*** shoutm has joined #openstack-ansible | 00:02 | |
*** markvoelker has joined #openstack-ansible | 00:06 | |
*** cloudtrainme has joined #openstack-ansible | 00:08 | |
*** markvoelker has quit IRC | 00:11 | |
*** devlaps has quit IRC | 00:15 | |
*** abitha has quit IRC | 00:41 | |
*** abitha has joined #openstack-ansible | 00:42 | |
*** abitha has quit IRC | 00:46 | |
*** sigmavirus24 is now known as sigmavirus24_awa | 00:48 | |
*** markvoelker has joined #openstack-ansible | 01:06 | |
*** jmckind has joined #openstack-ansible | 01:16 | |
*** jmckind has quit IRC | 01:17 | |
*** shoutm has quit IRC | 01:55 | |
*** shoutm has joined #openstack-ansible | 02:19 | |
*** cloudtrainme has quit IRC | 03:29 | |
*** tlian has quit IRC | 03:32 | |
*** tlian has joined #openstack-ansible | 03:40 | |
*** sdake_ has joined #openstack-ansible | 03:51 | |
*** sdake has quit IRC | 03:54 | |
*** fawadkhaliq has joined #openstack-ansible | 04:15 | |
*** shoutm_ has joined #openstack-ansible | 04:17 | |
*** shoutm has quit IRC | 04:19 | |
*** sdake has joined #openstack-ansible | 04:46 | |
*** sdake_ has quit IRC | 04:49 | |
*** shoutm_ has quit IRC | 04:50 | |
*** shoutm has joined #openstack-ansible | 04:52 | |
*** shoutm has quit IRC | 05:06 | |
*** shoutm has joined #openstack-ansible | 05:10 | |
*** shoutm has quit IRC | 05:41 | |
openstackgerrit | Kevin Carter proposed openstack/openstack-ansible: Break apart and document the upgrade process https://review.openstack.org/224137 | 05:42 |
---|---|---|
*** shoutm has joined #openstack-ansible | 05:43 | |
*** cloudtrainme has joined #openstack-ansible | 05:54 | |
*** cloudtrainme has quit IRC | 05:54 | |
*** cloudtrainme has joined #openstack-ansible | 05:55 | |
*** cloudtrainme has quit IRC | 05:55 | |
*** harlowja has quit IRC | 06:29 | |
*** markvoelker has quit IRC | 06:53 | |
*** javeriak has joined #openstack-ansible | 07:02 | |
*** javeriak_ has joined #openstack-ansible | 07:09 | |
*** javeriak has quit IRC | 07:09 | |
*** fawadkhaliq has quit IRC | 07:17 | |
*** javeriak has joined #openstack-ansible | 07:18 | |
*** javeriak_ has quit IRC | 07:19 | |
*** gparaskevas has joined #openstack-ansible | 07:40 | |
*** fawadkhaliq has joined #openstack-ansible | 07:51 | |
*** markvoelker has joined #openstack-ansible | 07:54 | |
*** javeriak has quit IRC | 07:57 | |
*** markvoelker has quit IRC | 07:59 | |
-openstackstatus- NOTICE: Gate is currently stuck, failing grenade upgrade tests due the release of oslo.utils 1.4.1 for Juno. | 08:00 | |
*** javeriak has joined #openstack-ansible | 08:04 | |
*** shoutm_ has joined #openstack-ansible | 08:06 | |
*** shoutm has quit IRC | 08:08 | |
evrardjp | good morning | 08:36 |
evrardjp | mgariepy: I've noticed a painly issue in the keepalived system: It currently doesn't allow the user to set his own variables unless adapting the playbook | 08:37 |
evrardjp | I should address this in the future by removing the var_files section, and have the vars defined in the group_vars | 08:37 |
evrardjp | this way the master can override the variables just for him | 08:38 |
evrardjp | or create an unique file for master/backup, that has variables' values set conditionnaly | 08:40 |
evrardjp | in the meantime, I'll publish a workaround | 08:55 |
evrardjp | I have an issue pushing to gerrit right now, because I updated my upstream repo to openstack instead of stackforge, but gerrit is still pointing to stackforge | 09:01 |
evrardjp | git review -s doesn't seem to work | 09:01 |
evrardjp | any idea? | 09:01 |
evrardjp | I'd like to not kill my current directory | 09:02 |
openstackgerrit | Jean-Philippe Evrard proposed openstack/openstack-ansible: Implementation of keepalived for haproxy https://review.openstack.org/218818 | 09:05 |
evrardjp | ok editing to the CORRECT names in .git/config worked | 09:06 |
*** javeriak has quit IRC | 09:08 | |
openstackgerrit | Merged openstack/openstack-ansible: Add AIO build docs https://review.openstack.org/223742 | 09:19 |
openstackgerrit | Matt Thompson proposed openstack/openstack-ansible: Add neutron_migrations_facts module https://review.openstack.org/219759 | 09:27 |
*** fawadkhaliq has quit IRC | 09:42 | |
*** fawadkhaliq has joined #openstack-ansible | 09:43 | |
*** fawadkhaliq has quit IRC | 09:47 | |
*** markvoelker has joined #openstack-ansible | 09:55 | |
*** javeriak has joined #openstack-ansible | 10:00 | |
*** markvoelker has quit IRC | 10:00 | |
*** fawadkhaliq has joined #openstack-ansible | 10:02 | |
*** javeriak has quit IRC | 10:05 | |
*** cfarquhar has quit IRC | 10:06 | |
*** cfarquhar has joined #openstack-ansible | 10:08 | |
*** cfarquhar has quit IRC | 10:08 | |
*** cfarquhar has joined #openstack-ansible | 10:08 | |
-openstackstatus- NOTICE: Gate back to normal, thanks to the backlisting of the problematic version | 10:14 | |
openstackgerrit | Jesse Pretorius proposed openstack/openstack-ansible: Update juno for new dev work - 17 Sep 2015 https://review.openstack.org/224559 | 10:25 |
evrardjp | Did someone have issues with cinder's netapp snapshots? | 10:30 |
openstackgerrit | Jesse Pretorius proposed openstack/openstack-ansible: Update kilo for new dev work - 17 Sep 2015 https://review.openstack.org/224562 | 10:30 |
evrardjp | Ok my bad, it's me | 10:31 |
evrardjp | NetApp Licensing | 10:35 |
openstackgerrit | Jesse Pretorius proposed openstack/openstack-ansible: Add auth version for legacy OpenStack clients https://review.openstack.org/223692 | 10:51 |
*** fawadkhaliq has quit IRC | 10:52 | |
odyssey4me | evrardjp yep, NetApp licensing is rather a pain for using the cinder features :p | 10:54 |
evrardjp | are there other licenses I should have? | 10:54 |
evrardjp | I have some, somewhere, some others somewhere else, I just need to know what I should need ;) | 10:54 |
evrardjp | it's not well documented in cinder doc | 10:55 |
evrardjp | I'll check with netapp doc | 10:55 |
*** fawadkhaliq has joined #openstack-ansible | 10:55 | |
*** tiagogomes has quit IRC | 10:57 | |
*** tiagogomes has joined #openstack-ansible | 10:58 | |
odyssey4me | it depends on whether you're going to add metadata to volume types to support the more advanced features | 10:58 |
odyssey4me | stuff like thin provisioned volumes vs thick | 10:58 |
odyssey4me | replicated volumes | 10:59 |
evrardjp | I don't need that | 10:59 |
evrardjp | I'll stick with what I have | 10:59 |
odyssey4me | I can't remember all the features off-hand, but as I recall you're able to set various things in the volume type's metadata to allow more advanced use of the back-end's features | 10:59 |
odyssey4me | and the features differ from back end to back end | 10:59 |
evrardjp | it's interesting to know | 10:59 |
evrardjp | yeah, that's something I'd have guessed ;) | 10:59 |
evrardjp | the whole netapp iscsi cinder integration seems weird to me, so I'll limit it to the bare minimum | 11:01 |
*** daneyon_ has quit IRC | 11:03 | |
evrardjp | it's well documented in the latest netapp doc | 11:18 |
*** markvoelker has joined #openstack-ansible | 11:26 | |
*** markvoelker has quit IRC | 11:31 | |
*** sdake_ has joined #openstack-ansible | 11:43 | |
*** markvoelker has joined #openstack-ansible | 11:47 | |
*** sdake has quit IRC | 11:47 | |
mgariepy | good morning | 11:47 |
*** fawadkhaliq has quit IRC | 12:01 | |
evrardjp | good morning mgariepy | 12:05 |
mgariepy | how are you doing ? | 12:06 |
evrardjp | fine and you | 12:06 |
mgariepy | not too bad | 12:06 |
evrardjp | I've updated keepalived change | 12:07 |
mgariepy | i saw the mail | 12:08 |
evrardjp | oh yeah, right, you have commented on the gerrit, so you are notified ;) | 12:08 |
evrardjp | it's a quick fix | 12:09 |
mgariepy | wouldn't it be better to include another var file on top, is it possible ? | 12:09 |
evrardjp | I'll do something better later | 12:09 |
mgariepy | for haproxy config that is. | 12:09 |
evrardjp | what do you mean? | 12:09 |
evrardjp | I tried to have the list as a variable, it didn't work | 12:10 |
evrardjp | don't know why, and to be honest, I didn't take the time to check | 12:10 |
mgariepy | haproxy_config is good for both usecase | 12:10 |
mgariepy | haproxy_config.yml ** | 12:10 |
evrardjp | ok I'm talking about something else ;) | 12:10 |
evrardjp | I was talking about keepalived variables | 12:11 |
mgariepy | i'm talking about : 224218 | 12:11 |
mgariepy | haha yeah.. | 12:11 |
mgariepy | i was switching patches too fast ;) | 12:11 |
evrardjp | this change | 12:11 |
evrardjp | https://review.openstack.org/#/c/218818/10..11/playbooks/haproxy-install.yml | 12:11 |
evrardjp | yeah we were on a different topic ;) | 12:12 |
evrardjp | ok so | 12:13 |
mgariepy | is it possible to include a list of file in vars_files ? | 12:13 |
evrardjp | yes | 12:13 |
evrardjp | but remember, it's not an ordered list | 12:13 |
mgariepy | i tried it yesterday and it didn't work. | 12:13 |
*** sdake_ is now known as sdake | 12:13 | |
evrardjp | and you'll have a variable merging | 12:13 |
evrardjp | you'll NOT have variable merging | 12:13 |
evrardjp | * | 12:13 |
evrardjp | in var_files, you can put how many items you want, but if they have the same variable in it, it may lead to unexpected results (one is overriden by the other on runtime) | 12:14 |
mgariepy | would it be better to include a file instead of overwriting in vars: | 12:15 |
evrardjp | that's what's done | 12:15 |
*** fawadkhaliq has joined #openstack-ansible | 12:15 | |
evrardjp | you give one file that holds the variables | 12:16 |
evrardjp | so, for your change | 12:16 |
evrardjp | 224218 | 12:16 |
evrardjp | (gerrit is slow :/) | 12:17 |
evrardjp | I'd rather have another file called with the role, instead of the hack | 12:18 |
evrardjp | but that's my personal opinion | 12:18 |
mgariepy | would it be possible to : add both haproxy config when the internal vip != external vip ? | 12:19 |
*** woodard has joined #openstack-ansible | 12:20 | |
mgariepy | even when there is no ssl config specified ? | 12:20 |
evrardjp | oh, you mean have the standard haproxy_config.yml and have an haproxy_config_ssl.yml? | 12:20 |
mgariepy | just having 2 files per service when internal is not external. | 12:21 |
mgariepy | no matter if ssl is on or off. | 12:21 |
evrardjp | ok | 12:21 |
mgariepy | intead of binding to *, you bind to both ips. | 12:21 |
evrardjp | yeah, I understand | 12:22 |
evrardjp | I'll work on a rewrite at/for the summit | 12:22 |
evrardjp | of haproxy | 12:22 |
evrardjp | playbook | 12:22 |
mgariepy | like having standar haproxy_config.yml, and add haproxy_config_internal.yml | 12:23 |
mgariepy | or external, whichever is better for you. | 12:23 |
evrardjp | we could have a standard one, that runs all time | 12:24 |
mgariepy | wouldn't matter too much anwyay ;) | 12:24 |
evrardjp | and have in the playbook another file to run when the ip differs | 12:24 |
evrardjp | what I've done here: I've put haproxy_service_configs in my user_variables | 12:24 |
evrardjp | and I've listed all the components I have | 12:25 |
evrardjp | external/internal | 12:25 |
evrardjp | I think the job done here is good, but we need to make it better in the future | 12:26 |
*** tiagogomes has quit IRC | 12:26 | |
*** tiagogomes has joined #openstack-ansible | 12:27 | |
evrardjp | what I meant with my comment | 12:28 |
evrardjp | when I look at that: https://review.openstack.org/#/c/224218/2/playbooks/haproxy-install.yml | 12:29 |
evrardjp | I see a post-task that is almost doing the same as the role | 12:29 |
evrardjp | (in fact 2 post_tasks) | 12:29 |
mgariepy | i'm still learning ansible ;) haha | 12:30 |
evrardjp | I'd rather have one role, that have this variable file when that happens | 12:30 |
evrardjp | then another line with the same role, but with a different when and different var_files | 12:30 |
evrardjp | etc. | 12:30 |
evrardjp | it's a more DRY approach | 12:31 |
*** markvoelker has quit IRC | 12:31 | |
evrardjp | want me to draft something? | 12:31 |
mgariepy | yeah | 12:31 |
evrardjp | I think I may have 5 minutes in around 28 minutes ;) | 12:32 |
mgariepy | lol | 12:32 |
mgariepy | ok | 12:32 |
mgariepy | or just a quick pastebin stuff to make me going. | 12:32 |
mhayden | odyssey4me: for https://review.openstack.org/223717, i was following how horizon's user-provided certs were handled -- should this all be moved into etc/openstack_deploy/user_variables.yml? | 12:33 |
odyssey4me | mhayden no, you've done everything perfectly in the plays/roles - it's just that variable setting is done in user_variables | 12:38 |
mhayden | okay, i'm shuffling some things around | 12:38 |
odyssey4me | mhayden essentially I was just suggesting that you change the docs - not change anything else | 12:38 |
mhayden | ah okay -- i adjusted some of the comments in the playbook to direct users over to /etc as well | 12:39 |
*** shoutm_ has quit IRC | 12:46 | |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible: Add SSL/TLS listener to RabbitMQ https://review.openstack.org/223717 | 12:46 |
SamYaple | mhayden: didnt get distracted this time eh? | 12:50 |
mhayden | SamYaple: what did i do? | 12:50 |
SamYaple | rabbitmq | 12:50 |
SamYaple | you said you were working on it (yesterday?) | 12:50 |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible: Add SSL/TLS listener to RabbitMQ https://review.openstack.org/223717 | 12:51 |
mhayden | hooray for merge conficts | 12:51 |
mhayden | SamYaple: ah yeah, i finished it up but odyssey4me had some good improvements | 12:52 |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible: Add SSL/TLS listener to RabbitMQ https://review.openstack.org/223717 | 12:54 |
mhayden | forgot to add the docs to navigation.txt | 12:54 |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible: Small Horizon configuration docs fix https://review.openstack.org/224716 | 12:57 |
*** pradk has joined #openstack-ansible | 12:58 | |
openstackgerrit | Merged openstack/openstack-ansible: Small docs fix for adding compute https://review.openstack.org/223727 | 13:04 |
odyssey4me | kudos to miguelgrinberg for https://developer.rackspace.com/blog/keystone-to-keystone-federation-with-openstack-ansible/ :) | 13:13 |
*** ashishjain has joined #openstack-ansible | 13:15 | |
ashishjain | Hello | 13:15 |
ashishjain | A newbie here trying to use ansible to deploy openstack | 13:15 |
ashishjain | I need some help very urgently | 13:15 |
ashishjain | I have go through lot of errors and was able to resolve all of them except one | 13:16 |
ashishjain | when trying to start ansible02_nova_api_metadata_container-84457c68 I get the following error | 13:16 |
ashishjain | failed to mount '/openstack/log/ansible02_nova_api_metadata_container-84457c68' on '/usr/lib/x86_64-linux-gnu/lxc/var/log/nova | 13:16 |
*** fawadkhaliq has quit IRC | 13:16 | |
odyssey4me | ashishjain which tag/branch are you using for your deployment? | 13:17 |
ashishjain | I noticed this directory was not present "lxc/var/log/nova" .. so I manually created it | 13:17 |
ashishjain | odyssey4me: It is juno | 13:17 |
odyssey4me | ashishjain are you not using kilo for any specific reason? | 13:17 |
evrardjp | mgariepy: | 13:18 |
mgariepy | hey | 13:18 |
evrardjp | I'm almost on time | 13:18 |
evrardjp | https://gist.github.com/evrardjp/407c68b9e31140201d7a | 13:18 |
evrardjp | I'd do something like that | 13:18 |
ashishjain | odyssey4me: I wanted to try an upgrade scenario | 13:18 |
evrardjp | the first run will install the standard ones (so, the external ones) | 13:18 |
ashishjain | So I want to deploy juno first and than try out an upgrade to kilo | 13:18 |
evrardjp | the second run will trigger only when internal vip <> external vip | 13:19 |
evrardjp | and will define internal configuration | 13:19 |
evrardjp | it's better than nothing | 13:19 |
evrardjp | but it's not perfect | 13:19 |
evrardjp | because it multiplies the number of backends | 13:19 |
odyssey4me | ashishjain juno is effectively Rackspace Private Cloud, whereas Kilo is the first community release - we'll be working on a decent upgrade framework for Kilo->Liberty... so unless you specifically have Juno already deployed, I would not bother with that test | 13:20 |
mgariepy | hmm will it double the check ? | 13:21 |
evrardjp | double the role install | 13:21 |
evrardjp | which should be only skips | 13:21 |
evrardjp | or oks | 13:21 |
evrardjp | oh | 13:21 |
evrardjp | about the backends? | 13:21 |
evrardjp | I don't know | 13:21 |
evrardjp | they have different names, so I think it double the checks | 13:22 |
evrardjp | but like I said, that's what I'll improve later | 13:22 |
mgariepy | maybe we can do both bind in the frontend ? | 13:23 |
evrardjp | we need to refactor how variables are handled and given to role | 13:23 |
evrardjp | it's possible to do it now though | 13:24 |
ashishjain | odyssey4me: It has been 3-4 days since I have been trying this out. Now shall I scrap the whole stuff? | 13:24 |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible: Install auditd on the host https://review.openstack.org/221805 | 13:24 |
evrardjp | mgariepy: it would just need to edit the template to have a loop, and have each haproxy_bind as a list | 13:25 |
*** fawadkhaliq has joined #openstack-ansible | 13:25 | |
odyssey4me | ashishjain kilo is different, so yes unless you have a specific investment in juno then stop wasting your time on it and rather work on kilo | 13:25 |
evrardjp | but I think there are better refactors | 13:25 |
ashishjain | Odyssey4me: Okay I take your words. Regarding kilo can you point me to the documentation? | 13:26 |
mhayden | still waiting to hear back from CIS with regard to the security hardening spec :( | 13:26 |
odyssey4me | ashishjain http://docs.openstack.org/developer/openstack-ansible/ | 13:26 |
ashishjain | odyssey4me: Thanks for your help. | 13:27 |
*** openstackgerrit has quit IRC | 13:31 | |
*** openstackgerrit has joined #openstack-ansible | 13:31 | |
*** shoutm has joined #openstack-ansible | 13:32 | |
*** ashishjain has quit IRC | 13:33 | |
mhayden | so there have only been two legal openstack threads since july and now both were started by me | 13:38 |
* mhayden feels weird | 13:38 | |
evrardjp | mhayden: you're not, don't worry. Just that nobody wants to have your adventures ;) | 13:43 |
mhayden | haha | 13:43 |
mhayden | evrardjp: well my wife tells me i'm weird | 13:43 |
mhayden | but that has nothing to do with legal discussions ;) | 13:43 |
evrardjp | mmm... that's getting personal! | 13:43 |
mhayden | haha | 13:43 |
evrardjp | btw mhayden:, about security, have you thought of documenting the ansible vault ? | 13:44 |
evrardjp | I mean talking more about the wrapper openstack-ansible to add --ask-vault-pass for example ; | 13:44 |
evrardjp | ;) | 13:44 |
mhayden | ORLY | 13:44 |
mhayden | i think the problem with security is there's like 9,999 things to tackle :P | 13:45 |
sigmavirus24_awa | evrardjp: don't tell mhayden he isn't weird | 13:45 |
mhayden | haha | 13:45 |
mhayden | OH BURN | 13:45 |
evrardjp | I don't know him, he just have to get things himself ;) | 13:45 |
sigmavirus24_awa | mhayden: note, I didn't say you were weird | 13:45 |
sigmavirus24_awa | If mhayden thinks he's weird, then that works better for teh community | 13:45 |
sigmavirus24_awa | He'll want to prove he's normal by working harder and contributing more =P | 13:45 |
sigmavirus24_awa | let's perpetuate and exploit the self-consciousness | 13:46 |
sigmavirus24_awa | =P | 13:46 |
evrardjp | your analysis is interesting. Please both continue \o/ | 13:46 |
*** sigmavirus24_awa is now known as sigmavirus24 | 13:46 | |
evrardjp | vault isn't something really interesting in our case, but IIRC, it was mentionned in the doc, without giving much more info | 13:48 |
*** KLevenstein has joined #openstack-ansible | 13:48 | |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible: Add SSL/TLS listener to RabbitMQ https://review.openstack.org/223717 | 13:49 |
mhayden | good catch, mattt | 13:49 |
* mattt fistbumps mhayden | 13:50 | |
mhayden | mattt: hold up -- pushed wrong branch i think | 13:50 |
mhayden | nevermind | 13:51 |
mhayden | :) | 13:51 |
* mhayden reaches for more coffee | 13:51 | |
evrardjp | mhayden: It's a boy or a girl? True. It's a boy and a girl? Probably false. | 13:52 |
evrardjp | (I guess you know the joke, right? ;) ) | 13:52 |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible: Require user-provided cert AND key https://review.openstack.org/224734 | 13:53 |
mhayden | mattt: ^^ same fix for horizon ;) | 13:53 |
*** shoutm has quit IRC | 13:54 | |
evrardjp | I don't agree | 13:54 |
evrardjp | I paid more attention to it | 13:54 |
evrardjp | if you don't define one of them, you'll self sign | 13:55 |
odyssey4me | mhayden I'm afriad that last review is not needed | 13:55 |
mhayden | odyssey4me: the horizon one? | 13:56 |
odyssey4me | yep | 13:56 |
mhayden | IIRC, it uses the same logic as the rabbitmq SSL stuff | 13:56 |
odyssey4me | https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_horizon/tasks/horizon_ssl_user_provided.yml#L26 already has that condition | 13:56 |
odyssey4me | and there's no reason why the ca cert can't be dropped if the user certs aren't defined | 13:56 |
evrardjp | damn, you've taken my words odyssey4me | 13:56 |
mhayden | hah okay, i see what you mean | 13:57 |
mhayden | odyssey4me: can you check my logic in the rabbitmq one then? | 13:57 |
evrardjp | mhayden: what's the impact of enabling SSL on rabbit, will there be lags for the components when consuming the rabbit queues? | 13:59 |
evrardjp | or is there some kind of persistent connections? | 13:59 |
mhayden | evrardjp: as it stands right now, there's no lag since the regular TCP listener is still there | 13:59 |
cloudnull | morning | 13:59 |
evrardjp | good morning cloudnull | 13:59 |
evrardjp | mhayden: ok | 13:59 |
openstackgerrit | Kevin Carter proposed openstack/openstack-ansible: Break apart and document the upgrade process https://review.openstack.org/224137 | 13:59 |
cloudnull | hows it today ? | 14:00 |
mhayden | evrardjp: but i'll probably take a crack at benchmarking services against SSL and against plaintext to see how they stack up | 14:00 |
mhayden | the first step was making SSL available if someone wanted to use it ;) | 14:00 |
evrardjp | it's a good step | 14:00 |
*** spotz_zzz is now known as spotz | 14:00 | |
*** javeriak has joined #openstack-ansible | 14:00 | |
evrardjp | I think at some point we'll have to rotate or cleanup the backup_openstack_inventory.tar. Mine is 120MB right now | 14:02 |
evrardjp | or compress | 14:02 |
openstackgerrit | Bjoern Teipel proposed openstack/openstack-ansible: Lower retries of playbook runs to 2 as default value. https://review.openstack.org/224740 | 14:04 |
*** javeriak has quit IRC | 14:05 | |
openstackgerrit | Merged openstack/openstack-ansible: Docs for named veths + troubleshooting https://review.openstack.org/223792 | 14:05 |
openstackgerrit | Merged openstack/openstack-ansible: Small Horizon configuration docs fix https://review.openstack.org/224716 | 14:06 |
mattt | evrardjp: seriously? | 14:07 |
mattt | how big is your env ? | 14:07 |
mattt | ha, on my AIO it's 21 MB | 14:07 |
*** shoutm has joined #openstack-ansible | 14:08 | |
*** Bjoern_ has joined #openstack-ansible | 14:10 | |
*** Mudpuppy has joined #openstack-ansible | 14:11 | |
*** Mudpuppy has quit IRC | 14:12 | |
*** Mudpuppy has joined #openstack-ansible | 14:12 | |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible: Add SSL/TLS listener to RabbitMQ https://review.openstack.org/223717 | 14:15 |
mhayden | thanks for checkin' my logic, odyssey4me | 14:15 |
odyssey4me | mhayden :) it's a pleasure - evrardjp and I went around the bush with that one a few times and settled on that method as a solution | 14:16 |
evrardjp | mattt: hopefully, I deleted it a few times already ;) | 14:17 |
evrardjp | for a low hanging fruit security improvement (not really a feature request), can I just create the patchset for review? | 14:18 |
evrardjp | or will it be hard to track? | 14:18 |
evrardjp | (accross branches) | 14:18 |
odyssey4me | evrardjp low hanging to you may not necessarily be simple | 14:19 |
odyssey4me | but you can always submit the review and see the response :p | 14:20 |
evrardjp | I'll create the patchset, and we'll see if we need to ;) | 14:20 |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible: Docs for named veths + troubleshooting https://review.openstack.org/224750 | 14:24 |
*** markvoelker has joined #openstack-ansible | 14:26 | |
*** tiagogomes has quit IRC | 14:28 | |
openstackgerrit | Jean-Philippe Evrard proposed openstack/openstack-ansible: Changed the Diffie Hellman parameter maximum size https://review.openstack.org/224760 | 14:32 |
*** tiagogomes has joined #openstack-ansible | 14:39 | |
*** javeriak has joined #openstack-ansible | 14:41 | |
*** cloudtrainme has joined #openstack-ansible | 14:41 | |
openstackgerrit | Jean-Philippe Evrard proposed openstack/openstack-ansible: Changed the Diffie Hellman parameter maximum size https://review.openstack.org/224760 | 14:44 |
openstackgerrit | Jean-Philippe Evrard proposed openstack/openstack-ansible: Changed the Diffie Hellman parameter maximum size https://review.openstack.org/224760 | 14:46 |
evrardjp | sorry for the spam. | 14:46 |
cloudnull | spam away evrardjp, no need to be sorry ! | 14:49 |
cloudnull | :) | 14:49 |
openstackgerrit | Marc Gariépy proposed openstack/openstack-ansible: [WIP] add haproxy ssl termination for openstack public endpoint https://review.openstack.org/224218 | 14:51 |
mgariepy | sorry, whitespace ;( | 14:52 |
evrardjp | I was already writing it ;) | 14:53 |
evrardjp | so it works for you? | 14:53 |
mgariepy | yeah it's working | 14:53 |
evrardjp | because I didn't test ;) | 14:53 |
mgariepy | but the role thing is a pain, would be better to not having to run it twice. | 14:54 |
evrardjp | I've reviewed it | 14:55 |
evrardjp | yeah ofc | 14:55 |
evrardjp | but it's far more readable | 14:55 |
evrardjp | let's see what the others will tell | 14:56 |
mgariepy | is the max_file_percentage required ? | 14:57 |
evrardjp | nope | 14:57 |
evrardjp | or at least I don't think so | 14:57 |
evrardjp | it's mentionned in the past, but we should ask the others what was the rationale behind it | 14:57 |
openstackgerrit | Marc Gariépy proposed openstack/openstack-ansible: [WIP] add haproxy ssl termination for openstack public endpoint https://review.openstack.org/224218 | 14:58 |
tiagogomes | Anyone has seen this: http://paste.openstack.org/show/466438/ ? Looks like the containers can't resolve DNS names | 14:59 |
openstackgerrit | Merged openstack/openstack-ansible: Docs for named veths + troubleshooting https://review.openstack.org/224750 | 15:00 |
evrardjp | cat /etc/resolv.conf ? | 15:00 |
tiagogomes | http://paste.openstack.org/show/466440/ | 15:01 |
tiagogomes | If I had google's it works (8.8.8.8) | 15:01 |
evrardjp | tiagogomes: isn't it normal that resolvconf still appears in your resolv.conf? Is your resolv.conf file still a link, or it's a manual file? | 15:02 |
evrardjp | it looks like it's coming from your infrastructure | 15:02 |
tiagogomes | It is a link /etc/resolv.conf -> ../run/resolvconf/resolv.conf | 15:02 |
*** javeriak has quit IRC | 15:05 | |
*** Mudpuppy has quit IRC | 15:05 | |
*** Mudpuppy has joined #openstack-ansible | 15:05 | |
*** javeriak has joined #openstack-ansible | 15:05 | |
mgariepy | the dns is coming from the lxc template. | 15:08 |
mgariepy | cat /var/cache/lxc/trusty/rootfs-amd64/etc/resolvconf/resolv.conf.d/original | 15:08 |
mgariepy | is the server blocked from your infra ? | 15:09 |
tiagogomes | nope, I can ping then | 15:09 |
tiagogomes | *#them | 15:09 |
*** javeriak has quit IRC | 15:10 | |
*** javeriak has joined #openstack-ansible | 15:10 | |
mgariepy | 10.0.3.1 is responding ? | 15:13 |
mgariepy | 69.20.0.164 and 196 are rackspace server and refuse connection, in the container you have a 10.0.3.x address, and .1 should respond to the dns query. (which is dns-masq on the physical host) | 15:15 |
tiagogomes | ok, looks like the DNS server running on the physical host is not providing DNS | 15:20 |
tiagogomes | I restarted the dnsmasq and it is now working | 15:22 |
mhayden | dolphm: thanks sir | 15:23 |
*** arbrandes has joined #openstack-ansible | 15:25 | |
*** gparaskevas has quit IRC | 15:27 | |
*** daneyon has joined #openstack-ansible | 15:30 | |
*** phalmos has joined #openstack-ansible | 15:31 | |
tiagogomes | mm, what's this now: fatal: [bl002-test0_galera_container-4d824b40] => {'msg': "AnsibleUndefinedVariable: One or more undefined variables: 'galera_root_password' is undefined", 'failed': True} | 15:33 |
mgariepy | is the variable defined in /etc/openstack_deploy/user_secret.yml ? | 15:35 |
tiagogomes | yep | 15:35 |
*** devlaps has joined #openstack-ansible | 15:40 | |
*** phalmos has quit IRC | 15:54 | |
*** jwagner is now known as jwagner_away | 15:54 | |
tiagogomes | duh, I was running ansible-playbook instead of openstack-ansbible | 15:54 |
evrardjp | :) | 15:55 |
evrardjp | it doesn't load the variables you put in user_* it's gonna be harder ;) | 15:55 |
cloudnull | cloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, mancdaz, dolphm, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung, prometheanfire, evrardjp, arbrandes, mhayden - its that time again :) | 16:00 |
mhayden | cloudnull: aaah, i have a conflict | 16:00 |
prometheanfire | cloudnull: here? | 16:00 |
*** phalmos has joined #openstack-ansible | 16:00 | |
cloudnull | # openstack-meeting-4 | 16:00 |
*** shoutm has quit IRC | 16:05 | |
*** jwagner_away is now known as jwagner | 16:14 | |
tiagogomes | next error :) http://paste.openstack.org/show/466521/ . Any ideas? | 16:16 |
tiagogomes | ok, `rabbitmqctl force_boot` might have fixed it | 16:19 |
*** sdake_ has joined #openstack-ansible | 16:19 | |
*** arbrandes has quit IRC | 16:20 | |
*** sdake has quit IRC | 16:23 | |
*** daneyon_ has joined #openstack-ansible | 16:25 | |
*** daneyon has quit IRC | 16:28 | |
*** fawadkhaliq has quit IRC | 16:31 | |
*** arbrandes has joined #openstack-ansible | 16:32 | |
*** sdake has joined #openstack-ansible | 16:34 | |
*** KLevenstein has quit IRC | 16:37 | |
*** sdake_ has quit IRC | 16:38 | |
*** KLevenstein has joined #openstack-ansible | 16:41 | |
*** javeriak has quit IRC | 16:46 | |
*** timrc_ is now known as timrc | 16:50 | |
*** Bjoern_ is now known as BjoernT | 16:52 | |
*** gparaskevas has joined #openstack-ansible | 16:56 | |
*** arbrandes has quit IRC | 16:56 | |
*** fawadkhaliq has joined #openstack-ansible | 16:57 | |
odyssey4me | cloudnull mhayden with regards to the lxc 'cache' creation, it seems to me that this is about all it takes: https://gist.github.com/odyssey4me/859208c8d22fee4fb8ba | 16:58 |
odyssey4me | I did a package comparison to come up with the add and removal bits - although I suspect that the removals could probably mostly be left out and the adds could probably be slimmed down | 16:59 |
*** gparaskevas has quit IRC | 17:00 | |
evrardjp | odyssey4me: are you sure about the lxc cache? there aren't any special stuff in the trusty lxc template to optimize for lxc? | 17:01 |
evrardjp | my bad | 17:01 |
evrardjp | I misread the first line | 17:01 |
evrardjp | still it would be nice to build it somewhere (wherever) and deploy it from one central location to all the physical hosts, with integrity checksum | 17:02 |
evrardjp | (my opinion) | 17:02 |
evrardjp | I am off for today, I'll carefully read the answers on this later! have a nice evening you all! | 17:03 |
*** harlowja has joined #openstack-ansible | 17:04 | |
odyssey4me | evrardjp this provides a basis | 17:04 |
odyssey4me | and the image is built on each controller host in parallel, rather than doing it once and then copying them out which is a serial process | 17:05 |
odyssey4me | an option we could do is use a cache build process to prep a tar.gz file and publish it on tarballs.openstack.org - but that's a little further down the line of this work which I'm exploring with mhayden :) | 17:06 |
*** abitha has joined #openstack-ansible | 17:07 | |
odyssey4me | miguelgrinberg odd that we're getting 'ERROR: openstack The plugin osc_password could not be found' for all master builds, which are all using openstackclient-1.6.0 | 17:08 |
cloudnull | odyssey4me: i think we can roll all of https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L277-L330 into that commit too | 17:09 |
odyssey4me | cloudnull yeah, I'm thinking that most of the container create play can actually be done in the cache creation | 17:10 |
odyssey4me | it would be more reliable, and faster. | 17:10 |
cloudnull | evrardjp: ++ i agree building and distributing would be the best solution | 17:10 |
cloudnull | odyssey4me: thats what im thinking too | 17:10 |
cloudnull | mhayden: noted that it even made hp function faster. | 17:11 |
cloudnull | evrardjp: i think we can get to the build distribute process in the M timeframe . | 17:11 |
cloudnull | im looking forward to working on that while at the summit | 17:11 |
odyssey4me | if mhayden doesn't do a follow on patch for https://review.openstack.org/224304 with the gist stuff I posted, then I'll do a WIP review on it tomorrow to test it out | 17:12 |
*** elo has joined #openstack-ansible | 17:12 | |
cloudnull | i think mhayden is in a meeting right now | 17:12 |
odyssey4me | ah ok | 17:12 |
odyssey4me | I'm off for the night. Chat again tomorrow! | 17:13 |
cloudnull | kk | 17:13 |
cloudnull | have a good night | 17:13 |
*** jwagner is now known as jwagner_lunch | 17:16 | |
miguelgrinberg | odyssey4me: sounds like it's this: https://bugs.launchpad.net/python-openstackclient/+bug/1496689 | 17:17 |
openstack | Launchpad bug 1496689 in python-openstackclient "osc unit tests fail with newest occ and keystoneauth" [High,New] | 17:17 |
*** jwagner_lunch is now known as jwagner | 17:38 | |
mhayden | cloudnull: stuck in meetings all day it seems | 17:54 |
mhayden | odyssey4me: nice icea | 17:56 |
mhayden | s/icea/idea/ | 17:56 |
*** javeriak has joined #openstack-ansible | 17:59 | |
odyssey4me | miguelgrinberg yep, that looks like it | 18:00 |
*** javeriak_ has joined #openstack-ansible | 18:01 | |
*** javeriak has quit IRC | 18:04 | |
*** sdake has quit IRC | 18:19 | |
*** sdake has joined #openstack-ansible | 18:23 | |
*** fawadkhaliq has quit IRC | 18:31 | |
*** sdake has quit IRC | 18:31 | |
*** fawadkhaliq has joined #openstack-ansible | 18:31 | |
*** fawadkhaliq has quit IRC | 18:32 | |
*** sdake has joined #openstack-ansible | 18:33 | |
*** devlaps has quit IRC | 19:08 | |
*** javeriak_ has quit IRC | 19:17 | |
*** spotz is now known as spotz_zzz | 19:24 | |
*** javeriak has joined #openstack-ansible | 19:27 | |
*** javeriak has quit IRC | 19:27 | |
*** spotz_zzz is now known as spotz | 19:33 | |
*** sdake has quit IRC | 19:46 | |
*** sdake has joined #openstack-ansible | 19:48 | |
*** spotz is now known as spotz_zzz | 19:51 | |
*** sdake has quit IRC | 19:57 | |
*** sdake has joined #openstack-ansible | 20:00 | |
*** elo has quit IRC | 20:06 | |
*** elo has joined #openstack-ansible | 20:06 | |
*** elo has quit IRC | 20:11 | |
*** spotz_zzz is now known as spotz | 20:22 | |
mhayden | cloudnull: currently testing this -> https://github.com/major/openstack-ansible/commit/3ef75019e68d5517c6a734d6c260c2a82f81cd47 | 20:27 |
*** woodard_ has joined #openstack-ansible | 20:28 | |
*** woodard has quit IRC | 20:31 | |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible: Update cached LXC image in place https://review.openstack.org/224304 | 20:37 |
mhayden | cloudnull: ^^ from your suggestions | 20:37 |
cloudnull | awesome ! | 20:41 |
* cloudnull testing no w | 20:41 | |
mhayden | cloudnull: so far on a RAX 8GB -> https://gist.github.com/major/ebd7542ee3daf593ab66 | 20:42 |
cloudnull | thats awesome considering http://logs.openstack.org/49/223349/1/check/gate-openstack-ansible-dsvm-commit/dad4546/console.html#_2015-09-15_00_02_46_076 | 20:44 |
cloudnull | which was on a rax 8GB from the infra gate | 20:44 |
*** KLevenstein has quit IRC | 20:44 | |
mhayden | that is a little time savings | 20:44 |
cloudnull | 292 seconds is a fair bit all things considered | 20:45 |
mhayden | also thought about tinkering with async to snag the tarball as soon as the playbook starts | 20:45 |
cloudnull | did you happen to see https://gist.github.com/odyssey4me/859208c8d22fee4fb8ba | 20:46 |
mhayden | i like that quite a bit | 20:46 |
mhayden | i'll leave that to odyssey4me ;) | 20:47 |
mhayden | unless he was asking me to do it :P | 20:47 |
openstackgerrit | Major Hayden proposed openstack/openstack-ansible: Update cached LXC image in place https://review.openstack.org/224304 | 20:48 |
cloudnull | idk if he wants to give that a go or no. | 20:48 |
cloudnull | hes off sleeping , so we'll ask him the am. unless you want to do it that is . | 20:49 |
mhayden | i'll leave that super fun time for odyssey4me ;) | 20:49 |
mhayden | what's with the osc plugin errors? | 20:49 |
cloudnull | osc plugin errors? | 20:49 |
mhayden | yeah, seen them in a few gate jobs today | 20:53 |
mhayden | 2nd attempt -> openstack-ansible --forks 8 lxc-containers-create.yml ]\t218 seconds\tNumber of Attempts [ 1 ] | 20:54 |
cloudnull | ah. infra has been moving mirrors around today. | 20:54 |
cloudnull | so there are DNS issues. | 20:54 |
mhayden | ah, fun times | 20:54 |
cloudnull | zuul is generally not happy right now | 20:55 |
cloudnull | http://status.openstack.org/zuul/ | 20:55 |
mhayden | haha, wow | 20:55 |
cloudnull | our recheck gates have been in queue for almost 5 hours. | 20:56 |
cloudnull | so we got that going for us . | 20:56 |
cloudnull | :) | 20:56 |
mhayden | dang | 20:56 |
*** Mudpuppy_ has joined #openstack-ansible | 20:58 | |
*** Mudpuppy_ has quit IRC | 21:00 | |
*** Mudpuppy has quit IRC | 21:01 | |
*** woodard_ has quit IRC | 21:05 | |
mhayden | cloudnull: the containers running openstack services get their pip packages from the repo server, correct? | 21:12 |
mhayden | ah, i think i found it in pip_lock_down | 21:13 |
cloudnull | yes | 21:16 |
cloudnull | they do | 21:16 |
cloudnull | everything does for that | 21:17 |
cloudnull | ... that matter ... | 21:17 |
cloudnull | by default the only service that can get python from pypi is the repo server | 21:17 |
mhayden | got it | 21:23 |
mhayden | my optimization side has taken over my brain | 21:24 |
*** phalmos has quit IRC | 21:25 | |
*** k_stev has joined #openstack-ansible | 21:33 | |
*** cloudtrainme has quit IRC | 21:37 | |
*** tlian has quit IRC | 21:47 | |
*** jaypipes has quit IRC | 21:47 | |
*** elo has joined #openstack-ansible | 21:52 | |
*** javeriak has joined #openstack-ansible | 22:01 | |
*** mcarden has quit IRC | 22:04 | |
*** mcarden has joined #openstack-ansible | 22:04 | |
*** javeriak has quit IRC | 22:06 | |
*** jwagner is now known as jwagner_away | 22:17 | |
*** Mudpuppy has joined #openstack-ansible | 22:20 | |
*** sigmavirus24 is now known as sigmavirus24_awa | 22:21 | |
*** Mudpuppy has quit IRC | 22:25 | |
*** spotz is now known as spotz_zzz | 22:37 | |
*** woodard has joined #openstack-ansible | 22:58 | |
*** elo has quit IRC | 23:11 | |
*** elo has joined #openstack-ansible | 23:19 | |
*** markvoelker has quit IRC | 23:36 | |
cloudnull | have a good night all, | 23:50 |
*** alop has quit IRC | 23:50 | |
*** shoutm has joined #openstack-ansible | 23:56 | |
*** BjoernT has quit IRC | 23:57 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!