Wednesday, 2017-11-08

« Tuesday, 2017-11-07 Index Thursday, 2017-11-09 »
*** weezS has quit IRC00:07
*** galstrom is now known as galstrom_zzz00:16
*** markvoelker has joined #openstack-ansible00:26
*** markvoelker has quit IRC00:35
*** xingchao has joined #openstack-ansible00:36
*** Rodrigo__ has quit IRC00:39
*** markvoelker has joined #openstack-ansible00:40
*** Rodrigo_BR has joined #openstack-ansible00:40
*** yifei has joined #openstack-ansible00:40
*** xingchao has quit IRC00:40
*** markvoelker_ has joined #openstack-ansible00:42
*** markvoelker has quit IRC00:44
*** yifei has quit IRC00:45
*** yifei has joined #openstack-ansible00:47
*** gouthamr has quit IRC00:48
*** agrebennikov has quit IRC00:48
*** masber has joined #openstack-ansible00:48
*** markvoelker_ has quit IRC00:49
*** Rodrigo_BR has quit IRC00:52
*** hw_wutianwei has joined #openstack-ansible00:58
*** markvoelker has joined #openstack-ansible00:58
*** markvoelker has quit IRC01:09
*** woodard_ has joined #openstack-ansible01:11
*** woodard has quit IRC01:11
*** xingchao has joined #openstack-ansible01:37
*** xingchao has quit IRC01:42
*** pbandark has quit IRC01:44
*** gkadam has joined #openstack-ansible01:49
*** dxiri has quit IRC01:49
*** gouthamr has joined #openstack-ansible01:50
*** thorst has joined #openstack-ansible01:58
*** dxiri has joined #openstack-ansible02:02
*** kukacz has quit IRC02:03
*** dxiri has quit IRC02:06
*** newmember has joined #openstack-ansible02:15
*** vnogin has joined #openstack-ansible02:32
*** chhavi has joined #openstack-ansible02:33
*** kiennt26 has joined #openstack-ansible02:33
*** vnogin has quit IRC02:37
*** xingchao has joined #openstack-ansible02:37
*** gouthamr has quit IRC02:40
*** xingchao has quit IRC02:42
*** gouthamr has joined #openstack-ansible02:45
*** savvas has joined #openstack-ansible02:45
*** bhujay has joined #openstack-ansible02:48
*** thorst has quit IRC02:50
*** chhavi has quit IRC02:50
*** gkadam has quit IRC02:55
*** chhavi has joined #openstack-ansible02:57
*** thorst has joined #openstack-ansible03:08
*** vnogin has joined #openstack-ansible03:10
*** thorst has quit IRC03:13
*** vnogin has quit IRC03:15
*** chhavi has quit IRC03:17
*** chhavi has joined #openstack-ansible03:22
*** bhujay has quit IRC03:27
*** vnogin has joined #openstack-ansible03:31
*** gouthamr has quit IRC03:34
*** vnogin has quit IRC03:36
*** xingchao has joined #openstack-ansible03:38
*** gouthamr has joined #openstack-ansible03:39
logan-boxrick: I think they added a group vars precedence thing in 2.4.. let me find it03:41
*** xingchao has quit IRC03:43
*** thorst has joined #openstack-ansible03:52
logan-boxrick: ansible_group_priority might be what you're looking for. heres the docs (they aren't in the ansible site docs yet but this was added in 2.4) https://github.com/ansible/ansible/pull/28777/files03:53
*** thorst has quit IRC03:54
*** vnogin has joined #openstack-ansible03:58
*** gouthamr has quit IRC03:59
*** vnogin has quit IRC04:03
*** jwitko has quit IRC04:07
*** udesale has joined #openstack-ansible04:12
*** bhujay has joined #openstack-ansible04:15
*** savvas is now known as savvas`04:18
*** chhavi has quit IRC04:19
openstackgerritJimmy McCrory proposed openstack/openstack-ansible-rsyslog_client master: Sort file names within templates  https://review.openstack.org/51844204:20
openstackgerritLogan V proposed openstack/openstack-ansible stable/ocata: Properly detect RBD in use on Cinder backends  https://review.openstack.org/51844404:30
*** nshetty has joined #openstack-ansible04:31
*** xingchao has joined #openstack-ansible04:39
*** xingchao has quit IRC04:43
*** thorst has joined #openstack-ansible04:46
*** nshetty is now known as nshetty|brb04:46
*** sxc731 has joined #openstack-ansible04:51
*** woodard_ has quit IRC05:04
*** nshetty|brb is now known as nshetty05:12
*** sxc731 has left #openstack-ansible05:26
*** cshen has joined #openstack-ansible05:46
*** cshen has quit IRC05:57
*** michelv has joined #openstack-ansible05:58
*** cshen has joined #openstack-ansible05:58
*** cshen has quit IRC06:09
*** ivveh has joined #openstack-ansible06:12
*** vnogin has joined #openstack-ansible06:14
*** cshen has joined #openstack-ansible06:14
*** Jack_Iv has joined #openstack-ansible06:14
*** vnogin has quit IRC06:18
*** vnogin has joined #openstack-ansible06:23
*** bhujay has quit IRC06:26
*** bruvik_ has quit IRC06:26
*** bhujay has joined #openstack-ansible06:26
*** Jack_Iv has quit IRC06:27
*** Jack_Iv has joined #openstack-ansible06:28
*** vnogin has quit IRC06:28
*** cshen has quit IRC06:31
*** cshen has joined #openstack-ansible06:34
*** cshen has quit IRC06:36
*** markvoelker has joined #openstack-ansible06:42
*** markvoelker_ has joined #openstack-ansible06:43
*** markvoelker_ has quit IRC06:45
*** ajmaidak has quit IRC06:45
*** armaan has quit IRC06:46
*** armaan has joined #openstack-ansible06:46
*** markvoelker has quit IRC06:46
*** markvoelker has joined #openstack-ansible06:47
*** markvoelker has quit IRC06:52
*** markvoelker has joined #openstack-ansible06:54
*** poopcat has quit IRC07:00
*** ajmaidak has joined #openstack-ansible07:00
*** bruvik_ has joined #openstack-ansible07:01
*** jvidal has joined #openstack-ansible07:01
*** poopcat has joined #openstack-ansible07:01
*** arbrandes has joined #openstack-ansible07:01
*** arbrandes1 has quit IRC07:03
*** ajmaidak has quit IRC07:09
*** thorst has quit IRC07:11
*** Jack_Iv has quit IRC07:12
openstackgerritGuoqiang Ding proposed openstack/openstack-ansible-os_horizon master: Update the doc link  https://review.openstack.org/51846707:13
*** thorst has joined #openstack-ansible07:15
*** nshetty is now known as nshetty|lunch07:15
*** Oku_OS-away is now known as Oku_OS07:15
*** vnogin has joined #openstack-ansible07:24
*** cshen has joined #openstack-ansible07:24
*** gaoyanami has joined #openstack-ansible07:28
*** vnogin has quit IRC07:29
*** jvidal has quit IRC07:30
*** ajmaidak has joined #openstack-ansible07:30
*** ksrt has quit IRC07:31
openstackgerritVu Cong Tuan proposed openstack/openstack-ansible-os_ironic master: Do not use “-y” for package install  https://review.openstack.org/51847107:31
openstackgerritVu Cong Tuan proposed openstack/openstack-ansible-os_octavia master: Do not use “-y” for package install  https://review.openstack.org/51847207:33
openstackgerritMarkos Chandras (hwoarang) proposed openstack/openstack-ansible stable/pike: PermitRootLogin for hosts group  https://review.openstack.org/51847307:33
openstackgerritMarkos Chandras (hwoarang) proposed openstack/openstack-ansible stable/ocata: PermitRootLogin for hosts group  https://review.openstack.org/51847407:34
*** Oku_OS is now known as Oku_OS-away07:38
*** Oku_OS-away is now known as Oku_OS07:47
*** mbuil has joined #openstack-ansible07:53
*** chigang_ has joined #openstack-ansible07:54
*** huxinhui_ has joined #openstack-ansible07:56
*** cshen has quit IRC08:01
*** cshen has joined #openstack-ansible08:03
*** vnogin has joined #openstack-ansible08:06
openstackgerritMarkos Chandras (hwoarang) proposed openstack/openstack-ansible-lxc_hosts master: SUSE: Avoid repositoy refresh and metadata clean up  https://review.openstack.org/51848608:10
*** vnogin has quit IRC08:11
*** taseer1 has joined #openstack-ansible08:15
*** Taseer has quit IRC08:16
*** taseer2 has joined #openstack-ansible08:16
*** taseer2 is now known as Taseer08:17
*** taseer1 has quit IRC08:20
*** nshetty|lunch is now known as nshetty08:22
*** woodard has joined #openstack-ansible08:24
*** woodard has quit IRC08:29
*** gkadam has joined #openstack-ansible08:39
mardimGuys hello I have one question08:59
mardimthe vagrant boxes that CI uses to run the tests have already inside them the run_tests.sh ?09:00
openstackgerritMarkos Chandras (hwoarang) proposed openstack/openstack-ansible-lxc_hosts master: tasks: lxc_cache_create: Use threads when compressing base image  https://review.openstack.org/51849209:05
hwoarangmardim: openstack ci doesn't use vagrant09:06
hwoarangrun_tests.sh is part of the repository so what do you mean when you say 'vagrant includes run_tests.sh'09:07
mardimi mean this file https://github.com/openstack/openstack-ansible-os_neutron/blob/master/Vagrantfile09:07
hwoarangyes but what is your question?09:07
hwoarangrun_tests.sh is in all the OSA repositories09:08
mardimreally ?09:08
hwoarangyes09:08
mardimwhere is in the os_neutron09:08
mardim?09:08
hwoarangwhen you spin up a vagrant box, then in /vagrant you can see all the files included in that repository09:08
mardimHow the repository ends up in the vagrant box ?09:08
hwoarangmardim: http://git.openstack.org/cgit/openstack/openstack-ansible-os_neutron/tree/run_tests.sh ?09:08
hwoarangvagrant mounts your repo in /vagrant09:09
*** pbandark has joined #openstack-ansible09:09
hwoarangor rsyncs it there depending on the box09:09
hwoarangjust do 'vagrant up opensuse423' or 'vagrant up centos7'09:09
mardimok so if I want to runt the tests in a VM that I have (not vagrant ) I have just to run_tests.sh ?09:09
mardimrun*09:09
hwoarangyes09:09
mardimok thank you :)09:09
hwoarangno problem09:11
*** savvas`_ has joined #openstack-ansible09:12
*** savvas` has quit IRC09:13
*** taseer1 has joined #openstack-ansible09:13
*** Taseer has quit IRC09:14
*** taseer2 has joined #openstack-ansible09:14
*** taseer1 has quit IRC09:18
*** taseer2 is now known as Taseer09:19
openstackgerritMarkos Chandras (hwoarang) proposed openstack/openstack-ansible-lxc_hosts master: tasks: lxc_cache_create: Use threads when compressing base image  https://review.openstack.org/51849209:28
*** kukacz has joined #openstack-ansible09:37
*** idlemind has quit IRC09:43
*** hogepodge has quit IRC09:43
*** sdake has quit IRC09:43
*** jbadiapa has quit IRC09:43
*** portante has quit IRC09:43
*** gus has quit IRC09:43
*** hwoarang has quit IRC09:43
*** mpjetta has quit IRC09:43
*** Aju has quit IRC09:43
*** zul has quit IRC09:43
*** serverascode has quit IRC09:43
*** mrhillsman has quit IRC09:43
*** vnogin has joined #openstack-ansible09:46
*** csmart has quit IRC09:47
*** evrardjp[m] has quit IRC09:48
*** electrofelix has joined #openstack-ansible09:48
*** idlemind has joined #openstack-ansible09:49
*** hogepodge has joined #openstack-ansible09:49
*** sdake has joined #openstack-ansible09:49
*** jbadiapa has joined #openstack-ansible09:49
*** mpjetta has joined #openstack-ansible09:49
*** portante has joined #openstack-ansible09:49
*** gus has joined #openstack-ansible09:49
*** hwoarang has joined #openstack-ansible09:49
*** Aju has joined #openstack-ansible09:49
*** zul has joined #openstack-ansible09:49
*** serverascode has joined #openstack-ansible09:49
*** mrhillsman has joined #openstack-ansible09:49
*** wspthr has quit IRC09:49
*** serverascode has quit IRC09:50
*** john51 has quit IRC09:50
*** wspthr has joined #openstack-ansible09:52
*** serverascode has joined #openstack-ansible09:52
*** john51 has joined #openstack-ansible09:55
*** vnogin has quit IRC09:56
*** evrardjp[m] has joined #openstack-ansible09:56
*** vnogin has joined #openstack-ansible09:59
*** kiennt26 has quit IRC10:00
*** vnogin has quit IRC10:03
*** csmart has joined #openstack-ansible10:09
*** SmearedBeard has quit IRC10:18
*** SmearedBeard has joined #openstack-ansible10:21
*** vnogin has joined #openstack-ansible10:29
*** stuartgr has joined #openstack-ansible10:30
*** hw_wutianwei has quit IRC10:30
*** yifei has quit IRC10:30
*** SmearedBeard has quit IRC10:41
*** gparaskevas has joined #openstack-ansible10:41
*** SmearedBeard has joined #openstack-ansible10:42
gunixcan you use cinder volumes and have backups for cinder volumes if your compute is LXD ?10:49
*** udesale has quit IRC10:53
*** armaan has quit IRC10:57
*** gaoyanami has quit IRC11:03
*** gparaskevas has quit IRC11:04
*** woodard has joined #openstack-ansible11:25
*** nshetty has quit IRC11:28
*** nshetty has joined #openstack-ansible11:28
*** woodard has quit IRC11:29
*** dave-mccowan has joined #openstack-ansible11:29
*** dave-mccowan has quit IRC11:38
openstackgerritMerged openstack/openstack-ansible-os_octavia master: Do not use “-y” for package install  https://review.openstack.org/51847211:45
*** xingchao has joined #openstack-ansible11:45
openstackgerritMerged openstack/openstack-ansible-os_ironic master: Do not use “-y” for package install  https://review.openstack.org/51847111:48
*** smatzek has joined #openstack-ansible11:48
openstackgerritMerged openstack/openstack-ansible-ops stable/ocata: Used cached git sources and enable depends-on  https://review.openstack.org/51806011:48
*** xingchao has quit IRC11:49
openstackgerritMerged openstack/openstack-ansible-pip_install stable/ocata: Used cached git sources and enable depends-on  https://review.openstack.org/51808511:54
Neptu_fatal: [aio1_rabbit_mq_container-4a33f11f]: FAILED! => {"changed": false, "cmd": "rabbitmqctl cluster_status | grep -w '<<\"openstack\">>'", "delta": "0:00:00.538194", "end": "2017-11-08 13:16:07.918579", "failed": true, "rc": 1, "start": "2017-11-08 13:16:07.380385", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}12:24
Neptu_TASK [rabbitmq_server : Get rabbitmq cluster name]12:24
*** taseer1 has joined #openstack-ansible12:24
Neptu_maybe not a relevant task12:24
*** Taseer has quit IRC12:25
*** taseer2 has joined #openstack-ansible12:25
*** savvas`_ has quit IRC12:26
*** savvas` has joined #openstack-ansible12:26
*** taseer1 has quit IRC12:28
*** Rodrigo_BR has joined #openstack-ansible12:29
Rodrigo_BRHello guys, I would like use two types for cinder backend, this is the correct way http://paste.openstack.org/show/625777/12:31
*** nshetty is now known as nshetty|brb12:36
openstackgerritMerged openstack/openstack-ansible-os_watcher stable/ocata: Used cached git sources and enable depends-on  https://review.openstack.org/51808312:37
openstackgerritMerged openstack/openstack-ansible-os_gnocchi stable/ocata: Used cached git sources and enable depends-on  https://review.openstack.org/51806712:40
openstackgerritMerged openstack/openstack-ansible-os_keystone stable/ocata: Used cached git sources and enable depends-on  https://review.openstack.org/51807112:45
*** udesale has joined #openstack-ansible12:46
openstackgerritMerged openstack/openstack-ansible-os_nova stable/ocata: Used cached git sources and enable depends-on  https://review.openstack.org/51807712:47
openstackgerritMerged openstack/openstack-ansible-os_swift stable/ocata: Used cached git sources and enable depends-on  https://review.openstack.org/51807912:50
*** markvoelker has quit IRC12:50
*** hw_wutianwei has joined #openstack-ansible13:03
*** taseer2 is now known as Taseer13:05
*** savvas`_ has joined #openstack-ansible13:08
*** savvas` has quit IRC13:08
mhaydenso apparently Ubuntu now has FIPS 140-2 support, but only if you're paying Canonical :/13:11
*** savvas`_ has quit IRC13:11
*** nshetty|brb is now known as nshetty13:12
*** yifei has joined #openstack-ansible13:20
*** strobelight has joined #openstack-ansible13:26
openstackgerritMajor Hayden proposed openstack/ansible-hardening master: Add scaffolding for contrib tasks  https://review.openstack.org/51438513:28
*** yifei has quit IRC13:33
*** udesale has quit IRC13:36
openstackgerritMerged openstack/openstack-ansible-rsyslog_client master: Sort file names within templates  https://review.openstack.org/51844213:38
*** Guest94913 has joined #openstack-ansible13:40
*** michelv has quit IRC13:42
openstackgerritMerged openstack/openstack-ansible-lxc_hosts master: SUSE: Avoid repositoy refresh and metadata clean up  https://review.openstack.org/51848613:43
* mhayden yays13:43
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-lxc_hosts stable/pike: SUSE: Avoid repositoy refresh and metadata clean up  https://review.openstack.org/51853013:47
*** armaan has joined #openstack-ansible13:48
openstackgerritMerged openstack/openstack-ansible-lxc_hosts master: tasks: lxc_cache_create: Use threads when compressing base image  https://review.openstack.org/51849213:50
*** armaan has quit IRC13:51
*** yifei has joined #openstack-ansible13:52
*** armaan has joined #openstack-ansible13:53
mgariepymorning everyone13:55
*** Guest94913 has quit IRC13:56
*** woodard has joined #openstack-ansible13:59
*** woodard has quit IRC13:59
*** woodard has joined #openstack-ansible14:00
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-lxc_hosts stable/pike: tasks: lxc_cache_create: Use threads when compressing base image  https://review.openstack.org/51853514:02
mhaydenohai mgariepy14:02
andymccrohai mgariepy mhayden14:03
mgariepydid you guys had a chance to test amd epyc cpus with openstack ?14:03
mgariepyandymccr, I responded to : https://review.openstack.org/#/c/51801314:04
mgariepy:)14:04
andymccrugh the logic ot that one is horribad :P14:04
andymccrok lemme try14:04
andymccri have an idea14:04
*** thorst has quit IRC14:05
openstackgerritAndy McCrae proposed openstack/ansible-hardening master: Change PermitRootLogin to allow alternate options  https://review.openstack.org/51801314:11
andymccr^ mgariepy - not sure if there is a better way, but best i can think of14:11
mgariepyandymccr, almost there :) haha14:15
andymccrjust being difficult now ;P14:15
andymccrfixed ;D14:15
openstackgerritAndy McCrae proposed openstack/ansible-hardening master: Change PermitRootLogin to allow alternate options  https://review.openstack.org/51801314:15
mgariepyyeah I know14:16
mgariepyanyone aware of something that does something like this ? https://github.com/openstack/mors14:16
*** bhujay has quit IRC14:17
openstackgerritMarkos Chandras (hwoarang) proposed openstack/openstack-ansible master: [DNM] - Testing reduced packages  https://review.openstack.org/50745114:22
*** smatzek has quit IRC14:23
openstackgerritMerged openstack/openstack-ansible-os_swift stable/newton: Used cached git sources and enable depends-on  https://review.openstack.org/51769614:24
openstackgerritLogan V proposed openstack/openstack-ansible stable/ocata: Properly detect RBD in use on Cinder backends  https://review.openstack.org/51844414:25
*** nshetty has quit IRC14:25
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-lxc_hosts stable/pike: Fix docs/releasenotes pep8 E501 error  https://review.openstack.org/51854214:25
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-lxc_hosts stable/pike: SUSE: Avoid repositoy refresh and metadata clean up  https://review.openstack.org/51853014:26
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-lxc_hosts stable/pike: tasks: lxc_cache_create: Use threads when compressing base image  https://review.openstack.org/51853514:26
*** thorst has joined #openstack-ansible14:27
*** udesale has joined #openstack-ansible14:31
*** thorst has quit IRC14:31
*** hw_wutianwei has quit IRC14:32
*** jwitko has joined #openstack-ansible14:34
*** udesale has quit IRC14:34
*** udesale has joined #openstack-ansible14:34
*** armaan has quit IRC14:36
*** bauruine has quit IRC14:36
*** armaan has joined #openstack-ansible14:37
*** bauruine has joined #openstack-ansible14:37
*** hw_wutianwei has joined #openstack-ansible14:44
*** Rodrigo_BR has quit IRC14:49
*** udesale has quit IRC14:50
*** dxiri has joined #openstack-ansible14:56
*** dxiri has quit IRC14:57
*** timsim has left #openstack-ansible14:57
*** esberglu has joined #openstack-ansible14:58
mhaydenhwoarang: https://twitter.com/sysrich/status/92827595012247142415:00
*** thorst has joined #openstack-ansible15:03
*** bruvik_ has quit IRC15:04
hwoarangmhayden: hmm15:06
hwoarangmhayden: also regarding the repo issues on opensuse i think there is no point in rechecking. there is package conflict somewhere so i am looking into it15:07
*** armaan has quit IRC15:08
*** armaan has joined #openstack-ansible15:09
hwoarangmhayden: https://bugzilla.opensuse.org/show_bug.cgi?id=100990515:10
openstackbugzilla.opensuse.org bug 1009905 in Upgrade Problems "File conflicts on /usr/bin/hostname between net-tools and hostname" [Normal,Confirmed] - Assigned to nemysis15:11
odyssey4mehow nice15:12
odyssey4meI'd appreciate a quick review for https://review.openstack.org/518542to unblock patches to that branch/repo15:15
mhaydenhwoarang: ah, thanks for letting me know15:15
odyssey4meit's a little odd that previous patches passed... not sure what's going on there15:16
mhaydenodyssey4me: done15:16
mhaydenodyssey4me: can i trade you for a gander at https://review.openstack.org/514385 ?15:17
odyssey4memhayden sure thing15:17
odyssey4meah yes, noticed this one the other day15:17
odyssey4menot quite a fair trade, you know ;)15:17
mhaydencompletely aware ;)15:19
mhaydenbaie dankie?15:19
mhayden :)15:19
*** Brew has joined #openstack-ansible15:19
odyssey4me:)15:20
hwoarangodyssey4me: the mariadb package started pulling in the 'hostname' dependency and that conflicts with 'net-tools'15:25
hwoarangthis happened 2 days ago so any role which pulls in galera_server should have failed ever since15:25
hwoarang(oh i just realized you were talking about a different patch :D)15:26
odyssey4mehwoarang aha, that makes sense - I was wondering what was causing the jobs to fail now15:27
*** agrebennikov has joined #openstack-ansible15:29
*** dxiri has joined #openstack-ansible15:32
odyssey4mehwoarang if you have a moment, could do review https://review.openstack.org/518337 please?15:34
*** phalmos has joined #openstack-ansible15:34
hwoarangon it15:34
*** udesale has joined #openstack-ansible15:35
odyssey4mealso https://review.openstack.org/518530 - seeing as it's a backport of your patch :)15:35
odyssey4meand https://review.openstack.org/51853515:35
*** armaan has quit IRC15:37
*** armaan has joined #openstack-ansible15:38
*** bruvik_ has joined #openstack-ansible15:40
openstackgerritMerged openstack/openstack-ansible-lxc_hosts stable/pike: Fix docs/releasenotes pep8 E501 error  https://review.openstack.org/51854215:42
*** udesale has quit IRC15:43
*** bruvik_ has quit IRC15:44
jwitkoHey odyssey4me , mhayden ,  I was attempting to use the ansible-hardening role for the first time yesterday and I ran into some issues on a fresh ubuntu 16.04.3 vagrant build.  I had to make the following changes to get it to run without issue and run in an idempotent manner.  I'm happy to go through your process and submit a fix but I was just wondering if I'm missing something or you've seen this before:15:53
jwitkohttps://github.com/AnonosDev/ansible-hardening/commit/52796452a6c33d4d06303d3b6f233fd57d36df4915:53
*** dxiri has quit IRC15:55
*** eumel8 has joined #openstack-ansible15:55
*** xingchao has joined #openstack-ansible15:55
jwitkoThe issues I was getting were two-fold15:59
jwitko1) After the role was applied the ubuntu user could not access its own home directory15:59
*** xingchao has quit IRC16:00
jwitko2) ClamAV would automatically update upon install and the update task would fail as it was already running16:00
odyssey4me#2 sounds familiar - this might have been somethign we solved in STIGv6 but has fallen through the cracks for STIGv7 due to the extensive rewriting involved16:03
jwitkoOK, so how would you like me to proceed?  I've honestly been working with your guys tooling for so long but could never understand the launchpad bug fix process16:07
*** Oku_OS is now known as Oku_OS-away16:17
*** vnogin has quit IRC16:20
*** Rodrigo_BR has joined #openstack-ansible16:20
*** vnogin has joined #openstack-ansible16:20
*** cshen_ has joined #openstack-ansible16:22
*** mwe1 has quit IRC16:24
*** vnogin has quit IRC16:25
mhaydenjwitko: looking at your diff right quick16:26
*** cshen_ has quit IRC16:26
jwitkocool thanks16:26
*** yifei has quit IRC16:26
mhaydenjwitko: so this looks like two separate bugs -- both of which seem to be valid16:28
jwitkoa nice, a two-fer16:28
mhaydenlet me run back and check the stig on V-72016:28
mhayden17/19/2116:28
*** cshen_ has joined #openstack-ansible16:29
*** smatzek has joined #openstack-ansible16:29
mhaydenso your check for 'nobody' makes sense16:30
mhaydenbut on the mode, the STIG requires that permissions on the home directory itself are 750 or less16:31
mhaydenhttps://docs.openstack.org/ansible-hardening/latest/rhel7/domains/file_perms.html#v-7201716:31
mhaydenbut the mode here SHOULD handle that: https://github.com/openstack/ansible-hardening/blob/master/tasks/rhel7stig/file_perms.yml#L10816:31
mhaydenare you seeing something different?16:31
mhaydenit removes the setuid bit (-X), removes read/setgid from group (-ws) and removes everything from others (-rwxt)16:32
*** newmember has quit IRC16:32
* mhayden spins up a server to test16:32
mhaydenjwitko: have you opened launchpad bugs before?16:33
jwitkoI believe I've opened a few16:33
*** newmember has joined #openstack-ansible16:33
jwitkowas hoping to submit a fix instead of just opening a bug16:33
mhaydenif you could open two separate ones for those, that'd be great16:33
jwitkosure, np16:33
mhaydenwell the bug helps us track the fix + backports16:33
mhaydenwe can assign patches to that bug in multiple branches16:33
mhaydenhttps://bugs.launchpad.net/openstack-ansible16:34
jwitkovery cool16:34
jwitkototally unrelated question,  do you guys prefer launchpad to github/gitlab or were you just going with the openstack flow ?16:34
mhaydenwell, ansible-hardening is under the list of openstack-ansible deliverables16:34
mhaydenso everything goes through the openstackisms for that reason16:35
jwitkomhayden, now that I'm reporting this bug i think it might be 3 total16:37
mhaydenhah, okay16:37
jwitkoyou have:  1) breaking ubuntu home dir access16:37
jwitko2) Same task errors out if user "nobody" is found16:38
jwitko3) clamAV running twice16:38
jwitkohttps://github.com/AnonosDev/ansible-hardening/commit/52796452a6c33d4d06303d3b6f233fd57d36df49#diff-cea3f0a867615168fd70d628161225fbR11216:38
jwitko#2 is the "new" one16:38
*** hw_wutianwei has quit IRC16:38
mhaydencool , okay16:38
jwitkoI had to add that line so that it skipped the nobody user16:38
mhaydenokay, it's confirmed: https://paste.fedoraproject.org/paste/Slk-rmQIcS5idXnRw~gqqw16:39
mhaydentest3 was made after the role was applied16:39
mhaydenthat's unusual16:39
openstackgerritDimitrios Markou proposed openstack/openstack-ansible-os_neutron master: [DO_NOT_MERGE] Add OvS-NSH support  https://review.openstack.org/51725916:41
mhaydenjwitko: so i think this is the solution instead -> https://paste.fedoraproject.org/paste/~XhbvVDUBtzfgB00phiLcg16:44
mhaydeni wasn't aware you provide a numeric mask with a minus to chmod16:45
* mhayden learned something new16:45
*** openstackgerrit has quit IRC16:48
*** openstackgerrit has joined #openstack-ansible16:51
openstackgerritMajor Hayden proposed openstack/openstack-ansible-tests master: Always quote the filesystem permissions  https://review.openstack.org/51857716:51
*** dxiri has joined #openstack-ansible16:51
mhaydenjwitko: let me know when you have those bugs up16:52
*** cshen_ has quit IRC16:54
openstackgerritMajor Hayden proposed openstack/ansible-hardening master: Always quote the filesystem permissions  https://review.openstack.org/51858016:56
*** xingchao has joined #openstack-ansible16:56
mhaydenjwitko: i made an over-arching one for the letter-based modes https://bugs.launchpad.net/openstack-ansible/+bug/173100516:58
openstackLaunchpad bug 1731005 in openstack-ansible "ansible-hardening: Filesystem modes with letters are not working" [High,Confirmed] - Assigned to Major Hayden (rackerhacker)16:58
*** xingchao has quit IRC17:01
*** TxGirlGeek has joined #openstack-ansible17:03
openstackgerritMerged openstack/openstack-ansible master: Zuul: add file extension to playbook path  https://review.openstack.org/51609817:28
*** openstackgerrit has quit IRC17:32
*** gkadam has quit IRC17:40
jwitkomhayden, wow.  i don't even know what those chmods are doing lol17:45
jwitkoalthough i can see the results17:45
*** openstackgerrit has joined #openstack-ansible17:49
openstackgerritMajor Hayden proposed openstack/ansible-hardening master: Fix filesystem permission masks  https://review.openstack.org/51859317:49
mhaydenjwitko: ^^17:50
*** LiterateHawk_ has quit IRC17:53
openstackgerritMerged openstack/openstack-ansible master: Fix the doc url in README  https://review.openstack.org/51830717:58
electrocucarachahey there, I'm testing an All-in-One deployment behind a corporate proxy. Even after configuring the user_variables.yml I'm still struggling with timeouts for the pip_install role https://github.com/openstack/openstack-ansible/blob/master/tests/bootstrap-aio.yml#L2217:59
electrocucarachaso I'm not sure if I'm missing something18:00
jwitkomhayden, looks good!18:02
jwitkoHow do I review?18:02
jwitkoor maybe i'm not allowed to review18:02
mhaydendo you have an openstack account?18:05
jwitkoi have a launchpad account18:06
jwitkoi gave a reply with a +1 and the success of my testing with the changes18:06
jwitkois an openstack account tied into the whole ubuntu launchpad thing ?18:06
*** thorst has quit IRC18:07
*** thorst has joined #openstack-ansible18:08
jwitkomhayden, ^18:09
*** thorst has quit IRC18:12
jwitkomhayden, also, just to confirm, that only fixes the first bug right?  https://bugs.launchpad.net/openstack-ansible/+bug/173099418:18
openstackLaunchpad bug 1730994 in openstack-ansible "file_perms.yml breaks user directory access" [Undecided,New]18:18
*** thorst has joined #openstack-ansible18:26
mhaydenjwitko: so the patch i just put up should fix that, too18:30
openstackgerritMajor Hayden proposed openstack/ansible-hardening master: Fix filesystem permission masks  https://review.openstack.org/51859318:31
mhaydenhmm but now i broke ssh it seems18:32
*** stuartgr has quit IRC18:37
openstackgerritMarkos Chandras (hwoarang) proposed openstack/openstack-ansible-repo_build master: [DNM] - Testing repo_build  https://review.openstack.org/51859918:37
*** newmember has quit IRC18:44
openstackgerritMerged openstack/openstack-ansible-lxc_hosts stable/pike: SUSE: Avoid repositoy refresh and metadata clean up  https://review.openstack.org/51853018:46
*** hachi_ has joined #openstack-ansible18:50
Rodrigo_BRHello I am receiving this error on deployment: fatal: [control01_rabbit_mq_container-777a8d12]: FAILED! => {"changed": false, "cmd": "rabbitmqctl -q cluster_status | grep '{cluster_name,<<\"openstack\">>}'",                                                                              "delta": "0:00:00.969529", "end": "2017-11-08 16:37:44.535895", "18:55
Rodrigo_BRfailed": true, "rc": 1, "start": "2017-11-08 16:37:43.566366", "stderr": "", "stderr_lines": [                                                                             ], "stdout": "", "stdout_lines": []}18:55
Rodrigo_BRfor all 3 controllers nodes18:56
*** xingchao has joined #openstack-ansible18:58
*** poopcat has quit IRC19:00
*** TxGirlGeek has quit IRC19:01
*** cshen_ has joined #openstack-ansible19:01
*** xingchao has quit IRC19:02
*** poopcat has joined #openstack-ansible19:03
*** bruvik_ has joined #openstack-ansible19:04
*** eumel8 has quit IRC19:05
*** mbuil has quit IRC19:06
*** albertcard1 has joined #openstack-ansible19:07
*** poopcat has quit IRC19:07
*** cshen_ has quit IRC19:08
*** bruvik_ has quit IRC19:08
*** electrofelix has quit IRC19:11
*** cshen_ has joined #openstack-ansible19:12
openstackgerritMarkos Chandras (hwoarang) proposed openstack/openstack-ansible master: [DNM] - Testing reduced packages  https://review.openstack.org/50745119:14
cchaabout openstack_user_config.yml.test.example, there is no log_hosts: is it normal? since in openstack_user_config.yml.example is # Level: log_hosts (required)19:16
*** cshen_ has quit IRC19:19
*** cshen_ has joined #openstack-ansible19:21
Rodrigo_BRsomeone ?19:25
SmearedBeardRodrigo_BR I got the same, but carried out, things are working as expected19:27
Rodrigo_BRSmearedBeard: Thank you !19:31
hwoarangodyssey4me: are you around?19:36
*** thorst has quit IRC19:40
openstackgerritJimmy McCrory proposed openstack/openstack-ansible-os_tempest master: Add task to allow creation of provided roles  https://review.openstack.org/51861119:48
*** cshen_ has quit IRC19:51
openstackgerritJimmy McCrory proposed openstack/openstack-ansible-os_barbican master: Use tempest plugin for functional testing  https://review.openstack.org/51861219:51
jrosserRodrigo_BR: check the tasks but i think that might use a rescue clause19:55
jrosserso you still see the failed task as red/fatal but a subsequent task then kicks in as a result19:55
*** xingchao has joined #openstack-ansible19:58
*** armaan has quit IRC19:58
*** cshen_ has joined #openstack-ansible20:02
*** xingchao has quit IRC20:03
*** galstrom_zzz is now known as galstrom20:09
*** snowman4839 has quit IRC20:13
*** galstrom is now known as galstrom_zzz20:15
*** snowman4839 has joined #openstack-ansible20:17
*** thorst has joined #openstack-ansible20:33
openstackgerritMajor Hayden proposed openstack/ansible-hardening master: Fix filesystem permission masks  https://review.openstack.org/51859320:41
openstackgerritMajor Hayden proposed openstack/ansible-hardening master: Always search for ssh keys  https://review.openstack.org/51861520:44
*** thorst has quit IRC20:49
*** thorst has joined #openstack-ansible20:50
*** newmember has joined #openstack-ansible20:50
*** thorst has quit IRC20:55
*** armaan has joined #openstack-ansible20:55
*** cshen_ has quit IRC20:59
*** xingchao has joined #openstack-ansible20:59
*** Rodrigo_BR has quit IRC21:00
*** xingchao has quit IRC21:03
openstackgerritMerged openstack/openstack-ansible-lxc_hosts stable/pike: tasks: lxc_cache_create: Use threads when compressing base image  https://review.openstack.org/51853521:06
*** newmember has quit IRC21:10
*** bruvik_ has joined #openstack-ansible21:12
*** hachi_ has quit IRC21:14
*** thorst has joined #openstack-ansible21:22
*** deadnull has joined #openstack-ansible21:23
openstackgerritMarkos Chandras (hwoarang) proposed openstack/openstack-ansible master: [DNM] - Testing reduced packages  https://review.openstack.org/50745121:25
*** smatzek has quit IRC21:29
*** smatzek has joined #openstack-ansible21:32
*** smatzek has quit IRC21:36
mcardenelectrocucaracha: This may be of use to you - https://blog.christophersmart.com/2016/08/09/setting-up-openstack-ansible-all-in-one-behind-a-proxy/21:39
*** thorst has quit IRC21:50
gunixwhat do you think about scaleio vs ceph ?21:52
*** schwicht has joined #openstack-ansible21:54
*** smatzek has joined #openstack-ansible22:00
*** smatzek has quit IRC22:03
*** Brew has quit IRC22:16
*** deadnull has quit IRC22:17
*** jwitko has quit IRC22:18
SamYaplegunix: ceph. always ceph22:18
*** phalmos has quit IRC22:31
*** threestrands has joined #openstack-ansible22:41
*** threestrands has quit IRC22:41
*** threestrands has joined #openstack-ansible22:41
electrocucarachathanks mcarden , what's interesting is that the env variables has to be previously setup in /etc/environment file and later the open stack_proxy_settings.yml is doing the same http://git.openstack.org/cgit/openstack/openstack-ansible-openstack_hosts/tree/tasks/openstack_proxy_settings.yml22:49
*** schwicht has quit IRC22:59
*** esberglu has quit IRC23:03
*** esberglu has joined #openstack-ansible23:03
*** esberglu has quit IRC23:08
*** hamzy_ has joined #openstack-ansible23:17
*** esberglu has joined #openstack-ansible23:23
openstackgerritMerged openstack/openstack-ansible stable/newton: Add missing zuul v3 job definition  https://review.openstack.org/51833723:26
*** newmember has joined #openstack-ansible23:37
*** thorst has joined #openstack-ansible23:47
openstackgerritMerged openstack/openstack-ansible stable/pike: PermitRootLogin for hosts group  https://review.openstack.org/51847323:50
openstackgerritMerged openstack/openstack-ansible stable/ocata: PermitRootLogin for hosts group  https://review.openstack.org/51847423:50
*** thorst has quit IRC23:51
« Tuesday, 2017-11-07 Index Thursday, 2017-11-09 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!