17:44:57 #startmeeting kolla 17:44:57 Meeting started Wed Jan 31 17:44:57 2018 UTC and is due to finish in 60 minutes. The chair is dtk. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:44:58 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:45:00 The meeting name has been set to 'kolla' 17:45:52 join #openstack-meeting-4 18:03:17 I want to list all the volumes in my openstack setup, and the projects they are a part of. `openstack volume list --all-projects` doesn’t have a projects column 18:03:22 any help/suggestions? 18:10:34 nevermind.. its an extra loop step, but I will just do an openstack project list first and then loop volumes for project. 18:14:38 sauloaugusto: thanks for replying! 18:18:53 sauloaugusto: I do have kvm and kvm_amd loaded - /dev/kvm and /dev/net/tun are present with proper permissions, and just to be sure I set virt_type=kvm in /etc/nova/nova.conf under [libvirt] 18:19:07 (This is an AMD Opteron based system) 18:24:31 OK . 18:24:35 try this . 18:25:25 compute_driver = libvirt.LibvirtDriver at [DEFAULT] section . 18:27:32 testing 18:47:08 Hi guys, i'm trying to configure horizon and memcached to use SSL, anyone knows if this is possible ? 18:48:26 sauloaugusto: same problem. I did discover something though. I created a libvirt domain, defined it with virsh define, and got: 18:48:28 error: internal error: Process exited prior to exec: libvirt: QEMU Driver error : Failed to create /var/run/libvirt/qemu/test.lxc/console: No such file or directory 18:48:35 on a 'virsh start' 18:48:48 sauloaugusto: One thing I didn't mention, this compute node is in an LXC container 18:49:05 So this looks like some behavioral change WRT libvirt running within LXC 18:51:02 Yes . That is a libvirt problem and not a openstack problem . 18:51:37 Anyway . do you have the /var/run/libvirt/qemu directory ? 18:51:49 LXC doesn’t get full access to the kernel 18:52:13 kvm needs full access to the kernel. 18:52:19 try this 18:52:22 [libvirt] 18:52:24 virt_type = lxc 18:52:35 from : https://docs.openstack.org/ocata/config-reference/compute/hypervisor-lxc.html 19:05:20 ah but I don't want to use LXC, want to run KVM VM's 19:05:45 schmots: did work before, but I did also update LXC on the outer host, so maybe it's more restrictive by default, I'll have to check 19:06:15 you are trying to run instances as LXC images, or run instances INSIDE and lxc guest? 19:06:17 It does almost seem like libvirt is defaulting to LXC containers based on the error message 19:07:36 schmots: trying to run KVM VM's within an LXC container. This did work previously when the stack was LXC 1.x and within the container libvirt 1.x - when I upgraded from Newton to Ocata I upgraded everything else as well, so a lot of parts of the stack appear to have changed behaviors 19:07:58 I am suprised that worked at all. 19:08:01 sorry it broke 19:08:18 schmots: openstack-ansible does the same, runs all the components in LXC containers 19:08:29 I'm curious how they get neutron into LXC, that's a doozy 19:09:01 Anyway, now that I see it's libvirt I'll start poking around there - rest of the Ocata upgrade was pretty smooth, which is great. Smoother than previous upgrades 19:24:55 I'm running Ocata on Ubuntu 16.04. We are running ceph as a back end for block/object and have noticed that we cannot create containers using the dashboard (CLI works fine). Manipulating pseudo directories and files within an existing container works fine through the dashboard. Here is a screenshot with the developer console open showing some js errors: https://imgur.com/a/OoIe2 Looking for some 19:25:01 guidance on this one please 02:43:57 hello people! 05:26:32 Hello 05:27:11 we created vm with nova and also we are putting our physical interface to virtual bridge 05:27:52 Inside the vm we installed openvswitch and assigned ip to bridge but it is not able to ping or it is not reachable 05:28:07 what is the way to add the virtual port through nova? 08:10:14 Hello. what is the parent of instance_system_metadata , it has foreign key instance uuid 08:10:55 Hello ameed 08:12:11 Hello Zaid :) 08:22:04 the ceph backup driver for cinder states that it can do backups across ceph clusters. is there a configuration example somewhere? 09:44:33 Hello all - does anyone have a bug with Pike Horizon, whereby if you select an image in Horizon and open the details, e.g https://openstack/ngdetails/OS::Glance::Image/7eadd643-a3f7-4266-8a43-a399da436432 -- and then reload the page, you're presented with a 404 error? 09:44:47 Or if you load the URL for an image similar to the above directly? 10:33:37 the openstack templates are just files, righT? 10:33:45 you don't see a list of templates via Openstack CLI 10:33:52 and you can't see which template created which stack 10:33:55 am i right? 12:17:05 Hi, I want to build a Horizon dashboard which visualises the utilisation of an Openstack environment. Anyone has build something similar? Any tips to start with? Thanks. 12:56:37 Hi guys - I have 2 AZs with compute and storage nodes placed in their respective zones (compute nodes also provide storage). When I want to create new instances in AZ 1, the instances are created there, but the volumes are spread over the 2 cinder AZs. 12:56:49 Any way to override this? Setting default_availability_zone doesn't help at all. 12:56:57 And yes, I've restarted the services. 14:10:18 hello folks 14:10:30 helooo folks 14:10:42 nova command have key --meta 14:10:49 nova boot --meta 14:11:05 what information i can provide to instance by adding --meta? 14:11:08 any ideas? 14:18:16 lvdombrkr: anything you want. It's for arbitary key/value properties. 14:54:37 larsks: thanks, if i add to nova boot command for example --meta key1=test 14:55:01 larsks: how can i see this data from my instance? 14:59:29 lvdombrkr: it's available from the metadata service at http://169.254.169.254/openstack/latest/meta_data.json 14:59:43 That returns a JSON blob with a 'meta' key that contains your custom properties. 15:00:04 The return value looks something like https://gist.github.com/larsks/870380f3881b074621c6a0d86aab59e2 15:04:39 larsks: but if i ssh my instance can i see this value from terminal? 15:05:07 lvdombrkr: Yes, by making a request (e.g., using curl) to that url. 15:13:38 larsks: so my question is why i need this metadata on my instance? what is aim of metadata? 15:15:59 lvdombrkr: it's meant for you to use in your own workflows. E.g., maybe you autoamted tooling that spawns instances; you could use metadata to mark them as "temporary" and then have automated scripts clean them up every day. Or maybe you want to tag your servers with the name of a particular application so you could select and migrate them all as a group. Or...whatever. 15:19:54 larsks: thanks but i can use this metadata somehow inside instance? 15:20:58 lvdombrkr: as we've already discussed you have *access* to the metadata inside the instance. So, sure, you could use it somehow, but the "how" is entirely up to you. I don't have any particular suggestions. 15:22:52 has anyone tried setting up VXLAN with a router VTEP? it seems neither openstack nor openvswitch properly support it, so I would need to manually/programatically add virtual vxlan devices to my nova hosts. does that seem right? 15:25:00 larsks: thanks in assist, now its clear for me 17:55:10 Hello Gents . . does openstack external api support mutual authentication through certificates? 20:17:32 Ok, how does one cold-migrate a vm to a specific hypervisor. 20:20:54 so I have a VM instance running pfSense that I want to use as my router / gateway / firewall. This VM is attached to the public internet network (aka provider). It has a single IP, and it works. But... 20:26:24 if I try to associate a floating IP to it, I get an error like: external network "provider" is not reachable from subnet "provider-subnet" therefore cannot associate port-attached-to-compute-nova with a floating IP. 20:27:13 Question: should it be possible to associate multiple floating IPs to a single compute instance? 20:27:29 just want to make sure I'm not attempting something brain dead here 20:49:55 lru: are you assigning virtual machines directly to the external network? normally you make a (neutron) router which takes the floating IP and it forwards it to the VM on its regular tenant network 20:51:46 DHE: yes, that was my plan, in order to use pfSense as my router instead of the neutron router 20:54:12 this would only work if there is some way to have 2 or more public IPs assigned to pfSense that I can route to other VM's behind it... if this is not possible at all, then obviously it's a dead end :-) 20:54:55 seems like it should be possible, but I don't understand all the details of openstack routing yet 23:14:12 hi everyone! I am trying to login into my horizon dashboard but for some reason I get invalid credentials every time 23:14:31 same credentials over cli work ok, what could be the issue? 02:30:27 cbt: it's weird that you're getting that error with listen_tls=0. 05:14:30 How can should nova-rootwrap be configured while running nova in virtualenv? 05:20:42 Got disconnected, not sure if I was heard. 05:20:44 How can should nova-rootwrap be configured while running nova in virtualenv? 06:59:46 Hi all 06:59:56 We are facing issues with neutron dhcp not pinging 07:00:06 we brought devstack with linuxbridge and not openvswitch. gateway and other ips are pinging but the dhcp is not pinging.. any idea what might be the issue or any other conf changes we need to make? 07:00:39 And when we are putting bridge_mapping under [linux_bridge], it creates a tap device and link it to bridge.. then dhcp being reachable but gateway not reachable 07:25:41 hello world! I have a small issue with a router in a specific project (aka tenant). This router has two ports, one connected to internet with an "external-gateway", and another connected to a private subnet. It has the gateway of that subnet, as it's the router. Apparently, this internal port is down. 07:25:51 is there a way to kick it up again? 07:38:21 hello 07:38:51 oh my god 07:39:23 hello everybody 08:16:49 anyone with some neutron networking knowledge? I have a "down" port on a project router, and I just can't find how to re-activate it :/ 09:15:15 hey, i have a question about nova and flavors. My question is how is it possible that the disk size of a flavor gets ignored by nova and cinder? instead of the flavor disk size the disk size of the image is taken? any hints what the problem is? 09:40:50 with gnocchi set as backend , the storage-init fails to connect to my public gnocchi url , i tried setting interface=internalURL in ks_auth section of cloudkitty.conf , its not working yet . Any suggestion 10:47:57 hello 10:50:27 exit 11:12:55 Good night 11:30:21 hello 12:39:00 anyone here using the openstackclient from ubuntu repo? 12:39:08 apparently it is missing the subnet create command pP 12:39:10 oO 12:41:40 using the pip one works, however needs python-dev and gcc - something i do not really want to install only for an python rest api 15:53:27 when using cinderclient in python, with a privileged user - I was expecting that passing project_id= to volumes.create() would create the volume in the provided project --- however, it only gets created in the users project ... different to for example neutron; anyone know what that's about? 16:02:45 Kvisle: I don't know for certain, but that seems surprising. If you try that same thing on the command line, do you see the same behavior? 16:23:31 how to get started with open source projects 16:30:11 how do you interact here 16:35:04 stark_: what exactly would you like to do? 16:50:47 stark_: well, maybe some other time. Good luck! 19:34:44 can anyone help me understand the roles of nova-compute and neutron-linuxbridge-agent with respect to management of iptables rules? I'm trying to diagnose a problem, and it seems that both nova and neutron are fiddling with iptables, and may be tripping on eachother's toes 19:36:20 this is Pike, and nova is configured to use_neutron, and the firewall driver is not specified (which, IIUC, means it should default to the Noop one) ... so I'm not sure if nova is supposed to be touching iptables at all .... ? 19:38:51 imacdonn: it shouldn't do anything except in the FORWARD table if it does. also do note that libvirt by default does some basic setup of its own networks independent of nova 19:39:24 DHE: the FORWARD table is where I'm seeing some funkiness 19:40:44 DHE: see https://pastebin.com/R7V68Zks - seems that both neutron and nova are trying to set the order of the rules 19:42:02 DHE: The problem I'm actually trying to solve is more serious... but this symptom seems suspicious .... the change of order *sometimes* happens on instance termination too, which suggests that neutron and nova could be in a race 19:43:06 I am too trying to understand the neutron part and the iptables. I disabled DHCP for a network, horizon lists an IP and if I assign an IP other than that one there is no ip reachability 19:45:57 yes, neutron's security will restrict the host to the IP it was assigned by neutron unless you disable port security 19:47:00 hmm, totally makes sense. Without port security I loose security groups though right? 19:48:32 what happens with the static ip portion when you have to evacuate a node? Since the node gets recreated the IP changes 19:48:58 The IP address of the neutron port should not change on evac 19:48:59 I just tried that. Is there a way to force the IP to remain assigned until instance deletion? 19:49:23 it did change for me for some reason 19:49:34 how did you detect that ? 19:50:31 because the IP Address was assigned statically from within the OS (172.16.65.6). When we evacuated a VM, horizon was showing 172.16.65.8 19:50:50 and I didn't have IP reachability because the VM had the IP configured statically as 172.16.65.6 19:51:23 was 172.16.65.6 the address of a neutron port associated with the instance when it was evacuated? 19:52:46 I don't have DHCP enabled, but I could see from horizon that the VM IP was 172.16.65.6 so that's what I configured on the VM 20:19:03 cbt: sorry, got distracted ... interesting .. I'm not sure if it's normal to get a new neutron port on evacuation ... one thing you could try is creating the network port first, then when you create your instance, associate the existing network port with it ... I would think that it should be persistent in that case 20:20:02 that probably would do it, however I have a provider network instead of a tenant network 20:20:07 So I don't see the option to create ports 02:56:07 hello 02:56:26 有人吗 03:00:26 有人吗 03:04:39 what 03:07:23 有人吗 03:09:45 我来了 03:11:24 u0_a741: mostly english speakers on this channel, I think. 05:45:07 有人吗 11:21:06 hello 11:21:17 i need help 11:22:06 i want to do live migration 11:42:07 hello 11:42:20 any one here for help 20:09:00 Hi guys, how can I change the default RegionOne region to a new name? 01:54:46 test 10:07:00 hi 13:30:44 Where should I request new features for jenkins-job-builder project? 16:03:02 Tahvok: https://docs.openstack.org/infra/jenkins-job-builder/ has links for bug reporting and patch submission. 16:07:13 larsks: saw that, but it does not include request for features. Should I treat such request as a bug? 16:08:42 Sure. Make it clear in the subject that's it's a feature request. The worst that can happen is that somebody says "no thanks" and closes it. 16:09:10 ...and of course, if you actually do the feature implementation and submit a patch you have a much better chance of it getting accepted :). 16:52:24 Thanks! 04:05:03 hello 04:05:34 exit 12:39:38 hello folks 12:40:00 does anyone used as nova driver not libvirt but lxc? 13:05:09 hello folks 13:05:14 does anyone used as nova driver not libvirt but lxc? 13:38:50 hello folks 13:38:52 does anyone used as nova driver not libvirt but lxc? 14:06:11 lvdombrkr: please don't keep repeating the same question over and over. 14:06:16 (I don't use the lxc driver) 14:15:59 larsks: thanks, but sometimes to get answer here, only way is to continue pinging ) 14:16:17 but not in 45 minute increments 14:47:46 hello there! 14:48:15 I have a "small" issue : apparently, all nova "services" are flapping nicely on the computes and controllers… any hint about what I should check? 14:49:10 Tengu: well, obvious first place would be the service logs to see if there are any errors of interest there. 14:49:37 larsks: obviously… but grep-ing -i "error" doesn't show anything :/ 14:50:15 Huh. That is surprising. What about logs for your rabbitmq server? 14:50:22 Hi, does anyone heard about a way to know the openstack state in terms of VM and to be able to get it in the past ? 14:50:45 behlers: could you rephrase that question? I'm not entirely sure what you're asking. 14:50:48 larsks: pcs status is happy at least. I'll check the rabbit state. 14:52:13 larsks: hmmm... no error apparently. darn. 14:52:24 Tengu: Well, there went all my easy ideas :(. 14:52:28 all was working so well. and then… -.- 14:52:41 I would like to provide a web app where you enter a date and it gives you all the VM that were there at this time 14:52:43 oh. hmmm. 14:53:04 If you tail e.g. all your nova logs, do you see *any* messages that correlate with when the services are flapping? 14:53:05 there are some warnings for rabbitmq. closing connection. not on all three controllers. 14:53:29 larsks: API is so slow I can get only a 10s refresh on the call -.-. a pity. 14:53:40 ah, sorry, 5s :] 14:53:41 behlers: okay. No, openstack by itself doesn't provide that sort of information. You would need to arrange to record historical data like that yourself. 14:55:24 larsks: outchhh ... is it possible to rely on ceilometer or stacktach ? 14:55:56 larsks: hmmm. nova-rowflush actually does show things, but no timestamp, so no way to correlate. 14:56:21 I don't like the "integrity error" -.-. But I don't think it's the issue I'm having. 14:56:25 behlers: it depends on what you mean. When I said you would need to record that data yourself, I was suggesting that you take the data provided by ceilometer and store it somewhere. 14:56:40 So, sure, you can rely on ceilometer to *collect* the relevant information. 14:57:52 ok thanks larsks. What about initialisation ? Is there some API to get the current state ? 14:58:41 behlers: Again, I'm not sure what you mean by "state". Each service has a REST API that you can use to query for information about current resources. 14:58:53 E.g., you can ask nova for information about running/paused/etc instances. 14:59:22 You can use the event stream generated by ceilometer to get information about when nova servers are created/deleted etc. 14:59:40 you got my point. I want to know the instances states 15:01:22 Is there a possibility to get this information from database? This I will have instances states directly 15:01:33 I am getting the following error when I am running openstack-ansible setup-openstack.yml 15:01:47 2018-02-05 16:27:19,800 p=31340 u=root | [WARNING]: The loop variable 'item' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable collisions and unexpected behavior. 2018-02-05 16:27:20,220 p=31340 u=root | ok: [infra1_keystone_container-465fb3c6 -> 10.7.8.5] => (item=infra1) 2018-02-05 16:27:20,642 p=31340 u=root | failed: [infra1_keystone_cont 15:02:00 [infra1_keystone_container-465fb3c6 -> 10.7.8.4] (item=infra2) => {"failed": true, "item": "infra2", "module_stderr": "Shared connection to 10.7.8.4 closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File 15:02:14 I know my haproxy is running, I am able to ssh from deploy host to keystone container 15:02:24 can anyone tell me what is going wrong 15:02:30 behlers: I guess you could, but you shouldn't. There's no guarantee the database format is going to be stable between versions, whereas the APIs are designed to be used for exactly this purpose. They are all very well documented at e.g. https://developer.openstack.org/api-ref/compute/ 15:02:44 larsks: apparently, rebooting the three controllers one per one helped. Have to find out why. might be related to anything running on those nodes, especially rabbitmq and galera I guess? 15:02:59 Sunilv73: you may want to ask on #openstack-ansible. 15:03:21 Tengu: yeah, no ideas off the top of my head. 15:03:30 :] 15:03:53 larsks: I'm always finding some funny failures. don't worry ;). 15:06:19 larsks: agree with you. I'm wondering if it is a good idea to use ceilometer in case I want more information in the future. Do you think, I will be able to get other kind of information such as network, etc ... 15:07:08 larsks: did you ever try Stacktach? 15:07:29 larsks: seeme to be a good candidate also 15:12:44 behlers: I haven't tried Stacktach. Ceilometer collects metrics and events from most openstack services, so it's probably worth looking at. I don't know if it will meet your needs by itself or not. 15:13:56 larsks: Lost connection ... did you ever try Stacktach? StackTach seems to be a good candidate also 15:14:03 behlers: I haven't tried Stacktach. Ceilometer collects metrics and events from most openstack services, so it's probably worth looking at. I don't know if it will meet your needs by itself or not. 15:17:15 larsks: hmmm. maybe rabbitmq, due to a possible issue on the internal network. really weird. -.-' 15:17:36 it's funny seeing an openstack install going down when you don't even deploy new stuff on it :/ 15:50:28 Hi Everyone ! I’m looking for information about the integration of openstack w/ arc sight 15:51:50 I’m generating too much log for arcsight so I want to identify the right log and log level to send from openstack to arcsight 16:18:01 is there other solution than ceilometer or stacktash to catch openstack notifications ? 16:23:17 有人吗? 16:31:17 Hi, is there other solution than ceilometer or stacktash to catch openstack notifications ? 16:32:34 maybe a 3rd party client ? 16:34:30 dtk: why not. Do you have examples? 16:35:01 well, all you'd need to do is write it in any language you want, and connect to rabbitmq 16:35:13 then subscribe to nova.notifications if I recall correctly 16:39:28 dtk: thanks 16:40:15 dtk: why not relying on ceilometer or something else which has the knowledge? 16:40:41 well, you could just enable ceilometer 16:41:01 and you could also subscribe to those notifications on a side 16:41:06 with another client 16:41:28 not sure if the messages are destroyed once recieved at least once 16:44:38 dtk: in fact I need all instances state every 5 s. I'm wondering if I can use the API every 5 s without adding too much workload 16:45:33 hmmm, I personally think using the API would be best 16:45:43 for some sort of keepalive 16:45:52 / heartbeat 16:45:53 dtk: I was thinking about a mix : API call every hour and notification processing in between 16:46:22 not sure how often nova broadcasts notifications 16:47:23 It does say on vm state change 16:47:36 but we need to see exactly what that means 16:47:45 I guess some tests could be ran 16:47:54 in order to see exactly what's what 16:48:17 which we will need to do ourselves 16:48:33 I think a timestamp is provided in every notification 16:49:22 I don't need real time but accurate information 16:49:58 to be able to provide an openstack state through a webapp 17:11:35 Anyone here ? 17:12:47 Christo78ca: Hard to tell. Just ask your question, and either someone will answer or not. Keep in mind that some folks may be away and will see your question when they get back, so don't disappear about ten minutes or something... 17:14:11 Ok. 18:15:48 Ahh it's a wonderful day 18:35:35 hello guys, is there a way to prevent a regular user from uploading images to glance? I updated /etc/glance/policy.json and restarted both httpd and glance services and the user can still upload images 18:35:42 any ideas as to what I'm doing wrong? 18:46:10 ok, I figured it out. If you edit /etc/glance/policy.json it applies only to the service meaning you won't be able to do the action from the CLI. You need to edit the policy.json file for Horizon too to prevent it from showing up on the Dashboard 20:23:31 Hi ! 20:25:30 I am new to openStack, I have a question for the devstack tutorial. 20:27:41 It says it make change on my system during installation. To prevent altering my fedora system, I installed it inside a VM but it seems it doesn't have enougth ressources to run it smouthly. what set up could I do to make it run in better condition ? 20:28:30 hmmm, are you looking to make changes to any of the OpenStack's components ? 20:29:38 Now I am just looking to run it 20:29:49 hmm 20:29:57 you could give kolla-ansible a try 20:30:13 really easy way to get it up and running quickly 20:30:32 I also have a VM's setup if you'd need with it 20:31:16 Didn't thougth of container, may be ligther than a complete VM indeed 20:32:10 I'll try that, thanks for the advice ! 21:01:11 Hi guys. Is there anyone around? I have a quick question regarding the Openstack Pike setup. 21:01:27 Openstack-Ansible 21:03:00 Anyone? 21:03:22 yup 21:03:49 good 21:04:11 ok, so I ran the setup host script fine 21:04:41 However I failed on one of the items while running ```sudo openstack-ansible setup-infrastructure.yml``` 21:05:07 ```fatal: [infra1_galera_container-3564bec4]: FAILED! => {"changed": false, "failed": true, "msg": "Please set the galera_root_password v ariable prior to applying the\ngalera role.\n"}``` 21:05:16 ```infra1_galera_container-3564bec4 : ok=29 changed=16 unreachable=0 failed=1 ``` 21:05:34 other than that all other playbooks ran fine 21:06:34 see whether you have that variable defined within global vars 21:09:18 also, have you tried kolla-ansible ? 21:10:00 no, I need to setup thise hosts as the LXC containers 21:10:10 Hosts were setup correctly 21:10:35 I am just trying to understand if galera_root_password needs to be setup separately 21:12:07 got it 21:12:26 @gtk thanks 21:12:27 well, you need to provide it as an extra var maybe ? 21:12:50 try running openstack-ansible --help 21:13:06 to see whether there is a way to define those inline 21:13:49 https://github.com/openstack/openstack-ansible/blob/master/inventory/group_vars/all/infra.yml 21:13:51 here 21:17:54 thank you @dtk 21:18:59 @dtk I just realized that my /etc/openstack_deploy/user_secrets.yml file has no passwords specified 21:39:02 figured it out 21:39:03 https://docs.openstack.org/openstack-ansible/mitaka/install-guide/configure-creds.html 21:39:06 thanks! 03:15:04 running stable/pike from openstack-ansible ... in glance i have show_multiple_locations = False and i have policy.json configured for "" for (delete, get, set)_image_location and i get 403 Forbidden: It's not allowed to add locations if locations are invisible. (HTTP 403) ... if i set show_image_location to True it all works but it get a log message about deprecation ... at point does show_image_location go away and defer to 03:15:05 rbac? 03:59:18 idlemind: https://bugs.launchpad.net/glance/+bug/1595335 03:59:19 Launchpad bug 1595335 in Glance "Add image location fails when show_multiple_locations = false" [Undecided,Confirmed] 04:00:18 idlemind: i think its just borked, still not fixed upstream. dont worry they wont remove show_multiple_locations without a bug like that fixed, so i would suggest ignoring the deprecation and keeping it enabled 05:10:33 Hello All 05:10:39 I just installed https://www.rdoproject.org/install/packstack/ packstack 05:11:01 fist time messing with openstack so I thought this would be a good way t get started 05:11:18 I ahve a pretty beefy server I wa using as a ESX host now woudl be a OS Node 05:11:48 one issue I am having is that I installed it with a dhcp given Ipaddress on the server. CENTOS 7 to be specific 05:12:54 I need to change the IP address and I did it from the 15-horizon_vhost.conf file 05:13:17 I am able to load horizon on teh browser but everytime I try to login I get Unable to establish connection to keystone endpoint. 05:13:25 If i go back to the original IP address everytign works fine 05:13:41 Im thinking there is another place where the ip needs to be changed. perhaps another config file im missing 05:14:13 Also, coming from vMware I am not getting how the management network and the whole network stack works on Open stack to be honest with you 08:59:18 Hawk3r: 4 me you have to change ip address on you'r ESX host in file named keystonerc_admin 09:00:51 HawK3r: it should be in user home directory from whitch you install packstack 11:29:09 iscsi volumes aren't discoverable when presented through cinder. how can I debug iscsi target ? 14:14:11 samyaple thanks ya rosmiata in openstack-glance got back to me overnight and said the fix wasn't going to make it into queens 14:24:24 anyone have docs or information about using the linux vxlan driver as opposed to the openvswitch vxlan implementation? 14:45:40 DHE: does https://docs.openstack.org/neutron/pike/admin/deploy-lb.html help? 14:59:43 Is there a way to enforce rootwrap when running service by root? 15:06:24 larsks: I'll take a look at that... 15:53:29 hello guys, for some reason while trying to create an instance I'm getting an error. Looking at the nova-scheduler logs I see the following 2018-02-06 11:13:00.587 8498 WARNING nova.scheduler.host_manager [default default] Host compute01 has more disk space than database expected (47 GB > 39 GB) 16:01:36 vbt: that's just a warning, not the real cause of your scheduling failure 16:11:42 how can I find out the real cause of the filtering? On the log it doesn't specify why it was filtered 16:52:49 cbt: in the logs you should see the filters it passed and the one that failed to return any acceptable hosts; that filter is the cause 17:13:28 I just installed https://www.rdoproject.org/install/packstack/ packstack 17:13:29 fist time messing with openstack so I thought this would be a good way t get started 17:13:30 I ahve a pretty beefy server I wa using as a ESX host now woudl be a OS Node 17:13:31 one issue I am having is that I installed it with a dhcp given Ipaddress on the server. CENTOS 7 to be specific 17:13:32 I need to change the IP address and I did it from the 15-horizon_vhost.conf file 17:13:33 I am able to load horizon on teh browser but everytime I try to login I get Unable to establish connection to keystone endpoint. 17:13:34 If i go back to the original IP address everytign works fine 17:13:35 Im thinking there is another place where the ip needs to be changed. perhaps another config file im missing 17:13:36 Also, coming from vMware I am not getting how the management network and the whole network stack works on Open stack to be honest with you 18:48:02 hi 18:48:28 some one could help me with the flow to add new requirement in Bandit project? 18:48:50 I just create the issues on https://blueprints.launchpad.net/bandit/+spec/django-cve 18:56:26 some one know if is posible send pull request from GitHub? 18:59:32 someone could help me¿ 19:00:47 Hi @ehooo 19:01:29 I'm a little confused about what you're trying to add to bandit. 19:02:56 I think you should probably add some more details to your blueprints and then maybe try asking in #openstack-security 19:03:31 #openstack-security has the bandit core developers, so they'll be able to help you more than I can. 19:04:18 hi jessegler thanks 19:04:40 i want to add new feature to detect knows CVE related with django 19:16:21 hey guys, what is a good place to start with openstack? So far the most promising way to me looks like a juju charm, but I'm not sure: ie. https://jujucharms.com/openstack 19:38:01 in the old neutron net-create commands ... --router:external=True is equivalent to what in the openstack network create commands? 20:36:24 idlemind: yes 20:36:29 i think its --external 20:36:39 openstack help network create 20:40:13 well this channel sucks, no help around here it seems like 20:40:26 Where is the huge community OpenStack boasts about ? 20:40:36 where is the opensource community 20:41:36 lol 20:45:02 whats the best way to change the ip address after packstack has been deployed 20:45:03 I tried changing the 15-horizon_vhost.conf config file only and while I get the login screen on the new IP it does not seem ot communicate with Keystone 20:52:11 you need to update the services 20:52:12 and it's a really long process + files to be changed involve 20:52:32 I don't use packstack but rather manual install 20:54:27 @HawK3r, the open source community is currently watching the SpaceX Rocket launch 20:54:43 hahah nice 20:55:25 cbt thank you somcuh for the answer, it seems I may have to reinstall. The reason why I went the packstack route is for this: 20:56:25 I had 2 ESX with vCenter 2 DL360 servers with 72GB of RAM external iSCSI storage, 4 1gb ports each server 20:56:52 I was told the best way to go was going to be using packstack as it would use the server I have and install everything 20:57:07 at this point do I have to re-isntall the OS also or would you suggest jsut reinstalling packstack 21:33:34 SamYaple thanks 23:07:36 how do i know the ip the nuetron bgp dragent ip is using? 23:25:41 ^^ went with an ip address on the device the agent is running on and that worked. not documented anywhere though 02:00:49 guys 02:00:59 what would happen if I change the nova user password? 02:01:11 something like passwd nova and then setup my own password 02:01:20 would it break the openstack installation? 09:16:08 Hello! Has anyone had much experience with Designate-sink? I have configured it to use the same notification topics as nova & neutron but still nothing is in the sink debug logs... 11:41:52 can anyone point me to the point in source code responsible for "router:external" network attribute behaviour? 11:42:02 I want to learn what exactly happens when that attribute is set, documentation does not provide an obvious answer to me and I wanted to look at it from code perspective 11:46:54 cz2: You'll be able to find it in Neutron, I'd imagine: https://github.com/openstack/neutron/search?p=2&q=external&type=&utf8=%E2%9C%93 11:49:31 gameon: yeah, I tried looking into Neutron source but didn't find anything obvious to me, I probably need to dive into it deeper... 11:50:40 what I noticed from experimenting is that a) network gets exposed to entire deployment and all tenants b) routers can be spawned in it 11:51:18 from I'm trying to do is a) limit the network to specific tenants b) allow them to spawn routers in it OR create a "shared" single router on it 11:51:48 without exposing the network to the rest of tenants 11:51:54 network in question is a provider network 11:53:04 If I create a Neutron RBAC rule "access_as_external" and limit it to particular tenant, I receive an error "No eligible l3 agent associated with external network" 11:54:03 so, hence why I'm trying to determine what the heck is actually going behind the scenes that router:external actually makes the network likeable to neutron-l3-agent. 11:55:10 There is high possibility that deployment I'm working on is screwed up somehow and hence why I'm encountering this problem. 11:56:36 already unscrewed the gateway_external_network_id setting on all agents to be empty, so... 13:43:22 Is there a way to protect openstack against one customer starting a high number of packets and basically creating a DOS attack on the platform. 13:44:07 Bandwidth limiting isn't the ideal solution here so I was looking towards iptables to limit this but I don't know how to do this on a tenant level. 14:07:35 cyberde: Neutron QoS policies? 14:07:56 >Administrators are able to enforce policies on project ports or networks. As long as the policy is not shared, the project is not be able to detach any policy attached to a network or port. 14:40:29 cz2: QoS policies wouldn't help as they can select any type of traffic to perform the DOS. 18:30:49 I need some help with os-brick, is this the right channel for it? 19:01:00 hi guys, I migrate several instances but 3 of them get a binding_failed on port type and nova-compute can't start. I deleted the ports, trying to remove on instance libvirt xml, but nothing is working. Any light on how to deal with this problem? 20:20:43 quick question. when i do stack chanhging userdata without changing instances number, does running instances get killed? 20:21:56 ? 03:29:44 good afternoon, i just saw this doc https://docs.openstack.org/nova/pike/admin/pci-passthrough.html and I wanted to ask if someone has any experience attaching nvme drives into a vm? 03:33:12 masber: you'll find more folks around during US business hours (I haven't worked with pci passthrough myself). 07:31:19 masber: yep. ive done pci passthrough of nvme. though im not sure youll be able to use pci passthrough of the nvme *and* SPDK if you were planning on it (if you arent sure what that is, then dont worry about it, everything should work for you) 08:11:24 Hello, Is this the right channel to get help with a YAQL question? 08:15:03 losh: technically... 08:15:20 but thats a pretty obscure project, maybe ask the question here 08:15:38 SamYaple, ok, you wouldn't happen to know where they provide support by any chance? 08:15:39 you might get better luck on the ML though 08:16:13 OK, I'll try there. I was hoping for something a little more real time, but so be it. Thanks for the info. 08:16:18 losh: im not aware of a specific "YAQL" channel, but ill look real quick 08:16:21 care to sharethe question? 08:17:25 @ubuntu i see an update on qemu* package ... is it ok to upgrade to the newest package when the infrastructur production of openstack is running? 08:18:30 losh: nope, no specific YAQL channel, here or #openstack-dev is probably your best bet 08:18:42 though im not even sure of the maintainers of that project at the moment 08:19:10 Sure, I'm trying to manipulate a list of strings by using replace. The problem comes in when I want to include a variable in the replace string. I can't get it to be evaluated. 08:19:23 SamYaple, Oh ... OK I'll ask in -dev. Thanks again 08:20:08 losh: given the project hasnt had a real commit since Jun 27, i would call it dead (or mostly dead) 08:20:13 just fyi 09:13:51 hello did someone already managed to use nvidia GPUs in the dockers of a magnum based kubernetes deployment? 10:30:35 What are the pros and cons of running Kubernetes on Openstack, vs Running Openstack on Kubernetes? 12:49:17 #openstack-ironic 13:02:52 hello guys. I have a single controller node and two compute nodes up and running (Pike version). I have configured provider networks and I'm using vlan tagging at the moment. Everytime I create an Instance, for some reason the DHCP service on the controller assigns an IP to the instance, however the instance does not configure that IP Address 13:03:08 am I missing something? The dhcp-agent.log doesn't show any errors 13:04:23 maybe it is because the controller node doesn't have an IP Address on the VLAN Network? 13:06:16 is there any way I can move my DHCP agent to my compute node? Maybe that would fix the issue I'm facing right now 15:55:29 hello folks, someone has tried to existing on-site openstack controller add compute node from different site as availability zone? 15:58:08 that could work. if they're very far away though you might want to think about using regions instead 16:05:16 DHE: thanks, maybe some idas how to do that tehnically? 16:06:09 usually the region of each service is set in its config file. most of the samples use RegionOne or something like that 16:22:41 DHE, but if i use availibility zones i mean can to existing openstack add 16:26:33 if i use availibility zones can i add to existing in-hause openstack for example compute node from different site? 16:48:31 Hi 16:48:35 I am having issues related trove image creation, is this the correct channel to ask my questions? 16:49:14 cbt it might be a vlan trunking issue. your infra host likely still needs br-vxlan trunked to it just not an ip for itself on that range. a lxc-info --name (*nuetron_agents_container*) should show an IP on the VXLAN network. it needs to be able to form a VXLAN tunnel w/your compute nodes to transmit data on the simulated layer 2 segment your tenants are using for their networks 16:50:27 cbt you could verify that's present by attaching to the neutron agent container on your infra node and sourcing a ping from the ip it has for br-vxlan to the br-vxlan ip for the 2 compute nodes 16:53:07 cbt lastly or most obviously, you could verify the instance is configured to get dhcp or use a known good sample to confirm the configuration like a simple cirros instance 18:55:21 i have two instances on a network with dhcp disabled however in in BUI it seems that the instances are still being assigned IPs. These IPs are not actually being assigned in the instances, though. If I set static IPs that are different than those being assigned, I cannot ping between the two instances. Can anyone help me understand what's going on? 19:30:05 tt 20:36:54 sudodude: that's normal behavior. OpenStack sets up anti-spoofing rules so that only the assigned ip can be used on an instance (to prevent someone from mucking up your network architecture by assuming the ip of another running service). 20:37:46 sudodude: There is an option to disable this port security that can be disabled per-network. There are some docs at https://wiki.openstack.org/wiki/Neutron/ML2PortSecurityExtensionDriver 20:37:51 (I don't know how current that is) 20:49:10 thanks larsks! 21:29:03 hi anyone here can help me with writing a pytthon script? 22:53:50 hi, Is kolla-ansible 6 ready to give it a go? 22:59:14 masber: would recommend asking in #openstack-kolla 22:59:55 oh yes wrong channel :( 23:04:16 SamYaple, I saw your message before, so pci-passthrough on vnme should be nearly close to hardware performance right? what is the point of combining it with SPDK? 23:09:55 masber: SPDK is a polling driver which, at the expense of locking down a cpu core, can give you better performance. additionally its all accessible from userspace without having to send the data through the kernel 23:10:16 the pci-passthrough, barring issues with the actual hardware, is near-native performance 23:29:03 ok, I think I need to read more about that :) 03:46:08 kolla 03:58:45 lll 03:59:34 test 07:04:18 good morning, we have a quite strange problem with neutron-port-bindings. There are some instance-ports which tend to flap between two nodes. Looks like it may be caused by an action which creates an "profile:{original_owner:XXXX}" entry in ml2-mapping. Any ideas which action this may do? 08:51:16 cz2: Hi are you there? I lost connection the other day. Do I remember you were looking to hide external networks? 08:52:33 Hi all - I have a question which I'm struggling to find any info on. I have a Kilo deployment, and have a provider network which is set as external. This network is NOT visible from within tenant projects. However, using a new Pike deplyoment, the provider network IS visible (and deleteable even!!) from tenant projects. Has anyone got a solution to this? RBAC didn't seem to do anything, as soon as I set the network to external, it's 09:37:47 hello folks, someone have tried install compute node somewhere on different site and add it to controller as avaibility zone in-house? 10:24:41 cz2: I may have a solution to hiding the external network from tenants - edit policy.json on the neutron nodes, and find 'get_network' and remove remove 'rule:external' 10:25:42 cz2: Restart all neutron services, and you'll find it's hidden from a tenant 13:03:06 Hi, is here someone able to explain me the "original_owner"-profile in ml_ports_mapping of neutron? Esp. who is setting/using this profile? 13:40:29 hello 13:40:37 hello everybody 13:45:01 Goodbye tom221. We hardly knew ye. 15:51:39 gameon: ah, I didn't look into policy.json indeed 15:52:29 gameon: my goal was to actually have a provider network which would be visible as external to tenants I would grant access to 15:52:57 and that did work, but I couldn't spawn routers in such network 16:18:52 cz2: How did you achieve that? I had to revert my change in policy.json - as it stands I can't see a way of actually 'hiding' the external network whilst having an interface on a project network on that external network... 16:28:41 gameon: neutron rbac-create --type network --target-tenant --action access_as_external 16:29:16 gameon: if you want to hide the provider network and then share it to specific tenants, set the router:external to False 16:29:26 (neutron net-update --router:external False) 16:29:41 and then do the rbac-create thing 16:30:46 cz2: If I set the router:external to false then I can't use it as a provider network, even with rbac. As soon as I create the rbac policy the provider network is then visible in the project network list... 16:33:18 Effectively as soon as I set it to be 'external' either via RBAC or the router:external property, it's visible in the project which isn't really what I want. Kilo doesn't exhibit this behavior oddly.. 16:35:40 Uh, sorry, I got lost a bit 16:36:15 Can you repeat the problem again? Your message from 09:52:33 is incomplete in my client 16:36:27 it ends on >as soon as I set the network to external, it's 16:38:02 I wasn't very clear either, let me try again. Effectively as soon as I set it to be 'external' either via RBAC or the router:external property, it's visible in the project which isn't really what I want. Kilo doesn't exhibit this behavior oddly.. 16:38:43 cz2: What I want to achieve is to have a project's router with an interface on the ext-net, allowing for creation of floating IPs - but 'hiding' the ext-net... 16:39:35 ah, I think I get it now 16:40:01 I think that one of our older deployments has such setup, sec 16:40:05 let me check 16:41:02 cz2: Many thanks - I have tried and tried but no luck. I'm not *that* bothered about being able to see the network, but tenants can actually delete the ext-net which is not good. I have stopped this by setting admin only to delete_network:router_external in policy.json but I'd rather it was hidden... 16:45:24 gameon: first of all, try comparing your neutron policy.json with this https://pastebin.com/DPHnxtw2 16:45:24 cz2: LINK TITLE: "create_network": "", "get_network": "rule:admin_or_owner or rule:share - Pastebin.com 16:45:35 I'll dig deeper 16:45:52 cz2: superb, thank you 16:50:01 heh, this is Icehouse so there's no rbac 16:50:42 :D - my policy.json is identical AFAICT, I'm using the default one apart from my addition of "delete_network:router:external": "rule:admin_only", 16:51:19 My Kilo deployment exhibits the same behavior - the ext_net is hidden. As soon as I set the external flag it appears in every tenant's project network pane in Horizon (and by extension via the CLI...) 16:52:55 gameon: on that icehouse deployment of mine, behavior is as follows: tenant does not see any networks apart from their own, though they have access to a floating ip pool 16:53:16 which is actually created on such external network that is not visible by tenant 16:53:54 cz2: The same behavior as my Kilo deployment... which is really what I'd like for the Pike deployment I've just created, but I can't find a way of achieving it easily... 16:54:41 ...what if we are looking in wrong place 16:54:44 sec 16:58:40 nah, doesn't make any sense. that provider network is marked as router:external=True, but it isn't visible in tenants networks. 16:59:00 cz2: It's weird, I'm not sure if it's a bug or not really or even when it changed... 16:59:22 short of getting a devstack of each major it might be tricky to find out if it's intentional or when it was introduced... 16:59:35 I'm away for a few days now, but I'll take a look the week of the 20th Feb to try and figure it out 17:00:26 cz2: Thanks for your time, much appreciated 17:02:32 you're welcome. can't find out how they hid the provider network in that deployment 17:02:45 (I'm basically playing archaelogist in here) 17:11:36 cz2: Hopefully I'l find out and let you know soon :) 19:11:44 is there a production quality installer for single nic single server 19:56:35 OutBackDingo: I don't think so. Mostly because a single-nic-single-server deployment isn't going to meet the definition of "production quality" for most people. 19:56:59 I mean, "packstack" might get you there, but it's meant to proof-of-concept deployments. 19:57:21 I don't know what the minimum requirements are for openstack-ansible, but maybe worth checking it out. 20:00:07 larsks: thanks, im the only one using it... not really for prod but to run images and containers 20:00:25 i looked at triton SDC but required multiple nics 20:00:46 i just need to spin up kubernetes and be able to launch a few vms 20:00:48 Are you sure you want openstack for that? 20:01:01 I mean, why not just run kubernetes (or docker swarm) on the bare metal host? 20:01:13 because i need vms also 20:01:28 Okay. 20:01:52 Have you seen kubevirt? https://github.com/kubevirt/kubevirt 20:01:54 larsks: LINK TITLE: GitHub - kubevirt/kubevirt: A virtualization API and runtime add-on for Kubernetes in order to define and manage virtual machines. 20:01:57 I've never used it... 20:02:00 ive loooked at the few kubernetes vm instalces also 20:02:05 ...but it looks interesting. 20:07:16 heck ive even looked at the running openstack inside containers 20:56:51 OutBackDingo: many projects around that. Kolla has ansible and kubenretes deploy variants (though the ansible is the only "production" one). OpenStack-Ansbile deploys in "machine" containers (the containers run systemd in LXC containers and have ssh). and LOCI is a container image building project for openstack projects (no associated deploy tools) 20:57:03 openstack-helm can use kolla and loci containers to deploy on kubernetes 00:38:57 OutBackDingo, maybe vagrant? Don't know, just an idea 10:51:46 Hi all 10:52:32 My 'External' network card is configured like this: 10:52:50 DEVICE=ens224 10:52:50 TYPE=Ethernet 10:52:50 ONBOOT="yes" 10:52:50 BOOTPROTO="none" 10:52:50 OVS_BRIDGE=br-ex 10:52:51 TYPE="OVSPort" 10:52:53 DEVICETYPE="ovs" 10:53:11 And my bridge : 10:53:14 DEVICE=br-ex 10:53:14 NAME=br-ex 10:53:14 NM_CONTROLLED=no 10:53:14 BOOTPROTO="none" 10:53:14 ONBOOT=yes 10:53:15 TYPE="OVSBridge" 10:53:17 DEVICETYPE="ovs" 10:53:36 Do I have to configure the bridge with a fixed IP? 11:12:23 Hello, I currently have an issue when I rebuild an instance. I causes a record to be created in the migrations table (nova database) and status is set to pre-migrating. Is this correct? 11:12:47 Migration type is evacuation and source and destination host are the same. The rebuild does complete successfully. 11:34:52 Est ce que je dois configurer le bridge external avec une IP fixe ? 11:35:01 Do I have to configure the bridge external with a fixed IP? 11:35:09 :) 11:41:49 xz 16:50:55 Hi there! 16:51:40 I try the whole day to install devstack, but always end up with "unexpected keyword argument 'retry_on_request'" 16:52:11 Can anybody give me a hint how to complete the devstack installation? 17:24:04 StefanS_: maybe this is the same problem? https://lists.gt.net/openstack/dev/64116 17:29:58 Looks like... I already found this issue, but I havn't found a appropriate solution for this. 17:31:20 @larsks: I already tried some different branches of openstack and devstack, but I always run into this issue. Now I removed this argument too and hope that it doesn't break something else... :-/ 18:04:55 larsks: The installation now seems to succeed with nova but, similar to the mailing list, now fails installing "cirros". The execution of "openstack --os-cloud=devstack-admin [...] image create cirros [...]" fails with HTTP 502 (Bad Gateway on local proxy installed by devstack) 19:15:53 Installation of devstack is really tedious. Now I can't get "g-api" to start up... 19:17:27 It's really a great idea to have a script which sets up the whole stuff for a development environment. But it looks like this script is more broken than working... :-| 20:42:32 Found the issue with g-api - glance starts at port 60998 but the proxy entry in apache2 uses 60999! Aargh! 00:43:44 I've got a volume that a customer can not delete that does not show in 'openstack volume list' but does when I run 'openstack volume show $ID' 00:43:55 Does is this a bug in a db record? 00:44:07 s/is this/look like 00:45:24 I'm trying to figure out how to trace the actual volume, where it's stored, if it's actually there, why it's not showing in list.. but my googlefoo and OpenStack knowledge is failing me here. Next level support is off for the weekend 00:46:19 Thank you for any help you can offer :) 01:35:26 calandril: when you ran the 'volume list' command, were you a member of the customer project? 01:35:29 Or were you the admin user? 01:36:21 admin 01:37:00 larsks: and their admin user that created the volume cannot delete it. there were some keystone issues that someone else fielded that I think may have been related 01:37:32 I've figured out where we store the mysql pass and I'm selecting and sorting through info from the volumes table 01:37:33 Did you use the '--all-projects' flag when running 'volume list'? I think otherwise volumes not owned by your project(s) wouldn't be visible. 01:38:01 ah, maybe. Thought that didn't apply to cinder. I'll check 01:38:29 calandril: it might not. I was just noticing that the --all-projects option exists... 01:39:05 nope, you're absolutely correct 01:39:11 --all 01:39:33 damn 01:39:47 that takes off one possible issue. 01:39:56 Yay! Sort of :) 01:40:47 I've been able to create and delete a volume as the admin user though haven't tried for this volume since I don't have the credentials for the user trying to perform the action (I'd like to do it as him) 01:41:22 Are there any errors cropping up in the cinder logs when you try to delete the volume? What state is the volume in? 01:42:23 volume is available 01:42:35 unattached 01:43:18 haven't tried log diving because I'd like to figure out how to try as the admin user in question so I can see the errors from an accurate recreation 01:43:51 jic this isn't a once off, but I think someone else tried as the admin user and it failed as well... 01:43:56 It sounds to me like the sort of thing that will ultimately require log diving...but I don't work with cinder all that much, so take my opinion with a grain or two of salt. 01:43:58 * calandril hates incomplete case notes 01:44:33 oh, totally expect to log dive. It's where I usually start 01:45:13 just wasn't yet sure if I could emulate the actual user (I don't see him in horizon so we must have some division of views I'm unaware of with this cloud) 01:45:38 then my clearly bad assumption re --all led me down an tangent 01:45:56 :/ 01:48:10 keystone user-list gives an auth failure and openstack identity provider list returns nothing 01:58:28 Has anybody an idea how to fix this "Bad Gateway" during installation of devstack when calling "image create"? I literally try already the whole day to install devstack... 02:07:34 StefanS_: can you post the actual image create command you are using? 02:13:03 and are you setting up your devstack in a lxd? kvm? 02:14:32 StefanS_: I did see this that may pertain. Even if it doesn't it may offer you some insight into the process that is failing: https://bugs.launchpad.net/glance/+bug/1703856 02:14:33 Launchpad bug 1703856 in Glance "502 Bad gateway error on image-create" [High,Fix released] - Assigned to Matthew Treinish (treinish) 02:16:11 calandril: The failing command is "openstack --os-cloud=devstack-admin --os-region-name=RegionOne image create cirros-0.3.5-x86_64-disk --public --container-format=bare --disk-format qcow2" 02:16:48 It's in an ubuntu-vm on a xen hypervisor 02:17:52 I already found this bug report and already use socket-timeout=60 02:18:04 (currently trying to install with 90) 02:19:12 you timed it to be sure 60 was a good timeout? I think it should be more than enough but always good to know your stats before implementing a workaround like the OP 02:20:43 No, i just set it to 60. How could I checked the correct value? 02:21:36 But it feels like the call fails rather quickly and it doesn't even wait 30 or 60 seconds 02:22:35 right in this moment the new ./stack.sh has failed again 02:23:29 honestly might be easier to just set it to something like 300 like the other guy did just to completely rule out this bug. That said, your using a pretty small image iirc so I think 60 is probably good enough to see at least intermittent successes 02:23:35 the output stopped about 2, max 5 seconds on the line stating 'image create' before exiting with the failure 02:23:42 hmm.. 02:23:45 and logs? 02:23:53 do you know where they live yet? 02:24:28 I activated glance logs 02:24:40 stash.sh-logs don't show very much 02:24:53 502 Bad Gateway: Bad Gateway: The proxy server received an invalid: response from an upstream server.: Apache/2.4.18 (Ubuntu) Server at 192.168.1.47 Port 80 (HTTP 502) 02:25:07 the glance logs in your glance node? 02:25:11 httpd logs: 02:25:54 AH01097: pass request body failed to 127.0.0.1:60999 (127.0.0.1) from 192.168.1.47 () 02:26:03 now I'm reaching but can you ping all the nodes from each other on the correct networks? maybe the stack failed to complete networking? 02:26:04 (from horizon_error.log) 02:26:53 are you following the openstack coa book from pakt? 02:27:31 I'm an absolute newbie with openstack, but I think I have no nodes managed by openstack until now 02:27:43 if so, I trust you've followed the directions exactly the first time through? I had no problems with that process 02:27:59 What do you mean with "coa"? 02:28:01 the glance node will be a openstack node. 02:28:37 you may not have any instances running in your cloud yet, but if you have setup a stack you will by def have nodes the services of openstack are running on 02:29:31 I forget how the devstack does it but we deploy services to individual lxcs and lxds (depending on deployement versioning) on different metals (so maybe on different kvms in devstack) 02:29:32 Ah, I see... How can I list and check these nodes? 02:30:38 I followed https://docs.openstack.org/devstack/latest/ 02:30:41 we use config managers like puppet, ansible, or juju to deploy and those allow us to see where everything is and access each node easily. I'm not entirely sure on your end. One sec I'll look at devstack real quick to see how it deploys 02:34:20 I just have a single bare metal desktop computer to implement a PoC with Openstack and autoscaling Mesos. So now fancy configuration managers until now ;-) 02:35:41 I think this is installing all the services under one roof 02:36:35 tell me, do you have a cinder and glance directory in /var/log in that vm 02:37:15 well I think you'll find a log directory for all the main services: keystone, glance, nova, cinder, neutron, and horizon 02:37:35 though horizon may be called dashboard? never actually had reason to look at horizon logs 02:38:59 Just glance (because I patched a file in devstack to add it to the configuration) 02:43:05 'openstack compute service list' returns with 'Unkown Error (HTTP 503)' :-( 02:45:21 'openstack catalog list' returns a list of nova, cinder, keystone, ... 02:46:01 all endpoints on the same ip adress as the controller 03:24:00 calandril: I set SYSLOG=True for ./stack.sh and started it again 03:24:59 But there is no error but only a debug output stating "Wrote 0 bytes to /opt/stack/data/glance/images/4dccae9c-5708-417a-949d-12c5fb5cdf3c with checksum d41d8cd98f00b204e9800998ecf8427e#033" 03:25:26 and short time later a deletion of the same image 03:29:01 But I think I'll finish for today. It's 4am here and I'm trying the installation since 10am. 03:29:35 calandril: But thank you very much for your support! :-) 03:50:54 Sorry StefanS_ 03:51:01 oh, and you're gone. 06:09:12 i have joined controller/neutron node plus 7 compute node setup, that I am trying to configure with DVR. On Controller node the l3-agent.log is constantly streaming errors for each of the project router that has gateway set to shared external network. 06:09:26 its going non-stop, the log is already 800mb : 31742 ERROR neutron.agent.l3.agent [-] Failed to process compatible router: 51ed2959-2fda-4df9-b7a1-83d3dda484b2: ProcessExecutionError: Exit code: 1; Stdin: ; Stdout: ; Stderr: Device "qg-97c51261-1c" does not exist. 06:10:00 the qg device exists on compute nodes, but not on controller. can anyone point me in a direction to resolve this? 09:51:56 Hi.. bymistakenly I removed default egress rule from the default security group. can anyone tell me how i can add it back ? 11:41:55 I am new here at OpenStack, and would like to get started. 11:42:05 I have setup openstack in a VM following the instructions here https://docs.openstack.org/devstack/latest/. 11:42:14 I would like to work with glance project. Can anyone guide me further with it? 11:42:25 The glance irc seems to be inactive 18:37:34 #openstack-ironic 06:17:32 #openstack-requirements 07:29:45 #openstack-horizon 08:33:29 #openstack-ironic 09:24:23 hi, any cinder specialist 09:24:24 ? 09:57:23 wacu: you can use #openstack-cinder channel 09:57:31 #openstack-tripleo 10:29:51 hello, how can I get python2-mistralclient version ? 11:50:21 Hi all. Ocata here. I am trying to assign a port to an existing server. 11:50:42 My brain isn't wrapping around the reuirements. 11:51:09 i expect that I should be able to simply atach that port to the server instance. 11:52:28 I assign, but it says "binding failed" 12:15:13 hello, I have a small setup with 1 controller and 1 compute node with provider and self-service networking. When I start a cirros instance on the self-service network, I am able to login with SSH. When I start it only on the provider network, the instance cannot connet to the metadata service and receive a keypair. I'd love to get some guidance where to look for the problem. 13:23:15 folks, someone has tried deploy setup something like controller and some computes in-house and some computes nodes somewhere in other DC? 13:40:42 lvdombrkr: conceptually that's a multi-region setup 13:48:26 DHE: but region setup includes in each region has "separate" controllers and common is only keystone and horizon.. my idea was 1 common controller and compute nodes around dc'š 14:01:35 I'm attempting to use the nova api to spin up instances using the user_data parameter for my cloud-init... however it appears the user_data parameter isn't working. is there a way in the logs to know if openstack doesn't like whats in that parameter or what is the best way to troubleshoot that? 14:02:02 badloop: Check the console log. 14:02:11 If there's a yaml error or whatever, it'll sho up there. 14:04:59 exarr: any specific keywords to look for? i actually just decided to copy the raw yaml and put it in the gui to test it that way and it still didn't work 14:05:12 i can gist the config if that helps 14:05:48 https://gist.github.com/badloop/71aa0f48c89f1fbe372a53997fa84bbe 14:06:19 not seeing any errors in the log 14:06:50 badloop: just check the coneole logs for bad yaml or something similar. 14:06:59 It's likely formatted incorrectly... somewhere :-) 14:07:56 heh... 14:08:02 yeah yaml is the devil... 14:08:05 checking more now 14:14:07 hmm..... exarr i checked it in an online yaml formatter and it verified just fine. not seeing any errors on the log 14:14:27 any way to enable a higher level of logging to see when it starts processing the yaml file? 14:16:13 badloop: it's worth noting that openstack doesn't care about the format of your user-data. That's interpreted by cloud-init, inside your nova instance. 14:16:42 sure, fair point. 14:16:45 Any diagnosis would have to be done from inside there. 14:16:52 via the console logs? :-) 14:16:59 Maybe. 14:17:06 Better if you can arrange for interactive access. 14:17:14 E.g., create a debug image with a password. 14:17:49 badloop: are you ssh keys, etc, getting provisioned correctly? 14:18:38 ah the cloud init output log, let me check that 14:19:02 ah ok i see this is the same thing thats in the openstack logs... 14:19:11 larsks: yes it appears the ssh keys are getting set up correctly 14:19:24 Okay. Just wanted to make sure the cloud-init was functioning, you know, at all. 14:19:31 right, good call 14:19:36 let me gist my log 14:20:06 AHA 14:20:08 wow 14:20:11 i see it 14:20:24 friggin buried in the middle of it 14:20:33 2018-02-12 14:02:36,672 - __init__.py[WARNING]: Unhandled non-multipart (text/x-not-multipart) userdata: 'b'package_update: true'...' 14:21:04 badloop: right, because you're missing your header. 14:21:36 Your user-data needs to start with #cloud-config 14:21:47 gotcha 14:22:31 thats frustrating... there are a LOT of config examples out there that dont have that 14:23:55 cloud-init needs some way to know that you're passing it a yaml file rather than, say, a shell script or ansible playbook or something else... 14:24:36 larsks: fair enough... and i have seen examples that pass the bash script with the standard header so that all makes sense 14:44:07 there we go. now its running. larsks exarr thank you very much for the help 14:44:17 \o/ 14:48:13 i gotta stop working with openstack at work though. i'm tempted to buy another r710 for home and set up my own cluster... 14:48:16 :-P 14:48:44 or at the very least pick up some kind of low power system to use as the gateway/controller and use the two r710's i have for compute 15:19:27 DHE: but region setup includes in each region has "separate" controllers and common is only keystone and horizon.. my idea was 1 common controller and compute nodes around dc'š 15:20:10 DHE: sorry for doubling )) 16:04:37 /join #openstack-neutron 16:05:14 join #openstack-neutron 18:58:56 Can anyone answer me, what is the correct way to change ports assigned to servers? 19:03:30 exarr: depends on how youve deployed 19:03:43 using eventlet, in the service config (like nova.conf) 19:03:48 using wsgi, in apache/nginx 22:14:52 Anyone familiar with Watcher (https://wiki.openstack.org/wiki/Watcher)? I'm getting some database errors trying to get things running and wondering if it's a watcher bug or a me bug. 22:16:09 what is the actual error ? 22:18:20 dtk: NoSuchTableError: `apscheduler_jobs` 22:18:24 And indeed, that table does not exist... 22:18:31 ...even after running watcher-db-manage upgrade. 22:21:05 https://docs.openstack.org/watcher/pike/man/watcher-db-manage.html 22:21:07 try this 22:21:19 watcher-db-manage create_schema --help 22:21:36 I am guessing you are suposed to run create_schema first 22:21:53 watcher-db-manage --config-file=/etc/watcher/watcher.conf create_schema 22:21:55 this 22:24:11 dtk: I did run create_schema first. But I can try dropping the database and trying again. 22:25:31 Nope, that doesn't help. 22:26:26 pike ? 22:27:02 "pip install python-watcher" (watcher-decision-engine --version tells me "1.8.0") 22:27:53 try pip install git+https://github.com/openstack/watcher.git@stable/pike 22:27:59 try pip install git+https://github.com/openstack/watcher.git@stable/pike --upgrade 22:28:01 sorry 22:28:27 * larsks gives it a try 22:30:42 Hmm, just seen this 22:30:43 https://review.openstack.org/#/c/464227/ 22:30:56 Huh, after that, now I have --version "1.4.2dev3". 22:31:29 I guess pypi was ahead. 22:31:32 which version of openstack are you running ? 22:31:36 pike 22:31:48 that's pike then 22:31:56 Yup. Dropping database and retrying :) 22:31:57 any luck running those 2 commands right now ? 22:32:03 ah, ok 22:32:41 Aaaaaaand...same error. 22:35:31 larsks: openstack version? 22:35:35 for the service 22:36:24 SamYaple: I just installed from stable/pike. Earlier just using 'pip install', which appears to be ahead of pike...but same error in both cases. 22:37:17 larsks: mysql? mariadb? 10.0 10.1 10.2? 22:37:43 gonna try to reproduce 22:37:52 SamYaple: mariadb 5.5.56 22:38:35 oh. hmmm ok 22:39:57 SamYaple: fyi, right now running watcher-db-manage --version tells me 1.4.2dev3 22:40:54 larsks: that seems right. head of pike 22:41:38 if you want to try your luck on a *version*, 1.4.1. but i dont think thats going to help 22:44:19 larsks: assuming pymysql? 22:44:23 Right. 22:44:36 which version? 22:45:22 0.7.11 22:46:01 SamYaple: there's even a specific migration that's supposed to add that table: https://github.com/openstack/watcher/blob/master/watcher/db/sqlalchemy/alembic/versions/0f6042416884_add_apscheduler_jobs.py 22:46:15 well you *could* try an upgrade 22:46:28 SamYaple: running "upgrade" appears to be a no-op. 22:46:38 https://github.com/openstack/watcher/blob/6a920fd307763a0b1be5bcabe4b41895d1965c60/watcher/db/sqlalchemy/alembic/README.rst 22:46:47 might be able to do something 22:47:02 SamYaple: dtk: btw, appreciate your assistance! I'm going to need to run off in about a minute, but I'll be poking at this again later. 22:47:07 ill try to reproduce 22:47:09 cool man 22:47:30 ok 23:38:41 SamYaple: dtk: it looks like the solution was to ignore the documentation, and instead of running 'create_schema' just run 'upgrade' on an empty database. This runs all the migrations and creates the missing tables. 23:47:07 larsks: awesome 07:14:49 hmmm 07:15:40 makes sense, somehow. I guess upgrade uses create table... if not exista 07:16:33 but nevertheless, docs should be updated too 11:38:07 [root@controller ~]# tail /var/log/keystone/keystone.log 2018-02-13 05:37:24.808 7659 WARNING keystone.auth.core [req-59702dcf-8e01-4730-afcc-05b2f0fe74e6 - - - - -] Could not find domain: Default.: DomainNotFound: Could not find domain: Default. 2018-02-13 05:37:24.812 7659 WARNING keystone.common.wsgi [req-59702dcf-8e01-4730-afcc-05b2f0fe74e6 - - - - -] Authorization failed. The request you have made requires authentication. fro 11:38:25 The request you have made requires authentication. 13:17:40 have anyone ever experienced that instance A has incorrectly gotten the user-data which were intended for instance B? 13:33:29 Just installed OpenStack on an ARM box, and now getting "Unable to establish connection to keystone endpoint". when trying to log in. I can see keystone is listening on port 5000 through 13:38:31 did you get the DNS stuff right or put entries into /etc/hosts to point to the controller ? 13:38:44 or possibly check your firewall 13:52:15 Hi, is there someone here that can help me with a neutron config issue I have? 13:52:24 Please, it would mean the world to me 15:25:55 hello, 15:26:50 i would like to make a new image with virtio-scsi for mounting external block devices from rdb 15:30:02 i see there are some metadata like hw_scsi_model virtio-scsi 15:30:14 but where can i define the number of queue ? 15:37:22 15:37:24 15:37:26 15:37:39 where do i specify the driver queues value 15:37:53 in metadata ? 20:55:51 Hi! I newly installed Openstack on my private lab server and started an instance, fiddled around with secgroups and network, but I'm not able to ping my instance from my home network :-( 20:56:18 Can anybody help me to get my networking up and running? 21:11:14 Hi! I newly installed Openstack on my private lab server and started an instance, fiddled around with secgroups and network, but I'm not able to ping my instance from my home network :-( 21:12:08 I already allowed ICMP and SSH in the instances secgroup 21:12:58 In the external network I added a static route for the new subnet to the openstack controller (one-node-setup) 21:13:56 A traceroute from laptop to vm-instance shows that it successfully reaches the openstack controller 21:14:34 But I still can't reach the internal network :-( 22:06:59 Has anybody ever had the segments disappear from their HA networks for their virtual routers? 07:52:04 pointers for troubleshooting why 'openstack server list' takes 10 seconds on three node installation? 08:46:50 pointers for troubleshooting why 'openstack server list' takes 10 seconds on three node installation? 09:06:08 #openstack-infra 10:01:26 Good Morning! Does anyone know if there is any project associated to monitoring openstack logs using ELK? 12:34:46 anyone arround? 12:55:50 hi. I have lately installed devstack, and I forgot the username for the horizon gui. What is the default username there? I have tried admin and root without success 13:03:46 zoli__: there is typically an "admin" user. 13:09:19 admin is a default 13:09:27 you set the password during setup 14:23:51 toni_: i would say Monasca 14:27:01 hmmm, can you change ?the pwd, or is there somebody already using the old one ? 15:03:34 heloo 15:05:07 join #openstack 15:05:12 quit 15:05:22 exit 20:13:00 Hi there! I'm rather new to OpenStack and just set up a small installation in my home lab. I need some help creating the external network to access my vms. 20:13:45 I already tried lot's of different tutorials the last days but I where never able to ping or ssh my vm :-( 20:15:04 StefanS_: Hi! How did you install your openstack, can you share the guide you've been using? 20:15:39 StefanS_: also, you might want to check security groups? Default rules might prevent ICMP/SSH traffic. 20:16:18 marst: I installed openstack on CentOS using packstack. I've to look for the exact tutorial 20:17:43 StefanS_: can you login into VM from web-based console? Can you reach outside world from your VM? 20:17:44 marst: I already added ICMP and SSH to the secgroup in use: ALLOW IPv4 22/tcp from 0.0.0.0/0, ALLOW IPv4 icmp from 0.0.0.0/0 20:18:14 Hi, i've been stuck for an hour now trying to set defualt quotas through the command line for neutron. Is it even possible ? And if so, can anyone tell me how ? The rest of the quotas I've set like this 'openstack quota set --class default --instances 50 --cores 500 --ram 102400 --gigabytes 2000 --snapshots 50 --volumes 50' 20:18:26 Running Pike 20:19:10 I want to do this, 'openstack quota set --floating-ips 25 --secgroups 25 --secgroup-rules 500'. 20:19:14 But that is not working. 20:19:15 marst: Ah, at least I can now access the console. This always gave me an error al the time :-) 20:21:17 marst: I need a moment. I have to search the default account for my CentOS image :-) 20:23:12 StefanS_: sure, take your time. :) You can also check boot logs with "nova console-log", it usually shows if VM got anything from DHCP. 20:23:58 Guest85234: What's the error you're getting? have you tried to use neutron client? (Not sure if it's still available in Pike?) 20:24:26 openstack quota set --class default --floating-ips 25 --secgroups 25 --secgroup-rules 500 => Network quotas are ignored since quota class is not supported. 20:24:58 Im just trying to understand how to set default quotas for neutron. Its incredibly hard for some reason. 20:26:30 marst: "[CRITICAL]: Giving up on waiting for the metadata from ['http://10.10.1.100/latest/meta-data/instance-id'] after 126 seconds" doesn't sounds good :-) 20:28:35 marst: Looks like this is the dhcp agent... 20:29:05 Guest85234: looks like it's not supported. 20:29:23 Guest85234: you can check the code in https://git.openstack.org/cgit/openstack/python-openstackclient 20:31:32 marst: btw, I used this instruction: https://www.linux.com/blog/learn/chapter/OpenStack/2017/7/how-install-openstack-less-hour just with some minor differences (disabling metrics) 20:36:28 StefanS_: https://www.rdoproject.org/install/packstack/ - this link is a bit easier to follow. 20:36:52 StefanS_: also check out https://www.rdoproject.org/networking/neutron-with-existing-external-network/ and https://www.rdoproject.org/troubleshooting/networking/ 20:38:20 StefanS_: most of packstack/RDO guys hangout in #rdo, so that's another way to get support. 20:40:49 I already found the rdo installation link, but havn't used this for installation because it mentions "allinone" and "at least 16GB RAM" :-) 20:41:57 marst: But reviewing this instruction I found to check my networkmanager - it where running. I disabled it and reboot 20:50:33 marst:Disabling the NetworkManager doesn't have any effect :-( 20:59:01 marst: Ah, without the NetworkManager I don't get this critical error anymore but a routing table. But nevertheless - no connection from the outer world :-( 21:09:03 marst: YEAH!!! The "neutron with existing external network" worked!! I had to patch and add some files in /etc/sysconfig/network-scripts and no I can reach my VM 21:09:23 marst: thank you very much. this took me some hours :-) 21:19:09 StefanS_: hooray!! glad it worked out. :) 21:19:51 StefanS_: and welcome to openstack. :) 21:20:56 marst: The secgroup rule "Ingress IPv4 TCP 22 (SSH) 0.0.0.0/0 - " should be enough to connect via ssh? 21:21:54 Erm, doesn't matter... I couldn't connect via ssh all the time but only pinging 21:22:05 But now suddenly it works. Strange... 21:23:33 Ah, system hasn't finished booting. It hung at "Giving up on waiting for the metadata from ['http://10.10.1.100/latest/meta-data/instance-id'] after 126 seconds" again... 21:30:58 StefanS_: not sure I understand. It used to work (ssh/ping), but after a while it stopped? 21:32:33 StefanS_: do you see anything in /var/log/neutron/ ? 21:33:14 marst: No, ping worked (and not tried ssh). After some time I tried ssh but it didn't work. some time later ssh worked, too. Looking at the logs I found that first the machine hadn't finished booting (and so didn't started sshd). 21:33:30 It took so long for boot because of this metadata-timeout 21:36:11 marst: I have some errors regarding rabbitmq not reachable... 21:39:57 marst: Hmm... rabbitmq is running... but it tries to connect to 192.168.1.200:5672, but rabbitmq listens at "tcp 0.0.0.0:25672" and "tcp6 :::5672" does this matter? 21:41:03 no, doesn't look like... "nc 192.168.1.200 5672" works fine... 21:44:39 marst: is it possible to check whether neutron is connected to rabbit-mq? I think it just first failed to connect because rabbit-mq didn't finished starting and successfully connected later 21:45:42 StefanS_: you can check the status of messaging with "rabbitmqctl status". 21:46:09 but generally rabbitmq "errors" are OK. somehow it still works. :) 21:47:05 StefanS_: what image are you using? does it have cloud-init installed/configured? 21:47:21 I really love error logs which you just can ignore *lol* 21:47:50 I use debian-9-openstack-amd64 21:48:07 cloud-init appear in the logs 22:03:56 marst: After a reboot the error doesn't appear anymore. I now tried to delete and recreate the machine and got an error. Now the instance is in a dangling "deleting" state and I can't do anything with it 22:04:23 Do you have an idea how I can "force delete" this instance? 22:18:31 hi all, i'm trying to get openstack working on ubuntu server. I installed using conjure-up. I've exposed the dashboard and forwarded traffic to the ip address of openstack-dashboard but i still can't access via the web. I've also disabled my firewall. Any thoughts? 22:18:49 I was able to ssh in via my server 22:21:45 StefanS_: sorry, I'm back. "nova force-delete " should help 22:24:02 marst: I found a way to delete the instance (reset-state and deleting again). Now I tried to recreate the instance but it stays in state "scheduling". The nova-scheduler.log shows again an error regarding rabbitmq 22:24:39 A similar error is in the nova-api.log near the time when i tried to delete the instance 22:25:29 In the rabbitmq.log I find some "handshake_error" because of "unexpected frame"...? 22:27:38 StefanS_: you can ignore rabbitmq errors for now. do you see any errors in /var/log/nova/nova-conductor.log? 22:28:55 marst: Yes, Failed to publish message to topic 'nova': 'NoneType' object has no attribute '__getitem__' 22:29:06 Looks like rabbitmq again 22:29:32 "Exception during message handling" and the stacktrace contains rabbitmq 22:30:09 apart from this there are no more errors in the conductors log 22:34:09 StefanS_: but the VM status is still "scheduling"? 22:34:56 marst: Still "scheduling", time since created: 18 minutes :-( 23:13:24 StefanS_: you can try to delete and recreate VM, while monitoring what nova is doing in the meantime with "tail -f /var/log/nova/*.log" 23:14:28 StefanS_: if you really want to learn openstack, the best way is to install it manually following the guides in https://docs.openstack.org/install-guide/ 23:15:12 marst: I restarted nova-compute and then I was able to delete the dangling instance. After that I recreated the instance. The error regarding the metadata occured again but now it is up and running 23:15:33 StefanS_: hooray! 23:16:54 marst: I think, i should try this manual installation... but this guide looks so long and freightening :-) 23:17:30 marst: But for now I have to finish and go to bed. It's rather late over here. 23:17:52 StefanS_: feel free to ask around here or on #openstack-101, people will help. 23:17:52 marst: Thank you very much for all your help. I think I'd be lost without it :-) 23:18:15 StefanS_: you're welcome and good night! :) 23:18:18 Bye 06:23:29 #openstack-requirements 09:51:33 #openstack-horizon 10:27:35 anyone? 10:33:07 Hi 10:33:58 I've configured nova with qemu and I'm booting an Ubuntu instance. Since password injection is disabled and ssh key isn't working , how do I access the VM? 10:49:04 create a new keypair 10:49:27 by using a public key to which you have access 10:52:37 hello 12:35:06 Hi, I'm having some trouble with routing. It seems like unless an instance has a floating IP, it can't contact the floating IP of any other instance - but they can otherwise reach the private network IPs of the same target instances, and anything else in the external world, just fine. I'm a tenant of a managed OS deployment so I don't have access to the hosts, although I can poke around the subnets/routers/etc. a bit. Anyone got any tips 12:35:06 for pinning down my issue? 14:17:42 Hello. 14:20:48 有人在這裡嗎? 18:28:45 Hello everyone! My name is Kritika and I am an undergrad student in CS from India. I am interested in taking part in Outreachy. 18:32:27 Kritika: Welcome. This channel covers openstack broadly enough that there is very little traffic (as most folk are actively working in subchannels). If you've received guidance on who to contact or where to help, then here is a good place to contact them (or ask for help contacting them). If not, OpenStack is a big place, and I can only encourage you to ask a lot of questions and be patient when it takes a while for folk to answer. 18:36:58 Thank you, Persia. I want to get started with contributing. Please guide me. 18:50:35 Kritika: Apologies, lost connectivity. 18:50:41 https://docs.openstack.org/contributors/ and https://docs.openstack.org/infra/manual/ are good places to learn about general concepts, but you'll likely want to get involved with one of the 64 project teams. Which one to choose depends on your interest. https://www.openstack.org/software/project-navigator/ is one of many ways to find projects. 18:50:57 * persia| disconnects to sort out connectivity 19:44:22 hi guys, nice docu, i'm just on my way to install openstack on my 2 minipcs 19:44:38 i try to follow the instructions on https://docs.openstack.org/newton/install-guide-debian/keystone-openrc.html 19:45:21 but i stuck.... where is this admin-openrc and demo-openrc file located? did i miss something? the howto never talked about paths.... 19:46:18 i'm confused because it says 'edit' not 'create' 19:46:54 Creating the scripts --> Edit the admin-openrc file and add the following content: .... 19:47:13 where is this file or do i just have to create one? i like to avoid follow up errors 19:48:13 i guss this is just a configure script to include which sets u penv vars, and i have to set up the paths somewhere else later on? or is it meant to be used when doing console actions? 20:04:29 verblendet: Hi! openrc files contain your environment variables to access openstack APIs later on. It should've read "create" instead of "edit". 20:04:47 marst, yepp, got it, i was just confused 20:05:04 accidently i was falling in user mode :)) 20:05:39 the headline clearly says 'create' :) then edit.... 20:05:50 shame on me 20:06:47 i'm on stretch, ... its somewhat different, because glance and keystone install scripts ask for configuration values now, thats not mentioned, howto is for jessie backports 20:08:21 but hey, i'm getting forward... i started with openstack just a few hours ago, before i was reading a lot and comparing to esxi and vbos and so on.... maybe this is a long wanted solution to replace selfmade deploymentscripts for this properitary esxi stuff 20:08:26 ... :D 20:09:46 verblendet: enjoy it! :) 20:13:40 Hello 20:14:34 could you tell me if AutoScallingGroup in OpenStack can keep desired capacity? 20:17:10 I know ASG has min, max and desired properties but desired capacity is only evaluated when stack is creating. If we mark some instance from ASG as Unhealthy or delete it then we will have less instances than desired capacity 20:21:55 Are there any major pitfalls I should be aware of when deploying Openstack with Kolla? 21:31:10 it seems packages for nova in strech debian 9 like to have network services neutron already installed 21:37:29 ok, now its getting interesting... i like the blockdevice part.... 21:37:44 does someone have experience with lvm on zfs volumes? 21:38:24 or lvm on drbd with openstack?