Thursday, 2015-09-17

*** shoutm has joined #openstack-ansible00:02
*** markvoelker has joined #openstack-ansible00:06
*** cloudtrainme has joined #openstack-ansible00:08
*** markvoelker has quit IRC00:11
*** devlaps has quit IRC00:15
*** abitha has quit IRC00:41
*** abitha has joined #openstack-ansible00:42
*** abitha has quit IRC00:46
*** sigmavirus24 is now known as sigmavirus24_awa00:48
*** markvoelker has joined #openstack-ansible01:06
*** jmckind has joined #openstack-ansible01:16
*** jmckind has quit IRC01:17
*** shoutm has quit IRC01:55
*** shoutm has joined #openstack-ansible02:19
*** cloudtrainme has quit IRC03:29
*** tlian has quit IRC03:32
*** tlian has joined #openstack-ansible03:40
*** sdake_ has joined #openstack-ansible03:51
*** sdake has quit IRC03:54
*** fawadkhaliq has joined #openstack-ansible04:15
*** shoutm_ has joined #openstack-ansible04:17
*** shoutm has quit IRC04:19
*** sdake has joined #openstack-ansible04:46
*** sdake_ has quit IRC04:49
*** shoutm_ has quit IRC04:50
*** shoutm has joined #openstack-ansible04:52
*** shoutm has quit IRC05:06
*** shoutm has joined #openstack-ansible05:10
*** shoutm has quit IRC05:41
openstackgerritKevin Carter proposed openstack/openstack-ansible: Break apart and document the upgrade process  https://review.openstack.org/22413705:42
*** shoutm has joined #openstack-ansible05:43
*** cloudtrainme has joined #openstack-ansible05:54
*** cloudtrainme has quit IRC05:54
*** cloudtrainme has joined #openstack-ansible05:55
*** cloudtrainme has quit IRC05:55
*** harlowja has quit IRC06:29
*** markvoelker has quit IRC06:53
*** javeriak has joined #openstack-ansible07:02
*** javeriak_ has joined #openstack-ansible07:09
*** javeriak has quit IRC07:09
*** fawadkhaliq has quit IRC07:17
*** javeriak has joined #openstack-ansible07:18
*** javeriak_ has quit IRC07:19
*** gparaskevas has joined #openstack-ansible07:40
*** fawadkhaliq has joined #openstack-ansible07:51
*** markvoelker has joined #openstack-ansible07:54
*** javeriak has quit IRC07:57
*** markvoelker has quit IRC07:59
-openstackstatus- NOTICE: Gate is currently stuck, failing grenade upgrade tests due the release of oslo.utils 1.4.1 for Juno.08:00
*** javeriak has joined #openstack-ansible08:04
*** shoutm_ has joined #openstack-ansible08:06
*** shoutm has quit IRC08:08
evrardjpgood morning08:36
evrardjpmgariepy: I've noticed a painly issue in the keepalived system: It currently doesn't allow the user to set his own variables unless adapting the playbook08:37
evrardjpI should address this in the future by removing the var_files section, and have the vars defined in the group_vars08:37
evrardjpthis way the master can override the variables just for him08:38
evrardjpor create an unique file for master/backup, that has variables' values set conditionnaly08:40
evrardjpin the meantime, I'll publish a workaround08:55
evrardjpI have an issue pushing to gerrit right now, because I updated my upstream repo to openstack instead of stackforge, but gerrit is still pointing to stackforge09:01
evrardjpgit review -s doesn't seem to work09:01
evrardjpany idea?09:01
evrardjpI'd like to not kill my current directory09:02
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible: Implementation of keepalived for haproxy  https://review.openstack.org/21881809:05
evrardjpok editing to the CORRECT names in .git/config worked09:06
*** javeriak has quit IRC09:08
openstackgerritMerged openstack/openstack-ansible: Add AIO build docs  https://review.openstack.org/22374209:19
openstackgerritMatt Thompson proposed openstack/openstack-ansible: Add neutron_migrations_facts module  https://review.openstack.org/21975909:27
*** fawadkhaliq has quit IRC09:42
*** fawadkhaliq has joined #openstack-ansible09:43
*** fawadkhaliq has quit IRC09:47
*** markvoelker has joined #openstack-ansible09:55
*** javeriak has joined #openstack-ansible10:00
*** markvoelker has quit IRC10:00
*** fawadkhaliq has joined #openstack-ansible10:02
*** javeriak has quit IRC10:05
*** cfarquhar has quit IRC10:06
*** cfarquhar has joined #openstack-ansible10:08
*** cfarquhar has quit IRC10:08
*** cfarquhar has joined #openstack-ansible10:08
-openstackstatus- NOTICE: Gate back to normal, thanks to the backlisting of the problematic version10:14
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update juno for new dev work - 17 Sep 2015  https://review.openstack.org/22455910:25
evrardjpDid someone have issues with cinder's netapp snapshots?10:30
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update kilo for new dev work - 17 Sep 2015  https://review.openstack.org/22456210:30
evrardjpOk my bad, it's me10:31
evrardjpNetApp Licensing10:35
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add auth version for legacy OpenStack clients  https://review.openstack.org/22369210:51
*** fawadkhaliq has quit IRC10:52
odyssey4meevrardjp yep, NetApp licensing is rather a pain for using the cinder features :p10:54
evrardjpare there other licenses I should have?10:54
evrardjpI have some, somewhere, some others somewhere else, I just need to know what I should need ;)10:54
evrardjpit's not well documented in cinder doc10:55
evrardjpI'll check with netapp doc10:55
*** fawadkhaliq has joined #openstack-ansible10:55
*** tiagogomes has quit IRC10:57
*** tiagogomes has joined #openstack-ansible10:58
odyssey4meit depends on whether you're going to add metadata to volume types to support the more advanced features10:58
odyssey4mestuff like thin provisioned volumes vs thick10:58
odyssey4mereplicated volumes10:59
evrardjpI don't need that10:59
evrardjpI'll stick with what I have10:59
odyssey4meI can't remember all the features off-hand, but as I recall you're able to set various things in the volume type's metadata to allow more advanced use of the back-end's features10:59
odyssey4meand the features differ from back end to back end10:59
evrardjpit's interesting to know10:59
evrardjpyeah, that's something I'd have guessed ;)10:59
evrardjpthe whole netapp iscsi cinder integration seems weird to me, so I'll limit it to the bare minimum11:01
*** daneyon_ has quit IRC11:03
evrardjpit's well documented in the latest netapp doc11:18
*** markvoelker has joined #openstack-ansible11:26
*** markvoelker has quit IRC11:31
*** sdake_ has joined #openstack-ansible11:43
*** markvoelker has joined #openstack-ansible11:47
*** sdake has quit IRC11:47
mgariepygood morning11:47
*** fawadkhaliq has quit IRC12:01
evrardjpgood morning mgariepy12:05
mgariepyhow are you doing ?12:06
evrardjpfine and you12:06
mgariepynot too bad12:06
evrardjpI've updated keepalived change12:07
mgariepyi saw the mail12:08
evrardjpoh yeah, right, you have commented on the gerrit, so you are notified ;)12:08
evrardjpit's a quick fix12:09
mgariepywouldn't it be better to include another var file on top, is it possible ?12:09
evrardjpI'll do something better later12:09
mgariepyfor haproxy config that is.12:09
evrardjpwhat do you mean?12:09
evrardjpI tried to have the list as a variable, it didn't work12:10
evrardjpdon't know why, and to be honest, I didn't take the time to check12:10
mgariepyhaproxy_config is good for both usecase12:10
mgariepyhaproxy_config.yml **12:10
evrardjpok I'm talking about something else ;)12:10
evrardjpI was talking about keepalived variables12:11
mgariepyi'm talking about : 22421812:11
mgariepyhaha yeah..12:11
mgariepyi was switching patches too fast ;)12:11
evrardjpthis change12:11
evrardjphttps://review.openstack.org/#/c/218818/10..11/playbooks/haproxy-install.yml12:11
evrardjpyeah we were on a different topic ;)12:12
evrardjpok so12:13
mgariepyis it possible to include a list of file in vars_files ?12:13
evrardjpyes12:13
evrardjpbut remember, it's not an ordered list12:13
mgariepyi tried it yesterday and it didn't work.12:13
*** sdake_ is now known as sdake12:13
evrardjpand you'll have a variable merging12:13
evrardjpyou'll NOT have variable merging12:13
evrardjp*12:13
evrardjpin var_files, you can put how many items you want, but if they have the same variable in it, it may lead to unexpected results (one is overriden by the other on runtime)12:14
mgariepywould it be better to include a file instead of overwriting in vars:12:15
evrardjpthat's what's done12:15
*** fawadkhaliq has joined #openstack-ansible12:15
evrardjpyou give one file that holds the variables12:16
evrardjpso, for your change12:16
evrardjp22421812:16
evrardjp(gerrit is slow :/)12:17
evrardjpI'd rather have another file called with the role, instead of the hack12:18
evrardjpbut that's my personal opinion12:18
mgariepywould it be possible to : add both haproxy config when the internal vip != external vip ?12:19
*** woodard has joined #openstack-ansible12:20
mgariepyeven when there is no ssl config specified ?12:20
evrardjpoh, you mean have the standard haproxy_config.yml and have an haproxy_config_ssl.yml?12:20
mgariepyjust having 2 files per service when internal is not external.12:21
mgariepyno matter if ssl is on or off.12:21
evrardjpok12:21
mgariepyintead of binding to *, you bind to both ips.12:21
evrardjpyeah, I understand12:22
evrardjpI'll work on a rewrite at/for the summit12:22
evrardjpof haproxy12:22
evrardjpplaybook12:22
mgariepylike having standar haproxy_config.yml, and add haproxy_config_internal.yml12:23
mgariepyor external, whichever is better for you.12:23
evrardjpwe could have a standard one, that runs all time12:24
mgariepywouldn't matter too much anwyay ;)12:24
evrardjpand have in the playbook another file to run when the ip differs12:24
evrardjpwhat I've done here: I've put haproxy_service_configs in my user_variables12:24
evrardjpand I've listed all the components I have12:25
evrardjpexternal/internal12:25
evrardjpI think the job done here is good, but we need to make it better in the future12:26
*** tiagogomes has quit IRC12:26
*** tiagogomes has joined #openstack-ansible12:27
evrardjpwhat I meant with my comment12:28
evrardjpwhen I look at that: https://review.openstack.org/#/c/224218/2/playbooks/haproxy-install.yml12:29
evrardjpI see a post-task that is almost doing the same as the role12:29
evrardjp(in fact 2 post_tasks)12:29
mgariepyi'm still learning ansible ;) haha12:30
evrardjpI'd rather have one role, that have this variable file when that happens12:30
evrardjpthen another line with the same role, but with a different when and different var_files12:30
evrardjpetc.12:30
evrardjpit's a more DRY approach12:31
*** markvoelker has quit IRC12:31
evrardjpwant me to draft something?12:31
mgariepyyeah12:31
evrardjpI think I may have 5 minutes in around 28 minutes ;)12:32
mgariepylol12:32
mgariepyok12:32
mgariepyor just a quick pastebin stuff to make me going.12:32
mhaydenodyssey4me: for https://review.openstack.org/223717, i was following how horizon's user-provided certs were handled -- should this all be moved into etc/openstack_deploy/user_variables.yml?12:33
odyssey4memhayden no, you've done everything perfectly in the plays/roles - it's just that variable setting is done in user_variables12:38
mhaydenokay, i'm shuffling some things around12:38
odyssey4memhayden essentially I was just suggesting that you change the docs - not change anything else12:38
mhaydenah okay -- i adjusted some of the comments in the playbook to direct users over to /etc as well12:39
*** shoutm_ has quit IRC12:46
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Add SSL/TLS listener to RabbitMQ  https://review.openstack.org/22371712:46
SamYaplemhayden: didnt get distracted this time eh?12:50
mhaydenSamYaple: what did i do?12:50
SamYaplerabbitmq12:50
SamYapleyou said you were working on it (yesterday?)12:50
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Add SSL/TLS listener to RabbitMQ  https://review.openstack.org/22371712:51
mhaydenhooray for merge conficts12:51
mhaydenSamYaple: ah yeah, i finished it up but odyssey4me had some good improvements12:52
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Add SSL/TLS listener to RabbitMQ  https://review.openstack.org/22371712:54
mhaydenforgot to add the docs to navigation.txt12:54
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Small Horizon configuration docs fix  https://review.openstack.org/22471612:57
*** pradk has joined #openstack-ansible12:58
openstackgerritMerged openstack/openstack-ansible: Small docs fix for adding compute  https://review.openstack.org/22372713:04
odyssey4mekudos to miguelgrinberg for https://developer.rackspace.com/blog/keystone-to-keystone-federation-with-openstack-ansible/ :)13:13
*** ashishjain has joined #openstack-ansible13:15
ashishjainHello13:15
ashishjainA newbie here trying to use ansible to deploy openstack13:15
ashishjainI need some help very urgently13:15
ashishjainI have go through lot of errors and was able to resolve all of them except one13:16
ashishjainwhen trying to start ansible02_nova_api_metadata_container-84457c68 I get the following error13:16
ashishjainfailed to mount '/openstack/log/ansible02_nova_api_metadata_container-84457c68' on '/usr/lib/x86_64-linux-gnu/lxc/var/log/nova13:16
*** fawadkhaliq has quit IRC13:16
odyssey4meashishjain which tag/branch are you using for your deployment?13:17
ashishjainI noticed this directory was not present "lxc/var/log/nova" .. so I manually created it13:17
ashishjainodyssey4me: It is juno13:17
odyssey4meashishjain are you not using kilo for any specific reason?13:17
evrardjpmgariepy:13:18
mgariepyhey13:18
evrardjpI'm almost on time13:18
evrardjphttps://gist.github.com/evrardjp/407c68b9e31140201d7a13:18
evrardjpI'd do something like that13:18
ashishjainodyssey4me: I wanted to try an upgrade scenario13:18
evrardjpthe first run will install the standard ones (so, the external ones)13:18
ashishjainSo I want to deploy juno first and than try out an upgrade to kilo13:18
evrardjpthe second run will trigger only when internal vip <> external vip13:19
evrardjpand will define internal configuration13:19
evrardjpit's better than nothing13:19
evrardjpbut it's not perfect13:19
evrardjpbecause it multiplies the number of backends13:19
odyssey4meashishjain juno is effectively Rackspace Private Cloud, whereas Kilo is the first community release - we'll be working on a decent upgrade framework for Kilo->Liberty... so unless you specifically have Juno already deployed, I would not bother with that test13:20
mgariepyhmm will it double the check ?13:21
evrardjpdouble the role install13:21
evrardjpwhich should be only skips13:21
evrardjpor oks13:21
evrardjpoh13:21
evrardjpabout the backends?13:21
evrardjpI don't know13:21
evrardjpthey have different names, so I think it double the checks13:22
evrardjpbut like I said, that's what I'll improve later13:22
mgariepymaybe we can do both bind in the frontend ?13:23
evrardjpwe need to refactor how variables are handled and given to role13:23
evrardjpit's possible to do it now though13:24
ashishjainodyssey4me: It has been 3-4 days since I have been trying this out. Now shall I scrap the whole stuff?13:24
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Install auditd on the host  https://review.openstack.org/22180513:24
evrardjpmgariepy: it would just need to edit the template to have a loop, and have each haproxy_bind as a list13:25
*** fawadkhaliq has joined #openstack-ansible13:25
odyssey4meashishjain kilo is different, so yes unless you have a specific investment in juno then stop wasting your time on it and rather work on kilo13:25
evrardjpbut I think there are better refactors13:25
ashishjainOdyssey4me: Okay I take your words. Regarding kilo can you point me to the documentation?13:26
mhaydenstill waiting to hear back from CIS with regard to the security hardening spec :(13:26
odyssey4meashishjain http://docs.openstack.org/developer/openstack-ansible/13:26
ashishjainodyssey4me: Thanks for your help.13:27
*** openstackgerrit has quit IRC13:31
*** openstackgerrit has joined #openstack-ansible13:31
*** shoutm has joined #openstack-ansible13:32
*** ashishjain has quit IRC13:33
mhaydenso there have only been two legal openstack threads since july and now both were started by me13:38
* mhayden feels weird13:38
evrardjpmhayden: you're not, don't worry. Just that nobody wants to have your adventures ;)13:43
mhaydenhaha13:43
mhaydenevrardjp: well my wife tells me i'm weird13:43
mhaydenbut that has nothing to do with legal discussions ;)13:43
evrardjpmmm... that's getting personal!13:43
mhaydenhaha13:43
evrardjpbtw mhayden:, about security, have you thought of documenting the ansible vault ?13:44
evrardjpI mean talking more about the wrapper openstack-ansible to add --ask-vault-pass for example ;13:44
evrardjp;)13:44
mhaydenORLY13:44
mhaydeni think the problem with security is there's like 9,999 things to tackle :P13:45
sigmavirus24_awaevrardjp: don't tell mhayden he isn't weird13:45
mhaydenhaha13:45
mhaydenOH BURN13:45
evrardjpI don't know him, he just have to get things himself ;)13:45
sigmavirus24_awamhayden: note, I didn't say you were weird13:45
sigmavirus24_awaIf mhayden thinks he's weird, then that works better for teh community13:45
sigmavirus24_awaHe'll want to prove he's normal by working harder and contributing more =P13:45
sigmavirus24_awalet's perpetuate and exploit the self-consciousness13:46
sigmavirus24_awa=P13:46
evrardjpyour analysis is interesting. Please both continue \o/13:46
*** sigmavirus24_awa is now known as sigmavirus2413:46
evrardjpvault isn't something really interesting in our case, but IIRC, it was mentionned in the doc, without giving much more info13:48
*** KLevenstein has joined #openstack-ansible13:48
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Add SSL/TLS listener to RabbitMQ  https://review.openstack.org/22371713:49
mhaydengood catch, mattt13:49
* mattt fistbumps mhayden13:50
mhaydenmattt: hold up -- pushed wrong branch i think13:50
mhaydennevermind13:51
mhayden:)13:51
* mhayden reaches for more coffee13:51
evrardjpmhayden: It's a boy or a girl? True. It's a boy and a girl? Probably false.13:52
evrardjp(I guess you know the joke, right? ;) )13:52
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Require user-provided cert AND key  https://review.openstack.org/22473413:53
mhaydenmattt: ^^ same fix for horizon ;)13:53
*** shoutm has quit IRC13:54
evrardjpI don't agree13:54
evrardjpI paid more attention to it13:54
evrardjpif you don't define one of them, you'll self sign13:55
odyssey4memhayden I'm afriad that last review is not needed13:55
mhaydenodyssey4me: the horizon one?13:56
odyssey4meyep13:56
mhaydenIIRC, it uses the same logic as the rabbitmq SSL stuff13:56
odyssey4mehttps://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_horizon/tasks/horizon_ssl_user_provided.yml#L26 already has that condition13:56
odyssey4meand there's no reason why the ca cert can't be dropped if the user certs aren't defined13:56
evrardjpdamn, you've taken my words odyssey4me13:56
mhaydenhah okay, i see what you mean13:57
mhaydenodyssey4me: can you check my logic in the rabbitmq one then?13:57
evrardjpmhayden: what's the impact of enabling SSL on rabbit, will there be lags for the components when consuming the rabbit queues?13:59
evrardjpor is there some kind of persistent connections?13:59
mhaydenevrardjp: as it stands right now, there's no lag since the regular TCP listener is still there13:59
cloudnullmorning13:59
evrardjpgood morning cloudnull13:59
evrardjpmhayden: ok13:59
openstackgerritKevin Carter proposed openstack/openstack-ansible: Break apart and document the upgrade process  https://review.openstack.org/22413713:59
cloudnullhows it today ?14:00
mhaydenevrardjp: but i'll probably take a crack at benchmarking services against SSL and against plaintext to see how they stack up14:00
mhaydenthe first step was making SSL available if someone wanted to use it ;)14:00
evrardjpit's a good step14:00
*** spotz_zzz is now known as spotz14:00
*** javeriak has joined #openstack-ansible14:00
evrardjpI think at some point we'll have to rotate or cleanup the backup_openstack_inventory.tar. Mine is 120MB right now14:02
evrardjpor compress14:02
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Lower retries of playbook runs to 2 as default value.  https://review.openstack.org/22474014:04
*** javeriak has quit IRC14:05
openstackgerritMerged openstack/openstack-ansible: Docs for named veths + troubleshooting  https://review.openstack.org/22379214:05
openstackgerritMerged openstack/openstack-ansible: Small Horizon configuration docs fix  https://review.openstack.org/22471614:06
matttevrardjp: seriously?14:07
mattthow big is your env ?14:07
matttha, on my AIO it's 21 MB14:07
*** shoutm has joined #openstack-ansible14:08
*** Bjoern_ has joined #openstack-ansible14:10
*** Mudpuppy has joined #openstack-ansible14:11
*** Mudpuppy has quit IRC14:12
*** Mudpuppy has joined #openstack-ansible14:12
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Add SSL/TLS listener to RabbitMQ  https://review.openstack.org/22371714:15
mhaydenthanks for checkin' my logic, odyssey4me14:15
odyssey4memhayden :) it's a pleasure - evrardjp and I went around the bush with that one a few times and settled on that method as a solution14:16
evrardjpmattt: hopefully, I deleted it a few times already ;)14:17
evrardjpfor a low hanging fruit security improvement (not really a feature request), can I just create the patchset for review?14:18
evrardjpor will it be hard to track?14:18
evrardjp(accross branches)14:18
odyssey4meevrardjp low hanging to you may not necessarily be simple14:19
odyssey4mebut you can always submit the review and see the response :p14:20
evrardjpI'll create the patchset, and we'll see if we need to ;)14:20
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Docs for named veths + troubleshooting  https://review.openstack.org/22475014:24
*** markvoelker has joined #openstack-ansible14:26
*** tiagogomes has quit IRC14:28
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible: Changed the Diffie Hellman parameter maximum size  https://review.openstack.org/22476014:32
*** tiagogomes has joined #openstack-ansible14:39
*** javeriak has joined #openstack-ansible14:41
*** cloudtrainme has joined #openstack-ansible14:41
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible: Changed the Diffie Hellman parameter maximum size  https://review.openstack.org/22476014:44
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible: Changed the Diffie Hellman parameter maximum size  https://review.openstack.org/22476014:46
evrardjpsorry for the spam.14:46
cloudnullspam away evrardjp, no need to be sorry !14:49
cloudnull:)14:49
openstackgerritMarc Gariépy proposed openstack/openstack-ansible: [WIP] add haproxy ssl termination for openstack public endpoint  https://review.openstack.org/22421814:51
mgariepysorry, whitespace ;(14:52
evrardjpI was already writing it ;)14:53
evrardjpso it works for you?14:53
mgariepyyeah it's working14:53
evrardjpbecause I didn't test ;)14:53
mgariepybut the role thing is a pain, would be better to not having to run it twice.14:54
evrardjpI've reviewed it14:55
evrardjpyeah ofc14:55
evrardjpbut it's far more readable14:55
evrardjplet's see what the others will tell14:56
mgariepyis the max_file_percentage required ?14:57
evrardjpnope14:57
evrardjpor at least I don't think so14:57
evrardjpit's mentionned in the past, but we should ask the others what was the rationale behind it14:57
openstackgerritMarc Gariépy proposed openstack/openstack-ansible: [WIP] add haproxy ssl termination for openstack public endpoint  https://review.openstack.org/22421814:58
tiagogomesAnyone has seen this: http://paste.openstack.org/show/466438/ ? Looks like the containers can't resolve DNS names14:59
openstackgerritMerged openstack/openstack-ansible: Docs for named veths + troubleshooting  https://review.openstack.org/22475015:00
evrardjpcat /etc/resolv.conf ?15:00
tiagogomeshttp://paste.openstack.org/show/466440/15:01
tiagogomesIf I had google's it works (8.8.8.8)15:01
evrardjptiagogomes: isn't it normal that resolvconf still appears in your resolv.conf? Is your resolv.conf file still a link, or it's a manual file?15:02
evrardjpit looks like it's coming from your infrastructure15:02
tiagogomesIt is a link /etc/resolv.conf -> ../run/resolvconf/resolv.conf15:02
*** javeriak has quit IRC15:05
*** Mudpuppy has quit IRC15:05
*** Mudpuppy has joined #openstack-ansible15:05
*** javeriak has joined #openstack-ansible15:05
mgariepythe dns is coming from the lxc template.15:08
mgariepycat /var/cache/lxc/trusty/rootfs-amd64/etc/resolvconf/resolv.conf.d/original15:08
mgariepyis the server blocked from your infra ?15:09
tiagogomesnope, I can ping then15:09
tiagogomes*#them15:09
*** javeriak has quit IRC15:10
*** javeriak has joined #openstack-ansible15:10
mgariepy10.0.3.1 is responding ?15:13
mgariepy69.20.0.164 and 196 are rackspace server and refuse connection, in the container you have a 10.0.3.x address, and .1 should respond to  the dns query. (which is dns-masq on the physical host)15:15
tiagogomesok, looks like the DNS server running on the physical host is not providing DNS15:20
tiagogomesI restarted the dnsmasq and it is now working15:22
mhaydendolphm: thanks sir15:23
*** arbrandes has joined #openstack-ansible15:25
*** gparaskevas has quit IRC15:27
*** daneyon has joined #openstack-ansible15:30
*** phalmos has joined #openstack-ansible15:31
tiagogomesmm, what's this now: fatal: [bl002-test0_galera_container-4d824b40] => {'msg': "AnsibleUndefinedVariable: One or more undefined variables: 'galera_root_password' is undefined", 'failed': True}15:33
mgariepyis the variable defined in /etc/openstack_deploy/user_secret.yml ?15:35
tiagogomesyep15:35
*** devlaps has joined #openstack-ansible15:40
*** phalmos has quit IRC15:54
*** jwagner is now known as jwagner_away15:54
tiagogomesduh, I was running ansible-playbook instead of openstack-ansbible15:54
evrardjp:)15:55
evrardjpit doesn't load the variables you put in user_* it's gonna be harder ;)15:55
cloudnullcloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, mancdaz, dolphm, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung, prometheanfire, evrardjp, arbrandes, mhayden - its that time again :)16:00
mhaydencloudnull: aaah, i have a conflict16:00
prometheanfirecloudnull: here?16:00
*** phalmos has joined #openstack-ansible16:00
cloudnull# openstack-meeting-416:00
*** shoutm has quit IRC16:05
*** jwagner_away is now known as jwagner16:14
tiagogomesnext error :) http://paste.openstack.org/show/466521/ . Any ideas?16:16
tiagogomesok, `rabbitmqctl force_boot`  might have fixed it16:19
*** sdake_ has joined #openstack-ansible16:19
*** arbrandes has quit IRC16:20
*** sdake has quit IRC16:23
*** daneyon_ has joined #openstack-ansible16:25
*** daneyon has quit IRC16:28
*** fawadkhaliq has quit IRC16:31
*** arbrandes has joined #openstack-ansible16:32
*** sdake has joined #openstack-ansible16:34
*** KLevenstein has quit IRC16:37
*** sdake_ has quit IRC16:38
*** KLevenstein has joined #openstack-ansible16:41
*** javeriak has quit IRC16:46
*** timrc_ is now known as timrc16:50
*** Bjoern_ is now known as BjoernT16:52
*** gparaskevas has joined #openstack-ansible16:56
*** arbrandes has quit IRC16:56
*** fawadkhaliq has joined #openstack-ansible16:57
odyssey4mecloudnull mhayden with regards to the lxc 'cache' creation, it seems to me that this is about all it takes: https://gist.github.com/odyssey4me/859208c8d22fee4fb8ba16:58
odyssey4meI did a package comparison to come up with the add and removal bits - although I suspect that the removals could probably mostly be left out and the adds could probably be slimmed down16:59
*** gparaskevas has quit IRC17:00
evrardjpodyssey4me: are you sure about the lxc cache? there aren't any special stuff in the trusty lxc template to optimize for lxc?17:01
evrardjpmy bad17:01
evrardjpI misread the first line17:01
evrardjpstill it would be nice to build it somewhere (wherever) and deploy it from one central location to all the physical hosts, with integrity checksum17:02
evrardjp(my opinion)17:02
evrardjpI am off for today, I'll carefully read the answers on this later! have a nice evening you all!17:03
*** harlowja has joined #openstack-ansible17:04
odyssey4meevrardjp this provides a basis17:04
odyssey4meand the image is built on each controller host in parallel, rather than doing it once and then copying them out which is a serial process17:05
odyssey4mean option we could do is use a cache build process to prep a tar.gz file and publish it on tarballs.openstack.org - but that's a little further down the line of this work which I'm exploring with mhayden :)17:06
*** abitha has joined #openstack-ansible17:07
odyssey4memiguelgrinberg odd that we're getting 'ERROR: openstack The plugin osc_password could not be found' for all master builds, which are all using openstackclient-1.6.017:08
cloudnullodyssey4me:  i think we can roll all of https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L277-L330  into that commit too17:09
odyssey4mecloudnull yeah, I'm thinking that most of the container create play can actually be done in the cache creation17:10
odyssey4meit would be more reliable, and faster.17:10
cloudnullevrardjp: ++ i agree building and distributing would be the best solution17:10
cloudnullodyssey4me:  thats what im thinking too17:10
cloudnullmhayden: noted that it even made hp function faster.17:11
cloudnullevrardjp:  i think we can get to the build distribute process in the M timeframe .17:11
cloudnullim looking forward to working on that while at the summit17:11
odyssey4meif mhayden doesn't do a follow on patch for https://review.openstack.org/224304 with the gist stuff I posted, then I'll do a WIP review on it tomorrow to test it out17:12
*** elo has joined #openstack-ansible17:12
cloudnulli think mhayden is in a meeting right now17:12
odyssey4meah ok17:12
odyssey4meI'm off for the night. Chat again tomorrow!17:13
cloudnullkk17:13
cloudnullhave a good night17:13
*** jwagner is now known as jwagner_lunch17:16
miguelgrinbergodyssey4me: sounds like it's this: https://bugs.launchpad.net/python-openstackclient/+bug/149668917:17
openstackLaunchpad bug 1496689 in python-openstackclient "osc unit tests fail with newest occ and keystoneauth" [High,New]17:17
*** jwagner_lunch is now known as jwagner17:38
mhaydencloudnull: stuck in meetings all day it seems17:54
mhaydenodyssey4me: nice icea17:56
mhaydens/icea/idea/17:56
*** javeriak has joined #openstack-ansible17:59
odyssey4memiguelgrinberg yep, that looks like it18:00
*** javeriak_ has joined #openstack-ansible18:01
*** javeriak has quit IRC18:04
*** sdake has quit IRC18:19
*** sdake has joined #openstack-ansible18:23
*** fawadkhaliq has quit IRC18:31
*** sdake has quit IRC18:31
*** fawadkhaliq has joined #openstack-ansible18:31
*** fawadkhaliq has quit IRC18:32
*** sdake has joined #openstack-ansible18:33
*** devlaps has quit IRC19:08
*** javeriak_ has quit IRC19:17
*** spotz is now known as spotz_zzz19:24
*** javeriak has joined #openstack-ansible19:27
*** javeriak has quit IRC19:27
*** spotz_zzz is now known as spotz19:33
*** sdake has quit IRC19:46
*** sdake has joined #openstack-ansible19:48
*** spotz is now known as spotz_zzz19:51
*** sdake has quit IRC19:57
*** sdake has joined #openstack-ansible20:00
*** elo has quit IRC20:06
*** elo has joined #openstack-ansible20:06
*** elo has quit IRC20:11
*** spotz_zzz is now known as spotz20:22
mhaydencloudnull: currently testing this -> https://github.com/major/openstack-ansible/commit/3ef75019e68d5517c6a734d6c260c2a82f81cd4720:27
*** woodard_ has joined #openstack-ansible20:28
*** woodard has quit IRC20:31
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Update cached LXC image in place  https://review.openstack.org/22430420:37
mhaydencloudnull: ^^ from your suggestions20:37
cloudnullawesome !20:41
* cloudnull testing no w20:41
mhaydencloudnull: so far on a RAX 8GB -> https://gist.github.com/major/ebd7542ee3daf593ab6620:42
cloudnullthats awesome considering http://logs.openstack.org/49/223349/1/check/gate-openstack-ansible-dsvm-commit/dad4546/console.html#_2015-09-15_00_02_46_07620:44
cloudnullwhich was on a rax 8GB from the infra gate20:44
*** KLevenstein has quit IRC20:44
mhaydenthat is a little time savings20:44
cloudnull292 seconds is a fair bit all things considered20:45
mhaydenalso thought about tinkering with async to snag the tarball as soon as the playbook starts20:45
cloudnulldid you happen to see https://gist.github.com/odyssey4me/859208c8d22fee4fb8ba20:46
mhaydeni like that quite a bit20:46
mhaydeni'll leave that to odyssey4me ;)20:47
mhaydenunless he was asking me to do it :P20:47
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Update cached LXC image in place  https://review.openstack.org/22430420:48
cloudnullidk if he wants to give that a go or no.20:48
cloudnullhes off sleeping , so we'll ask him the am. unless you want to do it that is .20:49
mhaydeni'll leave that super fun time for odyssey4me  ;)20:49
mhaydenwhat's with the osc plugin errors?20:49
cloudnullosc plugin errors?20:49
mhaydenyeah, seen them in a few gate jobs today20:53
mhayden2nd attempt -> openstack-ansible --forks 8 lxc-containers-create.yml ]\t218 seconds\tNumber of Attempts [ 1 ]20:54
cloudnullah. infra has been moving mirrors around today.20:54
cloudnullso there are DNS issues.20:54
mhaydenah, fun times20:54
cloudnullzuul is generally not happy right now20:55
cloudnullhttp://status.openstack.org/zuul/20:55
mhaydenhaha, wow20:55
cloudnullour recheck gates have been in queue for almost 5 hours.20:56
cloudnullso we got that going for us .20:56
cloudnull:)20:56
mhaydendang20:56
*** Mudpuppy_ has joined #openstack-ansible20:58
*** Mudpuppy_ has quit IRC21:00
*** Mudpuppy has quit IRC21:01
*** woodard_ has quit IRC21:05
mhaydencloudnull: the containers running openstack services get their pip packages from the repo server, correct?21:12
mhaydenah, i think i found it in pip_lock_down21:13
cloudnullyes21:16
cloudnullthey do21:16
cloudnulleverything does for that21:17
cloudnull... that matter ...21:17
cloudnullby default the only service that can get python from pypi is the repo server21:17
mhaydengot it21:23
mhaydenmy optimization side has taken over my brain21:24
*** phalmos has quit IRC21:25
*** k_stev has joined #openstack-ansible21:33
*** cloudtrainme has quit IRC21:37
*** tlian has quit IRC21:47
*** jaypipes has quit IRC21:47
*** elo has joined #openstack-ansible21:52
*** javeriak has joined #openstack-ansible22:01
*** mcarden has quit IRC22:04
*** mcarden has joined #openstack-ansible22:04
*** javeriak has quit IRC22:06
*** jwagner is now known as jwagner_away22:17
*** Mudpuppy has joined #openstack-ansible22:20
*** sigmavirus24 is now known as sigmavirus24_awa22:21
*** Mudpuppy has quit IRC22:25
*** spotz is now known as spotz_zzz22:37
*** woodard has joined #openstack-ansible22:58
*** elo has quit IRC23:11
*** elo has joined #openstack-ansible23:19
*** markvoelker has quit IRC23:36
cloudnullhave a good night all,23:50
*** alop has quit IRC23:50
*** shoutm has joined #openstack-ansible23:56
*** BjoernT has quit IRC23:57

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!