Tuesday, 2018-02-20

« Monday, 2018-02-19 Index Wednesday, 2018-02-21 »
*** k_mouza has joined #openstack-kolla00:03
*** jtriley has quit IRC00:06
*** openstackgerrit has joined #openstack-kolla00:07
openstackgerritChuck Short proposed openstack/kolla master: Remove ceph-nfs support for ubuntu  https://review.openstack.org/54598000:07
*** k_mouza has quit IRC00:09
*** dardelean has joined #openstack-kolla00:12
*** masber has joined #openstack-kolla00:21
masbergood morning all00:22
masberhow can I tell kolla-build to create a specific image version?00:22
*** jrist has quit IRC00:24
*** itlinux has joined #openstack-kolla00:29
*** dave-mccowan has joined #openstack-kolla00:30
*** jrist has joined #openstack-kolla00:36
*** dave-mccowan has quit IRC00:53
*** caowei has joined #openstack-kolla00:53
*** dave-mccowan has joined #openstack-kolla01:18
*** dave-mccowan has quit IRC01:29
*** chrizl has quit IRC01:31
*** chrizl has joined #openstack-kolla01:34
*** dardelean has quit IRC01:36
*** dardelean has joined #openstack-kolla01:36
*** k_mouza has joined #openstack-kolla01:40
*** dardelean has quit IRC01:41
*** chrizl has quit IRC01:43
*** k_mouza has quit IRC01:45
*** geen02 has joined #openstack-kolla01:53
*** chrizl has joined #openstack-kolla02:03
*** salv-orlando has joined #openstack-kolla02:27
*** salv-orl_ has quit IRC02:30
masbernot many people here ... I still remember the old days02:30
*** geen02 has quit IRC02:35
openstackgerritMerged openstack/kolla-ansible master: Use fernet in gates  https://review.openstack.org/54575802:38
*** yangyapeng has quit IRC02:47
*** yangyapeng has joined #openstack-kolla02:47
*** chmarkus has quit IRC02:51
*** harlowja has quit IRC02:52
*** chmarkus has joined #openstack-kolla02:52
*** yangyape_ has joined #openstack-kolla03:00
*** yangyapeng has quit IRC03:01
*** dave-mccowan has joined #openstack-kolla03:09
*** hongbin has joined #openstack-kolla03:10
*** janki has joined #openstack-kolla03:33
*** gkadam has joined #openstack-kolla03:39
*** spsurya has joined #openstack-kolla03:47
spsuryamorning guys03:47
*** janki has quit IRC03:56
*** janki has joined #openstack-kolla03:57
*** caoyuan has joined #openstack-kolla04:13
*** caoyuan has quit IRC04:14
*** janki has quit IRC04:27
*** janki has joined #openstack-kolla04:28
masberspsurya, from where is kolla-build getting the images from?04:38
masberI am running this command /root/kolla/.tox/genconfig/bin/kolla-build --registry localhost:5000 --push but it is not pushing 6.0.0 images04:39
*** caowei has quit IRC04:46
*** harlowja has joined #openstack-kolla04:54
*** hongbin has quit IRC05:01
*** dave-mccowan has quit IRC05:02
*** masahisa has quit IRC05:02
*** chrizl has quit IRC05:05
*** chrizl has joined #openstack-kolla05:06
*** chrizl has quit IRC05:11
*** dciabrin has quit IRC05:12
*** dciabrin has joined #openstack-kolla05:12
*** chrizl has joined #openstack-kolla05:15
*** chrizl has quit IRC05:27
*** chrizl has joined #openstack-kolla05:28
*** lpetrut has joined #openstack-kolla05:33
*** skramaja has joined #openstack-kolla05:41
*** gkadam has quit IRC05:43
*** gkadam has joined #openstack-kolla05:44
*** unicell has joined #openstack-kolla05:46
*** gfidente|afk has quit IRC05:48
*** lpetrut has quit IRC06:01
*** caoyuan has joined #openstack-kolla06:09
*** unicell1 has joined #openstack-kolla06:11
*** unicell has quit IRC06:12
*** chrizl has quit IRC06:12
*** chrizl has joined #openstack-kolla06:13
*** lpetrut has joined #openstack-kolla06:19
*** chrizl has quit IRC06:21
*** chrizl has joined #openstack-kolla06:25
spsuryamasber: did you setup local registry ..... after that this should work06:28
masberspsurya, yes I have local registry06:29
*** lpetrut has quit IRC06:30
spsuryaand building from source06:34
spsuryamasber:06:34
*** caoyuan_ has joined #openstack-kolla06:35
*** caoyuan has quit IRC06:38
*** lujinluo has joined #openstack-kolla06:40
kolla-slack<egonzalez> masber, by image version you mean kolla version or distro version?06:46
masberspsurya, binary06:47
*** cah_link has joined #openstack-kolla06:49
kolla-slack<masber> @egonzalez kolla version, distro I am using centos binary06:49
kolla-slack<egonzalez> masber, checkout to the version want to use, if using pip install the version, ie pip install kolla==5.0.106:50
kolla-slack<masber> @egonzalez ahhh 6.0.0 is beta?06:53
*** dciabrin_ has joined #openstack-kolla06:56
*** dciabrin has quit IRC06:56
*** lvdombrkr has joined #openstack-kolla06:58
kolla-slack<egonzalez> Yep, 6.0.0 is not released yet afik07:00
*** egonzalez has joined #openstack-kolla07:01
*** lpetrut has joined #openstack-kolla07:09
*** threestrands has quit IRC07:10
*** harlowja has quit IRC07:10
*** dasTor_ has joined #openstack-kolla07:11
lvdombrkrmorning folks07:12
lvdombrkrwhat is last stable tag for kolla to deploy?07:12
*** dasTor has quit IRC07:13
openstackgerritEduardo Gonzalez proposed openstack/kolla-ansible master: Test iptables keystone ssh  https://review.openstack.org/54606007:15
*** chrizl has quit IRC07:16
*** chrizl has joined #openstack-kolla07:18
egonzalezlvdombrkr, 5.0.1, 6.0.0 comming in the next weeks07:18
*** b_bezak has joined #openstack-kolla07:19
lvdombrkregonzalez: thanks!07:20
*** dasTor_ has quit IRC07:20
*** janki has quit IRC07:20
*** lpetrut has quit IRC07:23
*** sai___ has quit IRC07:26
*** gkadam has quit IRC07:34
*** gkadam has joined #openstack-kolla07:34
*** pcaruana has joined #openstack-kolla07:35
*** dasTor has joined #openstack-kolla07:36
*** masahisa has joined #openstack-kolla07:38
*** dasTor_ has joined #openstack-kolla07:38
*** dasTor has quit IRC07:38
*** paken has joined #openstack-kolla07:44
*** dasTor has joined #openstack-kolla07:45
*** dasTor_ has quit IRC07:45
*** dardelean has joined #openstack-kolla07:56
openstackgerritEduardo Gonzalez proposed openstack/kolla-ansible master: Test iptables keystone ssh  https://review.openstack.org/54606007:57
*** lujinluo has quit IRC08:02
*** lujinluo has joined #openstack-kolla08:02
*** chrizl has quit IRC08:06
*** yangyape_ has quit IRC08:10
*** chrizl has joined #openstack-kolla08:10
egonzalezanyone have any idea why fernet cannot connect to others keystone_ssh containers in gates? http://logs.openstack.org/60/546060/2/check/kolla-ansible-ubuntu-source-ceph/69fe816/primary/logs/docker_logs/keystone_fernet.txt.gz08:15
egonzalezis working locally, but something changes in gates08:15
*** chrizl has quit IRC08:16
*** yangyapeng has joined #openstack-kolla08:17
*** chrizl has joined #openstack-kolla08:25
*** serlex has joined #openstack-kolla08:25
openstackgerritMerged openstack/kolla-ansible master: Fix murano authentication configuration options  https://review.openstack.org/54583308:26
*** unicell1 has quit IRC08:27
*** yangyapeng has quit IRC08:27
*** dardelean_ has joined #openstack-kolla08:27
*** b_bezak has quit IRC08:28
openstackgerritMerged openstack/kolla-ansible master: Add permission to notify dns server from worker  https://review.openstack.org/53886108:29
*** ArminderSingh has quit IRC08:33
*** gfidente has joined #openstack-kolla08:36
*** masahisa has quit IRC08:36
*** yangyapeng has joined #openstack-kolla08:38
*** ArminderSingh has joined #openstack-kolla08:41
*** b_bezak has joined #openstack-kolla08:41
santacloudHi08:42
santacloudI am facing this issue:08:42
santacloudhttps://bugs.launchpad.net/kolla-ansible/+bug/172139008:42
openstackLaunchpad bug 1721390 in kolla-ansible "nova-compute service don't go up" [Undecided,Invalid]08:42
santacloudIn fact my nova_compute container is still in a "restarting" state08:42
santacloudso the task [nova : Waiting for nova-compute service up] is in failure08:43
santacloudDo you have an idea?08:43
santacloudI downgraded docker of my nodes to 2.6.008:44
santacloudI am on the master branch08:44
santacloudfor kolla and kolla-ansible08:44
santacloudand I can see this error in dmesg:08:45
santacloudaufs au_opts_verify:1597:dockerd[3021]: dirperm1 breaks the protection by the permission bits on the lower branch08:45
santacloudon my nodes08:45
*** chrizl has quit IRC08:49
*** yangyape_ has joined #openstack-kolla08:49
*** yangyapeng has quit IRC08:50
*** chrizl has joined #openstack-kolla08:52
*** dasTor_ has joined #openstack-kolla08:53
*** dasTor has quit IRC08:56
lvdombrkrfolks, why i cant use  kolla_external_vip_address same as host ip?08:59
*** dasTor_ has quit IRC09:02
*** chrizl has quit IRC09:02
*** serlex has quit IRC09:03
*** engel75 has joined #openstack-kolla09:03
*** lpetrut has joined #openstack-kolla09:05
egonzalezlvdombrkr, because is going to be used by keepalived09:05
egonzalezsantacloud, any error in nova-compute logs?09:06
lvdombrkregonzalez: if a external and internal vip are the same ip can i activate ssl?09:08
*** shardy has joined #openstack-kolla09:09
santacloudegonzalez, only setting permission messages09:09
*** ktibi has joined #openstack-kolla09:10
*** chrizl has joined #openstack-kolla09:11
*** k_mouza has joined #openstack-kolla09:11
*** chrizl has quit IRC09:17
dardeleanhow can I use this cannel on slack?09:18
kolla-slack<dardelean> got it09:19
*** dardelean has quit IRC09:19
*** mgoddard_ has joined #openstack-kolla09:30
mgoddard_any plans for a kolla social at the PTG?09:36
kolla-slack<dardelean> hah, good question09:42
*** jmccarthy has joined #openstack-kolla09:57
*** chrizl has joined #openstack-kolla10:01
*** ktibi has quit IRC10:02
*** ktibi has joined #openstack-kolla10:04
*** chrizl has quit IRC10:06
jmccarthyOn docker hub, are the 'master' images still queens ?10:07
*** chrizl has joined #openstack-kolla10:07
jmccarthyFor example, here, is master queens ? https://hub.docker.com/r/kolla/oraclelinux-binary-cron/tags/10:12
pbourkejmccarthy: yes master is currently queens10:13
pbourkemgoddard_: I reckon a few of us will be heading out :)10:14
jmccarthypbourke: ok, but I thought in the repo, for kolla-ansible, master is rocky  now ?10:16
pbourkeno because we haven't released queens yet10:16
pbourkekolla uses a 'trailing release' model10:16
jmccarthypbourke: kk my bad10:16
pbourkewhich means we don't release till a little after the main projects10:16
mgoddard_pbourke: great. If it could not be Tuesday, that would be nice as the ironic social is then. I'm sure that won't be the only conflict though!10:19
lvdombrkrfolks, prechek fails on : TASK [haproxy : Checking if kolla_internal_vip_address is in the same network as api_interface on all nodes] *******************************************************************10:23
lvdombrkrfatal: [localhost]: FAILED! => {"msg": "The conditional check ''169.254.' not in kolla_internal_vip_address and kolla_internal_vip_address | ipaddr(ip_addr_output.stdout.split()[3]) is none' failed. The error was: ipaddr: unknown filter type: 78.46.87.169"}10:23
lvdombrkrto retry, use: --limit @/usr/share/kolla-ansible/ansible/site.retry10:23
pbourkemgoddard_: sure thing whatever suits :)10:23
egonzalezlvdombrkr, ansible and jinja  version?10:25
*** chrizl has quit IRC10:26
lvdombrkregonzalez: Jinja2 - 2.10 , ansible: 2.4.2.010:27
*** robbbe has joined #openstack-kolla10:29
*** n0isyn0ise has quit IRC10:36
lvdombrkregonzalez10:39
lvdombrkrany ideas?10:39
*** rmart04 has joined #openstack-kolla10:46
*** n0isyn0ise has joined #openstack-kolla10:49
*** lvdombrkr has quit IRC10:50
*** lvdombrkr has joined #openstack-kolla10:51
*** b_bezak has quit IRC10:52
*** mdnadeem has joined #openstack-kolla10:56
pakenBefore pushing a new change for https://review.openstack.org/#/c/541700/ I have a question10:56
pakenI  understand that for cinder-backup, you need both the keyrings for cinder-volume and cinder-backup10:57
pakenbut for they key needed for cinder-volume is just client.ceph.cinder.keyring, right?10:58
paken*the key needed…10:58
*** lujinluo has quit IRC11:02
*** chrizl has joined #openstack-kolla11:03
*** gkadam has quit IRC11:06
*** gkadam has joined #openstack-kolla11:07
*** chrizl has quit IRC11:08
*** gkadam has quit IRC11:12
*** gkadam has joined #openstack-kolla11:12
*** chrizl has joined #openstack-kolla11:16
egonzalezlvdombrkr, im not sure if is something related to jinja/ansible or if the VIP is not in the same range of api_interface11:17
*** gkadam has quit IRC11:18
lvdombrkregonzalez: if i use public ips, they should also been from one ip range?11:20
*** chrizl has quit IRC11:21
egonzalezlvdombrkr, only api_interface IP in same range of kolla_internal_vip_address11:21
lvdombrkregonzalez: thanks.. can i just add second ip to api interface from same ip range as api_interface IP..so my api_interface will contain 2ips one from internal_vip range and second not11:24
lvdombrkr?11:24
egonzalezlvdombrkr, the second IP is added in keepalived11:25
egonzalezlvdombrkr, just define that iP as kolla_internal_vip_address11:25
lvdombrkregonzalez: if i define this ip as kolla_internal vip, i failed on :11:29
lvdombrkrTASK [haproxy : Checking if kolla_internal_vip_address and kolla_external_vip_address are not pingable from any node] **********************************************************11:29
lvdombrkrfailed: [localhost] (item=178.63.120.51) => {"changed": false, "cmd": ["ping", "-c", "3", "178.63.120.51"], "delta": "0:00:02.002072", "end": "2018-02-20 12:28:26.171722", "fai11:29
egonzalezlvdombrkr, the IP address should not be associated to any interface11:30
egonzalezlvdombrkr, is an unused IP in the range11:30
*** gkadam has joined #openstack-kolla11:30
egonzalezlvdombrkr, as example: I have range 192.168.100.0/24 for internal net, i set the IP 192.168.100.10 for eth0 (api_interface). For kolla_internal_vip_address i would set 192.168.100.5011:34
egonzalezthe IP shouldnt be pingable from any node before deployment11:34
*** pbourke has quit IRC11:39
*** pbourke has joined #openstack-kolla11:40
lvdombrkregonzalez: yes i understood... but my host ip right know is example 192.168.24.10, and i have only one free ip from this ip range. bet i have lot if ips from 192.168.25/0 range. so i want to my interface add second ip from range 192.168.25.0/0, for example 192.168.25.10, and set to internal and external vip 192.168.25.11 25.1211:42
*** k_mouza has quit IRC11:44
*** k_mouza has joined #openstack-kolla11:45
*** k_mouza has quit IRC11:50
*** vabada has joined #openstack-kolla11:50
*** k_mouza has joined #openstack-kolla11:51
hrwmgoddard_: kolla social is one. kolla group photo would be second ;d11:53
*** zshi has joined #openstack-kolla11:54
openstackgerritJames McCarthy proposed openstack/kolla-ansible master: Update upgrade information in operating-kolla.rst  https://review.openstack.org/54612711:55
egonzalezyeah, denver photo was funny11:55
jmccarthyI stuck up an initial review there to at least try and get some updates in that guide - I'm sure it will need some picking at/suggestions to make it better !11:56
openstackgerritJames McCarthy proposed openstack/kolla-ansible master: Update upgrade information in operating-kolla.rst  https://review.openstack.org/54612712:00
jmccarthyegonzalez: Thanks for feedback ! At line 113 tho, I am just pointing out that those files in /etc/kolla are still at the previous version, I do mention to use merge_passwords from tips and tricks further down12:04
jmccarthy(at that stage in the upgrade)12:05
jmccarthyWhat is the missing :: at 102 ?12:05
*** gkadam has quit IRC12:06
hrwAny idea about this? fatal: [192.168.122.247]: FAILED! => {"msg": "The conditional check '(keystone_bootstrap.stdout | from_json).changed' failed. The error was: Expecting ',' delimiter: line 1 column 417 (char 416)"}12:07
hrwfresh all-in-one with master images12:07
egonzalezhrw, sue fernet tokens12:08
egonzalezuuid were removed from keystone12:08
egonzalez*use12:08
hrwegonzalez: so we need to update defaults and globals.yml12:08
egonzalezjmccarthy, for render as shell12:08
egonzalezonly globals in your env12:08
egonzalezcurrently we are using master for others projects which is rocky for them12:09
hrwegonzalez: fresh master k-a says: # Valid options are [ uuid, fernet ]12:09
egonzalezwe cannot remove it yet until we release queens12:09
hrwok12:09
egonzalezonce we tag queens will be fine12:09
hrwyep12:09
hrwegonzalez: thx. deploy moves on12:09
jmccarthyegonzalex: kk thanks !12:11
openstackgerritJames McCarthy proposed openstack/kolla-ansible master: Update upgrade information in operating-kolla.rst  https://review.openstack.org/54612712:12
openstackgerritJames McCarthy proposed openstack/kolla-ansible master: Update upgrade information in operating-kolla.rst  https://review.openstack.org/54612712:16
ktibiHi, anyone had already use tempest and cephGW for swift unit tests ?12:17
openstackgerritJames McCarthy proposed openstack/kolla-ansible master: Update upgrade information in operating-kolla.rst  https://review.openstack.org/54612712:19
jmccarthyIs there a link, maybe from the review or somewhere to see operating-kolla.rst rendered ?12:21
*** gkadam has joined #openstack-kolla12:22
hrwjmccarthy: once zuul go through it12:23
jmccarthyhrw: Thanks !12:24
jmccarthyPlease give feedback, docs not my forte, but trying to improve that one at the moment12:25
*** chrizl has joined #openstack-kolla12:27
*** chrizl has quit IRC12:32
santacloudI am still have nova_compute containter restarting all the time....12:42
santacloudany idea?12:42
openstackgerritJames McCarthy proposed openstack/kolla-ansible master: Update upgrade information in operating-kolla.rst  https://review.openstack.org/54612712:42
santacloudso "TASK [nova : Waiting for nova-compute service up]" always goes into failure12:43
egonzalezjmccarthy, rendered version http://logs.openstack.org/27/546127/6/check/build-openstack-sphinx-docs/3625824/html/user/operating-kolla.html12:54
jmccarthyegonzalez: Great - thanks !12:55
*** gfidente has quit IRC12:57
*** gfidente has joined #openstack-kolla12:58
*** gfidente has quit IRC12:58
*** gfidente has joined #openstack-kolla12:58
openstackgerritJames McCarthy proposed openstack/kolla-ansible master: Update upgrade information in operating-kolla.rst  https://review.openstack.org/54612713:02
*** masahisa has joined #openstack-kolla13:03
*** dasTor has joined #openstack-kolla13:09
*** salv-orlando has quit IRC13:12
*** salv-orlando has joined #openstack-kolla13:12
*** masahisa has quit IRC13:13
*** salv-orlando has quit IRC13:17
hrwhm. neutron_openvswitch_agent restarts over and over again. br-ex :(13:21
*** rhallisey has joined #openstack-kolla13:22
*** rhallisey has quit IRC13:25
hrw"Bridge br-ex for physical network physnet1 does not exist. Agent terminated!" - any idea why neutron_openvswitch_agent restarts again and again? all-in-one setup13:27
*** rhallisey has joined #openstack-kolla13:27
hrwlet try without neutron-dvr13:29
*** skramaja has quit IRC13:32
ktibiegonzalez, hi you added that https://github.com/openstack/kolla-ansible/blame/master/ansible/roles/designate/templates/designate.conf.j2#L96 but no works with designate :/ make trace :  https://bugs.launchpad.net/designate/+bug/157164413:33
openstackLaunchpad bug 1571644 in Designate "Error in sink neutron_floatingip handler" [Undecided,Invalid]13:33
*** chrizl has joined #openstack-kolla13:38
*** chrizl has quit IRC13:43
*** rmart04 has quit IRC13:47
lvdombrkrfolks trying to deploy kolla tag "pike" , all-in-one but deployment fails on : TASK [mariadb : Running MariaDB bootstrap container] *************************************************************************************13:50
lvdombrkrfatal: [localhost]: FAILED! => {"changed": true, "msg": "Container exited with non-zero return code"}13:50
*** k_mouza has quit IRC13:52
lvdombrkrany ideas?13:55
kolla-slack<dardelean> lvdombrkr if I remember correctly I had the same problem, it worked on the second redeploy (did a distroy before as I remember)13:55
lvdombrkrkolla-slack: i will try, thanks )13:57
*** dave-mccowan has joined #openstack-kolla13:58
lvdombrkrkolla-slack: no luck (14:01
*** k_mouza has joined #openstack-kolla14:01
lvdombrkrfolks, any other ideas?14:02
lvdombrkrmaybe need to use other tag not "pike"?14:04
kolla-slack<dardelean> what version of kolla-ansible do you have?14:04
kolla-slack<dardelean> pip freeze | grep kolla-ansible14:05
lvdombrkrkolla-slack: 5.0.114:06
kolla-slack<dardelean> did you build the images or pulled them?14:06
kolla-slack<dardelean> images needs to match the kolla-ansible version14:07
kolla-slack<dardelean> is it HA? https://bugs.launchpad.net/kolla-ansible/+bug/174721714:10
openstackLaunchpad bug 1746748 in kolla-ansible pike "duplicate for #1747217 python docker 3.0 package break the kolla-ansible" [Critical,Fix committed] - Assigned to Jeffrey Zhang (jeffrey4l)14:10
lvdombrkrkolla-slack: no its all on one deployments, i pulled images not build14:13
lvdombrkrfolks someone can assist?14:24
*** rhallisey_ has joined #openstack-kolla14:33
*** caoyuan_ has quit IRC14:33
*** david-lyle has quit IRC14:38
*** k_mouza has quit IRC14:38
*** salv-orlando has joined #openstack-kolla14:40
*** jtriley has joined #openstack-kolla14:46
*** salv-orlando has quit IRC14:55
*** salv-orlando has joined #openstack-kolla14:56
*** chrizl has joined #openstack-kolla14:57
*** salv-orlando has quit IRC15:00
openstackgerritHarald Jensås proposed openstack/kolla master: Add networking-baremetal - ironic-neutron-agent  https://review.openstack.org/54617315:01
lvdombrkrfolks i have same problem as : https://bugs.launchpad.net/kolla-ansible/+bug/174819415:03
openstackLaunchpad bug 1748194 in kolla-ansible ""Running MariaDB bootstrap container" fails" [Undecided,New]15:03
lvdombrkrany ideas about it?15:03
*** k_mouza has joined #openstack-kolla15:04
santacloudlvdombrkr: try the master branch15:04
santacloudlvdombrkr: it works for me....until task nova compute...15:05
lvdombrkrsantacloud: openstack_release: "pike" replace with master?15:06
*** chrizl has quit IRC15:07
santacloudlvdombrkr: how do you install kolla-ansible?15:07
lvdombrkrsantacloud: step by step following this doc https://docs.openstack.org/kolla-ansible/latest/user/quickstart.html15:08
santacloudlvdombrkr: so with pip?15:08
santacloudlvdombrkr: try pip uninstall kolla/kolla-ansible, and try git clone ( development way)15:09
*** k_mouza has quit IRC15:11
kolla-slack<dardelean> santaclout yes,15:13
kolla-slack<dardelean> once you cloned, cd kolla-ansible and “pip install .”15:13
kolla-slack<dardelean> it will install kolla-ansible from the clone15:14
kolla-slack<dardelean> same goes for kolla15:14
*** itlinux has quit IRC15:16
openstackgerritHarald Jensås proposed openstack/kolla master: Add networking-baremetal - ironic-neutron-agent  https://review.openstack.org/54617315:21
lvdombrkrsantacloud kolla-slack : thanks its looks bater15:28
*** rhallisey_ has quit IRC15:31
*** rhallisey_ has joined #openstack-kolla15:32
*** mdnadeem has quit IRC15:33
santacloudlvdombrkr: ok, tell me if you also have a nova_compute problem15:34
*** rhallisey has quit IRC15:34
*** rhallisey has joined #openstack-kolla15:34
*** paken has quit IRC15:34
santacloudkolla-slack: what about noca_compute container restarting all the time, and task nova compute in failure?15:34
*** rhallisey_ has quit IRC15:34
*** ktibi_ has joined #openstack-kolla15:42
*** ktibi has quit IRC15:46
*** salv-orlando has joined #openstack-kolla15:47
*** david-lyle has joined #openstack-kolla15:47
hrwhttps://marcin.juszkiewicz.com.pl/2018/02/19/hotplug-in-vm-easy-to-say/ - a story about pcie based VM instances15:48
lvdombrkrsantacloud: now my deployment fails on :15:53
lvdombrkrTASK [keystone : Creating admin project, user, role, service, and endpoint] ****************************************************************************************************15:53
lvdombrkrfatal: [localhost]: FAILED! => {"msg": "The conditional check '(keystone_bootstrap.stdout | from_json).changed' failed. The error was: Expecting ',' delimiter: line 1 column 417 (char 416)"}15:53
santacloudlvdombrkr: I have not encounter this error...15:54
*** robbbe has quit IRC16:01
*** itlinux has joined #openstack-kolla16:06
santacloudlvdombrkr: I have to leave. See you tomorrow maybe16:09
openstackgerritJames McCarthy proposed openstack/kolla-ansible master: Update upgrade information in operating-kolla.rst  https://review.openstack.org/54612716:13
*** k_mouza has joined #openstack-kolla16:14
*** cah_link has quit IRC16:15
*** jtriley has quit IRC16:20
*** pcaruana has quit IRC16:21
*** lvdombrkr has quit IRC16:28
*** rhallisey_ has joined #openstack-kolla16:35
*** rhallisey has quit IRC16:35
*** rhallisey has joined #openstack-kolla16:35
*** rhallisey_ has quit IRC16:35
*** jtriley has joined #openstack-kolla16:36
*** k_mouza has quit IRC16:42
*** k_mouza has joined #openstack-kolla16:42
*** k_mouza has quit IRC16:47
*** k_mouza has joined #openstack-kolla16:57
*** k_mouza has quit IRC16:57
*** k_mouza has joined #openstack-kolla16:57
*** robbbe has joined #openstack-kolla16:58
*** itlinux has quit IRC17:02
*** itlinux has joined #openstack-kolla17:05
*** chrizl has joined #openstack-kolla17:17
*** harlowja has joined #openstack-kolla17:23
*** lpetrut has quit IRC17:30
fungiinc0: did you manage to make any headway with filtering memcached for bug 1749326?17:31
openstackbug 1749326 in kolla-ansible "Exploitable services exposed on community test nodes" [Undecided,New] https://launchpad.net/bugs/174932617:31
*** chrizl has quit IRC17:31
*** pcaruana has joined #openstack-kolla17:36
*** egonzalez has quit IRC17:36
mgoddard_shameless plug of my summit proposal on kayobe & kolla: https://www.openstack.org/summit/vancouver-2018/vote-for-speakers/#/2097917:43
mgoddard_plus a related one on hardware discovery & provisioning: https://www.openstack.org/summit/vancouver-2018/vote-for-speakers/#/2114617:44
*** devananda has joined #openstack-kolla17:46
*** Denniz has joined #openstack-kolla17:46
*** robbbe has quit IRC17:47
*** mtsv has quit IRC17:54
*** gfidente is now known as gfidente|afk17:55
*** mgoddard_ has quit IRC18:03
*** openstackgerrit has quit IRC18:03
*** k_mouza has quit IRC18:04
mchlumskyHello, I am trying to build the kolla-toolbox image while adding some certificates to the docker image however I cannot seem to be able to get this to work. I tried this: https://docs.openstack.org/kolla/pike/admin/image-building.html#additions-functionality however I am building a binary centos image and there's a not about this only working with source build types. I also tried using Dockerfile jinja2 customisation with a {% block ... %}18:06
mchlumskyand an ADD statement however I'm not sure what to put for the source as kolla-build uses a temp directory. Is there a variable I can use?18:06
*** robbbe has joined #openstack-kolla18:07
*** dklyle has joined #openstack-kolla18:08
*** lpetrut has joined #openstack-kolla18:10
*** david-lyle has quit IRC18:12
*** pcaruana has quit IRC18:16
*** harlowja has quit IRC18:23
*** robbbe has quit IRC18:36
*** mgoddard_ has joined #openstack-kolla18:41
*** shardy has quit IRC18:43
*** hamzy has quit IRC18:44
*** hamzy has joined #openstack-kolla18:48
*** dklyle has quit IRC18:53
*** harlowja has joined #openstack-kolla18:55
*** hamza21 has joined #openstack-kolla18:57
*** harlowja_ has joined #openstack-kolla18:59
*** david-lyle has joined #openstack-kolla18:59
*** harlowja has quit IRC18:59
*** sai___ has joined #openstack-kolla19:02
*** david-lyle has quit IRC19:04
*** david-lyle has joined #openstack-kolla19:04
*** paken has joined #openstack-kolla19:13
*** athomas has quit IRC19:16
*** hamzy has quit IRC19:19
*** chrizl has joined #openstack-kolla19:20
*** dardelean_ has quit IRC19:24
kolla-slack<dardelean> I also have a presentation on kolla :) https://www.openstack.org/summit/vancouver-2018/vote-for-speakers#/2102219:25
kolla-slack<dardelean> kolla prez ftw19:25
*** hamzy has joined #openstack-kolla19:25
inc0fungi: negative :(19:28
*** chrizl has quit IRC19:29
*** mgoddard_ has quit IRC19:31
fungiinc0: looks like it's just the oraclelinux jobs (or at least those were the only nodes which turned up in the provider's scans)... are those critical or can they be temporarily disabled?19:33
inc0fungi: it's very...strange tho19:33
inc0as code is exactly the same as centos jobs19:33
inc0is centos affected or not?19:33
* fungi wonders if oraclelinux does different firewalling things or includes any extra services in their base image19:34
inc0pbourke: ^19:34
inc0it doesn't need anything in base, but default firewall might be more open (?)19:34
fungihttps://etherpad.openstack.org/p/wpy5XvRYWu is my analysis from the hits the provider reported and the only ones which had memcached show up were oraclelinux19:35
inc0pbourke: can you check  https://launchpad.net/bugs/1749326 when you're back please?19:35
openstackLaunchpad bug 1749326 in kolla-ansible "Exploitable services exposed on community test nodes" [High,Confirmed]19:35
fungiso that's not conclusive of course, but a surprising coincidence19:35
inc0well it might be case for all the kolla-ansible gates tho19:37
fungisure, it might19:38
*** salv-orlando has quit IRC19:39
fungijust odd that over the course of several days the 6 instances their scan picked up were all kolla-ansible-oraclelinux -.* jobs exclusively (and several different variants of them)19:40
*** salv-orlando has joined #openstack-kolla19:40
fungiare those run more frequently than similar jobs for your other platforms?19:41
inc0no, exactly the same as centos or ubuntu19:41
fungiyeah, so statistically this is strange, but 6 hits in 3 days is of course not a statistically significant sample either so could just be an unlikely coincidence19:41
inc0well, it makses sense that all kolla jobs are affected19:42
inc0or multinode jobs at leasy19:42
inc0least19:42
fungiunless there's something specific about that platform which is not correctly filtering/blocking access to memcached19:42
inc0https://github.com/openstack/kolla-ansible/blob/master/tests/pre.yml#L3719:42
inc0yeah19:43
inc0memcached is not protected in any way because well...it's memcached19:43
fungilike maybe iptables has to get configured with a different utility or something?19:43
* fungi knows basically nothing about oraclelinux other than that it was once a fork of rhel)19:43
*** salv-orlando has quit IRC19:44
inc0on the flipside, I don't think we'll need memcached starting Rocky - since keystone is deprecating uuid19:45
inc0fungi: I'll put this into tomorrows meeting agenda19:47
fungithanks for the attention to that issue inc0!19:47
inc0yeah, sorry I didn't touch it before - I'm a bit swamped at the moment19:47
inc0also, Jeffrey4l is our new leader:)19:48
fungii would hate to have a provider threaten to pull their donated resources over exploitable nodes due to risky configuration in a handful of projects19:48
fungiso getting this cleaned up quickly will be appreciated19:49
inc0yeah, I know19:51
inc0we're in middle of Chinese new year celebration so bunch of people are off19:51
*** dave-mccowan has quit IRC19:57
*** unicell has joined #openstack-kolla19:58
*** david_chou has joined #openstack-kolla20:00
david_chouHi All, my name is David Chou from Intel Corp.20:02
inc0hey it's Michal20:03
*** chrizl has joined #openstack-kolla20:03
david_chouHi Michal.20:04
inc0david_chou: looking at error quickly, can you confirm ansible is 2.3.*?20:04
inc0ansible --version20:04
david_chouansibile --version in my system gave me:20:06
david_chouansible 2.3.3.020:06
david_chou  config file = /etc/ansible/ansible.cfg20:06
david_chou  configured module search path = Default w/o overrides20:06
david_chou  python version = 2.7.12 (default, Dec  4 2017, 14:50:18) [GCC 5.4.0 20160609]20:06
*** jtriley has quit IRC20:06
inc0are you using virtualenv?20:07
david_chouNo20:07
david_chouJUst baremetal.20:08
inc0can you paste deploy error again please? paste.openstack.org20:08
*** jtriley has joined #openstack-kolla20:10
david_chouI already open http://paste.openstack.org/ page, just paste the error, or should I put some note?20:12
inc0error log please20:12
inc0or whole execution20:12
david_chouPaste #67916220:14
inc0link please20:14
david_chouhttp://paste.openstack.org/show/679162/20:15
*** chrizl has quit IRC20:15
inc0try to run kolla-ansible destroy --yes-i-really-really-mean-it20:16
inc0and then run deploy again20:16
david_chouDo you mean run "sudo ./kolla-ansible destroy -i ./all-in-one --yes-i-really-really-mean-it20:18
inc0yes20:18
*** mgoddard_ has joined #openstack-kolla20:19
david_chouSorry.  Do you mean run "20:19
david_chousudo ./kolla-ansible destroy --yes-i-really-really-mean-it20:20
inc0yes, you can add -i20:20
inc0it's the same in aipo20:20
inc0aio20:20
david_chouwhat aio mean?20:20
inc0all in one20:20
*** lpetrut has quit IRC20:20
david_chouGot it.20:21
david_chouAfter "20:21
david_chousudo ./kolla-ansible destroy --yes-i-really-really-mean-it"20:21
*** signed8bit has joined #openstack-kolla20:23
david_chouThen, I just run "sudo ./kolla-ansible -i ./all-in-one deploy" ? No need to run boot-server and precheck?20:23
inc0just deploy20:23
david_chouGot it. Will do.20:24
david_chouSame error at same task:20:27
*** kbaegis has joined #openstack-kolla20:27
*** mgoddard_ has quit IRC20:27
inc0hmm20:27
kbaegisHey- has anyone had an issue where the stack commands aren't populated in the client?20:27
inc0try changing "openstack_release" to queens20:27
david_chouDo you mean changing openstack_release from master to queens in /etc/kolla/globals.yml?20:31
inc0yes20:32
inc0or wait20:32
inc0it might not work yet20:32
david_chouI will wait.20:32
kbaegisseeing: openstack: 'stack' is not an openstack command.20:32
kbaegisAnd I did deploy with heat20:33
inc0kbaegis: you might need to install python-heatclient20:33
inc0david_chou: try openstack_release: "pike"20:33
*** lpetrut has joined #openstack-kolla20:34
david_chouWill do.20:34
inc0and do pip install --upgrade kolla-ansible==5.*20:34
*** dave-mccowan has joined #openstack-kolla20:37
*** dtk has quit IRC20:37
*** marian_tudosoiu has quit IRC20:37
*** dtk has joined #openstack-kolla20:38
*** marian_tudosoiu has joined #openstack-kolla20:38
*** pcaruana has joined #openstack-kolla20:40
kbaegisinc0: ty20:40
*** salv-orlando has joined #openstack-kolla20:40
*** salv-orlando has quit IRC20:45
kolla-slack<dardelean> what's the state of kolla-k8s nowadays?20:52
*** dave-mccowan has quit IRC20:56
*** gfidente|afk has quit IRC20:56
*** dmellado has quit IRC20:58
*** hamza21 has quit IRC21:02
*** salv-orlando has joined #openstack-kolla21:03
*** marian_tudosoiu has quit IRC21:12
*** dtk has quit IRC21:12
*** dtk has joined #openstack-kolla21:14
*** marian_tudosoiu has joined #openstack-kolla21:14
*** kbaegis has quit IRC21:21
*** rhallisey has quit IRC21:21
*** Denniz has quit IRC21:33
david_chouinc0: Good news, with "sudo ip install --upgrade kolla-ansible==5.*" and openstack_release = "pike", "sudo ./kolla-ansible -i ./all-in-one deploy" completed without error:21:34
david_chouTASK [blazar : include] ********************************************************21:34
david_chouskipping: [localhost]21:34
david_chouPLAY RECAP *********************************************************************21:34
david_choulocalhost                  : ok=224  changed=140  unreachable=0    failed=021:34
hogepodgeIs any one from kolla-k8s going to the helm summit in Portland tomorrow?21:35
hogepodgeI'll be there, and am happy to bring up any items you'd like me to talk about.21:35
inc0hogepodge: jascott and kfox will be there21:35
*** pcaruana has quit IRC21:37
hogepodgeah great, excellent21:39
*** ktibi_ has quit IRC21:44
*** chrizl has joined #openstack-kolla21:54
kolla-slack<dardelean> inc0 still not coming to the PTG? :(22:00
*** jtriley has quit IRC22:02
*** chrizl has quit IRC22:06
*** chrizl has joined #openstack-kolla22:08
*** devananda has quit IRC22:09
*** dciabrin has joined #openstack-kolla22:14
*** dciabrin_ has quit IRC22:15
*** dmellado has joined #openstack-kolla22:18
*** chrizl has quit IRC22:18
*** dciabrin has quit IRC22:19
*** dciabrin has joined #openstack-kolla22:19
*** paken has quit IRC22:19
*** dciabrin_ has joined #openstack-kolla22:22
*** dciabrin has quit IRC22:22
*** threestrands has joined #openstack-kolla22:23
*** k_mouza has joined #openstack-kolla22:28
*** kolla-slack has quit IRC22:44
*** kolla-slack has joined #openstack-kolla22:44
*** itlinux has quit IRC22:49
david_chouinc0: I followed the instruction in "Using OpenStack" section in "https://docs.openstack.org/kolla-ansible/latest/user/quickstart.html"22:54
david_chouinc0: It seems that I could completed all steps successfully in this "Using OpenStack" section.22:56
SpamapShrm.. more security questions.. it seems that kolla-ansible configures internal APIs to listen on not-TLS22:56
SpamapSwhich seems like.. a bad idea.22:56
david_chouinc0:22:56
david_chouinc0: The last step: ". . kolla-ansible/tools/init-runonce", I run in two steps:22:57
inc0SpamapS: well there is story to that22:58
david_chouinc0: 1. cd ~/kolla-ansible  2. sudo ./init-runonce22:58
SpamapSinc0: do tell22:58
inc0that revolves around memcached22:59
SpamapSbecause.. between that and assuming keepalived.. I'm bending over backward trying to make kolla-ansible work for us.22:59
inc0and it goes like that: we can't make memcached secure22:59
SpamapS(we have external non-TLS terminating load balancers that we use)22:59
inc0so we assume that whoever has access to your internal net, has access to your tokens (including admin)22:59
inc0you can use TLS easily tho23:00
inc0well you'll need to make few changes in globals, but should be fine23:00
SpamapSmemcached is encrypted.. so.. ?23:01
inc0traffic to memcached isn't23:01
inc0https://github.com/openstack/kolla-ansible/blob/d474987ad9722c63bf6bf964ca80d810b89a313e/ansible/roles/heat/defaults/main.yml#L6623:01
inc0check this out23:01
SpamapSand we can't https://github.com/memcached/memcached/wiki/SASLHowto ?23:02
inc0https://github.com/openstack/kolla-ansible/blob/master/ansible/group_vars/all.yml#L32523:02
inc0override this with https23:02
inc0and make sure your kolla_internal_fqdn will point to your load balancers, which will terminate https23:03
SpamapSinc0: but that won't make haproxy actually listen on https.23:03
SpamapSno my lb's do not terminate https23:03
inc0so you have lb that will then point to haproxy?23:04
SpamapSyeah23:04
inc0ok, so I guess you have same issue as mgoddard, we need better way to include custom confs in haproxy23:04
inc0https://review.openstack.org/#/c/534834/23:05
inc0then you can inject https termination there23:05
SpamapSYeah I'm patching haproxy.cfg.j2 right now to add tls_bind to the internal ones, and disabling my external vip.23:05
inc0only thing would be to add some logic to lay down ssl certs23:05
SpamapSthat's already there for the external vip23:06
inc0talk to mgoddard (he's in GB, so mornings) and you two could try to figure out better way to make configs in haproxy23:06
inc0I believe there will be topic about that in PTG23:06
SpamapSI may just let this go for now..23:06
SpamapSalready almost 2 weeks late :-P23:06
*** santacloud has quit IRC23:07
inc0well if you handcraft your haproxy.cfg that's fine23:07
inc0(you can also just copy default with all the jinja2 stuff and edit it there)23:07
inc0not ideal, but will get you there23:07
*** lpetrut has quit IRC23:11
*** chrizl has joined #openstack-kolla23:12
*** chrizl has quit IRC23:30
*** spiette has quit IRC23:51
*** masahisa has joined #openstack-kolla23:52
*** k_mouza has quit IRC23:57
« Monday, 2018-02-19 Index Wednesday, 2018-02-21 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!