Monday, 2016-04-11

« Sunday, 2016-04-10 Index Tuesday, 2016-04-12 »
*** schwicht has quit IRC00:01
*** schwicht has joined #openstack-ansible00:09
*** woodard has joined #openstack-ansible00:28
*** woodard has quit IRC00:33
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: Update ironic.conf for swift and keystone compat  https://review.openstack.org/30171200:40
*** Ger-chervyak has joined #openstack-ansible01:13
*** Ger-chervyak has quit IRC01:14
*** thorst has joined #openstack-ansible01:35
*** thorst has quit IRC01:39
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-repo_build: update repo-build for ansible 2.1 compat  https://review.openstack.org/29968901:45
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_aodh: Updated role using the Multi-Distro framework  https://review.openstack.org/29562001:47
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: Update ironic.conf for swift and keystone compat  https://review.openstack.org/30171201:56
*** thorst has joined #openstack-ansible02:04
*** johnmilton has quit IRC02:18
*** schwicht has quit IRC02:18
*** sdake has joined #openstack-ansible02:24
*** thorst has quit IRC02:24
*** sdake_ has joined #openstack-ansible02:27
*** sdake has quit IRC02:28
*** asettle has quit IRC02:33
*** sdake has joined #openstack-ansible02:39
*** sdake_ has quit IRC02:43
*** jayc has joined #openstack-ansible02:49
*** Maeca has joined #openstack-ansible02:51
*** retreved has quit IRC03:02
*** retreved has joined #openstack-ansible03:03
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: Update ironic.conf for swift and keystone compat  https://review.openstack.org/30171203:09
*** mfisch has quit IRC03:11
*** mfisch has joined #openstack-ansible03:12
*** mfisch is now known as Guest8965703:12
*** Guest89657 has quit IRC03:13
*** Guest89657 has joined #openstack-ansible03:13
*** Guest89657 is now known as mfisch03:14
openstackgerritMichael Carden proposed openstack/openstack-ansible-ironic: Add tests for the ironic CLI  https://review.openstack.org/30310403:31
*** woodard has joined #openstack-ansible03:46
*** shausy has joined #openstack-ansible04:23
*** thorst has joined #openstack-ansible04:25
*** thorst has quit IRC04:29
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: Update ironic.conf for swift and keystone compat  https://review.openstack.org/30171204:44
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: Change the default thread pool size  https://review.openstack.org/30307904:44
cloudnullim back out, cheers everyone04:44
*** schwicht has joined #openstack-ansible04:46
*** schwicht has quit IRC04:51
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: updated Ironic role to fix tftp-hpa issues  https://review.openstack.org/30363304:55
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: updated ironic playbook inclusion for tftp network  https://review.openstack.org/30365904:58
*** saneax_AFK is now known as saneax05:18
*** sdake_ has joined #openstack-ansible05:23
*** sdake has quit IRC05:24
*** asettle has joined #openstack-ansible05:28
*** shausy has quit IRC05:34
*** shausy has joined #openstack-ansible05:35
*** pcaruana has joined #openstack-ansible05:39
*** agireud has quit IRC05:41
*** sdake_ is now known as sdake05:45
*** agireud has joined #openstack-ansible05:45
*** joker_ has joined #openstack-ansible05:52
*** jayc has quit IRC05:54
*** tricksters has joined #openstack-ansible05:56
*** eric_lopez has quit IRC05:58
*** admin0 has joined #openstack-ansible05:58
*** javeriak has joined #openstack-ansible06:04
*** admin0 has quit IRC06:17
odyssey4mev1k0d3n uh, nope - the AIO for mitaka should work almost the same as in any other branch as we try to keep the gate testing as close as possible in style and method and the circumstances it works in are the same - so I'm curious regarding what you saw06:17
odyssey4medeadnull if your auth endpoint is the public one, and the auth_type is publicURL then it should use the public URL's - if you can post the list of public endpoints and the output of the CLI's command (with --debug on the CLI) then we can help take a look06:19
*** ChrisBenson has quit IRC06:20
javeriakodyssey4me morning06:34
*** admin0 has joined #openstack-ansible06:34
javeriaki hit the "Memcache key not found" error in the horizon plays too and there doesnt seem to be any fix related to this in master branch06:35
odyssey4mejaveriak ah, so I think we've fixed it up for all the ssh keys but didn't quite get it all done for the ssl keys06:41
odyssey4meso it would appear that should be resolved - can you put in a patch for that please?06:42
*** admin0 has quit IRC06:43
*** neilus has joined #openstack-ansible06:43
*** woodard has quit IRC06:49
javeriakodyssey4me sure, but i seem to be missing something beacuse when i applied the changes to the horizon ssl playbooks; i got a checksum/crc error06:49
*** woodard has joined #openstack-ansible06:49
javeriakeven tried clearing the facts since i thought i might need to clear up some old values06:50
openstackgerritMichael Davies proposed openstack/openstack-ansible: Add installation support for os_ironic  https://review.openstack.org/29377906:54
*** woodard has quit IRC06:54
odyssey4mejaveriak hmm, was that a checksum error in tests or in deployment?06:57
javeriakodyssey4me the horizon playbooks threw it for the key_distribute task, the contents that it extracts for the copy later were producing that error07:01
*** markvoelker has joined #openstack-ansible07:01
odyssey4mejaveriak can you upload the review for inspection so I can take a look at the changes made?07:02
javeriakodyssey4me sure, they should the same as we did for rabbitmq right?07:04
odyssey4mejaveriak yep, pretty much - clurp is more reliable than using the shell/command module to collect facts07:05
*** arslan has quit IRC07:05
openstackgerritMichael Davies proposed openstack/openstack-ansible-os_nova: Add Nova config for os_ironic role  https://review.openstack.org/29331507:05
javeriakodyssey4me also cloudnull mentioned some horizon nova experts based in australia that would be available monday to help look at my cluster? any idea if they're around?07:05
*** markvoelker has quit IRC07:06
javeriakoh and btw the ssl patch for horizon needs to go in master/mitaka too i think?07:06
odyssey4meI'm not sure if neillc is around, or can help connect you with the right people.07:07
odyssey4mejaveriak yeah - but to start with let's get it into master, once it's merged we'll look to backporting07:08
javeriakodyssey4me okay pushing shortly07:08
*** mikelk has joined #openstack-ansible07:11
*** jamielennox is now known as jamielennox|away07:15
openstackgerritMichael Davies proposed openstack/openstack-ansible-ironic: Copy required PXE files without prejudice  https://review.openstack.org/30392707:16
odyssey4mejaveriak it looks like the Horizon experts are off ill today, it may be worth jumping into #openstack-horizon and asking your questions there?07:18
neillcjaveriak: richard jones is your best bet r1chardjon3s in the openstack-horizon channel07:23
*** xek has quit IRC07:24
openstackgerritMerged openstack/openstack-ansible-ironic: Change the default thread pool size  https://review.openstack.org/30307907:25
javeriakodyssey4me neillc i dont have any specific query, its just horizon has gone realllly slow and doesnt respond with the scale im working with; so was hoping you guys could help and let me know if im missing some configs for larger installations07:34
javeriakatcually its the whole of openstack; the calls are just going through really slow on cli as well, and horizon is not working07:34
neillcrichard is still the best person to speak to, but I think the basic answer is that horizon does not work well at scale07:34
neillcmostly because of the apis07:35
neillcwork is being done to try and improve things (lie the new swift panel in horizon)07:35
odyssey4mejaveriak yeah, it souds to me like the starting point would be to identify the issue at the API level07:35
javeriakguys seen this before: lxc: confile.c: config_string_item_max: 314 8d494692_etcontroller-1 is too long (>= 16) ?07:35
neillcbut some of it is just that the apis are not good07:35
javeriakodyssey4me neillc so there must be some way to improve it; i mean what do you do at larger scales and this is still hardly a 130 node cluster; now openstack has just stopped cooperating07:41
odyssey4mejaveriak that's odd, because we've had tests done at larger scale without performance degredation - can you pastebin your user_vars and openstack_user_config somewhere I can view it?07:44
*** goretoxo has joined #openstack-ansible07:44
javeriakodyssey4me sure, i'll copy them out07:45
*** Oku_OS-away is now known as Oku_OS07:45
openstackgerritMichael Carden proposed openstack/openstack-ansible-ironic: Add tests for the ironic CLI  https://review.openstack.org/30310407:46
javeriakhey is there a limit to the hostnames you can set in the user_config? my lxc's wont start with that error  "lxc: confile.c: config_string_item_max: 314 8d494692_etcontroller-1 is too long (>= 16) ?"07:46
odyssey4methat's odd - is this a master build?07:47
javeriakodyssey4me nope kilo; (the lxc error right?)07:47
odyssey4mejaveriak hmm, I need to relocate but I think there was a patch to later versions which may have fixed that - let me get going to the office and check that out07:50
*** admin0 has joined #openstack-ansible07:50
javeriakodyssey4me i found the problem, someone had messed up the user config file and replaced the container interface names :P07:52
openstackgerritMerged openstack/openstack-ansible-os_nova: Add Nova config for os_ironic role  https://review.openstack.org/29331508:03
admin0good morning08:04
*** admin0 has quit IRC08:08
*** asettle has quit IRC08:09
*** admin0 has joined #openstack-ansible08:09
odyssey4mejaveriak ah, if that's done then it needs to be known that the interface names have a length limit08:15
odyssey4meI wonder if we shouldn't hard fail before changing anything if that's done, but perhaps someone doing that is an edge case and they should know what they're doing.08:15
*** javeriak has quit IRC08:20
*** admin0 has quit IRC08:24
*** admin0 has joined #openstack-ansible08:26
odyssey4memrda does the suggested change in https://review.openstack.org/303927 make sense?08:29
mrdaodyssey4me: yes, I will update and re-push08:33
* mrda is currently debugging cloudnull's patch against my lab testing environment08:33
odyssey4memcarden if you're still around, sorry about changing things up again but it seems that https://review.openstack.org/303104 may need another round to keep Ansible 2.1 compatibility, which is a goal for Master/Mitaka.08:34
odyssey4meah cool thanks mrda - we're close :)08:34
mrdaSo I haven't completed my audit against what andymccr and i had working in a lab, so I'd like to do that before we merge this one08:36
odyssey4memrda from my conversation with cloudnull on the w/end, it seems that what you guys had working would only ever work on a flat network - whereas cloudnull's changes are more flexible08:38
odyssey4methe change to the listening address for the tftp server is also necessary as the default only ever listens on ipv608:38
mrdasure08:39
odyssey4mejust for funsies :)08:39
mrdajust asking questions, happy for answers :)08:39
odyssey4mecloudnull engaged with #openstack-ironic and ended up getting fantastic feedback and assistance with overcoming the hurdles08:39
* mrda is very grateful for all the help from cloudnull, andymccr and odyssey4me08:39
mrda\o/08:39
openstackgerritMichael Davies proposed openstack/openstack-ansible-ironic: Copy required PXE files without prejudice  https://review.openstack.org/30392708:42
mcardenodyssey4me: NP, sorting that now.08:42
odyssey4memcarden it may not apply at all, but if it works then let's do it08:42
mcardenYep. It passes linting with that change. Just doing a full run now.08:43
mrdaoh, btw thanks all for merging https://review.openstack.org/#/c/293315/ while I was on the train *yay*08:44
odyssey4meevrardjp could you revise https://review.openstack.org/279730 to take care of the merge conflict please?08:47
odyssey4merelocating from train to office - bbiab08:48
*** schwicht has joined #openstack-ansible08:49
*** fishcried has joined #openstack-ansible08:52
*** pjm6 has joined #openstack-ansible08:52
*** schwicht has quit IRC08:54
pjm6Hi everyone08:55
*** fishcried1 has joined #openstack-ansible08:58
*** pcaruana has quit IRC09:00
*** fishcried has quit IRC09:01
*** fishcried1 is now known as fishcried09:01
*** markvoelker has joined #openstack-ansible09:02
evrardjphey09:02
evrardjpodyssey4me sure09:02
*** markvoelker has quit IRC09:07
openstackgerritMerged openstack/openstack-ansible-os_rally: Removing unused handlers file  https://review.openstack.org/30358409:08
*** javeriak has joined #openstack-ansible09:10
mrdaodyssey4me: Just added a comment on https://review.openstack.org/#/c/303633/2 for yours and cloudnull's consideration.  You're welcome :)09:11
javeriakodyssey4me yea it was more of a typo in this case, the person was using find and replace in the file and accidently replaced the interface names aswell09:11
openstackgerritMerged openstack/openstack-ansible-lxc_hosts: Minor tweak to the lxc-system-manage template  https://review.openstack.org/30371409:12
openstackgerritMerged openstack/openstack-ansible-os_tempest: Updates for tempest in functional tests  https://review.openstack.org/30269709:30
openstackgerritMichael Carden proposed openstack/openstack-ansible-ironic: Add tests for the ironic CLI  https://review.openstack.org/30310409:37
*** woodard has joined #openstack-ansible09:47
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-ironic: Copy required PXE files without prejudice  https://review.openstack.org/30392709:47
*** schwicht has joined #openstack-ansible09:51
*** woodard has quit IRC09:52
*** schwicht has quit IRC09:55
*** thorst has joined #openstack-ansible10:04
*** thorst has quit IRC10:27
*** mgoddard_ has joined #openstack-ansible10:27
*** thorst has joined #openstack-ansible10:27
*** mgoddard has quit IRC10:30
odyssey4meevrardjp this may also be of interest to you: https://review.openstack.org/30134310:32
*** thorst has quit IRC10:32
evrardjp:)10:32
evrardjpindeed10:32
openstackgerritMerged openstack/openstack-ansible-ironic: Copy required PXE files without prejudice  https://review.openstack.org/30392710:34
*** sdake_ has joined #openstack-ansible10:45
*** thorst has joined #openstack-ansible10:46
*** sdake has quit IRC10:48
*** markvoelker has joined #openstack-ansible11:03
*** thorst has quit IRC11:04
*** thorst has joined #openstack-ansible11:05
*** markvoelker has quit IRC11:07
*** jayc has joined #openstack-ansible11:08
*** thorst has quit IRC11:09
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-galera_server: Update min_ansible_version to 1.9.0  https://review.openstack.org/30403711:09
*** johnmilton has joined #openstack-ansible11:10
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-ironic: Update min_ansible_version to 1.9.0  https://review.openstack.org/30403811:11
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-galera_server: Update min_ansible_version to 1.9  https://review.openstack.org/30403711:12
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-ironic: Update min_ansible_version to 1.9  https://review.openstack.org/30403811:12
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_cinder: Update min_ansible_version to 1.9  https://review.openstack.org/30403911:13
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_glance: Update min_ansible_version to 1.9  https://review.openstack.org/30404011:14
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_gnocchi: Update min_ansible_version to 1.9  https://review.openstack.org/30404111:15
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_heat: Update min_ansible_version to 1.9  https://review.openstack.org/30404211:16
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_horizon: Update min_ansible_version to 1.9  https://review.openstack.org/30404311:16
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone: Update min_ansible_version to 1.9  https://review.openstack.org/30404411:17
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_neutron: Update min_ansible_version to 1.9  https://review.openstack.org/30404511:17
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_nova: Update min_ansible_version to 1.9  https://review.openstack.org/30404611:18
*** schwicht has joined #openstack-ansible11:33
*** weshay has quit IRC11:36
deadnullodyssey4me you're on fire11:44
* admin0 searches for the fire extingusiher11:51
*** Oku_OS is now known as Oku_OS-away11:55
odyssey4melol, repetitive patches hardly qualify :p11:56
*** sdake_ is now known as sdake11:59
*** mgoddard_ has quit IRC12:00
*** thorst has joined #openstack-ansible12:04
*** jayc has quit IRC12:07
*** retreved has quit IRC12:08
*** retreved has joined #openstack-ansible12:08
*** pjm6 has quit IRC12:10
*** sdake_ has joined #openstack-ansible12:10
*** sdake has quit IRC12:12
*** b3rnard0_away is now known as b3rnard012:17
*** sdake_ has quit IRC12:18
*** clickboom has joined #openstack-ansible12:18
*** markvoelker has joined #openstack-ansible12:19
*** johnmilton has quit IRC12:21
*** weshay has joined #openstack-ansible12:25
*** saneax is now known as saneax_AFK12:26
*** Oku_OS-away is now known as Oku_OS12:29
*** neilus has quit IRC12:29
*** neilus has joined #openstack-ansible12:30
*** retreved_ has joined #openstack-ansible12:33
*** retreved_ has quit IRC12:33
openstackgerritMatt Thompson proposed openstack/openstack-ansible-security: [WIP] Unattended upgrades  https://review.openstack.org/30409612:34
*** retreved has quit IRC12:36
*** schwicht has quit IRC12:36
*** mgoddard has joined #openstack-ansible12:40
*** jayc has joined #openstack-ansible12:41
*** johnmilton has joined #openstack-ansible12:42
*** clickboom has quit IRC12:43
*** woodard has joined #openstack-ansible12:45
*** woodard has quit IRC12:45
*** woodard has joined #openstack-ansible12:46
*** johnmilton has quit IRC12:50
*** johnmilton has joined #openstack-ansible12:50
*** clickboom has joined #openstack-ansible12:51
*** clickboom has quit IRC12:53
v1k0d3nodyssey4me: good morning. i'll try again, and let you know what happens on my end. couple of things though for sure, which you guys are aware of and i just missed is adding the security repo's, right? that threw errors on my end about the service accounts not being locked for AIO.12:54
*** clickboom has joined #openstack-ansible12:55
*** johnmilton has quit IRC12:55
*** johnmilton has joined #openstack-ansible12:55
*** schwicht has joined #openstack-ansible12:56
*** clickboom has quit IRC12:56
*** pjm6 has joined #openstack-ansible12:59
*** schwicht has quit IRC13:00
*** neilus1 has joined #openstack-ansible13:00
*** clickboom has joined #openstack-ansible13:01
*** clickboom has quit IRC13:02
*** neilus has quit IRC13:04
odyssey4mev1k0d3n it'll only be fatal if your base image is really bad :)13:06
odyssey4mewe only skip one tag in the security check for the gate, and that's the check for unauthenticated packages from apt - and that's because we're forced to use those by OpenStack-CI13:07
*** clickboom has joined #openstack-ansible13:07
openstackgerritJaveria Khan proposed openstack/openstack-ansible-os_horizon: Update SSL key / cert distribution for Horizon  https://review.openstack.org/30411313:08
javeriakodyssey4me ^ ; please see if im going about it correctly13:09
odyssey4mejaveriak that looks right to me13:14
*** Ger-chervyak has joined #openstack-ansible13:16
*** automagically has joined #openstack-ansible13:19
automagicallyMorning all13:23
pjm6hi automagically13:23
*** xek has joined #openstack-ansible13:24
odyssey4meo/13:24
*** neilus1 has quit IRC13:29
openstackgerritLance Bragstad proposed openstack/openstack-ansible-os_keystone: Use ansible facts for distributing SSL certs/keys  https://review.openstack.org/30359213:30
javeriakodyssey4me are there any special settings to getting the nova novnc console to work? my nova_console backends are always down13:32
javeriaktrying to access my VMs directly..13:32
*** clickboom has quit IRC13:34
v1k0d3nodyssey4me: so this was just a default installation of ubuntu with the prereqs as suggested in the wiki.13:34
v1k0d3ni wonder if listing deb repositories as a replacement for what a user could have (by default) could help?13:35
*** pjm6 has quit IRC13:36
*** thorst has quit IRC13:36
v1k0d3nwhen i have some time (which is becoming harder and harder these days) i can go back and see what issues i ran into specifically and report back.13:37
*** clickboom has joined #openstack-ansible13:37
*** pjm6 has joined #openstack-ansible13:38
odyssey4melbragstad comments in https://review.openstack.org/30359213:38
lbragstadodyssey4me thanks!13:38
odyssey4mejaveriak that's off13:38
odyssey4me*odd13:38
pjm6for instance is here anyone who knows horizon or worked with it?13:39
pjm6i'm developing a dashboard and know that exists permissions (with role)13:39
pjm6but i would like to know if its possible to use group xD13:40
odyssey4mejaveriak are you using vnc instead of spice? the check configs are here and if you're using novnc then the 'nova_console' backend will always be down because it uses the spice port13:40
pjm6*group members13:40
javeriakodyssey4me the spice ones are down as well..13:40
javeriakmy nova plays are failing :( error: /openstack/venvs/nova-12.0.5 does not refer to a python installation in Update virtualenv path13:41
odyssey4mev1k0d3n which tests/tasks failed in the security role?13:41
v1k0d3nlet me check and see if i can find it specifically.13:42
odyssey4mepjm do you mean keystone group members? if so then you need to change the policies to check keystone membership and adjust the tasks shown - that's not all that easy :/13:42
cloudnullmorning13:42
odyssey4mepjm6 that's what https://review.openstack.org/264862 was trying to help resolve13:42
openstackgerritLance Bragstad proposed openstack/openstack-ansible-os_keystone: Use ansible facts for distributing SSL certs/keys  https://review.openstack.org/30359213:43
javeriakcloudnull morning! really happy to see you :D13:43
lbragstadcloudnull o/13:44
cloudnullhows it :)13:44
*** busterswt has joined #openstack-ansible13:44
*** neilus has joined #openstack-ansible13:46
pjm6thanks odyssey4me, gotta look at that =)13:46
pjm6hi cloudnull13:46
admin0https://cerberus.office.xl-is.net/index.php/profiles/ticket/KWE-98454-613/conversation/read_all13:48
admin0oops13:48
matttwhy do so many roles include apt_package_pinning ?13:48
admin0:D13:48
matttis that deliberate ?13:48
admin0hoi all13:48
cloudnullmattt: you mean as a dep?13:49
matttcloudnull: yep!13:49
cloudnullin the meta file?13:49
cloudnullor in a test?13:49
matttcloudnull: yep, meta ... ie. https://github.com/openstack/openstack-ansible-os_cinder/blob/master/meta/main.yml#L3913:50
*** Oku_OS is now known as Oku_OS-away13:50
*** schwicht has joined #openstack-ansible13:51
v1k0d3nodyssey4me: it choked on V-38496 (default system accounts other than root that aren't locked).13:51
cloudnullapt_package_pinning gives the user the ability to pin packages. you don't have that otherwise, especially as we move to var files that are included at run time which are immutable variables.13:51
cloudnullidk that many folks are using outside of RPC however thats why its there.13:52
cloudnulldo we want to remove it ?13:52
odyssey4meit seems odd to have the role, but we never use it for any pinning we do anywhere13:52
v1k0d3nit was a pretty vanilla install, but nothing installed that wasn't needed either.13:52
*** michaelgugino has joined #openstack-ansible13:52
odyssey4mefor example, we pin the mariadb repo but don't use our role to do it13:52
openstackgerritFlávio Ramalho proposed openstack/openstack-ansible-os_neutron: Fix neutron lbaasv2 upstart init scrtipt placement  https://review.openstack.org/30414313:53
cloudnullodyssey4me: we should do that :)13:53
matttcloudnull: i was more curious why it was there when we didn't appear to be using it :)13:53
cloudnullto my knowledge RPC is the only folks I know do(did?).13:54
*** Bjoern_ has joined #openstack-ansible13:54
cloudnullif its no longer useful we should cut it13:54
*** Oku_OS-away is now known as Oku_OS13:55
odyssey4meit makes more sense to me to use one or the better apt configuration roles in ansible galaxy to facilitate this function13:55
cloudnullor we should start using it in places where we pin things :)_13:55
*** schwicht has quit IRC13:55
*** ametts has joined #openstack-ansible13:55
odyssey4meit'd also be nice to have it work in the same way as the apt_package_pinning role - if we add a repo or a pin then it replaces the existing file, so we never leave junk behind13:55
*** Ger-chervyak has quit IRC13:56
*** clickboom has quit IRC13:56
odyssey4mefor example, when we change the repo use for mariadb (or even the scheme) then we end up leaving an apt.sources.d file behind which causes apt-get failures until it's cleaned up13:56
cloudnullodyssey4me:  the trick with those other roles is they generally do a lot which is going to extend run time.13:56
*** Ger-chervyak has joined #openstack-ansible13:56
cloudnullyea thats a mess.13:56
cloudnullin 2.x we get the ability to set that file name13:57
odyssey4meI know that there's a patch into Ansible 2.1 that allows you to set the target file name in the Ansible module.13:57
cloudnull2.1 it seems13:57
cloudnullhttp://docs.ansible.com/ansible/apt_repository_module.html13:57
cloudnullyea looks like its there now13:57
odyssey4mev1k0d3n there was a patch recently to improve that: https://github.com/openstack/openstack-ansible-security/commit/9058a3f084961a52408dd1576dd386db8ff4d0d013:57
odyssey4medoes that perhaps work for your environment?13:58
cloudnull2.1 does with just a few changes which ive already submitted13:58
*** aludwar has joined #openstack-ansible13:58
v1k0d3nwell, i'd have to try again. i was working with this over the weekend for 13.0.0.13:58
* cloudnull realized that odyssey4me was not talking to me13:58
*** clickboom has joined #openstack-ansible13:58
* odyssey4me is talking to everyone :p13:59
*** jthorne has joined #openstack-ansible14:00
stian__What is the correct way to restart a galera cluster after a config change? It looks like all nodes are restarted at the same time...14:02
odyssey4mestian__ hmm, they shouldn't be - unless you fed it the var to ignore the cluster state14:03
cloudnullopenstack-ansible galeral-install.yml --tags galera-bootstrap14:03
stian__So if I change something in my.cnf.j2 template and run the playbook again, it should restart every node seperately?14:05
cloudnullstian__: http://docs.openstack.org/developer/openstack-ansible/install-guide/ops-galera-recovery.html14:05
*** KLevenstein has joined #openstack-ansible14:06
cloudnullstian__: yes14:06
cloudnullhttps://github.com/openstack/openstack-ansible/blob/master/playbooks/galera-install.yml#L6214:06
cloudnullthat play is executed in serial14:06
*** mgoddard has quit IRC14:07
*** mgoddard has joined #openstack-ansible14:08
*** KLevenstein has quit IRC14:08
stian__Thanks cloudnull14:09
odyssey4meautomagically it've been better to wait for https://review.openstack.org/304143 to merge so that the merged SHA shows in the commit msg - now we'll have to update it after the master patch merges14:09
michaelguginogreetings all.  I am back from my travels.14:10
odyssey4mewb michaelgugino14:10
michaelguginoty14:10
automagicallyodyssey4me: D’oh!14:10
automagicallyI’ll just abandon it14:10
automagicallyAnd we’ll recreate the pick post-merge14:10
michaelguginoI'm still looking for some reviews on https://review.openstack.org/#/c/298765/  It has turned into quite the sizeable patch set.14:10
odyssey4mepjm6 I think that evrardjp knows how the Horizon permissions/policies work.14:11
odyssey4mebest to ask questions in channel though, then we can all learn14:11
pjm6sure, thanks14:12
odyssey4meautomagically you can't re-do a pick into a branch with the same change-id, so we'll have to edit the commit msg after the fact :)14:12
pjm6i was talking if its possible to use members of group14:12
pjm6instead of roles14:12
pjm6in permissions14:12
pjm6http://docs.openstack.org/developer/horizon/ref/horizon.html#horizon.Panel.permissions14:12
evrardjpwho called me?14:12
evrardjp:D14:12
evrardjpoh14:13
evrardjpI didn't develop with groups14:13
evrardjpbut I don't see why it would be different14:14
*** Mudpuppy has joined #openstack-ansible14:14
evrardjpI guess you should have something that maps your groups to a permission, keystone will take care of that14:15
*** schwicht has joined #openstack-ansible14:16
odyssey4melbragstad more comments based on the gate results: https://review.openstack.org/30359214:16
pjm6evrardjp: what I do was creating a group14:16
pjm6and then14:16
pjm6in pemrissions have something like this14:17
pjm6openstack.groups.mygroup14:17
odyssey4meyou may have to map a role to a user group, then the policy can have the roles referenced?14:17
odyssey4mebut there may be a simpler way of dealing with that, not sure14:17
cloudnullwelcome back michaelgugino14:17
michaelguginoty14:17
evrardjpodyssey4me I think thats the way of doing it14:17
odyssey4meI'm not sure if policies can reference groups, but they definitely can reference roles.14:18
*** shausy has quit IRC14:18
pjm6hmm but to map role to user group14:18
pjm6I have to map with a project, right?14:18
odyssey4mepjm6 nope, as far as I recall any user can map to any role - I think you may have to map the role to either a domain or a project14:19
openstackgerritMerged openstack/openstack-ansible-os_cinder: Updated role using Multi-Distro framework  https://review.openstack.org/29960314:19
odyssey4mesomehow the role has to map to a domain, but it's been a very long time since I went digging into that14:19
cloudnullmichaelgugino: RE: ovs -- https://review.openstack.org/#/c/302941/ <-- thats a spec for PowerVM as a compute option, they're going to need access to OVS for their bits to work at present we might want to reach out to those folks -- I mentioned that in the review.14:19
cloudnullodyssey4me: maybe we can add the spec writers as reviewers14:19
pjm6ohh domain.. didn't see that14:19
lbragstadodyssey4me awesome, thanks again14:19
pjm6but  to a project do14:20
cloudnullthey might be able to provide some thoughts on the current impl too14:20
* lbragstad board the struggle bus with 30359214:20
pjm6but domain is used14:20
odyssey4mecloudnull oh, good idea to add the spec writers to related reviews14:20
pjm6when we want to contact an external entitiy?14:20
*** spotz_zzz is now known as spotz14:20
odyssey4mepjm6 all users must be in a domain of some sort14:21
openstackgerritMarc Gariépy proposed openstack/openstack-ansible: Fix configuration string for haproxy  https://review.openstack.org/30415714:21
odyssey4methe Default domain is currently a default and is typically recommended to be used for services14:21
openstackgerritLance Bragstad proposed openstack/openstack-ansible-os_keystone: Use ansible facts for distributing SSL certs/keys  https://review.openstack.org/30359214:21
pjm6so if I want to specify for instance some users to use the dashboard, I could use a domain14:22
pjm6and then use14:22
pjm6openstack.domain.users_using_dashboard?*14:22
pjm6I was trying to digging http://docs.openstack.org/developer/horizon/ref/horizon.html#horizon.Panel.can_register but even if I put in the class return False, the panel appears14:22
evrardjppjm6 I think what you're trying to achieve is fairly recent, and you should try to speak with horizon team14:23
pjm6evrardjp: yes already asked question there14:24
evrardjpgroups didn't exist before, and the only way to map users to permissions was tenants14:24
pjm6yeah, that's my problem :\14:24
evrardjpnow domains support can help scoping this14:24
evrardjpbut real RBAC was on the plan for keystone team and horizon team14:25
evrardjpdon't know the current status 'though14:25
pjm6well that helps :) thanks evrardjp14:25
pjm6what I do (but it's wrong)14:26
evrardjpis there a reason to not use projects?14:26
odyssey4meerm, when I see patches like this I begin to wonder how haproxy ever worked for us: https://review.openstack.org/30415714:26
pjm6is to see if the user don't have permissions14:26
pjm6change the view zone14:26
pjm6yes evrardjp14:26
pjm6the users that could access that dashboard is indenpent of project14:26
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-repo_build: Adjusting dependency to supply required var  https://review.openstack.org/30416214:27
evrardjpwhat is your authentication method?14:28
evrardjpdoing everything standard keystone?14:28
pjm6yes14:29
openstackgerritMerged openstack/openstack-ansible-os_neutron: Fix neutron lbaasv2 upstart init scrtipt placement  https://review.openstack.org/30414314:29
pjm6Well idk if this is a good solution14:29
evrardjpand the users are dyamic right14:29
evrardjpdynamic14:29
evrardjpI mean it can change all the time14:29
evrardjpelse you could do it in an ugly manner with django14:30
pjm6http://docs.openstack.org/developer/horizon/sourcecode/horizon/horizon.base.html#horizon.base.HorizonComponent.can_access => i'm using can_access14:30
pjm6the users changing14:30
pjm6is like changing username or something?14:30
pjm6So my solution is, the panel that I want for some users to access (in a separate database)14:31
pjm6I use14:31
pjm6def can_access(self, context):14:31
pjm6and then return True (to acess) and False to deny14:31
pjm6works but don't know if its the best way14:31
michaelguginocloudnull: I have read that powervm review.  I don't see anything that would conflict, seems they just need an OVS driver14:32
pjm6evrardjp: so in keystone/horizon way its not really sure how things work, right?14:33
*** jayc has quit IRC14:34
*** schwicht has quit IRC14:34
*** schwicht has joined #openstack-ansible14:34
*** tiagogomes has quit IRC14:35
*** tiagogomes has joined #openstack-ansible14:35
odyssey4mejmccrory FYI mancdaz has been digging into the Galera restart issue14:36
evrardjppjm6 not sure what you mean here14:37
pjm6using members of group for permissions using keystone is not possible right know, because is being developed?14:38
evrardjppossibly14:39
odyssey4meautomagically FYI https://review.openstack.org/304143 is correct in Liberty somehow14:39
evrardjpI was away for quite a long time so I think the best guys to help you on this are the horizon ones14:39
odyssey4mepjm6 yeah, with advanced features like that your best bet will be to try and connect with the Horizon guys in #openstack-horizon14:39
odyssey4megenerally they're better placed to help you with cusomtisations of the interface, permissions, panels, etc14:40
pjm6sure, thanks odyssey4me evrardjp =)14:40
pjm6btw: for know i'm using the can_access method but with that I can't access to the user that are authenticated14:40
pjm6but maybe could be useful in the future :)14:41
evrardjpsorry I couldn't help you better14:42
pjm6don't need for sorry, I thank you guys for helping :D14:43
pjm6anyway when I found a solution I tell :D14:43
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: Update ironic.conf for swift and keystone compat  https://review.openstack.org/30171214:46
*** Ger-chervyak has quit IRC14:58
*** mgoddard_ has joined #openstack-ansible15:01
*** woodard has quit IRC15:01
*** fawadkhaliq has joined #openstack-ansible15:01
*** galstrom_zzz is now known as galstrom15:01
*** mgoddard has quit IRC15:04
*** neilus has quit IRC15:06
*** javeriak has quit IRC15:11
pjm6evrardjp: odyssey4me: problem solved :) with the help of a user from openstack-horizon15:11
pjm6what I was using15:11
pjm6def allowed(self, context):15:12
pjm6        return get_user_status(context['request'].user.id).status15:12
pjm6in the panel15:12
pjm6instead of self.request.user.id, use context['request'].user.id15:12
pjm6so in this way its possible to manipulate access of a panel with custom permissions :)15:12
*** Brew has joined #openstack-ansible15:13
*** openstackgerrit has quit IRC15:18
*** openstackgerrit has joined #openstack-ansible15:18
*** fawadkhaliq has quit IRC15:18
*** schwicht has quit IRC15:19
*** thorst has joined #openstack-ansible15:20
*** fawadkhaliq has joined #openstack-ansible15:21
evrardjppjm6 interesting15:22
evrardjpI'd be happy to know more about how you'll add the permissions though15:22
evrardjpget15:23
evrardjpnevermind15:23
*** thorst has quit IRC15:25
pjm6evrardjp: I used that function15:31
pjm6that will return the user status, if True, Panel with appear to user, if False not :D15:31
pjm6(idk if its best solution :\ )15:31
odyssey4meautomagically jmccrory logan- I don't know if you guys have some time to work on this, but it may be useful to you. In a test environment with ~120 compute nodes with many instances/networks we found that using these settings took API return time from ~35 secs down to ~6 secs: https://github.com/openstack/openstack-ansible-os_nova/blob/master/defaults/main.yml#L69-L9115:37
*** sanjay__u has joined #openstack-ansible15:37
odyssey4meI'd like us to try and figure out some sort of resource-based determined formulae to make those settings scale automatically.15:37
odyssey4meie based on the number of CPU's or the amount of RAM, figure out an appropriate default that makes sense15:38
automagicallyWow, that’s good to know15:38
automagicallyDo you know if you were more messaging bound, than db bound15:38
odyssey4meautomagically unfortunately this was done as a quick fix to give access to the environment for other testing, so we'll only be able to look deeper once that testing is done and if we still have access to the resources15:39
*** admin0 has quit IRC15:39
odyssey4meI'm posting this here in the hope that perhaps we can all dig into it in some time to figure out better defaults and to post reviews to do implement them15:40
*** jayc has joined #openstack-ansible15:40
odyssey4meoops - I posted the wrong link - these are the settings: https://github.com/rcbops/rpc-openstack/blob/master/rpcd/etc/openstack_deploy/user_variables.yml#L16-L3715:40
odyssey4meI'm not fond of hard settings the var values as it will negatively affect dev/test/AIO environments. I'd prefer something that scales automatically.15:41
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-os_zaqar: Adding role convergence test  https://review.openstack.org/29891615:47
*** fawadkhaliq has quit IRC15:47
*** weezS has joined #openstack-ansible15:52
michaelguginoI'm not certain having the variables scaled on some amount is a great solution.  Where I've seen that elsewhere, it's really ugly and not at all obvious how an end user should modify the value.15:55
michaelguginoI prefer something like the mysql approach, where they offer various config files out of the box; ie small, med, large.15:56
*** thorst has joined #openstack-ansible15:56
odyssey4memichaelgugino sure, maybe a small/medium/large set of options will work - but I'm not suggesting replacing the exiting override vars15:58
*** schwicht has joined #openstack-ansible15:58
odyssey4meso the vars are always available to override to a deployers content15:58
*** mikelk has quit IRC15:58
odyssey4mealso, if it's a small/medium/large then it's pretty easy to implement a formula for a default15:59
odyssey4mewe just need ot figure out the pertinent scaling vars15:59
openstackgerritMatt Thompson proposed openstack/openstack-ansible-security: [WIP] Unattended upgrades  https://review.openstack.org/30409616:01
*** jayc has quit IRC16:07
*** deadnull has quit IRC16:08
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-os_zaqar: Adding role convergence test  https://review.openstack.org/29891616:09
*** fishcried has quit IRC16:09
*** openstackstatus has joined #openstack-ansible16:09
*** ChanServ sets mode: +v openstackstatus16:09
*** fishcried1 has joined #openstack-ansible16:09
openstackgerritHector I Gonzalez Mendoza proposed openstack/openstack-ansible-os_barbican: Updated role using the Multi-Distro framework  https://review.openstack.org/30420916:11
*** fishcried1 is now known as fishcried16:12
cloudnullodyssey4me:  ping16:15
cloudnullhttps://github.com/openstack/openstack-ansible-ironic/blob/master/tests/test-rest-api.yml16:15
cloudnullthat set of tests is broken16:15
*** fawadkhaliq has joined #openstack-ansible16:16
cloudnullits testing the API however providing no creds16:16
cloudnullso all the returns are 40116:16
*** fawadkhaliq has quit IRC16:16
cloudnullmaybe it works in ironic standalone mode but with the addition of keystone in the those tests can not work.16:17
cloudnullso should I remove the tests?16:17
-openstackstatus- NOTICE: Reminder, Gerrit will be offline from 20:00 to 21:00 UTC for a server replacement http://lists.openstack.org/pipermail/openstack-dev/2016-April/091274.html16:17
cloudnullwhich unblocks the couple of dependent patches we have16:18
cloudnullor should i work on fixing them and rebase the deps?16:18
odyssey4mecloudnull it's meant to run against a standalone mode implementation16:18
*** clickboom has quit IRC16:19
cloudnullright but if we add https://github.com/openstack/openstack-ansible-ironic/blob/master/tests/test-install-keystone.yml it no longer works16:19
cloudnulland thats because the auth section in the old config was broken16:19
cloudnullwhich we're fixing here https://review.openstack.org/#/c/301712/17/templates/ironic.conf.j216:20
odyssey4meI've been wondering whether the functional test should perhaps do both a standalone and non-standalone container and validate both, but at this stage I would vote for doing whatever delivers the most value in testing. Perhaps the existing tests should be commented out with a note saying that they will be re-added once a standalone test build is implemented as a functional test?16:20
cloudnullthe "keystone_authtoken" section did nothing before16:20
odyssey4mecloudnull yep, but that was part of my comment - the conf file needs to adapt appropriately based on whether it's standalone or not16:21
odyssey4mewe can't put values there if there's no infra backing it16:21
*** jayc has joined #openstack-ansible16:21
cloudnullDo we want that on our first pass ? IMO proper openstack integration should be our first goal.16:22
cloudnullwhich requires functional keystone16:22
odyssey4meIt may be best to have the functional test implement standalone mode first, then test against it, then implement non-standalone mode and then test again.16:22
odyssey4mefunctional tests with full integration was more of a stretch goal for the role in the first iteration16:23
odyssey4meif it can be done, great, but I don't want to negate the existing work16:23
cloudnullthe issue is wtihout the keystone+swift changes we cant make ironic work in nova16:24
*** metral_zzz is now known as metral16:24
*** schwicht has quit IRC16:27
*** schwicht has joined #openstack-ansible16:28
*** fawadkhaliq has joined #openstack-ansible16:28
*** goretoxo has quit IRC16:31
odyssey4meok, then we may have to ditch the curl-based API tests and use https://review.openstack.org/303104 instead, which uses the CLI and consumes openrc which should provide the same coverage in a more flexible way16:32
odyssey4meideally we need to test both standalone and non-standalone, but if we're stuck for time/resources then perhaps it'd be better to err on the side of making it work for the integrated build and leaving the standalone test as a stretch goal16:33
lbragstadany thoughts as to why https://review.openstack.org/#/c/303592/7/tasks/keystone_ssl_key_create.yml doesn't seem to take the permissions specified in the plays?16:37
hughsaundersBofu2U: would be useful to note the order of galera shutdown16:39
*** Oku_OS is now known as Oku_OS-away16:39
odyssey4melbragstad it is odd - I see that some tasks are quoting th evalue, and some are not - that may be significant? maybe quote them all due to the leading zero so that it doesn't get mistaken for an integer16:41
*** jthorne has quit IRC16:41
lbragstadodyssey4me i'll give that a shot16:42
*** jthorne has joined #openstack-ansible16:42
*** LiftedKilt has joined #openstack-ansible16:42
odyssey4melbragstad it may be key for the test tasks to also ensure that it's evaluating string versus string16:42
lbragstadodyssey4me so - quote it all16:43
*** jthorne has quit IRC16:43
*** jthorne has joined #openstack-ansible16:44
openstackgerritLance Bragstad proposed openstack/openstack-ansible-os_keystone: Use ansible facts for distributing SSL certs/keys  https://review.openstack.org/30359216:44
*** elgertam has joined #openstack-ansible16:46
openstackgerritMerged openstack/openstack-ansible: Add convenience links for install workflow doc  https://review.openstack.org/30333016:48
*** weezS has quit IRC16:48
*** fawadkhaliq has quit IRC16:48
*** fawadkhaliq has joined #openstack-ansible16:49
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: Update ironic.conf for swift and keystone compat  https://review.openstack.org/30171216:52
*** javeriak has joined #openstack-ansible16:52
*** admin0 has joined #openstack-ansible16:55
*** schwicht has quit IRC16:58
automagicallyodyssey4me: Care to take a quick review of https://review.openstack.org/#/c/298957/ ? Its almost 2 weeks old and has one +2.16:59
cloudnull++17:00
cloudnull^17:00
odyssey4meautomagically hmm... looking17:04
odyssey4me<--- bad at python17:04
odyssey4mebut, if I read this right, it would mean that none of our plays would ever have to make reference to is_metal unless it's specifically using the var?17:04
*** fawadkhaliq has quit IRC17:06
automagicallyodyssey4me: I believe its used elsewhere in other functions, just not within that one17:06
odyssey4meoh I see17:06
odyssey4meso this is simply just removing an option that's never used17:06
stevelledo we have known issues right now?17:06
automagicallyExactly17:06
odyssey4mehow sure are we that this is never used?17:06
odyssey4meie does this affect any env.d files where the variable is changed?17:06
cloudnulltest passed :)17:06
automagicallycloudnull: ++17:07
* cloudnull is a helper17:07
automagicallyBut yes, the AIO and inventory unit tests passed17:07
odyssey4mewell, the test would pass for cinder-volume inside or outside a container - it would just perform poorly and have horrible side-effects in production17:07
automagicallyThe function scope is ~30 lines and only a single caller, so it was easy to see17:07
automagicallyodyssey4me: True dat17:08
odyssey4meI don't have enough understanding of the context in which that's used to make an educated call, and I need to run off to catch a train.17:09
automagicallynp, have a good night17:09
odyssey4memaybe stevelle or jmccrory can take a peek at it?17:09
*** fawadkhaliq has joined #openstack-ansible17:09
*** pjm6 has quit IRC17:09
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible: Fixing idempotency bug hitted while running successive bootstrap aios  https://review.openstack.org/30422717:10
automagicallystevelle and jmccrory https://review.openstack.org/#/c/298957/ if you have a moment. Trying to keep it from sitting out there in the queue for longer than 2 weeks17:10
stevelleautomagically: so the fact that I cannot get an aio to build is blocking me from verifying things17:10
automagicallyFair enough17:10
stevelleI don't understand how we are gating17:10
odyssey4meI'm firing up an AIO while on the train, so I'll bring it in and try it out to validate - just in case no-one else gets there first.17:11
*** schwicht has joined #openstack-ansible17:11
cloudnullstevelle:  whats it failing on ?17:11
automagicallystevelle: You talking about master?17:11
stevellemaster, yes.  bootstrap-aio is laying down a /etc/openstack_deploy/user_conf_files.yml that isn't valid right now17:11
odyssey4mestevelle that's what evrardjp just put a patch in for: https://review.openstack.org/30422717:12
odyssey4mebut you can delete the file and hit the bootstrap again17:12
stevellethis is why I asked about known issues17:12
odyssey4methis wasn't known until 5 mins ago :)17:12
odyssey4meok, lemme relocate17:13
cloudnullah, i wouldve never his that17:13
evrardjp:)17:13
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: Fix idempotency bug in AIO bootstrap  https://review.openstack.org/30422717:14
*** Gayathri has joined #openstack-ansible17:14
odyssey4me^ just a quick commit subject fix :)17:14
*** clickboom has joined #openstack-ansible17:15
GayathriHi guyz.. I m trying to install ceilometer using OSA.. I hav created mongo db and did the configurations in conf.d/ceilometer.yaml..When I install it using os_ceilometer.yaml I did not get any error.. It ran successfully..17:16
*** mgoddard has joined #openstack-ansible17:16
*** mgoddard_ has quit IRC17:17
GayathriFor the verification part, I logged into utility container and gave the command ceilometer meter-list17:17
Gayathriit shows service unavailable(503)17:17
Gayathrino errors in the logs17:17
Gayathriwhats gone wrong?Can anybody help out17:17
cloudnullis this a deployment where you hadn't deployed celiometer before ?17:18
Gayathriyeah17:18
cloudnullmaybe you need to re-execute the haproxy play to ensure the correct conf is in place?17:19
* cloudnull is assuming you have hap17:19
Gayathriyeah.. I have haproxy17:19
GayathriI ran haproxy and installed all the service one by one..when i tried ceilometer m facing this issue17:19
cloudnullcan you login to the ceilo api containers ?17:21
cloudnullis the service running ?17:21
Gayathriyeah17:21
cloudnullanything notable in the logs ?17:21
Gayathriyes the service is running17:21
Gayathriin api container.. i checkd for the logs also.. I din get any error17:21
cloudnulldoes ``curl $CEILO_IP_ADDRESS:8777`` work17:22
Gayathrilet me check and tell you17:22
openstackgerritMichael Gugino proposed openstack/openstack-ansible: Fix missing bool haproxy_use_keepalived  https://review.openstack.org/30423117:23
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: Update ironic.conf for swift and keystone compat  https://review.openstack.org/30171217:24
LiftedKiltare there plans to support lxd in ubuntu server 16.04?17:25
*** pjm6 has joined #openstack-ansible17:25
lbragstadodyssey4me doesn't look like it failed the tests that were introduced in the commit - https://review.openstack.org/#/c/303592/817:29
lbragstadso your suggestion about strings versus ints must have done the trick17:29
cloudnullLiftedKilt: i want to say yes.17:29
cloudnulland a few folks have looked into lxd in the path17:30
cloudnull*past17:30
cloudnull--cc  palendae17:30
cloudnullpersonally i've not played with it in a bit but it'd be neat to have it as an option17:30
cloudnullLiftedKilt: why do you ask ?17:30
cloudnullinterested in working on LXD integration ?17:31
LiftedKiltcloudnull: I need it for our openstack deployment17:31
LiftedKiltI need lxd and I'm reasonably sure that I need calico networks integration as well17:32
cloudnullproject calico is interesting17:33
cloudnullthere are a couple folks using it with OSA currently17:33
cloudnullthough I dont have any documentation on how to make it go at this point.17:33
cloudnulllogan-: didnt you do some calico work ?17:33
LiftedKiltI've got a 1500 node deployment on a layer2 fabric, each running full system openvz containers, managed with homegrown bash scripts. I inherited this nightmare, and want to move to openstack17:33
* cloudnull may be remember things wrong17:33
cloudnullthat does sound like a virtuozzo nightmare17:34
cloudnullwe currently work w/ lxc and have libs in ansible to make all that go.17:34
cloudnullour control plain is lxc containers.17:35
LiftedKiltI started playing with mirantis fuel, but everything was too out of date. Then I looked at juju, but I'm hesitant to trust juju with that many nodes17:35
cloudnulldid you want to do LXD as a hypervisor ?17:35
LiftedKiltcloudnull: yes17:35
cloudnullah, i was going the other way :)17:35
cloudnullLXD integration in nova shouldnt be too hard.17:36
LiftedKiltcloudnull: assuming logan- is the same logan as this, then it looks like he's been working on calico https://github.com/Logan2211/ansible-calico17:36
*** weezS has joined #openstack-ansible17:36
cloudnullpotentially?17:36
LiftedKiltcloudnull: awesome - I wasn't sure, because I'd read something about it being restricted to the ubuntu version of openstack17:36
cloudnullyea i think so . looking at the github account17:37
LiftedKiltsomething about them submitting it and getting rejected17:37
cloudnullyea that happened17:37
cloudnullhttps://linuxcontainers.org/lxd/getting-started-openstack/ -- though you'd likely want to find the source and install from there, instead of deploying their apt package.17:38
*** jayc has quit IRC17:38
cloudnullhttps://github.com/lxc/nova-lxd17:38
LiftedKiltcloudnull: that looks like a great start - thanks so much17:40
LiftedKiltcloudnull: when I watched your talk from the vancouver summit on openstack-ansible and you mentioned that there was great support in the openstack-ansible irc channel I didn't know it meant you would personally be answering questions haha17:41
michaelguginoI've been working with 16.04 for the last week or so.  lxc is going smoothly so far17:41
cloudnulllooks like nova-lxd is a fairly straight forward py app. if you add that repo+sha to https://github.com/openstack/openstack-ansible/blob/master/playbooks/defaults/repo_packages/openstack_services.yml and then set the package using the eggname (nova-lxd) here https://github.com/openstack/openstack-ansible-os_nova/blob/master/defaults/main.yml#L383 it should be fairly close to usable once you get the config bits sorted.17:42
cloudnullhahhaa.17:42
cloudnullwelcome :)17:42
cloudnullmichaelgugino: awesome!17:42
cloudnullhow is their current systemd inplementation ?17:42
*** admin0 has quit IRC17:42
cloudnullim hoping its not all kinds of crazy buggy .17:42
michaelguginoseems to work flawlessly out of the box on 16.04.  I haven't had to do anything to get the containers spun up17:43
cloudnullwas it included for your install?17:43
michaelguginoyes, lxc and lxd are installed in the default server release on 16.0417:43
cloudnulli tested it a bit when i saw this issue https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1563026 -- but have not really dove into 1604 quite yet17:43
openstackLaunchpad bug 1563026 in ubuntu-meta (Ubuntu) "LXC/LXD installed by default on Ubuntu server" [Wishlist,Opinion] - Assigned to Dustin Kirkland  (kirkland)17:43
odyssey4memichaelgugino I expect that you're using Xenial on the host only at this stage, with the container image still being trusty?17:44
*** schwicht has quit IRC17:44
michaelguginono, xenial hosting xenial17:44
cloudnullsweet!17:44
michaelguginorunning lxc_containers_create play works well17:44
*** schwicht has joined #openstack-ansible17:45
michaelguginohttps://github.com/michaelgugino/openstack-ansible-lxc_container_create/commit/6eb6a8dfbe47569d5cf708a7d2ca4c08fb56917717:45
michaelguginothe only issue I have run into is lxc_hosts17:45
cloudnullbecause of the upstart bits, likely ?17:45
michaelguginoI just commented out all the cache stuff.  I plan on baking the host keys into the lxc_container_create script, since RPC is not hosting xenial images17:45
*** TheIntern has joined #openstack-ansible17:46
cloudnullso disk-image-builder can do bare images, i wonder if we might be able to use it to create our base image.17:46
michaelguginoideally, I'd like to see lxc_hosts go away as far as the container cache goes, or at least a massive refactor on how that is done17:46
cloudnullthen we wouldn’t need to rely on some external repo to have a base image available and us munge it about .17:47
cloudnullmichaelgugino: ++17:47
cloudnullits functional now, but I think it could be a lot better.17:47
michaelguginoyeah, it's really painful right now.  lxd ships 'lxc remote' command which lets you connect to an lxd agent seemlessly.  Perhaps we should backport lxc 2.0 to 14.0417:48
odyssey4meoh neat, we can get an experimental job added for Xenial testsing - I'll see if I can get that done tonight17:48
cloudnullthat'd be nice17:49
cloudnullgetting lxc 2.0 in 14.0417:49
odyssey4memichaelgugino yeah, we've been wanting to revamp the container build process for two cycles17:49
odyssey4meit's just never managed to get completely done17:49
michaelguginoif we're going to hit multi-distro / 16.04 in newton, then the container build process has to happen.17:49
*** jayc has joined #openstack-ansible17:50
cloudnulli did a POC role a while back for multi distro container images https://github.com/os-cloud/lxc_image_cache17:50
odyssey4memichaelgugino if you have a gap and inclination, I worked on https://review.openstack.org/272743 to make the build of the image transparent17:50
cloudnullwhich will create an image cache / repo17:50
cloudnullbut never did much with it17:50
odyssey4meand yeah, cloudnull did some extra stuff on top of that a while back17:50
*** Gayathri has quit IRC17:51
michaelguginoI'll check those out17:51
*** admin0 has joined #openstack-ansible17:52
jmccrorymancdaz: were you also seeing issues with galera restarts outside of the role's gate testing?17:53
admin0hello all .. https://review.openstack.org/#/c/303427/  — how do I fix a patch-in-merge-conflict ?17:53
admin0or it is something beyond me and i need to wait ?17:53
*** javeriak has quit IRC17:54
automagicallyadmin0 - Fetch it local with git review -d and rebase it and fix the conflict17:54
automagicallyThen submit your changes17:54
admin0ok17:54
admin0i will do that17:54
admin0and for the other one — https://review.openstack.org/#/c/301922/ which I see +1 +1 and no further followups, is there something more I need to do ?17:55
*** flaviosr has quit IRC17:56
openstackgerritSashi Dahal proposed openstack/openstack-ansible: make hostname,network and ip-address on all examples consistent  https://review.openstack.org/30342717:57
*** flaviosr has joined #openstack-ansible17:57
admin0i did not see anything special .. so did the review/rebase and submitted again17:57
openstackgerritMichael Gugino proposed openstack/openstack-ansible: Fix missing bool haproxy_use_keepalived  https://review.openstack.org/30423117:59
*** alejandrito has joined #openstack-ansible17:59
*** eil397 has joined #openstack-ansible18:04
cloudnulladmin0: nothing to do there. just need to get a couple of folks to review the bits18:09
*** TheIntern has quit IRC18:09
cloudnulli'll add it to my queue, but may be a day or so18:10
logan-cloudnull: yes @ calico18:11
cloudnullhows that going btw18:11
cloudnulli read the other day that calico no longer needs forked services. is that right ?18:11
cloudnullmaybe we can add it into the neutron role for broader inclusion ?18:12
logan-that is correct, as of liberty it is a neutron networking driver18:12
logan-it is going ok.. just fighting with blade switching modules atm holding up launch :(18:12
cloudnullthats awesome !18:12
cloudnullbuu... blades...18:12
logan-i have a liberty branch w/ calico integration here: https://github.com/logan2211/openstack-ansible/tree/liberty-calico18:12
cloudnullLiftedKilt: ^18:12
logan-it is not too hard to do. just a few extra containers needed on the controller for etcd servers18:12
cloudnullawesome!18:13
logan-and some extra python packages18:13
cloudnullI'd be keen on seeing that get into the mainline.18:13
logan-yeah I am hoping to get that done this cycle18:13
cloudnullsweet !18:13
*** tricksters is now known as elopez18:14
*** elopez is now known as eric_lopez18:15
cloudnullthanks for sharing that repo logan- LiftedKilt was talking about calico earlier. so may be of some immediate use .18:15
*** sdake has joined #openstack-ansible18:18
logan-yea was just reading the back log.. LiftedKilt, I think that should be pretty complete for liberty even though there are no commits lately. if you decide to try it let me know if you run into any problems and I'll be happy to help. it could use a rebase.. I'll see if I can get to it soon18:19
openstackgerritSashi Dahal proposed openstack/openstack-ansible: make hostname,network and ip-address on all examples consistent  https://review.openstack.org/30342718:19
*** fawadkhaliq has quit IRC18:20
*** fawadkhaliq has joined #openstack-ansible18:21
LiftedKiltlogan- cloudnull: I'm getting my feet wet on an AIO install on 14.04 with base config just to play with the playbooks and whatnot, and then I will dive into the calico portion. Thanks a lot to both of you guys for all your input. I really appreciate it18:26
cloudnull++ ping w/ questions. have fun18:28
cloudnullLiftedKilt: im assuming youve seen http://docs.openstack.org/developer/openstack-ansible/developer-docs/quickstart-aio.html  ?18:29
LiftedKiltcloudnull: yes - I'm in the midst of the run-playbooks18:30
cloudnullcool18:30
*** admin0 has quit IRC18:30
cloudnulljust make sure :)18:30
LiftedKiltcloudnull: as an odd note, the first time I ran the boostrap-aio.sh script, it wiped the urls from the apt sources.list file18:31
cloudnullhum.18:31
*** jayc_ has joined #openstack-ansible18:31
LiftedKiltI just put them back in manually, but somewhere the script I'm assuming has an option for configuring alternative sources and repleced the sources with null18:32
cloudnullwhen i do AIO work i generally will build vm, clone repo, fire up tmux and then run scripts/gate-check-commit.sh18:32
cloudnullthat script will setup the env like our gate job and i go from there.18:32
*** jayc has quit IRC18:32
cloudnullits quite possible that is the case18:32
LiftedKiltI deployed a clean machine from maas, ssh'd in and started from there18:32
* cloudnull hasnt looked into the aio in a bit18:32
openstackgerritLance Bragstad proposed openstack/openstack-ansible-os_keystone: Use ansible facts for distributing SSL certs/keys  https://review.openstack.org/30359218:32
*** jayc_ is now known as jayc18:33
cloudnullif you have nodes, you can give https://github.com/cloudnull/osa-multi-node-aio a go , which is what i do dev on for the most part.18:33
*** fawadkhaliq has quit IRC18:33
cloudnullits a single node, but builds a 14 node cloud env18:33
cloudnullusing kvm and such18:33
*** fawadkhaliq has joined #openstack-ansible18:34
cloudnullthat said, im getting ahead of myself, its likely best to start out with an AIO and go from there.18:34
LiftedKilt14 nodes on these machines sounds like a terrible idea haha18:34
LiftedKiltcloudnull: they are whitebox 1Us18:34
cloudnullhahahaha18:34
cloudnulloh.18:34
LiftedKilt32gb of ram, gig networking, off the shelf midrange xeon18:34
openstackgerritMerged openstack/openstack-ansible: Removing unneeded is_metal param from user_defined_setup  https://review.openstack.org/29895718:34
LiftedKilt1tb ssd though, so that's something at least18:35
cloudnullSYNNEX?18:35
cloudnullI have a loath / hate relationship with those whiteboxes :)18:35
LiftedKiltno these bad boys are built in house18:36
cloudnullthat sounds like a good time18:37
LiftedKiltmanagement found some discount imported 1U chassis company, and we buy atx boards and components in bulk and assemble ourselves18:37
LiftedKiltyeah it's a blast18:37
LiftedKiltwelcome to Liferay haha18:38
cloudnullim sure its a good time -- rackin' servers can be relaxing ;)18:38
*** rohanp has joined #openstack-ansible18:38
palendaecloudnull: I haven't actually looked in depth at LXD18:39
*** admin0 has joined #openstack-ansible18:40
*** admin0 has quit IRC18:40
openstackgerritMerged openstack/openstack-ansible-repo_build: update repo-build for ansible 2.1 compat  https://review.openstack.org/29968918:46
cloudnullone more ansible 2.x compat change and we're good to go w/ 2.1. at this point https://review.openstack.org/#/c/299685/18:48
*** admin0 has joined #openstack-ansible18:55
openstackgerritHector I Gonzalez Mendoza proposed openstack/openstack-ansible-os_designate: Updated role using the Multi-Distro framework  https://review.openstack.org/30429118:56
spotzOk when were you guys going to tell me I was moderating a session?:)18:56
lbragstadcloudnull finally got a pass https://review.openstack.org/#/c/303592/918:56
lbragstadhttps://media.giphy.com/media/5wWf7Hh2za2PyRZuDtu/giphy.gif18:56
admin0question: https://review.openstack.org/#/c/303427/ — can I now add other pages ( all pages ) making the hostname and ip consistent ( into this same review ) .. or wait for this to get merged and then do the othe rone ?18:57
admin0*other ones18:58
openstackgerritMerged openstack/openstack-ansible: Remove local swift ring directory check  https://review.openstack.org/28084418:58
automagicallyNice work lbragstad18:59
lbragstadautomagically o/19:00
*** agireud has quit IRC19:00
*** yarkot_ has joined #openstack-ansible19:00
*** schwicht_ has joined #openstack-ansible19:01
*** schwicht has quit IRC19:01
*** agireud has joined #openstack-ansible19:01
cloudnulllbragstad: awesome!19:03
lbragstadcloudnull automagically thanks for the reviews!19:04
cloudnulladmin0:  you can do all of them , do them as separate commits making them be dependent on one another19:04
admin0and later squash them ?19:05
LiftedKiltd34dp@@l19:05
admin0you know, i went into this wierd thing when i tried to do that19:05
admin0wrong paste window LiftedKilt19:05
admin0now you know your bank pass :D19:05
LiftedKiltnah - I justwanted you guys to feel free to hop into my lab haha19:05
*** clickboom has quit IRC19:06
LiftedKiltadmin0: I do that at least once a week - thinking that I'm logging into my dev vm19:07
*** Brew has quit IRC19:10
*** Brew has joined #openstack-ansible19:10
*** clickboom has joined #openstack-ansible19:15
*** schwicht_ has quit IRC19:17
*** schwicht has joined #openstack-ansible19:19
openstackgerritMerged openstack/openstack-ansible-os_keystone: Use ansible facts for distributing SSL certs/keys  https://review.openstack.org/30359219:22
*** falanx has joined #openstack-ansible19:22
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: Update ironic.conf for swift and keystone compat  https://review.openstack.org/30171219:24
*** michaelgugino has quit IRC19:24
cloudnullLiftedKilt: i thought you we're trying to ping d34dh0r53 :)19:25
*** sanjay__u has quit IRC19:29
LiftedKiltcloudnull: I mean yeah... that's totally what I meant to do19:32
*** schwicht has quit IRC19:34
*** schwicht has joined #openstack-ansible19:35
*** pjm6 has quit IRC19:35
cloudnullodyssey4me:  https://review.openstack.org/#/c/301712/ fixed the broken tests. will work in stand alone or integrated mode19:38
*** fawadkhaliq has quit IRC19:39
*** fawadkhaliq has joined #openstack-ansible19:40
*** schwicht_ has joined #openstack-ansible19:41
*** schwicht has quit IRC19:41
-openstackstatus- NOTICE: Gerrit will be offline from 20:00 to 21:00 UTC (starting 10 minutes from now) for a server replacement http://lists.openstack.org/pipermail/openstack-dev/2016-April/091274.html19:49
*** fawadkhaliq has quit IRC19:51
*** fawadkhaliq has joined #openstack-ansible19:51
*** fawadkhaliq has quit IRC19:54
*** fawadkhaliq has joined #openstack-ansible19:55
*** elgertam has quit IRC19:56
openstackgerritFlávio Ramalho proposed openstack/openstack-ansible-os_neutron: Fix missing 'qos' in extension drivers  https://review.openstack.org/30430520:00
*** clickboom has quit IRC20:00
*** automagically has quit IRC20:01
-openstackstatus- NOTICE: Gerrit is offline until 21:00 UTC for a server replacement http://lists.openstack.org/pipermail/openstack-dev/2016-April/091274.html20:04
*** ChanServ changes topic to "Gerrit is offline until 21:00 UTC for a server replacement http://lists.openstack.org/pipermail/openstack-dev/2016-April/091274.html"20:04
*** admin0 has quit IRC20:04
*** openstackgerrit has quit IRC20:05
*** yarkot_ has quit IRC20:09
*** Bjoern_ is now known as BjoernT20:13
*** schwicht has joined #openstack-ansible20:13
*** schwicht_ has quit IRC20:13
*** phalmos has joined #openstack-ansible20:16
*** automagically has joined #openstack-ansible20:18
*** johnmilton has quit IRC20:18
*** schwicht_ has joined #openstack-ansible20:20
*** schwicht has quit IRC20:20
*** openstackgerrit has joined #openstack-ansible20:27
*** alejandrito has quit IRC20:30
*** alejandrito has joined #openstack-ansible20:37
*** openstackgerrit has quit IRC20:41
*** grumpycatt has quit IRC20:43
odyssey4meLiftedKilt the AIO will grab the hosts's sources.list hosts, then rebuild the sources.list with all the required bits.20:44
spotzodyssey4me - being that you're up are there any details for the session you put me down for moderating?:)20:45
odyssey4mespotz haha, I thought you wanted to moderate it?20:46
LiftedKiltodyssey4me: It failed when I ran the run-playbooks and I had to manually put in the archive.ubuntu.com urls20:46
odyssey4meif you'd prefer I can do so - but I thought you'd want to give it a go20:46
spotzI can do it, just need to know what I'm supposed to cover20:47
odyssey4meLiftedKilt the bootstrap-aio process will do it - so if that didn't work then it may have been because the awk that grabs the host didn't work for your host20:47
spotzI only found out cause I was looking for my conflicts. Why are all the good ones on Monday at 11:15? I didn't think I had conflicts until Wednesday20:47
LiftedKiltodyssey4me: ok - it wasn't a big deal either way, just thought I'd mention it20:47
odyssey4meLiftedKilt otherwise look at the customised options in http://docs.openstack.org/developer/openstack-ansible/developer-docs/quickstart-aio.html#building-an-aio20:48
odyssey4methe options are https://github.com/openstack/openstack-ansible/blob/master/tests/roles/bootstrap-host/defaults/main.yml#L99-L10220:48
odyssey4methe awk that picks up the hosts is here: https://github.com/openstack/openstack-ansible/blob/master/tests/roles/bootstrap-host/tasks/install-apt.yml#L29-L3620:48
*** schwicht_ has quit IRC20:51
*** openstackgerrit has joined #openstack-ansible20:55
*** schwicht has joined #openstack-ansible20:56
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-repo_build: Remove global-requirements build from the build process  https://review.openstack.org/30058920:56
odyssey4meautomagically cloudnull ^ that's a rebase after the merge conflict20:57
spotzI think the gerrit web portal is down:(20:57
*** Mudpuppy has quit IRC20:58
stevelle until 21:00 UTC for a server replacement20:58
odyssey4mespotz if possible, I'd like us to discuss any thoughts on having the documentation details done in the roles and to leave the install guide to be a fast path to a generally decent install which leaves many of the defaults in play - so basically the install guide shouldn't cover too many options, whereas the role docs should provide all the options and contain details of how things fit together20:59
*** johnmilton has joined #openstack-ansible20:59
odyssey4mealtnernatively, we can just discuss any thoughts you have on improving the docs generally and how we can cover more of the details in the roles20:59
*** schwicht has quit IRC21:00
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-ironic: updated Ironic role to fix tftp-hpa issues  https://review.openstack.org/30363321:01
*** weshay has quit IRC21:03
*** johnmilton has quit IRC21:03
*** ChanServ changes topic to "Austin Design Summit Schedule: https://goo.gl/WSRblf || Launchpad: https://launchpad.net/openstack-ansible || Weekly Meetings: https://wiki.openstack.org/wiki/Meetings/openstack-ansible || Review Dashboard: https://goo.gl/tTmdgs"21:03
-openstackstatus- NOTICE: Gerrit move maintenance completed successfully; note that DNS has been updated to new IP addresses as indicated in http://lists.openstack.org/pipermail/openstack-dev/2016-April/091274.html21:04
spotzodyssey4me - so ultimately the install guide should be streamlined and then have links to the role docs for more detailed drill down?21:04
odyssey4mespotz that's my suggestion21:05
odyssey4meif possible I'd like you to take a look at that suggestion and see if you can make it work, or have alternative suggestions21:05
mrdaMorning OSA21:05
spotzhey mrda21:05
odyssey4mespotz something like this uniformly applied to all roles is a great start: http://docs.openstack.org/developer/openstack-ansible-os_keystone/21:06
mrdao/21:06
odyssey4mebut I thought that perhaps the way the functional tests are designed to run could be added as additional documentation to illustrate how to use the role21:06
*** weezS has quit IRC21:07
spotzSounds good odyssey4me. It'll definitely be cleaner for people not wanting to do customized installs. I'll plan it out21:07
odyssey4methanks! :)21:07
*** fawadkhaliq has quit IRC21:10
*** fawadkhaliq has joined #openstack-ansible21:10
openstackgerritMerged openstack/openstack-ansible-plugins: Update py_pkgs.py to support ansible v2.1  https://review.openstack.org/29968521:10
*** fawadkhaliq has quit IRC21:11
*** schwicht has joined #openstack-ansible21:11
*** fawadkhaliq has joined #openstack-ansible21:12
*** schwicht has quit IRC21:16
*** eil397 has left #openstack-ansible21:16
*** schwicht has joined #openstack-ansible21:23
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-repo_build: Remove global-requirements build from the build process  https://review.openstack.org/30058921:25
*** fawadkhaliq has quit IRC21:26
*** fawadkhaliq has joined #openstack-ansible21:26
*** schwicht has quit IRC21:28
odyssey4mecloudnull I think you may have done the rename incorrectly in https://review.openstack.org/303633 - and the template task doesn't refer to the template file21:31
*** admin0 has joined #openstack-ansible21:32
*** schwicht has joined #openstack-ansible21:36
odyssey4mejmccrory automagically cloudnull d34dh0r53 stevelle mattt hughsaunders andymccr can we please get another review on https://review.openstack.org/303770 ?21:36
*** schwicht has quit IRC21:40
odyssey4meautomagically stevelle ok, https://review.openstack.org/300589 has been properly rebased now21:42
*** admin0 has quit IRC21:43
*** schwicht has joined #openstack-ansible21:46
*** schwicht has quit IRC21:50
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: updated Ironic role to fix tftp-hpa issues  https://review.openstack.org/30363321:51
odyssey4mecloudnull the template file name is wrong - the actual file name21:52
cloudnullah i see it now21:52
* cloudnull needs better glasses21:53
odyssey4meie execute 'mv templates/tftpf-hpa.j2 templates/tftpfd-hpa.j2' :)21:53
*** schwicht has joined #openstack-ansible21:53
*** b3rnard0 is now known as b3rnard0_away21:54
*** busterswt has quit IRC21:54
*** elgertam has joined #openstack-ansible21:55
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: updated Ironic role to fix tftp-hpa issues  https://review.openstack.org/30363321:56
odyssey4methat looks better :)21:57
cloudnulli went to the school for kids who can't read good21:57
cloudnull:p21:57
*** elgertam has quit IRC22:00
*** Brew has quit IRC22:03
odyssey4mecloudnull if you would hazard a guess at where the limits lie in terms of RPC connections, would you think it's limited based on #CPU's or #RAM ?22:09
*** schwicht has quit IRC22:09
*** alejandrito has quit IRC22:11
cloudnullram22:12
odyssey4meand DB connections?22:13
cloudnullram22:13
cloudnull:)22:13
odyssey4meyeah, I'm inclined to agree22:13
cloudnullwe generally use cpu because its easy math and produces round numbers.22:13
cloudnullbut ram is the answer. IMO22:14
openstackgerritAla Raddaoui proposed openstack/openstack-ansible: modify how services are configured in haproxy  https://review.openstack.org/30134322:15
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_aodh: Updated role using the Multi-Distro framework  https://review.openstack.org/29562022:16
*** raddaoui has joined #openstack-ansible22:16
cloudnullraddaoui: ++ great update! -- adding to review q22:17
raddaouithanks cloudnull22:19
*** schwicht has joined #openstack-ansible22:24
*** galstrom is now known as galstrom_zzz22:31
*** phalmos has quit IRC22:32
*** thorst has quit IRC22:33
*** thorst has joined #openstack-ansible22:33
*** markvoelker has quit IRC22:33
*** automagically has quit IRC22:34
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Update ansible to the latest release (v1.9.5-1)  https://review.openstack.org/29683922:34
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Add condition to local IP for overlay net  https://review.openstack.org/27379322:36
*** asettle has joined #openstack-ansible22:36
openstackgerritSteve Lewis (stevelle) proposed openstack/openstack-ansible-os_gnocchi: Enabling bashate and pep8 lint checks  https://review.openstack.org/30432822:37
cloudnullmhayden logan- automagically odyssey4me i'd like to discuss https://review.openstack.org/#/c/277199/22:37
cloudnullif you have a moment22:37
cloudnullthats something I'd like to see in giving us the proper ability to ssl on just about everything22:38
*** thorst has quit IRC22:38
odyssey4meyup, agreed22:38
cloudnullhowever for the purposes of the gate, im inclined to say we only terminate22:38
cloudnullthoughts?22:38
odyssey4mewhat do you mean?22:39
cloudnullterminate at the lb only22:39
odyssey4meI would suggest that we only setup the public interface with https, terminated on the LB.22:39
odyssey4mewe should leave the internals without HTTPS22:39
odyssey4meinternal/admin22:39
cloudnullright now we have https://review.openstack.org/#/c/277199/19/playbooks/inventory/group_vars/hosts.yml22:39
cloudnullwhich enables it for all the things22:39
cloudnullso im saying set that to false generally and enable it for public termination only22:40
logan-i think that just turns on the handler right?22:40
cloudnulli guess odyssey4me and i are saying the same thing :)22:40
logan-the haproxy settings actually control the ssl on/off switches22:40
cloudnullyes22:40
odyssey4meyeah, I agree - just public22:40
cloudnullkk.22:40
odyssey4mewe do need to understand whether internal SSL termination is important and whether we should cater for it too22:40
logan-but yea public only is what i'm doing--and i'd imagine most do the same22:41
cloudnullso then im going to write that up in reno, rebase the patch, and go from there22:41
odyssey4meie SSL to the LB, then SSL from the LB to Keystone (for instance) - mhayden is that a requirement ?22:41
odyssey4meif it's not a requirement, then we can strip some of the internal logic out of it - we're doing quite a bit of funky stuff to cater for that with keystone22:42
cloudnulli also need to back this out https://review.openstack.org/#/c/277199/18/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j222:42
cloudnullso it only effects public22:42
*** spotz is now known as spotz_zzz22:42
odyssey4meyeah, to my knowledge most environments want https on the public endpoints and are happy with not having it on internal endpoints22:43
logan-is the intent to actually get public-only ssl term in the default setup? because theres a lot of haproxy configuration left to do in that review if thats the case22:43
cloudnull++ thats been common in the deployments i've done22:43
odyssey4melogan- it should still be opt-in, but we want to enable it by default in the gate tests22:44
logan-ah22:44
odyssey4meso yeah, if more needs to be done then comments in the review should be added22:44
odyssey4meor patches elsewhere22:44
*** schwicht has quit IRC22:45
*** jthorne has quit IRC22:48
*** ametts has quit IRC22:48
*** thorst has joined #openstack-ansible22:50
*** fawadkhaliq has quit IRC22:51
*** fawadkhaliq has joined #openstack-ansible22:51
odyssey4meI'm out for the night22:51
odyssey4mecheerio all22:52
*** sdake_ has joined #openstack-ansible22:53
*** sdake has quit IRC22:55
*** BjoernT has quit IRC23:02
*** jayc has quit IRC23:06
*** keedya has joined #openstack-ansible23:10
*** weezS has joined #openstack-ansible23:18
*** busterswt has joined #openstack-ansible23:20
openstackgerritMerged openstack/openstack-ansible-ironic: Update min_ansible_version to 1.9  https://review.openstack.org/30403823:22
*** jamielennox|away is now known as jamielennox23:22
*** markvoelker has joined #openstack-ansible23:34
*** markvoelker has quit IRC23:39
*** keedya has quit IRC23:41
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Enable SSL termination for all services  https://review.openstack.org/27719923:44
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ironic: Update ironic.conf for swift and keystone compat  https://review.openstack.org/30171223:45
*** v1k0d3n has quit IRC23:48
*** sdake has joined #openstack-ansible23:52
*** sdake_ has quit IRC23:53
openstackgerritSteve Lewis (stevelle) proposed openstack/openstack-ansible-os_gnocchi: Enable docs task  https://review.openstack.org/30433623:55
*** keedya has joined #openstack-ansible23:56
« Sunday, 2016-04-10 Index Tuesday, 2016-04-12 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!