Thursday, 2015-07-16

openstackgerrit	Miguel Grinberg proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395	00:03
*** galstrom_zzz is now known as galstrom		00:13
openstackgerrit	Matthew Kassawara proposed stackforge/os-ansible-deployment: Document required repository hosts config info https://review.openstack.org/202258	00:25
*** britthouser has joined #openstack-ansible		00:28
*** annashen has joined #openstack-ansible		00:32
*** annashen has quit IRC		00:33
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Added in keystone reserved port https://review.openstack.org/196702	00:35
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Updated master for new dev work - 07.07.2015 https://review.openstack.org/199126	00:38
openstackgerrit	Miguel Grinberg proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395	00:43
*** galstrom is now known as galstrom_zzz		00:49
*** javeriak has quit IRC		01:09
*** openstack has joined #openstack-ansible		01:25
openstackgerrit	Merged stackforge/os-ansible-deployment: Adjust swift_rings.py to work on specified regions https://review.openstack.org/200114	01:37
openstackgerrit	Merged stackforge/os-ansible-deployment: Adjust swift_rings.py to work on specified regions https://review.openstack.org/200114	01:37
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Implement Ceilometer https://review.openstack.org/201244	02:14
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Upgrade the Keystone library to use v3 https://review.openstack.org/202242	02:14
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Add v3 calls for federation to keystone module https://review.openstack.org/202243	02:14
*** galstrom_zzz is now known as galstrom		02:14
openstackgerrit	Miguel Grinberg proposed stackforge/os-ansible-deployment: [WIP] Keystone IdP configuration https://review.openstack.org/194259	02:17
*** markvoelker has quit IRC		02:22
openstackgerrit	Miguel Grinberg proposed stackforge/os-ansible-deployment: [WIP] Keystone IdP configuration https://review.openstack.org/194259	02:22
*** galstrom is now known as galstrom_zzz		02:46
*** sdake_ has joined #openstack-ansible		02:53
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: New spec for compartementalize-rabbitmq https://review.openstack.org/202363	02:57
*** sdake has quit IRC		02:57
*** sacharya has joined #openstack-ansible		03:02
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Added spec to enable systemd support within OSAD https://review.openstack.org/202368	03:13
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Added spec to enable systemd support within OSAD https://review.openstack.org/202368	03:21
*** annashen has joined #openstack-ansible		03:23
*** galstrom_zzz is now known as galstrom		03:24
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Cleaned up specs directory https://review.openstack.org/202373	03:27
*** annashen has quit IRC		03:28
*** britthou_ has joined #openstack-ansible		03:30
*** britthouser has quit IRC		03:33
*** markvoelker has joined #openstack-ansible		03:33
*** markvoelker has quit IRC		03:34
*** markvoelker has joined #openstack-ansible		03:34
*** markvoelker_ has joined #openstack-ansible		03:37
*** markvoelker has quit IRC		03:39
*** rward has quit IRC		03:44
*** serverascode has quit IRC		03:45
*** rackertom has quit IRC		03:45
*** sdake_ has quit IRC		03:55
openstackgerrit	Matthew Kassawara proposed stackforge/os-ansible-deployment: Fix repo section in example config file https://review.openstack.org/202377	03:55
*** serverascode has joined #openstack-ansible		03:59
*** annashen has joined #openstack-ansible		04:08
*** rward has joined #openstack-ansible		04:11
*** dabernie has left #openstack-ansible		04:12
*** britthouser has joined #openstack-ansible		04:15
*** tlian has quit IRC		04:15
*** britthou_ has quit IRC		04:16
*** rackertom has joined #openstack-ansible		04:18
*** annashen has quit IRC		04:28
*** markvoelker has joined #openstack-ansible		04:49
*** galstrom is now known as galstrom_zzz		04:49
*** markvoelker_ has quit IRC		04:53
*** grumpycat has quit IRC		05:00
*** daneyon has joined #openstack-ansible		05:24
*** sacharya has quit IRC		05:35
*** jmccrory has quit IRC		06:02
*** jmccrory has joined #openstack-ansible		06:09
*** annashen has joined #openstack-ansible		06:12
*** annashen has quit IRC		06:37
openstackgerrit	Hugh Saunders proposed stackforge/os-ansible-deployment: Wait until mongo responds after restart https://review.openstack.org/201245	06:43
openstackgerrit	Jimmy McCrory proposed stackforge/os-ansible-deployment: Allow configuration of all default quota options https://review.openstack.org/202403	06:48
*** markvoelker has quit IRC		08:04
*** markvoelker has joined #openstack-ansible		08:11
*** markvoelker has quit IRC		08:16
*** markvoelker has joined #openstack-ansible		08:17
*** markvoelker has quit IRC		08:25
*** markvoelker has joined #openstack-ansible		08:29
*** markvoelker has quit IRC		08:33
*** markvoelker has joined #openstack-ansible		08:44
*** markvoelker has quit IRC		08:48
*** markvoelker has joined #openstack-ansible		08:58
*** markvoelker has quit IRC		09:03
openstackgerrit	Merged stackforge/os-ansible-deployment: Upgrade the Keystone library to use v3 https://review.openstack.org/202242	09:05
openstackgerrit	Merged stackforge/os-ansible-deployment: Add v3 calls for federation to keystone module https://review.openstack.org/202243	09:07
openstackgerrit	Merged stackforge/os-ansible-deployment: Parameterize galera slow/unindexed logging options https://review.openstack.org/201625	09:07
*** annashen has joined #openstack-ansible		09:38
*** annashen has quit IRC		09:42
openstackgerrit	git-harry proposed stackforge/os-ansible-deployment: Target AIO swift vars at specific containers https://review.openstack.org/201644	09:54
*** Apsu has quit IRC		10:15
*** grumpycat has joined #openstack-ansible		10:15
openstackgerrit	Merged stackforge/os-ansible-deployment: Add openstackclient to the keystone containers https://review.openstack.org/202189	10:16
*** Apsu has joined #openstack-ansible		10:17
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Fix haproxy service config when ssl is enabled https://review.openstack.org/202485	10:26
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395	10:49
*** vdo has joined #openstack-ansible		10:50
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment-specs: Keystone Service Provider with ADFS Identity Provider Deployment https://review.openstack.org/194255	10:54
mancdaz	odyssey4me "AnsibleUndefinedVariable: One or more undefined variables: 'keystone_service_externalurl_v3' is undefined"	12:20
odyssey4me	mancdaz yep, busy fixing that	12:21
mancdaz	odyssey4me ok cool, lemme know when you have something and I can carry on testing it	12:22
odyssey4me	mancdaz s/externalurl/publicurl/	12:22
odyssey4me	in the horizon local settings template	12:22
mancdaz	thanks	12:24
*** markvoelker has joined #openstack-ansible		12:29
*** KLevenstein has joined #openstack-ansible		12:33
*** markvoelker has quit IRC		12:34
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395	12:35
odyssey4me	mancdaz ^ fixed, with extra handling for SSL stuff	12:35
*** markvoelker has joined #openstack-ansible		12:43
*** markvoelker has quit IRC		12:48
*** markvoelker has joined #openstack-ansible		12:57
*** tlian has joined #openstack-ansible		12:58
*** markvoelker has quit IRC		13:02
*** markvoelker has joined #openstack-ansible		13:05
*** markvoelker_ has joined #openstack-ansible		13:06
*** markvoelker has quit IRC		13:10
*** Bjoern_ has joined #openstack-ansible		13:19
*** jmckind has joined #openstack-ansible		13:22
*** sdake has joined #openstack-ansible		13:25
mancdaz	odyssey4me my galera keeps dying	13:27
*** TheIntern has joined #openstack-ansible		13:34
*** jaypipes has joined #openstack-ansible		13:35
*** KLevenstein has quit IRC		13:43
*** erikmwilson has left #openstack-ansible		13:45
*** sigmavirus24_awa is now known as sigmavirus24		14:02
openstackgerrit	Andy McCrae proposed stackforge/os-ansible-deployment: Remove {{ from "with_items" and "when" statements https://review.openstack.org/202581	14:12
*** jwagner_away is now known as jwagner		14:14
openstackgerrit	Marc Gariépy proposed stackforge/os-ansible-deployment: Fix example configuration file for package repository hosts. https://review.openstack.org/202588	14:20
*** jwagner is now known as jwagner_away		14:21
*** markvoelker_ has quit IRC		14:24
openstackgerrit	Hugh Saunders proposed stackforge/os-ansible-deployment: Implement Ceilometer https://review.openstack.org/201244	14:29
openstackgerrit	Hugh Saunders proposed stackforge/os-ansible-deployment: Wait until mongo responds after restart https://review.openstack.org/201245	14:29
cloudnull	morning	14:31
*** hiddentoken has joined #openstack-ansible		14:32
*** jmckind has quit IRC		14:34
mgariepy	good morning.	14:35
*** jwagner_away is now known as jwagner		14:36
*** hiddentoken has quit IRC		14:51
*** jmckind has joined #openstack-ansible		14:52
*** sacharya has joined #openstack-ansible		14:53
*** markvoelker has joined #openstack-ansible		14:53
*** sacharya has quit IRC		14:57
*** daneyon_ has joined #openstack-ansible		15:02
*** daneyon has quit IRC		15:04
*** sdake has quit IRC		15:11
*** sdake has joined #openstack-ansible		15:17
sigmavirus24	o/ mgariepy	15:20
mgariepy	hey sigmavirus24	15:26
*** stevelle_ is now known as stevelle		15:27
sigmavirus24	how's it going mgariepy	15:28
*** galstrom_zzz is now known as galstrom		15:28
mgariepy	not too bad yourself ?	15:28
sigmavirus24	I'm okay	15:32
*** ig0r_ has quit IRC		15:40
*** jmckind has quit IRC		15:50
*** Mudpuppy has joined #openstack-ansible		15:50
*** sacharya has joined #openstack-ansible		15:53
*** KLevenstein has joined #openstack-ansible		15:53
cloudnull	meeting time cloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, mancdaz, dolphm, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung	16:02
cloudnull	in #openstack-meeting-4	16:02
*** yaya has joined #openstack-ansible		16:03
*** ccrouch has left #openstack-ansible		16:03
*** Bjoern_ is now known as BjoernT		16:04
*** TheIntern has quit IRC		16:04
*** alop has joined #openstack-ansible		16:06
*** sdake_ has joined #openstack-ansible		16:07
*** yaya has quit IRC		16:08
*** sdake has quit IRC		16:10
lbragstad	odyssey4me: I have another revision up that is going through check right now, here is a diff of the patch if you want to pull it locally to your environment - http://cdn.pasteraw.com/dekqu6j2r75kvo80ijw7mcrgajskee7 (curl http://cdn.pasteraw.com/dekqu6j2r75kvo80ijw7mcrgajskee7 \| git apply)	16:10
lbragstad	odyssey4me: patch - https://review.openstack.org/#/c/202176/5	16:11
*** yaya has joined #openstack-ansible		16:19
openstackgerrit	git-harry proposed stackforge/os-ansible-deployment: Serialise rabbitmq playbook to allow upgrades https://review.openstack.org/202681	16:21
odyssey4me	lbragstad great stuff, thanks - I'll see if I can spin a test up a little later... I've got to work through something else first - if not today, then tomorrow	16:21
lbragstad	odyssey4me: no worries, the review is very subject to criticism, just wanted to see if the path we're going down works for you. keep me posted if you run into anything	16:22
lbragstad	the federation + fernet tests pass locally	16:24
*** spotz_zzz is now known as spotz		16:26
*** shaleh has joined #openstack-ansible		16:29
*** alop has quit IRC		16:32
*** alop has joined #openstack-ansible		16:33
miguelgrinberg	odyssey4me hughsaunders looks like neither of you did anything on the IdP side, correct? Let me know if I should wait for some new changes from you.	16:42
hughsaunders	miguelgrinberg: nope, nothing new today	16:42
miguelgrinberg	okay, I'll keep moving along with that patch then	16:43
*** annashen has joined #openstack-ansible		16:45
* cloudnull lunching		16:49
odyssey4me	miguelgrinberg I've been moving on with testing the SP with ADFS and have hit an issue with SSL offloading at a load balancer - essentially the URL's don't match up with what Shibboleth expects. I've got one more thing to try out before we have to declare that Keystone will have to do its own SSL... which isn't particularly desirable.	16:49
miguelgrinberg	odyssey4me: what is the mismatch? The catalog has the https endpoint for public url right?	16:55
odyssey4me	miguelgrinberg the saml assertion posted back to shibboleth goes to https:// but shibboleth thinks it should be http://	16:56
miguelgrinberg	ah, right, that makes sense	16:56
miguelgrinberg	I can take a look at the shibd code to see if there are any options to skip the check of the URL scheme	16:57
odyssey4me	miguelgrinberg sure, although I'm not sure that we should - but it'd be useful to know	16:58
*** galstrom is now known as galstrom_zzz		16:58
stevelle	seems like shibboleth should have a config switch to tell it to observe the other headers to notice the ssl termination occurred	16:59
odyssey4me	stevelle there are ways to do it, eg we can set the servername to include https - but then we break our internal endpoint	17:00
odyssey4me	we can also just make keystone's apache do ssl for the internal endpoint and make the lb do ssl passthrough	17:01
*** dabernie has joined #openstack-ansible		17:01
odyssey4me	neither are ideal	17:01
stevelle	odyssey4me: in spite of the non-desirability the most secure configuration is to not do premature termination for keystone	17:01
odyssey4me	if there is another option, I'm all ears	17:01
odyssey4me	stevelle I would agree, however it appears that a lot of people are doing it	17:01
*** TheIntern has joined #openstack-ansible		17:03
stevelle	I think setting the servername to include https is just plain wrong, and passing-through is better if those two are the only options but IIRC shib is a bit difficult	17:03
stevelle	so it may be	17:04
*** yaya has quit IRC		17:04
claco	big pile of shib?	17:04
* claco drops mic		17:05
miguelgrinberg	odyssey4me: this page seems to indicate it is possible to have SSL terminated at a proxy/lb: https://wiki.shibboleth.net/confluence/display/SHIB2/SPReverseProxy	17:05
miguelgrinberg	all I can see is that the handlerSSL needs to be set to False	17:06
odyssey4me	miguelgrinberg yep, notice that they indicate that you need to change the ServerName and set UseCanonicalName	17:06
odyssey4me	yep, with handlerSSL true, shibboleth refuses to respond	17:06
miguelgrinberg	ah yes	17:07
*** yaya has joined #openstack-ansible		17:07
miguelgrinberg	what error do you get? let me find that in the code to see what's going on	17:07
odyssey4me	opensaml::BindingException at (http://104.130.175.111:5000/Shibboleth.sso/SAML2/POST)	17:10
odyssey4me	SAML message delivered with POST to incorrect server URL.	17:10
odyssey4me	ERROR OpenSAML.MessageDecoder.SAML2POST [6]: POST targeted at (https://104.130.175.111:5000/Shibboleth.sso/SAML2/POST), but delivered to (http://104.130.175.111:5000/Shibboleth.sso/SAML2/POST)	17:11
*** JonathanD has joined #openstack-ansible		17:18
miguelgrinberg	odyssey4me: so there is no way to skip the http vs https checking, it checks the entire URL up to the query string start	17:32
miguelgrinberg	so I think for some reason apache is still reporting the http:// address to shibboleth	17:33
miguelgrinberg	and the only way to make this work is to make apache report https://	17:33
odyssey4me	miguelgrinberg yeah, I'm seeing if I can rewrite it or something like that	17:33
miguelgrinberg	still haven't figured out exactly how shib gets the server address from apache, you would think it gets it from an env var, but can't find it	17:34
dstanek	miguelgrinberg: what address?	17:36
miguelgrinberg	dstanek: the address where the service is listening	17:37
miguelgrinberg	we have a shibd service listeining on http://, behind a haproxy that terminates SSL	17:37
miguelgrinberg	so shibd errors on that mismatch	17:37
dstanek	miguelgrinberg: isn't it in the shibboleth2.xml?	17:38
miguelgrinberg	I don't think so, the only possible source can be the entityID value, but I don't think it cames from that	17:39
*** annashen has quit IRC		17:40
miguelgrinberg	dstanek: this is actually not even shibboleth proper, the failure is in the opensaml library	17:40
odyssey4me	nope, this is directly between apache and shibd and is an issue when apache is not doing ssl, but a remote ssl offloader is	17:40
*** annashen has joined #openstack-ansible		17:41
*** yaya has quit IRC		17:44
*** annashen has quit IRC		17:47
*** annashen has joined #openstack-ansible		17:49
miguelgrinberg	odyssey4me: have you done anything with the ShibURLScheme option in the apache config?	17:50
dstanek	when you say apache do you mean mod_shib?	17:50
miguelgrinberg	dstanek: yes	17:50
miguelgrinberg	odyssey4me: if ShibURLScheme is set, then that will replace the actual scheme used in the request	17:51
odyssey4me	miguelgrinberg that looks interesting - let me check that\	17:51
miguelgrinberg	funny that the only way to find it is by reading code!	17:51
odyssey4me	miguelgrinberg hmm, different error now - but this may be a time related thing	17:54
odyssey4me	let me retry	17:54
dstanek	marek is coming in	17:56
odyssey4me	interesting, that also sets all the locations correctly now without having to use substitution	17:57
*** marekd has joined #openstack-ansible		17:57
marekd	dstanek: i am here.	17:57
dstanek	miguelgrinberg: odyssey4me: are you guys still having the problem? marekd can help	17:57
odyssey4me	not quite sure yet - hang a minute	17:57
*** jwitko has joined #openstack-ansible		17:58
odyssey4me	nope, a whole new issue now...	17:59
odyssey4me	opensaml::FatalProfileException at (https://104.130.175.111:5000/Shibboleth.sso/SAML2/POST)	17:59
odyssey4me	A valid authentication statement was not found in the incoming message.	17:59
marekd	odyssey4me: which testshib?	17:59
odyssey4me	marekd this is with ADFS this time, but only using a SAML2 configuration	18:00
odyssey4me	here's the shibd log: http://paste.openstack.org/show/381419/	18:01
marekd	odyssey4me: is it configured by ansible or still trying to configure it manually?	18:01
odyssey4me	marekd it was originally built by ansible - it's the same basic config as we used for TestShib, the difference being that SSL is now involved	18:02
marekd	odyssey4me: not really, for adfs you need shared lib to be loaded.	18:03
odyssey4me	ah, that may explain the issue here - I've been testing to see if the extra libraries and stuff really are required	18:03
*** Mudpuppy has quit IRC		18:06
marekd	odyssey4me: i can help with our cern internal tutorial	18:07
marekd	odyssey4me: http://linux.web.cern.ch/linux/scientific6/docs/shibboleth.shtml it starts here but the most intersting stuff is here: http://linux.web.cern.ch/linux/scientific6/docs/shibboleth/shibboleth2.xml \| grep adfs.so	18:08
*** KLevenstein is now known as KL-away		18:08
*** yaya has joined #openstack-ansible		18:09
*** sdake has joined #openstack-ansible		18:13
odyssey4me	marekd ok, this appears to be something to do with my bad ssl encryption - not the actual config	18:15
odyssey4me	let me relocate and continue when I get home - I think this may be resolved	18:15
odyssey4me	thanks for the help marekd miguelgrinberg stevelle dstanek - chat again a bit later	18:16
stevelle	odyssey4me: sounds like good news	18:16
stevelle	laters	18:16
*** sdake_ has quit IRC		18:16
marekd	odyssey4me: ok, good luck.	18:19
odyssey4me	marekd thanks for the pointers at those docs - there're a few tweaks there that'll be useful :)	18:20
marekd	odyssey4me: happy to help.	18:21
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Adds retries and Container create/system tuning https://review.openstack.org/202268	18:26
*** TheIntern has quit IRC		18:27
*** jwagner is now known as jwagner_away		18:37
*** jwagner_away is now known as jwagner		18:59
*** annashen has quit IRC		19:00
*** galstrom_zzz is now known as galstrom		19:01
*** claco has left #openstack-ansible		19:02
*** TheIntern has joined #openstack-ansible		19:04
cloudnull	we need backport reviews on the following https://review.openstack.org/#/c/201245 https://review.openstack.org/#/c/201244	19:05
*** sdake_ has joined #openstack-ansible		19:08
odyssey4me	cloudnull done :)	19:10
cloudnull	tyvm odyssey4me	19:11
*** sdake has quit IRC		19:11
*** Mudpuppy has joined #openstack-ansible		19:30
*** bogeyon18 has joined #openstack-ansible		19:33
*** annashen has joined #openstack-ansible		19:33
*** harlowja has joined #openstack-ansible		19:49
*** harlowja_ has quit IRC		19:49
*** harlowja has quit IRC		19:52
*** harlowja has joined #openstack-ansible		19:53
*** KL-away is now known as KLevenstein		19:58
openstackgerrit	Ian Cordasco proposed stackforge/os-ansible-deployment: Add default keystone role and task to create it https://review.openstack.org/202194	20:00
*** jwagner is now known as jwagner_away		20:39
*** KLevenstein has quit IRC		20:46
odyssey4me	marekd interestingly I have a successful auth without the adfs library loads in shibboleth - probably because I'm using ADFS v3 which can handle SAML2	20:56
marekd	odyssey4me: cool!	20:57
marekd	odyssey4me: so, what was wrong previously?	20:57
odyssey4me	I think it was the way I created the SSL cert for the SP - it's key was too low, so Shibboleth refused to trust it - well, I saw something about blacklisted ciphers	20:58
odyssey4me	this round I did better	20:59
marekd	odyssey4me: ok, so what's left is ansiblizing it? :-)	20:59
odyssey4me	most of that's already done - I just have a few more tests to do before I upload the final tweaks	21:00
*** metral is now known as metral_zzz		21:25
*** mattt1 is now known as mattt		21:26
*** mattt has quit IRC		21:26
*** mattt has joined #openstack-ansible		21:26
*** TheIntern has quit IRC		21:31
*** yaya has quit IRC		21:32
palendae	cloudnull: Isn't there an ansible-playbook command I can run that'll generate an inventory file from teh user config, but not actually do the plays?	21:33
cloudnull	no, however you can run the inventory/dynamic_inventory.py script	21:33
palendae	Ok, was doing that	21:33
cloudnull	from the playbooks directory	21:33
palendae	Yeah	21:33
cloudnull	that should render / create the inventory	21:34
palendae	Hrm	21:34
palendae	Do I need to explicitly pass the file as an arg?	21:34
palendae	Getting a type error, might have a typo in my file	21:34
palendae	Ah, network_hosts is empty	21:35
Mudpuppy	damn yml	21:35
palendae	Wait, no	21:35
palendae	O.o	21:35
*** alop has quit IRC		21:36
*** aerisosteam has joined #openstack-ansible		21:42
palendae	Missing colon, woo	21:43
*** annashen has quit IRC		21:57
*** TheIntern has joined #openstack-ansible		22:01
*** aerisosteam has quit IRC		22:02
jwitko	hey guys, on http://openstack-ansible-deployment.readthedocs.org/en/latest/install-guide/configure-glance.html -- is there where I would add netapp configuration if I want to use a netapp NFS mount for glance?	22:03
jwitko	i only see netapp config if i have a storage server. but I don't want to use storage servers as I have the netapp	22:04
cloudnull	jwitko: you can define nfs mounts like this https://github.com/stackforge/os-ansible-deployment/blob/master/playbooks/roles/os_glance/defaults/main.yml#L118-L127 which might get you there.	22:05
palendae	Interesting - that RTD project isn't associated with anyone working on the project that I'm aware of	22:06
palendae	http://osad.readthedocs.org/en/latest/ is us	22:06
cloudnull	this assumes that the containers have a route to your netapp ofcourse, but that it should work in master/kilo .	22:06
jwitko	cloudnull, so I shouldn't be doing anything to configure netapp in the /etc/openstack_deploy/openstack_user_config.yml ?	22:07
cloudnull	you can define glance_nfs_mounts as a host variable in the openstack_user_config.yml or you can set it in user_variable.yml either will work.	22:07
*** aerisosteam_ has joined #openstack-ansible		22:08
cloudnull	as a host_var it would be set like this https://github.com/stackforge/os-ansible-deployment/blob/master/etc/openstack_deploy/openstack_user_config.yml.aio#L111-L117	22:08
cloudnull	but within the os-infra_hosts section.	22:08
jwitko	cloudnull, but that assumes you have a storage server	22:09
jwitko	because I have a netapp I thought I would not need storage servers ?	22:09
cloudnull	IE http://cdn.pasteraw.com/sg3t3lajxgo7fyb288jhs69vgns7ucb	22:10
cloudnull	your netapp has to be able to do nfs essentially.	22:10
jwitko	it is	22:10
jwitko	i see in your pasteraw example it is just configured via the infra_hosts	22:11
jwitko	that is more along the lines of what i was hoping for	22:11
jwitko	does that mount point given there need to be created ahead of time?	22:11
jwitko	or will the glance playbook create that?	22:11
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395	22:11
cloudnull	it should create it if its doesnt exist already. in this case its the glance image location which the pre-install task does create.	22:11
* cloudnull looking if its auto creating the mount point.		22:12
cloudnull	yes itll create it if it doesnt exist	22:12
odyssey4me	miguelgrinberg are you around?	22:12
cloudnull	https://github.com/stackforge/os-ansible-deployment/blob/master/playbooks/roles/os_glance/tasks/glance_post_install.yml#L86-L95	22:12
miguelgrinberg	odyssey4me: yeah	22:13
miguelgrinberg	odyssey4me: success?	22:13
odyssey4me	miguelgrinberg the last patch set simplified the keystone apache config, removing the nasty substitution stuff - but with adfs I'm getting a keystone failure - it's not allowing me into the project related ot the group	22:14
miguelgrinberg	are you naming the group by name or by id in the rules?	22:14
odyssey4me	I might just be tired and not thinking straight. :/	22:14
odyssey4me	by name	22:14
miguelgrinberg	I found that you need to add the domain when you refer to the group by name	22:14
odyssey4me	I've verified the rules on my previously working adfs box, and it works as-is	22:15
odyssey4me	miguelgrinberg yep, the domain is also there	22:15
odyssey4me	the assignment of the project-group-role is there	22:15
miguelgrinberg	odyssey4me: unfortunately keystone swallows all the exceptions during the mapping process	22:16
miguelgrinberg	I figure stuff out by adding logging directly in the keystone code	22:16
jwitko	cloudnull, can i do the same with cinder_backends?	22:17
jwitko	add them as a container_vars sub-item to the os-infra_hosts ?	22:17
*** Mudpuppy has quit IRC		22:17
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395	22:18
odyssey4me	miguelgrinberg I think I'll revisit it tomorrow. How's the IdP going?	22:19
cloudnull	if all of your cinder storage is going to be powered by netapp I'd create a storage_host entry but use the same hosts as that of your infra. and set the netapp config accordingly.	22:19
cloudnull	which is outlined here https://github.com/stackforge/os-ansible-deployment/blob/master/etc/openstack_deploy/openstack_user_config.yml.example#L523-L552	22:20
miguelgrinberg	odyssey4me: I'm only starting on that now, had to debug another RPC heat install that went wrong this morning	22:20
odyssey4me	miguelgrinberg ah, bother :/	22:20
miguelgrinberg	somehow this lab ended up with the Liberty version of the heat schema in the db, but heat code was kilo	22:20
odyssey4me	alright, will see your update in the morning and figure it out from there - night	22:20
miguelgrinberg	yes, hopefully I'll get the IdP done today, fingers crossed	22:21
odyssey4me	thanks for the help earlier, that extra little setting for https eally helped	22:21
odyssey4me	*really	22:21
miguelgrinberg	odyssey4me: yeah, glad it helped!	22:22
cloudnull	jwitko: so a complete config might look like this http://cdn.pasteraw.com/ewi4adra0q5k6nip2y1f74fmh0674br	22:23
*** sacharya has quit IRC		22:29
*** spotz is now known as spotz_zzz		22:34
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Change to ensure container networks are up https://review.openstack.org/202821	22:35
cloudnull	BjoernT: https://review.openstack.org/#/c/202821/1	22:35
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: [WIP] Compartmentalizing RabbitMQ https://review.openstack.org/202822	22:36
BjoernT	ok thanks	22:36
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: [WIP] Compartmentalizing RabbitMQ https://review.openstack.org/202822	22:37
*** javeriak has joined #openstack-ansible		22:39
*** defrag has quit IRC		22:40
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: New spec for compartementalize-rabbitmq https://review.openstack.org/202363	22:42
jwitko	cloudnull, sorry to bother you again but do you have any examples of Swift being setup via OSAD with NetApp ?	22:42
cloudnull	no.	22:42
*** metral_zzz is now known as metral		22:43
jwitko	from what I'm reading i'm not even sure its possible	22:43
cloudnull	i guess you could predefine the mount points	22:43
cloudnull	and then tell swift to use them	22:43
cloudnull	but i've never done that, nor do i know if it works.	22:43
*** alop has joined #openstack-ansible		22:43
cloudnull	but thers no tooling built for something like that at this point within the OSAD project.	22:44
* cloudnull going home		22:44
cloudnull	take care guys	22:44
jwitko	thanks	22:44
*** aerisosteam_ has left #openstack-ansible		22:51
*** aerisosteam_ has quit IRC		22:51
*** BjoernT has quit IRC		22:59
*** sdake_ has quit IRC		23:12
*** daneyon_ has left #openstack-ansible		23:15
*** galstrom is now known as galstrom_zzz		23:16
*** openstackstatus has joined #openstack-ansible		23:33
*** ChanServ sets mode: +v openstackstatus		23:33
*** britthouser has quit IRC		23:47
*** britthouser has joined #openstack-ansible		23:50
*** jaypipes has quit IRC		23:50

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!