Tuesday, 2016-03-29

« Monday, 2016-03-28 Index Wednesday, 2016-03-30 »
*** asettle has joined #openstack-ansible00:10
*** fawadkhaliq has quit IRC00:12
*** fawadkhaliq has joined #openstack-ansible00:13
*** sdake_ has joined #openstack-ansible00:35
*** sdake has quit IRC00:38
*** fawadkhaliq has quit IRC00:40
*** fawadkhaliq has joined #openstack-ansible00:40
*** sdake_ has quit IRC00:47
*** sdake has joined #openstack-ansible00:47
*** b3rnard0 is now known as b3rnard0_away00:50
*** asettle has quit IRC00:54
*** jorge_munoz has quit IRC00:54
*** fawadkhaliq has quit IRC01:02
*** asettle has joined #openstack-ansible01:04
*** fawadkhaliq has joined #openstack-ansible01:07
*** asettle has quit IRC01:08
*** fawadkhaliq has quit IRC01:14
*** asettle has joined #openstack-ansible01:23
*** jamielennox|away is now known as jamielennox01:29
*** saneax is now known as saneax_AFK01:41
*** thorst has quit IRC01:59
*** saneax_AFK is now known as saneax02:23
*** saneax is now known as saneax_AFK02:43
openstackgerritMerged openstack/openstack-ansible: Updates all repo SHAs to prepare for Mitaka release  https://review.openstack.org/29679903:23
cloudnull^ woot! thanks for the reviews spotz_zzz automagically and stevelle03:25
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Fail when ansible-galaxy returns error  https://review.openstack.org/29228503:26
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Enable SSL termination for all services  https://review.openstack.org/27719903:26
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Removed the repo clone mirror play  https://review.openstack.org/29594103:27
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Adjust swift plays to use unified os-swift role  https://review.openstack.org/29391103:27
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Adding legacy ethx steps to convert enox, enpx etc  https://review.openstack.org/29494203:27
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Update ansible to the latest release (v1.9.5-1)  https://review.openstack.org/29683903:28
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Add group_vars for swift_remote_all hosts  https://review.openstack.org/29725703:28
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Remove pip_get_pip_options override from group_vars  https://review.openstack.org/29659403:28
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Add condition to local IP for overlay net  https://review.openstack.org/27379303:28
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Include security role in setup-hosts.yml  https://review.openstack.org/29052603:28
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: OpenStack services should reach Glance via the internal LB VIP  https://review.openstack.org/29084403:28
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Add ebtables check for network hosts  https://review.openstack.org/28962203:28
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Add installation support for os_ironic  https://review.openstack.org/29377903:28
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Add project scoped token when obtaning token  https://review.openstack.org/29756303:28
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Fixing keepalived bug when 2+ backup nodes have the same priority  https://review.openstack.org/27973003:32
*** winggundamth has quit IRC03:49
*** asettle has quit IRC03:58
*** thorst has joined #openstack-ansible04:00
*** thorst has quit IRC04:09
*** fawadkhaliq has joined #openstack-ansible04:20
*** fawadk has joined #openstack-ansible04:21
*** fawadkhaliq has quit IRC04:25
mrdacloudnull: thanks for the rebase, was getting there04:43
*** fawadk has quit IRC05:00
*** saneax_AFK is now known as saneax05:01
*** thorst has joined #openstack-ansible05:06
*** pcaruana has quit IRC05:09
*** asettle has joined #openstack-ansible05:12
*** thorst has quit IRC05:14
*** shausy has joined #openstack-ansible05:15
*** fawadkhaliq has joined #openstack-ansible05:38
*** asettle has quit IRC05:39
*** sdake_ has joined #openstack-ansible05:50
*** sdake has quit IRC05:52
*** winggundamth has joined #openstack-ansible05:54
openstackgerritMichael Davies proposed openstack/openstack-ansible-os_nova: WIP: Add Nova config for os_ironic role  https://review.openstack.org/29331505:54
*** asettle has joined #openstack-ansible05:54
*** asettle has quit IRC05:59
*** thorst has joined #openstack-ansible06:01
*** thorst has quit IRC06:09
*** jiteka has joined #openstack-ansible06:12
*** markvoelker has joined #openstack-ansible06:22
*** markvoelker_ has joined #openstack-ansible06:23
*** markvoelker has quit IRC06:27
*** neilus has joined #openstack-ansible06:43
*** markvoelker_ has quit IRC06:43
*** markvoelker has joined #openstack-ansible06:44
openstackgerritMichael Carden proposed openstack/openstack-ansible-ironic: [WIP] Add tests for the ironic CLI  https://review.openstack.org/29855706:48
*** fawadkhaliq has quit IRC06:49
*** neilus has quit IRC06:52
openstackgerritMichael Carden proposed openstack/openstack-ansible-ironic: [WIP] Add tests for the ironic CLI  https://review.openstack.org/29855706:55
openstackgerritMerged openstack/openstack-ansible: Add ebtables check for network hosts  https://review.openstack.org/28962207:05
*** thorst has joined #openstack-ansible07:06
*** admin0 has joined #openstack-ansible07:09
*** markvoelker has quit IRC07:12
*** thorst has quit IRC07:13
*** javeriak has joined #openstack-ansible07:14
admin0good morning all07:15
*** neilus has joined #openstack-ansible07:16
*** sdake_ has quit IRC07:22
*** gparaskevas has joined #openstack-ansible07:25
*** sdake has joined #openstack-ansible07:25
matttmorning admin007:25
admin0morning mattt07:26
admin0need a bit of help on neutron .. as soon as I enable any of the neutron_plugin_base, neutron breaks07:27
admin0http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-network-services.html — using like that07:29
matttadmin0: logs would be helpful07:31
admin0mattt: btw, ceph is working : https://www.openstackfaq.com/openstack-ansible-ceph/07:31
admin0documented there :)07:31
*** javeriak has quit IRC07:32
*** javeriak has joined #openstack-ansible07:32
matttadmin0: nice :)07:36
*** admin0 has quit IRC07:43
*** pcaruana has joined #openstack-ansible07:48
*** admin0 has joined #openstack-ansible07:50
admin0mattt: suppose if i enable say just neutron_plugin_base:  vpnaas .. is just running os-neutron enough ?07:56
admin0enabled just vpnaas ..  running the os-neutron playbook .. will gist the logs from neutron-server07:57
matttadmin0: i don't think vpnaas has been implemented in openstack-ansible08:03
admin0mattt: gist: https://gist.github.com/a1git/5d573594062c0501859d08:04
*** javeriak has quit IRC08:06
admin0mattt: so none of these work ?08:07
admin0or how to verify which ones work ?08:07
admin0or are enabled08:07
*** mgoddard has joined #openstack-ansible08:07
*** thorst has joined #openstack-ansible08:11
*** markvoelker has joined #openstack-ansible08:13
matttadmin0: i'm guessing a bunch are fully implemented by neutron and should just work08:14
matttadmin0: but i know openstack-ansible had to be updated for lbaas to work, and imagine similar work needs doing for vpnaas08:15
admin0so if i enabled lbaas, it will work ?08:15
admin0v208:15
admin0i will try that one now08:15
*** markvoelker has quit IRC08:17
matttadmin0: v2 was recently implemented by mhayden i believe, and he has that documented etc.08:18
*** thorst has quit IRC08:18
matttadmin0: ImportError: No module named neutron_vpnaas.services.vpn.plugin08:19
admin0mattt: i just followed this: http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-network-services.html :D08:19
admin0 ImportError: No module named LoadBalancerPluginv208:20
admin0so something more needs to be done i think08:20
*** javeriak has joined #openstack-ansible08:20
matttadmin0: so one thing i know for sure08:20
matttadmin0: there are separate neutron packages for lbaas, fwaas, etc.08:20
matttso you want to make sure ansible is installing those08:21
matttbecause if not you'll get those sorts of errors08:21
admin0got it .. but how to make sure ansible is installing those ?08:21
admin0destroy the containers ?08:21
matttnooo08:21
*** elo has quit IRC08:23
*** elo has joined #openstack-ansible08:23
admin0how ?08:23
admin0shouldn’t os-neutron check for those ? or fix those08:24
matttadmin0: you'll have to look at the code, i didn't write it all :)08:25
admin0i am not a good coder .. i can run setup-infra hoping to see if that helps08:26
admin0there was a way to redo pip-wheel-image something :D ?08:26
*** asettle has joined #openstack-ansible08:26
matttadmin0: give me a bit, i'm going to spin up a test instance so i can play with this08:27
mattti don't know much about neutron, but i have installed the neutron lbaas plugin before to test migrations08:28
admin0i am running setup-infra playbook08:29
matttokie08:31
*** tiagogomes_ has quit IRC08:37
*** tiagogomes has joined #openstack-ansible08:37
*** javeriak has quit IRC08:43
matttadmin0: heh, enabling lbaas broke my neutron too08:46
admin0\o/ :D08:46
admin0the docs mention it so easily that it will just work like that :)08:46
mattti'm not even sure what's wrong with my neutron-server tbh08:54
matttperhaps i'm hitting some other issue08:54
admin0i had the missing plugins in my logs .. none in yours ?08:55
matttadmin0: yeah i think my issues are unrelated to re-running neutron playbook08:56
matttkeystone is unresponsive which is why the play failed08:56
matttadmin0: ok fixed my keystone, neutron play finished with lbaas enabled09:00
matttand i see lbaas in a neutron ext-list09:01
*** mgagne has quit IRC09:08
*** toanster has quit IRC09:09
*** spotz_zzz has quit IRC09:09
admin0mattt: i first did a complete build without any plugins, then just enabled the plugins and run the os-neutron .. broke it09:10
*** toan has joined #openstack-ansible09:11
*** h1nch has quit IRC09:11
*** xar- has quit IRC09:11
matttadmin0: let me try v2, i tried just regular lbaas09:12
admin0i hold off to v1 due to “LBaaS v1 was deprecated during the Liberty release and is not recommended for new deployments.” :D09:12
matttyeah i was more testing plugin functionality rather than lbaas itself :)09:13
*** xar- has joined #openstack-ansible09:13
*** mgagne has joined #openstack-ansible09:14
admin0ImportError: No module named LoadBalancerPluginv209:14
*** h1nch has joined #openstack-ansible09:14
*** spotz_zzz has joined #openstack-ansible09:14
*** mgagne is now known as Guest6891009:14
matttadmin0: oh wait, are you on liberty ?09:14
admin0yes09:14
mattt admin0 then you should be reading http://docs.openstack.org/developer/openstack-ansible/liberty/install-guide :)09:16
*** thorst has joined #openstack-ansible09:16
mattti'm not sure if any of the lbaasv2 stuff was backported to liberty, i'd imagine not09:17
matttadmin0: give lbaas a shot, see if that works for you09:22
*** thorst has quit IRC09:24
*** asettle has quit IRC09:27
openstackgerritMatt Thompson proposed openstack/openstack-ansible-os_cinder: [WIP] Do not merge  https://review.openstack.org/29707109:32
*** Tebro has joined #openstack-ansible09:42
TebroHey, is there a guide somewhere on how to use the openshift-ansible scripts with Vagrant to setup an test/demo environment?09:43
matttTebro: there's no relation between openshift-ansible and openstack-ansible i'm afraid09:43
Tebrooops, wrong term xD mean openstack-ansible09:44
matttTebro: not used vagrant myself, however i believe there is work underway to allow you to spin up an AIO using vagrant09:46
TebroOkay, thanks! Is the AIO something you run on any ubuntu machine or=09:47
Tebro*?09:47
matttTebro: yeah, ubuntu trusty is all we support at the moment09:47
TebroAlright, have to look through the docs on that then.09:47
matttTebro: http://docs.openstack.org/developer/openstack-ansible/developer-docs/quickstart-aio.html#building-an-aio09:48
Tebromattt: Thanks!09:50
matttTebro: np!09:52
openstackgerritMatt Thompson proposed openstack/openstack-ansible-os_cinder: Update tests to work w/ secure_path update  https://review.openstack.org/29707109:52
*** asettle has joined #openstack-ansible09:52
*** admin0 has quit IRC09:55
*** admin0 has joined #openstack-ansible09:57
*** asettle has quit IRC09:57
admin0mattt:  is lbaasv1 the only thing that worked ? did you tried anything else ?09:59
matttadmin0: nope10:02
matttadmin0: like i said i'm pretty sure fwaas and vpnaas need additional development, we don't use them at Rackspace so we haven't implemented anything10:02
admin0ok10:03
admin0if i want to implement them, do I need to use the overrides ?10:04
matttadmin0: i'd recommend looking to see how lbaasv1 and lbaasv2 were implemented, you could follow that model to get other things in10:04
*** gparaskevas has quit IRC10:07
openstackgerritAndy McCrae proposed openstack/openstack-ansible: Add group_vars for swift_remote_all hosts  https://review.openstack.org/29725710:08
*** sdake has quit IRC10:10
admin0mattt: lbaas - working :)10:13
admin0will check to see if i can figure out a similar way for vpnaas10:14
*** markvoelker has joined #openstack-ansible10:14
*** pjm6 has joined #openstack-ansible10:15
admin0mattt: different issue .. i see that my public endpoints is confired as https:// , but they actually listen on http://10:15
admin0let me gist my config10:15
admin0so see where it went wrong10:15
pjm6hi there10:16
matttpjm6: howdy10:17
admin0hi pjm610:19
admin0mattt: https://gist.github.com/a1git/c69d44ec53d8ed4cef0d10:19
pjm6guys could you correct me if I'm wrong10:19
pjm6in this doc10:19
pjm6http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-networking.html10:19
pjm6the container, tunnel and storage10:19
admin0yes10:19
pjm6shouldn't be10:19
pjm6tabbed?10:19
pjm6because it belongs to the variable (or list) cidr_networks10:20
admin0pjm6: sample config here: https://github.com/a1git/openstack-cloud/blob/master/openstack_deploy/openstack_user_config.yml10:20
pjm6yes, and have space10:20
*** markvoelker has quit IRC10:20
admin0can be a whitespace10:21
admin0my vi replaces tabs with spaces10:21
pjm6yes, but if we put in the same line, the yaml will give an error (I think)10:21
*** thorst has joined #openstack-ansible10:21
pjm6and thanks for the config file, it seems to have the configuration of the tutorial :)10:22
admin0it belongs to https://www.openstackfaq.com/openstack-liberty-private-cloud-howto/ — overview10:23
admin0so you know were the cXX servers fit10:23
pjm6thanks :D10:25
pjm6but I was suggesting if the whitespaces/tabs are necessary for a correct yaml configuration, is in adding tabs in the doc10:25
admin0as long as it belongs to the necessary groups and is properly aligned10:26
pjm6yes, that was I though :)10:27
pjm6that page didn't refer what's the ip of10:27
pjm6cloud101int.admin0.com ?10:27
admin0i use a VYOS 1:1 nat10:28
admin0between public and private endpoint10:28
admin0pjm6: https://github.com/a1git/openstack-cloud/blob/master/openstack_deploy/user_variables.yml10:28
admin0that has the IPs10:28
admin0towards the end10:28
*** thorst has quit IRC10:29
admin0haproxy_keepalived_* vip_cidr10:29
admin010.11.12.3 is what  i do a 1:1 mapping with my public IP10:29
admin0you can replace that with your direct public IP address10:29
pjm6thanks :)10:30
pjm6when you say 10.11.12.3 1:1 nat10:30
pjm6is that you are using that IP address for public and private lb vip?10:30
admin0actually not :) .. i am using URL10:30
admin0https://gist.github.com/a1git/c69d44ec53d8ed4cef0d10:30
admin0that is how it appears on endpoint list10:30
admin0i am facing ssl issues, but for the VIP and endpoiints, (wthout SSL) just works10:31
admin0trying to fix/figure-out why ssl10:31
pjm6ahh ok, so you put the URL instead of IP and then the domain points to the IPs of the respective services?10:32
admin0yes10:32
admin0since I use the vyos as gateway, and there i have a static dns that points my public to the internal IP .. so it works on either side :)10:33
admin0from outside, it points to the real public IP that lives in vyos10:33
admin0from internal,it points to 10.11.12.310:33
admin0so works eitherway10:33
pjm6it's like having an internal and external DNS10:34
pjm6where when you are on the local network it will point to 10.11.12.310:34
pjm6and outside gives the public IP, right?10:34
*** admin0_ has joined #openstack-ansible10:35
admin0_right now cloud101.admin0.com gives 10.11.12.3 , because i use a different domain .. admin0.com is used for public/testing/<asking help here> etc :)10:36
*** admin0 has quit IRC10:38
*** admin0_ is now known as admin010:38
pjm6hmm i see, that's way you adopt to use domain instead of IP in that configuration =)10:38
openstackgerritNeill Cox proposed openstack/openstack-ansible-ironic: [WIP] Add tests for the ironic REST API  https://review.openstack.org/29865410:48
*** asettle has joined #openstack-ansible10:56
*** asettle has quit IRC10:56
openstackgerritMatt Thompson proposed openstack/openstack-ansible-os_nova: [WIP] Standardise nova functional tests and add actual tests  https://review.openstack.org/29866311:03
pjm6where I can find the detailed logs of openstack ansible?11:03
matttpjm6: which part specifically ?11:07
pjm6mattt: when I run  openstack-ansible setup-hosts.yml11:07
pjm6it gives me error in Update apt sources11:08
pjm6in all hosts :\11:08
pjm6it seems that there are no internet conectivity11:08
pjm6but I can access VM inside and outside11:08
admin0pjm6: you can do -vvvv and then use | tee   abc.log .. and output to the log11:08
mattt^^^^11:08
admin0haproxy11:08
matttbut try logging into a container and see if you can manually update apt sources11:08
pjm6thanks, i will try that :)11:09
openstackgerritgit-harry proposed openstack/openstack-ansible-rabbitmq_server: Remove clustering config from rabbitmq.config  https://review.openstack.org/29866511:09
pjm6well thats odd because now only two nodes failed11:10
pjm61 was changed11:10
*** javeriak has joined #openstack-ansible11:10
pjm6it seems that the containers are not created yer11:13
pjm6at least I don't have in the machine lxc11:13
pjm6well my storage node and compute node are in the same machine (testing proposes)11:15
pjm6when I run again it seems that he advance (at least is not giving error now and doing configuration)11:15
pjm6and pass that task, maybe is because the openstack ansible made parallel connection11:16
pjm6and as he are trying to access the same machine, it gives timeout ?11:16
*** markvoelker has joined #openstack-ansible11:16
openstackgerritgit-harry proposed openstack/openstack-ansible-rabbitmq_server: Remove clustering config from rabbitmq.config  https://review.openstack.org/29866511:20
*** markvoelker has quit IRC11:21
*** johnmilton has joined #openstack-ansible11:23
*** thorst has joined #openstack-ansible11:44
*** thorst has quit IRC11:45
*** thorst has joined #openstack-ansible11:45
*** thorst has quit IRC11:51
admin0pjm6: you have 1 node ?11:52
admin0for testing ?11:52
admin0or multiple ?11:52
admin0or 1 big node that you can create VMs ?11:52
mhaydenmorning folks11:53
mhaydenadmin0: let me know if you're still stuck on lbaasv211:53
admin0morning11:53
*** weshay has joined #openstack-ansible11:53
admin0mhayden: ibaas seems to work .. stuck at SSL :)11:53
mhaydenthat's something i haven't tested11:53
*** gparaskevas has joined #openstack-ansible11:54
mhaydenare you trying ssl offloading?11:54
admin0how :D11:54
admin0: https://gist.github.com/a1git/c69d44ec53d8ed4cef0d11:54
admin0that is what I have so far :)11:54
*** asettle has joined #openstack-ansible11:56
admin0so the haproxy that is installed does not do ssl offloading (as expected) ?11:56
*** pjm6 has quit IRC11:58
*** thorst has joined #openstack-ansible12:01
mhaydenoh, you're talking about the haproxy deployed on the infra12:01
mhaydeni was talking about lbaasv2 that tenants consume12:02
admin0oh12:02
admin0functional test is next in my list .. trying to get the infra part proper first12:02
admin0why couldn’t all public endppints be in SSL ( by default )12:02
admin0who would like to setup non-ssl even internal ?12:03
admin0thats a different discussion :)12:04
admin0how does it work in rackspace :D ?12:04
admin0mattt: mentioned earlier that vpnaas etc is not used in rackspace so not implemented yet, but SSL i guess might be something that is implemented12:06
mhaydeni'm interested in the fw/vpn stuff in neutron, but the vpn stuff seems to have more value, unless i am overlooking what FWaaS does12:10
matttadmin0: yeah i believe all the ssl support is there12:13
admin0fwaas is firewall for whole instances as opposed to individual ones12:14
admin0so yes, vpnaas has more value12:14
admin0mattt: but  its not working and i am trying to figure out why12:14
matttcool let me know when you figure it out ;)12:15
admin0:D12:15
admin0i am trying .12:15
admin0and failing12:15
matttadmin0: hehe, lemme see12:15
admin0mattt: https://gist.github.com/a1git/c69d44ec53d8ed4cef0d12:15
matttyep looking at that now12:16
matttadmin0: each service has an ssl flag iirc12:16
admin0http://docs.openstack.org/developer/openstack-ansible/liberty/install-guide/configure-sslcertificates.html  — that listed just 4 services12:16
matttadmin0: are you terminating ssl at the LB ?12:17
admin0yes12:17
admin0that is what I assumed the playbooks will do12:17
*** markvoelker has joined #openstack-ansible12:17
matttadmin0: https://github.com/openstack/openstack-ansible-os_nova/blob/master/defaults/main.yml#L194-L19512:18
matttlet me see how the AIO is set up by default12:18
admin0mattt:  the only thing working on ssl with my config is horizon, and there it points to :443 on each individual containers12:18
admin0so as long as there is SSL, i do not think it matters if haproxy does the SSL or the individual services itself does the SSL12:19
admin0requirement:   SSL on all public endpoints         ways: 1. SSL on haproxy,  2. haproxy just forwards, SSL on each individual services  3. use external LB/vyos   —   Documentation - none :)12:20
admin0either way SSL works for all, i am happy :)12:22
*** markvoelker has quit IRC12:22
*** javeriak has quit IRC12:24
matttadmin0: did you enable haproxy_ssl /AFTER/ you deployed everything ?12:25
matttadmin0: if so you may need to manually update your endpoints or recreate them12:27
matttbecause they would have been registered with https12:27
matttsorry http instead of https12:27
admin0the first thing i run is openstack-ansible haproxy-setup12:33
admin0oh12:33
admin0hmm12:33
admin0so the settting is correct ?12:33
*** woodard has joined #openstack-ansible12:33
admin0how to force-recreate ?12:33
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: Remove pip_get_pip_options override from group_vars  https://review.openstack.org/29659412:34
matttadmin0: wait12:34
admin0i can re-deploy the environment .. if you pass me a user_variable.yml snippet that will create everything on https :)12:34
matttadmin0: you already have https:// on your public endpoints12:34
admin0yes .. on openstack, it says https://12:35
admin0but on reality, haproxy is not listening to it12:35
admin0on haproxy conf.d, there is horizon_ssl, but not keystone_ssl12:36
matttlet me see if i can get my aio to use ssl12:38
admin0i can add your keys and lend you this platfrom :D12:38
admin0its a closed test anyway12:38
admin0if you need a non-aio12:38
matttthat's ok thanks :)12:39
matttthat sounds like a bad time just waiting to happen :P12:39
*** pjm6 has joined #openstack-ansible12:39
pjm6morning mhayden12:40
pjm6admin0: I have three nodes12:40
pjm61 fotr controller, 1 for storage and compute and other for network12:40
admin0pjm6: to test you can use 2 for controllers and 1 for compute12:41
admin0or 1 storage, 1 controller, 1 compute12:41
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: OpenStack services should reach Glance via the internal LB VIP  https://review.openstack.org/29084412:41
admin0or 1 ceph, 1 controller , 1 compute :D12:41
pjm6yes, but as I need to have an network node in the final deployment, I trying to deploy with that way,12:42
pjm6btw: after running again the command 3 times, it worked for setup-host12:42
pjm6I think the problem was about apt-get being lock by the parallel process12:42
pjm6btw: I choose a dedicated network host, but the neutron was installed in infra112:43
pjm6when doing setup-hosts.yml12:43
odyssey4meo/12:43
pjm6hi odyssey4me12:44
admin0hello odyssey4me12:45
admin0odyssey4me: this is the document you asked for : https://www.openstackfaq.com/openstack-ansible-ceph/12:46
admin0:D12:46
admin0is contributiing to  documentation also the same as code ? git checkout , edit the file and hope someone will merge it ?12:47
matttadmin0: it is yes12:49
admin0ok .. then will give it a try for the ceph integration part12:50
pegmanmHi "http://docs.openstack.org/developer/openstack-ansible/install-guide/overview-requirements.html" states minimum requirements = Ubuntu 14.04 LTS. Is this correct is the project debian based only for now.12:50
pegmanmI ask because a lot of the sub-modules are os-agnostic and before I go trying I thought I would ask here. Has anyone used the project to deply on redhat based systems. ?12:51
pjm6pegmanm: I used CentOS but was with devstack, never tried with openstack-ansible, for that i'm using the recommended12:52
pegmanmok - I'll just have to give it a try and see where (if anywhere) I hit issues. Thanks for the reponse.12:53
odyssey4mepegmanm we have ongoing work to enable OSA for multiple platforms - it's not yet complete, so no - at the moment there is no support for anything but Ubuntu12:53
odyssey4mewe're looking for contributors to that effort12:53
admin0pegmanm: if you have no ISO or company requirements, then ubuntu will do fine as well12:53
admin0been using it for years, no issues12:53
pegmanmWell I may be able to help with some pull reqs. Unfortunatly this is for a client and they are RH only. Nothing else comes in the door.12:54
admin0mattt: i am still holding for the SSL :D12:59
matttadmin0: i think it's working for me, sec13:00
admin0\o/ — i like what i hear13:00
admin0odyssey4me: as soon as there is something to test, i can test our various cases on centos as well and report bugs13:05
admin0mhayden: are you taking/fixing  vpnaas ;) ?13:06
matttadmin0: can you try connecting to keystone on https ?13:09
matttadmin0: you tried glance in that gist, but i want to see if keystone works13:09
admin0one moment13:09
matttadmin0: also haproxy doesn't configure https for glance, it looks to be just keystone, horizon, and some nova bits13:10
admin0curl: (52) Empty reply from server13:10
admin0on -I curl13:10
matttadmin0: which port ?13:11
admin0500013:11
admin0let me use a proper cleint and do a test13:11
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: Remove the repo clone mirror play  https://review.openstack.org/29594113:11
matttcurl --insecure should work13:11
mattti enabled haproxy_ssl: true and keystone_service_adminuri_proto: https and i can connect to 35357 on https13:12
*** pjm6 has quit IRC13:13
admin0i will use the python client on debug mode to test13:13
admin0what actually happens13:13
matttadmin0: you are hitting external IP righ t?13:13
mattt*right13:13
admin0yes13:13
admin0which is 1:1 nat to the internal one13:13
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: Update ansible to the latest release (v1.9.5-1)  https://review.openstack.org/29683913:14
matttadmin0: can you gist the following?  cat /etc/haproxy/conf.d/keystone_*13:14
matttadmin0: also one thing i did differently is omit haproxy_user_ssl_cert, haproxy_user_ssl_key, haproxy_user_ssl_ca_cert variables, i just let it auto-generate13:15
bsvadmin0: did you test instance<->instance (same host) performance the other week?13:15
admin0mattt: https://gist.github.com/a1git/105240417a91efdba19613:15
odyssey4memattt can you give a final vote on https://review.openstack.org/297465 ?13:15
*** retreved has joined #openstack-ansible13:16
*** markvoelker has joined #openstack-ansible13:18
matttodyssey4me: sure13:18
matttodyssey4me: shouldn't we leave that at master and then override in osa ?13:19
matttodyssey4me: https://review.openstack.org/#/c/297465/2/defaults/main.yml13:19
odyssey4memattt it's been done like this in the other roles - I figured that we should do this in order to finalise prep for the release13:21
*** ametts has joined #openstack-ansible13:22
*** markvoelker has quit IRC13:22
*** markvoelker has joined #openstack-ansible13:23
matttodyssey4me: k13:24
automagicallyMorning all13:26
automagicallyodyssey4me: Can you advise how I might move forward in moving this repo under the umbrella of OSA? https://github.com/trumant/openstack-ansible-os_rally13:27
*** markvoelker_ has joined #openstack-ansible13:28
*** jthorne has joined #openstack-ansible13:30
*** b3rnard0_away is now known as b3rnard013:30
odyssey4meautomagically I just need to submit a patch to project config for it to be imported13:30
automagicallyAh cool13:31
automagicallythx13:31
odyssey4meare you happy for it to be imported as it is today?13:31
automagicallyYes, its passing functional tests, and I’d like to get Gerrit reviews on further enhancements13:31
*** markvoelker has quit IRC13:32
*** pjm6 has joined #openstack-ansible13:36
*** michaelgugino has joined #openstack-ansible13:42
*** mgoddard_ has joined #openstack-ansible13:44
openstackgerritMerged openstack/openstack-ansible-os_nova: Switch defaults/tests to use stable/mitaka branch  https://review.openstack.org/29746513:45
*** mgoddard has quit IRC13:47
*** asettle has quit IRC13:49
*** neilus has quit IRC13:53
*** neilus has joined #openstack-ansible13:53
*** asettle has joined #openstack-ansible13:55
*** Brew has joined #openstack-ansible13:56
cloudnullmorning13:56
odyssey4meautomagically FYI https://review.openstack.org/29875413:56
automagicallycloudnull: Morning. Enjoyed reading your aodh clarification in reply to the Kolla topic in openstack-dev :)13:57
*** sigmavirus24_awa is now known as sigmavirus2413:57
cloudnullyou know me, making friends, influencing people.13:57
automagicallyAwesome! Thanks odyssey4me13:58
*** asettle has quit IRC14:00
admin0morning14:00
automagicallyo/ admin014:00
cloudnullit makes me frustrated when fallacies are stated as fact. especially when you can do something as simple as "https://github.com/openstack?utf8=%E2%9C%93&query=aodh" and see that both OSA and puppet support aodh.14:00
automagicallyYeah, I facepalmed a bit when I read that14:00
cloudnullbut thats likely something related to my broken brain...14:00
admin0cloudnull: a lot of fallacies on the docs are stated as facts :D14:00
cloudnullwe should fix that :)14:01
cloudnullany who, hows it today ?14:01
pjm6hi cloudnull14:01
cloudnullo/ pjm614:02
*** busterswt has joined #openstack-ansible14:02
matttadmin0: you should fix those then!14:03
admin0i will :D14:03
admin0plan to start with ceph14:03
matttwe can't make openstack-ansible great by just bitching about stuff :)14:03
*** tiagogomes has quit IRC14:03
logan-hows your ceph stuff going admin014:03
admin0this is why i am doing all the tests in real 2 environments and blogging14:03
admin0logan-: it works :)14:03
matttadmin0: if you need help getting going w/ putting in a change let me know, more than happy to walk you through it14:04
admin0logan-: with examples: https://www.openstackfaq.com/openstack-ansible-ceph/14:04
logan-very nice14:04
automagicallyadmin0: Good stuff there!14:04
admin0so ceph page, i will contribute to the documentation14:05
admin0found out that SSL does not work :)14:05
jduhamel_you can always make stuff great by bitching no?14:05
pjm6I'm having problems in installing pip packages in galera client, it is adviced to enter in the galeara_container and install it manually? or at least see why it is failing ?14:05
admin0do it manually :)14:05
matttjduhamel_: why does that nick sound familiar14:06
logan-hey admin0, it doesn't matter for liberty but for mitaka you will want client.cinder to have rwx to the images pool so it can do ceph-native snapshotting of instances14:06
admin0pjm6: do it manually, move on, do not get stuck on small things like broken pip packages :)14:06
admin0:D14:06
jduhamel_hmm, Sat in castle working with MikeA for a bit. maybe that's why?14:06
matttjduhamel_: yeah that'd be it14:06
matttjduhamel_: good to see you're 'back' :)14:06
jduhamel_:) Deploying a OS config at a client now. Really like the "ansible" way of doing it.14:07
admin0logan-: i will update the docs after checking14:07
mattton liberty, is there something i need to flip when using SSL w/ haproxy & keystone to get keystone to return https in response?14:07
mattttested on mitaka and i cannot replicate what admin0 is seeing14:07
admin0this is what I have for SSL: https://gist.github.com/anonymous/9cce635852720cf3e67014:08
logan-mattt: I think that is one of the things https://review.openstack.org/#/c/277199/ aims to address14:08
openstackgerritMerged openstack/openstack-ansible-os_cinder: Update tests to work w/ secure_path update  https://review.openstack.org/29707114:08
logan-if you're talking about the links when you load the keystone api endpoint14:08
logan-ie curl https://whatever:5000 giving you http:// links in the response14:08
matttlogan-: that is it14:09
admin0yes14:09
logan-i have a bp of that patch to liberty and it is working well. ill pastebin it in a min14:09
automagicallyYep, specifically this: https://review.openstack.org/#/c/277199/17/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j214:09
cloudnullhi all, question, I smashed together this script to rewire containers in the case where the container is running but has a missing or broken veth pair -- typically happens if someone ifup/ifdown 's a bridge.14:10
cloudnullhttps://gist.github.com/cloudnull/d9c9a85bdfeccbbe5b9314:10
cloudnullis that something useful to have in osa ?14:10
matttautomagically: yeah on master when i keystone_service_publicuri_proto: "https" i see https in the response, but i'm testing on mitaka if that makes any diff14:10
admin0logan-: i will re-run haproxy and os-keystone with the variables shown there14:11
openstackgerritMichael Gugino proposed openstack/openstack-ansible-os_neutron: [WIP] Implementing neutron_openvswitch_agent  https://review.openstack.org/29876514:11
admin0and see if it works14:11
cloudnullI've used it w/ an adhoc command to ensure everthing is well in an env with the script module. ansible hosts -m script $PATH14:11
automagicallycloudnull: Definitely find that to be a useful ops/deployer addition14:11
cloudnulli would too, im just not sure where to put it .14:12
michaelguginoI threw https://review.openstack.org/298765 up for discussion14:12
automagicallyWoot michaelgugino!14:12
cloudnullwoot! michaelgugino14:12
michaelguginopretty much the same commit I had in the etherpad, but with a nicer commit message.  Not sure which direction it needs to go, so I'm looking for input.14:12
admin0no need for keystone_secure_proxy_ssl_header: X-Forwarded-For or haproxy_ssl: true or keystone_ssl: true  ???14:13
logan-haproxy_ssl14:13
matttmy understanding is that haproxy_ssl and keystone_ssl are mutually exclusive14:13
matttbut today is the first time i've looked at ssl in openstack-ansible14:14
automagicallymattt: Correct, they are14:14
logan-the idea of that patch is none of the services besides haproxy need to speak ssl. all of the internal traffic is http14:14
admin0yes14:14
pjm6thanks admin0, i was asking if there was no problem, I prefer doing manually :)14:14
*** woodard has quit IRC14:14
admin0pjm6: “i have lost context already” :D14:14
cloudnulladmin0 mattt: they should be mutually exclusive. I use  keystone_secure_proxy_ssl_header: X-Forwarded-For when terminating ssl at the LB14:15
pjm6admin0: about the broken pip packages14:15
admin0oh14:15
admin0:D14:15
*** woodard has joined #openstack-ansible14:15
admin0logan-: that patch covers all services or just keystone ?14:15
*** markvoelker_ has quit IRC14:15
admin0or every PUBLIC endpoint will be behind ssl with that ?14:15
logan-using that you could put any endpoint going thru the LB behind ssl14:16
logan-http://cdn.pasteraw.com/nwbb5daa29u5c651i4bdr7bn4d7ks70 bp to liberty14:16
admin0http://cdn.pasteraw.com/nwbb5daa29u5c651i4bdr7bn4d7ks70  — looks cryptic to me :D14:17
admin0can someone merge this so that i can pull and not worry about *manually* fixing it14:18
lbragstadcloudnull o/14:18
cloudnullohai lbragstad14:18
*** tiagogomes has joined #openstack-ansible14:18
lbragstadcloudnull quick question on the pip-install bits of osa14:18
cloudnullsure14:19
admin0but yes, this needs to go in liberty ..  because no one will put production on mitaka or latest .. they all want to go wtih proven .. so install liberty, and then wait 1-2 months after mitaka, hear horror stories and then upgrade to mitaka14:19
cloudnull^ truth :)14:19
lbragstadcloudnull is there anything that wouldn't allow https://github.com/openstack/openstack-ansible-pip_install/blob/master/tasks/main.yml#L41 to run (it's being skipped but I'm not sure how I'm setting anything that would allow that?)14:19
logan-well first we have to get it merged in master :P14:19
matttlbragstad: get_url is funky14:20
automagicallyNot as funky/buggy as uri14:20
matttlbragstad: obviously if hte file exists it won't re-attempt it14:20
mattthehe14:20
mattttrue automagically14:20
*** spotz_zzz is now known as spotz14:20
cloudnulllbragstad: using --skip-tags?14:21
lbragstadmattt let me check the system I ran this against and see if it's there14:21
matttlbragstad: actually force: yes is set on that task, so it should do it each time14:21
cloudnullalso what mattt said14:21
admin0so when will https://review.openstack.org/#/c/277199/ be merged ?14:21
lbragstadmattt my /opt/ directory does exist but it contain hardware things I think14:21
lbragstad(ie. dell/ lsi/ etc..)14:21
lbragstadwould that be interfering?14:22
matttshouldn't14:22
mattttry -vvvv when you run ansible-playbook14:22
lbragstadmattt ok14:22
matttsee if it shows anything of value when it hits that task14:22
matttit could be failing but the task ignores errors14:22
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-os_zaqar: zaqar.conf.j2 should use the role's debug var  https://review.openstack.org/29877214:22
lbragstadI'm only running with --tags pip-install14:22
cloudnulladmin0: i hope to work on that a bit today14:23
lbragstadand that passes - but when I run the whole play book the Install pip requires step in os_keystone fails14:23
cloudnulli have some followup to do after odyssey4me 's last review14:23
lbragstad(because pip isn't there)14:23
lbragstadmattt good point - rerunning the whole playbook with -vvvv14:24
*** Mudpuppy has joined #openstack-ansible14:24
admin0lbragstad:  add “ | tee   playbook.log”  as well14:25
admin0so that you can git/gist/see it easily / compare later14:25
lbragstadadmin0 ++14:25
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-os_zaqar: Removing unused verbose var  https://review.openstack.org/29877314:26
*** sdake has joined #openstack-ansible14:27
lbragstadmattt it doesn't look like there is any verbose output on skipped tasks.14:28
lbragstadand it seems the pip install tasks are skipped right out of the gate14:29
*** sdake_ has joined #openstack-ansible14:30
admin0lbragstad: if you are starting agagin, you can destroy the continers and have it rebuild again14:31
lbragstadadmin0 i'm deploying to metal14:31
admin0everything to metal ?14:31
*** sdake has quit IRC14:32
lbragstadadmin0 I'm only deploying the os_keystone role to metal14:32
logan-hey, admin0, updated that liberty patch since it had a merge conflict with liberty head. http://cdn.pasteraw.com/grh1r55gmupeueu0mqv82bait1zhb1x .. you could apply it to a clean liberty clone for testing like: curl http://cdn.pasteraw.com/grh1r55gmupeueu0mqv82bait1zhb1x | git am14:33
admin0i can :D ?14:33
admin0\o/14:33
admin0will do that right away14:33
admin0showed: Applying: Enable SSL termination for all services :D14:34
*** gaudenz has joined #openstack-ansible14:34
spotza little late cloudnull but do we have a directory for useful scripts? If so it could go there and if not maybe we need one?14:34
cloudnullwe have the general scripts dir14:34
cloudnullbut i think if it went there it'd just be lost14:35
cloudnullwe likely need a place for ops tools and such14:35
admin0logan-: i need to start again from setup-host, setup-infra or jump directly to setup-openstack ?14:35
admin0since its not host or intfra, i guess just run the last playbook ?14:35
spotzYeah even calling it ops-tools or ops-scripts:)14:35
cloudnullMaybe we need a spec14:37
*** sdake_ is now known as sdake14:37
palendaespotz: Besides the scripts directory?14:39
spotzpalendae Well if cloudnull feels it will get lost and it's not really an ansible related one why not?14:39
palendaeAh, missed his comments14:40
logan-you will need to redeploy haproxy with haproxy_ssl and re-run all of the openstack plays to get endpoints setup with https://. something like http://cdn.pasteraw.com/ef7cseygw5arv4hqmsxk6m5evmv0dfb I guess14:40
odyssey4mecloudnull why not just add a note and link to your script in http://docs.openstack.org/developer/openstack-ansible/install-guide/app-tips.html14:41
matttlbragstad: you're not running as a non-user or someone without access to /opt right ?14:41
mattts/non-user/non-root user/14:41
matttthat wouldn't result in a skip tho, you'd get a failure there14:41
cloudnullodyssey4me:  i thought about that, which i can do. was just curious what the general consensus was14:43
lbragstadmattt right - i'm running with a user that has sudo access14:43
*** jorge_munoz has joined #openstack-ansible14:45
*** toddnni has quit IRC14:46
*** cloudtrainme has joined #openstack-ansible14:48
admin0logan-: i am running the playbooks after applying your patch ..14:49
*** tiagogomes has quit IRC14:50
matttlbragstad: that's odd, i really have no idea14:51
*** mgoddard_ has quit IRC14:52
*** mgoddard has joined #openstack-ansible14:53
lbragstadmattt very - the step to install required pip packages fail because it can't find the pip executable but only because the "Install Pip" step is skipped. I'll keep digging14:55
matttlbragstad: are you sure something isn't failing ahead in the chain that is causing it to be skipped ?14:56
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-os_zaqar: Removing unneeded with_items usage  https://review.openstack.org/29879714:56
lbragstadmattt checking that now14:56
lbragstadmattt after the playbook gathers facts, it pins the apt preferences, creates a pip config directory, drop pip files, and then installs modern pip (which skips)14:58
lbragstadall of which are successful14:58
*** cloudtrainme has quit IRC14:59
sdakeodyssey4me arounrd re governance changes15:00
*** cloudtrainme has joined #openstack-ansible15:01
odyssey4mesdake what's up?15:01
sdakeodyssey4me can you review https://review.openstack.org/#/c/295528/ at your convience15:01
*** tiagogomes has joined #openstack-ansible15:02
sdakewhat i'm after is a non-onerous way to distinguish between projects like osa, tripleo, fuel,kolla vs things like deb/rpm/dib-elements15:02
sdakethe reason is becuase other tags depend on type tags in their wording15:02
busterswtcloudnull i opened this to document the openstack client issue: https://bugs.launchpad.net/openstack-ansible/+bug/156337715:03
openstackLaunchpad bug 1563377 in openstack-ansible "Issues with upgrade due to older openstackclient in Keystone container" [Undecided,New]15:03
admin0logan-:  ssl failed for horizon, so horizon not accessible anymore .. that is the setting I have: https://gist.github.com/a1git/0b1930acc3239a5e49f6  after your patch15:04
odyssey4mesdake I'll give it another review tomorrow morning with a fresh mind15:04
logan-take out the keystone and horizon user_ssl settings for sure.15:04
logan-are you settign haproxy_ssl: true in the haproxy config stuff anywhere?15:05
sdakeodyssey4me are ou in tehe uk?15:05
admin0i have the default liberty checkout with your patch applied15:05
admin0no manual settings15:05
sdakeodyssey4me ok souns good thanks ;)15:05
odyssey4mesdake yes, I work from the UK15:05
sdakeya my brain just caught up with yourstatment - 8am caffieine-free diet ftl15:06
*** openstackgerrit has quit IRC15:06
admin0taking out keystone and horizon and trying again15:07
*** openstackgerrit has joined #openstack-ansible15:07
logan-gotcha. I think the review adds the ability but does not default the endpoints to ssl enabled. so for something like keystone you would want to set https://github.com/openstack/openstack-ansible/blob/liberty/playbooks/vars/configs/haproxy_config.yml#L88 haproxy_ssl: true in there15:07
admin0the only thing that stayed are the haproxy ssl and rabbitmq ssl15:07
logan-for public endpoints only most of those other services listen on *. so you would rewrite how your haproxy endpoints look by binding separate public/internal endpoints with haproxy_ssl: true on the public ones15:08
*** gparaskevas has quit IRC15:08
logan-the patch adds the ability for the configuration to be flexible like this, but it adds a lot of config work on your part :)15:09
admin0logan-: i think everyone will wish that all public endpints need to be in ssl .. so with that wish in mind  .. and your patch applied, what further needs to be done :D ?15:09
admin0in a gist somewhere :D15:10
admin0another is the html5proxy_base_url for console .. can that also be in ssl ?15:12
*** toddnni has joined #openstack-ansible15:14
admin0rerunning the playbooks with the keystone/horizon ssl removed15:14
logan-https://gist.github.com/Logan2211/98b3682582f557a12755 example of how i am doing ssl on public endpoints only15:15
*** michaelgugino has quit IRC15:15
admin0so your patch + this file + the variables you posted = all ssl on public endpoints :D ?15:16
logan-hopefully? :)15:17
*** woodard has quit IRC15:23
*** shausy has quit IRC15:28
*** weezS has joined #openstack-ansible15:31
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Enable SSL termination for all services  https://review.openstack.org/27719915:34
*** saneax is now known as saneax_AFK15:36
admin0logan-: failed on horizon15:42
admin0checking endpoints and via cli15:42
admin0logan, the patch/thing did not changed the openrc on the service container .. changed the URL manually to https://15:45
admin0checking others15:45
*** ikp has joined #openstack-ansible15:45
logan-utility container uses internal endpoints I think?15:46
admin0hmm.. none working like neutron or glance15:46
admin0brb15:50
*** admin0 has quit IRC15:51
odyssey4mejmccrory automagically cloudnull d34dh0r53 stevelle mattt hughsaunders andymccr can we get some eyes on https://review.openstack.org/296594 please?15:54
*** woodard has joined #openstack-ansible15:54
*** ametts has quit IRC15:59
*** michaelgugino has joined #openstack-ansible16:00
*** jmccrory_ has joined #openstack-ansible16:01
*** neilus has quit IRC16:03
odyssey4mebug triage cloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, erikmwilson, mancdaz, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung, prometheanfire, evrardjp, arbrandes, mhayden, scarlisle, luckyinva, ntt, javeriak, automagically, spotz, vdo, jmccrory, alextricity25, jasondotstar, KLevenstein, admin0, michaelgugino, ametts, v1k0d3n, severion, bgmccollum16:04
spotzo/16:04
cloudnullo/16:04
odyssey4mehttps://bugs.launchpad.net/openstack-ansible/+bugs?search=Search&field.status=New16:04
michaelguginohere16:05
serverascodeo/16:05
odyssey4mehttps://bugs.launchpad.net/openstack-ansible/+bug/156099316:05
openstackLaunchpad bug 1560993 in openstack-ansible "keystone_service returns ignore_other_regions error in liberty" [Undecided,New]16:05
odyssey4methis doesn't appear to be related to anything in OSA16:06
*** woodard has quit IRC16:06
odyssey4medoes it?16:06
*** woodard_ has joined #openstack-ansible16:06
izaakko/16:07
cloudnullodyssey4me: im going to say no16:07
cloudnullit looks like someone using ansible16:08
cloudnullbut not OSA16:08
michaelgugino+116:08
odyssey4meok done - next https://bugs.launchpad.net/openstack-ansible/+bug/156203116:08
openstackLaunchpad bug 1562031 in openstack-ansible "gate-openstack-ansible-dsvm-commit CI failed with keystone command" [Undecided,New]16:08
*** jthorne has quit IRC16:08
michaelguginoclose won't fix they can reopen if they have a specific bug they want to file against OSA if they are indeed using it.16:08
*** jthorne has joined #openstack-ansible16:09
odyssey4meah, this is already solved16:09
cloudnullyes solved with updated sha16:09
mattto/ btw16:10
odyssey4mehttps://bugs.launchpad.net/openstack-ansible/+bug/156259516:10
openstackLaunchpad bug 1562595 in openstack-ansible "Add Open vSwitch support" [Undecided,New]16:10
openstackgerritHieu LE proposed openstack/openstack-ansible: Add project scoped token when obtaning token  https://review.openstack.org/29756316:10
odyssey4memichaelgugino I see that you posted https://review.openstack.org/298765 which relates to the bug. serverascode did you see that review?16:11
serverascodeyeah I did16:11
matttyeah i thought this was already WIP16:11
serverascodeyeah sorry I was just trying to follow the documentation, no idea if that was the right process, so feel free to close16:12
serverascodewasn't sure if a blueprint was needed or something16:12
odyssey4methanks for doing it serverascode :) we'll keep it as a wishlist bug - at this point I'm not entirely sure how big this body of work will be16:13
michaelguginoYes, I'm working on it.  It's WIP, looking for input.  I don't think we have a blueprint made16:13
odyssey4meI haven't yet taken a look at the review16:13
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-os_designate: Remove redundant rootwrap directory creation  https://review.openstack.org/29885316:14
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_neutron: Remove iptables checksum rule script  https://review.openstack.org/29306716:14
cloudnullmichaelgugino serverascode I've made a comment on the installation bits (i'm not sure how best to handle installing OVS) however what you have up so far looks like a good start.16:15
michaelguginogreat16:15
openstackgerritMerged openstack/openstack-ansible-os_glance: Updated role using Multi-Distro framework  https://review.openstack.org/29732016:16
*** jthorne has quit IRC16:16
odyssey4mesorry - got sidetracked into the review - back to bug triage :)16:16
odyssey4mehttps://bugs.launchpad.net/openstack-ansible/+bug/156302416:17
openstackLaunchpad bug 1563024 in openstack-ansible "Upgrade process fails to upgrade RabbitMQ" [Undecided,New]16:17
*** jthorne has joined #openstack-ansible16:17
*** ikp has quit IRC16:17
odyssey4meseems legit - palendae / d34dh0r53 want to pick that one up?16:18
palendaeodyssey4me: I'll look at it, but this is the first we've seen it.16:19
cloudnull++ thats legit -- denton and I were working on that the other day.16:19
palendaecloudnull: Hm, ok16:19
cloudnullpalendae:  seems its something that happens on installs that are going from early kilo to liberty16:19
odyssey4meyup16:20
palendaeAlright16:20
cloudnullto fix we just needed to add -e 'rabbitmq_upgrade=true'16:20
palendaeYeah16:20
palendaeI had it in and removed it during reviews16:20
palendaeI'll add it back16:20
odyssey4mepalendae can you self assign?16:20
palendaeSure16:20
odyssey4mehttps://bugs.launchpad.net/openstack-ansible/+bug/156337716:21
openstackLaunchpad bug 1563377 in openstack-ansible "Issues with upgrade due to older openstackclient in Keystone container" [Undecided,New]16:21
odyssey4mehmm, it would seem that the pip option to force a reinstall, or force an upgrade should also happen  during a major upgrade16:22
*** jthorne has quit IRC16:22
odyssey4methis is specifically stuff not installed into venvs16:22
cloudnull++16:23
stevellelegit16:24
cloudnullthis can also happen on kilo > liberty upgrade. folks may be used to using the global client and not working from the venv16:24
*** eil397 has joined #openstack-ansible16:24
palendaeOk16:24
cloudnulland the older global client may be busted or incompatible with the newer services in some way16:24
palendaeAgain, was asked to remove that during reviews16:24
odyssey4mewell, this does make me wonder what happens in minor upgrades16:25
*** cloudtrainme has quit IRC16:25
odyssey4meperhaps we should actually be setting these tasks to always install the 'latest' ?16:25
stevelleso long as it respects upper limits16:26
stevellethat might work16:26
cloudnullodyssey4me:  on minor upgrades we replace the venv16:26
cloudnull12.0.8 goes to 12.0.916:26
odyssey4mecloudnull except that this is specific to non-venv installs16:27
cloudnullso long as you work out the venv all is well.16:27
palendaeTo clarify - you're talking about this line https://github.com/openstack/openstack-ansible/blob/liberty/scripts/run-upgrade.sh#L74 right?16:27
odyssey4mein the utility container we install all the clients without a venv16:27
palendaeThat's the one difference between the script and the manual steps16:27
*** jthorne has joined #openstack-ansible16:27
busterswtcloudnull Quick Q: How do I find the defaults to vars in jinja templates?16:28
cloudnullodyssey4me:  the tough part is, dealing with packages w/ that were date ver going to symver16:28
odyssey4mebusterswt each role has a defaults/main.yml with all of those16:28
cloudnulli think a better fix would be to delegate that task to the utility container or something.16:28
busterswtah hah16:29
odyssey4mecloudnull I think we may be talking about different things, but similar intents.16:29
openstackgerritMerged openstack/openstack-ansible: added pip.conf removal task for the repo_servers  https://review.openstack.org/29476516:30
stevellecloudnull: that would then require the utility container and possibly expose other problems16:30
cloudnullin test the role could delegate to itself16:30
cloudnullas a default16:31
cloudnullit would potentially expose other problems but would limit issues caused by left over cruft16:31
stevelleseems more complex than really necessary16:31
cloudnullthat may be true16:32
stevelleemphasis on seems16:32
* cloudnull spitballing16:32
* kysse tarballing16:32
odyssey4meso forcing a reinstall for a major upgrade is the simplest way to deal with the semver issue, whereas using 'latest' in the task is the simplest way of handling upgrades within a release16:32
stevellewhy not force a reinstall with upgrades within a release?16:33
cloudnullodyssey4me:  thats a good point.16:33
cloudnullhttp://docs.openstack.org/developer/openstack-ansible/kilo/upgrade-guide/process.html#running-the-upgrade-by-hand16:33
palendaeNote: the script forces reinstall16:33
cloudnull^ in the kilo upgrade we noted that16:33
jmccrorywould that upgrade packages left behind from kilo outside of a venv?16:33
palendaeManual doesn't16:33
palendaeSo the manual steps would need to be updated16:34
odyssey4mewhy bother forcing reinstall within a release?16:34
* palendae yells into the void16:34
odyssey4mepalendae cool - easy to fix then :)16:34
cloudnullso maybe we simply add that note back in the manual steps ?16:34
stevelleodyssey4me: simpler, always do the same thing the same way to always get the same outcome16:34
*** elopez has joined #openstack-ansible16:34
palendaeuse the script is evidently not an accepted answer, but can re-add to the manual steps16:34
cloudnulljmccrory: only the items installed on the root disk as provided by the role would be upgraded.16:35
palendaehttps://github.com/openstack/openstack-ansible/blob/liberty/scripts/run-upgrade.sh#L7416:35
odyssey4mestevelle consistency is good16:35
cloudnullwell those items and their dependencies16:35
* stevelle is just finding the boundary of reason, not really advocating16:36
cloudnulljmccrory:  in liberty that should be something like so https://github.com/openstack/openstack-ansible/blob/liberty/playbooks/roles/os_keystone/defaults/main.yml#L357-L36116:36
*** raddaoui has quit IRC16:36
odyssey4mestevelle yeah, let's put it this way - having the task always install the latest will ensure that the desired result is achieved, adding the force-reinstall option to the minor upgrade docs achieves nothing in particular other than re-enforcing a habit, which I support16:37
cloudnullI'd be keen on doing both. install the latest and doc the upgrade step.16:38
*** Guest68910 is now known as mgagne16:38
stevelleI think my actual position is to support your statement before, only force on major and latest within a release.  We automate the thing that we are there to automate and which can be automated.16:38
*** mgagne has quit IRC16:38
*** mgagne has joined #openstack-ansible16:38
*** elopez has quit IRC16:39
*** michaelgugino_ has joined #openstack-ansible16:39
odyssey4meI am happy with that. Does anyone want to pick that task up to modify across the roles?16:39
cloudnullin terms of that bug, within a greenfield liberty install the openstack client would not exist in the keystone container16:40
cloudnullwe only install python-keystoneclient so the ansible module can work16:40
*** cloudtrainme has joined #openstack-ansible16:40
cloudnullso even with this fix, its quite likely that the openstack client will remain busted which is in the root namespace .16:40
cloudnullpalendae:  if you have that env around still, i'd be curious if you executed the same command for the openstack client out of the venv16:41
*** jthorne has quit IRC16:41
cloudnulland what the outcome is.16:41
palendaecloudnull: ?16:41
*** michaelgugino has quit IRC16:42
palendaewhich env?16:42
cloudnullsorry denton16:42
*** jthorne has joined #openstack-ansible16:42
cloudnullwhich was here and is  no longer16:42
cloudnullbusterswt: ^16:42
busterswthello hello16:42
cloudnullodyssey4me:  ill pick up that task16:43
busterswtok - so what do you want me to do?16:43
busterswt:)16:43
odyssey4methanks cloudnull16:43
cloudnullin that keystone container16:43
cloudnullcan you run ``openstack project list``16:43
busterswtsure.16:43
cloudnulland then again do it from ``/openstack/venvs/os_keystone_$VERSION/bin/openstack project list16:43
busterswtIt returns projects.16:44
busterswtok one sec16:44
busterswtreturns projects in both cases16:45
cloudnullok16:46
busterswti had originally only executed the openstack client in the root space, not the venv16:46
spotzSo no bug needs clearer docs?16:46
busterswti don't know if i had tried the keystone client, to be honest. i can't remember16:46
cloudnullodyssey4me: my suspicion is on a kilo>liberty upgrade the most root python packages we installed in kilo will be busted after the upgrade because we've abandoned most of them and transitioned everything into a venv16:47
jmccrorythinking that too cloudnull16:47
odyssey4mecloudnull ah, and why does that matter?16:47
palendaecloudnull: Most likely. We decided not to try to clean them up16:47
palendaeShould probably make a clear note about that16:47
palendaeWhen you upgrade. switch to venv stuff16:47
cloudnullthat ^16:47
cloudnullodyssey4me: it doesnt matter,16:47
cloudnullits not breaking the system16:48
stevellewant to maybe revisit the decision to not clean up?16:48
*** pcaruana has quit IRC16:48
cloudnullbut it may confuse folks16:48
odyssey4mewe're only implementing things we care about, and those will work - yeah, we should probably just have a doc note16:48
stevelle+116:48
palendaeSeems like a matter of user expectations either way16:48
cloudnullidk that we can or will want to clean everything up.16:48
palendaeIt'll be perceived as broken whether it's present and errors, or is mysteriously gone16:48
odyssey4meI don't think we should clean up.16:48
busterswtto be clear, too... i waited at least 20 minutes while it hung there on that task16:49
cloudnullif we do implement a clean up task I'd suggest we only do it for python-clients.16:49
busterswtonce i installed the latest client it breezed right through it16:49
stevelleCould probably uninstall 20% to clear up 80% of user errors16:49
stevellestarting with python-clients16:49
cloudnullalso idk that the clean up task needs to be in the rol16:49
palendaestevelle: Even still, they're probably not going to know to look in the venvs16:49
cloudnull*role16:49
odyssey4meit can be a manual task16:49
cloudnull^ +116:49
odyssey4meoptional16:49
cloudnull++16:50
stevellepalendae: maybe you and I discussed that before? or was it sigmavirus2416:50
palendaestevelle: Probably; this has been a long running discussion16:50
palendaeI think, regardless of clean up, we have to make it more clear that venvs are now a thing16:50
palendaeDo we actually have docs that talk about how to use them/where they are?16:50
sigmavirus24stevelle: you and I discussed this16:51
stevelleOn that point, I brought up with someone maybe auto-activating the venv in the .bashrc file + MOTD or something16:51
palendaeNot venvs as a whole, but where openstack-ansible drops it16:51
*** raddaoui has joined #openstack-ansible16:51
sigmavirus24stevelle: I had an alternative idea of having a local .bin that we symlink the executables to and add to the path for the user in the utility container16:51
cloudnullIMO a clean up effort is really only to assist folks whom may have developed a lot of muscle mem.16:51
sigmavirus24which is a different set of tradeoffs16:51
cloudnulli think a manual step is a good approach16:52
stevelle^ that seems to be the consensus still16:53
stevellewe ready to move on?16:53
odyssey4mewell, there's nothing to move on to :) unless someone has a specific bug they wish to discuss?16:54
stevellesorry, looks like palendae's question about venv docs is not yet addressed.16:54
stevellelooking16:54
odyssey4meas far as I'm aware, we have no docs describing that venvs are used and where they're stored16:55
openstackgerritMerged openstack/openstack-ansible: Remove the repo clone mirror play  https://review.openstack.org/29594116:55
palendaeodyssey4me: I'm less concerned about describing what they are but rather telling users OSA switched to them16:55
palendaeAnd that their global packages are now gone/broken16:55
odyssey4meah, a release note :)16:55
busterswtcloudnull verified that the openstack client works in the venv in the other keystone containers where i didn't update the client by hand in root16:55
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: Upgrade RabbitMQ on OSA upgrade  https://review.openstack.org/29887216:56
*** ametts has joined #openstack-ansible16:57
cloudnullbusterswt: and its busted in the root ?16:57
stevelleconfirming, no venv mentions outside of extending osa and adding roles16:57
busterswtyes16:57
*** javeriak has joined #openstack-ansible16:57
cloudnullok16:57
*** retreved has quit IRC16:57
cloudnulli'd suspect that will be the case for lots of things .16:58
odyssey4mecan we have a volunteer to add a release note to liberty indicating that venvs are now the default install method for services?16:58
stevelleI'll take it16:59
busterswtso hop onto host, hop into container, hop into venv to run the client? O_o16:59
*** mgagne_ has joined #openstack-ansible17:06
*** spotz has quit IRC17:07
*** bogeyon18 has quit IRC17:07
*** meteorfox has quit IRC17:07
*** jasondotstar has quit IRC17:07
*** ametts has quit IRC17:07
*** mgagne has quit IRC17:07
*** neillc has quit IRC17:07
*** darrenc has quit IRC17:07
*** sigmavirus24 has quit IRC17:07
*** eglute has quit IRC17:07
*** gus has quit IRC17:07
*** dweaver has quit IRC17:07
*** cloudnull has quit IRC17:07
*** palendae has quit IRC17:07
*** jwagner has quit IRC17:07
*** b3rnard0 has quit IRC17:07
*** saneax_AFK has quit IRC17:07
*** jamielennox has quit IRC17:07
*** scarlisle has quit IRC17:07
*** mcarden has quit IRC17:07
*** phschwartz has quit IRC17:07
*** mfisch has quit IRC17:07
*** d34dh0r53 has quit IRC17:07
*** b3rnard0 has joined #openstack-ansible17:07
*** eglute has joined #openstack-ansible17:07
*** spotz has joined #openstack-ansible17:07
*** d34dh0r53 has joined #openstack-ansible17:07
*** palendae_ has joined #openstack-ansible17:07
*** neillc has joined #openstack-ansible17:07
*** sdake_ has joined #openstack-ansible17:07
stevelleare we still wanting to ensure latest in the pip task as well?17:07
*** admin0 has joined #openstack-ansible17:07
*** weezS has quit IRC17:07
*** sdake has quit IRC17:07
odyssey4methanks stevelle17:07
pjm6Sorry to cut conversation, but could I ask how can I debug the [ os_cinder | Ensure api is available]? the infra_host with haproxy returns me 503 service unavailable from port 877617:07
odyssey4mestevelle I think that cloudnull is picking that one up?17:07
busterswtso i had that same problem yesterday, and i found that SQL was maxxed out on connections17:07
odyssey4memichaelgugino_ good work on https://review.openstack.org/298765 !17:07
busterswtpjm6 if you can get into mysql, try: SHOW STATUS WHERE `variable_name` = 'Threads_connected';17:07
busterswtpjm6 and compare to: show variables like "max_connections";17:07
*** mcarden_ has joined #openstack-ansible17:07
*** phschwartz_ has joined #openstack-ansible17:07
*** jwagner- has joined #openstack-ansible17:07
odyssey4mepjm6 I would guess that if the cinder api isn't up, then there's likely to be a configuration issue with the cinder back-ends you've configured?17:07
admin0back :) long drive17:07
michaelgugino_thanks17:07
*** mfisch has joined #openstack-ansible17:07
*** ametts_ has joined #openstack-ansible17:07
*** scarlisle has joined #openstack-ansible17:07
*** _sigmavirus24 has joined #openstack-ansible17:07
*** dweaver has joined #openstack-ansible17:07
*** mgagne_ has quit IRC17:07
*** mgagne_ has joined #openstack-ansible17:07
admin0so ssl :D ?17:08
*** mfisch is now known as Guest2804917:08
*** palendae_ is now known as palendae17:08
*** cloudnull has joined #openstack-ansible17:08
*** jasondotstar has joined #openstack-ansible17:08
*** darrenc has joined #openstack-ansible17:08
pjm6busterswt: will try that17:08
pjm6odyssey4me: I used default config for cinder17:09
*** gus has joined #openstack-ansible17:09
*** bogeyon18 has joined #openstack-ansible17:10
pjm6busterswt: it gives Threads_connected | 1117:10
pjm6max_connections are 40017:10
busterswtcan you do a 'cinder volume list' right now?17:11
busterswtmaybe volume-list17:11
pjm6sure, but before that (maybe I think what was my problem)17:11
pjm6i only list the ip of storage node17:11
pjm6and created the LVM as in the docs17:12
pjm6but i need to configure the cinder to use LVM, no?17:12
busterswti can't answer that, unfortunately.17:12
*** jamielennox has joined #openstack-ansible17:12
admin0pjm6: if you give a storage host and the cinder-volume lvm is there, it just works17:12
*** toddnni_ has joined #openstack-ansible17:13
*** toddnni has quit IRC17:13
*** toddnni_ is now known as toddnni17:14
pjm6busterswt: that command says that invalid17:14
pjm6but I did "cinder list"17:14
pjm6and gives17:14
*** _sigmavirus24 is now known as sigmavirus2417:14
*** sigmavirus24 has joined #openstack-ansible17:14
pjm6ERROR: Service Unavailable (HTTP 503)17:14
busterswtpjm6 sorry, cinder list17:14
pjm6busterswt: no problem :)17:14
pjm6admin0: I created the lvm volume17:15
pjm6as here http://docs.openstack.org/developer/openstack-ansible/install-guide/targethosts-prepare.html#configuring-lvm17:15
pjm6and added the IP of the storage node17:15
*** mgagne_ is now known as mgagne17:15
admin0yes17:15
admin0vgscan shows it fine ?17:15
pjm6but I saw here that maybe I need to configure this http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-cinder.html#configuring-cinder-to-use-lvm ?17:15
busterswtok, so you may want to try cinder --debug list, to see if your error is keystone or cinder. Plus maybe make sure it's still running in the cinder containers. May want to check from the haproxy node top17:15
busterswt*too17:15
admin0for lvm, just give storage IP .. do nothing else .. no other lines required17:16
admin0that is how i used it17:16
pjm6ok, so vgscan execute in the host of storage?17:16
pjm6busterswt: DEBUG:keystoneclient.session:RESP: [503] Connection: close Content-Type: text/html Cache-Control: no-cache gives this17:16
pjm6"No server is available to handle this request"17:17
*** saneax_AFK has joined #openstack-ansible17:17
admin0pjm6: https://github.com/a1git/openstack-cloud/blob/master/openstack_deploy/openstack_user_config.yml — towards the end is c20 . my storage host using LVM17:17
*** saneax_AFK is now known as saneax17:17
pjm6admin0: it gives me   Found volume group "cinder-volumes" using metadata type lvm2  |   Found volume group "openstack-node03-vg" using metadata type lvm217:17
admin0ok17:17
pjm6yes17:17
pjm6is what config that i used17:18
admin0so looks like your cinder api is not working .. login tot he container and check the logs17:18
pjm6I don't have container in that machine17:18
admin0not in that machine17:18
admin0in the other infra hosts17:18
pjm6ah ok17:18
pjm6is in /var/log?17:19
admin0ssh to infra hosts, do  lxc-ls -f  .. you will see something like c14_cinder_api_container-e5c97b5317:19
admin0its /var/log/cinder/cinder-api.log17:19
*** shanec has joined #openstack-ansible17:19
pjm6yeah there is no cinder container there17:20
admin0lxc-ls -f —see anything that says cinder ?17:20
pjm6only have heat and nova17:20
pjm6nop :|17:20
*** meteorfox has joined #openstack-ansible17:20
admin0then your setup is incomplete :)17:20
admin0how does your user_config looks like ?17:21
pjm6openstack_user_config.yml17:22
pjm6right?17:22
admin0yep17:22
pjm61min17:22
pjm6http://pastebin.com/b9BuGUHu17:23
*** jwagner- is now known as jwagner17:28
admin0looks identical to mine ( except i used the same hostname for the same ip ) ..17:29
*** michaelgugino_ has quit IRC17:29
admin0how many containers are there on your infra host17:29
admin0and did you changed anything else ?17:29
admin0on playbooks or conf or env17:29
pjm6I have 19 containers17:30
pjm6no just the normal17:30
pjm6default17:30
admin0pastebin all the containers lxc-ls -f17:30
pjm6well in user_variables.yml17:31
pjm6I added swift17:31
pjm6as were in docs17:31
pjm6http://pastebin.com/rRzJdEas17:32
*** sdake has joined #openstack-ansible17:33
admin0run os-cinder playbook and check what it says17:33
admin0maybe use -vvvv and save the logs17:33
*** sdake_ has quit IRC17:34
admin0brb 5 mins17:35
pjm6ok ,tks :)17:35
*** eil397 has quit IRC17:37
pjm6http://pastebin.com/g7nwDUN517:38
*** retreved has joined #openstack-ansible17:46
*** retreved has quit IRC17:47
*** retreved has joined #openstack-ansible17:47
openstackgerritJimmy McCrory proposed openstack/openstack-ansible-rabbitmq_server: [WIP] Multi-distro support for rabbitmq_server role  https://review.openstack.org/28628217:48
openstackgerritMerged openstack/openstack-ansible-os_zaqar: Removing unneeded with_items usage  https://review.openstack.org/29879717:53
*** javeriak has quit IRC17:54
*** weezS has joined #openstack-ansible17:55
*** sdake has quit IRC17:57
*** KLevenstein has joined #openstack-ansible17:57
*** asettle has joined #openstack-ansible18:00
*** cloudtrainme has quit IRC18:02
*** pcaruana has joined #openstack-ansible18:02
*** sdake has joined #openstack-ansible18:02
pjm6 it seems that the init script is not creating18:05
*** sdake has quit IRC18:08
*** sdake_ has joined #openstack-ansible18:08
*** asettle has quit IRC18:10
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-os_zaqar: Adding role convergence test  https://review.openstack.org/29891618:13
*** pjm6 has quit IRC18:16
openstackgerritMerged openstack/openstack-ansible: Remove pip_get_pip_options override from group_vars  https://review.openstack.org/29659418:21
*** javeriak has joined #openstack-ansible18:23
*** lykinsbd_ has joined #openstack-ansible18:25
*** lykinsbd has quit IRC18:26
*** jmccrory_ has quit IRC18:28
*** jwitko has joined #openstack-ansible18:34
mhaydenApsu: https://review.openstack.org/#/c/285524/ oops18:38
Apsumhayden: omgherd18:40
*** eil397 has joined #openstack-ansible18:40
*** cloudtrainme has joined #openstack-ansible18:41
*** admin0 has quit IRC18:44
*** phschwartz_ is now known as phschwartz18:51
*** Guest28049 is now known as mfisch19:01
*** sdake_ is now known as sdake19:01
*** mfisch is now known as Guest8245419:01
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible: Move inventory environment loading to function  https://review.openstack.org/29074019:02
*** Guest82454 has quit IRC19:02
*** Guest82454 has joined #openstack-ansible19:02
*** Guest82454 is now known as mfisch19:03
*** eil397 has quit IRC19:03
*** eil397 has joined #openstack-ansible19:05
*** eil397 has quit IRC19:06
*** eil397 has joined #openstack-ansible19:06
*** krotscheck is now known as krotscheck_dcm19:07
*** weezS has quit IRC19:20
*** pjm6 has joined #openstack-ansible19:23
*** dalees` has quit IRC19:25
*** pjm6 has quit IRC19:28
*** weezS has joined #openstack-ansible19:30
*** dalees` has joined #openstack-ansible19:38
*** alextricity has joined #openstack-ansible19:39
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible: Clarify skel_setup parameter documentation  https://review.openstack.org/29895319:40
*** myabiku has joined #openstack-ansible19:45
*** pjm6 has joined #openstack-ansible19:52
*** johnmilton has quit IRC19:53
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible: Removing unneeded is_metal param from user_defined_setup  https://review.openstack.org/29895719:54
*** sdake_ has joined #openstack-ansible19:55
*** eil397 has quit IRC19:56
*** sdake has quit IRC19:58
*** sdake_ is now known as sdake20:02
*** pjm9 has joined #openstack-ansible20:04
*** myabiku has quit IRC20:04
*** bbmbx has joined #openstack-ansible20:04
*** bbmbx has joined #openstack-ansible20:04
*** pjm6 has quit IRC20:07
*** pjm9 has quit IRC20:07
*** pjm6 has joined #openstack-ansible20:07
pjm6Anyone had a problem where the init script of cinder (os_cinder) is not loaded properly20:11
pjm6http://pastebin.com/q8Nd5abi ?20:11
pjm6using the liberty git20:11
automagicallypjm6: Which tag?20:12
pjm6automagically,  liberty20:12
pjm6I went to the host20:15
automagicallySo, the cinder_api upstart conf is not being loaded?20:15
pjm6Yes, I think that is the problem20:15
pjm6because the file is there20:15
pjm6/etc/init/cinder-volume.conf20:16
pjm6I did "initctl reload-configuration20:16
pjm6" as in the playbook but nothin20:16
automagicallyRight, but your log shows that cinder-api is what is going wrong, not cinder-volume20:17
stevelle"No server is available to handle this request." that is HAProxy there20:18
pjm6true20:18
pjm6is only the cinder-api, cinder-scheduler and cinder-backup20:18
stevelleyou have cinder-volume on another host don't you or am I confusing your env with someone else?20:19
pjm6stevelle, but that error is not caused because the failure of the service not being found?20:19
pjm6I have in another host yes20:19
pjm61 node with compute and storage, 1 node for network and other for control (infra)20:19
stevelleok, HAProxy doesn't see cinder-api responding, that is where you need to start20:19
automagicallypjm6: Cinder components are typically split across the storage-infra_containers group and the storage_containers group20:19
automagicallythe volume and backups should be on the host(s) you’ve put in the storage_hosts group20:20
pjm6stevelle, so the problem is with HAProxy? I discarded that because the other services were working (like the repo for instance)20:21
pjm6yes automagically20:21
automagicallyThe API would be in storage_infra20:21
pjm6they are20:21
pjm6I do  a vgscan20:21
pjm6in the host where storage are20:21
pjm6and "Found volume group "cinder-volumes" using metadata type lvm220:21
pjm6"20:21
stevellepjm6: I suspect haproxy is fine, but you have to look downstream from there, automagically is pointing you at cinder-api and I agree20:21
automagicallyYep, specifically pointing out that you should be looking for cinder-api on a different host20:22
stevellethat would be on the control (infra) hosts20:22
*** alextricity has quit IRC20:22
pjm6ah sorry, I didn't understand that20:22
pjm6I will look in the infra host :)20:22
*** alextricity has joined #openstack-ansible20:22
pjm6well, in the infrahost i didn't see any cinder container20:23
*** eil397 has joined #openstack-ansible20:26
*** mcarden_ is now known as mcarden20:26
pjm6is there a way to make sure tha the conf file is reading well?20:28
pjm6that command initctl reload20:29
automagicallyhttp://mwhiteley.com/scripts/2012/12/11/dbus-init-checkconf.html20:29
pjm6tks automagically  :)20:29
*** eil397 has quit IRC20:30
automagicallyAlso, pjm6 make sure you have defined storage-infra_hosts20:30
stevelle^20:30
*** eil397 has joined #openstack-ansible20:30
automagicallyThat is where the cinder_api service will be running in a container20:30
pjm6that is put the host of storage in the user_config right?20:30
pjm6the syntax is ok20:31
automagicallyYour openstack_user_config for Cinder should define two host groups: storage-infra_hosts and storage_hosts20:31
pjm6ohh okkk20:31
pjm6thats the problem (probably)20:32
automagicallycinder-api and cinder-scheduler should be running on the former and cinder-volume and cinder-backup on the latter20:32
pjm6I onmly put20:32
pjm6the storage_hosts...20:32
pjm6lol20:32
pjm6It should be the same host?20:32
automagicallyIt _could_ be20:32
pjm6but should be in the20:32
stevelleyou should have storage-infra_hosts on infra usually20:32
pjm6shared-infra-host => controller20:32
pjm6right?20:32
*** woodard_ has quit IRC20:32
pjm6I read now in the docs20:32
stevelleyou got it20:33
*** woodard has joined #openstack-ansible20:33
pjm6probably that was the error... thanks a lot guys :)20:34
pjm6one more thing, its recommend that I use the playbook from the beginning20:34
pjm6or using with --limit retry?20:34
stevelleyou will want to use a few playbooks since your inventory was incomplete.20:35
pjm6so its better run all again20:36
stevellelxc-containers-create.yml and os-cinder-install.yml20:36
pjm6I will give the feedback20:37
*** sigmavirus24 is now known as sigmavirus24_awa20:37
*** sigmavirus24_awa is now known as sigmavirus2420:37
pjm6btw: why storage API are not in the shared-infra group?20:37
pjm6its to provide more redundancy or because this service could be heavy in terms of requests?20:37
palendaeAllows deployers finer control20:38
palendaeAt scale it could be separated out should someone want/need it20:38
pjm6ok, so its for control and not performance matters :)20:38
stevelleusually you would want cinder-api and cinder-scheduler at least to be close to the infra it uses (db, queues)20:38
palendaeWell, might be performance at scale20:40
palendaeTo isolate services from each other20:40
palendaeThat's why we started breaking more infra groups out20:40
palendaeUsed to just be infra_hosts20:40
*** asettle has joined #openstack-ansible20:43
pjm6yes and is good to making20:48
pjm6an generic deployment playbook :)20:48
pjm6maybe considering adding in the docs http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-hostlist.html20:51
pjm6about the storage-infra_hosts ?20:51
spotzpjm6 that was just added into the cinder-ceph documentation20:52
pjm6spotz, you're right. I miss that because I skipped the topic of Configuring the Block Storage service20:54
pjm6my bad20:54
spotzI only know because I put it in after we got a bug:)20:54
pjm6Nice, now I hope not to forget :)20:55
*** alextricity has quit IRC21:04
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible: Refactor user config loading into function  https://review.openstack.org/29898121:05
*** cloudtrainme has quit IRC21:09
*** lykinsbd_ has quit IRC21:11
*** eil397 has quit IRC21:13
*** eil397 has joined #openstack-ansible21:13
cloudnullfor me osic.org didnt go down at least21:14
cloudnullha ^ wrong window.21:15
cloudnullwhich is good btw :)21:15
*** javeriak has quit IRC21:18
*** Mudpuppy has quit IRC21:20
*** retreved has quit IRC21:21
*** eil397 has quit IRC21:23
spotzhehehe21:27
*** eil397 has joined #openstack-ansible21:28
*** thorst has quit IRC21:33
*** thorst has joined #openstack-ansible21:33
*** sdake_ has joined #openstack-ansible21:35
*** cloudtrainme has joined #openstack-ansible21:35
*** thorst has quit IRC21:38
*** sdake has quit IRC21:38
*** fawadkhaliq has joined #openstack-ansible21:44
*** sigmavirus24 is now known as sigmavirus24_awa21:47
pjm6automagically, stevelle the problem persists, but now I have the cinder_api_container and scheduler in infra21:47
pjm6but it's different, now is in the playbook Ensure cinder api is available21:49
*** Nepoc has joined #openstack-ansible21:49
cloudnullpjm6: whats going on ?21:50
cloudnullsorry been hectic today21:50
stevellepjm6: iirc you will need to run the haproxy play as well21:50
NepocHello... what version of glace should I have if I'm running liberty? I currently have 1.2.0 and it doesn't seem to have the --copy-from for image-create.21:50
Nepocglance21:50
pjm6cloudnull, no problem :)21:50
stevellenow that the cinder-api group is not empty, haproxy needs to know about the hosts to set up forwarding21:50
pjm6stevelle, I forgot that...21:50
stevelleI forgot to mention21:51
pjm6no problem, I thank you for all the help/support21:51
stevellewhen this doesn't quite fix it, I'll let cloudnull help you further :)21:51
cloudnullNepoc: if i remember right the glance community removed copy from21:51
pjm6hope that in near future I would be more helping than being rescue =)21:52
pjm6thanks once again ste21:52
pjm6stevelle,21:52
cloudnullNepoc: in a liberty deploy i did the other day I had to do this https://github.com/os-cloud/osic-ref-impl/blob/master/post-deployment-setup.sh#L47-L5421:52
fawadkhaliqhey guys, quick question..does os-ansible support Nova cells based deployment?21:53
cloudnullfawadkhaliq: no.21:53
cloudnullwe have cells v2 code for the nova-api21:53
cloudnullwhich is in mitaka21:53
Nepoccloudnull: strange... I've been using the same format used in tempest for a while now. Using image_url and I had no need to do a wget first.21:53
cloudnullbut not for cells v121:53
fawadkhaliqcloudnull: okay, thanks.21:54
cloudnullfawadkhaliq: do you need cells ?21:54
cloudnullcells v1 that is ?21:54
fawadkhaliqcloudnull: Nope, I am agnostic of cells v1 vs v2. Since whatever is going to be there is going to be new deployments, so cells v2 makes sense.21:55
cloudnullok. well for mitaka the cellsv2 bits exist and you can configure them for nova however ive not given them a spin, so idk the state of nova cells v221:56
fawadkhaliqcloudnull: no worries, thanks. Just collecting data at this point.21:56
cloudnullcool21:56
cloudnullping if you have questions .21:56
fawadkhaliqcloudnull: will do, thanks.21:57
*** busterswt has quit IRC21:58
*** fawadkhaliq has quit IRC22:01
pjm6stevelle, at least that task pass without error. Thanks =D22:02
*** fawadkhaliq has joined #openstack-ansible22:02
*** thorst has joined #openstack-ansible22:02
stevelleonto the next error! :D22:02
cloudnull^ truth :)22:02
pjm6loool yes22:03
pjm6one question, its normal having some errors in deploying22:03
pjm6or is just me that i'm pretty good at it? xD ahah22:03
Nepoccloudnull: Like this https://github.com/openstack/openstack-ansible/blob/liberty/playbooks/roles/os_tempest/tasks/tempest_resources.yml#L16-L3222:03
cloudnullNepoc: maybe the api call still works but the cli not?22:05
cloudnullfor the glance ansible lib we're importing python-glanceclient directly (if i remember right)22:05
*** thorst has quit IRC22:07
NepocWell there we go ERROR glance.api.v1.images [-] Copy from external source 'file' failed for image It's my fault it seems22:09
*** cloudtrainme has quit IRC22:09
cloudnullis that with the CLI ?22:10
cloudnullor the ansible module ?22:10
NepocAnsible module22:12
*** markvoelker has joined #openstack-ansible22:13
Nepocfound the problem... file permissions :)22:13
cloudnullah. ok.22:13
* cloudnull was code diving22:13
NepocHopefully you didn't dive too deep22:14
cloudnullnever22:14
Nepoc:)22:14
*** Brew has quit IRC22:14
*** ametts_ has quit IRC22:15
*** fawadkhaliq has quit IRC22:15
*** fawadkhaliq has joined #openstack-ansible22:16
*** markvoelker has quit IRC22:20
*** markvoelker has joined #openstack-ansible22:21
*** markvoelker_ has joined #openstack-ansible22:22
openstackgerritSteve Lewis proposed openstack/openstack-ansible: Add release note for services in venvs  https://review.openstack.org/29900822:23
*** markvoelker has quit IRC22:26
spotzstevelle: I think your 's may cause an issue not sure. content looks good but I'm gonna wait for jenkins22:26
*** sdake has joined #openstack-ansible22:26
stevellespotz: they should be ` rather than ' and the reno guide said I could use RST but I was skeptical also22:27
*** sdake_ has quit IRC22:28
spotzWell jenkins approved, stevelle. Let me +122:29
*** Mudpuppy has joined #openstack-ansible22:29
*** spotz is now known as spotz_zzz22:31
*** markvoelker_ has quit IRC22:39
*** fawadkhaliq has quit IRC22:44
*** fawadkhaliq has joined #openstack-ansible22:44
*** fawadkhaliq has quit IRC22:46
rromansstevelle: curious, why the triple backtick?22:46
openstackgerritNeill Cox proposed openstack/openstack-ansible-ironic: [WIP] Add tests for the ironic REST API  https://review.openstack.org/29865422:47
openstackgerritNeill Cox proposed openstack/openstack-ansible-ironic: [WIP] Add tests for the ironic REST API  https://review.openstack.org/29865422:48
stevellerromans: because I'm bad at rst? :)22:48
stevelle-1 with the right syntax please, maybe I'll remember this time22:48
rromanslol ok22:48
stevelleI have it in my head that single backtick is md22:49
*** fawadkhaliq has joined #openstack-ansible22:52
*** galstrom_zzz is now known as galstrom22:55
rromansstevelle: mind if I put just up a new patch?22:56
rromans*put up22:56
stevellerromans: be my guest22:56
rromanskk22:56
*** weezS has quit IRC22:57
*** KLevenstein has quit IRC22:57
*** eil397 has quit IRC23:00
cloudnullstevelle: is anyone good at rst  ?23:01
stevellecloudnull: searching...23:02
openstackgerritRobb Romans proposed openstack/openstack-ansible: Add release note for services in venvs  https://review.openstack.org/29900823:06
*** cloudtrainme has joined #openstack-ansible23:07
*** cloudtrainme has quit IRC23:10
*** jorge_munoz has quit IRC23:15
*** fawadkhaliq has quit IRC23:18
*** fawadkhaliq has joined #openstack-ansible23:20
*** fawadkhaliq has quit IRC23:22
*** galstrom is now known as galstrom_zzz23:31
*** woodard_ has joined #openstack-ansible23:32
*** eil397 has joined #openstack-ansible23:32
*** woodard has quit IRC23:36
*** woodard_ has quit IRC23:36
*** fawadkhaliq has joined #openstack-ansible23:41
*** sdake has quit IRC23:43
pjm6I will go out guys23:43
pjm6finally could deploy succesfully openstack-ansible, thank you all for all the support and see you tomorrow :923:44
pjm6:)23:44
*** sdake has joined #openstack-ansible23:44
*** sdake has quit IRC23:44
pjm6have a good rest of day23:44
*** sdake has joined #openstack-ansible23:44
stevellegrats pjm623:49
*** pjm6 has quit IRC23:53
« Monday, 2016-03-28 Index Wednesday, 2016-03-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!