kukacz has joined #openstack-ansible		06:25
*** javeriak has quit IRC		06:31
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Remove unused libvirt-bin file https://review.openstack.org/231084	06:35
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Add novnc console support https://review.openstack.org/228197	06:35
prometheanfire	openstackgerrit: up early?	06:43
*** markvoelker has joined #openstack-ansible		06:47
*** fawadk has quit IRC		06:48
*** fawadkhaliq has joined #openstack-ansible		06:50
*** fawadkhaliq has quit IRC		06:51
openstackgerrit	Toby Oxborrow proposed openstack/openstack-ansible: Fix run-aio-build.sh for curl one-liner https://review.openstack.org/231857	06:51
*** markvoelker has quit IRC		06:52
*** markvoelker has joined #openstack-ansible		07:02
*** Mudpuppy has quit IRC		07:03
*** markvoelker has quit IRC		07:07
*** fawadkhaliq has joined #openstack-ansible		07:11
*** markvoelker has joined #openstack-ansible		07:16
*** markvoelker has quit IRC		07:21
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Only wait for SSH if the container config has changed https://review.openstack.org/231379	07:22
*** javeriak has joined #openstack-ansible		07:22
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Limit the number of Ansible forks used to 10 https://review.openstack.org/229786	07:26
*** gparaskevas has joined #openstack-ansible		07:27
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Use inventory instead of hostfile parameter https://review.openstack.org/231870	07:27
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Update rabbitmq-server to v3.5.5-3 https://review.openstack.org/231871	07:27
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Small typo correction missing double quote https://review.openstack.org/231874	07:29
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Add developer docs entry for using tox https://review.openstack.org/231875	07:31
*** markvoelker has joined #openstack-ansible		07:31
*** markvoelker has quit IRC		07:36
*** ashishjain has joined #openstack-ansible		07:45
*** markvoelker has joined #openstack-ansible		07:46
ashishjain	Hello	07:46
ashishjain	Need some advice	07:46
ashishjain	I am setting up osad in my organisation which is covered with proxy servers	07:46
ashishjain	I do not have direct access to internet, and making git/apt work is really tough	07:47
ashishjain	As a workaround we are trying to setup our own gitlab and ubuntu apt(nexus)	07:47
ashishjain	we have also downloaded the complete rackspace repo and integrated it with nexus	07:48
ashishjain	I am looking at a file -> playbooks/roles/lxc_container_create/defaults/main.yml	07:48
*** Mudpuppy has joined #openstack-ansible		07:48
ashishjain	which has got a line -> lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"	07:48
ashishjain	just wanted someone's help to know what is this for?	07:48
ashishjain	and how is it different from http://rpc-repo.rackspace.com/?	07:49
*** markvoelker has quit IRC		07:50
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Limit the number of Ansible forks used to 10 https://review.openstack.org/229786	07:53
*** Mudpuppy has quit IRC		07:53
odyssey4me	o/ ashishjain	07:53
ashishjain	odyssey4me: hello, how you doing?	07:54
odyssey4me	ashishjain ok, so there is absolutely no need to mirror rpc-repo	07:54
ashishjain	odyssey4me: why is that?	07:54
odyssey4me	all you need is to arrange for one of your servers to be able to get access to the internet	07:54
odyssey4me	if you have a proxy, that can be configured to be used	07:54
ashishjain	none of the servers have direct access to internet	07:55
odyssey4me	the repo containers will do the mirror of the right things for you	07:55
ashishjain	ya via proxy but the speed is pathetic :)	07:55
odyssey4me	if you simply mirror rpc-repo then you're wasting your time	07:55
ashishjain	so we have to say initiate these things in advance	07:55
ashishjain	odyssey4me: If we mirror the repo can we face some issues for example repo again looking for something external ( is it not self sufficient and contains everything)?	07:56
odyssey4me	ok, so you'll need an apt repo - then you can set lxc_container_template_main_apt_repo and lxc_container_template_security_apt_repo in /etc/openstack_deploy/user_variables.yml to the right URL's	07:56
ashishjain	what is this diff b/w apt repo and rackspace repo?	07:57
odyssey4me	apt repo is for your apt packages - for the hosts and containers	07:57
odyssey4me	you'll have to configure the hosts yourself as we don't touch the sources.list for those	07:58
ashishjain	ya we will update the sources.list to point to our internal nexus	07:58
mattt	ashishjain: look at the galera client/server roles and rabbitmq role ... there are some variables there for apt repos and rabbitmq download URL	07:58
ashishjain	okay so basically apt repo will be used to say install python packages, lxc etc?	07:58
mattt	ashishjain: as those get pulled in from upstream (non-Ubuntu) sources	07:59
odyssey4me	not python packages, but lxc and any other apt packages needed	07:59
mattt	ashishjain: galera_client/defaults/main.yml:galera_client_apt_repo_url galera_server/defaults/main.yml:galera_apt_repo_url rabbitmq_server/defaults/main.yml:rabbitmq_package_url	08:00
*** markvoelker has joined #openstack-ansible		08:00
odyssey4me	you'll need to grab https://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz and put it somewhere, then set https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_hosts/defaults/main.yml#L92-L96 in your user_variables with the appropriate download location	08:00
odyssey4me	and yes, you'll need to mirror the mariadb, percona, etc repositories	08:01
odyssey4me	and have a copy of the rabbitmq packages somewhere	08:02
odyssey4me	mattt it turns out I was doing the wrong thing with https://review.openstack.org/229786 and have now fixed it :)	08:03
odyssey4me	ashishjain you'll need to work out a way to handle the apt keys too	08:04
*** markvoelker has quit IRC		08:05
ashishjain	mattt: Thanks a lot for pointing this out.	08:06
ashishjain	I think in the end we will end up with tons of git clones in our gitlab	08:06
ashishjain	:)	08:06
mattt	odyssey4me: really? i thought i tested the ${FORKS+x} thing and saw it working	08:06
ashishjain	odyssey4me: what is these apt keys and where are these stored	08:07
odyssey4me	mattt it did work, but this method is better and less mystical :p	08:07
odyssey4me	ashishjain apt keys are used to validate package sources and are stored on on-line apt key repositories	08:07
odyssey4me	if you set a proxy then you won't have to worry about that	08:07
ashishjain	mattt: where are these files galera_client/defaults/main.yml	08:08
mattt	ashishjain: openstack-ansible/playbooks/roles	08:08
ashishjain	odyssey4me: okay .. I feel there are lot of challenges ahead to setup all this locally	08:08
odyssey4me	ashishjain proxy instructions are here - add them to your user_variables file: https://github.com/openstack/openstack-ansible/blob/kilo/etc/openstack_deploy/user_variables.yml#L150-L156	08:08
odyssey4me	ashishjain yes, this is why I suggested using a proxy ;)	08:09
ashishjain	odyssey4me: I think it is difficult for me to back off now as we have spent considerable amount of time. I am hoping this is one time exercise and than this infra can be reused multiple times . I hope so :)	08:10
odyssey4me	ashishjain good luck then	08:11
ashishjain	odyssey4me: If we clone the apt repos wouldn't it be able use the same keys	08:11
odyssey4me	ashishjain yes it would, but you'll have to setup some sort of key server	08:12
mattt	proxy sounds a lot easier	08:14
*** markvoelker has joined #openstack-ansible		08:15
mattt	i'd go that route personally, and then look at standing up an apt server, etc. etc. afterwards	08:15
mattt	gitlab install to mirror git repos sounds complicated to me?	08:16
odyssey4me	yeah, it does make sense to have a local copy of the apt repositories and of the base image - but going to the degree of also copying all the git repositories and setting up an apt key server is a bit silly - the bandwidth used for that is very small	08:16
ashishjain	mattt: The problem is bad internet speed and at times over proxy things time out	08:16
*** javeriak has quit IRC		08:17
ashishjain	mattt: so we think this is only possible if we have everything setup locally...this is probably a battle already lost...	08:17
ashishjain	but than I have no choice as of now.	08:17
ashishjain	:(	08:17
odyssey4me	ashishjain I would simply have copies of the packages and base image - those are the big items	08:17
mattt	agree w/ odyssey4me	08:17
mattt	keep in mind you only have to download git bits when you a) do initial install or b) upgarde	08:18
mattt	*upgrade	08:18
odyssey4me	the repo server will setup a local copy of all python packages for you when it's built - so just keep retrying until that's done	08:18
mattt	ashishjain: with the repo server existing inside your cluster, you can expand your cluster using all those existing packages stored locally	08:19
odyssey4me	so setup the proxy config, use local apt repositories and have a download location for the rabbitmq package and base repo	08:19
mattt	you won't have to update the repo server until you want to upgrade openstack versions	08:19
*** markvoelker has quit IRC		08:19
ashishjain	mattt odyssey4me okay so will try to have local copies as suggested.	08:19
mattt	ashishjain: it's not that big a deal, you can do it :)	08:20
ashishjain	:) sure will try thanks for all the advice	08:20
ashishjain	will get back to you guys with another set of problems issues.	08:20
ashishjain	:D	08:20
*** fawadkhaliq has quit IRC		08:21
mattt	ashishjain: :)	08:21
evrardjp	good morning	08:21
odyssey4me	o/ evrardjp	08:21
*** fawadkhaliq has joined #openstack-ansible		08:21
evrardjp	about the integrity checking, I'm starting to write some docs	08:22
evrardjp	just talking about here is enough to trigger attention of the doc team? ;)	08:22
evrardjp	(I don't want to use DocImpact anymore)	08:23
evrardjp	or at least I'm not sure when to use DocImpact -- will wait for the doc team to explain when it's needed	08:23
*** sdake has quit IRC		08:23
odyssey4me	lol evrardjp if you add docs to your patches, then you have no need to set DocImpact as a tag :p	08:23
evrardjp	that's something I know, now :)	08:23
evrardjp	but if I'm doing a doc only patch	08:24
odyssey4me	DocImpact is conventionally used in OpenStack projects to flag that this commit needs some documentation added afterwards	08:24
evrardjp	ok	08:24
evrardjp	so it's not really meaningful here, because we decided to always include docs with commits	08:24
evrardjp	(or -1 what doesn't have docs, which is about the same)	08:24
evrardjp	approximatively*	08:25
evrardjp	I'll put doc in my commit name, that should gather attention of the ppl	08:25
*** sdake has joined #openstack-ansible		08:26
ashishjain	mattt odyssey4me Here is if i understand the complete scenario -> osad requires 4 different types of repositories to connect to 1) External ubuntu repo 2) Rackspace repo 3) Rackspace ubuntu repo 4) multiple githubs	08:26
openstackgerrit	Merged openstack/openstack-ansible: Added LC_ALL to openrc https://review.openstack.org/229955	08:27
ashishjain	We have already cloned the complete rackspace repo so this taken care of and I am hoping there is no key server mechanism which is required here	08:27
ashishjain	1) and 3) we plan not to touch as suggeseted by you guys because of complexities involved	08:27
ashishjain	for #4 we have already cloned lot of repos and these seems to be not creating an issues.	08:28
ashishjain	Need help from you guys how I can address proxy for #1 and #3?	08:28
ashishjain	I think this may not help for apt proxy settings https://github.com/openstack/openstack-ansible/blob/kilo/etc/openstack_deploy/user_variables.yml#L150-L156	08:29
*** markvoelker has joined #openstack-ansible		08:29
ashishjain	#1 and #3 is basically for apt...is this configurable so that any package being installed in lxc containers or on the target/deployment host is taken care of ?	08:30
odyssey4me	ashishjain those proxy settings will work for everything - if they don't, we'd like to know about it	08:30
odyssey4me	3 is not required - only 1 is	08:31
odyssey4me	only a subset of 2 is required, and the rsync of this is handled by the repo-install playbook	08:31
odyssey4me	you also need a copy of the base image (from the rpc-repo), a copy of the rabbitmq package (from the rabbitmq website), a mirror of the mariadb apt repo, a mirror of the percona repo	08:32
ashishjain	odyssey4me: alright we will try using the settings for proxy as you have suggested and see if we face any issues	08:32
ashishjain	odyssey4me: hmmm.. okay will go ahead and keep in touch with you guys...thanks for all the support	08:33
ashishjain	help	08:34
ashishjain	sorry wrong command	08:34
*** markvoelker has quit IRC		08:34
*** markvoelker has joined #openstack-ansible		08:36
openstackgerrit	Jean-Philippe Evrard proposed openstack/openstack-ansible: Documentation: Syntax checking before running playbooks https://review.openstack.org/231888	08:38
*** markvoelker has quit IRC		08:41
*** markvoelker has joined #openstack-ansible		08:44
*** fawadkhaliq has quit IRC		08:48
*** fawadkhaliq has joined #openstack-ansible		08:48
*** fandi has quit IRC		08:49
odyssey4me	mattt can you please revisit https://review.openstack.org/221957 ?	08:50
*** markvoelker has quit IRC		08:51
*** markvoelker has joined #openstack-ansible		08:51
odyssey4me	mattt also, this is a backport of a ton of docs fixes which have conflicts because another doc backport was done by someone without these: https://review.openstack.org/231194	08:52
odyssey4me	the aim of that backport is to bring the kilo docs in line with the current master docs	08:52
*** javeriak has joined #openstack-ansible		08:53
*** markvoelker has quit IRC		08:56
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Set affinity to 1 for OpenStack-CI gate checks https://review.openstack.org/221957	08:59
*** markvoelker has joined #openstack-ansible		09:01
mattt	odyssey4me: i'll have a look	09:05
*** fandi has joined #openstack-ansible		09:05
mattt	i hate stuff like this tho :(	09:05
odyssey4me	mattt yeah, I know - this is the price we pay for not backporting as we go	09:06
*** markvoelker has quit IRC		09:06
odyssey4me	it is simply docs changes though - many of which were small changes	09:07
*** subscope has joined #openstack-ansible		09:15
*** markvoelker has joined #openstack-ansible		09:16
*** markvoelker has quit IRC		09:20
*** markvoelker has joined #openstack-ansible		09:27
*** fandi has quit IRC		09:29
*** fandi has joined #openstack-ansible		09:31
*** markvoelker has quit IRC		09:31
*** markvoelker has joined #openstack-ansible		09:37
*** markvoelker has quit IRC		09:42
odyssey4me	mattt it appears that https://bootstrap.pypa.io/get-pip.py is broken	09:44
*** subscope has quit IRC		09:49
*** markvoelker has joined #openstack-ansible		09:52
*** kukacz has quit IRC		09:53
*** markvoelker has quit IRC		09:57
*** markvoelker has joined #openstack-ansible		10:06
*** markvoelker has quit IRC		10:11
*** markvoelker has joined #openstack-ansible		10:21
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Implement a fall back URL for get-pip.py https://review.openstack.org/231919	10:24
odyssey4me	mattt ^	10:24
odyssey4me	mancdaz ^	10:25
mancdaz	odyssey4me broken?	10:25
*** markvoelker has quit IRC		10:26
odyssey4me	mancdaz yeah https://bootstrap.pypa.io/get-pip.py is giving a 503	10:26
odyssey4me	if you can take a look at https://review.openstack.org/231919 as a fix for situations like this, that'd be great	10:26
*** subscope has joined #openstack-ansible		10:26
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Implement a fall back URL for get-pip.py https://review.openstack.org/231919	10:29
mattt	openstackgerrit: sorry, was trying to unwind this patch mess we got into	10:33
mattt	^^^ odyssey4me	10:33
tiagogomes_	https://review.openstack.org/231919 doesn't solve the problem that the deployment with ansible will still fail if https://bootstrap.pypa.io is down	10:33
mattt	i think i found the culprit	10:34
odyssey4me	mattt the culprit was the ssl stuff that mhayden did out of order	10:34
odyssey4me	tiagogomes_ how so?	10:34
mattt	odyssey4me: yeah he snuck some stuff into a backport which eff'd everything up	10:34
odyssey4me	mattt yep, I could have told you that for free	10:35
odyssey4me	that's why I said the point of that patch was to bring us back to the same place as master :)	10:35
*** markvoelker has joined #openstack-ansible		10:35
tiagogomes_	odyssey4me during deployment get-pip is downloaded to the containers, and the only URL used is {{ pip_get_pip_url }}	10:36
odyssey4me	tiagogomes_ you are right, let me add that into the patch :) thanks!	10:37
tiagogomes_	np :)	10:38
mattt	odyssey4me: the reason why i started looking at it is because i saw a lot more conflicts than you list in your commit message	10:39
*** markvoelker has quit IRC		10:40
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Implement a fall back URL for get-pip.py https://review.openstack.org/231919	10:41
odyssey4me	tiagogomes_ mancdaz ^	10:42
odyssey4me	mattt it's a hornet's nest :/ am I missing some other bits or commit refs?	10:42
*** markvoelker has joined #openstack-ansible		10:45
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Implement a fall back URL for get-pip.py https://review.openstack.org/231919	10:46
tiagogomes_	odyssey4me that will only work for AIO right? It also doesn't deal with the fact the bootstrap.pypa.io could be up when you run bootstrap-aio, but then down when you run the playbooks	10:47
odyssey4me	tiagogomes_ yeah, just for the AIO - we don't interfere with a multi-node installation	10:48
odyssey4me	I suppose we could also implement a fall back in the playbooks.	10:48
*** fandi has quit IRC		10:49
tiagogomes_	that would be better, as it would work both for the multi-node scenario and when bootstrap.pypa.io is initially up but then down	10:51
odyssey4me	tiagogomes_ on it :)	10:52
*** markvoelker has quit IRC		10:54
*** harvy has joined #openstack-ansible		10:57
*** markvoelker has joined #openstack-ansible		11:00
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Implement a fall back URL for get-pip.py https://review.openstack.org/231919	11:00
*** javeriak has quit IRC		11:01
*** javeriak_ has joined #openstack-ansible		11:01
*** javeriak has joined #openstack-ansible		11:04
*** markvoelker has quit IRC		11:05
*** javeriak_ has quit IRC		11:05
odyssey4me	tiagogomes_ better?	11:09
*** kukacz has joined #openstack-ansible		11:10
*** kukacz has joined #openstack-ansible		11:10
tiagogomes_	odyssey4me don't you need to add a `ignore_errors: True` to the "Get Modern PIP" task?	11:12
*** markvoelker has joined #openstack-ansible		11:14
*** javeriak_ has joined #openstack-ansible		11:14
*** javeriak has quit IRC		11:16
*** markvoelker has quit IRC		11:19
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Implement a fall back URL for get-pip.py https://review.openstack.org/231919	11:21
odyssey4me	tiagogomes_ quite right, fixed	11:21
tiagogomes_	odyssey4me looks good. Just a minor comment, do you think now that there is a fallback on the playbook, it stills makes sense to modify /etc/openstack_deploy/user_variables.yml in bootstrap-aio.sh?	11:27
*** javeriak has joined #openstack-ansible		11:29
*** markvoelker has joined #openstack-ansible		11:29
odyssey4me	tiagogomes_ sure, I thought about that - and I think it does no harm... I kinda thought that it might end up being quicker, but perhaps it's better to remove it	11:31
*** javeriak_ has quit IRC		11:31
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Implement a fall back URL for get-pip.py https://review.openstack.org/231919	11:32
odyssey4me	mattt mancdaz tiagogomes_ fyi - https://bootstrap.pypa.io/get-pip.py is back online, so we're all good again	11:33
*** markvoelker has quit IRC		11:34
tiagogomes_	Ah! "Also note that RabbitMQ will pause nodes which are not in a strict majority of the cluster - i.e. containing more than half of all nodes. It is therefore not a good idea to enable pause-minority mode on a cluster of two nodes since in the event of any network partition or node failure, both nodes will pause"	11:36
tiagogomes_	That's maybe why I am having problems with rabbitmq	11:37
odyssey4me	tiagogomes_ heh, very possibly - clusters work better in odd numbers :p	11:37
tiagogomes_	We should not use pause-minority in the conf if there are only two nodes running rabbitmq	11:37
*** subscope has quit IRC		11:37
*** markvoelker has joined #openstack-ansible		11:44
*** tlian has joined #openstack-ansible		11:47
*** markvoelker has quit IRC		11:49
*** markvoelker has joined #openstack-ansible		11:50
*** markvoelker has quit IRC		11:56
openstackgerrit	Jean-Philippe Evrard proposed openstack/openstack-ansible: Documentation: Syntax checking before running playbooks https://review.openstack.org/231888	12:01
*** subscope has joined #openstack-ansible		12:05
*** markvoelker has joined #openstack-ansible		12:07
mhayden	odyssey4me: oops, where did i go wrong on those backports?	12:12
*** markvoelker has quit IRC		12:12
*** fawadkhaliq has quit IRC		12:15
*** javeriak_ has joined #openstack-ansible		12:18
*** markvoelker has joined #openstack-ansible		12:21
*** javeriak has quit IRC		12:22
*** markvoelker has quit IRC		12:26
*** woodard has joined #openstack-ansible		12:26
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: Initial import of openstack-ansible-security role https://review.openstack.org/231165	12:27
mhayden	odyssey4me / mattt: ^^ has auditd fixes	12:28
mhayden	wow that jenkins noop job is so fast	12:29
mhayden	we should use that for openstack-ansible	12:29
mhayden	;)	12:29
odyssey4me	lol	12:29
stevelle	we almost are planning to	12:29
stevelle	affinity of 1 and all	12:29
*** javeriak_ has quit IRC		12:30
*** javeriak has joined #openstack-ansible		12:30
openstackgerrit	Merged openstack/openstack-ansible-security: Initial import of openstack-ansible-security role https://review.openstack.org/231165	12:31
*** markvoelker has joined #openstack-ansible		12:31
*** markvoelker has quit IRC		12:36
mhayden	how that merge felt: http://stream1.gifsoup.com/view8/20140801/5081966/dump-truck-o.gif	12:40
*** markvoelker has joined #openstack-ansible		12:46
*** markvoelker_ has joined #openstack-ansible		12:49
*** markvoelker has quit IRC		12:53
*** markvoelker_ has quit IRC		12:54
*** markvoelker has joined #openstack-ansible		12:56
evrardjp	hey	12:58
evrardjp	what's this noop? it does nothing?	12:58
gparaskevas	Hello	12:58
odyssey4me	evrardjp yep	12:58
odyssey4me	I need some help validating something	12:58
odyssey4me	we currently have https://github.com/openstack-infra/project-config/blob/master/zuul/layout.yaml#L1763-L1769 which skips some of the jobs (ie lint, pep8 etc) if the change only includes a docs (ie .rst or /doc/*) change	12:59
gparaskevas	i have a question, regarding the inventory and the hostnames! I want to delete some servers from my inventory regarding cinder-volume, should i delete them one by one from inventory or can i delete the inentory file once	12:59
odyssey4me	I want to switch it to skip all jobs except the docs job if that is matched	13:00
odyssey4me	my guess for the replacement regex is ^gate-openstack-ansible-.*(?!docs)$	13:00
evrardjp	odyssey4me: ok I'll get a few minutes to work on that with you it seems interesting to learn	13:00
evrardjp	odyssey4me: can we add multiple lines?	13:01
odyssey4me	gparaskevas delete them one by one from the inventory using the inventory-manage tool	13:01
odyssey4me	evrardjp nope, unless I create an entirely different rule	13:01
mattt	odyssey4me: where is hughsaunders when you need him	13:01
odyssey4me	we're going to end up with a lot of jobs, so I'd like to be succint	13:01
evrardjp	odyssey4me: just to make sure I understand: so you'd like to have one job for the docs, which skips all the other jobs?	13:02
evrardjp	why not use simply files?	13:05
odyssey4me	evrardjp I'd like the regex to negate jobs with the name 'gate-openstack-ansible-security-pep8' and 'gate-openstack-ansible-pep8' but allow 'gate-openstack-ansible-security-docs' and 'gate-openstack-ansible-docs'	13:05
odyssey4me	evrardjp if we run all the jobs all the time we'll starve all of infra with our jobs, and be waiting forever for simple changes	13:06
odyssey4me	^gate-openstack-ansible-.*(?!-docs)$	13:06
gparaskevas	odyssey4me: excelent thanks!	13:07
evrardjp	odyssey4me: what I meant is to have something separate for docs and for the rest	13:08
evrardjp	and instead of the all-files-match-any, use files	13:08
evrardjp	(not sure if it exists)	13:09
evrardjp	I just saw this: https://github.com/openstack-infra/project-config/blob/master/zuul/layout.yaml#L1045	13:09
evrardjp	and I never touched zuul	13:09
*** scarlisle has joined #openstack-ansible		13:09
odyssey4me	evrardjp that's a specific list of files - we'd never keep up :p	13:10
evrardjp	docs -> docs jobs, rest -> other jobs	13:10
odyssey4me	focus on the regex - the rest of that skip config is just fine :)	13:10
evrardjp	odyssey4me: it accepts regexp	13:10
evrardjp	L1065	13:10
evrardjp	only files matching your regexp will do the jobs for docs	13:11
evrardjp	problem solved, right?	13:11
odyssey4me	that's not the point	13:11
odyssey4me	and it appears that rule applies to the project-config repo, not the openstack-ansible repo :)	13:12
odyssey4me	the problem is not the file matching - the negate needs to work against the job name, not file names	13:12
*** fawadkhaliq has joined #openstack-ansible		13:15
*** fawadkhaliq has quit IRC		13:20
mancdaz	odyssey4me was there a change to force pip reinstalls in the run-upgrade script?	13:24
evrardjp	would somehting like ^gate-openstack-ansible-(?!.*docs) be what you're looking for odyssey4me	13:24
mancdaz	I see the change to allow passing extra options	13:24
evrardjp	I'm not sure what you need	13:24
evrardjp	this ^gate-openstack-ansible-(?=.*docs) if it's the opposite?	13:25
odyssey4me	evrardjp see https://review.openstack.org/#/c/231980/3/zuul/layout.yaml,cm for what I've settled on	13:25
evrardjp	(can add $)	13:25
evrardjp	odyssey4me: not sure it will correctly trigger	13:26
odyssey4me	mancdaz https://review.openstack.org/229803	13:26
*** KLevenstein has joined #openstack-ansible		13:26
odyssey4me	evrardjp oh? in a regex check it works for me	13:27
evrardjp	not according to https://regex101.com	13:27
evrardjp	maybe I'm wrong :p	13:27
odyssey4me	try http://www.regexr.com/	13:28
odyssey4me	regex101 is php/python/whatever	13:28
mancdaz	odyssey4me hmm ok that did not make it into the current sha bump for rpc-o	13:28
*** ashishjain has quit IRC		13:36
odyssey4me	mancdaz it should be, it's in the last kilo tag: https://github.com/openstack/openstack-ansible/commits/11.2.3	13:36
evrardjp	odyssey4me: while you're at it, if you try to be succint, why don't you merge pep8 and bashate by doing (pep8\|bashate) ?	13:39
mancdaz	odyssey4me something has gone wrong then	13:41
mancdaz	or maybe it's just me	13:41
odyssey4me	evrardjp fair point, might do that shortly	13:41
*** javeriak has quit IRC		13:44
*** spotz_zzz is now known as spotz		13:51
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38496: Lock system accounts other than root https://review.openstack.org/232012	13:56
*** spotz is now known as spotz_zzz		14:01
*** spotz_zzz is now known as spotz		14:01
*** javeriak has joined #openstack-ansible		14:02
*** markvoelker_ has joined #openstack-ansible		14:04
openstackgerrit	Javeria Khan proposed openstack/openstack-ansible: Modularizing Neutron playbooks for master https://review.openstack.org/231187	14:06
*** markvoelker has quit IRC		14:08
*** markvoelker_ has quit IRC		14:12
*** javeriak has quit IRC		14:13
tiagogomes_	I was told here that L3 automatic failover was not working, that seems to be the case	14:13
odyssey4me	tiagogomes_ if you could test https://review.openstack.org/229053 for us and feed back in the review that'd be awesome	14:15
*** sigmavirus24_awa is now known as sigmavirus24		14:16
tiagogomes_	oh, didn't know the existence of that patch. I had re-worked neutron-ha-tool.py myself to work with keystone v3	14:17
*** Mudpuppy has joined #openstack-ansible		14:17
*** Mudpuppy has quit IRC		14:18
tiagogomes_	but my previous point is that allow_automatic_l3agent_failover=True seems to not work, otherwise neutron-ha-tool.py wouldn't be needed	14:18
*** Mudpuppy has joined #openstack-ansible		14:19
*** Mudpuppy has quit IRC		14:19
*** Mudpuppy has joined #openstack-ansible		14:20
odyssey4me	tiagogomes_ ah, so you've verified that it's still broken in kilo then :/	14:20
odyssey4me	mhayden fyi - you shall have testing soon :) https://review.openstack.org/232015	14:21
tiagogomes_	odyssey4me yep	14:21
*** harvy has quit IRC		14:22
cloudnull	morning	14:28
sigmavirus24	cloudnull: happy to review things in my free time at night =P	14:31
*** markvoelker has joined #openstack-ansible		14:32
cloudnull	thanks again sigmavirus24 :)	14:33
*** alextricity has quit IRC		14:33
* sigmavirus24 is looking again while he's waiting for this training video to load		14:34
sigmavirus24	because lolvpn	14:34
*** alextricity has joined #openstack-ansible		14:34
cloudnull	tiagogomes_: it'd be interesting if we could give full neutron l3ha another go. so far everytime we've tested it the baked in l3ha didn't work and we've reverted back to using the tool	14:34
*** cloudtrainme has joined #openstack-ansible		14:34
tiagogomes_	cloudnull I am currently doing some testing regarding that	14:35
cloudnull	i'd be super curious what the state of that is	14:35
tiagogomes_	the problem using the tool is that the connections will drop of freeze	14:35
tiagogomes_	drop or freeze	14:36
cloudnull	Sam-I-Am: might have some thoughts on the state of l3ha ?	14:37
*** fawadkhaliq has joined #openstack-ansible		14:37
cloudnull	tiagogomes_: idk if you've seen this http://docs.openstack.org/networking-guide/deploy_scenario3b.html	14:38
tiagogomes_	cloudnull I've. I wonder if I have to set allow_automatic_l3agent_failover=False for it to work	14:40
*** phalmos has joined #openstack-ansible		14:41
*** agireud has quit IRC		14:44
*** Mudpuppy_ has joined #openstack-ansible		14:47
*** Mudpuppy has quit IRC		14:50
*** javeriak has joined #openstack-ansible		14:50
*** Mudpuppy_ is now known as Mudpuppy		14:54
*** alejandrito has joined #openstack-ansible		14:57
cloudnull	tiagogomes_: looking over the docs to make l3ha go without munging with a lot of variables you can use the overrides like so http://cdn.pasteraw.com/3bownn1s7c8f3ncwisu1bhu8m9oz66u	14:59
cloudnull	I've not tried that yet, but it looks like we have everything already in place to enable it	14:59
odyssey4me	mattt are you happier with https://review.openstack.org/229786 ?	15:00
*** cloudtra_ has joined #openstack-ansible		15:02
*** cloudtrainme has quit IRC		15:02
*** agireud has joined #openstack-ansible		15:05
*** sdake has quit IRC		15:11
*** jwagner_away is now known as jwagner		15:12
mattt	odyssey4me: yep LGTM	15:13
*** sdake has joined #openstack-ansible		15:14
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38498: Audit log file permissions https://review.openstack.org/232056	15:14
mhayden	odyssey4me: awesome -- thanks!	15:15
*** gparaskevas has quit IRC		15:15
*** subscope has quit IRC		15:18
*** javeriak has quit IRC		15:18
*** javeriak has joined #openstack-ansible		15:19
openstackgerrit	Javeria Khan proposed openstack/openstack-ansible: Modularizing Neutron playbooks for master https://review.openstack.org/231187	15:22
*** javeriak_ has joined #openstack-ansible		15:22
*** javeriak has quit IRC		15:23
*** subscope has joined #openstack-ansible		15:28
openstackgerrit	Merged openstack/openstack-ansible: Document storage_address for Cinder on metal https://review.openstack.org/229340	15:33
openstackgerrit	Merged openstack/openstack-ansible: Various Documentation Updates https://review.openstack.org/231194	15:33
*** javeriak has joined #openstack-ansible		15:34
mattt	cloudnull: see my comment in your novnc patch ?	15:34
*** daneyon_ has quit IRC		15:34
*** daneyon has joined #openstack-ansible		15:35
* cloudnull looking now		15:35
*** javeriak_ has quit IRC		15:37
cloudnull	mattt: replied inline	15:38
cloudnull	basically it should be ok because we force the console type with nova_console_type	15:38
Sam-I-Am	cloudnull: you rang?	15:38
tiagogomes_	anyone knows where are the mysql logs?	15:41
mattt	cloudnull: oh yeah derp, that stuff is all in if blocks	15:44
*** harvy has joined #openstack-ansible		15:44
*** javeriak_ has joined #openstack-ansible		15:45
*** javeriak has quit IRC		15:47
odyssey4me	tiagogomes_ /var/log/mysql_logs/ as I recall	15:50
tiagogomes_	I have nothing there	15:50
tiagogomes_	but it is how it was set up	15:50
cloudnull	tiagogomes_: there is a galera error log	15:55
cloudnull	which should detail all of the cluster interactions	15:55
Sam-I-Am	cloudnull: i think l3ha would work with what we have, but there's some useful options in liberty that we dont quite support yet	15:55
*** javeriak_ has quit IRC		15:56
cloudnull	Sam-I-Am: and then ?	15:56
cloudnull	:)	15:56
odyssey4me	Sam-I-Am we don't support? what does it entail?	15:56
*** javeriak has joined #openstack-ansible		15:57
Sam-I-Am	we dont support using a separate network for vrrp keepalives	15:58
Sam-I-Am	without that option, the network used for them is indeterminate	15:58
Sam-I-Am	which was an oversight that i got fixed for liberty	15:58
Sam-I-Am	i'd also advise testing with and without l2pop, because historically its been broken	15:59
*** subscope has quit IRC		15:59
*** fawadkhaliq has quit IRC		16:00
*** fawadk has joined #openstack-ansible		16:00
*** alop has joined #openstack-ansible		16:02
tiagogomes_	cloudnull do you know where that file is?	16:04
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38500: No UID 0 accounts except root https://review.openstack.org/232070	16:05
openstackgerrit	Kevin Carter proposed openstack/openstack-ansible: Updated the repo-build process https://review.openstack.org/230716	16:06
cloudnull	the overrides ?	16:07
cloudnull	tiagogomes_: ^^	16:07
tiagogomes_	cloudnull the galera log file	16:07
cloudnull	ah.	16:07
* cloudnull looking		16:07
cloudnull	tiagogomes_: mine is under /var/log/mysql_logs/galera_server_error.log	16:09
tiagogomes_	cat: /var/log/mysql_logs/galera_server_error.log: No such file or directory	16:10
cloudnull	tiagogomes_: from within the galera node ?	16:10
tiagogomes_	yep	16:10
cloudnull	https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/galera_server/templates/my.cnf.j2#L34-L42	16:11
cloudnull	is the process running ?	16:11
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38501: Disable accounts after failed logins https://review.openstack.org/232074	16:11
tiagogomes_	not anymore, that why wanted to check the logs	16:12
cloudnull	now thats an odd one.	16:12
cloudnull	do you have the file in any of your galera nodes ?	16:12
odyssey4me	tiagogomes_ check the upstart log	16:13
odyssey4me	upstart will have a log for the service	16:13
cloudnull	if the service has ever run that file should be there.	16:13
odyssey4me	/var/log/upstart/	16:13
tiagogomes_	I don't find a log file for galera there	16:13
cloudnull	tiagogomes_: what about on your logging host ?	16:14
cloudnull	the rsyslog process should be shipping that log to your rsyslog service on the logging host.	16:15
tiagogomes_	yeah, I got some logs there	16:16
*** cloudtra_ has quit IRC		16:17
openstackgerrit	Kevin Carter proposed openstack/openstack-ansible: Install spice-html5 from source https://review.openstack.org/226462	16:18
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Remove unused libvirt-bin file https://review.openstack.org/231084	16:18
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Use inventory instead of hostfile parameter https://review.openstack.org/231870	16:19
*** cloudtrainme has joined #openstack-ansible		16:19
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-3850{2,3,4}: Ownership/mode of /etc/shadow https://review.openstack.org/232087	16:20
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Fix bashate violations https://review.openstack.org/231090	16:21
*** harvy has quit IRC		16:22
cloudnull	tiagogomes_: reveal anything interesting ?	16:22
*** spotz is now known as spotz_zzz		16:23
*** agireud has quit IRC		16:24
tiagogomes_	address is use	16:25
tiagogomes_	although service msql status reported the service as down	16:25
tiagogomes_	I killed -9 mysqld and things now work	16:25
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-3851{1,2,3}: IPv4 security controls https://review.openstack.org/232088	16:26
tiagogomes_	but if I shutdown one node things stop working	16:26
*** agireud has joined #openstack-ansible		16:27
*** Mudpuppy_ has joined #openstack-ansible		16:31
*** Mudpuppy_ has quit IRC		16:31
*** Mudpuppy has quit IRC		16:34
*** galstrom_zzz is now known as galstrom		16:36
* tiagogomes_ finds http://galeracluster.com/documentation-webpages/arbitrator.html		16:48
tiagogomes_	I am having problems with galera. My setup is two physical hosts running each two galera containers. But that is not working very well when I shutdown one physical host	16:49
*** javeriak has quit IRC		16:58
*** b3rnard0 is now known as b3rnard0_away		16:59
*** javeriak has joined #openstack-ansible		17:00
*** abitha has joined #openstack-ansible		17:04
*** spotz_zzz is now known as spotz		17:15
*** subscope has joined #openstack-ansible		17:21
cloudnull	tiagogomes_: an abrbitrator might help in that type of a situration though if you had a spare node to make it a three node cluster there would really be no need.	17:31
cloudnull	odd numbers of hosts is best setup in terms of having the cluster keep quarum	17:32
*** javeriak_ has joined #openstack-ansible		17:32
*** g3rms_ has joined #openstack-ansible		17:35
*** javeriak has quit IRC		17:36
*** b3rnard0_away is now known as b3rnard0		17:37
*** woodard has quit IRC		17:38
*** g3rms_ has quit IRC		17:39
openstackgerrit	Merged openstack/openstack-ansible: Set affinity to 1 for OpenStack-CI gate checks https://review.openstack.org/221957	17:41
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38514: Disabling DCCP https://review.openstack.org/232129	17:44
*** sdake has quit IRC		17:51
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38515: Disable SCTP https://review.openstack.org/232131	17:53
*** g3rms_ has joined #openstack-ansible		17:53
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Updated the repo-build process https://review.openstack.org/230716	17:56
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Update rabbitmq-server to v3.5.5-3 https://review.openstack.org/231871	17:56
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Update all SHA's (except Horizon) to Liberty branch SHA's https://review.openstack.org/228385	17:57
*** KLevenstein_ has joined #openstack-ansible		17:57
*** sdake has joined #openstack-ansible		17:57
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Break apart and document the upgrade process https://review.openstack.org/224137	17:57
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Update Keystone to Liberty RC1 https://review.openstack.org/226917	17:59
*** KLevenstein has quit IRC		17:59
*** KLevenstein_ is now known as KLevenstein		17:59
openstackgerrit	Jesse Pretorius proposed openstack/openstack-ansible: Update Cinder to Liberty RC1 https://review.openstack.org/227205	17:59
*** javeriak has joined #openstack-ansible		18:12
*** javeriak_ has quit IRC		18:16
*** phalmos has quit IRC		18:23
*** phalmos has joined #openstack-ansible		18:33
*** ashishjain has joined #openstack-ansible		18:36
*** woodard has joined #openstack-ansible		18:39
ashishjain	Hi I am setting osad behind proxy	18:40
ashishjain	one od the steps to setup osad is running scripts/bootstratp-ansible.sh	18:40
ashishjain	this scripts requires to setup requirements.txt using pip install	18:40
ashishjain	as per the pip documentation the proxy has to be given with-in the command	18:41
ashishjain	pip install --proxy ......	18:41
ashishjain	but somehow this does not work	18:42
ashishjain	as per the osad documentation proxy has to be setup in user_variables.yml	18:42
*** kukacz has quit IRC		18:42
ashishjain	but IIUC this will not help with pip	18:42
ashishjain	I see this error all the time Connection to pypi.python.org timed out. (connect timeout=15)')': /simple/pip/	18:42
ashishjain	does anyone got any advice how to approach this whole thing behind proxy	18:43
*** woodard has quit IRC		18:44
*** gparaskevas has joined #openstack-ansible		18:46
stevelle	ashishjain: are you setting GET_PIP_URL in the env? https://github.com/openstack/openstack-ansible/blob/master/scripts/bootstrap-ansible.sh#L27	18:51
stevelle	you might need to pull that into a mirror	18:51
*** woodard has joined #openstack-ansible		18:51
stevelle	alternatively you need to specify the proxy params to curl	18:52
*** Mudpuppy has joined #openstack-ansible		18:53
ashishjain	stevelle: I see that I am able to get the /opt/get-pip.py as I have setup the proxy for curl	18:54
ashishjain	stevelle: after that next step is to install pip which fails	18:54
*** Mudpuppy has quit IRC		18:54
stevelle	ashishjain: my mistake, I thought you were caught on line 61, you are getting the error on line 62	18:55
*** Mudpuppy_ has joined #openstack-ansible		18:56
ashishjain	stevelle: yes that is the step which fails	18:57
stevelle	ashishjain: I think we should file a bug for this. As you said we should respect an env var (the standard HTTP_PROXY) if it is set when calling pip install.	18:59
stevelle	should be a simple fix	19:00
*** galstrom is now known as galstrom_zzz		19:00
stevelle	If you like I can file that for you, but I would encourage you to help us if you can.	19:01
ashishjain	stevelle: Sure I will do that , I will get back to you with more inputs in sometime	19:01
*** kiext has quit IRC		19:02
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-3851{4,5,6,7}: Disabling certain network protocols https://review.openstack.org/232129	19:04
*** kukacz has joined #openstack-ansible		19:06
*** Bjoern_ has joined #openstack-ansible		19:12
openstackgerrit	Bjoern Teipel proposed openstack/openstack-ansible: Removing fixed settings inside the glance-cache.conf https://review.openstack.org/232154	19:13
*** woodard has quit IRC		19:15
*** fawadk has quit IRC		19:16
*** ashishjain has quit IRC		19:25
*** woodard has joined #openstack-ansible		19:28
*** fawadkhaliq has joined #openstack-ansible		19:31
*** sdake has quit IRC		19:33
openstackgerrit	Miguel Grinberg proposed openstack/openstack-ansible: Make bootstrap-ansible script compatible with RHEL https://review.openstack.org/232165	19:34
*** sdake has joined #openstack-ansible		19:34
*** k_stev has joined #openstack-ansible		19:37
*** sdake_ has joined #openstack-ansible		19:38
*** sdake has quit IRC		19:39
openstackgerrit	Bjoern Teipel proposed openstack/openstack-ansible: Removing fixed settings inside the glance-cache.conf https://review.openstack.org/232154	19:45
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-3851{8,9}: Log file ownership https://review.openstack.org/232171	19:46
openstackgerrit	Bjoern Teipel proposed openstack/openstack-ansible: Removing fixed settings inside the glance-cache.conf https://review.openstack.org/232154	19:47
*** markvoelker has quit IRC		19:51
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-3852{0,1}: Back up log/audit records https://review.openstack.org/232178	19:52
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-3852{0,1}: Back up log/audit records https://review.openstack.org/232178	19:54
*** markvoelker has joined #openstack-ansible		19:55
*** Mudpuppy_ has quit IRC		19:56
openstackgerrit	Bjoern Teipel proposed openstack/openstack-ansible: Removing fixed settings inside the glance-cache.conf https://review.openstack.org/232183	19:57
*** Mudpuppy has joined #openstack-ansible		19:59
*** Mudpuppy has quit IRC		20:01
*** Mudpuppy has joined #openstack-ansible		20:02
*** arnaud_orange has quit IRC		20:26
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-3852{3,4,6,9} and V-3853{2,3}: IPv4 restrictions https://review.openstack.org/232196	20:32
*** arnaud_orange has joined #openstack-ansible		20:33
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-3852, V-3853, V-3854*: IPv4 restrictions https://review.openstack.org/232196	20:36
*** woodard has quit IRC		20:36
*** woodard has joined #openstack-ansible		20:36
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38535: Don't respond to ICMPv4 broadcast https://review.openstack.org/232198	20:40
*** sdake_ has quit IRC		20:43
*** k_stev has quit IRC		20:48
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38528: Log martian packets https://review.openstack.org/232201	20:49
*** sdake has joined #openstack-ansible		20:51
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38537: Ignore ICMPv4 bogus error messages https://review.openstack.org/232203	20:52
*** kukacz has quit IRC		20:58
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38539: Enable TCP SYN cookies https://review.openstack.org/232212	21:02
*** spotz is now known as spotz_zzz		21:03
*** Mudpuppy_ has joined #openstack-ansible		21:06
*** Mudpuppy_ has quit IRC		21:06
*** harlowja has quit IRC		21:08
*** Mudpuppy has quit IRC		21:09
*** Guest62625 is now known as mfisch		21:10
*** mfisch is now known as Guest49167		21:10
*** woodard_ has joined #openstack-ansible		21:15
openstackgerrit	Miguel Alex Cantu proposed openstack/openstack-ansible: Seperated out Telemetry Alarming (Aodh)[WIP] https://review.openstack.org/232224	21:18
*** woodard has quit IRC		21:19
*** tlian2 has joined #openstack-ansible		21:19
*** woodard_ has quit IRC		21:20
*** tlian has quit IRC		21:23
*** fawadkhaliq has quit IRC		21:23
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-3854{8,9}, V-38553: IPv6 filtering/security https://review.openstack.org/232226	21:24
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38555, V-38560: IPv4 firewalling https://review.openstack.org/232229	21:29
*** Guest49167 is now known as mfisch		21:29
*** mfisch has quit IRC		21:29
*** mfisch has joined #openstack-ansible		21:29
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-385{69,70,71,72}: Password requirements https://review.openstack.org/232231	21:33
*** gparaskevas has quit IRC		21:34
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38501, V-38573: Disable accounts after failed logins https://review.openstack.org/232074	21:34
palendae	Dang mhayden	21:34
palendae	Busy afternoon	21:34
mhayden	oops	21:34
mhayden	hah	21:34
mhayden	i'm even grouping some of these!	21:35
mhayden	at least they're fairly easy reviews	21:35
palendae	Ah, doc updates?	21:36
mhayden	some are doc updates about exceptions	21:36
mhayden	some have docs + ansible tasks	21:37
palendae	Cool	21:38
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38579: grub.conf owned by root https://review.openstack.org/232237	21:40
*** sdake_ has joined #openstack-ansible		21:40
mhayden	palendae: ones like those are kinda cake ^^	21:40
*** sdake has quit IRC		21:41
palendae	Oh, these are in the role	21:41
palendae	Gotcha	21:41
palendae	was wondering why all the CI was no-op, even when it had ansible tasks	21:41
mhayden	yeah that noop job is ultra-quick ;)	21:44
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-38624: Rotate logs https://review.openstack.org/232240	21:47
*** spotz_zzz is now known as spotz		21:48
*** javeriak has quit IRC		21:48
*** javeriak has joined #openstack-ansible		21:49
*** subscope has quit IRC		21:51
*** harlowja has joined #openstack-ansible		21:53
*** spotz is now known as spotz_zzz		21:57
*** phalmos has quit IRC		22:00
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-3862{5,6,7}: LDAP server security https://review.openstack.org/232246	22:08
*** sdake_ has quit IRC		22:10
*** sdake has joined #openstack-ansible		22:14
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: V-3865{2,4}, V-57569: Mounting filesystems https://review.openstack.org/232254	22:30
*** javeriak has quit IRC		22:30
*** markvoelker has quit IRC		22:31
*** markvoelker has joined #openstack-ansible		22:33
openstackgerrit	Steve Lewis proposed openstack/openstack-ansible-security: Fix typo in documentation for V-38460 https://review.openstack.org/232256	22:36
*** KLevenstein has quit IRC		22:58
*** markvoelker has quit IRC		23:04
*** alejandrito has quit IRC		23:04
*** markvoelker has joined #openstack-ansible		23:08
*** harlowja has quit IRC		23:10
*** harlowja has joined #openstack-ansible		23:10
*** abitha has quit IRC		23:11
*** cloudtrainme has quit IRC		23:15
*** cloudtrainme has joined #openstack-ansible		23:17
*** sigmavirus24 is now known as sigmavirus24_awa		23:19
*** cloudtrainme has quit IRC		23:22
*** scarlisle has quit IRC		23:29
*** markvoelker has quit IRC		23:42
*** markvoelker has joined #openstack-ansible		23:43
*** alop has quit IRC		23:52
*** markvoelker has quit IRC		23:53

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!