Tuesday, 2015-10-13

« Monday, 2015-10-12 Index Wednesday, 2015-10-14 »
*** alop has quit IRC00:08
*** sdake_ has quit IRC00:18
*** Guest42648 has quit IRC00:20
*** sdake has joined #openstack-ansible00:33
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Block requests 2.8.0, oslo.messaging 2.6.0 & cap WebOb<1.5.0  https://review.openstack.org/23375600:33
openstackgerritMerged openstack/openstack-ansible: Fix run-aio-build.sh for curl one-liner  https://review.openstack.org/23296400:34
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Implement Neutron LBAAS using haproxy  https://review.openstack.org/22036500:41
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Implement Neutron LBAAS using haproxy  https://review.openstack.org/22036500:48
*** BjoernT has quit IRC00:56
-cloudnull- the master gate is blocked due to several oslo related changes00:59
-cloudnull- the master gate is blocked due to several oslo related changes current package differences which were released within the last 24 hours https://gist.github.com/cloudnull/a551628cc136a5036cfb01:00
openstackgerritMerged openstack/openstack-ansible: Make bootstrap-ansible script compatible with RHEL  https://review.openstack.org/23333001:04
*** opal has joined #openstack-ansible01:11
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38498: Audit log file permissions  https://review.openstack.org/23205601:21
*** opal has left #openstack-ansible01:21
mhaydenprometheanfire: todo improved ^^01:21
cloudnulllol01:21
prometheanfiremhayden: done01:22
* mhayden high fives prometheanfire01:23
mhayden# TODO: bring beer for cloudnull and prometheanfire01:23
prometheanfirescotch01:23
mhayden# and wine cooler for d34dh0r5301:23
prometheanfirelol01:23
* cloudnull will work for beer01:23
cloudnull:)01:23
prometheanfireofc01:23
prometheanfireany alcohol is appreciated01:23
*** elo has quit IRC01:32
*** tlian has quit IRC01:45
*** Mudpuppy has joined #openstack-ansible02:23
*** ggillies has quit IRC02:25
*** sdake has quit IRC02:29
*** kerwin_bai has joined #openstack-ansible02:52
*** CBR09 has joined #openstack-ansible02:53
openstackgerritKevin Carter proposed openstack/openstack-ansible: Block requests 2.8.0, oslo.messaging 2.6.0 & cap WebOb<1.5.0  https://review.openstack.org/23375602:56
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updates the lint check to ignore templates  https://review.openstack.org/23110102:58
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement nova venv support  https://review.openstack.org/23072702:59
openstackgerritKevin Carter proposed openstack/openstack-ansible: Seperated out Telemetry Alarming (Aodh)  https://review.openstack.org/23222403:00
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement swift venv support  https://review.openstack.org/23073303:00
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement neutron venv support  https://review.openstack.org/23072603:00
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement keystone venv support  https://review.openstack.org/22951303:00
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement horizon venv support  https://review.openstack.org/22922603:00
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement heat venv support  https://review.openstack.org/22922503:00
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement glance venv support  https://review.openstack.org/22922103:01
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement ceilometer venv support  https://review.openstack.org/22921203:01
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement cinder venv support  https://review.openstack.org/22546303:01
*** jhesketh has quit IRC03:08
*** jhesketh has joined #openstack-ansible03:13
*** elo has joined #openstack-ansible03:25
*** sdake has joined #openstack-ansible03:33
*** sdake has quit IRC03:37
*** elo has quit IRC03:37
*** sdake has joined #openstack-ansible03:38
*** sdake has quit IRC04:30
*** sdake has joined #openstack-ansible04:31
*** kerwin_bai has quit IRC04:33
*** kerwin_bai has joined #openstack-ansible04:56
*** opal has joined #openstack-ansible05:19
*** opal has left #openstack-ansible05:32
*** javeriak has joined #openstack-ansible05:37
*** elo has joined #openstack-ansible05:39
*** elo has quit IRC05:39
*** daneyon has joined #openstack-ansible05:40
*** daneyon has quit IRC05:41
*** javeriak has quit IRC06:11
*** Mudpuppy has quit IRC06:14
*** Mudpuppy_ has joined #openstack-ansible06:14
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Break apart and document the upgrade process  https://review.openstack.org/22413706:20
*** javeriak has joined #openstack-ansible06:21
*** openstack has joined #openstack-ansible06:30
*** daneyon has joined #openstack-ansible06:34
*** javeriak has joined #openstack-ansible06:39
*** daneyon has quit IRC06:39
*** javeriak_ has joined #openstack-ansible06:43
*** javeriak has quit IRC06:44
*** javeriak_ has quit IRC06:59
*** gparaskevas has joined #openstack-ansible07:13
*** jhesketh has quit IRC07:22
*** jhesketh has joined #openstack-ansible07:23
*** neilus has joined #openstack-ansible07:24
*** javeriak has joined #openstack-ansible07:25
*** javeriak has quit IRC07:26
*** javeriak has joined #openstack-ansible07:26
*** javeriak has quit IRC07:28
*** daneyon has joined #openstack-ansible07:29
*** javeriak has joined #openstack-ansible07:29
*** daneyon has quit IRC07:34
*** ggillies has joined #openstack-ansible07:37
*** persia has quit IRC07:50
*** persia has joined #openstack-ansible07:51
*** subscope has joined #openstack-ansible07:52
*** javeriak has quit IRC07:59
*** Mudpuppy_ has quit IRC08:03
*** CBR09 has left #openstack-ansible08:11
odyssey4memattt did you see my update in https://review.openstack.org/233172 ?08:17
matttodyssey4me: i have now :)08:18
matttodyssey4me: why does devstack still use the other library then?08:19
odyssey4memattt according to sdague it doesn't08:20
odyssey4mebut bear this in mind - galera still requires the other library08:20
odyssey4methere's a hard dependency there - that's why we don't remove the library altogether, all we do is remove it from the openstack services08:20
*** javeriak has joined #openstack-ansible08:20
matttodyssey4me: https://github.com/openstack-dev/devstack/blob/35814a7b6e4248f3c890019a0eddee4b4b76c564/files/debs/keystone08:21
matttodyssey4me: sorry https://github.com/openstack-dev/devstack/blob/master/files/debs/keystone08:21
matttodyssey4me: https://github.com/openstack-dev/devstack/blob/master/files/debs/neutron08:21
matttetc. etc.08:21
odyssey4memattt that's likely for mysql08:21
matttwut08:22
*** daneyon has joined #openstack-ansible08:23
*** subscope has quit IRC08:23
matttodyssey4me: i'm happy to push that commit through, i'd just hate for us to have some issues surface in production as a result08:24
*** subscope has joined #openstack-ansible08:24
*** mgoddard has joined #openstack-ansible08:25
*** javeriak has quit IRC08:26
*** sdake has quit IRC08:27
*** daneyon has quit IRC08:28
*** openstack has joined #openstack-ansible08:49
*** subscope has quit IRC09:03
*** harvy has quit IRC09:06
*** harvy has joined #openstack-ansible09:08
*** elo has joined #openstack-ansible09:11
*** elo has quit IRC09:11
*** subscope has joined #openstack-ansible09:15
*** daneyon has joined #openstack-ansible09:17
*** daneyon has quit IRC09:22
evrardjphello everyone09:31
gparaskevasyellow!09:31
robakany reason why I'd be getting error like this, when running ansible/nova.py for openstack vm launching? "fatal: [localhost] => One or more undefined variables: list object has no element 0"09:34
*** openstackstatus has joined #openstack-ansible09:37
*** ChanServ sets mode: +v openstackstatus09:37
*** ashisjain has joined #openstack-ansible09:38
-openstackstatus- NOTICE: gerrit is undergoing an emergency restart to investigate load issues09:40
*** ChanServ changes topic to "gerrit is undergoing an emergency restart to investigate load issues"09:40
*** kerwin_bai has quit IRC09:41
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible: Implementation of keepalived for haproxy  https://review.openstack.org/23406309:41
*** kerwin_bai has joined #openstack-ansible09:41
evrardjpI'd like to help with reviews, but it seems it's a bad day for gerrit09:44
ashisjainhello09:50
ashisjainNeed some help  :)09:50
ashisjainI was finally able to install osad on 5 nodes09:50
ashisjainNeed some help to stabilise it09:51
ashisjainMy neutron services are continuosly oscillating in on/of mode09:51
ashisjainI have also seen some errors in galera as well as rmq09:51
ashisjainI have tried restarting rabbitmq-server and than neutron-server, it seems to be solving the problem for few minutes but than all the  neutron services running on agents go down09:52
ashisjainwhen I run neutron agent-list I see variable number of ':-) " and 'xxx' all the time09:53
ashisjainand at times I see all 'xxx'09:53
ashisjainHere is one of the error which I am seeing in neutron-server log : oslo_messaging.rpc.dispatcher TimeoutError: QueuePool limit of size 30 overflow 10 reached, connection timed out, timeout 12009:54
ashisjainIn rabbitmq I see lot of errors like this "no exchange 'reply_7037f84350cd48088c3f1088542ce1b0' in vhost '/'""09:55
ashisjainand when I run rabbitmq list_exchanges I am unable to find any exchange with above name09:56
odyssey4mefyi mancdaz http://docs.openstack.org/developer/openstack-ansible/install-guide/app-minorupgrade.html09:56
odyssey4meo/ evrardjp09:57
ashisjainI have tried restarting rabbitmq, neutron-server and  mysql till  now, but nothing seems to be helping09:57
odyssey4meashisjain do you have proper network time consistency?09:57
odyssey4meie do you have ntp setup on your hosts to a reliable source?09:57
odyssey4merobak uh, I'm guessing that you're referring to the ansible modules for openstack, rather than https://github.com/openstack/openstack-ansible which is the focus of this channel09:59
ashisjainodyssey4me: Yes all the hosts are in sync with respect to ntp09:59
odyssey4merobak if you're looking for assistance with using the openstack modules for ansible, you'll likely have better luck in #ansible - we can try to help, but most of us are not necessary familiar with the old modules09:59
odyssey4me(we have our own)09:59
ashisjainhere are the ntp servers address09:59
ashisjainserver 1.in.pool.ntp.org server 1.asia.pool.ntp.org server 2.asia.pool.ntp.org09:59
odyssey4meashisjain and have you confirmed that they're all in sync from a time standpoint?10:00
*** openstackgerrit has quit IRC10:01
*** openstackgerrit has joined #openstack-ansible10:02
ashisjainodyssey4me: yes all the 5 nodes are in sync from time standpoint.10:02
ashisjainall have the same time and date10:03
ashisjainI have also tried increasing the max connection setting in my.cnf of galera on one of the lxc host but that also has not helped10:09
*** daneyon has joined #openstack-ansible10:11
odyssey4meashisjain if you monitor your neutron server log, what do you see?10:12
ashisjainodyssey4me: there are continuous error messages of "RROR oslo_messaging.rpc.dispatcher [req-caebfc5b-d195-4e98-87b9-a43a697b85c0 ] Exception during message handling: QueuePool limit of size 30 overflow 10 reached, connection timed out, timeout 120"10:14
ashisjainfollowed by stack trace10:14
ashisjainodyssey4me: Just one question how is this whole osad suppose to work which mysql it is going to use or which neutron-server it is going to use as I have got 3 infra hosts.10:15
*** daneyon has quit IRC10:16
odyssey4meashisjain try setting 'neutron_rpc_conn_pool_size' to a number higher than 30 in user_variables.yml (30 is the default), then re-run os-neutron-install.yml10:19
ashisjainodyssey4me: the aove error was from one of the neutron server node10:19
odyssey4meashisjain you can inspect the haproxy configuration to see how the load balancing is setup10:19
ashisjainI another node I see the following message "Oct 13 15:53:43 openstack007_neutron_server_container-28aea5e2 neutron-server: 2015-10-12 16:35:22.910 15319 CRITICAL neutron [-] OperationalError: (OperationalError) (1045, "Access denied for user 'neutron'@'openstack006' (using password: YES)") None None"10:19
odyssey4meashisjain ah, so you have a problem there - it would seem that you may not have all the neutron servers setup the same way?10:20
odyssey4medid you fully populate user_secrets properly?10:20
odyssey4mehave you compared the default user_secrets with yours to ensure that you have the full set of vars needed?10:20
odyssey4mehave you edited anything in the code tree?10:20
ashisjainodyssey4me: I have used the script which comes with osad for user secret generation10:21
ashisjainNo I have not modified the code10:23
ashisjainodyssey4me: What is this "have you compared the default user_secrets with yours to ensure that you have the full set of vars needed" ?10:23
ashisjainI have run the os-neutron-install.yml  for neutron10:24
ashisjainand I have run it many times10:24
ashisjainbecause of failures here and there10:24
ashisjainshall I re-run the neutron playbook with the settings as you have suggested?10:26
odyssey4meyup, you'll need to figure out why all your neutron servers aren't able to read the DB10:27
odyssey4mebut increasing the number of RPC pools for rabbit access is not a bad thing10:27
ashisjainneutron_rpc_conn_pool_size: 4010:27
*** kerwin_bai has quit IRC10:27
ashisjainIs this value fine?10:27
odyssey4meI'd say perhaps 100 would be better10:27
ashisjainokay10:28
ashisjainwhat shall i do about that password errror?10:28
ashisjainaccess error?10:28
ashisjainRunning neutron playbook will not fix that if at all their is a setup issue?10:28
odyssey4mecheck neutron.conf on all the neutron servers and validate that they all have the right user & password values10:28
odyssey4methen check each Galera DB to validate that they're all happy and in sync10:29
ashisjainneutron server or agent conf?10:29
odyssey4meyou need to validate the health of your environment, which is not something I can step you through in detail10:29
ashisjainokay I will check out all these details10:29
odyssey4mewhatever is giving you the db errors, which I expect would be the neutron server10:29
ashisjainand let u know10:29
tiagogomescloudnull, do you know whether it is possible to create HA routers by default?10:32
evrardjpmhayden: what's funny is that most of the changes can be done thanks to open source software, like OSSEC for example10:33
evrardjpmhayden: (about security changes and followups, in the openstack-ansible-security role)10:33
*** harvy has quit IRC10:38
ashisjainodyssey4me: I have checked the username/password for all the 3 neutron server containers and all of them are in sync with each other and also user_secrets.yml10:43
ashisjainodyssey4me: Another step as you have suggested is to look into the db, can you please which tables in which db I need to check?10:44
odyssey4meashisjain not the tables - check whether the cluster's synchronisation is healthy10:44
odyssey4meit's a mariadb cluster, so check whether they're all up to date10:44
odyssey4meashisjain this has some clues: http://docs.openstack.org/developer/openstack-ansible/install-guide/ops-galera-recoverymulti.html10:45
odyssey4meotherwsie check the mariadb docs10:45
ashisjainodyssye4me: hatop -s /var/run/haproxy.stat suggest all the nodes are up10:46
ashisjainincluding galera10:47
odyssey4meashisjain that tells you the ports are up, it doesn't tell you whether the mariadb is healthy10:47
ashisjainodyssey4me: yup I will check the health of clusters10:47
odyssey4meashisjain you should probably do the same for rabbitmq10:48
ashisjainokay10:48
ashisjainwhen shall I rerun the neutron playbook10:48
ashisjainafter I suppose fixing all this issue?10:48
odyssey4meI thought you had already?10:48
*** kerwin_bai has joined #openstack-ansible10:48
odyssey4mebut yes - verify that your infrastructure is healthy from the bottom-up, as would be standard for any troubleshooting situation10:49
ashisjainNo not yet I thought I should verify the passwords first10:49
openstackgerritMerged openstack/openstack-ansible: Break apart and document the upgrade process  https://review.openstack.org/22413710:49
ashisjainOkay I will run the neutron playbook with higher value for rpc....10:50
*** javeriak has joined #openstack-ansible10:52
ashisjainodyssey4me: galera cluster is healthy..here is the paste"http://paste.openstack.org/show/476102/"10:54
*** javeriak has quit IRC10:55
ashisjainodyssey4me:Is their a similar command to check the rabbitmq cluster health?10:55
*** subscope has quit IRC10:56
matttashisjain: rabbitmqctl cluster_status10:57
*** jaypipes has joined #openstack-ansible10:59
ashisjainrabbitmq cluster status seems okay http://paste.openstack.org/show/476107/11:02
ashisjainmattt: thanks for the command11:03
odyssey4meashisjain ok, if the agent status is still bouncing all the time - tail each neutron server's log to see whether you see anything11:03
*** daneyon has joined #openstack-ansible11:05
*** daneyon has quit IRC11:10
*** ChanServ changes topic to "Topic: Launchpad: https://launchpad.net/openstack-ansible Weekly Meetings: https://wiki.openstack.org/wiki/Meetings/openstack-ansible || Repo rename from stackforge/os-ansible-deployment to openstack/openstack-ansible happens Sept 11 2015 23:00 to 23:30. See https://review.openstack.org/#/c/200730/"11:15
-openstackstatus- NOTICE: Gerrit has been restarted and is responding to normal load again.11:15
*** subscope has joined #openstack-ansible11:38
pellaeonHi, I have glance_nfs_client settings, but the glance containers don't mount NFS on boot11:54
pellaeon`df` doesn't show the mountpoint, while `mount` shows:11:55
pellaeon/dev/mapper/ansible--vg-root on /var/lib/glance/images type ext4 (rw,intr,soft,_netdev)11:55
pellaeonI can attach to the container and `mount -a` and it will mount successfully11:56
pellaeonI'm also seeing dmesg:11:57
pellaeontype=1400 audit(1444735720.105:160): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-openstack" name="/run/rpc_pipefs/" pid=3230 comm="mount" fstype="rpc_pipefs" srcname="rpc_pipefs" flags="rw"11:57
pellaeonthis was solved by adding `mount fstype=rpc_pipefs` to apparmor rules, reference http://bridge.grumpy-troll.org/2014/03/lxc-routed-on-ubuntu/11:58
pellaeonbut after solving this it still doesn't mount automatically11:59
*** daneyon has joined #openstack-ansible11:59
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: [WIP] Test reduced constraints  https://review.openstack.org/23416912:01
*** tlian has joined #openstack-ansible12:04
*** daneyon has quit IRC12:04
mhaydenevrardjp: you might be right, but OSSEC certainly isn't trivial to configure ;)12:25
mhaydenhappy tuesday, folks12:25
ashisjainodyssey4me: hello.12:27
ashisjainodyssey4me: My playbook run finished and here is what I am seeing in errors as I tail the log12:28
ashisjainhttp://paste.openstack.org/show/476122/12:29
ashisjainhttp://paste.openstack.org/show/476121/12:29
ashisjainhttp://paste.openstack.org/show/476123/12:29
ashisjainThese are the logs from 3 different neutron server host, 1st is from the host where haproxy is also running12:30
ashisjainThis looks more of a rabbitmq issue now12:30
ashisjainHere is the run of rabbitmqctl list_exchanges "http://paste.openstack.org/show/476124/"12:32
ashisjainHere is a paste of log from rabbitmq host which also seems to be logging the error of channel not found12:34
ashisjainhttp://paste.openstack.org/show/476125/12:34
odyssey4meashisjain last time I dug into logs and saw those, it was kinda normal behaviour - however that was over a year ago so things may have changed12:35
odyssey4meperhaps someone else can comment on whether this is normal12:35
ashisjainodyssey4me: all the neutron agents are down12:37
ashisjainWhere is the exchanges information defined?12:41
odyssey4meashisjain they're created by each service12:43
ashisjainL3 agent on host is giving this warning 015-10-13 18:20:32.122 30825 WARNING neutron.agent.l3.agent [req-4e88b1f1-d54b-4ee0-a401-daf2077783b1 ] l3-agent cannot check service plugins enabled on the neutron server. Retrying. Detail message: Timed out waiting for a reply to message ID cef380d0ced14256a45f95bee7c7abb312:43
odyssey4memost of them are dynamic12:43
odyssey4memany of them also get deleted automatically12:43
odyssey4methat's why I'm not sure whether that's expected behavior or not12:44
ashisjainodyssey4me: okay will wait for someone to help verify this12:44
odyssey4meashisjain I'd advise you to keep digging meanwhile12:45
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38500: No UID 0 accounts except root  https://review.openstack.org/23207012:45
ashisjainyeah i will keep doing it12:45
odyssey4meuse google too - you're now in openstack territory, not OSA territory12:45
*** woodard has joined #openstack-ansible12:46
ashisjainodyssey4me: Sure12:47
ashisjainodyssey4me: thanks for your help and time12:47
ashisjainand patience too :)12:48
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38501, V-38573: Disable accounts after failed logins  https://review.openstack.org/23207412:50
*** daneyon has joined #openstack-ansible12:53
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3851{1,2,3}, V-38686: IPv4 security controls  https://review.openstack.org/23208812:58
*** daneyon has quit IRC12:58
*** scarlisle has joined #openstack-ansible13:07
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Block/cap incompatible libraries  https://review.openstack.org/23375613:07
*** KLevenstein has joined #openstack-ansible13:09
*** alejandrito has joined #openstack-ansible13:09
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Glance Configuration for Liberty  https://review.openstack.org/22996713:13
odyssey4me:( mattt  I rebased https://review.openstack.org/229967 and lost your vote13:13
mhaydena swift re-review is required13:14
* mhayden giggles13:14
mhaydenoh, i need more caffeine13:14
matttodyssey4me: no worries13:15
odyssey4methanks mattt13:16
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38622: Restricted mail relaying  https://review.openstack.org/23420413:20
*** maximov has joined #openstack-ansible13:27
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38683: Check for non-unique usernames  https://review.openstack.org/23420913:28
*** harvy has joined #openstack-ansible13:28
*** mgoddard_ has joined #openstack-ansible13:29
ashisjainHow to use rabbitmq in a standalone mode in osad?13:30
ashisjainI have already setup rabbitmq in osad in a cluster mode .... is it possible to change it now?13:31
*** mgoddard has quit IRC13:32
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38681: GID's in /etc/passwd & /etc/group  https://review.openstack.org/23421513:35
*** Mudpuppy has joined #openstack-ansible13:43
*** daneyon has joined #openstack-ansible13:48
*** daneyon has quit IRC13:53
*** phalmos has joined #openstack-ansible13:55
*** woodard has quit IRC13:57
*** woodard has joined #openstack-ansible14:00
*** k_stev has joined #openstack-ansible14:00
*** sigmavirus24_awa is now known as sigmavirus2414:01
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-51739: LSM device labeling exception  https://review.openstack.org/23422714:02
odyssey4meashisjain sure, remove two rabbitmq servers from the cluster - remove them from your openstack_user_config - remove the containers from the inventory - destroy the containers on the hosts - then re-run setup-openstack to reconfigure all the openstack bits14:03
ashisjainodyssey4me: How can I remove rabbitmq from openstack_user_config, there is no separate section on user_config14:06
ashisjainon rabbitmq14:06
ashisjainIf I just stop the 2 rabbitmq containers will that not help?14:06
odyssey4meashisjain oh, I think you may need ot set the affinity to 0 - I'm not sure exactly, but I know it's possible14:06
ashisjainwhere is this affinity set?14:07
*** Bjoern_ has joined #openstack-ansible14:08
Bjoern_Do we know when we're going to fix the requests issue in master ?14:11
*** Bjoern_ is now known as BjoernT14:11
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38699: Public directories exception  https://review.openstack.org/23423514:11
odyssey4meBjoernT it's an upstream issue - they're releasing another RC today or tomorrow. We do have a workaround fix in though to unblock us: https://review.openstack.org/23375614:13
odyssey4meThat took around 16 hours of my life to figure out that I will never get back.14:13
BjoernTi see, still in review14:14
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38685: Temporary accounts (exception)  https://review.openstack.org/23423714:14
odyssey4meBjoernT yes, it was just finalised - waiting for it to pass again before we push it through.14:14
BjoernTYepp, requirements.txt sucks from upstream14:14
odyssey4meBjoernT not really, dependent libraries do things outside of the openstack community's control14:15
*** neilus has quit IRC14:15
odyssey4methey decide to more strictly enforce things suddenly14:15
BjoernTlol, it still sucks14:15
odyssey4meso it seems likely that better gating will be enforced on the libraries to find these issues early on14:15
odyssey4meand of course the same holds true for us14:15
odyssey4menote that you only know about this issue because of our gating - it has not affected an actual tagged release14:16
BjoernTyes I know14:16
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-58901: sudo requires auth  https://review.openstack.org/23423914:20
*** jmckind has joined #openstack-ansible14:21
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071614:26
*** phalmos has quit IRC14:28
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38697: Sticky bit (exception)  https://review.openstack.org/23424914:30
cloudnulltiagogomes: if you pull this change in https://review.openstack.org/#/c/233389/ you should be able to create ha routers by default the main issue is that we have the l3ha config in the l3 config file and neutron expects it in the neutron.conf file14:30
tiagogomescloudnull ah!14:31
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-386{85,90}: Temporary/emergency accounts (exception)  https://review.openstack.org/23423714:33
*** ganderson has joined #openstack-ansible14:38
*** Mudpuppy has quit IRC14:38
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-386{67,70,95,96}, V-38700: Run AIDE via cron  https://review.openstack.org/23323114:38
*** Mudpuppy has joined #openstack-ansible14:38
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-386{67,70,95,96,98}, V-38700: Run AIDE via cron  https://review.openstack.org/23323114:39
*** ganderson has quit IRC14:39
*** daneyon has joined #openstack-ansible14:42
*** ashisjain has quit IRC14:43
tiagogomesis every python packages installed from the container repo? Or are there some exceptions14:44
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-51391: Initialize AIDE  https://review.openstack.org/23426414:44
tiagogomesI am asking because I am seeing allow_all_external in pip.conf. But I am not sure of what this setting really entails14:44
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Block/cap incompatible libraries  https://review.openstack.org/23375614:46
*** ganderson has joined #openstack-ansible14:47
*** daneyon has quit IRC14:47
cloudnulltiagogomes:  all pip package installs are done from within the env unless an --isolated flag is set14:47
tiagogomescloudnull ta14:48
*** mgoddard_ has quit IRC14:50
*** mgoddard has joined #openstack-ansible14:50
*** BjoernT has quit IRC15:01
*** woodard_ has joined #openstack-ansible15:15
*** woodard_ has quit IRC15:16
*** woodard_ has joined #openstack-ansible15:16
*** woodard has quit IRC15:18
*** jmckind has quit IRC15:18
*** woodard has joined #openstack-ansible15:23
*** woodard_ has quit IRC15:26
*** phalmos has joined #openstack-ansible15:30
*** daneyon has joined #openstack-ansible15:36
*** daneyon has quit IRC15:41
*** jwagner is now known as jwagner_away15:45
*** daneyon has joined #openstack-ansible15:47
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement cinder venv support  https://review.openstack.org/22546315:49
*** daneyon_ has joined #openstack-ansible15:49
*** jwagner_away is now known as jwagner15:49
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement neutron venv support  https://review.openstack.org/23072615:50
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement nova venv support  https://review.openstack.org/23072715:50
*** daneyon has quit IRC15:53
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement aodh venv support  https://review.openstack.org/23340115:53
*** mgoddard has quit IRC15:53
*** mgoddard has joined #openstack-ansible15:53
*** alop has joined #openstack-ansible15:54
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement aodh venv support  https://review.openstack.org/23340115:54
*** fawadkhaliq has joined #openstack-ansible15:57
cloudnullmattt:  that those changes should address the rootwrap issue you were seeing16:00
prometheanfiretime?16:00
odyssey4mebug triage cloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, mancdaz, dolphm, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung, prometheanfire, evrardjp, arbrandes, mhayden, scarlisle16:03
d34dh0r53o/16:03
evrardjpo/16:03
cloudnullo/16:03
jwagnero/16:03
prometheanfire\o16:03
scarlisle\o16:03
odyssey4mefirst up https://bugs.launchpad.net/openstack-ansible/+bug/150341116:03
openstackLaunchpad bug 1503411 in openstack-ansible "Plays fail to mount NFS glance store inside glance containers if local_path is set to /var/lib/glance/images" [Undecided,New]16:03
jwagneri filed this one16:05
jwagnerit only fails if the nfs mount is set to that path16:05
jwagnerif u change it it works fine16:05
jwagnerthis is because that path is getting bind mounted into the container before the nfs plays run so it is already set up16:05
cloudnulljwagner:  is it this path /var/lib/glance/nfs_images16:07
odyssey4meso it sounds to me like we're assuming that a file store is on the host when we shouldn't16:07
odyssey4meie if the file store is an nfs store, we shouldn't bind mount it?16:07
*** Bjoern_ has joined #openstack-ansible16:07
jwagnercloudnull no that is the path that i set that worked16:07
jwagnerif you set it to just /images it fails16:07
jwagnerand the default / doc example is /images16:07
cloudnullah.16:08
jwagneralso if you overwrite that path, cinder.conf still uses /images16:08
jwagnerit doesnt use the custom path u set up16:08
*** harvy has quit IRC16:08
jwagnerso you have to then go overwrite the conf manually16:08
*** phalmos_ has joined #openstack-ansible16:10
jwagnernot sure the correct way to fix it, but the mount point gets laid down in the container run, so it gets set pretty early16:10
jwagnerand it always gets laid down as /images16:11
*** woodard_ has joined #openstack-ansible16:11
jwagnerno matter if you change it in your config or not16:11
*** woodard_ has quit IRC16:11
*** woodard_ has joined #openstack-ansible16:12
*** phalmos has quit IRC16:13
jwagnerhttps://etherpad.openstack.org/p/rpc_vnx_integration16:13
jwagnerif you go to the GLANCE section in that etherpad you can see the manual steps you hvae to run to get it working16:13
jwagnerline 5516:13
andymccrimo we dont bind mount images dir16:13
andymccryou can already set the size of the glance container16:13
andymccrso increase that16:13
stevellethat makes it container-ephemeral?16:14
odyssey4meit's only used for the glance cache16:14
odyssey4meoh no, it's for the glance store in this case16:14
*** woodard has quit IRC16:14
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the neutron l3HA tool to use v3  https://review.openstack.org/22905316:14
stevellekinda want the option of a mount for that16:15
scarlislewhat about for customers who want to utilize nfs for glance?16:15
scarlislestevelle yea16:15
andymccri dont like the idea of "well we're running out of space on the container so lets just push that issue to the host" that assumes infinite storage on the host which is not true16:15
andymccrso you are just pushing an issue to somewhere where you won't see it potentially, but when you do its more impactful16:15
evrardjpso we need to improve glance documentation/setup with nfs...16:17
Sam-I-Amlots of docs improvements are needed16:17
andymccrif we are going to bind mount that dir, then its more of a bug - since we shouldn't bind mount that dir when using nfs or swift or any non-local storage options16:17
odyssey4meso I think the bind-mount to the host should be an opt-in, rather than an opt-out16:18
evrardjpandymccr: +116:18
jwagnerwell even if you fix the doc the glance-api and registry configs get /images no matter if you set a custom mount or not16:18
jwagneri had to lineinfile replace them manually16:18
jwagnerwhich wont survive a playbook run16:18
evrardjpit needs a complete study: how to make work glance better with NFS, that was my opinion16:20
odyssey4meevrardjp we have gate split work planned, and part of that work will be to implement an integration test and documentation for glance/nfs16:21
andymccrso we'd have to change teh cinder path based on glance's custom path?16:21
andymccrhow about you just allow that cinder option to be a var and you can override it if you change it in glance16:21
andymccrthen it becomes a docs change16:21
odyssey4methe issue here is that the bind mount is happening when the container should be mounting remotely instead16:21
evrardjpit's a large impact: if it's done on master, you'll use the new template module but cannot be straightforwardly backported in kilo + lxc containers setup + multi component change16:23
evrardjpimpact is not the good term16:23
evrardjpsorry16:23
evrardjpodyssey4me: good to hear :)16:24
odyssey4meevrardjp a deployer can use the template module to override any settings16:24
odyssey4mein master and kilo16:24
*** Bjoern_ has quit IRC16:24
stevelletagging this upgrade-impact now16:25
odyssey4mehowever as part of the glue that pulls this all together, we're making 'smart' decisions around where things should happen in a 'standard' environment16:25
evrardjpok I was not sure config_template changes on each component was already merged in kilo16:26
*** woodard has joined #openstack-ansible16:27
odyssey4meevrardjp it'll be included in the next tag16:27
evrardjpok16:27
*** elo has joined #openstack-ansible16:27
odyssey4meok, so it seems we have two issues here16:29
odyssey4meone is that the location to mount should be customisable, but it's not16:29
odyssey4meand the other is that there's a bind mount intefering with mounts which are for remote resources16:30
*** phalmos_ has quit IRC16:30
*** Bjoern_ has joined #openstack-ansible16:30
odyssey4meany volunteers to pick this up?16:30
*** woodard_ has quit IRC16:30
andymccri'll take it16:30
andymccrassigny16:30
andymccrdo the typey typey16:30
odyssey4meimportance?16:31
andymccri think its pretty random, like we havnt run into this because nobody is really doing that so i'd put low-med?16:31
stevelleseems right to me16:31
odyssey4meI'm thinking medium.16:31
odyssey4meWhile it's not a common use-case, it seems, it has a high impact when you hit it.16:32
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the neutron l3HA tool to use v3  https://review.openstack.org/22905316:32
odyssey4meobjections?16:32
palendaeNone here16:33
evrardjpnone16:33
cloudnullnope16:33
odyssey4menext https://bugs.launchpad.net/openstack-ansible/+bug/150422616:33
openstackLaunchpad bug 1504226 in openstack-ansible "nova management network should be dynamic" [Undecided,New] - Assigned to Rahul U Nair (rahulunair)16:33
scarlisleI think we're ok from support side.  We have a couple of customers using netapp for glance images, but I think we have a workaround16:33
odyssey4mecloudnull ^16:33
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38623: rsyslog file permissions  https://review.openstack.org/23433116:33
*** gparaskevas has quit IRC16:33
odyssey4meI think cloudnull  has a review up for this already?16:34
cloudnullyup16:34
*** subscope has quit IRC16:34
cloudnullhttps://review.openstack.org/#/c/232666/16:34
cloudnullrelated issue https://bugs.launchpad.net/openstack-ansible/+bug/150420816:34
openstackLaunchpad bug 1504208 in openstack-ansible "cinder storage network should be dynamic" [Medium,In progress] - Assigned to Kevin Carter (kevin-carter)16:34
cloudnulland pr https://review.openstack.org/#/c/232637/16:34
cloudnullboth correct the same thing for the different services16:35
odyssey4methe impact here is that the address ends up being inappropriate16:36
cloudnullyes, however that causes traffic to go over the wrong network16:36
odyssey4meso for instance, cinder-volume publishes the management address, and therefore all the cinder traffic goes over the wrong network16:36
odyssey4methe same for the spice/vnc traffic16:37
*** woodard_ has joined #openstack-ansible16:37
odyssey4memarked as medium and assigned to cloudnull - any objections?16:37
*** Bjoern_ has quit IRC16:37
stevellenone16:37
*** woodard_ has quit IRC16:37
*** woodard_ has joined #openstack-ansible16:38
cloudnulltiagogomes: cc- on those issues, he help work through them16:38
odyssey4meok, that's it for new bugs - are there any other bugs that need triage/discussion?16:38
cloudnullhttps://review.openstack.org/#/c/229053 -- https://bugs.launchpad.net/openstack-ansible/+bug/1499708 -16:40
openstackLaunchpad bug 1499708 in openstack-ansible trunk "Migrate neutron-ha-tool.py to use Keystone API v3" [High,In progress] - Assigned to Kevin Carter (kevin-carter)16:40
*** woodard has quit IRC16:40
cloudnulltiagogomes, palendae, prometheanfire, d34dh0r53 i updated that review to make sure that the log error doesnt happen and it should now support routers that were created with ha=True16:40
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38546: Disable IPv6 system-wide  https://review.openstack.org/23433316:40
palendaecloudnull:Thanks16:40
odyssey4meok, be warned that it will not pass the gate yet as liberty is broken right now thanks to library updates16:42
odyssey4methe fix is imminent16:42
odyssey4meso go ahead and review regardless - the gate doesn't currently test this anyway16:42
odyssey4meany other bugs/reviews?16:44
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-51391: Initialize AIDE  https://review.openstack.org/23426416:44
*** Bjoern_ has joined #openstack-ansible16:45
*** mgoddard_ has joined #openstack-ansible16:45
palendaeAppears mhayden has a lot of security reviews up ;)16:45
mhaydenpfft16:46
mhaydeni just pushed in the last STIG control a few moments ago16:46
evrardjpdisable ipv6 system-wide? Hopefully it's an opt-in :p16:47
mhaydendefinitely is16:47
mhaydenthat one gives me the sads16:47
evrardjpme too16:47
palendaemhayden: Complete noob question - where do the V-XXXXX designations come from?16:47
evrardjpit's documented16:48
mhaydenhttps://www.stigviewer.com/stig/red_hat_enterprise_linux_6/16:48
palendaeIs it like CVEs, where there's a group publishing them?16:48
mhaydenyeah, those are the ID's applied by the US Gov't16:48
palendaeGotcha16:48
mhaydenthe folks at UCF make a handy graphical viewer there16:48
mhaydenthe STIG downloads from the Govt are one big ol' fat zip file with everything under the sun in it16:48
*** mgoddard has quit IRC16:49
palendaeSo these are the things you follow to ensure the NSA can get in? :)16:49
evrardjpand friends16:49
mhaydenSRSLY. U GUYS.16:49
mhayden:P16:49
palendaeevrardjp: Well, I think they share it out16:49
mhaydenpalendae: it's best practices ;)16:49
palendaeThough there are 4 other Eyes16:49
evrardjpdepending on the country ;)16:49
palendaemhayden: Best for whom, HMMMMMM?16:49
palendaeevrardjp: Right16:49
cloudnullsetenforce 0 FTW!16:49
mhaydenoh i was waiting for that16:49
evrardjp:D16:49
*** mgoddard_ has quit IRC16:49
stevelleI haven't found the one that says "Salt all passwords with THIS super-secure key and DSA-64"16:50
* mhayden deducts one bottle of beer from cloudnull's tally16:50
palendaeOpen all ports, disable firewalls, set banner to "HELLO NSA"16:50
Bjoern_The nsa firiends already rewrote code so they can get in everywhere no need for the STIG stuff16:50
cloudnullpalendae:  lololol16:50
*** Bjoern_ is now known as BjoernY16:50
evrardjpstevelle: or set this wheel user password to "NSAforever"16:50
palendaeBjoernY: But open source!16:50
cloudnullmhayden: :(16:51
palendaeThere *can't* be backdoors or bugs in stuff where people can read the code!16:51
stevelleneeds more open16:51
stevelledrop the iptables rules16:51
evrardjppalendae: they call this "Frontdoor"16:51
BjoernYYeah that worked when they hacked the ipsec stack in xxBSD16:51
palendaeBjoernY: I'm being sarcastic :)16:51
evrardjpBjoernY: it's not proven, IIRC :)16:51
BjoernYYes I know16:51
palendae-1 Day bugs!16:51
*** BjoernY is now known as BjoernT16:52
stevelleI've used an OS I would call a -1 day bug, before16:52
evrardjpsadly we all use NIC that have closed firmware...16:52
mhaydenevrardjp: i'll go test the module change and see how it affects sysctl16:52
palendaestevelle: Windows?16:52
stevelleofc16:53
palendaeevrardjp: Wireless especially16:53
evrardjppalendae: on servers? ><16:53
odyssey4meno-one needs to write back doors, openssl is a very wide open door16:53
evrardjpbut yeah16:53
evrardjpodyssey4me: true16:53
evrardjp;)16:53
evrardjpmhayden: ok16:53
palendaeevrardjp: Ok, well maybe not there16:53
palendaeBut wireless APs sure16:53
evrardjpmhayden: it's just I have the feeling that using modprobe to remove ipv6 wasn't the recent way of doing it16:54
palendaeThat firmware's more tightly controlled than standard ethernet NICs16:54
mhaydenyou could be right16:54
palendaeodyssey4me: Yep, and it's really re-assuring to see the OpenBSD people tear it apart but not send patches upstream :(16:54
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Glance Configuration for Liberty  https://review.openstack.org/22996716:54
evrardjppalendae: there are other libs16:54
evrardjpnobody uses them or they are not as freely available16:55
palendaeevrardjp: Right, more concerned about all the problems being laid bare and not being fixed16:55
evrardjp(licensing issues ... thanks lawyers!)16:55
evrardjpI guess we could all redo the world at some point, by setting another way to verify certificates, etc ... but I guess we should keep this conversation with a beer at the summit, right? ;)16:56
odyssey4mepalendae have you read their reasons why?16:56
odyssey4methe reasons are that they did, then got sick of the upstream custodian ignoring them16:56
evrardjpthey first blamed, which didn't help for good relations, IIRC16:57
odyssey4methe upstream custodian, they say, is more interested in making consulting money based on their crappy software's bugs16:57
palendaeodyssey4me: Ah, a shame16:57
palendaeAlso not surprising16:57
odyssey4meyeah, that's why the bsd crowd decided to make their own new stuff16:57
stevellewhich bsd crowd ;)16:58
odyssey4meit's quite a fascinating analysis for mere mortals like myself16:58
evrardjphttp://it.slashdot.org/story/14/04/10/1343236/theo-de-raadts-small-rant-on-openssl16:58
palendaestevelle: I think Open16:58
palendaeI mean, I get it16:58
stevelleBSD was like a fractal community, you see a complex thing, zoom, see another thing just as complex, zoom, repeat16:58
palendaestevelle: was?16:59
stevelleI stopped looking...16:59
odyssey4mehttps://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCAQFjAAahUKEwik_Lfr9b_IAhVIWhQKHSf3C4w&url=http%3A%2F%2Fwww.libressl.org%2F&usg=AFQjCNE0mrEqSJRL6JQLratpfEt-hXJCOQ&sig2=gMKdTz7Qi_YXW8aY2IJaCQ&bvm=bv.104819420,d.bGg16:59
stevellewalked away before 200016:59
odyssey4mebah16:59
odyssey4mehttp://www.libressl.org/16:59
palendaeodyssey4me: Yeah, that's what I was referring to16:59
mhaydenevrardjp: weird, you might be right on the v6 stuff16:59
evrardjpwalked away later, but still they lay down interesting stuff/possible future problems16:59
mhaydenit came up with v6 still enabled16:59
evrardjpmhayden: weird that I'm right? ;)17:00
*** mgoddard has joined #openstack-ansible17:00
evrardjpmhayden: also, pay attention to where you edit sysctl, sometimes it's a pain :p17:00
mhaydenright17:00
mhaydenso using sysctl killed v6 immediately -- no reboot req'd17:00
mhaydeni'll use that instead17:00
evrardjpyou may want to test it17:01
evrardjpif it stays upon reboots or ifup/ifdown s17:01
mhaydenwell it has to go into sysctl.conf to persist17:01
mhaydenbut it looks like ifup/ifdown makes stuff come up with v4-only17:01
mhaydeni'll try it with .default.disable_ipv6 too17:02
evrardjpodyssey4me: did you look at the favicon of libressl?17:02
evrardjpI recall of having set default and all to sysctl using ansible sysctl module17:02
odyssey4meevrardjp heartbleed17:02
evrardjp touché!17:02
odyssey4methat's what got the BSD nuts on the rampage17:03
palendaeHeartbleed was kind of genius, in that giving it a name and a logo raised awareness in a way a CVE number hasn't17:03
odyssey4methe flame war was awesome17:03
evrardjpyeah17:03
evrardjpthe bug too17:03
palendaeodyssey4me: What one aren't?17:03
evrardjpno log and having fun gathering passwords17:04
evrardjpit was world's biggest honeypot17:04
palendaeShould still go back and read Tenanbaum (sp) and Torvalds on minix vs linux17:04
evrardjpmhayden: what's weird it's the handling of NICs for disable_ipv6... if it's a sysctl to disable ipv6 on a specific nic, it needs to be set in post-up in /etc/network/interfaces, IIRC, instead of sysctl17:05
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38546: Disable IPv6 system-wide  https://review.openstack.org/23433317:06
evrardjpI'm off!17:06
*** k_stev1 has joined #openstack-ansible17:07
*** k_stev has quit IRC17:07
*** woodard has joined #openstack-ansible17:09
cloudnullhave a good one evrardjp17:10
*** kerwin_bai has quit IRC17:11
*** woodard_ has quit IRC17:12
*** b3rnard0 is now known as b3rnard0_away17:18
*** sdake has joined #openstack-ansible17:25
stevellesigmavirus24: any reason this doesn't have workflow? https://review.openstack.org/#/c/23187017:28
*** phalmos has joined #openstack-ansible17:29
sigmavirus24no clue stevelle17:29
odyssey4mestevelle nope, simply an oversight17:30
stevelleall good now17:30
sigmavirus24probably thanks to gertty17:30
*** sdake has quit IRC17:31
*** sdake has joined #openstack-ansible17:36
*** gparaskevas has joined #openstack-ansible17:44
*** sdake_ has joined #openstack-ansible17:52
*** sdake has quit IRC17:52
*** tiagogomes has quit IRC17:55
*** abitha has joined #openstack-ansible17:55
*** fawadkhaliq has quit IRC17:58
*** fawadkhaliq has joined #openstack-ansible18:07
*** gparaskevas has quit IRC18:09
*** b3rnard0_away is now known as b3rnard018:11
*** elo has quit IRC18:19
*** fawadkhaliq has quit IRC18:21
*** fawadkhaliq has joined #openstack-ansible18:21
*** fawadkhaliq has quit IRC18:24
*** fawadkhaliq has joined #openstack-ansible18:24
*** fawadkhaliq has quit IRC18:24
*** KLevenstein_ has joined #openstack-ansible18:25
*** phalmos has quit IRC18:25
*** subscope has joined #openstack-ansible18:26
*** ashishjain has joined #openstack-ansible18:26
*** KLevenstein has quit IRC18:28
*** KLevenstein_ is now known as KLevenstein18:28
*** elo has joined #openstack-ansible18:28
*** elo has quit IRC18:29
*** elo has joined #openstack-ansible18:30
*** phalmos has joined #openstack-ansible18:53
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Removed unnecessary comment in the user_secrets for ceph variable  https://review.openstack.org/23315218:56
*** daneyon has joined #openstack-ansible18:56
ashishjainhello18:58
*** daneyon_ has quit IRC19:00
*** daneyon has quit IRC19:00
*** mgoddard has quit IRC19:01
*** alejandrito has quit IRC19:20
*** alejandrito has joined #openstack-ansible19:22
ashishjainHello19:22
ashishjainMy neutron agent services are bouncing all the time in on and off state19:23
ashishjainI have tried restarting rabbitmq as well as re-running neutron playbook19:24
ashishjainNeutron l3 agent seems to be showing the warning "WARNING neutron.agent.l3.agent [req-8707164c-36e4-46d2-b1e9-eeb208110488 ] l3-agent cannot check service plugins enabled on the neutron server. Retrying. Detail message: Timed out waiting for a reply to message ID c32e4a4e1d774c2c909a59fdc0a60489"19:24
ashishjainI have shutdown 2 out of 3 rabbitmq servers considering that mirroring is probably not working as expected but I still the issue19:25
ashishjainIn the rabbitmq log I see the following "Oct 14 00:44:55 openstack006_rabbit_mq_container-7df79f87 rabbit@openstack006_rabbit_mq_container-7df79f87:            "no exchange 'reply_9443c66abbfb4cf3ad55183576dff90a' in vhost '/'","19:26
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Use inventory instead of hostfile parameter  https://review.openstack.org/23187019:27
ashishjainany advice on how shall i go about debugging this up19:27
ashishjainIn one of the neutron server I am seeing the following ct 14 01:08:05 openstack007_neutron_server_container-28aea5e2 neutron-server: 2015-10-12 17:26:40.242 18468 TRACE neutron OperationalError: (OperationalError) (1045, "Access denied for user 'neutron'@'openstack006' (using password: YES)") None None19:29
*** alejandrito has quit IRC19:32
*** ganderson has quit IRC19:35
*** cloudtrainme has joined #openstack-ansible19:46
openstackgerritMerged openstack/openstack-ansible: Block/cap incompatible libraries  https://review.openstack.org/23375619:46
openstackgerritMerged openstack/openstack-ansible: Add minor upgrade documentation to the install guide  https://review.openstack.org/23252219:46
*** sdake has joined #openstack-ansible19:52
*** sdake_ has quit IRC19:52
*** ashishjain has quit IRC19:57
openstackgerritMerged openstack/openstack-ansible: Fix the nodepool file check  https://review.openstack.org/23309019:57
*** mgoddard has joined #openstack-ansible19:59
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Cinder Configuration for Liberty  https://review.openstack.org/22720520:02
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Nova Configuration for Liberty  https://review.openstack.org/22783920:03
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Updates the lint check to ignore templates  https://review.openstack.org/23110120:04
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Updated the neutron l3HA tool to use v3  https://review.openstack.org/22905320:05
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071620:06
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update rabbitmq-server to v3.5.6-1  https://review.openstack.org/23370020:06
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Switch from MySQL-python to PyMySQL  https://review.openstack.org/23317220:07
BjoernTHey, did anyone test ldap by chance in Kilo ?20:07
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement Neutron LBAAS using haproxy  https://review.openstack.org/22036520:07
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-51391: Initialize AIDE  https://review.openstack.org/23426420:08
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Redirect "apt-get install -y" stdin to /dev/null  https://review.openstack.org/23333120:08
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Set Keystone endpoints to be versionless  https://review.openstack.org/20519220:08
*** mgoddard has quit IRC20:10
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement cinder venv support  https://review.openstack.org/22546320:10
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement keystone venv support  https://review.openstack.org/22951320:11
*** mgoddard has joined #openstack-ansible20:11
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement neutron venv support  https://review.openstack.org/23072620:12
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement horizon venv support  https://review.openstack.org/22922620:12
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement swift venv support  https://review.openstack.org/23073320:13
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement heat venv support  https://review.openstack.org/22922520:14
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement glance venv support  https://review.openstack.org/22922120:15
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement ceilometer venv support  https://review.openstack.org/22921220:15
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Seperated out Telemetry Alarming (Aodh)  https://review.openstack.org/23222420:16
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement aodh venv support  https://review.openstack.org/23340120:16
*** jmccrory has quit IRC20:17
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement nova venv support  https://review.openstack.org/23072720:17
*** jmccrory has joined #openstack-ansible20:19
*** abitha has quit IRC20:21
sigmavirus24odyssey4me: cloudnull do you think it would be beneficial to use openstack-announce to announce osa releases?20:21
odyssey4mesigmavirus24: yes, and I think some smart work to automate the production of release notes from commit messages would be good too20:24
sigmavirus24odyssey4me: I expect there's already automation in the openstack release managers channel20:25
sigmavirus24they can probably share some things with you/us20:25
odyssey4methere's a lot we could do to cut down some of the manual work and keep people informed20:25
* sigmavirus24 nods20:25
odyssey4mesigmavirus24: will you be at the summit? I'd like to let some of the creative thought take root and maybe hack a few things.20:26
*** jwagner is now known as jwagner_away20:26
sigmavirus24odyssey4me: I will not20:27
*** jwagner_away is now known as jwagner20:28
odyssey4mesigmavirus24: :( then we'll have to arrange another time - for now I'm out20:28
odyssey4meWe can chat on the morrow.20:29
sigmavirus24sounds good20:29
odyssey4menight all20:29
*** cloudtrainme has quit IRC20:34
*** cloudtrainme has joined #openstack-ansible20:35
*** elo has quit IRC20:35
*** spotz_zzz is now known as spotz20:39
*** then3rd has joined #openstack-ansible20:41
*** cloudtrainme has quit IRC20:48
*** phalmos has quit IRC20:51
*** cloudtrainme has joined #openstack-ansible20:52
openstackgerritMerged openstack/openstack-ansible: Add novnc console support  https://review.openstack.org/23265720:55
openstackgerritMerged openstack/openstack-ansible: Install spice-html5 from source  https://review.openstack.org/23269720:58
openstackgerritMerged openstack/openstack-ansible: Update Glance Configuration for Liberty  https://review.openstack.org/22996720:58
*** subscope has quit IRC21:02
*** cloudtrainme has quit IRC21:04
*** mgoddard has quit IRC21:05
*** cloudtrainme has joined #openstack-ansible21:07
*** jwagner is now known as jwagner_away21:08
*** spotz is now known as spotz_zzz21:12
*** jwagner_away is now known as jwagner21:14
*** woodard_ has joined #openstack-ansible21:16
mhaydenany way to make pep8 happy with a python heredoc that goes over 80 chars in width?21:17
*** ggillies has quit IRC21:18
*** ggillies has joined #openstack-ansible21:19
*** woodard has quit IRC21:19
*** woodard_ has quit IRC21:20
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Docs overhaul  https://review.openstack.org/23443921:24
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Docs overhaul  https://review.openstack.org/23443921:26
cloudnullmhayden: you'd need to skip the check21:30
mhaydencloudnull: life finds a way21:33
mhayden:P21:33
*** jwagner is now known as jwagner_away21:33
mhayden(i watched jurassic park over the weekend)21:33
cloudnullindeed it does21:33
*** spotz_zzz is now known as spotz21:33
mhaydenso all of the controls are in the repo now21:34
mhaydennow the bribing for reviews begins :P21:34
* cloudnull will review for beer21:35
cloudnull:)21:35
openstackgerritMerged openstack/openstack-ansible-security: V-3850{2,3,4}: Ownership/mode of /etc/shadow  https://review.openstack.org/23208721:45
openstackgerritMerged openstack/openstack-ansible-security: V-38621: System clock sync  https://review.openstack.org/23320921:52
BjoernTcloudnull: Why didn't you mention this earlier, we can fix that. That actually goes bidirectional21:55
cloudnullwhat ?21:55
cloudnullthe beer thing . i thought that was well known :)21:56
*** daneyon has joined #openstack-ansible21:58
BjoernTno it wasn't22:03
*** elo has joined #openstack-ansible22:06
-cloudnull- cloudnull will do reviews for beer :)22:06
cloudnullBjoernT: now it is :)22:06
stevellemy free OSAS quota for today has been reached as well :)22:07
*** sigmavirus24 is now known as sigmavirus24_awa22:08
cloudnullim out take care22:31
*** spotz is now known as spotz_zzz22:32
BjoernTlater22:34
*** darrenc is now known as darrenc_afk22:35
*** sdake has quit IRC22:41
*** daneyon has quit IRC22:41
*** k_stev1 has quit IRC22:44
*** woodard has joined #openstack-ansible22:55
*** woodard has quit IRC22:55
*** tiagogomes_ has joined #openstack-ansible22:56
*** tiagogomes_ has quit IRC22:56
*** woodard has joined #openstack-ansible22:56
*** KLevenstein has quit IRC23:04
*** cloudtrainme has quit IRC23:17
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Implement Neutron LBAAS using haproxy  https://review.openstack.org/22036523:30
*** alop has quit IRC23:33
« Monday, 2015-10-12 Index Wednesday, 2015-10-14 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!