Thursday, 2014-01-23

*** SergeyLukjanov_ is now known as SergeyLukjanov		05:46
*** SergeyLukjanov is now known as SergeyLukjanov_		05:49
Nikolay_St	guys, morning	06:07
Nikolay_St	did you see this? https://review.openstack.org/#/c/68254/	06:07
Nikolay_St	it's update about SQLalchemy	06:07
*** bauzas has joined #openstack-climate		08:03
Nikolay_St	bauzas:	08:06
bauzas	hi	08:06
Nikolay_St	bauzas: o/	08:06
*** Nikolay_St has quit IRC		08:41
*** Nikolay_St has joined #openstack-climate		08:43
Nikolay_St	bauzas: I have an idea about climate and endpoint v3	08:58
bauzas	sure, say it :)	08:58
Nikolay_St	as we said before we have devstack with some extras which we use to install climate + devstack	08:58
bauzas	sure, there is a review WIP	08:59
Nikolay_St	we can store 2 files in climate repo, and add script which will clone it in devstack location	09:00
bauzas	but I don't want to be dependent of devstack for installing climate :)	09:00
Nikolay_St	oh, okay :D	09:00
bauzas	about the scripts for adding endpoints ?	09:00
bauzas	well, you misunderstood	09:00
Nikolay_St	yeap	09:01
bauzas	I'm not against devstack, I'm just saying we should provide the scripts in the climate repo	09:01
bauzas	and devstack would execute them	09:01
bauzas	that's fine for me	09:01
bauzas	but we still have to provide some docs for saying "run these scripts, please"	09:01
bauzas	in case of ppl don't want to install climate using devstack	09:02
*** DinaBelova_ is now known as DinaBelova		09:49
*** SergeyLukjanov_ is now known as SergeyLukjanov		09:51
Nikolay_St	bauzas: Sylvain, can you be more explicit about this strange guys who uses OpenStack but don't like DevStack?	10:04
bauzas	Nikolay_St: lol	10:04
bauzas	Nikolay_St: I come from an operator world where we don't use Devstack at all :)	10:05
bauzas	Nikolay_St: and where people prefer to use Foreman/Puppet with trunk	10:05
bauzas	or Chef or Ansible, or whatever	10:06
Nikolay_St	bauzas: I think that if they like to use different deployment tools they are great, and don't need some scripts, etc.	10:07
Nikolay_St	bauzas: devstack is common way for fast OpenStack installation	10:07
bauzas	but they should know Climate needs to create an endpoint :)	10:07
bauzas	(11:07:54) Nikolay_St: bauzas: devstack is common way for fast OpenStack installation	10:08
bauzas	Nikolay_St: totally disagree :)	10:08
*** YorikSar has joined #openstack-climate		10:08
bauzas	Devstack is the common way for developers :)	10:08
bauzas	anyway, I can't get the problem	10:08
bauzas	we do a quick script for creating endpoint and user, et voila ;)	10:09
bauzas	devstack would only have to execute it	10:09
bauzas	as Heat does	10:09
YorikSar	bauzas: Hi	10:09
bauzas	YorikSar: hi :)	10:10
YorikSar	bauzas: The problem is that this script becomes some exceprt from devstack module we have.	10:10
YorikSar	bauzas: And Climate will have to support its devstack modules.	10:10
bauzas	YorikSar: but Devstack can use it	10:11
openstackgerrit	A change was merged to stackforge/climate: Updated from global requirements https://review.openstack.org/68254	10:11
bauzas	YorikSar: again, Climate needs an endpoint, we can't rely on devstack for managing all our needs	10:11
YorikSar	bauzas: Supporting some other deployment script as well will just need extra effort.	10:11
bauzas	well, we spoke with DinaBelova and SergeyLukjanov yesterday, and I was thinking there was a consensus around this	10:12
YorikSar	bauzas: Devstack contains a lot of sweet library methods that are used while it deploys stuff.	10:12
bauzas	YorikSar: we need to have an EXPLICIT way for doing all the prereqs	10:12
bauzas	YorikSar: if you don't want a script, I'm OK for amending the doc with precise commands	10:13
bauzas	but at least, we need to document it in README.rst	10:13
bauzas	I spent half of my day yesterday trying to understand how I could get a devstack running with Keystone V3	10:13
bauzas	while I discovered we can't	10:14
bauzas	because keystoneclient doesn't and won't support api v3	10:14
bauzas	at least for the shell command	10:14
DinaBelova	bauzas, I said i'm ok with just script only because I did not think about Devstack we already have in some way :D	10:14
YorikSar	bauzas: I don't quite get why we need this script. If you have some recipes/manifests that deploy OpenStack then it'll be easier for you to add one line there.	10:14
bauzas	so, when discussing with you guys, I discovered that you were having a classic devstack install with v2, plus an extra endpoint	10:15
YorikSar	bauzas: As opposed to having half-devstack in one little script in main repo.	10:15
bauzas	YorikSar: I'm not saying I want a script	10:15
bauzas	I want some way to know what to do	10:15
bauzas	doc is enough for me	10:16
bauzas	provided we explicitely say 'create an endpoint called identityv3'	10:16
bauzas	sorry, create a service with type identityv3 and an endpoint associated with	10:16
bauzas	that's it	10:16
YorikSar	bauzas: btw, why don't you like using devstack for dev/test install? It's pretty powerfull tool.	10:16
bauzas	and that should not take a while	10:16
bauzas	I do	10:16
bauzas	I do use devstack	10:17
bauzas	but how come I should know I have to add an identityv3 endpoint if you don't say it ?	10:17
YorikSar	bauzas: Then what do we need it for?	10:17
YorikSar	bauzas: Ok, so it's purely documentation issue.	10:17
bauzas	YorikSar: exactly :)	10:17
bauzas	YorikSar: that's something I said yesterday	10:17
bauzas	YorikSar: and it turned into some way where I said "instead of writing to create an endpoint, just do some script and say to execute the script"	10:18
bauzas	YorikSar: but I'm not against only doc	10:18
YorikSar	bauzas: Since Climate lacks documentation entirely, we can add it to appropriate place once we get it.	10:18
bauzas	provided the doc doesn't only say "we need Identity V3"	10:18
YorikSar	bauzas: Or add it to README and migrate later.	10:19
bauzas	and the appropriate place is README.rst IMHO	10:19
bauzas	please check the logs of this chan	10:19
bauzas	you won't see more of this	10:19
YorikSar	bauzas: Ok, great.	10:20
bauzas	YorikSar: I was even saying "don't take more than 1 hour for the script, or just write doc"	10:20
DinaBelova	ok, so we may just put instructions "created identityv3", "create endpoint for it" with example lines for CLI in README. And later just put devstack to contrib directory when it will be done	10:20
YorikSar	bauzas: I've just been suprised looking as Nick copying parts of Devstack to a separate script :)	10:20
bauzas	DinaBelova: indeed	10:21
DinaBelova	anyway, we need devstack for incubation after last tc meeting :D	10:21
bauzas	+1	10:21
DinaBelova	so we should end it anyway	10:21
bauzas	but SergeyLukjanov's patch needs to be updated	10:21
bauzas	speaking of https://review.openstack.org/#/c/60465/	10:21
DinaBelova	yep	10:21
SergeyLukjanov	IIUC YorikSar will continue working on it	10:22
bauzas	(which is WIP btw.)	10:22
bauzas	ok great	10:22
SergeyLukjanov	unfortunately, my backlog is too large now for doing it :(	10:22
bauzas	I'm sorry it turned into a brainstorm for such a little thing :)	10:22
SergeyLukjanov	but I think that I'll be able to review when it'll be ready	10:22
DinaBelova	:D	10:22
bauzas	I just wanted to move forward and try to fix things rapidly :)	10:23
bauzas	so, Nikolay_St, as said yesterday, just provide another patchset for trusts with the amended doc, as stated DinaBelova, and I'll be fine :)	10:23
bauzas	I was testing your patch before this discussion	10:24
bauzas	now that I know I just need to create another endpoint :)	10:24
bauzas	btw. I will provide a patch for an explicit climate.conf with some doc in it referencing all the config options for Climate	10:25
bauzas	because most of them are not said in the current climate.conf and only leave on default value	10:25
bauzas	shouldn't be hard work	10:26
bauzas	ok for you, Nikolay_St ?	10:27
bauzas	I mean, OK for amending trust patch with README.rst updated as stated DinaBelova?	10:27
bauzas	(11:20:47) DinaBelova: ok, so we may just put instructions "created identityv3", "create endpoint for it" with example lines for CLI in README. And later just put devstack to contrib directory when it will be done	10:28
bauzas	I'm fine with this	10:28
SergeyLukjanov	about the oslo.messaging	10:31
SergeyLukjanov	https://pypi.python.org/pypi/oslo.messaging/	10:31
SergeyLukjanov	https://review.openstack.org/#/c/68040/	10:31
SergeyLukjanov	DinaBelova ^^	10:31
*** DinaBelova is now known as DinaBelova_		10:36
*** DinaBelova_ is now known as DinaBelova		10:45
DinaBelova	I know	10:45
DinaBelova	I will try to reanimate oslo.messaging change review now :D	10:45
DinaBelova	it might go to 0.1 :D	10:45
Nikolay_St	bauzas: yeap, I get it bauzas ^_^	10:54
openstackgerrit	Dina Belova proposed a change to stackforge/climate-nova: Reservation extensions to Nova API https://review.openstack.org/63097	11:05
DinaBelova	bauzas, as for this last https://review.openstack.org/63097 - I just set your change with filter as parent one and added nova.conf options	11:06
openstackgerrit	A change was merged to stackforge/climate-nova: Implement Nova filter for Host Reservation Pools https://review.openstack.org/63448	11:08
bauzas	DinaBelova: OK cool	11:08
openstackgerrit	A change was merged to stackforge/climate: Physical host reservation (DB related things) https://review.openstack.org/64705	11:10
openstackgerrit	Nikolay Starodubtsev proposed a change to stackforge/climate: Add notes about Keystone v3 endpoint to README.rst https://review.openstack.org/68609	11:17
Nikolay_St	ttps://review.openstack.org/68609	11:17
*** Nikolay_St has quit IRC		11:20
DinaBelova	scroiset, about https://review.openstack.org/#/c/68397/ - I've left some comments, may you take a look on it? Just question	12:15
bauzas	DinaBelova: I'm still getting an error when using ClimateKeystoneClient directly with no context	12:54
bauzas	could you please help me ?	12:54
DinaBelova	bauzas sure	12:54
bauzas	In [38]: k_cl.ClimateKeystoneClient(version='3',username=os.environ['OS_USERNAME'],password=os.environ['OS_PASSWORD'],tenant_name=os.environ['OS_TENANT_NAME'], auth_url=auth_url,endpoint=auth_url)	12:54
bauzas	---------------------------------------------------------------------------	12:54
bauzas	VersionNotAvailable	12:54
DinaBelova	mmmm	12:55
bauzas	ok, got my issue	12:55
bauzas	fixed it	12:55
bauzas	it was a typo	12:55
DinaBelova	:D	12:55
DinaBelova	:D	12:55
DinaBelova	I feel like Yuriy now	12:55
DinaBelova	he may just say 'mmmm' and everything start working :D	12:56
DinaBelova	it's usual	12:56
DinaBelova	:D	12:56
bauzas	now I'm getting another error :D	12:56
bauzas	Unauthorized: The request you have made requires authentication. (HTTP 401)	12:57
bauzas	I'm speaking about keystone.services.list()	12:58
DinaBelova	ok	12:59
DinaBelova	that's admin request	12:59
DinaBelova	OS_USERNAME is admin now?	12:59
DinaBelova	I mean user in OS_ has admin privileges? with needed password, etc?	13:00
bauzas	In [70]: os.environ['OS_PASSWORD'],os.environ['OS_USERNAME'],os.environ['OS_TENANT_NAME']	13:01
bauzas	Out[70]: ('password', 'admin', 'demo')	13:01
bauzas	yes, I'm using the same creds as for the client	13:01
bauzas	I sourced openrc admin	13:01
bauzas	and then I'm using it	13:01
DinaBelova	hmm...	13:01
bauzas	but I'm thinking of something	13:01
bauzas	my tenant and user were created using the Keystone v2 api	13:02
bauzas	I'm not passing a token	13:02
bauzas	and I have no context	13:02
DinaBelova	as for "my tenant and user were created using the Keystone v2 api" I think that cannot have any influence	13:03
bauzas	well, ok	13:04
bauzas	maybe that's a token issue then	13:04
DinaBelova	moment, let me think	13:04
DinaBelova	token will not influence too	13:05
DinaBelova	see https://github.com/stackforge/climate/blob/master/climate/utils/openstack/keystone.py#L90	13:05
DinaBelova	if you passed password, it will use it finally	13:05
DinaBelova	but i hav idea	13:05
DinaBelova	may you remove endpoint arg from client creation?	13:05
DinaBelova	like k_cl.ClimateKeystoneClient(version='3',username=os.environ['OS_USERNAME'],password=os.environ['OS_PASSWORD'],tenant_name=os.environ['OS_TENANT_NAME'], auth_url=auth_url)	13:06
DinaBelova	i'm just curious if that will work	13:06
DinaBelova	mmmm, no that's still strange	13:08
bauzas	mmm	13:08
DinaBelova	if you have no ctx	13:08
bauzas	same result	13:08
bauzas	by removing endpoint arg	13:08
DinaBelova	only thing utils is doing - is just passing these args to keystoneclient	13:09
DinaBelova	if that's not working	13:09
DinaBelova	like simple keystoneclient creation	13:09
DinaBelova	i'm really surprised	13:09
DinaBelova	may you create keystoneclient directly? with same args?	13:09
bauzas	uh, I'm not having same error, sorry	13:09
DinaBelova	wow	13:10
bauzas	In [86]: keystone = k_cl.ClimateKeystoneClient(version='3',username=os.environ['OS_USERNAME'],password=os.environ['OS_PASSWORD'],tenant_name=os.environ['OS_TENANT_NAME'], auth_url=auth_url)	13:10
bauzas	NotFound: The resource could not be found. (HTTP 404)	13:10
bauzas	lemme check with client directly	13:10
DinaBelova	i may know reason	13:10
DinaBelova	what's auth_url now?	13:11
bauzas	In [96]: auth_url	13:11
bauzas	Out[96]: 'http://192.168.122.237:35357/v3'	13:11
DinaBelova	mmmm	13:12
scroiset	DinaBelova: I can do it if you have a several concerns about the dependency review https://review.openstack.org/#/c/67121/. But if not, it won't be quicker to merge both :)	13:12
bauzas	(climate)bauzas@climate-devstack-ctrl:~/climate$ keystone endpoint-get --service identityv3	13:12
bauzas	+----------------------+--------------------------------+	13:12
bauzas	\| Property \| Value \|	13:12
bauzas	+----------------------+--------------------------------+	13:12
bauzas	\| identityv3.publicURL \| http://192.168.122.237:5000/v3 \|	13:12
bauzas	+----------------------+--------------------------------+	13:12
bauzas	(climate)bauzas@climate-devstack-ctrl:~/climate$ keystone endpoint-get --service identityv3 --endpoint-type admin	13:12
bauzas	+------------------+---------------------------------+	13:12
bauzas	\| Property \| Value \|	13:12
bauzas	+------------------+---------------------------------+	13:12
bauzas	\| identityv3.admin \| http://192.168.122.237:35357/v3 \|	13:12
bauzas	+------------------+---------------------------------+	13:12
*** SergeyLukjanov is now known as SergeyLukjanov_		13:13
scroiset	s/several/serious/	13:13
bauzas	my endpoints are correct	13:13
DinaBelova	yep i see	13:13
DinaBelova	scroiset, no, nothing :D	13:13
DinaBelova	bauzas, have you got success with direct client creation?	13:13
bauzas	nope :(	13:14
bauzas	same error	13:14
DinaBelova	ok, so that's somehow connected with keystone itself and os variables	13:14
scroiset	DinaBelova : cool, so you could just give +2 ;)	13:14
DinaBelova	may you get env \| grep OS_	13:14
DinaBelova	scroiset, I'm testing it right now	13:15
DinaBelova	final testing i believe	13:15
bauzas	(climate)bauzas@climate-devstack-ctrl:~/climate$ env \| grep OS_	13:15
bauzas	OS_IDENTITY_API_VERSION=2.0	13:15
bauzas	OS_PASSWORD=password	13:15
bauzas	OS_AUTH_URL=http://192.168.122.237:5000/v2.0	13:15
bauzas	OS_USERNAME=admin	13:15
bauzas	OS_TENANT_NAME=demo	13:15
bauzas	OS_VOLUME_API_VERSION=2	13:15
bauzas	OS_CACERT=/opt/stack/data/CA/int-ca/ca-chain.pem	13:15
bauzas	OS_NO_CACHE=1	13:15
DinaBelova	but one of my hosts said me goodbye :(	13:15
DinaBelova	bauzas, can you get error from keystone? that was 401?	13:16
bauzas	404	13:16
bauzas	without endpoint value	13:16
bauzas	401 with endpoint	13:16
DinaBelova	yep, i mean 404	13:16
DinaBelova	i believe there will be smth like v3/tokens/....	13:17
DinaBelova	or smth connected with tokens	13:17
bauzas	think so	13:18
bauzas	oh dear...	13:19
bauzas	think I got the error	13:20
bauzas	damn, not	13:20
DinaBelova	what's?	13:20
DinaBelova	frankly speaking all this stuff look weird	13:22
DinaBelova	https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v3/client.py#L73	13:22
DinaBelova	you're doing really the same now	13:22
DinaBelova	domain things are optional here, so miss them	13:22
DinaBelova	and that's your request	13:22
*** SergeyLukjanov_ is now known as SergeyLukjanov		13:22
DinaBelova	it seems to be working one	13:22
bauzas	noooooooo	13:22
bauzas	got it	13:22
DinaBelova	bauzas?	13:23
bauzas	ah non	13:23
bauzas	no	13:23
bauzas	I'm going crazy	13:23
bauzas	with Kv3	13:23
bauzas	wtf????	13:25
DinaBelova	dunno	13:25
bauzas	(eventlet.wsgi.server): 2014-01-23 14:24:58,017 INFO log write 192.168.122.237 - - [23/Jan/2014 14:24:58] "GET /v2.0/projects/1 HTTP/1.1" 404 228 0.014154	13:25
DinaBelova	om	13:25
bauzas	I specified v3 in my auth_url	13:25
bauzas	and it still tries to call v2	13:25
DinaBelova	mmm	13:25
bauzas	here is why the 404	13:25
DinaBelova	may you change OS_IDENTITY_API_VERSION=2.0 -> OS_IDENTITY_API_VERSION=3	13:25
DinaBelova	in os options	13:25
DinaBelova	although i dunno how that might influence if there is auth_url and version passed	13:26
bauzas	I can see that the client creation is requesting /auth/tokens	13:26
bauzas	which is V3	13:26
DinaBelova	yep	13:26
bauzas	that's only when I try to use a V3 manager that it goes to v2	13:27
DinaBelova	here is auth https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/v3/client.py#L175 and here everything is ok	13:27
bauzas	and my manager classes are correct	13:29
bauzas	In [21]: keystone.projects	13:29
bauzas	Out[21]: <keystoneclient.v3.projects.ProjectManager at 0x20a7bd0>	13:29
bauzas	that's a V3 manager	13:29
bauzas	but the call goes to V2	13:29
DinaBelova	i see that	13:30
DinaBelova	i	13:30
DinaBelova	i'm just trying to understand how that's possible	13:30
bauzas	(routes.middleware): 2014-01-23 14:29:37,097 DEBUG middleware __call__ Matched GET /projects	13:31
bauzas	here is why	13:31
DinaBelova	mmmm	13:31
DinaBelova	can't see reason yet	13:31
bauzas	http://paste.openstack.org/show/61734/	13:32
bauzas	I can try to tcpdump the calls	13:33
bauzas	in order to see the GETs	13:33
DinaBelova	that might help... but now that's really, really strange	13:34
bauzas	can't see the traces in tcpdump ?!	13:35
DinaBelova	:D	13:35
bauzas	ok, got the traces	13:36
bauzas	that was due to my ovs bridge	13:37
bauzas	I forgot I had some overhard	13:37
bauzas	overhead	13:37
DinaBelova	please share traces	13:37
bauzas	GET /v2.0/projects HTTP/1.1	13:38
bauzas	Host: 192.168.122.237:35357	13:38
bauzas	so the client DOES ask for V2	13:38
bauzas	digging at the keystone code	13:39
bauzas	I'll pdb it	13:39
DinaBelova	that's really strange, i may notice	13:39
DinaBelova	i'm shocked really... as i see here https://github.com/openstack/python-keystoneclient/blob/master/keystoneclient/httpclient.py#L573 you SHOULD use auth_url, that was passed as v3 one	13:48
DinaBelova	i have mo idea why that might not work	13:48
*** SergeyLukjanov is now known as SergeyLukjanov_a		13:50
*** SergeyLukjanov_a is now known as SergeyLukjanov_		13:51
bauzas	I'm doing some progress in troubleshooting	13:54
DinaBelova	bauzas, what's it?	13:57
DinaBelova	i'm really interested in results :D	13:57
bauzas	I'm seeing a difference in between self.auth_url which is V3	13:57
DinaBelova	that type of behaviour is quite new	13:57
bauzas	and url_to_use which is V2	13:57
DinaBelova	it looks like you've got management url there -0_0-	13:58
DinaBelova	that's quite strange	13:58
DinaBelova	if you did not pass endpoint= to keystoneclient	13:58
DinaBelova	it should be either token or token+endpoint or password+username things	13:59
DinaBelova	passed to Client class	13:59
DinaBelova	although if there is no is_management param in cs_... it won't influence	14:00
DinaBelova	interesting	14:00
bauzas	exactly	14:00
bauzas	i do have mgmt url...	14:00
bauzas	which is v2	14:00
bauzas	I now have to understand where this setting is instianciated	14:01
*** YorikSar has quit IRC		14:06
DinaBelova	bauzas you know some time ago there was code in keystone utils like: client=Client(); client.management_url = v3_url	14:09
DinaBelova	but we removed that code	14:09
DinaBelova	because of usage of endpoint arg	14:10
DinaBelova	if there is no of it it should use auth one	14:10
DinaBelova	as i remember	14:10
DinaBelova	that's shtange	14:10
DinaBelova	that's strange *	14:10
*** SergeyLukjanov_ is now known as SergeyLukjanov		14:12
bauzas	DinaBelova: got the final word	14:15
DinaBelova	in the access file?	14:15
bauzas	https://github.com/openstack/python-keystoneclient/blob/0.4.2/keystoneclient/httpclient.py#L471	14:15
bauzas	which is called by authenticate()	14:15
DinaBelova	but that's called in token was passed	14:16
DinaBelova	we have passsed no token	14:16
bauzas	which itself is called by v3.Client()	14:16
DinaBelova	am i wrong?	14:16
bauzas	https://github.com/openstack/python-keystoneclient/blob/0.4.2/keystoneclient/v3/client.py#L105	14:17
DinaBelova	ok got it	14:17
bauzas	https://github.com/openstack/python-keystoneclient/blob/0.4.2/keystoneclient/httpclient.py#L403	14:18
bauzas	so, the only way to prevent authenticate() is to provide the mgmt url directly	14:18
bauzas	... which has been removed from the latest Nick's patchset ... :D	14:18
DinaBelova	because that was not needed really - we've changed it by endpoint	14:19
DinaBelova	the only thing is	14:19
DinaBelova	that it seems like it should be passed anyway	14:19
bauzas	yup	14:19
DinaBelova	not only if token is passed	14:19
bauzas	if not, it will fail back to the catalog	14:19
DinaBelova	the strange moment id that we did not have such problem while testing	14:20
DinaBelova	the question is why	14:20
DinaBelova	i thing I got it	14:20
DinaBelova	everywhere we had ctx while testing	14:21
DinaBelova	but even so	14:21
DinaBelova	we do not have everywhere token passed	14:21
DinaBelova	so there is not endpoint there	14:21
DinaBelova	still	14:22
DinaBelova	i can't get reason why we had no error	14:22
DinaBelova	cause when we are using ctx_from_trust	14:22
bauzas	maybe you could check your endpoint for service_type identity	14:22
DinaBelova	we pass password	14:22
DinaBelova	it's 2.0	14:22
bauzas	that's not related at all with tokens :)	14:22
DinaBelova	i'm pretty sure with that	14:22
bauzas	because as you can see, there is no conditional	14:23
DinaBelova	identityv3 - v3 and identity - v2.0	14:23
bauzas	you create a client	14:23
bauzas	and when creating the client, if no mgmt_url, it goes into the catalog	14:23
bauzas	no token-related question at all	14:23
bauzas	that's direct	14:23
bauzas	what I think is :	14:23
bauzas	Nick previously was defined mgmt url	14:24
bauzas	he removed it from latest patchset	14:24
bauzas	maybe you didn't run all the tests for the last patchset ?	14:24
DinaBelova	of course we ran	14:24
bauzas	I'm not saying you made mistakes	14:24
DinaBelova	bauzas, sure	14:24
bauzas	:)	14:24
bauzas	anyway, we need to fix it :)	14:25
DinaBelova	i'm just trying to understand	14:25
DinaBelova	see	14:25
DinaBelova	https://review.openstack.org/#/c/48002/43/climate/utils/trusts.py	14:25
DinaBelova	line 57	14:25
DinaBelova	no token, no endpoint	14:25
DinaBelova	https://github.com/stackforge/climate/blob/master/climate/utils/openstack/keystone.py#L90	14:25
DinaBelova	here we got password	14:25
DinaBelova	so we do now set endpoint -> no management url passed	14:25
DinaBelova	so where is error here?	14:26
DinaBelova	why did not we get it?	14:26
DinaBelova	i really can't understand that	14:26
DinaBelova	i mean REALLY	14:26
DinaBelova	if it works like we discovered now	14:26
bauzas	hold on	14:27
bauzas	we need to see the review	14:27
bauzas	https://review.openstack.org/#/c/52296/42..45/climate/utils/openstack/keystone.py	14:28
bauzas	L102	14:29
DinaBelova	i see that - it was replaced by endpoint arg higher	14:29
DinaBelova	but as you see - only in case no password was passed	14:30
bauzas	no no :)	14:30
bauzas	patch42	14:30
bauzas	the management url was not passed to Keystone	14:30
bauzas	so internally, it was V2	14:30
bauzas	until L102	14:30
bauzas	the attribute was monkeypatched	14:31
DinaBelova	bauzas, i see what you're talking about	14:31
DinaBelova	i just have no idea	14:31
DinaBelova	how last version inthis case might work	14:31
bauzas	indeed	14:31
bauzas	patches 43 and above should have failed	14:31
DinaBelova	but they did not :? i'm quite sure with that	14:32
bauzas	but have you tested only trusts creation ?	14:32
DinaBelova	that's why i'n curious	14:32
bauzas	maybe trusts can be created without a management url	14:32
DinaBelova	full path from vm+lease creation and it's waking up later	14:32
bauzas	for example, I can authenticate	14:32
bauzas	ok, but then, the only keystone action you were doing was trust create ?	14:32
bauzas	I'm not testing trusts, but only projects list	14:33
bauzas	that's a different test	14:33
bauzas	and AIUI, you're only using KeystoneV3 for creating and using trusts	14:33
bauzas	which is fairly different	14:33
DinaBelova	i think so, yep	14:33
bauzas	maybe I can create a trust, hold on, will check	14:34
DinaBelova	ok	14:34
bauzas	nope, still getting a 404	14:39
bauzas	anyway, this needs to be fixed	14:40
bauzas	lemme test that when passing mgmt_url arg to the client, it will work	14:40
DinaBelova	ok	14:42
bauzas	oh, no way to pass it thru arg	14:43
bauzas	that's deprecated	14:43
DinaBelova	endpoint_arg should be used	14:43
DinaBelova	i suppose i've got reason	14:44
DinaBelova	look	14:44
DinaBelova	https://github.com/openstack/heat/blob/master/heat/common/heat_keystoneclient.py#L150	14:44
DinaBelova	they pass endpoint both using password and token	14:44
DinaBelova	but not for trust	14:44
DinaBelova	it seems like we should do the same for our case	14:44
bauzas	ok, scroiset found the good way to do it	14:46
bauzas	here is the good snippet of code	14:46
bauzas	if we don't want to monkeypatch, which is really really bad	14:47
DinaBelova	i believe we should only pass endpoint if there is password	14:47
bauzas	http://paste.openstack.org/show/61748/	14:47
DinaBelova	in client creation request	14:47
bauzas	we need to authenticate()	14:48
bauzas	that's the best option IMHO	14:48
DinaBelova	are you sure it won't work without 8 line?	14:48
DinaBelova	if endpoint is passed	14:48
bauzas	yup, got 401 if not	14:49
DinaBelova	ok, moment	14:49
DinaBelova	https://github.com/openstack/heat/blob/master/heat/common/heat_keystoneclient.py#L180	14:49
bauzas	that's what they call lazy authentication	14:49
DinaBelova	:)	14:49
DinaBelova	i see we need :D	14:49
bauzas	:D	14:49
bauzas	so, as a summary, we need both endpoint and .authenticate()	14:50
bauzas	feel free to loop this back with Nick	14:50
bauzas	I can prepare an emergency patch for trunk	14:50
bauzas	you agree ?	14:50
bauzas	I'm on it	14:50
DinaBelova	bauzas, i'm good with having it	14:51
bauzas	ok	14:51
DinaBelova	but we'll need to test one more time VM+lease	14:51
DinaBelova	to be sure it still works	14:51
bauzas	that's another thing	14:51
bauzas	the client we provide is currently bugged	14:51
bauzas	I'm going to fix it	14:51
DinaBelova	feel free to do that	14:52
bauzas	ok	14:52
bauzas	that's 3 lines more that's it	14:52
bauzas	so swann and you can approve	14:52
DinaBelova	ok, i believe that should be done like "if not 'trust_id' in kwargd: add_endpoint_to_kwargs"	14:54
DinaBelova	kwargd-> kwargs	14:55
bauzas	indeed	14:56
bauzas	and authenticate :)	14:56
bauzas	I'm basically following the Heat stuf	14:57
bauzas	stuff	14:57
bauzas	filing a bug now	14:57
DinaBelova	smth like that i believe http://paste.openstack.org/show/lrBa8Ub76Rgzvta0tuaD/	14:58
bauzas	https://bugs.launchpad.net/climate/+bug/1271959	14:59
DinaBelova	triaged	15:00
bauzas	lol, you wrote my thoughts	15:00
DinaBelova	:D	15:00
DinaBelova	maybe read? :D	15:01
bauzas	the token docstring has to be removed	15:05
bauzas	we're not using it	15:05
DinaBelova	yep	15:06
bauzas	because either we use the password, or the token from the context	15:06
bauzas	but there is no sense to use a token directly	15:06
DinaBelova	not really using	15:06
DinaBelova	but setting default	15:06
DinaBelova	it will be used from kwards	15:06
DinaBelova	if it will be passed	15:07
DinaBelova	so we might leave doc	15:07
bauzas	mmm	15:07
DinaBelova	because if it will be need to pass token - why not	15:07
bauzas	well ok	15:07
DinaBelova	also here it should be not as i showed in paste	15:08
DinaBelova	but also set_default for endpoint	15:08
DinaBelova	because we also may pass it	15:08
DinaBelova	like you did while testing	15:08
DinaBelova	http://paste.openstack.org/show/6m9TNoZUq4LcV3ztIcV7/ - like line 11	15:08
bauzas	I need to mock the authenticate method	15:09
DinaBelova	sure	15:11
bauzas	dammit	15:16
bauzas	my venv is old	15:16
bauzas	I'm still having keystoneclient-0.4.1	15:16
bauzas	I'll patch it by hand	15:16
DinaBelova	ok, sure :)	15:17
bauzas	how does it work with Jenkins btw ?	15:17
bauzas	how could it have been working ?	15:17
bauzas	oh, it should download the latest, which is 0.4.2	15:18
bauzas	these unittests are quite poor :(	15:19
bauzas	well, I'm sending the patch	15:21
DinaBelova	that's not really unittests problem here.... we're using now 0.4.2 that's not common now - as u remember. That's why now there is only exception falling	15:21
DinaBelova	yep	15:21
DinaBelova	sure	15:21
bauzas	nah nah, I'm just saying the coverage is not really good	15:22
bauzas	but ok	15:22
bauzas	we should amend them later	15:22
bauzas	just testing it on my stack and committing the change	15:25
DinaBelova	ok	15:25
bauzas	great it works	15:27
bauzas	publishing the change	15:27
bauzas	hadn't tested yet with Contect thou	15:27
bauzas	Context	15:27
DinaBelova	bauzas, i've got problems with your use case changes now	15:29
bauzas	sure, say it	15:29
DinaBelova	i'm trying to create vm on reserved host	15:30
bauzas	I spent 2 days on trusts, I can spend a few hours on PR :D	15:30
DinaBelova	i mean just create vm and that's it	15:30
bauzas	yup	15:30
bauzas	got it	15:30
DinaBelova	but i've got error with finding host	15:30
bauzas	you need to pass a reservation hint	15:30
openstackgerrit	Sylvain Bauza proposed a change to stackforge/climate: Fix Authentication problem with Keystone V3 https://review.openstack.org/68666	15:30
DinaBelova	oh, yep	15:31
bauzas	because if not, it will deny the compute host in the reservation pool	15:31
bauzas	and if you only have one c-host... :D	15:31
bauzas	then you get 0 hosts found	15:31
bauzas	maybe you saw the conversation with Phil Day	15:31
bauzas	I still have to PM him	15:32
DinaBelova	yep, but error is not while filtering	15:32
bauzas	have you deployed the filter ?	15:32
DinaBelova	yep	15:32
bauzas	ok	15:32
bauzas	what are the logs from the scheduler ?	15:32
bauzas	and your command line ?	15:32
bauzas	are you asking for a simple nova boot without hint ?	15:33
bauzas	and if yes, how many nova-computes do you have ?	15:33
DinaBelova	and after that error i have http://paste.openstack.org/show/IulxpIEUUbrBZigaGRJY/	15:33
DinaBelova	i forgot to pass hint	15:33
DinaBelova	and now i have smth really not working :D	15:33
bauzas	ok, how many hosts do you have ?	15:33
DinaBelova	two hosts	15:33
DinaBelova	controller all-in-one and compute	15:34
bauzas	ok	15:34
bauzas	oh, nice	15:34
bauzas	climate host-list please ?	15:34
bauzas	sounds like you're not in sync	15:34
DinaBelova	\| 3 \| compute \| 2 \| 3954 \| 8 \|	15:34
bauzas	here is why	15:35
bauzas	could you please check all your aggregates ?	15:35
DinaBelova	\| 1 \| freepool \| None \|	15:35
DinaBelova	\| 2 \| d4c60b8c-88ad-499e-bda9-9ee8606f5b93 \| climate:d4c60b8c-88ad-499e-bda9-9ee8606f5b93 \|	15:35
DinaBelova	mmm	15:35
DinaBelova	aggregates	15:35
bauzas	ok, could you please do aggregate-details on both ?	15:36
bauzas	you're out of sync I guess	15:36
bauzas	that's something we need to handle	15:36
bauzas	if an operator changes manually the hosts from one pool or another	15:36
bauzas	then Climate is out of sync	15:37
DinaBelova	mmm	15:37
bauzas	nova aggregate-details freepool ?	15:37
DinaBelova	no hosts in freepool	15:37
DinaBelova	just aggregate without any hosts	15:37
bauzas	and nova aggregate-details d4c60b8c-88ad-499e-bda9-9ee8606f5b93 ?	15:38
DinaBelova	also i noticed	15:38
bauzas	what is saying climate lease-list ?	15:38
DinaBelova	\| 2 \| d4c60b8c-88ad-499e-bda9-9ee8606f5b93 \| climate:d4c60b8c-88ad-499e-bda9-9ee8606f5b93 \| 'compute' \| 'availability_zone=climate:d4c60b8c-88ad-499e-bda9-9ee8606f5b93', 'climate:owner=51999f594ada4891850eae8861089d5d'	15:38
bauzas	so your host is in a lease	15:38
DinaBelova	but lease ended already	15:39
bauzas	climate lease-show <lease> ?	15:39
DinaBelova	i wanted to say that we need to make end_date not optional	15:39
DinaBelova	but mandatory one	15:39
bauzas	it is	15:39
DinaBelova	not, it's created without it	15:39
bauzas	default is 24h from the start_date	15:39
DinaBelova	and in this case	15:39
DinaBelova	oh	15:39
DinaBelova	yeeep	15:40
DinaBelova	sorry	15:40
bauzas	and start_date is now()	15:40
bauzas	you can define both, or none, or one	15:40
DinaBelova	http://paste.openstack.org/show/rZf0mWJocFxqSqYYAr6k/	15:40
DinaBelova	details about lease	15:40
bauzas	the lease is still not ended	15:41
DinaBelova	yep, sorry	15:41
DinaBelova	i missed that	15:41
DinaBelova	i removed error vms	15:41
bauzas	so, that's why the host is in the reservation pool	15:41
DinaBelova	and restarted nova-compute	15:41
DinaBelova	so now i'll be able to give you full errors if they will be	15:42
bauzas	could you please issue climate host-show <host_id> ?	15:42
bauzas	anyway, these aggs are non-sense for all	15:42
bauzas	I think I'll focus all my efforts on the dedicated instances in Nova	15:42
bauzas	by helping Phil	15:42
bauzas	because aggs are error-prone, as we need to store information about them	15:43
DinaBelova	http://paste.openstack.org/show/xQKPHRczvM0jshsodHZT/	15:43
bauzas	ok, I got a better picture now	15:43
bauzas	so	15:43
bauzas	last thing	15:44
bauzas	could you please issue nova-manage service list \| grep compute ?	15:44
bauzas	host 'compute' with ID3 is now locked within a lease	15:44
bauzas	so, the only way to boot VMs on it is to pass the reservation ID as hint	15:45
DinaBelova	nova-compute ubuntu-12 nova enabled :-) 2014-01-23 15:44:38	15:45
DinaBelova	nova-compute compute climate:d4c60b8c-88ad-499e-bda9-9ee8606f5b93 enabled :-) 2014-01-23 15:44:42	15:45
bauzas	--hint reservation=<res_id>	15:45
DinaBelova	ok, that will be id of aggregate?	15:45
bauzas	name of the aggregate = ID of reservation	15:45
DinaBelova	ok	15:46
bauzas	users don't know about aggs, they know about reservations :)	15:46
DinaBelova	sure	15:48
bauzas	nova hypervisor-list please ?	15:48
DinaBelova	i just think that user might have a wish to boot vm without --hint ... in common pool	15:48
DinaBelova	bauzas you know	15:48
DinaBelova	i rebooted devstack	15:48
bauzas	nope, need to know the IDs	15:49
DinaBelova	passed hint	15:49
DinaBelova	and got good booted vm	15:49
bauzas	if you don't pass hint, it should elect your 'ubuntu' host	15:49
DinaBelova	bauzas, i'll check it now	15:49
DinaBelova	because last time	15:49
bauzas	I'm still wondering why Nova was looking for Compute Host with ID '1'	15:49
DinaBelova	it gave me all these errors	15:49
bauzas	that's why I need to know hypervisor-list please	15:50
bauzas	I know that 'compute' is having ID of 3	15:50
bauzas	but dunno the ID of 'ubuntu-12'	15:50
bauzas	if it's 1, then the error you have is unrelated to Climate	15:50
bauzas	you can check logs of the scheduler	15:51
DinaBelova	+----+---------------------------+	15:51
DinaBelova	\| ID \| Hypervisor hostname \|	15:51
DinaBelova	+----+---------------------------+	15:51
DinaBelova	\| 3 \| compute \|	15:51
DinaBelova	\| 4 \| ubuntu-12.04-server-amd64 \|	15:51
DinaBelova	+----+---------------------------+	15:51
DinaBelova	you know	15:51
DinaBelova	after restartng	15:51
DinaBelova	it works great	15:51
DinaBelova	dunno what happened	15:51
DinaBelova	vm without hint	15:51
bauzas	then you had an issue with your devstack install	15:51
SergeyLukjanov	how is your 0.1 preparations?	15:51
DinaBelova	went to not reserved host	15:52
DinaBelova	SergeyLukjanov almost finishing them...	15:52
DinaBelova	https://review.openstack.org/#/q/status:open+project:stackforge/climate,n,z - two of them are not for 0.1	15:52
DinaBelova	i believe we'll and with merging tomorrow or on Monday	15:53
DinaBelova	as for checking, we need one day for it	15:53
DinaBelova	if there will be not many errors - cause now we found some and fixed them already	15:53
bauzas	well, the main reviews are 2 for PR, and 2 for VR	15:54
bauzas	the big one for PR is the plugin itself	15:54
bauzas	so, that's why DinaBelova that's cool you're testing it	15:54
DinaBelova	i'm going to give my +2's for PR	15:54
DinaBelova	cause it works :D	15:54
bauzas	I'm still beating with all that Keystone stuff	15:55
bauzas	now that the issue is fixed, I'm testing trusts	15:55
DinaBelova	:D	15:55
DinaBelova	bauzas, what do you think about release date?	16:06
DinaBelova	when it would be possible to do that?	16:06
bauzas	well, we're on Thur	16:06
bauzas	and there still 3 important reviews to do	16:06
DinaBelova	cause Nick will check all tomorrow	16:06
DinaBelova	and fix doc	16:06
DinaBelova	I'm ok with PR use case cause tried to check it how I can	16:07
bauzas	the main issue is that I lost 2 days trying to make things work for keystone client :(	16:07
bauzas	now, I have to quickly test trusts	16:08
DinaBelova	i understand that	16:08
DinaBelova	i believe we may think about Monday evening for release if everything will be tested/merged till that time	16:08
bauzas	think so	16:09
DinaBelova	ok	16:09
bauzas	we're already testing all	16:09
bauzas	not only giving +2	16:09
bauzas	so, there is non sense to wait for specific QA	16:09
DinaBelova	yep, I just mean test all stuff after little code freeze	16:09
DinaBelova	like we merge everything	16:09
DinaBelova	and have final testing	16:09
DinaBelova	like we test VMs	16:10
DinaBelova	you hosts	16:10
bauzas	well ok	16:10
DinaBelova	that might take only 2-3 hours, not more	16:10
DinaBelova	but we'll be sure everything is ok	16:10
bauzas	I'm testing to rebase trusts	16:11
bauzas	as it needs our fix	16:11
DinaBelova	yep	16:12
bauzas	the rebase is OK	16:12
bauzas	that's pretty cool, now we have a client :)	16:17
bauzas	btw., maybe you know but you can create leases for VR thanks to the client	16:20
bauzas	provided you use --reservation	16:20
openstackgerrit	A change was merged to stackforge/climate: Fix Authentication problem with Keystone V3 https://review.openstack.org/68666	16:21
bauzas	climate lease-create --reservation resource_id=1234,resource_type="virtual:instance" test_lease	16:22
bauzas	pretty useful if you want to test :)	16:22
DinaBelova	%)	16:24
DinaBelova	yep :)	16:24
bauzas	sounds like trusts are working like a charm	16:26
bauzas	:)	16:26
bauzas	great job	16:26
bauzas	just showing details with Keystone client	16:26
bauzas	to make sure values are correct	16:26
bauzas	and I'm done	16:27
bauzas	well, something is strange	16:29
bauzas	I'm using a "demo" user	16:29
bauzas	but neither the trustee nor the trustor show me the correct user-id, but instead the admin one	16:29
bauzas	I'm running climate with no service user, but admin	16:30
DinaBelova	sorry, can't get point	16:30
DinaBelova	who is trustor and who is trustee?	16:30
DinaBelova	i mean what do you want them to be?	16:30
bauzas	hold on, made a mistake :)	16:30
bauzas	much better now :D	16:30
DinaBelova	:D	16:30
bauzas	the trustor was admin, while it should be demo	16:31
DinaBelova	also I've created https://etherpad.openstack.org/p/climate-0.2	16:31
DinaBelova	:D	16:31
bauzas	but that was because I was running as admin :)	16:31
DinaBelova	please feel free to add points to that doc	16:31
bauzas	ok, just quickly verifying code and then +2	16:31
DinaBelova	I believe we'll discuss it tomorrow	16:31
DinaBelova	nice :)	16:31
bauzas	I amended a few the doc	16:42
DinaBelova	yep i saw that	16:44
DinaBelova	i just think it will be discussed all next week :D	16:44
DinaBelova	but we need to start now :D	16:44
bauzas	argh	16:51
bauzas	one typo	16:51
bauzas	https://review.openstack.org/#/c/48002/	16:51
bauzas	as it's depending from a top plugin	16:51
bauzas	I can propose to give +2 to it	16:51
bauzas	but you/Nick need to fix it on the plugin side	16:52
bauzas	DinaBelova aaaaaaaaaaaaa ?	16:56
DinaBelova	i'll fix it now	16:56
DinaBelova	sorry	16:56
bauzas	no pb	16:56
DinaBelova	was dreaming about 0.2 :D	16:56
bauzas	well, you know, once Climate will be public with 0.1	16:56
bauzas	we'll have hundreds of ATCs ready to contribute	16:57
bauzas	we will be rockstars	16:57
bauzas	and fans will follow us whereever we go	16:57
bauzas	that's only a question of time :)	16:58
DinaBelova	:D	16:58
openstackgerrit	Dina Belova proposed a change to stackforge/climate: Implement keystone trust support https://review.openstack.org/48002	16:58
DinaBelova	smth like that in my mind was happening	16:58
DinaBelova	i fixed typo	16:58
DinaBelova	let's merge it devil-smile	16:59
DinaBelova	:D	16:59
bauzas	^_^	17:02
*** SergeyLukjanov is now known as SergeyLukjanov_		17:03
bauzas	DinaBelova: could you please communicate etherpad link for 0.2 in the ML ?	17:04
DinaBelova	bauzas, ok	17:05
DinaBelova	done	17:07
DinaBelova	i will go home :D	17:07
DinaBelova	bye	17:07
*** DinaBelova is now known as DinaBelova_		17:08
*** YorikSar has joined #openstack-climate		17:10
openstackgerrit	A change was merged to stackforge/climate: Implement keystone trust support https://review.openstack.org/48002	17:21
*** bauzas has quit IRC		17:31
openstackgerrit	Swann Croiset proposed a change to stackforge/climate: Physical host reservation plugin https://review.openstack.org/54285	17:34
openstackgerrit	Swann Croiset proposed a change to stackforge/climate: Physical host reservation plugin (lease update) https://review.openstack.org/67121	17:34
openstackgerrit	Swann Croiset proposed a change to stackforge/climate: Improve coherence of exceptions handling https://review.openstack.org/68397	17:36
*** SergeyLukjanov_ is now known as SergeyLukjanov		18:06
*** DinaBelova_ is now known as DinaBelova		18:07
*** DinaBelova is now known as DinaBelova_		18:33
*** DinaBelova_ is now known as DinaBelova		19:07
openstackgerrit	A change was merged to stackforge/climate: Physical host reservation plugin https://review.openstack.org/54285	19:43
openstackgerrit	A change was merged to stackforge/climate: Physical host reservation plugin (lease update) https://review.openstack.org/67121	19:43
openstackgerrit	A change was merged to stackforge/climate: Improve coherence of exceptions handling https://review.openstack.org/68397	20:25
*** SergeyLukjanov is now known as SergeyLukjanov_		20:28
*** DinaBelova is now known as DinaBelova_		21:09

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!