Wednesday, 2015-05-13

« Tuesday, 2015-05-12 Index Thursday, 2015-05-14 »
*** markvoelker has joined #openstack-operators00:06
*** Marga_ has quit IRC00:10
*** Marga_ has joined #openstack-operators00:10
*** vinsh has joined #openstack-operators00:12
*** derekh has quit IRC00:12
*** vinsh has quit IRC00:15
*** esker has joined #openstack-operators00:16
*** david-lyle has quit IRC00:28
*** mdorman has quit IRC00:28
*** klindgren has quit IRC00:32
*** esker has quit IRC00:34
*** blair has quit IRC00:34
*** SimonChung has quit IRC00:46
*** ferest has joined #openstack-operators00:57
*** esker has joined #openstack-operators01:01
*** signed8bit_ZZZzz is now known as signed8b_01:12
*** j05h1 has joined #openstack-operators01:12
*** j05h1 has quit IRC01:15
*** j05h1 has joined #openstack-operators01:15
*** esker has quit IRC01:18
*** hitalia has joined #openstack-operators01:19
*** hitalia has quit IRC01:23
*** VW_ has joined #openstack-operators01:30
*** VW_ has quit IRC01:30
*** VW_ has joined #openstack-operators01:31
*** esker has joined #openstack-operators01:44
*** SimonChung has joined #openstack-operators01:44
*** blair has joined #openstack-operators01:51
*** j05h1 has quit IRC01:52
*** j05h1 has joined #openstack-operators01:52
*** ferest has quit IRC01:53
*** esker has quit IRC02:03
*** j05h1 has quit IRC02:07
*** esker has joined #openstack-operators02:29
*** j05h1 has joined #openstack-operators02:40
*** j05h1 has quit IRC02:42
*** j05h1 has joined #openstack-operators02:43
*** esker has quit IRC02:47
*** j05h1 has quit IRC02:54
*** j05h1 has joined #openstack-operators02:55
*** j05h1 has quit IRC02:59
*** signed8b_ is now known as signed8bit_ZZZzz03:01
*** blair has quit IRC03:04
*** esker has joined #openstack-operators03:13
*** signed8bit_ZZZzz is now known as signed8b_03:16
*** signed8b_ is now known as signed8bit_ZZZzz03:17
*** esker has quit IRC03:24
*** esker has joined #openstack-operators03:24
*** j05h1 has joined #openstack-operators03:31
*** esker has quit IRC03:32
*** alop has quit IRC03:47
*** vinsh has joined #openstack-operators03:47
*** david-lyle has joined #openstack-operators03:48
*** vinsh has quit IRC03:51
*** j05h1 has quit IRC03:58
*** j05h1 has joined #openstack-operators03:59
*** blair has joined #openstack-operators04:09
*** j05h1 has quit IRC04:10
*** blair has quit IRC04:42
*** CongTo has joined #openstack-operators04:52
*** markvoelker has quit IRC04:58
*** markvoelker has joined #openstack-operators05:06
*** xavpaice_ has joined #openstack-operators05:15
*** fawadkhaliq has joined #openstack-operators05:24
*** xavpaice has quit IRC05:26
*** CongTo has quit IRC05:29
*** CongTo has joined #openstack-operators05:31
*** maishsk has joined #openstack-operators06:02
*** CongTo has quit IRC06:06
*** CongTo has joined #openstack-operators06:31
*** VW_ has quit IRC06:33
*** VW has joined #openstack-operators06:45
*** blair has joined #openstack-operators06:48
*** fifieldt has joined #openstack-operators06:56
*** fifieldt has quit IRC06:56
*** blair has quit IRC06:57
*** blair has joined #openstack-operators06:59
*** CongTo has quit IRC07:07
*** VW has quit IRC07:13
*** blair has quit IRC07:14
*** Marga_ has quit IRC07:31
*** derekh has joined #openstack-operators08:03
*** blair has joined #openstack-operators08:23
*** blair has quit IRC08:46
*** fawadkhaliq has quit IRC09:36
*** CongTo has joined #openstack-operators09:53
*** blair has joined #openstack-operators10:03
*** avozza has quit IRC10:25
*** ruagair has quit IRC10:26
*** ruagair has joined #openstack-operators10:30
*** zz_avozza has joined #openstack-operators10:32
*** zz_avozza is now known as avozza10:33
*** bell_juzo has joined #openstack-operators10:41
*** bell_juzo is now known as bell10:41
bellHi10:42
bellis anybody there ?10:42
_nickbell: just ask your question, if / when someone's around who can answer then they probably will11:03
*** VW has joined #openstack-operators11:31
*** VW has quit IRC11:32
*** VW has joined #openstack-operators11:32
*** delattec has quit IRC11:50
*** cdelatte has quit IRC11:50
*** blair has quit IRC12:05
*** cdelatte has joined #openstack-operators12:07
*** derekh_ has joined #openstack-operators12:08
*** delattec has joined #openstack-operators12:09
*** derekh has quit IRC12:12
*** CongTo has quit IRC12:12
*** cdelatte has quit IRC12:12
*** signed8bit_ZZZzz has quit IRC12:14
*** maishsk has quit IRC12:31
*** matrohon has joined #openstack-operators12:41
*** Piet has quit IRC13:05
*** blair has joined #openstack-operators13:06
*** blair has quit IRC13:08
*** blair has joined #openstack-operators13:08
*** rlrevell has joined #openstack-operators13:11
*** blair has quit IRC13:13
*** radez_g0n3 is now known as radez13:19
*** j05h1 has joined #openstack-operators13:37
*** j05h1 has quit IRC13:41
*** j05h1 has joined #openstack-operators13:42
*** sgordon has joined #openstack-operators13:50
*** dboik has joined #openstack-operators13:52
*** dboik_ has joined #openstack-operators13:53
*** dboik has quit IRC13:57
*** markvoelker has quit IRC13:59
*** j05h1 has quit IRC14:05
*** blair has joined #openstack-operators14:09
*** dminer has joined #openstack-operators14:11
*** j05h1 has joined #openstack-operators14:13
*** blair has quit IRC14:14
*** jaypipes has joined #openstack-operators14:15
*** bell has quit IRC14:21
*** bvandenh has joined #openstack-operators14:26
*** vinsh has joined #openstack-operators14:30
*** Marga_ has joined #openstack-operators14:59
*** reed_ has joined #openstack-operators15:01
*** Marga_ has quit IRC15:03
*** Marga_ has joined #openstack-operators15:03
*** mnaser has joined #openstack-operators15:05
mnaseranyone from ubuntu know if the packages are on their way soon for this? https://lists.gnu.org/archive/html/qemu-devel/2015-05/msg02561.html15:06
mnaserhttps://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+build/742469215:08
*** blair has joined #openstack-operators15:10
*** blair has quit IRC15:15
*** matrohon has quit IRC15:16
*** alop has joined #openstack-operators15:37
*** bvandenh has quit IRC15:43
*** gyee has joined #openstack-operators15:44
*** shakamunyi has quit IRC15:51
*** barra204 has quit IRC15:51
*** esker has joined #openstack-operators15:53
*** SimonChung has quit IRC16:11
*** blair has joined #openstack-operators16:11
*** blair has quit IRC16:16
*** derekh_ has quit IRC16:37
*** Piet has joined #openstack-operators16:51
*** rlrevell has quit IRC16:52
*** rlrevell has joined #openstack-operators16:52
*** rlrevell1 has joined #openstack-operators16:53
*** rlrevell has quit IRC16:53
*** rlrevell has joined #openstack-operators16:53
*** signed8bit has joined #openstack-operators16:55
*** Marga_ has quit IRC16:57
*** rlrevell1 has quit IRC16:58
jlkfloppy drivers.... in 2015.16:59
jlkamiright??16:59
*** SimonChung has joined #openstack-operators17:03
*** blair has joined #openstack-operators17:12
*** blair has quit IRC17:17
*** harlowja has quit IRC17:20
*** harlowja has joined #openstack-operators17:20
*** maishsk has joined #openstack-operators17:23
*** fawadkhaliq has joined #openstack-operators17:31
*** SimonChung1 has joined #openstack-operators17:32
*** SimonChung has quit IRC17:32
*** SimonChung has joined #openstack-operators17:33
*** SimonChung1 has quit IRC17:33
*** reed_ has quit IRC17:41
*** belmoreira has joined #openstack-operators17:41
*** belmoreira has quit IRC17:43
*** SimonChung1 has joined #openstack-operators17:47
*** SimonChung has quit IRC17:47
mnaserhttp://www.ubuntu.com/usn/usn-2608-1/17:50
mnaserhurry up folks17:51
*** fawadk has joined #openstack-operators17:58
rlrevellmnaser: are there any reports of it being exploited?17:59
mnaserrlrevell: i dont believe there is a poc that's out, which makes it quite inaccessible out of the hands of script kiddies17:59
mnaserbut the patch to fix it is out, so i wouldn't give it a long time17:59
rlrevellmnaser: looks like you also have to have malicious clients18:00
rlrevellcustomers i mean18:00
mnaserrlrevell: not necessarily, you don't always control the environment.18:00
mnaseroperating a public cloud could also have people purposely sign up for the only reason of exploiting the environment too18:00
*** fawadkhaliq has quit IRC18:01
jlkyeah, pub clouds are the most at risk18:04
*** fawadkhaliq has joined #openstack-operators18:04
jlkrandom users, lots of juicy targets next door18:04
*** fawadk has quit IRC18:06
mnaseryep ^18:09
mnaserbut you can avoid the reboot18:09
mnaserby doing a suspend/resume18:09
*** fawadk has joined #openstack-operators18:11
jlkyeah, that's likely what we'll have our customers do18:13
jlkour customers are mostly single-tenant though, no shared clouds.18:13
*** fawadkhaliq has quit IRC18:13
*** blair has joined #openstack-operators18:13
*** fawadk has quit IRC18:14
*** maishsk_ has joined #openstack-operators18:18
*** maishsk has quit IRC18:18
*** maishsk_ is now known as maishsk18:18
*** blair has quit IRC18:19
*** hitalia has joined #openstack-operators18:22
*** Marga_ has joined #openstack-operators18:28
*** Marga_ has quit IRC18:35
*** Marga_ has joined #openstack-operators18:35
rlrevellmnaser: any idea to what extent the "attackers would be isolated by the libvirt AppArmor profile" thing mitigates the problem?18:43
*** dminer has quit IRC18:44
mnaserrlrevell: basically, it implies that the exploit gets you out to a land that is controlled by apparmor18:50
mnaserso you're at the mercy of apparmor to keep you save then18:51
rlrevellmnaser: and it looks like apparmor allows libvirt access to quite a bit18:51
mnaseryep.. i wouldnt count ion it18:51
mnaserafter you upgrade kvm18:51
mnaserall you need to do is18:51
mnasernova suspend <vm>18:51
mnasernova resume <vm>18:51
rlrevellmnaser: i'm still at the lab stage so i can just reboot everything18:52
*** yapeng has joined #openstack-operators18:54
mnasergood enoguh18:55
*** yapeng has quit IRC19:02
*** hitalia has quit IRC19:06
*** hitalia has joined #openstack-operators19:08
*** Rockyg_ has joined #openstack-operators19:12
*** blair has joined #openstack-operators19:15
*** blair has quit IRC19:20
*** turnerg has joined #openstack-operators19:21
*** hitalia has quit IRC19:27
*** belmoreira has joined #openstack-operators19:32
*** belmoreira has quit IRC19:33
*** Rockyg_ has quit IRC19:59
*** turnerg has quit IRC20:00
*** turnerg has joined #openstack-operators20:01
*** Rockyg has joined #openstack-operators20:01
*** turnerg has quit IRC20:01
*** turnerg has joined #openstack-operators20:03
*** delattec has quit IRC20:08
*** blair has joined #openstack-operators20:16
*** esker has quit IRC20:16
*** hitalia has joined #openstack-operators20:18
*** blair has quit IRC20:20
*** maishsk has quit IRC20:21
*** maishsk has joined #openstack-operators20:22
*** bvandenh has joined #openstack-operators20:22
*** turnerg has quit IRC20:28
xavpaice_suspend/resume takes quite a while though doesn't it?  Minutes for us, at least20:32
xavpaice_live migration seems better, but I need to understand it better before feeling confident20:32
*** bvandenh has quit IRC20:33
*** turnerg has joined #openstack-operators20:35
*** vinsh_ has joined #openstack-operators20:43
*** vinsh has quit IRC20:46
*** belmoreira has joined #openstack-operators20:49
*** maishsk has quit IRC20:50
mnaserxavpaice_: we use SSDs so it's quite fast20:51
xavpaice_:)20:51
mnaseryou have to factor in that the entire state of memory is written to disk, so the more memory on the server, the more data it has to write20:51
mnaserlive migration can work out well, the only caveat is if you're using configdrive, live migration fails (even with block storage migration :\)20:52
xavpaice_yeah, that's why it's so slow for those of us with slow disk on the hypervisors20:52
*** radez is now known as radez_g0n320:52
xavpaice_I've had a few instances get kinda stuck during live migration, still trying to collect enough detail to figure out what's going on20:53
mnaserdo these instances have a lot of memory?20:53
mnaserlive migration actually copies the contents of memory then rescans it again for changes and sends those changes, and it keeps doing that until they're sync'd enough for it to pause the old instance, sync, and unpause20:54
mnaserif you have a lot of memory on the machine and your link speed is slow, the memory changes will be way faster than the speed of transfer, and you're stuck in this loop of constantly moving memory contents20:54
mnaseri hope that made sense20:54
xavpaice_it does, and that's pretty much what I reckon is happening20:55
mnaseryeah there's not much you can do other than lowering the load/memory usage on that instance or upping the speed of the links20:55
xavpaice_the network the live migration is running over is only 1Gbps, considering adding that vlan to the 10Gbps links we use for storage access20:56
xavpaice_it appears also to be the instances we know are particularly busy20:56
mnaseryeah, that can explain the memory contents changing a lot at a qucik rate20:57
mnaserif it was fairly idle, memory would sit at the same20:57
xavpaice_I've not yet attempted pause/migrate/resume - if that's even possible20:57
mnaserhm, not sure about that combination20:58
*** vinsh has joined #openstack-operators20:59
*** vinsh_ has quit IRC21:03
*** ruagair_ has joined #openstack-operators21:05
jlkit is21:05
jlkthe non-live migrate does pretty much that21:06
jlkit's like resize21:06
xavpaice_resize actually reboots the instance though21:07
xavpaice_(as it needs to for most guest OS's)21:08
jlkoh true. yes.21:08
xavpaice_nova migrate actually shows up in the logs like a resize21:08
*** ruagair has quit IRC21:09
*** sgordon has quit IRC21:09
*** dmsimard has quit IRC21:09
mnasermigrate uses the same codebase as resize actually21:09
jlkhttps://blueprints.launchpad.net/nova/+spec/migrate-non-active-instances21:10
*** sgordon has joined #openstack-operators21:10
jlkmnaser: migrate yes, live-migrate not as much21:10
*** sgordon has quit IRC21:10
*** sgordon has joined #openstack-operators21:10
mnaseryep21:10
*** dmsimard has joined #openstack-operators21:11
*** Marga_ has quit IRC21:11
*** Marga_ has joined #openstack-operators21:12
xavpaice_unfortunately can't pause then migrate or live-migrate21:13
xavpaice_so if there's an instance that's too busy to live-migrate, it's going to need a reboot21:13
jlkthankfully we don't support live migrate at all21:13
*** hitalia has quit IRC21:14
xavpaice_do your customers not mind their VM's getting rebooted?21:14
jlkthey might, but migration is "non-cloud" or so we tell them21:15
jlkmore realistically we just don't have it wired all the way up yet, it's a future feature21:15
xavpaice_wise choice IMO21:15
xavpaice_so far, it's not been the most reliable thing for us21:16
jlkyup.21:16
jlkand as a maint tool, there is no guarantee that there will be enough space elsewhere to do the shuffle21:16
harlowjaalso fyi for u guys there is a #kvm channel in freenode that is also talking about this (currently/recently)21:16
xavpaice_we try hard to assist customers to use apps/instances in a way that can easily withstand reboots one at a time21:16
xavpaice_thanks!21:17
mnaserthanks harlowja21:17
harlowjanp21:17
*** blair has joined #openstack-operators21:17
* harlowja doesn't think it has a logger attached anywhere, but not sure21:17
*** jsnow has joined #openstack-operators21:21
*** `mjr has joined #openstack-operators21:21
*** blair has quit IRC21:21
harlowjanope doesn't appear so, so if u intersted, thats where some of the qemu/kvm people are i think21:23
harlowja*in that channel21:23
jsnowmy ears are ringin'21:24
harlowja:)21:24
xavpaice_https://github.com/xavpaice/openstack-tools/blob/master/livemigrate_instances.py might come in handy btw, feedback/pr's most welcome21:25
*** matrohon has joined #openstack-operators21:29
*** rlrevell has quit IRC21:31
*** turnerg has quit IRC21:36
*** hitalia has joined #openstack-operators21:37
*** SimonChung has joined #openstack-operators21:45
*** SimonChung1 has quit IRC21:45
*** SimonChung1 has joined #openstack-operators21:52
*** SimonChung has quit IRC21:52
*** belmoreira has quit IRC21:54
*** SimonChung has joined #openstack-operators22:02
*** SimonChung1 has quit IRC22:02
*** vinsh has quit IRC22:08
*** Marga_ has quit IRC22:11
*** Marga_ has joined #openstack-operators22:11
*** blair has joined #openstack-operators22:13
*** matrohon has quit IRC22:17
*** saneax has joined #openstack-operators22:33
*** Rockyg has quit IRC22:33
*** alop has quit IRC22:51
*** SimonChung1 has joined #openstack-operators23:02
*** SimonChung has quit IRC23:02
*** Rockyg has joined #openstack-operators23:07
*** signed8bit is now known as signed8bit_ZZZzz23:16
*** Marga_ has quit IRC23:20
*** Marga_ has joined #openstack-operators23:21
*** signed8bit_ZZZzz is now known as signed8bit23:31
*** klindgren has joined #openstack-operators23:39
*** klindgren has quit IRC23:58
« Tuesday, 2015-05-12 Index Thursday, 2015-05-14 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!