Monday, 2015-09-21

« Sunday, 2015-09-20 Index Tuesday, 2015-09-22 »
*** abitha has joined #openstack-ansible00:00
*** arbrandes has joined #openstack-ansible00:13
*** sdake has joined #openstack-ansible00:20
*** abitha has quit IRC00:27
*** daneyon has joined #openstack-ansible00:41
*** sdake_ has joined #openstack-ansible00:52
*** sdake has quit IRC00:56
*** daneyon_ has joined #openstack-ansible00:56
*** daneyon has quit IRC00:59
*** daneyon_ has quit IRC01:23
*** sdake_ has quit IRC01:53
openstackgerritMerged openstack/openstack-ansible: Adding docs for HAProxy SSL configuration  https://review.openstack.org/22498002:15
pellaeoncloudnull: got it, thanks!02:20
*** sdake has joined #openstack-ansible02:26
openstackgerritKevin Carter proposed openstack/openstack-ansible: Temporarily pins to unblock gating  https://review.openstack.org/22515602:28
*** Mudpuppy has quit IRC02:28
openstackgerritKevin Carter proposed openstack/openstack-ansible: Update master for past liberty-3 for testing  https://review.openstack.org/22545902:28
openstackgerritKevin Carter proposed openstack/openstack-ansible: Temporarily pins to unblock gating  https://review.openstack.org/22515602:33
openstackgerritKevin Carter proposed openstack/openstack-ansible: [WIP] Run Cinder from a venv  https://review.openstack.org/22546302:33
openstackgerritKevin Carter proposed openstack/openstack-ansible: Update master for past liberty-3 for testing  https://review.openstack.org/22545902:33
*** sdake_ has joined #openstack-ansible02:34
*** sdake has quit IRC02:38
openstackgerritKevin Carter proposed openstack/openstack-ansible: Temporarily pins to unblock gating  https://review.openstack.org/22515602:41
*** galstrom_zzz is now known as galstrom02:55
openstackgerritKevin Carter proposed openstack/openstack-ansible: Update master for past liberty-3 for testing  https://review.openstack.org/22545903:21
openstackgerritKevin Carter proposed openstack/openstack-ansible: [WIP] Run Cinder from a venv  https://review.openstack.org/22546303:21
*** elo has joined #openstack-ansible03:33
*** ashishjain has quit IRC03:34
*** elo1 has joined #openstack-ansible03:34
*** elo2 has joined #openstack-ansible03:35
*** sdake_ has quit IRC03:35
*** elo has quit IRC03:37
*** elo1 has quit IRC03:38
*** elo2 has quit IRC03:39
*** galstrom is now known as galstrom_zzz03:41
*** elo has joined #openstack-ansible03:41
*** elo has quit IRC03:42
*** fawadkhaliq has joined #openstack-ansible04:20
*** shausy has joined #openstack-ansible05:25
*** javeriak has joined #openstack-ansible06:11
*** fawadkhaliq has quit IRC06:14
*** fawadkhaliq has joined #openstack-ansible06:15
*** fawadkhaliq has quit IRC06:19
*** javeriak has quit IRC06:36
*** shausy has quit IRC06:38
*** shausy has joined #openstack-ansible06:38
*** javeriak has joined #openstack-ansible06:47
*** javeriak_ has joined #openstack-ansible06:50
*** javeriak has quit IRC06:51
*** fawadkhaliq has joined #openstack-ansible07:08
*** gparaskekevasras has joined #openstack-ansible07:37
*** willemgf has joined #openstack-ansible07:42
tiagogomesmorning, after finishing deploying with OSAD, I can't launch VM instances with a binding_failed error. I noticed that I haven't got any neutron agent running on the compute hosts. Any ideas?07:52
*** sdake has joined #openstack-ansible07:54
*** sdake_ has joined #openstack-ansible07:55
*** gparaskekevasras has quit IRC07:56
*** gparaskevas has joined #openstack-ansible07:58
*** sdake has quit IRC07:58
gparaskevasi had problems with binding error and i changed my neutron conf07:59
gparaskevasbut i had linuxbridge agent on compute nodes running07:59
gparaskevascan you post nova-comppute.log07:59
gparaskevasand neutron/plugins/ml2/ml2.conf.ini08:00
gparaskevasfrom the compute hosts08:00
*** ashishjain has joined #openstack-ansible08:04
tiagogomesML2 configuration file: http://paste.openstack.org/show/472368/ . I don't have that eth12 interface on the compute nodes08:06
tiagogomesI also don't have any service file for the agent08:07
gparaskevaseth12 is on the neutron containers only08:09
gparaskevasits weird08:09
gparaskevaslet me chec my installation08:10
*** ashishjain has quit IRC08:10
gparaskevasyour compute hosts how many NICs?08:10
gparaskevasis that configuration file from the compute hosts or from the neutron agent container?08:13
tiagogomesfrom the compute hosts08:14
gparaskevaslooks wrong to me08:14
tiagogomesthe compute hosts physically has 2 NICs, but one is for external access and it is not being used for openstack08:15
gparaskevasok08:15
gparaskevasso you have configured interfaces with vlans?08:15
gparaskevasand then bridges?08:15
tiagogomesyes08:15
gparaskevasif the compute hosts dont have linuxbridge agent this is not going to work i thhink08:16
gparaskevascan anyone else confirm that?08:16
gparaskevaslooks like you need to reconfigure neutron08:18
tiagogomeshow so?08:20
gparaskevasdid everything succeed?08:22
gparaskevasfrom setup-openstack.yml08:22
tiagogomesyes, as far as I can tell. But I am not seeing much OpenStack related tasks. I ran the setup-everything playbook08:25
*** sdake_ has quit IRC08:26
*** fawadkhaliq has quit IRC08:26
*** gparaskevas has quit IRC08:29
tiagogomeseverything looks ok in ansilble; http://paste.openstack.org/show/472416/ . devhw7 and devhw8 are my compute hosts08:35
*** gparaskevas has joined #openstack-ansible08:35
tiagogomesmm, why is it skipping some machines : http://paste.openstack.org/show/472427/08:45
evrardjpgood morning everyone08:52
openstackgerritvenkatamahesh proposed openstack/openstack-ansible: Change the network from management to container  https://review.openstack.org/22558809:02
*** markvoelker has quit IRC09:27
evrardjpI have issue with the APIs since I moved them to https using openstack_service_publicuri_proto:https09:29
andymccrtiagogomes: it sets up the appropriate init scripts - the first ones are for neutron-server containers by the looks of it, but in lines 62+ it sets up the agents containers's init scripts etc.09:31
tiagogomesyes, but it is not setting up the scripts on the compute hosts for some reason09:36
andymccrtiagogomes: it should be - on line 86+09:45
javeriak_hey guys, am i missing something, for the last two openstack plays that i've run (keystone, glance), they are missing the *_rabbitmq_password variables in their parameter files09:52
evrardjpjaveriak_: you sure you started them by openstack-ansible and not ansible-playbook?09:53
evrardjp;)09:53
evrardjp(just a quick question to be sure the play has run correctly)09:54
evrardjpran*09:54
andymccrjaveriak_: those vars are in the user_secrets.yml file and not the separate role's defaults file.09:55
javeriak_andymccr, i checked, they didnt get generated there either09:56
evrardjpjaveriak_: the user_secrets.yml isn't automatically generated09:56
andymccrjaveriak_: did you have an existing setup, and then updated the repo? It looks like the patch to change that happened recently.09:56
andymccrso if you had an existing user_secrets they wouldn't have been added.09:56
javeriak_andymccr, no this is newish, but i cloned it last week so i may be missing the change if it came after09:57
evrardjpandymccr: true, always check if there aren't new variables in the upstream user_secrets09:57
evrardjpjaveriak_: ^09:57
javeriak_evrardjp, oh bummer, thanks guys09:58
*** fawadkhaliq has joined #openstack-ansible10:02
*** javeriak_ has quit IRC10:11
tiagogomesandymccr sorry, what do you mean?10:13
andymccrtiagogomes: for your compute hosts you should only get the linuxbridge-agent init script setup, it is being added but it loops through the required init scripts, so its skipped for all the other init scripts. in the paste that you put it gets dropped in like 86 (im guessing) which is where it isn't skipped.10:14
andymccr*line 8610:15
*** Ti-mo- has joined #openstack-ansible10:16
*** Ti-mo has quit IRC10:17
*** ashishjain has joined #openstack-ansible10:19
ashishjainhello10:19
odyssey4meevrardjp which API's are you having issues with?10:20
odyssey4me*SSL issues?10:20
evrardjpkeystone10:21
evrardjpI'll show you what I have in debug10:21
odyssey4meevrardjp are you using ssl at the LB and also at keystone - or just at the LB or just at Keystone10:21
evrardjpI'm using the default, and I'll tell you in 5 sec what it is10:22
evrardjpby default there seem to be an ssl termination on haproxy10:23
odyssey4methere is no default10:23
odyssey4methe proto has to be setup along with either haproxy_ssl or keystone_ssl set to true10:23
evrardjptrue!10:23
evrardjpI'm using haproxy_ssl: true and openstack_service_publicuri_proto:https10:24
odyssey4meok, are you using a public ca to sign your certs, or an internal ca?10:24
evrardjphttp://paste.openstack.org/show/472544/10:26
evrardjppublic ca10:26
evrardjpthe certificate is correct etc10:26
evrardjphorizon seem to work fine10:26
evrardjpI just get these kind of redirections, whatever my CLI is10:26
evrardjp(cf. paste)10:26
odyssey4meso it seems that you're being redirected to http from https10:27
evrardjpyup10:27
odyssey4mewhat entries do you have in your service catalogue?10:27
evrardjphttps in public10:27
odyssey4mehttp internal?10:28
*** markvoelker has joined #openstack-ansible10:28
evrardjpyup10:28
odyssey4meok, and in your openrc you're likely to be setting the endpoint to use to be internal, right? (that's our default)10:28
evrardjpthe internal works fine with http, the deployment works10:29
odyssey4mein the catalogue do the public and internal endpoints have the same ip?10:29
evrardjpI'm not starting the command from the utility container10:29
evrardjpnope10:29
evrardjpI'm "like a client"10:29
evrardjphe used horizon, downloaded his openrc file10:29
evrardjpand bam, not working with his/her favorite CLI10:30
odyssey4meoh I see - so the issue here is that you're outside and the internal ip/port is not accessible10:30
evrardjpnot sure10:30
odyssey4meok, there's a change you'll need to set... let me find the value10:30
evrardjpwait I'm not sure it's that10:30
evrardjpbecause keystone seem to redirect to the public endpoint without https10:30
odyssey4mekeystone_public_endpoint needs to be set to the value you want public clients to get when they query the api10:31
*** markvoelker has quit IRC10:32
odyssey4mehmm, that's possibly for the same reason - the keystone service itself thinks it's being served via http (which it is) and the content of its payload doesn't seem to reflect the switch in protocol when going via haproxy10:33
ashishjainhello10:35
ashishjainI am seeing some issue with osad10:35
ashishjainhttp://paste.openstack.org/show/472547/10:36
ashishjainwhen I run the openstack-ansible setup-infrastrucutre.yml10:36
ashishjainI hit the above error10:36
ashishjainto get rid of this error I do the following10:37
ashishjainlxc-attach -n ansible01_keystone_container-02aaa59110:37
ashishjainModify line number #4  and #23 in /etc/apache2/sites-enabled/keystone-httpd.conf  and set threads>0. i used threads=110:38
ashishjainnow manually start apache210:38
ashishjainit starts fine.10:38
ashishjainI think fix has to probbaly go to /opt/os-ansible-deploymemt/playbooks/roles/os_keystone/templates/keystone-httpd.conf.j210:39
odyssey4meashishjain what version are you running?10:40
ashishjainodyssey4me: kilo10:40
ashishjainhow is this value being set /opt/os-ansible-deploymemt/playbooks/roles/os_keystone/templates/keystone-httpd.conf.j210:40
odyssey4meashishjain https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_keystone/defaults/main.yml#L134-L13510:40
odyssey4meyou may notice that the repo url has changed and I would suggest that you update your remotes if you haven't already10:41
odyssey4meashishjain also note this change in review at the moment: https://review.openstack.org/22514510:42
ashishjainodyssey4me: All this is fine. Let me tell you my problem10:43
odyssey4meashishjain so all you need to do is set 'keystone_wsgi_threads: 1' and 'keystone_wsgi_processes' to an appropriate value in your user_variables.yml10:44
ashishjainodyssey4me: user_yariables.yml  in /etc/openstack_deploy?10:45
odyssey4meashishjain yes, all overrides of defaults should be done in user_variables10:45
ashishjainodyssey4me:I donot have any section for keystone in my user_variables10:45
ashishjainodyssey4me: great thanks for this.10:45
ashishjainI will try this out10:45
odyssey4meashishjain you don't need any section - user_variables.yml can contain any value that you find in a role/defaults/main.yml file10:46
ashishjainodyssey4me: I hope I only have to run setup-infra...yml?10:46
odyssey4mefor changes in the keystone config for apache, just run setup-keystone.yml10:46
odyssey4meor was it os-keystone-install.yml... need more coffee :p10:47
openstackgerritMerged openstack/openstack-ansible-specs: Renamed os-ansible-deployment to OpenStackAnsible  https://review.openstack.org/22378510:47
ashishjain:) ... thanks10:48
ashishjainodyssey4me: One question - osad itself is completely automated. Is it possible to invoke this complete process using ansible python api?10:59
ashishjainodyssey4me: This would probably include all the manual operations which a user has to for example user_config, openstack-anisble setup-hosts, install-haproxy,setup-infra,setup-openstac11:00
ashishjainis it possible to invoke all of these using ansible python api?11:01
*** Mudpuppy has joined #openstack-ansible11:02
odyssey4meashishjain the appropriate setup of the host networking, host repositories and the openstack_user_config, user_variables and user_secrets would need to be manually done by the deployer as they are all customisable based on choices made by the deployer in terms of the design of the environment11:02
odyssey4meI'm not sure what you feel could be automated?11:02
ashishjainodyssey4me: yes you are correct, only things whcih can probably be automated would be creation of these yaml files and thei invocation which definitely can be done using any programming language11:06
*** Mudpuppy has quit IRC11:06
ashishjainodyssey4me: The idea was to automate say environment provisioning and than osad installation together11:06
ashishjainby EP I mean baremetal or vm  provisioning on which osad will be installed11:07
ashishjainthis EP will also include setting up appropriate network interfaces, volumes for osad installation11:08
odyssey4meashishjain the compilation of the files could be done by a bare metal provisioning tool combined with some sort of library which understands the source tool - openstack-ansible is deliberately staying away from going into the bare metal provisioning space, but is considering making it easier to consume data from it in https://blueprints.launchpad.net/openstack-ansible/+spec/dynamic-inventory-lib11:08
*** arbrandes has quit IRC11:09
odyssey4meone of the OpenStack projects looking into this is Compass, another is OpenCrowbar11:09
openstackgerritMerged openstack/openstack-ansible: Temporarily pins to unblock gating  https://review.openstack.org/22515611:10
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Change the network from management to container  https://review.openstack.org/22558811:10
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Fix for keystone LDAP pkg missing  https://review.openstack.org/22546911:10
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Adds group support to inventory-manage.py  https://review.openstack.org/22497711:11
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add SSL/TLS listener to RabbitMQ  https://review.openstack.org/22371711:11
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update cached LXC image in place  https://review.openstack.org/22430411:11
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Changed the Diffie Hellman parameter maximum size  https://review.openstack.org/22476011:11
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Implementation of keepalived for haproxy  https://review.openstack.org/21881811:11
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: adds the config_template to nova  https://review.openstack.org/22332911:12
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: adds the config_template to galera_client  https://review.openstack.org/22334911:12
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: adds the config_template to tempest  https://review.openstack.org/22334211:13
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: adds the config_template to neutron  https://review.openstack.org/22331411:13
ashishjainodyssey4me: thanks for these pointers11:13
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Adds the config_template to heat  https://review.openstack.org/22329911:13
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Adds the config_template to cinder  https://review.openstack.org/22320911:13
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Support base64 padding in federated tokens  https://review.openstack.org/22388811:13
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: adds the config_template to pip_lock_down  https://review.openstack.org/22335011:14
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Adds the config_template to keystone  https://review.openstack.org/22330711:14
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Adds the config_template to glance  https://review.openstack.org/22328811:15
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: adds the config_template to galera_server  https://review.openstack.org/22334811:15
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Adjust default Keystone httpd processes and threads  https://review.openstack.org/22514511:16
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Adjust default Keystone httpd processes and threads  https://review.openstack.org/22514511:16
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add auth version for legacy OpenStack clients  https://review.openstack.org/22329611:17
*** javeriak has joined #openstack-ansible11:17
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add neutron_migrations_facts module  https://review.openstack.org/21975911:18
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Change recon_lock_path to /var/lock  https://review.openstack.org/22406011:18
matttdo i need to do any manual steps upgrading from 11.0 -> 11.2 wrt keystone ?11:27
odyssey4memattt not to my knowledge, although you should probably set the keystone_wsgi_threads to 1 as per https://review.openstack.org/22514511:28
*** markvoelker has joined #openstack-ansible11:29
odyssey4memattt the only thing I can think of that may affect things would be the service catalogue change where 11.0.0-11.0.4 were using keystone v2 for the admin endpoint, and 11.1.0 is using keystone v311:29
odyssey4mebut an existing environment shouldn't be affected as the endpoints will already be there11:30
odyssey4meit'd be good to know though11:30
matttodyssey4me: yeah this is what i'm hitting i believe11:32
*** javeriak has quit IRC11:32
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Install nfs-common with nova-compute  https://review.openstack.org/22360411:32
matttodyssey4me: the odd thing is that my openrc is still getting created w/ OS_IDENTITY_API_VERSION=211:32
matttah, user_group_vars.yml :(11:33
*** markvoelker has quit IRC11:33
odyssey4memattt yep, https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/openstack_openrc/templates/openrc#L2311:34
odyssey4mehmm, oh yes - if you have user_group_vars in /etc/openstack_deploy/ then remove it11:34
odyssey4meI forgot about that11:34
odyssey4mewe should probably add a section into the docs for these things11:35
matttyeah!11:37
matttthat was kinda confusing :P11:37
matttbut all sorted, my cluster is back up11:37
tiagogomesI discovered why the linuxbridge agent was not running: http://paste.openstack.org/show/472652/ . This is in the compute host so eth12 doesn't11:53
tiagogomesHow can I prevent that? On the other hand, shouldn't the linuxbridge agent run in a container on the compute host?11:53
odyssey4metiagogomes the agent needs to set networks up for nova to use, so no - both the nova and the neutron agents run on the host for compute hosts11:54
mhaydenhappy monday11:55
tiagogomesah ok, but how do I avoid having a flat: eth12 mapping for the compute hosts?11:55
odyssey4metiagogomes it seems odd to me that the flat network is needed on the compute - you may have an ordering issue in your list of interfaces11:55
odyssey4meas I recall the order is important11:56
tiagogomes`physical_interface_mappings = {{ neutron_provider_networks.network_mappings }}`, does this mean that it is not possible to have different mappings for infrastructure and compute hosts?12:00
odyssey4meo/ mhayden nice work on the local image updates - almost there :)12:00
mhaydenodyssey4me: ah, the gate checks kept killing me all wekeend12:01
odyssey4metiagogomes unfortunately I'm dumb when it comes to getting the networking right :/12:01
tiagogomesodyssey4me no worries :)12:02
mhaydeni may send an email about the security hardening spec to the ML12:02
odyssey4metiagogomes I'm not sure if mattt or andymccr are still around. They know better than me.12:02
odyssey4metiagogomes it would seem that something in the openstack_user_config might be mapped incorrectly, or there's an ordering issue12:03
odyssey4memhayden do it :)12:03
mhaydenodyssey4me: i like your ideas about moving some more of those multi-container adjustments into the main image12:08
mhaydenerr cached image12:08
mattttiagogomes: is this of use at all ?  https://bugs.launchpad.net/openstack-ansible/+bug/139943212:09
openstackLaunchpad bug 1399432 in openstack-ansible trunk "Flat network type seems broken on un-containerized compute nodes" [Low,Fix released] - Assigned to Matt Kassawara (ionosphere80)12:09
mattttiagogomes: i'm hopeless at networking, but i remember reading that one in the past12:09
odyssey4memhayden yeah, the more the merrier in my view - anything that can be expected to be static12:09
mhaydenmattt: but you're so good with networking in person12:09
mhaydenodyssey4me: gotcha12:09
mhaydeni'll take a look now12:09
mgariepygood morning12:09
odyssey4meI can do a follow-on which will use an entirely different image (which is more up to date and standard) which will take some of the magic out of the image itself, then also have an option for a deployer to use their own image, or the upstream one which we will set as a default. That, I think, will be far better. :)12:10
*** markvoelker has joined #openstack-ansible12:11
mhaydenodyssey4me: totally agree12:12
evrardjpodyssey4me: FYI, setting keystone_public_endpoint broke my horizon12:21
matttmhayden: LIES12:23
*** mgariepy has left #openstack-ansible12:24
*** mgariepy has joined #openstack-ansible12:24
evrardjp(only because of my haproxy config, that I'll fix and probably send a commit)12:28
evrardjpgood morning mgariepy12:29
*** woodard has joined #openstack-ansible12:29
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Update cached LXC image in place  https://review.openstack.org/22430412:38
* mhayden winks at odyssey4me12:38
*** woodard has quit IRC12:39
mhaydenodyssey4me: holy crap -- gate checks succeeded for the update-in-place stuff in 59m12:40
*** woodard has joined #openstack-ansible12:40
mhaydenwow, upstream lint checking is stringent ;)12:42
*** tiagogomes has quit IRC12:52
gparaskevascant wait to chery-pick that -> https://review.openstack.org/22430412:53
gparaskevas:P12:53
*** tiagogomes has joined #openstack-ansible12:53
*** woodard has quit IRC12:53
*** woodard has joined #openstack-ansible12:54
mhaydenmancdaz: https://twitter.com/majorhayden/status/64594382165038694412:55
evrardjp:)12:55
mancdazmhayden lols12:55
mancdazmhayden I was going to quickly fix that up for you this morning, but locally flake8 was passing for me, so I immediately gave up and went to look at something else12:56
mhaydenmancdaz: it requires an additional pkg12:56
mhaydenpip install flake8-pep25712:56
mhaydenjust figured that out12:57
mancdazoh my12:57
mhaydenwell hell, i fixed PEP 0257 errors but now i broke some other PEP12:57
mhayden:|12:57
*** woodard has quit IRC13:02
*** woodard has joined #openstack-ansible13:03
*** woodard has quit IRC13:03
*** woodard has joined #openstack-ansible13:04
mancdazmhayden http://i1.wp.com/openstackreactions.enovance.com/wp-content/uploads/2013/08/tumblr_mo6cbbPhuN1sp6r04o1_4001.gif13:05
mhaydenWe cannot complete this request, remote data could not be fetched13:06
mancdazthe internet has failed13:07
*** fawadkhaliq has quit IRC13:10
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Adds group support to inventory-manage.py  https://review.openstack.org/22497713:12
mhaydenmancdaz: ^^ crossing fingers13:13
*** mfisch has quit IRC13:18
*** Mudpuppy has joined #openstack-ansible13:18
*** pradk has joined #openstack-ansible13:19
*** mfisch has joined #openstack-ansible13:19
*** fawadkhaliq has joined #openstack-ansible13:19
*** mfisch is now known as Guest6124313:19
*** javeriak has joined #openstack-ansible13:21
*** Mudpuppy has quit IRC13:23
*** arbrandes has joined #openstack-ansible13:29
*** tlian has joined #openstack-ansible13:36
*** javeriak_ has joined #openstack-ansible13:42
*** javeriak has quit IRC13:44
evrardjpfirst "in-place" upgrade of the openstack cloud in front of client: check13:44
evrardjpexpected result: working13:44
evrardjpactual result: fail13:44
evrardjpwoops :)13:44
evrardjp30 minutes later: fixed13:44
evrardjpnot really a success story, but still a good story13:45
evrardjpso, thank everyone for this good product13:45
matttevrardjp: what did you upgrade from to ?13:46
evrardjpkilo to kilo13:46
evrardjpnot really a large upgrade13:46
evrardjpjust re-running all the playbooks13:47
matttwhat failed?13:47
evrardjpDuring os-cinder-install playbook, it checks on cinder-volumes if cinder api is publicly available, which failed on my side, because I tried to improve my haproxy13:48
evrardjpentirely my fault13:48
evrardjpbut doing upgrades on such large systems and expect it to be working is already a success in itself13:50
evrardjp(IMHO)13:50
*** fawadkhaliq has quit IRC13:51
matttevrardjp: we will be spending a lot more time on this going forward, so expect to see the experience get better and better13:51
evrardjpother discussion: is someone interested by having a distribution system of the policy.json files from the components to horizon?13:51
evrardjpI need to have it, I don't know if it interests someone13:52
evrardjpif it has some interest for other ppl*13:52
*** arbrandes has quit IRC13:52
*** woodard has quit IRC13:55
*** sdake has joined #openstack-ansible13:56
*** galstrom_zzz is now known as galstrom13:57
*** woodard has joined #openstack-ansible13:58
*** arbrandes has joined #openstack-ansible14:00
*** KLevenstein has joined #openstack-ansible14:01
*** javeriak_ has quit IRC14:01
*** galstrom is now known as galstrom_zzz14:02
*** willemgf has quit IRC14:03
*** kerwin_bai has joined #openstack-ansible14:04
*** spotz_zzz is now known as spotz14:04
*** jlvillal has joined #openstack-ansible14:05
*** javeriak has joined #openstack-ansible14:05
*** galstrom_zzz is now known as galstrom14:07
*** Mudpuppy has joined #openstack-ansible14:08
*** elo has joined #openstack-ansible14:11
*** javeriak_ has joined #openstack-ansible14:11
odyssey4meevrardjp svg did you see http://lists.openstack.org/pipermail/openstack-operators/2015-September/008169.html ?14:12
odyssey4meand http://lists.openstack.org/pipermail/openstack-operators/2015-September/008136.html14:12
*** javeriak has quit IRC14:13
evrardjpyeah I saw that in my digest, still don't know how/when to repl14:13
evrardjpI missed the etherpad though, so thanks14:15
*** javeriak_ has quit IRC14:20
*** jwagner_away is now known as jwagner14:24
bgmccollumtiagogomes: check in your openstack_user_config.yml for the flat network definition - you probably have a "host_bind_override" set to eth12. this means uncontainerized services will expect and use eth12 on the host.14:29
bgmccollumtiagogomes: you can do something similar in your network config for br-vlan to ensure an eth12 interface is available - https://github.com/openstack/openstack-ansible/blob/master/etc/network/interfaces.d/aio_interfaces.cfg#L53-L5914:30
tiagogomesbgmccollum ah thanks, so what should I do remove the host_bind_override or add the veth pair ?14:32
bgmccollumtiagogomes: if you dont need flat network types, remove that network type from openstack_user_config.yml -- otherwise, bring up a veth pair for the flat network to use14:34
mhaydencloudnull / odyssey4me: if y'all get a moment to make sure i didn't miss anything here, i'd be much obliged -> https://review.openstack.org/#/c/224304/14:35
*** galstrom is now known as galstrom_zzz14:36
odyssey4memhayden I was wondering why you opted to use the sed approach instead of a template for sshd_config? cc cloudnull14:38
tiagogomesthanks bgmccollum, I am not very familiar using Neutron with Linux bridge, but I think I need the flat network to connect the VMs to the external network14:39
odyssey4meit keeps the current convention, so I'm fine with it - I'm just wondering whether we shouldn't just wholesale replace it with something templated - perhaps that's better done as a follow-up patch14:39
odyssey4metiagogomes typically a flat network is used for something like the public network, which only needs to be present on the neutron-agent container as that's the only place whether floating ip's are added14:40
odyssey4mebut it largely depends on your environment, of course14:40
openstackgerritMerged openstack/openstack-ansible: Adds the config_template to heat  https://review.openstack.org/22329914:46
*** woodard has quit IRC14:49
*** woodard has joined #openstack-ansible14:49
cloudnullmorning14:50
mhaydenodyssey4me: a template would work but i was hoping to make the least number of changes possible in case users wanted to tinker with sshd configs and/or sshd configs change upstream14:52
mhaydenthat's why i went with lineinfile14:53
mhaydenpalendae: good call on tags14:53
odyssey4memhayden yeah, I think it's fine as-is :) other improvements can follow on if need be - but yeah, tags could be useful14:53
ashishjaincloudnull: good morning14:54
ashishjaincloudnull: I am still doing installation :)14:55
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Update cached LXC image in place  https://review.openstack.org/22430414:55
openstackgerritMerged openstack/openstack-ansible: adds the config_template to galera_server  https://review.openstack.org/22334814:56
openstackgerritMerged openstack/openstack-ansible: adds the config_template to pip_lock_down  https://review.openstack.org/22335014:56
openstackgerritMerged openstack/openstack-ansible: Adds the config_template to glance  https://review.openstack.org/22328814:56
openstackgerritMerged openstack/openstack-ansible: Adds the config_template to keystone  https://review.openstack.org/22330714:56
openstackgerritMerged openstack/openstack-ansible: Install nfs-common with nova-compute  https://review.openstack.org/22360414:56
openstackgerritMerged openstack/openstack-ansible: Add auth version for legacy OpenStack clients  https://review.openstack.org/22329614:56
odyssey4mecloudnull woohoo! ^^14:57
openstackgerritMerged openstack/openstack-ansible: Change the network from management to container  https://review.openstack.org/22558814:57
cloudnullhahaha its a thing of beauty :)14:58
cloudnullashishjain:  did you get past the infra bits ?14:58
*** daneyon has joined #openstack-ansible14:58
ashishjaincloudnull: na na ... my ssh stopeed working because of insufficient RAM14:59
ashishjainjust increasing the RAM and about to restart infra14:59
cloudnullah.14:59
ashishjainsorry install-openstack14:59
ashishjainya I passed infra14:59
ashishjainhaproxy etc, this probably is the last leg14:59
ashishjainwohooo :)15:00
cloudnullyipie !15:00
*** phalmos has joined #openstack-ansible15:01
*** devlaps has joined #openstack-ansible15:02
*** KLevenstein has quit IRC15:03
*** elo has quit IRC15:05
*** gparaskevas has quit IRC15:05
*** cloudtrainme has joined #openstack-ansible15:06
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Removes over zealous net cache flushing  https://review.openstack.org/22536715:07
*** KLevenstein has joined #openstack-ansible15:09
*** woodard has quit IRC15:15
*** devlaps has quit IRC15:19
tiagogomesok I can now launch a VM \o/ But I can't ping the outside world. I noticed that the router namespace is in only the neutron agent containers. Shoudn't it be in everyone?15:23
mattttiagogomes: i believe only in neutron agents container15:24
tiagogomesyes, I meant every agent container. Right now it is in only one15:25
*** pradk has quit IRC15:27
*** devlaps has joined #openstack-ansible15:28
*** pradk has joined #openstack-ansible15:29
*** woodard has joined #openstack-ansible15:29
*** daneyon has left #openstack-ansible15:30
openstackgerritMajor Hayden proposed openstack/openstack-ansible-specs: Adding security hardening spec  https://review.openstack.org/22261915:32
*** woodard has quit IRC15:33
*** tlian has quit IRC15:34
openstackgerritMerged openstack/openstack-ansible: adds the config_template to tempest  https://review.openstack.org/22334215:37
*** tlian has joined #openstack-ansible15:38
*** woodard has joined #openstack-ansible15:59
*** alejandrito has joined #openstack-ansible16:03
*** alop has joined #openstack-ansible16:03
prometheanfiremattt: you still want that image?16:08
prometheanfireI don't have time to sign it yet, but I can get you the unsigned one16:08
*** phalmos has quit IRC16:10
openstackgerritMerged openstack/openstack-ansible: Change recon_lock_path to /var/lock  https://review.openstack.org/22406016:13
*** phalmos has joined #openstack-ansible16:14
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add auth version for legacy OpenStack clients  https://review.openstack.org/22369216:14
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Support base64 padding in federated tokens  https://review.openstack.org/22388816:15
*** javeriak has joined #openstack-ansible16:18
*** shausy has quit IRC16:18
*** e-vad has left #openstack-ansible16:19
*** javeriak has quit IRC16:19
odyssey4metiagogomes the router namespace shouldn't be on every neutron agents container afaik as neutron can only schedule routers to one agent at a time16:20
*** javeriak has joined #openstack-ansible16:23
*** tlian has quit IRC16:31
*** tlian has joined #openstack-ansible16:43
*** javeriak has quit IRC16:45
*** metral is now known as metral_zzz16:50
*** kerwin_bai has quit IRC16:52
*** javeriak has joined #openstack-ansible16:54
*** abitha has joined #openstack-ansible17:04
*** javeriak has quit IRC17:08
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Adjust default Keystone httpd processes and threads  https://review.openstack.org/22514517:10
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: adds the config_template to galera_client  https://review.openstack.org/22334917:10
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Adds the config_template to cinder  https://review.openstack.org/22320917:10
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update cached LXC image in place  https://review.openstack.org/22430417:10
*** metral_zzz is now known as metral17:11
*** devlaps has quit IRC17:12
*** javeriak has joined #openstack-ansible17:13
*** elo has joined #openstack-ansible17:15
*** Bjoern_ has joined #openstack-ansible17:35
*** subscope has joined #openstack-ansible17:37
*** harlowja has joined #openstack-ansible17:46
*** gparaskevas has joined #openstack-ansible17:58
*** jhesketh has joined #openstack-ansible18:01
openstackgerritChristopher H. Laco proposed openstack/openstack-ansible: Change recon_lock_path to /var/lock  https://review.openstack.org/22596518:04
*** fawadkhaliq has joined #openstack-ansible18:11
*** javeriak has quit IRC18:13
*** ashishjain has quit IRC18:15
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Enable basic ansible fact caching for 24h.  https://review.openstack.org/22596718:15
*** fawadkhaliq has quit IRC18:15
*** javeriak has joined #openstack-ansible18:22
*** fawadkhaliq has joined #openstack-ansible18:25
openstackgerritMerged openstack/openstack-ansible: adds the config_template to neutron  https://review.openstack.org/22331418:29
openstackgerritMerged openstack/openstack-ansible: adds the config_template to nova  https://review.openstack.org/22332918:30
*** galstrom_zzz is now known as galstrom18:32
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: This caching will store all ansible facts inside the redis database and can easily be retrieved via the redis-cli using get ansible_facts+<hostname> or listing all keys via "keys ansible*" The behavior can be turned off by removing the parameter fact_cach  https://review.openstack.org/22596718:35
*** fawadkhaliq has quit IRC18:41
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: This caching will store all ansible facts inside the redis database.  https://review.openstack.org/22596718:42
openstackgerritKevin Carter proposed openstack/openstack-ansible: [WIP] Run Cinder from a venv  https://review.openstack.org/22546318:42
openstackgerritChristopher H. Laco proposed openstack/openstack-ansible: Change recon_lock_path to /var/lock  https://review.openstack.org/22598118:45
openstackgerritKevin Carter proposed openstack/openstack-ansible: Update master for past liberty-3 for testing  https://review.openstack.org/22545918:45
openstackgerritKevin Carter proposed openstack/openstack-ansible: Update master for past liberty-3 for testing  https://review.openstack.org/22545918:46
openstackgerritKevin Carter proposed openstack/openstack-ansible: [WIP] Run Cinder from a venv  https://review.openstack.org/22546318:46
*** javeriak has quit IRC18:57
*** gparaskevas has quit IRC18:57
*** KLevenstein has quit IRC19:35
*** KLevenstein has joined #openstack-ansible19:45
*** KLevenstein has quit IRC19:59
openstackgerritKevin Carter proposed openstack/openstack-ansible: Break apart and document the upgrade process  https://review.openstack.org/22413720:01
*** KLevenstein has joined #openstack-ansible20:05
mhaydenhaha, jenkins has to be getting tired of checking that LXC update in place commit :P20:06
palendaemhayden: Jenkins is like Alfred Pennyworth - always there to help, no matter how much crap you give it20:07
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Fact caching will store all ansible facts inside the redis database once enabled.  https://review.openstack.org/22596720:19
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Fact caching will store all ansible facts inside the redis database once enabled.  https://review.openstack.org/22596720:28
*** elo has quit IRC20:32
prometheanfirecloudnull: you're welcome20:36
*** elo has joined #openstack-ansible20:38
*** markvoelker has quit IRC20:41
*** jwagner is now known as jwagner_lunch20:48
*** elo has quit IRC20:48
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Implement Neutron LBAAS using haproxy  https://review.openstack.org/22036520:49
*** Mudpuppy has quit IRC20:52
*** pradk has quit IRC20:55
*** woodard has quit IRC20:58
*** jwagner_lunch is now known as jwagner21:19
*** markvoelker has joined #openstack-ansible21:20
openstackgerritMerged openstack/openstack-ansible: Adds group support to inventory-manage.py  https://review.openstack.org/22497721:42
*** prometheanfire has quit IRC21:43
openstackgerritKevin Carter proposed openstack/openstack-ansible: Break apart and document the upgrade process  https://review.openstack.org/22413721:44
mhaydenyay inventory-manage.py ;)21:44
*** tlian2 has joined #openstack-ansible21:48
openstackgerritMerged openstack/openstack-ansible: Adds the config_template to cinder  https://review.openstack.org/22320921:50
openstackgerritMerged openstack/openstack-ansible: Change recon_lock_path to /var/lock  https://review.openstack.org/22596521:50
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Implement Neutron LBAAS using haproxy  https://review.openstack.org/22036521:50
*** KLevenstein has quit IRC21:50
*** tlian has quit IRC21:51
*** elo has joined #openstack-ansible21:54
openstackgerritMerged openstack/openstack-ansible: Support base64 padding in federated tokens  https://review.openstack.org/22388821:58
openstackgerritMerged openstack/openstack-ansible: Changed the Diffie Hellman parameter maximum size  https://review.openstack.org/22476022:03
*** alejandrito has quit IRC22:05
openstackgerritMerged openstack/openstack-ansible: Add auth version for legacy OpenStack clients  https://review.openstack.org/22369222:09
*** elo has quit IRC22:20
*** elo has joined #openstack-ansible22:20
openstackgerritKevin Carter proposed openstack/openstack-ansible: Break apart and document the upgrade process  https://review.openstack.org/22413722:26
*** spotz is now known as spotz_zzz22:32
openstackgerritMerged openstack/openstack-ansible: adds the config_template to galera_client  https://review.openstack.org/22334922:39
*** galstrom is now known as galstrom_zzz22:46
*** markvoelker has quit IRC22:48
*** cloudtrainme has quit IRC23:06
*** elo has quit IRC23:23
*** brice_ has joined #openstack-ansible23:42
*** phalmos has quit IRC23:53
*** markvoelker has joined #openstack-ansible23:56
*** abitha has quit IRC23:57
« Sunday, 2015-09-20 Index Tuesday, 2015-09-22 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!