Monday, 2016-03-21

« Sunday, 2016-03-20 Index Tuesday, 2016-03-22 »
*** yingjun has joined #openstack-searchlight01:05
*** bpokorny has joined #openstack-searchlight02:03
*** bpokorny has quit IRC04:41
*** GB21 has joined #openstack-searchlight05:51
*** pcaruana has quit IRC06:02
*** openstackgerrit has quit IRC06:17
*** openstackgerrit_ is now known as openstackgerrit06:17
*** openstackgerrit_ has joined #openstack-searchlight06:18
*** openstackgerrit_ is now known as openstackgerrit06:19
*** openstackgerrit_ has joined #openstack-searchlight06:19
*** itisha has quit IRC06:49
*** GB21 has quit IRC07:45
openstackgerritLi Yingjun proposed openstack/searchlight: Catch endpoint not found exception  https://review.openstack.org/29510808:06
*** GB21 has joined #openstack-searchlight08:25
openstackgerritLi Yingjun proposed openstack/searchlight: Add cleanup in functional tests  https://review.openstack.org/29515609:22
*** yingjun has quit IRC09:36
*** GB21 has quit IRC10:12
*** GB21 has joined #openstack-searchlight11:19
*** GB21 has quit IRC12:31
*** akanksha_ has joined #openstack-searchlight12:40
*** sigmavirus24_awa is now known as sigmavirus2413:51
sigmavirus24TravT_: apparently our WebOb change broke a lot of python clients14:00
*** pcaruana has joined #openstack-searchlight14:05
sjmc7sigmavirus24: clients that were relying on the dodgy behavior?14:41
sjmc7the timing of the 1.6.0 release was about as bad as it could have been :(14:44
*** TravT_ is now known as TravT14:44
TravToh boy14:44
sjmc7i thought though the change only took effect if Accept: was given as a header14:44
TravTsigmavirus24: so, what are the plans for it?14:44
sigmavirus24Fix those clients/services14:45
openstackgerritSteve McLellan proposed openstack/searchlight: Add network update, missing ports fields  https://review.openstack.org/29473314:48
TravTsjmc7. Based on comments on the subnets patch, it looks like we should land ^ first14:49
TravT?14:49
sjmc7:(  mmm… maybe14:49
TravTok, well, i'll look at that one now14:49
sjmc7i’ll see if i can untangle them14:49
sjmc7maybe i can pull out the network event one into a separate patch14:50
TravTwell, however you want to handle it.14:51
sjmc7i want to forget about everything and go back to sleep :)14:51
TravTthat sounds like a reasonable plan14:52
TravTi'll brb14:52
sjmc7i can probably extract the network event one. i don’t want to switch the dependency order, i’ll screw something up14:52
TravTwell, i can just review it as a single patch right now.14:52
sjmc7i think adding the event will be reasonably easy, one sec14:53
TravTok14:53
sjmc7the subnets one can be reviewed though14:53
sjmc7it won’t change anything there14:53
TravTwell, i'll be back in a few minutes anyway.14:53
sjmc7ok14:53
sjmc7gonna submit the network update as a separate patch, it was lazy bundling it with that one and it’s a small change14:59
openstackgerritSteve McLellan proposed openstack/searchlight: Add network.update.end event  https://review.openstack.org/29534315:10
sjmc7i’ll rebase the subnet patch on ^15:11
openstackgerritSteve McLellan proposed openstack/searchlight: Add neutron subnets and routers  https://review.openstack.org/29377115:21
sjmc7when you’ve got a sec, TravT , have you had problems searching status fields in the UI? we store them as not_analyzed so that where they’re things like IN_PROGRESS you can have exact matches15:27
sjmc7but because they tend to be upper case, it might make searching awkward15:28
TravTumm... i don't know. I have been using the facets in the UI15:28
sjmc7ok15:28
TravTi'll poke on it in a bit... just going through the update patch right now15:29
TravTthis one only adds the event.15:29
sjmc7yep15:30
sjmc7short and sweet15:30
TravTbut there is more data that in the events.json, which i think will come in the other patches.15:30
TravTnetworks.json. sorry15:30
sjmc7i only added the network.update.end event in that patch15:30
sjmc7i think?15:30
sjmc7and changed the delete one so the ids matched up15:31
TravTi just mean i see more data in the payload than in the networks.json in that patch15:32
TravThttp://pasteboard.co/2qXeCGc8.png15:32
TravThttps://review.openstack.org/#/c/295343/1/searchlight/tests/functional/data/events/networks.json15:32
sjmc7i think the test data i had was from the pre-dates-added neutron15:33
TravTright, note that tags are also there15:34
TravTbut we have a separate bug on that15:34
sjmc7yeah, that’s interesting. maybe we can map those now15:34
TravTso, i'm okay with adding the update event15:34
TravTand then updating all the mappings / fields in that other patch you have going.15:34
sjmc7yeah15:35
*** bpokorny has joined #openstack-searchlight15:49
*** lakshmiS has joined #openstack-searchlight15:50
*** itisha has joined #openstack-searchlight16:12
*** pcaruana has quit IRC16:25
*** TravT has quit IRC16:32
*** TravT has joined #openstack-searchlight16:33
sjmc7lakshmiS: the date fields will be in a later patch16:37
sjmc7the network update one is just to add that event16:37
lakshmiSah ok16:40
sjmc7the field patch was starting to get a bit monstrous16:41
lakshmiSok i will approve it with link to that patch as follow up bug16:44
lakshmiSTravT: neutron patch is good to go.16:47
TravTwhich one?16:47
TravTi'm looking at a couple now16:48
lakshmiShttps://review.openstack.org/#/c/29377116:48
TravTi also am looking at port visibility16:48
lakshmiSok16:48
TravTsjmc7 lakshmiS sorry to come back to this16:48
TravTbut why are ports not also visible if shared?16:49
TravTis that due to the policy thing?16:49
TravTbecause policy will restrict a shared network further?16:49
sjmc7no, think it’s just general security16:49
sjmc7it’d give you information about servers that you shouldn’t have16:49
lakshmiSi think the best answer i got is that ports should only visible to owner/tenant so that ip's are not showed to non tenant users16:50
openstackgerritMerged openstack/searchlight: Add network.update.end event  https://review.openstack.org/29534316:50
TravTi'm just looking at search results in horizon and it is inconsistent with what you'll get if you look at networks tab vs search results for ports16:50
lakshmiScan you paste it16:51
sjmc7ok. if you both can figure out what’s different that’d be helpful. i need to focus on adding these fields for another 30 minutes or so16:51
sjmc7DHCP ports won’t be visible yet16:52
TravTit is the parent rbac query on shared16:52
TravThttps://github.com/openstack/searchlight/blob/master/searchlight/elasticsearch/plugins/neutron/ports.py#L7816:53
lakshmiSTravT: hangout would be good to discuss17:03
TravTyeah, just a sec... looking through it17:03
TravTit is also related to admin or not17:03
TravTok, i think i've figured it out.17:05
TravTas Admin, when logged into project dashboard i can see shared networks and their ports17:06
TravThttp://pasteboard.co/2r304inG.png17:06
lakshmiSyes17:06
TravTas demo user, i can see admin network in list, but i can't see anything (subnets / ports) when it isn't shared http://pasteboard.co/2r3eY2c2.png17:07
lakshmiSwhich is correct17:07
lakshmiSoh wait17:07
TravTas demo user when it is shared, i can see subnets but not ports http://pasteboard.co/2r3lvfkK.png17:07
lakshmiSyou are seeing a network as demo which is not shared by admin?17:07
TravTit seems that way17:08
lakshmiSis it external true?17:08
lakshmiSdemo user can see a network if it was created in the same tenant or shared/external network from other tenant17:09
TravTlet me see.17:10
TravTthat might be the magic17:12
TravThttp://pasteboard.co/2r3PFLe3.png17:12
TravTok, when i make the external-test network non-external / non-shared then it doesn't show up from the project dashboard  even when logged in as admin.17:14
TravThttp://pasteboard.co/2r3WVgQO.png17:14
sjmc7how about from the admin dash?17:15
sjmc7the project dashboards still restrict by project17:16
sjmc7regardless of access level - if the network’s not in the project you’re in you won’t see it17:16
lakshmiSthats correct17:17
TravTno17:18
TravTthat's not what i'm seeing17:18
lakshmiScan you write your usecase. i will try it out17:19
TravTi thought i put that above17:19
TravTAs demo user...17:19
TravTas demo user, i can see networks in the list if it is external.17:20
lakshmiSjust to make sure since i can see the nonshared/nonexternal network from the admin/admin user17:20
TravTbut i can't see subnets or ports17:20
TravTunless the network is shared.  then i can see subnets, but not ports.17:21
lakshmiSgood so far17:21
TravTif i am an admin, i can see ports17:21
TravTeven when logged into project dashboard17:21
TravTfor a different project than the network is owned by17:21
TravTbut let me try it all out again as well.17:22
openstackgerritMerged openstack/searchlight: Add neutron subnets and routers  https://review.openstack.org/29377117:22
TravTok, here are two screenshots.17:25
TravTAdmin logged into demo project viewing admin owned and shared network (can see ports): http://pasteboard.co/2r4yj1Nc.png17:25
TravTDemo user logged into demo project viewing same admin owned and shared network (cannot see ports, but can see subnets): http://pasteboard.co/2r4BoP8e.png17:25
lakshmiSand do you see a difference in how SL rbac allows it?17:29
TravThttps://github.com/openstack/searchlight/blob/master/searchlight/elasticsearch/plugins/neutron/ports.py#L7817:29
TravTyes17:29
TravTadd the searchlight panel to your horizon and you'll see that you only see project ports regardless of user logged in.17:30
TravTit seems that if admin user and parent network is shared then an OR could be added to that filter query17:31
TravTbetter put...17:31
sjmc7you’re passing all_projects?17:31
TravTno.17:31
TravTthis is not searchlight results.17:32
TravTplease see the screenshots17:32
sjmc7ok, sorry, i’ll butt out. file a bug once you’ve narrowed it down17:32
TravTi think i have narrowed it down.17:32
TravTit is kind of odd17:33
TravTlet me see if horizon is passing all projects on the networks page17:33
TravTif admin17:33
lakshmiSwrapping my head around it17:33
TravTlakshmiS: yep it is including external networks: https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/networks/views.py#L50-L5217:37
TravTWhich calls this: https://github.com/openstack/horizon/blob/master/openstack_dashboard/api/neutron.py#L616-L64117:38
TravTwhich calls this: https://github.com/openstack/horizon/blob/master/openstack_dashboard/api/neutron.py#L60317:39
TravTbut we need to run direct API calls to neutron to see what we get.17:40
openstackgerritSteve McLellan proposed openstack/searchlight: Add missing neutron fields  https://review.openstack.org/29473317:48
sjmc7ok, i’m done concentrating on that one. will take a look at the screenshots but i need to get something to eat17:48
TravTyeah, i'm going to grab some food here in just a minute too17:49
sjmc7i’ve decided i can no longer keep more than one train of thought in my head at once :)17:49
sjmc7back in twenty minutes or so17:50
sjmc7the patch i just put up adds the date fields and description etc. tags will need to be a separate patch, it’s still a bit fiddly17:50
*** TravT has quit IRC17:57
*** bpokorny has quit IRC18:00
*** preetika has joined #openstack-searchlight18:22
*** bpokorny has joined #openstack-searchlight18:22
lakshmiSTravT: that was a really good catch. like you said, port rbac filter needs a "or" check for all shared networks, specifically "admin" user only. Again this is an issue in SL only when "all_projects" is false18:28
lakshmiSall_projects being true for all our testing scenario hid the bug. need to check for that combination going forward.18:31
lakshmiSbrb after lunch18:31
lakshmiSforgot to mention. direct call to neutron cli returns the port for demoadmin user in a demo tenant for a nonshared/nonexternal network from "admin" tenant. so we need that filter18:44
sjmc7someone’ll have to explain it to me in words a three year old would understand :)18:55
*** TravT has joined #openstack-searchlight19:20
lakshmiSok i am back19:33
lakshmiSsjmc7: this is my understanding. let TravT correct it if it's different. Currently whey you set "all_projects": false in SL query, you don't see the port for a nonshared/nonexternal network if you query it with an admin id of a different tenant19:35
lakshmiSon horizon/neutron cli you can see the port for the same access19:35
lakshmiSfor the above test i created a nonshard/nonexternal network in "admin" tenant with "admin" user19:37
lakshmiSwith subnet19:37
lakshmiSfor testing i created a demoadmin user in demo tenant with admin role19:37
lakshmiSon horizon/cli when you login as demoadmin in demo project you can see the port for that nonshared network. same is not true in SL19:38
lakshmiShope i was able to explain myself ;)19:39
*** TravT has quit IRC19:39
*** TravT has joined #openstack-searchlight19:39
TravTlakshmiS i think that sounds like what i was seeing.19:40
sjmc7ok. and the horizon behavior seems correct?19:41
lakshmiSyes since its same as neutron cli19:41
TravTi think so. i don't see any magic in horizon queries that would cause that to happen. i was just going to setup some direct neutron queries19:41
TravTthe only magic is the external network...19:42
sjmc7ok, can we do a hangout? i’m still confused19:42
TravTyes. let me reboot though.19:42
TravTmy mac has developed a nasty habit of not recognizing any of my usb devices with no apparent cause.19:43
TravTso i lose external, mouse, keyboard, and headset.19:43
*** TravT has quit IRC19:44
*** TravT has joined #openstack-searchlight19:45
lakshmiSif a filter makes it easy to explain, here it is  - http://paste.openstack.org/show/491348/19:48
sjmc7ok. and that only applies to admins?19:48
TravTlakshmiS: yes, i think that is what i was trying to say above.19:48
*** pcaruana has joined #openstack-searchlight20:21
openstackgerritSteve McLellan proposed openstack/searchlight: Allow multiple plugins to handle an event  https://review.openstack.org/29550320:32
*** akanksha_ has quit IRC20:47
openstackgerritLakshmi N Sampath proposed openstack/searchlight: Fix for showing port to admin users in non-tenant  https://review.openstack.org/29552321:17
sjmc7lakshmiS, TravT - i don’t think we can index the DHCP port :(  the only notifications we get are based on the subnet, and the port seems to be updated after that notification is received in many cases21:33
sjmc7i’ve filed a bug with neutron21:33
TravTok21:33
TravTdid you get a chance to file a bug on the missing tags?21:33
lakshmiSok21:33
sjmc7with neutron? no, will do though21:34
sjmc7i think the chance of getting either dealt with are approximately zero for mitaka21:34
TravTprobably21:34
sjmc7i think i’d have to put a sleep(2) or something in to deal with creation, and do something even worse for deletion and i’m not sure it’s worth it21:35
*** lakshmiS has quit IRC21:36
openstackgerritRick Aulino proposed openstack/searchlight: Re-indexing optimization for doc_type  https://review.openstack.org/29553821:49
openstackgerritSteve McLellan proposed openstack/searchlight: Allow multiple plugins to handle an event  https://review.openstack.org/29550322:03
*** pcaruana has quit IRC22:06
*** sigmavirus24 is now known as sigmavirus24_awa22:13
*** bpokorny has quit IRC22:25
*** bpokorny has joined #openstack-searchlight22:31
openstackgerritTravis Tripp proposed openstack/searchlight: Simple Script for Generating Resources  https://review.openstack.org/23069722:34
*** lakshmiS has joined #openstack-searchlight22:36
*** bpokorny has quit IRC22:37
*** preetika has quit IRC22:37
lakshmiSsjmc7: saw your comment on the bug in launchpad. Either i don't understand it or not able to recreate the problem22:54
lakshmiSfor clarity to myself i tried same on my vm : http://paste.openstack.org/show/491371/22:55
lakshmiSa non-tenant non-admin user is able to see subnet from a shared network22:55
lakshmiSwhat am i doing differently?22:56
sjmc7i think i was wrong22:57
sjmc7external versus shared?22:57
sjmc7i’m going mad22:57
lakshmiSexternal is tricky22:58
sjmc7yeah, i think it was my mistake22:59
lakshmiSnp. anyway i will try to add as much as info possible in the port and subnet plugin in the same patch23:00
sjmc7yeah, maybe add a comment. i just tested it and the functionality looks good. maybe a functional test as well if you have a chance23:02
*** openstackgerrit has quit IRC23:03
*** openstackgerrit_ is now known as openstackgerrit23:03
*** openstackgerrit has quit IRC23:03
*** openstackgerrit_ has joined #openstack-searchlight23:04
*** openstackgerrit_ is now known as openstackgerrit23:04
*** openstackgerrit_ has joined #openstack-searchlight23:09
openstackgerritMerged openstack/searchlight: Allow multiple plugins to handle an event  https://review.openstack.org/29550323:16
*** bpokorny has joined #openstack-searchlight23:41
openstackgerritTravis Tripp proposed openstack/searchlight: Simple Script for Generating Resources  https://review.openstack.org/23069723:55
« Sunday, 2016-03-20 Index Tuesday, 2016-03-22 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!