Monday, 2016-05-09

« Sunday, 2016-05-08 Index Tuesday, 2016-05-10 »
*** sacharya has joined #openstack-containers00:23
*** daneyon has joined #openstack-containers00:26
*** sacharya has quit IRC00:29
*** daneyon has quit IRC00:30
*** vilobhmm11 has joined #openstack-containers00:40
*** jwcroppe has quit IRC00:42
*** Qiming_ has joined #openstack-containers01:07
*** jwcroppe has joined #openstack-containers01:35
*** jwcroppe has quit IRC01:40
*** wangqun has joined #openstack-containers01:40
*** hongbin_ has joined #openstack-containers01:46
*** hongbin has quit IRC01:49
*** julim has quit IRC01:51
*** houming has joined #openstack-containers01:56
*** banix has joined #openstack-containers02:03
openstackgerritMerged openstack/magnum: Updated from global requirements  https://review.openstack.org/31373302:12
*** daneyon has joined #openstack-containers02:14
*** daneyon has quit IRC02:19
*** vilobhmm11 has quit IRC02:23
*** sacharya has joined #openstack-containers02:27
*** jwcroppe has joined #openstack-containers02:29
*** amit213 has quit IRC02:34
*** amit213 has joined #openstack-containers02:34
*** jwcroppe has quit IRC02:34
openstackgerritHongbin Lu proposed openstack/magnum: Add tox test for k8s coreos bay  https://review.openstack.org/28585302:36
openstackgerritwangqun proposed openstack/magnum: Add mesos_slave_isolation validate  https://review.openstack.org/31113902:40
*** bpokorny has joined #openstack-containers02:43
*** sheel has joined #openstack-containers03:14
*** zz_dimtruck is now known as dimtruck03:29
*** vilobhmm11 has joined #openstack-containers03:43
*** chandankumar has joined #openstack-containers03:43
*** bpokorny has quit IRC03:45
*** fragatina has quit IRC03:58
openstackgerritwangqun proposed openstack/magnum: Add mesos_slave_image_providers validate  https://review.openstack.org/31299004:02
*** Qiming_ has quit IRC04:02
*** sacharya has quit IRC04:02
*** jwcroppe has joined #openstack-containers04:03
*** bpokorny has joined #openstack-containers04:09
*** dimtruck is now known as zz_dimtruck04:09
*** zz_dimtruck is now known as dimtruck04:09
*** jwcroppe has quit IRC04:11
*** fragatina has joined #openstack-containers04:13
*** chandankumar has quit IRC04:15
*** fragatina has quit IRC04:18
*** dimtruck is now known as zz_dimtruck04:19
*** bpokorny has quit IRC04:25
*** hongbin_ has quit IRC04:26
*** fragatina has joined #openstack-containers04:29
*** fragatina has quit IRC04:29
*** fragatina has joined #openstack-containers04:30
*** chandankumar has joined #openstack-containers04:45
openstackgerritMerged openstack/magnum: Remove KUBE_API_PUBLIC_ADDRESS  https://review.openstack.org/31289404:46
*** chandankumar_ has joined #openstack-containers04:57
*** chandankumar has quit IRC04:59
*** chandankumar_ has quit IRC05:07
yuanyingwanghua: around?05:11
wanghuayuanying:here05:12
yuanyingabout this patch: https://review.openstack.org/#/c/31289405:13
yuanyingIs this tested by native cli? I'm not sure why this works05:13
wanghuakubelet can acess kube-api by fixed network ip05:15
yuanyingTenant user want to access kubernetes api via KUBE_API_PUBLIC_ADDRESS, using kubectl05:16
yuanyingSo, I guess SANs for KUBE_API_PUBLIC_ADDRESS is required05:17
wanghuathe cert in make-cert.sh is05:17
wanghuaused in bay05:18
*** eghobo has joined #openstack-containers05:18
wanghuanot use by tenant05:18
yuanyingBut this cert is used for server certificate which is used by tenant user who want to check "server certificate"05:19
*** Qiming_ has joined #openstack-containers05:21
yuanyingok, I'll check later, actually I don't have environment for test now...05:21
yuanyingI mentioned about this usecase, https://github.com/openstack/magnum/blob/master/doc/source/dev/tls.rst05:21
*** chandankumar_ has joined #openstack-containers05:22
wanghuayuanying:I will check it05:29
*** rcernin has joined #openstack-containers05:40
*** vimal has joined #openstack-containers05:41
*** manikanta_tadi has joined #openstack-containers05:46
*** jwcroppe has joined #openstack-containers05:52
*** adisky has joined #openstack-containers05:55
*** eghobo has quit IRC05:57
*** jwcroppe has quit IRC05:57
*** yolanda has joined #openstack-containers05:58
*** sacharya has joined #openstack-containers06:03
*** sacharya has quit IRC06:08
*** chandankumar_ has quit IRC06:11
*** chandankumar_ has joined #openstack-containers06:27
openstackgerritMerged openstack/magnum: Add mesos_slave_isolation validate  https://review.openstack.org/31113906:30
*** jwcroppe has joined #openstack-containers06:33
*** xek__ is now known as xek06:43
*** daneyon has joined #openstack-containers06:44
*** openstackgerrit has quit IRC06:47
*** openstackgerrit has joined #openstack-containers06:48
*** daneyon has quit IRC06:50
yolandagood morning, can any core send an extra +workflow on https://review.openstack.org/306283 ? seems it lost the first one, and cannot be merged06:50
*** vlaza has joined #openstack-containers06:54
*** jwcroppe has quit IRC06:56
*** jwcroppe has joined #openstack-containers07:00
openstackgerritMerged openstack/magnum: Add tox test for k8s coreos bay  https://review.openstack.org/28585307:01
*** vlaza has quit IRC07:01
*** sacharya has joined #openstack-containers07:04
*** fragatina has quit IRC07:04
*** vlaza has joined #openstack-containers07:07
*** Drago has joined #openstack-containers07:08
*** Drago has quit IRC07:08
*** Drago has joined #openstack-containers07:08
*** sacharya has quit IRC07:08
yuanyingyolanda: https://review.openstack.org/#/c/306283/ seems merge failed07:09
*** vlaza has quit IRC07:12
*** yolanda has quit IRC07:17
*** vimal has quit IRC07:19
*** yolanda has joined #openstack-containers07:23
*** vlaza has joined #openstack-containers07:27
openstackgerrityolanda.robla proposed openstack/magnum: Start using fedora atomic images that live in our mirrors  https://review.openstack.org/30628307:30
*** mikelk has joined #openstack-containers07:30
yolandayuanying, rebased07:31
*** mikelk has quit IRC07:32
*** mikelk has joined #openstack-containers07:37
*** vimal has joined #openstack-containers07:40
*** Qiming_ has quit IRC07:44
*** Qiming_ has joined #openstack-containers07:44
*** Drago has quit IRC07:44
*** vlaza has quit IRC08:08
*** wangqun has quit IRC08:10
*** openstackgerrit has quit IRC08:17
*** openstackgerrit has joined #openstack-containers08:18
*** vlaza has joined #openstack-containers08:22
*** houming has quit IRC08:22
*** yuanying has quit IRC08:23
*** adisky has quit IRC08:30
*** fragatina has joined #openstack-containers08:36
*** belmoreira has joined #openstack-containers08:49
*** wangqun has joined #openstack-containers08:55
*** BertrandN has quit IRC08:56
*** BertrandN has joined #openstack-containers08:59
*** sacharya has joined #openstack-containers09:05
*** vilobhmm11 has quit IRC09:06
*** sacharya has quit IRC09:10
*** rochaporto has quit IRC09:10
*** elo has quit IRC09:13
*** vilobhmm11 has joined #openstack-containers09:14
*** vilobhmm11 has quit IRC09:14
*** vilobhmm11 has joined #openstack-containers09:16
*** kushal has joined #openstack-containers09:20
*** rochaporto has joined #openstack-containers09:22
*** rochaporto has quit IRC09:22
*** rochaporto has joined #openstack-containers09:23
*** elo has joined #openstack-containers09:26
*** daneyon has joined #openstack-containers09:27
*** daneyon has quit IRC09:31
*** jwcroppe has quit IRC09:51
*** manikanta_tadi has quit IRC09:58
*** jberkus has quit IRC10:00
openstackgerritMerged openstack/magnum: Start using fedora atomic images that live in our mirrors  https://review.openstack.org/30628310:01
*** Qiming_ has quit IRC10:09
*** vlaza has quit IRC10:15
*** chandankumar_ has quit IRC10:22
*** mikelk has quit IRC10:25
*** jwcroppe has joined #openstack-containers10:29
*** vilobhmm11 has quit IRC10:31
*** jwcroppe has quit IRC10:33
*** chandankumar_ has joined #openstack-containers10:36
*** vlaza has joined #openstack-containers10:57
*** wangqun_ has joined #openstack-containers10:58
*** wangqun has quit IRC11:01
*** sacharya has joined #openstack-containers11:05
*** mikelk has joined #openstack-containers11:09
*** sacharya has quit IRC11:10
*** jwcroppe has joined #openstack-containers11:23
*** jwcroppe has quit IRC11:28
*** kushal has quit IRC11:31
*** vlaza1 has joined #openstack-containers11:35
*** vlaza has quit IRC11:35
*** banix has quit IRC11:38
openstackgerritHua Wang proposed openstack/magnum: LBaaS API v2  https://review.openstack.org/31406011:42
*** yamamoto has quit IRC11:44
*** fragatina has quit IRC11:54
*** yolanda has quit IRC11:57
*** yolanda has joined #openstack-containers12:02
openstackgerritHua Wang proposed openstack/magnum: LBaaS API v2  https://review.openstack.org/31406012:04
*** mikelk has quit IRC12:07
*** coreyob has joined #openstack-containers12:09
*** mikelk has joined #openstack-containers12:13
*** chandankumar_ has quit IRC12:17
*** wangqun_ has quit IRC12:26
*** agireud has quit IRC12:38
*** agireud has joined #openstack-containers12:40
*** manikanta_tadi has joined #openstack-containers12:42
*** manikanta_ has joined #openstack-containers12:42
*** manikanta_ has quit IRC12:42
*** rlrossit has joined #openstack-containers12:43
*** v1k0d3n has quit IRC12:46
*** zul has quit IRC12:50
*** chuck__ has joined #openstack-containers12:51
*** chuck__ has quit IRC12:51
*** chuck__ has joined #openstack-containers12:52
*** manikanta_tadi has quit IRC12:55
*** vlaza1 has quit IRC12:56
*** yolanda has quit IRC12:58
*** yolanda has joined #openstack-containers13:04
*** v1k0d3n has joined #openstack-containers13:06
*** sacharya has joined #openstack-containers13:06
*** sergmelikyan has joined #openstack-containers13:07
yolandahi, is that something normal that when i deploy magnum in devstack, kube_masters and kube_minions take long time, or fails because timeout? i wonder if i'm doing anything wrong13:10
*** sacharya has quit IRC13:11
*** jwcroppe has joined #openstack-containers13:11
*** jwcroppe has quit IRC13:16
*** belmoreira has quit IRC13:31
*** mtanino has joined #openstack-containers13:32
*** hongbin has joined #openstack-containers13:33
*** wznoinsk has quit IRC13:34
*** jwcroppe has joined #openstack-containers13:34
*** wznoinsk has joined #openstack-containers13:35
openstackgerritHongbin Lu proposed openstack/magnum: Use the latest atomic image name  https://review.openstack.org/31317613:35
*** yolanda has quit IRC13:36
*** yolanda has joined #openstack-containers13:43
*** kushal has joined #openstack-containers13:46
*** Kuwagata has joined #openstack-containers13:47
*** david-lyle_ has joined #openstack-containers13:48
*** mtanino has quit IRC13:49
*** david-lyle has quit IRC13:50
*** srampal has joined #openstack-containers13:53
*** ametts has joined #openstack-containers13:53
*** pradk has joined #openstack-containers13:54
*** daneyon has joined #openstack-containers13:58
*** daneyon has quit IRC14:03
*** dane_leblanc has joined #openstack-containers14:05
*** muralia_ has joined #openstack-containers14:06
*** sigmavirus24_awa is now known as sigmavirus2414:06
*** ramishra has quit IRC14:08
*** ramishra has joined #openstack-containers14:09
*** muralia has quit IRC14:10
*** csoukup has joined #openstack-containers14:11
*** fragatina has joined #openstack-containers14:13
*** zz_dimtruck is now known as dimtruck14:21
yolandahi, trying to run magnum on devstack, but is impossible to create a bay for me. Either kube_masters or kube_minions timeout each time. Anyone having same experience? how can i troubleshoot it?14:22
hongbinyolanda: I knew there was an issue on the lbaas devstack plugin, which caused a similar issue14:25
hongbinyolanda: Could you paste this file? /opt/stack/devstack/local.conf14:25
yolandasure14:25
yolandahongbin http://paste.openstack.org/show/496466/14:26
hongbinYou config file looks right14:27
hongbinyolanda: Try this step: http://docs.openstack.org/developer/magnum/troubleshooting-guide.html#heat-stacks14:29
hongbinyolanda: confirm if it is caused by the wait condition14:29
yolandahongbin, i did, it just sits on CREATE_IN_PROGRESS for kube_masters and kube_minions, until they finally tineout14:30
yolandaand yes, on wait condition14:30
hongbinyolanda: do you have a pending cluster right now?14:30
*** Drago has joined #openstack-containers14:31
*** Drago has quit IRC14:31
yolandaspinning a new one now14:31
hongbinyolanda: If yes, ssh to the master/minion which is pending14:31
*** Drago has joined #openstack-containers14:31
yolandagoing to launch a new one14:32
yolandalast i tried, was successful for kube_minions after nearly one hour, but failed on kube_masters14:32
hongbinyou run devstack on a VM or a physical machine?14:33
hongbinIf on a physical machine, the cluster should be ready in 3 minutes14:33
hongbinIf not, it will likely to be blocked and there is something wrong14:34
yolandahongbin, on a vm14:34
hongbin.......14:34
yolandai do not have a physical machine available to run devstack now14:35
yolandahongbin, is there any proble running devstack+magnum on a vm? i've been doing that for other tests14:35
hongbinOn a VM, it will take a while to pull the docker image ...........14:35
hongbinNo problem, just very slow14:36
*** sdake has joined #openstack-containers14:36
yolandahongbin, so spinning the cluster again14:38
hongbinok14:38
yolandait's waiting on kube_masters and kube_minions again14:38
yolandahow much time shall i give? how can i know if that's slow, or hung?14:38
*** mtanino has joined #openstack-containers14:39
hongbinyolanda: maybe 10 - 20 minutes14:40
hongbinyolanda: Once you figured out a master/minion is blocked, SSH to the node and type these commands:14:40
hongbinsudo systemctl --full list-units --no-pager14:41
hongbinsudo journalctl -u cloud-final --no-pager14:41
hongbinsudo journalctl -u kubelet --no-pager14:41
hongbinsudo journalctl -u etcd --no-pager14:41
hongbinsudo journalctl -u kube-apiserver --no-pager14:41
hongbinsudo journalctl -u docker --no-pager14:42
hongbinsudo docker ps -a14:42
*** fragatina has quit IRC14:42
hongbinsudo journalctl -u wc-notify --no-pager14:42
hongbinThat is it14:42
yolandaok i'll wait a bit more and try that14:43
*** kushal has quit IRC14:43
*** Drago has quit IRC14:54
muralia_hongbin: Can this blueprint be closed? https://blueprints.launchpad.net/magnum/+spec/containers-extension14:55
muralia_I'll open a new one to remove the containers endpoint14:56
hongbinmuralia_: closed14:57
muralia_thank you14:57
*** sacharya has joined #openstack-containers14:58
yolandahongbin, why does this happen? is that some known bug?14:59
hongbinyolanda: I don't know why for now.14:59
hongbinWe noticed there are some random timeout failure on the gate, but the cause is unknow15:00
*** Drago has joined #openstack-containers15:00
hongbinAnd I am not able to reproduce the error in my environment15:01
yolandai can reproduce that nearly always on my vm15:01
*** yolanda has quit IRC15:09
*** jberkus has joined #openstack-containers15:10
*** vimal has quit IRC15:12
*** yolanda has joined #openstack-containers15:19
yolandahongbin, i was able to boot minions, but master failed15:21
yolandait cannot start kubelet and docker15:21
yolandasudo journalctl -u kubelet --no-pager15:24
yolanda-- Logs begin at Mon 2016-05-09 14:35:10 UTC, end at Mon 2016-05-09 15:24:05 UTC. --15:24
yolandaMay 09 15:00:55 k8-uwmicqyc6i-0-he2pccntfe32-kube-master-tjbszccirqxk.novalocal systemd[1]: Dependency failed for Kubernetes Kubelet Server.15:24
yolandaMay 09 15:00:55 k8-uwmicqyc6i-0-he2pccntfe32-kube-master-tjbszccirqxk.novalocal systemd[1]: kubelet.service: Job kubelet.service/start failed with result 'dependency'.15:24
yolandahongbin, ^15:24
hongbinyolanda: I don't know which dependency was failing15:24
hongbinyolanda: How about the docker daemon log?15:25
yolandaMay 09 14:59:54 k8-uwmicqyc6i-0-he2pccntfe32-kube-master-tjbszccirqxk.novalocal systemd[1]: Starting Docker Application Container Engine...15:25
yolandaMay 09 15:00:47 k8-uwmicqyc6i-0-he2pccntfe32-kube-master-tjbszccirqxk.novalocal docker[1646]: time="2016-05-09T15:00:47.193516287Z" level=info msg="Firewalld running: false"15:25
yolandaMay 09 15:00:54 k8-uwmicqyc6i-0-he2pccntfe32-kube-master-tjbszccirqxk.novalocal systemd[1]: docker.service: Start operation timed out. Terminating.15:25
hongbinyolanda: Could you paste the full log?15:26
hongbinyolanda: to paste.openstack15:26
yolandayep, just a sec15:26
*** elo has quit IRC15:28
*** elo has joined #openstack-containers15:29
yolandahongbin, which should be the path for docker logs?15:29
hongbinsudo journalctl -u docker --no-pager15:29
yolandahttp://paste.openstack.org/show/496475/15:29
hongbinyolanda: could you type: sudo systemctl status docker --full15:30
yolandahttp://paste.openstack.org/show/496476/15:31
hongbinyolanda: could you paste this file: /usr/lib/systemd/system/docker.service15:32
hongbinyolanda: and every files under this folder: /etc/systemd/system/docker.service.d15:32
yolandahongbin http://paste.openstack.org/show/496477/15:33
yolandahongin, and http://paste.openstack.org/show/496479/15:34
hongbinYour docker daemon was failed for some reasons15:35
yolandahongbin, with a service status -l i get15:36
yolandaMay 09 15:32:13 k8-uwmicqyc6i-0-he2pccntfe32-kube-master-tjbszccirqxk.novalocal docker[2059]: time="2016-05-09T15:32:12.974687767Z" level=fatal msg="Error starting daemon: Error initializing network controller: Error creating default \"bridge\" network: failed to allocate gateway (10.100.77.1): No available addresses on this pool"15:36
hongbinLet me think15:36
*** adrian_otto has joined #openstack-containers15:37
*** bpokorny has joined #openstack-containers15:38
*** bpokorny has quit IRC15:38
*** bpokorny has joined #openstack-containers15:39
hongbinyolanda: could you paste the following files:15:40
yolandahongbin, the magnum bay-create just failed.. is there a way to restart a failed resource'15:41
*** chandankumar has joined #openstack-containers15:41
hongbinyolanda: /etc/sysconfig/docker15:41
hongbinyolanda: /etc/sysconfig/docker-storage15:41
hongbinyolanda: /etc/sysconfig/docker-network15:42
hongbinyolanda: No, there is no way to recover from a failure from Heat so far15:42
yolandahongbin, i was able to start docker by deleting /var/lib/docker/network/files/local-kv.db , but seems it was too late15:42
hongbinyolanda: ....15:43
hongbinyolanda: Then you will hit the problem in the next step on creating a new bay15:43
*** mikelk has quit IRC15:44
yolandahongbin, http://paste.openstack.org/show/496485/, http://paste.openstack.org/show/496487/, http://paste.openstack.org/show/496488/15:44
yolandagoing to retry15:44
hongbinyolanda: here is what you can debug15:45
hongbinyolanda: manually type the environment variables in those files15:45
hongbinyolanda: E.g. "OPTIONS='--selinux-enabled --log-driver=journald'"15:46
hongbin....15:46
hongbinThen, manually type the docker command: /usr/bin/docker daemon \           $OPTIONS \           $DOCKER_STORAGE_OPTIONS \           $DOCKER_NETWORK_OPTIONS \           $INSECURE_REGISTRY15:46
hongbinSee what is the error message you got15:46
*** bpokorny has quit IRC15:47
yolandaok15:47
*** fragatina has joined #openstack-containers15:50
*** murrdoc has joined #openstack-containers15:51
*** chandankumar has quit IRC15:53
*** fragatina has quit IRC15:53
*** fragatin_ has joined #openstack-containers15:53
*** Drago has quit IRC16:00
*** chandankumar has joined #openstack-containers16:00
*** fragatin_ has quit IRC16:02
*** ramishra_ has joined #openstack-containers16:04
*** rcernin has quit IRC16:06
*** ramishra has quit IRC16:07
*** fragatina has joined #openstack-containers16:07
*** eghobo has joined #openstack-containers16:12
*** murrdoc has quit IRC16:22
*** Drago has joined #openstack-containers16:23
*** murrdoc has joined #openstack-containers16:25
*** gangil has joined #openstack-containers16:29
*** rcernin has joined #openstack-containers16:37
yolandahongbin, i'm able to ssh into the failing master, and restart docker, but even with that, the service is hung on CREATE_IN_PROCESS16:37
yolandais there anything else needed?16:38
yolandabtw, i'm getting this error on master: May 09 16:32:51 k8-7fuvp62n25-0-66x66rfbitni-kube-master-t3zpx6qb5viu.novalocal docker[1777]: time="2016-05-09T16:32:51.114979189Z" level=error msg="HTTP Error" err="No such image: gcr.io/google_containers/pause:2.0" statusCode=40416:38
*** david-lyle_ is now known as david-lyle16:45
*** JoseMello has joined #openstack-containers16:49
*** zenoway has joined #openstack-containers16:51
openstackgerritMerged openstack/magnum-ui: Imported Translations from Zanata  https://review.openstack.org/31035416:52
yolandahongbin, it repeats consistently, the one that fails is kube-master all the time16:53
yolandai saw that error about failing image on the logs, but then i could start the service manually. But looks it missed some signal because the heat resource was on create_in_progress until it failed16:54
*** sdake has quit IRC17:00
*** zenoway has quit IRC17:00
*** zenoway has joined #openstack-containers17:00
*** sdake has joined #openstack-containers17:01
*** yolanda has quit IRC17:06
*** omnipresent has joined #openstack-containers17:08
*** omnipresent has quit IRC17:08
*** zenoway has quit IRC17:11
*** yolanda has joined #openstack-containers17:12
*** sdake_ has joined #openstack-containers17:18
*** zenoway has joined #openstack-containers17:20
*** sdake has quit IRC17:21
*** kushal has joined #openstack-containers17:25
*** zenoway has quit IRC17:25
*** sdake_ has quit IRC17:25
*** sdake has joined #openstack-containers17:27
*** vilobhmm11 has joined #openstack-containers17:36
*** lakshmiS has joined #openstack-containers17:42
*** harlowja has joined #openstack-containers17:48
*** vilobhmm111 has joined #openstack-containers17:52
*** vilobhmm11 has quit IRC17:53
*** vilobhmm111 has quit IRC17:53
*** vilobhmm11 has joined #openstack-containers17:54
*** zenoway has joined #openstack-containers17:56
*** sdake_ has joined #openstack-containers17:58
*** sergmelikyan has quit IRC17:59
*** zenoway has quit IRC18:00
*** sergmelikyan has joined #openstack-containers18:00
*** sdake has quit IRC18:01
*** julim has joined #openstack-containers18:01
*** csoukup has quit IRC18:02
*** sergmelikyan has quit IRC18:02
*** zenoway has joined #openstack-containers18:03
*** sergmelikyan has joined #openstack-containers18:05
*** zenoway has quit IRC18:10
*** zenoway has joined #openstack-containers18:15
*** sdake_ is now known as sdake18:15
hongbinyolanda: sorry I was away18:19
hongbinyolanda: could you send me the link of the image18:20
hongbinyolanda: I will see if I can reproduce it18:20
hongbinyolanda: I assume you are using the image built by yourself?18:20
yolandahongbin yes, use the fedora-image-latest18:21
hongbinyolanda: the one downloaded from fedorapeople?18:22
yolandano, the one from openstack.. http://tarballs.openstack.org/magnum/images/18:23
hongbinyolanda: I am not sure how that one is built18:24
hongbinyolanda: you setup a CI to build that image?18:24
yolandahongbin, that's built with a periodic job right now18:25
yolandalook into project-config, in shade macros18:25
hongbinyolanda: OK. Let me try that image18:26
yolandai'm unstacking and stacking the environment , to see if there can be any problem as well18:27
*** sdake has quit IRC18:27
yolandahongbin, i use that setup    export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='http://tarballs.openstack.org/magnum/images/fedora-atomic-f23-dib.qcow2'"18:28
yolanda    export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-atomic-f23-dib'"18:28
hongbinok18:29
*** kushal has quit IRC18:30
*** sergmelikyan has quit IRC18:30
*** sergmelikyan has joined #openstack-containers18:32
*** openstackgerrit has quit IRC18:33
*** openstackgerrit has joined #openstack-containers18:33
*** zenoway has quit IRC18:37
*** kfox1111 has joined #openstack-containers18:43
*** ozialien10 has quit IRC18:43
kfox1111how is communication established between the magnum controllers and nova instances?18:44
*** ozialien10 has joined #openstack-containers18:44
kfox1111is this diagram still up to date? https://wiki.openstack.org/wiki/File:Magnum_architecture.png18:44
*** ozialien10 has quit IRC18:44
kfox1111If so, it kind of looks like software deployoments are your ownly communication channel?18:45
*** ozialien10 has joined #openstack-containers18:45
*** julim has quit IRC18:46
hongbinkfox1111: Magnum talks to kubernetes API endpoint18:46
hongbinkfox1111: by using a floating IP18:47
kfox1111what about the deployment stuff though? is that all done just through software deployments?18:47
*** mtanino has quit IRC18:47
hongbinkfox1111: mesos is done by software deployments18:47
kfox1111I'm talking with one of the k8s developers on how to better the k8s <-> keystone auth stuff.18:48
hongbinkfox1111: k8s/swarm is done by cloud-init18:48
hongbinkfox1111: Oh, that is different18:48
kfox1111He had an idea but would only work I think if there was a more trusted ccommunication channel between the vm and keystone.18:48
kfox1111like rabbit/zaqar,magnum mgmt network, etc.18:48
hongbinCurrently, k8s is using the publicUrl in Keystone catalog18:49
*** sdake has joined #openstack-containers18:49
hongbinThere is no special communication channel18:49
kfox1111and using the --experimantal-keystone-url?18:49
kfox1111k. :/18:49
kfox1111so I think my patch rather then his suggestion is probably the way to go...18:50
*** yolanda has quit IRC18:51
hongbinI see18:51
kfox1111hongbin: the main work is here: https://github.com/kubernetes/kubernetes/issues/24982, and the last two discussion items are on this issue: https://github.com/kubernetes/kubernetes/issues/25066 for18:51
hongbinLet me check18:51
kfox1111I think I can get an initial patch for it up maybe tonight.18:52
*** gangil has quit IRC18:52
*** sergmelikyan has joined #openstack-containers18:53
hongbinawesome18:56
kfox1111If this patch gets through, I think the changes on the Magnum side would need to be something like:18:57
kfox1111have a keystone domain for Magnum similar to Heat's.18:57
kfox1111when a k8s cluster is created, create a user there with the admin role. (we can tighten up the roles later).18:58
kfox1111pass the username/creds through the cloud-init and stick it in a cloud config file in /etc/kubernetes.18:58
kfox1111set the new --experimantal-keystone-config option to point to it.18:59
kfox1111should be good to go then.18:59
hongbinI think there is already a domain created19:00
hongbinLet me find the patch19:01
hongbinkfox1111: check this patch https://review.openstack.org/#/c/296926/719:03
hongbinThere is a domain created for trust19:03
*** jberkus has quit IRC19:04
hongbinI think it can be re-use19:04
*** jberkus has joined #openstack-containers19:04
hongbinAnd here: https://review.openstack.org/#/c/286414/19:05
*** sdake_ has joined #openstack-containers19:06
*** sdake has quit IRC19:07
hongbinThe domain was created in devstack: https://review.openstack.org/#/c/261285/20/devstack/lib/magnum19:09
kfox1111ah. nice.19:11
kfox1111ah. so a trust user is already being pushed into the vm's.19:12
kfox1111nice.19:12
kfox1111so, we just need to tweak the k8s templates to drop the username/password stuff in the right k8s config file, and have an extra role get associated to the trust user.19:13
kfox1111maybe a config file option to specify what role it will be.19:13
kfox1111I'm going to submit a patch to keystone's default policy to make a validate role that shouldn't be as permissive as the admin role.19:14
hongbinsounds good19:14
kfox1111it would also be nice if the integration patch added a --cors flag to the k8s controller too for the keystone endpoint.19:14
hongbin--cors flag?19:15
kfox1111that way, when I start a keystone plugin, it can cors call to the k8s cluster.19:15
kfox1111http://kubernetes.io/docs/admin/kube-apiserver/19:16
kfox1111--cors-allowed-origins=[]: List of allowed origins for CORS, comma separated.  An allowed origin can be a regular expression to support subdomain matching.  If this list is empty CORS will not be enabled.19:16
hongbinYes, I think Magnum can add this option19:16
hongbinIt should be fine19:16
kfox1111it should contain the horizon url's.19:16
hongbinyes19:17
kfox1111awesome. :)19:17
*** adrian_otto has quit IRC19:18
kfox1111I'll keep you posted. thanks for the help. :)19:18
hongbinThanks. My pleasure19:19
*** JoseMello has quit IRC19:29
*** mbound has joined #openstack-containers19:36
*** zenoway has joined #openstack-containers19:46
*** mbound has quit IRC19:47
*** omnipresent has joined #openstack-containers19:53
*** zenoway has quit IRC19:55
*** chandankumar has quit IRC19:56
*** zenoway has joined #openstack-containers19:57
*** omnipresent has quit IRC20:01
*** fragatina has quit IRC20:04
*** gangil has joined #openstack-containers20:06
*** gangil has quit IRC20:06
*** gangil has joined #openstack-containers20:07
*** vilobhmm111 has joined #openstack-containers20:14
*** vilobhmm11 has quit IRC20:14
*** rcernin has quit IRC20:15
*** bpokorny has joined #openstack-containers20:23
*** fragatina has joined #openstack-containers20:23
*** zenoway has quit IRC20:26
*** adrian_otto has joined #openstack-containers20:36
*** zenoway has joined #openstack-containers20:38
*** zenoway has quit IRC20:42
*** fragatina has quit IRC20:44
*** sdake has joined #openstack-containers20:44
*** sergmelikyan has quit IRC20:45
*** sdake_ has quit IRC20:47
*** Kuwagata has quit IRC20:48
*** rlrossit has quit IRC21:04
*** Drago has quit IRC21:07
*** dane_leblanc_ has joined #openstack-containers21:07
*** Drago has joined #openstack-containers21:07
*** dane_leblanc has quit IRC21:10
*** daneyon has joined #openstack-containers21:11
*** fragatina has joined #openstack-containers21:11
*** sheel has quit IRC21:15
*** daneyon has quit IRC21:15
*** lakshmiS has quit IRC21:22
*** sergmelikyan has joined #openstack-containers21:29
*** sergmelikyan has quit IRC21:29
*** sergmelikyan has joined #openstack-containers21:33
*** srampal has quit IRC21:37
*** dane_leblanc_ has quit IRC21:45
*** mbound has joined #openstack-containers21:46
*** mbound has quit IRC21:48
*** mbound has joined #openstack-containers21:48
*** sergmelikyan has quit IRC21:55
*** sdake has quit IRC22:02
openstackgerritHongbin Lu proposed openstack/magnum: Enable TLS support for k8s CoreOS  https://review.openstack.org/27728422:05
*** dimtruck is now known as zz_dimtruck22:10
*** zz_dimtruck is now known as dimtruck22:10
*** dimtruck is now known as zz_dimtruck22:20
*** dave-mccowan has quit IRC22:22
*** adrian_otto has quit IRC22:23
*** sigmavirus24 is now known as sigmavirus24_awa22:24
*** pradk has quit IRC22:29
*** Qiming_ has joined #openstack-containers22:31
*** pradk has joined #openstack-containers22:33
*** pradk has quit IRC22:33
*** sacharya has quit IRC22:37
*** julim has joined #openstack-containers22:38
*** zenoway has joined #openstack-containers22:46
*** zenoway has quit IRC22:51
*** gangil has quit IRC22:58
*** ametts has quit IRC22:58
*** daneyon has joined #openstack-containers22:59
*** bpokorny_ has joined #openstack-containers23:00
*** eghobo has quit IRC23:02
*** bpokorny has quit IRC23:03
*** Drago has quit IRC23:04
*** daneyon has quit IRC23:04
*** Qiming_ has quit IRC23:06
*** hongbin has quit IRC23:07
*** julim has quit IRC23:08
*** zz_dimtruck is now known as dimtruck23:11
*** bpokorny_ has quit IRC23:13
*** bpokorny has joined #openstack-containers23:14
*** yuanying has joined #openstack-containers23:14
*** mbound has quit IRC23:18
*** zenoway has joined #openstack-containers23:22
*** vilobhmm111 has quit IRC23:25
*** mbound has joined #openstack-containers23:25
*** zenoway has quit IRC23:27
*** sacharya has joined #openstack-containers23:37
*** sacharya has quit IRC23:42
*** mbound has quit IRC23:46
« Sunday, 2016-05-08 Index Tuesday, 2016-05-10 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!