gholt | Ah, nice! :) | 00:00 |
---|---|---|
creiht | ctennis: woot! | 00:03 |
*** mtaylor has joined #openstack | 00:14 | |
*** ChanServ sets mode: +v mtaylor | 00:14 | |
*** silassewell has joined #openstack | 00:16 | |
*** mbostwick_ has quit IRC | 00:22 | |
*** mtaylor has quit IRC | 00:23 | |
*** binaryWarrior has joined #openstack | 00:26 | |
*** binaryWarrior has quit IRC | 00:30 | |
*** metoikos has quit IRC | 01:00 | |
*** jdmaturen has quit IRC | 01:26 | |
*** alekibango has quit IRC | 01:30 | |
*** alekibango has joined #openstack | 01:31 | |
*** maplebed has quit IRC | 01:33 | |
*** alekibango has quit IRC | 01:35 | |
notmyname | ctennis: are you the cyberduck developer? | 01:49 |
*** jdmaturen has joined #openstack | 01:51 | |
*** syah has quit IRC | 01:56 | |
*** syah has joined #openstack | 02:06 | |
*** metoikos has joined #openstack | 02:09 | |
*** silassewell has quit IRC | 02:10 | |
*** zul has quit IRC | 02:14 | |
*** zul has joined #openstack | 02:28 | |
*** miclorb has joined #openstack | 02:33 | |
*** sophiap has quit IRC | 02:34 | |
*** mtaylor has joined #openstack | 02:35 | |
*** ChanServ sets mode: +v mtaylor | 02:35 | |
*** sophiap has joined #openstack | 02:40 | |
*** sophiap_ has joined #openstack | 02:44 | |
*** sophiap has quit IRC | 02:44 | |
*** sophiap_ is now known as sophiap | 02:44 | |
*** rajijoom has joined #openstack | 02:57 | |
*** nettok has joined #openstack | 03:07 | |
*** sirp1 has quit IRC | 03:20 | |
*** RobertLJ has joined #openstack | 03:21 | |
*** justinsheehy has quit IRC | 03:39 | |
*** justinsheehy has joined #openstack | 03:46 | |
*** metoikos has quit IRC | 03:47 | |
*** rektide_ is now known as rektide | 04:24 | |
*** justinsheehy has quit IRC | 04:44 | |
*** justinsheehy has joined #openstack | 04:51 | |
*** mtaylor has quit IRC | 05:09 | |
*** RobertLJ has quit IRC | 05:20 | |
*** miclorb has quit IRC | 05:29 | |
*** hornbeck has quit IRC | 05:40 | |
*** hornbeck has joined #openstack | 05:41 | |
*** rajijoom has quit IRC | 06:29 | |
*** jdmaturen has quit IRC | 06:30 | |
*** henriquetft has joined #openstack | 06:54 | |
*** sophiap has quit IRC | 06:58 | |
*** zheng_li has joined #openstack | 07:09 | |
*** nettok has quit IRC | 07:29 | |
*** alekibango has joined #openstack | 07:33 | |
*** cglee has joined #openstack | 07:34 | |
*** jsgotangco has joined #openstack | 07:38 | |
*** henriquetft has quit IRC | 07:43 | |
*** allsystemsarego has joined #openstack | 07:45 | |
*** jsgotangco has quit IRC | 07:45 | |
*** mtaylor has joined #openstack | 08:13 | |
*** ChanServ sets mode: +v mtaylor | 08:13 | |
*** brd_from_italy has joined #openstack | 10:01 | |
*** cglee has quit IRC | 10:07 | |
*** miclorb_ has joined #openstack | 10:14 | |
*** cglee has joined #openstack | 10:15 | |
*** metoikos has joined #openstack | 10:18 | |
*** rnewson has joined #openstack | 10:22 | |
uvirtbot | New bug: #617776 in nova "DescribeImagesResponse contains type element, when it should be called imageType" [Undecided,In progress] https://launchpad.net/bugs/617776 | 10:30 |
*** miclorb_ has quit IRC | 10:41 | |
*** brd_from_italy has quit IRC | 10:48 | |
*** cglee has quit IRC | 10:48 | |
*** justinsheehy has quit IRC | 10:49 | |
*** justinsheehy has joined #openstack | 10:55 | |
*** rnewson has quit IRC | 11:09 | |
*** rnewson has joined #openstack | 11:09 | |
ctennis | here's my cyberduck->swift setup guide: http://gist.github.com/524211 | 11:19 |
ctennis | notmyname: no, just needed a GUI to interact with swift :) | 11:20 |
uvirtbot | New bug: #617788 in nova "Cannot make EC2 API requests with empty arguments" [Undecided,New] https://launchpad.net/bugs/617788 | 11:31 |
*** ptremblett has quit IRC | 11:43 | |
*** brd_from_italy has joined #openstack | 12:15 | |
*** brd_from_italy has quit IRC | 12:46 | |
*** RobertLJ has joined #openstack | 13:39 | |
gholt | ctennis: Nicely done. swift-auth-create-account should support https; I'll file a bug for that. | 13:58 |
gholt | ctennis: On 5. my auth-server config: Shouldn't the default_cluster_url have https instead of http? | 14:00 |
ctennis | gholt: you are correct, updated, thanks! | 14:02 |
gholt | And maybe similarly on 7. | 14:05 |
gholt | Gotta love Java and certs, hehe. | 14:05 |
uvirtbot | New bug: #617840 in swift "swift-auth-create-account should support ssl" [Undecided,New] https://launchpad.net/bugs/617840 | 14:05 |
gholt | Good work on all that. | 14:05 |
* gholt wonders if we could include that somewhere in the swift doc structure. | 14:06 | |
ctennis | gotcha | 14:06 |
ctennis | certainly welcome. I'm a bzr idiot, so it was faster for me to just jot done my notes as I did it :) | 14:07 |
gholt | Cool, I'll poke at it a bit and see what it looks like in the docs. I want to run through it for real as well, as I'd like to use Cyberduck too. :) | 14:12 |
*** rajijoom has joined #openstack | 14:12 | |
*** rnewson has quit IRC | 14:17 | |
*** rnewson has joined #openstack | 14:17 | |
*** sophiap has joined #openstack | 14:18 | |
*** sophiap has quit IRC | 15:04 | |
*** RobertLJ has quit IRC | 15:18 | |
*** rnewson has quit IRC | 15:27 | |
*** rnewson has joined #openstack | 15:28 | |
*** rnewson has joined #openstack | 15:28 | |
*** rajijoom has quit IRC | 15:30 | |
gholt | ctennis: Damn, swift dev auth middleware requires non-ssl. It worked for you because you had already cached the token in memcache while the auth server was running non-ssl. | 15:38 |
gholt | Also, I had to change isHostnameConfigurable in Cyberduck, rather than isWebUrlConfigurable. | 15:47 |
gholt | Actually, that didn't work either. hmm. Stupid server field still isn't editable. | 15:48 |
gholt | Oh, yeah it did work. I forgot to rebuild Cyberduck. I'm sooo used to Python, heh. | 15:50 |
*** jdmaturen has joined #openstack | 15:51 | |
*** kuttan_ has joined #openstack | 15:52 | |
*** kuttan_ has left #openstack | 15:55 | |
ctennis | heh | 16:12 |
ctennis | I'll update the doc | 16:12 |
gholt | No need, I'm working the docs into the swift code base as we speak. :) | 16:12 |
gholt | And also fixing these bugs you've surfaced, hehe. | 16:13 |
ctennis | sweet | 16:13 |
*** dendro-afk is now known as dendrobates | 16:36 | |
gholt | ctennis: What do you think of this? (swift ssl auth bugs fixed in the same commit) http://173.45.226.81/build/html/howto_cyberduck.html | 16:38 |
ctennis | looks fantastic, other than at the top my name is Caleb not Celeb :) | 16:39 |
gholt | Haha! I just thought you were famous, yeah, that's it. | 16:40 |
ctennis | do you have a link to the commit fixing the auth? I may want to patch it here | 16:41 |
gholt | Yessir, in just a moment I'll have the branch merge proposal for you to peek at. | 16:41 |
ctennis | ok thank you | 16:41 |
gholt | Launchpad is taking its time, heh. | 16:47 |
gholt | ctennis: https://code.launchpad.net/~gholt/swift/cyberduckhowto/+merge/32669 | 16:52 |
gholt | Doh, and of course I just realized I'd misspelled your name twice. | 16:53 |
ctennis | heh, no worries | 16:53 |
*** sirp1 has joined #openstack | 16:54 | |
ctennis | I'm going to run another fresh deploy to test some changes I've got, I'll checkout the ssl patch too | 16:54 |
*** cglee has joined #openstack | 16:55 | |
gholt | Cool | 16:56 |
*** cglee has quit IRC | 17:00 | |
*** dendrobates is now known as dendro-afk | 17:03 | |
*** nettok has joined #openstack | 17:49 | |
uvirtbot | New bug: #617913 in nova "RunInstances response doesn't meet EC2 specification" [Undecided,In progress] https://launchpad.net/bugs/617913 | 18:05 |
ctennis | well gholt, it isn't working 100% for me | 18:21 |
ctennis | just trying to figure out if it's the patch or not | 18:22 |
ctennis | when I use the auth server with ssl, it times out Account HEAD failed: 401 Unauthorized | 18:24 |
ctennis | if I switch the auth server to non-ssl, it works fine | 18:24 |
ctennis | this is the st command I'm using for testing | 18:24 |
*** heckj has joined #openstack | 18:24 | |
gholt | Oh shoot, I'd might've mentioned, you need to update your proxy-server.conf with [auth-server] ssl = true | 18:25 |
*** silassewell has joined #openstack | 18:25 | |
gholt | I made an update to the sample conf in that commit, but forgot to say something to ya | 18:25 |
ctennis | yeah, did that | 18:30 |
ctennis | oh wait | 18:30 |
ctennis | I see what you're saying | 18:30 |
ctennis | ok, missed that | 18:30 |
ctennis | lemme fix | 18:30 |
*** justinsheehy has quit IRC | 18:32 | |
ctennis | that was it, thank you | 18:32 |
ctennis | seems to be working great | 18:32 |
gholt | Ah cool | 18:35 |
*** justinsheehy has joined #openstack | 18:38 | |
notmyname | stats system is nearly done except for the "small" part of porting the unit tests and docs https://code.launchpad.net/~notmyname/swift/stats_system/+merge/32673. yay for 1100+ line merge proposal | 18:42 |
gholt | Heh | 18:46 |
*** heckj has quit IRC | 18:47 | |
notmyname | laptop battery dying. I guess this is my excuse to get off the computer and do something else on a saturday :-) | 18:48 |
*** sirp1 has quit IRC | 18:50 | |
*** sophiap has joined #openstack | 18:52 | |
*** sophiap has quit IRC | 19:03 | |
*** sophiap has joined #openstack | 19:05 | |
*** mrayzenoss has joined #openstack | 19:07 | |
*** mrayzenoss has joined #openstack | 19:07 | |
*** cglee has joined #openstack | 19:17 | |
*** cglee has quit IRC | 19:33 | |
*** mrayzenoss has quit IRC | 19:33 | |
*** mrayzenoss has joined #openstack | 19:34 | |
*** mrayzenoss has joined #openstack | 19:34 | |
*** ptremblett has joined #openstack | 19:46 | |
*** sirp1 has joined #openstack | 19:53 | |
*** allsystemsarego has quit IRC | 20:02 | |
*** rnewson has quit IRC | 20:07 | |
*** rnewson has joined #openstack | 20:07 | |
*** rnewson has joined #openstack | 20:07 | |
*** jdmaturen has joined #openstack | 20:11 | |
*** dendro-afk is now known as dendrobates | 20:12 | |
*** jdmaturen has quit IRC | 20:13 | |
*** avsm has joined #openstack | 20:27 | |
*** sophiap has quit IRC | 20:31 | |
*** jdmaturen has joined #openstack | 20:32 | |
*** jdmaturen has quit IRC | 20:34 | |
*** cglee has joined #openstack | 20:39 | |
*** e1mer has quit IRC | 20:44 | |
*** dendrobates is now known as dendro-afk | 20:47 | |
*** dendro-afk is now known as dendrobates | 20:49 | |
*** anotherjesse has quit IRC | 20:51 | |
*** mrayzenoss has quit IRC | 20:54 | |
*** anotherjesse has joined #openstack | 21:13 | |
anotherjesse | we've got a team of 5 people reviewing all the patches that have been pending ... trying to unclog the tubes | 21:14 |
*** rnewson has quit IRC | 21:16 | |
*** rnewson has joined #openstack | 21:17 | |
*** rnewson has joined #openstack | 21:17 | |
*** gasbakid has joined #openstack | 21:29 | |
eday | anotherjesse: I'm reviewing them too :) | 21:45 |
anotherjesse | eday: awesome | 21:45 |
anotherjesse | we are testing those which we've already deployed to our production system :) | 21:46 |
eday | cool :) | 21:46 |
anotherjesse | I think redis would work at 1000 node, but the cost is in bugs/work on the orm, data migration, ... | 21:58 |
eday | anotherjesse: so, do you think redis will not sustain itself at 1k hosts currently? | 21:58 |
eday | ok | 21:58 |
anotherjesse | plus the auth model is a little annoying | 21:58 |
eday | as in the fake ldap->redis thing? or auth into redis itself? | 21:59 |
anotherjesse | right now compromise of a compute node allows the attacker to update/delete any data in the datastore since redis is all or nothing auth | 21:59 |
anotherjesse | fake ldap should probably go away and instead be: user system in ldap or user system outside of ldap (in the datastore -- kvs or sql) | 22:00 |
anotherjesse | eday: we aren't going to cram the sql backed system down people's throats | 22:02 |
anotherjesse | but the kvs solution would need updated before it worked in a multi-location system as well | 22:02 |
eday | do you see compute-node comprimise as a real risk currently? that seems fairly unlikely unless there is a major kvm/xen/... bug. plus you could probably just capture auth info from the compute worker config in that case | 22:02 |
anotherjesse | eday: unfortunately it is stuff we have to worry about :( | 22:03 |
anotherjesse | it is unlikely but compromize of a single system shouldn't cascade | 22:03 |
anotherjesse | eday: is there a CLA for heckj? | 22:04 |
eday | hmm, with the compute worker config stored locally, I don't see how it could be prevented | 22:04 |
eday | anotherjesse: yeah, he's good. see the approved list at: http://wiki.openstack.org/HowToContribute | 22:04 |
notmyname | maybe we could have a mapping in the approved contributor list to their launchpad login | 22:06 |
notmyname | wouldn't work for companies, but it would help with individuals | 22:06 |
eday | anotherjesse: so, to address your security concerns, I think the only way to do it is to not have a shared datastore outside each host. ie: sqlite database per host (which can have periodic snapshots backed up off the host) and all data is pushed up to schedulers/APIs/... | 22:07 |
anotherjesse | eday: we have some ideas for how to improve the security - mostly the problem is deployment takes multiple hours because changes to the redis models are too easy to slip through the cracks | 22:07 |
anotherjesse | eday: yeah, things like that are what we are thinking about | 22:07 |
anotherjesse | but want to first take a pass at how well sql would work with this | 22:07 |
anotherjesse | how it is | 22:07 |
eday | anotherjesse: this is the idea I was proposing on the mailing list, since it helps with scalability as well | 22:07 |
anotherjesse | eday: there is some information that needs to live at the higher level (like network address pools) | 22:08 |
eday | anotherjesse: sure, I see network/volume/... config as other workers, much like the compute workers. This it represents another step in the provisioning process | 22:09 |
anotherjesse | yeah | 22:09 |
anotherjesse | hmm, tarmac is acting up again | 22:09 |
eday | how so? | 22:09 |
anotherjesse | it merged something (fix-zipfile) successfully | 22:09 |
anotherjesse | but marked the branch as not merged since the diff was empty | 22:10 |
anotherjesse | it has happened a couple of times | 22:10 |
*** zheng_li has quit IRC | 22:12 | |
eday | anotherjesse: well, I see lp:nova with the correct changes already | 22:13 |
anotherjesse | eday: yeah, but hudson emailed yelling that it didn't | 22:13 |
eday | oh, it did apply the merge still, yeah, that's borked | 22:14 |
eday | so, if we did move to a local data model for compute hosts, it really wouldn't matter what we use for scalability/security since it's such a small data set. We could use postgres/mysql as a tmp solution while the API and other components still need shared access, but once we get data pushing up, we can switch to sqlite | 22:17 |
eday | so, sqlalchmey is probably the best choice for that (potential) path | 22:17 |
anotherjesse | yeah, we've got a couple guys building models files for it now | 22:18 |
eday | anotherjesse: I just marked vish's zipfile path as merged manually | 22:18 |
*** sirp1 has quit IRC | 22:21 | |
vishy | hudson is having some strange intermittent test errors | 22:24 |
dendrobates | I have access to the hudson server if you guys need anything done. | 22:26 |
dendrobates | I know nothing about hudson though. | 22:26 |
vishy | more of an investigation | 22:26 |
vishy | mtaylor can prolly figure it out | 22:26 |
vishy | there are tests that are failing sometimes | 22:26 |
vishy | they never fail locally for me | 22:26 |
eday | vishy: I don't see any failed hudson jobs for merge | 22:31 |
eday | vishy: any more details to what you are seeing? | 22:32 |
vishy | look at this https://code.launchpad.net/~vishvananda/nova/remove-syslog-workaround/+merge/32649 | 22:32 |
vishy | went through fine on resubmit | 22:33 |
vishy | different error here | 22:36 |
vishy | https://code.launchpad.net/~joelbm24/nova/fix-get-ip/+merge/32684 | 22:36 |
eday | hmm, ok. so hudson is not showing those tarmac errors. If tarmac rejects the merge hudson still shows green | 22:37 |
vishy | ah ok so it is a tarmac issue then | 22:37 |
eday | well, not tarmac itself, but for some reason those tests are failing on the machine it is running on | 22:40 |
vishy | is it possible that it is conflict between swift and nova | 22:41 |
vishy | if they are building at the same time? | 22:41 |
eday | possibly some kind of leftover data issue or race condition perhaps? hmm | 22:41 |
*** jdmaturen has joined #openstack | 22:42 | |
eday | possibly, although I've not seen anything else running besides these merges | 22:42 |
vishy | maybe there is some kind of race condition with the twisted stuff | 22:42 |
vishy | that is occassionally breaking | 22:42 |
*** jdmaturen has quit IRC | 22:43 | |
eday | ahh, nova-coverage hudson job has also been running, possible that is conflicting | 22:43 |
vishy | ooo | 22:43 |
vishy | that breaks, right? | 22:43 |
vishy | maybe we should shut it off for now? | 22:44 |
eday | ok, I've disabled it for now | 22:47 |
eday | see if that helps | 22:47 |
*** gasbakid has quit IRC | 23:02 | |
*** justinsheehy has quit IRC | 23:11 | |
mtaylor | vishy: aroo? | 23:13 |
mtaylor | eday: nova-coverage shouldn't be running at the same time - but it's possible it's leaving crap in a temp dir | 23:14 |
mtaylor | eday: ALMOST done with the hudson-cloudserver plugin - so real-soon-now I'll be running tests in a clean machine each time | 23:14 |
*** stewart has quit IRC | 23:15 | |
*** rnewson has quit IRC | 23:16 | |
*** justinsheehy has joined #openstack | 23:17 | |
eday | mtaylor: all, cool :) | 23:17 |
mtaylor | notmyname: working on a patch to launchpad to allow us to tie the appoved list to ability to submit merge props - so that we don't even have to check it manually | 23:21 |
mtaylor | notmyname: it's a few down on the stack - but it's coming | 23:21 |
vishy | mtaylor: | 23:23 |
vishy | i is herre | 23:23 |
vishy | btw: I have two branches that need to be reviewed. GOGOGO! | 23:23 |
eday | vishy: you going to clean up that ldap-depedency tree still? | 23:29 |
vishy | ah forgot about that | 23:30 |
vishy | sure hold on | 23:30 |
anotherjesse | Anyone want to review https://code.launchpad.net/~vishvananda/nova/fix-dhcpbridge/+merge/32518 -- mostly renames other than ~20 lines | 23:48 |
*** heckj has joined #openstack | 23:56 | |
anotherjesse | heckj: vishy is vish here | 23:57 |
heckj | bzr question if anyone's available - if I have a committed change in a bzr enlistment, how to I revert that one change | 23:57 |
heckj | vishy - did you want me to update those docstrings prior to a merge - happy to do so. | 23:58 |
heckj | Trying to figure out how to revert that one change that updates nova/network/... | 23:58 |
heckj | not so hot with bzr im afraid... still learning | 23:58 |
eday | heckj: bzr uncommit | 23:58 |
heckj | eday: that just rolls back the last change - yeah, that'll do it | 23:59 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!