Thursday, 2015-09-24

« Wednesday, 2015-09-23 Index Friday, 2015-09-25 »
*** kerwin_bai has quit IRC00:07
*** BjoernT has quit IRC00:11
*** abitha has quit IRC00:25
*** skamithi14 has joined #openstack-ansible00:31
*** antonym has quit IRC00:34
*** coolj has quit IRC00:34
*** skamithi13 has quit IRC00:34
*** coolj has joined #openstack-ansible00:34
*** antonym has joined #openstack-ansible01:01
*** sdake has joined #openstack-ansible01:03
*** kerwin_bai has joined #openstack-ansible01:08
*** kerwin_bai has quit IRC01:26
*** skamithi14 has quit IRC01:33
*** skamithi13 has joined #openstack-ansible01:33
*** k_stev has joined #openstack-ansible02:01
*** sdake has quit IRC02:06
*** k_stev has quit IRC02:18
*** skamithi13 has quit IRC02:59
*** fawadkhaliq has joined #openstack-ansible03:41
openstackgerritJimmy McCrory proposed openstack/openstack-ansible: Allow protocol to be set per endpoint-type  https://review.openstack.org/22662103:45
*** tlian has quit IRC04:13
*** mcarden has quit IRC04:15
*** elo has joined #openstack-ansible04:16
*** mc has joined #openstack-ansible04:17
*** mc is now known as mcarden04:17
*** sdake has joined #openstack-ansible04:54
*** fawadkhaliq has quit IRC05:10
*** finchd has quit IRC05:24
*** finchd has joined #openstack-ansible05:28
*** sdake has quit IRC05:40
*** kukacz has joined #openstack-ansible05:46
*** elo has quit IRC05:50
*** elo has joined #openstack-ansible06:14
*** elo has quit IRC06:25
*** markvoelker has quit IRC06:27
*** daneyon has quit IRC07:00
*** daneyon has joined #openstack-ansible07:01
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update the AIO build convenience script  https://review.openstack.org/22283107:09
*** neilus has joined #openstack-ansible07:10
*** elo has joined #openstack-ansible07:13
*** neilus has quit IRC07:13
*** neilus has joined #openstack-ansible07:14
*** gparaskevas has joined #openstack-ansible07:20
*** markvoelker has joined #openstack-ansible07:28
*** markvoelker has quit IRC07:33
*** elo has quit IRC07:40
*** elo has joined #openstack-ansible07:40
*** elo has quit IRC07:59
*** elo has joined #openstack-ansible07:59
openstackgerritMatt Thompson proposed openstack/openstack-ansible: Create utility log dir and link when on metal  https://review.openstack.org/22716908:11
openstackgerritMatt Thompson proposed openstack/openstack-ansible: Create utility log dir and link when on metal  https://review.openstack.org/22716908:12
openstackgerritMatt Thompson proposed openstack/openstack-ansible: Create utility log dir and link when on metal  https://review.openstack.org/22716908:13
*** elo has quit IRC08:14
*** kerwin_bai has joined #openstack-ansible08:15
*** shoutm has joined #openstack-ansible08:41
*** javeriak has joined #openstack-ansible08:56
*** javeriak has quit IRC09:00
*** daneyon has quit IRC09:06
*** daneyon has joined #openstack-ansible09:07
openstackgerritMerged openstack/openstack-ansible: Update the AIO build convenience script  https://review.openstack.org/22283109:17
*** markvoelker has joined #openstack-ansible09:29
*** markvoelker has quit IRC09:34
fxpesterhi all, is there any `low resource` version of openstack-ansible ? for like 4Gb RAM09:45
odyssey4memhayden that happens every time in hpcloud-b4 :(09:46
odyssey4mefxpester right now we have a 8gb tested setup, 4gb would require not deploying more things and perhaps changing up a few things09:47
fxpesterodyssey4me: how can I find it ? can you share link09:48
odyssey4mefxpester https://github.com/openstack/openstack-ansible/blob/master/development-stack.rst is the tested 8gb setup09:49
fxpesterodyssey4me: thank you, looks very solid and Diagram is just epic!09:53
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Cinder to Liberty RC1  https://review.openstack.org/22720510:12
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Cinder debugging  https://review.openstack.org/21504010:16
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Cinder debugging  https://review.openstack.org/21504010:19
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Gate debugging  https://review.openstack.org/21504010:29
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Gate debugging 2  https://review.openstack.org/21504010:31
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Cinder debugging  https://review.openstack.org/21504010:39
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add policy changes required for OSSA-2015-018 / CVE-2015-5240  https://review.openstack.org/22687210:51
*** skamithi13 has joined #openstack-ansible10:52
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Cinder debugging  https://review.openstack.org/21504010:53
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add policy changes required for OSSA-2015-018 / CVE-2015-5240  https://review.openstack.org/22687410:54
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add policy changes required for OSSA-2015-018 / CVE-2015-5240  https://review.openstack.org/22687410:55
*** kerwin_bai has quit IRC10:55
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add policy changes required for OSSA-2015-018 / CVE-2015-5240  https://review.openstack.org/22687210:56
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Cinder debugging 2  https://review.openstack.org/21504010:56
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Cinder debugging 3  https://review.openstack.org/21504010:58
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Gate debugging 4  https://review.openstack.org/21504010:59
matttsorry for spam :(10:59
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Gate debugging 5  https://review.openstack.org/21504010:59
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Gate debugging 6  https://review.openstack.org/21504011:01
*** kerwin_bai has joined #openstack-ansible11:07
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Gate debugging  https://review.openstack.org/21504011:07
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Gate debugging 2  https://review.openstack.org/21504011:15
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Gate debugging 3  https://review.openstack.org/21504011:21
odyssey4memattt would you mind switching the subject to something like '[WIP] hpcloud-b4 debugging' ? ;)11:24
odyssey4meit'll help cloudnull and mhayden know that you're on it :)11:25
matttyep sure11:25
odyssey4methanks :)11:25
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] hpcloud-b4 debugging  https://review.openstack.org/21504011:25
matttnot having much luck getting a b4 :P11:27
odyssey4meunfortunately it's the luck of the draw\11:28
odyssey4meif clarkb, fungi or jhesketh come online then perhaps they can pull a string to direct a build to a target zone :/11:29
*** markvoelker has joined #openstack-ansible11:30
odyssey4meotherwise for now the only real option is to keep trying :/11:30
*** markvoelker has quit IRC11:34
*** skamithi14 has joined #openstack-ansible11:51
*** skamithi13 has quit IRC11:54
*** kerwin_bai has quit IRC12:01
fxpesterguys, is ansible is official deployment solution for HP Helion ? may be any other openstack distros ?12:09
tiagogomesI am trying to extend OSAD creating a parallel directory as I explained here http://docs.openstack.org/developer/openstack-ansible/developer-docs/extending.html . I'd like to use the vars in playbooks/roles/os_nova/defaults/main.yml . What's the best way of doing that?12:16
tiagogomesUsing  include_vars perhaps?12:17
*** woodard has joined #openstack-ansible12:19
mattttiagogomes: that would work, but i'm not sure it's the most ansible way of doing it12:26
tiagogomesyes, that's what I thought. I am new to Ansible :)12:28
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Gate debugging  https://review.openstack.org/21504012:28
*** markvoelker has joined #openstack-ansible12:31
mattttiagogomes: ;)12:33
*** kerwin_bai has joined #openstack-ansible12:35
gparaskevasHello everyone12:35
mhaydenmattt: if you get that figured out, you get hugs from me12:36
gparaskevasanyone have any clue on that? -> http://paste.openstack.org/show/473859/12:36
matttmhayden: i think we got it12:36
gparaskevasaio installation, kilo12:36
gparaskevaswhen i replay setup-openstack.yml i get this...12:36
mhaydenmattt: then add a hug to my tally for the next time i'm in the UK12:36
matttmhayden: https://review.openstack.org/#/c/215040/19/scripts/gate-check-commit.sh12:36
matttmhayden: testing it now, but getting a b4 is proving to be difficult12:37
mhaydenmattt: hey i heard that icanhazip.com site is just for malware :P12:37
matttlolz12:37
matttgparaskevas: what locale is your system using ?12:38
gparaskevaslet me see i think greek though12:45
mhaydenmattt: ah, you think the default AIO network blocks were clashing with something HP was using?12:46
matttmhayden: it looks like b4 specifically uses that range12:47
matttmhayden: b1 uses 10.0.0.0/24, b2, 10.0.1.0/24, etc.12:47
mattt(i think)12:47
*** mgariepy has joined #openstack-ansible12:48
*** skamithi14 has quit IRC12:51
*** skamithi13 has joined #openstack-ansible12:52
rromansthis command in the deathmetal migration section: mysql cinder -e 'select host from volumes where deleted = 0;12:53
rromansshould that not have "cinder" in it?12:53
rromanssorry, wrong window...12:54
cloudnullFxpester there are quite a few deployers using it. As for distros Rackspace Private cloud is using it, if you'd lump rax in the distro category. I'm not sure what's powering hphelion these days.12:59
cloudnullMorning all ;-)13:00
cloudnullMuch debugging, such [WIP], wow!13:01
cloudnullMattt  if we think that there are IP clashes with HP cloud we can change the net address and dhcp range for the lxc hosts by setting a couple of vars13:04
cloudnullhttps://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_hosts/defaults/main.yml13:04
matttcloudnull: https://review.openstack.org/#/c/215040/19/scripts/gate-check-commit.sh13:04
matttcloudnull: morning btw :)13:05
cloudnullWell aren't you just an over achiever =)13:05
cloudnullHow's it BTW?13:05
* cloudnull goes back to his osic whole. 13:06
*** kerwin_bai has quit IRC13:10
openstackgerritgit-harry proposed openstack/openstack-ansible: Use Cinder-specific lvm.conf with LVM backend  https://review.openstack.org/22727713:11
cloudnullWow auto correct hates me. s/whole/hole/13:12
*** shoutm has quit IRC13:13
*** alejandrito has joined #openstack-ansible13:14
matttcloudnull: ;)13:14
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Keystone to Liberty RC1  https://review.openstack.org/22691713:17
*** pradk has quit IRC13:17
*** tlian has joined #openstack-ansible13:36
*** pradk has joined #openstack-ansible13:37
pellaeonHello, my ./neutron-ha-tool.py --l3-agent-check always fail with:13:42
pellaeonERROR    {"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}13:42
pellaeonwhich seems to be caused by using keystone v3 API as v213:43
pellaeonin openrc OS_AUTH_URL=http://172.29.236.19:5000/v313:44
pellaeonuse neutron-ha-tool.py with -d shows that it make requests to http://172.29.236.19:5000/v3/tokens13:45
pellaeonI just upgraded from older kilo branch to the latest kilo branch13:47
pellaeonbefore that I removed my dedicated network host and use infra1-3 instead13:48
gparaskevasmattt: it was the LC_ALL wasnt defined at all13:48
gparaskevasmattt: I addes the same value as the rest of the LC variables and its ok now13:48
*** KLevenstein has joined #openstack-ansible13:49
pellaeonneutron-ha-tool.py fails after I move network hosts to infra1~3, I think, though I didn't discover that at that time13:49
*** jwagner_away is now known as jwagner13:49
svggit-harry: ping13:50
matttgparaskevas: nice!13:50
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Do not use default LXC network in gate  https://review.openstack.org/21504013:50
git-harrysvg: pong13:53
tiagogomesOSAD installs some stuff for logging right? How can I view the logs? Is there a webinterface?13:56
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Do not use default LXC network in gate  https://review.openstack.org/21504013:57
svggit-harry: looking at your proposed fix in https://review.openstack.org/#/c/227277/13:59
svgisn't the one from roles/openstack_hosts/templates/lvm.conf.j2 going to overwrite lvm.conf on the metal hosts also?14:00
svg(I'm probably confused how this works, but making sure)14:00
*** spotz_zzz is now known as spotz14:00
*** cloudtrainme has joined #openstack-ansible14:01
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Keystone to Liberty RC1  https://review.openstack.org/22691714:02
git-harrysvg: the idea was that by setting the using an lvm.conf file in /etc/cinder it doesn't matter what other roles modify the lvm.conf file in /etc/lvm14:04
mattttiagogomes: rpc-openstack installs logstash, kibana, elasticsearch, etc.14:05
mattttiagogomes: https://github.com/rcbops/rpc-openstack/tree/master/rpcd/playbooks/roles14:05
git-harrysvg: actually I may have done something stupid, I'll stick it in WIP while I double check everything14:07
tiagogomesah ok, so that stuff is not included with OSAD14:08
*** Mudpuppy has joined #openstack-ansible14:15
*** skamithi14 has joined #openstack-ansible14:15
*** shoutm has joined #openstack-ansible14:16
*** Mudpuppy has quit IRC14:16
*** Mudpuppy has joined #openstack-ansible14:17
svggit-harry: (was afk for a bit) thanks!14:17
*** skamithi13 has quit IRC14:18
cloudnulltiagogomes:  OSAD has log shipping. if you want to see all of the logs your logging host has rsyslog recieving logs from all services.14:20
tiagogomescloudnull yes I found it, thanks. Btw is there a file that containms all the logs for all services?14:21
cloudnullits a bind mount @ /openstack/<rsyslog_container_name>/log_store14:21
cloudnullthen its broken out into the various containers as directories to keep all of the logs seperate .14:22
cloudnullif your wanting to stream the logs live you can: tail -f /openstack/<rsyslog_container_name>/log_store/**/*.log14:22
tiagogomescloudnull ha, nice hack, thanks14:24
cloudnullalso worth noting that the log setup ships to multiple hosts, if you have multiple logging hosts that is. and can be used to ship directly to things like splunk or loggly, how to do that is covered here : https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/rsyslog_client/defaults/main.yml#L51-L6814:27
cloudnullthat is if you have those services, and or you dont want to run your own elk stack as provided by rpc-openstack14:27
*** fawadkhaliq has joined #openstack-ansible14:42
*** Bjoern_ has joined #openstack-ansible14:46
*** Bjoern_ is now known as BjoernT14:46
*** skamithi14 has quit IRC14:54
*** skamithi13 has joined #openstack-ansible14:55
openstackgerritJesse Pretorius proposed openstack/openstack-ansible-specs: Add spec for Gate Split  https://review.openstack.org/22100914:56
*** neilus has quit IRC14:59
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update the AIO build convenience script  https://review.openstack.org/22735415:01
*** shoutm has quit IRC15:05
*** skamithi14 has joined #openstack-ansible15:06
*** skamithi13 has quit IRC15:09
*** phalmos has joined #openstack-ansible15:10
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Cinder to Liberty RC1  https://review.openstack.org/22720515:18
*** kukacz has quit IRC15:23
matttodyssey4me: tried about 10x to get hpcloud-b4 to test https://review.openstack.org/#/c/215040/ but couldn't, i've let it run through to validate it hasn't broken anything in general15:26
matttodyssey4me: should i remove the WIP and we just merge it, and remove it if it doesn't solve the -b4 issues?15:26
odyssey4memattt our best chance to see is by merging it15:27
matttodyssey4me: alright15:27
openstackgerritMatt Thompson proposed openstack/openstack-ansible: Do not use default LXC network in gate  https://review.openstack.org/21504015:28
*** shoutm has joined #openstack-ansible15:28
odyssey4memattt well spotted for finding the most likely cause for the gate plague :)15:38
matttamazing how quick problems are to solve when you can actually log into the instance :P15:43
evrardjphello everyoe15:51
evrardjpeveryone*15:53
mancdazodyssey4me cloudnull so the 'not arp cache flush' patch is taking longer because whenever we are waiting for container ssh, it takes an age15:55
mancdazmanually issuing an arp -d for the particular container allows the run to continue15:56
openstackgerritMajor Hayden proposed openstack/openstack-ansible-specs: Spec: Security Hardening  https://review.openstack.org/22261915:56
*** elo has joined #openstack-ansible15:56
*** skamithi14 has quit IRC15:56
*** skamithi13 has joined #openstack-ansible15:57
evrardjpmancdaz: -d?15:57
mancdazodyssey4me cloudnull seems the mac address of the container interface is changing15:57
evrardjpoh that explains that15:57
mancdazevrardjp delete the entry15:58
evrardjpyeah I know ;)15:58
*** galstrom_zzz is now known as galstrom16:00
odyssey4memancdaz ah, so the container restart results in the new veth and thus a mac change16:01
mancdazodyssey4me right16:01
*** fawadkhaliq has quit IRC16:01
evrardjpodyssey4me: isn't it better to generate a mac-address for the containers?16:02
mancdazurgh I commented in the review but formatting fail16:02
*** fawadkhaliq has joined #openstack-ansible16:02
evrardjplxc config can set the mac address IIRC16:02
mancdazevrardjp something that doesn't change?16:02
evrardjpyeah like that16:02
evrardjpwhen the inventory is created, we could define a mac address for the containers (when is_metal is false)16:03
evrardjpeach container would have its mac address used in lxc config16:03
evrardjpand it wouldn't move16:03
*** phalmos has quit IRC16:04
ApsuDon't use arp -d, use ip n(eighbor), btw.16:04
mancdazApsu heh I was waiting for you to tell me that :)16:04
Apsuevrardjp: Statically defining MACs is hard, just like IPs you need a pool and have to keep track so you don't assign dupes.16:04
evrardjparp -d works on almost all unixes ;)16:04
evrardjpApsu: we already have an inventory16:05
mancdazaside from deprecation, any difference in behaviour?16:05
Apsuevrardjp: Yes, but it's old, unmaintained and uses old and incomplete kernel interfaces.16:05
ApsuLike the rest of net-tools16:05
*** fawadkhaliq has quit IRC16:05
evrardjpI don't think so mancdaz, it's jsut the future16:05
evrardjpApsu: true16:05
Apsumancdaz: I don't know of a specific deficiency with arp (whereas I know of a ton with ifconfig/netstat/route), but...16:06
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Cinder to Liberty RC1  https://review.openstack.org/22720516:06
ApsuOld and unmaintained, lots of open bugs. Same as all of net-tools :)16:06
mancdazApsu well arp lets me specify a container, ip neig del wants an ip address16:06
mancdazand I'm lazy16:06
Apsumancdaz: It doesn't let you specify a container, it lets you specify a hostname that it will attempt to resolve to an IP. Which won't work for what you want because we need to clear all IPs in all CIDRs the container was using :)16:07
mancdazyeah that's what I said16:07
Apsulol16:08
openstackgerritMajor Hayden proposed openstack/openstack-ansible-specs: Spec: Security Hardening  https://review.openstack.org/22261916:08
ApsuNote the "won't work" part ;P16:08
mancdazin my tiny use case vacuum, it works fine cuz each container only has a single entry in the arp table16:08
Apsulol16:08
ApsuYour managerial technical domain is showing16:08
mancdazApsu yw?16:08
Apsuhehe16:08
mancdazI've learnt that management is not about being smart, just surrounding yourself with smart people16:09
evrardjp :)16:09
odyssey4memancdaz surely we can implement a task to simply remove the arp entry for that ip?16:09
mancdazso if I fail, it's your fault16:09
*** alop has joined #openstack-ansible16:09
ApsuI think there's also a component of listening to those smart people. Not sure on that part.16:09
ApsuSeems to not be the case in practice16:09
evrardjpsomething interesting from the lxc doc on linuxcontainers.org16:09
mancdazApsu say that again? I didn't hear16:09
evrardjp"lxc.network.hwaddr"16:09
Apsuodyssey4me: Yep. That was my suggestion which cloudnull implemented I believe.16:09
mancdazthat does not work so well in irc16:10
evrardjpapsu: check that part about the conflicts ;)16:10
Apsuevrardjp: Yeah that's the static/dynamic MAC bit. We currently use a template.16:10
evrardjpwhat I meant is, with how the doc is written, it looks like the mac is generated when you don't give a value, but there isn't any check to see if the mac is already in use16:11
ApsuMeaning a MAC template, with the static parts set and the dynamic parts as xx:xx:xx16:11
*** KLevenstein has quit IRC16:11
ApsuI know the doc doesn't say it, but I haven't yet seen a conflict in thousands of containers being built. I suspect it checks the neighbor table.16:11
ApsuOr sends an ARP request16:11
*** KLevenstein has joined #openstack-ansible16:11
mancdazApsu what is the timeout on stale entries?16:12
odyssey4meah, it was only done on container destroy: https://review.openstack.org/#/c/225367/3/playbooks/lxc-containers-destroy.yml,cm16:12
Apsuodyssey4me: Yeah, that's the only place it's needed at all.16:12
ApsuNever on install/restart16:12
odyssey4mewhereas, if I understand it correctly, this should be done on container restart due to the mac change?16:13
*** phalmos has joined #openstack-ansible16:13
ApsuHrm. You're saying for a given container that doesn't have a config change, it doesn't cache the MAC it generated, and makes a new one each start?16:13
evrardjpIt's weird that this happens on restart16:13
ApsuI didn't think that was the case16:14
mancdazApsu that's what I'm seeing16:14
*** woodard has quit IRC16:14
Apsumancdaz: Interesting.16:14
ApsuSo, I had proposed an alternative mechanism for dealing with this automatically, in my bug report16:15
odyssey4meso it seems to me that we should be registering the result of the tasks that cause a container restart, then deleting the arp entry if those tasks have the 'changed' status16:15
ApsuWe can set arp_notify to 1 for container interfaces16:16
mancdazApsu https://gist.github.com/mancdaz/4f1e5c060731e384f48216:16
ApsuAnd cycle them so they send out gratuitous ARPs16:16
ApsuThen we don't need to do any ARP management on hosts at all16:16
odyssey4meApsu sounds good, but will that require a container restart again?16:16
*** woodard has joined #openstack-ansible16:16
mancdazApsu that sounds like the win16:16
Apsuodyssey4me: Nope.16:16
odyssey4methat sounds like a win then16:17
Apsu 1 - Generate gratuitous arp requests when device is brought up16:17
Apsu     or hardware address changes.16:17
mancdazApsu how does one implement that16:17
ApsuSo, we may need a little bit of post-up stuff in the /etc/network/interface file(s) in the container16:17
ApsuBecause I think ifupdown (the Ubuntu network scripts that deal with interface configs) bring interfaces up Then add IPs.16:18
ApsuAnd that won't work.16:18
ApsuIt has to have the IP and then be brought up16:18
ApsuSo... we can add some post-up lines that ip link set down, ip link set up16:18
ApsuThat should do the needful16:18
ApsuIf you've got a box I can hop on I can test it16:18
ApsuI did an arp_notify solution in the VIP namespace magic I made for RPC v416:19
*** markvoelker_ has joined #openstack-ansible16:21
evrardjplet's hope nobody want to use ipv616:24
evrardjpon these interfaces16:24
evrardjpI don't know how ND works (and its timers)16:24
evrardjpND/NA16:24
*** markvoelker has quit IRC16:24
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Keystone to Liberty RC1  https://review.openstack.org/22691716:24
*** cloudtrainme has quit IRC16:24
*** jwagner has quit IRC16:24
Apsuhttps://github.com/rcbops-cookbooks/keepalived/blob/1c3d04b543a70dae3007a653718e5d9067b279a3/files/default/notify.sh#L2916:24
ApsuAnd16:24
Apsuhttps://github.com/rcbops-cookbooks/keepalived/blob/1c3d04b543a70dae3007a653718e5d9067b279a3/files/default/notify.sh#L46-L4816:24
ApsuSet notify, cycle interface.16:24
ApsuNow... if there are default or other custom routes, we'll have to re-add those.16:24
ApsuThis is all assuming that ifupdown doesn't do the needful.16:24
*** cloudtra_ has joined #openstack-ansible16:24
ApsuBut all of that can be templated into place relatively easily16:24
*** jwagner- has joined #openstack-ansible16:24
*** afranc202 has quit IRC16:24
*** jwagner- is now known as jwagner16:24
Apsuevrardjp: It's actually the same, essentially, and has similar sysctls16:24
*** iraw- has joined #openstack-ansible16:24
evrardjpok16:24
evrardjpI'm more concerned about the mac change16:24
Apsundisc_notify:16:25
evrardjpok16:25
evrardjp:)16:25
Apsu:D16:25
evrardjpthe mac change shouldn't happen at all... sending gratuitous arp isn't really bad per se, but I'd rather avoid these16:25
ApsuIf we start assigning v6 IPs, we won't be using SLAAC I imagine16:25
evrardjpmmm: I'd rather avoid the mac address change*16:25
Apsuwhy would you rather avoid them? They're exactly what we want to accomplish -- updating all hosts to know the new MAC16:25
ApsuYou'd rather have a bunch of Ansible hooks to manually fudge it?16:26
evrardjpno, it's good that way16:26
mancdazApsu this is a sysctl thing, so we can just throw it in all containers?16:26
evrardjpI'd rather have my mac address table stable16:26
Apsuevrardjp: Ah. Well that's a larger project, but certainly doable.16:26
odyssey4meyeah, can't we just do 'sysctl -w net.ipv4.conf.all.arp_notify=1' in all containers?16:27
evrardjpIn my past I've seen some switches that didn't like the mac address changes at all16:27
evrardjpbecause it's handled by cpu instead of the ASIC (IIRC)16:27
Apsuodyssey4me: mancdaz: Yes, but, sysctls are shared. Specific interface entries will only be visible in their containers, but shared ones like conf.all will apply everywhere, including the host.16:27
ApsuSince interfaces will come up/down a lot potentially with various Ansible/VM tasks, I'd rather not do that16:28
ApsuInstead, set it to on for each container interface.16:28
odyssey4meApsu ok, and do we do that on the host or inside the container?16:28
evrardjpwhat I don't get: I've restarted a container here, and it didn't change mac address16:28
mancdazApsu it seems like the only interfaces that are going to come up/down a lot are the container interfaces anyway, so what difference?16:28
odyssey4memancdaz consider the neutron agent container - a whole different story there16:29
odyssey4mealso all compute hosts have vm's spinning up and down all the time16:29
Apsumancdaz: It's not a huge deal either way, honestly. GratARPs are small, and ARP is going to happen a lot whether we do it or not.16:29
mancdazApsu right16:30
evrardjpyup16:30
mancdazseems like an easier fix to use the sysctl module16:30
Apsumancdaz: So, if you set arp_notify (make sure you use sysctl.conf so it applies on boot) on the mgmt container interface, and ifdown/ifup, does it gratarp?16:30
ApsuSince you have a container you're testign on16:31
ApsuAnd/or does it gratarp on lxc-stop/lxc-start16:31
ApsuFYI, a gratarp is just an ARP reply with a particular configuration of source/dest components.16:33
mancdazApsu I need to scoot, but I pinged you the instance details I'm testing on16:33
ApsuIt's not a special piece of traffic per se16:33
Apsumancdaz: kk16:33
mancdazApsu make the magics16:33
mancdazfix the fixes https://review.openstack.org/#/c/225367/16:34
ApsuThat's what I do16:34
Apsumagic++16:34
*** alop has quit IRC16:43
*** elo has quit IRC16:47
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Cinder to Liberty RC1  https://review.openstack.org/22720516:50
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Keystone to Liberty RC1  https://review.openstack.org/22691716:51
*** woodard_ has joined #openstack-ansible16:52
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Do not use default LXC network in gate  https://review.openstack.org/21504016:52
*** woodard has quit IRC16:55
*** pradk has quit IRC16:57
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Add policy changes required for OSSA-2015-018 / CVE-2015-5240  https://review.openstack.org/22687416:58
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Fix for keystone LDAP pkg missing  https://review.openstack.org/22674016:59
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Allow tempest to deploy when no heat in environment  https://review.openstack.org/22672717:00
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update the AIO build convenience script  https://review.openstack.org/22735417:01
*** shoutm has quit IRC17:11
*** elo has joined #openstack-ansible17:15
*** woodard_ has quit IRC17:17
*** jwagner is now known as jwagner_away17:20
ApsuGot it.17:24
ApsuVeth pairs behave differently on link up/down since they've got two ends hooked together, and don't send gratarps when either end or both are cycled.17:25
ApsuBut!17:25
ApsuSetting the MAC works, including when you set it to the same value it already has.17:25
ApsuSo all we need is a post-up with: ip link set $IFACE address $(</sys/class/net/$IFACE/address)17:25
ApsuAnd arp_notify on17:25
ApsuIt can be set as net.ipv4.conf.all.arp_notify=117:26
ApsuWith the default arp_accept=0 on the host, it won't add entries for IPs that haven't been contacted yet, but it will update existing entries.17:26
ApsuWe can also set arp_accept to 1 if we want, so we won't have to ARP for containers the first time we contact them after they come up. It's a very minor time savings, but it's an option.17:27
Apsu@ mancdaz evrardjp odyssey4me cloudnull17:27
*** gparaskevas has quit IRC17:40
mhaydenfor anyone following the security-hardening spec, it's been adjusted to follow DISA STIGs17:45
*** phalmos has quit IRC17:50
palendaemhayden: I knew those words up to DISA18:03
mhaydenpalendae: http://docs-draft.openstack.org/19/222619/7/check/gate-openstack-ansible-specs-docs/2867df1//doc/build/html/specs/mitaka/security-hardening.html18:06
stevelleenqueued18:20
*** woodard has joined #openstack-ansible18:24
openstackgerritJimmy McCrory proposed openstack/openstack-ansible: Install spice-html5 from source  https://review.openstack.org/22646218:26
*** phalmos has joined #openstack-ansible18:29
*** woodard_ has joined #openstack-ansible18:30
*** woodard has quit IRC18:32
*** elo has quit IRC18:37
*** alop has joined #openstack-ansible18:51
*** woodard has joined #openstack-ansible18:52
*** jwagner_away is now known as jwagner18:52
*** woodard_ has quit IRC18:55
*** abitha has joined #openstack-ansible18:56
evrardjpApsu: nice trick the ip link set :)19:29
Apsuevrardjp: That's what they pay me for. I have the biggest bag of tricks ;P19:30
evrardjp:)19:32
evrardjpfor the arp_accept to 1, it's really minor, right?19:33
ApsuYeah, the difference between not sending an ARP/getting a reply vs sending/receiving one19:33
evrardjpbecase on first time we contact them we just do the arp as usual19:33
ApsuWhich is usually a few ms19:34
evrardjpok I understood correctly \o/19:34
Apsulol yep19:34
evrardjpwith 0, the update is fine then?19:34
evrardjp(of the existing ones)19:34
ApsuYes19:34
evrardjpit would be bad to encounter another bug right there ;)19:35
ApsuExisting entries always get updated by a gratarp regardless of arp_accept19:35
evrardjpofc19:35
ApsuThat's what the docs say and what I observed :)19:35
evrardjpI still wonder why the mac changes19:35
palendaelxc destroys the veth when it goes down, I think19:36
palendaeAnd doesn't record it19:36
palendaeSo it regenerates based on the template when it re-ups19:36
palendaeIf I understand correctly19:36
evrardjpthat's what weird: I tried at home, and it took the same mac19:36
evrardjpI'll retry19:36
palendaeHuh19:36
palendaeI'm kind of speculating19:37
evrardjpI'll double check if I'm well on veth19:37
ApsuIt could cache or not. I assumed it did, mancdaz said it didn't and illustrated evidence.19:37
ApsuIt might vary by version, distro packaging, default config flags, etc. Hard to say19:37
evrardjp(it's a day off today, I don't have access to my tst or prod clouds, so it's test with what I have home :p)19:37
ApsuRegardless, MAC changes or not, arp_notify covers everything19:37
evrardjptrue19:38
palendaeevrardjp: Sure, and you're testing lxc, which is installable on any linux box19:38
evrardjpApsu: I'm not familiar with the arp_notify: it sends gratarp only when you're using your link set, or there are more events that trigger this?19:40
evrardjp(I mean other than ip link * events)19:41
Apsuevrardjp: link up or MAC set19:41
ApsuThat's it19:41
evrardjpok19:41
ApsuSame with ndisc_notify for v619:41
*** alejandrito has quit IRC19:53
*** woodard_ has joined #openstack-ansible19:53
*** woodard has quit IRC19:56
*** kukacz has joined #openstack-ansible19:58
*** elo has joined #openstack-ansible20:07
*** woodard has joined #openstack-ansible20:11
*** woodard_ has quit IRC20:12
*** elo has quit IRC20:12
*** woodard_ has joined #openstack-ansible20:13
*** woodard has quit IRC20:16
*** elo has joined #openstack-ansible20:21
*** k_stev has joined #openstack-ansible20:23
*** elo has quit IRC20:25
*** elo has joined #openstack-ansible20:28
*** metral is now known as metral_zzz20:36
*** metral_zzz is now known as metral20:36
*** KLevenstein has quit IRC20:43
openstackgerritMerged openstack/openstack-ansible: Put horizon in its own process  https://review.openstack.org/22688920:53
*** elo has quit IRC20:59
*** daneyon has quit IRC21:04
*** daneyon has joined #openstack-ansible21:05
openstackgerritMerged openstack/openstack-ansible: Update juno SHA's - 23 Sep 2015  https://review.openstack.org/22686121:07
*** galstrom is now known as galstrom_zzz21:10
*** woodard_ has quit IRC21:10
*** phalmos has quit IRC21:14
*** Mudpuppy_ has joined #openstack-ansible21:32
*** kukacz has quit IRC21:33
*** Mudpuppy has quit IRC21:36
*** Mudpuppy_ has quit IRC21:37
*** elo has joined #openstack-ansible21:41
*** iraw- has quit IRC21:41
*** alejandrito has joined #openstack-ansible21:41
*** iraw- has joined #openstack-ansible21:42
*** daneyon has quit IRC21:49
*** daneyon has joined #openstack-ansible21:50
*** jlvillal has quit IRC21:51
openstackgerritMiguel Grinberg proposed openstack/openstack-ansible: Put horizon in its own process  https://review.openstack.org/22757021:53
*** jlvillal has joined #openstack-ansible21:57
*** jwagner is now known as jwagner_away21:57
openstackgerritMerged openstack/openstack-ansible: Update kilo SHA's - 23 Sep 2015  https://review.openstack.org/22689022:15
*** jhesketh has quit IRC22:28
*** jhesketh has joined #openstack-ansible22:29
*** spotz is now known as spotz_zzz22:33
openstackgerritMerged openstack/openstack-ansible: Allow tempest to deploy when no heat in environment  https://review.openstack.org/22672722:52
*** k_stev has quit IRC22:56
*** alejandrito has quit IRC23:03
*** markvoelker_ has quit IRC23:04
openstackgerritSteve Lewis proposed openstack/openstack-ansible: Put horizon in its own process  https://review.openstack.org/22757023:11
*** cloudtra_ has quit IRC23:18
*** cloudtrainme has joined #openstack-ansible23:18
*** cloudtrainme has quit IRC23:23
*** skamithi13 has quit IRC23:24
*** skamithi13 has joined #openstack-ansible23:24
*** agireud has quit IRC23:42
*** shoutm has joined #openstack-ansible23:45
*** harlowja has quit IRC23:56
*** abitha has quit IRC23:56
*** thrawn01 has quit IRC23:56
*** darrenc has quit IRC23:57
*** neillc has quit IRC23:57
*** gus has quit IRC23:57
*** bogeyon18 has quit IRC23:57
*** harlowja has joined #openstack-ansible23:57
*** darrenc_ has joined #openstack-ansible23:57
*** darrenc_ is now known as darrenc23:58
*** neillc has joined #openstack-ansible23:58
*** thrawn01 has joined #openstack-ansible23:58
*** bogeyon18 has joined #openstack-ansible23:58
*** gus has joined #openstack-ansible23:59
« Wednesday, 2015-09-23 Index Friday, 2015-09-25 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!