Wednesday, 2017-03-29

« Tuesday, 2017-03-28 Index Thursday, 2017-03-30 »
*** markvoelker has joined #openstack-ansible00:01
*** shashank_t_ has quit IRC00:01
*** jwitk0 has quit IRC00:02
*** deadnull_ has quit IRC00:03
*** markvoelker has quit IRC00:05
*** cathrichardson has quit IRC00:08
*** cathrichardson has joined #openstack-ansible00:09
*** thorst has quit IRC00:12
*** schwicht has joined #openstack-ansible00:19
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_almanach master: Ensure the components are isolated from the system  https://review.openstack.org/45112400:22
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_almanach master: Ensure the components are isolated from the system  https://review.openstack.org/45112400:25
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance master: Ensure the components are isolated from the system  https://review.openstack.org/45112600:30
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_trove master: Ensure the components are isolated from the system  https://review.openstack.org/45112700:42
*** sanfern has quit IRC00:48
*** vnogin has quit IRC00:50
*** dxiri has quit IRC00:55
*** jamielennox is now known as jamielennox|away01:02
*** Mahe has quit IRC01:04
*** Mahe has joined #openstack-ansible01:04
*** smatzek has joined #openstack-ansible01:04
*** cpuga has joined #openstack-ansible01:06
*** dxiri has joined #openstack-ansible01:07
*** thorst has joined #openstack-ansible01:08
*** cuongnv has joined #openstack-ansible01:09
*** lkoranda has quit IRC01:11
*** fyu has quit IRC01:11
*** vnogin has joined #openstack-ansible01:12
*** thorst has quit IRC01:12
*** lkoranda has joined #openstack-ansible01:14
*** jamielennox|away is now known as jamielennox01:16
*** fyu has joined #openstack-ansible01:16
*** adrian_otto has quit IRC01:18
*** thorst has joined #openstack-ansible01:19
*** david-lyle has joined #openstack-ansible01:24
*** furlongm has quit IRC01:28
*** thorst has quit IRC01:29
*** SerenaFeng has joined #openstack-ansible01:32
*** cathrichardson has quit IRC01:33
*** cathrichardson has joined #openstack-ansible01:33
*** vnogin has quit IRC01:42
*** agrebennikov has quit IRC01:42
*** dxiri has quit IRC01:44
*** shashank_t_ has joined #openstack-ansible01:44
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_designate master: Ensure the components are isolated from the system  https://review.openstack.org/45113501:47
*** SerenaFeng has quit IRC01:50
*** poopcat has quit IRC01:51
*** acormier has joined #openstack-ansible01:52
*** weezS has quit IRC01:55
*** Oku_OS is now known as Oku_OS-away01:56
*** weezS has joined #openstack-ansible01:56
*** pramodrj07 has quit IRC01:58
*** MasterOfBugs has quit IRC01:58
*** dixiaoli has joined #openstack-ansible01:58
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_swift master: Ensure the components are isolated from the system  https://review.openstack.org/45113802:01
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_octavia master: Ensure the components are isolated from the system  https://review.openstack.org/45113902:05
*** rmelero_ has quit IRC02:14
*** rmelero has joined #openstack-ansible02:14
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_ironic master: Ensure the components are isolated from the system  https://review.openstack.org/45114402:18
*** rmelero has quit IRC02:19
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_ironic master: Ensure the components are isolated from the system  https://review.openstack.org/45114402:19
*** adrian_otto has joined #openstack-ansible02:22
openstackgerritRavi Kumar Boyapati proposed openstack/openstack-ansible master: update package locations path in repo-build play  https://review.openstack.org/45097302:23
*** SerenaFeng has joined #openstack-ansible02:24
*** adrian_otto has quit IRC02:27
*** thorst has joined #openstack-ansible02:30
*** poopcat has joined #openstack-ansible02:32
*** shashank_t_ has quit IRC02:33
*** david-lyle has quit IRC02:36
*** gouthamr has quit IRC02:37
*** poopcat has quit IRC02:40
*** poopcat has joined #openstack-ansible02:40
*** agrebennikov has joined #openstack-ansible02:42
*** gouthamr has joined #openstack-ansible02:44
*** sanfern has joined #openstack-ansible02:45
*** smatzek has quit IRC02:49
*** thorst has quit IRC02:49
*** woodard_ has quit IRC02:51
*** woodard has joined #openstack-ansible02:52
*** woodard has quit IRC02:56
*** acormier has quit IRC02:57
*** deepak_jon has quit IRC03:03
*** galstrom_zzz is now known as galstrom03:03
*** deepak_jon has joined #openstack-ansible03:03
openstackgerritzhongshengping proposed openstack/openstack-ansible-os_octavia master: Remove verbose option  https://review.openstack.org/45115303:03
*** deepak_jon has quit IRC03:09
*** deepak_jon has joined #openstack-ansible03:10
*** raginbajin has quit IRC03:14
*** zerick has quit IRC03:15
*** deepak_jon has quit IRC03:17
*** zerick has joined #openstack-ansible03:17
*** deepak_jon has joined #openstack-ansible03:18
*** dixiaoli has quit IRC03:18
*** gouthamr has quit IRC03:19
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_neutron master: Ensure the components are isolated from the system  https://review.openstack.org/45115603:20
*** raginbajin has joined #openstack-ansible03:21
*** agrebennikov has quit IRC03:23
*** dixiaoli has joined #openstack-ansible03:26
*** cmart has quit IRC03:28
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_neutron master: Ensure the components are isolated from the system  https://review.openstack.org/45115603:29
openstackgerritzhongshengping proposed openstack/openstack-ansible-os_neutron master: Remove min_l3_agents_per_router option  https://review.openstack.org/45116303:36
*** david-lyle has joined #openstack-ansible03:37
*** udesale has joined #openstack-ansible03:45
*** thorst has joined #openstack-ansible03:46
*** thorst has quit IRC03:51
*** galstrom is now known as galstrom_zzz03:51
*** SerenaFeng has quit IRC03:52
*** jrobinson has quit IRC03:52
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_ceilometer master: Ensure the components are isolated from the system  https://review.openstack.org/45116503:55
*** jrobinson has joined #openstack-ansible03:56
*** dxiri has joined #openstack-ansible03:56
*** Dinesh_Bhor has joined #openstack-ansible04:00
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_gnocchi master: Ensure the components are isolated from the system  https://review.openstack.org/45116604:00
*** dxiri has quit IRC04:10
*** dxiri has joined #openstack-ansible04:11
*** dxiri_ has joined #openstack-ansible04:13
*** dxiri_ has quit IRC04:13
*** dxiri_ has joined #openstack-ansible04:14
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_neutron master: Ensure the components are isolated from the system  https://review.openstack.org/45115604:16
*** dxiri has quit IRC04:16
*** schwicht has quit IRC04:17
*** dxiri_ has quit IRC04:17
*** dxiri has joined #openstack-ansible04:17
*** cjloader has joined #openstack-ansible04:18
*** dxiri_ has joined #openstack-ansible04:19
*** dxiri__ has joined #openstack-ansible04:20
*** dxiri has quit IRC04:23
*** dxiri_ has quit IRC04:24
*** dxiri has joined #openstack-ansible04:24
*** poopcat has quit IRC04:25
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_heat master: Ensure the components are isolated from the system  https://review.openstack.org/45116904:25
*** dxiri__ has quit IRC04:28
*** hybridpollo has quit IRC04:29
*** dixiaoli has quit IRC04:30
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_heat master: Ensure the components are isolated from the system  https://review.openstack.org/45116904:32
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_heat master: Ensure the components are isolated from the system  https://review.openstack.org/45116904:33
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_cloudkitty master: Ensure the components are isolated from the system  https://review.openstack.org/45117104:34
*** cjloader has quit IRC04:34
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_sahara master: Ensure the components are isolated from the system  https://review.openstack.org/45117204:37
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_aodh master: Ensure the components are isolated from the system  https://review.openstack.org/45117404:41
*** shashank_t_ has joined #openstack-ansible04:47
*** thorst has joined #openstack-ansible04:47
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_keystone master: Ensure the components are isolated from the system  https://review.openstack.org/45117604:48
*** thorst has quit IRC04:52
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_barbican master: Ensure the components are isolated from the system  https://review.openstack.org/45117804:55
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ops master: Ensure the components are isolated from the system  https://review.openstack.org/45117904:58
*** rmelero has joined #openstack-ansible04:59
*** askb has quit IRC05:07
*** askb has joined #openstack-ansible05:08
*** d3n14l has joined #openstack-ansible05:15
*** adrian_otto has joined #openstack-ansible05:26
*** dixiaoli has joined #openstack-ansible05:31
*** dixiaoli has quit IRC05:34
*** jimbaker` has joined #openstack-ansible05:38
*** jimbaker has quit IRC05:39
*** SerenaFeng has joined #openstack-ansible05:42
*** dxiri has quit IRC05:46
*** thorst has joined #openstack-ansible05:48
*** thorst has quit IRC05:52
*** NikhilS has joined #openstack-ansible05:54
*** shashank_t_ has quit IRC05:54
*** shashank_t_ has joined #openstack-ansible05:55
*** luzC has quit IRC05:55
*** luzC has joined #openstack-ansible05:56
*** dixiaoli has joined #openstack-ansible05:58
*** shashank_t_ has quit IRC05:59
*** jrobinson has quit IRC06:01
*** rmelero has quit IRC06:01
*** rmelero has joined #openstack-ansible06:02
*** rmelero has quit IRC06:06
*** jamielennox is now known as jamielennox|away06:10
*** Oku_OS-away is now known as Oku_OS06:12
*** weezS has quit IRC06:21
*** pcaruana has joined #openstack-ansible06:24
*** jamielennox|away is now known as jamielennox06:25
*** d3n14l has quit IRC06:29
*** pramod has joined #openstack-ansible06:31
*** lihi has quit IRC06:46
*** oanson has quit IRC06:48
*** thorst has joined #openstack-ansible06:49
*** jamielennox is now known as jamielennox|away06:50
*** udesale__ has joined #openstack-ansible06:52
*** thorst has quit IRC06:53
*** udesale has quit IRC06:53
*** McMurlock1 has joined #openstack-ansible06:54
*** jamielennox|away is now known as jamielennox06:57
*** muxdaemon has joined #openstack-ansible06:58
*** d3n14l has joined #openstack-ansible07:03
*** fxpester has joined #openstack-ansible07:09
*** foutatoro has joined #openstack-ansible07:10
*** fyu1 has joined #openstack-ansible07:11
*** fyu has quit IRC07:12
*** fyu1 is now known as fyu07:13
mpranjicmornin07:16
*** fabg has joined #openstack-ansible07:17
*** Matias has quit IRC07:27
*** Matias has joined #openstack-ansible07:39
*** muxdaemon has quit IRC07:40
*** d3n14l has quit IRC07:40
*** thorst has joined #openstack-ansible07:49
*** cpuga has quit IRC07:51
*** d3n14l has joined #openstack-ansible07:52
*** shardy has joined #openstack-ansible08:03
*** NikhilS has quit IRC08:04
hw_wutianweistevelle: hi, I want to know why set haproxy_state to disabled in line 81 in the file os-keystone-install.yml https://github.com/openstack/openstack-ansible/blob/master/playbooks/os-keystone-install.yml.08:07
*** NikhilS has joined #openstack-ansible08:07
*** thorst has quit IRC08:08
hw_wutianweistevelle: because of this, everytime I failed at the TASK [os_keystone : Ensure service tenant], see the log: http://paste.openstack.org/show/604410/08:11
hw_wutianweistevelle: when I set haproxy_state to enabled in line 81in the file os-keystone-install.yml. that task is ok08:12
*** dixiaoli has quit IRC08:13
*** jwitko has quit IRC08:14
*** adrian_otto has quit IRC08:16
*** jamielennox is now known as jamielennox|away08:17
*** dixiaoli has joined #openstack-ansible08:18
*** pbandark has joined #openstack-ansible08:20
*** muxdaemon has joined #openstack-ansible08:30
*** pramod has quit IRC08:33
*** karimb has joined #openstack-ansible08:35
*** karimb has quit IRC08:39
*** Amit82 has joined #openstack-ansible08:41
Amit82Hi All, I am installing Openstack Newton release using OSA 14.1.1 tag on Ubuntu 16.0408:41
*** karimb has joined #openstack-ansible08:41
Amit82While running "openstack-ansible setup-infrastructure.yml", I am facing this error: http://paste.openstack.org/show/604627/08:42
Amit82Any idea that how to get away from this problem?08:42
*** muxdaemon has quit IRC08:45
*** karimb has quit IRC08:46
*** dixiaoli_ has joined #openstack-ansible08:46
odyssey4meAmit82 retry08:46
odyssey4meif it persists, then check whether the cert is valid if you curl it08:47
odyssey4meif you're going through a proxy, disable cert validation08:47
*** karimb has joined #openstack-ansible08:48
*** dixiaoli has quit IRC08:48
odyssey4methe download happens from your deployment node08:48
*** esberglu has joined #openstack-ansible08:49
jrosser__odyssey4me: where is the right place to properly make an aio build work behind a proxy?08:49
jrosser__becasue it rewrites /etc/environment and loses the config there08:49
odyssey4mejrosser__ I've been meaning to update https://docs.openstack.org/project-deploy-guide/openstack-ansible/draft/app-limited-connectivity.html with content from https://blog.christophersmart.com/2016/08/09/setting-up-openstack-ansible-all-in-one-behind-a-proxy/08:50
*** vnogin has joined #openstack-ansible08:50
odyssey4meif you feel up to doing that, I'd be glad to review it08:51
jrosser__it felt like the bootstrap-aio playbook should look for an existing proxy environment variable08:51
jrosser__then it could correctly rewrite /etc/environment and make the necessary entries in user_variables.yml08:52
odyssey4mebootstrap-ansible does, and bootstrap-aio just uses ansible which relies on the env vars being exported ahead of time08:52
odyssey4meyeah, I suppose some tasks could be added to do that08:52
odyssey4meif we can make it easier to use, I'm all for it08:52
*** esberglu has quit IRC08:53
Amit82odyssey4me: I will re-run the playbook08:54
jrosser__yes becasue as it stands you have to set your host up to use a proxy for bootstrap-ansible08:54
jrosser__then bootstrap-aio sort of breaks that a bit08:54
Amit82In my setup, Infra node is the deployment node08:54
evrardjpjrosser__: that sounds like a bug then08:55
*** vnogin has quit IRC08:55
odyssey4mehow does it get broken? that sounds odd08:56
jrosser__hmm this was late last night :)08:57
odyssey4meevrardjp any thoughts on a better way to resolve this issue? https://review.openstack.org/45097308:57
jrosser__basically i need to configure my /etc/environment myself to get boostrap-ansible to work through the proxy08:57
odyssey4mejrosser__ I would expect that you typically have already done so if you're behind a proxy?08:58
jrosser__and then at some point, that file gains an "# Ansible managed" and the proxy lines are then miissing08:58
odyssey4meah, I don't think that's in bootstrap-aio - I think that's in openstack_hosts08:58
jrosser__quite likley, i'm just pulling on the string trying to find where on earth it happens!08:59
odyssey4mein openstack_hosts we write proxy config into /etc/environment... and we probably shouldn't just overwrite the existing file08:59
odyssey4mewe should perhaps *add* to it, but not replace it08:59
evrardjpodyssey4me: sure I'll have a look08:59
jrosser__it should also trigger the right things being put in user_variables.yml08:59
odyssey4mejrosser__ https://github.com/openstack/openstack-ansible-openstack_hosts/blob/master/tasks/openstack_proxy_settings.yml09:00
jrosser__then you'd be good to just follow the instructions and have to do nothing special09:00
odyssey4meyes, bootstrap-host could do that, but that won't help for a multi-node environment09:00
odyssey4memy concern here is that we're simply overwriting a host's environment file, but a kick process may have added all sorts of things in there09:00
odyssey4meI think instead we should replace that template task with a lineinfile task that does much the same thing09:01
odyssey4meit'll retain the functionality without overwriting an existing environment file09:02
odyssey4methat functionality was added back in kilo :)09:02
jrosser__ah global_environment_variables09:02
pjm6morning all09:02
jrosser__i raised another bug about that yesterday09:02
jrosser__this is related to proxies also https://bugs.launchpad.net/openstack-ansible/+bug/167700709:03
openstackLaunchpad bug 1677007 in openstack-ansible "Documentation bug - proxy config" [Undecided,New]09:03
odyssey4mejrosser__ will you push up a patch to resolve this?09:03
jrosser__i wasnt sure what the right fix was09:04
*** thorst has joined #openstack-ansible09:05
odyssey4mehmm, for that bug I'm not sure I understand what you're saying there09:05
*** karimb has quit IRC09:05
jrosser__as global_environment_variables and proxy_env_url kind of desrribe the same thing09:05
jrosser__well, for the purposes of proxies, anyway09:05
odyssey4mewell, global_environment_variables is more universal09:06
*** vnogin has joined #openstack-ansible09:06
odyssey4meyou can put any arbitrary key/value pair in there09:06
*** manheim has joined #openstack-ansible09:06
odyssey4meit just hapens to be useful for proxy environment setting09:06
*** manheim has quit IRC09:07
*** manheim has joined #openstack-ansible09:07
odyssey4meok, let me put together a patch to address the environment file overwrite09:07
odyssey4mewith regards to the bug, proxy_env_url and no_proxy_env are not supposed to be used anywhere but in the lines below09:08
odyssey4methey just provide a shortcut to re-use the same definition inside the global_environment_variables09:08
jrosser__i think they may pop up in the repo build09:09
odyssey4mehmm, interesting - that should be unintentional09:09
*** thorst has quit IRC09:09
odyssey4mehah, you're right09:10
odyssey4methere's a clash in that name with apt-cacher-ng09:10
jrosser__you much quicker than me at finding this stuff :)09:10
odyssey4mehttp://codesearch.openstack.org/?q=proxy_env_url&i=nope&files=&repos=09:11
odyssey4mecodesearch is your friend09:11
*** electrofelix has joined #openstack-ansible09:11
odyssey4methat doesn't look like it should be a problem though09:11
odyssey4mehmm, I wonder if the environment file is copied into the containers09:12
jrosser__this is why i was unsure what the correct fix for that bug was09:12
jrosser__and if it really involved fixing a role instead09:12
odyssey4mehmmm, it is not09:12
evrardjpodyssey4me:  pkg_locations: "{{ playbook_dir }}/../" ?09:12
odyssey4meso I wonder how we expect containers to be able to use a proxy09:13
odyssey4meevrardjp ah, that sounds better :)09:13
odyssey4meanything to avoid that horrible bash nonsense task09:13
jrosser__in my AIO the /etc/environment files are filled out to use a proxy09:13
evrardjpit should be jinja parsed so it should be alright09:13
jrosser__as per global_environment_variables09:14
evrardjpodyssey4me: well I guess the problem will be for wrappers like logan-'s or rpc's, but we override pkg_locations anyway09:15
odyssey4mejrosser__ yeah, it looks like we do that here: https://github.com/openstack/openstack-ansible-lxc_container_create/blob/master/templates/environment.j209:15
evrardjpso it should be fine09:15
odyssey4meevrardjp yeah, the option is there to override09:16
odyssey4meif you could suggest that as a replacement in review I'd appreciate it09:16
*** pmannidi has quit IRC09:16
odyssey4mejrosser__ ok, so my suggestion is twofold here09:16
odyssey4me1 - we don't overwrite the host environments file, we just add to it09:17
odyssey4methis will ensure that if someone already has configured a proxy, they don't have to know about our variable to set those things09:17
odyssey4me2 - we do the same for containers09:18
odyssey4medoes that sound reasonable?09:18
Amit82odyssey4me: Faced the same error. So, how can I disable certificate validation as per the msg "You can use validate_certs=False"09:18
odyssey4meoh interesting, we used to use lineinfile: https://github.com/openstack/openstack-ansible-lxc_container_create/commit/f2646d36d89548bd7ed4154aa0ef75a86d94b7b509:19
odyssey4meAmit82 it appears that we don't have a var for that - if you could patch a var for that into the task I'd appreciate it09:20
jrosser__odyssey4me: yes that will certainly be good not to clobber existing /etc/environment09:20
jrosser__Amit82: do you mean more than pip_validate_certs: false09:21
jrosser__and galera_package_download_validate_certs: false09:21
jrosser__?09:21
pjm6anyone here knows where's the location of inject password from horizon ? I have that option enabled in OSA but I can't find in the gui09:22
odyssey4mepjm6 it probably is not available in the GUI09:22
odyssey4mebut I don't know for sure09:22
pjm6odyssey4me, i know that in other versions were (at least liberty or mitaka if not in mistake) in the ocata can't find it :/09:23
Amit82odyssey4me: I am completely naive to the Ansible, just using it for deploying Openstack09:23
odyssey4meAmit82 jrosser__ yeah, this task needs the ability to disable cert verification: https://github.com/openstack/openstack-ansible-haproxy_server/blob/master/tasks/haproxy_install_hatop.yml#L1609:23
odyssey4meah ok, let me do a quick patch then09:23
jrosser__i have those two lines in my user_variables.yml and all this is OK behing a proxy09:23
pjm6odyssey4me, https://access.redhat.com/webassets/avalon/d/Red_Hat_OpenStack_Platform-8-Instances_and_Images_Guide-en-US/images/a28d3db71ad5ab400110bbc75ac3b604/dashboard.png09:25
odyssey4meAmit82 as a workaround for now, set this in your useR_variables.yml file: haproxy_hatop_download_url: "http://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/hatop/hatop-0.7.7.tar.gz"09:26
odyssey4meyou'll notice that I removed the 's' from 'https'09:26
odyssey4meit seems to work09:26
odyssey4mejrosser__ it's likely that Amit82 has some sort of TLS proxying going on09:26
odyssey4mepjm6 oh ok, perhaps it is supposed to be there then :)09:27
jrosser__ah right - ours is simpler than that and doesnt interfere with certs09:27
pjm6yeah odyssey4me, the problem is that i don't find that option in Ocata xD09:28
jrosser__i also note that the external connectivity test isn't proxy friendly either09:28
pjm6I asked in horizon channel to see if someone has tips09:28
Amit82odyssey4me: So you are suggesting to add "pip_validate_certs: false" and "galera_package_download_validate_certs: false" in user_variables.yml as a workaround?09:30
odyssey4meAmit82 no, but that will help you later on09:31
Amit82or you are suggesting to add this complete line in user_variables.yml: "haproxy_hatop_download_url: "http://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/hatop/hatop-0.7.7.tar.gz""09:31
odyssey4meI'm suggesting that you add the above-mentioned key/value pair as a workaround09:32
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-haproxy_server master: Allow cert validation for hatop download to be disabled  https://review.openstack.org/45128709:32
Amit82odyssey4me, jrosser__: thanks, I will try with it09:33
odyssey4mejrosser__ Amit82 ^ that patch provides the option to disable cert validation for the hatop download09:33
odyssey4meonce that merges I'll update the docs09:33
odyssey4mejrosser__ ok, so to prevent the issue that we moved to using a template for the environment file... I think I may need to use something similar to what's been done in the security role for the SSHD config: https://github.com/openstack/openstack-ansible-security/blob/master/tasks/rhel7stig/sshd.yml#L4309:36
odyssey4methat gives the best of both worlds09:36
odyssey4methe existing content will remain, and new content can be added to it, but if you remove content from global_environment_variables it will still be removed09:37
odyssey4meI'm sure that evrardjp will school me on a more elegant alternative in review :p09:37
* odyssey4me goes to get more coffee09:37
evrardjpcoffee is the trick!09:38
*** manheim has quit IRC09:41
*** messy has quit IRC09:46
*** muxdaemon has joined #openstack-ansible09:49
*** d3n14l has quit IRC09:52
*** McMurlock1 has quit IRC09:54
*** SerenaFeng has quit IRC09:58
*** karimb has joined #openstack-ansible09:59
*** messy has joined #openstack-ansible09:59
*** manheim has joined #openstack-ansible10:00
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-openstack_hosts master: Update instead of replacing the environment file  https://review.openstack.org/45130310:01
*** stuartgr has joined #openstack-ansible10:01
odyssey4me^ jrosser__ if you could test that out I'd appreciate it10:02
jrosser__ok will take a look10:04
*** thorst has joined #openstack-ansible10:05
*** karimb has quit IRC10:07
*** foutatoro has quit IRC10:07
openstackgerritMerged openstack/openstack-ansible-ops master: Ensure the components are isolated from the system  https://review.openstack.org/45117910:08
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-lxc_container_create master: Update instead of replacing the environment file  https://review.openstack.org/45130910:10
*** thorst has quit IRC10:10
odyssey4mejrosser__ ^ and there's the partner for the containers10:10
odyssey4mejrosser__ I find myself wondering though, does the lxc_hosts role execute the cache prep in a proxy environment without intervention?10:11
odyssey4meI'd be curious to understand how, because it has no proxy config in it10:11
*** foutatoro has joined #openstack-ansible10:11
odyssey4meif it does, are you using local mirrors for everything that doesn't need proxy config?10:11
*** fabg has quit IRC10:12
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-lxc_hosts master: Copy host environment file into cache  https://review.openstack.org/45131410:15
odyssey4me^ jrosser__ that should take care of that situation10:15
jrosser__we don't have local mirrors10:15
*** karimb has joined #openstack-ansible10:16
jrosser__it's a squid cache with giant ram very local to the deployment and behind that is another squid out to the internet10:16
*** udesale__ has quit IRC10:17
odyssey4meit's odd, then, how the apt install stuff in the cache chroot was able to work then10:17
odyssey4meandymccr something I'm not sure you're aware of - in order to subscribe to the global requirements process, the repo name has to be in https://github.com/openstack/requirements/blob/master/projects.txt - so for any of our new repositories we should ensure that they're included, assuming that they want to subscribe to the process10:18
andymccrodyssey4me: ahh - yeah good reminder. i'll do a quick check and see which ones are in and which aren't10:19
*** lostRhino has joined #openstack-ansible10:20
*** lostRhino has quit IRC10:20
*** cuongnv has quit IRC10:21
openstackgerritMerged openstack/openstack-ansible-os_barbican master: Ensure the components are isolated from the system  https://review.openstack.org/45117810:22
Amit82odyssey4me, jrosser__: thanks, it worked. setup-infrastructure.yml is successful.10:23
openstackgerritMerged openstack/openstack-ansible-os_sahara master: Ensure the components are isolated from the system  https://review.openstack.org/45117210:23
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-lxc_container_create master: Update instead of replacing the environment file  https://review.openstack.org/45130910:25
openstackgerritMerged openstack/openstack-ansible-os_heat master: Ensure the components are isolated from the system  https://review.openstack.org/45116910:26
openstackgerritMerged openstack/openstack-ansible-os_glance master: Ensure the components are isolated from the system  https://review.openstack.org/45112610:28
*** d3n14l has joined #openstack-ansible10:29
openstackgerritMerged openstack/openstack-ansible-os_keystone master: Ensure the components are isolated from the system  https://review.openstack.org/45117610:29
*** McMurlock1 has joined #openstack-ansible10:30
*** pester has joined #openstack-ansible10:31
*** fxpester|2 has joined #openstack-ansible10:31
*** pester has quit IRC10:35
*** fxpester has quit IRC10:35
*** deepak_jon has quit IRC10:45
*** deepak_jon has joined #openstack-ansible10:46
openstackgerritMerged openstack/openstack-ansible-os_aodh master: Ensure the components are isolated from the system  https://review.openstack.org/45117410:51
*** karimb has quit IRC10:52
*** sanfern has quit IRC10:55
openstackgerritMerged openstack/openstack-ansible-os_designate master: Ensure the components are isolated from the system  https://review.openstack.org/45113510:56
*** qiliang27 has quit IRC10:58
*** qiliang27 has joined #openstack-ansible10:58
Amit82While running setup-openstack.yml playbook, on console, I am observing these warnings: http://paste.openstack.org/show/604638/11:01
Amit82Are these harmless?11:01
openstackgerritMerged openstack/openstack-ansible-os_cinder master: Ensure the components are isolated from the system  https://review.openstack.org/45111611:03
*** rgogunskiy has joined #openstack-ansible11:04
*** thorst has joined #openstack-ansible11:06
*** deepak_jon has quit IRC11:09
*** deepak_jon has joined #openstack-ansible11:09
odyssey4meAmit82 yes11:09
*** thorst has quit IRC11:11
andymccrodyssey4me: cloudnull I added you both to a review for that machine readable sample conf patch: https://review.openstack.org/#/c/451081/ if you get a chance to take a look and provide feedback would be amaze (anybody else interested is welcome too of course!)11:14
*** muxdaemon has quit IRC11:20
Amit82odyssey4me: ok, thanks11:20
*** karimb has joined #openstack-ansible11:25
*** jamesdenton has joined #openstack-ansible11:27
openstackgerritMerged openstack/openstack-ansible stable/ocata: Update role SHA's to get CentOS working  https://review.openstack.org/45022411:29
openstackgerritMerged openstack/openstack-ansible stable/ocata: deploy-guide: fix small rst format issues  https://review.openstack.org/45089811:29
*** smatzek has joined #openstack-ansible11:31
*** jamesden_ has joined #openstack-ansible11:31
*** jamesdenton has quit IRC11:31
*** fabg has joined #openstack-ansible11:31
*** karimb has quit IRC11:32
*** muxdaemon has joined #openstack-ansible11:36
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-pip_install master: Resolve user_external_repo deprecation warnings  https://review.openstack.org/45134711:36
odyssey4meevrardjp ^ will that do the right thing?11:36
evrardjpOh I thought I did it.11:37
evrardjpyes that should do the trick11:37
*** karimb has joined #openstack-ansible11:37
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-pip_install master: Resolve user_external_repo deprecation warnings  https://review.openstack.org/45134711:37
evrardjpwell I didn't try, but I think it should11:37
odyssey4mesmall edit to add the related bug11:38
evrardjpI was planning to do it I guess, sorry.11:38
evrardjpBut "you stole my bug"11:38
odyssey4methat's ok, I'm used to cleaning up your mess :p11:39
odyssey4meI took your jerb11:39
*** spotz is now known as spotz_zzz11:40
evrardjp><11:40
odyssey4meinterestingly, though, the role test doesn't show the deprecation warning11:41
odyssey4meonly the integrated build does11:41
evrardjpmaybe the var is defined in the the vars of the role11:41
evrardjpI don't know11:41
evrardjpworth investigating!11:42
odyssey4meany thoughts on these patches? https://review.openstack.org/#/q/topic:be-kind-to-the-environment11:42
*** karimb has quit IRC11:43
*** karimb has joined #openstack-ansible11:44
mhaydengood morning11:45
andymccrodyssey4me: my initial thought is that the branch name is +2 :P11:47
*** sanfern has joined #openstack-ansible11:47
andymccrim gonna get some lunch. i'll bbiab and will take a look11:48
odyssey4me:)11:48
*** retreved has joined #openstack-ansible11:49
*** dixiaoli_ has quit IRC11:49
*** askb has quit IRC11:49
*** dixiaoli has joined #openstack-ansible11:50
odyssey4meevrardjp lbragstad dolphm so, with regards to our discussion yesterday related to the policy file11:52
odyssey4mewhat do you think is the best strategy for replacement11:52
*** pbandark is now known as pbandark`brb11:52
odyssey4me1 - replace the policy file, then immediately restart the service11:52
odyssey4me2 - when the service restarts, move the new policy file into place afterwards11:53
odyssey4meI think option 2 may just work better and should work considering that the policy file is continually read11:54
*** dixiaoli has quit IRC11:54
*** thorst has joined #openstack-ansible11:54
evrardjpodyssey4me: notifying from the handler that restarts the service should do the trick for 2-11:57
odyssey4meyep, that's what I'm prepping - ie option 211:57
evrardjp"Reload policy file"11:57
*** spotz_zzz is now known as spotz11:58
*** karimb has quit IRC11:59
evrardjpodyssey4me: we would have to think about it in details 'though12:05
evrardjpsee the impact of templating it afterwards12:05
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone master: Source template files from git or deploy host  https://review.openstack.org/44623512:05
odyssey4me^ so that's going to try it out12:06
evrardjpmhayden: are you there?12:06
odyssey4meI don't know what's going to happen for a new deployment with that enabled. We'll have to see.12:06
mhaydensi12:06
*** karimb has joined #openstack-ansible12:07
*** mpranjic has quit IRC12:10
dolphmodyssey4me: ideally, you'd replace it while the service was down12:11
dolphmodyssey4me: any other scenario will have race conditions12:11
dolphmodyssey4me: but replacing it late would absolutely be the lesser of the two evil options :P12:12
odyssey4medolphm so instead of actioning a restart, we should ideally do shut down, move policy file into place, start12:14
dolphmodyssey4me: i think that's the safest solution, yes.12:15
dolphmodyssey4me: otherwise, your solution is better than the current behavior, for sure12:15
odyssey4mewe're orchestrating the restart across the nodes, we do it on the first and then the rest12:16
odyssey4mewhat happens when the policy file is different between one node and the others?12:16
*** SerenaFeng has joined #openstack-ansible12:16
dolphmodyssey4me: nothing unexpected12:16
odyssey4meok, lemme revise to that course of action then12:17
dolphmodyssey4me: the same request might get a 200 and then a 403 and then a 200? but i'd call that expected if you're rolling out such a policy change12:17
odyssey4meif that's the best, then that's what we want12:17
dolphmodyssey4me: in this case, our policy *should* not be changing. the old defaults in policy.json are just moved into code12:17
odyssey4meyeah, I'm just thinking about a config change on the deployer's part12:18
*** SerenaFeng has quit IRC12:18
dolphmodyssey4me: i think swapping it while it's offline will prevent surprises in the future - i don't actually see anything wrong with swapping it "late" in this specific case12:18
*** udesale has joined #openstack-ansible12:25
*** bauruine_ has quit IRC12:27
openstackgerritMerged openstack/openstack-ansible-os_zaqar master: Deprecate auth_plugin option  https://review.openstack.org/44837312:28
*** schwicht has joined #openstack-ansible12:28
*** acormier has joined #openstack-ansible12:30
*** bauruine has joined #openstack-ansible12:32
*** Andrew_jedi has joined #openstack-ansible12:35
*** cathrichardson has quit IRC12:35
*** schwicht has quit IRC12:35
mgariepymorning12:36
*** schwicht has joined #openstack-ansible12:38
*** vnogin has quit IRC12:42
*** vnogin has joined #openstack-ansible12:43
*** acormier has quit IRC12:44
openstackgerritMerged openstack/openstack-ansible-os_neutron master: Deprecate auth_plugin option  https://review.openstack.org/44836512:44
mhaydenevrardjp: just fixed osa-differ -> https://pypi.org/project/osa_differ/#files12:45
*** shashank_t_ has joined #openstack-ansible12:45
*** gouthamr has joined #openstack-ansible12:47
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone master: Source template files from git or deploy host  https://review.openstack.org/44623512:47
odyssey4mejmccrory dolphm lbragstad ^ I'd appreciate a good look through that. It changes the policy file when the service is down, still retains the co-ordinated restart but does it in what I think is a slightly more sensible way12:48
odyssey4meevrardjp your thoughts would be most appreciated too12:48
*** Deys has joined #openstack-ansible12:48
*** bauruine has quit IRC12:49
odyssey4meandymccr ^ when you have a gap to look too I'd appreciate it12:49
dolphmodyssey4me: awesome12:49
*** shashank_t_ has quit IRC12:50
*** agrebennikov has joined #openstack-ansible12:50
*** Andrew_jedi has quit IRC12:50
andymccrodyssey4me: looking now12:51
*** bauruine has joined #openstack-ansible12:51
odyssey4meassuming that actually works, it's a model we can apply across other services12:52
odyssey4meto be fair, that's two changes combined into one12:52
odyssey4meI could perhaps do the handler changes in a separate patch first, then do the policy patch after12:52
openstackgerritMarkus Zoeller (markus_z) proposed openstack/openstack-ansible master: deploy-guide + dev docs: fix info about branches/releases/tags  https://review.openstack.org/45138612:55
*** markus_z has joined #openstack-ansible12:55
*** schwicht has quit IRC12:55
*** SerenaFeng has joined #openstack-ansible12:56
*** karimb_ has joined #openstack-ansible13:11
*** karimb has quit IRC13:12
*** cathrichardson has joined #openstack-ansible13:13
*** Deys has quit IRC13:14
*** klamath has joined #openstack-ansible13:14
*** klamath has quit IRC13:14
*** klamath has joined #openstack-ansible13:15
*** schwicht has joined #openstack-ansible13:19
*** lostRhino has joined #openstack-ansible13:22
*** Matias has quit IRC13:25
lostRhinohello all - was wondering if I could get a little assistance on the following error :  http://paste.openstack.org/show/604655/13:27
lostRhinoAm I missing something on my buid or am I setting a variable incorrectly?13:28
*** Deys has joined #openstack-ansible13:28
*** smatzek has quit IRC13:29
andymccrlostRhino: does this resove? --index-url=https://our-internal-devpi-server/13:32
lostRhinoyes13:32
*** Matias has joined #openstack-ansible13:37
*** Amit82 has quit IRC13:38
*** dmsimard is now known as dmsimard|afk13:39
lostRhinoI dont understand why the “Install pip packages” passes (or it appears to pass)  but the fall back mode fails13:39
andymccrlostRhino: it'll ignore failures so that there is a fallback its basically a "try this, if it doesnt work try this other thing" if you flat out fail it will stop there.13:40
lostRhinodid it get through the other 79 packages or is it possible it chose that one first??13:41
odyssey4meandymccr ok, based on your feedback I'll do a separate patch to change this pattern13:42
odyssey4menot having separation of uWSGI and the web server definitely complicates this13:42
andymccrthe command seems to fail on the ndg-httpsclient version not being available - it looks like it tried to install requests and that package.13:42
odyssey4meso I'll combine a switch to always use uWSGI with a change in the handlers13:42
andymccrbut given the paste its hardto see more :)13:42
andymccrodyssey4me: awesome yeah - i think uWSGI + apache works with our current federation story right?13:43
andymccrit feels way more complicated than it should be right now so yeah maybe we can just uncomplicated it first. happy to work with you on that since im doing thenova role right now13:43
odyssey4meyep13:43
odyssey4meFYI we would still have to swtop uWSGI, copy file, start uWSGI13:43
odyssey4methe whole reason is that while keystone is running is constantly reads the file, so if it's already running it will pick up the new changes before you expect it to13:44
andymccrodyssey4me: isnt the issue with that that hte newer policy may not work with the old keystone?13:44
andymccre.g. if i reload uwsgi first then its a newer keystone - drop file - it reads it in, and all is good?13:44
odyssey4meandymccr well, yes - the new policy gets consumed by the old keystone13:45
lostRhinoandymccr: what other information can I provide to help out?13:45
andymccreither way - just stopping uwsgi for keystone on one host is probably not so bad.13:45
odyssey4meand really it's an issue of atomicity - the new policy (even for just a re-config) gets used by the service before you've actually actioned the restart (which is when you expect it to)13:45
andymccrlostRhino: it looks like your index-url server doesnt have the package version required - although a good debug step is to try manually run the commands on the host (since all ansible does is ssh to hosts and run commands)13:45
odyssey4meI'm guessing that this is an issue across all services13:45
andymccrodyssey4me: is it an issue if you restart the service (e.g. new keystone runs with older policy file) and then drop policy file? i get the atomicity of it.13:46
*** esberglu has joined #openstack-ansible13:46
odyssey4memy previous patch set did that, and it was working13:47
odyssey4mebut in discussing that approach with dolphm he said that's ok, but not the best way13:47
odyssey4methe best way is to switch them out when the service is down13:47
*** kstev has joined #openstack-ansible13:47
odyssey4mea 'lazy load' is a second best option13:47
odyssey4mea bit of a band-aid really13:47
odyssey4meanother way to do this is that instead of copying the file, we could use a handler to template it13:48
odyssey4mebut that does make finding the task a little confusing13:48
andymccrodyssey4me: ahh ok13:49
lostRhinoandymccr: I logged onto the server and checked to see if the package was installed/or not13:50
andymccrwell if the keystone devs recommend a restart i will not be arguing :D13:50
lostRhinopip install ndg-httpsclient13:50
lostRhinoRequirement already satisfied: ndg-httpsclient in /usr/lib/python2.7/dist-packages13:50
andymccrlostRhino: can you check the version? it should be 0.4.213:50
andymccrlostRhino: as an aside he key thing is "No matching distribution found for ndg-httpsclient===0.4.2" - so check the repo server has that package version available13:51
andymccr*the13:51
*** jamesden_ has quit IRC13:52
lostRhinointeresting : http://paste.openstack.org/show/604660/13:52
*** kstev has quit IRC13:52
*** kstev has joined #openstack-ansible13:52
andymccrlostRhino: so that's the problem - your repo doesn't have the correct version of ndg-httpsclient so it's failing on that.13:54
*** smatzek has joined #openstack-ansible13:55
agrebennikovevrardjp odyssey4me mind taking a look at https://review.openstack.org/#/c/425997/32 please?13:56
openstackgerritGerman Eichberger proposed openstack/openstack-ansible-os_octavia master: Adds iptables rules to protect octavia server container  https://review.openstack.org/44715113:59
*** rmelero has joined #openstack-ansible14:04
*** lucasxu has joined #openstack-ansible14:07
*** marst has quit IRC14:09
*** rboyapat has joined #openstack-ansible14:10
*** udesale has quit IRC14:11
lbragstadodyssey4me looking, thanks14:11
*** cmart has joined #openstack-ansible14:13
mgariepylogan-, are you around?14:13
mgariepyi have some question for the ceph role issue on Centos.14:14
mgariepyhmm it's failing on ubuntu as well... didn't saw that..14:16
*** weezS has joined #openstack-ansible14:16
openstackgerritAndy McCrae proposed openstack/openstack-ansible-os_nova master: [WIP] Move to use UWsgi + upstream NGinx for Nova  https://review.openstack.org/45142514:19
*** marst has joined #openstack-ansible14:19
*** acormier has joined #openstack-ansible14:19
*** foutatoro has quit IRC14:20
*** Andrew_jedi has joined #openstack-ansible14:21
*** rgogunskiy has quit IRC14:24
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_neutron master: Ensure the components are isolated from the system  https://review.openstack.org/45115614:26
*** mpranjic has joined #openstack-ansible14:26
*** shashank_t_ has joined #openstack-ansible14:28
*** d3n14l has left #openstack-ansible14:29
openstackgerritRavi Kumar Boyapati proposed openstack/openstack-ansible master: update package locations path in repo-build play  https://review.openstack.org/45097314:30
*** adrian_otto has joined #openstack-ansible14:34
*** NikhilS has quit IRC14:37
*** galstrom_zzz is now known as galstrom14:41
*** cmart has quit IRC14:41
cloudnullalextricity25: do you know what the state of the ceilo repo is?  looks like the gate is totally busted https://review.openstack.org/#/c/451165/14:43
*** manheim has quit IRC14:44
*** fxpester|2 has quit IRC14:44
openstackgerritAndy McCrae proposed openstack/openstack-ansible-os_swift master: Fix "pretend_min_part_hours" for MR swift tests  https://review.openstack.org/45144414:45
*** manheim has joined #openstack-ansible14:45
lostRhinoandymccr: changed the pip_install_options from —index-url=https://our-internal-devpi-server/ --trusted-host our-internal-devpi-server  to just —upgrade and it seemed to have fixed my problem so far… just an FYI14:46
lostRhinothanks for your help14:46
*** Andrew_jedi_ has joined #openstack-ansible14:47
*** Andrew_jedi has quit IRC14:47
*** Andrew_jedi_ is now known as Andrew_jedi14:47
andymccrlostRhino: no problem!14:48
*** SerenaFeng has quit IRC14:48
*** lostRhino has left #openstack-ansible14:51
openstackgerritGerman Eichberger proposed openstack/openstack-ansible-os_octavia master: Adds iptables rules to protect octavia server container  https://review.openstack.org/44715114:51
markus_zI think I ran into https://bugs.launchpad.net/openstack-ansible/+bug/1672728 What's the typical debug information you need me to attach?14:55
openstackLaunchpad bug 1672728 in openstack-ansible "keystone fails to install, missing libgsasl-devel on CentOS 7" [Undecided,Incomplete] - Assigned to Andy McCrae (andrew-mccrae)14:55
*** Andrew_jedi has quit IRC14:56
*** manheim has quit IRC14:56
andymccrmarkus_z: what version of OSA are you running? I think that one should be fixed14:57
markus_zandymccr: I checked out "15.0.0"14:57
markus_zI followed the aio quickstart guide.14:58
andymccrmarkus_z: ahh that makes sense, that reminds me Ocata hasn't had a second release yet (that happens this week) - we'll need to update the quickstart guide to use 15.1.0 once that is released.14:58
andymccrmarkus_z: we had some issues with our CentOS/RHEL repo setup bits. which should now be resolved, but the fixes are in 15.1.0 which is coming tomorrow (at least it should be!)14:59
andymccryou could use the current head of stable/ocata instead of the 15.0.0 tag14:59
andymccrif you do try that and could confirm if that has worked or not - that'd be great15:00
markus_zandymccr: ahh, ok, yeah, I'll do that.15:00
markus_zandymccr: FWIW, I pushed a change regarding the "last_tag" magic in the docs: https://review.openstack.org/#/c/451386/115:00
*** Deys has quit IRC15:00
odyssey4meandymccr the tag will auto-update with every new tag15:00
openstackgerritMerged openstack/openstack-ansible-os_cinder master: Do a whole word grep  https://review.openstack.org/44314215:00
markus_zIIUC, the docs need no update after that15:00
odyssey4methe docs automatically detect the last published tag and put them into the docs :)15:01
andymccrodyssey4me: ahh sweet :D15:01
*** Andrew_jedi has joined #openstack-ansible15:01
markus_zodyssey4me: yes, right, but on master and not the latest stable15:01
andymccrcommunity!15:01
odyssey4memarkus_z it depends which docs you're looking at15:01
odyssey4methe stable branch docs will show the latest tag for that branch15:01
odyssey4methe draft/master docs will show the latest tag done on the master branch15:02
markus_zodyssey4me: I'm looking at: https://docs.openstack.org/developer/openstack-ansible/developer-docs/quickstart-aio.html15:02
odyssey4memarkus_z see https://docs.openstack.org/developer/openstack-ansible/ocata/developer-docs/quickstart-aio.html :)15:02
markus_zahhh, I'm using the wrong URL, right?15:02
*** cpuga has joined #openstack-ansible15:02
odyssey4meor https://docs.openstack.org/developer/openstack-ansible/newton/developer-docs/quickstart-aio.html15:02
markus_zdang it15:02
odyssey4meyeah, unfortunately dev docs don't make it obvious15:02
markus_zOK, that makes my patch obsolete I guess :)15:03
odyssey4meideally we should probably put something in the tag detection which changes the tag to master for the master branch or something15:03
odyssey4mewe do the funky business here: https://github.com/openstack/openstack-ansible/blob/master/doc/source/conf.py#L30215:04
odyssey4methen you'll see in https://raw.githubusercontent.com/openstack/openstack-ansible/master/doc/source/developer-docs/quickstart-aio.rst we only use '|latest_tag|'15:04
odyssey4methis means that when we make a new branch, the docs auto-update15:04
*** Andrew_jedi has quit IRC15:05
markus_zI was confused, because the master docs say I should checkout "15.0.0.RC1" which was earlier than the ocata release :/15:07
*** manheim has joined #openstack-ansible15:11
*** dmsimard|afk is now known as dmsimard15:11
dolphmodyssey4me: another idea... what if the path to policy.json was release-specific?15:14
odyssey4meyeah, that'll be like that until the first milestone of Pike, unless someone patches it up to do something else ;)15:14
odyssey4medolphm yeah, evrardjp suggested that perhaps we have an openstack_release folder/file name that's used15:14
dolphmodyssey4me: config itself isn't reloaded, so you could have two policy files on disk at once, and whenever the service restarts with new code, it would pick up new config, and therefore be pointed to the correct policy file15:14
odyssey4mebut that doesn't give atomicity when doing a config change within the same release15:14
dolphmodyssey4me: true15:15
* dolphm only has the major upgrades hat on15:15
*** cpuga has quit IRC15:15
odyssey4mewe could obviously use the release tag number for the '.new' file, and do the copy mechanism15:16
*** cpuga has joined #openstack-ansible15:16
odyssey4mewe'd always leave an old policy file behind then when upgrading from one tag to the next15:16
odyssey4meit seems a little pointless to do that though15:17
odyssey4mewe only really need a current and next version15:17
odyssey4mekeeping track of historical changes is a matter for your user config management, not for us to leave bits of things behind all the time15:17
*** jimbaker` is now known as jimbaker15:20
*** jimbaker is now known as Guest4722715:21
*** Guest47227 has quit IRC15:21
*** Guest47227 has joined #openstack-ansible15:21
*** Guest47227 is now known as jimbaker15:21
*** pbandark`brb has quit IRC15:24
*** cathrichardson has quit IRC15:29
*** adrian_otto has quit IRC15:30
markus_zandymccr: I used the latest stable/ocata (3dc580e Merge "deploy-guide: fix small rst format issues" into stable/ocata) but still encountered the issue with "lsyncd".15:31
*** fabg1 has joined #openstack-ansible15:34
markus_zWhat's the notion of the status "incomplete" in that bug https://bugs.launchpad.net/openstack-ansible/+bug/1672728 ?15:35
openstackLaunchpad bug 1672728 in openstack-ansible "keystone fails to install, missing libgsasl-devel on CentOS 7" [Undecided,Incomplete] - Assigned to Andy McCrae (andrew-mccrae)15:35
*** fabg2 has joined #openstack-ansible15:35
markus_zIn Nova, we used it to say "the bug reporter needs to provide more information" but I'm not sure if it's the same case here.15:36
*** fabg has quit IRC15:38
*** fabg1 has quit IRC15:38
*** cathrichardson has joined #openstack-ansible15:41
*** cmart has joined #openstack-ansible15:41
andymccrmarkus_z: yeah - thats here too. i must've misclicked that :) mybad15:41
andymccroh actually in that case it was a "try the update" and see if that works. btw markus_z did using head of stable/ocata work?15:42
andymccrahh you did15:42
markus_zyeah, it stopped at the same place15:43
andymccrmgariepy: mhayden: ^ thoughts? lysncd i think is in the epel repo15:43
mgariepylatests fix not part of the 15.0.0 tag15:44
andymccrmgariepy: this should be on stable/ocata head15:44
andymccri think there was a patch merged to do the fixes so it'll go into 15.1.0 so that should mean it's ready on stable/ocata head?15:44
markus_zThe package itself seems to be i EPEL: https://centos.pkgs.org/7/epel-x86_64/lsyncd-2.1.5-6.el7.x86_64.rpm.html15:44
openstackgerritKyle L. Henderson proposed openstack/openstack-ansible-os_trove master: Add RPC encryption key support  https://review.openstack.org/44981015:45
mgariepyI deployed yesterday with that patch : https://review.openstack.org/#/c/450224/15:47
markus_zahhh, I checked out the code ~6h ago. I guess I missed that one.15:47
andymccrahh15:49
andymccrmakes sense then :D15:49
andymccrthanks mgariepy!15:49
andymccrbut yeah as an FYI markus_z that'll go into 15.1.0 which i'll push a patch in for tomorrow15:49
mgariepyI've seen issue with haproxy and ssl cert tho. not sure were it came from.15:49
markus_zandymccr: Got it. Let me pull the latest code and run again.15:50
*** manheim has quit IRC15:57
mgariepymarkus_z, let me know if you have some errors15:58
*** marst_ has joined #openstack-ansible16:01
mgariepymarkus_z, form your bug report, we had some fighting with epel in the past few weeks ;)16:02
*** marst has quit IRC16:02
markus_zmgariepy: any survivors?16:02
*** adrian_otto has joined #openstack-ansible16:02
markus_zpow?16:02
mgariepyhaha we did .. i guess16:03
*** cmart has quit IRC16:03
markus_z;)16:03
mgariepymarkus_z, are you using ceph ?16:04
markus_zmgariepy: no (I guess). I didn't change any defaults.16:04
mgariepykk16:05
mgariepywhen updating openstack-ansible you will need to re-run bootstrap-ansible.sh16:05
markus_zmgariepy: ohh, I didn't know that, the quickstart guide didn't mention it in the "rebuilding an aio" section.16:06
mgariepyha16:06
mgariepy:D16:06
mgariepymight explain your issue with epel :)16:07
*** cmart1 has joined #openstack-ansible16:09
*** dmsimard is now known as dmsimard|afk16:13
markus_zA "rebuild-aio" playbook would be nice :)16:14
markus_zmgariepy: Do I need to run "scripts/bootstrap-aio.sh" a second time too?16:15
mgariepynot sure..16:16
mgariepythe best answer I can give you is : maybe16:16
mgariepysomeone else might know better16:16
odyssey4memarkus_z the rebuild will involve all the steps of the build16:18
*** craigs has joined #openstack-ansible16:20
markus_zodyssey4me: Ah, good to know, thanks16:20
*** cmart1 has quit IRC16:22
*** fabg2 has quit IRC16:30
*** vnogin has quit IRC16:32
*** manheim has joined #openstack-ansible16:34
*** shardy has quit IRC16:35
odyssey4meandymccr do we have a blueprint/bug for the switch to uwsgi by default?16:36
markus_zmgariepy: sorry to say, but I still see the same issue with "lsyncd".16:36
markus_zmgariepy: The odd thing is "yum list lsyncd" shows that it's available16:36
*** cmart has joined #openstack-ansible16:38
*** manheim has quit IRC16:38
*** weezS has quit IRC16:39
*** shashank_t_ has quit IRC16:41
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone master: [WIP] Switch to using Nginx/uWSGI by default  https://review.openstack.org/45148016:45
odyssey4memarkus_z a bad cache perhaps?16:45
*** retreved has quit IRC16:45
odyssey4memaybe do something like: ansible all -m shell -a "yum clean all"16:45
odyssey4meif you've destroyed the containers, then replace 'all' with 'hosts'16:46
*** shashank_t_ has joined #openstack-ansible16:47
markus_zodyssey4me: OK, the cleanup was without errors. What to do now?16:50
odyssey4memarkus_z was the failure in the repo-install playbook?16:50
odyssey4meyou can cd into /opt/openstack-ansible/playbooks16:50
odyssey4methen execute: openstack-ansible repo-server.yml16:51
markus_zodyssey4me: I think it's "/etc/ansible/roles/repo_server/tasks/repo_install.yml:16"16:51
odyssey4methat'll do just the one playbook to see if you hit the same issue16:51
*** shardy has joined #openstack-ansible16:52
markus_zodyssey4me: :( nope, same issue http://paste.openstack.org/show/604706/16:53
markus_zwell, I have to call it a day. I'll try a new clean setup tomorrow and will give feedback here.16:55
*** McMurlock1 has quit IRC16:55
*** cmart has quit IRC16:56
hachiHi,17:01
*** markus_z has quit IRC17:02
hachiI wanted to have another service be running alongside keystone within keystone container. So my  /opt/openstack-ansible/playbooks/inventory/env.d/keystone.yml file looks loke this:17:02
hachihttp://paste.openstack.org/show/604709/17:03
hachiBut when I run setup-host.yml the inventory manager throws this error message:17:03
hachihttp://paste.openstack.org/show/604710/17:04
hachiHow I can define additional services inside a container ?17:05
openstackgerritMerged openstack/openstack-ansible-os_cinder master: Only install git when developer_mode is enabled  https://review.openstack.org/45029317:08
*** pbandark has joined #openstack-ansible17:08
*** mrhillsman has quit IRC17:10
*** cmart has joined #openstack-ansible17:10
*** vnogin has joined #openstack-ansible17:17
*** kstev has quit IRC17:19
*** foutatoro has joined #openstack-ansible17:19
*** codebauss has joined #openstack-ansible17:20
*** codebauss is now known as mrhillsman17:20
*** vnogin has quit IRC17:21
*** mrhillsman has quit IRC17:21
*** codebauss has joined #openstack-ansible17:23
*** codebauss is now known as mrhillsman17:23
mgariepyodyssey4me, maybe the lxc template wasn't re-created ?17:24
odyssey4memgariepy hmm, yeah - as it was new it wouldn't have been17:25
mgariepyand since we put epel in the template it might have caused issue.17:25
odyssey4meyou'd have to wipe /var/cache/lxc/download17:26
odyssey4memaybe that should be in the rebuild steps17:26
mgariepyyeah17:26
*** MasterOfBugs has joined #openstack-ansible17:29
*** kstev has joined #openstack-ansible17:30
rboyapatodyssey4me: can you please look at this https://review.openstack.org/#/c/450973/17:31
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone master: [WIP] Switch to using Nginx/uWSGI by default  https://review.openstack.org/45148017:32
sanfernHi all, while  running repo-build.yml playbook is failing on script /opt/op-venv-script.sh - http://paste.openstack.org/show/5vfOXyNBciZTgoBR88JA/17:32
odyssey4mesanfern can you provide a paste of the log from /openstack/log/<repo container name>/repo/*venv*.log17:33
odyssey4methe ansible output is impossible to read17:33
openstackgerritMarc Gariépy proposed openstack/openstack-ansible stable/ocata: updating ceph roles to 2.1.9  https://review.openstack.org/45149417:34
*** electrofelix has quit IRC17:36
*** cjloader has joined #openstack-ansible17:38
*** cjloader has quit IRC17:41
sanfernodyssey4me, http://paste.openstack.org/show/Hog3hnbxCFVDDc3ibHHx/ there is a syntax error monasca code17:41
odyssey4mesanfern and there you have it17:42
sanfernodyssey4me, Thanks a lot17:42
*** cjloader has joined #openstack-ansible17:43
odyssey4me:)17:43
andymccrodyssey4me: nope, not yet at least. i need to get my ass into gear on that side of things.17:43
odyssey4meandymccr well, I made one up17:43
andymccrhaha nice17:43
andymccri was looking through projects that already support wsgi etc - that is gonna be the main hurdle atm :P17:43
odyssey4meyeah, but we can do those that have it17:44
odyssey4mewe'll have to figure out what to do about the others on a case-by-case basis17:44
odyssey4meideally we want like functionality at least - a web server that can handle SSL with a service running behind it17:45
*** BjoernT has joined #openstack-ansible17:46
agrebennikovhey logan-,17:47
agrebennikovI have a question regarding https://github.com/openstack/openstack-ansible-os_nova/commit/2c641baaffd6ec7f1a0222089252686f239bf15017:47
agrebennikovor odyssey4me actually, sorry for bugging you but it doesn't allow to deploy successfully17:48
*** retreved has joined #openstack-ansible17:48
*** retreved_ has joined #openstack-ansible17:49
*** retreved has quit IRC17:49
odyssey4meargh17:50
odyssey4methat whole thing is a mess17:50
odyssey4meI wish we could figure out a better way of achieving the goal17:50
*** cathrichardson has quit IRC17:50
*** kstev has quit IRC17:50
*** kstev has joined #openstack-ansible17:51
*** cjloader has quit IRC17:52
*** pcaruana has quit IRC17:52
agrebennikovthe issue was that the service was started but there was no folder at all17:52
agrebennikovand "service libvirtd status" showed it as running17:52
agrebennikovand the processa was running17:52
*** stuartgr has left #openstack-ansible17:52
*** vnogin has joined #openstack-ansible17:52
agrebennikovthe folder though appeared right after I manually restarted it17:53
agrebennikovodyssey4me,17:53
odyssey4meyeah, that's come up before - but I thought that logan-'s patch fixed it17:54
*** tonytan4ever has joined #openstack-ansible17:56
agrebennikovlogan's patch adds just waiting17:56
agrebennikovhoping that the folder will magically show up17:56
*** vishwanathj has joined #openstack-ansible17:58
*** weezS has joined #openstack-ansible18:01
*** poopcat has joined #openstack-ansible18:03
*** cathrichardson has joined #openstack-ansible18:04
rboyapatcore members is there a way to run the gate tests again18:09
*** poopcat has quit IRC18:11
rboyapatsome tests are failing, may be a glitch pulling packages form ubuntu repo , would like to run the gate tests again18:12
agrebennikovrboyapat, just reply "recheck"18:12
rboyapatagrebennikov: thanks18:13
*** acormier_ has joined #openstack-ansible18:14
alextricity25cloudnull: I don't know to be honest. As of now I would say that ceilo in Pike is somewhat "under renovations"18:14
alextricity25the whole telemetry stack, for that matter.18:14
*** acormier has quit IRC18:16
alextricity25cloudnull: I don't see any reason why the ceilometer role tests would fail18:17
*** galstrom is now known as galstrom_zzz18:20
*** poopcat has joined #openstack-ansible18:24
*** pbandark has quit IRC18:25
openstackgerritMerged openstack/openstack-ansible-pip_install master: Resolve user_external_repo deprecation warnings  https://review.openstack.org/45134718:26
*** cjloader has joined #openstack-ansible18:28
openstackgerritMerged openstack/openstack-ansible-os_almanach master: Ensure the components are isolated from the system  https://review.openstack.org/45112418:37
openstackgerritMerged openstack/openstack-ansible-os_cloudkitty master: Ensure the components are isolated from the system  https://review.openstack.org/45117118:39
openstackgerritMerged openstack/openstack-ansible-os_neutron master: Remove min_l3_agents_per_router option  https://review.openstack.org/45116318:43
*** openstackstatus has joined #openstack-ansible18:43
*** ChanServ sets mode: +v openstackstatus18:43
*** lucasxu has quit IRC18:45
*** lucasxu has joined #openstack-ansible18:45
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-pip_install stable/ocata: Resolve user_external_repo deprecation warnings  https://review.openstack.org/45151318:49
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-pip_install stable/newton: Resolve user_external_repo deprecation warnings  https://review.openstack.org/45151418:49
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_cinder stable/ocata: Do a whole word grep  https://review.openstack.org/45151518:50
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_cinder stable/newton: Do a whole word grep  https://review.openstack.org/45151618:50
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-haproxy_server master: Allow cert validation for hatop download to be disabled  https://review.openstack.org/45128718:54
odyssey4meandymccr I thought that https://review.openstack.org/451444 wasn't needed with that other patch included which checks whether the rings need changing and it only happens if they do18:55
odyssey4meie https://review.openstack.org/44744718:56
mhaydenandymccr: https://review.openstack.org/#/c/444325/ doh18:57
odyssey4memhayden you should reply with your ML request to work together, and the crickets in response18:58
mhaydenodyssey4me: ORLY18:58
mhaydeni also spoke to the famous mrhillsman about it18:58
odyssey4meyou could also add Melvin's support for the project18:59
mhaydento be fair, mrhillsman had glowing praise for it... i think he said "it's the least worst idea proposed"18:59
andymccrodyssey4me: it is for MR swift - in MR swift we attempt a rebalance with new devices within an hour (when we setup the new region)19:00
odyssey4meandymccr ah, and that's a special case19:00
odyssey4meokie dokey19:00
andymccryeah basically - unfortunatley it seems we still have a bug that sometimes occurs in our centos gates - and the cross policy write tests fail because the second policy tests our EC policies :(19:01
mrhillsmansomeone mention me :)19:01
odyssey4memhayden with regard to monitorstack, you could also indicate that we've agreed to curate it until there is broader interest19:01
odyssey4methat said, the questions are valid - will this reduce the chances that others will participate...19:02
andymccryeah thats worth noting19:02
andymccrfor me the issue is that participation has been low so far19:02
andymccri leave it in your capable hands mhayden :D19:02
odyssey4meotherwise I guess you could just add a bunch of OSA people interested as cores and leave it at that19:03
mrhillsmani did not see it on the mailing list originally unfortunately19:03
andymccryeah basically we could mirror the core list19:03
odyssey4meit's possible to add a group to the list, so you could easily add the entire OSA core team19:03
odyssey4meif you wanted19:03
mrhillsmanwe have at least a couple folks on our team focused on ops tools19:03
odyssey4meI'd suggest rather canvassing for a broader group though - try and get some people from across the deployment project teams.19:04
odyssey4meAnd from the osops crew.19:04
*** brianw has quit IRC19:04
mrhillsmanwe started back having osops meetings19:04
mrhillsmanso ... what odyssey4me said :)19:04
mrhillsmani think we just need a good explanation of the tool and where you would like to see it go mhayden19:06
mrhillsmanthen we can bug the hell out of people to participate :)19:07
mrhillsmanwould be good also i think if we can demo it, osic team tech talks could be a good place to start19:07
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_neutron master: Ensure the components are isolated from the system  https://review.openstack.org/45115619:10
*** hybridpollo has joined #openstack-ansible19:15
*** craigs has quit IRC19:15
openstackgerritMerged openstack/openstack-ansible-os_gnocchi master: Do not try to create legacy resources  https://review.openstack.org/45070719:16
*** david-lyle has quit IRC19:19
*** david-lyle has joined #openstack-ansible19:19
*** hybridpollo has quit IRC19:21
*** hybridpollo has joined #openstack-ansible19:21
*** woodard has joined #openstack-ansible19:24
EmilienModyssey4me: can you make sure we have some OSA folks in Boston about [deployment][forum] proposing a session about future of configuration management - ops + devs wanted!19:25
odyssey4meEmilienM I expect that andymccr will be there at the very least. I don't know who else is definitely going.19:26
EmilienMok, please make sure someone from OSA goes and I'm happy19:26
odyssey4memgariepy it's nice to see the CentOS tests finally going green in most places again. :)19:27
*** david-lyle has quit IRC19:27
odyssey4meEmilienM yep, I expect that andymccr will haul whoever's there to the session - if I'm there, I'll definitely join19:27
EmilienModyssey4me: not you?19:28
EmilienModyssey4me: I hope you can join19:28
EmilienMI mean19:28
EmilienMI can't go to the Summit if you don't join19:28
*** shashank_t_ has quit IRC19:28
odyssey4meEmilienM I don't get automatic travel approval any more, now that I'm not PTL. :p19:28
odyssey4meI will try to be there, but can't guarantee anything.19:29
EmilienMI'll fly and pick you up in UK19:29
odyssey4mehahaha19:29
odyssey4meBring your Jet, I'm totally up for it.19:29
vnogin:)19:30
*** david-lyle has joined #openstack-ansible19:30
EmilienMwell, I'm flying Cessna for now, but still 3 empty seats19:30
odyssey4mesounds good to me19:30
EmilienMI just need to refuel over atlantic :P19:31
odyssey4meI'll bring the barf bags, and the whiskey.19:31
odyssey4meMeh, we can use one of those flying refueling things.19:31
odyssey4meOr I'll just strap on a harnass and refuel with jerry cans.19:31
matttEmilienM: did you see this?  http://imgur.com/a/xOzzg19:31
EmilienMwat19:32
EmilienMI mean19:32
EmilienMWHAT19:32
odyssey4mehahaha19:32
*** openstackgerrit has quit IRC19:33
*** jamielennox|away is now known as jamielennox19:33
odyssey4meoh dear, openstackgerrit has left19:33
odyssey4methe world is about to end19:33
*** karimb_ has quit IRC19:34
EmilienMmattt: that's awesome19:34
EmilienMmattt: do you know the TV show called "Ice pilots"?19:34
EmilienMthey did the same with fire fighting planes19:35
mgariepyodyssey4me, what ? centos is greening up ?19:35
matttEmilienM: ha, never seen it19:36
odyssey4memgariepy in the last os_Swift patch it's all green19:36
mgariepycool19:37
mgariepynova and osa are the hardest19:37
mgariepyhaha19:37
EmilienMmattt: on netflix19:37
*** karimb has joined #openstack-ansible19:39
*** openstackgerrit has joined #openstack-ansible19:42
openstackgerritMerged openstack/openstack-ansible master: Keystone: Source template files from git or deploy host  https://review.openstack.org/45080419:42
*** cpuga_ has joined #openstack-ansible19:46
*** kstev has quit IRC19:46
*** cpuga has quit IRC19:50
*** woodard has quit IRC19:51
*** galstrom_zzz is now known as galstrom19:53
mhaydenmrhillsman: i do owe some docs there19:57
*** tonytan4ever has quit IRC19:57
pjm6in OSA we don't have image-volume cache for cinder, right?19:58
*** galstrom is now known as galstrom_zzz20:00
*** manheim has joined #openstack-ansible20:00
*** BjoernT has quit IRC20:02
*** galstrom_zzz is now known as galstrom20:02
*** galstrom is now known as galstrom_zzz20:08
mrdaMorning OSA20:11
spotzhey mrda20:12
pjm6hey mrda, spotz20:13
mrdao/20:13
*** smatzek has quit IRC20:18
*** pramodrj07 has joined #openstack-ansible20:31
*** david-lyle has quit IRC20:33
*** MasterOfBugs has quit IRC20:34
*** david-lyle has joined #openstack-ansible20:35
*** david-lyle has quit IRC20:40
*** david-lyle has joined #openstack-ansible20:42
*** cathrichardson has quit IRC20:46
*** david-lyle has quit IRC20:46
*** cathrichardson has joined #openstack-ansible20:46
*** cathrichardson has quit IRC20:46
*** cathrichardson has joined #openstack-ansible20:47
foutatorohi all, did someone run "Failed to create certificates for Cluster" when creating magnum cluster in OSA ?20:47
*** weezS has quit IRC20:48
*** weezS has joined #openstack-ansible20:49
*** galstrom_zzz is now known as galstrom20:51
*** david-lyle has joined #openstack-ansible20:52
*** karimb has quit IRC20:52
*** galstrom is now known as galstrom_zzz20:56
*** acormier has joined #openstack-ansible20:57
odyssey4mefoutatoro yeah, I think I saw a patch fly by to address that20:57
odyssey4mehttps://review.openstack.org/#/q/If18a447a38f0b8ac9f1bf076d4124ccceb01862720:57
*** rboyapat has quit IRC20:58
odyssey4mewhat tag or branch are you using?20:58
*** rboyapat has joined #openstack-ansible20:58
openstackgerritMajor Hayden proposed openstack/monitorstack master: [Docs] Initial docs for monitorstack  https://review.openstack.org/45156620:59
mhaydencloudnull: ^^20:59
foutatoroodyssey4me: thanks. I'm using 14.1.121:00
pjm6mhayden, nice one :D21:01
*** acormier_ has quit IRC21:01
odyssey4mefoutatoro ok, so that patch is in the next release of OSA Newton21:01
odyssey4meso either you cherry pick it into your environment, or use the head of stable/newton instead21:02
*** rboyapat has quit IRC21:03
pjm6it is possible to change the default avaiability zone name from an deployment that are in prod?21:03
foutatoroodyssey4me: ok thanks21:06
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone master: [WIP] Switch to using Nginx/uWSGI by default  https://review.openstack.org/45148021:07
odyssey4mepjm6 I'm not sure if AZ names can be changed via an API in OS21:08
*** galstrom_zzz is now known as galstrom21:09
odyssey4meit's plausible, but I haven't tried it21:09
*** jrobinson has joined #openstack-ansible21:09
odyssey4mepjm6 sorry - was stuck in the weeds there21:09
odyssey4mere: image-volume cache for cinder... I have no idea what it is, or whether OSA would need to do anything to support it21:10
odyssey4medoes it need new services? how is it implemented?21:10
asettleodyssey4me: yo udude why are you awake?!21:10
odyssey4meif it's just config, then just use the config_override mechanism21:10
odyssey4measettle 'cos there is still whiskey to drink, naturally21:10
asettleodyssey4me: drink and work, is my philosophy21:11
pjm6odyssey4me, i had take a look and don't see if I can change it via API, but I was looking in the nova role, and we can't change the default, right? We can only choose the default AZ but not the name21:11
odyssey4measettle actually because andymccr conned me into doing https://review.openstack.org/45148021:11
* asettle sips whisky on at meeting21:11
asettleUgh that guy21:11
asettleHe's such a wanker :P21:11
pjm6odyssey4me, it's only config related21:11
odyssey4mepjm6 regardless of whether we have a var for it or not, if it's possible to change it in nova.conf, the config override can do it21:12
pjm6hey asettle :P21:12
asettlepjm6: wasssup21:12
pjm6but the AZ are changed in the nova.config file?21:13
pjm6asettle, hows going?21:14
odyssey4mepjm6 https://docs.openstack.org/project-deploy-guide/openstack-ansible/ocata/app-advanced-config-override.html#overriding-conf-files21:14
pjm6odyssey4me, forget, I missed the "if it's possible to change'21:14
odyssey4mepjm6 with that, you can do ANYTHING!21:14
pjm6this applies to all services?21:15
odyssey4mepjm6 yeah, so what I mean is that if there's a nova.conf entry for it, then you can use that mechanism to put it into your nova.conf21:15
odyssey4meyep, it applies to all services21:15
odyssey4methe var to use is different for each service though, but the same principle21:15
pjm6this helps a lot, and I think that solve the problem yes21:15
pjm6i used with keystone and nova21:15
odyssey4mesee '## Tunable overrides' here: https://docs.openstack.org/developer/openstack-ansible-os_cinder/21:15
pjm6regarding to Image Caching, basically if I understood well it helps when we are fetching an image to a volume21:16
pjm6thanks, and i just need to put the extra configs there that will put in the correct section, right?21:17
foutatoroodyssey4me: what's recommended to reinstall only magnum after modifying the os_magnum role ?21:18
*** woodard has joined #openstack-ansible21:21
*** gouthamr has quit IRC21:21
*** retreved_ has quit IRC21:25
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible master: Added an ALL is_metal scenario  https://review.openstack.org/44937221:27
*** lucasxu has quit IRC21:34
odyssey4mefoutatoro if no packages have changed, just re-execute the os-magnum-install.yml playbook21:35
odyssey4meie21:35
odyssey4mecd /opt/openstack-ansible/playbooks21:35
odyssey4meopenstack-ansible os-magnum-install.yml21:35
*** cathrichardson has quit IRC21:37
*** pramodrj07 has quit IRC21:41
*** pramodrj07 has joined #openstack-ansible21:41
*** schwicht has quit IRC21:43
*** cpuga has joined #openstack-ansible21:44
*** cpuga_ has quit IRC21:46
spotzasettle why are you awake?:)21:49
*** shardy has quit IRC21:50
*** esberglu has quit IRC21:56
*** esberglu has joined #openstack-ansible21:57
*** esberglu has quit IRC22:02
*** woodard has quit IRC22:04
*** schwicht has joined #openstack-ansible22:09
*** jamielennox is now known as jamielennox|away22:09
*** adrian_otto has quit IRC22:09
*** adrian_otto has joined #openstack-ansible22:10
*** jamielennox|away is now known as jamielennox22:12
*** acormier has quit IRC22:22
*** marst_ has quit IRC22:27
*** galstrom is now known as galstrom_zzz22:30
*** manheim has quit IRC22:32
*** shashank_t_ has joined #openstack-ansible22:33
*** askb has joined #openstack-ansible22:33
cmartodyssey4me, have a moment? a couple weeks ago you suggested rootwrap as a solution to an issue I had encountered with libguestfs. i'm unsure if it's a workable solution, have another suggestion. want to see if you'd consider it good enough for OSA.22:33
odyssey4mecmart sure, fire away22:34
* odyssey4me is waiting for another patch test to run22:34
odyssey4meI'm having a little fun trying to make an upgrade switch web server from Apache -> Nginx while not affecting upgrades22:35
cmartah that's gotta be a fun transplant22:35
cmartso basically libguestfs doesn't work out of the box in Ubuntu because it needs to read the kernel, and Ubuntu has decided to make the kernel non-readable to non-root users by default.. we know this22:36
odyssey4methe challenge is tto try and do the switch while not losing any transactions while it switches22:36
cmartI was reading the rootwrap docs, apparently you run "nova.utils.execute(run_as_root=True)" inside Nova to request a command to be passed through rootwrap -- but the code running the root commands is actually a system-level Python package installed via APT (python-guestfs), that OSA links into the Nova virtualenv.22:37
cmartNova just does "import guestfs" and "guestfs.do_stuff()", and the guestfs package imports a C library and does things.. so Nova never has the opportunity (that I can see) to run anything using rootwrap.22:38
cmartso if we go down this path, I think the guestfs code itself would need to be monkeyed with22:40
cmartalternative solution: just make the kernel readable to the nova user22:40
cmartit already readable is distros that *aren't* Ubuntu, and I believe it would solve this problem22:41
cmartit's already readable in distros *22:41
odyssey4meI guess if that was an opt-in setting, and the setting had a clear note and reference to the bug where this is discussed, then having a task which it activates that gives those right would work22:41
odyssey4meis it a file system right issue, or an apparmor issue?22:44
cmartI believe just a filesystem issue, though I'm not familiar with how we're using apparmor.22:44
cmart(and everyone else's experience (Mirantis/Fuel, libguestfs dev team, etc) seems to indicate so)22:45
cmartwe could make the setting contingent upon "nova_libvirt_inject_key" being greater than -2, and one of either "nova_libvirt_inject_key" and "nova_libvirt_inject_password" being true. then it would just work if someone will need the feature22:46
odyssey4mewell, apparmor can block various actions to a path over and above the file system's rights22:46
odyssey4mesimilar to selinux22:46
*** gouthamr has joined #openstack-ansible22:46
odyssey4meyep, I'm OK with that as long as we add some commented info where those are defined to warn of what happens if someone does it22:47
*** schwicht has quit IRC22:47
cmartok. would the "default variables" section of the docs (or whatever generates it) be the right place for the warning information?22:47
cmartI see a few warnings already in there, and that's hopefully where someone will be looking when they're configuring this stuff22:48
cmartactually, I suspect it's not apparmor because when I relax the file permissions on the kernel, it works again22:48
*** marst has joined #openstack-ansible22:49
odyssey4mecmart yeah, the role defaults/main.yml file get exported verbatim into the role docs22:50
odyssey4meso in this case, just add the comments to the os_nova role's defaults/main.yml file22:50
odyssey4meit'll be an opt-in thing, so someone has to go and look for these settings to find them, and they would hopefully read the note22:51
odyssey4meput the warning in the defaults where those vars are22:51
cmartit sounds like AppArmor is used to "limit the actions that each LXC container may take on a system". for the issue we're talking about, all the action is happening on bare metal of Nova compute hosts. so I really doubt AppArmor is playing a role22:51
odyssey4mebut put the reference to the bug before the task to explain the purpose of the task22:51
odyssey4mewell, put a patch together, test it in your env22:52
cmartok. should I also file an OSA bug to capture this understanding? or just reference the existing bugs in Nova, Fuel, etc where this issue has been beaten to death?22:52
*** shashank_t_ has quit IRC22:54
*** shashank_t_ has joined #openstack-ansible22:55
cmartI think I'll file it, would be a good place to summarize how we got here.22:55
*** thorst has quit IRC22:56
*** shashank_t_ has quit IRC22:59
*** vnogin has quit IRC23:05
odyssey4meif you feel that it needs summarizing, then go ahead23:09
odyssey4meotherwise better to just reference the existing bugs23:09
*** acormier has joined #openstack-ansible23:12
*** pmannidi has joined #openstack-ansible23:14
*** acormier has quit IRC23:16
*** pramodrj07 has quit IRC23:22
*** cjloader_ has joined #openstack-ansible23:30
*** klamath has quit IRC23:31
*** cjloader has quit IRC23:33
*** cjloader_ has quit IRC23:34
*** foutatoro has quit IRC23:34
*** schwicht has joined #openstack-ansible23:40
*** adrian_otto has quit IRC23:51
*** thorst has joined #openstack-ansible23:56
*** cpuga has quit IRC23:58
« Tuesday, 2017-03-28 Index Thursday, 2017-03-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!