Wednesday, 2015-10-21

« Tuesday, 2015-10-20 Index Thursday, 2015-10-22 »
*** jwagner is now known as jwagner_away00:07
*** sdake has joined #openstack-ansible00:08
*** Mudpuppy has quit IRC00:08
*** Mudpuppy has joined #openstack-ansible00:08
*** gardenshed has quit IRC00:09
*** daneyon_ has quit IRC00:09
*** jwagner_away is now known as jwagner00:10
*** sdake_ has quit IRC00:11
*** galstrom_zzz is now known as galstrom00:15
*** sdake has quit IRC00:28
*** galstrom is now known as galstrom_zzz00:29
*** sdake has joined #openstack-ansible00:31
*** jwagner is now known as jwagner_away00:38
*** sdake_ has joined #openstack-ansible00:42
*** alop has quit IRC00:43
*** CheKoLyN has quit IRC00:44
*** sdake has quit IRC00:45
*** sdake_ has quit IRC00:53
*** sdake has joined #openstack-ansible00:53
*** tlian2 has joined #openstack-ansible01:00
*** galstrom_zzz is now known as galstrom01:01
*** markvoelker has joined #openstack-ansible01:02
*** tlian has quit IRC01:02
*** k_stev has joined #openstack-ansible01:03
*** tlian2 has quit IRC01:04
*** sdake_ has joined #openstack-ansible01:05
*** sdake has quit IRC01:06
*** tlian has joined #openstack-ansible01:11
*** galstrom is now known as galstrom_zzz01:11
*** sdake_ is now known as sdake01:31
*** k_stev has quit IRC02:25
*** galstrom_zzz is now known as galstrom02:34
*** shausy has joined #openstack-ansible02:40
*** markvoelker has quit IRC02:42
*** metral is now known as metral_zzz03:05
*** shausy has quit IRC03:05
*** galstrom is now known as galstrom_zzz03:08
*** galstrom_zzz is now known as galstrom03:13
*** gardenshed has joined #openstack-ansible03:13
*** metral_zzz is now known as metral03:14
*** gardenshed has quit IRC03:18
*** dolpher has joined #openstack-ansible03:36
dolphercontainer['ansible_ssh_host'] = networks[old_address]['address'] KeyError: 'address'03:45
dolpherany idea what this problem is?03:45
dolpherit's a fresh install, after configuration, I got this error03:46
*** daneyon has joined #openstack-ansible04:04
*** daneyon_ has joined #openstack-ansible04:05
*** galstrom is now known as galstrom_zzz04:06
*** daneyon has quit IRC04:09
cloudnulldolpher: hard to tell. maybe the address for the given container is missing a cidr from the cidr nets list ?04:39
cloudnullyou mind pasting your openstack_user_config.yml  file ?04:40
openstackgerritMerged openstack/openstack-ansible: Removing extra 'provides' from doc  https://review.openstack.org/23773704:44
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Removing extra 'provides' from doc  https://review.openstack.org/23786904:45
openstackgerritMerged openstack/openstack-ansible-security: AllowUnauthenticated fails when it shouldn't  https://review.openstack.org/23700704:47
*** daneyon_ has quit IRC04:48
*** sdake_ has joined #openstack-ansible05:00
*** sdake has quit IRC05:01
*** openstackgerrit has quit IRC05:16
*** javeriak has joined #openstack-ansible05:16
*** gardenshed has joined #openstack-ansible05:16
*** openstackgerrit has joined #openstack-ansible05:16
*** gardenshed has quit IRC05:21
*** shausy has joined #openstack-ansible05:29
*** shausy has quit IRC05:42
*** shausy has joined #openstack-ansible05:43
*** javeriak has quit IRC05:50
dolphercloudnull: problem found06:03
dolphercidr_networks:06:05
dolpher  container: 172.29.236.0/2206:05
dolpher...06:05
dolpherglobal_overrides:06:05
dolpher  provider_networks:06:05
dolpher    - network:06:05
dolpher        container_bridge: "br-mgmt"06:05
dolpher        container_type: "veth"06:05
dolpher        container_interface: "eth1"06:05
dolpher        ip_from_q: "management"06:05
dolpherThe network name mismatch, so it's my config file problem:)06:05
*** javeriak has joined #openstack-ansible06:10
*** gardenshed has joined #openstack-ansible06:19
*** gardenshed has quit IRC06:23
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Install Guide Cleanup  https://review.openstack.org/23751306:24
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Install Guide Cleanup  https://review.openstack.org/23751306:25
*** daneyon has joined #openstack-ansible06:26
*** daneyon_ has joined #openstack-ansible06:27
openstackgerritMerged openstack/openstack-ansible: Install Guide Cleanup  https://review.openstack.org/23751306:27
*** daneyon has quit IRC06:31
*** tlian has quit IRC06:33
*** k_stev has joined #openstack-ansible06:35
*** javeriak has quit IRC06:36
*** Mudpuppy has quit IRC06:36
odyssey4menice patch matt https://review.openstack.org/237513 - care to try and backport to kilo? it'll have some conflicts as there are some differences in content between the branches06:41
odyssey4memattt ^06:41
matttodyssey4me: i can certainly try06:42
matttthis was all prep work to getting the ceph work added :(06:43
matttkinda got derailed06:43
dolpher"http://rpc-repo.rackspace.com/container_images/rpc-trusty-container.tgz" download failed06:44
dolpherbecause the download speed is slow, any workaround?06:44
odyssey4metry again dolpher ;)06:46
odyssey4memattt do you know of any reason why 11.2.4 should not release today?06:47
matttodyssey4me: nothing is jumping out at me ... the no-venv patches went through, so that should all work now06:50
odyssey4memattt yeah, that doesn't touch kilo anyway - no no issues there06:50
matttah true then def. none that i'm aware of06:55
*** daneyon has joined #openstack-ansible07:02
odyssey4meok, 11.2.4 has been released07:04
*** daneyon_ has quit IRC07:06
*** daneyon has quit IRC07:06
*** karimb has joined #openstack-ansible07:19
*** javeriak has joined #openstack-ansible07:19
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update kilo for new dev work - 21 Oct 2015  https://review.openstack.org/23790707:23
*** javeriak_ has joined #openstack-ansible07:23
*** javeriak has quit IRC07:25
odyssey4memattt if you have a gap to review https://review.openstack.org/234926 it'd be appreciated07:27
*** jongchoi has joined #openstack-ansible07:30
*** javeriak_ has quit IRC07:39
*** javeriak has joined #openstack-ansible07:42
*** mpavone has joined #openstack-ansible07:44
*** karimb has quit IRC07:59
matttodyssey4me: alright cool will have a look08:10
*** gardenshed has joined #openstack-ansible08:10
odyssey4memorning hughsaunders :)08:29
hughsaunderssup odyssey4me08:29
odyssey4meso cloudnull and I had a chat about https://review.openstack.org/230716 and https://review.openstack.org/236183 earlier this morning08:29
odyssey4mewhile the patches are functional as-is, they put a whole mess of stuff into playbooks and not into roles08:31
*** k_stev has quit IRC08:31
*** fawadkhaliq has joined #openstack-ansible08:31
odyssey4methe question is whether we should let them through as-is, or whether we should insist on a revision and have them in one or more roles08:32
odyssey4methen of course we have to consider whether we shouldn't let them through now and evolve them into roles later08:33
odyssey4meyour thoughts?08:33
*** gardenshed has quit IRC08:44
*** jongchoi has quit IRC08:48
*** gardenshed has joined #openstack-ansible08:49
*** sdake_ is now known as sdake08:51
*** neilus has quit IRC09:00
*** neilus has joined #openstack-ansible09:00
*** openstackgerrit has quit IRC09:01
*** openstackgerrit has joined #openstack-ansible09:01
*** karimb has joined #openstack-ansible09:12
*** gparaskevas has joined #openstack-ansible09:20
gparaskevasmorning everyone!09:21
gparaskevasready for the summit?09:22
*** javeriak has quit IRC09:23
*** javeriak has joined #openstack-ansible09:24
openstackgerritMerged openstack/openstack-ansible: Update Neutron Configuration for Liberty  https://review.openstack.org/23492609:24
*** karimb has quit IRC09:26
*** openstackgerrit has quit IRC09:31
*** openstackgerrit has joined #openstack-ansible09:31
matttgparaskevas: you going?09:46
gparaskevasmattt: no unfortunatly i cant, but my collegue will be there09:46
gparaskevasi will watching you from youtube09:47
gparaskevaswill be*09:47
*** ashishjain has joined #openstack-ansible09:53
ashishjainHello09:53
ashishjainNeed some advice.09:53
*** fawadkhaliq has quit IRC09:53
ashishjainHow do you configure the provider extenal network in openstack_user_config.yml?09:54
ashishjain*external09:54
odyssey4meashishjain although I'm not the best to advise - typically if you have a provider network it's either a vlan or a 'flat' network09:54
odyssey4mein both cases you have bridges for those09:55
odyssey4mea 'flat' network is untagged from a server standpoint, whereas a vlan network is tagged - ie the tag must be configured in the network conf for the server09:55
odyssey4mebut if you're asking from the point of view of inside a tenant network - then you'd use neutron and set the network accordingly - its type and (if applicable) tag09:56
odyssey4mehughsaunders mattt can I borrow your attention for 10 mins?09:56
hughsaundersyep09:56
matttodyssey4me: doing training atm09:56
ashishjainodyssey4me: Yes you are correct,  it is a vlan or flat. In my case I have got br-vlan mapped to vlan net type as well as flat, this is as per the example provided09:58
ashishjainNow when I see the linux bridge configuration which is again as per osad I see physical_interface_mapping as flat:eth1210:00
ashishjainThis is again as per osad where flat is always mapped to eth12 in the linux agent container10:00
ashishjainNow afaik any external communication has to go through neutron agent node10:01
*** dolpher has quit IRC10:02
ashishjainNow to have connectivity to external world I need to basically have some interface in my agent talking to the external world, because I want to use flat for external does it mean eth12 has to be mapped to some bridge which is connected to external world?10:03
ashishjainI think that is the only way external connectivity would work10:03
hughsaundersashishjain: it depends, if you attach instances directly to a flat provider network, there traffic doesn't have to go via a neutron agent node10:03
hughsaundersbut if you are using a tenant network with floats on the provider network, then you need a router which sits on one of the agent nodes10:04
ashishjainBut when I see the openstack_user_config eth12 is having container bridge as br-vlan which is definitely not a bridge which provided an external connectivity10:04
hughsaundersbr-vlan should have an interface on a network that has external access10:04
ashishjainhughsaunders: You are correct I am using a tenant network and than using a floating ip address. as you said I am using a router which sits on agent node10:05
ashishjainhughsaunders: I will give you some more details of my setup10:06
*** javeriak has quit IRC10:06
*** javeriak has joined #openstack-ansible10:07
hughsaundersashishjain: http://docs.rackspace.com/rpc/api/v11/bk-rpc-installation/content/ch-overview.html#fig_overview_neutron-agents10:07
gparaskevasashishjain: Hello, let me tell you my example , i use vlan typte for external connectivity, i create an external network, or a siple network and i select provider vlan, and segment id let say 10(vlan id) on my router i have already created a vlan and interface for that tag10:08
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-specs: Add Liberty Release spec  https://review.openstack.org/22118910:08
ashishjainhughsaunders: My setup is hostservermachine->VM->osad containers. Hostmachine has got 3 virtual bridges and one network interface which connects to the external network10:09
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-specs: Add Liberty Release spec  https://review.openstack.org/22118910:09
ashishjainMy VM on which the containers are running uses vlans as suggested by the rackspace or osad docs.10:10
ashishjaingparaskevas, hughsaunders I will create a paste to present the actual configs10:11
gparaskevassure10:11
ashishjainThis is my host machine configuration. This machine has got 64 GB RAM and 16 cores. We are dividing this machine into multiple VM's to have a multi node openstack environment using osad10:13
*** fawadkhaliq has joined #openstack-ansible10:13
ashishjainHere is the network configuration of this host machine http://paste.openstack.org/show/476972/10:13
hughsaundersashishjain: I think its confusing to enable vlan and flat if you aren't using both10:13
hughsaundersashishjain: so your OSAD VMs have interfaces that attach to bridge0-2 ?10:15
ashishjainhughsaunders: Yes you are correct . Here is the network configuration of VM whcih is the target node http://paste.openstack.org/show/476973/10:15
ashishjainMy eth0 interface has go the network access10:16
ashishjainNetwork configuration has been done as per the osad or rackspace guide10:17
hughsaundersso is em1 a sub interface of bridge0 on the host?10:17
ashishjainNo em1 is not a subinterface of bridge0 , it is an actual physical interface10:18
ashishjainThis is the document which has been refered for network configuration, we are not using bonding https://osad.readthedocs.org/en/latest/install-guide/targethosts-networkexample.html10:19
ashishjainNow the problems I am facing and looks like I have figured out the issue but dont know how to solve it10:19
ashishjainI am creating a tenant network using vxlan and external network using flat10:21
hughsaundersashishjain: I'm not sure how your VMs have external access if your hyp's physical interface isnt' attached a bridge?10:21
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update heat keystone_authtoken config  https://review.openstack.org/23597810:21
ashishjainhughsaunders: You are correct but I do not think the intention was to have all the bridges connected to internet or physical interface10:22
hughsaundersashishjain: not all, but one if you need external access10:22
ashishjaineach of these bridges serve different purpose where bridge0 is my management network, bridge1 is my instance tunnel network and bridge2 is my storage network10:23
odyssey4meashishjain you're using the wrong docs10:23
odyssey4meashishjain readthedocs is old, this is the updated documentation: http://docs.openstack.org/developer/openstack-ansible/kilo/10:24
ashishjainodyssey4me: I have seen that as well their is hardly an difference.10:24
odyssey4meashishjain there are differences - please use that as your reference10:24
ashishjainhughsaunders: Any of these bridges cannot have external connectivity. My point is where in osad openstack_user_config I can define an external network. All the provider network definitions are internal to openstack10:26
ashishjainodyssey4me: sure I will use that as a reference10:26
*** jaypipes has joined #openstack-ansible10:26
ashishjainIn the neutron agents container /etc/neutron/plugins/ml2/ml2_conf.ini has an entry physical_interface_mappings = vlan:eth11,flat:eth1210:27
ashishjainSo this means If I have to use flat for external connectivity my eth12 interface should be mapped to an external bridge but the openstack_user-config maps it to br-vlan10:28
hughsaundersbr-vlan is the external bridge10:29
hughsaundersOr should be...10:29
ashishjainOkay if br-vlan is external than what if I want to have a vlan tenant nework?10:31
hughsaundersashishjain: i haven't tried that but I think it would go via br-vxlan10:33
ashishjainhughsaunders: I get your point and that is what even I am thinking10:33
odyssey4menothing stops your vlan bridge from being used as the external network - you just need to make sure that the external network is tagged10:33
odyssey4meI could be talking rubbish though :p10:33
hughsaundersyeah, I guess you could have a provider network and vlan tentnat networks on the same bridge separated by vlans10:34
odyssey4mebut as I recall at my previous workplace, we had to use a vlan bridge for all provider networks - whether tenant/project or for /external/floats10:34
*** fawadkhaliq has quit IRC10:35
ashishjainhughsaunders: So what is the change you think I should make to my config in http://paste.openstack.org/show/476973/. I think I will have to create one more bridge on my host machine which probably can talk to em1 on my host machine.10:36
ashishjainand than create one more network interface on my  target VM and change the bridge_ports eth2 for auto br-vlan to this new network interface. Does it sound logical?10:37
hughsaundersashishjain: yep10:39
ashishjainalright thanks I will try that out10:39
openstackgerritMerged openstack/openstack-ansible: Removing extra 'provides' from doc  https://review.openstack.org/23786910:48
openstackgerritMerged openstack/openstack-ansible-security: V-38643: World writable files  https://review.openstack.org/23321610:49
ashishjainhughsaunders: One more thing eth0 interface on my VM is directly connected to internet as per this paste http://paste.openstack.org/show/476973/10:49
openstackgerritMerged openstack/openstack-ansible-security: Some checks stop the playbook run  https://review.openstack.org/23701410:49
ashishjainhughsaunders: If I use bridge_ports eth0 can that help, I tried it but than my eth0 stops having any ip addr and I am totally disconnected from internet10:51
hughsaundersashishjain: you can put an ip on the bridge10:51
ashishjainhughsaunders: I did not get you10:52
hughsaundersashishjain: if you add eth0 to a bridge, you can assign the ip that eth0 did have to the bridge10:55
ashishjainhughsaunders: but than will dhcp work when i create an ext-net?10:58
hughsaundersashishjain: dhcp should be ok across a bridge. I don't recommend mixing br-mgmt and br-vlan though10:59
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Set Keystone endpoints to be v3 by default  https://review.openstack.org/20519211:07
*** mgoddard has quit IRC11:09
*** fawadkhaliq has joined #openstack-ansible11:10
*** shausy has quit IRC11:14
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update heat keystone_authtoken config  https://review.openstack.org/23597811:25
openstackgerritMatt Thompson proposed openstack/openstack-ansible: Fix Install Guide's TOC  https://review.openstack.org/23799611:31
*** dolpher has joined #openstack-ansible11:35
*** Mudpuppy has joined #openstack-ansible11:40
*** fawadkhaliq has quit IRC11:40
*** Mudpuppy has quit IRC11:45
*** daneyon has joined #openstack-ansible11:45
*** fawadkhaliq has joined #openstack-ansible11:50
*** daneyon_ has joined #openstack-ansible11:52
*** daneyon has quit IRC11:54
*** fawadkhaliq has quit IRC11:55
*** fawadkhaliq has joined #openstack-ansible11:56
*** manas has joined #openstack-ansible12:03
*** fawadkhaliq has quit IRC12:04
*** karimb has joined #openstack-ansible12:04
*** KLevenstein has joined #openstack-ansible12:15
*** openstackgerrit has quit IRC12:16
*** openstackgerrit has joined #openstack-ansible12:17
*** daneyon_ has quit IRC12:19
*** daneyon has joined #openstack-ansible12:26
ashishjainhughsaunders: I created a new bridge on the host and routed it to em1. Next I bring up a new ethernet interface on the VM and modify the bridge ports on br-vlan to this new ethernet interface.12:29
ashishjainWhile my router is able to get a new ip address  and I am able to ping it12:29
ashishjainthis ping is working  from an external host. Even my vm's are able to ping this router.12:30
ashishjainHowever when I create a floating ip address and assign it to the VM i am not able to ping or ssh through my VM12:30
odyssey4meashishjain did you open the icmp ports in your security groups for the project?12:32
ashishjainodyssey4me: Yes it is open for icmp and tcp 2212:32
*** dolpher has quit IRC12:33
hughsaundersashishjain: can you ping instances if you boot them with an interface on your provider network?12:34
*** dolpher has joined #openstack-ansible12:34
*** markvoelker has joined #openstack-ansible12:35
ashishjainhughsaunders: I am able to ping the VM's when I use the net namespaces using qdhcp and qrouter and even ssh into those12:35
*** mgoddard has joined #openstack-ansible12:36
ashishjainhughsaunders: If I run this command I am able to ssh into my instance.12:38
ashishjainip netns exec qdhcp-68a718d2-3bd4-48ce-9a5c-58d8903019d7 ssh cirros@10.200.208.22612:38
ashishjainthis is being done from my network agents node12:38
ashishjainhughsaunders: "can you ping instances if you boot them with an interface on your provider network?" So you mean I should create a subnet with an existing provider network and create a floating ip address, assign it to VM and see if it works?12:39
openstackgerritMatt Thompson proposed openstack/openstack-ansible: Install Guide Cleanup  https://review.openstack.org/23803412:40
hughsaundersashishjain: provide the id of the provider network when booting an instance (--nic net-id=...)12:40
ashishjainhughsaunders: but these network are not part of neutron, when I run neutron net-list I just get the one's which I have created ext-net and demo-net. How do I get the id's of these provider networks12:42
hughsaundersashishjain: you should have a neutron network that represents your provider network (has router-external=true and an external gateway)12:43
openstackgerritMatt Thompson proposed openstack/openstack-ansible: Install Guide Cleanup  https://review.openstack.org/23803412:43
hughsaunderssounds like ext-net may be that in your case?12:43
ashishjainyes you are correct aahh so you mean directly use the external network instead of going through the floating ip route12:43
hughsaundersyeah12:44
ashishjainI think I have tried this sometime back12:44
hughsaundersits a good test of connectivity12:44
ashishjainOkay I will try this out 1 sec12:44
*** Bjoern_ has joined #openstack-ansible12:44
ashishjainhughsaunders: instance is up12:45
ashishjainbut I am unable to ping this instance the ip is 10.200.208.22712:45
ashishjaininstance is still booting up12:47
hughsaundersashishjain: use nova console-log to check the instance acquired the ip, then tcpdump in various places to work out where the problem is12:48
*** tlian has joined #openstack-ansible12:51
ashishjainhughsaunders: No it did not get the IP as per the console-log,  here are some of the errors which are present in the log12:52
ashishjainSending discover... Usage: /sbin/cirros-dhcpc <up|down> No lease, failing WARN: /etc/rc3.d/S40-network failed12:52
*** Bjoern_ has quit IRC12:52
ashishjain== pinging gateway failed, debugging connection ===12:52
ashishjaincat: can't open '/etc/resolv.conf': No such file or directory12:53
ashishjainroute -n is also empty12:53
ashishjainhughsaunders: Just wanted to tell you this floating ip address belongs to office network12:54
ashishjainSo do I need to specify nameservers etc  when I am booting the instance?12:54
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add theme fix for browsable source code  https://review.openstack.org/23804212:54
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Add theme fix for browsable source code  https://review.openstack.org/23804512:56
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Add theme fix for browsable source code  https://review.openstack.org/23804512:57
*** galstrom_zzz is now known as galstrom13:00
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-specs: Add theme fix for browsable source code  https://review.openstack.org/23806113:12
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Add theme fix for browsable source code  https://review.openstack.org/23804513:13
*** manas has quit IRC13:14
hughsaundersashishjain: I've had a few issues with unreliable DHCP, I'd try another instance and see if it gets an address, otherwise poking in the dhcp namespace and using tcpdump to figure out how far the dhcp requests are getting13:20
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Add theme fix for browsable source code  https://review.openstack.org/23804513:24
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add theme fix for browsable source code  https://review.openstack.org/23804213:26
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-specs: Add theme fix for browsable source code  https://review.openstack.org/23806113:27
ashishjainhughsaunders: Can you please tell me how shall I about using tcpdump, As soon as the instance is fired where shall I run the tcpdump on has it be network agent container because that is where the dhcp agent sevices are running?13:29
ashishjaincorrection: where shall I run the tcpdump, does it has to be network agent container because that is where the dhcp agent sevices are running?13:29
*** javeriak has quit IRC13:30
hughsaundersashishjain: I would start on your compute node targeting the bridge that is connected to your provider network, if you see requests there, then check the same bridge on the neutron agents node13:31
ashishjainhughsaunders: Here we are talking about directly using the external network which afaik does not reside on compute node, it is all on the networking node13:33
hughsaundersashishjain: for direct attached instances on a flat/vlan network, the computes must also be attached to the provider network13:36
ashishjainhughsaunders: You mean the ml2_conf.ini in compute node should have same definition as well as config as the target host for network services for example this should be same physical_interface_mappings = vlan:br-vlan,flat:eth013:38
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add theme fix for browsable source code  https://review.openstack.org/23804213:39
hughsaundersashishjain: yeah, osad will drop the same config on network nodes and compute nodes as both have the linuxbridge agent13:40
ashishjainhughsaunders: I think I will have to re-run the playbooks for making some changes on compute node than :(13:42
ashishjainon an another note I am seeing the following on the target node, not sure if you see anything like this while running tcpdump13:42
ashishjain19:07:50.200298 IP 10.200.208.202.34370 > XXXXXX.com.domain: 51345+ AAAA? openstack002_neutron_agents_container-12be2114. (64) 19:07:50.201241 IP XXXXX.com.domain > 10.200.208.202.34370: 51345 ServFail 0/0/0 (64)13:42
*** subscope has joined #openstack-ansible13:43
hughsaundersipv6 resolution failure13:43
*** subscope has quit IRC13:44
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Add theme fix for browsable source code  https://review.openstack.org/23804513:45
ashishjainhughsaunders: okay so this should not be considered13:45
*** KLevenstein has quit IRC13:45
tiagogomes__Hi, shouldn't keystone use :q13:46
ashishjainhughsaunders: actually there was an issue with osad because os using the same eth12 interface for container as well as compute and hence has to use host_ovveride option. I think I will have to make some changes to the playbook and rerun the neutron playbook.13:46
tiagogomes__let's try again13:46
ashishjainI will ping you later in the night if you are available13:47
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-specs: Add theme fix for browsable source code  https://review.openstack.org/23806113:47
ashishjainI mean my night time13:47
tiagogomes__Hi, shouldn't keystone use policy.v3cloudsample.json for the policy file? Right now, I can't do some operations as admin13:47
tiagogomes__So I guess I need to be the cloud admin13:47
*** sdake_ has joined #openstack-ansible13:47
*** dolpher has quit IRC13:48
ashishjainhughsaunders: Thanks for spending so much of time, I think I have moved one more step but I feel still a long way to go13:48
*** dolpher has joined #openstack-ansible13:49
hughsaundersashishjain: yeah, networking takes a while to figure.. #openstack may be able to help if you have networking questions that aren't osad specific13:51
*** sdake has quit IRC13:51
*** ashishjain has quit IRC13:52
hughsaunderstiagogomes__: which operation are you denied?13:54
tiagogomes__hughsaunders Adding a _member_ role to an user13:54
*** sdake_ has quit IRC13:57
*** sdake has joined #openstack-ansible13:58
hughsaunderstiagogomes__: wfm with default ks policy13:58
hughsaundersalso default openrc from utility container13:59
*** cbits has left #openstack-ansible13:59
tiagogomes__hughsaunders are you testing with multiple domains?13:59
*** mgoddard_ has joined #openstack-ansible14:00
*** persia has quit IRC14:02
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Do not check doc folder in pep8 check  https://review.openstack.org/23810414:03
*** mgoddard has quit IRC14:03
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Add theme fix for browsable source code  https://review.openstack.org/23804514:04
hughsaunderstiagogomes__:  just retested with a new domain, project and user within that, then assigned the _member_ role to the new user.14:04
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Do not check doc folder in pep8 check  https://review.openstack.org/23810414:04
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Add theme fix for browsable source code  https://review.openstack.org/23804514:05
*** mnestheu1 has joined #openstack-ansible14:05
*** mnestheu1 is now known as scarlisle14:05
tiagogomes__hughsaunders thanks for testing. Something looks to off on my setup, I'll look into that14:05
*** sigmavirus24_awa is now known as sigmavirus2414:06
*** tristanC has quit IRC14:07
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Updating getting started docs  https://review.openstack.org/23606614:07
mhaydenodyssey4me: ^^ that should shore up the docs14:08
*** jongchoi has joined #openstack-ansible14:08
*** jwagner_away is now known as jwagner14:09
*** persia has joined #openstack-ansible14:10
*** persia has quit IRC14:10
*** persia has joined #openstack-ansible14:10
*** sdake has quit IRC14:12
*** daneyon has quit IRC14:12
*** daneyon has joined #openstack-ansible14:14
*** galstrom is now known as galstrom_zzz14:17
tiagogomes__is there a playbook to clear all the databases used in OpenStack?14:18
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Do not check doc folder in pep8 check  https://review.openstack.org/23810414:19
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add theme fix for browsable source code  https://review.openstack.org/23804214:20
hughsaunderstiagogomes__: not that I'm aware of. You could delete all the DBs manually or delete the db containers and rebuild them via ansible14:20
*** k_stev has joined #openstack-ansible14:20
tiagogomes__ok, but a playbook to that could be handy14:23
tiagogomes__I saw a patch to add multidomain support to Horizon, but AFAIK horizon doesn't support it yet https://wiki.openstack.org/wiki/Horizon/DomainWorkFlow14:24
*** galstrom_zzz is now known as galstrom14:24
*** Mudpuppy has joined #openstack-ansible14:27
*** Mudpuppy has quit IRC14:27
*** Mudpuppy has joined #openstack-ansible14:28
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-security: Add theme fix for browsable source code  https://review.openstack.org/23804514:28
*** jongchoi has quit IRC14:28
odyssey4metiagogomes__ the wiki is the worst place for up to date information14:30
tiagogomes__odyssey4me maybe, but that wiki has links to patches... that aren't merged yet :)14:31
odyssey4metiagogomes__ well, the multi-domain support is only enabled explicitly anyway - so it's available for experimentation to see if it supports everything you want it to14:32
tiagogomes__odyssey4me I see. So shouldn't used on production14:34
*** galstrom is now known as galstrom_zzz14:37
cloudnullmorning14:38
cloudnullodyssey4me:  so whats the verdict ?14:40
cloudnullto role or not to role , that is the question  ?:)14:40
odyssey4mecloudnull haven't had a chance to chat with anyone yet - it appears that everyone is busy14:41
odyssey4mepalendae ping?14:41
odyssey4mehughsaunders mattt ping?14:41
hughsaunderssup odyssey4me14:41
*** phalmos has joined #openstack-ansible14:41
odyssey4mewith regards to https://review.openstack.org/230716 and https://review.openstack.org/236183 - would you feel more comfortable voting these through if they were put into a role?14:42
cloudnulli can move the wheel build process into the repo-server role or create a new one if needed14:43
cloudnullditto for shippable venv14:43
*** galstrom_zzz is now known as galstrom14:43
palendaeopenstackgerrit: pong, I wasn't feeling the best when I got up14:44
openstackgerritMerged openstack/openstack-ansible: Fix Install Guide's TOC  https://review.openstack.org/23799614:44
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement L3HA support  https://review.openstack.org/23338914:45
hughsaundersThat would mean the template snippets could be split out14:46
*** mgoddard has joined #openstack-ansible14:47
odyssey4mehughsaunders yeah, and the tasks in the play could mostly be split into meaningful task files in the repo-build role - or another role14:47
*** mgoddard_ has quit IRC14:47
palendaecloudnull, odyssey4me My vote would be for a role, personally. Having a bunch of templates and scripts, even if they're small, in the same file, is kind of unwieldy in my mind14:47
palendaeWhether a new role or existing isn't as important14:48
cloudnullpalendae:  a new role ? or moved into the repo-sever role ?14:48
cloudnullwhats your preference ?14:48
palendae^^ :)14:48
hughsaundersmy hesitancy with shippable venvs is I'm not sure which direction we're going in - will we end up with image based deploys and not need to ship venvs? should we get replace existing pip installs with shipped venvs rather than adding another path?14:48
palendaecloudnull: Probably new, since the repo-server is really about setting up nginx and lsync, right?14:48
hughsaunderss/get//14:48
cloudnullpalendae:  yes14:48
cloudnullhughsaunders:  i dont think image based deployments will replace shippable venvs especially considering we have several services run on hosts14:49
*** k_stev has quit IRC14:49
palendaehughsaunders: I have a feeling image-based deployments will be an optional thing14:49
cloudnulleg swift, cinder, nova, neutron (lxb agent)14:49
odyssey4mehughsaunders I think that shippable venvs will be around for at least the liberty lifetime.14:49
palendaeFor example, if you run 100% on metal, image-based deploys don't help14:49
cloudnull^ that14:50
odyssey4merealistically we'll only be able to build an aimage-based deployment mechanism into Mitaka, and then *may* consider backporting it.14:50
odyssey4methen there is also the factor is mixed styles, as palendae and cloudnull have already intimated14:50
palendaeThat's if we agree it's a good idea, too; afaik, we're not quite decided yet14:50
cloudnulland even with the images we create, we can seed them with a shippable venv14:50
hughsaundersso should we remove the direct pip install eventually?14:51
cloudnullmy 2cents14:51
odyssey4meI still see the shippable venv as useful, even for images - primarily due to conflicts in apt-python vs wheel packages14:51
cloudnullhughsaunders:  id say no. having direct pip install is a "fall back option" if shippable venv goes in.14:51
cloudnullhowever i do think we'll end up refactoring some of our approach here. odyssey4me mentioned before that maybe we need a "crud" role for rabbit, db, venv deploy, etc... per OS_* service14:53
cloudnulland that may be where we head with all of this. but idk at this point.14:54
hughsaundersI think a role would be useful in the 'client' side of shippable venvs - so we don't have to duplicate the block of 5 tasks into all the os roles14:54
odyssey4mehughsaunders agreed - although it's a little late to get that done for liberty - I think we should explore that for mitaka14:55
matttodyssey4me: wasn't the review only put in 3 days ago?14:56
odyssey4megiven that the shippable venv and updated repo build is done - the option we have for now is to refactor now, in the hope that we can merge it before fri - or we let it through with the agreement that it'll be refactored afterwards14:56
odyssey4methe trouble is that I'd like to have had a few days to validate stabilisation and for final bugfixing before release14:57
cloudnullmattt: yes and no. when i submitted that orginal review for shippable venvs i was trying to make it depend on all of the other venv reviews but that caused a mess14:58
cloudnullhttps://review.openstack.org/#/c/233792/ < this is the abandoned review for shippable venv14:58
*** fawadkhaliq has joined #openstack-ansible14:58
matttcloudnull: ah ok14:59
matttstill seems like big features going in right at the end tho14:59
cloudnullobviously still not all that long ago . however its longer than 3 days.14:59
matttjust playing devil's advocate here :)14:59
cloudnullfor sure.14:59
cloudnulladvocate away sir. :)14:59
odyssey4memattt sure, but the repo build process is an optimisation - not really a new feature14:59
*** k_stev has joined #openstack-ansible15:00
palendaes/feature/change/15:00
cloudnull^ it makes us not need yaprt any longer15:00
odyssey4meshippable venvs is a logical finalisation of the venv work15:00
*** Mudpuppy_ has joined #openstack-ansible15:00
cloudnullyaprt is a big piece of software which i'd like to deprecate in liberty if at all possible.15:00
*** mpavone has quit IRC15:00
*** k_stev has quit IRC15:01
cloudnullwe can do just about everything that yaprt does in ansible using straight up pip15:01
*** k_stev has joined #openstack-ansible15:01
odyssey4menote that the updated repo build cuts the build timing down by around 30% - even more if you build on a host15:01
*** Mudpuppy_ has quit IRC15:01
*** alejandrito has joined #openstack-ansible15:01
hughsaundersYep, and its nice not to have to dig through another repo to work out how the build process weorks15:01
cloudnull^ main motivator15:02
*** Mudpuppy has quit IRC15:02
*** alejandrito has quit IRC15:02
*** Mudpuppy has joined #openstack-ansible15:02
*** alejandrito has joined #openstack-ansible15:02
palendaeYeah, I don't think anyone disagrees with those points from what I'm seeing. Mostly that it's an important change super late15:02
*** jwagner is now known as jwagner_away15:03
odyssey4mepalendae yep, which is why I'm inclined to rather allow it through as-is with the agreement for a refactor early in mitaka15:03
odyssey4methe repo-build has been successfully gating almost every time from its initial submission early this month15:04
*** phalmos has quit IRC15:04
*** fawadkhaliq has quit IRC15:04
*** greg_a has joined #openstack-ansible15:05
logan2am I understanding this failure correctly? http://paste.gentoolinux.info/gavoqayiya.md15:06
hughsaunderslogan2: container_networks should not be {}15:07
odyssey4memattt hughsaunders palendae what's the preference? block it, let it through as-is, or refactor now?15:11
logan2well on this particular host there is no containers being deployed, and ansible does not need to configure any networking (it is a compute node that will use calico networking so no bridges or overlay network)15:11
logan2it seems like the next task "- name: Set nova management bridge (is_metal no container network)" accounts for this but it is unreachable due to how "- name: Set nova management address (is_metal)" is set up15:11
logan2so I think it is a bug because how would "Set nova management bridge (is_metal no container network)" ever be reached in any configuration?15:13
*** phalmos has joined #openstack-ansible15:14
palendaeodyssey4me: My inclination is block or refactor now; it's a big change late, and letting it through then adds to technical debt. If it goes in, I'd rather it go in cleanly15:14
cloudnullpalendae:  refactor into a role  ?15:15
palendaecloudnull: Yeah15:15
odyssey4meI'm inclined to agree.15:15
cloudnullim game , hughsaunders mattt ?15:15
cloudnulllogan2: is the br-mgmt device on your compute nodes ?15:15
odyssey4meNeither are essential to the liberty release. If we can do it right and agree that it'll be a backported feature if it merges after liberty, then I don't think we've lost anything.15:15
cloudnulllogan2:  it should fall back to the ansible_ssh_address15:17
cloudnullhttps://github.com/openstack/openstack-ansible/blob/master/playbooks/os-nova-install.yml#L130-L13715:17
logan2no, the ip is on bond0, which is the IP configured in compute_hosts, so ansible_ssh_address is perfect15:17
*** fawadkhaliq has joined #openstack-ansible15:17
*** fawadkhaliq has quit IRC15:17
cloudnullis it dying on the conditional "hostvars[inventory_hostname]['container_networks']['container_address']['bridge'] is undefined"  ?15:17
logan2but it fails before it ever reaches that because "Set nova management address (is_metal)" kills the run before it reaches the fallback15:17
palendaeodyssey4me: Agreed15:18
logan2yep that is where it is dying15:18
hughsaunders+1 for refactor, possibly multiple roles. One for generating /serving the venvs and one for using them15:18
cloudnullpalendae hughsaunders, ill get it done15:18
hughsaunderscloudnull: w00t15:18
logan2i just added - hostvars[inventory_hostname]['container_networks']['container_address']['bridge'] is defined to "Set nova management address (is_metal)" and it worked as expected15:18
palendae(I was just talking about the repo stuff; I haven't looked at shippable venvs)15:19
cloudnulllogan2: you mind making a PR for the change :)15:19
cloudnullpalendae:  the shippable venvs build process follows much of the same form as the new wheel build process15:20
logan2yep will do. wanted to raise it here first since I am probably sort of an edge use case :)15:20
cloudnullsmaller play , but same concept15:20
cloudnullit sounds like a logic bug15:20
palendaeAh. My general feeling is the same - if it's not ready in a clean form and it's not essential, I don't see a reason to rush it in15:20
cloudnullwe could also add a conditional around, "management_address is defined" which would give you access to override it to something else skipping all of the logic steps all together.15:21
odyssey4mepalendae mattt hughsaunders thanks for weighing in, I appreciate the points of view15:21
logan2gotcha15:21
odyssey4mecloudnull thank you for being patient with me :)15:21
*** galstrom is now known as galstrom_zzz15:24
cloudnullodyssey4me:  https://review.openstack.org/#/c/233389/ on that i've replied inline i can add the case statements to the various config files however its cleaner to set a fact15:25
*** gardensh_ has joined #openstack-ansible15:28
*** gardensh_ has quit IRC15:28
*** gardensh_ has joined #openstack-ansible15:28
*** gardenshed has quit IRC15:30
*** dolpher has quit IRC15:32
odyssey4mecloudnull I figured that was the reason. It works and I'm down with that, now that we have the reason. :) We should figure out a good pattern for when to do logic in variables vs tasks vs templates, but now is not the time for that.15:33
*** dolpher has joined #openstack-ansible15:33
*** shausy has joined #openstack-ansible15:35
*** daneyon has quit IRC15:36
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add theme fix for browsable source code  https://review.openstack.org/23804215:37
odyssey4mecloudnull it still needs an edit of the commit message15:38
cloudnullfor what ?15:38
cloudnullok15:38
cloudnullone sec15:39
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement L3HA support  https://review.openstack.org/23338915:39
cloudnulldone15:39
odyssey4mecloudnull I'm wanting to put together an infra job that builds a changelog automatically and publishes it with the docs. This will be the best way, I think, to maintain this without it being too much of a burden.15:39
cloudnullsounds good to me15:39
cloudnullwe should also see about having docs for the various versions15:40
palendaeYeah, a chngelog would help15:40
odyssey4mebascially I'm thinking that the change log should be the list of commits and their messages15:40
palendaeYeah, that sounds like the simplest approach15:40
*** greg_a has quit IRC15:40
odyssey4mecloudnull there are docs per branch already: http://docs.openstack.org/developer/openstack-ansible/kilo/15:40
cloudnullah fair enout15:40
cloudnull*enough15:40
odyssey4meso basically I've been thinking that we need to link those from the README per branch after cutting the branch15:40
cloudnulla change log using something like:  git log --abbrev-commit --pretty=oneline --no-merges would be great15:41
cloudnullin this case git log --abbrev-commit --pretty=oneline --no-merges kilo...liberty15:41
cloudnulletc...15:42
odyssey4meyep, but then the sha should link to the actual commit so that someone can inspect it if they want to15:42
odyssey4meso we need to be a lot better at our commit titles and messages15:43
*** mgoddard_ has joined #openstack-ansible15:46
*** gardensh_ has quit IRC15:46
*** gardenshed has joined #openstack-ansible15:47
*** gardenshed has quit IRC15:48
*** gardenshed has joined #openstack-ansible15:48
*** mgoddard has quit IRC15:49
d34dh0r53odyssey4me: are you still targeting Friday for 10.1.16?15:50
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implement L3HA support  https://review.openstack.org/23338915:52
odyssey4mecloudnull ^ updated the commit message15:53
*** fawadkhaliq has joined #openstack-ansible15:53
b3rnard0odyssey4me: is there a target date for 10.2.0?15:53
cloudnullis 10.2 a thing ?15:53
odyssey4med34dh0r53 I'm happy to release 10.1.16 now, unless there are still patches in flight that you need in there.15:53
b3rnard0cloudnull: there's a milestone page for it15:53
odyssey4meb3rnard0 10.2.0 is a placeholder for new bugs, which is why it doesn't have a date on it15:53
cloudnullthe question still stnads15:53
cloudnull:)15:53
odyssey4meb3rnard0 when bugs are actually in review, then get moved to the next milestone15:54
b3rnard0okay15:54
odyssey4meb3rnard0 this is in the absence of a better tool for not losing bugs15:54
b3rnard0so we'll likely have a 10.1.17 then?15:54
odyssey4meb3rnard0 yes, and a 10.1.18 after that :)15:55
b3rnard0okie dokie, that clarifies it15:55
*** fawadk has joined #openstack-ansible15:55
*** fawadkhaliq has quit IRC15:56
*** shausy has quit IRC15:57
*** mgoddard_ has quit IRC15:57
*** mgoddard has joined #openstack-ansible15:57
*** greg_a has joined #openstack-ansible16:03
d34dh0r53odyssey4me: so the neutron sha needs to be bumped in order to fix a race condition when hard rebooting bug and Charles was wondering if that would make it in 10.1.1616:04
d34dh0r53odyssey4me: neutron sha needs to include https://review.openstack.org/#/c/209708/16:05
d34dh0r53scratch that16:06
*** dmsimard is now known as dmsimard|tokyo16:09
*** gparaskevas has quit IRC16:12
*** gardenshed has quit IRC16:14
*** jwagner_away is now known as jwagner16:14
*** dolpher has quit IRC16:19
*** logan2 has quit IRC16:27
*** galstrom_zzz is now known as galstrom16:33
odyssey4melol d34dh0r53 would you like to start again? ;)16:36
odyssey4methe arp protection was included in the last sha bump16:36
d34dh0r53yeah, confuserated by support16:37
d34dh0r53never mind anything I've said this morning16:37
*** CheKoLyN has joined #openstack-ansible16:37
odyssey4meand this makes it configurable: https://review.openstack.org/22796316:37
*** elo has quit IRC16:37
odyssey4mealso, all those fixes picked up by cloudnull are merged already16:38
cloudnullodyssey4me:  https://review.openstack.org/#/c/236151/ this one is still pending16:39
odyssey4med34dh0r53 the only patches currently in flight that could go in - if someone tests them - are https://review.openstack.org/233806 and https://review.openstack.org/22662116:39
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071616:39
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Backport ulimit setting to Juno  https://review.openstack.org/23615116:39
cloudnullhughsaunders mattt palendae odyssey4me https://review.openstack.org/230716 is now using a repo build role16:40
odyssey4meyes, and that one16:40
palendaecloudnull: Great, will look at it in a bit16:40
d34dh0r53has https://review.openstack.org/236151 been testing upgrading from 10.1.15 to 10.1.16?16:41
odyssey4med34dh0r53 not by me16:41
d34dh0r53odyssey4me: ok16:42
d34dh0r53odyssey4me: I'll look at that today16:42
*** jwagner is now known as jwagner_away16:45
*** gardenshed has joined #openstack-ansible16:46
*** logan2 has joined #openstack-ansible16:47
*** elo has joined #openstack-ansible16:50
*** gardenshed has quit IRC16:54
*** gardenshed has joined #openstack-ansible17:02
* tiagogomes__ is confused by the plenitude of nova passwords, although if I am interpreting correctly the code only one is being used17:10
cloudnulld34dh0r53: likely no.17:16
cloudnullthat said, that change is one of the simpler changes to be backported to juno17:17
cloudnulltiagogomes__: which passwords are you looking into ?17:18
tiagogomes__nova_ec2_service_password nova_v21_service_password nova_v3_service_password nova_service_password17:18
cloudnullin master?17:18
tiagogomes__Aren't the passwords associated with an user?17:18
tiagogomes__In the Kilo branch17:19
*** gardenshed has quit IRC17:21
cloudnulllooks like they're used scripts/run-upgrade-old.sh:283:nova_v21_service_password: etc/openstack_deploy/user_secrets.yml:77:nova_v3_service_password: etc/openstack_deploy/user_secrets.yml:75:nova_ec2_service_password: but could likely be removed . all of those services are deprecated in kilo and removed in liberty .17:22
tiagogomes__yes, but I still need to define a nova_v21_service_password for example, as nova_v21_enabled is enabled by default17:23
cloudnulladditionally they all target the same     service_user_name: "{{ nova_service_user_name }}" so they may just be remnence from days long past :)17:23
odyssey4meyeah, that sounds like a bad copy/paste17:24
odyssey4mecloudnull reviewed https://review.openstack.org/230716 - some comments there17:24
odyssey4memiguelgrinberg are you ready to rescue https://review.openstack.org/235978 ?17:29
miguelgrinbergodyssey4me: yeah, I'm going to try to have it done before I leave for Tokyo17:30
odyssey4methanks miguelgrinberg ideally I'd like to have it done for the liberty release... which would be on friday :/17:31
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071617:31
miguelgrinbergodyssey4me: I leave Friday morning, so yes, should be done by then17:31
*** ggillies has quit IRC17:31
palendaeYeah, have a feeling anything not resolved by Friday will be hanging17:32
odyssey4memiguelgrinberg awesome, I really appreciate the help - we can do it!17:32
*** ggillies has joined #openstack-ansible17:32
palendaeI know the laptop I'm taking to Tokyo will be pretty restricted17:32
palendaePurposefully not putting many SSH keys or passwords or anything on it17:32
cloudnullodyssey4me:  https://review.openstack.org/230716 updated based on your comments17:32
odyssey4meI do find the results for https://review.openstack.org/205192 rather curious, but I think that heat is a contributor.17:32
openstackgerritMerged openstack/openstack-ansible-specs: Add Liberty Release spec  https://review.openstack.org/22118917:33
*** persia has quit IRC17:35
*** persia has joined #openstack-ansible17:36
*** persia has quit IRC17:36
*** persia has joined #openstack-ansible17:36
*** KLevenstein has joined #openstack-ansible17:38
*** metral is now known as metral_zzz17:40
*** metral_zzz is now known as metral17:48
*** g3rms_ has joined #openstack-ansible17:49
*** karimb has quit IRC17:51
*** harlowja has quit IRC17:57
odyssey4mecloudnull back at you17:57
*** daneyon has joined #openstack-ansible17:57
*** harlowja has joined #openstack-ansible18:02
*** jwagner_away is now known as jwagner18:03
*** k_stev has quit IRC18:14
*** pabelanger has quit IRC18:19
*** then3rd has quit IRC18:19
*** pabelanger has joined #openstack-ansible18:20
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement shippable venvs  https://review.openstack.org/23618318:29
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071618:29
*** KLevenstein has quit IRC18:30
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071618:31
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement shippable venvs  https://review.openstack.org/23618318:42
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071618:42
*** k_stev has joined #openstack-ansible18:44
*** k_stev has quit IRC18:44
*** k_stev has joined #openstack-ansible18:44
cloudnullmattt hughsaunders palendae odyssey4me https://review.openstack.org/236183 and https://review.openstack.org/230716 updated to run within the build role18:51
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement shippable venvs  https://review.openstack.org/23618318:55
palendaecloudnull: Just so you're not blind sided, I'll probably reference that venv idea in the image-based deployment discussion19:02
cloudnullsweet!19:03
palendaeCause it's along similar lines19:03
palendaeI think images would snag both python and OS packages, though19:04
odyssey4mepalendae so, interestingly, apt packages sometimes conflict with wheels installed - for instance the requests/urllib thing19:05
odyssey4meso installing wheels into a venv, even in a packaged container, is good19:05
palendaeodyssey4me: Sure19:05
palendaeThat's a really good point - these aren't necessarily exclusive discussions19:05
palendaeBut certainly related19:06
odyssey4meexactly :)19:06
odyssey4meit's a packaging discussion of sorts, to start with19:07
palendaeIt looks like the current work is mostly to 'contain' the OpenStack services themselves so our installs and upgrades are less painful19:07
odyssey4meafter that it comes down to other complexities like how an image is transferred across the wire, laid down and how live traffic is transitioned from one to the other19:08
palendaeNot necessarily underlying infra services like mariadb or rabbit, which are mostly OS packaged19:08
palendaeI also have questions about where data would live for those infrastructure services19:08
odyssey4mepalendae yes, our source-based deployment is specifically openstack - we provide the infra to do others, but the focus is openstac19:08
palendaeI haven't looked at how Kolla does it, but my general understanding of Docker containers that have vital data is to have layered containers19:09
palendaeGranted, we're doing LXC, but approaches shouldn't be too wildly different19:09
odyssey4methe layering has nothing to do with docker, and everything to do with file syslems like overlayfs19:09
palendaeBecause, for example, MariaDB and RabbitMQ are not microservices, and can't just come and go19:09
palendaeodyssey4me: Docker implements some intelligence around when to automatically delete bindmounts19:10
odyssey4meyou overlay a service install on top of a base OS19:10
palendaeTHat's what I'm referring to19:10
palendaeThat's a separate discussion19:10
odyssey4meok, that's a whole different thing19:10
palendaeI'm talking about how MariaDB or Glance or Cinder don't lose their data when updating the container19:10
palendaeRight19:10
palendaeDocker uses a layered approach to keep the bindmounts alive19:10
odyssey4meok, maybe that'd be possible with lxc too - we just haven't looked into it19:11
palendaeSo you end up with 2 containers - a glance container that runs the service, and a glance container that just sits around to hold the bindmount19:11
palendaeRight19:11
odyssey4meah, that's how - of course19:11
palendaeWhich is what the discussion is intended to ferret out.19:11
odyssey4methree milion containers for a service19:11
palendaehttps://docs.docker.com/userguide/dockervolumes/19:11
palendaeYeah19:11
odyssey4methat's useful :p19:11
palendaeI'm not sure I like it19:12
palendaeBut that's how they do it19:12
odyssey4meso how about those venvs?19:12
palendaeI have the review open :)19:12
cloudnullyup its something akin to having to restart several containers to ensure an app update for a single service which will ba an operational nightmare19:12
odyssey4meif the container is essentially a service, then what is the point of the container19:13
odyssey4mewhy not just run the service on the OS and use the venv for package isolation?19:13
*** daneyon has quit IRC19:14
palendaeodyssey4me: ¯\_(ツ)_/¯19:14
cloudnull^19:14
odyssey4mehahahaha19:14
odyssey4meso, image-based deployment19:14
palendaeThe thing that's always made me curious about this and stuff like the 12 factor app was - where the hell does the data stay?19:15
palendaeData is not short lived19:15
palendaeAll well and good to say your web app can just spin up containers, but we're not doing a simple web app here19:15
odyssey4mein a bind mount, which needs another container, which talks through a pipe, which needs another socket19:15
palendaeYeah, all seems very Rube Goldberg to me19:16
odyssey4mefuckit - just store the damned data on shared/distributed storage if you really care about it19:16
palendaeWell, yes19:16
palendaeIdeally :)19:16
odyssey4meif you don't, trash it19:16
palendaeBut again, we care about our OpenStack service DBs19:16
odyssey4mewhich already bind mount to a host19:16
odyssey4mewe can already trash the container and replace it19:17
palendaeAh, yeah, I see what you're saying19:18
palendaeYep19:18
mgariepyhey, do you have a good way to replace the resolv.conf from the lxc cache file ?19:20
mgariepythis https://review.openstack.org/#/c/224304/ gives me some trouble..19:20
mgariepysince 69.20.0.164 dns is not working for me.19:21
mgariepyand this : http://paste.ubuntu.com/12887848/ is quite ugly ;) haha19:23
palendaecloudnull: made a comment on the venv diff - latest patch set has git markers and failed linting19:24
odyssey4memgariepy so that should only run against a fresh container, ie a fresh build19:27
odyssey4memgariepy also, perhaps the dns servers for the containers should be configurable19:27
mgariepyyeah i know, but it fail on a fresh build, and re-runing it get it through, but my containers are not updated..19:28
cloudnullmgariepy: you could update the cache and in  container resolve.conf using a straight ansible command . but yes perhaps we should do a better job making that more configurable.19:28
mgariepyor copy the hosts resolv.conf ?19:28
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement shippable venvs  https://review.openstack.org/23618319:30
*** fawadkhaliq has joined #openstack-ansible19:31
*** fawadk has quit IRC19:32
mgariepyi'll test a quick patch and upload a review.19:32
*** fawadk has joined #openstack-ansible19:40
*** fawadkhaliq has quit IRC19:43
openstackgerritKevin Carter proposed openstack/openstack-ansible: Make the container cache resolvers configurable  https://review.openstack.org/23822319:43
openstackgerritKevin Carter proposed openstack/openstack-ansible: Make the container cache resolvers configurable  https://review.openstack.org/23822319:44
cloudnullmgariepy: you mind testing those ^19:44
mgariepyi will ;)19:49
mgariepyyou guys are too fast for me. haha19:49
cloudnullsorry , i turned away from the irc window19:49
cloudnullor i would have seen your orginial message that you we're going to put up a review19:50
*** harlowja has quit IRC19:50
mgariepyyeah but my ansible knowledge is not that great ;)19:50
openstackgerritKevin Carter proposed openstack/openstack-ansible: Make the container cache resolvers configurable  https://review.openstack.org/23822319:55
cloudnullmgariepy:  so that one covers the resolvconf files as well as resolv.conf19:56
cloudnullwhich will make sure that the resolvers are correct even when a container restarts19:56
mgariepywell, once the container is started it's not a proble19:56
mgariepyproblem**19:56
cloudnullfor sure, because it routes back to the host .19:57
cloudnullbut now it will be consistent19:57
mgariepyyeah ok, didn't saw that haha19:57
mgariepyi'll test your patch tomorrow morning.19:58
cloudnullthats great19:59
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Removing package patch versions from APT pinning  https://review.openstack.org/23823020:02
*** openstackstatus has joined #openstack-ansible20:06
*** ChanServ sets mode: +v openstackstatus20:06
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071620:09
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement shippable venvs  https://review.openstack.org/23618320:16
*** jaypipes has quit IRC20:18
*** fawadk has quit IRC20:20
*** CheKoLyN has quit IRC20:25
*** KLevenstein has joined #openstack-ansible20:29
*** sdake has joined #openstack-ansible20:35
*** sdake_ has joined #openstack-ansible20:36
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: [WIP] Use full command when reporting upgrade failure  https://review.openstack.org/23768920:36
*** harlowja has joined #openstack-ansible20:39
*** harlowja_ has joined #openstack-ansible20:40
*** sdake has quit IRC20:40
*** KLevenstein has quit IRC20:41
*** alejandrito has quit IRC20:42
*** harlowja has quit IRC20:44
*** sdake_ is now known as sdake20:44
*** sdake has quit IRC20:58
*** sdake has joined #openstack-ansible20:59
*** jongchoi_ has joined #openstack-ansible21:10
*** darrenc is now known as darrenc_afk21:17
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Removing package patch versions from APT pinning  https://review.openstack.org/23823021:24
*** galstrom is now known as galstrom_zzz21:25
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement shippable venvs  https://review.openstack.org/23618321:32
cloudnullim out for the day talk to you all later.21:33
palendaeLater21:33
cloudnulloh palendae i reviewed https://review.openstack.org/237689 looks good , i'd say remove teh wip seems like a sensible change and looks good so far21:34
palendaecloudnull: I'm running one more test, so still WIP :)21:35
cloudnullif you want i can load that into my test runer21:35
cloudnull*runner21:35
cloudnullthat can be the ref test for a few days21:35
palendaeSure21:36
*** Mudpuppy_ has joined #openstack-ansible21:37
cloudnulldone21:38
cloudnullcheck email , next 5 tests will be done using that ref21:38
cloudnullrefs/changes/37/237689/521:38
*** Mudpuppy_ has quit IRC21:38
cloudnullyou can watch progress here http://upgrade-test.cloudnull.io/21:39
cloudnulltop 5 logs21:39
*** darrenc_afk is now known as darrenc21:39
palendaeThanks21:39
*** Mudpuppy has quit IRC21:40
*** abitha has joined #openstack-ansible21:45
*** jongchoi_ has quit IRC22:02
*** jongchoi_ has joined #openstack-ansible22:04
openstackgerritMerged openstack/openstack-ansible: Allow configration of config_drive_format inside nova.conf  https://review.openstack.org/23380622:07
openstackgerritMerged openstack/openstack-ansible: Install Guide Cleanup  https://review.openstack.org/23803422:08
*** jongchoi_ has quit IRC22:10
*** sdake_ has joined #openstack-ansible22:22
*** dolpher has joined #openstack-ansible22:23
*** sdake has quit IRC22:24
*** phalmos has quit IRC22:30
*** sigmavirus24 is now known as sigmavirus24_awa22:35
*** markvoelker has quit IRC23:08
*** k_stev has quit IRC23:14
*** jwagner is now known as jwagner_away23:29
*** sdake_ has quit IRC23:33
*** harlowja_ has quit IRC23:33
*** harlowja has joined #openstack-ansible23:37
*** harlowja_ has joined #openstack-ansible23:45
*** harlowja has quit IRC23:49
« Tuesday, 2015-10-20 Index Thursday, 2015-10-22 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!