Thursday, 2019-02-14

« Wednesday, 2019-02-13 Index Friday, 2019-02-15 »
*** macza has quit IRC00:04
*** markvoelker has quit IRC00:05
*** hwoarang has quit IRC00:11
*** hwoarang has joined #openstack-ansible00:13
spotzjohnsom cloudnull - I know in the past if something was broken in docs, infra or docs fixed something and then we needed to make another update at least somewhere in the docs for all the outstanding changes to get merged in properly00:20
*** markvoelker has joined #openstack-ansible00:26
cloudnullit seems we're just missing the deploy guide job template, when comparing to the other branches, though Im not 100% sure thats all we need00:29
johnsomMight be worth just moving that under the main docs structure...00:34
*** aedc has quit IRC00:35
openstackgerritCam J. Loader (cjloader) proposed openstack/openstack-ansible-openstack_hosts master: [WIP] UCA repo fix for upgrades  https://review.openstack.org/63679700:55
cjloaderInitial thoughts, I'll continue in the AM.00:56
cjloadergood night all00:56
*** hwoarang has quit IRC01:11
*** hwoarang has joined #openstack-ansible01:13
*** gyee has quit IRC01:15
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance master: Cleanup files and templates using smart sources  https://review.openstack.org/58895901:18
*** eumel8 has quit IRC01:19
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance master: Cleanup files and templates using smart sources  https://review.openstack.org/58895901:20
jamesdentonIf there are any cores around, a peek at https://review.openstack.org/#/c/636757/ and https://review.openstack.org/#/c/622216/ would be appreciated!01:21
*** DanyC has quit IRC01:27
openstackgerritMerged openstack/openstack-ansible-galera_server stable/rocky: ppc64le: fix package list gathering  https://review.openstack.org/63675201:28
*** DanyC has joined #openstack-ansible01:32
*** ThiagoCMC has joined #openstack-ansible01:36
*** DanyC has quit IRC01:36
ThiagoCMCGuys, I'm trying to install Trove, via `openstack-ansible os-trove-install.yml` but, the following error appear: "fatal: [vosctrl-1_trove_api_container-c6424daf]: FAILED! => {"changed": false, "msg": "shade is required for this module"}"01:37
ThiagoCMCAny idea?01:37
ThiagoCMCI tried to locate share, like `updated ; locate shade | grep -I python`, it's here!01:37
ThiagoCMCI'm using OVS/Rocky, Ubuntu 18.04.01:38
ThiagoCMCIf I comment out os-trove-install.yml, the `openstack-ansible setup-everything.yml` works just fine! Rocky up and running with Ceph.01:40
ThiagoCMCJust Trove is failing...01:40
openstackgerritMerged openstack/openstack-ansible-galera_server stable/queens: ppc64le: fix package list gathering  https://review.openstack.org/63675301:53
*** ArchiFleKs has quit IRC02:07
*** ArchiFleKs has joined #openstack-ansible02:21
jamesdentonThiagoCMC I'm gonna try and run thru a deployment. Haven't deployed Trove before.02:50
ThiagoCMCjamesdenton, thanks!02:50
jamesdentondo you have any more logs you can share?02:50
ThiagoCMCSure, I can run it again...02:51
ThiagoCMCAlso02:51
ThiagoCMCI have a very small playbook, that uses `openstack-ansible`, using Ansible's module "os_network", to create a Neutron net, then a subnet.02:51
jamesdentonk02:52
ThiagoCMCWhen I run `openstack-ansible my-small-playbook-create-neutron-net.yml`, it fails too.02:52
ThiagoCMCSame error02:52
ThiagoCMCI remember that I did this in the past... Werid...02:52
ThiagoCMCjamesdenton, here is the log: http://paste.openstack.org/show/745062/02:54
ThiagoCMCI tried: `time openstack-ansible os-trove-install.yml -vvv`02:54
jamesdentonthx02:55
ThiagoCMCI also have "/opt/ansible-runtime/lib/python2.7/site-packages/shade-1.29.0.dist-info02:55
ThiagoCMCMachine `./scripts/bootstrap-ansible.sh` worked okay (I did a `git pull` today) but, it can't find shade.02:56
ThiagoCMCThank you!  =)02:56
ThiagoCMCbrb02:57
*** ThiagoCMC has quit IRC02:57
*** ThiagoCMC has joined #openstack-ansible02:58
cloudnullevevnings03:05
cloudnulljamesdenton done03:06
jamesdentonmy hero03:06
cloudnullThiagoCMC same camp, I've never given trove a run.03:07
jamesdentonchurnin' thru the repo build at the moment03:08
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance master: Cleanup files and templates using smart sources  https://review.openstack.org/58895903:11
jamesdenton+2s for everyone!03:16
cloudnullindeed!03:17
*** markvoelker has quit IRC03:27
*** markvoelker has joined #openstack-ansible03:27
*** markvoelker has quit IRC03:32
ThiagoCMCcloudnull, but this isn't a trove only problem that I'm seeing.03:38
ThiagoCMCEven a playbook with 1 TASK, using Ansible's os_network module, can't find  python shade! :-/03:38
ThiagoCMC I can see that python shade is installed... But, can't use it.03:39
jamesdentonThiagoCMC I am having a similar failure at the same task, except mine is "openstacksdk is required for this module"03:52
jamesdentonMy env is a little different, tho03:52
jamesdentonWhen I hop into the container i can replicate that error, but if i activate the venv i can successfully import the module03:53
jamesdentonOk ThiagoCMC, if you're up for it, try patching tasks/trove_service_network.yml with this: https://pasted.tech/pastes/ba9f9d27d9089c9b7c9fe74531c406c806164aa604:05
jamesdentonbasically, I added the delegate and the vars04:05
jamesdentonwith that, os-trove-install completed on my end and the services are up04:06
jamesdentonSomething you may want to make sure you do beforehand is to have the networks created - specifically "dbaas_service_net", unless you override it04:07
openstackgerritMerged openstack/openstack-ansible-os_cinder stable/queens: Only implement policy.json if an override is configured  https://review.openstack.org/63063704:08
jamesdentonThere is also another bug out there that may help manipulate public vs private endpoint: https://bugs.launchpad.net/openstack-ansible/+bug/173852904:09
openstackLaunchpad bug 1738529 in openstack-ansible "trove install fails" [Medium,Confirmed]04:09
* cloudnull after a long day of bug fixing its time to update the home lab to the head of master! 04:12
cloudnullmaybe i'll try and give trove a spin04:12
jamesdentonweeee04:12
jamesdentonI mean, the APIs are responsive. Clientside you may have to use --insecure. It wants to hit the publicURL even though the openrc is setup for internalURL.04:19
jamesdentonAnyway, i think that's enough for tonight.04:19
ThiagoCMCjamesdenton, thank you! I'll try that very soon04:26
ThiagoCMCG'Night!04:27
cloudnulllater jamesdenton04:27
jamesdentonsee ya04:27
ThiagoCMCcloudnull, hey man, Manila is coming for Stein, right?04:27
cloudnullyes vollman was working on that role04:28
cloudnulli believe its usable ?04:28
cloudnullthough Ive not given it a spin04:28
*** markvoelker has joined #openstack-ansible04:28
ThiagoCMCI really need to give it a try!04:29
cloudnullhttps://review.openstack.org/#/c/61193004:29
cloudnullthat's the pr that's in flight04:29
ThiagoCMCSpecially if it have Ceph support!04:29
cloudnullI believe that's the primary target04:29
ThiagoCMCNiiiice! Ceph backend is there!04:30
ThiagoCMC:-O04:30
ThiagoCMCDo you know if it's on master branch already?04:30
cloudnullno that pr is the one that will make it work04:30
ThiagoCMCOh, okay... Thanks!04:30
openstackgerritMerged openstack/openstack-ansible-os_manila master: Change openstack-dev to openstack-discuss in setup.cfg  https://review.openstack.org/63243004:31
cloudnullyou'd have to pull in that patch `git clone https://git.openstack.org/openstack/openstack-ansible-os_manila /etc/ansible/roles/os_manila; cd /etc/ansible/roles/os_manila; git fetch https://git.openstack.org/openstack/openstack-ansible-os_manila refs/changes/30/611930/17 && git checkout FETCH_HEAD`04:31
cloudnullthat'd get you the role and that patch04:32
cloudnullI think you'd still need to create the play for it too,04:32
ThiagoCMCO_O04:32
ThiagoCMCI'll definitely try it!04:32
ThiagoCMCOnly for Stein?04:32
ThiagoCMCOr might work on stable/rocky as well?04:32
cloudnullhttps://review.openstack.org/#/c/612055/4/test-install-manila.yml04:33
cloudnullit might work for rocky04:33
cloudnullbut i'd suspect stein04:34
cloudnullit might be good to reach out to vollman, might have some suggestions04:34
openstackgerritMerged openstack/openstack-ansible-os_cinder master: Ensure create a volume from image  https://review.openstack.org/63251904:35
ThiagoCMCThank you!04:35
*** udesale has joined #openstack-ansible04:36
ThiagoCMCDo you guys knows if it is possible to extend an attached (Cinder) volume, with Ceph backend? It's Libvirt + RBD at the Compute Nodes... And then, just run `resizefs` inside of the Instance?04:42
*** hwoarang has quit IRC04:47
*** hwoarang has joined #openstack-ansible04:50
*** hwoarang has quit IRC04:56
*** hwoarang has joined #openstack-ansible04:56
*** markvoelker has quit IRC05:02
openstackgerritMerged openstack/openstack-ansible master: Make keepalived configuration future-proof  https://review.openstack.org/63420905:13
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible master: Add venv build host to the group vars for integrated deployments  https://review.openstack.org/63683005:35
cloudnullThiagoCMC I honestly dont know if you can grow a ceph volume05:35
*** shyamb has joined #openstack-ansible05:39
*** shyamb has quit IRC05:44
*** markvoelker has joined #openstack-ansible05:58
*** macza has joined #openstack-ansible06:01
*** hamzaachi has joined #openstack-ansible06:01
*** shyamb has joined #openstack-ansible06:01
ThiagoCMCcloudnull, ok, no worries...  =)06:04
*** macza has quit IRC06:05
prometheanfirecloudnull: I imagine you tested?06:25
*** markvoelker has quit IRC06:32
*** hamzaachi has quit IRC06:34
*** gokhani has quit IRC07:24
*** markvoelker has joined #openstack-ansible07:28
*** Adri2000 has quit IRC07:28
*** Adri2000 has joined #openstack-ansible07:29
*** macza has joined #openstack-ansible07:32
*** macza has quit IRC07:36
*** hamzaachi has joined #openstack-ansible07:43
openstackgerritMerged openstack/openstack-ansible-nspawn_hosts master: Trivial: Fix the pep8 warning  https://review.openstack.org/61652607:52
ThiagoCMCcloudnull, is it possible to update the endpoints and haproxy_keepalived_external_vip_cidr, from IP (which is behind a NAT and breaks spice console), to a FQDN (name-based)?07:52
ThiagoCMCOr do I have to re-deploy everything from scratch?  hehe07:53
*** markvoelker has quit IRC08:01
*** DanyC has joined #openstack-ansible08:05
*** DanyC has quit IRC08:09
*** gkadam has joined #openstack-ansible08:10
*** gkadam is now known as gkadam-brb08:11
*** shyamb has quit IRC08:12
*** hamzaachi has quit IRC08:13
*** hamzaachi has joined #openstack-ansible08:13
*** gkadam-brb is now known as gkadam08:20
*** phasespace has joined #openstack-ansible08:21
*** electrofelix has joined #openstack-ansible08:43
*** tosky has joined #openstack-ansible08:47
*** CeeMac has joined #openstack-ansible08:57
*** kopecmartin|off is now known as kopecmartin08:57
*** shyamb has joined #openstack-ansible08:58
*** markvoelker has joined #openstack-ansible08:58
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_neutron master: Use the new services names for sfc  https://review.openstack.org/62221609:18
fnpanichi09:31
*** markvoelker has quit IRC09:31
gshippeyanyone got any input on this https://bugs.launchpad.net/openstack-ansible/+bug/175582109:37
openstackLaunchpad bug 1755821 in openstack-ansible "config_template fails to parse template if it contains a comment with leading spaces" [High,Confirmed] - Assigned to Jean-Philippe Evrard (jean-philippe-evrard)09:37
*** DanyC has joined #openstack-ansible09:43
*** DanyC has quit IRC09:47
*** DanyC has joined #openstack-ansible09:50
odyssey4megshippey hmm, I guess we need to decide what we should do about it - either fail more elegantly, or accept the input but clear any leading whitespace09:50
*** gkadam has quit IRC09:51
*** gkadam has joined #openstack-ansible09:51
*** DanyC has quit IRC09:57
gshippeyI'll give the second option a go09:59
*** DanyC has joined #openstack-ansible10:01
*** aedc has joined #openstack-ansible10:03
*** aedc has quit IRC10:10
*** aedc has joined #openstack-ansible10:10
*** ArchiFleKs has quit IRC10:19
*** markvoelker has joined #openstack-ansible10:28
*** shyamb has quit IRC10:29
*** ArchiFleKs has joined #openstack-ansible10:30
*** shyamb has joined #openstack-ansible10:33
*** jbadiapa has quit IRC10:42
*** shyamb has quit IRC10:42
*** mkuf has quit IRC10:51
*** udesale has quit IRC10:58
*** markvoelker has quit IRC11:01
openstackgerritMerged openstack/openstack-ansible master: Add the deployment guide job to our standard templates  https://review.openstack.org/63678011:32
*** asettle has joined #openstack-ansible11:41
*** priteau has joined #openstack-ansible11:43
*** shyamb has joined #openstack-ansible11:44
*** mkuf has joined #openstack-ansible11:51
openstackgerritGeorgina Shippey proposed openstack/ansible-config_template master: Remove whitespace before comments  https://review.openstack.org/63693511:55
*** markvoelker has joined #openstack-ansible11:58
*** CeeMac_ has joined #openstack-ansible11:59
*** CeeMac has quit IRC12:03
jamesdentonmornin12:12
*** markvoelker has quit IRC12:26
*** priteau has quit IRC12:36
*** priteau has joined #openstack-ansible12:38
*** zenirc369 has joined #openstack-ansible12:39
openstackgerritMerged openstack/openstack-ansible-os_heat stable/rocky: Add heat user to heat domain admin role  https://review.openstack.org/63663012:45
*** udesale has joined #openstack-ansible12:45
*** shyamb has quit IRC12:52
*** shyamb has joined #openstack-ansible12:54
*** shyamb has quit IRC13:05
*** shyamb has joined #openstack-ansible13:06
*** priteau has quit IRC13:13
*** jbadiapa has joined #openstack-ansible13:17
vollmanmorning jamesdenton13:17
vollmanCould you take a look at odyssey4me comment here https://review.openstack.org/#/c/633277/5/vars/ubuntu.yml when you have a minute?13:18
jamesdentonthat plugin needs to be installed everywhere, AFAIK.13:19
vollmanok thanks13:20
openstackgerritMerged openstack/openstack-ansible-os_neutron stable/rocky: Add support for dns_domain_ports api extension  https://review.openstack.org/63636813:29
*** shyamb has quit IRC13:33
*** vakuznet has joined #openstack-ansible13:36
jamesdentonAny tempest expertise around?13:39
openstackgerritMichael Vollman proposed openstack/openstack-ansible-os_cinder master: Avoid distro installing unused services  https://review.openstack.org/63327613:47
cloudnullmornings13:54
*** priteau has joined #openstack-ansible13:55
openstackgerritMichael Vollman proposed openstack/openstack-ansible-os_nova master: Avoid distro installing unused services  https://review.openstack.org/63327513:56
*** PTO has joined #openstack-ansible13:56
guilhermespcloudnull: o/13:57
cloudnullo/13:57
PTO@cloudnull do you have a minute?13:59
cloudnullsure what's up ?14:00
PTOIts regarding the elk_metrics_6x repo from ops. I have tried you improvements and struck a problem14:01
openstackgerritMichael Vollman proposed openstack/openstack-ansible-os_neutron master: Avoid distro installing unused services  https://review.openstack.org/63327714:02
cloudnullwhat's going on ?14:02
PTOThe elasticsearch does not start, as its denied memory allocation: https://pastebin.com/VMTbM8q714:03
mnaserhi all14:04
cloudnullo/ mnaser hows it ?14:04
PTOIm not a jedi in lxc. Is there missing a container parameter (cgroups?) which allows memory allocation14:04
guilhermespmornings mnaser14:04
mnasercloudnull, guilhermesp: morning14:04
mnasermy wrist is braced up so operating at 20% speed hah14:04
mnasersadness14:05
cloudnullPTO looks like - [1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]14:05
guilhermespmnaser: =(14:05
cloudnullmaybe something on the local system needs to be adjusted14:05
cloudnullmnaser that sounds terrible14:05
cloudnullyou ok ?14:05
openstackgerritMerged openstack/openstack-ansible-ceph_client master: Use in-repo GPG keys  https://review.openstack.org/63671114:05
mnasercould be worse i guess, seems like everyone i talk to has ended up with one of those ganglion cysts14:05
mnaserso i just have to get it removed but until that happens ill deal with the frustration of not being able to type as fast, hah14:06
cloudnulldamn. well I hope its not painful14:07
mnasernah, but the bracing means its hard to use a mouse and i cant get things done as fast14:07
jrossercloudnull: that looks similar to my trouble with elasticsearch, the heap size too large w.r.t host ram size14:08
mnaseri need every second of my time =P14:08
mnaservollman: thanks for all your patience on clearing up the issue to get your manila stuff merged14:13
vollmanmnaser: np.  Do you know if there is a way to add multiple Depends-On to a changeset?14:14
cloudnulljrosser: ah, so maybe we just need to be more conservative ?14:14
mnaservollman: yep, just multiple lines of Depends-On14:14
cloudnullPTO have you tried adjusting the heap size ?14:14
vollmanmnaser:  awesome thx14:14
mnaservollman: an example https://review.openstack.org/#/c/627782/14:15
jrossercloudnull: this was the patch that really helped me out on 64G nodes https://github.com/openstack/openstack-ansible-ops/commit/6017fc0e89fbb3ffdadc62773e34c4069b3d458414:15
PTOcloudnull: I have tried changing /etc/security/limits.conf  and with ulimit - it still refuses to start. Is there any lxc container privileges/config?14:15
jrosserthe halfmem heap size is pretty much half the physical ram, so if you have anything else large running it can all get deadlocked and not start elasticsearch14:16
cloudnullPTO what distro / version are you running14:16
PTOubuntu 16.0414:17
cloudnullok. so that should be covered in the systemd unit.14:20
cloudnullcould be a redharring though, can you try setting the jvm heap size to something smaller, per jrosser suggestion?14:20
PTOcloudnull: Just testing the lower heap14:20
cloudnullcool14:20
PTOchanging the jvm.options -Xms and -Xmx enough?14:21
PTOhttps://pastebin.com/G4kiu7nq14:23
PTO[1]: memory locking requested for elasticsearch process but memory is not locked14:23
jrosser"Unable to lock JVM Memory: error=12, reason=Cannot allocate memory" <- there needs to be sufficient free RAM to cover at least what the heap size is14:24
jrosseri found that as we went up through the ELK versions elasticsearch got more and more aggressive with memory usage14:24
openstackgerritJames Denton proposed openstack/openstack-ansible-rsyslog_client master: Templatize rsyslog configuration files  https://review.openstack.org/62480514:24
PTOfree -h on the host gives 50G free mem14:24
cloudnullthe memory locking can be disabled too14:25
cloudnullwhich will allow elasticsearch to swap, while not really recommended, its totally doable14:25
PTOQuestion is - should memory locking be disabled or allowed on the container14:25
cloudnullsimply turn it off in the /etc/elasticsearch/elasticsearch.yml14:26
cloudnullbut there's a var to do it in the playbooks too14:26
cloudnullPTO IDK, maybe we should have memory locking only enforced if deploying on baremetal?14:26
cloudnullI'm open to suggestions14:27
PTOGood question :-)14:28
cloudnulltry the disabling memory locking in the config and starting it14:28
cloudnullalso is elasticsearch running on a dedicated node ?14:28
cloudnullor is this something like an infra host?14:29
*** PTO_ has joined #openstack-ansible14:31
jrossermy experience has been that having the elasticsearch/kibana container on a 64G infra node was the first point that the stock memory allocation breaks14:32
*** PTO has quit IRC14:32
jrosserthen if you leave then long enough dedicated 64G log nodes get wedged up on restart because the combination of elasticsearch and logstash together use enough RAM it won't allow elasticsearch to restart14:33
jrosserif you have loads of ram this isnt an issue, but where the h_mem value is approx 50% of the host ram it's going to break14:34
cloudnullso should we default to something like .25 & .125 respectively ?14:34
jrosseri've wound the elastic/kibana one down to 10G on a 64G host14:35
jrosserso 1/8th would do fine there i think14:35
cloudnullok14:35
jrosserafaik those are only really marshalling queries and collating the responses from the data nodes14:36
cloudnullcorrect14:36
PTO_i tested with 16G on a 192G host - it boots if i manually set ulimit -n 65536 and then run sudo -u elasticsearch /usr/share/elasticsearch/bin/elasticsearch -v14:36
cloudnullPTO_ can you look in the systemd unit file for elasticsearch, do you see "LimitNOFILE"14:39
fnpanichi14:40
fnpanicmaybe someone has an idea little quick14:40
fnpanicadded a ad domain14:40
fnpanicthen adding the admin user with role admin to this domain14:41
fnpanickeystone is saying this all the time Policy identity:list_users failed scope check. The token used to make the request was project scoped but the14:41
cloudnullfnpanic is this using rocky?14:42
fnpanicpolicy requires ['system'] scope.14:42
fnpanicyeah14:42
fnpanicwith pike no problem14:42
fnpanic:-(14:42
cloudnullI think that was similar to the bug we were talking about yesterday, errr was looking at. -cc odyssey4me14:42
* cloudnull goes back to look 14:42
fnpanicopenstack role add --domain domain-id --user admin-id admin-role-id14:43
cloudnullhttps://bugs.launchpad.net/openstack-ansible/+bug/180854314:43
openstackLaunchpad bug 1808543 in openstack-ansible "Keystone Federation cannot complete SP node setup on stable/rocky" [Undecided,Confirmed] - Assigned to Jesse Pretorius (jesse-pretorius)14:43
fnpanicthis command i used for adding the admin14:43
fnpanici switched to ldap for testing to rule out ssl errors :-)14:44
fnpanicmhhh not sure if this is related14:45
fnpanicmaybe it is me doing something wrong14:46
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-ops master: Change the q_mem and h_mem to lower and upper limits  https://review.openstack.org/63697514:52
cloudnullPTO_ jrosser ^14:52
cloudnullPTO_ mind giving that a spin?14:52
*** electrofelix has quit IRC14:53
fnpanicso noone has an idea?14:58
cloudnullfnpanic sorry, I'm at a total loss14:59
fnpanictotal loss?14:59
cloudnullare you seeing any errors within keystone?15:00
fnpanicno15:00
fnpaniconly the warning i posted15:00
odyssey4mefnpanic if you're getting a scope error, then that's keystone doing the right thing - it has nothing to do with ssl, but instead has to do with the policies being applied and what you're trying to do... if you'd like to understand why it's failing then better to ask the keystone folks, but you'll have to unbreak your config first15:00
cloudnulloh, is this an issue with the keystone policy file ?15:01
cloudnullno something that is coming back from ad?15:01
odyssey4mecloudnull no, the action violates the policy15:01
odyssey4menot a problem with the file - a problem with the action according to the current policy15:01
cloudnullinteresting15:03
* cloudnull TIL 15:03
odyssey4mein other words, the openstack cli is spitting out a legitimate error which was fed back from keystone itself15:03
fnpanicok15:03
fnpanicthis is the reply from the openstack client15:04
fnpanicAn unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-c6eaaaa8-90df-4031-ad46-3189b693ea07)15:04
fnpanicand keystone shows this in the logs15:04
odyssey4meIIRC when you add a domain via LDAP, you have to have a domain by the right name that exists in keystone first - that's why we have https://github.com/openstack/openstack-ansible-os_keystone/blob/master/tasks/keystone_ldap_setup.yml#L1615:05
odyssey4methen you put down the domain-specific conf file, like https://github.com/openstack/openstack-ansible-os_keystone/blob/master/tasks/keystone_ldap_setup.yml#L3515:05
odyssey4mefrom there on, for role assignments and stuff - I honestly can't remember how that all works... perhaps best to ask the keystone folks15:05
fnpanicmhh but the domain is in place after i run the playbook with the config file15:05
*** phasespace has quit IRC15:06
fnpanicso openstack domain list works15:06
fnpanicand displays the domain15:06
fnpanicit was created after the playbook run os-keystone-install15:07
odyssey4mefnpanic looking through https://www.slideshare.net/JessePretorius/openstack-keystone-with-ldap now to hopefully remind me how it all works15:07
odyssey4menope, not really :/15:08
odyssey4mecan you list users?15:08
fnpanicyes but only from default domain15:09
fnpanicwhen i do the openstack user list15:09
fnpanicwoeks15:09
fnpanicopenstack user list --domain new-domain15:09
fnpanici get this error15:09
fnpanicAn unexpected error prevented the server from fulfilling your request. (HTTP 500) (Request-ID: req-c6eaaaa8-90df-4031-ad46-3189b693ea07)15:10
fnpanicand in keystone journal i see this15:10
odyssey4mefnpanic right, so that means there's something wrong in the domain-specific config15:10
fnpanicnow i see this  default default] Could not find domain: cgm.ag.: DomainNotFound: Could not find domain: cgm.ag.15:11
fnpanicbut i can list the domains15:13
fnpanicopenstack domain list15:13
fnpanicshows it15:13
odyssey4meyes, but that's the domain in SQL - not from LDAP15:14
fnpanic???15:14
fnpanicnow i am list15:14
fnpaniclost15:14
fnpanicthe sql domain gets listed15:15
fnpanicand the ldap config is there15:15
fnpanicwas created by the playbook15:15
mnaserhonestly i'm always lost so thats okay fnpanic :)15:15
odyssey4meyes, but that domain is just an entry in the keystone SQL database - it is not the result of interacting with LDAP15:16
fnpanicok15:17
fnpanicgot it15:17
fnpanicunder [identity]15:17
fnpanicis see15:17
fnpanicdriver = sql15:18
fnpanicdomain_config_dir = /etc/keystone/domains15:18
fnpanicdomain_specific_drivers_enabled = True15:18
odyssey4mefnpanic ok, what's the config in the domain-specific entry15:18
odyssey4meit should show ldap there15:18
fnpanicin the conf the driver is ldap15:19
odyssey4meok, that's good then15:19
fnpanicso what would be debug steps?15:20
odyssey4mein https://www.slideshare.net/JessePretorius/openstack-keystone-with-ldap slide 7 is an example conf - do you have all the bits shown there, or near to all of them?15:20
fnpanicyeah15:22
*** udesale has quit IRC15:22
PTO_cloudnull: Sorry for the delay. Had a meeting. The perameter is there and is correct, LimitNOFILE=65536. I dont know why it complains when i launch it with systemd. Nothing in the journalctrl log15:23
*** gkadam has quit IRC15:30
PTO_cloudnull: I dont think i have permissions to review the change15:30
PTO_cloudnull: nvm. Just forgot where the function were15:31
openstackgerritMarc GariĆ©py (mgariepy) proposed openstack/openstack-ansible master: Add python-setuptools to bootstrap-ansible.sh  https://review.openstack.org/63699215:40
openstackgerritJacob Wagner proposed openstack/openstack-ansible-ops master: Add ability to deploy designate with BIND9 servers  https://review.openstack.org/63561115:46
openstackgerritGuilherme  Steinmuller Pimentel proposed openstack/openstack-ansible-os_nova master: Add nova_user_pip_packages variable  https://review.openstack.org/63557915:55
PTO_I have to leave for today. Thanks for the help. I will try your proposed changes @cloudnull16:06
*** PTO_ has quit IRC16:06
cloudnullhave a good one PTO_.16:09
*** hamzaachi has quit IRC16:12
*** ArchiFleKs has quit IRC16:13
mgariepyfnpanic, what version of openstack are you using ?16:15
fnpanicrocky16:15
fnpanici just copied a conf for keystone from my testcloud16:16
fnpanicwhich was pike16:16
fnpanicworks like a charm16:16
fnpanicnow i need to dig deeper what is the issue16:16
mgariepyi've seen the policy stuff, on queens. but with an old-ish version.16:17
mgariepywhuich tag ?16:17
*** ArchiFleKs has joined #openstack-ansible16:17
mgariepyhttps://github.com/openstack/openstack-ansible-os_keystone/commit/fc3d2fe4b6df67bd28f94097c81f71bb7851834016:19
mgariepydo you have this patch ?16:19
fnpanicrocky 18.1.2-1616:20
mgariepyldap auth is not really tested in the gates, it would help to  get it covered at some point but i do lack time like everyone.16:21
openstackgerritJames Denton proposed openstack/openstack-ansible-os_neutron master: Enable functional deployment of FWaaS v2  https://review.openstack.org/63675716:22
fnpanicmgariepy: yepp16:23
fnpanichave it16:23
mgariepyis it an upgrade or a clean install?16:24
*** macza has joined #openstack-ansible16:27
mgariepyfnpanic, can you contact the ldap server ? with ex: ldapsearch or something ?16:31
mgariepyfrom the keystone container**16:34
cloudnullanyone want to give this a nudge https://review.openstack.org/#/c/635997/16:38
*** markvoelker has joined #openstack-ansible16:38
mgariepydone cloudnull16:40
cloudnulltyvm16:41
spotzcloudnull: nudge completed16:44
*** trident has quit IRC16:46
*** gyee has joined #openstack-ansible16:55
ThiagoCMCMorning! =P16:57
ThiagoCMCI'm a big fan of IPv6! I'm wondering here why OSA uses "0.0.0.0" to bind all services, instead of "::".16:57
ThiagoCMCWith "::" it would make it IPv6-Ready in a flash of a second!16:57
ThiagoCMC;-)16:57
ThiagoCMCEspecially if you have DNS up and running to reach your cloud...16:58
ThiagoCMCI have deployed IPv6-Only OpenStack clouds years ago, there was only 1 problematic daemon, memcached but, I believe that it's fixed by now.16:59
noonedeadpunkHi folks. I've got a question. Why do we need this block of code https://github.com/openstack/openstack-ansible/blob/master/playbooks/os-cinder-install.yml#L165 when the same is placed inside cinder role itself over there https://github.com/openstack/openstack-ansible-os_cinder/blob/master/tasks/cinder_db_setup.yml#L48 ?17:01
noonedeadpunkIsn't it a dublicate task?17:01
noonedeadpunkodyssey4me: seems that you're the one, who may know the answer for this ^ :)17:04
*** sreejithp has joined #openstack-ansible17:05
*** ianychoi has joined #openstack-ansible17:06
odyssey4menoonedeadpunk https://github.com/openstack/openstack-ansible/blob/master/playbooks/os-cinder-install.yml#L165 will enact the migrations once all the cinder environments are upgraded - the role task is just a fallback, just in case it gets missed somehow17:11
odyssey4meunfortunately I couldn't figure out any other way to ensure all cinder environments were upgraded before running the db contraction... I have ideas for improvement, but no time to try them out.17:12
*** markvoelker has quit IRC17:12
*** zenirc369 has quit IRC17:15
*** kopecmartin is now known as kopecmartin|off17:16
odyssey4menoonedeadpunk given that we're now using a more modern ansible, we could probably change that up to use include_role/tasks_from or something like that to deduplicate the code and keep the stuff in the role to be less confusing17:20
ThiagoCMCDo you guys knows how to workaround this bug: https://bugs.launchpad.net/cloud-init/+bug/1705346 ?17:21
openstackLaunchpad bug 1705346 in cloud-init "Cloud-Init fails to deal with SWAP and Ephemeral if virtio-scsi is enabled" [Medium,Confirmed]17:21
ThiagoCMCI reported it back in 2017, still a bug today...17:21
jamesdentonwill a recheck stop running tests, or do you have to wait it out?17:28
cloudnulljamesdenton you have to wait it out17:34
cloudnullthough you could commit another change to cause it to restart17:34
jamesdentongotcha, thank you!17:35
jamesdentoncloudnull can you take a look at https://review.openstack.org/#/c/626222/? The file is missing for me17:38
odyssey4mecloudnull should a oneshot service show as enabled?17:39
cloudnullyes17:39
*** archklikk has joined #openstack-ansible17:39
cloudnulljamesdenton sure17:39
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_neutron master: ovs: create bridge_mappings in openvswitch_agent.ini  https://review.openstack.org/62622217:40
cloudnulljamesdenton rebased it, but the file is still missing17:41
cloudnullwhich i think would mean its already been merged17:41
cloudnullor at least the content of the change has been merged17:41
jamesdentonyeah, interesting17:41
*** DanyC has quit IRC17:43
*** DanyC has joined #openstack-ansible17:43
jamesdentonThe commit message and the file don't match. This was supposed to modify a task and not a template17:44
noonedeadpunkodyssey4me: oh, ok, got it. Just catching db migrations failure on brand new setup, seems like still facing this bug https://bugs.launchpad.net/cinder/+bug/180615617:46
openstackLaunchpad bug 1806156 in Cinder "shared_targets_online_data_migration fails when cinder-volume service not running" [Undecided,Confirmed]17:46
* jrosser boggles at magnum17:47
noonedeadpunkAnd it's also failing for existing ones. Has anyone faced with the same problem on rocky? ^17:47
*** DanyC has quit IRC17:48
odyssey4meI don't see how containerising the service helps at all there, as commented by codylab at the end there.17:48
noonedeadpunkodyssey4me it doesn't:) I believe, that he just got need_online_data_migrations cached17:54
*** errr has joined #openstack-ansible17:59
ThiagoCMCAbout the Neutron Trunk option. Is it supposed to use the "br-vlan" bridge?18:04
noonedeadpunkand it seems, that the problem started since this commit https://review.openstack.org/#/c/614617/  - at least I've started to face with it since this commit18:05
*** markvoelker has joined #openstack-ansible18:09
jamesdentonThiagoCMC It just depends on the provider mapping. It may use br-vlan, or could use a physical interface in the event of host_bind_override18:11
*** aedc has quit IRC18:11
*** priteau has quit IRC18:13
jamesdentonodyssey4me can i get your blessing on this again? https://review.openstack.org/#/c/636757/18:15
*** priteau has joined #openstack-ansible18:17
*** aedc has joined #openstack-ansible18:19
jamesdentonThiagoCMC i think you'll find how it works here: https://goo.gl/RoqY2e18:20
*** priteau has quit IRC18:22
*** DanyC has joined #openstack-ansible18:29
*** archklikk has quit IRC18:29
*** DanyC has quit IRC18:33
*** shardy has quit IRC18:40
*** markvoelker has quit IRC18:42
*** vakuznet has quit IRC18:43
*** priteau has joined #openstack-ansible18:45
*** macza has quit IRC18:46
openstackgerritJames Denton proposed openstack/openstack-ansible-os_neutron master: [DNM] Convert dynamic includes to static imports  https://review.openstack.org/63702618:47
*** priteau has quit IRC18:49
spotzjamesdenton: you're good to go on https://review.openstack.org/#/c/636757/318:51
*** hamzaachi has joined #openstack-ansible18:52
jamesdentonthanks spotz!18:54
*** macza has joined #openstack-ansible18:55
*** rpsene has quit IRC18:55
spotzNP:)18:56
*** archklikk has joined #openstack-ansible19:04
*** archklikk has quit IRC19:05
openstackgerritMerged openstack/openstack-ansible-ops master: Change the q_mem and h_mem to lower and upper limits  https://review.openstack.org/63697519:10
openstackgerritMerged openstack/openstack-ansible master: Add option to disable container builds on specific hosts  https://review.openstack.org/63599719:15
*** macza_ has joined #openstack-ansible19:18
*** macza has quit IRC19:18
*** macza has joined #openstack-ansible19:18
*** henriqueof has joined #openstack-ansible19:19
*** sreejithp_ has joined #openstack-ansible19:22
openstackgerritMichael Vollman proposed openstack/openstack-ansible-os_manila master: Basic working os_manila role  https://review.openstack.org/61193019:23
*** sreejithp has quit IRC19:24
guilhermespmnaser: https://bugs.launchpad.net/openstack-ansible/+bug/1815902 has the PR backported to rocky https://github.com/openstack/openstack-ansible-galera_server/commit/5e78067f409a438411c5c563811ac6edba358229?19:30
openstackLaunchpad bug 1815902 in openstack-ansible "Error galera_server : Download extra packages" [Undecided,New]19:30
guilhermespoh, duplicated19:32
*** markvoelker has joined #openstack-ansible19:39
openstackgerritMichael Vollman proposed openstack/openstack-ansible-os_neutron master: Avoid distro installing unused services  https://review.openstack.org/63327719:42
*** gshippey has quit IRC19:49
*** aedc has quit IRC19:55
*** KeithMnemonic has joined #openstack-ansible20:02
cloudnullguilhermesp i backported those yesterday20:04
cloudnullim not sure if they've merged20:04
*** dave-mccowan has joined #openstack-ansible20:05
*** hamzaachi has quit IRC20:10
openstackgerritMerged openstack/openstack-ansible-os_neutron master: Enable functional deployment of FWaaS v2  https://review.openstack.org/63675720:12
*** markvoelker has quit IRC20:12
guilhermespcloudnull: yep merged20:16
guilhermespseems that it is not getting the value of the dictionary20:16
guilhermesphttps://github.com/openstack/openstack-ansible-galera_server/blob/5e78067f409a438411c5c563811ac6edba358229/tasks/galera_install_download_extra_packages.yml#L2520:16
guilhermespbut the syntax seems ok20:16
*** dave-mccowan has quit IRC20:28
*** dave-mccowan has joined #openstack-ansible20:35
*** aedc has joined #openstack-ansible20:43
*** henriqueof has quit IRC20:48
* jrosser facepalm20:50
jrosserroot@infra1:~# lsof -K | grep pypi | grep inotify | wc -l20:50
jrosser6716120:50
jrosserso thats why the repo server sync no longer works20:50
jrosserin fact its super gross becasue it consumes all the inotify allowance across thew whole infra host20:51
cloudnulloh wow!20:59
cloudnullso pypi-server is doing that?20:59
*** Nick_A has joined #openstack-ansible21:01
spotzThat's just wrong....21:06
jrosserlooks that way21:07
*** markvoelker has joined #openstack-ansible21:09
*** priteau has joined #openstack-ansible21:15
*** priteau has quit IRC21:19
jrossertrouble with this is that running out of inotify prevents systemd from restarting any services21:27
-openstackstatus- NOTICE: Jobs are failing due to ssh host key mismatches caused by duplicate IPs in a test cloud region. We are disabling the region and will let you know when jobs can be rechecked.21:30
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-openstack_hosts stable/rocky: Increase inotify watch limit  https://review.openstack.org/63705621:35
jrossercloudnull: how much systemd stuff is there in queens? wondering how far back that ^^ needs tobackport21:36
openstackgerritJonathan Rosser proposed openstack/openstack-ansible-openstack_hosts stable/queens: Increase inotify watch limit  https://review.openstack.org/63705921:41
jrosserit's xenial for Q&R so the same dnsmasq issue will exist on both21:41
*** markvoelker has quit IRC21:42
cloudnulljrosser yes it should be just q and r21:46
*** dave-mccowan has quit IRC21:49
*** tosky has quit IRC22:05
*** tosky has joined #openstack-ansible22:05
-openstackstatus- NOTICE: The test cloud region using duplicate IPs has been removed from nodepool. Jobs can be rechecked now.22:13
*** dave-mccowan has joined #openstack-ansible22:22
*** sreejithp_ has quit IRC22:39
*** markvoelker has joined #openstack-ansible22:39
ThiagoCMCjamesdenton, thank you! Looks like an awesome book! :-D22:53
*** markvoelker has quit IRC23:12
*** aedc has quit IRC23:29
*** aedc has joined #openstack-ansible23:33
*** phasespace has joined #openstack-ansible23:40
*** aedc has quit IRC23:44
*** aedc has joined #openstack-ansible23:44
*** tosky has quit IRC23:51
*** macza has quit IRC23:56
*** aedc has quit IRC23:58
« Wednesday, 2019-02-13 Index Friday, 2019-02-15 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!