| openstackgerrit | Merged openstack/puppet-openstack-integration stable/train: [Train Only] Remove remaining puppet-congress https://review.opendev.org/758801 | 00:49 |
|---|---|---|
| openstackgerrit | Takashi Kajinami proposed openstack/puppet-aodh master: Deprecate database options from the aodh class https://review.opendev.org/758891 | 01:22 |
| openstackgerrit | Takashi Kajinami proposed openstack/puppet-nova master: Fix incorrect release note about db options deprecation https://review.opendev.org/758893 | 01:25 |
| openstackgerrit | Takashi Kajinami proposed openstack/puppet-nova master: Fix misplaced releasenote file https://review.opendev.org/758894 | 01:27 |
| openstackgerrit | Takashi Kajinami proposed openstack/puppet-nova master: Fix misplaced releasenote file https://review.opendev.org/758894 | 01:28 |
| openstackgerrit | Takashi Kajinami proposed openstack/puppet-nova master: Fix incorrect release note about db options deprecation https://review.opendev.org/758893 | 01:57 |
| openstackgerrit | Takashi Kajinami proposed openstack/puppet-aodh master: Deprecate database options from the aodh class https://review.opendev.org/758891 | 02:01 |
| openstackgerrit | Takashi Kajinami proposed openstack/puppet-aodh master: Deprecate database options from the aodh class https://review.opendev.org/758891 | 02:04 |
| *** rcernin has quit IRC | 02:18 | |
| openstackgerrit | Takashi Kajinami proposed openstack/puppet-cinder master: Deprecate database options from the cinder class https://review.opendev.org/758896 | 02:22 |
| openstackgerrit | Takashi Kajinami proposed openstack/puppet-heat master: Deprecate database options from the heat class https://review.opendev.org/758898 | 02:29 |
| *** rcernin has joined #puppet-openstack | 02:46 | |
| *** rcernin has quit IRC | 02:47 | |
| *** rcernin has joined #puppet-openstack | 02:48 | |
| openstackgerrit | Takashi Kajinami proposed openstack/puppet-ironic master: Deprecate database options from the base class https://review.opendev.org/758900 | 02:52 |
| openstackgerrit | Takashi Kajinami proposed openstack/puppet-keystone master: Deprecate database options from the keystone class https://review.opendev.org/758901 | 02:59 |
| -openstackstatus- NOTICE: We are investigating an issue with our hosted Gerrit services. We will provide an update as soon as we can. If you want to follow the latest, feel free to join #opendev | 03:26 | |
| -openstackstatus- NOTICE: We identified a possible vulnerability in Gerrit and are investigating the potential impact on our services. Out of an abundance of caution we have taken our OpenDev hosted Gerrit system offline. We will update with more information once we are able. | 04:31 | |
| *** gfidente has joined #puppet-openstack | 05:52 | |
| *** mkarpin has joined #puppet-openstack | 06:31 | |
| *** mkarpin has left #puppet-openstack | 06:31 | |
| *** rpittau|afk is now known as rpittau | 07:04 | |
| *** tosky has joined #puppet-openstack | 07:43 | |
| *** jpena|off is now known as jpena | 07:56 | |
| *** rcernin has quit IRC | 07:57 | |
| *** rcernin_ has joined #puppet-openstack | 07:58 | |
| zigo | Hi there. Setting-up victoria, on some nodes, I get an empty /etc/keystone/puppet.conf, and then the setup fails. How can I fix this? What changed compared to Ussuri that makes it fail? | 08:03 |
| zigo | tkajinam: Any idea? | 08:03 |
| tkajinam | zigo, hm. do you have keystone::bootstrap class included ? | 08:05 |
| tkajinam | zigo, that file should be managed by the keystone::bootstrap class so I guess something related to it is missing | 08:06 |
| tkajinam | zigo, sorry but I'll leave soon. I think tobias-urdin would have some insights because he implemented that class. | 08:07 |
| *** rcernin_ has quit IRC | 08:11 | |
| zigo | Thanks. | 08:27 |
| zigo | I don't think I'm calling the bootstrap class in all controllers, just one, maybe that's the pb. | 08:28 |
| *** derekh has joined #puppet-openstack | 08:37 | |
| *** dtantsur|afk is now known as dtantsur | 08:38 | |
| -openstackstatus- NOTICE: We identified a possible vulnerability in Gerrit and are investigating the potential impact on our services. Out of an abundance of caution we have taken our OpenDev hosted Gerrit system offline. We will update with more information once we are able. | 08:39 | |
| *** ChanServ changes topic to "We identified a possible vulnerability in Gerrit and are investigating the potential impact on our services. Out of an abundance of caution we have taken our OpenDev hosted Gerrit system offline. We will update with more information once we are able." | 08:39 | |
| *** ysandeep|away is now known as ysandeep | 08:45 | |
| *** dtantsur is now known as dtantsur|brb | 09:09 | |
| *** ysandeep is now known as ysandeep|lunch | 09:12 | |
| *** ysandeep|lunch is now known as ysandeep | 09:34 | |
| *** rcernin_ has joined #puppet-openstack | 10:13 | |
| *** rcernin_ has quit IRC | 10:32 | |
| -openstackstatus- NOTICE: Update on gerrit downtime: After investigation, we believe the incident is related to a compromised Gerrit user account rather than a vulnerability in Gerrit software. We are continuing to review activity to verify the integrity of git data and expect to have an additional update with possible service restoration in approximately 2 hours. | 11:08 | |
| *** ChanServ changes topic to "Update on gerrit downtime: After investigation, we believe the incident is related to a compromised Gerrit user account rather than a vulnerability in Gerrit software. We are continuing to review activity to verify the integrity of git data and expect to have an additional update with possible service restoration in approximately 2 hours." | 11:08 | |
| *** rcernin_ has joined #puppet-openstack | 11:12 | |
| tkajinam | zigo, yeah. I think that is the reason. | 11:21 |
| * tkajinam think that we need some change in bootstrap class so that we can generate puppet.conf in all controller nodes, but run bootstrap command in only one of them | 11:22 | |
| tkajinam | like sync_db | 11:22 |
| *** rcernin_ has quit IRC | 11:28 | |
| *** yann-kaelig has joined #puppet-openstack | 11:32 | |
| *** jpena is now known as jpena|lunch | 11:35 | |
| *** social has joined #puppet-openstack | 11:36 | |
| *** rcernin_ has joined #puppet-openstack | 11:44 | |
| zigo | tkajinam: It looks like that's not my problem. | 11:50 |
| zigo | On my 2 other controllers, I get an empty puppet.conf... | 11:50 |
| zigo | It's not there at all if I don't call the bootstrap function. | 11:50 |
| zigo | If I call it, it's generated empty ... :( | 11:50 |
| zigo | (and my setup fails) | 11:50 |
| zigo | As a workaround, I think I can manually write the puppet.conf, probably. | 11:51 |
| tkajinam | zigo, hmmm... that is strange | 11:52 |
| tkajinam | actually the file should be created with the empty content but should be updated later | 11:53 |
| tkajinam | https://github.com/openstack/puppet-keystone/blob/stable/ussuri/manifests/bootstrap.pp#L281-L306 | 11:53 |
| tkajinam | zigo, which resource is failing because of missing puppet.conf ? | 11:53 |
| tkajinam | oops. I should have pointed this instead https://github.com/openstack/puppet-keystone/blob/stable/victoria/manifests/bootstrap.pp#L155-L180 | 11:54 |
| zigo | Hard to tell, I just get in my logs: | 11:54 |
| zigo | Error: Failed to apply catalog: File: /etc/keystone/puppet.conf does not contain all required configuration keys. Cannot authenticate to Keystone. | 11:54 |
| zigo | and nothing else... | 11:54 |
| tkajinam | (victoria not ussuri | 11:54 |
| tkajinam | oh, wait | 11:56 |
| tkajinam | I don't see any dependencies defined in deps.pp... can that be a timing/dependency problem ? | 11:57 |
| *** dtantsur|brb is now known as dtantsur | 11:57 | |
| tkajinam | https://github.com/openstack/puppet-keystone/blob/master/manifests/deps.pp | 11:58 |
| *** morazi has quit IRC | 11:58 | |
| tkajinam | I think we need something like; | 11:58 |
| tkajinam | Anchor['keystone::config::begin'] | 11:58 |
| tkajinam | -> Keystone_puppet_config<||> | 11:58 |
| tkajinam | ~> Anchor['keystone::config::end'] | 11:58 |
| tkajinam | zigo, can you try with adding the above dependency in deps.pp ? | 11:59 |
| zigo | tkajinam: Well, I'm trying to create the puppet.conf myself, so I can avoid the bootstrap on the 2 other controllers... | 12:00 |
| zigo | Though I can try after that. | 12:00 |
| *** morazi has joined #puppet-openstack | 12:00 | |
| tkajinam | zigo, yeah I think that is the easiest workaround now | 12:00 |
| zigo | Appart from that, all of Victoria can be setup without too many issues in Debian. | 12:02 |
| zigo | I'll send my patch to puppet-horizon though... | 12:02 |
| zigo | We need to add stuff there, because in Debian, we have /etc/openstack-dashboard/local_settings.d with some stuff to write in there (like CACHE backend, etc.). | 12:03 |
| zigo | Since it's loaded *after* the local_settings.py, it then fails (because overwritten by what's in Debian). | 12:03 |
| zigo | So, I need to push these changes there. | 12:03 |
| zigo | Ok, my workaround worked ! :) | 12:07 |
| *** derekh has quit IRC | 12:26 | |
| tkajinam | zigo, nice | 12:33 |
| *** jpena|lunch is now known as jpena | 12:34 | |
| *** rcernin_ has quit IRC | 12:57 | |
| *** jtomasek has quit IRC | 12:57 | |
| *** derekh has joined #puppet-openstack | 13:04 | |
| -openstackstatus- NOTICE: We've confirmed that known compromised identities have been reset or had their accounts disabled, and we are auditing other service accounts for signs of compromise before we prepare to restore Gerrit to working order. We will update again in roughly 2 hours. | 13:36 | |
| *** ChanServ changes topic to "We've confirmed that known compromised identities have been reset or had their accounts disabled, and we are auditing other service accounts for signs of compromise before we prepare to restore Gerrit to working order. We will update again in roughly 2 hours." | 13:36 | |
| *** lbragstad_ has joined #puppet-openstack | 15:13 | |
| *** lbragstad has quit IRC | 15:16 | |
| -openstackstatus- NOTICE: Auditing is progressing but not particularly quickly. We'll keep updating every 2 hours or so. | 15:43 | |
| *** ChanServ changes topic to "Auditing is progressing but not particularly quickly. We'll keep updating every 2 hours or so." | 15:44 | |
| *** rpittau is now known as rpittau|afk | 16:38 | |
| *** jpena is now known as jpena|off | 16:58 | |
| *** derekh has quit IRC | 17:00 | |
| *** dtantsur is now known as dtantsur|afk | 17:51 | |
| *** gfidente is now known as gfidente|afk | 18:02 | |
| -openstackstatus- NOTICE: Gerrit is offline due to a security compromise. Please refer to https://review.opendev.org/maintenance.html or #opendev for the latest updates. | 18:04 | |
| *** ChanServ changes topic to "Gerrit is offline due to a security compromise. Please refer to https://review.opendev.org/maintenance.html or #opendev for the latest updates." | 18:04 | |
| *** jtomasek has joined #puppet-openstack | 18:18 | |
| *** jtomasek has quit IRC | 18:42 | |
| *** jtomasek has joined #puppet-openstack | 19:14 | |
| *** jtomasek has quit IRC | 19:28 | |
| *** jtomasek has joined #puppet-openstack | 19:31 | |
| *** jtomasek has quit IRC | 19:50 | |
| *** tosky has quit IRC | 19:54 | |
| *** jtomasek has joined #puppet-openstack | 20:04 | |
| *** jtomasek has quit IRC | 20:57 | |
| *** gfidente|afk has quit IRC | 21:28 | |
| *** yann-kaelig has quit IRC | 21:46 | |
| *** rcernin_ has joined #puppet-openstack | 21:59 | |
| *** rcernin_ has quit IRC | 22:10 | |
| *** rcernin_ has joined #puppet-openstack | 22:17 | |
| *** rcernin_ has quit IRC | 22:20 | |
| *** rcernin has joined #puppet-openstack | 22:20 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!