Friday, 2015-10-09

« Thursday, 2015-10-08 Index Saturday, 2015-10-10 »
*** markvoelker has quit IRC00:29
*** phalmos has quit IRC00:32
*** sdake has joined #openstack-ansible00:35
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071600:57
*** kerwin_bai has joined #openstack-ansible01:15
*** Bjoern_ has quit IRC01:16
openstackgerritKevin Carter proposed openstack/openstack-ansible: Add novnc console support  https://review.openstack.org/23265701:21
openstackgerritKevin Carter proposed openstack/openstack-ansible: Install spice-html5 from source  https://review.openstack.org/23269701:21
*** tlian has quit IRC01:33
*** metral_zzz is now known as metral01:36
openstackgerritMerged openstack/openstack-ansible: Remove unused libvirt-bin file  https://review.openstack.org/23108401:40
openstackgerritMerged openstack/openstack-ansible: Fix bashate violations  https://review.openstack.org/23109001:41
*** sdake has quit IRC01:44
*** metral is now known as metral_zzz01:45
*** bgmccollum has quit IRC01:59
openstackgerritMerged openstack/openstack-ansible: Fix run-aio-build.sh for curl one-liner  https://review.openstack.org/23185702:01
*** ashishjain has quit IRC02:04
*** bgmccollum has joined #openstack-ansible02:11
*** kerwin_bai1 has joined #openstack-ansible02:24
*** ashishjain has joined #openstack-ansible02:25
ashishjaincloudnull: you there02:25
*** kerwin_bai has quit IRC02:26
*** kerwin_bai1 is now known as kerwin_bai02:26
ashishjainHello02:27
ashishjainCan someone please advice how to verify if the first playbook setup-hosts.yml has run successfully02:28
ashishjainI left it unattended and can see lot of lxc containers in a running state02:29
ashishjainIs their a way to verify ( may be by running a script) which will suggest if all is completed02:29
cloudnullashishjain: o /02:30
cloudnullyou can verify all things are running using ansible02:30
cloudnullansible 'hosts,all_containers' -m ping02:30
ashishjainhey cloudnull thanks a lot I was able to make the first playbook work ... actually it was late night and I was running the stuff remotely and I can see in my logs that I fired the 3 playbook but just wanted to crosscheck02:31
cloudnullsorry02:31
cloudnullansible 'hosts:all_containers' -m ping02:31
cloudnullthe other thing that you can do to log all of your interactions is to add log_path to your ansible.cfg file02:32
cloudnullhttp://docs.ansible.com/ansible/intro_configuration.html#log-path02:32
cloudnullthat will log all of your ansible commands02:32
ashishjaincloudnull: ERROR: Unable to find an inventory file, specify one with -i ?02:33
cloudnullwe dont add it by default because we cant guarentee the pathing02:33
ashishjainI have not defined a /etc/anisble/hosts file02:33
cloudnullashishjain:  you have to execute that ansible command from your playbooks directory02:33
cloudnullIE: /opt/openstack-ansible/playbooks02:33
cloudnullthat will use your existing inventory.02:33
ashishjaincloudnull: I see No hosts matched02:34
cloudnullthis command ansible 'hosts:all_containers' -m ping02:36
cloudnullthe first one i put a comma in it when it shouldve been a colon02:36
ashishjainaah I am sorry02:37
ashishjaincloudnull: I see the error openstack006_nova_conductor_container-bf96f5b5 | FAILED => SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh02:39
ashishjainthis is because my containers have got only 1 Ip02:39
cloudnullis that for all of them  ?02:39
ashishjaindefault provided by lxcbr002:39
ashishjainyes02:39
ashishjain:(02:39
ashishjainIt have not used the br-mgmt cidr at all02:40
ashishjaincloudnull: however openstack_inventory.json is generated just fine02:40
cloudnulldo the items in inventory have ip address ?02:40
ashishjainYes they do have just one example here02:41
ashishjainnsible_ssh_host": "192.168.30.144",                 "component": "galera",                 "container_address": "192.168.30.144",02:41
ashishjainthis is from openstack_inventory.json02:41
cloudnulldo all of your hosts have br-mgnt on them ?02:41
cloudnulland is that network interface up ?02:41
ashishjaincloudnull: yes all of them have the br-mgmt interface02:42
ashishjainand all are up02:42
cloudnullrerun: openstack-ansible lxc-container-create.yml02:42
cloudnullthat should create all of the network devices in al containers .02:43
cloudnullmaybe it died mid way through a run ?02:43
ashishjaincloudnull: Once I rerun will it create the same containers with same name for example openstack006_galera_container-edb2126f02:45
ashishjainIt will not create the one with another name02:45
ashishjainthis is because I have allocated around 30GB of space to each host and around 12G is already used02:46
cloudnullit shouldnt recreate the containers itll just make  sure the config is correct02:46
cloudnullto test you can rerun with a limit02:47
ashishjainyou mean openstack006_galera_container-edb2126f02:47
ashishjainsorry02:47
cloudnullopenstack-ansible lxc-container-create.yml --limit openstack006_galera_container-edb2126f02:47
ashishjainyou mean this config openstack_user_config.yml02:47
cloudnullno02:47
cloudnullthe lxc-container-create.yml play will do all of the container configuration02:48
ashishjainokay alright I will try out for one container02:48
ashishjaincloudnull: wow it finished and I could see a new ip attached to galera container :D :)02:50
ashishjainlxc-ls -f NAME                                                 STATE    IPV4                        IPV6  AUTOSTART                 ----------------------------------------------------------------------------------------------------------------------- openstack006_galera_container-edb2126f               RUNNING  10.0.3.138, 192.168.30.144  -     YES (onboot, openstack)02:50
ashishjainearlier I only had 10.0.3.13802:50
cloudnullcool02:52
ashishjainNow I ran the same command as you have pointed out earlier and I could see galera being in a good state02:52
ashishjainopenstack006_galera_container-edb2126f | success >> {     "changed": false,      "ping": "pong" }02:52
cloudnullso now run it without the limit02:52
ashishjainCool will do that, thanks a lot02:52
cloudnulland itll make sure the configuration on all containers is correct02:52
cloudnullnp02:52
cloudnulli have to run , time to sleep02:52
cloudnulltalk to you later.02:52
ashishjainalright great thanks have a good night02:53
ashishjaintake care02:53
*** sdake has joined #openstack-ansible03:51
*** markvoelker has joined #openstack-ansible03:55
*** g3rms_ has quit IRC04:02
*** galstrom_zzz is now known as galstrom04:10
*** fawadkhaliq has joined #openstack-ansible04:28
*** ashishjain has quit IRC04:36
*** markvoelker_ has joined #openstack-ansible04:40
*** sdake_ has joined #openstack-ansible04:41
*** markvoelker has quit IRC04:43
*** galstrom is now known as galstrom_zzz04:43
*** sdake has quit IRC04:44
*** kerwin_bai has quit IRC04:45
*** kerwin_bai has joined #openstack-ansible04:56
*** manikanta has joined #openstack-ansible05:01
*** sdake_ has quit IRC05:01
*** sdake has joined #openstack-ansible05:07
*** javeriak has joined #openstack-ansible05:14
*** cfarquhar has joined #openstack-ansible05:16
*** cfarquhar has quit IRC05:16
*** cfarquhar has joined #openstack-ansible05:16
*** cfarquhar has quit IRC05:24
*** cfarquhar has joined #openstack-ansible05:25
*** cfarquhar has quit IRC05:25
*** cfarquhar has joined #openstack-ansible05:25
*** kukacz has joined #openstack-ansible05:45
*** cfarquhar has quit IRC05:48
*** cfarquhar has joined #openstack-ansible05:49
*** cfarquhar has quit IRC05:49
*** cfarquhar has joined #openstack-ansible05:49
*** cfarquhar has quit IRC05:50
*** kukacz has quit IRC06:00
openstackgerritSteve Lewis proposed openstack/openstack-ansible: Use pip install --proxy when $HTTP_PROXY is set  https://review.openstack.org/23291606:05
openstackgerritSteve Lewis proposed openstack/openstack-ansible: Use pip install --proxy when $HTTP_PROXY is set  https://review.openstack.org/23291606:19
*** kukacz has joined #openstack-ansible06:20
*** javeriak has quit IRC06:29
*** kukacz has quit IRC06:33
*** kukacz_ has joined #openstack-ansible06:33
*** sdake has quit IRC06:33
*** kukacz has joined #openstack-ansible06:34
*** kukacz_ has quit IRC06:35
*** kukacz has quit IRC06:36
*** kukacz_ has joined #openstack-ansible06:36
*** kerwin_bai has quit IRC06:36
*** kerwin_bai has joined #openstack-ansible06:37
*** fawadkhaliq has quit IRC06:43
*** javeriak has joined #openstack-ansible06:51
*** ashishjain has joined #openstack-ansible06:51
*** javeriak has quit IRC06:56
*** javeriak has joined #openstack-ansible06:56
ashishjainHello07:03
ashishjainNeed some help on osad07:04
ashishjainOne of my host has failed on lxc-hosts-setup.yml and I am rerunning the playbook07:04
ashishjainwith this command "openstack-ansible lxc-hosts-setup.yml --limit openstack008 -vvv"07:04
ashishjainNow when I run the above playbook I get the following error07:05
ashishjainmsg: Destination directory /var/cache/lxc/trusty/rootfs-amd64/etc/apt does not exist07:05
ashishjaincan someone please suggest how to get rid of this error07:05
ashishjainShall I rerun the playbook openstack-hosts-setup.yml for this particular host?07:05
javeriakashishjain try rerunning the main playbook with the limit flag07:07
ashishjainjaveriak: setup-hosts.yml is it?07:07
javeriakyes "openstack-ansible setup-hosts.yml --limit openstack008 -vvv"07:08
ashishjainjaveriak: thanks I will try this out07:08
javeriaknp07:08
ashishjainjaveriak: it has failed again at the same step :(07:09
ashishjainmsg: Destination directory /var/cache/lxc/trusty/rootfs-amd64/etc/apt does not exist07:10
ashishjainOnly this directory exist /var/cache/lxc07:10
ashishjain"trusty/rootfs-amd64/etc/apt" is missing07:10
javeriakashishjain what branch are you on?07:10
ashishjainkilo07:10
*** fawadkhaliq has joined #openstack-ansible07:11
ashishjainjaveriak: looks like the directory untar has not happened07:12
ashishjainand their is somewhere osad is thinking that untar has happened07:12
javeriakashishjain hmm, in that case run the playbook as is again, without limit setup-hosts07:13
ashishjainaahhh that will be a nightmare it will take hous07:13
ashishjainhours07:13
javeriakyou must be remote :), dont worry it skips already completed tasks07:14
javeriakso not that long07:14
ashishjainjaveriak: sure I agree but if this is a bug I would provide a fix and get one of my commit in osad :D07:15
javeriakashishjain then i suggest you do a little more digging :)07:15
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add novnc console support  https://review.openstack.org/23265707:16
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Install spice-html5 from source  https://review.openstack.org/23269707:16
*** gparaskevas has joined #openstack-ansible07:18
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071607:19
openstackgerritMerged openstack/openstack-ansible: Removing fixed settings inside the glance-cache.conf  https://review.openstack.org/23266507:20
evrardjphello everyone07:22
evrardjpsorry for not being there at the previous meeting, and I'd like to say we've forgot to assign new ppl for managing next week meetings07:23
evrardjpI can't do it next week, sorry07:24
javeriakodyssey4me, this commit keep failing on two gates https://review.openstack.org/#/c/231187/, and the failure is a basic tempest test, since the main log doesnt give further info, do we export tempest logs anywhere?07:24
evrardjpIn fact, I can't do it until after the summit :/07:24
evrardjpjaveriak, SSHTimeout: Connection to the 172.29.248.9 via SSH timed out.?07:26
evrardjp(no route to host)07:26
javeriakevrardjp yep thats it07:26
javeriakgotta step out for a bit, be back in 30 mins07:27
*** javeriak has quit IRC07:28
openstackgerritMerged openstack/openstack-ansible: Add isolated flag to pip fall back installation  https://review.openstack.org/23266807:28
openstackgerritMerged openstack/openstack-ansible: Limit the number of Ansible forks used to 10  https://review.openstack.org/23238707:28
*** subscope has quit IRC07:29
stevelleashishjain: https://review.openstack.org/232916 for your review07:43
evrardjpstevelle, isn't setting https_proxy enough?07:52
evrardjp(I mean export HTTPS_PROXY)07:52
evrardjpmostly when I see this: http://stackoverflow.com/a/1996291307:53
evrardjp(didn't test it, I'm just cautious)07:53
gparaskevasanyone familiar with the ceph ragrding openstack-ansible?07:54
evrardjpgparaskevas, not really familiar, but we are using it partially, why?07:55
stevelleevrardjp: I think it should but ashishjain was reporting an issue with it.07:56
gparaskevasevrardjp: i am having some strabge error when deploying openstack with ceph enabled, I have installed ceph and have created the pools and keys allready with ceph-ansible07:57
gparaskevasevrardjp: then i edit user_variables in openstack-ansible and fillin pools client for glance cinder nova, but playbooks fails because nova tried to use cinder uuid07:58
gparaskevasevrardjp: but it says that i can reuse cinder client for nova use, whats wrong, i must be misssing something07:58
*** javeriak has joined #openstack-ansible07:59
odyssey4meo/ all07:59
evrardjpstevelle: is there a HTTPS_PROXY or is there only HTTP_PROXY ? ;)07:59
odyssey4mejaveriak you can, if you wish, ignore the -nv gate failure... although it may give you more clues07:59
odyssey4mejaveriak the tempest logs are in the utility container: http://logs.openstack.org/87/231187/8/check/gate-openstack-ansible-dsvm-commit/d6ec94a/logs/aio1_utility_container-33590397/07:59
evrardjpgparaskevas, to be honest, I tried to give my own users and it failed08:00
evrardjpI then followed the ceph and openstack best practices08:00
evrardjpI think these playbooks could work better/be worked on08:00
evrardjpuntil then, I suggest you to use standard usernames08:01
gparaskevasevrardjp: i am now using different clients for cinder and nova just to see08:01
evrardjpyeah that's what I started with ;)08:01
gparaskevasok!08:01
gparaskevaslets see08:01
stevelletime for me to crash for the night, meetings start in under 7h08:01
evrardjpgparaskevas, it wasn't much success for me, and I was taken by time08:02
odyssey4megparaskevas yeah, evrardjp picked that up early on - there seems to be an occasional precedence issue with Ansible where user_variables doesn't always take the highest precedence... and we haven't yet isolated it08:02
evrardjpgparaskevas, so I followed this: http://docs.ceph.com/docs/v0.71/rbd/rbd-openstack/08:02
*** openstackstatus has quit IRC08:02
*** openstackstatus has joined #openstack-ansible08:03
*** ChanServ sets mode: +v openstackstatus08:03
gparaskevasmmm ok thanks both of you! lets see if it fails again, and then i will do it mannualy08:03
evrardjpodyssey4me, note that some of my variable precedences issues were fixed upon some ansible upgrades08:04
evrardjpbut I didn't got the chance to look back at ceph08:04
odyssey4meevrardjp ah, good to know - as I recall we kinda thought that it was ok seeing as if you use the expected names then it works, and perhaps the precedence issues would go away with later versions of Ansible08:09
odyssey4meessentially we had more interesting problems to solve ;)08:10
evrardjpit always comes to a question of time and priorities. I don't see a problem of using standard names in our ceph cluster, so... it was easier that way for me08:11
*** 6A4AAO5AD has joined #openstack-ansible08:13
odyssey4mejaveriak it would appear that something isn't quite right: 'error: [Errno 113] No route to host'08:19
javeriakodyssey4me, thanks for looking into it, both gates seem to be failing with the same reason. Weird thing is that the second dependent commit passed jenkins completely, i assume dependencies get run together in jenkins?08:25
*** Burgosz has joined #openstack-ansible08:25
odyssey4mejaveriak yes, as the dependency is applied it will effectively do a checkout08:26
odyssey4meso if it fails with the first and not the second, are you sure there's nothing in the second being done which needs to be in the first?08:27
javeriakodyssey4me right so the commit itself is clean operation wise08:27
odyssey4meotherwise it may just be a transient failure - unfortunately that happens08:27
javeriaknope the second changes are independent: https://review.openstack.org/#/c/231214/508:27
odyssey4mebut it seems that it is happening far too consistently08:27
javeriakyes ive been watching since yesterday and it fails the same way for the past 3 runs, that cloudnull and i retriggered it08:28
javeriaklet me look into those utility tempest logs and see if i can find anything08:29
odyssey4mejaveriak I've added a comment to https://review.openstack.org/#/c/231214/5/playbooks/roles/os_neutron/defaults/main.yml,cm08:29
javeriakodyssey4me I missed taking out the comma from last patch, leftover from converting that list to a hash08:32
odyssey4mejaveriak perhaps the first patch needs that?08:32
javeriakfirst patch? the comma is an error, its not supposed to be be there08:35
javeriakwait your right! I missed it in latest patch, sorry about that :P08:36
ashishjainstevelle: thanks this parch looks good "https://review.openstack.org/#/c/232916/" :)08:36
ashishjain*patch08:36
ashishjainBut dont we need to have https_proxy as well?08:37
ashishjainOne more observation once a host fails for one task that host is not considered at all for any subsequent tasks probably for that particular playbook08:38
ashishjainis it an expected behavior?08:39
*** javeriak has quit IRC08:39
*** javeriak has joined #openstack-ansible08:40
ashishjainMy setup-host.yml is failing with this error all the time "msg: Destination directory /var/cache/lxc/trusty/rootfs-amd64/etc/apt does not exist"08:40
ashishjaininspite of re running the playbooks with --limit option and also re running the complete thing it keeps failing08:40
evrardjpashishjain, could you check if your trusty template was well downloaded on the host?08:42
evrardjpby going to /var/cache/lxc/trusty/?08:42
evrardjpgparaskevas, please also check that you have something like ceph in your secrets08:43
evrardjpIIRC, there was a bug that removed the ceph variable because it was by default commented08:44
evrardjpI'll fix that08:44
*** javeriak_ has joined #openstack-ansible08:44
*** javeriak_ has quit IRC08:44
*** subscope has joined #openstack-ansible08:44
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update nova & tempest SHA's and remove django-openstack-auth SHA  https://review.openstack.org/23295508:44
*** javeriak has quit IRC08:45
openstackgerritJaveria Khan proposed openstack/openstack-ansible: Modularizing Neutron playbooks for master  https://review.openstack.org/23118708:46
odyssey4meashishjain you may notice that I've commented the same in the review. :) it's also best if you comment/discuss in the review as the review retains the record of discussion and decisions made08:46
ashishjainevrardjp: The directory /var/cache has got the file lxc_trusty.tgz. And I am able to manually untar/unzip  with the command tar -xvzf08:46
openstackgerritJaveria Khan proposed openstack/openstack-ansible: Adding PLUMgrid plugin option to neutron setup  https://review.openstack.org/23121408:46
ashishjainodyssey4me: sure I will review in the bug08:46
ashishjainevrardjp: Is their a timeout associated with this untar process?08:48
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible: Removed unnecessary comment in the user_secrets for ceph variable  https://review.openstack.org/23295708:48
*** javeriak has joined #openstack-ansible08:49
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add novnc console support  https://review.openstack.org/23265708:53
gparaskevasevrardjp: you mean user_secrets? and what kind of ceph? like a ceph variable?08:54
gparaskevasevrardjp: nothing ceph in my scerets08:55
evrardjpI've written this patch just for you: https://review.openstack.org/#/c/232957/08:55
evrardjpcinder_ceph_client_uuid should be defined in your user_secrets IIRC08:56
evrardjpunless you mention nova_ceph_client_uuid in your user variables08:57
evrardjp /secrets08:58
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Fix run-aio-build.sh for curl one-liner  https://review.openstack.org/23296408:59
*** kerwin_bai1 has joined #openstack-ansible08:59
*** kerwin_bai has quit IRC08:59
*** kerwin_bai1 is now known as kerwin_bai08:59
gparaskevaslet me check, i did define ceph_nova_uuid as: cinder_uuid and ceph_nova_client as cinder_client...09:02
gparaskevasi will check your pats as well09:02
gparaskevasthanks!09:02
*** javeriak has quit IRC09:02
gparaskevasevrardjp: i am running a test on your patch right now09:07
gparaskevasevrardjp: I believe it was the root my problem09:07
gparaskevasevrardjp: I will get bak to you as soon as possible09:08
ashishjainCan someone please suggest how is line number 41 being executed in https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml09:08
ashishjainMy issue is somewhere there I suppose09:08
gparaskevasashishjain: you how you can call the specific tag?09:09
gparaskevasashishjain: you mean*09:09
ashishjaingparaskevas: I was looking at the ansible document just now and they say you can call a tag to exeute part of a playbook or a task09:10
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Install spice-html5 from source  https://review.openstack.org/23269709:11
ashishjainI am new to ansible as well and hence learning it on the go09:11
6A4AAO5ADcan this change be https://review.openstack.org/#/c/232669/ merged in the kilo branch as well?09:11
*** 6A4AAO5AD is now known as tiagogoems09:12
gparaskevasashishjain: openstack-ansible lxc-hosts-setup.yml --tags "lxc-cache-unarchive"09:13
gparaskevasashishjain: something like that i suppose09:14
odyssey4me6A4AAOSAD that is the kilo backport - it'll be merged once a second core votes it through09:15
ashishjainyes I know that but my question which probably is silly is where is this  lxc-cache-unarchive defined?09:15
evrardjpashishjain, if your cache isn't unarchived then you had an issue with your playbook09:16
evrardjpyou should maybe rerun your playbook completely09:16
ashishjainevrardjp: I have already done that and it does not help09:16
ashishjainevrardjp: Can you please point me what is "lxc-cache-unarchive"09:17
ashishjainIs it a linux command or is it somethhing defined with-in osad?09:17
ashishjainit is not a linux command as far as I can see09:17
evrardjpnope09:17
ashishjainand I am not able to find out any yml which defines lxc-cache-unarchive09:18
evrardjpthe tag lxc-cache-unarchive is merely a way to name what you're doing in the playbook09:18
evrardjpor in the task09:18
evrardjphere it's defined there:09:18
evrardjphttps://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml09:18
evrardjphttps://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml#L4109:18
ashishjainevrardjp: Yes I saw that09:18
evrardjpso the task that should unarchive your downloaded template is https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_hosts/tasks/lxc_cache.yml#L3309:18
evrardjpit uses the ansible module unarchive09:19
evrardjphttp://docs.ansible.com/ansible/unarchive_module.html09:19
evrardjpyou can find a list of default ansible modules here: http://docs.ansible.com/ansible/list_of_all_modules.html09:19
ashishjainevrardjp: I am sorry I got it now , just got confused with tags and all09:19
evrardjptags is just a convenient way of naming stuff09:20
evrardjpyou can then skip tags or, at the contrary, run it09:20
ashishjainI will try to manually invoke the playbook and see whats going wrong with unarchival of trusty container09:20
evrardjphttps://github.com/openstack/openstack-ansible/blob/master/playbooks/setup-hosts.yml09:20
evrardjpthis is the playbook you're running09:21
evrardjp(probably)09:21
evrardjpit's like a master playbook that launches other playbooks09:21
evrardjpyou can run manually each one and check what fails09:21
ashishjainevrardjp: yes you are correct09:21
ashishjainevrardjp: Sure I will do that but I know that lxc_cache.yml is failing09:22
evrardjpor launch the master playbook and check the result, when it starts to fail, you can scrollback on your screen to see which task precisely failed09:22
evrardjpok09:22
ashishjainevrardjp: I have captured the logs and the first failure starts from lxc_cache.yml09:22
evrardjpit's the download that failed?09:23
ashishjainno download was successful09:28
ashishjainI am able to manually use the command tar -xvzf <file_name>09:28
gparaskevasevrardjp: http://cdn.pasteraw.com/i482l5nt7cl864c5kl2motmbkxc2s7y this is what i get now...09:28
ashishjainI will just try with playbook now09:28
evrardjpgparaskevas, you deined your own secret before?09:29
evrardjpdefined*09:30
gparaskevasyes09:30
evrardjpok, I thought you didn't do it09:31
*** subscope has quit IRC09:32
*** subscope has joined #openstack-ansible09:33
*** serverascode has quit IRC09:34
gparaskevasevrardjp: cinder_ceph_client_uuid: d2c45268-6def-11e5-96d8-001aa07cbdc209:34
*** javeriak has joined #openstack-ansible09:34
gparaskevasfrom my user_secrets.yml, in openstach_user_config i define as well in the cinder confiig09:35
*** kukacz__ has joined #openstack-ansible09:35
evrardjplet me check how I did this09:35
evrardjpit's been a while09:36
evrardjpin my user_config I have a rbd_user: cinder and rbd_secret_uuid: "{{cinder_ceph_client_uuid}}"09:36
gparaskevasyes09:37
*** meteorfox has quit IRC09:37
evrardjpand in my user_secrets I have cinder_ceph_client_uuid:09:37
evrardjp(with a value ofc)09:38
evrardjpin my user_variables I have cinder_ceph_client: cinder, glance_ceph_client: glance09:38
*** kukacz__ has quit IRC09:39
evrardjpI didn't define nova_ceph_client09:39
evrardjpand this way you have your libvirt using ceph09:39
*** kukacz has joined #openstack-ansible09:39
evrardjpif you ran any playbook involving ceph before, maybe a UUID was created09:40
evrardjpmaybe you should do an ansible -m shell -a "virsh secret-list" nova_compute09:41
evrardjpsee what are the secrets already defined09:42
evrardjpremoving them if necessary09:42
evrardjp(I guess you're in testing mode, right? not doing that in production?)09:42
gparaskevascorrect09:43
gparaskevasyes thats my test bed at home!09:43
evrardjp:)09:44
evrardjpnice testing environment then :)09:44
evrardjpI guess the WAF must be low though ;)09:44
gparaskevaswaf?09:44
*** fawadkhaliq has quit IRC09:45
odyssey4meit sounds to me like we could do with an install guide page on how to configure openstack-ansible for ceph ;)09:46
evrardjp"wife" acceptance factor ;)09:46
*** fawadkhaliq has joined #openstack-ansible09:46
odyssey4melol09:46
evrardjpor wife approval factor, I don't really know09:46
gparaskevasyeah right well if there is a Mother Acceptance Factor then yes is low...09:46
gparaskevashahaha09:46
gparaskevasomg i loughed so hard09:47
evrardjpjust to say my wife wouldn't accept that I run a ceph cluster at home09:47
*** kukacz has quit IRC09:47
evrardjpnor openstack with multiple hosts09:47
evrardjpI should ask first before telling that :p09:47
*** kukacz has joined #openstack-ansible09:47
evrardjpanyway09:48
ashishjainevrardjp:  I ran a playbook manually and it worked now09:48
evrardjpashishjain, no errors?09:48
gparaskevaswell i am not maried i guess its qquite logical that to happen, my set up is quit small and quit, dell optiplex usff 745 x4!09:48
ashishjainbut when I do it along with osad it does not09:48
ashishjainyes no errors09:48
gparaskevasquiet*09:48
evrardjpashishjain, nice!09:48
gparaskevasodyssey4me: yes a page of that regard will be awesome09:49
ashishjainhttp://paste.openstack.org/show/475843/09:49
ashishjainhere is the playbook09:49
evrardjpashishjain, I'll check09:49
ashishjainevrardjp: What I will do is delete the directory again trusty.... and than try running ansible playbook again to see if I hit the error again09:50
ashishjainjust to check if their is an error09:50
ashishjainsorry a bug09:50
evrardjpyeah it sounds weird like that09:50
*** fawadkhaliq has quit IRC09:51
evrardjpmaybe there was a failure in the download of the lxc template file09:51
*** subscope has quit IRC09:52
evrardjpit shouldn't because there is a sha checking, but still, deleting and retrying could be successful for you09:53
evrardjpare the optiplex noisy?09:55
*** meteorfox has joined #openstack-ansible09:56
*** meteorfox has quit IRC09:57
evrardjpashishjain, after that, you can send your playbook failure? this way we know if it's the last change on lxc cache that triggers that failure or if it's something else09:59
ashishjainevrardjp: I think I found the issue09:59
gparaskevasevrardjp: they are old a nd the two of them are a bit noisy but i will replcae the two fans and they will not be as noisy, they are very good for that purpose and they be WAF friendly i guess09:59
ashishjainevrardjp: The issue is this condition in when: cache_download|changed10:00
ashishjaincache download not happens everytime10:00
ashishjainand hence if it does not change the unarchive process is skipped10:00
evrardjpwhich makes sense10:01
ashishjainIf you think this is correct than I would love to submit a patch :)10:01
evrardjpno need to unarchive again if there is no change, right?10:01
ashishjainbut what if it unarchive never happened10:02
evrardjpthe interesting question is why was there no unarchive first10:02
evrardjpindeed :)10:02
ashishjainevrardjp: the reason is I will tell you10:02
evrardjpctrl C?10:02
ashishjainIn a playbook if one of the previous task is failed say "apt udpate" is failed all the subsequent tasks will not consider that particular host10:03
evrardjpeven, the process should be resilient10:03
evrardjpyup10:03
ashishjainthat has happened with me accidently I have updated the sources.list to something else and hence apt failed for me and than for all the subsequent tasks that host was ignored10:03
ashishjainand than we are hitting this issue of unachive10:04
ashishjainBut is it an expected behavior if one task failed for a host and than don't consider it at all?10:04
evrardjpif there is a failure on a host, it's not continuing to run tasks on this host, unless specifically mentionned10:05
evrardjpit's ansible default behaviour, which is safe10:05
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Enable role testing and make structure ansible-galaxy compatible  https://review.openstack.org/23298710:05
*** fandi has quit IRC10:05
evrardjpit can be overriden though, in many ways10:05
evrardjpstill if a previous task failed, it shouldn't even download the cache on your host10:05
ashishjainevrardjp: Indeed !!10:06
evrardjpthis is something that definitely needs more examination10:06
evrardjpbut your problem is solved now?10:07
evrardjpbecause your redownloaded the cache on all your servers, right?10:07
odyssey4memattt would you mind reviewing https://review.openstack.org/232955 ?10:07
ashishjainevrardjp: let me look into more closely in my log files I will  get back10:07
matttodyssey4me: sure gimme a min10:07
ashishjainevrardjp: Ya problem is resolved but still the behavior is not clear, I will get back10:08
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Enable role testing and make structure ansible-galaxy compatible  https://review.openstack.org/23298710:12
*** serverascode has joined #openstack-ansible10:16
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Enable role testing and make structure ansible-galaxy compatible  https://review.openstack.org/23298710:16
tiagogoemsHi, why OSAD build the OpenStack python packages from source?10:16
odyssey4metiagogoems so that we can react more quickly when security issues come out10:17
*** Burgosz has quit IRC10:18
tiagogoemsodyssey4me right, so what the process of doing an update on an existing installation? Pull the latest changes for OSAD and re-run everything again?10:19
tiagogoemsOr is there an update/upgrade script10:19
odyssey4metiagogoems http://docs.openstack.org/developer/openstack-ansible/install-guide/app-minorupgrade.html10:21
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Enable role testing and make structure ansible-galaxy compatible  https://review.openstack.org/23298710:23
tiagogoemsodyssey4me ta, and what about major upgrades?10:23
odyssey4metiagogoems we only have major upgrade instrumentation from juno->kilo at this stage, once we release liberty we'll start work on kilo->liberty10:24
odyssey4metiagogoems https://blueprints.launchpad.net/openstack-ansible/+spec/liberty-upgrade-path10:24
evrardjpodyssey4me, I didn't know about this page with minor upgrades! Great job!10:24
odyssey4methe plan is to implement an upgrade framework10:24
tiagogoemsodyssey4me cool, thanks10:25
evrardjpodyssey4me, I'm interested by the process here https://review.openstack.org/#/c/232987/10:29
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Fix bashate violation in galera_server/files/mysql_init.sh  https://review.openstack.org/23299710:29
odyssey4meevrardjp :) it'll be our first role with role syntax and lint test10:30
evrardjpyou want all openstack-ansible-* roles to be galaxy ready?10:31
odyssey4methe next step will be to do a test for execution and idempotency10:31
odyssey4meevrardjp yep, with the eventual intention of registering them formally in galaxy10:31
*** meteorfox has joined #openstack-ansible10:32
evrardjpcool10:32
evrardjpI have no problems to move my changes there, to be under the openstack-ansible umbrella10:32
evrardjpI already do automated testing and idempotency on my roles10:32
evrardjpmy test coverage is not that good though10:33
evrardjpbut question10:33
evrardjpis it a good idea to have everything in one folder?10:33
evrardjpI thought it would be best to have one repo for the product (with playbooks, tests, etc) and one repo per role10:34
evrardjpso as openstack-ansible-security is a child product, I thought it was easier to have 2 repos: one for the playbooks and tests, another for the role10:35
evrardjpbut it's maybe overkill10:35
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Keystone Configuration for Liberty  https://review.openstack.org/22691710:37
gparaskevasevrardjp: i deleted the secrets from all compute nodes and the playbook went ok, i am finidhing the installation but looks like that the issue is resolved, although i believe that  if i rerun the playbook i will get the same issue as the secret will be already there10:39
evrardjpgparaskevas, it shouldn't10:39
evrardjpbecause it checks if the secret is already there10:39
evrardjpbut you know the way to be certain of it, right?10:40
evrardjp;)10:40
gparaskevasevrardjp: great then! i will retest it though just to be certain! :P10:40
gparaskevasevrardjp: haha10:40
evrardjpI don't remember having issues with that, excepting at the beginning10:40
gparaskevasevrardjp: yeah in the beginnign nothing ever works... i wonder why10:41
*** harvy has quit IRC10:42
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Fix the nodepool file check  https://review.openstack.org/23300310:47
odyssey4meevrardjp so the tests folder can hold the stuff needed for testing, but the openstack-ansible repo can be the place for integration testing and full use-case validation10:49
odyssey4meevrardjp for the moment I'm trying to re-use ansible role tests which are in place in -infra for other ansible roles - so I'm conforming to the existing expectations10:50
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Keystone Configuration for Liberty  https://review.openstack.org/22691710:53
*** fawadkhaliq has joined #openstack-ansible10:55
*** subscope has joined #openstack-ansible10:59
*** fawadkhaliq has quit IRC10:59
evrardjpodyssey4me, tell me when you want to take some of my roles over: I'd be happy to help with giving the roles, but also to help improve the gate checks11:01
ashishjainevrardjp: I think I found out the issue which probably is possible under heavy load situation11:04
ashishjainevrardjp: fatal: [openstack008] => SSH Error: Failed to connect to new control master     while connecting to 192.168.30.8:22 It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue11:04
ashishjainHere is what has happened immediately after downloading the lxc cache11:04
odyssey4meevrardjp where the roles live is kind-of immaterial - I would say that if most of the people developing the roles are within the openstack community, then it makes sense to have the code hosted in openstack's infrastructure... otherwise github is perhaps better11:05
odyssey4methe workflow for gerrit is not trivial, and can turn away potential developers who are used to github's workflow11:05
odyssey4meashishjain are you executing each playbook, or are you using something like run-playbooks?11:06
*** kukacz_ has quit IRC11:06
odyssey4mealso ashishjain - what tag are you using for your git clone?11:06
odyssey4meashishjain this may be useful information for you: http://docs.openstack.org/developer/openstack-ansible/install-guide/app-tips.html11:07
ashishjainafter downloading the cache due to load ( My node has got 1 core, 6G RAM and 35 GB Disk) ... deployment node was not able to contact 192.168.30.8 in stipulated 120 seconds time11:09
odyssey4mejaveriak both your reviews have passed the gate :)11:11
odyssey4mejaveriak It'd be really good if there was a documentation entry in the install guide for how to use this functionality. :)11:12
ashishjainodyssey4me: I am executing each playbook, I am using kilo11:12
javeriakodyssey4me, yes i saw :), thanks for that catch, here i was continously rebasing it11:12
javeriakodyssey4me, sure thats a really good idea, I'd be happy to add documentation, where would you suggest it goes, as a seperate heading/page?11:13
odyssey4mejaveriak not sure really, it depends on the sort of informaiton added11:14
odyssey4meperhaps somewhere here? http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-networking.html11:14
odyssey4mejaveriak alternatively, if you're really stuck for where to put it - I'd suggest adding an Appendix, then we can always work it from there11:15
javeriakwell our main stuff lies here: https://github.com/plumgrid/plumgrid-ansible, i can add a similar overview to openstack-ansible docs and link to the pg playbooks?11:15
odyssey4mejaveriak that sounds like a good idea - add an appendix for how to use plumgrid with openstack-ansible11:17
odyssey4meI can see some instructions there could be better :p11:17
javeriakodyssey4me, alright appendix it is, these are for juno and admittingly sparse :) because we like to usually point to our official deployment guide that contains detailed instructions. I've yet to update our plays for kilo, just waiting on these patches to merge in osad11:20
*** subscope has quit IRC11:20
javeriakBut will clean em up and add to the openstack-ansible appendix11:21
odyssey4mejaveriak The doc entry can be a simple set of instructions, similar to the README, with a link to the detailed official guide.11:21
odyssey4methrough the review process we'll help you make them better :)11:21
*** subscope has joined #openstack-ansible11:22
javeriakodyssey4me sounds good, where does the Appendix lie btw, cant find it here -> openstack-ansible/doc/source/install-guide11:23
*** fawadkhaliq has joined #openstack-ansible11:25
javeriakor maybe I could just add a new doc page if that sounds right?11:27
*** fawadkhaliq has quit IRC11:28
*** fawadkhaliq has joined #openstack-ansible11:28
*** subscope has quit IRC11:29
*** _hanhart has quit IRC11:32
odyssey4mejaveriak yeah, something like app-plumgrid.rst - then just add it to the TOC in doc/source/install-guide/index.rst11:32
javeriakokay cool11:32
*** alejandrito has joined #openstack-ansible11:32
*** subscope has joined #openstack-ansible11:34
openstackgerritMerged openstack/openstack-ansible-security: V-38535: Don't respond to ICMPv4 broadcast  https://review.openstack.org/23219811:35
openstackgerritMerged openstack/openstack-ansible-security: V-3851{8,9}: Log file ownership  https://review.openstack.org/23217111:35
openstackgerritMerged openstack/openstack-ansible-security: V-385{69,70,71,72}: Password requirements  https://review.openstack.org/23223111:36
openstackgerritMerged openstack/openstack-ansible-security: V-3862{5,6,7}: LDAP server security  https://review.openstack.org/23224611:36
*** subscope has quit IRC11:44
*** subscope has joined #openstack-ansible11:45
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Enable role testing and make structure ansible-galaxy compatible  https://review.openstack.org/23298711:46
odyssey4memattt could you please review https://review.openstack.org/232987 to for the security repo11:46
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Enable role testing and make structure ansible-galaxy compatible  https://review.openstack.org/23298711:47
matttodyssey4me: sure11:49
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Glance Configuration for Liberty  https://review.openstack.org/22996711:50
odyssey4memattt then this one when you're done with that: https://review.openstack.org/23300311:52
*** pradk has joined #openstack-ansible12:00
matttodyssey4me: done12:01
odyssey4methanks mattt12:01
matttnp12:01
*** brice_ has joined #openstack-ansible12:02
*** tlian has joined #openstack-ansible12:02
openstackgerritMerged openstack/openstack-ansible: Implement a fall back URL for get-pip.py  https://review.openstack.org/23266912:03
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Keystone Configuration for Liberty  https://review.openstack.org/22691712:08
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Keystone Configuration for Liberty  https://review.openstack.org/22691712:13
*** subscope has quit IRC12:29
*** subscope has joined #openstack-ansible12:29
*** subscope has quit IRC12:31
*** subscope has joined #openstack-ansible12:33
*** kerwin_bai has quit IRC12:34
javeriakodyssey4me should i wait for my commits to merge before backporting?12:45
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Rearrange group_vars/all into a directory with smaller files  https://review.openstack.org/23303312:46
odyssey4mejaveriak yes please12:46
odyssey4mejaveriak the reason is that reviewers may still request further changes12:47
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38500: No UID 0 accounts except root  https://review.openstack.org/23207012:47
javeriakright, makes sense12:47
*** kerwin_bai has joined #openstack-ansible12:49
mgariepygood morning everyone !12:50
odyssey4meo/ mgariepy12:50
mgariepyhow are you doing ?12:51
*** markvoelker has joined #openstack-ansible12:54
*** fawadkhaliq has quit IRC12:55
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38501, V-38573: Disable accounts after failed logins  https://review.openstack.org/23207412:55
*** markvoelker_ has quit IRC12:58
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3850{2,3,4}: Ownership/mode of /etc/shadow  https://review.openstack.org/23208712:58
*** KLevenstein has joined #openstack-ansible12:59
mhaydenkudos to odyssey4me for getting the security docs flowing! http://docs.openstack.org/developer/openstack-ansible-security/12:59
*** manikanta has quit IRC12:59
*** fawadkhaliq has joined #openstack-ansible13:01
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Glance Configuration for Liberty  https://review.openstack.org/22996713:03
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3851{4,5,6,7}: Disabling certain network protocols  https://review.openstack.org/23212913:04
*** scarlisle has joined #openstack-ansible13:05
*** fawadkhaliq has quit IRC13:06
*** gjn has quit IRC13:11
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38539: Enable TCP SYN cookies  https://review.openstack.org/23221213:11
*** tiagogomes_ has joined #openstack-ansible13:14
*** tiagogoems has quit IRC13:14
evrardjphello mgariepy13:17
odyssey4memattt I missed one of the bashate violations - please review: https://review.openstack.org/23299713:18
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38637: Verify auditd pkg contents  https://review.openstack.org/23276713:18
mhaydenmattt: i think i tidied up the commits you reviewed for the security stuff13:19
*** cloudtrainme has joined #openstack-ansible13:21
evrardjpmgariepy: FYI I'm using my own haproxy for now. I'd be happy to share what I did with you. It's maybe overkill for your use case, but I thought you could need that13:23
mgariepythat would be nice i would like to see it.13:24
matttmhayden: cool LGTM13:25
mhaydenthanks for the assist, mattt13:25
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Add new docs URL to README  https://review.openstack.org/23305413:26
matttodyssey4me: kinda wishing we had added that file as an ignore as sigmavirus24_awa suggested13:26
evrardjpmhayden, you need help on these?13:26
mhaydenevrardjp: the reviews? sure!13:26
mhaydenevrardjp: https://review.openstack.org/#/q/status:open+project:openstack/openstack-ansible-security,n,z13:27
odyssey4memattt I know what you mean, except I'd rather we do away with the file and use the default from the package where possible.13:27
matttodyssey4me: agreed, which we're doing in master right?13:27
odyssey4memattt yeah, that's done for liberty along with the MariaDB 10 upgrade.13:28
odyssey4meso for kilo this may as well just stay there - it's not likely to change again13:28
*** wmlynch has joined #openstack-ansible13:30
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Removing 'indices/tables' from index.rst  https://review.openstack.org/23305813:31
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Fix bashate violation in galera_server/files/mysql_init.sh  https://review.openstack.org/23299713:31
odyssey4memattt done13:31
*** javeriak has quit IRC13:35
*** galstrom_zzz is now known as galstrom13:43
openstackgerritToby Oxborrow proposed openstack/openstack-ansible: Redirect "apt-get install -y" stdin to /dev/null  https://review.openstack.org/23306013:44
gparaskevasodyssey4me: regarding teardownscript, i dont know if this is a bug but, if you have openstack-deploy and controller or any other hosts on the same server then teardown.sh will delete etc/openstack_deploy prior to finishing making the script to fail due to inventory missing13:48
odyssey4megparaskevas haha, sounds like a bug13:48
gparaskevasodyssey4me: yeah its a bug if you dont have enough machines :P13:49
odyssey4megparaskevas I would think that /etc/openstack_deploy should be left alone actually - it's supposed to only tear down the containers and remove the services on the hosts13:49
gparaskevasyes , i believe it deletes folder with wildcards so if the host of openstack_deploy happens to be on tha same server as the controller then it gets deleted13:50
gparaskevaslet me check13:50
evrardjp+1 I'd rather NOT delete /etc/openstack_deploy13:50
evrardjpup to the deployer to remove it if he wants to13:51
gparaskevasactualy its mentioned on the beggining13:51
gparaskevasthat it will be deleted13:51
gparaskevasso its a feature13:51
gparaskevas:P13:51
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: [WIP] Rearrange group_vars/all into a directory with smaller files  https://review.openstack.org/23303313:51
*** ashishjain has quit IRC13:54
gparaskevasodyssey4me: so it documented that it does delete openstack_deploy but it seems to be causing the script to fail -> http://cdn.pasteraw.com/52pihjsfa67045qb68yq3e4dpy034yq13:54
gparaskevasshould i commit a patch?13:55
odyssey4megparaskevas go for it - be sure to also commit docs changes where needed :)13:55
evrardjpodyssey4me, while we are touching this, wouldn't be smarter to allow users to manage their group_vars?13:56
odyssey4meevrardjp you're talking about https://review.openstack.org/233033 ? if so, that's an experiment right now.13:57
evrardjpyup13:57
*** galstrom is now known as galstrom_zzz13:57
odyssey4meevrardjp yeah, we can rethink all that in the mitaka timeframe - I just wanted to see whether this works :)13:58
evrardjpI've tested almost the same thing here13:59
evrardjpI'm using folders for managing groups, so it should work13:59
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3857{4,6,7}: Password hashing algorithms  https://review.openstack.org/23307114:01
evrardjpif we'll ever re-read this conversation, I think we should have a group "baremetal" instead of is_metal: True14:01
gparaskevasodyssey4me: should i create a patch for it? should i check out if no bug is created?14:01
odyssey4melol evrardjp14:02
gparaskevasodyssey4me: should i file a bug for it? should i check out if no bug is created?****14:02
*** galstrom_zzz is now known as galstrom14:02
odyssey4megparaskevas all of the above :)14:02
gparaskevasodyssey4me: splendid14:02
*** jwagner_away is now known as jwagner14:02
*** fawadkhaliq has joined #openstack-ansible14:02
evrardjpodyssey4me, I gave my opinion I can now rest in peace...14:03
evrardjpmhayden, I'd happy to help about the reviewing14:04
*** sigmavirus24_awa is now known as sigmavirus2414:05
evrardjphowever I'm going to be a pain: I'll ask to justify stuff :p14:05
*** fawadkhaliq has quit IRC14:06
*** jwagner is now known as jwagner_away14:07
sigmavirus24mattt: are you saying I'm right? This never happens14:08
gparaskevasodyssey4me evrardjp cloudnull :: i cannot file a bug or at least i cannot find the button on launchpad. If you find the time and file it(or if you can enable me) i already have the patch!14:09
matttsigmavirus24: i didn't like to admit it but you know ... :)14:09
odyssey4megparaskevas put the patch up for review, but the 'report a bug' is on the top right hand corner14:10
evrardjpthere is a register a bug button14:10
sigmavirus24I'm taking the day off to recover from this revelation mattt14:10
sigmavirus24See you all Monday14:10
evrardjpyeah report, sorry14:10
evrardjphehe sigmavirus2414:10
odyssey4megparaskevas https://bugs.launchpad.net/openstack-ansible (top right hand corner)14:10
*** arnaud_orange1 has joined #openstack-ansible14:11
*** javeriak has joined #openstack-ansible14:11
*** arnaud_orange has quit IRC14:11
matttsigmavirus24: enjoy!  :)14:13
evrardjpmhayden, the link to security docs in the README is on read the docs... shouldn't it be on docs.openstack now?14:13
mhaydenevrardjp: i have a review in to fix that link ;)14:13
mhaydenhttps://review.openstack.org/#/c/233054/14:13
evrardjpsorry mhayden14:14
mhaydenevrardjp: no worries14:15
mhaydenstill finishing coffee here :P14:15
evrardjpquick question about this project, is it possible to enable only a category of configuration?14:16
*** Mudpuppy has joined #openstack-ansible14:16
mhaydenevrardjp: using tags, yes14:16
mhaydenlike -t cat214:16
mhaydenor -t cat314:16
evrardjpok14:16
evrardjpcould you document it then?14:17
tiagogomes_hi, how can I override the neutron policy?14:17
evrardjpand describe what the category means?14:17
odyssey4metiagogomes_ http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-openstack.html14:17
tiagogomes_odyssey4me awesome, I assume it will overwrite existing keys?14:18
odyssey4metiagogomes_ it will override anything14:19
odyssey4metiagogomes_ and you can use jinja in your override dict too if you'd like14:19
openstackgerritMerged openstack/openstack-ansible: Implementation of keepalived for haproxy  https://review.openstack.org/21881814:19
openstackgerritMerged openstack/openstack-ansible: Fix the nodepool file check  https://review.openstack.org/23300314:20
*** k_stev has joined #openstack-ansible14:20
*** spotz_zzz is now known as spotz14:21
mhaydenevrardjp: good idea14:21
mhaydenevrardjp: could you open a bug for that? :)14:21
mhaydenotherwise it will escape my mind :)14:22
*** javeriak has quit IRC14:22
*** jwagner_away is now known as jwagner14:22
tiagogomes_odyssey4me ta, and what about major upgrades?14:23
tiagogomes_odyssey4me, sorry, bad irc client14:23
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Fix the nodepool file check  https://review.openstack.org/23309014:23
odyssey4metiagogomes_that'll be worked on after the release of liberty: https://blueprints.launchpad.net/openstack-ansible/+spec/liberty-upgrade-path14:24
*** jwagner is now known as jwagner_away14:25
*** javeriak_ has joined #openstack-ansible14:26
*** Mudpuppy has quit IRC14:26
openstackgerritGeorge Paraskevas proposed openstack/openstack-ansible: Remove openstack_deploy from teardown.sh deletion list  https://review.openstack.org/23309214:26
*** Mudpuppy has joined #openstack-ansible14:27
gparaskevasodyssey4me: https://review.openstack.org/#/c/233092/14:28
*** markvoelker has quit IRC14:29
openstackgerritMerged openstack/openstack-ansible-security: Enable role testing and make structure ansible-galaxy compatible  https://review.openstack.org/23298714:29
*** jwagner_away is now known as jwagner14:32
evrardjpmhayden, you have a space on launchpad, or is it on github issues?14:32
evrardjpthat could be documented too ;)14:33
mhaydenevrardjp: good pont14:33
mhaydenpoint14:33
mhaydeni think it's in the plain openstack-ansible project unless odyssey4me knows of a different place14:34
evrardjpI have to go though14:34
evrardjpI hope I'll not forget to file these bugs when I know where I'll have to place them :p14:34
alextricitycloudnull: RE: Unable to manage members of a project through horizon. I saw that you replied but I didn't get the message.14:35
*** jwagner is now known as jwagner_away14:35
*** jwagner_away is now known as jwagner14:35
alextricityI need to set up that bouncer you told me about14:35
alextricityAnd increase my scrollback14:35
openstackgerritMerged openstack/openstack-ansible: Modularizing Neutron playbooks for master  https://review.openstack.org/23118714:35
openstackgerritMerged openstack/openstack-ansible: Adding PLUMgrid plugin option to neutron setup  https://review.openstack.org/23121414:35
palendaemhayden: Seems splitting out roles, to me, would be splitting out everything14:35
openstackgerritMerged openstack/openstack-ansible: Removed unnecessary comment in the user_secrets for ceph variable  https://review.openstack.org/23295714:35
cloudnullalextricity: znc for the win14:36
cloudnullBOOM javeriak_ ^ PLUMgrid & Neutron Modularized Plugin now supported in master14:37
cloudnull:)14:37
odyssey4mejaveriak_ you may backport your patches to kilo now :)14:38
cloudnull^ ++14:38
odyssey4memhayden yeah, you should probably make reference in the README for where to do things like file bugs, etc14:38
odyssey4methe role is part of the openstack-ansible big tent, so bugs/blueprints/etc use the openstack-ansible launchpad and process14:39
evrardjpalextricity, ZNC indeed :)14:39
evrardjpI'm also interested by the answer of cloudnull to horizon member management14:40
alextricityDownloading it now! So does anybody know about not being able to edit projects through horizon?14:40
alextricityOr is it just me?14:40
cloudnullyea? ^ moar datas14:40
javeriak_cloudnull, odyssey4me yay! thanks guys :)14:40
alextricityAfter finishing up a base OSD AIO, trying to edit projects through horizon results in a HTTP 50014:41
alextricityThat's all I get in the logs O_O14:41
cloudnullthank you javeriak_14:41
odyssey4mealextricity is that on a master build, or kilo?14:41
alextricitymaster14:41
odyssey4mealextricity and how long ago did you clone the repo?14:42
alextricityhmm.maybe about 3 or 4 days ago14:42
evrardjpalextricity, using admin role it works14:42
alextricityhmm.I wonder why it doesn't work for me14:43
odyssey4mealextricity so there were some bugs pretty recently, I'd suggest that you update the clone to the latest master - add this patch: https://review.openstack.org/23295514:44
odyssey4methat it most likely the final rc point for liberty upstream14:44
openstackgerritGeorge Paraskevas proposed openstack/openstack-ansible: Remove openstack_deploy from teardown.sh deletion list  https://review.openstack.org/23309914:44
tiagogomes_who from here was looking into l3_ha? I found a bug14:44
tiagogomes_:q14:44
alextricityodyssey4me: will do! Thanks14:44
odyssey4mealextricity then go through the process of updating as per a minor version update: http://docs.openstack.org/developer/openstack-ansible/install-guide/app-minorupgrade.html14:44
cloudnulltiagogomes_:  i was looking into that14:46
evrardjptiagogomes_, neutron? I was looking too14:46
tiagogomes_right, neutron-keepalived-state-change is installed on /usr/local/bin, but the rootwrap.conf is not configured to allow executing commands from there14:47
alextricityI need to use serveral variables across roles. Would the best place to put those variables be inventory/group_vars/hosts.yml?14:50
openstackgerritGeorge Paraskevas proposed openstack/openstack-ansible: Remove openstack_deploy from teardown.sh deletion list  https://review.openstack.org/23309914:51
gparaskevasodyssey4me: https://review.openstack.org/#/c/233099/ accidentaly submited as new forgot to commit -a --amend, dont be harsh :P14:52
odyssey4melol gparaskevas ah, I was wondering what happened14:54
odyssey4megparaskevas no problem - abandoned the older one14:55
gparaskevasodyssey4me: yeah i forgot to -a --amend right? that was it i believe14:56
odyssey4megparaskevas yep14:56
*** markvoelker has joined #openstack-ansible14:57
gparaskevasodyssey4me: great!14:57
*** neilus has quit IRC14:58
javeriak_guys, quick question, i see a br-snet in the example interface file, but theres no description of it in the install guide, neither have i ever created one on my setups, so what exactly is it for?14:59
odyssey4mejaveriak_ that's a legacy and it supposed to be removed14:59
palendaeI think that's servicenet14:59
palendaeNot applicable to most installs15:00
javeriak_oh okay15:02
*** pradk has quit IRC15:03
*** fawadkhaliq has joined #openstack-ansible15:03
*** pradk has joined #openstack-ansible15:04
*** jwagner is now known as jwagner_away15:07
*** fawadkhaliq has quit IRC15:08
openstackgerritMiguel Alex Cantu proposed openstack/openstack-ansible: Seperated out Telemetry Alarming (Aodh)  https://review.openstack.org/23222415:08
openstackgerritMiguel Alex Cantu proposed openstack/openstack-ansible: Add OpenID Connect RP Apache Module  https://review.openstack.org/22661715:12
*** sdake has joined #openstack-ansible15:12
*** fawadkhaliq has joined #openstack-ansible15:14
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Glance Configuration for Liberty  https://review.openstack.org/22996715:15
openstackgerritJaveria Khan proposed openstack/openstack-ansible: [backport] Modularizing Neutron playbooks for master  https://review.openstack.org/23311515:15
openstackgerritJaveria Khan proposed openstack/openstack-ansible: [backport] Modularizing Neutron playbooks for master  https://review.openstack.org/23311515:17
odyssey4mejaveriak_ typically backports are done using cherry-pick -x to show the originating commit with the message15:18
javeriak_odyssey4me, by using a -x with the cherrypick command?15:19
odyssey4mejaveriak_ yep15:19
javeriak_oh okay, shall i abandon and push again?15:19
odyssey4mejaveriak_ no need - just modify the commit message15:20
odyssey4mealso, no need for the edited title :)15:20
javeriak_haha, sorry odyssey4me, i was following our internal bakport formats, thought u guys added backports to the titles too15:21
jasondotstarstevelle: ping re: Bug#146986815:25
stevellepong jasondotstar15:25
jasondotstarhey... looking the bug this am..... qq: so basically we need to land all the .json files that define the metadefs in /etc/metadefs/ ?15:26
jasondotstarstevelle: ^15:27
stevellereviewing real quick15:27
jasondotstarthe list of .json file is here: https://github.com/openstack/glance/tree/master/etc/metadefs15:27
openstackgerritJaveria Khan proposed openstack/openstack-ansible: Modularizing Neutron playbooks for master  https://review.openstack.org/23311915:27
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3864{2,5,7,9}, V-38651: Umask adjustments  https://review.openstack.org/23312015:27
jasondotstars/file/files15:28
mhaydenodyssey4me: aaaah, the -1's, they burn! :P15:28
*** subscope has quit IRC15:28
stevellemhayden: smells like quality :D15:29
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3857{4,6,7}: Password hashing algorithms  https://review.openstack.org/23307115:29
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38637: Verify auditd pkg contents  https://review.openstack.org/23276715:29
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38539: Enable TCP SYN cookies  https://review.openstack.org/23221215:30
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3851{4,5,6,7}: Disabling certain network protocols  https://review.openstack.org/23212915:30
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3850{2,3,4}: Ownership/mode of /etc/shadow  https://review.openstack.org/23208715:31
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38501, V-38573: Disable accounts after failed logins  https://review.openstack.org/23207415:31
*** jaypipes is now known as leakypipes15:31
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38500: No UID 0 accounts except root  https://review.openstack.org/23207015:31
stevellejasondotstar: so the metadefs should be in the wheel now, we will need to add the "glance-manage db_load_metadefs  ..." task as a step post install15:31
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38498: Audit log file permissions  https://review.openstack.org/23205615:32
jasondotstarah. i see. they are included. just need to run the cmd at the end of the playbook...15:32
jasondotstarstevelle: ok got it.15:32
openstackgerritJaveria Khan proposed openstack/openstack-ansible: Adding PLUMgrid plugin option to neutron setup  https://review.openstack.org/23312315:33
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38496: Lock system accounts other than root  https://review.openstack.org/23201215:34
mhaydenokay, i think all of those are rebased now15:34
openstackgerritMerged openstack/openstack-ansible: Update nova & tempest SHA's and remove django-openstack-auth SHA  https://review.openstack.org/23295515:37
openstackgerritMerged openstack/openstack-ansible: Fix bashate violation in galera_server/files/mysql_init.sh  https://review.openstack.org/23299715:37
*** arnaud_orange1 has quit IRC15:39
*** arnaud_orange has joined #openstack-ansible15:40
*** gparaskevas has quit IRC15:45
*** persia has quit IRC15:46
*** persia has joined #openstack-ansible15:47
*** javeriak_ has quit IRC15:52
openstackgerritMiguel Alex Cantu proposed openstack/openstack-ansible: Seperated out Telemetry Alarming (Aodh)  https://review.openstack.org/23222415:52
*** ganderson has joined #openstack-ansible15:54
*** kerwin_bai has quit IRC15:55
openstackgerritMiguel Alex Cantu proposed openstack/openstack-ansible: Seperated out Telemetry Alarming (Aodh)  https://review.openstack.org/23222415:59
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38655: Mount w/no exec exception  https://review.openstack.org/23314716:00
*** arnaud_orange has quit IRC16:00
*** phalmos has joined #openstack-ansible16:00
*** phalmos has quit IRC16:02
*** scarlisle has quit IRC16:03
*** phalmos has joined #openstack-ansible16:03
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Modularizing Neutron playbooks for master  https://review.openstack.org/23311916:05
*** galstrom is now known as galstrom_zzz16:05
*** sdake_ has joined #openstack-ansible16:06
*** sdake has quit IRC16:06
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Removed unnecessary comment in the user_secrets for ceph variable  https://review.openstack.org/23315216:08
*** ganderson has quit IRC16:18
*** ganderson has joined #openstack-ansible16:18
*** tiagogomes_ has quit IRC16:18
*** phalmos has quit IRC16:19
*** jwagner_away is now known as jwagner16:20
*** g3rms_ has joined #openstack-ansible16:23
*** javeriak has joined #openstack-ansible16:25
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Switch from MySQL-python to PyMySQL  https://review.openstack.org/23317216:27
openstackgerritJaveria Khan proposed openstack/openstack-ansible: Adding PLUMgrid plugin option to neutron setup  https://review.openstack.org/23312316:27
*** sdake_ is now known as sdake16:28
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071616:34
*** jwagner is now known as jwagner_lunch16:39
*** jwagner_lunch is now known as jwagner_away16:40
*** KLevenstein has quit IRC16:40
*** phalmos has joined #openstack-ansible16:49
*** phalmos has quit IRC17:06
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Glance Configuration for Liberty  https://review.openstack.org/22996717:09
*** markvoelker has quit IRC17:12
*** javeriak_ has joined #openstack-ansible17:13
*** javeriak has quit IRC17:17
*** fawadkhaliq has quit IRC17:18
*** fawadkhaliq has joined #openstack-ansible17:24
*** fawadkhaliq has quit IRC17:24
*** fawadkhaliq has joined #openstack-ansible17:24
*** fawadkhaliq has quit IRC17:25
*** elo has joined #openstack-ansible17:33
openstackgerritMerged openstack/openstack-ansible: Remove openstack_deploy from teardown.sh deletion list  https://review.openstack.org/23309917:34
openstackgerritMerged openstack/openstack-ansible: Documentation: Syntax checking before running playbooks  https://review.openstack.org/23244317:34
openstackgerritMerged openstack/openstack-ansible: Redirect "apt-get install -y" stdin to /dev/null  https://review.openstack.org/23306017:34
*** alop has joined #openstack-ansible17:35
*** KLevenstein has joined #openstack-ansible17:39
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Set Keystone endpoints to be versionless  https://review.openstack.org/20519217:47
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-386**: Disabling various unneeded services  https://review.openstack.org/23319817:49
*** sdake has quit IRC17:53
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38637, V-3866{3,4,5}: Verify auditd pkg contents  https://review.openstack.org/23276717:54
*** sdake has joined #openstack-ansible17:54
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38637, V-3866{3,4,5}: Verify auditd pkg contents  https://review.openstack.org/23276717:54
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38655: Mount w/noexec exception  https://review.openstack.org/23314717:55
*** alextricity has quit IRC17:59
*** javeriak has joined #openstack-ansible18:04
*** scarlisle has joined #openstack-ansible18:06
*** javeriak_ has quit IRC18:06
*** sdake has quit IRC18:07
*** javeriak_ has joined #openstack-ansible18:09
*** javeriak has quit IRC18:09
*** fawadkhaliq has joined #openstack-ansible18:13
*** jwagner_away is now known as jwagner18:13
*** fawadk has joined #openstack-ansible18:15
*** KLevenstein_ has joined #openstack-ansible18:16
*** KLevenstein has quit IRC18:16
*** KLevenstein_ is now known as KLevenstein18:16
*** fawadkhaliq has quit IRC18:17
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38621: System clock sync  https://review.openstack.org/23320918:25
*** gparaskevas has joined #openstack-ansible18:26
*** sdake has joined #openstack-ansible18:31
*** sigmavirus24 is now known as sigmavirus24_awa18:34
*** sigmavirus24_awa is now known as sigmavirus2418:35
gparaskevasi am cherry picking that-> https://review.openstack.org/#/c/233099/ for kilo18:36
*** cloudtrainme has quit IRC18:36
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3865{6,7}: Samba  https://review.openstack.org/23321518:42
*** javeriak has joined #openstack-ansible18:43
*** javeriak_ has quit IRC18:45
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38643: World writable files  https://review.openstack.org/23321618:49
*** fawadkhaliq has joined #openstack-ansible18:49
*** fawadk has quit IRC18:52
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38658: Password reuse restrictions  https://review.openstack.org/23321918:52
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38659: Encrypted storage exception docs  https://review.openstack.org/23322118:56
*** fawadk has joined #openstack-ansible19:01
*** cloudtrainme has joined #openstack-ansible19:02
*** fawadkhaliq has quit IRC19:03
cloudnullgparaskevas:  if you can cherry-pick that , it'd be awesome19:05
openstackgerritGeorge Paraskevas proposed openstack/openstack-ansible: Remove openstack_deploy from teardown.sh deletion list  https://review.openstack.org/23322419:06
cloudnull++19:06
gparaskevas:P19:06
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updates the lint check to ignore templates  https://review.openstack.org/23110119:08
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement keystone venv support  https://review.openstack.org/22951319:08
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38660: SNMPv3  https://review.openstack.org/23322619:08
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38659, V-38662: Encrypted storage exception docs  https://review.openstack.org/23322119:12
*** harlowja has quit IRC19:12
*** alextricity-mobi has joined #openstack-ansible19:13
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-386{67,70}: Run AIDE via cron  https://review.openstack.org/23323119:21
*** jwagner is now known as jwagner_away19:21
*** k_stev has quit IRC19:22
*** k_stev has joined #openstack-ansible19:23
*** jwagner_away is now known as jwagner19:24
*** harlowja has joined #openstack-ansible19:24
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38678: Auditd space_left size  https://review.openstack.org/23323719:31
*** alextricity-mobi has quit IRC19:35
*** daneyon has joined #openstack-ansible19:36
*** jwagner is now known as jwagner_away19:37
*** alextricity-mobi has joined #openstack-ansible19:37
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38671: Remove sendmail  https://review.openstack.org/23324219:37
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38672: Remove netconsole service  https://review.openstack.org/23324319:40
*** jwagner_away is now known as jwagner19:41
*** jwagner is now known as jwagner_away19:44
*** daneyon_ has joined #openstack-ansible19:44
*** KLevenstein_ has joined #openstack-ansible19:45
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38680: Audit log capacity notifications  https://review.openstack.org/23324719:45
*** KLevenstein has quit IRC19:46
*** KLevenstein_ is now known as KLevenstein19:46
*** jwagner_away is now known as jwagner19:47
*** daneyon has quit IRC19:47
*** jwagner is now known as jwagner_away19:47
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-386{67,70}: Run AIDE via cron  https://review.openstack.org/23323119:48
*** k_stev has quit IRC19:49
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-386{67,70}: Run AIDE via cron  https://review.openstack.org/23323119:50
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38659, V-38662: Encrypted storage exception docs  https://review.openstack.org/23322119:51
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38659, V-38662, V-38693: Encrypted storage exception docs  https://review.openstack.org/23322119:55
*** cloudtrainme has quit IRC19:57
*** fawadkhaliq has joined #openstack-ansible19:58
*** fawadk has quit IRC20:02
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38692: Lock inactive accounts  https://review.openstack.org/23325520:02
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement neutron venv support  https://review.openstack.org/23072620:05
*** cloudtrainme has joined #openstack-ansible20:10
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3867{4,6}: X windows  https://review.openstack.org/23325920:14
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3867{4,6}: X windows  https://review.openstack.org/23325920:16
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38675: Restrict core dumps  https://review.openstack.org/23326120:21
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38679: Disable DHCP client docs  https://review.openstack.org/23326220:24
*** k_stev has joined #openstack-ansible20:27
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38684: Max concurrent sessions  https://review.openstack.org/23326420:31
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38675: Restrict core dumps  https://review.openstack.org/23326120:32
*** Mudpuppy has quit IRC20:34
*** ganderson has quit IRC20:38
*** brice_ has quit IRC20:42
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38682: Disable bluetooth modules  https://review.openstack.org/23327020:43
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38687: VPN connectivity (exception docs)  https://review.openstack.org/23327320:45
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3869{2,4}: Lock inactive accounts  https://review.openstack.org/23325520:46
* mhayden apologizes for the flood ;)20:46
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-386{67,70,96}: Run AIDE via cron  https://review.openstack.org/23323120:48
*** wmlynch has quit IRC20:55
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-53481: Auditd disk space + single-user mode  https://review.openstack.org/23327620:56
bgmccollumshould `nova get-vnc-console test spice-html5` work for spice consoles?20:56
*** pradk has quit IRC20:58
matttbgmccollum: no?21:00
matttbgmccollum: you mean `nova get-spice-console` ?21:01
*** javeriak has quit IRC21:02
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38702: FTP daemon logging  https://review.openstack.org/23327921:04
*** sdake_ has joined #openstack-ansible21:04
bgmccollummattt: thanks...terrible UX21:05
*** sdake has quit IRC21:06
matttbgmccollum: i won't argue with that :)21:06
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38496: Lock system accounts other than root  https://review.openstack.org/23201221:07
mhaydenprometheanfire: what should i use instead of debug? https://review.openstack.org/#/c/232070/21:08
mhaydenor are you talking about using failed_when: ?21:08
prometheanfiremhayden: yes21:09
mhaydenwait, those same lines are in another review21:09
mhaydenhold on, i may have goofed21:09
mhaydengoof confirmed21:09
prometheanfiredun goofed21:10
matttmhayden: bra slow down21:10
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38496: Lock system accounts other than root  https://review.openstack.org/23201221:10
matttit's not a race21:10
prometheanfirewhy not?21:11
mhaydenmattt: ain't nobody got time for that21:11
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38500: No UID 0 accounts except root  https://review.openstack.org/23207021:12
mhaydenprometheanfire: okay, 38496 and 38500 should be sorted21:12
mhaydensomehow 38496's ansible ended up in 3850021:12
prometheanfireya, noticed :P21:12
mhaydenmattt: 17 controls left21:13
mhaydenand they're all the highly annoying ones :|21:13
matttmhayden: imma be here all night21:13
mhaydenmattt: also i've been listening to EDM all day21:13
matttmhayden: anything good?21:14
mhaydendiscovered Fon.Leman21:14
mhaydenkinda good21:14
mhaydengreat for headphones with decent bass21:14
*** sdake_ has quit IRC21:14
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38458: /etc/group user ownership  https://review.openstack.org/23328321:16
mhaydenmattt: there's a doozy ^^21:16
*** KLevenstein has quit IRC21:18
*** sdake has joined #openstack-ansible21:19
matttmhayden: i thought we did this one already21:19
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-51337: Use an LSM at boot  https://review.openstack.org/23328421:20
mhaydenmattt: probably for group ownership21:21
*** kukacz has quit IRC21:22
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3851{1,2,3}: IPv4 security controls  https://review.openstack.org/23208821:24
matttmhayden: why don't you use http://docs.ansible.com/ansible/fail_module.html for https://review.openstack.org/#/c/232070/6/tasks/auth.yml ?21:25
mhaydenah, i forgot about that module21:26
mhayden-1 and comment and i'll fix that up21:26
*** phalmos has joined #openstack-ansible21:26
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-51875: Symlink for docs  https://review.openstack.org/23328521:28
mhaydenand that's the last one for me today21:28
mhaydeny'all have a good one21:28
*** fawadkhaliq has quit IRC21:30
*** fawadkhaliq has joined #openstack-ansible21:31
openstackgerritSteve Lewis proposed openstack/openstack-ansible: Use pip install --proxy when $HTTPS_PROXY is set  https://review.openstack.org/23291621:32
*** gparaskevas has quit IRC21:33
matttmhayden: have a good one21:33
*** fawadkhaliq has quit IRC21:34
*** phalmos has quit IRC21:39
*** CheKoLyN has joined #openstack-ansible21:46
*** sigmavirus24 is now known as sigmavirus24_awa21:58
*** alextricity-mobi has quit IRC22:10
*** alextricity-mobi has joined #openstack-ansible22:14
*** alejandrito has quit IRC22:34
*** mfisch has quit IRC22:34
*** spotz is now known as spotz_zzz22:35
*** mfisch has joined #openstack-ansible22:35
*** mfisch is now known as Guest2776422:35
*** Guest27764 is now known as mfisch22:37
*** mfisch has joined #openstack-ansible22:37
*** k_stev has quit IRC22:37
*** elo has quit IRC22:38
*** elo has joined #openstack-ansible22:38
*** daneyon_ has quit IRC22:40
*** alop has quit IRC22:46
*** miguelgrinberg has quit IRC22:53
*** miguelgrinberg has joined #openstack-ansible22:53
*** markvoelker_ has joined #openstack-ansible23:10
*** elo is now known as help23:11
*** help is now known as Guest7815523:11
*** CheKoLyN has quit IRC23:16
*** Guest78155 has quit IRC23:22
*** elo has joined #openstack-ansible23:23
*** sdake has quit IRC23:26
*** leakypipes has quit IRC23:49
« Thursday, 2015-10-08 Index Saturday, 2015-10-10 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!