Tuesday, 2017-02-28

*** khushbu has quit IRC		00:00
*** rackertom has quit IRC		00:00
*** amit213 has quit IRC		00:01
*** odyssey4me has quit IRC		00:02
*** jmccrory has quit IRC		00:02
*** amit213 has joined #openstack-dns		00:06
*** jmccrory has joined #openstack-dns		00:09
*** odyssey4me has joined #openstack-dns		00:11
*** EricGonczer_ has joined #openstack-dns		00:16
*** sapcc-bot has quit IRC		00:23
*** sapcc-bot has joined #openstack-dns		00:23
*** khushbu has joined #openstack-dns		00:26
*** khushbu has quit IRC		00:31
*** hoangcx has joined #openstack-dns		00:36
*** gatuus has quit IRC		00:51
*** khushbu has joined #openstack-dns		00:57
*** khushbu has quit IRC		01:01
*** EricGonczer_ has quit IRC		01:06
*** EricGonczer_ has joined #openstack-dns		01:06
*** khushbu has joined #openstack-dns		01:28
*** Andrew_jedi has quit IRC		01:29
*** khushbu has quit IRC		01:32
*** cuongnv has joined #openstack-dns		01:43
*** khushbu has joined #openstack-dns		01:58
*** rackertom has joined #openstack-dns		02:00
*** khushbu has quit IRC		02:03
*** EricGonczer_ has quit IRC		02:06
*** khushbu has joined #openstack-dns		02:29
*** khushbu has quit IRC		02:34
*** khushbu has joined #openstack-dns		02:47
*** khushbu has quit IRC		02:58
*** khushbu has joined #openstack-dns		03:01
*** EricGonczer_ has joined #openstack-dns		03:03
*** EricGonczer_ has quit IRC		03:18
eandersson	castlemilk: Is this for the designate-sink?	03:21
*** khushbu has quit IRC		03:21
castlemilk	Yea I was thinking it could be done via adding another handler for sink. but im not sure how exactly it works	03:22
eandersson	Yea - a custom handler would be the way to go.	03:22
eandersson	That's what we use.	03:22
eandersson	https://github.com/openstack/designate/tree/master/contrib/designate-ext-samplehandler	03:23
castlemilk	do you attach multiple networks to VM's?	03:23
eandersson	Yea	03:24
eandersson	Do you have something like an internal and external network?	03:25
eandersson	or just multiple ips?	03:25
eandersson	You should be able to create something simple using a custom handler that will fit your needs	03:26
castlemilk	yea thats exactly it, i want to have a MGMT network with a mgmt domain and then an external network with external domain/zone	03:26
eandersson	So you could do something simple with IPy https://pypi.python.org/pypi/IPy/	03:27
eandersson	and a custom handler	03:27
eandersson	Based on the IP type (e.g. Private) you can assign a specific domain	03:28
castlemilk	will designate just load any handler i add into designate/notification_handler? and on the designate-sink service reload?	03:31
eandersson	you need to add it to the config as well	03:31
castlemilk	yep	03:31
eandersson	and technically you need to install it	03:31
*** khushbu has joined #openstack-dns		03:31
eandersson	python setup.py install on that project should be enough	03:31
eandersson	https://github.com/openstack/designate/tree/master/contrib/designate-ext-samplehandler	03:32
castlemilk	ok ill give it ago, looks like i just need to modify the existing nova_fixed a little bit	03:32
eandersson	Yep	03:33
castlemilk	cheers	03:33
eandersson	That could work, would recommend making a "plugin" though so that you can upgrade designate later on	03:33
eandersson	without issues :p	03:33
castlemilk	hmm	03:33
*** khushbu has quit IRC		03:36
castlemilk	does that involve much work?	03:36
castlemilk	does sink support multiple handlers?	04:04
*** khushbu has joined #openstack-dns		04:13
*** EricGonczer_ has joined #openstack-dns		04:33
*** EricGonczer_ has quit IRC		04:35
openstackgerrit	OpenStack Proposal Bot proposed openstack/designate master: Updated from global requirements https://review.openstack.org/438305	05:38
*** tdink has quit IRC		06:27
*** khushbu has quit IRC		06:38
*** khushbu has joined #openstack-dns		06:38
*** richm has quit IRC		06:43
*** khushbu has quit IRC		06:57
*** khushbu has joined #openstack-dns		06:59
castlemilk	I've finished a customer sink handler, and I'm looking to now enable it in designate	07:10
castlemilk	I've enabled it in [service:sink] and added the corresponding configuration in [handler:custom_handler]	07:11
castlemilk	what else is required to make designate take my custom handler module	07:11
*** khushbu has quit IRC		07:18
eftepede	Anyone here? I have some struggle with managing permissions with policy.json.	07:29
*** khushbu has joined #openstack-dns		07:45
*** carthaca_ has joined #openstack-dns		07:46
carthaca_	Hi eftepede, what do you want to achieve?	07:46
eftepede	I want to allow creating zones only to admin.	07:47
eftepede	My setup is: I have tenant inside openstack with designate on 4 VMs.	07:48
eftepede	Mitaka, designate-3.0.0	07:48
eftepede	Which tenant is checked, anyway?	07:48
eftepede	'Services', where I have my designate user?	07:49
eftepede	Ot the tenant that I provide with OS_TENANT_NAME?	07:49
carthaca_	In the policy.json you can change the rule "create_zone" to "rule:admin"	07:50
eftepede	[root@api-instance ~]# grep create_zone /etc/designate/policy.json	07:50
eftepede	"create_zone": "rule:admin",	07:50
eftepede	I have it	07:50
carthaca_	for the owner check it compares the tenant out of the token (so yes, that's the one you provide with OS_TENANT_NAME) with the one on the object	07:51
eftepede	So ok, I'm a 'member' of this tenant and I still can create zone.	07:51
carthaca_	are you sure that you don't have the 'admin' role and that you are not operating in the 'admin' project aka tenant?	07:52
eftepede	OS_TENANT_NAME is definitely not 'admin'.	07:53
eftepede	And my user for this tenant is member.	07:53
carthaca_	can you double-check the token content for the roles you get?	07:55
*** khushbu has quit IRC		07:55
eftepede	I'm not sure if I know, how.	07:55
carthaca_	openstack --debug token issue	07:56
eftepede	And what to look for?	07:57
carthaca_	for the roles and the is_admin flag	07:58
eftepede	In api.log I have something like:	08:00
eftepede	RESP BODY: {"token": {"methods": ["password"], "roles": [{"id": "9fe2ff9ee4384b1894a90878d3e92bab", "name": "_member_"}],	08:00
eftepede	And nothing about is_admin	08:00
eftepede	Just to be sure: policy.json has to be where designate-api is, right?	08:02
carthaca_	yes	08:03
eftepede	And the designate is aware of this file without any line in designate.conf?	08:04
eftepede	Because I don't have any, so maybe it's just ignored?	08:04
carthaca_	you should see an INFO output on the designate-api start, what policy is used	08:06
eftepede	2017-02-28 09:07:44.831 17107 INFO designate.policy [-] Using policy_file found at: /etc/designate/policy.json	08:08
eftepede	Seems ok	08:08
eftepede	Also I have a line:	08:09
eftepede	2017-02-28 09:07:44.850 17107 DEBUG designate.policy [-] Enforcer is not present, recreating. init /usr/lib/python2.7/site-packages/designate/policy.py:80	08:09
eftepede	Should I be worried?	08:09
carthaca_	No, I think that is ok	08:10
*** khushbu has joined #openstack-dns		08:10
eftepede	http://pastebin.com/U8hT9Zin - and it's my policy.json. Like default one, just a few changes.	08:12
carthaca_	looks good to me, besides line 45 ^^	08:15
carthaca_	maybe make sure that the same policy file is also present on the other services, but other than that I'm out of ideas currently	08:16
carthaca_	we use something similar and it works -.-	08:16
*** pcaruana has joined #openstack-dns		08:17
carthaca_	especially designate-central, because I see the policy forbidden response coming from there	08:18
*** khushbu has quit IRC		08:19
eftepede	Don't boter with line 45, is a control sign from vim - I've pasted it from the terminal with scrolling ;-)	08:20
eftepede	Ok, let me copy policy.json to the other hosts as well.	08:21
*** khushbu has joined #openstack-dns		08:25
eftepede	Now I have timeout.	08:26
eftepede	Ok, wrong perminssions for policy.json on central.	08:28
eftepede	[cloud-user@api-instance ~]$ openstack zone list	08:29
eftepede	forbidden	08:29
eftepede	whoa.	08:29
eftepede	It's working.	08:30
eftepede	;-)	08:30
eftepede	Ok, so I have to have policy.json on central.	08:30
eftepede	That was the problem.	08:30
eftepede	carthaca_: Thanks!	08:32
carthaca_	: )	08:34
eftepede	So the only thing that left: I'm creating VMs with heat template, provide pools.json via write_file and using run_cmd to execute designate-manage pool update	08:35
eftepede	It doesn't work, but I suppose it's cloud-init fault.	08:35
*** gk-1wm-su has joined #openstack-dns		08:37
*** gk-1wm-su has left #openstack-dns		08:37
carthaca_	to be safe: it has to be a yaml, but I guess this was just a typo ..	08:42
eftepede	yaml, yaml, ofc.	08:43
*** khushbu has quit IRC		09:01
*** khushbu has joined #openstack-dns		09:06
*** vcn[m] has quit IRC		09:09
*** khushbu has quit IRC		09:11
*** khushbu has joined #openstack-dns		09:16
*** fandi has joined #openstack-dns		09:20
castlemilk	anyone built custom plugins for notification_handler before?	09:47
*** khushbu has quit IRC		09:51
*** khushbu has joined #openstack-dns		09:54
*** cuongnv has quit IRC		10:02
*** sapcc-bot has quit IRC		10:03
*** sapcc-bot has joined #openstack-dns		10:04
*** hoangcx has quit IRC		10:10
*** fandi has quit IRC		10:13
*** kiall has joined #openstack-dns		10:36
*** vcn[m] has joined #openstack-dns		10:39
*** richm has joined #openstack-dns		11:14
*** khushbu has quit IRC		11:25
*** khushbu has joined #openstack-dns		11:26
*** khushbu has quit IRC		11:48
*** khushbu has joined #openstack-dns		11:57
*** EricGonczer_ has joined #openstack-dns		12:22
*** eftepede is now known as ftpd		12:53
*** afranc has quit IRC		12:56
*** afranc has joined #openstack-dns		13:01
-openstackstatus- NOTICE: restarting gerrit to address performance problems		13:05
*** ChanServ changes topic to "restarting gerrit to address performance problems"		13:05
*** khushbu has quit IRC		13:29
*** amoralej is now known as amoralej\|lunch		13:32
-openstackstatus- NOTICE: ok gerrit is back to normal		13:34
*** ChanServ changes topic to "ok gerrit is back to normal"		13:34
*** ChanServ changes topic to "OpenStack Designate - Logged @ http://eavesdrop.openstack.org/irclogs/%23openstack-dns \| Review Dashboard @ http://graham.hayes.ie/designate/dashboard \| Bugs Dashboard @ http://ham.ie/designate-bugs"		13:41
-openstackstatus- NOTICE: gerrit is back to normal and I don't know how to use the openstackstaus bot		13:41
openstackgerrit	Merged openstack/designate master: Update Architecture Doc https://review.openstack.org/437085	13:49
*** khushbu has joined #openstack-dns		13:51
*** zhurong has joined #openstack-dns		13:52
openstackgerrit	OpenStack Proposal Bot proposed openstack/designate master: Updated from global requirements https://review.openstack.org/438305	13:56
*** mlavalle has joined #openstack-dns		13:56
*** mlavalle has quit IRC		14:00
*** mlavalle has joined #openstack-dns		14:00
*** openstackgerrit has quit IRC		14:03
*** fyxim has quit IRC		14:09
*** fyxim has joined #openstack-dns		14:12
*** openstackgerrit has joined #openstack-dns		14:25
*** ChanServ sets mode: +v openstackgerrit		14:25
openstackgerrit	Graham Hayes proposed openstack/designate-tempest-plugin master: Fix the removal of skip_unless_config decorator in Tempest https://review.openstack.org/436640	14:25
openstackgerrit	Graham Hayes proposed openstack/designate master: [doc] Update Ubuntu dev environment doc https://review.openstack.org/437689	14:29
*** chlong has joined #openstack-dns		14:31
*** khushbu has quit IRC		14:31
*** amoralej\|lunch is now known as amoralej		14:38
openstackgerrit	Graham Hayes proposed openstack/designate master: Move docs to tempest plugin repo https://review.openstack.org/437668	14:41
*** tdink has joined #openstack-dns		14:44
openstackgerrit	Merged openstack/designate stable/ocata: Updated from global requirements https://review.openstack.org/436231	14:58
openstackgerrit	Merged openstack/designate stable/newton: Updated from global requirements https://review.openstack.org/438520	14:58
openstackgerrit	Merged openstack/designate-tempest-plugin master: Add Docs for plugin https://review.openstack.org/437662	15:05
openstackgerrit	Merged openstack/designate master: [doc] Update Ubuntu dev environment doc https://review.openstack.org/437689	15:05
*** zhurong has quit IRC		15:10
*** chlong has quit IRC		15:11
*** tdink has quit IRC		15:11
*** EricGonc_ has joined #openstack-dns		15:17
*** EricGonczer_ has quit IRC		15:19
*** tdink has joined #openstack-dns		15:34
*** khushbu has joined #openstack-dns		15:42
*** chlong has joined #openstack-dns		15:43
openstackgerrit	Merged openstack/designate master: Updated from global requirements https://review.openstack.org/438305	15:48
openstackgerrit	Merged openstack/designate-dashboard stable/ocata: Imported Translations from Zanata https://review.openstack.org/435753	15:52
openstackgerrit	Graham Hayes proposed openstack/designate master: RRTYPE list in API https://review.openstack.org/337744	15:54
*** khushbu has quit IRC		16:09
*** mugsie__ is now known as mugsie		16:09
*** khushbu has joined #openstack-dns		16:10
*** khushbu has quit IRC		16:14
carthaca_	Hi mugsie, it is obvious you must be here : ) Can I ask a bit about reverse DNS?	16:19
carthaca_	I'm thinking how to best solve the problem of overlapping networks	16:19
*** khushbu has joined #openstack-dns		16:20
carthaca_	What could work I guess: installing a bind directly into the network, create a pool for it and thus control it via designate - but this seems kind of heavy	16:21
carthaca_	Are there maybe any ongoing plans for integration into the existing neutron dnsmasq that runs with the dhcp?	16:22
*** khushbu has quit IRC		16:22
mugsie	carthaca_: heh - you managed to get me when I was making coffee :)	16:29
mugsie	Yes - long term we would be looking to do that	16:29
mugsie	but very long term	16:30
mugsie	we have a lack of a devs, and that change would require a large time investment	16:30
mugsie	the idea was to have "private" pools	16:30
mugsie	#when would attach to the network	16:31
mugsie	which would*	16:31
mugsie	and then we would update the dnsmasq config to add a "forwarding" rule for each dns zone in the pool	16:31
carthaca_	I see, at least good to know that I'm not overlooking something that is already there	16:32
mugsie	so it would send queries to the designate server for those zones, and still lookup from the internet	16:32
mugsie	yeah - right now the only solution is a pool per network, and manually updating the dnsmasq config, which is .... dirty	16:33
carthaca_	Maybe I can start looking into this myself, but that's a bit out of my hands	16:33
mugsie	i know the feeling :(	16:33
carthaca_	the other way I was thinking to guard the networks, and only allow reverse zones for certain networks with no collisions	16:34
*** pcaruana has quit IRC		16:34
mugsie	yeah - you could do that now my registering the top reverse zone, and having admins create the sdubdomain, and then transfer ownership to the project that wants it	16:35
carthaca_	but that's not easy, too - neutron subnetpools will help I guess, but it would cut off the freedom to choose the cidr	16:35
mugsie	true :/	16:35
* mugsie wanst to go back to Class A, B and C networks		16:36
carthaca_	or directly jump to ipv6 xD	16:36
mugsie	:)	16:38
*** khushbu has joined #openstack-dns		16:38
*** khushbu has quit IRC		16:42
*** gatuus has joined #openstack-dns		16:44
*** vcn[m] has quit IRC		17:11
*** gatuus has quit IRC		17:42
*** gatuus has joined #openstack-dns		17:48
*** khushbu has joined #openstack-dns		17:49
*** khushbu has quit IRC		17:54
*** vcn[m] has joined #openstack-dns		17:54
*** chlong has quit IRC		18:06
*** castlemi_ has joined #openstack-dns		18:15
*** castlemilk has quit IRC		18:18
*** castlemilk has joined #openstack-dns		18:20
*** castlemi_ has quit IRC		18:23
*** mlavalle has quit IRC		18:35
*** amoralej is now known as amoralej\|off		19:13
*** chlong has joined #openstack-dns		19:25
*** khushbu has joined #openstack-dns		19:44
*** khushbu has quit IRC		19:48
*** gatuus has quit IRC		20:07
*** mlavalle has joined #openstack-dns		20:09
*** khushbu has joined #openstack-dns		20:14
*** castlemilk has quit IRC		20:16
*** khushbu has quit IRC		20:19
*** castlemi_ has joined #openstack-dns		20:34
*** khushbu has joined #openstack-dns		20:45
*** khushbu has quit IRC		20:49
*** tdink has quit IRC		21:02
*** castlemi_ has quit IRC		21:02
*** mugsie\|a1t has quit IRC		21:14
*** mugsie\|alt has joined #openstack-dns		21:14
*** khushbu has joined #openstack-dns		21:15
*** castlemilk has joined #openstack-dns		21:17
*** khushbu has quit IRC		21:20
*** chlong has quit IRC		21:27
*** tdink has joined #openstack-dns		21:27
eandersson	castlemilk: Did you get it working?	21:30
castlemilk	yea made a typo when adding the extension to setup.cfg lol	21:30
eandersson	Hah yea easy mistake to make :p	21:31
castlemilk	im suprised there isnt a library of contrib extensions	21:34
*** chlong has joined #openstack-dns		21:39
*** tdink has quit IRC		21:43
*** tdink has joined #openstack-dns		21:43
*** khushbu has joined #openstack-dns		21:46
*** khushbu has quit IRC		21:51
*** chlong has quit IRC		21:58
*** saju_m has joined #openstack-dns		21:59
saju_m	Hi, i have a question	22:00
saju_m	Why Domains panel is disabled in designate-dashboard ?	22:00
saju_m	I have tried to enable that by set ENABLED=False in _1720_project_dns_panel.py	22:02
*** ducttape_ has joined #openstack-dns		22:10
eandersson	castlemilk: I think most custom solutions are tailored specifically to their own infra.	22:17
castlemilk	yea that would make sense, but filtering addresses for a domain seems like a common use case. Unless I've missed something and there's other ways to make designate register one address out of the list of 'fixed_ips'	22:19
openstackgerrit	sajuptpm proposed openstack/designate-dashboard master: enable Domains panel and fix duplicate app error https://review.openstack.org/439192	22:25
*** khushbu has joined #openstack-dns		22:27
eandersson	castlemilk: I think the normal use case would be to use floating ips for external addresses	22:28
castlemilk	oh ok, yea im working with a really simple L2 provider network cluster. Will look into floating ips more	22:30
*** khushbu has quit IRC		22:32
eandersson	nothing wrong with keeping things simple =]	23:04
eandersson	but yea floating ips are pretty cool	23:04
openstackgerrit	OpenStack Proposal Bot proposed openstack/designate master: Updated from global requirements https://review.openstack.org/439213	23:16
openstackgerrit	OpenStack Proposal Bot proposed openstack/designate-tempest-plugin master: Updated from global requirements https://review.openstack.org/439214	23:16
*** ducttape_ has quit IRC		23:23
*** saju_m has quit IRC		23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!