Wednesday, 2014-12-10

« Tuesday, 2014-12-09 Index Thursday, 2014-12-11 »
*** shakamunyi has joined #openstack-dns00:02
*** shakamunyi has quit IRC00:03
*** ryanpetrello has quit IRC00:04
*** rjrjr has quit IRC00:27
*** vinod1 has quit IRC00:37
*** ryanpetrello has joined #openstack-dns00:42
*** nkinder has joined #openstack-dns00:43
*** rmoe has quit IRC00:56
*** mikedillion has quit IRC01:00
*** mikedillion has joined #openstack-dns01:01
*** rmoe has joined #openstack-dns01:09
*** mikedillion has quit IRC01:14
*** ryanpetrello has quit IRC01:26
*** shakamunyi has joined #openstack-dns01:53
*** betsy has joined #openstack-dns02:24
*** ryanpetrello has joined #openstack-dns02:48
*** ryanpetrello has quit IRC02:55
*** ryanpetrello has joined #openstack-dns03:10
*** ryanpetrello has quit IRC03:14
*** vinod1 has joined #openstack-dns03:17
*** richm has quit IRC03:34
*** GonZo2K has quit IRC04:50
*** nihilifer has joined #openstack-dns05:46
*** vinod1 has quit IRC06:54
*** k4n0 has joined #openstack-dns07:25
*** jordanP has joined #openstack-dns08:59
*** jordanP has quit IRC08:59
*** jordanP has joined #openstack-dns08:59
zigoDuring the Paris summit, I asked if the DNS team was happy to provide Icehouse support for the life of Jessie.10:52
zigoI was told that I should wait for a follow-up within weeks.10:52
zigoI'm still waiting ...10:52
zigoWithout a valid answer, I'll ask for Designate removal from Jessie.10:53
zigoekarlso-: ^10:53
zigoI also have this bug to deal with: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=76976510:55
zigoAny idea?10:55
uvirtbotDebian bug 769765 in designate-common "designate-common: fails to upgrade from 'sid': Could not load 'migrate': Invalid target type: None" [Serious,Open]10:55
zigoWhat's going on?10:55
zigoIt's looking like to me that's due to the database_connection vs connection directive name...10:59
zigoYup.11:00
zigoThat's it... :/11:00
zigoIt would have been nice to keep compat with the older directive.11:01
zigoNever mind, I'll fix it in the postinst...11:01
*** untriaged-bot has joined #openstack-dns11:02
untriaged-botUntriaged bugs so far:11:02
untriaged-bothttps://bugs.launchpad.net/designate/+bug/139035711:02
untriaged-bothttps://bugs.launchpad.net/designate/+bug/128944411:02
uvirtbotLaunchpad bug 1390357 in designate "Designate sync creates duplicated records in powerdns backend" [Medium,New]11:02
untriaged-bothttps://bugs.launchpad.net/designate/+bug/133825611:03
uvirtbotLaunchpad bug 1289444 in designate "Designate with postgres backend is having issues" [Undecided,New]11:03
*** untriaged-bot has quit IRC11:03
uvirtbotLaunchpad bug 1338256 in designate "There's no record validation in v2" [Undecided,New]11:03
mugsiezigo: what are nova / neutron / cinder etc doing for support? Our releases are managed by the release team, who will tag Icehouse as EOL in May11:27
mugsiehow are other openstack projects dealing with it? (or are they?)11:28
zigomugsie: A lot of organizations have agreed to provide security support for Icehouse for at least 3 years: Red Hat, Canonical, IBM, Mirantis, etc.11:28
zigomugsie: So if it doesn't happen upstream, it will happen on downstream distributions.11:29
zigomugsie: Though this doesn't include Designate, which is why I have a problem.11:29
mugsieright.... but how is debian getting the code for ^11:29
zigomugsie: I'm the coordinator for these security patches, so we will work together to get security patches done.11:29
zigomugsie: For Designate, if nobody is willing to do the security support for the lifetime of Jessie, then I have no choice but to ask for its removal...11:30
mugsieright, we have a team IRC meeting this evening - I will add it to the agenda11:30
mugsiewhat is jessies lifetime?11:30
zigomugsie: Release date plus roughly 3 years.11:30
zigoBut IMO, it's fine to support only before Stretch is released.11:31
zigoAnd tell that we wont support old-stable.11:31
mugsieok, cool. I will bring it up today11:31
zigomugsie: So, we're also talking about support for until april 2017.11:31
zigomugsie: I need an answer ASAP !11:32
mugsieour meeting is 5pm UTC11:32
zigoOk. I'll be in the plane then ! :)11:32
zigo(or on my way to...)11:32
zigoNot sure if they have internet on Emirates ! :)11:32
zigo(if they do, I'll pay for it... :P)11:33
mugsie:P11:34
Kiallzigo: thanks for reminding us re support life. will let you know after the meet today.11:37
zigoThanks.11:37
Kiallre bug 769765 - stevedore (the plugin lib) can make some errors really hard to diagnose as it hides the real error11:37
uvirtbotLaunchpad bug 769765 in request-tracker4 "Missing dependency for libapache-dbi-perl" [Undecided,Fix released] https://launchpad.net/bugs/76976511:38
KiallMy best guess is that the DB configuration settings are invalid (set to None / NULL)11:38
Kiallthats not the right bug # -_-11:38
Kialldebian bug 769765 ;)11:38
uvirtbotDebian bug 769765 in designate-common "designate-common: fails to upgrade from 'sid': Could not load 'migrate': Invalid target type: None" [Serious,Open] http://bugs.debian.org/76976511:38
KiallSo, it's installing 2014.2-2 - what is it upgrading from?11:39
Kiall(Also - I'm happy to be auto-CC'd on designate bugs in the designate src package, if that's somehow doable ;)11:39
Kiallsid looks like 2014.1-14 .. so 2014.1-14 -> 2014.2-211:42
mugsieKiall: between havana and icehouse we changed the config file entry for the db connection string11:42
mugsieand a lot of the other db config entries11:43
Kiallmugsie: that's what I'm thinking, we switched to oslo.db around then I *think* ..11:43
mugsieyup, we did11:43
mugsiezigo actually diagnosied it himself as well ;)11:44
mugsieif you scrollback ;)11:44
KiallOh, heh.. teach me not to read scrollback11:44
zigoYup. I did a nasty sed -i in my postinst...11:44
Kiallzigo: from memory there's a openstack-pkg-utils package, which if memory serves has equivalents of these INI methods : https://github.com/openstack-dev/devstack/blob/master/functions-common11:45
Kiallthose are very well tested at editing openstack files and would likely sort it.11:46
zigoI'm doing this: sed -i -e 's/^[ \t]*database_connection[ \t]*=/connection =/' /etc/designate/designate.conf11:46
zigoUgly, but works...11:46
zigoKiall: Oh, nice ! :)11:46
zigoThank you.11:47
Kiall(If those aren't a pre-depends of the OS packages, they should be :P)11:47
zigoKiall: Hum... This performs a lot less checkings than what I do on my ini parse function.11:47
zigoKiall: Nop, I don't do pre-depends at all in my packages.11:48
zigoThat's nasty to do so.11:48
zigoIt breaks the debconf workflow.11:48
KiallIf you have better ones, cool :) These are used as part of devstack and ran 100,000's of times day ;)11:48
Kiallreally? a pre-dep breaks debconf?11:48
KiallOh well, anyway :)11:48
zigoKiall: Yup, because the normal workflow is: 1/ download packages 2/ extract debconf templates 3/ prompt the user 4/ install packages11:49
zigoKiall: If you have a predepends, it does:11:49
zigo1/ download packages 2/ extract deconf for those who don't have pre-depends 3/ prompt the users for those who don't have pre-dpeends 4/ install the pre-depends 5/ prompt again 5/ install the rest11:50
KiallWell, a standard depends would work too I guess, download, prompt, install files (including the functions), run post-inst11:50
zigoKiall: I'd like to answer the questions and go take a coffee...11:50
zigo:)11:50
zigo(so no pre-depends...)11:50
Kiall:)11:50
KiallAnyway - re backward compat, olso.db hardcoded the possible sections/names for backwords compat.. and they didn't line up with our old names :'(11:52
Kiallhttps://github.com/openstack/oslo.db/blob/master/oslo/db/options.py#L32-4111:53
zigoKiall: Yup, but the way to go was to *deprecate* the old one, not to just remove it.11:54
zigoNever mind, it's fixed in my package, so that's ok now.11:54
KiallYep, the cfg.DeprecatedOpt bits in the highlight are how that's done - and there hardcoded11:55
*** GonZo2K has joined #openstack-dns12:12
*** GonZo2K has quit IRC12:17
*** ryanpetrello has joined #openstack-dns12:36
ekarlso-ello guys ^12:38
Kiallheya12:54
*** mwagner_lap has quit IRC13:10
*** richm has joined #openstack-dns13:34
openstackgerritMerged openstack/designate: rename oslo.concurrency to oslo_concurrency  https://review.openstack.org/13978113:55
*** mwagner_lap has joined #openstack-dns13:56
openstackgerritMerged openstack/designate: Switch to oslo.context and sync from incubator  https://review.openstack.org/14046013:58
*** vinod1 has joined #openstack-dns14:12
*** nkinder has quit IRC14:13
*** GonZo2K has joined #openstack-dns14:17
*** GonZo2K has quit IRC14:19
*** ryanpetrello_ has joined #openstack-dns14:31
*** ryanpetrello has quit IRC14:31
*** ryanpetrello_ is now known as ryanpetrello14:31
*** vinod1 has quit IRC14:33
*** nihilifer has quit IRC14:58
*** nkinder has joined #openstack-dns15:00
openstackgerritBetsy Luzader proposed openstack/designate:   Pool_Attribute API  https://review.openstack.org/13354915:20
openstackgerritBetsy Luzader proposed openstack/designate:   Migrate Server table  https://review.openstack.org/13644015:20
*** betsy has quit IRC15:20
*** timsim has joined #openstack-dns15:25
KiallI'm on like attempt #12 at this point to be able to support the per-pool server backend sections, while still allowing non pools service code (like the CLI etc) to use it while making sure it will be usable with config generation .. So frustrating -_-15:27
*** jmcbride has joined #openstack-dns15:34
*** vinod1 has joined #openstack-dns15:36
vinod1mugsie:/kiall: before I approved, just wanted to check if the Horizon change is ready to be merged - https://review.openstack.org/#/c/137480/15:46
mugsievinod1: yup15:57
mugsieit is a copy of the exact code we have on an internal repo15:57
*** rmoe has quit IRC15:58
vinod1ok - approved16:01
mugsievinod1: ty16:01
*** jmcbride1 has joined #openstack-dns16:02
*** jmcbride2 has joined #openstack-dns16:04
*** jmcbride1 has quit IRC16:04
*** jmcbride1 has joined #openstack-dns16:05
*** jmcbride2 has quit IRC16:05
*** jmcbride1 has joined #openstack-dns16:05
*** betsy has joined #openstack-dns16:05
*** jmcbride has quit IRC16:05
openstackgerritMerged openstack/designate: Added designate-dashboard code to contrib/designate-dashboard  https://review.openstack.org/13748016:17
*** ryanpetrello has quit IRC16:27
*** rjrjr has joined #openstack-dns16:27
*** ryanpetrello has joined #openstack-dns16:28
*** mikedillion has joined #openstack-dns16:29
*** baker_ has joined #openstack-dns16:29
*** sushma has joined #openstack-dns16:31
*** jmcbride1 has quit IRC16:32
*** baker__ has joined #openstack-dns16:33
*** baker_ has quit IRC16:33
*** jmcbride has joined #openstack-dns16:34
*** paul_glass has joined #openstack-dns16:44
*** mikedillion has quit IRC16:44
*** shakamunyi has quit IRC16:45
*** simonmcc has quit IRC16:45
*** serverascode___ has quit IRC16:47
*** paul_glass has quit IRC16:50
*** paul_glass has joined #openstack-dns16:51
*** nihilifer has joined #openstack-dns16:51
*** DNS`jbratton is now known as jbratton17:00
*** untriaged-bot has joined #openstack-dns17:02
untriaged-botUntriaged bugs so far:17:02
untriaged-bothttps://bugs.launchpad.net/designate/+bug/139035717:02
untriaged-bothttps://bugs.launchpad.net/designate/+bug/128944417:02
uvirtbotLaunchpad bug 1390357 in designate "Designate sync creates duplicated records in powerdns backend" [Medium,New]17:02
untriaged-bothttps://bugs.launchpad.net/designate/+bug/133825617:03
uvirtbotLaunchpad bug 1289444 in designate "Designate with postgres backend is having issues" [Undecided,New]17:03
uvirtbotLaunchpad bug 1338256 in designate "There's no record validation in v2" [Undecided,New]17:03
*** untriaged-bot has quit IRC17:03
*** rmoe has joined #openstack-dns17:07
*** baker__ has quit IRC17:08
*** k4n0 has quit IRC17:12
*** shakamunyi has joined #openstack-dns17:52
*** simonmcc has joined #openstack-dns17:54
*** shakamunyi has quit IRC17:55
rjrjrso, config issue is priority 1 once kiall has a writeup, correct?18:00
mugsierjrjr: I would guess yes18:00
rjrjrwhat did i commit to regarding bugs?  which bugs do i file?18:00
Kiallrjrjr: I've got a plan in my head to fix all but the structure pieces18:01
Kiall(I've made 3 or 4 failed attempts to fix those parts today, but confident this last attempt will work ;))18:01
rjrjrkiall: cool.  i'd still like to give this some thought, but i'm sure your solution is going to be fine.18:02
*** serverascode___ has joined #openstack-dns18:02
rjrjrwhat did i commit to with regards to bugs?18:02
KiallYea, I think the biggest unknown is around the "Pool Has Servers" -> "Pool has Servers (which you poll), and Targets (which you write to)18:02
Kiallrjrjr: you fixed a bunch of bugs in your latest PS, filing them (even Subject only bugs are fine) - Just so we can see what fixes land and what are outstanding etc on the K1 boards18:03
rjrjrgotcha.18:04
rjrjrso, has anyone done extensive testing with the pool manager service yet?  or are we waiting for pdns first?18:04
Kiall(and other others you know of)18:04
Kiallrjrjr: I've tested the service with bind9 a good bit, my biggest issue is we need better logging in it ;)18:05
rjrjri'll file a bug for that. 8^)18:05
rjrjri'm concerned about the rapid firing of changes (updating a record then deleting that record before it has been updated, adding a record then updating it before it is added, etc.)18:06
KiallYea, it's hard to trace what's its doing from INFO level or above logs alone, and debug is so noisy due to oslo.messaging and other debug logs18:06
*** shakamunyi has joined #openstack-dns18:06
rjrjri'll add that to my list right after unit testing of pool manager is done.18:06
rjrjrand i want to help fix the config issue too, so let's put that in the mix.18:07
KiallRapid fire (from an API point of view) is passing - since your latest PS is reliably passing the rally gate :)18:07
KiallThe open Q  is - what state is the DNS server in at the end of the run?18:07
rjrjrdoes it provide a mix of adds, deletes, updates on the same records though?18:07
KiallYea I believe so, borris-19 (I think 19 is right!) or ekarlso- has a better idea of the exact set of actions it takes18:08
KiallI get a tad confused18:08
Kiallbrb18:08
rjrjrnp18:08
*** sushma has quit IRC18:09
rjrjri'll keep working on unit testing until you have the config changes you want written up.18:09
vinod1I agree to the comment about logging18:09
vinod1I tested with bind9 - there are some issues around status updates - it is set to SUCCESS before poll_for_serial_number18:10
vinod1brb18:10
rjrjrvinod1: did you file a bug or leave a comment somewhere?18:10
rjrjri'm committed to getting the bugs fixed as quickly as possible.  i want this service to work for us.18:11
Kiallback18:14
KiallI haven't noticed an "early status change" - but haven't specifically been looking for i18:15
Kiallt18:15
*** jordanP has quit IRC18:17
*** paul_glass has quit IRC18:26
vinod1rjrjr: I haven't filed a bug or a comment yet18:30
vinod1If you look at http://logs.openstack.org/06/138406/5/check/gate-designate-dsvm-bind9/a120610/logs/screen-designate-pool-manager.txt.gz18:31
vinod1http://logs.openstack.org/06/138406/5/check/gate-designate-dsvm-bind9/a120610/logs/screen-designate-pool-manager.txt.gz18:31
vinod1http://logs.openstack.org/06/138406/5/check/gate-designate-dsvm-bind9/a120610/logs/screen-designate-pool-manager.txt.gz#_2014-12-10_17_00_08_738 25339 INFO designate.central.rpcapi [req-2a75f0ec-622c-4b44-b80b-87d9400312bc 4ecb94d407a945f0b794a6885c371065 cb02776fedad462894f28fac72b0bb1a - - -] update_status: Calling central's update_status.18:31
vinod1http://logs.openstack.org/06/138406/5/check/gate-designate-dsvm-bind9/a120610/logs/screen-designate-pool-manager.txt.gz#_2014-12-10_17_00_08_777 25339 INFO designate.mdns.rpcapi [req-2a75f0ec-622c-4b44-b80b-87d9400312bc 4ecb94d407a945f0b794a6885c371065 cb02776fedad462894f28fac72b0bb1a - - -] poll_for_serial_number: Calling mdns for zone 'exercise-ab74467e.com.', serial '1418230808' to server '127.0.0.1:5322'18:31
vinod1central's update_status is called before poll_for_serial_number. The domain status is set to ACTIVE before we hear back from the pool servers18:32
rjrjrvinod1: i'll go through that information shortly.18:33
rjrjrkiall: i think the way we have the powerdns database creation implemented is incorrect18:33
rjrjrto me, it feels like we are managing the powerdns when we are going with "unmanaged"18:34
rjrjri think the powerdns database creation should be part of the backend plugin, not a separate piece of the manage CLI.  the backend plugin should register itself with the manage CLI.18:35
rjrjrmy thoughts  on this, another customer comes along with yet another backend that needs a database created as well.  does that customer create the backend plugin *and* change the manage CLI for this?  or should they be able to create the backend plugin which encapsulates the creation of the database as well?18:36
rjrjrif we isolate all this to the backend plugin, the problem of creating multiple databases or a single database can be handle completely by the plugin.18:38
rjrjrto me, creating the powerdns database is no different than creating the BIND9 configuration file.  it is work that needs to be done once for the backend to work.  it just happens that one is doing that work in the database and the other is doing that work in files.18:39
rjrjrit just feels to me like we are treating powerdns different than other backend servers.  let's have the backend driver encapsulate all the pieces needed for that backend, including the database creation.  we can code it such that the manage CLI has an option to create the database if the backend driver has that need.18:42
rjrjrso, in addition to 'create_domain' and 'delete_domain' we also need a 'initialize_database' and 'sync_database' method in the backend drivers.  for those drivers that don't need them, we have some way of identifying that and the managed CLI doesn't get any options.  (maybe a decorator?)18:45
rjrjror an interface that when extended tells the manage CLI that the backend has database initialization/synchronization considerations.18:53
rjrjrkiall: thoughts?18:57
*** paul_glass has joined #openstack-dns19:17
*** shakamunyi has quit IRC19:33
*** shakamunyi has joined #openstack-dns19:34
openstackgerritTim Simmons proposed openstack/designate: Agent - Basic Service  https://review.openstack.org/14081519:38
openstackgerritTim Simmons proposed openstack/designate: Agent - Add basic NOTIFY support  https://review.openstack.org/14081619:38
openstackgerritTim Simmons proposed openstack/designate: Agent - Add AXFR Capability  https://review.openstack.org/14081719:38
openstackgerritTim Simmons proposed openstack/designate: Agent - Add Support for Receiving Unassigned OPCODEs  https://review.openstack.org/14081819:39
openstackgerritTim Simmons proposed openstack/designate: Agent - Add Backend Capabilities  https://review.openstack.org/14081919:39
* timsim runs19:39
*** ryanpetrello has quit IRC20:11
*** ryanpetrello_ has joined #openstack-dns20:11
*** ryanpetrello_ is now known as ryanpetrello20:12
*** shakamunyi has quit IRC20:53
*** harmw has quit IRC20:54
*** shakamunyi has joined #openstack-dns20:56
*** nihilifer has quit IRC20:58
*** mwagner_lap has quit IRC21:00
ekarlso-timsim: what's the use of having AXFR's on the agent itself ?21:05
*** jmcbride1 has joined #openstack-dns21:06
*** jmcbride has quit IRC21:07
*** jmcbride1 has quit IRC21:07
*** jmcbride has joined #openstack-dns21:07
*** nihilifer has joined #openstack-dns21:11
*** harmw has joined #openstack-dns21:14
*** harmw has quit IRC21:19
*** GonZo2K has joined #openstack-dns21:34
rjrjrKiall: you around?21:36
*** betsy has quit IRC21:56
ekarlso-vinod1: https://review.openstack.org/#/c/140347/ care to +2 ?22:00
ekarlso-meh, missing a +222:00
*** jmcbride has quit IRC22:01
timsimekarlso-: The agent has to get that zone data down from the Designate Database (via MiniDNS) to apply it to whatever backend you want. The idea being that it may not be in a place where you want to be having a full-fledged connection to the database.22:04
*** ryanpetrello has quit IRC22:04
*** shakamunyi has quit IRC22:08
*** jmcbride has joined #openstack-dns22:09
*** serverascode___ has quit IRC22:09
*** shakamunyi has joined #openstack-dns22:10
*** zigo has quit IRC22:11
*** serverascode___ has joined #openstack-dns22:11
*** zigo has joined #openstack-dns22:12
*** harmw has joined #openstack-dns22:13
*** paul_glass has quit IRC22:23
openstackgerritEndre Karlson proposed openstack/designate: Support secondary zones  https://review.openstack.org/13368222:23
*** thetrav has joined #openstack-dns22:27
*** jmcbride has quit IRC22:33
vinod1ekarlso-: Will look at it shortly22:39
KiallCVE-2014-7821 - Neutron DoS through invalid DNS configuration - http://lists.openstack.org/pipermail/openstack-announce/2014-December/thread.html22:41
uvirtbotKiall: OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821)22:41
KiallStill trying to grok it to understand if our regexes for DNS names are affected too...22:42
KiallNeutron regex: https://www.debuggex.com/r/I2C62HFic_8gLohF22:43
KiallDesignate refex: https://www.debuggex.com/r/Ts10v5DQV6j4IYRN22:43
Kiallregex*22:43
*** jmcbride has joined #openstack-dns22:45
Kiall(I know the Neutron CVE / Venrelability is DNS related, it's not DNS related for us.. More that our regexes validate the same thing, and could be subject the same same failure)22:46
rjrjrKiall: up for a chat about configuration?22:46
Kiallheya - Only popped back online after noticing the CVE, have been on a call since I got home earlier :( Can we sync up tomorrow, early US / afternoon IE?22:49
rjrjrsure.  i put my thoughts in the chat above, but if you'd like it in another form (spec maybe) just let me know.22:49
KiallAh, havent read scrollback yet.. Still comparing regexes ;)22:50
rjrjri'll be on early morning US to chat about it.22:51
KiallStruggeling to identify the vunl here :(22:51
KiallNeutron before fix: https://www.debuggex.com/r/_Bl-gT-0aUfgFw1z22:51
KiallNeutron after fix: https://www.debuggex.com/r/Izo1D5uidCCMgUxy22:51
KiallDesignate: https://www.debuggex.com/r/H2yks1iGy5jgMyxp22:51
KiallAh.. The test case says it all.22:53
KiallTest case was validating "111111111111111111111111111111111111111111111111111111111111" as a DNS name22:53
KiallIt's just KILLED my browser in neutron-before, and works fine in neutron after and designate22:54
timsimSeems like we're alright then?22:54
KiallYep, seems so22:54
KiallAlso.. Neutron broke there regex as part of the fix..22:55
timsimNice. Hooray for regex wizardry.22:55
timsimoops.22:55
Kiallchanged {1,63) to {1,62} - so valid labels of 63 chars will now be rejected by Neutron.. boo ;)22:55
KiallActually, length change was intentonal.. but the fix is s.. omewhat weird23:03
*** timsim has quit IRC23:06
*** jmcbride has quit IRC23:15
*** vinod1 has quit IRC23:23
*** ryanpetrello has joined #openstack-dns23:29
*** ryanpetrello has quit IRC23:50
« Tuesday, 2014-12-09 Index Thursday, 2014-12-11 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!