Wednesday, 2018-12-12

*** shrasool has quit IRC		00:00
openstackgerrit	Merged openstack/magnum master: functional: add body for delete_namespaced_service in k8s https://review.openstack.org/623612	00:06
openstackgerrit	Merged openstack/magnum master: functional: bump atomic version to latest https://review.openstack.org/623622	00:06
openstackgerrit	Merged openstack/magnum master: functional: use default admission_control_list values https://review.openstack.org/623628	00:06
openstackgerrit	Merged openstack/magnum master: functional: use vexxhost-specific nodes with nested virt https://review.openstack.org/623607	00:06
*** itlinux has joined #openstack-containers		00:06
*** munimeha1 has quit IRC		00:06
*** itlinux_ has joined #openstack-containers		00:25
*** itlinux has quit IRC		00:28
*** itlinux_ has quit IRC		00:49
*** PagliaccisCloud has quit IRC		00:53
*** dave-mccowan has joined #openstack-containers		01:14
*** PagliaccisCloud has joined #openstack-containers		01:31
*** ricolin has joined #openstack-containers		02:02
*** hongbin has joined #openstack-containers		02:44
*** ykarel\|away has joined #openstack-containers		02:58
openstackgerrit	Feilong Wang proposed openstack/magnum master: Fix grafana port access in prometeus monitoring https://review.openstack.org/624558	03:02
*** ykarel\|away has quit IRC		03:05
*** dave-mccowan has quit IRC		03:52
*** ykarel\|away has joined #openstack-containers		04:08
*** udesale has joined #openstack-containers		04:17
*** hongbin has quit IRC		04:55
*** ykarel\|away has quit IRC		05:09
*** ricolin has quit IRC		05:15
*** rtjure has quit IRC		05:19
*** itlinux has joined #openstack-containers		05:21
*** rtjure has joined #openstack-containers		05:22
*** ykarel\|away has joined #openstack-containers		05:25
openstackgerrit	Lingxian Kong proposed openstack/magnum master: [WIP] Delete Octavia loadbalancers for fedora atomic k8s driver https://review.openstack.org/497144	05:25
*** ykarel\|away is now known as ykarel		05:26
*** ricolin has joined #openstack-containers		05:32
*** zufar has joined #openstack-containers		05:39
*** itlinux has quit IRC		05:51
*** lpetrut has joined #openstack-containers		06:30
*** ramishra has quit IRC		06:32
*** ramishra has joined #openstack-containers		06:33
*** ricolin has quit IRC		07:12
*** openstackgerrit has quit IRC		07:29
*** rcernin has quit IRC		07:30
*** ivve has quit IRC		07:30
*** lpetrut has quit IRC		07:46
*** openstackgerrit has joined #openstack-containers		08:19
openstackgerrit	Bharat Kunwar proposed openstack/magnum stable/queens: functional: use vexxhost-specific nodes with nested virt https://review.openstack.org/624608	08:20
lxkong	strigazi: hi could you please take brief look at https://review.openstack.org/497144? I wanan make sure i am doing right as discussed before spending time on the UT, thanks	08:32
*** salmankhan has joined #openstack-containers		09:00
*** ivve has joined #openstack-containers		09:04
*** salmankhan has quit IRC		09:24
*** salmankhan has joined #openstack-containers		09:38
strigazi	lxkong: looking	09:38
strigazi	lxkong: lgtm, can you add an debug log that it starts the pre_delete hook?	09:40
*** lpetrut has joined #openstack-containers		09:41
*** lpetrut has quit IRC		09:45
openstackgerrit	Spyros Trigazis proposed openstack/magnum master: functional: stop using concurrency of 1 for api tests https://review.openstack.org/623917	09:45
*** ivve has quit IRC		09:52
*** salmankhan has quit IRC		10:14
*** salmankhan has joined #openstack-containers		10:16
*** salmankhan has quit IRC		10:21
*** salmankhan has joined #openstack-containers		10:21
lxkong	strigazi: yeah, i've already added when i was testing just now	10:59
*** udesale has quit IRC		11:02
*** udesale has joined #openstack-containers		11:03
*** lpetrut has joined #openstack-containers		11:03
openstackgerrit	Lingxian Kong proposed openstack/magnum master: Delete Octavia loadbalancers for fedora atomic k8s driver https://review.openstack.org/497144	11:04
openstackgerrit	Merged openstack/magnum master: functional: stop using concurrency of 1 for api tests https://review.openstack.org/623917	11:46
*** ttsiouts has joined #openstack-containers		11:47
openstackgerrit	Theodoros Tsioutsias proposed openstack/magnum master: [WIP] Add nodegroup representation https://review.openstack.org/604823	11:48
openstackgerrit	Theodoros Tsioutsias proposed openstack/magnum master: [WIP] API changes for nodegroups https://review.openstack.org/604824	11:48
ttsiouts	strigazi: ^	11:49
ttsiouts	strigazi: I'm preparing a new patch with the driver implementation	11:49
strigazi	ttsiouts: awesome	11:50
ttsiouts	:D	11:50
*** salmankhan1 has joined #openstack-containers		12:02
*** salmankhan has quit IRC		12:03
*** salmankhan1 is now known as salmankhan		12:03
*** ttsiouts has quit IRC		12:07
*** ttsiouts has joined #openstack-containers		12:07
*** salmankhan has quit IRC		12:11
*** ttsiouts has quit IRC		12:12
sayalilunkad	hi! Anyone see this error when creating a magnum template? ERROR: No module named google (HTTP 500) (Request-ID: req-77ecd6c4-3fd1-4cc2-9443-69e970227c23)	12:23
openstackgerrit	Lingxian Kong proposed openstack/magnum master: Delete Octavia loadbalancers for fedora atomic k8s driver https://review.openstack.org/497144	12:34
*** dave-mccowan has joined #openstack-containers		12:41
*** ttsiouts has joined #openstack-containers		12:54
*** salmankhan has joined #openstack-containers		13:14
*** salmankhan has quit IRC		13:35
*** salmankhan has joined #openstack-containers		13:35
*** salmankhan has quit IRC		13:36
*** salmankhan has joined #openstack-containers		13:37
*** roukoswarf has quit IRC		14:12
*** irclogbot_0 has quit IRC		14:36
mordred	flwang: https://github.com/rook/rook/issues/2371 and https://github.com/rook/rook/issues/1921 are potentially worth being aware of and/or looking in to	14:40
mordred	flwang: tl;dr - using a magnum created k8s cluster using atomic nodes (this is on vexxhost public cloud) - trying to use rook to get a cephfs that can be used via flexvolume in pods	14:41
mordred	flwang: it almost works - except for when k8s thinks it has mounted the cephfs flexvolume, it really hasn't - and best we can tell it's because the mount is happening in the kubelet container and not propogating to the host	14:42
mordred	from what I can tell from the comments in 1921 and 1930, it seems specifically related to the containerized controlplane	14:42
mordred	for now, I'm going to try spinning up a k8s by hand to verify all of the k8s yaml is doing what it's supposed to be doing	14:43
*** ykarel has quit IRC		14:47
mnaser	mordred: o/	14:50
mordred	but it seems like a things that a) should be sorted out and b) is a potentially excellent end-to-end test case	14:50
mordred	mnaser: and I was actually just about to ping you about that too :)	14:50
mnaser	mordred: i wonder if because we do a containerized deploy, the `/var/lib/kubelet/volumeplugins` path is actually empty inside the kubelet so it doesn't actually know what to do?	14:51
*** irclogbot_0 has joined #openstack-containers		14:51
mnaser	mordred: i think `atomic exec` is a thing.. so what if you did something like `atomic exec kubelet ls /var/lib/kubelet/volumeplugins` ?	14:52
*** hongbin has joined #openstack-containers		14:52
*** Miouge has quit IRC		14:55
mordred	mnaser: lemme try	14:56
mordred	mnaser: (although that said, we did verify that the cephfs is getting mounted into the kubelet container - so I think https://github.com/rook/rook/issues/1921#issuecomment-419518244 is likely to be the issue	14:57
*** Miouge has joined #openstack-containers		14:57
mnaser	mordred: lemme look at the second isuse, got distracted reading buffers in the morning :)	14:57
mordred	mnaser: which is that the flexvolume operation is happening in the container so it's not available on the host	14:57
openstackgerrit	Mohammed Naser proposed openstack/magnum stable/rocky: functional: retrieve cluster to get stack_id https://review.openstack.org/624723	14:58
*** ykarel has joined #openstack-containers		14:58
mordred	mnaser: that said:	14:59
mordred	# runc exec kubelet ls /var/lib/kubelet/volumeplugins	14:59
mordred	ceph.rook.io~rook	14:59
mordred	ceph.rook.io~rook-ceph-system	14:59
mordred	rook.io~rook	14:59
mordred	rook.io~rook-ceph-system	14:59
mordred	mnaser: (it's runc exec, not atomic exec, just for the record)	14:59
*** hongbin has quit IRC		15:00
mnaser	mordred: reading that second issue it looks like that's exactly what it is	15:03
mordred	yeah	15:03
mordred	any thoughts on workarounds - even hacky ones?	15:03
mordred	fwiw - I've also sent an internal rh email to travis, sage and fabian to see if they have any thoughts on workarounds	15:04
mordred	although with kubecon, I'm guessing it's unlikely for them to have much brainspace this week	15:05
mordred	mnaser: I'm guessing, because it's atomic, that running kubelet on the host without using a container is likely a difficult hack at this point, yeah?	15:07
mordred	(I say that - it's a static binary, so one could presumably just reach in to the container filesystem and execute the binary directly ... but that seems kind of like open heart surgery with a steak knife	15:07
mordred	mnaser: also - while I'm bothering you here ... once we get some of this figured out - it might not be a bad idea to submit a docs patch to rook for the flexvolume config section to add a magnum section	15:08
mnaser	mordred: so the reason behind that architectural decision was an effort to allow us to deploy any version of k8s	15:09
mnaser	but also because fedora atomic's model functions in a way that most everything runs in a container	15:10
mordred	yah	15:10
mnaser	i guess we COULD plop down binaries and systemd units and call it a day	15:10
openstackgerrit	Bharat Kunwar proposed openstack/magnum stable/rocky: functional: use vexxhost-specific nodes with nested virt https://review.openstack.org/624729	15:10
*** jonaspaulo has joined #openstack-containers		15:10
jonaspaulo	hi all	15:10
mordred	mnaser: the atomic section just links to the openshift docs, and it's super hard to follow - the neat thing is that just setting FLEXVOLUME_DIR_PATH to /var/lib/kubelet/volumeplugins works because magnum has already done the work to pass the right flags to the kubelet	15:10
mordred	mnaser: well - no, I think the magnum architecture decision is the right one	15:10
mordred	and a solution should be found to this issue	15:11
jonaspaulo	i am trying to deploy magnum and i get this error when launching a the cluster on the journalctl of the master node	15:11
jonaspaulo	runc[2915]: publicURL endpoint for orchestration service in null region not found runc[2915]: Source [heat] Unavailable. runc[2915]: /var/lib/os-collect-config/local-data not found. Skipping	15:11
jonaspaulo	any1 has idea what could be wrong?	15:11
mnaser	mordred: im really at a loss on a good next step	15:11
mordred	mnaser: but - while I'm just poking around for workarounds, do you think just switching the systemd unit to running the kubelet binary directly on the host would work?	15:11
mordred	mnaser: or would it just cause everythign to blow up?	15:12
mnaser	mordred: is this an environment where i can have my ssh key in there to dig around logs a little bit today?	15:12
mordred	mnaser: yup. have a link to your key handy?	15:12
mnaser	i'd say it shouldn't but i have never tried it so i cant speak about it	15:12
mordred	kk	15:12
mnaser	https://github.com/mnaser.keys	15:12
mnaser	(i'm also at kubecon but i dont know enough people to know who to talk to about this :])	15:13
mordred	mnaser: I can send an email intro to some folks	15:13
mnaser	mordred: sure! be more than happy to chat, im here all day and tomorrow	15:13
mnaser	mordred: also re documenting how to get this done, i think that's super valuable too	15:14
mnaser	though in an ideal world, our k8s cluster "Just Work"™	15:14
mordred	++	15:15
mordred	mnaser: well - the main thing that needs documenting in the rook docs is that the default value for the rok config option FLEXVOLUME_DIR_PATH needs to be set differently from the defaults on atomic based hosts	15:15
mordred	so there is a REALLY easy answer that can be put into the docs	15:15
mnaser	mordred: gotcha, well if this affects all flexvolume deploys then we should probably just set it to that path.. all the itme	15:16
mordred	actually, I Should just send in that pr right now, regardless of whether the thing works at the end of the day	15:16
mordred	yup	15:16
mordred	mnaser: and magnum DOES set the right values for the kubelet - so that part is great	15:16
mnaser	sounds good, but yeah im for having that defauklt	15:17
mnaser	default	15:17
openstackgerrit	Bharat Kunwar proposed openstack/magnum stable/queens: functional: retrieve cluster to get stack_id https://review.openstack.org/624732	15:17
*** lpetrut has quit IRC		15:22
*** zufar has quit IRC		15:23
jonaspaulo	any help m8s?	15:28
*** ricolin has joined #openstack-containers		15:30
*** zufar has joined #openstack-containers		15:35
zufar	Hi all, i want to install magnum into my openstack, are cinder is required?	15:35
mordred	mnaser: https://github.com/rook/rook/pull/2374 fwiw	15:41
*** salmankhan has quit IRC		15:42
*** ricolin has quit IRC		15:42
*** ricolin has joined #openstack-containers		15:43
jonaspaulo	zufar: i dont think so	15:48
*** lpetrut has joined #openstack-containers		15:48
jonaspaulo	but i am in the process of trying to make it work so.. lol	15:49
zufar	jonaspaulo: Hi thank you, do you have any example magnum configuration files? I want to create the ansible playbook and i need some example for magnum configuration files. its hard to read from official example.	15:51
jonaspaulo	i am using kolla-ansible to deploy it automatically	15:53
strigazi	mordred: mnaser either you need this patch https://github.com/openstack/magnum/commit/1b0fbc207484f4059b96446e1a270730454a49be OR	15:55
strigazi	mordred: mnaser template create --labels kubelet-options="--volume-plugin-dir=/var/lib/kubelet/volumeplugins"	15:56
*** lpetrut has quit IRC		15:56
zufar	jonaspaulo: yes, but i need to create custom ansible script for my client haha	15:57
strigazi	mordred: mnaser template create --labels kubelet_options="--volume-plugin-dir=/var/lib/kubelet/volumeplugins" with _ not -	16:01
jonaspaulo	hm ok :/	16:03
*** ykarel is now known as ykarel\|away		16:10
*** ykarel\|away has quit IRC		16:19
*** udesale has quit IRC		16:19
*** ttsiouts has quit IRC		16:29
*** ttsiouts has joined #openstack-containers		16:30
*** ttsiouts has quit IRC		16:30
*** ttsiouts has joined #openstack-containers		16:31
jonaspaulo	gotta go	16:49
jonaspaulo	thanks anyway	16:49
*** itlinux has joined #openstack-containers		16:53
*** ricolin has quit IRC		16:53
mordred	strigazi: yah - we've got that - kubelet is runnign with --volume-plugin-dir=/var/lib/kubelet/volumeplugins	16:54
strigazi	mordred: /var/lib/kubelet is also rshared	16:54
strigazi	mordred: Maybe rook should mount smth with rshared	16:55
strigazi	so that changes propagate	16:55
mordred	strigazi: so - we're seeing the cephfs mounted in the kubelet container in what looks to be pod-specific storage location:	16:56
mordred	$ sudo runc exec -t kubelet mount \| grep image-store	16:56
mordred	10.254.14.93:6790,10.254.11.181:6790,10.254.18.2:6790:/ on /var/lib/kubelet/pods/7db0357a-fda0-11e8-aeef-fa163eb20d90/volumes/ceph.rook.io~rook/image-store type ceph (rw,relatime,name=admin,secret=<hidden>,acl,mds_namespace=myfs,wsize=16777216)	16:56
mordred	strigazi: and if I write a file to the theoretical mount location in the registry pod, the file shows up in that directory if I look at it on the minion - but each registry pod's files only show up in the mount-point directory on their own minion	16:57
mordred	strigazi: so it's like the directory in the kubelet container is mapped into the pod's container - but it's not actually the cephfs even though mount shows type cephfs on that directory	16:58
mordred	strigazi: does that make any sense? :)	17:00
*** jonaspaulo has quit IRC		17:02
*** ykarel has joined #openstack-containers		17:03
mordred	strigazi: I just plopped some more debugging in to https://github.com/rook/rook/issues/2371 in case it's clearer in that context	17:03
strigazi	mordred: reading	17:03
strigazi	mordred: these are the rook pods or pods mounting cephfs volumes?	17:06
mordred	strigazi: these are the pods mounting the cephfs volumes	17:07
mordred	strigazi: basically, from https://rook.io/docs/rook/v0.9/ceph-filesystem.html the "Consume the Shared File System: K8s Registry Sample" section	17:07
mordred	(we figured we'd start with the example consumption as we'd figure that should work :) )	17:08
mordred	strigazi: the ceph cluster and cephfs are created as per https://rook.io/docs/rook/v0.9/ceph-quickstart.html and https://rook.io/docs/rook/v0.9/ceph-filesystem.html - with the only real change in teh k8s templates being to set FLEXVOLUME_DIR_PATH	17:10
strigazi	oh, the registry pod tries to consume cephfs in the same cluster	17:12
mordred	yeah	17:13
mordred	so - I think I just saw something ...	17:13
mordred	on the minion, /var/lib/kubelet/pods/7db0357a-fda0-11e8-aeef-fa163eb20d90/volumes/ceph.rook.io~rook/image-store exists and the file I wrote to /var/lib/registry inside of the registry pod shows up there	17:14
mordred	but on the minion (outside of the kubelet container) that directory is not a ceph mount	17:15
strigazi	mordred: I'll save the link and ask my colleagues in the ceph team. I think they evalueted running rook in magnum clusters but only serving cephfs outside the cluster running rook	17:15
mordred	so basically this is just me being VERY verbosely back to the original thing - which is the mount of cephfs happened in the kubelet container and didn't propogate back out to the host	17:17
strigazi	maybe you need:	17:17
mordred	and so while there is a cephfs properly mounted on the correct dir IN the kubelet container, it's the dir on the host that is getting mounted in the pod	17:17
strigazi	--feature-gates=MountPropagation=true	17:17
mordred	ooh. for kubelet?	17:17
strigazi	yes	17:17
mordred	lemme try. putting that in /etc/kubernetes/kubelet and then restarting the kubelet should pick that up right?	17:18
strigazi	yes	17:19
mordred	in fact, from the kubelet systemctl status right now:	17:19
mordred	Dec 11 23:56:19 opendev-tbu64tqms7nw-minion-2.vexxhost.local runc[1673]: serviceaccount SubPath: MountPropagation:<nil>}	17:19
strigazi	after using the feature gate?	17:20
mordred	that was before	17:21
mordred	so now trying after having restarted kubelet with that gate	17:21
strigazi	mordred: any luck?	17:25
mordred	strigazi: not sure yet - I've got to do some manual cleanup first - things get weird when k8s thinks it mounted something but didn't when it tries to delete that thing :)	17:27
mordred	strigazi: k. that didn't seem to help	17:32
mordred	still have cephfs mounted on the pod volume dir in the kubelet dir but not on the corresponding dir on the host	17:32
*** ttsiouts has quit IRC		17:33
*** ttsiouts has joined #openstack-containers		17:34
zufar	Hi, when try to use command `openstack coe service list` i get this error	17:34
zufar	magnum-api[22822]: 2018-12-13 00:29:17.326 23411 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Unable to establish connection to https://127.0.0.1:35357: HTTPSConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url: / (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f601cf4bc10>: Failed to establish a new connection: [Errno 111]	17:34
zufar	ECONNREFUSED',)): ConnectFailure: Unable to establish connection to https://127.0.0.1:35357: HTTPSConnectionPool(host='127.0.0.1', port=35357): Max retries exceeded with url: / (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f601cf4bc10>: Failed to establish a new connection: [Errno 111] ECONNREFUSED',))	17:34
zufar	i think this problem is in my magnum.conf, because I am creating from scratch the configuration. my magnum configuration : http://paste.opensuse.org/51987182	17:36
strigazi	mordred Ι can't think of anything else, I can give it a try tmr, maybe I miss smth. /var/lib/registry shouldn't be changed in the host anyway	17:37
strigazi	zufar: looks like your "vip" is localhost?	17:38
*** ttsiouts has quit IRC		17:38
* strigazi is leaving		17:38
mordred	strigazi: cool. I wrote a quick followup comment on that gh issue - just to clarify	17:38
*** ianychoi has joined #openstack-containers		17:38
zufar	strigazi: no, my vip is generated well in all section	17:41
zufar	thank you, I am missing [keystone_authtoken] section to write	17:46
*** mgoddard has joined #openstack-containers		18:25
*** robertomls has joined #openstack-containers		18:48
*** hongbin has joined #openstack-containers		18:56
*** ykarel has quit IRC		19:10
*** salmankhan has joined #openstack-containers		19:20
*** itlinux_ has joined #openstack-containers		20:14
*** itlinux has quit IRC		20:15
*** salmankhan has quit IRC		20:18
*** salmankhan has joined #openstack-containers		20:31
*** PagliaccisCloud has quit IRC		20:42
openstackgerrit	Lingxian Kong proposed openstack/magnum master: Delete Octavia loadbalancers for fedora atomic k8s driver https://review.openstack.org/497144	20:56
*** rcernin has joined #openstack-containers		21:06
*** jmlowe has quit IRC		21:10
*** jmlowe has joined #openstack-containers		21:11
*** jmlowe has quit IRC		21:13
*** jmlowe has joined #openstack-containers		21:14
*** PagliaccisCloud has joined #openstack-containers		21:24
lxkong	mnaser: are you around?	21:31
lxkong	mnaser: i've tested your patch https://review.openstack.org/#/c/623724, it failed in `configure-etcd` step	21:32
lxkong	mnaser: because the heat-container-agent can not access the file system, e.g. `ls /dev/disk/by-id`	21:32
*** robertomls has quit IRC		21:40
*** lpetrut has joined #openstack-containers		21:44
*** itlinux_ has quit IRC		22:00
*** itlinux has joined #openstack-containers		22:00
*** salmankhan has quit IRC		22:03
*** PagliaccisCloud has quit IRC		22:20
*** mnasiadka_ has joined #openstack-containers		22:23
*** mnasiadka has quit IRC		22:29
*** andreykurilin has quit IRC		22:29
*** logan- has quit IRC		22:29
*** mnasiadka_ is now known as mnasiadka		22:29
*** logan- has joined #openstack-containers		22:31
*** lpetrut has quit IRC		22:32
*** itlinux has quit IRC		22:35
*** dave-mccowan has quit IRC		23:19

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!