Friday, 2012-06-22

« Thursday, 2012-06-21 Index Saturday, 2012-06-23 »
*** dhellmann has joined #openstack-dev00:02
*** dachary has quit IRC00:05
*** dachary has joined #openstack-dev00:05
*** dtroyer_zzz is now known as dtroyer00:05
*** danwent has quit IRC00:10
*** danwent has joined #openstack-dev00:10
*** markmc has quit IRC00:11
*** blamar has quit IRC00:13
*** pixelbeat has quit IRC00:20
*** dachary has quit IRC00:21
*** dachary has joined #openstack-dev00:21
*** dhellmann has quit IRC00:25
*** matwood has quit IRC00:25
*** yosef has left #openstack-dev00:31
*** blamar has joined #openstack-dev00:33
*** blamar has joined #openstack-dev00:35
*** sdake has quit IRC00:35
*** s0mik has quit IRC00:41
*** johnpostlethwait has quit IRC00:45
*** sdake has joined #openstack-dev00:49
*** lloydde has quit IRC00:50
*** markmcclain has quit IRC00:56
*** mnaser has quit IRC01:01
*** dtroyer is now known as dtroyer_zzz01:03
*** kindaopsdevy has joined #openstack-dev01:04
*** ben_duyujie has joined #openstack-dev01:09
*** kindaopsdevy has quit IRC01:09
*** harlowja has quit IRC01:12
*** matwood has joined #openstack-dev01:18
*** matwood has quit IRC01:20
*** ben_duyujie has quit IRC01:20
*** epim_ has joined #openstack-dev01:24
*** AlanClark has quit IRC01:24
*** arosen has quit IRC01:26
*** pmyers has quit IRC01:27
*** epim has quit IRC01:27
*** epim_ is now known as epim01:27
*** pmyers has joined #openstack-dev01:27
*** Mandell has quit IRC01:27
*** dtroyer_zzz is now known as dtroyer01:27
*** matwood has joined #openstack-dev01:31
*** vincentricci has joined #openstack-dev01:36
*** torgomatic has quit IRC01:39
*** roge has quit IRC01:43
*** vanchester has joined #openstack-dev01:46
*** arosen has joined #openstack-dev01:46
*** dtroyer is now known as dtroyer_zzz01:55
*** nati_ueno has quit IRC01:55
*** glenc has joined #openstack-dev01:56
*** glenc_ has quit IRC01:59
*** rnirmal has joined #openstack-dev02:00
*** dtroyer_zzz is now known as dtroyer02:03
*** metral_ has joined #openstack-dev02:11
*** metral_ has quit IRC02:12
*** jakedahn is now known as jakedahn_zz02:14
*** metral has quit IRC02:15
*** PotHix has quit IRC02:15
*** andrewbogott has quit IRC02:17
*** novas0x2a|lapto1 has quit IRC02:22
*** Ryan_Lane1 has joined #openstack-dev02:22
*** dprince has quit IRC02:23
*** Ryan_Lane has quit IRC02:25
*** nati_ueno has joined #openstack-dev02:29
*** nati_ueno has quit IRC02:29
*** dhellmann has joined #openstack-dev02:31
*** sdake has quit IRC02:36
*** sdake has joined #openstack-dev02:41
*** Dr_Who has joined #openstack-dev02:50
*** Dr_Who has quit IRC02:50
*** Dr_Who has joined #openstack-dev02:50
*** rkukura has joined #openstack-dev02:51
*** epim has quit IRC02:54
*** johnpostlethwait has joined #openstack-dev02:57
*** mdomsch has joined #openstack-dev03:00
*** sdake has quit IRC03:06
*** sdake has joined #openstack-dev03:07
*** matwood has quit IRC03:08
*** markmcclain has joined #openstack-dev03:11
*** edygarcia has joined #openstack-dev03:15
*** matiu has quit IRC03:17
*** nati_ueno has joined #openstack-dev03:25
*** adalbas has quit IRC03:26
*** nati_ueno has quit IRC03:28
*** matiu has joined #openstack-dev03:34
*** sdake has quit IRC03:34
*** dolphm has joined #openstack-dev03:36
*** s0mik has joined #openstack-dev03:38
*** Mandell has joined #openstack-dev03:38
*** johnpostlethwait has quit IRC03:39
*** sdake has joined #openstack-dev03:39
*** nati_ueno has joined #openstack-dev03:43
*** sdake has quit IRC03:50
*** sdake has joined #openstack-dev03:51
*** markmcclain has quit IRC03:53
*** sdake__ has joined #openstack-dev03:55
*** sdake has quit IRC03:57
*** danwent_ has joined #openstack-dev03:59
*** danwent has quit IRC03:59
*** danwent_ is now known as danwent03:59
*** sdake__ has quit IRC04:01
*** sdake has joined #openstack-dev04:04
*** vincentricci_ has joined #openstack-dev04:09
*** vincentricci has quit IRC04:09
*** vincentricci_ is now known as vincentricci04:09
*** s0mik has quit IRC04:09
*** sdake has quit IRC04:11
*** sdake has joined #openstack-dev04:12
*** andrewsmedina has joined #openstack-dev04:16
*** mjfork has quit IRC04:18
*** s0mik has joined #openstack-dev04:26
*** tserong has quit IRC04:33
*** edygarcia has quit IRC04:34
*** Dr_Who has quit IRC04:35
*** matwood has joined #openstack-dev04:36
*** dolphm has quit IRC04:36
*** danwent has quit IRC04:39
*** andrewsmedina has quit IRC04:49
*** danwent has joined #openstack-dev05:00
*** tserong has joined #openstack-dev05:00
*** tserong has joined #openstack-dev05:00
*** sleepsonthefloor is now known as sleepsonzzz05:07
*** blamar has quit IRC05:08
*** Lumiere has joined #openstack-dev05:15
*** s0mik has quit IRC05:21
*** steveb_ has quit IRC05:23
*** johnpostlethwait has joined #openstack-dev05:36
*** sdake has quit IRC05:38
*** littleidea has quit IRC05:39
*** sdake has joined #openstack-dev05:54
*** sdake has quit IRC05:57
*** sdake has joined #openstack-dev05:57
*** Mandell_ has joined #openstack-dev06:01
*** Mandell has quit IRC06:01
*** jakedahn_zz is now known as jakedahn06:05
*** GheRivero has joined #openstack-dev06:07
*** edygarcia has joined #openstack-dev06:07
*** edygarcia has quit IRC06:09
*** edygarcia has joined #openstack-dev06:11
GheRiveromorning people06:12
*** dachary has quit IRC06:15
*** davidkranz_ has joined #openstack-dev06:19
*** davidkranz has quit IRC06:19
*** matwood has quit IRC06:26
*** Guest51119 has joined #openstack-dev06:30
*** Guest51119 has quit IRC06:31
*** edygarcia has quit IRC06:32
*** Mandell_ has quit IRC06:32
*** johnpostlethwa-1 has joined #openstack-dev06:40
*** johnpostlethwait has quit IRC06:40
*** vanchester has quit IRC06:41
*** ohnoimdead has quit IRC06:41
*** adjohn has joined #openstack-dev06:49
*** dachary has joined #openstack-dev06:51
*** ohnoimdead has joined #openstack-dev06:55
ttxmorning Ghe07:00
*** mindpixel has joined #openstack-dev07:00
*** vincentricci_ has joined #openstack-dev07:09
GheRiverottx, is there any date release for 2012.1.1? Debian next stable is freezing end of June and will like to have it on time (though we can manage to do it later)07:13
ttxGheRivero: markmc was supposed release it last night07:13
*** vincentricci has quit IRC07:13
*** vincentricci_ is now known as vincentricci07:13
*** sieutruc has joined #openstack-dev07:14
ttxGheRivero: yeah, it's up07:14
ttxGheRivero: looks like he skipped the announcement07:14
GheRiverothanks, i knew it was by now, but didn't see anything :)07:15
*** tgall_foo has quit IRC07:15
ttxhttps://launchpad.net/PROJECT/essex/2012.1.107:15
* ttx will circle back to markmc to get the announcement out on the Ml if it's not in the pipe yet07:16
*** reidrac has joined #openstack-dev07:20
* GheRivero updating Debian packages to 2012.1.1 release. Let's party07:21
*** vincentricci has quit IRC07:21
*** danwent has quit IRC07:30
*** sulochan has joined #openstack-dev07:31
*** mrunge has joined #openstack-dev07:32
*** pixelbeat has joined #openstack-dev07:35
*** mrunge has quit IRC07:39
*** mrunge has joined #openstack-dev07:39
*** dachary has quit IRC07:48
*** dachary1 has joined #openstack-dev07:48
*** mindpixel has quit IRC07:53
*** johnpostlethwa-1 has quit IRC08:02
*** markmc has joined #openstack-dev08:05
markmcgood morning ttx08:07
*** adjohn has quit IRC08:08
ttxmarkmc: morning! Did you send anything to the ML about 2012.1.1 release ?08:08
markmcttx, that's what I'm doing now08:08
markmcttx, I don't think I've missed anything else?08:08
markmcttx, wondering whether we want to include a list of fixed CVEs in the announce?08:09
ttxmarkmc: if you want to highlight anything, that would be the first thing to mention08:10
markmcttx, ok, compiling a list now ... or do you have one handy?08:10
ttxsounds like a good idea since it's not that obvious from the LP milestone page08:10
*** tgall_foo has joined #openstack-dev08:13
markmcttx, interesting: https://bugs.launchpad.net/nova/+cve08:13
ttxmarkmc: nice. Just not sure that we actually linked them all :)08:14
markmcttx, yeah08:15
*** maploin has joined #openstack-dev08:17
*** maploin has quit IRC08:17
*** maploin has joined #openstack-dev08:17
GheRiveromarkmc, i keep an updated list at: http://wiki.openstack.org/SecurityAdvisories/Essex08:19
*** dolphm has joined #openstack-dev08:20
markmcGheRivero, excellent, thanks!08:20
*** darraghb has joined #openstack-dev08:23
*** dolphm has quit IRC08:24
*** danwent has joined #openstack-dev08:35
*** steveb_ has joined #openstack-dev08:36
*** danwent has quit IRC08:36
*** Ryan_Lane1 is now known as Ryan_Lane08:45
*** Ryan_Lane has joined #openstack-dev08:45
*** dachary1 is now known as dachary08:56
*** eglynn has joined #openstack-dev08:59
*** markmc has quit IRC09:31
*** danpb has joined #openstack-dev09:43
*** taziden has joined #openstack-dev10:04
*** rods has joined #openstack-dev10:07
*** steveb_ has quit IRC10:09
*** apevec has joined #openstack-dev10:14
*** Ryan_Lane has quit IRC10:31
*** steveb_ has joined #openstack-dev10:31
*** jakedahn is now known as jakedahn_zz10:35
*** asalkeld has joined #openstack-dev10:37
*** steveb_ has quit IRC10:45
*** mnaser has joined #openstack-dev11:01
smoserhey. i was previously able to run a single set of tests with:11:02
smoser ./run_tests.sh --no-virtual-env test_metadata11:03
smoserthat seems to have broken at cf34a6015762a82780f86004a76439e1e21340f8 ("Finalize tox config")11:03
*** asalkeld has left #openstack-dev11:04
smoserit now fails like http://paste.ubuntu.com/1054071/11:05
*** johngarbutt has joined #openstack-dev11:06
danpbsmoser: you have to fully qualify the test name11:06
danpbsmoser: eg,  instead of   test_metadata,   nova.tests.test_metadata11:06
smoserwell, i was hoping to run nova/tests/test_metadata.py11:07
smoserand the above previously worked.11:07
johngarbuttthat broke with recent move to nosetests11:07
danpbsmoser: there is a thread on the mailing list about a possible fix for this, but not sure if it was ever mergefd11:07
smoserbut it appears, no surprise, that you are correct, danpb11:07
smoser:)11:07
smoserthank you.11:07
smoseri can just as easily run as nova.tests.test_metadata.11:08
*** Ryan_Lane has joined #openstack-dev11:15
smoserok. so the one difference that i see now, running as above, is that i get a bunch of deprecated warnings (DeprecationWarning: Response.request and Response.environ are deprecated) speweed to the screen.11:17
smoserit seems that is because i'm on python-webob 1.1.1, where 1.2 has un-deprected them. is there an easy way to silense those ? i guess i can run with a virtual env.11:17
*** markvoelker has joined #openstack-dev11:29
smoserok. now, even with virtualenv , i see deprecated warnings. http://paste.ubuntu.com/1054102/11:34
smoseris there some way to just not show those ?11:34
*** wiliam has joined #openstack-dev11:36
*** mjfork has joined #openstack-dev11:36
*** johngarbutt has quit IRC11:41
*** johngarbutt has joined #openstack-dev11:41
*** sandywalsh has joined #openstack-dev11:42
*** jgriffith has quit IRC11:45
*** jgriffith has joined #openstack-dev11:48
*** e1mer has quit IRC11:56
*** sieutruc has quit IRC12:03
*** mrunge has quit IRC12:06
*** markmc has joined #openstack-dev12:10
*** drewlander has joined #openstack-dev12:16
*** primeministerp has quit IRC12:19
*** alaski has joined #openstack-dev12:23
*** lts has joined #openstack-dev12:31
*** notmyname has quit IRC12:32
*** adalbas has joined #openstack-dev12:34
*** primeministerp has joined #openstack-dev12:37
*** segfault923 has quit IRC12:38
*** primeministerp has quit IRC12:39
*** primeministerp has joined #openstack-dev12:42
*** Shrews has quit IRC12:48
*** vanchester has joined #openstack-dev12:52
sorenmarkmc: Ooh, hi. Do you have time to help me with something?12:54
sorenmarkmc: I'm trying to figure something out in qemu's virtio-net code.12:55
markmcsoren, ok, what's up?12:55
markmcthis should be interesting12:55
markmcjust how little will I remember12:55
sorenmarkmc: I have an environment where packets are being filtered by qemu.12:56
sorenmarkmc: I can tell by tcpdumping the vnet interface in the host that they get sent there, but they never reach the guest.12:56
sorenIf the guest puts the interface into promiscuous mode, everything works perfectly.12:56
sorenLooking at virtio-net.c's receive_filter, this makes sense.12:56
sorenSEtting promisc mode skips all these filterse.12:56
*** Shrews has joined #openstack-dev12:57
sorenI couldn't work out which one was filtering it, so I instrumented the function to just write to stdout whenever it branched.12:57
sorenIt turned out that it was getting filtered in the vlan check.12:57
sorenNow, what I don't understand at all is this:12:57
sorenI don't see the VLAN ethernet type when tcpdumping on the host.12:57
soren...nor in the guest.12:58
* markmc digs12:59
sorenI've worked around it for now by whitelisting VLAN 0 by default.12:59
*** segfault923 has joined #openstack-dev12:59
soren..but I don't understand where the VLAN tag comes from. I mean... the packet comes from a VLAN tagged network, so it's not *entirely* out of the blue, but how come I don't see it on the host nor in the guest?12:59
markmcsoren, so, you're not seeing 0x8100 at byte offset 12 in the packets?13:01
sorenIn qemu, yes.13:01
sorenAnywhere else... No.13:01
sorenBut only QEmu skips past the vnet_hdr.13:01
sorenHm... That doesn't even makes sense, does it? Since that only exists in the communication between the kernel and qemu..13:02
* soren 's head blows up13:02
*** notmyname has joined #openstack-dev13:02
*** ChanServ sets mode: +v notmyname13:02
*** roge has joined #openstack-dev13:03
*** andrewbogott has joined #openstack-dev13:03
sdagueanyone able to review this - https://review.openstack.org/#/c/8778/ - I'd like to get the rest of the virt driver work soon13:04
markmcsoren, so, you're seeing it skip past a vnet hdr?13:04
sorenmarkmc: Yes.13:05
markmcsoren, ok, that's a GSO packet - i.e. it's a large packet which hasn't been split up by the kernel and that header describes how it should be split up13:05
sorenHm. ok.13:06
sorenI thought the vnet_hdr always got added with macvtap?13:06
markmcsoren, it sounds to me like the guest interface just isn't configured with the right vlan tag?13:06
sorenWell, 2 things are wrong with that:13:07
sorena) At that stage it shouldn't be VLAN tagged.13:07
sorenb) if it is indeed vlan tagged, why don't I see it in tcpdump on eitehr side?13:07
markmcok, well if the packet isn't vlan tagged, is the problem that the guest interface *is* configured with a vlan id?13:09
sorenIt's not, no.13:09
sorenBut how can it appear to have a vlan tag inside qemu?13:09
sorenWould the kernel ever add that?13:10
*** joesavak has joined #openstack-dev13:10
markmcsoren, how can the guest interface appear to have a vlan tag? or the packet?13:10
*** Adri2000 has quit IRC13:10
*** Adri2000 has joined #openstack-dev13:11
*** Adri2000 has quit IRC13:11
*** Adri2000 has joined #openstack-dev13:11
sorenmarkmc: I've instrumented the vlan check in receive_filter to write to stdout if it's hit.13:11
markmcsoren, the guest driver can supply qemu with a set of vlan tags to filter on13:11
sorenmarkmc: Yup.13:12
*** markmcclain has joined #openstack-dev13:15
sorenLet me pastebin a few things..13:15
garykarosen: just saw your message now. i am not sure. sorry.13:16
sorenmarkmc: http://paste.openstack.org/show/18721/13:17
sorenmarkmc: No VLAN tagging.13:17
*** dolphm has joined #openstack-dev13:18
markmcsoren, yet, it's being filtered out in qemu because of a vlan tag mismatch13:18
sorenmarkmc: My instrumentation clearly says that there's a vnet header so it skips past that, and then the VLAN part is hit and the vid shows as 0.13:18
sorenmarkmc: Yup.13:19
markmcsoren, so, either tcpdump is lying to you and there is a vlan tag on the wire (possible you're seeing the packets after it's been stripped)13:19
sorenmarkmc: Again (and this may be important):13:19
markmcsoren, or there's no vlan tag and the nic has been configured with a vlan tag13:19
markmcsoren, the vid in the guest packet is zero in your instrumentation?13:19
sorenmarkmc: The packet actually does originate from a VLAN tagged network, but at this stage, it shouldn't be tagged anymore, and according to tcpdump, it's not.13:20
sorenmarkmc: Yes, vid = 0.13:20
markmcsoren, so, then the nic must be configured with a vlan id13:20
markmcsoren, i.e. there are tags added to the ->vlans table in qemu, and the guest kernel must have done that13:20
sorenmarkmc: So it gets added after tcpdump as had a chance to look at it?13:20
sorenmarkmc: What, no?13:21
sorenmarkmc: The guest kernel doesn't even have the vlan module loaded.13:21
markmcwell, look13:22
markmcthe code is:13:22
markmc       int vid = be16_to_cpup((uint16_t *)(ptr + 14)) & 0xfff;13:22
markmc        if (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))13:22
sorenYeah, righ before that, it determines that the ethertype is 802.1q and then ptr+14 is the vid.13:23
sorenvid is 0 right there.13:23
markmchmm13:24
markmcif the packet shouldn't be vlan tagged, that it has 802.1q ethertype is the strange thing13:24
sorenWell, that could just be a configuration screw-up.13:24
soren...but it would show in tcpdump.13:25
sorenThis is all very, very odd.13:25
sorenIf I add VLAN 0 to n->vlans by default, I'm golden.13:25
sorenOr, my first (wrong) approach: Only apply the vlan filter if the guest had added any vlan's.13:26
markmclooks like if ethertype is 802.1q, the guest must have explicitly requested vlan 013:27
sorenHow do you figure that?13:27
markmcif (!(n->vlans[vid >> 5] & (1U << (vid & 0x1f))))13:27
sorenWhy would the ethertype of the *incoming* packet change based on what the guest has requested?13:27
markmcthat won't be true with vid 0 unless vlan 0 is selected in the vlans table13:27
markmcI'm not saying the guest can affect the ethertype13:28
sorenRight. That's why if I add VLAN 0 to n->vlans, it works.13:28
markmcso, if it's not sane to configure your guest with vlan 013:28
markmcsomething is screwed up on the otherside to result in ethertype 802.1q13:29
sorenWell, I know how I can make the packets go through.13:29
sorenRight.13:29
sorenThat's what I can't figure out at all.13:29
*** JStoker has quit IRC13:29
*** iccha has joined #openstack-dev13:30
markmctry switch to e1000 or something13:30
markmcsee if you're seeing the same problem13:30
markmcnot as a solution, just information13:30
markmcshould surely see the same thing13:30
sorenHm... I can try.13:30
*** JStoker has joined #openstack-dev13:32
sorenmarkmc: Works just fine.13:33
sorenmarkmc: The e1000 driver also only does VLAN filtering if specifically enabled.13:36
ayoungmarkmc,  the PKI auth token work in Keystone is going to need a CA cert and a Signing key and cert before it can issue any tokens.  For a live deployment,  I can document how a user would generate those themselves.  The question is how to cover 1. Devstack, and 2.  the integration tests.13:36
ayoungFor devstack,  I can potentially copy the certs from the temp directory in keystone13:36
*** dtroyer is now known as dtroyer_zzz13:37
ayoungbut I don't want people doing that for a "real" deploy13:37
ayoungand thus I am a little worried about putting code that does that into, say keystone manage13:37
dolphmayoung: can't we devstack generate the certs?13:38
dolphms/we//13:38
ayoungDoes it make sense to put cert generation code into keystone manage and have devstack call that?  There are a lot of values that the end user should provide for the certs:13:38
*** sandywalsh_ has joined #openstack-dev13:38
danpbare there any Nova core reviewers around (besides markmc)  who can give a little karma to these 4 patches for Nova CPU model support  https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:master+topic:bug/1003373,n,z13:38
ayoungdolphm, I have a Makefile that documents the various openssl calls needed.13:39
ayoungBUt there are a lot of values coded to my deployment13:39
*** segfault923 has quit IRC13:39
dolphmayoung: link?13:39
*** sandywalsh has quit IRC13:39
ayoungdolphm, http://adam.younglogic.com/2012/05/token-signing-with-openssl/13:39
sorenmarkmc: The e1000 driver only does filtering if explicitly enabled, and it's only explicitly enabled when you add a VLAN in the guest (looking at hw/e1000.c in Qemu and drivers/net/ethernet/intel/e1000/e1000_main.c in linux).13:39
ayoungdolphm, note the openssl.conf file at the bottom13:40
ayoung0.organizationName_default = Red Hat, Inc  and so forth13:40
sorenmarkmc: Mimicking that behaviour in virtio would solve it, but it still doesn't explain why there's a 802.1q ethertype on those frames.13:40
ayoungI didn't include all of the values,  so I end up typing those by hand.  I've been working on incremental changes trying to get this to "fire and forget" mode13:41
markmcayoung, sounds like essentially the same setup step as generating the admin_token now13:42
dolphmmarkmc: a bunch of generic values would obviously be fine for devstack -- what's in there that devstack would *have* to get from the user?13:42
markmcayoung, as an aside, are you sure you really need certs - why not just generate a keypair for keystone and configure the services with the public key?13:42
sorenmarkmc: Unfortunately, i can't work out if that's correct behaviour. I know *of* VLAN's, but have never had to deal with them in practice.13:43
markmcayoung, without the complication of a cert13:43
markmcsoren, yeah, similar for me13:43
ayoungmarkmc, I am not sure that there is a standard mechanism for validating a signed docuemtn with just a key.  the openssl code uses cms,  which requires a cert13:43
markmcsoren, using libvirt or qemu?13:43
sorenlbivirt13:43
sorenlibvirt, even.13:43
ayoungsame for NSS.13:43
markmcsoren, was trying to figure out if there was a way to disable the vnet_hdr feature on the tap device, see if that helps13:44
ayoungmarkmc, So while we could roll our own,  I am not sure that we want to get into maintaining that code.13:44
*** dolphm has quit IRC13:45
markmcayoung, kinda surprising there's no python library for simple signing and validating13:46
markmcayoung, just observing that the cert seems redundant here - part of your problem is how to get the user to fill in a bunch of values for the cert13:46
markmcayoung, but the values are fairly meaningless13:46
ayoungmarkmc, in this case,  but cert management for a larger organization is pretty common13:46
ayoungthis is really for supporting developers.  For a live deploy,  I think X509s make better sense.  A lot of the pain of this comes from not embeddingthe certs in the signed document,  as they will increase the size of the tokens substantially13:47
sorenmarkmc: Looking at the tap-linux code in qemu, it seems whether to expect a vnet_hdr is based on an IFF_VNET_HDR feature being set on the tap fd.13:49
*** littleidea has joined #openstack-dev13:49
sorenmarkmc: Er.. Not sure where I'm going with that :)13:50
markmcsoren, yes, and that's done by libvirt13:50
markmcsoren, you'd have to hack libvirt to not set it AFAIR13:50
ayoungmarkmc, there are other benefits.  The current setup assumes a single keystone server, and it exposes its own signing certificate.  But we could scale up this solution to a large number of Keystone servers, all signed from the same CA,  and pre-populate the certifcate stores,  or make them all availabler from a single repository,  such that nova etc does not even need to have network connectivity to the Keystone server in order13:51
ayoungto validate.13:51
*** edygarcia has joined #openstack-dev13:51
ayoungWe can probable leave out most of the values for the cert, as they are not really needed for the automated mechanism,  just for a human to be able to read and confirm13:51
*** segfault923 has joined #openstack-dev13:52
markmcayoung, ok13:52
markmcayoung, a "generate admin token" feature in keystone-manage would do e.g. ADMIN_TOKEN=$(openssl rand -hex 10)13:53
markmcayoung, with the PKI auth token stuff, it would generate a cert and signing key13:53
markmcayoung, seems like it would be useful to have that keystone-manage feature in both cases13:53
*** AndroUser2 has joined #openstack-dev13:54
sorenmarkmc: You're correct. If qemu supports it and net->model equals virtio, vnet_hdr is enabled. I wonder if it'll change anything, though.13:54
sorenThe header is just prepended.13:54
soren...and the problems are in the rest of the frame.13:55
sorenOr so it seems.13:55
markmcyeah, probably not13:55
markmcif it had been easy to disable, it might have been worth trying13:55
sorenYeah.13:55
*** dtroyer_zzz is now known as dtroyer13:55
markmcjust a difference vs e1000 worth eliminating13:55
sorenI think e1000 manages to work because it doesn't have its vlan filtering enabled by default.13:55
ayoungmarkmc, OK,  I started working on that already.  I'm guessing it needs to be fire and forget?13:55
sorenI guess I could instrument the e1000 code to see..13:56
* soren does so13:56
markmcsoren, well, if the semantics of ethertype 802.1q and vid 0 is "discard unless the nic has explicitly been configured with vid 0"13:56
markmcsoren, you'd expect the e1000 guest driver to discard it13:56
*** sdake has quit IRC13:57
sorenmarkmc: I have reason to believe that that isn't the case, though.13:57
*** AlanClark has joined #openstack-dev13:57
soren...but that's based on...13:57
markmcayoung, yeah, with a bunch of optional params for the cert if you think it makes sense13:57
*** sdake has joined #openstack-dev13:57
ayoungI guess for devstack it should pull the values out of localrc to override the defaults.13:58
sorenmarkmc: Heh, that's based on behaviour seen with e1000e on my laptop yesterday.13:58
markmcayoung, but it's the keystone guy's opinion that matter :)13:58
sorenmarkmc: I connected two laptops. Configured one to tag traffic with vlan 0, made the other one vlan-agnostic (didn't even load the vlan driver).13:58
*** andrewsmedina has joined #openstack-dev13:58
*** jgriffith has quit IRC13:59
sorenI could send packets from the vlan-enabled box to the other one. I forget about the other direction, but that's not really important.13:59
ayoungmarkmc, I see the nova devs as the customer.13:59
sorenI couldn't send any packets in either direction if the VLAN tag had vid=2.13:59
ayoungAs well as the glance, swift, and quantum devs...but nova is the cash cow.13:59
markmcayoung, nova needs something to configure the auth_token middleware with13:59
markmcayoung, now, it's the admin token13:59
sorenSo vid=0 got accepted by the VLAN-agnostic NIC.13:59
markmcayoung, with PKI, it's the public key (or cert)14:00
zuljeblair: ping14:00
sorenmarkmc: I'm also not familiar enough with the virtio code to know if this filtering is pushed down into the host entirely or if that's just the first line of defence (to save memory bandwidth and context switches if it's going to get discarded later on anyway).14:01
*** Dr_Who has joined #openstack-dev14:01
*** Dr_Who has quit IRC14:01
*** Dr_Who has joined #openstack-dev14:01
sorenmarkmc: If the latter, I'd be much more comfortable just disabling the VLAN filter.14:02
markmcsoren, first line of defense14:02
sorenmarkmc: So it filters in the virtio driver in the guest, too?14:02
markmcsoren, disabling it how?14:02
sorenComment it out in  virto-net.c in qemu.14:02
sorenLeave it to the guest to filter it.14:02
markmcheh, ok14:02
markmcyeah, the guest should filter it too14:02
*** sulochan has quit IRC14:03
sorenIt's a big hammer, but I'm at a bit of a loss.14:03
sorenI have a patch that defers the filtering until the guest has explicitly added vlan's, but it's rather more invasive.14:03
sorenmarkmc: http://paste.ubuntu.com/1054290/14:04
*** shang has quit IRC14:04
sstentanyone got any ideas as to why python 2.6.6 would be missing files on install that are listed in the MANIFEST.in ? this is in regards to bug https://bugs.launchpad.net/horizon/+bug/101608514:04
uvirtbotLaunchpad bug 1016085 in horizon "Directories not included during install" [High,Confirmed]14:04
*** dprince has joined #openstack-dev14:06
*** mnaser has quit IRC14:06
*** mnaser has joined #openstack-dev14:07
*** jgriffith has joined #openstack-dev14:07
*** AndroUser2 has quit IRC14:07
sorenmarkmc: Oh!14:11
sorenmarkmc: I instrumented the e1000 code in qemu, too. It also shows as vlan tagged.14:11
sorenis_vlan_packet(s, buf) = 1, vid = 014:11
sorenIts VLAN filtering code just isn't applied because the guest kernel hasn't enabled it.14:11
*** japage has joined #openstack-dev14:14
sorenmarkmc: I've never understood the vlan=X argument one can pass to qemu.. This couldn't be related, could it?14:14
*** dolphm has joined #openstack-dev14:16
*** dolphm has quit IRC14:16
*** dolphm has joined #openstack-dev14:16
markmcsoren, that's a qemu concept, basically a way of pairing the host side device with the guest side device14:16
markmcsoren, unrelated to 802.1q14:17
matiuinside the nova api, is it safe to assume that X-Auth-Token is always gonna be a 'username:password' format ?14:17
matiuor do some auth methods generate a different format of token ?14:17
sorenmarkmc: yeah, didn't think so.14:18
sorenmarkmc: We also seem to not use that anyway.14:19
markwashmatiu: I think its usually just "X-Auth-Token: <uuidlike>"14:20
dolphmmatiu: x-auth-token is uuid414:20
matiuah, I'm using like noauth14:20
matiuand getting username:password14:20
matiucool, so I'm logging that token14:20
matiuis it gonna be useful later ?14:20
matiulike on a compute/show/uuid14:21
matiuI'm logging the token, so later on I can know who ordered that14:21
matiuit's not really gonna be mush use later eh ?14:21
markwashmatiu: I think if you're interested in who, you should focus on x_user_id and x_tenant_id14:21
markwashmatiu: tokens expire, and I guess there's little reason for an auth service to keep a record of old ones?14:22
ayoungmarkmc, I see that the remote systems all pull in auth_token.py.  I'd like to avoid duplicating the validate code, and put it into keystone.common,  but I am not sure if that will end up getting distributed to all of the remote systems.  How does that work?  According to http://arm.koji.fedoraproject.org/koji/rpminfo?rpmID=279519  GLance RPM does not depend on keystone.14:22
matiuthanks mark, I don't have those on my system due to noauth14:22
matiuI might have to setup keystone ?14:22
sorenmarkmc: Thanks a lot for helping me out. At least I now feel reassured that I'm not just reading it all wrong.14:23
markmcayoung, that's just because keystone isn't enabled by default14:23
markmcayoung, see this in glance-api-paste.ini:14:23
markmcpaste.filter_factory = keystone.middleware.auth_token:filter_factory14:23
ayoungyes14:23
markmcayoung, the code is coming from keystone currently14:23
markmcsoren, np14:24
matiuI'll put it in my code to try for x-user-id14:24
markwashmatiu: where is your logging taking place? in a http or wsgi middleware above the nova api?14:24
matiuthen tenant then auth token14:24
*** dgao has joined #openstack-dev14:24
matiuI'm thinking to put it in an extension14:24
ayoungmarkmc, so if glance wants to use the auth_token.py from Keystone, the WHole keystone RPM needs to be installed?14:24
matiuwith @extends; def show()14:24
matiusort of thing14:24
matiuso it can also store the response code14:24
markwashmatiu: I think if you put it in the controller, then all the information you will want will be in request.context14:25
matiuextension called InstanceActionLog14:25
markmcayoung, https://bugzilla.redhat.com/82403414:25
matiubut I don't get the response code that early14:25
markwashmatiu: and it shouldn't vary significantly across auth implementations (well at least I'm guessing not)14:25
markwashmatiu: ah I see14:25
markwashmatiu: then you probably want a wsgi middleware just one hop above the nova app14:26
matiumarkwash, I'm thinking to look for x-auth-user-id, then tenant, then token14:26
matiuin that order14:26
matiuyeah, I was gonna copy how disk_config.py does things14:27
*** segfault923 has quit IRC14:27
matiuthat seems to get hit at the right place14:27
matiuwhat's the difference between x-auth-user-id an14:28
matiuand x-auth-tenant14:28
markwashthe way I always think of it, the user is the request agent, the tenant is the resource owner14:28
dolphmmarkwash: ++14:28
jeblairzul: pong14:29
*** shang has joined #openstack-dev14:29
zuljeblair: can you add tarballs for swiftclient please?14:29
matiuso it's by request agent, you mean, the guy that logged in to do the request eh ?14:29
dolphmmatiu: yes14:29
markwashyup14:29
matiuit's not gonna give me a string like 'nova-client'14:29
matiucool14:29
matiuthanks guys :)14:29
dolphmmatiu: a user could have access to one or more tenants14:29
matiuaha14:30
matiuyeah I want the user14:30
matiuas customers always say, it wasn't meeeeeee14:30
matiunow we'll know who it was :)14:30
dolphmmatiu: tenant ~= project ~= account, depending on who you ask :)14:30
*** mattray has joined #openstack-dev14:31
*** mattray has left #openstack-dev14:31
jeblairzul: looks like they're generated, but uploaded to the wrong place.  should be able to fix in a few.14:31
zuljeblair: cool thanks...i think glanceclient is not being uploaded to the right place either14:31
jeblairzul: i think all the clients may be going to the wrong place.14:33
zuljeblair: lovely :)14:34
jeblairzul: the good news is, we probably broke them all at once, and we can fix them all at once.  :)14:35
*** dgao is now known as segfault92314:35
zuljeblair: i should hope so :)14:35
dolphmmtaylor: jeblair: i <3 rebase button, thanks!14:41
jeblairdolphm: it's swell!14:41
*** dachary has quit IRC14:47
*** matwood has joined #openstack-dev14:47
*** kbringard has joined #openstack-dev14:47
*** mgz has joined #openstack-dev14:48
*** bencherian has joined #openstack-dev14:50
jeblairzul: I'm going to wait for the job config update to run in 10 minutes, so no new tarballs will be put in the wrong location, then move the misplaced ones.  should all be done in about 20 minutes.14:51
zuljeblair: cool...ill wait for the client tarballs before uploading them to ubuntu14:52
*** datsun180b has joined #openstack-dev14:55
*** rnirmal has joined #openstack-dev14:56
*** sstent has quit IRC14:58
*** sstent has joined #openstack-dev14:59
*** epim has joined #openstack-dev15:03
primeministerpayoung: ping15:03
*** epim_ has joined #openstack-dev15:04
*** dachary has joined #openstack-dev15:04
jeblairzul: done15:04
zuljeblair: thanks15:05
*** krtaylor has joined #openstack-dev15:06
*** littleidea has quit IRC15:06
*** littleidea has joined #openstack-dev15:07
*** epim has quit IRC15:07
*** epim_ is now known as epim15:07
*** bencherian has quit IRC15:08
*** primeministerp has quit IRC15:10
*** primeministerp has joined #openstack-dev15:11
*** mnaser has quit IRC15:13
*** primeministerp has quit IRC15:14
*** primeministerp has joined #openstack-dev15:15
*** mnaser has joined #openstack-dev15:15
*** notmyname has quit IRC15:18
*** reidrac has quit IRC15:19
*** nunosantos has joined #openstack-dev15:21
*** Ryan_Lane has quit IRC15:23
*** mnaser has quit IRC15:27
*** notmyname has joined #openstack-dev15:28
*** ChanServ sets mode: +v notmyname15:28
*** mnaser has joined #openstack-dev15:28
*** metral has joined #openstack-dev15:29
*** adjohn has joined #openstack-dev15:30
*** adjohn has quit IRC15:33
mtaylordolphm: w00t!15:34
*** littleidea has quit IRC15:38
*** nunosantos_ has joined #openstack-dev15:39
*** dprince has quit IRC15:41
*** littleidea has joined #openstack-dev15:41
*** Mandell has joined #openstack-dev15:43
*** dprince has joined #openstack-dev15:44
*** blamar has joined #openstack-dev15:44
davidkranz_jaypipes: Ping15:45
jaypipesdavidkranz_: pongly15:47
davidkranz_jaypipes: I was getting frustrated and went back to basics, running a test that spawns 1,2,4 servers in parallel.15:47
jaypipesdavidkranz_: so, some REALLY weird results from the parallel testing.15:47
davidkranz_jaypipes: There was no speedup and I discovered why.15:47
jaypipesdavidkranz_: going to push up to gerrit. if you can pull the latest and tell me if you get the same results...15:48
jaypipesdavidkranz_: do tell.15:48
davidkranz_jaypipes: There is some horrible serialization in the virt firewall stuff. DO you see this?15:48
jaypipesdavidkranz_: wanna grab vishy?15:48
davidkranz_jaypipes: I will paste the proof.15:48
jaypipeskk15:49
davidkranz_See http://paste.openstack.org/show/18725/15:49
davidkranz_jaypipes: In the source, these two debug statments happen with only one call in between.15:49
davidkranz_jaypipes: Do you see no speedup from a single compute server, regardless of number of cores?15:50
davidkranz_jaypipes: I could not believe I was seeing this but there it is.15:51
jaypipesdavidkranz_: one sec, looking.15:51
*** sieutruc has joined #openstack-dev15:51
davidkranz_jaypipes: Note how the last two are interleaved and take forever.15:51
jaypipesyeah, I see that :(15:52
*** andrewbogott has quit IRC15:52
davidkranz_I just wanted to be sanityh checked before filing a bug.15:52
davidkranz_jaypipes: What are your weird results? Related to this?15:53
jaypipesdavidkranz_: this is the nova-compute log, right?15:53
*** mnaser has quit IRC15:53
jaypipesdavidkranz_: just pushed my newest parallel code up to Gerrit. go ahead and pull it and I will give you the commands to exec.15:53
davidkranz_jaypipes: I have all the logs going to one file.15:53
jaypipesdavidkranz_: k. well that is from the compute node...15:54
davidkranz_jaypipes: I believe so.15:55
jaypipesdavidkranz_: which would not be helped by the multi-process-api buleprint :(15:55
*** mestery has joined #openstack-dev15:55
davidkranz_jaypipes: Right.15:55
jaypipesdavidkranz_: for reference: https://review.openstack.org/#/c/8228/15:55
*** mnaser has joined #openstack-dev15:55
davidkranz_jaypipes: Yeah, I have seen that.15:56
jaypipesdavidkranz_: what will help vishy is actually if you do a grep for those 4 instance UUIDs and track where the waits are ... perhaps the wait is actually in the api service and those log messages are a red herring?15:56
jaypipesdavidkranz_: if you can...15:56
jaypipesdavidkranz_: alright, ready for crazy? here ya go: http://paste.openstack.org/show/18726/15:57
jaypipesdavidkranz_: I mean... WTF?!15:57
jaypipesdavidkranz_: I have no idea how adding multiple processes would affect the authorization of a user. :(15:57
davidkranz_jaypipes: I think what we are both seeing is the result of necessary stress testing.15:58
davidkranz_jaypipes: Based on my early stress test results I don't think any one is doing stuff like this.15:58
jaypipesdavidkranz_: yep. unfortunately, we haven't been able to get anything close to stable in the jenkins tempest garte15:58
davidkranz_jaypipes: I will file a nova bug and ping vishy.15:59
jaypipesdavidkranz_: the problem I believe is this:15:59
jaypipesdavidkranz_: the setUpClass() method in the test cases that throw that Authorizatio error are being executed, but the record is not being committed (in time?) to the keystone database and the first test that uses that user/tenant fails because the user/tenant doesn't exist16:00
*** Aaton_off is now known as Aaton16:00
davidkranz_jaypipes: I see.16:00
*** milner has quit IRC16:00
jaypipesdavidkranz_: I mean, I can try adding a wait to after creating the user/tenant...16:01
jaypipesdavidkranz_: but setUpClass is supposed to complete entirely before any test is ever run...16:01
*** milner has joined #openstack-dev16:01
jaypipeswhich really makes me wonder...16:01
jaypipesdavidkranz_: I'm just wondering if the multiprocess plugin in nose is really working properly.16:02
davidkranz_jaypipes: Shouldn't keystone be serializeing requests in a way that this could not happen?16:03
davidkranz_jaypipes: You could write a trivial test runner to see. That is basically what I did for parallel server launch.16:03
jaypipesdavidkranz_: it doesn't have a choice. it's single process, with a blocking C MySQL driver...16:03
jaypipesdavidkranz_: I'm going to run it again and check the g-reg screen log.16:04
davidkranz_jaypipes: But then shouldn't the attempt to use be blocked until after the create has finished?16:04
jaypipesI mean k-api log..16:04
jaypipesdavidkranz_: you would assume so, right? :(16:04
*** heckj has joined #openstack-dev16:04
davidkranz_jaypipes: Maybe this is just the first stress test of keystone16:05
jaypipesdavidkranz_: not sure :(16:05
*** mestery has quit IRC16:05
*** Ryan_Lane has joined #openstack-dev16:06
davidkranz_jaypipes: I am thinking we (the openstack code) are not ready for parallel tempest and we need to get the basics  of stress working first.16:06
jaypipesdavidkranz_: I  am going to continue messing with this to figure out the source of the issues...16:07
davidkranz_jaypipes: OK, me too.16:07
*** krtaylor has quit IRC16:13
ttxabout beer o'clock16:14
*** s0mik has joined #openstack-dev16:19
jaypipesdavidkranz_: first hint...16:26
jaypipesdavidkranz_: so, I was tracking down why, after runnign the smoke tests, there was always a single user/tenant that remained in keystone16:26
jaypipesdavidkranz_: while all the other user/tenant combos created in the test cases were deleted16:26
jaypipesdavidkranz_: but I made sure that all the tearDownClass methods indeed were called clear_isolated_creds on the manager16:27
*** mnaser has quit IRC16:27
jaypipesdavidkranz_: looks like if SkipTest is raised, tearDownClass is never called, but setUpClass IS called :)16:27
jaypipesdavidkranz_: which is fun :)16:27
*** alaski has quit IRC16:27
jaypipesdavidkranz_: gonna run with --no-skip and see if the user/tenants are all destyroyed properly.16:28
*** mnaser has joined #openstack-dev16:28
*** sleepsonzzz is now known as sleepsonthefloor16:28
jaypipesdavidkranz_: BTW, your resource management solution does sound good. I'd like to move forward with that after pushing through this current round of refactoring with the user/tenant isolation.16:32
*** wiliam has quit IRC16:33
*** wiliam has joined #openstack-dev16:33
*** danpb has quit IRC16:36
jaypipesdavidkranz_: well, so much for that thought... runnning with --no-skip passed all but still left the user/tenant :(16:39
*** eglynn has quit IRC16:40
*** jog0 has left #openstack-dev16:40
davidkranz_jaypipes: That't too bad. Lot's of strange stuff. Thanks for the resource comments. I can do it next week.16:43
davidkranz_jaypipes: Back to lunch...16:43
*** maploin has quit IRC16:45
*** lloydde has joined #openstack-dev16:46
*** metral has quit IRC16:46
*** nati_ueno has quit IRC16:47
*** markmc has quit IRC16:51
davidkranz_Any one have any thoughts about https://bugs.launchpad.net/nova/+bug/1016633 ? We found this trying to parallelize Tempest.16:55
uvirtbotLaunchpad bug 1016633 in nova "Bad performance problem with nova.virt.firewall" [Undecided,New]16:55
*** davidkranz_ is now known as davidkranz16:55
*** eglynn has joined #openstack-dev16:58
*** torgomatic has joined #openstack-dev17:04
*** fc__ has quit IRC17:07
*** dachary has quit IRC17:10
*** krtaylor has joined #openstack-dev17:15
*** PotHix has joined #openstack-dev17:16
Vekneed another nova core review on https://review.openstack.org/#/c/8773/17:19
*** eglynn has quit IRC17:22
*** darraghb has quit IRC17:23
*** harlowja has joined #openstack-dev17:23
*** nati_ueno has joined #openstack-dev17:24
*** andrewsben_zz is now known as andrewsben17:34
*** andrewbogott has joined #openstack-dev17:36
*** maoy has joined #openstack-dev17:36
*** metral has joined #openstack-dev17:38
smoserhm..17:42
smoseranyone have thoughts on this. i'm looking at https://blueprints.launchpad.net/nova/+spec/config-drive-v217:43
smoser(more data http://etherpad.openstack.org/FolsomNovaConfigDriveImprovements)17:43
smoseri'm leaning right now to not dumping data into a filesystem tree17:44
smoserbut instead putting a layout like:17:44
smoser ec2/2009-04-09.json17:45
smoser with the expected json data in that file17:45
smoserthis will make it harder for things liki cirros to get at that data.17:45
smoserbut easier for just about anything with a json parser17:45
harlowjajson is pretty standard now-adays, and very minimal and tiny libraries are available, seems safe to just use them17:46
smoseryeah, i think it makes most sense to say 'sorry cirros'17:47
harlowjawell, tell cirros to build a teenie json library17:49
harlowjai think there are about 5 million of those17:49
harlowja:-p17:49
harlowjacirros though won't be running cloud-init right?17:49
harlowjaso they would also need a mini-small-cloudinit similar to handle config drive stuff?17:50
harlowja(if they want)17:50
ijwsmoser: my feeling is that the whole config thing should be split into two parts: making a drive and populating it with files, and the choice of files to populate it with.  Cos speaking personally I'm going to be hacking connection.py to do a custom format to support a not-entirely-Openstack-compatible image I need to run when there ought to be an easier way to slot it in, somehow.17:50
harlowjaijw: good idea also, i think the file writing should be extendable17:50
harlowjathat'd be nice17:51
harlowjabut then the question of should everyone in nova get to write to this stuff, where do u set the limit17:51
smoserijw, well..17:51
smoservishy suggested something similar the other day.17:51
smoserijw, what would you think of this17:52
ijwI should admit that I've not looked at the configgy bit yet, but I've already been playing with device chooser in libvirt for KVM to choose different devices for different images - similar sort of problem...17:52
smoser * there is some way to add local hook to the 'InstanceMetadata' in 'nova/api/metadata/base.py'17:53
*** metral has quit IRC17:53
arosenI have a nova boot question. If I do nova boot and specify --nic net-id=$NET_ID and the net-id does not belong to tenant_id=default the boot fails and the log says NetworkNotFound: $NET_ID.  Is this expected? I don't see a way to specify tenant_id via nova boot?17:53
smoser  such that you can put your local read-from-directory (or whatever) into that object reasonably easily.17:53
smoser * that object basically just dumps itself to disk17:54
*** jakedahn_zz is now known as jakedahn17:54
ijwsmoser: that's useful to know.17:55
*** sdake has quit IRC17:55
smoseri'm not clear exactly how it'd happen, but the goal would be to make it such that whatever you wanted to add to the config drive would really  magically just appear in the ec2 metadata serivce.17:55
*** blamar has quit IRC17:55
*** agonella has joined #openstack-dev17:55
ijwsmoser: that, the config drive, and file injection are really three different ways to do the same thing.  VMWare seems to have a fourth, judging by someone I was talking to, where you can add custom data to the OVF file in an OVA and it turns up on a CDROM...17:56
Vekneed another nova core to +2 https://review.openstack.org/#/c/8773/17:56
smoserijw, well, ovf transport is a mechanism for doing that, yes.17:56
harlowjasmoser: if the ec2 metadata 'backing object' was the same object that u were going to be able to add 'entries' to so that they would show up on disk, that would work right? for the automagically showing up case17:57
smoserharlowja, i dont follow.17:57
*** bencherian has joined #openstack-dev17:57
*** andrewbogott has quit IRC17:59
harlowjaso say u have the ec2 metadataservice, it is serving from some backing object (that is from the database), the configdrive writing could also initially use a similar object (backed by the same initial ec2 metadata 'defaults'), users could if they want add new entries to that backing object (in some path based format), then those could be written out to cfgdrive disk, and since the same backing object would also be written to the DB (18:00
harlowjasome manner), it would also magically show up all the same paths in the ec2 metadata service (even the ones that were added)18:00
*** sieutruc has quit IRC18:01
dprinceVek: is there an associated novaclient change for 8773?18:02
smoserharlowja, yeah... i tihnk i follow. the one thing is there is (not currently) a ec2 metadata object in the db.18:02
*** andrewbogott has joined #openstack-dev18:02
*** andrewbogott has joined #openstack-dev18:02
smoserits basically a re-rendering of the instance object and some other stuff.18:02
harlowjaright, so maybe that should be fixed?18:03
*** jaypipes has quit IRC18:03
ijwharlowja: thus: things read nova startup params, glance properties and local config, make metadata object; something pulls data from object, reformats it and hands it off to the VM as a config drive, injection or EC2 data.18:03
harlowjaor maybe the backing object can know how to reference those fields + custom fields that are added18:03
harlowjaya, something like that18:04
harlowjaall backed by the same underlying 'object'18:04
ijwThen the only question is why one object?18:04
harlowjathat object basically is the interface to the underlying data, thats all18:04
harlowjathats what i really mean by that object18:04
smoseri think i agree.18:05
harlowja:-p18:05
harlowjame too, haha18:05
smoserright now, other htan the fact that the object is stored in the DB, it is easily created from an instance.18:06
ijwSo not so necessarily an object, even: perhaps just a standard set of arguments to give to any function that's working with config?18:06
smoserwe can add to that object ways to extend it.18:06
dprinceVek: NM. I found it. Just had to update my nova tree.18:06
harlowjaijw: idk, i'd have to see what u meant by that18:06
harlowjasmoser: ya18:06
smoserok.18:08
smoserso for the moment, what i'm going to do is try to get the ec2 rendering of data done to the cofig drive.18:08
ijwsmoser: sing out when you have something to look at, I'd like to see how this turns out18:09
*** sdake has joined #openstack-dev18:10
harlowjakk, do u want to start adding that initial backing object that abstracts how the backing data is fetched from how its written? then eventually that same object should be useable by the ec2 metadata service18:10
*** metral has joined #openstack-dev18:11
*** mnaser has quit IRC18:12
*** mnaser has joined #openstack-dev18:14
*** reed has joined #openstack-dev18:19
*** mnaser has quit IRC18:21
*** mnaser has joined #openstack-dev18:22
*** eglynn has joined #openstack-dev18:25
*** johnpostlethwait has joined #openstack-dev18:27
*** adjohn has joined #openstack-dev18:28
*** mnaser has quit IRC18:29
*** metral has quit IRC18:30
*** dachary has joined #openstack-dev18:30
*** mnaser has joined #openstack-dev18:31
*** jaypipes has joined #openstack-dev18:43
*** agonella has left #openstack-dev18:52
maoyvishy: is there a reason why ram_allocation_ratio is 1.5 by default?18:55
*** adjohn has quit IRC18:55
*** corXi has quit IRC18:55
maoyvishy: 1.5 just seems a little arbitrary to me.. 1.0 feels more reasonable as a default18:57
*** Slower has quit IRC18:58
*** adjohn has joined #openstack-dev18:59
*** novas0x2a|laptop has joined #openstack-dev19:02
*** adjohn has quit IRC19:02
bcwaldonmaoy: vishy is out today, fyi19:07
maoybcwaldon: thx..19:07
*** adjohn has joined #openstack-dev19:08
*** s0mik has quit IRC19:09
*** matwood has quit IRC19:09
*** adjohn has quit IRC19:11
PotHixmarkmcclain: Hey Mark!19:12
*** s0mik has joined #openstack-dev19:16
*** vanchester has quit IRC19:20
*** japage has quit IRC19:25
*** dachary has quit IRC19:29
*** dachary1 has joined #openstack-dev19:29
*** Ryan_Lane has quit IRC19:36
*** Slower has joined #openstack-dev19:40
*** wiliam has quit IRC19:46
*** lts has quit IRC19:51
*** matwood has joined #openstack-dev19:51
*** dachary1 has quit IRC19:57
*** dachary has joined #openstack-dev19:57
*** drewlander has quit IRC19:58
*** kbringard has quit IRC20:05
*** reed has quit IRC20:10
*** adjohn has joined #openstack-dev20:11
*** jog0 has joined #openstack-dev20:20
*** dprince has quit IRC20:24
*** mnaser has quit IRC20:25
*** reed has joined #openstack-dev20:26
*** mnaser has joined #openstack-dev20:26
bcwaldonmtaylor: around?20:27
*** markvoelker has quit IRC20:29
smoseranyone want to take a quick glance at https://review.openstack.org/#/c/8873/20:30
smosertrivial cleanup with a test added.20:30
*** Dr_Who has quit IRC20:30
*** krtaylor has quit IRC20:30
*** eglynn has quit IRC20:32
*** andrewbogott has quit IRC20:38
apevecwhat's up with those FAILED volumes test?20:46
mtaylorbcwaldon: always. when am I ever doing anyhting other than this?20:47
bcwaldonmtaylor: le sigh, so the requirement for MYSQL-python in nova's test-requires feels unfair20:48
bcwaldonmtaylor: It fails to install from pypi for me since I dont have mysql installed locally20:48
mtaylorbcwaldon: ok20:48
mtaylorbcwaldon: oh - well - I've been suggesting that we should use myconnpy anyway20:48
bcwaldonmtaylor: so I now have to either go through the pain of installing mysql (which I dont agree with, as sqlite is a valid alternative) or carry a local patch20:48
mtaylorsince it's pure python20:48
bcwaldonmtaylor: I dont know if thats how we solve this, though20:49
mtaylorbcwaldon: I'm fine with dropping it ... we put it there so that we could run unittests against mysql migrations to ensure that innodb was getting set right20:49
mtaylorbcwaldon: it's a little bit of a pickle20:49
bcwaldonmtaylor: no sir20:49
bcwaldonmtaylor: its there for the sql trace stuff20:49
bcwaldonmtaylor: isnt it?20:50
mtaylorbcwaldon: oh? well - _I_ was told it was added for mysql enablement in unittets20:50
mtaylorunittets20:50
bcwaldonmtaylor: ok, well mysql and unittests should never be used in the same sentence20:50
mtaylordammit20:50
*** agonella has joined #openstack-dev20:50
bcwaldonmtaylor: thats just plain wrong20:50
* mtaylor is just messenger on this one20:50
bcwaldonmtaylor: ok ok20:51
bcwaldonmtaylor: I'll see if I can figure out a compromise here20:51
mtaylorbcwaldon: ok. I believe my initial response was the same as yours20:51
bcwaldonmtaylor: being, wtf20:51
mtaylorbcwaldon: I _do_ think we should figure out automated testing of mysql and postgres backends somehow20:52
mtaylorbut I'm not sold that this is the right way20:52
bcwaldonat the functional level, ok20:52
bcwaldonbut we cant require devs to be able to run ALL of our functional tests20:52
bcwaldonjust like glance doesnt require everyone to install rbd20:53
mtayloragree20:53
bcwaldonkk, I'll get a patch going20:53
mtaylorI think the broader question is "how do we keep those optional things out of test-requires, but still list all of the optinoal things you _could_ install if you wanted to test everything"20:54
bcwaldonmtaylor: go look at glance :)20:54
mtaylorso that there is something for jenkins to consume such that we test more than the least common denominator20:54
bcwaldonmtaylor: this is the same exact thing as our libvirt tests in nover20:55
mtaylorbcwaldon: we have no extra-package installs for glance as part of the gating - only what's in test-requires20:56
mtaylorbcwaldon: it is20:56
mtaylorI agree20:56
mtaylorand something I think we should sort out a good answer to20:56
bcwaldonmtaylor: we arent running glance functional tests in jinkies?20:57
mtaylorbcwaldon: we are - but only with the set of depends listed in test-requires20:58
mtaylorbcwaldon: so tests that import optional things are skipped, pretty much20:58
bcwaldonmtaylor: thats no good20:58
bcwaldonmtaylor: I would like to be funning these tests20:58
mtaylorbcwaldon: what if we added an additional testenv to tox.ini "fulltests" or something20:59
*** rbasak has quit IRC20:59
mtaylorbcwaldon: that additionall included a "tools/tests-optional" and also had "use system-site-pacakges" set20:59
*** reed_ has joined #openstack-dev20:59
mtaylorbcwaldon: that was the typical unittest runs would have the strict set - and we can do the kitchen sink for the others21:00
bcwaldonmtaylor: interesting idea21:00
bcwaldonmtaylor: just keep that env off by default, and I'm ok21:00
mtayloras in, off if you just run "tox"21:00
mtayloryeah21:00
bcwaldonyep21:01
mtayloralthough I think I'd want it to be run by jenkins as part of gating21:01
bcwaldonyep, me too21:01
mtaylorjeblair: ^^^ sanity check?21:01
*** reed has quit IRC21:03
mtaylorbcwaldon: do you know what all packages are optional for glance that would go in that file?21:03
maoymtaylor: could you help me to kick jenkins to run the tests again on this patch? https://review.openstack.org/#/c/8664/21:03
mtaylormaoy: I can't - but bcwaldon can re-approve it21:04
sdaguegate testing fall over again? https://review.openstack.org/#/c/8856/21:05
maoymtaylor: i see. so re-approve from any core is the right way to go?21:05
bcwaldonmtaylor: I can help you figure it out21:05
bcwaldonmtaylor: first one would be swift21:05
bcwaldonmtaylor: er, python-swiftclient21:06
bcwaldonmtaylor: which may actually be installed already21:06
bcwaldonmtaylor: really, this is a tempest thing21:06
mtaylormaoy: yup21:06
mtaylorbcwaldon: is it?21:06
jeblairwow scrollback.  reading.21:08
bcwaldonmtaylor: yeah, since we depend on other fully-functional systems21:08
bcwaldonmtaylor: its just like when I pulled out the auth tests from glance21:08
bcwaldonmtaylor: glance shouldnt have to know how to set up keystoen :/21:08
*** ayoung has quit IRC21:08
*** Gordonz has quit IRC21:09
maoybcwaldon: please help to re-approve: https://review.openstack.org/#/c/8664/21:10
jeblairyeah, functional tests are a weird middle ground that to me ultimately seem better served by tempest (very few of our projects are standalone; so functional testing apart from integration testing seems weird.  except for swift, of course.  :)21:12
*** anderstj has joined #openstack-dev21:12
jeblairmtaylor: the optional test requires seems like a good idea.21:12
bcwaldonjeblair: in this specific case (MYSQL-python) its not even for tests21:13
sdaguebcwaldon: so where the request originally came from was the fact that non innodb defaults kept sneaking into the mysql migrations21:13
bcwaldonjeblair: it just happens to be in test-requires21:13
jeblairsdague: i was just going to ping you.  :)21:13
sdaguewhen I went to fix it, vishy asked that we put some kind of check in place so that it doesn't happen again21:13
jeblairso it's there to run a series of tests that make sure that innodb is explicit.21:13
maoymtaylor, sdague: do you know how to install libvirt in venv by pip?21:14
bcwaldonsdague: ok, does MYSQL-python provide MySQLdb?21:14
jeblair(the jenkins boxes expricitly default to myisam to help catch this)21:14
sdaguebcwaldon: I don't believe so21:14
bcwaldonsdague: ah, ok21:14
sdaguethe interface is different, so the sqlalchemy layer doesn't work with it21:14
bcwaldonsdague: what does MYSQL-python give you?21:14
bcwaldonthats the python bindings for mysql?21:15
sdaguebcwaldon: wait, sorry, my bad.21:15
sdagueyes, that's what it gives you21:15
sdaguethere is a pure python driver21:15
sdaguebut that has a different interface21:15
sdagueso we couldn't go that route21:15
bcwaldonok, so where is the test you added for this innodb issue?21:15
*** andrewbogott has joined #openstack-dev21:15
*** andrewbogott has joined #openstack-dev21:15
sdagueit's in nova/tests/test_migrations.py21:16
bcwaldonsdague: and what about it requires MYSQL-python?21:16
*** anderstj has quit IRC21:17
sdaguebcwaldon: the issue is the way the tests are run21:17
sdagueif that's not in test-requires, it's never installed on the test machines21:17
sdagueso those are always skipped21:17
jeblair(so it would be a good option for an test-optional file)21:17
bcwaldonsdague: ok, I see21:17
sdaguejeblair: yep, if there was support for that, absolutely21:18
sdaguebcwaldon: it's just an issue that there is only a single hardcoded list for the venv21:18
jeblairsdague: yeah, doesn't exst yet, but mtaylor proposed it ^ up there a bit.21:19
sdagueyep21:19
bcwaldonsdague: I definitely understand21:19
bcwaldonthere is another dep on MySQLdb, though21:19
sdagueI think it was proposed and shelved as low priority21:19
sdaguebcwaldon: well, I'm only responsible for the one :)21:19
*** joesavak has quit IRC21:20
sdaguejeblair: the low priority thing, I meant the last time around21:20
bcwaldonso it sounds like I'm just going to comment out test-requires for the time being21:21
sdagueI probably still have that irc conversation somewhere from #infra when we were trying to figure out the least painful way to handle this21:21
bcwaldonis somebody going to try to tackle test-optional?21:21
jeblairbcwaldon: i don't have a lot of bandwidth for that right now; and honestly, as long as the project is still ubuntu-centric, it doesn't seem like it should be terribly high priority.  but i'm happy to help it land and for us to use it.21:22
bcwaldonjeblair: its more of a problem for developers running mac os x21:22
bcwaldonjeblair: which is a whole different focus than installing on ubuntu21:22
*** steveb_ has joined #openstack-dev21:23
*** roge has quit IRC21:23
*** roge has joined #openstack-dev21:23
sdaguemaoy: realized I lost your question, answer is no from me.21:25
*** vanchester has joined #openstack-dev21:28
*** vanchester has quit IRC21:29
*** mnaser has quit IRC21:34
maoysdague: all right. thx.21:38
*** ewindisch has quit IRC21:41
*** ewindisch_ has joined #openstack-dev21:42
*** maoy has quit IRC21:42
*** ewindisch has joined #openstack-dev21:42
*** AlanClark has quit IRC21:42
*** rnirmal has quit IRC21:44
*** dolphm has quit IRC21:44
*** ewindisch_ has quit IRC21:46
clarkbmaoy left but this sort of answers that question https://bugs.launchpad.net/nova/+bug/61832021:47
uvirtbotLaunchpad bug 618320 in nova "pip requires doesn't include libvirt or libxml2" [Low,Opinion]21:47
*** nunosantos has quit IRC21:48
*** nunosantos_ has quit IRC21:48
*** mnaser has joined #openstack-dev21:50
*** Titanium2 has quit IRC21:51
sdaguebcwaldon: I don't know if this is the whole g-api error that's failing other tests, but I did find - https://jenkins.openstack.org/job/gate-integration-tests-devstack-vm/5948/artifact/logs/screen-g-api.txt and have a review https://review.openstack.org/#/c/8878/ that will at least address that21:53
bcwaldonsdague: cool, thank you. I'm going to yell at markwash now21:54
*** datsun180b has quit IRC21:55
*** mnaser has quit IRC21:58
*** heckj has quit IRC21:59
jeblairi believe a recent change i made to the devstack gate may have let changes through without proper testing22:00
*** andrewbogott has quit IRC22:01
jeblairi have corrected that; but there may be a real bug somewhere that we need to fix22:01
jeblairit may be the one sdague just posted.22:01
bcwaldonjeblair: I think sdague found something22:01
bcwaldonyes22:01
bcwaldonfiling/fixing right now22:01
jeblairthe pre-gate jenkins run for that change may be running the old devstack-gate code; i'm investigating.22:02
jeblairbcwaldon: well, patchset will be running with the new code.  :)22:03
jeblairpatchset 2 that is22:03
bcwaldonjeblair: ok, I just sent it in22:03
sdagueok, house guests just started arriving for the weekend. So I'm off. Hope that gets to the bottom of things.22:04
*** shang has quit IRC22:04
jeblairsdague: thanks much!22:04
sdagueenjoy the weekend folks.22:04
bcwaldonsdague: thanks!22:04
jeblairhttps://jenkins.openstack.org/job/gate-integration-tests-devstack-vm/5957/console22:04
jeblairthat's the build for patchset 222:04
bcwaldonjeblair: ty22:04
*** sieutruc has joined #openstack-dev22:07
*** bencherian_ has joined #openstack-dev22:08
*** bencherian has quit IRC22:09
*** bencherian_ is now known as bencherian22:09
bcwaldonjeblair: how could the preapproval run for patchset 1 not use the actual patch?22:09
jeblairthe bug i introduced to devstack gate caused devstack to ignore the repos that devstack-gate prepared and use the default behavior of just cloning master.22:11
jeblairso every devstack-gate run cloned master.22:11
jeblairthat is a rather fragile thing we depend on there; i'm thinking it might nice to tell devstack we don't expect it to have to clone anything, and perhaps it would be kind enough to error out if that's not the case.22:12
bcwaldonyes22:13
bcwaldonwhatever you think is right :)22:13
*** jog0 has quit IRC22:13
bcwaldonThis behavior let us break glance master, so I bet its wrong22:13
*** andrewsmedina has quit IRC22:14
*** shang has joined #openstack-dev22:17
bcwaldonjeblair: g-api started this time, so I think we're clear22:17
jeblairhere's hoping!22:18
*** ewindisch_ has joined #openstack-dev22:18
jeblairyay!22:18
*** ewindisch has quit IRC22:18
*** ewindisch has joined #openstack-dev22:19
*** dachary has quit IRC22:19
bcwaldonhuzzah22:19
*** dtroyer is now known as dtroyer_zzz22:20
*** ewindisch_ has quit IRC22:22
*** ewindisch has quit IRC22:23
*** segfault923 has quit IRC22:24
*** vanchester has joined #openstack-dev22:24
*** matwood has quit IRC22:31
*** roge has quit IRC22:37
*** andrewsmedina has joined #openstack-dev22:48
jeblairbcwaldon: https://review.openstack.org/#/c/8880/22:54
*** dolphm has joined #openstack-dev22:54
jeblairbcwaldon: i think adding that to devstack should help prevent this sort of problem from recurring22:55
*** dolphm has quit IRC22:59
*** agonella has quit IRC22:59
*** adjohn has quit IRC23:00
*** bencherian has quit IRC23:02
*** metral has joined #openstack-dev23:04
*** anderstj has joined #openstack-dev23:04
*** dtroyer_zzz is now known as dtroyer23:09
*** jgriffith has quit IRC23:12
*** anderstj has quit IRC23:12
*** lloydde has quit IRC23:14
*** lloydde has joined #openstack-dev23:15
*** lloydde has quit IRC23:15
*** AndroUser2 has joined #openstack-dev23:17
*** torgomatic has quit IRC23:17
*** torgomatic has joined #openstack-dev23:17
*** Mandell has quit IRC23:20
*** metral has quit IRC23:21
*** bencherian has joined #openstack-dev23:22
*** metral has joined #openstack-dev23:23
*** metral_ has joined #openstack-dev23:24
*** AndroUser2 has quit IRC23:26
*** metral has quit IRC23:27
*** metral__ has joined #openstack-dev23:28
*** bencherian has quit IRC23:28
*** mgz has quit IRC23:29
*** bencherian has joined #openstack-dev23:29
*** metral_ has quit IRC23:31
*** anderstj has joined #openstack-dev23:37
*** andrewbogott has joined #openstack-dev23:43
*** Ryan_Lane has joined #openstack-dev23:46
*** dtroyer is now known as dtroyer_zzz23:49
*** Aaton is now known as Aaton_off23:51
*** torgomatic has quit IRC23:58
« Thursday, 2012-06-21 Index Saturday, 2012-06-23 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!