Wednesday, 2018-05-30

openstackgerritRedHat RDO CI proposed openstack/tripleo-heat-templates stable/queens: GATE CHECK for TripleO
openstackgerritRedHat RDO CI proposed openstack/tripleo-quickstart-extras master: GATE CHECK for quickstart-extras
openstackgerritMichael Bayer proposed openstack/tripleo-specs master: Region Support
openstackgerritMichael Bayer proposed openstack/tripleo-specs master: Region Support
*** alee_ has joined #tripleo00:03
*** zul has quit IRC00:04
*** mgkwill_ has joined #tripleo00:05
*** patrickeast has quit IRC00:05
*** mgkwill has quit IRC00:05
*** mgkwill_ is now known as mgkwill00:05
*** patrickeast has joined #tripleo00:05
*** alee has quit IRC00:06
*** afazekas has quit IRC00:06
*** melwitt has quit IRC00:06
*** mdnadeem has joined #tripleo00:09
*** melwitt has joined #tripleo00:11
*** afazekas has joined #tripleo00:11
*** ChanServ has quit IRC00:12
*** mdnadeem has quit IRC00:13
*** zul has joined #tripleo00:16
*** leitan has quit IRC00:18
*** leitan has joined #tripleo00:18
*** dciabrin_ has joined #tripleo00:19
*** yolanda_ has quit IRC00:19
*** yolanda_ has joined #tripleo00:20
*** rwsu has quit IRC00:20
*** dciabrin has quit IRC00:21
*** leitan has quit IRC00:22
*** rlandy|rover has quit IRC00:33
*** ChanServ has joined #tripleo00:33
*** sets mode: +o ChanServ00:33
*** atoth has quit IRC00:35
*** csmart has quit IRC00:38
*** wilken[m] has quit IRC00:38
*** melwitt is now known as Guest4815300:39
*** rwsu has joined #tripleo00:45
*** limao has joined #tripleo00:46
*** leitan has joined #tripleo00:48
*** psahoo has joined #tripleo00:55
*** ayoung has quit IRC00:55
*** leitan has quit IRC00:58
*** leitan has joined #tripleo00:58
*** leitan has quit IRC01:00
*** leitan has joined #tripleo01:00
*** wilken[m] has joined #tripleo01:01
*** csmart has joined #tripleo01:21
*** mdnadeem has joined #tripleo01:23
*** gyankum has joined #tripleo01:29
*** dr_gogeta86 has quit IRC01:45
openstackgerritMerged openstack/tripleo-heat-templates master: NeutronSriovHostConfig missing in SRIOV's env files
*** takashi has joined #tripleo02:00
takashiCan I ask a question about tripleo here?02:04
stevebakertakashi: yes you can!02:07
*** bkopilov_ has quit IRC02:08
takashistevebaker: thx! :-)02:08
takashiI recently started testing tripleo queens, and have a question about neutron service setup02:09
takashiI understand that in queens, neutron services are installed as docker containers, and service settings are described files under this directory
takashiWhile I can find services like neutron-api(which means neutron-server), neutron-ovs-agent and so on, I can find the one which corresponds to neutron-ovs-cleanup02:11
takashis/can/can't/ sorry02:11
takashiI know that neutron-ovs-cleanup is not a daemon service but a kind of command line tool which runs when starting or stopping node02:12
takashibut can't find why we don02:12
*** psahoo has quit IRC02:12
takashiwe don't need the one when setting up neutron in docker containers02:12
takashistevebaker: do you know its reason?02:14
stevebakertakashi: I'm just looking, hang on02:16
takashistevebaker: thank you!02:17
*** rajinir has joined #tripleo02:17
*** yamahata has quit IRC02:20
stevebakertakashi: I think you've found a bug. It looks like we used to do an ovs-cleanup run via a systemd dependency to the ovs-agent service, but that is no longer happening now that docker is running the ovs-agent02:21
openstackgerritMichele Baldessari proposed openstack/puppet-tripleo stable/queens: Fix up property names in case of mixed case hostnames
*** psahoo has joined #tripleo02:24
stevebakertakashi: maybe the queens start script runs it, I'm just tracking that down
stevebakertakashi: oh, maybe this call to neutron.cmd.destroy_patch_ports does the same thing
*** jbcraig has joined #tripleo02:31
takashistevebaker: thank you! let me see...02:31
stevebakerI'll be back later02:32
openstackgerritEmilien Macchi proposed openstack/tripleo-quickstart master: Revert "Revert "Deploy container-multinode (fs010) with a containerized undercloud""
*** leitan has quit IRC02:38
*** leitan has joined #tripleo02:39
*** psachin has joined #tripleo02:42
*** leitan has quit IRC02:43
takashistevebaker: I checked codes of destry pots and ovs-cleanup, they looks different to me.02:46
takashiIn rdo packaging, destroy port service exsits as ovs cleanup also exists. see
*** ykarel|away has joined #tripleo02:46
takashithe call to destroy patch pots is introduced in thie patch
*** dbecker has quit IRC02:47
*** thrash is now known as thrash|g0ne02:47
takashiand the bug report fixed by the patch only mentions about destroy-patch-ports
openstackLaunchpad bug 1731924 in tripleo "Execute destroy-patch-ports before running ovs-agent in container" [High,Fix released] - Assigned to Dan Prince (dan-prince)02:48
takashiI'm afraid that the work of ovs-cleanup is still missing02:48
takashistevebaker: it would be great if you have some time to have a look, after coming back. thanks.02:49
*** rlandy has joined #tripleo02:51
*** limao has quit IRC02:59
*** dbecker has joined #tripleo03:01
*** moshele has quit IRC03:04
*** gbarros has joined #tripleo03:07
*** janki has joined #tripleo03:12
openstackgerritzhulingjie proposed openstack/puppet-tripleo master: Replace port 35357 with 5000
*** bkopilov_ has joined #tripleo03:24
*** tzumainn has quit IRC03:34
*** pdeore has joined #tripleo03:47
*** pdeore has quit IRC03:47
*** pdeore has joined #tripleo03:47
*** udesale has joined #tripleo03:58
*** ykarel|away is now known as ykarel03:59
*** rlandy has quit IRC04:05
*** gbarros has quit IRC04:06
*** ykarel is now known as ykarel|afk04:07
*** links has joined #tripleo04:11
Tenguhello there04:17
openstackgerritCédric Jeanneret proposed openstack/tripleo-heat-templates master: WIP - Manage public certificate with ansible
Tenguhmm. have to get some output -.-'04:25
*** fragatina has quit IRC04:31
*** fragatina has joined #tripleo04:33
*** fragatina has quit IRC04:37
*** marios has joined #tripleo04:40
*** pgadiya has joined #tripleo04:42
*** pgadiya has quit IRC04:44
*** psachin has quit IRC04:46
openstackgerritMerged openstack/tripleo-heat-templates master: Replace hiera lookup for ceph::profile::params::fsid
*** rakhmerov has quit IRC04:51
openstackgerritMerged openstack/puppet-tripleo master: Remove support for puppet-ceph
*** aufi has joined #tripleo04:57
openstackgerritMerged openstack/tripleo-heat-templates master: Set default application for Ceph Luminous openstack_pools
openstackgerritMerged openstack/tripleo-heat-templates stable/ocata: Allows Configuration of Additional of Lbaas and Neutron
openstackgerritMerged openstack/puppet-tripleo stable/pike: Merge default_listen with swift_proxy_server_listen_options
*** radeks__ has joined #tripleo05:09
*** dparkes has quit IRC05:10
*** alee_ has quit IRC05:11
*** limao has joined #tripleo05:13
*** rakhmerov has joined #tripleo05:16
*** yprokule has joined #tripleo05:18
*** fragatina has joined #tripleo05:18
*** alee_ has joined #tripleo05:18
*** ykarel|afk is now known as ykarel05:18
*** lifeless_ has quit IRC05:19
*** anilvenkata has joined #tripleo05:19
*** lifeless has joined #tripleo05:19
*** shreshtha-away has joined #tripleo05:20
chandankumarWhen does ceph support swift healthcheck api?05:29
*** quiquell|off is now known as quiquell05:33
*** limao has quit IRC05:35
*** agurenko has joined #tripleo05:41
*** aufi has quit IRC05:44
*** agurenko has quit IRC05:53
*** moshele has joined #tripleo05:59
*** rakhmerov has quit IRC05:59
*** cshastri has joined #tripleo06:02
*** dparkes has joined #tripleo06:03
*** agurenko has joined #tripleo06:04
*** mdnadeem_ has joined #tripleo06:05
*** khyr0n has joined #tripleo06:05
*** pdeore_ has joined #tripleo06:07
*** mdnadeem has quit IRC06:08
*** pdeore has quit IRC06:09
*** hjensas has quit IRC06:14
*** pdeore has joined #tripleo06:16
*** pdeore_ has quit IRC06:17
*** rakhmerov has joined #tripleo06:19
*** lifeless has quit IRC06:23
*** waleedm has joined #tripleo06:24
*** masco has joined #tripleo06:24
*** jtomasek has joined #tripleo06:25
*** lifeless has joined #tripleo06:25
*** dparkes has quit IRC06:25
*** lebauce- has joined #tripleo06:27
*** rajinir has quit IRC06:27
*** lebauce_ has quit IRC06:27
*** jtomasek has quit IRC06:28
openstackgerritMerged openstack/tripleo-docs master: [Docs - UC restore] Add missing command when refreshing certificates
*** pcaruana has joined #tripleo06:33
*** ratailor has joined #tripleo06:33
*** cylopez has joined #tripleo06:38
*** cylopez has left #tripleo06:40
*** ffiore has joined #tripleo06:42
*** holser__ has joined #tripleo06:43
openstackgerritMerged openstack/tripleo-quickstart master: Added a troubleshooting tip to clean up ~/.quickstart
*** hjensas has joined #tripleo06:56
*** hjensas has quit IRC06:56
*** hjensas has joined #tripleo06:56
*** cshastri has quit IRC06:57
*** ssbarnea_ has joined #tripleo06:58
*** agurenko has quit IRC07:04
openstackgerritmathieu bultel proposed openstack/python-tripleoclient master: Keep plan-environment only on upgrade
*** tosky has joined #tripleo07:06
*** agurenko has joined #tripleo07:07
*** dmacpher__ has joined #tripleo07:09
*** ccamacho has joined #tripleo07:11
*** dmacpher_ has quit IRC07:12
*** agurenko has quit IRC07:13
*** jaosorior has joined #tripleo07:15
*** masco has quit IRC07:16
*** quiquell is now known as quiquell|afk07:18
*** zz_saneax has joined #tripleo07:18
*** zz_saneax is now known as saneax07:19
*** sshnaidm is now known as sshnaidm_pto07:20
*** tesseract has joined #tripleo07:20
*** apetrich has quit IRC07:21
*** cshastri has joined #tripleo07:22
openstackgerritThomas Herve proposed openstack/tripleo-heat-templates master: Pass designate configuration to neutron
*** apetrich has joined #tripleo07:23
*** florianf has joined #tripleo07:23
*** jtomasek has joined #tripleo07:25
*** rcernin has quit IRC07:27
*** amoralej|off is now known as amoralej07:27
*** aufi has joined #tripleo07:28
*** mdnadeem_ has quit IRC07:28
*** masco has joined #tripleo07:30
*** jtomasek has quit IRC07:31
*** skramaja has joined #tripleo07:32
*** ykarel is now known as ykarel|lunch07:36
*** khyr0n has quit IRC07:40
*** mdnadeem_ has joined #tripleo07:41
openstackgerritSergii Golovatiuk proposed openstack/tripleo-quickstart-extras master: Add undercloud_prep_containers.log to logs
*** khyr0n has joined #tripleo07:41
*** jpena|off is now known as jpena07:45
*** Nexus has joined #tripleo07:47
*** ykarel|lunch has quit IRC07:47
*** khyr0n has quit IRC07:48
openstackgerritDaniel Alvarez proposed openstack/puppet-tripleo master: Adding wrapper script for haproxy in OVN metadata agent
Tengujaosorior: hello! I have a small issue/question: apparently, in some scenarii, there isn't an "haproxy" group :/.07:50
Tengumeaning my ansible will fail because it can't chgrp TLS certificate to haproxy :(07:51
Tengujaosorior: once this is corrected, I guess the patchset will be good (at last)07:51
*** anilvenkata has quit IRC07:51
Tengujaosorior: any idea? I didn't find a specific thing in the "old" bash script regarding this group..07:51
*** jpich has joined #tripleo07:53
*** anilvenkata has joined #tripleo07:55
openstackgerritRicardo Noriega proposed openstack/tripleo-heat-templates stable/queens: NeutronSriovHostConfig missing in SRIOV's env files
openstackgerritRedHat RDO CI proposed openstack/tripleo-heat-templates stable/ocata: GATE CHECK for TripleO
rnoriegaskramaja, ^^ this is yesterday's patch cherrypick!08:00
*** quiquell|afk is now known as quiquell08:11
jaosoriorTengu: uhm... well, I'm honestly not sure what the issue is there.08:13
jaosoriorTengu: but, one fact is that we have to stop assuming that there will be a haproxy group08:13
jaosorioras we want to move the actual hosts to have the least packages as possible (and that group comes from the haproxy package).08:14
jaosoriorTengu: so, when we do an update, if it's containerized, we have to do a chown in the container08:14
*** suuuper has joined #tripleo08:16
*** limao has joined #tripleo08:18
*** sri_ has quit IRC08:21
Tenguhmm ok.08:21
Tengujaosorior: I'm on a quick mtg, will check that. Maybe my ansible requires a new bunch of checks/rules in order to only do the chown on the host when we're in containers or not.08:23
*** limao has quit IRC08:24
*** radek__ has joined #tripleo08:28
*** sri_ has joined #tripleo08:29
Tengujaosorior: so, basically, I must check in some way if there's a "haproxy" package, and based on that, I must chose where I do the "chown/chgrp", right?08:30
jaosoriorthat would be a way to d it08:31
jaosorior* do it08:31
jaosorioreither way you have to chwon/chgrp, either on the host or the container08:31
Tenguyup. will dig a bit ansible.08:32
TenguI can base my "switch" on the haproxy service status I guess.08:32
Tenguif not in ActiveState, chown in container, else on the host08:33
jaosoriorTengu: what about new baremetal deployments? at that point HAProxy won't be active either.08:33
jaosoriorTengu:  I think you should base the decision on the existance of the haproxy group08:34
Tengujaosorior: hmm. not sure this is possible with "group" resource in ansible.08:34
Tenguwill check.08:34
jaosoriorI see08:34
jaosoriordo we have some sort of flag that says if we're doing a containerized deployment or not?08:34
Tenguno idea :/08:35
Tenguthat would be good and would surely simplify the thing.08:35
jaosoriormandre, jistr: ^^08:35
Tengujaosorior: but I think I should be able to reproduce the ci check in a confined, under control env. Just breaking down the in order to fully understand it.08:37
Tenguthat would allow me to learn a bit more about the deploy process for that specific scenario08:37
mandrejaosorior: to my knowledge there is no easy way to detect if a service is deployed in container or BM, i don't think it's desirable either08:38
Tengumandre: well, it actually might be a good thing, especially if we have external files with specific rights08:39
mandrewhy do you need it?08:39
Tengumandre: I have to chgrp on a file in order to give read access to haproxy group - it fails in containerized deploy because haproxy isn't installed, hence no haproxy group, hence ansible fails.08:39
jaosoriorTengu: actually... another option is to try to set the certificate ownership, and ignore failures08:39
Tengujaosorior: khof08:40
jaosoriorTengu: that way you'll just always try, and it won't be a big deal if ansible can do it or not08:40
Tenguignoring failures is the best way to shoot in the foot08:40
jaosoriorTengu: well, it would be ignoring a failure for one ansible task08:40
*** gfidente has joined #tripleo08:41
*** gfidente has quit IRC08:41
*** gfidente has joined #tripleo08:41
openstackgerritDaniel Alvarez proposed openstack/tripleo-heat-templates master: Generate and mount wrappers for haproxy in OVN metadata agent
Tengujaosorior: problem: I do a copy with content + ownership. failure might be the file creation or ownership. I can't push a new resource right after the copy for the ownership, else each run will switch back to root:root and root:haproxy||fail08:42
mandreTengu: hmm, I take it you're running ansible on the host... in that case you can check if there is a haproxy container and you'll do the chown using the haproxy image to get the right uid/gid08:42
Tenguthat's ugly as hell, and not really convenient for comprehension (even with comment in the code). I dislike this kind of hack.08:42
Tengumandre: nope, because it's ran before container start/creation. host_prep_tasks :)08:42
jaosoriormandre: there won't be a haproxy container, this is before it runs08:42
jaosoriormandre: and we can't run the haproxy container, cause running the container will fail without the cert08:43
jaosoriormandre: then we ALSO need to manage updates :D08:43
Tengusnake, tail, biting08:43
*** paramite_ has joined #tripleo08:43
jistrso what patch are we talking about? :)08:43
mandreTengu: so you mean it's something you can fix with kolla_config?08:43
Tenguanyway. will find a way. Have to. And a clean way of course :)08:43
jaosoriorjistr, mandre
Tengumandre: IF we're in a container. and even... nope.08:44
*** lifeless_ has joined #tripleo08:44
*** lifeless has quit IRC08:44
Tengujistr: mandre especially - line 86 and following08:45
Tengu(and yes, the no_log will be set to true later in order to ensure key isn't shown)08:45
Tengubut basically.... if haproxy_state is not defined or false, that means we're in a containerized deploy.08:47
Tenguthat would probably be the best way to detect that.08:47
Tengujaosorior: -^^08:47
*** ykarel|lunch has joined #tripleo08:48
mandreTengu: hmmm okay, so...08:48
Tenguinteresting case isn't it? :)08:49
mandreyou can check if there is a container named haproxy in one of the file at /var/lib/tripleo-config/08:49
jaosoriormandre: at what point are those written?08:49
jaosoriormandre: thought we wrote that in the steps08:50
mandrethen adapt your ansible code based on whether haproxy is containerized or not -- basically the path where to output the certificate and the group uid/gid08:50
Tenguhave a quickstart deploy running.08:51
Tengumandre: deployed path should be OK08:51
Tengujust the gid08:51
mandreok, so if that's the only issue I think it's easier to fix the uid/gid with kolla_config08:51
mandrethat file is mounted in the haproxy container, right?08:52
jistrjaosorior, Tengu: so i'm still wondering what's the full extent of the task we're trying to achieve. We have a few params with the base64 PEM format content, and we want to write them into files and have haproxy use that? or is it more complex than that?08:52
jaosoriorjistr: less complex :D08:52
Tengumandre: kolla is only for container, right? so if no kolla, we can't set the proper gid, hence non-container will fail to read the certificate.08:53
jaosoriorjistr: Tengu is rewritting the public TLS script thingy into ansible. We're just trying to cover the cases cleanly.08:53
mandreTengu: yeah, is that really a problem though? I though the BM services were going to be deprecated eventually08:54
jaosoriormandre: are they? we haven't been able to remove the puppet/services/* because folks want to re-use the baremetal services fo rthe all-in-one installer08:54
Tengumandre: "eventually", yes. I'd rather avoid breaking the CI checks that are actually working because they are BM :)08:54
*** brault has joined #tripleo08:55
Tenguanyway. I'll give a try to my idea (basing the gid on the presence of haproxy service - whatever its status is)08:55
mandreTengu: you can have an ansible task that set the uid/gid to 'haproxy' where you don't collect the failure status08:55
mandrethis way, if you have haproxy on the host, fine, otherwise it's containerized and fine too08:55
bandinimandre: if you have a min08:55
Tengumandre: already discussed earlier : no-go, because it might happen that each run will do root:root -> root:haproxy||fail  - that's ugly as hell08:55
*** mrunge has quit IRC08:56
Tenguunless this kind of non-indepotent thing is accepted - but even so, I can't do that, because I'll have nightmares about it.08:56
jaosoriorOpenStack itself is fuel for nightmares :D08:57
*** ykarel|lunch is now known as ykarel08:57
jistrjaosorior, Tengu: so i think we could initially stop focusing on making the host_prep_tasks common for both containerized and non-containerized. Then A) containerized host_prep_tasks would write the config files somewhere to the /var/lib/..... location where containers can take them from, and we could have a haproxy init container that would then be in charge of chowning the files. B) non-containerized case08:57
jistrit could be fully done by the host prep tasks perhaps08:57
*** agurenko has joined #tripleo08:57
jistrmandre: ^08:57
*** agurenko has quit IRC08:57
jistrand if we discover there are some parts that can be pulled into some "common host prep tasks" for both containerized and non-containerized, then great, but i wouldn't start the implementation that way personally08:58
jaosoriorjistr: the init container is nice, but it won't work for certificate updates :/08:59
mandreTengu: c'mon, it's not that dirty to ignore failures on a task we know may potentially fail, I've seen worse09:00
mandrejistr: I'd prefer we use kolla_config over init container09:01
jistrmandre: right that would be better09:01
jaosoriormandre: and ultimately kolla_config can do that... but not on updates. or can it? (the HAProxy container wouldn't be restarted)09:01
jaosoriorjistr: ^^09:02
jistri think we'd just have to persuade paunch that something changed in the config data for the container, which will make it restart the container09:02
Tengumandre: well... seeing "changed" for each run when we might actually do a nicer thing... 2s09:02
mandrejaosorior: right, for update we'll need to have ansible set the right uid/gid right away09:02
jaosoriorTengu, mandre: that's why that was being done in the script09:02
jaosorior(besides the baremetal case)09:03
jistrwouldn't paunch do the right thing re re-injecting fresh files and re-chowning if we just make sure that the config hash changed? I'm not sure how that's done best but it might be automatic if we just write those params (or hashes of those params, if we don't want them in full there) into hiera, which would affect the hash of the full config dir too.09:05
jistrbut maybe that's dirtier solution than some alternatives...09:05
jaosoriorjistr: it doesn't when HAPRoxy is managed by pacemaker.09:05
*** fragatina has quit IRC09:05
jistrok yea we need the tasks then09:06
*** ykarel is now known as ykarel|away09:06
jaosorioryep yep :)09:06
*** fragatina has joined #tripleo09:06
jaosoriorand here's where we're stuck :D finding a nice clean way to do this09:06
Tengujaosorior: check my proposed diff. or I can push it.09:06
openstackgerritYurii Prokulevych proposed openstack/tripleo-heat-templates master: Unset UpgradeRemoveUnusedPackages on converge.
jaosoriorTengu: set_fact: haproxy_gid_exists={{docker_state is defined and not docker_state.failed}} ??09:08
jaosoriorthat doesn't seem related to the haproxy gid09:08
jaosorioralso, in the baremetal case, I think docker would be installed as well09:08
openstackgerritMerged openstack/tripleo-heat-templates master: Add condition to ovs run during upgrade.
Tengujaosorior: it checks if a service haproxy is defined - if so, this means we actually have the group09:08
Tengujaosorior: base BM images have haproxy09:08
jaosoriorTengu: I think I'mmissing something here, that's checking docker, not haproxy09:09
jaosoriorhaha no biggie; I thought I was missing something09:09
mandreTengu: you may want to look for a haproxy container in /var/lib/tripleo-config/docker-container-startup-config-step_1.json09:10
jaosoriormandre: oh right, but at what point of the deployment are those written?09:10
skramajarnoriega: +2ed09:11
jaosoriormandre: thought those were written in the deployment steps, in which case, we don't have them available yet in host_prep_tasks.09:11
mandrejaosorior: IIRC they're written to the host at an early stage09:11
* mandre needs to double check09:11
jaosoriormandre: but you're right, if we can check for that, that would definitely be like a flag "are we using containers?"09:12
*** ykarel|away has quit IRC09:12
Tengujaosorior: corrected - good catch :)
mandrebrb, school run09:12
Tengumandre: seeing the name, I guess it's created in the prep_tasks as well. we might get a race condition.09:13
Tenguand that would be nasty as well :).09:13
openstackgerritMerged openstack/instack-undercloud master: Update sample config
jaosoriorTengu: we could potentially change these tasks to run in deploy_step_tasks instead09:13
jaosoriorwe could run them in step 109:13
jaosoriorbut then we need to make sure that ansible runs before the containers are started09:14
Tenguprep_tasks seems the right place for many reasons09:14
*** salmankhan has joined #tripleo09:14
openstackgerritYurii Prokulevych proposed openstack/tripleo-upgrade master: Expose option to delete 'unused rpms'
Tenguso, will go for it.09:21
openstackgerritCédric Jeanneret proposed openstack/tripleo-heat-templates master: WIP - Manage public certificate with ansible
*** aufi has quit IRC09:23
*** jtomasek has joined #tripleo09:24
openstackgerritMichele Baldessari proposed openstack/puppet-tripleo stable/queens: Lower the default stunnel log level
*** salmankhan has quit IRC09:25
*** jtomasek has quit IRC09:25
Tenguone thing would be soooo good with the CI: having the capability to just get one check running.09:25
*** dr_gogeta86 has joined #tripleo09:25
*** dr_gogeta86 has quit IRC09:25
*** dr_gogeta86 has joined #tripleo09:25
Tengumeaning zuul won't +1 nor -1 the review, but would just output the status of one single check....09:26
*** olap has joined #tripleo09:29
*** zoli is now known as zoli|lunch09:31
*** udesale_ has joined #tripleo09:31
*** olap has quit IRC09:32
*** udesale_ has quit IRC09:32
*** olap has joined #tripleo09:32
*** udesale_ has joined #tripleo09:32
*** udesale_ has quit IRC09:32
*** udesale_ has joined #tripleo09:33
*** udesale has quit IRC09:33
*** olap has quit IRC09:35
*** salmankhan has joined #tripleo09:35
*** olap has joined #tripleo09:35
*** olap_ has joined #tripleo09:36
*** olap_ has quit IRC09:36
openstackgerritMartin Mágr proposed openstack/puppet-tripleo master: Collectd QDR connection
*** olap_ has joined #tripleo09:36
*** olap_ has quit IRC09:36
*** olap_ has joined #tripleo09:37
*** dtantsur|afk is now known as dtantsur09:38
*** olap__ has joined #tripleo09:38
openstackgerritMerged openstack/tripleo-heat-templates master: Remove ironic_host_manager usage
openstackgerritMerged openstack/tripleo-common master: Use the standard messaging in the baremetal workbook
openstackgerritMerged openstack/instack-undercloud master: Remove support for classic drivers
openstackgerritMerged openstack/tripleo-heat-templates master: Parameterized deployment hosts
openstackgerritMerged openstack/tripleo-validations master: Fix documentations for pypi
*** olap__ has quit IRC09:38
*** olap__ has joined #tripleo09:38
*** olap__ has quit IRC09:39
*** olap__ has joined #tripleo09:39
*** olap has quit IRC09:40
*** olap__ has quit IRC09:40
*** olap_ has quit IRC09:40
*** ubijtsa is now known as assassin09:42
*** salmankhan has quit IRC09:42
openstackgerritWojciech Dec proposed openstack/tripleo-heat-templates master: Add site id parameter to cisco vts ml2 template
openstackgerritWojciech Dec proposed openstack/tripleo-heat-templates master: Add site id parameter to cisco vts ml2 template
*** salmankhan has joined #tripleo09:47
openstackgerritWojciech Dec proposed openstack/tripleo-heat-templates master: Add site id parameter to cisco vts ml2 template
*** sanjayu_ has joined #tripleo10:01
openstackgerritWojciech Dec proposed openstack/tripleo-heat-templates master: Add site id parameter to cisco vts ml2 template
*** udesale__ has joined #tripleo10:02
*** udesale__ has quit IRC10:02
*** udesale has joined #tripleo10:03
*** udesale_ has quit IRC10:05
*** avivgt has joined #tripleo10:05
*** jaosorior has quit IRC10:14
*** thrash|g0ne is now known as thrash10:15
*** sri_ has quit IRC10:17
*** bkopilov_ has quit IRC10:18
*** psachin has joined #tripleo10:21
*** jaosorior has joined #tripleo10:31
*** lifeless_ has quit IRC10:32
*** psahoo has quit IRC10:36
*** aufi has joined #tripleo10:38
*** sanjayu_ has quit IRC10:39
*** gyankum has quit IRC10:41
*** ssbarnea_ has quit IRC10:42
d0ugalAnyone got a moment to help me figure out why this failed? I can't spot it...
d0ugalLooks like the overcloud deploy failed10:43
d0ugalbut why?10:43
*** mrunge has joined #tripleo10:44
jaosoriord0ugal: seems there was an issue with some workflow
*** saneax has quit IRC10:46
d0ugaljaosorior: aha!10:47
*** saneax has joined #tripleo10:48
*** mdnadeem_ has quit IRC10:51
d0ugalI thought it was unrelated to the patch, but I think it is now very related :)10:51
Tenguhumpf. doesn't seem to work as expected .-10:52
d0ugalTengu: What doesn't?10:52
Tenguah, my current patch, sorry10:52
Tengud0ugal: thinking aloud.10:52
d0ugalI never expect my patches to work, but that means they always work as expected...10:53
*** sanjay__u has quit IRC10:54
Tenguwell, I'm trying a tricky thing, and apparently ansible isn't that happy to comply with my thoughts ;).10:54
Tengunasty ansible.10:54
Tenguwill probably need to do some ugly things in the end, and I hate doing ugly things.10:55
*** morazi has quit IRC10:55
*** takashi has quit IRC10:57
openstackgerritDougal Matthews proposed openstack/tripleo-common master: DNM Testing 0 retry attempts
openstackgerritDougal Matthews proposed openstack/tripleo-common master: Set the initial attempt to 0
openstackgerritCédric Jeanneret proposed openstack/tripleo-heat-templates master: WIP - Manage public certificate with ansible
*** zoli|lunch is now known as zoli11:00
*** lifeless has joined #tripleo11:01
*** quiquell is now known as quiquell|lunch11:01
openstackgerritJiri Stransky proposed openstack/tripleo-heat-templates master: [DNM] testing scenario upgrade job
*** pradk has joined #tripleo11:04
openstackgerritDougal Matthews proposed openstack/tripleo-common master: Remove the tripleo.container_images.prepare_upload action
openstackgerritAlex Schultz proposed openstack/tripleo-common master: Fix heat api cfn healthcheck
*** moguimar has joined #tripleo11:08
*** sri_ has joined #tripleo11:09
openstackgerritMarios Andreou proposed openstack/python-tripleoclient master: WIP Remove the --container-registry-file parameter from all clis
*** ssbarnea_ has joined #tripleo11:19
*** shreshtha-away has quit IRC11:20
*** bfournie has quit IRC11:21
*** bfournie has joined #tripleo11:21
mwhahahachandankumar: any luck with the ocata undercloud tempest failures?11:23
*** derekh has joined #tripleo11:25
*** pkovar has joined #tripleo11:26
*** bfournie has quit IRC11:26
*** ykarel has joined #tripleo11:28
*** udesale_ has joined #tripleo11:28
*** udesale has quit IRC11:31
*** udesale_ has quit IRC11:33
*** jpena is now known as jpena|lunch11:33
*** ansmith has quit IRC11:36
*** ykarel has quit IRC11:37
*** lifeless_ has joined #tripleo11:37
*** lifeless has quit IRC11:38
*** amoralej is now known as amoralej|lunch11:38
eric-youngIf any core reviewers have a minute, my review needs a look and some workflow if good.
eric-youngthanks, that was quick!11:42
openstackgerritSorin Sbarnea proposed openstack/tripleo-quickstart master: avoid ignore_errors on Check for processes owned by non-root user
*** morazi has joined #tripleo11:54
*** gyankum has joined #tripleo11:54
*** dprince has joined #tripleo11:55
*** abishop has joined #tripleo11:56
*** rlandy has joined #tripleo11:56
*** raildo has joined #tripleo11:58
openstackgerritSorin Sbarnea proposed openstack/tripleo-quickstart master: Avoid local working dir task failure on local without sudo
jaosorior#startmeeting TripleO Security Squad12:00
openstackMeeting started Wed May 30 12:00:28 2018 UTC and is due to finish in 60 minutes.  The chair is jaosorior. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.12:00
*** openstack changes topic to " (Meeting topic: TripleO Security Squad)"12:00
openstackThe meeting name has been set to 'tripleo_security_squad'12:00
jaosoriorWill wait some minutes for more folks to log in12:00
jaosoriorhey moguimar, how's it going?12:00
*** bfournie has joined #tripleo12:00
jaosoriormoguimar: the oslo work?12:01
openstackgerritMarios Andreou proposed openstack/python-tripleoclient master: WIP Remove the --container-registry-file parameter from all clis
moguimarthat would be a good struggle12:01
moguimarmy computer just hates me12:01
moguimartoday, for some reason it is forgetting about my user, at some point apps stop responding and `whoiam` doesn't knows my username12:02
*** rlandy is now known as rlandy|rover12:03
moguimarit doesn't even let me turn off or reboot the computer, as my user is unknown12:04
jaosoriorthat is quite strange :/12:04
jaosoriorAlright, I guess I'll start now12:04
moguimarthats what the guys from the SSSD team said12:04
jaosoriorAs usual, the etherpad link is that one ^^12:05
jaosorior#topic Public TLS by default work update12:05
*** openstack changes topic to "Public TLS by default work update (Meeting topic: TripleO Security Squad)"12:05
jaosoriorLast week me and Tengu worked on getting public TLS by default for the overcloud12:06
jaosoriortwo main pieces are missing:12:06
jaosorior* tripleo-common patch with the logic to inject the certificate in the plan12:06
jaosorior* tripleo-heat-templates patch to make TLS the default12:06
jaosoriorThat main logic had merged at some point, but was reverted since making FQDNs the default broke Octavia (and potentially other components)12:07
jaosoriorSo, now we're looking into not using FQDNs by default, but instead rely on the IP12:07
jaosoriorThis requires us to have predictable public IPs for TripleO12:07
jaosoriorwe initially came up with
jaosoriorbut upon more discussion with the community, we'll have to change the approach12:08
jaosoriorso instead of doing everything in the deployment workflow in mistral12:08
jaosoriorwe'll add this code to the derive_parameters workflow12:08
jaosoriorcurrently, that workflow is not ran by default, so the first step is to make it so12:08
*** leitan has joined #tripleo12:09
jaosoriorjaganathan is helping out in that front. Once he gets that work done, we'll hook up the *FixedIPs parameters logic there, and subsequently the certificates as well12:09
jaosoriorthanks jaganathan for helping out12:09
*** panda|off is now known as panda12:10
jaganathanjaosorior, welcome12:10
jaosoriorany feedback/questions?12:11
*** pdeore has quit IRC12:11
*** ratailor has quit IRC12:11
*** waleedm has quit IRC12:12
jaosorior#topic Public TLS refactor12:12
*** openstack changes topic to "Public TLS refactor (Meeting topic: TripleO Security Squad)"12:12
jaosoriorSo, regarding this topic12:12
jaosoriorpublic TLS in TripleO has for a long time relied on a custom resource that runs a specific script that injects the certs12:13
jaosoriorthis is kinda tricky as it's separate from the HAProxy service definition (even though that cert is only used by HAProxy)12:13
openstackgerritMarios Andreou proposed openstack/tripleo-common master: WIP Remove container registry param from package_update_plan workflow
jaosoriorand it had the limitation that we would only inject the certificate if the role had the tags 'primary' and 'controller'12:13
jaosoriornow that we have config-download by default, we can instead just use ansible, and finally get rid of this script12:14
jaosoriorSo, Tengu started working on this, and has a WIP patch making this work12:14
jaosoriorbig thanks to Tengu for taking on this work! It's great stuff and quite needed12:14
*** eck`gone is now known as eck`12:15
jaosoriorso, this removes the tagging limitation, and is a cleaner implementation, since we will only get that cert where HAProxy is deployed12:15
jaosoriorit also allows us to span HAProxy with TLS in multiple roles, so that's a nice feature too12:15
jaosoriorSo, if folks are interested in that work, please take a look at that patch12:15
*** atoth has joined #tripleo12:16
*** quiquell|lunch is now known as quiquell12:17
jaosorior#topic Kerberos auth for keystone update12:17
*** openstack changes topic to "Kerberos auth for keystone update (Meeting topic: TripleO Security Squad)"12:17
jaosoriorI took shot at this work last week, by deploying keystone with an LDAP backend (FreeIPA being the LDAP server), and getting into the container and adding the needed packages/configuration12:18
jaosoriorturns out that the keystone kerberos plugin is broken on the client side12:18
jaosoriorreported the bug here12:18
*** pradk has quit IRC12:19
jaosoriorPre-entively, I also did some patches to get the needed packages to the keystone container12:19
jaosoriorThey have merged in kolla12:19
jaosoriorso, once we get a promotion of the containers12:19
jaosoriorthis will be easier to test out12:19
jaosoriorhopefully we can get the bug fixed soon12:19
jaosoriordoesn't seem to be too much work to get this working though12:19
jaosoriorSo, if anyone wants to take on this work, I can certainly guide on the needed next steps12:20
jaosoriorany questions/feedback?12:20
raildo+2A for kerberos on Keystone :)12:21
jaosoriorit'll be nice :)12:21
raildothat something that will benefit a bunch of services to be me independent in the authorization side12:21
raildobut maybe we will need some keystoneres feedback on it?12:22
openstackgerritCarlos Camacho proposed openstack/instack-undercloud stable/newton: Removing packages when installing Undercloud in Newton
raildoanyway, I'll start review it soon :)12:22
jaosoriorraildo: well, that's something that has already been done in keystone before. Where we would need keystoner's help is fixing!/story/200207612:23
jaosoriorraildo: also, if you want to take a look at replicating this, let me know and I can guide you through it12:23
raildojaosorior, that sounds interesting, I'll try to replicate that, we can sync about it after meeting12:24
jaosoriorraildo: lets do that12:24
jaosorior#topic Any other business12:24
*** openstack changes topic to "Any other business (Meeting topic: TripleO Security Squad)"12:24
jaosoriorAnything someone wants to bring up to the meeting?12:24
Tengujaosorior: just digging a bit - (sorry, I'm late):  might be a path using the apache kerberos mod? probably silly, but...12:25
*** pchavva has joined #tripleo12:25
jaosoriorTengu: that is indeed what I was testing out12:25
jaosoriorTengu: if you check the links that I posted above, the packages I added to kolla were mod_auth_gssapi (formerly mod_auth_kerb)12:26
jaosoriorTengu: and python-requests-kerberos12:26
jaosoriorso yeah, ultimately httpd is what does all the heavy lifting12:26
Tenguyup, just saw that. my bad, should have checked before.12:26
jaosoriorno biggie :)12:26
*** toure|gone is now known as toure12:26
Tengualso: my patch is once again in zuul, maybe it will succeed, even if I'm not happy with the solution for the gid -.-'12:27
*** jpena|lunch is now known as jpena12:28
jaosoriorTengu: it's the way it goes :/12:28
jaosorioralright folks!12:28
jaosoriorthanks for joining12:28
*** openstack changes topic to "Welcome to Rocky. CI status: GREEN as in Green Day | |"12:29
openstackMeeting ended Wed May 30 12:29:03 2018 UTC.  Information about MeetBot at . (v 0.1.4)12:29
openstackMinutes (text):
*** udesale has joined #tripleo12:29
rlandy|roverowalsh: dtantsur: hello - I am following up a ocata failure - which really could be infra related (note the non-consistent error) but I can't prove it as of yet. Pls can you review - do these failures look familiar as known ironic/nova issues?12:29
openstackLaunchpad bug 1774079 in tripleo "[ocata promotion] phase1 (ci.centos) job tripleo-quickstart-promote-ocata-rdo_trunk-minimal fails introspection/deploy "No valid host found"" [Critical,Triaged]12:29
dtantsurrlandy|rover: "No conductor service registered which supports driver" in 90% cases means ironic-conductor crashed12:31
* dtantsur -> lunch, brb12:31
*** trown|outtypewww is now known as trown12:31
rlandy|roverdtantsur: k, will pick this up when you get back - about why conductor would be crashing12:32
*** mvenesio has joined #tripleo12:37
*** ykarel has joined #tripleo12:38
*** eck` is now known as eck`gone12:38
*** eck`gone is now known as eck`12:38
*** lifeless_ has quit IRC12:41
*** amoralej|lunch is now known as amoralej12:41
owalshrlandy|rover, dtantsur: for the no valid hosts, looks like the profiles are not being set correctly. nodes have compute/control, deploy uses oooq_compute/oooq_control12:43
owalshrlandy|rover: actaully, nope, flavor maps it from oooq_compute -> compute capabilite12:44
rlandy|roverowalsh: really, we don't have a consistent failure here - which makes it hard to RCA12:46
rlandy|roverbut we have a job that does consistently fail12:46
rlandy|roversomehow similar pike jobs have no problem12:46
rlandy|roverthe diff I do see is the driver - ipmi vs ipmitool12:47
openstackgerritNir Magnezi proposed openstack/tripleo-common stable/queens: Increase services project secgroup-rules quotas when deploying Octavia
*** udesale has quit IRC12:47
rlandy|roverbut that works fine on OVB jobs ob RDO cloud - so I am a little lost here12:47
*** udesale has joined #tripleo12:47
owalshrlandy|rover: looks like network errors in
openstackgerritJohn Fulton proposed openstack/tripleo-heat-templates stable/queens: Set default application for Ceph Luminous openstack_pools
*** edmondsw has joined #tripleo12:50
rlandy|roverI suppose that may explain the variability12:50
rlandy|roverbut why only ocata?12:50
*** Nexus has quit IRC12:50
rlandy|roverarxcruz|ruck: ^^ I'm seriously considering changing the promotion criteria12:52
rlandy|roverwe're 18 days out here12:53
arxcruz|ruckrlandy|rover: okay12:53
*** mcornea has joined #tripleo12:55
Tenguomg. my review hasn' crashed yet. I think I'm on the right track, jaosorior :D12:57
jaosoriorwoot woot!12:58
openstackgerritAlex Schultz proposed openstack/tripleo-image-elements master: Fix readme formating issues
*** mvenesio has quit IRC13:02
*** ansmith has joined #tripleo13:04
openstackgerritDougal Matthews proposed openstack/tripleo-common master: Improve output when registering nodes.
*** jcoufal has joined #tripleo13:05
*** olivierbourdon38 has left #tripleo13:07
*** tzumainn has joined #tripleo13:09
Tengu\o/ some of the checks that were failing are succeeding now, jaosorior. Zull's still running, but I think it's OK now. Hopefully.13:09
jaosoriorTengu: alright, I'll check it out again in a bit13:10
Tengu:) feel free to add comments if needed, even for typo :).13:11
*** leitan has quit IRC13:11
openstackgerritDougal Matthews proposed openstack/tripleo-common master: Migrate to the new Mistral context class
TenguI'll re-check the no_log thingy in order to ensure it won't output sensitive data.13:12
jaosoriorTengu: found an issue13:12
Tengujaosorior: of course :). care to comment?13:13
jaosoriorTengu: i did already :D13:13
Tenguflash-man :D13:13
*** ykarel_ has joined #tripleo13:13
Tengugood catch13:14
openstackgerritTim Rozet proposed openstack/tripleo-heat-templates master: Add flag to enable QoS DSCP marking in ODL
jaosoriorTengu: the rest looks fine on a first read13:14
TenguI let the run finish in order to ensure I didn't miss anything else - correction to your comment is ready, I'll push later.13:15
*** ykarel has quit IRC13:16
*** lblanchard has joined #tripleo13:16
*** wolverineav has joined #tripleo13:18
*** ykarel_ is now known as ykarel13:21
*** cshastri has quit IRC13:23
*** shreshtha-away has joined #tripleo13:23
*** shreshtha-away has quit IRC13:25
*** shreshtha has joined #tripleo13:26
*** shreshtha has quit IRC13:26
*** leitan has joined #tripleo13:26
*** shreshtha has joined #tripleo13:26
*** anilvenkata has quit IRC13:28
Tengujaosorior: :] zuul caught your finding as well and wasn't happy with it. For now, this is the only failure.13:29
Tenguevent rdo CI is 100% happy.13:29
*** links has quit IRC13:29
*** links has joined #tripleo13:30
Tengujaosorior: btw, I think haproxy can take a directory as his TLS source :)13:32
*** cshastri has joined #tripleo13:35
openstackgerritDougal Matthews proposed openstack/tripleo-common master: Migrate to the new Mistral context class
Tengumandre jistr small question: haproxy runs in a container, OK. but as what user? hopefully not root... ? although it has to in order to open port < 1024 I guess...13:38
Tengu(just checked: NOT root. yey!)13:40
*** olap has joined #tripleo13:41
openstackgerritDougal Matthews proposed openstack/tripleo-common master: Remove extra parenthesis from
*** ukalifon has quit IRC13:41
*** links has quit IRC13:44
*** bkopilov_ has joined #tripleo13:44
*** cshastri has quit IRC13:45
*** hjensas has quit IRC13:45
openstackgerritCédric Jeanneret proposed openstack/tripleo-heat-templates master: Manage public certificate with ansible
Tengubeing able to remove the "WIP" in the commit message is a great feeling13:46
*** pradk has joined #tripleo13:53
rnoriegahello guys! could please take a look at this?
rnoriegait's just a cherry pick... the one in master is already merged13:56
openstackgerritMarios Andreou proposed openstack/python-tripleoclient master: Remove --container-registry-file parameter from * upgrade clis
*** gbarros has joined #tripleo13:58
openstackgerritCédric Jeanneret proposed openstack/tripleo-heat-templates master: Manage public certificate with ansible
Tengudamned. find an error in some doc.14:01
*** EmilienM_PTO is now known as EmilienM14:08
Tenguwelcome back EmilienM14:08
EmilienMTengu: thanks :)14:09
*** nkinder_ has quit IRC14:10
openstackgerritBrent Eagles proposed openstack/tripleo-heat-templates master: Enable DVR on compute role to better support upgrading
*** dciabrin has joined #tripleo14:11
*** dciabrin_ has quit IRC14:11
trozetEmilienM: now you can remove your -2 on the ODL OOO CI patch :)14:11
EmilienMtrozet: will look14:12
trozetmwhahaha: can you please review when you have a minute14:13
*** Guest62139 has quit IRC14:13
*** janki has quit IRC14:15
*** marios has quit IRC14:16
*** radek__ has quit IRC14:16
*** quiquell is now known as quique14:16
*** quique is now known as quiquell|off14:16
*** marios has joined #tripleo14:16
mwhahahatrozet: it's in merge conflict14:17
*** lblanchard has quit IRC14:17
*** flaper87 has joined #tripleo14:20
trozetmwhahaha: weird ti doesnt say merge conflict14:24
*** hjensas has joined #tripleo14:25
mwhahahatrozet: i've got a giant red Cannot Merge14:25
*** hjensas has quit IRC14:25
*** hjensas has joined #tripleo14:25
*** rajinir has joined #tripleo14:25
trozetmwhahaha: i mean i am colorblind, but not seeing it14:25
trozetmwhahaha: i'll rebase it14:26
*** skramaja has quit IRC14:29
*** moguimar has quit IRC14:32
*** masco has quit IRC14:32
myoungmwhahaha: do you have a hot sec to chat with rlandy|rover and arxcruz|ruck?14:32
mwhahahamyoung: after cix meeting, gimme a few14:32
*** rpioso|afk is now known as rpioso14:33
*** moguimar has joined #tripleo14:34
openstackgerritTim Rozet proposed openstack/tripleo-heat-templates master: Add OPNFV scenario environment
*** pblaho has quit IRC14:35
mwhahahatrozet: i was talking about
trozetmwhahaha: yeah me too, i dont see any cannot merge, but if i hit rebase button i see merge conflict14:37
trozetmwhahaha: must just be my gui is messed up14:37
mwhahahais possible14:37
myoungmwhahaha, rlandy|rover, arxcruz|ruck we can just discuss in cix14:39
arxcruz|ruckmyoung: indeed14:39
*** moshele has quit IRC14:41
openstackgerritRonelle Landy proposed openstack/tripleo-quickstart-extras master: DNM: Add doc for the libvirt reproducer
openstackgerritDougal Matthews proposed openstack/python-tripleoclient master: If there is an exception, always print the full traceback.
d0ugalmwhahaha: ^ I opened that patch before to try and help this problem, so we at least had more information to debug14:46
d0ugalMaybe I should try and continue with it14:46
mwhahahad0ugal: sounds good14:46
*** saneax has quit IRC14:47
mwhahahad0ugal: i was thinking about
EmilienMchandankumar: did you have time to look at why containerized tempest fail ?14:48
*** rbowen has quit IRC14:49
d0ugalmwhahaha: I hadn't seen that one. Looks like it does something similar, but only in a couple of places.14:49
openstackgerritJames Slagle proposed openstack/tripleo-common master: Workflow and action for deployment failures
d0ugalrbrady,apetrich,thrash,toure,jtomasek: Workflow squad meeting in 7 mins.
*** ykarel is now known as ykarel|away14:53
*** aufi has quit IRC14:53
Tengumandre: shall we discuss your comment tomorrow? I'm not 100% sure to understand it, I'm in mtg right now and will need to leave right after it. In what TZ are you? you seems pretty near CET :)14:55
*** vpickard is now known as vpickard_14:56
*** paramite_ has quit IRC14:56
Tengusee you tomorrow14:57
mandreTengu: no problem at all, enjoy your evening!14:57
mandrewe're in the same TZ i believe, GTM+214:58
*** bfournie has quit IRC14:59
*** ykarel|away is now known as ykarel15:02
*** eck` is now known as eck`gone15:06
openstackgerritHarald Jensås proposed openstack/instack-undercloud stable/queens: Fix duplicate entries in /etc/sysconfig/iptables
chandankumarEmilienM: I tried that one with reproducer script but not able to reproduce on rdo cloud15:07
EmilienMchandankumar: it worked in rdo cloud?15:09
chandankumarEmilienM: yup15:11
EmilienMchandankumar: ok15:16
*** pkovar has quit IRC15:19
*** pkovar has joined #tripleo15:20
*** rfolco_ has joined #tripleo15:21
*** rfolco has quit IRC15:23
*** Guest48153 is now known as melwitt15:25
*** ansmith has quit IRC15:28
*** Nexus has joined #tripleo15:32
*** janki has joined #tripleo15:33
*** pcaruana has quit IRC15:33
openstackgerritEmilien Macchi proposed openstack/python-tripleoclient master: Mark upgrade_cleanup option as experimental
*** udesale has quit IRC15:36
*** bfournie has joined #tripleo15:37
openstackgerritEmilien Macchi proposed openstack/tripleo-validations stable/queens: Fix documentations for pypi
*** ansmith has joined #tripleo15:40
*** yprokule has quit IRC15:40
openstackgerritMarios Andreou proposed openstack/tripleo-docs master: Remove --container-registry-file parameter from upgrade docs
*** udesale has joined #tripleo15:43
*** avivgt has quit IRC15:49
openstackgerritMerged openstack/instack master: Fix readme for package
*** ykarel is now known as ykarel|away15:50
*** ansmith has quit IRC15:51
*** ansmith has joined #tripleo15:52
*** radek__ has joined #tripleo15:57
*** ykarel|away has quit IRC16:02
*** zoli is now known as zoli|gone16:04
*** zoli|gone is now known as zoli16:04
*** moshele has joined #tripleo16:08
mwhahahaarxcruz|ruck, rlandy|rover: can we fix the cmd2 for teh rdo-kolla-build-integration jobs,
* mwhahaha is unsure why we aren't getting the upper-constraints/global-requirements from upstream for that16:13
*** eck`gone is now known as eck`16:14
*** moshele has quit IRC16:14
*** saneax has joined #tripleo16:18
*** panda is now known as panda|off16:19
openstackgerritMarios Andreou proposed openstack/tripleo-common master: Remove container registry param from package_update_plan workflow
openstackgerritJames Slagle proposed openstack/python-tripleoclient master: openstack overcloud failures
*** pcaruana has joined #tripleo16:23
chandankumarmwhahaha: creating the env for the same, will take a look tonight16:23
*** trown is now known as trown|lunch16:26
*** udesale has quit IRC16:26
*** marios has quit IRC16:27
*** salmankhan has quit IRC16:29
openstackgerritTim Rozet proposed openstack/tripleo-heat-templates master: Add OPNFV scenario environment
*** ffiore has quit IRC16:30
openstackgerritAlex Schultz proposed openstack/instack-undercloud stable/newton: Add constraints to stable/newton
openstackgerritAlex Schultz proposed openstack/instack-undercloud stable/ocata: Add constraints to stable/ocata
openstackgerritAlex Schultz proposed openstack/instack-undercloud stable/newton: Fix ntp configuration.
*** eck` is now known as eck`gone16:37
*** khyr0n has joined #tripleo16:38
*** jpena is now known as jpena|off16:41
*** moshele has joined #tripleo16:47
openstackgerritRaoul Scarazzini proposed openstack/tripleo-ha-utils master: Fix Pacemaker NG test C inside the main task
*** olap has quit IRC16:48
*** shreshtha has quit IRC16:48
*** rlandy|rover is now known as rlandy|rover|brb16:49
*** moshele has quit IRC16:51
*** jpena|off is now known as jpena16:52
alee_mcornea, so now that I'm back from summit -- what are we waiting on for the password change jobs? verification of the password change?  can we start merging the patches (its an experimental job after al) and add the password verification afterwards?16:52
*** gbarros has quit IRC16:53
openstackgerritAlex Schultz proposed openstack/instack-undercloud stable/newton: Add constraints to stable/newton
mcorneaalee_: it's fine by me, let me vote on the tripleo-upgrade patch, it'll need one more core reviewer eyes16:53
alee_mcornea, cool thanks16:55
*** gbarros has joined #tripleo16:56
alee_mwhahaha, EmilienM ^^ a second pair of eyes on  perhaps?16:56
*** pradk has quit IRC16:56
alee_I'll start rebasing the other patches too16:56
alee_weshay, ^^16:57
*** holser__ has quit IRC16:57
openstackgerritMichele Baldessari proposed openstack/tripleo-quickstart master: Fix up pm_addr when undercloud_local_ip is specified
*** rpioso is now known as rpioso|eat16:59
*** dtantsur is now known as dtantsur|afk17:00
*** derekh has quit IRC17:01
openstackgerritAlex Schultz proposed openstack/instack-undercloud stable/pike: Avoid for constraints support
*** pkovar has quit IRC17:04
Tengumandre: hmm yep, due to summer time I'm also +2 :). see you tomorrow then!17:05
openstackgerritAlex Schultz proposed openstack/instack-undercloud stable/ocata: Avoid for constraints support
openstackgerritAlex Schultz proposed openstack/instack-undercloud stable/newton: Fix ntp configuration.
*** radek__ has quit IRC17:06
* mwhahaha moves world around to fix old branches17:06
*** amoralej is now known as amoralej|off17:07
*** tesseract has quit IRC17:10
*** yamahata has joined #tripleo17:11
*** vpickard_ is now known as vpickard17:12
mwhahahaarxcruz|ruck, rlandy|rover|brb: rdo cloud problems?17:15
mwhahahaResolving timed out after 10523 milliseconds17:16
arxcruz|ruckmwhahaha: hmmm, that's new, we saw some dns problems in the promoter server, but not in other instances of rdocloud17:17
arxcruz|ruckopening a lp17:17
mwhahahaarxcruz|ruck: EmilienM said he had dns problems on a fresh vm17:17
EmilienMI spawned a server 5 min ago and I couldn't ping google17:17
EmilienMI had to change DNS config17:17
EmilienM(note that I rebooted the server, got old dns config and it worked, so probably transient)17:17
*** jpena is now known as jpena|off17:18
arxcruz|ruckbug created17:19
openstackLaunchpad bug 1774236 in tripleo "Timeout while downloading image " [High,Triaged]17:19
arxcruz|ruckrlandy|rover|brb: ^17:19
*** moshele has joined #tripleo17:21
*** gyankum has quit IRC17:23
*** ansmith has quit IRC17:25
*** pradk has joined #tripleo17:25
*** ssbarnea_ has quit IRC17:27
*** waleedm has joined #tripleo17:29
alee_mwhahaha, responded to your comment in
*** ledo_ has joined #tripleo17:29
alee_mwhahaha, its more of a pain, but I can use the mistral action if thats better ..17:30
mwhahahaalee_: so what's the use case for this?17:31
mwhahahaalee_: why can't we wrap it in an existing workflow to add it to the plan17:31
*** jpich has quit IRC17:31
*** moshele has quit IRC17:32
mwhahahaalee_: the thing about this role is that it can't be added to the UI. where as if you create a workflow to 1) generate passwords and 2) add it to the deployment plan, then it can be used by the cli/UI17:32
*** waleedm has quit IRC17:33
*** dprince has quit IRC17:33
mwhahahaalee_: i'm just not sure what this action has anything to do with tripleo-upgrade17:34
alee_mwhahaha, well - it has to do with making config changes17:34
mwhahahaalee_: which has nothing to do with tripleo-upgrade17:35
mwhahahaalee_: this user action of 'change all the passwords' could be done via a workflow action and a plan update. we could create a new tripleoclient action to execute this17:36
alee_mwhahaha, ok I'm happy to put it somewhere else if that makes more sense.  mcornea ^^17:39
*** trown|lunch is now known as trown17:39
*** ansmith has joined #tripleo17:41
mcorneamwhahaha: alee_ tripleo-upgrade was the closest test repo where we trigger this kind of post deployment actions17:42
*** moshele has joined #tripleo17:45
*** ssbarnea_ has joined #tripleo17:45
alee_mcornea, mwhahaha right - I did not see any actions where we end up doing a re-deploy17:46
*** rlandy|rover|brb is now known as rlandy|rover17:46
openstackgerritmathieu bultel proposed openstack/python-tripleoclient master: Fix local path for templates outside of the plan
rlandy|roverarxcruz|ruck: look sok now17:49
*** gbarros has quit IRC17:50
*** gbarros has joined #tripleo17:50
mwhahahamcorena, alee_:  so this kind of action is a day 2 op that we can roll into a workflow and expose to end users. I think we want to have a different place for these types of day 2 operations17:51
alee_mwhahaha, where do you suggest? another repo?17:52
mcorneamwhahaha: alee_ so should we create a new test repo for day 2 operations?17:52
*** gvrangan has joined #tripleo17:53
mwhahahaWell the password rotate should be a function we automate17:53
rlandy|roverarxcruz|ruck, mwhahaha: ^^ kolla build is back on its feet - we chatted yesterday with dmanchad regarding dns issues we picked up17:53
mwhahahaAnd not in a test repo17:53
rlandy|roverwe had no resolution at that point - I picked up the LP - possibly it's our dns server that is not working as it should17:53
alee_so there are two parts to the password rotate -- 1) generate a new env file with passed in/ generated passwords  2) redeploy with new env file17:54
alee_where should either/both of these actions live17:55
alee_the re-deploy with new env file (which may include changes other than password changes) is a general thing17:56
*** ledo__ has joined #tripleo17:56
*** psachin has quit IRC17:57
*** rpioso|eat is now known as rpioso17:58
gvrangantrozet, hi17:58
*** dprince has joined #tripleo17:58
*** ledo_ has quit IRC18:00
openstackgerritJames Slagle proposed openstack/tripleo-common master: Add ssh_network input
openstackgerritJames Slagle proposed openstack/python-tripleoclient master: Add --overcloud-ssh-network
alee_mwhahaha, mcornea just a note that the cofig_change code ended up in tripleo-upgrade because the code to do things like rewrite the overcloud-deploy script to include the new env files was there.18:04
alee_how is tripleo-upgrade not a day 2 type of repo?18:04
*** mvenesio has joined #tripleo18:05
*** abishop has quit IRC18:08
mwhahahaalee_: because it's only for upgrades18:09
*** pcaruana has quit IRC18:09
mcorneaalee_: mwhahaha yes, in general terms the upgrade is a day 2 operation with many specific things(previously deploy command with specific environment files, now cli commands) and we already have some helper code to allow easy run of overcloud deploy after the initial deployment. that's why I agreed to add the config changes to tripleo-upgrade.18:10
alee_mwhahaha, mcornea so we want a another repo called tripleo-config-change?18:10
*** ansmith has quit IRC18:10
*** rbrady is now known as rbrady-afk18:10
mwhahahaalee_: I guess i'm missing what you're trying to accomplish18:10
*** ansmith has joined #tripleo18:11
mwhahahaalee_: for me, password rotation should be a workflow and triggered via cli/ui18:11
*** ccamacho has quit IRC18:11
mwhahahaalee_: that is not something that should exist as an ansible role in some day 2 repo. the ansible role could call the cli command itself, but it would not do the password setting like you have18:11
mwhahahaalee_: triple-upgrade has some extra bits consumed by upstream/downstream CI tooling, but is not a day-2 operation repo18:12
mcorneamwhahaha: so in this case what would trigger the workflow and verify that it did what it's supposed to do?18:12
mwhahahamcornea: the verification can should be in an external framework of some sort18:12
mwhahahathe generate new passwords, update plan, push update out should be workflow driven18:13
*** ledo__ has quit IRC18:13
mwhahahabecause that is an actual day2 operation by the end user18:13
mcorneamwhahaha: I guess that's what alee_ is looking for - the external framework18:13
mwhahahawe don't have one18:13
mwhahahaand tripleo-upgrade isn't that18:13
mwhahahawhat you'd propose might be something that could be in a tripleo tempest test18:13
*** paramite_ has joined #tripleo18:13
*** waleedm has joined #tripleo18:13
*** suuuper has quit IRC18:15
mcorneaI'm not sure tempest is suitable for this kind of thing: we'd need something that triggers the workflow which, wait for stack update to finish, then ssh to node(s) and check conf files/inspect db18:15
mwhahahamcornea: right so we need a framework that does extend system testing that the upstream currently may not provide18:15
mwhahahamcornea: alee_: what you're describe is something that aligns more with extended testing that we currently do not do upstream. From an upstream standpoint, I would be interested in rolling the actions you wish to test in a consumable funciton by end users, but the actual validation of this may not be possible in the upstream at this time18:16
*** gfidente is now known as gfidente|pto18:17
*** gfidente|pto is now known as gfidente|afk18:17
alee_mwhahaha, but it certainly is possible using the current scenario based jobs --
mwhahahaalee_: yes it might be possible, but at that point the validation would be in oooq18:17
mwhahahaalee_: we've been investigating ansible day 2 operations in a role, but it is not currently under openstack,
alee_mwhahaha, unless we continue with the current approach and put the vaildation in tripleo-upgrade18:18
mwhahahaalee_: so the password validations might be something to include in tripleo-validations18:19
mwhahahaalee_: where we check the plan, and make sure all the passwords have been updated18:19
mwhahahaalee_: so the action to change the passwords is workflow/cli driven, then tripleo-validations is used to make sure the passwords are what we expect18:19
mwhahahaalee_: but no, tripleo-upgrade is not the correct place for any of this18:19
openstackgerritJames Slagle proposed openstack/python-tripleoclient master: Add --config-download-only
alee_mwhahaha, so let me see if I understand what you're suggesting ..18:22
alee_in tripleo-common, we would add two new actions -- one to generate new passwords and put them in an env file, and one to perform a config-change18:24
*** moshele has quit IRC18:24
alee_the config-change action would take a list of env files and re run the deploy script with those addtional env files appended18:24
mwhahahai'm not sure we need a config-change action, as it's just a deploy with updated plan18:25
alee_I see ..18:26
mwhahahaso i'd assume it'd be the following: 1) new workflow to generate passwords and put them into the plan, 2) new workflow to download passwords (so folks can extract them if this doesn't already exist).  The cli/ui would call workflow 1) and run a deployment. This could be wrapped in single cmd line like 'openstack overcloud password-rotate'18:26
*** waleedm has quit IRC18:28
mwhahahafrom a security standpoint it's likely that a customer would want to do this which is why i say it should be included in tripleo as a proper function18:28
mwhahahaand not some ansible bits18:28
alee_ok - an then some kind of vslidation that the passwod have in fact been changed in tripleo-validations -- where we pass in a file of password changes ..18:29
mwhahahathe validation itself, is the trickier part on how we check the systems, but i think you could query the stack from tripleo-validations and then validate the passwords18:29
alee_or maybe look at the plan18:29
mwhahahayou could probablyu do all the password validations from the plan as you'd have networks and endpoints, etc18:30
alee_as to a job where all this comes together and is tested together -- thats TBD ..18:31
*** ssbarnea_ has quit IRC18:31
alee_mwhahaha, ok yeah - this is doable18:32
alee_mwhahaha, the part I was missing before was redeploy == deploy with modified plan18:34
openstackgerritMerged openstack/tripleo-heat-templates stable/queens: Add support of shared staging location for glance-direct
openstackgerritMerged openstack/tripleo-common master: Set deployment_status from config_download_deploy
openstackgerritMerged openstack/tripleo-common master: Add workflow for plan deployment status
openstackgerritMerged openstack/python-tripleoclient master: overcloud plan deployment status
mwhahahaalee_: for example, we already do this with the fernet key rotation,
mwhahahaalee_: where we create a workflow for some day2 operations. i think the password rotation should be done in a similar fashion18:39
mwhahahaalee_: the password rotation is slightly different in that it does need a full deployment rather than being able to adjust the files. but it's a similar thing where we'd want an operator to trigger some series of actions that we handle via mistral/etc18:39
*** ayoung has joined #tripleo18:40
*** jcoufal_ has joined #tripleo18:40
*** jcoufal has quit IRC18:44
*** rwsu has quit IRC18:51
*** eck`gone is now known as eck`18:52
*** salmankhan has joined #tripleo18:53
openstackgerritJames Slagle proposed openstack/tripleo-common master: Create config-download-latest symlink
*** atoth has quit IRC18:55
openstackgerritJames Slagle proposed openstack/tripleo-common master: Create config-download-latest symlink
*** fragatina has quit IRC18:56
*** yolanda has joined #tripleo18:57
*** salmankhan has quit IRC18:57
*** moshele has joined #tripleo18:58
*** yolanda_ has quit IRC18:59
*** moshele has quit IRC19:05
*** janki has quit IRC19:08
*** moshele has joined #tripleo19:10
*** waleedm has joined #tripleo19:18
*** moshele has quit IRC19:19
*** abishop has joined #tripleo19:29
*** gfidente|afk has quit IRC19:31
*** lifeless has joined #tripleo19:31
*** ssbarnea_ has joined #tripleo19:33
*** wolverineav has quit IRC19:35
*** wolverineav has joined #tripleo19:35
*** wolverineav has quit IRC19:40
*** moshele has joined #tripleo19:44
openstackgerritJames Slagle proposed openstack/python-tripleoclient master: openstack overcloud failures
*** salmankhan has joined #tripleo19:46
*** moshele has quit IRC19:46
*** slaweq_ has joined #tripleo19:47
*** slaweq has quit IRC19:48
openstackgerritAlan Bishop proposed openstack/tripleo-heat-templates master: Reset Cinder RPC versions after upgrade
*** raildo has quit IRC19:50
*** olap has joined #tripleo19:51
*** dparkes has joined #tripleo19:55
*** dparkes has quit IRC20:01
*** paramite_ has quit IRC20:05
openstackgerritBrent Eagles proposed openstack/tripleo-docs master: Deployment instructions for Octavia
*** mvenesio has quit IRC20:08
*** mvenesio has joined #tripleo20:08
*** gvrangan has quit IRC20:09
*** ayoung has quit IRC20:11
*** mvenesio has quit IRC20:13
*** waleedm has quit IRC20:13
*** wolverineav has joined #tripleo20:13
*** waleedm has joined #tripleo20:13
*** moshele has joined #tripleo20:15
*** wolverin_ has joined #tripleo20:16
*** wolverineav has quit IRC20:16
*** moshele has quit IRC20:17
*** olap has quit IRC20:22
*** zshi has quit IRC20:24
*** zshi has joined #tripleo20:24
*** trown is now known as trown|outtypewww20:25
*** florianf has quit IRC20:34
*** ansmith has quit IRC20:35
*** morazi has quit IRC20:36
*** fragatina has joined #tripleo20:38
*** rwsu has joined #tripleo20:43
*** itlinux has joined #tripleo20:44
*** moshele has joined #tripleo20:48
*** radeks__ has quit IRC20:50
*** pchavva has quit IRC20:51
openstackgerritBob Fournier proposed openstack/instack-undercloud master: Allow local_mtu to be set to value greater than default (1500)
*** artom has quit IRC20:53
*** moshele has quit IRC20:56
*** waleedm has quit IRC20:58
*** moshele has joined #tripleo21:01
openstackgerritJohn Fulton proposed openstack/tripleo-quickstart master: Update featureset024 to use ceph-ansible for Pike
openstackgerritmathieu bultel proposed openstack/python-tripleoclient master: Do not merged, test ci update job
*** pradk has quit IRC21:08
*** bfournie has quit IRC21:11
openstackgerritJohn Fulton proposed openstack/tripleo-heat-templates stable/pike: WIP: Add CI/development block devices environment files
*** ssbarnea_ has quit IRC21:14
*** moshele has quit IRC21:16
*** dprince has quit IRC21:24
*** lifeless has quit IRC21:26
*** lifeless_ has joined #tripleo21:26
*** salmankhan has quit IRC21:29
*** ansmith has joined #tripleo21:35
*** mcornea has quit IRC21:36
*** lifeless has joined #tripleo21:38
*** lifeless_ has quit IRC21:38
*** mcornea has joined #tripleo21:39
*** jcoufal_ has quit IRC21:41
*** itlinux has quit IRC21:43
*** abishop has quit IRC21:43
*** fragatina has quit IRC21:46
*** fragatina has joined #tripleo21:46
openstackgerritBen Nemec proposed openstack/tripleo-quickstart master: Run Designate tempest test in scenario003
*** lifeless has quit IRC22:03
openstackgerritMerged openstack/tripleo-ha-utils master: Fix Pacemaker NG test C inside the main task
*** lifeless has joined #tripleo22:04
openstackgerritMerged openstack/puppet-tripleo stable/queens: Lower the default stunnel log level
*** rcernin has joined #tripleo22:22
*** rlandy|rover is now known as rlandy|rover|bbl22:23
*** slaweq_ has quit IRC22:30
*** slaweq has joined #tripleo22:30
*** lifeless has quit IRC22:33
*** slaweq has quit IRC22:34
*** lifeless has joined #tripleo22:35
*** mcornea has quit IRC22:41
*** wolverin_ has quit IRC22:45
*** wolverineav has joined #tripleo22:45
openstackgerritMerged openstack/tripleo-heat-templates stable/queens: Remove CephAnsiblePlaybook parameter reset from ceph-ansible env files
openstackgerritMerged openstack/tripleo-heat-templates stable/queens: Disable StrictHostKeyChecking when removing keys too
*** wolverineav has quit IRC22:50
*** bfournie has joined #tripleo22:52
*** lblanchard has joined #tripleo22:52
openstackgerritMerged openstack/tripleo-heat-templates master: gnocchi: add missing /var/lib/gnocchi
*** edmondsw has quit IRC22:52
*** edmondsw has joined #tripleo22:53
*** edmondsw has quit IRC22:57
*** tosky has quit IRC23:04
*** thrash is now known as thrash|g0ne23:06
*** lblanchard has quit IRC23:08
*** lifeless has quit IRC23:11
*** pmannidi has quit IRC23:13
*** wolverineav has joined #tripleo23:18
*** lblanchard has joined #tripleo23:28
*** jbcraig has quit IRC23:29
*** vpickard is now known as vpickard_23:30
*** jbcraig has joined #tripleo23:30
*** saneax has quit IRC23:33
*** sanjayu_ has joined #tripleo23:33
*** jbcraig has quit IRC23:34
openstackgerritJames Slagle proposed openstack/python-tripleoclient master: openstack overcloud failures
*** toure is now known as toure|gone23:41
*** lifeless has joined #tripleo23:41
openstackgerritHonza Pokorny proposed openstack/tripleo-common master: Don't overwrite container defaults when creating a plan
*** rpioso is now known as rpioso|afk23:55
*** lifeless has quit IRC23:58
*** lifeless has joined #tripleo23:59
*** artom has joined #tripleo23:59

Generated by 2.15.3 by Marius Gedminas - find it at!