Tuesday, 2019-03-12

« Monday, 2019-03-11 Index Wednesday, 2019-03-13 »
*** dave-mccowan has joined #openstack-containers00:54
*** ricolin has joined #openstack-containers01:22
*** itlinux has joined #openstack-containers01:25
*** itlinux has quit IRC01:51
*** hongbin has joined #openstack-containers01:53
*** openstackstatus has quit IRC02:22
*** openstack has joined #openstack-containers02:24
*** ChanServ sets mode: +o openstack02:24
*** hongbin has quit IRC03:33
*** ykarel|away has joined #openstack-containers03:39
*** ykarel|away is now known as ykarel03:39
*** dave-mccowan has quit IRC03:40
*** udesale has joined #openstack-containers03:49
*** ramishra has joined #openstack-containers04:02
*** mordred has quit IRC04:14
*** mordred has joined #openstack-containers04:21
*** jmorgan1 has quit IRC04:31
*** jmorgan1 has joined #openstack-containers04:32
jakeyipsorry was away. Saw the patch, thanks lxkong! I really like removing FIP from minions.04:35
*** mordred has quit IRC04:37
*** janki has joined #openstack-containers04:38
*** udesale has quit IRC04:45
*** mordred has joined #openstack-containers04:45
*** udesale has joined #openstack-containers04:46
jakeyiphttps://review.openstack.org/#/c/606646/ this got pinged on the mailing list, not sure what the cores want to do with it?04:56
*** sapd1 has joined #openstack-containers05:24
*** jmorgan1 has quit IRC05:31
*** jmorgan1 has joined #openstack-containers05:31
*** ykarel is now known as ykarel|afk05:40
openstackgerritLingxian Kong proposed openstack/magnum master: [WIP] Improve floating IP allocation  https://review.openstack.org/64154705:50
lxkongjakeyip: the patch has been updated according to the discussion this morning, the main difference with the previous patshset is that a new label is introduced. Please take a look at the patch if you're interested. Thanks05:52
*** ykarel|afk is now known as ykarel06:01
*** yankcrime has quit IRC06:07
*** mgoddard has quit IRC06:07
*** HD|Laptop has quit IRC06:07
*** irclogbot_0 has quit IRC06:09
*** irclogbot_0 has joined #openstack-containers06:10
*** ivve has joined #openstack-containers07:23
*** pcaruana has joined #openstack-containers07:39
*** pcaruana has quit IRC07:43
*** pcaruana has joined #openstack-containers07:43
*** ykarel is now known as ykarel|lunch07:52
*** threestrands_ has quit IRC08:11
*** ykarel|lunch is now known as ykarel08:20
*** jaewook_oh has joined #openstack-containers08:20
*** alisanhaji has joined #openstack-containers08:32
*** mgoddard has joined #openstack-containers08:43
*** sapd1 has quit IRC08:47
*** flwang1 has joined #openstack-containers08:47
*** ttsiouts has joined #openstack-containers08:49
*** gsimondon has joined #openstack-containers08:53
*** yankcrime has joined #openstack-containers08:55
*** gsimondon has quit IRC08:58
*** gsimondon has joined #openstack-containers08:58
*** ttsiouts has quit IRC09:04
*** ttsiouts has joined #openstack-containers09:05
*** mkuf has joined #openstack-containers09:15
openstackgerritLingxian Kong proposed openstack/magnum master: [WIP] Improve floating IP allocation  https://review.openstack.org/64154709:50
alisanhajiHi people of the world, I have a question about Ironic support with Magnum. Is it stable or is it still not fully supported as said in the doc? Thanks10:17
*** lpetrut has joined #openstack-containers10:33
*** ykarel is now known as ykarel|lunch10:40
*** ykarel|lunch is now known as ykarel11:07
*** ricolin_ has joined #openstack-containers11:20
*** ricolin has quit IRC11:23
*** dave-mccowan has joined #openstack-containers11:24
*** jaewook_oh has quit IRC11:35
*** ttsiouts has quit IRC11:45
*** ttsiouts has joined #openstack-containers11:45
*** mkuf has quit IRC11:45
*** ricolin__ has joined #openstack-containers11:49
*** ttsiouts has quit IRC11:50
*** ricolin_ has quit IRC11:51
*** ricolin__ has quit IRC11:58
*** ttsiouts has joined #openstack-containers12:09
*** mkuf has joined #openstack-containers12:17
*** udesale has quit IRC12:50
*** udesale has joined #openstack-containers12:51
*** janki has quit IRC12:59
*** janki has joined #openstack-containers12:59
*** mkuf_ has joined #openstack-containers13:01
*** mkuf has quit IRC13:01
*** FlorianFa has quit IRC13:03
*** sapd1 has joined #openstack-containers13:03
*** ricolin has joined #openstack-containers13:08
*** alisanhaji has quit IRC13:19
*** dave-mccowan has quit IRC13:22
*** alisanhaji has joined #openstack-containers13:32
*** dave-mccowan has joined #openstack-containers13:33
*** mkuf has joined #openstack-containers13:42
*** mkuf_ has quit IRC13:46
*** openstack has joined #openstack-containers15:39
*** ChanServ sets mode: +o openstack15:39
*** jchhatbar has quit IRC15:47
*** ttsiouts has joined #openstack-containers15:48
*** gsimondon has quit IRC15:52
*** sapd1 has quit IRC15:53
*** sapd1 has joined #openstack-containers16:01
*** ivve has quit IRC16:07
*** sapd1 has quit IRC16:08
*** ttsiouts has quit IRC16:14
*** ttsiouts has joined #openstack-containers16:14
flwang1strigazi: any luck you're around? i'd like to get comments about add default keystone auth policy16:25
*** udesale has quit IRC16:37
*** alisanhaji has quit IRC16:40
*** ricolin has joined #openstack-containers16:44
*** ricolin_ has joined #openstack-containers16:46
*** ricolin has quit IRC16:49
*** ttsiouts has quit IRC17:01
*** ttsiouts has joined #openstack-containers17:01
*** ttsiouts has quit IRC17:06
*** eandersson_ has joined #openstack-containers17:07
*** ricolin_ has quit IRC17:32
*** ivve has joined #openstack-containers17:52
*** henriqueof has joined #openstack-containers17:57
*** flwang1 has quit IRC18:33
*** mrodriguez has joined #openstack-containers18:36
*** pcaruana has quit IRC18:39
*** ttsiouts has joined #openstack-containers19:29
openstackgerritSpyros Trigazis proposed openstack/magnum master: ci: Disable functional tests  https://review.openstack.org/64287219:42
openstackgerritSpyros Trigazis proposed openstack/magnum master: Revert "ci: Disable functional tests"  https://review.openstack.org/64287319:42
eandersson_strigazi, flwang https://review.openstack.org/#/c/637267/19:52
eandersson_Lets get this patch moving as well19:52
*** alisanhaji has joined #openstack-containers19:54
flwangstrigazi: still around?20:00
strigaziflwang: we have a meeting in 57' right?20:04
flwangstrigazi: yes20:04
eandersson_Isn't the meeting now?20:04
flwangstrigazi: i don't quite understand  https://review.openstack.org/64287320:04
eandersson_Did the timezone only change in the US? :'(20:04
strigazieandersson_: the meeting is at 2100 UTC20:04
flwangwhy do you propose it now?20:05
eandersson_I will unfortunately miss the meeting then.20:05
eandersson_My meeting invite is not set to account for the timezone difference. :'(20:05
strigazihttps://review.openstack.org/642873 placeholder for when the CI is fixed20:06
eandersson_I'll ask one of my colleagues to attend.20:06
flwangstrigazi: ok, better add a comment or workflow -1 to avoid confusing the other reviewers?20:07
strigazidone20:08
flwangstrigazi: cheers20:08
*** imdigitaljim has joined #openstack-containers20:09
flwangstrigazi: i'm going to add a default(out-of-box) policy for keystone auth, just like GKE, will create k8s-admin, k8s-developer, k8s-viewer in devstack, and a new config option to point to the default rules, so that any user can play this nice feature out of box20:10
strigaziyou want to add extra roles in keystone?20:10
strigazinot sure if it is required20:11
flwangyep20:11
strigaziI think cluster roles and clusterrolebindings are enough, no?20:11
flwangno, it's different layer20:11
flwangi'm talking about the roles for k8s cluster users20:12
strigaziwhat are you going to add in the cluster?20:13
flwangnow there is no default policy rule for users though we're enabling the keystone auth by default20:13
flwangstrigazi: check if there is a given policy, if there is, using it instead of the default one at  https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/enable-keystone-auth.sh#L6820:14
flwangwith current policy, there is only authN, no authZ, user can't do anything for the cluster, but get the 403 error20:14
*** waverider has joined #openstack-containers20:15
strigaziIsn't easier for users to add roles in k8s instead of keystone?20:17
strigaziI mean, end users don't have access to keystone, that's why I'm saying it20:17
flwangfor keystone auth, user has to use role in keystone instead of k8s20:17
strigaziyes, for keystone authz20:18
flwangright, so i'd like to support those roles in devstack, so that the devstack user can play the full feature after installation without any extra step20:19
strigaziThe only difficult part is that the OpenStack admins set the roles in keystone while in kubernetes the cluser owner20:19
strigaziWe can add them in keystone in devstack20:19
flwangstrigazi: and this can resolve the vendor specific policy requirement20:20
flwangwe had discussion when i proposed the keystone auth patch, with current implement, as a vendor, they can't use the default policy (in magnum code), they have to ask the k8s user to create the configmap20:21
strigazipush a patch. IMO, less keystone, more k8s is better ;)20:22
strigaziI thought we both had simple keystone configs20:23
*** dave-mccowan has quit IRC20:24
strigaziin our cloud, who manages kubernetes?20:25
strigazithe user or the cloud ops?20:25
flwangin our cloud === do you mean in catalyst cloud?20:26
strigaziyes20:26
flwangcloud ops, we're using the patten like GKE20:26
strigaziahh ok20:26
flwangyou know, in GKE, almost everything of the cluster is managed by Google20:27
flwanguser just use it20:27
flwangthe cluster is auto scaled, auto repaired, auto billed :D20:27
strigaziauto scaled, auto repaired, auto billed, can also be owned by the user20:28
strigazigo for it20:28
flwangyep, i know, it's just a different service delivery model20:29
flwangand I'm confident Magnum can deal with both of them20:29
flwangstrigazi: thanks for the support20:29
flwangstrigazi: as for the PR in CA, anything else we can do to push the CA community to merge it?20:30
flwangi tried to @ some reviewers, but no response20:32
strigaziI don't know. I'll tests again and leave a lgtm tmr.20:32
*** schaney has joined #openstack-containers20:33
flwangstrigazi: would you mind me involving some sig-openstack leaders to ask them add comments like "they're happy to support the magnum/heat team's desgin"? do you think it's useful?20:34
strigaziit would really help20:34
strigaziif they agree :)20:35
strigaziwho is leading {sig,k8s,openstack}?20:35
flwanglet's figure out, i will let you know20:36
strigazithanks20:39
*** waverider has quit IRC20:44
*** hongbin has joined #openstack-containers20:52
strigazi#startmeeting containers21:01
openstackMeeting started Tue Mar 12 21:01:21 2019 UTC and is due to finish in 60 minutes.  The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot.21:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:01
*** openstack changes topic to " (Meeting topic: containers)"21:01
openstackThe meeting name has been set to 'containers'21:01
strigazi#topic Roll Call21:01
*** openstack changes topic to "Roll Call (Meeting topic: containers)"21:01
strigazio/21:01
imdigitaljimo/21:01
alisanhajiHi21:01
jakeyipo/21:02
strigazihello alisanhaji imdigitaljim21:02
strigazihi jakeyip21:02
jakeyiphi strigazi21:02
ttsioutso/21:02
alisanhajiI would like to talk about some evolutions to magnum, is their a slot for that during the meetings?21:02
strigazialisanhaji: sure, I'll ping you21:03
alisanhajistrigazi: great thanks!21:03
strigaziflwang: ?21:03
strigazi#topic Stories/Tasks21:04
*** openstack changes topic to "Stories/Tasks (Meeting topic: containers)"21:04
strigazi1. ttsiouts pushed a series of patches for nodegroupds21:05
strigazihttps://review.openstack.org/#/q/status:open+project:openstack/magnum+branch:master+topic:magnum_nodegroups21:05
strigaziPlease have a look, mostly the ones that don't say WIP21:05
strigazibrtknr: ^^21:05
strigaziI reviewed them in person but I'll leave comments in gerrit too. We need input from others too21:06
strigaziAny questions comments?21:06
strigaziabout nodegroups21:07
ttsioutsstrigazi: I'll try to push some more things by the end of the week21:07
jakeyipstrigazi: I'm trying to find a story describing this... are you able to point me to one?21:07
ttsioutsmostly regarding driver21:08
strigazijakeyip: https://github.com/openstack/magnum-specs/blob/master/specs/stein/magnum-nodegroups.rst21:08
jakeyipthanks!21:08
strigazijakeyip: official source http://git.openstack.org/cgit/openstack/magnum-specs/tree/specs/stein/magnum-nodegroups.rst21:09
strigazifor some reason I can't find it in http://specs.openstack.org/openstack/magnum-specs/21:09
strigazittsiouts: thanks21:09
strigazittsiouts: we might need to update some details in the spec? like min node-count?21:10
ttsioutsstrigazi: sure21:10
flwangsorry, i was in a short meeting21:10
jakeyipI see highly available magnum clusters in the text. our users wants to be able to create a cluster with workers in different AZ, does this work allow us to achieve that?21:10
strigaziyes, that is the main use case21:11
jakeyipthat's great!21:11
strigazidifferent AZ and gpu vs 'plain' vm are the most wanted for us too21:12
strigaziany other question about NGs?21:13
jakeyipthanks for the work ttsiouts, strigazi, much appreciated21:13
strigazittsiouts++21:14
strigazinext,21:14
strigazi2. Support <ClusterID>/actions/resize API https://review.openstack.org/#/c/638572/21:14
strigaziI had a look and it works just fine. The only part we miss is the allow resize on update failed.21:14
strigaziif you can have a look in the patch, it would be great.21:15
flwangstrigazi: does the resize for cluster in update_in_progress work for you ?21:15
strigaziflwang:  right, that too :)21:15
flwangstrigazi: i will propose a new patch set, thanks21:16
strigaziflwang: no, didn't work, he request goes in but doesn't do anything. (that was 24h hours ago)21:16
flwangstrigazi: ok, i will test it again to figure it out21:16
flwangand i will leave a comment on the patch21:17
strigaziflwang: you will also have a look in resize on UPDATE_FAILED?21:17
strigaziwe also need a client patch21:17
flwangstrigazi: sure, i will21:18
flwangi will propose a patch for actions today21:18
flwangor this week at least21:18
strigazittsiouts: flwang, we will use resize for NGs? What do you think? I think it makes sense.21:19
ttsioutsyeah.. I think it does...21:20
flwangstrigazi: that's on my to-do list, i will add a  todo comments in resize patch, i have already put a node group param there for placeholder21:20
flwangwe just need to make sure the API is what we want and we can support NG as long as it's landed21:21
ttsioutsflwang: I will also try to review21:21
flwangttsiouts: it will be great, thanks21:21
strigazicool21:22
strigazi3. (WIP) Add cluster upgrade to the API https://review.openstack.org/#/c/514959/21:23
strigaziI tested it with the new PS, looks good, I'm using it for the driver implementation, thanks flwang21:24
flwangstrigazi: cool21:24
flwangteam, please help review the upgrade api  https://review.openstack.org/#/c/514959/21:25
flwangthat's one of most important feature we'd like to get it in Stein21:25
strigaziany comments/questions about it?21:26
flwangthe only tiny issue now is if user is using the default/built-in tag/version in heat template,  we can't get it to raise 400 error if user is doing downgrade accidentally21:27
flwangbut personally i think it's OK at this stage21:27
strigazi+121:27
flwangbecause generally the template is proposed by cloud admin and they will be very careful for new template publishing21:28
jakeyip(what do I, as a cloud admin, have to be careful about) ?21:28
strigaziIf we find a way to separate labels that are for tags and labels that are switches, to enable/disable features we are good21:29
strigazijakeyip: version compatibility21:29
strigazijakeyip: not make big jumps that will have big diff between cluster tempaltes21:29
flwangstrigazi: you just reminder me a feature, we should support enable an addon after cluster created21:30
flwangstrigazi: we should re define our label name convention21:31
flwangusing consistent pattern, which can help mitigate the issue you mentioned above21:32
jakeyipI'm looking at the story at https://storyboard.openstack.org/#!/story/2002210 but I'm getting a "Not Found" for the gerrit topic links e.g. https://review.openstack.org/#q,topic:bp/cluster-upgrades,n,z is it just me?21:32
strigazinot difficult to do, with the upgrade patch it shoudl be doable.21:32
strigazihttps://storyboard.openstack.org/#!/story/200221021:32
strigazihttps://review.openstack.org/#/q/topic:cluster-upgrades+(status:open+OR+status:merged)21:33
strigaziany more comments?21:36
flwanglet's move to next one21:38
jakeyipI'm ok for now, still have lots of questions about the different edge cases but I'll wait for it to land first21:38
strigaziflwang: do you have something?21:38
flwangstrigazi: a little bit.   1. I'm running for the Train cycle PTL21:39
strigaziflwang++21:39
flwangthank you for the support :D and i do need your support for the following release21:40
strigazino problem21:41
flwang2. Stein will be released soon https://releases.openstack.org/stein/schedule.html21:41
flwangnext week is RC1, we should be quick to get things done with good quality which is a challenge21:41
flwangsince we still have quite a lot on the table21:41
strigaziack21:42
flwang3. Fedora CoreOS21:43
flwanginstead of upgrading to Fedora Atomic 29, we probably should go for Fedora CoreOS 2921:43
flwangstrigazi: thoughts?21:43
flwangor do both for a while21:43
flwangstrigazi: for Fedora CoreOS 29, do you think we need to change a lot if we copy the code from fedora-atomic driver?21:44
strigaziwe should stick to one21:44
strigazinow that the heat agent does a lot of things, it should be doable21:45
strigaziwe just need to move some things to ignition21:45
flwangcool21:45
strigazinot sure with a timeline of one week, maybe two or three21:45
jakeyipI thought they are only merging in Fedora CoreOS 30? is there a fedora coreos 29 image already?21:45
strigazi29 is bera21:45
strigazi29 is beta21:46
strigazihttps://ci.centos.org/artifacts/fedora-coreos/prod/builds/latest/21:46
jakeyipI see. that's a good image for testing :)21:47
flwangthat's all from me21:47
strigaziyeap, if you want to give feedback this is the place or #fedora-coreos21:48
strigazihttps://github.com/coreos/fedora-coreos-tracker/21:48
jakeyipanyone testing that out yet?21:48
strigaziI booted a couple of vms, but not much, didn't have time21:49
jakeyipwe have users asking for coreos support, current answer is wait for fedora coreos 3021:49
strigazia few months left21:49
strigazisince we are running out of time21:50
strigazialisanhaji: you wanted to bring smth up?21:50
alisanhajiyes21:51
alisanhajiI am interested in having Kuryr-kubernetes supported with Magnum21:51
alisanhajias a first step to gettting the clusters deployed by magnum communicating with the OpenStack that created them21:52
strigazithat is working already21:52
alisanhajithe goal is to have containers and VMs communicating in the same networks21:52
alisanhajiis kuryr a network driver already? I only see calico and flannel21:53
strigazialisanhaji: does kuryr require trunk ports?21:53
strigazino it is only calico and flannel at the moment21:53
alisanhajiyes when using VMs, but you can also run kuryr without trunk ports21:54
alisanhajibut it requires a neutron-agent in the k8s node21:54
strigazialisanhaji: do you want to propose a patch?21:54
alisanhajiI was wondering if I needed to submit a blueprint or RFE in launchpad21:55
strigazialisanhaji: https://storyboard.openstack.org/#!/project/openstack/magnum21:55
flwangalisanhaji: storyboard21:55
strigaziif the patch look like this https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/calico-service.sh it should be easy21:55
alisanhajiThanks, I will see how kuryr can be deployed like this21:56
alisanhajiare trunk ports a problem with magnum?21:57
strigaziit might be complicated, it would better if it can work without21:57
flwangusing trunk ports may need more change for code and heat template, which is complicated and we'd like to avoid21:58
alisanhajiI see, in this case a neutron-agent should be installed to the k8s nodes, and talk to neutron-server21:58
alisanhajiah ok21:58
strigazialisanhaji: agent in the nodes works better for magnum21:58
strigazianything else? time is up?21:59
alisanhajiOk, thanks! And what about having OVN as a network driver, I am thinking about integrating it too to Magnum21:59
flwangalisanhaji: feel free to propose a story and spec22:00
flwangwe can start to discuss from there22:00
alisanhajiflwang great:22:00
alisanhaji!22:00
strigazialisanhaji: go for it, the network drivers are pretty well encapsulated22:00
strigaziCNI is great22:01
*** rcernin has joined #openstack-containers22:01
alisanhajiyes it is, thanks strigazi and flwang22:01
strigazithanks for joining the meeting everyone!22:02
jakeyipthanks strigazi, flwang!22:02
strigazisee you around22:02
strigazijakeyip: cheers22:02
flwangstrigazi: thank you22:02
strigazi#endmeeting22:02
*** openstack changes topic to "OpenStack Containers Team"22:02
openstackMeeting ended Tue Mar 12 22:02:46 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)22:02
openstackMinutes:        http://eavesdrop.openstack.org/meetings/containers/2019/containers.2019-03-12-21.01.html22:02
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/containers/2019/containers.2019-03-12-21.01.txt22:02
openstackLog:            http://eavesdrop.openstack.org/meetings/containers/2019/containers.2019-03-12-21.01.log.html22:02
flwangstrigazi: do you have a few mins? just wander if you have a new patchset for upgrade i can test22:03
flwangand is there anything you think i should improve the upgrade api22:03
strigaziI think the API is good, only the issue with the labels could be improved22:04
openstackgerritMerged openstack/magnum master: [fedora-atomic-k8s] Adding Node Problem Detector  https://review.openstack.org/64190222:05
jakeyipspeaking of testing, anyone have tricks to test faster? I was testing cluster templates and each change round trip time is 20mins. *yawn*22:05
flwangjakeyip: depends on what you're testing22:06
strigazithe patch of upgrade in the dirver it is not complete , I want to have it working with the API not with heat22:06
strigazijakeyip: do not pull from dockerhub22:06
jakeyipdo you have your local registry?22:06
strigazifor me it takes 5 mins cluster creation22:06
strigaziyeap22:07
flwangstrigazi: what do you mean 'working with API not with heat'?22:07
strigaziI do calls from the heat api to the stuck to verify what it dows22:07
strigaziI do calls from the heat api to the stuck to verify what it does22:07
jakeyipcool. something I want to set up anyway.22:07
strigaziI do calls from the heat api to the stack to verify what it does22:07
strigazijakeyip: see the gitlab-ci job, you can do something similar https://gitlab.cern.ch/strigazi/containers22:08
flwangstrigazi: ok, i see.22:08
flwangstrigazi: pls feel free upload new patch set so that i can be on the same page and review it along with your work22:09
flwangstrigazi: it will be appreciated22:09
strigazisure22:09
flwangstrigazi: cheers22:09
strigaziI haven't sleep last week, I'll leave you guys22:10
strigazisee you22:10
jakeyipthanks strigazi!22:11
flwangstrigazi: thank you, see you22:13
*** hongbin has quit IRC22:32
openstackgerritLingxian Kong proposed openstack/magnum master: Improve floating IP allocation  https://review.openstack.org/64154722:43
*** ivve has quit IRC22:44
*** ttsiouts has quit IRC22:45
*** ttsiouts has joined #openstack-containers22:46
openstackgerritLingxian Kong proposed openstack/magnum master: Improve floating IP allocation  https://review.openstack.org/64154722:46
*** ianychoi_ is now known as ianychoi22:47
*** ttsiouts has quit IRC22:50
*** mrodriguez has quit IRC23:09
*** alisanhaji has quit IRC23:15
*** itlinux has joined #openstack-containers23:37
« Monday, 2019-03-11 Index Wednesday, 2019-03-13 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!