Wednesday, 2014-10-29

« Tuesday, 2014-10-28 Index Thursday, 2014-10-30 »
*** witlessb has quit IRC00:07
openstackgerritAndrew Lazarev proposed a change to openstack/sahara: Auth policy support implementation  https://review.openstack.org/13160900:22
*** svetmy has quit IRC00:37
*** Longgeek has joined #openstack-sahara00:47
*** Longgeek has quit IRC00:48
*** Longgeek has joined #openstack-sahara00:48
*** Networkn3rd has quit IRC01:19
*** Longgeek has quit IRC01:19
*** tellesnobrega_ has joined #openstack-sahara02:36
*** tellesnobrega_ has quit IRC02:49
*** tellesnobrega_ has joined #openstack-sahara02:51
*** witlessb has joined #openstack-sahara02:56
*** chandankumar has joined #openstack-sahara02:57
*** chandankumar has quit IRC02:58
*** witlessb has quit IRC03:01
*** drss_ is now known as drss03:46
*** tellesnobrega_ has quit IRC03:51
*** tellesnobrega_ has joined #openstack-sahara03:52
*** chandankumar has joined #openstack-sahara04:05
*** tellesnobrega_ has quit IRC04:22
*** chandankumar has quit IRC04:32
*** chandankumar has joined #openstack-sahara05:44
*** tnovacik has joined #openstack-sahara06:15
*** k4n0 has joined #openstack-sahara08:28
*** IvanBerezovskiy has joined #openstack-sahara08:35
*** stannie1 has joined #openstack-sahara08:44
*** witlessb has joined #openstack-sahara09:03
openstackgerritAndrey Pavlov proposed a change to openstack/python-saharaclient: Saharaclient tests for tempest  https://review.openstack.org/13076709:35
*** Timotey has joined #openstack-sahara09:55
*** ylobankov has joined #openstack-sahara10:02
*** boris-42 has quit IRC11:11
*** tosky has joined #openstack-sahara11:24
*** tellesnobrega_ has joined #openstack-sahara11:25
*** tellesnobrega_ has quit IRC12:03
*** tmckay is now known as tmckay_brb12:17
*** Krast has joined #openstack-sahara12:48
*** tmckay_brb is now known as tmckay12:54
*** tosky has quit IRC12:57
*** _crobertsrh is now known as crobertsrh13:05
*** tellesnobrega_ has joined #openstack-sahara13:18
*** miqui has joined #openstack-sahara13:32
tmckaycrobertsrh, elmiko, if you have EDP ideas from your experience submitting jobs, please add comments to https://etherpad.openstack.org/p/kilo-summit-sahara-edp.  I'll take a look at your pads, too.13:35
crobertsrhwill do13:36
tmckaycrobertsrh, it can touch on UI stuff too, or you can add a link to the UI pad if you have EDP specific stuff there13:36
elmikotmckay: i'll take a look13:36
crobertsrhok13:37
tmckaythanks, I'm still pondering things to add.  I should spend some time submitting jobs and see if anything grabs my attention13:37
*** Krast has quit IRC13:43
*** Networkn3rd has joined #openstack-sahara13:48
*** Networkn3rd has quit IRC13:48
*** tnovacik is now known as tnovacik|gone14:43
*** tnovacik|gone has quit IRC14:48
*** tellesnobrega_ has quit IRC15:10
*** tellesnobrega has quit IRC15:13
tmckaycrobertsrh, the UX pad looks good.  Plenty of stuff there for Kilo, I think15:21
crobertsrhYeah, plenty just with what is on the pad....who knows what others will have to bring up.15:21
crobertsrhOr, if I get grouchy on the flight, I'll find more things to be annoyed at and add more15:22
elmikotmckay, crobertsrh, would you guys mind looking over https://etherpad.openstack.org/p/kilo-summit-sahara-integration-security ?15:24
elmikoi'm not sure what else to add15:24
crobertsrhsure15:24
elmikothanks15:25
tmckaysame here.  My list for EDP is not super big, but as we saw in Juno a few large tasks can take up the whole cycle.15:26
elmikoyea totally15:26
tmckayelmiko, I can imagine that if we have security initiatives, that dovetails into EDP, too15:27
elmikotmckay: agreed, there is some overlap with the security topics to other areas as well15:27
crobertsrhIt might be good to have a shorter list anyways...the sessions are only 40 min15:29
crobertsrhI think I recall the UX session for Juno feeling rushed15:30
elmikoespecially if SergeyLukjanov and i are splitting the session. maybe i should just prioritize what i have and then we'll see how far we get?15:30
crobertsrhYeah, definitely prioritize the list15:32
crobertsrhI suspect my pad will get a workover in the next few days15:32
elmikowhen i first read the UX pad, i was impressed with your thoroughness15:33
crobertsrhUX is a "target rich environment for improvement"15:33
elmikotrue15:33
crobertsrhSome of the items might not require much discussion15:34
crobertsrhLike some of the work items are, "fix this"...ok, next15:34
elmikoright15:34
crobertsrhI think 10% of the items will take 90% of the time15:34
crobertsrhand the other 50% of the time will be a slugfest of brutality15:35
elmikoprobably true, just gotta make sure to not hit that 10% up front lol15:35
crobertsrhGood thing we'll have time at the Friday meetup :)15:35
elmikoyea15:36
tmckayelmiko, security looks pretty good.  I think the key items are documentation, and responding to the OSSG audit.  The audit is likely to overlap and prioritize some of the other bullet points15:51
elmikotmckay: thanks!15:52
tmckayelmiko, based on audits I've been through, they may return with a large list of previously uknown issues :)15:54
elmikotmckay: i'm counting on it =)15:54
*** k4n0 has quit IRC16:03
*** chandankumar has quit IRC16:03
*** IvanBerezovskiy has left #openstack-sahara16:19
tmckayelmiko, do you know much about Barbican?16:29
*** zhiyan has quit IRC16:36
*** tosky has joined #openstack-sahara16:37
*** saurabhs has joined #openstack-sahara16:41
*** dboik has joined #openstack-sahara16:46
*** dboik has quit IRC16:51
*** Timotey has quit IRC16:54
*** dboik has joined #openstack-sahara17:06
*** dboik has quit IRC17:11
*** dboik has joined #openstack-sahara17:12
*** tmckay is now known as tmckay_brb17:40
elmikotmckay_brb: i know some, i've read their docs and looked through the api to see if we could use it for storing secrets to the proxy users17:43
*** tellesnobrega has joined #openstack-sahara17:50
*** tellesnobrega has quit IRC17:55
*** miqui has quit IRC17:56
*** dboik has quit IRC17:59
*** dboik has joined #openstack-sahara18:00
*** zhiyan has joined #openstack-sahara18:00
jodahcurious, has anyone using nested VMs managed to setup their hadoop nodes to be accessible from the host OS?18:00
jodah...via neutron, or some other means?18:00
*** dboik has quit IRC18:01
*** dboik has joined #openstack-sahara18:03
*** dboik has joined #openstack-sahara18:04
*** dboik_ has joined #openstack-sahara18:06
*** dboik has quit IRC18:06
elmikojodah: could you describe your setup a little more, i'm confused about the nested VMs part.18:07
elmikofor example, when i run devstack, my hadoop nodes are able to communicate with the host18:09
elmikoi'm using neutron, but it's not required, you could use nova-networking if preferred18:09
tmckay_brbI'm using nova, although I have used neutron. Also confused about "nested"18:11
*** tmckay_brb is now known as tmckay18:11
tmckayelmiko, yeah, I saw a Barbican blurb on the schedule, I think I signed up for it18:11
jodahelmiko i'm running devstack on an ubuntu VM with neutron enabled. by nested, i meant when i boot a hadoop cluster those VMs are running within my ubuntu VM :)18:11
elmikotmckay: barbican is interesting, i just wasn't sure if it was at the point we could use. i want to see more about nodes using keys to aquire barbican access.18:12
jodahi boot them on my internal neutron network and assign a floating IP. both are accessible from within my ubuntu VM but not from my host OS18:12
elmikojodah: i think that should work18:12
elmikoahh18:12
elmikojodah: that's a tricky issue18:12
jodahelmiko: i assumed nested VMs is how you guys are testing things too? would be nice to access the nested VMs from anywhere though18:12
elmikojodah: if you want to have access from the host -> devstack vm -> node vm, you will need to ensure that the route from the host are directed at the devstack vm for the nested floating ip pool18:13
tmckayusing devstack, I just launch VMs directly on my host.18:13
jodahtmckay ah you're not running devstack in a vm?18:14
elmikojodah: also, you will need to dig into the iptables configurations on the devstack vm, as by default it won't let the "nested" vms out past the devstack vm. i've used post route filtering on the nat table to masquerade the traffic, i think that is a commonly accepted workaround18:14
tmckayno.  It might be better if I did :)  I occasionally have issues with package updates, but it's usually not too bad.18:15
elmikojodah: fwiw i don't run devstack in a vm either18:15
jodahelmiko thanks for the pointers. right now i'm using bridged networking, but can look into that18:15
tmckayand, I was worried about performance of VMs in a VM on my little Lenovo18:15
jodahwhat OS do you guys run?18:15
elmikofedora18:15
tmckayme too18:15
elmikojodah: the main issue to look at is the routing from the host os to the floating ip pools through the devstack vm, and then also check the iptables routes for that pool coming out of the devstack vm18:16
jodahah, the nested VMs do OK on my macbook via vmware fusion. it has some particular support for running nested VMs.18:16
*** tosky has quit IRC18:16
jodahbut i'm interested to try running the hadoop nodes with the nova docker hypervisor. has anyone tried that?18:17
elmikocrobertsrh had been looking at it, i've been meaning to try it....18:17
jodahelmiko i don't really know where to start with that but i'll look into it. thanks for the pointer18:17
elmikoi was just gonna say, nested vms would be way better with the docker back end18:17
crobertsrhYeah, I've been meaning to get back to it.18:18
*** tosky has joined #openstack-sahara18:18
elmikojodah: yea, it can get very tricky with the routing18:18
jodahwould be nice to boot some sizable hadoop clusters, but without docker i'm limited with what i can do with VMs on one machine18:18
crobertsrhI set it up to run with nova-docker, but didn't quite get to the sahara parts.  Regular VMs were snappy though.18:18
elmikoyea18:18
jodahi plan to give it a try soon. if i get it working i'll share my notes18:18
jodah...get it working with sahara that is18:19
elmikoawesome18:19
elmikojodah: also checkout the kolla project, i know they are about to start adding sahara support18:19
crobertsrhGreat.  If I come up with anything, I'll be sure to share it here as well.18:19
jodahelmiko very interesting...18:19
elmikojodah: this may help a little with the networking stuff. https://ask.openstack.org/en/question/44266/connect-vm-in-devstack-to-external-network/18:20
jodahgreat pointer!18:20
*** dboik_ has quit IRC18:58
*** dboik has joined #openstack-sahara18:58
*** dboik has quit IRC19:03
*** dboik has joined #openstack-sahara19:04
*** tosky has quit IRC19:14
*** dboik has quit IRC19:32
*** dboik has joined #openstack-sahara19:36
*** dboik has quit IRC19:37
*** dboik has joined #openstack-sahara19:39
elmikotmckay, crobertsrh, i restructured the session topics a little. would you guys mind checking it again? https://etherpad.openstack.org/p/kilo-summit-sahara-integration-security19:39
elmikoi tried to focus more on topics to discuss and the time frame we'll have19:40
tmckaysure, no problem19:40
elmikotmckay: i added a note for Spark-Swift integration, thinking of you =)19:40
tmckayI may want to do the same19:40
tmckaythanks19:40
crobertsrhThat seems good.  It's hard to tell how long any given item will take.19:41
*** dboik has quit IRC19:41
elmikoyea... it will be doubly tough if manage to gather some experts on one or more of the topics19:42
*** dboik has joined #openstack-sahara19:42
tmckayelmiko, did you see the OSSG session on the schedule?19:51
tmckayand there is a threat analysis one, too19:51
elmikotmckay: yea, i plan on attending19:51
tmckayI checked them off19:52
elmikotmckay: i also warned the OSSG group in their last irc meeting lol19:52
tmckaydesign session looks good, more interesting than EDP :)19:52
elmikolol19:52
elmikoi'd like to hit up one of the barbican sessions too19:52
tmckayyeah, I think I marked one of those19:54
*** tmckay has quit IRC19:58
*** tmckay1 has joined #openstack-sahara19:58
openstackgerritA change was merged to openstack/sahara: Added ability to launch jobs on fake plugin  https://review.openstack.org/13080420:03
openstackgerritA change was merged to openstack/sahara: Fix Cloudera plugin with CDH packages < 5.2.0  https://review.openstack.org/13142120:09
crobertsrhI've switched back over to use the nova-docker driver.  Docker can load/run my image (tarred version from DIB), but OS can't seem to launch it, I get "Error: No valid host was found.  There are not enough hosts available."  Currently in head-scratching mode.20:36
crobertsrhOS *can* launch the cirros docker image just fine though20:36
elmikoweird...20:36
elmikowonder if something is just missing from the image you want to use?20:37
crobertsrhPossibly, but if I run it from docker directly, it's all happy and stuff20:37
elmikohuh20:37
crobertsrhI wonder if there is some sort of resource thing going on....it seems to be failing in the nova scheduler20:38
elmikowhat kind of resource thing though, i have a hard time believing your system is starved20:38
crobertsrhpasting log....20:39
crobertsrhhttp://paste.openstack.org/show/126703/20:41
elmikocould there be something with the hostname in the container?20:42
jodahcrobertsrh i've seen that nova error when memory/disk space is constrained20:42
elmiko(i don't know how, just throwing stuff out)20:42
jodahcrobertsrh if you look in the nova logs, somewhere you'll see the actual reason logged... can't remember which nova process it's in, but in the past when i've seen that the underlying error, which is actually logged, is limited RAM20:43
jodahnot sure if that would be the case with docker20:43
crobertsrhRight...I think it should be in nova-scheduler's log (where my paste was from), but I don't see it there20:43
crobertsrhI am trolling other logs right now though20:44
crobertsrhHmm...I also see this....20:46
crobertsrh2014-10-29 16:45:20.959 DEBUG nova.compute.utils [-] [instance: e5b89d57-9d1f-4bf8-856a-a0e0334e9cac] create_container() got an unexpected keyword argument 'Cmd' from (pid=19222) notify_about_instance_usage /opt/stack/nova/nova/compute/utils.py:31020:46
elmikothat seems pretty debugable20:47
crobertsrhHmm...http://ur1.ca/ilptk20:48
crobertsrhbecause paste.openstack.org fails 9 out of 10 times for me :)20:48
elmikoyea, i've had that issue as well20:48
elmikoso, is it complaining that create_container was called with a Cmd arg?20:49
elmikoit's weird that your image wouldn't work but the built-in does if there is an error in the code20:50
elmikoi would think this means it some sort of config issue20:50
crobertsrhRight20:50
elmikodoes the nova-docker driver do anything with dockerfiles? there is a CMD command in there...20:51
crobertsrhI was about to take a look there20:51
elmikomaybe just need to capitalize in that file, sorry but i don't know much about how it generates those containers20:52
*** stannie1 has quit IRC20:52
crobertsrhYeah, it's a bit of a black box....I was happy to have it work at all really :)20:52
elmikoi hear ya =)20:52
SergeyLukjanovI'm restarting review.o.o20:56
elmikowow, didn't realize you had the keys to the corvette ;)20:59
crobertsrhah, there is something about a glance command-line and args['Cmd'] in the spawn method of the nova-docker driver21:00
crobertsrhmaybe I need to adjust how I upload my image to glance21:00
elmikointeresting21:00
elmikoyea21:00
SergeyLukjanovelmiko, yeah, I'm infra team member21:00
elmikoneat21:02
elmikoSergeyLukjanov: i updated our pad for the integration/security session. i think i'm done adjusting my part21:02
*** crobertsrh is now known as _crobertsrh21:08
SergeyLukjanovelmiko, great21:17
openstackgerritSergey Reshetnyak proposed a change to openstack/sahara: Refactoring integration tests for Vanilla 1 plugin  https://review.openstack.org/13115521:37
*** openstackgerrit has quit IRC21:50
jodahhas anyone used heat to deploy sahara?22:04
elmikojodah: i think some of the mirantis folks might have experience with that. i haven't.22:06
elmikoi'm out for a few, take care all22:10
*** dboik has quit IRC22:52
« Tuesday, 2014-10-28 Index Thursday, 2014-10-30 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!