Monday, 2020-03-09

« Sunday, 2020-03-08 Index Tuesday, 2020-03-10 »
*** vishalmanchanda has joined #openstack-containers00:00
*** threestrands has joined #openstack-containers00:12
*** xinliang13 has joined #openstack-containers01:48
*** sapd1 has joined #openstack-containers02:14
*** xinliang13 has quit IRC02:18
*** xinliang has joined #openstack-containers02:19
*** xinliang has quit IRC02:37
*** xinliang has joined #openstack-containers02:44
*** xinliang has quit IRC02:50
*** xinliang has joined #openstack-containers02:50
*** ramishra has joined #openstack-containers03:27
*** dave-mccowan has joined #openstack-containers03:42
*** ricolin has quit IRC03:43
*** ykarel|away is now known as ykarel04:24
*** ricolin has joined #openstack-containers04:27
*** dave-mccowan has quit IRC04:30
*** sapd1 has quit IRC05:18
*** sapd1 has joined #openstack-containers05:31
*** sapd1 has quit IRC05:58
*** sapd1 has joined #openstack-containers06:16
*** threestrands has quit IRC06:42
*** ricolin has quit IRC06:52
*** rcernin has quit IRC07:06
*** ykarel is now known as ykarel|lunch07:39
*** ricolin_ has joined #openstack-containers08:33
*** ykarel|lunch is now known as ykarel08:59
*** ricolin_ has quit IRC09:00
*** ricolin_ has joined #openstack-containers09:02
*** yolanda has quit IRC09:11
*** yolanda has joined #openstack-containers09:11
*** ricolin_ has quit IRC09:23
yankcrimebrtknr: ah, looks like i'm on 9.0.009:40
brtknryankcrime: 9.1.0 will also bring support for fcos but better if you install 9.2.0... we are almost about to release 9.3.0 if you wanna wait09:53
yankcrimebrtknr: looks like i need to build custom images since uca (and hence my kolla container images) are still on 9.0.009:58
yankcrimebeen a while since i've done this!09:58
brtknryankcrime: whats uca?10:00
yankcrimeubuntu cloud archive10:00
brtknryankcrime: aah10:08
brtknri think kolla has the latest train release on its dockerhub for magnum10:09
*** vishalmanchanda has quit IRC10:09
yankcrimethe ubuntu binary images for the train release are still on 9.0.0 because that's what's in uca10:10
yankcrimei've just pulled them and checked10:10
*** pcaruana has joined #openstack-containers10:10
brtknryankcrime: ouch10:13
brtknr9.0.0 was autoreleased before all the changes we wanted merged got merged10:14
brtknrhence it is quite buggy10:14
yankcrimefirst time i've tried it since upgrading10:14
yankcrimerolled out octavia over the weekend and wanted to start testing magnum again10:14
brtknryankcrime:there's octavia on sausage now? awesome!10:17
yankcrimeyup!10:17
brtknrbtw when is support for cinder volumes coming?10:17
yankcrimewhenever we can find enough customers to pay for the additional power!10:18
yankcrime"customers"10:18
brtknryou already have the disks?10:19
yankcrimenot yet but i think we can sort the hardware10:19
yankcrimeit's the power that's the problem10:19
brtknrwonder if you could use converged local storage on the hypervisors for the cinder volumes?10:19
yankcrimei've thought about that and it's a bad idea / pain in the butt for a number of reasons10:20
brtknryes something about it doesnt sound right10:21
brtknrbtw "Error: Unable to retrieve load balancers." on horizon10:22
brtknryankcrime:10:22
yankcrimeoh yeah you need a role adding, hang on10:23
yankcrimebrtknr: try now10:24
yankcrimeprob have to login again10:25
yankcrimebrtknr: any luck?10:39
brtknryankcrime: no longer getting errors10:48
brtknrwill wait for you to deploy new release of magnum before testing this with a k8s cluster10:49
*** ricolin_ has joined #openstack-containers11:13
*** ykarel is now known as ykarel|afk11:26
yankcrimebrtknr: done, magnum is now on 9.2.011:34
brtknryankcrime: neat!11:35
yankcrimewhether it works or not... ¯\_(ツ)_/¯11:35
brtknryankcrime: you might like to try github.com/stackhpc/magnum-terraform11:45
yankcrimebrtknr: nice!11:45
yankcrimehave you (or anyone) tried flatcar linux as a drop-in replacement for coreos btw?11:46
brtknryankcrime: no, sadly not12:03
brtknryankcrime: is Fedora CoreOS 31 20200118 from the stable branch?12:07
brtknrthere is a newer image btw12:07
yankcrimebrtknr: i don't remember uploading that12:13
brtknri just uploaded fedora-coreos-31.20200210.3.0-openstack.x86_64, feel free to make it public if you like but please dont rename :)12:14
*** ykarel|afk is now known as ykarel12:17
brtknryankcrime:12:20
brtknralso uploaded Fedora-AtomicHost-29-20191126.0.x86_6412:20
brtknrthe last FA image which is now EOL12:20
yankcrimebrtknr: nice, ta12:50
yankcrimejust did a quick test, cluster status 'create complete' but i get a cluster not found error when doing openstack coe cluster config12:51
yankcrimethink there's a missing cert somehow12:51
*** ricolin_ has quit IRC13:00
*** ricolin_ has joined #openstack-containers13:10
brtknryankcrime: hmm also have you run magnum-db-manage upgrade?13:31
yankcrimei would assume k-a ran that as part of the upgrade from stein to train13:31
yankcrimei don't know if it's been re-run since i went from 9.0.0 to 9.2.013:31
brtknryankcrime: i am getting this "Failed to pre-delete resources for cluster e31cbf49-5105-42c4-823c-d6282fc3b96e, error: Unrecognized schema in response body. (HTTP 403) (Request-ID: req-38b57f8e-6e35-46e6-b1b0-346b31d5072a)"13:31
*** ricolin_ has quit IRC13:33
brtknryankcrime: i have noticed in the past that k-a fails to run magnum-db-manage13:33
*** ykarel is now known as ykarel|afk13:33
yankcrimebrtknr: ok, give me a few mins to take a look and run it manually if necessary13:39
brtknrmagnum-db-manage upgrade is idempotent, running it again is fine but you cant go back unless you have a backup13:40
brtknrsorry if i am telling you something you already know13:40
brtknryankcrime:13:40
yankcrimebrtknr: the db was already at the right revision apparently13:44
brtknryankcrime: hmm not sure why the cluster is then refusing to delete13:45
yankcrimehmm, i deleted it ok as an admin13:48
*** sapd1 has quit IRC14:03
brtknryankcrime: {'default-master': 'Resource CREATE failed: OctaviaClientException: resources.etcd_lb.resources.loadbalancer: Policy does not allow this request to be performed. (HTTP 403) (Request-ID: req-8349a9c2-fc7b-4d77-89e5-2c346f4cb315)', 'default-worker': 'Resource CREATE failed: OctaviaClientException: resources.etcd_lb.resources.loadbalancer: Policy does not allow this request to be14:07
brtknrperformed. (HTTP 403) (Request-ID: req-8349a9c2-fc7b-4d77-89e5-2c346f4cb315)'}14:07
brtknri think the heat user needs the octavia roles too14:07
*** ykarel|afk is now known as ykarel14:07
yankcrimesurely heat should inherit the role of the user creating the stack14:09
yankcrimei think this might be related14:09
yankcrime2020-03-09 14:06:21.865 30 ERROR magnum.drivers.heat.k8s_fedora_template_def [req-13345c2f-5881-4f2e-9844-9c400d688fed - - - - -] Failed to load default keystone auth policy: FileNotFoundError: [Errno 2] No such file or directory: '/etc/magnum/keystone_auth_default_policy.json'14:09
yankcrimealso weird how i'm able to create a cluster ok...14:13
*** sapd1 has joined #openstack-containers14:17
brtknryankcrime: that is not a real error14:22
brtknrit should be a warning really14:22
yankcrimeok14:22
brtknryou can override the keystone auth policy for k8s by placing it in the file14:23
yankcrimebrtknr: could the tag you have set 'heat_container_agent_tag': 'ussuri-dev' cause a problem?14:44
brtknryankcrime: ussuri-dev is good, train-stable-2 is even better14:45
brtknryankcrime: i still am not able to create a cluser14:48
*** lpetrut has joined #openstack-containers14:49
yankcrimebrtknr: could it be because you don't have a fixed_network specified in the template you're using?14:53
brtknryankcrime: not sure what that has to do with this error:14:55
brtknr{'default-master': 'Resource CREATE failed: OctaviaClientException: resources.etcd_lb.resources.loadbalancer: Policy does not allow this request to be performed. (HTTP 403) (Request-ID: req-8349a9c2-fc7b-4d77-89e5-2c346f4cb315)', 'default-worker': 'Resource CREATE failed: OctaviaClientException: resources.etcd_lb.resources.loadbalancer: Policy does not allow this request to be performed. (HTTP14:55
brtknr403) (Request-ID: req-8349a9c2-fc7b-4d77-89e5-2c346f4cb315)'}14:55
yankcrimei wonder if it's because it's trying to create a loadbalancer with an interface in the wrong network14:55
brtknrwhat network should i use?14:55
*** ykarel is now known as ykarel|away15:05
brtknryankcrime: is heat user an admin?15:08
brtknryankcrime: i believe a user needs "heat_stack_owner" role15:11
yankcrimeit's whatever k-a sets up for heat15:11
yankcrimeas for which network, whatever network you have access to in the project you're using15:12
yankcrimeyou using that demo tenancy?15:12
brtknryeah15:13
*** sapd1 has quit IRC15:20
yankcrimeso in the template i created (i've been testing in the same project) i used 242916d4-4d37-4e3f-bddb-3166b7d6f1ef for the fixed-network and a4e680f9-98b0-461d-bd4f-3015e8b9461a for the subnet15:31
*** sapd1 has joined #openstack-containers15:37
brtknryankcrime: i cant delete the cluster i created again, something is weird about the roles assigned to my user16:02
brtknrwhat roles have i got assigned?16:02
yankcrimehmmm let me look16:03
yankcrimeweird how you can create but not delete16:03
yankcrimebrtknr: try again, penny just dropped when i remembered you're using that demo project16:05
*** lpetrut has quit IRC16:05
brtknr`ERROR: You are not authorized to use stacks:delete.`16:06
brtknryankcrime:16:06
yankcrimelolwut16:06
yankcrimeis that after logging out and back in again?16:07
yankcrimeyou need a new token scoped with the new roles16:07
yankcrimeor is this via the cli?16:07
brtknri believe i need heat_stack_owner permissing16:07
brtknrim using the cli16:07
yankcrimebrtknr: ok try again16:08
brtknrdelete in progress16:09
yankcrime\o/16:09
brtknryankcrime: Authorization failed: SSL exception connecting to https://compute.sausage.cloud:5000/v3/auth/tokens:16:54
brtknrSource [heat] Unavailable.16:54
yankcrimehmm i wonder if heat has died16:56
yankcrimetransient error? looks ok here16:57
brtknryankcrime: have you managed to create a cluster successfully yet?17:02
brtknrme, no17:03
yankcrimebrtknr: yeah earlier it completed successfully but i couldn't get the config info17:12
yankcrimeit still thinks it's creating your stack17:12
brtknrim trying again with atomic17:28
brtknryankcrime:17:29
yankcrimeaye ok, i suspect something didn't work in the vm that was provisioned17:39
*** sapd1 has quit IRC17:52
brtknryankcrime: btw you need to set cluster_user_trust=true18:20
yankcrimewhere does that go?18:21
yankcrimemagum's config?18:21
yankcrime*magnum18:21
brtknrinside /etc/magnum/magnum.conf under [trust]18:21
yankcrimeahh look at that, it's false by default with k-a18:23
yankcrimepls hold18:23
brtknrlooks like the podman cluster created okay but i see the calico pods failing for wahtever reason18:23
brtknryes cluster_user_trust is off by default in k-a due to a CVE18:24
brtknras the trust_id gives a user complete access to the cluster18:25
yankcrimebrtknr: ok, done18:32
*** pcaruana has quit IRC19:23
*** dave-mccowan has joined #openstack-containers20:12
*** trident has quit IRC20:57
*** trident has joined #openstack-containers20:58
*** trident has quit IRC21:04
*** trident has joined #openstack-containers21:05
*** rcernin has joined #openstack-containers21:36
*** zigo has quit IRC22:13
*** zigo has joined #openstack-containers22:18
« Sunday, 2020-03-08 Index Tuesday, 2020-03-10 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!