Thursday, 2017-07-13

« Wednesday, 2017-07-12 Index Friday, 2017-07-14 »
*** jamesdenton has joined #openstack-ansible00:00
*** thorst has joined #openstack-ansible00:02
*** thorst has quit IRC00:07
*** agrebennikov has joined #openstack-ansible00:09
*** ricardoas has quit IRC00:09
*** yifei has joined #openstack-ansible00:09
*** acormier has joined #openstack-ansible00:17
*** acormier has quit IRC00:17
*** acormier has joined #openstack-ansible00:18
*** askb has joined #openstack-ansible00:19
*** acormier has quit IRC00:22
*** acormier has joined #openstack-ansible00:23
*** jamesdenton has quit IRC00:24
*** acormier has quit IRC00:27
*** jamesdenton has joined #openstack-ansible00:27
*** acormier has joined #openstack-ansible00:29
*** acormier has quit IRC00:31
*** markvoelker has quit IRC00:35
*** jamesdenton has quit IRC00:37
*** dxiri has quit IRC00:41
*** acormier has joined #openstack-ansible00:41
*** acormier has quit IRC00:45
*** acormier has joined #openstack-ansible00:46
*** markvoelker has joined #openstack-ansible00:47
*** n3v3rm0r3r has quit IRC00:56
*** chyka has joined #openstack-ansible01:03
*** chyka has quit IRC01:04
*** gouthamr has quit IRC01:05
*** chyka has joined #openstack-ansible01:07
*** kristian__ has joined #openstack-ansible01:26
*** cathrich_ has joined #openstack-ansible01:28
*** cathrichardson has quit IRC01:28
*** n3v3rm0r3r has joined #openstack-ansible01:29
*** kristian__ has quit IRC01:31
*** galstrom_zzz is now known as galstrom01:43
*** dxiri has joined #openstack-ansible01:47
*** dxiri has quit IRC01:51
*** acormier_ has joined #openstack-ansible01:51
*** acormier has quit IRC01:55
*** n3v3rm0r3r has quit IRC01:58
*** dxiri has joined #openstack-ansible02:05
*** thorst has joined #openstack-ansible02:08
*** dxiri has quit IRC02:10
*** thorst has quit IRC02:13
*** acormier_ has quit IRC02:25
*** n3v3rm0r3r has joined #openstack-ansible02:26
*** jwitko has quit IRC02:30
*** esberglu has joined #openstack-ansible03:00
*** esberglu has quit IRC03:00
*** dxiri has joined #openstack-ansible03:02
*** chhavi has joined #openstack-ansible03:02
*** dxiri has quit IRC03:06
*** schwicht has quit IRC03:14
*** galstrom is now known as galstrom_zzz03:26
*** cpuga has joined #openstack-ansible03:26
*** cpuga has quit IRC03:30
*** udesale has joined #openstack-ansible03:35
*** cpuga has joined #openstack-ansible03:44
openstackgerritJimmy McCrory proposed openstack/openstack-ansible master: Idempotent nova db privilege grants  https://review.openstack.org/48317603:52
openstackgerritJimmy McCrory proposed openstack/openstack-ansible master: Idempotent nova db privilege grants  https://review.openstack.org/48317603:53
*** esberglu has joined #openstack-ansible03:53
openstackgerritJimmy McCrory proposed openstack/openstack-ansible master: Idempotent nova db privilege grants  https://review.openstack.org/48317603:55
*** esberglu has quit IRC03:58
*** gkadam has joined #openstack-ansible03:59
*** albertcard1 has quit IRC04:28
*** agrebennikov has quit IRC04:29
*** hybridpollo has quit IRC04:46
*** ivve has joined #openstack-ansible05:25
*** prometheanfire has quit IRC05:25
*** gouthamr has joined #openstack-ansible05:34
*** marst has joined #openstack-ansible05:36
*** tobberydberg has joined #openstack-ansible05:41
*** kristian__ has joined #openstack-ansible05:43
*** kristian__ has quit IRC05:47
*** thorst has joined #openstack-ansible05:57
*** thorst has quit IRC06:03
*** dxiri has joined #openstack-ansible06:05
*** cshen_ has joined #openstack-ansible06:05
*** yifei has quit IRC06:09
*** yifei has joined #openstack-ansible06:09
*** dxiri has quit IRC06:09
*** Oku_OS-away is now known as Oku_OS06:10
*** dxiri has joined #openstack-ansible06:33
*** esberglu has joined #openstack-ansible06:37
*** dxiri has quit IRC06:38
*** esberglu has quit IRC06:38
*** esberglu has joined #openstack-ansible06:38
*** esberglu has quit IRC06:38
*** chyka has quit IRC06:44
*** pcaruana has joined #openstack-ansible06:52
*** kristian__ has joined #openstack-ansible06:53
*** cshen_ has quit IRC06:55
*** electrofelix has joined #openstack-ansible06:57
*** armaan has joined #openstack-ansible06:57
*** coolkil has joined #openstack-ansible07:02
*** armaan_ has joined #openstack-ansible07:06
*** armaan has quit IRC07:06
*** mbuil has joined #openstack-ansible07:09
*** armaan_ has quit IRC07:11
*** armaan has joined #openstack-ansible07:11
*** armaan_ has joined #openstack-ansible07:14
*** armaan has quit IRC07:15
*** dxiri has joined #openstack-ansible07:17
*** gouthamr has quit IRC07:22
*** dxiri has quit IRC07:22
*** armaan_ has quit IRC07:27
*** armaan has joined #openstack-ansible07:27
*** jvidal has joined #openstack-ansible07:27
*** charcol has quit IRC07:30
*** sufyan68 has joined #openstack-ansible07:31
*** andreas_s has joined #openstack-ansible07:37
andreas_scoolkil, around? I'm one of the colleagues of markus_z who is working on openstack ansible on s390x07:38
*** shardy has joined #openstack-ansible07:52
*** kristian__ has quit IRC07:54
*** kristian__ has joined #openstack-ansible07:55
*** thorst has joined #openstack-ansible07:59
*** tobberyd_ has joined #openstack-ansible07:59
coolkiley andreas yea im around08:01
*** tobberydberg has quit IRC08:03
*** thorst has quit IRC08:03
*** askb has quit IRC08:04
*** dxiri has joined #openstack-ansible08:06
*** markvoelker has quit IRC08:08
openstackgerritMarkos Chandras (hwoarang) proposed openstack/openstack-ansible-os_swift master: Add support for the openSUSE Leap distributions  https://review.openstack.org/48325308:10
*** dxiri has quit IRC08:10
hwoaranggood morning08:14
*** Lirt has joined #openstack-ansible08:15
hwoaranganyone to give me  +2  for https://review.openstack.org/#/c/482529/ so get neutron in? it blocks some other roles :) TIA08:15
hwoarangs/so/to08:15
LirtHello OSA, I have one question about external_lb_vip_address and about external LB configuration. Is there somebody who has know-how in this topic?08:17
*** jbadiapa_ is now known as jbadiapa08:18
*** cpuga has quit IRC08:18
*** armaan_ has joined #openstack-ansible08:23
*** armaan has quit IRC08:26
*** cshen__ has joined #openstack-ansible08:27
*** cshen__ has quit IRC08:31
*** tobberyd_ has quit IRC08:38
*** tobberydberg has joined #openstack-ansible08:38
coolkilcan anybody tel me why the console definitions are needed acros all containers? i think it is only needed on actual compute nodes.08:44
coolkilall nova containers that is btw08:47
*** dxiri has joined #openstack-ansible08:48
andymccrcoolkil: you mean in the conf files?08:52
coolkilyes08:52
andymccrcoolkil: hmm you're probably right it doesnt seem like the api/metadata etc should need that conf, so i guess its just an oversight that didnt cause any issues so nobody bothered to fix :)08:53
*** dxiri has quit IRC08:53
coolkilil take it out when adding the serial console08:54
andymccrcoolkil: sounds good08:54
*** cshen__ has joined #openstack-ansible09:01
*** cshen__ has quit IRC09:03
*** kristia__ has joined #openstack-ansible09:18
*** admin0 has joined #openstack-ansible09:20
admin0morning all09:21
*** kristian__ has quit IRC09:21
*** winggundamth has joined #openstack-ansible09:22
*** lostRhino has joined #openstack-ansible09:25
*** maybebuggy has quit IRC09:27
*** firebat has quit IRC09:29
*** lostRhino has left #openstack-ansible09:29
*** maybebuggy has joined #openstack-ansible09:30
*** kysse has quit IRC09:33
openstackgerritMerged openstack/openstack-ansible-os_neutron master: Add support for the openSUSE Leap distributions  https://review.openstack.org/48252909:33
openstackgerritgit-harry proposed openstack/openstack-ansible-ops master: Ensure PIP requirements are always met  https://review.openstack.org/48328109:35
openstackgerritgit-harry proposed openstack/openstack-ansible-ops master: Ensure mysql-python dependency met  https://review.openstack.org/48328209:35
eoseqhi09:55
eoseqdo you know how to debug jinja2 template?09:56
openstackgerritgit-harry proposed openstack/openstack-ansible-ops master: Ensure mysql-python dependency met  https://review.openstack.org/48328209:56
eoseqI hit that bug: https://bugs.launchpad.net/openstack-ansible/+bug/169113009:56
openstackLaunchpad bug 1691130 in openstack-ansible "fails at repo_build : Build package requirements file" [Undecided,Incomplete]09:56
*** thorst has joined #openstack-ansible10:00
odyssey4meeoseq I'll comment in the bug10:01
eoseqodyssey4me: ok, thanks10:01
kristia__Hi, odyssey4me. Lxc containers are not getting assigned ip addresses "aio1_utility_container-f8c09a57             RUNNING 1         onboot, openstack -    -". What shall I do?10:02
kristia__running lxc-ls --line10:03
odyssey4mekristia__ sorry, but I can't help with networking10:04
*** thorst has quit IRC10:04
kristia__does someone here know lxc networking? and help me debug this issue?10:05
*** ivveh has joined #openstack-ansible10:05
*** charcol has joined #openstack-ansible10:07
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible master: Remove run-playbooks  https://review.openstack.org/48225310:07
*** vnogin has joined #openstack-ansible10:07
*** markvoelker has joined #openstack-ansible10:09
*** toddnni has quit IRC10:11
openstackgerritMerged openstack/openstack-ansible-ops master: Ensure PIP requirements are always met  https://review.openstack.org/48328110:13
openstackgerritMerged openstack/openstack-ansible-ops master: Ensure mysql-python dependency met  https://review.openstack.org/48328210:13
kristia__odyssey4me: when I console into the utility container I get asked for user and pass, is that normal? because last time I didnt get asked10:14
odyssey4mekristia__ how did you console to it?10:14
kristia__lxc-console -n aio1_utility_container-f8c09a5710:15
kristia__lxc-attach works10:15
*** esberglu has joined #openstack-ansible10:16
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible-ops master: Change mirror used to fetch venvs by default  https://review.openstack.org/48329010:16
*** esberglu has quit IRC10:16
*** cshen_ has joined #openstack-ansible10:19
odyssey4mekristia__ yep, lxc-attach is the correct way10:20
kristia__need the networking10:21
odyssey4melxc-console will bring up the console, as the name suggests10:21
kristia__should I remove all lxc containers, purge all lxc packages, delete lxcbr and run bootstrap scripts?10:21
odyssey4meI don't know anything about your env, and I'm tied up with other work. If that makes you happy, do it.10:22
odyssey4meYour test env should ideally be something you can delete and rebuild, so set yourself up with that.10:22
odyssey4mepurging packages and conf files is very, very messy.10:23
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible-ops master: Change mirror used to fetch venvs by default  https://review.openstack.org/48329010:24
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible master: Remove run-playbooks  https://review.openstack.org/48225310:26
kristia__yeah I know10:30
openstackgerritMerged openstack/openstack-ansible-ops master: Change mirror used to fetch venvs by default  https://review.openstack.org/48329010:31
*** dxiri has joined #openstack-ansible10:33
*** udesale has quit IRC10:36
*** dxiri has quit IRC10:38
*** markvoelker has quit IRC10:43
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone master: Ensure that keystone restarts after db sync  https://review.openstack.org/48303610:46
DimGRkristia__  lxcbr0 down ; lxcbr0 up10:46
*** acormier has joined #openstack-ansible10:53
*** acormier has quit IRC10:55
*** acormier has joined #openstack-ansible10:55
LirtHello OSA, I have one question about external_lb_vip_address and about general external LB configuration. Is there somebody who has know-how in this topic?10:57
maybebuggyHi all, not sure if somebody is able to help here, but I'm trying to do a test openstack-ansible deployment on an OpenStack (Kilo). I've built 3 controllers, 1 deploy host and 3 computes (using terraform) and created three separate tenant networks (in the hosting openstack, which uses gre as overlay network). Now I have the issue, that OpenStack by default filters outgoing packets from an unknown mac... So the containers built by10:59
maybebuggyOSA cannot reach other containers. Is anyone using OSA on OpenStack with tenant networks?10:59
*** jamesdenton has joined #openstack-ansible10:59
*** thorst has joined #openstack-ansible11:01
*** cmart has quit IRC11:02
odyssey4meLirt best to just ask, and if someone can answer then they will11:02
odyssey4memaybebuggy kilo is long EOL and doesn't just deploy due to various changes in Ubuntu Trusty since it went EOL11:03
maybebuggyodyssey4me: sorry, missunderstanding. the hosting openstack is kilo :) - the thing osa tries to deploy is ocata, but i'm not yet passt the setup-infrastructure playbook11:05
*** thorst has quit IRC11:05
maybebuggyup to now, the containers are created, but it fails during the galera install because the galera container is unable to reach the repo container11:05
*** charcol has quit IRC11:05
odyssey4memaybebuggy yeah, and this is inside an openstack environment?11:06
maybebuggythe control machine is an instance inside that openstack kilo. yes.11:06
odyssey4meit's very likely that your host environment has spoofing protection which will prevent network comms by anything other than the host MAC address, so to make that work you will have to ensure that the bridges are tunneled11:06
odyssey4meyou'll have to do a fairly complicated set of veth pairs plugged into a vxlan/gre mesh11:07
maybebuggyodyssey4me: yes, it's the spoofing protection ;) thats how far i got. I had hoped somebody has an idea how to easily disable that spoofing protection on kilo11:07
Lirt@maybebuggy You can try to disable port protection to be sure this is an issue, right?11:08
maybebuggyLirt: i'm not sure how to disable port protection, if thats easily doable i would highly appreciate that11:08
Lirtneutron port-update --no-security-groups <ID_PORT> and neutron port-update --port-security-enabled=False <ID_PORT>11:09
odyssey4memaybebuggy you really shouldn't disable it because it will allow all sorts of scary things to be done in your hosting cloud11:09
odyssey4mebut yeah, what Lirt said may work11:09
*** winggundamth has quit IRC11:09
LirtIf he will stay unconnected to other parts of the network and keep it only for test, it may be ok.11:09
odyssey4meI put up https://gist.github.com/odyssey4me/863e84a0f6271712c6d48980cffb958d some time ago which was using the bootstrap-host thing for testing inside an openstack cloud, that might still work.11:09
maybebuggyodyssey4me: i'm the only one on that tenant and it's a tenant only network11:09
odyssey4meYou might want to try standing one up, then examine how it's all setup and works and apply it to your test env.11:10
*** esberglu has joined #openstack-ansible11:10
LirtOk I have one question, afaik the external load balancer should only forward traffic to internal_lb_vip_address with no port forwarding changes. Therefore I can just install VM with haproxy and setup transparent forwarding(keeping dst ports) to internal_lb_vip_address?11:11
*** toddnni has joined #openstack-ansible11:11
odyssey4methat won't work exactly as-is due to some ansible changes in 2.2 (which we use for ocata), but that's easily solvable by changing ansible_ssh_host to ansible_host11:11
odyssey4meLirt the way that we (Rackspace) deploy is without haproxy using an external LB.11:11
Lirt<odyssey4me> you mean hardware LB11:12
*** jamesdenton has quit IRC11:12
odyssey4meThe external LB needs to be pre-prepared with the IP/port mappings to the containers. Bot the external and internal LB address are on the external LB.11:12
odyssey4meBut that will require you to be able ot reverse engineer the mappings from the inventory before you deploy. We use a script for that which builds an f5 config.11:13
*** jamesdenton has joined #openstack-ansible11:13
*** cshen_ has quit IRC11:13
odyssey4mesee the discussion here http://eavesdrop.openstack.org/irclogs/%23openstack-ansible/%23openstack-ansible.2017-07-11.log.html#t2017-07-11T14:49:1711:14
odyssey4mejamesdenton gave the command a little further down11:14
*** esberglu has quit IRC11:14
odyssey4meof course you *cloud* use the hardware LB to be in front of haproxy, that might be simpler if you're OK with the extra layer11:15
*** thorst has joined #openstack-ansible11:17
odyssey4meandymccr it would appear that the ceph gate is not as reliable as I thought and it's causing a bit of blockage for master/ocata11:17
odyssey4meI know that logan- is working on a fix, but perhaps we should move it back to non-voting while we do that?11:17
Lirt<odyssey4me> Maybe I quite don't understand that. Internal LB is configured well with haproxy playbook with all backends. Then external LB also needs to have backend configuration to all containers? Will this not work if this external lb will only proxy traffic to internal lb? I find this part of installation not very well documented.11:19
jamesdentonboth internal and external lb can be handled by haproxy. it's not really setup to split internal and external between two different load balancers. You'll want different IPs for each, but they can be in the same subnet, or not11:20
odyssey4meLirt no, let me try to be more clear - *we* use a hardware LB *without* haproxy and therefore we need to configure our hardware LB to know about all the containers.11:20
odyssey4meso if you want to use haproxy, then what jamesdenton said applies11:20
odyssey4meif you want to use the hardware LB for the external facing address, I guess that could be done - off the top of my head I can't think exactly how you'd do it - my head is trying to solve other problems right now11:21
*** dxiri has joined #openstack-ansible11:22
LirtY ofc I want to internal lb to be in private network and external to be as anycast public IP with software LB. I just don't want to do the configuration of external LB (which I want to be haproxy) by myself, when OSA already can generate it. So I was thinking about just reproxying it to internal LB. Maybe that is not the best idea from infrastructure and HA point of view.11:23
*** smatzek has joined #openstack-ansible11:24
*** dxiri has quit IRC11:26
jamesdentonthat's beyond the scope of the current playbook, but you can probably make it go with some work on your end11:26
*** vnogin has quit IRC11:27
LirtOK, thank you for help :-)11:27
ivvehi encountered issues with consoles when setting it up like that (private network where internal LB was isolated from external network where external LB was put). not sure if that is intended11:28
*** toddnni has quit IRC11:29
jamesdentonNova can be configured to use a different proxy address - in that case you'd want to specify the external VIP or FQDN11:29
jamesdentonit may use internal by default11:30
jamesdentonthere should be an override11:30
ivvehah11:30
ivvehdo you by change know the config parameter?11:30
jamesdentonnot offhand but i can find it11:31
ivvehill try by myself first then11:31
ivveh:)11:31
ivvehim guessting its the nova-consoleauth11:31
LirtAnd one small question, will be scaling supported in Pike release as is written in this maintenance guide?    https://docs.openstack.org/openstack-ansible/latest/admin/maintenance-tasks/scale-environment.html#add-a-new-infrastructure-host11:32
*** lostRhino has joined #openstack-ansible11:32
lostRhinogood morning -11:32
lostRhinoare all containers supposed to be sending logs to the loghost?  Or is it just specific containers and hosts?  If so can what machines send logs to the loghost11:33
*** jamesden_ has joined #openstack-ansible11:34
*** toddnni has joined #openstack-ansible11:35
lostRhinothe rsyslog_all group - states children": [11:36
lostRhino            "rsyslog"11:36
lostRhino        ],11:36
lostRhino        "hosts": []11:36
*** jamesdenton has quit IRC11:37
ivvehjamesden_: could it be mksproxy_base_url & html5_proxy_base_url?11:37
jamesden_i'm using nova_spice_html5proxy_base_url11:38
jamesden_with 'https://domain.com:6082/spice_auto.html' as the value11:38
*** vnogin has joined #openstack-ansible11:39
ivvehis there any difference with the internal and external anyways? except for the api's?11:39
ivvehsecurity wise11:40
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone master: Ensure that keystone restarts after db sync  https://review.openstack.org/48330911:40
lostRhinoI ask because the utility container (currently) is not sending logs but the repo container is - unsure why one would get set to send logs and the other would not11:40
jamesden_external is configured for https, while internal is configured for http by default, IIRC11:40
*** markvoelker has joined #openstack-ansible11:41
ivvehah thats a big difference :)11:42
odyssey4meivveh yeah, by default with haproxy we set external as https and internal as http11:42
odyssey4methe reason for external vs internal is actually more to do with openstack's service catalog which has external and internal endpoints11:43
ivvehhmm just tested on my testrig, it doesn't allow http on internal tho11:43
odyssey4mewe have set it out expecting that the infra itself will use the internal endpoints and the clients using openstack will use the external endpoints11:43
jamesden_ideally, internal would be used by the services themselves, and external would be used by clients.11:43
jamesden_what odyssey4me said11:44
odyssey4meI expect that you may have set them both to be the same ip then?11:44
ivvehno different subnets even11:44
odyssey4meeither that or you're testing using an openstack client and have not told it to use the internal endpoint11:44
ivveh(and vlan)11:44
odyssey4methe default behaviour for the clients is to use the external endpoint11:44
ivvehah11:46
*** acormier has quit IRC11:46
*** toddnni has quit IRC11:46
jamesden_and even that breaks from time to time11:46
*** acormier has joined #openstack-ansible11:47
ivvehbut i would want consoles to be reachable both from external and internal, isn't that intended?11:47
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone master: Ensure that keystone restarts after db sync  https://review.openstack.org/48330911:47
jamesden_your consoles only need to be reached from 'public' facing clients, usually ones coming in thru horizon11:48
jamesden_And that horizon URL would probably be an externally-routed IP (doesn't have to be public, just something within your org, and the proxy url should match11:49
jamesden_both services are load balanced and have the same listener address, but different ports (443 vs 6082, but same VIP)11:49
ivvehokay11:49
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone stable/ocata: Replace db sync check with alternative process  https://review.openstack.org/48303311:49
ivvehwhat really the point of the internal?11:50
jamesden_The internal VIP ought to be reserved for the openstack services to communicate with one another, or for clients that might be logged into the utility container, for example. But often you'll find people install clients on their workstations and whatnot,and you'll want them using the 'public' endpoint, and thus the external VIP.11:50
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone stable/ocata: Replace db sync check with alternative process  https://review.openstack.org/48303311:50
ivvehmakes sense11:51
jamesden_ivveh Ask such questions and you'll anger the elders11:51
*** acormier has quit IRC11:51
ivveh:)11:51
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone stable/ocata: Replace db sync check with alternative process  https://review.openstack.org/48303311:51
*** armaan_ has quit IRC11:51
ivvehreason for me asking was that in the case i would want to access a console "as an admin" and if i would do it via the private network, i wouldn't be able11:51
*** armaan has joined #openstack-ansible11:52
ivvehif such a need would arise from issues or whatever11:52
jamesden_there are certain services that have a subset of commands that can only be used thru the 'admin' endpoint, which is often the same address as the internal endpoint, but doesn't have to be. An approach to security that really wasnt adopted by the majority of services, but it's a sort of legacy holdover11:52
jamesden_naw - If you have the URL and the respective token you can reach it admin or otherwise11:52
jamesden_and the console is a 'graphical' console, not a text console, so it has to be done thru a browser, not thru SSH11:53
odyssey4meivveh the 'internal' endpoint is not meant as your admin network... it's internal to the infra11:54
ivvehyeah that was what i meant11:54
ivvehthrough a browser via the internal network11:54
ivveh(maybe i was abit unclear)11:54
odyssey4mejamesden_ yeah, it's a legacy holdover - the admin and internal endpoints are no longer different in any way from a service standpoint11:54
andymccrodyssey4me: hmm i guess we could, thats pretty weird though - it was working pretty flawlessly (even better than the full build on master at least).11:54
odyssey4meandymccr from the discussion/investigation yesterday it's down to a bit of a race condition11:55
odyssey4mewe implement nova-compute, then implement the ceph client - so until ceph client is there, nova errors out because it can't connect to its storage11:55
odyssey4methat is now coming to a head due to the rolling upgrade changes implementing things in a different order than previously11:56
odyssey4mepreviously we kinda bashed it with a hammer until it worked, now that we're doing a final reload (not restart) it seems we're only sometimes doing it at just the right time for the driver11:56
ivvehjamesden_: so just to make it perfectly clear, its not possible to reach the graphical console via a browser when on the internal network if it is totally isolated from the public one :)11:57
andymccrok. well i guess there's not much we can do until thats fixed then - rolling upgrades is a real pita, cant wait to see the back of that.11:57
jamesden_ivveh I would consider the internal network internal to the cloud itself and try not to use it as a client11:57
odyssey4methe right solution is to get the ceph client there at the right time so that we don't have to restart twice (once for nova, then once for ceph client) and logan- is working that out11:57
ivvehalright, so "not intended" then11:57
jamesden_ivveh it absolutely is possible, just probably not best practice to use it as a client if you can avoid11:57
ivvehroger that!11:58
*** Oku_OS has quit IRC11:58
*** toddnni has joined #openstack-ansible11:58
odyssey4meyeah, it's really bringing up a lot of weird bugs due to the change in behaviour... it'll be worth it, but it's a pita right now11:58
odyssey4meandymccr so annoying though, see https://review.openstack.org/#/c/482090/ has great ceph times and sucky non-ceph times11:59
openstackgerritChris Beukers proposed openstack/openstack-ansible-os_nova master: [WIP] adding nova-serialconsole support  https://review.openstack.org/47984411:59
*** udesale has joined #openstack-ansible12:01
andymccryeah we are preparing for teh release time with gate uncertainty coming up ;P which is gonna be worse - im not sure how we can improve our run times significantly though12:01
*** foutatoro has joined #openstack-ansible12:06
*** thorst has quit IRC12:06
openstackgerritgit-harry proposed openstack/openstack-ansible-ops master: Improve openstack-release file discovery  https://review.openstack.org/48260812:09
*** armaan has quit IRC12:09
*** armaan_ has joined #openstack-ansible12:09
*** thorst has joined #openstack-ansible12:11
foutatorohi all, I would like to know if we can deploy hypervisors VMware vSphere and Hyper-V   on compute nodes with openstack-ansible ?12:12
ivvehblasphemy12:12
*** markvoelker has quit IRC12:13
foutatoroivveh: for specific use cases12:16
odyssey4mefoutatoro nope, no-one's ever put in the work to do that12:20
odyssey4mepersonally, I'd love to see hyper-v support as I think it's well suited to how nova works12:21
odyssey4mevsphere's nova implementation is quite weird and I'm not a fan12:21
*** schwicht has joined #openstack-ansible12:21
odyssey4meandymccr Well, I hate to do it, but perhaps with the demise of OSIC we should increase the timeout for the integrated build to 2 hrs?12:22
andymccrodyssey4me: im tempted12:22
andymccrodyssey4me: we are just over 90mins, it starts a slippery slope, but id rather we are able to merge working code than not.12:22
odyssey4meyep12:22
odyssey4meok, lemme push up a patch for that12:23
andymccrand spending a lot of time trying to optimize tiny things for minimal gains isnt that fun :P12:23
odyssey4meand to make ceph non-voting again until we work out the issue there12:23
andymccryeah12:23
andymccrdamn thats annoying - but in logan- we trust :P12:23
odyssey4meI think perhaps a ceph scenario in the nova role would be a good idea12:23
andymccrtrue12:23
*** toddnni has quit IRC12:30
*** schwicht has quit IRC12:30
*** markvoelker has joined #openstack-ansible12:32
TahvokNot sure what's going on..12:36
lostRhinocan anyone help me with my rsyslog question, please?12:36
TahvokThe provision at some point is stopping apache2 at the keystone container, and then failing, cuz keystone is not available12:37
jamesden_Tahvok that is a known issue at the moment, and a patch is being worked on12:37
*** schwicht has joined #openstack-ansible12:37
Tahvokjamesden_: any workarounds?12:37
*** woodard has quit IRC12:38
*** woodard has joined #openstack-ansible12:39
*** deep-book-gk_ has joined #openstack-ansible12:39
jamesden_Tahvok You can try making a backup of /etc/ansible/os_keystone/tasks/keystone_db_setup.yml and implement the one here: https://review.openstack.org/483033, then rerun the playbook12:40
*** deep-book-gk_ has left #openstack-ansible12:40
jamesden_i'msorry, that's /etc/ansible/roles/os_keystone...12:41
logan-o/12:42
*** yifei has quit IRC12:42
logan-it looks like the include_role for ceph_client is working but i keep hitting timeout roulette so it is hard to verify anything12:42
logan-i guess i'll push glance/cinder versions and get things finalized based on whats there if nobody raises and big concerns12:43
logan-re: https://review.openstack.org/#/c/483061/ and https://review.openstack.org/#/c/483062/12:43
errrhello, where would I add ansible_ssh_common_args: '-o StrictHostKeyChecking=no' something like this normally goes in the host section of my ansible.cfg but since OSA uses the inventoy.json file would I need to add it in there somewhere?12:44
*** gillesMo has joined #openstack-ansible12:45
strigaziodyssey4me hello, I'm Spyros from the magnum team12:45
odyssey4meerrr I think we have that on by default12:46
odyssey4meerrr https://github.com/openstack/openstack-ansible/blob/master/scripts/openstack-ansible.rc#L4612:46
errrodyssey4me: wow, a greo shows you are right12:46
errrgrep*12:46
errrthanks12:47
odyssey4meandymccr logan- well, this may help: https://review.openstack.org/48333812:47
strigaziodyssey4me in magnum we use heat and to create cluser of vms. That requires the vm to signal heat. In a standard OSA the endpoint are only in the management network. Any suggestion on how to create a route between the neutron private network to the OSA management network?12:47
errrodyssey4me: for some reason the git module ignores that12:48
errrodyssey4me: or so my co-worker claims anyway.. I havent tried to verify that yet myself12:49
odyssey4meerrr that setting is for ansible's host connection, I don't think it applies to modules connecting to targets12:49
errrodyssey4me: see: https://docs.ansible.com/ansible/git_module.html12:50
Tahvokjamesden_: still failing at the same step12:50
Tahvokapache2 is stopped12:50
odyssey4meerrr yeah, so the code path for that is likely different12:50
*** sxc731 has joined #openstack-ansible12:51
odyssey4meTahvok I have a patch for that in review: https://review.openstack.org/#/q/Ide64927e43e7684f03be7a73b893283c80e89afc,n,z12:51
openstackgerritLogan V proposed openstack/openstack-ansible-os_glance master: Include ceph_client role if needed  https://review.openstack.org/48334212:51
jamesden_Tahvok, you'll need to start apache manually inside the keystone container after that first failure, since it did not get restarted, then run again.12:51
jamesden_Sorry about that12:51
TahvokOh, ok12:52
odyssey4meerrr we also set it here: https://github.com/openstack/openstack-ansible/blob/master/group_vars/all/all.yml#L10512:52
TahvokTrying now12:52
errrodyssey4me: yeah thats what I found via grep12:52
odyssey4meI would guess, though, that the best would be to make use of the git module's args instead?12:52
Tahvokodyssey4me: it's the same patch that jamesden_ provided?12:52
odyssey4meit's more explicit12:52
errrodyssey4me: how do I add the git module args correctly with out editing the playbook?12:53
*** kristia__ has quit IRC12:55
*** kristian__ has joined #openstack-ansible12:56
*** kristian__ has quit IRC12:56
*** kristian__ has joined #openstack-ansible12:56
Tahvokjamesden_: btw, I had a question about the f5 scripts you showed me yesterday12:58
*** schwicht has quit IRC12:58
TahvokIn the script, I can provide an ssl domain address, and it goes as 'destination' of ssl virtual servers12:59
TahvokHowever, I get an error that no such virtual address is available. And that is correct. However, I cannot find a way to add fqdn as a virtual address in the f512:59
TahvokHow did you do it then?13:00
jamesden_hmm13:01
jamesden_The f5 gave you the error? Or did it occur on scriptgeneration13:01
TahvokThe f5 gave the error13:02
*** winggundamth has joined #openstack-ansible13:02
Tahvokjamesden_: a row example it gave me to run: https://gist.github.com/Tahvok/3a9c0a054ab30591ffd537a27d0e9f1513:03
jamesden_The --ssl-public-ip switch is where you specify the address you want to use as the external VIP address, and --ssl-domain-name is what will be the corresponding FQDN. I believe its used in the self-signed SSL cert generation13:03
jamesden_the script is dumb in that it doesnt do any validation13:04
TahvokThis is how I've generated the configs: python f5-config.py --ssl-domain-name kloud-play.kenshoo.com --print13:05
TahvokEverything else is provided in the inventory13:05
odyssey4meevrardjp answered your question in https://review.openstack.org/#/c/483309/2/tasks/keystone_db_setup.yml13:05
evrardjpthanks13:05
jamesden_Tahvok try adding --ssl-public-ip with the IP for giggles and see if the output changes13:06
evrardjpodyssey4me: funny, without ready the code I'd have said the other way :p13:06
Tahvokjamesden_: and indeed it does13:06
odyssey4meevrardjp what do you mean?13:06
jamesden_try to apply the new config13:06
*** kylek3h has joined #openstack-ansible13:07
coolkilodyssey4me: (or anyone else) what is the groupname for nova compute?13:07
odyssey4mecoolkil group name for which purpose? to add to openstack_user_config/conf.d or to refer to in playbooks/roles?13:07
Tahvokjamesden_: I did this already, I've the second vip address as I wanted to continue with ansible13:08
evrardjpodyssey4me: nothing important.13:08
TahvokBut at least you explained me what was wrong yesterday :)13:08
evrardjpvoted13:08
*** gkadam has quit IRC13:08
TahvokThanks a lot!13:08
jamesden_sure thing13:08
coolkilwell in nova.conf i got an entry like so {% if 'nova_console' in group_names %} that is nova console how to set nova compute?13:09
odyssey4mecoolkil ok, let me show you where to find them :)13:10
odyssey4mecoolkil this dict: https://github.com/openstack/openstack-ansible-os_nova/blob/master/defaults/main.yml#L43013:10
odyssey4mefor example, nova compute is here: https://github.com/openstack/openstack-ansible-os_nova/blob/master/defaults/main.yml#L44213:10
odyssey4methe value of 'group' is the name for the nova-compute group13:11
odyssey4meie nova_compute13:11
*** lenserpgo has quit IRC13:11
coolkilthnx! exactly what i needed to know13:11
*** hw_wutianwei has quit IRC13:13
*** armaan_ has quit IRC13:16
*** schwicht has joined #openstack-ansible13:17
odyssey4meandymccr evrardjp logan- so, related to https://review.openstack.org/483309 but also catching another issue is https://review.openstack.org/48303313:17
odyssey4meright now if you run the keystone playbook more than once, keystone will be broken - that solves it13:18
odyssey4meand personally tested by jamesden_ himself :)13:18
evrardjppersonally tested working? or personally tested that without it, it breaks?13:19
odyssey4meevrardjp both13:20
jamesden_i haven't tested the latest patch, but patchset 1 worked13:20
andymccrthis stuff is seriously snowballing isnt it :P13:20
odyssey4meI personally confirmed that it's broken yesterday, and made the patch to fix it.13:20
odyssey4methe iteration from patch set 1 was to cover the many, many different ways we configure keystone for newton/ocata.13:20
odyssey4meandymccr yeah, the unfortunate pain of porting so much work back is that it destabilises a stable branch13:21
odyssey4meI hope that we never have to do that level of backporting ever again.13:22
evrardjpI'll review asap13:22
andymccrlikewise13:23
*** armaan has joined #openstack-ansible13:24
*** cathrichardson has joined #openstack-ansible13:24
*** hw_wutianwei has joined #openstack-ansible13:24
*** cathrich_ has quit IRC13:25
*** acormier has joined #openstack-ansible13:25
*** acormier has quit IRC13:26
*** acormier has joined #openstack-ansible13:27
*** esberglu has joined #openstack-ansible13:28
Tahvokjamesden_: can I mark the patchset as working in gerrit (never used gerrit before)?13:28
TahvokIt completed fine for me13:29
mbuilandymccr: do you have any news regarding the tacker role? did somebody from Openstack replied?13:29
andymccrmbuil: so the patches are up - its going to be a waiting game https://review.openstack.org/#/c/482873/ take a look and make sure i havnt typo'd anything :)13:30
jamesden_Tahvok I suppose you can +1 it once you create an account, sure13:30
andymccrand there is a governance patch up too - https://review.openstack.org/#/c/482872/ but thats more of a waiting game and isnt needed for the initial sync so would worry less about that13:30
jamesden_I'm sure odyssey4me would appreciate the feedback :)13:31
Tahvokjamesden_: I'm signed in.. Not sure where the +1 button is though13:31
jamesden_Tahvok Once you click the Reply button it should appear13:31
TahvokGot it13:31
mbuilandymccr: ok! thanks13:32
mhaydenbuenos dias13:32
TahvokThanks a lot guys! Ansible finished successfully for the first time. Not dashboard though, gonna investigate it now13:32
openstackgerritLogan V proposed openstack/openstack-ansible-os_nova master: Include ceph_client role if needed  https://review.openstack.org/48306113:33
jamesden_Tahvok happy to help.13:33
*** thorst has quit IRC13:33
*** Oku_OS-away has joined #openstack-ansible13:34
*** Oku_OS-away is now known as Oku_OS13:34
openstackgerritLogan V proposed openstack/openstack-ansible-os_cinder master: Include ceph_client role if needed  https://review.openstack.org/48339413:34
kristian__andymccr: have you done lxc networking? My containers get ip addresses np, but dns is not working. I have attached and pointed one resolv.conf to google dns and then it worked. Do you know how to do it, that it will apply to all issues?13:34
kristian__s/issues/containers/g13:34
*** coolkil has quit IRC13:35
openstackgerritLogan V proposed openstack/openstack-ansible master: Remove ceph_client role execution from playbooks  https://review.openstack.org/48306213:35
andymccrkristian__: so before that you couldnt resolve anything?13:37
kristian__before changing the resolv.conf in the container, nope, ansible script faild at downloading packages13:37
evrardjpodyssey4me: commented on 48303313:38
evrardjpdetail but useful for readability/ara13:38
openstackgerritLogan V proposed openstack/openstack-ansible-os_nova master: Include ceph_client role if needed  https://review.openstack.org/48306113:40
*** weezS has joined #openstack-ansible13:41
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone stable/ocata: Replace db sync check with alternative process  https://review.openstack.org/48303313:41
kristian__andymccr: does there need to be something setup in lxc configs or put dns in /etc/network/interfaces?13:41
sufyan68Anyone knows how to add a certificate to horizon? because public apis does not work13:41
openstackgerritgit-harry proposed openstack/openstack-ansible-ops master: Improve openstack-release file discovery  https://review.openstack.org/48260813:41
andymccrTahvok: thanks for testing that patch btw13:41
odyssey4meevrardjp good catch for https://review.openstack.org/483033 - fixed13:42
*** klamath has joined #openstack-ansible13:42
*** klamath has quit IRC13:42
*** klamath has joined #openstack-ansible13:43
odyssey4mekristian__ the containers will use the host via nat as a resolver, so if that's the issue it would seem that dnsmasq wasn't running right for the lxc bridge13:43
odyssey4meor that the lxc bridge wasn't up13:44
*** smatzek has quit IRC13:44
kristian__should I restart lxcbr0? odyssey4me13:44
odyssey4methat also happens to be how they receive their first IP13:44
odyssey4mekristian__ yes, I think someone suggested that earlier13:44
andymccrkristian__: check lxbr0 also check you can resolve things from the host itself too.13:45
jamesden_sufyan68 There are some overrides, namely haproxy_user_ssl_cert, haproxy_user_ssl_key, haproxy_user_ssl_ca_cert, and possibly horizon_server_name13:45
kristian__yeah, I stopped the bridge and let the scripts to put it back up13:45
jamesden_otherwise i'm pretty sure the haproxy playbook will just roll with a self-signed cert13:45
*** lostRhino has left #openstack-ansible13:47
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible master: Remove run-playbooks  https://review.openstack.org/48225313:49
*** yifei has joined #openstack-ansible13:50
*** acormier has quit IRC13:52
*** acormier has joined #openstack-ansible13:53
*** acormier has quit IRC13:54
Tahvokandymccr: np, hopefully I'll get more involved with the code, as we are moving to using ansible as our main provision tool for openstack13:54
*** acormier has joined #openstack-ansible13:54
openstackgerritgit-harry proposed openstack/openstack-ansible-ops master: Improve openstack-release file discovery  https://review.openstack.org/48260813:58
odyssey4memhayden wanna up your vote now that the tests have passed? https://review.openstack.org/48307013:58
odyssey4meandymccr I think we can likely save quite a bit of gate time by giving the galera and rabbitmq roles an overhaul14:00
odyssey4mewe're doing a lot of fact setting where we could use a dynamic local fact script instead14:01
andymccrodyssey4me: yeah maybe, im wondering if we shouldn't have sets of playbooks for install vs upgrade - that way we can just blast all on install, and upgrade we are a bit more serialized about it.14:01
andymccrptg topics for sure14:02
odyssey4mealso, I'm kinda thinking that perhaps across the board we should adopt the strategy of packages being installed by roles with whatever repo config is already on the host - we should extract the repo config out into its own role so it's done once, in one place14:02
odyssey4methat will cut a huge ream of tasks and also cut out the constant apt refreshes all over the place14:02
odyssey4meandymccr I'm not sure how much time that would really save us, and having to try and cater for both execution strategies would probably be more difficult than helpful.14:04
andymccrthe thing is if you have a large deployment, running in serial seems massively massively inefficient14:04
odyssey4meThat said, I did do https://review.openstack.org/#/c/469605/1/playbooks/common-tasks/determine-execution-strategy.yml in an early patch set in order to be able to do exactly that. we could perhaps re-explore it at some point.14:04
odyssey4methe serial is only for the control plane14:04
odyssey4methe compute execution, for example, is set to 20%14:05
andymccrhmm yeah i guess that is true - but its stil something i shouldn;t have to care about if im doing a new install14:05
odyssey4mealso, the control plane is mostly done using 1, 100% - meaning one is done first, then everything else14:05
*** smatzek has joined #openstack-ansible14:06
odyssey4meso I think we have a decent balance right now and I don't think trying to do a dual strategy approach is worth the added complexity14:06
odyssey4meI think we should rather focus on simplifying more.14:06
*** acormier_ has joined #openstack-ansible14:07
*** acormier_ has quit IRC14:07
odyssey4meWe've had a lot of organic growth and I think it's best we regroup, step back and reconsider some of our patterns.14:07
*** acormier_ has joined #openstack-ansible14:07
odyssey4mea proper split between 'build' vs 'install' vs 'deploy' would be nice, but that will be a rather fundamental change and a *lot* of work14:08
odyssey4methat would aid my team's goals, so I'll be punting for us to get that as assigned work for queens14:09
andymccri think that probably would've been a better first step to achieving seamless upgrades too though. the problem we have is we've added in a lot of complexity so making those simplifying changes is now harder, and we cant afford to do anymore of this kind of similar back-porting.14:10
*** acormier has quit IRC14:10
odyssey4meyeah, I'm not OK with porting this volume of change back at this frequency14:11
openstackgerritLogan V proposed openstack/openstack-ansible-os_cinder master: Include ceph_client role if needed  https://review.openstack.org/48339414:12
*** cpuga has joined #openstack-ansible14:16
kristian__odyssey4me: I have restarted lxcbr0 and recreated the containers, the same problem with the dns14:16
andymccrkristian__: can you resolve things from your host?14:16
kristian__andymccr: yes I can14:17
*** firebat has joined #openstack-ansible14:17
andymccrare there any ip range overlaps for lxcbr0 ip range?14:17
*** cpuga has quit IRC14:18
*** sxc731 has quit IRC14:18
firebatCan anyone tell me where to look for how keystone adds the service accounts to itself? Only admin is being loaded into galera14:18
andymccrfirebat: the roles do that individually, so when the glance role runs (for example) it will add a glance service account14:18
*** cpuga has joined #openstack-ansible14:18
andymccrthat way you only get the service accounts that are actually going to be used by the deployed services14:18
openstackgerritMerged openstack/openstack-ansible-ops master: Improve openstack-release file discovery  https://review.openstack.org/48260814:18
andymccrkristian__: if you check resolv.conf inside a container does it point to like 10.255.255.1 for example? and if you do a netstat -plnt | grep dnsmasq on your infra host do you see it listening there?14:19
firebatandymccr: Ok cool... so the glance role is failing then when it tries to authorize14:20
firebatWhat authentication should it be using to add those users to the keystone service? It does it via the API right?14:20
andymccrfirebat: ahh ok - i think this is the same bug we're trying to get a fix in for asap (sorry about that): https://review.openstack.org/#/c/483033/14:21
firebatI think I manually patched that in for testing wonder if i lost it14:22
*** acormier has joined #openstack-ansible14:22
*** tobberyd_ has joined #openstack-ansible14:22
*** cpuga has quit IRC14:22
*** acormier has quit IRC14:23
*** acormier has joined #openstack-ansible14:23
*** yifei has quit IRC14:25
*** tobberydberg has quit IRC14:25
*** acormier_ has quit IRC14:25
firebatandymccr: Yeah looks like I picked that commit and added it into my deploy process... just to clarify the glance service user should be added via a rest call right?14:26
*** phschwartz has joined #openstack-ansible14:27
*** tobberyd_ has quit IRC14:28
odyssey4meandymccr this one will help speed things up just a little: https://review.openstack.org/48300314:28
*** thorst has joined #openstack-ansible14:29
*** cshen has quit IRC14:32
andymccrfirebat: yeah we use the keystone client to add the user in the glance role, but i think the bug we have is that keystone isnt starting properly so it wont accept the request :(14:35
*** cshen has joined #openstack-ansible14:35
*** galstrom_zzz is now known as galstrom14:37
openstackgerritMerged openstack/openstack-ansible-galera_client master: tasks: galera_client_install_zypper: Drop zypper workaround for Ansible < 2.2  https://review.openstack.org/48263914:37
*** acormier_ has joined #openstack-ansible14:37
*** gouthamr has joined #openstack-ansible14:37
*** marst has quit IRC14:37
*** acormier_ has quit IRC14:37
*** acormier_ has joined #openstack-ansible14:38
odyssey4mehwoarang I'd like to thank you for working so diligently through all the roles, picking up and fixing things in sensible ways, and most especially for helping normalise them into good patterns which we just haven't been able to keep all the roles up to as a standard.14:39
*** acormier has quit IRC14:40
DimGRodyssey4me what help OSA would need with magnum now that i have it up and running14:40
*** cpuga has joined #openstack-ansible14:41
odyssey4meDimGR something along the lines of https://docs.openstack.org/openstack-ansible/latest/contributor/core-reviewers.html#general-responsibilities :)14:42
odyssey4meessentially care about whether the magnum role is actively tested in a sensible way, that it's actively adjusted as changes happen in the upstream service (conf option changes, etc), and that it is patched to improve it to make better use of ansible features and patterns which are developing in other roles14:43
DimGRalright14:43
odyssey4methe keystone, cinder, glance, nova, neutron and swift roles are the most actively maintained as they're used most heavily14:43
hwoarangodyssey4me: no problem. It's a pleasure :)14:44
*** cpuga has quit IRC14:44
*** cpuga has joined #openstack-ansible14:44
odyssey4meDimGR as magnum relies on heat, it'd be great if you could help with the heat role too14:44
odyssey4meif each of us keep an eye on developments and actively maintain a subset of roles, it'll be easier for everyone14:45
*** sxc731 has joined #openstack-ansible14:46
*** lucasxu has joined #openstack-ansible14:46
*** marst has joined #openstack-ansible14:47
*** schwicht has quit IRC14:48
*** schwicht has joined #openstack-ansible14:50
*** tobberydberg has joined #openstack-ansible14:51
sxc731Greetings all! I was watching @andymccr's Boston pres and saw that OSA officially supports integrated Ceph deployment as of Ocata, which is just what I need ;-)14:55
*** andreas_s has quit IRC14:55
sxc731Can anyone point me to the latest docs on how to achieve this. I have found a few blogs here and there but they seem somewhat out of date...14:56
*** tobberydberg has quit IRC14:56
andymccrsxc731: hey! hope the talk was useful14:59
andymccrthe deploy guide is here: https://docs.openstack.org/project-deploy-guide/openstack-ansible/ocata/ it has a section about integrating ceph-ansible14:59
sxc731The talk was great!  ... and full of promises ;-)14:59
andymccrhttps://docs.openstack.org/project-deploy-guide/openstack-ansible/ocata/app-ceph.html14:59
andymccrits pretty straight forward, once you understand how OSA deployments are configured and work, it is just another host definition for ceph hosts and away you go!14:59
*** SerenaFeng has joined #openstack-ansible14:59
andymccrthe deployment guide should hopefully explain all that to you - and then the ceph bits are an easy addition - but if you run into issues let us know how we can improve the docs15:00
sxc731Yeah, I saw that....  So the blogs I've seen suggest some adjustments are necessary in user_variables.yml15:00
admin0andymccr, is it possible to give basic examples there . assuming there are 3 servers for ceph that will act as mon and osd15:00
openstackgerritMajor Hayden proposed openstack/ansible-hardening master: Fix auditd remote conf check  https://review.openstack.org/48343615:01
sxc731Hi @admin0, I think it was your FAQ entry I was reading here: https://www.openstackfaq.com/openstack-ansible-managed-ceph/15:01
odyssey4meyeah, some user_variables entries will be needed15:02
odyssey4mewe'd like to try and automate that away, but I don't think anyone's had the time to get it done15:02
andymccradmin0: yeah we should probably expand that15:02
admin0sxc731, that was a jerry rigged setup :)  .. i am trying to get more info no a more acceptable setup15:02
sxc731TBH, this looked quite a bit more noob-friendly than the official docs (and I understand everyone is busy!)15:02
admin0sxc731, what i did was took osa and rackspace's own playbook and kind of made it work15:03
admin0i am here to test and document :)15:03
sxc731Wow that's quite a tall - but obviously most welcome - order!15:03
*** armaan has quit IRC15:04
openstackgerritMerged openstack/openstack-ansible-os_gnocchi master: templates: gnocchi-httpd: Ensure proper user control in gnocchi root  https://review.openstack.org/48263215:06
openstackgerritMerged openstack/openstack-ansible-os_gnocchi master: Add support for the openSUSE Leap distributions  https://review.openstack.org/48263315:06
sxc731So I presume @admin0's FAQ is still the best place to look? (despite the "not officially supported" introductory comment)?15:06
admin0i was planning to test that for ocata again :)15:07
odyssey4meadmin0 it'd be super-nice to have a patch pushed up to add an example config for a ceph environment15:07
openstackgerritMerged openstack/openstack-ansible-os_heat master: Add support for the openSUSE Leap distributions  https://review.openstack.org/48255115:07
odyssey4mesomething like the 'prod' environment - but using ceph instead of nfs15:07
spotzandymccr: don't forget agenda. Meeting ping shortly apparently I can't find my notes:(15:08
andymccrspotz: haha thanks - yeah lemme quickly do that!15:08
admin0i have  a working ceph where ceph is deployed seperately, and i am also testing to use ceph but managed by proxmox :)  .. so proxmox manages and gives ceph to OSA15:09
sxc731admin0, odyssey4me: couldn't agree more; perhaps we can work on this together as I certainly have a use-case (trying to replace an old Fuel-deployed cloud; and Fuel certainly made that easy... if impossible to upgrade later...)15:09
openstackgerritMerged openstack/openstack-ansible-galera_server master: tasks: galera_install_zypper: Drop zypper workaround for Ansible < 2.2  https://review.openstack.org/48263815:09
spotzGreetings my fellow OSAers! cloudnull, DimGR, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, odyssey4me, serverascode, rromans, erikmwilson, mancdaz, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung, prometheanfire, evrardjp, arbrandes, mhayden, scarlisle, luckyinva, ntt, javeriak, spotz, vdo, jmccrory, alextricity25, jasondotstar, admin0, michaelgugino, ametts, v1k0d3n, severion, bgmccollum, d15:09
spotzarrenc, JRobinson__, asettle, colinmcnamara, thorst, adreznec, eil397, qwang,nishpatwa_, cathrichardson, drifterza, sc68cal15:09
spotz Friendly reminder we will be meeting in 1 hour in #openstack-meeting-4 Agenda is available at https://wiki.openstack.org/wiki/Meetings/openstack-ansible#Agenda_for_next_meeting15:09
*** lucasxu has quit IRC15:09
admin0sxc731, i merged osa and rackspace in that method .. so if some of the cores or the actual people from rackspace who use that can confirm  that is a good way, we can start on it15:10
admin0but there is also decapod these days that manages ceph15:10
admin0ceph install, decapod, proxmox  -- there are many ways to get ceph up15:11
odyssey4meadmin0 that must be pre-ocata work, because in ocata we have the ability to deploy the ceph cluster too15:11
odyssey4meno need to mash it up15:11
admin0odyssey4me, it was pre ocata :)15:11
odyssey4meadmin0 if you push up the patch, then we can discuss whether it's right in review15:12
odyssey4meit's easier to discuss in review15:12
admin0then let me test it with ocata15:12
admin0find and fix the flaws and then submit a patch15:12
odyssey4meawesome, thanks15:12
openstackgerritMerged openstack/openstack-ansible-os_horizon master: tasks: horizon_apache: Use the apache2_module Ansible module  https://review.openstack.org/48292315:13
openstackgerritMerged openstack/openstack-ansible-os_horizon master: Add support for the openSUSE Leap distributions  https://review.openstack.org/48292415:13
sxc731admin0, odyssey4me: indeed!  Please let me know if I can help; I'm certainly up for testing15:13
admin0sxc731, if your platfrom is ready to go, then just follow the docs and see if you can get it all up and running15:14
odyssey4mesxc731 the best is to setup a test environment that you're able to destroy and rebuild, often - then go ahead and deploy and figure it all out15:14
odyssey4meI would suggest starting with a well known config, perhaps the example configs from the appendices. That'll help you understand how the config maps to a result.15:15
odyssey4meThen try and work out the ceph bits afterwards, once you have your feet wet.15:15
admin0sxc731, i use a big server and then multiple VMS ( as i have wrote in the site )  and with a virtual vyos as router, i am able to replicate all my production env, including the IPs being used15:15
admin0even on the public side15:16
kristian__andymccr: it is there "tcp        0      0 10.255.255.1:53         0.0.0.0:*               LISTEN      22224/dnsmasq"15:17
admin0odyssey4me, i have a test setup up . i will test ceph with ocata the integrated way15:18
admin0its something i can re-create again and again15:18
admin0just need to run ./redo.sh :D15:18
openstackgerritMerged openstack/openstack-ansible-os_aodh master: templates: aodh-httpd: Ensure proper user control in aodh root  https://review.openstack.org/48233315:18
*** Oku_OS is now known as Oku_OS-away15:20
*** acormier has joined #openstack-ansible15:22
*** acormier has quit IRC15:22
admin0sxc731, what is your setup like  ?15:23
*** acormier has joined #openstack-ansible15:23
admin0how many nodes ?15:23
sxc731odyssey4me: re "try and work out the ceph bits afterwards"... sure that's kind of where I was when I asked the q.  I just thought admin0's page was going to bring me a little further than a bare pointer to ceph-ansible/group_vars/all.yml.sample15:25
*** acormier_ has quit IRC15:25
admin0sxc731, i am playing with it tonight15:26
admin0hands itching :D15:26
sxc731admin0: it's a couple of bare metal boxes on which I have spun up a number of VMs (using Ubuntu MAAS and some automation to bring up the br-xxx etc)15:26
sxc731That's my test env.  Prod has 3 bare metal controllers and 6 compute boxes, all reasonably beefy15:26
openstackgerritMerged openstack/openstack-ansible-os_aodh master: Add support for the openSUSE Leap distributions  https://review.openstack.org/48233415:27
sxc731admin0: OK let's both go for it an report back in 24 hours or so?15:27
admin0yeah15:28
openstackgerritMerged openstack/openstack-ansible-os_cinder master: Sort key-value pairs in backend dictionaries  https://review.openstack.org/48307015:28
admin0one qustion to you though15:28
odyssey4melogan- small tweak on https://review.openstack.org/#/c/483342/1 needed15:28
admin0odyssey4me, from experience, unlike OSA which is more zero touch after setup, with ceph you need to tinker it to optimize stuff .. need to add remove osds, change parmeters etc .. so what is the limit/feature  of the ceph integration in ocata ?15:30
admin0where can i read about that15:30
logan-yup thanks odyssey4me. will edit after the integrated test finishes. every time i edit one of the dependent patches it kills the integrated test and i have to retest heh15:30
admin0or is it more providing an integrated file where the ansible-ceph reads and thats it ?15:30
odyssey4melogan- roger that15:31
*** udesale has quit IRC15:31
odyssey4meadmin0 we're not implementing anything other than what ceph-ansible deploys15:31
*** foutatoro has quit IRC15:31
odyssey4meall we've done is add the playbooks and inventory bits so that it can be done15:32
admin0ok .. clear now15:32
odyssey4meas you've suggested, the best practises are very opinionated based on how you're using the cluster so it's better not to try and codify those in - one size does not fit all15:32
*** winggundamth has quit IRC15:33
*** acormier_ has joined #openstack-ansible15:35
firebatOk guys I found out my issue. For some reason the playbook doesn't seem to be getting the correct login parameters for keystone admin when it runs the os_glance role service task. Should I modify the task and try and get more output out of it to see what args it is receiving? With -vvv I don't see them15:38
*** pcaruana has quit IRC15:38
firebatSorry if this is a dumb question I'm a bit of an ansible noob15:38
odyssey4mefirebat hmm, that's odd15:38
odyssey4meare you changing anything up in user_variables.yml ? are your secrets populated in user_secrets.yml ?15:39
*** acormier has quit IRC15:39
asuraIt is safe to add openstack_service_publicuri_proto: http in user_variables.yml?15:41
odyssey4measura yes of course, it's one of the example configs in the deploy guide15:42
asuraDecided to just tear down and rebuild my cluster OSA test build again. Hopefully, I'll make it through today.15:42
asuraWish I had a redo.sh like admin0 :)  Unfortunately, I have to clone all my vm's15:43
openstackgerritMerged openstack/openstack-ansible-os_ceilometer master: test: test-install-mongodb: Do not mask mongodb_user failures  https://review.openstack.org/48231015:43
openstackgerritMerged openstack/openstack-ansible-os_ceilometer master: tests: Provide mongodb configuration template  https://review.openstack.org/48231115:43
admin0asura, my scripts are all documented and available on github .. blog is at openstackfaq.co15:44
admin0* .com15:44
asuraYeah, I've read it15:44
asuraLoved to point to VyOS15:44
*** weezS has quit IRC15:44
admin0vyos allowed me to simulate 2 servers as 2 datacenters and do some cool tunneling in between15:44
admin0mikrotik also works though15:45
*** thorst has quit IRC15:45
asuraI'm using virtual box with Internal network "intnet" attached to the VMs.  Networking appears to work.15:45
asurawith the VyOS setup15:45
*** thorst has joined #openstack-ansible15:46
asuraI suppose if it all works I could covert it to a Vagrant box for faster builds15:46
*** lucasxu has joined #openstack-ansible15:49
*** thorst has quit IRC15:50
*** sxc731 has quit IRC15:51
boxrick1Hello, I am attempting to use a variant of what you guys use ( basically the LXD connection type rather than SSH ). I know you use a connection plugin and catch SSH then deploy via the host directly using lxc attach.15:53
boxrick1I am just wondering, speed wise does this seem much slower?15:53
*** vnogin has quit IRC15:53
boxrick1Since when I use the LXD connection plugin it is basically 3 minutes to gather facts about a host vs about 3 seconds via SSH directly.15:53
*** armaan has joined #openstack-ansible15:53
odyssey4meouch15:53
boxrick1Yea, its basically unusable and is causing me a whole amount of pain :/15:54
DimGRwhere is the redo.sh admin0  on your page? can't find it15:54
odyssey4meI guess the lxd connection plugin might be gathering a bunch of extra facts, whereas the ssh plugin is not?15:55
admin0there is a recreate.sh :D15:55
odyssey4mealthough we're specifically scoping the facts gathered down to a smaller set - have you done that?15:55
admin0i will update the blog tonight with ocata15:55
asuraIs there a reason you use library on your faq rather than octa?15:55
asuraoh i see15:56
boxrick1Everything runs slower in general, the gather facts was just an example.15:56
asuraI might try that tomorrow if I don't get this working lol15:56
admin0when i started with osa, it was that.. and then got super busy .. but now have taken steps to give time to the site and make it work .. but dedicated for production environments15:58
asuraWe'll honestly it was the best documentation I could find on OSA besides the online guide15:58
* asettle stumbles in15:58
*** acormier_ has quit IRC15:58
asettleTell me more about how great the docs are15:58
admin0asettle \o15:59
asettleHEy admin0 :)15:59
*** armaan has quit IRC15:59
admin0well, it was my docs on openstackfaq.com he was talking about15:59
asuraWell the online docs have a bug I submitted15:59
*** acormier has joined #openstack-ansible15:59
asettleOhhhh wellllllllll sureeee :p15:59
jamesden_asettle Would be nice if Google cache were updated... :(15:59
asettleI just hear "docs" and appear15:59
asettlejamesden_: I wish I worked magic, but alas...15:59
admin0asura, well, the docs in osa are by the developers for the developers .. i am more an operator ( and a lazy dev) ..15:59
*** armaan has joined #openstack-ansible15:59
asettleadmin0: hey, c'mon, we wrote a neat as ops guide15:59
admin0i have a different view of the docs and guides15:59
odyssey4meboxrick1 unfortunately I haven't tried working with it just yet15:59
spotzmeeting now!!!!!16:00
asettleAnd by 'we', I mean, the ops team16:00
asuraThere is an ops team?16:00
admin0i am an unoffical ops validator :)16:00
asettleasura: Rackspace's ops team ;) since we use OSA, I whipped them into shape16:00
odyssey4meadmin0 actually the deploy guide is for operators, as is the ops guide16:01
asettleTurned their knowledge into goodness16:01
odyssey4methe contributor/developer docs are for developers16:01
admin0the docs are getting better now16:02
asettle"are getting better now" yo bro c'mon16:02
asettle:P16:02
*** acormier has quit IRC16:03
admin0asettle, https://docs.openstack.org/project-deploy-guide/openstack-ansible/ocata/app-ceph.html :D16:04
asettleadmin0: mostly just keen for ceph? :P16:04
*** kristia__ has joined #openstack-ansible16:04
*** lucasxu has quit IRC16:04
*** sufyan68 has quit IRC16:04
admin0i am an operator .i want to utilize all the good work this team does in developing .. and its in their head .. so for example, there are 3 people now ( including me ) interested in getting ceph+osa runnign, and that docs is the only doc it is out there16:05
admin0so trying to help there to get it better16:05
admin0but if the devs give a bit more extra lines, it will help get started ..16:05
*** schwicht has quit IRC16:06
admin0i have to run .. 6 PM ..office closing down .. will check back from home16:06
*** agrebennikov has joined #openstack-ansible16:07
*** kristian__ has quit IRC16:07
andymccradmin0: cool :)16:07
asuraI'm willing to test the ceph+octa as well16:08
asuraI have a ceph cluster up16:08
*** dxiri has joined #openstack-ansible16:08
*** schwicht has joined #openstack-ansible16:08
*** gillesMo has quit IRC16:10
*** admin0 has quit IRC16:11
*** sxc731 has joined #openstack-ansible16:12
*** dxiri has quit IRC16:14
*** weezS has joined #openstack-ansible16:18
*** jamielennox has quit IRC16:19
kristia__andymccr: is there anything, how I could fix dns in lxcbr0?16:20
andymccrkristia__: so is the resolv.conf inside the containers pointing at 10.255.255.116:20
andymccrand can they reach the dnsmasq service?16:21
kristia__it is, and I can successfully ping it16:21
*** lucasxu has joined #openstack-ansible16:21
DimGRkristia__  lxcbr0 down ; lxcbr0 up16:21
*** openstacking_123 has joined #openstack-ansible16:22
kristia__did that, but gonna do it again (but did it ifdown and ifup) it might not be different or is it?16:22
odyssey4melogan- wow, that test build is only at neutron16:22
openstacking_123Anyone else have trouble when linux bridge routers our in HA mode?16:22
openstacking_123are*16:23
odyssey4mefor some reason the jobs seem to be going very, very slowly this afternoon16:23
kristia__DimGR: ifdown lxcbr0; ifup lxcbr0 right?16:23
DimGRyes16:24
kristia__DimGR: then thats done, now restart the container?16:25
*** dxiri has joined #openstack-ansible16:25
kristia__now it magically works, I did it many times before and it refused to ping google16:26
DimGRnot needed16:26
DimGR:)16:26
kristia__DimGR: it shouldnt be the problem that I did ifdown lxcbr0 and then ifup lxcbr0 and restart the container. Not restart the lxcbr0 in one line. Or is it?16:28
asuraWhy do I need internal_lb_vip_address and external_lb_vip_address ip addresses inside openstack_user_config.yml?  So they run on separate hosts?16:28
openstacking_123I get error  'Keepalived_vrrp[11377]: Netlink: filter function error' if I add a port into an ha linux bridge router. Then external IP on the router will go down for 3 minutes or so16:29
asuraSorry, I mean why do they need to be on separate ip addresses?16:30
odyssey4mekristia__ maybe, because it might need the time to properly close up the dnsmasq service16:30
*** dxiri has quit IRC16:30
jamesden_asura Because https is enabled on external, and http on internal, and if you're using the same listener address it may cause issues for the client and/or internal service.16:32
*** dxiri has joined #openstack-ansible16:32
jamesden_it's better to split them. they can even be addresses in the same subnet, but to avoid those types of issues it's best to define two unique addrs16:32
odyssey4mewel,, it physically cannot listen on the same address and port for both http and https16:33
*** skape has quit IRC16:35
kristia__odyssey4me: deploying, fingers crossed16:36
asurakristia__ best of luck16:36
kristia__thanks16:36
kristia__install server packages no errors :D16:37
kristia__at least, that was my todays bottleneck16:37
*** schwicht has quit IRC16:38
kristia__currently on galera, should be a smooth ride16:38
kristia__also do all services in /opt/openstack-ansible/etc/openstack_deploy/conf.d/*.yml.aio work?16:39
logan-i know odyssey4me i was noticing that too :(16:40
logan-it was just finishing nova with 10 mins left to timeout16:40
*** gouthamr has quit IRC16:41
*** gouthamr has joined #openstack-ansible16:41
sc68calspotz: you should update your script or whatever that pings people, since I am no longer on that list https://wiki.openstack.org/wiki/Meetings/openstack-ansible16:41
spotzsc68cal: Yeah it's a few months old I'll admit16:42
sc68calno worries16:42
*** firebat has quit IRC16:43
*** dxiri has quit IRC16:44
odyssey4melogan- the integrated job has passed for ceph, so I think the roles are good to go16:46
*** thorst has joined #openstack-ansible16:46
odyssey4methe role changes I mean16:46
logan-agreed16:46
logan-it looks like it all works16:46
odyssey4meI did notice a bug or two in the integrated build patch though16:46
*** dxiri has joined #openstack-ansible16:46
logan-we may want to reno the integrated build due to the var changes16:46
odyssey4mehmm, well - the vars aren't changing though - are they?16:47
*** mbuil has quit IRC16:47
logan-cinder_backends_rbd_inuse -> nova_cinder_rbd_inuse16:47
logan-i doubt cinder_backends_rbd_inuse is commonly overridden though16:48
logan-but who knows16:48
odyssey4meah yes, makes sense to reno then16:48
logan-yea16:48
logan-i will update the integrated patch but we need to hold the role changes until the integrated is almost ready to go otherwise it will break the gate for a while.16:50
logan-the nova var namespacing change I just mentioned will break the ceph build until the integrated patch merges16:51
odyssey4mealternatively, we could do an interim state in the nova role to cater for both the old and new var, then remove the old var once the integrated patch merges16:52
logan-true..16:55
odyssey4meodd, that one keystone job is stuck at creating containers16:55
odyssey4meit's been stuck there for almost an hour16:56
*** weezS has quit IRC16:57
*** shardy has quit IRC16:58
*** dxiri has quit IRC16:59
*** dxiri has joined #openstack-ansible17:02
*** sxc731 has quit IRC17:03
openstackgerritMerged openstack/openstack-ansible-os_ceilometer master: Add support for the openSUSE Leap distributions  https://review.openstack.org/48231217:08
odyssey4mehmm, it looks like the stuff using external downloads is causing the massive slowdown17:08
odyssey4mesometimes it just fails, sometimes it just hangs17:08
*** stuartgr has quit IRC17:08
odyssey4meit seems to mostly be happening with the lxc base cache download17:09
openstackgerritMerged openstack/openstack-ansible-os_designate master: tests: Convert bind configuration file to template  https://review.openstack.org/48249017:11
*** firebat has joined #openstack-ansible17:12
firebatHey guys so I tried pushing in correct variables to make sure the attempted authorization with keystone was using the correct information, but I'm still at a loss. I have verified via manually curling that I can get tokens as the admin user so there's that.  Here's the error output I'm getting (it's a pastebin just shortened since I'm on a jump box): goo.gl/rZeZ7417:21
*** schwicht has joined #openstack-ansible17:23
*** electrofelix has quit IRC17:23
odyssey4mefirebat I didn't see an answer to my earlier questions17:23
firebatCould you repost I lost connection that's why I'm on a jump box now. I don't have an irc proxy at work17:23
odyssey4mehttp://eavesdrop.openstack.org/irclogs/%23openstack-ansible/%23openstack-ansible.2017-07-13.log.html#t2017-07-13T15:39:1517:23
firebatAhh thanks much17:24
firebatodyssey4me The secretes file is completely populated, and yes I do have some things in my user_variables.yml file I'll paste it in here.17:25
*** firebat_paste has joined #openstack-ansible17:26
openstackgerritMerged openstack/openstack-ansible-os_designate master: Add support for the openSUSE Leap distributions  https://review.openstack.org/48249117:26
*** kristia__ has quit IRC17:28
firebat_pastehttps://pastebin.com/e60zVtTd17:28
*** kristian__ has joined #openstack-ansible17:28
firebatodyssey4me There's not much in there as I'm just running a dev/test deploy right now, and I'm not sure how much stuff should be in there anyway17:29
odyssey4methe openstack_service settings are all defaults, so setting those is unnecessary17:29
odyssey4meright, so you have a default environment with debug enabled - that's fine17:30
odyssey4meyou should not have to set anything unless you want to change default behaviour17:30
*** ricardoas has joined #openstack-ansible17:30
odyssey4meright - what else have you changed and where?17:30
odyssey4meand what tag/branch are you using?17:30
firebat_pasteI'm on ocata/stable with your one change17:31
firebat_pasteFor the keystone service not being reset or whatever17:31
firebat_pasteI can get the commit if you need17:31
odyssey4meok, and what else?17:31
odyssey4meany other changes?17:32
odyssey4mecan you pastebin/gist your openstack_user_config/conf.d file info?17:32
odyssey4meobviously sanitised17:32
*** kristian__ has quit IRC17:32
*** toddnni has joined #openstack-ansible17:33
firebat_pasteHmmm I think I may have made a mistake? All my stuff is in openstack_user_config.yml17:34
odyssey4mewell, it depends on what's in there - you can send me a gist link privately if you'd prefer17:35
odyssey4mebut yes, if all your behaviour change settings are in there, then it won't work because the inventory is a lower precedence17:36
odyssey4meall that should be in there are the network mappings, host:group mappings, and any host-specific vars (like cinder backends)17:36
*** fxpester has quit IRC17:37
firebat_pasteYeah I believe that's how I have it setup17:38
firebat_pasteI sent you the private gist17:38
odyssey4meok, so I see the problem17:39
odyssey4meyou're using the same IP for both internal and external VIP's17:39
odyssey4meif you do that, you *have* to set the public proto to http17:39
odyssey4methe same IP cannot bind http and https on the same ip:port17:40
firebat_pasteInteresting17:40
firebat_pasteThat makes a ton of sense17:40
firebat_pasteLet me run with proto http and see if I can get a complete deploy then I can circle back around and fix my http vs https issue17:40
odyssey4methat's detailed in https://docs.openstack.org/project-deploy-guide/openstack-ansible/ocata/app-config-test.html17:41
odyssey4mespecifically in https://docs.openstack.org/project-deploy-guide/openstack-ansible/ocata/app-config-test.html#user-variables17:41
*** toddnni has quit IRC17:42
*** toddnni has joined #openstack-ansible17:44
*** schwicht has quit IRC17:45
odyssey4mefirebat_paste you'll likely have to build from scratch - or at least dump the db's - because the endpoints will all be configured in a way that can't be used17:47
firebat_pasteYeah looks to be the case17:48
openstackgerritMerged openstack/openstack-ansible master: Set python interpreter for connection:local plays  https://review.openstack.org/48209017:53
openstackgerritMerged openstack/openstack-ansible master: Restart glance services only when necessary  https://review.openstack.org/48272717:53
*** tomtomtom has joined #openstack-ansible17:54
tomtomtomanyone here know if the octavia apiv2 has been pushed into the playbooks yet?17:55
odyssey4mehuzzah, with https://review.openstack.org/482090 in we might get an upgrade success tomorrow :) jmccrory17:55
odyssey4metomtomtom you'll need to ask xgerman_17:55
jmccroryawesome!17:55
tomtomtomok thanks17:55
xgerman_tomtomtom no17:56
odyssey4mejmccrory are you going to backport https://review.openstack.org/482727 ? I think it's necessary to do so asap17:56
odyssey4meshould probably do https://review.openstack.org/483070 too17:56
xgerman_it’s on my list of though. But first need to finish the scenario test17:56
tomtomtomthanks of the quick reply, it's appreciated17:56
firebatodyssey4me Just to clarify I don't have to change the deploying host right just the ones I deploy to?17:56
odyssey4mefirebat I'm not sure I understand what you mean.17:57
openstackgerritJimmy McCrory proposed openstack/openstack-ansible stable/ocata: Restart glance services only when necessary  https://review.openstack.org/48348717:57
openstackgerritJimmy McCrory proposed openstack/openstack-ansible stable/newton: Restart glance services only when necessary  https://review.openstack.org/48348817:57
*** weezS has joined #openstack-ansible17:57
tomtomtom@xgerman any idea when it might be?17:57
jmccrorythink there may be a similar issue with nova placement17:57
firebatodyssey4me I'm deplyoing from a VM where the openstack-ansible and all my customizations are... it doesn't have any state information in there that could get in the way of a deploy does it?17:58
odyssey4mefirebat nope, except perhaps the fact cache which you can nuke17:58
openstackgerritJimmy McCrory proposed openstack/openstack-ansible-os_cinder stable/ocata: Sort key-value pairs in backend dictionaries  https://review.openstack.org/48348917:58
xgerman_tomtomtom before the Pike release :-)18:00
tomtomtomok thanks18:00
*** sxc731 has joined #openstack-ansible18:08
*** dmsimard is now known as dmsimard|afk18:08
*** schwicht has joined #openstack-ansible18:09
openstackgerritJimmy McCrory proposed openstack/openstack-ansible-os_cinder stable/newton: Sort key-value pairs in backend dictionaries  https://review.openstack.org/48349518:13
*** toddnni has quit IRC18:14
*** kristian__ has joined #openstack-ansible18:15
*** kristian__ has quit IRC18:18
*** schwicht has quit IRC18:18
*** firebat_paste has quit IRC18:21
*** acormier has joined #openstack-ansible18:23
*** cshen_ has joined #openstack-ansible18:25
*** weezS has quit IRC18:26
openstackgerritLogan V proposed openstack/openstack-ansible-os_glance master: Include ceph_client role if needed  https://review.openstack.org/48334218:31
*** armaan has quit IRC18:32
openstackgerritLogan V proposed openstack/openstack-ansible-os_nova master: Include ceph_client role if needed  https://review.openstack.org/48306118:35
openstackgerritLogan V proposed openstack/openstack-ansible master: Remove ceph_client role execution from playbooks  https://review.openstack.org/48306218:36
*** jamielennox has joined #openstack-ansible18:37
*** pcaruana has joined #openstack-ansible18:38
openstackgerritLogan V proposed openstack/openstack-ansible master: Remove ceph_client role execution from playbooks  https://review.openstack.org/48306218:38
*** kristian__ has joined #openstack-ansible18:41
*** toddnni has joined #openstack-ansible18:44
*** openstacking_123 has quit IRC18:44
*** thorst has quit IRC18:44
*** openstacking_123 has joined #openstack-ansible18:49
*** armaan has joined #openstack-ansible18:52
*** openstacking_123 has quit IRC18:54
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-galera_server master: Separate greenfield and upgrade tests  https://review.openstack.org/48350718:54
odyssey4mehwoarang andymccr ^ I think it's about time we do that.18:55
*** dcdamien has joined #openstack-ansible19:00
*** dcdamien has quit IRC19:01
*** dcdamien has joined #openstack-ansible19:01
asurajamesden_ I reloading three fresh nodes today and adjusted the internal_lb_vip_address and external to 172.29.236.11 and 172.29.236.12.  Upon running, openstack-ansible setup-infrastructure.yml task pip_install fails with unable to connect to http://172.29.236.11:8181 https://pastebin.com/DD7mueC719:01
asuraWhen I lxc-attach -n deploy-galera-container-8bc3d4ec, I'm able to ping 172.29.236.11 https://pastebin.com/WVASHXn3 -- I was under the impression that eth0 allows the containers access to the mgmt vlan.  Q: Should deploy host (running ansible playbook) launch a service on port 8181 at 172.29.236.11 for the deploy-galera-container-8bc3d4ec container to connect to or is there something else happening?19:01
asuraI can see no service (assuming it should be apache2) is running on 172.29.236.11:88 on host deploy.  Does the load balancer or something else forward this connection to another container?  How can I better understand where this is going wrong?  Thanks.19:01
asuraReference: deploy openstack_user_config.yml  https://pastebin.com/zWhNkPCX nic config https://pastebin.com/qFA4cYaX target host nic config https://pastebin.com/nD9RPr3w19:01
jamesden_sure, lemme take a look19:02
asuraThanks19:02
*** schwicht has joined #openstack-ansible19:05
asuraMeant to say I see no service is running on 172.29.236.11:818119:05
*** dcdamien has quit IRC19:05
*** dcdamien has joined #openstack-ansible19:05
jamesden_Is 172.29.236.11 defined as your external or internal vip?19:05
asurainternal19:06
jamesden_and you're using haproxy?19:06
dcdamienDoes anybody here know why this was added? https://git.openstack.org/cgit/openstack/openstack-ansible-os_cinder/commit/?id=4fb0bb48877f579b0d28e6ea18896f949df738e719:06
dcdamienAs I know open-iscsi doesn't work in container19:07
odyssey4medcdamien see the discussion in https://review.openstack.org/#/c/461133/19:07
asurathere is a section in openstack_user_config.yml defining # load balancer haproxy_hosts:   deploy:     ip: 172.29.236.1119:07
asuraSo, I assume deploy node is acting as a load balancer?19:08
asuraI've never dealt with load balancers, so I'm a bit confused by what is going on with the networking19:08
odyssey4measura the load balancer is running on whichever node you told it to19:09
odyssey4mein that case, on your deploy node, yes19:09
jamesden_asura 172.29.236.11:8181 should be configured as a VIP on the deploy host or whatever host is defined at the haproxy host. Check to see that it's configured on the br-mgmt interface. You can use netstat to ensure its listening on 8181. From that haproxy/deploy node, you can try to curl 172.29.236.11:8181 and see if you get a response. curl -v http://172.29.236.11:8181 and you should get a 200 OK and some dirs19:09
asuraYeah, I think I tried that is it got nothing19:10
asuraI'll double check19:10
jamesden_if you get a timeout or connection refused, then either a) haproxy isnt actually running or b) the backend pool member is down, in this case, the repo container is failing the monitor19:10
asuraIts a connection refused19:11
jamesden_on that haproxy node what is the output of 'netstat -an | grep :8181'19:11
jamesden_and systemctl status haproxy19:12
asuradeploy systemd[1]: haproxy.service: Start request repeated too quickly19:13
asuradeploy systemd[1]: Failed to start HAProxy Load Balancer.19:13
jamesden_well that's a start. /var/log/haproxy.log may have some insight19:14
openstackgerritMerged openstack/openstack-ansible-os_cinder stable/newton: Sort key-value pairs in backend dictionaries  https://review.openstack.org/48349519:14
*** kristian__ has quit IRC19:14
asuraI get a bunch on cannot bind errors to deploy haproxy-systemd-wrapper[1905]: [ALERT] 193/141307 (1909) : Starting frontend neutron_server-front-1: cannot bind socket [172.29.236.12:9696]19:14
asuraon various ports19:15
jamesden_ok. try configuring that address on br-mgmt, too19:15
*** kristian__ has joined #openstack-ansible19:15
asuraMy target node is using that address though, won't that conflict?19:15
jamesden_yes, it will. try and find an address that won't conflict with any other node. I suggested .12 hoping it would be free19:16
jamesden_update openstack_user_config.yml with the new addr you choose19:16
jamesden_and you'll need to rerun haproxy-install.yml19:16
asuraThanks James19:16
asuraI'll give it a try19:16
jamesden_and may need to configure the addr on br-mgmt incase it doesnt do it, and maybe restart the service19:16
asuraI hope you have a great day19:16
jamesden_sure19:16
jamesden_thx19:16
jamesden_:)19:16
dcdamien@odysseycan I have tried today running os-cinder-install playbook but it fails when installing open-iscsi19:17
dcdamienhttps://bugs.launchpad.net/openstack-ansible/+bug/170416119:17
openstackLaunchpad bug 1704161 in openstack-ansible "open-iscsi post-installation script fails in cinder-api-container" [Undecided,New]19:17
*** jvidal has quit IRC19:19
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-galera_server master: Separate greenfield and upgrade tests  https://review.openstack.org/48350719:19
odyssey4medcdamien hmm, that's odd - especially odd because we're not seeing that in any gating19:22
*** acormier_ has joined #openstack-ansible19:24
*** acormier_ has quit IRC19:24
*** acormier_ has joined #openstack-ansible19:24
dcdamienI tried to re-run this playbook after pulling 15.1.6 over 15.1.5.I can check it after recreating those containers.19:25
openstackgerritGerman Eichberger proposed openstack/openstack-ansible master: [WIP] Octavia scenario  https://review.openstack.org/48352019:25
*** acormier has quit IRC19:26
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible master: Only gather facts when necessary  https://review.openstack.org/48300319:27
*** dcdamien has quit IRC19:28
*** dcdamien has joined #openstack-ansible19:29
asuraSo, if I have nodes deploy br-mgmt 172.29.236.11 target 172.29.236.12 storage 172.29.236.13; then I should configure br-mgmt on node deploy with a second ip address 172.29.236.14 to be used by the external_lb_vip_address address?  or would it better to make a new host and assign it something like: haproxy_hosts:   haproxyhost:     ip: 172.29.236.14 inside openstack_user_config.yml?  I'm uncertain if a br-mgmt on deploy can19:31
*** kristian__ has quit IRC19:32
jamesden_configuring .14 as the external vip on the deploy host is fine19:32
asuraopenstack-ansible haproxy-install.yml /opt/openstack-ansible/playbooks/inventory/dynamic_inventory.py generate.MultipleIpForHostError: Host deploy has both 172.29.236.11 and 172.29.236.14 assigned19:35
jamesden_one sec19:36
*** chhavi has quit IRC19:38
*** kristian__ has joined #openstack-ansible19:39
jamesden_can you post up your openstack_user_config.yml?19:40
*** cathrichardson has quit IRC19:40
*** cathrichardson has joined #openstack-ansible19:41
*** cshen_ has quit IRC19:41
dcdamien@odyssey4me unfortunately not working even after recreating containers -> https://gist.github.com/anonymous/97117b8a7e994f26b1025c88552dfbe419:42
*** kristian__ has quit IRC19:43
odyssey4medcdamien odd, are you using a special apt mirror or are there any other customisations that may come into account?19:43
odyssey4meI've deployed a few environments today in testing and have not seen that issue.19:43
odyssey4mecan you post up any special config related to cinder services in the bug?19:44
odyssey4meperhaps things like whether it's in a container or not in your environment layout19:44
*** kristian__ has joined #openstack-ansible19:45
jamesden_asura I just tested what i think is the same configuration without error19:45
*** SerenaFeng has quit IRC19:46
*** SerenaFeng has joined #openstack-ansible19:47
*** SerenaFeng has quit IRC19:49
*** lucasxu has quit IRC19:50
*** pcaruana has quit IRC19:52
dcdamien@odyssey4me sure, I can. Yep - it's in container, not metal. I'm using standard ubuntu-cloud repo. I have some customisations but looks unrelated.19:52
odyssey4mehmm, ok so that's the difference from the gating19:54
odyssey4meadd that to the bug please19:54
openstackgerritMerged openstack/openstack-ansible-os_cinder stable/ocata: Sort key-value pairs in backend dictionaries  https://review.openstack.org/48348919:59
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-galera_server master: Separate greenfield and upgrade tests  https://review.openstack.org/48350719:59
*** dmsimard|afk is now known as dmsimard20:00
*** cshen_ has joined #openstack-ansible20:01
asurajamesden_ https://pastebin.com/sVenYwvn sorry for the delay20:01
jamesden_asura I would correct this: external_lb_vip_address: 172.29.236.12. Make it .14. And remove this stanza: haproxy_hosts20:05
asuraopps :)20:06
openstackgerritLogan V proposed openstack/openstack-ansible master: Remove ceph_client role execution from playbooks  https://review.openstack.org/48306220:15
asurawell same error on TASK: pip_install : Install pip packages20:16
openstackgerritLogan V proposed openstack/openstack-ansible master: Remove ceph_client role execution from playbooks  https://review.openstack.org/48306220:16
jamesden_you may need to start haproxy by hand20:16
jamesden_and check the log to make sure it started. a 'netstat -an | grep :8080' should show two listeners20:17
asuradeploy haproxy-systemd-wrapper[20560]: [ALERT] 193/151841 (20562) : Starting frontend rabbitmq_mgmt-front-1: cannot bind socket [172.29.236.14:15672]20:19
asurahttps://pastebin.com/G8MwFgfT20:19
jamesden_is 172.29.236.14 still bound to an interface?20:19
*** cathrichardson has quit IRC20:20
jamesden_You can try ip addr add 172.29.236.14/32 dev br-mgmt20:20
asuraok its up20:20
*** smatzek has quit IRC20:21
asurafeel like an idiot20:21
asurathanks so much20:21
jamesden_join the club20:21
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible master: Test containerised cinder-volume  https://review.openstack.org/48354120:21
asuraSo Haproxy runs despite the stanza20:21
asuraguess after this is up i need to learn ansible so i can understand the backend more20:22
jamesden_i guess it defaults to the deploy node, but if you defined haproxy_hosts it would've installed there, instead20:22
openstackgerritMerged openstack/openstack-ansible-os_keystone master: Ensure that keystone restarts after db sync  https://review.openstack.org/48330920:23
openstackgerritMerged openstack/openstack-ansible-os_keystone stable/ocata: Replace db sync check with alternative process  https://review.openstack.org/48303320:23
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_keystone stable/newton: Replace db sync check with alternative process  https://review.openstack.org/48303420:23
*** cathrichardson has joined #openstack-ansible20:23
*** cshen_ has quit IRC20:27
*** dcdamien has quit IRC20:31
*** sxc731 has quit IRC20:35
*** cshen_ has joined #openstack-ansible20:37
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible master: Test containerised cinder-volume  https://review.openstack.org/48354120:39
dmsimardmhayden: I totally just put icanhazip.com in a playbook and I'm not ashamed20:46
* mhayden woots20:46
mhaydenyou can haz20:46
*** dcdamien has joined #openstack-ansible20:49
*** cshen_ has quit IRC20:55
openstackgerritMerged openstack/openstack-ansible-os_glance master: Include ceph_client role if needed  https://review.openstack.org/48334220:59
openstackgerritMerged openstack/openstack-ansible master: Idempotent nova db privilege grants  https://review.openstack.org/48317621:04
openstackgerritMerged openstack/openstack-ansible stable/newton: Restart glance services only when necessary  https://review.openstack.org/48348821:04
openstackgerritMerged openstack/openstack-ansible-os_cinder master: Include ceph_client role if needed  https://review.openstack.org/48339421:08
*** esberglu has quit IRC21:12
*** smatzek has joined #openstack-ansible21:15
openstackgerritLogan V proposed openstack/openstack-ansible-os_nova master: Remove temporary default used for Ceph var migration  https://review.openstack.org/48356021:18
*** smatzek has quit IRC21:20
*** kylek3h has quit IRC21:20
*** askb has joined #openstack-ansible21:25
*** esberglu has joined #openstack-ansible21:26
*** schwicht has quit IRC21:38
*** thorst has joined #openstack-ansible21:42
*** gouthamr has quit IRC21:47
*** thorst has quit IRC21:48
*** gouthamr has joined #openstack-ansible21:49
*** cpuga has quit IRC21:52
dcdamien@odyssey4me https://review.openstack.org/483541 <- why cinder-volume not cinder-api?21:54
*** schwicht has joined #openstack-ansible22:04
*** galstrom is now known as galstrom_zzz22:07
*** dcdamien has quit IRC22:09
*** gouthamr has quit IRC22:10
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible stable/ocata: Idempotent nova db privilege grants  https://review.openstack.org/48359422:35
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible stable/newton: Idempotent nova db privilege grants  https://review.openstack.org/48359522:36
*** schwicht has quit IRC22:37
*** kristian__ has quit IRC22:47
*** tobberydberg has joined #openstack-ansible22:52
*** klamath has quit IRC22:52
*** tobberydberg has quit IRC22:56
openstackgerritLogan V proposed openstack/openstack-ansible master: Remove ceph_client role execution from playbooks  https://review.openstack.org/48306222:59
*** galstrom_zzz is now known as galstrom22:59
*** schwicht has joined #openstack-ansible23:11
*** kristian__ has joined #openstack-ansible23:12
*** kristian__ has quit IRC23:17
*** charcol has joined #openstack-ansible23:30
*** jamesden_ has quit IRC23:33
*** jamesdenton has joined #openstack-ansible23:34
*** openstacking_123 has joined #openstack-ansible23:36
*** thorst has joined #openstack-ansible23:48
*** vishwanathj has quit IRC23:53
*** openstacking_123 has quit IRC23:53
*** vishwanathj has joined #openstack-ansible23:54
*** thorst has quit IRC23:55
« Wednesday, 2017-07-12 Index Friday, 2017-07-14 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!