Monday, 2016-08-29

*** gouthamr has joined #openstack-ansible		00:01
*** thorst has joined #openstack-ansible		00:05
*** thorst has quit IRC		00:06
*** kenhui1 has quit IRC		00:06
*** woodard has joined #openstack-ansible		00:10
*** thorst has joined #openstack-ansible		00:10
*** woodard has quit IRC		00:14
*** hblah158 has joined #openstack-ansible		00:15
*** thorst has quit IRC		00:15
*** hblah has quit IRC		00:17
*** Jeffrey4l_ has joined #openstack-ansible		00:20
*** Jeffrey4l__ has quit IRC		00:20
*** schwicht has quit IRC		00:24
*** woodard has joined #openstack-ansible		00:27
*** schwicht has joined #openstack-ansible		00:27
*** woodard has quit IRC		00:28
*** woodard has joined #openstack-ansible		00:28
*** adrian_otto has joined #openstack-ansible		00:47
*** thorst has joined #openstack-ansible		00:50
*** adrian_otto has quit IRC		00:50
*** thorst has quit IRC		00:50
*** thorst has joined #openstack-ansible		00:51
*** v1k0d3n has joined #openstack-ansible		00:52
*** v1k0d3n has quit IRC		00:57
*** thorst has quit IRC		00:59
*** eil397_ has joined #openstack-ansible		00:59
*** Mudpuppy has quit IRC		01:08
*** Mudpuppy has joined #openstack-ansible		01:09
*** serverascode has quit IRC		01:10
*** hblah has joined #openstack-ansible		01:10
*** maximov has quit IRC		01:10
*** NachoDuck has quit IRC		01:11
*** hblah158 has quit IRC		01:12
*** maximov has joined #openstack-ansible		01:23
*** kenhui has joined #openstack-ansible		01:24
*** NachoDuck has joined #openstack-ansible		01:24
*** sdake_ has quit IRC		01:25
*** serverascode has joined #openstack-ansible		01:27
*** jamielennox is now known as jamielennox\|away		01:30
*** sdake has joined #openstack-ansible		01:30
*** thorst has joined #openstack-ansible		01:32
*** thorst has quit IRC		01:32
*** hblah601 has joined #openstack-ansible		01:35
*** hblah has quit IRC		01:36
*** thorst has joined #openstack-ansible		01:37
*** abelur_ has joined #openstack-ansible		01:39
*** thorst has quit IRC		01:42
*** jamielennox\|away is now known as jamielennox		01:43
*** thorst has joined #openstack-ansible		01:52
*** thorst has quit IRC		01:54
*** galstrom_zzz is now known as galstrom		02:19
*** hblah has joined #openstack-ansible		02:23
*** adrian_otto has joined #openstack-ansible		02:24
*** hblah601 has quit IRC		02:25
*** kenhui has quit IRC		02:25
*** adrian_otto has quit IRC		02:28
*** kenhui has joined #openstack-ansible		02:29
*** galstrom is now known as galstrom_zzz		02:52
*** thorst has joined #openstack-ansible		02:55
*** galstrom_zzz is now known as galstrom		02:56
*** kenhui has quit IRC		03:00
*** thorst has quit IRC		03:03
*** v1k0d3n has joined #openstack-ansible		03:13
*** v1k0d3n has quit IRC		03:13
*** jamielennox is now known as jamielennox\|away		03:21
*** Mudpuppy has quit IRC		03:21
*** v1k0d3n has joined #openstack-ansible		03:21
*** markvoelker has joined #openstack-ansible		03:27
*** markvoelker_ has joined #openstack-ansible		03:29
*** galstrom is now known as galstrom_zzz		03:31
*** markvoelker has quit IRC		03:33
*** kenhui has joined #openstack-ansible		03:35
*** kenhui has quit IRC		03:35
*** adrian_otto has joined #openstack-ansible		03:38
*** adrian_otto has quit IRC		03:39
*** adrian_otto has joined #openstack-ansible		03:46
*** adrian_otto has quit IRC		03:51
*** Mudpuppy has joined #openstack-ansible		03:52
*** adrian_otto has joined #openstack-ansible		03:52
*** markvoelker_ has quit IRC		03:53
*** markvoelker has joined #openstack-ansible		03:54
*** schwicht has quit IRC		03:56
*** schwicht has joined #openstack-ansible		03:56
*** adrian_otto has quit IRC		03:56
*** jamielennox\|away is now known as jamielennox		03:56
*** Mudpuppy has quit IRC		03:57
*** eil397_ has quit IRC		03:57
*** gouthamr has quit IRC		04:01
*** thorst has joined #openstack-ansible		04:01
*** thorst has quit IRC		04:09
*** eil397_ has joined #openstack-ansible		04:13
*** janki has joined #openstack-ansible		04:35
*** omiday has quit IRC		04:43
*** omiday has joined #openstack-ansible		04:55
*** omiday has quit IRC		04:59
*** omiday has joined #openstack-ansible		04:59
*** javeriak has joined #openstack-ansible		05:03
*** hblah881 has joined #openstack-ansible		05:05
*** v1k0d3n has quit IRC		05:05
*** thorst has joined #openstack-ansible		05:07
*** hblah has quit IRC		05:07
*** sdake_ has joined #openstack-ansible		05:10
*** neillc has quit IRC		05:12
*** sdake_ is now known as dake		05:13
*** sdake has quit IRC		05:13
*** dake is now known as sdake		05:13
*** thorst has quit IRC		05:14
*** Fenuks has joined #openstack-ansible		05:14
*** javeriak has quit IRC		05:24
*** sdake has quit IRC		05:26
*** neillc has joined #openstack-ansible		05:27
*** hblah has joined #openstack-ansible		05:29
*** hblah881 has quit IRC		05:32
*** shausy has joined #openstack-ansible		05:34
*** markvoelker has quit IRC		05:36
*** adrian_otto has joined #openstack-ansible		05:56
*** eil397_ has quit IRC		05:57
*** adrian_otto has quit IRC		06:04
*** markvoelker has joined #openstack-ansible		06:07
*** markvoelker has quit IRC		06:11
*** thorst has joined #openstack-ansible		06:12
*** hblah102 has joined #openstack-ansible		06:16
*** hblah has quit IRC		06:17
*** thorst has quit IRC		06:19
*** woodard has quit IRC		06:23
*** markvoelker has joined #openstack-ansible		06:36
*** hblah102 has quit IRC		06:39
*** hblah has joined #openstack-ansible		06:40
*** markvoelker has quit IRC		06:41
*** javeriak has joined #openstack-ansible		06:45
*** rgogunskiy has joined #openstack-ansible		06:51
*** pcaruana has joined #openstack-ansible		07:00
*** drifterza has joined #openstack-ansible		07:05
*** markvoelker has joined #openstack-ansible		07:06
openstackgerrit	OpenStack Proposal Bot proposed openstack/openstack-ansible-os_trove: Updated from global requirements https://review.openstack.org/361896	07:08
*** hblah910 has joined #openstack-ansible		07:08
*** hblah has quit IRC		07:11
*** markvoelker has quit IRC		07:12
*** thorst has joined #openstack-ansible		07:17
drifterza	ehlo Boys and Girls	07:23
*** eil397_ has joined #openstack-ansible		07:23
*** thorst has quit IRC		07:24
Fenuks	Hello. Anyone know how to enable swift3 using openstack-ansible?	07:27
*** eil397_ has quit IRC		07:29
*** markvoelker has joined #openstack-ansible		07:36
*** markvoelker has quit IRC		07:41
*** drifterza_ has joined #openstack-ansible		07:59
*** karimb has joined #openstack-ansible		08:01
*** drifterza has quit IRC		08:02
*** drifterza__ has joined #openstack-ansible		08:02
*** drifterza__ is now known as drifterza		08:03
drifterza	odyssey4me: you around ?	08:04
*** fxpester has quit IRC		08:04
*** markvoelker has joined #openstack-ansible		08:05
*** drifterza_ has quit IRC		08:07
*** markvoelker has quit IRC		08:10
*** javeriak has quit IRC		08:16
*** javeriak has joined #openstack-ansible		08:20
*** karimb has quit IRC		08:21
*** hblah910 has quit IRC		08:22
*** thorst has joined #openstack-ansible		08:22
*** thorst has quit IRC		08:29
*** markvoelker has joined #openstack-ansible		08:33
*** markvoelker has quit IRC		08:38
*** karimb has joined #openstack-ansible		08:39
*** eil397_ has joined #openstack-ansible		08:57
*** electrofelix has joined #openstack-ansible		09:00
*** schwicht has quit IRC		09:01
*** markvoelker has joined #openstack-ansible		09:03
*** javeriak has quit IRC		09:03
*** eil397_ has quit IRC		09:03
*** schwicht has joined #openstack-ansible		09:05
*** markvoelker has quit IRC		09:07
*** javeriak has joined #openstack-ansible		09:14
*** thorst has joined #openstack-ansible		09:27
*** markvoelker has joined #openstack-ansible		09:31
*** karimb has quit IRC		09:33
*** schwicht has quit IRC		09:34
*** thorst has quit IRC		09:34
*** toasta has joined #openstack-ansible		09:35
*** markvoelker has quit IRC		09:35
ioni	hello	09:36
ioni	do you guys happen to know why after a migration, the disks are converted from raw to qcow2?	09:36
ioni	in logs i have: https://paste.xinu.at/gzM/	09:37
*** karimb has joined #openstack-ansible		09:39
ioni	this is nova.conf https://paste.xinu.at/yw75s/	09:39
*** schwicht has joined #openstack-ansible		09:41
*** Mudpuppy has joined #openstack-ansible		09:55
*** Mudpuppy has quit IRC		09:59
*** markvoelker has joined #openstack-ansible		10:00
*** markvoelker has quit IRC		10:05
*** shausy has quit IRC		10:08
*** shausy has joined #openstack-ansible		10:08
*** eil397_ has joined #openstack-ansible		10:10
*** kysse has quit IRC		10:14
*** eil397_ has quit IRC		10:14
*** kysse has joined #openstack-ansible		10:15
*** schwicht_ has joined #openstack-ansible		10:21
*** schwicht has quit IRC		10:23
*** markvoelker has joined #openstack-ansible		10:28
*** javeriak has quit IRC		10:31
*** markvoelker has quit IRC		10:32
*** javeriak has joined #openstack-ansible		10:32
*** shausy has quit IRC		10:37
*** shausy has joined #openstack-ansible		10:38
*** _sigmavirus24 is now known as sigmavirus		10:47
*** sigmavirus has joined #openstack-ansible		10:47
*** javeriak has quit IRC		10:49
*** karimb has quit IRC		10:50
*** thorst has joined #openstack-ansible		10:54
*** karimb has joined #openstack-ansible		10:58
*** markvoelker has joined #openstack-ansible		10:59
*** markvoelker has quit IRC		11:03
*** eil397_ has joined #openstack-ansible		11:06
*** schwicht_ has quit IRC		11:09
*** eil397_ has quit IRC		11:13
toasta	hello all, could it be that something broke the haproxy-snippets for repo_cache? There's only a ssl-bind-line in haproxy and all requests fail with "SSL Handshake failure". If i omit the ssl bind, the containers can happily get their packages...	11:23
*** schwicht has joined #openstack-ansible		11:25
*** markvoelker has joined #openstack-ansible		11:28
*** javeriak has joined #openstack-ansible		11:28
*** janki has quit IRC		11:28
*** v1k0d3n has joined #openstack-ansible		11:28
*** schwicht has quit IRC		11:29
*** markvoelker has quit IRC		11:32
*** v1k0d3n has quit IRC		11:33
*** abelur_ has quit IRC		11:36
*** schwicht has joined #openstack-ansible		11:39
*** mgariepy has joined #openstack-ansible		11:53
*** markvoelker has joined #openstack-ansible		11:57
*** sura8257_ has joined #openstack-ansible		11:57
*** sura8257_ has quit IRC		11:57
*** karimb has quit IRC		11:57
*** markvoelker has quit IRC		12:01
*** Andrew_jedi has joined #openstack-ansible		12:04
*** gouthamr has joined #openstack-ansible		12:06
*** skape has joined #openstack-ansible		12:08
*** matias has quit IRC		12:08
skape	Hi! I'm very insterested in trying openstack ansible but in my organization only allows the of CentOS. Is it possible to use it on centos in the moment for proof of concept instalation ?	12:10
*** matias has joined #openstack-ansible		12:12
*** wadeholler has quit IRC		12:13
*** schwicht has quit IRC		12:13
*** kenhui has joined #openstack-ansible		12:14
*** toasta has quit IRC		12:21
*** schwicht has joined #openstack-ansible		12:25
*** markvoelker has joined #openstack-ansible		12:26
*** Andrew_jedi_ has joined #openstack-ansible		12:29
*** Andrew_jedi has quit IRC		12:29
*** Andrew_jedi_ is now known as Andrew_jedi		12:29
*** skape has quit IRC		12:29
*** markvoelker has quit IRC		12:30
*** Akiro has joined #openstack-ansible		12:36
*** eil397_ has joined #openstack-ansible		12:36
Akiro	Hello @everyone	12:36
*** kenhui has quit IRC		12:37
*** javeriak has quit IRC		12:40
*** eil397_ has quit IRC		12:41
*** v1k0d3n has joined #openstack-ansible		12:42
*** javeriak has joined #openstack-ansible		12:51
*** karimb has joined #openstack-ansible		12:51
Akiro	I have a problem deploying Openstack Ansible on a 2 nodes cluster. A lot goes right, except for Glance containers and Neutron agent container (unable to connect to them via SSH)	12:53
*** markvoelker has joined #openstack-ansible		12:56
*** Akiro has quit IRC		12:56
mhayden	good morning!	12:59
*** markvoelker has quit IRC		13:00
drifterza	Good afternoon	13:00
*** pcaruana has quit IRC		13:02
cloudnull	mornings	13:02
*** sdake has joined #openstack-ansible		13:03
javeriak	hey guys, im trying to do a liberty deployment with SSL enabled, and it isn't working, it also keeps skipping "Distribute self signed cert and key" & "Drop user provided ssl cert and key"	13:04
javeriak	im trying to make it work for keystone atm, but the endpoints still list as http	13:05
javeriak	set the following vars in user_variables, http://paste.ubuntu.com/23107258/	13:06
javeriak	any idea what im missing	13:06
*** markvoelker has joined #openstack-ansible		13:06
*** markvoelker_ has joined #openstack-ansible		13:07
cloudnull	javeriak: the playbooks/modules will not recreate the endpoints within keystoen	13:09
cloudnull	so you need to udpate that part manually	13:09
cloudnull	once the ssl setup is complete	13:10
javeriak	hey cloudnull, how's it going o/	13:10
cloudnull	going very well.	13:10
cloudnull	long time :)	13:10
*** markvoelker_ has quit IRC		13:10
cloudnull	nice report from within the OSIC btw	13:10
javeriak	so i recreated the keystone lxc, that shouldve taken care of it	13:10
*** markvoelker has quit IRC		13:10
*** markvoelker_ has joined #openstack-ansible		13:10
cloudnull	the endpoints are within the DB	13:10
javeriak	yea long time indeed, ive moved on to other projects, but come back to OSA stuff now and then :)	13:11
cloudnull	you can use the "openstack" client to update the endpoints.	13:11
javeriak	yea thanks, I was thinking of forwarding that report to you guys, good you got it :)	13:11
*** kylek3h has joined #openstack-ansible		13:11
cloudnull	i think others from within the channel would love to read it too.	13:11
*** markvoelker has joined #openstack-ansible		13:11
cloudnull	i know that the OSIC board will publish it eventually	13:12
cloudnull	idk when that will be	13:12
javeriak	sure, you should share defintely; or would you like me to	13:12
*** GMAzrael has joined #openstack-ansible		13:12
javeriak	so how do i make sure ssl was setup correctly? i can then update the endpoints	13:12
*** markvoelker_ has quit IRC		13:13
javeriak	and updating the endpoints manually applies to all service endpoints?	13:14
cloudnull	I can share with everyone if it's ok with you.	13:14
cloudnull	or you can . eitherway works	13:15
cloudnull	as for the endpoints.	13:15
javeriak	cloudnull yes sure, share away	13:15
cloudnull	if you've enabled ssl within keystone, which for liberty is ssl on the apache server running keystone, you should see that the cert is there and the server is speaking ssl on the public endpoints.	13:16
cloudnull	you can test with curl	13:16
cloudnull	if thats working then update the endpoints with the openstack client	13:16
*** klamath has joined #openstack-ansible		13:17
*** klamath has quit IRC		13:17
*** pcaruana has joined #openstack-ansible		13:17
*** klamath has joined #openstack-ansible		13:18
javeriak	okay let me try that, and any refs for how to update the endpoints? i see alot of longg steps in the openstack docs	13:18
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: Ensure AIDE initializes on subsequent runs https://review.openstack.org/361239	13:19
cloudnull	I think its "openstack service"	13:19
javeriak	also the OSA docs don't say, but shouldn't the 'keystone_ssl: true' type vars also need to be set in the user_variables?	13:19
* cloudnull not so familiar with the openstack client		13:19
cloudnull	I believe that will be automatically set if there's a cert	13:19
* cloudnull goes to verify		13:20
javeriak	it generates the self-signed certs itself doesnt it? that doesnt seem to be enabled by default	13:20
cloudnull	yup it looks like that needs to be set true	13:23
*** sdake_ has joined #openstack-ansible		13:23
cloudnull	in master we're doing ssl by default, self signed or user provided, but in liberty / mitaka that's an option and needs to be set.	13:23
javeriak	ah docs need updating then...	13:23
javeriak	okay so just to recap, set the <service>_ssl: true, and then update endpoints manually should do it?	13:24
mgariepy	to update the endoint you need to use "openstack endpoint set "	13:25
*** sdake has quit IRC		13:25
*** BjoernT has joined #openstack-ansible		13:26
*** TxGirlGeek has joined #openstack-ansible		13:28
*** markvoelker has quit IRC		13:30
javeriak	thanks mgariepy, so cloudnull, the curl would be to the keystone public endpoint with a https, thats the LB-ip:5000	13:31
cloudnull	javeriak: to the keystone node .	13:32
cloudnull	you should get an apache response saying that you need to use HTTPS.	13:32
*** Zucan has joined #openstack-ansible		13:33
*** vnogin_ has joined #openstack-ansible		13:35
javeriak	cloudnull no actually that isnt working, im still getting response data back for the http curl	13:35
cloudnull	w/ the keystone_ssl flag set?	13:36
javeriak	cloudnull yep, all these set: http://paste.ubuntu.com/23107258/	13:36
javeriak	its skipping those distribute tasks	13:36
javeriak	is what im concerned about	13:36
cloudnull	hum.	13:37
cloudnull	are the ssl cert paths updated too ?	13:37
javeriak	where do i check?	13:38
cloudnull	https://github.com/openstack/openstack-ansible/blob/liberty/playbooks/roles/os_keystone/defaults/main.yml#L160-L162	13:38
javeriak	yes those are already inside the role vars	13:38
javeriak	so i expect they get picked up from there	13:39
*** KLevenstein has joined #openstack-ansible		13:39
javeriak	or should i redefine them too	13:39
cloudnull	and these https://github.com/openstack/openstack-ansible/blob/liberty/playbooks/roles/os_keystone/defaults/main.yml#L171-L173	13:40
javeriak	no those later ones are for custom certs aren't they?	13:42
*** kstev has joined #openstack-ansible		13:42
javeriak	so i didn't add	13:42
openstackgerrit	Merged openstack/openstack-ansible-security: Remove extra AIDE tasks https://review.openstack.org/361460	13:43
*** sc68cal_ is now known as sc68cal		13:44
*** eil397_ has joined #openstack-ansible		13:48
cloudnull	javeriak: yes.	13:49
cloudnull	those are for user provided cersts	13:49
cloudnull	if you just want the self signed then setting https://github.com/openstack/openstack-ansible/blob/liberty/playbooks/roles/os_keystone/defaults/main.yml#L159 should be enough	13:50
*** jperry has joined #openstack-ansible		13:50
cloudnull	though you could force a regen https://github.com/openstack/openstack-ansible/blob/liberty/playbooks/roles/os_keystone/defaults/main.yml#L167	13:50
cloudnull	by using that switch on the cli	13:50
drifterza	thanks cloudnull for the +1 on that change	13:50
*** sdake_ has quit IRC		13:50
cloudnull	sure thing, thanks for making the trove role ;)	13:50
drifterza	Busy doing dev against it, want to get it to functional tests :)	13:51
*** sdake has joined #openstack-ansible		13:51
drifterza	hopefully have a fully tested role by weeks end	13:52
drifterza	then try get it pushed into openstack-ansible as an installable role	13:52
*** eil397_ has quit IRC		13:54
javeriak	cloudnull yea i have both of those set, i wonder whats missing, let me dig into it	13:54
drifterza	if I'm not mistaken openstack-infra makes use of trove for their backend db stuff	13:54
cloudnull	I believe they do , however i may be mistakem	13:55
cloudnull	sorry javeriak i dont have the best answer.	13:55
*** pcaruana has quit IRC		13:55
drifterza	I also need to do the trove plugin to horizon	13:56
javeriak	cloudnull now worries, this should work by default in mitaka right?	13:56
cloudnull	it should.	13:56
javeriak	okay cool. thanks, catch you later	13:56
cloudnull	and in newton, we did all of the ssl termination work to fully support that as the default.	13:57
*** markvoelker has joined #openstack-ansible		13:57
*** jamesdenton has joined #openstack-ansible		13:57
javeriak	yea thats what im looking for, it doesnt seem to be as straightforward in OSA liberty	13:57
*** shausy has quit IRC		13:58
cloudnull	we have ssl termination enabled on the osic however all of that is handled on the f5	13:58
javeriak	well we typically use haproxy based setups for demo's as such, so I was looking into getting that enabled	13:59
*** kenhui has joined #openstack-ansible		14:01
javeriak	cloudnull gotta step out for a bit, let me catch you later	14:01
*** javeriak has quit IRC		14:01
cloudnull	take care javeriak .	14:01
drifterza	cloudnull any idea where odyssey4me is today?	14:01
cloudnull	i do not.	14:01
cloudnull	drifterza: anything you need?	14:01
*** markvoelker has quit IRC		14:01
cloudnull	is there a bank holiday today ?	14:02
drifterza	no, the channel is quiet today so I noticed he wasn't around.	14:02
cloudnull	andymccr hughsaunders mattt mancdaz ? uk bank holiday ?	14:02
cloudnull	evrardjp: ^	14:02
cloudnull	sorry idk if there are others in the UK ?	14:02
BjoernT	Isn't Monday always a bank holiday in UK ;-)	14:03
cloudnull	ha!	14:03
cloudnull	well today is a UK bank holiday	14:04
BjoernT	Which I would like in the US too	14:04
cloudnull	its the "August Bank Holiday"	14:04
mattt	cloudnull: yes bank holiday today :)	14:04
cloudnull	http://www.halftermdates.co.uk/bholidays/august-bank-holiday.html	14:04
* cloudnull shakes head		14:04
BjoernT	lol	14:05
cloudnull	they didn't even try to name the holiday, its just a day that ended in "y" so yup, holiday.	14:05
drifterza	k cool	14:05
cloudnull	so if there are any patches that need shoved in while odyssey4me is away let me know.	14:05
cloudnull	:p	14:05
drifterza	hahah	14:06
drifterza	less strict ?	14:06
cloudnull	no, just playing.	14:07
drifterza	:P	14:07
*** Mudpuppy has joined #openstack-ansible		14:09
*** pcaruana has joined #openstack-ansible		14:09
openstackgerrit	Merged openstack/openstack-ansible-security: Fix numbering on V-38583 https://review.openstack.org/361244	14:11
mattt	cloudnull: ha!	14:13
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-tests: Add test network config to lxc_host role https://review.openstack.org/362144	14:13
cloudnull	mattt: ^ if you have a moment.	14:13
cloudnull	mhayden: ^	14:13
*** vnogin_ has left #openstack-ansible		14:13
cloudnull	we're running into IP conflicts when using the test repo	14:13
cloudnull	as seen here http://logs.openstack.org/12/353612/14/check/gate-openstack-ansible-os_sahara-ansible-func-ubuntu-trusty/b17c786/console.html#_2016-08-26_21_48_20_756425	14:14
*** kencjohnston_ has quit IRC		14:14
*** homerp_ has quit IRC		14:14
*** sonus has quit IRC		14:14
*** homerp_ has joined #openstack-ansible		14:14
*** kencjohnston has joined #openstack-ansible		14:15
*** sonus has joined #openstack-ansible		14:15
cloudnull	jmccrory: ^^	14:15
mattt	cloudnull: is that kernel options bit necessary?	14:16
cloudnull	maybe?	14:16
cloudnull	it was in a few of the other roles so i just copied it across	14:16
cloudnull	https://github.com/openstack/openstack-ansible-os_nova/blob/master/tests/test-prepare-host.yml#L93	14:17
cloudnull	I can pull it	14:17
cloudnull	its likely not needed. at least not needed like that	14:17
cloudnull	its a default	14:18
cloudnull	https://github.com/openstack/openstack-ansible-lxc_hosts/blob/master/defaults/main.yml#L67-L68	14:18
cloudnull	so no its not needed.	14:18
*** adrian_otto has joined #openstack-ansible		14:18
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-tests: Add test network config to lxc_host role https://review.openstack.org/362144	14:18
cloudnull	mattt: good catch	14:18
mattt	np, reviewed	14:19
*** spotz_zzz is now known as spotz		14:19
cloudnull	tyvm	14:19
*** cloader89 is now known as cjloader		14:19
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_keystone: Implement CentOS 7 support in os_keystone https://review.openstack.org/320216	14:20
*** neilus has joined #openstack-ansible		14:22
cloudnull	https://review.openstack.org/#/c/362144/ <- mhayden d34dh0r53 if you have a moment	14:24
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible: Enable the opportunistic strategy https://review.openstack.org/349485	14:24
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_neutron: Update paste, policy and rootwrap configurations 2016-08-25 https://review.openstack.org/360685	14:26
*** karimb has quit IRC		14:27
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible: [TESTING] Ansible v2.1.2.0-0.1.rc1 https://review.openstack.org/351165	14:28
*** Andrew_jedi has quit IRC		14:28
*** johnmilton has quit IRC		14:30
mrhillsman	g'morning	14:34
*** kenhui has quit IRC		14:34
spotz	morning	14:36
*** weezS has joined #openstack-ansible		14:40
*** asettle has joined #openstack-ansible		14:41
*** johnmilton has joined #openstack-ansible		14:41
*** michaelgugino has joined #openstack-ansible		14:42
cloudnull	mornings spotz mrhillsman	14:42
spotz	hey cloudnull	14:42
*** palendae_ is now known as palendae		14:43
cloudnull	if folks get a chance today, https://review.openstack.org/#/c/320216/ -- it'd be great to finally land centos support for keystone	14:43
cloudnull	which will allow us to get the other roles into shape	14:43
*** jwagner- is now known as jwagner		14:44
*** weezS has quit IRC		14:47
*** rgogunskiy has quit IRC		14:49
*** Andrew_jedi has joined #openstack-ansible		14:49
*** asettle has quit IRC		14:55
*** spedione is now known as chris_hultin		15:02
mgariepy	cloudnull, do you have some partial doc on deploying on centos for testing ?	15:08
*** kenhui has joined #openstack-ansible		15:09
chris_hultin	Can anyone give me a hand with a networking issue with an all-in-one setup?	15:11
mgariepy	chris_hultin, what's the issue ?	15:11
*** kenhui1 has joined #openstack-ansible		15:11
chris_hultin	mgariepy: No external access from a nova instance	15:12
*** Fenuks\|2 has joined #openstack-ansible		15:12
*** persia has quit IRC		15:13
*** kenhui has quit IRC		15:14
cloudnull	mgariepy: for test the I just use a basic centos VM and go from there. For the roles it should just work out of the box for a full stack its likely that the process for cent isn't well thoughtout yet.	15:14
*** michauds has joined #openstack-ansible		15:15
*** aludwar has quit IRC		15:15
*** Fenuks has quit IRC		15:15
*** psilvad has joined #openstack-ansible		15:15
cloudnull	mgariepy: i use https://github.com/cloudnull/os-ansible-deployment/tree/master-rhel/etc/network/network-scripts for the network scripts	15:15
cloudnull	when i'm playing with the full stack	15:15
cloudnull	however recently i've only focused on individual roles.	15:16
*** persia has joined #openstack-ansible		15:16
cloudnull	chris_hultin: is this an AIO ?	15:16
chris_hultin	cloudnull: Yeaqh	15:16
cloudnull	I know we test that w/ tempest during the gate	15:16
cloudnull	its part of the instance provisioing.	15:17
cloudnull	do you see packets leaving the br-vlan device	15:17
cloudnull	and are the iptables rules inplace to support htat?	15:17
cloudnull	*that	15:17
*** markvoelker has joined #openstack-ansible		15:17
*** sdake_ has joined #openstack-ansible		15:18
chris_hultin	cloudnull: TCPDumping now	15:18
*** sdake has quit IRC		15:20
openstackgerrit	Flávio Ramalho proposed openstack/openstack-ansible-os_ceilometer: Support for Sahara notifications https://review.openstack.org/362190	15:20
*** aludwar has joined #openstack-ansible		15:20
chris_hultin	cloudnull: OK, so the traffic doesn't seem to be leaving. tcpdump -P out doesn't show anything, tcpdump -P in shows the traffic	15:21
*** woodard has joined #openstack-ansible		15:23
cloudnull	do you see it getting across the br-vlan device ?	15:23
chris_hultin	cloudnull: What would the best way to verify that?	15:23
*** sdake has joined #openstack-ansible		15:24
cloudnull	I use `tcpdump -vnlSi $INTERFACE`	15:25
*** sdake_ has quit IRC		15:26
cloudnull	you should see traffic on the bridge	15:26
chris_hultin	cloudnull: Do I need to specify the actual external interface, or the br-vlan interface?	15:26
cloudnull	br-vlan	15:26
cloudnull	if this is an AIO there shouldn't be any interface attached to the port	15:26
cloudnull	and you should see the following rules https://github.com/openstack/openstack-ansible-lxc_hosts/blob/master/templates/lxc-system-manage.j2#L78-L112	15:27
cloudnull	as well as https://github.com/openstack/openstack-ansible/blob/master/etc/network/interfaces.d/aio_interfaces.cfg#L28-L32	15:27
chris_hultin	cloudnull: OK, so I see the requests going from the nova instance to the ping target, but nothing coming in from the outside	15:27
cloudnull	provider network or a tenant ?	15:28
chris_hultin	It's a tenant network	15:28
cloudnull	ima go spin up an AIO and test things too	15:29
cloudnull	that should work so long as you see https://github.com/openstack/openstack-ansible/blob/master/etc/network/interfaces.d/aio_interfaces.cfg#L31-L32	15:29
*** adrian_otto has quit IRC		15:29
*** weezS has joined #openstack-ansible		15:30
chris_hultin	cloudnull: I'm seeing the up/down lines in the osa_interfaces.cfg file	15:32
*** adrian_otto has joined #openstack-ansible		15:32
*** markvoelker has quit IRC		15:32
cloudnull	yes. and you should see those rules in place too	15:32
chris_hultin	In the iptables output?	15:32
cloudnull	yes	15:33
cloudnull	they should be part of the nat table	15:33
cloudnull	`iptables -vnL -t nat`	15:33
*** adrian_otto has quit IRC		15:35
chris_hultin	OK, I do see rules that look correct	15:35
cloudnull	ok	15:36
cloudnull	mhayden d34dh0r53 around?	15:36
cloudnull	stevelle: ++	15:37
d34dh0r53	i am	15:37
cloudnull	please https://review.openstack.org/#/c/362144/	15:37
cloudnull	:)	15:37
*** kenhui1 has quit IRC		15:38
d34dh0r53	cloudnull: donerated, looks good	15:38
chris_hultin	cloudnull: By the way, I can ping out from the LXC containers, just not the actual Nova instances	15:38
cloudnull	thanks d34dh0r53	15:39
*** kenhui has joined #openstack-ansible		15:39
*** eil397_ has joined #openstack-ansible		15:39
*** pcaruana has quit IRC		15:43
*** eil397_ has quit IRC		15:44
*** GMAzrael has quit IRC		15:46
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible: Add RC source to scripts library https://review.openstack.org/362213	15:53
cloudnull	mattt d34dh0r53: another one. ^	15:53
*** neilus has quit IRC		15:54
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_sahara: Ansible 2.1.1.0 role testing https://review.openstack.org/353612	15:54
cloudnull	chris_hultin: if traffic is getting out of the containers then i'd say things are +/- working	15:55
cloudnull	i think its going to be a matter of figuring out where its stopping in the path	15:55
*** galstrom_zzz is now known as galstrom		15:58
*** eil397_ has joined #openstack-ansible		15:59
*** neilus has joined #openstack-ansible		16:00
*** david-lyle_ is now known as david-lyle		16:01
chris_hultin	cloudnull: I think I see what the problem is - the traffic doesn't appear to be being NAT'd when it goes out the public interface of the server	16:05
jamesdenton	Anyone have a sec to verify I'm using overrides properly? OSA 13.1.3	16:05
jamesdenton	http://pastebin.com/gp96zZ6b	16:05
openstackgerrit	Merged openstack/openstack-ansible: Remove unnecessary overrides of service variables https://review.openstack.org/361479	16:10
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: Ensure AIDE initializes on subsequent runs https://review.openstack.org/361239	16:11
cloudnull	chris_hultin: hum. that should be setup already by the AIO scripts.	16:11
cloudnull	if its not then something is being has been broken	16:11
cloudnull	jamesdenton: looking	16:11
cloudnull	jamesdenton: lgtm	16:12
cloudnull	oh, jamesdenton -- add spaces between the items	16:12
cloudnull	IE: path_mtu: 9000	16:12
jamesdenton	:\|	16:12
cloudnull	not path_mtu:9000	16:12
jamesdenton	let's see	16:13
cloudnull	otherwise yaml may see that as a string	16:13
cloudnull	with a collon in it	16:13
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-security: Exclude /run from AIDE checks https://review.openstack.org/362242	16:13
palendae	lol	16:13
palendae	Yay edge cases!	16:13
cloudnull	it may not.	16:13
cloudnull	idk	16:13
palendae	Wouldn't surprise me	16:13
palendae	Does the ini override dict go at the top level of the variables file? I honestly haven't used that plugin	16:14
cloudnull	jamesdenton: http://cdn.pasteraw.com/h1gpqdyu507n9jv27x0i8yrg4bhvcku	16:15
cloudnull	it needs a space	16:15
cloudnull	http://cdn.pasteraw.com/mswevl5itwzve13sp1era9bddlw6ejl	16:15
cloudnull	palendae: whats that? like for the default section ?	16:16
palendae	the neutron_ml2_conf_ini_overrides dict, for example	16:16
palendae	Does that go at the top level of the user_variables.yml file, or under another dict?	16:16
*** drifterza has quit IRC		16:17
cloudnull	jamesdenton: http://cdn.pasteraw.com/i4robrktf0wte39omv6v2c2ehq7kfg9	16:18
cloudnull	neutron_ml2_conf_ini_overrides that would go in the user_variables.yml file	16:18
*** sdake has quit IRC		16:19
jamesdenton	cloudnull my hero	16:20
jamesdenton	cloudnull what version of OSA does this override system worth with? v11+?	16:21
jamesdenton	*work with	16:21
cloudnull	11 +	16:21
cloudnull	kilo and beyond	16:21
palendae	Is ansible still sitting on that PR?	16:21
palendae	Or did they just outright close it?	16:21
*** neilus has quit IRC		16:22
*** neilus has joined #openstack-ansible		16:22
jamesdenton	thanks, cloudnull. Spaces did the trick	16:23
cloudnull	cool	16:23
cloudnull	palendae: i abandoned it	16:23
cloudnull	i gave up	16:23
palendae	:(	16:23
cloudnull	https://github.com/ansible/ansible/pull/12555	16:24
cloudnull	even after showing that the alternitive impl was incomplete and 2x slower they still didn't care. so i abandoned it	16:25
*** michaelgugino has quit IRC		16:28
*** sdake has joined #openstack-ansible		16:30
Andrew_jedi	Guys, Does anybody know how to integrate Ceph Object Gateway with Keystone in Mitaka? I tried this http://docs.ceph.com/docs/master/radosgw/keystone/ but no cigars.	16:30
Andrew_jedi	Getting this, Failed to establish a new connection: [Errno 111] Connection refused'	16:30
cloudnull	mattt: ^	16:36
cloudnull	Andrew_jedi: i do not, however i'm no ceph expert	16:36
Andrew_jedi	cloudnull: It worked till Liberty by using the admin token middleware but then in mitaka admin token middleware was deprecated.	16:38
cloudnull	Andrew_jedi: I guess you could put the admin token middleware back ?	16:38
cloudnull	it should still work even though its been deprecated.	16:39
*** Guest35918 is now known as mgagne		16:39
cloudnull	dolphm: ^	16:39
cloudnull	lbragstad^^	16:39
*** mgagne has quit IRC		16:39
*** mgagne has joined #openstack-ansible		16:39
Andrew_jedi	cloudnull: I don't know exactly how to put it back. On Friday Jesse daid that i can use config_override but i could not figure out how to do that with admin token middleware.	16:40
Andrew_jedi	s/dais/said	16:40
palendae	I wonder if that's related at all to https://bugs.launchpad.net/openstack-ansible/+bug/1614211 ?	16:40
openstack	Launchpad bug 1614211 in openstack-ansible trunk "Playbook Runs Fail in Multi-Domain Environments" [Medium,Confirmed] - Assigned to Nolan Brubaker (nolan-brubaker)	16:40
palendae	I'm working with dstanek on that	16:40
lbragstad	cloudnull Andrew_jedi yep - admin_token middleware should still be there	16:43
lbragstad	but we will be removing it once Ocata opens for development	16:43
logan-	Andrew_jedi: you're on jewel right? what does your rgw config look like? I've tested rgw + keystone v3 using http://cdn.pasteraw.com/h2oz18ttfrhif9o7hlx61itmgs6v98	16:44
cloudnull	Andrew_jedi: http://cdn.pasteraw.com/o2ela8nujqo9ghaqr9l8otfld2q9t69	16:46
cloudnull	that should be all you need to put the admin token middleware back	16:47
*** michaelgugino has joined #openstack-ansible		16:51
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible: [TESTING] Ansible Stable2.1 https://review.openstack.org/351165	16:52
cloudnull	tyvm jmccrory -- who wants to push the button https://review.openstack.org/#/c/320216/ -- d34dh0r53 stevelle mhayden :)	16:52
cloudnull	please?	16:52
*** weezS has quit IRC		16:53
cloudnull	:D	16:53
jmccrory	nice job on that, looking forward to seeing centos moving everywhere else	16:53
Andrew_jedi	logan-: My host ip is 172.29.236.73, http://paste.openstack.org/show/564615/	16:55
Andrew_jedi	cloudnull: Thanks a ton :)	16:56
Andrew_jedi	logan-: Yes i am on Jewel.	16:56
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_sahara: Ansible 2.1.1.0 role testing https://review.openstack.org/353612	16:59
*** jperry has quit IRC		17:05
*** jperry has joined #openstack-ansible		17:05
Andrew_jedi	cloudnull logan- Its working now. I moved the v3 config from the global section to the radosgw host section and restarted the radosgw. :)	17:11
cloudnull	woot!	17:12
*** appprod0 has joined #openstack-ansible		17:13
*** kenhui has quit IRC		17:14
*** javeriak has joined #openstack-ansible		17:15
*** KLevenstein has quit IRC		17:21
*** javeriak has quit IRC		17:21
*** javeriak has joined #openstack-ansible		17:21
mhayden	cloudnull: just applied lime to coconut	17:21
*** raalee has joined #openstack-ansible		17:21
cloudnull	mhayden: :)	17:24
*** AnarchyAo has joined #openstack-ansible		17:24
cloudnull	so i may need a second set of eyes. https://review.openstack.org/#/c/353612/ -- is failing the gate but on EVERY test locally passes.	17:26
*** kenhui has joined #openstack-ansible		17:26
cloudnull	i'm not sure where its going off, but it looks something to do with container networking. I just can't figure out what.	17:26
cloudnull	^ if anyone has time it'd be much appreciated.	17:27
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible: Fix deprecation warning for undefined variables https://review.openstack.org/361407	17:28
*** raalee has quit IRC		17:35
michaelgugino	cloudnull: I think there's a problem with your inventory / delegation.	17:35
michaelgugino	"ESTABLISH LOCAL CONNECTION FOR USER: jenkins" does not appear in other checks	17:35
cloudnull	I was leaning that way too but I can't pinpoint as to why.	17:36
cloudnull	because if i spin a local vm and test it passes	17:36
openstackgerrit	Merged openstack/openstack-ansible-os_keystone: Implement CentOS 7 support in os_keystone https://review.openstack.org/320216	17:37
*** electrofelix has quit IRC		17:37
openstackgerrit	Satheesh Kumar Ulaganathan proposed openstack/openstack-ansible-rabbitmq_server: Add collect_statistics_interval, rates_mode in rabbitmq.config template https://review.openstack.org/362297	17:38
cloudnull	#success Keystone now supports CentOS7	17:39
openstackstatus	cloudnull: Added success to Success page	17:39
*** AnarchyAo has quit IRC		17:42
michaelgugino	cloudnull: in the ci environment it looks like things are executing as the jenkins user, are you executing as a nonpriv user locally?	17:44
cloudnull	nope, let me give that a spin	17:46
cloudnull	could be something off when using not root	17:46
*** AnarchyAo has joined #openstack-ansible		17:47
*** Andrew_jedi has quit IRC		17:52
*** markvoelker has joined #openstack-ansible		17:53
*** Fenuks\|2 has quit IRC		17:57
*** asettle has joined #openstack-ansible		17:58
*** albertcard has joined #openstack-ansible		18:01
*** adrian_otto has joined #openstack-ansible		18:01
openstackgerrit	Satheesh Kumar Ulaganathan proposed openstack/openstack-ansible-rabbitmq_server: Add collect_statistics_interval, rates_mode in rabbitmq.config template https://review.openstack.org/362297	18:02
*** TxGirlGeek has quit IRC		18:03
*** asettle has quit IRC		18:03
*** KLevenstein has joined #openstack-ansible		18:03
*** markvoelker has quit IRC		18:09
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-tests: Updated host prep tasks https://review.openstack.org/362308	18:10
cloudnull	^ i think thats most of the problem with local delegation.	18:11
cloudnull	I have a few more tests running as NOT root and will know more in a min or two	18:12
michaelgugino	cloudnull: probably should add connection: local to a few other places like test-prepare-containers.yml	18:15
*** Zucan has quit IRC		18:20
*** TxGirlGeek has joined #openstack-ansible		18:25
*** Andrew_jedi has joined #openstack-ansible		18:31
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-tests: Updated host prep tasks https://review.openstack.org/362308	18:35
cloudnull	rromans asettle when you're around you mind giving https://review.openstack.org/#/c/355041/ a look ?	18:44
cloudnull	PS4 LGTM but i'd like someone better at english than I to give it a review.	18:45
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible: Enable the opportunistic strategy https://review.openstack.org/349485	18:51
*** albertcard has quit IRC		18:54
alextricity25	Does OSA pin galera to a specific version in mitaka?	18:55
cloudnull	we use the 10.x releaese	18:57
cloudnull	10.0	18:57
cloudnull	but not a specific version from 10.0.x	18:57
alextricity25	cloudnull: Thanks man!	18:58
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-openstack_hosts: Updated to use the openstack-ansible-tests repo https://review.openstack.org/360130	19:02
cloudnull	alextricity25: anytime	19:02
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-tests: Removed yum cache update https://review.openstack.org/362329	19:09
openstackgerrit	Merged openstack/openstack-ansible-rabbitmq_server: Add collect_statistics_interval, rates_mode in rabbitmq.config template https://review.openstack.org/362297	19:13
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-openstack_hosts: Updated to use the openstack-ansible-tests repo https://review.openstack.org/360130	19:15
*** javeriak has quit IRC		19:18
cloudnull	stevelle jmccrory d34dh0r53 if you have a moment https://review.openstack.org/#/q/project:openstack/openstack-ansible-tests+status:open -- these would be helpful	19:18
stevelle	looking	19:18
cloudnull	tyvm	19:19
cloudnull	stevelle: https://review.openstack.org/#/c/358798/ -- the cent7 changes merged into keystone	19:20
cloudnull	do you want me to rebase that ^ ?	19:20
stevelle	cloudnull: saw that, if you have time that would be great	19:20
cloudnull	being that my change created that merge conflict I'd be happy to resolve it for you if you'd like	19:20
cloudnull	ok.	19:20
cloudnull	will do it now	19:20
cloudnull	what do folks think about grabbing all of our roles via the testing repo? right now all roles have this https://github.com/openstack/openstack-ansible-os_nova/blob/master/tests/ansible-role-requirements.yml and the file is different everywhere.	19:24
cloudnull	but if it was stored/processed from the testing repo it'd be stored in 1 place.	19:24
cloudnull	obviously that download roles that may not be needed for a given set of tests, but it'd also mean that all of the roles would be availble regardless of them being used.	19:25
cloudnull	thoughts?	19:25
openstackgerrit	Merged openstack/openstack-ansible-tests: Updated host prep tasks https://review.openstack.org/362308	19:26
openstackgerrit	Merged openstack/openstack-ansible-tests: Removed yum cache update https://review.openstack.org/362329	19:26
alextricity25	It looks like the mariadb version for liberty and mitaka are the same. Does that sound right?	19:28
cloudnull	yes.	19:28
cloudnull	that should be	19:28
alextricity25	so why exactly are there all these steps in the upgrade script to restart the galera server? To update any openstack table schema changes?	19:29
alextricity25	I"m probably asking some noobish questions here.	19:29
cloudnull	nope. i think its just a safe guard in handling.	19:30
cloudnull	and maybe to limit impact when upgrading from 10.0.a to 10.0.b	19:31
cloudnull	even though there shouldn't be any	19:31
jmccrory	cloudnull: sounds like a good idea to me. will require dependent change in tests repo for adding anything new but that would also help force people to make use of it	19:31
cloudnull	++	19:31
cloudnull	that's my toughts.	19:31
cloudnull	if we force its use it'll get a lot more attention	19:32
*** adrian_otto has quit IRC		19:33
alextricity25	Oh..this is interesting. "The ``galera_upgrade`` variable tells the ``galera_server`` role to remove the current version of MariaDB and Galera and upgrade to the 10.x series."	19:34
alextricity25	It sounds like we were not running 10.x on liberty environments in some point in the past	19:34
openstackgerrit	Jimmy McCrory proposed openstack/openstack-ansible: Move pip_lock_to_internal_repo to group_vars https://review.openstack.org/344388	19:36
rromans	cloudnull: reviewed	19:37
*** Andrew_jedi has quit IRC		19:38
stevelle	cloudnull: I like that the roles all specify what they need, but it's really just an aesthetic judgement.	19:42
cloudnull	tyvm rromans	19:42
rromans	cloudnull: cheers	19:42
*** thorst_ has joined #openstack-ansible		19:46
*** sdake has quit IRC		19:48
*** thorst has quit IRC		19:48
*** albertcard has joined #openstack-ansible		19:52
*** markvoelker has joined #openstack-ansible		19:52
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-tests: Added role requirements file to the tests repo https://review.openstack.org/362349	19:55
cloudnull	stevelle jmccrory ^ thats what I'm thinking.	19:56
cloudnull	in that way all of the roles are made available to the testing suit	19:56
cloudnull	and if more out of tree roles are required the specific project role should be able to pull those in with an additional requirement file.	19:57
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-tests: Added role requirements file to the tests repo https://review.openstack.org/362349	19:57
cloudnull	^ white space fix	19:57
*** AnarchyAo has quit IRC		20:01
chris_hultin	cloudnull: So, I think I figured out the problem with the networking issue I brought up earlier - for whatever reason, the traffic isn't being NAT'd when it is going out the public interface on the server	20:03
*** TxGirlGeek has quit IRC		20:03
cloudnull	we're you able to add an iptables rule to fix it?	20:04
*** neillc has quit IRC		20:04
cloudnull	**were	20:05
*** mcarden has quit IRC		20:05
*** gus has quit IRC		20:05
*** mattoliverau has quit IRC		20:05
*** darrenc has quit IRC		20:05
*** mcarden_ has quit IRC		20:05
*** jhesketh has quit IRC		20:05
chris_hultin	cloudnull: I've not done that yet - I need to look up how to actually do that.	20:05
*** darrenc has joined #openstack-ansible		20:07
*** markvoelker has quit IRC		20:08
*** johnmilton has quit IRC		20:08
cloudnull	chris_hultin: http://cdn.pasteraw.com/8vircovygtk8dya36vyjwko2ase921p -- something like that should work	20:09
chris_hultin	cloudnull: I just need to remove the current rule first.	20:09
cloudnull	the MASQUERADE ?	20:10
*** mcarden has joined #openstack-ansible		20:11
*** mcarden_ has joined #openstack-ansible		20:11
*** neillc has joined #openstack-ansible		20:11
*** matt6434 has joined #openstack-ansible		20:11
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-tests: Added role requirements file to the tests repo https://review.openstack.org/362349	20:12
*** jhesketh has joined #openstack-ansible		20:12
*** gus has joined #openstack-ansible		20:15
*** markvoelker has joined #openstack-ansible		20:17
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_neutron: Open vSwitch documentation in Neutron Role https://review.openstack.org/355041	20:18
cloudnull	thorst_: ^ i took wip off your patch	20:18
cloudnull	rromans: if you dont mind revoting.	20:18
chris_hultin	cloudnull: Thanks, still not working though. For whatever reason, it doesn't look like anything is hitting that rule.	20:20
rromans	cloudnull: done	20:20
*** johnmilton has joined #openstack-ansible		20:21
cloudnull	thanks again rromans	20:24
cloudnull	chris_hultin: interesting	20:24
cloudnull	no packats are hitting that rule?	20:24
*** johnmilton has quit IRC		20:25
*** johnmilton has joined #openstack-ansible		20:25
chris_hultin	cloudnull: Nope, https://gist.github.com/chrishultin/60d4e9c41dc37c200a77ba34dee73cfb	20:25
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_keystone: Install and configure Nginx https://review.openstack.org/358798	20:28
cloudnull	stevelle: ^ rebased	20:29
FrankZhang	coolj hi, Jordan, is that you?	20:29
FrankZhang	coolj I'm Frank, RPC dev team, are you still working on https://review.openstack.org/#/c/329231/ ?	20:29
cloudnull	chris_hultin: looks like the lxc masquerade is happening https://gist.github.com/chrishultin/60d4e9c41dc37c200a77ba34dee73cfb#file-gistfile1-txt-L6	20:30
openstackgerrit	Merged openstack/openstack-ansible-os_neutron: Open vSwitch documentation in Neutron Role https://review.openstack.org/355041	20:30
cloudnull	i've got to step away for a bit, back later.	20:32
openstackgerrit	Merged openstack/openstack-ansible: Update all SHAs for 12.2.3 https://review.openstack.org/360694	20:33
*** Jeffrey4l_ has quit IRC		20:35
*** Jeffrey4l_ has joined #openstack-ansible		20:36
*** markvoelker has quit IRC		20:48
*** TxGirlGeek has joined #openstack-ansible		20:52
*** sdake has joined #openstack-ansible		20:52
thorst_	cloudnull: we are still testing that out internally	20:53
thorst_	so I was leaving as WIP until we get a solid verify	20:53
thorst_	I planned to update a few more times actually based on what we're learning test wise.	20:53
*** woodard has quit IRC		20:54
openstackgerrit	Steve Lewis (stevelle) proposed openstack/openstack-ansible-os_keystone: Isolate mod_wsgi from Apache install https://review.openstack.org/362439	20:56
*** Mudpuppy_ has joined #openstack-ansible		20:56
*** Mudpuppy has quit IRC		21:00
*** Mudpuppy_ has quit IRC		21:00
*** gouthamr has quit IRC		21:02
*** abelur__ has joined #openstack-ansible		21:05
*** AnarchyAo has joined #openstack-ansible		21:06
openstackgerrit	Steve Lewis (stevelle) proposed openstack/openstack-ansible-os_keystone: Install and configure Nginx https://review.openstack.org/358798	21:06
openstackgerrit	Steve Lewis (stevelle) proposed openstack/openstack-ansible-tests: Add convergence test for test repo. https://review.openstack.org/360509	21:07
*** chris_hultin is now known as spedione\|AWAY		21:08
coolj	FrankZhang: yeah, that's me :)	21:12
FrankZhang	coolj hi, you still work on that one?	21:13
*** thorst_ has quit IRC		21:13
*** thorst has joined #openstack-ansible		21:14
*** TxGirlGeek has quit IRC		21:14
coolj	FrankZhang: i'm still waiting for the stable maintenance team to merge the backport. don't know that there's anything else left to "do" on it	21:17
*** thorst has quit IRC		21:18
FrankZhang	coolj I just did recheck and didn't expect it passed right now. It's really interesting that failure not related to nova db things.	21:19
cloudnull	thorst: every commit to our neutron role is going through an OvS test. From a doc point of view the changes to the local role docs to deploy OvS were much needed/welcome.	21:21
cloudnull	while neutron gates w/ ovs its non-voting.	21:21
cloudnull	at last check it looks like the tests are passing without issue so we might want to get odyssey4me to update the ovs gate to make it voting	21:21
jamesdenton	cloudnull quick question re: overrides when you have a sec	21:22
cloudnull	shoot	21:23
jamesdenton	In /etc/openstack_deploy/user_variables.yml, can you limit overrides to a particular group? ie. neutron_server? Or must that be done in openstack_user_config?	21:26
cloudnull	jmccrory stevelle d34dh0r53 any thoughts on https://review.openstack.org/#/c/362349/	21:26
*** schwicht has quit IRC		21:26
jamesdenton	In the latter, we don't really differentiate between network hosts (agent vs server). We've got network_hosts. The overrides really only need to exist on neutron_server containers. What would be the best way to go about ensuring that?	21:27
cloudnull	jamesdenton: for that kind of a limit would have to be in openstack_user_config	21:27
cloudnull	are the setting that you want to deploy host/service specific ?	21:28
cloudnull	IE can they simply be everywhere ?	21:28
jamesdenton	well they can be everywhere, but in reality only the neutron_server containers need them	21:28
jmccrory	cloudnull : think alphabetic listing caused problems in the past, role needed its dependency listed first. etcd might need to be included too since it's needed by neutron (and so the other roles that require neutron in their tests)	21:29
cloudnull	jamesdenton: you could append them to group_vars within the neutron_agent group https://github.com/openstack/openstack-ansible/blob/master/playbooks/inventory/group_vars/neutron_agent.yml	21:31
cloudnull	s/neutron_agent/neutron_server/	21:32
cloudnull	doesn't look like a file exists for that so you'd just create it.	21:32
*** sdake has quit IRC		21:33
cloudnull	jmccrory: you may be right. that makes generating a list based on what we have in project-config hard.	21:33
jmccrory	yeah...	21:33
jamesdenton	cloudnull oh, so just create a /opt/openstack-ansible/playbooks/inventory/group_vars/neutron_server.yml and through my overrides in there?	21:34
stevelle	jamesdenton: that should do it	21:35
openstackgerrit	Steve Lewis (stevelle) proposed openstack/openstack-ansible-os_keystone: Isolate mod_wsgi from Apache install https://review.openstack.org/362439	21:36
coolj	cloudnull: stevelle any way to do that ^ outside of the repo so we don't have to track changes to the branch when upgrading to a new branch?	21:37
coolj	changing group vars i mean	21:37
jamesdenton	like extending that to say /etc/openstack_deploy/group_vars/*?	21:38
jamesdenton	:D	21:38
cloudnull	coolj: nope	21:38
cloudnull	i've not found a way to reach in and inject group_vars into an ansible run	21:38
cloudnull	maybe something can be done in inventory, though i don't know what	21:39
cloudnull	jmccrory: RE: https://review.openstack.org/#/c/362349/ sadly ansible doesn't let us specifiy multiple role requirement files.	21:40
cloudnull	so the extra roles, like etcd would need to be pulled in on a second run but the good news is the galaxy resolver, when using 2.x doesn't seem to die on dependencies when using the git scm	21:41
cloudnull	i remember that being an issue in 1.x but seems fixed in 2.	21:41
jmccrory	oh ok good, this should line up with roles moving to 2 anyway	21:42
stevelle	out of curiosity, since I'm out of touch on this, what is neutron using etcd for?	21:42
jmccrory	stevelle: calico https://review.openstack.org/#/c/340174/	21:42
cloudnull	etcd and bird	21:43
openstackgerrit	Satheesh Kumar Ulaganathan proposed openstack/openstack-ansible-rabbitmq_server: Add collect_statistics_interval, rates_mode in rabbitmq.config template https://review.openstack.org/362461	21:43
jmccrory	think it's only required because it's mentioned in the meta file, even with a when around it https://review.openstack.org/#/c/340174/19/meta/main.yml	21:44
stevelle	we need to nudge the Calico team to put OSA here: http://docs.projectcalico.org/en/1.3.0/openstack.html	21:45
cloudnull	logan-: ^	21:49
*** klamath has quit IRC		21:49
cloudnull	jmccrory: So i think we can do the following to get all the roles and then the extra ones. in the neutron role we do this https://github.com/openstack/openstack-ansible-os_neutron/blob/master/tox.ini#L120-L122 which we can change to http://cdn.pasteraw.com/40aafnh45lk36t24kfbciwzby0c12s3	21:49
cloudnull	note the first will get everything, second will skip on anything it already has.	21:50
cloudnull	tests/playbooks being the location of the test role.	21:51
*** dfflanders has joined #openstack-ansible		21:51
*** BjoernT has quit IRC		21:52
openstackgerrit	Merged openstack/openstack-ansible: Fix deprecation warning for undefined variables https://review.openstack.org/361407	21:58
cloudnull	i gotta run, bbl	21:59
*** schwicht has joined #openstack-ansible		22:01
jmccrory	cloudnull : ah ok, that makes sense. maybe name change on the second file eventually so it's more obvious that those are additional or role specific requirements	22:05
*** schwicht has quit IRC		22:07
*** kenhui has quit IRC		22:07
*** jamesdenton has quit IRC		22:08
*** jperry has quit IRC		22:08
*** schwicht has joined #openstack-ansible		22:08
*** galstrom is now known as galstrom_zzz		22:09
mrda	Morning OSA	22:09
spotz	hey mrda	22:12
mrda	o/	22:15
*** chrichip has joined #openstack-ansible		22:18
*** michauds has quit IRC		22:23
*** chrichip has quit IRC		22:25
openstackgerrit	Bjoern Teipel proposed openstack/openstack-ansible-os_swift: Support to disable/enable individual Swift services https://review.openstack.org/362476	22:27
*** KLevenstein has quit IRC		22:28
openstackgerrit	Bjoern Teipel proposed openstack/openstack-ansible-os_swift: Support to disable/enable individual Swift services https://review.openstack.org/362476	22:28
*** thorst has joined #openstack-ansible		22:34
*** spotz is now known as spotz_zzz		22:35
*** schwicht has quit IRC		22:36
*** michaelgugino has quit IRC		22:47
*** kenhui has joined #openstack-ansible		22:52
*** kenhui has quit IRC		22:56
*** markvoelker has joined #openstack-ansible		23:02
*** matt6434 is now known as mattoliverau		23:06
*** gouthamr has joined #openstack-ansible		23:07
*** AnarchyAo has quit IRC		23:09
cloudnull	mornings mrda	23:24
mrda	hey cloudnull	23:24
cloudnull	hows it ?	23:26
cloudnull	any cores around that might want to allow this through https://review.openstack.org/#/c/362213/ ?	23:26
openstackgerrit	Merged openstack/openstack-ansible-security: Ensure AIDE initializes on subsequent runs https://review.openstack.org/361239	23:30
openstackgerrit	Merged openstack/openstack-ansible-security: Exclude /run from AIDE checks https://review.openstack.org/362242	23:30
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance: Implement CentOS 7 support in os_glance https://review.openstack.org/320542	23:31
cloudnull	stevelle: looks like https://review.openstack.org/#/c/358798/ is happen	23:50
cloudnull	for cent+nginx	23:50
cloudnull	or is that a missnomer?	23:50
*** markvoelker has quit IRC		23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!