Tuesday, 2016-12-13

« Monday, 2016-12-12 Index Wednesday, 2016-12-14 »
*** erhudy has quit IRC00:00
*** sdake_ has quit IRC00:04
*** BjoernT has quit IRC00:14
*** phalmos_ has quit IRC00:18
*** thorst has quit IRC00:25
*** thorst has joined #openstack-ansible00:26
*** weezS has quit IRC00:31
*** sdake has joined #openstack-ansible00:34
*** thorst has quit IRC00:35
*** thorst has joined #openstack-ansible00:35
*** thorst_ has joined #openstack-ansible00:36
*** thorst has quit IRC00:39
*** thorst_ has quit IRC00:41
*** thorst has joined #openstack-ansible00:43
*** hw_wutianwei has joined #openstack-ansible00:44
*** thorst has quit IRC00:48
*** vnogin has quit IRC00:48
*** asettle has joined #openstack-ansible00:50
openstackgerritMichael Carden proposed openstack/openstack-ansible-os_ironic: Make tox tests use the ansible 1.9.x version of plugins  https://review.openstack.org/40999100:51
*** asettle has quit IRC00:55
*** javeriak has joined #openstack-ansible00:56
*** thorst has joined #openstack-ansible01:03
*** thorst_ has joined #openstack-ansible01:07
*** thorst has quit IRC01:08
*** thorst_ has quit IRC01:12
*** chhavi has joined #openstack-ansible01:13
*** javeriak has quit IRC01:28
*** cathrich_ has joined #openstack-ansible01:35
*** cathrichardson has quit IRC01:35
*** thorst has joined #openstack-ansible01:35
*** thorst_ has joined #openstack-ansible01:38
*** thorst has quit IRC01:42
*** thorst_ has quit IRC01:44
*** sdake has quit IRC01:44
*** jlockwood has quit IRC01:46
*** thorst has joined #openstack-ansible01:49
*** thorst_ has joined #openstack-ansible01:51
*** asettle has joined #openstack-ansible01:52
*** thorst has quit IRC01:53
*** adrian_otto has quit IRC01:54
*** thorst has joined #openstack-ansible01:55
*** thorst_ has quit IRC01:56
*** asettle has quit IRC01:56
*** sdake has joined #openstack-ansible01:57
*** thorst has quit IRC02:00
*** thorst has joined #openstack-ansible02:01
*** thorst has quit IRC02:06
openstackgerritMichael Carden proposed openstack/openstack-ansible-os_ironic: Make tox tests use the ansible 1.9.x version of plugins  https://review.openstack.org/40999102:06
*** weezS has joined #openstack-ansible02:09
*** thorst has joined #openstack-ansible02:11
*** thorst has quit IRC02:13
*** thorst has joined #openstack-ansible02:13
*** chhavi has quit IRC02:14
*** javeriak has joined #openstack-ansible02:16
*** sdake has quit IRC02:17
openstackgerritMichael Carden proposed openstack/openstack-ansible-os_ironic: Add tests/common to .gitignore  https://review.openstack.org/41000302:19
*** sdake has joined #openstack-ansible02:20
*** chhavi has joined #openstack-ansible02:23
*** thorst has quit IRC02:23
*** thorst has joined #openstack-ansible02:25
*** javeriak has quit IRC02:27
*** sdake has quit IRC02:40
*** thorst_ has joined #openstack-ansible02:40
*** admin0 has quit IRC02:41
*** admin0 has joined #openstack-ansible02:42
*** sdake has joined #openstack-ansible02:42
*** thorst has quit IRC02:43
*** thorst has joined #openstack-ansible02:44
*** thorst_ has quit IRC02:45
*** sdake_ has joined #openstack-ansible02:45
*** chhavi has quit IRC02:46
*** sdake has quit IRC02:49
*** asettle has joined #openstack-ansible02:52
*** thorst_ has joined #openstack-ansible02:53
*** thorst__ has joined #openstack-ansible02:55
*** thorst has quit IRC02:56
*** asettle has quit IRC02:57
*** thorst_ has quit IRC02:58
*** thorst has joined #openstack-ansible02:58
*** thorst__ has quit IRC03:01
*** v1k0d3n has quit IRC03:09
*** thorst_ has joined #openstack-ansible03:17
*** pmannidi_ has joined #openstack-ansible03:18
*** pmannidi has quit IRC03:19
*** thorst has quit IRC03:19
*** thorst has joined #openstack-ansible03:19
*** thorst_ has quit IRC03:22
*** v1k0d3n has joined #openstack-ansible03:23
*** thorst_ has joined #openstack-ansible03:23
*** pramodrj07 has quit IRC03:25
*** PramodJayathirth has quit IRC03:25
*** agrebennikov_ has quit IRC03:26
*** thorst has quit IRC03:27
*** raginbajin has quit IRC03:27
*** raginbajin has joined #openstack-ansible03:32
*** thorst has joined #openstack-ansible03:36
*** thorst_ has quit IRC03:39
*** thorst has quit IRC03:44
*** ianychoi has joined #openstack-ansible03:44
*** thorst has joined #openstack-ansible03:51
*** javeriak has joined #openstack-ansible03:52
*** asettle has joined #openstack-ansible03:53
*** Disova has quit IRC03:55
*** Disova has joined #openstack-ansible03:55
*** thorst has quit IRC03:56
*** asettle has quit IRC03:58
*** Jeffrey4l has quit IRC03:58
*** thorst has joined #openstack-ansible03:59
*** winggundamth has quit IRC04:02
*** Jeffrey4l has joined #openstack-ansible04:03
*** thorst has quit IRC04:04
*** winggundamth has joined #openstack-ansible04:06
*** williamcaban has quit IRC04:15
*** williamcaban has joined #openstack-ansible04:16
*** adreznec has quit IRC04:18
*** Jack_Iv has joined #openstack-ansible04:19
*** williamcaban has quit IRC04:20
*** adreznec has joined #openstack-ansible04:21
*** Jack_Iv has quit IRC04:23
*** cathrich_ has quit IRC04:26
*** cathrichardson has joined #openstack-ansible04:26
*** cathrichardson has quit IRC04:31
*** sdake_ has quit IRC04:31
*** adrian_otto has joined #openstack-ansible04:41
*** v1k0d3n has quit IRC04:41
*** weezS has quit IRC04:47
*** dfflanders has quit IRC04:48
*** asettle has joined #openstack-ansible04:54
*** whiteveil has joined #openstack-ansible04:55
*** whiteveil has quit IRC04:58
*** asettle has quit IRC04:59
*** sdake has joined #openstack-ansible05:00
*** thorst has joined #openstack-ansible05:02
*** sdake_ has joined #openstack-ansible05:03
*** sdake has quit IRC05:05
*** poopcat has quit IRC05:07
*** hybridpollo has quit IRC05:07
*** sdake_ has quit IRC05:07
*** Mudpuppy has quit IRC05:08
*** thorst has quit IRC05:08
*** agrebennikov_ has joined #openstack-ansible05:08
*** Mudpuppy has joined #openstack-ansible05:08
*** Mudpuppy has quit IRC05:13
*** hybridpollo has joined #openstack-ansible05:15
*** maeker has quit IRC05:27
*** hybridpollo has quit IRC05:30
*** shausy has joined #openstack-ansible05:31
openstackgerritNeill Cox proposed openstack/openstack-ansible-os_searchlight: [WIP] Import initial os_searchlight role.  https://review.openstack.org/40441905:35
*** Jack_Iv has joined #openstack-ansible05:37
*** hybridpollo has joined #openstack-ansible05:38
*** adrian_otto has quit IRC05:39
*** adrian_otto has joined #openstack-ansible05:40
openstackgerritNeill Cox proposed openstack/openstack-ansible-os_searchlight: [WIP] Import initial os_searchlight role.  https://review.openstack.org/40441905:41
*** hybridpollo has quit IRC05:46
openstackgerritNeill Cox proposed openstack/openstack-ansible-os_searchlight: [WIP] Import initial os_searchlight role.  https://review.openstack.org/40441905:49
*** asettle has joined #openstack-ansible05:55
*** asettle has quit IRC06:00
*** thorst has joined #openstack-ansible06:06
*** whiteveil has joined #openstack-ansible06:09
*** thorst has quit IRC06:13
*** whiteveil has quit IRC06:14
*** Jack_Iv_ has joined #openstack-ansible06:20
*** rgogunskiy has joined #openstack-ansible06:24
*** Jack_Iv_ has quit IRC06:24
*** whiteveil has joined #openstack-ansible06:24
*** whiteveil has quit IRC06:29
*** Jack_Iv_ has joined #openstack-ansible06:36
*** agrebennikov_ has quit IRC06:36
*** adrian_otto has quit IRC06:42
*** javeriak has quit IRC06:49
*** asettle has joined #openstack-ansible06:56
*** Oku_OS-away is now known as Oku_OS06:56
*** asettle has quit IRC07:01
*** h5t4 has joined #openstack-ansible07:07
*** Jack_Iv_ has quit IRC07:07
*** fxpester has joined #openstack-ansible07:09
*** thorst has joined #openstack-ansible07:11
*** thorst has quit IRC07:19
*** Jeffrey4l has quit IRC07:24
*** Jeffrey4l has joined #openstack-ansible07:25
*** cuongnv has joined #openstack-ansible07:39
*** sacharya has quit IRC07:42
*** Jack_Iv_ has joined #openstack-ansible07:48
*** asettle has joined #openstack-ansible07:57
*** Jack_Iv_ has quit IRC07:59
*** sacharya has joined #openstack-ansible08:00
*** asettle has quit IRC08:02
*** basilAB has quit IRC08:04
*** sacharya has quit IRC08:05
*** whiteveil has joined #openstack-ansible08:05
*** basilAB has joined #openstack-ansible08:09
*** whiteveil has quit IRC08:10
*** pcaruana has joined #openstack-ansible08:10
*** aludwar has quit IRC08:10
*** oanson has joined #openstack-ansible08:11
*** thorst has joined #openstack-ansible08:16
*** maeker has joined #openstack-ansible08:18
*** maeker has quit IRC08:23
*** thorst has quit IRC08:23
openstackgerritNeill Cox proposed openstack/openstack-ansible-os_searchlight: [WIP] Import initial os_searchlight role.  https://review.openstack.org/40441908:30
Adri2000hello08:45
Adri2000what's the official "policy" regarding running specific roles in a more recent version than the rest of openstack-ansible08:46
Adri2000specifically, in my example, running os_magnum master with the rest of openstack-ansible stable/newton08:46
*** karimb has joined #openstack-ansible08:46
Adri2000issue being that os_magnum master has incompatible changes with Ansible 2.1 (and openstack-ansible stable/newton means Ansible 2.1)08:47
*** ArchiFleKs has quit IRC08:53
*** vnogin has joined #openstack-ansible09:04
*** gouthamr has joined #openstack-ansible09:06
*** fxpester has quit IRC09:13
*** fxpester has joined #openstack-ansible09:14
*** jlockwood has joined #openstack-ansible09:17
*** karimb has quit IRC09:20
*** asettle has joined #openstack-ansible09:20
*** thorst has joined #openstack-ansible09:21
openstackgerritOmer Anson proposed openstack/openstack-ansible-os_neutron: Implement Dragonflow deployment  https://review.openstack.org/39152409:22
*** asettle has quit IRC09:22
*** asettle has joined #openstack-ansible09:22
*** Jack_Iv_ has joined #openstack-ansible09:25
*** vnogin has quit IRC09:27
*** thorst has quit IRC09:29
*** jlockwood has quit IRC09:29
*** Jack_Iv_ has quit IRC09:30
*** gouthamr has quit IRC09:33
*** Jack_Iv_ has joined #openstack-ansible09:35
*** karimb has joined #openstack-ansible09:36
evrardjpAdri2000: I think that chris_hultin|AWA is working on this right now09:39
evrardjpodyssey4me: could you confirm?09:39
odyssey4meAdri2000 you can do whatever you like, but based on the changes we had to make in master for Ansible 2.2 it's very unlikely to work without modification09:39
odyssey4meWhy would you want to run os_magnum from master in a Newton environment?09:40
evrardjpmagnum broken in N I guess :p09:40
odyssey4meflaviodsr mrda we are busy removing Trusty support in Ocata, yes09:40
odyssey4mecloudnull the patch at the bottom of the chain has a -109:42
evrardjpAdri2000: technically you can do whatever you want, but we don't test hybrid/mixed environments in our gates09:42
evrardjpso at your own risk09:42
evrardjpbut like I said earlier maybe a discussion with chris_hultin|AWA is worth it09:43
odyssey4melogan- stevelle andymccr so some roles have the concept of 'test packages' - packages which get installed when testing only... why not use that concept for the role tests to resolve the need for packages when testing via the roles (without the repo server)09:44
evrardjpmakes sense to me09:44
odyssey4mewe could actually remove the concept from the roles and just have them in the test repo09:44
odyssey4mefor example, remove this https://github.com/openstack/openstack-ansible-memcached_server/blob/master/vars/debian.yml#L2109:44
andymccrodyssey4me: we'd have to duplicate the same packages in a whole bunch of roles, which seems like a lot of duplication - additionally, those packages are needed when you're not using a repo server (to build packages)09:45
odyssey4memove it to the tests repo where we have a common set of distro packages used for role tests09:45
evrardjpwell I like the role to be self contained as much as possible09:45
andymccrso its not just testing - its whenever you build the packages locally09:45
evrardjpbut not to the risk of duplication09:45
evrardjpwe've been there09:45
odyssey4memy thinking was to have a playbook and common set in the tests repo which all roles consume for role tests09:45
andymccrand its needed for that in itself, having those inside nova role (for example) seems odd - when i only need those packages if im building pip packages09:45
odyssey4meyep, that's why I'm advocating for it not to be in the roles09:46
evrardjpfile a bug?09:46
andymccrits only in the pip_install role now, which imo makes sense - since it's needed to run the pip install role if you don't have an existing repo server - since teh pip install role will attempt to build the pip packages (it cant without those packages,)09:46
odyssey4methe pip install role is failing?09:47
andymccrno but installing pip packages etc would - since that role is a requirement and defines how pip packages are installed it makes sense to me at least, or way more sense that having it in other roles.09:48
odyssey4meI thought that other roles were failing to install, not that role.09:48
andymccrits other roles, because testing on that role is minimal09:48
andymccrbut they all fail on installing pip packages09:48
odyssey4mewell, sure - much of a muchness09:48
andymccrthe argument against puting it in the testing repo is that its not an option that is just for testing09:48
odyssey4meif this is something that matter for *production* then it should be in the roles09:48
evrardjpwell we should test in the pip install role that we can use pip afterwards, don't you think?09:49
andymccrits an optional include now09:49
evrardjplike pip wheel/pip install09:49
odyssey4meotherwise I advocate for it to be in the tests repo, because that's where *non-production* things should live IMO09:49
*** vnogin has joined #openstack-ansible09:51
*** vnogin has quit IRC09:52
*** vnogin has joined #openstack-ansible09:52
*** Jack_Iv_ has quit IRC09:53
*** vnogin has quit IRC09:57
*** vnogin has joined #openstack-ansible09:58
odyssey4meandymccr https://github.com/openstack/openstack-ansible/blob/master/playbooks/defaults/repo_packages/openstack_services.yml#L19110:00
*** drifterza has joined #openstack-ansible10:02
*** Jack_Iv_ has joined #openstack-ansible10:04
drifterzagreetings10:06
*** Mudpuppy has joined #openstack-ansible10:07
*** karimb has quit IRC10:09
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-repo_build: Make git clone script idempotent  https://review.openstack.org/38370910:10
*** Mudpuppy has quit IRC10:12
*** karimb has joined #openstack-ansible10:13
*** sdake has joined #openstack-ansible10:15
*** cuongnv has quit IRC10:26
*** thorst has joined #openstack-ansible10:27
*** asettle has quit IRC10:30
openstackgerritOmer Anson proposed openstack/openstack-ansible-os_neutron: Implement Dragonflow deployment  https://review.openstack.org/39152410:33
*** thorst has quit IRC10:34
*** ArchiFleKs has joined #openstack-ansible10:35
*** asettle has joined #openstack-ansible10:36
openstackgerritAndy McCrae proposed openstack/openstack-ansible-os_ceilometer: Update paste, policy and rootwrap configurations 2016-12-13  https://review.openstack.org/41013910:36
*** asettle has quit IRC10:37
openstackgerritAndy McCrae proposed openstack/openstack-ansible-os_cinder: Update paste, policy and rootwrap configurations 2016-12-13  https://review.openstack.org/41014010:37
*** asettle has joined #openstack-ansible10:37
*** karimb has quit IRC10:38
*** karimb has joined #openstack-ansible10:41
*** stuartgr has joined #openstack-ansible10:42
*** Jack_Iv_ has quit IRC10:47
*** pester has joined #openstack-ansible11:05
*** fxpester has quit IRC11:08
*** vnogin has quit IRC11:12
*** karimb has quit IRC11:13
*** karimb has joined #openstack-ansible11:16
odyssey4meevrardjp I need an extra set of eyes: https://review.openstack.org/#/c/383709/7/templates/op-clone-script.sh.j211:16
odyssey4methe patch is failing consistently with the rally repo not cloning, even though it should11:16
*** vnogin has joined #openstack-ansible11:16
odyssey4mehttp://logs.openstack.org/09/383709/7/check/gate-openstack-ansible-repo_build-ansible-func-ubuntu-xenial/a149376/console.html#_2016-12-13_10_18_13_74042511:17
odyssey4methat shows that it hits line 5611:17
odyssey4mebut notice that it doesn't hit line 65 for some reason11:18
*** askb has quit IRC11:19
*** sdake_ has joined #openstack-ansible11:30
*** whiteveil has joined #openstack-ansible11:30
*** thorst has joined #openstack-ansible11:32
*** shausy has quit IRC11:33
*** sdake has quit IRC11:34
*** whiteveil has quit IRC11:35
*** sdake_ has quit IRC11:36
*** thorst has quit IRC11:38
*** deadnull has joined #openstack-ansible11:39
*** sdake has joined #openstack-ansible11:45
*** thorst has joined #openstack-ansible11:48
*** thorst has quit IRC11:53
*** sdake has quit IRC11:55
*** whiteveil has joined #openstack-ansible12:06
*** sdake has joined #openstack-ansible12:08
*** askb has joined #openstack-ansible12:08
*** askb has quit IRC12:08
*** sdake has quit IRC12:10
openstackgerritOmer Anson proposed openstack/openstack-ansible-os_neutron: Implement Dragonflow deployment  https://review.openstack.org/39152412:10
*** whiteveil has quit IRC12:11
*** williamcaban has joined #openstack-ansible12:11
*** thorst has joined #openstack-ansible12:19
*** williamcaban has quit IRC12:22
*** williamcaban has joined #openstack-ansible12:22
*** maeker has joined #openstack-ansible12:23
*** sdake has joined #openstack-ansible12:25
*** sdake has quit IRC12:26
*** maeker has quit IRC12:28
evrardjpmhayden:  [WARNING]: Failure using method (v2_runner_on_ok) in callback plugin (</etc/ansible/roles/plugins/callback/debug_message_collector.CallbackModule object at 0x7f5b3ca0ad10>): 'msg'12:29
evrardjpin newton12:29
evrardjp2.1 I guess12:29
evrardjpFYI12:29
openstackgerritMerged openstack/openstack-ansible-plugins: Catch only debug tasks w/callback  https://review.openstack.org/40985912:30
*** karimb has quit IRC12:33
evrardjpmhayden:  ^ well it may be on master too, I was a little confused for a moment12:46
*** hw_wutianwei has quit IRC12:46
*** Jack_Iv_ has joined #openstack-ansible12:47
*** sdake has joined #openstack-ansible12:51
*** Jack_Iv_ has quit IRC12:52
andymccrodyssey4me: https://bugs.launchpad.net/openstack-ansible/+bug/164932912:55
openstackLaunchpad bug 1649329 in openstack-ansible "14.0.3 repo build error on Ubuntu 14.04" [High,New] - Assigned to Andy McCrae (andrew-mccrae)12:55
*** fguillot has joined #openstack-ansible13:00
*** retreved has joined #openstack-ansible13:02
*** GheRivero has left #openstack-ansible13:02
*** whiteveil has joined #openstack-ansible13:03
*** whiteveil has quit IRC13:08
*** johnmilton has joined #openstack-ansible13:11
*** karimb has joined #openstack-ansible13:14
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set user/group/modes on user init files [+Docs]  https://review.openstack.org/40873613:17
*** asettle has quit IRC13:19
*** asettle has joined #openstack-ansible13:19
*** stuartgr has quit IRC13:19
*** fguillot has quit IRC13:20
mhaydenevrardjp: i didn't intend for that patch to affect newton13:20
*** fguillot has joined #openstack-ansible13:20
evrardjpk13:21
*** tomaluca95 has left #openstack-ansible13:22
evrardjpmhayden: my instance where I had all of this was kinda in a mixed model, so don't pay attention to my comment13:22
mhaydenah okay13:22
evrardjpif I see this issue returning I'll either submit a bug or fix it... but anyway it's low prio: it was just a warning13:22
*** drifterza has quit IRC13:23
openstackgerritMerged openstack/openstack-ansible-os_ceilometer: Update paste, policy and rootwrap configurations 2016-12-13  https://review.openstack.org/41013913:32
*** Jack_Iv has quit IRC13:37
*** Jack_Iv has joined #openstack-ansible13:39
openstackgerritMerged openstack/openstack-ansible-os_cinder: Update paste, policy and rootwrap configurations 2016-12-13  https://review.openstack.org/41014013:39
*** woodard has joined #openstack-ansible13:40
*** woodard has quit IRC13:41
*** woodard has joined #openstack-ansible13:42
openstackgerritAlexandra Settle proposed openstack/openstack-ansible: [ops-guide] Adding new content to guide  https://review.openstack.org/40985413:45
*** kjw3 has joined #openstack-ansible13:49
*** jheroux has joined #openstack-ansible13:51
mhaydenjmccrory: i think i addressed your concern here -> https://review.openstack.org/#/c/406329/17/tasks/rhel7stig/file_perms.yml13:52
mhaydenlet me know if i didn't ;)13:52
openstackgerritAlexandra Settle proposed openstack/openstack-ansible: [ops-guide] Adding new content to guide  https://review.openstack.org/40985413:53
*** karimb has quit IRC14:00
*** v1k0d3n has joined #openstack-ansible14:02
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: host net config bond0 static -> manual  https://review.openstack.org/41023014:10
openstackgerritAlexandra Settle proposed openstack/openstack-ansible: [ops-guide] Adding new content to guide  https://review.openstack.org/40985414:11
*** sdake_ has joined #openstack-ansible14:12
*** cathrichardson has joined #openstack-ansible14:14
*** karimb has joined #openstack-ansible14:15
*** sdake has quit IRC14:15
*** whiteveil has joined #openstack-ansible14:18
*** woodard has quit IRC14:19
*** dmsimard has quit IRC14:21
*** dmsimard has joined #openstack-ansible14:21
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set user/group/modes on user init files [+Docs]  https://review.openstack.org/40873614:21
*** agrebennikov_ has joined #openstack-ansible14:22
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [WIP] Unblock Newton gate  https://review.openstack.org/40991314:22
*** johnmilton has quit IRC14:22
openstackgerritAndy McCrae proposed openstack/openstack-ansible-os_ceilometer: Remove dependency on oslo.vmware  https://review.openstack.org/41023814:22
*** whiteveil has quit IRC14:23
*** johnmilton has joined #openstack-ansible14:23
agrebennikov_folks, I have a question about "keystone with ssl" approach. It seems that during the deployment only keystone containers get the CA14:23
agrebennikov_this is why services don't work since they cannot validate keystone cert14:23
*** pester has quit IRC14:26
*** Jack_Iv_ has joined #openstack-ansible14:26
*** pester has joined #openstack-ansible14:27
*** pabelanger has left #openstack-ansible14:27
*** dmsimard has quit IRC14:28
*** dmsimard has joined #openstack-ansible14:28
*** dmsimard has quit IRC14:28
*** dmsimard has joined #openstack-ansible14:30
*** Jack_Iv_ has quit IRC14:31
openstackgerritKyle L. Henderson proposed openstack/openstack-ansible: Update apt after proxy config is dropped  https://review.openstack.org/41024114:32
*** adrian_otto has joined #openstack-ansible14:35
openstackgerritKyle L. Henderson proposed openstack/openstack-ansible: Update apt after proxy config is dropped  https://review.openstack.org/41024114:36
*** adrian_otto1 has joined #openstack-ansible14:39
*** adrian_otto has quit IRC14:40
*** BjoernT has joined #openstack-ansible14:40
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-repo_build: Make git clone script idempotent  https://review.openstack.org/38370914:44
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-repo_build: Make git clone process idempotent  https://review.openstack.org/38370914:44
*** cathrich_ has joined #openstack-ansible14:44
*** cathrichardson has quit IRC14:44
*** michaelgugino has joined #openstack-ansible14:45
evrardjpdear cloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, erikmwilson, mancdaz, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung, prometheanfire, evrardjp, arbrandes, mhayden, scarlisle, luckyinva, ntt, javeriak, automagically,14:46
evrardjpspotz, vdo, jmccrory, alextricity25, jasondotstar, KLevenstein, admin0, michaelgugino, ametts, v1k0d3n, severion, bgmccollum, darrenc, JRobinson__, asettle, colinmcnamara, thorst, adreznec, eil397 :14:46
evrardjpthe osa bug triage will start in 1h15’. Please have a look at the bug list before starting: https://etherpad.openstack.org/p/osa-bugtriage14:46
*** aludwar has joined #openstack-ansible14:52
asettleSuresies14:53
openstackgerritAlexandra Settle proposed openstack/openstack-ansible: [ops-guide] Adding new content to guide  https://review.openstack.org/40985414:53
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-repo_build: Make git clone process idempotent  https://review.openstack.org/38370914:54
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_ironic: Add tests/common to .gitignore  https://review.openstack.org/41000314:57
*** cathrich_ is now known as cathrichardson14:58
*** whiteveil has joined #openstack-ansible14:58
*** weezS has joined #openstack-ansible14:59
openstackgerritMerged openstack/openstack-ansible-os_ironic: Make tox tests use the ansible 1.9.x version of plugins  https://review.openstack.org/40999114:59
openstackgerritAlexandra Settle proposed openstack/openstack-ansible: [ops-guide] Adding new content to guide  https://review.openstack.org/40985415:01
*** TxGirlGeek has joined #openstack-ansible15:05
openstackgerritAlexandra Settle proposed openstack/openstack-ansible: [ops-guide] Adding new content to guide  https://review.openstack.org/40985415:06
*** phalmos has joined #openstack-ansible15:11
asettleodyssey4me: do you remember how long ago you implemented the openstack manuals doc theme on top of the osa install guide?15:11
asettleTrying to find the patch, and this is like wading through fucking mud15:11
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [Docs] Update for RHEL7 STIG  https://review.openstack.org/41025815:12
openstackgerritMerged openstack/openstack-ansible-os_ceilometer: Remove Trusty support from os_ceilometer role  https://review.openstack.org/40974315:14
*** rgogunskiy has quit IRC15:14
openstackgerritMerged openstack/openstack-ansible-os_ironic: Add tests/common to .gitignore  https://review.openstack.org/41000315:15
*** phalmos_ has joined #openstack-ansible15:15
*** h5t4 has quit IRC15:15
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Updates for CentOS 7 changes  https://review.openstack.org/40991315:18
*** jmckind has joined #openstack-ansible15:18
*** phalmos has quit IRC15:18
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [Docs] Fix missing code-block property  https://review.openstack.org/41026315:18
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [WIP] Mitaka gate testing  https://review.openstack.org/41026515:19
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Fix issues from new CentOS 7 release  https://review.openstack.org/40991315:20
odyssey4measettle I can help you with that in a bit, after a meeting I'm in.15:22
*** Jack_Iv_ has joined #openstack-ansible15:23
asettleodyssey4me: no sweat. I can't read anymore of your commit messages or I'll do something drastic :p15:24
*** jamesdenton has joined #openstack-ansible15:28
michaelgugino.15:29
*** h5t4 has joined #openstack-ansible15:30
*** whiteveil has quit IRC15:30
*** whiteveil has joined #openstack-ansible15:32
*** karimb has quit IRC15:40
*** galstrom_zzz is now known as galstrom15:43
*** karimb has joined #openstack-ansible15:44
mhayden,15:44
odyssey4me`15:44
*** Jack_Iv_ has quit IRC15:45
*** Jack_Iv_ has joined #openstack-ansible15:46
*** adrian_otto has joined #openstack-ansible15:48
*** adrian_otto1 has quit IRC15:49
*** h5t4 has quit IRC15:51
odyssey4meevrardjp andymccr for that git issue we discussed earlier: https://review.openstack.org/38370915:53
andymccrodyssey4me: testing it now15:53
agrebennikov_folks, I have a question about "keystone with ssl" approach. It seems that during the deployment only keystone containers get the CA15:55
agrebennikov_ this is why services don't work since they cannot validate keystone cert15:55
odyssey4meagrebennikov_ it's designed to be used with real CA's, not internal CA's15:55
agrebennikov_how come?15:56
agrebennikov_why then there is an option "keystone_ssl_ca_cert"?15:56
odyssey4methere are probably some gaps if you're using SSL internally - no-one's really put much effort into that design15:56
*** chris_hultin|AWA is now known as chris_hultin15:56
agrebennikov_well, you need to puth the chain anyway15:56
agrebennikov_*put15:57
odyssey4methat's for when you may need to implement a ca cert or intermediate+ca combo in order for Apache to start... but it's largely legacy from before we did SSL offloading at the LB15:57
agrebennikov_odyssey4me, what do you mean by "real"?15:57
evrardjpagrebennikov_: there used to have chain support15:57
openstackgerritOmer Anson proposed openstack/openstack-ansible-os_neutron: Implement Dragonflow deployment  https://review.openstack.org/39152415:57
odyssey4meif internal SSL is a need for your deployment, it'd be great to see some focused patches around that15:58
agrebennikov_odyssey4me, what about turning on ssl on the services?15:58
odyssey4meagrebennikov_ internally?15:58
agrebennikov_not even blueprinted?15:58
odyssey4meexterally is already catered for15:58
odyssey4meinternally is not15:58
agrebennikov_I mean, each service terminating ssl15:58
odyssey4meie currently we do it at the public endpoint, but not at the admin/internal endpoint15:59
agrebennikov_well, externally - you don't have to do Anything with it in fact ;) just put the cert to the F5 and that's it, and keep dealing with plain http within the cloud15:59
odyssey4mehistorically openstack has been very bad at testing SSL so the clients have often broken when using SSL everywhere16:00
*** TxGirlGeek has quit IRC16:00
agrebennikov_same as I proposed to the customer, but they are very stricts about security :/16:00
*** TxGirlGeek has joined #openstack-ansible16:00
agrebennikov_saying all traffic should be encrypted16:00
odyssey4meI think there is better testing upstream now, and we're in a far better position to poke upstream when something breaks due to SSL usage (assuming we implement this in testing)16:01
odyssey4mesure, I've known that this would become a need at some point - but obviously it's just not been enough of a priority for any contributors up until now16:01
agrebennikov_I already see veeeery bad behaviour of keystone under ssl16:01
agrebennikov_like each api call takes 3 seconds16:01
agrebennikov_vs 0.2 without ssl16:02
odyssey4meso if your customer needs it, it'd be an ideal time to blueprint it up and start working on a pattern to implement it with one of the roles16:02
andymccri think it links in quite nicely with the talk we had around moving to use uwsgi/apache/nginx on all api hosts16:02
odyssey4meandymccr agreed16:02
dstanekagrebennikov_: what is doing the termination?16:02
agrebennikov_noooo!!!! :)16:02
andymccrid personally rather see work go into that (and adding ssl into that because its much simpler)16:02
odyssey4meit'd certainly simpler if we have aa uniform way of deploying the API services16:02
evrardjpwhen this discussion is over I'd like to go for the bug triage16:02
andymccrahh yeah bug triage16:02
evrardjpit seems a go to me!16:02
evrardjpBug triage cloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, erikmwilson, mancdaz, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung, prometheanfire, evrardjp, arbrandes, mhayden, scarlisle, luckyinva, ntt, javeriak, automagically, spotz, vdo, jmccrory, alextricity25, jasondotstar, admin0, michaelgugino, ametts, v1k0d3n, seve16:03
evrardjprion, bgmccollum, darrenc, JRobinson__, asettle, colinmcnamara, thorst, adreznec, eil397, qwang,nishpatwa_, cathrichardson, drifterza16:03
evrardjpHere is our bug list for today https://etherpad.openstack.org/p/osa-bugtriage16:03
agrebennikov_how much time it will take for you guys?16:03
evrardjpthe bug triage last 1h16:03
evrardjphttps://bugs.launchpad.net/openstack-ansible/+bug/164941616:03
openstackLaunchpad bug 1649416 in openstack-ansible "Apt pkgs could not be authenticated" [Undecided,In progress] - Assigned to Kyle L. Henderson (kyleh)16:03
agrebennikov_ok, I'll bug you in an hour then16:03
evrardjpthanks16:03
*** TxGirlGeek has quit IRC16:04
evrardjpin progress good16:04
evrardjpnext16:04
evrardjphttps://bugs.launchpad.net/openstack-ansible/+bug/164938116:04
openstackLaunchpad bug 1649381 in openstack-ansible "config_template does not support {% raw %}" [Undecided,New]16:04
*** TxGirlGeek has joined #openstack-ansible16:04
odyssey4methis time it wasn't mhayden's fault16:04
logan-low imo.16:04
evrardjpk16:05
evrardjpit's still a bug16:05
andymccrim not sure we can be sure its not mhayden's fault16:05
evrardjpI'd like to see it confirmed by someone else just for the principle but it sounds reasonable to me16:05
mhaydenWAIT WHAT16:05
evrardjplow unconfirmed atm?16:05
mhaydenTHIS TIME I DIDN'T BREAK SOMETHING?16:05
andymccrsounds good evrardjp16:05
* mhayden is headed to the pub16:05
evrardjphttps://bugs.launchpad.net/openstack-ansible/+bug/164933916:06
openstackLaunchpad bug 1649339 in openstack-ansible "apt-cacher files have incorrect authorities" [Undecided,New]16:06
evrardjpalextricity25: will probably follow this one soon, to test if it's the case in his latest deploys ;)16:06
evrardjpmaybe someone else could confirm this?16:07
andymccri saw something similar on an aio i was messing about with earlier today, but may not be related at all16:07
evrardjpI'd like to make sure there was nothing weird in the containers in terms of user permissions/process or whatever16:07
evrardjpin all the cases I think we should properly ensure permissions/users in our processes, so I think there is a bug anyway16:07
evrardjpthe criticality changes depending on what the status/cause is16:08
evrardjpin the meantime, we could keep it as new, and not change the criticality?16:08
kylek3hThe cause is lsyncd using rsh as nginx user.16:08
odyssey4meactually I think this apt-cacher thing is high16:08
evrardjpkylek3h: yes and?16:08
odyssey4mebasically it renders the apt-cacher backup services useless, but they will still try to serve16:08
*** Jack_Iv_ has quit IRC16:09
odyssey4meand yes, in my checking earlier I confirm what kylek3h is noting16:09
kylek3hand we could use a precmd and postcmd to change the auths...but it's tricky16:09
*** pcaruana has quit IRC16:09
evrardjpI think until it's confirmed we cannot take assumptions16:09
kylek3hI've been discussing a fix with folks here on my team.16:09
evrardjpoh16:09
odyssey4mewe either need to ensure that the apt-cacher user is in the group that will allow it to read/modify those files16:09
evrardjpdid you see our comments kylek3h?16:09
kylek3hin the bug?  yes.16:10
odyssey4meor we need to modify the sudo so that lsyncd can switch to the apt cacher user16:10
*** Mudpuppy has joined #openstack-ansible16:10
odyssey4meunless you can come up with a nicer option16:10
odyssey4meoh, of course another option is not to sync the cached content at all - if it switches to another container, it must cache from scratch16:10
evrardjpI propose then to leave the bug as is, and when a patch will be linked, it will auto move to in progress16:10
andymccrsounds good to me16:10
evrardjpif someone confirms it, we could rethink of it in the next triage meeting16:11
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Handle SELinux properly when it is disabled  https://review.openstack.org/41029416:11
evrardjpand then move to the appropriate classification16:11
odyssey4meor if kylek3h comes up with a smart patch, it will progress too :)16:11
evrardjpthat's what I meant :D16:11
kylek3hI'll work on something today16:11
kylek3hjust had to pass the idea by the security folks...I may email mhayden16:12
mhayden;)16:12
evrardjpnext16:12
evrardjphttps://bugs.launchpad.net/openstack-ansible/+bug/164929816:12
openstackLaunchpad bug 1649298 in openstack-ansible "multiple fixed ips assigned to newly spawned instance" [Undecided,New]16:12
evrardjpthis one was an UFO to me16:13
*** Oku_OS is now known as Oku_OS-away16:13
evrardjpmove to nova/ and mark it invalid? :D16:13
evrardjpor incomplete?16:14
jmccrorythat does sound like more of a nova/neutron bug, i've seen it before when message queues weren't keeping up or some service was misbehaving. i'll try to track down the bug we found about it before and link it there16:14
evrardjpjmccrory: great!16:14
evrardjpI'll still mark as targeting other projects16:14
logan-i see it all the time if the scheduler has to retry16:15
*** Mudpuppy has quit IRC16:15
logan-:(16:15
evrardjp:(16:15
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [Docs] Fix missing code-block property  https://review.openstack.org/41026316:15
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [Docs] Update for RHEL7 STIG  https://review.openstack.org/41025816:15
evrardjpI'll leave it targetted in osa until jmccrory comments on the bug. in the meantime, already targetting other projects16:16
evrardjpnext16:16
evrardjphttps://bugs.launchpad.net/openstack-ansible/+bug/164911416:16
openstackLaunchpad bug 1649114 in openstack-ansible "variable config for public domain" [Undecided,New]16:16
michaelguginohttps://bugs.launchpad.net/openstack-ansible/+bug/1649298 I believe mhayden blogged about this situation16:16
openstackLaunchpad bug 1649298 in OpenStack Compute (nova) "multiple fixed ips assigned to newly spawned instance" [Undecided,New]16:16
evrardjpgood to know michaelgugino.. mhayden feel free to share your blog post on the bug16:18
evrardjpso next is: https://bugs.launchpad.net/openstack-ansible/+bug/164911416:18
openstackLaunchpad bug 1649114 in openstack-ansible "variable config for public domain" [Undecided,New]16:18
michaelguginohttps://major.io/2016/08/03/openstack-instances-come-online-with-multiple-network-ports-attached/16:18
evrardjpis my understanding wrong?16:18
*** Mudpuppy has joined #openstack-ansible16:19
mhaydenevrardjp: blog post added ;)16:19
evrardjpthanks16:19
evrardjpso... for our bug... is my understanding wrong?16:20
andymccrhmm yeah why would we need to set an external_lb_vip, maybe for listen addresses?16:20
andymccror rather, why cant we just set that to the fqdn16:20
evrardjpwe can16:20
evrardjpI deployed today as PoC16:21
evrardjpit works16:21
andymccrok then im not sure there is a need to comlicate it by adding a second var16:21
evrardjpok16:21
evrardjpagreed16:21
andymccr*complicate16:21
evrardjpI'm not sure what was tried to be achieved here16:21
evrardjpI'll mark it as incomplete16:22
andymccrif there was a reason you needed an external_lb_vip to be assigned as an IP then it would make sense i guess16:22
evrardjpasking what more should we have16:22
-openstackstatus- NOTICE: Launchpad SSO is not currently working, so logins to our services like review.openstack.org and wiki.openstack.org are failing; the admins at Canonical are looking into the issue but there is no estimated time for a fix yet.16:22
*** ChanServ changes topic to "Launchpad SSO is not currently working, so logins to our services like review.openstack.org and wiki.openstack.org are failing; the admins at Canonical are looking into the issue but there is no estimated time for a fix yet."16:22
evrardjpandymccr: we should rename properly this variable in next cycle16:22
evrardjpand have proper lookup of this for haproxy config16:22
evrardjpthis way we would reduce the vars16:22
evrardjpbut it's a big change right now, so I suggest we don't change right now16:22
*** zz_pwnall1337 is now known as pwnall133716:23
evrardjpit works for me16:23
evrardjp:p16:23
andymccrok cool16:23
andymccryeah i agree16:23
*** maeker has joined #openstack-ansible16:24
evrardjpso16:24
evrardjpnext16:24
evrardjphttps://bugs.launchpad.net/openstack-ansible/+bug/164806416:24
openstackLaunchpad bug 1648064 in openstack-ansible "Error "Table 'neutron.ml2_vlan_allocations' doesn't exist" in neutron server" [Undecided,New]16:24
cloudnullodyssey4me: evrardjp: logan-: anyone else: I know we're are triaging bugs but when you have moment it'd be great to get some feedback on https://review.openstack.org/#/c/40949016:24
evrardjpcloudnull: starred16:24
logan-will do cloudnull16:24
*** vnogin has quit IRC16:25
cloudnulltyvm16:25
odyssey4mecloudnull yeah, when I last tried to read that my brain leaked out of my ears... will try again though16:26
evrardjpWe leave the bug as is, the bug reporter is an *ss16:26
cloudnullodyssey4me: :)16:26
evrardjpI meant it's not really in our hands16:26
odyssey4methat looks like the migrations aren't happening properly16:27
evrardjpindeed but we don't touch these right?16:27
odyssey4mewe should actively make contact with #openstack-neutron16:27
evrardjpalready started with the intermediary of john16:28
andymccrevrardjp: i think that may be fixed16:28
evrardjpoh great16:28
odyssey4meno we don't, but it's important to be proactive with these, otherwise it gets harder o find the culprit16:28
andymccri mean we'd need to confirm, but it looks like the logs have stopped being generated like that16:28
evrardjpandymccr: recent patchset don't show this?16:28
evrardjpcool16:28
andymccrhmm16:28
andymccrcould be wrong then16:28
andymccrits neutron-server log?16:28
evrardjpyup16:28
odyssey4meevrardjp FYI logstash.openstack.org has a longer history than the gate logs themselves16:29
*** maeker has quit IRC16:29
*** uthng has joined #openstack-ansible16:29
evrardjpI thought it was the opposite16:29
evrardjpgood to know16:29
uthnghi all16:30
evrardjplet's move to next one?16:30
evrardjpor someone have something to add?16:30
odyssey4mesure16:30
evrardjphttps://bugs.launchpad.net/openstack-ansible/+bug/164597916:30
openstackLaunchpad bug 1645979 in openstack-ansible "neutron_l3_agent and neutron_l3_metadata groups include physical host" [Undecided,New]16:30
evrardjpthis one we'll wait for Travis input IIRC16:30
palendaeevrardjp: Yeah, that's what I remember16:31
uthnganyone can tell me why I got this error now ? Authorization failed. The request you have made requires authentication ?16:31
uthngafter ugrading glance or cinder to newton ?16:31
odyssey4meautomagically ^16:31
evrardjpok next ones haven't changed16:32
uthngI cannot find it out why ? I checked all password etc. All seem ok16:32
evrardjpa few remaining ones in different cases:16:32
evrardjphttps://bugs.launchpad.net/openstack-ansible/+bug/164612416:32
openstackLaunchpad bug 1646124 in openstack-ansible "Swift is generating audit.log errors on CentOS with selinux enabled" [Wishlist,New]16:32
evrardjputhng: we are triaging for now, could you come in 30 minutes or when the triage is ended? ty16:32
evrardjpmhayden: did you see that happening?16:33
uthngok16:33
*** karimb has quit IRC16:34
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_keystone: All handlers should be tagged "config"  https://review.openstack.org/41030416:34
evrardjpor anyone else16:34
evrardjpmaybe andymccr?16:34
andymccrevrardjp: i believe mgariepy didnt view that one as critical16:36
evrardjpthat's what we discussed indeed16:36
andymccror impactful16:36
andymccrim not sure on the legitimacy of it16:36
evrardjpbut I know we kill puppies when setenforce 016:36
logan-that DVR group one is waiting on me. i'm going to push a patch dynamically adding the hosts to the group with add_host, just have been tied up-- i should get it in the next day or two16:36
evrardjplogan-: that's true16:37
evrardjpthe feedback of automagically was for the review indeed16:37
evrardjp:D16:37
evrardjpanyway, I suggest we don't change the status of the last bug16:37
*** sacharya has joined #openstack-ansible16:38
evrardjpso I think we are done then16:38
evrardjpthanks everyone16:38
andymccrthanks evrardjp!16:38
*** sdake_ is now known as sdake16:38
openstackgerritMerged openstack/openstack-ansible: Update apt after proxy config is dropped  https://review.openstack.org/41024116:38
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set home dir mode/owner/group owner [+Docs]  https://review.openstack.org/40632916:41
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Find world-writable dirs with bad group owners  https://review.openstack.org/40715716:42
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set cron.allow owner/group owner [+Docs]  https://review.openstack.org/40717816:42
odyssey4meandymccr we should probably get https://review.openstack.org/408549 through the door some time soon16:47
openstackgerritKyle L. Henderson proposed openstack/openstack-ansible: Update apt after proxy config is dropped  https://review.openstack.org/41031316:48
*** asettle__ has joined #openstack-ansible16:49
odyssey4mecloudnull FYI https://github.com/odyssey4me/lxc_cache_build/16:51
odyssey4meandymccr ^ should I push the patch to add that repo?16:51
andymccrodyssey4me: sure, that'd be good. i'll +1 it once its up.16:51
*** vnogin has joined #openstack-ansible16:52
andymccrim looking at the trusty patch, and testing the git clone patch - i'd like to get that fix through too16:52
cloudnullcool16:52
*** asettle has quit IRC16:53
cloudnullodyssey4me: curious if you have had a look at https://review.openstack.org/#/c/409490 effort being that we can build images without having a specialized role to do so which should allow us to remove the general base cache process in the future.16:55
agrebennikov_odyssey4me, can we continue on the ssl for a while please?16:56
cloudnullobviously that effort could go into a role . but im thinking a general purpose playbook may be more flexible16:56
*** vnogin has quit IRC16:56
odyssey4mecloudnull my intent with https://github.com/odyssey4me/lxc_cache_build/ is to provide a general purpose role for cache prep as a drop-in replacement for the current default... but yeah, it might be that we can do without prepping a default cache altogether16:57
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Enable FIPS [+Docs]  https://review.openstack.org/40721816:57
cloudnullindeed.16:58
cloudnullit's good to have options :)16:58
cloudnullalso im just getting back into the swing of things16:58
cloudnullso I may be lagging16:58
odyssey4meso I guess we need to look into what it would take to rid ourselves of the default build to see if that's a viable option16:58
*** ChanServ changes topic to "Launchpad: https://launchpad.net/openstack-ansible || Weekly Meetings: https://wiki.openstack.org/wiki/Meetings/openstack-ansible || Review Dashboard: https://goo.gl/tTmdgs"16:58
-openstackstatus- NOTICE: Canonical admins have resolved the issue with login.launchpad.net, so authentication should be restored now.16:58
odyssey4mewe'd probably have to move the python package install somewhere16:59
odyssey4meso yeah - I was thinking let's move the stuff out of lxc_hosts at least, then whittle it down16:59
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set user/group/modes on user init files [+Docs]  https://review.openstack.org/40873616:59
odyssey4meif we ultimately retire the lxc_cache_build role then great16:59
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set user/group/modes on user init files [+Docs]  https://review.openstack.org/40873616:59
cloudnullsgtm16:59
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set home dir mode/owner/group owner [+Docs]  https://review.openstack.org/40632916:59
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set cron.allow owner/group owner [+Docs]  https://review.openstack.org/40717816:59
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Find world-writable dirs with bad group owners  https://review.openstack.org/40715716:59
*** Jeffrey4l has quit IRC17:00
*** sacharya_ has joined #openstack-ansible17:00
*** Jeffrey4l has joined #openstack-ansible17:00
odyssey4mecloudnull  I see in your utility playbook you took a similar approach to what I did here: https://review.openstack.org/39640117:00
odyssey4mein terms of whittling down the containers to one per service per lxc host I mean17:01
*** asettle__ is now known as asettle17:01
cloudnullyes. I was tyring to think about the world where distros and archetectures may be mixed and matched17:02
odyssey4meI am thinking that perhaps that playbook is better suited to being in the ops repo for now though17:02
*** sacharya has quit IRC17:02
cloudnullin it's current state it17:02
cloudnullit'd be serial17:02
odyssey4meyeah, I see that - seeing as it all uses the same container for the builds17:03
cloudnullbut in a future state we should be able to build all images in parallel based on the number of nodes within the cluster.17:03
odyssey4mewell, the same container name17:03
odyssey4memy approach was in parallel17:03
odyssey4meusing different names17:03
*** woodard has joined #openstack-ansible17:03
cloudnullyea. the LXC_NAME was used to ensure the container could be artifact'd17:03
cloudnulllxc uses that special when you re-deploy a container.17:04
odyssey4meso my thinking is kinda like this - a CI process to produce the container variants would be out of band to a deployment17:04
cloudnullotherwise all containers would have the same host key and name17:04
odyssey4meyeah, that name is important for LXC - not LXD17:04
cloudnullyes.17:04
cloudnullI didn't look into tackeling kxd17:04
cloudnull**LXD17:04
odyssey4meif we can work towards LXD in the next cycle then our world can be a lot simpler, perhaps17:04
odyssey4mebut for now our CI needs are focused on newton, so we need ot use LXC for now17:05
odyssey4meso if the CI process to build the variants is out of band to a deployment, then speed is a non-issue17:06
*** aludwar has quit IRC17:06
*** aludwar has joined #openstack-ansible17:07
odyssey4mealso, the skipping of tags is a good approach, I think17:07
odyssey4meat least for newton17:07
jrosser_lxd+zfs is potent, COW makes new containers instant17:09
*** sdake has quit IRC17:10
*** asettle has quit IRC17:15
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: Remove Ubuntu Trusty Support  https://review.openstack.org/40854917:17
odyssey4mejrosser_ yep, any cow-backed containers actually work quite well - I did some tests with cow containers backed by LVM and they were also super fast17:18
jrosser_our stuff-you-need-before-osa is all built with lxd/zfs17:20
jrosser_pxe/dns etc17:20
jrosser_its working a treat17:20
*** markvoelker has quit IRC17:20
jrosser_missing ability to configure network with cloud-init is only missing bit17:21
odyssey4meagrebennikov_ sure, what's up?17:21
odyssey4mejrosser_ sounds good - is this the stuff that's pending a review to the ops repo?17:22
*** markvoelker has joined #openstack-ansible17:22
agrebennikov_odyssey4me, well, 3 things I wanted to bring to the table17:22
agrebennikov_but start from question17:22
agrebennikov_do you use ssl termination on the ext balancer at rackspace?17:22
odyssey4meagrebennikov_ yes17:22
*** woodard has quit IRC17:22
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: Don't delete container_cidr key when overriding  https://review.openstack.org/41033117:23
*** woodard has joined #openstack-ansible17:23
palendaealextricity25: ^ will make a newton backport, but that'll have to merge first17:23
jrosser_odyssey4me: theres no lxd in what we did to the multinode aio, but some of the roles are recycled from what went into our pxe/dhcp containers17:24
alextricity25thanks palendae!!! :)17:24
odyssey4mepalendae alextricity25 I'm not entirely sure why we're persisting that data at all considering that it's only needed for the process of generating an IP for the container.17:24
agrebennikov_odyssey4me, thanks :) because this is a host debates happening right now with the customer regarding this feature17:24
odyssey4meit's also already persisted in openstack_user_config17:24
palendaeodyssey4me: It's used downstream in a load balancer script17:24
agrebennikov_all right, so 3 things17:25
alextricity25odyssey4me palendae: ^ right. sorry I wasn't very clear about that in the description.17:25
odyssey4mepalendae hmm, so the downstream script is loading the json file instead of reading the output from the dynamic inventory?17:25
palendaeI'm not sure the response to "This broke my downstream stuff" is "you don't need it."17:25
palendaeodyssey4me: Er...that json file *is* the output17:25
agrebennikov_1. are we interested in ssl termination across all services? Do I have to create a BP for it with current services running in eventlet?17:25
odyssey4mepalendae sure, I'm not saying that's the attitude - I'm just trying to understand the situation and to figure out how we can prevent ourselved from getting stuck in a situation where we promise yet another interface to downstream consumers17:26
palendaeThis existed up til Newton17:26
*** whiteveil has quit IRC17:26
agrebennikov_2. I have to implement CA option into keystone_authtoken section as "cafile" because requests uses its own CA bundle, as well as I have to extend openrc in the utility container with OS_CACERT17:26
odyssey4meif there are options to be clear that this shouldn't be done, this is the alternative approach and that it'll work now but it's deprecated then we should do that17:26
odyssey4mebut yeah, the short term fix is obviously to make it work again17:27
palendaeIt wasn't explicitly deprecated...17:27
palendaehttps://review.openstack.org/#/c/325380/ didn't account for it17:27
odyssey4meyep, understood17:27
palendaeAs I mention in https://review.openstack.org/#/c/410331/17:27
*** klamath has joined #openstack-ansible17:27
*** klamath has quit IRC17:27
palendaeIMO it's a bug, though granted I don't know why that was carried in the first place17:28
*** klamath has joined #openstack-ansible17:28
agrebennikov_3. I need to distribute the CA into all containers and add it to ca-cartificates bundle, and then use it as a hardcoded value for "cafile" for all services17:28
odyssey4meagrebennikov_ well, eventlet has been pretty much removed upstream - so the approach should be to implement it with uwsgi and perhaps nginx17:28
agrebennikov_odyssey4me, seems that's it17:28
agrebennikov_odyssey4me, is it in OSA master already?17:29
agrebennikov_for all roles17:29
odyssey4mewe have discussed, but haven't yet had the resourcing to implement, moving all API services to being served via uwsgi and nginx based on the feedback from upstream developers that it is faster and scales better17:29
stevelleagrebennikov_: can we slice things differently with 1) because not all OpenStack services have an eventlet model anymore17:29
stevellewould termination in the WSGI container be OK?17:29
stevelle(uwsgi for example)17:29
agrebennikov_stevelle, well, same as keystone is done today17:30
agrebennikov_it is pretty straightforward17:30
agrebennikov_except the concern that every api call with ssl takes 3 sec vs 0.1 sec without ssl17:30
agrebennikov_but this is apache17:30
agrebennikov_during the call apache thread takes 100% of cpu and spends 3 sec while rocessing ssl session17:31
stevelleWe added Nginx w/ uwsgi deploy option for keystone. We never finished the configuraitno of SSL termination at Nginx or uwsgi17:31
agrebennikov_*processing17:31
agrebennikov_is nginx from your perspective better than apache>17:31
agrebennikov_?17:31
stevellethe SSL termination work at the wsgi container for keystone would not require a blueprint for us17:31
agrebennikov_oh, keystone works already17:32
*** sdake has joined #openstack-ansible17:32
agrebennikov_I'm talking about the rest of the services17:32
odyssey4meagrebennikov_ to answer the question of whether there should be a bp/spec - you can opt to register a bp and then put together a patch against one service to establish a pattern which you will intend to replicate17:32
stevelleI'm specifically bringing up SSL w/o using Apache17:32
odyssey4meinstead of debating the pattern in a spec, we'd do it in the initial review17:32
odyssey4meonce that review merges, you can go ahead with the rest of the patches17:33
odyssey4methat said, the guidance really needs to come from andymccr - I'm just advising from prior art17:33
stevellealso agrebennikov_ we suspect nginx w/ uwsgi would be marginally better than apache for a few reasons17:33
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: Remove Ubuntu Trusty Support  https://review.openstack.org/40854917:35
*** thorst has quit IRC17:37
*** thorst has joined #openstack-ansible17:37
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [WIP] Fix Mitaka gate  https://review.openstack.org/41026517:41
*** thorst has quit IRC17:42
*** jlockwood has joined #openstack-ansible17:46
openstackgerritNolan Brubaker proposed openstack/openstack-ansible-specs: Outline a pluggable inventory backend system  https://review.openstack.org/41034217:51
openstackgerritMerged openstack/openstack-ansible-repo_build: Make git clone process idempotent  https://review.openstack.org/38370917:56
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-repo_build: Make git clone process idempotent  https://review.openstack.org/41034617:59
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [WIP] Fix Mitaka gate  https://review.openstack.org/41026517:59
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [WIP] Fix Mitaka gate  https://review.openstack.org/41026518:01
*** cathrichardson has quit IRC18:02
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Enable FIPS [+Docs]  https://review.openstack.org/40721818:06
*** Jack_Iv_ has joined #openstack-ansible18:09
*** cathrichardson has joined #openstack-ansible18:10
*** vnogin has joined #openstack-ansible18:11
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [WIP] Fix Mitaka gate  https://review.openstack.org/41026518:11
*** Jack_Iv_ has quit IRC18:13
*** asettle has joined #openstack-ansible18:14
*** pramodrj07 has joined #openstack-ansible18:15
*** PramodJayathirth has joined #openstack-ansible18:15
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Handle SELinux properly when it is disabled  https://review.openstack.org/41029418:15
*** jmckind has quit IRC18:17
*** pester has quit IRC18:20
*** smatzek has joined #openstack-ansible18:22
andymccri think as long as we're using mod_wsgi or uwsgi with apache or nginx we can easily (and uniformly) enable ssl - i dont think there is any point putting a lot of work into making SSL termination happen without those.18:26
andymccrnice work on the repo stuff odyssey4me! hopefully that back port will go in and we can get that fixed up for release18:26
*** whiteveil has joined #openstack-ansible18:27
*** vnogin has quit IRC18:28
*** tnewhouse has joined #openstack-ansible18:28
*** vnogin has joined #openstack-ansible18:29
*** vnogin has quit IRC18:29
*** vnogin has joined #openstack-ansible18:30
stevellebumped that backport18:30
*** weezS has quit IRC18:30
odyssey4methanks stevelle18:35
odyssey4meandymccr yeah, it'll go into the next release which I think is fine considering that it's a bit of an edge case18:35
odyssey4meit'll be good for it to get a little baking time anyway18:36
tnewhouseHi.  Question regarding a 2-node test setup.  Documentation indicates that block storage host is optional (http://docs.openstack.org/project-deploy-guide/openstack-ansible/newton/app-config-test.html).  When I tried to create openstack_user_config.yml without storage_hosts, then I get a KeyError from the dynamic_inventory.py.  Any tips?18:37
uthngAnyone available for telling me why I got this error : Authorization failed. The request you have made requires authentication in the keystone log18:40
uthngand 503 Service Unavailable18:41
uthngThe server is currently unavailable. Please try again at a later time for glance and cinder after the upgrade from Mitaka to Newton18:41
uthngplease ?18:41
uthngIam sur that a little stuff but I cannot find it out18:41
agrebennikov_you just let one keystone to run at a time, turn on debug logging on it and try once again. And look at the keystone log18:42
agrebennikov_it will tell you exactly what's going on18:42
uthngHow can I enable debug option on keystone ?18:43
uthngI had to update password for cinder and glance yesterday in rabbitmq. I do not why rabbitmq lost them after the upgrade of the 2 components18:45
*** whiteveil has left #openstack-ansible18:46
uthngdebug = True already on keystone.conf18:47
*** whiteveil has joined #openstack-ansible18:47
openstackgerritMerged openstack/openstack-ansible-repo_build: Make git clone process idempotent  https://review.openstack.org/41034618:48
*** rmelero has joined #openstack-ansible18:53
*** allanice001 has joined #openstack-ansible18:57
*** allanice001 has quit IRC19:05
*** thorst has joined #openstack-ansible19:06
*** asettle has quit IRC19:08
cloudnulluthng: yes. debug=true19:11
cloudnullyou can distribute that change w/ ansible if you need19:11
cloudnullopenstack-ansible os-keystone-install.yml -e debug=true19:11
uthngin this case, debug is already enabled19:11
*** allanice001 has joined #openstack-ansible19:12
uthngI got : CAST unique_id: 3d68f520edd444e8a5dd0ce9cbb09680 NOTIFY exchange 'keystone' topic 'notifications.info' and There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. fill_context19:13
uthngand Authorization failed19:13
uthngthe return of glance command : service unavailable19:14
uthngis it normal this ? AMQPLAIN login refused: user 'cinder' - invalid credentials or AMQPLAIN login refused: user 'keystone' - invalid credentials ?19:15
cloudnulluthng: is this a new osa deployment ?19:17
cloudnullare the values populated in the user_secrets.yml file ?19:17
uthngcloudnull: no, just a upgrade from mitaka to newton on aio19:17
*** allanice001 has quit IRC19:17
uthngyes, all values are in user_secrets19:18
uthngthey are the same in *.conf19:18
cloudnullfor "invalid credentials or AMQPLAIN login refused: user 'keystone' - invalid credentials" I'd imagine that the rabbitmq mesia db is busted.19:18
cloudnullor that the keystone rabbitmq secrete is missing19:19
uthngyester I have had to make a rabbitmqctl to set the password on user_secrets again19:19
cloudnullif you rerrun the os-keystone-install role it should recreate the creds.19:19
cloudnullstart there to see if that corrects the amqp problems19:20
uthngoki I will do this immediately19:20
cloudnullif so, i'd suspect that the rabbitmq mnesia db is messed up and you'll likley need to rerun setup-openstack.yml19:21
*** h5t4 has joined #openstack-ansible19:22
*** electrofelix has quit IRC19:22
uthngcloudnull: just rerun os-keystone-install, but it does not correct prob amqp cred19:23
*** jmckind has joined #openstack-ansible19:23
uthngIm continuing to get these errors on rabbit log19:23
*** allanice001 has joined #openstack-ansible19:23
cloudnullany cores around that might want to give this a shove https://review.openstack.org/#/q/owner:kevin%2540cloudnull.com+status:open+project:openstack/openstack-ansible-ops19:23
cloudnulluthng: interesting.19:23
cloudnulldid you see any change when the rabbitmq user create tasks ran ?19:24
*** deadnull has quit IRC19:24
cloudnullmhayden: I've since revised this PR https://review.openstack.org/#/c/405061/ mind giving it another look ?19:24
uthngcloudnull: i did not pay attention. But the rabbitmq user create in os-keystone-install ?19:27
cloudnullyes19:27
uthngare you sure that there is a task to create rabbitmq user in os_keystone ? I cannot find it out in the role19:28
cloudnullit happens at the top of the play19:28
cloudnullhttps://github.com/openstack/openstack-ansible/blob/master/playbooks/os-keystone-install.yml#L26-L4819:28
*** jlockwood has quit IRC19:30
uthngah it is in the playbook not in role. Wait a second, I try to get it19:30
*** cathrichardson has quit IRC19:31
uthngyes there is a change19:31
uthngis it ?19:33
uthngTASK [Ensure rabbitmq user] task path: /opt/openstack-ansible_Newton/playbooks/common-tasks/rabbitmq-vhost-user.yml:2719:33
uthngok: [aio1_keystone_container-6045dc7e -> 172.29.237.19] => {"changed": false, "invocation": {"module_args": {"configure_priv": ".*", "force": false, "node": null, "password": "aa540d6f4ce8979930", "permissions": [{"configure_priv": ".*", "read_priv": ".*", "vhost": "/keystone", "write_priv": ".*"}], "read_priv": ".*", "state": "present", "tags": null, "user": "keystone", "vhost": "/keystone", "write_priv": ".*"},19:36
uthng"module_name": "rabbitmq_user"}, "state": "present", "user": "keystone"}19:36
*** poopcat has joined #openstack-ansible19:37
mhaydencloudnull: gandering19:37
mhaydencloudnull: weird -- it didn't clear my -1 when you submitted your patch19:37
*** weezS has joined #openstack-ansible19:38
*** jlockwood has joined #openstack-ansible19:42
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [WIP] Fix Mitaka gate  https://review.openstack.org/41026519:43
*** poopcat has quit IRC19:44
*** dxiri has joined #openstack-ansible19:44
*** ianychoi has quit IRC19:45
*** poopcat has joined #openstack-ansible19:45
*** thorst has quit IRC19:46
uthngcloudnull: any idea ? Maybe the same kind of problem for other services against keystone ?19:46
openstackgerritMerged openstack/openstack-ansible-security: Enable FIPS [+Docs]  https://review.openstack.org/40721819:46
*** maeker has joined #openstack-ansible19:47
*** maeker has quit IRC19:48
*** PramodJayathirth has quit IRC19:48
*** common has joined #openstack-ansible19:48
*** maeker has joined #openstack-ansible19:48
*** galstrom is now known as galstrom_zzz19:49
*** pramodrj07 has quit IRC19:50
*** cathrichardson has joined #openstack-ansible19:53
*** jlockwood has quit IRC19:54
*** Jack_Iv has quit IRC19:59
*** Jack_Iv has joined #openstack-ansible20:00
*** pwnall1337 is now known as zz_pwnall133720:03
*** hybridpolio has joined #openstack-ansible20:04
*** weezS_ has joined #openstack-ansible20:08
*** weezS has quit IRC20:10
*** weezS_ is now known as weezS20:10
openstackgerritMerged openstack/openstack-ansible-os_ironic: Add ldlinux.c32 to the tftp directory  https://review.openstack.org/40427320:13
*** Jack_Iv_ has joined #openstack-ansible20:20
*** PramodJayathirth has joined #openstack-ansible20:23
*** pramodrj07 has joined #openstack-ansible20:23
*** askb has joined #openstack-ansible20:24
openstackgerritMerged openstack/openstack-ansible: Don't delete container_cidr key when overriding  https://review.openstack.org/41033120:30
openstackgerritMerged openstack/openstack-ansible: Update apt after proxy config is dropped  https://review.openstack.org/41031320:31
*** Jack_Iv_ has quit IRC20:31
*** dfflanders has joined #openstack-ansible20:31
*** Jack_Iv_ has joined #openstack-ansible20:31
*** johnmilton has quit IRC20:33
*** tnewhouse has quit IRC20:35
*** Jack_Iv_ has quit IRC20:36
*** dolphm has left #openstack-ansible20:37
kylek3hhughsaunders: Are you around?20:51
*** whiteveil has quit IRC20:53
*** jmckind_ has joined #openstack-ansible20:56
*** jmckind has quit IRC20:57
*** PramodJ has joined #openstack-ansible21:01
*** h5t4 has quit IRC21:02
*** poopcat has quit IRC21:03
*** smatzek has quit IRC21:03
*** Jack_Iv_ has joined #openstack-ansible21:06
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: Don't delete container_cidr key when overriding  https://review.openstack.org/41039721:08
palendaealextricity25: ^21:09
alextricity25 thx21:09
*** tnewhouse has joined #openstack-ansible21:10
*** vnogin has quit IRC21:11
*** Jack_Iv_ has quit IRC21:13
*** Jack_Iv_ has joined #openstack-ansible21:13
*** dgonzalez has quit IRC21:14
*** chris_hultin is now known as chris_hultin|AWA21:16
*** vnogin has joined #openstack-ansible21:17
*** Jack_Iv_ has quit IRC21:18
mrdathanks odyssey4me21:19
*** asettle has joined #openstack-ansible21:21
alextricity25Do the repo server artifacts have a bind mount back to the host?21:22
*** vnogin has quit IRC21:27
*** Jack_Iv has quit IRC21:31
*** vnogin has joined #openstack-ansible21:31
*** Jeffrey4l has quit IRC21:35
*** poopcat has joined #openstack-ansible21:38
*** asettle has quit IRC21:39
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set home dir mode/owner/group owner [+Docs]  https://review.openstack.org/40632921:41
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Find world-writable dirs with bad group owners  https://review.openstack.org/40715721:41
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set cron.allow owner/group owner [+Docs]  https://review.openstack.org/40717821:41
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set user/group/modes on user init files [+Docs]  https://review.openstack.org/40873621:42
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Fix issues from new CentOS 7 release  https://review.openstack.org/40991321:44
dmsimardHow do we tell what was the particular configuration for, say, nova in a particular CI job ?21:44
dmsimardIt looks like you only store actual logs, not the configuration files21:44
*** vnogin has quit IRC21:45
*** poopcat has quit IRC21:46
*** poopcat has joined #openstack-ansible21:46
*** retreved has quit IRC21:47
*** Jeffrey4l has joined #openstack-ansible21:47
*** johnmilton has joined #openstack-ansible21:47
*** johnmilton has quit IRC21:48
mhaydendmsimard: what kind of configuration are you looking for?21:55
mhaydencould someone with zuul savvy look over my patch for project-config? https://review.openstack.org/#/c/410382/21:55
dmsimardwhatever would be in nova.conf :)21:55
mhaydendmsimard: hmm, you could add a 'cat /etc/nova/nova.conf' in your patch somewhere and view the CI results ;)21:55
palendaedmsimard: ansible compute_hosts -m shell -a "cat /etc/nova/nova.conf"21:56
palendaeOh, in gate jobs21:56
palendaeMight want to run your own AIO and look21:56
dmsimardBah, configurations are retrieved by other projects such as devstack, puppet and kolla and such. Why don't you retrieve them ? It's useful :(21:56
andymccri agree, it is useful - id like to change that up at some point, but at the moment it isnt there :(21:58
stevellepartly because we already produce a very large volume of text artifacts and we were asked to trim that dmsimard21:58
stevellethat derailed one effort to include them21:58
*** asettle has joined #openstack-ansible21:58
*** vnogin has joined #openstack-ansible21:58
dmsimardstevelle: fair enough21:58
palendaeCertainly would be useful. I don't think infra's well equipped for running projects that build an entire stack22:00
*** woodard_ has joined #openstack-ansible22:00
dmsimardbasically I was interested in seeing what hypervisor was used in the gate CI jobs22:00
dmsimardi.e, libvirt_virt_type22:00
dmsimardI would expect qemu -- and then the other config I was interested in was libvirt_cpu_mode22:00
dmsimardi.e, host-model, host-passthrough and such.22:01
*** jamesdenton has quit IRC22:01
dmsimardhttps://github.com/openstack/openstack-ansible-os_nova/blob/master/defaults/main.yml#L257 tells me the default is host-model but that doesn't give me a whole lot of insight around what is actually tested/deployed22:01
*** maeker has quit IRC22:02
*** woodard has quit IRC22:03
stevellewe run tempest.scenario.test_server_basic_ops.TestServerBasicOps.test_server_basic_ops if that helps22:04
*** woodard_ has quit IRC22:05
stevellewith the use of config overrides you should be able to do all the things to run whatever hypervisors you want, but we just rely on the nova gates for testing the feature grid22:06
stevellethough that probably doesn't help much22:06
andymccrdmsimard: it'll be qemu on gate jobs - it tries to calculate that if it isn't specified (so on gate jobs it'll be qemu). we don't change the cpu_mode so that'll be host-model (default for nova)22:07
palendaeDunno if the os_nova role itself changed anything22:07
*** chris_hultin|AWA is now known as chris_hultin22:08
*** asettle has quit IRC22:09
dmsimardandymccr: ty22:10
*** sacharya_ has quit IRC22:10
*** sacharya has joined #openstack-ansible22:11
*** fguillot has quit IRC22:11
*** jmckind has joined #openstack-ansible22:13
*** jmckind_ has quit IRC22:15
andymccrstevelle: i know you worked on ceilometer quite a bit before, wondering your thoughts on: https://bugs.launchpad.net/ceilometer/+bug/1643821 - i cant sha bump ceilometer unless i tell ceilometer installs to ignore the requirements (which i can do, but then consistency of ceilometer installs in a prod environment go out the window)22:18
openstackLaunchpad bug 1643821 in OpenStack Global Requirements "kafka-python version bump not compatible" [Undecided,New]22:18
*** TxGirlGeek has quit IRC22:18
openstackgerritAndy McCrae proposed openstack/openstack-ansible: Update all SHAs for Ocata 2016-12-13  https://review.openstack.org/41043322:19
*** aludwar has quit IRC22:19
stevelleandymccr: the telemetry folks were pinched by this in their gate too22:19
andymccrso im thinking i just leave the ceilometer SHA at the version it was about a month ago (like in ^ PR) - but i guess i need to consider that it may not ever be within global reqs22:19
stevellenot in touch with the current status atm but can look again22:19
andymccrahh did not know that22:19
andymccrthey seemed ok with it for the last few weeks since i reported the bug :P22:19
*** chris_hultin is now known as chris_hultin|AWA22:19
stevelleiirc it was an oslo.messaging problem22:20
andymccrhmm22:20
*** aludwar has joined #openstack-ansible22:20
stevellewill try to look into it to be sure I'm current22:20
andymccrthat'd be great, i take it that means you think holding back the sha bump is the way forward (over deploying ceilometer ignoring reqs)22:21
stevellefor now yes22:21
andymccrwould be great if ceilometer was part of reqs though22:21
andymccrok im out for tonight. thanks for the help!22:22
openstackgerritNolan Brubaker proposed openstack/openstack-ansible-specs: Outline a pluggable inventory backend system  https://review.openstack.org/41034222:23
*** gouthamr has joined #openstack-ansible22:23
*** gouthamr has quit IRC22:24
*** gouthamr has joined #openstack-ansible22:24
*** dgonzalez has joined #openstack-ansible22:27
*** weezS has quit IRC22:30
*** smatzek has joined #openstack-ansible22:31
*** kstev has quit IRC22:32
*** cathrichardson has quit IRC22:33
*** maeker has joined #openstack-ansible22:36
*** jheroux has quit IRC22:45
stevellepalendae: next update can you add that spec to a Pike section in the index plz?22:48
dmsimardmgariepy: FYI there's issues with CentOS 7.3 (released yesterday) and qemu-kvm-ev 2.6.0 (released today) when using virt_type=qemu and cpu_mode=host-model. You need to use cpu_mode=none (like devstack does) or you'll run into something like this:22:48
dmsimardhttp://logs.openstack.org/76/409476/4/check/gate-puppet-openstack-integration-4-scenario003-tempest-centos-7/8881991/logs/libvirt/qemu/instance-00000001.txt.gz22:48
dmsimardSince this is provided by dependencies outside of OpenStack, you might run into this in any version >= Mitaka (not mentioning <= Liberty due to EOL)22:49
dmsimardI'm trying to get a post to openstack-dev/openstack-operators out about it.22:50
*** allanice001 has quit IRC22:50
*** adrian_otto has quit IRC22:50
*** jlockwood has joined #openstack-ansible22:56
*** vnogin has quit IRC23:02
*** BjoernT has quit IRC23:02
*** kjw3 has quit IRC23:06
*** woodard has joined #openstack-ansible23:08
*** gouthamr has quit IRC23:09
*** retreved has joined #openstack-ansible23:09
*** vnogin has joined #openstack-ansible23:09
*** woodard has quit IRC23:11
*** jmckind has quit IRC23:11
*** woodard has joined #openstack-ansible23:12
*** allanice001 has joined #openstack-ansible23:13
*** retreved_ has joined #openstack-ansible23:13
*** retreved has quit IRC23:14
*** smatzek has quit IRC23:23
*** klamath has quit IRC23:29
*** vnogin has quit IRC23:29
*** vnogin has joined #openstack-ansible23:31
*** agrebennikov_ has quit IRC23:32
*** retreved_ has quit IRC23:45
*** zz_pwnall1337 is now known as pwnall133723:48
*** chris_hultin|AWA is now known as chris_hultin23:52
*** tnewhous_ has joined #openstack-ansible23:53
*** tnewhous_ has quit IRC23:53
*** tnewhouse has quit IRC23:55
*** dxiri has quit IRC23:55
*** tnewhouse has joined #openstack-ansible23:55
*** dxiri has joined #openstack-ansible23:56
*** dxiri_ has joined #openstack-ansible23:57
*** sacharya has quit IRC23:57
« Monday, 2016-12-12 Index Wednesday, 2016-12-14 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!