Wednesday, 2017-01-04

« Tuesday, 2017-01-03 Index Thursday, 2017-01-05 »
*** kgaillot has quit IRC01:01
*** hfu has joined #openstack-ha01:27
*** openstackgerrit has joined #openstack-ha02:05
openstackgerritAdam Spiers proposed openstack/openstack-resource-agents-specs: add compute node monitoring spec  https://review.openstack.org/40665902:05
*** g3ek has quit IRC05:33
*** g3ek has joined #openstack-ha05:42
*** pcaruana has joined #openstack-ha06:51
*** nkrinner_afk has quit IRC06:59
*** nkrinner has joined #openstack-ha06:59
*** mjura has joined #openstack-ha07:12
*** rmart04 has joined #openstack-ha08:21
*** hfu has quit IRC08:29
*** hfu has joined #openstack-ha08:35
aspiershi09:00
aspiers-> #openstack-meeting-alt09:00
aspiersOK, everyone else still on vacation I guess09:26
ddejaoh, wait09:26
ddejaaspiers: it is Wednesday today09:27
ddejashieeet09:27
aspiers:)09:27
* ddeja is confused all week long09:27
ddejaand there is holiday on Friday in Poland, to confuse me more09:27
ddejaaspiers: I saw your comment about message context09:28
ddejawe can talk about it if you want09:28
ddejaso, basically you are right09:29
ddejawhat you've copied from fence_evacuate is all what matters from the user perspective09:29
aspiersok09:30
ddejabut since we were talking about HTTP message, I thought that other things, like keystone context, also matters09:30
aspiersyeah, when I thought about that I realised that the HTTP message should be verifiable09:30
aspiersit should not be possible to spoof failure messages09:31
aspiersotherwise we rely on the security of the L2 segment09:31
ddejayes09:31
aspiersor maybe we already do?09:31
aspierscan anyone send messages to Rabbit? presumably not09:31
ddejabut, hm09:31
ddejait depends on about which approach we are talking right now09:32
ddejain using just fence agents, we rely on security provided by pacemaker09:32
ddejathat noone would send 'false alarm'09:32
ddejaon others (Masakari/Mistral), hmm, it just if user can send given HTTP message09:33
*** ushkalim has joined #openstack-ha09:33
* ddeja is not sure if Masakari also uses HTTP message to start an recovery09:33
aspiershmm09:34
ddejaIn case of mistral, we rely on security provided by keystone09:34
*** hfu has quit IRC09:37
*** hfu has joined #openstack-ha09:40
*** hfu has quit IRC09:47
aspiersddeja: a fence agent could still use keystone credentials09:55
aspiersand I think it should...09:56
ddejaaspiers: but for which part it should use keystone?10:06
aspiersfor sending the message10:06
aspiersso that the receiver can authenticate it10:07
ddejaumm, I don't think it is needed10:07
ddejaoh10:07
ddejawell, as long as we use some pythonclient related to any openstack project it works this way, right?10:07
aspiersI guess10:09
ddejayes, I've just checked with my teammate10:09
ddejaclient asks keystone for token, then sends the token with request to given service10:09
aspiersthat sounds right10:10
ddejaand then service checks with keystone if token is valid before it proceeds the requests10:10
ddejaso, with mistralclient we are all set10:10
ddejanot sure how it works with masakari thou10:10
aspiersI imagine it would be the same. If not I guess there is a clear benefit from switching to that method10:22
aspiersbut I wonder how long the token would be valid for10:22
ddejaby default token is valid for 1 hour10:23
aspiersok10:25
ddejaif I remember correctly10:25
ddejabut it can be set in keystone conf, and also per user/token (I'm not sure for which one)10:26
*** asettle has joined #openstack-ha10:27
aspiersright10:29
aspiershey asettle :)10:30
asettleMorning yo :)10:30
asettleSorry for giving you some bugs there aspiers but my HA knowledge is peanuts10:32
aspiershaha no probs :)10:32
aspiersasettle: will you be in Atlanta?10:32
aspiersI am coming and we could probably make a lot of progress on the HA guide there10:32
asettleI think I will be :) we should plan a session.10:32
aspiersgreat10:32
asettle(At least, the grand plan is for me to be there)10:32
asettleDo the HA team *do* sessions?10:33
aspiersno, they didn't let us10:34
aspierssince we're not an official team10:34
asettleHow rude :P10:35
ddejaaspiers: but I guess there would be some time to talk, at least on first 2 days10:37
aspiersddeja: are you coming? I thought you weren't10:38
ddejaaspiers: that's complicated10:39
aspiersoh :)10:39
ddejaremember Barcelona?10:39
ddejait will be same story10:39
aspiersvaguely. ok :/10:40
ddejanot knowing if I'll go or not for a long time ;/10:40
*** furlongm has quit IRC10:41
*** furlongm_ has joined #openstack-ha10:41
*** ushkalim has quit IRC11:33
*** furlongm_ has quit IRC11:41
*** furlongm has joined #openstack-ha11:43
asettleddeja: that's kind of what happens with us too. We more or less find out a few weeks beforehand and then it's all "pack your bags, off you pop"11:46
*** ushkalim has joined #openstack-ha11:47
*** hfu has joined #openstack-ha11:49
aspiers:/11:50
*** hfu has quit IRC11:50
asettleHeh, yep.11:50
asettleI've spoiled a lot of groceries as a result.11:51
aspiersannoying11:51
aspiersBTW if anyone's here who is interested in neutron L3 HA, please see the latest comments on https://bugs.launchpad.net/neutron/+bug/137562511:52
openstackLaunchpad bug 1375625 in neutron "Problem in l3-agent tenant-network interface would cause split-brain in HA router" [High,In progress]11:52
asettleQuite.11:52
aspiersasettle: you'll be pleased to note I'm trying to be diligent about the docs, e.g. 2nd para of https://bugs.launchpad.net/neutron/+bug/1375625/comments/34 :-)11:52
asettleHahaha naw, I'm a wee bit proud11:52
aspiers:)11:53
asettleI will get you one of the free alcoholic (or non-alcoholic) beverages at the summit11:53
asettleI'm generous like that.11:53
aspiersthis bug is marked as In Progress with High importance, but Assaf seems to think it's a WONTFIX, so there is some disconnect here11:53
aspiersdeal!11:53
aspiersbiab11:53
asettleUgh there's so much reading.11:54
asettle:p11:54
*** ushkalim has quit IRC12:01
*** ushkalim has joined #openstack-ha12:13
*** catintheroof has joined #openstack-ha12:14
*** openstackgerrit has quit IRC12:33
*** rmart04_ has joined #openstack-ha13:05
*** rmart04 has quit IRC13:06
*** rmart04_ is now known as rmart0413:06
*** rmart04_ has joined #openstack-ha13:14
*** rmart04 has quit IRC13:15
*** rmart04_ is now known as rmart0413:15
*** aasmith has joined #openstack-ha13:44
*** furlongm has quit IRC14:09
*** furlongm has joined #openstack-ha14:10
*** kgaillot has joined #openstack-ha14:38
*** cleong has joined #openstack-ha14:46
*** bogdando has quit IRC14:50
*** bogdando has joined #openstack-ha14:58
*** rmart04 has quit IRC15:03
*** rmart04 has joined #openstack-ha15:06
*** corey_ has joined #openstack-ha15:09
*** corey_ is now known as Guest4114715:09
*** cleong has quit IRC15:11
*** g3ek has quit IRC15:13
*** g3ek has joined #openstack-ha15:14
*** g3ek has quit IRC15:27
*** mjura has quit IRC15:30
*** rmart04 has quit IRC15:31
*** g3ek has joined #openstack-ha15:37
*** asettle has quit IRC15:45
*** asettle has joined #openstack-ha15:46
*** furlongm has quit IRC15:53
*** furlongm has joined #openstack-ha15:53
*** cleong has joined #openstack-ha16:02
*** Guest41147 has quit IRC16:03
*** corey_ has joined #openstack-ha16:08
*** corey_ is now known as Guest4830916:09
*** cleong has quit IRC16:09
*** furlongm_ has joined #openstack-ha16:10
*** furlongm has quit IRC16:10
*** nkrinner is now known as nkrinner_afk16:11
*** furlongm_ has quit IRC16:34
*** furlongm_ has joined #openstack-ha16:34
*** furlongm_ has quit IRC17:17
*** furlongm has joined #openstack-ha17:17
*** Guest48309 has quit IRC17:40
*** cleong has joined #openstack-ha17:40
*** asettle has quit IRC17:58
*** ushkalim has quit IRC18:01
*** pcaruana has quit IRC18:52
*** asettle has joined #openstack-ha18:53
*** furlongm has quit IRC19:29
*** furlongm has joined #openstack-ha19:30
*** raginbajin has quit IRC19:36
*** v12aml has quit IRC19:36
*** ddeja has quit IRC19:36
*** NostawRm has quit IRC19:36
*** v12aml has joined #openstack-ha19:36
*** ddeja has joined #openstack-ha19:36
*** raginbajin has joined #openstack-ha19:38
*** corey_ has joined #openstack-ha19:50
*** corey_ is now known as Guest374519:51
*** cleong has quit IRC19:53
*** asettle has quit IRC20:10
*** Guest3745 is now known as cleong20:33
*** cleong has quit IRC21:12
*** asettle has joined #openstack-ha21:14
*** aasmith has quit IRC21:36
*** furlongm_ has joined #openstack-ha21:40
*** furlongm has quit IRC21:41
*** furlongm has joined #openstack-ha22:13
*** furlongm_ has quit IRC22:14
*** asettle has quit IRC22:15
*** openstack has joined #openstack-ha22:57
*** kgaillot has quit IRC23:42
*** masahito has joined #openstack-ha23:57
« Tuesday, 2017-01-03 Index Thursday, 2017-01-05 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!