Wednesday, 2016-05-25

« Tuesday, 2016-05-24 Index Thursday, 2016-05-26 »
*** alikins has quit IRC00:12
*** markvoelker has joined #openstack-ansible00:12
*** jamesdenton has joined #openstack-ansible00:14
*** markvoelker has quit IRC00:16
*** klamath has quit IRC00:24
*** Qiming has quit IRC00:24
*** klamath has joined #openstack-ansible00:25
openstackgerritAmy Marrich (spotz) proposed openstack/openstack-ansible-security: Docs: Update dev notes for Cat 3 controls  https://review.openstack.org/31890500:30
*** jamesdenton has quit IRC00:53
openstackgerritMerged openstack/openstack-ansible-repo_server: Removing unnecessary usage of with_items  https://review.openstack.org/32063900:56
openstackgerritBjoern Teipel proposed openstack/openstack-ansible-os_nova: Cleanup spice HTML5 proxy git repo before updating it  https://review.openstack.org/32065000:56
*** BjoernT has joined #openstack-ansible00:57
*** markvoelker has joined #openstack-ansible01:13
*** alikins has joined #openstack-ansible01:17
*** markvoelker has quit IRC01:17
*** alikins has quit IRC01:19
*** Qiming has joined #openstack-ansible01:26
*** jamesdenton has joined #openstack-ansible01:30
*** sdake has joined #openstack-ansible01:39
*** alikins has joined #openstack-ansible01:44
*** alikins has quit IRC01:44
openstackgerritMerged openstack/openstack-ansible-os_keystone: Grammar: requires -> required  https://review.openstack.org/32068201:52
*** woodard has quit IRC01:52
*** sdake_ has joined #openstack-ansible01:52
*** sdake has quit IRC01:53
*** sawblade_ has joined #openstack-ansible01:53
*** schwicht has quit IRC01:53
*** sawblade6 has quit IRC01:55
*** jthorne_ has joined #openstack-ansible02:00
*** jthorne has quit IRC02:00
*** jamesdenton has quit IRC02:03
*** thorst_ has quit IRC02:06
*** thorst_ has joined #openstack-ansible02:06
*** sdake_ has quit IRC02:09
*** thorst_ has quit IRC02:15
*** iceyao has joined #openstack-ansible02:28
*** schwicht has joined #openstack-ansible02:31
*** smatzek has quit IRC02:34
*** schwicht has quit IRC02:35
*** thorst_ has joined #openstack-ansible02:40
*** jthorne_ has quit IRC02:44
*** woodard has joined #openstack-ansible02:53
prometheanfirecloudnull: iirc, recheck works with comments, gate is just slow today02:57
palendaeyeah, real slow02:57
*** thorst_ has quit IRC02:58
palendaehttps://review.openstack.org/#/c/318917/ just finished for example02:58
*** woodard has quit IRC02:58
palendae~5 hours02:58
prometheanfireya, https://review.openstack.org/320670 did too02:58
*** thorst_ has joined #openstack-ansible02:58
*** thorst_ has quit IRC03:07
prometheanfirecloudnull: same error :|03:13
prometheanfirepalendae: if you have a sec... http://logs.openstack.org/24/320624/2/check/gate-openstack-ansible-os_nova-ansible-func-ubuntu-trusty/09493c2/console.html03:13
*** BjoernT has quit IRC03:14
*** sdake has joined #openstack-ansible03:15
cloudnullprometheanfire: it would seem zuul-cloner is busted right now.03:15
cloudnullfolks in infra seem to be aware of it03:16
prometheanfireah, cool03:17
prometheanfireI'll recheck before I go to bed then03:17
*** sdake has quit IRC03:27
*** schwicht has joined #openstack-ansible03:43
*** sdake has joined #openstack-ansible03:44
*** schwicht has quit IRC03:47
*** thorst_ has joined #openstack-ansible04:04
*** thorst_ has quit IRC04:12
*** sacharya has quit IRC04:16
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_keystone: Implement CentOS 7 support in os_keystone  https://review.openstack.org/32021604:17
*** sguduru has joined #openstack-ansible04:17
*** sguduru has quit IRC04:28
*** javeriak has joined #openstack-ansible04:37
*** jamielennox is now known as jamielennox|away04:50
*** jamielennox|away is now known as jamielennox05:04
*** javeriak has quit IRC05:05
*** sdake_ has joined #openstack-ansible05:11
*** sdake has quit IRC05:13
*** admin0 has joined #openstack-ansible05:17
*** sacharya has joined #openstack-ansible05:17
*** sguduru has joined #openstack-ansible05:18
*** admin0 has quit IRC05:19
*** chhavi has joined #openstack-ansible05:21
*** sacharya has quit IRC05:22
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_keystone: Implement CentOS 7 support in os_keystone  https://review.openstack.org/32021605:26
prometheanfirecloudnull: still failing05:27
prometheanfirecloudnull: will recheck in the morning, nn05:27
prometheanfireoh, you rechecked already05:28
*** schwicht has joined #openstack-ansible05:44
*** deadnull has quit IRC05:48
*** thorst_ has joined #openstack-ansible05:49
*** schwicht has quit IRC05:50
*** admin0 has joined #openstack-ansible05:50
*** admin0 has quit IRC05:51
*** jamielennox is now known as jamielennox|away05:54
*** thorst_ has quit IRC05:57
*** chhavi has quit IRC05:57
*** ig0r_ has joined #openstack-ansible06:01
*** deadnull has joined #openstack-ansible06:02
*** sguduru has quit IRC06:04
openstackgerritMerged openstack/openstack-ansible-os_swift: Add staticweb to the default middleware list  https://review.openstack.org/32061406:07
*** jamielennox|away is now known as jamielennox06:10
*** chhavi has joined #openstack-ansible06:13
*** jiteka has joined #openstack-ansible06:13
*** joker_ has joined #openstack-ansible06:15
*** jiteka has left #openstack-ansible06:15
*** sguduru has joined #openstack-ansible06:16
*** ig0r_ has quit IRC06:17
*** sacharya has joined #openstack-ansible06:18
*** jamielennox is now known as jamielennox|away06:21
*** sacharya has quit IRC06:23
*** jamielennox|away is now known as jamielennox06:28
*** schwicht has joined #openstack-ansible06:47
*** schwicht has quit IRC06:52
*** oneswig has joined #openstack-ansible06:55
*** asettle has joined #openstack-ansible06:59
*** thorst_ has joined #openstack-ansible07:00
*** admin0 has joined #openstack-ansible07:03
*** sguduru has quit IRC07:07
*** thorst_ has quit IRC07:09
*** mikelk has joined #openstack-ansible07:17
*** jiteka has joined #openstack-ansible07:23
*** iceyao has quit IRC07:25
*** iceyao has joined #openstack-ansible07:25
evrardjpgood morning everyone07:34
*** daneyon has quit IRC07:50
odyssey4meo/07:52
*** metral is now known as metral_zzz07:54
*** sdake_ has quit IRC07:56
*** asettle has quit IRC08:01
*** oneswig has quit IRC08:03
*** thorst_ has joined #openstack-ansible08:06
*** thorst_ has quit IRC08:14
*** jiteka has quit IRC08:19
openstackgerritMerged openstack/openstack-ansible-security: Fix null password auth in CentOS  https://review.openstack.org/31888808:20
*** ig0r_ has joined #openstack-ansible08:20
*** asettle has joined #openstack-ansible08:22
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_zaqar: Updating os_zaqar to use the Multi-Distro framework  https://review.openstack.org/31633208:28
*** _hanhart has quit IRC08:32
*** brad[] has quit IRC08:36
*** brad[] has joined #openstack-ansible08:37
*** metral_zzz is now known as metral08:38
*** sguduru has joined #openstack-ansible08:43
*** sdake has joined #openstack-ansible08:43
*** saneax_AFK is now known as saneax08:44
*** schwicht has joined #openstack-ansible08:47
*** sdake has quit IRC08:49
*** sdake has joined #openstack-ansible08:51
*** schwicht has quit IRC08:52
*** daneyon has joined #openstack-ansible08:52
*** daneyon has quit IRC08:55
*** daneyon has joined #openstack-ansible08:56
pjm6good morning08:56
*** asettle has quit IRC08:58
*** markvoelker has joined #openstack-ansible09:03
*** sdake has quit IRC09:05
*** javeriak has joined #openstack-ansible09:06
*** markvoelker has quit IRC09:08
*** thorst_ has joined #openstack-ansible09:11
*** thorst_ has quit IRC09:19
*** javeriak has quit IRC09:22
*** javeriak has joined #openstack-ansible09:31
*** asettle has joined #openstack-ansible09:42
*** asettle has quit IRC09:42
*** tlbr has quit IRC09:49
*** tlbr has joined #openstack-ansible09:52
*** mummer has joined #openstack-ansible10:01
*** markvoelker has joined #openstack-ansible10:04
*** markvoelker has quit IRC10:09
openstackgerritMerged openstack/openstack-ansible: Verbose option has been deprecated from oslo.log  https://review.openstack.org/31758010:12
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Update HAProxy for multi-OS support  https://review.openstack.org/32016010:15
cloudnullmorning10:15
*** al_loew has joined #openstack-ansible10:16
*** thorst_ has joined #openstack-ansible10:17
*** sacharya has joined #openstack-ansible10:19
*** thorst_ has quit IRC10:24
*** sacharya has quit IRC10:24
odyssey4mecloudnull you're up early...10:25
cloudnullI am10:27
cloudnullone of those days.10:27
cloudnullalso day before time away10:27
cloudnullso taking care of things before im off10:27
matttcloudnull: headed anywhere nice ?10:28
cloudnullback to sf10:29
matttnice!  enjoy :)10:29
cloudnullfamily reunion10:29
cloudnullshould be a good time.10:29
cloudnullthen back for a week then off to south america to visit wifes family10:29
cloudnullwhich should be a better time :)10:30
*** Qiming has quit IRC10:30
odyssey4meoh nice - that'll be a nice break10:30
odyssey4menot sure about family being much fun, but at least it'll keep you from computering :p10:30
*** smatzek has joined #openstack-ansible10:33
evrardjpgood morning cloudnull10:35
*** electrofelix has joined #openstack-ansible10:35
cloudnullodyssey4me: I'll be ! computeing for sure.10:35
*** fxpester has quit IRC10:35
openstackgerritMerged openstack/openstack-ansible-pip_install: Removing unnecessary usage of with_items  https://review.openstack.org/32052110:41
*** javeriak has quit IRC10:43
*** schwicht has joined #openstack-ansible10:49
mancdazwhat does the ansible trim filter do?10:49
*** arbrandes has quit IRC10:50
matttmancdaz: is that different to the jinja2 filter?10:51
mancdazmattt sorry, I guess I mean the jinja2 filter10:51
*** arbrandes has joined #openstack-ansible10:52
mancdazmattt and you helped me find the docs10:52
mancdazthanks!10:52
matttmancdaz: "Strip leading and trailing whitespace."10:52
*** schwicht has quit IRC10:53
*** javeriak has joined #openstack-ansible10:54
*** al_loew has quit IRC10:57
*** fxpester has joined #openstack-ansible10:58
*** _deadnull is now known as deadnull_11:01
mancdazodyssey4me how does this work https://github.com/openstack/openstack-ansible-os_horizon/blob/master/defaults/main.yml#L3911:01
*** deadnull_ is now known as _deadnull11:01
*** _deadnull is now known as deadnull_11:01
mancdazas in, what is hosting the venvs on localhost?11:02
evrardjpmancdaz: we define the variable elsewhere11:03
evrardjpin the playbook IIRC11:03
evrardjpopenstack-ansible/playbooks/os-horizon-install.yml11:04
evrardjphorizon_venv_download_url: "{{ openstack_repo_url }}/venvs/{{ openstack_release }}/{{ ansible_distribution | lower }}/horizon-{{ openstack_release }}.tgz"11:04
odyssey4memancdaz https://github.com/openstack/openstack-ansible/blob/master/playbooks/os-horizon-install.yml#L11011:04
evrardjpit overrides the default11:04
mancdazevrardjp doh, thanks. I missed that11:04
*** markvoelker has joined #openstack-ansible11:05
odyssey4memancdaz so in the case where the venv is enabled but the URL is not overridden by the play, the process will fail to download the venv and therefore fall back to installing the packages11:05
mancdazodyssey4me yep, gotcha thanks11:06
*** markvoelker has quit IRC11:10
*** jiteka has joined #openstack-ansible11:11
*** vnogin has joined #openstack-ansible11:14
*** schwicht has joined #openstack-ansible11:16
*** openstackgerrit has quit IRC11:18
*** openstackgerrit has joined #openstack-ansible11:18
*** Qiming has joined #openstack-ansible11:21
*** thorst_ has joined #openstack-ansible11:22
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Update HAProxy for multi-OS support  https://review.openstack.org/32016011:24
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-pip_install: Enable CentOS support  https://review.openstack.org/32091311:27
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-pip_install: Enable CentOS support  https://review.openstack.org/32091311:27
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-pip_install: Enable CentOS support  https://review.openstack.org/32091311:28
*** chhavi has quit IRC11:29
*** thorst_ has quit IRC11:29
*** johnmilton has joined #openstack-ansible11:29
*** retreved has joined #openstack-ansible11:33
*** schwicht has quit IRC11:39
*** iceyao has quit IRC11:40
*** chhavi has joined #openstack-ansible11:42
*** thorst_ has joined #openstack-ansible11:49
*** thorst_ has quit IRC11:50
*** thorst_ has joined #openstack-ansible11:51
*** wadeholler has joined #openstack-ansible11:56
wadehollerhi all:  I have a ceph target configured for nova, cinder, and glance; If I want to add a new compute node without ceph for nova, i.e. just regular local storage, where / how do I set that override ?11:58
*** jamielennox is now known as jamielennox|away11:58
*** chhavi has quit IRC12:00
*** psilvad has joined #openstack-ansible12:00
openstackgerritKyle L. Henderson proposed openstack/openstack-ansible-os_nova: Detect PowerNV environment  https://review.openstack.org/31948012:00
odyssey4mewadeholler hmm, right now you'll have to move the overrides from user_variables to host-specific overrides in openstack_user_config I think...12:00
odyssey4mewadeholler we don't have a neat way, right now, to do group-based overrides... but that would be more ideal12:00
wadehollerodyssey4me: ok and thank you!12:04
vnoginhi guys, does some one tested upgrade from stable/mitaka to newton? is it work?12:04
*** jamielennox|away is now known as jamielennox12:07
*** markvoelker has joined #openstack-ansible12:10
*** mummer has quit IRC12:12
*** kylek3h has quit IRC12:12
*** chhavi has joined #openstack-ansible12:13
*** javeriak has quit IRC12:13
odyssey4mevnogin not much testing has been done yet, no - newtons nowhere close to release - however it is possible to test if you want to, we just merged a patch for the basic framework: http://docs.openstack.org/developer/openstack-ansible/upgrade-guide/index.html12:18
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Update HAProxy for multi-OS support  https://review.openstack.org/32016012:20
*** sguduru has quit IRC12:21
*** sacharya has joined #openstack-ansible12:21
*** gparaskevas has joined #openstack-ansible12:22
evrardjpnice hatop addition :D12:22
evrardjpyou still not won me over :p12:23
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: Expose upgrade guide in base index  https://review.openstack.org/32094412:23
*** klamath has quit IRC12:24
*** sacharya has quit IRC12:25
*** klamath has joined #openstack-ansible12:25
prometheanfireevrardjp: I'll likely go with just forcing a link to be created, iirc it will remove what's there if needed12:36
odyssey4meprometheanfire I still think that you should move the existing folder if it's not a link. There's no telling whether there is data in there or not.12:38
*** kylek3h has joined #openstack-ansible12:39
prometheanfireodyssey4me: if there's stuff there then that means it's in active use, so we shouldn't move it12:40
odyssey4meprometheanfire so instead we delete it? that doesn't sound safe at all12:40
prometheanfireodyssey4me: nova doesn't use it, but creates it anyway12:41
prometheanfireqemu devs couldn't figure out why12:41
prometheanfireI think it's a hacky way to not have to freeze the vm for backup12:42
odyssey4meas I recall from the recent operators thread on the topic, his is something used by the older versions of qemu - but I only skim-read it12:42
*** markvoelker has quit IRC12:42
mhaydenmorning12:42
evrardjpwe should use stat12:43
odyssey4meisn't it only supposed to be the memory save anyway?12:43
evrardjpstat can help you say if it's a folder, if it has content, etc.12:43
prometheanfiremhayden: welcome, you at castle aready?12:43
evrardjpcontent -> stop, empty folder -> do stuff12:43
vnoginodyssey4me: actually doing it right now :) tnx12:43
evrardjpmorning mhayden12:43
prometheanfireodyssey4me: ya, it's used by older12:43
prometheanfireodyssey4me: problem is the workaround causes a freeze, which we don't want either12:44
prometheanfireiirc12:44
prometheanfireodyssey4me: it's a diff of the memory state I think12:44
prometheanfireso acively changing memory12:44
prometheanfiremy 8G VM only took up 107M when saving12:44
*** asettle has joined #openstack-ansible12:47
odyssey4meprometheanfire and once a snapshot or migration is complete, are the files removed from there?12:47
prometheanfireyes12:48
*** markvoelker has joined #openstack-ansible12:48
odyssey4meprometheanfire in that case I would prefer something like evrardjp's idea - check that the folder is not a link, check that it's empty, and link it if both conditions are true12:49
prometheanfireworksforme12:49
prometheanfirethat sounds like it'll be some integrated bash12:49
prometheanfireodyssey4me: that alright?12:50
odyssey4meprometheanfire no need for any bash - use the stat module as evrardjp suggested12:50
prometheanfireah12:51
prometheanfirethought he was talking about system 'stat'12:51
evrardjpit's the same, but as a module12:52
*** asettle has quit IRC12:52
evrardjp:p12:52
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: [WIP] Improve gate testing for security role  https://review.openstack.org/32064912:53
prometheanfireevrardjp: yarp, I'll integrate the changes before lunch local time12:54
*** asettle has joined #openstack-ansible12:54
mhaydenevrardjp / mattt: would y'all like to see AppArmor and SELinux enabled in the role? https://review.openstack.org/#/c/320649/12:56
mhaydeni can do that, but i avoided it since it felt like a big change12:56
*** psilvad has quit IRC12:56
mhaydento be fair though, our production deployments would have apparmor enabled already12:56
prometheanfireya, thought apparmor was done already12:57
*** javeriak has joined #openstack-ansible12:57
mhaydenwe could certainly flip those tasks to ensure it's running12:58
evrardjpso let me resume what I think: if centos/redhat behavior is far from ubuntu/debian behavior, then it's worth making 2 roles. Simply as that12:58
*** iceyao has joined #openstack-ansible12:58
evrardjpif it's just a few tasks, then making them conditional on the os is fine for me12:59
matttmhayden: it just looks super weird having all that gating stuff jammed into the role, code smell if you ask me12:59
evrardjpbut in all the cases, we should have a test coverage as big as possible12:59
evrardjpI agree with mattt12:59
*** javeriak has quit IRC12:59
mhaydenmattt: my code has that old car smell12:59
matttmhayden: can you not update the tox.ini to skip stuff depending on distro?12:59
mhaydenit's possible12:59
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Update HAProxy for multi-OS support  https://review.openstack.org/32016013:00
evrardjpyou could have a variable file that is gating_centos gating_ubuntu, and includes the tests to skip13:00
matttmhayden: i think all that sort of stuff should be dealt w/ in tox.ini or in the tests themselves13:00
mhaydenbut i'm wondering if i should make the tasks a little more assertive so that they're available for more generic deployments13:00
evrardjpand you include the vars13:00
prometheanfirecloudnull: one thing at a time13:01
prometheanfirecloudnull: how many roles are multi-os now?13:01
cloudnullwhat?13:01
prometheanfirecloudnull: you keep working at the multios stuff, was just commenting on it13:01
evrardjpprometheanfire: there is a etherpad for following this13:02
odyssey4memhayden designing the role tasks based on gating is a very bad idea, I agree with mattt there - the primary goal is to make it work for production environments, and the gate must test as well as possible with the resources available13:02
mhaydenodyssey4me: then i think my best bet is to follow the STIG a bit more closely and enable, rather than check, these things13:02
prometheanfireah13:02
cloudnullprometheanfire: what "one thing at a time"?13:02
prometheanfireone role at a time13:03
evrardjpprometheanfire: parallel mode !13:03
odyssey4meprometheanfire I think that most of the 'infrastructure' roles are done - we're moving on to doing the openstack service roles now13:03
evrardjpdecreases resistance13:03
odyssey4meprometheanfire see https://etherpad.openstack.org/p/openstack-ansible-newton-ubuntu16-0413:03
evrardjpor not really but whatever13:03
*** javeriak has joined #openstack-ansible13:05
*** mikelk has quit IRC13:05
*** mikelk has joined #openstack-ansible13:06
*** ig0r__ has joined #openstack-ansible13:06
odyssey4memattt this is weird - do you have any ideas why the mitaka (only) branch would fail 'pip install tempest' http://logs.openstack.org/25/318925/2/check/gate-openstack-ansible-dsvm-commit/d5d0718/console.html#_2016-05-25_11_54_04_650 ?13:06
matttodyssey4me: just updated that review :)13:06
odyssey4meah ok, silly me13:07
matttodyssey4me: literally the moment you said that13:07
prometheanfirenow, how to check if a dir is empty...13:07
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Update HAProxy for multi-OS support  https://review.openstack.org/32016013:07
matttodyssey4me: this actually raises a concern, because i removed that --isolated junk from os_tempest master13:07
odyssey4mehmm, we can't bump requirements - maybe we should do what we did in master and just remove them?13:07
cloudnullsorry for the spam , that should make all the distro happy now.13:07
*** psilvad has joined #openstack-ansible13:08
matttodyssey4me: or maybe we lock on a tempest version in a release and don't bump it unless we have a known reason to13:08
*** ig0r_ has quit IRC13:08
odyssey4memattt hmm, so you're basically suggesting that we never update openstack_other.yml once a branch goes stable13:10
prometheanfirehttps://github.com/ansible/ansible-modules-core/issues/90213:10
prometheanfirewell, that's reassuring13:10
*** schwicht has joined #openstack-ansible13:10
matttodyssey4me: well, tempest_git_install_branch specifically13:10
matttodyssey4me: i mean you can try, but if tempest requirements have moved beyond what our branch supports then we have to keep it locked on a working SHA13:10
odyssey4memattt sure, but our branch requirements are only there for ansible itself13:11
matttodyssey4me: i more mean the openstack requirements we use for that branch, not local requirements.txt13:11
odyssey4meI would rather pin or remove the requirements than stop updating the tempest sha personally13:12
odyssey4memattt yeah, but the whole reason the right paramiko version isn't available is due to the requirements.txt13:12
*** deadnull_ is now known as _deadnull13:12
*** psilvad has quit IRC13:13
matttodyssey4me: not exactly, https://github.com/openstack/requirements/blob/stable/mitaka/upper-constraints.txt#L235 and https://github.com/openstack/tempest/blob/master/requirements.txt#L813:13
odyssey4meoh bother13:14
odyssey4mehow the heck is upstream passing tests then?13:14
odyssey4melemme check in with the stable team13:14
odyssey4methanks!13:14
prometheanfireodyssey4me: looks like I will need bash to check if a dir is empty13:15
odyssey4meprometheanfire sure13:16
prometheanfire[ "$(ls -A {{ path_goes_here }})" ]13:16
prometheanfirethat will exit 1 when fail, causing ansible to fail, so that'll work13:17
matttodyssey4me: let me know what they say ?13:17
*** thorst_ has quit IRC13:18
odyssey4memattt yeah, will do - for now I've reduced the tempest SHA to the last one that still has the older requirements13:21
*** javeriak has quit IRC13:22
*** javeriak has joined #openstack-ansible13:22
matttodyssey4me: excellent, thanks!13:22
*** thorst_ has joined #openstack-ansible13:25
openstackgerritMatthew Thode proposed openstack/openstack-ansible-os_nova: Create symlink for libvirt save directory  https://review.openstack.org/32062413:31
prometheanfireodyssey4me: evrardjp ^13:31
evrardjpprometheanfire: why not using stat.size ?13:32
prometheanfireevrardjp: .size doesn't work for dirs13:33
*** asettle has quit IRC13:33
prometheanfiremkdir foo, stat foo, size is 4096 for me because that's my block size13:34
prometheanfirezfs is diferent though, it's size is 213:35
prometheanfireso it varries13:35
*** al_loew has joined #openstack-ansible13:35
*** al_loew has quit IRC13:35
evrardjpdidn't know13:35
evrardjpnlink13:35
evrardjp?13:35
evrardjpnot gonna work either13:36
*** smatzek has quit IRC13:37
prometheanfiredon't think so13:37
*** al_loew has joined #openstack-ansible13:37
prometheanfireit's diferent across file systems as well13:37
prometheanfireext4 empty is 2, zfs is 113:37
*** javeriak has quit IRC13:37
evrardjpwe need to fix that in upstream ansible :D13:38
prometheanfireevrardjp: the request for isempty has been around forever :P13:38
prometheanfirehttps://github.com/ansible/ansible-modules-core/issues/90213:38
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Enable LSM instead of checking status  https://review.openstack.org/32099313:38
prometheanfireI was using the OS's stat btw13:38
evrardjpthe other way would be to do a simple find pattern=* register the content13:39
evrardjpif you have content.matched | int > 0 you have content13:40
prometheanfireI think this way is cleaner13:40
prometheanfirebut now we are getting into opinion13:40
odyssey4memattt devstack installs tempest into a venv - I guess we'll have to go back to using --isolated for mitaka for the tempest venv13:41
odyssey4memattt ideally we should use --isolated, but also feed it the infra pypi mirror and infra wheel mirror :/13:41
evrardjpprometheanfire: the remove when isdir is already fine, because you have idempotency on the remove13:42
odyssey4memattt unless there's a way of making the tempest install ignore the user config file and only use the global pip.conf in /etc/13:42
evrardjpbut we added a shell task without idempotency, which is not great13:42
*** BjoernT has joined #openstack-ansible13:42
*** BjoernT is now known as Bjoern_zZzZzZzZ13:42
prometheanfireevrardjp: true, but the shell task is just listing a dir and returning true/false13:43
evrardjpthat's why I think it's fine13:43
prometheanfirenot actually changing state13:43
prometheanfireya13:43
evrardjpit's not great but it's fine13:43
prometheanfireevrardjp: I remove on isdir because we don't want to remove the symlink every run just to replace it again13:44
prometheanfireya, agreed on not great13:44
evrardjpprometheanfire: yes I know for the isdir :)13:44
evrardjpI can read :)13:44
matttodyssey4me: so my change that removes --isolated wasn't backported13:44
matttodyssey4me: which leads me to believe that because tempest venv exists, it's building on the repo server13:45
prometheanfirethought you wanted me to remove it13:45
* prometheanfire hasn't had much sleep13:45
matttodyssey4me: is there any harm in locking tempest SHA?13:45
*** cloader89 has joined #openstack-ansible13:45
odyssey4memattt the harm is that our tests don't match the upstream tests, which we have put a lot of effort into avoiding thus far13:46
*** tlbr has quit IRC13:47
*** tlbr has joined #openstack-ansible13:49
*** phalmos has quit IRC13:49
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Automatically enable neutron ha router capabilities  https://review.openstack.org/31304213:50
automagically_Morning all13:51
cloudnullmorning13:51
*** ametts has joined #openstack-ansible13:51
*** asettle has joined #openstack-ansible13:53
Adri2000so I have a bad issue which is not OSA's fault :( when deploying tempest, the playbook creates cirros images in glance, that uses the glance API v1 and the --copy-from feature. it seems that copy-from feature doesn't know how to use a proxy, so if your glance container needs a proxy to fetch the image, it will fail. ... I was told in #openstack-glance that such a bug won't be fixed because glan13:54
Adri2000ce api v1 is deprecated / somewhat frozen, and I learnt that glance api v2 doesn't have a --copy-from feature anyway13:54
*** xek has quit IRC13:54
cloudnullso whats the temp on this ever being accepted https://review.openstack.org/#/c/304840 -- asking because I want push on the Ansible 2.1 work and if we dont think we'll ever move on the isolated ansible (at least not in that way) then I need to pivot my 2.1 work13:55
matttodyssey4me: that throws a ratchet in my master commit :)13:55
cloudnullAdri2000: you can skin that cat manually for now using something like so: https://github.com/os-cloud/osic-ref-impl/blob/master/post-deployment-setup.sh#L46-L5413:56
cloudnulljust download the Cirros image and add it into glance13:57
Adri2000cloudnull: yep I was going to try this, as a workaround. but any idea how to fix that properly long term?13:58
Adri2000I'm surprised that such a feature doesn't exist anymore in glance v213:59
odyssey4mecloudnull I'm not a fan of increasing the scope of the openstack-ansible command line, nor do I think that we need to be facilitating multiple venvs on anyone's behalf. It'd be useful to have ansible in a venv purely to isolate its requirements from the other requirements on the host. I would rather have it implement the venv, then optionally do a forced symlink for the CLI commands to the venv versions... then if13:59
odyssey4me someone wants to switch versions they can simply change the version via the env var and re-bootstrap13:59
odyssey4meAdri2000 we'll need to adjust our tempest plays to make it use v2, and probably some other places13:59
*** jthorne has joined #openstack-ansible14:00
cloudnullAdri2000:  something like http://cdn.pasteraw.com/jqd87wx1u70b402ex62tt1f0lbw1ikp should work14:00
*** Bjoern_zZzZzZzZ is now known as BjoernT14:00
cloudnullwhich will short circut the module14:00
cloudnullas for the long term14:00
cloudnullI think we're going to need to adjust the module14:01
cloudnullor use a shell command14:01
cloudnullwhich isn't an awesome solution14:01
odyssey4mecloudnull once we've flipped to ansible 2 there should be a module to do it for us14:01
Adri2000it seems this is the new module in ansible 2: https://docs.ansible.com/ansible/os_image_module.html14:02
cloudnullodyssey4me:  thats in shade and its still using v1 at last check14:02
Adri2000I don't see anything about passing an url instead of a file14:02
cloudnull looks like its fully removed the image fetch14:03
cloudnullit was here https://docs.ansible.com/ansible/glance_image_module.html14:04
cloudnullbut not in the updated one14:04
*** _deadnull is now known as deadnull_14:04
*** smatzek has joined #openstack-ansible14:05
pjm6hey14:06
pjm6anyone here knows why14:07
pjm6https://github.com/openstack/openstack-ansible-os_neutron/blob/b4537e2618adaee4e6fe7d2087e15182c779482f/defaults/main.yml#L33114:07
pjm6neutron_external_bridge are empty?14:07
cloudnullodyssey4me: so your suggesting to create a venv and then link "ansible           ansible-doc       ansible-galaxy    ansible-playbook  ansible-pull      ansible-vault" back into /usr/loca/bin ?14:08
pjm6if i understood well, if  we don't put empty, by default he will be using br-ex (from OVS)14:08
pjm6but for VPNaaS working i think we need to give a interface14:08
pjm6because I got "no public interface found"14:08
prometheanfirecloudnull: jenkins still broken? https://review.openstack.org/32062414:08
odyssey4mecloudnull yeah, but optionally - just make it true by default14:09
prometheanfireansible 2.1.0.0 is out14:10
odyssey4mew00t https://pypi.python.org/pypi/ansible/2.1.0.014:11
prometheanfiregot the alert/task on upstream's tag14:11
cloudnullodyssey4me / prometheanfire: thats why im asking about the rest of the isolation work14:12
odyssey4meah14:12
odyssey4mefor now cloudnull I'd suggest that we simply revision the master branch for each role's test-requirements to ensure that each role works as it stands, once those are all merged then we rev the integrated repo14:13
odyssey4methe patch to isolate ansible into a venv can come later14:13
cloudnullright now 2.1 works for the most part https://review.openstack.org/#/c/317224/ -- looks like there's a bad loop in cinder right now which 2.1 is unhappy about14:14
cloudnullbut we're on the right track14:15
cloudnullso I'll pivot that PR and abandon the other.14:15
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Enable LSM instead of checking status  https://review.openstack.org/32099314:19
matttodyssey4me: wait, so we actually removed --isolated in os_tempest?  i thought i inadvertently did this but it looks like this already happened14:21
*** sacharya has joined #openstack-ansible14:21
odyssey4memattt yeah, I did it some time ago because all the requirements at the time were fulfilled by the repo14:21
odyssey4meit seems that was not a long term guarantee14:22
matttodyssey4me: ok, that makes me feel slightly less bad :)14:22
matttodyssey4me: well, we can slip that flag back in if we need to i guess14:22
pjm6cloudnull, neutron is your speciality, right? :D14:24
* cloudnull leaves14:24
pjm6loool14:25
prometheanfirepjm6: nah, that's Apsu14:25
pjm6prometheanfire, thanks14:25
pjm6anyone here had used vpnaas with linux bridge? xD14:26
*** al_loew has quit IRC14:26
*** sacharya has quit IRC14:26
*** woodard has joined #openstack-ansible14:27
*** javeriak has joined #openstack-ansible14:27
*** woodard has quit IRC14:27
*** woodard has joined #openstack-ansible14:28
*** brad[] has quit IRC14:30
openstackgerritMerged openstack/openstack-ansible-os_nova: Removed the db create tasks  https://review.openstack.org/31485014:33
*** Mudpuppy has joined #openstack-ansible14:33
*** phalmos has joined #openstack-ansible14:35
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Search for unlabeled device files  https://review.openstack.org/31944814:36
wadeholleris it possible to undefine / omit a var definition with a host override ? (example undefine nova_libvirt_images_rbd_pool for a specific host) sorry still an ansible n00b i guess14:41
*** iceyao has quit IRC14:41
openstackgerritBjoern Teipel proposed openstack/openstack-ansible: Migrate keystone v2 images to v3 during Liberty upgrade  https://review.openstack.org/31707014:42
*** Brew has joined #openstack-ansible14:45
Apsupjm6: I have not poked at VPNaaS much yet professionally. What's up?14:47
prometheanfirewadeholler: you are the second person to ask that14:47
pjm6Apsu, when i create the VPN Site-To-Site connnection14:47
pjm6the link is down14:47
pjm6and in the logs14:47
pjm6I get the following error14:47
pjm6"003 no public interface"14:48
pjm6i though that could be because the "external_network_bridge" was empty, but in the docs say it must be that way for making sure that we could have multiple networks14:48
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Enable LSM instead of checking status  https://review.openstack.org/32099314:50
pjm6Apsu, http://pastebin.com/fjBHt6qL14:50
pjm6its not much details :\14:50
openstackgerritMerged openstack/openstack-ansible-security: Disable the rdisc service (if present)  https://review.openstack.org/31944214:51
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Isolate Ansible from the deployment host  https://review.openstack.org/32103614:51
*** galstrom_zzz is now known as galstrom14:53
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Update ansible to version 2.1  https://review.openstack.org/32104214:53
*** jvalente has joined #openstack-ansible14:57
odyssey4mewadeholler I think you can just set it to '' ?14:57
prometheanfireodyssey4me: but the variable still exists, just set to '' right?14:59
odyssey4meprometheanfire not sure, haven't really looked too deep - whether it works for the purpose would depend on how the var is used15:01
prometheanfiretrue15:02
*** gparaskevas has quit IRC15:02
pjm6well when i do ipsec verify in the agents containers15:03
pjm6says me that15:03
pjm6"Linux OpenSwan (no kernel code presently loaded)15:04
pjm6Checking for ipsec support in kernel: failed15:04
pjm6maybe lxc container don't like openswan?15:04
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Enable LSM instead of checking status  https://review.openstack.org/32099315:06
Apsupjm6: Sounds like you need to load the ipsec modules15:06
pjm6yeah i'm trying to figure it out how to do it15:06
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Isolate Ansible from the deployment host  https://review.openstack.org/32103615:06
pjm6Apsu, and then try to search how can I test the pluto configs that are in the net namespace of the router15:07
*** sdake has joined #openstack-ansible15:09
*** Qiming has quit IRC15:09
*** eric_lopez has quit IRC15:12
*** sdake_ has joined #openstack-ansible15:13
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Update ansible to version 2.1  https://review.openstack.org/32104215:13
*** sdake has quit IRC15:13
Apsupjm6: Seems like there's a fair number of potentially needed modules. Presumably they're all supposed to be load on demand15:13
pjm6Apsu, yeah, i tried to do15:14
pjm6ip netns exec qrouter-* ipsec verify15:14
pjm6and he fails, but probably i'm doing it wrong15:14
*** deadnull_ has quit IRC15:16
openstackgerritBjoern Teipel proposed openstack/openstack-ansible-os_nova: Cleanup Nova console proxy git repos before updating it  https://review.openstack.org/32065015:17
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible: Ensure all role dependencies are consistently specified  https://review.openstack.org/32106315:18
pjm6Apsu, do you have OSA with VPNaaS installed?15:20
*** kstev has joined #openstack-ansible15:21
Adri2000looks like the tempest role assumes the public network is called "public". and it doesn't seem to be configurable. am I right?15:23
*** berendt has quit IRC15:23
automagically_Correct Adri200015:23
Adri2000automagically_: I though it'd be easy to make it a variable, but then I hit {{ neutron_networks.public.id }}15:25
Adri2000how do I transform that when "public" should be a var?15:25
Adri2000{{ neutron_networks.{{ tempest_public_net_name }}.id }} doesn't work of course :)15:26
automagically_I believe there is a concat filter15:26
*** admin0 has quit IRC15:26
automagically_But that may not work either15:26
palendaeIn Jinja, '~' is a string concatenation operator15:27
palendaehttp://jinja.pocoo.org/docs/dev/templates/15:27
mhaydenevrardjp: one step towards removing some things from tox.ini -> https://review.openstack.org/#/c/320993/15:27
*** Mudpuppy_ has joined #openstack-ansible15:30
*** Mudpuppy has quit IRC15:30
*** Mudpuppy_ has quit IRC15:33
*** Mudpuppy has joined #openstack-ansible15:33
*** sdake_ has quit IRC15:34
*** javeriak has quit IRC15:35
*** weezS has joined #openstack-ansible15:35
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Isolate Ansible from the deployment host  https://review.openstack.org/32103615:40
*** mikelk has quit IRC15:41
*** alikins has joined #openstack-ansible15:45
automagically_cloudnull and any other cores - would appreciate a review on a simple consistency change https://review.openstack.org/#/q/topic:ansible_role_requirements_consistency <— That is related to some work I’m doing to perform an OSA bootstrap and repo build using all internal mirrors of git repository dependencies15:45
cloudnulllookin15:46
automagically_thx15:46
*** cloader89 has quit IRC15:48
cloudnullautomagically_: idk if i shared this with you before, if so sorry for the repeat, but this is something I've been using the gather the repos recursively -- https://gist.github.com/cloudnull/6e76897f27a2225821c7bc26535e261b15:49
*** SamYaple has quit IRC15:50
*** sacharya has joined #openstack-ansible15:51
automagically_cloudnull, you did and I ended up using a bit of it15:51
automagically_Appreciate that, it ended up being very useful15:51
* cloudnull has a bad memory15:51
*** javeriak has joined #openstack-ansible15:52
cloudnulli think we need to do the same for all .*packages,15:52
automagically_When I’m done with the work I’m doing, I’ll likely push it to my personal Github account and drop a link to it in: http://docs.openstack.org/developer/openstack-ansible/install-guide/app-no-internet-connectivity.html for those who may face similar challenges15:52
cloudnullcool15:52
automagically_atm, I am also mirroring the get-pip.py, the trusty container image, and the percona and rabbitmq debs15:53
openstackgerritMerged openstack/openstack-ansible-security: Docs: Update dev notes for Cat 1 controls  https://review.openstack.org/31942915:53
automagically_Finally, I’m adapting the way the repo play runs so I can host my mirror and the OSA repo on the same host and then distribute the whole thing across my infra15:53
cloudnullanyone available to give this a nudge https://review.openstack.org/#/c/320175/ ?15:54
* automagically_ looking15:54
cloudnullautomagically_: thats kinda awesome !15:55
cloudnullI'd like to see us make better use of the repo -infa15:55
cloudnulli think it can do a lot more .15:55
automagically_Yeah, agreed.15:55
cloudnulljmccrory: was looking into making it a legit git server instead of using the fcgi wrapper.15:56
automagically_I saw that. I’m just using the dumb http mode to serve the git repos, using `git update-server-info`15:56
*** Mudpuppy has quit IRC15:57
automagically_But I may adapt, once I marry up how repo_server wants the world to looks with how my current git mirror works15:57
cloudnullmaybe we can adapt15:58
cloudnullto make it easier for your current git mirror15:59
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: Set AIO to use an OpenStack-Infra wheel mirror  https://review.openstack.org/32109115:59
automagically_I’m almost to the point where I’ll mash them together, so I’ll definitely propose a review or two if needed15:59
*** Mudpuppy has joined #openstack-ansible16:00
logan-sounds interesting. i think i've shared the plays i'm using to do apt/deb/gpg/pip mirroring but if that's of any value and you don't have them let me know16:02
automagically_logan-: I’d love to see those16:03
odyssey4meautomagically_ cloudnull if you could take a peek at https://review.openstack.org/321091 I'd appreciate it - it shaves around 5 mins of a non-gate AIO repo build16:05
logan-sure, ill get a gist together16:05
automagically_odyssey4me: I just did16:05
automagically_Thanks logan-16:05
openstackgerritMerged openstack/openstack-ansible-os_keystone: Implement 16.04 support in Keystone  https://review.openstack.org/32017516:07
odyssey4meautomagically_ cloudnull another quick doc update too: https://review.openstack.org/32094416:08
openstackgerritMerged openstack/openstack-ansible: Expose upgrade guide in base index  https://review.openstack.org/32094416:15
*** admin0 has joined #openstack-ansible16:16
openstackgerritMerged openstack/openstack-ansible-rabbitmq_server: Upgrade RabbitMQ Server to 3.6.2  https://review.openstack.org/32008416:20
openstackgerritMerged openstack/openstack-ansible-os_zaqar: Updating os_zaqar to use the Multi-Distro framework  https://review.openstack.org/31633216:25
logan-automagically_: https://gist.github.com/Logan2211/b3217f7fa2f6e6cb12837e13603e898816:25
automagically_Much appreciated logan-16:25
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Adding audit rule for SELinux policy modifications  https://review.openstack.org/31943816:27
logan-np. if i missed anything just ping me. i just overlay that and don't override any of the shas inside the osa roles, so if one of the .debs updates in osa, the updated osa sha won't match the out-of-date mirror .deb and you'll know to update it. not very smooth but it works.16:28
*** sdake has joined #openstack-ansible16:29
v1k0d3nso cloudnull if i'm trying to fudge around with using a single nic, i'm assuming i will need a route or something for these bridge interfaces to communicate over the single nic, right? or do i need to add the interface (in this case eth2) to bridge?16:29
v1k0d3ni am so sorry i'm slamming you with questions man.16:30
v1k0d3nat some point i'm going to reach my quota! :)16:30
v1k0d3nhaven't set multi-node over a single nic like this (haven't really needed to fudge it like this).16:31
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Ensure V-38574 works reliably on CentOS  https://review.openstack.org/32111216:35
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Docs: Update dev notes for Cat 2 controls  https://review.openstack.org/31895416:38
evrardjpcloudnull: I double checked I'm using the same PPA, and I was16:38
cloudnullI was not using the PPA.16:38
evrardjphaha! I understand now16:39
cloudnullv1k0d3n: if you have a single nic the easiet way to make it all go would be to plug the nic into an integration bridge16:41
cloudnullthen create several vlan tagged devices off of that bridge16:41
cloudnullthen create additional bridges for br-mgmt, br-vlan, etc... using the tagged interfaces.16:41
*** admin0 has quit IRC16:42
*** galstrom is now known as galstrom_zzz16:42
cloudnullv1k0d3n: example https://gist.github.com/cloudnull/e81115119dddee5e2a0616:43
cloudnulljust cut the bond config out16:43
v1k0d3nah, yes...was rewriting it just like that when you replied.16:44
v1k0d3nok, think i'm down the same path.16:44
cloudnullcool16:44
*** asettle has quit IRC16:46
*** Brew has quit IRC16:48
*** asettle has joined #openstack-ansible16:51
*** weezS has quit IRC16:56
*** jvalente has quit IRC16:58
*** psilvad has joined #openstack-ansible17:01
*** asettle has quit IRC17:04
*** Brew has joined #openstack-ansible17:07
openstackgerritWang Qing wu proposed openstack/openstack-ansible-os_nova: Implement Nova PowerVM Virt Driver  https://review.openstack.org/31902217:10
*** Brew has left #openstack-ansible17:12
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Disable graphical interface instead of checking  https://review.openstack.org/32113017:12
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible: Update ansible to version 2.1  https://review.openstack.org/32104217:16
mhaydenautomagically_: what's your take on hughsaunders's comment here? https://review.openstack.org/32099317:17
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Enable LSM instead of checking status  https://review.openstack.org/32099317:18
*** brad[] has joined #openstack-ansible17:18
v1k0d3ncloudnull: still seem to be running into issues.17:21
v1k0d3nexploring...but kind of lost...should just...*work*17:21
automagically_mhayden: I think if I’m a CentOS user who has chosen to apply the security role, that I want SELinux running17:22
mhaydeni'd tend to agree17:22
automagically_Added that comment to the issue17:22
mhaydenperhaps i could adjust the docs to have a "must read" section17:23
palendaeHrm17:24
mhaydenthanks automagically_17:25
palendaeFound a nasty global var dependency in the dynamic inventory, which I fixed...and now the duplicate IP test fails on the 45th run (of 100) every time17:25
palendaeI think I shall pause this and go to lunch17:25
cloudnullv1k0d3n: whats up?17:25
*** berendt has joined #openstack-ansible17:28
v1k0d3ncloudnull: this is what i have17:30
v1k0d3nhttps://gist.github.com/v1k0d3n/06245da552d2655c70d9d15ed131d7ff17:30
v1k0d3npretty basic. traffic should default to eth217:31
v1k0d3neth2 is defined in /etc/network/interfaces17:31
v1k0d3nroute is out that interface etc. normal.17:31
*** sdake_ has joined #openstack-ansible17:33
*** jiteka has quit IRC17:34
*** sdake has quit IRC17:35
pjm6this image is up-to-date http://docs.openstack.org/developer/openstack-ansible/_images/environment-overview.png ?17:36
pjm6i'm asking because in the logging host i think i didn't see the logstash, elasticsearch+ kibana17:36
*** BjoernT is now known as Bjoern_zZzZzZzZ17:36
pjm6and the RPC Respository are the openstack ansible playbooks?17:36
*** Bjoern_zZzZzZzZ is now known as BjoernT17:40
*** fawadkhaliq has joined #openstack-ansible17:43
*** cloader89 has joined #openstack-ansible17:43
*** kstev has quit IRC17:44
*** rahulait has joined #openstack-ansible17:49
*** rahuls has left #openstack-ansible17:49
*** rahulait is now known as Guest4870417:49
*** Guest48704 has quit IRC17:49
*** Min_Cai has joined #openstack-ansible17:49
*** rahuls has joined #openstack-ansible17:50
Min_CaiI'm here.17:50
*** ig0r__ has quit IRC17:51
openstackgerritAndy McCrae proposed openstack/openstack-ansible-os_nova: Allow metadata_host to be different to LB VIP  https://review.openstack.org/32114817:52
*** javeriak has quit IRC17:55
*** saneax is now known as saneax_AFK17:55
openstackgerritBjoern Teipel proposed openstack/openstack-ansible-os_nova: Cleanup Nova console proxy git repos before updating it  https://review.openstack.org/32065017:55
*** aslaen has joined #openstack-ansible18:02
*** asettle has joined #openstack-ansible18:04
*** asettle has quit IRC18:09
*** admin0 has joined #openstack-ansible18:11
*** boogibugs has quit IRC18:12
hughsaunderspjm6: the logging bits are in RPC (Rackspace Prviate Cloud) https://github.com/rcbops/rpc-openstack18:12
*** Min_Cai has quit IRC18:13
hughsaunderswell, not all the logging bits, OSA configures rsyslog.. RPC adds beaver & ELK18:13
hughsaundersso I guess the answer to your question is no, the image needs updating because it implies that OSA configures ELK.18:14
*** admin0 has quit IRC18:19
*** electrofelix has quit IRC18:21
*** sdake_ is now known as sdake18:23
*** fawadkhaliq has quit IRC18:23
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: Reduce reliance on global state for testing  https://review.openstack.org/32117218:32
*** sdake_ has joined #openstack-ansible18:34
*** sdake has quit IRC18:37
*** kstev has joined #openstack-ansible18:37
openstackgerritMerged openstack/openstack-ansible: Create ceph python library symlinks  https://review.openstack.org/31790118:38
*** gonzalo2kx has joined #openstack-ansible18:42
pjm6thanks hughsaunders18:47
openstackgerritMerged openstack/openstack-ansible-pip_install: Enable CentOS support  https://review.openstack.org/32091318:47
pjm6so besides ELK18:47
pjm6all its good?18:47
*** omiday has joined #openstack-ansible18:47
pjm6oh i was seeing that repo, if i understand, the RPC will handle about the ELK, right?18:48
*** sdake_ is now known as sdake18:48
prometheanfirecloudnull: is gate still broken?18:53
*** javeriak has joined #openstack-ansible18:59
*** Mudpuppy has quit IRC19:02
*** Mudpuppy has joined #openstack-ansible19:04
*** galstrom_zzz is now known as galstrom19:06
*** aslaen has quit IRC19:09
*** javeriak_ has joined #openstack-ansible19:09
*** javeriak has quit IRC19:10
openstackgerritMatt Thompson proposed openstack/openstack-ansible-os_designate: Test designate w/ designate tempest plugins  https://review.openstack.org/31994119:13
*** chhavi has quit IRC19:13
*** elopez has joined #openstack-ansible19:16
pjm6guys anyone knows if in OSA there is a rule to modprobe kernel modules?19:22
*** Mudpuppy has quit IRC19:25
*** daneyon has quit IRC19:26
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: Test _ensure_inventory_uptodate function  https://review.openstack.org/32119719:30
*** daneyon has joined #openstack-ansible19:33
*** Mudpuppy has joined #openstack-ansible19:33
*** Mudpuppy has quit IRC19:34
*** Mudpuppy has joined #openstack-ansible19:36
*** wadeholler has quit IRC19:39
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: Test _ensure_inventory_uptodate function  https://review.openstack.org/32119719:52
*** javeriak_ has quit IRC19:54
*** admin0 has joined #openstack-ansible19:54
*** jayc has joined #openstack-ansible19:56
palendaeI realize 2 of them haven't run through the gate yet, but would appreciate eyes on https://review.openstack.org/#/q/topic:inventory-tests+status:open when people get the chance20:07
*** galstrom is now known as galstrom_zzz20:07
*** admin0 has quit IRC20:11
*** raddaoui has joined #openstack-ansible20:12
*** admin0 has joined #openstack-ansible20:13
*** jamesdenton has joined #openstack-ansible20:18
*** jamesdenton has quit IRC20:18
hughsaunderspjm6: https://github.com/openstack/openstack-ansible-openstack_hosts/blob/master/tasks/openstack_kernel_modules.yml20:26
*** johnmilton has quit IRC20:28
*** smatzek has quit IRC20:30
*** Zucan has quit IRC20:31
*** v1k0d3n has left #openstack-ansible20:33
*** v1k0d3n has joined #openstack-ansible20:33
*** brunofurtado has joined #openstack-ansible20:35
*** mummer has joined #openstack-ansible20:41
*** flaviodsr has quit IRC20:41
*** Zucan has joined #openstack-ansible20:44
*** admin0 has quit IRC20:46
*** sdake_ has joined #openstack-ansible20:46
*** gonzalo2kx has quit IRC20:47
v1k0d3ncloudnull: are you guys throwing a party over there? this room's been super quiet. lol20:48
*** sdake has quit IRC20:48
v1k0d3ncrickets. unless i've been banished for too many questions in one day.20:48
*** admin0 has joined #openstack-ansible20:48
palendaeNo party that I know of20:50
palendaeThough I've been working around town today, and I'm not based in SAT either20:50
v1k0d3nwondering if anyone can help me with some linux bridging...i'm still having issues.20:55
v1k0d3n:(20:55
*** smatzek has joined #openstack-ansible20:57
*** admin0 has quit IRC20:59
*** woodard_ has joined #openstack-ansible20:59
*** asettle has joined #openstack-ansible20:59
*** schwicht has quit IRC21:01
*** bsv has joined #openstack-ansible21:01
*** woodard has quit IRC21:03
*** woodard_ has quit IRC21:04
*** smatzek has quit IRC21:08
*** retreved has quit IRC21:08
*** psilvad has quit IRC21:11
*** Mudpuppy has quit IRC21:13
*** mummer has quit IRC21:13
*** mummer has joined #openstack-ansible21:23
*** asettle has quit IRC21:23
*** thorst_ has quit IRC21:24
*** thorst_ has joined #openstack-ansible21:24
*** ametts has quit IRC21:28
*** thorst_ has quit IRC21:29
*** thorst_ has joined #openstack-ansible21:30
*** johnmilton has joined #openstack-ansible21:31
*** gonzalo2kx has joined #openstack-ansible21:33
dolphmanyone ever seen this before? TypeError: __init__() got an unexpected keyword argument 'allow_no_value' in _v1_config_template http://cdn.pasteraw.com/9he87vw1o99kfkkhtj1utimj6sneo6621:35
*** thorst_ has quit IRC21:35
dolphmthis is on 13.1.021:37
*** bsv has quit IRC21:37
openstackgerritMerged openstack/openstack-ansible-security: Docs: Update dev notes for Cat 2 controls  https://review.openstack.org/31895421:38
hughsaunderspalendae: does https://review.openstack.org/#/c/318917/5 check if the provided cidr/gateway are routable?21:39
openstackgerritMerged openstack/openstack-ansible-security: Disable the netconsole service (if present)  https://review.openstack.org/31944521:39
hughsaundersdolphm: new one on me.21:42
*** kstev has quit IRC21:43
hughsaundersdolphm: which version of ansible?21:43
*** sdake_ has quit IRC21:45
*** gonzalo2kx has quit IRC21:47
*** daneyon has quit IRC21:49
*** daneyon has joined #openstack-ansible21:50
*** sdake has joined #openstack-ansible21:50
*** thorst_ has joined #openstack-ansible21:52
*** thorst_ has quit IRC21:57
*** jayc has quit IRC21:57
*** cloader89 has quit IRC21:58
*** aslaen has joined #openstack-ansible22:02
*** jayc has joined #openstack-ansible22:09
*** kylek3h has quit IRC22:13
dolphmhughsaunders: 1.9.622:17
dolphmhughsaunders: but we gave up, and moved to a different ansible host :(22:17
dolphmhughsaunders: now have a new problem, where ansible-galaxy install --role-file is trying to treat every line of a yaml file as a discrete requirement?22:18
dolphmso, it's failing to download a role called '---' to kick things off22:18
stevelle... wat22:19
dolphmthe ansible-role-requirements.yml file in question: https://github.com/rackerlabs/capstone/blob/master/deploy/ansible-role-requirements.yml22:21
dolphmand the actual failure: http://cdn.pasteraw.com/1l08i4n5jevya4l1htr507jku0bbkms22:21
stevelleChecking my initial response, no I am not entirely surprised that ansible-galaxy isn't properly parsing yaml documents.  Probably will work if you drop the document delimiter dolphm.22:23
stevellehttps://github.com/openstack/openstack-ansible/blob/master/ansible-role-requirements.yml22:23
*** sdake has quit IRC22:25
dolphmstevelle: trying ...22:25
dolphmstevelle: but there was a similar error message for every line in the yml file, not just the ---22:25
dolphmaaaand it's doing the same thing22:25
dolphmcan you update ansible-galaxy independently from ansible? (which is already 1.9.6)22:25
stevelleI don't know abt that22:25
stevelleI recall palendae mentioning that ansible rolled their own yaml parser so fun adventure22:26
stevelledolphm: looks like it isn't expecting yaml.22:28
stevelleit seems to want something that looks like a pip requirements file22:29
dolphmstevelle: yeah =( but i don't see how we can make it look any more like yaml22:29
dolphmstevelle: ansible-galaxy used to support (maybe still does?) .txt files that look like pip requirements.txt22:29
stevelleno no, less like yaml22:29
stevelledolphm: https://docs.ansible.com/ansible/galaxy.html#installing-multiple-roles-from-a-file22:29
stevellethough versions are not well handled on those docs22:30
stevelleguessing the "advanced control over requirements files" isn't working in 1.922:30
*** schwicht has joined #openstack-ansible22:38
*** weezS has joined #openstack-ansible22:42
*** weezS has quit IRC22:44
*** afred312_ has joined #openstack-ansible22:45
*** afred312 has quit IRC22:47
*** rahuls has quit IRC22:57
*** phalmos has quit IRC23:01
mgagneis there a way to query Ansible for a variable for external consumption?23:03
mgagneor would it be tricky since variables could be dynamically defined/registered from a role or task?23:04
*** jayc has quit IRC23:08
dmsimardmgagne: so, like, registering a variable based on the results of a http request ?23:08
dmsimardWhat's external consumption ?23:09
mgagnelike: should I run a playbook with those variables files based on inventory and such, what would be the variable value?23:09
mgagnea bash script for example23:09
mgagnebut I guess writing a playbook which executes similar tasks to what bash would have done would be much more simple23:09
dmsimardHmm, yeah, I don't know of a way to fetch ansible variables from outside the scope of an ansible run. Either doing what your bash script would do through ansible tasks or templating a bash script (and running it) could be two possible options.23:13
stevellemgagne: if you are willing to accept that variables (esp. defined through "register" hooks) are off-limits, you can get facts about the inventory and values for defined variables with adhoc ansible commands.23:15
stevellegetting them out and parsing them from cmd line output of ansible adhoc commands will be an exercise though23:16
mgagneyea. talking with a coworker, we came to the conclusion that running a playbook would be way better.23:16
stevellemgagne: that is partly why we converted bootstrap-aio.yml from a bash script23:17
mgagne:D23:17
mgagnebasically, we wish to validate a config syntax in gate (zuul) we don't want to install the whole software so we used to use tox to install Zuul and run config validation from there. until the version used in Ansible is different from the one used in tox and one fail but not the other :D23:18
stevelleI will note that at some points (see https://github.com/openstack/openstack-ansible-repo_build) we do generate bash scripts with templating for execution in a playbook23:18
stevellewe did that for speed, however.23:19
mgagneright, that's an other idea I guess23:19
stevellethat had more to do with execution of tasks having very long with_items: lists23:20
stevellemgagne: I'm pretty sure we're working on isolating our ansible in a venv, and it sounds like that may be the direction you're going to be headed as well23:22
*** kylek3h has joined #openstack-ansible23:23
stevelleand because why not, I know cloudnull and I and likely others here have used ansible playbooks to run ansible playbooks as a task.23:23
stevelleI don't think we liked that in practice very much  though23:23
mgagnestevelle: I'm installing Zuul in a venv already. The script I'm trying to adapt is the one running in check/gate to validate the config. So far, I was using tox.ini to install Zuul and test the config. Problem is version pinning is not in sync with Ansible. That's why I'm thinking about moving the check to Ansible and/or use Ansible to invoke tox or the shell script with the correct version.23:25
*** schwicht_ has joined #openstack-ansible23:26
mgagneI found sharing values/configs across configuration management systems to be a common issue23:27
*** schwicht has quit IRC23:28
*** sdake has joined #openstack-ansible23:28
stevellemgagne: as much as I understand that, yeah you might be on the right track going with a playbook23:29
*** kylek3h has quit IRC23:29
*** kylek3h has joined #openstack-ansible23:30
*** BjoernT has quit IRC23:30
*** kylek3h has quit IRC23:34
« Tuesday, 2016-05-24 Index Thursday, 2016-05-26 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!