Monday, 2016-11-14

« Sunday, 2016-11-13 Index Tuesday, 2016-11-15 »
kfox1111I'd skip the ceph in k8s part of it, and deploy it with kolla-ansible or native ceph-deploy.00:01
kfox1111the rest should apply.00:01
kfox1111should be pretty close to the existing multinode setup.00:01
kfox1111I broke up the gate job so that in theory you could reuse large chunks of the scripts.00:01
kfox1111haven't tried it outside the gate yet though, so if you run into any issues where its not generic enough, please let me know and I can fix it.00:02
Pavook that link for the script doesn't work btw00:02
PavoI'm watching the summit of kolla-kubernetes right now btw00:03
sdake_pavo its earl ydays for kolla-kubernetes00:07
sdake_for example, no workflow is implemented00:07
sdake_pavo my recommendation for you - if deploying today, is to stick with kolla-ansible00:07
sdake_oh well, maybe sleep will make it better00:08
sdake_later cats00:08
PavoI agree but would like to help do somethings with you guys so testing is probably my best area since I still have to learn the coding part00:08
*** sdake_ has quit IRC00:10
kfox1111if nothing else, going through th emultinode stuff and documenting along the way would be great.00:10
Pavoyeah thats what I was thinking00:10
Pavoand actually getting the guide better00:11
kfox1111that would be awesome. :)00:11
Pavobut need help setting it up is all00:11
kfox1111if you have any questions / run into any bugs, please let me know.00:12
Pavonever even looked at k8 before00:12
kfox1111I gota head out for now. though.00:12
Pavono problem I am off tomorrow also00:12
kfox1111mnight run through the minikube document then.00:12
kfox1111might get a better idea how it works that way.00:12
kfox1111bbl.00:12
*** chas_ has joined #openstack-kolla00:15
*** neilus has quit IRC00:19
*** chas_ has quit IRC00:20
*** neilus has joined #openstack-kolla00:20
*** bjolo_ has quit IRC00:26
*** duonghq has joined #openstack-kolla00:46
*** sdake has joined #openstack-kolla00:48
*** tonanhngo has joined #openstack-kolla00:53
*** tonanhngo has quit IRC00:56
*** zhubingbing has joined #openstack-kolla00:57
*** diogogmt has quit IRC00:58
*** Pavo has quit IRC01:04
openstackgerritzhubingbing proposed openstack/kolla: Fix trove dockerfile  https://review.openstack.org/39692801:05
*** xiangxinyong has quit IRC01:05
*** Pavo has joined #openstack-kolla01:07
openstackgerritzhubingbing proposed openstack/kolla: grafana added to haproxy to listen on VIP  https://review.openstack.org/39318301:09
*** tovin07_ has joined #openstack-kolla01:11
*** chas_ has joined #openstack-kolla01:16
*** chas_ has quit IRC01:20
openstackgerritzhubingbing proposed openstack/kolla: Fix trove dockerfile  https://review.openstack.org/39692801:22
openstackgerritzhubingbing proposed openstack/kolla: Fix trove dockerfile  https://review.openstack.org/39692801:24
*** pprokop has quit IRC01:27
*** pprokop has joined #openstack-kolla01:27
*** tonanhngo has joined #openstack-kolla01:27
*** tonanhngo has quit IRC01:30
*** sdake has quit IRC01:30
*** zhurong has joined #openstack-kolla01:30
*** sdake has joined #openstack-kolla01:32
*** sdake has quit IRC01:33
*** eaguilar has joined #openstack-kolla01:33
*** v1k0d3n has joined #openstack-kolla01:36
*** asalkeld has joined #openstack-kolla01:42
*** tonanhngo has joined #openstack-kolla01:44
*** tonanhngo has quit IRC01:45
*** asalkeld has quit IRC01:47
*** mtaylor22 has joined #openstack-kolla01:53
*** tonanhngo has joined #openstack-kolla02:04
*** v1k0d3n has quit IRC02:04
*** tonanhngo has quit IRC02:06
*** v1k0d3n has joined #openstack-kolla02:16
*** chas_ has joined #openstack-kolla02:17
*** v1k0d3n has quit IRC02:20
*** chas_ has quit IRC02:21
*** bjolo_ has joined #openstack-kolla02:22
*** tonanhngo has joined #openstack-kolla02:24
*** tonanhngo has quit IRC02:26
*** g3ek has quit IRC02:29
*** haplo37 has quit IRC02:30
*** haplo37 has joined #openstack-kolla02:31
*** g3ek has joined #openstack-kolla02:36
*** dims has quit IRC02:43
*** awiddersheim has quit IRC02:45
*** eaguilar has quit IRC02:48
*** tonanhngo has joined #openstack-kolla02:54
sp_Jeffrey4l: hi I know this can be a lame query, if we compare kolla-ansible's pre-check and kolla-k8s's operator in terms of dependency check and resolution. Then how these two are differ.02:55
*** tonanhngo has quit IRC02:55
sp_please provide your view, if I am going wrong02:56
*** f13o has joined #openstack-kolla02:59
sp_pbourke: can you please help to understand these two              suppose if we compare kolla-ansible's pre-check and kolla-k8s's operator in terms of dependency check and resolution. Then how these two are differ. please provide your view, if I am going wrong.03:00
*** awiddersheim has joined #openstack-kolla03:02
*** Pavo has quit IRC03:04
*** Pavo has joined #openstack-kolla03:09
openstackgerritLarry Rensing proposed openstack/kolla-kubernetes: Adding prechecks script  https://review.openstack.org/39456903:10
*** tonanhngo has joined #openstack-kolla03:13
*** tonanhngo has quit IRC03:15
*** v1k0d3n has joined #openstack-kolla03:24
*** v1k0d3n has quit IRC03:30
*** tonanhngo has joined #openstack-kolla03:34
*** tonanhngo has quit IRC03:36
Jeffrey4lsp_, no idea about the operator. let me check first.03:43
*** Pavo has quit IRC03:47
*** Pavo has joined #openstack-kolla03:51
*** tonanhngo has joined #openstack-kolla03:54
*** tonanhngo has quit IRC03:55
*** f13o has quit IRC04:05
sp_Jeffrey4l: it's fine. Thanks for reply. May be @pbourke, @sdake or someone else can help04:05
*** tonanhngo has joined #openstack-kolla04:14
*** tonanhngo has quit IRC04:15
*** chas_ has joined #openstack-kolla04:18
*** chas_ has quit IRC04:23
*** zhurong has quit IRC04:37
*** tonanhngo has joined #openstack-kolla04:43
*** tonanhngo has quit IRC04:46
*** coolsvap has joined #openstack-kolla05:24
*** zhurong has joined #openstack-kolla05:33
*** tonanhngo has joined #openstack-kolla05:44
*** tonanhngo has quit IRC05:45
*** Pavo has quit IRC05:50
*** Pavo has joined #openstack-kolla05:55
mtaylor22hrm05:56
mtaylor22has anyone else seen heka spew out logs like this: error: can't deliver matched message: Queue is full05:57
*** skramaja_ has quit IRC05:59
*** skramaja has joined #openstack-kolla06:03
*** hyakuhei has quit IRC06:04
*** tonanhngo has joined #openstack-kolla06:04
*** tonanhngo has quit IRC06:06
*** mtaylor22 has quit IRC06:09
openstackgerritWei Cao proposed openstack/kolla: Add karbor container  https://review.openstack.org/39500606:23
*** tonanhngo has joined #openstack-kolla06:24
*** tonanhngo has quit IRC06:26
openstackgerritJeffrey Zhang proposed openstack/kolla: corrects invalid logrotate option maxsize  https://review.openstack.org/39701206:34
*** v1k0d3n has joined #openstack-kolla06:34
*** v1k0d3n has quit IRC06:39
*** tonanhngo has joined #openstack-kolla06:44
*** tonanhngo has quit IRC06:44
openstackgerritJeffrey Zhang proposed openstack/kolla: Add neutron vpnaas code into neutron-server container  https://review.openstack.org/39701506:45
openstackgerritzhubingbing proposed openstack/kolla: Fix trove dockerfile  https://review.openstack.org/39692807:07
openstackgerritWei Cao proposed openstack/kolla: [WIP] Add karbor ansible role  https://review.openstack.org/39502207:11
*** haplo37 has quit IRC07:15
*** g3ek has quit IRC07:15
*** g3ek has joined #openstack-kolla07:21
*** haplo37 has joined #openstack-kolla07:21
*** neilus has quit IRC07:25
*** neilus has joined #openstack-kolla07:25
*** neilus has quit IRC07:26
*** f13o has joined #openstack-kolla07:32
openstackgerritMerged openstack/kolla: grafana added to haproxy to listen on VIP  https://review.openstack.org/39318307:36
*** tonanhngo has joined #openstack-kolla07:44
*** unicell has joined #openstack-kolla07:45
*** tonanhngo has quit IRC07:45
*** unicell1 has quit IRC07:46
*** f13o has quit IRC07:50
*** Pavo has quit IRC07:50
*** Pavo has joined #openstack-kolla07:55
*** shardy has joined #openstack-kolla07:58
*** neilus has joined #openstack-kolla08:01
*** neilus has quit IRC08:06
*** sdake has joined #openstack-kolla08:07
*** unicell has quit IRC08:11
*** unicell has joined #openstack-kolla08:13
*** matrohon has joined #openstack-kolla08:17
*** f13o has joined #openstack-kolla08:28
*** egonzalez90 has joined #openstack-kolla08:30
duonghqmorning egonzalez9008:31
egonzalez90morning duonghq08:31
duonghqhave a nice week ;)08:31
egonzalez90hope so, this week is global docker mentor meetup, some fun at the evening08:32
duonghqegonzalez90,  are you joining?08:32
egonzalez90yes08:33
duonghqso, your work is docker-related? or just for personal interested?08:33
sdakeevening peeps08:33
duonghqevening sdake08:34
egonzalez90personal, I don't do anything about docker at job (even nothing about OpenStack)08:34
egonzalez90sdake, how was k8s conferences?08:35
duonghqhave fun "D08:35
sdakeme eithe egonzalez90 :)08:35
sdakecloudnativecon was interesting08:35
sdakelearned alot08:35
*** Serlex has joined #openstack-kolla08:35
duonghqI'm not sure why each recheck 1-2 gate(s) failed (the policy.json ps)08:35
sdakealot of waht i have learned was fed into ryan's spec08:35
egonzalez90share knowledge ;)08:36
duonghq#link https://review.openstack.org/#/c/394260/08:36
egonzalez90duonghq: i think is unrelated to the change08:36
duonghqegonzalez90, you think it's just gate unstable?08:37
duonghqanybody use reposync of yum yet?08:37
egonzalez90pbourke: any idea why oracle gates are failing?08:37
egonzalez90duonghq: yes, other changes are failing too08:38
sdakehttp://logs.openstack.org/60/394260/5/check/gate-kolla-dsvm-deploy-oraclelinux-binary-centos-7-nv/8ff7fbc/console.html#_2016-11-14_08_11_27_56412608:38
sdakeour gates are generally flakey on rax : http://logs.openstack.org/60/394260/5/check/gate-kolla-dsvm-deploy-oraclelinux-binary-centos-7-nv/8ff7fbc/console.html#_2016-11-14_07_34_16_63665208:39
duonghqyeah, it failed at this step every time it failed08:39
sdaketoo bad we can't eliminate rax as a cloud provider for our jobs08:40
sdakei've already investigte if this possible and it is not08:40
sdakemaybe Jeffrey4l can fix that gate - not sure08:40
sdakeits hard to fix because it does not schedule often in our jobs08:40
*** tonanhngo has joined #openstack-kolla08:44
*** tonanhngo has quit IRC08:46
*** mgoddard has joined #openstack-kolla08:49
openstackgerritMerged openstack/kolla: Add bindep environment to tox  https://review.openstack.org/39685608:56
*** f13o has quit IRC08:57
*** chas_ has joined #openstack-kolla08:57
*** f13o has joined #openstack-kolla08:57
duonghqsdake, can you explain what does fencing do in kolla-k8s context?08:58
*** tonanhngo has joined #openstack-kolla09:04
*** sdake has quit IRC09:05
*** tonanhngo has quit IRC09:06
*** berendt has joined #openstack-kolla09:12
*** f13o_ has joined #openstack-kolla09:23
*** tonanhngo has joined #openstack-kolla09:24
*** tonanhngo has quit IRC09:26
*** strigazi_AFK is now known as strigazi09:26
*** f13o has quit IRC09:27
*** athomas has joined #openstack-kolla09:30
*** zhurong has quit IRC09:34
*** magicboiz has joined #openstack-kolla09:34
magicboizHi, is prameswar here?09:39
*** tonanhngo has joined #openstack-kolla09:43
openstackgerritWei Cao proposed openstack/kolla: [WIP] Add karbor ansible role  https://review.openstack.org/39502209:44
*** tonanhngo has quit IRC09:44
openstackgerritnarasimha18sv proposed openstack/kolla: update missing dispatcher configurations for ceilometer when backend is database  https://review.openstack.org/39708909:46
*** openstackgerrit has quit IRC09:47
*** openstackgerrit has joined #openstack-kolla09:48
*** Pavo has quit IRC09:50
*** Pavo has joined #openstack-kolla09:55
pprokopHI kfox1111: stackanetes uses kolla images with custom last layer09:56
pprokopa kubernetes-entrypoint09:56
duonghqegonzalez90, so, can my patchset be merged?09:56
*** msimonin has joined #openstack-kolla09:59
openstackgerritzhubingbing proposed openstack/kolla: Add trove role  https://review.openstack.org/35490110:01
*** tovin07_ has quit IRC10:03
openstackgerritJeffrey Zhang proposed openstack/kolla: Use check_mode no instead of always_run  https://review.openstack.org/39709410:04
zhubingbinghi10:04
*** tonanhngo has joined #openstack-kolla10:05
zhubingbingwho can help me look trove  ~)10:05
openstackgerritJeffrey Zhang proposed openstack/kolla: Add neutron vpnaas code into neutron-server container  https://review.openstack.org/39701510:05
*** portdirect_away is now known as portdirect10:06
*** tonanhngo has quit IRC10:07
openstackgerritJeremy Liu proposed openstack/kolla: Word choice for back end  https://review.openstack.org/39078810:16
*** duonghq has quit IRC10:19
portdirectmorning :)10:19
*** tonanhngo has joined #openstack-kolla10:24
*** tonanhngo has quit IRC10:25
openstackgerritMerged openstack/kolla: Add karbor container  https://review.openstack.org/39500610:27
openstackgerritMerged openstack/kolla: Fix trove dockerfile  https://review.openstack.org/39692810:33
*** jmccarthy has left #openstack-kolla10:35
*** v1k0d3n has joined #openstack-kolla10:36
*** v1k0d3n has quit IRC10:40
*** stvnoyes has quit IRC10:43
*** stvnoyes has joined #openstack-kolla10:43
*** tonanhngo has joined #openstack-kolla10:44
*** tonanhngo has quit IRC10:46
openstackgerritMerged openstack/kolla: Allow operators to customise pip packages in nova_compute  https://review.openstack.org/39668710:47
*** ppalacios has joined #openstack-kolla10:50
*** Serlex has quit IRC10:59
*** zhubingbing has quit IRC11:05
*** athomas has quit IRC11:08
*** mliima has joined #openstack-kolla11:13
*** athomas has joined #openstack-kolla11:13
*** duonghq has joined #openstack-kolla11:17
*** chas_ has quit IRC11:29
*** f13o_ has quit IRC11:31
*** f13o_ has joined #openstack-kolla11:31
openstackgerritSurya Prakash Singh proposed openstack/kolla: Consistent home directory creation for all the services  https://review.openstack.org/39017911:31
*** zhurong has joined #openstack-kolla11:35
*** zhurong has quit IRC11:42
*** Pavo has quit IRC11:50
*** haplo37 has quit IRC11:53
*** Pavo has joined #openstack-kolla11:55
*** tonanhngo has joined #openstack-kolla11:55
*** g3ek has quit IRC11:56
*** tonanhngo has quit IRC11:57
*** stvnoyes has quit IRC11:58
*** dave-mccowan has joined #openstack-kolla12:01
*** haplo37 has joined #openstack-kolla12:02
*** g3ek has joined #openstack-kolla12:03
*** nihilifer has joined #openstack-kolla12:04
*** shardy is now known as shardy_lunch12:09
*** DTadrzak has joined #openstack-kolla12:11
*** tonanhngo has joined #openstack-kolla12:13
*** tonanhngo has quit IRC12:15
*** zhurong has joined #openstack-kolla12:16
*** zhurong has quit IRC12:19
*** zhurong has joined #openstack-kolla12:21
pomacFYI, ansible/roles/neutron/templates/neutron.conf.j2:18:metadata_works = {{ openstack_service_workers }} - feels like that should be metadata_workers ;)12:25
*** neilus has joined #openstack-kolla12:25
berendtpomac can you provide a patch for it?12:25
pomacberendt: sure, I just have to see if this could be related to our issues12:26
pomacHumm should i fork and do a pull req or just send the patch somewhere? I'm not really in to the general workflow here12:29
*** neilus has quit IRC12:29
berendtwe work with gerrit and do not use the common github workflow12:31
*** rhallisey has joined #openstack-kolla12:32
berendtpomac simply open a bug report for it on launchpad, this way somebody else can fix it12:32
berendtpomac https://launchpad.net/kolla12:32
pomacberendt: oki12:33
*** tonanhngo has joined #openstack-kolla12:34
*** tonanhngo has quit IRC12:35
*** srwilkers has joined #openstack-kolla12:48
*** Serlex has joined #openstack-kolla12:52
*** ayoung has quit IRC12:54
*** schwicht has joined #openstack-kolla13:06
*** f13o__ has joined #openstack-kolla13:07
*** f13o_ has quit IRC13:10
*** srwilkers has quit IRC13:13
*** srwilkers has joined #openstack-kolla13:13
*** srwilkers has quit IRC13:15
*** srwilkers has joined #openstack-kolla13:16
*** neilus has joined #openstack-kolla13:16
*** neilus has quit IRC13:19
*** schwicht has quit IRC13:20
*** stvnoyes has joined #openstack-kolla13:20
*** lamt has joined #openstack-kolla13:21
*** neilus has joined #openstack-kolla13:21
*** neilus has quit IRC13:21
*** chas_ has joined #openstack-kolla13:22
*** lamt has quit IRC13:22
*** lamt has joined #openstack-kolla13:23
*** sdake has joined #openstack-kolla13:24
sdakeJeffrey4l morning13:24
*** schwicht has joined #openstack-kolla13:24
sdakeduonghq still around?13:24
Jeffrey4lsdake, morning13:24
sdakesup jeffrey4l13:25
sdakerepo split should hapen shortly btw13:25
Jeffrey4lnothing special ;)13:26
Jeffrey4lcool.13:26
duonghqsdake, hi13:26
duonghqevening13:26
Jeffrey4lso the new repo is already prepared?13:26
sdakeduonghq so that fencing agent13:27
sdakeJeffrey4l yes its ready to go awaiting inc0's ack on the reviews13:27
Jeffrey4li saw that. it is just create a new repo, right?13:27
openstackgerritRyan Hallisey proposed openstack/kolla-kubernetes: Spec - Kolla-Kubernetes Deployment Architecture  https://review.openstack.org/39225713:27
duonghqsdake, which agent? do you meen the OpenStack service one or something?13:28
sdakeJeffrey4l check out http://github.com/sdake/kolla13:28
sdakeduonghq question you had asked me last night13:28
rhallisey1 more day on the spec folks13:28
rhalliseyit's it pretty good shape13:28
sdakeduonghq what it does is kill connections for rbd driver i think13:28
sdakerhallisey i'm glad you got rid of the marketing speak ;)13:30
*** neilus has joined #openstack-kolla13:30
rhallisey:) wasn't intentional13:30
sdakeI was like "huh"13:30
sdakeof course you failed to work dovetail into the spec13:30
sdakeoh well13:30
rhallisey:)13:31
*** shardy_lunch is now known as shardy13:31
sp_dear sdake: hi, i need your precious 2 minutes13:31
sdakesp_ shoot13:32
duonghqsdake, I'm sorry but something jam my mind, last weekend I do not join IRC much (1 OpenStack meetup, some hang out and many other thing), so I can pretty sure I do not ask you anything last weekend (in my timezone). About the fencing question, last IRC meeting, some guys mentioned fencing and deps, I can understood the deps but do not get idea of fencing, it's general or for some service?13:32
openstackgerritbjorn lofdahl proposed openstack/kolla: Fix neutron.conf.j2 metadata_workers spelling error  https://review.openstack.org/39718613:32
sdakeduonghq not totally sure13:32
*** fguillot has joined #openstack-kolla13:33
duonghqok, so I will comeback with fencing later,13:33
sp_what can be plan from community side for this BP   https://blueprints.launchpad.net/kolla/+spec/kolla-gui        because we didn't had any design discussion on this in Barcelona summit    Your opinion would be quite helpful to me.13:34
duonghqfor the repo-split, will any bp be written?13:34
*** neilus has quit IRC13:35
*** dims has joined #openstack-kolla13:35
duonghqsp_, I have not got idea of this bp too, but anybody see mdnadeem around?13:35
bjolo_sp_, not to push my own bp, but i think a gui and cli goes hand in hand https://blueprints.launchpad.net/kolla/+spec/kolla-multicloud-cli13:36
sdakesp_ not sure ask inc013:37
bjolo_implement the functions desired as an API and both gui and cli can be built on top of that13:37
sdakebjolo_ yes thats a BKP for implementing guis/clis13:37
duonghqbjolo_, just skim through your bp, very nice idea13:37
sdakebjolo_ and further how i assumed the work would be done13:38
duonghqbut I do not think GUI is good idea atm,13:38
*** v1k0d3n has joined #openstack-kolla13:39
*** v1k0d3n has quit IRC13:39
duonghqCLI and under mechanism is totally ok13:39
bjolo_to me a cli comes first13:39
bjolo_gui is just a visual version of the cli :)13:39
duonghqbut for GUI, it should be deferred for some cycle13:39
duonghqsure, but we must care some more implementation details,13:39
sdakei think a gui is a good idea, i think inc0 does not13:40
sdakei've heard conflciting thoughts on this13:40
sdakemy take is as follows13:40
sdakeWe will have cmplete parity with everyone with a gui13:41
sdakewithout a gui we lack parity13:41
sdakeother people think its the job of the product companies taking kolla to market to make a gui out of it13:41
*** v1k0d3n has joined #openstack-kolla13:41
sdakei dont have time to write code either way for it,s o ymmv ;)13:42
duonghqsdake, agreed, but I still do not think it should be done in very near  future,13:42
sdakerace is on to kubernete-ize the datacenter13:43
*** janonymous has joined #openstack-kolla13:43
duonghqbut do you think bjolo_'s bp is very useful if it's done well, sdake13:43
*** janonymous has left #openstack-kolla13:43
sdakeansible has won baremetal deployments13:43
sp_sdake: I agree with you and GUI would be a killer feature for kolla13:43
sdakefor virtual deployments (kubernetes) i think it makes more sense to focus there13:43
bjolo_yea the discussion if kolla is a project or a product is part of the divide. One can argue either way. If it is only a project, why do we have containers for monitoring, central logging, etc right13:43
sdakebjolo_ it is a project13:43
sdakebjolo_ not a product13:43
sdakei can answer that without hesitation13:44
sp_sdake: I had discussion with mdnadeem:13:44
sdakeit has monitoring central logging because those things are needed by operators absolutely13:44
sdakea gui is a pretty thing that helps "sell" a product13:44
sdakemost ops wont use a gui13:44
*** krtaylor has quit IRC13:45
sdakeif it is to be done, please use a rest api :)13:45
bjolo_depends on what we visualize in the gui13:45
bjolo_i agree that guis are most in the way13:45
*** eaguilar has joined #openstack-kolla13:45
*** v1k0d3n has quit IRC13:46
sp_sdake: Yes agree, we will provide some sort of rest api that matches our kolla-ansible api13:47
bjolo_a gui can serve as the unified frontend for the visual components we have in kolla13:47
bjolo_ops log into the gui, from there they have links to kibana, haproxy status page, rabbitmq manager13:47
bjolo_etc13:48
duonghqsdake, can you take a look at my ansbile-become ps serie: https://review.openstack.org/#/c/358539/13:48
bjolo_metrics from grafana etc13:48
duonghqbjolo_, sure, but, many work come here13:48
sdakejust woke up - dont review patch sets until my brain is working sorry duonghq13:48
duonghqsdake,  oops, I thought you have wake up for one or two hours, sorry13:49
bjolo_visual LLDP topology maps13:49
bjolo_just to make my standpoint clear13:50
duonghqbjolo_, IMO, somebody should jot down your ideas to the bp13:50
sp_sdake: Thanks for your valuable opinion, I would be working on this.13:50
bjolo_i dont really use guis to administrate stuff. command line is way better for that. however, guis do help visualise stuff and that should be capitalized upon13:50
*** Pavo has quit IRC13:50
*** schwicht has quit IRC13:50
*** krtaylor has joined #openstack-kolla13:51
* sdake wishes my amex points were 1 point per 1 dollar13:52
sdakei have 140k points atm.. :)13:52
*** schwicht has joined #openstack-kolla13:52
sdakerbergeron earned us 30k or so points bybooking bunch o work travel13:52
duonghqbjolo_, I think your idea and the bp worth a spec?13:52
sdakedont bother with specs imo13:53
sdakeinc0 was pretty clear its not the time for specs13:53
duonghqsdake, so we track these things on launchpad bp?13:53
sdakeyes as work items13:53
*** Pavo has joined #openstack-kolla13:55
bjolo_sdake, i dont mean disagree with you or the kolla core team, but i think you have to re-think the project vs product part since it is colliding with reality. From the coders perspective it is a project and perhaps it always will be, but from an operator it will be a considered a product. Whatever we find "missing" from an operator perspective, we will open up requests for and some of us will submit PS for it13:55
sdakebjolo_ still a project13:56
bjolo_for you ok :)13:56
sdakebjolo_ openstack doesnt product products :)13:56
sdakeproduce that is13:56
*** schwicht has quit IRC13:56
sdakea product comes with support and escalation paths and all kinds of other rigamorale13:56
bjolo_so who should use kolla-ansible in that case?13:57
sdakelike contracts, sows, etc13:57
sdakebjolo_ i hope everyone does13:57
sdakebjolo_ but again, at this point in time, upstream isn't a "product team"13:57
sdakealthough for example jeffrey4l's co is producing a product based on kolla so he is part of a product team13:57
bjolo_yes, i agree with that. perhaps we need some better definitions here13:57
sdakea true product would finetune the ci/cd pipeline13:58
bjolo_when i say product in the context i dont mean SLAs etc13:58
sdakeand make all that stuff work13:58
*** f13o__ has quit IRC13:58
sdakeok well to me what is what a product is :)13:59
sdakethat is what  that is :)13:59
*** f13o__ has joined #openstack-kolla13:59
bjolo_community product that includes all features needed by operators13:59
sdakeproducts are sold for money and with the exchange of money comes a contract determining what will be done by the co supporting the product13:59
bjolo_kolla-ansible is to me a community product13:59
sdakewe have no such thing upstream13:59
sdakekolla-ansible is meant to be a project where people base products on in their downstreams14:00
sdakethis is how oracle behaves14:00
sdakeand this is the model we want14:00
sdakeupstream = project, downstream = product14:01
bjolo_ok so by that rational only openstack containers should be in the project.14:02
sdakedisagree14:02
bjolo_my point is that the line is drawn somewhat arbitrarily14:02
sdakein fact, containers are really where we run afoul of my product definitinos14:03
sdakethe line in my mind is drawn "has a contract been written and signed"14:03
sdakeif no contract, no product14:04
*** khamtamtun has joined #openstack-kolla14:04
*** zhubingbing_ has joined #openstack-kolla14:05
sdakeproj·ect14:07
sdakenoun14:07
sdakeˈpräjˌekt/14:07
sdake1.14:08
sdakean individual or collaborative enterprise that is carefully planned and designed to achieve a particular aim.14:08
sdakeprod·uct14:08
sdakeˈprädəkt/Submit14:08
sdakenoun14:08
sdake1.14:08
sdakean article or substance that is manufactured or refined for sale.14:08
sdake"marketing products and services"14:08
*** zhurong has quit IRC14:08
sdakebjolo_ where kolla falls down on the product side is it hasn't been refined ;)14:09
*** schwicht has joined #openstack-kolla14:10
sdakesrwilkers i dont see your name on the list of contribs to kolla-lubernetes, are you joining in ? :)14:11
duonghqsdake, where is the list?14:13
sdakeduonghq in the spec14:13
duonghqah, okay14:14
bjolo_sdake, i think we are actually on the same page, we just use different words for. Project to me is a play thing initially. Once it reaches some form of working level and people start using it, it has to be transformed into a well functioning and responsible project.14:14
Jeffrey4lsean-k-mooney, around?14:14
sean-k-mooneyJeffrey4l: yes kind of14:15
sdakebjolo_ right and we have done that transformation, but it doesn't make it a product ;)14:15
Jeffrey4lsean-k-mooney, could u check the logrotate change? https://review.openstack.org/39701214:15
Jeffrey4li think it is correct in the original implementation.14:15
*** khamtamtun has quit IRC14:16
sean-k-mooneyJeffrey4l: perhaps. that said the reason i said kindof is i my currently fixing my cluster angian because the log grew to 70G and i ran out of disk space14:17
rhalliseysdake, I put kolla-kubernetes community to include everyone14:17
sean-k-mooneyJeffrey4l: this has happened with both versions14:17
Jeffrey4lsean-k-mooney, in my env, it works fine.14:18
Jeffrey4lsean-k-mooney, ls -alh neutron-server.log*14:18
Jeffrey4l-rw-r--r-- 1 1000 1001  26M Nov 14 22:03 neutron-server.log14:18
Jeffrey4l-rw-r--r-- 1 1000 1001  51M Nov  6 03:25 neutron-server.log.114:18
Jeffrey4l-rw-r--r-- 1 1000 1001 4.2M Nov  1 03:25 neutron-server.log.2.gz14:18
Jeffrey4l-rw-r--r-- 1 1000 1001 4.3M Oct 23 03:18 neutron-server.log.3.gz14:18
Jeffrey4l-rw-r--r-- 1 1000 1001 4.2M Oct 12 03:18 neutron-server.log.4.gz14:18
Jeffrey4l-rw-r--r-- 1 1000 1001 4.0M Oct  1 03:33 neutron-server.log.5.gz14:18
Jeffrey4l-rw-r--r-- 1 1000 1001 4.2M Sep 20 03:47 neutron-server.log.6.gz14:18
Jeffrey4lsorry..14:18
Jeffrey4lpaste url http://paste.openstack.org/show/589130/14:18
sean-k-mooneyJeffrey4l: what is your build config. mine is ubuntu source14:19
Jeffrey4lsean-k-mooney, mine is centos + source.14:19
Jeffrey4lnewton branch.14:19
Jeffrey4l( upgraded from mitaka )14:20
sean-k-mooneycould this be cause by different logrotate verions?14:20
Jeffrey4lcentos is using 3.8.6, ubuntu is using 3.8.7, so i do not think so.14:21
sean-k-mooneyhow offten does crone run the logroate check?14:22
*** markt_ has joined #openstack-kolla14:22
*** markt_ has quit IRC14:22
Jeffrey4lsean-k-mooney, let's talk the configuration file only.  does it make sense i made about the original config in PS?14:22
Jeffrey4ldefault value. let me check.14:22
Jeffrey4ldaily.14:23
sean-k-mooneyyes if maxsize is now supported it does14:23
sean-k-mooneyJeffrey4l: it might make sense to make this overridable14:23
*** chas_ has quit IRC14:24
sean-k-mooneyJeffrey4l: the reason my logs are growing so quickly is because the l3 agent is complaing about iptables so its rapidly loging warning messages14:24
*** khamtamtun has joined #openstack-kolla14:25
*** chas_ has joined #openstack-kolla14:25
Jeffrey4lcheck this Typically logrotate will only be run once daily, so the size limits will not be honoured exactly. logrotate's status file (possibly /var/lib/logrotate.status) only stores dates (not times), it is not intended for use more frequently, so you cannot trivially rotate files more frequently.14:25
Jeffrey4lfrom http://serverfault.com/questions/474941/how-to-rotate-log-based-on-an-interval-unless-log-exceeds-a-certain-size14:25
Jeffrey4l so l3 agent generate 70G in 24 hour?14:25
sean-k-mooneyyep it was logging 192,000 lines of logs every time it check iptables.14:26
sean-k-mooneyit was complaining about duplicate iptables rules14:26
Jeffrey4lbut logrotate only work with daily, right?14:28
sean-k-mooneyi know i have to fix whatever is wrong with the l3 agent but logroate should be able to prevent it form eating all the disk space.14:28
sean-k-mooneyright because we run it daily14:28
Jeffrey4lat least, use `size` do not work right now.14:28
sean-k-mooneywe dont have to run it daily14:28
Jeffrey4lso let's revert the original change and try other solution, like run logrotate hourly?14:29
*** chas_ has quit IRC14:29
sean-k-mooneyruning it hourly would help but yes lets revert. the size vs maxsize was obviouly a red hering14:30
Jeffrey4lOK.14:30
egonzalez90using maxsize will rotate when the specified size is reached, even before the interfal14:30
sean-k-mooneyegonzalez90 if cron only runs logroate once a day it wont14:31
Jeffrey4legonzalez90, yep. but the issue is logrotate is run daily.  may not enough in some case.14:31
Jeffrey4lbtw, egonzalez90 nice catch ;)14:31
egonzalez90just googled about it ;)14:31
egonzalez90sean-k-mooney: can you check if this fit with your usecase  of the ovs-cleanup https://review.openstack.org/#/c/396948/14:32
*** mgiles has joined #openstack-kolla14:32
openstackgerritJeffrey Zhang proposed openstack/kolla: Revert "corrects invalid logrotate option maxsize"  https://review.openstack.org/39721414:33
sean-k-mooneyegonzalez90: just looking at it now14:33
duonghqegonzalez90, ping14:34
egonzalez90duonghq: pong14:35
*** tonanhngo has joined #openstack-kolla14:35
duonghqegonzalez90, I just rechecked this: https://review.openstack.org/#/c/394260/ and another gate failed, so it can be merged?14:35
sean-k-mooneyegonzalez90: im not sure we shoudl delete teh bridges when we delete the neuttron agent14:35
sean-k-mooneyegonzalez90: i think that should only be done if we are deletate the ovs-vswitchd14:36
*** tonanhngo has quit IRC14:36
*** ayoung has joined #openstack-kolla14:37
Jeffrey4legonzalez90, sean-k-mooney it is not removing ovs bridge, it is only removing ovs port.14:37
Jeffrey4land sean-k-mooney this script removes all container and it is OK to remove all port before removing all containers.14:38
openstackgerritcaoyuan proposed openstack/kolla: Allow operators to customise pip packages in dind  https://review.openstack.org/39722114:38
sean-k-mooneyJeffrey4l: the script also allows you to remove only a subset14:38
sdakeduonghq line 215 is where you want to add your name: https://review.openstack.org/#/c/392257/9/specs/kolla-kubernetes-arch.rst14:39
sean-k-mooneyi used to use it to remove just the containers i was modifying14:39
egonzalez90agree with sean-k-mooney , just use cleanup-containers horizon and only remove horizon14:39
sean-k-mooneyJeffrey4l: so tools/cleanup-containers nova && tools/kolla-ansible deploy --tags nova14:40
sean-k-mooneyJeffrey4l: its only usefull for single node but it is useful when developing14:41
Jeffrey4lhmm14:41
*** khamtamtun has quit IRC14:41
duonghqthank you sdake, so I guess that I should ping rhallisey and ask him add me to the list?14:41
rhalliseyI'll add you14:42
duonghqthank you rhallisey14:42
*** khamtamtun has joined #openstack-kolla14:42
*** khamtamtun has quit IRC14:43
sean-k-mooneyincidentally i was not aware that https://review.openstack.org/#/c/369023/ had merged14:43
*** jtriley has joined #openstack-kolla14:44
sean-k-mooneyi guess if you runn cleanup-contiaenrs then cleanup-host it would have cause an issue as the contianer would not be running14:45
*** chas_ has joined #openstack-kolla14:45
sdakesomehow i got spg gold preferred14:47
sdakegotta see how that happened14:47
sdakei guess that is rbergeron 's spg account14:49
sdakeduonghq nah just add your name in the review14:49
sdakeoh ok looks like rhallisey has it14:49
sdakesorry, read top to bottom ;)14:49
*** chas_ has quit IRC14:50
*** TxGirlGeek has joined #openstack-kolla14:50
egonzalez90if i'm correct, neutron_openvswitch_controll the creation of tap devices into ovs, also is executed before starting neutron-openvswitch-agent to clean older devices.14:51
openstackgerritnarasimha18sv proposed openstack/kolla: update dispatcher configurations for database backend  https://review.openstack.org/39708914:52
*** inc0 has joined #openstack-kolla14:52
srwilkerssdake: yeah, sorry14:52
sdakeinc0 need some =1s plz14:52
srwilkerssdake: need to add it14:52
inc0gmorning14:52
sdake+1z14:52
inc0sdake, linkz plz14:52
egonzalez90nova ask neutron-openvswitch-agent to create the ports when new instances are scheduled. am i right sean-k-mooney ?14:52
sdakehttps://review.openstack.org/39690314:52
sdakehttps://review.openstack.org/39690114:53
inc0btw I think we got solid plan with infra to get docker registry in infra14:54
inc0that means we can make voting gates14:54
sdakehow does getting docker registry in infra make voting gates14:54
sdakemaybe voting gates for kolla-ansible14:54
inc0no, both I reckon14:55
inc0let me explain14:55
sdakei struggle to see how we can vote gate on building14:55
inc0for kolla-ansible ofv14:55
inc0so amount of changes done to dockerfiles now are relatively small14:55
inc0majority of changes are ansible changes14:55
inc0so if upstream stuff breaks, I'd be ok with holding these few patches until upstream is fixed14:56
inc0again - not a lot of changes so smaller impact, we still can deploy ansible/k8s14:56
*** matrohon has quit IRC14:56
sdakeya i get how with a registry per region kolla-ansible could easily be voting14:56
sdakewhich is sweet14:56
inc0and if gate can't build gates submitter can't build as well14:56
sdakestill struggling on kolla repo itself ;)14:56
inc0therefore not-tested patches14:57
inc0therefore -1 on that account alone14:57
sean-k-mooneyegonzalez90: nova is respocably for doing the L1 connectivity so is adds the port to ovs via os-vif14:57
sdakeinc0 often the gate hesinbug fails14:57
sdakenot because of any particular problem, but for example, it runs on rax-iad ;)14:57
inc0recheck is still a thing14:57
sdakei guess that issue is orthognal14:58
sdakewell anyway do as you please ;)14:58
inc0will make ML discussion about that14:58
sean-k-mooneyegonzalez90: so no the neutron openvswaci agent is not respocibly for adding tap devices to ovs14:58
inc0but I see that as an option14:58
inc0also we need to make gates on kolla changes that will post to kolla-ansible repo14:59
inc0I mean to retain deploy gates in kolla14:59
inc0somehow14:59
sdakehuh14:59
inc0not as regular gates15:00
inc0but we need to make sure that change in kolla itself won't break deployments15:00
*** tonanhngo has joined #openstack-kolla15:00
sdakethat willl be a bit tricky as sometimes kolla changes will depend on kolla-ansible changes which are unmerged15:00
inc0kolla should never depend on kolla-ansible15:01
sdakethat is what you just proposed15:01
inc0ok, I guess that's true, but well, some feedback should be there15:01
inc0maybe non-voting, but still, a feedback15:01
inc0also if that's the case you'd block merging whole thing15:02
inc0as merging thing to kolla will break kolla-ansible (with voting gates, bad)15:02
inc0and probably kolla-k8s15:02
*** tonanhngo has quit IRC15:02
inc0which is no-no15:02
sdakeya repo split is a charlie foxtrot15:02
sdakegood luck - iwarned ya all :)15:02
inc0still, has to happen15:03
inc0changes +1d15:03
sdakethx15:03
sdakethat was half the hard part15:03
sdakethe other half is making the gates work again properly15:03
inc0gonna check with infra about registry15:04
inc0as registry would make it super simple15:04
openstackgerritWei Cao proposed openstack/kolla: Fix ironic-base Dockerfile  https://review.openstack.org/39723515:04
sdakeinc0 btw today is release week15:06
inc0ahh 3.0.1?15:06
sdakenah, 4.0.0.0b115:06
inc0ok, I'll tag this one15:06
inc0damn it's fast15:06
sdakewere you going to do prior to after repo split?15:06
sean-k-mooneyinc0: we are already on 3.0.2 i think on mitaka15:06
sdakeya shortened 4 month schedule15:06
*** f13o_ has joined #openstack-kolla15:06
inc0sdake, ideally after15:07
sdakeinc0 cool15:07
inc0let's try to split before so all 4.0.0 changes will be clean15:07
sdakeinc0 there is a clause in the gov repo that says if a repo isn't released on schedule - it isn't part of the release15:07
sdakei am unsure how this works with repo splits, but better safe then sorry :)15:07
inc0yeah agree15:08
inc0I'm not sure if we ever had repo split in openstack15:08
sdakethere have been plenty15:08
sdakehence the good guidance i recieved from the infra and release teams15:09
sdakemy original approach would have created a real mess15:09
sdakealways beset to ask for for advice from the pros ;)15:09
inc0ok thats cool, we're not the firsts for a change15:09
*** f13o__ has quit IRC15:10
sdakewith depends_on and needed_by we might be able to get cross-repo gating working15:10
sdakeI'm not sure how those flags work under the covers wrt gate jobs15:10
sdakeits sure to frustrate the dev team tho if that is the solution :)15:11
inc0what we can do is to have git submodule15:12
inc0and keep kolla gates in kolla15:12
inc0until we have infra registry15:12
inc0then we use registry in ansible and drop build gates from it15:13
*** jtriley has quit IRC15:13
sdakei'm not sure submodules are supported by gerrit15:14
sdakewhat tests the build in your above scenario inc0?15:14
sdake(i.e. tests the build works properly)15:14
inc0kolla15:14
sdakeyou siad remove gates from kolla repo15:15
inc0deploy gates15:15
sdakethe reason those build gates are there is to test that the build works15:15
inc0we keep build ofc15:15
*** jtriley has joined #openstack-kolla15:15
sdakeoh right, we dont need build gates in kolla-ansible at all15:15
inc0deploy gates goes to kolla-ansible, build stays in kolla15:15
sdakeif there is a registry in the middle15:15
inc0only thing that's hard is how to put images for deploy gates before we get registry15:16
sdakenote i didn't do any gate work in the repo split15:16
sdakeand would like to keep it that way15:16
sdakeatm that means rebuilding them inc0 ;)15:16
inc0but will you have kolla code in kolla-ansible gates?15:16
sdakeinc0 i think the proposal that jeffrey4l hd was to do a git pull on the kolla repo15:17
*** coolsvap has quit IRC15:17
sdakeor pip install it15:17
*** tonanhngo has joined #openstack-kolla15:17
sdakeor something15:17
sdakenot real clear tbh ;)15:17
sdakeJeffrey4l said he would fix the gates so they work15:17
openstackgerritzhubingbing proposed openstack/kolla: Ansible-ize OpenStack Designate  https://review.openstack.org/35326115:17
sdakei can help there if needed15:17
inc0maybe we'll get registry quick enough15:17
sdakei've been asking for a year15:17
inc0it's really fast to set it up15:17
Jeffrey4lafter split, the kolla repo should trigger the kolla-ansible and kolla-kuberneter jobs.15:17
sdakenot sure quick is the adjective i'd use ;)15:18
inc0sdake, look at Fridays log at infra15:18
sdakeinc0 i trust if you say they are working on it, they are15:18
*** tonanhngo has quit IRC15:18
sdakeinc0 i asked for a long time, but had no concrete answer as to how to do the job15:18
sdakeand neither did they15:18
inc0we'll start with having one15:18
inc0on one of mirror nodes15:19
*** f13o_ has quit IRC15:31
*** f13o_ has joined #openstack-kolla15:32
rhalliseysdake, https://github.com/openstack/python-k8sclient15:33
*** tonanhngo has joined #openstack-kolla15:34
*** tonanhngo has quit IRC15:34
sdakerhallisey ya - who do you think got that made ;)15:35
rhalliseydims15:35
sdakenah, it was actually madhuri15:36
duonghqanybody give kubeadm a try, I think it's quite cool15:36
sdakeat my begging and pleading15:36
duonghqmuch easier then previous method15:36
sdakei spent countless hours with madhuri making that swagger shit work15:37
sdakewhat a pain in the ass that was15:37
sdakethe problem is, the code needs to be regenned each time the api changes15:37
rhalliseywell we need it to be updated to1.415:37
sdakeand swagger produces a disaster of code15:37
sdakerhallisey after swagger gets done, it requires alot of manual intervention to get things rolling again15:38
sdakei'm pretty sure magnum gave up on using that15:38
sdakelet me go ask15:38
rhalliseywe need to contact kube one way or another15:38
rhalliseymaybe that's not the best way15:38
*** matrohon has joined #openstack-kolla15:38
sdakeya popen to kubectl :)15:38
sdakeits sort of hacky but gets the job done15:38
rhalliseyya figured15:39
rhalliseyotherwise we're stuck maintaing that15:39
sdakestuck maintaining which - a native python library to the rest api?15:39
*** zhubingbing_ has quit IRC15:39
sdakein the past i really thought a native python librar ywas the only way to go15:40
sdakebut given how the rest api has evolved in lubernetes, I think the best way is just to use the native client15:40
rhalliseykube is going to move so fast, if we have to contantly work on generating this and fixing it15:40
rhalliseyit will take a lot of time15:40
sdakeand since we are packaging the micro-controllers in a contianer, packaging kubectl is no big deal15:40
sdakein the use case of magnum, putting kubectl on the system was more of a big deal15:41
rhalliseyplus python is first pass15:41
sdakei'd still recommend avoiding useing a python interface to kubernetes15:43
rhalliseypopen it is15:44
sdakeits actually Subprocess15:44
sdakebut under the hood is popen15:44
sdakeyou starting to write code?15:44
rhalliseyI'm putting the pieces together15:45
rhalliseytrying to figure out what goes in the operator base class and all the way down15:45
*** jheroux has joined #openstack-kolla15:46
* dims peeks15:48
duonghqI still cannot figure out how to bring cluster up again once it is down15:48
duonghq(w/ kubeadm)15:48
rhalliseyduonghq, I've had some trouble with kubeadm15:48
rhalliseyI think you just kubeadm reset15:49
rhalliseythen remake it15:49
duonghqrhallisey, last time I use reset, something go wrong, I'll give it one more try :)15:49
*** Pavo has quit IRC15:50
*** Pavo has joined #openstack-kolla15:51
*** Pavo has quit IRC15:53
*** tonanhngo has joined #openstack-kolla15:54
*** logan- has quit IRC15:54
*** tonanhngo has quit IRC15:55
*** dgonzalez is now known as dgonzalez__15:55
*** dgonzalez__ is now known as dgonzalez15:55
*** Pavo has joined #openstack-kolla15:56
Pavomorning15:57
duonghqmoring Pavo15:57
Pavomorning duonghq15:58
*** neilus has joined #openstack-kolla16:00
*** logan- has joined #openstack-kolla16:01
*** neilus has quit IRC16:05
*** tonanhngo has joined #openstack-kolla16:07
*** DTadrzak has quit IRC16:09
sdakehey dims16:14
sdakerhallisey put in the base class the stuff that is needed16:16
*** lrensing has joined #openstack-kolla16:16
sdakerhallisey perhaps I should write the base class ;-)16:16
lrensingmorning everyone16:16
rhalliseysdake, ya I'm listing what is needed16:16
sdakelisting where16:16
sdakeis there a blueprint somwheres?16:16
rhalliseyno let me make an etherpad16:16
rhalliseyor bp16:17
sdakelets use etherpad for the brainstorming about the base class16:17
sdakeand link bp to it16:17
rhalliseyhttps://etherpad.openstack.org/p/operator-base-class16:17
rhalliseyk16:17
sdakei think we also need to make a prototype operator16:17
pbourkesp_: hi just saw your message. I dont know enough about k8s operators to compare16:18
pbourkesp_: from what I can tell operators will orchestrate the bring up of the cluster, prechecks simply check that things are as they should be in order to do a successful deploy. I dont know how they'll fit into the k8s model16:19
rhalliseysp_, https://review.openstack.org/#/c/392257/16:21
sdakepbourke speaking of  operators16:23
sdakepbourke you use a custom db in kolla correct?16:23
pbourkesdake: yes we use mysqlcluster16:23
duonghqrhallisey, when I do kubeadm reset on master nodes, every resource I added also went, right?16:23
*** khamtamtun has joined #openstack-kolla16:23
rhalliseynot sure if you have to reset on each node16:23
*** unicell has quit IRC16:24
kfox1111monrning16:24
*** absubram has joined #openstack-kolla16:24
*** neilus has joined #openstack-kolla16:24
sdakepbourke which python client does that use?16:24
duonghqrhallisey, reset on minion is fine, but seem that it's delete everything, so if it's done on master nodes, resource has no change, I think I should do some more check16:24
pbourkesdake: same as mariadb16:24
sdakepbourke cool thanks!16:25
sdakepbourke see etherpad above line 5 for reason i asked the Q16:25
pbourkesdake: thanks16:25
duonghqrhallisey,  from kubeadm man:  reset       Run this to revert any changes made to this host by 'kubeadm init' or 'kubeadm join'.16:26
duonghqso it should not be used on master nodes16:26
duonghq*node16:27
*** chas_ has joined #openstack-kolla16:27
*** f13o__ has joined #openstack-kolla16:28
sdakerhallisey question re init container16:28
sdakedoes it run only once16:28
sdakeor every time the container is scheduled16:28
kfox1111nice: https://github.com/stackanetes/kubernetes-entrypoint/issues/1216:28
sdakekfox1111 or that q for you :)16:29
kfox1111is an init for the pod.16:29
kfox1111its16:29
kfox1111so whenever a pod is created, it runs.16:29
rhalliseyevery time16:30
rhallisey^ ya what kfox1111 said16:30
rhalliseys/container/pod/16:30
kfox1111the subtle thing is when a container in the pod restarts, it does not.16:30
kfox1111so, once, on pod creation.16:31
kfox1111usually whoe pods are deleted/recreated though, and so it hapens every time in that case.16:31
*** f13o_ has quit IRC16:31
sdakekfox1111 in the context of openstack16:31
sdakeonce you create a pod, its a permant thign no?16:31
inc0soo next step, how do we make helm give deps to entrypoint?16:32
kfox1111its great for setting things up for the pod. its ok for orchestration between pods but bad for workflow.16:32
kfox1111"pods are mortal. they are born, live for a while, and die"16:32
sdakeok so operator still reins supreme for the use case16:32
sdakelive for 5000 years is the line ;)16:32
rhalliseyop is also a pod16:33
inc0they live, die and resurrect16:33
sdakerather for use case of db and user setup via keystone16:33
kfox1111"replication controllers" (and other objects) "can give the system an apearance of immortality by replacing pods as they die."16:33
inc0like Jesus, just proven16:33
inc0;)16:33
sdakeWWJD16:33
inc0ok, j/k16:33
kfox1111:)16:33
*** Jeffrey4l has quit IRC16:33
duonghqin other words, it should be cattle, not pets?16:34
inc0pods in k8s yes16:34
kfox1111best suited to cattle, yes.16:34
sdakethe database is definately a pet16:34
inc0but not everything can be16:34
kfox1111daemonsets/petsets (now called statefulsets) kind of blur the lines a bit there.16:34
duonghqso, things which need persistence should not pets?16:34
sdakei think blur is the wrong word - they implement pets :)16:35
duonghq*cattle16:35
kfox1111no, not quite.16:35
kfox1111so there are a few pieces to pets.16:35
inc0legs...head...16:35
kfox11111. state.16:35
inc0ok, I'm doing it again16:35
inc0I'll stop writing now.16:35
kfox11112. singleton pattern16:35
openstackgerritJeffrey Zhang proposed openstack/kolla: Add neutron vpnaas code into neutron-server container  https://review.openstack.org/39701516:35
*** neilus has quit IRC16:36
kfox11111. can be handled by making sure you can give state back when requested. like with ceph rbd volumes.16:36
duonghqI'm running out of energy, will try to catch up with you guys via IRC log16:36
kfox1111there's a 3rd. too. I guess. addressing.16:36
sdakeduonghq sleep well my friend16:36
duonghqgood night16:36
rhalliseynight16:37
*** duonghq has quit IRC16:37
kfox11113. is delt with with floating ip's, or dns entries that are dynamic.16:37
sdaketime for some 30016:37
*** fragatina has quit IRC16:37
sdakeor johnnie cash16:37
sdakenot sure which :)16:37
kfox11112 is the hardest, and usually traditional architectures build custering into the system.16:37
kfox1111such as rabbit clustering or mariadb clustering.16:37
kfox1111so the thinest pet you  can usucally make is one where you minimize all 3 of those things.16:38
kfox1111if you can minimize #1 and #, its barely a pet. people notice if it dies, but if you can put it back quickly, like with k8s can with self heeling,16:38
kfox1111it may not be a bad solution.16:38
sdakei was thinking operators should spawn other operators depending on config16:39
kfox1111"#1 and #3"16:39
kfox1111sdake: yes. the compute kit one would spawn the other operators in the kit.16:39
sdakekfox i was thinking all the way down16:39
inc0by the way, I also see value of having OOB operators that will manage deployed openstack externallyu16:40
sdakeoh you just said that16:40
kfox1111sdake: I'm not sure we need more then 2 layers.16:40
sdakei thought you meant nova-operator16:40
Pavois kolla-ansible certificates suppose to be ran with the inventory file or just by itself?16:40
sdakeinc0 totally agree16:40
inc0with clever dependency operators we'll be able to do upgrades and reconfigure with them as well16:40
sdakepavo with inventory if your setting up tls16:40
inc0on the other hand, init container will get us to deploy *really* fast16:40
Pavook ty16:40
kfox1111compute kit operator and (nova/glance/cinder/neutron/mariadb/rabbitmq /(optional keystone))16:40
Pavobefore deployment or after?16:40
inc0kfox1111, so I think we can pull off generic dependency management operator16:41
inc0that will take deps and wait for them to finish16:41
sdakepavo prior would be my guess, but I'm not certain it matters16:41
Pavook16:41
kfox1111inc0: mostly agree. for deployment, all the service ones should look pretty similar.16:41
sdakepavo what you really want is non-self signed certs16:41
kfox1111for upgrades, all bets are off.16:41
rhalliseyinc0, idk if that's the model we're aiming for16:42
inc0not necessarly16:42
inc0in fact, if we have external operator constantly autohealing16:42
sdakeok i'd recommend focusing on deploy workflow for now16:42
rhalliseythat would be the option 1 in the spec16:42
Pavowell for testing purposes self-signed is fine16:42
sdakeand shoe-horning upgrade  in later16:42
sdakepavo roger16:42
kfox1111inc0: no.16:42
inc0upgrade of nova for example will be -> remove nova config maps, wait for them to reappear -> remove nova conductor -> wait for them to be restored -> remove rest of services16:42
kfox1111operators shouldn't be trying to heal things I think. k8s should do that already.16:43
*** khamtamtun has quit IRC16:43
Pavoalso getting an error when generating certs using inventory file before deployment  http://paste.openstack.org/show/589147/16:43
rhalliseyya k8s does the healing16:43
inc0well, operators will manage k8s16:43
inc0pods - yeah k8s does the healing16:43
inc0configmaps - not so much16:43
sdakekfox1111 i think operators can provide value in the healing - unless kubernetes self-healing has grown some wings since i looked at it last16:43
kfox1111inc0: I guess this is one area we need to flesh out a bit.16:44
kfox1111are operators workflow, or workflow+config management?16:44
sdakekfox1111 that is the point of ryan's base class blueprint and etherpad16:44
inc0kfox1111, so it's interesting to me as I was thinking of this particular topic in heat16:44
rhalliseysdake, we need to be careful here though.  We can't solve every problem16:44
kfox1111I prefer to keep all the pieces orthoganal, but I can see people wanting to mix the two.16:44
inc0now I have a chance to implement and test it out:)16:44
rhalliseyhttps://etherpad.openstack.org/p/operator-base-class16:44
rhallisey^16:44
Pavogonna try after deployment16:45
rhalliseywe need to define the base operator class16:45
sdakedump your ideas in ryan's etherpad plz16:45
inc0I'd start by doing init container entrypoint16:45
inc0as (opposed to operator) we already know how to do it16:45
inc0and it will work16:45
kfox1111really don't want to see workflow doene in the pods.16:46
kfox1111really really dont.16:46
inc0if I'm right (with my not-so-fleshed-out-idea) we'll be able to easily plug my operator to working env16:46
sdakekfox1111 you mean the operator pod?16:46
inc0well, it's not really workflow16:46
*** lrensing has quit IRC16:46
inc0and operator is a pod16:46
sdakekfox1111 thatis the purpose of the operator pod, to do workflow16:46
kfox1111workflow belongs in an operator.  deployment logic shoudl be kept out of the pods.16:46
inc0waiting for deps is not a workflow16:46
kfox1111minimal dependency logic may belong in an init-container though.16:47
rhalliseyoperator is a workflow. I'm confused16:47
inc0and it's true anyway, we just make it more robust with entrypoint16:47
sdakei disagree, dep management is a key part of workflow16:47
inc0key part, but not *a workflow*16:47
kfox1111so, let me discus a concrete example maybe....16:47
inc0it's like wheel is key part of a car, but not really car on it's own16:47
inc0and wheels make perfect sense in stuff that's not a car16:47
kfox1111say we have a nova-compute pod.16:48
sdakeinc0 bad example dude, we are not ubilding a car;)16:48
kfox1111it depends on openvswitch and one or more neutron daemonsets running on the node.16:48
inc0sdake, metaphor...16:48
kfox1111it also depends on nova-api, and keystone, and databases being inited in mariadb, and endpoints created in keystone, etc.16:49
sdakeany metaphor that uses the term "wheel" has all kinds of other connotations :)16:49
*** khamtamtun has joined #openstack-kolla16:49
inc0I don't thionk nova-cpu depends on openvswitch16:49
kfox1111inc0: indirectly.16:49
*** lrensing has joined #openstack-kolla16:49
inc0I'd say full openstack deployment depends on nova and neutron, nova depends on database, neutron depends on nova16:49
inc0multiple layers in same graph16:49
kfox1111neutron doesn't depend on nova.16:49
inc0init container will only deal with direct deps16:49
kfox1111I run nodes without nova but with neutron. :)16:50
sdakekfox1111 not accurate - neutron and nova have a circular dependency ;)16:50
inc0ok, "deployment complete" does16:50
Pavook kolla-ansible certificates has to be ran by itself and without inventory file included, if yo have tls enabled in globals it will fail looking for the certs in /etc/kolla/certificates dir16:50
kfox1111sdake: incorrect. I do run production systems with just neutron.16:50
inc0nova doesn't depend on neutron, neutron doesn't depend on nova16:50
sdakekfox1111 we are both correct16:50
kfox1111doesnt' matter though. getting off the rails.16:50
inc0but to be able to say deployment is done, we need both up16:50
kfox1111for nova vms to launch, the neutron bits must be up and working.16:51
*** shardy has quit IRC16:51
kfox1111so nova-compute -> neutron stuff.16:51
inc0but we don't launch vm before "Deployment complete"16:51
kfox1111wait. we're confusing things.16:51
*** bmace has quit IRC16:51
kfox1111lets back up a sec and define some terms.16:51
inc0kfox1111, I get that init container will only work on local stuff16:51
*** bmace has joined #openstack-kolla16:52
kfox1111There's instantiating pods, and deploying openstack.16:52
inc0but again, we need something16:52
kfox1111deploying openstack happens once at the begining.16:52
kfox1111pods may come and go over the life of the cluster.16:52
kfox1111so init-containers can rerun on a node multiple times over the cloud's life.16:52
kfox1111while deployment happens once.16:52
sdakeinit-containers then are not a solution for workflow16:53
kfox1111right.16:53
kfox1111we could put some deployment logic in init-containers, but its wasteful.16:53
kfox1111as deployment happens once, and init containers happen a lot more.16:53
sdakewasteful how?16:53
kfox1111so each time the init containers would be going through a bunch of code that will never not be true after deployment's done.16:54
sdakei see wasteful in the nanosecond range ;)16:54
Davieysdake: Do you know who is responsible for docker hub kollaglue?16:54
sdakeDaviey i am, although we have moved to the kolla namespace16:54
kfox1111so, looking to see if nova-createdb gets run in an init container imo is not a good place to do it.16:54
Davieysdake: We should probably do analysis for CVE-2016-6664 / CVE-2016-5617 kollaglue images16:55
kfox1111just make sure the operator does that before creating any pods that requrie it and we're good.16:55
sdakeDaviey i dont know what that cve is16:55
kfox1111then the pods never have to probe k8s for jobs.16:55
sdakeDaviey i am not on the security team...16:55
kfox1111sdake: its also wasteful in another way.16:55
Davieysdake: BECAUSE IT DOESN'T HAVE A CATCHY NICKNAME AND FANCY ARTWORK16:55
kfox1111say I have 300 nodes, and the power goes out.16:55
sdakeDaviey huh?16:56
kfox1111when they start back up, each would hammer k8s looking for nova-createdb job. pointlessly.16:56
sdakeDaviey what sshould be done is the kollaglue account should be deleted entirely16:56
sdakeor its contents thereof16:56
kfox1111its a scaling issue.16:56
Davieysdake: Sorry, taking the %!%$ out of the recent trend to have fancy names for vulnerabilities16:56
sdakeDaviey if its public can you provide a link, if its private, I dont have access to the CVEs16:57
sdakeinc0 did you ever  reform a security vuln mgmt team for kolla?16:58
Davieysdake: Just gone public, https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html AND https://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html16:58
inc0no, but we did start vuln management process16:58
inc0our docs are lost somewhere tho;)16:58
Davieysdake: i've not done a review of it yet.. but we should probably do some analysis.16:59
sdakeinc0 could you get a team formed16:59
sdakeinc0 vuln mgmt is a team thing not a SPOF thing :)16:59
inc0it's formed16:59
sdakei mean for kolla specifically17:00
inc0you're part of it17:00
inc0you formed it..17:00
sdakeright, i think some people dropped out of participation since the vuln mgmt tagging took longer then expected17:00
inc0I don't think it was tag issue17:00
inc0but we need process around this, I'll make sure to get it handled after we're done with 4.0.017:01
sdakeDaviey looking at first one, i'm not sure which versions of mysql we distribute on dockerhub17:01
inc0b117:01
sdakeinc0 cool thanks ;)17:01
Davieyinc0: if you are doing something sec' related, can you ping me?  I'd like to help.17:01
sdakeDaviey i can tell you - but if its the wrong version, we are totally reliant on upstraem for our mariadb implementation17:01
inc0will do Daviey17:02
Davieysdake: well, we are dependant on a semi-static image that we created, right?17:02
sdakeDaviey we have a coresec team in kolla17:02
sdakeDaviey we can rebuild17:02
Davieysdake: exactly17:02
inc0we need a good streamline for CVE, with or without fancy names, to be fixed in Kolla17:02
*** ayoung has quit IRC17:02
sdakeDaviey but distros need to do the job of making the rpms/debs available17:02
Davieywell yeah! :)17:02
sdakedo you know if that has been done yet?17:02
*** matrohon has quit IRC17:03
DavieyI'm saying, we need to decide if we need to respin. :)17:03
Davieysdake: not looked at it at all yet.. but i will this evening17:03
sdakeDaviey wht help do you need from me?17:03
Davieysdake: just wanted to know who was the point of contact for docker hub account17:03
Pavosdake can you get to https://ddi.hopto.org?17:05
sdakeDaviey typically coolsvap has been taking on the responsibility of managing it17:05
inc0Daviey, all of core team has dockerhub access17:05
sdakeinc0 not all core team17:05
sdakeinc0 only those that ask for it17:05
inc0ok, well, all of core team will get it if they want it17:05
sdakeya i'm not a mind reader on people's account names, so i have a hrad time keeping that up to date17:06
sdakeDaviey email of your dockerhub acct and I'll add you17:06
Davieyoh17:07
Pavocan someone try and see if they can get to https://ddi.hopto.org17:07
sdakepavo stuck at connecting17:08
sdakepavo i think a firewall issue possibly17:08
Pavohmmm17:08
Pavook one sec17:08
sdakeERR_CONNECTION_TIMED_OUT17:08
Davieysdake: email@daviey.com / daviey17:08
sdakedo you have a dockerhub account Daviey ?17:08
Davieysdake: Yep, with those details17:09
rhalliseykfox1111, are you pink in the etherpad?17:09
kfox1111yeah.17:09
kfox1111we should add d names17:09
kfox1111doing at the bottom.17:09
*** sdake has quit IRC17:10
*** chas__ has joined #openstack-kolla17:10
rhalliseykfox1111, what do you expect the openstack operator to do with regards to user specific items17:10
rhalliseywhat I mean is, do you see the openstack operator as a gateway for interacting with all the other operators?17:11
rhalliseyor do you interact at each level?17:11
rhalliseyor both17:11
*** egonzalez90 has quit IRC17:11
*** lrensing has quit IRC17:12
*** fragatina has joined #openstack-kolla17:12
*** chas_ has quit IRC17:12
*** sdake has joined #openstack-kolla17:13
rhalliseyI think right now it's both in the etherpad17:13
kfox1111rhallisey: the way I am curently thinking:17:13
rhalliseykfox1111, I'm going to make that a little more generic17:13
kfox1111config is relayed from the user via 3rd party resource creation.17:13
kfox1111so for the compute-kit operator, its the whole cluster config.17:13
kfox1111the operator slices that up in to config bits for neutron/glance/cinder/etc,17:14
kfox1111laucnhes the operators for those services if not there,17:14
Pavosdake can you try again please17:14
kfox1111and creates a 3rd party resource for each of neutron/glance/cinder with the config chunks relavent to it.17:14
sdakepavo this is the last place my packets make it to: 16  ga-augu-huh-cmts-1-e6 (24.214.0.34)  77.341 ms  78.242 ms  74.710 ms17:15
kfox1111the <service>-operator then takes its chunk of config, slices it up further, creates/uploads configmaps based on it,17:15
sdaketoo bad there isn't a bundled configmap object17:15
kfox1111ensures the db/rabbit create/bootstrap stuff is done, then helm installs the objects.17:15
sdakei guess that is what your talking of making17:16
rhalliseykfox1111, what if you wanted to skip the opemstack operator?17:16
kfox1111sdake: bundled configmap?17:16
sdakea bundled configmap would be a whole bunch of cnofigmaps bundled together17:16
kfox1111rhallisey: then you make 3rd party resources with the config for each and drive those operators that way.17:16
kfox1111you do exactly what the overarching operator does.17:16
sdakeand reigstered with a third party resource17:16
kfox1111sdake: there is a thing like that.17:16
kfox1111sdake: you can either do a configmap with multiple files in it,17:16
kfox1111sdake: or you can create a List object.17:17
sdakekfox1111 tell me more pls17:17
*** ayoung has joined #openstack-kolla17:17
kfox1111sdake: I use it with kollakube now, when multiple res objects are specified at once.17:18
kfox1111you can create a list object, and it can contain 1+ other k8s objects.17:18
*** Pavo_ has joined #openstack-kolla17:18
sdakerather then trying to solve world hunger17:19
sdakelets tackle one problem at atime - such as a mariadb operator17:19
Pavo_sdake can you try again please17:19
kfox1111do a kollakube tmpl pod neutron-l3-agent-network neutron-opevnswitch-agent-network and you can see an example.17:19
sdakeand move up the stack17:19
*** Pavo has quit IRC17:19
*** Pavo_ is now known as Pavo17:19
sdakemariadb + keystone are probably two prime candidates17:20
sdakedid we make a decision we are not using mariadb in clustering mode17:20
rhalliseyok right now, openstack operator does 2 things17:20
kfox1111yeah. I think if we poc those, we will be in pretty good shape.17:20
rhallisey1) Handle user config options 2) Spawn appropriate operators17:20
kfox1111sdake: no decision, but I want cluster and not cluster. :)17:20
kfox1111IE,17:21
sdakekfox1111 have trobule parsing that last part :)17:21
openstackgerritMerged openstack/kolla: Fix neutron.conf.j2 metadata_workers spelling error  https://review.openstack.org/39718617:21
kfox1111I'm thinking for service rpc, I want one rabbit pod per service. non stateful.17:21
kfox1111for ceilometer though, I want a cluster.17:21
*** clsacramento has quit IRC17:21
kfox1111building blocks, remeber? :)17:21
rhalliseykfox1111, wants everything all the time everywhere17:22
rhallisey:)17:22
sdakein every way :)17:22
kfox1111I know. I'm kind of needy, arn't I? :)17:22
rhalliseyhehe17:22
sdakekfox1111 trust me you don't fit the defn of needy :)17:22
kfox1111the good news, is I implement the stuff I need, not just ask for it. :)17:22
sdakepavo same story with traceroute17:22
kfox1111this is kind of why I'm not sure one operator to rule them all would work.17:23
kfox1111my particular needs, like stated above might not work for everyone.17:23
Pavosdake how about now?17:23
kfox1111but keeping workflow seperate from the other building blocks alows us all to work together. :)17:24
openstackgerritMerged openstack/kolla: Fix placement of policy.json  https://review.openstack.org/39426017:24
sdakepavo its still busted17:24
*** eaguilar has quit IRC17:25
Pavogrrr17:25
sdakekfox1111 much in the way we kept image building separate from workflow17:25
rhalliseykfox1111, I agree, an operator to rule them all won't work17:25
kfox1111yeah.17:25
sdakekfox1111 people love that about kolla17:25
kfox1111its a killer feature of kolla. :)17:25
kfox1111now we just gota do the same for k8s. :)17:25
sdakenow we have 3 things17:26
kfox1111why implement your own k8s objects. just use kolla's. :)17:26
sdakeimage building, kubernetes config blobs, and workflow17:26
sdakekfox1111 expand on last sentence17:26
sdakei'm not sure i mentioned implementing our own k8s objects17:26
sean-k-mooneyhas anyone ever had issues with contaienrs being deleted after a host reboot?17:26
*** msimonin has quit IRC17:26
sdakesean-k-mooney never seen that before17:27
sdakesean-k-mooney repeatable?17:27
sean-k-mooneyi lost one of my ceph mons after a reboot to fix an out of disk space issue17:27
sdakeoh out of disk space17:27
sean-k-mooneyam i dont think so17:27
sdakeya docker doesn't handle out of disk space well17:27
kfox1111sdake: sorry. maybe bad terminology.17:27
sdakeall bets are off when you run out of /var/lib/docker space17:27
kfox1111its the parallel to our docker files.17:28
kfox1111our k8s object templates.17:28
sean-k-mooneysdake: ya im learning that. i have lost some contianer on 2 of my controller both of which had out of disk space issue on /17:28
*** eaguilar has joined #openstack-kolla17:28
kfox1111not saying we create custom k8s objectt types, just k8s objects. (deployments, daemonsets) etc for launching openstack in k8s.17:28
sdakekfox1111 right for the most part that is what kolla-kubernetes is atm17:29
sdakehowever, it lacks workflow17:29
*** mgiles has quit IRC17:29
kfox1111yeah.17:29
sdaketherefore it really lacks a proper user experience17:29
kfox1111agreed.17:29
*** khamtamtun has quit IRC17:29
kfox1111we'r'e kind taking the oposite aproach to everyone else.17:29
sdakewho said merging workflow and objects together tho?17:29
*** khamtamtun has joined #openstack-kolla17:29
sdakekfox1111 in which way17:30
kfox1111sap/stackenetes has focused on the small cluster use case to get it to deploy quickly for their prototypes.17:30
kfox1111I've been focusing on making kolla-kubernetes work for a medium/large system. then working backwards to do the easy to deploy small systems.17:31
sdakemind expanding17:31
rhalliseywhat kolla-kubernetes will hold that is useful is the operators17:32
rhalliseythe operator code that defines how openstack will run17:32
kfox1111the most useful part actually is the building blocks.17:32
kfox1111some fols won't use the operators.17:32
rhalliseythose are the operators17:32
rhalliseywell part of17:32
rhalliseypart of the building blocks17:32
kfox1111some companies will probably form products around kolla-kubernetes that don't use operators.17:32
kfox1111but all will use the buildign blocks. :)17:32
*** nihilifer has quit IRC17:32
*** f13o__ has quit IRC17:32
rhalliseydefine what you see as the building blocks17:33
inc0just please, let's not do repo split yet again;)17:33
openstackgerritEduardo Gonzalez proposed openstack/kolla: Tacker Docker configuration  https://review.openstack.org/39639117:33
inc0kolla-k8s and kolla-k8s-operators;)17:33
sdakeinc0 i was just getting ready to say sounds like another repo split ;)17:33
kfox1111building blocks = our jinja2 templates or our helm packages.17:33
rhalliseyeh17:33
*** nihilifer has joined #openstack-kolla17:33
inc0yo dawg I heard you like repo splits, so I split your splitted repo so you can split while you split17:33
rhalliseyI have a slight disagreement17:33
rhalliseythe kolla recipes are different than these17:34
*** sdake_ has joined #openstack-kolla17:34
rhalliseyI don't disagree that people will want or use them17:34
*** chas__ has quit IRC17:34
kfox1111the templates/packages are analagous to the kolla containers.17:34
rhalliseybut kolla was super early on how to do it17:34
kfox1111generic building blocks people can launch in whatever way best suites their system.17:34
*** chas_ has joined #openstack-kolla17:35
sdake_inc0 repo split incoming !!17:35
rhalliseykfox1111, that last statement, yes I agree with that17:35
kfox1111the kolla ansible stuff is more akin to the workflow bits.17:35
rhalliseyoperators are part of that17:35
kfox1111right.17:35
inc0brace for impact17:35
rhalliseyok I guess we differ there17:35
sdake_differ how17:35
rhalliseybecause the operators are building blocks recipes too17:35
kfox1111rhallisey: yeah. true.17:36
sdake_they are implementations of workflow just as kolla-ansible is17:36
rhalliseyso I see them as equivalent to the services17:36
kfox1111and operators should be encuraged to use as many of the building blocks as they can rather then reinvent them.17:36
kfox1111rhallisey: I think we're on the same.17:36
rhalliseyok17:36
rhalliseygotcha17:36
sdake_inc0 i am semi-serious, i htink the operators thing will spawn a repo split in the future17:36
kfox1111the operators will be packaged in kolla containers, and have helm packages provided.17:37
rhalliseysdake, idk17:37
kfox1111so yeah, in that sence they are no different then any of the other building blocks.17:37
*** Serlex has quit IRC17:37
rhalliseysdake_, I think this is a difference scenario17:37
inc0sdake_, I hope not, it's k8s native so no religion will be involved17:37
kfox1111I see no reason to split.17:37
rhalliseythere is no religion tied in here17:37
sdake_that isn't the reason we did the repo split I hope ;)17:37
kfox1111we're just architecting kolla-kubernetes in a more moduler way.17:37
inc0well, partially it is17:37
rhalliseyjust analogous building blocks17:37
*** sdake has quit IRC17:37
*** mgoddard has quit IRC17:37
kfox1111kolla-ansible had several things done by the same tool, so it was natural to conflate them a bit.17:38
sdake_ok well all I have to say on repo split, is I capitulated, and I warned ya fellas ahead of time :)17:38
*** mgoddard has joined #openstack-kolla17:38
inc0this was planned for a long time17:38
inc0after that, we'll see17:38
inc0but I don't think we'll need any more of it17:38
sdake_ya well the trigger has been pulled17:38
*** chas_ has quit IRC17:39
kfox1111I think long term, it will be worth it. short term, it will be painful.17:39
*** khamtamtun has quit IRC17:40
sdake_no repo splits short term17:40
sdake_atleast none that i'm voting for17:40
sdake_kfox1111 unclear if you were talking about the repo split that has been done or the one that may be done in the future :)17:40
*** Pavo has quit IRC17:40
sdake_if folks couldn't tell, i'm a super fan of one repo ;)17:41
kfox1111talking about kolla-ansible.17:41
sdake_ok17:41
kfox1111I can't think of any other ones.17:41
sdake_kfox1111 the way you position operators, they are "optional"17:41
kfox1111sdake_: right.17:41
sdake_the way kolla-ansible was positioned was the same...17:42
*** athomas has quit IRC17:42
*** mgiles has joined #openstack-kolla17:42
kfox1111cool. then I think we're on the same page then.17:42
kfox1111brb.17:42
*** khamtamtun has joined #openstack-kolla17:46
sdake_and ify ou win you get this shiny fiddle made of gold17:49
sdake_and if the devil wins he gets your soul!17:49
*** TxGirlGeek has quit IRC17:51
rhalliseysdake_, etherpad is coming together17:51
sdake_inc0 https://review.openstack.org/#/c/396903/9/gerrit/projects.yaml17:52
rhalliseyright now we have 4 things needed in the base class17:52
*** devananda|away is now known as devananda17:52
sdake_rhallisey got a link - mine scrolled17:52
sdake_and lazy :)17:52
rhalliseyhttps://etherpad.openstack.org/p/operator-base-class17:53
*** eaguilar has quit IRC17:55
*** ayoung has quit IRC17:55
*** khamtamtun has quit IRC17:57
*** khamtamtun has joined #openstack-kolla17:57
sdake_hate this time of year18:00
sdake_hot cold hot cold18:00
*** eaguilar has joined #openstack-kolla18:01
*** fragatin_ has joined #openstack-kolla18:01
portdirect sdake_ come to scotland, we have cold & rain all year :)18:01
portdirectrhallisey: If possible could we also add rabbit user/role to the base-class?18:02
sdake_portdirect sounds fantastic :)18:02
sdake_portdirect the idea is to create users and roles in the operators themselves18:02
rhalliseyyes18:03
rhalliseyportdirect, go ahead and add it18:03
sdake_and use the thirdparty object to track their state18:03
*** fragatina has quit IRC18:05
portdirectnice18:06
pbourkebjolo_: any progress on that multiple network issue?18:06
pbourkebjolo_: could you paste me your ml2_conf.ini if you get a chance18:06
*** khamtamtun has quit IRC18:07
inc0any puppet magician here?18:07
*** pbourke has quit IRC18:07
inc0PTL needs your help;)18:08
*** khamtamtun has joined #openstack-kolla18:08
sdake_rhallisey line 29 question18:08
sdake_You ahve <service>>-oprat-rbase class18:09
*** ayoung has joined #openstack-kolla18:09
sdake_is your intent to create ae base class for every service?18:09
sdake_because tbh, tht makes alot more work with no gain18:09
*** pbourke has joined #openstack-kolla18:09
*** msimonin has joined #openstack-kolla18:09
sdake_a parent class inherits from the base class all the infrastructure to do the job, that is where <service>-operator specific logic goes18:10
rhalliseysdake_, no, the base class is for will do the the work18:10
rhalliseyopenstack-operator has a different class18:10
rhalliseyof it's own18:10
inc0rhallisey, you worked on tripleo, you should know puppet right?:P18:10
sdake_right but look at line 2918:10
sdake_you got <>'s around it18:10
rhalliseyya I know some puppt18:10
sdake_thanks :)18:10
rhalliseyremoved it18:10
inc0wanna help make Kolla greater?18:11
rhalliseywhat is it you need in puppet18:11
inc0we need puppet module that will setup registry18:11
inc0in infra18:11
inc0then kolla-k8s and kolla-ansible will be able to just pull images from it18:11
sdake_rhallisey when we create classes for all this stuff based upno the base class18:12
sdake_where will the configuration come from?18:12
rhalliseyinc0, what does it entail18:13
rhalliseydownloading docker? and stuff like that?18:13
rhalliseylike is the env empty?18:13
kfox1111back18:13
sdake_not the shell environment18:13
rhalliseysdake_, uhm18:13
inc0no, running registry outside of docker18:13
inc0so just apt-get install docker-registry18:13
sdake_the configuration for how to setup the pod18:13
kfox1111inc0: yeah. up to date containers would be awesome.18:13
inc0I can help you with running-registry-outside part18:13
inc0kfox1111, if you know puppet you can help too;)18:14
kfox1111same should happen for helm.18:14
kfox1111puppets one of the few I dont now. :/18:14
kfox1111know.18:14
sdake_kfox1111 where does config come from for opeartor base class on line 29 of the etherpad18:14
kfox1111sdake_: looking...18:14
rhalliseyit can come at any layer18:14
rhalliseyI believe18:14
kfox111129?18:14
kfox11113rd party resource18:14
sdake_line 29 of the etherpad18:14
rhalliseyso it can come from the openstack operator18:15
rhalliseyor each service op18:15
sdake_my line 2 is "Operator-base" class18:15
sdake_ok what feeds the 3rd party resource18:15
kfox1111the opnestack operator, or a hman operator would upload the config as a 3rd party resource18:15
rhalliseyuser or openstack op18:15
kfox1111which pokes the service operator to realize the config.18:15
sdake_the config is what, a configmap?18:15
rhalliseyuser -> openstack op or user -> service-op18:16
kfox1111a third party resource.18:16
sdake_ok, so lets make a real world example :)18:16
rhalliseyah so18:16
kfox1111a thrid party resource is just a custom k8s object type. yaml document.18:16
sdake_keystone has some default settings18:16
portdirectjson18:16
sdake_are we to feed that into the operator?18:16
rhalliseyI don't think third party resource will have a config map18:16
kfox1111or json. :)18:16
rhalliseyso we store it then create it18:16
rhalliseybase class will convert it18:17
kfox1111an operator is a workflow that takes a desired state, (the third party resoruce definition), looks at the current state of the system, and applies chagnes to k8s until the two match up18:17
rhalliseykfox1111, that makes it sound like a daemon, which I don't think it is18:18
kfox1111it is a daemon I believe.18:18
*** khamtamtun has quit IRC18:18
kfox1111most of the time it does nothing though.18:18
sdake_operators are daemons18:18
sdake_daemons of micro-controllers ;)18:19
kfox1111waiting for thrid party resources pointing to it getting chagned/added18:19
rhalliseywell maybe the peices will be18:19
rhalliseyI guess it has to be for auto healing18:19
rhalliseybut then we need to incorporate that18:19
kfox1111it has to be running to watch for 3rd party resource creations/changes.18:19
kfox1111though the user could stop it and nothing shoudl break.18:19
sdake_if it one-shots, it will be reloaded continually bo k8s18:19
sdake_which we dont want18:19
rhalliseyok let me rephrase18:20
sdake_what data do we want in the third party resource?18:20
kfox1111thats a good question. I think it comes down to usabilit.18:21
rhalliseydaemon = constantly trying to bring to desired state.  controller = waiting for either user input or kubernetes input to execute an operation18:21
kfox1111it could be one of two things I think.18:21
rhalliseyI think it's #2, a controller18:21
kfox1111it could be the current kolla/globals.yml and kolla-kubernetes/kubernetes.yaml info18:21
rhalliseydaemon might be the wrong word18:21
kfox1111or it could just be kolla-kubernetes/kubernetes.yaml and the user is expected to put in the eqiv of kolla/blobals.yaml via configmaps or something.18:21
sdake_ok so looking at KEYSTONE in particular18:22
sdake_whatwould the input be, surely not globals.yaml?18:22
*** Pavo has joined #openstack-kolla18:22
kfox1111the overarching openstack-operator would take globals.yaml, and slice it up into 3rd party resources relevent to each.18:22
kfox1111so the keystone operator woudl take in the equiv of just the values in globals.yaml it cared about.18:23
portdirectdeleted what i was typing, kfoxx is on it :)18:23
sdake_currently isn't this in a configmap?18:23
kfox1111yeah.18:23
kfox1111but I think the keystone-operator woudl create the keystone cnfigmap using that data.18:24
portdirectwould it not be the operaors job to produce the configmaps from this?18:24
kfox1111if you still wanted ultimate flexability as a user,18:24
kfox1111you would skip the operator and deploy the configmap/deployment yourself.18:24
sdake_what would create the db/etc? :)18:25
kfox1111the operator.18:25
portdirectsdake_: I think we would also want some version info for the db18:25
sdake_you just said skip the operator?18:25
rhallisey<service>-operator18:25
kfox1111oh. if the user was skipping the operator, then they would manually do what the operator does.18:25
rhalliseythe openstack-operator will gather data and pass it down then start <service>-operator18:25
sdake_ok, I don't expect anyone to magically figure that part out :)18:25
kfox1111the operator is basically just a condified human operator. everything the operator can do a human should be abe to do.18:26
kfox1111codified18:26
sdake_such a terrible name18:26
sdake_can we fire whoever came up with that name18:26
kfox1111+1000 :)18:26
kfox1111someone REALLY wasn't thinking about users...18:27
kfox1111once again us ops get thrown under the bus. :)18:27
*** Pavo has quit IRC18:27
sdake_ok rants aside18:28
sdake_the overarcing operator feeds what input into the third party resource?18:28
kfox1111the config bits that are relavent to that third party operator.18:29
sdake_what gets fed the cnofigmap?18:29
kfox1111k8s itself.18:29
rhalliseyconfigmap gets the contents of /etc/kolla18:29
rhalliseyoh what does18:30
*** chas_ has joined #openstack-kolla18:30
rhalliseyk8s18:30
kfox1111k8s gets the configmaps.18:30
sdake_ok so using keystone as an example18:30
sdake_and operators launch keystone pod18:30
kfox1111no.18:30
sdake_keystone-operator launches keystone pod18:30
sdake_wouldn't keystone-operator need to know the config map?18:30
portdirecti would have thought overaching operator genertaes configmap for keystone operator whihc then generates configsmaps for keystone pods18:30
kfox11111. keystone operator gets some config bits.18:30
rhalliseysdake_, yes it would need to have the config map18:31
*** Jeffrey4l has joined #openstack-kolla18:31
kfox11112. runs the bootstrap jobs18:31
kfox11113. creates configmaps with data obtained from the 3rd party resource.18:31
rhalliseysdake_, case #1: openstack-operator give it to keystone-operator case #2: user gives keystone-operator configmap18:31
kfox11114. calls helm install <services>18:31
kfox11115. profit. :)18:32
sdake_ok 3 sounds alot like "make it harder" to me :)18:32
portdirect5. runs post install jobs18:32
portdirect6 profit18:32
sdake_why not feed configmap directly into operator?18:32
rhalliseysdake_, because we have the openstack operator18:32
sdake_rather directly into third party resource?18:32
kfox1111sdake_: how? the operator sits on a 3rd party resource18:32
rhalliseydepends on the layer you come in18:32
sdake_configmap = json/yaml18:33
kfox1111ah. definition issue.18:33
kfox1111configmap is a specific object type in k8s.18:33
portdirectwe need 5 for things like create cinder volume types etc18:33
kfox1111your more talking about the contents there of.18:33
sdake_right contents18:33
sdake_i need an enumeration of the contents18:33
kfox11113rd party resources and configmaps are just yaml files.18:33
sdake_i understand that part18:34
kfox1111so copying a chunk of config out of the thrrd party resource and dropping it in a new configmap is prety trivial.,18:34
*** chas__ has joined #openstack-kolla18:34
kfox1111so step 3 I don't think is very hard.18:34
rhalliseycontents of config map is in files18:34
*** chas_ has quit IRC18:34
portdirectyup - the only diffrence is in how they are accessed, but sdake has a good point - at what stage are we coing to translate to ini files etc (no matter how stored)18:35
rhalliseycontents of third party resource is yaml/json :)18:35
sdake_what I'd like defined is the data in the third party resource18:35
kfox1111true.18:35
kfox1111yeah. which was what I was talking about above. is it workflow+config, or just workflow?18:35
kfox1111if its workflow+config, its what I've been just talking about.18:35
kfox1111if its kind of just workflow, it would be just kolla-kubernetes.yaml stuff I think.18:36
kfox1111the operator woudl then expect someone else to build the configmaps/upload them.18:36
kfox1111and hte operator woudl onlyu conern it self with configuring helm packages.18:36
portdirecti think workflow+config, would make the most sense18:37
kfox1111workflow+config is easiest on users.18:37
kfox1111less flexable thhough. more opinionated.18:37
sdake_ya reconfigure upgrade all from one API18:37
kfox1111so theres' a tradeoff there.18:37
sdake_it doesn't have to be more opinionated18:37
rhalliseyhttps://github.com/kubernetes/kubernetes/blob/master/docs/design/extending-api.md18:37
kfox1111sdake_: only from the standpoint of I think it wil be hard to cram everything through a 3rd party resource and maintain ultimate flexability.18:38
kfox1111you could cat all /etc/kolla/* into a 3rd party resource maybe.18:38
kfox1111or it could just break k8s cause its too large. :/18:38
*** chas__ has quit IRC18:38
kfox1111whcih I think is likely. :/18:38
portdirect1mb is limit18:39
kfox1111so it may end up being more opinionated.18:39
kfox1111 du -chs /etc/kolla18:39
kfox11111.1M/etc/kolla18:39
kfox1111already over. :/18:39
portdirectls -lah ?18:40
*** khamtamtun has joined #openstack-kolla18:40
*** unicell1 has joined #openstack-kolla18:41
kfox1111http://paste.openstack.org/show/wOM3j6jSVpZbu1rHwqbF/18:41
portdirectcheers18:41
kfox1111:)18:41
kfox1111so that may force us to either, keep the openstack config seperate, and only pass kolla-kubernetes config via 3rd party resource,18:42
kfox1111or make it opinionated.18:42
sdake_ok, so its clear to me we dont want operators to have all of /etc/kolla18:42
portdirectwe can have as many as we need18:42
sdake_rather third party resources18:42
portdirectsdake_: +118:42
kfox1111it'll work for the service-operators.18:43
sdake_what I dont understand is why not feed keystone keystone's configmap data?18:43
kfox1111not sure what to do with the compute-kit-operator18:43
kfox1111sdake_: to what?18:43
sdake_feed it to the thirdpartyresource responsible for keystone18:43
kfox1111thats what I've been saying.18:43
sdake_we are making thirdparty resources for every microservice18:44
kfox1111no, I don't think so.18:44
kfox1111third party resource per service.18:44
sdake_that works18:44
kfox1111native k8s objects for microservices.18:44
kfox1111configmap/deployment/dameonsets, etc18:44
sdake_let me process those last 3 lines for 5 mins18:44
sdake_don't say anything else pls ;)18:44
kfox1111k18:44
rhalliseykfox1111, isn't that what's there already18:45
sdake_so native k8s objects for microservices come from where in the operator model?18:46
rhalliseyopenstack-operator creates config maps from /etc/kolla18:46
kfox1111rhallisey: right. we're just adding operators on top to make deplying things at the service level esier.18:46
kfox1111sdake_: right.18:46
rhalliseyinstead of jamming into thirdpartyresource18:46
kfox1111oh.18:46
sdake_it was a question :)18:46
kfox1111k8s itself is a platform for managing microservices. they have native objects for microservices.18:46
kfox1111but when you ahve a ton of microservices, then it becomes a little unweildy.18:47
kfox1111the idea is to use an operator to let the human think more about service, and the operator maps that to the grouping of microservices that need to exist.18:47
sdake_one key aspect of an operator is to provide in-place config changes18:48
sdake_how is that delivered in this model?18:48
portdirecti would have thought the native k8s objects come from the service level operator, while the openstack level operaor would be resonsible for splitting up kolla/global into chincks without processing them for the service level operaor to consume/18:48
kfox1111so take nova. its the following microservices.18:48
sdake_portdirect ++18:48
kfox1111nova-api, nova-conductor, nova-schedular, nova-compute.18:48
kfox1111the user can launch each of those microservices today with our native k8s objects.18:48
kfox1111but we want to give them the option to just think of all of those as a single service "nova"18:49
rhalliseyportdirect, idk if we can do that18:49
kfox1111and that operator takes care of telling k8s to launch the microservices.18:49
rhalliseythat woudl require saving everything from /etc/kolla18:49
*** krtaylor has quit IRC18:49
kfox1111no, just the parts that apply to nova.18:49
*** khamtamtun has quit IRC18:50
rhalliseywe need config.json from everywhere loaded into a giant json18:50
sdake_ok, so here is where I'm stuck18:50
portdirectonly the global operator would require to the whole lot - it's primary puropose would be to cut it up accordinly?18:50
sdake_data defines all the nova microservices - these are called ConfigMaps - in the example of nova, the cnofig map would contain the config map for all services related to nova18:51
kfox1111pron: yeah.18:51
kfox1111"data defines all the nova microservices - these are called ConfigMaps - in the example of nova, the18:51
kfox1111thirdparty resource would contain the config map data for all services related to nova"18:51
*** Pavo has joined #openstack-kolla18:52
sdake_right18:52
rhalliseynova-operator has nova configmap with all nova services' config.json.  nova-api-operator has nova-api configmap with nova api config.json18:52
sdake_so json is one input, the configmap data is another?18:52
kfox1111nova operator takes in a 3rdparty resource with all nova services config.json. (no nova-api-operator)18:53
*** Pavo has quit IRC18:53
kfox1111nova operator takes in 3rdparty resource for all nova services. creates configmaps using that data,18:53
sdake_here is where the lack of that model falls over kfox111118:53
kfox1111helm install's all the microservices.18:53
sdake_what about nova-spicehtml5proxy18:53
sdake_maybe someone doesn't want that18:53
kfox1111that would be a config option to the 3rd party resource.18:53
rhalliseywhat if openstack-operator created the for example nova-api-configmap based on user input18:54
rhalliseywe're passing around all this data to create a configmap later18:54
kfox1111openstack-operator shouldn't. it should give nova-operator the info it needs to build nova-api-configmap18:54
inc0soo...can we crate some specification of what people needs?18:54
sdake_lol18:55
inc0like data structure prior to deployment18:55
kfox1111otherwise openstack-operatoer needs to know way too much about each service.18:55
inc0based on conf = either make nova depend on spice5proxy or not18:55
rhalliseykfox1111, well it know what services need to be spawned18:55
sdake_kfox1111 right, we want to avoid any operator knowing too much about each individual service18:55
rhalliseyso then it should know those services need configmaps18:55
sdake_kfox1111 this is why current spec would end up with a spice-html5proxy operator18:55
sdake_which contained only its config data18:55
kfox1111rhallisey: openstack operator should know about what services to laucnh. the service-operator shoudl laucnh the microservices.18:55
inc0uhh we want to create operator for every container? not even pod?18:56
kfox1111that way the logic for a service is all wrapped up in the service-operator.18:56
kfox1111inc0: no.18:56
inc0then no spice5proxy operator18:56
kfox1111serivce operator level only.18:56
sdake_the current spec has operators per service18:56
inc0and openstack operator which spawns service operators18:56
kfox1111inc0: no spice5proxy operator. spice5proxy helm package.18:56
sdake_and operators per microservice18:56
kfox1111and the nova-operator would helm install spice5proxy if the user requested it in the nova thirdparty resource request.18:57
kfox1111no reason to rebuild k8s/helm in an operator. k8s/helm can deal with microservices. thats what its built for.18:57
sdake_ok, i think we can all agree nova is a wierd case since it has so many microservices18:57
sdake_can we talk about keystone instead?18:57
kfox1111an operator handles deploying/managing a pool of like microservices.18:58
kfox1111keystone is an outlier.18:58
sdake_horizon?18:58
kfox1111neutron nova glance or cinder are more common examples.18:58
kfox1111horizon is kind of an outlier too.18:58
sdake_ok, lets pick glance then18:58
kfox1111k.18:58
portdirectglance is good :)18:58
sdake_cinder has a million microservices too18:58
sdake_same story with neutron18:58
kfox1111glance is a little more simple then the rest.18:59
sdake_lets get simple right18:59
sdake_complex follows after simple18:59
sdake_so lets talk about glance, (or heat) since it has two microservices18:59
kfox1111hmm... glance may be too simple an example.18:59
kfox1111oh. two, right.18:59
kfox1111ok.18:59
kfox1111glance-api and glance-registry18:59
sdake_right19:00
sdake_ok, third party resource is fed a config map containing BOTH glance-api and glance-registry things?19:00
kfox1111we make a containner for each. (already done)19:00
kfox1111we make k8s object for each (done) and package it (pending)19:01
kfox1111then the last bit is the orchestration. I can manually launch both with helm commands.19:01
kfox1111if I'm a user that just wants to think of it as a single thing, "glance"19:01
sdake_can you update configs with helm?19:01
kfox1111we do that with a thirdpartyresource & operator.19:01
kfox1111I think we want to keep the configs outside of helm.19:02
sdake_along those lines then, how does glance-api and glance-registry retrieve its config ?19:02
kfox1111but I believe yo ucan do the equiv of  kubectl update -f foo-deployment.yaml with helm.19:02
kfox1111from configmaps.19:03
portdirectvia configmaps, generated by their micro-operaors19:03
*** TxGirlGeek has joined #openstack-kolla19:03
kfox1111no micro-operators.19:03
kfox1111way way overkill.19:03
kfox1111here's why.19:03
sdake_ok, so you want to keep the configmaps for glance-api and glance-registry where?19:03
portdirectsorry i ment service19:03
kfox1111you have to upload the configmap as a third party resource, then make a custom operator code, all to just spit out a configmap in the end the real resource will read.19:03
kfox1111glance-api/glance-registry can only read from configmaps.19:04
kfox1111k8s object type.19:04
sdake_so we have an overarching glance-operator19:04
kfox1111right.19:05
sdake_which has no config-mpa data?19:05
kfox1111it recieves config data via third party resource.19:05
sdake_right and that third party resource contains which data?19:05
*** Pavo has joined #openstack-kolla19:05
kfox1111all the config data needed to make glance work.19:05
kfox1111wheter that be data destined for openstack services,19:06
sdake_including the configmaps fed into glance-registry adn glance-api?19:06
kfox1111or data needed to configure the k8s objects.19:06
kfox1111yeah.19:06
*** khamtamtun has joined #openstack-kolla19:06
sdake_ok, so I am a little less confused now :)19:06
kfox1111the idea behind 3rd party resoures is to let you think about a thing as a k8s object instead of a set of underlying k8s objects.19:06
kfox1111so its "here, I want a glance that looks like X....."19:07
kfox1111and the operator gives you one. :)19:07
sdake_thirdpartyresources contains both config maps for glacne-api and glance-registry?19:07
kfox1111yeah.19:07
kfox1111but your inisiting on calling configdata configmaps.19:08
sdake_and it contains globals.yaml so the operator knows what to do with the config maps?19:08
*** Pavo has quit IRC19:08
kfox1111a configmap is a k8s object.19:08
sdake_kfox1111 i understand a configmap is a k8s object19:08
*** Pavo has joined #openstack-kolla19:08
sdake_it is also a blob of data that gets registered for use by a pod no?19:08
*** Pavo has quit IRC19:08
sdake_in my mind its two things not one19:08
kfox1111no. I'd not conflate the two.19:09
*** Pavo has joined #openstack-kolla19:09
sdake_which is fine, i just want to understand :)19:09
sdake_ok glance-api gets its config from where?19:09
sdake_a configmap?19:09
kfox1111glance-api and glance-registry templates get their config from respective configmaps.19:10
portdirectyes - we dont want pods at the end of the chain interactive with the k8s api if possible.19:10
*** Pavo has quit IRC19:10
*** Pavo has joined #openstack-kolla19:10
sdake_what registers that configmap object?19:10
kfox1111(http://kubernetes.io/docs/user-guide/configmap/ a configmap to me is that yaml example at the top. a yaml thing with kind:Configmap and match the schema)19:10
kfox1111sdake_: the service-operator or a human.19:11
kfox1111depending if they want orchestration or not.19:11
sdake_cool, so lets take example of service-operator registering the config map for glance-api19:11
sdake_I assume glance-operator would do that19:11
portdirectyup19:11
sdake_kfox1111 ?19:12
portdirectkfox1111: at what point do you think it would be best to generate the content of that configmap?19:12
kfox1111sdake_: yeah. glance-operator woudl do that.19:12
sdake_cool so glance-operator gets its config map from where?19:12
kfox1111portdirect: I'm a little bit iffy on that one. it depends on how easy we want the workflow to be vs how flexable.19:13
kfox1111sdake_: it gets its data from a third party resource definition.19:13
kfox1111it uses that data to gerneate configmaps for glacne-api and glance-registry19:13
sdake_ok, so third party resource for glance-api and glance-registry is then registered with the third party resource in some form of bundle?19:14
sdake_let me restate the above19:14
kfox1111user -> glance thirdpartyresource -> glance-operator ->19:14
sdake_what goes in the thirdpartyresource for glance-operator?19:14
kfox1111glacne-api configmap, glance-registry-configmap, helm install glance-api, helm install glance-registry19:14
*** fragatin_ has quit IRC19:15
kfox1111all the config needed by glance-operator to spawn a usable glance.19:15
*** fragatina has joined #openstack-kolla19:15
sdake_ok, so is that a bundle of the glance-api and glance-registry configmap data blobs?19:15
kfox1111(being purposfully vauge about that as I'm not sure the best arangement for that data)19:15
sdake_none of us are19:16
sdake_hence we are making some decisions :)19:16
kfox1111it may make sense to flatten out the configmap data before the operator gets it,19:16
kfox1111or it may make sense to have unduplicated data sent into the operator and it duplicates it as it goes to the configmap.19:16
kfox1111for the main architecture though, I'm not sure it matters.19:16
kfox1111now you have me using teh term configmap incorrectly. :/19:17
sdake_;-)19:17
kfox1111:)19:17
sdake_configmap is a yaml file configmap once instantiated is an object19:17
sdake_i am talking about the configmap in yaml part19:17
kfox1111configmap is a k8s object. it can be at rest in a file, or instantiated in a k8s.19:18
kfox1111your talking about the data wrapped up inside the configmap.19:18
sdake_define data19:18
sdake_the configuration of glance-api?19:18
kfox1111in this case, the configuration needed by a kolla container to start it and make it operate.19:18
kfox1111so, we usually make a configmap out of /etc/kolla/glance-api for example.19:19
sdake_and genconfig generatees /etc/kolla/glance-api?19:19
kfox1111but, for this archetecture, it is also possible to do a genconfig in the glance-operator,19:19
*** lrensing has joined #openstack-kolla19:19
kfox1111then do the configmap generation in the operator too.19:19
kfox1111then the thirdpartyresource would take in a releavent subset of kolla globals.yaml19:20
kfox1111not sure thats the right thing to do, but it is an option.19:20
portdirectthis is the fundimental issue we need to resolve before working out the best way of moving it around19:20
sdake_portdirect bingo :)19:20
kfox1111yeah. we have a fundimental question we need answered before deciding that.19:21
sdake_kfox1111 rabbit hole goes where?19:21
rhalliseykfox1111, well, if we pass all the way through, it make consumption work at every level19:21
*** krtaylor has joined #openstack-kolla19:21
kfox1111ease_of_deployment <---------------------------------------> flexibility19:21
kfox1111where do we want to put the line on that number line?19:21
sdake_you see operators want both :)19:22
kfox1111I prefer ultimate flexability,19:22
sdake_are you saying they are mutually exclusive?19:22
rhalliseyhow about we make it a circle19:22
kfox1111and that means I probably will manually orchestrate.19:22
kfox1111sdake_: I think so. :/19:22
portdirecti dont think so19:22
kfox1111ultimate flexability is what openstack config does.19:22
sdake_kolla-ansible is highlly flexible and has super ease of deployment19:22
portdirecti think rhallisey's circle has merit19:22
kfox1111give every microservice its own config file.19:23
kfox1111thats great, because you can override literally everything.19:23
*** pc_m has quit IRC19:23
kfox1111the draback is ease of use. you have to manually configure the same thing over and over a lot of the time.19:23
rhalliseyI think config should be outside19:23
sdake_manuallly configure which?19:23
rhalliseyconfig is in the user's hands19:23
kfox1111rhallisey: outside of what?19:23
*** pc_m has joined #openstack-kolla19:24
rhalliseyif we generate configs on the operators, we need to have a way to customize it19:24
rhalliseyif that's the case, then it should just be done outside the operators19:24
sdake_right, that is what the new config maps do19:24
sdake_customize19:24
sdake_feed a new config map into the operator, bnago, you have a new config19:24
kfox1111rhallisey: or we assume if the deployer is using an operator, they don't need extreme flaxability.19:24
rhalliseykfox1111, outside the operators19:24
rhalliseykfox1111, I'd rather we don't assume19:24
kfox1111as they would probably use manual deployment if they did.19:24
sdake_i dont think it needs to be a tradeoff situation personally19:25
rhalliseyopenstack flexibility lies in config19:25
kfox1111ok... lets try and brainstorm how we could make it both flexabile and easy19:25
rhalliseywell one of the pieces of it's flexibility19:25
kfox1111maybe I'm missing something.19:25
sdake_and ease of use lies in wrapping that up in one operation with customization on the side19:25
*** khamtamtun has quit IRC19:26
rhalliseymy opinion: we have good config generation tools with a set of defaults19:26
kfox1111often the way that's achieved is configurability with sane defaults.19:26
sdake_hate to invoke prior art here, but kolla-ansible is super fleixble and is super easy to use19:26
rhalliseywe get ease of use with the default and we get customization with good tooling19:26
sdake_rhallisey right19:26
rhalliseysdake_, we should use very similar model here19:26
sdake_this is why I ask, where does the data come from that feeds into the operators19:26
kfox1111sdake_: its good, but still needs some work on the flexability department.19:26
rhalliseysdake_, data come from config files that were generated on the master node19:27
sdake_kfox1111 right - its not ultimately flexible (e.g. json can't be customized in newton)19:27
kfox1111it kind of assumes a bunchf things about the archetecture.19:27
kfox1111we'll fix that though. :)19:27
*** khamtamtun has joined #openstack-kolla19:27
kfox1111no worries. :)19:27
portdirectan optionated operaor, but have a hook that allows a human-operaor to either load a pregenerated configmap for pods to consume?19:27
rhalliseyif our operator generate config, it changes things a lot19:28
sdake_portdirect the way kolla handles this now is it merges config files into one config file19:28
rhalliseywe become less consumable19:28
portdirect(should have finished or custom logic)19:28
kfox1111portdirect: hmm.. that could work.19:28
*** chas_ has joined #openstack-kolla19:28
kfox1111the other route is completely devorce configmap stuff from operates.19:28
kfox1111operators do all workflow but config bits.19:28
kfox1111so user has to run kolla genconfig, upload them to k8s,19:29
rhalliseykfox1111, I'd rather do that19:29
rhalliseywell idk19:29
rhalliseybut I like that19:29
rhalliseybecause then the building block piece holds19:29
kfox1111and only then can start using compute-kit-operator to laucnh the cloud.19:29
kfox1111but back to what I said,19:29
kfox1111thats flexable.19:29
sdake_that is super hard to use19:29
sdake_the uploading part19:29
sdake_why not automate the uploading part19:29
kfox1111not nessisarily the easiest to use though.19:29
rhalliseyoperator is purely an assistant19:29
sdake_my take on an operator is it should take the grunt work out of workflow19:30
kfox1111heh. maybe the solution is just one more layer? :)19:30
inc0sooo, an idea19:30
rhalliseyagreed sdake_19:30
*** ccesario has quit IRC19:30
sdake_and part of the grunt work is registering configmaps for each level19:30
kfox1111write that last bit as a script. :)19:30
inc0we create completely new form of deployment - we create yaml-based dependency graph19:30
inc0nova depends on mariadb and keysone, mariadb is sub-graph that depends on mariadb-bootstrap job which depends on mariadb pv and pvc created, mariadb service depends on mariadb-boostrap19:31
sdake_kfox1111 ya I htink a script should do that as well19:31
sdake_in thirdparty resource objects19:31
sdake_and the operators themselves should trigger changes19:31
rhalliseyinc0, that would be re writing head or something19:32
rhalliseyheat19:32
inc0pretty much19:32
inc0for k8s19:32
kfox1111so, simple-openstack-deployment script does: runs kolla-ansible genconfig, uploads microservices configmaps, helm install compute-kit-operator; kubectl create -f 3rd-party-resource-for-compute-kit"19:32
*** Pavo has quit IRC19:32
rhalliseywe don't need the workflow to be configurable though19:32
inc0just better as heat doesn't have single source of truth of existing state19:32
kfox1111one step, openstack out the other side. :)19:32
rhalliseyand this isn't a general purpose orchestrator19:32
*** Pavo has joined #openstack-kolla19:33
inc0it will be very general purpose19:33
inc0operator will understand generic graph-description language19:33
sdake_kfox1111 i'd like ot break the configmaps for each service into each operator19:33
inc0and graph itself will be openstack specific19:33
kfox1111rhallisey: the workflow nees to be configurable in some places. like, wheter to launch spiceconsole or not.19:34
rhalliseyI think it will be simpler than that19:34
sdake_inc0 i wrote in my trip notes exactly your idea, and think it has merit, but has a long path to dev19:34
rhalliseykfox1111, yes it will be somewhat configurable, but nothing crazy19:34
kfox1111sdake_: ok, how about:19:34
kfox1111two config files, like we have now:19:34
kfox1111kolla-kubernetes.yaml. basically specifies what services will be in the cloud, and some config bits like , spice or not.19:34
rhalliseysdake_, inc0, it does, but that project should be written in go19:34
kfox1111and the one for kolla genconfig.19:34
inc0sdake_, well, https://github.com/inc0/heat-convergence-prototype19:35
kfox1111the simple-workflow one, takes those two files as input.19:35
inc0rhallisey, I disagree19:35
inc0but it can19:35
inc0I'll write it in python much faster19:35
*** Pavo has quit IRC19:35
inc0and there is no value whatsoever for it being written in go aside from religion19:35
sdake_python isn't hhip in cncf ;-(19:35
inc0well, I'm not betting kolla success on cncf religious beliefs19:36
kfox1111it then: kolla-gencofig's. creates configmaps for all the enabled microservices, helm install's comjpute-kit-operator, then uploads the kolla-kubernetes.yaml file as a third party resource to compute-kit-operator.?19:36
inc0we have full community of python devs and python are totally correct language for this use case19:36
*** ppalacios has quit IRC19:37
kfox1111sdake_: neither is openstack in a way. if they are regigious enough to not use python on pricipal, they probably wont use opnestack either as its written in python19:37
inc0sdake_, https://github.com/cncf/demo/blob/master/cncfdemo-cli/cncfdemo/cncf.py19:37
inc0cncf demo of techologies is written in....python19:37
sdake_just kidding around guys19:37
inc0so meh, I think they'll swallow it19:37
sdake_jessh time for some northern lights!19:37
kfox1111kk.19:38
kfox1111back on topic. :)19:38
jascott1template engine is go19:38
inc0do not EVER joke about Python. Ever.19:38
inc0:P19:38
kfox1111does the last script I described make sense?19:38
*** Pavo has joined #openstack-kolla19:38
sdake_kfox1111 let me reread it moment19:38
inc0I vote for python+jinja219:38
inc0and just write it quickly19:38
kfox1111was two lines.19:38
sdake_kfox1111 i lost your porposal can you c&p it pls19:39
kfox1111inc0: yeah. but helm currently only takes golang templates. :/ and they are weird.19:39
kfox1111k.19:39
kfox111114:35 < kfox1111> the simple-workflow one, takes those two files as input.19:39
kfox111114:36 < kfox1111> it then: kolla-gencofig's. creates configmaps for all the enabled microservices, helm install's  comjpute-kit-operator, then uploads the kolla-kubernetes.yaml file as a third party resource to  compute-kit-operator.?19:39
kfox1111--------------19:39
inc0well it would be good to use golang templates...19:40
sdake_i was thinking the operator would create configmaps for the services19:40
inc0in python..19:40
*** eaguilar has quit IRC19:40
inc0god this is bad19:40
rhalliseyso genconfig is only in the openstack-operator?19:40
kfox1111how do you just use nova-operator if you dont want to use compute-kit-operator?19:40
rhalliseysdake_, specify which operator19:40
sdake_i was thinking glance-operator would create configmaps for the glance services19:40
kfox1111genconfig eitehr needs to be built into every service, or completely outside.19:40
*** ppalacios has joined #openstack-kolla19:40
inc0with my approach configmap would be a node in graph19:40
rhalliseykfox1111, openstack-operator: runs genconfig for all nova-api-operator: run genconfig nova-api ?19:41
sdake_kfox1111 and above, i was thinking it would take input form a third party resource and output it via kubectl19:41
sdake_ok ppls, lets not think about the overarching operator19:42
kfox1111sdake_: thats what I was initially saying, but thats more opinionated, so less flexable.19:42
sdake_i'd like to solve the glance case first :)19:42
*** mliima has quit IRC19:42
sdake_ok, statement made, pls explain :)19:42
inc0sdake_, we can approach it top-bottom19:42
kfox1111brb. potty brake. :)19:42
inc0lol19:42
rhalliseykfox1111, idk if it's less flexible19:42
sdake_kfox1111 - the question to you is why more opinionated why less flexible?19:43
sdake_rhallisey we solved this problem in kolla-ansible by making everything flexible but having opinionated out of the box settings19:44
portdirectkfox1111: I almost think the other way - by moving config to the service level it makes it easier to mutate to your needs? Also makes it more apprachable if you just want a single service running in cluster i would have thought?19:44
rhalliseysdake_, yes I agree with that model.19:45
kfox1111back. sorry. my eyes were staring to turn yellow. :)19:45
sdake_kfox1111 your too young for that!19:45
*** eaguilar has joined #openstack-kolla19:46
sdake_[12:43:03]  <sdake_>kfox1111 - the question to you is why more opinionated why less flexible?19:46
*** ppalacios1 has joined #openstack-kolla19:46
*** ppalacios has quit IRC19:46
*** ppalacios1 has quit IRC19:46
kfox1111the most flexable is where every config file is passed thorugh as is, unmollested.19:46
sdake_config.file being like glance.conf?19:46
kfox1111any time you generate one, you risk logic in the generation code not being flexable ough.19:46
kfox1111yeah.19:46
sdake_we solve this by merging configs19:47
kfox1111but its much easier to use when there's just one config file and it generates most of the config files.19:47
kfox1111so there's a tradeoff. :/19:47
sdake_one config file being which?19:47
kfox1111so, like kolla's globals.yaml19:48
kfox1111its easy to use.19:48
kfox1111and kind of flexable.19:48
sdake_kfox1111 are you familiar with /etc/kolla/config/glance.conf?19:48
kfox1111sdake_: ansible only.19:48
*** ppalacios has joined #openstack-kolla19:49
kfox1111:/19:49
sdake_right so you know that glance.conf gets merged with the global glance.conf19:49
kfox1111yeah. something like that might work.19:49
*** ppalacios has quit IRC19:49
sdake_right we have a pattern for flexiblity without trading off anything19:49
kfox1111where you pass in the globals.yaml and config/glance.conf together as a 3rd party resource19:49
kfox1111and glance operator would take those, run genconfig and spit out the glance-api/glance-registry configmaps.19:50
sdake_and then register them with kubectl19:50
kfox1111yeah.19:50
kfox1111that might work.19:50
kfox1111woudl require some retooling to kolla genconfig.19:51
kfox1111but we probably need to do that anyway.19:51
rhalliseykfox1111, nah that's the way it is now19:51
sdake_kolla genconfig does this already19:51
rhalliseywe just need genconfig to be a general tool19:51
kfox1111rhallisey: last I looked, it merged during shipping to the nodes.19:51
rhalliseybecause it's wired into ansible19:51
sdake_kfox1111 you may be correct19:51
sdake_and i may be in error19:51
sdake_i think we dont want to pull in ansible into the operator, just the genconfig concept19:52
kfox1111so wont work out of the box. but still, the idea seems sound.19:52
rhalliseyit does merge when it send it19:52
kfox1111yeah.19:52
rhalliseytrue19:52
rhalliseysee what you're saying19:52
rhalliseythe second thing is it's wired into ansible19:52
rhalliseybecuase this is a module19:52
kfox1111ok. so we're back I think to what I was saying initially, but fleshed out to what data is actually passed.19:53
sdake_we can unwire it19:53
sdake_ini merging is trivial19:53
portdirecthey guys I'm off (8pm here) - catch you on the flipside19:53
sdake_see ya portdirect19:53
rhalliseysee ya19:53
kfox1111service operator takes config for the service. (globals.yaml stuff needed by nova, and nova config overrides)19:53
*** portdirect is now known as portdirect_away19:53
kfox1111as a third party resource.19:53
kfox1111it then does a genconfig on it to generate nova configmaps.19:54
kfox1111it calls the nova db create/endpoint creation jobs19:54
kfox1111then calls helm install on each of the nova microservices.19:54
kfox1111profit! :)19:54
kfox1111for the overarching operator19:54
sdake_what registers the config maps - helm?19:54
kfox1111the operator itself.19:54
sdake_ok you left that step out :)19:54
kfox111114:54 < kfox1111> it then does a genconfig on it to generate nova configmaps.19:55
kfox1111sorry. that coudl be taken two ways.19:55
sdake_rhallisey can you work that into the spec example19:55
kfox1111that should explicitly state upload too.19:55
sdake_rhallisey because i think that gives us best of both worlds19:55
kfox1111yeah.19:55
*** ppalacios has joined #openstack-kolla19:55
kfox1111any users that wanted to be really really explicit too, could basically bypass the genconfig19:55
kfox1111by uploading the whole config file as an override.19:55
sdake_kfox1111 pavo is doing this now19:56
kfox1111ah.19:56
Pavohuh19:56
kfox1111k. so we have prior art too. :)19:56
PavoI am doing what19:56
sdake_Pavo didn't you put all yoru config in /etc/kolla/config?19:56
rhalliseysdake_, ya I'll work that into the spec19:56
sdake_from your prevous deployment?19:56
rhalliseyquestion19:56
PavoI can19:57
rhalliseydoes this mean genconfig is run at every layer19:57
sdake_rhallisey we roll genconfig concept into operator itself19:57
Pavonever done it before19:57
rhalliseyyes19:57
rhalliseybut which layers?19:57
kfox1111rhallisey: yeah, but not a complete run.19:57
sdake_pavo oh thought you had, nm then19:57
kfox1111we probably want to add a way to alllow genconfig to only do one service.19:57
sdake_the base class can handle ini merging19:58
rhalliseykfox1111, does openstack-operator do any gencofnig19:58
rhalliseyor do only the micro-service-operators?19:58
rhalliseyactually19:58
rhalliseyso each have a set of default19:58
kfox1111rhallisey: no.19:58
rhalliseyok this is my q19:58
kfox1111compute-kit-operator would just pass around kolla-kubernetes.yaml to each sub operator.19:59
sdake_rhallisey microservice operators were a nice idea, but we decided (I think) they are unnecessary19:59
kfox1111yeah. microservice operators would basically be   no-ops.19:59
sdake_what is this mystical kolla-kubernetes.yaml thing you speak of ;)19:59
rhalliseyok so only nova-operator then19:59
kfox1111just pushing data around and possibly causing problems.19:59
*** ppalacios has quit IRC20:00
rhalliseysdake_, it's globals.yaml20:00
sdake_ok20:00
kfox1111yeah.20:00
rhalliseyok so I need to drop off one of the layers20:00
rhalliseyand we're going with option 2 in the spec20:00
rhalliseyalso need to capture the configure step20:00
Pavosdake_can you try https://ddi.hopto.org again please20:00
*** papacz has quit IRC20:00
sdake_pavo no worky :(20:01
kfox1111rhallisey: yes, but maybe with one caviot20:01
kfox1111I really like option 4 for role nova-compute20:01
sdake_pavo maybe someone else can try - could be a connection problem on my end?20:01
kfox1111it would allow us to easily launch host-aggregates.20:01
kfox1111must make a third party resource per host aggregate.20:01
*** ppalacios has joined #openstack-kolla20:02
kfox1111so that may make sense to not have in the nova-operator.20:02
sdake_re helm, what is its purpose in the architecture20:02
sdake_with operators handling the configmaps?20:02
kfox1111packaging native k8s objects.20:02
kfox1111and packaging the operators.20:03
kfox1111so, at the begining of the workflow:20:03
sdake_atm its part of the workflow20:03
kfox1111helm install compute-kit-operator20:03
kfox1111kubectl create -f thrid-party-resource-for-compute-kit-operatr aka globals.yaml20:04
kfox1111*sit back and watch the magic happen*20:04
pprokopPlease don't do it.20:04
kfox1111pprokop: which?20:04
sdake_do which pprokop ?20:04
pprokopOne of good things of using configmaps20:04
pprokopis to prepare config on remote machine20:05
pprokoppush it to k8s20:05
pprokopand edit it when you need20:05
pprokopyou don't need magic to do it for you20:05
*** oxkipo has joined #openstack-kolla20:05
pprokopPeople like when they know what software does20:05
kfox1111pprokop: it will be using configmaps under the hood.20:05
pprokopThat's what helm does20:05
pprokopI don;t like under hood20:05
sdake_dont do which again? :)20:05
kfox1111pprokop: I agree with that. as an operator, I want to do most workflows myself.20:06
pprokop+120:06
kfox1111pprokop: usually, I just want to be able to turn them off entirely.20:06
kfox1111and that, for sure we will keep.20:06
kfox1111just don't use the worklfow bits. aka, the operators.20:06
*** jtriley has quit IRC20:06
oxkipoHi. Im getting this weird error while trying to launch a vm with gpu. Last exception: internal error: process exited while connecting to monitor: warning: host doesn't support requested feature: CPUID.020:06
kfox1111we're discussing how to add workflow on top, for those that want it.20:06
oxkipoDoes someone know how to fix it?20:07
pprokopBuilding blocks should be as simple as possible and optional20:07
sdake_oxkipo no idea - have to ask on openstack-nova, know nothing about gpus and nova :(20:07
pprokopand you should be able to pipe them20:07
oxkipook20:07
pprokopunix style20:07
kfox1111pprokop: we're building it that way.20:07
kfox1111no worries. :)20:07
*** jtriley has joined #openstack-kolla20:07
sdake_we are keeping build separate from kubernetes objects on disk searpate from workflow (instantiation) from my understanding20:08
kfox1111trying to make it as modular as possible so if you don't want to use something, you don't have to.20:08
kfox1111sdake_: yeah.20:08
kfox1111and even config generation.20:08
kfox1111if you want.20:08
pprokopSo how many people use vanilla kolla configs ?20:09
sdake_right config generation is a separate thing too20:09
kfox1111you can generate configs totally outside of workflow with the design we just came up with too.20:09
sdake_pprokop eveyrone pretty much20:09
kfox1111I don't.20:09
sdake_pprokop although networking sees alot of reconfiguration in our defaults20:09
sdake_which means either our defaults are wrong or they lack flexibility20:09
sdake_people customize that with /etc/kolla/config20:09
kfox1111networks are always the most varied.20:09
pprokopPower of solutions like helm is that it is so simple taht everyone can customize it20:10
kfox1111I don't think thats a bad reflection on kolla. its just the way the state of networking is.20:10
pprokopwithout any middle layer20:10
sdake_kfox1111 roger20:10
pprokopjust change it20:10
kfox1111pprokop: users shouldn't have to customaize it.20:10
kfox1111thats what values are for.20:10
kfox1111they can override things as needed.20:10
kfox1111then the user doesn't have to be a developer.20:10
sdake_kfox1111 helm contains config bits?20:10
*** sdake_ is now known as sdake20:11
kfox1111sdake_: yes, in a way.20:11
pprokopIt's simple go template20:11
kfox1111pprokop: simple to some, not to others. ;)20:11
sdakehow do those get registered with our configmaps that are merged from ondisk resources?20:11
pprokopjust give it a yaml with variables it'lll template20:11
kfox1111pprokop: took me a while to figure out a simple if and. ;)20:11
kfox1111as golangs conditionals are just plane weird.20:11
kfox1111very forthish.20:11
kfox1111sdake: https://review.openstack.org/#/c/396296/16/helm/openstack-neutron/templates/_l3_agent_daemonset.yaml see this example:20:12
kfox1111defaults are here:20:12
kfox1111https://review.openstack.org/#/c/396296/16/helm/openstack-neutron/values.yaml20:12
kfox1111then you can do something like helm install l3-agent --set docker_registry=myregistry.com20:12
kfox1111stilll a work in progress.20:13
kfox1111sdake: they won't be registerd in configmaps.20:13
pprokopYeah but why just don't give people a good readme on how to prepare configs20:13
kfox1111they will be in globals.yaml though if needed to be overrridden.20:13
pprokopinstead of doing it for them20:13
kfox1111pprokop: we will do both.20:14
kfox1111docs for those wanting to do it manually,20:14
kfox1111and automated for those that don't care to be bothered. :)20:14
kfox1111best of both worlds..20:14
sdakemost people dont care to be bothered20:14
Pavoyeah but the config docs are so great20:14
kfox1111right.20:14
sdakeunless something is broken out of the box (like networking for eg)20:15
kfox1111both use cases are valid.20:15
kfox1111I fall into pprokops camp as an op. so I totally get it.20:15
sdakeok so helm fits into the archtecture with operators20:15
sdakeor its an orthonal thing?20:15
kfox1111but I also understand the desire for just an automated thing.20:15
kfox1111sdake: it fits and is ortoganal to operators.20:16
kfox1111operators will drive helm.20:16
pprokopI still believe more "magic-under-hood" more bugs and complex debugging.20:16
kfox1111pprokop: I agree.20:16
sdakei thought operators were driving pod creation itself?20:16
kfox1111but unless we provide magic, a lot of operaors will just skijp using kolla.20:16
kfox1111sdake: no. driving helm.20:17
sdakewithout a viable workflow, nobody will use kolla-kubernetes except hard core operators20:17
kfox1111helm provides the distribution mechanism for k8s native objeccts.20:17
kfox1111operators consume them.20:17
sdakenative objects being configmaps?20:18
kfox1111native being, daemonsets/deployments/petsets/etc. excluding secrets and configmaps.20:18
pprokopYes, native objects are things that you can describe via k8s manifests.20:18
sdakein a helm system where do ocnfigmaps come from?20:18
sdake(and secrets)20:19
pprokopYou prepare template20:19
kfox1111sdake: helm would have you put them in the package too. I think that will be to ridgid for us though.20:19
sdakei have a hard time believing helm has a one size fits all model for something like openstack20:19
kfox1111as it would require all config options to be variables passed through their yaml. back to hte opinionated days. :/20:19
kfox1111right.20:19
sdakeso convince me I'm wrong :)20:20
kfox1111we can use helm for what its good at. packaging/shipping generic k8s objects with a template engine.20:20
sdakeexpand on template engine?20:20
kfox1111workflow/config generation is outside of that.20:20
pprokopJust prepare san default some basic templating and very good README20:21
kfox1111sdake: this: https://review.openstack.org/#/c/396296/16/helm/openstack-neutron/templates/_l3_agent_daemonset.yaml20:21
pprokopand Helm/Kpm works just as intended20:21
kfox1111that isn't a native k8s object until its rendered.20:21
kfox1111pprokop: aabsolutely not.20:21
awiddersheimdoes kolla have a way to run openstack cli commands easily?20:22
sdakekfox1111 rendered by what?20:22
kfox1111we don't need random operators having to dig into soruce code just to set a flag like, i'm_on_ipoib_so_I_need_x20:22
awiddersheimfor example running them in kolla-toolbox in some way?20:22
sdakedo you mean instantiated?20:22
kfox1111sdake: helm.20:22
sdakeawiddersheim unfortunately we have not put the clients in a container at this time20:23
sdakeawiddersheim i'm sure that would merge pretty easily20:23
pprokopNot dig into source code just change a helm template by adding this option20:23
kfox1111sdake: yeah, think of a helm package as a class. its instantiated by the user with a command line such as:20:23
awiddersheimsdake, okay thanks20:23
awiddersheimseemed like kolla-toolbox has some of them20:23
kfox1111helm install packagename --set my_init_value=foo20:23
sdakeawiddersheim it does but thats not its purpose20:23
awiddersheimgotcha20:23
awiddersheimthanks20:23
sdakeroger20:23
sdakewhat is my_init_value?20:24
sdakean override?20:24
kfox1111that command akes in the default values, along with the user specified values, and renders the templates and uploads them to k8s.20:24
kfox1111defaults are here: https://review.openstack.org/#/c/396296/16/helm/openstack-neutron/values.yaml20:24
kfox1111templates here: https://review.openstack.org/#/c/396296/16/helm/openstack-neutron/templates/_l3_agent_daemonset.yaml20:24
kfox1111any value in the values.yaml can be overriden at instantiation time.20:25
sdakeok on uploading to k8s, those defaults are placed where in the system?20:25
pprokopI think this is more clear then set x in global.yaml then this tool will magically render it as an option y in z configmaps20:25
kfox1111they are not. the template is just rendered.20:25
sdakei see so values.yaml are replacements for stuff in the templates?20:26
kfox1111pprokop: there will be a way to just pass the whole openstack config file verbatim through.20:26
kfox1111for those that don't want any of the "magic"20:26
kfox1111sdake: yeah.20:26
kfox1111the templates can pull values out of values.yaml and the user can override them too.20:26
pprokopAnd then you can still see and change configmaps vis k8s cli or api20:26
kfox1111pprokop: yes.20:26
kfox1111pprokop: its a critical feature to be able to have an operator get exactly what they specified if thats what they want.20:27
*** khamtamtun has quit IRC20:27
pprokopjust look how20:28
pprokopcclear thos configmaps are https://github.com/sapcc/openstack-helm/blob/master/nova/templates/etc/_nova.conf.tpl20:28
kfox1111pprokop: look at how much stuff is hardcoded and not overridable without rebuilding packages20:29
sdakepprokop looks clear to me, but completely inflexible20:29
pprokopIt's not hardcoded20:29
pprokopits suited for ones deployment20:29
kfox1111I think we should be able to allow any manner of config generation.20:29
kfox1111if a helm golang template works for you, great. :)20:30
kfox1111if I want to do it with chef, thats great too. :)20:30
kfox1111the system should be flexable enough to take it.20:30
pprokopSo building small block would be prepare a tool for oflline config generation20:30
pprokopand use it or not20:30
*** ppalacios has quit IRC20:30
kfox1111yeah.20:30
pprokopand then feed it to k8s20:31
kfox1111right.20:31
pprokopnot do it in operators20:31
pprokopor helm20:31
kfox1111right.20:31
pprokopprepare-config | helm install20:31
kfox1111if you don't want to do it in helm or operators, shouldn't have to do it that way.20:31
*** khamtamtun has joined #openstack-kolla20:31
kfox1111or if you want to build a custom helm package just for the config, that would work too.20:31
sdakei dont see the issue with oprators pprokop20:32
sdakethat your touching on20:32
sdakewould you mind expanding20:32
sdake(I'm dense, sorry:)20:32
kfox1111+1. I'm not quite understanding the issue either.20:32
sdakeis it that you fear they are too complex?20:32
pprokopYeah I hate thing doing something "under-hood" and dynamically create or change configmaps20:32
kfox1111pprokop: I agree.20:33
kfox1111what if we just make an option to the operator that says, don't do config period.20:33
kfox1111assume configmaps preexist?20:33
sdakeya thts why its not the only optoin20:33
kfox1111then it can be loaded in however you want.20:33
pprokopYeah configmaps should preexist20:33
kfox1111and you can still use operators.20:33
sdakethat is an opinionated stance pprokop :)20:33
kfox1111I guess there's a second way to do this.20:34
pprokopOf course20:34
pprokopeveryone are :p20:34
kfox1111we make a base class without genconfig,20:34
sdakewhat i mean by that is it forces operators into operating kolla in a specific way20:34
kfox1111and make a nova operator enherit from that,20:34
kfox1111and an a nova-operator-genconfig that adds genconfig stuff.20:34
pprokopI should start that I am against one single openstack operator20:34
pprokopalso :d20:34
kfox1111so a user either launches nova-operator-nogenconfig or nova-operator-genconfig20:34
kfox1111pprokop: we arn't talking about that.20:35
sdakeglance, glance ;)20:35
kfox1111rrr... let me rephrase that.20:35
pprokopok, my bad20:35
kfox1111we desided it wouldn't be like that. one operator to rule them all.20:35
kfox1111please see https://review.openstack.org/#/c/39225720:35
rhalliseyoption 220:35
kfox1111yeah. and since that has been written, we decided on option 2,20:36
kfox1111and to merge layer 4 and layer 5. into just what is layer 5 currently.20:36
sdakekfox1111 yup we did agree on that20:37
pprokopYeah i commented about option 5.20:37
kfox1111pprokop: I don't quite get where you are going with option 5. can you please elaborate?20:38
kfox1111are you saying no operator at all?20:38
sdakethat is what he is saying20:38
kfox1111cause the idea is, as an human operator you can choose any layer you want, not just stay at the top layer.20:38
kfox1111so option 5 is just using layer 320:39
pprokopNo, i mean operators are fine but more specific20:39
pprokoplike operator for mariadb20:39
pprokopoperator for rabbitmq20:39
kfox1111thats option 2.20:39
sdakeoperator for glance..20:39
pprokopdo one thing and do it correctly20:39
pprokopI don't think that glance need operator20:39
kfox1111yeah. agreed.20:39
kfox1111thats option 2 as we've defined it I think.20:40
sdakeindeed it does, and kfox1111 outlined why in the scrollback20:40
kfox1111rabbit/mariadb/keystone/neutron/nova/etc all get one operator each.20:40
kfox1111to best handle each of their own things.20:40
kfox1111and one overarching operator, should you want it, to deploy all the other operators.20:40
pprokopOkay this is a part i don't understand this overwatching operator20:41
kfox1111all that one does is laucnh the other operators and let them do their jobs. not meddle. :)20:41
pprokopk8s ?20:41
pprokopcontroller-manager ?20:41
sdakeyup its a controller inside an operator container20:41
kfox1111no. another operator.20:41
pprokopno20:41
pprokopbut why kolla needs it ?20:41
kfox1111the same way an operator for nova, laucnhes the various micrsoervices under it,20:41
pprokopk8s will make sure other operators are alive20:41
sdakeyes but not launch them20:42
pprokopwhat you mean by launch them ?20:42
kfox1111the compute-kit-operator laucnhes the openstack-service operators to make it easy to juts launch a compute kit.20:42
sdaketo register the pods with kubernetes20:42
kfox1111pprokop: its about workflow.20:42
pprokopwhy can't you just create a pod with mariadb-operator ?20:42
kfox1111pprokop: you can.20:43
pprokopYou mean dependencies ?20:43
pprokopOr order of deployment ?20:43
kfox1111the overarching operator is for those that don't want to deal with the overarchign workflow.20:43
kfox1111so, for the overarchign workflow, you need,20:43
kfox1111nova, neutron, glance, cinder, opitonally keystone, and all its deps.20:43
sdakeso kfox1111 - I think pprokop may be right here, we may not need an overarching operator20:43
kfox1111the overarchign workflow kicks off those activities.20:43
sdakewe could just do that with helm20:43
pprokop+320:44
sdakeor does helm not do that20:44
kfox1111hmm...20:44
kfox1111does helm support 3rd party resoruces?20:44
pprokopI think so20:44
pprokopit's just manifest20:44
kfox1111can it ejnsure it wont create resource X before it creates resource Y?20:44
*** eaguilar has quit IRC20:45
sdakekfox1111 keen point20:45
kfox1111for example, create mariadb, wait till sane, launch keystone operator worfklow, which creates entris in the db, fires up deployment20:45
sdakethe overarching operator is responsibel for dep management20:45
kfox1111then on to nova, which creates a nother db, registers keystone endpoints, etc....20:46
kfox1111the workflow needs some way to deal with deps.20:46
kfox1111I don't think helm can do that.20:46
kfox1111I think it is fairly simple for an operator to do it.20:46
kfox1111and if helm ever gains that functionality,20:46
pprokopwhat about kubernetes-entrypoint just for operators ?20:46
kfox1111I think it will b e relatively easy to switch out the operator for helm at that point.20:47
pprokopi saw you played with it20:47
kfox1111hmm...20:47
kfox1111so nova-operator would be blocked from fully spawning until keystone is done?20:47
kfox1111interesting.20:47
sdakekubernetes-operator feels like way too much magic to me, but i guess in one operator container (the overarching one) it wouldn't be damaging20:47
pprokopand just prepare really good rediness-probes20:47
kfox1111very interesting.20:48
pprokopand it is much simplier20:48
pprokopmuch clearer for operator20:48
kfox1111entrypoint might work for that use case.20:48
kfox1111(I think entrypoint will work for some of the pods too btw)20:48
sdakei think we want to take care not to throw in the kitchen sink tho :)20:48
pprokopI know i wrote it :p20:48
kfox1111pprokop: do you have a container prebuilt for it?20:49
kfox1111would make my life easier to test with.20:49
srwilkersdisappear for a few hours and come back to a wall of text.  time to play catch up20:49
sdakewe have identified alot of tasks the operator needs to do20:49
kfox1111srwilkers: heh. yeah. :)20:49
sdakenot the overarchign one, but the UNDERCLOUD operators20:49
kfox1111srwilkers: dont get scared. we're all friends. :)20:50
sdakesrwilkers get on the train dude - its leaving  soon :)20:50
rhalliseysrwilkers, you have a lot of reading :P20:50
srwilkersD:20:50
sdakeso anyway these underwear operators need to do several things20:50
kfox1111pprokop: sdake the way we have our templates aranged, with a generic template,20:50
sdake1. merge configs20:50
sdake2. create databases20:50
sdake3. create users20:50
sdake4. create keystone users20:50
*** khamtamtun has quit IRC20:51
sdake5. create keystone roles20:51
kfox1111I think we could make a single function that puts kubernetes-entrypoint in an init container, and that slides it in to every kolla-kubernetes pod.20:51
sdake6. start child micro-service pods20:51
kfox1111so if an human operator wanted to deploy it that way, it would be easy to do.20:51
kfox1111totally unrelated to the operator converation going on right now though.20:51
sdakekfox1111 i think we want to avoid parallel workflows20:51
sdakekfox1111 i've seen that happen (internally) and it doesn't end well20:51
sdakelet me tell you how it ends20:51
kfox1111sdake: its up to the operator to decide how best to do it. if that is super cheep to implement, it lets some folks do it the way they need, then great.20:52
pprokop I still think kolla should use as many native k8s features as possible20:52
pprokoplike jobs for doing databases etc20:52
sdakeit ends in two parallel implementations diverging dramatically and people parting ways20:52
kfox1111pprokop: +1 to native features. been trying to do that as much as possible.20:52
rhalliseyya I agree with native features20:52
kfox1111sdake: we already have that. I think this might be a way to get some of them back. ;)20:52
pprokopSo i understand a need for an operator for features that k8s doesn't have20:52
pprokopback-ups20:53
kfox1111pprokop: and an operator would only be there until k8s has native features I think.20:53
pprokopadding members to clusters20:53
sdakekfox1111 lubernetes is never going to add orchestration broadly20:53
*** khamtamtun has joined #openstack-kolla20:53
kfox1111sdake: agreed, I think....20:53
pprokopBut back-ups can be done via scheduled-jobs ?20:53
kfox1111sdake: but helm may20:53
sdakekfox1111 the committers believe that is someone elses job20:53
sdakekfox1111 well nobody ruled out a refactor down the road ;)20:53
kfox1111and I think it will be hard to distignuish helm and k8s at some point in the neer future.20:54
kfox1111but, thats just speculation.20:54
pprokopOkay, guys thank you for a productive discussion it's like 10 pm in Gdansk :D20:54
*** n3v3rm0r3r has quit IRC20:54
sdakei think for now, an overarching operator is more tidy then introducing a dep just for one type of container20:54
pprokopHave to go20:54
sdakepprokop enjoy20:55
pprokopbye20:55
rhalliseysee ya20:55
*** khamtamtun has quit IRC20:55
kfox1111pprokop: thanks for helping. :)20:55
kfox1111we're trying to make things as inclusive as we can.20:55
kfox1111we're all trying to figure this stuff out.20:56
inc0I had meeting, could someone give me quick recap on where we are now20:56
inc0?20:56
kfox1111k.20:56
sdakeinc0 no more micro-oprators20:56
sdakeonly operators20:56
kfox1111and option 2.20:56
inc0so operator per nova for example20:56
inc0cool20:56
sdakeoperators = workflow, workflow, image gen, config gen, all separate things20:57
kfox1111https://review.openstack.org/#/c/392257/9/specs/kolla-kubernetes-arch.rst20:57
sdakeoverarching operator undefined as to implementation20:57
inc0how do we model dependencies?20:57
sdakethe operators launch their children20:57
kfox1111operators handle direct dependencies.20:57
inc0ok, sooo what we can do is opeator - pod20:58
kfox1111overarching operator deploys operators (and therefore all dependencies)20:58
inc0that becomes ready when service is ready20:58
sdakei'm still stuck on how helm fits in20:58
inc0and overarching operator will model deps between services based on lower level operator stauts20:58
sdakeeven know kfox1111 has repeated it to me atleast 5 different ways20:58
inc0sdake, helm will be called from sub-operator20:59
sdakeknow/though20:59
inc0right kfox1111 ?20:59
kfox1111helm provides packages for native k8s objects and a template engine.20:59
inc0can we model dependencies in yaml?20:59
qwangHow it deals with dependencies shared among services?20:59
sdakeyaml can model anything20:59
kfox1111inc0: do we need to?20:59
sdakeqwang good question that is unanswered20:59
inc0kfox1111, we need to have it modeled somehow20:59
kfox1111modeled how?21:00
inc0qwang, what do you mean? an example please:)21:00
kfox1111are you asking for a way to easiy diagram it?21:00
kfox1111or query it?21:00
kfox1111or just use it?21:00
inc0kfox1111, each serivce will depend on multiple jobs/configmaps/pods21:00
kfox1111inc0: right.21:00
qwanginc0: like mariadb is a dependency of nova/keystone/etc.21:00
inc0we need to code it down somehow21:00
kfox1111inc0: but is that just a bit of python code, or something else?21:00
kfox1111right.21:01
inc0well, if we use well defined yaml21:01
inc0we can write python to handle it21:01
inc0and not write 100 different python scripts21:01
kfox1111if we write well defined python, we can use python to handle it. :)21:01
* kfox1111 shrugs. yaml would be fine.21:01
kfox1111or...21:02
inc0qwang, easy, nova -> depends on -> mariadb, keystone -> depends on -> mariadb21:02
kfox1111mermaid https://knsv.github.io/mermaid/ :)21:02
* kfox1111 runs21:02
inc0kfox1111, let's write it in Prolog!21:02
kfox1111graph LR21:02
srwilkersinc0: prolog, omg21:02
kfox1111nova -> mariadb21:02
rhalliseyo.o21:03
kfox1111:)21:03
inc0nova -> mariadb, keystone21:03
inc0to be more exact21:03
kfox1111go graphvis! :)21:03
inc0easily graphvisable:)21:03
inc0and each node can be include of sub-graphs21:03
inc0much like heat21:03
kfox1111(thats why I asked about visualization.. ;)21:03
qwangkfox1111: I learned prolog before21:03
kfox1111qwang: I'm kind of partial to prolog. it has some cool features21:04
sdakekfox1111 can you teach me how helm fits in since it has custom config with what we agreed to above21:04
sdakemy professors tortured me with Ada in university21:04
kfox1111sdake: there are two types of config.21:04
srwilkers+1 kfox111121:04
sdakeanyone ever heard of Ada?21:04
kfox1111sdake: configmaps are used for passing config files to openstack services running in the pods.21:04
wirehead_I keep wanting to spend some recreational hacking time learning Prolog.21:04
qwangsdake: i did21:04
kfox1111theres config that also helps generate the actual k8s objects to be launched.21:05
kfox1111for example.21:05
*** Pavo has quit IRC21:05
kfox1111k8s uses the side car pattern to do things.21:05
kfox1111if you wanted to add logging to your pod, you add, say a fluentd or heka container to your pod.21:05
*** Pavo has joined #openstack-kolla21:05
sdakethe last time i heard side car it was in relationship to ruby prior to that project crashing and burning and decimating about 50 engineers21:05
kfox1111helm lets us write one template for the pod, that lets you conditionally set if you want 0 logging, heka, or fluentd.21:05
inc0kfox1111, so we need 2 pieces of code21:05
inc01. generate dependency graph yamls21:06
inc02. execute21:06
inc0stretch 3. keep it running21:06
kfox1111sdake: sidecars are one of the founding principals of the way k8s works. so really important.21:06
kfox1111inc0: sounds good.21:07
sdakeok pls explain or point to docs ;)21:07
sdakeinc0 fwiw we are merging configs as well21:07
kfox1111I've got a presentation on it I'm trying to get released... but legal... anyway....21:07
kfox1111the idea is similar to lego's or the regular unix phylosophy.21:07
inc0sdake, this will be more complex21:07
kfox1111write a tool that does one thing well.21:08
inc0but we can template it all the wya21:08
kfox1111then aggregate them to do a bigger thing.21:08
kfox1111with k8s, a pod is a collection of containers.21:08
inc0let's start with jinja2 + python tho plz21:08
kfox1111each container shoudl do one thing well.21:08
sdakeinc0 the idea is to take genconfig model OUT of ansible and put in the base object for operators21:08
inc0sdake, yeah, well, doable but later21:08
kfox1111and the k8s pod assembles them into somethign greator then the sum of ther parts.21:08
kfox1111for example.21:09
sdakeinc0 shame you were in a meeting we agreed to all this stuff already21:09
sdakecan you read the scrollback?21:09
kfox1111say I create an nginx container. all I put in it is a webserver.21:09
inc0sdake, I'm all for moving configs out of ansible21:09
kfox1111that is kind of useful, kind of not.21:09
inc0just you do know that's it's major undertaking right?21:09
kfox1111now say I make a second container. all it has is git in it.21:09
kfox1111again, a useful container, but not teribly.21:09
sdakeinc0 right - I understand the challenges - I htink the idea is to short circuit that by doing some duplication21:10
kfox1111now, in a k8s object/pod I combine the two. one checks out a git repo and every 10 minutes, does a git update. and an nginx webserver pointint to that shared volume.21:10
*** oxkipo has quit IRC21:10
rhalliseythe config generation is going to have to be a parallel effort21:10
kfox1111now I have a scalable webserver building block made up of smaller blocks.21:10
inc0can we start by makind deployment robust with current config generation please?21:10
inc0or have it pararell, that works too21:10
inc0if we have volunteers to take on it21:10
inc0but for foxtrot sake don't block rest of the work on it21:10
inc0please21:11
kfox1111the idea is nginx is your basic webserver, and git was added as a sidecar to greatly ehnance its base functionality21:11
kfox1111does that make sense?21:11
inc0deployment with ansible-gen configs >> no deployment in ocata21:11
sdakegod it21:11
sdakegot it21:11
sdakeso can you explain how we get helm to work with our config maps we register with our third party resource associated with our operator?21:12
kfox1111in that model a k8s object is the glue that ties it all together.21:12
kfox1111helm just deploys the k8s glue.21:12
kfox1111it doesnt' touch configmaps or third party resoruces.21:12
sdakeeven if the helm package has configmaps in it?21:12
kfox1111the operator drives helm to create the microservices.21:12
kfox1111I dont think we do configmaps in helm.21:12
kfox1111(if an human operator wants to upload configmaps with their own heml packages, thats fine)21:13
kfox1111(we just arn't going to do that with our stuff)21:13
sdakeso helm packages all the stuff together, config provided to helm during launching how?21:14
sdakeby the operator preregisteirng the configmaps?21:14
kfox1111helm doens't need the config map.21:14
kfox1111it creates a k8s object that does though.21:14
sdakeno but the applications that helm launch do21:14
kfox1111the operator will create it, or a human will.21:14
kfox1111our helm packages wil lassume they already exist.21:15
*** fguillot has quit IRC21:15
kfox1111and even if they don't, k8s just keeps slwoly retrying until they show up.21:15
sdakeoperator does following then:21:16
sdake1. reads configmap from (???)21:16
sdake(the software operator)21:16
kfox1111operators read 3rd party resources.21:16
sdakeoperator does following then:21:16
sdake1. reads configmap from third party resource21:16
sdakeright21:16
sdake2. creates db21:16
sdake3. creates db user21:16
sdake4. creates keystone user21:16
sdake5. creates keystone role if needed21:17
kfox11111. configmap data, and optional helm override vars.21:17
sdake6. reads the configmap data from thirdparty resource and writes it into helm packaging21:17
sdake7. produces a helm package21:17
sdake8. uses helm install to launch the schebang?21:17
kfox11116. no. writes it to configmaps.21:17
kfox1111skip 7.21:17
sdakewe dont need a helm package?21:17
kfox11118 use helm to launch helm packages.21:18
kfox1111we don't need an overarching helm package for a service, or configmaps.21:18
kfox1111just helm packages for the microservices.21:18
sdakeok so in this model helm is taking place of micro-operator21:18
kfox1111helm install kolla/neutron-l3-agent21:18
sdakewhat other value does that add?21:19
kfox1111yeah, kind of, yeah.21:19
kfox1111sdake: the stuff defined in that doc you had me write on "why helm" :)21:19
inc0https://github.com/inc0/navigator21:19
sdakei havne't seen that doc kfox111121:19
inc0thoughts?21:19
sdakebut i'd love to read it :)21:19
kfox1111sdake: https://etherpad.openstack.org/p/kolla-ocata-summit-kolla-k8s-road-map please read. will make it much easer it me. :)21:20
sdakeinc0 looks ambitious :)21:20
kfox1111the "helm thoughts" section.21:20
inc0not as much21:20
inc0it's really only reimplementation of heat21:20
inc0:P21:20
inc0but in reality it won't be that hard for k8s21:21
sdakelines 64+?21:21
kfox1111inc0: I think your are just thinking deployment and not upgrades.21:21
kfox1111deployment is pretty easy. upgrades, not so much.21:21
inc0kfox1111, negative, upgrades can be done in this model too21:21
kfox1111sdake: 60+21:21
kfox1111inc0: sure. but I think it will be hard. thats all. :)21:22
inc0so this will stretch 3. keep it running21:22
sdakekfox1111 ok - so in a nutshell, operators don't offer enough flexibility since they onlly operate in "one domain"21:22
sdakekfox1111 whereas helm can operate in many21:22
inc0it will do while: true > check end state and match existing to end21:22
kfox1111sdake: one of the reasons, yes.21:23
inc0wanna do nova db_migration? kubectl delete job nova_bootstrap21:23
kfox1111sdake: I want to be able to use layers helm down, without using operators at all.21:23
kfox1111or selectively use some operators too.21:23
kfox1111inc0: nova migration's never been that easy. :/21:23
sdakekfox1111 you spoke about helm at the microservice level21:24
inc0kfox1111, well it will rerun job in this case21:24
sdakewht about at the service level?21:24
kfox1111sdake: operators are the service level.21:24
sdakeand helm doesn't make sense there because?21:24
rhalliseysdake, service level is workflow21:25
sdake(in addition to operators I mean)21:25
kfox1111at the service level, things need workflow.21:25
kfox1111helm's is too basic I think.21:25
inc0kfox1111, upgrade will go like this: delete nova_bootstrap job -> this mechanism will rebootstrap21:25
kfox1111it very well may grow it at some point though.21:25
inc0k8s rolling upgrade after that21:25
kfox1111inc0: thats not how it traditionally has worked.21:26
inc0kfox1111, how did it work traditionally?21:26
sdakekfox1111 then above that service level is helm?21:26
kfox1111they usually have several phases where there are expand and contracts in between.21:26
sdakeor an overarching operator?21:26
inc0ah, not with nova21:26
kfox1111services are restarted in between.21:26
inc0so take a look at our upgrade plays21:26
kfox1111compte-kit-operator -> service-operator -> helm -> k8s -> kolla-containers21:27
inc0but I agree kfox1111 it needs more tinkering21:27
kfox1111inc0: no downtime upgrades are becoming a thing, and they are complex.21:27
sdakeok my brain has become eventually consistent with our discussion21:27
inc0kfox1111, not really21:27
inc0well21:27
inc0yeah21:27
inc0sighub services after upgrade and all that21:28
inc0we won't solve it in k8s anytime soon21:28
kfox1111and each service wants to implement 0 downtime upgrades differently. :/21:28
inc0yeah21:28
inc0we won't solve it in k8s anytime soon\21:28
kfox1111so the logic will be different in each operator. :/21:28
*** mgiles has quit IRC21:28
inc0so here's my approach21:28
inc01.0 doesn't need upgrades in full scope21:29
inc02.0 does21:29
kfox1111so long as we don't make upgrades and we leave ourselves an easy path to enabling them, I'm good. :)21:29
sdakeinc0 ya thats what i told hogepodge :)21:29
inc0so for 1.0 we need to allow deploy and not burn bridges before upgrade21:29
kfox1111cause upgrade will be hard enough without adding more hardness to it. :)21:29
kfox1111yeah.21:29
kfox1111+121:29
sdakeat cncf21:29
inc0but if we try to solve it now, we'll fail to deliver for ocata21:29
rhalliseyagreed21:29
inc0and we can't fail to deliver for ocata21:29
* kfox1111 nods21:30
sdakei tend to believe we can sneak reconfig in there too21:30
inc0so, is this approach acceptable for PoC? https://github.com/inc0/navigator/blob/master/mariadb.yaml21:30
kfox1111so.. here's the deal....21:31
inc0sdake, agree we'd love to, but again, priority 1 - deploy21:31
kfox1111I wantn multi-instance mariadb.21:31
kfox1111and rabbit.21:31
kfox1111the logic has to work in that case.21:31
inc0well, you do this with pod definition and such21:31
inc0so not really operator21:32
inc0init container and bootstrap jobs21:32
inc0and configmaps21:32
kfox1111yeah. just thorwing that out there.21:32
sdakewhat is mariadb_configmap21:32
kfox1111gota be caureful not to code in assumptions like, there is only ever one mariadb named "mariadb"21:32
inc0this will only run stuff in correct order21:32
sdakea container?21:32
inc0sdake, it's configmap...21:32
inc0config file in k8s21:32
inc0has to exist before run mariadb21:32
sdakenah it goes in a third party resource21:32
kfox1111inc0: this kind of replicates whatas in kolla-kubernetes/etc/kolla-kubernetes/services.yaml21:33
inc0sdake, k8s != helm21:33
sdakei think what you want is a third party resource there instead of configmap inc021:33
kfox1111thoug the workflow bit is a bit a bit rusty.21:33
inc0kfox1111, with added notion of deps in between21:33
kfox1111yeah.21:33
inc0I'm pretty sure we want configmap21:33
inc0configmap is k8s native mechanism21:33
kfox1111yeah. we do want configmaps.21:33
inc0you21:34
sdakei'm pretty sure config maps get loaded into third party objects ;)21:34
kfox1111and a helm package too.21:34
*** Jeffrey4l has quit IRC21:34
inc0you're mixing names sdake21:34
kfox1111sdake: when driven by operators, yes.21:34
inc0we need to generate our own configs21:34
sdakeinc0 plase read the scrollback21:34
kfox1111and the operator puts it in a configmap when requested.21:34
sdakewe just had a 4 hour debate on this topic21:34
kfox1111we probably need to diagram all this stuff and get it ritten down.21:35
rhalliseyya I'll get it in the spec21:35
srwilkerskfxo1111: agreed21:35
inc0and agree on nomenclature21:35
kfox1111so we won't have to keep talking about it for anyone new that wants to come in.21:35
kfox1111ok. gota go for a while. lets iterate on the spec for a bit with what we got so far. a lot of progress I think though. :)21:49
*** berendt has quit IRC21:57
*** v1k0d3n has joined #openstack-kolla21:59
*** nihilifer has quit IRC22:00
*** lrensing has quit IRC22:01
srwilkerswelcome to the party v1k0d3n22:01
v1k0d3nhey!22:02
v1k0d3nis there a party?22:02
v1k0d3ni think i'm late22:02
srwilkersvery late22:03
srwilkersbeen an all day ordeal22:03
srwilkersand now all's quiet22:03
v1k0d3nhello kfox111122:03
v1k0d3noh boy22:03
kfox1111v1k0d3n: ping22:03
v1k0d3npong22:04
inc0v1k0d3n, I'm ragecoding operator to deal with deps22:04
v1k0d3nlol22:05
srwilkersinc0 in prolog? XD22:05
v1k0d3nyou know...it's always good when someone say's they're ragecoding.22:05
kfox1111v1k0d3n: pm22:05
*** n3v3rm0r3r has joined #openstack-kolla22:07
sdakei rage diagram22:10
sdakewhen i'm in a rage22:10
inc0I need whiteboard in my home22:12
srwilkersim actually about to hit half the walls in my office at home with whiteboard paint22:13
srwilkerspretty excited about it22:13
*** hyakuhei has joined #openstack-kolla22:13
kfox1111oh, whiteboard paint. nice. :)22:14
inc0yeah, that'd be great22:14
inc0when I have house, that's what I'm going to do in study22:14
kfox1111:)22:14
wirehead_Dono, I’ve got a whiteboard in my geekroom, but I’m usually finding that I end up using Paper on my iPad.22:16
inc0I overuse mindmaps22:18
*** krtaylor has quit IRC22:20
*** schwicht has quit IRC22:24
kfox1111inc0: btw, if you look at kolla-kubernetes/tests/bin/ceph_workflow,22:24
kfox1111it has some dep stuff encoded in it.22:24
kfox1111indirectly.22:24
inc0yeah, I'll probably use execs with kolla-k8s cli for purpose of PoC22:25
*** v1k0d3n has quit IRC22:26
*** jtriley has quit IRC22:27
wirehead_I dono, I’m an incredibly visual thinker, but I’m finding that I need to diagram problems less and less.22:30
kfox1111yeah. I find them most useful when I'm trying to explain an idea to others.22:31
kfox1111I can see the diagram just fine in my head most of the time. its getting someone else to see it thats hard. :)22:31
*** srwilkers has quit IRC22:34
*** dave-mccowan has quit IRC22:38
*** jheroux has quit IRC22:38
*** ayoung has quit IRC22:39
*** hyakuhei has quit IRC22:42
*** hyakuhei has joined #openstack-kolla22:42
*** hyakuhei has quit IRC22:42
*** hyakuhei has joined #openstack-kolla22:42
*** schwicht has joined #openstack-kolla22:44
*** Pavo_ has joined #openstack-kolla22:47
*** Pavo has quit IRC22:51
*** Pavo_ is now known as Pavo22:51
*** schwicht has quit IRC23:02
*** v1k0d3n has joined #openstack-kolla23:04
*** Pavo has quit IRC23:05
*** lamt has quit IRC23:05
*** Pavo has joined #openstack-kolla23:05
*** v1k0d3n has quit IRC23:09
*** krtaylor has joined #openstack-kolla23:10
*** schwicht has joined #openstack-kolla23:12
*** chas_ has quit IRC23:17
*** msimonin has quit IRC23:18
*** chas_ has joined #openstack-kolla23:18
*** chas_ has quit IRC23:20
*** chas_ has joined #openstack-kolla23:20
*** absubram has quit IRC23:21
*** chas_ has quit IRC23:25
*** Pavo_ has joined #openstack-kolla23:28
*** schwicht has quit IRC23:29
*** Jeffrey4l has joined #openstack-kolla23:31
*** nihilifer has joined #openstack-kolla23:31
*** Pavo has quit IRC23:32
*** Pavo_ is now known as Pavo23:32
*** schwicht has joined #openstack-kolla23:32
*** srwilkers has joined #openstack-kolla23:34
sdakekfox1111 no doubt re diagrms23:34
*** schwicht has quit IRC23:35
*** Pavo has quit IRC23:36
sdakeinc0 while your rage coding23:37
sdakeare you aware of the need for third party resources23:37
inc0wassup23:37
inc0still can be done23:37
sdakewhat i mean is if you are going to prototype operators might as well do it right with third party resources23:37
inc0so by third party resources you mean somebody else adding a config from external?23:38
*** Pavo has joined #openstack-kolla23:38
sdakethird party resources are how you control operators23:38
sdakerhallisey you have that exntending api link handy?23:38
*** nihilifer has quit IRC23:38
rhalliseyhttps://github.com/kubernetes/kubernetes/blob/master/docs/design/extending-api.md23:39
sdakeyou make one of those23:39
sdakefor each operator your controlling23:39
sdakein it feeds configmaps, globals.yml, and whatever other stuff we need23:40
inc0completely orthogonal to what I have in mind23:40
sdakewell then you are not ragecoding operators23:40
sdakeenjoy23:40
inc0I think you're too bound to names23:41
sdakeno, im bound to ideas23:41
inc03rd party resource is a type of resource you can add co k8s23:42
sdakeright23:42
inc0like pod or whatever23:42
sdakeand its purpose is to control an operator23:42
inc0I'm reusing k8s resources23:42
sdakehow do you control them?23:42
sdakehow do you update them?23:42
inc0operator is a pod..23:42
sdakeright23:42
sdakewith an associated...23:42
sdakewait for it...23:43
sdakethird party rsource23:43
inc0or any other mean to control it...23:43
inc0like idk...configmap?23:43
* srwilkers sits down with popcorn23:43
inc0I'm not solving API problem yet23:43
sdakethe design is well understood23:43
inc0wanna control it with resource, sure, whatever23:43
inc0it's a pod with code23:43
sdakewith api problem solved23:43
sdakewell i'll be interested to see what you turn out :)23:44
*** v1k0d3n has joined #openstack-kolla23:45
rhalliseysrwilkers, good idea.23:45
v1k0d3nhey all23:46
v1k0d3ni hear it's a busy day.23:46
v1k0d3n:D23:46
sdakeinc0 since you weren't aware of the third party resource link to operators, i'm curious, why are you calling it an operator?23:47
rhalliseyinc0, I think we should stick to the plan23:48
inc0operator is a code in a pod23:48
inc0that's what operator is23:48
rhalliseyor consider arguing a new one23:48
sdakeok, would you be willing to read one blog post then?23:48
inc0only if you give me a link23:49
sdakeworking on it23:49
rhalliseyinc0, I mean that's part of what an op is23:49
inc0guys, API of controlling this thing is still tbd23:49
inc0can be a resource, whatever23:49
inc0doesn't need any real API for deployment procedure23:50
sdakehttps://coreos.com/blog/introducing-operators.html23:50
sdakethere is a step by step in there of how to create an operator23:50
sdakesee step #2.23:50
*** ayoung has joined #openstack-kolla23:51
sdakeinc0 let me know when you see step #2 plz23:53
inc0ok...I can create third party resource called openstack23:53
inc0I've read it23:54
sdake1mb limit, which you would know if you read the scrollback ;)23:54
sdakeso openstack isn't granular enough23:54
inc0I just consider third party resource as a detail23:54
sdakeits how input is fed into the operator23:54
sdakeand the operator is controlled23:54
sdakethe operator doesn't pull data from magic places23:54
sdakeit needs to be fed to grow ;)23:54
sdakeif you consider input and control detials, i'm not sure how you consider workflow not a detail?23:55
inc0that's API which is....implementional detail23:56
inc0but I'll humor you, yes my idea can be controlled with it23:56
sdakeinc0 we have a full spec of this stuff - join in there - thats where we need you the most23:56
sdakeinc0 have you read the spec?23:58
« Sunday, 2016-11-13 Index Tuesday, 2016-11-15 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!