Sunday, 2017-01-29

« Saturday, 2017-01-28 Index Monday, 2017-01-30 »
*** jtriley has joined #openstack-kolla00:13
Pavoif anyone is interested in helping with stress test00:14
Pavohttp://ddi.hopto.org:8080/signup_user_complete/?id=3ufq6eprabyx3eqaqkbgwoitow00:14
*** sdake_ has quit IRC00:31
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643800:42
*** saneax is now known as saneax-_-|AFK00:45
*** zhurong has joined #openstack-kolla00:48
*** sdake has joined #openstack-kolla00:48
*** zhurong has quit IRC00:51
kfox1111sbezverk: ping01:03
*** sayantani01 has quit IRC01:04
*** yuanying has joined #openstack-kolla01:06
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643801:07
sbezverkkfox1111: hey I wanted to check with you..01:08
sbezverkI consistently see one failure on ubuntu job when glance gets removed.. on all other jobs glance removal goes smooth, but on Ubuntu glance api pod gets stuck in Terminating phase more than 300 seconds01:10
sbezverkI am suspecting that maybe pre-delete hook is misbehaving in ubuntu01:10
kfox1111weird.01:11
sbezverkkfox1111: if you have a couple of minutes please check https://review.openstack.org/#/c/426438/1501:12
kfox1111sure. will do.01:12
sbezverkwhen it gets completed01:12
kfox1111you had a cinder one too, right?01:12
*** sdake has quit IRC01:13
*** l4yerffeJ has quit IRC01:14
*** l4yerffeJ has joined #openstack-kolla01:14
sbezverkkfox1111: yes I just added it too01:15
kfox1111k. yeah, would be curious if cinder has the same issue.01:15
sbezverkI will need to step out for a couple of hours. will check later01:16
kfox1111k. I'll try and keep an eye on it.01:16
openstackgerritEduardo Gonzalez proposed openstack/kolla: Add trove and sahara dashboard ubuntu binary  https://review.openstack.org/42653301:20
*** richwellum has joined #openstack-kolla01:22
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Check to see if Horizon is working in the gate.  https://review.openstack.org/42602501:22
*** sdake has joined #openstack-kolla01:31
*** tonanhngo has joined #openstack-kolla01:34
*** rhallisey has quit IRC01:38
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Periodic job fix 3  https://review.openstack.org/42653401:45
*** goldyfruit has quit IRC01:55
*** tonanhngo has quit IRC01:59
*** richwellum has quit IRC02:02
*** l4yerffeJ has quit IRC02:02
*** sdake has quit IRC02:03
*** sdake has joined #openstack-kolla02:12
*** eaguilar has joined #openstack-kolla02:13
*** tonanhngo has joined #openstack-kolla02:14
*** tonanhngo has quit IRC02:19
*** unicell has quit IRC02:24
*** msimonin has joined #openstack-kolla02:28
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Check to see if Horizon is working in the gate.  https://review.openstack.org/42602502:39
kfox1111kolla-kubernetes reviewers for this please: https://review.openstack.org/#/c/426534/02:40
Pavoif anyone is interested in helping with stress test02:41
Pavohttp://ddi.hopto.org:8080/signup_user_complete/?id=3ufq6eprabyx3eqaqkbgwoitow02:41
*** sdake has quit IRC02:50
*** sayantani01 has joined #openstack-kolla03:07
*** goldyfruit has joined #openstack-kolla03:15
*** dave-mccowan has joined #openstack-kolla03:27
*** sdake has joined #openstack-kolla03:31
*** tonanhngo has joined #openstack-kolla03:32
*** eaguilar has quit IRC03:36
*** hfu has joined #openstack-kolla03:37
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643803:52
*** dave-mccowan has quit IRC03:57
*** sdake has quit IRC03:58
*** sdake has joined #openstack-kolla04:02
openstackgerritMerged openstack/kolla-kubernetes: Periodic job fix 3  https://review.openstack.org/42653404:15
*** tonanhngo has quit IRC04:23
*** tonanhngo has joined #openstack-kolla04:24
*** tonanhngo has quit IRC04:28
*** lamt has joined #openstack-kolla04:31
*** adrian_otto has joined #openstack-kolla04:51
*** lamt has quit IRC05:02
*** adrian_otto has quit IRC05:03
*** unicell has joined #openstack-kolla05:34
*** goldyfruit has quit IRC05:35
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643805:36
*** lamt has joined #openstack-kolla06:04
*** haplo37 has quit IRC06:05
*** g3ek has quit IRC06:06
*** haplo37 has joined #openstack-kolla06:09
*** g3ek has joined #openstack-kolla06:09
*** ipsecguy_ has joined #openstack-kolla06:10
*** ipsecguy has quit IRC06:11
*** lamt has quit IRC06:24
*** lamt has joined #openstack-kolla06:34
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643806:35
*** saneax-_-|AFK is now known as saneax06:37
*** jtriley has quit IRC06:54
*** lamt has quit IRC06:59
*** yuanying_ has joined #openstack-kolla07:06
*** bmace_ has quit IRC07:08
*** bmace_ has joined #openstack-kolla07:08
*** yuanying has quit IRC07:09
*** sayantani01 has quit IRC07:12
*** zhubingbing has joined #openstack-kolla07:27
zhubingbinghello guys07:28
*** tonanhngo has joined #openstack-kolla07:34
*** tonanhngo has quit IRC07:39
*** saneax is now known as saneax-_-|AFK07:54
*** skramaja has quit IRC07:55
zhubingbinghello guys07:57
*** skramaja_ has joined #openstack-kolla07:59
*** zhubingbing has quit IRC08:00
*** saneax-_-|AFK is now known as saneax08:06
*** sdake_ has joined #openstack-kolla08:43
*** sdake has quit IRC08:45
*** saneax is now known as saneax-_-|AFK08:45
*** sdake has joined #openstack-kolla08:49
*** sdake_ has quit IRC08:49
*** msimonin1 has joined #openstack-kolla08:50
*** msimonin has quit IRC08:53
*** mgoddard has joined #openstack-kolla09:17
*** matrohon has joined #openstack-kolla09:47
*** msimonin1 has quit IRC09:58
*** zhubingbing has joined #openstack-kolla10:10
*** sdake has quit IRC10:28
*** pbourke has quit IRC10:31
*** pbourke has joined #openstack-kolla10:32
*** matrohon has quit IRC10:47
*** saneax-_-|AFK is now known as saneax10:54
*** klindgren_ has joined #openstack-kolla10:56
*** mgoddard has quit IRC10:58
*** klindgren has quit IRC10:59
*** mgoddard has joined #openstack-kolla11:24
*** yuanying_ has quit IRC11:39
*** mgoddard has quit IRC11:45
*** mgoddard has joined #openstack-kolla12:03
*** mgoddard has quit IRC12:11
*** matrohon has joined #openstack-kolla12:23
*** sdake has joined #openstack-kolla12:28
*** leseb has quit IRC12:31
*** leseb has joined #openstack-kolla12:36
*** saneax is now known as saneax-_-|AFK12:49
*** kristian__ has joined #openstack-kolla12:59
*** sdake has quit IRC13:24
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643813:37
*** matrohon has quit IRC13:44
*** hfu has quit IRC13:51
openstackgerritMerged openstack/kolla: remove /var/log/trove in trove dockerfile  https://review.openstack.org/42625413:52
*** hfu has joined #openstack-kolla13:52
openstackgerritMerged openstack/kolla: Fix code format ceilometer_compute dockerfile  https://review.openstack.org/42622413:53
*** hfu has quit IRC13:53
*** hfu has joined #openstack-kolla13:55
*** hfu has quit IRC13:55
*** crushil has joined #openstack-kolla14:00
*** crushil has quit IRC14:08
*** kristia__ has joined #openstack-kolla14:09
*** kristian__ has quit IRC14:12
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643814:21
*** kristian__ has joined #openstack-kolla14:24
*** kristia__ has quit IRC14:27
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643814:29
*** crushil has joined #openstack-kolla14:40
*** kristian__ has quit IRC14:43
*** kristia__ has joined #openstack-kolla14:43
*** kristia__ has quit IRC14:48
*** crushil has quit IRC14:55
*** kristian__ has joined #openstack-kolla14:56
*** tonanhngo has joined #openstack-kolla14:58
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643815:00
*** sayantani01 has joined #openstack-kolla15:00
*** tonanhngo has quit IRC15:03
*** goldyfruit has joined #openstack-kolla15:05
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643815:09
*** sdake has joined #openstack-kolla15:10
*** sdake has quit IRC15:10
*** sdake has joined #openstack-kolla15:10
*** sdake has quit IRC15:15
*** sdake has joined #openstack-kolla15:18
*** kristia__ has joined #openstack-kolla15:22
*** kristian__ has quit IRC15:25
*** adrian_otto has joined #openstack-kolla15:36
*** dims has quit IRC15:38
*** adrian_otto has quit IRC15:40
sbezverkkfox1111: if you show up this morning, please ping me. I found the issue with Terminating, need to discuss is you are ok with the proposed solution.15:50
*** tonanhngo has joined #openstack-kolla15:56
*** tonanhngo has quit IRC16:00
*** adrian_otto has joined #openstack-kolla16:03
*** adrian_otto has quit IRC16:07
*** kristian__ has joined #openstack-kolla16:09
*** kristia__ has quit IRC16:11
*** simon-AS559 has joined #openstack-kolla16:17
*** tonanhngo has joined #openstack-kolla16:37
*** tonanhngo has quit IRC16:41
kfox1111sbezverk: ping16:45
*** v1k0d3n has quit IRC16:46
kfox1111whats up?16:47
*** v1k0d3n has joined #openstack-kolla16:47
sbezverkkfox1111: hey please check glance clean up ps16:48
sbezverkI end up actually doing some other ;) clean up16:48
sbezverkit is all green16:48
kfox1111k. looking16:48
kfox1111the periodic gate worked this time. :) http://tarballs.openstack.org/kolla-kubernetes/gate/containers/16:48
kfox1111we have tarballs. :)16:49
sbezverkkfox1111: nice16:49
*** unicell has quit IRC16:53
*** v1k0d3n has quit IRC16:54
kfox1111sbezverk: ah. glance-api never got the haproxy disable feature.16:55
*** v1k0d3n has joined #openstack-kolla16:55
kfox1111sbezverk: alternately, it would be nice to see if we could figure out how to merge glance-api into the common template.16:56
kfox1111I think we just need an optional "extraThingy"'s kind of thing to make it work.16:57
*** kristia__ has joined #openstack-kolla16:59
sbezverkkfox1111: since this ps becomes kind of big16:59
sbezverkI can do it as a follow up one16:59
kfox1111sure.17:00
sbezverk kfox1111: bit the root cause of the issue was termination graceful period17:00
kfox1111found one potential major issue.17:00
kfox1111bit rot, how so?17:00
kfox1111my concern is somethign is actually broken now, and should be fixed.17:00
sbezverkkfox1111: when helm deletes release, pod will be sitting there for 2 days always17:01
*** kristian__ has quit IRC17:01
sbezverkfor the gate we need to use graceful period set to 017:01
kfox1111thats a bug for sure then.17:01
kfox1111shutdown shoudl happen properly with the large grace period. if not, its broken. :/17:02
sbezverkkfox1111: what you saw broken?17:02
kfox1111if you have to set the period to 0, it is broken.17:02
kfox1111termination should happen once all connections are dropped. erregardless of the termination delay.17:02
sbezverkkfox1111: got it17:02
kfox1111the termination delay is an upper bound.17:02
kfox1111uusually, if it takes more then a few minutes (user uploading a big image) then somethings wrong.17:03
kfox1111were you seeing it get stuck for multiple minutes?17:03
sbezverkmore than 5 minutes17:05
kfox1111hmm.... k. yeah, then somethings broken. :/17:06
sbezverkI bumpped up to 300 sec wait for termination17:06
sbezverkbut as soon as I used 0 as grace period it started working17:06
kfox1111yeah. cause it skips all safe shutdown checks. :/17:06
kfox1111so, do you have a log from when it took too long?17:07
*** tonanhngo has joined #openstack-kolla17:07
sbezverkI should have logs but remember that we delete by using helm delete17:08
sbezverkI cannot use --force keyword17:08
sbezverkkfox1111: http://logs.openstack.org/38/426438/13/check/gate-kolla-kubernetes-deploy-ubuntu-binary-2-ceph-nv/459389e/console.html#_2017-01-28_23_46_11_22633417:09
kfox1111I'm ok with having the option. just not using it in the gate.17:09
kfox1111thanks. looking.17:10
kfox1111hae you ever seen it with any of the other deployments, or just glance-api?17:10
sbezverksmae issue was with cinder17:11
sbezverkI fixed first glance17:11
kfox1111k.17:11
kfox1111http://logs.openstack.org/38/426438/13/check/gate-kolla-kubernetes-deploy-ubuntu-binary-2-ceph-nv/459389e/logs/pods/kolla-glance-api-1088032543-g31gb.txt is interesting.17:12
sbezverkthen cinder started misbahiving17:12
kfox1111the readyness hook stopped working when the shutdown was requested.17:12
kfox1111so most of it worked....17:12
*** absubram has joined #openstack-kolla17:12
*** tonanhngo has quit IRC17:12
kfox1111hmm...17:14
kfox1111so, the prestop hook on the main container waits for haproxy to exit.17:15
kfox1111it never kills anything though, so it uses the default termination handler on the main container...17:15
kfox1111haproxy looked like it shutdown ok maybe but not the main container...17:16
kfox1111perhaps the main containers aren't taking the terminate signal. I know some containers don't work with it out of the box.17:17
*** absubram has quit IRC17:17
*** negronjl has joined #openstack-kolla17:19
kfox1111so, yeah, the logs show the signal making it to haproxy and it shuts down.17:22
kfox1111If I had to guess, I'd say it was the glance-api container failing to respond to the terminate.17:24
kfox1111ok. can you please try adding the following to the main containers:17:24
kfox1111command: [/bin/bash, -c, 'trap "echo I'm dieing" TERM; kolla_start']17:25
kfox1111I'm guessing that might work, or at least should tell us if the signal's making it.17:27
*** tonanhngo has joined #openstack-kolla17:27
*** lamt has joined #openstack-kolla17:29
kfox1111uh.. I guess there's a quote problem there.17:30
kfox1111command: [/bin/bash, -c, 'trap "echo Im dieing" TERM; kolla_start']17:30
*** kristia__ has quit IRC17:31
sbezverkkfox1111: looks ok17:31
*** tonanhngo has quit IRC17:31
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643817:35
sbezverkkfox1111: what you are trying to catch with this command? cannot say I understand it..17:40
kfox1111so, normally when a pod is to be terminated,17:40
kfox1111each container'17:40
kfox1111s init process is given the TERM signal.17:41
kfox1111then it waits graceperiod amount of time before just kill -9'ing everything in the container to force it to die.17:41
kfox1111the default is 30 seconds.17:41
kfox1111this gives the container a chance to shutdown safely before it is hard killed.17:41
kfox1111some containers though don't listen to the TERM signal so they just stay alive forever.17:42
kfox1111usually the default 30 second timeout kicks in and shoots it anyway.17:42
kfox1111in the 0 case, your just forcing it to kill -9 everythign right away.17:42
*** brad[] has quit IRC17:45
sbezverkkfox1111: do you want me to remove from the gate 0 and re-test it?17:46
kfox1111yes please.17:47
sbezverkkfox1111: cool17:47
kfox1111it looks like its mostly working. just a minor bug to fix.17:47
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643817:49
sbezverkkfox1111: originally I thought that graceful period is not just upper boundary but the time pod always waits before killing itself17:50
kfox1111ah.17:50
*** simon-AS559 has quit IRC18:02
*** tonanhngo has joined #openstack-kolla18:08
sbezverkkfox1111: it did not like that command18:09
*** sdake has quit IRC18:10
kfox1111hmm...18:11
sbezverkextra ' because of I'm18:11
kfox1111yeah. sorry.18:11
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643818:11
*** lamt has quit IRC18:13
sbezverkkfox1111: :) np18:14
sbezverkkfox1111: if I understood your idea well, you want to see this message, when a container gets sig kill or terminate?18:15
kfox1111yeah.18:16
kfox1111it may just work, if bash passes on the TERM to its children.18:17
kfox1111if not, then we can tweak the trap to kill the kolla_start18:17
SamYaplekfox1111: first the container gets TERM, then it gets KILL18:24
SamYapleas long as it isn't using sudo, it should pass through the dumbinit just fine18:24
SamYapleit gets KILL after (by default) 10 seconds of not shuting down from a TERM18:24
kfox1111SamYaple: yeah, but we're not seeing that behavior.18:25
kfox1111k8s defaults to 30 seconds.18:25
kfox1111but we're overriding it to something longer,18:25
SamYaplewhat is crashing (dont know the context)18:25
kfox1111as things like glance image uploads can take longer then 30 seconds.18:25
kfox1111we're seeing a case where it looks like kolla_start isn't getting the term.18:26
SamYaplewhich service?18:26
kfox1111we're doing some more complicated orchestration.18:26
kfox1111so that connections complete before killing the api service.18:26
kfox1111the orchestartion seems to be working, but the final term to the api service isnt.18:27
kfox1111we're double checking the logic.18:27
kfox1111and adding tests to the gate to ensure it doesn't break again.18:27
SamYaplewell, kolla_start doesnt get the signal, because kolla_start isn't running18:27
kfox1111s/kolla_start/whatever it execs.18:28
SamYapledumbinit should be recieving the signal, but frankly i havent ever looked into the dumbinit kolla is running18:28
SamYapleso you should double check that18:28
kfox1111yeah.18:28
SamYaplei dont know what bash isn't used to be honest18:28
SamYaplebash reaps child processes18:28
kfox1111yeah. so wrapping it in bash just might fix it.18:29
SamYaplewell you dont even need to wrap it in bash18:29
SamYapleliterally remove exec and dumbinit18:29
SamYaplethats it18:29
kfox1111but will python reap its children?18:29
SamYapleno!18:29
kfox1111yeah. I didn't think so.18:29
SamYaplewell kind of. but mostly for what you are talking about, no18:30
SamYaplereally though, removing dumbinit and exec will mean you can trust the children are getting the proper flag18:30
kfox1111my understanding though, is if a process is init, it generally starts off ignoring TERM, unless it explicitly asks for it.18:31
sbezverkkfox1111: glance-api is crashing when that command is used18:34
*** brad[] has joined #openstack-kolla18:34
SamYaplebash passes all signals properly, by default. maybe it can be configured to ignore signals? i dont know18:35
kfox1111I mean non bash.18:36
kfox1111bash by default always sets a term handler.18:36
kfox1111sbezverk: the log is weird: http://logs.openstack.org/38/426438/26/check/gate-kolla-kubernetes-deploy-ubuntu-binary-2-ceph-nv/fb3e239/logs/pods/kolla-glance-api-845267455-cpwtz-main.txt18:36
SamYapleah. yea. really you guys are curling a random binary from the internet https://github.com/openstack/kolla/blob/master/docker/base/Dockerfile.j2#L31518:37
SamYapleand that freaks me out in general18:37
kfox1111+1.18:37
SamYaplei really dont know why that was let in. but i wasnt around for the discussion18:38
kfox1111really, docker shoudl provide a simple init I think.18:38
kfox1111its such a common use case. :/18:38
sbezverkkfox1111: I know but some jobs were successful18:40
SamYapleactually, strangely, dockers stance is you don't need an init, you should be restarting/recreating stuff so often that it shouldnt be a problem18:40
kfox1111sbezverk: yeah, really strange.18:40
SamYaplenot officially, but thats the things ive seen from devs18:40
sbezverkand it shows that we had to wait few seconds before the pod gets terminated18:40
kfox1111SamYaple: yeah, but child cleanup.18:41
*** kristian__ has joined #openstack-kolla18:41
kfox1111SamYaple: that stance shows a lack of understanding what init does.18:41
*** tonanhngo has quit IRC18:45
SamYaplekfox1111: im not disagring18:45
*** richwellum has joined #openstack-kolla18:45
SamYaplethats what i stick with bash18:45
SamYaplekfox1111: that said, you shouldnt have so many child processes that this becomes a problem if you are recreating the container once a week or so18:45
SamYaplei believe is the idea18:45
*** kristian__ has quit IRC18:45
*** tonanhngo has joined #openstack-kolla18:46
sbezverkkfox1111: any other ideas? other than go back to use grace period 0 until figure out more generic solution?18:48
kfox1111sbezverk: weird...18:49
kfox1111SamYaple: yeah, but they still are wrong. :)18:49
kfox1111SamYaple: some things just tend to fork off a lot of children. its pretty common/normal.18:50
kfox1111sbezverk: I think something else is wrong now.18:50
*** richwellum has quit IRC18:50
kfox1111it feels like more then a coincidence that the ceph ones are failing with the missing file,18:51
kfox1111and the iscis ones are all passing now.18:51
SamYaplehow are you orechstrating this?18:51
sbezverkSamYaple: two different orchestrations are used18:52
kfox1111part outside of k8s, part inside.18:52
sbezverkone is deployment by microservice and one by service with dependency18:52
*** tonanhngo has quit IRC18:53
kfox1111k8s has some build in orchestration around upgrading things, by18:53
kfox1111having it delete old version pods and create new ones.18:53
kfox1111to be seamless, the delete signal on the pod should block the termination until it has no more traffic.18:54
kfox1111the python services had no mechanism to do that.18:54
kfox1111so I put haproxy in front to do safe shutdowns, as it does support connection tracking/safe shutdown.18:55
SamYaplekfox1111: best way to do that is at the LB18:55
kfox1111essentially, yeah.18:55
SamYaplehaproxy/nginx _could_ do it in front, but that seems really heavy18:55
kfox1111a coule birds with one stone.18:56
kfox1111k8s provides a native l3 load balancer based on tcp.18:56
kfox1111iptables.18:56
kfox1111I then pair a haproxy listening on that, the python service on 127.0.0.1.18:57
SamYapleyea. i am building an nginx one18:57
kfox1111when tied in with ssl,18:57
kfox1111you can do ssl termination and connection tracking at the haproxy, and then pass the unencrypted traffic safely within the node.18:57
SamYapleso the problem with your last statement is that wont fly for any banks18:58
SamYapleeven though you are passing "encrypted" unencrypted traffic18:58
kfox1111why? it never crosses the network.18:58
SamYaplewe just went through this with a customer18:58
*** lamt has joined #openstack-kolla18:58
SamYaple"then pass the unencrypted traffic safely within the node"?18:58
SamYapleam i misundertsanding your statement?18:59
kfox1111within a single node, ssl termination happens on the haproxy sidecar for that pod, then is passed via loopback to the pod's python process.18:59
SamYapleah. yea that would probably be ok19:00
SamYapleim still building the nginx LB. i dont see how upgrades are going to happen without it19:00
SamYapleand i dont want to run haproxy/nginx per service19:00
kfox1111for k8s, the connection tracking plus k8s's native lb are enough for all api rolling upgrades,19:01
kfox1111except horizon.19:01
kfox1111and I've got a different ps for that in flight:19:01
kfox1111https://review.openstack.org/#/c/333996/19:01
*** unicell has joined #openstack-kolla19:02
kfox1111the sidecar haproxy + k8s lb gives a fully distributed lb. very scalable.19:02
kfox1111and the lb only has to know about the service its built into, so no tweaking it to add more services.19:03
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643819:03
kfox1111sbezverk: I think we were pretty close before.19:06
SamYaplekfox1111: i mean you make a good point about the distrubuted nature, but the lack of connection tracking and other abilities (like L7 balancing) make it a tough pill to swallow19:08
SamYapleand you arent going to get ssl termination either. so youll still need to throw in an LB somewhere19:09
kfox1111connection tracking's done distributed, right at the api service. as well as optionally, ssl termination.19:09
kfox1111different tools for different jobs.19:09
kfox1111theres two types of ssl termination too.19:10
kfox1111some sites want both for extra security.19:10
kfox1111ie,19:10
SamYaplesure, but you can't loadbalnce to ssl'd hosts19:11
kfox1111ssl termination layer 1, centeralized, with the main certs, so that the attack surface for getting the certs is smaller.19:11
kfox1111they ressl with an internal cert that goes to the endpoints and unterminated there.19:11
SamYapleso you are talking ssl termination, unencrypted to the nodes, then ssl'd again?19:11
kfox1111no. ssl both parts.19:11
SamYapleok, but you can't load balance to ssl'd hosts19:12
kfox1111say, you have a k8s managed service, with 3 haproxy frontend tls terminators.19:12
SamYapleso is the kubernetes LB doing ssl termination on both the external and internal side?19:12
kfox1111they then have https configured to talk to the backends.19:12
*** lamt has quit IRC19:12
kfox1111then you have a k8s service and api pods, each doing ssl termination of their own with haproxy sidecars.19:12
kfox1111kubernetes's native lb only does tcp lb.19:13
kfox1111which is ok for this use case.19:13
*** lamt has joined #openstack-kolla19:13
kfox1111I've got a graph, while wrongly labeled for this use case, might help.19:13
SamYaplethis will only be ok for stateless services. anything stateful like horizon is going to give you trouble19:14
SamYapleunless you use a shared bakend19:14
kfox1111yeah. ceph.19:14
kfox1111horzion is seperate issue.19:14
kfox1111https://review.openstack.org/#/c/333996/28/doc/source/kolla-kubernetes-horizon.png,unified19:14
kfox1111and thats where the graphic comes from. horizon's solution. :)19:14
kfox1111in the non horizon case, emagine the diagram with:19:15
kfox1111 * no backend version 2 services.19:15
kfox1111just the backend version 1 block.19:15
kfox1111"horizon frontend A/B" is really 'haproxy'19:16
SamYaplei see what you are trying to say, and im pretty sure there is still an issue there for you19:16
SamYaplei think kubernetes lack of LB flexibility is going to hurt you very quickly here19:16
SamYaplebut time will reveal all things19:16
kfox1111and horizon backend 1a/b is a "haproxy + python-api pair"19:17
SamYaplei won't comment on horizon. i don't exactly look to them for architecture advise. they have an historically bad track record there19:18
kfox1111I think they provide the bsare minimum flexibility to build much more flexible systems on top.19:18
kfox1111SamYaple: I didn't either. I assumed they will for sure break things between versions,19:18
kfox1111and designed a system that coudl handle that.19:18
kfox1111the only way that would work is with running multiple versions of horizon in parallel, and targeting the browser to the version it logged in on.19:19
*** tonanhngo has joined #openstack-kolla19:19
SamYaplei thought you said that graphic was from horizon?19:19
SamYaplelocking clients to singular horizon servers is strange19:20
kfox1111was using that graph as an example of how the other kind of looks. its a bit different but similar.19:20
kfox1111locking clients to clusters of horizon servers.19:20
kfox1111until they are drained.19:21
kfox1111so eventually the sessions will timeout and will hit a new server.19:21
*** kristian__ has joined #openstack-kolla19:23
*** tonanhngo has quit IRC19:24
*** lamt has quit IRC19:25
kfox1111sbezverk: I'm pretty confused by the result you got. the ps doesn't seem to change anything that would make glance.keyright not show up. but it was consistently doing so.19:26
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Pull container tallballs into the gate  https://review.openstack.org/42659819:28
*** sdake has joined #openstack-kolla19:29
*** lamt has joined #openstack-kolla19:29
sbezverkkfox1111: I had all gates green this morning, I am trying to get back to green state19:31
sbezverkso I am reverting these changes19:32
sbezverkand then go 1 step at the time19:32
kfox1111k.19:33
kfox1111oh...19:38
kfox1111looks like the selenium test fails sometimes as the browser pool is empty as its not fully up yet...19:39
kfox1111so, I need to wait for that...19:39
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643819:40
SamYapleidk kfox1111. i just cant get on board with this. a random client chosen from the available hosts. no way for least-connection type load balancing. no retiries for failed tcp. no L7 anything19:42
SamYapleim trying to wrap my brain around it, but you lose alot of assurances that make this difficult to swallow19:43
kfox1111SamYaple: most big sites seperate their l3 from their l7 lb's.19:44
SamYapleok, but there is no option for an l7 lb here19:45
SamYapleand this isn't an l3 lb19:45
*** sayantani01 has quit IRC19:45
kfox1111k8s's services are l3 lb's.19:45
SamYaplethey are not... they are l419:45
kfox1111haproxy is an l7.19:45
SamYapletcp/udp is l419:45
kfox1111well, ok. under that definition,19:46
kfox1111k8s's is an l4 lb.19:46
SamYaple'As of Kubernetes v1.0, Services are a "layer 4" '19:46
SamYaplefrom k8s site19:46
kfox1111yeah.19:46
SamYapleok. my point here is you lose alot of assurances and safty with this iptables lb19:47
kfox1111yeah. but I don't think it matters for rest servcies or web sites much.19:47
SamYapleits more distributed, sure. but its more fragile too. i cant imagine an nginx/haproxy contaienr that spins up with a service will make be _worse_ in most situations19:48
kfox1111its really mostly a problem if you really really must have one client hit one exact server always with multiple streams.19:49
SamYapleand even with those, you can't make guarantees about lost packets. i know you should architect your application for retiries, etc, but you should architect your architecture to not _lose_ packets in the first place19:49
kfox1111and thats really a bad use case. :/19:49
kfox1111packets get lost. fact of life.19:49
kfox1111thats why tcp exists in the first place.19:49
kfox1111we all have accepted tcp as a fact of life too.19:50
SamYaplewhich brings me to another point, this doesnt do udp either19:50
SamYaplewhich something liek desginate would need19:50
kfox1111I don't know if k8s has a udp variant of svc's.19:50
SamYapleno reason to lose more packets than needed either19:50
kfox1111yeah. I can see it needig it.19:50
kfox1111agreed.19:50
SamYapleim just having a hard time swallowing that the iptables with haproxy sidecar is a better solution than haproxy per service is all19:51
SamYaplethats my main hangup19:51
kfox1111there isn't one big reason I think but a set of smaller reasons that add up to a good reason.19:52
kfox1111the ssl termination right at the pod is one.19:52
kfox1111the seamless rolling upgrade support it adds is another.19:52
SamYaplewhich you would get from haproxy per service19:52
kfox1111the pretty much linear scalability is another.19:52
SamYaplethe linear scalability is the part that makes me question19:53
kfox1111there's no orchestration though around a single haproxy.19:53
kfox1111the ssl termination is not cheep. having it at hte pod, allows it to scale with the pods.19:53
SamYapleyea, youre right. it would be another piece. but it can exist19:53
SamYaplethats a good point19:53
kfox1111its free though in k8s land when done this way.19:53
SamYapledistributing the load there19:53
kfox1111yeah.19:54
SamYaplewould this also allow for client certs?19:54
kfox1111the ssl termination load per pod is realitively constant. then scaled out with the pods.19:54
SamYapleyea thats a really solid point, i agree19:54
kfox1111Not sure. I think you can pass the client cert info through the lb's.19:54
sdakehaproxy takes 1.5% of the total cpu utilization during 123 node scale testing19:54
sdakeon the controller nodes19:54
sdakemost of the network utilization is in the networking stack itself19:55
SamYaplekfox1111: still, not having ssl configured at the service itself is questionable19:55
sdakei think latency is what is important not cpu utilization19:55
sdakecarry on :)19:55
SamYaplekfox1111: i know thats going to raise an eyebrow19:55
sdakecolocating haproxy with the pod may reduce latency significantly19:56
sdakenot really sure on that point19:56
kfox1111SamYaple: I think ultimately we will suprpot both use cases.19:56
SamYaplekfox1111: weve been talking about alot. what is "both use cases" to you?19:56
kfox1111SamYaple: going back to the, microservices provide building lbocks allowing you to assemble them however you want.19:56
sdakewe measured a 20% impact on typical operations - all the way up to 300% for operations like spamming keystone token gen19:56
kfox1111SamYaple: back to the ssl termination case we were talking about.19:57
kfox1111some sites want it centeralized for extra security of their main ssl certs.19:57
sdakeok gotta jet - have big house backlog :)19:57
kfox1111some want that, plus ssl termination on all network connections.19:57
kfox1111so need a secondary termination at the node.19:57
kfox1111so haproxy side car solves the second case.19:57
kfox1111l7 lb for the service, solves the first issue.19:58
kfox1111both are complementery.19:58
kfox1111and nessisary for that one use case.19:58
kfox1111so I think we provide the building blocks to do that, and let the user decide if tehy want extreme securtiy, maximum performance (latency) or somewhere in between.19:59
SamYaplekfox1111: if connection draining could be achieved without an haproxy sidecar, with ssl termination in the app, would that be preferable?20:04
SamYaplekfox1111: a thought, use haproxy/nginx in tcp mode. they do not do the ssl termination. they pass that tcp info through to the backend. they can still do connection draining20:12
*** matrohon has joined #openstack-kolla20:12
sbezverkkfox1111: I reverted the changes and glance api crash is gone..20:13
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643820:17
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Check to see if Horizon is working in the gate.  https://review.openstack.org/42602520:26
kfox1111SamYaple: I'd be ok with that. ssl termination in python has thus far been kind of... bad. though maybe its gotten better.20:27
kfox1111SamYaple: yeah. when not configured for tls, it totally could do l4 instead of l7 and still do the job.20:28
kfox1111sbezverk: hmm...20:29
SamYaplekfox1111: remember, the ssl termination is not in python. its in apache, or uwsgi20:29
SamYaplekfox1111: but the important part is, its done at the running service itself20:30
kfox1111SamYaple: that just switches out haproxy for apache.20:30
kfox1111not sure its any less complex.20:30
kfox1111and its for sure less tested?20:30
SamYapleits ok. then lets talk about your actual goal. connection draining without a massive 10 hour timeout (just to be sure)20:31
SamYaplethe ssl termination was just something you could _do_ in that setup, correct?20:31
SamYapleor is the goal to abstract the ssl termination20:31
kfox1111right.20:32
kfox1111the initial implementation was an easy way to implement connection tracking,20:32
kfox1111with the ability to easily add ssl termination in the future.20:32
kfox1111its easy to switch it out with other things though, as the templates share one common master template where the logic all resides.20:32
SamYapleok. then really, i think I would lean toward a pre-stop task that changes readiness to false (so no new connections) and then watches the connections drain itself. remove nginx/haproxy entirely20:33
SamYaplethat would be the simpliest, most tested solution20:33
kfox1111it can't do that.20:34
kfox1111there's no connection tracking built into k8s that you can get at.20:34
kfox1111hence using haproxy for that.20:34
SamYaplepre-stop task20:34
SamYapleit runs in the container20:34
kfox1111which does what?20:34
SamYaple`ss` or any number of ways of checking if a process still has a connection20:35
kfox1111theres not a clean way to seperate users connections from the processes own connections?20:35
kfox1111the python-api process might keep long running connections to mariadb or keystone that shoudln't be tracked.20:36
kfox1111the haproxy solution can track the connections that pass through it, but not the rest, solving that problem.20:37
kfox1111(the haproxy solution was a quick/easy solution to the problem. not apposed to other solutions)20:37
SamYapleno. youre thinking of it the wrong way20:41
SamYaplekeystone listens on 5000, make sure that is drained20:41
SamYapleyou dont care about outgoing20:41
SamYapleyou can absolutely reliably make sure that 5000 has no connections20:41
kfox1111hm... that might work.20:42
SamYaplethat would be great to remove an external thing like that20:42
kfox1111yeah.20:43
kfox1111we already allow haproxy to be conditional.20:43
kfox1111in the else case, if we could figure out an ss hook that would work, we could add it to that side.20:44
kfox1111then when haproxy is disabled, connection tracking would still work.20:44
SamYaplewell at that point haproxy would just be overhead with no added benefit, no?20:44
kfox1111haproxy would still be needed for the ssl termination case.20:45
kfox1111which should be pretty easy to add to that side.20:45
kfox1111so I think  its probably ok leaving the option there.20:45
SamYaplewait, why is ssl termination an issue? all the things do ssl termination20:46
SamYaplei thought the _issue_ was connection draining, and ssl termination was just an extra20:46
kfox1111yes.20:46
SamYaplebut im not seeing how haproxy ssl termination is better than apache or uwsgi20:46
kfox1111your saying you've figurd out reliable ssl termination in python?20:46
SamYapleno one does ssl termination in python.....20:46
kfox1111becuase ssl termination with haproxy is much better tested then sticking python api services in apache I think.20:47
SamYapleoh you are talkign about eventlet20:47
SamYapleisnt that deprecated everywhere?20:47
kfox1111yeah, eventlet.20:47
SamYapleisnt uwsgi the recommended for most services?20:47
kfox1111not that I've heard.20:47
kfox1111the only ones I've seen not recommend eventlet are20:47
kfox1111keystone recommends apache explicitly for the auth plugins,20:48
kfox1111and horizon is commonly only deployed with apache too.20:48
kfox1111I think barbican is uwsgi by default, for those deploying that.20:48
kfox1111pretty much everthing else I've seen has been eventlet.20:48
sdakebmace_ are you about?20:48
stevemarkfox1111: yep, you are correct20:49
SamYaplekfox1111: keystoen recommends uwsgi.20:49
kfox1111I'd rather use the most tested cases. so haproxy + ssl termination.20:49
SamYapleif you _need_ the auth crap they say apache20:49
SamYaplebut here https://review.openstack.org/#/c/419706/20:49
SamYapleits not everywhere, but it will be in Pike. wsgi20:49
sdakeSamYaple my understanding is eventlet isn't ported to python 3.520:49
kfox1111SamYaple: ok. they may have changed that stance since I talked to them last.20:50
sdakeSamYaple and there is no intent to do so20:50
SamYaplewhich means apache220:50
kfox1111SamYaple: we're far away from pike. ;)20:50
sdakeSamYaple therefore, openstack is moving away from eventlet20:50
SamYaplekfox1111: nah its been uwsgi for like 3 cycles20:50
sdakeSamYaple i think this was on the mailing list - but i could have imagined it20:50
kfox1111SamYaple: ok.20:50
SamYaplesdake: check the review i just posted. youll expect wsgi/uwsgi in pike across the board. with alot of services already having it20:51
sdakeSamYaple right - ithink this is driven by the python 3.5 work20:51
stevemarSamYaple: keystone tests with both apache (with mod_wsgi) and uwsgi itself, but still recommend apache for auth plugins20:51
SamYapleso apache/uwsgi which are both good at ssl termination. with apache2 beign much better than haproxy (which is still relativily new to the ssl termination game)20:51
sdakei rather like the ssl termination we have at present20:52
sdakeits fast and effeicient20:52
kfox1111SamYaple: operators tend to resist change. until its widely deployed, a bunch of operators won't be terribly convinced to switch until they have seen proof its stable.20:52
sdakealthough it doesn't do internal ssl termination and i'm not sure it could be done at all20:52
kfox1111while eventlet's scary as heck really,20:53
SamYaplestevemar: http://docs.openstack.org/developer/keystone/devref/development_best_practices.html#running-keystone this is what im referring too20:53
kfox1111its known to work pretty well for openstack.20:53
kfox1111uwsgi, not nearly so proven for that code base. :/20:53
SamYaplestevemar: most of the documenation points to uwsgi (including the best practice). so docuemntation is wrong20:53
sdakeSamYaple - quick q, were ou palnning to submit salt for pike?20:53
sdakeSamYaple the reason i ask is you will need to recruit a team :)20:54
SamYaplesdake: no. i disagree with kolla building its own strange delieverables thing and wont be following that structure20:54
sdakeSamYaple you mean the file that inc0 put in the repo?20:54
sdakeI disliked that as well20:54
sdakeSamYaple or some other structural thing?20:55
SamYaplei mean kolla-salt need not be related to kolla. nor kolla-ansible at this point (though im certainly not suggesting name changes)20:55
sdakekolla needs atleast one deployment tool to fulfill our mission - or we could potentially be removed from the big tent20:56
stevemarSamYaple: ah yeah, that should be updated :) last updated almost a year ago, damn docs20:56
sdakeour mission says the word "tools" though - so multiple are fine20:56
SamYaplestevemar: fair enough. but it has been that way for a while. I personally use apache2 because i use saml (i think weve discussed this before)20:57
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643820:57
kfox1111sdake: yeah, I think the assumption that there's shared containers, and seperate tools is kind of wrong.20:57
kfox1111is see kolla kubernetes microservice packages very much like kolla's containers.20:57
stevemarSamYaple: yep, i think so. looks like the change was just to show how to spin up keystone quickly, so it works in that example :P20:57
SamYaplesdake: whatever you say man. but lots of good points were brought up in that ML thread. and there is no valid reason to couple the deployment with the container config at this point in time (with regards to big-tent and delieveables)20:57
kfox1111I think its likely that there may be multiple deployment tools that consume them.20:58
kfox1111so here may be sub deliverables for kola-kubernetes.20:58
sdakekfox1111 we have to have something working first before we shave off kolla-kubernetes into a seprate big tent project20:59
sdakekfox1111 and a ptl to lead it20:59
kfox1111yeah, not saying we should split it at all.20:59
sdakekfox1111 i agree multiple deployment tools can use the kolla images -that is the whole point20:59
kfox1111just saying, the assumption that kolla-kubernetes is one single deliverable may be wrong.20:59
sdakeSamYaple the main reason i see is it is our mission to do so - as per the commitment the 500+ people that have worked on kolla agreed to when committing to the repo21:00
sdakeSamYaple however, I can get you don't want to play inthe kolla project sandbox - works for me21:00
kfox1111it maybe should be one deliverable for the microservcies, and seperate deliverables for the orchestration tooling.21:00
sdakekfox1111 ya we can always split stuff out later - we did it with kolla and kolla-ansible ;-)21:01
sdakeits disruptive to do so though - as a big chunk of ocata was spent making that split work21:01
sdakeso rathe then suffer disrutpion of a repo split all through pike, I'd like to ge tto 1.0.021:01
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Pull container tallballs into the gate  https://review.openstack.org/42659821:02
kfox1111sdake: yeah, and we waited too long on that one. and got a bunch of black eyes for it I think. :/21:02
SamYaplethis is all politics that im not going to get involved with. circling back around21:02
sdakekfox1111 no we did not wait too long21:02
SamYaplekfox1111: in Pike, all projects will be deployable via wsgi and uwsgi21:02
kfox1111if we did it earlier, it would have been such a large lift.21:02
sdakekfox1111 the timing was perfect - especially for a four month cycle21:02
SamYapleso that seems like the direction you would want to head for ssl termination21:03
kfox1111SamYaple: great. then by Q, it will probably be stable.21:03
sdakekfox1111 disagree earlier could have potential to kill the project21:03
kfox1111sdake: yeah. but could have made a lot more friends too.21:03
sdakeI am off to dinner - ttyl21:03
sdakekfox1111 we have lots o friends21:03
kfox1111same logic as the helm thing.21:03
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Add a script to build an example cloud yaml  https://review.openstack.org/42641721:05
sdakekfox1111 your irssi client is busted again - ok gotta jet - enjoy the day folks :)21:07
kfox1111sdake: you keep renaming your user. ;)21:08
sdakekfox1111 blame cisco21:08
sdakekfox1111 vpn ftl21:08
kfox1111yup. I don't blame anyone. just saying, your vpn and my irc client don't play well. :/21:11
kfox1111neither one's fault. :/21:12
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Check to see if Horizon is working in the gate.  https://review.openstack.org/42602521:18
sbezverkkfox1111: it looks the issue is when I starte re-using localVals21:18
sbezverkas soon as I switch to re-use it I see crash in glance api21:19
sbezverkprobably it does not get re-initialized properly21:19
sbezverkreally wierd in some casesw re-init works in some it does not..21:20
*** lamt has quit IRC21:23
kfox1111sbezverk: got an example of what you mean?21:25
kfox1111not quite sure what you mean.21:26
*** sdake has quit IRC21:26
sbezverkkfox1111: localVals is used to get ceph_backend21:26
kfox1111do you have a before/after ps numbers?21:27
kfox1111so I can see what you are trying?21:27
sbezverkI found the issue just need one thing to confirm.21:28
sbezverk $_ := set $c1 "retDict" $localVals21:28
sbezverkthis set appends retDict value21:28
kfox1111it sets the retDict key in c1 to have the value localVals.21:29
sbezverkor there could be only 1 key value passed to macro?21:29
kfox1111the set macro only seems to allow one key/value to be set at a time currently. :/21:29
sbezverkcan I add 2 keys to search in one macro call?21:29
kfox1111not currently.21:29
sbezverkI see in this case I must use another dict I cannot use localVals21:29
sbezverkbecause it is already used to get ceph_backend21:30
kfox1111have to search both, then use a |default b21:30
kfox1111local values should be sharable.21:30
kfox1111just don't share c21:30
sbezverkc in not share21:30
kfox1111can you show me the code thats broken?21:30
kfox1111I'm doing shared local values elswere already I thinkk.21:30
sbezverkhttp://paste.openstack.org/show/596828/21:31
sbezverkI think localVals gets screwed up by second call21:31
sbezverkand as a result glance api goes bananas21:31
kfox1111line 6 is killing localvalues.21:31
kfox1111just remove the line.21:32
*** sayantani01 has joined #openstack-kolla21:32
kfox1111{{ .. := dict }}21:32
kfox1111dict creates an empty dict.21:32
kfox1111if no args.21:32
sbezverkk that is what I was trying to get if I can extend existing  or need to use new re-initizliaed one21:32
kfox1111yeah.21:32
kfox1111if you reuse the old one, it should work I think.21:33
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643821:33
*** Jeffrey4l_ has quit IRC21:33
sbezverkkfox1111: we will see soon21:33
sbezverkwhen it is sorted out, what is the plan for catching term signal?21:34
*** Jeffrey4l_ has joined #openstack-kolla21:34
kfox1111the previous ps you had was really close I think.21:38
kfox1111I'm puzzled by the missing file though.21:39
kfox1111we just need to figure that bit out I think.21:39
*** rhallisey has joined #openstack-kolla21:40
*** richwellum has joined #openstack-kolla21:42
*** rwellum has joined #openstack-kolla21:44
*** matrohon has quit IRC21:45
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Pull container tallballs into the gate  https://review.openstack.org/42659821:47
*** richwellum has quit IRC21:47
kfox1111sbezverk: this should be ready: https://review.openstack.org/#/c/426417/21:52
*** lamt has joined #openstack-kolla21:52
*** kristian__ has quit IRC22:01
clilesI'm looking at 60d24417df69b05c506e073bcc187c7b50edc501 and finding multiple backward incompatible changes,,,,how is this tested that is a gap between my env??22:01
*** kristian__ has joined #openstack-kolla22:01
*** breitz has quit IRC22:02
*** breitz has joined #openstack-kolla22:03
*** kristian__ has quit IRC22:05
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Pull container tallballs into the gate  https://review.openstack.org/42659822:06
*** lamt has quit IRC22:07
SamYaplecliles: can you provide a link to what you are refering too?22:09
clileshttps://github.com/openstack/kolla-ansible/commit/60d24417df69b05c506e073bcc187c7b50edc50122:09
clilesthis has broken cinder deployment22:09
clilesI am reverting 1 change at a time22:09
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Gate fix 4  https://review.openstack.org/42660922:09
SamYaplecan you give more specifics about how its not compatible and broken?22:10
SamYaplethis "optimzation" change has been rolled through most all the services now22:10
clilesyeah, that is how I am wondering how it passed22:11
clilesI'm just doing a git pull and pip install .22:11
clilesthen trying to reinstall latest :/22:11
clilesSamYaple - let me get you some pastebins22:12
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Check to see if Horizon is working in the gate.  https://review.openstack.org/42602522:15
sbezverkkfox1111: it looks like the main container will wait for file /var/lib/kolla-kubernetes/event/shutdown to appear. 1. I saw that even helm delete was executed haproxy container was still running, as a result it would not create this file 2. If haproxy is not running at all since it is optional what will 'touch' this file for the main container to exit??22:16
kfox1111sbezverk: last I looked in the review logs, the logs for the haproxy container said that haproxy exited.22:17
kfox1111so the file should have been touched.22:17
sbezverkkfox1111: possibly but what about the case without haproxy?22:18
*** sdake has joined #openstack-kolla22:18
*** sdake has quit IRC22:19
kfox1111in that case, nothing touches the file, but I think you killed the prestop check in that case.22:19
kfox1111I'm guesing its what I think is the real cause.22:19
kfox1111that both ways, the main container is ignoring the TERM signal.22:19
kfox1111when you put in the command: .. check in there, it worked for the iscsi case.22:19
sbezverkkfox1111: I do not kill pre-stop at least I doubt helm uses --force22:19
kfox1111I thought you put a conditional around it in your ps.22:20
sbezverkright now it works for all gate jobs22:20
kfox1111yeah. cause its forcing delete.22:21
sbezverkkfox1111: right my bad I did put a condition22:21
kfox1111interestingly, you don't force it in the iscsi case?22:21
sbezverknope22:22
sbezverkall is the exactly the same way22:22
kfox1111thats even stranger.22:22
sbezverkboth gates call the same cleanup script22:22
kfox1111that in theory shouldn't be any different between ceph and iscsi.22:22
kfox1111oh. no, they aren't quite the same:22:23
kfox1111you have:22:23
kfox1111https://review.openstack.org/#/c/426438/31/tests/bin/ceph_workflow.sh22:23
kfox1111and22:23
kfox1111https://review.openstack.org/#/c/426438/31/tests/bin/ceph_workflow_services.sh22:23
kfox1111but no iscsi_workflow.sh one.22:23
sbezverkit was there :( I must have missed it when rolled back22:24
kfox1111oh. ok.22:24
sbezverkok I will remove 0 from ceph to be the same with iscsi22:24
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: WIP test  https://review.openstack.org/42661122:26
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643822:26
kfox1111sbezverk: just a ps to kick off a few more runs. trying to gather some more data points.22:26
sbezverkkfox1111: ok22:27
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Check to see if Horizon is working in the gate.  https://review.openstack.org/42602522:39
*** adrian_otto1 has joined #openstack-kolla22:40
*** sdake has joined #openstack-kolla22:41
*** lamt has joined #openstack-kolla22:52
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Check to see if Horizon is working in the gate.  https://review.openstack.org/42602522:53
sbezverkkfox1111: it seems to be working22:54
kfox1111interesting.22:54
kfox1111https://review.openstack.org/#/c/426438/32/tests/bin/ceph_workflow_service.sh22:56
kfox1111hmm. but the ceph_worklfow.sh one is gone.22:56
kfox1111so does seem to be working.22:56
sbezverkkfox1111: damn I guess it getting late :( I thought I removed it everywhere, well another try then..22:59
*** ipsecguy_ has quit IRC22:59
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643822:59
*** ipsecguy has joined #openstack-kolla23:00
kfox1111one little ws issue too.23:00
*** jrobinson has joined #openstack-kolla23:03
sbezverkkfox1111: in which file, I went through could not see it?23:06
kfox1111all_values23:08
kfox1111line 4723:08
*** lamt has quit IRC23:08
*** ipsecguy has quit IRC23:08
sbezverkyeah, thanks by some reason it did not highlighted with red23:10
sbezverkhard to spot in green23:10
kfox1111yeah. really weird. :/23:10
kfox1111gerrit's pretty cool, but still has some things it needs to do better.23:11
*** newmember has joined #openstack-kolla23:13
*** ipsecguy has joined #openstack-kolla23:13
*** adrian_otto1 has quit IRC23:13
*** adrian_otto has joined #openstack-kolla23:16
*** sdake has quit IRC23:22
openstackgerritJeffrey Zhang proposed openstack/kolla-ansible: Optimize reconfigure action for horizon  https://review.openstack.org/42271923:24
*** adrian_otto has quit IRC23:24
openstackgerritSerguei Bezverkhi proposed openstack/kolla-kubernetes: PS adds glance cleanup service  https://review.openstack.org/42643823:29
*** sdake has joined #openstack-kolla23:31
*** rwellum has quit IRC23:32
*** lrensing has joined #openstack-kolla23:39
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Check to see if Horizon is working in the gate.  https://review.openstack.org/42602523:42
*** sdake has quit IRC23:53
openstackgerritKevin Fox proposed openstack/kolla-kubernetes: Pull container tallballs into the gate  https://review.openstack.org/42659823:59
« Saturday, 2017-01-28 Index Monday, 2017-01-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!