*** sdake_ has joined #openstack-ansible | 00:02 | |
*** sdake has quit IRC | 00:02 | |
*** thorst has joined #openstack-ansible | 00:03 | |
*** Drago has quit IRC | 00:03 | |
*** Nepoc has quit IRC | 00:06 | |
*** Nepoc has joined #openstack-ansible | 00:07 | |
*** smatzek has joined #openstack-ansible | 00:08 | |
openstackgerrit | kboratynski proposed openstack/openstack-ansible-security: Implemented: V-38548. https://review.openstack.org/324955 | 00:08 |
---|---|---|
openstackgerrit | Jimmy McCrory proposed openstack/openstack-ansible-os_keystone: Remove pip_lock_down dependency https://review.openstack.org/313889 | 00:09 |
*** scarlisle has joined #openstack-ansible | 00:09 | |
*** thorst has quit IRC | 00:09 | |
*** thorst has joined #openstack-ansible | 00:10 | |
kboratynski | palendae: Well, I handled it, but IMHO there are too many steps to create a simple pull-request. | 00:10 |
palendae | kboratynski, I don't disagree | 00:11 |
palendae | It's the general Openstack process, which is clunky | 00:11 |
kboratynski | Well, I will migrate my PRs, I've sent to Github repository. palendae thank you for your help. | 00:12 |
palendae | kboratynski, No proble,m | 00:13 |
openstackgerrit | Jimmy McCrory proposed openstack/openstack-ansible-os_keystone: Remove pip_lock_down dependency https://review.openstack.org/313889 | 00:13 |
openstackgerrit | Jimmy McCrory proposed openstack/openstack-ansible-os_magnum: Remove pip_lock_down dependency https://review.openstack.org/313890 | 00:15 |
*** thorst has quit IRC | 00:15 | |
openstackgerrit | kboratynski proposed openstack/openstack-ansible-security: Implemented: V-38526. https://review.openstack.org/324959 | 00:16 |
openstackgerrit | Jimmy McCrory proposed openstack/openstack-ansible-os_magnum: Remove pip_lock_down dependency https://review.openstack.org/313890 | 00:17 |
*** Iqbal has quit IRC | 00:17 | |
openstackgerrit | kboratynski proposed openstack/openstack-ansible-security: Implemented: V-38524. https://review.openstack.org/324960 | 00:18 |
*** rahuls has quit IRC | 00:20 | |
openstackgerrit | kboratynski proposed openstack/openstack-ansible-security: Implemented: V-38511. https://review.openstack.org/324961 | 00:22 |
*** david-lyle has quit IRC | 00:25 | |
*** david-lyle has joined #openstack-ansible | 00:26 | |
*** david-lyle has quit IRC | 00:30 | |
kboratynski | And according to the: [V-38652] and the others associated with file systems. Do you think, it would be pretty to check fstab as well as currently mounted devices options? | 00:33 |
*** raddaoui has quit IRC | 00:37 | |
*** smatzek has quit IRC | 00:38 | |
*** markvoelker has joined #openstack-ansible | 00:40 | |
*** woodard has quit IRC | 00:44 | |
*** Guest75 has quit IRC | 00:57 | |
openstackgerrit | Kevin Carter (cloudnull) proposed openstack/openstack-ansible: change host_containers group names in inventory https://review.openstack.org/283149 | 00:58 |
*** kylek3h_ has quit IRC | 00:58 | |
openstackgerrit | Merged openstack/openstack-ansible-security: Don't start LSM in check mode https://review.openstack.org/324802 | 00:59 |
*** wadeholler has joined #openstack-ansible | 01:01 | |
openstackgerrit | Merged openstack/openstack-ansible-security: Setting default runlevel/target to non-graphical https://review.openstack.org/321130 | 01:01 |
openstackgerrit | Merged openstack/openstack-ansible-security: Ensure V-38574 works reliably on CentOS https://review.openstack.org/321112 | 01:01 |
*** Qiming has joined #openstack-ansible | 01:02 | |
openstackgerrit | Merged openstack/openstack-ansible-os_nova: Always execute Nova virt type detection https://review.openstack.org/323377 | 01:12 |
*** Mudpuppy has quit IRC | 01:12 | |
*** Mudpuppy has joined #openstack-ansible | 01:13 | |
openstackgerrit | Jimmy McCrory proposed openstack/openstack-ansible-os_gnocchi: Remove pip_lock_down dependency https://review.openstack.org/313886 | 01:16 |
*** Mudpuppy has quit IRC | 01:17 | |
openstackgerrit | Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_neutron: Updated multi-distro setup for isolation https://review.openstack.org/324974 | 01:31 |
openstackgerrit | Steve Lewis (stevelle) proposed openstack/openstack-ansible-os_gnocchi: Adopting the common role documentation pattern https://review.openstack.org/324976 | 01:35 |
*** wadeholler has quit IRC | 01:37 | |
openstackgerrit | Merged openstack/openstack-ansible-os_neutron: Neutron 16.04 support https://review.openstack.org/322249 | 01:39 |
errr | I have a custom dashboard Im trying to add to horizon. Ive done this for another role I made but it required me to modify the os_horizon role to add the dashboard provided by the role I was working on. This time I do not want and cant do it that way. What is the best way to do this? | 01:46 |
*** Qiming has quit IRC | 01:49 | |
openstackgerrit | Merged openstack/openstack-ansible: Revert to test role master branches for Newton-2 development https://review.openstack.org/324773 | 01:49 |
*** Mudpuppy has joined #openstack-ansible | 01:59 | |
openstackgerrit | Merged openstack/openstack-ansible: Update all SHAs for 12.0.15 https://review.openstack.org/324762 | 02:00 |
openstackgerrit | Merged openstack/openstack-ansible: Create symlink for libvirt save directory https://review.openstack.org/324721 | 02:00 |
*** Mudpuppy has quit IRC | 02:04 | |
*** scarlisle has quit IRC | 02:14 | |
*** mummer has quit IRC | 02:17 | |
*** jamesdenton has joined #openstack-ansible | 02:24 | |
*** aslaen has quit IRC | 02:37 | |
*** sacharya has joined #openstack-ansible | 02:37 | |
*** aslaen has joined #openstack-ansible | 02:38 | |
*** smatzek has joined #openstack-ansible | 02:50 | |
*** jamesdenton has quit IRC | 02:53 | |
openstackgerrit | Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_neutron: Updated multi-distro setup for isolation https://review.openstack.org/324974 | 02:55 |
*** smatzek has quit IRC | 02:56 | |
prometheanfire | cloudnull: to | 03:16 |
cloudnull | wat? | 03:16 |
prometheanfire | ta | 03:17 |
prometheanfire | sorry | 03:17 |
prometheanfire | for the other +2 | 03:17 |
*** smatzek has joined #openstack-ansible | 03:23 | |
*** Mudpuppy has joined #openstack-ansible | 03:25 | |
*** yatin has joined #openstack-ansible | 03:30 | |
*** aslaen has quit IRC | 03:36 | |
*** aslaen has joined #openstack-ansible | 03:37 | |
*** jamielennox is now known as jamielennox|away | 03:39 | |
*** smatzek has quit IRC | 03:41 | |
*** markvoelker has quit IRC | 03:44 | |
*** john51 has quit IRC | 03:51 | |
*** john51 has joined #openstack-ansible | 03:53 | |
*** v1k0d3n has quit IRC | 03:54 | |
*** javeriak has joined #openstack-ansible | 04:01 | |
*** javeriak_ has joined #openstack-ansible | 04:04 | |
*** javeriak has quit IRC | 04:05 | |
*** automagically has quit IRC | 04:12 | |
*** automagically has joined #openstack-ansible | 04:14 | |
*** sguduru has joined #openstack-ansible | 04:14 | |
*** v1k0d3n has joined #openstack-ansible | 04:24 | |
*** markvoelker has joined #openstack-ansible | 04:44 | |
*** markvoelker has quit IRC | 04:49 | |
*** aslaen has quit IRC | 04:50 | |
*** sguduru has quit IRC | 04:51 | |
*** hybridpollo has quit IRC | 05:01 | |
*** chhavi has joined #openstack-ansible | 05:15 | |
*** johnmilton has quit IRC | 05:26 | |
*** yatin has quit IRC | 05:35 | |
openstackgerrit | Kevin Carter (cloudnull) proposed openstack/openstack-ansible-lxc_hosts: Update the version of LXC for centos7 https://review.openstack.org/325052 | 05:44 |
openstackgerrit | Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_keystone: Implement CentOS 7 support in os_keystone https://review.openstack.org/320216 | 05:45 |
*** Nepoc has quit IRC | 05:47 | |
*** Nepoc has joined #openstack-ansible | 05:47 | |
*** yatin has joined #openstack-ansible | 06:05 | |
*** yatin has joined #openstack-ansible | 06:05 | |
*** Iqbal has joined #openstack-ansible | 06:06 | |
*** openstackgerrit has quit IRC | 06:17 | |
*** openstackgerrit has joined #openstack-ansible | 06:18 | |
*** Mudpuppy has quit IRC | 06:27 | |
*** Mudpuppy has joined #openstack-ansible | 06:27 | |
*** Mudpuppy has quit IRC | 06:32 | |
*** markvoelker has joined #openstack-ansible | 06:45 | |
*** yatin has quit IRC | 06:46 | |
*** yatin has joined #openstack-ansible | 06:48 | |
*** markvoelker has quit IRC | 06:58 | |
*** openstackgerrit has quit IRC | 07:03 | |
*** openstackgerrit has joined #openstack-ansible | 07:03 | |
openstackgerrit | Merged openstack/openstack-ansible-os_nova: UCA support for nova compute https://review.openstack.org/322851 | 07:06 |
*** sacharya has quit IRC | 07:07 | |
*** mikelk has joined #openstack-ansible | 07:15 | |
*** bsv has joined #openstack-ansible | 07:23 | |
*** javeriak_ has quit IRC | 07:31 | |
*** saneax_AFK is now known as saneax | 07:36 | |
*** karimb has joined #openstack-ansible | 07:42 | |
*** yatin has quit IRC | 07:46 | |
*** javeriak has joined #openstack-ansible | 07:49 | |
*** b3rnard0 has quit IRC | 07:58 | |
*** sdake_ has quit IRC | 08:03 | |
*** sacharya has joined #openstack-ansible | 08:08 | |
*** permalac has joined #openstack-ansible | 08:08 | |
*** sacharya has quit IRC | 08:13 | |
*** jwitko has quit IRC | 08:23 | |
pjm6 | good morning all | 08:24 |
*** oneswig has joined #openstack-ansible | 08:25 | |
*** javeriak has quit IRC | 08:25 | |
bsv | pjm6: moinmoin :) | 08:28 |
pjm6 | bsv, o/ | 08:28 |
bsv | o7 | 08:29 |
bsv | been working on a single problem the last 3 days, im about to jump out the window >.< | 08:30 |
pjm6 | its possible to change a compute node dead to a new node, using same ip address? | 08:30 |
pjm6 | bsv, what are you working with? | 08:30 |
bsv | pjm6: think you will have a lot of metadata issues (and all your logs will mix up). | 08:31 |
pjm6 | bsv, it was a clean install, i only deployed | 08:32 |
pjm6 | didn't create anything | 08:32 |
pjm6 | still same problem? | 08:32 |
bsv | hmm, only a test will show :) | 08:32 |
pjm6 | or maybe will reset all | 08:34 |
pjm6 | lxc destroy and recreate everything :D | 08:34 |
bsv | i've been trying to make designate-dns create autogenerated records at instance launch. It worked, then did a complete reset of the environment, now... im not getting any events in the designate-sink when events are fired. Going insane. | 08:36 |
*** phschwartz_ has joined #openstack-ansible | 08:36 | |
pjm6 | you're making a custom dns? | 08:36 |
bsv | Same playbook, same files.... | 08:36 |
pjm6 | and same branch? | 08:36 |
bsv | I ported the designate-dns ansible-playbooks to use OpenBSD as auth. DNS servers. But the issue is somewhere between nova-compute and the designate-sink service. | 08:37 |
bsv | mitaka all the way. | 08:37 |
*** ggillies_ has joined #openstack-ansible | 08:37 | |
*** sonus_ has joined #openstack-ansible | 08:38 | |
bsv | designate is working fine beside the auto-generation issue. | 08:38 |
*** rackertom has quit IRC | 08:39 | |
*** phschwartz has quit IRC | 08:39 | |
*** sonus has quit IRC | 08:39 | |
*** zhangjn has quit IRC | 08:39 | |
*** ggillies has quit IRC | 08:39 | |
*** zhangjn has joined #openstack-ansible | 08:39 | |
pjm6 | thats strange :o | 08:40 |
bsv | very | 08:40 |
*** rackertom has joined #openstack-ansible | 08:41 | |
pjm6 | btw: the designate allows user to attribute DNS entries to their machiens? | 08:41 |
bsv | yes, complete DNS management. Also latest development allows you to automate stuff via Neutron. | 08:42 |
pjm6 | seems interesting :D | 08:42 |
bsv | two parts, the core dns infrastrucure and then you have the integration with nova/neutron to automate stuff. | 08:43 |
bsv | You dont need that last part, but nice to have in larger setups | 08:43 |
pjm6 | btw bsv do you know if its possible to delegate our primary DNS | 08:44 |
pjm6 | to secondary subdomains (associated with openstack?) | 08:44 |
pjm6 | like | 08:44 |
pjm6 | acme.com | 08:44 |
pjm6 | and | 08:44 |
pjm6 | *.cloud.acme.com | 08:44 |
pjm6 | be generated by the designate | 08:44 |
bsv | yes | 08:44 |
bsv | you can do that | 08:44 |
bsv | That is what i'm doing. | 08:45 |
bsv | so every instance spawned will have an A-record like $instance-id.cloud.acme.com | 08:46 |
pjm6 | nice :D | 08:47 |
pjm6 | are you using some guide ? | 08:47 |
bsv | partial | 08:49 |
bsv | documentaion + old ansible playbook + irc + more documentation = New playbook :) | 08:50 |
pjm6 | ahah :D will have look at it when have time, thats a plus to have, definitely :D | 08:50 |
pjm6 | btw: do you know where rabbitmq vhosts are created? | 08:51 |
bsv | be warned, only use documentation from the official domain. Config variables have changed, and only the official repo reflect that. | 08:51 |
bsv | so copy/paste from old example will most likely not work. | 08:52 |
pjm6 | thanks bsv :) | 08:56 |
bsv | np :) | 08:57 |
*** zhangjn has quit IRC | 09:01 | |
*** yatin has joined #openstack-ansible | 09:01 | |
*** zhangjn has joined #openstack-ansible | 09:03 | |
*** yatin has quit IRC | 09:06 | |
*** b3rnard0 has joined #openstack-ansible | 09:19 | |
*** woodard has joined #openstack-ansible | 09:35 | |
-openstackstatus- NOTICE: CI is experiencing issues with test logs, all jobs are currently UNSTABLE as a result. No need to recheck until this is fixed! Thanks for your patience. | 09:36 | |
*** woodard has quit IRC | 09:41 | |
*** yatin has joined #openstack-ansible | 09:43 | |
*** pcaruana has joined #openstack-ansible | 09:44 | |
*** johnmilton has joined #openstack-ansible | 09:53 | |
*** johnmilton has quit IRC | 09:57 | |
*** logan_ has joined #openstack-ansible | 09:57 | |
*** logan_ is now known as Guest62971 | 09:58 | |
*** charz_ has joined #openstack-ansible | 09:59 | |
*** logan- has quit IRC | 09:59 | |
*** LanceHaig has quit IRC | 10:00 | |
*** javeriak has joined #openstack-ansible | 10:00 | |
*** yatin has quit IRC | 10:01 | |
*** charz has quit IRC | 10:01 | |
*** lkoranda has quit IRC | 10:01 | |
*** Guest62971 is now known as logan- | 10:01 | |
*** b3rnard0 has quit IRC | 10:02 | |
*** LanceHaig has joined #openstack-ansible | 10:03 | |
*** haasn has quit IRC | 10:06 | |
-openstackstatus- NOTICE: CI is experiencing issues with test logs, all jobs are currently UNSTABLE as a result. No need to recheck until this is fixed! Thanks for your patience. | 10:06 | |
*** ChanServ changes topic to "CI is experiencing issues with test logs, all jobs are currently UNSTABLE as a result. No need to recheck until this is fixed! Thanks for your patience." | 10:06 | |
pjm6 | the rabbitmq vhosts are created in the rabbitmq server or in the individual playbooks? | 10:09 |
pjm6 | i see in the individual playbooks the name of the vhosts, but idk where its created | 10:09 |
pjm6 | w8 | 10:10 |
pjm6 | i think i found it | 10:10 |
pjm6 | forget its the test-install-keystone.yml | 10:10 |
pjm6 | https://github.com/openstack/openstack-ansible-os_nova/blob/b3c05fa39dacc87fa54f79192855a852e2f01263/tests/test-install-keystone.yml#L20-L29 this shouldn't be executed in playbook .yml? | 10:12 |
*** yatin has joined #openstack-ansible | 10:13 | |
*** andymccr_ has joined #openstack-ansible | 10:13 | |
*** haasn has joined #openstack-ansible | 10:15 | |
*** javeriak has quit IRC | 10:16 | |
*** permalac has quit IRC | 10:16 | |
*** dweaver` has quit IRC | 10:16 | |
*** andymccr has quit IRC | 10:16 | |
*** andymccr_ is now known as andymccr | 10:16 | |
*** oneswig has quit IRC | 10:18 | |
*** Trident has quit IRC | 10:24 | |
*** haasn has quit IRC | 10:25 | |
*** smatzek has joined #openstack-ansible | 10:29 | |
*** bsv_ has joined #openstack-ansible | 10:32 | |
*** haasn has joined #openstack-ansible | 10:34 | |
*** bsv is now known as Guest525 | 10:34 | |
*** bsv_ is now known as bsv | 10:35 | |
*** Guest525 has quit IRC | 10:35 | |
*** Trident has joined #openstack-ansible | 10:43 | |
*** b3rnard0 has joined #openstack-ansible | 10:44 | |
*** yatin has quit IRC | 10:45 | |
*** permalac has joined #openstack-ansible | 10:45 | |
*** dweaver` has joined #openstack-ansible | 10:49 | |
*** orwell.freenode.net changes topic to "Launchpad: https://launchpad.net/openstack-ansible || Weekly Meetings: https://wiki.openstack.org/wiki/Meetings/openstack-ansible || Review Dashboard: https://goo.gl/tTmdgs" | 10:49 | |
*** yatin has joined #openstack-ansible | 10:51 | |
*** lkoranda has joined #openstack-ansible | 10:53 | |
*** markvoelker has joined #openstack-ansible | 10:55 | |
*** markvoelker has quit IRC | 11:00 | |
*** yatin has quit IRC | 11:03 | |
*** javeriak has joined #openstack-ansible | 11:04 | |
*** yatin has joined #openstack-ansible | 11:07 | |
*** karimb has quit IRC | 11:08 | |
*** yatin has quit IRC | 11:12 | |
*** oneswig has joined #openstack-ansible | 11:19 | |
*** oneswig has quit IRC | 11:24 | |
*** johnmilton has joined #openstack-ansible | 11:29 | |
-openstackstatus- NOTICE: CI is experiencing issues with test logs, all jobs are currently UNSTABLE as a result. No need to recheck until this is fixed! Thanks for your patience. | 11:39 | |
*** ChanServ changes topic to "CI is experiencing issues with test logs, all jobs are currently UNSTABLE as a result. No need to recheck until this is fixed! Thanks for your patience." | 11:39 | |
*** pcaruana has quit IRC | 11:45 | |
smatzek | I'm experiencing a race condition with cinder volume type creation when using ceph. LP 1588777. Does anyone have good suggestions on how to avoid the race condition while also avoiding creating multiple Cinder volume types for the same Ceph cluster? | 11:47 |
openstack | Launchpad bug 1588777 in openstack-ansible "Cinder volume type creation race condition failure" [Undecided,New] https://launchpad.net/bugs/1588777 - Assigned to Samuel Matzek (smatzek) | 11:47 |
*** thorst has joined #openstack-ansible | 11:50 | |
*** thorst has quit IRC | 11:50 | |
*** thorst has joined #openstack-ansible | 11:50 | |
*** psilvad has joined #openstack-ansible | 12:03 | |
*** woodard has joined #openstack-ansible | 12:08 | |
*** woodard has quit IRC | 12:09 | |
odyssey4me | o/ | 12:09 |
*** woodard has joined #openstack-ansible | 12:09 | |
odyssey4me | pjm6 the db and rabbitmq stuff is now done in the playbooks so that the roles are independent | 12:09 |
*** sacharya has joined #openstack-ansible | 12:10 | |
*** markvoelker has joined #openstack-ansible | 12:11 | |
mhayden | buenos dias | 12:11 |
*** sacharya has quit IRC | 12:15 | |
*** markvoelker has quit IRC | 12:15 | |
*** markvoelker has joined #openstack-ansible | 12:16 | |
*** oneswig has joined #openstack-ansible | 12:21 | |
*** oneswig has quit IRC | 12:25 | |
*** pester has joined #openstack-ansible | 12:26 | |
*** Mudpuppy has joined #openstack-ansible | 12:28 | |
*** kylek3h has joined #openstack-ansible | 12:29 | |
*** fxpester has quit IRC | 12:30 | |
*** saneax is now known as saneax_AFK | 12:31 | |
*** deadnull_ has joined #openstack-ansible | 12:34 | |
javeriak | hey folks | 12:34 |
javeriak | ive got a issue and it just wont go away :( | 12:35 |
javeriak | TASK: [os_nova | Get package from git check] ...... stderr: fatal: repository 'http://2.1.1.226:8181/openstackgit/spice-html5/' not found | 12:35 |
javeriak | it works fine for my the other two conatiners, and i even tried cloning from upstream git and checking out the tag it looks for, but it still gets stuck on that | 12:36 |
*** Guest75 has joined #openstack-ansible | 12:38 | |
openstackgerrit | Jesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: Add release file prep script https://review.openstack.org/324736 | 12:39 |
automagically | morning all | 12:47 |
*** sdake has joined #openstack-ansible | 12:49 | |
evrardjp | hey automagically | 12:50 |
automagically | o/ evrardjp | 12:51 |
odyssey4me | javeriak hi there! that's odd - can you confirm that the host/container in question is able to reach the LB, and that all the repo containers have all the same data? | 12:51 |
evrardjp | thanks for the explanation about rechecks odyssey4me. It's not bad to explain why the recheck happened 'though. | 12:51 |
gregfaust | good morning everyone :) | 12:52 |
odyssey4me | evrardjp sure - just clarifying... your second attempt worked only because you used 'recheck' | 12:52 |
odyssey4me | for the experimental pipeline it would always be 'check experimental' - the starting word 'recheck' kicks of the check pipeline only | 12:53 |
evrardjp | yes, I'm also using this to learn myself without bothering ppl with stupid questions :p | 12:53 |
odyssey4me | evrardjp loads of people don't understand how this stuff works throughout openstack | 12:53 |
javeriak | odyssey4me hey; yep i cloned directly from the LB source and that works; how do i check if the repo conatiners have the same data? | 12:53 |
odyssey4me | gregfaust o/ | 12:53 |
evrardjp | how do I know if I'm in the experimental pipeline for the repo? | 12:53 |
javeriak | odyssey4me how about i just turn two of them off in haproxy.... | 12:54 |
evrardjp | until I do a check experimental | 12:54 |
evrardjp | or wait for the results | 12:54 |
evrardjp | I should check here? https://github.com/openstack-infra/project-config | 12:55 |
odyssey4me | javeriak you could do that, of course | 12:55 |
odyssey4me | evrardjp the key is here, for example: https://github.com/openstack-infra/project-config/blob/master/zuul/layout.yaml#L8419-L8430 | 12:56 |
javeriak | odyssey4me so this might just be due to a problematic repo backend? but its consistent for me, i.e. this is failing everytime | 12:56 |
odyssey4me | javeriak yeah, it's unlikely but worth checking - I can't recall whether the LB config for that is sticky or not | 12:57 |
javeriak | k leme try | 12:57 |
odyssey4me | evrardjp but, just to complicate things the 'template' items provide some defaults too and you have to know where to find those to see what jobs are part of the template and in which pipeline they are... but basically the zuul layout file has the 'unusual' jobs specified explicitly so it's a good starting point | 12:58 |
evrardjp | I don't understand ATM, how it's made | 12:59 |
evrardjp | so I followed this first : https://github.com/openstack-infra/project-config/blob/master/jenkins/jobs/openstack-ansible-jobs.yaml | 12:59 |
evrardjp | but I have to follow all the things, and this way I'll understand | 12:59 |
evrardjp | I'll read the docs too | 12:59 |
evrardjp | this way I can help better in the future | 12:59 |
odyssey4me | evrardjp openstack-ansible-jobs only applies to the main integrated repo | 13:00 |
odyssey4me | there's another one - ansible-role-jobs.yml - which applies to the roles | 13:00 |
*** psilvad has quit IRC | 13:00 | |
odyssey4me | then there's also https://github.com/openstack-infra/project-config/blob/master/jenkins/jobs/projects.yaml | 13:01 |
evrardjp | ok | 13:01 |
javeriak | odyssey4me yep that fixed it.. this is odd though | 13:01 |
evrardjp | javeriak: haproxy issues? | 13:01 |
evrardjp | want help? | 13:01 |
evrardjp | odyssey4me: I need to put all these notions together | 13:02 |
odyssey4me | jenkins/jobs/{openstack-ansible,ansible-role}-jobs.yaml defines the jobs themselves, jobs/projects.yaml defines which jobs relate to which repositories, and zuul/layout.yaml defines which queues things go into and some other bits which zuul needs | 13:02 |
evrardjp | thanks for the references | 13:02 |
javeriak | evrardjp not exactly haproxy, since the forwarding seemed to happening fine, the repo containers themselves had some issue i think | 13:02 |
evrardjp | I'll bookmark them (because you already gave them in the past) | 13:02 |
odyssey4me | javeriak yeah, check the lsync logs in the primary repo - it may be having trouble synchronising to one of the repo containers | 13:02 |
javeriak | hmm i do see some "rsync warning: some files vanished before they could be transferred (code 24)" | 13:04 |
evrardjp | odyssey4me: that's the most clear explanation I heard for a long time :D | 13:04 |
odyssey4me | evrardjp that's how I understand it - of course I may be completely wrong, but it's enough for me to get by and the project-config admins usually correct my patches when I get it wrong | 13:04 |
odyssey4me | evrardjp there's a bunch of stuff in http://docs.openstack.org/infra/manual/creators.html | 13:05 |
javeriak | btw i upgraded this setup from a previous liberty tag, so it built the repo with a newer tag, maybe that mightve messed something up... | 13:05 |
v1k0d3n | hey evrardjp good morning/afternoon...depending :) | 13:05 |
evrardjp | cool stuff odyssey4me | 13:06 |
v1k0d3n | were you the haproxy "person" that spoke up yesterday? i can't remember. | 13:06 |
*** jiteka has joined #openstack-ansible | 13:06 | |
*** alikins_home has quit IRC | 13:06 | |
evrardjp | afternoon for me | 13:06 |
evrardjp | speak, and I shall help ! | 13:07 |
evrardjp | (or at least try :p) | 13:07 |
v1k0d3n | you are awesome! thank you. | 13:07 |
Guest75 | now my galera controller won't start back up, dammit. | 13:07 |
*** Guest75 is now known as Bofu2MBP | 13:07 | |
v1k0d3n | so couple of things. i reconfigured ha[proxy last night...just to get a feel...etc. | 13:07 |
evrardjp | Guest75 there are docs for bootstraping your galera cluster back on the openstack-ansible docs :D | 13:08 |
evrardjp | v1k0d3n: ok | 13:08 |
evrardjp | single node/multi node/aio? | 13:08 |
v1k0d3n | this is a new deployment, and most of the config params i am getting from someone else, based on what was in their config orig. trying to work through. | 13:08 |
v1k0d3n | so multi... | 13:08 |
*** phschwartz_ is now known as pschwartz | 13:08 | |
v1k0d3n | here's the scoop. | 13:08 |
evrardjp | ok | 13:08 |
odyssey4me | javeriak we changed the way the sync happens at some point to make it shut down the web server while synchronising, and also to persist trying to sync until forever | 13:09 |
v1k0d3n | one sec...looking through config...so i can give examples. | 13:09 |
*** pschwartz is now known as phschwartz | 13:09 | |
v1k0d3n | there are three internal ip's for infra boxes... | 13:09 |
v1k0d3n | .9 - .11 | 13:09 |
evrardjp | ok | 13:09 |
javeriak | odyssey4me i'm probably behind those changes then, this is liberty 12.0.11 | 13:09 |
evrardjp | 3 boxes ? | 13:09 |
evrardjp | or just 3 ips? | 13:09 |
v1k0d3n | for the haproxy LB ip...what do i use? | 13:10 |
odyssey4me | this was to overcome situations where the sync hadn't completed, but the LB was happily dishing out connections to incomplete repositories... and also to cover the situation where a container wasn't completely up in time to receive the sync (resulting in the whole sync process dieing) | 13:10 |
v1k0d3n | 3 servers... | 13:10 |
evrardjp | ok | 13:10 |
evrardjp | it's simple | 13:10 |
v1k0d3n | i can give the other ip's for other externals...but those are the internals. since this spans more than 1 box...i need keepalive, right? | 13:10 |
v1k0d3n | and ka is going to broadcast? | 13:10 |
evrardjp | you want to have one VIP for the 3 servers, and the VIP receives the traffic | 13:10 |
odyssey4me | javeriak so it's possible that you had an issue with connectivity after the update when the sync tried to happen and didn't complete due to an ssh connection failure or something | 13:10 |
openstackgerrit | Alexandra Settle proposed openstack/openstack-ansible-specs: DOCS: Overhaul installation guide https://review.openstack.org/323471 | 13:11 |
evrardjp | v1k0d3n: keepalived is gonna help you... but | 13:11 |
evrardjp | you're gonna need 4 IPs internally, and 4 IPs externally. | 13:12 |
javeriak | odyssey4me but ive run the repo-build a few times since, it should've been able to sync later at some point i think | 13:12 |
evrardjp | (best practice) | 13:12 |
v1k0d3n | so shared across the hosts? | 13:12 |
asettle | odyssey4me: addressed some of your comments inline on the spec. However, your larger question regarding the developer guide/role documentation. I see no reason *not* to split the content. The idea is that it is still all in the same repo, so theoretically it shouldn't cause confusion provided that the appropriate content is in the appropriate place (rather than dumping the pre-existing content into the same place just because it's li | 13:12 |
asettle | ke that now) | 13:12 |
v1k0d3n | yeah, best practice i like :) | 13:12 |
*** berendt has joined #openstack-ansible | 13:12 | |
evrardjp | v1k0d3n: one will be floating around and the three others are assigned 1 per host (these IPs won't float) x2 (internal/external) | 13:13 |
odyssey4me | asettle I'm not sure what the point is of moving content into the dev guide, then again to the role docs. Why not just move it to the role docs immediately? | 13:13 |
*** jiteka has quit IRC | 13:13 | |
evrardjp | you could bypass this, but you'll definitely don't want that | 13:14 |
v1k0d3n | hmm | 13:14 |
asettle | odyssey4me: if you're happy with that, I am too. I just read your comment as you'd like to see it in both and you were unsure if that was feasible? Either way, honestly, it all works. | 13:14 |
asettle | I can just clarify that in the spec. | 13:14 |
v1k0d3n | ok. so i pick ip's ... but i will probably need to tear down and rebuild again (fine because there is no traffic or real customers on this yet). | 13:15 |
evrardjp | so, now that you have your 3 "haproxy" nodes with their internal IPs, you have to get them an external ips | 13:15 |
v1k0d3n | so i would need to exclude another ip | 13:15 |
v1k0d3n | so let me give you a better lay of the land. can you give me about 8 minutes or so? | 13:15 |
odyssey4me | asettle yeah, if we grab the content from chap 4 and move it to the appropriate repo docs piece by piece then it'll be easy enough to compare and validate that no data is lost | 13:15 |
v1k0d3n | i will create an easier gist to help, but need to grab some more coffee. | 13:16 |
evrardjp | sure | 13:16 |
v1k0d3n | thanks a ton man | 13:16 |
v1k0d3n | appreciate it. | 13:16 |
odyssey4me | ie patch the role repo with the docs, and remove the same content from the integrated repo at the same time | 13:16 |
asettle | odyssey4me: I'll note that specifically in the spec then (rather than the 'developer documentaion' note I have currently) | 13:17 |
asettle | Cool? :) | 13:17 |
asettle | We'll sort out the details once this is approved | 13:17 |
*** Zucan has joined #openstack-ansible | 13:18 | |
openstackgerrit | Alexandra Settle proposed openstack/openstack-ansible-specs: DOCS: Overhaul installation guide https://review.openstack.org/323471 | 13:18 |
*** mkrish004c has joined #openstack-ansible | 13:23 | |
Adri2000 | hello | 13:24 |
Adri2000 | http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-ceilometer.html#setting-up-a-mongodb-database-for-ceilometer | 13:25 |
Adri2000 | was it considered to have a mongodb role in OSA? | 13:25 |
Adri2000 | "just do it"? :) or are we just planning to have gnocchi included and not care about mongodb anymore? | 13:26 |
evrardjp | we don't have one now Adri2000 | 13:26 |
odyssey4me | Adri2000 There are several roles available in Ansible Galaxy for MongoDB, so we won't curate a role ourselves. | 13:26 |
evrardjp | ^ that's the why | 13:26 |
Adri2000 | odyssey4me: I understand this, though for galera and rabbitmq it's included in OSA | 13:26 |
odyssey4me | Adri2000 We'd be happy to accept patches for a playbook and docs to deploy MongoDB though from someonw who understands it. | 13:26 |
Adri2000 | so why make a difference? | 13:26 |
evrardjp | Adri2000: if there is something good to consume we'll do it | 13:27 |
odyssey4me | Adri2000 When we build the roles for MariaDB/RabbitMQ there weren't existing roles available to meet our needs. | 13:27 |
odyssey4me | Adri2000 We'd be happy to have the instrumentation to consume one of the Galaxy roles, like we do for keepalived. | 13:27 |
Adri2000 | hmm ok, I'll have a look at how it's done for keepalived | 13:28 |
Adri2000 | anyway with this https://blueprints.launchpad.net/openstack-ansible/+spec/role-gnocchi, I think the mongodb issue will become less relevant | 13:28 |
*** michaelgugino has joined #openstack-ansible | 13:28 | |
Adri2000 | as you'd be able to deploy ceilometer with gnocchi as a backend, instead of mongodb | 13:28 |
odyssey4me | Adri2000 sure, although as I understand it there are still other parts of Ceilometer which may best use MongoDB or something similar | 13:28 |
evrardjp | keepalived is maybe specific to haproxy here, but that's another question | 13:28 |
Adri2000 | ok, thanks for those informations! | 13:30 |
michaelgugino | I think I may have solved part of our container network connection problems | 13:31 |
*** messy has joined #openstack-ansible | 13:31 | |
automagically | Oooh, what was the change you made michaelgugino | 13:33 |
michaelgugino | https://review.openstack.org/#/c/324801/ | 13:33 |
automagically | michaelgugino: ++ | 13:34 |
odyssey4me | hmm, must iptables be in the containers as well? | 13:37 |
odyssey4me | I guess the neutron containers need it, but do all the others? | 13:37 |
pjm6 | odyssey4me, o/ | 13:37 |
pjm6 | thanks, I see that, but i don't find where the vhost were being created (about rabbitmq vhost config) | 13:38 |
pjm6 | only find in playbook test | 13:38 |
odyssey4me | pjm6 here's an example for you: https://github.com/openstack/openstack-ansible/blob/master/playbooks/os-cinder-install.yml#L119-L145 | 13:39 |
odyssey4me | pjm6 it's not done in the role, except in the test playbook - it's done as part of the 'glue' to put things together in the playbooks | 13:39 |
pjm6 | oh thanks odyssey4me , i find similiar code but were in testing | 13:41 |
pjm6 | it's not a problem adding an aditional vhost? | 13:41 |
odyssey4me | automagically it looks like cloudnull patched up the centos lxc version to resolve the centos keystone build errors: https://review.openstack.org/325052 | 13:41 |
odyssey4me | pjm6 and additional vhost for what? | 13:41 |
pjm6 | for the rabbitmq instalattion | 13:42 |
*** smatzek has quit IRC | 13:42 | |
automagically | odyssey4me: Oh nice, looking | 13:42 |
odyssey4me | pjm6 you can add any amount of vhosts for your own needs | 13:42 |
pjm6 | and it will be replicated to others rabbitmq, because its in cluster mode | 13:43 |
odyssey4me | pjm6 yep | 13:43 |
pjm6 | (when having more than one) | 13:43 |
pjm6 | thanks odyssey4me :) | 13:43 |
odyssey4me | pjm6 you'll see that we do https://github.com/openstack/openstack-ansible/blob/master/playbooks/os-cinder-install.yml#L85-L97 too | 13:43 |
*** sawblade6 has quit IRC | 13:44 | |
odyssey4me | that's so that we get a deterministic order that varies from controller to controller to help balance the load across the rabbit cluster | 13:44 |
automagically | odyssey4me: Reviewed, really not sure how the graphviz package figures in to the LXC version change | 13:44 |
*** sawblade6 has joined #openstack-ansible | 13:44 | |
odyssey4me | mhayden FYI https://review.openstack.org/#/q/project:openstack/releases+owner:%22Jesse+Pretorius+(odyssey4me)+%253Cjesse.pretorius%2540rackspace.co.uk%253E%22 | 13:45 |
odyssey4me | automagically me neither, but it can always be cleaned up later if it's important | 13:45 |
automagically | Ah, strangely its part of the documentation build done during the LXC make run | 13:46 |
*** yatin has joined #openstack-ansible | 13:46 | |
automagically | Had to dig a bit, but now it _sorta_ makes sense | 13:46 |
odyssey4me | automagically heh, probably for a diagram | 13:47 |
pjm6 | odyssey4me, that will choose which rabbitmq | 13:47 |
pjm6 | will be working,. right? | 13:47 |
odyssey4me | pjm6 the config for the service gets a list of IP's containing each IP for the rabbitmq servers - the oslo library understands how to use that as a set and if it fails to connect to one, it tries the next one | 13:48 |
v1k0d3n | evrardjp: ok sorry man. pasting on gist now... | 13:48 |
odyssey4me | pjm6 that's why we don't have to put rabbitmq behind the load balancer | 13:48 |
mkrish004c | Hi Guys, i am running OSA 12.0.9, it is using Ansible v1.9.4. Will it impact the OSA if i update Ansible v2.0.1 by anyway ? | 13:48 |
pjm6 | so the responsability is in the side of oslo library to do LB, nice =D | 13:49 |
odyssey4me | pjm6 but the way rabbitmq does the queue clustering, the first cluster node that is connected to which creates the queue always manages the queue from then on unless it goes down | 13:49 |
odyssey4me | mkrish004c it will not work with Ansible > 1.9.4 | 13:49 |
odyssey4me | mkrish004c we will support Ansible 2.1 for the Newton release | 13:49 |
odyssey4me | pjm6 yes, the oslo library handles the reconnects and therefore the resiliency | 13:50 |
pjm6 | odyssey4me, btw: do you know what happens if a task is interrupted in the middle? | 13:50 |
mkrish004c | Okay, Thanks a lot odyssey4me, and is there any one trying out OVS+DPDK for liberty, because i am writing my own on 12.0.9. I just want to foresee if any know issue our team faced. | 13:51 |
pjm6 | in this way, is being consumed by an API, but the process is interrupted | 13:51 |
odyssey4me | pjm6 I don't know specifically, but in other MQ systems I've worked with it works something like this - if your client has read the message, the message is removed from the server. If that client is lost or loses the message, it's gone. | 13:52 |
*** ametts has joined #openstack-ansible | 13:52 | |
michaelgugino | mkrish004c: we have some ovs stuff in master, but not utilizing dpdk. You may want to base your work off of that | 13:52 |
odyssey4me | mkrish004c We are implementing OVS in Newton. | 13:52 |
v1k0d3n | evrardjp: ok...https://gist.github.com/v1k0d3n/3aedc7b7db8511d3c172d6361d9adf0e | 13:53 |
mrhillsman | morning | 13:53 |
pjm6 | odyssey4me, yes, that make sense, and as I know, make sense, the question was a "isolated situation" in case of the client read the message but not completing | 13:53 |
v1k0d3n | think there are a few things that need to change. some i'm fairly confident in...although haven't done a multi-node deploy in a bit. | 13:53 |
odyssey4me | mkrish004c You may wish to work with us in Newton using a test environment to validate that it meets your needs and submit patches for any issues you find. Once the patches are merged you can try backporting them into your own fork at your discretion. That way you can be assured that your tech debt will not carry through to the next version of OVS, and you also get input from the whole community on what you think | 13:54 |
odyssey4me | is a good solution. | 13:54 |
odyssey4me | pjm6 You'll have to test. I have no idea. | 13:54 |
openstackgerrit | Merged openstack/openstack-ansible-lxc_hosts: Update the version of LXC for centos7 https://review.openstack.org/325052 | 13:54 |
pjm6 | odyssey4me, ok :) i will test it and let you known when i got a conclusion :D thanks for the explation :D will be a great help | 13:54 |
Bofu2MBP | Failing on setup-openstack.yaml on "ensure service tenant" with the following flooding the keystone logs: https://gist.github.com/automatedtendencies/54bc299c2e8863bd71ff978cf3ae1e8b any ideas? :( | 13:55 |
odyssey4me | Bofu2MBP I'm not seeing a relevant error, other than 'Authorization failed. The request you have made requires authentication. from 10.102.0.13' | 13:57 |
Bofu2MBP | .13 is one of the controllers | 13:57 |
*** weezS has joined #openstack-ansible | 13:57 | |
Bofu2MBP | (the same one it's trying to fix in the task) | 13:57 |
Bofu2MBP | but the creds haven't changed at all. :| | 13:57 |
odyssey4me | The admin_token_auth warnings will disappear once the upstream api-paste has that removed, so it's a cosmetic warning | 13:57 |
*** ChanServ changes topic to "Launchpad: https://launchpad.net/openstack-ansible || Weekly Meetings: https://wiki.openstack.org/wiki/Meetings/openstack-ansible || Review Dashboard: https://goo.gl/tTmdgs" | 13:58 | |
-openstackstatus- NOTICE: Cleanup from earlier block storage disruption on static.openstack.org has been repaired, and any jobs which reported an "UNSTABLE" result or linked to missing logs between 08:00-14:00 UTC can be retriggered by leaving a "recheck" comment. | 13:58 | |
odyssey4me | Bofu2MBP you may wish to confirm that auth works for all the services based on the userid/password from secrets | 13:58 |
Bofu2MBP | k ill give it a shot real quick, if those fail in any way what would be the best way to fix it? | 13:58 |
Bofu2MBP | odyssey4me: root@controller2-utility-container-51868550:~# nova list | 13:59 |
Bofu2MBP | ERROR (Unauthorized): The request you have made requires authentication. (HTTP 401) (Request-ID: req-dc652bf2-8cce-4157-a650-312d170d2e34) :| | 13:59 |
Bofu2MBP | that's after I source'd the openrc, obv. | 14:00 |
mkrish004c | Thats also a good idea odyssey4me, how can i get the newton test version ? | 14:02 |
odyssey4me | mkrish004c Newton is our master branch. | 14:03 |
evrardjp | mkrish004c: I'd be happy to share with you about your experience of dpdk | 14:04 |
odyssey4me | Bofu2MBP you'll have to use the keystone admin endpoint to set the password for the user to the one that it's supposed to be | 14:05 |
Bofu2MBP | odyssey4me that requires the token correct? I don't see that in the keystone conf :-/ | 14:05 |
*** smatzek has joined #openstack-ansible | 14:05 | |
odyssey4me | Bofu2MBP oh, so even your admin:admin account is failing? oh dear - you may have to either set a token in keystone.conf temporarily, or use keystone-manage bootstrap to reset the password | 14:06 |
odyssey4me | I'm not sure if the keystone-manage bootstrap can be used to reset the password, but it's worth a try | 14:06 |
evrardjp | v1k0d3n: You have an issue with external and internal lb address | 14:08 |
*** aslaen has joined #openstack-ansible | 14:08 | |
v1k0d3n | evrardjp: yeah...my general understanding of it. | 14:08 |
v1k0d3n | lol | 14:08 |
v1k0d3n | i'm trying to understand it better | 14:08 |
*** aboyle has joined #openstack-ansible | 14:09 | |
Bofu2MBP | odyssey4me alright I can try keystone-manage bootstrap | 14:11 |
evrardjp | you have the same ip assigned to your public/internal net | 14:11 |
Bofu2MBP | or the token, which would you like me to try first? :P I don't trust my judgement on this anymore lol | 14:11 |
evrardjp | I think you should probably set 10.2.32.9 for external vip | 14:12 |
Bofu2MBP | odyssey4me interesting ... my regular credentials are working for horizon now | 14:12 |
odyssey4me | Bofu2MBP try the bootstrap first | 14:12 |
mkrish004c | evrardjp Sure, i have a set up of manual installation of OVS+DPDK from the intel doc, i thought of do it in OSA frameworks. | 14:13 |
evrardjp | :D | 14:13 |
evrardjp | good news :D | 14:13 |
Bofu2MBP | odyssey4me: is that through the utility container or ...? | 14:14 |
odyssey4me | Bofu2MBP keystone-manage will need DB access to the keystone DB, so it likely uses /etc/keystone/keystone.conf so I'd guess the keystone container | 14:15 |
Bofu2MBP | command not found. doh | 14:15 |
v1k0d3n | evrardjp: this was one of the things i wanted to ask you about actually.... | 14:15 |
mkrish004c | i started working on OSA from 12.0.9, so just took a very long time to get through it and play around with it. I am using the same version to have OVS patch on the quite similar way of walmart patch. | 14:16 |
evrardjp | v1k0d3n: also your br-vlan (used for keepalived) should be dedicated for it. So you should not reuse-it elsewhere, for example on a network node | 14:16 |
evrardjp | or infra node | 14:16 |
evrardjp | you should wire it with a fake interface or use another interface | 14:16 |
asettle | odyssey4me: you got the link to the meeting minutes last night? | 14:17 |
*** weshay has joined #openstack-ansible | 14:17 | |
asettle | I can't find. | 14:17 |
v1k0d3n | ok... evrardjp good stuff. sooo....for keepalive, can i just use a vlan interface? let me show you how it's prepared... | 14:18 |
odyssey4me | asettle I haven't updated the wiki - gimme a moment | 14:18 |
asettle | odyssey4me: all good, found the eavesdrop | 14:18 |
odyssey4me | asettle you can always look for them here: http://eavesdrop.openstack.org/meetings/openstack_ansible/2016/ | 14:19 |
v1k0d3n | evrardjp: https://github.com/att-esst/osa-prep/tree/master/roles/osa-deploy-networking/templates | 14:19 |
v1k0d3n | so bond1 has 3 (now 4) vlans assigned... | 14:19 |
Bofu2MBP | odyssey4me: "The request you have made requires authentication. (HTTP 401) (Request-ID: req-22fb0dbf-f02e-48c8-b728-26c61baccaa6)" on "keystone bootstrap" | 14:19 |
v1k0d3n | so physical (interfaces) bonds (bonds) vlans (you see it now) and then osad. i automate the preparation of the interfaces and the policy based routes for each interface. | 14:20 |
v1k0d3n | so everything is automated for prep, and then i just have to drop configs and launch. | 14:20 |
Bofu2MBP | v1k0d3n thats how I have mine | 14:20 |
Bofu2MBP | vlans on bridges on bonds | 14:21 |
v1k0d3n | so should i create a new vlan, and have haproxy configured for that then? | 14:21 |
odyssey4me | Bofu2MBP have you validated that your galera auth works? | 14:21 |
evrardjp | v1k0d3n: are the haproxy nodes dedicated to doing the LB? | 14:21 |
*** KLevenstein has joined #openstack-ansible | 14:21 | |
Bofu2MBP | odyssey4me: regular mysql authentication? I'm in right now through navicat (mysql management type shit - software) so that does work | 14:21 |
Bofu2MBP | I haven't tested keystone specific login, though. | 14:21 |
v1k0d3n | i guess they should be. but how would i know for sure? | 14:22 |
evrardjp | v1k0d3n: if not, and you're giving br-vlan to neutron, you shouldn't use the same interface | 14:22 |
odyssey4me | Bofu2MBP it may be working for your root account, but each service has its own accounts - check that they work | 14:22 |
evrardjp | v1k0d3n: you can drop me your openstack_user_variables next week | 14:22 |
*** sigmavirus24_awa is now known as sigmavirus24 | 14:22 | |
evrardjp | because I have to leave now | 14:22 |
v1k0d3n | ok. that's cool | 14:22 |
odyssey4me | Bofu2MBP rebuilds are no fun :/ | 14:22 |
Bofu2MBP | odyssey4me especially when all of the stuff is down. :( | 14:23 |
v1k0d3n | thanks for offering to help. i really want to understand and wrap my head around this. | 14:23 |
*** oneswig has joined #openstack-ansible | 14:23 | |
Bofu2MBP | odyssey4me: is there a playbook part that sets all of the users/pass up? | 14:23 |
evrardjp | yw | 14:23 |
Bofu2MBP | v1k0d3n: do you want me to send you my config? | 14:23 |
Bofu2MBP | I have R610s as my controllers, each of which has 4 NICs in a LACP bond | 14:23 |
Bofu2MBP | NIC ports that is | 14:23 |
odyssey4me | Bofu2MBP it gets done in each os-<service>-install.yml playbook | 14:23 |
Bofu2MBP | and then VLANs on top of it | 14:23 |
Bofu2MBP | odyssey4me: so in theory if I run the keystone install and it works, it should be oK? | 14:24 |
v1k0d3n | Bofu2MBP: yeah that would be amazing. | 14:24 |
Bofu2MBP | whats your email | 14:25 |
v1k0d3n | so you guys are using haproxy too | 14:25 |
Bofu2MBP | yep | 14:25 |
v1k0d3n | bjozsa@jinkit.com | 14:25 |
Bofu2MBP | 3 node haproxy | 14:25 |
v1k0d3n | how many nodes are you running from infra/compute? | 14:25 |
Bofu2MBP | 8 compute | 14:25 |
Bofu2MBP | 3 controllers | 14:25 |
v1k0d3n | wondering at what point it starts tanking? think i read somewhere about 150 or so | 14:25 |
Bofu2MBP | 1 storage | 14:25 |
odyssey4me | Bofu2MBP without inspecting the play tasks in question, I guess - it should use the root account to set the password | 14:25 |
v1k0d3n | ? | 14:25 |
odyssey4me | Bofu2MBP it should also use the keystone-manage bootstrap to set the keystone admin account | 14:26 |
Bofu2MBP | v1k0d3n not sure about that one, we use C6100s as compute nodes but as we're starting to sell more we'll be scaling fairly fast. | 14:26 |
Bofu2MBP | odyssey4me: "perform a keystone db sync" successfully works, always just freezes on the ensure tenant part | 14:27 |
*** oneswig has quit IRC | 14:27 | |
odyssey4me | Bofu2MBP ok, so the galera creds are working then - the issue is that keystone admin creds and it looks like the bootstrap doesn't overwrite the existing settings | 14:28 |
Bofu2MBP | odyssey4me so what's the best way to proceed without jumping out of the closest window? | 14:29 |
odyssey4me | dolphm lbragstad is keystone-manage bootstrap meant to skip the bootstrap if there are already settings in place? what is the right way to fix up creds that are lost somehow for the keystone admin? | 14:29 |
Bofu2MBP | v1k0d3n: just to confirm, is the only thing you need the network config settings for the bridges, etc? | 14:30 |
dolphm | odyssey4me: bootstrap should be idempotent, but i don't think it'll change an admin's password if you specify something different | 14:30 |
odyssey4me | Bofu2MBP considering that the token_auth is still available in the keystone api pipeline, I expect that you could use the config_override mechanism to implement an auth_token temporarily and use the token auth method to reset the admin account password | 14:30 |
odyssey4me | dolphm so the options are, I guess, to delete the admin account in the db or to use the auth_token middleware? | 14:31 |
dolphm | odyssey4me: at least not in mitaka -- i can't think of a reason for it not to behave that way, though | 14:31 |
dolphm | odyssey4me: i prefer the idea of it doing a password reset | 14:31 |
odyssey4me | dolphm me too | 14:31 |
Bofu2MBP | so throw an auth_token into the config_override and then use that token to reset the admin account password | 14:32 |
lbragstad | odyssey4me right - it looks like bootstrap attempts to create things if you run it again but it excepts the conflicts | 14:32 |
odyssey4me | Bofu2MBP yep, you'll have to do the reset using the admin endpoint and specifically using the token auth method | 14:32 |
Bofu2MBP | odyssey4me k. I'll grab some coffee then try to find out how to do the shit I literally just said. Too early and being sick == not a good combo. | 14:33 |
Bofu2MBP | heh | 14:33 |
odyssey4me | lbragstad dolphm yeah, considering the removal of the auth_token middleware (possibly in O) it would seem that this is a bit of an operational oversight in functionality | 14:33 |
Bofu2MBP | wait, didn't the error log indicate that I had a token set? | 14:34 |
odyssey4me | Bofu2MBP nope, it was indicating that you had the auth_token middleware in the pipeline | 14:35 |
Bofu2MBP | AH ok | 14:35 |
Bofu2MBP | odyssey4me: keystone_keystone_conf_overrides correct? | 14:37 |
odyssey4me | Bofu2MBP yep | 14:37 |
*** scarlisle has joined #openstack-ansible | 14:38 | |
Bofu2MBP | odyssey4me: and it's just "admin_token"? | 14:39 |
odyssey4me | Bofu2MBP yep, according to http://docs.openstack.org/mitaka/config-reference/identity/options.html | 14:39 |
Bofu2MBP | rgr | 14:40 |
Bofu2MBP | here goes nothin | 14:40 |
*** bryan_att has joined #openstack-ansible | 14:40 | |
odyssey4me | Bofu2MBP then you should be able to use the bits at the start of this page to tell the client to use the token: http://docs.openstack.org/mitaka/install-guide-ubuntu/keystone-services.html | 14:41 |
odyssey4me | where 'ADMIN_TOKEN' should be replaced by your specific token that you added to the config_override | 14:41 |
*** deadnull_ has quit IRC | 14:42 | |
*** yatin has quit IRC | 14:43 | |
Bofu2MBP | odyssey4me: "__init__() got an unexpected keyword argument 'token'" :| | 14:44 |
Bofu2MBP | when I ran the openstack service create | 14:44 |
v1k0d3n | Bofu2MBP: that would be helpful i guess...but really looking at how you have haproxy configured. | 14:47 |
Bofu2MBP | v1k0d3n I just used the default playbooks | 14:47 |
Bofu2MBP | all 3 controllers are on the role | 14:47 |
Bofu2MBP | with keepalive | 14:47 |
v1k0d3n | yeah, so you have a separate interface for keepalive? | 14:48 |
odyssey4me | Bofu2MBP you shouldn't have to do a service create - try executing 'openstack catalog list' I think it is to show the existing catalog | 14:49 |
odyssey4me | and 'openstack endpoint list' to see if all the endpoints are there | 14:50 |
odyssey4me | Bofu2MBP all you actually need to do is ensure that the admin user is there, and its password is right - then the playbooks will do all the rest | 14:50 |
odyssey4me | Bofu2MBP oh, and of course that the endpoints are using the right LB addresses | 14:51 |
Bofu2MBP | root@controller1-utility-container-7c63504d:~# export OS_TOKEN=xxxxroot@controller1-utility-container-7c63504d:~# openstack catalog list | 14:51 |
Bofu2MBP | __init__() got an unexpected keyword argument 'token' | 14:51 |
Bofu2MBP | :| | 14:51 |
odyssey4me | Bofu2MBP odd, what version of openstack is this? mitaka? | 14:51 |
Bofu2MBP | should be | 14:52 |
Bofu2MBP | allegedly | 14:52 |
Bofu2MBP | coming from liberty on an upgrade, technically | 14:52 |
*** raddaoui has joined #openstack-ansible | 14:52 | |
odyssey4me | Bofu2MBP is the auth_token line now in keystone.conf ? | 14:52 |
odyssey4me | sorry - admin_token | 14:53 |
Bofu2MBP | odyssey4me: root@controller1-keystone-container-f8991646:~# cat /etc/keystone/keystone.conf|grep token | 14:53 |
Bofu2MBP | admin_token = xxxxxx | 14:53 |
odyssey4me | and the keystone services restart after the conf was changed? | 14:53 |
Bofu2MBP | from what I can tell yeah | 14:53 |
odyssey4me | so the openstack client is erroring out on the token keyword? | 14:54 |
odyssey4me | weird | 14:54 |
Bofu2MBP | is there a way I can manually reset the password within the database itself | 14:54 |
Bofu2MBP | since I have access to the mysql | 14:54 |
odyssey4me | dolphm lbragstad any advice? it looks like trying to use auth_token isn't working either... | 14:55 |
Bofu2MBP | I somehow always find the edge cases ;) | 14:55 |
odyssey4me | maybe just delete the admin user from the DB, then bootstrap again? | 14:55 |
odyssey4me | Bofu2MBP it's probably best to do a DB backup 'round about now | 14:56 |
lbragstad | odyssey4me that would probably work - then it would recreate it for you | 14:56 |
mhayden | odyssey4me: thanks | 14:56 |
lbragstad | ++ to the backup | 14:56 |
Bofu2MBP | odyssey4me: trust me it's backed up in like 5 places | 14:56 |
Bofu2MBP | because I had to recover it from a crash. :| | 14:56 |
*** javeriak has quit IRC | 14:58 | |
Bofu2MBP | odyssey4me - alright, so am I deleting the admin mysql user? a different user? keystone user? which db if you know? | 14:58 |
odyssey4me | Bofu2MBP I'm not familiar with the current DB layout, but it's likely you'll have to delete the user and the associated password entry | 15:00 |
Bofu2MBP | kk | 15:00 |
*** javeriak has joined #openstack-ansible | 15:00 | |
Bofu2MBP | I see the user table within keystone db, assuming that's the right place for this - but just in case, lbragstad any chance you can confirm real quick before I go delete heavy on everything around me? | 15:00 |
lbragstad | Bofu2MBP https://github.com/openstack/keystone/blob/master/keystone/cmd/cli.py#L219 | 15:01 |
lbragstad | yep - it should be in the user tabl;e | 15:01 |
*** saneax_AFK is now known as saneax | 15:01 | |
*** Drago has joined #openstack-ansible | 15:01 | |
*** Drago has joined #openstack-ansible | 15:02 | |
Bofu2MBP | appreciated | 15:02 |
Bofu2MBP | here goes nothing, fingers crossed | 15:02 |
Bofu2MBP | hm... lbragstad the schema doesn't match the vars in that code | 15:04 |
Bofu2MBP | code: name/enabled/domain_id/password, DB schema: id/extra/enabled/default_project_id | 15:04 |
gregfaust | anyone know why lxc-br needs to be bounced when building an AIO? https://github.com/openstack/openstack-ansible/blob/master/scripts/run-playbooks.sh#L56-L59 | 15:05 |
lbragstad | Bofu2MBP does it look like this - https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql_model.py#L24 ? | 15:05 |
gregfaust | commenting that out seems to help with the container connectivity issues that I was running into yesterday | 15:05 |
odyssey4me | gregfaust yep, run-playbooks should not be executed more than once | 15:06 |
Bofu2MBP | lbragstad good call on that code, it's local_user not user -- but both tables exist in keystone db | 15:06 |
javeriak | hey odyssey4me is there any official workflow to switching out a infra node? | 15:06 |
odyssey4me | gregfaust if you've executed it once, then only run the playbooks directly from then on | 15:06 |
lbragstad | Bofu2MBP oh - right. Sorry, i should have been more specific | 15:06 |
Bofu2MBP | lbragstad no worries. I appreciate the help :) | 15:07 |
*** yatin has joined #openstack-ansible | 15:07 | |
lbragstad | Bofu2MBP the admin user should be a local user with respect to keystone SQL backend | 15:07 |
odyssey4me | javeriak add a new infra node, then remove the old one - it'd be nice to have that added to the ops docs | 15:07 |
gregfaust | thanks odyssey4me, i'm going to start over and see if I get a clean run on the first try | 15:07 |
lbragstad | Bofu2MBP no problem | 15:07 |
javeriak | odyssey4me sure would, i think there are some things that need to be taken care of on top; i just root caused my earlier problem with the repo containers. the old primary couldnt talk to the new one because it still had the old ones key in it | 15:08 |
javeriak | odyssey4me, that could be the issue with any of the other services too though that sync among themselves... | 15:09 |
palendae | If any cores have time today, a look at https://review.openstack.org/#/c/283149/ would be appreciated | 15:09 |
odyssey4me | automagically jmccrory we could do with some reviews for https://review.openstack.org/323504 / https://review.openstack.org/323033 - those need backports to stable/mitaka to fix upgrades from liberty | 15:12 |
* automagically looking | 15:12 | |
*** javeriak has quit IRC | 15:13 | |
dolphm | odyssey4me: https://bugs.launchpad.net/keystone/+bug/1588860 | 15:14 |
openstack | Launchpad bug 1588860 in OpenStack Identity (keystone) "keystone-manage bootstrap cannot recover admin account" [Undecided,In progress] - Assigned to Dolph Mathews (dolph) | 15:14 |
dolphm | odyssey4me: fixed in https://review.openstack.org/#/c/325352/ | 15:14 |
dolphm | odyssey4me: and i'll try to get it backported | 15:14 |
odyssey4me | dolphm awesome, thanks - is there potentially a case where there could be two admin accounts of the same name in the same domain - one disabled and one enabled? | 15:17 |
cloudnull | any chance I can get some reviewer love on https://review.openstack.org/#/c/323504 and https://review.openstack.org/#/c/323033 | 15:17 |
odyssey4me | cloudnull I just asked automagically and jmccrory to peek at it :) | 15:18 |
cloudnull | ah cool | 15:18 |
cloudnull | thanks | 15:18 |
* cloudnull missed the scroll back message | 15:18 | |
cloudnull | odyssey4me: Also this one https://review.openstack.org/#/c/324974/ | 15:18 |
Bofu2MBP | lbragstad odyssey4me: re-ran the keystone install which failed due to "missing credentials" so now just doing setup-everything to be safe. | 15:19 |
cloudnull | that should round out multi-distro support for neutron | 15:19 |
errr | prometheanfire: ping | 15:19 |
odyssey4me | Bofu2MBP missing credentials? I'm not sure that setup-everything will do much better | 15:21 |
Bofu2MBP | incorrect credentials* sorry | 15:21 |
Bofu2MBP | aka it tried to authenticate but didn't work - assuming the create user was on a different playbook earlier in the run? | 15:21 |
odyssey4me | Bofu2MBP are your secrets populated, and are you using the 'openstack-ansible' command to execute the playbook | 15:21 |
Bofu2MBP | yep and yep. | 15:22 |
odyssey4me | hmf | 15:22 |
*** yatin has quit IRC | 15:23 | |
odyssey4me | cloudnull see automagically's comment in https://review.openstack.org/323504 | 15:23 |
*** klamath has joined #openstack-ansible | 15:32 | |
*** karimb has joined #openstack-ansible | 15:40 | |
*** asettle has quit IRC | 15:42 | |
*** sacharya has joined #openstack-ansible | 15:49 | |
odyssey4me | oh neat, mhayden has a new contributor: https://review.openstack.org/#/q/project:openstack/openstack-ansible-security+status:open | 15:51 |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible-security: [WIP] Add check/audit to gate testing https://review.openstack.org/324482 | 15:52 |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible-security: Fix broken check mode for CentOS 7 https://review.openstack.org/325376 | 15:52 |
mhayden | odyssey4me: yeah, i need to gander at those | 15:52 |
mhayden | odyssey4me: also had a bug come in for better RHEL support | 15:52 |
mhayden | there are some things around RHN and GPG checks that need to be adjusted | 15:52 |
*** sc68cal has joined #openstack-ansible | 15:52 | |
mhayden | but it shouldn't be a heavy lift | 15:53 |
odyssey4me | mhayden :) | 15:53 |
openstackgerrit | Travis Truman (automagically) proposed openstack/openstack-ansible: POC - Bug in dynamic_inventory that persists global_overrides https://review.openstack.org/325380 | 15:57 |
automagically | palendae if you are around I would appreciate your eyes on that ^ | 15:57 |
mhayden | odyssey4me: do you know offhand if we have a rhel image in CI-land? | 15:57 |
palendae | I am | 15:57 |
automagically | I have seen this bug crop up when doing deployments, and finally think I’ve got a test case that demonstrates its existence | 15:58 |
mhayden | kboratynski: i just put a few comments in your security role patches -- let me know if i can help! | 15:58 |
*** mikelk has quit IRC | 15:58 | |
odyssey4me | mhayden nope, no non-free images in openstack-ci | 15:59 |
mhayden | well darn | 15:59 |
dmsimard | fyi spotted a 2.1 regression .. https://github.com/ansible/ansible/issues/16125 | 16:02 |
odyssey4me | thanks dmsimard - hopefully that gets resolved quickly, and a proper test applied to ensure it never happens again | 16:05 |
dmsimard | we poked the beehive about it already | 16:05 |
dmsimard | getting pretty frustrated about the amount of regressions that have been landing since 2.0 | 16:06 |
palendae | Understandable, though I don't think their test suite was very big prior to the refactor, either | 16:06 |
openstackgerrit | Merged openstack/openstack-ansible-lxc_hosts: Fix missing iptables in containers https://review.openstack.org/324801 | 16:07 |
palendae | (also that is why I'm trying to wrap dynamic_inventory.py in tests :)) | 16:08 |
*** javeriak has joined #openstack-ansible | 16:09 | |
*** alikins has joined #openstack-ansible | 16:09 | |
odyssey4me | automagically palendae can we get rid of global overrides and replace them with group_vars instead please? :) | 16:10 |
Bofu2MBP | odyssey4me lbragstad looks like as it's running setup-openstack more data is starting to show up in the interface and I can login now, at this rate I may actually be up and running again soon. thank you! | 16:10 |
palendae | odyssey4me, Yes, but IMO they need a deprecation cycle | 16:10 |
automagically | odyssey4me: I think that’s quite likely, but presents some migration challenges | 16:10 |
palendae | Also, group_vars doesn't generate networks | 16:10 |
lbragstad | Bofu2MBP good to hear! | 16:10 |
*** bsv has quit IRC | 16:11 | |
palendae | We still don't have solid plans for alternative inventory implementations, which makes it murkier | 16:11 |
odyssey4me | automagically palendae sure, a dep cycle is important and perhaps there are some items that we'll need to figure out a better solution for... but if we can gradually move towards using more standard ansible inventory tooling and less dynamic inventory magic then it'd be far easier for people ot understand how it all works | 16:12 |
openstackgerrit | Travis Truman (automagically) proposed openstack/openstack-ansible-openstack_hosts: Adopting the common role documentation pattern https://review.openstack.org/325390 | 16:12 |
palendae | automagically I wouldn't be at all surprised if fixing this bug will break people relying on the bad behavior :( | 16:12 |
automagically | palendae: That is very likely | 16:12 |
automagically | odyssey4me: I could not agree more | 16:13 |
palendae | odyssey4me, Don't disagree. We still have to worry about creating containers, though | 16:13 |
palendae | we wedged ourselves with that | 16:13 |
*** javeriak_ has joined #openstack-ansible | 16:13 | |
automagically | palendae: But, if that’s the only thing we do is container creation, then the better | 16:13 |
palendae | We could have LXD take it over, but then, afaik, that precludes RHEL support | 16:13 |
odyssey4me | palendae automagically I think a mid cycle topic of note will have to be a design discussion around what we want from the inventory, so we can spec it out. | 16:13 |
*** Drago has left #openstack-ansible | 16:13 | |
automagically | odyssey4me: ++ | 16:13 |
odyssey4me | palendae we can just compile lxd on RHEL like we do for LXC | 16:13 |
*** metral has quit IRC | 16:13 | |
palendae | That was supposed to be at summit too :p | 16:13 |
palendae | I'm all for it, it's just that so far none of us have good ideas of what we actually want as a replacement | 16:14 |
automagically | We’ll get there | 16:14 |
palendae | We have ideas about structure, which is good | 16:14 |
palendae | automagically, Sure, just saying we're having cyclical conversations so far | 16:14 |
automagically | Trimming out the gross bits slowly should help us determine a much better final shape | 16:14 |
odyssey4me | palendae yeah, we did start discussions there and I expect that the design discussion will take quite a bit of wrangling and might need another summit to finalise | 16:14 |
palendae | odyssey4me, Yeah, absolutely | 16:15 |
palendae | IMO Newton will be making dynamic_inventory.py less scary, O can be about breaking it up | 16:15 |
odyssey4me | we have some actual requirements from those discussions in terms of real world usage needs... we just never got to writing them down | 16:15 |
*** javeriak has quit IRC | 16:16 | |
automagically | We got a good list of desired features: https://etherpad.openstack.org/p/openstack-ansible-newton-dynamic-inventory | 16:16 |
openstackgerrit | Merged openstack/openstack-ansible-os_magnum: Enable developer mode https://review.openstack.org/324809 | 16:16 |
odyssey4me | I think it makes sense for us to focus on functional needs rather than implementation details for back-ends and such. The functional needs then need to drive the back-end implementation proposals. | 16:16 |
palendae | automagically, So just container creation entials having networks | 16:16 |
openstackgerrit | Merged openstack/openstack-ansible-os_magnum: Remove pip_lock_down dependency https://review.openstack.org/313890 | 16:16 |
palendae | automagically, So container creation as the only thing is still a bit big | 16:17 |
palendae | That said, definition of that can be done somewhere else | 16:17 |
odyssey4me | automagically let me add a few more from discussions later which never made it onto there | 16:18 |
automagically | odyssey4me: Please do | 16:18 |
*** cloader89 has joined #openstack-ansible | 16:19 | |
palendae | I'm currently most interested in the 'be more like normal ansible inventory' requirement | 16:19 |
palendae | We don't really have a place to specify hosts/IPs otherwise yet | 16:19 |
palendae | Nearly everyone will have a different place for that | 16:20 |
palendae | Ideally we'd take a connection string and a query to get it though | 16:20 |
*** Zucan has quit IRC | 16:23 | |
palendae | sigmavirus24, If you have time today, would you mind providing some feedback on my approach at https://review.openstack.org/#/c/323601/ ? | 16:36 |
*** deadnull_ has joined #openstack-ansible | 16:37 | |
*** smatzek has quit IRC | 16:39 | |
*** Bofu2MBP has quit IRC | 16:41 | |
prometheanfire | errr: ? | 16:42 |
sigmavirus24 | palendae: surely | 16:43 |
kboratynski | mhayden: Hey! Yep, I agree with variables. Small question, what relase notes would you like to me provide? V-ids comments everything, I think. ;-) | 16:44 |
palendae | Lunching | 16:46 |
*** javeriak has joined #openstack-ansible | 16:47 | |
odyssey4me | alright, I'm out for the w/end - have a great w/end all! | 16:48 |
palendae | You too | 16:48 |
*** javeriak_ has quit IRC | 16:50 | |
mhayden | kboratynski: for release notes, just think about what you might want to see if you were a sysadmin working with that change | 16:53 |
mhayden | let me see if i can find an example | 16:53 |
openstackgerrit | Sudarshan Acharya proposed openstack/openstack-ansible: Adding missing / to swift rabbit connection string https://review.openstack.org/325413 | 16:53 |
mhayden | kboratynski: http://docs.openstack.org/releasenotes/openstack-ansible-security/unreleased.html | 16:54 |
mhayden | kboratynski: look at the release note for V-51337 there | 16:54 |
kboratynski | mhayden: Aaaach! Ok, then. I will add it today in the evening. | 16:55 |
kboratynski | And I have few more branches to push, but I will add variables and release notes previously. | 16:56 |
*** chhavi has quit IRC | 16:56 | |
mhayden | thanks kboratynski! | 16:57 |
*** deadnull_ has quit IRC | 17:06 | |
*** sacharya_ has joined #openstack-ansible | 17:11 | |
openstackgerrit | Travis Truman (automagically) proposed openstack/openstack-ansible-openstack_hosts: Cleanup/standardize usage of tags https://review.openstack.org/325418 | 17:11 |
openstackgerrit | Travis Truman (automagically) proposed openstack/openstack-ansible-openstack_hosts: Fail immediately when kernel needs an update https://review.openstack.org/325419 | 17:13 |
*** sacharya has quit IRC | 17:13 | |
*** tiagogomes has quit IRC | 17:17 | |
*** metral has joined #openstack-ansible | 17:24 | |
*** oneswig has joined #openstack-ansible | 17:25 | |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible-security: Add initial support for Red Hat Enterprise Linux 7 https://review.openstack.org/325421 | 17:27 |
*** oneswig has quit IRC | 17:29 | |
mhayden | weird, a dependent review made it through the gate faster than the thing it depends on | 17:29 |
*** smatzek has joined #openstack-ansible | 17:29 | |
* mhayden scratches his head | 17:30 | |
michaelgugino | bad news, the iptables didn't fix the container networking, at least not for os_nova | 17:31 |
*** deadnull_ has joined #openstack-ansible | 17:31 | |
*** Guest75 has joined #openstack-ansible | 17:32 | |
*** Guest75 is now known as Bofu2MBP | 17:32 | |
*** smatzek has quit IRC | 17:32 | |
*** smatzek has joined #openstack-ansible | 17:33 | |
*** Iqbal has quit IRC | 17:33 | |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible-security: Add initial support for Red Hat Enterprise Linux 7 https://review.openstack.org/325421 | 17:35 |
*** yatin has joined #openstack-ansible | 17:36 | |
mgagne | I'm confused. What's the correct syntax in a when clause to determine if a task changed? As an example with "result" registered, I see result.changed and result|changed. Which syntax is recommended? | 17:40 |
mgagne | https://github.com/openstack/openstack-ansible-os_neutron/blob/656a9769899f090278f53768b0ae825e798f10ba/tasks/ovs_install-apt.yml#L29 vs https://github.com/openstack/openstack-ansible-os_neutron/blob/dbbdebba564aa2e9dad1d7fe372774ad083d272c/tasks/neutron_init_upstart.yml#L31 | 17:40 |
automagically | result | changed is recommended | 17:41 |
mgagne | thanks! | 17:41 |
*** v1k0d3n has quit IRC | 17:44 | |
*** weezS has quit IRC | 17:45 | |
*** klamath has quit IRC | 17:52 | |
*** permalac has quit IRC | 17:58 | |
*** KLevenstein has quit IRC | 18:01 | |
*** metral has quit IRC | 18:02 | |
*** psilvad has joined #openstack-ansible | 18:06 | |
*** deadnull_ has quit IRC | 18:26 | |
chris_hultin | I'm running into an issue trying to install Magnum - it looks like the packages that are getting cached on the deploy server don't include the version of oslo.middleware that is required for Magnum. | 18:28 |
*** javeriak has quit IRC | 18:30 | |
*** javeriak has joined #openstack-ansible | 18:31 | |
chris_hultin | Specifically, Magnum wants >=3.0.0, it's only caching 2.8.0 | 18:33 |
automagically | Which version of OSA are you using chris_hultin | 18:34 |
chris_hultin | automagically: Very good question. What's the best way to find that out? | 18:37 |
automagically | The value of openstack_release in playbooks/inventory/group_vars/all.yml | 18:37 |
pjm6 | anyone had problems like: "not bound, no agent registered on host os-compute01" ? | 18:38 |
chris_hultin | automagically: 12.0.14 | 18:38 |
pjm6 | before failing Port binding (when creating an instance) | 18:38 |
pjm6 | i get that warning, and in the compute host, i don't see the br-vlan.VLAN_ID craeted | 18:38 |
automagically | Okay, so that’s a Liberty release chris_hultin. TBH, I’m not sure the magnum role got much testing in that release, or since | 18:38 |
automagically | Its not part of the integrated gate testing and I’m not aware of deployers who are using it currently | 18:39 |
automagically | Its quite possible that the role needs some fixes. IIRC sigmavirus24 was the primary contributor there, he may have some more tips for you chris_hultin | 18:40 |
chris_hultin | automagically: This should be extremely fun then. Do you have any recommendations on where to start with fixing this dependency issue? | 18:40 |
chris_hultin | automagically: Thanks for the advice | 18:40 |
automagically | sure, np | 18:40 |
automagically | I have not used the role, nor do I have any experience with Magnum in general, so that’s probably the best I can offer right now | 18:41 |
chris_hultin | Fair enough. Do you know of any way to change what packages are cached on the local PIP server? | 18:41 |
openstackgerrit | Merged openstack/openstack-ansible-rsyslog_client: Add CentOS7 support to rsyslog client https://review.openstack.org/320099 | 18:44 |
pjm6 | for some reason linux bridge agent don't detect | 18:47 |
pjm6 | in the network agents | 18:47 |
automagically | chris_hultin: I believe there is a way, but I’m not finding it at the moment. | 18:47 |
*** asettle has joined #openstack-ansible | 18:47 | |
automagically | chris_hultin: This may be useful tho: https://github.com/openstack/openstack-ansible-repo_build/blob/master/defaults/main.yml#L33 | 18:48 |
pjm6 | anyone have a clue? | 18:48 |
*** weezS has joined #openstack-ansible | 18:51 | |
*** asettle has quit IRC | 18:52 | |
*** yatin has quit IRC | 18:57 | |
openstackgerrit | Antony Messerli proposed openstack/openstack-ansible-specs: Xen Virt Driver Support https://review.openstack.org/325490 | 19:00 |
openstackgerrit | kboratynski proposed openstack/openstack-ansible-security: Implemented: V-38524. https://review.openstack.org/324960 | 19:00 |
kboratynski | mhayden: Be so kind have a look at my commit message. Is it OK up to you? | 19:00 |
*** aslaen has quit IRC | 19:03 | |
*** mfisch has quit IRC | 19:06 | |
*** aslaen has joined #openstack-ansible | 19:06 | |
*** hybridpollo has joined #openstack-ansible | 19:07 | |
mhayden | sure, let me look | 19:10 |
mhayden | Ansible 2.2 roadmap is out -> https://github.com/ansible/ansible/blob/devel/docsite/rst/roadmap/ROADMAP_2_2.rst | 19:10 |
openstackgerrit | Nolan Brubaker proposed openstack/openstack-ansible: Extract and test inventory and backup I/O https://review.openstack.org/323601 | 19:11 |
palendae | automagically, ^ may be helpful to build off of for that global overrides stuff | 19:11 |
*** javeriak has quit IRC | 19:11 | |
mhayden | kboratynski: that one may need to be disabled by default (just commented) | 19:14 |
mhayden | also, i forgot to mention docs on the previous review comments | 19:14 |
*** hybridpollo has quit IRC | 19:14 | |
mhayden | http://docs.openstack.org/developer/openstack-ansible-security/writing-docs.html | 19:15 |
kboratynski | mhayden: Sure! Sorry, I have not found these docs. | 19:16 |
mhayden | the docs eventually end up here -> http://docs.openstack.org/developer/openstack-ansible-security/controls-cat2.html#v-38524-the-system-must-not-accept-icmpv4-redirect-packets-on-any-interface | 19:16 |
automagically | Thx palendae | 19:16 |
mhayden | no, thank you automagically | 19:17 |
*** metral_zzz has joined #openstack-ansible | 19:21 | |
*** metral_zzz is now known as metral | 19:21 | |
*** ametts has quit IRC | 19:22 | |
*** oneswig has joined #openstack-ansible | 19:26 | |
*** bbmbx__ has joined #openstack-ansible | 19:27 | |
*** Mudpuppy has quit IRC | 19:29 | |
*** Mudpuppy has joined #openstack-ansible | 19:29 | |
*** bbmbx has quit IRC | 19:30 | |
*** oneswig has quit IRC | 19:31 | |
openstackgerrit | kboratynski proposed openstack/openstack-ansible-security: Implemented: V-38524. https://review.openstack.org/324960 | 19:34 |
kboratynski | mhayden: Done. ;-) | 19:34 |
*** Mudpuppy has quit IRC | 19:34 | |
kboratynski | But... Mayby we shall add a boolean variable for every test in this role? If so? | 19:36 |
mhayden | kboratynski: looking good -- just one comment about using the variable to skip that configuration | 19:36 |
mhayden | i'd rather direct deployers to the variables rather than --skip-tag | 19:37 |
kboratynski | mhayden: Well... Have a look at http://docs.openstack.org/developer/openstack-ansible-security/writing-docs.html | 19:38 |
kboratynski | And the example that is written there. ;-) | 19:38 |
mhayden | kboratynski: hah, i'm fixing up that page as we speak :P | 19:38 |
mhayden | it needs some love | 19:38 |
kboratynski | <3 | 19:38 |
kboratynski | Ok, I will fix it. | 19:38 |
mhayden | thanks, kboratynski! | 19:38 |
kboratynski | (I mean, my documentation and this example, if you want to.) | 19:39 |
*** johnmilton has quit IRC | 19:40 | |
openstackgerrit | kboratynski proposed openstack/openstack-ansible-security: Implemented: V-38524. https://review.openstack.org/324960 | 19:43 |
*** aboyle has quit IRC | 19:43 | |
mhayden | cool -- waiting on the gate job | 19:44 |
openstackgerrit | Greg Faust proposed openstack/openstack-ansible: add note about building AIO more than once https://review.openstack.org/325498 | 19:49 |
*** KLevenstein has joined #openstack-ansible | 19:49 | |
*** rahuls has joined #openstack-ansible | 19:51 | |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible-security: Docs: Add developer guide for security role https://review.openstack.org/325499 | 19:52 |
*** rahuls has quit IRC | 19:52 | |
*** rahuls has joined #openstack-ansible | 19:53 | |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible-security: Docs: Fix OpenStack-Ansible capitalization https://review.openstack.org/325501 | 19:57 |
*** asettle has joined #openstack-ansible | 19:58 | |
*** klamath has joined #openstack-ansible | 19:58 | |
-openstackstatus- NOTICE: The infrastructure team is taking Gerrit offline for maintenance this afternoon, beginning shortly after 20:00 UTC. We aim to have it back online around 00:00 UTC. | 19:58 | |
*** asettle has quit IRC | 19:58 | |
palendae | oof, didn't mean to pile on there gregfaust | 19:59 |
*** aslaen has quit IRC | 20:02 | |
gregfaust | lol, thanks for the feedback :) | 20:05 |
*** metral has quit IRC | 20:05 | |
*** metral_zzz has joined #openstack-ansible | 20:05 | |
*** metral_zzz is now known as metral | 20:05 | |
-openstackstatus- NOTICE: Gerrit is offline for maintenance until 00:00 UTC | 20:07 | |
*** ChanServ changes topic to "Gerrit is offline for maintenance until 00:00 UTC" | 20:07 | |
*** kstev has quit IRC | 20:16 | |
*** bsv has joined #openstack-ansible | 20:17 | |
*** johnmilton has joined #openstack-ansible | 20:20 | |
*** Drago has joined #openstack-ansible | 20:24 | |
*** johnmilton has quit IRC | 20:24 | |
*** metral has quit IRC | 20:26 | |
*** metral_zzz has joined #openstack-ansible | 20:27 | |
*** metral_zzz is now known as metral | 20:27 | |
kboratynski | https://review.openstack.org/ - 500 | 20:29 |
kboratynski | Ups. | 20:30 |
kboratynski | By the way, ServerTokens <3. ;) | 20:30 |
*** smatzek_ has joined #openstack-ansible | 20:31 | |
*** oneswig has joined #openstack-ansible | 20:32 | |
*** oneswig has quit IRC | 20:32 | |
*** persia has quit IRC | 20:33 | |
*** smatzek has quit IRC | 20:33 | |
*** persia has joined #openstack-ansible | 20:35 | |
*** johnmilton has joined #openstack-ansible | 20:38 | |
*** aslaen has joined #openstack-ansible | 20:44 | |
bsv | odyssey4me: did you get any further porting designate into osa? | 20:50 |
*** Drago has quit IRC | 20:52 | |
cloudnull | kboratynski: gerrit is down for maint right now. :'( | 21:01 |
bsv | great, even more time for debugging designate ;) | 21:01 |
*** Drago has joined #openstack-ansible | 21:07 | |
*** psilvad has quit IRC | 21:10 | |
*** KLevenstein has quit IRC | 21:20 | |
*** weezS has quit IRC | 21:22 | |
*** thorst has quit IRC | 21:24 | |
*** thorst has joined #openstack-ansible | 21:24 | |
*** smatzek_ has quit IRC | 21:26 | |
*** thorst_ has joined #openstack-ansible | 21:27 | |
*** thorst has quit IRC | 21:29 | |
*** thorst_ has quit IRC | 21:31 | |
*** bryan_att has quit IRC | 21:43 | |
lbragstad | does anyone else seem to get this with the latest master of os_keystone ? http://cdn.pasteraw.com/pkjkps2fgit4kvt5hwlb2dkhyuqyxl4 | 21:43 |
*** thorst has joined #openstack-ansible | 21:46 | |
lbragstad | oh actually - it looks like that is coming from galera client | 21:47 |
lbragstad | yep - https://github.com/openstack/openstack-ansible-galera_client/blob/master/defaults/main.yml#L25 | 21:48 |
*** thorst has quit IRC | 21:50 | |
*** Bofu2MBP has quit IRC | 21:52 | |
*** messy has quit IRC | 21:58 | |
*** saneax is now known as saneax_AFK | 22:03 | |
*** Guest75 has joined #openstack-ansible | 22:04 | |
*** kylek3h has quit IRC | 22:06 | |
*** weezS has joined #openstack-ansible | 22:07 | |
*** Guest75 has quit IRC | 22:08 | |
*** cloader89 has quit IRC | 22:09 | |
*** michaelgugino has quit IRC | 22:19 | |
*** berendt has quit IRC | 22:20 | |
*** weezS has quit IRC | 22:20 | |
*** markvoelker has quit IRC | 22:31 | |
lbragstad | so - it appears that for some reason pip is ignoring the pypi index when using root to install pip packages | 22:43 |
lbragstad | is that something OSA does or ... ? | 22:43 |
*** saneax_AFK is now known as saneax | 22:44 | |
lbragstad | pip installs work at the ubuntu user | 22:49 |
lbragstad | which is the user that i'm using to run the playbook | 22:49 |
Drago | I don't know if it's the same problem, but someone on our team is currently having difficulty getting OSA to install oslo.middleware 3.0.0 vs 2.8.0 | 22:49 |
lbragstad | Drago just those packages? | 22:51 |
lbragstad | or other packages as well? | 22:51 |
Drago | Not totally sure, but that's the one they're stuck on | 22:51 |
lbragstad | hmm | 22:51 |
*** woodard has quit IRC | 22:53 | |
*** woodard has joined #openstack-ansible | 22:54 | |
*** hybridpollo has joined #openstack-ansible | 22:57 | |
*** klamath has quit IRC | 23:11 | |
*** mummer has joined #openstack-ansible | 23:25 | |
*** mummer has quit IRC | 23:26 | |
*** mkrish004c has quit IRC | 23:30 | |
*** Drago has quit IRC | 23:32 | |
*** weshay has quit IRC | 23:41 | |
*** scarlisle has quit IRC | 23:42 | |
*** rahuls has quit IRC | 23:54 | |
*** karimb has quit IRC | 23:54 | |
*** basilAB has quit IRC | 23:55 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!