Saturday, 2014-11-22

kfox1111	its alright... hmm...	00:00
jroll	I would love to tell you setting up swift is super easy	00:01
kfox1111	so for vm's, you want glance to be setup to be backed by ceph directly... for ironic, you want it layered on top of a ceph gateway...	00:01
jroll	but I honestly have no idea	00:01
kfox1111	it is fairly easy, if I go all the way back to step one where I setup an openstack all in one system using packstack before installing ironic and pointing everything at it.	00:02
jroll	:\|	00:02
jroll	how would you feel about running ceph without auth?	00:02
kfox1111	we're also much more fond of ceph these days then swift.	00:02
jroll	if you did that, could probably hack ironic to use that instead	00:02
jroll	(or maybe ceph has a similar signed url thing)	00:03
kfox1111	I wonder if the ceph gateway supports temp url's. it strives to be a drop in replacement for swift.	00:03
jroll	orly	00:04
jroll	it might, then	00:04
jroll	http://tracker.ceph.com/issues/3454	00:04
jroll	status: resolved	00:04
kfox1111	problem is for this test system, I havent installed ceph either...	00:04
*** andreykurilin_ has quit IRC		00:04
jroll	still undocumented	00:04
jroll	oh	00:04
kfox1111	hmm.. ok. so if we do this in production, I think the ceph gateway would work, with glance configured to point to it like swift, rather then using ceph directly.	00:05
jroll	yeah	00:05
jroll	huh, ceph is c++	00:06
kfox1111	I may have to manually install swift in this test box just to get somethign working to test...	00:06
JayF	That'd require a patch on the Ironic side to support it	00:06
jroll	I've never actually really looked at it	00:06
JayF	but it'd be an awesome freakin' patch :D	00:06
jroll	JayF: dunno, it sounds like this gateway thing is supposed to be api compatible with swift	00:06
kfox1111	JayF: really? it shows up as a swift endpoint in keystone. the dashboard doesn't seem to care.	00:06
JayF	oh, really? That's sweeeeet	00:06
JayF	if kfox1111 uses it and it works; we should put that in our docs	00:07
kfox1111	its the only network storage subsystem for openstack that I know of that can do all of glance, swift, nova ephemeral and cinder.	00:07
jroll	neat	00:08
kfox1111	suposidly with juno, if you put your image in glance, and have nova ephemeral configured, it simply snapshots the glance image, and boots instantly.	00:08
kfox1111	says it allows you to boot vm's in seconds. havent tried it yet.	00:09
jroll	cool, this should totally work: http://tracker.ceph.com/projects/ceph/repository/revisions/56e4015cf4f2917b13c9f017e09ec47581ee4867/entry/src/rgw/rgw_swift.cc#L525	00:09
jroll	kfox1111: that's super interesting	00:09
jroll	brb	00:09
*** romcheg has quit IRC		00:09
kfox1111	I wonder if I can get packstack to install only swift without touching anything else...	00:10
kfox1111	Can someone update the agent readme to mention the swift/glance dependency?	00:12
*** penick has quit IRC		00:12
kfox1111	hmmm... is it doing this so that it can get a temp url to a private image?	00:13
*** romcheg has joined #openstack-ironic		00:13
NobodyCam	ah ha: https://bugs.launchpad.net/tripleo/+bug/1394956	00:15
jroll	kfox1111: you know how to submit patches?	00:16
kfox1111	y...e...s...	00:17
jroll	hehe	00:17
JayF	kfox1111: the readme that'd need to be updated is probably in ironic, not in ipa though ... it's Ironic's dep, IPA only cares about getting an http[s] url	00:17
kfox1111	but shouldn't the ipa pull the image from glance instead?	00:18
jroll	it can't pull it from glance without an auth token	00:19
jroll	and in general, there's no secure way to give the agent an auth token	00:19
kfox1111	sure. but they are fairly cheep to create.	00:19
jroll	without ilo or something	00:19
jroll	ironic only knows about admin tokens :(	00:19
JayF	kfox1111: I'm an evil person on your network. I spoof your mac and now have an Ironic admin token to do mean things with	00:19
jroll	the keys to the cloud	00:19
kfox1111	an auth token should be just as secure as a tmp url?	00:19
JayF	not at all	00:19
JayF	tmp url has a ttl, and limits you to one resource	00:20
jroll	(auth tokens do have ttls)	00:20
JayF	most people don't have the level of private data / access / credentials in their image	00:20
JayF	that would be the keys to the cloud	00:20
kfox1111	you can create a keystone user that only has access to the one glance image.	00:20
kfox1111	heat does something similar.	00:20
jroll	on the fly?	00:20
jroll	hmm	00:20
kfox1111	for every stack that needs to do things, it creates a user and a trust.	00:20
kfox1111	yeah.	00:20
jroll	hmm	00:20
JayF	Ugh. IDK how I'd like creating a user for each deployment	00:20
jroll	JayF: it just occurred to me that tripleo probably stuffs admin creds in their images	00:21
kfox1111	wouldn't nessisarily need to for deployment. just per image.	00:21
JayF	we deploy instances 1000+ times a day on average ... which is a lot of users to make	00:21
JayF	hmm.	00:21
JayF	jroll: sticks fingers in ears and sings lalala	00:21
jroll	honestly, not the worst idea	00:21
jroll	hehehe	00:21
JayF	It's certainly an interesting secondary approach	00:21
JayF	but you still have the agent auth to ironic (and ironic auth to the agent) creds problem	00:21
JayF	which if it's ever generally solved would likely encompass this piece of auth too	00:22
kfox1111	heat has its own keystone domain. probably can have an ironic one so all your users are hidden off where admins wont trip over them.	00:22
JayF	Hmm.	00:22
* JayF works at Rackspace, which means he doesn't know keystone, he knows faux-keystone		00:22
jroll	devananda: ^ interesting ideas here	00:22
jroll	soon, JayF, soon	00:22
kfox1111	ah.	00:23
JayF	jroll: http://www.meemes.com/sites/default/files/styles/large/public/soon%20ostrich.jpg	00:23
jroll	/o\	00:24
*** achanda has quit IRC		00:25
*** Haomeng\|2 has joined #openstack-ironic		00:28
NobodyCam	w00t: [2014-11-21 16:28:10] Total runtime: 794 s one little patch buggered me all day	00:28
*** Haomeng has quit IRC		00:29
kfox1111	hmm... a little more fleshed out.... you should be able to create a keystone domain for ironic, make a tenant/user per image, and use glance member-create to share the image. I don't think you need to use trusts in that case.	00:30
kfox1111	and thats only for private images. if its public, you can just have an ironic/public account.	00:31
-openstackstatus- NOTICE: Gating and log storage offline due to block device error. Recovery in progress, ETA unknown.		00:31
*** ChanServ changes topic to "Gating and log storage offline due to block device error. Recovery in progress, ETA unknown."		00:31
*** romcheg has quit IRC		00:32
kfox1111	should I file a blueprint for that idea?	00:34
*** Marga_ has quit IRC		00:34
jroll	sure! that would be great	00:34
kfox1111	blueprints.launchpad.net/ironic?	00:35
jroll	yep	00:35
kfox1111	k	00:35
jroll	we do specs these days that the blueprint links to	00:35
jroll	but at least this way maybe we won't forget about it	00:35
*** romcheg has joined #openstack-ironic		00:35
kfox1111	yeah. sounds good.	00:36
JayF	kfox1111: that's a good candidate for our new "backlog" specs, basically you make the blueprint and put upa review to ironic-specs with problem statement + proposed solution. When someone (you or someone else interested) gets around to implementing it, they'll fill in the rest of the spec	00:42
*** ryanpetrello has joined #openstack-ironic		00:42
kfox1111	https://blueprints.launchpad.net/ironic/+spec/agent-all-glance	00:44
jroll	nice	00:45
JayF	I think the channel might appreciate this -> http:///c34a6498d4802e89941e-16c214a4a8ca35317ce45a32e60db84b.ssl.cf1.rackcdn.com/47d4f2af-654f-4f50-a78b-c3beec555461.jpeg	00:46
kfox1111	denied	00:46
JayF	I must fail at linking	00:46
jroll	https	00:46
JayF	1s	00:46
JayF	orly?	00:46
jroll	yarly	00:46
JayF	better link ---> https://c34a6498d4802e89941e-16c214a4a8ca35317ce45a32e60db84b.ssl.cf1.rackcdn.com/47d4f2af-654f-4f50-a78b-c3beec555461.jpeg	00:46
JayF	kfox1111: ^	00:46
jroll	there you go	00:47
kfox1111	:)	00:47
kfox1111	hmm... ok. lets see if I disable all service installs in packstack but swift, and see if it will add it for me...	00:50
* kfox1111 crosses his fingers		00:50
* jroll is off for the weekend		00:50
jroll	have a good one, all	00:50
kfox1111	you too. thanks for all the help	00:50
NobodyCam	have a good weekend jroll	00:50
jroll	you too	00:51
jroll	no problem kfox1111	00:51
*** ChuckC has quit IRC		00:51
*** romcheg1 has joined #openstack-ironic		00:51
*** romcheg has quit IRC		00:53
NobodyCam	JayF: +1000 (/me just clicked jpg link)	00:58
*** Marga_ has joined #openstack-ironic		00:59
*** ryanpetrello has quit IRC		00:59
NobodyCam	JayF: did you reply to the name thread on ML?	00:59
kfox1111	hmm... managed to break the dashboard trying to install swift with packstack... arg.	01:05
kfox1111	ah. there we go.	01:06
kfox1111	ok. looks like I have a usable swift now...	01:07
kfox1111	lets see how badly other things are broken. :/	01:07
*** romcheg1 has quit IRC		01:08
NobodyCam	:(	01:12
*** ChuckC has joined #openstack-ironic		01:14
kfox1111	hmm... looks like I can get packstack to deploy glance with swift backend... that might be easier...	01:17
kfox1111	hmm....	01:20
kfox1111	glance-api[16623]: ERROR: Store for scheme swift not found	01:20
kfox1111	ah. they no longer load the drivers... gota manually specify them.	01:25
kfox1111	still getting the swift error. :/	01:33
kfox1111	but... the images do look to be in swift...	01:33
kfox1111	ok. guess I'll have to call it a weekend. thanks all for the help.	01:34
*** kfox1111 has quit IRC		01:34
NobodyCam	hey kfox1111 what is the swift error?	01:34
* NobodyCam is here ar least until food gets here		01:35
NobodyCam	which will be shortly	01:35
NobodyCam	:-p	01:35
*** vipul has joined #openstack-ironic		01:38
*** Haomeng has joined #openstack-ironic		01:45
*** Haomeng\|2 has quit IRC		01:46
*** Marga_ has quit IRC		01:50
*** ChuckC has quit IRC		02:00
*** lazy_prince has quit IRC		02:00
*** kevinbenton has quit IRC		02:00
*** zer0c00l has quit IRC		02:00
*** toabctl has quit IRC		02:00
*** jeblair has quit IRC		02:00
*** greghaynes has quit IRC		02:00
*** datajerk has quit IRC		02:00
*** dlaube has quit IRC		02:00
*** pcrews has quit IRC		02:00
*** krtaylor has quit IRC		02:00
*** yuriyz has quit IRC		02:00
*** bigjools has quit IRC		02:00
*** bradjones has quit IRC		02:00
*** yuanying has quit IRC		02:00
*** mitz_ has quit IRC		02:00
*** mordred has quit IRC		02:00
*** lsmola has quit IRC		02:00
*** harlowja has quit IRC		02:04
*** harlowja has joined #openstack-ironic		02:04
*** linggao has quit IRC		02:17
*** bigjools has joined #openstack-ironic		02:32
*** yuriyz has joined #openstack-ironic		02:32
*** krtaylor has joined #openstack-ironic		02:32
*** pcrews has joined #openstack-ironic		02:32
*** datajerk has joined #openstack-ironic		02:32
*** bradjones has joined #openstack-ironic		02:32
*** yuanying has joined #openstack-ironic		02:32
*** mitz_ has joined #openstack-ironic		02:32
*** mordred has joined #openstack-ironic		02:32
*** lsmola has joined #openstack-ironic		02:32
*** bradjones has quit IRC		02:32
*** yuanying has quit IRC		02:32
*** mitz_ has quit IRC		02:32
*** mordred has quit IRC		02:32
*** lsmola has quit IRC		02:32
*** ChuckC has joined #openstack-ironic		02:33
*** kevinbenton has joined #openstack-ironic		02:33
*** zer0c00l has joined #openstack-ironic		02:33
*** toabctl has joined #openstack-ironic		02:33
*** jeblair has joined #openstack-ironic		02:33
*** greghaynes has joined #openstack-ironic		02:33
*** ChuckC has quit IRC		02:40
*** kevinbenton has quit IRC		02:40
*** zer0c00l has quit IRC		02:40
*** toabctl has quit IRC		02:40
*** jeblair has quit IRC		02:40
*** greghaynes has quit IRC		02:40
*** bradjones has joined #openstack-ironic		02:41
*** yuanying has joined #openstack-ironic		02:41
*** mitz_ has joined #openstack-ironic		02:41
*** mordred has joined #openstack-ironic		02:41
*** lsmola has joined #openstack-ironic		02:41
*** achanda has joined #openstack-ironic		02:46
*** ChuckC has joined #openstack-ironic		02:46
*** kevinbenton has joined #openstack-ironic		02:46
*** zer0c00l has joined #openstack-ironic		02:46
*** toabctl has joined #openstack-ironic		02:46
*** jeblair has joined #openstack-ironic		02:46
*** greghaynes has joined #openstack-ironic		02:46
*** david-lyle is now known as david-lyle_afk		02:53
*** spandhe has quit IRC		02:53
*** achanda has quit IRC		02:56
*** ryanpetrello has joined #openstack-ironic		03:24
*** linggao has joined #openstack-ironic		03:25
*** linggao has quit IRC		03:32
*** subscope has quit IRC		04:11
*** subscope has joined #openstack-ironic		04:15
*** killer_prince has joined #openstack-ironic		04:43
*** killer_prince is now known as lazy_prince		04:43
*** pcrews has quit IRC		04:46
*** ryanpetrello has quit IRC		05:10
*** achanda has joined #openstack-ironic		05:13
*** davideagnello has joined #openstack-ironic		05:15
*** achanda has quit IRC		05:15
*** achanda has joined #openstack-ironic		05:18
*** davideagnello has quit IRC		05:20
*** rushiagr_away is now known as rushiagr		05:25
*** harlowja is now known as harlowja_away		05:31
*** ryanpetrello has joined #openstack-ironic		05:33
*** ryanpetrello has quit IRC		05:39
*** ryanpetrello has joined #openstack-ironic		05:44
*** pensu has joined #openstack-ironic		05:46
*** achanda has quit IRC		05:51
*** achanda has joined #openstack-ironic		05:57
*** ryanpetrello has quit IRC		06:07
*** achanda has quit IRC		06:34
*** achanda has joined #openstack-ironic		06:41
*** achanda has quit IRC		07:32
*** achanda has joined #openstack-ironic		07:53
*** pensu has quit IRC		07:55
*** achanda has quit IRC		08:07
*** lazy_prince has quit IRC		08:10
*** pensu has joined #openstack-ironic		08:11
*** killer_prince has joined #openstack-ironic		08:12
*** killer_prince is now known as lazy_prince		08:12
*** Haomeng\|2 has joined #openstack-ironic		08:31
*** Haomeng has quit IRC		08:31
*** andreykurilin_ has joined #openstack-ironic		08:46
*** Haomeng has joined #openstack-ironic		09:11
*** Haomeng\|2 has quit IRC		09:12
*** romcheg has joined #openstack-ironic		09:14
*** pensu has quit IRC		09:22
*** subscope_ has joined #openstack-ironic		09:47
*** andreykurilin_ has quit IRC		10:05
*** datajerk has quit IRC		11:07
*** krtaylor has quit IRC		11:07
*** yuriyz has quit IRC		11:07
*** bigjools has quit IRC		11:07
*** achanda has joined #openstack-ironic		11:07
*** datajerk has joined #openstack-ironic		11:10
*** krtaylor has joined #openstack-ironic		11:10
*** yuriyz has joined #openstack-ironic		11:10
*** bigjools has joined #openstack-ironic		11:10
*** igordcard has joined #openstack-ironic		11:11
*** ChuckC has quit IRC		11:11
*** kevinbenton has quit IRC		11:11
*** zer0c00l has quit IRC		11:11
*** toabctl has quit IRC		11:11
*** jeblair has quit IRC		11:11
*** greghaynes has quit IRC		11:11
*** achanda has quit IRC		11:12
*** ChuckC has joined #openstack-ironic		11:13
*** kevinbenton has joined #openstack-ironic		11:13
*** zer0c00l has joined #openstack-ironic		11:13
*** toabctl has joined #openstack-ironic		11:13
*** jeblair has joined #openstack-ironic		11:13
*** greghaynes has joined #openstack-ironic		11:13
*** Haomeng\|2 has joined #openstack-ironic		12:12
*** Haomeng has quit IRC		12:13
*** igordcard has quit IRC		12:40
*** igordcard has joined #openstack-ironic		12:41
*** igordcard has quit IRC		12:46
*** romcheg has quit IRC		13:39
*** romcheg has joined #openstack-ironic		13:40
*** romcheg has quit IRC		13:47
*** kfox1111 has joined #openstack-ironic		13:49
kfox1111	how do I figure out what to use for: swift_temp_url_key=	13:50
kfox1111	is it just random?	13:51
*** ryanpetrello has joined #openstack-ironic		14:06
*** alexpilotti has joined #openstack-ironic		14:18
kfox1111	almost there...	14:25
kfox1111	Error downloading image.', u'code': 500, u'type': u'ImageDownloadError', u'details': u'Could not download image with id 5cd045d6-aa7d-422d-b9b4-b84e5da12086.'	14:25
*** rushiagr is now known as rushiagr_away		14:36
*** rushiagr_away is now known as rushiagr		14:40
*** ryanpetrello has quit IRC		14:52
*** pensu has joined #openstack-ironic		15:18
NobodyCam	morning ironic	15:24
NobodyCam	kfox1111: just use a random string	15:25
*** pcrews has joined #openstack-ironic		15:55
*** pensu has quit IRC		16:12
*** yjiang5 has quit IRC		16:28
*** romcheg has joined #openstack-ironic		16:33
*** subscope_ has quit IRC		16:39
*** andreykurilin_ has joined #openstack-ironic		16:40
*** romcheg has quit IRC		16:55
*** romcheg has joined #openstack-ironic		17:09
*** pcrews has quit IRC		17:20
*** andreykurilin_ has quit IRC		17:21
*** andreykurilin_ has joined #openstack-ironic		17:21
*** ChanServ changes topic to "Bare Metal Provisioning \| Status: http://bit.ly/ironic-whiteboard \| Docs: http://docs.openstack.org/developer/ironic/ \| Bugs: https://bugs.launchpad.net/ironic"		17:25
*** andreykurilin_ has quit IRC		17:28
*** PaulCzar has quit IRC		17:44
*** pensu has joined #openstack-ironic		18:09
*** romcheg has quit IRC		18:17
*** romcheg has joined #openstack-ironic		18:20
*** romcheg has quit IRC		18:37
*** romcheg has joined #openstack-ironic		18:37
*** andreykurilin_ has joined #openstack-ironic		18:44
*** romcheg has quit IRC		18:52
*** romcheg has joined #openstack-ironic		18:53
*** spandhe has joined #openstack-ironic		18:53
*** pensu has quit IRC		19:11
*** ryanpetrello has joined #openstack-ironic		19:14
*** spandhe has quit IRC		19:19
*** ryanpetrello has quit IRC		19:21
*** ryanpetrello has joined #openstack-ironic		19:24
*** spandhe has joined #openstack-ironic		19:38
*** ryanpetrello has quit IRC		19:43
*** romcheg has quit IRC		19:51
*** romcheg has joined #openstack-ironic		19:58
*** davideagnello has joined #openstack-ironic		20:08
*** andreykurilin_ has quit IRC		20:12
*** andreykurilin_ has joined #openstack-ironic		20:13
*** romcheg1 has joined #openstack-ironic		20:32
*** romcheg has quit IRC		20:32
*** davideagnello has quit IRC		20:33
*** romcheg has joined #openstack-ironic		20:36
*** romcheg1 has quit IRC		20:37
*** rushiagr is now known as rushiagr_away		20:37
*** ryanpetrello has joined #openstack-ironic		20:41
*** spandhe has quit IRC		20:49
*** andreykurilin_ has quit IRC		21:06
*** andreykurilin_ has joined #openstack-ironic		21:07
*** andreykurilin_ has quit IRC		21:12
*** andreykurilin_ has joined #openstack-ironic		21:12
*** ryanpetrello has quit IRC		21:50
*** ryanpetrello has joined #openstack-ironic		21:50
*** kevinbenton has quit IRC		22:08
*** ryanpetrello has quit IRC		22:09
*** davideagnello has joined #openstack-ironic		22:22
*** davideagnello has quit IRC		22:26
*** romcheg1 has joined #openstack-ironic		22:28
*** romcheg has quit IRC		22:30
*** andreykurilin_ has quit IRC		22:49
*** spandhe has joined #openstack-ironic		22:49
*** cohn has left #openstack-ironic		23:22
*** spandhe has quit IRC		23:49
*** alexpilotti has quit IRC		23:53
*** spandhe has joined #openstack-ironic		23:54
*** spandhe has quit IRC		23:56

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!