Monday, 2016-07-18

« Sunday, 2016-07-17 Index Tuesday, 2016-07-19 »
*** PerfectChaos has quit IRC00:07
*** PerfectChaos has joined #openstack-operators00:07
*** PerfectChaos has quit IRC00:16
*** PerfectChaos has joined #openstack-operators00:17
*** PerfectChaos has quit IRC00:29
*** PerfectChaos has joined #openstack-operators00:30
*** markvoelker has joined #openstack-operators00:39
*** markvoelker has quit IRC00:43
*** PerfectChaos has quit IRC01:03
*** PerfectChaos has joined #openstack-operators01:04
*** ducttape_ has joined #openstack-operators01:30
*** ducttape_ has quit IRC01:34
*** julim has quit IRC02:09
*** PerfectChaos has quit IRC02:24
*** PerfectChaos has joined #openstack-operators02:26
*** julim has joined #openstack-operators02:44
*** ducttape_ has joined #openstack-operators03:07
*** julim has quit IRC03:11
*** david-lyle has quit IRC03:11
*** ducttape_ has quit IRC03:30
*** elo has joined #openstack-operators03:39
*** eric_lopez has quit IRC03:40
*** PerfectChaos has quit IRC04:01
*** PerfectChaos has joined #openstack-operators04:01
*** markvoelker has joined #openstack-operators04:40
*** hieulq has joined #openstack-operators04:43
*** markvoelker has quit IRC04:45
*** ducttape_ has joined #openstack-operators05:01
*** dtrainor has joined #openstack-operators05:04
*** ducttape_ has quit IRC05:06
*** PerfectChaos has quit IRC05:26
*** PerfectChaos has joined #openstack-operators05:26
*** rcernin has joined #openstack-operators05:57
*** david-lyle has joined #openstack-operators06:02
*** ducttape_ has joined #openstack-operators06:02
*** intr1nsic has quit IRC06:02
*** PerfectChaos has quit IRC06:03
*** intr1nsic has joined #openstack-operators06:04
*** rcernin has quit IRC06:04
*** PerfectChaos has joined #openstack-operators06:04
*** ducttape_ has quit IRC06:06
*** rcernin has joined #openstack-operators06:17
*** intr1nsic has quit IRC06:19
*** intr1nsic has joined #openstack-operators06:21
*** saneax_AFK is now known as saneax06:27
*** pcaruana has joined #openstack-operators06:29
*** arcimboldo has joined #openstack-operators06:31
*** eddima has joined #openstack-operators06:31
*** bjolo_ has quit IRC06:31
*** david-lyle has quit IRC06:32
*** markvoelker has joined #openstack-operators06:41
*** tesseract- has joined #openstack-operators06:45
*** markvoelker has quit IRC06:46
*** rcernin has quit IRC06:48
*** pcaruana has quit IRC06:48
*** belmoreira has joined #openstack-operators06:55
*** pcaruana has joined #openstack-operators07:02
*** rcernin has joined #openstack-operators07:02
*** ducttape_ has joined #openstack-operators07:03
*** liverpooler has joined #openstack-operators07:07
*** ducttape_ has quit IRC07:07
*** fawadkhaliq has joined #openstack-operators07:13
*** paramite has joined #openstack-operators07:15
*** christx2 has joined #openstack-operators07:26
*** PerfectChaos has quit IRC07:26
*** PerfectChaos has joined #openstack-operators07:27
*** beddari has joined #openstack-operators07:28
*** dtrainor has quit IRC07:31
*** bjolo has joined #openstack-operators07:31
*** bjolo has quit IRC07:41
*** bjolo has joined #openstack-operators07:41
*** pilgrimstack has joined #openstack-operators08:00
*** bjolo_ has joined #openstack-operators08:02
*** bjolo has quit IRC08:05
*** dmsimard has quit IRC08:05
*** dbecker has joined #openstack-operators08:06
*** bjolo_ has quit IRC08:06
*** bjolo_ has joined #openstack-operators08:06
*** dbecker has quit IRC08:07
*** dbecker has joined #openstack-operators08:08
*** bjolo_ is now known as bjolo08:09
*** PerfectChaos has quit IRC08:15
*** PerfectChaos has joined #openstack-operators08:17
*** beddari has quit IRC08:31
*** beddari has joined #openstack-operators08:34
*** bjolo has quit IRC08:53
*** bjolo has joined #openstack-operators08:53
*** dmsimard has joined #openstack-operators08:54
*** simon-AS559 has joined #openstack-operators09:17
*** simon-AS5591 has joined #openstack-operators09:20
*** simon-AS559 has quit IRC09:23
*** admin0 has joined #openstack-operators09:26
*** eddima has quit IRC09:33
*** fawadkhaliq has quit IRC09:34
*** christx2 has quit IRC09:35
*** admin0 has quit IRC09:47
*** simon-AS5591 has quit IRC09:58
*** bjolo_ has joined #openstack-operators10:00
*** bjolo has quit IRC10:01
*** admin0 has joined #openstack-operators10:02
*** bjolo_ has quit IRC10:02
*** bjolo_ has joined #openstack-operators10:03
*** PerfectChaos has quit IRC10:03
*** PerfectChaos has joined #openstack-operators10:04
*** bjolo_ is now known as bjolo10:12
*** arcimboldo has quit IRC10:24
*** PerfectChaos has quit IRC10:29
*** PerfectChaos has joined #openstack-operators10:31
*** fawadkhaliq has joined #openstack-operators10:34
*** fawadkhaliq has quit IRC10:40
*** paramite is now known as paramite|afk10:41
*** fawadkhaliq has joined #openstack-operators10:48
*** arcimboldo has joined #openstack-operators10:58
*** PerfectChaos has quit IRC11:08
*** PerfectChaos has joined #openstack-operators11:09
*** zeih has joined #openstack-operators11:10
*** paramite|afk is now known as paramite11:10
*** zeih has quit IRC11:11
*** julim has joined #openstack-operators11:15
*** admin0 has quit IRC11:26
*** christx2 has joined #openstack-operators11:59
*** PerfectChaos has quit IRC12:03
*** PerfectChaos has joined #openstack-operators12:04
*** ducttape_ has joined #openstack-operators12:06
*** markvoelker has joined #openstack-operators12:10
*** fawadkhaliq has quit IRC12:10
*** permalac has joined #openstack-operators12:11
*** admin0 has joined #openstack-operators12:17
*** ducttape_ has quit IRC12:26
*** derekjhyang has quit IRC12:32
*** toMeloos has joined #openstack-operators12:33
*** PerfectChaos has quit IRC12:43
*** PerfectChaos has joined #openstack-operators12:44
*** Zucan has joined #openstack-operators12:44
*** PerfectChaos has quit IRC12:52
*** PerfectChaos has joined #openstack-operators12:53
*** admin0 has quit IRC12:57
*** dminer has joined #openstack-operators12:59
*** admin0 has joined #openstack-operators13:03
*** dmsimard has quit IRC13:16
*** dmsimard has joined #openstack-operators13:18
*** julim has quit IRC13:19
*** belmoreira has quit IRC13:33
*** saneax is now known as saneax_AFK13:39
*** ducttape_ has joined #openstack-operators13:42
*** julim has joined #openstack-operators13:43
*** ducttape_ has quit IRC13:45
*** ducttape_ has joined #openstack-operators13:46
*** ducttape_ has quit IRC13:46
*** ducttape_ has joined #openstack-operators13:46
*** saneax_AFK is now known as saneax13:46
*** ducttape_ has quit IRC13:48
*** jamesdenton has joined #openstack-operators13:50
*** simon-AS559 has joined #openstack-operators13:58
*** PerfectChaos has quit IRC13:58
*** catintheroof has joined #openstack-operators14:03
*** simon-AS5591 has joined #openstack-operators14:08
*** simon-AS5591 has quit IRC14:09
*** simon-AS559 has quit IRC14:10
*** ducttape_ has joined #openstack-operators14:12
*** saneax is now known as saneax_AFK14:15
*** liverpooler has quit IRC14:15
*** bjolo has quit IRC14:49
catintheroofquick question, do you know the technical reason on why the mysql connection string went from mysql to mysql+pymysql ?14:51
dims_catintheroof http://markmail.org/message/6ujd3xcrk4ns256c14:56
dims_catintheroof : there's more in the mailing list http://openstack.markmail.org/search/?q=pymysql14:56
catintheroofdims_, thanks so much ! nice info !14:57
*** dtrainor has joined #openstack-operators14:58
*** _ducttape_ has joined #openstack-operators15:01
catintheroofdims_, there i can search for all openstack mailing list's emails  ??15:01
dims_openstack-dev mailing list for sure15:02
*** ducttape_ has quit IRC15:02
*** julim has quit IRC15:10
*** armax has joined #openstack-operators15:10
*** mriedem has quit IRC15:16
*** Apoorva has joined #openstack-operators15:21
*** julim has joined #openstack-operators15:36
*** admin0 has quit IRC15:42
*** _ducttape_ has quit IRC15:46
*** ducttape_ has joined #openstack-operators15:46
*** fawadkhaliq has joined #openstack-operators15:49
*** fawadkhaliq has quit IRC15:53
*** julim has quit IRC16:04
*** emccormick has joined #openstack-operators16:05
*** tesseract- has quit IRC16:10
*** christx2 has quit IRC16:16
*** fawadkhaliq has joined #openstack-operators16:20
*** fawadkhaliq has quit IRC16:24
*** julim has joined #openstack-operators16:28
*** gyee has joined #openstack-operators16:29
*** flaviodsr has joined #openstack-operators16:30
*** piet has joined #openstack-operators16:35
*** arcimboldo has quit IRC16:42
*** kstev has joined #openstack-operators16:45
*** rcernin has quit IRC16:53
*** simon-AS559 has joined #openstack-operators16:58
*** pcaruana has quit IRC16:59
*** simon-AS5591 has joined #openstack-operators17:03
*** peterjenkins has quit IRC17:04
*** melwitt has quit IRC17:05
*** peterjenkins has joined #openstack-operators17:05
*** nikhil has quit IRC17:05
*** amit213 has quit IRC17:05
*** brainspackle has quit IRC17:05
*** khappone has joined #openstack-operators17:05
*** simon-AS559 has quit IRC17:05
*** zigo has quit IRC17:06
*** mjrichardson has quit IRC17:06
*** RaginBajin has quit IRC17:06
*** mgagne has quit IRC17:06
*** kencjohnston has quit IRC17:06
*** khappone_ has quit IRC17:06
*** zigo has joined #openstack-operators17:06
*** simon-AS5591 has quit IRC17:09
*** amit213 has joined #openstack-operators17:09
*** kencjohnston has joined #openstack-operators17:11
*** mgagne has joined #openstack-operators17:11
*** RaginBajin has joined #openstack-operators17:13
*** melwitt has joined #openstack-operators17:14
*** melwitt is now known as Guest3544617:15
*** nikhil has joined #openstack-operators17:19
*** brainspackle has joined #openstack-operators17:19
*** MVenesio has joined #openstack-operators17:20
MVenesioHi guys, do you know if the functionality to bypass the images copy from a glance integrated with ceph and cinder also integrated with ceph works in the Juno version ?17:20
*** mjrichardson has joined #openstack-operators17:20
*** rcernin has joined #openstack-operators17:37
*** christx2 has joined #openstack-operators17:38
*** ducttape_ has quit IRC17:39
*** ducttape_ has joined #openstack-operators17:51
*** julim_ has joined #openstack-operators18:02
*** julim has quit IRC18:05
*** bjolo has joined #openstack-operators18:10
*** bjolo has quit IRC18:14
*** bjolo has joined #openstack-operators18:14
*** christx2 has quit IRC18:15
*** julim_ has quit IRC18:15
*** alaski has quit IRC18:17
klindgrenI thought people had local patches for that18:19
klindgrenbut unsure if anyone had that for the juno version18:19
*** permalac has quit IRC18:20
*** alaski has joined #openstack-operators18:22
*** bjolo has quit IRC18:30
*** pcaruana has joined #openstack-operators18:34
*** mjrichardson has quit IRC18:45
*** mjrichardson has joined #openstack-operators18:46
*** xavpaice has quit IRC18:47
*** gyee has quit IRC18:48
*** mriedem has joined #openstack-operators18:49
*** xavpaice has joined #openstack-operators18:51
*** rcernin has quit IRC18:57
*** fawadkhaliq has joined #openstack-operators19:05
*** rcernin has joined #openstack-operators19:15
*** rcernin has quit IRC19:16
*** rcernin has joined #openstack-operators19:16
*** emccormick has quit IRC19:28
*** MVenesio has quit IRC19:29
*** gyee has joined #openstack-operators19:34
*** simon-AS559 has joined #openstack-operators19:42
*** kstev has quit IRC19:49
*** fawadkhaliq has quit IRC19:52
*** fawadkhaliq has joined #openstack-operators19:53
*** fawadkhaliq has quit IRC19:57
*** emccormick has joined #openstack-operators19:57
*** kstev has joined #openstack-operators19:58
*** nicodemus_ has joined #openstack-operators20:03
nicodemus_hello20:03
nicodemus_Does anybody know a guide to configure neutron-api behind apache? (if it is possible)20:03
nicodemus_I'd like to deploy using SSL, and there seem to be two options for production: SSL termination on nginx/haproxy, or having the neutron API with apache20:03
jlkNeutron API should support SSL20:06
jlklike, terminated on Neutron, but yeah it's not the best in production20:06
*** vinsh_ is now known as Vinsh20:09
nicodemus_jlk, yes the API supports it... but since most other projects recommend against it20:13
nicodemus_perhaps someone had the chance to test Neutron + apache20:14
xavpaiceyou talking about using mod_wsgi, or just a proxy?20:20
xavpaicewe're an nginx/uwsgi shop mostly, but fwiw swift wasn't running well like that so we termiate the ssl on nginx and proxy to swift listening on localhost20:21
xavpaiceplenty of ways to cut it :)20:21
nicodemus_xavpaice, I was thinking about mod_wsgi20:29
nicodemus_but, I guess I would go with the recommended / more stable way20:30
xavpaicecan't comment on what that is :)20:30
*** rcernin has quit IRC20:38
*** simon-AS559 has quit IRC20:55
*** piet has quit IRC21:00
*** Zucan has quit IRC21:11
*** mriedem has quit IRC21:25
*** krot_vaca_jul19 is now known as krotscheck21:30
*** paramite has quit IRC21:30
*** catintheroof has quit IRC21:30
*** toMeloos has quit IRC21:36
*** jamesdenton has quit IRC21:44
*** emccormick has quit IRC21:44
*** rcernin has joined #openstack-operators21:49
*** rcernin has quit IRC21:49
*** nicodemus_ has quit IRC21:58
*** amit213 has quit IRC22:13
*** amit213 has joined #openstack-operators22:13
klindgrenanyone with public use the QEMU guest agent?22:16
klindgrento make snapshots something better than crash consistent22:16
klindgrenhell - I will even open it up more.  Anyone here use openstack + qemu guest agent + the stuff tht was done in kilo for using the guest agent for snapshots22:17
klindgrenhttps://blueprints.launchpad.net/nova/+spec/quiesced-image-snapshots-with-qemu-guest-agent22:17
*** ducttape_ has quit IRC22:20
klindgrenjlk xavpaice sorrison  clayton  ping on the above re: qemu-agent22:32
jlkWe do not use the agent22:33
claytonNickServ: neutron doesn't support an external wsgi server in mitaka, I think some of the work for that is scheduled for newton22:51
claytonklindgren: we don't, it seems like a good idea though22:51
xavpaiceklindgren: I think we've informally suggested to clients that they can use it, but afaik noone has22:52
klindgrenxavprince did you do any looking at the warning re: should only be used with trusted hosts?22:53
xavpaiceclayton: is there a list of which services do support an external wsgi?22:54
klindgrenxavpaice, even22:54
xavpaiceI quite like that typo, might use it22:54
claytonnot that I know of, I just remeber this being discussed in austin in one of the sessions22:54
claytonthe issue is that right now neutron server hosts both the wsgi stuff for the api, but also a bunch of stuff that with other services would be more of like a neutron-engine service22:55
claytonand those things have to be split apart22:55
xavpaicecool - I'm keen to move more services to external wsgi, but not all work particularly well so the benefits are lost22:55
xavpaiceklindgren: warning?  Nah, this is NZ, "no worries, mate!"22:55
klindgrenMPORTANT23:00
klindgrenNote that it is only safe to rely on the QEMU guest agent when run by trusted guests. An untrusted guest may maliciously ignore or abuse the guest agent protocol, and although built-in safeguards exist to prevent a denial of service attack on the host, the host requires guest co-operation for operations to run as expected.23:00
xavpaiceooh - got a link for that warning?23:01
xavpaicewould be good to share with the team23:01
klindgrenhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/chap-QEMU_Guest_Agent.html#idp948771223:01
xavpaicethanks23:02
klindgrenhttp://wiki.libvirt.org/page/Qemu_guest_agent23:03
klindgrenHowever, guest agent (GA) is not bullet proof, and hostile guest OS can send spurious replies.23:03
*** saneax_AFK is now known as saneax23:03
* xavpaice hopes those 'built-in safeguards' are enough23:04
*** pcaruana has quit IRC23:05
klindgrenhttp://wiki.qemu.org/Features/QAPI/GuestAgent23:05
klindgrenSecurity Considerations23:05
klindgrenThe following security issues need to be resolved in QMP:23:05
klindgrenThe JSON parser uses a recursive decent parser. Malicious input could potentially cause a stack overflow. Either implement a recursion depth counter, or switch the parser to only use tail recursion.23:05
klindgrenThe JSON parser may not handle premature EOI all that well. I think I've worked out most of these issues but more rigorous testing is needed.23:05
klindgrenunsure if that documentation is actually updated or not - possible that things have been fixed and like all docs - its out of date23:06
stickerthat warning there is what concerns me about allowing our customers to upload their own images.  I haven't investigated it fully but I think they can enable that socket by setting hw_qemu_agent=yes in the metadata for an image.  would be good to be able to globally disable it :/23:07
xavpaicethat page is from 2013, not sure if things have changed since23:10
klindgrensticker, yep thats how you enable it23:10
xavpaicegood posting at https://www.sebastien-han.fr/blog/2015/02/09/openstack-perform-consistent-snapshots-with-qemu-guest-agent/23:11
xavpaicebut without the warnings23:11
*** zul has joined #openstack-operators23:17
klindgreninteresting that it has wanrings about possible security problems, and yet doesn't provide the cloud operator a way from disabling it23:17
klindgrenseems like thats a miss23:17
*** Rodrigo_BR has joined #openstack-operators23:23
stickerif i get a second to spare, i might take a look.  i've been wanting to see if I can contribute and that might be way to start23:24
klindgrensticker have you opened a thread on the dev mailing list about that?23:26
klindgrenas seems like a valid concern?23:26
stickerno, i'm not on the dev mailing list at the moment.  I'll sign up and send something now23:27
klindgrencool - I shall +1 that - because I have similar concerns as people internally are asking how can I get better than crash consistent backups in our public cloud - without having to shutdown the vm.23:29
*** dminer has quit IRC23:33
*** ducttape_ has joined #openstack-operators23:45
stickercool, have sent something, feel free to amend and clarify! :)23:47
*** ducttape_ has quit IRC23:52
« Sunday, 2016-07-17 Index Tuesday, 2016-07-19 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!