Friday, 2015-07-24

*** annashen has joined #openstack-ansible		00:32
*** annashen has quit IRC		00:37
*** sigmavirus24_awa is now known as sigmavirus24		00:47
*** alop has quit IRC		01:14
*** markvoelker has joined #openstack-ansible		01:25
*** annashen has joined #openstack-ansible		01:33
*** tlian has quit IRC		01:50
*** sigmavirus24 is now known as sigmavirus24_awa		02:05
*** daneyon has quit IRC		02:09
*** galstrom_zzz is now known as galstrom		02:11
*** galstrom is now known as galstrom_zzz		02:44
*** sdake has quit IRC		03:28
*** sdake has joined #openstack-ansible		03:30
*** miguelgrinberg has quit IRC		03:35
*** markvoelker has quit IRC		03:38
*** sdake has quit IRC		03:46
*** fawadkhaliq has joined #openstack-ansible		03:47
*** markvoelker has joined #openstack-ansible		04:03
*** markvoelker has quit IRC		04:08
*** annashen has quit IRC		04:24
*** fawadk has joined #openstack-ansible		04:30
*** fawadkhaliq has quit IRC		04:33
*** annashen has joined #openstack-ansible		04:33
*** weezS has joined #openstack-ansible		04:36
*** weezS has quit IRC		04:38
*** javeriak has joined #openstack-ansible		04:59
*** markvoelker has joined #openstack-ansible		05:04
*** markvoelker has quit IRC		05:09
openstackgerrit	Matthew Thode proposed stackforge/os-ansible-deployment: Add remote procedure call tunables to nova and neutron https://review.openstack.org/205256	05:10
*** javeriak has quit IRC		05:17
*** shausy has joined #openstack-ansible		05:23
*** shausy has quit IRC		05:35
*** shausy has joined #openstack-ansible		05:35
*** javeriak has joined #openstack-ansible		05:42
*** javeriak has quit IRC		05:51
*** javeriak_ has joined #openstack-ansible		05:54
*** annashen has quit IRC		06:31
*** annashen has joined #openstack-ansible		06:36
*** vincent_vdk has quit IRC		07:05
*** markvoelker has joined #openstack-ansible		07:05
*** markvoelker has quit IRC		07:10
*** annashen has joined #openstack-ansible		07:24
*** javeriak_ has quit IRC		07:36
*** annashen has quit IRC		07:52
pellaeon	Hi, I solved the host not found issue and re-ran setup-host, setup-infrastructure, haproxy-install	07:53
pellaeon	now one of my keystone container is still stuck at os_keystone \| Ensure service tenant	07:55
pellaeon	(the other containers skipped the task)	07:56
pellaeon	uh by stuck I mean failed at the task	07:57
pellaeon	keystoneclient.openstack.common.apiclient.exceptions.NotFound: The resource could not be found. (HTTP 404)	07:57
pellaeon	seems to be the identity API version issue andymccr mentioned yesterday	08:05
pellaeon	I'm still seeing requests like this "GET /v2.0/domains HTTP/1.1" 404 344 "-" "python-keystoneclient"	08:05
*** shausy has quit IRC		08:10
*** shausy has joined #openstack-ansible		08:10
*** javeriak has joined #openstack-ansible		08:12
*** pilgrimstack has joined #openstack-ansible		08:12
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Document required repository hosts config info https://review.openstack.org/202258	08:44
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Wrapper script to perform K2K federated login https://review.openstack.org/203859	08:45
*** javeriak has quit IRC		08:48
*** markvoelker has joined #openstack-ansible		08:51
odyssey4me	pellaeon have you done the basics - 1) set the value of debug to true, 2) checked whether the keystone service is running and showing any exceptions, 3) accessed the keystone endpoint using the token and admin endpoint to verify what has and hasn't been setup?	08:54
*** markvoelker has quit IRC		08:56
andymccr	404 sounds like the endpoints are wrong based on the auth version perhaps.	08:58
odyssey4me	that's true - it's possible that an old user_group_vars.yml is present in /etc/openstack_deploy/	09:02
odyssey4me	it may be overriding the endpoint to use with the wrong bits	09:03
prometheanfire	odyssey4me: moin :P	09:03
odyssey4me	eish prometheanfire what's you doing up so late?	09:04
prometheanfire	odyssey4me: mind reviewing the kilo and juno versions?	09:04
prometheanfire	odyssey4me: I always am	09:04
prometheanfire	well, not always THIS late, but usually asleep by 3 am	09:04
*** shausy has quit IRC		09:04
*** shausy has joined #openstack-ansible		09:05
prometheanfire	cool :D	09:05
odyssey4me	prometheanfire for juno are you sure the same defaults apply?	09:06
prometheanfire	yes	09:06
prometheanfire	I verified	09:06
odyssey4me	ok cool	09:06
pellaeon	my openrc has this line:	09:06
pellaeon	export OS_IDENTITY_API_VERSION=2	09:06
odyssey4me	pellaeon you're on master, right?	09:07
pellaeon	and	09:07
pellaeon	export OS_AUTH_URL=http://172.29.236.19:5000/v2.0	09:07
prometheanfire	odyssey4me: anyway, I'll sleep now, nn	09:07
pellaeon	odyssey4me: yes	09:07
odyssey4me	pellaeon what's your last merge in the git log?	09:07
odyssey4me	prometheanfire sleep well :)	09:08
pellaeon	uh, I'm on 16ac504 Fix glance_nfs_client setting actually	09:08
odyssey4me	pellaeon ok, check whether you have a file called user_group_vars.yml in /etc/openstack_deploy/	09:09
pellaeon	odyssey4me: yes I do	09:09
odyssey4me	delete it	09:09
odyssey4me	verify that your commit log shows the commit 'Moved user_group_vars to defaults'	09:09
prometheanfire	win 1	09:10
pellaeon	deleted and verified	09:10
odyssey4me	pellaeon do you have any specific endpoint overrides in your user_variables?	09:11
mattt	odyssey4me: i think he may have initially deployed before we defaulted to keystone v3	09:11
odyssey4me	mattt that's possible	09:12
odyssey4me	pellaeon try executing: cd /opt/os-ansible-deployment/playbooks; openstack-ansible os-keystone-install.yml	09:13
pellaeon	no endpoint overrides	09:14
pellaeon	mattt: i think that's the case	09:14
odyssey4me	note that the reason that the task you mentioned is only run on one keystone container is because it does the keystone service setup - ie adding the service project, users, etc... that only needs to be done once, so it's only done on the first keystone container	09:14
pellaeon	because before I switched to master I deployed in kilo branch	09:15
*** shausy has quit IRC		09:16
pellaeon	now running os-keystone-install	09:16
mattt	palendae: what is confusing me is that the openrc gets created very eraly in os-keystone-install	09:16
mattt	so i'm not sure why that file isn't getting updated	09:17
mattt	if it's still writing /v2 then you must have some legacy vars lying around	09:17
mattt	s/palendae/pellaeon/g	09:17
*** javeriak has joined #openstack-ansible		09:18
*** javeriak has quit IRC		09:19
*** javeriak has joined #openstack-ansible		09:20
odyssey4me	mattt yeah, the user_group_vars would have been that issue	09:20
odyssey4me	but note that without https://review.openstack.org/205192 the endpoint put into openrc may still be v2	09:21
odyssey4me	the openrc is not used for the task that's failing for pellaeon	09:21
mattt	odyssey4me: yeah looking at the task you are right	09:22
mattt	we're passing in endpoint to keystone module	09:23
odyssey4me	yup	09:23
odyssey4me	pellaeon I hope that this build you're working on is not for production? What you're deploying is a blend of kilo and liberty as it comes straight from the master branches of each upstream project!	09:23
mattt	yeah i'm tempted to say rewind and re-deploy with either kilo or master	09:26
odyssey4me	sure, but if the issue is in /etc/openstack_deploy/ files then that won't help	09:28
*** javeriak has quit IRC		09:37
*** javeriak has joined #openstack-ansible		09:47
odyssey4me	hmm, in a task it is possible to loop through a list of items in a list?	10:02
odyssey4me	it does appear that you can do nested loops	10:03
andymccr	not sure you can nested loop with a list of items within a list	10:09
andymccr	nested loops is like [1, 2 ,3] [a, b, c] and then you get 1a 1b 1c, 2a, 2b, 2c, 3a, 3b, 3c.	10:10
odyssey4me	yeah, it might be with_subelements that I'm after	10:10
andymccr	that sounds better	10:10
andymccr	as long as you know the elements and they are standard	10:11
andymccr	it seems like that'd work	10:11
odyssey4me	yep, that does the trick :)	10:12
odyssey4me	that's pretty nifty actually!	10:12
openstackgerrit	Merged stackforge/os-ansible-deployment: Add remote procedure call tunables to nova and neutron https://review.openstack.org/205270	10:12
*** javeriak has quit IRC		10:20
andymccr	odyssey4me: on that idp/sp stuff - when i try do an openstack endpoint list it is trying to access keystone on the external IP now, from inside (which fails)	10:21
odyssey4me	andymccr oh dear, you have some funky firewally stuff, right?	10:22
andymccr	well not really i mean its just a normal firewall :P i could allow access but it seems weird that i need access to connect to my own local vip on external	10:23
odyssey4me	with federation all access has to go via a consistent endpoint, generally the public one in order for it to be publically accessible	10:23
odyssey4me	the openrc is typically set to use the internal endpoint though	10:24
andymccr	ok i'll allow access and see if that works then	10:24
odyssey4me	in fact yeah, openrc uses the internal endpoint - so that doesn't sound right	10:25
odyssey4me	but for horizon it'll need the public endpoint to be accessible	10:25
odyssey4me	and the SP will also expect federation bits to come in on the public endpoint	10:25
*** javeriak has joined #openstack-ansible		10:25
andymccr	debug on the command suggests it does go internal first which works, btu then it forwards out to external	10:26
odyssey4me	andymccr ah, that's likely because of the 'public_endpoint' entry in keystone.conf	10:27
odyssey4me	this is a good thing to note now - we'll have to ensure we note this in the docs	10:27
odyssey4me	it seems a little odd that the openstack client is not respecting the endpoint it's supposed ot use though	10:28
odyssey4me	might be a bug there, or we're setting the wrong env vars	10:28
andymccr	openrc file seems correct	10:28
andymccr	and it does go there first	10:28
andymccr	ok so the public endpoint value is the external VIP but that makes sense for a public endpoint	10:28
*** logan2 has quit IRC		10:47
*** javeriak_ has joined #openstack-ansible		10:49
*** logan2 has joined #openstack-ansible		10:50
*** javeriak has quit IRC		10:50
*** markvoelker has joined #openstack-ansible		10:52
*** markvoelker has quit IRC		10:57
*** openstackgerrit has quit IRC		11:01
*** openstackgerrit has joined #openstack-ansible		11:02
*** javeriak_ has quit IRC		11:09
*** javeriak has joined #openstack-ansible		11:12
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395	11:45
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Add sample Keystone Federation SP configuration for ADFS https://review.openstack.org/203736	11:47
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Add sample Keystone Federation SP configuration for ADFS https://review.openstack.org/203736	11:49
cloudull_zzz	Morning	12:16
*** cloudull_zzz is now known as cloudnull		12:16
marekd	odyssey4me: Hello boss.	12:24
marekd	odyssey4me: i forgot what was the status of your ansible/puppet/chef recipes for federation	12:25
odyssey4me	marekd haha :)	12:25
*** markvoelker has joined #openstack-ansible		12:25
marekd	too much stuff floating around	12:25
odyssey4me	we're busy working through various use-cases and refining the deployment - but we have the Keystone IDP deployment working nicely, and the Keystone SP working: confirmed to work with Keystone IDP, TestShib IDP and ADFS 3.0 (which does SAML2 properly)	12:26
odyssey4me	I still need to test the fernet tokens with federation.	12:26
marekd	odyssey4me: heh, i was about to try it now.	12:27
odyssey4me	As the WebSSO needs to use Keystone v3 endpoints, we're also working through ensuring that all the other bits work with v3 endpoints. Swift seems to have some trouble.	12:27
marekd	uh	12:28
odyssey4me	We're also busy prepping documentation for how to deploy the IDP/SP, troubleshoot issues and how to implement more complex scenarios.	12:28
marekd	ulalala, super nice	12:29
marekd	so you are good on your own :-)	12:29
odyssey4me	yeah, I think we are doing pretty well now - we're only doing saml2 with Shibboleth on the SP at this point - but can extend the method to other auth methods and mod_auth_mellon perhaps at a later stage.	12:30
odyssey4me	there is definitely room for improvement on the keystone client libraries and the openstack CLI... stuff doesn't work there without using a wrapper script	12:31
marekd	odyssey4me: hm?!	12:31
marekd	odyssey4me: can you specify?	12:31
odyssey4me	we have this one in play at the moment: https://review.openstack.org/203859	12:31
odyssey4me	you'll see the curl commands for some actions which seem to be missing from the openstack/keystone client	12:32
marekd	odyssey4me: you are talking about k2k authentication ?	12:32
marekd	odyssey4me: there is no osc code yet, as i am waiting for ksa to be released and then we will need to transit to ksa in OSC.	12:33
odyssey4me	yeah, that's primarily focused on k2k at this stage - we're looking into including the ability to get ADFS assertions using the script too, but haven't quite got that right	12:33
marekd	odyssey4me: ok, but those plugins are already implemented.	12:33
odyssey4me	oh? can you share some sort of how to for it?	12:34
marekd	odyssey4me: sure	12:34
odyssey4me	when I try to do that using the SLI tool it seems that the CLI rejects valid options	12:34
marekd	i admit there might be some mess now, as the nice plugins are not used by OSC, but definitely you don't need to use pure curl	12:34
odyssey4me	well, we'd love to help you guys revise/review patches and make it more workable - just let us know what needs some attention :)	12:35
marekd	odyssey4me: https://github.com/openstack/keystoneauth/tree/master/keystoneauth1/auth/identity/v3 -> so federation.py is a interface like class and it's a base class for real implementations of saml/adfs auth plugins that are here: https://github.com/openstack/keystoneauth-saml2/blob/master/keystoneclient_saml2/v3/saml2.py	12:36
marekd	odyssey4me: let me provide you a wrapper for those	12:37
marekd	so you will be able to use it	12:37
marekd	easily	12:37
*** prad has joined #openstack-ansible		12:37
pellaeon	mattt: after deleting user_group_vars , openrc now points keystone API version to 3	12:38
pellaeon	and os-keystone-install worked successfully	12:38
pellaeon	the issue should be just as you said, some legacy vars lying around	12:39
mattt	yay!	12:41
pellaeon	thanks a lot to you guys :-)	12:41
marekd	odyssey4me: https://gist.github.com/zaccone/f067e2036b3044b30382 for instance	12:41
pellaeon	and actually I didn't know master deploys from liberty...	12:41
mattt	pellaeon: sorry it took so long to figure out!	12:41
mattt	pellaeon: yeah, you may want to use kilo to be safe, unless you're using this for development purposes	12:42
pellaeon	so it's time to re-deploy!	12:42
odyssey4me	pellaeon excellent :)	12:42
mattt	yeah, i would recommend a re-deploy :P	12:42
mattt	i was kinda hinting at that earlier	12:42
pellaeon	mattt: it's ok, really thank you guys	12:42
pellaeon	I guess I'll re-deploy with master, then, because I need that glance_nfs_client fix	12:43
marekd	odyssey4me: from the auth plugins we are pretty much covered	12:43
mattt	pellaeon: that should get backported	12:43
odyssey4me	marekd that looks good - can that work against a non-ECP IDP endpoint?	12:43
marekd	odyssey4me: which one? ADFS for instance?	12:43
pellaeon	mattt: how long will I need to wait ?	12:43
odyssey4me	mattt the backport is already in flight :)	12:43
odyssey4me	marekd yep	12:44
pellaeon	awesome!	12:44
odyssey4me	mattt https://review.openstack.org/204320	12:44
marekd	odyssey4me: ADFS excercises slightly different workflow, but i managed to reverse engineered it and an effect is here: https://github.com/openstack/keystoneauth-saml2/blob/master/keystoneclient_saml2/v3/saml2.py#L447	12:44
odyssey4me	also, this one should go in too and get backported https://review.openstack.org/205192	12:44
*** tlian has joined #openstack-ansible		12:45
mattt	odyssey4me: i'm not sure that's the review he means?	12:45
mattt	^^^ pellaeon	12:45
pellaeon	mattt: no I mean this one https://review.openstack.org/#/c/204542/	12:45
odyssey4me	marekd so that's ADFS2, ADFS3 adheres to the SAML2 protocol properly but doesn't seem to do ECP	12:45
marekd	odyssey4me: i think somebody tested it agains adfs3	12:45
mattt	pellaeon: oh that was already backported	12:45
mattt	pellaeon: https://review.openstack.org/#/c/204954/	12:46
marekd	odyssey4me: my bet adfs3 is backwards compatible	12:46
marekd	you cannot do nonecp workflow without ecp...	12:46
pellaeon	mattt: oh, i see	12:46
pellaeon	mattt: thanks!	12:46
pellaeon	I'll re-deploy with kilo then	12:46
marekd	odyssey4me: you can try this plugin agains adfsv3	12:46
mattt	pellaeon: excellent! let us know how you get on	12:47
odyssey4me	marekd alright, one of my colleagues has been puzzling it out and will be online in 3-4 hours - I'll pass the info on if I don't get to try it out before then	12:47
marekd	puzzling adfsv3 via cmd ?	12:47
pellaeon	mattt: sure, thanks a lot you guys	12:47
marekd	ok, i will be here couple of hours more.	12:47
odyssey4me	marekd yeah, let me grab some lunch and I'll give it a go	12:47
marekd	sure	12:48
openstackgerrit	Merged stackforge/os-ansible-deployment: Adjust SSH key creation method for Nova compute https://review.openstack.org/205143	13:08
openstackgerrit	Merged stackforge/os-ansible-deployment: Adjust SSH key creation method for repo servers https://review.openstack.org/205145	13:08
*** fawadk has quit IRC		13:23
*** fawadkhaliq has joined #openstack-ansible		13:24
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Cleaned up specs directory https://review.openstack.org/202373	13:26
*** sdake has joined #openstack-ansible		13:28
*** sdake_ has joined #openstack-ansible		13:29
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Limit the distribution of .my.cnf https://review.openstack.org/203754	13:29
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Added spec to remove upstream repo dependency https://review.openstack.org/203706	13:30
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Added spec to enable systemd support within OSAD https://review.openstack.org/202368	13:30
*** annashen has joined #openstack-ansible		13:32
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Added spec to upgrade MariaDB to v10 https://review.openstack.org/203708	13:32
*** sdake has quit IRC		13:32
*** javeriak has quit IRC		13:32
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Cleaned up specs directory https://review.openstack.org/202373	13:33
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Limit the distribution of .my.cnf https://review.openstack.org/203754	13:33
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Added spec to upgrade MariaDB to v10 https://review.openstack.org/203708	13:33
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Added spec to remove upstream repo dependency https://review.openstack.org/203706	13:33
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Added spec to enable systemd support within OSAD https://review.openstack.org/202368	13:33
*** galstrom_zzz is now known as galstrom		13:34
openstackgerrit	Merged stackforge/os-ansible-deployment: Add remote procedure call tunables to nova and neutron https://review.openstack.org/205256	13:34
*** zehicle has quit IRC		13:36
*** javeriak has joined #openstack-ansible		13:43
*** annashen has quit IRC		13:46
*** sdake_ is now known as sdake		13:47
*** KLevenstein has joined #openstack-ansible		13:50
odyssey4me	blast, it would seem that when you use with_subelements and when together, the with_subelements is evaluated first, so it doesn't work when you're trying to only do the task when the variable exists	14:06
odyssey4me	cloudnull you around?	14:07
odyssey4me	ah, found a workaround - let me test it	14:09
cloudnull	odyssey4me: i am in the office now	14:13
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Fix Keystone URI/URL defaults https://review.openstack.org/205192	14:18
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395	14:19
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Add sample Keystone Federation SP configuration for ADFS https://review.openstack.org/203736	14:19
*** Mudpuppy has joined #openstack-ansible		14:20
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Updated master for new dev work - 24.07.2015 https://review.openstack.org/199126	14:21
*** sigmavirus24_awa is now known as sigmavirus24		14:23
*** javeriak has quit IRC		14:27
*** yaya has joined #openstack-ansible		14:34
odyssey4me	cloudnull so when using a with_subelements loop with ansible (which I need to do), the subelements are evaluated before the when	14:46
odyssey4me	this means that when I'm trying to iterate over lists under keystone_sp, but only when keystone_sp is defined... stuff breaks because the with_subelements is evaluated first :/	14:47
openstackgerrit	Merged stackforge/os-ansible-deployment-specs: Cleaned up specs directory https://review.openstack.org/202373	14:47
openstackgerrit	Merged stackforge/os-ansible-deployment-specs: Added spec to enable systemd support within OSAD https://review.openstack.org/202368	14:47
odyssey4me	so I'm giving it a go to do this: https://www.mail-archive.com/ansible-project@googlegroups.com/msg08307.html	14:47
cloudnull	could this be something better expressed with a filter?	14:48
odyssey4me	but my default data structure must be fubar, because I get 'subelements lookup expects a list of two items, first a dict or a list, and second a string' as an error	14:48
openstackgerrit	Merged stackforge/os-ansible-deployment-specs: Ceph block devices https://review.openstack.org/205062	14:49
cloudnull	whats the loop/data structure look like ?	14:53
odyssey4me	data structure is under keystone_sp: https://review.openstack.org/#/c/194395/58/playbooks/roles/os_keystone/defaults/main.yml,cm	14:54
odyssey4me	with_subelements loop is here: https://review.openstack.org/#/c/194395/58/playbooks/roles/os_keystone/tasks/keystone_federation_sp_idp_setup.yml,cm	14:54
odyssey4me	when the data is all defined, it works nicely - but I need to ensure that when keystone_sp is not defined then it doesn't bother with it	14:55
odyssey4me	unless there's another way to do this - I'm effectively needing to loop within a loop	14:56
odyssey4me	but only to access the set of values from the list on the inside	14:56
*** yaya has quit IRC		15:04
cloudnull	hum...	15:04
*** fawadkhaliq has quit IRC		15:04
*** spotz_zzz is now known as spotz		15:05
*** weezS has joined #openstack-ansible		15:13
*** yaya has joined #openstack-ansible		15:17
cloudnull	odyssey4me: is this subelement list something that is just trying to pull data from the "federated_identities" key ?	15:18
odyssey4me	cloudnull yep	15:18
odyssey4me	so it loops through each list item of trusted_idp_list	15:18
cloudnull	so the return is a list of hashes built from trusted_idp_list[]	15:18
odyssey4me	and for each of those, it fetches the list items of federated_identities	15:19
*** daneyon has joined #openstack-ansible		15:19
*** galstrom is now known as galstrom_zzz		15:22
*** galstrom_zzz is now known as galstrom		15:38
*** javeriak has joined #openstack-ansible		15:42
cloudnull	odyssey4me: ping	15:44
odyssey4me	cloudnull pong	15:44
cloudnull	this is the data youre looking for right http://paste.openstack.org/show/405328/ ?	15:44
odyssey4me	cloudnull yes	15:45
cloudnull	add http://paste.openstack.org/show/405329/ to the os_keystone role in a directory library/ IE os_keysone/library/keystone_sp	15:47
cloudnull	then youll have a fact http://cdn.pasteraw.com/a3g0tr1m2hmkfu9usiyzfhvy2j3da3b	15:48
cloudnull	use the lib, get the fact `keystone_federated_identities`, profit.	15:48
cloudnull	:0	15:48
cloudnull	*:)	15:48
cloudnull	the lib assumes "trusted_idp_list" will always be in the data structure, which idk if thats true when using keystone_sp , however i thought it was safe	15:49
*** galstrom is now known as galstrom_zzz		15:50
cloudnull	i chose the library route so that it could be something specific to keystone within the os_keystone role. however the same thing could be done with a filter if we wanted to carry it globally.	15:54
*** yaya has quit IRC		15:55
*** bitblt has joined #openstack-ansible		15:56
*** javeriak has quit IRC		15:57
*** javeriak has joined #openstack-ansible		15:57
cloudnull	using a filter http://paste.openstack.org/show/405342/ but like I said this will be something we'd have to carry globally.	15:59
cloudnull	which could be used to set a fact, to do the same thing as the module.	16:00
odyssey4me	cloudnull ok, those are options which we can use but I'm wondering if there isn't a way we don't have to carry any extra code	16:00
*** javeriak_ has joined #openstack-ansible		16:01
odyssey4me	I've been debugging why ansible kicks it out and it's essentially a type error when I provide a default	16:01
odyssey4me	let me work up a simple play for testing this and to show you what I'm seeing	16:01
*** javeriak has quit IRC		16:01
cloudnull	not that i've been able to find, when having to deal with a subelement conditionally.	16:02
odyssey4me	ok, so this is something you've hit before?	16:02
cloudnull	which is why i opt'd to offload into python. but if theres a way we should do that .	16:02
cloudnull	odyssey4me: yes	16:02
cloudnull	the provider_networks lib exists because of it	16:02
odyssey4me	ah	16:03
odyssey4me	so bear with me, let's work through my findings and maybe another idea will pop up	16:03
cloudnull	Sam-I-Am: and i started off doing all the things with sub elements and hit the same road block	16:03
cloudnull	kk	16:03
cloudnull	no worries.	16:03
Sam-I-Am	eh	16:04
cloudnull	the man the myth the legend	16:04
Sam-I-Am	what did i miss?	16:04
cloudnull	nothing talking about how ansible shinanigans	16:05
odyssey4me	if I do the approach outlined at https://www.mail-archive.com/ansible-project@googlegroups.com/msg08307.html (ie set the first element to 'keystone_sp.trusted_idp_list \| default([])' then ansible thinks that the first element is of <type 'str'>	16:05
*** sdake has quit IRC		16:06
odyssey4me	if I do "{{ keystone_sp.trusted_idp_list \| default([]) }}" instead, I get type unicode	16:06
odyssey4me	and basically that's the two things I get regardsless of data structure I put into default()	16:07
*** rward has quit IRC		16:07
*** javeriak_ has quit IRC		16:08
odyssey4me	I've tried putting a whole data structure in user_variables and doing that, no good	16:08
*** rward has joined #openstack-ansible		16:08
odyssey4me	it seems like default() only results in a string	16:08
odyssey4me	meh, it would seem that a module's the only option for now	16:09
odyssey4me	ansible 2 may resolve this	16:10
odyssey4me	I see a lot of changes went in around this lookup module	16:10
odyssey4me	cloudnull so the module sets a fact? the fact is then consumed like a variable, right?	16:11
*** javeriak has joined #openstack-ansible		16:13
cloudnull	yes	16:20
*** javeriak has quit IRC		16:20
*** pilgrimstack has quit IRC		16:21
cloudnull	like this http://cdn.pasteraw.com/sg7hzvmods914bvpqlt6eityz9blgqg	16:21
*** javeriak has joined #openstack-ansible		16:22
odyssey4me	cloudnull ok, trying it out	16:31
*** daneyon has quit IRC		16:38
*** daneyon has joined #openstack-ansible		16:38
cloudnull	ok.	16:42
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment: Change to set the container network MTU https://review.openstack.org/205618	16:44
* cloudnull lunching		16:45
*** javeriak has quit IRC		16:46
*** javeriak has joined #openstack-ansible		16:53
*** javeriak has quit IRC		17:03
*** annashen has joined #openstack-ansible		17:05
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395	17:07
openstackgerrit	Jesse Pretorius proposed stackforge/os-ansible-deployment: Add sample Keystone Federation SP configuration for ADFS https://review.openstack.org/203736	17:08
*** javeriak has joined #openstack-ansible		17:17
openstackgerrit	Merged stackforge/os-ansible-deployment: Adjust SSH key creation method for Keystone https://review.openstack.org/205144	17:20
*** subscope has quit IRC		17:20
openstackgerrit	Merged stackforge/os-ansible-deployment: Target AIO swift vars at specific containers https://review.openstack.org/204949	17:20
*** javeriak has quit IRC		17:23
*** javeriak has joined #openstack-ansible		17:24
openstackgerrit	Merged stackforge/os-ansible-deployment: Parse latest Tempest results https://review.openstack.org/204948	17:27
openstackgerrit	Merged stackforge/os-ansible-deployment: Restart mysql when config changed https://review.openstack.org/204545	17:27
odyssey4me	cloudnull hpcloud-b4 strikes again: http://logs.openstack.org/20/204320/3/gate/os-ansible-deployment-dsvm-check-commit/0922a6e/	17:29
*** javeriak_ has joined #openstack-ansible		17:31
*** TheIntern has joined #openstack-ansible		17:32
*** javeriak has quit IRC		17:34
*** daneyon has quit IRC		17:38
*** daneyon_ has joined #openstack-ansible		17:38
*** javeriak_ has quit IRC		17:49
*** fawadkhaliq has joined #openstack-ansible		17:53
openstackgerrit	Merged stackforge/os-ansible-deployment: Change to set the container network MTU https://review.openstack.org/204796	17:55
*** javeriak has joined #openstack-ansible		17:55
*** galstrom_zzz is now known as galstrom		17:56
*** TheIntern has quit IRC		18:03
*** TheIntern has joined #openstack-ansible		18:10
*** jwagner_away is now known as jwagner		18:12
cloudnull	odyssey4me: thats kinda of a bummer. kilo doesnt have the changes we merged yesterday for more gate logs	18:17
cloudnull	:(	18:17
cloudnull	odyssey4me: how did the module work out ?	18:17
*** annashen has quit IRC		18:19
*** annashen has joined #openstack-ansible		18:22
*** KLevenstein has quit IRC		18:22
odyssey4me	cloudnull done and dusted - it works and does what we need, I'm done with struggling... we can revisit that method when ansible 2 ships	18:24
odyssey4me	thanks for the help	18:24
cloudnull	anytime, good to know it worked out.	18:28
*** javeriak_ has joined #openstack-ansible		18:34
*** javeriak has quit IRC		18:38
*** javeriak_ has quit IRC		18:46
*** TheIntern has quit IRC		18:47
*** wmlynch has quit IRC		18:48
*** abitha has joined #openstack-ansible		18:49
openstackgerrit	Matthew Thode proposed stackforge/os-ansible-deployment: Update defaults for db_timeout/max_pool_size for nova/neutron/keystone https://review.openstack.org/205675	18:58
*** KLevenstein has joined #openstack-ansible		19:00
openstackgerrit	Matthew Thode proposed stackforge/os-ansible-deployment: Update defaults for db_timeout/max_pool_size for nova/neutron/keystone https://review.openstack.org/205678	19:01
palendae	prometheanfire: looks like your pool and timeout values are swapped between master and juno	19:04
prometheanfire	ok, lemme check	19:05
palendae	master - keystone_database_max_pool_size: 120, juno - keystone_db_max_pool_size: 30	19:05
prometheanfire	oh, will fix in juno	19:05
openstackgerrit	Matthew Thode proposed stackforge/os-ansible-deployment: Update defaults for db_timeout/max_pool_size for nova/neutron/keystone https://review.openstack.org/205678	19:06
prometheanfire	palendae: ^	19:07
*** daneyon_ has quit IRC		19:13
*** galstrom is now known as galstrom_zzz		19:14
*** daneyon has joined #openstack-ansible		19:14
*** Mudpuppy_ has joined #openstack-ansible		19:14
*** Mudpuppy has quit IRC		19:15
*** Mudpuppy_ has quit IRC		19:16
*** fawadkhaliq has quit IRC		19:21
*** fawadkhaliq has joined #openstack-ansible		19:22
*** bitblt has quit IRC		19:22
*** weezS has quit IRC		19:27
*** TheIntern has joined #openstack-ansible		19:40
*** galstrom_zzz is now known as galstrom		19:41
*** galstrom is now known as galstrom_zzz		19:44
*** annashen has quit IRC		20:10
*** galstrom_zzz is now known as galstrom		20:11
openstackgerrit	Merged stackforge/os-ansible-deployment: Moved user_group_vars to defaults https://review.openstack.org/204320	20:19
*** annashen has joined #openstack-ansible		20:23
*** fawadk has joined #openstack-ansible		20:46
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Limit the distribution of .my.cnf https://review.openstack.org/203754	20:46
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Added spec to upgrade MariaDB to v10 https://review.openstack.org/203708	20:47
openstackgerrit	Kevin Carter proposed stackforge/os-ansible-deployment-specs: Added spec to remove upstream repo dependency https://review.openstack.org/203706	20:48
*** fawadkhaliq has quit IRC		20:49
*** galstrom is now known as galstrom_zzz		20:50
*** KLevenstein has quit IRC		20:50
*** KLevenstein has joined #openstack-ansible		20:51
*** weezS has joined #openstack-ansible		20:57
*** TheIntern has quit IRC		20:59
*** KLevenstein has quit IRC		21:01
*** weezS has quit IRC		21:19
openstackgerrit	Miguel Grinberg proposed stackforge/os-ansible-deployment: Keystone Federation Service Provider Configuration https://review.openstack.org/194395	21:36
*** prad has quit IRC		21:40
*** tlian has quit IRC		21:42
*** dabernie_ has joined #openstack-ansible		21:46
*** annashen has quit IRC		21:49
*** danb__ has quit IRC		21:49
*** annashen has joined #openstack-ansible		22:09
openstackgerrit	Miguel Grinberg proposed stackforge/os-ansible-deployment: Add sample Keystone Federation SP configuration for ADFS https://review.openstack.org/203736	22:35
*** fawadk has quit IRC		22:45
*** spotz is now known as spotz_zzz		22:48
*** jwagner is now known as jwagner_away		22:49
*** annashen has quit IRC		23:11
*** markvoelker has quit IRC		23:15
*** daneyon has quit IRC		23:33
*** daneyon has joined #openstack-ansible		23:33
*** miguelgrinberg has joined #openstack-ansible		23:49
*** daneyon has quit IRC		23:49
*** daneyon has joined #openstack-ansible		23:49
*** jmccrory has quit IRC		23:54
*** jmccrory has joined #openstack-ansible		23:54

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!