Sunday, 2016-11-20

*** huikang has quit IRC		00:05
*** huikang has joined #openstack-kolla		00:11
*** Pavo has quit IRC		00:21
*** tonanhngo has joined #openstack-kolla		00:25
*** Pavo has joined #openstack-kolla		00:26
*** tonanhngo has quit IRC		00:26
*** hfu has joined #openstack-kolla		00:28
*** huikang has quit IRC		00:37
*** v1k0d3n has joined #openstack-kolla		00:37
*** severion has joined #openstack-kolla		00:39
*** v1k0d3n has quit IRC		00:43
*** tonanhngo has joined #openstack-kolla		00:43
*** tonanhngo has quit IRC		00:44
*** v1k0d3n has joined #openstack-kolla		00:45
*** severion has quit IRC		00:48
*** tonanhngo has joined #openstack-kolla		01:04
*** tonanhngo has quit IRC		01:05
*** huikang has joined #openstack-kolla		01:09
openstackgerrit	Jeffrey Zhang proposed openstack/kolla: Add octavia docker image https://review.openstack.org/399896	01:12
kollabot1	Gerrit Code Review	01:12
*** zhubingbing has joined #openstack-kolla		01:16
*** ccesario has quit IRC		01:26
openstackgerrit	Jeffrey Zhang proposed openstack/kolla: DO_NOT_MERGE: TEST MASTER BRANCH https://review.openstack.org/399897	01:57
kollabot1	Gerrit Code Review	01:57
openstackgerrit	Jeffrey Zhang proposed openstack/kolla: Run init-once in kolla-ansible folder https://review.openstack.org/399898	02:01
kollabot1	Gerrit Code Review	02:01
*** tonanhngo has joined #openstack-kolla		02:03
openstackgerrit	Jeffrey Zhang proposed openstack/kolla: Add octavia docker image https://review.openstack.org/399896	02:04
kollabot1	Gerrit Code Review	02:04
*** tonanhngo has quit IRC		02:04
*** ccesario has joined #openstack-kolla		02:17
*** Pavo has quit IRC		02:21
*** tonanhngo has joined #openstack-kolla		02:24
*** Pavo has joined #openstack-kolla		02:25
*** tonanhngo has quit IRC		02:26
*** rhallisey has quit IRC		02:33
openstackgerrit	Jeffrey Zhang proposed openstack/kolla-ansible: Enable cinder backup tab in horizon https://review.openstack.org/399900	02:41
kollabot1	Gerrit Code Review	02:41
*** ccesario has quit IRC		02:44
*** tonanhngo has joined #openstack-kolla		02:44
*** tonanhngo has quit IRC		02:46
*** Jeffrey4l has quit IRC		02:53
*** ccesario has joined #openstack-kolla		02:56
*** tonanhngo has joined #openstack-kolla		03:04
*** tonanhngo has quit IRC		03:06
*** tonanhngo has joined #openstack-kolla		03:24
*** tonanhngo has quit IRC		03:26
*** fragatina has joined #openstack-kolla		03:32
*** dave-mccowan has joined #openstack-kolla		03:48
*** dave-mccowan has quit IRC		03:52
*** tonanhngo has joined #openstack-kolla		04:11
*** tonanhngo has quit IRC		04:13
*** Pavo has quit IRC		04:21
*** eaguilar has quit IRC		04:23
*** Pavo has joined #openstack-kolla		04:26
*** tonanhngo has joined #openstack-kolla		04:26
*** tonanhngo has quit IRC		04:29
*** tonanhngo has joined #openstack-kolla		04:45
*** huikang has quit IRC		04:46
*** tonanhngo has quit IRC		04:46
*** tonanhngo has joined #openstack-kolla		04:58
*** tonanhngo has quit IRC		04:59
*** Jeffrey4l has joined #openstack-kolla		05:01
*** tonanhngo has joined #openstack-kolla		05:15
*** huikang has joined #openstack-kolla		05:17
*** tonanhngo has quit IRC		05:17
*** huikang has quit IRC		05:18
*** zhubingbing has quit IRC		05:29
*** unicell1 has joined #openstack-kolla		05:59
*** unicell has quit IRC		05:59
*** unicell has joined #openstack-kolla		06:02
*** unicell1 has quit IRC		06:04
*** AnswerGuy has quit IRC		06:05
*** unicell1 has joined #openstack-kolla		06:10
*** unicell has quit IRC		06:11
*** tonanhngo has joined #openstack-kolla		06:14
*** tonanhngo has quit IRC		06:17
*** Pavo has quit IRC		06:21
*** Pavo has joined #openstack-kolla		06:25
*** tonanhngo has joined #openstack-kolla		06:35
*** tonanhngo has quit IRC		06:38
*** tonanhngo has joined #openstack-kolla		06:54
*** tonanhngo has quit IRC		06:55
*** tonanhngo has joined #openstack-kolla		07:15
*** tonanhngo has quit IRC		07:16
*** tonanhngo has joined #openstack-kolla		07:35
*** tonanhngo has quit IRC		07:38
*** senk has joined #openstack-kolla		07:49
*** newmember has joined #openstack-kolla		07:54
*** tonanhngo has joined #openstack-kolla		07:54
*** tonanhngo has quit IRC		07:57
*** x220_ has joined #openstack-kolla		07:59
*** newmember has quit IRC		08:01
*** sbezverk_ has joined #openstack-kolla		08:03
*** sbezverk has quit IRC		08:03
*** tonanhngo has joined #openstack-kolla		08:09
*** tonanhngo has quit IRC		08:11
*** Pavo has quit IRC		08:21
*** Pavo has joined #openstack-kolla		08:25
*** tonanhngo has joined #openstack-kolla		08:27
*** tonanhngo has quit IRC		08:27
*** nihilifer has joined #openstack-kolla		08:44
*** tonanhngo has joined #openstack-kolla		08:45
*** tonanhngo has quit IRC		08:47
*** tonanhngo has joined #openstack-kolla		09:04
*** tonanhngo has quit IRC		09:05
*** senk has quit IRC		09:06
*** x220_ has quit IRC		09:10
*** tonanhngo has joined #openstack-kolla		09:24
*** tonanhngo has quit IRC		09:27
*** tonanhngo has joined #openstack-kolla		09:45
*** tonanhngo has quit IRC		09:45
*** mgoddard has joined #openstack-kolla		09:50
*** papacz has joined #openstack-kolla		09:54
*** mgoddard has quit IRC		09:54
*** senk has joined #openstack-kolla		09:59
*** magicboiz has joined #openstack-kolla		10:01
*** tonanhngo has joined #openstack-kolla		10:04
*** tonanhngo has quit IRC		10:05
*** magicboiz has quit IRC		10:08
*** oxkipo has joined #openstack-kolla		10:15
oxkipo	Hi I cannot attach a cinder lvm volume to a instance. Also kolla/ubuntu-source-iscsid:3.0.1 this containers status is only created. Please may someone help me?	10:16
*** Pavo has quit IRC		10:21
*** tonanhngo has joined #openstack-kolla		10:25
*** Pavo has joined #openstack-kolla		10:26
*** tonanhngo has quit IRC		10:26
oxkipo	please may someone help me with this?	10:28
*** tonanhngo has joined #openstack-kolla		10:45
*** tonanhngo has quit IRC		10:47
oxkipo	please may someone help me with cinder?	10:52
*** papacz1 has joined #openstack-kolla		11:01
*** papacz2 has joined #openstack-kolla		11:04
*** papacz has quit IRC		11:04
*** tonanhngo has joined #openstack-kolla		11:05
*** papacz1 has quit IRC		11:06
*** tonanhngo has quit IRC		11:06
*** hfu has quit IRC		11:13
*** hfu has joined #openstack-kolla		11:15
*** hfu has quit IRC		11:16
*** oxkipo has quit IRC		11:16
*** hfu has joined #openstack-kolla		11:16
*** hfu has quit IRC		11:16
*** hfu has joined #openstack-kolla		11:17
*** hfu has quit IRC		11:17
*** tonanhngo has joined #openstack-kolla		11:35
*** tonanhngo has quit IRC		11:38
*** kristian2709 has joined #openstack-kolla		11:43
kristian2709	Hi please may someone help me fix cinder not assigning volumes to an instance?	11:45
*** tonanhngo has joined #openstack-kolla		11:55
*** tonanhngo has quit IRC		11:58
*** senk has quit IRC		12:02
*** portdirect_away is now known as portdirect		12:11
portdirect	kristian2709: sup?	12:11
*** david-lyle has joined #openstack-kolla		12:12
kristian2709	portdirect: I cannot attach a volume to the instance. It doesnt give me any error	12:12
portdirect	kristian2709: ok - at what point do you think its failing? can you access the logs for cinder (what backend are you using - my experience with ceph is very limited :( ) and nova-compute for the node running the vm?	12:14
*** tonanhngo has joined #openstack-kolla		12:15
*** david-lyle has quit IRC		12:17
*** tonanhngo has quit IRC		12:17
kristian2709	portdirect: my kolla installation is aio on a bare metal node with cinder and lvm configured on host	12:20
*** Pavo has quit IRC		12:21
portdirect	kristian2709: ok, can you look at the logs for cinder volume, and nova-compute and see at what point it is failing?	12:22
kristian2709	ok	12:22
*** hfu has joined #openstack-kolla		12:24
*** Pavo has joined #openstack-kolla		12:26
kristian2709	portdirect: strange now it works	12:26
kristian2709	dunno how	12:26
kristian2709	portdirect: please may you help me fix this issue?	12:40
kristian2709	vhttps://bugs.launchpad.net/nova/+bug/1642419	12:40
openstack	Launchpad bug 1642419 in OpenStack Compute (nova) "GPU Passthrough isn't working" [Medium,New]	12:40
kollabot1	Bug #1642419 “GPU Passthrough isn't working” : Bugs : OpenStack Compute (nova)	12:40
*** tonanhngo has joined #openstack-kolla		12:44
*** tonanhngo has quit IRC		12:47
portdirect	kristian2709: whoop! thats great - I'll have a look at the bug now	12:56
portdirect	kristian2709: K - I've only done GPU passthrough with nova-docker before (and not with kolla) any possibility you could get the logs from nova-compute in a gist to look at as well - whihc may be able to give me a better idea about whether this is an issue at the kolla or nova end?	13:00
portdirect	kristian2709: you running this on a gaming rig!?	13:03
kristian2709	portdirect: yes	13:04
*** tonanhngo has joined #openstack-kolla		13:04
kristian2709	also the logs should be there	13:04
portdirect	whoops - missed that - 2 sec	13:06
*** tonanhngo has quit IRC		13:06
kristian2709	np	13:07
portdirect	kristian2709: k, a few things I'd try:	13:09
kristian2709	ok	13:09
kristian2709	tell mw	13:09
kristian2709	*me	13:09
portdirect	get nova_compute running in the host-pid namespace: https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/nova/tasks/start_compute.yml#L49	13:10
kollabot1	kolla-ansible/start_compute.yml at master · openstack/kolla-ansible · GitHub	13:10
portdirect	also try both libvirt and nova_compute in the host ipc namespace	13:10
*** skramaja has quit IRC		13:11
*** uclug has joined #openstack-kolla		13:16
openstackgerrit	Jeffrey Zhang proposed openstack/kolla: Install mkfs.vfat tool in ironic-conductor image https://review.openstack.org/399957	13:16
kollabot1	Gerrit Code Review	13:16
*** hfu has quit IRC		13:19
*** hfu has joined #openstack-kolla		13:20
*** hfu has quit IRC		13:20
*** hfu has joined #openstack-kolla		13:21
openstackgerrit	Jeffrey Zhang proposed openstack/kolla: DO_NOT_MERGE: TEST NEWTON BRANCH https://review.openstack.org/386981	13:21
kollabot1	Gerrit Code Review	13:21
*** hfu has quit IRC		13:21
*** hfu has joined #openstack-kolla		13:21
*** uclug has quit IRC		13:22
*** hfu has quit IRC		13:22
*** hfu has joined #openstack-kolla		13:22
*** hfu has quit IRC		13:23
*** hfu has joined #openstack-kolla		13:23
*** hfu has quit IRC		13:23
*** zhubingbing has joined #openstack-kolla		13:26
*** eaguilar has joined #openstack-kolla		13:29
*** sp__ has joined #openstack-kolla		13:29
openstackgerrit	Merged openstack/kolla: Use upper constraints for all jobs in tox.ini https://review.openstack.org/384221	13:35
kollabot1	Gerrit Code Review	13:35
*** sdake has joined #openstack-kolla		13:48
*** sdake_ has joined #openstack-kolla		13:52
*** hfu has joined #openstack-kolla		13:52
*** sdake has quit IRC		13:53
*** sp__ has quit IRC		13:58
*** imcsk8_ has quit IRC		14:08
*** imcsk8 has joined #openstack-kolla		14:08
*** zhubingbing has quit IRC		14:10
*** rhallisey has joined #openstack-kolla		14:11
*** david-lyle has joined #openstack-kolla		14:14
*** tonanhngo has joined #openstack-kolla		14:14
*** tonanhngo has quit IRC		14:16
*** david-lyle has quit IRC		14:18
*** Pavo has quit IRC		14:21
*** Pavo has joined #openstack-kolla		14:26
*** tonanhngo has joined #openstack-kolla		14:34
*** tonanhngo has quit IRC		14:36
*** senk has joined #openstack-kolla		14:42
*** sdake has joined #openstack-kolla		14:52
*** sdake has quit IRC		14:54
*** sdake__ has joined #openstack-kolla		14:54
*** tonanhngo has joined #openstack-kolla		14:54
openstackgerrit	Merged openstack/kolla-ansible: typo error of keyring spelling https://review.openstack.org/399455	14:55
kollabot1	Gerrit Code Review	14:55
*** sdake__ has quit IRC		14:55
*** tonanhngo has quit IRC		14:55
*** sdake has joined #openstack-kolla		14:55
*** sdake_ has quit IRC		14:55
openstackgerrit	Merged openstack/kolla: Remove Ansible references from tox.ini https://review.openstack.org/399597	15:02
kollabot1	Gerrit Code Review	15:02
*** sdake_ has joined #openstack-kolla		15:06
*** sdake has quit IRC		15:10
*** hfu has quit IRC		15:15
*** tonanhngo has joined #openstack-kolla		15:16
*** hfu has joined #openstack-kolla		15:16
*** hfu has quit IRC		15:17
*** tonanhngo has quit IRC		15:17
*** senk has quit IRC		15:17
*** magicboiz has joined #openstack-kolla		15:20
*** eaguilar has quit IRC		15:28
*** tyrola has joined #openstack-kolla		15:29
openstackgerrit	Ryan Hallisey proposed openstack/kolla-kubernetes: Mariadb Kubernetes Operator https://review.openstack.org/399263	15:32
openstackgerrit	Ryan Hallisey proposed openstack/kolla-kubernetes: Kubernetes Operator base https://review.openstack.org/399262	15:32
kollabot1	Gerrit Code Review	15:32
openstackgerrit	Ryan Hallisey proposed openstack/kolla-kubernetes: Change services dir to templates dir https://review.openstack.org/399971	15:32
openstackgerrit	Ryan Hallisey proposed openstack/kolla-kubernetes: Service and Mariadb operator template https://review.openstack.org/399972	15:32
kollabot1	Gerrit Code Review	15:32
kollabot1	Gerrit Code Review	15:32
kollabot1	Gerrit Code Review	15:32
*** eaguilar has joined #openstack-kolla		15:38
*** eaguilar has quit IRC		15:40
*** v1k0d3n has quit IRC		15:45
*** v1k0d3n has joined #openstack-kolla		15:45
*** eaguilar has joined #openstack-kolla		15:48
*** eaguilar has quit IRC		16:00
*** senk has joined #openstack-kolla		16:06
portdirect	rhallisey: ping	16:13
*** tonanhngo has joined #openstack-kolla		16:15
rhallisey	portdirect, hey	16:15
portdirect	sunday workers :/	16:15
portdirect	looking at your operator work - can I play with any of it atm?	16:16
sbezverk_	portdirect: with this weather on east coast, what else can you do ;-)	16:16
*** tonanhngo has quit IRC		16:16
portdirect	come to scotland - I'll show you reall rain and misery :)	16:17
rhallisey	portdirect, ya sure	16:17
portdirect	any pointers?	16:18
sbezverk_	portdirect: visiting Scotland is definetly on my to do list :-)	16:18
*** jrist has quit IRC		16:19
rhallisey	portdirect, do you want to try it or develop it osme?	16:20
rhallisey	some*	16:20
portdirect	sbezverk_: hit me up anytime your through man, though I'd strongly recommed august for the Edinburgh Festival	16:20
rhallisey	the process to try it is a little annoying	16:20
*** jrist has joined #openstack-kolla		16:20
rhallisey	you have to build the base	16:20
rhallisey	then the mariadb-op	16:20
rhallisey	then create the resources	16:20
rhallisey	I haven't fully tried every piece yet	16:20
rhallisey	because I don't think I have all of them done yet	16:20
rhallisey	I think I need a deployment for the operator	16:21
portdirect	rhallisey: figured :)	16:21
*** Pavo has quit IRC		16:21
*** sdake_ has quit IRC		16:21
*** Pavo has joined #openstack-kolla		16:21
rhallisey	ya it's super rough atm	16:21
portdirect	that the early stages of a major WIP for you :)	16:22
rhallisey	ya	16:22
rhallisey	sbezverk_, how come we can't change the dir name?	16:22
rhallisey	helm patches haven't merged yet so I figured we'd make the change now	16:22
sbezverk_	rhallisey: I am not saying we cannot, but if you check Kevin's PS for helm	16:23
portdirect	mostly interested to make sure that I know whats going on so when I charge into development I'm going the right direction.	16:23
rhallisey	sbezverk_, right he uses it	16:23
sbezverk_	Kevin uses completely different approach	16:23
rhallisey	I'll check out what he has	16:23
Pavo	good morning everyone	16:24
sbezverk_	rhallisey: and even that structure is not even finalized.. if changing folder is not a show stopper for you, maybe we should hold a bit..	16:25
rhallisey	it's not the biggest deal, but it makes more sense to me in terms of structure	16:26
portdirect	rhallisey: I agree with that - as it's what they are - but makes it a bit tricky atm	16:28
rhallisey	sure	16:28
portdirect	Possibly the most usfull thing i could do right now is get kolla-build updated so we can build the images?	16:30
rhallisey	some things we need revolve around making sure the repos are good to work with both projects	16:31
portdirect	yup: I made a first stab here: https://review.openstack.org/#/c/395676/, but got some feedback from inc0 and kfox (which I agree with), though will leave tthe option of just building a single template dir for tings like koll-k8s only container builds	16:33
kollabot1	Gerrit Code Review	16:33
*** tonanhngo has joined #openstack-kolla		16:35
*** tonanhngo has quit IRC		16:38
sbezverk_	rhallisey: are you going to use helm to deploy a specific chart for a service example mariadb or some other form of template?	16:42
v1k0d3n	hey portdirect	16:42
v1k0d3n	is that halcyon stuff working out for you? do you think that would be good to write up in kolla docs as a decent dev solution for kolla?	16:43
v1k0d3n	sorry...kolla-k8s i mean	16:43
portdirect	v1k0d3n: halcyon's working great for me atm :)	16:46
*** g3ek has quit IRC		16:46
*** haplo37 has quit IRC		16:46
portdirect	though I've only really tried with with weave as that worked first time out of the box for me - i think using it was a basis flow local dev docs would be awesome	16:47
portdirect	*for not flow	16:48
rhallisey	sbezverk_, ya an operator will trigger a helm install	16:53
*** g3ek has joined #openstack-kolla		16:55
*** haplo37 has joined #openstack-kolla		16:56
v1k0d3n	operator as in person or operator container rhallisey ?	16:56
rhallisey	ugh that name	16:56
v1k0d3n	exactly :)	16:56
v1k0d3n	i am starting to wish i never brought up the subject.	16:56
portdirect	v1k0d3n: stop trolling :D	16:56
rhallisey	v1k0d3n, from what I understood about the context of sbezverk_, I'm referring to a kubernetes operator	16:57
v1k0d3n	i'm not. i'm seriously wondering, that's all.	16:57
rhallisey	we should re name it to admiral	16:57
v1k0d3n	ok	16:57
v1k0d3n	just checking	16:57
v1k0d3n	our workflow will be 100% developer driven.	16:57
v1k0d3n	so developer will push code. container registry sees commit tag, and build new release tag. helm is updated, and triggers CI. once CI completes, queues up for human to push-button deploy the update.	16:58
v1k0d3n	all developer-driven.	16:58
v1k0d3n	may even use some jira component to approach CD changes.	16:59
v1k0d3n	still thinking through these steps, but that's a general logic.	16:59
v1k0d3n	why i asked anyway.	16:59
portdirect	v1k0d3n: The only thing 'missing' from halcyon in my opionion at the moment is a helper script to set up creds for kubectl and helm on the machine running vagrant - I could knock up a quick bash script for that if your up for it?	16:59
rhallisey	gitcha	17:00
rhallisey	gotcha*	17:00
v1k0d3n	portdirect: absolutely.	17:00
v1k0d3n	would definitely accept that.	17:00
portdirect	5 mins :)	17:01
kristian2709	portdirect: still the same error with CPUID	17:03
sbezverk_	rhallisey: then it make sense to sync up with Kevin about templates..	17:09
rhallisey	ya I'll study his patch	17:09
rhallisey	I haven't yet	17:09
rhallisey	just a little, but I need to more	17:09
*** tyrola has quit IRC		17:11
*** bmace has quit IRC		17:11
*** bmace has joined #openstack-kolla		17:11
*** senk has quit IRC		17:12
*** tonanhngo has joined #openstack-kolla		17:14
v1k0d3n	so can anyone help me to understand an AIO deployment i am trying to stand up.	17:16
*** tonanhngo has quit IRC		17:16
v1k0d3n	i guess it's been a little while (and new version) since my last attempt.	17:16
v1k0d3n	i have two interfaces: em1 and em2 (ubuntu). em1 is the network_interface and em2 is the neutron_external_interface.	17:17
v1k0d3n	em1 is 192.168.70.25/24.	17:17
v1k0d3n	em2 does not have an ip of course, but is attached to a "public" subnet of 192.168.4.x/22.	17:17
v1k0d3n	after deployment, i configure a flat interface to physnet1. all good there.	17:18
v1k0d3n	then i want to create my pub-sub and create 192.168.4.0 net with a dhcp pool. hosts get an ip just fine...but for some reason i can't communicate to them. something i'm missing here?	17:19
v1k0d3n	192.168.4 and 192.168.70 are attached to the same router. should be fine there.	17:20
v1k0d3n	to be clear...can't ping 192.168.4.x hosts in the same broadcast domain.	17:21
v1k0d3n	tell me i'm doing something dumb here, please? :)	17:21
*** tonanhngo has joined #openstack-kolla		17:24
*** tonanhngo has quit IRC		17:26
*** magicboiz has quit IRC		17:33
*** tonanhngo has joined #openstack-kolla		17:36
* v1k0d3n realizes that it's a lazy sunday		17:37
portdirect	kristian2709: sorry dude, I'm not familiar enough with IOMMU to help you any further in a constructive manner :(	17:40
v1k0d3n	sbezverk_: are you around, or is it too late for you?	17:44
*** kwazar has quit IRC		17:55
*** timss has quit IRC		17:55
*** kwazar has joined #openstack-kolla		17:56
*** timss has joined #openstack-kolla		17:56
sbezverk_	v1k0d3n: hey, still around.. it is only 1pm here..	18:08
kristian2709	ok np	18:08
v1k0d3n	do you have any ideas or thoughts on above?	18:10
v1k0d3n	sbezverk_:	18:10
sbezverk_	v1k0d3n: reading	18:11
v1k0d3n	thing that is strange....i see the mac address for the instances on the 192.168.4.x subnet.	18:11
*** david-lyle has joined #openstack-kolla		18:11
sbezverk_	v1k0d3n: how about security rules?	18:12
*** pbourke has quit IRC		18:13
*** kristian2709 has quit IRC		18:13
*** pbourke has joined #openstack-kolla		18:13
v1k0d3n	yeah, that's always the first thing i look at. all good there.	18:13
sbezverk_	v1k0d3n: can you configm that your public interface is pluged to ovs bridge	18:14
sbezverk_	I meant confirm	18:14
sbezverk_	v1k0d3n: usually in this situation I just go step by step with tcpdmp and see where packets gets dropped..	18:15
sbezverk_	v1k0d3n: instance tap interface, linux bridge interface in/out, ovs interface, external interface, somewhere you will see packets stop crossing..	18:16
v1k0d3n	ah! got it.	18:16
v1k0d3n	all good sbezverk_	18:17
sbezverk_	v1k0d3n: what was it?	18:17
v1k0d3n	sbezverk_: really simple fix. had to add a route on the AIO host to send all 192.168.4.x traffic to em2.	18:18
v1k0d3n	in other words...really simple bonehead error :)	18:19
v1k0d3n	probably from lack of sleep or busy week... :)	18:19
sbezverk_	v1k0d3n: good catch!	18:19
portdirect	Thats caught me out before	18:19
v1k0d3n	sbezverk_: do you know if AIO deployments go haywire on reboots?	18:19
v1k0d3n	or is there any special considerations to make for an AIO development host?	18:20
v1k0d3n	like there is with OSA	18:20
*** Pavo has quit IRC		18:21
*** Pavo has joined #openstack-kolla		18:21
sbezverk_	v1k0d3n: Have not seen many issues with aio on reboot.	18:26
sbezverk_	in fact I do not recall even a single one	18:26
v1k0d3n	sbezverk_: so everything just comes up, or do i have to restart the containers?	18:26
sbezverk_	v1k0d3n: yep, if your docker autostarts, then everything should just come up	18:27
v1k0d3n	yeah that's great.	18:27
v1k0d3n	thanks sbezverk_	18:27
sbezverk_	v1k0d3n: np	18:28
*** hogepodge has quit IRC		18:34
*** sdake has joined #openstack-kolla		18:41
sdake	rhallisey we need operators for our operators - yo dawg!	18:42
rhallisey	:/	18:54
*** senk has joined #openstack-kolla		19:10
*** sdake has quit IRC		19:18
v1k0d3n	prediction for 2017: operators will be the most overused and abused term of the year :)	19:20
v1k0d3n	btw...can anyone riddle me this...?	19:22
portdirect	hot off the press: kubernetes 1.5 introduces 'users'.	19:22
v1k0d3n	i have an AIO without TLS, and i want to keep all configuration options (including running machihne) and just add TLS using ansible. possible?	19:22
v1k0d3n	portdirect: ha!	19:22
v1k0d3n	i'm going to have our team build the "consultant" container. it will claim to magically "improve" your CI/CD pipline, leave you with more questions than answers, and it bills you at the rate of $400 per hour automatically.	19:26
v1k0d3n	and it can scale without anyone's knowledge.	19:27
v1k0d3n	i.e. bring in more "consulting containers".	19:27
v1k0d3n	it can even bring in 3rd party resources when it can't get the job done.	19:27
portdirect	I know a few VC's who may be interested in that..	19:28
*** senk has quit IRC		19:31
v1k0d3n	rhallisey: can i just change globals to include TLS and redeploy without ansible messing up any of my running workloads or config?	19:32
v1k0d3n	again, this is for that aio i am building for development.	19:32
rhallisey	that's tricky	19:36
rhallisey	idk if you reconfigure will work with enabling tls	19:37
sbezverk_	portdirect: I am more concerned with this in 1.5 Rename PetSet to StatefulSet	19:38
portdirect	sbezverk_: i saw that; you know what logic's behind that?	19:39
rhallisey	let me think	19:40
rhallisey	..	19:40
*** dave-mccowan has joined #openstack-kolla		19:42
sbezverk_	portdirect: nope	19:43
rhallisey	v1k0d3n, I think you will be ok	19:44
rhallisey	nova will get restarted	19:44
sbezverk_	sbezverk_: I guess one way to verify is to load 1.5.0 beta 1 and test spec with kind: petset	19:44
rhallisey	but I don't think it will destroy infrastructure you have	19:45
v1k0d3n	rhallisey: so fyi...that completely killed my host :(	20:07
v1k0d3n	can't access anymore.	20:07
rhallisey	O.o	20:07
*** dave-mccowan has quit IRC		20:08
rhallisey	the vms? or the bm machine?	20:08
v1k0d3n	well, i guess there's a reliance on haproxy?	20:08
rhallisey	yes, endpoints get reset	20:09
v1k0d3n	horizon. i have aio with haproxy turned off.	20:09
v1k0d3n	just pointing to the internet	20:09
v1k0d3n	interface, sorry.	20:09
v1k0d3n	so i guess maybe removing it may correct? anyway...trying it just in case. don't want to have to rebuild or anything.	20:09
v1k0d3n	totally should've thought about that when i was blowing through the changes.	20:10
* v1k0d3n feels like a bonehead. rtfm.		20:12
rhallisey	hehe	20:12
v1k0d3n	to be fair...this is the first time i chose not to use haproxy.	20:13
v1k0d3n	trying to toy around with various options and reconfigure options. i want to rely on it more, and break it often. so this is good anyway.	20:14
*** Pavo has quit IRC		20:21
v1k0d3n	rhallisey: yeah that wacked everything out. i think i'm forced to rebuild :(	20:22
*** hogepodge has joined #openstack-kolla		20:22
rhallisey	ugh	20:22
rhallisey	darn	20:22
*** hogepodge has quit IRC		20:22
v1k0d3n	nova errors...errors all over the place.	20:23
*** hogepodge has joined #openstack-kolla		20:24
*** Pavo has joined #openstack-kolla		20:26
*** dave-mccowan has joined #openstack-kolla		20:46
*** kristian2709 has joined #openstack-kolla		20:46
kristian2709	Hi is anyone familiar with gpu passthrough?	20:51
*** Jeffrey4l has quit IRC		21:35
kristian2709	please may someone help me with pci passthrough?	21:36
v1k0d3n	kristian2709: sundays are really slow. the group will be more responsive tomorrow.	21:52
kristian2709	ok we will see	21:52
v1k0d3n	sbezverk_: you still around?	21:53
v1k0d3n	more questions if you're still hanging out.	21:53
*** dave-mccowan has quit IRC		21:59
*** portdirect is now known as portdirect_away		22:09
*** Pavo has quit IRC		22:21
*** rhallisey has quit IRC		22:23
*** Pavo has joined #openstack-kolla		22:26
*** sdake_ has joined #openstack-kolla		22:28
*** eaguilar has joined #openstack-kolla		22:30
*** eaguilar has quit IRC		22:38
v1k0d3n	does anyone know how i might be able to redeploy kolla on the same host without reinstalling everything?	22:38
v1k0d3n	i tried TLS and that failed...tried to go back and nova stopped working.	22:38
v1k0d3n	i'd like to clean and redeploy, but that's causing issues.	22:39
sdake_	v1k0d3n do you mean kolla-ansible?	22:39
v1k0d3n	there's got to be some cruft left over somewhere.	22:39
v1k0d3n	yes	22:39
sdake_	v1k0d3n did you run kolla-ansible destroy inbetween?	22:39
sdake_	note kolla-ansible takes a flag which does a super cleanup	22:40
v1k0d3n	another thing, i marked magnum and lbaas to be installed, but didn't seem to be enabled.	22:40
v1k0d3n	sdake_: i have done that yes.	22:40
sdake_	also tls does work	22:40
sdake_	;)	22:40
v1k0d3n	not sure what you mean. i know it does.	22:40
sdake_	so if you use destroy your system should be back in a pristine state	22:40
sdake_	i mean in our immplementation	22:41
sdake_	you said you tried tls and it failed	22:41
v1k0d3n	just didn't do it the first time of deploy, thihnking i could redeploy...	22:41
v1k0d3n	and that bombed	22:41
sdake_	oh right reconfigure of tls	22:41
sdake_	ya - reconfigure not meant for globals.yaml	22:41
v1k0d3n	i did try tls and it failed. right.	22:41
sdake_	bit of a misnomer	22:41
sdake_	reconfigure is limited to reconfiguring /etc/kolla/config	22:41
v1k0d3n	i asked ahead of time. was told should work.	22:41
v1k0d3n	so there is nothing here currently...destroyed.	22:42
sdake_	v1k0d3n the answer is some things work some of the times	22:42
v1k0d3n	when i redeploy no love.	22:42
v1k0d3n	lol	22:42
v1k0d3n	ok	22:42
sdake_	v1k0d3n so my answer is "globals.yaml cannot be reconfigured"	22:42
v1k0d3n	even after a destroy?	22:42
sdake_	nope a destroy should do a ttal cleanup	22:42
sdake_	so lets fi that	22:42
sdake_	did you pass the inventory file when you destroyed?	22:43
v1k0d3n	AIO	22:43
v1k0d3n	AIO for development	22:43
sdake_	got it	22:43
sdake_	ok so can you tell me how redeploy is failling?	22:43
v1k0d3n	could of things...in my statement.	22:44
v1k0d3n	LBaaS never seemed to deploy.	22:44
v1k0d3n	so no magnum.	22:44
v1k0d3n	that's a fail.	22:44
sdake_	upstream keeps doing funny things with lbaas	22:44
v1k0d3n	then when i redeploy, horizon fails, nova fails. endpoints are not working.	22:44
sdake_	so there is no "redeploy" do you mean after a destroy you deploy and everything craters?	22:45
v1k0d3n	so i am hoping that when i pick 3.0.1 it should be stable.	22:45
v1k0d3n	i will be clear.	22:45
v1k0d3n	this is ALWAYS after a destroy.	22:45
v1k0d3n	yes	22:45
sdake_	mind showing me the log of where it craters during deploy - or does deploy work correctly	22:46
sdake_	work/finish	22:46
v1k0d3n	currently destroyed.	22:46
sdake_	cool run script	22:46
sdake_	this will create a file called typescript in your cwd	22:46
sdake_	then run kolla-ansible deploy	22:46
sdake_	run with -vvv	22:46
sdake_	once that craters or finishes, type exit	22:47
sdake_	this will save a file called typescript	22:47
sdake_	then paste the contets of typescript somewhere	22:47
sdake_	if your on centos, you can yum install fpaste and fpaste typescript	22:47
sdake_	if your on some other distro not sure how to past efrom cli but i know its possible ;)	22:47
v1k0d3n	i'm not sure that's making sense to me....	22:48
sdake_	there is a command called script	22:48
v1k0d3n	cwd?	22:48
sdake_	cwd = current working directory	22:48
v1k0d3n	oh...yeah gotcha	22:48
sdake_	typescript will contain the contents of your shell run	22:48
sdake_	this is how i capture and share runs	22:49
v1k0d3n	and run script for kolla pull && kolla deploy?	22:49
sdake_	some other people use tee and stuff	22:49
sdake_	you run script once, it createa a subshell	22:49
v1k0d3n	also, what needs to be done to ensure lbaas and magnum?	22:49
v1k0d3n	that's sort of what i want to test.	22:49
sdake_	lets tackle that next	22:49
sdake_	i want to see where your at curently	22:49
sdake_	i get conflicting reports on magnum working vs not working	22:50
v1k0d3n	ok, so i removed all containers and images from the box and rebooted.	22:50
sdake_	it also wokrs for me	22:50
sdake_	aer you using ceph per chance?	22:50
v1k0d3n	you're saying do a kolla-ansible pull	22:50
v1k0d3n	then kolla-ansible deploy -vvv	22:50
v1k0d3n	correct?	22:50
v1k0d3n	no ceph	22:50
sdake_	did you run the script command first?	22:50
v1k0d3n	figured didn't need on an aio host	22:50
v1k0d3n	script?	22:51
sdake_	type "script"	22:51
sdake_	into your shell	22:51
sdake_	then type echo "hello world"	22:51
sdake_	then type exit	22:51
sdake_	then type cat typescript	22:51
sdake_	rather cat tyescript	22:51
v1k0d3n	i gotcha now. yup got it.	22:52
sdake_	ok	22:52
v1k0d3n	so do a kolla-ansible pull and then deploy, correct?	22:52
sdake_	so we are just giong to do the above exercise, except create a typescript for kolla-ansible deploy -vvv	22:52
v1k0d3n	well i want to get tls so need to check globals, and deploy certs	22:52
v1k0d3n	one sec	22:52
v1k0d3n	k pulling	22:54
v1k0d3n	as this is pulling and running, i am going to grab something to eat sdake_ you gonna be around in 30 mins? prob gonna take about 15-20 mins or so anyway.	22:55
sdake_	if my batteries dont run out	22:56
sdake_	24% atm	22:56
v1k0d3n	power outlet?	22:58
*** sdake has joined #openstack-kolla		22:58
v1k0d3n	well, wife wants to go with to get food apparently. changes my whole plan....	22:58
v1k0d3n	so i will probably be faster and can keep troubleshooting since shes on phone.	22:58
v1k0d3n	ok, running deploy with -vvv now.	22:59
*** sdake_ has quit IRC		23:02
*** eaguilar has joined #openstack-kolla		23:04
*** tonanhngo has quit IRC		23:05
*** bjolo has quit IRC		23:07
*** bjolo has joined #openstack-kolla		23:08
v1k0d3n	ok, so sdake same thing...	23:11
v1k0d3n	ran just fine...	23:12
v1k0d3n	cannot access horizon	23:12
v1k0d3n	redirects to TLS.	23:12
sdake	ok so that typescript file.. is where?	23:15
sdake	if you type exit	23:15
sdake	it will save it	23:16
sdake	the nyou can paste it :)	23:16
v1k0d3n	in cdir but that contains a lot	23:16
sdake	ya its a busy file	23:16
sdake	did it complete ?	23:16
sdake	if it completed the firs tthing i want to look at is the last 100 or so lines	23:17
sdake	so just paste that first if you like	23:17
v1k0d3n	are there any things you're looking for in particular?	23:17
sdake	what went wrong	23:17
v1k0d3n	first, the file is really large. the other thing is that passwords are in there.	23:17
sdake	ok well if yoru passwords are secure then thats not going to work	23:18
sdake	i had thought you used genpwd	23:18
sdake	so how about pasting the last 100 lines	23:18
v1k0d3n	horizon redirecting to SSL and fail	23:18
sdake	ther eshouldn't be anything there secure	23:18
sdake	i can't help with that information - i need full logs :)	23:18
sdake	but mayben ot even full	23:18
*** tonanhngo has joined #openstack-kolla		23:18
sdake	i need to see if any ansible jobs are "failed"	23:19
sdake	use tail to display the last parts of typescript	23:19
Pavo	what you doing	23:19
sdake	pavo walking v1k0d3n through a kolla-ansible tls deploy	23:20
sdake	pavo your using tls right?	23:21
Pavo	yeah	23:21
v1k0d3n	sdake: ...	23:21
v1k0d3n	so horizon is ignoring TLS	23:22
sdake	pavo cool maybe you can help v1k0d3n when my power drops out :)	23:22
sdake	at 8% atm	23:22
sdake	v1k0d3n i hear that, i need more information	23:22
v1k0d3n	ok	23:22
v1k0d3n	hey if you're at 8% don't worry about it.	23:22
sdake	i reserve it for you :)	23:23
sdake	show me the line that says pass / fail / etc	23:23
sdake	at the end of the ansible output	23:23
v1k0d3n	i will torch this. or try something else.	23:23
sdake	nothing secure about it	23:23
v1k0d3n	there is no fail in any of the deploy logs	23:23
sdake	the last bit of output	23:23
sdake	it says number of jobs completed etc	23:23
sdake	rather tasks	23:23
*** tonanhngo has quit IRC		23:23
v1k0d3n	something is cached. the endpoint is still there. when i curl the endpoint....	23:24
sdake	you jsut deployed	23:24
v1k0d3n	{"version": {"status": "stable", "updated": "2016-10-06T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.7", "links": [{"href": "http://192.168.70.25:5000/v3/", "rel": "self"}]}}	23:24
sdake	are you running a regisry?	23:25
v1k0d3n	...no?	23:25
sdake	cool	23:25
sdake	so i would expect the endpoint to respond unles you do a destroy	23:25
*** tonanhngo has joined #openstack-kolla		23:26
v1k0d3n	you said you need full log. anything from the log in particular?	23:26
v1k0d3n	the log looks like a clean deployment.	23:26
sdake	v1k0d3n the last 3 lines after kolla-ansible deploy	23:26
sdake	it says TASKS: xyz	23:26
*** eaguilar has quit IRC		23:27
sdake	there are two lines i'd take after this peice of ifnoratmion - either firewalld is a problem or your globals.yaml is misconfigured	23:28
sdake	but we need this pecie of information first to see if we move on to the next peice of debug	23:28
sdake	if there are failures in that last two lines thats a problem - and that needs fixing first	23:28
*** tonanhngo has quit IRC		23:28
v1k0d3n	confused.	23:29
sdake	right, thtas why i debug 1 step at a time :)	23:29
v1k0d3n	it worked with exact same globals -- the TLS portion.	23:29
sdake	your next step is to produce the end output of the deploy operation :)	23:30
Pavo	kolla-build, kolla-ansible bootsctrap server -i /usr/share/kolla/ansible/inventory/multinode, kolla-ansible certificates, kolla-ansible deploy -i /usr/share/kolla/ansible/inventory/multinode	23:30
Pavo	thats all I do	23:30
sdake	pavo v1k0d3n is AIO atm	23:30
Pavo	ah haven't done a deployment of aio yet	23:31
Pavo	I would assume its easier though	23:31
*** Jeffrey4l has joined #openstack-kolla		23:31
sdake	v1k0d3n are you in a vm?	23:31
Pavo	kolla-ansible certificates has to be done before deploy though	23:31
Pavo	for tls	23:31
v1k0d3n	no bare metal host	23:31
sdake	v1k0d3n you said it worked with same globals with tls, but then you changed (??X) and it stopped working	23:32
v1k0d3n	Pavo: i did certificates	23:32
sdake	what is the ??X above?	23:32
v1k0d3n	sdake: ..... again....	23:32
v1k0d3n	i deployed without TLS (commented out...default).	23:32
v1k0d3n	worked fine.	23:32
Pavo	v1k0d3n do you have a certifcates folder in /etc/kolla?	23:32
v1k0d3n	destroyed.	23:32
v1k0d3n	cleared all images and containers	23:32
v1k0d3n	gen certs	23:33
v1k0d3n	redeploy	23:33
v1k0d3n	really, really simple.	23:33
v1k0d3n	that's it	23:33
sdake	you misse dthe step in there where you changed globals.yaml	23:33
sdake	what did you change it to?	23:33
sdake	destroy has nothing to do with it :)	23:33
sdake	especially if you rebooted	23:34
v1k0d3n	sorry. of course i changed globals.	23:34
sdake	right - can you apste that plz	23:34
v1k0d3n	kolla_enable_tls_external: "yes"	23:34
v1k0d3n	kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/haproxy.pem"	23:34
v1k0d3n	that's it.	23:34
v1k0d3n	i wanted to change dns, but i didn't...i'm trying to step through.	23:35
sdake	we really need to modify our docs to include tls setup	23:35
v1k0d3n	sdake: isn't that what this is?	23:35
v1k0d3n	http://docs.openstack.org/developer/kolla/advanced-configuration.html	23:35
kollabot1	Advanced Configuration — kolla 4.0.0.0b2.dev45 documentation	23:35
Pavo	well you also have to have kolla_external_fqdn: as a domain name	23:36
v1k0d3n	http://docs.openstack.org/developer/kolla/advanced-configuration.html#self-signed-certificates	23:36
kollabot1	Advanced Configuration — kolla 4.0.0.0b2.dev45 documentation	23:36
sdake	cool	23:36
Pavo	if no domain name then no certs gets made	23:36
sdake	didn't know that hit the docs	23:36
v1k0d3n	Pavo: to be fair....i actually changed the fqdn as well during one attempt	23:36
v1k0d3n	well, certs get generated, but i think against the IP address and not a FQDN	23:36
Pavo	what kolla deployment version are you deploying?	23:37
sdake	# This should be a VIP, an unused IP on your network that will float between	23:37
sdake	# the hosts running keepalived for high-availability. It defaults to the	23:37
v1k0d3n	not quite sure on this.	23:37
sdake	# kolla_internal_vip_address, allowing internal and external communication to	23:37
sdake	# share the same address. Specify a kolla_external_vip_address to separate	23:37
sdake	# internal and external requests between two VIPs.	23:37
sdake	#kolla_external_vip_address: "{{ kolla_internal_vip_address }}"	23:37
Pavo	I use stable/mitaka	23:37
v1k0d3n	ok...	23:37
v1k0d3n	so right....	23:37
v1k0d3n	and i am not using HA	23:37
v1k0d3n	sorry...haproxy	23:37
sdake	tls is enabled via haproxy...	23:37
sdake	who on earth told you not to use haproxy?	23:37
sdake	i really wish people would stop giving out that advice	23:38
sdake	its bad!	23:38
v1k0d3n	right...but up above...even when i try to deploy W/O TLS it doesn't work now	23:38
v1k0d3n	and now we're back to the start... :)	23:38
Pavo	also v1k0d3n The kolla_internal_vip_address and kolla_external_vip_address must be different to enable TLS on the external network.	23:38
sdake	the docs are incomplete and should record this information	23:38
Pavo	that is from the docs sdake	23:39
Pavo	in the Note	23:39
sdake	pavo cool :)	23:39
v1k0d3n	ok, so i destroyed again.	23:39
sdake	how about pasting your globals.yaml this time :)	23:39
v1k0d3n	i need external and internal FQDN's	23:39
v1k0d3n	sdake: be glad to...but at this point, i want to know what it should actually be.	23:40
sdake	you said you have haproxy disabled	23:40
Pavo	but I do think the docs need to be completely rewritten in more of a guide stand point not just about the different areas of different settings, its need to be able to walk someone through a complete setup and deploy	23:40
sdake	that shouldn't be one of the things :)	23:40
sdake	if you had pasted the full logs this would have been the second thing i looked at	23:41
Pavo	no need for external and internal FQDNs, but you do need internal vip and external vip to be different	23:41
v1k0d3n	Pavo: OMG YES TO THIS!!!	23:41
v1k0d3n	user is guessing..."what is advanced?" "what is default"?	23:41
Pavo	exactly	23:41
v1k0d3n	how should user know from the start what is advanced?	23:41
Pavo	they are better than they were but still need alot more work	23:42
v1k0d3n	they will see..."enabled TLS" and think "oh, yeah...i wanted that".	23:42
v1k0d3n	then deploy...no precheck...no error...boom.	23:42
sdake	0%	23:42
sdake	not sure when my laptop drops off	23:42
v1k0d3n	well, for AIO, it should just be....done.	23:42
sdake	tls has a 30-300% inpact on performance	23:42
v1k0d3n	no guessing. just defaults. TLS is security. include it.	23:42
sdake	so we don't enable it by default	23:42
v1k0d3n	AIO sdake	23:43
Pavo	this is my multinode globals	23:43
Pavo	http://pastebin.com/eZbDjtTE	23:43
kollabot1	################### # Kolla options ################### # Valid options are [ - Pastebin.com	23:43
v1k0d3n	nobody is looking for optimal performance for AIO	23:43
*** sdake has quit IRC		23:43
Pavo	can someone try and get to https://ddi.hopto.org?	23:44
v1k0d3n	Pavo: no love to that link....	23:44
Pavo	damnit	23:44
Pavo	I hate my ISP	23:44
v1k0d3n	who?	23:45
Pavo	can you try 1 more time	23:45
v1k0d3n	same. no go.	23:45
Pavo	wtf tcpdump shows you trying to get to it	23:45
Pavo	so port forwarding is working	23:45
Pavo	wonder if my FQDN is messed up	23:46
*** sdake has joined #openstack-kolla		23:47
Pavo	I can get to it no problem from inside my network	23:47
sdake	v1k0d3n the problem with enabling TLS for AIO is it requires TWO vips not one	23:47
sdake	getting epople to understand ONE VIP is a challenge ;)	23:47
sdake	over 200 times i've debugged peoples envs that had TLS == host ip	23:48
sdake	i believe there is a precheck for that now ;-)	23:48
sdake	(note TLS==host ip doesn't work)	23:48
Pavo	true statement	23:48
sdake	learning kolla is incremental - not all at once :)	23:49
sdake	otherwise its overwhelming	23:49
sdake	not to say the docs don't suck	23:49
sdake	they indeed are not optimal	23:49
Pavo	I think the biggest issue with the docs right now is that both deployment methods are on the same page and is confusing	23:50
Pavo	they need to be seperated	23:50
sdake	you mean dev workflow and operator workflow pavo?	23:50
Pavo	1 page for production deploymnet and a seperate page for dev deployment	23:50
sdake	writing docs is harder then writing implementations ;)	23:50
v1k0d3n	Pavo: http://pastebin.com/LdrTdd8J	23:50
kollabot1	globals.yml - Pastebin.com	23:50
Pavo	and each one has a complete walk through on how to setup and deploy, then add advanced config examples	23:51
v1k0d3n	that's a WIP.	23:51
v1k0d3n	i have two interfaces....	23:51
sdake	yikes enable_haproxy: NO is wrong	23:51
v1k0d3n	one, no ip address.	23:51
v1k0d3n	working on it sdake	23:51
v1k0d3n	there are examples out there without it.	23:51
Pavo	v1k0d3n #kolla_external_vip_address: "{{ kolla_internal_vip_address }}" needs to be different	23:51
v1k0d3n	ah...btw... sdake including cisco	23:51
v1k0d3n	cisco dev learning	23:52
v1k0d3n	which is where this came from orig	23:52
sdake	line 41 needs needs a specific VIP	23:52
sdake	v1k0d3n cisco is a big place, not everyone talks to eveyrone else ;)	23:52
Pavo	#kolla_enable_tls_external: "yes" needs to be uncommented	23:52
sdake	v1k0d3n anyway when i work here i work upstream	23:52
Pavo	#kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/haproxy.pem" needs to be uncommented	23:53
v1k0d3n	so one sec...	23:53
v1k0d3n	one at a time?	23:53
v1k0d3n	i will change haproxy now	23:53
Pavo	I would also change #enable_central_logging: "no" to enable_central_logging: "yes"	23:53
Pavo	so you can TS easier	23:53
v1k0d3n	kolla external vip	23:53
v1k0d3n	i have two nics up	23:53
v1k0d3n	one without an ip address	23:53
v1k0d3n	and the other is what i access horizon on.	23:53
*** kristian2709 has quit IRC		23:54
sdake	right the external vip needs to be an unused address on your network	23:54
v1k0d3n	192.168.70.25 is horizon	23:54
v1k0d3n	so that is external?	23:54
sdake	the internal vip needs to be an unsued address on your network	23:54
sdake	you need both for tls to work correctly	23:54
v1k0d3n	so both need to be unused addresses?	23:54
sdake	right - now you see why its not enabled by default ;)	23:54
Pavo	internal vip is network that only admins would use to access horizon, external vip would be an address that everyone else would use to access horizon	23:54
v1k0d3n	so i want to be able to access horizon on 70.25.	23:55
Pavo	and if you did a destroy you need to reboot because those vip address do not get unused until reboot	23:55
v1k0d3n	i have name resolution on that.	23:55
v1k0d3n	so i need to re-IP my host to .24 or something?	23:55
sdake	kolla_internal_vip_address: "192.168.70.25"	23:56
sdake	what is 70.25?	23:56
sdake	your host?	23:56
Pavo	the IP address on the nic that its connected doesn;t matter, you will use your internal and external vips to access horizon	23:56
v1k0d3n	yes, host is 192.168.70.25.	23:56
sdake	ok, that needs to be an unused address such as 192.168.70.200	23:56
Pavo	^	23:56
sdake	(if 200 is in your network and unused)	23:56
v1k0d3n	ok, let me say this all in one string...maybe that is easier.	23:56
sdake	lets get aio with haproxy without tls working first ;)	23:56
v1k0d3n	i have DNS already set up to reach horizon...so the VIP needs to be 70.25....so i guess i need to re-IP address my host, is that correct?	23:57
Pavo	you can do kolla-ansible reconfigure to get tls working after you actually get everything else up	23:57
Pavo	v1k0d3nyes correct	23:57
sdake	right, if you re-ip your host, then .25 will be free for your internal vip - but your internal vip will not be TLS-ified	23:57
v1k0d3n	ok. let me readdress my host then.	23:57
Pavo	but make sure to reboot after you do	23:58
Pavo	so ARP can clear its cache	23:58
v1k0d3n	sdake: different issue. i am taking one step at a time.	23:58
v1k0d3n	addressing first.	23:58
v1k0d3n	Pavo: rebooting now	23:59
sdake	pavo he had no haproxy prior	23:59
sdake	a reboot wasnt' necessary	23:59
v1k0d3n	have ideas on how i can rewrite the docs.	23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!