Tuesday, 2016-06-07

« Monday, 2016-06-06 Index Wednesday, 2016-06-08 »
*** thorst has quit IRC00:04
*** sdake_ has quit IRC00:05
*** jamesdenton has joined #openstack-ansible00:06
*** jamesdenton has quit IRC00:11
*** rahuls has quit IRC00:18
*** markvoelker has joined #openstack-ansible00:20
*** markvoelker has quit IRC00:25
*** sdake has joined #openstack-ansible00:38
*** sdake has quit IRC00:38
*** sdake has joined #openstack-ansible00:38
*** thorst has joined #openstack-ansible00:56
*** thorst has quit IRC00:58
*** thorst has joined #openstack-ansible00:58
*** sacharya has joined #openstack-ansible00:59
*** saneax is now known as saneax_AFK01:02
*** sacharya has quit IRC01:04
*** thorst has quit IRC01:07
*** jasondotstar has quit IRC01:18
*** spotz_zzz is now known as spotz01:29
openstackgerritMichael Davies proposed openstack/openstack-ansible: Add an easy way to run cmds in utility container  https://review.openstack.org/32620001:38
*** sdake has quit IRC01:50
*** sacharya has joined #openstack-ansible01:59
*** thorst has joined #openstack-ansible02:05
*** sdake has joined #openstack-ansible02:11
*** thorst has quit IRC02:12
*** alikins has quit IRC02:15
*** wadeholler has quit IRC02:16
*** klamath has quit IRC02:16
*** klamath has joined #openstack-ansible02:17
*** alikins has joined #openstack-ansible02:17
*** sdake_ has joined #openstack-ansible02:18
*** sdake has quit IRC02:20
*** markvoelker has joined #openstack-ansible02:21
*** klamath has quit IRC02:24
*** klamath has joined #openstack-ansible02:25
*** markvoelker has quit IRC02:26
*** jamielennox is now known as jamielennox|away02:27
*** jamielennox|away is now known as jamielennox02:35
*** bbmbx__ has quit IRC02:37
*** Drago has quit IRC02:53
*** thorst has joined #openstack-ansible03:10
*** thorst has quit IRC03:17
*** sdake_ has quit IRC03:38
*** evilt0ne has quit IRC03:38
*** zerda2 has joined #openstack-ansible03:43
*** aludwar1 has joined #openstack-ansible03:44
*** jamielennox is now known as jamielennox|away03:44
*** aludwar1 has quit IRC03:44
*** Drago has joined #openstack-ansible03:48
*** Drago has quit IRC03:48
*** Drago has joined #openstack-ansible03:48
*** daneyon_ has joined #openstack-ansible03:51
*** jamesdenton has joined #openstack-ansible03:52
*** jamesdenton has quit IRC03:52
*** daneyon has quit IRC03:54
*** jamielennox|away is now known as jamielennox03:59
*** daneyon has joined #openstack-ansible04:00
*** daneyon_ has quit IRC04:03
*** pcaruana has joined #openstack-ansible04:11
*** aludwar has quit IRC04:12
*** Drago has quit IRC04:13
*** thorst has joined #openstack-ansible04:15
*** psilvad has quit IRC04:21
*** markvoelker has joined #openstack-ansible04:22
*** thorst has quit IRC04:22
*** pcaruana has quit IRC04:24
*** markvoelker has quit IRC04:26
*** aludwar has joined #openstack-ansible04:28
*** pcaruana has joined #openstack-ansible04:34
*** sacharya has quit IRC04:36
errrif I have a custom theme for horizon does the horizon playbook support deploying it, or would I need to handle that some other way?04:37
*** sacharya has joined #openstack-ansible04:37
*** pcaruana has quit IRC04:40
*** sacharya has quit IRC04:42
*** thorst has joined #openstack-ansible05:22
*** markvoelker has joined #openstack-ansible05:23
*** markvoelker has quit IRC05:27
*** thorst has quit IRC05:28
*** sacharya has joined #openstack-ansible05:38
*** sacharya has quit IRC05:43
*** thorst has joined #openstack-ansible06:25
*** thorst has quit IRC06:32
*** sguduru has joined #openstack-ansible06:51
*** mpjetta has quit IRC07:05
*** chhavi has joined #openstack-ansible07:10
*** bsv has joined #openstack-ansible07:13
*** markvoelker has joined #openstack-ansible07:23
*** markvoelker has quit IRC07:28
*** mikelk has joined #openstack-ansible07:29
*** thorst has joined #openstack-ansible07:30
evrardjpgood morning everyone07:30
evrardjpv1k0d3n: I'm there now07:30
evrardjpchris_hultin: will check on msgpack-python07:31
evrardjpchris_hultin: I have the version 0.4.7 on mitaka, what are you looking for?07:32
winggundamthgood morning07:36
winggundamthon here http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-network-services.html07:37
evrardjplbragstad: hope your environment is fine now07:37
evrardjpwinggundamth: yup?07:37
*** thorst has quit IRC07:37
winggundamthit said that there are router, firewall, lbaas, vpnaas, metering and qos services07:37
evrardjpI don't remember qos, but yes, you can07:38
winggundamthbut what I found in neutron role are lbaas, firewall, vpnaas, vpnaas07:38
winggundamthI don't see router, metering and qos anywhere?07:38
winggundamthalso how exactly to use lbaasv2. because I tried lbaasv2 and I got ImportError: Plugin 'lbaasv2' not found error07:39
*** saneax_AFK is now known as saneax07:39
evrardjpdid you follow this? http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-network-services.html#deploying-lbaas-v207:40
winggundamthhttp://docs.openstack.org/developer/openstack-ansible/install-guide/configure-lbaas.html this doc said please use lbaasv207:40
evrardjpyes07:40
winggundamthbut http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-network-services.html#load-balancing-service-optional said use neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv207:40
evrardjplbaas v1 is pretty muuch dead07:40
winggundamthso I a bit confuse :)07:40
evrardjpthe doc seems fine, could you drop your user_variables somewhere?07:41
evrardjpall of this is in the neutron role07:42
evrardjpthe agents part07:42
winggundamthyep I put it in user_variables.yml07:42
winggundamthmy point is there are 2 docs that conflict together07:42
evrardjpwinggundamth: the file is neutron_upstart_init07:43
winggundamthone said put lbaasv2 and another said put neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 in neutron_plugin_base07:43
evrardjpoh07:43
winggundamthI tried lbaasv2 but it doesn't work so I'm trying neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 right now07:43
winggundamthand yeah neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 is the correct one07:44
evrardjpyes it's the latest doc07:45
winggundamthI think neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 this is not consistency with the others07:45
evrardjpI don't know where you found the other07:45
winggundamthit should be lbaasv207:45
winggundamthhaha I found that via google actually07:46
evrardjpok07:46
evrardjpold doc07:46
evrardjpwe have a problem with old doc appearing then07:47
evrardjpcould you file a bug with the two links and mention there is a problem of consistency, please?07:48
evrardjpOne should be deleted, we should check with the docs part of our team07:48
evrardjpasettle: this is gonna be for you07:49
winggundamthno problem :)07:53
evrardjpthanks winggundamth!07:55
winggundamththis is done https://bugs.launchpad.net/openstack-ansible/+bug/158984207:57
openstackLaunchpad bug 1589842 in openstack-ansible "Old document still appears" [Undecided,New]07:57
winggundamthand still waiting for @Mattt to answer this question :) https://review.openstack.org/#/c/325768/07:58
evrardjpI can answer for him08:07
evrardjprun-playbooks isn't forced to be an AIO08:07
evrardjpmost likely it will be08:08
evrardjpbut it's not forced08:08
evrardjpI don't see a problem of having that there08:08
evrardjpbut feel free to commit otherwise08:08
evrardjpwe'll evaluate if it's better or not :D08:09
*** iceyao has joined #openstack-ansible08:14
*** sguduru has quit IRC08:15
*** thorst has joined #openstack-ansible08:35
asettleevrardjp: what's up? what am I doing? Who do I need to kill?08:38
asettleI mean, doc08:38
evrardjp:D08:39
evrardjpasettle: https://bugs.launchpad.net/openstack-ansible/+bug/158984208:39
openstackLaunchpad bug 1589842 in openstack-ansible "Old document still appears" [Undecided,New]08:39
*** rcarrillocruz has joined #openstack-ansible08:39
rcarrillocruzheya folks08:39
rcarrillocruzquestion08:39
rcarrillocruzi have a folk asking in #ansible how to use the openstack modules08:40
asettleevrardjp: bug for me?08:40
rcarrillocruzhe just installed an AIO with openstack-ansible to test stuff08:40
evrardjpasettle: yup08:40
rcarrillocruzunsure if openstack-ansible installs a clouds.yaml as devstack does?08:40
evrardjpit's about docs: we have two files explaining how to configure lbaas08:40
evrardjpand ofc they aren't consistent08:41
evrardjpbut you're reworking the docs08:41
evrardjpso my guess is you are cleaning up stuff08:41
asettleevrardjp: I'll take a squiz when I'm done with the emails :) thanks for pointing it in my direction08:42
*** thorst has quit IRC08:42
evrardjpasettle: I can delete it for you if you want, but my guess is: we probably want to study how this happened and what do we do to avoid that in the future08:44
asettleevrardjp: so, duplication of information is not exactly uncommon. I'd like to take a look before we simply just delete the information.08:44
evrardjpok, that's what I thought :D08:45
evrardjpThanks !08:45
asettleNo worries evrardjp :) i'll keep you in the loop today as I go through it.08:45
*** electrofelix has joined #openstack-ansible09:03
openstackgerritMerged openstack/openstack-ansible-lxc_container_create: Test external connectivity for containers  https://review.openstack.org/28890909:15
pjm6good morning all09:16
evrardjpmorning09:17
pjm6evrardjp, o/09:17
*** markvoelker has joined #openstack-ansible09:24
asettleodyssey4me and evrardjp - do we want to even include the LBaaS v1 information? Also, the bug suggests to delete the shittier one. Ha. So I might move the LBaaS information from the network services section out to the configure-lbaas chap and just have a link ref to it in the network services section09:27
asettleAnd do we have upgrade information for LBaaS 1 to 2?09:28
evrardjpthere is no upgrade path from 1 to 209:28
asettleWell that isn't fantastic.09:28
evrardjpand we should use the v209:28
asettleIs there *going* to be an upgrade path?09:28
evrardjpand everybody should use 209:28
evrardjpnot in osa IIRC09:28
evrardjpI think using neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 is the correct way for neutron_plugin_base09:28
*** markvoelker has quit IRC09:29
asettleShould is the key word there evrardjp - there has been use cases for v1 before Mitaka, and the original doc tells you how to use v1. You *should* have an upgrade path.09:29
evrardjpbut doc wise, I don't know what to do09:29
asettleevrardjp: that I can do.09:29
asettleThere should be an upgrade path though. So far, the option is to manually delete load balancers, pools, and members.09:29
asettleAnd that's hardly user friendly.09:29
asettleodyssey4me: was there ever a plan for this?09:29
evrardjpthat's sad we advised to use v1, but that's maybe what happened at that time because it was the best plan09:30
evrardjpat that time09:30
evrardjpnow times have changed09:30
asettleevrardjp: yes, well, that's fine :) that happens. But there still needs to be an upgrade option because it was something that was originally used/in the doc.09:30
asettleJust because times have changed, you can't ignore upgrades.09:30
evrardjpNo but we can mention it's outside the scope (if it is)09:31
evrardjpwe should mention*09:31
evrardjpif it's inside the scope, we should better write code now :p09:31
asettleI will - definitely. But I think we should have another option (if even temporary) for this. Is there a potential upgrade path?09:31
asettleI'll take care of the doc now so that it reflects what we're doing.09:32
evrardjpthat's a question for odyssey4me09:32
evrardjpand for the move of the doc file, I had a hard time finding the configure-lbaas document because it wasn't in the doctree09:32
evrardjpso I'm not sure if this needs to be adapted too09:33
evrardjpI completely trust you on this09:33
asettleevrardjp: please do :) i'll be done in a jiffy09:33
asettleOnce I find the damn file. Stupid thing09:33
evrardjpfind . -name configure-lbaas.rst ?09:33
bsvevrardjp: no, thats cheating...09:34
odyssey4mealextricity25 I'm tracking https://bugs.launchpad.net/neutron/+bug/1523031 waiting for the upstream fix. There's nothing we can do until there is an upstream fix. The workaround is not to use L2POP, which from Mitaka onwards we do not do.09:34
openstackLaunchpad bug 1523031 in openstack-ansible trunk "Neighbor table entry for router missing with Linux bridge + L3HA + L2 population" [High,Confirmed] - Assigned to Jesse Pretorius (jesse-pretorius)09:34
*** chhavi has quit IRC09:34
evrardjpbsv :D09:34
*** admin0 has joined #openstack-ansible09:34
odyssey4meerrr you can set a dict of files to copy from the deployment host to the horizon containers: https://github.com/openstack/openstack-ansible-os_horizon/blob/master/tasks/horizon_post_install.yml#L51-L5709:36
*** thorst has joined #openstack-ansible09:39
*** sacharya has joined #openstack-ansible09:40
openstackgerritMerged openstack/openstack-ansible: [GATE UNBLOCKER] Lock CPU map script to a release  https://review.openstack.org/32557809:43
*** sacharya has quit IRC09:45
odyssey4mercarrillocruz sorry for the late reply - I'm still catching up on scrollback... yes we do place a clouds.yaml file down into the utility container09:46
rcarrillocruzoh nice09:46
rcarrillocruzthanks odyssey4me09:46
*** admin0 has quit IRC09:46
odyssey4mercarrillocruz specifically in the openstack_openrc role we drop it down: https://github.com/openstack/openstack-ansible-openstack_openrc/blob/master/tasks/main.yml#L36-L4409:47
odyssey4meI think that actually gets placed in more than just the utility container09:47
*** thorst has quit IRC09:47
odyssey4mercarrillocruz yeah, in fact it should be on the host in the AIO too because the nova role will put it there: https://github.com/openstack/openstack-ansible/blob/master/playbooks/os-nova-install.yml#L26309:48
rcarrillocruzproviding it's on the utility host, that's fine09:49
*** permalac has joined #openstack-ansible09:57
*** wadeholler has joined #openstack-ansible09:57
*** wadeholler has quit IRC09:57
*** wadeholler has joined #openstack-ansible09:58
*** evilt0ne has joined #openstack-ansible10:00
*** bsv has quit IRC10:03
*** johnmilton has quit IRC10:05
*** admin0 has joined #openstack-ansible10:05
winggundamthevrardjp: so https://review.openstack.org/#/c/325768/ for this. I'm waiting for Jenkins to +1. I think someone already make a patch and he said it will run the test again automatically10:05
evrardjpwait a sec my browser crashed10:06
winggundamthhaha no problem10:07
winggundamththat always happen when you leave it open for a day :P10:07
evrardjptoo many tabs and I close at least 30 yesterday10:07
evrardjpI should abandon ff10:07
evrardjpit doesn't scale with my usage10:07
winggundamthI always clean up all the tabs few times a day so I can survive this10:08
*** admin0 has quit IRC10:09
evrardjpwinggundamth: the thing is also to restart browser at regular times, which I forget10:12
winggundamth:)10:13
*** admin0 has joined #openstack-ansible10:16
Bofu2Umorning10:22
winggundamthanyone has experienced on creating new domain? I have a problem that when create domain, it doesn't work correctly because there is no service account.10:22
winggundamthso what is the step to create domain properly?10:23
Bofu2Uevrardjp I think I found the problem10:28
odyssey4mewinggundamth there is nothing special that needs to be done to create a domain - you simply create one using your super-admin account10:33
openstackgerritDarren Birkett proposed openstack/openstack-ansible-os_swift: remove ansible-managed line from swift.conf  https://review.openstack.org/32636910:33
winggundamthodyssey4me: oh sorry. I didn't tell that I'm using active directory with osa configuration10:34
winggundamthso it created domain automatically. but I found that after I assigned one of user in AD as admin of that domain. there is no service account and show me the error like Error: Invalid service catalog service: compute10:35
*** admin0 has quit IRC10:35
winggundamthI can logged-in via horizon but I don't know what is the next step to create all the service accounts.10:36
Bofu2Uodyssey4me: whats the best way to take a container out of rotation, and re-create it to the point where it grabs a different IP address?10:38
Bofu2UAs much as I admire it's aspirations, my galera container is not a neutron agent.10:38
openstackgerritDarren Birkett proposed openstack/openstack-ansible: remove ansible-managed line from swift.conf  https://review.openstack.org/32637410:38
odyssey4meah winggundamth now your question makes more sense - you're trying to put your default domain in ldap10:41
odyssey4methat is not the best of ideas10:41
*** johnmilton has joined #openstack-ansible10:41
winggundamthodyssey4me: no, I'm doing in separate domain as the doc said here http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-keystone.html#implementing-ldap-or-active-directory-backends10:42
winggundamthso I enabled horizon_keystone_multidomain_support to True and I can logged-in let say MyCorp domain now10:43
odyssey4mewinggundamth ok, good - but then there should be no need for a service account in that domain10:43
odyssey4mekeystone will search the AD back-end using the credentials you provide in the back-end config10:44
odyssey4meas your service accounts are in a different domain, nothing should be trying to access them in the second domain10:44
odyssey4meunless something is not configured with a domain10:44
evrardjpBofu2U: so you had an issue with your inventory10:45
odyssey4meare you only seeing the search for that account when browsing through horizon, or does it happen when you use the CLI too?10:45
evrardjp:D10:45
winggundamthodyssey4me: yes and seems like everything working correctly. I can see all the user list in the domain.10:45
evrardjpyou can use scripts/inventory-manage -r <item>10:45
evrardjp.py10:45
evrardjpit will remove the item from your inventory, and you'll have a new thingy on next inventory run10:46
Bofu2Uevrardjp so that's the fun part - technically it's not a problem with the inventory per-se10:46
evrardjpyou'll have to recreate it10:46
Bofu2Uthe inventory shows another IP for the container10:46
Bofu2Ufor the galera container10:46
winggundamthodyssey4me: but when I logged-in with my AD account that I already assigned it as admin role via horizon. I'm trying to create new projects. it can created but it shows Error: Unable to set project quotas.10:46
evrardjpwhen you tell me this, it looks like an issue10:47
odyssey4mewinggundamth ah, hrm....10:47
Bofu2Uevrardjp well yes, but I make it a rule not to accept blame before 7 AM :P10:47
*** thorst has joined #openstack-ansible10:47
evrardjpcould you dump your openstack_user_config and your openstack_inventory.json?10:47
*** johnmilton has quit IRC10:47
evrardjpI don't blame you10:48
winggundamthodyssey4me: oops. it found it10:48
Bofu2Uevrardjp yeah sec, just removed it going to see if I can see SSH commands in the neutron container as it runs10:48
evrardjpI blame the issue between the keyboard and chair that happened in the past :p10:48
Bofu2Utouche10:48
Bofu2UPEBKAC errors are the worst.10:48
evrardjpour inventory never forgets, which is gonna be changed soon10:49
Bofu2Uyou're gonna make it forget?10:49
odyssey4mesoon (tm) :10:49
odyssey4me:p10:49
Bofu2Uhahah10:49
Bofu2Uby the way, I believe I found out why this whole clusterF caused the NAT'd subnets not to work10:49
Bofu2Ucontroller3, neutron agent was set as the "gateway" for the internal network.10:50
winggundamthodyssey4me: so the problem is it doesn't have any project/tenant. so after you created project you have to select that project first and everything work as expected now.10:50
Bofu2Uwhich is the one that's misbehaving.10:50
*** smatzek has joined #openstack-ansible10:52
*** thorst has quit IRC10:53
openstackgerritDarren Birkett proposed openstack/openstack-ansible-os_swift: remove ansible-managed line from swift.conf  https://review.openstack.org/32636910:55
openstackgerritDarren Birkett proposed openstack/openstack-ansible: remove ansible-managed line from swift.conf  https://review.openstack.org/32637410:56
*** chhavi has joined #openstack-ansible10:57
openstackgerritDarren Birkett proposed openstack/openstack-ansible-os_swift: Make ansible managed line in swift.conf static  https://review.openstack.org/32636910:57
*** weshay has joined #openstack-ansible10:57
openstackgerritDarren Birkett proposed openstack/openstack-ansible: Make ansible managed line in swift.conf static  https://review.openstack.org/32637410:58
*** shausy has joined #openstack-ansible10:58
*** admin0 has joined #openstack-ansible10:59
*** johnmilton has joined #openstack-ansible10:59
*** admin0 has quit IRC11:01
winggundamthjust wonder. there is no lbaasv2 gui on horizon yet?11:04
mancdazwinggundamth I think there is a plugin11:04
winggundamthis it install with osa yet?11:05
mancdazwinggundamth https://github.com/openstack/openstack-ansible-os_horizon/blob/master/tasks/horizon_post_install.yml#L59-L6611:06
*** wadeholler has quit IRC11:07
*** wadeholler has joined #openstack-ansible11:07
winggundamthhmm interesting. let me recheck with horizon configuration again if it apply or not.11:07
winggundamthI don't see any load balance menu in horizon11:07
mancdazwinggundamth ping mhayden later if you're having issues - he added that stuff11:08
winggundamthlol it can direct access via /project/loadbalancers/ url but it can not got this error Error: Unable to retrieve pools list11:12
odyssey4mewinggundamth yes, there is a horizon panel enabled - it should do it automatically for you11:12
odyssey4mehttps://github.com/openstack/openstack-ansible-os_horizon/blob/master/defaults/main.yml#L14711:13
odyssey4mehttps://github.com/openstack/openstack-ansible/blob/master/playbooks/inventory/group_vars/hosts.yml#L23511:13
*** admin0 has joined #openstack-ansible11:14
odyssey4mewinggundamth so if you have neutron_plugin_base in user_variables.yml, and it contains the entry 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2' then the panel will automatically be enabled once you next run the os-horizon-install.yml playbook11:14
winggundamthoh so I have to enable that individually right?11:14
odyssey4mewinggundamth nope, it must just be in the list11:15
winggundamthodyssey4me: that's weird because it's not11:15
odyssey4mewinggundamth it should be done as per http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-network-services.html#deploying-lbaas-v211:15
winggundamthcheck /etc/horizon/local_settings.py and got 'enable_lb': False,11:15
winggundamthlet me re deploy again11:16
odyssey4mewinggundamth yes, that's correct - that it the old horizon panel set for lbaas v111:16
winggundamthoh11:16
odyssey4mewinggundamth see https://github.com/openstack/openstack-ansible-os_horizon/commit/452e4e23269dd97e484d4ae1d7050ddb52bc007b11:16
odyssey4methe post install task executes for lbaasv2 which links the panels from an extra installed package to horizon11:17
winggundamthI can see this file in horizon container /openstack/venvs/horizon-13.1.2/lib/python2.7/site-packages/neutron_lbaas_dashboard/enabled/_1481_project_ng_loadbalancersv2_panel.py11:18
evrardjpwinggundamth: are you sure you have neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 in your neutron_plugin_base AND you don't have something in your user variables that overrides the horizon_enable_neutron_lbaas?11:18
winggundamthevrardjp: yes. I'm sure11:18
evrardjpoverride to disable11:18
evrardjpok11:18
winggundamthdo you know what is the direct url to access to load balancer page in horizon?11:19
evrardjpcould you grep -R horizon_enable_neutron_lbaas * in your config folder ?11:19
winggundamthevrardjp: no I don't see any11:21
evrardjpgood11:21
evrardjpdid you rerun os-horizon-install.yml ?11:21
winggundamthnot yet11:21
evrardjpthat's it :D11:22
winggundamthlet me rerun it again11:22
*** iceyao has quit IRC11:23
winggundamthevrardjp: done but still no luck :(11:24
*** iceyao has joined #openstack-ansible11:24
*** markvoelker has joined #openstack-ansible11:25
winggundamthI'm sorry but I have to go now. will come back again in next few hours.11:25
evrardjpok11:25
Bofu2Uevrardjp: I removed it from inventory and am re-running setup-everything just so I can get a full picture11:25
Bofu2Ufingers crossed :|11:25
Bofu2UI appreciate all of your help, by the way. Thank you.11:26
evrardjpBofu2U: I hope you have a clean inventory now :D11:26
evrardjpI didn't do anything :p11:26
*** shausy has quit IRC11:26
evrardjpwinggundamth: odyssey4me's comment is valuable if you're running mitaka instead of master. in that case, please set horizon_enable_neutron_lbaas: True in your user_variables11:27
winggundamthyes. I'm running mitaka :)11:28
winggundamth13.1.211:28
odyssey4meevrardjp he shouldn't have to - unless there's a logic error11:28
odyssey4methe group_vars should set it automatically11:28
odyssey4mewinggundamth can you confirm whether the link is in place to that file you found?11:29
winggundamthodyssey4me: what is the link you refer to?11:29
evrardjpindeed11:29
*** markvoelker has quit IRC11:29
evrardjpeven in stable/mitaka11:29
winggundamthroot@aio1-horizon-container-44828307:~# ls -l /openstack/venvs/horizon-13.1.2/lib/python2.7/site-packages/neutron_lbaas_dashboard/enabled/11:29
winggundamthtotal 811:29
winggundamth-rw-r--r-- 1 root root  998 Jun  7 16:25 _1480_project_loadbalancersv2_panel.py11:29
winggundamth-rw-r--r-- 1 root root 1212 Jun  7 16:25 _1481_project_ng_loadbalancersv2_panel.py11:29
winggundamth-rw-r--r-- 1 root root    0 Jun  7 16:25 __init__.py11:29
winggundamthdid you mean this?11:30
winggundamthah need to go now. brb11:30
winggundamthyou can leave answer and question here. I'll follow11:30
evrardjp /openstack/venvs/horizon-13.1.2/lib/python2.7/site-packages/openstack_dashboard/local/enabled/ should list the loadbalancersv211:31
evrardjpiirc11:32
pjm6anyone here tried to use novnc of Nova with other keyboard map?11:33
evrardjpyup, good luck11:34
evrardjp:p11:34
*** shanemcd has left #openstack-ansible11:34
evrardjpnot supported :p11:34
pjm6loooool11:34
pjm6thanks evrardjp :d11:34
evrardjpyw :D11:34
pjm6i tried changing keymap and other things11:34
pjm6and didn't worked out11:34
evrardjplots of quirks11:34
pjm6how its missing a feature like this? :o11:34
evrardjpconsoles are a pain11:35
evrardjpbecause of ssh?11:35
pjm6no, no if loose SSH access11:35
pjm6xD11:35
pjm6http://docs.openstack.org/admin-guide/compute-remote-console-access.html11:36
pjm6so this11:36
pjm6keymap in spice11:36
pjm6is not working11:36
pjm6well at least I don't be to bad, because i tried a lot of stuffs and nothing work xD11:38
*** sacharya has joined #openstack-ansible11:41
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_neutron: Add metadata checksum fix for AIO-type networks configs  https://review.openstack.org/32639611:41
*** LanceHaig has quit IRC11:42
*** LanceHaig has joined #openstack-ansible11:42
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible-os_keystone: Minimum example playbook could let suppose db creation  https://review.openstack.org/32639811:43
*** sacharya has quit IRC11:46
*** thorst_ has joined #openstack-ansible11:46
Bofu2Uevrardjp: does it matter if I destroy the container, then do the inventory remove or vice versa?11:54
Bofu2UI'm assuming removing it won't destroy the container natively11:54
odyssey4meBofu2U you can't act on something not in your inventory11:54
evrardjpif you remove it from the inventory you'll have to do it manually11:54
odyssey4meso you should destroy the container first, then remove it from the inventory11:54
evrardjpyeah like odyssey4me said11:54
evrardjpexcept he types faster11:54
Bofu2Urgr, here we go...11:54
evrardjpbut the issue you had was the inventory11:55
evrardjpso you have to clean up as much as you can11:55
evrardjpmanually if you need to :p11:55
Bofu2Uoh I know, I made a skeleton inventory in case I ever need to restart from galera-only again11:56
evrardjpnot sure if that's a right idea11:56
*** spotz is now known as spotz_zzz11:57
Bofu2UI had no choice at the time :-/11:57
evrardjpif you have a good inventory, it should be fine to target what you want11:57
*** psilvad has joined #openstack-ansible11:57
Bofu2Ulet me rephrase... I had no inventory at the time11:57
Bofu2U:P11:57
*** retreved has joined #openstack-ansible11:57
evrardjp:D11:58
Bofu2UI'm recovering this cluster from a single backup of a single galera container11:58
Bofu2Uand no inventory11:58
Bofu2Ulol11:58
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_neutron: Add metadata checksum fix for AIO-type networks configs  https://review.openstack.org/32639612:00
odyssey4meBofu2U heh, well I guess you're learning a thing or two about disaster recovery ;)12:02
Bofu2Uodyssey4me and openstack. Don't forget openstack.12:03
*** psilvad has quit IRC12:03
Bofu2Uwatching the logs from the neutron agents alone has showed me a bit about how they work12:04
Bofu2ULike ... beyond "oh look networks."12:04
odyssey4meheh, yeah - they're a chatty bunch12:04
*** psilvad has joined #openstack-ansible12:05
Bofu2Uit does make me think, though. For the "public" networks, does it still push everything through the controllers even if it's raw VLANs?12:05
*** markvoelker has joined #openstack-ansible12:06
odyssey4meBofu2U the only thing that goes through the controllers is L3 stuff where the router is controller-managed12:06
Bofu2USo, for example, binding an instance directly onto the public will go direct12:06
odyssey4meso if you have a vlan network setup for a project, and the next hop for the network is set to be something that neutron isn't managing, then nothing will go through the neutron-agent containers12:06
Bofu2Uwhereas, private network + floating IP will flow through the controller?12:06
odyssey4meyes, private network + floating IP will go through controller because the floating IP NAT rule is implemented on the controller12:07
Bofu2Ugot it!12:08
Bofu2Uso scaling controllers isn't needed as heavily if they're thrown onto public directly12:08
odyssey4meif you're allowing instances to bind to a public network of some sort, and the router for that network is not managed by the controller, then it doesn't go through the l3 agent12:08
odyssey4mewell, it may help to know where things are implemented12:08
Bofu2Uyeah, obviously12:08
odyssey4mesecurity groups are implemented at the port, in other words on the vif on the hypervisor (compute node)12:09
Bofu2UNow I'm thinking about ... instance put directly onto the public network, but then also added a secondary network interface to private network12:09
Bofu2Uso it'd technically ... do ... both?12:09
odyssey4meThe floating IP is a NAT rule implemented on the L3 Agent.12:09
*** psilvad has quit IRC12:10
odyssey4meNeutron routers are virtual, and implemented on the L3 Agent.12:10
*** zerda2 has quit IRC12:10
odyssey4meYou could possibly have an instance with a leg in a private network and another leg in the public network, but if you have ARP spoofing protection enabled then that instance will not be able to route. It can communicate both ways, but never route.12:11
odyssey4meSo that's a useful implementation for something like a proxy (forward or reverse).12:11
Bofu2UI got ya.12:11
Bofu2UJust considering if controllers were to have a problem but some are publicly bound, etc.12:12
*** jiteka has joined #openstack-ansible12:12
odyssey4meNote that the 'public' network is designed for the floating ip pool and virtual routers. If you want to attach instances to a 'public' network then the right thing to implement is a 'shared' network. If you use the 'shared' network you get the same effect and don't have to mangle the policy.12:13
Bofu2Uoh that's even better, thank you12:13
odyssey4meDoing that is also a nice way to segregate your problem domains. You know that the 'public' network IP's are all behind a NAT, whereas the 'shared' network IP's are all directly exposed instance NIC's. You may wish to deal with their security profiles differently.12:14
Bofu2Uyeah that's perfect12:14
Bofu2Uso the real question is - do you want me to take the above and put it into a FAQ Q/A format for you to post somewhere? lol12:15
Bofu2Ubecause I remember trying to find answers like that for a bit12:15
*** admin0 has quit IRC12:16
odyssey4meI wonder if something to that effect shouldn't be added to the networking guide. Maybe here: http://docs.openstack.org/mitaka/networking-guide/intro-os-networking-overview.html12:17
Bofu2Uthat has my vote ..12:18
Bofu2Ujust the fact of knowing that the public direct bound doesn't flow through the controller is huge to me12:18
Bofu2Ubecause for some people that could be the difference between 3 controllers and 5012:18
*** wadeholler has quit IRC12:19
Bofu2Uespecially since RE: that train of thought, my head jumped to "but if it doesn't go through the controller how does it handle firewall policies" in which you brought up that it's done through the vif on the compute node.12:20
odyssey4meIt's kinda described in http://docs.openstack.org/mitaka/networking-guide/scenario-provider-lb.html but I suppose it's a little complex there and a summarised view of the concepts of the 'public' and 'shared' networks would be useful in the overview.12:20
odyssey4meBofu2U yeah, keep an eye on the terminology there... security groups are not really firewall policies - they're really just access lists12:21
Bofu2Urgr12:21
odyssey4mefirewall policies are implemented by FWaaS which is another agent, which would also run on the controller12:22
Bofu2Uyeah12:22
Bofu2Uexample - this is what spawned all of this for me12:23
Bofu2URight now, everything publicly bound is working 100%.12:23
Bofu2USince the neutron agent is having issues, everything on a private network and/or floating IP is dead in the water12:23
Bofu2Ubecause the controller 3 agent was set as the "gateway" on the private network I use. That's the one with issues. That's what I'm trying to fix.12:24
Bofu2Uetc.12:24
*** saneax is now known as saneax_AFK12:24
*** smatzek has quit IRC12:26
*** thorst_ is now known as thorst12:31
*** kylek3h has joined #openstack-ansible12:32
odyssey4meyeah, as always it really depends on the use case and the equipment available12:34
*** saneax_AFK is now known as saneax12:35
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-lxc_container_create: Make the LXC container create use the host resolver config  https://review.openstack.org/32643012:36
openstackgerritGreg Faust proposed openstack/openstack-ansible: DOC add note about building AIO more than once  https://review.openstack.org/32549812:39
*** admin0 has joined #openstack-ansible12:43
mhaydenmorning12:45
*** iceyao has quit IRC12:45
mhaydenwinggundamth: having problems with LBaaSv2 + Horizon?12:45
*** smatzek has joined #openstack-ansible12:46
*** kylek3h has quit IRC12:47
*** wadeholler has joined #openstack-ansible12:49
*** smatzek_ has joined #openstack-ansible12:50
*** smatzek has quit IRC12:54
Bofu2Umhayden I think he said he'll be back in a few hrs12:56
*** kylek3h has joined #openstack-ansible12:57
*** smatzek_ has quit IRC12:58
Adri2000hi13:00
Bofu2Uhi13:02
mhaydenBofu2U: cool, thanks13:04
*** alikins has quit IRC13:04
*** messy has joined #openstack-ansible13:05
Bofu2Umhayden though once I fix this that's where I'll be next :P13:05
*** admin0 has quit IRC13:06
*** alikins has joined #openstack-ansible13:07
*** admin0 has joined #openstack-ansible13:12
openstackgerritGreg Faust proposed openstack/openstack-ansible: DOC add note about building AIO more than once  https://review.openstack.org/32549813:13
*** Zucan has joined #openstack-ansible13:17
Bofu2Uodyssey4me: what would be the best way to re-add a .1 gateway within a private subnet?13:17
Bofu2Uaka it had .1 originally, then I deleted it. Because I didn't want my day to be easy.13:18
evrardjp:/13:18
Bofu2U(I was trying to change it to a different controller tbh since 3 was screwed, didn't work out so well)13:18
evrardjpAt some point don't you want to make your life easy and restart from scratch ?13:18
evrardjp:p13:18
*** alikins has quit IRC13:18
Bofu2Uevrardjp nah we're almost back to normal here ;)13:18
*** alikins has joined #openstack-ansible13:19
evrardjpso what did you change ? your external lb vip variable?13:19
evrardjpexternal/internal?13:19
Bofu2Uno, that's all fine13:19
evrardjpor just net configuration on your containers?13:19
Bofu2UI created a network within horizon called "internal"13:19
Bofu2Uit made the .1 gateway within neutron, etc.13:19
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Docs: Add developer guide for security role  https://review.openstack.org/32549913:20
mhaydenasettle: that should address your comments ^^13:20
evrardjpok Bofu2U13:20
evrardjpso it's openstack usage now13:20
asettlemhayden: cool :)13:20
asettleAnd morning13:20
Bofu2Uevrardjp: yes, for once :P13:20
mhaydenHOWDY ASETTLE13:20
automagicallyMorning all13:20
asettleyo yo automagically13:20
automagicallyo/ asettle13:20
Bofu2Umornin automagically asettle13:20
automagicallyo/ Bofu2U13:21
* mhayden passes automagically a breakfast taco13:21
asettleAlso, automagically the other day I kept trying to say "automatically" and all I kept fucking saying was 'automagically' - you have RUINED me13:21
asettleMorning Bofu2U13:21
automagicallyThat’s me, just making a mess everywhere ;)13:21
Bofu2Uautomagically I'll be saying that after I eat a breakfast taco.13:21
asettleSuper frustrating when apparently my job is 'words'13:21
asettle:p13:21
mhaydenone must finish consuming breakfast tacos before code can begin merging13:21
Bofu2Uor it gets the taco again13:22
evrardjpmorning automagically13:22
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Add check/audit to gate testing  https://review.openstack.org/32448213:22
asettleBofu2U: please excuse my ignorance, but I think you're the only person who I don't know?13:23
automagicallyo/ evrardjp13:23
asettleAnd your nick isn't giving away any secrets13:23
evrardjpasettle: you mean "word" ?13:23
Bofu2Uasettle I'm an unrelated pain in the ass that shows up after creating disaster within my openstack environment hoping to be saved by you kind people.13:23
asettleevrardjp: too right. I'm well gangsta13:23
Bofu2Ubasically.13:23
asettleBofu2U: cool. In my head I will call you... Brian13:24
Bofu2UI've also been known to randomly order a crapton of pizza to the rackspace office and have them yell "cloudnull" until he picks it up.13:24
Bofu2Uor so I've heard.13:24
asettlehehehehe kevin13:25
asettleBut this is giving me no hints13:25
asettleUntil then, you're Brian.13:25
asettleOr brain, if i'm dyslexic that day13:26
asettleWe'll find someone to be Pinky13:26
*** sdake has joined #openstack-ansible13:27
Bofu2UI'm fine with Brian.13:28
Bofu2UAlso, you don't know me.13:28
Bofu2U;)13:28
asettle... that's how we got here.13:28
Bofu2U... indeed.13:30
*** maurosr has quit IRC13:30
* Bofu2U affirmative head nod before walking away slowly.13:30
evrardjpBrian is in the kitchen13:30
asettle:p13:30
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Add release note for V-38524 implementation  https://review.openstack.org/32646713:31
*** sdake_ has joined #openstack-ansible13:34
mhaydenso i have a patch in to fix one thing that breaks the security role on RHEL 7 -- i can lend someone a RHEL 7 box if they need one to review this patch -> https://review.openstack.org/32542113:35
*** sdake has quit IRC13:36
*** admin0 has quit IRC13:38
*** maurosr has joined #openstack-ansible13:40
*** michaelgugino has joined #openstack-ansible13:41
michaelguginomorning everyone13:41
automagicallyo/ michaelgugino13:41
*** iceyao has joined #openstack-ansible13:41
asettleo/13:42
*** admin0 has joined #openstack-ansible13:43
automagicallyI’d appreciate some core reviews on https://review.openstack.org/325426 please if you all have a moment13:43
automagicallyAlso, https://review.openstack.org/32541913:44
automagicallyThanks in advance13:44
*** admin0 has quit IRC13:45
*** KLevenstein has joined #openstack-ansible13:46
*** admin0 has joined #openstack-ansible13:50
mhaydenautomagically: i shall gandereth13:50
*** ametts has joined #openstack-ansible13:53
*** smatzek_ has joined #openstack-ansible13:59
*** spotz_zzz is now known as spotz13:59
odyssey4meBofu2U have you figured out your .1 gateway thingy yet?14:00
*** pester has quit IRC14:00
odyssey4meBofu2U if not, what's the actual situation - you had a virtual network with a virtual router (which had the .1 address), and now have a vlan and want to set it up the same way except have .1 be on a real router?14:01
*** KLevenstein has quit IRC14:02
*** KLevenstein has joined #openstack-ansible14:04
*** Mudpuppy has joined #openstack-ansible14:04
openstackgerritMerged openstack/openstack-ansible-openstack_hosts: Fail immediately when kernel needs an update  https://review.openstack.org/32541914:04
*** Mudpuppy has quit IRC14:04
*** Mudpuppy has joined #openstack-ansible14:05
Bofu2Uodyssey4me: virtual network with virtual router and just need to setup the virtual router again on .114:07
Bofu2Uthat's all14:07
odyssey4meBofu2U ok, if you do a port list on that network - do any of the ports already have .1 assigned to it?14:08
Bofu2Unope14:08
odyssey4meok, and do you already have a router with an internal interface on that network?14:08
odyssey4me(and it has the wrong address)14:08
Bofu2Unot yet14:08
Bofu2UI didn't want to potentially make it worse by messing with randomness14:08
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-galera_server: DOC - Adopting the common role documentation pattern  https://review.openstack.org/32649214:09
odyssey4mealright, if you create a new router it should give you the option of creating it with a specific address on that network14:09
odyssey4meyou can certainly do so when creating a port14:09
Bofu2Uk let me log back in and give it a shot14:10
*** jamesdenton has joined #openstack-ansible14:11
Bofu2Uas my neutron agent keeps spamming about agents offline and migrations :|14:11
mrhillsmanmorning14:11
spotzmorning14:11
Bofu2Umorning14:11
odyssey4measettle can you cast your beady eye over https://review.openstack.org/325498 quickly please?14:14
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible-os_keystone: Minimum example playbook could let suppose db creation  https://review.openstack.org/32639814:17
*** admin0 has quit IRC14:18
*** psilvad has joined #openstack-ansible14:19
Bofu2Uodyssey4me I added it back in... says status down... hm14:19
Bofu2Uadmin state up, status down14:20
mhaydenautomagically: sorry, running behind on those reviews i promised14:21
Bofu2Uodyssey4me: to clarify, on the port after adding the interface in14:22
*** mpjetta has joined #openstack-ansible14:22
openstackgerritWang Qing wu proposed openstack/openstack-ansible-os_nova: Implement Nova PowerVM Virt Driver  https://review.openstack.org/31902214:23
odyssey4meBofu2U depending on how many routers and networks you have, the agent may take a bit of time before it gets to create the port properly - otherwise check the l3 agent logs for any errors to see why its down14:24
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-openstack_hosts: Updated the hostname generation  https://review.openstack.org/32350414:24
Bofu2Unot even seeing the l3 agent running in the container o.O14:24
Bofu2Uwell wait it is... but no logs14:25
*** klamath has quit IRC14:25
*** klamath has joined #openstack-ansible14:25
odyssey4meBofu2U ah, you may need to flip it into debug mode14:25
odyssey4meBofu2U but you may also find logs somewhere else that give clues - like the kernel log or syslog14:25
*** jamesdenton has quit IRC14:30
Bofu2Uodyssey4me hm. that's just filled with debugs about "agent down migrating..."14:31
Bofu2Uwhich makes sense given the status14:31
*** sdake_ has quit IRC14:36
*** weezS has joined #openstack-ansible14:36
*** raddaoui has joined #openstack-ansible14:39
*** mfisch has joined #openstack-ansible14:39
*** mfisch has quit IRC14:40
*** mfisch has joined #openstack-ansible14:40
*** galstrom_zzz is now known as galstrom14:42
*** admin0 has joined #openstack-ansible14:42
flaviodsrodyssey4me can you take a look at http://logs.openstack.org/73/325673/1/check/gate-openstack-ansible-os_sahara-docs/305c8f5/console.html ? Why this is failing? I am totally lost here14:43
*** bryan_att has quit IRC14:44
*** admin0 has quit IRC14:44
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-lxc_container_create: DOC - Adopting the common role documentation pattern  https://review.openstack.org/32652014:45
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: Extract and test inventory and backup I/O  https://review.openstack.org/32360114:45
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Enable human readable logging  https://review.openstack.org/32133314:46
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-openstack_hosts: Cleanup/standardize usage of tags  https://review.openstack.org/32541814:48
Bofu2Uevrardjp: hm. looks like "neutron agent-list" doesn't have the right container IDs as the running containers... inventory problem? :P14:50
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_glance: Implement CentOS 7 support in os_glance  https://review.openstack.org/32054214:54
*** admin0 has joined #openstack-ansible14:54
*** weshay has quit IRC14:56
*** bryan_att has joined #openstack-ansible14:57
odyssey4meflaviodsr looking...15:00
odyssey4meBofu2U if you essentially rebuilt the environment, but kept the old DB, then I expect that you'll still have the old agents around in the DB and will need to disable them to prevent networks/routers to be scheduled to use them15:01
Bofu2Uodyssey4me right that's what I'm doing - but the new ones aren't re-adding themselves either15:01
NepocFWIW whoever saw my last message regarding neutron acting unusual after the install... I've had a to add in a restart of all neutron services in all containers and compute nodes to fix everything. Why I have to do this is still a mystery.15:04
asettleSorry odyssey4me I was in a meeting previously. But the patch LGTM.15:05
asettleI'd reviewed it earlier and all iterations had been included :)15:05
asettleGive or take one or two15:05
asettleBut it's been merged, so that's okay :)15:06
*** vnogin has joined #openstack-ansible15:10
*** saneax is now known as saneax_AFK15:10
*** Drago has joined #openstack-ansible15:10
*** Drago has quit IRC15:12
*** vnogin1 has quit IRC15:12
*** Drago has joined #openstack-ansible15:12
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-lxc_hosts: DOC - Adopting the common role documentation pattern  https://review.openstack.org/32656815:13
Bofu2Uodyssey4me so this is interesting... my instances and private networks just came up, but neutron agent-list shows xxx on all instances lol15:17
odyssey4meflaviodsr OK, the issue is that ansible relies on paramiko and the latest version of paramiko requires some libraries to be present - so ensure that https://github.com/openstack/openstack-ansible-os_sahara/blob/master/other-requirements.txt includes the extra content that https://github.com/openstack/openstack-ansible-galera_server/blob/master/other-requirements.txt has15:17
Bofu2Uodyssey4me scratch that ... apparently at some point things switched to underscores instead of dashes so my grep was screwed15:18
odyssey4meflaviodsr that will ensure that zuul installs those packages onto the node before executing the test job15:18
odyssey4meBofu2U hmmm, FYI we switched FROM underscores TO dashes for Mitaka... but the 13.0.0 release still used underscores15:19
odyssey4me13.0.1 included the switch15:19
odyssey4meBofu2U https://review.openstack.org/323504 is a patch to make them all aliases so that we can all get along15:19
*** cloudtrainme has joined #openstack-ansible15:22
Bofu2Uodyssey4me gracias15:23
flaviodsrodyssey4me got it, thanks!15:24
*** deadnull is now known as deadnull_15:25
*** weshay has joined #openstack-ansible15:27
Bofu2Uodyssey4me evrardjp lbragstad I'm back up and running, thank you all very much.15:28
evrardjpgood news15:28
Bofu2UI should be back in a few days after killing it again.15:28
Bofu2U:P15:28
*** sdake has joined #openstack-ansible15:28
openstackgerritMarc Gariépy proposed openstack/openstack-ansible: fix links in upgrade-playbooks  https://review.openstack.org/32658015:31
openstackgerritMerged openstack/openstack-ansible-os_keystone: Add support for CustomLog format modification  https://review.openstack.org/32583715:31
*** mikelk has quit IRC15:33
openstackgerritMerged openstack/openstack-ansible-os_keystone: Remove pip_lock_down dependency  https://review.openstack.org/31388915:34
*** chhavi has quit IRC15:38
openstackgerritMerged openstack/openstack-ansible-os_keystone: Minimum example playbook could let suppose db creation  https://review.openstack.org/32639815:38
odyssey4mejmccrory automagically cloudnull d34dh0r53 stevelle mattt hughsaunders andymccr mhayden any thoughts on https://review.openstack.org/326396 ? also, https://review.openstack.org/326430 needs a review or two please15:39
* automagically looking15:40
*** admin0 has quit IRC15:40
openstackgerritMerged openstack/openstack-ansible-os_neutron: Updated multi-distro setup for isolation  https://review.openstack.org/32497415:41
*** sacharya has joined #openstack-ansible15:42
openstackgerritMerged openstack/openstack-ansible-galera_server: DOC - Adopting the common role documentation pattern  https://review.openstack.org/32649215:46
*** Kdecherf has left #openstack-ansible15:47
*** sacharya has quit IRC15:47
openstackgerritMerged openstack/openstack-ansible-os_nova: Fix nova_system_group_uid variable name  https://review.openstack.org/32612515:48
*** TheIntern has joined #openstack-ansible15:48
*** johnmilton has quit IRC15:49
*** johnmilton has joined #openstack-ansible15:50
*** BjoernT has joined #openstack-ansible15:51
*** smatzek_ has quit IRC15:52
*** johnmilton has quit IRC15:56
*** TheIntern has quit IRC15:56
odyssey4mebug triage here cloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, erikmwilson, mancdaz, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung, prometheanfire, evrardjp, arbrandes, mhayden, scarlisle, luckyinva, ntt, javeriak, automagically, spotz, vdo, jmccrory, alextricity25, jasondotstar, KLevenstein, admin0, michaelgugino, ametts, v1k0d3n,16:00
odyssey4me severion, bgmccollum, darrenc, JRobinson__, asettle, colinmcnamara, thorst, adreznec16:00
michaelguginohere16:00
spotz\o/16:00
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_neutron: Add metadata checksum fix for AIO-type networks configs  https://review.openstack.org/32639616:00
thorst\o16:00
adrezneco/16:00
v1k0d3nhere, but have to step away...16:00
evrardjpo/16:01
odyssey4mebefore we start, I'd like to ask if there are any volunteers who'd be happy to facilitate the bug triage on a weekly basis16:01
evrardjpI'd be happy to help OSA, if I can skip this week :p16:01
prometheanfireneato16:01
odyssey4meideally I'd like it to rotate, but I'd like to see someone take a primary triage role and to ensure that there are a facilitator for every meeting16:01
automagicallyo/16:02
asettleo/16:02
evrardjpif you're alright with that odyssey4me16:03
odyssey4meevrardjp Sure, that'd be great!16:03
*** sacharya has joined #openstack-ansible16:03
odyssey4meIt'd help me greatly. It might be a nice opportunity to try and document the meeting's guidelines a little more in the contributor guide so that any facilitators and contributors are aware of what happens and how it all works.16:04
automagicallyThanks for volunteering evrardjp16:04
openstackgerritSteve Lewis (stevelle) proposed openstack/openstack-ansible-os_gnocchi: Implement Ubuntu 16.04 support with SystemD  https://review.openstack.org/32471516:04
evrardjpyw16:04
odyssey4merighto, on to the list16:05
odyssey4mehttps://bugs.launchpad.net/openstack-ansible/+bugs?search=Search&field.status=New16:05
odyssey4meI'll start at the bottom and work up.16:05
odyssey4mehttps://bugs.launchpad.net/openstack-ansible/+bug/158890216:05
openstackLaunchpad bug 1588902 in openstack-ansible "Variables defined in global_overrides persist after deletion" [Undecided,New]16:05
automagicallyI consider that a high/medium given the confusion/dismay/despair it can cause a deployer16:06
automagically:D16:06
odyssey4meheh, oh dear - editing any vars in openstack_user_config will result in the same behaviour due to the fact that openstack_user_config forms part of the inventory16:06
odyssey4methese vars should be set in user_variables instead16:06
automagicallyYep16:06
odyssey4meI suppose that we're not clear about this.16:07
gregfausti have been bitten by 1588902 when testing various proxy & mirror settings16:07
odyssey4mepalendae ping?16:07
palendaePong16:08
odyssey4meSo I can see that for some hosts you may want to set that var on a per host basis, depending on your environment.16:08
palendaeautomagically, Are you taking that?16:08
palendaeOr did you decided not to?16:08
*** johnmilton has joined #openstack-ansible16:08
automagicallypalendae: I haven’t gotten to it as of yet16:08
automagicallySo, its up for grabs16:08
palendaeok16:08
odyssey4meSo while a 'standard' environment would have it in user_variables, it seems that we should probably figure out how to deal with the persistance in the inventory too?16:08
*** deadnull_ is now known as deadnull16:08
odyssey4mepalendae one of the items we described in the 'wish list' for the inventory was awareness of a change of state16:09
palendaeWell this is clearly a bug16:09
palendaeDunno if it's even a wish list16:09
odyssey4meie you have this setting now, then you remove it or change it - especially in the inventory this is important16:09
stevellelots of ways to skin this one16:09
*** smatzek_ has joined #openstack-ansible16:09
palendaeThis could apply to changing networks too16:09
odyssey4medo you think we can try to build some sort of state change awareness into the inventory?16:10
evrardjpConfirm/Medium?16:10
palendaeWhich is probably the more common case for global_overrides16:10
odyssey4meyep, changing networks is another state change which would be important - perhaps virt_type changes too16:10
palendaeWould have to look - right now all it's doing is re-reading the .json file16:10
palendaeSo if the inventory.json file exists, it wins by virtue of nothing else being read16:10
*** smatzek_ has quit IRC16:10
odyssey4meok - so do we have two items from this? the one would be that we should document that this should be done in user_variables.yml as a standard way of implementing it16:11
palendaeSince the .yml files aren't touched, this may be a fairly large fix, but we definitely need to address it16:11
palendaeodyssey4me, What is "this" that should be done?16:11
odyssey4methe other would be to detect the removal of a var from the inventory and to remove it from the inventory.json if that happens?16:11
palendaeThis affects stuff that goes in global_overrides but not user_variables, like networks16:11
automagicallyDefinitely a doc update or two needed here16:12
palendaeI can take your latter case16:12
odyssey4mepalendae by 'this' I mean the use of the var  in the inventory/openstack_user_config16:12
palendaeWhich var?16:12
palendaeThis particular bug report shows a strawman16:12
palendaeautomagically, What was the actual var you were using?16:12
odyssey4meI expect that it was https://github.com/openstack/openstack-ansible/blob/master/etc/openstack_deploy/user_variables.yml#L137-L14616:13
automagicallyI don’t recall to be honest, its on the other side of the weekend16:13
automagicallyodyssey4me: Yeah, that looks likely16:13
palendaeOk16:13
palendaeIMO we'd be best off advising nothing goes in global_overrides except networks16:13
evrardjppalendae: agreed16:14
odyssey4meok, we should probably then register a doc bug for that specifically16:14
evrardjpif it's global it can be defined in user_*16:14
palendaeSo yes, I would agree it's 2 bugs - doc and the regeneration issue16:14
palendaeAnd I can snag the regeneration part16:14
odyssey4mecan someone please register a bug for the recommended doc change?16:14
spotzodyssey4me: I'll go through the log and do it16:15
odyssey4methanks, I've added a comment to https://bugs.launchpad.net/openstack-ansible/+bug/1588902 for clarity16:17
openstackLaunchpad bug 1588902 in openstack-ansible "Variables defined in global_overrides persist after deletion" [Undecided,New]16:17
odyssey4methanks spotz :)16:17
odyssey4mepalendae can you self assign please16:17
palendaeSur16:17
odyssey4methoughts on importance for this one?16:17
evrardjpimportance: wishlist16:17
palendaeI'd say medium or high16:17
palendaeBecause this is the opposite of expected behavior, and prevents deployers from managing their environment without getting invasive16:18
odyssey4meyeah ok - we have two suggestions for medium/high... I'm thinking medium as this is a case of not using by design and is a bit of a fringe case16:19
odyssey4methat said, it's a large environment use-case so I'd be happy to go with high16:19
*** asettle has quit IRC16:19
odyssey4mestevelle thoughts?16:19
stevelleI'm feeling like it doesn't matter much either way, but I'd grant this high, because the workarounds are not yet documented well16:20
*** karimb has joined #openstack-ansible16:20
odyssey4meok, done16:21
odyssey4memoving on: https://bugs.launchpad.net/openstack-ansible/+bug/158882116:21
openstackLaunchpad bug 1588821 in openstack-ansible "Document host removal" [Undecided,New]16:21
openstackgerritMarc Gariépy proposed openstack/openstack-ansible: DOC - fix links in upgrade-playbooks  https://review.openstack.org/32658016:21
evrardjpmy wishlist was for this one16:23
evrardjp:p16:23
evrardjphigh for the previous one :p16:24
odyssey4meit is obviously clear that it would be useful to have the decommission process documented properly16:24
odyssey4mewe could probably also add a convenience playbook to the ops repository16:24
odyssey4meany volunteers to pick this up?16:25
odyssey4meok, marking wishlist and confirmed for now16:27
odyssey4menext up https://bugs.launchpad.net/openstack-ansible/+bug/158881816:27
openstackLaunchpad bug 1588818 in openstack-ansible "Make network and subnet names configurable in tempest installation" [Undecided,New]16:27
odyssey4meit looks like a low hanging fruit enhancement16:28
odyssey4meso wishlist, clearly16:29
odyssey4menext up: https://bugs.launchpad.net/openstack-ansible/+bug/158881216:29
openstackLaunchpad bug 1588812 in openstack-ansible "br-vlan should not be required on compute nodes" [Undecided,New]16:29
stevellethat's legitimate, isn't it16:32
evrardjpit legitimate if we use br-vlan on neutron but not on compute16:32
odyssey4mesort-of related: https://review.openstack.org/27632016:32
stevellerelated, but distinct still.16:33
odyssey4meyeah16:33
odyssey4meso the use-case is right - and we do have a rather fixed assumption of expected bridges, etc16:34
*** Nepoc has quit IRC16:34
stevelleI'd got with confirmed low16:34
stevelles/t//16:34
evrardjp+116:34
odyssey4meit would be nice if we could move towards using the more standard bridges described in the network guide, but that's going to take quite a bit of re-work and dedicated time.16:34
evrardjpagreed16:36
odyssey4meok, marked confirmed/low16:36
odyssey4menext up: https://bugs.launchpad.net/openstack-ansible/+bug/158877716:36
openstackLaunchpad bug 1588777 in openstack-ansible "Cinder volume type creation race condition failure" [Undecided,New] - Assigned to Samuel Matzek (smatzek)16:36
odyssey4mehrm, so the only way to work around that right now is to make https://github.com/openstack/openstack-ansible-os_cinder/blob/master/tasks/cinder_backends.yml#L27-L37 only run on the first member of the group16:38
evrardjpyou should not run this way IMO16:38
odyssey4meor that task should come out of the role and go into the playbook16:38
stevelleso this is during the configuration of cinder, really.16:38
*** admin0 has joined #openstack-ansible16:42
odyssey4meconfirmed/medium in my opinion16:42
evrardjpconfirmed medium16:42
odyssey4meI've added a comment regarding the options I see to solve it16:43
odyssey4menext up: https://bugs.launchpad.net/openstack-ansible/+bug/158805116:43
openstackLaunchpad bug 1588051 in openstack-ansible "Excessive logging to /var/log in neutron agents and other containers" [Undecided,New]16:43
*** karimb has quit IRC16:45
*** cloudtrainme has quit IRC16:45
*** karimb has joined #openstack-ansible16:45
evrardjpit's a wishlist for me16:46
odyssey4mewell, how a host is partitioned and where the logs go is not really something the project can solve16:46
evrardjpwith even a proposition of how to fix it16:46
odyssey4mewhat we can do, however, is implement facilities that deployers can consume16:46
BjoernTthat's a funny opinion16:46
odyssey4mecloudnull has made a reasonable suggestion16:47
BjoernTOSA rolls out a design in regards to logging16:47
odyssey4meany other suggestions?16:47
BjoernTso we can not just look away.  Yes as I updated. Do not store any logs in the root partitions16:47
*** karimb has quit IRC16:48
BjoernTBasically what I updated to the beginning of the meeting.16:48
evrardjpBjoernT: is that something you see impacting 100% of the osa customers?16:48
odyssey4meBjoernT where the logs go in terms of partitions depends on how you partition your hosts16:48
BjoernTMy customers are16:48
odyssey4meif you partition /openstack/logs then your logs aren't in the root partition.16:48
evrardjpI don't ask names :D16:48
*** evilt0ne has quit IRC16:48
BjoernTyeah a stop gap would be to bind mount /var/log16:49
BjoernTthat keeps filling up not so much neutron16:49
evrardjpBjoernT: I think what you're pointing is another issue16:49
*** Drago has quit IRC16:49
BjoernTthe issue is that the DHCP lease files are on the container root disks which is a different problem16:50
evrardjpwhy would a log only be in the container instead of being in /openstack/logs ?16:50
evrardjpright?16:50
BjoernTwrong16:50
evrardjpthen we have a bug of a file not correctly reported?16:50
odyssey4mealright, so it seems that we have logs leaking into syslog/upstart logs which is one issue16:50
BjoernTthe openstack/neutron logs are at /openstack/logs16:50
evrardjpBjoernT: that's what I meant16:50
evrardjpwith the dhcp16:50
BjoernTthe DHCP lease files are on /dev/root16:50
*** Drago has joined #openstack-ansible16:50
*** Drago has quit IRC16:50
BjoernTto say it that way16:50
*** iceyao has quit IRC16:51
*** Drago has joined #openstack-ansible16:51
*** Drago has quit IRC16:51
BjoernTand all other rsyslog logs are on /dev/root too which ultimately can fill up disk space uncontrolled like conntrackd16:51
*** Drago has joined #openstack-ansible16:51
BjoernTsame is true for neutron pid files, namespaces etc all this stuff is on /dev/root and potentially in danger if conntrackd freaks out16:51
BjoernThence NO logging on /dev/root16:52
odyssey4meby that you mean the root disk in the container?16:52
BjoernTcorrect16:52
BjoernTit's easier to type/write16:52
BjoernTand everyone else will understand it :-)16:52
odyssey4meok - I'm clarifying to ensure that we understand the problem properly16:52
BjoernTI think the issue is compounded using LVM as storage backend16:53
stevelleit had to be clarified so clearly not everyone understood :)16:53
odyssey4me:p16:53
* stevelle raises his hand16:53
odyssey4mego stevelle16:53
BjoernTstevelle: you need a linux course, I can make a training for you, lol16:53
*** admin0 has quit IRC16:53
*** admin0 has joined #openstack-ansible16:54
*** psilvad has quit IRC16:54
odyssey4meok, so the trouble with moving the logs to a bind mount on the host is that the problem shifts from one container to all of them16:54
odyssey4meif you fill up the host, you kill the whole host16:54
BjoernTyeah so that's where I want to go. Get all content likle logs, config , all volatile data out of the container but this is a bigger picture.16:55
odyssey4melogrotate is a help, and perhaps should allow configuration based on size instead of time16:55
BjoernTodysee4me, we can partition /var/lib/lxc accordingly and have monitoring in place16:55
evrardjpI think it starts to be a discussion based on opinions16:55
odyssey4mebut as you say logrotate doesn't cover all the bases16:55
*** psilvad has joined #openstack-ansible16:55
*** admin0 has quit IRC16:55
BjoernTYes but logrotate is also not guaranteed to succeed16:56
openstackgerritMerged openstack/openstack-ansible: RFC1034/5 hostname upgrade  https://review.openstack.org/32303316:56
openstackgerritMerged openstack/openstack-ansible: DOC add note about building AIO more than once  https://review.openstack.org/32549816:56
evrardjpbecause you're talking about you can solving that with monitoring too, and there is a risk of impacting the whole host. For me it looks interesting, but everything should be done facultatively16:56
BjoernTI also do see double logging like /var/log/upstart and /openstack/log etc16:56
openstackgerritMerged openstack/openstack-ansible: Update ansible to version 2.1  https://review.openstack.org/32104216:56
openstackgerritMerged openstack/openstack-ansible: change host_containers group names in inventory  https://review.openstack.org/28314916:56
*** admin0 has joined #openstack-ansible16:56
openstackgerritMerged openstack/openstack-ansible: Use combined pip_install role  https://review.openstack.org/31387816:56
odyssey4meanother option entirely is to ensure that there's a configuration ability to never log locally and only send logs via rsyslog... but that has other issues16:56
BjoernTevrardjp: Every discussion starts with a opinionated problem , what's wrong with that. I'm as biggest OSA user have clearly a problem here16:57
odyssey4meyeah, so the double-logging and log leakage to syslog is something that should be addressed in the short term16:57
odyssey4meI think that better options for handling log sizes via logrotate is another way to help band aid the issue.16:58
BjoernTodyssey4me: Yes I was curios what we think in not using log files in log4python or whatever this facility is named and directly ship all logs to a syslog facility so I can decided where stuff goes to16:58
odyssey4meBjoernT the main reason we're logging locally is because the openstack logging direct to syslog has been very broken for a long time16:58
openstackgerritMichael Gugino proposed openstack/openstack-ansible-os_nova: Implement Xenial Support  https://review.openstack.org/32404516:59
BjoernTbugs in the python rsyslog implementation ?16:59
odyssey4meso we opted to log locally, then use rsyslog to pick up the log and ship it instead - it's more reliable, and lets the service run regardless of the remote rsyslog availability16:59
odyssey4meit's a more robust implementation16:59
odyssey4meBjoernT no, bugs in the openstack usage of the underlying libraries16:59
odyssey4mesome worked fine, others did not - and we opted for consistency in the implementation rather than doing different things for different services17:00
*** weezS has quit IRC17:00
odyssey4menova, for instance, if it could not connect to the syslog device, would simply hang when starting17:00
odyssey4meit would never fail, and never give up trying17:00
odyssey4meit's plausible that the situation has changed - but this was still an issue when I last tested in Liberty17:01
evrardjpI like the discussion, but we have to understand that this is a big move, and this requires careful planning. It requires a spec for the analysis, and is (IMO) a wishlist17:01
evrardjpit's not a bug: we have logging in place, and with proper sysadmin behavior, nothing brings a general failure itself17:02
evrardjpstill this is my opinion only :)17:02
BjoernTevrardjp: yes as I offered I can start writing up specs once we are in line to a) identify this is a problem.17:03
BjoernTIn the past I wasted time discussing things and solutions which was not even accepted as problem, I don't want to get caught into this again it is frustrating17:03
evrardjpmakes sense17:03
BjoernTso next thing is i write up a spec ?17:05
odyssey4memarking as confirmed/low priority as there are clear workaround available and I've added a link to this discussion with the suggestion to submit a spec for the larger picture of better log management17:05
odyssey4meBjoernT sure - the spec template includes a decription of the problem17:06
BjoernTthat's Ok this is what I offered17:06
odyssey4meso there may be some discussion/iteration on what the problem is17:06
odyssey4meonce the problem itself is agreed on and a suitable solution is proposed then it can be worked on17:07
BjoernTyes we can do that in scope of the spec17:07
BjoernTto make it clear17:07
odyssey4mefor now though this bug can have some band-aids implemented17:07
odyssey4meas we discussed earlier17:07
BjoernTyes as short gap this is fine17:07
*** Drago has quit IRC17:08
odyssey4meI think regardless of a long term solution, the double-logging needs to be addressed. It wreaks all sort of havoc with any form of log analysis.17:09
BjoernTyes correct17:10
odyssey4mealright, we're out of time for this week - thanks all for attending and participating in the discussion17:10
odyssey4meevrardjp will be leading the triage from next week onwards :)17:10
evrardjpthanks everyone17:10
*** zerda2 has joined #openstack-ansible17:18
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set check_mode variable every time  https://review.openstack.org/32666417:19
openstackgerritTravis Truman (automagically) proposed openstack/openstack-ansible-os_aodh: DOC - Adding details on required variables for the role  https://review.openstack.org/32666517:20
zerda2Hello. Have some questions regarding https://review.openstack.org/#/c/325837/. I'd like to have this change in Liberty, and also in Horizon (since it's basically the same Apache+WSGI thing). Should I create 5 more reviews (for keystone L, M and Horizon L, M, N)?17:21
automagicallyzerda2: You can propose a cherry-pick using the gerrit web interface to the stable/mitaka and liberty branchs17:22
automagicallyAnd I think adding a similar change to horizon is a good idea17:23
stevellezerda2: ^ cherry-pick for mitaka. For liberty the roles are all in the main openstack-ansible repo17:23
stevellea manual backport will be required there17:23
zerda2So, one cherrypick and one manual backport per module17:23
stevellethat sounds right17:24
zerda2Cool, will try to get to this tomorrow17:24
automagicallyAwesome zerda2 , thanks for the contrib17:25
*** Ashana has joined #openstack-ansible17:28
zerda2automagically, it's been a pleasure, I'm really amazed with the reaction speed on this change. We (my employer) are using openstack-ansible for our internal installations, and it's great to have necessary modifications in upstream in timely manner, not some forks and patches maintained locally17:28
*** admin0 has quit IRC17:30
*** woodard has joined #openstack-ansible17:30
*** admin0 has joined #openstack-ansible17:31
zerda2And speaking about Horizon logging, does it make sense to change it like in python-horizon module for better control (https://github.com/openstack/puppet-horizon/blob/master/templates/local_settings.py.erb#L654)? Now there are messages in Apache error log saying "Login successful for user X".17:32
*** cloudtrainme has joined #openstack-ansible17:32
zerda2And that's because of console handler hardcoded into template17:33
*** admin0 has quit IRC17:34
openstackgerritMerged openstack/openstack-ansible-lxc_hosts: DOC - Adopting the common role documentation pattern  https://review.openstack.org/32656817:37
*** admin0 has joined #openstack-ansible17:39
openstackgerritMerged openstack/openstack-ansible-lxc_container_create: Make the LXC container create use the host resolver config  https://review.openstack.org/32643017:39
*** woodard has quit IRC17:41
*** admin0 has quit IRC17:41
*** woodard has joined #openstack-ansible17:41
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: Remove deleted override vars from inventory  https://review.openstack.org/32538017:42
*** admin0 has joined #openstack-ansible17:42
openstackgerritNolan Brubaker proposed openstack/openstack-ansible: Remove deleted override vars from inventory  https://review.openstack.org/32538017:45
openstackgerritSteve Lewis (stevelle) proposed openstack/openstack-ansible: Introduce a playbook for deploying Gnocchi  https://review.openstack.org/32412517:45
*** woodard has quit IRC17:45
palendaeLunch and relocating17:46
*** asettle has joined #openstack-ansible17:49
*** asettle has quit IRC17:49
*** asettle has joined #openstack-ansible17:49
*** admin0 has quit IRC17:50
*** admin0 has joined #openstack-ansible17:52
*** cloudtrainme has quit IRC17:53
*** Drago has joined #openstack-ansible17:56
*** zerda2 has quit IRC17:59
openstackgerritSteve Lewis (stevelle) proposed openstack/openstack-ansible: Introduce a playbook for deploying Gnocchi  https://review.openstack.org/32412518:00
*** KLevenstein has quit IRC18:01
*** KLevenstein has joined #openstack-ansible18:02
*** electrofelix has quit IRC18:02
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Set check_mode variable every time  https://review.openstack.org/32666418:05
*** jorge_munoz has joined #openstack-ansible18:09
odyssey4meautomagically stevelle FYI https://review.openstack.org/326396 rebased18:12
v1k0d3nhey all. i have one stubborn container that refuses to build on an infrastructure host. has anyone seen this behavior?18:16
*** tiagogomes has quit IRC18:16
v1k0d3nit's only this one host that's receiving an error: SSH Error: data could not be sent to the remote host.18:17
v1k0d3nevery other container on this box seems to be fine...18:17
odyssey4mev1k0d3n have you escalated the number of forks you're using?18:18
odyssey4meand have you verified that you're not out of disk space?18:19
v1k0d3nhaven't played with that honestly.18:19
v1k0d3nthink i found an issue...18:19
*** weezS has joined #openstack-ansible18:19
v1k0d3neven though i have an ip excluded...it seems as though this container has claimed the .1 of my net...(a router ip)18:19
v1k0d3nthat's bad.18:19
odyssey4meoh really? I don't think I"ve seen that happen before.18:20
odyssey4meare your used_ip exclusions done right?18:20
v1k0d3nah..hmm18:20
v1k0d3nmight be the darn config. shoot.18:20
v1k0d3ntook this deployment over and have corrected a lot. i guess i overlooked this one!18:21
v1k0d3nlol18:21
*** admin0 has quit IRC18:21
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: Remove Ironic container creation from AIO preparation  https://review.openstack.org/32668618:24
v1k0d3nso odyssey4me how can i "reassign" a container ip...is there an easy way to do this with the project?18:26
v1k0d3ni've excluded. i can destroy and rebuild the container too...worried it's going to use the same ip though.18:26
*** ametts has quit IRC18:27
v1k0d3nwould that be automatically taken care of after a destroy and rebuild of the container, or would that hang around someplace?18:28
odyssey4mev1k0d3n if you destroy the container without removing it from the inventory or changing the inventory, it will always come back with the same config18:30
odyssey4meso destroy it, then modify the inventory (or remove it from the inventory), then rebuild it18:30
odyssey4meif it's something where you want the name to remain the same - then modify the inventory18:30
v1k0d3nok, that's what i thought. is there any way to update the inventory for a single container/host?18:30
odyssey4meif you don't care about the name, you can remove it from the inventory18:31
odyssey4methe name is important if it's something that has registered as an agent for a service before18:31
odyssey4meif you want to remove it - use inventory-manage.py from the scripts/ directory18:31
*** Ashana has quit IRC18:31
odyssey4meif you want to edit it, I don't think the script can do that so you'll have to edit it by hand (after backing up of course)18:31
odyssey4meif you feel the urge to add an edit function into inventory-manage, please do :)18:32
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible: Switch Ironic role repo to use git.o.o  https://review.openstack.org/32669018:35
*** admin0 has joined #openstack-ansible18:38
*** saneax_AFK is now known as saneax18:39
*** Zucan has quit IRC18:40
*** ametts has joined #openstack-ansible18:40
*** admin0 has quit IRC18:40
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Docs: Add developer guide for security role  https://review.openstack.org/32549918:45
v1k0d3nodyssey4me: yeah, this sounds like a good opportunity. at some point possibly...still trying to get my arms around my current workload.18:45
*** weezS has quit IRC18:50
odyssey4meok, I'm out for the night - cheerio all!18:51
*** admin0 has joined #openstack-ansible18:52
michaelguginocya18:52
michaelguginoIf anyone that has knowledge of the tempest testing could take a look at https://review.openstack.org/#/c/324045/ I would appreciate it.18:56
michaelguginoNova appears to install fine, and seems to be working locally, but the tempest functional test is complaining about some AZ not existing18:56
*** mhayden has quit IRC19:00
*** mhayden has joined #openstack-ansible19:00
*** weezS has joined #openstack-ansible19:01
*** rahuls has joined #openstack-ansible19:04
*** galstrom is now known as galstrom_zzz19:07
*** galstrom_zzz is now known as galstrom19:08
*** evilt0ne has joined #openstack-ansible19:12
openstackgerritMark Hooper proposed openstack/openstack-ansible-security: adding grub conf variable since RHEL 7 is now using /boot/grub2 instead of /boot/grub  https://review.openstack.org/32670519:14
*** raddaoui has quit IRC19:17
openstackgerritMark Hooper proposed openstack/openstack-ansible-security: forgot quotes, oops  https://review.openstack.org/32670919:21
*** raddaoui has joined #openstack-ansible19:28
*** permalac has quit IRC19:36
*** asettle has quit IRC19:42
openstackgerritMark Hooper proposed openstack/openstack-ansible-security: adding grub conf variable since RHEL 7 is now using /boot/grub2 instead of /boot/grub  https://review.openstack.org/32670519:44
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Fix grub configuration file path in RHEL/CentOS 7  https://review.openstack.org/32670519:48
mhaydentwo new security role contributors in one week!19:49
mhaydenautomagically: time to celebrate!19:49
automagicallyI could use a beer19:49
automagicallyI’ll take that as an excuse19:49
mhaydenwoot19:51
mhaydenautomagically: mark is using the security role on RHEL 7 -- hence the patch i tossed into the security role for RHEL 7 support19:51
mhaydenno way to gate that though, but the patch is small19:51
automagicallyCool, I saw your update19:51
*** admin0 has quit IRC19:59
*** asettle has joined #openstack-ansible19:59
*** galstrom is now known as galstrom_zzz20:03
*** admin0 has joined #openstack-ansible20:04
*** retreved has quit IRC20:05
*** galstrom_zzz is now known as galstrom20:32
*** BjoernT has quit IRC20:33
kboratynskimhayden: I haven't seen STIGs for RHEL7. ;-/20:33
mhaydenkboratynski: me either :|20:33
mhaydenthen again, that opens the door to a lot more work :P20:34
mhaydenso if they take their time a little more, i'm okay with that :P20:34
kboratynskimhayden: There are many test that might be useful, 'noexec' on /home, 'nodev' on /home, so on. ;-)20:35
mhaydenkboratynski: if you have a moment to review some commits to the security repo, i'd be much obliged :)20:35
mhaydeni'd like to get some solid logging so that audit mode could run fully without needing the fail module20:35
kboratynskimhayden: Me as a reviewer? :-)20:35
mhaydenkboratynski: absolutely! why not? :)20:35
kboratynskiWell, I'm ok with that! :-)20:35
mhaydenanyone can provide input there20:36
kboratynskimhayden: I know 'reno' tool. Take it easy. ;-) I will look at your comments in 2 days time.20:36
mhaydenbut if you actually use the role, your input is super valuable20:36
mhaydenhaha, kboratynski  -- that's cool, i know it's new to some folks20:36
*** asettle has quit IRC20:36
kboratynskimhayden: Yep. I use it. Not in OpenStack env, unfortunately, but yep. :-)20:37
kboratynskiIt confuses me, why there are no such security checks like provided above. Don't you think it is strange?20:39
mhaydenhow do you mean?20:40
mhaydenautomagically: was this change still good? https://review.openstack.org/28903220:43
kboratynskimhayden: Sticky bit for /tmp. 'nodev', 'noexec' for /home as mountpoint options, ulimits, IDS and file integrity tool installed... and many others I haven't seen among STIGs. ;-(20:46
mhaydenoh yeah, totally agree20:46
mhaydenare you talking about host-based IDS? like OSSEC?20:46
mhaydeni assume something more than file integrity20:46
* mhayden hands stevelle a +2 for a big load of documentation :)20:48
stevellethank yas20:48
kboratynskihost and network based IDS.20:48
kboratynskiDepending on type of machine (host).20:48
kboratynskiSomething like Snort.20:48
kboratynskiIn example.20:48
*** kylek3h has quit IRC20:54
*** asettle has joined #openstack-ansible20:59
*** saneax is now known as saneax_AFK20:59
*** Mudpuppy has quit IRC21:00
mhaydenthat would be good21:02
* mhayden is out for now21:02
mhaydennight folks21:02
*** spotz is now known as spotz_zzz21:03
openstackgerritMerged openstack/openstack-ansible-security: Implemented: V-38524.  https://review.openstack.org/32496021:04
*** goldenfri has joined #openstack-ansible21:09
*** psilvad has quit IRC21:09
*** thorst has quit IRC21:12
*** thorst has joined #openstack-ansible21:13
*** thorst has quit IRC21:17
*** pjm6 has quit IRC21:19
*** pjm6 has joined #openstack-ansible21:19
*** weezS has quit IRC21:27
*** thorst has joined #openstack-ansible21:38
*** admin0 has quit IRC21:41
*** thorst has quit IRC21:42
mrdaMorning all21:55
*** cloudtrainme has joined #openstack-ansible21:56
*** messy has quit IRC21:57
*** spotz_zzz is now known as spotz21:58
*** KLevenstein has quit IRC21:58
openstackgerritMichael Davies proposed openstack/openstack-ansible: Add an easy way to run cmds in utility container  https://review.openstack.org/32620022:03
*** asettle has quit IRC22:03
*** sdake_ has joined #openstack-ansible22:03
*** Nepoc has joined #openstack-ansible22:04
*** sdake has quit IRC22:06
lbragstadquestion - is this evaluated as "and" or as an "or" in ansible? https://github.com/openstack/openstack-ansible-os_keystone/blob/master/meta/main.yml#L42-L4422:06
*** sdake has joined #openstack-ansible22:06
*** weshay has quit IRC22:08
openstackgerritDolph Mathews proposed openstack/openstack-ansible-os_keystone: Always use memcached  https://review.openstack.org/32674822:08
*** sdake_ has quit IRC22:10
openstackgerritDolph Mathews proposed openstack/openstack-ansible-os_keystone: Always use memcached  https://review.openstack.org/32674822:11
matttlbragstad: and22:24
*** BjoernT has joined #openstack-ansible22:26
BjoernTHi folks, we just opened a critical issue https://bugs.launchpad.net/openstack-ansible/+bug/1590166. Galera instances recovery from SST is not possible due to crashing xtradb22:27
openstackLaunchpad bug 1590166 in openstack-ansible "Rejoining/recovery of galera cluster fails" [Undecided,New]22:27
*** fawadkhaliq has joined #openstack-ansible22:28
*** ametts has quit IRC22:30
*** weezS has joined #openstack-ansible22:39
*** cloudtrainme has quit IRC22:43
*** cloudtrainme has joined #openstack-ansible22:43
*** cloudtrainme has quit IRC22:43
*** sdake has quit IRC22:43
*** Drago has quit IRC22:45
*** pjm6_ has joined #openstack-ansible22:50
*** pjm6 has quit IRC22:52
*** pjm6 has joined #openstack-ansible22:57
openstackgerritFlávio Ramalho proposed openstack/openstack-ansible-os_sahara: Test sahara with tempest  https://review.openstack.org/32567322:58
lbragstadmattt ah - thanks!23:00
lbragstadcc dolphm ^23:00
*** pjm6_ has quit IRC23:00
matttlbragstad: np!23:02
*** weezS has quit IRC23:02
*** psilvad has joined #openstack-ansible23:03
*** rahuls has quit IRC23:05
*** galstrom is now known as galstrom_zzz23:06
*** rahuls has joined #openstack-ansible23:09
*** sdake has joined #openstack-ansible23:12
*** markvoelker has quit IRC23:13
*** scarlisle has quit IRC23:13
*** sacharya_ has joined #openstack-ansible23:15
*** sacharya has quit IRC23:15
*** rahuls has quit IRC23:15
*** BjoernT has quit IRC23:16
*** spotz is now known as spotz_zzz23:17
*** saneax_AFK is now known as saneax23:22
*** sacharya_ has quit IRC23:25
*** rahuls has joined #openstack-ansible23:26
openstackgerritAntony Messerli proposed openstack/openstack-ansible-specs: Xen Virt Driver Support  https://review.openstack.org/32549023:26
*** fawadkhaliq has quit IRC23:37
*** sdake has quit IRC23:46
*** fawadkhaliq has joined #openstack-ansible23:52
*** thorst has joined #openstack-ansible23:56
*** fawadkhaliq has quit IRC23:56
*** thorst has quit IRC23:56
*** thorst has joined #openstack-ansible23:57
*** saneax is now known as saneax_AFK23:58
« Monday, 2016-06-06 Index Wednesday, 2016-06-08 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!