Wednesday, 2018-01-10

strgout	howdy..	00:15
strgout	ceph .. when i deploy with ceph what globals options enable creating volumes for VM?	00:18
strgout	you know.. a better question would be where are are global options documented	00:20
logan-	strgout: the best place to look for ceph-ansible options is https://github.com/ceph/ceph-ansible/tree/master/group_vars	00:21
logan-	with regard to the openstack integration, there is a doc here with example configs: https://docs.openstack.org/project-deploy-guide/openstack-ansible/pike/app-config-prod-ceph.html	00:22
logan-	look for "cinder_backends" at the bottom	00:23
*** SmearedBeard has quit IRC		00:31
*** andymccr has quit IRC		00:36
*** _nyloc_ has joined #openstack-ansible		00:36
*** nyloc has quit IRC		00:36
*** chyka has quit IRC		00:40
*** andymccr has joined #openstack-ansible		00:40
*** markvoelker has joined #openstack-ansible		00:43
*** markvoelker has quit IRC		00:45
*** markvoelker has joined #openstack-ansible		00:49
*** markvoelker has quit IRC		00:50
*** andymccr has quit IRC		00:51
*** andymccr has joined #openstack-ansible		00:55
*** kaiokassiano has joined #openstack-ansible		00:58
*** dave-mccowan has joined #openstack-ansible		01:07
*** markvoelker has joined #openstack-ansible		01:08
strgout	hmm so do i need all the options in cinder_backends?	01:08
*** markvoelker has quit IRC		01:09
*** rmcall has joined #openstack-ansible		01:10
*** dave-mccowan has quit IRC		01:42
*** kaiokassiano has quit IRC		01:45
*** gfa has joined #openstack-ansible		01:50
*** jafeha__ has joined #openstack-ansible		01:52
*** jafeha has quit IRC		01:54
*** pbandark has quit IRC		02:10
*** chyka has joined #openstack-ansible		02:12
strgout	oh i see how it is.... so if I really want volumes I have to enable cinder. pfft.	02:12
strgout	so one thing i'm unsure about. If i enable a new module (in this case cinder) can i just flip to yes then deploy or do i need to destroy then deploy again?	02:15
*** dave-mccowan has joined #openstack-ansible		02:15
*** chyka has quit IRC		02:17
*** rmcall has quit IRC		02:21
*** pbandark has joined #openstack-ansible		02:28
*** pmannidi has quit IRC		02:44
*** dave-mccowan has quit IRC		02:47
*** pmannidi has joined #openstack-ansible		02:48
*** lbragstad has quit IRC		02:54
*** strgout has quit IRC		03:10
*** pbandark has quit IRC		03:16
cloudnull	evenings	03:17
cloudnull	strgout if you want to enable a new service you simply add the required config and run the playbooks.	03:21
*** udesale has joined #openstack-ansible		03:59
*** chhavi__ has joined #openstack-ansible		04:25
masber	good afternoon, I am trying to setup my first OSA deployment	04:33
masber	do I need br-mgmt on the compute nodes?	04:33
pradiprwt	masber: yes, you need br-mgmt in every node	04:56
masber	thank you!	04:57
pradiprwt	this interface is used for container management	04:57
masber	and also bind the external VIP?	04:57
pradiprwt	yeah, you are right	04:58
pradiprwt	internal VIP as well	04:58
masber	but not all services runs on LXC right? nova and cinder and bare metal	04:58
pradiprwt	yes, but ansible needs to deploy the services on compute and storage also, so it is using br-mgmt for that	05:00
pradiprwt	I think you can keep IP to interface	05:01
masber	sorry this is my first OSA installation, I went throught the documentation but I have the feeling taht I need help, I tried before packstack and kolla-ansible and they all configures the underlines network in different way plus I am not an expert in OVS or linux bridges etc...	05:01
masber	pradiprwt, one question, external VIP is same as the external_lb_vip_address and you said I need to set it up on the compute nodes, then are we talking about a DVR installation?	05:08
*** poopcat1 has quit IRC		05:09
*** brad[] has quit IRC		05:10
pradiprwt	masber : Sorry I did't get you.. I was saying about management network for compute host...	05:17
pradiprwt	you can assign any network IP to external_lb_vip_address, it should be accessible from infra nodes	05:19
masber	so I put the br-mgmt on the compute node, and then do I also need to bind the external VIP into the br-mgmt:0?	05:20
pradiprwt	No need to bind external VIP with compute node, just provide as a variable to external_lb_vip_address in openstack_user_config.yml file, OSA will bind it with HAproxy	05:25
*** nshetty has joined #openstack-ansible		05:26
pradiprwt	masber: the steps will be 1) prepare the deployment host which is your ansible node 2) Prepare the target host which are infra, compute and storage nodes then apply the playbooks	05:28
pradiprwt	make sure networks are configured properly	05:28
*** chyka has joined #openstack-ansible		05:29
pradiprwt	for configuration you can take reference of given example https://docs.openstack.org/project-deploy-guide/openstack-ansible/latest/app-config-test.html#test-environment-config	05:29
*** admin0 has quit IRC		05:33
masber	hahaha ok! I will try	05:33
*** chyka has quit IRC		05:33
*** nshetty is now known as nshetty\|afk		05:35
*** woodard has quit IRC		05:37
*** markvoelker has joined #openstack-ansible		05:39
*** bhujay has joined #openstack-ansible		05:42
*** admin0 has joined #openstack-ansible		05:47
*** nshetty\|afk is now known as nshetty		05:59
*** jbadiapa has quit IRC		06:02
*** oanson has joined #openstack-ansible		06:06
*** oanson has quit IRC		06:18
*** oanson has joined #openstack-ansible		06:22
*** jbadiapa has joined #openstack-ansible		06:26
*** pcaruana has joined #openstack-ansible		06:27
*** jbadiapa has quit IRC		06:30
*** pcaruana has quit IRC		06:33
*** pcaruana has joined #openstack-ansible		06:34
*** udesale__ has joined #openstack-ansible		06:57
*** udesale has quit IRC		06:59
*** arbrandes1 has joined #openstack-ansible		07:01
*** arbrandes has quit IRC		07:03
*** sar has joined #openstack-ansible		07:06
*** sar is now known as sbr		07:06
*** sbr is now known as sbra		07:06
*** masber has quit IRC		07:08
*** jbadiapa has joined #openstack-ansible		07:18
*** udesale has joined #openstack-ansible		07:19
*** udesale has quit IRC		07:20
*** pmannidi has quit IRC		07:21
*** udesale__ has quit IRC		07:21
*** SmearedBeard has joined #openstack-ansible		07:27
*** armaan has joined #openstack-ansible		07:30
*** SmearedBeard has quit IRC		07:32
*** sbra has quit IRC		07:34
*** threestrands has quit IRC		07:36
*** mardim has quit IRC		07:38
*** sbra has joined #openstack-ansible		07:45
*** mardim has joined #openstack-ansible		07:51
*** _nyloc_ is now known as nyloc		07:52
*** rgogunskiy has joined #openstack-ansible		07:57
*** mbuil has joined #openstack-ansible		08:04
*** gkadam has joined #openstack-ansible		08:04
*** shardy has joined #openstack-ansible		08:09
*** ianychoi has quit IRC		08:35
*** mbuil has quit IRC		08:35
*** mbuil has joined #openstack-ansible		08:35
*** epalper has joined #openstack-ansible		09:04
*** markvoelker has quit IRC		09:08
*** sxc731 has joined #openstack-ansible		09:11
*** pbandark has joined #openstack-ansible		09:19
*** SmearedBeard has joined #openstack-ansible		09:32
openstackgerrit	Jean-Philippe Evrard proposed openstack/openstack-ansible-os_keystone master: Use a venv with previous ansible version for upgrades https://review.openstack.org/532470	09:35
*** cshen has quit IRC		09:35
*** nshetty has quit IRC		09:56
*** nshetty has joined #openstack-ansible		09:56
*** cshen has joined #openstack-ansible		09:56
*** nshetty_ has joined #openstack-ansible		10:03
*** nshetty has quit IRC		10:04
*** nshetty_ is now known as nshetty		10:05
*** threestrands has joined #openstack-ansible		10:21
*** stuartgr has joined #openstack-ansible		10:36
*** rpittau has joined #openstack-ansible		10:54
openstackgerrit	Jean-Philippe Evrard proposed openstack/openstack-ansible-os_keystone master: DNM - test to see if linters are working https://review.openstack.org/532489	10:56
*** rgogunskiy has quit IRC		10:57
pradiprwt	Hi Everyone, I have integrated the ceph with OSA, everything is working fine but I am not able to delete images.. any suggestion for this issue >>Traceback >>http://paste.openstack.org/show/642228/	11:02
*** Smeared_Beard has joined #openstack-ansible		11:02
*** SmearedBeard has quit IRC		11:05
*** sbra has quit IRC		11:06
*** markvoelker has joined #openstack-ansible		11:08
openstackgerrit	Markos Chandras (hwoarang) proposed openstack/openstack-ansible-os_cinder master: tasks: cinder_qos: Use exact match for QoS rules https://review.openstack.org/532494	11:18
openstackgerrit	Periyasamy Palanisamy proposed openstack/openstack-ansible-os_neutron master: add ml2 config for networking bgpvpn https://review.openstack.org/522598	11:31
*** armaan has quit IRC		11:33
*** armaan has joined #openstack-ansible		11:33
openstackgerrit	Periyasamy Palanisamy proposed openstack/openstack-ansible-os_neutron master: add ml2 config for networking bgpvpn https://review.openstack.org/522598	11:33
*** armaan has quit IRC		11:34
*** armaan has joined #openstack-ansible		11:34
*** chhavi__ has quit IRC		11:35
*** markvoelker has quit IRC		11:42
*** ThomasSch has joined #openstack-ansible		11:50
ThomasSch	hi	11:50
ThomasSch	i know it is not OSA specific but does anyone know where to configure the action triggered by horizon when you click migrate host?	11:50
ThomasSch	i would love to have it trigger host-evacuate-live	11:51
*** drifterza has joined #openstack-ansible		11:53
*** shardy is now known as shardy_lunch		12:03
openstackgerrit	Markos Chandras (hwoarang) proposed openstack/openstack-ansible-os_cinder master: tasks: cinder_qos: Use exact match for QoS rules https://review.openstack.org/532494	12:18
*** rgogunskiy has joined #openstack-ansible		12:20
*** smatzek has joined #openstack-ansible		12:20
*** brad[] has joined #openstack-ansible		12:29
*** lihi has joined #openstack-ansible		12:29
openstackgerrit	Taseer Ahmed proposed openstack/openstack-ansible-os_congress master: Introduce os_congress role in gerrit https://review.openstack.org/522491	12:36
*** markvoelker has joined #openstack-ansible		12:39
bhujay	pradiprwt: home on the glance pool permission is proper . Some hint for the permission - { name: client.glance, key: "$(ceph-authtool --gen-print-key)", mon_cap: "allow r", osd_cap: "allow class-read object_prefix rbd_children, allow rwx pool={{ openstack_glance_pool.name }}", mode: "0600", acls: [] }	12:42
bhujay	*hope	12:43
bhujay	pradiprwt: connect from shell using glance key and try creating and deleting some rbd image with glance pool to see if the issue is with ceph or openstack	12:44
*** jwitko_ has quit IRC		12:46
*** shardy_lunch is now known as shardy		12:47
mhayden	good morning, folks	12:52
evrardjp	morning mhayden	12:56
*** prasen has joined #openstack-ansible		12:56
*** yifei has quit IRC		12:59
*** yifei has joined #openstack-ansible		13:00
*** DELL has joined #openstack-ansible		13:03
*** DELL is now known as Guest69945		13:04
*** Guest69945 has quit IRC		13:06
*** Sadipan has joined #openstack-ansible		13:09
openstackgerrit	Periyasamy Palanisamy proposed openstack/openstack-ansible-os_neutron master: add ml2 config for networking bgpvpn https://review.openstack.org/522598	13:09
*** smatzek has quit IRC		13:09
* mhayden is deploying master on his centos 7 environment		13:10
*** markvoelker has quit IRC		13:12
*** ivveh has joined #openstack-ansible		13:13
*** smatzek has joined #openstack-ansible		13:14
*** drifterza has quit IRC		13:14
odyssey4me	mhayden https://media.giphy.com/media/kYkQYXkO3XyRa/giphy.gif	13:17
mhayden	haha	13:18
odyssey4me	mhayden you have seen that all the upgrade jobs are failing, right?	13:23
*** yifei1 has joined #openstack-ansible		13:24
*** yifei has quit IRC		13:26
*** yifei1 is now known as yifei		13:26
*** woodard has joined #openstack-ansible		13:26
*** shardy is now known as shardy_mtg		13:28
*** sxc731 has quit IRC		13:30
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-lxc_hosts master: Fix 'status' typo https://review.openstack.org/532526	13:30
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-lxc_hosts stable/pike: Allow NetworkManager to work (if present) https://review.openstack.org/532201	13:31
mhayden	evrardjp / odyssey4me: if y'all could help me tidy up my mess, i'd be much obliged https://review.openstack.org/#/c/532526/	13:31
*** woodard has quit IRC		13:32
*** Sadipan has quit IRC		13:32
*** woodard has joined #openstack-ansible		13:33
odyssey4me	oh dear :/ done	13:33
*** bhujay has quit IRC		13:33
mhayden	thanks sir	13:34
*** hw_wutianwei has joined #openstack-ansible		13:35
*** sbra has joined #openstack-ansible		13:35
*** prasen has quit IRC		13:36
mhayden	oof i botched it again	13:37
mhayden	i knew quitting coffee was a bad idea	13:37
evrardjp	mhayden: you remember what I said about FOCUS? :p	13:37
*** SerenaFeng has joined #openstack-ansible		13:38
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-lxc_hosts master: Fix typo for wait-online service https://review.openstack.org/532526	13:38
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-lxc_hosts stable/pike: Allow NetworkManager to work (if present) https://review.openstack.org/532201	13:39
mhayden	i guess i'm glad i'm deploying master ;)	13:39
*** prasen has joined #openstack-ansible		13:39
evrardjp	What would be cool, is that we stop introducing features this week, and just fix the whole series of bug we have.	13:40
evrardjp	like the upgrade ones.	13:40
evrardjp	:)	13:40
evrardjp	Just saying!	13:40
mhayden	haha	13:40
*** SerenaFeng has quit IRC		13:40
mhayden	well i am doing greenfield testing of master on centos this morning in the background while doing other things	13:40
mhayden	do we plan to address the ansible 2.4 deprecations around "import_tasks/include_tasks" in this cycle?	13:42
mhayden	not sure if i missed a discussion there	13:43
*** prasen has quit IRC		13:46
evrardjp	we will but that's a minor bug, right now we have so much bigger on our plate :)	13:47
evrardjp	like real ansible 2.4 regressions and stuff!	13:47
evrardjp	(working on it)	13:47
evrardjp	and our inventory issues :/	13:47
evrardjp	and our upgrade issues :/	13:47
evrardjp	(working on it too)	13:47
evrardjp	and the opened bugs!	13:47
evrardjp	I think there is one assigned to you with sudo	13:48
evrardjp	long story short: I am sure we can find you places to help if you want :D	13:48
*** shardy_mtg is now known as shardy		13:59
*** drifterza has joined #openstack-ansible		14:00
*** armaan has quit IRC		14:00
*** armaan has joined #openstack-ansible		14:00
*** hw_wutianwei has quit IRC		14:01
*** sxc731 has joined #openstack-ansible		14:04
*** hw_wutianwei has joined #openstack-ansible		14:08
*** markvoelker has joined #openstack-ansible		14:10
*** cmart has joined #openstack-ansible		14:11
cmart	Good morning OSA. Looks like Ubuntu just released kernel patches for the "Meltdown" vulnerability. Has anyone applied these to their deployments yet, and if so, run into any issues?	14:12
*** jwitko_ has joined #openstack-ansible		14:19
*** smatzek has quit IRC		14:22
*** smatzek has joined #openstack-ansible		14:22
*** smatzek has quit IRC		14:24
*** chhavi__ has joined #openstack-ansible		14:34
*** lbragstad has joined #openstack-ansible		14:38
*** markvoelker has quit IRC		14:43
mhayden	cmart: mattt just pointed me at #20 here -> https://blog.online.net/2018/01/03/important-note-about-the-security-flaw-impacting-arm-intel-hardware/	14:44
*** afred312 has quit IRC		14:46
*** afred312 has joined #openstack-ansible		14:46
cmart	"Just got the Meltdown update to kernel linux-image-4.4.0-108-generic but this doesnt boot at all. It just hangs after grub."	14:46
cmart	wow. oops. glad I didn't apply that one. sounds like a fix was released, 4.4.0-109?	14:47
*** markvoelker has joined #openstack-ansible		14:51
*** prasen has joined #openstack-ansible		14:52
*** rgogunskiy has quit IRC		14:56
-openstackstatus- NOTICE: Gerrit is being restarted due to slowness and to apply kernel patches		14:57
*** openstackgerrit has quit IRC		15:01
*** markvoelker has quit IRC		15:03
*** tone_z has joined #openstack-ansible		15:03
*** smatzek has joined #openstack-ansible		15:05
*** smatzek_ has joined #openstack-ansible		15:06
*** tone_zrt has quit IRC		15:07
*** smatzek has quit IRC		15:08
*** woodard has quit IRC		15:08
*** dave-mccowan has joined #openstack-ansible		15:09
*** dave-mcc_ has joined #openstack-ansible		15:12
*** ianychoi has joined #openstack-ansible		15:14
*** dave-mccowan has quit IRC		15:14
*** pbandark has quit IRC		15:16
*** pbandark has joined #openstack-ansible		15:20
*** sxc731 has quit IRC		15:25
*** bhujay has joined #openstack-ansible		15:27
*** hw_wutianwei has quit IRC		15:29
*** openstackgerrit has joined #openstack-ansible		15:36
openstackgerrit	Merged openstack/openstack-ansible-lxc_hosts master: Fix typo for wait-online service https://review.openstack.org/532526	15:36
*** markvoelker has joined #openstack-ansible		15:37
*** germs has joined #openstack-ansible		15:48
*** foutatoro has joined #openstack-ansible		15:50
*** sxc731 has joined #openstack-ansible		15:50
*** nshetty has quit IRC		15:50
*** sbra has quit IRC		16:04
*** mfisch` has joined #openstack-ansible		16:06
*** mfisch has quit IRC		16:10
*** woodard has joined #openstack-ansible		16:10
*** woodard has quit IRC		16:10
*** woodard has joined #openstack-ansible		16:10
*** john51 has quit IRC		16:17
*** markvoelker has quit IRC		16:19
*** markvoelker has joined #openstack-ansible		16:22
*** epalper has quit IRC		16:23
*** john51 has joined #openstack-ansible		16:23
openstackgerrit	Merged openstack/openstack-ansible stable/ocata: Avoid retrieving IP from a missing bridge https://review.openstack.org/532244	16:25
*** markvoelker has quit IRC		16:27
*** armaan has quit IRC		16:27
*** armaan has joined #openstack-ansible		16:28
*** armaan has quit IRC		16:28
*** armaan has joined #openstack-ansible		16:28
*** chyka has joined #openstack-ansible		16:31
*** prasen has quit IRC		16:41
mhayden	evrardjp: i slid you a little more keepalived love https://github.com/evrardjp/ansible-keepalived/pull/56	16:41
evrardjp[m]	woot	16:42
evrardjp[m]	I can't check rn, so it will probably be for tomorrow.	16:43
openstackgerrit	Major Hayden proposed openstack/openstack-ansible master: Use full paths for keepalived scripts https://review.openstack.org/532573	16:45
*** bhujay has quit IRC		16:46
*** RandomTech has joined #openstack-ansible		16:49
RandomTech	hey, is it normal for rabbitMQ to have an error during setup-infrastructure that doesnt happen after rerunning it	16:49
openstackgerrit	Markos Chandras (hwoarang) proposed openstack/ansible-hardening master: tasks: auth: Pass --unrestricted to Linux Grub2 entries https://review.openstack.org/532574	16:50
hwoarang	mhayden: ^ what do you think	16:50
mhayden	lookin	16:51
mhayden	hmm, does that work okay on other distros?	16:53
mhayden	i've not tested	16:53
hwoarang	works on ubuntu	16:53
hwoarang	you need password to edit an entry but you can boot without a password	16:53
hwoarang	i believe that's the desired behavior	16:53
mhayden	yeah, i'd certainly hope so	16:54
mhayden	sheesh	16:54
mhayden	:P	16:54
mhayden	71961 requires auth before single-user and maintenance mode booting	16:55
mhayden	so i think that's sufficient	16:55
hwoarang	let me check again what happens in the advanced boot entries	16:56
hwoarang	but if there is a problem there that affects all distros and it's unrelated :/	16:56
hwoarang	*unrelated to this bug	16:56
mhayden	hwoarang: btw, i backported that fix for networkmanager -> https://review.openstack.org/#/c/532201/	16:58
hwoarang	sounds like all entries can be booted without password so a separate fix is needed	16:59
*** sbra has joined #openstack-ansible		17:01
*** dave-mcc_ has quit IRC		17:11
*** pcaruana has quit IRC		17:11
prometheanfire	do we have more info than https://docs.openstack.org/project-deploy-guide/openstack-ansible/pike/app-ceph.html for integrating ceph into osa?	17:11
logan-	https://docs.openstack.org/project-deploy-guide/openstack-ansible/pike/app-config-prod-ceph.html	17:11
*** pradiprwt has quit IRC		17:12
prometheanfire	ah, thanks	17:14
*** pbandark has quit IRC		17:15
*** phalmos has joined #openstack-ansible		17:15
mhayden	that feeling when you fight OSA for a half hour only to release you forgot to trunk a vlan	17:17
mhayden	:\|	17:17
* mhayden razzafrazzas		17:17
*** chyka has quit IRC		17:18
*** chyka has joined #openstack-ansible		17:19
*** dave-mccowan has joined #openstack-ansible		17:19
prometheanfire	logan-: that link makes it look like osa is deploying ceph-ansible	17:19
*** phalmos has quit IRC		17:20
logan-	that is what the example is for, yes	17:20
logan-	are you lookign to integrate existing ceph cluster into osa?	17:20
prometheanfire	yep	17:20
*** Smeared_Beard has quit IRC		17:20
*** mfisch` has quit IRC		17:23
*** germs1 has joined #openstack-ansible		17:23
*** mbuil has quit IRC		17:24
*** phalmos has joined #openstack-ansible		17:27
logan-	prometheanfire: i don't know if there is much info about that in the docs pages, but there is a lot of example info on how to setup the ceph client vars in https://github.com/openstack/openstack-ansible/blob/master/etc/openstack_deploy/user_variables.yml	17:30
prometheanfire	logan-: true, it's just a mater of figuring out exactly which bits to flip	17:33
openstackgerrit	Antony Messerli proposed openstack/openstack-ansible-repo_server stable/newton: Ensure the /var/log/apt-cacher-ng directory created https://review.openstack.org/532581	17:35
openstackgerrit	Antony Messerli proposed openstack/openstack-ansible-repo_server stable/ocata: Ensure the /var/log/apt-cacher-ng directory created https://review.openstack.org/532582	17:35
openstackgerrit	Antony Messerli proposed openstack/openstack-ansible-repo_server stable/pike: Ensure the /var/log/apt-cacher-ng directory created https://review.openstack.org/532583	17:36
*** cjloader_ has joined #openstack-ansible		17:36
*** zerick has joined #openstack-ansible		17:39
cloudnull	afternoons !	17:40
*** zerick has quit IRC		17:41
*** zerick has joined #openstack-ansible		17:42
*** zerick has quit IRC		17:45
*** zerick has joined #openstack-ansible		17:46
*** gkadam has quit IRC		17:47
SamYaple	o/	17:47
*** armaan has quit IRC		17:47
*** armaan has joined #openstack-ansible		17:48
*** drifterza has quit IRC		17:50
spotz	Hey SamYaple	17:50
spotz	hey cloudnull	17:51
cloudnull	yo yo	17:54
*** sxc731 has quit IRC		18:10
*** RandomTech has quit IRC		18:18
*** openstacking_123 has joined #openstack-ansible		18:19
DimGR	yo	18:23
*** openstack has joined #openstack-ansible		18:32
*** ChanServ sets mode: +o openstack		18:32
*** sxc731 has joined #openstack-ansible		18:32
*** SmearedBeard has joined #openstack-ansible		18:44
*** stuartgr has quit IRC		18:47
*** SmearedBeard has quit IRC		18:52
*** TxGirlGeek has joined #openstack-ansible		18:55
mhayden	i deployed master and xtrabackup's xinetd listener isn't configured to allow traffic from my haproxy node :/	19:01
mhayden	so the health checks fail each time	19:01
*** poopcat has joined #openstack-ansible		19:06
openstackgerrit	Merged openstack/openstack-ansible-lxc_hosts stable/pike: Allow NetworkManager to work (if present) https://review.openstack.org/532201	19:07
*** shardy has quit IRC		19:08
sxc731	Hi team, I'm trying to figure out why my OSA-deployed Keystone performs poorly... I've found that the uWSGI processes complain with "!!! no internal routing support, rebuild with pcre support !!!"	19:08
sxc731	(this is 16.0.2 on Xenial)	19:09
sxc731	Is this serious? Should I raise a defect? According to https://stackoverflow.com/a/22645915/645016 it's just a matter of compiling uWSGI after installing libpcre3-dev, which seems to be missing from the repo containers	19:10
*** poopcat1 has joined #openstack-ansible		19:10
*** SmearedBeard has joined #openstack-ansible		19:11
spotz	sxc731: If you would that'd be nice, we can go over it at the next triage	19:12
*** poopcat has quit IRC		19:13
*** poopcat1 is now known as poopcat		19:14
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-haproxy_server master: Make haproxy stats refresh interval configurable https://review.openstack.org/532607	19:14
sxc731	spotz: thank you! Will do. Alas, I've ruled this out as the cause of my poor KS performance after installing a "fixed" uWSGI (getting ~150ms token validation with some weird degenerate cases at 5000+ms, on lightly loaded metal). I'm trying to profile the processes but uWSGI doesn't seem to make this easy. Any idea as to what could cause this poor performance?	19:15
spotz	sxc731: I haven't done much with metal in a long time. i do know evrardjp and mauybe cloudnull were doing somoe work on it but not sure what aspect	19:16
*** SmearedBeard has quit IRC		19:16
sxc731	spotz: sorry for confusion KS is running in containers but the containers are on decent metal as opposed to some VMs (which should yield decent perf)	19:17
cloudnull	lbragstad: ^	19:17
cloudnull	sxc731: I've not seen anything in particular that would create a slow performance situation with Keystone and uWSGI	19:18
cloudnull	is it only token validation ?	19:19
lbragstad	sxc731: o/	19:19
lbragstad	it is strange that you're seeing this with uwsgi only (if that is the case), were any other configuration changes made?	19:20
sxc731	thank you guys! I haven't done any tweaking and uWSGI was the default deployment from what I can tell?	19:20
sxc731	Basically deployed OpenStack perf is crap all round and I figured if token validation doesn't perform, then pretty much nothing will, right? Upward from 150ms for each token validation oin lightly loaded HW can't be right, can it?	19:21
sxc731	I'm using this from Dolph Matthews to benchmark KS: https://gist.github.com/dolph/02c6d37f49596b3f4298	19:22
lbragstad	unfortunately, it depends on your configuration... do you know if you've enabled caching (osa might by default but I haven't checked in a while)	19:22
cloudnull	sxc731: I've seens act like that when caching was busted?	19:22
cloudnull	ha.	19:22
sxc731	Yes, caching is enabled by default and I've left it at that	19:22
* cloudnull deffers to lbragstad		19:23
cloudnull	:)	19:23
sxc731	lbragstad: is there an easy way to figure out if memcached is actually working as it should?	19:23
sxc731	Agree, cache was my first thought	19:24
lbragstad	sxc731: i believe oslo.cache exposes debug logging (which is super noisy) but it should tell you in the service logs if there are hits or misses in the cache	19:24
lbragstad	i'd also just double check the caching configuration if you know there is traffic going to memcache	19:25
cloudnull	sxc731: is debug enabled and are you seeing a lot of IO on your hosts?	19:25
lbragstad	for one reason or another, we offer a million knobs for caching in keystone	19:25
sxc731	lbragstad: cool, I suppose enabling global "debug = True" in KS's main conf file isn't sufficient to get this? I'll see if I can figure how to turn it on	19:25
lbragstad	let me see if i can find the oslo.cache bits	19:25
cloudnull	i've seen a notable slowdown in openstack when debug is enabled.	19:26
lbragstad	https://github.com/openstack/oslo.cache/blob/master/oslo_cache/_opts.py#L69-L75	19:26
cloudnull	not to say it wasn't slow before debug was enabled.	19:26
lbragstad	^ that probably won't fix your performance problems, but it could help diagnose if your cache backend is seeing traffic	19:26
cloudnull	but it can exacerbate the issue.	19:27
lbragstad	keystone allows you to toggle caching per keystone sub-system, which gives you the flexibility to cache identity data but not cache catalog data (or whatever your case is)	19:27
sxc731	Thanks for the suggestion: the issue first appeared when debugging was turned off. Enabling it to diagnose didn't actually make a noticeable difference; suggesting my perf was cr*p to begin with...	19:27
lbragstad	I usually recommend caching everything though	19:28
lbragstad	this is a pike deployment?	19:28
sxc731	Yes, I did study the caching config; seems that so long as the main toggle is on then all subsystems not explicitly disabled will be on too. But I'm sure you knew this ;-)	19:28
sxc731	It is Pike yes	19:28
lbragstad	ok - yep, that sounds right	19:28
lbragstad	so long as your cache backend is seeing activity you should be caching everything	19:29
*** rmcall has joined #openstack-ansible		19:30
sxc731	OK let me try to see if I can prove caching is working using your debug toggle	19:31
lbragstad	token validation is also strictly made up of read-only database queries (if caching is disabled)	19:31
sxc731	FWIW this is keystone.conf (generated by OSA with just some minor tweak by myself): http://paste.openstack.org/show/642486/	19:32
spotz	hey lbragstad:)	19:32
cloudnull	sxc731: also which token type are you using? fernet (the default)?	19:33
sxc731	My tweak was adding caching = true for [catalog] and [role] (before I understood they were on by default). Perhaps the longer cache_time for [catalog] would be a nice enhancement for OSA?	19:33
sxc731	cloudnull: yep, I have actually not tweaked any of the config, so Fernet it is	19:33
cloudnull	cool	19:33
cloudnull	just checking	19:33
lbragstad	spotz: o/	19:33
lbragstad	is this argument the same across all keystone containers? backend_argument = url:172.20.120.247,172.20.68.222,172.20.112.234:11211	19:34
sxc731	At some point I was wondering if this could be caused by invalid certs or not running the KS internal & admin endpoints with TLS	19:34
sxc731	lbragstad: yes it's the same	19:34
lbragstad	ok - cool	19:34
sxc731	lbragstad: OSA-generated; I've compared them	19:35
lbragstad	sxc731: do you have an idea of what the data looks like in keystone (how many users, projects, role assignments, etc..)	19:35
*** SmearedBeard has joined #openstack-ansible		19:36
sxc731	lbragstad: it's a pretty new default install with just a handful of users/projects. I did set Tempest loose on it and it created some addtn'l shtuff	19:36
lbragstad	ack - so nothing out of the ordinary there	19:37
sxc731	perf was (subjectively, as in, as witnessed in Horizon) crap straight out of the box and I've been trying to figure this out for a good few weeks now :(	19:37
sxc731	lbragstad: can you confirm that ~150ms time to validate tokens is substandard? Dolph's gist'ed b-m results have order of 5-6ms!	19:39
*** mpranjic has joined #openstack-ansible		19:39
sxc731	And also what could be causing these 1-2/100 spikes to over 5s to validate? This is single-threaded benchmarking on a system that's not commissioned yet, ie: no background load.	19:40
lbragstad	when we did the benchmarking, we found it to be totally subjective based on the environment	19:40
*** SmearedBeard has quit IRC		19:41
sxc731	Here's a typical run with 100 requests:	19:41
sxc731	Percentage of the requests served within a certain time (ms):	19:41
sxc731	50% 163	19:41
sxc731	66% 579	19:41
sxc731	75% 588	19:41
* lbragstad digs up performance bot results		19:41
sxc731	80% 596	19:41
sxc731	90% 5572	19:41
sxc731	95% 5592	19:41
sxc731	98% 5592	19:41
sxc731	99% 5592	19:41
sxc731	BTW, I'm running the b-m's directly against the KS back-ends as opposed to going through haproxy (which didn't make a difference but I wanted to rule out haproxy shenanigans)	19:42
lbragstad	sure	19:43
lbragstad	i did have some on-metal performance infrastructure so that we could run performance benchmarks on patches in review	19:43
*** rmcall has quit IRC		19:43
lbragstad	and i dumped all the results https://github.com/lbragstad/keystone-performance/tree/master/results	19:43
sxc731	OK just looking at one of those (https://github.com/lbragstad/keystone-performance/blob/master/results/03ba1324c2/20161122103227/benchmark-results.txt) they don't seem too far off mine; albeit you don't see those degenerate cases at 5s!	19:45
lbragstad	right	19:45
lbragstad	sxc731: if you deploy keystone with a higher affinity do you see differences?	19:45
sxc731	I noticed the validation API spits back the complete catalog (which can be quite big). Presumably this isn't the case everytime an OS service validates through keystonemiddleware?	19:46
lbragstad	there is a switch in keystonemiddleware for that i believe	19:46
lbragstad	but that catalog is also cache-able	19:46
*** SmearedBeard has joined #openstack-ansible		19:46
*** rmcall has joined #openstack-ansible		19:46
sxc731	Sure, and it should be cached if my cache is working well... that's still feels like quite a bit of data that flows back to the client (~7k in my case)	19:47
sxc731	What's the affinity?	19:48
sxc731	(sorry, not familiar with that one)	19:48
lbragstad	for reference - dolph and i benchmarked a PoC of fernet in a global deployment (~36 app servers backed by ~18 galera nodes) and we saw anywhere from 110 - 160 ms response times for 120k RPM	19:48
lbragstad	sxc731: affinity is just the number of containers	19:48
sxc731	Ah... well I'm running a single b-m client against a single container so presumably this wouldn't make a huge difference	19:49
lbragstad	that was about the hardest we were able to push it, but certainly noticed it scaled linearly	19:49
sxc731	Presumably the disk perf only matters if not hitting cache? Mine are on SSDs anyway...	19:50
lbragstad	correct	19:50
lbragstad	in which case, you might notice when the cache expires	19:50
*** cshen_ has joined #openstack-ansible		19:50
sxc731	But if I summarize what you're saying, order of 150ms is ok; therefore I must look elsewhere as to what's causing every single Horizon page to take order of 10s to load?	19:51
*** zerick has quit IRC		19:51
*** zerick_ has joined #openstack-ansible		19:51
lbragstad	sxc731: yeah	19:52
*** SmearedBeard has quit IRC		19:52
ashak	can anyone help with a bit of coaching? I've been looking at why a bunch of logging doesn't work on CentOS, particularly syslog and haproxy, but I think it affects a few of teh other default logs. I know how to fix it but i'm a bit conflicted on how I should fix it.	19:52
lbragstad	sxc731: but - we do have oslo.cache working into keystonemiddleware and it can be setup the same way you do caching in keystone	19:52
lbragstad	which means you should only see round-trip performance hits once from the service	19:52
lbragstad	and that should help	19:53
sxc731	lbragstad: now that's quite interesting. Does this need to be set in each service's config?	19:53
lbragstad	the options would be exposed through keystonemiddleware via oslo.cache, so yeah..	19:53
lbragstad	correct, it would need to be defined at the service	19:53
lbragstad	https://github.com/openstack/keystonemiddleware/commit/9d8e2836fe7fca186e0380d8a532540ff5cc5215	19:54
sxc731	Do you happen to know if this is enabled by default with OSA deployments? I don't suppose the Horizon performance I'm seeing is "works as expected" for a pretty much out-of-box OSA deployment using Fernet?	19:55
sxc731	I'm coming from a Fuel-deployed Kilo deployment (UUID tokens) on weaker hardware that performs significantly better	19:55
lbragstad	sxc731: yeah - the last time i deployed osa i didn't notice that	19:56
lbragstad	it could be something specific to horizon, too?	19:56
sxc731	lbragstad: I agree. Seems like I've been barking up the wrong tree (KS) all along; it was dolph's gist that lead me to believe that my ~150ms validations were off (though these 5s degenerate cases are also intriguing but don't explain my bad overall perf of itself). Thank you _very_ much for all the help, I really appreciate it!	19:58
spotz	hehe blaiming dolph:)	19:59
sxc731	lbragstad: With your pointers, I'm still going to check that the cache works properly and that the inter-service cache is properly enabled	19:59
lbragstad	sxc731: anytime... i mean, there are probably things we can do in keystone	19:59
lbragstad	and yeah - i'd start by confirming cache traffic	20:00
sxc731	spotz: really didn't mean to blame anyone in the amazing community!	20:00
spotz	sxc731: We love Dolph no worries:)	20:01
lbragstad	sxc731: IME if you have 150 ms token validation responses, you shouldn't be having 10s page load issues in horizon	20:01
sxc731	lbragstad: one last q: if I want to hunt down those 5s degenerate cases, how would you go about profiling KS running under uWSGI; seems really hard... I've played with --profiler=pycall but this just outputs counts of call trees; not particularly useful	20:01
lbragstad	dolph had a good writeup using repoze	20:02
lbragstad	i've used plop in the past	20:02
lbragstad	https://github.com/bdarnell/plop	20:02
sxc731	OK ta, I'll google those	20:02
lbragstad	http://blog.dolphm.com/performance-profiling-openstack-services-with-repoze-profile/	20:03
sxc731	lbragstad: brilliant, thank you again! (and sorry for hijacking the OSA channel with all these KS q's)	20:03
lbragstad	sxc731: no worries - come find me in #openstack-keystone if you have any more issues	20:04
sxc731	lbragstad: will do, thank you. I'll also raise the defect on "!!! no internal routing support, rebuild with pcre support !!!"; this can't be improving things; though I've confirmed this isn't the cause of my issue	20:05
*** cshen_ has quit IRC		20:05
lbragstad	sounds good	20:05
*** hybridpollo has joined #openstack-ansible		20:10
mhayden	sxc731: which log had that message?	20:11
*** cshen_ has joined #openstack-ansible		20:17
sxc731	mhayden: sorry was chatting with lbragstad on the KS channel. The msg appears in both keystone-wsgi-admin.log and keystone-wsgi-public.log (KS container obviously). This is on Xenial. Believe the fix is here: https://stackoverflow.com/a/22645915/645016 (ie: make sure libpcre3-dev is installed when building the wheels on the repo container?)	20:23
mhayden	ah okay, thanks for that	20:23
*** rmcall has quit IRC		20:25
*** dave-mccowan has quit IRC		20:27
*** dave-mccowan has joined #openstack-ansible		20:38
sxc731	uWSGI PCRE issue: https://bugs.launchpad.net/openstack-ansible/+bug/1742538	20:43
openstack	Launchpad bug 1742538 in openstack-ansible "OSA-deployed uWSGI used by Keystone warns: "!!! no internal routing support, rebuild with pcre support !!!"" [Undecided,New]	20:43
SamYaple	sxc731: thats not an issue, just a warning	20:49
*** chyka has quit IRC		20:49
SamYaple	with or without pcre isnt changing anything	20:50
*** chyka has joined #openstack-ansible		20:50
SamYaple	(not for the way we use uwsgi that is)	20:50
sxc731	SamYaple: sure, I daid as much in the ticket. So Keystone doesn't rely in "internal routing"?	20:50
sxc731	^in^on	20:51
SamYaple	sxc731: forgive me, its been a while since i reeaserched it, but because of the way we run things (single service and all) the pcre stuff wouldnt get triggered anyway	20:51
SamYaple	that was my takeaway at the time	20:51
SamYaple	that said, i still build with libpcre3-dev	20:52
SamYaple	not discouraging adding it	20:52
sxc731	SamYaple: OK ta. Indeed I suppose if there's a reasonably cheap way to fix the issue maybe it should be done (as a low prio) just to avoid causing false alarm?	20:52
*** Jeffrey4l has quit IRC		20:52
SamYaple	agreed 100%	20:53
sxc731	Good stuff. I'm sure there's like a gazillion more pressing issues...	20:54
SamYaple	yea but none with such easy solutions :P	20:55
sxc731	Well then, cool low hanging fruit. I have to admit I looked into how to fix this in repo_build (assuming that's even the right place) and couldn't figure it out; so at least for me, not trivial... Ended up installing uWSGI from PyPi to test if it made a difference...	20:57
*** chyka has quit IRC		20:59
*** chyka_ has joined #openstack-ansible		20:59
*** cshen_ has quit IRC		21:00
*** Jeffrey4l has joined #openstack-ansible		21:03
SamYaple	sxc731: you just need to add the dev libs to the repo build package list	21:07
sxc731	SamYaple: ok ta. I must be a little thick because I still can't seem to fins this and I'm sure it's obvious... but presumably this should be in there by default, correct?	21:11
SamYaple	yea	21:12
SamYaple	probably	21:12
*** kylek3h has joined #openstack-ansible		21:16
*** smatzek_ has quit IRC		21:19
*** smatzek has joined #openstack-ansible		21:20
*** smatzek_ has joined #openstack-ansible		21:22
*** smatzek has quit IRC		21:24
*** smatzek_ has quit IRC		21:26
*** sbra has quit IRC		21:27
*** dave-mccowan has quit IRC		21:29
*** sxc731 has quit IRC		21:31
*** kylek3h has quit IRC		21:38
*** chhavi__ has quit IRC		21:41
mhayden	cloudnull: i like neutron agents on the hosts, but dang, i'm in SELinux hell with that right now ;)	21:41
jrosser	looking at a deploy log i see that pretty much every non skipped task takes a minimum of ~6 seconds, regardless of how trivial it is	21:41
*** pcaruana has joined #openstack-ansible		21:42
jrosser	is this normal? that minimum time seems to entirely dominate the deploy time of ~5hours	21:42
*** pcaruana has quit IRC		21:43
*** armaan has quit IRC		21:48
*** woodard_ has joined #openstack-ansible		21:50
*** woodard has quit IRC		21:50
*** woodard_ has quit IRC		21:51
*** threestrands_ has joined #openstack-ansible		21:52
*** threestrands_ has quit IRC		21:53
*** threestrands_ has joined #openstack-ansible		21:53
*** threestrands has quit IRC		21:54
*** chyka_ has quit IRC		21:57
*** armaan has joined #openstack-ansible		22:00
*** smatzek has joined #openstack-ansible		22:00
*** masber has joined #openstack-ansible		22:02
*** cjloader_ has quit IRC		22:03
*** smatzek has quit IRC		22:05
openstackgerrit	Major Hayden proposed openstack/openstack-ansible-os_neutron master: Add SELinux policies for bare metal agents https://review.openstack.org/532646	22:05
mhayden	cloudnull: ^^	22:05
mhayden	antonym: on those glance backports, did you use the cherry pick button in gerrit?	22:17
-openstackstatus- NOTICE: The zuul system is being restarted to apply security updates and will be offline for several minutes. It will be restarted and changes re-equeued; changes approved during the downtime will need to be rechecked or re-approved.		22:22
*** afred312 has quit IRC		22:27
*** threestrands_ has quit IRC		22:41
*** threestrands has joined #openstack-ansible		22:55
*** afred312 has joined #openstack-ansible		22:58
*** afred312 has quit IRC		23:03
*** afred312 has joined #openstack-ansible		23:07
*** rmcall has joined #openstack-ansible		23:09
*** threestrands has quit IRC		23:11
*** threestrands has joined #openstack-ansible		23:20
*** openstacking_123 has quit IRC		23:39
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-tests stable/ocata: Skip and echo out gzip log compression error https://review.openstack.org/532692	23:40
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-tests stable/newton: Skip and echo out gzip log compression error https://review.openstack.org/532693	23:41
openstackgerrit	Kevin Carter (cloudnull) proposed openstack/openstack-ansible-tests stable/pike: Skip and echo out gzip log compression error https://review.openstack.org/532694	23:43
*** cjloader_ has joined #openstack-ansible		23:46
cloudnull	jrosser: yup. we've an execution plugin that will evaluate tasks and not even load them if we know for certain nothing will be executed for this very issue.	23:47
*** phalmos has quit IRC		23:47
cloudnull	however we can't fully evaluate all tasks so the plugin is quite conservative	23:48
*** cjloader_ has quit IRC		23:51

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!