Tuesday, 2015-10-20

« Monday, 2015-10-19 Index Wednesday, 2015-10-21 »
*** k_stev has joined #openstack-ansible00:02
*** jaypipes has quit IRC00:04
cloudnullJwitko you may have to remove / change the force config drive option everywhere and restart the various nova services.00:08
cloudnullI'm out and about on mobile so I can't specifically look but I think there's an override for it.00:08
cloudnullis_nova/defaults/main.yml00:09
cloudnull*os_nova00:09
jwitkoaye, looks like its here   "roles/os_nova/defaults/main.yml"00:09
cloudnullOtherwise you can reconfigure it with the config template overrides.00:10
jwitkocloudnull, I'm seeing different things online though.  Some saying set it to "False" some saying to remove the line entirely00:10
cloudnullI'd set it to false.00:10
jwitkocloudnull, any idea how to use OSAD to only apply that template and restart appropriate services across the board?00:11
jwitkolooks like tag "nova-config"00:12
cloudnullSet the override. Then run : openstack-ansible  os-nova-install.yml --tags nova-config00:12
jwitkothanks00:12
cloudnullYou got it. ;-) sorry slow to type on the mobile keyboard.00:13
jwitkono problem!  i really appreciate your help00:13
cloudnullAnytime. I'm off bbl let us know how it goes00:14
jwitkocloudnull, one question before you go.  for every instance that is booted already I'll have to do a hard-reset on it to come back up without the drive attached correct?00:15
jwitkoor can I simply just en-mass issue the --eject command00:15
*** k_stev has quit IRC00:24
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071600:44
openstackgerritKevin Carter proposed openstack/openstack-ansible: Implement shippable venvs  https://review.openstack.org/23618300:50
openstackgerritKevin Carter proposed openstack/openstack-ansible: Always drop lxc_net bridge configuration  https://review.openstack.org/23726600:52
openstackgerritKevin Carter proposed openstack/openstack-ansible: Stop configure_diskspace from using small partitions  https://review.openstack.org/21688001:00
*** kerwin_bai has joined #openstack-ansible01:00
openstackgerritKevin Carter proposed openstack/openstack-ansible: Load glance metadata definitions  https://review.openstack.org/23542501:02
openstackgerritKevin Carter proposed openstack/openstack-ansible: Removed deprecated vif driver  https://review.openstack.org/23736201:07
jwitkoHey All,  Can anyone please help me work out a live migration issue?   The full debug error is here http://paste.openstack.org/show/476794/  -- but the basics are that its saying the compute node is not on shared storage, but it is!01:15
jwitkoI have disabled all config drive across all nova.conf's and restarted all appropriate services01:15
*** BjoernT is now known as Bjoern_zZzZzZzZ01:23
*** Bjoern_zZzZzZzZ is now known as BjoernT01:28
*** BjoernT is now known as Bjoern_zZzZzZzZ01:29
*** Bjoern_zZzZzZzZ is now known as BjoernT01:30
neillccloudnull: thanks for rebase. I promise to do something about that patchset as soon as I finish my madatory work video watching :/01:30
*** BjoernT has quit IRC01:34
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071601:38
*** markvoelker has joined #openstack-ansible01:40
*** greg_a has joined #openstack-ansible01:47
cloudnullJwitko sorry wasn't watching irc. You could do mass virsh ejects. Ansible to shell commands could help make that go.02:03
jwitkocloudnull, so Sam-I-Am was discussing with me in #openstack02:03
cloudnullAlso is it still happening with it all disabled ?02:03
jwitkoHe believes it is because my /var/lib/nova/instances is not a shared directory02:03
jwitkoYes its still happening with config drive disabled accross the board02:04
cloudnullNot a shared dir?02:04
jwitkoYes, its not shared across compute hosts.  AKA its not an NFS mount02:04
cloudnullI don't think that's needed.02:04
jwitkoall of my VMs live on the NetApp, but the libvirt metadata lives in /var/lib/nova/instances02:05
cloudnullOne sec02:05
jwitkook02:05
Sam-I-Amcloudnull: i'm pretty sure thats a requirement for live migration02:05
cloudnulljwitko: are you running the live-migrate from the CLI or horizon   ?02:12
cloudnulli remember reading this a while back https://blog.codecentric.de/en/2015/03/true-kvm-live-migration-openstack-icehouse-ceph-based-vm-storage/ which was using netapp for livemigrate02:13
cloudnulland they patched nova to skip the shared storage check02:13
cloudnullhowever i seem to remember passing --block_migrate would skip that check02:14
*** devlaps has quit IRC02:15
jwitkocloudnull, I have been attempting to run it from horizon02:15
jwitkocloudnull, I attempted to use the "block migrate" option on horizon as I saw that in a stack exchange article02:15
jwitkobut it still complains about config drive!02:15
cloudnulleven with it all disabled in config ?02:17
jwitkoyes, one second I'll paste the stack debug02:18
jwitkohttp://paste.openstack.org/show/476798/02:19
jwitko2015-10-19 22:17:08.011 7724 TRACE oslo_messaging.rpc.dispatcher NoLiveMigrationForConfigDriveInLibVirt: Live migration of instances with config drives is not supported in libvirt unless libvirt instance path and drive data is shared across compute nodes.02:19
jwitkobut config drive is disabled EVERYWHERE02:19
jwitkoand all appropriate nova services were restarted02:19
cloudnullso with config drive disabled i still http://cdn.pasteraw.com/n1z5mp8hziqbdxpj6v6hz63hxt13npa on my instances02:27
jwitkoaye02:28
jwitkoi still see that as well02:28
jwitkoand am still able to --eject02:28
cloudnullbuilding another instance that section is gone02:28
jwitkoah interesting02:28
jwitkoi wonder if i "rebuild instance"02:28
cloudnullso it'd be interesting to see if you can remove that section , restart the instance , and then live migrate02:29
*** devlaps has joined #openstack-ansible02:29
jwitkoI tried to remove it before02:29
jwitkoit added it back lol02:29
jwitkomaybe I did it wrong though02:29
jwitkochecking now02:29
cloudnullmaybe remove it restart and migrate with the block option ?02:30
jwitkoinstance is stopped02:30
jwitkoi just removed02:30
jwitkostarting instance now02:30
jwitkoit adds it back  :\02:30
jwitkoi wonder what would happen if i made the file immutable02:31
jwitkorestarting the instance errors as "permission denied" if i make the file immutable02:33
jwitkowhy the hell is openstack forcing the cd-rom in there02:33
cloudnullif you boot a test instance does it still do the same ?02:35
bgmccollumjwitko: probably cause it was initially booted with the config drive...wild guess...try updating the instance in the database to remove the config drive...then see if it regenerates the libvirt.xml02:35
jwitkobgmccollum, what db/table contains that info, do you know?02:36
bgmccollumnot offhand02:36
jwitkocloudnull, no it does not02:36
jwitkocloudnull, new instances look to be without it.  let me try to live migrate the new instance02:37
cloudnullbgmccollum: jwitko: nova.instances02:37
cloudnullconfig_drive:02:37
jwitkolol cloudnull, you're going to love this02:38
cloudnullupdate instances set config_drive="True";02:38
bgmccollumFalse ?02:38
cloudnullthat would do all02:38
cloudnullyes False02:39
cloudnullupdate instances set config_drive="False";  # will disable it02:39
bgmccollumand it sounds like  nova-compute regenerates the libvirt.xml on state changes or something?02:40
*** devlaps has quit IRC02:40
cloudnullactually it looks like -- update instances set config_drive="";02:40
cloudnullbuilding a new instance without config drive leaves the value blank02:40
bgmccollumjwitko: dont leave us hanging...02:41
jwitkoso02:41
jwitkoif I live migrate the new instance without the cdrom02:41
jwitkohorizon reports success and that its starting the process02:41
jwitkobut then never finishes02:41
jwitkoI don't see anything reporting errors though,  pasting a stack trace now02:41
jwitkohttp://paste.openstack.org/show/476800/02:42
jwitkoif I do it with "block migrate" option selected02:42
jwitkoI get this error, which makes no damn sense02:42
jwitkoInvalidLocalStorage: oss-comp07 is not on local storage: Block migration can not be used with shared storage.02:42
jwitko to caller02:42
jwitkoraise exception.InvalidLocalStorage(reason=reason, path=source)\n\nInvalidLocalStorage: oss-comp07 is not on local storage: Block migration can not be used with shared storage.02:42
jwitkoso on one hand its error because I'm NOT using shared storage02:43
*** sdake has quit IRC02:43
jwitkoand now it errors because i AM using shared storage!02:43
bgmccollumjwitko: block migrate literally SCPs the vm between hosts...so its saying you can't do that with shared storage (its shouldn't have to move any bits)02:44
jwitkobgmccollum, wouldn't it want to move the libvirt meta-data?02:44
jwitkothat is stored locally on the compute node02:44
bgmccollumit should regenerate that from the DB02:45
jwitkooh wow, awesome02:45
jwitkoso then lets ignore block migrate02:45
jwitkoand ponder why the live migrate option by itself doesn't work  :)02:45
Sam-I-Amjwitko: all of this sounds like it needs better docs :)02:45
Sam-I-Amthe ins-and-outs of migration02:46
jwitkoSam-I-Am, so with the above from bgmccollum, the libvirt meta-data being regen'd from DB02:46
jwitkoI guess the shared drive is not necessary ?02:46
Sam-I-Amin that case, i guess not02:46
Sam-I-Amthere's two ways to skin the cat02:46
bgmccollumjwitko: your initial issue is the VM was on shared storage, but the config drive was on local storage...which is why it wouldn't live migrate02:47
jwitkobgmccollum, makes sense02:47
bgmccollumif the VM and config drive were on shared storage, it should have worked02:48
jwitkohowever bgmccollum, now I have a VM with no config drive02:48
jwitkoand lvie migrate is still not working02:48
bgmccollumyou said you're using boot from volume02:48
jwitkobgmccollum, yes I boot from a volume snapshot into a new volume for all VMs02:48
bgmccollumok...and after updating the DB to cloud out config drive for that instance...did you shutdown / start the instance (which you indicated was regenerating your libvirt.xml)...and verify there is not config drive configured...02:49
bgmccollumfreudian...cloud out...clear out02:50
jwitkobgmccollum, I created a new instance.  "Test1", and this instance booted without a cdrom at all02:51
jwitkoI then selected to live migrate this instance02:51
jwitkoand again, I see the following02:53
jwitko Returning exception Live migration of instances with config drives is not supported in libvirt unless libvirt instance path and drive data is shared across compute nodes. to caller02:53
jwitkoif i go into the libvirt.xml of that instance02:53
jwitkothere is only one <disk    block,  and its iSCSI for the source02:53
jwitko    <disk type="block" device="disk">02:53
jwitko      <driver name="qemu" type="raw" cache="none"/>02:53
jwitko      <source dev="/dev/disk/by-path/ip-10.1.2.17:3260-iscsi-iqn.1992-08.com.netapp:sn.b81c6744a63611e38425123478563412:vs.3-lun-0"/>02:53
jwitko      <target bus="virtio" dev="vda"/>02:53
jwitko      <serial>fb845640-f430-4a4b-a517-66108691832d</serial>02:53
jwitko    </disk>02:53
bgmccollumcan you paste the contents of your instance directory?02:54
jwitkoYes02:55
jwitkoyou want /var/liv/nova/instances or /var/liv/nova/instances/<instance>/ ?02:55
bgmccollumthe 2nd02:56
jwitkoliveops@oss-comp07:~$ ls -al /var/lib/nova/instances/95358532-5633-4cb2-8b6a-d6e64516bba8/02:56
jwitkototal 1602:56
jwitkodrwxr-xr-x 2 nova         nova 4096 Oct 19 22:35 .02:56
jwitkodrwxr-xr-x 4 nova         nova 4096 Oct 19 22:35 ..02:56
jwitko-rw-rw---- 1 libvirt-qemu kvm     1 Oct 19 22:36 console.log02:56
jwitko-rw-r--r-- 1 nova         nova 2704 Oct 19 22:35 libvirt.xml02:56
bgmccollumso...thats a terrible error...cause there is indeed no config drive.02:58
jwitkoWould you like me to paste the full error log >02:58
jwitko?02:58
Sam-I-Ami wonder if any of this was addressed in liberty02:59
bgmccollumsounds like /var/lib/nova/instance does in fact need to be shared storage...probably just to preserve the console log, since the libvirt.xml could easily be regenrated03:00
jwitkobgmccollum, anything necessary in that console.log ?03:01
jwitkoif I was to move it to a tmp directory, would that hurt anything?03:02
jwitkoand would it then allow us to see if thats the issue ?03:02
bgmccollumeither that or its not smart enough to see its was booted from a volume...just looks at the instance dir and see its not shared03:02
bgmccollumthe console log is just the serial console03:02
jwitkobgmccollum, so here is something interesting... I just recreated one of the VMs from its heat stack03:04
jwitkoand it was created to the same hypervisor as the test machine, and it comes up with a cdrom03:05
cloudnullohh. maybe config_drive is enabled via heat when booting the vm ?03:05
jwitkoyup.  just looked03:05
jwitkoconfig_drive: true03:05
jwitkoin all my heat templates03:05
jwitkoa good find, but the VM i manually created wouldn't have this issue03:06
jwitkocloudnull, bgmccollum, Sam-I-Am,  so How can I test this?   Shut down this test VM, create a nfs mount to my netapp, copy over all of /var/lib/nova/instances, mount the nfs over /var/lib/nova/instances, and then also mount that on the 'receiving' compute node and try to migrate?03:07
bgmccollumjwitko: yes03:07
cloudnullthat might work03:07
jwitkook will report back shortly03:09
bgmccollumcloudnull: the cinder udev whitespace issue was fixed in the new upgrade script, and looks like it will be addressed in 10.2.0 in the cinder role...should the same fix be applied to the old upgrade script, or just wait till 10.2.0 is cut...upgrade to that...then 11.0?03:10
bgmccollumim guessing its going to be "dont touch anything" for a while...03:11
cloudnull10.2 might never happen03:11
bgmccollumsad panda03:11
bgmccollumso side port to old upgrade script...or out of band patch03:12
cloudnullbut in the new script it fixes that issue when cinder-volume is in containers03:12
bgmccollumyeah...but RPC03:12
cloudnullyou can fix it manually by calling the play03:12
cloudnullhttps://github.com/openstack/openstack-ansible/blob/kilo/doc/source/upgrade-guide/process.rst03:12
cloudnullexists regardless of rpc03:12
cloudnullopenstack-ansible ${UPGRADE_PLAYBOOKS}/cinder-adjustments.yml03:13
cloudnullyou can run the broken play and when that doesn't work you can follow the intree process docs03:13
cloudnull*broken script03:13
bgmccollumyup...i can make it work...its a matter of what *should* we do...fine line between rpc docs, osa docs, and creative off script interpretation03:14
bgmccollum;)03:15
cloudnullrpc needs to ditch the old script because its prone to failure03:15
cloudnullnew script has same functionality but has the ability to recover03:16
bgmccollumim in agreement...but i have to follow the RPC way for the upgrade class03:16
cloudnullthats fair . idk how to fix that ...03:16
bgmccollumi was happy to see the new upgrade script...03:16
cloudnullwelcome to the lobbying game03:17
bgmccollumi guess its a moot point, because of the container -> metal migration that supposed to happen03:18
bgmccollumi was just being lazy in my upgrade testing03:18
cloudnullmigrating cinder-volume to the host from a container makes the most sense for long term supportability when using cinder+lvm03:19
cloudnullhowever if using netapp, vnx cinder-volume in a container makes better sense03:19
cloudnullso the upgrade should be able to support both cases03:20
bgmccollumill throw up a review and see how much hell i get03:20
cloudnullthe good thing is that the new script is available and we simply need to convince rpc that the old one is bad03:21
cloudnullnot to mention as is all of the documentation.03:22
cloudnullrpc is using this https://github.com/rcbops/rpc-openstack/commit/304a63d8b69f33410ffc05d1c7f2286433a790eb03:23
* cloudnull shakes head03:23
cloudnullbgmccollum: http://upgrade-test.cloudnull.io/03:23
jwitkooh boy03:23
jwitkothe VM won't even power on  ;\03:23
cloudnullthese are the results for the upgrade tests , testing the last 5 juno tags to the latest kilo tag03:23
cloudnullall of the failues are the old script, the success jobs are upgrades from the latest juno to the kilo branch (which uses the new script)03:24
jwitko2015-10-19 23:23:37.290 9927 TRACE oslo_messaging.rpc.dispatcher NovaException: iSCSI device not found at /dev/disk/by-path/ip-10.1.2.17:3260-iscsi-iqn.1992-08.com.netapp:sn.b81c6744a63611e38425123478563412:vs.3-lun-203:24
cloudnulljwitko:  is that with nfs for /var/lib/nova/instances03:25
jwitkoaye03:25
cloudnull+ netapp iscsi vm ?03:25
jwitkoaye03:25
cloudnull:(03:25
jwitkoi think i see the issue03:25
jwitkopermissions got messed up in the nfs dir03:25
jwitkoand it is not allowing me to change them03:25
jwitkoalso seeing03:28
jwitko2015-10-19 23:28:28.004 9927 WARNING nova.virt.libvirt.volume [req-78a610fa-169d-48a9-98a5-342448b4f51d 99903c87e9ab4bb3b29bc51b0943330c 7f43cc16e3714f1c84e525455ddb7495 - - -] ISCSI volume not yet found at: vda. Will rescan & retry.  Try number: 303:28
jwitkofixed the permissions errors03:29
jwitkobut still seeing the above messages about iscsi03:29
bgmccollumcloudnull: fixed -- ln -s run-upgrade.sh run-upgrade-old.sh03:29
cloudnullhahahah03:30
cloudnullbgmccollum: that wont work you need ln -fs run-upgrade.sh run-upgrade-old.sh03:30
cloudnull:)03:30
bgmccollumstate: absent03:30
cloudnullha03:31
jwitkofuck... now its not working even without the nfs mount03:31
*** agireud has quit IRC03:33
*** agireud has joined #openstack-ansible03:33
jwitkoso somehow through all of this iscsi got hosed on this compute node03:37
jwitko2015-10-19 23:37:28.776 7040 WARNING nova.virt.libvirt.volume [req-a5b03677-a26c-42c3-b878-4cbd91863b51 99903c87e9ab4bb3b29bc51b0943330c 7f43cc16e3714f1c84e525455ddb7495 - - -] ISCSI volume not yet found at: vda. Will rescan & retry.  Try number: 303:37
jwitkolooks like just that VMs data got corrupted03:40
jwitkoI almost want to give it another try after fixing the NFS permissions03:40
*** tlian2 has quit IRC03:41
cloudnullyea , anything worth doing is worth doing a dozen times or so :)03:41
jwitkocloudnull, should I be shutting off libvirtd service before doing this?03:41
jwitkoroot@oss-comp07:~# ps -ef | grep libvirt03:41
jwitkoroot      7240     1  1 23:36 ?        00:00:04 /usr/sbin/libvirtd -d03:41
cloudnulli'd not assume so.03:42
cloudnullbut maybe ? idk for sure03:42
*** subscope has joined #openstack-ansible03:42
cloudnullbgmccollum, jwagner_away if you guys can give the "new" upgrade script a thorough testing im sure we can get the new advances into the rpc tags . but it may be a bit03:45
cloudnull--cc d34dh0r5303:45
jwitkook, the instance is running now on nfs03:46
jwitkoso it was the perms issue03:46
jwitkogoing to redo nfs on other compute node now03:46
cloudnulljwitko:  i have faith :)03:48
cloudnull its going to work amazing this time03:48
jwitkocloudnull, here is an interesting error when live migrating03:48
jwitko1c84e525455ddb7495 - - -] [instance: 6039bc1a-f7a9-4b52-b618-4ea9b1ab7460] Live Migration failure: operation failed: Failed to connect to remote libvirt URI qemu+tcp://oss-comp09/system: unable to connect to server at 'oss-comp09:16509': Connection refused03:48
* cloudnull fingers crossed03:48
jwitkothere is nothing running at 16509 on any of my compute nodes though ?03:49
cloudnulljwitko: can you check /etc/libvirt/libvirtd.conf03:51
jwitkolooks like I need listen_tcp = 103:51
larsksjwitko: that is the port that libvirt will listen on if you have both listen_tcp=1 in /etc/libvirt/libvirtd.conf and and --listen on the libvirtd command line.  That'03:51
cloudnulland auth_tcp = "none"03:51
larsksjwitko: and also --listen (-l) on libvirtd.03:51
jwitkolarsks, where does libvirtd start from that i can append this?03:51
jwitkofound it03:52
jwitko/etc/init/libvirt-bin.conf03:52
* larsks returns to lurker mode and goes to bed...03:52
cloudnullhttps://github.com/openstack/openstack-ansible/blob/kilo/playbooks/roles/os_nova/files/libvirtd.conf03:52
cloudnullo/ larsks03:53
jwitkowow this is a lot of modifications to make this work03:53
jwitkocloudnull, hm if its in the OSAD repo then why wasn't it set?03:53
cloudnullyou need to set https://github.com/openstack/openstack-ansible/blob/kilo/playbooks/roles/os_nova/defaults/main.yml#L300-L30203:54
*** skamithi13 has quit IRC03:55
jwitkocloudnull, so those should be "0", "1", and "none" respectively ?03:55
cloudnullyes03:56
cloudnullwhich will enable listen mode for libvirt03:56
cloudnullhttps://github.com/openstack/openstack-ansible/blob/kilo/playbooks/roles/os_nova/tasks/nova_compute_kvm.yml#L43-L5303:56
cloudnullhttps://github.com/openstack/openstack-ansible/blob/kilo/playbooks/roles/os_nova/tasks/nova_compute_kvm.yml#L4903:56
jwitkolibvirtd failing to start03:58
jwitko2015-10-20 03:57:37.447+0000: 9509: error : virNetTLSContextCheckCertFile:117 : Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory03:58
cloudnullwith 0 1 none respectivly ?03:59
jwitkodid it manually, running through playbook now03:59
jwitkothis should do it right?03:59
jwitkoopenstack-ansible os-nova-install.yml --limit oss-comp09 --ask-vault-pass  --tags 'nova-libvirt'03:59
cloudnull that'll do it04:00
jwitkoalright, its listening04:00
cloudnullwoot04:00
cloudnullas long as tls is not enabled it should to the pem look up.04:00
jwitkonot failing....04:01
jwitkoyet...04:01
jwitkoyet...04:01
jwitkoholy04:01
jwitkofucking04:01
jwitkoshit04:01
jwitko:D04:01
cloudnullmaybe that was the error all along :)04:01
jwitkorestarting libvirtd will definitely restart all VMs right ?04:02
cloudnullno it should not04:03
cloudnullthe /usr/bin/qemu-system-x86_64 should remain04:03
jwitkoso I can run that across all nodes immediately?04:03
cloudnullyes that should be ok04:03
cloudnullSam-I-Am: bgmccollum: correct me if im wront04:03
cloudnull*wrong04:03
cloudnullbut yes that should be fine04:04
Sam-I-Ami think its ok04:04
cloudnulljwitko:  if you change the user variable and run openstack-ansible os-nova-install.yml --ask-vault-pass  --tags 'nova-libvirt'04:05
cloudnullitll restart libvirtd as part of the task04:05
jwitkoaye, thank you04:05
cloudnullwe should document enabling live-migrate with all this glorius data  --cc Sam-I-Am04:07
cloudnullwink wink nudge nudge04:07
cloudnullthat would be most useful04:07
Sam-I-Amhaha04:07
cloudnullespecially with config_drive being configurable in kilo and beyond04:07
Sam-I-Amdoes o-a not technically support live migration now?04:08
Sam-I-Ami know its sort of a corner case for 'cloud'04:08
cloudnullit seems so . however theres some config bits that we need to set to make it go .04:08
cloudnullwhich jwitko is now an SME on :D04:08
cloudnulljwitko:  you going to the summit ?04:09
jwitkoin tokyo?  negative04:09
* Sam-I-Am neither04:10
cloudnull:(04:10
jwitkoi wish04:10
jwitkobut my company doesnt do much in that way for me04:10
cloudnullnext one is in Austin04:10
jwitkonow that I could almost certainly swing04:10
jwitkoas they just moved the HQ to austin04:10
*** sdake has joined #openstack-ansible04:10
jwitkobut i thought the next one was in atlanta04:10
Sam-I-Amits austin04:11
cloudnullsounds like a work trip if ive ever heard04:11
Sam-I-Amwhich should be... interesting04:11
jwitkoi work remote from NYC04:11
cloudnullatlanta was two summits ago04:11
Sam-I-Amthree04:11
cloudnull^ that one04:11
cloudnull:)04:11
jwitkook04:11
jwitkoso if i could just take a moment so summarize the work04:11
Sam-I-Ameither way, you can contribute bits to o-a :)04:11
jwitko1) override nova_libvirtd_listen_tls, nova_libvirtd_listen_tcp, nova_libvirtd_auth_tcp  in openstack_user_config.yml to 0, 1, none respectively04:12
jwitko2) execute openstack-ansible os-nova-install.yml --ask-vault-pass  --tags 'nova-libvirt'04:12
jwitko3) Shut down all VMs on an instance04:12
jwitko4) Copy all data from /var/lib/nova/instances/ to a tmp directory04:13
jwitko4a)  stop nova-compute service04:13
jwitko5) mount NFS directory over /var/lib/nova/instances04:13
jwitko6) start nova compute services04:13
jwitko7) start VMs back up04:13
jwitkoI think that covers it correct?04:13
cloudnull1a) disable force_config_drive04:14
jwitkoah, good catch04:14
cloudnull2) we can do ##  openstack-ansible os-nova-install.yml --ask-vault-pass  --tags 'nova-libvirt,nova-config'04:14
Sam-I-Amthis would be to enable live migrate on an existing system, vs. configuring to begin with04:14
jwitkoSam-I-Am, yes04:15
cloudnullyes04:15
jwitkobut just trying to summarize what I did04:15
Sam-I-Amsure04:15
jwitkoso 1) should also include "nova_force_config_drive: False"04:15
cloudnullsweet thanks for sticking with that jwitko04:15
Sam-I-Ami wonder how the upstream live migrate docs are04:15
jwitkocloudnull, I'm like a dog with lock jaw man04:15
jwitkoi made Sam-I-Am spend an entire weekend with me once lol04:15
cloudnulli have that problem too :D04:15
jwitkobut then I sent a gift card  :)04:15
cloudnullnice!04:16
cloudnullSam-I-Am: kick down man =P04:16
jwitkohaha to be fair it was not enough to share with others04:16
jwitkocapital grill expensive as fuk04:16
cloudnullSam-I-Am:  is a helpful dude04:17
cloudnullim off to bed , jwitko im going to try and replicate your success in the morning04:17
cloudnulli have a lab im going to go beat up04:17
jwitkothank you so much for your time04:17
jwitkohave a great night04:18
cloudnullthank you for figuring it out04:18
cloudnullim off take care, ttyl04:18
Sam-I-Amenjoy04:18
Sam-I-Amjwitko: yeah, we had a long stretch of stuff there04:18
*** kerwin_bai has quit IRC04:20
*** daneyon has joined #openstack-ansible04:21
*** daneyon_ has joined #openstack-ansible04:24
*** daneyon has quit IRC04:27
jwitkohey Sam-I-Am, what config file should those variables go in to over-ride?04:40
jwitkouser_variables.yml?  openstack_user_config.yml?04:41
jwitkolooks like user_variables?04:43
Sam-I-Amhttps://github.com/openstack/openstack-ansible/blob/kilo/doc/source/install-guide/configure-openstack.rst04:45
jwitkooh wow thats complicated04:46
jwitkothe examples in user_variables.yml just have them as straight one line entries04:46
Sam-I-Amwell, its and no04:51
Sam-I-Amer, yes and no04:52
Sam-I-Amstupid fingers04:52
Sam-I-Amit was getting too complex to manage all of the potential overrides, so along came a more generic way to set them... and arguably more complex04:52
*** javeriak has joined #openstack-ansible05:01
*** greg_a has quit IRC05:07
*** javeriak_ has joined #openstack-ansible05:16
*** javeriak has quit IRC05:18
*** mcarden has joined #openstack-ansible05:44
*** javeriak_ has quit IRC05:52
*** sdake has quit IRC06:05
*** greg_a has joined #openstack-ansible06:05
*** kerwin_bai has joined #openstack-ansible06:07
*** gardenshed has joined #openstack-ansible06:08
*** manas has joined #openstack-ansible06:10
*** gardenshed has quit IRC06:22
*** markvoelker_ has joined #openstack-ansible06:26
*** markvoelker has quit IRC06:29
*** jmckind is now known as jmckind_06:33
*** javeriak has joined #openstack-ansible06:41
*** greg_a has quit IRC06:50
openstackgerritMerged openstack/openstack-ansible: Always drop lxc_net bridge configuration  https://review.openstack.org/23726206:54
openstackgerritMerged openstack/openstack-ansible: Fixes TCP and UDP strings in rsyslog client log shipping.  https://review.openstack.org/23702906:57
*** karimb has joined #openstack-ansible07:00
openstackgerritMerged openstack/openstack-ansible: Additional RabbitMQ SSL fixes  https://review.openstack.org/23673107:01
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Fixes TCP and UDP strings in rsyslog client log shipping.  https://review.openstack.org/23743007:03
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Additional RabbitMQ SSL fixes  https://review.openstack.org/23743107:04
*** gardenshed has joined #openstack-ansible07:10
*** javeriak has quit IRC07:11
*** javeriak has joined #openstack-ansible07:16
*** neillc has quit IRC07:28
*** daneyon_ has quit IRC07:31
*** daneyon has joined #openstack-ansible07:34
*** neillc has joined #openstack-ansible07:34
*** sdake has joined #openstack-ansible07:35
*** gardenshed has quit IRC07:38
*** gardenshed has joined #openstack-ansible07:42
*** gardenshed has quit IRC07:42
*** openstackgerrit has quit IRC07:46
*** openstackgerrit has joined #openstack-ansible07:46
*** karimb has quit IRC07:56
*** karimb has joined #openstack-ansible07:57
*** jhesketh has quit IRC08:07
*** sdake has quit IRC08:08
*** jhesketh has joined #openstack-ansible08:09
odyssey4mejwitko user_variables if it's an ansible variable, the configure openstack page is for openstack variables08:19
openstackgerritMerged openstack/openstack-ansible: Standardise ownership of *_venv_bin directories  https://review.openstack.org/23698508:24
odyssey4memattt hughsaunders if you guys can take the time to work through https://review.openstack.org/230716 today, it'd be hugely appreciated08:25
hughsaundersodyssey4me: will have a look08:26
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Updated the neutron l3HA tool to use v3  https://review.openstack.org/23746008:27
*** mgoddard has joined #openstack-ansible08:28
*** gardenshed has joined #openstack-ansible08:35
*** gardenshed has quit IRC08:35
*** sdake has joined #openstack-ansible08:36
*** shausy has joined #openstack-ansible08:38
*** kerwin_bai has quit IRC08:40
*** javeriak has quit IRC08:52
*** sdake has quit IRC08:56
*** manas has quit IRC09:08
*** neilus has quit IRC09:08
*** neilus has joined #openstack-ansible09:08
*** shausy has quit IRC09:09
*** shausy has joined #openstack-ansible09:10
*** gardenshed has joined #openstack-ansible09:16
*** metral is now known as metral_zzz09:22
*** tiagogomes__ has joined #openstack-ansible09:24
*** tiagogomes has quit IRC09:24
*** javeriak has joined #openstack-ansible09:28
*** metral_zzz is now known as metral09:33
*** manas has joined #openstack-ansible09:36
*** javeriak has quit IRC09:40
*** javeriak has joined #openstack-ansible09:40
*** fawadkhaliq has joined #openstack-ansible09:46
*** javeriak_ has joined #openstack-ansible09:48
*** sdake has joined #openstack-ansible09:48
*** javeriak has quit IRC09:48
*** sdake has quit IRC10:03
*** subscope has quit IRC10:10
*** subscope has joined #openstack-ansible10:12
*** subscope has quit IRC10:13
*** markvoelker_ has quit IRC10:13
*** gardenshed has left #openstack-ansible10:15
*** gardenshed has joined #openstack-ansible10:15
*** javeriak_ has quit IRC10:17
openstackgerritMerged openstack/openstack-ansible: Removed deprecated vif driver  https://review.openstack.org/23736210:38
*** javeriak has joined #openstack-ansible10:54
*** manas has quit IRC10:56
openstackgerritMerged openstack/openstack-ansible: Correct OS_IDENTITY_API_VERSION   https://review.openstack.org/23697811:04
*** javeriak has quit IRC11:05
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Install Guide Cleanup  https://review.openstack.org/23751311:09
*** markvoelker has joined #openstack-ansible11:14
*** manas has joined #openstack-ansible11:15
*** javeriak has joined #openstack-ansible11:18
*** javeriak has quit IRC11:22
*** gcivitella has joined #openstack-ansible11:28
*** markvoelker has quit IRC11:32
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Only bind mount images dir /w local Glance storage  https://review.openstack.org/23714511:35
*** manas has quit IRC11:38
*** javeriak has joined #openstack-ansible11:39
*** markvoelker has joined #openstack-ansible11:39
*** markvoelker has quit IRC11:39
*** fawadkhaliq has quit IRC11:58
openstackgerritMerged openstack/openstack-ansible: Ensure that the vnc console is disabled when spice is enabled  https://review.openstack.org/23716112:08
openstackgerritMerged openstack/openstack-ansible: Fix to correctly set the nova_management_address  https://review.openstack.org/23671112:08
openstackgerritMerged openstack/openstack-ansible: Added rotating logging to the neutron ha tool  https://review.openstack.org/23709512:08
*** jmckind_ has quit IRC12:08
openstackgerritMerged openstack/openstack-ansible: Added rotating logging to the neutron ha tool  https://review.openstack.org/23709212:08
mhaydenmorning12:11
*** elo has quit IRC12:15
*** jaypipes has joined #openstack-ansible12:24
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-3857{4,6,7}: Password hashing algorithms  https://review.openstack.org/23307112:26
mhaydenthanks for the backport on the RabbitMQ SSL fixes, odyssey4me -- i didn't notice it merged12:27
*** markvoelker_ has joined #openstack-ansible12:35
odyssey4memhayden :)12:42
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38660: SNMPv3  https://review.openstack.org/23322612:43
mhaydeni need to see if nova has a buried option for kombu SSL cert verification12:44
mhaydenon first pass, i couldn't find it12:44
*** neilus has quit IRC12:49
*** neilus has joined #openstack-ansible12:50
*** javeriak has quit IRC12:53
*** markvoelker_ has quit IRC12:54
*** alejandrito has joined #openstack-ansible12:54
*** fawadkhaliq has joined #openstack-ansible12:59
*** gardensh_ has joined #openstack-ansible13:00
*** javeriak has joined #openstack-ansible13:02
*** gardenshed has quit IRC13:03
*** fawadkhaliq has quit IRC13:04
openstackgerritMatt Thompson proposed openstack/openstack-ansible: Set neutron_lib_dir depending on neutron_venv_enabled  https://review.openstack.org/23757313:12
*** tlian has joined #openstack-ansible13:20
*** gardensh_ has quit IRC13:21
*** gardenshed has joined #openstack-ansible13:23
*** Bjoern_ has joined #openstack-ansible13:23
*** Bjoern_ is now known as Bjoern_zZzZzZzZ13:23
*** gardenshed has quit IRC13:24
*** gardenshed has joined #openstack-ansible13:25
*** javeriak has quit IRC13:25
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Install Guide Cleanup  https://review.openstack.org/23751313:28
*** gardenshed has quit IRC13:34
*** Bjoern_zZzZzZzZ is now known as Bjoern_13:35
*** javeriak has joined #openstack-ansible13:37
*** Mudpuppy has joined #openstack-ansible13:39
odyssey4memhayden would that be for setting nova to have a ca, cert, etc - or to enable/disabled cert verification?13:39
mhaydenodyssey4me: give the option for disabling verification (if self signed certs are in use)13:40
odyssey4memhayden typically that option is 'insecure'13:40
odyssey4meis that when doing keystone auth?13:40
mhaydenodyssey4me: well, i'm looking at how nova and rabbitmq could potentially talk over SSL/TLS reliably13:41
odyssey4memhayden http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-sslcertificates.html#self-signed-certificates13:41
mhaydenhaha, i wrote that :P13:41
odyssey4meah, so then you'll need to dig up the rpc configuration... nothing to do with nova13:41
odyssey4meit'll be in oslo.messaging13:41
*** Mudpuppy has quit IRC13:43
*** Mudpuppy has joined #openstack-ansible13:43
*** gardenshed has joined #openstack-ansible13:46
openstackgerritMatt Thompson proposed openstack/openstack-ansible: Search for existing aodh binary  https://review.openstack.org/23758913:50
cloudnullmorning13:51
d34dh0r53mornings13:54
*** fawadkhaliq has joined #openstack-ansible13:56
tiagogomes__anyone configured Keystone for using LDAP with SQL as fallback13:57
*** phalmos has joined #openstack-ansible13:58
*** javeriak has quit IRC13:59
*** phalmos has quit IRC14:00
*** fawadkhaliq has quit IRC14:07
*** KLevenstein has joined #openstack-ansible14:07
openstackgerritMerged openstack/openstack-ansible: Only bind mount images dir /w local Glance storage  https://review.openstack.org/23714514:08
*** spotz_zzz is now known as spotz14:09
*** sdake has joined #openstack-ansible14:10
*** shausy has quit IRC14:18
*** sigmavirus24_awa is now known as sigmavirus2414:20
*** KLevenstein has quit IRC14:23
*** wmlynch has joined #openstack-ansible14:23
d34dh0r53reviews please https://review.openstack.org/#/c/237460/114:24
*** KLevenstein has joined #openstack-ansible14:26
odyssey4med34dh0r53 https://review.openstack.org/237430 and https://review.openstack.org/237431 too14:26
*** KLevenstein has quit IRC14:27
*** jmckind has joined #openstack-ansible14:28
*** mgoddard_ has joined #openstack-ansible14:31
*** jmckind is now known as jmckind_14:32
*** jmckind_ is now known as jmckind14:33
*** mgoddard has quit IRC14:34
*** mgoddard_ has quit IRC14:34
*** mgoddard has joined #openstack-ansible14:34
openstackgerritMatt Thompson proposed openstack/openstack-ansible: [WIP] Install Guide Cleanup  https://review.openstack.org/23751314:34
*** mgoddard has quit IRC14:42
*** mgoddard has joined #openstack-ansible14:43
openstackgerritMatt Thompson proposed openstack/openstack-ansible: Install Guide Cleanup  https://review.openstack.org/23751314:48
*** phalmos has joined #openstack-ansible14:50
tiagogomes__can I use both LDAP and SQL for the same domain?14:50
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the repo-build process  https://review.openstack.org/23071614:51
*** greg_a has joined #openstack-ansible14:52
cloudnullodyssey4me hughsaunders updated repo build process for the regex update and to create an absolute requirement file14:55
*** k_stev has joined #openstack-ansible14:55
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Neutron Configuration for Liberty  https://review.openstack.org/23492614:56
*** gardenshed has quit IRC15:01
*** jwagner_away is now known as jwagner15:02
spotzmorning15:04
*** phalmos has quit IRC15:06
*** jlvillal has quit IRC15:11
*** jlvillal has joined #openstack-ansible15:17
tiagogomes__mmm, ok you hardcode the ldap configuration to be on keystone.Default.conf.  It would be nice to allow to specify the domain name15:32
tiagogomes__Otherwise I can't auth with SQL15:33
tiagogomes__for the service and admin users15:34
openstackgerritMerged openstack/openstack-ansible: Always drop lxc_net bridge configuration  https://review.openstack.org/23726615:44
*** mgoddard_ has joined #openstack-ansible15:46
*** mgoddard has quit IRC15:48
*** alop has joined #openstack-ansible15:49
*** fawadkhaliq has joined #openstack-ansible15:53
*** gardenshed has joined #openstack-ansible15:55
*** gardenshed has quit IRC15:57
*** gardenshed has joined #openstack-ansible15:58
*** fawadkhaliq has quit IRC15:58
*** jwagner is now known as jwagner_away16:01
stevelleBug triage?16:03
palendaeI think most of our UK group are getting back to desks16:03
*** mgoddard_ has quit IRC16:04
*** mgoddard has joined #openstack-ansible16:04
*** phalmos has joined #openstack-ansible16:04
*** jwagner_away is now known as jwagner16:04
*** elo has joined #openstack-ansible16:08
odyssey4metiagogomes__ a patch would be welcome - that is an area that could do with some work :)16:08
*** elo has quit IRC16:08
*** Bjoern_ is now known as BjoernT16:09
*** elo has joined #openstack-ansible16:09
odyssey4mebug triage cloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, mancdaz, dolphm, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung, prometheanfire, evrardjp, arbrandes, mhayden, scarlisle16:09
prometheanfireneat16:10
odyssey4merighto - first up: https://bugs.launchpad.net/openstack-ansible/+bug/147352516:11
openstackLaunchpad bug 1473525 in openstack-ansible trunk " Duplicate sources.list entry for mariadb during kilo upgrade" [Low,New]16:11
jwagneri am seeing this as well16:11
jwagneri just remove the old http and it is fine16:12
BjoernTyeah so I will review my old patch16:14
*** galstrom_zzz is now known as galstrom16:15
cloudnullyea thats a thing on upgrade .16:15
BjoernTcorrect16:15
BjoernTso prio 2 kilo ?16:17
odyssey4meok, invalid on trunk - who who's taking this on for juno->kilo?16:17
cloudnullits a hard one.16:17
cloudnullbecause depending on when the deployment was done that repo may be different16:17
cloudnullEG icehouse, juno.16:17
BjoernTi can look at it again16:18
odyssey4mecan the apt task not add files with a specific name?16:18
cloudnullits really something that , if it causes issues it needs to be fixed, but idk if we should really try to program around that type of failure.16:18
cloudnullodyssey4me:  it can16:18
cloudnullbut those repos may be in various files named differently16:18
odyssey4mecloudnull then perhaps we should change how we add the sources file and name them according to the purpose?16:18
BjoernTyes16:19
*** jmckind is now known as jmckind_16:19
BjoernTno dynamic file names16:19
BjoernTthat's bad when changing mirror urls16:19
*** k_stev has quit IRC16:19
BjoernTetc16:19
odyssey4methen this issue can be resolved by deployers - it can be noted as a known issue16:19
cloudnullrpc-repo.rax, mariadb.com, mirror.rax, other maira mirror, etc.16:19
*** dstanek has quit IRC16:19
BjoernTthat should be fixed in OSA not deployer16:19
odyssey4mea simple ansible command can remove the old file, whatever it is, then the plays can simply re-add16:19
cloudnulli think we can standardize on a name, but fixing it may break a deployer using a repo for other specific purposes if we simply remove the entries16:20
BjoernTsure but it doesnt make sure that if wont happen again16:20
BjoernTit's caused by how we configure the sources.list so it needs to be fixed there16:20
odyssey4mecloudnull yep, that's why it needs to be a manual fix16:20
cloudnullwe'd have to search for, interpret, and attempt to resolve16:20
BjoernTcleanup has to happen in OSA, if no one volunteers I work on it16:20
odyssey4meand we can't implement this fix except for a major version16:20
cloudnullBjoernT:  if you can figure out a good way to make it work then +116:21
cloudnullbut it seems like a pit of edge cases16:21
*** k_stev has joined #openstack-ansible16:21
odyssey4mesure, but bear in mind that there is no standard to how a deployer has configured the repo16:21
cloudnull^ that16:21
odyssey4meif it's internal, it'll be different16:21
*** k_stev has quit IRC16:21
*** k_stev has joined #openstack-ansible16:21
odyssey4meso the best is to simply list it as a known issue and provide an example resolution for it16:21
BjoernTnot really, this is only true for the ubuntu base repos16:21
*** gcivitella has quit IRC16:22
odyssey4meBjoernT not it is not - it could be anything and will hit anyone when they change the repo16:22
*** dstanek has joined #openstack-ansible16:22
BjoernTI disagree16:22
BjoernTwe put in the mariadb over OSA not anyone else16:22
odyssey4meBjoernT in https://bugs.launchpad.net/openstack-ansible/+bug/1473525 it is mariadb, not the ubuntu base repo16:22
openstackLaunchpad bug 1473525 in openstack-ansible kilo " Duplicate sources.list entry for mariadb during kilo upgrade" [Low,New]16:22
cloudnullBjoernT:  if you can put toether a PoC i'd be happy to work on it with you. but i do have some reservations on a fix .16:23
odyssey4meok BjoernT if you can figure out an acceptable solution then great16:23
BjoernTsure I can spend some cycles16:23
odyssey4meassigned to BjoernT16:23
odyssey4menext: https://bugs.launchpad.net/openstack-ansible/+bug/150617316:24
openstackLaunchpad bug 1506173 in openstack-ansible "Failed upgrades should output list of full commands to run" [Undecided,New]16:24
*** greg_a has quit IRC16:24
cloudnullthats been completed16:24
odyssey4meoh?16:24
palendaecloudnull: This is a newer one16:25
palendaeFiled the 14th16:25
cloudnulloh , nevermind16:25
* cloudnull was going off the title16:25
palendaeBasically saying the output is incomplete16:25
palendaeYeah, I thought it was the old one too16:25
odyssey4meclearly an enhancement request, rather than a bug16:25
odyssey4mehappy to accept the enhancement request?16:26
BjoernTyes it's a enhancement to add the openstack-ansible command line so we can cut and paste the output16:26
cloudnullnevermind its covered16:26
cloudnullhttps://github.com/openstack/openstack-ansible/blob/kilo/doc/source/upgrade-guide/process.rst#getting-started16:26
cloudnull"While it's not required, running all of the following playbooks with the openstack-ansible command is recommended. Additionally during the upgrade it's recommended to pass the flag, -e 'pip_install_options=--force-reinstall'. This flag will ensure all pip packages are reinstalled and running the expected versions upon the completion of the upgrade."16:26
odyssey4meok, but this appears to be referring to the run-upgrade script's output16:27
odyssey4mefyi - a little trick: http://docs.openstack.org/developer/openstack-ansible/kilo/16:28
*** gardenshed has quit IRC16:28
BjoernTI think just asks to complete the output to prepend openstack-ansible so we can cut and paste the output16:29
palendaeYeah, sounds like it's about making sure the script will output more than just the playbook name if a failure occurs16:29
odyssey4meagreed16:29
odyssey4meso is this an enhancement that someone wants to take on? is it one that is accepted as a valid enhancement?16:31
palendaeSoudns valid to me16:31
palendaeI can take a stab16:32
*** KLevenstein has joined #openstack-ansible16:32
odyssey4mepalendae great, thanks16:32
odyssey4menext: https://bugs.launchpad.net/openstack-ansible/+bug/150628516:33
openstackLaunchpad bug 1506285 in openstack-ansible "11.2.1 : openstack client with V3 auth causes usability issues" [Undecided,New] - Assigned to Ian Cordasco (icordasc)16:33
*** jmckind_ is now known as jmckind16:33
odyssey4meany update on this sigmavirus24 d34dh0r53 ?16:34
sigmavirus24odyssey4me: waiting for an environment to debug this in16:34
*** k_stev has quit IRC16:35
odyssey4meok, shall we leave the status as-is or change it?16:35
tiagogomes__mm, for multidomain I need Keystone API v3 for the private endpoint. How do I do that?16:35
sigmavirus24as-is if you don't mind16:35
sigmavirus24I'll update it16:35
odyssey4mesigmavirus24 ok cool16:36
odyssey4menext: https://bugs.launchpad.net/openstack-ansible/+bug/150629116:36
openstackLaunchpad bug 1506291 in openstack-ansible "11.2.1: swift playbooks fails with missing swift_pubkey" [Undecided,New]16:36
*** KLevenstein has quit IRC16:37
odyssey4methat will come from cat {{ swift_system_home_folder }}/.ssh/id_rsa.pub16:37
odyssey4meso it sounds like the host was missing a public key16:37
openstackgerritMerged openstack/openstack-ansible: Set neutron_lib_dir depending on neutron_venv_enabled  https://review.openstack.org/23757316:37
*** k_stev has joined #openstack-ansible16:37
odyssey4meyep, https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_swift_sync/tasks/swift_key_populate.yml#L1816:39
cloudnullyea that seems like the swift user was missing the key16:39
cloudnullwhich should be generated here https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_swift/tasks/swift_pre_install.yml#L4616:40
cloudnullbut its likely that the user existed and the key did not16:40
odyssey4meit may have been due to a limited/scoped execution?16:41
BjoernTno16:42
BjoernTI did run without  --limit just to make sure16:42
odyssey4meoh - it could be due to it being an upgrade so the user existed, but the ssh key did not16:42
odyssey4meso this can be used: https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_swift/tasks/swift_pre_install.yml#L3216:43
odyssey4mehmm, actually - this seems like a gap16:43
BjoernTyeah lets debug it offline16:43
odyssey4meif the recreate is actioned, it'll remove the keys - but will they ever be re-added16:43
BjoernTI run the playboogks right now16:43
odyssey4meone would hope that https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_swift/tasks/swift_pre_install.yml#L37 would validate all the things, but maybe it doesn't16:44
odyssey4meok, let's check the next bug so long: https://bugs.launchpad.net/openstack-ansible/+bug/150659716:45
openstackLaunchpad bug 1506597 in openstack-ansible "LDAP config conversion from Juno to Kilo" [Undecided,New]16:45
cloudnulli think both the new and old upgade scripts do the conversion .16:46
odyssey4meyep16:47
BjoernTyes but not enough as I had outlined16:47
BjoernTserver needs to be converted to url16:47
BjoernTfor example16:47
odyssey4meany volunteers to figure this one out?16:47
cloudnullso user_bind has become user ?16:48
BjoernTcorrect16:48
BjoernTthe changes are in the ticket16:49
cloudnullhum ... so we'd need to map out all of the vars to other vars.16:49
cloudnulland do so here https://github.com/openstack/openstack-ansible/blob/kilo/scripts/upgrade-utilities/scripts/juno-kilo-ldap-conversion.py16:50
BjoernTyes correct16:50
odyssey4meimportance?16:51
cloudnullmedium ?16:51
BjoernTyes16:51
odyssey4mewe need someone to actually verify this to confirm it16:51
dolphmodyssey4me: cloudnull: just shared this on the mailing list, but this is a personalized review queue (inbox zero behavior) of all reviews starred by keystone-core in keystone repos http://bit.ly/1GnOuqw (would be easy to adapt to openstack-ansible)16:52
BjoernTI can verify the output16:52
odyssey4meBjoernT you registered the bug - someone else needs to verify16:52
BjoernTok16:52
cloudnullits verified we'll need to do the remapping16:52
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: Use full command when reporting upgrade failure  https://review.openstack.org/23768916:53
odyssey4medolphm we have one too: https://goo.gl/03qZPi :)16:53
odyssey4meok, confirmed by cloudnull - any volunteers to pick up a fix?16:54
*** fawadkhaliq has joined #openstack-ansible16:54
dolphmodyssey4me: awesome!16:54
odyssey4meok, no volunteers so we'll leave it unassigned for now16:55
odyssey4menext: https://bugs.launchpad.net/openstack-ansible/+bug/150731116:55
openstackLaunchpad bug 1507311 in openstack-ansible " nf_conntrack_ftp needed on computes to use active ftp with instances " [Undecided,New]16:55
*** jmckind_ has joined #openstack-ansible16:56
*** sdake has quit IRC16:56
*** phalmos has quit IRC16:56
*** karimb has quit IRC16:58
odyssey4meI thought it was well known that active ftp doesn't work through a nat?16:58
*** fawadkhaliq has quit IRC16:58
dolphmodyssey4me: looking at the source of your dashboard, mine has a different goal. it's not *all* reviews, it's crowd sourcing the starred reviews by *anyone* in core, and shows nothing but starred reviews16:58
odyssey4meor is this between instances on the same net16:58
odyssey4medolphm oh, very nice :)16:59
*** gardenshed has joined #openstack-ansible16:59
*** jmckind has quit IRC16:59
dolphmodyssey4me: also, your dashboard will continue showing reviews that you've downvoted? what's the logic to that? that you need to follow up?16:59
*** gardenshed has quit IRC17:00
cloudnullodyssey4me: i say wont fix17:00
*** gardenshed has joined #openstack-ansible17:00
openstackgerritKevin Carter proposed openstack/openstack-ansible: [WIP] Test enabling prevent_arp_spoofing  https://review.openstack.org/23699517:01
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: [WIP] Use full command when reporting upgrade failure  https://review.openstack.org/23768917:01
odyssey4meyeah, ok - there's an existing way to make this work for a deployment, so won't fix17:02
cloudnull+117:03
odyssey4mealright, thanks all17:03
odyssey4medolphm I'll check yours and mine out - although part of the reason for including the down-voted in some sections is to try and get a broader set of reviews17:04
odyssey4mebut yeah, downvoted reviews tend not to get reviewed - so I may as well have those removed17:05
odyssey4medolphm why're you including the attic repo?17:05
dolphmodyssey4me: because it's one of our repos17:06
cloudnullhttps://review.openstack.org/#/c/230716 <- hughsaunders odyssey4me if you could give it another review it'd be appreciated.17:06
odyssey4medolphm I thought that the attic repo was where retired stuff went to die?17:06
dolphmodyssey4me: yes, but if there's a starred review against it - why wouldn't it be included? no discrimination!17:07
odyssey4medolphm also, to cater for future needs you may wish to try using regex for the foreach :)17:07
dolphmodyssey4me: to match other projects?17:07
odyssey4meeg: project:^openstack/keystone.*17:07
dolphmodyssey4me: that'd be smart; i was thinking that this config file could be genereted by gerrit pretty easily per *-core group, so the explicit list of projects would be a natural consequence17:08
dolphmodyssey4me: query for all *-core groups, query projects those groups have permissions on, build a dashboard for the group, publish permalink17:08
odyssey4medolphm are you aware of gerrit-dash-creator?17:09
odyssey4meeg: https://github.com/openstack/gerrit-dash-creator/blob/master/dashboards/openstack-ansible.dash17:09
odyssey4methey publish a list of dashboards to: http://ghostcloud.net/openstack_gerrit_dashboards/17:09
dolphmodyssey4me: yes17:10
odyssey4meheh, it appears that the publishing hasn't been done in some time17:10
dolphmodyssey4me: https://github.com/dolph/dotfiles/blob/master/gerrit-dashboard-keystone17:10
odyssey4medolphm oh nice, I'll take a peek and see if there're some bits we can include for the core review dash - and then I like your idea of crowdsourcing reviews :)17:12
*** woodard has joined #openstack-ansible17:12
*** sdake has joined #openstack-ansible17:14
*** KLevenstein has joined #openstack-ansible17:16
*** elo has quit IRC17:18
*** sdake_ has joined #openstack-ansible17:21
*** sdake has quit IRC17:23
*** elo has joined #openstack-ansible17:23
mhaydeni hear that the keystone thing is kinda popular17:25
*** harlowja has quit IRC17:30
*** woodard has quit IRC17:31
*** harlowja has joined #openstack-ansible17:36
*** greg_a has joined #openstack-ansible17:37
*** elo has quit IRC17:40
*** woodard has joined #openstack-ansible17:41
*** elo has joined #openstack-ansible17:43
*** woodard has quit IRC17:46
*** sdake_ is now known as sdake17:47
*** woodard has joined #openstack-ansible17:54
*** phalmos has joined #openstack-ansible17:58
*** greg_a has quit IRC17:58
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: V-38660: SNMPv3  https://review.openstack.org/23322618:01
*** KLevenstein has quit IRC18:10
*** woodard has quit IRC18:14
*** woodard has joined #openstack-ansible18:15
*** greg_a has joined #openstack-ansible18:18
*** woodard has quit IRC18:25
*** b3rnard0 is now known as b3rnard0_away18:33
*** woodard has joined #openstack-ansible18:41
openstackgerritMerged openstack/openstack-ansible: Search for existing aodh binary  https://review.openstack.org/23758918:42
*** fawadkhaliq has joined #openstack-ansible18:44
*** sdake has quit IRC18:47
*** cbits has joined #openstack-ansible18:47
*** galstrom is now known as galstrom_zzz18:48
openstackgerritCharles Bitter proposed openstack/openstack-ansible: Removing extra 'provides' from doc  https://review.openstack.org/23773718:48
*** javeriak has joined #openstack-ansible18:48
*** harlowja has quit IRC18:53
*** woodard_ has joined #openstack-ansible19:02
*** woodard has quit IRC19:02
openstackgerritKevin Carter proposed openstack/openstack-ansible: Test enabling prevent_arp_spoofing  https://review.openstack.org/23699519:03
*** harlowja has joined #openstack-ansible19:11
jwitkocloudnull, thanks again for the help last night19:11
*** b3rnard0_away is now known as b3rnard019:11
cloudnullanytime19:11
jwitkoI'm seeing some pretty nasty issues popping up with live migration though due to nova users having different gid/uid on different servers19:11
jwitkoon the nfs mount19:12
jwitkoownership changing and such19:12
cloudnullyuk19:12
cloudnullis that because of the nfs users or the compute host users?19:13
jwitkocompute host users19:14
jwitkothe nova user specifically19:14
jwitkoI'm not specifying a specific uid upon creation19:14
jwitkoso it just allocates next available19:14
jwitkoso some are 997, some are 99819:15
*** spotz is now known as spotz_zzz19:15
jwitkothe newest model is 1001!19:15
jwitkoso I am wondering how much it will screw shit up19:15
jwitkoif i usermod -u 1001 nova19:15
jwitkoon the older servers19:15
cloudnullso if we cordinated the openstack user ids that would solve that issue19:15
*** greg_a has quit IRC19:16
jwitkoyes19:16
jwitkoobviously thats a trickier subject than it appears at surface level19:17
jwitkoyou'd have to let users know "these uids must be reserved for openstack"19:17
jwitkoand they'd probably have to be some far-reaching uids so as to avoid common use19:17
cloudnullyes and on an upgrade you'd have to change the perms on all of the files/folders owned19:17
jwitkowell the following seems to work well for me:   service nova-compute stop && sleep 1 && usermod -u 1001 nova ; service nova-compute start19:18
*** greg_a has joined #openstack-ansible19:18
*** gparaskevas has joined #openstack-ansible19:20
cloudnulljwitko:  i dont think that will change perms on things like /etc/nova/19:21
cloudnulland the group mod will need to be updated19:22
*** spotz_zzz is now known as spotz19:22
*** woodard_ has quit IRC19:22
*** woodard has joined #openstack-ansible19:22
*** woodard has quit IRC19:24
*** sdake has joined #openstack-ansible19:25
*** woodard has joined #openstack-ansible19:25
*** qba73 has joined #openstack-ansible19:26
jwitkocloudnull, yea definitely missed those.  Is there anything else owned by nova I should look out for?19:28
*** qba73 has quit IRC19:28
*** daneyon has quit IRC19:28
*** javeriak_ has joined #openstack-ansible19:32
*** javeriak has quit IRC19:34
*** woodard has quit IRC19:35
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Neutron Configuration for Liberty  https://review.openstack.org/23492619:35
jwitkoodyssey4me, cloudnull, do you happen to know the tags to popualte the /etc/hosts file on machines?19:37
jwitkofor some reason when I added these hosts it looks like it didn't make it around to the hosts files with the new compute nodes19:37
jwitkocausing live migration to fail19:37
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Update Neutron Configuration for Liberty  https://review.openstack.org/23492619:37
jwitkoopenstack-host-hostfile?19:38
jwitkoprobably because I ran it with a limit... but i thought it saw to go to all hosts19:39
*** sdake has quit IRC19:40
*** galstrom_zzz is now known as galstrom19:42
bgmccollumdocs should be updated to remove the example of using --limit...so many things break in that scenario19:42
palendaecloudnull, sigmavirus24 in this block, is there a reason that '$2' is used in the eval line instead of '$run_item'? https://github.com/openstack/openstack-ansible/blob/kilo/scripts/run-upgrade.sh#L55-L7919:43
jwitkobgmccollum, yup i just reran it using that tag and it definitely skipped over that part19:44
*** karimb has joined #openstack-ansible19:45
*** karimb has quit IRC19:45
bgmccollumjwitko: tag or limit? their two different things...19:45
bgmccollum* they're19:46
*** karimb has joined #openstack-ansible19:47
jwitkobgmccollum, i had to run it with that tag and no limit because when I added my new compute nodes I ran setup-everything with a limit19:47
jwitkoand so it didn't add the compute node hosts to the /etc/hosts file19:48
jwitkoof all other servers besides the new compute nodes19:48
sigmavirus24Good question palendae19:48
*** galstrom is now known as galstrom_zzz19:48
bgmccollumjwitko: so its fixed?19:48
sigmavirus24That said, that `-e` should be before the $219:48
jwitkobgmccollum yes live migration currently works19:49
sigmavirus24palendae: cloudnull ^19:49
*** galstrom_zzz is now known as galstrom19:49
sigmavirus24Otherwise for tasks like L144 you're passing -e to `true`19:49
jwitkobgmccollum, the final permissions change was as follows19:50
jwitkoservice nova-compute stop ; sleep 1 ; usermod -u 1001 nova; groupmod -g 1001 nova; chown nova:nova /var/lib/nova /var/lock/nova /var/log/nova/* /var/log/nova /etc/nova -R ; service nova-compute start19:50
*** sdake has joined #openstack-ansible19:51
palendaesigmavirus24: so openstack-ansible -e pip_stuff $run_item19:52
palendaeWhat I'd like to do is make the string that's evaled into a template so I can interpolate the variable into it19:52
palendaevariables*19:52
palendaeThus, when output happens on a failure, the entire command is output, not just the pieces in RUN_TASKS19:52
sigmavirus24palendae: so you can do `cmd="openstack-ansible -e pip_stuff $2"; eval $cmd`19:54
sigmavirus24or `eval "$cmd"`19:55
palendaesigmavirus24: Which works in that 1 case; I'm more interested in applying it to the failure loop (https://github.com/openstack/openstack-ansible/blob/kilo/scripts/run-upgrade.sh#L92-L94)19:55
sigmavirus24That let's you show exactly the command run, what BjoernT and others wanted was just the steps to run for the rest of the upgrade though and I don't know if they'd rather have the full command or not19:55
palendaehttps://review.openstack.org/#/c/237689/2, too19:55
palendaeThey would19:55
palendaeWorking on an enhancement request from bgmccollum19:56
sigmavirus24okay19:56
palendaeI can fix the 1 case, where we use $2 like you said19:56
palendaeBut the loop is more general, and bash doesn't have something like % or .format from python19:56
*** fawadkhaliq has quit IRC19:58
*** spotz is now known as spotz_zzz19:58
sigmavirus24palendae: bash is more akin to ruby in this case19:59
sigmavirus24It's why so many ruby scripts are as unreadable as bash =P19:59
palendaeheh19:59
*** KLevenstein has joined #openstack-ansible20:00
*** spotz_zzz is now known as spotz20:02
*** daneyon has joined #openstack-ansible20:05
openstackgerritMerged openstack/openstack-ansible: Additional RabbitMQ SSL fixes  https://review.openstack.org/23743120:05
*** daneyon has quit IRC20:11
*** jmckind_ has quit IRC20:20
*** wmlynch has quit IRC20:21
openstackgerritMerged openstack/openstack-ansible: Updated the neutron l3HA tool to use v3  https://review.openstack.org/23746020:27
openstackgerritMerged openstack/openstack-ansible: Fixes TCP and UDP strings in rsyslog client log shipping.  https://review.openstack.org/23743020:27
*** woodard has joined #openstack-ansible20:44
*** KLevenstein has quit IRC20:53
*** woodard has quit IRC21:04
*** woodard has joined #openstack-ansible21:05
mhaydencloudnull: do you know of any stress test available for kombu and/or oslo.messaging?21:14
mhaydentrying to see what impact nova<->SSL<->rabbitmq might have21:14
*** woodard has quit IRC21:14
*** woodard has joined #openstack-ansible21:15
*** javeriak_ has quit IRC21:15
cloudnullno i do not21:15
sigmavirus24mhayden: what about splitting out multiple threads to send tons of messages?21:15
cloudnull:(21:15
*** jimchou has joined #openstack-ansible21:16
*** woodard has quit IRC21:16
mhaydenmight be worth a try21:18
mhaydeni doubt it would be terribly impactful especially with AES offloading in modern CPUs21:18
sigmavirus24mhayden: I generally agree with that21:18
*** woodard has joined #openstack-ansible21:20
*** gparaskevas has quit IRC21:22
*** woodard has quit IRC21:27
*** greg_a has quit IRC21:29
*** woodard has joined #openstack-ansible21:31
jwitkohey cloudnull, do you know if I disable a hypervisor under the "Admin --> Hypervisors --> Compute Host" tab clicking the "Disable service" button21:33
jwitkowill this leave current VMs working without issue and will just disable provisioning new VMs to those hosts?21:33
*** CheKoLyN has joined #openstack-ansible21:34
*** phalmos has quit IRC21:37
cloudnulljwitko:  that should leave the running instances online but make it so you're no longer able to schedule vms to that target .21:39
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Adding new RabbitMQ alarms (fd,proc,sockets)  https://review.openstack.org/23778321:40
*** KLevenstein has joined #openstack-ansible21:46
*** alejandrito has quit IRC21:47
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Adding new RabbitMQ alarms (fd,proc,sockets)  https://review.openstack.org/23778321:51
*** woodard has quit IRC21:51
*** woodard has joined #openstack-ansible21:52
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: [WIP] Use full command when reporting upgrade failure  https://review.openstack.org/23768921:54
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: [WIP] Use full command when reporting upgrade failure  https://review.openstack.org/23768921:57
*** woodard has quit IRC21:58
*** jongchoi_ has joined #openstack-ansible21:58
*** karimb has quit IRC22:06
*** aslaen has joined #openstack-ansible22:17
*** aslaen has quit IRC22:17
*** sdake has quit IRC22:18
*** sdake has joined #openstack-ansible22:18
*** galstrom is now known as galstrom_zzz22:24
*** jongchoi_ has quit IRC22:26
*** spotz is now known as spotz_zzz22:27
*** k_stev has quit IRC22:28
*** jongchoi has joined #openstack-ansible22:36
*** jongchoi has quit IRC22:36
*** galstrom_zzz is now known as galstrom22:39
*** jimchou_ has joined #openstack-ansible22:43
*** jimchou has quit IRC22:44
*** jimchou_ has quit IRC22:48
*** sdake_ has joined #openstack-ansible22:48
*** sigmavirus24 is now known as sigmavirus24_awa22:49
*** sdake has quit IRC22:49
*** KLevenstein has quit IRC23:00
*** jhesketh has quit IRC23:00
*** jhesketh has joined #openstack-ansible23:03
cloudnullim off take care all23:04
*** daneyon has joined #openstack-ansible23:12
*** galstrom is now known as galstrom_zzz23:17
*** jimchou has joined #openstack-ansible23:34
*** daneyon_ has joined #openstack-ansible23:34
*** jaypipes has quit IRC23:36
*** daneyon has quit IRC23:37
*** jimchou has quit IRC23:39
*** BjoernT has quit IRC23:50
« Monday, 2015-10-19 Index Wednesday, 2015-10-21 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!