Thursday, 2018-11-22

« Wednesday, 2018-11-21 Index Friday, 2018-11-23 »
*** hongbin has quit IRC00:36
*** mordred has quit IRC00:49
*** rcernin has quit IRC01:39
*** rcernin has joined #openstack-containers01:39
*** mgariepy has quit IRC03:24
*** mgariepy has joined #openstack-containers03:35
*** ykarel|away has joined #openstack-containers03:49
*** ykarel|away is now known as ykarel03:56
*** udesale has joined #openstack-containers04:15
*** janki has joined #openstack-containers04:32
*** ivve has joined #openstack-containers04:39
*** ykarel has quit IRC05:24
*** ykarel has joined #openstack-containers05:40
*** ricolin has joined #openstack-containers06:13
*** pcaruana has joined #openstack-containers07:22
*** ramishra has joined #openstack-containers07:30
*** ykarel is now known as ykarel|lunch07:44
*** rcernin has quit IRC08:13
*** ykarel|lunch is now known as ykarel08:36
*** chhagarw has joined #openstack-containers08:55
*** FlorianFa has joined #openstack-containers10:14
*** shrasool has joined #openstack-containers10:24
*** ianychoi has quit IRC10:25
*** ign0tus has joined #openstack-containers10:43
*** ramishra has quit IRC10:43
*** salmankhan has joined #openstack-containers10:49
*** salmankhan1 has joined #openstack-containers10:52
*** salmankhan has quit IRC10:54
*** salmankhan1 is now known as salmankhan10:54
*** udesale has quit IRC11:15
*** ianychoi has joined #openstack-containers11:31
*** janki has quit IRC11:43
*** dims has quit IRC11:45
*** ramishra has joined #openstack-containers12:17
*** shrasool has quit IRC13:14
*** shrasool has joined #openstack-containers13:35
*** udesale has joined #openstack-containers13:44
*** pcaruana has quit IRC13:50
*** zul has joined #openstack-containers14:06
*** dims has joined #openstack-containers14:14
*** shrasool has quit IRC14:15
*** shrasool has joined #openstack-containers14:16
*** pcaruana has joined #openstack-containers14:25
*** FlorianFa has quit IRC14:33
*** ykarel is now known as ykarel|away14:34
*** FlorianFa has joined #openstack-containers14:46
*** ykarel|away has quit IRC14:47
*** hongbin has joined #openstack-containers14:52
*** shrasool has quit IRC15:27
*** shrasool has joined #openstack-containers15:38
*** rpittau has joined #openstack-containers15:43
*** ykarel|away has joined #openstack-containers16:11
*** shrasool has quit IRC16:23
*** ricolin has quit IRC16:31
*** ramishra has quit IRC16:32
*** ign0tus has quit IRC16:41
*** udesale has quit IRC16:48
openstackgerritMerged openstack/magnum stable/queens: Update heat-container-agent version tag  https://review.openstack.org/61935617:15
*** shrasool has joined #openstack-containers17:16
*** chhagarw has quit IRC17:25
*** shrasool has quit IRC17:56
*** ykarel|away has quit IRC18:09
*** salmankhan has quit IRC18:32
*** rpittau has quit IRC18:46
*** lpetrut has joined #openstack-containers18:46
mnaserflwang: have you noticed/seen docker just randomly stopping in magnum?19:13
mnaserlike im seeing the docker process randomly stopping and the cluster acting all weird19:13
mnaserseen this happening both on master and minion19:13
mnaserdocker-containerd-current[888]: time="2018-11-22T19:31:52.118293419Z" level=info msg="stopping containerd after receiving terminated"19:32
*** shrasool has joined #openstack-containers19:52
flwangmnaser: no, never see that20:32
flwangis there any more information from kubelet log?20:33
mnaserflwang: kubelet has no idea, it just sees docker disappear20:33
mnaserand docker process disappears20:33
mnaseri tried upgrading the atomic host and going to try again20:33
mnaserthis happens when running sonobuoy20:33
flwangi assume you're using the default docker version in fedora atomic 27?20:34
mnaserflwang: yeah, but its an older image, so maybe that it20:34
flwangwhat do you mean older?20:35
flwangwhat's the version of your fedora atomic 27?20:35
mnaserflwang: i think this one is pretty old.  2018-02-0120:38
mnaser(Feb)20:38
mnaserupgraded the host now and trying again20:38
mnaserlooks much better20:39
flwangmnaser: cool20:39
mnaserflwang: sorry for noise, i'll update our images20:39
mnasertoo bad fedora doesnt ship .raw images so we have to store converted ones to deploy via osa (boo)20:39
flwangmnaser: no problem, any time20:39
flwangmnaser: from magnum side, we're working with fedora/coreos atomic to figure out the requirements we need20:40
flwangfor long term20:40
mnaserflwang: awesome.  it's a great platform for exactly the stuff that we're doing!20:41
flwangmnaser: pls return any feedback and we're happy to address20:41
mnaserflwang: absolutely.  i've been trying to get more people to know magnum is a really good option20:42
mnaseras you saw in the talk some people thought that it doesn't provide you with the tooling that you need out of the box :)20:42
mnaserwanna kill that fud20:42
flwangmnaser: Yep, i can feel that from the session. thank you.20:42
flwangthere are a lot of tools can help to deploy k8s, but magnum is the good one if you want to integrate with openstack20:43
flwangi think that is key for most of the services in openstack ecosystem20:43
mnaserflwang: yep, also, i have seen some issues recently with flannel not properly going up cause its stuck waiting for etcd20:47
mnaseri havent debugged much more, it happens from time to time20:47
mnaseri will try to investigate more20:48
flwangmnaser: why not go for calico?20:53
mnaserflwang: dunno. it was the default? :p20:53
mnaserflwang: did you use calico when you ran the conformance tests?20:53
flwangmnaser: yep20:53
flwangi use calico20:54
mnaserit's failing for me right now using flannel20:54
flwangand in Catalyst Cloud, we use calico as default, we don't 'support' flannel20:54
mnaserNov 22 20:52:35.022: INFO: Failed to get response from guestbook. err: the server is currently unable to handle the request (get services frontend), response:20:54
mnaserany reasons behind picking one vs the other?20:54
flwangmnaser: we need network policy20:54
flwangfor better security20:54
mnaserflwang: ack, it looks like the default is flannel.. i think? let me see20:55
flwangyep, default is flannel20:55
mnaserill try to hack on this a little bit just to make sure it works properly with flannel20:56
mnaseri wonder what gke runs, or maybe something like kuryr20:56
flwangmnaser: gke supports both21:04
flwangby default is flannel21:04
flwangand if you want to enable network policy, then calico21:04
flwangmnaser: ^21:04
mnaserflwang: gotcha.  is network policy required for conformance?21:04
flwangmnaser: no21:06
flwangwith flannel, it should work as well21:06
mnaserflwang: ok, thanks, i'll try to figure out why things are not working right now :\21:06
flwangmnaser: no worries, let me know if there is any question i can help21:06
*** ivve has quit IRC21:12
*** lpetrut has quit IRC21:23
mnaserflwang: ugh, found it.. a reboot of a vm broke it.  https://github.com/openstack/magnum/blob/f0dec728e78bcb3851b1a484b73bfe567b3c1fc9/magnum/drivers/common/templates/swarm/fragments/network-service.sh#L61-L6321:31
mnaseror rather https://github.com/openstack/magnum/blob/9375dc2ae51c8aed39ba57984bc8cfe07ab070e4/magnum/drivers/common/templates/kubernetes/fragments/flannel-service.sh#L25-L2721:32
flwanghaha, you added it21:35
mnaserflwang: well i fixed it because it wasn't working at all :)21:37
mnasernow it doesn't work on reboot21:37
flwangso you mean after reboot the vm, the ipstables lost the rule?21:38
strigazimnaser: https://gitlab.cern.ch/cloud-infrastructure/magnum/commit/52a69ff2d63f1cb22332711254bf682b4f022bc621:44
mnaserstrigazi: oh thats cool, mind if i cherry pick and push that upstream?21:45
mnaserunless thats there and i cant see it :D21:45
strigazimnaser: not there yet21:45
strigazimnaser: shoot21:45
strigazimnaser: L1TF and spectre/meltdown reboots campaigns revealed those21:46
mnaserstrigazi: must have been a fun time21:46
strigaziit was too much fun21:47
openstackgerritMohammed Naser proposed openstack/magnum master: Add iptables -P FORWARD ACCEPT unit  https://review.openstack.org/61964321:51
mnaserstrigazi: that's an initial go at it21:51
strigazimnaser: it is good for now. we need to drop in another patch the rule from the other unit.21:52
flwangstrigazi: did you finish  the rebase of https://review.openstack.org/#/c/561858/21:53
strigazimnaser: I'll do tmr the storyboard, reno dance tmr21:53
mnaserstrigazi: ok thank you, i already actaully filed a bug21:53
flwangstrigazi: i rebased i t locally, but got issues21:53
mnaserhttps://storyboard.openstack.org/#!/story/200441621:53
mnaserso if you wanna reuse that and you only have reno dance left :)21:53
flwangseems those bash scripts are executed before the heat-params file21:53
* mnaser goes back to breaking stuff21:53
strigaziflwang: I was trying to but then the network didn't let me. FIrst thing tmr. leave a comment for the issues you saw.21:54
flwangstrigazi: ok21:55
strigaziflwang: i'm simplifying the patch to see less issues.21:55
strigaziflwang: plus the agent needs more things. openssh and openssl pkgs21:56
flwangstrigazi: ok, should i stop review it now until you rebase it?21:56
strigaziyes, for review can you take a look to NGs, we can merge it21:57
strigaziand the jim's keypair patch21:57
strigaziI added you as reviewer21:57
strigazihttps://review.openstack.org/#/c/590443/ https://review.openstack.org/#/c/607363/21:58
* strigazi is going to bed and prays the network gods will be happy tmr.22:00
*** shrasool has quit IRC22:03
*** rcernin has joined #openstack-containers22:05
flwangstrigazi: ok, got it22:13
*** shrasool has joined #openstack-containers22:33
*** shrasool has quit IRC22:39
« Wednesday, 2018-11-21 Index Friday, 2018-11-23 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!