Tuesday, 2019-08-27

« Monday, 2019-08-26 Index Wednesday, 2019-08-28 »
*** jmlowe has quit IRC00:00
*** threestrands has joined #openstack-containers00:24
*** hongbin has joined #openstack-containers00:37
*** rcernin has quit IRC01:13
*** rcernin has joined #openstack-containers02:13
*** ramishra has joined #openstack-containers03:36
*** udesale has joined #openstack-containers04:06
*** hongbin has quit IRC04:13
*** dave-mccowan has quit IRC04:36
*** lpetrut has joined #openstack-containers06:02
*** trident has quit IRC07:00
*** trident has joined #openstack-containers07:10
*** ivve has joined #openstack-containers07:17
*** sapd1_x has joined #openstack-containers07:25
*** threestrands has quit IRC07:32
*** rcernin has quit IRC07:40
*** mgoddard has joined #openstack-containers07:54
*** _nwonknu has quit IRC09:41
*** sapd1_x has quit IRC09:59
*** nwonknu has joined #openstack-containers10:00
*** udesale has quit IRC11:02
*** dave-mccowan has joined #openstack-containers11:34
*** danil has joined #openstack-containers12:19
*** jmlowe has joined #openstack-containers13:04
*** yolanda has quit IRC13:06
*** yolanda__ has joined #openstack-containers13:06
*** KeithMnemonic has joined #openstack-containers13:14
*** udesale has joined #openstack-containers13:32
*** udesale has quit IRC14:32
*** spsurya has joined #openstack-containers14:35
*** lpetrut has quit IRC14:44
*** jmlowe has quit IRC15:13
*** jmlowe has joined #openstack-containers15:14
*** itlinux has quit IRC15:18
openstackgerritRicardo Rocha proposed openstack/magnum master: Drop deprecated APIs for kube v1.16 support  https://review.opendev.org/67889316:06
*** ivve has quit IRC16:22
*** ivve has joined #openstack-containers17:25
*** ivve has quit IRC17:26
*** ivve has joined #openstack-containers17:27
NobodyCamMorning Folks17:38
NobodyCamis there a way to force a minion node to re create networks17:38
NobodyCamI have one node that appears to not have setup correctly. I'm seeing:17:40
NobodyCamdial tcp 10.254.0.1:443: getsockopt: no route to host17:40
*** itlinux has joined #openstack-containers17:40
*** itlinux has quit IRC17:47
*** itlinux has joined #openstack-containers17:50
*** itlinux has quit IRC17:55
*** itlinux has joined #openstack-containers17:55
brtknrWhat version are you running NobodyCam?18:00
NobodyCamrocky..18:01
NobodyCamlooks like there is no kube-proxy.service on the minion18:01
brtknrYou can delete CoreDNS pod in Kube-system namespace18:01
brtknrCan you try that18:02
brtknrIt will get recreated and should start working again18:02
NobodyCamyep will do now18:02
NobodyCamdelete both?18:03
NobodyCam`kube-system   coredns-78df4bf8ff-cj9gq                                   1/1       Running             0          16h       192.168.54.66     os-ps-us-west-irvine02-tnvmbvbrlcks-minion-0    <none>18:04
NobodyCamkube-system   coredns-78df4bf8ff-kwcm8                                   1/1       Running             0          16h       192.168.54.69     os-ps-us-west-irvine02-tnvmbvbrlcks-minion-0    <none>`18:04
brtknrOh you don’t have it running... there’s your problem18:05
brtknrIt’s possible your nodes are tainted18:06
brtknrWhat version of k8s are you trying to run?18:06
brtknrRocky only supports up to 1.1118:06
NobodyCamthis is calico if that makes a difference.18:06
NobodyCamone minion out of 12 is having this issue18:07
brtknrSo it’s working with flannel?18:07
brtknrI don’t understand your answer? Out of 12?18:07
NobodyCamif I delete the calico pod will it get recreated18:07
NobodyCamoh sorry I meant to say that the other 11 minions are working okay!18:08
NobodyCamI am seeing that that minion does not have a kibe-proxy service18:12
NobodyCam*kube-proxy18:12
NobodyCamfyi: atomic install --storage ostree --system --system-package=no --name=kube-proxy docker.io/openstackmagnum/kubernetes-proxy:v1.11.918:21
NobodyCamgot it working18:21
*** jmlowe has quit IRC18:39
*** ramishra has quit IRC18:43
NobodyCamThank you brtknr I didn't describe the situation well at all18:58
NobodyCamnot sure why that one minion didn't get the kibe-proxy service18:59
NobodyCambut installing it did get things working18:59
mnaserjrosser: in your environment, does your control plane have the ability to talk to your VMs?19:19
mnaserjrosser: i.e. if magnum was running an ansible playbook against VMs, would magnum be able to reach said VMs?19:20
*** itlinux has quit IRC19:33
*** itlinux has joined #openstack-containers19:33
*** itlinux has quit IRC19:42
jrossermnaser: I can make that happen for http/s, yes19:51
jrosserOh ansible, hmm no not right now no19:52
*** jmlowe has joined #openstack-containers19:56
brtknrNobodyCam: strange! Glad u got it working!20:40
*** lpetrut has joined #openstack-containers20:50
*** lpetrut has quit IRC20:51
*** lpetrut has joined #openstack-containers20:51
*** lpetrut has quit IRC20:58
flwangstrigazi: around?21:01
strigazio/21:02
flwangNobodyCam: as for your kube-proxy issue, it'd better to debug why there is no kube-proxy21:03
flwang#startmeeting21:04
openstackflwang: Error: A meeting name is required, e.g., '#startmeeting Marketing Committee'21:04
flwang#startmeeting magnum21:04
openstackMeeting started Tue Aug 27 21:04:15 2019 UTC and is due to finish in 60 minutes.  The chair is flwang. Information about MeetBot at http://wiki.debian.org/MeetBot.21:04
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:04
*** openstack changes topic to " (Meeting topic: magnum)"21:04
openstackThe meeting name has been set to 'magnum'21:04
flwang#topic roll call21:04
*** openstack changes topic to "roll call (Meeting topic: magnum)"21:04
strigazio/21:04
flwangbrtknr: jakeyip:21:04
flwanganyone else online?21:04
flwangstrigazi: ok, let's start first21:05
flwang#topic flannel conformance21:05
*** openstack changes topic to "flannel conformance (Meeting topic: magnum)"21:05
flwangstrigazi: did you see my email?21:06
strigaziThe nic patch is definitely an issue for master branch21:06
strigaziafter that I get internal IPs21:06
flwangstrigazi: yes21:06
flwangok, cool21:06
strigaziI'm looking into sec groups now21:06
flwanghave you completed another sonobuoy testing?21:07
*** spsurya has quit IRC21:07
strigaziand the iptables patch we dropped21:07
strigaziI'm just checking one test groups of tests regarding DNS21:07
*** itlinux has joined #openstack-containers21:07
strigazisonobuoy run --e2e-focus "DNS"21:07
flwangstrigazi: ok, did you see my last comment on https://review.opendev.org/#/c/668163/?21:07
strigazithis covers the network usually21:07
strigaziwhen this passes the rest should work21:08
flwangat least based on my testing, the iptable patch doesn't help21:08
flwangstrigazi: so you also got 10 test cases failed, right?21:08
strigaziyes, do the same pass for calico?21:09
flwangyes21:09
strigazifor master branch?21:09
flwangyes21:09
strigaziso calico is the issue :)21:09
flwang:D21:09
flwanghttp://paste.openstack.org/show/763160/21:09
flwangcan you pls check if you got the same 10 cases?21:09
strigaziI haven't left one to  finish21:10
strigazibut the DNS one I have them21:10
strigazi*ones21:10
flwangok21:10
flwangyou mean this one [Fail] [sig-network] DNS [It] should provide DNS for the cluster  [Conformance]   ?21:11
strigaziyes21:11
strigaziand for services21:11
flwangright21:12
strigazianyway, tomorrow I guess I'll have it working.21:12
*** itlinux has quit IRC21:13
strigaziwhy is calico working? it is no affected by the NIC patch?21:13
flwangfantastic21:13
flwangstrigazi: it's also blocked by the nic21:13
strigaziso it doesn't work for master21:13
flwangwhen i said calico working, i mean the test i did about several weeks ago21:14
flwangat that moment, the nic patch hasn't merged yet21:14
strigaziok21:14
flwangstrigazi: this patch should be able to fix the regression issue https://review.opendev.org/67806721:15
flwangi will check with brtknr if it's ready for testing21:15
flwangstrigazi: shall we move to next topic?21:16
strigaziok21:16
flwang#topic fedora coreos 3021:16
*** openstack changes topic to "fedora coreos 30 (Meeting topic: magnum)"21:16
flwangyesterday, i have managed to get the ssh key, hostname and openstack-ca working for the new fedora coreos 30 image21:17
flwangtoday i will work on the heat-container-agent part21:17
strigaziok21:17
brtknro/21:18
flwangbtw, i can't remember how the cfn-init-data is written into the instance, can you pls remind me?21:18
flwangbrtknr: hey21:18
strigaziheat appends them in cloud-init user-data21:19
brtknrapologies, i was at the cinema21:19
flwangstrigazi: ah, i see. so we may have to inject it by ignition "manually"?21:19
strigaziin our case this gile will need to be crafted and injected as user data21:19
brtknrflwang: its ready for testing21:19
brtknrflwang: https://review.opendev.org/#/c/678067/ this patch21:20
flwangstrigazi: i see. i will try21:20
flwangbrtknr: thanks for the confirmation21:20
flwangi will update the fedora coreos 30 work with you guys later when there is any progress21:22
flwang#topic rolling upgrade21:22
*** openstack changes topic to "rolling upgrade (Meeting topic: magnum)"21:22
flwangso far the rolling upgrade patch for node operating system has passed my testing, https://review.opendev.org/669593  it would  be nice if you guys can start reviewing it21:23
brtknrflwang: I'll test it tomorrow21:23
flwangthe other thing i'd like to test is, if it can support migrating from fedora atomic 29 to fedora coreos 30, given they're all based on (rpm-) ostree21:24
flwangstrigazi: ^ any comments?21:24
strigaziflwang: I don't know if it is possible21:24
strigazimaybe it is21:25
*** ivve has quit IRC21:25
flwangstrigazi: anyway, we still need this upgrade to support user upgrade for fedora atomic21:25
brtknrflwang: I remember seeing on #fedora-coreos channel that they recommend users to rebuild instances instead of trying to upgrade21:25
flwangno matter is fedora atomic 27- >29 or small upgrade based on fedora atomic 2921:26
flwangbrtknr: i understand that, just thinking aloud, i know it's not a recommended way :)21:26
strigazirebuild is the best in all scenarios IMO21:26
flwangstrigazi: but for rebuild, we can't resolve the downtime issue now21:27
flwangunless we have a better way to orchestrate the upgrade progress21:27
strigazidepends in the pattern of usage21:27
flwangyes, i know21:28
strigaziif the pattern is cloudy, rebuild works21:28
flwangassume the cluster is created in a private network, mangum controll plane can't reach the cluster, then there is no good way to control the rebuild process21:28
strigazianyway, depending on flannl I'll test upgfdae21:29
flwangstrigazi: thank you21:29
flwangstrigazi: brtknr: anything else your want to discuss?21:31
brtknryes, i wanted to talk about whther you guys have kube_tag=v1.15.x working?21:32
brtknri see there are images but i can only get upto 1.14 working on master21:32
strigazibrtknr: for flannel we need to update the manifest and a pod security policy21:33
strigaziafter that it works21:33
brtknri see theres a patch for supporting 1.16 from Richardo21:33
strigazithis is for the apis21:33
brtknrwe need a better debug output for heat-container-agent... its currently incomprehensible21:34
strigazibrtknr: we need set +x before every source of heat-params21:35
strigaziand before when we write files to disk21:35
brtknri can see that heat-container-agent:stein-stable has a readable outout to debug log but since train, it is hard to see what is failing21:35
flwangbrtknr: it's related to the py3 support i think21:36
flwangit's a formating issue i would say21:37
flwangin other words, we still get the same output, but current format is bad21:37
brtknrflwang: okay i'll create a story for this as a reminder to investigate21:38
strigaziwe can use logging into a file?21:38
strigazibut journal is better IMO21:39
brtknrstrigazi: thats also a good idea... like /var/log/heat-container-agent-output.log?21:39
strigaziyeap21:39
strigazios-collect-config should have something21:39
brtknrif it is more readable that how it currently is, i'd like that.. but i also prefer journalctl21:40
flwangbefore we fix the formating issue, redirect to a file doesn't help, IMHO21:40
brtknri think the entire debug is getting written to the journal at once upon failure at the moment: https://github.com/openstack/magnum/blob/master/dockerfiles/heat-container-agent/scripts/55-heat-config#L15321:42
flwangbrtknr: yes21:42
brtknrit needs to be written atomically21:42
flwangin pretty format :)21:43
brtknri dont understand how it looked pretty before21:43
flwangstrigazi: did cern do any security review for magnum deployed k8s ?21:43
flwangbrtknr: basically convert \n to a real breakline21:44
strigaziflwang: only from the outside of the cluster. And it is fine21:45
strigaziwe have also used kube-hunter21:45
strigazishall we wrap?21:46
flwangstrigazi: cool21:46
strigazianything else to discuss?21:46
flwangi'm good21:46
brtknr1 last question about nodegroups21:46
flwangbrtknr: anything else?21:46
brtknrany progress?21:47
flwangbrtknr: i asked yesterday :D21:47
brtknror plans to?21:47
strigaziit is in good shape but the author had some family priorities :)21:47
strigazinext week he is back21:48
flwangok, let's wrap this one21:49
brtknrah yes I heard about the paternity :) please send him my congratulations!21:49
flwangthank you for joining, strigazi, brtknr21:49
flwang#endmeeting21:49
*** openstack changes topic to "OpenStack Containers Team"21:49
openstackMeeting ended Tue Aug 27 21:49:18 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)21:49
openstackMinutes:        http://eavesdrop.openstack.org/meetings/magnum/2019/magnum.2019-08-27-21.04.html21:49
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/magnum/2019/magnum.2019-08-27-21.04.txt21:49
openstackLog:            http://eavesdrop.openstack.org/meetings/magnum/2019/magnum.2019-08-27-21.04.log.html21:49
strigazibrtknr: I wiil21:49
flwangstrigazi: have a good night21:49
strigazisee you guys, thanks21:49
brtknrnice speaking to you both21:51
*** trident has quit IRC22:05
*** trident has joined #openstack-containers22:13
*** rcernin has joined #openstack-containers22:15
lxkongflwang, strigazi, I found some issues related to the nginx ingress controller, i'd like to get your feedback before i am actually doing the fix. https://storyboard.openstack.org/#!/story/200646223:25
« Monday, 2019-08-26 Index Wednesday, 2019-08-28 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!