Sunday, 2017-12-10

*** mgariepy has quit IRC		00:24
*** mgariepy has joined #openstack-ansible		00:28
*** vnogin has joined #openstack-ansible		00:29
*** vnogin has quit IRC		00:30
*** vnogin has joined #openstack-ansible		00:32
*** DanyC has joined #openstack-ansible		00:35
*** vnogin has quit IRC		00:39
*** DanyC has quit IRC		00:40
*** vnogin has joined #openstack-ansible		00:47
*** Brew has joined #openstack-ansible		01:00
*** mgariepy has quit IRC		01:15
*** mgariepy has joined #openstack-ansible		01:21
*** DanyC has joined #openstack-ansible		01:36
*** markvoelker has joined #openstack-ansible		01:38
*** DanyC has quit IRC		01:41
*** markvoelker has quit IRC		02:11
openstackgerrit	Merged openstack/openstack-ansible-repo_build stable/pike: Fix ansible lint tests https://review.openstack.org/526164	02:16
openstackgerrit	Merged openstack/openstack-ansible master: Do not apply varstest to all scenarios https://review.openstack.org/523920	02:23
*** DanyC has joined #openstack-ansible		02:37
*** dave-mccowan has joined #openstack-ansible		02:38
*** DanyC has quit IRC		02:42
openstackgerrit	Merged openstack/openstack-ansible stable/newton: Update all SHAs for 14.2.14 https://review.openstack.org/526684	02:44
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-repo_server master: Set pypi-server to cache and use known built wheels https://review.openstack.org/526886	02:54
*** dave-mccowan has quit IRC		02:57
*** vnogin has quit IRC		03:02
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: Enable access to the pypi-server on the repo infra https://review.openstack.org/526887	03:03
*** markvoelker has joined #openstack-ansible		03:08
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-pip_install master: Set pip to use the pypi-server when locked down https://review.openstack.org/526889	03:40
*** vnogin has joined #openstack-ansible		03:41
*** markvoelker has quit IRC		03:41
*** Brew has quit IRC		03:43
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: [DNM] Testing pip_install and repo_server changes https://review.openstack.org/526890	03:44
*** vnogin has quit IRC		03:44
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-pip_install master: Set pip to use the pypi-server when locked down https://review.openstack.org/526889	03:47
openstackgerrit	Merged openstack/openstack-ansible-os_neutron stable/pike: Ensure LBaaSv2 deployment is tested https://review.openstack.org/525655	03:54
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-pip_install master: Set pip to use the pypi-server when locked down https://review.openstack.org/526889	04:01
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-pip_install master: Set pip to use the pypi-server when locked down https://review.openstack.org/526889	04:20
*** adreznec has quit IRC		04:20
*** adreznec has joined #openstack-ansible		04:26
*** armaan has quit IRC		04:26
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: [DNM] Testing pip_install and repo_server changes https://review.openstack.org/526890	04:29
*** bhujay has joined #openstack-ansible		04:35
*** bhujay has quit IRC		04:35
*** adreznec has quit IRC		04:37
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: [DNM] Testing pip_install and repo_server changes https://review.openstack.org/526890	04:40
openstackgerrit	Merged openstack/openstack-ansible stable/ocata: Update all SHAs for 15.1.14 https://review.openstack.org/526852	04:56
*** indistylo has joined #openstack-ansible		05:00
*** indistylo has quit IRC		05:06
*** indistylo has joined #openstack-ansible		05:08
SamYaple	cloudnull prometheanfire re: nginx+uwsgi+glance. got it all working, mostly. haproxy was severing the connection after 1m ('timeout server 1m'). the way its working seems to mean nginx isn't doing any kind of keepalive stuff and that upsets haproxy. bumped timout to 30m and its all good	05:11
SamYaple	though im not entirely happy with that solution, but its still downs the backend if the checks fail, so meh. ill be ok with it for now	05:12
prometheanfire	SamYaple: must be why I don't hit it (I don't use haproxy)	05:13
SamYaple	oh yea. for sure then. straight to nginx its no problem at all	05:13
SamYaple	i bet there is a way to make everything happy, but im not an nginx/haproxy/uwsgi expert enough to know what that is	05:14
SamYaple	i did turn on all the gzip support in nginx though, and that helped alot with raw images	05:14
prometheanfire	gzip + web server is a sec issue	05:17
prometheanfire	https://www.wikiwand.com/en/BREACH	05:17
SamYaple	surely there are work arounds for that...	05:20
prometheanfire	compress before upload, but could turn things into a preimage attack	05:22
prometheanfire	not sure those work on tls	05:23
SamYaple	ill have to investigate further, but given the environment where this runs, im not sure this attack could be really exploited	05:24
* prometheanfire shrugs		05:26
openstackgerrit	Merged openstack/openstack-ansible stable/pike: Disable offloading in test by default https://review.openstack.org/524173	05:28
*** indistylo has quit IRC		05:28
SamYaple	alright fair enough. ill remove it. can't miss performance you never had	05:30
prometheanfire	heh	05:33
SamYaple	dude. you won an argument with "shurgs"	05:33
SamYaple	go you!	05:33
prometheanfire	neat	05:33
prometheanfire	:P	05:33
SamYaple	prometheanfire: would you have a reference nginx file that you use that has lots of knobs turned for security laying around?	05:34
*** markvoelker has joined #openstack-ansible		05:39
prometheanfire	lol, looks like I use gzip	05:41
prometheanfire	https://gist.github.com/prometheanfire/c5a24d6375d3dad0b9fb3526ad488a2e and https://gist.github.com/prometheanfire/2a5ea3d8e97f32ba7789c367c7fe088c	05:42
prometheanfire	let me know when you have them, want to take them down	05:42
SamYaple	haha	05:45
SamYaple	ok moment	05:45
SamYaple	prometheanfire: take em down	05:46
SamYaple	thanks man	05:46
SamYaple	im considering using nginx instead of haproxy, then setting up 3 vips with keepalived and using dns loadbalncing as well (each node will know about all the other ones, but will have a weighted preference for its local server)	05:47
SamYaple	but i can't figure out a clean way for keepalived to hand the vip back without severing connections	05:47
prometheanfire	ya, I don't do any vip stuff	05:48
SamYaple	how do you achieve the HA?	05:48
prometheanfire	what HA?	05:49
prometheanfire	I back up my server and can restore it if needed	05:49
prometheanfire	eventually I want to run OSA, but that'd require getting it working on gentoo :P	05:49
SamYaple	fair enough. this is for real servers though :P	05:49
prometheanfire	speaking of, need to look at the images, should be able to make a gentoo job...	05:50
SamYaple	i bet i can do some conntrack magic to make vip transferring work	05:50
prometheanfire	ya, those sec stuff I got from some doc I found online somewhere	05:50
*** ivve_ is now known as ivve		05:50
prometheanfire	probably	05:50
SamYaple	cool man. i appreciate it	05:50
prometheanfire	so it should be good at least :D	05:50
SamYaple	i was about to start looking for the HSTS stuff, now i dont have too	05:50
prometheanfire	some stuff then :D	05:51
SamYaple	doesnt look like you are passing in the client ip to the backend server, nor the X-Forward-Proto	05:51
SamYaple	would that be needed or useful for uwsgi backend?	05:52
SamYaple	i suppose the nginx logs would have that info instead	05:52
prometheanfire	ya, I don't pass it in for my openstack setup (that was blog setup)	05:52
SamYaple	ill have to play with it to see how the logs look	05:53
SamYaple	super helpful info here though. thanks buddy!	05:53
SamYaple	now if i can just get that ERROR 104 in the nonovncproxy logs to go away....	05:54
prometheanfire	not sure what that's about	05:55
prometheanfire	novnc was annoying though	05:55
SamYaple	i think its just some bad nova code. i think its fixed upstream, but im on mitaka (heopfully getting approval to push to ocata this week)	05:56
SamYaple	its not novnc or the novnc html code itself, thats for sure	05:56
prometheanfire	just 370 or so packages left to update...	05:57
SamYaple	tis nothing	05:57
prometheanfire	monthly server update time here, enabling python35 and 36, switching the defaults, etc	05:57
prometheanfire	binpkgs help some	05:58
SamYaple	imrunning python35 openstack pike at my house :)	05:58
prometheanfire	I was doing 34 on a few services, but 35 now	05:58
SamYaple	not quite related, but i like bringing it up whenever someone mentions python3	05:58
prometheanfire	35 wasn't stable in gentoo	05:58
SamYaple	por que?	05:58
prometheanfire	then 35 and 36 went stable within a month of eachother :D	05:59
SamYaple	oh i see what you mean	05:59
SamYaple	haha yea thats alot of work	05:59
SamYaple	i want to do more with python3 async stuff	05:59
prometheanfire	new glibc new gcc new profiles	05:59
prometheanfire	a bunch of stuff recently	05:59
prometheanfire	should do OSA on gentoo musl, just to see what breaks	06:00
SamYaple	i want to get some gentoo LOCI going myself. havent had the time	06:00
prometheanfire	I would have done more openstack or puppet stuff last weekend (or this weekend), but had to work on arm64 stages...	06:01
prometheanfire	I'm not even the arm64 guy	06:01
SamYaple	you are now!	06:02
prometheanfire	not for long, the build box goes back to his house tomorrow	06:02
prometheanfire	I did fix the catalyst specs (just a couple small things), so anyone can build it now	06:03
prometheanfire	anyway, this weekend is server update and backup weekend, next weekend maybe...	06:04
SamYaple	well good luck man!see you in dublin...?	06:04
prometheanfire	yarp, should be going	06:04
SamYaple	awesome. cool man. well ima take off	06:04
SamYaple	thanks again forthe help	06:04
prometheanfire	not sure if I'll be PTL, but should be going	06:04
prometheanfire	nn	06:05
*** markvoelker has quit IRC		06:12
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: Add nspawn container driver https://review.openstack.org/477017	06:12
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: Add nspawn container driver https://review.openstack.org/477017	06:28
*** bhujay has joined #openstack-ansible		06:34
*** bhujay has quit IRC		06:54
*** gkadam has joined #openstack-ansible		06:58
*** markvoelker has joined #openstack-ansible		07:09
*** markvoelker has quit IRC		07:43
openstackgerrit	Merged openstack/openstack-ansible stable/pike: Run ARA only if enabled https://review.openstack.org/512216	08:24
*** markvoelker has joined #openstack-ansible		08:40
*** DanyC has joined #openstack-ansible		08:42
*** vnogin has joined #openstack-ansible		08:45
*** DanyC has quit IRC		08:46
*** vnogin has quit IRC		08:49
*** sxc731 has joined #openstack-ansible		08:50
*** gouthamr has quit IRC		09:02
*** markvoelker has quit IRC		09:13
*** bhujay has joined #openstack-ansible		09:20
openstackgerrit	Manuel Buil proposed openstack/openstack-ansible master: Add networking-sfc repo to repo_packages https://review.openstack.org/525264	09:34
openstackgerrit	Manuel Buil proposed openstack/openstack-ansible-os_neutron master: Provide support for SFC deployments https://review.openstack.org/510909	09:45
*** SmearedBeard has quit IRC		09:51
*** SmearedBeard has joined #openstack-ansible		09:54
openstackgerrit	Manuel Buil proposed openstack/openstack-ansible master: Add networking-sfc repo to repo_packages https://review.openstack.org/525264	10:06
*** DanyC has joined #openstack-ansible		10:36
*** DanyC has quit IRC		10:41
*** markvoelker has joined #openstack-ansible		11:10
openstackgerrit	Jean-Philippe Evrard proposed openstack/openstack-ansible master: Build everything on metal https://review.openstack.org/504224	11:18
*** vnogin has joined #openstack-ansible		11:21
*** DanyC has joined #openstack-ansible		11:29
*** DanyC_ has joined #openstack-ansible		11:38
*** vnogin has quit IRC		11:38
*** DanyC has quit IRC		11:41
*** markvoelker has quit IRC		11:43
*** DanyC_ has quit IRC		11:54
*** sxc731 has quit IRC		11:59
*** sxc731 has joined #openstack-ansible		12:03
*** bhujay has quit IRC		12:18
*** openstackstatus has quit IRC		12:26
*** openstackstatus has joined #openstack-ansible		12:27
*** ChanServ sets mode: +v openstackstatus		12:27
*** vnogin has joined #openstack-ansible		12:27
*** markvoelker has joined #openstack-ansible		12:40
*** hamza21 has joined #openstack-ansible		12:51
*** markvoelker has quit IRC		13:14
*** sxc731 has quit IRC		13:44
*** vnogin has quit IRC		13:47
openstackgerrit	Merged openstack/openstack-ansible-os_tempest master: Allow the experimental trigger of the integrated repo https://review.openstack.org/525970	13:56
*** sxc731 has joined #openstack-ansible		14:30
*** vnogin has joined #openstack-ansible		14:37
openstackgerrit	Merged openstack/openstack-ansible master: Update variable scopes https://review.openstack.org/523468	14:38
*** vnogin has quit IRC		14:39
*** sxc731 has left #openstack-ansible		14:55
*** markvoelker has joined #openstack-ansible		15:11
*** woodard has joined #openstack-ansible		15:24
*** hamza21 has quit IRC		15:26
*** cshen has joined #openstack-ansible		15:28
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: DNM - Testing pip_install and repo_server changes https://review.openstack.org/526890	15:33
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: [DNM] Testing pip_install and repo_server changes https://review.openstack.org/526890	15:36
cloudnull	anyone have an idea why that change is not triggering the gate? ^	15:37
openstackgerrit	Merged openstack/openstack-ansible stable/pike: Update all SHAs for 16.0.6 https://review.openstack.org/526682	15:38
*** phalmos has joined #openstack-ansible		15:39
*** vnogin has joined #openstack-ansible		15:41
*** markvoelker has quit IRC		15:44
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: Add nspawn container driver https://review.openstack.org/477017	15:53
*** vnogin has quit IRC		15:55
*** phalmos has quit IRC		15:56
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: [DNM] Testing pip_install and repo_server changes https://review.openstack.org/526890	15:57
openstackgerrit	Jean-Philippe Evrard proposed openstack/openstack-ansible master: Use Ansible 2.4 https://review.openstack.org/522778	16:15
*** savvas has quit IRC		16:16
*** savvas has joined #openstack-ansible		16:16
*** savvas_ has joined #openstack-ansible		16:20
*** savvas has quit IRC		16:20
*** armaan has joined #openstack-ansible		16:20
*** cshen has quit IRC		16:24
*** DanyC has joined #openstack-ansible		16:27
*** markvoelker has joined #openstack-ansible		16:42
*** gkadam has quit IRC		16:42
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance master: Update glance NFS for systemd https://review.openstack.org/526930	17:11
*** markvoelker has quit IRC		17:15
*** cshen has joined #openstack-ansible		17:25
*** cshen has quit IRC		17:32
*** armaan has quit IRC		17:33
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance master: Update glance NFS for systemd https://review.openstack.org/526930	17:41
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: Converge neutron agents onto Baremetal https://review.openstack.org/454450	17:42
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible master: Add nspawn container driver https://review.openstack.org/477017	17:43
cloudnull	git anyone is around and can take a look at those last two ^. I'd greatly appreciate it	17:43
*** ArchiFleKs has joined #openstack-ansible		18:05
*** DanyC_ has joined #openstack-ansible		18:05
*** DanyC has quit IRC		18:08
*** woodard has quit IRC		18:08
savvas_	Good Morning everyone	18:11
savvas_	I still seem to be having some issues on my OA Magnum deployment, I can't get clusters to create, they simply timeout. I think it is probably a communication issue between the Magnum containers and other services, but I can't really find any errors. It also doesn't help that the master VMs created become unavailable via network sometime during provisioning	18:14
wlmbasson	Hi guys, how do I get external network access on a fresh build of a single interface OSA AIO? I created a VM with a floating IP that I can access from the host. The VM can ping the br-vlan and host interface, but not the outside world.	18:14
savvas_	I related my issue to https://bugs.launchpad.net/magnum/+bug/1720816	18:14
openstack	Launchpad bug 1720816 in Magnum "magnum create cluster "create_in_progress" and changes to "create_failed" after timeout" [Undecided,New]	18:14
savvas_	anyone has any thoughts on that?	18:14
savvas_	I already tried increasing the timeout	18:14
*** cshen has joined #openstack-ansible		18:33
*** hamza21 has joined #openstack-ansible		18:38
*** openstackgerrit has quit IRC		18:47
*** DanyC_ has quit IRC		18:53
*** gouthamr has joined #openstack-ansible		19:00
*** markvoelker has joined #openstack-ansible		19:12
*** DanyC has joined #openstack-ansible		19:21
wlmbasson	'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' solves external network access on a fresh AIO	19:28
*** cshen has quit IRC		19:32
*** markvoelker has quit IRC		19:45
*** cshen has joined #openstack-ansible		19:49
*** pester has joined #openstack-ansible		19:54
*** fxpester has quit IRC		19:57
*** hybridpollo has joined #openstack-ansible		20:02
*** dave-mccowan has joined #openstack-ansible		20:06
*** cshen has quit IRC		20:17
*** dave-mccowan has quit IRC		20:20
*** dave-mccowan has joined #openstack-ansible		20:25
*** dave-mccowan has quit IRC		20:30
*** dave-mccowan has joined #openstack-ansible		20:36
*** hamza21 has quit IRC		20:36
*** dave-mccowan has quit IRC		20:40
*** markvoelker has joined #openstack-ansible		20:43
*** cshen has joined #openstack-ansible		20:54
*** markvoelker has quit IRC		21:15
*** threestrands has joined #openstack-ansible		21:28
*** threestrands has quit IRC		21:28
*** threestrands has joined #openstack-ansible		21:28
*** vnogin has joined #openstack-ansible		21:29
*** savvas_ has quit IRC		21:33
*** cshen has quit IRC		21:36
*** DanyC has quit IRC		21:43
*** DanyC has joined #openstack-ansible		21:44
*** DanyC has quit IRC		21:59
*** askb has joined #openstack-ansible		22:03
*** markvoelker has joined #openstack-ansible		22:13
*** vnogin has quit IRC		22:30
*** markvoelker has quit IRC		22:46
*** gouthamr has quit IRC		22:55
*** openstackstatus has quit IRC		22:57
*** openstackstatus has joined #openstack-ansible		22:57
*** ChanServ sets mode: +v openstackstatus		22:57
*** lihi has quit IRC		23:04
*** lihi has joined #openstack-ansible		23:06
cloudnull	savvas_: i've not done a tun of work with magnum however if there's a comms issue between services the first thing I'd go look through would be the magnum logs and the logs of the services where the timeout is happening	23:08
cloudnull	DimGR: ^ maybe you have some thoughts on that ?	23:08
cloudnull	wlmbasson: got everything goin g?	23:08
*** markvoelker has joined #openstack-ansible		23:12
*** vnogin has joined #openstack-ansible		23:14
*** vnogin has quit IRC		23:20
*** openstackgerrit has joined #openstack-ansible		23:39
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance master: Update glance NFS for systemd https://review.openstack.org/526930	23:39
*** masber has quit IRC		23:40
*** gouthamr has joined #openstack-ansible		23:43
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance master: Update glance NFS for systemd https://review.openstack.org/526930	23:54
*** vnogin has joined #openstack-ansible		23:55

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!