Wednesday, 2018-01-31

« Tuesday, 2018-01-30 Index Thursday, 2018-02-01 »
*** rstarmer has quit IRC00:00
*** TicToc has quit IRC00:07
*** TicToc has joined #openstack-ansible00:09
*** guhcampos has quit IRC00:14
*** kstev1 is now known as kstev00:30
*** ianychoi has joined #openstack-ansible00:31
*** pbandark has quit IRC00:33
*** chyka has quit IRC00:34
*** vnogin has joined #openstack-ansible00:40
*** cjloader has joined #openstack-ansible00:43
*** markvoelker has quit IRC00:43
*** markvoelker has joined #openstack-ansible00:44
*** vnogin has quit IRC00:46
*** markvoelker has quit IRC00:48
openstackgerritMerged openstack/openstack-ansible stable/pike: Add a return code check to the osa wrapper  https://review.openstack.org/53902700:51
*** cjloader has quit IRC00:57
*** TicToc has quit IRC01:09
*** dave-mccowan has joined #openstack-ansible01:13
*** Neptu_ has quit IRC01:13
*** Neptu has joined #openstack-ansible01:16
*** TicToc has joined #openstack-ansible01:19
*** markvoelker has joined #openstack-ansible01:30
*** woodard_ has joined #openstack-ansible01:33
*** woodard has quit IRC01:33
openstackgerritNguyen Hung Phuong proposed openstack/openstack-ansible-tests master: Clean imports in code  https://review.openstack.org/53940002:19
*** kstev has quit IRC02:28
*** akasurde has joined #openstack-ansible02:47
*** akasurde has joined #openstack-ansible02:47
*** Pramod has quit IRC03:05
cloudnullevenings03:14
*** mgagne has quit IRC03:22
*** chris_hultin has quit IRC03:23
*** mgagne has joined #openstack-ansible03:24
*** chris_hultin|AWA has joined #openstack-ansible03:24
*** mgagne is now known as Guest8724003:24
*** toan has quit IRC03:24
*** chris_hultin|AWA is now known as chris_hultin03:24
*** toan has joined #openstack-ansible03:26
*** gkadam has quit IRC03:33
*** ANKITA has joined #openstack-ansible03:50
*** ANKITA has quit IRC04:13
*** TicToc has quit IRC04:14
mhaydencloudnull: orly04:20
*** TicToc has joined #openstack-ansible04:23
*** dave-mccowan has quit IRC04:32
*** poopcat1 has joined #openstack-ansible04:34
*** poopcat has quit IRC04:34
*** taseer2 is now known as Taseer04:46
openstackgerritTaseer Ahmed proposed openstack/openstack-ansible-os_congress master: Introduce os_congress role in gerrit  https://review.openstack.org/52249104:46
*** cjloader has joined #openstack-ansible04:48
*** SONY_ has joined #openstack-ansible04:51
*** SONY_ has quit IRC04:52
*** cjloader has quit IRC04:53
*** SON has joined #openstack-ansible04:53
SONHI04:53
SONAm facing an issue while adding additional infrastructure node RUNNING HANDLER [haproxy_server : Restart haproxy] ***************************** Tuesday 30 January 2018  02:48:39 -0800 (0:00:00.805)       0:19:55.373 ******* fatal: [infra4]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to restart service haproxy: Job for haproxy.service failed because the control process exited with error code. See \"systemctl04:55
SONsystemctl status haproxy.service says :  haproxy.service: Control process exited, code=exited status=104:56
SONhaproxy.service: Start request repeated too quickly.04:57
SONjojooo05:02
SONfile /etc/ssl/private/haproxy.pem is missing05:02
SONinstead the location has ssl-cert-snakeoil.key file05:04
*** markvoelker has quit IRC05:06
*** hybridpollo has quit IRC05:08
*** poopcat1 has quit IRC05:10
SON ExecStartPre=/usr/sbin/haproxy -f ${CONFIG} -c -q (code=exited, status=1/FAILURE)05:11
*** zerick_ has quit IRC05:13
*** zerick has joined #openstack-ansible05:15
SON[ALERT] 029/200426 (20493) : Proxy 'rabbitmq_mgmt-front-1': no SSL certificate05:16
*** gkadam has joined #openstack-ansible05:23
*** TicToc has quit IRC05:23
*** TicToc has joined #openstack-ansible05:27
*** hybridpollo has joined #openstack-ansible05:28
*** hybridpollo has quit IRC05:35
*** cjloader has joined #openstack-ansible05:48
*** threestrands has quit IRC05:51
*** cjloader has quit IRC05:53
*** aruns__ has joined #openstack-ansible05:55
*** indistylo has joined #openstack-ansible05:56
*** aruns has joined #openstack-ansible05:57
*** aruns__ has quit IRC06:00
*** threestrands has joined #openstack-ansible06:01
*** aruns__ has joined #openstack-ansible06:01
*** indistylo has quit IRC06:01
Taseerevrardjp: do I need to add python-ceilometerclient in congress requirements ? http://logs.openstack.org/91/522491/69/check/openstack-ansible-functional-ubuntu-xenial/7f94033/logs/openstack/congress1/congress/congress-server.log.txt.gz06:06
*** TicToc has quit IRC06:28
*** TicToc has joined #openstack-ansible06:31
openstackgerritMerged openstack/openstack-ansible-os_neutron master: Add SELinux policies for bare metal agents  https://review.openstack.org/53264606:38
*** gkadam has quit IRC06:38
openstackgerritMerged openstack/openstack-ansible-os_cinder master: Zuul: Remove project name  https://review.openstack.org/53853806:39
*** gkadam has joined #openstack-ansible06:42
*** cjloader has joined #openstack-ansible06:48
*** akasurde is now known as akasurde_afkk06:48
*** gkadam has quit IRC06:52
*** cjloader has quit IRC06:53
*** gkadam has joined #openstack-ansible06:54
jafehagood morning06:58
*** akasurde_afkk has quit IRC07:00
*** indistylo has joined #openstack-ansible07:08
*** aruns has quit IRC07:08
*** aruns__ has quit IRC07:08
*** aruns has joined #openstack-ansible07:08
*** markvoelker has joined #openstack-ansible07:11
*** aruns has quit IRC07:15
*** aruns has joined #openstack-ansible07:15
*** aruns__ has joined #openstack-ansible07:15
*** indistylo has quit IRC07:15
*** pmannidi has quit IRC07:19
*** aruns__ has quit IRC07:20
*** indistylo has joined #openstack-ansible07:20
*** TicToc has quit IRC07:30
*** peri has joined #openstack-ansible07:42
*** markvoelker has quit IRC07:42
openstackgerritMarkos Chandras (hwoarang) proposed openstack/openstack-ansible-os_neutron master: tasks: Ensure Open vSwitch is started for all providers that need it  https://review.openstack.org/53893307:46
*** TicToc has joined #openstack-ansible07:47
*** cjloader has joined #openstack-ansible07:48
*** pcaruana has joined #openstack-ansible07:51
*** cjloader has quit IRC07:52
*** gaudenz has quit IRC07:57
*** akasurde_afkk has joined #openstack-ansible07:59
*** akasurde_afkk is now known as akasurde08:01
openstackgerritMerged openstack/openstack-ansible-ops master: Fix tftpd-hpa configuration issues  https://review.openstack.org/53933408:02
*** mbuil has joined #openstack-ansible08:06
*** TicToc has quit IRC08:08
*** aruns__ has joined #openstack-ansible08:09
*** indistylo has quit IRC08:11
*** aruns has quit IRC08:11
*** sawblade6 has quit IRC08:11
*** indistylo has joined #openstack-ansible08:12
*** sxc731 has joined #openstack-ansible08:23
*** sawblade6 has joined #openstack-ansible08:29
*** markvoelker has joined #openstack-ansible08:39
*** armaan has joined #openstack-ansible08:40
*** cjloader has joined #openstack-ansible08:48
*** cjloader has quit IRC08:52
*** chyka has joined #openstack-ansible08:59
*** gkadam has quit IRC09:03
*** rstarmer has joined #openstack-ansible09:03
*** chyka has quit IRC09:04
*** gkadam has joined #openstack-ansible09:04
openstackgerritTaseer Ahmed proposed openstack/openstack-ansible-os_congress master: Introduce os_congress role in gerrit  https://review.openstack.org/52249109:11
*** markvoelker has quit IRC09:12
*** pbandark has joined #openstack-ansible09:13
*** shardy has joined #openstack-ansible09:13
SONanyone faced similar issue while adding infra nodes?09:14
SONTASK [rsyslog_client : Configure logrotate to compress logs by default] ******                                        ** Wednesday 31 January 2018  01:11:29 -0800 (0:00:00.028)       0:20:25.042 ****                                        * ok: [infra5]  RUNNING HANDLER [haproxy_server : Regenerate haproxy configuration] **********                                        ** Wednesday 31 January 2018  01:11:29 -0800 (0:00:00.2209:14
evrardjpSON: where is the issue?09:16
*** exodusftw has quit IRC09:17
SONevrardjp haproxy status inactive for new node09:20
SONRUNNING HANDLER [haproxy_server : Restart haproxy] ***************************** Tuesday 30 January 2018  02:48:39 -0800 (0:00:00.805)       0:19:55.373 ******* fatal: [infra4]: FAILED! => {"changed": false, "failed": true, "msg": "Unable to restart service haproxy: Job for haproxy.service failed because the control process exited with error code. See \"systemctl status haproxy.service\" and \"journalctl -xe\" for details.\n"09:21
*** exodusftw has joined #openstack-ansible09:23
SONRUNNING HANDLER [haproxy_server : Restart haproxy] ***************************                                        ** Wednesday 31 January 2018  01:11:30 -0800 (0:00:00.433)       0:20:25.704 ****                                        * fatal: [infra5]: FAILED! => {"changed": false, "failed": true, "msg": "Unable                                         to restart service haproxy: Job for haproxy.service failed because the09:23
SONevrardjp on exe of  openstack-ansible setup-everything.yml --limit @/root/add_host.limit09:24
SON infra5 systemd[1]: Failed to start HAProxy Load Balancer.09:33
evrardjpSON: which version of openstack-ansible?09:33
SONocata09:36
evrardjpmore precisely?09:39
evrardjpif you could also paste the message somewhere that would be helpful. Also giving the value of your external_lb_vip_address and internal_lb_vip_address would help.09:40
SONopenstack --version openstack 3.8.109:41
evrardjpno I mean your openstack-ansible version09:42
evrardjpthe tag you checked out?09:42
SONexternal_lb_vip_address 10.40.100.10 &09:42
evrardjpif you want to paste your error message on paste.openstack.org that would be nice.09:43
evrardjpSON: ok, I suppose the & is just an issue while you typed it here :)09:43
evrardjpwhat is internal_lb_vip_address?09:43
SON external_lb_vip_address: 50.197.137.24809:46
openstackgerritMerged openstack/openstack-ansible-os_magnum stable/newton: Zuul: Remove project name  https://review.openstack.org/53863309:46
*** cjloader has joined #openstack-ansible09:48
openstackgerritMerged openstack/openstack-ansible stable/pike: Fix logic to check for insecure Keystone  https://review.openstack.org/53829709:51
openstackgerritMerged openstack/openstack-ansible master: Simplify memcached servers  https://review.openstack.org/53823509:51
*** cjloader has quit IRC09:53
*** armaan has quit IRC09:53
*** armaan has joined #openstack-ansible09:54
*** SON has quit IRC09:55
*** aruns has joined #openstack-ansible09:56
Taseerevrardjp: do you know what I might be missing => http://logs.openstack.org/91/522491/70/check/openstack-ansible-functional-ubuntu-xenial/7237659/logs/openstack/congress1/congress/congress-server.log.txt.gz09:58
*** aruns__ has quit IRC09:59
*** indistylo has quit IRC09:59
*** indistylo has joined #openstack-ansible09:59
*** SON has joined #openstack-ansible10:01
*** markvoelker has joined #openstack-ansible10:09
*** aruns has quit IRC10:13
*** aruns has joined #openstack-ansible10:14
*** aruns__ has joined #openstack-ansible10:14
*** indistylo has quit IRC10:14
*** aruns has quit IRC10:18
*** aruns has joined #openstack-ansible10:18
*** gkadam has quit IRC10:19
*** gkadam has joined #openstack-ansible10:20
*** aruns__ has quit IRC10:20
*** aruns__ has joined #openstack-ansible10:21
*** aruns__ has quit IRC10:22
*** aruns__ has joined #openstack-ansible10:22
*** jwitko_ has quit IRC10:25
*** aruns has quit IRC10:25
*** aruns__ has quit IRC10:26
evrardjpSON: these are twice the same, or is that a typo?10:33
evrardjpTaseer: ceilometer driver, from where it is.10:34
evrardjpTaseer: I don't know what provides it, but it's missing10:34
*** jafeha__ has joined #openstack-ansible10:35
*** jafeha has quit IRC10:35
evrardjpSON: I still don't know which ocata you have10:36
evrardjpso I can't reproduce it right now10:36
odyssey4meidlemind it sounds to me like you don't have the haproxy/keepalived config quite right then - apologies for wasting your time10:37
odyssey4meo/ all10:38
evrardjpodyssey4me: good morning10:39
*** markvoelker has quit IRC10:42
*** cjloader has joined #openstack-ansible10:48
*** cjloader has quit IRC10:53
*** taseer1 has joined #openstack-ansible11:13
*** Taseer has quit IRC11:14
*** taseer2 has joined #openstack-ansible11:14
*** taseer1 has quit IRC11:18
*** sawblade_ has joined #openstack-ansible11:21
*** taseer2 is now known as Taseer11:22
*** sawblade6 has quit IRC11:24
*** stuartgr has joined #openstack-ansible11:27
openstackgerritTaseer Ahmed proposed openstack/openstack-ansible-os_congress master: Introduce os_congress role in gerrit  https://review.openstack.org/52249111:32
openstackgerritMerged openstack/openstack-ansible-os_cinder stable/newton: Zuul: Remove project name  https://review.openstack.org/53854011:33
*** rpittau has quit IRC11:35
*** markvoelker has joined #openstack-ansible11:39
*** cjloader has joined #openstack-ansible11:48
*** sxc731 has quit IRC11:50
mbuilwhen will the stable/queens branch be created?11:50
*** cjloader has quit IRC11:52
openstackgerritMerged openstack/openstack-ansible-os_cinder stable/ocata: Zuul: Remove project name  https://review.openstack.org/53854311:53
*** threestrands has quit IRC12:08
*** dave-mccowan has joined #openstack-ansible12:08
*** markvoelker has quit IRC12:12
*** sxc731 has joined #openstack-ansible12:23
*** indistylo has joined #openstack-ansible12:30
*** bhujay has joined #openstack-ansible12:32
*** chyka has joined #openstack-ansible12:35
*** aruns has joined #openstack-ansible12:35
bhujayHi all , I am experiencing  a problem while running lxc-host-set up on a suse host . The  Prepare cached image setup commands  task fails with time out.12:37
*** indistylo has quit IRC12:38
*** chyka has quit IRC12:39
*** Taseer has quit IRC12:42
*** cjloader has joined #openstack-ansible12:48
*** cjloader has quit IRC12:53
CobHeadIn order for the people here to help you without asking too many questions, bhujay, is to run the playbook with verbose on (-vvvv) Paste the output from the failing part on e.g. pastebin and link it here.12:55
*** aruns__ has joined #openstack-ansible12:58
evrardjpprobably -vv is enough :)12:59
evrardjpbut yeah :)12:59
evrardjpbhujay: mmm these are the worst because it's a series of commands we run without ansible. Can you tap into the process?12:59
*** aruns has quit IRC13:00
*** astellwag has joined #openstack-ansible13:01
mhaydenbuenos dias13:02
bhujayevrardjp: yeah , it is going wrong with zypper --gpg-auto-import-keys -n dup --force-resolution -l13:02
bhujay , some more interesting findings is the same step goes well  with the host but fails when run with chroot.13:02
mnaserhttps://review.openstack.org/#/c/538259/ can this get another +A to get it to go through gate without recheck13:03
bhujayCobeHead: Thanks , will do so13:03
odyssey4meevrardjp bhujay there is a log in /var/log/ on the host which will contain the output of what ran there13:03
*** sxc731 has quit IRC13:05
bhujayodyssey4me: that log shows zypper is  stuck up while trying to  download  packages . Now manually i executed the command from a different mirror and it went through . Next I tired overriding the lxc_hosts_opensuse_mirror_url  but the play book fails . I am trying to  get an workaround . WIll update soon13:06
odyssey4mebhujay is it failing, or timing out?13:06
odyssey4meif it's timing out, there is a var to set which extends the timeout13:07
odyssey4mehttps://github.com/openstack/openstack-ansible-lxc_hosts/blob/master/defaults/main.yml#L134-L13813:07
*** markvoelker has joined #openstack-ansible13:09
bhujayi tried but that is not helping  since with chroot the zypper update wont proceed even when run manually unless the mirror is changed . Have to figure out the correctway to oveerride that13:09
*** woodard_ has quit IRC13:10
*** woodard has joined #openstack-ansible13:10
odyssey4mebhujay the process it does is to chroot, then setup a resolver, then do some things, then revert the resolver, then exit13:10
odyssey4meif you need the mirror changed, there's a var for that too13:11
*** akasurde has quit IRC13:11
*** astellwag has quit IRC13:12
*** astellwag has joined #openstack-ansible13:17
*** aruns has joined #openstack-ansible13:18
*** aruns__ has quit IRC13:20
*** santacloud__ has joined #openstack-ansible13:25
openstackgerritMajor Hayden proposed openstack/openstack-ansible-os_tempest master: Link SELinux python modules into tempest venv  https://review.openstack.org/53925713:28
mhaydenevrardjp: try that ^^13:28
mhaydenthanks for the tip on linking in the modules evrardjp & mgariepy13:29
*** sxc731 has joined #openstack-ansible13:31
*** kstev has joined #openstack-ansible13:32
*** kstev has quit IRC13:32
*** markvoelker has quit IRC13:37
*** markvoelker has joined #openstack-ansible13:37
mgariepymorning13:38
*** tobberydberg has quit IRC13:41
odyssey4mecores - any chance for a re-review of https://review.openstack.org/537387 - it was only modified by hwoarang to add depends-on to another patch13:43
hwoarangi will +2 it again since the context is the same. sorry i forgot to do it on time :)13:44
odyssey4meno worries, thanks hwoarang13:44
*** cjloader has joined #openstack-ansible13:48
sxc731Hi team, anything happening on the os_panko front (event storage API for Ceilometer)?  This feature request was raised 15 months ago but doesn't seem to have moved much: https://bugs.launchpad.net/openstack-ansible/+bug/162939013:48
openstackLaunchpad bug 1629390 in openstack-ansible "Create an os_panko role" [Wishlist,Confirmed] - Assigned to Nish Patwa (nishpatwa)13:48
*** hw_wutianwei has joined #openstack-ansible13:49
evrardjpmhayden: I thought we couldn't install libselinux-python in venvs13:50
mhaydenwe can install it on the host and link it in13:51
evrardjpmhayden: what I mean is there is probably a file missing, or am I wrong?13:51
evrardjplet me double check13:51
mhaydenit worked in my test in an aio13:52
evrardjpmmm13:52
evrardjpI think for a different reason13:52
mhaydeni'll go back and examine the venv to be sure13:52
evrardjpI think the venv would have it13:52
*** cjloader has quit IRC13:53
evrardjpmmm let me think. I thought it would be using cache to get it and install it from site packages, but I don't think that would be the case after all13:53
*** aruns__ has joined #openstack-ansible13:53
evrardjpbut am I tired? Where is tempest_install_python_libs.yml ?13:54
mhaydenah crud, forgot to add it to the commit13:54
evrardjpok13:54
evrardjpso now I understand better :)13:54
openstackgerritMajor Hayden proposed openstack/openstack-ansible-os_tempest master: Link SELinux python modules into tempest venv  https://review.openstack.org/53925713:54
evrardjpthat makes more sense :)13:55
mhaydenah, there is a problem here13:56
* mhayden digs13:56
*** aruns has quit IRC13:56
*** kstev has joined #openstack-ansible13:57
*** yolanda has quit IRC14:01
*** santacloud__ has quit IRC14:01
*** yolanda has joined #openstack-ansible14:03
*** pcaruana has quit IRC14:05
openstackgerritAndy McCrae proposed openstack/openstack-ansible stable/newton: Bump SHA for haproxy_server role  https://review.openstack.org/53953914:06
*** Taseer has joined #openstack-ansible14:08
sxc731re: os_panko.  If I wanted to take at stab at implementing this, what would be a good starting point? I guess os_gnocchi is similar enough?14:10
*** akasurde has joined #openstack-ansible14:11
*** akasurde has joined #openstack-ansible14:11
*** tobberydberg__ has joined #openstack-ansible14:15
*** tobberydberg__ has quit IRC14:15
*** tobberydberg__ has joined #openstack-ansible14:16
bhujayevrardjp, odyssey4me , CobHead   lxc_hosts_opensuse_mirror_url: to a different mirror solved the problem . After overridde  we have to run from setup-openstack-host so that the repo at base host also is updated.14:17
openstackgerritMerged openstack/openstack-ansible-repo_build master: Correct manifest index of openstack git folders  https://review.openstack.org/53738714:18
*** pcaruana has joined #openstack-ansible14:21
*** sxc731_ has joined #openstack-ansible14:23
*** mardim has quit IRC14:25
*** sxc731_ has quit IRC14:28
openstackgerritMaxime Guyot proposed openstack/openstack-ansible master: [WIP] Ceph RadosGW integration  https://review.openstack.org/51785614:29
*** esberglu has joined #openstack-ansible14:30
odyssey4mesxc, it's a little dated - but will serve as a good starting point I think14:32
odyssey4methere are some finer points which we can work out in review14:32
evrardjpodyssey4me: could you vote on https://review.openstack.org/#/c/539128/ ?14:32
odyssey4meor patch after the initial set14:32
*** jwitko has joined #openstack-ansible14:32
dcdamienhttps://review.openstack.org/#/c/538056/ <- guys, can we discuss it?14:37
*** SerenaFeng has joined #openstack-ansible14:37
*** santacloud has quit IRC14:37
*** sxc731_ has joined #openstack-ansible14:38
openstackgerritMajor Hayden proposed openstack/openstack-ansible master: Add SELinux python support to ansible-runtime venv  https://review.openstack.org/53955214:41
*** sxc731_ has quit IRC14:42
mhaydencloudnull: https://review.openstack.org/532863 is passing now!14:42
sxc731odyssey4me: thanks!  Anything else I should use in preference?  Seems there are common patterns - such as standing a mod_wsgi server - that could be factored as re-usable pieces (sorry not super-familiar with how this is done with Ansible.  But happy to copy-paste if that's the accepted way14:43
xdfilis there a summarized list of all the OSA roles to make it easier to clone them all?14:43
*** mardim has joined #openstack-ansible14:46
*** sxc731_ has joined #openstack-ansible14:47
*** cjloader has joined #openstack-ansible14:48
sxc731xdfil: does ansible-role-requirements.yml fulfil that requirement?14:48
*** pcaruana has quit IRC14:48
xdfilsxc731:  yeah, that will do14:49
xdfilI've got a couple things I'm stuck on14:51
openstackgerritPeriyasamy Palanisamy proposed openstack/openstack-ansible master: add networking-bgpvpn into openstack services  https://review.openstack.org/53955914:51
xdfilmy glance container doesn't mount NFS on reboot14:52
xdfilI have to manually type mount -a14:52
evrardjpodyssey4me: you got a patch yet for novnc?14:52
xdfiland then it mounts14:52
evrardjpand/or a bug reference? I think we might have that in our bugs let me check14:52
odyssey4meevrardjp nope - working on an improvement which doesn't just fix the bug, but also makes it idempotent14:52
odyssey4meworking on it as we speak14:52
evrardjpok14:52
*** cjloader has quit IRC14:53
*** sxc731 has quit IRC14:53
evrardjphughsaunders: was the issue https://bugs.launchpad.net/openstack-ansible/+bug/1746523 linked to this issue?14:53
openstackLaunchpad bug 1746523 in openstack-ansible "Nova vnc proxy fails on redeploy" [Undecided,New]14:53
*** sxc731_ has quit IRC14:53
*** aruns has joined #openstack-ansible14:54
*** aruns__ has quit IRC14:55
*** sxc731 has joined #openstack-ansible14:55
openstackgerritMajor Hayden proposed openstack/openstack-ansible master: [WIP] Test CentOS 7 with package_state: present  https://review.openstack.org/53956114:56
xdfilif I want to add/modify the bind mounts of a single container, how would I go about that?14:56
*** kstev has quit IRC14:58
*** sxc731 has quit IRC14:59
openstackgerritPeriyasamy Palanisamy proposed openstack/openstack-ansible master: Make Opendaylight as the BGP speaker using Quagga  https://review.openstack.org/52390715:01
*** sxc731 has joined #openstack-ansible15:02
xdfilso lxc_container_bind_mounts looks promising15:04
xdfilwhere would I define that exactly in the inventory?15:05
xdfilI only want to do this for glance containers15:05
*** sxc731 has quit IRC15:05
mgariepyhmm. is there something funky about gerrit this morning ?  i don't have the vote option in the reply... menu.. :S15:08
*** aruns has quit IRC15:09
mgariepyha nevermind..15:09
mgariepyabandonned patch hehe15:09
xdfilahh glance_container_bind_mounts:15:10
hwoarangdoes anyone know why this table is empty https://docs.openstack.org/openstack-ansible/latest/admin/troubleshooting.html#restarting-services ? :)15:10
*** sxc731 has joined #openstack-ansible15:11
*** cmart has joined #openstack-ansible15:11
*** pcaruana has joined #openstack-ansible15:14
*** sxc731 has quit IRC15:14
openstackgerritMajor Hayden proposed openstack/openstack-ansible-os_nova master: Fix SELinux file contexts for nova's ssh keys  https://review.openstack.org/53489115:16
xdfilOh now... hold on a sec. If there is already a bind mount defined in group_vars for /var/lib/glance/images... could it be that it is over-writing the NFS mount from the container fstab15:16
xdfilLets find out! :)15:16
*** sxc731 has joined #openstack-ansible15:17
cloudnullmornings15:18
mhaydenevrardjp / mgariepy: trying to fix the selinux shenanigans in the venv -> https://review.openstack.org/#/c/539552/15:19
mhaydeni forgot that tempest downloads on the host first and then ships the file out :/15:19
cloudnullmornings15:20
idlemindodyssey4me no worries, it actually might be some more missing patches that should be cherry-picked into stable/pike related to the xinetd service for mysqlchk that's causing the error i'm seeing (mysql works but the check fails so haproxy marks it as down)15:20
idlemindi'll be tidying up my notes from stumbling around the repo's last night and trying 1 or 2 patches15:20
idlemindi'll post anything i find out15:20
*** kstev has joined #openstack-ansible15:21
mgariepymhayden, did you try to symlink the directory ?15:23
mgariepyinstead of rsync15:23
*** ndusek has joined #openstack-ansible15:23
ndusekhey all - having some issues with networking on my osa aio deployment15:24
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible master: Add scaffolding for multiple container techs  https://review.openstack.org/52774915:25
mhaydenmgariepy: i tried, but the import failed15:25
mgariepyok15:25
mhaydenthe rsync seems to work quite well15:26
mhaydenand it fixed the tempest stuff for sure15:26
odyssey4meidlemind hmm, if haproxy is doing that then your ansible-role-requirements should have the right galera_server repo sha too, are you sure you executed bootstrap-ansible.sh after changing branch/tag ?15:26
mgariepyhere you go you get my vote :D15:26
*** Guest87240 is now known as mgagne15:27
*** mgagne has joined #openstack-ansible15:27
odyssey4mexdfil you can implement any group_vars/host_vars of your own in /etc/openstack_deploy/{group_vars,host_vars} - those will get merged over the top of the defaults in the git tree15:28
xdfilOMG, that was it!15:28
xdfilso if you configure glance_nfs_client15:29
xdfilyou have to also add glance_container_bind_mounts: []15:29
xdfilotherwise the bind mount that is defined in group_vars will break the nfs mount15:29
mhaydenmgariepy: tu es le vent sous mes ailes, monsieur15:29
mgariepylol15:30
odyssey4mexdfil honestly, that sounds like a bug - can you write it up in launchpad please?15:30
xdfilyes sir15:30
odyssey4metyvm - good find!15:30
cloudnullxdfil: ++ that sounds like a bug15:31
*** armaan has quit IRC15:32
cloudnullxdfil: is this master or pike ?15:32
xdfil16.0.615:32
*** woodard has quit IRC15:33
*** tobberydberg has joined #openstack-ansible15:34
*** armaan has joined #openstack-ansible15:34
*** armaan has quit IRC15:34
*** armaan has joined #openstack-ansible15:35
cloudnullxdfil: we did this in master.15:35
cloudnullhttps://review.openstack.org/#/c/526930/15:35
cloudnullmaybe it needs to be backported15:35
*** esberglu_ has joined #openstack-ansible15:36
openstackgerritKevin Carter (cloudnull) proposed openstack/openstack-ansible-os_glance stable/pike: Update glance NFS for systemd  https://review.openstack.org/53957715:39
openstackgerritMajor Hayden proposed openstack/openstack-ansible-openstack_hosts master: Use async distro package installation  https://review.openstack.org/53957815:39
cloudnullxdfil: IDK if this is something we want to backport however if folks working on stable could take a look, it'd be appreciated.15:40
*** esberglu has quit IRC15:40
*** phalmos has joined #openstack-ansible15:45
*** flaviosr has quit IRC15:45
idlemindodyssey4me ya, it appears to be a bug that was fixed but not brought back to stable/pike15:45
odyssey4meidlemind orly?15:46
*** flaviosr has joined #openstack-ansible15:47
*** SerenaFeng has quit IRC15:47
xdfilcloudnull: so no bug report then?15:48
*** cjloader has joined #openstack-ansible15:48
*** esberglu_ is now known as esberglu15:48
cloudnullno I think it's worth raising the issue15:49
cloudnullit may very well still be a problem15:50
cloudnullit's worth looking into15:50
cloudnullIMHO15:50
*** bhujay has quit IRC15:50
*** gkadam has quit IRC15:52
*** cjloader has quit IRC15:53
*** openstacking_123 has joined #openstack-ansible15:56
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-os_nova master: Improve console install and restart services appropriately  https://review.openstack.org/53958315:56
odyssey4meevrardjp ^ that's the bug fix for the issue we found earlier today15:57
*** cjloader has joined #openstack-ansible16:08
ndusekrunning an all-in-one deployment and can't ping my instances. I can ping the router and can ping the internal net via `ip netns exec qrouter-UUID ...` but that's it16:09
ndusekany suggestions on what to try next?16:09
lbragstadndusek: are you running with the defaults from an AIO?16:10
mbuilndusek: can you execute 'openstack network agent list'?16:11
mgariepyndusek, add a security rule to allow ping to get through ?16:11
*** phalmos has quit IRC16:11
openstackgerritMerged openstack/openstack-ansible master: Unfreeze roles after milestone 3  https://review.openstack.org/53912816:11
ndusekyep, running with defaults16:11
nduseknetwork agent list shows everything up16:12
lbragstadmgariepy: that was going to be my next guess :)16:12
ndusekI have a security group that allows icmp and tcp on port 22 for ssh16:12
nduseknetworks were set up using the openstack-ansible-ops repo16:13
lbragstadi've had to tinker with security groups to get vm -> vm traffic working16:13
mbuilndusek: after pinging your VMs from the network namespace, if you run 'arp -na', can you see the MAC address of the VM?16:13
idlemindi need help confirming if this commit (https://github.com/openstack/openstack-ansible-galera_server/commit/f2bfbd38513ac8d61ba4e02a4d5ef6cbbca259cc) is present in stable/pike ... i don't think it is. as soon as i made the change manually in my my.cnf of the galera container whalla my health checks stopped failing for galera in haproxy and confirmed by telnet16:14
ndusekno, `arp -na` does not list a mac for the IP that I am pinging via the net ns16:15
idlemindand os-keystone-install is moving along (past db errors i was hitting) as expected now16:16
mbuilndusek, when you are in the controller, can you list the processes and look for a dnsmasq process?16:17
idlemindmy checks on github show f2bfbd38513ac8d61ba4e02a4d5ef6cbbca259cc is missing from stable/pike ... we'll need that for a functional rhel (centos) install to get past any of the os-* plays that require db work (probably all)16:18
ndusekyep, I see a couple of dnsmasq processes, one owned by lxc-dns+ and the other owned by nobody16:18
*** mamitchl has left #openstack-ansible16:18
mbuilndusek: last week we fixed a bug. apparmor was breaking dnsmasq, just wanted to check if you were hitting it16:19
ndusekmbuil: oh ok, I am running centos7 by the way16:20
mbuilndusek: can you check if your VMs got an IP lease in this log /var/log/neutron/neutron-dnsmasq.log?16:21
ndusekmbuil: hmm, I don't have a log with that name16:21
*** woodard has joined #openstack-ansible16:23
ndusekmbuil: dhcp is enabled on the private subnet, but not on the public16:23
mbuilndusek: that's fine16:24
mbuilNot sure what is going on, sorry :(. Can you access the VM through console and check if it got any IP?16:25
*** rstarmer has quit IRC16:27
*** woodard has quit IRC16:27
ndusekmbuil: yeah, in the console logs, it shows eth0 being assigned the IP that openstack is giving it16:28
*** woodard has joined #openstack-ansible16:28
ndusekmbuil: but none of my VMs can hit the metadata service16:28
ndusekand I can ping the router from both the controller node and a different physical non-openstack machine on the same network16:28
ndusekso I'm wondering if the router is somehow misconfigured? do I need to add some routes to hit the different subnets?16:29
mbuilndusek: you should be able to ping the VM from the network namespace with or without a router. It is weird that you don't get the ARP resolution though16:31
mbuilndusek: I need to leave for a while, sorry16:31
ndusekmbuil: no problem, thanks for your help though16:33
lbragstadcloudnull: have you seen issues like that with your AIOs? ^16:37
*** pcaruana has quit IRC16:39
*** akasurde has quit IRC16:42
idlemindcloudnull odyssey4me another issue on centos7 from stable/pike of openstack-ansible https://bugs.launchpad.net/openstack-ansible/+bug/174654716:42
openstackLaunchpad bug 1746547 in openstack-ansible "stable/pike of openstack-ansible-galera_server fails haproxy health check on rhel7" [Undecided,New]16:42
odyssey4meorly? I wonder if mhayden has seen that in his env?16:43
cloudnulllbragstad: no i've not.16:43
cloudnullin our normal AIO we test VMs via tempest16:43
cloudnulland we enable the basic ops test16:44
cloudnullwhich would mean the VMs would have to get meta-data16:44
lbragstadhuh - interesting16:45
lbragstadi wonder if it is hardware specific16:52
ndusekI am running on some pretty old hardware16:53
ndusekI might just try on some VMs and see if I have the same issues16:53
*** chyka has joined #openstack-ansible16:54
*** SerenaFeng has joined #openstack-ansible16:55
*** rstarmer has joined #openstack-ansible16:56
idlemindi'm puzzled how stable/pike isn't failing gate checks or is that not checked per commit (or is centos7 not a voting platform)16:56
perihi, i'm trying to setup a container using osa lxc-hosts and lxc_container_create roles, but the following error is throws while executing TASK [lxc_hosts : Place container metadata]16:59
peri"msg": "Failed to find handler for \"/tmp/meta.tar.xz\". Make sure the required command to extract the file is installed. Command \"/bin/tar\" could not handle archive. Command \"/usr/bin/unzip\" could not handle archive."16:59
perii do have unzip installed on the host17:00
perihwoarang^ fdegir^17:01
openstackgerritMarc Gariépy (mgariepy) proposed openstack/openstack-ansible-galera_server stable/pike: Fix Galera socket for RedHat  https://review.openstack.org/53960117:02
mgariepythe backport has been forgotten..17:03
idlemindmgariepy np i figured that happens a lot ... seems maybe running master might be safer than stable/pike lol17:04
idlemindworst case i find the bugs and report 'em17:04
idlemindand we're all better off17:04
mgariepywell mhayden is running master i think17:05
idlemind#brave17:06
*** ndusek has quit IRC17:06
mgariepyhaha17:06
mgariepyyep17:06
mgariepymhayden, how often to you upgrade ?17:06
idlemindalso, w/the pull into the specific repo of stable/pike do you have submit a second change to update the hashs in openstack-ansible proper?17:06
idlemind(segway)17:07
*** phalmos has joined #openstack-ansible17:08
mgariepyidlemind, https://github.com/openstack/openstack-ansible/blob/stable/pike/ansible-role-requirements.yml17:09
mgariepyyou can either change the sha in that file on your server then re-run the bootstrap-ansible.sh17:10
mgariepyor update manually the /etc/ansible/roles/galera_server with the cherry-pick of the correct patch17:10
idlemindright that's the file but it would seem like the change you submited to update stable/pike of the underlying role (openstack-ansible-galera_server) a sister change should be to update the sha in openstack-ansible (*requirements.yml) so that any new pulls of openstack-ansible on a "fresh" basis get the fix for themselves17:11
*** indistylo has joined #openstack-ansible17:11
odyssey4meidlemind ye, that can only be done once the role patch merges17:11
idlemindahh17:11
mgariepyonce it's merged we can update the patch is merged.17:11
idlemindsure makes sense17:11
idlemindotherwise you won't have the new sha w/o the merge17:12
idlemindi know it seems like housekeeping stuff which is always not fun17:12
odyssey4meyep, we bump the sha's  every two weeks as a routine, to give a two week period of testing whatever's changed17:13
odyssey4methat gives enough time to detect new issues, get them resolved, etc17:13
idlemindto make sure the person that pulled the fix like this galera issue or the lxc-hosts issue i found and cherry-picked don't cause knock-on issues17:14
odyssey4meyep, that's the idea17:14
idlemindis that mass hash-update then gated to ensure it produces a valid build?17:14
odyssey4meit doesn't always work out, but it does help limit the effects of new patches being merged which cause knock-on effect most often17:14
odyssey4meyep, nothing changes in a repo without passing tests twice in a row17:15
odyssey4methe only trouble for centos is that it's too slow to gate the integrated build, so it's only tested in daily tests17:15
odyssey4meso sometimes things fall through the cracks17:15
mhaydenidlemind: i did see a healthcheck failure, but it's not centos related17:16
*** phalmos has quit IRC17:16
mhaydenIIRC17:16
mhaydenyou have to specify the addresses that are okay for haproxy to use to talk to xtrabackup17:16
mhaydenvia xinetd17:16
odyssey4meour ubuntu integrated build tests run from 60-90 mins, centos runs more like 3 hours IIRC17:16
mhaydenodyssey4me: it's about 1 hr 45 on a Rax cloud perf1-817:16
* mhayden is still trying to figure out what makes centos so slow in the gate17:17
mhaydensome of it is the package manager differences -- yum + apt operate differently17:17
idlemindwow ya seems odd for such a significant difference that said i can totally agree my centos build process is pretty slow overall lol17:17
*** cjloader has quit IRC17:17
odyssey4mesure, and for ubuntu we use an infra mariadb mirror - whereas for centos/suse I don't think that's being done17:17
*** cjloader has joined #openstack-ansible17:18
odyssey4megiven that galera_client is installed almost everywhere, I expect that slows things down a bit17:18
mhaydenthat one does take a lot17:18
mhaydenos_nova takes ~ 6 minutes to install distro pkgs on centos :/17:18
mgariepyarent the pkg cached in the repo server ?17:18
idlemindcould be a difference in what the package is doing compared to the ubuntu one tho17:19
mhaydenmgariepy: well, those pkgs aren't cached yet17:19
idlemindahh17:19
mhaydensince most of them are first seen when os_nova installs17:19
*** rstarmer has quit IRC17:19
idlemindso the first hit to install doesn't get cached and the cache doesn't provide any benefit to a single install of nova only on additional hosts17:19
odyssey4meI'm still thinking that some fundamental changes in how we do the deployment is really the only way to get that resolved - hence https://github.com/openstack/openstack-ansible-specs/blob/master/specs/queens/python-build-install-simplification.rst and https://github.com/openstack/openstack-ansible-specs/blob/master/specs/queens/deployment-stages.rst which unfortunately I've not managed to make enough time to progress as far as I'd have17:19
odyssey4me liked... so it'll have to wait for the next cycle17:19
*** pbandark has quit IRC17:20
idlemindspeaking of nova ... that's where my install is at for the moment :) 49:15.614 of setup-openstack.yml17:20
mhaydenbut it's weird, because for nova, if you consider the 6 minutes eaten up by distro package install, the actual *install* process takes < 10 sec17:22
mhaydenwhich makes me think it's the downloading that is painful17:22
odyssey4medoing the deploy in stages would also mean we could pre-stage all the software in parallel, then execute the service configs in serial... rather than doing it all in serial as it does now (to make upgrades safer and less disruptive).17:22
odyssey4mewow, that's weird - because in the gate those downloads are from a local mirror - or should be17:22
mhaydentrue17:23
mhaydenmore things i'd like to poke at :/17:23
odyssey4memhayden did ja break it all again? http://logs.openstack.org/83/539583/1/check/openstack-ansible-functional-centos-7/4278647/logs/ara/result/e6e50287-48c4-433e-b510-c7d2e581a1cc/17:24
mhaydensigh, i'll go back and look again17:26
* mhayden has too many irons in the fire17:26
*** SerenaFeng has quit IRC17:30
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-repo_build stable/pike: Correct manifest index of openstack git folders  https://review.openstack.org/53961117:32
openstackgerritJesse Pretorius (odyssey4me) proposed openstack/openstack-ansible-repo_build stable/pike: Correct manifest index of openstack git folders  https://review.openstack.org/53961117:32
openstackgerritJimmy McCrory proposed openstack/openstack-ansible-rsyslog_client master: Correct task tag  https://review.openstack.org/53961417:34
*** rstarmer has joined #openstack-ansible17:35
*** rstarmer has quit IRC17:39
openstackgerritMerged openstack/openstack-ansible-galera_server stable/pike: Zuul: Remove project name  https://review.openstack.org/53888917:41
*** zenirc369 has joined #openstack-ansible17:42
*** ivve has quit IRC17:50
idlemindside-note ... i wonder if this makes more sense to use than the clustercheck script via xinet.d ... https://github.com/leoleovich/clusterhc18:01
idlemind(galera_server)18:02
*** ivve has joined #openstack-ansible18:02
*** peri has quit IRC18:07
openstackgerritMerged openstack/openstack-ansible-ops master: Uses a dedicated telegraf role  https://review.openstack.org/52459318:08
openstackgerritMerged openstack/openstack-ansible-ops master: Updates the last update date  https://review.openstack.org/52459418:08
*** woodard has quit IRC18:10
*** woodard has joined #openstack-ansible18:11
*** mbuil has quit IRC18:12
*** indistylo has quit IRC18:17
*** rstarmer has joined #openstack-ansible18:20
*** phalmos has joined #openstack-ansible18:24
*** mbuil has joined #openstack-ansible18:28
openstackgerritJames E. Blair proposed openstack/openstack-ansible-os_monasca-agent master: Zuul: Remove project name  https://review.openstack.org/53962918:28
idlemindi wonder if part of the problem w/yum caching is that apt-cacher-ng only grabs it for each mirror that is requested so when using fastestmirror at various times you might get a new mirror and the proxy has to cache that package for that proxy ... maybe disabling fastestmirror might help or possibly there is a way to tell apt-cacher-ng to rewrite all centos requests to a standard directory?18:35
mgariepyidlemind, there is18:37
mgariepyi though we already did that tho.18:37
idlemindYa, it looks that way. the extra entries seem to be mirror specific repodata for epel18:38
idlemind(in my case)18:38
idlemindso false alarm there18:38
*** pbandark has joined #openstack-ansible18:39
idlemindsigh ... error on image upload after setup-openstack ... i seem to remember an issue w/horizon configuration in stable/pike back in the day ... time to fish that one out18:41
mgariepyidlemind, first try cli to filter out  glace18:44
mgariepyidlemind, first try cli to filter out  glance**18:44
idlemindya i'll re-verify that18:44
openstackgerritMajor Hayden proposed openstack/openstack-ansible-os_neutron master: Fix SELinux policy filenames  https://review.openstack.org/53963518:46
*** peri has joined #openstack-ansible18:48
*** germs has joined #openstack-ansible18:52
*** openstacking_123 has quit IRC18:52
*** shardy has quit IRC18:53
*** peri has quit IRC18:58
evrardjpodyssey4me: just reviewed19:02
*** sxc731 has quit IRC19:07
*** poopcat has joined #openstack-ansible19:08
*** tobberydberg__ has quit IRC19:14
*** tobberydberg__ has joined #openstack-ansible19:15
*** tobberydberg__ has quit IRC19:19
idlemindodyssey4me changing HORIZON_IMAGES_UPLOAD_MODE to 'legacy' in horizon's local_settings.py allowed the upload to start without an error and upload ...  seems to be this bug: https://bugs.launchpad.net/openstack-ansible/+bug/163908019:22
openstackLaunchpad bug 1639080 in OpenStack Dashboard (Horizon) "Image uploads fail in Horizon if upload mode is set to direct if endpoint set to internal." [Medium,Fix released] - Assigned to Paulo Matias (paulo-matias)19:22
idlemindlooking at commit history to see if there might be something to it19:22
idlemindyup that's the bug affecting whatever commit is in stable/pike of openstack-ansible for openstack-ansible-os_horizon ... i'll dig some more19:23
mgariepyshiny : http://paste.openstack.org/show/658219/ :D19:26
idlemindmgariepy i'll take that off your hands19:27
mgariepyit will be taken off my hand soon enough :P19:27
idlemindso you got my address and packing slip excellent19:28
*** stuartgr has quit IRC19:29
mgariepythe sad part is : no nvme in it ;(19:33
*** cjloader has quit IRC19:33
*** rstarmer has quit IRC19:38
*** tobberydberg__ has joined #openstack-ansible19:53
ivveidlemind: running ceph?19:54
idlemindivve nope just good ole lvm atm19:54
idlemindceph eventually19:54
*** tobberydberg__ has quit IRC19:54
ivveok, you'll run into the same thing with ceph19:55
ivvelegacy works, direct not so much19:55
*** tobberydberg__ has joined #openstack-ansible19:55
idlemindya it seems like a bug ... horizon/glance uploading images should just work out of the box19:55
idlemindhence the launchpad report19:55
ivveaye19:55
idlemindjust not sure how that one gets solved in stable/pike19:55
idlemindneed the masters to look at it and see how to tackle19:55
ivveits been like that since mitaka19:55
ivvei have one more thing that i change as well19:56
ivvesec19:56
idlemindin the mean time the last thing i have to figure out is what's going on w/attaching volumes to instances and i'll have an operable cloud19:56
ivvei think its image_allow_location19:57
idlemindya right now that's False on mine i think that toggles url based loading right?19:57
ivveaye19:57
ivveimage_allow_location = true instead of false19:57
idlemindit seems stable/pike has that part fixed so you can override that in user_config.yml now19:58
idlemindi didn't try though19:58
ivveoh really?19:58
idlemindya seems the patches for it have wondered in19:58
idlemind* wandered into the branch19:58
ivveits been a requested feature to be able to do overrides in local_settings.py19:58
ivve:)19:58
ivvewell i've learned to fix that post deploy/post running horizon playbooks for upgrades/changes19:59
ivvemaybe no more!20:00
idlemindor at least 1 less thing to manually do20:00
ivveaye20:02
ivveyou don't happen to know anything about nested heat stacks?20:02
*** armaan has quit IRC20:02
ivveas in multiple resources inside a resourcegroup / autoscalinggroup20:03
idlemindnegative cap'n20:03
*** armaan has joined #openstack-ansible20:03
*** mbuil has quit IRC20:03
ivveseems like a tough topic20:04
ivvealthough i don't understand why not everybody wants to use it :)20:04
idlemindi want to get there20:04
idlemindhave to get deployments squared away first20:05
ivvecheck20:05
ivvebtw i would recommend running ubuntu, i have done some deployment on centos. not so much fun :P20:06
idlemindlol ya centos is proving to be a challenge lol20:06
ivvei had to do a FEW modifications20:06
idlemindbut actually not too bad; once i get this lvm thing figured out i'm sure i'll be up and running at least until i move to ceph20:06
ivvepretty much not possible to use playbooks to upgrade... at least with the setups i tried20:07
idlemindthankfully cloudnull odyssey4me and a few others promptly proposed review's to get the stuff going20:07
ivveaye they are great guys :)20:07
ivvebut i think the problem is the general support centos gets20:07
*** sxc731 has joined #openstack-ansible20:09
ivvethe osa is an amazing clockwork20:09
mgariepythe more user there will on centos the better it will get.20:16
mgariepyi've working on it a lot on past cycle, but right now I have other stuff to focus on, I have a couple colleague that should deploy centos for prod on pike ""soonish"".20:17
mgariepyhttp://paste.openstack.org/show/658229/ << that took a long time.20:27
*** chyka has quit IRC20:29
openstackgerritJames E. Blair proposed openstack/openstack-ansible-ceph_client master: Zuul: Remove project name  https://review.openstack.org/53967220:29
*** chyka has joined #openstack-ansible20:30
*** hw_wutianwei has quit IRC20:31
*** chyka_ has joined #openstack-ansible20:33
*** chyka has quit IRC20:34
*** chyka_ has quit IRC20:42
*** chyka has joined #openstack-ansible20:42
*** ivve has quit IRC20:46
*** chyka has quit IRC20:48
*** chyka has joined #openstack-ansible20:49
*** DanyC has joined #openstack-ansible20:51
idlemindwoot well neutron works and i can get access to vms via qinq over my br-vlan so that's fun20:52
idlemindk now to cinder / lvm / iscsi boring ness20:52
*** tobberydberg__ has quit IRC20:58
*** tobberydberg__ has joined #openstack-ansible20:58
*** zenirc369 has quit IRC20:59
*** hybridpollo has joined #openstack-ansible21:07
*** armaan has quit IRC21:07
*** tobberydberg__ has quit IRC21:08
mhaydenah, so i'm making progress on centos slowness with os_nova21:08
*** tobberydberg__ has joined #openstack-ansible21:08
mhaydenthe package install is slowed a bunch by the container-selinux and openstack-selinux packages21:08
idlemind3 cheers21:08
mhaydeni need to see what policies we have in there21:08
mhaydenbecause we may not need it with the way we deploy openstack21:09
*** ivve has joined #openstack-ansible21:13
idlemindanyone familiar with using cinder lvm on a basic one node host?21:15
*** rstarmer has joined #openstack-ansible21:16
openstackgerritMajor Hayden proposed openstack/openstack-ansible-os_nova master: Remove openstack-selinux package from os_nova  https://review.openstack.org/53968821:19
openstackgerritMajor Hayden proposed openstack/openstack-ansible-os_neutron master: [TEST] Test os_neutron with SELinux enforcing  https://review.openstack.org/53969021:23
mhaydenmgariepy / cloudnull: if y'all are around -> https://review.openstack.org/53963521:26
mhaydenthat will help clean up my mess ;)21:26
*** sxc731 has quit IRC21:30
openstackgerritMajor Hayden proposed openstack/openstack-ansible-os_nova master: Fix SELinux file contexts for nova's ssh keys  https://review.openstack.org/53489121:32
*** rstarmer has quit IRC21:34
*** poopcat1 has joined #openstack-ansible21:40
*** poopcat has quit IRC21:40
idlemindhmmm might be selinux messing w/me iscsiadm is complaining but works fine locally21:42
idlemindas root21:42
*** mamitchl has joined #openstack-ansible21:43
idlemindhttps://imgur.com/a/zAbnl21:47
idlemindnot sure where you'd put a fix for selinux and cinder ... is that typically part of the openstack-ansible-os_* part or in the upstream item?21:53
*** rstarmer has joined #openstack-ansible21:56
idlemindturning off selinux let me mount a volume21:57
openstackgerritShannon Mitchell proposed openstack/openstack-ansible-ops master: Fixed Suse Image to use link without build information  https://review.openstack.org/53969921:57
*** pbandark has quit IRC21:58
idlemind(side-note) rsyslogd is complaining in the selinux audit.log too so i'll learn more about that soon (tm) i'm sure21:58
idlemindfor now selinux is off21:58
*** armaan has joined #openstack-ansible21:59
*** woodard has quit IRC22:06
openstackgerritMajor Hayden proposed openstack/openstack-ansible-os_neutron master: [TEST] Test os_neutron with SELinux enforcing  https://review.openstack.org/53969022:12
*** kstev has quit IRC22:18
mhaydenidlemind: typically we put those into the cinder role itself22:28
mhaydenidlemind: if you're doing pike/master, i'd recommend putting selinux into permissive for now22:28
* mhayden is still hacking through selinux policies22:28
idlemindmhayden you mean the openstack-ansible-os_cinder role right? and ya i'm stable/pike of openstack-ansible but i scanned master and didn't see anything selinux related so it's probably a new thing for the cinder role22:32
mhaydenright22:32
mhaydeni'd like to start tracking AVC's in the gate jobs, but i've gotta finish stabilizing centos 7 first :/22:32
idlemindlol i feel ya22:33
mhaydenthere are very few of us insterested in that work ;)22:33
idlemindi was seeing rsyslogd selinux errors as well for the metal neutron and nova logs so more fun there too22:33
prometheanfireevrardjp: sure you want to jump on that grenade?22:41
evrardjpwhich one?22:41
prometheanfireevrardjp: ptl22:42
evrardjpI have the impression I got a few ones in my belly already :p22:42
evrardjphaha22:42
prometheanfirefair enough22:42
evrardjpyeah, I have endured the pain, I am ready now.22:42
evrardjp:d22:42
prometheanfire:D22:42
evrardjpyou?22:42
prometheanfireya, I'm sending it friday (by my current schedule) though may have time tonight22:42
evrardjpso you're ready for that grenade too then? :p22:45
idlemindmhayden are their others than neutron that i could look at for how you did the selinux work?22:46
idlemindneutron scares me22:46
mhaydeni did that recently and i have a patch in the works to fix my horrible file naming22:47
mhaydenidlemind: https://github.com/openstack/openstack-ansible-os_neutron/commit/261a789342a4f33542de7d1336807141f30e5d9422:47
*** jwitko has quit IRC22:48
mhaydenthere is some simpler stuff for nova -> https://review.openstack.org/#/c/534891/8/tasks/nova_selinux.yml22:48
prometheanfireevrardjp: I'm juggling at least two22:49
mhaydensometimes you can write a file context rule and be done with it22:49
idlemindsweet i'll start safely with nova see if i can make any sense of it22:49
mhaydenbut sometimes you need new policy22:49
prometheanfiregentoo foundation presidency and reqs22:49
prometheanfireI'm up for election there too in july (if I run)22:49
*** woodard has joined #openstack-ansible22:49
*** woodard has quit IRC22:51
openstackgerritMajor Hayden proposed openstack/openstack-ansible-os_neutron master: [TEST] Test os_neutron with SELinux enforcing  https://review.openstack.org/53969022:53
evrardjpprometheanfire: oh interesting22:58
prometheanfiretwo year terms there22:58
prometheanfirebigger grenade too, way more politics22:58
evrardjpyou have more time to do things.22:58
evrardjpyeah22:58
prometheanfirerecently it's just been trying to get the foundation (admin side) and council (tech side) to work together.22:59
idlemindselinux is something i have to more firmly master myself like when to just change the context of a file or when you create a module to encompass the needed items and that kind of stuff22:59
*** guhcampos has joined #openstack-ansible22:59
prometheanfireselinux is fun, I'd recommend swift's books (sven's)23:01
prometheanfirehttps://www.amazon.com/SELinux-System-Administration-Sven-Vermeulen-ebook/dp/B01LWM02WI and https://www.amazon.com/SELinux-Cookbook-Sven-Vermeulen-ebook/dp/B00NVDAWII23:02
*** esberglu has quit IRC23:07
openstackgerritMajor Hayden proposed openstack/openstack-ansible-lxc_hosts master: Install SELinux packages asynchronously  https://review.openstack.org/53972423:08
evrardjpinteresting books. So many books, so little time23:11
prometheanfirehe's a fellow belgian too23:13
evrardjpmhayden: could you vote on this please? https://review.openstack.org/#/c/536372/23:13
evrardjphis name rings me a bell23:14
evrardjpmaybe I have met him in a meetup23:14
*** phalmos has quit IRC23:14
prometheanfireused to work for a bank or something, not sure now23:16
idlemindoh nice thx for the links23:17
idlemindya i get the purpose for and totally would prefer apps work w/selinux than the cop out of just disabling23:17
evrardjpprometheanfire: yeah23:20
evrardjpKBC23:20
evrardjpidlemind: every time you disable selinux, a mhayden cries.23:20
evrardjp:D23:22
idlemindlol that should be a t-shirt23:22
*** rstarmer has quit IRC23:24
evrardjpHe has tshirts about selinux, it's not a joke! :D23:25
evrardjpahah23:25
*** john51 has quit IRC23:26
prometheanfireI bought some :P23:26
prometheanfireok, really leaving now :P23:27
idlemindubuntu's cloud image ... 257 mb ... centos cloud image 837 mb23:28
idlemind#winning23:28
evrardjpOH23:28
evrardjpthat's interesting.23:28
evrardjpthat could also be the cause of slow gates.23:29
evrardjpidlemind: thanks I completely forgot that!23:29
idlemindslowing down storage23:29
idlemindnp i just noticed cuz i'm loadin' my cloud up w/some images to play with23:29
evrardjpwell, what I mean is that you give us an idea of optimization...23:30
evrardjp:D23:30
idlemindformat c:23:30
idlemind?23:30
evrardjpomg, that command !23:31
evrardjpfrom my far past.23:31
evrardjp:D23:31
*** john51 has joined #openstack-ansible23:33
openstackgerritShannon Mitchell proposed openstack/openstack-ansible-ops master: Fix openstack-service-setup.yml GATEWAY_NETWORK to match the flat network.  https://review.openstack.org/53973023:36
*** rstarmer has joined #openstack-ansible23:37
*** zenirc369 has joined #openstack-ansible23:40
*** john51 has quit IRC23:43
*** john51 has joined #openstack-ansible23:45
« Tuesday, 2018-01-30 Index Thursday, 2018-02-01 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!