Wednesday, 2020-07-22

« Tuesday, 2020-07-21 Index Thursday, 2020-07-23 »
*** k_mouza has joined #openstack-containers01:12
*** k_mouza has quit IRC01:16
*** LuckyClover has joined #openstack-containers01:56
*** ricolin has joined #openstack-containers02:01
LuckyCloverhas anyone had issues with swift where when a cluster is created and you include registry that it fails02:19
flwangLuckyClover: what's the error you got?02:34
flwangLuckyClover: we're not using this feature on our production yet, but it's a quite simple config. so shouldn't be hard to fix if there is any issue02:35
LuckyCloverso the cluster creation fails02:38
LuckyCloverif we manually do it from cli02:38
LuckyCloverpanic: Swift authentication failed: Operation forbidden02:38
LuckyCloverWhen we try to use CURL to test the credentials on the cli to the swift API, it gets:02:39
LuckyClovertx000000000000000053f58-005f1704ac-dcba8-default Accept-Ranges: bytes Content-Type: text/plain; charset=utf-8 Date: Tue, 21 Jul02:39
LuckyClovertried adding swiftoperator to the account and it still doesnt work02:39
LuckyCloverWe are using Ceph RadiosGW in our setup as Ceph is acting as both our block and object storage.02:40
*** sapd1 has joined #openstack-containers02:41
flwangLuckyClover: right. I see.02:45
flwangis the cluster creation working without enabling the container registry?02:45
flwangand what's the magnum version you're using?02:46
LuckyCloverYes it is02:47
LuckyCloverwhats the best way I can check magnum version number?02:48
LuckyCloveri feel like I do it wrong every time I try to look for versions02:48
*** dave-mccowan has quit IRC02:51
flwanghow did you install it?02:55
LuckyCloveransible02:56
*** LuckyClover has quit IRC03:49
*** ykarel has joined #openstack-containers04:30
*** udesale has joined #openstack-containers05:27
*** sapd1 has quit IRC05:32
*** tobias-urdin|pto has quit IRC05:39
*** sapd1 has joined #openstack-containers05:54
*** vishalmanchanda has joined #openstack-containers05:55
*** ykarel_ has joined #openstack-containers05:59
*** ykarel has quit IRC06:02
*** nikparasyr has joined #openstack-containers06:31
*** ykarel_ is now known as ykarel06:38
*** born2bake has joined #openstack-containers07:04
*** sapd1 has quit IRC07:10
*** sapd1 has joined #openstack-containers07:13
*** rcernin has quit IRC07:32
*** flwang1 has joined #openstack-containers08:04
*** sapd1 has quit IRC08:13
*** sapd1 has joined #openstack-containers08:22
flwang1strigazi: brtknr: meeting in 8 mins?08:52
brtknrflwang1: sure08:56
flwang1brtknr: i don't have much topic for today, pls add yours on https://etherpad.opendev.org/p/magnum-weekly-meeting08:57
flwang1#startmeeting magnum09:00
openstackMeeting started Wed Jul 22 09:00:27 2020 UTC and is due to finish in 60 minutes.  The chair is flwang1. Information about MeetBot at http://wiki.debian.org/MeetBot.09:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.09:00
*** openstack changes topic to " (Meeting topic: magnum)"09:00
openstackThe meeting name has been set to 'magnum'09:00
flwang1#topic roll call09:00
*** openstack changes topic to "roll call (Meeting topic: magnum)"09:00
flwang1o/09:00
strigazio/09:00
brtknrO/09:00
flwang1strigazi: hey09:01
flwang1stranger09:01
strigazihello09:01
flwang1we do have some patches waiting another +2 from you09:01
openstackgerritBharat Kunwar proposed openstack/magnum stable/ussuri: [k8s] Use helm upgrade --install in deployment loop  https://review.opendev.org/74237409:01
flwang1brtknr: strigazi: do you have any topic you'd like to discuss today?09:02
strigaziflwang1: I know, I'll take care of them09:02
strigaziflwang1: I have one, and a half09:02
flwang1strigazi: brtknr: the only update from my side is i'm revisiting the /nodes API patch09:02
brtknrhi strigazi09:02
flwang1will submit patchset soon09:03
brtknrflwang1: sounds good09:03
flwang1strigazi: you first?09:03
strigaziok09:03
strigazi1. For hyperkube and 1.1909:03
flwang1oh, god09:04
strigaziFor after ussuri (current master)09:04
strigaziI think we will be safer if we move to deploying the binary, or add an option to deploy the binary.09:05
flwang1strigazi: i would try avoid that09:05
strigaziFor ussuri and older releases, we can do a build09:05
flwang1unless we have a good solution for upgrade09:05
strigaziflwang1: My argument is: With the binary we maintain nothing. With the build we chase kubernetes releases.09:06
flwang1we have broken the upgrade from v1.15 to v1.16, and I don't want to do that again09:06
strigaziflwang1: if we do both, we won't have something broken, isn't it?09:06
flwang1how to upgrade from container to binary?09:07
strigaziAlso, wait09:07
brtknrstrigazi: how does the binary get deployed?09:07
brtknrby build do you mean hyperkube build?09:08
flwang1stop container and replace with binary in upgrade_kubernetes.sh?09:08
strigaziIf we build our own image, people that don't use a mirror from both k8s.gcr.io and docker.io/openstackmagnum, they will be broken too09:08
strigaziBecause in upgrade.sh you need to switch registries09:08
flwang1they need to use openstackmagnum , just like for heat-container-agent09:09
strigaziyes, but upgrade.sh doesnt do that09:10
brtknrstrigazi: makes sense, your argument is that since we are changing the mode anyway, lets switch to binary to reduce maintenance overhead09:10
flwang1i don't like the idea of binary, we need more discussion about this09:10
flwang1brtknr: what do you mean 'changing the mode anyway'?09:11
*** rcernin has joined #openstack-containers09:11
strigazibrtknr means: k8s.gcr.io -> docker.io/openstackmagnum09:13
strigaziflwang1: I propose the following:09:13
flwang1if we go for binary, is there is a trust palace we can get the binary?09:13
strigaziyes, give me a sec09:14
strigaziYour concerns of breaking upgrade are very valid. But it will break no matter what we do because of upstream kubernetes. Do we agree on this?09:15
strigaziflwang1: ^^09:15
flwang1if we still use hyperkube, why it will break upgrade?09:15
strigaziLet me explain09:15
brtknryes09:15
strigaziin upgrade_kubernetes.sh we just bump the version of the image. The registry is unchanged. At CERN git have a mirror so we are not affected, but stock magnum will fetch hyperkube from k8s.gcr.io/hyperkube09:16
strigaziin upgrade_kubernetes.sh we just bump the version of the image. The registry is unchanged. At CERN we have a mirror of the registry so we are not affected, but stock magnum will fetch hyperkube from k8s.gcr.io/hyperkube09:17
flwang1stock magnum means?09:17
brtknrupstream magnum09:17
flwang1i believe any user use magnum on production will have a mirror09:18
strigazithe default code, with the default cluster creation parameters/labels09:18
flwang1that said, at least with hyperkube, it won't break prod level usage09:18
strigazisure, this is still an assumption even with high probability.09:19
strigaziSo what if we cover both cases?09:19
strigaziRegarding the safe place for the binary:09:19
strigazihttps://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#downloads-for-v118609:20
flwang1strigazi: we do need to support both for sure09:20
strigazihttps://dl.k8s.io/v1.18.6/kubernetes-client-darwin-amd64.tar.gz with a sha512sum09:20
flwang1okay09:20
strigaziwell not darwin, that would be crazy09:20
flwang1we(catalystcloud) got a lot of pain because of the breakage from v1.15 -> v1.1609:21
brtknrstrigazi: would we use a container to deploy the binaries?09:21
flwang1you mean crazy to support both?09:21
strigaziit was a joke, we use amd64 and a few cases arm AFAIK09:21
flwang1ah, you mean macos09:22
flwang1sorry, i misunderstood09:22
strigazibrtknr: like containerd's logic09:22
strigaziWe fetch the binary, we write the systemd unit. zero things to maintain09:23
brtknrstrigazi: makes sense09:23
strigaziwell apart from magnum's code09:23
strigaziI work on this, this week09:24
brtknrstrigazi: i think it would be diligent to ensure that there is a good upgrade path09:24
flwang1strigazi: i can help for the upgrade part09:24
strigazibrtknr: we can create an upgrade path for switching to the binary. I don't know if we can do it with the magnum api. We can try09:25
strigaziflwang1: brtknr: Regarding supporting high profile users09:26
strigaziI guess catalyst have some important client09:26
strigaziwe have some experiments09:26
flwang1we do have some customers running clusters created 1year ago :(09:27
flwang1though we tried to push them upgrade09:27
strigaziAt CERN we dedicate time directly on them, we can't have a generic solution that works for those case and dev clusetrs09:27
flwang1strigazi: i appreciate your understanding09:28
strigaziAlso, we spend some time on serviceType LoadBalancer to create a path for moving to new cluster09:28
strigaziwith this https://github.com/kubernetes/cloud-provider-openstack/pull/111809:29
flwang1migrate a lb from cluster A to cluster B?09:30
strigaziAnyway, we move to solution to do both, hyperkube and binary. People with mirrors will have a transparent upgrade09:30
brtknrstrigazi: i like the pool09:30
strigaziflwang1 no09:30
strigaziflwang1: one LB09:30
strigaziflwang1: one unmanaged LB09:30
strigaziflwang1: add members of both cluster to the LB09:30
strigazigradually remove members and eventually delete the old cluster (or delete in one go when thet new cluster is added to the LB)09:31
flwang1strigazi: ok, i will read it later09:31
strigazimove on?09:33
flwang1strigazi: sure09:33
flwang1i'm keen to review your patch09:33
flwang1what's your half one?09:33
strigazimaster resize, I work on  dropping the discovery url09:34
strigazithe other half if supporting it in the API09:34
flwang1support resizing master on api?09:35
strigaziyes09:35
strigaziwill you do it?09:35
flwang1i can do it09:35
*** rcernin has quit IRC09:35
strigazithat's it09:36
flwang1as long as you submit the code, i can start a following patch to start on the api part09:36
strigaziok09:37
brtknrLooks like this just got merged: https://github.com/kubernetes/autoscaler/pull/315509:37
*** sapd1 has quit IRC09:37
flwang1brtknr: without the /nodes api support from magnum?09:38
strigaziit was blocked by the huawei provider09:38
brtknrflwang1: i think this extends the previous approach to update heat stack directly to support nodegroups09:39
flwang1brtknr: right, so it still would be nice to have the /nodes api support in magnum,  is it?09:40
brtknrflwang1: yes I believe so09:40
strigaziyes09:40
strigazinot only nice, it will be an improvement09:40
flwang1strigazi: ok, just want to make sure if i should still put effort on that one09:41
brtknrflwang1: as you can see, this PR was open for a long time, long before /nodes api was proposed09:42
flwang1brtknr: i see.09:43
flwang1brtknr: strigazi: anything else you want to discuss?09:43
strigaziI'm good09:44
flwang1strigazi: i need your bless on this https://review.opendev.org/#/c/726017/ so that i can start the work on dashboard side09:44
flwang1i'm keen to reduce the templates09:45
brtknrwe need a few more +2s for ussuri release:  https://review.opendev.org/#/q/status:open+project:openstack/magnum+branch:stable/ussuri09:45
flwang1brtknr: thanks for bring this09:46
flwang1i had done a review for the ussuri release recently09:46
brtknrAlso what do you guys think about this? https://review.opendev.org/#/c/740439/09:46
brtknrI was tired of creating lots of similar templates with 1 small change09:47
flwang1brtknr: i love it09:47
brtknrgreat!09:47
flwang1i even would like to have a magic command to duplicate template across regions09:48
flwang1so i'm thinking if we can "export" a template and "import" it09:48
strigaziI think that clone is good only for admins09:49
flwang1strigazi: exactly09:49
strigaziI know users can clone things manually09:49
flwang1end user doesn't really need it09:49
strigazibut if it is very easy and we serve it to them, we may promote a pattern that they don't use the public cluster templates09:50
*** pcaruana has quit IRC09:50
flwang1for us, now we maintain v1.16, v1.17 and v1.18, the only difference for those templates are the kube_tag and the template name09:51
strigaziIt would be greate to do it in the API but I inderstand that it is an overkill09:51
flwang1strigazi: it's an overkill09:52
flwang1we're using a pipeline to publish templates acutally09:52
flwang1for public templates09:52
flwang1but i still think a clone command maybe useful09:53
*** k_mouza has joined #openstack-containers09:53
flwang1can we introduce it as an admin command?09:53
flwang1before we're confident it's worth to open to all users09:54
strigaziwe can add a fake validation in the client09:54
flwang1strigazi: we should be able to check the user role in client, no?09:54
strigaziyes, but virtualenv, pip install, sed <the file with the validation>, profit09:55
strigaziI think it's ok, we can do it09:55
flwang1ok, brtknr, happy with that?09:56
flwang1we're running out time09:56
strigaziit's like cephfs that has quotas on the client xD09:56
flwang1:D09:56
flwang1strigazi: i'm keen to review your master resize code and the binary kube code09:57
strigazi+109:57
strigazibrtknr: where are you?/09:57
brtknrok09:57
brtknrsounds good09:57
brtknrnot 100% clear what we mean by fake validation09:58
strigazibrtknr: you check if the user is admin on the client09:58
brtknrstrigazi: ok i will look into it09:58
strigazibrtknr:  this is fake in the sense that the user can modifythe client09:58
*** udesale_ has joined #openstack-containers09:58
flwang1i'm going to close this meeting now09:59
flwang1thank you joining09:59
strigazithanks, I'm good09:59
flwang1i hope you guys are doing well in the covid-19 world09:59
flwang1#endmeeting10:00
*** openstack changes topic to "OpenStack Containers Team | Meeting: every Wednesday @ 9AM UTC | Agenda: https://etherpad.openstack.org/p/magnum-weekly-meeting"10:00
openstackMeeting ended Wed Jul 22 10:00:13 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)10:00
openstackMinutes:        http://eavesdrop.openstack.org/meetings/magnum/2020/magnum.2020-07-22-09.00.html10:00
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/magnum/2020/magnum.2020-07-22-09.00.txt10:00
openstackLog:            http://eavesdrop.openstack.org/meetings/magnum/2020/magnum.2020-07-22-09.00.log.html10:00
strigazibrtknr: did you watch the webinar? Was it any useful to you?10:00
brtknrsorry i have some people working on our kitchen and they keep asking questions10:01
brtknrstrigazi: yes very useful! i hope to see more!10:01
*** udesale has quit IRC10:01
brtknrwere you able to see I was present?10:01
brtknrLooks like ephemeral containers are very useful debugging tool10:02
strigazionly in the beginning, then i was screen sharing so I don't what was going after10:02
strigaziRicardo can generate the report as the creator of the webinar from zoom, but I didn't bother him :)10:02
*** pcaruana has joined #openstack-containers10:02
brtknrcan you enable ephemeral containers in existing clusters? i suppose you need to change the admission controller manually10:03
brtknrbut it was cool to see all the debugging methods you have in your utility belt :)10:03
brtknri use only the very basic kubernetes features usually10:04
brtknrour CEO advertised the CERN webinars independently internally too so he must have heard about it from a different source so seems to be gaining traction10:05
*** sapd1 has joined #openstack-containers10:14
strigaziStig?10:16
strigaziyes, you need to enable the feature gate10:16
strigaziwe will enabled it by default10:17
strigazibrtknr: I have a bit nastier hacks too but I don't want to give people ideas :)10:17
*** yasemind has quit IRC10:22
openstackgerritMerged openstack/magnum master: Add master_lb_enabled to cluster  https://review.opendev.org/72601710:41
*** ricolin has quit IRC10:48
*** pcaruana has quit IRC11:03
*** yasemind has joined #openstack-containers11:36
*** rcernin has joined #openstack-containers11:50
*** dave-mccowan has joined #openstack-containers12:10
*** ykarel has quit IRC12:21
*** yankcrime has quit IRC12:32
*** ykarel has joined #openstack-containers12:40
*** ioni has quit IRC12:40
*** yankcrime has joined #openstack-containers12:41
*** ioni has joined #openstack-containers12:48
*** pcaruana has joined #openstack-containers12:54
*** sapd1 has quit IRC12:56
*** rcernin has quit IRC13:32
*** ricolin has joined #openstack-containers13:43
openstackgerritBharat Kunwar proposed openstack/magnum stable/ussuri: Add master_lb_enabled to cluster  https://review.opendev.org/74244314:06
*** dave-mccowan has quit IRC14:07
*** yolanda has quit IRC14:10
*** yolanda has joined #openstack-containers14:12
*** dave-mccowan has joined #openstack-containers14:20
*** ramishra has quit IRC14:22
*** ramishra has joined #openstack-containers14:22
*** dave-mccowan has quit IRC14:26
*** sapd1 has joined #openstack-containers14:37
*** nikparasyr has left #openstack-containers14:54
*** KeithMnemonic has joined #openstack-containers14:59
*** k_mouza has quit IRC15:00
*** k_mouza has joined #openstack-containers15:01
*** k_mouza has quit IRC15:41
*** k_mouza has joined #openstack-containers15:44
*** k_mouza has quit IRC15:55
*** ykarel is now known as ykarel|away16:11
*** ykarel|away has quit IRC16:17
*** ricolin has quit IRC16:19
*** udesale_ has quit IRC16:47
*** sapd1 has quit IRC17:03
*** k_mouza has joined #openstack-containers17:55
*** k_mouza has quit IRC17:59
*** LuckyClover has joined #openstack-containers18:03
*** flwang1 has quit IRC19:09
*** LuckyClover has quit IRC19:34
*** yolanda has quit IRC20:05
*** yolanda has joined #openstack-containers20:08
*** vishalmanchanda has quit IRC22:01
*** rcernin has joined #openstack-containers22:53
*** rcernin has quit IRC22:58
*** rcernin has joined #openstack-containers23:02
*** rcernin has quit IRC23:04
*** rcernin has joined #openstack-containers23:05
*** yolanda has quit IRC23:23
*** yolanda has joined #openstack-containers23:24
*** born2bake has quit IRC23:30
« Tuesday, 2020-07-21 Index Thursday, 2020-07-23 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!