Thursday, 2017-11-30

« Wednesday, 2017-11-29 Index Friday, 2017-12-01 »
*** TxGirlGe_ has quit IRC00:02
*** thorst has joined #openstack-ansible00:07
*** vnogin has quit IRC00:10
*** thorst has quit IRC00:11
*** phalmos has quit IRC00:17
*** phalmos has joined #openstack-ansible00:18
*** threestrands has quit IRC00:21
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-rabbitmq_server master: Tune-up the rabbitmq role for efficiency  https://review.openstack.org/52402800:21
cloudnullbndzor: I'm glad it wasn't something terrible going on within the host but that's frustrating.00:22
*** thorst has joined #openstack-ansible00:25
*** yifei has joined #openstack-ansible00:29
cloudnullany cores around that might want to give this a push https://review.openstack.org/#/c/523525/00:31
cloudnullseems we keep hitting http://logs.openstack.org/50/523850/5/check/openstack-ansible-functional-opensuse-423/2ce7655/job-output.txt.gz#_2017-11-29_19_55_12_65393400:32
*** chyka has quit IRC00:32
*** phalmos has quit IRC00:38
*** pedja has quit IRC01:03
*** thorst has quit IRC01:05
*** rpittau_ has joined #openstack-ansible01:05
*** rpittau has quit IRC01:08
*** rromans has joined #openstack-ansible01:17
*** rromans has joined #openstack-ansible01:18
*** smatzek has joined #openstack-ansible01:19
*** smatzek has quit IRC01:24
*** rpittau__ has joined #openstack-ansible01:25
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-rabbitmq_server master: Tune-up the rabbitmq role for efficiency  https://review.openstack.org/52402801:26
*** rpittau_ has quit IRC01:29
*** thorst has joined #openstack-ansible01:34
*** thorst has quit IRC01:34
*** jafeha has quit IRC01:36
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-memcached_server master: Clean up the role and further isolate the service  https://review.openstack.org/52403601:48
*** savvas_ has joined #openstack-ansible01:50
*** rromans has quit IRC01:54
*** rromans has joined #openstack-ansible01:55
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-rabbitmq_server master: Tune-up the rabbitmq role for efficiency  https://review.openstack.org/52402802:00
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-memcached_server master: Clean up the role and further isolate the service  https://review.openstack.org/52403602:04
*** savvas_ has quit IRC02:07
*** savvas_ has joined #openstack-ansible02:07
*** savvas_ has quit IRC02:08
*** savvas_ has joined #openstack-ansible02:08
*** savvas_ has quit IRC02:08
*** savvas_ has joined #openstack-ansible02:09
*** savvas_ has quit IRC02:09
*** savvas_ has joined #openstack-ansible02:10
*** savvas_ has quit IRC02:10
*** dave-mccowan has quit IRC02:18
openstackgerritMerged openstack/openstack-ansible-galera_server master: Fix galera_monitoring_allowed_source  https://review.openstack.org/52385002:26
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_server master: Update the basic systemd extra configs for isolation and consistency  https://review.openstack.org/52404302:31
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-memcached_server master: Clean up the role and further isolate the service  https://review.openstack.org/52403602:33
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-memcached_server master: Clean up the role and further isolate the service  https://review.openstack.org/52403602:38
*** rromans has quit IRC02:39
*** savvas_ has joined #openstack-ansible02:41
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-rabbitmq_server master: Tune-up the rabbitmq role for efficiency  https://review.openstack.org/52402802:45
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible master: Change the galera health check for better cluster health  https://review.openstack.org/52067302:45
*** savvas_ has quit IRC02:45
*** dave-mccowan has joined #openstack-ansible02:46
*** rromans has joined #openstack-ansible02:51
*** savvas_ has joined #openstack-ansible02:51
*** threestrands has joined #openstack-ansible02:55
*** thorst has joined #openstack-ansible02:59
*** masber has joined #openstack-ansible03:03
*** masuberu has quit IRC03:07
*** savvas_ has quit IRC03:26
*** masber has quit IRC03:30
*** masber has joined #openstack-ansible03:34
*** Taseer has quit IRC03:36
*** Taseer has joined #openstack-ansible03:36
*** thorst has quit IRC03:46
*** savvas_ has joined #openstack-ansible03:52
*** savvas_ has quit IRC03:56
*** SmearedBeard has quit IRC03:58
*** Smeared_Beard has joined #openstack-ansible03:59
*** savvas_ has joined #openstack-ansible04:00
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_client master: Fix SSL handling for galera clusters  https://review.openstack.org/52405904:04
*** dave-mccowan has quit IRC04:07
*** thorst has joined #openstack-ansible04:16
*** udesale has joined #openstack-ansible04:21
*** thorst has quit IRC04:22
*** thorst has joined #openstack-ansible04:24
*** thorst has quit IRC04:29
*** Jeffrey4l has quit IRC04:42
*** nshetty has joined #openstack-ansible04:46
openstackgerritMerged openstack/openstack-ansible-galera_server master: Update Percona XtraDB Backup version  https://review.openstack.org/52307404:51
*** savvas__ has joined #openstack-ansible04:54
*** thorst has joined #openstack-ansible04:55
*** savvas_ has quit IRC04:55
*** savvas__ has quit IRC04:55
*** savvas has quit IRC04:55
*** savvas has joined #openstack-ansible04:56
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-rabbitmq_server master: Tune-up the rabbitmq role for efficiency  https://review.openstack.org/52402804:57
*** thorst has quit IRC04:57
*** vnogin has joined #openstack-ansible04:59
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-rabbitmq_server master: Tune-up the rabbitmq role for efficiency  https://review.openstack.org/52402805:02
*** poopcat has quit IRC05:02
*** vnogin has quit IRC05:03
*** Jeffrey4l has joined #openstack-ansible05:04
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_server master: Ensure the role works when run in serial  https://review.openstack.org/52406505:06
*** armaan has quit IRC05:08
*** armaan has joined #openstack-ansible05:09
*** cshen_ has joined #openstack-ansible05:15
*** germs has quit IRC05:15
*** cshen_ has quit IRC05:20
*** savvas_ has joined #openstack-ansible05:21
*** savvas_ has quit IRC05:26
*** hybridpollo has quit IRC05:26
*** chyka has joined #openstack-ansible05:27
*** thorst has joined #openstack-ansible05:31
*** chyka has quit IRC05:32
*** savvas_ has joined #openstack-ansible05:34
*** thorst has quit IRC05:35
*** taseer1 has joined #openstack-ansible05:39
*** taseer2 has joined #openstack-ansible05:40
*** Taseer has quit IRC05:40
*** taseer1 has quit IRC05:44
*** savvas__ has joined #openstack-ansible05:44
*** chhavi has joined #openstack-ansible05:46
*** savvas has quit IRC05:47
*** taseer3 has joined #openstack-ansible05:47
*** taseer2 has quit IRC05:48
*** taseer4 has joined #openstack-ansible05:48
*** cshen_ has joined #openstack-ansible05:50
*** cshen_ has quit IRC05:52
*** taseer3 has quit IRC05:52
*** armaan has quit IRC05:56
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-rabbitmq_server master: Tune-up the rabbitmq role for efficiency  https://review.openstack.org/52402805:56
*** armaan has joined #openstack-ansible05:57
*** udesale__ has joined #openstack-ansible06:01
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_client master: Fix SSL handling for galera clusters  https://review.openstack.org/52405906:03
*** armaan has quit IRC06:03
*** udesale has quit IRC06:04
*** pcaruana has joined #openstack-ansible06:05
*** thorst has joined #openstack-ansible06:07
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible master: Remove the AIO scenario & add new scenarios to maintain coverage  https://review.openstack.org/51600206:09
*** thorst has quit IRC06:12
*** jbadiapa has quit IRC06:15
*** pcaruana has quit IRC06:16
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-rabbitmq_server master: Tune-up the rabbitmq role for efficiency  https://review.openstack.org/52402806:25
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_client master: Fix SSL handling for galera clusters  https://review.openstack.org/52405906:31
*** savvas_ has quit IRC06:34
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_server master: Ensure the role works when run in serial  https://review.openstack.org/52406506:35
*** mcarden has quit IRC06:38
*** masuberu has joined #openstack-ansible06:42
*** masber has quit IRC06:46
*** thorst has joined #openstack-ansible06:46
*** threestrands has quit IRC06:50
*** thorst has quit IRC06:51
*** savvas has joined #openstack-ansible07:02
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_server master: Fix the key lookup names for self-signed SSL  https://review.openstack.org/52408107:04
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_client master: Fix SSL handling for galera clusters  https://review.openstack.org/52405907:05
*** hw_wutianwei has joined #openstack-ansible07:06
*** savvas has quit IRC07:07
*** sxc731 has joined #openstack-ansible07:08
*** savvas has joined #openstack-ansible07:10
*** sxc731_ has joined #openstack-ansible07:14
*** sxc731_ has quit IRC07:17
*** Oku_OS-away is now known as Oku_OS07:18
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-rabbitmq_server master: Tune-up the rabbitmq role for efficiency  https://review.openstack.org/52402807:18
*** pmannidi has quit IRC07:20
*** thorst has joined #openstack-ansible07:20
*** gouthamr has quit IRC07:20
*** michelv has joined #openstack-ansible07:20
*** gkadam_ has quit IRC07:24
*** thorst has quit IRC07:25
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_server master: Further simplify the upgrade check  https://review.openstack.org/52408607:26
*** zkynet has joined #openstack-ansible07:28
*** rgogunskiy has joined #openstack-ansible07:32
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-plugins master: Add basic plugin support for nspawn type containers  https://review.openstack.org/49068907:33
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible master: [WIP] Add nspawn container driver  https://review.openstack.org/47701707:33
*** sxc731 has quit IRC07:37
*** markvoelker has quit IRC07:37
*** udesale has joined #openstack-ansible07:38
*** jbadiapa has joined #openstack-ansible07:39
evrardjpmorning07:39
evrardjpcloudnull: is on a row!07:39
*** udesale__ has quit IRC07:39
*** armaan has joined #openstack-ansible07:48
*** mbuil has joined #openstack-ansible07:48
*** thorst has joined #openstack-ansible07:52
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible stable/pike: Fix in-tree version  https://review.openstack.org/52285307:53
*** pcaruana has joined #openstack-ansible07:55
*** thorst has quit IRC07:57
*** nshetty is now known as nshetty|lunch07:58
*** zkynet has quit IRC08:00
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible master: Use Ansible 2.4  https://review.openstack.org/52277808:00
jmccroryit's out https://pypi.python.org/pypi/ansible/2.4.2.008:02
*** zkynet has joined #openstack-ansible08:10
*** savvas has quit IRC08:14
*** holmsten has joined #openstack-ansible08:23
openstackgerritDimitrios Markou proposed openstack/openstack-ansible-os_neutron master: Add OvS-NSH support  https://review.openstack.org/51725908:24
*** epalper has joined #openstack-ansible08:25
*** thorst has joined #openstack-ansible08:27
*** jafeha has joined #openstack-ansible08:28
jafehagood morning08:28
*** thorst has quit IRC08:32
evrardjpgood morning jafeha08:35
evrardjphow are things08:35
evrardjp?08:35
*** vnogin has joined #openstack-ansible08:35
jafehaevrardjp: we've talked about the telemetry stack, mbe we can help a bit after we've successfully deployed. currently we're debugging ovs. again. :/08:37
mardimevrardjp, Godd morning :)08:38
*** armaan has quit IRC08:38
*** markvoelker has joined #openstack-ansible08:38
mardimgood*08:38
mardimevrardjp, I noticed yesterday08:38
mardimevrardjp, that all the gates were failing08:38
*** armaan has joined #openstack-ansible08:39
mardimevrardjp, Because of rabbit_mq tasks08:39
mardimevrardjp, Are you aware of this ?08:39
*** vnogin has quit IRC08:39
*** savvas has joined #openstack-ansible08:41
*** zkynet has quit IRC08:41
*** nyloc has quit IRC08:43
*** savvas has quit IRC08:46
mardimhwoarang, odyssey4me ^^08:46
*** nyloc has joined #openstack-ansible08:46
*** zkynet has joined #openstack-ansible08:46
*** gkadam_ has joined #openstack-ansible08:46
*** savvas has joined #openstack-ansible08:49
evrardjpjafeha: you can help ovs story too :)08:56
evrardjpjafeha: I  am surprised ppl chose ovs tbh08:56
jafehaevrardjp: sure, and ceph story :)08:56
evrardjpmardim: I know gates were failing yesterday but I saw a few patches in this night08:57
evrardjpdo you still have the issue?08:57
jafehaevrardjp: yeah, we've had some "all features on" days when we've decided to switch to ovs. it is damn cool, but still very hard to get it running08:58
*** armaan has quit IRC08:58
evrardjpjafeha: do you do flow manipulation?08:59
evrardjpor do you have a sdn controller?08:59
jafehawe'd love to use sdn controllers, yes.09:00
*** thorst has joined #openstack-ansible09:00
mardimevrardjp, I upload a patch just now I am waiting for the gates to run09:01
mardimwill see ;)09:01
evrardjpmardim: ok09:01
evrardjpif you see a gate problem, ping me anytime09:01
mardimevrardjp, sure thanks09:01
evrardjpif you can't reach me, please file a bug09:01
mardimYes ok09:02
mardimaslo I want to ask you something more09:02
evrardjpwow!09:02
mardimI want to ask you where I can Document the variables which the user should include09:02
evrardjphow dare you!09:02
evrardjp:p09:02
evrardjpdepends09:02
mardimin the user_variables.yaml09:02
evrardjpon which role?09:02
mardimneutron role09:02
evrardjpthen in neutron docs09:03
mardimhahahah sorry master :P09:03
evrardjpI mean os_neutron role09:03
*** pbandark has joined #openstack-ansible09:03
evrardjpyeah master branch is fine09:03
mardimevrardjp, ok thanks09:03
evrardjpmardim: https://docs.openstack.org/openstack-ansible-os_neutron/latest/09:03
mardimno master branch I mean you are the MAster :P09:03
*** chyka has joined #openstack-ansible09:03
*** sxc731 has joined #openstack-ansible09:04
*** vnogin has joined #openstack-ansible09:04
odyssey4meevrardjp posed a question in https://review.openstack.org/#/c/523854/2/group_vars/galera_all.yml which has already merged.09:05
*** thorst has quit IRC09:05
*** nshetty|lunch is now known as nshetty09:05
*** sxc731 has quit IRC09:07
evrardjpodyssey4me: that's a terrible practice, you're right09:08
*** sxc731 has joined #openstack-ansible09:08
*** chyka has quit IRC09:08
evrardjpodyssey4me: what we should ideally do is use an arbitrary variable for hosts in the role, then override it properly in group vars.09:09
odyssey4meevrardjp there is already that variable in the role09:09
evrardjpodyssey4me: so I guess here, what we can do is reuse galera_cluster_members, and properly define it in group vars09:09
mardimevrardjp, odyssey4me The gates are still failing today check this out http://logs.openstack.org/59/517259/23/check/openstack-ansible-functional-ubuntu-xenial/b14cb05/job-output.txt.gz09:09
odyssey4meyes, that would be a good solution09:09
evrardjpin the role itself, we should instead get rid of the inventory link by using anything else09:09
evrardjpthis way it applies for other ppl than us09:10
odyssey4meah, a galera failure: http://logs.openstack.org/59/517259/23/check/openstack-ansible-functional-ubuntu-xenial/b14cb05/job-output.txt.gz#_2017-11-30_08_45_02_38115209:10
evrardjpbut I don't think we're ever gonna get there09:10
odyssey4meI think the tests repo may need a similar fix09:10
odyssey4melemme push that up09:10
evrardjpthat is true. We've hardened things !09:11
evrardjpmardim: odyssey4me it's always fun times around milestone 209:11
odyssey4mehmm, wait a minute - these tests use a single galera - why are they failing?09:12
*** sxc731 has left #openstack-ansible09:12
mardimevrardjp, the fun is unlimited :)09:12
*** sboyron has joined #openstack-ansible09:13
odyssey4meI'll fire up a test environment to try and figure out what's going on here. The galera patch should not be affecting a single node environment.09:14
evrardjpodyssey4me: there are more than one patch that merged in galera_server09:15
evrardjpI think there was one from kevin that changed permissions09:15
evrardjplet me check09:15
odyssey4meok, patch(es)09:15
evrardjphttps://github.com/openstack/openstack-ansible-galera_server/commit/ca054bd8f74ac9f7e4d2a41589faf12806863553 has a permission change09:16
evrardjpbut I don't think it would be a problem it's more permissions09:17
evrardjpodyssey4me: so fun stuff, we are using galera_cluster_members as a variable, and it points to galera_all group nodes09:18
*** m|y|k has joined #openstack-ansible09:18
evrardjpis there a reason we want to override this?09:18
evrardjpI don't see any09:18
odyssey4meyes, I'm aware of that09:18
odyssey4methe point is that the var is being used in group_vars, with no value set in group_vars09:18
evrardjpyeah I agree09:19
evrardjpbut I am thinking ahead now09:19
odyssey4meso I would suggest closing the loop and having the group_vars set the same var and value09:19
evrardjpthere is NO reason why this variable should exist in the first place09:19
odyssey4mewell, that var exists because we wanted to abstract the role from the inventory09:19
odyssey4methis was a step in that direction09:19
evrardjpodyssey4me: well not at all09:20
evrardjpbecause it is directly in the defaults/ groups['galera_all'] that's pure link :p09:20
evrardjpThe only thing I see, is that it's used to determine the first node09:20
evrardjpso it's more reliable than ansible_play_hosts09:20
odyssey4meyes, but that was a necessary evil to transition - the transition was never completed09:20
evrardjpI'd be enclined to remove this variable, this way we don't have to care about it :p09:21
odyssey4meok, but then replace it with what?09:21
evrardjpreplace with nothing as it's not used09:21
openstackgerritPeriyasamy Palanisamy proposed openstack/openstack-ansible-specs master: blueprint spec for opendaylight bgpvpn support  https://review.openstack.org/52317109:21
evrardjpor almost not used09:21
odyssey4meit is used - it's used whenever there's a need to loop through the cluster members09:22
evrardjpevery iteration could be replaced with something else, like ansible_play_hosts09:22
evrardjpwhich is live and dynamic and works for everyone09:22
evrardjpeven ppl outside openstack-ansible09:23
*** loudgefly has joined #openstack-ansible09:23
evrardjpand if we need to, we override in group vars09:23
odyssey4mesure, do whatever you think is best - I didn't mean to create a debate - just to call it out09:23
odyssey4methose patches are all intended for backporting, so be aware and consider the implications09:24
evrardjpI think we need to go through all our variables at one point, and skim them. Start with group vars, host vars, then role defaults09:24
evrardjpand we take the decision if a role is opiniated or can be used everywhere09:24
odyssey4meby 'those patches' I mean the ones implementing xinetd and the script to take the node out of the LB pool while syncing09:24
evrardjpodyssey4me: I wasn't aware they were meant for backporting. They were not built for that: almost no reno, barely manually tested, no improved automatic test coverage09:25
odyssey4mewell, then let's get that properly sorted out before they get ported back09:27
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible master: Define galera_cluster_members  https://review.openstack.org/52410709:28
*** udesale has quit IRC09:31
*** udesale has joined #openstack-ansible09:31
*** thorst has joined #openstack-ansible09:32
evrardjpyeah09:34
evrardjpso I have a machine09:34
evrardjpGRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD09:34
*** taseer4 is now known as Taseer09:34
evrardjpso it looks ok09:34
evrardjpbut still my issue is: failed: [infra1 -> 10.1.0.2] (item=localhost) => {"failed": true, "item": "localhost", "msg": "(1044, \"Access denied for user 'root'@'localhost' to database 'keystone'\")"}09:35
evrardjpdatabase keystone exists and has inherited the permissions09:35
evrardjpthere is something dubious there09:35
*** pester has joined #openstack-ansible09:36
*** thorst has quit IRC09:37
*** asettle_ has joined #openstack-ansible09:38
*** asettle has quit IRC09:39
*** EmilienM has quit IRC09:39
*** fxpester has quit IRC09:39
*** andymccr has quit IRC09:39
*** pcaruana has quit IRC09:39
*** pcaruana has joined #openstack-ansible09:40
*** andymccr has joined #openstack-ansible09:40
*** EmilienM has joined #openstack-ansible09:41
*** john51 has quit IRC09:41
*** strattao has quit IRC09:41
*** strattao has joined #openstack-ansible09:42
*** john51 has joined #openstack-ansible09:42
*** armaan has joined #openstack-ansible09:43
*** armaan_ has joined #openstack-ansible09:45
*** chason has quit IRC09:45
*** chason has joined #openstack-ansible09:45
*** armaan has quit IRC09:48
*** flaviosr has quit IRC09:49
evrardjpodyssey4me: are you debugging it?09:51
*** flaviosr has joined #openstack-ansible09:51
*** wspthr has quit IRC09:54
loudgeflyHello everyone, I'm getting an error while using glance in a test infrastructure, "glance.common.wsgi ConnectionError: Unable to establish connection: HTTPSConnectionPool(host='10.1.16.61', port=8776): Max retries exceeded with u09:55
loudgeflyrl: /v2/2ac0be436ef544c3b233a37db25430a7/volumes (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]09:55
loudgeflyIt'clearly a self-signed certificate related issue,09:55
evrardjpyeah09:55
evrardjpit looks like it09:55
evrardjp--insecure?09:56
evrardjpmaybe we should have let's encrypt for everyone.09:56
evrardjpbut with all those offline installations, meh.09:57
loudgeflyI can't find a way to use ss certificates and skip validity check09:57
evrardjpyou can use your own ssl certificates09:57
evrardjpfor the validity check, I don't know, I never got your issue, what triggered that issue? Was that an API call to the external api?09:57
loudgeflyYes to the ha09:58
*** wspthr has joined #openstack-ansible09:58
loudgeflyexternal haproxy vip09:58
*** electrofelix has joined #openstack-ansible10:00
*** hw_wutianwei has quit IRC10:00
*** armaan has joined #openstack-ansible10:01
*** savvas has quit IRC10:01
*** yifei has quit IRC10:02
*** armaan_ has quit IRC10:05
evrardjpso can't you use --insecure in the call?10:06
evrardjpif it's for tests, can you, in the meantime, use the internal API from the utility container?10:07
*** MasterofJOKers has quit IRC10:09
*** MasterofJOKers has joined #openstack-ansible10:09
*** flaviosr has quit IRC10:09
*** epalper has quit IRC10:09
*** xgerman_ has quit IRC10:09
*** kklimonda has quit IRC10:09
*** berendt has quit IRC10:09
*** dgonzalez has quit IRC10:09
loudgeflyOh yes, 'I'm  using --insecure, the call is "openstack  --insecure image create --container-format bare --disk-format qcow2   --file debian-9.2.2-20171105-openstack-amd64.qcow2  debian-9-openstack-amd64"10:10
*** flaviosr has joined #openstack-ansible10:13
*** epalper has joined #openstack-ansible10:15
*** xgerman_ has joined #openstack-ansible10:15
*** kklimonda has joined #openstack-ansible10:15
*** berendt has joined #openstack-ansible10:15
*** dgonzalez has joined #openstack-ansible10:15
*** armaan has quit IRC10:15
*** udesale has quit IRC10:16
odyssey4meevrardjp - no, busy debugging some other stuff right now10:16
*** MasterofJOKers has quit IRC10:17
jrosserletsencrypt can fail for internet installs too if you're unlucky enough to be on a high profile letsencrypt blocked domain10:18
*** MasterofJOKers has joined #openstack-ansible10:20
evrardjpyeah I think it's not a great idea. We should just say to deployers to user proper certificates.10:23
evrardjpor they generate them beforehand with whatever they want10:23
evrardjpodyssey4me: ok I will have a look10:24
*** pbandark has quit IRC10:25
mardimevrardjp, odyssey4me If you guys find a solution for the gates problem please ping me to run rechecks :)10:26
odyssey4mewow, that's a fun time jrosser10:27
*** savvas has joined #openstack-ansible10:27
jrosserodyssey4me: yes it turns out letsencrypt have a gigantic blacklist they wont issue for10:30
*** savvas has quit IRC10:32
*** savvas has joined #openstack-ansible10:36
*** sboyron has quit IRC10:37
*** thorst has joined #openstack-ansible10:45
*** masuberu has quit IRC10:49
*** thorst has quit IRC10:50
*** pedja has joined #openstack-ansible10:56
*** stuartgr has joined #openstack-ansible11:03
*** chhavi has quit IRC11:13
*** evrardjp[m] has quit IRC11:13
*** csmart has quit IRC11:13
*** zkynet has quit IRC11:14
*** thorst has joined #openstack-ansible11:24
*** thorst has quit IRC11:28
*** sboyron has joined #openstack-ansible11:42
*** udesale has joined #openstack-ansible11:47
*** thorst has joined #openstack-ansible11:55
*** savvas has quit IRC11:56
*** sboyron has quit IRC11:58
*** thorst has quit IRC12:01
*** michelv_ has joined #openstack-ansible12:02
*** michelv has quit IRC12:02
*** goldenfri has quit IRC12:03
*** dave-mccowan has joined #openstack-ansible12:06
*** savvas__ has quit IRC12:10
*** nshetty is now known as nshetty|afk12:11
*** savvas has joined #openstack-ansible12:11
*** ThomasS has joined #openstack-ansible12:20
ThomasShi12:21
ThomasSi created ssl certs + key + ca certs and placed them on the deploymnet host12:21
ThomasSthe i ran12:22
ThomasSopenstack-ansible haproxy-install.yml --tags haproxy-config12:22
ThomasSafter adding the 3 entries to user_varibales.yml12:22
ThomasSbut the certs is not picked up12:22
ThomasSwhat is wrong?12:22
*** savvas_ has joined #openstack-ansible12:23
ThomasSare they not set by this playbook?12:23
evrardjpthat doesn't sound right ThomasS12:24
evrardjpit should work12:24
*** evrardjp[m] has joined #openstack-ansible12:24
evrardjpcould you paste your user_variables changes somewhere?12:25
ThomasSsure12:26
ThomasSworks!12:26
ThomasSit was the --tags haproxy-config12:26
ThomasSwithout the tag it worked :-)12:26
*** savvas_ has quit IRC12:27
ThomasSwhat i have seen in hatop12:30
ThomasSall 3 adoh container son teh controllers are shown as down12:30
ThomasSthey are all pingable and up12:30
*** nshetty|afk is now known as nshetty12:30
evrardjpThomasS: could you file a bug?12:31
ThomasSsuere12:31
evrardjpBecause what you did sounded ok: This certificate copy is not at build time, more at configuration time12:31
evrardjpwhat you did was not wrong :p12:31
ThomasSok but without --tags it worked12:32
ThomasSbtw where are all the tags listed?12:32
*** chyka has joined #openstack-ansible12:34
*** savvas_ has joined #openstack-ansible12:37
*** chyka has quit IRC12:38
*** pbandark has joined #openstack-ansible12:39
*** zkynet has joined #openstack-ansible12:43
ThomasSis the adoh bug know?12:44
ThomasSall containers are up and pingable and haproxy shows them as down12:44
*** zkynet has quit IRC12:45
openstackgerritMerged openstack/openstack-ansible master: Allow pip_install to run in repo-server playbook  https://review.openstack.org/52202212:45
openstackgerritMerged openstack/openstack-ansible master: Disable offloading in test by default  https://review.openstack.org/52354912:45
ThomasSthe connect 8042 is reachable from the haproxy12:46
*** sboyron has joined #openstack-ansible12:46
*** armaan has joined #openstack-ansible12:46
mardimevrardjp, Any news with the problem at the gates ?12:48
*** pbandark has quit IRC12:48
*** zkynet has joined #openstack-ansible12:49
Bico_FinoMorning!12:52
*** csmart has joined #openstack-ansible12:52
openstackgerritMerged openstack/openstack-ansible master: Lighter ceph gates  https://review.openstack.org/52276612:55
openstackgerritMerged openstack/openstack-ansible master: Remove jinja2 delimiters in when  https://review.openstack.org/52393612:55
*** smatzek has joined #openstack-ansible12:56
*** m|y|k_ has joined #openstack-ansible12:59
*** m|y|k has quit IRC13:01
gokhanThomasS, which openstack version you installed13:03
*** zkynet has quit IRC13:04
*** m|y|k has joined #openstack-ansible13:04
*** thorst has joined #openstack-ansible13:05
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible-os_tempest master: Fix tempest plugins installation  https://review.openstack.org/52416613:06
gokhanThomasS, on pike, ocata I think there is a bug on aodh haproxy config. if you remove  "http expect status 401" under the aodh_backend in haproxy.cfg, then restart haproxy service I think it will work13:06
*** m|y|k_ has quit IRC13:06
evrardjpmardim: didn't got the chance to work on it.13:07
mardimevrardjp, ok thanks for the update :)13:07
evrardjpThomasS: aodh doesn't get some love, as do the rest of the telemetry stack. If there is an issue, you should probably submit a patch :)13:07
evrardjpit should be simple enough if that's haproxy healthchecks13:07
mardimevrardjp, I think you should take a look on this patches when you find some time https://review.openstack.org/#/c/523907/13:08
mardimevrardjp, https://review.openstack.org/#/c/523907/13:08
evrardjpThomasS: https://github.com/openstack/openstack-ansible/blob/master/group_vars/haproxy_all/haproxy.yml#L23913:08
mardimI think we should discuss in some point the refactoring of neutron role13:08
*** zkynet has joined #openstack-ansible13:08
evrardjpmardim: I am fine with that13:08
mardimevrardjp, with what ?13:08
evrardjpwith a refactor of the role if you need to13:09
evrardjpbut I think you should write a spec with your ideas13:09
mardimevrardjp, I was talking more for a discussion at the ansible meeting so we can see waht we can do13:09
mardimevrardjp, Yes that could work too13:09
evrardjpmardim: you gave twice the same link13:09
mardimop sorry13:09
evrardjpmardim: yeah conversations without anything written generally don't work13:10
mardimevrardjp, https://review.openstack.org/#/c/523171/ https://review.openstack.org/#/c/523907/13:10
mardimevrardjp, When I will find some time I will do that13:10
mardimthanks13:10
*** sboyron has quit IRC13:11
evrardjpmardim: but to be honest it's not that bad13:11
evrardjpI would be happy to hear your concerns first if you don't want to go through the spec13:12
evrardjpgokhan: ThomasS patches welcome on this :)13:12
evrardjpMorning Bico_Fino13:12
openstackgerritMerged openstack/openstack-ansible stable/pike: Fix in-tree version  https://review.openstack.org/52285313:13
Bico_FinoSo, additional services like designate, magnum, etc can I setup in the initial deploy or just after setup-openstack playbook?13:13
*** mcarden has joined #openstack-ansible13:14
evrardjpBico_Fino: if you're confident you can do it on the first run!13:15
evrardjpI tend to say I'd do it iteratively13:15
evrardjpthen do a last full redeploy when ready13:15
*** vnogin has quit IRC13:15
evrardjpbut technically magnum, designate can be setup in the initial deploy13:16
evrardjpit's just that those are complex services, so you may want to test the others before :)13:16
Bico_Finobefore setup-openstack it complains that keystone isn't running. keystoneauth1.exceptions.http.ServiceUnavailable: Service Unavailable (HTTP 503)13:16
Bico_FinoGoing try run after setup-openstack13:17
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible stable/pike: Disable offloading in test by default  https://review.openstack.org/52417313:19
odyssey4meevrardjp cloudnull need to add that newline back: https://review.openstack.org/#/c/523541/813:21
*** markvoelker has quit IRC13:23
*** markvoelker has joined #openstack-ansible13:24
jrosserdoes anyone have an example/list of things to do in order to make OSA ceph clients pick up a pre-existing ceph cluster?13:24
gun1xanybody did OSA install with proxy ?13:26
gun1xhttp proxy13:26
evrardjpjrosser: the old ceph documentation probably has it, so you can probably take that info13:27
evrardjpbut it's maybe worth sharing in the ceph docs13:28
evrardjpour ceph docs*13:28
*** savvas_ has quit IRC13:28
odyssey4mewe should ideally have an example for building with a cluster, and building and attaching to  acluster13:28
evrardjpyeah13:28
evrardjpagreed13:28
gun1xi get stuck here: https://bpaste.net/show/36e6f27cceff13:28
evrardjptwo different user stories13:28
jrosseryes the example that builds the cluster makes a lot of things opaque13:29
evrardjpgun1x: you should try the offline mode I guess13:29
jrosserlike where the responsibility for creating pools etc lies13:29
evrardjpjrosser: yes I'd like to improve our documentation a little further13:29
gun1xevrardjp: what is offline mode ?13:29
evrardjpI will speak with spotz tomorrow about it13:29
evrardjpgun1x: did you look at https://docs.openstack.org/project-deploy-guide/openstack-ansible/latest/app-limited-connectivity.html ?13:30
*** ThomasS has quit IRC13:30
gun1xevrardjp: yea, i added env variables13:30
gun1xand also the removed checks for certificates13:31
odyssey4meand so I discover another subtle difference for Ansible 2.3+ which can cause headaches with the synchronize module: https://gist.github.com/odyssey4me/5817160155cc9ff7bd46aaef87fc2c0713:31
gun1xas described in that link13:31
evrardjpwe don't speak about pip offline mode there13:31
evrardjpdarn13:31
odyssey4methat was a fun two days13:31
jrossergun1x: that could be no_proxy not listing the lb internal addr?13:31
gun1xjrosser: i am using osa-aio13:31
*** yifei has joined #openstack-ansible13:31
evrardjpgun1x: pip_offline_install: false13:31
gun1xjrosser: afaik this gets set by default with aio13:31
evrardjpcan be modified to pip_offline_install: true13:31
evrardjpsee https://docs.openstack.org/openstack-ansible-pip_install/latest/13:31
gun1xevrardjp: ok i will try that13:32
odyssey4meevrardjp that doesn't help with a proxy13:32
odyssey4methat just changes where the download happens13:32
jrosserwith http proxies it is well worth double checking that the contents of no_proxy is correct13:32
evrardjpI guess so13:32
gun1x/etc/openstack_deploy/user_variables.yml:   no_proxy: "localhost,127.0.0.1"13:33
gun1xit's the same for containers13:33
odyssey4megun1x looks like you didn't apply all of https://github.com/openstack/openstack-ansible/blob/master/etc/openstack_deploy/user_variables.yml#L120-L13813:34
odyssey4mewell, either of the two options there13:34
jrossergun1x: i don't think your no_proxy includes enough things13:35
evrardjpyeah it looks like something is missing :)13:35
evrardjphow do you access your load balancer internally through your external proxy? Not saying it's impossible...13:35
*** yifei has quit IRC13:36
gun1xodyssey4me: proxy_env_url: http://username:pa$$w0rd@10.10.10.9:9000/13:36
gun1xthis is missing13:36
gun1xi have the rest13:36
evrardjpgun1x: so the no_proxy address is complete with all the nodes?13:37
gun1xevrardjp: no, that has only localhost and 127.0.0.113:38
evrardjpgun1x: that's your issue13:39
gun1xi have to add all containers to no_proxy, even for AIO ?13:39
odyssey4meyes, you're adjusting the environment to pass all traffic through a proxy13:39
*** zkynet has quit IRC13:39
evrardjpas I said how do you access from within your container your internal vip if you're passing all its traffic through the proxy?13:39
odyssey4methat will affect everything13:39
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-tests master: Disable offloading in test by default  https://review.openstack.org/52354113:39
gun1xcan't i just add the management subnet from br-mgmt, where all proxies exist ?13:40
*** zkynet has joined #openstack-ansible13:40
gun1x*where all containers exist ?13:40
gun1xinstead of adding all containers ... just saying ...13:40
jrossersadly no13:40
odyssey4megun1x just add the jinja expression as noted in user_variables13:40
odyssey4mehttps://github.com/openstack/openstack-ansible/blob/master/etc/openstack_deploy/user_variables.yml#L12513:40
odyssey4meexactly as shown there13:41
odyssey4mejust without the # prefix13:41
jrosserno_proxy does not have the same semantics as http_proxy, and you cannot reliably use wildcards or network ranges13:41
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible stable/pike: Update all SHAs for 16.0.5  https://review.openstack.org/52417913:41
evrardjpthis time I followed the procedure!13:42
*** zkynet has quit IRC13:42
gun1xodyssey4me: ok, tyring that, thank you!13:42
evrardjpyw :p13:43
*** zkynet has joined #openstack-ansible13:43
evrardjpodyssey4me: could you have a look at this: https://review.openstack.org/#/c/524166/ it blocks dragonflow team13:43
evrardjpalso this would be nice: https://review.openstack.org/#/c/523920/13:44
evrardjpand this: https://review.openstack.org/#/c/523468/ to fix translations13:44
evrardjpso now I will fix the rest.13:44
jrosserodyssey4me: that proxy setting could do with another note to the effect of it all blowing up when the env var length exceeds 1024 chars, which it does with only a modest deployment13:49
openstackgerritMerged openstack/openstack-ansible-repo_server master: Implement pypiserver and pypi proxy cache  https://review.openstack.org/52175413:50
jrosseror even fail if the resulting no_proxy_env is too long13:50
*** woodard has joined #openstack-ansible13:51
*** woodard has quit IRC13:53
*** woodard has joined #openstack-ansible13:53
mgariepymorning everyone13:54
*** savvas_ has joined #openstack-ansible13:55
*** armaan has quit IRC13:56
gun1xodyssey4me: now it got stuck on TASK [Update apt when proxy is added]13:56
gokhanevrardjp, yep ThomasS patches would be good :)13:57
*** jbadiapa has quit IRC13:58
mardimevrardjp, Sure I will collect my thoughts and I will ping you to discuss this in later time :013:58
mardim:)13:58
*** savvas_ has quit IRC13:59
jrossergun1x: this is one of the things you have to set up yourself before running the deploy14:01
jrosserthe host mush be generally sorted for use behind a proxy as a pre-requisite14:01
jrosser*must14:02
*** yifei has joined #openstack-ansible14:02
gun1xjrosser: the proxy is working fine. i did an apt update and apt dist-upgrade just before running osa scripts14:04
jrosserok maybe i misunderstand then - pastebin a bit more that just the error log for context would help14:05
*** jbadiapa has joined #openstack-ansible14:05
*** jwitko has quit IRC14:05
*** savvas_ has joined #openstack-ansible14:07
*** m|y|k has quit IRC14:10
*** m|y|k has joined #openstack-ansible14:10
*** m|y|k has quit IRC14:10
gun1xjrosser: if it fails again i am pasting the config14:12
*** ThomasS has joined #openstack-ansible14:15
gun1xyea, it failed14:17
ThomasSOSA with proxy does not work14:17
ThomasSi also gave up14:17
gun1xthis time it failed on Install distro packages14:17
gun1xThomasS: yea well i tried multiple ways to configure it and it keeps failing somewhere14:18
*** jbadiapa has quit IRC14:21
jrosserwe've dont a reasonable number of deploys behind a proxy before with ocata, both AIO, mnaio and on-metal14:21
jrosserand that did work14:21
odyssey4meevrardjp have you come to the bottom of the mysql user denied issue yet?14:21
evrardjpnot yet, I was sidetracked14:21
evrardjpI will work on it now14:22
evrardjpI just know which commit causes the issue for now14:22
evrardjpaccording to git bisect at least14:22
evrardjphttps://github.com/openstack/openstack-ansible-galera_server/commit/ca054bd8f74ac9f7e4d2a41589faf1280686355314:22
evrardjpso i have to double check first14:23
odyssey4meyeah, but given that's pretty much a rewrite it's not surprising14:23
* hwoarang looks around14:25
bndzorcloudnull: yeah, really wierd that deb 8 is broken by default.. but with kernel 4.9 not a single issue and no more nagging about serial etc in dmesg.. all clean + responsiveness is much better14:25
evrardjpyou had that on role test, right?14:26
gun1xbndzor: you run OSA on deb? is that possible ?14:26
bndzorwas a guest vm in nova14:27
bndzorbut i cant see how it would be a problem to run openstack in deb14:27
*** jwitko has joined #openstack-ansible14:29
evrardjpbndzor: that would be possible if there was some ppl willing to work on it. It's probably just a few vars, packages and package repos changes :)14:29
bndzorah OSA.. im blind.. well, that would be possible with some modification if setup with run on metal14:29
evrardjpbndzor: you still need to include the proper vars etc.14:29
evrardjpso not possible for now14:29
bndzorlike what vars ?14:29
evrardjpbut I guess the work to be done is likely small14:29
evrardjplike all of them distro based?14:30
evrardjpexample: https://github.com/openstack/openstack-ansible-os_neutron/tree/master/vars14:30
bndzorye, thats why i said "some modification" :p14:30
*** esberglu has joined #openstack-ansible14:33
*** nshetty has quit IRC14:36
*** loudgefly has quit IRC14:39
*** pbandark has joined #openstack-ansible14:47
*** savvas_ has quit IRC14:47
*** rgogunskiy has quit IRC14:54
*** pbandark has quit IRC14:55
*** sxc731 has joined #openstack-ansible14:56
jmccroryevrardjp the 'Create galera users' task probably needs append_privs, without it these items overwrite each other https://github.com/openstack/openstack-ansible-galera_server/blob/master/tasks/galera_setup.yml#L2614:57
evrardjphaha that's the cause?14:57
jmccroryhaven't tested, but seen it happen before14:57
evrardjpI am trying a revert right now, because it seems something was missing.14:57
jmccroryhttps://review.openstack.org/#/c/483176/14:58
evrardjpI will propose a revert and then I'll do proper testing on the initial patch causing issue + include any fixes.14:58
evrardjpjmccrory: so you think it's just db_append_privs: "yes" that's missing from tests?14:59
jmccroryprobably, these first two were added with the latest change and the last one use to be absent https://github.com/openstack/openstack-ansible-galera_server/blob/master/tasks/galera_setup.yml#L32-L4615:00
evrardjpor you mean in the role itself? I am confused in waht you said15:00
evrardjpyes I've seen that15:00
jmccroryjust that one task, 'Create galera users'15:00
*** yifei has quit IRC15:01
evrardjpI mean we changed this, so it's risky, and we need to think about it properly15:01
evrardjpso the revert sounded like the easier solution until we merge a properly tested version of the first patch15:01
jmccrorymysql_user module needs append_privs: true, but not sure why those items were even added since a '%' host would already cover them http://docs.ansible.com/ansible/latest/mysql_user_module.html#options15:01
evrardjpI want to do a real investigation of this, to see what are the issue with the "tune-up galera" patchset is. But in the meantime, a revert sounds fast and better.15:02
*** chhavi has joined #openstack-ansible15:02
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible-galera_server master: Revert "Tune-up the galera role for efficiency"  https://review.openstack.org/52420515:03
jmccroryok, think upgrades might be broken with that patch too anyway so revert/more testing sounds good. commented here on that https://review.openstack.org/#/c/524086/15:03
evrardjpoh great. Nice catch jmccrory15:06
evrardjpmaybe we should check versions and after, and see if they have changed.15:06
evrardjpfail upgrade test if not15:06
odyssey4mealso see https://review.openstack.org/521229 - I think perhaps this is going a little too far, or needs a lot more scrutiny15:07
jmccroryonly issue with that is the same packages are being installed in both releases, both 10.1 and minor15:07
mhaydenwhat's our current status on the galera gate shenanigans?15:11
jmccroryodyssey4me : yeah, if all nodes get stopped a same time with that it'll cause a lot of issues too and takes some manual steps to get galera back up15:12
*** udesale has quit IRC15:13
odyssey4meperhaps that efficiency patch should get picked apart and added bit by bit if that's even possible15:13
odyssey4meanyway, heading out for a bit15:14
*** udesale has joined #openstack-ansible15:14
*** udesale has quit IRC15:14
*** savvas_ has joined #openstack-ansible15:14
evrardjpodyssey4me: I've -W this patch then.15:14
evrardjpit went in silently that's not good.15:15
mhaydenevrardjp: is the revert (https://review.openstack.org/524205) happening because of gate breakage?15:15
* mhayden assumes so15:15
evrardjpmhayden: we are reverting the patches causing the issue, we'll improve tests to avoid this happy merging from happening15:15
mhaydenokay15:15
evrardjpyes15:15
evrardjpI'd like to leave it a few days with what's already IN it15:16
evrardjp(we have a wsrep patch, this is only the tune up revert)15:16
evrardjpI'd like to leave it a few days before merging something again that breaks, and we should have proper testing of those things15:16
mhaydencould someone take a look at the ansible-hardening contrib patch? https://review.openstack.org/514385 (besides odyssey4me) ;)15:17
evrardjpsure15:17
*** marst has joined #openstack-ansible15:17
*** savvas_ has quit IRC15:19
openstackgerritLihi Wishnitzer proposed openstack/openstack-ansible-os_neutron master: Update Dragonflow configuration  https://review.openstack.org/52387015:21
*** savvas_ has joined #openstack-ansible15:22
evrardjpjmccrory: could you vote on https://review.openstack.org/#/c/524205/ ?15:22
evrardjpwhen you're satisfied it fixes gates ofc15:23
*** rodolof has joined #openstack-ansible15:23
openstackgerritAdrien Cunin proposed openstack/openstack-ansible-ops master: Added ability to cleanup venv tgz  https://review.openstack.org/52382715:25
openstackgerritLihi Wishnitzer proposed openstack/openstack-ansible-os_neutron master: Update Dragonflow configuration  https://review.openstack.org/52387015:26
*** gouthamr has joined #openstack-ansible15:27
evrardjpAdri2000: you will hate me :p15:27
evrardjpbut it's already better!15:27
Adri2000evrardjp: ahaha, no tell me what I can improve it I'll happily (try to) do it :)15:29
evrardjp:)15:29
evrardjpwell I like this one better, because it's easier on idempotency and lint tests15:30
evrardjpbut I'll try something quick when I have time15:30
Adri2000evrardjp: I definetely tried to exclude the current {{ venv_tag }} version directly with find, but couldn't find (erm) a way to do that...15:30
Adri2000agreed it'd be nicer15:30
*** SmearedBeard has joined #openstack-ansible15:31
*** Smeared_Beard has quit IRC15:31
*** weezS has joined #openstack-ansible15:36
-openstackstatus- NOTICE: if you receieved a result of "RETRY_LIMIT" after 14:15 UTC, it was likely due to an error since corrected. please "recheck"15:36
cloudnullevrardjp: I was testing your patch https://review.openstack.org/#/c/524107/ with https://review.openstack.org/#/c/520673/ - looks like you need to modify to use the ip, not the hostname.15:38
cloudnullI commented in your patch15:38
cloudnullotherwise it results in a hostname lookup which may or may not based on the inventory hostname15:39
*** jwitko has quit IRC15:40
cloudnullas it stands it results in http://paste.openstack.org/show/62788515:41
evrardjpcloudnull: the inventory name is in /etc/hosts but I can fix it15:41
*** sxc731 has quit IRC15:42
evrardjpcloudnull: is that the issue though?15:42
cloudnullas soon as I changed hostname to IP, keystone worked15:42
evrardjpbecause these IPs are only used for monitoring, right?15:42
evrardjpwow.15:43
cloudnullthe resulting http://paste.openstack.org/show/627886/ xinetd config is functional in my mnaio15:43
evrardjpweird because I just reverted something else and my galera started to work, so I am not sure we are talking about the same issue15:44
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible master: Define galera_cluster_members  https://review.openstack.org/52410715:46
evrardjpI need more time to demystify all this :)15:46
cloudnullI have this in my galera role http://paste.openstack.org/show/627888/15:46
cloudnulland those two prs in osa15:47
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible master: Define galera_cluster_members  https://review.openstack.org/52410715:47
cloudnullevrardjp: ^ no quotes around 127.0.0.115:47
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible master: Define galera_cluster_members  https://review.openstack.org/52410715:47
cloudnullhaha15:47
evrardjpyeah I was blind15:48
*** jbadiapa has joined #openstack-ansible15:48
evrardjpand dumb15:48
evrardjpcloudnull: the tune-up is what causing me the issues.15:48
evrardjpthe rest is fine15:48
evrardjpor at least I think it's fine15:48
cloudnullwhat is going on with that change?15:49
evrardjpbreaking all the role tests15:50
evrardjpexcept itself15:50
cloudnullwith login issues maybe related to the wsrep changes?15:50
*** savvas_ has quit IRC15:50
cloudnullhttps://review.openstack.org/#/c/510909/15:51
cloudnullthat test seems to work15:51
evrardjpIt is indeed connection issues15:51
cloudnullbesides http://logs.openstack.org/09/510909/6/check/openstack-ansible-functional-opensuse-423/2590a43/job-output.txt.gz#_2017-10-31_18_39_37_235754 which I think can be bandained with "https://review.openstack.org/#/c/523525/"15:52
evrardjplet me rephrase something:15:52
evrardjpwhere is this mysqlchk xinetd service used15:53
*** zkynet has quit IRC15:53
evrardjpI thought it was only used when you reach it15:53
evrardjpfor monitoring*15:53
cloudnullvia haproxy15:53
evrardjpso I thought the usual galera process are working fine without it15:53
evrardjpok15:54
evrardjpso I am not mistaken15:54
evrardjplet's not confuse things :)15:55
odyssey4mecloudnull evrardjp currently all role tests are busted with http://logs.openstack.org/59/517259/23/check/openstack-ansible-functional-ubuntu-xenial/b14cb05/job-output.txt.gz#_2017-11-30_08_45_02_381152 which appears to be since the tune-up patch landed15:55
odyssey4methen in the chat history jmccrory raised some issues too which would eb good to address15:55
evrardjpodyssey4me: I did a git bisect, and it has proven me the tune-up patch is the cause15:55
evrardjpI think it's worth reverting, and improving our test coverage , that's it15:56
mgariepyanyone setup saml2 on pike ? I cannot get it to work and i'm wondering why, I'm testing on AIO inside a vm but keystone doesn't followup :5000/Shibboleth.sso/Login , always return a 404.15:56
hwoarangcloudnull: actually the opensuse log you posted is a bit weird. let me investigate15:57
evrardjpmgariepy: shib2?15:57
hwoarangah that's a very old log15:58
mgariepyevrardjp, https://docs.openstack.org/openstack-ansible-os_keystone/pike/configure-federation-sp.html15:58
evrardjpmgariepy: that's not helping me16:00
evrardjpI am just wondering if you have shibboleth2 installed by default on ubuntu16.16:00
mgariepyyes16:01
evrardjpmmm.16:01
evrardjpok16:01
mgariepyi want to configure the deployment as an SP.16:01
evrardjpyeah I got that part :)16:01
evrardjpDid you check the apache config?16:01
mgariepyi'm wondeing if the natted stuff is causing me issues.16:01
evrardjpto see if the mod_shib is enabled, and well configured?16:01
evrardjpmgariepy: oh yeah probably16:02
evrardjpwell16:02
evrardjpdepends on what you mean16:02
mgariepymod_shib is enabled and configured.16:02
evrardjpbut it will not help you later, as the DS (if any, else the IdP) needs direct https access to the SP16:02
mgariepywell. enabled at least.16:02
evrardjpgood start16:02
evrardjpand the endpoints?16:03
evrardjpIt's been a while I didn't touch those technologies16:03
mgariepyme too lol16:04
mgariepywell it was working on kilo.16:04
evrardjphaha I know the feeling :p16:05
mgariepymy endpoint is set to v3.16:06
mgariepyi wanted to help a guys i work with.. .. thought it would be quite easy and fast to deploy.. haha16:06
mgariepywell i was mistaken16:06
evrardjp:)16:07
evrardjpshibboleth has received no love in the community. 0. nada :)16:07
evrardjpon top of that, keystone changed I guess16:07
evrardjpmgariepy: did you check latest videos of the summit?16:08
evrardjpI think there was a few ones about federation16:08
mgariepykk16:08
mgariepyi'm starting to hate what is not automatically tested on every commit ;)16:08
mgariepyit's often broken.16:09
*** sxc731 has joined #openstack-ansible16:09
evrardjpyeah16:10
evrardjpif there is no test, we can't say it's working :p16:10
evrardjpthat's why I'd like to see this kinda of new scenarios16:10
evrardjpI'd be happy to have one with the federation16:10
mgariepyi would prefer to have one with LDAP first haha16:11
evrardjpor one with OVS :)16:11
evrardjphaha true16:11
evrardjpwho needs LDAP though, when you can have sql.16:11
evrardjp:D16:11
mgariepywell. i just don't want to be responsible for the accounts.16:12
mgariepyso ldap is great for that..16:12
evrardjpRBAC to someone? :p16:12
evrardjppolicy are great :)16:12
evrardjpbut yes I got your point16:15
evrardjpI am trolling because I don't really like ldap myself :p16:15
*** jwitko has joined #openstack-ansible16:16
*** savvas_ has joined #openstack-ansible16:17
mgariepyI don't like ldap, but i dont want to have  to manage the 30k accounts with password reset and so on in sql.16:17
mgariepy:P16:17
evrardjpwell funny story, I had more issues with federation log-offs than I could ever have password resets failures in SQL :D16:21
evrardjpbut i 100% agree16:21
evrardjp:)16:21
*** holmsten has quit IRC16:21
evrardjpwho doesn't like a good troll while gates are busy?16:21
*** savvas_ has quit IRC16:22
odyssey4memgariepy I did some work recently on that stuff and can confirm it works for newton. I expect that perhaps some of the newton+ changes might have broken some things.16:22
odyssey4meAnd yes, I would love to have an on-commit test for it.16:22
mgariepyodyssey4me, were you doing it on a natted env ?16:23
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible-os_neutron master: [DNM] Gate testing  https://review.openstack.org/52423916:23
odyssey4memgariepy hmm, that shouldn't matter if your config and host headers are right16:24
evrardjpodyssey4me: do you know if it's tested in keystone gates?16:24
odyssey4meevrardjp some tests were going in - k2k only as far as I recall16:25
odyssey4memgariepy this is my old reference for making sure the public endpoint is usable: https://gist.github.com/odyssey4me/4af6a759b7ce1a4df9b36df412f57f0a16:25
odyssey4meit's important for the ssl cert to use the name for the keystone endpoint, and for horizon to use that as an endpoint if you're using websso16:26
*** woodard has quit IRC16:26
odyssey4methis stuff should still be mostly good: https://docs.openstack.org/openstack-ansible-os_keystone/latest/configure-federation-sp.html16:27
SamYaplehttps://github.com/rabbitmq/rabbitmq-server/releases/tag/v3.7.016:28
SamYaplew00t16:28
evrardjpSamYaple: OH WHAT?16:29
evrardjpI just bumped!16:29
evrardjpalready need of rebumping? :p16:29
evrardjpwhat's the changelog?16:29
SamYapleidk. change log is 3.7.0 is released?16:31
SamYapleunless you were running the 3.7.0 rc before16:32
evrardjp:)16:32
evrardjpthe question was more: it's a minor version bump, so it's probably a good interesting change16:32
*** savvas_ has joined #openstack-ansible16:32
evrardjp(loading changelog)16:32
evrardjprabbitmqctl and rabbitmq plugins rewritten from the ground up!16:33
SamYaple3.7.0 is a major bump. they dont follow semver16:33
evrardjphelpful error messages!16:33
evrardjpSamYaple: yeah that's what I meant with wrong words, once again :)16:34
evrardjpoh no I am misreading again?16:35
*** rodolof has quit IRC16:35
*** rodolof has joined #openstack-ansible16:36
*** vnogin has joined #openstack-ansible16:36
*** chyka has joined #openstack-ansible16:39
*** vnogin has quit IRC16:42
*** thorst has quit IRC16:42
*** thorst has joined #openstack-ansible16:42
*** thorst has quit IRC16:44
SamYapleevrardjp: haha i dont know what youre saying16:48
evrardjpme neither.16:49
*** germs has joined #openstack-ansible16:49
SamYaplewell 3.7.0 is something ive been waiting for for like a year. so happy its finally here. lots of cool stuff16:50
*** germs1 has joined #openstack-ansible16:51
evrardjpoh so you know what's in it :)16:53
evrardjpI don't see much on the changelog (I guess they need to update it)16:53
*** germs has quit IRC16:54
*** pbandark has joined #openstack-ansible16:54
cloudnulllooks like our role tests are failing here: https://github.com/openstack/openstack-ansible-tests/blob/master/create-grant-db.yml#L24-L39 but the db is getting created in the previous task.16:58
cloudnullive got to run to a dr appt but will be back in a few16:58
*** woodard has joined #openstack-ansible17:01
*** pbandark has quit IRC17:02
*** TxGirlGeek has joined #openstack-ansible17:02
*** woodard has quit IRC17:05
*** woodard has joined #openstack-ansible17:06
*** savvas_ has quit IRC17:08
*** pcaruana has quit IRC17:08
spotzbye cloudnull17:08
Bico_FinoI'm getting this warning on galera container -> [Warning] Could not increase number of max_open_files to more than 65535 (request: 80491)17:12
*** rpittau__ has quit IRC17:14
*** gkadam_ has quit IRC17:22
evrardjpcloudnull: yeah it's probably fixable but right now I'd say let's rollback and take our time to fix all the issues we've seen.17:23
*** RandomTech has joined #openstack-ansible17:28
*** Oku_OS is now known as Oku_OS-away17:29
openstackgerritJean-Philippe Evrard proposed openstack/openstack-ansible-os_neutron master: [DNM] Gate testing  https://review.openstack.org/52423917:30
RandomTechHey , quick question. My second playbook failed because it said galera's root password wasnt set, however, i cant find anywhere that says where to configure it in the steps. Anyone know what all passwords need configured and how?17:33
RandomTechwait nevermind found it17:33
Bico_FinoRandomTech https://docs.openstack.org/project-deploy-guide/openstack-ansible/pike/configure.html17:34
*** savvas_ has joined #openstack-ansible17:34
Bico_FinoYou need run python pw-token-gen.py17:34
evrardjpRandomTech: :)17:35
RandomTechya we missed the secrets file17:36
*** savvas_ has quit IRC17:38
*** weezS has quit IRC17:46
*** savvas_ has joined #openstack-ansible17:49
*** michelv_ has quit IRC17:52
evrardjpBico_Fino: large cluster?17:53
Bico_Finoevrardjp 4 nodes17:53
Bico_Finowas getting too many connections on mysql17:53
evrardjpGenerally it shows you have another issue somewhere17:53
evrardjpor some configuration need tweaking17:54
evrardjpcan't really help, sorry17:54
Bico_Finonp. I'm increased the max_connections and fixed it17:54
RandomTechevrardjp: you there?18:02
evrardjpI am still for a few minutes18:03
evrardjphow can I help?18:03
RandomTechwe ran into a an error with galera while running: http://paste.openstack.org/show/627907/18:04
RandomTechim not seeing anything in the user config that mentions galera besides shared infra hosts18:05
evrardjpRandomTech: you are running master sir!18:07
evrardjpyeah our gates are broken, I am sorry18:07
evrardjpfor you these should fix it:18:07
evrardjphttps://review.openstack.org/#/c/524107/4/group_vars/galera_all.yml18:07
evrardjpand this: https://review.openstack.org/#/c/524205/18:08
evrardjpso they aren't merged18:08
evrardjpeither you apply them manually to your environment, or you wait a little :)18:08
*** thorst has joined #openstack-ansible18:08
Bico_Finoor use a stable branch. :P18:08
evrardjpI am sorry for that, that happens sometimes on master, but we should catch most of those in our testing :)18:08
evrardjpmilestone 2 is where we shove many things, so this and next week will be fun !18:09
evrardjpyeah a stable branch is more reliable :)18:09
RandomTechwill it hurt things if we go ahead and pull the last tagged and rerun the playbooks18:09
evrardjpbut I like living on the edge :)18:09
evrardjpRandomTech: depends18:10
evrardjpgetting backwards is generally a bad idea.18:10
evrardjpBut far backwards is terribad18:10
evrardjpand for master, we only have one tag: milestone 118:11
*** chhavi has quit IRC18:11
evrardjpso I'd just apply the patches18:11
evrardjpor wait a little18:11
RandomTechi believe we got this just the other day18:11
*** sxc731 has quit IRC18:12
*** armaan has joined #openstack-ansible18:13
*** epalper has quit IRC18:13
evrardjpI am sorry it's taking some time to fix it18:13
evrardjpI do my best18:14
RandomTechhow do you apply patches?18:15
evrardjpyour roles are in /etc/ansible/roles18:15
evrardjpso you can git clone the role that needs to patch there (pay attention to the proper name)18:16
evrardjpthen you can go to the links I gate you18:16
evrardjpgave*18:16
evrardjpthere is a download on the top right18:16
RandomTechdo you think if we hacnt run all three playbooks yet if running 'git clone -b 17.0.0.0b1 https://git.openstack.org/openstack/openstack-ansible \   /opt/openstack-ansible' and the bootstrap will allow us to rerun the first 2 playbooks okay?18:19
RandomTechwe plan on tearing it down and reinstalling everything after doing it successfully so that we have a nice clean install18:21
*** mbuil has quit IRC18:21
evrardjpbeta 1 is far ago18:21
evrardjpI'd destroy the containers18:21
evrardjpand start again18:21
RandomTechoh, that was the one on the https://docs.openstack.org/project-deploy-guide/openstack-ansible/latest/deploymenthost.html18:22
evrardjpthere is a playbook for that18:22
evrardjpyou need queens or Pike is enough?18:22
RandomTechi honestly dont know the difference18:23
evrardjpgo for stable18:23
RandomTechhow would i get the stable one then? the command i posted above?18:23
evrardjpif you aren't ready for developing and being on the edge, then for a stable18:23
evrardjpno18:23
evrardjp17.0.0.0b1 is the first beta of queens18:23
evrardjpyou should first destroy your existing containers18:24
evrardjpby running the destroy playbook18:24
evrardjpdid you run galera and things?18:24
RandomTechwe ran the first 2 playbooks but the second one errored18:24
evrardjpwhich first 2?18:25
evrardjpsetup-hosts setup-infra?18:25
RandomTechsetup-hosts and setup-infastructure18:25
evrardjpok18:25
RandomTechlike it says on the website18:25
evrardjpplease follow the stable branch documentation instead of the pre-release one: https://docs.openstack.org/project-deploy-guide/openstack-ansible/pike/18:25
evrardjpyou'll be in a more stable world if you're not ready to develop :)18:25
RandomTechya were not developing openstack18:26
evrardjpok18:26
evrardjpso stable/pike it is!18:26
evrardjpcleanup your nodes first18:26
evrardjpyou don't want to have too recent galera or things like that18:27
evrardjpif you destroy your containers and destroy everything in /openstack you should be good.18:27
evrardjpFor safety you can reroll your nodes.18:27
evrardjpgood luck!18:27
RandomTechwill our user config file still work or will that need redun?18:27
evrardjpthey are probably still valid, same for the openstack_user_config18:28
RandomTechthats what i meant18:28
evrardjpI thought you meant user_* variables files18:28
evrardjpbut anyway, they should still apply :)18:28
RandomTechso we run the destruction playbook, then we pull pike, finally we rerun?18:28
evrardjpyeah, run the destruction playbook, remove everything in /openstack on your nodes, then pull pike and rerun everything18:29
*** weezS has joined #openstack-ansible18:29
RandomTechdo you mean /opt/openstack? or did it make a new root directory?18:29
RandomTechoh i found it18:30
RandomTechis the destruction playbook just in playbooks?18:30
odyssey4melxc-containers-destroy ;)18:31
odyssey4mewhen you run it, be sure to have this pic in your mind https://media.giphy.com/media/JIUYwgWQ5INSU/giphy.gif18:31
*** savvas_ has quit IRC18:34
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_server master: Fix galera server local db permission access  https://review.openstack.org/52431118:36
cloudnullodyssey4me: evrardjp: jmccrory: ^ that puts the user grants back to what we had before.18:36
*** stuartgr has quit IRC18:37
*** weezS_ has joined #openstack-ansible18:42
*** weezS has quit IRC18:43
*** weezS_ is now known as weezS18:43
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-tests master: Gather more logs when running tests  https://review.openstack.org/52364718:43
cloudnulland that pr should tell us if it's fixed, else I'll remove my -2 and we can revert the tune-up bits.18:44
odyssey4methanks cloudnull - will monitor those18:46
cloudnullsorry for the issues.18:46
odyssey4meit is better to move forward, but sometimes you have to revert to regroup18:46
cloudnull++ I just didn't want to let it go without taking a crack at getting it fixed.18:46
odyssey4meit shows more clearly that our tests are missing something18:47
odyssey4meso perhaps we need to figure out what sort of test to add to the galera role to pick this up next time18:47
cloudnullI think we can do more cross project work to fill those gaps18:47
odyssey4mewe could perhaps add a keystone non-voting cross-project test to the galera repo?18:48
cloudnullExample https://review.openstack.org/#/c/524059/ - i added the galera server + ssl test to the client role18:48
*** openstackgerrit has quit IRC18:48
*** armaan has quit IRC18:48
cloudnullshould help protect against breakage18:48
RandomTechShould i delete everything in /openstack or delete /openstack itself?18:48
cloudnullwe should be able to do the same same elsewhere.18:48
odyssey4menice, although I think cross-project should always be non-voting to help prevent wedges18:48
odyssey4meespecially on dependent roles18:49
cloudnullodyssey4me: ++ that makes sense. I'll update.18:49
cloudnullRandomTech: if you're trying to clean up, yes.18:49
cloudnullthe lxc-container-destroy playbook should cleanup things in that dir18:49
odyssey4meRandomTech usually better to re-kick the hosts - it's a better recipe for success in a lab18:50
odyssey4mebut sure, delete the dir is fine18:50
RandomTechre-kick?18:50
odyssey4mere-install the OS18:50
RandomTechah18:50
*** openstackgerrit has joined #openstack-ansible18:50
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_client master: Fix SSL handling for galera clusters  https://review.openstack.org/52405918:50
RandomTechwe will the second time we set it up. we just want to make sure we can configure everything correctly and get something running first18:50
*** pcaruana has joined #openstack-ansible18:50
RandomTechwe then tear down and try again18:50
odyssey4meRandomTech for a lab env, best to get yourself geared to re-kick early and often18:51
odyssey4meso many issues arise when you're trying to re-use a existing host18:51
odyssey4meit all depends on what you're trying to work out, but networking issues especiallly linger18:52
cloudnull^ especially when there's been a lot of hacking18:52
RandomTechya were going to rekick multiple times difinately18:52
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-tests master: Gather more logs when running tests  https://review.openstack.org/52364718:55
cloudnull^ fixed stupid bashate failure.18:56
evrardjpis the upgrade concern fixed too?18:57
cloudnullw/ the perms ? ?18:58
cloudnullwhat's the upgrade concern ?18:58
*** gkadam has joined #openstack-ansible18:58
evrardjphttps://review.openstack.org/#/c/524205/1/tasks/main.yml@a5918:58
evrardjpOk I am done for today, I will not check anymore, I just trust you guys :)19:00
*** savvas_ has joined #openstack-ansible19:00
*** poopcat has joined #openstack-ansible19:00
cloudnullhahaha.19:00
*** pbandark has joined #openstack-ansible19:00
cloudnullthat's not addressed here.19:01
cloudnullhowever I think that's something we can add in the galera_server playbook19:01
evrardjpI still believe it's better to rollback19:01
cloudnullfor upgrades19:01
evrardjpthen*19:01
cloudnulli disagree.19:01
evrardjpbecause we are keeping a failure hidden for now, and when the time will come and everybody will have forgotten, it will bite us back19:01
evrardjpI know19:02
evrardjpIt's fine, we've agreed to disagreed!19:02
evrardjpfor once we are in disagreement19:02
* evrardjp is marking the day to the calendar19:03
evrardjp:p19:03
evrardjpAnyway, I trust you to do the right thing for upgrades if you are taking the fix route19:03
evrardjpI am gone for today, someone is waiting for me here :)19:04
evrardjpsorry!19:04
*** savvas_ has quit IRC19:04
*** poopcat1 has joined #openstack-ansible19:05
cloudnullhttps://review.openstack.org/#/c/524086/19:06
cloudnullI need to make one change there.19:06
*** poopcat has quit IRC19:06
cloudnullbut I think that will address those upgrade issues19:06
*** pbandark has quit IRC19:07
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_server master: Further simplify the upgrade check  https://review.openstack.org/52408619:08
*** savvas_ has joined #openstack-ansible19:09
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_server master: Further simplify the upgrade check  https://review.openstack.org/52408619:12
cloudnull^ added a comment.19:12
SamYaplecloudnull: since you are ok with additional services (xinetd) we can avoid the need for etcd3 i believe. we just need *someway* for containers to get status from all other containers19:14
cloudnullI quite liked the approach you were working on with etcd319:15
cloudnullit sounded nice at least !)19:15
SamYaplecloudnull: are you good with pulling down an etcd3 binary? because they do roll standalone binaries19:16
odyssey4meI have to say, using etcd seems a far better approach than the stick-tape we're doing now.19:16
SamYapleodyssey4me: actually with the haproxy healthchecking cloudnull is far superior to my stuff, luckily they dont conflict, they compliement eachother19:16
odyssey4meetc3 may not be required, depending on what's intended19:16
cloudnullI'm good with a static binary19:17
SamYapleodyssey4me: we just need any kind of distributed locking19:17
odyssey4mewell, if a local script stored database state in etcd - and haproxy grabbed that state from its local proxy, that's better than using xinetd19:17
odyssey4mealthough I suppose using the current method is more LB agnostic19:18
odyssey4mewhereas my suggested alternative would be more specifically a tie-in to haproxy19:19
SamYapleodyssey4me: fair point. haproxy could be setup so the backends are dynamic based on the stats in etcd (which expire after a TTL)19:20
SamYapleso it oculd know when a backend cant recieve data, and it will remove old backend automagically19:20
cloudnull^ that'd be quite cool19:20
SamYaplecoolaboration! it makes the world go round19:21
odyssey4meyes, instead of an over-the-wire check, it just does a local etcd check19:21
SamYapleill start working on that piece actually. because i want that19:21
cloudnullthe xinetd things are there and implementing the percona spec but if we can devise a MOAR better way, I say do it!19:21
SamYaplecloudnull: yea thats why im totally cool with them. re-use is always good.19:22
SamYaplegood chance whatever we finalize they will accept as a helper script/service too19:22
odyssey4meit'd probably be better for us to retain both methods, at least until people get used to the new etcd service around19:22
*** xingchao has joined #openstack-ansible19:29
RandomTechHey anyone know why 'TASK [ansible-hardening : Ensure debsums is installed]' would fail on only my controllers?19:30
RandomTechthis is the error: http://paste.openstack.org/show/627919/19:31
cloudnullanyone around mind giving https://review.openstack.org/#/c/524081/ a tap? -cc hwoarang19:32
hwoarangcloudnull: do you need to change the when conditionals?19:37
*** electrofelix has quit IRC19:38
cloudnullthose variables are noted in the mains defaults19:38
cloudnullhttps://github.com/openstack/openstack-ansible-galera_server/blob/master/defaults/main.yml#L181-L18319:38
cloudnullbut I can pull those conditions out if we think it best.19:39
hwoarangYeah but I mean now that you do stuff with the server certificate does it make sense to check the user ones in the when statement?19:39
cloudnullI guess I could just move the task https://review.openstack.org/#/c/524081/1/tasks/galera_ssl.yml@3219:39
cloudnullto the galera_ssl_key_create task file.19:40
cloudnulland drop those extra conditions.19:40
*** xingchao has quit IRC19:47
cloudnullhwoarang: I could do something like this http://paste.openstack.org/show/62792019:47
cloudnullopps http://paste.openstack.org/show/627921/19:48
cloudnullwas missing the add19:48
hwoarangyeah ok that looks ok too19:48
cloudnullodyssey4me: https://review.openstack.org/#/c/523647/19:49
cloudnullseems https://review.openstack.org/#/c/524311/ makes things happier19:49
cloudnullif folks can give that a look ^ that unblocks the role gates.19:51
*** savvas_ has quit IRC19:51
RandomTechhey, im getting a strange error when running setup-hosts.yml. anyone able to help me take a look?19:52
cloudnullRandomTech: what are you seeing?19:53
RandomTechhttp://paste.openstack.org/show/627919/19:53
RandomTechTASK [ansible-hardening : Ensure debsums is installed] is failing on my controller(Infrastructure) nodes19:54
RandomTechproducing a strange 50319:54
odyssey4mecloudnull I wonder if jmccrory could perhaps give it a looksee19:54
mhaydenRandomTech: looking19:55
mhaydenRandomTech: interesting -- perhaps some shenanigans on ubuntu's mirror there?19:55
cloudnullRandomTech: if this is a rebuild check for the file /etc/apt/apt.conf.d/00apt-cacher-proxy19:56
cloudnulland remove19:56
cloudnullthen apt-get update19:57
cloudnullansible -m shell -a 'rm /etc/apt/apt.conf.d/00apt-cacher-proxy' hosts19:57
RandomTechon the erroring nodes?19:57
cloudnullansible -m shell -a 'apt-get update' hosts.19:57
cloudnullyup19:57
RandomTechshould i replace hosts with something?19:57
cloudnullwhen the cluster is online it uses an apt proxy to install packages which runs through the repo server.19:57
cloudnullif those containers are gone19:58
cloudnullthen the proxy is too .19:58
RandomTechshould i replace hosts in that command?19:58
cloudnullit's same to remove /etc/apt/apt.conf.d/00apt-cacher-proxy19:58
cloudnullwe put that file in place.19:58
cloudnullhosts is the group within inventory19:59
cloudnullso this is what you'd run: `ansible -m shell -a 'rm /etc/apt/apt.conf.d/00apt-cacher-proxy; apt-get update' hosts`19:59
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_server master: Fix the key lookup names for self-signed SSL  https://review.openstack.org/52408120:00
cloudnullhwoarang: ^20:00
*** smatzek has quit IRC20:00
*** smatzek has joined #openstack-ansible20:00
*** smatzek has quit IRC20:01
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_server master: Further simplify the upgrade check  https://review.openstack.org/52408620:04
cloudnullok, stepping out for a min .20:04
RandomTechit seems to be running better cloudnull thanks20:05
*** sxc731 has joined #openstack-ansible20:08
odyssey4mecloudnull heh, jmccrory noted some good feedback in https://review.openstack.org/524311 - maybe you can claw some security back ;)20:13
cloudnullah cool! - i'll follow on to make things more restrictive once again but with a cross project test.20:15
cloudnullthanks odyssey4me evrardjp jmccrory mhayden hwoarang - I appreciate all of the reviews.20:15
cloudnullodyssey4me: mind nudging this through https://review.openstack.org/#/c/523647/20:16
cloudnullgiven the other is now approved20:16
cloudnullmore logs!20:17
*** savvas_ has joined #openstack-ansible20:18
*** savvas_ has quit IRC20:22
*** vnogin has joined #openstack-ansible20:24
*** vnogin has quit IRC20:25
*** savvas_ has joined #openstack-ansible20:25
*** TxGirlGeek has quit IRC20:26
*** sboyron has joined #openstack-ansible20:35
odyssey4mecloudnull done!20:37
cloudnullthanks odyssey4me20:39
*** poopcat1 is now known as poopcat20:40
*** xingchao has joined #openstack-ansible20:48
*** xingchao has quit IRC20:48
*** pcaruana has quit IRC20:55
SamYapleso rabbitmq 3.7.0 has a file store *per* vhost20:56
*** mhayden has quit IRC20:56
SamYaplethat removes any advantage to exploding out a rabbitmq cluster per service in my mind20:56
*** mhayden has joined #openstack-ansible20:57
*** gkadam has quit IRC21:01
*** savvas_ has quit IRC21:09
RandomTechcloudnull: do you think any rabbit mq files could have been left over during the teardown?21:11
*** threestrands has joined #openstack-ansible21:12
RandomTechor does anyone else know?21:15
cloudnullRandomTech: not normally.21:15
cloudnullSamYaple: that, kinda, sucks.21:15
cloudnulli wonder what the rational for rthat was?21:16
RandomTechwe ran the second playbook and it had an error on TASK [rabbitmq_server : Read rabbit cookie] and the join21:16
cloudnullhwoarang: http://logs.openstack.org/11/524311/1/gate/openstack-ansible-functional-opensuse-423/bcaef3c/job-output.txt.gz#_2017-11-30_20_13_51_822006 - did you by chance have time to look into that?21:17
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-galera_server master: Fix the key lookup names for self-signed SSL  https://review.openstack.org/52408121:21
openstackgerritMerged openstack/openstack-ansible-lxc_hosts master: Add more testing and increase build timeout for suse/cent  https://review.openstack.org/52352521:21
*** pcaruana has joined #openstack-ansible21:24
RandomTechanyone have an idea why it could fail on [rabbitmq_server : Read rabbit cookie]21:26
*** woodard has quit IRC21:31
*** dave-mccowan has quit IRC21:35
*** savvas_ has joined #openstack-ansible21:36
*** pcaruana has quit IRC21:39
RandomTechokay just rerunning it fixed that error21:40
*** savvas_ has quit IRC21:40
jrosserRandomTech: https://github.com/openstack/openstack-ansible-rabbitmq_server/commit/3779124eec4386a2a9db88e585e85ded43d8548921:42
RandomTechoh thanks21:42
RandomTechstill got one more error to fix though21:42
*** esberglu has quit IRC21:43
*** savvas_ has joined #openstack-ansible21:44
RandomTechsomething about applying rabbitMQ policies21:44
RandomTechjrosser: is that going to be commited to 16.0.2 soon?21:45
jrosseri suspect it is in 16.0.4?21:46
RandomTechi noticed the documentation is labled as 16.0.2 and tells you to install 16.0.121:48
RandomTechis the documentation out of date?21:54
*** esberglu has joined #openstack-ansible21:55
*** TxGirlGeek has joined #openstack-ansible21:56
*** rodolof has quit IRC21:56
*** pbandark has joined #openstack-ansible22:00
*** RandomTech has quit IRC22:03
*** vnogin has joined #openstack-ansible22:05
*** gokhan has quit IRC22:06
*** gokhan has joined #openstack-ansible22:07
*** TxGirlGeek has quit IRC22:07
*** pbandark has quit IRC22:09
*** vnogin has quit IRC22:09
*** TxGirlGeek has joined #openstack-ansible22:14
*** marst has quit IRC22:19
*** savvas_ has quit IRC22:20
*** TxGirlGeek has quit IRC22:23
*** jwitko_ has joined #openstack-ansible22:25
*** TxGirlGeek has joined #openstack-ansible22:27
*** vnogin has joined #openstack-ansible22:28
*** savvas_ has joined #openstack-ansible22:28
*** jwitko has quit IRC22:29
*** savvas has quit IRC22:31
*** TxGirlGeek has quit IRC22:31
*** TxGirlGeek has joined #openstack-ansible22:31
*** jwitko_ has quit IRC22:32
*** savvas_ has quit IRC22:35
*** savvas has joined #openstack-ansible22:36
*** TxGirlGeek has quit IRC22:39
*** TxGirlGeek has joined #openstack-ansible22:39
*** woodard has joined #openstack-ansible22:40
*** TxGirlGeek has quit IRC22:43
*** TxGirlGeek has joined #openstack-ansible22:43
*** savvas_ has joined #openstack-ansible22:47
cloudnullrandomtech: there was an issue which evrardjp fixed.22:47
cloudnullthe release versions were out of sync22:48
cloudnullI think that's in ?22:48
*** savvas_ has quit IRC22:51
xgerman_this errro confuses me: http://logs.openstack.org/95/521795/2/check/openstack-ansible-functional-ubuntu-xenial/6aac84a/job-output.txt.gz22:53
*** woodard has quit IRC22:53
*** savvas_ has joined #openstack-ansible22:54
*** TxGirlGeek has quit IRC22:56
*** TxGirlGeek has joined #openstack-ansible22:57
*** weezS has quit IRC22:59
cloudnullhwoarang: https://review.openstack.org/#/c/516002/ -- look at all that opensuse passing the gate :)23:02
cloudnullxgerman_: the error http://logs.openstack.org/95/521795/2/check/openstack-ansible-functional-ubuntu-xenial/6aac84a/job-output.txt.gz#_2017-11-30_22_49_34_18868623:02
*** TxGirlGeek has quit IRC23:02
cloudnullis being fixed here - https://review.openstack.org/#/c/524311/23:02
cloudnullas soon as the cent and container repos stop being shitty23:03
xgerman_awesome - thanks!23:03
*** TxGirlGeek has joined #openstack-ansible23:04
*** jwitko has joined #openstack-ansible23:04
*** vnogin has quit IRC23:07
*** TxGirlGeek has quit IRC23:08
*** TxGirlGeek has joined #openstack-ansible23:08
*** sxc731 has quit IRC23:13
*** TxGirlGeek has quit IRC23:14
*** TxGirlGeek has joined #openstack-ansible23:15
*** vnogin has joined #openstack-ansible23:15
*** TxGirlGeek has quit IRC23:17
*** TxGirlGeek has joined #openstack-ansible23:18
*** weezS has joined #openstack-ansible23:19
SamYaplecloudnull: i wasnt saying the rabbitmq as a bad thing. im saying like the advantages i would hope to see are now part of normal vhost seperation in rabbitmq23:23
*** savvas_ has quit IRC23:24
*** sboyron has quit IRC23:37
*** thorst has quit IRC23:41
*** savvas_ has joined #openstack-ansible23:51
*** weezS has quit IRC23:52
*** savvas_ has quit IRC23:56
*** vnogin has quit IRC23:58
*** chyka_ has joined #openstack-ansible23:59
« Wednesday, 2017-11-29 Index Friday, 2017-12-01 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!