Thursday, 2014-10-30

« Wednesday, 2014-10-29 Index Friday, 2014-10-31 »
*** saurabhs has quit IRC00:51
*** witlessb has quit IRC01:09
*** russellb has quit IRC01:09
*** russellb has joined #openstack-sahara01:15
*** openstackgerrit has joined #openstack-sahara01:30
*** witlessb has joined #openstack-sahara02:56
*** witlessb has quit IRC03:01
*** openstackgerrit has quit IRC03:10
*** anteaya has quit IRC03:37
*** anteaya has joined #openstack-sahara03:45
*** chandankumar has joined #openstack-sahara03:57
*** chandankumar has quit IRC05:36
*** chandankumar has joined #openstack-sahara05:51
*** k4n0 has joined #openstack-sahara06:37
*** sreshetnyak has quit IRC08:06
*** ylobankov has quit IRC08:07
*** ylobankov has joined #openstack-sahara08:19
*** sreshetnyak has joined #openstack-sahara08:19
*** stannie1 has joined #openstack-sahara08:27
*** IvanBerezovskiy has joined #openstack-sahara09:35
*** NikitaKonovalov has quit IRC09:51
*** SergeyLukjanov has quit IRC09:51
*** aignatov has quit IRC09:51
*** alazarev has quit IRC09:51
*** dmitryme has quit IRC09:51
*** ruhe has quit IRC09:51
*** aignatov has joined #openstack-sahara09:52
*** dmitryme has joined #openstack-sahara09:52
*** alazarev has joined #openstack-sahara09:52
*** NikitaKonovalov has joined #openstack-sahara09:53
*** ruhe has joined #openstack-sahara09:53
*** SergeyLukjanov has joined #openstack-sahara09:53
*** witlessb has joined #openstack-sahara10:20
*** stannie1 has quit IRC10:29
*** tosky has joined #openstack-sahara11:00
*** witlessb has quit IRC11:02
*** tellesnobrega has joined #openstack-sahara11:33
*** witlessb has joined #openstack-sahara11:39
*** witlessb has quit IRC11:54
*** miqui has joined #openstack-sahara12:15
*** _crobertsrh is now known as crobertsrh12:57
*** witlessb has joined #openstack-sahara13:03
*** tmckay1 has quit IRC13:08
*** dboik has joined #openstack-sahara13:24
*** boris-42 has joined #openstack-sahara13:25
*** dboik has quit IRC13:25
*** dboik has joined #openstack-sahara13:26
*** witlessb has quit IRC13:49
*** tnovacik|gone has joined #openstack-sahara13:55
*** tmckay has joined #openstack-sahara13:59
*** coolsvap has quit IRC14:02
*** chandankumar has quit IRC14:05
*** witlessb has joined #openstack-sahara14:06
tmckayzhidong, ping14:11
tmckayzhidong, saw your email on openstack-dev, I thought you might be here14:12
crobertsrhYeah, I noticed the email too14:12
tmckaywe should hit on dockerization -- what it means for Sahara at the summit14:12
elmikoseems like that is going to be an issue for us14:12
tmckayWorthy stuff for kilo, I think14:12
crobertsrhSure, might be a good topic for the meetup14:13
elmikodon't we use hostname for identification of nodes and addressing?14:13
tmckayin fact, I think it might be good to keep EDP work small and focus on stuff like docker14:13
elmikowe definitely should investigate having someone reach out to the kolla group14:14
crobertsrha kolla holla?14:14
tmckayelmiko, yeah.  We'll have to dig in to the sequence.  At some point, we've got an IP.  That should be enough without a hostname.  If there was a way to pre-assign  hostnames, and then read them back from the IP, Sahara could just receive the host names14:14
elmikoi hung out for one of their meetings and they are just about to implement a sahara container14:14
elmikocrobertsrh: yes!14:14
tmckayis kolla "docker for openstack"?14:14
elmikotmckay: kinda yea, it is a spin-off of triple-o to implement a stack in docker containers14:15
crobertsrhSahara -- just *try* to contain us14:15
elmikolol nice14:15
toskycan we have a proper HA mode before fancy-trandy-stuff like docker?14:16
elmikotosky: that's a good point14:17
tmckayman, I need to learn more projects14:19
elmikoi hear summit is a good place for that ;)14:19
tmckayI need to learn how not to sleep14:20
elmikolol14:20
elmikothat's a toughie14:20
tmckayor train my kids to be openstack engineers, and I can manage them14:20
elmikooh man... imagine the power of having your own in-house dev team!14:21
tmckayso far nobody has shown any interest14:22
elmikooh well14:22
elmikodad's job is just not cool enough ;P14:22
tmckaySome asked one of them what I did, the answer was "pushes buttons"14:23
tmckaythey were young at the time14:23
elmikoLOL14:23
elmikothat's priceless14:23
*** k4n0 has quit IRC14:34
*** miqui has quit IRC14:51
*** tmckay has quit IRC15:17
*** dboik has quit IRC15:46
*** tmckay has joined #openstack-sahara16:04
*** ylobankov has quit IRC16:26
*** chandankumar has joined #openstack-sahara16:30
SergeyLukjanovtmckay, could you please take a look at https://review.openstack.org/#/c/115259/6 and approve if it's ok for you16:55
*** crobertsrh has quit IRC16:58
jodahwas looking through the storm blueprint - curious, has deploying zookeeper as a separate cluster (via a separate plugin perhaps) ever come up?17:00
jodah...since zookeeper clusters are often shared across many services, including but not limited to storm17:00
elmikojodah: i don't think so, we've recently implemented the ability for hdp clusters to have multiple zks, but i don't think we've discussed cross-cluster things like this.17:01
elmikoit's a cool idea though17:01
jodahreason i mention is i see zookeeper as being a separate thing from deploying storm. certainly it's a dependency, but it also could be fairly separate17:01
jodahfor example, we have a few storm and kafka clusters that all share the same zookeeper cluster17:02
elmikoyea, it's a good idea. i'm wondering how we would fit it into sahara's model. good idea for discussion, can you make our meeting today?17:03
jodahyep17:03
elmikocool, definitely bring it up17:03
*** IvanBerezovskiy has left #openstack-sahara17:09
tmckaySergeyLukjanov, sure, I was out for car repairs17:12
*** tellesnobrega has quit IRC17:18
tmckayelmiko, my take on https://review.openstack.org/#/c/115259/6 is that there is no additional security risk in putting swift auth info in hive-site.xml, node is still locked down.  I assume from your +1 that you agree.17:23
elmikotmckay: well yea, for now. the way oikawa described it, it sounds similar to things we do with proxy users and workflow.xml.17:24
elmikowhat makes me nervous is that the creds for a proxy will exist for the duration of the cluster, which could pose a vulnerability17:25
tmckayyeah.  And I'm going to need to write swift auth info to spark job dirs, too.17:25
elmikomuch like you, i'm thinking we might be able to leverage barbican to help with the secret management17:25
tmckayelmiko, I think when we talked about this before, we said that we considered the node itself secure and so information written there was okay17:26
elmikotmckay: yea17:26
tmckayif you give out the ssh key to get into the cluster, well ... shame on you17:26
*** stannie has quit IRC17:26
elmikoright, we are no worse off, and slightly better actually, if we use the proxies. i'm still nervous about the storage on nodes, but we're making steps to improve.17:27
tmckayhow could we get around storing on the node?17:28
* tmckay forgets17:28
elmikotmckay: sec, i'm riding too many irc chans lol17:28
tmckayheh, okay17:28
tmckaySergeyLukjanov, done17:28
elmikotmckay: ok, so my thoughts on secrets and nodes and whatnot17:46
elmikotmckay: basically, i want to see if we can leverage barbican to perform something akin to:17:46
elmiko1. sahara generates proxy user creds and stores them in barbican17:46
elmiko2. sahara registers the nodes as consumers of those secrets with barbican17:47
elmiko3. during operation, the nodes will be able to pull their creds from barbican, and keep them in non-text form17:47
elmikothe big downside i see to all this, is the hadoop integration.17:47
tmckaynice.  How does #2 work?17:47
*** chandankumar has quit IRC17:48
elmikowhat i'm hoping is that during #2, sahara would take the public keys from all nodes and register them with barbican to allow those nodes to use their own 2-part keys for encryption.17:48
elmikothus, barbican would have the public keys to allow encrypting back to the nodes17:49
tmckayoh, nice17:49
elmikoi don't have all the details worked out yet, but i think something along these lines should be possible17:49
elmikolike i said though, the biggest difficulty will be integrating with hadoop, spark, etc...17:49
tmckaysounds very cool.17:50
elmikoi'm gonna try and talk it through with the ossg folks at summit, i know they are doing a ton of work with barbican currently17:51
elmikojust saw the email from croberts, that sux =(17:51
SergeyLukjanovmeeting in a few mins17:58
*** sreshetnyak has quit IRC18:00
*** sreshetnyak has joined #openstack-sahara18:00
toskyoh, daylight saving time, I forgot18:02
*** dboik has joined #openstack-sahara18:05
*** crobertsrh has joined #openstack-sahara18:21
*** chandankumar has joined #openstack-sahara18:33
*** chandankumar has quit IRC18:37
jodahcrobertsrh which image were you booting with docker yesterday?19:23
crobertsrhSuccessfully with the default cirros image19:23
crobertsrhunsuccessfully with a custom image I built with our disk image builder tool19:24
jodahthis was just using the docker VIRT_DRIVER on devstack?19:24
crobertsrhYeah19:24
jodahi haven't tried the image builder yet - what was the basis for the image you built?19:25
crobertsrhvanilla plugin version 1 (fedora)19:25
crobertsrhThe image runs fine with docker directly, but has issues when using the nova-docker driver19:26
crobertsrhI found at least one bug in nova-docker.  They gave me a patch for that this morning, but I'm still unsuccessful.19:26
jodahwhat did you have to do when building the image to get it built for docker?19:28
crobertsrhI tweak the diskimage-create.sh script  to use the "-t tar" flag when it calls the base project's build script19:29
crobertsrhIt's not a Dockerfile based build.  It essentially just creates a tarball of our regular image.19:30
*** tosky has quit IRC19:31
tmckaySergeyLukjanov, looks like only you have +2 on https://review.openstack.org/#/c/130596/20:09
tmckaystable/juno, I guess20:09
*** tnovacik|gone has quit IRC20:29
SergeyLukjanovtmckay, yup20:43
SergeyLukjanovtmckay, the stable/* branchs maintained by the stable maintenance team20:44
tmckayah, I didn't know about that20:44
SergeyLukjanovand I'm become member of this team, so, we have at least one +2 from our project20:44
tmckaymakes sense20:44
SergeyLukjanovit's only for integrated projects20:44
jodahcrobertsrh so on diskimage-create.sh, where does the base project's build script get called, where you inserted -t tar ?21:09
crobertsrhlet me find the lines21:09
jodahtnx21:09
crobertsrhThere is a line like:  disk-image-create $fedora_elements_sequence -o $fedora_image_name21:10
crobertsrhstick a -t tar before the -o21:11
crobertsrhOh...also, you can change the "mv" line that follows it21:11
crobertsrhto mv the ".tar" file rather than .qcow221:11
crobertsrhotherwise that line will fail and you'll have to hunt the .tar file down21:11
jodahthanks - giving this a try21:12
jodahwhat was the fix the nova guys suggested?21:13
crobertsrhWell, it was http://paste.openstack.org/show/127046/  but I now get a 500 from past.o.o21:13
crobertsrhpaste.o.o, that is21:13
crobertsrhoh, it worked now21:14
crobertsrhI think nova may have also just made a change to use oslo.concurrency.processutils rather than nova.openstack.common.processutils, so depending on when you pulled your nova bits, you might need to change that import in a couple of places in nova-docker21:15
jodahi just created a new devstack21:16
crobertsrhOk.  If your nova-cpu process doesn't want to start, you probably need the processutils change....at least, I did21:17
crobertsrhI'm still unable to have my stack launch the sahara container though.21:17
crobertsrhThe guys in #nova-docker were helpful though, so hopefully they can help a bit more :)21:17
*** sreshetnyak has quit IRC21:22
*** crobertsrh is now known as _crobertsrh21:43
*** coolsvap has joined #openstack-sahara22:34
*** witlessb has quit IRC23:08
*** boris-42 has quit IRC23:45
*** boris-42 has joined #openstack-sahara23:51
« Wednesday, 2014-10-29 Index Friday, 2014-10-31 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!