Tuesday, 2019-08-06

« Monday, 2019-08-05 Index Wednesday, 2019-08-07 »
*** xiangdong-huang has joined #openstack-containers01:16
*** spsurya has joined #openstack-containers01:17
*** xiangdong-huang has quit IRC01:22
*** altlogbot_3 has quit IRC01:37
*** altlogbot_0 has joined #openstack-containers01:38
*** ricolin has joined #openstack-containers02:16
*** hongbin has joined #openstack-containers02:49
*** yolanda has quit IRC03:21
*** yolanda has joined #openstack-containers03:22
*** ramishra has joined #openstack-containers03:34
openstackgerritzengjia proposed openstack/magnum master: Update "auth_url" port in install docs  https://review.opendev.org/67472403:58
*** ykarel|away has joined #openstack-containers04:05
*** hongbin has quit IRC04:11
*** udesale has joined #openstack-containers04:38
*** jhesketh has joined #openstack-containers04:54
*** janki has joined #openstack-containers05:04
*** ramishra has quit IRC05:38
*** jchhatbar has joined #openstack-containers05:38
*** ykarel|away is now known as ykarel05:39
*** jchhatbar has quit IRC05:41
*** janki has quit IRC05:41
*** jchhatbar has joined #openstack-containers05:42
*** jchhatbar has quit IRC05:43
*** ramishra has joined #openstack-containers06:19
*** ykarel is now known as ykarel|lunch08:02
*** rcernin has quit IRC08:04
*** lpetrut has joined #openstack-containers08:10
openstackgerritMerged openstack/magnum master: Support auto_healing_controller  https://review.opendev.org/66620908:40
*** mgoddard has quit IRC10:03
*** ykarel_ has joined #openstack-containers10:17
*** ykarel|lunch has quit IRC10:19
*** ykarel_ is now known as ykarel10:27
*** ykarel_ has joined #openstack-containers10:31
*** ykarel has quit IRC10:34
*** ykarel_ is now known as ykarel10:42
tbarronjakeyip: yeah, that nautilus dependency is in the partner protocol node plugin rather than in manila-csi proper, i've used ceph luminous with nfs gateway and hence nfs csi node plugin10:48
tbarronjakeyip: manila itself needs at least luminous when backed by CephFS10:48
*** ramishra has quit IRC11:00
*** ramishra has joined #openstack-containers11:02
*** mgoddard has joined #openstack-containers11:13
*** ivve has joined #openstack-containers11:22
*** ykarel is now known as ykarel|afk11:47
*** henriqueof has joined #openstack-containers12:10
*** ykarel|afk is now known as ykarel12:11
jakeyiptbarron: do you mean need at least nautilus with CephFS?12:19
tbarronjakeyip: I mean luminous, but when you back manila with cephfs there are two options12:31
tbarronjakeyip: a) use cephfs native, expose the shares via CephFS protocol, mount them with ceph-fuse or kernel support for CephFS12:32
*** udesale has quit IRC12:32
*** udesale has joined #openstack-containers12:32
tbarronb) use an nfs-ganesha gateway and expose them via NFS protocol12:33
tbarronjakeyip: manila-csi can work with either of these, as well as with other backings for manila that expose shares via NFS12:33
tbarronjakeyip: option a requires nautilus because the mounting of the shares is done via the cephfs-csi node plugin and it requires nautilus12:34
*** hongbin has joined #openstack-containers12:34
tbarronjakeyip: option b only requires luminous, because mounting of shares is done va the nfs-csi node plugin (so no ceph requirement there) and12:35
tbarronthe controller-provisioner part just depends on manila which in turn depends on ceph luminous when manila is backed by CephFS12:35
*** ykarel_ has joined #openstack-containers12:42
*** ykarel has quit IRC12:44
*** ykarel_ is now known as ykarel12:54
*** ykarel_ has joined #openstack-containers13:16
*** ykarel has quit IRC13:18
*** ykarel_ is now known as ykarel|afk13:19
*** hongbin has quit IRC13:24
*** ykarel_ has joined #openstack-containers13:38
*** ykarel|afk has quit IRC13:40
*** dioguerra has quit IRC13:42
*** ykarel__ has joined #openstack-containers13:45
*** dioguerra has joined #openstack-containers13:46
*** ykarel_ has quit IRC13:47
*** ykarel__ is now known as ykarel13:48
*** ykarel has quit IRC14:11
*** dioguerra has quit IRC14:12
*** ykarel has joined #openstack-containers14:12
*** altlogbot_0 has quit IRC14:12
*** altlogbot_1 has joined #openstack-containers14:13
*** dioguerra has joined #openstack-containers14:14
*** ramishra has quit IRC14:23
*** KeithMnemonic has joined #openstack-containers14:36
brtknrtbarron: looks like we've had an exchange before: https://github.com/ceph/ceph/pull/2540715:07
tbarronbrtknr: ah, that was you who drove those backports!  Thanks!15:08
brtknrtbarron: :) i was just thinking that the mode needs to be 777 for enabling non root users to write to a manila pv15:10
brtknrwe'd maybe get away with 0776 too15:11
tbarronbrtknr: my experience was from OpenShift users with the pre-csi dynamic external provisioner.  They reported 775 was sufficient for their case.15:11
tbarronbrtknr: but maybe the problem was a little different15:11
brtknrfor non-root users to be able to write?15:12
brtknrsounds like it15:12
tbarronbrtknr: I think they only needed users in a certain group to be able to write and search but I guess in your case you need any user to15:13
tbarronbrtknr: be able to do it from the top of the tree15:13
brtknrtbarron: thats right15:13
tbarronbrtknr: and they may need 777 to be able to search in directories there15:13
brtknr:) we're back in full circle15:14
tbarronbrtknr: sorry for assuming your use case was the same but the other one actually drove that ceph_volume patch15:14
tbarronbrtknr: glad it handles your use case too :)15:15
brtknrtbarron: your use case is is probably the better approach as you are in control over what groups are allowed to write to a pv15:18
*** ykarel is now known as ykarel|away15:19
*** nfakhir has quit IRC15:26
*** ivve has quit IRC15:46
*** ricolin has quit IRC16:20
*** hongbin has joined #openstack-containers16:24
*** hongbin has quit IRC16:29
*** udesale has quit IRC17:00
*** mgariepy has quit IRC17:25
*** lpetrut has quit IRC17:44
*** sapd1_x has joined #openstack-containers17:51
*** spsurya has quit IRC17:52
*** lpetrut has joined #openstack-containers18:03
*** sapd1_x has quit IRC18:28
*** ykarel|away has quit IRC18:31
*** henriqueof has quit IRC18:38
*** ivve has joined #openstack-containers19:32
*** lpetrut has quit IRC19:39
*** henriqueof has joined #openstack-containers19:42
*** lpetrut has joined #openstack-containers20:08
*** strigazi has joined #openstack-containers21:01
strigazi#startmeeting containers21:01
openstackMeeting started Tue Aug  6 21:01:36 2019 UTC and is due to finish in 60 minutes.  The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot.21:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:01
*** openstack changes topic to " (Meeting topic: containers)"21:01
openstackThe meeting name has been set to 'containers'21:01
strigazi#topic Roll Call21:01
*** openstack changes topic to "Roll Call (Meeting topic: containers)"21:01
strigazio/21:01
jakeyipo/21:01
strigaziHello jakeyip21:03
strigazi#topic Announcements21:03
*** openstack changes topic to "Announcements (Meeting topic: containers)"21:03
jakeyiphi strigazi. wondering if flwang is around?21:03
strigaziAfter discussion with flwang , we will clean up the review list abandoning all patches olders than 30 days. of course contributors can reopen the them21:04
jakeyip+121:04
strigazijakeyip: flwang is attenging a conference and can not join21:04
strigaziSince we are the two of us, let's make this an open discussion21:05
strigazi#topic Open Discussion21:05
*** openstack changes topic to "Open Discussion (Meeting topic: containers)"21:05
strigaziIs there something specific you would like to discuss jakeyip ?21:06
strigaziAny patches or something you need to be fixed? Any issues with your deployment?21:06
jakeyipthanks for putting a note on the quota patch. https://review.opendev.org/#/c/673782/ . since you think it's ok I will go on updating tests and such21:08
*** lpetrut has quit IRC21:08
jakeyipI'm currently working on a few things a.t.m. am interested in ceph's deployment of manila + magnum21:09
strigaziwould you like also to pick https://review.opendev.org/#/c/657435/ ?21:09
strigazijakeyip: https://gitlab.cern.ch/strigazi/csi-plugins21:10
jakeyipstrigazi: sure I'll have to read the etherpad later to get more context21:10
strigazijakeyip: the above soon will be update to csi 1.0 and csi-manila, but these work21:10
jakeyipare you doing nfs / cephfs to users?21:10
strigazinot nfs, only cephfs21:11
jakeyipand your cluster is nautilus?21:12
tbarronstrigazi: note that there is a diff between the manila-provisioner and the newer manila-csi provisioner21:12
strigazitbarron: yeap, unfortunatelly I know :)21:12
jakeyiphi tbarron!21:12
jakeyipI see there's a cvmfs csi too. that might be interesting to our HPC guys21:13
tbarronhi, sorry to interrupt21:13
strigaziunfortunatelly because we will need to change a bit. But we are keen to deploy when ready21:14
tbarronack21:15
strigazijakeyip: only limitation to these two is that they work with up to k8s 1.13.x21:15
strigazimanila-csi will implement csi 1.0, right tbarron ?21:16
tbarronstrigazi: up21:16
tbarronyes21:16
strigaziand cvmfs-csi will have to be adapted accordingly21:16
jakeyipI see. I was testing with 1.13.7 so it's ok.21:16
tbarroni've only tested with 1.15.0 but 1.13.0+ should be good21:17
jakeyipwhat are you running in prod strigazi tbarron ?21:17
strigaziwe do21:17
tbarronand as jakeyip and I discussed manila-csi requires a partner protocol plugin so for cephfs native that is21:17
strigazitbarron: any pointer to the manifests you used for manila-csi?21:18
tbarronthe ceph-csi plugin (just for node )21:18
tbarronto actually do the mounts21:18
tbarronand it needs nautilus21:18
tbarronstrigazi: I'll share them in this channel later, they are right now on a private file server21:18
tbarronstrigazi: i've been testing with the nfs gateway and nfs partner plugin for ceph b/c that's my employer's immediate interest21:19
strigazitbarron: ok, thanks. ping me if it is not trouble21:19
tbarronjakeyip: i'm not in production, am doing r&d as it were21:19
tbarronstrigazi: of course, will get them public and share21:20
tbarronstrigazi: not a secret, just a convenience atm21:20
jakeyipok. thanks for all your input!21:20
strigazitbarron: no problem, got it21:21
strigazijakeyip: Do you want to discuss anything else? Shall we wrap otherwise?21:25
jakeyipI am ok. just want to say thank you for the work on reviews recently. that and abandoning old reviews will make it easier for us to help out with reviewing21:26
flwangsorry, i'm late21:27
brtknro/ hey all21:27
jakeyipo/21:27
strigazio/21:27
flwangstrigazi: hey, i miss you21:27
strigazi:)21:28
flwangstrigazi: did you see my question in the os patching patch?21:28
strigaziin which one? os upgrade?21:29
flwangnow i'm stuck on the issue that i'm trying to create a temp service to do uncordon after upgrade/reboot, but after fedora atomic reboot, all the service files under /etc/systemd/system will be deleted21:29
flwangany idea?21:29
flwangi even tried to use ostree commit to commit current file system, but no help21:29
flwangos upgrade21:30
strigazinothing on top of my head, I'll have a look21:31
flwangstrigazi: thank you21:32
flwangstrigazi: and recently, i'm working the fedora atomic 2921:32
strigaziflwang:  You need two things for f2921:33
flwangi just found we have to enable the hwrng for nova21:33
strigazione is the patch I did with cni (for calico maybe not an issue)21:33
strigazithe other is what you said21:33
jakeyipah yes we have that too :)21:33
strigazihwrng21:33
strigaziwe have this in all our flavors now and all images21:33
flwangstrigazi: hwrng in nova.conf and nova flavors, and a property on the image21:34
jakeyipstrigazi: do you have any rate limits?21:34
strigazinot in nova.cin21:34
strigazinot in nova.conf21:34
strigazinot rate limits21:34
flwangstrigazi: you mean don't need it for nova.conf?21:34
strigazionly one property in the flavor and one in the image21:34
strigazinothings in nova.cinf21:34
jakeyipdon't think so, as strigazi say just flavor and images21:34
flwangstrigazi: ok, i will double check it again21:34
flwangjakeyip: are you saying you guys also didn't change the nova.conf, but just the flavor and image?21:35
strigaziyes21:35
jakeyipyeap it worked for us with flavor + image21:35
flwangstrigazi: nice, it's much nicer21:35
flwanggreat21:35
brtknrflwang: strigazi: perhaps we should add some nodes in the docs to inform users about the hwrng quirk21:35
strigaziflavor: properties                 | hw_rng:allowed='True'21:35
jakeyipwhat is the nova.conf option you added? I can check what's in our nova.conf21:36
brtknrs/nodes/notes21:36
strigaziimage  hw_rng_model='virtio',21:36
flwangrng_dev_path=/dev/hwrng21:36
jakeyipyeah we would like a table of k8s version + os version + magnum version21:36
flwangi wonder if there is a default value for that21:36
flwangjakeyip: i will start to work out a matrix for that21:37
flwangjakeyip: pls help contribute when reviewing it21:37
brtknrstrigazi: we did the same for our fa29 and it fixed the bootstrapping21:38
strigazihttps://review.opendev.org/#/c/616603/21:38
strigazinova team doesn21:38
strigazinova team doesn't bother it seems21:38
strigaziit is feature in kernels 4.19 or greater21:39
flwangstrigazi: thanks for sharing that link, we should push that in21:39
strigazithe kernel needs more entropy to generate random numbers required somewhere in cloud-init21:39
flwangstrigazi: btw, did you have a chance to try fc30?21:40
flwanggiven there is cloud-init in fc30, i think we may need a big change for our code?21:40
flwangthere is no21:40
jakeyipis fc30 work being tracked in a story ?21:41
brtknri tried to boot fc30 baremetal and did not get very far21:42
strigaziI have tried fedora core21:43
strigaziworks fine for vms21:43
flwangjakeyip: https://storyboard.openstack.org/#!/story/200620921:43
strigazineeds some work, not a drop in replacement21:43
flwangstrigazi: cool21:43
flwangstrigazi: pls use https://storyboard.openstack.org/#!/story/2006209 to track the status21:44
strigaziwhat storage class has to do with fedora core?21:44
*** henriqueof has quit IRC21:45
brtknrI think he means this issue: https://storyboard.openstack.org/#!/story/200634821:45
brtknrflwang: ^21:45
flwangstrigazi: sorry, yes, this one https://storyboard.openstack.org/#!/story/200634821:48
strigaziok21:48
flwangjakeyip: ^21:48
jakeyipyeah thanks flwang I saw that21:49
jakeyipstorageclass is interesting too I might need that too. any wip patches yet?21:49
*** danil has quit IRC21:50
strigazinot sure if StorageClass can be generic enough21:50
flwangstrigazi: my idea is having a special config as a post-install-script21:51
flwangso that each vendor can define their own yaml file21:51
flwangfor this case, just simple yaml to create the storageclass21:52
flwangwith kubectl apply -f21:52
flwangpost-install-yaml21:52
jakeyipwhere is this script going to be located?21:53
jakeyipmaster node?21:53
flwangwherever you want21:53
strigaziSo we are not talking about a patch for storageclass21:53
flwangit can be a link pointed to a file on swift21:53
flwangstrigazi: we're talking about https://storyboard.openstack.org/#!/story/200620921:53
flwangto have a out of box usable storage class21:54
strigaziyes, but the proposed design is to have the posthook do it, right?21:54
flwangyes, it's just an option21:54
flwangi'd like to get inputs from you guys which is the better way21:55
strigaziI'm not against it, fine for me21:55
jakeyipi kubectl from desktop using KUBECONFIG env var. writing a file to swift might work, but it seems clunky21:56
flwangjakeyip: another way we can do is, like the one we have done for the default k8s-keystone-auth policy file21:56
strigazigeneric url might be better21:56
flwangstrigazi: yep, i prefer a generic url as well21:57
strigazicould be s3, an http server21:57
flwangbrtknr: any comment?21:58
brtknrsorry i was just reading about how ignition works21:58
brtknrwe were thinking of adding a native support for manila21:59
strigaziAnything else to discuss guys? The time is alsmot up21:59
brtknris this too much bloat or would this be desirable21:59
brtknr?21:59
flwangstrigazi: i'm good, thank you for joining us22:00
strigaziignition + manila?22:00
brtknre.g. get magnum to configure manila as default storage class22:00
strigaziflwang: cheers22:00
brtknrsimilar to what you get with google cloud22:00
strigazibrtknr: it can't be generic, manila has types22:00
strigazieach cloud has different names22:01
strigazieg for "Meyrin Cephfs"22:01
brtknrstrigazi: so what if MANILA_SHARE_TYPE is defined?22:01
strigaziand "Geneva testing"22:01
jakeyipjust wondering, can we set up a default using labels passed in for magnum cluster?22:02
strigaziwe have two for all users and more on demand for special users22:02
jakeyipe.g. if cinder similar options are passed in for docker-volume-type.22:02
brtknrthere are already pieces for keystone authentication to generate share secrets22:03
flwangjakeyip: pass in what?22:03
strigaziWe could, eg https://gitlab.cern.ch/strigazi/csi-plugins/blob/master/manila-provisioner.yaml#L8222:03
brtknrnot the end of the world if this is a post-deployment step...22:03
strigazibut it has many params22:03
flwangjakeyip: there are too many attributes in a storage class yaml22:03
flwangstrigazi: +122:03
brtknryes exactly22:04
strigaziI need to leave you guys, shall I end the meeting?22:04
flwangstrigazi: let's end it22:04
strigazithanks flwang jakeyip brtknr22:04
flwangjakeyip: can you see the point? with labels, it's too complicated22:04
brtknrthank you!22:04
flwangjakeyip: that's why i propose to pass a file/url directly to make things easier22:04
brtknras far as i can see, the only parameter i can see is: type: "Meyrin CephFS"22:05
strigazi#endmeeting22:05
*** openstack changes topic to "OpenStack Containers Team"22:05
openstackMeeting ended Tue Aug  6 22:05:10 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)22:05
openstackMinutes:        http://eavesdrop.openstack.org/meetings/containers/2019/containers.2019-08-06-21.01.html22:05
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/containers/2019/containers.2019-08-06-21.01.txt22:05
openstackLog:            http://eavesdrop.openstack.org/meetings/containers/2019/containers.2019-08-06-21.01.log.html22:05
brtknrwe already have username and password22:05
brtknrfor authentication22:05
strigazizone and it can have kernel or ceph-fuse too22:06
strigaziwe can leave comments in the story, see you all22:06
brtknrok no worries22:06
brtknrbye bye22:06
jakeyipok22:06
jakeyipthe story at https://storyboard.openstack.org/#!/story/2006209 is for cinder?22:06
flwangactually, it  can be used for more22:07
jakeyipfor cinder what's needed are az and vol type?22:07
flwangif we go for it as a post-install-yaml file22:07
flwangand names, description22:07
flwangthere are many params you can define22:07
flwangand different cloud providers have different preferences22:08
jakeyipyeap22:08
brtknryes, i think it makes more sense to have post-install-yaml i guess22:08
brtknrsometimes, one can over complicate things22:08
jakeyipso to create this as a post-install-yaml where will the information be gather from?22:09
flwangyou can put everything in the yaml22:09
brtknrperhaps we ought to support a post install yaml that is tethered to a cluster template?22:10
jakeyipsorry, I mean where will the user provide things like protocol = CEPHFS and such22:10
brtknrso that when a cluster get provisioned, the template is applied automatically22:10
jakeyipas label in booting up cluster? in cluster template?22:10
jakeyipyes similar to what brtknr is saying22:11
brtknrjakeyip: in a kubernetes manifest22:11
brtknrjakeyip: answer to your question22:11
jakeyipso labels in cluster template -> k8s manifest ?22:12
jakeyipI think I probably need a play with this first...22:13
*** henriqueof has joined #openstack-containers22:43
*** rcernin has joined #openstack-containers23:26
« Monday, 2019-08-05 Index Wednesday, 2019-08-07 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!