Thursday, 2015-10-22

« Wednesday, 2015-10-21 Index Friday, 2015-10-23 »
*** markvoelker has joined #openstack-ansible00:36
*** scarlisle has quit IRC00:38
*** markvoelker has quit IRC00:41
*** galstrom_zzz is now known as galstrom00:46
*** fawadkhaliq has joined #openstack-ansible01:00
*** abitha has quit IRC01:10
*** galstrom is now known as galstrom_zzz01:20
*** galstrom_zzz is now known as galstrom01:20
*** galstrom is now known as galstrom_zzz01:22
openstackgerritKevin Carter proposed openstack/openstack-ansible: Make the container cache resolvers configurable  https://review.openstack.org/23822301:34
*** dolpher has quit IRC01:39
openstackgerritKevin Carter proposed openstack/openstack-ansible: Make the container cache resolvers configurable  https://review.openstack.org/23822301:48
*** fawadkhaliq has quit IRC01:48
*** davidself has joined #openstack-ansible02:03
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement shippable venvs  https://review.openstack.org/23618302:11
*** markvoelker has joined #openstack-ansible02:37
*** markvoelker has quit IRC02:42
*** dolpher1 has joined #openstack-ansible02:43
*** tlian has quit IRC03:21
*** markvoelker has joined #openstack-ansible03:38
*** markvoelker has quit IRC03:43
*** g3rms_ has quit IRC04:08
*** fawadkhaliq has joined #openstack-ansible04:18
*** galstrom_zzz is now known as galstrom04:27
*** abitha has joined #openstack-ansible04:30
*** abitha has quit IRC04:37
*** rajalokan has joined #openstack-ansible04:45
*** subscope has joined #openstack-ansible04:47
*** galstrom is now known as galstrom_zzz04:52
*** WeeIX has joined #openstack-ansible05:12
*** rajalokan has quit IRC05:16
*** rajalokan has joined #openstack-ansible05:34
*** subscope has quit IRC05:37
*** markvoelker has joined #openstack-ansible05:39
*** markvoelker has quit IRC05:43
*** mpavone has joined #openstack-ansible07:04
*** subscope has joined #openstack-ansible07:14
*** gparaskevas has joined #openstack-ansible07:23
*** gardenshed has joined #openstack-ansible07:26
*** gardenshed has quit IRC07:36
*** markvoelker has joined #openstack-ansible07:40
*** gardenshed has joined #openstack-ansible07:42
*** markvoelker has quit IRC07:44
*** gparaskevas has quit IRC07:48
*** karimb has joined #openstack-ansible08:03
*** gparaskevas has joined #openstack-ansible08:22
*** subscope has quit IRC08:48
openstackgerritMerged openstack/openstack-ansible-security: V-38681: GID's in /etc/passwd & /etc/group  https://review.openstack.org/23421508:49
odyssey4meo/ morning all08:50
*** openstackgerrit has quit IRC09:01
*** openstackgerrit has joined #openstack-ansible09:02
*** dolpher1 has quit IRC09:03
*** subscope has joined #openstack-ansible09:08
*** gardenshed has quit IRC09:13
*** neilus has quit IRC09:14
*** karimb has quit IRC09:22
*** karimb has joined #openstack-ansible09:23
*** neilus has joined #openstack-ansible09:30
*** gardenshed has joined #openstack-ansible09:30
tiagogomes__Morning! So I configured my deployment to use LDAP for identity. The OpenStack internal users (admin user, cinder user, nova user...) are in LDAP as well09:35
tiagogomes__However the task "Ensure Admin user" is failing with an unauthorized error09:36
tiagogomes__I ssh to an container and set OS_TOKEN, OS_AUTH and OS_IDENTITY_API_VERSION and verified that `openstack user list` is not authorized; but  openstack user list --domain Default` works09:38
tiagogomes__So, is there a bug that you need to give the domain when verifying if the admin user exists? Or I am missing something09:38
*** ashishjain has joined #openstack-ansible09:40
ashishjainhello hughsaunders u there?09:40
*** markvoelker has joined #openstack-ansible09:40
*** markvoelker has quit IRC09:45
*** openstackgerrit has quit IRC09:46
*** openstackgerrit has joined #openstack-ansible09:47
hughsaundersashishjain: pong09:55
*** subscope has quit IRC09:55
ashishjainhughsaunders: hello09:55
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Ignore tempest requirements for repo build  https://review.openstack.org/23842909:56
*** subscope has joined #openstack-ansible09:56
ashishjainhughsaunders: I did as you suggested and enabled the same interface/bridges in the compute node ran the playbooks for neutron09:56
ashishjainhughsaunders: Post that I use the external network when spinnng of a nova instance with tcpdump on compute node09:56
ashishjainI see only a request and no response09:57
ashishjain13:58:12.432458 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:6e:58:20 (oui Unknown), length 29809:57
ashishjainHow does dhcp work is it  nova_instance->compute->neutronAgent->?09:57
ashishjainDoes it mean my dhcp request is unable to go out of compute node to neutron node ?09:58
ashishjainLooked at the iptables on compute node which looks very cryptic so manny entries probably made by linux bridge09:58
ashishjainthis mac address "fa:16:3e:6e:58:20" is from the new VM09:59
ashishjainIn the dnsmasq log in the neutron agent container their is no entry for any of such dhcp request10:02
hughsaundersashishjain: Yeah, the dhcp agent is in  a namespace on the neutron agent node. So the request goes from instance > host > neutron node > dhcp agent namespace > dnsmasq10:05
hughsaundersyou should be able to follow the request along that path. The simplest case is when your provider network is flat and the instance has an interface directly on the provider network10:06
ashishjain hughsaunders:  Yes that is what I have done by hosting a nova instance directly on the external provider network, and tcpdump reveals nothing on the neutron agent node, I just see entries on the compute node10:07
hughsaunderstiagogomes__: the openrc sets the domain so you shouldn't need to specify it10:08
ashishjainfor dhcp request10:08
hughsaunderstiagogomes__: and it probably is a bug if we don't specify the domain for ensure admin user10:08
ashishjainhughsaunders: There is no connectivity issue b/w my compute and neutron agent node as I just now spinned off a VM using the tenant network and everything works fine10:09
hughsaundersashishjain: but the issue is your provider network10:09
hughsaundersyou need to ensure that your compute and agent nodes can communicate on that network10:10
ashishjainokay I get your point10:10
tiagogomes__hughsaunders I don't think openrc is used when ensuring that the admin user exits10:11
ashishjainhughsaunders: Any advice on how can I check that out as both these networks does not come with an ip address10:12
hughsaunderstiagogomes__: it isn't but should be when you're testing with the cli10:12
hughsaundersashishjain: theres nothing to stop you adding IPs to the compute and neutron node's interfaces on the provider network10:13
ashishjainokay I will try that out10:14
hughsaunderstiagogomes__: also the keystone module uses 'Default' as the default domain so that should be fine also... https://github.com/openstack/openstack-ansible/blob/master/playbooks/library/keystone#L70910:15
hughsaunderstiagogomes__: any issues in the keystone apache log?10:16
tiagogomes__2015-10-22 11:25:42.816 4417 WARNING keystone.common.controller [-] Invalid token found while getting domain ID for list request10:26
tiagogomes__2015-10-22 11:25:42.817 4417 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 10.10.0.1010:26
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: [WIP] Add more known conflicting packages  https://review.openstack.org/23844210:32
openstackgerritMerged openstack/openstack-ansible-security: Updating getting started docs  https://review.openstack.org/23606610:47
*** rajalokan has quit IRC10:48
*** markvoelker has joined #openstack-ansible10:56
*** markvoelker has quit IRC11:01
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add pre-tempest instance info output  https://review.openstack.org/23845411:09
*** ashishjain has quit IRC11:23
tiagogomes__ok, I solved my problem by adding 'domain=default' as an argument here: https://github.com/openstack/openstack-ansible/blob/master/playbooks/library/keystone#L66011:23
tiagogomes__so this looks to be a bug11:23
tiagogomes__you need to specify the domain when retrieving the users11:24
tiagogomes__I experienced the same observation when using the openstack command line tool11:24
odyssey4metiagogomes__ nice! perhaps you can add a patch for this?11:24
*** subscope has quit IRC11:25
odyssey4metiagogomes__ I think what you found may relate to this bug: https://bugs.launchpad.net/openstack-ansible/+bug/150628511:25
openstackLaunchpad bug 1506285 in openstack-ansible "11.2.1 : openstack client with V3 auth causes usability issues" [Undecided,New] - Assigned to Ian Cordasco (icordasc)11:25
tiagogomes__odyssey4me authentication in OpenStack is getting so confused, the error messages don't help11:29
*** gardenshed has quit IRC11:29
odyssey4metiagogomes__ yeah, unfortunately a lot of things get swallowed/hidden in the auth environment11:42
openstackgerritMerged openstack/openstack-ansible: Update kilo for new dev work - 21 Oct 2015  https://review.openstack.org/23790711:43
openstackgerritMerged openstack/openstack-ansible: Removing package patch versions from APT pinning  https://review.openstack.org/23823011:51
*** subscope has joined #openstack-ansible11:54
*** gparaskevas has quit IRC11:58
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: [WIP] Disable prevent_arp_spoofing  https://review.openstack.org/23847212:02
*** karimb has quit IRC12:03
*** jaypipes has joined #openstack-ansible12:05
*** gardenshed has joined #openstack-ansible12:05
*** gardenshed has quit IRC12:06
*** markvoelker has joined #openstack-ansible12:12
*** woodard has joined #openstack-ansible12:28
odyssey4memattt hughsaunders I think this would be useful on an ongoing basis: https://review.openstack.org/23845412:31
*** woodard has quit IRC12:31
*** woodard has joined #openstack-ansible12:32
*** fawadkhaliq has quit IRC12:36
mhaydenmorning12:36
mgariepygood morning everyone12:39
tiagogomes__Hi, I am trying to push a change to gerrit but I am getting Unauthorized12:40
*** woodard has quit IRC12:41
*** karimb has joined #openstack-ansible12:43
tiagogomes__hmm, the launchpad password didn't work, but I set a http password on gerrit and that worked better12:46
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement L3HA support  https://review.openstack.org/23338912:48
*** woodard has joined #openstack-ansible12:50
*** woodard has quit IRC12:52
*** woodard has joined #openstack-ansible12:52
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071612:53
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement shippable venvs  https://review.openstack.org/23618312:56
*** tlian has joined #openstack-ansible12:56
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3869{2,4}: Lock inactive accounts  https://review.openstack.org/23325512:59
mhaydenodyssey4me / mattt: just a rebase here to fix a merge conflict ^^12:59
cloudnullmattt i updated the https://review.openstack.org/#/c/236183/ and https://review.openstack.org/#/c/230716/ prs / commented inline on your reviews thats for that btw13:00
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38683: Check for non-unique usernames  https://review.openstack.org/23420913:01
*** gparaskevas has joined #openstack-ansible13:01
matttmhayden: no worries -- you seem to have a few reviews that have been sitting around w/ feedback for a good few days13:03
mhaydenmattt: yeah, i was in training yesterday ;)13:03
* mhayden is catching up13:03
matttmhayden: you slacker13:03
matttcloudnull: i'm not sure anyone would ever do anything w/ a venv manually, but i hate untaring a tarball and finding it doesn't have everything in a single dir :)13:04
odyssey4mehughsaunders this is the package list from the successful job: http://pastebin.com/XdCGh76U13:05
odyssey4methose are packages on the host which aren't on the failing job host13:05
odyssey4methese are the packages on the filing host which aren't on the working host http://pastebin.com/U9WPX2JL13:05
cloudnullmattt:  ha im on the inverse of that13:07
matttcloudnull: really!13:07
cloudnulli typically use tar -C and hate finding i have to go and move things around13:07
cloudnullbut the current archive format stores the tar in /var/cache and then unarchives it to the proper location13:08
cloudnullwhich is taken care of by the ansible unarchive module13:08
mhaydenmattt: i think i shored up the issues you found on https://review.openstack.org/#/c/233071/13:09
cloudnulli have to run for a bit bbs13:09
matttcloudnull: yeah everything is handled nicely in ansible atm13:09
matttcloudnull: i was thinking more in the event people would be doing things manually w/ the venvs13:09
openstackgerritMerged openstack/openstack-ansible-security: V-3869{2,4}: Lock inactive accounts  https://review.openstack.org/23325513:09
matttthen you may want to have the release in the tarball name, etc.13:09
matttbut perhaps these are use cases that will never exist13:09
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-58901: sudo requires auth  https://review.openstack.org/23423913:11
*** neilus has quit IRC13:12
odyssey4meApsu if you've had your coffee, we have a networking conundrum for you.13:14
ApsuHoo boy13:14
ApsuFire away.13:14
*** elo has quit IRC13:15
odyssey4meright, so since enabling arp_spoofing_protection in master we're getting a consistent pass in our voting gate check, but a consistent fail in the non-voting gate check13:15
ApsuOk13:15
odyssey4mewhen disabling the arp spoofing protection, both pass just fine13:15
mhaydenmattt: for https://review.openstack.org/#/c/234264/11, what do you think about an async job?13:16
odyssey4meso clearly something is going on in the non voting check that causes a failure when ebtables is in the mix13:16
ApsuHave you made sure that the appropriate extension is also enabled in the ml2 conf? Sam-I-Am identified the missing piece back when I ran into a problem before13:16
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38683: Check for non-unique usernames  https://review.openstack.org/23420913:16
ApsuIt was specifically an issue with floating IP communication, due to improper ebtables rules13:17
odyssey4meApsu yes, as it's passing consistently in one gate and not in the other, it is clearly not an issue with config or packages in the containers themselves - it can only be something to do with the host13:17
ApsuWell, depends on what's being tested and how, I suppose.13:17
odyssey4methe openstack configs are exactly the same both ways13:17
ApsuDo you know what exactly the other check is doing?13:18
odyssey4meand the test process is the same both ways13:18
odyssey4methere is a difference in the packages on the pre-built image between the two tests13:18
matttmhayden: do you think it makes sense to block or not?13:18
matttmhayden: i'm still in two minds on it13:18
odyssey4meand there may be a difference in the networking config too13:18
odyssey4meApsu you can inspect the result of https://review.openstack.org/23845413:18
matttmhayden: i just suspect sending it to root account is as useful as /dev/null13:19
odyssey4meApsu the actual issue is that the instance that's built by tempest doesn't get DHCP13:19
mhaydenmattt: hmm, i'd rather avoid blocking and let the playbook just get going, but we could make it configurable perhaps13:20
mhaydenpeople might not notice13:20
mhaydenmight not notice the configurable option, i mean13:20
matttmhayden: would be good to get some other opinions on it13:21
cloudnullMattt  do you think it best to have the name in the tarball stored on the target ?13:22
mhaydenmattt: i'll poke the ML13:22
matttmhayden: i suppose aide can write to a file right?  perhaps the first task can be to check if the file exists (from previous run) and to fatal if it's not empty13:22
mhaydenmattt: well the handler is only run if the aide package was *just* installed13:22
matttmhayden: that way you may not notice on first run if there is a serious problem, but if sufficient time has passed between runs and there has been a compromise then you'll know on subsequent runs13:23
cloudnullThe tarball on the repo is in a version tagged folder13:23
matttcloudnull: my thought was that if i was downloading them locally and doing crap with different venvs, it'd be nice to have the release reflected in name so i can have multiple in the same dir13:23
matttcloudnull: but i'm not sure what the likelihood of that ever happening is13:23
Apsuodyssey4me: In http://logs.openstack.org/54/238454/1/check/gate-openstack-ansible-commit-nv/e1897fa/logs/aio1_neutron_agents_container-d8275275/neutron-linuxbridge-agent.log there's this fun error http://paste.openstack.org/show/477162/13:24
cloudnullMultiple vens like running different versions of nova ?13:24
matttcloudnull: yep13:24
matttmhayden: hmm, that kinda sucks13:25
cloudnullOK. I can see that case, I'll update to support that.13:25
matttmhayden: is the idea to run this role 1x and hten never run it again?13:25
mhaydenmattt: nah, it can be run again13:25
mhaydenbut if you have aide installed already, the init is skipped13:25
matttmhayden: that doesn't seem right, right?13:25
matttbecause a lot could have changed between runs13:25
* Apsu holds up a sign that says IDEMPOTENT13:25
mhaydenthe init should only run if you just installed aide a few minutes earlier13:25
mhaydenmattt: there is a cron job that runs aide nightly13:26
ApsuIdempotence happens to everyone at some point in their life. It's normal.13:26
matttmhayden: ah!13:26
mhaydenthe init is only for the first run ever13:26
mhaydenyou can skip the init if you REALLY want to, and the init happens late that night13:26
mhaydenbut most folks like to init and then copy that file off the box13:26
mgariepycloudnull, thanks for the resolver patch ;)13:26
matttcloudnull: we may be solving for something that may never happen, but i think it makes sense to version the file13:27
mhaydenmattt: the idea is that you init in a known good state13:27
mhaydenthen the nightly checks look for diffs13:27
matttmhayden: ah, ok13:27
matttmhayden: that makes more sense then ... if you're expecting the state to be good then it makes little sense to sit around waiting for the init to finish13:28
*** gardenshed has joined #openstack-ansible13:28
Apsuodyssey4me: Conversely, it appears that in the aio1-neutron LBA log, ebtables works fine.13:28
Apsuodyssey4me: So that's neat.13:28
matttmhayden: i'm going to +2 this then13:29
* mhayden hugs mattt13:29
cloudnullMgariepy everything working ?13:30
*** gardenshed has quit IRC13:30
cloudnullAh just saw the review.13:31
*** mgoddard_ has joined #openstack-ansible13:31
odyssey4meApsu yep, so now what - note that in a cloud server AIO build, everything works just fine :/13:32
*** gardenshed has joined #openstack-ansible13:32
mhaydenmattt: how it feels when those patches land: http://i.imgur.com/yChPXoX.gifv13:33
matttmhayden: can you do away with wc -l in https://review.openstack.org/#/c/234209 and just rely on exit code?13:33
* mhayden ganders13:33
mhaydenmattt: the return codes were ugly on this one13:33
mhaydenthat's why i went with wc -l to be 100% sure13:34
matttmhayden: ok cool13:34
*** mgoddard has quit IRC13:34
Apsuodyssey4me: Welp, lets see if we get the same error in the voting gate, first.13:35
odyssey4meApsu since the merge of the enablement of the arp spoofing protection, not a single voting job has failed13:35
ApsuNope. There's Other fun errors, but seem transient13:36
Apsu(interface does not exist, which is super happy funtimes netlink race conditions)13:36
Apsuodyssey4me: So, you're *certain* the policy.json in the neutron-agents container doesn't differ between these two check environments? You mentioned packages may be different13:37
*** gardenshed has quit IRC13:37
odyssey4meApsu also, to confirm that arp spoofing protection is the culprit, this job passed on both counts: https://review.openstack.org/23847213:37
Apsuhaha, nice.13:37
odyssey4meApsu yes, apt package are different - nothing we put down13:37
ApsuNeat.13:37
odyssey4meApsu this is the list of packages on the working job that aren't on the broken job: http://pastebin.com/XdCGh76U13:38
odyssey4me^ apt packages13:38
ApsuBecause "operation not permitted" on modprobe (insmod, here) generally means you're not root, or there's some kind of lxc access issue (apparmor)13:39
Apsuodyssey4me: Huh. Is there a kernel version difference?13:39
ApsuBecause there's linux-{headers,image} packages there.13:39
openstackgerritTiago Gomes proposed openstack/openstack-ansible: Pass domain to some calls in the keystone library  https://review.openstack.org/23850913:41
odyssey4meApsu yep13:41
Apsuodyssey4me: Can we make there not be? :P13:42
odyssey4melinux-image-3.13.0-63 on the broken one, and linux-image-3.13.0-65 on the working13:42
ApsuWonder if there's a difference in apparmor versions too.13:43
ApsuWouldn't show up in your package name diff, but...13:43
ApsuLet's see if we can find an apparmor complaint to accompany this13:43
ApsuBecause... in the same LBA log... there's multiple errors of "Network not available"13:43
tiagogomes__odyssey4me, https://review.openstack.org/#/c/238509/13:43
ApsuAnd that sounds to me like the surface of the issue -- no DHCP because Neutron can't activate the network ports, because (presumably) ebtables failures.13:44
odyssey4meApsu could be - do you need another log added to the list for diagnostics?13:45
Apsuodyssey4me: Looking for syslog right now, don't see it.13:45
Apsuodyssey4me: Also, http://logs.openstack.org/54/238454/1/check/gate-openstack-ansible-commit-nv/e1897fa/logs/ansible_cmd_logs/flush_net_cache.log13:46
ApsuWhy are we flushing net caches still?13:46
odyssey4meApsu that happens very early on - before the playbooks run: https://github.com/openstack/openstack-ansible/blob/master/scripts/run-playbooks.sh#L8713:46
ApsuWell In that log, there's a bunch of container IP entries. No earthly reason to flush them -- just like there's never any reason to actually flush the table, ever.13:47
ApsuSo just saying, should probably fix that :)13:48
ApsuMight save you some timeout retries or other transient issues now and then, shave some minutes off the runtimes.13:48
ApsuBut yeah, syslog.13:48
ApsuNeed to see if apparmor is puking13:48
*** dolpher has joined #openstack-ansible13:51
mhaydenmattt: i think this one is ready to roll, too -> https://review.openstack.org/#/c/233198/13:52
odyssey4meApsu ok, will add that - do you need the compute host syslog, or the neutron agent container syslog - or both?13:53
mhaydenwow, 12 openstack-ansible-security reviews left (originally ~ 48)13:53
odyssey4mecloudnull mattt hughsaunders this one should probably go in for the liberty release: https://review.openstack.org/23842913:53
Apsuodyssey4me: Probably only host, but might as well add both I suppose. Aren't the container logs all being shipped anyway?13:53
cloudnullodyssey4me:  ill point out that if we make https://review.openstack.org/#/c/230716 go then we dont have to deal with yaprt for liberty :)13:55
mattt++13:55
openstackgerritTiago Gomes proposed openstack/openstack-ansible: Pass domain to some calls in the keystone library  https://review.openstack.org/23851513:55
*** fawadkhaliq has joined #openstack-ansible14:00
*** k_stev has joined #openstack-ansible14:02
* mhayden tips his hat to mattt14:04
palendaecloudnull: Looks like the jobs failed to grab the ref for my patch14:04
*** fawadkhaliq has quit IRC14:04
*** mgoddard has joined #openstack-ansible14:05
*** mgoddard_ has quit IRC14:05
cloudnullhum... going to go look14:05
cloudnullpalendae:  i fat fingered it14:07
cloudnullrunning a new build now14:07
matttcloudnull: how do we handle upgradation of yaprt ?14:11
cloudnullhow so ?14:11
*** sigmavirus24_awa is now known as sigmavirus2414:11
matttcloudnull: i just checked out 11.2.4 on a 11.2.2 deploy and repo-server.yml failed as yaprt was expecting some flag which didn't exist on my version of yaprt14:11
*** jimchou has joined #openstack-ansible14:11
matttcloudnull: hopefully not something we have to solve but if that other patch doesn't go through we'll need to look into it i guess14:12
cloudnullthe repo server needs to have yaprt upgraded14:12
cloudnullthe repo-server play should take care of that for you.14:12
matttcloudnull: yeah but we don't specify a version14:13
matttso if you have an old versoin installed the plays fail14:13
cloudnullrepo-build failed right ?14:13
matttyeah repo-build not repo-server14:13
matttyaprt: error: unrecognized arguments: --git-repo-path /var/www/repo/openstackgit14:13
cloudnullyou'd have to run repo-server then repo-build14:13
matttalready have yaprt installed is my point :P14:14
matttrerunning repo-server doesn't upgrade yaprt14:14
cloudnullright the repo-server play pulls for pypi which should see the new version14:14
cloudnullif not then thats something we need to go solve14:14
mattti'll add a bug14:15
matttconditional on your deprecate yaprt review14:15
cloudnullunless we make that specific problem go away: https://review.openstack.org/#/c/230716/ :)14:15
* mattt +214:15
mattthehe14:15
cloudnullf514:15
cloudnullf514:15
cloudnullf514:15
cloudnull=P14:16
hughsaundershaproxy14:16
odyssey4mere-run repo-server with pip reinstall args, as is specified in the upgrade steps: http://docs.openstack.org/developer/openstack-ansible/install-guide/app-minorupgrade.html14:21
openstackgerritKevin Carter proposed openstack/openstack-ansible: Added log-store for the gate  https://review.openstack.org/23853114:21
cloudnullah mattt thatll do it14:22
cloudnullwhat odyssey4me said14:22
*** Mudpuppy has joined #openstack-ansible14:22
*** Mudpuppy has quit IRC14:22
*** Mudpuppy has joined #openstack-ansible14:23
matttcloudnull: ah!14:23
matttthanks openstackgerrit14:23
matttodyssey4me: :P14:23
cloudnulli do that all the time14:23
cloudnullodyssey4me:  you need to change your name =P14:24
odyssey4memattt rtfd :p14:24
cloudnulllol14:24
mhaydeni think openstackgerrit is the best ptl we've had14:29
* mhayden giggles14:29
matttnext time the PTL tells me to rtfd i won't vote for him again14:29
matttoh wait14:29
mattt:P14:29
mhaydenmattt: i voted liberal14:29
hughsaundersmattt: maybe you could stand next time14:30
*** mgoddard_ has joined #openstack-ansible14:31
mattthughsaunders: http://i.kinja-img.com/gawker-media/image/upload/japbcvpavbzau9dbuaxf.jpg14:31
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement shippable venvs  https://review.openstack.org/23618314:32
hughsaundersmattt: that is not a prereq for political positions14:32
cloudnullmattt:  ^ updated for versioned tarball14:32
matttcloudnull: nice will have a look!14:33
*** scarlisle has joined #openstack-ansible14:34
cloudnullit was a fairly simple change , updated the archive task for the name and changed the url in the play. idk if its functionality people will use but from a debugging / development prospective i can see how versioned files will be helpful.14:35
*** mgoddard has quit IRC14:35
matttcloudnull: fully agree14:35
scarlislegood morning14:35
cloudnullo/ scarlisle14:35
mattthowdy scarlisle14:35
scarlislehey cloudnull mattt14:36
scarlisleI know this channel is for openstack-ansible, but I'm hitting a problem when running the setup_maas playbook.  However, I'm not sure if the problem itself lies in the maas stuff or the openstack-ansible stuff14:38
matttscarlisle: what's the error ?14:38
scarlisleerror while evaluating conditional: inventory_hostname in groups['ceph_all']14:38
matttscarlisle: ah ok, i know what it is14:39
scarlisleI'm not able to find that group, so I guess its esssentially trying to check a Null reference with groups['ceph_all']14:40
matttscarlisle: yeah i'm guessing you don't have a ceph.yml in /etc/openstack_deploy/env.d ?14:40
matttscarlisle: this is a kilo or later deploy i'm guessing ?14:41
scarlisleI don't14:41
scarlisleits an upgrade from 10.1.15 to 11.2.4 using r11.0.214:41
andymccrscarlisle, mattt: https://github.com/rcbops/rpc-openstack/issues/49214:43
scarlisleahh, thanks andymccr14:44
andymccrscarlisle: might be easiest to just edit the main.yml in the way linked in that issue - that'll make it work. it was a logic issue unfortunatley :(14:44
matttandymccr: if you had ceph.yml in your env wouldn't ceph_all be defined ?14:44
andymccrmattt: it would14:45
andymccrbut if you never install ceph you probably wouldnt have ceph.yml14:45
andymccrwhich is why that issue exists really14:45
matttandymccr: https://github.com/rcbops/rpc-openstack/blob/master/rpcd/etc/openstack_deploy/env.d/ceph.yml14:45
mattti assumed that would always get copied in14:45
matttbut perhaps not14:46
tiagogomes__is there any reason for the existence of the openrc_os_username, openrc_os_password variables? Can't those be inferred from the other variables14:46
*** mgoddard_ has quit IRC14:46
andymccrmattt: because its a manual copy14:46
andymccron existing deploys you probably wouldnt copy it in14:46
mattti see14:46
*** mgoddard has joined #openstack-ansible14:46
scarlisleandymccr exactly14:46
andymccri kinda wish it would just evaluate it and say "well its not in that group since the group doesnt exist!" :D14:46
mattthehe14:47
matttyea14:47
cloudnulltiagogomes__:  its defined here playbooks/inventory/group_vars/hosts.yml:218:openrc_os_password: "{{ keystone_auth_admin_password }}" however yes that functionality could likely be smarter14:47
tiagogomes__cloudnull unfortunately not openrc_os_username14:48
cloudnullwhich play cadence to moving some of the CRUD ops to specific roles to make that interaction better14:49
tiagogomes__that one was forgiven14:49
cloudnullwell you can define openrc_os_username to override it if needed14:49
mhaydenmattt: https://review.openstack.org/#/c/233284/214:50
tiagogomes__that's what I did, but not what I should do :)14:50
cloudnull++ agreeded14:50
cloudnullIt'd be great to spec out a process to improve that whole process14:51
cloudnullsame w/ db  create and administrative api interactions14:51
*** phalmos has joined #openstack-ansible14:52
*** gardenshed has joined #openstack-ansible14:53
*** subscope has quit IRC14:54
*** karimb_ has joined #openstack-ansible14:56
*** markvoelker_ has joined #openstack-ansible14:57
*** darrenc_ has joined #openstack-ansible14:58
*** matt______ has joined #openstack-ansible14:59
*** mcarden_ has joined #openstack-ansible14:59
*** neillc_ has joined #openstack-ansible15:00
*** gus_ has joined #openstack-ansible15:00
*** fawadkhaliq has joined #openstack-ansible15:01
*** daneyon has joined #openstack-ansible15:02
*** palendae_ has joined #openstack-ansible15:03
*** bgmccollum_ has joined #openstack-ansible15:03
*** b3rnard0- has joined #openstack-ansible15:04
*** dolphm_ has joined #openstack-ansible15:04
*** timrc_ has joined #openstack-ansible15:04
*** jroll|dupe has joined #openstack-ansible15:04
*** eglute_s has joined #openstack-ansible15:04
*** _d34dh0r53_ has joined #openstack-ansible15:04
*** palendae_ has quit IRC15:04
*** jimchou has quit IRC15:05
*** fawadkhaliq has quit IRC15:05
*** mgagne_ has joined #openstack-ansible15:05
*** _sigmavirus24 has joined #openstack-ansible15:05
*** palendae_ has joined #openstack-ansible15:05
*** persia_ has joined #openstack-ansible15:06
*** persia_ has quit IRC15:06
*** persia_ has joined #openstack-ansible15:06
*** palendae_ has quit IRC15:06
*** karimb has quit IRC15:06
*** markvoelker has quit IRC15:06
*** persia has quit IRC15:06
*** tiagogomes__ has quit IRC15:06
*** neillc has quit IRC15:06
*** timrc has quit IRC15:06
*** palendae has quit IRC15:06
*** mgagne has quit IRC15:06
*** sigmavirus24 has quit IRC15:06
*** meteorfox has quit IRC15:06
*** eglute has quit IRC15:06
*** d34dh0r53 has quit IRC15:06
*** jroll has quit IRC15:06
*** bgmccollum has quit IRC15:06
*** dolphm has quit IRC15:06
*** gus has quit IRC15:06
*** mcarden has quit IRC15:06
*** mattoliverau has quit IRC15:06
*** darrenc has quit IRC15:06
*** errr has quit IRC15:06
*** odyssey4me has quit IRC15:06
*** b3rnard0 has quit IRC15:06
*** spotz_zzz has quit IRC15:06
*** dolphm_ is now known as dolphm15:06
*** jroll|dupe is now known as jroll15:06
*** daneyon_ has joined #openstack-ansible15:06
scarlislecommenting out that section seems to have gotten me past that.  Thanks andymccr mattt15:07
*** spotz_zzz has joined #openstack-ansible15:07
*** persia_ is now known as persia15:07
andymccrscarlisle: excellent - that should be fixed in the near future15:07
*** palendae has joined #openstack-ansible15:07
*** _sigmavirus24 is now known as sigmavirus2415:08
*** sigmavirus24 has joined #openstack-ansible15:08
*** phalmos has quit IRC15:09
*** meteorfox has joined #openstack-ansible15:09
*** daneyon has quit IRC15:09
*** phalmos has joined #openstack-ansible15:10
*** odyssey4me has joined #openstack-ansible15:17
*** galstrom_zzz is now known as galstrom15:21
logan2is there a way to set container_vars across a group of hosts rather than individually? I have 61 lines of cinder_backends to set on each cinder_volume host and it seems like the only documented way to set that up is under each individual storage_host entry for every single host. since the backends are identical across all of these hosts (rbd setup) i would like to group it all together15:22
logan2if possible15:22
*** fawadkhaliq has joined #openstack-ansible15:32
*** neilus has joined #openstack-ansible15:33
*** sigmavirus24 is now known as sigmavirus24_awa15:37
*** sigmavirus24_awa is now known as sigmavirus2415:37
*** tiagogomes__ has joined #openstack-ansible15:38
*** mgoddard_ has joined #openstack-ansible15:45
*** mgoddard has quit IRC15:48
*** mpavone has quit IRC15:48
*** errr has joined #openstack-ansible15:51
*** phalmos has quit IRC15:54
odyssey4meApsu heh, good timing - we have a dhcp failure in both jobs - and now also have the syslogs: http://logs.openstack.org/31/238531/1/check/gate-openstack-ansible-dsvm-commit/ff7c5e0/logs/log-storage/15:57
odyssey4mealso http://logs.openstack.org/31/238531/1/check/gate-openstack-ansible-commit-nv/d654d5d/15:57
odyssey4methe syslogs are in logs/log-storage/15:58
*** mgoddard_ has quit IRC16:00
*** mgoddard has joined #openstack-ansible16:00
odyssey4mecommunity meeting in #openstack-meeting-4 cloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, mancdaz, dolphm, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung, prometheanfire, evrardjp, arbrandes, mhayden, scarlisle16:02
Apsuodyssey4me: Er... sizes are all 0....16:02
ApsuWe'll talk after meeting.16:02
*** phalmos has joined #openstack-ansible16:02
ApsuSeemingly every log in every directory, lol16:02
openstackgerritMiguel Grinberg proposed openstack/openstack-ansible: Update heat keystone_authtoken config  https://review.openstack.org/23597816:02
miguelgrinbergodyssey4me: pls take a look at what I changed in ^16:03
miguelgrinbergI added the auth_plugin that was missing, and a new set of trustee vars16:04
tiagogomes__odd, I can't override neutron_service_user_name16:12
*** jwagner_away is now known as jwagner16:13
tiagogomes__I had to comment out neutron_service_user_name in inventory/group_vars/hosts.yml16:16
*** b3rnard0- is now known as b3rnard016:16
*** gparaskevas has quit IRC16:17
odyssey4methanks miguelgrinberg - will check it... hopefully it gates!16:19
Sam-I-Ammiguelgrinberg: why two [trustee] sections?16:25
*** neilus has quit IRC16:26
Sam-I-Amwith some of the same values16:26
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated for a couple nits  https://review.openstack.org/23860716:28
miguelgrinbergSam-I-Am: did I put two? Let me check16:30
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Disable prevent_arp_spoofing  https://review.openstack.org/23847216:30
miguelgrinbergSam-I-Am: oh, I forgot to remove the one odyssey4me added16:31
*** Bjoern_ has joined #openstack-ansible16:31
Sam-I-Amodyssey4me: re arp spoof, where are you seeing these problems?16:31
openstackgerritMiguel Grinberg proposed openstack/openstack-ansible: Update heat keystone_authtoken config  https://review.openstack.org/23597816:31
miguelgrinbergSam-I-Am: fixed16:32
Sam-I-Ammiguelgrinberg: cool. i might be using this for the upstream install guide, and then following up to figure out docs for it16:32
Sam-I-Ambecause right now its definitely magic16:32
*** karimb_ has quit IRC16:33
miguelgrinbergSam-I-Am: if the trustee section is missing keystone_authtoken is used in its place16:34
miguelgrinbergit's not ideal, but in 99% of the cases they'll be configured the same16:34
Sam-I-Amsure, but [trustee] doesnt appear via oslo.config yet16:34
Sam-I-Amwe need to fix those bits16:34
*** _d34dh0r53_ is now known as d34dh0r5316:34
miguelgrinbergyes, I agree. That was something we missed16:34
*** rajalokan has joined #openstack-ansible16:41
*** g3rms_ has joined #openstack-ansible16:44
*** g3rms_ has quit IRC16:47
*** dolpher has quit IRC16:48
*** elo has joined #openstack-ansible16:48
Bjoern_what's next on the triaging ?16:50
*** Bjoern_ is now known as BjoernT16:50
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement Neutron LBAAS using haproxy  https://review.openstack.org/22036516:52
cloudnullBjoernT: ^ i rebased that off of master for a merge conflict16:52
BjoernTnice16:53
BjoernTI want to look at this monday to get the latest comments covered16:53
odyssey4meBjoernT it needs to be finalised today - if it's not in tomorrow, then it'll have to wait for 12.1.016:53
BjoernTok16:53
BjoernTthen earlier16:53
BjoernTi guess16:54
odyssey4me:)16:54
*** jwagner is now known as jwagner_away16:54
odyssey4meApsu yeah, I see the zero sized files :/16:54
BjoernTWe still have few bugs committed to juno but no release tag on them like https://bugs.launchpad.net/openstack-ansible/+bug/150820716:54
openstackLaunchpad bug 1508207 in openstack-ansible juno "Checking additional RabbitMQ metrics: fd, sockets and processes" [Undecided,In progress] - Assigned to Bjoern Teipel (bjoern-teipel)16:55
BjoernTor https://bugs.launchpad.net/openstack-ansible/+bug/148387716:55
openstackLaunchpad bug 1483877 in openstack-ansible juno "lxc pinning to 1.0.7-0ubuntu0.1 is causing issues" [Undecided,Fix committed] - Assigned to Bjoern Teipel (bjoern-teipel)16:55
BjoernT10.1.16 was today right ?16:55
odyssey4meBjoernT nope, tomorrow16:55
odyssey4methanks for raising those - I usually do a sweep through the patches to pick up on orphans, but sometimes they slip through the cracks16:56
BjoernTyeah they are pretty fresh comitted16:57
odyssey4meBjoernT if you can test and add your experience on https://review.openstack.org/236151 and https://review.openstack.org/226621 it would be helpful16:58
BjoernTyes I can16:59
odyssey4meawesome, thanks16:59
*** gardenshed has quit IRC17:02
*** daneyon_ has quit IRC17:08
*** g3rms_ has joined #openstack-ansible17:11
*** daneyon has joined #openstack-ansible17:15
*** daneyon_ has joined #openstack-ansible17:16
*** daneyon has quit IRC17:20
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Load glance metadata definitions  https://review.openstack.org/23542517:23
*** mgoddard has quit IRC17:28
*** sdake has joined #openstack-ansible17:33
openstackgerritKevin Carter proposed openstack/openstack-ansible: Load glance metadata definitions  https://review.openstack.org/23542517:42
cloudnull sigmavirus24:  if you get a chance that should load the metadata defs17:43
sigmavirus24cloudnull: published a -117:53
*** jimchou has joined #openstack-ansible17:58
*** mgagne_ is now known as mgagne18:03
*** sdake_ has joined #openstack-ansible18:03
*** sdake has quit IRC18:05
cloudnullhaha thats a problem18:06
openstackgerritKevin Carter proposed openstack/openstack-ansible: Load glance metadata definitions  https://review.openstack.org/23542518:07
cloudnullupdated18:07
odyssey4mesigmavirus24 cloudnull thanks for picking that up18:11
odyssey4memiguelgrinberg https://review.openstack.org/235978 looks good to me now, and passed the gate!18:13
odyssey4meSam-I-Am ^18:13
odyssey4mecloudnull sigmavirus24 https://review.openstack.org/235978 needs some voting :)18:13
odyssey4med34dh0r53 sigmavirus24 we need a second vote on https://review.openstack.org/238472 to unblock the gate - arp spoofing protection is causing high volume failure in gate checks18:15
odyssey4mestevelle ^18:15
cloudnulld34dh0r53 sigmavirus24 stevelle andymccr mattt hughsaunders can we get this through https://review.openstack.org/#/c/238472 that functionality is blocking the gate at this point18:15
cloudnullhahaha18:15
cloudnullodyssey4me:  beat me to it18:15
odyssey4melol18:15
lbragstadHey osa folks - quick keystone question for you. Does openstack-ansible provide a generic/default mapping when setting up a keystone service provider? https://github.com/openstack/openstack-ansible/blob/master/playbooks/library/keystone#L1127-L113418:15
odyssey4melbragstad we provide examples18:16
lbragstadodyssey4me  ok, but then it's up to the service provider to actually do the real mapping18:16
*** rajalokan has quit IRC18:17
odyssey4melbragstad https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_keystone/defaults/main.yml#L244-L26618:17
odyssey4melbragstad yes, the mappings are based on whatever the SP wants - we provide a basic functional example18:17
odyssey4meit's only an example because it depends on how the IdP has setup the attributes they share18:18
lbragstadodyssey4me ah interesting18:18
odyssey4melbragstad this will work for a standard shibboleth IdP https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_keystone/defaults/main.yml#L281-L29218:18
lbragstadright, so for that example, as long as the idp has openstack_user set as an attribute, the keystone service provider will map that to the default domain18:18
odyssey4meand this for adfs3 https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_keystone/defaults/main.yml#L307-L32118:18
lbragstadwith the fedgroup18:19
odyssey4meyeah, so in each case all federated users will be added to the group 'fedgroup' which is setup in the domain with the name 'Default'18:19
lbragstadodyssey4me cool, that makes sense18:19
odyssey4mewe provide some docs here http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-federation.html18:20
odyssey4methey're not perfect, but they try to explain how to do it with openstack-ansible and also to explain how the mappings and keystone bits work in a basic way18:21
odyssey4meI'll be prepping a blog post asap on the state in Liberty, and submit patches for it too. It'll likely only happen after the summit though.18:22
odyssey4meLiberty has some changed bits which we haven't yet worked through - but those configs are good for Kilo.18:22
lbragstadodyssey4me cool, thanks for the information!18:22
odyssey4melbragstad no problem :)18:23
odyssey4mewill we be seeing you in Tokyo?18:23
lbragstadodyssey4me yes sir!18:23
odyssey4meexcellent, we shall have to have a suitable beverage and share war stories :p18:24
*** CheKoLyN has joined #openstack-ansible18:24
lbragstadodyssey4me ++18:24
d34dh0r53odyssey4me: cloudnull done18:26
odyssey4merocking, thanks d34dh0r5318:26
*** sdake_ has quit IRC18:26
d34dh0r53odyssey4me: cloudnull no problem, either of you seen this with juno http://paste.openstack.org/show/477185/18:27
odyssey4med34dh0r53 was that a fresh aio, or did you teardown and rebuild?18:28
d34dh0r53trying to upgrade with https://review.openstack.org/#/c/226621 applied18:29
*** gardenshed has joined #openstack-ansible18:29
odyssey4meodd, never seen that - but it would seem like the bindmount is still being held by a previous process or something18:30
odyssey4meare you sure that the container isn't already running?18:30
d34dh0r53it's state is stopped, and there is only 1 cinder volumes container18:30
d34dh0r53I found the error really odd18:31
d34dh0r53google has nothing :/18:31
*** jwagner_away is now known as jwagner18:32
*** gardenshed has quit IRC18:32
odyssey4med34dh0r53 I'm out for the night. Sorry - hope you find a solution. :/18:32
*** sdake has joined #openstack-ansible18:35
d34dh0r53odyssey4me: no worries mate, have a good evening18:35
*** sdake has quit IRC18:39
*** daneyon_ has quit IRC18:42
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: [WIP] Use full command when reporting upgrade failure  https://review.openstack.org/23768918:46
*** phalmos has quit IRC18:50
*** phalmos has joined #openstack-ansible18:52
*** phalmos has quit IRC18:54
*** phalmos has joined #openstack-ansible18:54
*** phalmos has quit IRC19:00
*** gardenshed has joined #openstack-ansible19:01
cloudnulld34dh0r53:  what kernel are you running ?19:03
*** gardenshed has quit IRC19:04
cloudnull3.16.51 is busted19:04
d34dh0r533.13.0-6219:04
cloudnulloh, i have seen this specific error19:04
cloudnullone sec19:04
d34dh0r53cool19:05
cloudnullthat was an upgrade using the old busted script which was fixed here https://github.com/openstack/openstack-ansible/blob/kilo/scripts/upgrade-utilities/playbooks/cinder-adjustments.yml19:05
cloudnullits caused by a double udev entry19:05
cloudnullin the container config19:05
d34dh0r53ohh, sweet19:05
cloudnullso if you run that part it will fix it for you19:06
cloudnullinfo found here http://docs.openstack.org/developer/openstack-ansible/kilo/upgrade-guide/upgrade-playbooks.html#cinder-adjustments-yml19:06
d34dh0r53so from 10.1.15 to 10.1.16 we'll need that backported to juno?19:06
cloudnullits a kilo upgrade issue19:07
d34dh0r53I'm running into in on juno -> juno19:07
cloudnulloh then its an issue there too then19:07
cloudnull:)19:07
cloudnulli had thought palendae got that into juno already https://github.com/openstack/openstack-ansible/commit/f0db75ce27649e092fb5c3f651dbf07cb3f9a8d019:08
palendaeHm19:08
cloudnullhowever it may not be processing that conditional correctly.19:08
cloudnullor blowing up prior to the fix being run19:09
palendaeAlso, worth mentioning, it's a post action because if it was a pre, the task itself would just override the 'fix'19:09
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: Use full command when reporting upgrade failure  https://review.openstack.org/23768919:13
openstackgerritKevin Carter proposed openstack/openstack-ansible: Make the container cache resolvers configurable  https://review.openstack.org/23822319:19
openstackgerritKevin Carter proposed openstack/openstack-ansible: Load glance metadata definitions  https://review.openstack.org/23542519:22
openstackgerritMerged openstack/openstack-ansible: Disable prevent_arp_spoofing  https://review.openstack.org/23847219:26
cloudnulld34dh0r53: was it the container config that was causing the issue ?19:27
d34dh0r53cloudnull: looking now19:27
cloudnullwould someone like to review the browsable source fix https://review.openstack.org/#/c/238042/  ?19:28
cloudnullthat'd be nice to have wrapped up19:28
d34dh0r53cloudnull: yep http://paste.openstack.org/show/477192/19:29
*** gardenshed has joined #openstack-ansible19:32
*** jwagner is now known as jwagner_away19:34
*** gardensh_ has joined #openstack-ansible19:34
*** gardenshed has quit IRC19:37
cloudnullso we might need to have a pre-step for upgrades of juno or somehow wedge that in as a pretask19:38
palendae>.<19:38
palendaecloudnull: Yeah, in my tests, if I had it only as a pre-task, the actual task would override it19:38
*** phalmos has joined #openstack-ansible19:38
*** phalmos has quit IRC19:40
cloudnullwe could fix the actual task and then add a pre-task too ?19:40
*** fawadkhaliq has quit IRC19:40
palendaeProbably the right way to do it19:42
palendaeHave a pre-task to fix it if broken, lay down the right one if it's not there19:43
palendaeWasn't the problem in the lxc module, though?19:43
cloudnullpalendae:  nope its in the config entry19:48
palendaeHm, I thought we fixed that19:48
cloudnullthe issue is here rpc_deployment/vars/config_vars/container_config_cinder_volume.yml:  - "lxc.mount.entry = udev dev devtmpfs defaults 0 0"19:48
cloudnullwhich should be rpc_deployment/vars/config_vars/container_config_cinder_volume.yml:  - "lxc.mount.entry=udev dev devtmpfs defaults 0 0"19:48
cloudnullfor juno19:49
palendaeAhhh19:49
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071620:04
*** jwagner_away is now known as jwagner20:05
*** sdake has joined #openstack-ansible20:12
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Mysql file handles not correctly configured  https://review.openstack.org/23868320:15
openstackgerritMerged openstack/openstack-ansible: Add theme fix for browsable source code  https://review.openstack.org/23804220:23
*** mcarden_ is now known as mcarden20:23
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Mysql file handles not correctly configured  https://review.openstack.org/23868520:26
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Implement Neutron LBAAS using haproxy  https://review.openstack.org/22036520:34
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Implement Neutron LBAAS using haproxy  https://review.openstack.org/22036520:37
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Enable encryption between nova/RabbitMQ  https://review.openstack.org/23869120:44
*** matt______ is now known as mattoliverau20:46
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Mysql file handles not correctly configured  https://review.openstack.org/23868520:47
*** jaypipes has quit IRC20:47
*** sdake has quit IRC20:48
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Enable encryption between nova/RabbitMQ  https://review.openstack.org/23869120:50
*** galstrom is now known as galstrom_zzz20:59
*** KLevenstein has joined #openstack-ansible21:03
*** k_stev has quit IRC21:04
*** k_stev has joined #openstack-ansible21:17
*** sdake has joined #openstack-ansible21:29
*** sdake has quit IRC21:30
openstackgerritKevin Carter proposed openstack/openstack-ansible: Allow protocol to be set per endpoint-type  https://review.openstack.org/22662121:32
*** jwagner is now known as jwagner_away21:33
*** timrc_ is now known as timrc21:37
*** sdake has joined #openstack-ansible21:39
*** sdake_ has joined #openstack-ansible21:42
*** sdake has quit IRC21:43
*** KLevenstein has quit IRC21:53
*** alop has joined #openstack-ansible21:53
*** sdake_ has quit IRC22:00
*** sdake has joined #openstack-ansible22:00
*** CheKoLyN has quit IRC22:00
*** darrenc_ is now known as darrenc22:03
*** Mudpuppy has quit IRC22:05
*** sigmavirus24 is now known as sigmavirus24_awa22:08
openstackgerritMerged openstack/openstack-ansible: Load glance metadata definitions  https://review.openstack.org/23542522:09
openstackgerritMerged openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071622:10
*** jimchou has quit IRC22:12
*** gardensh_ has quit IRC22:12
*** neillc_ is now known as neillc22:25
openstackgerritMerged openstack/openstack-ansible: Adding new RabbitMQ alarms (fd,proc,sockets)  https://review.openstack.org/23778322:28
BjoernThey guys did we recently upgrade galera in kilo ?22:30
BjoernTI can't get galera up and the reason is a crashing xtrabackup on the first node22:30
*** darrenc is now known as darrenc_afk22:36
*** darrenc_afk is now known as darrenc22:45
openstackgerritMerged openstack/openstack-ansible-security: V-386**: Disabling various unneeded services  https://review.openstack.org/23319822:48
openstackgerritMerged openstack/openstack-ansible-security: V-38683: Check for non-unique usernames  https://review.openstack.org/23420922:50
*** sdake has quit IRC23:01
stevelleBjoernT: seeing the same thing in master, actually23:13
openstackgerritMerged openstack/openstack-ansible: Allow protocol to be set per endpoint-type  https://review.openstack.org/22662123:15
*** alop has quit IRC23:16
*** k_stev has quit IRC23:18
palendaeBjoernT, stevelle I know MariaDB was moved to 10 for master (which is Liberty), but I'm pretty confident that wasn't done in Kilo23:20
stevellethe work that was planned to go to kilo (I don't recall seeing it yet) was only the cluster management. 10 was not scheduled for kilo.23:22
palendaeNo, I'm on the cluster management and haven23:22
palendae't gotten a patch proposed yet23:22
stevelleerror: 'Can't connect to local MySQL server through socket ... (111 "Connection refused")'23:23
stevellethat's what I have now23:23
*** gus_ is now known as gus23:24
*** woodard_ has joined #openstack-ansible23:24
*** woodard has quit IRC23:25
*** alop has joined #openstack-ansible23:29
*** alop has quit IRC23:29
BjoernTpalendae: I got closer to the issue that  --galera-info  cause the innobackupex to crash. I did rebuilt the database on the master and now it's fixed. Now I'm on the 2nd node which fails additionally really stange23:30
openstackgerritKevin Carter proposed openstack/openstack-ansible: Enable encryption between nova/RabbitMQ  https://review.openstack.org/23869123:32
openstackgerritKevin Carter proposed openstack/openstack-ansible: Pass domain to some calls in the keystone library  https://review.openstack.org/23850923:32
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated for a couple nits  https://review.openstack.org/23860723:33
*** woodard_ has quit IRC23:34
*** sdake has joined #openstack-ansible23:34
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement shippable venvs  https://review.openstack.org/23618323:35
*** tlian2 has joined #openstack-ansible23:38
*** tlian has quit IRC23:40
*** sdake has quit IRC23:46
*** sdake has joined #openstack-ansible23:50
cloudnullstevelle: BjoernT: you still seeing the galera crashing ?23:56
stevellecloudnull: I am23:59
« Wednesday, 2015-10-21 Index Friday, 2015-10-23 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!