| *** Qiming has quit IRC | 00:06 | |
| *** Liuqing has joined #senlin | 01:06 | |
| *** zzxwill has joined #senlin | 01:10 | |
| *** Liuqing has quit IRC | 01:15 | |
| *** Qiming has joined #senlin | 01:15 | |
| openstackgerrit | Merged openstack/senlin: Refactor API version range support https://review.openstack.org/298129 | 01:25 |
|---|---|---|
| openstackgerrit | Qiming Teng proposed openstack/senlin: Add support to 'latest' version https://review.openstack.org/298487 | 01:35 |
| *** yanyanhu has joined #senlin | 01:38 | |
| xuhaiwei | Qiming, are you around? | 01:48 |
| *** Liuqing has joined #senlin | 01:51 | |
| Qiming | yes | 01:52 |
| xuhaiwei | have someting to discuss | 01:52 |
| Qiming | shot | 01:52 |
| xuhaiwei | about container cluster, what kind of image should we use? | 01:53 |
| Qiming | what ever | 01:53 |
| Qiming | the easiest one would be coreos | 01:53 |
| Qiming | you can build your own using fedora, ubuntu ... etc | 01:53 |
| xuhaiwei | I mean for senlin to support container, we should support a default image | 01:53 |
| Qiming | why? | 01:54 |
| Qiming | we just assume there is a docker daemon running inside a vm, isn't that sufficient? | 01:54 |
| xuhaiwei | yes | 01:55 |
| Qiming | we may need to consider the differences between container engines and/or guest os distros when we want to manipulate the networking/storage stuff | 01:56 |
| xuhaiwei | but there should be some configuration in the image when you want to start a container from senlin | 01:56 |
| Qiming | but I think we are not there yet | 01:56 |
| Qiming | for example? what configuration do you need? | 01:56 |
| xuhaiwei | for example, change unix socket ot tcp? | 01:57 |
| Qiming | right, you will need to do that when creating your VM | 01:59 |
| Qiming | it can be part of the user-data | 01:59 |
| Qiming | of the nova server profile, right? | 01:59 |
| *** elynn has joined #senlin | 01:59 | |
| xuhaiwei | yes, in that case, all the information are open to users also the bind port | 02:00 |
| xuhaiwei | user can also get the floating IP, anyone can start a container then | 02:01 |
| Qiming | how about we make them open to senlin only | 02:01 |
| Qiming | it is a cloud-init thing | 02:01 |
| xuhaiwei | how to do it? | 02:01 |
| xuhaiwei | not using user-data? | 02:01 |
| Qiming | when you are playing with container clusters, do you also want to expose the underlying vm clusters to users? | 02:02 |
| xuhaiwei | I think so | 02:02 |
| xuhaiwei | at least for cloud operator | 02:03 |
| Qiming | ... | 02:03 |
| Qiming | what are you talking about? | 02:03 |
| Qiming | cloud operators or users? | 02:03 |
| *** elynn has quit IRC | 02:04 | |
| xuhaiwei | IMO sometimes they are all users | 02:04 |
| *** elynn has joined #senlin | 02:04 | |
| Qiming | okay ... won't try convince you on this | 02:05 |
| Qiming | we have talked about this 2 weeks ago, I think | 02:06 |
| Qiming | the users we are talking about only cares about their app/micro-services get deployed and executed | 02:06 |
| Qiming | we are not intending to provide a complete kubernetes environment | 02:07 |
| xuhaiwei | I know that | 02:07 |
| Qiming | then why are we exposing the underlying vm clusters to those users? | 02:07 |
| Qiming | we may be running containers on bare-metal, eventually | 02:08 |
| Qiming | but the underlying resource pool is always supposed to be transparent to users | 02:08 |
| xuhaiwei | for end users they don't need to know the vms clusters , I agree with you on that | 02:08 |
| Qiming | yes, operators do care about the vms (or bms) | 02:09 |
| Qiming | and to them, there is no security concern | 02:09 |
| Qiming | even there are security concern, we can solve it when we ARE there | 02:09 |
| Qiming | my feeling is that we are standing where we were two weeks ago, worrying about the future two months later | 02:10 |
| Qiming | we might have learned a lot of first hand lessons if we started getting our hands dirty | 02:12 |
| Qiming | sorry for being impatient, but we really don't have time to hesitate | 02:13 |
| xuhaiwei | let me think about it | 02:14 |
| Qiming | we got to build up something | 02:14 |
| Qiming | it is not about thinking | 02:14 |
| Qiming | it is about doing | 02:14 |
| Qiming | trying | 02:14 |
| yuanying | I just propose xuhaiwei to use magnum to setup coreos cluster | 02:14 |
| Qiming | pull a coreos image and create a cluster | 02:14 |
| yuanying | It's easy to build environment | 02:15 |
| Qiming | hi, yuanying, we don't have to use magnum to create coreos cluster | 02:15 |
| Qiming | using os.nova.server profile, it is just a different image id | 02:15 |
| xuhaiwei | I can understand you, I just starting some vms with coreos images, and succeeded in starting containers outside vms | 02:15 |
| Qiming | then in a second, you get a vm cluster up and running | 02:16 |
| xuhaiwei | s/outside vms/from outside vms/ | 02:16 |
| Qiming | xuhaiwei, that's good progress we need desperately | 02:16 |
| Qiming | xuhaiwei, I'm guessing that you are doing that manually today | 02:17 |
| Qiming | the problem then is really about automate the whole process | 02:17 |
| xuhaiwei | I did the configuration inside vms by user-data, just wonder if it is the right way | 02:18 |
| yuanying | I guess, coreos must have Floating IP to use docker api from senlin | 02:18 |
| Qiming | that is, IMO, the right way | 02:18 |
| Qiming | yuanying, that is something we need to figure out | 02:19 |
| Qiming | floating IP is mostly about the public subnet | 02:19 |
| Qiming | it is about something you will expose to service users (by service, I am referring to the application running inside the containers, not the "container service") | 02:20 |
| Qiming | we can still ssh into the VMs from the private subnet | 02:21 |
| Qiming | floating ip is not a blocking factor, iirc | 02:22 |
| yuanying | I'm not sure, how senlin login to vms from the private subnet? | 02:25 |
| Qiming | yuanying, it can be just some routing rules on your router | 02:26 |
| Qiming | e.g. | 02:26 |
| Qiming | 10.0.0.0 172.24.4.2 255.255.255.0 UG 0 0 0 br-ex | 02:26 |
| Qiming | Destination Gateway Genmask Flags Metric Ref Use Iface | 02:27 |
| yuanying | I heard details from xuhaiwei, it means senlin will be in compute node? | 02:27 |
| Qiming | senlin is on controller node | 02:27 |
| yuanying | like senlin-agent | 02:27 |
| Qiming | no, we don't have senlin-agent | 02:28 |
| Qiming | btw, I "hate" agents, :) | 02:28 |
| Qiming | makes sense? | 02:29 |
| yuanying | compute node will become a router to access core os instance? | 02:29 |
| Qiming | yep | 02:30 |
| yuanying | hmm | 02:30 |
| Qiming | yuanying, you can feel that I'm trying to enable an ansible way of managing VMs and VM configurations | 02:31 |
| Qiming | I'm not sure if kuryr is gonna help make the whole thing a lot simpler | 02:33 |
| yuanying | I hope kuryr will become an answer | 02:35 |
| Qiming | me too. but I'm not so optimistic because kuryr sounds to me more of a service to interconnecting the containers than a service that paves a way for routing requests to VMs we need | 02:36 |
| Qiming | maybe, someday, when container isolation problem is solved (they will get solved, just a matter of time, right?) | 02:37 |
| Qiming | the whole process becomes a lot easier | 02:38 |
| yuanying | agree | 02:38 |
| Qiming | it is just about bringing up a number of containers across many bare metal machines | 02:38 |
| Qiming | then ... as a cloud service provider | 02:39 |
| Qiming | you may have to choose between k8s or openstack, :) | 02:39 |
| Qiming | depending on your users' requirements: containers for micro-services or vms for other/traditional workloads | 02:40 |
| Qiming | instead of running a single cloud platform, you will need at least two | 02:41 |
| xuhaiwei | Qiming, for the demo, is it ok to use floating IP? | 02:45 |
| Qiming | yes | 02:47 |
| Qiming | whatever that works | 02:47 |
| xuhaiwei | ok | 02:48 |
| Qiming | here is my inapproriate metaphor | 02:48 |
| Qiming | you have container runtime as icecreams, you will like it | 02:49 |
| Qiming | and you have vm based cloud offered as pissa, you will like it too | 02:49 |
| Qiming | but you may not like your pizza with icecream on top of it | 02:50 |
| xuhaiwei | for using Senlin to start containers, shall we start a container in a specific node or couple of nodes? | 02:50 |
| Qiming | start with a single node would be okay | 02:50 |
| Qiming | then we can strive to enable multi-node scenario | 02:51 |
| xuhaiwei | ok | 02:51 |
| Qiming | it could be a simple placement policy, say, round-robin | 02:51 |
| Qiming | or a complicated scheduler, incorporating all kinds of requirements/constraints, such as workload, memory consumption, ... | 02:52 |
| Qiming | we build our prototype/confidence step by step | 02:52 |
| xuhaiwei | yes | 02:53 |
| Qiming | you are a hero, xuhaiwei | 02:53 |
| *** idonotknow_ has joined #senlin | 02:54 | |
| Qiming | it is gonna be a very challenging and rewarding journey | 02:54 |
| xuhaiwei | wish I can be | 02:54 |
| xuhaiwei | need to learn a lot | 02:54 |
| *** Qiming has quit IRC | 03:16 | |
| *** Qiming has joined #senlin | 03:17 | |
| openstackgerrit | Qiming Teng proposed openstack/senlin: Add hacking rule for api_version https://review.openstack.org/298506 | 03:24 |
| openstackgerrit | Merged openstack/senlin: Modify location to point to action https://review.openstack.org/298175 | 03:32 |
| *** elynn has quit IRC | 04:08 | |
| *** elynn has joined #senlin | 04:39 | |
| *** elynn has quit IRC | 04:44 | |
| *** elynn has joined #senlin | 04:44 | |
| openstackgerrit | Nguyen Hung Phuong proposed openstack/senlin: Fix typos in Senlin files https://review.openstack.org/298529 | 04:50 |
| elynn | Hi yanyanhu , have you try to create a node with security group? | 05:20 |
| yanyanhu | elynn, no, I never tried it | 05:21 |
| elynn | idonotknow_, try to create a node with security group but failed, got a bad request. | 05:23 |
| Qiming | oh, seems security group is not implemented in nova server profile? | 05:24 |
| elynn | I thought it might be a bug, my env is broken again. | 05:24 |
| elynn | https://github.com/openstack/senlin/blob/master/senlin/profiles/os/nova/server.py#L226-L231 | 05:25 |
| yanyanhu | that's true | 05:25 |
| idonotknow_ | I have tried without security_groups, everything goes on well | 05:25 |
| openstackgerrit | Merged openstack/senlin: Fix typos in Senlin files https://review.openstack.org/298529 | 05:27 |
| Qiming | the request was rejected by nova | 05:29 |
| Qiming | Profile failed in creating node due to: Invalid input for field/attribute 0. Value: default. u'default' is not of type 'object' | 05:29 |
| idonotknow_ | yes,the same error | 05:29 |
| elynn | Can you create node or cluster with latest senlinclient? | 05:33 |
| elynn | I always failed with: openstack cluster node create: error: argument --profile is required | 05:33 |
| elynn | even I specify --profile | 05:33 |
| Qiming | I don't have that problem, elynn | 05:34 |
| elynn | ok... might be my env's problem, I will check. | 05:35 |
| Qiming | I'm having some other problems because I have latest nova ... | 05:40 |
| elynn | I know the reason why my command line doesn't work. | 06:11 |
| elynn | openstackclient use --profile ... https://github.com/openstack/python-openstackclient/blob/master/openstackclient/shell.py#L232-L242 | 06:12 |
| elynn | Open a bug for it https://bugs.launchpad.net/python-senlinclient/+bug/1563194 | 06:13 |
| openstack | Launchpad bug 1563194 in python-senlinclient "node/cluster create not work if enable osprofiler" [Undecided,New] | 06:13 |
| elynn | Should we rename --profile ? | 06:13 |
| Qiming | it doesn't matter I think | 06:13 |
| Qiming | if you do openstack cluster node create --profile <yourprofile> <node_name> | 06:14 |
| Qiming | the '--profile' argument should be properly parsed | 06:14 |
| elynn | In my env, it won't parsed... | 06:15 |
| Qiming | it should be like this: | 06:15 |
| Qiming | openstack --debug <some_command> should be different from openstack <some_command> --debug | 06:16 |
| elynn | Only if I uninstall osprofiler, it can work. | 06:18 |
| elynn | I think our --profile can not override the default one. | 06:19 |
| Qiming | okay | 06:19 |
| elynn | two ways to solve this, 1. rename our --profile. 2. rename openstack's --profile to --os-profile, but might be chanllenge | 06:22 |
| Qiming | the later one makes sense | 06:22 |
| elynn | challenge with backward compatibility. | 06:22 |
| Qiming | that key is not providing a profile, it is a HMAC key | 06:22 |
| Qiming | it is a stupid argument name | 06:23 |
| elynn | Yes, I think so.. | 06:23 |
| elynn | Haven't notice that before. | 06:23 |
| elynn | Try to propose a patch and see the feedbacks? | 06:24 |
| Qiming | yes | 06:24 |
| Qiming | seems I'm gonna waste my whole afternoon just doing some pip install | 06:28 |
| elynn | well...good luck | 06:28 |
| Qiming | causing stomachache each time doing this ... | 06:32 |
| idonotknow_ | is this patch related to security_groups? | 06:34 |
| elynn | idonotknow_, no... | 06:36 |
| elynn | I will look into it now. | 06:38 |
| idonotknow_ | can you help debug this? | 06:38 |
| idonotknow_ | thank you | 06:39 |
| Qiming | idonotknow_, I was trying that | 06:42 |
| Qiming | but I cannot pinpoint the source code lines in nova server because my running nova process is not using the code base I pulled recently | 06:43 |
| Qiming | so I'm upgrading nova manually | 06:43 |
| Qiming | and neutron | 06:43 |
| Qiming | ... now I'm trapped | 06:44 |
| elynn | I can take a look now :) | 06:44 |
| idonotknow_ | I really appreciate it. | 06:46 |
| Qiming | I took me about 40 minutes to upgrade oslo_log ... | 06:49 |
| Qiming | still seeing no progress | 06:50 |
| *** EldonZhao has joined #senlin | 06:52 | |
| elynn | I think I can make it work now. | 06:55 |
| idonotknow_ | How? | 06:57 |
| openstackgerrit | Ethan Lynn proposed openstack/senlin: [WIP] Support security_groups in nova profile https://review.openstack.org/298563 | 06:58 |
| elynn | ^^ | 06:58 |
| idonotknow_ | you are really awesome | 06:59 |
| elynn | I will fix unit tests later. | 06:59 |
| idonotknow_ | I will have it a try on my local env | 07:00 |
| idonotknow_ | still failed in my env... | 07:11 |
| openstackgerrit | Ethan Lynn proposed openstack/senlin: Support security_groups in nova profile https://review.openstack.org/298563 | 07:11 |
| idonotknow_ | elynn, what does your template file look like? | 07:15 |
| elynn | I don't use a template file, I use command line. | 07:15 |
| idonotknow_ | what does it look like? | 07:17 |
| elynn | You mean the profile I used? | 07:17 |
| idonotknow_ | yeah | 07:19 |
| elynn | wait a minute, let me paste it. | 07:20 |
| elynn | http://paste.openstack.org/show/492205/ | 07:20 |
| elynn | Just the same I gave you this morning. | 07:21 |
| idonotknow_ | but if I use heat template,still the same error as before.so it is heat's problem ? | 07:22 |
| elynn | Do you restart senlin-engine after applying the patch? | 07:22 |
| idonotknow_ | my bad.... | 07:23 |
| idonotknow_ | kind of dizzy now...it worked | 07:24 |
| elynn | :) | 07:24 |
| elynn | take a break and eat some snacks | 07:24 |
| idonotknow_ | alright... | 07:25 |
| *** yuanying has quit IRC | 07:38 | |
| *** yuanying has joined #senlin | 07:41 | |
| openstackgerrit | Merged openstack/senlin: Add support to 'latest' version https://review.openstack.org/298487 | 07:50 |
| *** idonotknow_ has quit IRC | 07:56 | |
| openstackgerrit | Qiming Teng proposed openstack/senlin: Add hacking rule for api_version https://review.openstack.org/298506 | 08:01 |
| *** lixinhui_ has joined #senlin | 08:04 | |
| *** lixinhui has quit IRC | 08:05 | |
| *** EldonZhao has quit IRC | 08:11 | |
| *** EldonZhao has joined #senlin | 08:11 | |
| openstackgerrit | Qiming Teng proposed openstack/senlin: More test case for method with diff versions https://review.openstack.org/298593 | 08:15 |
| openstackgerrit | Ethan Lynn proposed openstack/senlin: Support security_groups in nova profile https://review.openstack.org/298563 | 08:46 |
| openstackgerrit | Ethan Lynn proposed openstack/senlin: Refactor do_create for nova profile https://review.openstack.org/298602 | 08:46 |
| openstackgerrit | Hieu LE proposed openstack/senlin: Fix minor typo in senlin project https://review.openstack.org/298606 | 08:56 |
| *** zzxwill has quit IRC | 09:01 | |
| *** zzxwill has joined #senlin | 09:06 | |
| *** R_lixh has joined #senlin | 09:12 | |
| *** lixinhui_ has quit IRC | 09:12 | |
| *** zzxwill has quit IRC | 09:20 | |
| *** EldonZhao has quit IRC | 09:28 | |
| openstackgerrit | Ethan Lynn proposed openstack/senlin: Re-enable E402 check https://review.openstack.org/298623 | 09:35 |
| openstackgerrit | Qiming Teng proposed openstack/senlin: Developer doc for API microversioning https://review.openstack.org/298626 | 09:41 |
| *** elynn has quit IRC | 09:41 | |
| *** Liuqing has quit IRC | 09:47 | |
| openstackgerrit | Merged openstack/senlin: Fix minor typo in senlin project https://review.openstack.org/298606 | 09:47 |
| openstackgerrit | Merged openstack/senlin: Add hacking rule for api_version https://review.openstack.org/298506 | 09:48 |
| openstackgerrit | Merged openstack/senlin: More test case for method with diff versions https://review.openstack.org/298593 | 09:48 |
| *** zzxwill has joined #senlin | 09:53 | |
| *** zzxwill has quit IRC | 10:03 | |
| openstackgerrit | Qiming Teng proposed openstack/senlin: Developer doc for API microversioning https://review.openstack.org/298626 | 10:20 |
| *** Qiming has quit IRC | 10:24 | |
| *** Liuqing has joined #senlin | 10:27 | |
| *** yanyanhu has quit IRC | 10:34 | |
| *** zzxwill has joined #senlin | 10:51 | |
| *** Liuqing has quit IRC | 10:56 | |
| *** Qiming has joined #senlin | 11:18 | |
| *** Liuqing has joined #senlin | 11:35 | |
| *** lixinhui_ has joined #senlin | 12:41 | |
| *** lixinhui_ has quit IRC | 12:46 | |
| *** lixinhui_ has joined #senlin | 12:48 | |
| *** elynn has joined #senlin | 12:50 | |
| Qiming | meeting time | 13:01 |
| *** zzxwill has quit IRC | 13:46 | |
| *** zzxwill has joined #senlin | 13:51 | |
| lixinhui_ | elynn | 13:59 |
| lixinhui_ | there? | 13:59 |
| elynn | Hi | 13:59 |
| elynn | lixinhui_: yes? | 13:59 |
| lixinhui_ | I want to know more about the security group thigns | 13:59 |
| lixinhui_ | i am not quiet know heat | 14:00 |
| lixinhui_ | I am thinking | 14:00 |
| lixinhui_ | we have to extend senlin nova to support security group? | 14:01 |
| lixinhui_ | I saw your patch from IRC log | 14:01 |
| elynn | Yes, senlin nova profile can't correctly set security group until my patch add it. | 14:01 |
| lixinhui_ | but security group has supported by heat for non-senlin resource | 14:02 |
| *** Liuqing has quit IRC | 14:02 | |
| lixinhui_ | or my question is | 14:02 |
| elynn | I gave a example to Idonotknow and I think it's worked with my patch in senlin | 14:03 |
| lixinhui_ | Yes, I see | 14:03 |
| lixinhui_ | I know it works | 14:03 |
| lixinhui_ | can we create senlin node by nova then adopt security group after that by heat template | 14:03 |
| lixinhui_ | ? | 14:03 |
| lixinhui_ | maybe nonsense | 14:03 |
| lixinhui_ | or I do not understand heat implements | 14:04 |
| lixinhui_ | just feel security group has been supported | 14:04 |
| elynn | I don't think it can | 14:04 |
| elynn | Since in senlin need to create a profile | 14:04 |
| elynn | Then create a node from this profile. | 14:04 |
| elynn | Only if senlin support to update a profile then heat can do it. | 14:05 |
| lixinhui_ | but security group can be created after that and do not have to be part of the profile | 14:07 |
| elynn | By now, profile resource in heat won't support to update it's spec, since senlin doesn't support to update a profile's spec. | 14:07 |
| lixinhui_ | okay, I see. Thanks!!! | 14:08 |
| elynn | Heat can not see the nodes under cluster, so it can't add security group to these nodes. | 14:08 |
| lixinhui_ | okay | 14:08 |
| elynn | Only if there is an API in senlin cluster to do it. | 14:09 |
| elynn | Heat can do it. | 14:09 |
| lixinhui_ | Thanks, now I get more understanding here :) | 14:10 |
| elynn | np :) | 14:10 |
| *** cschulz has quit IRC | 14:11 | |
| *** lixinhui_ has quit IRC | 14:29 | |
| openstackgerrit | Merged openstack/senlin: Refactor do_create for nova profile https://review.openstack.org/298602 | 14:30 |
| openstackgerrit | Merged openstack/senlin: Support security_groups in nova profile https://review.openstack.org/298563 | 14:34 |
| *** openstackgerrit has quit IRC | 15:06 | |
| *** openstackgerrit has joined #senlin | 15:07 | |
| *** zzxwill has quit IRC | 15:38 | |
| *** elynn has quit IRC | 15:41 | |
| *** Qiming has quit IRC | 16:03 | |
| *** Qiming has joined #senlin | 23:11 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!