Tuesday, 2016-11-15

*** TxGirlGeek has quit IRC00:00
sdakewell i'll assume you have - but in case you haven't, its brilliant work by a brilliant team that is committed to solving this problem the right way00:00
sdakebut dont take my word for it, go read it00:00
sdakeand if you have read it, comment on what you dont like00:01
sdakerather then create a parallel implementation00:01
Pavowell finally figured out why none of you guys can get to my horizon00:04
Pavousing tls00:04
Pavomy stupid ISP blocks 44300:04
rhalliseygit review is hanging :/00:04
openstackgerritRyan Hallisey proposed openstack/kolla-kubernetes: Spec - Kolla-Kubernetes Deployment Architecture  https://review.openstack.org/39225700:04
rhalliseythere we go00:04
rhalliseyit skipped patch 10 O.o00:05
srwilkersgo home gerrit, youre drunk00:08
*** dave-mccowan has joined #openstack-kolla00:17
*** inc0 has quit IRC00:24
*** inc0 has joined #openstack-kolla00:24
*** schwicht has joined #openstack-kolla00:32
kfox1111Pavo: bummer.00:48
*** zhubingbing has joined #openstack-kolla00:50
*** awiddersheim has quit IRC00:54
sdakerhallisey i complained more on your spec00:54
sdakerhallisey can you fix it quickly00:54
kfox1111I'm commenting too right now.00:55
sdakerhallisey also Duong wants to contribute as another member of your small army ;)00:55
sdakeand Qin Wang00:55
sdakeQIn Wang (qnang) is what the comment says00:55
sdakeDuang Ha-Quang (duonghq)00:56
sdakesorry duong Ha-Quang (duonghq)00:56
sdakewith a capital D :)00:56
sdakekeyboard blows00:56
sdakepavo you can run it on a port other then 44300:58
sdakerhallisey ^^01:00
sdakei guess ryan went to walk his dog or something ;)01:00
sdakebbl01:00
*** duonghq has joined #openstack-kolla01:00
openstackgerritzhubingbing proposed openstack/kolla: add new line in cleanup-containers  https://review.openstack.org/39745401:04
rhalliseykk01:05
*** tovin07_ has joined #openstack-kolla01:05
zhubingbing-)01:08
sdakezhubingbing just whats needed, another newline01:09
sdakeyou realize those newlines take up precious disk space01:09
sdake-)01:09
zhubingbingBut other scripts are written in this way01:09
*** inc0 has quit IRC01:10
zhubingbingI think the script format should be unified01:11
zhubingbingso.....01:11
zhubingbing-)01:11
duonghqmorning01:12
zhubingbingmorning01:12
sdakesup duonghq01:12
zhubingbingsup what's01:12
*** schwicht has quit IRC01:12
zhubingbingmean01:12
zhubingbing-)01:12
sdakesup = whats up01:12
zhubingbingwow,01:13
duonghqzhubingbing, do we have any convention on it?01:13
zhubingbing-) ok01:14
*** harbor has joined #openstack-kolla01:14
*** harbor is now known as harbor_01:14
*** harbor_ is now known as portdirect_01:14
duonghqI think your idea it's nice , but it should be in some docs.01:14
tovin07_morning01:14
zhubingbinghttps://review.openstack.org/#/c/397454/01:15
zhubingbingDo you think there's any problem with that?01:16
duonghqno problem01:17
duonghqI mean that it's coding convention-related01:17
sdakeinc0 was there a conclusion to the vote on trivialfix01:17
sdakehrm01:17
duonghqso, it should be in some documentation or guideline or .... (IMO)01:17
duonghqdo we have any?01:17
duonghqmaybe not really need for this kind of format01:18
duonghqdo not sure01:18
zhubingbingI think the document is one of our major defects01:18
duonghqI do not think so, convention maybe very small thing01:19
duonghqI'm no sure01:19
duonghq*not01:19
zhubingbingneed to slowly improve01:19
duonghqone more think you can consider: standardize shebang01:19
*** schwicht has joined #openstack-kolla01:19
duonghqI prefer /usr/bin/env bash over sheer /bin/bash01:19
*** g3ek has quit IRC01:20
*** haplo37 has quit IRC01:20
duonghqalso /usr/bin/env python...01:21
sdakesay dumb q01:21
sdakekfox1111 rhallisey - after reading spec i'm confused about this job operator thing01:21
sdakerather job pod01:21
sdakeis that a shell script that runs and does its thing only once?01:21
kfox1111sdake: kind of. k8s has a job object type.01:22
sdakekfox1111 i got that part ;)01:22
kfox1111an ormal pod will automatically restart if the container fails.01:22
sdakei'm wondering how it works01:22
kfox1111a job stops if it successfully exit's 0.01:22
sdakeif pod restarts, does job restart?01:22
kfox1111so you can use it for tasks.01:22
sdakei asked this a few days ago and the answer was yes01:23
kfox1111for a job? yes.01:23
kfox1111so, like,01:23
kfox1111say you ahve a job, and the k8s node its running on dies half way through.01:23
kfox1111the job will just get restarted on another node.01:23
sdakeok, but what if the pod fails after the job has finished?01:24
zhubingbingK8s this work mechanism is mainly dependent on etcd01:24
kfox1111the job is done if the container exits 0.01:24
sdakeand never starts again?01:24
kfox1111so if the job completes, it won't get rescheduled.01:24
kfox1111right. it just sticks around for output.01:25
kfox1111you are free to delete it after you figure out that it finished.01:25
kfox1111but you can leave it around too I think.01:25
sdakewhere does its config come from01:25
kfox1111I always delete them though.01:25
kfox1111wherever.01:25
*** haplo37 has joined #openstack-kolla01:25
kfox1111a job is just like a normal pod, with that one slight difference.01:25
sdakewhere will it come from in our architecture01:25
kfox1111configmaps and or secrets.01:26
*** g3ek has joined #openstack-kolla01:26
sdakeand those come from the operator that lods in the configmap from the thirdparty config?01:26
kfox1111('ve not been talking about secrets so far. to not confuse the conversation. think of them as mostly the same thing though)01:26
kfox1111either they come from an operator loaded through a thirdparty config,01:27
sdakesecrets / config maps seem like similiar things to me01:27
sdakeso thats fine01:27
kfox1111or directly by a human if they want to go that route.01:27
kfox1111yeah. its mostly bookeeping.01:27
sdakeso we need to implement a job pod as well?01:27
kfox1111we have jobs already.01:28
sdakemind showing me one that does the db registration01:28
kfox1111sure.01:28
sdakedb creation that is01:28
kfox1111all of our k8s objects are currently under services/01:28
kfox1111I've been making things as generic as possible, so there are some common jobs now.01:29
kfox1111but01:29
sdakeif a job is a container, then it contains some kind of code to create a db, right?01:29
*** awiddersheim has joined #openstack-kolla01:30
kfox1111actually, the createdb code isn't as clean as I'd like it. there are probably better examples.01:30
sdakemind showing me what you got so I don't have to hunt for it ;)01:31
kfox1111https://github.com/openstack/kolla-kubernetes/blob/master/services/common/common-create-keystone-user.yml.j201:31
kfox1111here's one that creates a services keystone user.01:31
sdakehow does it know where to get its configmap?01:32
kfox1111note, it does use the kolla-toolbox to create the user. though I think that woudl be easy/desirable to just switch out with the unified openstack cli.01:32
kfox1111in this case, its using a secret.01:32
kfox1111line 4901:32
sdakewfm01:33
sdakei think the spec is wrong tho01:33
sdakearound lines 5-801:33
sdakeand possibly above01:33
portdirect_nice: didn't realise you could use downward api to expose secrets01:33
kfox1111portdirect_: some really awesome things you can do with k8s. :)01:34
kfox1111sdake: not sure I follow. what you thinking?01:34
kfox1111gota head out in 5 min.01:34
portdirect_moving so fast - couldnt do that with 1.2...01:34
sdakekfox1111 what i'm getting at is the spec is incorrect since the operator itself wont be doing db registration or role creation or db user creation01:35
kfox1111portdirect_: yeah. init containers are really awesome too.01:35
sdakeinstead the job does it01:35
sdakerhallisey ^^01:36
kfox1111sdake: kind of, yeah. an operator just runs k8s/helm.01:36
sdakeand does dependency management01:36
sdakeand handles complex actions01:36
kfox1111and orchestrates the order of initial creations of things.01:36
rhalliseyk01:36
sdakebootstrapping is not a complex action01:36
kfox1111portdirect_: if you haven't played with init containers, I'd recommend doing so. they requre some ugly json encoding for now, but really are super useful.01:37
sdakemakes alot of sense now - i was wondering how you were goin to do #2 without operators since there was no db around01:37
sdakei think we need a special container just to handle the init jobs01:37
portdirect_kfox1111: been using them for ages :) https://github.com/portdirect/harbor/blob/latest/kubernetes/templates/keystone/controllers.yaml#L30101:37
rhalliseyya there's no point of a job01:37
sdakeso that it can detect duplicate dbs and whatnot01:37
kfox1111sdake: for reference, have alook at:01:37
kfox1111https://github.com/openstack/kolla-kubernetes/blob/master/tests/bin/ceph_workflow.sh01:37
kfox1111there's our current deployment workflow in gate.01:38
*** Pavo has quit IRC01:38
sdakekfox1111 cool so thats  what we need operate01:38
sdakerather automate01:38
kfox1111sdake: yes. :)01:38
sdakethe problem with that workflow is it lacks actions (such as reconfigure and upgrade)01:39
*** Pavo has joined #openstack-kolla01:39
sdakenot that we need to handle it now, but it needs to be handled01:39
kfox1111if you can take that one file and make it one kolla operator command, we're all set. :)01:39
sdakei think the implementation you ahve is fine01:39
sdakeif ansible crashes midstream, bad things could happen ;-)01:39
kfox1111yeah. I'm jsut saying, thats ultimately what the spec's going to do in operators.01:39
kfox1111with better error handling. :)01:40
sdakeoh you mean take that out of jobs and do it in operators?01:40
sdakethat doesn't seem to make sense ;)01:40
kfox1111that script just creates a set of k8s objects in a particular order, and waits for things to spawn handeling deps.01:40
sdakei mean the other one01:40
kfox1111it is an implementation of a deployment workflow.01:40
sdakethe first one you linked01:40
kfox1111the job is staying01:41
kfox1111the ceph_workflow launches it. :)01:41
kfox1111https://github.com/openstack/kolla-kubernetes/blob/master/tests/bin/ceph_workflow.sh#L36 here for example.01:42
kfox1111search for bootstrap in the ceph-workflow. those are all jobs I think.01:42
sdakeright - that seems correct, so why put that logic in an operator?01:43
kfox1111gotta head out. talk to you later.01:43
sdakelater01:43
kfox1111which logic?01:43
sdakethe keystone-manage-db logic for example01:43
sdakethe docker exec logic01:43
kfox1111the logic of how to manage the db is in the job, so a human can manually run the job if they need.01:43
sdakeright01:44
sdakeso why have that in an operator?01:44
kfox1111the k8s operator just runs things like a human would if the human doesn't want to.01:44
sdakeoh, i thought it was down a layer01:44
sdakerather down a couple layers01:44
kfox1111the job is packaged in helm. the operator launches the job through helm.01:44
kfox1111so, kind of.01:45
sdakeright, so the job always launched01:45
*** dave-mccowan has quit IRC01:45
sdakelaunches01:45
sdakeso why put that in an operator at all01:45
sdakebecause it always happens01:45
kfox1111someone's got to launch the job.01:45
kfox1111the idea of the operators is so that the humans don't have to.01:45
sdakeok so operator has to launch the job then?01:45
*** hfu has joined #openstack-kolla01:45
kfox1111the job has to be run to completion before the next step in the workflow can work too.01:46
*** fragatin_ has joined #openstack-kolla01:46
kfox1111so an ideal spot for the operator.01:46
kfox1111yeah.01:46
portdirect_the operator needs to know if the job has finished i think?01:46
sdakejobs aren't linked to their objects?01:46
kfox1111yeah. look at the ceph-workflow logic.01:46
kfox1111there are places where it waits until jobs complate.01:46
kfox1111thats orchestration logic.01:46
sdakei see01:46
sdakeso jobs are parallel launched01:46
kfox1111some are.01:46
kfox1111there are esentially bariors in that workflow though.01:46
sdakethe issue in the spec is a conflict in coherence01:47
kfox1111I did as much in parallel as I could, batching up things that could be in parallel together.01:47
kfox1111so it has implicit deps coded into it.01:47
*** fragatin_ has quit IRC01:47
kfox1111which kind of sucks. but works.01:47
sdakein one place we say we are registering dbs via operators in another part we say during init containers01:47
sdakeif the answer is "both depending on circumstance" I guess that should be written down to reduce confusion01:48
kfox1111we init all db's in jobs laucnhed via operators01:48
kfox1111never in an init-container.01:48
*** fragatin_ has joined #openstack-kolla01:48
sdakerhallisey ^^01:48
kfox1111init containers are intended to init an instance of a new pod.01:48
kfox1111not for initing a distributed system.01:48
*** fragatina has quit IRC01:49
kfox1111jobs are better for initing a distributed system, as it can be limited to 1 run.01:49
sdakei see 206-20801:49
sdakeso operator launches a job, not initializes the database01:49
kfox1111right.01:50
kfox1111it launches a job, and that job initializes the db.01:50
sdake52-57 should be clarified "An operator launches a job which initializes a db"01:50
kfox1111and the operator waits until completion.01:50
*** fragatin_ has quit IRC01:50
kfox1111sdake: yeah. 52-57 looks wrong from that perspective. the other secion I think is the correct one.01:51
sdakekfox1111 right01:51
portdirect_yeah01:51
sdakekfox1111 you understand where i'm coing form now :)01:51
kfox1111ok. getting mroe in trouble. bbl. :)01:51
kfox1111sdake: yeah. :)01:51
*** kfox1111 is now known as kfox1111_away01:51
portdirect_it should be at 53 if that section remains01:51
portdirect_whoops between 55 and 5601:51
openstackgerritlijing proposed openstack/kolla: Word choice for back end  https://review.openstack.org/39078801:53
portdirect_sdake: i missed a load of discussion - i'll try catch up tomorrow, but just wanted to clarify at line 192 in the spec, it refers to existing config files  - does this refer to file from a previous config, or default config files for a service?01:55
sdakeportdirect_ i just responded to your comment01:56
sdakein the review01:56
sdakebasically teh answer is either option works01:56
sdakewe want kolla to be dead simple to use01:57
sdakeor atlast I want that01:57
sdakeand having operators jerking around with kubectl commands doesn't meet that test01:57
sdakebut on the other hand, if they really want to they can01:57
sdakeoperators provide workflow where the warm blooded kind don't want to do their own workflow01:57
portdirect_sdake ++, that sounds like how it should be :)01:58
rhalliseyk back01:59
*** zhurong has joined #openstack-kolla02:08
*** zhurong has quit IRC02:08
*** portdirect_ is now known as portdirect_away_02:10
*** schwicht has quit IRC02:19
*** portdirect_away_ is now known as portdirect_02:21
portdirect_one more thing...02:22
portdirect_I've been thinking - it would be possible to run the current kolla entrypoint as an init container, and then launch the kolla container with a read-only rootfs in kolla-kubernetes02:23
portdirect_which would offer some advantages from a security PoV02:24
sdakehow is read-only elimited without entrypoint?02:30
*** Pavo_ has joined #openstack-kolla02:34
*** Pavo has quit IRC02:34
*** Pavo_ is now known as Pavo02:34
openstackgerritRyan Hallisey proposed openstack/kolla-kubernetes: Spec - Kolla-Kubernetes Deployment Architecture  https://review.openstack.org/39225702:36
rhalliseysdake, check that out02:37
rhalliseyI'll check in on the comments tmr02:37
*** rhallisey has quit IRC02:37
*** Pavo has quit IRC02:38
portdirect_sdake: just hunted though - i think your right, there would be no need - the only place it would be requred (i think) with the current implementation is for the few serives that run behind apache - but that could be sorted by delacering the apache config dirs as emptydir volumes in the pod spec.02:40
*** portdirect_ is now known as portdirect_away_02:42
*** Pavo has joined #openstack-kolla02:43
*** yuanying has quit IRC02:51
*** unicell1 has quit IRC03:12
*** v1k0d3n has quit IRC03:27
*** fragatina has joined #openstack-kolla03:29
*** sdake has quit IRC03:36
*** Pavo has quit IRC03:38
*** yuanying has joined #openstack-kolla03:39
*** Pavo has joined #openstack-kolla03:40
*** srwilkers has quit IRC03:41
*** sdake has joined #openstack-kolla03:44
sdakeportdirect_away how did you interpret no need from that?03:44
sdake:)03:44
sdakei like security03:45
sdakeits a critical weakness of mine :(03:45
openstackgerritDuong Ha-Quang proposed openstack/kolla: Specify 'become' to neccesary tasks (general roles)  https://review.openstack.org/35853903:45
*** yuanying has quit IRC03:45
*** yuanying has joined #openstack-kolla03:49
*** sdake has quit IRC04:03
*** negronjl has quit IRC04:03
*** chas_ has joined #openstack-kolla04:13
*** chas_ has quit IRC04:17
*** v1k0d3n has joined #openstack-kolla04:19
*** sdake has joined #openstack-kolla04:22
*** severion has joined #openstack-kolla04:23
*** v1k0d3n has quit IRC04:25
*** v1k0d3n has joined #openstack-kolla04:27
*** severion has quit IRC04:29
*** coolsvap has joined #openstack-kolla04:43
sdakesup coolsvap05:00
coolsvapsdake: hey05:01
*** khamtamtun has joined #openstack-kolla05:04
*** khamtamtun has quit IRC05:21
coolsvapsdake: submitted review to add kolla-ansible to global requirements  https://review.openstack.org/39753205:23
sdakefor which project?05:23
sdakedid you mean to add kolla to global requirements?05:24
coolsvapkolla-ansible05:24
coolsvapno, to sync with g-r05:24
sdakeoh got it05:24
sdakethanks, didn't know that was a thing05:24
sdakei thought you meant requirements.txt05:25
coolsvapso are we planning to git pull for building images in kolla-ansible?05:25
*** fragatina has quit IRC05:30
*** fragatina has joined #openstack-kolla05:31
*** fragatina has quit IRC05:35
*** chas_ has joined #openstack-kolla05:36
*** Pavo has quit IRC05:38
*** unicell has joined #openstack-kolla05:38
*** chas_ has quit IRC05:40
*** Pavo has joined #openstack-kolla05:41
*** berendt has joined #openstack-kolla05:43
openstackgerritJeffrey Zhang proposed openstack/kolla: Revert "corrects invalid logrotate option maxsize"  https://review.openstack.org/39721405:53
*** msimonin has joined #openstack-kolla05:58
openstackgerritMerged openstack/kolla: add new line in cleanup-containers  https://review.openstack.org/39745406:01
*** Jeffrey4l has quit IRC06:03
*** unicell1 has joined #openstack-kolla06:04
*** unicell has quit IRC06:05
*** khamtamtun has joined #openstack-kolla06:17
*** msimonin has quit IRC06:22
*** khamtamtun has quit IRC06:35
*** mdnadeem has joined #openstack-kolla06:36
*** mdnadeem has quit IRC06:40
*** Jeffrey4l has joined #openstack-kolla06:41
openstackgerritzhongshengping proposed openstack/kolla: Deprecate scheduler_max_attempts option in nova  https://review.openstack.org/39754706:42
duonghqif we run deploy on existing system, does the mariadb is replace/erase?06:42
*** khamtamtun has joined #openstack-kolla06:48
berendtduonghq i do not think so06:48
duonghqthank berendt, I think so, but cannot get a cluster up for test now06:49
berendtmy test environment is broken at the moment :(06:50
duonghqhow is it broken?06:55
berendti am restructuring my CI at the moment, broken means the systems are not installed at the moment06:56
duonghqah, ok06:56
*** nadeem_ has joined #openstack-kolla06:59
*** nadeem_ has quit IRC07:06
*** chas_ has joined #openstack-kolla07:07
*** YuYangWang has joined #openstack-kolla07:18
*** msimonin has joined #openstack-kolla07:19
*** msimonin has quit IRC07:23
*** nadeem_ has joined #openstack-kolla07:32
*** Pavo has quit IRC07:38
duonghqwhich is deadline of kolla-k8s specs?07:42
*** tonanhngo has quit IRC07:42
*** Pavo has joined #openstack-kolla07:43
*** nadeem_ has quit IRC07:47
openstackgerritJeremy Liu proposed openstack/kolla: Word choice for back end  https://review.openstack.org/39078807:48
*** sdake_ has joined #openstack-kolla07:49
*** sdake has quit IRC07:53
*** tonanhngo has joined #openstack-kolla08:01
*** tonanhngo has quit IRC08:02
*** neilus has joined #openstack-kolla08:03
*** nadeem_ has joined #openstack-kolla08:04
*** matrohon has joined #openstack-kolla08:10
*** magicboiz has quit IRC08:11
*** magicboiz has joined #openstack-kolla08:11
*** neilus has quit IRC08:20
*** tovin07_ has quit IRC08:24
*** Mech422 has quit IRC08:28
*** Mech422 has joined #openstack-kolla08:28
*** egonzalez90 has joined #openstack-kolla08:30
*** shardy has joined #openstack-kolla08:35
openstackgerritcaoyuan proposed openstack/kolla: Update the default value for Heat  https://review.openstack.org/39757708:38
*** YuYangWang has quit IRC08:50
*** Serlex has joined #openstack-kolla08:55
*** athomas has joined #openstack-kolla09:03
*** gfidente has joined #openstack-kolla09:13
*** DTadrzak has joined #openstack-kolla09:15
*** openstackgerrit has quit IRC09:18
*** openstackgerrit has joined #openstack-kolla09:18
*** clsacramento has joined #openstack-kolla09:21
*** msimonin has joined #openstack-kolla09:23
*** sdake_ has quit IRC09:23
*** msimonin has left #openstack-kolla09:23
*** Serlex has quit IRC09:28
*** msimonin1 has joined #openstack-kolla09:28
*** neilus has joined #openstack-kolla09:31
*** msimonin1 has quit IRC09:32
*** msimonin has joined #openstack-kolla09:34
*** neilus has quit IRC09:36
*** Pavo has quit IRC09:38
berendtwhere can i find the vagrant environment for kolla-kubernetes?09:41
berendthttps://github.com/att-comdev/halcyon-vagrant-kubernetes09:42
berendtthis is not for kolla-kubernetes, but that is the environment i looked for ;)09:43
*** Pavo has joined #openstack-kolla09:43
*** hfu has quit IRC09:44
*** neilus has joined #openstack-kolla09:45
*** neilus has quit IRC09:48
openstackgerritcaoyuan proposed openstack/kolla: Move the "enable_destroy_images" into configure file  https://review.openstack.org/39763309:56
*** Serlex has joined #openstack-kolla09:58
openstackgerritcaoyuan proposed openstack/kolla: Move the "enable_destroy_images" into configure file  https://review.openstack.org/39763309:58
openstackgerritcaoyuan proposed openstack/kolla: Move the "enable_destroy_images" into configure file  https://review.openstack.org/39763310:00
*** sdake has joined #openstack-kolla10:02
*** papacz has joined #openstack-kolla10:02
*** neilus has joined #openstack-kolla10:04
sdakeevening folks10:05
sdakeJeffrey4l you about10:05
egonzalez90eveing sdake10:05
sdakesup egonzalez9010:05
openstackgerritzhubingbing proposed openstack/kolla: change network_bw_out to network.bw.out in cloudkitty.conf.j2  https://review.openstack.org/39764110:06
*** sdake_ has joined #openstack-kolla10:08
*** neilus has quit IRC10:09
*** sdake has quit IRC10:11
*** tonanhngo has joined #openstack-kolla10:18
openstackgerritMerged openstack/kolla: Revert "corrects invalid logrotate option maxsize"  https://review.openstack.org/39721410:18
*** tonanhngo has quit IRC10:18
openstackgerritMerged openstack/kolla: Use check_mode no instead of always_run  https://review.openstack.org/39709410:23
openstackgerritMerged openstack/kolla: update dispatcher configurations for database backend  https://review.openstack.org/39708910:23
*** neilus has joined #openstack-kolla10:26
*** duonghq has quit IRC10:27
*** fragatina has joined #openstack-kolla10:31
*** neilus has quit IRC10:32
*** fragatina has quit IRC10:36
*** khamtamtun has quit IRC10:39
*** sdake_ is now known as sdake10:40
coolsvappbourke: will you update the contributing doc for policy change related to TrivialFix?10:44
pbourkecoolsvap: submitting a patch now10:44
coolsvap(y)10:44
openstackgerritPaul Bourke (pbourke) proposed openstack/kolla: Update docs around TrivialFix  https://review.openstack.org/39767210:50
sdakepbourke nitpick on your doc change10:55
sdakehttps://bugs.launchpad.net/kolla/+bugs?search=Search&field.status=New10:56
sdake40 new bugs10:56
*** portdirect_away_ is now known as portdirect_10:57
portdirect_morning :)10:57
sdakefwiw, I'm taking a break from bug triage for oh - about 3 or 4 months10:57
sdakei hope folks here pick up the slack;)10:57
sdakesup portdirect_10:57
sdakeegonzalez90 coolsvap pbourke if you like the lubernetes spec, +2 it plz, or leave a -1 and commentary10:58
sdakehttps://review.openstack.org/#/c/392257/10:58
portdirect_sdake: going back to last night (for me), I meant no need to move the kolla entrypoint - i was jumping the gun, we should be able to run kolla containers read-only in their current state i think10:59
pbourkesdake: I +1'ed a couple of times, but the patchsets just keep on rolling10:59
portdirect_so we should try it :)10:59
sdakepbourke i think the patchsets are done10:59
pbourkekk10:59
sdakeryan set deadline of today for merging10:59
sdakeand ryan running that shit show ;)11:00
*** sbezverk has joined #openstack-kolla11:00
sdakesbezverk ure alive11:00
sdakesbezverk check out our masterpeice: https://review.openstack.org/#/c/392257/11:00
sbezverksdake: yep, finally landed last night..11:00
sdakewell before you get locked into email have a read11:00
sbezverksdake: sure thing.11:01
*** khamtamtun has joined #openstack-kolla11:01
*** mgoddard_ has joined #openstack-kolla11:01
sdakeportdirect_ - i think the current thinking on entrypoint is it will be considered if it can be made optional default to off and not jammed into every container11:02
sdakeas in, if you want entrypoint you can have it, if yo udont, it isn't forced upon you11:03
portdirect_sorry: again we are hit by too many things with the same name - i was refering to the current (docker?) entrypoint to the kolla container, nothing to do with the k8s-entrypoint :)11:03
sdakei am definately not satisified with an entrypoint implementation that changes around all our containers11:03
zhubingbingsdake, do you know trove support v3?11:03
sdakezhubingbing v3 o wot11:03
zhubingbingkeystone v311:04
sdakeno clue11:04
sdakev2 is pretty much deprecated11:04
portdirect_"i am definately not satisified with an entrypoint implementation that changes around all our containers" quoted for truth.11:04
sdakeso i hope its moved on11:04
sdakeits being trove11:04
*** mgoddard has quit IRC11:04
sdakeproposition 205 failed by 2% in arizona11:05
* sdake groans11:05
sdakethe same thing passed in 4 or 5 other states11:05
sdakeok guys, the dark knight rises or 30011:06
sdakewhat shall it be11:07
portdirect_dark knight11:08
portdirect_easy11:08
sdakei believed in harvy dent11:09
sdakethe best part of this movie is batman saves the world and escapes being batman :)11:10
sdakeportdirect_ https://www.gliffy.com/go/share/ssmhcjkog50xyl3gensq11:13
*** ChanServ sets mode: +o sdake11:13
*** ChanServ sets mode: -o sdake11:14
portdirect_that looks good11:14
sdakethanks11:15
sdakegotta be good at something11:15
sdakei can push around boxes on gliffy pretty well11:15
portdirect_+111:16
sdakesbezverk ^ https://www.gliffy.com/go/share/ssmhcjkog50xyl3gensq11:16
portdirect_the only q i have is where does "keystone default configuration" come from?11:16
sdakeportdirect_ i think an open question we can answer later11:17
portdirect_though thats out of scope for that diagram..11:17
portdirect_I'm down with that11:17
sdakewe do have a genconfig feature of kolla11:17
sdakebut obviously that is suboptimal11:17
portdirect_lets get it working, then we can open up the rabbit warren :)11:17
*** mgoddard_ has quit IRC11:17
sdakei had a massive yak shaving session today11:17
sdakeit all started with this diagram11:18
portdirect_I'll look through the logs when I get into the office, but It looks like things became a lot clearer while I slept :)11:18
*** mgoddard has joined #openstack-kolla11:18
sdakeportdirect_ what is the analog for a bag o cats11:19
sdakeportdirect_ clearer to me atleast11:19
sdakeportdirect_ i think the spec is pretty close to spot on11:19
sdakeit has a few typos11:19
portdirect_yup - it looks pretty solid from my perspective now11:20
portdirect_that diagram of your is worth a thousand words thou - is it possible to get it referenced?11:20
sdakeprobably ends in more yak shaving11:21
portdirect_sdake_: bag o cats <-> wheelbarrow of frogs11:21
portdirect_you gonna be about in 30?11:21
sdakei dunno my kid woke me up at 3am11:22
sdakeso may try to go back to bed but its hard for me to do11:22
portdirect_:/11:22
sdakewhen i'm awake, i'm awake11:22
sbezverksdake: will you have some time today/tomorrow to chat about "operator" and its origins ;-)?11:22
portdirect_I know that dude11:22
sdakesbezverk some shit the cats at coreos invented11:22
sdakesilver bullet for workflow11:23
sbezverksdake: got it11:23
sdakeso thats the origins11:24
sdakeorigin11:24
*** ntpttr has quit IRC11:30
*** ntpttr has joined #openstack-kolla11:31
*** Pavo has quit IRC11:38
sdakesbezverk are you going to +2 that review or -1 it - ryan has set a deadline for today for it to merge11:39
*** portdirect_ has quit IRC11:43
*** Pavo has joined #openstack-kolla11:43
sbezverksdake: I will do it by the end of day today.11:43
sdakewell off to bed11:45
*** sdake has quit IRC11:45
*** neilus has joined #openstack-kolla11:46
*** zhurong has joined #openstack-kolla11:51
openstackgerritPaul Bourke (pbourke) proposed openstack/kolla: Update docs around TrivialFix  https://review.openstack.org/39767211:52
*** eaguilar has joined #openstack-kolla11:52
*** zhurong has quit IRC11:59
*** hfu has joined #openstack-kolla12:01
bjolo_morning12:04
*** zhurong has joined #openstack-kolla12:05
*** hfu has quit IRC12:07
pbourkebjolo_: hey12:08
pbourkebjolo_: what was the latest on your network issue?12:08
bjolo_pbourke, hey12:08
bjolo_we are still troubleshooting it12:08
bjolo_still not working12:08
pbourkecould you paste your ml2_conf.ini at some stage?12:09
bjolo_sure12:09
pbourkeas well as relevant globals12:09
bjolo_give me a few, deploying right now12:09
pbourkecool12:10
bjolo_the take right now is that it is related to openvswitch and neutron-openvswitch-agent communication. As soon as you add a new external bridge, neutron agent keeps disconnecting openvswitch after 1s12:10
bjolo_openvswitch reconnects, just to get disconnected again.12:11
bjolo_and this is only happening for external bridges12:11
bjolo_br-int and br-tun are just fine.12:11
*** hfu has joined #openstack-kolla12:12
pbourkecan some cores please review https://review.openstack.org/#/c/392583/12:13
berendtpbourke reading...12:13
*** tonanhngo has joined #openstack-kolla12:13
pbourkeberendt: its simple enough I just keep looking for that registry script when I clone :)12:13
*** zhurong has quit IRC12:14
*** tonanhngo has quit IRC12:15
*** zhurong has joined #openstack-kolla12:15
bjolo_http://paste.openstack.org/show/589275/12:16
bjolo_pbourke, ^^12:17
Jeffrey4lsup sd12:17
openstackgerritMerged openstack/kolla: Update docs around TrivialFix  https://review.openstack.org/39767212:18
berendtpbourke review done12:20
bjolo_pbourke, here is the neutron-openvswitch-agent log as well http://paste.openstack.org/show/589276/12:20
openstackgerritMartin André proposed openstack/kolla: Update docs around TrivialFix  https://review.openstack.org/39771212:22
pbourkethanks bjolo_, few issues with it here also so will keep you updated12:23
pbourkethanks berendt12:23
openstackgerritzhubingbing proposed openstack/kolla: change network_bw_out to network.bw.out in cloudkitty.conf.j2  https://review.openstack.org/39764112:31
pbourkebjolo_: have you tried setting network_vlan_ranges12:34
*** srwilkers has joined #openstack-kolla12:39
*** berendt has quit IRC12:39
openstackgerritJeffrey Zhang proposed openstack/kolla: DO NOT MERGE: TEST MASTER BRANCH  https://review.openstack.org/32630712:42
*** schwicht has joined #openstack-kolla12:42
*** rhallisey has joined #openstack-kolla12:42
openstackgerritJeffrey Zhang proposed openstack/kolla: Load murano dashbaord dynamic  https://review.openstack.org/39595712:47
*** nadeem_ has quit IRC12:48
*** coolsvap has quit IRC12:50
openstackgerritJeffrey Zhang proposed openstack/kolla: Add neutron vpnaas code into neutron-server container  https://review.openstack.org/39701512:51
openstackgerritzhubingbing proposed openstack/kolla: change network_bw_out to network.bw.out in cloudkitty.conf.j2  https://review.openstack.org/39764112:52
*** schwicht has quit IRC12:53
*** schwicht has joined #openstack-kolla12:55
bjolo_pbourke, no we have not tried vlan ranges since bond0 is not exclusive for neutron. bond0 is network_interface, bond0.820 is tunnel interface etc12:55
openstackgerritJavier Castillo Alcíbar proposed openstack/kolla: Closes-Bug: #1641113  https://review.openstack.org/39772912:55
openstackbug 1641113 in kolla "Error in Task: Creating Ceilometer MongoDB database" [Undecided,Confirmed] https://launchpad.net/bugs/164111312:55
*** zhubingbing has quit IRC12:56
pbourkemaybe neutron still needs to know about the tags though12:56
bjolo_pbourke, few issues at your place? i.e. you can confirm the bug?12:56
openstackgerritPaul Bourke (pbourke) proposed openstack/kolla: Clean up docs around local registry  https://review.openstack.org/39258312:57
*** schwicht has quit IRC12:57
*** dave-mccowan has joined #openstack-kolla13:03
*** eaguilar_ has joined #openstack-kolla13:04
*** eaguilar has quit IRC13:05
openstackgerritJavier Castillo Alcíbar proposed openstack/kolla: Fix ceilometer bootstrap  https://review.openstack.org/39772913:06
*** fguillot has joined #openstack-kolla13:12
*** zhurong has quit IRC13:14
*** hfu has quit IRC13:15
*** sdake has joined #openstack-kolla13:16
*** khamtamtun has quit IRC13:16
*** lamt has joined #openstack-kolla13:16
*** lamt has quit IRC13:16
srwilkersgood morning13:17
sdakesup srwilkers13:18
*** lamt has joined #openstack-kolla13:18
sdakesrwilkers https://www.gliffy.com/go/share/ssmhcjkog50xyl3gensq13:19
*** stvnoyes has quit IRC13:20
srwilkersyes13:20
srwilkersthank you for this sdake13:20
*** hfu has joined #openstack-kolla13:21
srwilkersdiagrams help me much more than walls of scrollback13:21
sdakehappy to help13:21
*** stvnoyes has joined #openstack-kolla13:21
sdake"You will have to imagine the heat."13:22
sdakebest batman ever13:22
srwilkersagreed13:23
*** lamt has quit IRC13:24
openstackgerritJeffrey Zhang proposed openstack/kolla: Map host /proc folder into neutron-l3-agent container  https://review.openstack.org/39773813:25
sdakeit was a little cheesy being around the time of the occupy wallstreet movement13:25
sdakebut other then that it rocked :)13:26
srwilkerslol yeah13:26
srwilkerscall me a fan boy, but Bane was my boy13:26
Jeffrey4lsup sdake13:27
sdakeJeffrey4l sup dude13:27
sdakeJeffrey4l inc0 mentioned you are taking over release liason responsibilities?13:27
Jeffrey4lyes. but need some train ;)13:27
sdakeJeffrey4l just a reminder rlease team likes to see releases on wednesday of release week13:28
sdakewhich is tomorrow in the us13:28
sdakesrwilkers the best part about this movie13:29
sdakeis batman saves the world13:29
sdakeyet escapes being batman13:29
Jeffrey4linc0 said we can release latter, after we have finished our repo split.13:29
sdakewe have to definatley release this week13:29
Jeffrey4lOK.13:30
sdakei will do what i can to get the repo split merged prior to wed13:30
*** portdirect_away is now known as portdirect13:30
*** neilus has quit IRC13:31
Jeffrey4lso, what i need to to is push a PS witch the latest commit hash into openstack/release project, right? sdake13:32
sdakecheck out openstack/releases13:32
sdakeit should be obvious what to do13:33
Jeffrey4lgot.13:33
sdake4.0.0.0b113:33
sdakewait and see if i can get repo split done tho13:33
Jeffrey4lnp.13:33
bjolo_Jeffrey4l, about https://review.openstack.org/#/c/397738/113:33
bjolo_what are the symptoms of this?13:34
Jeffrey4lsdake,  what's other responsibilities of release liason?13:34
sdakejust tagging releases13:34
bjolo_i have some weird neutron behavior, just wondering if all/part of it could be related to your PS13:34
*** hfu has quit IRC13:34
sdakehopefully not releasing stuff thats doa13:34
Jeffrey4lbjolo_, check the bug description.13:34
Jeffrey4lbjolo_, https://bugs.launchpad.net/kolla/+bug/164194613:34
openstackLaunchpad bug 1641946 in kolla newton "l3 ha router need access /proc filesystem" [Undecided,New]13:34
bjolo_l3 agent needs access to /proc13:35
bjolo_ok, but why? what happens if it does not have access?13:35
bjolo_nm13:36
bjolo_read the bug on LP13:36
Jeffrey4lneed not sure. it makes some configuration for the devices. let me check the sysctl: cannot stat /proc/sys/net/ipv6/conf/qg-79ecb185-50/accept_ra13:36
bjolo_not related to my issue13:36
Jeffrey4lwhat u got? bjolo_13:36
*** zhubingbing_ has joined #openstack-kolla13:37
bjolo_trying to have multiple external flat networks13:37
bjolo_http://paste.openstack.org/show/589275/13:37
bjolo_have not open bug yet cause it feels like we have not narrowed it down what the issue is13:38
*** Pavo has quit IRC13:38
Jeffrey4l2016-11-15T12:15:51.586Z|01155|rconn|INFO|br-vlan805<->tcp:127.0.0.1:6633: connection closed by peer13:38
*** neilus has joined #openstack-kolla13:38
Jeffrey4l^^ this ip address is wrong.13:38
Jeffrey4lneed use a api_interface_address.13:39
bjolo_hmm13:39
bjolo_one external flat works great13:39
*** neilus has quit IRC13:39
bjolo_as soon as you have 2 external flat or more, it breaks13:39
*** neilus has joined #openstack-kolla13:39
Jeffrey4lhmm weird13:41
bjolo_where does br-vlan805 get its IP from?13:41
*** jheroux has joined #openstack-kolla13:41
bjolo_we dont have any config for openvswitch really13:41
bjolo_http://paste.openstack.org/show/589276/13:42
bjolo_the log from neutron-openvswitch-agent13:42
sdakesrwilkers you know what i don't get about tihs batman series13:43
*** Pavo has joined #openstack-kolla13:43
sdakeis they didn't follow it up with a robin spinoff13:43
*** neilus has quit IRC13:44
Jeffrey4lwhat 6633 port is ?13:45
bjolo_manger port on neutron-openvswitch-agent13:46
bjolo_all bridges connect via loopback 127.0.0.113:46
bjolo_http://paste.openstack.org/show/589286/13:46
bjolo_br-tun and br-int does not get disconnected13:46
*** neilus has joined #openstack-kolla13:46
bjolo_the weird thing is that in the neutron code, it should disconnect a client after 10s if it does not get a heartbeat13:47
bjolo_but for us it is done instantly13:47
Jeffrey4lyep.  no idea ;( , i will try to deploy neutron with two flat network later.13:50
*** chas_ has quit IRC13:52
*** chas_ has joined #openstack-kolla13:52
*** zhubingbing_ has quit IRC13:53
*** chas__ has joined #openstack-kolla13:54
*** neilus has quit IRC13:54
*** chas_ has quit IRC13:56
*** khamtamtun has joined #openstack-kolla13:58
*** neilus has joined #openstack-kolla14:03
Jeffrey4lsdake, what the last release date in utc? Nov 18, 00:00?14:03
sdakeJeffrey4l its not super strict14:03
*** berendt has joined #openstack-kolla14:05
*** coolsvap has joined #openstack-kolla14:05
Jeffrey4lok14:05
openstackgerritcaoyuan proposed openstack/kolla: Add tacker doc link into README.rst  https://review.openstack.org/39775814:08
*** papacz has quit IRC14:11
*** tonanhngo has joined #openstack-kolla14:12
*** tonanhngo has quit IRC14:13
*** eaguilar_ has quit IRC14:14
openstackgerritJeffrey Zhang proposed openstack/kolla: Map host /proc folder into neutron-l3-agent container  https://review.openstack.org/39773814:15
*** awiddersheim has quit IRC14:15
srwilkerssdake: yes, im very surprised/disappointed about that14:15
srwilkersthey set it up perfectly14:15
srwilkersand just let it go14:15
*** schwicht has joined #openstack-kolla14:15
*** stvnoyes has left #openstack-kolla14:16
*** khamtamtun has quit IRC14:16
openstackgerritJeffrey Zhang proposed openstack/kolla: neutron-l3-agent needs access host /proc filesystem  https://review.openstack.org/39773814:17
*** awiddersheim has joined #openstack-kolla14:19
sdakeJeffrey4l pid_mode: host for neutron ?14:20
Jeffrey4lsdake, for neutron-l3-agent service only.14:21
sdakeJeffrey4l you need host proc for what?14:21
Jeffrey4lcheck the bug descript.14:21
Jeffrey4lsdake, https://launchpad.net/bugs/164194614:21
openstackLaunchpad bug 1641946 in kolla newton "l3 ha router use host proc filesystem" [Undecided,New]14:21
sdakeJeffrey4l is there no better way to map the host proc?14:22
Jeffrey4li have no idea what this /proc/sys/net/ipv6/conf/qg-79ecb185-50/accept_ra is used for. but it raise error, so..14:22
Jeffrey4ldirect use `docker run -v /proc:/proc` won't work.14:22
Jeffrey4lso i think no. ;(14:22
sdakeJeffrey4l did you reference google?14:23
Jeffrey4ldocker run -v /proc:/hostproc works. but neutron do not read/change kernel configuration from that folder.14:23
Jeffrey4lno.14:23
*** sdake has quit IRC14:23
Jeffrey4llet's me check it14:23
*** chas__ has quit IRC14:24
*** sdake has joined #openstack-kolla14:24
*** chas_ has joined #openstack-kolla14:25
*** eaguilar has joined #openstack-kolla14:25
sdakeJeffrey4l https://github.com/docker/docker/issues/1339814:25
sdaketry bindmount of proc with --net=host14:25
sdake--net=host far less damaging then --net=pid14:26
sbezverksdake: I am reading about operators, a bit confused. Is the app specific logic coded in a special image they run as in  example of etcd operator?14:26
Jeffrey4lsdake, we are using --net=host for all containers.14:26
Jeffrey4lit won't be helpful for this case.14:27
sdakesbezverk seems like i've answered that q alot ;)14:27
sdakesbezverk there is a thing called a controller14:27
Jeffrey4ll3-agent need access the /proc file directly.14:27
sdakea controller is python intelligent agent14:27
sdakethe controller is loaded into a docker container14:28
sbezverksdake: do you have an example how they extend "kind" and what is exactly inside of this special image?14:28
Jeffrey4land current docker do not support mount /proc:/proc14:28
Jeffrey4ldocker run --net host -v /proc:/proc --privileged centos:7 bash14:28
Jeffrey4ldocker: Error response from daemon: oci runtime error: rootfs_linux.go:53: mounting "/proc" to rootfs "/home/docker/overlay2/41a66251017eaff9b7d05450562cd038c6939e38d5f4eed127c5d95e996370be/merged" caused "\"/home/docker/overlay2/41a66251017eaff9b7d05450562cd038c6939e38d5f4eed127c5d95e996370be/merged/proc\" cannot be mounted because it is located inside \"/proc\"".14:28
sdakehow about proc:/proc_host14:29
Jeffrey4lbut neutron will still read the file in /proc14:29
sdakesymlink?14:29
*** inc0 has joined #openstack-kolla14:29
Jeffrey4lhe hasn't no idea about the /proc_host folder, unless this is configurable in neutron.14:29
inc0good morning14:29
sdakesup inc014:29
Jeffrey4lhmm symlink? let me think..14:29
Jeffrey4linc0, morning14:29
sdakeJeffrey4l pid mode host is special sauce14:30
inc0what news?14:30
srwilkershey inc014:30
*** chas_ has quit IRC14:30
Jeffrey4lbtw, we use pid mode in several containers.14:30
sdakeshould only be used in libvirt14:30
*** lrensing has joined #openstack-kolla14:30
inc0Jeffrey4l, which ones besides libvirt?14:31
Jeffrey4lceph-osd  telegraf and libvirt14:31
sdakesbezverk extend "kind"?14:32
sdakesbezverk could you define king14:32
sdakesbezverk inside special image is  a python shell script14:32
sdakesbezverk or some other type of binray14:32
sdakelanguage is unimportant14:32
sdakesbezverk check this out, maybe it will help https://www.gliffy.com/go/share/ssmhcjkog50xyl3gensq14:33
sbezverksdake: here is what they have in etcd operator cluster example: kind: "EtcdCluster"14:33
*** papacz has joined #openstack-kolla14:33
sbezverksdake: kind etcdcluster does not exist by default14:33
sdakeEtcdCluster is a thirdparty resource iiuc14:33
sbezverkso they extended it some how, I thought you might know how.14:33
sdakecheck out the diagram14:34
Jeffrey4linc0, we are talking this issue and related pid_mode https://bugs.launchpad.net/kolla/+bug/164194614:34
openstackLaunchpad bug 1641946 in kolla newton "l3 ha router use host proc filesystem" [Undecided,New]14:34
sbezverksdake: sorry diagramm looks more like a marketing slide to me. I wanted to see code example :-)14:34
inc0Jeffrey4l, this looks like issue with shared netns isn't it?14:35
*** papacz has quit IRC14:35
Jeffrey4linc0, no. netns is related to /run/netns only.  in this issue, l3-agent try to change some kernel parameter for certain devices.14:35
Jeffrey4lit is different.14:35
Jeffrey4lfyi:   If you don’t want a host to automatically configure an address and route then you could disable this behaviour by writing “0″ to /proc/sys/net/ipv6/conf/*/accept_ra.14:36
*** eaguilar_ has joined #openstack-kolla14:37
inc0Jeffrey4l, so we need to make l3 agent run with pid=host?14:37
*** eaguilar has quit IRC14:37
*** jtriley has joined #openstack-kolla14:37
Jeffrey4lyep only in this way, the l3-agent can touch this file, imo.14:37
sdakesbezverk are you familiar with the thirdpartyresource kind?14:38
*** fguillot has quit IRC14:39
*** schwicht has quit IRC14:40
inc0http://stackoverflow.com/questions/23840737/how-to-remount-the-proc-filesystem-in-a-docker-as-a-r-w-system Jeffrey4l can you try this remount14:40
inc0?14:40
sbezverksdake: in terms of kubernetes no, have not seen it before..14:40
inc0maybe it has issues with creating this file in the first place14:40
inc0or rather...what does create this file? ovs-agent?14:40
sdakesbezverk https://github.com/kubernetes/kubernetes/blob/master/docs/design/extending-api.md14:41
Jeffrey4lit should be created by kernel when this device is created.14:41
inc0have you tried to -v /run/netns?14:41
sdakeinc0 i think that remount looks good with --net=host14:41
Jeffrey4linc0, neutron-l3 is started with -v /run/netns parameter.14:42
Jeffrey4li will run the remount solution.14:42
*** lrensing has quit IRC14:42
Pavomorning14:43
*** lrensing has joined #openstack-kolla14:43
sdakesbezverk that is where that resource originates from14:44
v1k0d3nmorning guys.14:45
srwilkersmorning v1k0d3n14:45
inc0o/14:45
*** khamtamtun has joined #openstack-kolla14:45
inc0ehh sdake you want resource "keystone" just instead of well...pod?14:46
sdaketo control and manage the pod dynamically it is mandatory14:47
sdakeif we just want workflow, we got a shell script  for that14:48
sdakethat we could run from the cli14:48
inc0you are aware that there is more to it right?14:49
inc0upgrades can be solved systematically, without need of writing dedicated blob per service14:49
*** khamtamtun has quit IRC14:50
sdakehttps://github.com/openstack/kolla-kubernetes/blob/master/tests/bin/ceph_workflow.sh14:50
inc0really sdake? you show me shellscript that works on aio and it's meant for aio?14:50
sdakeits multinode14:50
sdakepoint being there is workflow without operators14:51
inc0but it's racey, it's not HA14:51
sdakei agree, the workflow in shell is terrible14:51
inc0and has many different issues single shellscript has14:51
inc0let's do this, just write a damn keystone operator14:51
sdakeworking on it14:52
inc0and start talking based on substance instead of misunderstandings14:52
inc0ok, so let's shelve this discussion for when we have something to show for14:52
*** eaguilar_ has quit IRC14:52
inc0in the meantime me, v1k0d3n and others who agree with entrypoint'ish solution will work on it ok?14:53
sdakeinc0 training people, validating ideas14:53
inc0I think idea is invalid, but prove me wrong please14:53
sdakesweet two parallel implementations14:53
inc0yes, PoCs14:53
sdakedivsive14:53
inc0you won't be swayed14:53
inc0it's Elemental over and over again14:54
sdakeyour actually wrong about the swayed part14:54
inc0I hope so14:54
sdakei was swayed on elemental14:54
inc0after I've shown you example14:54
sdakeand kfox1111_away has offered up a compromise14:54
inc0which is?14:54
sdakefor cats that really tihnk they want to jerk around with entrypoint14:54
sdakemake entrypoint init containers, but not pollute the entire container repo with entrypoint14:55
sdakemake it optional and default to off14:55
inc0thats fine14:55
inc0well14:55
sdakei'm not sure where rhallisey stands on that14:55
*** lamt has joined #openstack-kolla14:55
inc0at the end let's have single solution14:55
inc0whichever is best14:55
sdakethat would be a single solution14:56
inc0but I want solution that will allow us to deploy prod-ready and tested by ovata14:56
sdakeyou choose between entrypoint and non-entrypoint14:56
inc0single solution...14:56
sdakesince all the complaints seem to be about entrypoint14:56
inc0name them please14:56
sdakename which?14:56
sdakeits in the spec14:56
sdakenonstop bitching about how we should choose tech X "because"14:57
*** neilus has quit IRC14:57
v1k0d3ninc0: yes, i agree with entrypoint.14:58
sdakev1k0d3n do you not agree with operator?14:58
v1k0d3noperator...i'm a huge fan, and this is a great thing (this is why i brought up), but i kind of wish i didn't now because the amount of work to get right is very large.14:59
v1k0d3ni dont think we fully understand exactly how much work this will take to do correctly.14:59
inc0unless I miss something there aren't really any issues with entrypoint if that's external to actual container14:59
inc0we need someting to deploy, upgrade, reconfigure14:59
*** fguillot has joined #openstack-kolla14:59
rhalliseyya we can have entrypoint as long as it doesn't interupt any of the other options14:59
inc0rhallisey, it won't, it never would15:00
v1k0d3nentrypoint, when done correctly (current stackanetes entrypoint can be improved on) is the way for us forward. and honestly, we need to put this to rest...because at the moment, there's a lot of back and forth.15:00
v1k0d3nrhallisey: it won't15:00
rhalliseycan you guys look at the argument in the spec15:00
v1k0d3ninc0: and i talked and it can be done.15:00
inc0I wouldn't allow it to affect ansible or tripleo in any way15:00
sdakei think entrypoint is completely unnecessary, but am open to compromise on the point as mentioned above15:00
rhalliseyI laid out an argument against entrypoint15:00
v1k0d3ni'll be back. have to reboot guys.15:00
v1k0d3none sec15:00
*** v1k0d3n has quit IRC15:00
rhalliseyinc0, check the spec comments15:01
rhalliseywould like to know more thoughts15:01
inc0checking comments15:01
*** neilus has joined #openstack-kolla15:01
inc0rhallisey, so here's thing, there is significant difference between k8s and compose15:02
inc0one that we'll leverage and will fix issues from compose15:02
rhalliseyno there isn't15:02
inc0we do have signle source of truth15:02
inc0we can query k8s about state of dependencies15:02
*** neilus has quit IRC15:02
inc0not look at containers and crap15:02
*** v1k0d3n has joined #openstack-kolla15:02
rhalliseyI'm not talking about the deps15:02
sdakeinc0 this needs your ack: https://review.openstack.org/39690315:02
inc0add that to proper readiness probes and it's no longer racey15:02
rhalliseydeps are 1/1000 of the lifecycle problem15:03
sdakeit  is blocking Jeffrey4l 's tag15:03
inc0so trust me (as someone who wrote upgrades in ansible) you don't want to write python code to solve this complexity15:03
inc0there are better way15:03
inc0ways15:03
sdakethe idea that adding readiness probes removes raciness is an oxymoron15:04
inc0sdake, upstream: https://github.com/sdake/kolla.git <- what this line does?15:04
sdakeinc0 that is a snapshot of the kolla repo on saturday15:05
*** eaguilar has joined #openstack-kolla15:05
sdakewith all tags and branches removed15:05
inc0kk15:05
inc0and in project config it will copy it then line becomes redundant right?15:05
sdakei'd update it but it took me couple hours to make that repo in the first place15:05
sdakethen infra removes it15:05
inc0and no, readness probes aren't oxymoron, it's logic that will tell k8s that pod is up15:06
sdakewe had that in compose just not in readiness probes15:06
rhalliseydid you read the whole argument?15:06
rhalliseythere are multiple points15:06
sbezverksdake: are you working on "operator" PoC? I would like to participate as I think this approach is more "kubernetes" like..15:07
sdakesbezverk welcome to the party15:07
inc0rhallisey, debugging and other operational stuff is done by proper toolset around15:07
sdakesbezverk lets get together today on webex and you can bring me up to speed on how to use my cluster ;)15:07
v1k0d3nbtw, i am on a meeting with Quentin from CoreOS about entrypoint.15:07
inc0v1k0d3n, maybe you could ask one of their guys to join here and clear up misunderstandings one for all?15:08
*** chas_ has joined #openstack-kolla15:08
inc0since they invented thing15:08
sdakethe only one that has a misunderstadning is you inc0 :)15:08
*** tonanhngo has joined #openstack-kolla15:08
inc0and yet I am in agreement with v1k0d3n who brought up this topic and spent lots of time talking with coreos about it15:09
v1k0d3ninc0: i am suggesting this now.15:09
inc0thank you15:09
*** tonanhngo has quit IRC15:09
sdakeinc0 if  it makes you feel any better tripleo is never going to use entrypoint, it wont work with their arch15:09
sbezverksdake: sounds good, I hope it is still alive, I mean the cluster15:10
inc0tripleo shouldn't use kolla-k8s at all, unless they really want to just shoot and forget deployment15:10
*** chas__ has joined #openstack-kolla15:10
inc0without adding any orchiestration around15:10
rhalliseythey could if we layer properly15:10
sdakeif we jam entrypoint into all the images with readiness probes15:10
inc0I've never heard TripleO saying that they plan to deploy kolla-k8s15:10
inc0sdake, not-in-images15:10
sdakethey plan to deploy the containers15:11
inc0we can do it outside of images15:11
rhalliseyI haven't either o.o15:11
inc0you're not listening to me15:11
sdakeinc0 obviously i am, there is lag15:11
sdakeinc0 what I dont understand is your extremely strong desire for entrypoint, ok i don't understand it, but if you want it, we make it available15:12
inc0sdake, I want to have deployment done by Ocata15:12
rhalliseyI think we will15:12
inc0and we just spent 2 weeks without solving any issue15:12
sdakewe solved a whoel bunch of issues15:12
rhalliseywe did solve a lot of things15:12
inc0and I'm afraid you greatly underestimate complexity of operators15:12
*** chas_ has quit IRC15:13
inc0ok, not an dependency issue15:13
inc0while we have working tested solution15:13
sdakedefine *WE*15:13
inc0that CoreOS likes, (again, they invented operators)15:13
sdakeis this *WE* the kolla community?15:13
rhalliseytested working solution does not mean it's the best solution15:13
inc0WE as people trying to deploy openstack on k8s15:13
sdakeor *WE* some other magical entity?15:13
inc0and yes, partially kolla community15:14
inc0as I hope I'm still part of it15:14
*** lrensing has quit IRC15:14
sdakefrankly I'm not out to solve othe people's problems15:14
rhalliseydoesn't matter who brought up operators, we were toying with the concept before this.  Now we have a name for it15:14
sdakeexcept those that accept our mission statement15:14
*** QuentinM has joined #openstack-kolla15:14
inc0rhallisey, but never as thing to solve all our deployment problems15:14
*** chas__ has quit IRC15:15
inc0fencing pod is an operator almost15:15
*** lrensing has joined #openstack-kolla15:15
inc0and it's great, let's use operators for hard stuff like fencing15:15
inc0but not for *everything*15:15
rhalliseywe were using the same concept with ansible15:15
inc0that's my argument15:15
rhalliseyno we were using the same concept15:16
inc0you mean with kolla-toolbox?15:16
rhalliseyit just wasn't in a pod15:16
*** schwicht has joined #openstack-kolla15:16
inc0yes, but k8s is not ansible, we can just dump ansible into container and that's operator for you15:16
inc0just not really k8s native way of doing things15:16
sdakeinc0 the problem with that is it completely lacks any form of control15:17
inc0no15:17
sdakean operator provides control15:17
inc0I promise you it there is lots of control15:17
inc0by modyfying end-state15:17
rhalliseythis is where we have a disagreement.  I don't believe we need to make openstack fit perfect to the kubernetes way of doing things.  OpenStack should not have to go 100% of the way there15:17
inc0rhallisey, aside from databases, I think we can15:18
inc0well with few exceptions15:18
inc0but most of it, yes15:18
*** fguillot has quit IRC15:18
inc0and yes I am talking about upgrades and reconfigure too15:18
*** igordcar1 has quit IRC15:19
rhalliseyso my opinion, going to do that ends in major disaster or openstack re writes itself to fit the kube model15:19
inc0ok...what's wrong with it then?15:19
inc0in your opinion?15:19
*** igordcard has joined #openstack-kolla15:19
inc0what prevents us to run is close to k8s native model?15:19
*** fguillot has joined #openstack-kolla15:19
sdakea lack of operators ;)15:19
rhalliseysolving the complex problem beyond deploy15:19
rhalliseyproblems*15:20
inc0rhallisey, that's true in every application15:20
inc0and still, I promise you can be done15:20
sdakeyup that is why operators are a silver bullet15:20
rhalliseyya except every application is not openstack15:20
sdakefor orchestration of complex applications15:20
rhalliseynot every application is a complex application15:20
inc0but there are complex applicaitons15:20
rhalliseynot every application has 1million ways to be configured15:20
inc0much more of them15:20
inc0cassandra for example - waaaaay more complex than openstack15:21
sdakeprometheus is an example of a complex application15:21
rhalliseynot nevery application spans all the way from the bottom to the top of the stack15:21
inc0in terms of management15:21
sdakeit uses..... oeprators.15:21
inc0ehh, I give up, you write a poc of operator15:21
rhalliseywe are :)15:21
inc0and I'll be happy to be proven wrong that it's not hyper work intensive15:21
rhalliseyroger15:21
rhalliseyI laid out the argument in the spec15:22
rhalliseyI'm going to add it to why in my next patch15:22
inc0yes, 1. not a compose, nto same problems15:22
inc02. debugging is done by tools outside of deployment15:22
SerlexAnyone having problems setting sysctl values during deploy?15:22
rhallisey3. client vs server side15:22
*** neilus has joined #openstack-kolla15:23
rhalliseyI'll lay it out in the spec and you can comment15:23
*** neilus has quit IRC15:23
inc0ok, thank you15:23
rhalliseycool :)15:23
*** neilus has joined #openstack-kolla15:24
sdakeinc0 this needs an ack: https://review.openstack.org/39690315:24
inc0acked15:24
*** eaguilar has quit IRC15:26
*** TxGirlGeek has joined #openstack-kolla15:27
*** coolsvap has quit IRC15:29
*** tonanhngo has joined #openstack-kolla15:32
*** bmace has quit IRC15:33
*** papacz has joined #openstack-kolla15:37
*** Pavo has quit IRC15:38
v1k0d3nso guys, i talked with QuentinM from coreos for a while about stackanetes, entrypoint, operators, etc...and i think everyone wants to collaborate here.15:38
*** Pavo has joined #openstack-kolla15:38
v1k0d3ni think there's a misunderstanding about operators vs entrypoint. in fact, the conversation shouldn't be "vs" per say...but along with in the distant future.15:39
v1k0d3nentrypoint is the logic needed to make containers/applications self-aware, and ready for scheduling in a distributed system.15:39
v1k0d3noperator is different logic; this is how the daily operator would upgrade, scale, and resolve upgrade issues (if i understand correctly). that's not exactly the same thing.15:40
v1k0d3nQuentinM: can you share your thoughts in working with stackanetes?15:40
sdakev1k0d3n i disagree with the distant future thing :)15:41
v1k0d3nok. well, can we determine what the greater group agrees on?15:42
*** adrian_otto has joined #openstack-kolla15:43
sdakev1k0d3n yes we have a rollcall vote for exactly this problem15:43
inc0can we do PoCs of solutons please?15:43
v1k0d3nor, can we start collaborating on PoC's to move this forward?15:43
sdakev1k0d3n typically specs require a rollcall vote from the core reviewers15:43
v1k0d3nlol15:43
v1k0d3nsame thought there inc015:43
inc0I mena really, no plan ever survived facing the enemy15:43
*** gagehugo has joined #openstack-kolla15:43
sdakeinc0 i don't get the analogy15:44
v1k0d3nok, so i have a question sdake15:44
inc0if we can't deliver mariadb and keystone co-deployment PoC quality soon, that's no-go for Feb anyway15:44
v1k0d3nhas anyone reached out to folks at CoreOS to fully understand operator logic?15:44
sdakev1k0d3n i can't speak for others, but I haven't15:45
pbourkeawiddersheim: hey andrew question, how sure are you that 'gather_facts: false' is required in site.yml to prevent ansible gathering twice15:45
v1k0d3nand since they (along with Intel) are using entrypoint...it seems logical that they would understand the differences.15:45
sdakeinstead I quizzed 75-100 people at CNCF about the model15:45
sdakeso i got a varied lot of answers rather then one co's viewpoint15:45
sdakeor two co's viewpoints15:45
sdakeand none of these people i quizzed had horses in the race15:46
QuentinMOperators are here to help managing complex stateful applications such as etcd or galera.15:46
sdake(as in they didn't have a COI)15:46
inc0o/ QuentinM thanks for joining us15:46
QuentinMThey are designed to help Kubernetes taking smart actions on failures15:46
QuentinMTo re-establish quorum properly for example15:46
awiddersheimpbourke: pretty sure15:47
sdakeQuentinM what about application control?15:47
QuentinMThey aren't meant to be used for every single application.15:47
pbourkeawiddersheim: ok I'll check it out further, just not seeing that in any examples online15:47
pbourkeawiddersheim: not a huge deal15:47
awiddersheimok15:47
awiddersheimthere are some other ways to do that which might be a little cleaner looking but15:47
QuentinMSay keystone-api, what do you need Kubernetes to do? Run a healthcheck, kill and restart the container if it fails. Pretty simple, can already do it.15:47
awiddersheimthat is what we decided on15:47
pbourkeawiddersheim: have a small change I'll prob submit soon that would appreciate you having a look15:47
awiddersheimsure15:48
pbourkeawiddersheim: (around the fact gathering stuff again)15:48
inc0QuentinM, more than this, for example nova upgrades are multi-step process15:48
QuentinMWhat else do you need to do with keystone-api? Maybe check if rabbitmq is available first and where it is15:48
*** openstackgerrit has quit IRC15:48
inc0rather than just rolling code15:48
QuentinMinc0: init container15:48
*** openstackgerrit has joined #openstack-kolla15:48
QuentinMinc0: jobs15:48
*** chas_ has joined #openstack-kolla15:48
sdakeQuentinM keystone contianer -> reconfigure and upgrade15:48
sdakeQuentinM we also do config merging in kolla15:49
inc0QuentinM, are operator meant to for example call jobs in correct order?15:49
sdakeQuentinM we expect the operator to handle that15:49
QuentinMswap configmap and change image?15:49
sdakeQuentinM ok lets take something more complex like nova+neutron15:49
sdakehow precisely would you upgrade those by swapping images15:49
*** absubram has joined #openstack-kolla15:50
QuentinMfor ordering jobs, containers and such, we use an entrypoint that queries the kubernetes API and the required resources15:50
QuentinMeach app is made self-aware15:50
sdakethat doesn't solve upgrades for nova does it inc0?15:51
inc0it can15:51
sdakeQuentinM the only way that would work viably is if entrypoint had some logic customized for each service15:51
inc0with a bit tweaked entrupoint model15:51
sdakewhy do it in the container when it can be done outside the container15:51
inc0in fact, we can do whatever with this model as every workflow can be done by set of self-dependand jobs15:51
inc0I promise you that I can handle upgrades with entrypoint model on speed that I'm working on15:52
sdakeQuentinM i'd suggest having this conversation with kfox1111_away and rhallisey  - they are the two cats leading this merry bunch15:52
openstackgerritcaoyuan proposed openstack/kolla: Move the "enable_destroy_images" into configure file  https://review.openstack.org/39763315:53
sdakeQuentinM i'm an innocent bystander ;)15:53
*** chas_ has quit IRC15:53
sdakesame msg for you inc015:53
inc0QuentinM, if you don't mind hanging out here, I'll point Ryan and Kevin (2 other cores from kolla-k8s) to this irc log and we'll have more questions15:54
sdakeone question I do have is, what is all the pushback on operators about?15:54
inc0I think I have fair grasp about operator idea, but we have some misunderstandings here15:54
sdakeis it about the ocata schedule?15:54
inc0sdake, it's about solving problem with tool not meant for it15:55
inc0increasing complexity tremendously while at it15:55
sdakeany other complaints?15:55
inc0well, there will be when we write I bet15:56
sdakeall the cats i spoke to at CNCF said workflow was never going to happen in kubernetes the only viable solution was controllers15:56
inc0because we'll need to reinvent multiple wheels15:56
sdakesame cats also said workflow was never going to happen in helm15:56
inc0so I don't think anybody created perfect solution for it15:56
inc0because operators I've seen - not a workflow15:57
inc0and yes, I potentially can see operator'ish soluton that will deal with workflows15:57
sdakeQuentinM could you explain to inc0 how resize in the etcd operator is a workflow?15:57
* rhallisey is reading15:57
sdakeTIA :)15:57
inc0and in fact, that's what I'm writing as we speak15:57
rhalliseyI can't write an email15:57
rhalliseybecause the log blows up every 10 min15:57
rhalliseyO.o15:57
inc0rhallisey, yeah.15:57
rhallisey:)15:57
sdakeso ryan set a deadline of today to merge the spec15:58
inc0rhallisey, QuentinM is from CoreOS, I'm pretty sure we've met in BCN15:58
sdakelets either get it merged or abandon it15:58
inc0no, let's come up with good solution15:58
sdakefeel free to chime in on the spec15:58
inc0I will15:58
*** dave-mccowan has quit IRC15:59
inc0once Ryan adds issues with entrypoint15:59
rhalliseyto many things going on at once :)15:59
rhalliseyI'll finish the spec real quick15:59
rhalliseynext iteration*15:59
sdakemay I point people at the following:16:00
*** TxGirlGeek has quit IRC16:00
sdakehttps://github.com/openstack/kolla-kubernetes/blob/master/specs/README.rst16:00
*** TxGirlGeek has joined #openstack-kolla16:01
Pavosdake typo16:02
Pavorefelcts16:02
Pavoshould be reflects16:02
*** unicell has joined #openstack-kolla16:03
*** mgiles has joined #openstack-kolla16:04
*** unicell1 has quit IRC16:05
QuentinMinc0: I agree with you16:06
QuentinMinc0: Workflow should not depend on external services but each piece should be aware of its surroundings.16:06
inc0well, there is value of having external mgmt16:07
QuentinMinc0: Let me see if I can pull one of the original operator author so he can discuss a bit deeper the pros/cons.16:07
QuentinMinc0: there is16:07
inc0that would be awesome, thanks16:07
*** zhubingbing_ has joined #openstack-kolla16:08
zhubingbing_hello guys16:08
sdakerhallisey debate - which is better diamonds or gold?16:12
rhalliseythat's a complex q16:12
rhalliseyor are you asking me to debate it16:12
rhalliseyor want to know my opinion16:13
sdakeasking your opinion16:13
Pavodiamonds last forever16:13
sdakepavo so does gold :)16:13
srwilkersgold is malleable and can change if we need it to16:13
inc0jewels gold+diamonds;)16:13
srwilkersdiamonds dont16:13
rhalliseysdake, I would say gold16:14
sdakewhy rhallisey16:14
inc0diamond can cut gold, not the opposite16:14
rhalliseysdake, the market16:14
zhubingbing_I'm starting to contribute to k8s next week. -)16:14
sdakesrwilkers you analyzd correctly, but what is your opinion on better ;)16:14
inc0zhubingbing_, prepare your brain for bending;)16:15
srwilkerssdake: gold, for that reason16:15
openstackgerritMerged openstack/kolla: Ansible-ize OpenStack Designate  https://review.openstack.org/35326116:15
zhubingbing_K8s used before.16:15
sdakeanyone else care to hazard a guess?16:16
inc0I need to get to markets16:16
inc0but I'm afraid of my hot headiness16:17
sdakehttp://www.minecraftforum.net/forums/minecraft-discussion/survival-mode/283336-diamond-vs-gold16:17
*** dave-mccowan has joined #openstack-kolla16:17
sdakemy kids are fans of minecraft16:17
inc0minecraft is cool16:17
sdakei think those cats did a good job of modeling diamonds and gold - worth a read ;)16:18
srwilkersmy first exposure to containers was making an image to spin up a minecraft server i still use at home16:18
inc0when they create ALU in it, you won at parenting16:18
sdakeparenting is a lifelong thing16:18
sdakeyou never win at parenting16:18
sdakeyou die first trying16:18
inc0so is knowledge of ALUs16:19
*** chas_ has joined #openstack-kolla16:19
sdakesrwilkers my first exposure was starting kolla ;-)16:19
srwilkerssdake: you win16:20
sdakesrwilkers literally didn't know a thing about docker prior to spinning up the project16:20
srwilkersthats actually pretty encouraging16:20
PavoI know the feeling sdake16:20
portdirecthey guys, i think on the issue of diamonds vo gold i can help, following esensive research i've concluded that16:20
*** zhubingbing_ has quit IRC16:21
srwilkersill remember that the next time i feel like my heads swimming and i dont know wtf im doing16:22
*** chas_ has quit IRC16:23
*** fguillot_ has joined #openstack-kolla16:27
kfox1111_awaymonring.16:28
sdakesup kfox1111_away16:28
*** fguillot has quit IRC16:28
inc0kfox1111_away, howdy16:28
*** kfox1111_away is now known as kfox111116:28
sdakeyou missed the diamonds wo gold discussion16:28
inc0read the log plz;)16:28
inc0not about this one16:28
sdakerather vo gold discussion16:28
kfox1111seems long. how far back?16:28
inc0around when QuentinM showed up:)16:29
sdakewhenever inc0 woke up ;)16:29
kfox1111about 10:14?16:30
kfox1111reading...16:30
*** mgoddard_ has joined #openstack-kolla16:30
inc0operators16:30
inc0disclaimer QuentinM is from CoreOS, and I really think we have some disconnect on what operators are meant to be16:30
sdakeplanning paralysis rocks16:31
sdakei'm experiencing this at work16:32
sdakeand also at work upstream16:32
sdakei guess that is a nick in diamond's favor16:32
QuentinMinc0: let's wait for the appropriate engineer to show up and discuss more technically with you guys what it means. while I am experienced with Kubernetes, the original authors are fairly more experienced on that particular area!16:33
QuentinMinc0: west side timezone16:33
*** mgoddard has quit IRC16:33
openstackgerritJeffrey Zhang proposed openstack/kolla: Load murano dashboard dynamic  https://review.openstack.org/39595716:34
sdakesup adrian_otto16:34
sdakebeen awhile since i've seen you here16:34
qwanggood morning16:35
adrian_ottohey there. I am on a video conference and running my team meeting in #openstack-meeting-alt right now, so attention very divided.16:35
sdakeroger16:35
sdakesup qwang16:35
adrian_ottook, so is there any additional input we should consider on 395957 before going through the merge process?16:35
adrian_ottoack, see now I am distracted, using the wrong channel16:36
sdake;)16:36
sdakesorry about that16:36
inc0QuentinM, no problem, just getting Kevin up to speed, appreciate that16:36
sdakeQuentinM what would help most is if those folks commented on teh specification16:37
*** egonzalez90 has quit IRC16:37
portdirectjust looking at it 395957, does horizon support a db cache backend- it looks abit confisuing from the config? murano-dashboard needs this for complex topologies.16:38
inc0sdake, ;et16:38
inc0sdake, let's not add too much work to this discussion16:38
inc0gerrit workflow is not something people are used to normally16:38
inc0but regardless, let's have discussion16:39
kfox1111almost caught up....16:39
kfox1111ok. not caught up with the spec chagnes (please lets get the spec right rather then push something through for a tight deadline?)16:39
kfox1111will look at those in a bit.16:39
kfox1111so... entrypoint vs operators.16:40
kfox1111I think they are mostly ortoganal but have some overlap.16:40
inc0well, not exactly orthogonal (I agree they are) but question is, what will solve deployment16:40
inc0and upgrades16:40
inc0and reconfigure16:41
inc0so more universal tasks that aren't project specific16:41
kfox1111I'm ok with self aware containers for some types of healing. but I also really am nervious about workflow being scattered about where a human operator can't easily debug / override it, or where unexpected results happen.16:41
inc0kfox1111, no argument there, but I think that's something that can be solved by proper debugging methodology/external tooling16:42
kfox1111the more embeded the workflow is in the containers thoguh, the harder it is to debug. or disable when it fights you.16:42
inc0also API to "entrypoint" is not defined yet, we can figure out something easily debugabble16:42
openstackgerritRyan Hallisey proposed openstack/kolla-kubernetes: Spec - Kolla-Kubernetes Deployment Architecture  https://review.openstack.org/39225716:43
rhalliseyreview ^16:43
rhalliseyI need a quick bite16:43
inc0but init-containers based workflow is not that bad16:43
kfox1111inc0: distributed is always harder to debug then centeralized.16:43
inc0but distributed is more robust16:43
kfox1111init containers are great for initing pods.16:43
inc0to stuff like failure scenerios and whatnot16:43
kfox1111for things like mysql/keystone endpoints/etc, no init-containers for init.16:43
rhalliseykfox1111, I added some arguments in there.  Worth a read16:43
kfox1111rhallisey: will do.16:44
portdirectinc0: distributed in k8s context can actually cause failures - I've seen this with heavy load on api server16:44
kfox1111so something needs to kick off bootstrap/upgrade type jobs.16:44
QuentinMWould it make sense to move this discussion over e-mail to have a better / long-lived / referencable discussion?16:44
inc0portdirect, I'm not talking about every container ddosing API16:44
sdakeQuentinM this channel is logged - see topic16:45
inc0I'm talinkg actually about external pod to handle dependencies, pod will run single-node but with ability to be distributed16:45
sdakeQuentinM the best place to have the discussion is in the specification itself16:45
kfox1111yeah. another disadvantage of using the distributed container logic is that it may put a lot of load on the kube-apiserver in times of failure and it requires security credentials out in a lot more places.16:45
inc0QuentinM, issue is, we want this thing to be done asap;) mail is long16:45
kfox1111it can be mmitigated by using it where its really needed and not just everywhere.16:46
inc0so ok, I'm not talking about every container ramming the API16:46
portdirectinc0: ah ok16:46
portdirectsry16:46
inc0np16:46
inc0this is common misunderstanding, because that's kinda how entrypoint works today16:46
inc0but I'm talking of evolved version16:46
kfox1111I think entrypoint in an init-container would be pretty good for a lot of things.16:47
kfox1111I think operators solve the bootstrap/upgrade worflow issue.16:47
QuentinMsdake: https://review.openstack.org/#/c/392257/ right?16:47
inc0that's right QuentinM16:48
*** TxGirlGeek has quit IRC16:48
QuentinMThanks, forwarded16:48
kfox1111I think the distributed workflow of stuff like, block container until systems ready, (passive workflow) fits nicely in entrypoint.16:48
portdirectI'm goint to sit this out beasue I have to head In 5, but my instsict relfects kfox1111' last two lines exactly at this stage.16:48
kfox1111the active workflow, see if db has X, if not, create X,16:48
*** portdirect is now known as portdirect_away16:48
*** TxGirlGeek has joined #openstack-kolla16:48
kfox1111is better handled by k8s jobs and driven by operators.16:48
inc0kfox1111, agree16:48
inc0just let's not reimplement ansible tbh16:49
pbourkeawiddersheim: just verified it is needed16:49
QuentinMkfox1111: that's what we do with Stackanetes16:49
*** chas_ has joined #openstack-kolla16:49
kfox1111QuentinM: awesome. :)16:49
inc0QuentinM, upgrades done with operators?16:49
inc0and deploy with entrypoint? (in our case entrypoint-initcontainer)16:49
kfox1111inc0: not quite what I said. deploy is also done with operators, but the blocking of things till they come up is entrypoint.16:50
sbezverkinc0: https://coreos.com/blog/introducing-operators.html they talk about upgrades with operators16:50
kfox1111sbezverk: welcome back. :)16:50
sbezverkkfox1111: thanks :-) you guys are way ahead now16:51
inc0kfox1111, well, with entrypoint you just literally start EVERYTING up16:51
inc0and it will resolve itself16:51
inc0can be done with helm16:51
kfox1111inc0: no.16:51
inc0why?16:51
kfox1111I don't want 300 pods trying to create an entyr in keystone.16:51
sdakeasalkeld said this model was bad as well16:52
QuentinMwhy would it happen?16:52
sdakeshame he isn't around atm16:52
inc0so you want to deploy one service at time?16:52
QuentinMyou've one job that creates the entry in keystone16:52
kfox1111the workflow of creating an openstack service (deployment) is kind of a one time thing.16:52
QuentinMyou can have the job wait for the keystone-api container to be up and answer healthchecks too.16:52
inc0QuentinM, every service has to have entrypoint in ks - nova has its own, neutron too...and so on and so forth16:53
QuentinMI know16:53
kfox1111that logic sholdn't be distributed or put in lots of different places.16:53
inc0well, I think it can tho16:53
kfox1111a job for creating a keystone entry is the solution.16:53
inc0it's like...10 entrypoints total?16:53
QuentinMWe are using jobs for Stackanetes16:53
inc0and if you're using job, it wont' be THAT distributed16:53
QuentinMWe don't have 300 pods trying to do it16:53
QuentinMOnly one container for the job is running16:53
*** srwilkers has quit IRC16:53
inc0yeah that ^16:53
kfox1111entrypoint should be passive. blcok container until deps are ready.16:53
QuentinMIt waits for mariadb to be answer healthchecks (it simply asks the kubernetes API)16:54
kfox1111exactly.16:54
QuentinMthen run16:54
inc0kfox1111, job can be a dependency too16:54
QuentinMit's a really simple design.16:54
*** chas_ has quit IRC16:54
kfox1111dependency, yes. should it spawn, no.16:54
kfox1111pasive workflow.16:54
*** fragatina has joined #openstack-kolla16:54
QuentinMwhat do you mean: should it spawn?16:54
inc0"don't start nova-api unltil nova-keystone-bootstrap-job is ready"16:54
QuentinMyeah16:54
kfox1111inc0: yes. that.16:54
*** fragatina has quit IRC16:54
QuentinMthat's what we have16:54
inc0can be done with entrypoint easily16:55
kfox1111but nova-api for example should never try and launch a nova-register-keystone-endpoint job.16:55
DTadrzakMaybe we can out tomorrow PoC about kuberenetes entrypoint and init-container with How Stackanetes works?16:55
inc0just...job is yet another dependency16:55
inc0kfox1111, no..not nova-api16:55
QuentinMthe nova-api container runs, but the nova-api binary doesn't, until kubernetes tells us that mariadb and the initialization job are OK.16:55
DTadrzakextend *16:55
inc0something else will start all the jobs16:55
kfox1111the nova-register-keystone-endpoint job shoudl only ever be run by either a person operator or a k8s operator.16:55
inc0and pods in that matter16:55
QuentinMHey DTadrzak16:55
inc0and it will resolve itself16:55
DTadrzakHello QuentinM:]16:56
QuentinMkfox1111: on Stackanetes, everything is deployed by kpm (just like helm)16:56
QuentinMkfox1111: at once16:56
QuentinMthen, the entrypoint on each container, make sure that no openstack binary starts before their deps are OK16:56
*** magicboiz has quit IRC16:56
inc0QuentinM, can job have an init-container tho?16:56
kfox1111QuentinM: I'm a little concerned with that. I've got some oddball clusters, and workflows tend to be more hinderence to my usage then a help.16:56
DTadrzakI think that we have solved a lot of problem in Stackanetes we can show how it works exactly any maybe something will be worth to move it to kolla-k8s?16:56
inc0we need deps in jobs as well16:56
QuentinMso the keystone boostrap job will execute once mariadb answers healthcheck16:56
kfox1111I totally get some people want really sijmple deployment. and we should support that.16:56
QuentinMand then keystone api starts when job is finished16:57
kfox1111so I want to be able to manually deploy everything rather then have orchestration do it.16:57
QuentinMit's a "drop all the manifests in one command and let the rest happen" pattern16:57
inc0DTadrzak, it can't be exact copy as we don't really want entrypoint in every container16:57
kfox1111the "magic" stuff bites me.16:57
QuentinMit's not magic?16:57
inc0kfox1111, totally doable too16:57
QuentinMevery container queries kubernetes for statuses16:58
inc0I mean, it can be single command, it can be set of commands16:58
QuentinMis mariadb healthy?16:58
inc0it'll all work16:58
QuentinMis the boostrap job finished?16:58
QuentinMif yes, then start the binary16:58
kfox1111QuentinM: what if I don't bootstap?16:58
PavoStackanetes demo video looks interesting16:58
inc0one command is just set of subcommands16:58
kfox1111I have an existing cluster, I'm going to migrate.16:58
kfox1111it already has a bootstraped db.16:58
kfox1111no reason to have a job.16:58
kfox1111that kind of stuff.16:58
sdakepavo would appreciate your honest eval feedback ;-)16:58
*** portdirect_away is now known as portdirect16:58
QuentinMkfox1111: well then just set the job status as finished16:59
kfox1111the orchestration stuff either needs to be excluded,16:59
kfox1111or really not assume things. :/16:59
QuentinMor don't set the dep16:59
QuentinMhttps://www.youtube.com/watch?v=fbEmoxxO3Oc the video Pavo is mentioning16:59
Pavofrom just watching the video seems pretty neat but also doesn't look to customizable16:59
*** portdirect is now known as portdirect_away16:59
QuentinMPavo: it is actually16:59
QuentinMPavo: you can drop in any configuration files or images you want16:59
*** fguillot_ has quit IRC16:59
*** portdirect_away is now known as portdirect17:00
inc0yeah, this dependency model can be modified pretty neatly17:00
kfox1111QuentinM: one goal I have, is to make packages/containers easily shippable.17:00
inc0anything external - dont put it as dependency17:00
kfox1111so it shoudl be easily customizable, without having to rebuild a package/container.17:00
QuentinMthat's why we wrote kpm17:00
QuentinMto ship kubernetes packages17:00
inc0QuentinM, fyi it'll be helm for us most likely17:00
inc0but same stuff17:00
QuentinMit is kinda like helm, but gives more freedom on variables17:00
QuentinMyeah17:01
PavoQuentinM how hard would it be to add Provider VLANs and separate all the different type of traffic, only reason I ask is because I haven't tried anything kubernetes yet17:01
inc0Pavo, that's beyond k8s, that's neutron configuration17:01
DTadrzak+117:01
QuentinMfor example, on Stackanetes, if you don't provide Ceph configuration, then the cinder Cependency is completely left out from any other services because Cinder won't be deployed.17:01
kfox1111inc0: relavent though, as its a config thing the packages have to deal with.17:01
*** fguillot has joined #openstack-kolla17:01
inc0kfox1111, we need to inject configmaps externally17:01
inc0one way or another17:01
QuentinMinc0: +117:01
kfox1111inc0: agreed.17:02
Pavoinc0 yeah I get that but doesn't neutron config have to relate to k8s connections?17:02
inc0we can deal with this problem with tool designed specifically for it17:02
*** g3ek has quit IRC17:02
kfox1111inc0: but then helm packages cant' stand completely on their own and need something like operator to help with the workflow.17:02
inc0not really, from neutron perspective it'll look just as ansible deployed version17:02
Pavoah17:02
sdakepart of the workflow is configuration.. ;-)17:02
kfox1111Pavo: yeah. it uses net=host, which ignores most of k8s networking.17:02
*** haplo37 has quit IRC17:03
kfox1111so oprators are needed, and packages alone arn't sufficient.17:03
*** haplo37_ has quit IRC17:03
Pavook I think I am understanding it now17:03
inc0kfox1111, deployment will be hadnled with mixture of entrypoint-init+helm17:03
QuentinMhttps://github.com/stackanetes/stackanetes/blob/master/neutron/templates/openvswitch.yaml.j2#L3217:03
kfox1111entrypoint-init+helm+operators17:03
Pavothis whole ansible, docker and kubernetes is all really new to me17:03
QuentinMhttps://github.com/stackanetes/stackanetes/blob/master/neutron/templates/init.yaml.j2#L2617:03
QuentinMetc17:03
inc0kfox1111, operators will not do deployment itself17:03
PavoI am getting an understanding of docker pretty well though since I have started playing with kolla17:03
inc0we'll put them wherever you need to do crazy stuff17:04
Pavoand starting to understand ansible really well also17:04
kfox1111QuentinM: thats going to be alot tricker for me.17:04
kfox1111QuentinM: I need multiple mariadb's, multiple rabbits, etc.17:04
inc0Pavo, k8s is next level;) I suggest you take a look at it later, it's this new way of doing stuff;)17:04
kfox1111can be templated I think though.17:04
inc0but still early in the game tbh17:04
QuentinMwe have17:04
QuentinMwe have HA galera17:04
QuentinMHA rabbitmq17:05
kfox1111yeah, no. I mean multiple ha things.17:05
QuentinMwhy not namespaces?17:05
kfox1111like, ceilometer rabbit seperate from nova's rabbit,17:05
QuentinMit is designed to avoid this kind of collisions17:05
kfox1111but woven into the config of nova-api.17:05
QuentinMkfox1111: right, we do that for elastic-search17:05
Pavoand I apologize to all of you since I am so newbish to all this17:05
portdirectQuentinM: there are reasons other than HA, we need seperation for security for many deployents17:05
QuentinMkfox1111: we have an elasticsearch for searchlight and another for something else17:05
kfox1111Pavo: no worries. we're all learning. :)17:05
QuentinMkfox1111: we template the name of the service/deployment using the freedom that kpm gives us with JSONNET17:06
QuentinMportdirect: y17:06
kfox1111QuentinM: so we need a way to launch multiple/differently named rabbits/mariadb's/elasticsearches.17:07
kfox1111so my plan was to make a package for that, so it was launchable several times.17:07
inc0kfox1111, but helm can do that right?17:09
QuentinMkfox1111: yeah, that's exactly what we did17:09
QuentinMkfox1111: we then inject certain things like the name of the service for discovery through variables17:09
QuentinMwe have two deployments of the same elasticsearch package, but different parameters given17:09
kfox1111yeah.17:09
*** bmace has joined #openstack-kolla17:10
*** magicboiz has joined #openstack-kolla17:10
QuentinMbut it's quite hard to do with helm currently because of their limitation around variable manipulation unfortunately17:10
kfox1111I think I've gotten that bit to work.17:10
portdirectQuentin: we would need this to allow for services that are not in the same k8s deplyment, or even deployed with k8s (should be possible with any method but worth bearing in mind)17:10
QuentinMcool17:10
kfox1111portdirect: right.17:11
inc0portdirect, can be done with config manipulation and dependency manipulation17:11
kfox1111I want to be able to take clouds deployed with something else,17:11
QuentinMyeap17:11
QuentinMeasy17:11
kfox1111and a piece at a time "upgrade" to k8s managed openstack.17:11
inc0you just...dont specify mariadb as dependency and hardcode connection to it in configs17:11
kfox1111so workflow bits really can't get in the way.17:11
rhalliseytime to read back while lunching :)17:11
QuentinMyeap inc017:11
QuentinMour openstack package are agnostic17:11
QuentinMyou pass them the adress to your mariadb server for example17:11
kfox1111so, those deps have to be templated out to make them configurable.17:11
rhalliseythe community is active last few days :)17:12
* rhallisey reads back17:12
QuentinMso it can be either an internal mariadb, or an external, doesn't matter17:12
QuentinMsame with keystone-api and such17:12
inc0so QuentinM only reservation I have regarding entrypoint is that I don't think it should be embedded in every container17:12
QuentinMkfox1111: true17:12
inc0and without that we will have issues with init containers for jobs...17:12
QuentinMkfox1111: in your case, they have to be17:12
QuentinMkfox1111: which is not a big deal to do17:12
kfox1111so who runs the create-db job though?17:12
*** matrohon has quit IRC17:13
kfox1111is that in a seperate package?17:13
QuentinMinc0: are you concerned about the size?17:13
kfox1111I'm more of a fan of fine grained packages.17:13
kfox1111gives more control.17:13
inc0QuentinM, I'm concerned about kolla images being reusable17:13
inc0they're not ansible-specifiv, we don't want them to be k8s specific too17:13
QuentinMkfox1111: we've made a "keystone" package for instance, it carries the job, now you can decide to avoid running it if you want.17:14
inc0kfox1111, can package call a package?17:14
*** tonanhngo has quit IRC17:14
QuentinMkfox1111: yeah you can create meta-packages17:14
kfox1111https://github.com/sapcc/openstack-helm/tree/master/neutron this large kind of package makes me thinkg it will be hard to work with.17:14
QuentinMinc0: yeah you can create meta-packages17:14
kfox1111inc0: sort of.17:14
*** TxGirlGeek has quit IRC17:14
sdakekfox1111 is this accurate: https://www.gliffy.com/go/share/ssmhcjkog50xyl3gensq17:14
kfox1111in helm, you can have subpackages, that are bundled wit hit.17:14
kfox1111let me give you an example17:14
inc0kfox1111, then you can make finer granularity17:14
QuentinMyeah that is gross17:14
kfox1111https://review.openstack.org/#/c/396296/17:15
*** fguillot has quit IRC17:15
QuentinMthe issue is that helm is pretty bad at passing and modifying variables on the fly17:15
kfox1111Ive converted one of our templates to helm.17:15
QuentinMso it makes doing small packages quite hard17:15
*** TxGirlGeek has joined #openstack-kolla17:15
QuentinMfor no reason17:15
QuentinMjust like the fact that currently they don't allow creating subfolders under the template folder17:15
*** adrian_otto has quit IRC17:15
kfox1111QuentinM: my plan there was to maybe build the packages with tooling.17:15
QuentinMor allow you to do conditionals17:15
kfox1111automate the building of the packages.17:15
QuentinMlike we do: if this variable is true, then don't deploy this job, or don't deploy this package, or this conf17:16
kfox1111so not so much redundant code, and easier to deal with some of the limitations.17:16
QuentinMand that's pretty important to us17:16
kfox1111QuentinM: I found a workaroudn to that.17:16
kfox1111with helm.17:16
*** fguillot has joined #openstack-kolla17:16
kfox1111they launch all templates not starting with _17:16
kfox1111but you can put stuff in _ in a macro, and then call it conditionally in a main.yaml17:17
sdakekfox1111 woudl you mind taking a breather and checking my diagram plz17:17
kfox1111sdake: sure17:17
QuentinMdamn17:17
sdakehttps://www.gliffy.com/go/share/ssmhcjkog50xyl3gensq17:17
inc0so I'd separate discussion about that really - helm/kpm is meant to render yamls for resources, something else has to deal with deployment/operations17:18
kfox1111inc0: the issue is helm/kpm has some orchestration bits in it too.17:18
openstackgerritEduardo Gonzalez proposed openstack/kolla: Tacker NFV Ansible support  https://review.openstack.org/38979017:18
kfox1111so we're discussing whether some bits can be done in the package system, or belongs in operators.17:18
kfox1111I still am partial to logic in operators and not in packages. seperation of concerns.17:19
kfox1111sdake: yeah, thats kind of what I was thinking.17:19
*** chas_ has joined #openstack-kolla17:19
QuentinMkfox1111: kpm has no orchestration bit17:19
QuentinMkfox1111: what kind of17:19
kfox1111QuentinM: like, putting bootstrap jobs in the package that automaticaly get luanched. thats orchestration.17:20
QuentinMit just templates manifests with variables and use `kubectl create` to send them to kubernetes17:20
sdakekfox1111 sorry had to drop out of the convo for awhile - had phone call17:20
sdakekfox1111 anywhere the diagram can be improved?17:20
*** TxGirlGeek has quit IRC17:20
inc0kfox1111, it's just launching all the stuff at same time tho right?17:20
kfox1111sdake: I think the compute operator takes in a 3rd party resource, and pushes the keystone third party resource.17:20
kfox1111inc0: yeah. but using entrypoint to block things to get an ordering.17:21
QuentinMkfox1111: inc0: yeah kpm just templates the manifests and send everything to kubernetes17:21
sdakekfox1111 probably something no tclear on that diagram is i think everything has a third party resource at the service level17:21
QuentinMthe entrypoint is not kpm/helm related17:21
inc0so that's not really orchiestration17:21
pprokopHi Quentin :D17:21
kfox1111sdake: right.17:21
inc0that's just pushing all the things17:21
QuentinMkpm in our case is just meant to template and send all the resources to kubernetes and that's it.17:21
kfox1111inc0: no, it is, as its orcestrating a deployment.17:21
inc0for i in resources; kubectl create i17:21
QuentinMhi pprokop, whatup17:21
QuentinMinc0: exactly17:22
kfox1111its an implicit workflow rather hten an explicit one.17:22
*** DTadrzak has quit IRC17:22
QuentinMit pulls a package from a repository in the given version / release channel, template and kubectl create17:22
kfox1111implicit ones make me nervious as an operator.17:22
inc0orchiestration...or choreography...is done with entrypoint17:22
inc0really17:22
QuentinMyes17:22
kfox1111you never know when the implicitness decides to do something bad. seen it far to often.17:22
QuentinMkpm is just a loop over templates and send them to the k8s API17:23
kfox1111we had a cloud afflicted by chef deciding to recreate a keystone user over and over again.17:23
kfox1111showed up as periodical rest flakyness. but most of the time thigns were fine.17:23
sdakekfox1111 that sounds like compoe + glance ;)17:23
inc0so kfox1111 how about having external pod that will consume graph of resources generated by helm17:23
inc0+ have notion of dependencies17:23
kfox1111thats an orperator I think. :)17:23
inc0and just create resource when all the deps are met17:23
inc0well, it will be one mechanism for everything17:24
kfox1111operator17:24
inc0not writing keystone operator17:24
kfox1111you still have to orchestrate across service.17:24
kfox1111too17:24
inc0it's dependency operator17:24
inc0dependency operator can operate sub-dependency operators17:24
kfox1111I think for now, we shouldn't overoptomize by assuming all the operators look the same.17:24
sdakeya that is what is in the spec inc017:24
kfox1111in the end, we might find out thats true and make the code into just one thing.17:25
*** chas_ has quit IRC17:25
sdakethe thing that is delta from that model is that we don't have a generic implementation for it17:25
inc0so unless we go crazy about it, it's really just evolution of entrypoint mechanism17:25
inc0QuentinM, thoughts?17:26
kfox1111we can make a base class they all share to share as much as we can. in the end, if we prove out the base class is all thats ever needed,17:26
inc0pprokop17:26
kfox1111we can collaps it down to one operator and an input file or something.17:26
sdakekfox1111 agree, i see that in the future as well17:26
QuentinMkfox1111: about your job being flaky, it can't happen since Kubernetes uses etcd to store the state.17:26
QuentinMkfox1111: the KV store doesn't flake.17:26
inc0kfox1111, like this?;) https://github.com/inc0/navigator/blob/master/mariadb.yaml17:26
kfox1111QuentinM: I've seen it personally flake. :)17:27
inc0every distributed database is flaky17:27
pprokopinc0: ?17:27
inc0it's like...mathematically proven;)17:27
inc0pprokop, read couple lines above plz17:27
inc0I'd be interested in your thoughts17:27
kfox1111had 3 etcd's on one laptop. no one said it wouldn't work, but I saw multiple kube-controller-managers gain master at once.17:27
*** adrian_otto has joined #openstack-kolla17:27
kfox1111and upgrading a deployment did some spectacurally wieird things. :)17:28
kfox1111beign a dev is about imagining whats possible.17:28
kfox1111being an operator is imaginging what will bite you. :)17:28
inc0if its distributed and have a state, it's broken17:28
inc0question is, how broken17:28
inc0and when does it show17:28
sdakethirdpartyresource (i.e. etcd) contains the state17:28
inc0yeah, and imho it shouldn't17:29
kfox1111theres' desaster recovery to handle too.17:29
pprokopIf you want to implement a operator for deps see k8s-appcontroller, maybe you do not trust mirantis but they already wrote it17:29
inc0state == kubectl get pods + kubectl get jobs17:29
kfox1111double failure in etcd. it happens.17:29
*** TxGirlGeek has joined #openstack-kolla17:29
kfox1111we go to restore from backups.17:29
openstackgerritPaul Bourke (pbourke) proposed openstack/kolla: Fix fact gathering when using --limit  https://review.openstack.org/39785117:29
pbourkeawiddersheim: ^17:30
pbourkewhenever you have a chance :)17:30
kfox1111how much in k8s is critical state, and how much is held in git, and can be easily just reuploaded?17:30
kfox1111requireing completed jobs to hang out for orchestration purposes makes that harder.17:30
inc0kfox1111, you mean like "step deployment"?17:31
inc0press C to continue?17:31
kfox1111not exactly sure what I mean. but just gota make sure those cases are handled.17:31
inc0doable in multiple ways17:32
kfox1111with low level packages without orchestration tied in,17:32
inc01. don't just start everyting, start things in turns manually17:32
kfox1111its easier to just relaunch the packages manually.17:32
kfox1111with orchestration built in, then it assumes things that may not hold true during desaster recovery.17:32
inc02. create virtuall dependency that you'll run manually, like lock-job17:32
inc0well any orchiestration will need to trust it's single source of truth17:33
rhalliseyfinally caught up. Phew17:33
QuentinMkfox1111: we have that too17:33
inc0for ansible these are facts17:33
inc0for k8s - it's k8s api17:33
QuentinMkfox1111: sometimes I just destroy everything keystone related and run kpm deloy stackanetes/keystone again17:33
inc0if that's broken, you're in pain anyway17:33
QuentinMor when I edit a configmap, I can just run deploy again to get it there17:34
kfox1111inc0: its better not to have to deal with extra orchestration pain, while your dealing with the rest. :)17:34
*** newmember has quit IRC17:34
rhalliseykfox1111, agree with what you're saying.  We want client side workflow to only run based on user input or k8s input17:34
*** Jeffrey4l has quit IRC17:34
kfox1111rhallisey: yeah. I just want the workflow out of the way sometimes so it doesn't "help" and actually cause more pain then help.17:34
kfox1111so packages magically launching create db jobs, register keystone entrypoints, etc17:35
rhalliseyyup, optional, layered and flexible client side17:35
kfox1111I'm starting to run multiregion clouds,17:35
pprokopI would like to make every component not required. Keep Kolla as modular as possible.17:35
rhalliseyopenstack is so complex, in can be configued to run a million ways17:35
inc0maybe let's stick to ansible then:)17:35
pprokopAnd an operator can build deployment from small blocks17:35
inc0client side is not cloud native at all17:36
kfox1111and I really don't like giving admin access to create entrypoint jobs. I like to do those manually. less dangerous to the other regions.17:36
kfox1111pprokop: +1.17:36
inc0kfox1111, so thing is...any orchiestration can be manual17:36
pprokopOne can choose kpm, one helm17:36
sdakepprokop i believe the spec states that ;)17:36
kfox1111lets make packages do what they are good at. templating and shiping the templates.17:36
pprokopone can take config generator17:36
kfox1111lets leve orchestration out to a different layer.17:36
inc0pprokop, too much granularity means we'll stick to support 20 thnings doing same thing17:36
rhalliseyagreed17:36
inc0and that's bad17:36
kfox1111I'm good having entrypoint manage dependencies passively.17:37
*** Serlex has quit IRC17:37
pprokopI'm good when Kolla will give user a choice what deps managemnet to choose17:37
kfox1111an init-container should not do workflow though. no bootstrap/upgrade stuff outside of a job thats launched by a k8s operator or a human operator.17:37
inc0I'm not really, we can't spread ourselves thin17:37
inc0it will kill our productivity17:38
*** Pavo has quit IRC17:38
rhalliseyinc0, what will spread us thin?17:38
sdakeinc0 we have 10 people signed up in the spe t od o work17:38
rhalliseyspecifically17:38
inc0doing multiple orch tools17:38
*** TxGirlGeek has quit IRC17:38
*** narasimha_SV has joined #openstack-kolla17:38
*** fragatina has joined #openstack-kolla17:38
kfox1111having a layered/ortoganal stack should make it easy to paralell develop the work.17:38
inc0at the end17:38
rhalliseythis is all layered17:38
*** TxGirlGeek has joined #openstack-kolla17:38
kfox1111yeah.17:38
*** Pavo has joined #openstack-kolla17:38
*** fragatina has quit IRC17:38
inc0I'm talking about support later17:38
inc0more code = bad for support17:39
kfox1111inc0: yeah. we should implement one thing, but not exclude anyone else wanting to implement some other workflow17:39
QuentinMcloud native would be to have an entrypoint querying something about whether it can start now or not17:39
QuentinMtry and retry17:39
kfox1111QuentinM: I'm curious,17:39
*** fragatina has joined #openstack-kolla17:39
QuentinMit could query an external dep graph or whatever17:39
inc0kfox1111, yeah, make workflow pluggable and optional but keep it one17:39
*** msimonin has quit IRC17:39
kfox1111most of openstack services actually do that natively.17:39
openstackgerritPaul Bourke (pbourke) proposed openstack/kolla: Fix fact gathering when using --limit  https://review.openstack.org/39785117:39
kfox1111how much have you ran into that didnt?17:39
pprokopK8s component itself uses polling k8s-apiserver for state17:40
sbezverkkfox1111: remember neutron? noa does not wait for ovs to be up17:40
*** fragatin_ has joined #openstack-kolla17:40
kfox1111sbezverk: yeah. thats one case I think entrypoint woudl be great for.17:40
narasimha_SVwhile deploying ceilometer with gnocchi backend ceilometer-api container is not getting created. getting failed at bootstrap17:40
sbezverkit just fails17:40
kfox1111how many other places?17:40
QuentinMkfox1111: several unfortunately and we need to cope with boostrapping too17:40
QuentinMlike you said17:41
QuentinMfor upgrades too17:41
narasimha_SVanyone tried ceilometer with gnocchi ???17:41
kfox1111if bootstrapping used the same mechanism, then yeah.17:41
inc0kfox1111, thing is...we don't want to find out which ones the hard way;)17:41
kfox1111the other bootstrapping option is to just not deploy the object until its initial bootstrap depenedencies were created.17:41
sdakenarasimha_SV jeffrey4l did the implementation work - if its broken fiel a bug i'm sure it will be processed along with our other 300 bugs at some point ;-)17:41
QuentinMI am the new version of Neutron, can I start? Nope, the migration process didn't happen.17:41
*** fragatin_ has quit IRC17:42
kfox1111QuentinM: I think its bad to even try and start the new neturon until the right phase in the upgrade.17:42
v1k0d3ni man...step away for a little bit, and there's a lot more out here.17:42
v1k0d3nkolla is hard to keep up with lately :)17:42
inc0v1k0d3n, welcome to our wold17:42
v1k0d3nreading...17:42
inc0world17:42
v1k0d3nlol17:42
kfox1111I guess the difference here is, do you start everything and have the upgrade send messages/commuinicate somehow to a running upgraded thing to unblock it,17:43
v1k0d3nwell...this is an especially busy week or so.17:43
kfox1111or start it once its at the right step in the upgrade.17:43
QuentinMkfox1111: well yeah ;)17:43
kfox1111I'm the latter. for example, k8s has a great thing in deployments.17:43
inc0kfox1111, if you can reflect step of upgrade in kubectl get jobs17:43
QuentinMkfox1111: depends whether you want your cluster to self-manage or have a client-sided client that does it17:43
inc0it's dependency-resolvable17:43
kfox1111I don't want to launch a new deployment for the n+1 ver and block it.17:43
QuentinMk8s is all about containers self managing themselves and resolving deps, doing discovery17:43
kfox1111I want to run some upgrade jobs,17:44
*** haplo37 has joined #openstack-kolla17:44
kfox1111then do a kubectl replace nova-api-deployment17:44
*** g3ek has joined #openstack-kolla17:44
*** fragatina has quit IRC17:44
kfox1111and let k8s do the rolling upgrade.17:44
QuentinMofc17:44
*** fragatina has joined #openstack-kolla17:44
*** haplo37_ has joined #openstack-kolla17:44
kfox1111k8s has really good orchestratin there. better then the pods will do themselves.17:44
kfox1111I don't think entyrpoint would be a good fit there.17:45
v1k0d3noh adrian_otto is here too17:45
v1k0d3nnice to have you. brandon from the summit (talked towards the end of the second day)17:45
kfox1111QuentinM: not quite client sided. operator. extend k8s to know how to deal with opensatck upgrades.17:46
narasimha_SVsdake: it is working when I am using mongodb as its backend17:46
sdakenarasimha_SV sounds like a bug17:46
sdakewe need lots o gates17:46
sdakenot sure who is responsible for that17:46
narasimha_SVok17:46
sdakenarasimha_SV also I am taking a break from bug triage :)17:46
adrian_ottohi sdake and v1k0d3n17:46
sdakenarasimha_SV pretty sure I've earned it :)17:47
narasimha_SVsdake: ok let me file a bug then17:47
kfox1111so I think you can still do k8s native stuff with an operator for managing some of the workflow, and really still use the real power of k8s. k8s deployments for rolling upgrades / canarie upgrades, etc17:47
v1k0d3ntbf i'm catching up since 11:43. like i said...kolla is super busy these days.17:47
kfox1111I think entrypoint is a very cleaver solution to a bunch of orchestration issues, but care should be used with it not to overuse it and have it block using some of the advanced k8s features.17:48
sdakev1k0d3n its been like this going on about a year+ :)17:48
rhalliseykfox1111, yes, I agree.  That's exactly what we're after.  We can't make this entirely about making this app kubernetes like.  Openstack is an exception because of it's complexity17:48
*** mgoddard_ has quit IRC17:48
rhalliseywe want to deploy and hand off to kubernetes to manage17:48
*** mgoddard has joined #openstack-kolla17:49
rhalliseyand any complex operations a user needs we handle as a workflow17:49
rhalliseyopenstack has a *method* that makes sense to deploy it as just like k8s has a *method* to how apps are expected to behave17:50
kfox1111yeah.17:50
rhalliseywe need to take the line that is:  kubernetes <--------> openstack and bend it to be more like a circle17:51
rhalliseywhich means we can't go to heavily on way or the other17:52
openstackgerritMerged openstack/kolla: Deprecate scheduler_max_attempts option in nova  https://review.openstack.org/39754717:52
kfox1111I think helm/kubernetes-entrypoint/operators/containers/k8s all together for appropriate tasks = win. :)17:52
sdaketime to watch ptich black17:53
*** unicell has quit IRC17:54
kfox1111so are we all on the same page? concerns?17:57
*** eaguilar has joined #openstack-kolla17:57
sdakekfox1111 i have a question then17:59
kfox1111sure17:59
sdakekfox1111 what is the delta between that conversation and the current spec, and can someone record it there for ryan to address17:59
kfox1111I think its mostly unchanged?17:59
kfox1111the spec doesn't mention entrypoint though, which I was kind of thinkging implicitly we'd use,18:00
kfox1111but maybe we want to put that in explicitly?18:00
pprokopPleas put everything explicitly18:00
openstackgerritPaul Bourke (pbourke) proposed openstack/kolla: Fix fact gathering when using --limit  https://review.openstack.org/39785118:00
inc0well that was what whole argument last 2 days was about18:00
narasimha_SVsdake: when a container bootstrap is getting failed, what can be the reason18:00
sdakeinc0 no idea18:00
sdakesay guys i've got a staff meeting now bacak in an hour18:01
kfox1111inc0: I think the last 2 days were about operators and if we wanted them at all.18:01
sdakecan someone sort out what needs to change ;)18:01
sdakein the spec18:01
kfox1111or can something like entrypoint make them not needed.18:01
sdakesomething clearly must18:01
*** athomas has quit IRC18:01
sdakeoh nm18:01
kfox1111I think they are needed, but entrypoint is too.18:01
sdakemy staff meeting is at 1218:01
sdakedst ftl18:01
sdakewere we in agreement hat entrypoint wasn't going in every container?18:02
*** TxGirlGeek has quit IRC18:02
sbezverkQuentinM: quick question, do you know if containers in the same pod can have access to the shared memory?18:02
sdakekfox1111 sorry phone calls today couldn't keep up with chat18:03
inc0kfox1111, we don't really need operators for deployment, that was the point I was trying to make18:03
sdakeinc0 your right we dont18:03
kfox1111inc0: I think they are very important.18:03
sdakeinc0 if your using only manual workflows18:03
inc0yes, just not right away18:03
inc0or entrypoint..18:04
sdakewe are at the point of manual workflows work18:04
sdakenext step is automatic workflows18:04
kfox1111sdake: right. yeah.18:04
inc0entrypoint will automate it18:04
inc0and it works18:04
inc0without need of an operator18:04
sdakecomon guys lets sort out as a team how to get a solid outcome18:05
sdakeI hear "we are all in the same page?" followed by mostly yes followed by back on no more operators18:05
adrian_ottoHas there been any discussion of potential security drawbacks to using automated discovery in the context of the data plane? In other words, using entrypoint tools to facilitate orchestration.18:06
inc0or rather "not an requirement for deployment"18:06
adrian_ottorather than handling all application orchestration in a separate context that the application itself cannot access?18:06
kfox1111entrypoint wont handle 'k8s deployment' ojbect rolling upgrades well.18:06
sdakeadrian_otto we haven't tackled security yet18:06
QuentinMwhy not18:06
sdakeadrian_otto we don't bolt that on18:06
sdakeadrian_otto they are built mostly in the containers18:06
kfox1111operators can drive k8s deployments.18:06
QuentinMit will still check wether mariadb is healthy18:06
sdakeadrian_otto but we are working on more base level problems at present18:07
QuentinMand whether keystone-api is healthy18:07
QuentinMbefore starting the service18:07
kfox1111QuentinM: the package everying, start in parallel together thing.18:07
adrian_ottothere is an argument to consider that perhaps the container should not have access to information beyond the scope of that container's individual role in an application.18:07
kfox1111I don't want to start a new rc while the old rc is running.18:07
kfox1111I want to replace the old deployment with the new deployment.18:07
kfox1111and I not block access while the rolling upgrade happens.18:08
kfox1111then k8s does the orchestration of the rolling upgrade natively.18:08
QuentinMsbezverk: I don't believe so18:08
kfox1111I think entrypoint solves the dependencyh issue well.18:09
kfox1111what I'm less confinced of is can dependencies be used for orcestrating a worfklow.18:09
kfox1111it can, but not as well as using more native k8s means.18:09
*** pbourke has quit IRC18:10
v1k0d3nalright guys. let's approach this possibly another way; with a goal of nailing down some general concepts and direction either today or by tomorrow.18:11
*** pbourke has joined #openstack-kolla18:11
v1k0d3nwe're talking about many concepts; many of which are not specific to openstack services. also many of which are a little new for us to get a full grasp on the goals, so we want to keep an open mind.18:12
kfox1111I just added my thoughts to an entrypoint section in the spec.18:12
kfox1111can everyone have a look?18:12
v1k0d3ncan we just talk about only pros and cons of entrypoint?18:12
adrian_ottokfox1111: sorry, I missed the link to that spec, can you shoot it to me please?18:13
v1k0d3nbecause i think adrian_otto brought up a great point about limiting application discovery, and scoping correctly as well (something for consideration).18:13
kfox1111adrian_otto: sure. :)18:13
kfox1111https://review.openstack.org/#/c/39225718:13
inc0https://review.openstack.org/#/c/392257/13/specs/kolla-kubernetes-arch.rst adrian_otto18:13
adrian_ottothanks18:13
kfox1111adrian_otto: yeah, I totally agree with you on the security aspect.18:13
kfox1111we shuld minimize service accounts to the things that really need them.18:14
v1k0d3n^^ me as well. this is something QuentinM we may want to discuss also.18:14
inc0kfox1111, well, with init-container approach to dependencies we don't really have this issue18:14
*** sdake_ has joined #openstack-kolla18:14
kfox1111so for example, in the nova-compute -> openvswitch case,18:14
kfox1111it could ask k8s what the state of pods on the same node is,18:14
kfox1111or it could just check to see if openvswitch's socket is there.18:14
v1k0d3nwell, before we dig deeper...(sorry guys)...18:14
kfox1111entrypoint can do either.18:14
*** TxGirlGeek has joined #openstack-kolla18:15
kfox1111which is awesome. :)18:15
v1k0d3ncan we all weigh in on certain aspects of the spec...hitting each one, and moving forward once there is direction?18:15
adrian_ottoso my point in brining this up is not to sidetrack any progress, but to help us think about a range of pros and cons before zeroing in on a particular approach18:15
kfox1111inc0: we do, its just not as much as if it was in every pod.18:15
kfox1111adrian_otto: +1.18:15
QuentinMkfox1111: yeah we do both, check socket and pod on the same host18:16
kfox1111QuentinM: but can security be enhanced by not needing a service token by not checking for the pod?18:17
*** sdake has quit IRC18:17
kfox1111(though thats not quite an option yet. but that feature is progressing)18:17
v1k0d3ndo you guys want to start a general etherpad for pros and cons of each?18:17
v1k0d3nadrian_otto sdake_ rhallisey inc0 kfox1111 thoughts?18:17
kfox1111v1k0d3n: or do we want to start with, what problems we need to solve?18:18
kfox1111we ahave a lot of tools, and a lot of problems. :)18:18
v1k0d3nyes, general concepts only. what we need to solve.18:18
inc0we had some etherpad right? rhallisey18:18
rhalliseyI'm reading back lol.. I was commenting in the spec18:19
rhalliseyone sec18:19
v1k0d3nwell, to be fair, remove any mention of operator/entrypoint. to us they are just names at this points. it;s the concepts that we need to nail down.18:19
adrian_ottoyes, using an etherpad to source a pro/con list make sense from my perspective18:19
QuentinMkfox1111: the default service token is automatically added to each running container on k8s18:19
adrian_ottov1k0d3n: +118:19
QuentinMy18:20
kfox1111QuentinM: there is a thing in development to remove that.18:20
kfox1111trying to find the issue. sec18:20
v1k0d3nhttps://etherpad.openstack.org/p/161115-kolla-kubernetes-cn-discussion18:20
sdake_v1k0d3n pretty sure that is the completely wrong approach ;)18:20
adrian_ottoBest to describe the characteristics of the approach rather than naming it. By naming an approach, you are using a shorthand that means something to those who understand it, and allows for misunderstanding about what that solution actually does or how it works/behaves.18:20
sdake_we define the charactericits with the name18:21
sdake_everything has to have a name18:21
*** tonanhngo has joined #openstack-kolla18:21
adrian_ottonot if it's a name of a tool that is not well understood by all stakeholders18:22
sdake_its not the name of a tool18:22
sdake_its the name of a concept..18:22
adrian_ottoyes, name concepts, not tools.18:22
v1k0d3nok, so we need to agree before we need to agree here sdake_18:22
v1k0d3nanyone for concepts over name? +118:22
sdake_adrian_otto that is being done18:22
adrian_ottoterrific18:23
sdake_is done already18:23
sdake_was odne a week ago ;)18:23
rhalliseyinc0, https://etherpad.openstack.org/p/operator-base-class18:23
rhalliseyinc0, that one?18:23
adrian_ottoline 35 of the spec makes reference to a tool18:23
*** newmember has joined #openstack-kolla18:23
inc0I guess so, but let's use etherpad Brandon created18:23
adrian_ottoas part of "proposed change"18:24
inc0to start fresh18:24
sdake_whats in that etherpad is old and not fleshed out18:24
rhalliseyk18:24
sdake_what is in the spec is fleshed out18:24
sdake_i'd like to see people focus on the spec ;)18:24
sdake_its gone through 12 iterations with over 120 comments18:24
*** tonanhngo has quit IRC18:26
v1k0d3nwe have a hangout going on to discuss.18:26
v1k0d3nhttps://hangouts.google.com/hangouts/_/fbdm6ejjp5dlladngn2ahwo7lye18:26
sdake_unfortunately i have a meeting18:26
openstackgerritPaul Bourke (pbourke) proposed openstack/kolla: Fix fact gathering when using --limit  https://review.openstack.org/39785118:26
sdake_this is why we dont use hangouts typically in openstack18:26
sdake_because if its not recorded, it takes another 3 days to get eveyrone back up to speed18:26
*** tonanhngo has joined #openstack-kolla18:26
pbourkesdake_: inc0: the .gitreview file needs to be updated on kolla-ansible18:27
rhalliseyI'm trying to capture everything in the spec to save the 10000 lines of reading18:27
*** unicell has joined #openstack-kolla18:27
sdake_the education happens via reading..18:27
pbourkesdake_: inc0: I can do but have to run right now, so if someone gets a chance before then18:28
*** newmember has quit IRC18:28
*** fragatina has quit IRC18:28
*** fragatina has joined #openstack-kolla18:29
v1k0d3nsdake_: we're just talking over hangouts, but recording discussion over etherpad18:30
rhalliseyv1k0d3n, kk sec18:30
rhalliseyjoining18:30
v1k0d3nsure18:30
*** TxGirlGeek has quit IRC18:33
*** TxGirlGeek has joined #openstack-kolla18:38
*** harlowja has quit IRC18:38
*** shardy has quit IRC18:39
*** fragatina has quit IRC18:44
*** fragatina has joined #openstack-kolla18:45
*** jheroux has quit IRC18:49
kfox1111droppped out. :/18:50
kfox1111trying to rejoin...18:50
*** egonzalez90 has joined #openstack-kolla18:53
egonzalez90inc0 sdake_ ping18:54
inc0what's up egonzalez9018:54
egonzalez90some kind of sync will be made at kolla-ansible repo?18:54
egonzalez90last change is from friday18:54
*** magicboiz has quit IRC18:57
inc0yeah, we'll need to republish changes18:58
*** narasimha_SV has quit IRC18:59
wirehead_Oh, you think OpenStack is your ally.  But you merely adopted OpenStack.  I was born in it, mouded by it.  I didn’t see the light until I was already a man, by then it was nothing to me but BLINDING!19:00
portdirectwirehead: deep19:00
*** neilus has left #openstack-kolla19:02
openstackgerritAndreas Jaeger proposed openstack/kolla-ansible: Set up .gitreview  https://review.openstack.org/39788819:02
rhalliseywirehead_, lol..19:03
bjolo_wirehead_, sup :)19:06
*** harlowja has joined #openstack-kolla19:06
sbezverkwirehead_: hm you do not look like 6 years old ;-)19:08
*** TxGirlGeek has quit IRC19:13
*** jheroux has joined #openstack-kolla19:14
*** TxGirlGeek has joined #openstack-kolla19:18
kfox1111dependency-in-container dic? :)19:21
bjolo_inc0, https://review.openstack.org/#/c/397186/19:21
kfox1111diic dependency-in-init-container?19:21
bjolo_this needs backport to newton as well. is that in progress? how can i check?19:21
inc0dependency-init-container-kolla19:21
inc0kfox1111, ^19:22
* kfox1111 chuckes19:22
kfox1111was trying to not quite go that far. ;)19:22
portdirectentrycheck?19:23
kfox1111entrydep?19:23
kfox1111entrycheck.19:24
kfox1111I like it.19:24
inc0depcheckentry19:24
*** sdake_ has quit IRC19:25
v1k0d3nYAY!!19:25
v1k0d3nthis proved to be extremely helpful.19:25
kfox1111+119:25
kfox1111so much easier over the phone. :)19:25
*** bjolo_ is now known as bjolo19:25
*** TxGirlGeek has quit IRC19:26
portdirectnot quite: https://www.youtube.com/watch?v=ygE01sOhzz0, but a step in the rieght direction :)19:27
*** sdake has joined #openstack-kolla19:27
kfox1111portdirect: :)19:27
*** krtaylor has quit IRC19:27
kfox1111actually, I think we're trying to solve one problem harder then the "hurding cats" problem.19:28
kfox1111self assembling hurd of cats. :)19:28
inc0-.-19:28
kfox1111how many devs can we get to self assemble into a great team. very hard problem. :)19:29
kfox1111comminication like we just did is key. :)19:29
rhalliseyI'm trying to think of some names19:30
inc0yay for impromptu hangouts19:30
portdirectlol :) frogs in a wheelbarrow, though i think the hardest thing has been the conficting meaning attached to words, as half the time i think we are agreement but using different nonclamenture for similar concepts...19:30
rhalliseyhow about the Meow pod19:30
inc0lmao19:30
rhalliseyinstead of operators, how about admirals19:31
inc0self assembling herd of cats19:31
inc0high level operator will be admiral19:31
inc0service level will be capitan19:31
rhalliseynah that's to complex19:31
rhalliseywe need name for 1 concept19:31
rhalliseyone name for one concept19:31
inc0and init container would be what...ensign?19:32
rhalliseythoughts on admiral?19:32
QuentinMcaptain-deps19:32
rhalliseys/operator/admiral/19:32
inc0sarge nova, reportin' for duty sir!19:32
rhalliseydeck-hand19:32
rhalliseylol19:32
inc0tell me about fleet management;)19:33
rhalliseyhow about ishmael19:33
rhalliseycall me Ishmael19:34
*** TxGirlGeek has joined #openstack-kolla19:34
kfox1111right. one of the hardest things about communication is the assumptions of definitions each party uses not matching. :/19:34
rhalliseykfox1111, what do you think about s/operator/admiral/19:34
kfox1111I'm ok with admiral. :)19:35
rhalliseyok cool19:35
kfox1111has no previous conflicting definition I'm aware of. :)19:35
rhalliseynow we need s/entrypoint/?/19:35
kfox1111heh. this is kind of like quantim mechanics.19:35
QuentinMquentin or quantum19:36
kfox1111all the terms are already used, so lets just use random unused stuff "top, bottom, strange, etc"19:36
QuentinMboth are equally awesome but I mean ...19:36
kfox1111:)19:36
QuentinMx)19:36
portdirectwhat state you in?19:36
kfox1111portdirect: semi-sane. :)19:36
inc0let's please avoid using word quantum...brings back memories I'd like to remain buried19:36
kfox1111inc0: fair enough. :)19:37
portdirectentrypoint -> schrodinger19:37
QuentinMoh boy19:37
QuentinMthat escalated quickly19:37
*** Pavo has quit IRC19:38
* kfox1111 chuckles19:38
inc0aaaand we're back at cats19:38
sbezverkportdirect: something easier to pronounce please19:38
kfox1111or just make up words all together... a froob, a traws, a ...19:38
kfox1111:)19:38
kfox1111inc0: exactly. :)19:38
inc0or we can call it Erwin19:39
kfox1111so, this is the point in a meeting where you get so far off in a tangent, its just time to call the meeting. :)19:39
portdirecthate to say it - it think 'entrycheck' may be the most appropriate, though boring name :(19:39
inc0yes, time when brains are fried and you just drool19:39
inc0dependency-init-container-kolla19:40
inc0that's not boring when you think about it19:40
*** matrohon has joined #openstack-kolla19:40
kfox1111I like entrycheck.19:41
portdirector checkpoint?19:41
kfox1111its pretty clear what it does, and it doesn't conflict with other things.19:41
kfox1111checkpoint is an hpc term for snapshotting a running code to let you recover from failure.19:41
inc0checkpoint has a nice ring to it19:41
inc0checkpoint container19:42
sbezverkportdirect: trademark violation19:42
inc0actually, I lioke that19:42
kfox1111no, please no checkpoint.19:42
sbezverkfor people who is not into networking19:42
inc0chokepoint19:42
sbezverkcheckpopint is taken by firewall product19:42
portdirectk thats pretty clear, not that.19:42
*** Pavo has joined #openstack-kolla19:43
kfox1111entrycheck or entrydep? or something in that vain?19:43
inc0initdep19:43
kfox1111initdep works.19:43
inc0I'll just call it dependency init container for a while19:43
openstackgerritMichal Jastrzebski (inc0) proposed openstack/kolla-kubernetes: Spec - Kolla-Kubernetes Deployment Architecture  https://review.openstack.org/39225719:47
v1k0d3nhow about galini-kolla19:47
portdirectsanityinit - as that essentially what its doing, but I'm out - it's late here, my mind is fried, and I'm worried that it's affecting all of you, via some sort of weird IRC quantum entanglement.19:47
v1k0d3nit's greek for....(wait for it)....19:47
v1k0d3ntranquility19:47
v1k0d3n:D :D :D nuk nuk19:47
inc0tranquil glue19:48
inc0has a nice flair to it19:48
*** portdirect is now known as portdirect_away19:48
inc0or rather...tranquility glue19:48
inc0I think that would be good product name, just not in IT19:48
kfox1111btw. if you ever need a perfect image for the k8s way: https://s-media-cache-ak0.pinimg.com/736x/f5/08/13/f5081398649c7619b35fcd5458870f18.jpg  sidecars & cattle. :)19:54
kfox1111makes me smile every time. :)19:54
inc0and guy on bike is...operator?19:55
*** gfidente has quit IRC19:58
kfox1111hehe.19:59
kfox1111I think thats a pod.19:59
kfox1111deployment is a biker gang of those. :)20:00
kfox1111now theres an image....20:00
kfox1111teacher, can I go home? my brain's full...20:00
sdakeegonzalez90 the answer is each dev will have to sync again unforutnately20:03
*** TxGirlGeek has quit IRC20:04
*** TxGirlGeek has joined #openstack-kolla20:04
sdakeportdirect_away lol20:05
sdakeQuentinM lol20:05
*** krtaylor has joined #openstack-kolla20:05
*** krtaylor has quit IRC20:10
inc0I'm off for 30 or so min, drooling, and after that doing kolla-ansible repo split cleanups20:10
inc0please don't break this nice agreemend we just had20:10
*** inc0 has quit IRC20:10
*** matrohon has quit IRC20:11
*** matrohon has joined #openstack-kolla20:12
*** krtaylor has joined #openstack-kolla20:14
egonzalez90sdake i mean the repo dont have the changes made since friday.20:14
*** krtaylor has joined #openstack-kolla20:15
egonzalez90Should someone push all the changes present in kolla to kolla-ansible?20:15
*** krtaylor has quit IRC20:17
rhalliseysdake, so we are re naming operators to admirals20:17
*** msimonin has joined #openstack-kolla20:17
sdakehow about overlords ;-)20:17
jascott1vikings were nautical20:17
sbezverk"cheeftan" would be a better choice if you want to go into vikings ;-)20:18
*** gagehugo has left #openstack-kolla20:20
sbezverksorry for wrong spelling20:21
kfox1111overloards... :)20:23
kfox1111then we can use the concept of minions too. :)20:23
*** krtaylor has joined #openstack-kolla20:24
*** newmember has joined #openstack-kolla20:25
*** krtaylor has quit IRC20:26
jascott1should we (at some point) develop Chaos Monkey also?20:28
*** papacz has quit IRC20:29
jascott1could be "Viking Pillage Party"20:29
*** chas_ has joined #openstack-kolla20:31
v1k0d3nquote of the day gentlemen: "please don't break this nice agreemend we just had" - inc020:31
v1k0d3nbtw, i am very glad that we worked through that. so note for next time...it may be challenging to do, but etherpad and a hangout really helps a lot.20:32
*** krtaylor has joined #openstack-kolla20:35
jascott1why would config files be TPRs? are we converting them to fields in TPR or just dumping text?20:37
jascott1the value would be to have fields which means we only care about a select number of fields or we are converting entire config file (lots of work/maintenance)20:38
jascott1https://review.openstack.org/#/c/392257/14/specs/kolla-kubernetes-arch.rst,unified Line 8020:41
jascott1^ this doesnt make sense to me20:44
sdakev1k0d3n could someone clarify the nice agreement for me :)20:44
sdakev1k0d3n i've heard conflicting reports of the meeting re operators20:44
sdakerhallisey you will be proud of me20:45
sdakecheck this out20:45
v1k0d3nsdake: https://etherpad.openstack.org/p/161115-kolla-kubernetes-cn-discussion20:45
sdakeI worked dovetail into a sentence in one of my meetings20:45
rhalliseygood job!20:45
sdakenow your turn!20:45
rhalliseyway to lead from the front!20:46
sdakedude hwen i said dovetail20:46
sdakei felt dirty20:46
sdakelike zebra20:46
rhalliseyhaha20:46
sdakewhy on earth did you seed my mind with that term20:46
*** berendt has quit IRC20:50
sdakehttps://bugzilla.redhat.com/show_bug.cgi?id=47336820:51
openstackbugzilla.redhat.com bug 473368 in xorg-x11-drv-ati "Dirty Like Zebra when switching workspaces" [Medium,Closed: currentrelease] - Assigned to airlied20:51
*** eaguilar has quit IRC20:56
*** eaguilar has joined #openstack-kolla21:00
*** sdake_ has joined #openstack-kolla21:00
*** krtaylor has quit IRC21:02
*** TxGirlGeek has quit IRC21:04
*** sdake has quit IRC21:04
*** eaguilar has quit IRC21:04
*** matrohon has quit IRC21:05
*** matrohon has joined #openstack-kolla21:06
*** ccesario has joined #openstack-kolla21:09
*** eaguilar has joined #openstack-kolla21:11
*** adrian_otto has quit IRC21:13
*** inc0 has joined #openstack-kolla21:13
inc0back21:14
*** adrian_otto has joined #openstack-kolla21:14
inc0soo...how many times have we changed arch approach since I left?21:14
*** krtaylor has joined #openstack-kolla21:14
rhalliseysdake_, what was your opinon on changing the operator name21:19
rhalliseygoing to make it admiral21:19
inc0rhallisey, personal request, can we shelve name discussion for now and do poc of init container based deployment?21:19
*** TxGirlGeek has joined #openstack-kolla21:20
rhalliseythought we said we are implementing all the layers21:20
inc0so we can achieve full deployment using just init containers21:20
rhalliseyoperators are still in the spec21:20
inc0operators will deal with upgrades and other harder tasks21:21
inc0but we can achieve full deployment without ever touching operators21:21
rhalliseythat's not how it's reflected in the spec21:21
inc0but that's what we talked about on hangouts21:21
inc0kfox1111, v1k0d3n ^21:21
rhalliseywe said there are multiple layers here :)21:22
rhalliseysec, another spec coming soon21:22
inc0still, full deployment can be done by init container21:22
rhalliseyI defined at layer in the spec21:22
rhalliseythat should clear what I mean21:23
v1k0d3ninc0: yes...we are on the same page.21:23
v1k0d3nit was really clear at the end of that call.21:23
rhalliseyevery layer can do deployment21:23
*** lrensing has quit IRC21:23
v1k0d3nit would be nice to get through 24hrs of clarity.21:23
v1k0d3ni think the group needs that. :)21:23
*** egonzalez90 has quit IRC21:24
inc0yes, please21:24
v1k0d3nesp the PTL. inc0 will start with long hair...end up with none.21:25
inc0or all white21:25
v1k0d3nwelcome to my world buddy :)21:25
v1k0d3nif you're lucky.21:25
inc0so rhallisey I'll say what's in my brain at this very moment and you'll tell me if that's corresponds with your takeaways from our todays meeting21:27
rhalliseyk21:27
rhalliseymine will be reflected in the spec21:28
inc01. We agree that init-container can deal with whole deploy21:28
inc02. We agree that init container can be optional21:28
inc03. Given 1 and 2 we will go ahead and implement deployment with init container (optional)21:28
inc0after that is done, we will examine alternatives if we'll be unhappy with result21:28
*** sdake_ has quit IRC21:28
*** krtaylor has quit IRC21:29
inc0but we'll have working deploymetn soon21:29
rhalliseyagree with all 3 not 421:29
rhalliseywell not that I don't agree with 421:29
rhalliseyI think the spec will be more clear21:29
rhalliseyI just don't like the 4th sentence wording21:30
inc0ok...but you agree with sense right?21:30
inc0what I mean is, we can just go ahead and start implementing init container now21:31
rhalliseyyes21:31
rhalliseythat's in the spec21:31
inc0and keep operator discussion going21:31
rhalliseyagree21:31
inc0ok, fine21:31
rhalliseynot with the operation disccuoin21:31
rhalliseythat's also in the spec21:31
rhalliseyand will be implemented21:31
inc0rhallisey, fine, we're unblocked then21:31
rhalliseyyes21:31
rhalliseywe are21:31
rhalliseyeverything's a layer21:31
kfox1111back.21:31
inc0but with that in mind, let's keep discussion about operators ongoing as we just lowered the scope of them21:32
kfox1111arian has some great feedback.21:32
rhalliseyk let me finish spec. One sec21:32
inc0we need to be crystal clear what problems are we trying to solve with them21:32
inc0agree, but this is operator discussion...or admiral as Ryan called it, kinda like the ring of it21:34
inc0so rhallisey an idea21:34
inc0let's separate inti container from spec21:34
inc0and just agree on it21:34
*** jtriley has quit IRC21:34
rhalliseycrap this isn't going to be done today21:34
inc0follow up with writing the damn thing21:34
inc0that will unblock us from spec21:35
inc0because role of operators in grand scheme of things seems to be fuzzy still21:35
inc0is this course of action acceptable? I can propose bp about init containers right away21:36
inc0and we just approve it and start implementation21:36
rhalliseythere's nothing to stop us from wiritng code21:37
inc0lack of clarity is really stopping21:37
rhalliseythe reason I'm trying to use the spec so much is so everyone understand the direction and why21:37
inc0people don't want to put work into somethign we don't know we throw away21:37
rhalliseyour direction now is in much better shape21:37
rhalliseyinit containers aren't being thrown away21:38
*** Pavo has quit IRC21:38
inc0yes, hence bp-> approval-> implementation21:38
inc0quick stream21:38
kfox1111I think we're in a good place to do the work items in:21:38
rhalliseyya I said that's fine21:38
kfox1111https://etherpad.openstack.org/p/161115-kolla-kubernetes-cn-discussion21:38
kfox1111I've got a prototype for helm stuff here:21:39
kfox1111https://review.openstack.org/#/c/396296/21:39
kfox1111I've got some work in progress to make it a bit more generic.21:39
kfox1111and then we gota try and get entrypoint woven into it.21:39
kfox1111that that requires some of the other work items.21:40
kfox1111so anyone can start working on those right away.21:40
inc0cool21:40
inc0v1k0d3n, ^ we're good to go.21:40
rhalliseyhelm, operators, init container all good to go21:41
rhalliseythere is agreement around those topics21:41
rhalliseythe spec we will have to delay ~1 more day21:41
inc0https://blueprints.launchpad.net/kolla-kubernetes/+spec/dependency-init-container21:42
kfox1111yeah. I think we have them well defined enough people can start working on them. there might be some roughness around the edges, but work can start I think.21:42
kfox1111rhallisey: one more day shouldn't hurt? (famious last words... :)21:42
rhalliseykfox1111, indeed21:42
kfox1111but we can start anyway.21:42
inc0https://blueprints.launchpad.net/kolla-kubernetes/+spec/helm-orchestration21:42
kfox1111(or more accurately, we can continue with the path we've been on.)21:42
rhalliseyspecs are a lot of work guys :)21:42
rhalliseystarted with 80 line21:43
inc0that's why I'm not big fan of it rhallisey ;)21:43
rhalliseymay hit 400 by the end21:43
*** Pavo has joined #openstack-kolla21:43
rhalliseyinc0, nah this is perfect21:43
kfox1111rhallisey: yeah. totally get that. tahnks for keeping it alive.21:43
rhalliseyfantastic for educating the community21:43
inc0anyway, I'm glad, tomorrow on meeting we'll organize work around it21:43
rhalliseyinc0, yes21:43
kfox1111yeah. its a complicated enough thing, it has to dbe documented.21:43
rhalliseyI'll send a ML note21:43
kfox1111this will go a long way.21:43
inc0thanks21:43
rhalliseyya putting an idea into words is hard21:44
*** sdake has joined #openstack-kolla21:44
kfox1111rhallisey: I'd call that blueprint helm packaging21:44
kfox1111less controversial then.21:44
rhalliseywhat is it called21:44
rhalliseyoh21:44
rhalliseyyes21:44
kfox1111:)21:44
v1k0d3nyeah this is really good stuff21:44
v1k0d3nwhat time is meeting? i am starting to get more dialed in.21:45
*** jtriley has joined #openstack-kolla21:45
inc016 utc21:45
sdakeinc0 pretty sure 1-3 isn't what i agreed to ;)21:45
kfox1111which meeting?21:45
v1k0d3nvery happy to see all this working out. today's call was just what we needed.21:45
inc0kfox1111, weekly21:45
inc0sdake, sorry21:45
kfox1111k21:45
rhalliseysdake, I'll expalin in the spec21:45
sdakeyou can't have a meeeting 4 people and call it a day21:46
sdakethats why this needs to happen on irc21:46
openstackgerritRyan Hallisey proposed openstack/kolla-kubernetes: Spec - Kolla-Kubernetes Deployment Architecture  https://review.openstack.org/39225721:46
inc0we had meeting with most of interested parties21:46
*** eaguilar has quit IRC21:46
rhalliseyadrian_otto I'll address your comments in the next review21:46
inc0and come to the conclusion at last21:46
inc0let's not ruin it please21:47
rhalliseyhad already a bunch of pending changes21:47
sdakei'm pretty sure i'm an interested party and was unrepresented21:47
inc0most of21:47
sdakei told you had a conflict21:47
rhalliseyinc0, check out the definitions of layers21:47
sdakehad the meeting anyway21:47
inc0https://etherpad.openstack.org/p/161115-kolla-kubernetes-cn-discussion <-sdake21:47
*** eaguilar has joined #openstack-kolla21:47
kfox1111inc0: a lot of what was discussed isn't in the etherpad unfortunatly. not sure I could reconstruct it though.21:49
inc0rhallisey, what I'm saying is with current model operators are orthogonal to deployment itself, which is exactly fine21:50
inc0we can implement them wherever we need21:50
kfox1111basically I think it came down though to two groups. those taht want to orchestrate with packagemanager/entrypoint, and those that wanted it outside.21:50
kfox1111we decided to allow both to co'exist, as I understood the outcome.21:50
inc0yeah, but during ocata at least we focus on one21:50
inc0make it optional, but if somebody wants to niclude second, possible21:51
kfox1111my focus is on the underlayers as thats really waht I need and am being paid for.21:51
kfox1111 Ican't say where other's focus is on.21:51
inc0but we need "an orchiestration"21:51
inc0kfox1111, underlayers as deployment of services itself?21:51
kfox1111yes. kolla really needs orchestration for the 90% use case.21:51
inc0that's fine, we can handle 90% thing with init-container21:52
kfox1111inc0: in the layer cake, layer 4 through 1, excluding the layer 2 thing that just poped up.21:52
*** eaguilar has quit IRC21:52
inc0fine, so piece of code to create configmaps and shoot helm package into the k8s21:53
inc0right?21:53
inc0while we'll deal with making this thing stand in correct order21:53
kfox1111yeah. thats a simple operator.21:53
kfox1111there's one thing I 'm still working on prototyping...21:54
jascott1are we starting with one db per service?21:54
kfox1111you can nest packages.21:54
inc0jascott1, potentially in future21:54
inc0not now21:54
kfox1111so if we make fine grained packages,21:54
jascott1cool21:54
kfox1111then we can make an overarching package that includes them and does the orchestration jobs.21:54
kfox1111so that coveres the stackanetes use case.21:55
*** harlowja has quit IRC21:55
kfox1111and those that don't want helm to orchestrate can use the lower level packages and a an operator or manually deploy them.21:55
kfox1111I think the idea wiill fly, but need to test.21:55
inc0yeah, that'd be perfect21:55
inc0openstack chart that's composed from nova charts, neutron charts21:55
inc0and so on21:55
rhalliseyinc0, did you read the layering section?21:57
kfox1111right.21:57
inc0yes21:57
jascott1at a helm level, if user doesnt want some service will we have a way to exclude from installing resources into k8s?21:57
rhalliseykk21:57
kfox1111jascott1: yeah.21:57
inc0jascott1, yes, helm is supposed to handle that21:57
kfox1111jascott1: my use case requires multiple mariadbs/rabbitmq's.21:57
kfox1111its actually one of the next things I need to implement.21:57
kfox1111It comes much more cheeply from having a package manager, and thats one reason I was focused so much on helm the last couple weeks.21:58
jascott1I think we will have to do something, helm installs everything in a charts directory recursively21:59
kfox1111actually no.22:00
inc0jascott1, one way to deal with this is to have chart for mariadb22:00
kfox1111I foudn a workaround. :)22:00
inc0and chart for keystone22:00
kfox1111the trick is,22:00
kfox1111helm does that for all packages not starting with _.22:00
inc0and init-container in keystone with dependency on mariadb22:00
inc0oO22:00
kfox1111if you put a file in starting with _, and wrap it in a macro,22:00
adrian_ottorhallisey: thanks for looking through my comments.22:01
kfox1111you can put it in a conditional in a template not starting with _.22:01
inc0ahh....naming-convention-based-logic22:01
inc0how fun22:01
kfox1111so a value can make turning on/off a template work. :)22:01
jascott1i have seen that used for partials but hadnt thought of using it for package control22:02
kfox1111jascott1: https://review.openstack.org/#/c/396296/ for the current prototype.22:02
kfox1111:)22:02
kfox1111yeah. :)22:02
kfox1111it hit me all of a sudden.22:02
kfox1111adrian_otto: thanks for submiting them. :)22:02
jascott1inc0: so they are separate packages without deps used in helm?22:02
inc0that's one way of doing it22:03
rhalliseybrb22:03
jascott1i.e. we throw out the helm dep stuff in that case22:03
inc0so one thing tho, bootstrap jobs22:03
rhalliseyI'll get in maybe 1 or 2 more review tonight22:03
inc0jobs doesn't have init containers right?22:03
kfox1111bootstrap jobs.22:03
kfox1111they might.22:03
kfox1111or, they could I should say.22:03
inc0ok, nvm then22:03
jascott1stackanetes's init-container has mechanism to wait for jobs22:03
rhalliseyinc0, kfox1111, any discussion I miss here please dump it in the spec22:04
kfox1111rhallisey: +122:04
rhalliseyso I can have the spec reflect it22:04
inc0jascott1, other way around, jobs waiting for something else22:04
*** rhallisey has quit IRC22:04
jascott1gotcha22:04
inc0like nova bootstrap job waiting for mariadb22:04
kfox1111inc0: emagine a mariadb inner db creation job waiting for mariadb pod to be launched.22:04
jascott1can a job kind have init container22:04
kfox1111yes.22:05
kfox1111jobs are really just pods that dont autorestart if the main container exists 0.22:05
kfox1111all the regular pod features work.22:05
sbezverkjascott1: job translates into the same POD as everything else, it is just has an end, other types usually do not.22:05
inc0then fine22:05
kfox1111I can totally see orchestrating an entire deployment with helm/entrypoint. It will work for a lot of people.22:07
inc0yeah22:07
inc0that's my point22:07
kfox1111I'm just not 100% sure it will work for 100% of the people.22:07
inc0nothing ever will22:07
kfox1111and I'm not sure I'm in that set. :/22:07
inc0but there always will be option to turn them off22:07
inc0and do it manually22:07
kfox1111yup. then I'm good. :)22:07
inc0all you need to do is...nto include init container at all22:08
inc0and do it all manually22:08
sdakeor use an operator22:08
kfox1111launch helm install --set no_entrypoint foopackage22:08
sdakethat is the design compromise kfox1111 proposed to us early on22:08
inc0kfox1111, exactly22:09
inc0just keep in mind that with taht helm will just throw everything at k8s22:09
inc0and hope for the best22:09
sdakeif people want to use operators they can, if people want ot use init containers they can22:09
kfox1111right. and if we make the packages configurable enough, that can be fine too.22:09
sdakeif they want to use both god helm them, they can22:09
kfox1111the one thing I havent figured out yet,22:10
jascott1heheh22:10
kfox1111is can we do one package per microservce, and service packages to wrap them all up for those that want that.22:10
inc0ultimate granularitah!22:10
kfox1111or can we do the trick I'm doing in the helm prototype, where I just make one package for the service, and load the microservice out of it conditionally.22:10
*** matrohon has quit IRC22:11
jascott1thats sounds better22:11
kfox1111gota experiment a bit more to decide.22:11
*** matrohon has joined #openstack-kolla22:11
sbezverkkfox1111: microservice package is actually a kolla's image for a specific service, right?22:11
kfox1111see https://review.openstack.org/#/c/396296/16/tests/bin/ceph_workflow.sh22:11
kfox1111for how thats launched,22:11
*** matrohon has quit IRC22:11
inc0chart for nova-api which will be included in chart nova which will be included in chart openstack22:11
inc0right>22:11
kfox1111and this crazy trick: https://review.openstack.org/#/c/396296/16/helm/openstack-neutron/templates/main.yaml :)22:11
kfox1111inc0: right.22:12
jascott1inc0 thats too many charts22:12
kfox1111jascott1: they are pretty trivial to nest.22:12
inc0yo dawg I heard you like charts so I put chart into your chart22:12
kfox1111hehe22:12
jascott1lol22:12
sdakeis it clear to everyone that we are doing 1-1022:13
jascott1if chart ~= image and all those are on one image22:13
sdakelines 80-9022:13
jascott1why have a chart per22:13
kfox1111cart != one image. but one microservice.22:13
*** harlowja has joined #openstack-kolla22:13
*** matrohon has joined #openstack-kolla22:13
kfox1111Ie, a pod is made up of the microservice + maybe fluentd + maybe entrypoint, etc.22:13
jascott1glance api and glance registry will run off different images?22:13
*** jtriley has quit IRC22:13
sdakejascott1 they do currently yes22:13
kfox1111so a microservice chart is likely involing more then one image.22:14
jascott1that seems like where an extra chart would come in maybe22:14
jascott1i just dont see the value in a chart per 'daemon'22:14
kfox1111for those of us that want to manually build their clouds.22:14
kfox1111they can reuse just the templates/packages without any orchestration what so ever.22:15
kfox1111if that same workflow can be replicated in a combined package though, like in the helm prototype review, then that would work too.22:15
sdakeok well since apparently i'm on ignore - i'll go do something else22:15
sdakeenjoy22:15
kfox1111sdake: sorry. was I ignoring you?22:16
sdakenobody answered my question from this mystical meeting22:16
sdakeabout lines 80-9022:16
kfox1111in the currentest spec?22:16
sdakeyes22:16
kfox1111looking.22:17
jascott1oh i think I understand line 80 now. the TPR is just a list of files22:17
jascott1well more than that but it contains list of files22:18
sdakejascott1 you got it22:18
jascott1it read to me like load the config files into the TPR22:18
kfox1111sdake: ok. the way I interpite that, is for the operator, thats what it will do. so, yes.22:18
kfox1111for those not using operators, they will have something else do that. such as helm.22:18
sdakekfox1111 this conflicts with what inc0 said earlier 1,2,3 nothing else22:18
inc0sdake, feel free to write this operator if you want, we just write init-container22:19
inc0it will be optional, default22:19
sdakewhat i agreed to was init container optional off22:19
kfox1111inc0: I think the kolla team is split on "we" there.22:19
inc0kfox1111, I can get people to work on it right now22:20
kfox1111I think some want to work on operators, some on helm/entrypoint workflow.22:20
sdakekfox1111 thats great - good there is so much energy :)22:20
kfox1111Its open source. I think each can work on what they need to. :)22:20
inc0yup, let's decide what is default when we get at least one merged22:20
kfox1111I think both are liekly to be done in parallel.22:21
inc0fine, whatever as long as one works22:21
inc0in ocata22:21
kfox1111+1. :)22:21
jascott1what is our init container going todo that the stackanetes one isnt?22:21
inc0and fittest will survive22:21
kfox1111jascott1: they mix entrypoint into every container.22:21
inc0jascott1, nothing, this is really variant of stackanetes approach22:21
kfox1111jascott1: the idea we had was to put it in an init container instead, following the sidecar pattern.22:22
kfox1111otherwise, same as the stackanetes aproach.22:22
inc0variant as in entrypoint won't be in image itself, it will have dedicated init container image22:22
sdakenot fittest will survive22:22
jascott1ok thanks22:22
*** adrian_otto has quit IRC22:28
*** khamtamtun has joined #openstack-kolla22:29
jascott1can we change line 80 to "Read Keystone configuration file **names** from the Kubernetes ThirdPartyResource and"22:30
*** adrian_otto has joined #openstack-kolla22:31
*** jheroux has quit IRC22:32
*** schwicht has quit IRC22:35
*** matrohon has quit IRC22:38
sdakejascott1 if you want a change submit in spec22:39
sdakepretty much what i've been saying since ryan has been working on it :)22:39
*** adrian_otto has quit IRC22:45
jascott1should I do comment or patch? dont want to be lazy ;)22:45
jascott1well...22:45
sdakejascott1 yes comment in patch use the c button to leave a comment22:47
sdakethen click "post" after done22:47
*** lamt has quit IRC22:48
jascott1done. thanks22:49
*** fguillot has quit IRC22:52
*** msimonin has quit IRC22:53
*** mgiles has quit IRC22:57
sdakethanks jascott122:58
*** khamtamtun has quit IRC22:59
sdakesweet all my expense reports were approved22:59
sdakenow to get rbergeron to do hers ;)22:59
*** harbor has joined #openstack-kolla23:09
*** harbor is now known as portdirect_23:09
Pavogood evening23:10
portdirect_evening pavo23:11
Pavoevening portdirect_23:11
Pavoso I have found a issue with the current kolla-ansible unless I am doing something wrong23:12
Pavoonce you enable Ceph and you do parted $DISK -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP 1 -1 and then deploy23:12
*** dave-mccowan has quit IRC23:12
Pavoif you restart the storage node or lose power you have to do the parted $DISK -s -- mklabel gpt mkpart KOLLA_CEPH_OSD_BOOTSTRAP 1 -1 again before your ceph containers stay in a loop restart23:13
Pavowhich might want to be documented in the docs at http://docs.openstack.org/developer/kolla/ceph-guide.html23:14
*** msimonin has joined #openstack-kolla23:15
*** eaguilar has joined #openstack-kolla23:19
*** sdake has quit IRC23:22
*** lamt has joined #openstack-kolla23:23
*** msimonin has quit IRC23:25
*** inc0 has quit IRC23:25
jascott1Pavo no experience but that doesnt sound good/right23:27
portdirect_pavo: don't use kolla-ansible I'm afraid so can't help, but that doesn't sound nice/right - :(23:27
jascott1haha23:27
PavoI agree23:27
portdirect_:)23:27
jascott1isnt that labeling the partition?23:28
PavoI would think that it would just reuse the same partition thats been labled23:28
jascott1i know there is issue around ceph and locking not being released. is this the same or related?23:28
PavoI thought is was but apparently its not labeling persistently23:28
Pavohaven't ran into that issue yet jascott123:29
portdirect_yup - which looks weird - but one of the kolla-ansible peeps should be able to offer assistance23:29
Pavobut this is also my first time using Ceph also, so there is that23:29
Pavolike I said I could be doing it wrong just giving feedback on what docs say23:30
*** chas_ has quit IRC23:33
*** Pavo has quit IRC23:38
*** Pavo has joined #openstack-kolla23:38
*** TxGirlGeek has quit IRC23:39
*** lamt has quit IRC23:41
*** TxGirlGeek has joined #openstack-kolla23:42
*** lamt has joined #openstack-kolla23:55
*** chas_ has joined #openstack-kolla23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!