Wednesday, 2019-09-11

« Tuesday, 2019-09-10 Index Thursday, 2019-09-12 »
*** goldyfruit___ has joined #openstack-containers00:11
*** iokiwi has joined #openstack-containers00:58
iokiwiHey all, wondering if anyone can guide me on getting a devstack with magnum setup? I'm following the quick start here https://docs.openstack.org/magnum/latest/contributor/quickstart.html#exercising-the-services-using-devstack but during the setup neutron modifies the network interfaces and I lose access to my host01:01
iokiwihttp://paste.openstack.org/show/775013/01:01
iokiwiThe result I am trying to achieve is to stand up a devstack with a public ip address which a remote team can build magnum-ui against01:02
*** flwang has quit IRC01:44
openstackgerritFeilong Wang proposed openstack/magnum master: Test k8s CI  https://review.opendev.org/67758102:04
*** FlorianFa has quit IRC02:15
*** flwang has joined #openstack-containers02:22
*** FlorianFa has joined #openstack-containers02:35
*** ykarel|away has joined #openstack-containers03:08
*** PrinzElvis has quit IRC03:39
*** PrinzElvis has joined #openstack-containers03:45
*** udesale has joined #openstack-containers04:00
*** ykarel|away has quit IRC04:08
*** ianychoi_ has joined #openstack-containers04:24
*** ykarel|away has joined #openstack-containers04:25
*** ykarel|away is now known as ykarel04:25
*** ianychoi has quit IRC04:27
*** dave-mccowan has quit IRC04:29
*** pcaruana has joined #openstack-containers04:42
*** pcaruana has quit IRC05:12
*** rcernin has quit IRC05:22
openstackgerritJake Yip proposed openstack/magnum master: Return default quota from API  https://review.opendev.org/67378205:37
*** rcernin has joined #openstack-containers05:39
*** rcernin has quit IRC05:51
*** rcernin has joined #openstack-containers06:09
*** pcaruana has joined #openstack-containers06:21
*** ricolin has joined #openstack-containers06:38
*** ricolin has quit IRC06:39
*** lpetrut has joined #openstack-containers06:52
*** ykarel is now known as ykarel|lunch06:57
*** trident has quit IRC07:08
*** ivve has joined #openstack-containers07:09
*** trident has joined #openstack-containers07:17
*** trident has quit IRC07:22
brtknrsquarebracket: i believe those are passed to qemu by nova? I dont have a good understanding of that layer07:26
*** trident has joined #openstack-containers07:31
*** rcernin has quit IRC07:38
*** ykarel|lunch is now known as ykarel07:45
*** ykarel is now known as ykarel|meeting08:12
*** ykarel_ has joined #openstack-containers08:14
*** ykarel|meeting has quit IRC08:16
*** ykarel_ is now known as ykarel|meeting08:18
openstackgerritFeilong Wang proposed openstack/magnum master: [fedora-atomic][k8s] Support operating system upgrade  https://review.opendev.org/66959308:30
openstackgerritSpyros Trigazis proposed openstack/magnum master: k8s_fedora_atomic: Add PodSecurityPolicy  https://review.opendev.org/68101308:38
openstackgerritSpyros Trigazis proposed openstack/magnum master: k8s_fedora: Set rp_filter=1 for calico  https://review.opendev.org/68124408:38
*** flwang1 has joined #openstack-containers08:50
flwang1strigazi: let's have meeting in 10 mins?08:50
flwang1brtknr: ?08:50
openstackgerritTheodoros Tsioutsias proposed openstack/magnum master: [WIP] ng-6: Add new fields to nodegroup objects  https://review.opendev.org/66708809:00
openstackgerritTheodoros Tsioutsias proposed openstack/magnum master: [WIP] ng-7: Adapt parameter and output mappings  https://review.opendev.org/66708909:00
openstackgerritTheodoros Tsioutsias proposed openstack/magnum master: [WIP] ng-8: APIs for nodegroup CRUD operations  https://review.opendev.org/64779209:00
openstackgerritTheodoros Tsioutsias proposed openstack/magnum master: [WIP] ng-9: Driver for nodegroup operations  https://review.opendev.org/66709009:00
*** ttsiouts has joined #openstack-containers09:00
openstackgerritTheodoros Tsioutsias proposed openstack/python-magnumclient master: Add nodegroup CRUD commands  https://review.opendev.org/64779309:00
*** lpetrut has quit IRC09:04
openstackgerritFeilong Wang proposed openstack/magnum master: [fedora-atomic][k8s] Support operating system upgrade  https://review.opendev.org/66959309:06
*** ianychoi_ has quit IRC09:09
*** rcernin has joined #openstack-containers09:11
strigazihello09:12
flwang1hi09:13
strigazibrtknr: ping09:13
ttsioutshi!09:14
strigaziflwang1: psp and calico fix, looks good to you?09:15
strigaziflwang1: conformance passes.09:15
flwang1calico fix looks good for me09:19
flwang1psp looks good as well, but i'd like a manual test for psp09:19
strigazinothing chaned for calico. just a RoleBinding os that privilaged: true works.09:20
strigazinothing chaned for calico. just a RoleBinding so that privilaged: true works.09:21
flwang1strigazi: ok09:24
flwang1how do you think the fedora coreos work?09:24
strigazii don't think the software_config user data will work if we don't patch heat.09:25
strigaziIf I was an ignition developer I wouldn't add multipart mime support09:25
strigaziwe could patch heat so that it appends the creds to ignition09:26
flwang1strigazi: hmm... patch heat to do special changes only for ignition?09:28
flwang1i'm not sure if heat folks buy in that09:28
*** ykarel_ has joined #openstack-containers09:32
brtknrhello09:32
strigaziflwang1: why not? coreos is popular. rhel will support it09:32
brtknrsorry i didnt realise we confirmed 10am on wednesday09:32
*** ykarel|meeting has quit IRC09:34
strigaziflwang1: otherwise we need to do something else without heat SD09:34
flwang1strigazi: i see09:35
flwang1strigazi: we can try to propose change in heat to support ignition09:35
strigaziflwang1: I think the change is relatively small and it will be an opt-in option09:36
flwang1unless we get a fully stop sign from the heat team, i think it's worthy to try comparing the effort to rework all the stuff09:36
flwang1strigazi: let's do that then09:36
flwang1strigazi: do you have any idea where is the code we should start?09:38
strigazihttps://github.com/openstack/heat/blob/master/heat/engine/clients/os/nova.py#L32709:39
*** ykarel_ is now known as ykarel09:39
strigaziif user_data_format == 'IGN3_SOFTWARE_CONFIG':09:40
strigaziIGN3 = ignition verison 3.0.0.09:40
*** rcernin has quit IRC09:41
flwang1oh, that's simpler that i thought09:41
flwang1it's doable i think09:41
strigaziit just needs to put the file with the creds in the correcy place in the ignition json09:42
flwang1strigazi: yep, i understand now09:44
flwang1i will try to catch up with ricolin to get comments from him first, how do you think?09:45
strigazisounds good09:46
flwang1it's just another opt-in option, i can't see why heat team reject it09:47
flwang1especially given that ignition will be another boostrap way like cloud-init09:47
flwang1it even could be a benefit for heat09:48
strigaziI hope so09:51
flwang1strigazi: i still have a question before testing09:51
flwang1for example, i have the ignition file and assuming heat should be able to support injecting the credentials into the igntion file09:52
flwang1then how about the other software_deployment scripts?09:52
flwang1will they need to be injected into the ignition json file as well?09:53
flwang1otherwise, i think ignition can't read the format correctly without the multi part support09:53
strigazithe scripts for SD are like before09:53
strigazinothing to do with ignition09:54
strigazithey will be executed in a container09:54
strigazithe heat agent container09:54
strigaziflwang1: makes sense?09:54
flwang1so they won't be shipped in user-data when booting, but poll by the heat container agent later, right?09:55
strigaziye09:55
flwang1same as current fedora atomic way?09:55
strigazis09:55
strigaziyes09:55
flwang1ok, then good09:55
strigazibrtknr: flwang1 about NGs. Can you test the latest patchset?09:56
strigazieverything is there, client too09:56
flwang1strigazi: sure09:56
strigazibrtknr: flwang1 do you have any questions about it?09:57
flwang1btw, i had a quick glance about current patches, nothing big design change since those initial patches09:57
strigazittsiouts: ^^09:57
flwang1the only question is, how will it work with the resize09:57
flwang1user can only resize a ng?09:57
brtknrstrigazi: yes i can do, I've been battling with my devstack deployment yesterday, so hence the lack of feedback09:57
flwang1not overally worker  nodes, is it?09:58
strigaziflwang1: yes, user can resize an ng09:58
ttsioutsflwang1: yes only one NG at a time09:59
flwang1and all master nodes will be in one ng?09:59
flwang1strigazi: do you have a patch for the master resize?09:59
brtknrapologies again, im in the middle of our weekly standup09:59
strigaziflwang1: I was strongly against working in master resize now.09:59
flwang1interesting, why?10:00
strigaziit will tank developement again and we won't do anything10:00
strigazione step at a time10:00
flwang1so just resource issue10:00
flwang1not design issue, right?10:00
strigazithe current direction is a step to the correcy direction10:00
strigazidesign is done with maste resize in mind10:01
strigazimakes sense?10:01
flwang1ok, cool10:01
strigaziit is no difficult but I think we need to take all the great work done so far merged10:01
flwang1agree10:02
brtknri thought we were having a conversation about out-of-tree driver at one point?10:02
strigazibrtknr: no resources I would say10:03
flwang1brtknr: i'm not a big fan of that, but i can see its value10:03
strigazibut it can be done10:03
strigaziI am a fan, but someone needs to do it :)10:03
flwang1strigazi: btw, as for the coreos driver, i'd like to support boot from value from day 1, how do you think?10:03
strigazisure10:04
strigaziI'll be back in a bit. Are you guys staying?10:04
flwang1strigazi: and as for this patch https://review.opendev.org/#/c/621734/   did you see the scenario with image based?10:04
flwang1i will be off in next 10 mins10:04
flwang1it's 22:05 now10:05
flwang1 strigazi: and as for this patch https://review.opendev.org/#/c/621734/   did you test the scenario with image based?10:05
flwang1when i say image based, it means with label  boot_volume_size=010:05
flwang1it didn't work for me, i tested several times10:06
flwang1brtknr: it would be nice if you can help test this   https://review.opendev.org/#/c/621734/10:06
brtknrflwang1: i remember testing that patch, but i can see that I didnt leave a comment, will retest it10:06
flwang1i think it can improve the cluster create performance with boot from volume10:07
flwang1benefit from ceph's CoW10:07
brtknrhmm enabling boot_from_volume but setting  boot_volume_size=0 seems like a nasty trick10:08
brtknrwe ought to be able to identify this in the code10:08
flwang1brtknr: take a look the patch and feel free post your comments there ;)10:09
flwang1i have to go10:09
flwang1ttyl, folks10:09
brtknrtake care flwang110:09
*** ttsiouts has quit IRC10:23
*** ttsiouts has joined #openstack-containers10:23
*** ttsiouts has quit IRC10:28
*** ianychoi has joined #openstack-containers10:30
openstackgerritSpyros Trigazis proposed openstack/magnum master: k8s_fedora: Set rp_filter=1 for calico  https://review.opendev.org/68124410:36
brtknrstrigazi: I am only working for another 1hr today. I will do most of the testing tomorrow10:44
brtknrsadly the cluster is still coming as unhealthy10:44
brtknrtrying to work out why10:44
*** ianychoi has quit IRC10:45
brtknrstrigazi: any idea why the train-dev heat container agent is not pushed yet?10:45
*** ianychoi has joined #openstack-containers10:45
brtknrthe change got merged some time ago10:47
*** ttsiouts has joined #openstack-containers11:03
*** ttsiouts has quit IRC11:07
*** ttsiouts has joined #openstack-containers11:12
*** ykarel is now known as ykarel|afk11:20
*** udesale has quit IRC11:31
openstackgerritTheodoros Tsioutsias proposed openstack/magnum master: [WIP] ng-9: Driver for nodegroup operations  https://review.opendev.org/66709011:38
*** spsurya has joined #openstack-containers11:58
*** dave-mccowan has joined #openstack-containers12:05
*** lpetrut has joined #openstack-containers12:13
*** goldyfruit___ has quit IRC12:15
*** ykarel|afk is now known as ykarel12:38
*** jmlowe has quit IRC12:42
*** jmlowe has joined #openstack-containers12:59
*** jmlowe has joined #openstack-containers13:00
*** goldyfruit___ has joined #openstack-containers13:29
*** spiette has quit IRC13:36
*** spiette has joined #openstack-containers13:41
*** ricolin has joined #openstack-containers14:18
*** ttsiouts has quit IRC14:37
*** ykarel is now known as ykarel|away14:37
*** ttsiouts has joined #openstack-containers14:37
openstackgerritMerged openstack/magnum master: k8s_fedora: Set rp_filter=1 for calico  https://review.opendev.org/68124414:39
*** ttsiouts has quit IRC14:42
*** ykarel|away has quit IRC14:46
*** ykarel has joined #openstack-containers15:03
*** jmlowe has quit IRC15:04
*** ArchiFleKs has joined #openstack-containers15:06
*** jmlowe has joined #openstack-containers15:09
*** ivve has quit IRC15:29
*** ykarel is now known as ykarel|away15:51
*** jmlowe has quit IRC16:13
*** ricolin has quit IRC16:22
*** lpetrut has quit IRC16:40
*** ivve has joined #openstack-containers16:42
*** ykarel|away has quit IRC16:52
*** ykarel|away has joined #openstack-containers17:08
*** spsurya has quit IRC17:32
*** jmlowe has joined #openstack-containers17:36
*** ramishra has quit IRC18:00
*** ykarel|away has quit IRC18:00
*** ykarel|away has joined #openstack-containers18:00
*** ykarel|away has quit IRC18:28
*** hogepodge has left #openstack-containers18:50
colby_Hey Everyone. Is there a guide on how to upgrade kubernetes versions on running clusters. I see in Stein there is an upgrade procedure but we are currently on rocky. It would be nice to be able to easily update kube versions to address security issues.19:49
*** henriqueof has joined #openstack-containers19:51
*** flwang1 has quit IRC20:30
andreinhello everyone, I think my magnum deployed kubernetes cluster is failing because the following script isn't running. https://opendev.org/openstack/magnum/src/branch/stable/stein/magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh#L12 how can I debug this?20:36
*** ivve has quit IRC21:05
*** ivve has joined #openstack-containers21:05
*** rcernin has joined #openstack-containers21:15
goldyfruit___andrein, https://opendev.org/openstack/magnum/src/branch/master/magnum/drivers/common/templates/kubernetes/fragments/write-kube-os-config.sh21:27
goldyfruit___Seems to be fixed in master21:27
andreingoldyfruit___: thanks for looking into this, but I think the issue is that TRUST_ID is empty21:28
andreinjust added `cluster_user_trust=True` as described in https://ask.openstack.org/en/question/114339/magnum-enable-cloud-controller-manager/21:30
andreinand it looks like I have running pods now, as opposed to pending21:30
*** goldyfruit_ has joined #openstack-containers21:32
*** goldyfruit___ has quit IRC21:34
goldyfruit_andrein, cool21:37
andreinI understand why the setting is off by default, but is it possible to run a kubernetes cluster at all with the default setting?21:40
flwangcolby_: it's a new feature only supported in stein21:41
flwangcolby_: sorry, train21:41
andreinok, let me rephrase that: is it possible to run a kubernetes cluster at all with the default setting on stein?21:44
openstackgerritFeilong Wang proposed openstack/magnum master: [fedora-atomic][k8s] Support operating system upgrade  https://review.opendev.org/66959321:45
flwangandrein: why not?21:45
flwangandrein: we're using stable/stein on our prod21:46
andreinflwang: are you using the default cluster_user_trust=False in magnum.conf?21:47
colby_flwang: So to upgrade current clusters I have to SSH into them and use atomic pull and atomic container update to update kubernetes?21:47
flwangit should be True21:47
flwangcolby_: you can refer this https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/upgrade-kubernetes.sh21:48
goldyfruit_andrein, we are running stein in prod too21:48
goldyfruit_andrein, https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/magnum/templates/magnum.conf.j221:48
goldyfruit_This is the configuration we are using (deployed/configured by Kolla)21:49
goldyfruit_Then we are enabling enable_cluster_user_trust21:50
flwangandrein: unless you don't need the cinder as volume driver or the swift registry support21:50
andreinAh, I see21:51
*** henriqueof1 has joined #openstack-containers21:51
*** henriqueof has quit IRC21:52
colby_flwang: Thanks! So this wont be more automated until Train then?21:56
flwangunless you want cherry pick21:57
flwangas we did :)21:57
colby_ha yea...that gets problematic with updates :)21:58
andreinflwang this should be better documented either in the kolla or in the magnum docs. In the magnum docs the only reference to it is in the sample user config. Me and our colleagues have been chasing our tails for days until someone pointed this out to me.21:59
flwangandrein: the good reference is the doc from devstack I would say21:59
colby_adrein: I had the same problem. Took me a while to get that set to True and get things working22:00
flwangbut yes, we should document it well22:00
flwangwe can change the default value to True22:00
andreinwhat about the security aspects?22:00
andreinas I said before, I understand why the default is false, but I would expect to be able to deploy a cluster, but not be able to use PVs backed by cinder or swift registry. instead, my cluster was effectively broken with all nodes tainted because the cloud-controller couldn't launch and untaint them (I assume)22:05
flwangandrein: could you please file a story on the story board so that we can track the issue deeper?22:13
andreinI will do that first thing tomorrow morning.22:14
flwangandrein: thank you, i appreciate that22:17
flwangandrein: pls feel free post your question here22:18
andreinhttps://bugs.launchpad.net/kolla-ansible/+bug/1842449 there's this issue in the kolla-ansible launchpad22:18
openstackLaunchpad bug 1842449 in kolla-ansible "Magnum "enable_cluster_user_trust" documentation" [Undecided,New]22:18
flwangcool, thanks22:28
*** threestrands has joined #openstack-containers22:37
colby_whats the highest kubernetes version that works with rocky?22:37
andreinflwang: https://storyboard.openstack.org/#!/story/200653122:45
flwangcolby_: i think v1.13.x should work with rocky22:46
flwangbetter give it a try22:46
flwangandrein: thank you very much22:46
andreinnow I'm really going to sleep. If I can be of any assistance, please let me know.22:46
flwangandrein: cheers22:47
*** dtruong has quit IRC22:55
*** dtruong has joined #openstack-containers22:55
*** goldyfruit_ has quit IRC22:57
openstackgerritMerged openstack/magnum master: k8s_fedora_atomic: Add PodSecurityPolicy  https://review.opendev.org/68101323:12
« Tuesday, 2019-09-10 Index Thursday, 2019-09-12 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!