*** hoonetorg has quit IRC | 00:09 | |
*** tosky has quit IRC | 00:13 | |
*** hoonetorg has joined #openstack-sahara | 00:22 | |
*** pcaruana has joined #openstack-sahara | 05:09 | |
*** rcernin has quit IRC | 06:57 | |
openstackgerrit | Vieri proposed openstack/python-saharaclient master: add python 3.6 unit test job https://review.openstack.org/620517 | 07:54 |
---|---|---|
*** tosky has joined #openstack-sahara | 08:51 | |
*** chason has quit IRC | 11:31 | |
*** chason has joined #openstack-sahara | 11:36 | |
*** dave-mccowan has joined #openstack-sahara | 11:45 | |
*** tomtom001 has joined #openstack-sahara | 15:37 | |
tomtom001 | Hello, I'm configuring Sahara for Queens and getting an Unauthorized message when HaProxy tries to run the /healthcheck... I've been trying to find some instruction or details of how that should be setup to operate correctly. Does anyone have any website or doc they can point me to so that I can try and figure out why it's unauthorized? | 15:40 |
tosky | uh, I don't remember any specific configuration for that, but I only tried devstack (where I think it's not used), packstack (same) and tripleo (where it's magically configured) | 16:32 |
tosky | any specific configuration on the sahara side, I mean | 16:32 |
tosky | I don't remember about ansible-os_sahara | 16:32 |
tomtom001 | yeah it's supposed to be magically configured on the ansible-os_sahara side too, but it doesn't work which is why I'm asking about any specific health check settings I can look for. | 16:52 |
*** pcaruana has quit IRC | 17:03 | |
Gaasmann | Hello. We're upgrading to Rocky and I encounter an issue with Sahara. I think sahara-api might send bogus requests to keystone. I have those messages on sahara logs: http://paste.openstack.org/show/736327/ | 17:15 |
Gaasmann | I'm not sure if it's a Sahara problem or a kolla-ansible one or a simple configuration issue on my side. Does it ring some bells? | 17:16 |
tellesnobrega | Hi Gaasmann, I've never seen this before | 17:31 |
tomtom001 | How can I test the healthcheck for sahara for myself either through curl or a web browser? I'm using OpenStack Queens and am a little stuck on why I can't make those requests? | 17:55 |
tellesnobrega | hi tomtom001 | 17:57 |
tellesnobrega | I will be right over, on a meeting now | 18:01 |
Gaasmann | http://paste.openstack.org/show/736333/ It seems Sahara do a POST /v3/auth/tokens but the payload contains null for password. Do you know in which part of the configuration the password is? Is it keystone_authtoken? | 18:10 |
tosky | from which version did you upgrade? From Queens | 18:17 |
tosky | ? | 18:17 |
tosky | Gaasmann: also, how did you originally deployed it? | 18:18 |
tosky | and when does sahara print that error? When it starts, or periodically? | 18:19 |
tosky | at some point we moved few options from the [keystone_auth] configuration section to a new [trustee] configuration section, even if the old options should still work | 18:21 |
tellesnobrega | tomtom001, you can test it using cli | 18:22 |
tellesnobrega | https://github.com/openstack/python-saharaclient/blob/0d9d8264b19c6108c8093f3a47803dfc70d6bae6/saharaclient/osc/v1/clusters.py | 18:22 |
tosky | tomtom001: about healthccheck, just to be sure: this is not the internal healthcheck for clusters deployed inside sahara, right? | 18:22 |
Gaasmann | tosky: I am on a fresh install of Rocky | 18:23 |
tosky | if it's an haproxy thing, I really don't know - and probably not even sure | 18:23 |
Gaasmann | using kolla-ansible | 18:23 |
tosky | Gaasmann: deployed how? | 18:23 |
tosky | oh, uh | 18:23 |
tosky | check sahara.conf and see if keystone_auth is filled, or better if there is trustee section | 18:23 |
tomtom001 | tosky: right, this is haproxy doing a service healthcheck on the sahara processes | 18:23 |
tosky | also, when does the error happen? On start or periodically? | 18:23 |
tosky | tomtom001: (sorry) not even sure that it's a sahara-specific thing | 18:24 |
Gaasmann | the error happens on requests, like openstack dataprocessing plugin list | 18:24 |
tosky | I would say that kolla-ansible is not configuring something properly | 18:24 |
Gaasmann | for conf section, I have keystone_authtoken, service_credentials and trustee | 18:25 |
tomtom001 | tosky ok, so how can I run the healthcheck on sahara? | 18:25 |
tosky | tomtom001: I don't know haproxy | 18:26 |
tosky | I don't know what healthcheck means in the haproxy contest | 18:26 |
tosky | context* | 18:26 |
tomtom001 | tosky, ok so sahara can't be reached on http://localhost:8386/healthcheck, or there's no such thing at all? | 18:27 |
tosky | tomtom001: if it's there, it's provided by a some library (oslo.middleware?), not by sahara-specific code | 18:29 |
tosky | Gaasmann: and which keys are there? | 18:29 |
* tosky really need to go, back later | 18:29 | |
tellesnobrega | tomtom001, no such thing from sahara side | 18:30 |
Gaasmann | tosky: http://paste.openstack.org/show/736334/ | 18:32 |
tellesnobrega | Gaasmann, it all looks in place | 18:41 |
openstackgerrit | Nicolas Haller proposed openstack/sahara master: Add DEBIAN_FRONTEND=noninteractive in front of apt-get install commands https://review.openstack.org/620396 | 20:12 |
tosky | Gaasmann: I'm pretty much sure that admin_user, admin_password and admin_tenant_name should not live in keystone_authtoken | 20:17 |
tosky | but it may be unrelated | 20:18 |
Gaasmann | I'll try | 20:18 |
Gaasmann | same result, I'll dig into the code | 20:32 |
tosky | uhm | 20:35 |
*** openstackgerrit has quit IRC | 20:36 | |
tosky | it's something in the kolla-ansible configuration - I didn't see this issue with devstack, packstack and tripleo | 20:36 |
Gaasmann | do you have an example of configuration so I can compare with mine? | 21:00 |
tosky | Gaasmann: this is freshly generated from devstack/master, but it should not be too different: http://paste.openstack.org/show/736339/ | 21:09 |
Gaasmann | great, thanks | 21:11 |
Gaasmann | ok, this is it | 21:16 |
Gaasmann | you were right about the admin_* and then, the password/username/project_name/project_domain_name/user_domain_name were missing | 21:18 |
Gaasmann | I'll check on kolla-ansible now :-) | 21:19 |
tosky | Gaasmann: but the password/username/project_name/project_domain_name/user_domain_name should not be needed if you defined them in [trustee] | 21:23 |
tosky | Gaasmann: see https://docs.openstack.org/releasenotes/sahara/queens.html#deprecation-notes | 21:24 |
Gaasmann | ho, I replicated what I see in the file you paste me | 21:24 |
tosky | uhm | 21:24 |
Gaasmann | I'll try with those variables removed from keystone_authtoken | 21:25 |
tosky | so does it work if you replicate the same structure from the devstack configuration file? | 21:27 |
Gaasmann | yes | 21:31 |
Gaasmann | I can't remove the variables from keystone_authtoken, otherwise, sahara seems to connect to 127.0.0.1:35357 but there is nothing there | 21:34 |
tosky | uhm, I will ask Jeremy again about that | 21:36 |
tosky | anyway, ok, good to hear | 21:37 |
Gaasmann | thanks for the help | 21:37 |
tosky | you may want to tell kolla-ansible people that they need to fix the setup | 21:39 |
tosky | and thanks for testing! | 21:39 |
Gaasmann | sure, I'll push a patch and discuss with them | 21:40 |
*** rcernin has joined #openstack-sahara | 21:50 | |
*** rcernin has quit IRC | 22:03 | |
*** rcernin has joined #openstack-sahara | 22:12 | |
*** openstackgerrit has joined #openstack-sahara | 23:30 | |
openstackgerrit | Tobias Urdin proposed openstack/puppet-sahara master: Remove auth_uri https://review.openstack.org/620747 | 23:30 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!