| *** jmickle has joined #openstack-chef | 00:48 | |
| *** openstack has joined #openstack-chef | 00:56 | |
| *** ChanServ sets mode: +o openstack | 00:56 | |
| *** zhiwei has joined #openstack-chef | 01:03 | |
| *** jmickle has quit IRC | 01:04 | |
| *** jaycee has joined #openstack-chef | 01:05 | |
| *** kieren has quit IRC | 01:15 | |
| *** jmickle has joined #openstack-chef | 01:21 | |
| *** otter768 has joined #openstack-chef | 01:22 | |
| *** jmickle has quit IRC | 01:23 | |
| *** otter768 has quit IRC | 01:26 | |
| *** jmickle has joined #openstack-chef | 01:30 | |
| *** kieren has joined #openstack-chef | 01:32 | |
| *** kieren is now known as Guest10699 | 01:33 | |
| *** libsysguy has joined #openstack-chef | 01:44 | |
| *** jmickle has quit IRC | 02:00 | |
| *** libsysguy has quit IRC | 02:11 | |
| *** RabidCicada has quit IRC | 02:55 | |
| *** stevemar has joined #openstack-chef | 03:01 | |
| *** jaycee has quit IRC | 03:07 | |
| *** jmickle has joined #openstack-chef | 03:07 | |
| *** jmickle has quit IRC | 03:14 | |
| *** stevemar has quit IRC | 03:22 | |
| *** otter768 has joined #openstack-chef | 03:23 | |
| *** stevemar has joined #openstack-chef | 03:26 | |
| *** otter768 has quit IRC | 03:28 | |
| *** zhiwei has quit IRC | 03:40 | |
| *** jmickle has joined #openstack-chef | 04:33 | |
| *** jmickle has quit IRC | 04:50 | |
| *** otter768 has joined #openstack-chef | 05:24 | |
| *** nkrinner has joined #openstack-chef | 05:26 | |
| *** otter768 has quit IRC | 05:28 | |
| *** epcim has joined #openstack-chef | 05:28 | |
| *** stanchan has joined #openstack-chef | 05:29 | |
| *** ogny has joined #openstack-chef | 05:59 | |
| *** stevemar has quit IRC | 06:10 | |
| *** chlong has quit IRC | 07:06 | |
| *** otter768 has joined #openstack-chef | 07:24 | |
| *** otter768 has quit IRC | 07:29 | |
| openstackgerrit | Merged openstack/openstack-chef-repo: Use latest version of rabbitmq cookbook https://review.openstack.org/192435 | 08:16 |
|---|---|---|
| *** wojdev has joined #openstack-chef | 08:57 | |
| *** wojdev has quit IRC | 08:58 | |
| *** otter768 has joined #openstack-chef | 09:25 | |
| *** otter768 has quit IRC | 09:30 | |
| *** sc` has quit IRC | 10:21 | |
| *** sc` has joined #openstack-chef | 11:01 | |
| *** otter768 has joined #openstack-chef | 11:26 | |
| *** otter768 has quit IRC | 11:31 | |
| *** libsysguy has joined #openstack-chef | 12:30 | |
| *** nkrinner has quit IRC | 13:17 | |
| *** otter768 has joined #openstack-chef | 13:27 | |
| *** otter768 has quit IRC | 13:32 | |
| *** libsysguy has quit IRC | 13:45 | |
| *** mattray has joined #openstack-chef | 14:11 | |
| *** ChanServ sets mode: +o mattray | 14:11 | |
| jklare_ | markvan you here? | 14:12 |
| markvan | yo | 14:12 |
| jklare_ | i tried to understand this glance ssl cert thingy, but i am still confused | 14:12 |
| jklare_ | as far as i understand yi ming commented that the path to the cert and key files should not exist if ssl is enabled | 14:13 |
| jklare_ | which is true anyways, since if ssl is diabled the whole block wont exist in the config | 14:13 |
| jklare_ | but what i do not get is, how one can enable ssl without a cert and key file | 14:14 |
| markvan | yeah, looking at it again, I see that the cert/keys files are common for the base api service, and used for the connection to the registry service. It's that connection to the registry service that was the issue. Technically, if the certs are already stored locally, then you don't need to specify them (see the glance code), and just a ca cert to verify is all that is needed. | 14:16 |
| markvan | but, I think your right, this is specifc to some "old" glance code and maybe we don't bother supporting that case. I think the other issue here that would be better to solve, is pssibbly having separate certs for the registry client connection. but not sure how biga use case that is either. | 14:17 |
| jklare_ | i also think that there are probably not too many people trying to use different certs for api and registry | 14:19 |
| markvan | yup, agreed. | 14:19 |
| markvan | So, technically, this extra checking code will not harm anything in the major use cases and might be useful for some glance folks with unique needs. | 14:20 |
| jklare_ | a colleague of mine used to say that the best code is the one not written, but i guess if there are acutally people with a usecase for this | 14:23 |
| markvan | if you feel strongly, I can pull that extra part back out for now, and just fix the separation of the ssl flags usage. | 14:23 |
| *** stevemar has joined #openstack-chef | 14:24 | |
| jklare_ | let me check the usecase and i will get back to you | 14:24 |
| markvan | k | 14:27 |
| *** stevemar is now known as stevedoor | 14:29 | |
| jklare_ | ok, i think we have two parts here | 14:30 |
| jklare_ | first is the enabling or disabling of ssl for the api or registry service | 14:30 |
| jklare_ | if its enabled, we need to set cert and key | 14:31 |
| jklare_ | so we do not need these check of they are empty in addition | 14:31 |
| jklare_ | second is the connection to the registry from the api | 14:32 |
| jklare_ | here, we actually need to check if http is set and if the registry_client_key_file exists, since its not needed even if the registry_scheme is https | 14:32 |
| jklare_ | since the registry_client_cert_file is enough right? | 14:33 |
| markvan | yeah, I think that's it | 14:40 |
| *** bdemers has joined #openstack-chef | 14:48 | |
| *** stanchan has quit IRC | 14:53 | |
| *** jmickle has joined #openstack-chef | 14:58 | |
| *** ogny has quit IRC | 15:00 | |
| *** otter768 has joined #openstack-chef | 15:28 | |
| j^2 | markvan: any update or work that the CI chef-repo needs to do? | 15:31 |
| markvan | I have not respun it in a while, I can do that. Next step is infra patch for at least a periodic run on the chef-repo | 15:32 |
| *** otter768 has quit IRC | 15:33 | |
| *** libsysguy has joined #openstack-chef | 15:34 | |
| j^2 | nice | 15:37 |
| j^2 | just wanted to double check there wasnt anything i could specificly get done today | 15:38 |
| openstackgerrit | Merged openstack/cookbook-openstack-orchestration: Allow auth_encryption_key to be configured https://review.openstack.org/192689 | 15:45 |
| j^2 | @core so i’m putting together my mailing list talk, can yall take a look at the options for the title for me? https://gist.github.com/jjasghar/867cdd22991a5c957bee | 16:01 |
| os-chef-bot | @j^2 @markvan @mattray @wenchma @jklare @cmluciano @zhiwei so i’m putting together my mailing list talk, can yall take a look at the options for the title for me? https://gist.github.com/jjasghar/867cdd22991a5c957bee | 16:01 |
| markvan | j^2: what's the deal the Chef Definitions? 2nd class citizen? I see the apache cookbook uses them, but has TODOs in there to convert to LWRP. I'm hit the main issue with definitions, no notify/subscribe support since it NOT a resource. | 16:01 |
| markvan | BTW, I now have keystone running under apache with a new recipe, but the defintiions are getting in my way to finish this. | 16:02 |
| j^2 | markvan: i’m pretty sure Definitions are being depricated in favor for LWRPs. The mantra since January has been resource driven cookbooks, which is in line with the LWRPs not definitions | 16:02 |
| j^2 | tl;dr, yep i think it’s safe to say that they are 2nd if not 3rd class | 16:02 |
| markvan | k, any chance Apache cookbook will be refactored anytime soon? If not, I have 2 choices, use current definition, but then have to hack a nofity. Or tear into apache a bit lower level | 16:03 |
| j^2 | probably hack the notify | 16:04 |
| markvan | k, yup already started on that. | 16:04 |
| markvan | +1 for Swim, don't drown, in the OpenStack mailing lists | 16:05 |
| markvan | I'm currently doggie paddling...but no quite drowning | 16:05 |
| j^2 | ha! | 16:08 |
| *** jmickle_ has joined #openstack-chef | 16:16 | |
| *** jmickle_ has quit IRC | 16:24 | |
| j^2 | markvan: i +2’d CR the integration test. I think we’re ready to go | 16:56 |
| *** jmickle_ has joined #openstack-chef | 17:09 | |
| *** jmickle_ has quit IRC | 17:09 | |
| *** os-chef-bot has quit IRC | 17:15 | |
| *** os-chef-bot has joined #openstack-chef | 17:16 | |
| markvan | j^2: yeah, I still think something is not quite right with how the jobs runs, it seems to run a couple times and then die and get retried, but I can't see the reason for the retry. I wonder if we're breaking rules running a qemu vm within a gate job | 17:23 |
| *** libsysguy has quit IRC | 17:29 | |
| *** otter768 has joined #openstack-chef | 17:29 | |
| *** otter768 has quit IRC | 17:33 | |
| *** jmickle has quit IRC | 17:46 | |
| *** rtheis_ has joined #openstack-chef | 17:47 | |
| *** rtheis has quit IRC | 17:50 | |
| *** jaycee has joined #openstack-chef | 17:52 | |
| *** rtheis_ has quit IRC | 18:08 | |
| *** libsysguy has joined #openstack-chef | 18:14 | |
| j^2 | markvan: can you link the retry? | 18:28 |
| markvan | j^2: that's the issue, it's doing the retry silently from some type of catch in the jenkins java code. So, I only get to see the final log (which in this latest run failed with a neutron l3 agent timing issue) | 18:31 |
| j^2 | ah yeah, that’s the reason why i couldnt find the retry then? | 18:32 |
| markvan | I thought it was related to booting up the qemu vm, but not sure now... | 18:32 |
| *** stevedoor has quit IRC | 18:40 | |
| *** nacer has quit IRC | 18:55 | |
| *** nacer has joined #openstack-chef | 19:00 | |
| *** mattray has quit IRC | 19:01 | |
| *** jmickle has joined #openstack-chef | 19:12 | |
| *** jmickle has quit IRC | 19:23 | |
| *** otter768 has joined #openstack-chef | 19:30 | |
| *** otter768 has quit IRC | 19:34 | |
| openstackgerrit | Mark Vanderwiel proposed openstack/cookbook-openstack-dashboard: Allow keystone under apache https://review.openstack.org/193700 | 19:35 |
| openstackgerrit | Mark Vanderwiel proposed openstack/openstack-chef-repo: Allow keystone under apache https://review.openstack.org/193702 | 19:41 |
| openstackgerrit | Mark Vanderwiel proposed openstack/cookbook-openstack-dashboard: Allow keystone under apache https://review.openstack.org/193700 | 19:42 |
| *** stevemar has joined #openstack-chef | 20:07 | |
| *** epcim has quit IRC | 20:18 | |
| *** libsysguy has quit IRC | 21:03 | |
| openstackgerrit | Mark Vanderwiel proposed openstack/cookbook-openstack-identity: Allow keystone under apache https://review.openstack.org/193723 | 21:06 |
| markvan | @core ^^^ I made mucho progress on the Keystone under Apache blueprint, still needs more testing, but basic AIO tests are working | 21:09 |
| os-chef-bot | @j^2 @markvan @mattray @wenchma @jklare @cmluciano @zhiwei ^^^ I made mucho progress on the Keystone under Apache blueprint, still needs more testing, but basic AIO tests are working | 21:09 |
| markvan | j^2: I did just notice this "2 rechecks", checkout https://review.openstack.org/#/c/185085/ just above the chef-rake-integration, not sure if that's ok or not? | 21:10 |
| j^2 | markvan: I'm pretty sure that's fine. I think that's how many times you've ran the checks by hand | 21:15 |
| *** otter768 has joined #openstack-chef | 21:31 | |
| *** libsysguy has joined #openstack-chef | 21:33 | |
| *** otter768 has quit IRC | 21:35 | |
| *** stevemar has quit IRC | 21:52 | |
| *** tmichael has joined #openstack-chef | 23:05 | |
| *** tmichael has quit IRC | 23:05 | |
| *** otter768 has joined #openstack-chef | 23:32 | |
| *** otter768 has quit IRC | 23:36 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!