Friday, 2018-03-23

« Thursday, 2018-03-22 Index Saturday, 2018-03-24 »
*** sai_p has quit IRC00:09
*** radeks__ has quit IRC00:15
*** masber has quit IRC00:22
openstackgerritmelissaml proposed openstack/kolla-ansible master: fix tpyos in the documentation  https://review.openstack.org/55553900:26
*** hamzy has joined #openstack-kolla00:30
*** yingjun has joined #openstack-kolla00:36
*** yingjun has quit IRC00:40
*** yingjun has joined #openstack-kolla00:45
*** tovin07_ has joined #openstack-kolla00:50
*** zhubingbing has joined #openstack-kolla00:55
*** yingjun has quit IRC01:00
*** masber has joined #openstack-kolla01:12
*** harlowja_ has quit IRC01:13
*** hongbin has joined #openstack-kolla01:15
*** zhaochao has joined #openstack-kolla01:17
masbergood afternoon, I am playing with kolla 6.0.0.0rc2 which one should I use? centos binary? source? ubuntu?01:23
masberI would like to deploy openstack01:23
masberand I found centos binary does not have all images eg fluentd so I was wondering which distro I could use?01:24
*** zhubingbing has quit IRC01:25
*** caowei has joined #openstack-kolla01:42
*** krasmussen has quit IRC01:46
*** krasmussen has joined #openstack-kolla01:46
*** caoyuan has joined #openstack-kolla01:49
openstackgerritcaoyuan proposed openstack/kolla-ansible master: Fix the novnc valid options for all.yml  https://review.openstack.org/55522901:51
*** krasmussen has quit IRC01:51
*** zhurong has joined #openstack-kolla01:52
*** dangtrinhnt has joined #openstack-kolla01:56
openstackgerritpippo proposed openstack/kolla-ansible master: fix word in the documentation  https://review.openstack.org/55559602:00
*** zhubingbing__ has joined #openstack-kolla02:01
*** caoyuan_ has joined #openstack-kolla02:02
Jeffrey4lmasber, centos+source is more well tested.02:04
*** caoyuan has quit IRC02:04
*** zhubingbing_ has quit IRC02:04
*** caowei has quit IRC02:09
openstackgerritmelissaml proposed openstack/kolla-ansible master: fix typos in the documentation  https://review.openstack.org/55553902:17
*** chmarkus has quit IRC02:19
openstackgerritzenghui.shi proposed openstack/kolla-ansible master: Add ptp ansible role  https://review.openstack.org/51921902:22
Jeffrey4lduonghq, spsurya could you review https://review.openstack.org/555341 thanks02:23
*** chmarkus has joined #openstack-kolla02:23
*** caowei has joined #openstack-kolla02:30
*** masber has quit IRC02:41
*** livelace-link has quit IRC02:45
*** livelace-link has joined #openstack-kolla02:46
*** salv-orl_ has joined #openstack-kolla02:47
*** livelace-link has quit IRC02:48
*** salv-orlando has quit IRC02:50
spsuryaJeffrey4l: done02:55
caoyuan_spsurya  could you please help me to review this ps? https://review.openstack.org/#/c/423901/  thanks03:04
spsuryacaoyuan_: sure03:11
caoyuan_:)03:13
*** yingjun has joined #openstack-kolla03:15
*** masber has joined #openstack-kolla03:19
masberJeffrey4l, ok, I built centos source and fluentd is also missing? how people is deploying openstack using kolla-ansible 6.0.0.0rc2?03:24
*** yingjun has quit IRC03:25
*** caoyuan_ has quit IRC03:29
*** hongbin has quit IRC03:47
*** itlinux has quit IRC03:59
masberor can I deploy openstack using kolla-ansible 6.0.0.0rc2 without fluentd?04:01
*** zhurong has quit IRC04:04
openstackgerritDoug Hellmann proposed openstack/kolla master: add lower-constraints job  https://review.openstack.org/55562804:04
openstackgerritDoug Hellmann proposed openstack/kolla-ansible master: add lower-constraints job  https://review.openstack.org/55562904:04
*** caoyuan has joined #openstack-kolla04:05
openstackgerritDoug Hellmann proposed openstack/kolla-kubernetes master: add lower-constraints job  https://review.openstack.org/55563004:05
openstackgerritMerged openstack/kolla stable/queens: Support push kolla tag image to hub.docker.com site  https://review.openstack.org/55534104:18
*** harlowja has joined #openstack-kolla04:19
*** skramaja has joined #openstack-kolla04:47
*** unicell has joined #openstack-kolla04:56
*** unicell1 has joined #openstack-kolla04:59
*** unicell has quit IRC05:01
*** harlowja has quit IRC05:12
*** lpetrut has joined #openstack-kolla05:12
*** jtriley has quit IRC05:22
*** gyankum has joined #openstack-kolla05:23
Jeffrey4lmandre, why fluentd is missing? do you get any error related to this?05:24
Jeffrey4lmasber, ^^05:24
masberJeffrey4l, https://bpaste.net/show/41fe94d6e42405:26
masberI am using centos source05:26
Jeffrey4lokay. i am trying to reproduce this.05:27
Jeffrey4lare you sure you are using 6.0.0.0rc2? seem your fluent.log do not match the code https://github.com/openstack/kolla/blob/01c6dfef2ab9ec3056b015627767ced7f1936aff/docker/base/Dockerfile.j205:30
Jeffrey4lthere is no "ulimit -n xxx" masber05:30
masberall my images are 6.0.0.rc205:31
masber6.0.0.0rc205:31
Jeffrey4lthis link https://github.com/openstack/kolla/blob/01c6dfef2ab9ec3056b015627767ced7f1936aff/docker/fluentd/Dockerfile.j205:31
Jeffrey4lshow me you fluentd/Dockerfile.j2 file05:31
*** mdnadeem has joined #openstack-kolla05:34
*** yingjun has joined #openstack-kolla05:34
masberJeffrey4l, https://bpaste.net/show/df1dc3d0a74e05:34
*** yingjun has quit IRC05:34
Jeffrey4ldiff with this file https://github.com/openstack/kolla/blob/01c6dfef2ab9ec3056b015627767ced7f1936aff/docker/fluentd/Dockerfile.j205:34
*** dangtrinhnt has quit IRC05:34
Jeffrey4lthey are different.05:34
Jeffrey4lyou are not using 6.0.0.0rc205:35
Jeffrey4lseems you are using 5.0.0.0rc205:35
masberhum05:35
masberhow come?05:36
masberthis is the command I use to build /root/kolla/.tox/genconfig/bin/kolla-build --registry 192.168.20.1:5000 --push --tag 6.0.0.0rc2 --logs-dir ./kolla-logs05:36
Jeffrey4lrun "git describe" in kolla folder masber05:36
masber5.0.0-11-g5f8b7fe05:37
masberok ...05:37
Jeffrey4lyou need switch to kolla 6.0.0.0rc2 tag05:37
masber# git branch05:37
masber  master05:37
masber  stable/ocata05:37
masber* stable/pike05:37
masberhum05:37
masberok05:38
*** yingjun has joined #openstack-kolla05:48
*** krasmussen has joined #openstack-kolla05:51
*** krasmussen has quit IRC05:52
*** krasmussen has joined #openstack-kolla05:52
*** yingjun has quit IRC06:02
masberJeffrey4l, git clone only downloads rc1, I am trying using release rc2 (downloading the rc2.tar.gz file) and this is what I get when I try to create the config file https://bpaste.net/show/2cf6e5a51e4906:14
Jeffrey4lmasber, check your pip version "pip --version" i think you need upgrade it first `pip install -U pip`06:15
masberpip 9.0.2 from /usr/lib/python2.7/site-packages (python 2.7)06:16
masbernow I have pip 9.0.3 but same issue06:16
Jeffrey4ltry upgrade "virtualenv", pip install -U virtualenv06:17
masberok for some reason /root/kolla-6.0.0.0rc2/.tox/genconfig/bin/pip install -c https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=stable/queens -r/root/kolla-6.0.0.0rc2/requirements.txt -r/root/kolla-6.0.0.0rc2/test-requirements.txt doesnt work06:18
masberbut pip install -c https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=stable/queens -r/root/kolla-6.0.0.0rc2/requirements.txt -r/root/kolla-6.0.0.0rc2/test-requirements.txt works06:18
masberJeffrey4l, I get same error after upgrading virtualenv, for some reason it doesn't like the pip in /root/kolla-6.0.0.0rc2/.tox/genconfig/bin/pip06:19
masberbut system wide one (the one I upgraded) works06:19
Jeffrey4lafter upgraded virtualenv, try "tox -egenconfig -r"06:20
*** zhurong has joined #openstack-kolla06:21
masberJeffrey4l, I got one step further but still breaks https://bpaste.net/show/8b5025f750fc06:22
*** lpetrut has quit IRC06:22
Jeffrey4lmasber, better use git clong  :D06:22
masberhehehe06:22
masberok, git clone only gives me rc106:22
openstackgerritMerged openstack/kolla master: Add freezer-scheduler container  https://review.openstack.org/54894606:23
masberI don't mind trying rc1, but just to let you know06:23
Jeffrey4lthis error is reated to pbr. you need either use git clone. or use the tar.gz file from tarball.openstack.org site.06:23
Jeffrey4lshow me "git branch -av"06:23
Jeffrey4lrc2 should be there.06:23
Jeffrey4lor try "git fetch origin" then "git branch -av"06:23
masberhttps://bpaste.net/show/1d2988cd7d7706:24
Jeffrey4lhrm, sorry, i means "git tag"06:24
masberhttps://bpaste.net/show/df27c43c8dcb06:25
masberok so just git checkout 6.0.0.0rc206:26
Jeffrey4l6.0.0.0rc2 is there06:26
Jeffrey4lyes06:26
masberok06:26
*** krasmussen has quit IRC06:28
*** krasmussen has joined #openstack-kolla06:28
*** radeks__ has joined #openstack-kolla06:30
*** krasmussen has quit IRC06:33
*** lpetrut has joined #openstack-kolla06:36
*** hjensas has quit IRC06:45
openstackgerritcaoyuan proposed openstack/kolla-ansible master: Add freezer-scheduler role  https://review.openstack.org/54844906:59
*** kiennt26 has quit IRC07:05
openstackgerritClint 'SpamapS' Byrum proposed openstack/kolla-ansible master: Allow disabling insecure API endpoints  https://review.openstack.org/54840707:07
openstackgerritClint 'SpamapS' Byrum proposed openstack/kolla-ansible master: When preventing insecure endpoints forward more carefully  https://review.openstack.org/55566207:07
*** egonzalez has joined #openstack-kolla07:12
*** murphyslawbbs has joined #openstack-kolla07:14
*** pcaruana has joined #openstack-kolla07:21
*** yingjun has joined #openstack-kolla07:25
*** paken has joined #openstack-kolla07:29
*** zhurong has quit IRC07:30
openstackgerritMerged openstack/kolla-ansible master: Glance policy copy is not using correct name  https://review.openstack.org/55307007:31
*** gkadam has joined #openstack-kolla07:41
*** Tim-E has joined #openstack-kolla07:41
masberso I run kolla-genpwd and then?07:43
masberwhere is the file with the passwords?07:43
Tim-E./etc/kolla/passwords.yml07:43
Tim-ESo my initial deployment of Kolla had ceph enabled in globals.yml and for some reason ceph_mon has an issue connecting to the ceph_rbd. However, when I do disable ceph in globals.yml and run a initial deployment and enabled it afterwards with another deploy, it works. Any ideas why this is ?07:47
*** lpetrut has quit IRC07:56
openstackgerritShangXiao proposed openstack/kolla-kubernetes master: Update the old doc links  https://review.openstack.org/55569007:58
*** satroutr has joined #openstack-kolla08:05
*** murphyslawbbs has quit IRC08:06
*** hjensas has joined #openstack-kolla08:10
*** hjensas has quit IRC08:10
*** hjensas has joined #openstack-kolla08:10
*** murphyslawbbs has joined #openstack-kolla08:16
masberok... memcached is complaining "failed to set rlimit for open files. Try starting as root or requesting smaller maxconns value."08:27
*** murphyslawbbs has quit IRC08:28
*** murphyslawbbs has joined #openstack-kolla08:33
*** gfidente has joined #openstack-kolla08:35
*** lgsafety has joined #openstack-kolla08:39
*** hamza21 has joined #openstack-kolla08:54
openstackgerritMerged openstack/kolla stable/ocata: Increase the post-timeout to 3600 seconds  https://review.openstack.org/55530308:55
*** dougsz has joined #openstack-kolla08:58
*** cah_link has joined #openstack-kolla09:04
*** krasmussen has joined #openstack-kolla09:18
*** lgsafety has quit IRC09:22
*** ktibi has joined #openstack-kolla09:22
*** lgsafety has joined #openstack-kolla09:22
*** krasmussen has quit IRC09:22
*** mgoddard has joined #openstack-kolla09:23
*** lpetrut has joined #openstack-kolla09:27
*** radeks_ has joined #openstack-kolla09:27
*** radeks__ has quit IRC09:28
*** lpetrut_ has joined #openstack-kolla09:28
*** lpetrut has quit IRC09:28
*** radeks__ has joined #openstack-kolla09:29
*** radeks_ has quit IRC09:32
openstackgerritMerged openstack/kolla-ansible master: Remove the duplicate "become" for config-nova-fake.yml  https://review.openstack.org/55511409:33
*** murphyslawbbs has quit IRC09:33
*** gkadam is now known as gkadam-afk09:36
*** murphyslawbbs has joined #openstack-kolla09:41
*** yingjun has quit IRC09:41
*** gkadam-afk is now known as gkadam09:43
*** lgsafety has quit IRC09:46
*** liuzz has quit IRC09:47
*** bmace has quit IRC09:54
*** bmace has joined #openstack-kolla09:54
openstackgerritMerged openstack/kolla-ansible master: Optimize reconfiguration for ironic  https://review.openstack.org/42390109:55
*** caoyuan has quit IRC09:59
*** duonghq has quit IRC10:00
*** ArminderSingh has quit IRC10:08
*** ArminderSingh has joined #openstack-kolla10:13
*** tovin07_ has quit IRC10:18
*** krasmussen has joined #openstack-kolla10:19
*** krasmussen has quit IRC10:23
*** murphyslawbbs has quit IRC10:25
*** sambetts|afk is now known as sambetts10:32
openstackgerritKevin Tibi proposed openstack/kolla master: Add designate-ui for horizon centos  https://review.openstack.org/55573310:41
*** pbourke has quit IRC10:43
*** pbourke has joined #openstack-kolla10:43
*** caowei has quit IRC10:51
*** caoyuan has joined #openstack-kolla10:52
*** krasmussen has joined #openstack-kolla10:59
*** krasmussen has quit IRC11:00
*** krasmussen has joined #openstack-kolla11:00
*** caoyuan has quit IRC11:08
*** athomas_ has joined #openstack-kolla11:14
*** caoyuan has joined #openstack-kolla11:20
*** satroutr has quit IRC11:23
*** caoyuan has quit IRC11:25
*** pcaruana has quit IRC11:27
*** ansmith has quit IRC11:32
*** dangtrinhnt has joined #openstack-kolla11:37
pbourkemgoddard: you seeing any errors in ironic around rpc versions by any chance?11:38
mgoddardpbourke: nothing I'm aware of. Is this recent master? Any logs you can share?11:39
pbourkemgoddard: Im new to ironic so maybe doing something wrong... This is a fairly vanilla deploy of master though - http://paste.openstack.org/show/709909/11:40
*** rhallisey has joined #openstack-kolla11:40
pbourkebtw this is nova_compute_ironic11:41
pbourkemgoddard: have you ever tried virtualbmc?11:43
mgoddardpbourke: ah, that makes more sense11:43
mgoddardpbourke: yes I sometimes use virtualbmc for testing11:43
mgoddardseems to work fairly well11:43
pbourkemgoddard: nice11:44
pbourkemgoddard: Im trying to get a simple demo up and going with it to help document ironic with kolla a little better11:44
pbourkewill try pull the latest images and see if it helps this error at all11:44
pbourkefrom a high level my steps are, install virtualbmc inside nova_libvirt, create a nova instance and associate a vbmc with that libvirt instance11:45
pbourkeIm using the default port assigned to the instance as the ironic port11:46
pbourkedoes that sound ok so far?11:46
mgoddardso you're using a nova virt instance as a bare metal node?11:47
pbourkewell, that's the plan, dont know if its a good idea or not11:47
mgoddardon the failure, perhaps this is related: https://github.com/openstack/nova/commit/a761e57368280b6d3e931831ecd393fd5787b3ef11:49
mgoddardnew images seems like a good plan11:49
mgoddardpossibly worth asking in #openstack-nova if you get stuck11:49
mgoddardI'm not sure about using a nova virt instance as a BM - both ironic and nova will want to control the power state of the VM11:50
pbourkemgoddard: what do you use for baremetal with vbmc.11:50
pbourke?11:50
mgoddardpbourke: I just use libvirt11:51
mgoddardas does the ironic devstack plugin11:51
pbourkeok good to know11:51
pbourkeusing nova may complicate things11:51
pbourkebut I'll persist for another bit11:51
mgoddardhttps://github.com/openstack/ironic/blob/master/devstack/tools/ironic/scripts/create-node.sh11:51
mgoddardnetworking could get funky - you'll need to be able to reach TFTP on the VM's tenant network11:52
mgoddardand there will be two ports in neutron for the same MAC on the same network - one for nova virt, one for an instance on the bare metal node11:53
mgoddardhttps://github.com/openstack/ironic/blob/master/devstack/tools/ironic/templates/vm.xml11:53
*** dangtrinhnt has quit IRC11:53
mgoddardassume you're just going to go for flat networking?11:53
mgoddardi.e. no multitenancy, no plugging the bare metal node into different networks11:54
mgoddardit's possible via something like https://github.com/openstack/networking-generic-switch11:55
mgoddardbut gets quite fiddly11:55
*** satroutr has joined #openstack-kolla11:55
*** jaosorior has quit IRC11:56
*** caoyuan has joined #openstack-kolla11:59
*** caoyuan has quit IRC12:04
mgoddardpbourke: if your work could go some way towards a bare metal job for kolla-ansible CI, that would be excellent. I'd be willing to help make that happen12:06
*** gkadam_ has joined #openstack-kolla12:07
pbourkemgoddard: sounds good, yeah I'll keep you updated12:07
pbourkeappreciate the tips, pretty steep learning curve on this stuff it seems12:08
*** gkadam has quit IRC12:09
mgoddardpbourke: it's another world :) feel free to fire questions my way12:09
mgoddardpbourke: I started working on a script for this for kayobe: https://github.com/markgoddard/openstack-tools/blob/ironic-vm-node/ironic-fake-nodes/ironic-vm-nodes.sh12:10
mgoddardfeel free to use what you like from it12:10
pbourkenice looks pretty clean12:11
pbourkeshould help!12:11
mgoddardI didn't quite get it working - the VM would power on but not PXE boot12:11
pbourkethat's the point I got to, I can power on/off the VM via ironic12:11
pbourkewhich is kind of cool, but not hugely useful12:12
mgoddardyeah :)12:12
mgoddardprobably need to compare the XML config with the one in ironic12:13
*** skatsaounis has joined #openstack-kolla12:14
mgoddardpbourke: which ironic-python-agent images are you using?12:15
*** skatsaounis has quit IRC12:15
pbourketinyipa12:15
mgoddardok, that should work12:15
mgoddardI saw some issues with coreos12:15
*** skatsaounis has joined #openstack-kolla12:15
mgoddardpbourke: there's also bifrost for another reference point: https://github.com/openstack/bifrost/tree/master/playbooks/roles/bifrost-create-vm-nodes12:17
pbourkegood to know12:17
pbourkeI was having a look at the devstack plugin but just so much bash to read12:17
*** jtriley has joined #openstack-kolla12:18
*** zhubingbing has joined #openstack-kolla12:19
pbourkeok good news is the RPC error is gone with new images12:21
skatsaounisHi, I am trying to deploy kolla-kubernetes microservice heat-api-deployment on ubuntu-source-pike images. I am getting the following error from heat-api command: "Could not bind to ('0.0.0.0', 8004) after trying for 30 seconds". Any ideas?12:22
pbourkeJeffrey4l: ^12:26
mgoddardpbourke: it's a lot of bash, but the main thing to consider is the libvirt XML config template, and the options that get passed in12:28
mgoddardpbourke: tcpdump is your friend for debugging the PXE issues12:29
*** murphyslawbbs has joined #openstack-kolla12:29
*** pcaruana has joined #openstack-kolla12:30
*** jtriley has quit IRC12:35
*** caowei has joined #openstack-kolla12:42
*** edleafe is now known as figleaf12:46
*** hamza21 has quit IRC12:49
*** skatsaounis has quit IRC12:55
*** skatsaounis has joined #openstack-kolla12:55
*** goldyfruit has joined #openstack-kolla13:02
*** ansmith has joined #openstack-kolla13:03
*** caowei has quit IRC13:07
*** hamza21 has joined #openstack-kolla13:07
*** goldyfruit has quit IRC13:09
*** skramaja has quit IRC13:17
*** dklyle has quit IRC13:27
Tim-Ethe dhcp agents shoudl only ever run on the controller nodes or dedicated network nodes right ? Never on a compute node ?13:29
Tim-Eas far as I can see the dhcp agents are running on the controller nodes, which is fine but my virtual machines are unable to obtain a IP13:30
SamYapleTim-E: your understanding is correct for the most part (though there is nothing stopping them running on compute nodes)13:35
SamYapleif your instance isnt getting an ip, this is where tcpdumpis your friend13:36
SamYapleis the dhcp request reaching the dhcp agent node?13:36
SamYapleis it being blocked on the return?13:36
Tim-Eseems i may have resolved it ..13:39
Tim-EI have 3 controller nodes13:39
Tim-Eand the dhcp agent was only running on one of them ..13:40
Tim-Enot I don't have "HA" enabled13:40
Tim-Evia the dashboard I added the dhcp agents for the other two controllers and then it worked13:40
*** jtriley has joined #openstack-kolla13:41
Tim-Ei guess i should be enabling this "#enable_neutron_agent_ha: "no" in globals.yml ?13:41
*** egonzalez has quit IRC13:41
*** hjensas has quit IRC13:46
*** Tim-E has quit IRC13:57
*** murphyslawbbs has quit IRC14:00
*** geb has quit IRC14:02
*** dave-mccowan has joined #openstack-kolla14:06
*** geb has joined #openstack-kolla14:06
*** erolg has joined #openstack-kolla14:18
erolghi, is there anyone who use openstack bifrost? What do you think about the project? Is it mature enough for production?14:21
*** caoyuan has joined #openstack-kolla14:28
*** zhaochao has quit IRC14:29
*** dave-mcc_ has joined #openstack-kolla14:29
SamYapleerolg: yes its mature enough for production. its been around for a while too14:31
*** murphyslawbbs has joined #openstack-kolla14:32
*** dave-mccowan has quit IRC14:32
*** caoyuan_ has joined #openstack-kolla14:34
*** caoyuan has quit IRC14:37
*** dciabrin_ has quit IRC14:40
*** dciabrin has joined #openstack-kolla14:40
*** zhubingbing has quit IRC14:41
sdakeerolg yes mature for production - although you will really want  to do an eval on your own to see if it meets your use case14:43
sdakeerolg technical maturity is probably an 8+ out of 1014:43
sdakeerolg https://en.wikipedia.org/wiki/Technology_readiness_level14:43
dougszerolg: we use it in production to deploy the undercloud for Kolla as part of the Kayobe project14:48
gebHi folks !14:50
*** zhubingbing has joined #openstack-kolla14:51
-openstackstatus- NOTICE: zuul.o.o has been restarted to pick up latest code base and clear memory usage. Both check / gate queues were saved, be sure to check your patches and recheck when needed.14:51
*** zhangfei has joined #openstack-kolla14:53
*** hamza21 has quit IRC14:54
*** david-lyle has joined #openstack-kolla14:57
gebI am running an openstack all-in-one installed with kolla-ansible 5.0.1, openstack_release: "pike", kolla_base_distro: "centos", kolla_install_type: "source". Because of CVE-2018-1000115, the memcached process was used to relay DDOS. I had to firewall it manually. Is this a known bug in kolla-ansible ? Should i submit one ?15:00
*** krasmussen has quit IRC15:01
gebiptables -A INPUT -p udp -m udp --dport 11211 -i enp0s31f6 -j DROP ; iptables -A OUTPUT -p udp -m udp --sport 11211 -o enp0s31f6 -j DROP ; did the job, but if the install is vulnerable by default maybe should it be fixed ...15:02
*** mdnadeem has quit IRC15:02
gebit was a bit hard to debug, as netstat was not seeing all connections (because of context i guess), but still seeing lot of memcached trafic and high cpu usage of memcached15:03
SamYaplegeb: i always put memcached and ceph private network on a non-routable network for this reason15:03
gebUnderstood, but if a default install is vulnerable by default and used to relay ddos, this may need to be addressed, either by fixes to change the default behaviour to a safe one, and/or by a clear documentation :)15:06
*** cah_link has quit IRC15:07
*** hjensas has joined #openstack-kolla15:09
gebbut maybe is the problem, already/currently being addressed and i just did something wrong ..15:11
*** zhangfei has quit IRC15:14
sdakegeb agree there should be a security document - we attempted this a year or so ago, but the work never finished on the full audit of kolla15:17
sdakegeb if you want to submit a gerrit review, would be most welcome ;-)15:17
*** itlinux has joined #openstack-kolla15:21
*** JamesBenson has joined #openstack-kolla15:22
*** jtriley has quit IRC15:26
gebthanks sdake, I can at least open one, yes :)15:26
*** jtriley has joined #openstack-kolla15:27
pbourkemgoddard: in your script, does the network you're creating the libvirt VM on match your provisioning network?15:28
*** zhubingbing has quit IRC15:29
*** zhubingbing has joined #openstack-kolla15:30
*** caoyuan_ has quit IRC15:31
mgoddardpbourke: it should do, although it doesn't work :)15:33
*** zhubingbing has quit IRC15:34
pbourkemgoddard: and should the provisioning network match the provider network? i.e the network that the conductor etc. runs on15:34
*** shardy has quit IRC15:35
mgoddardpbourke: in that environment I just used a single network for everything - a linux bridge on the controller15:35
pbourkemgoddard: ok gotcha15:36
mgoddardpbourke: so I had a single bridge, and set *_interface to this in kolla. Then create a libvirt network for the bridge, and attach the VM to that15:38
*** murphyslawbbs has quit IRC15:48
-openstackstatus- NOTICE: Gerrit will be temporarily unreachable as we restart it to complete the rename of some projects.15:49
*** gyankum has quit IRC16:00
*** paken has quit IRC16:00
*** jtriley has quit IRC16:16
*** harlowja has joined #openstack-kolla16:16
*** radeks__ has quit IRC16:27
*** radeks__ has joined #openstack-kolla16:27
*** jtriley has joined #openstack-kolla16:29
kolla-slack<egonzalez> geb, the udp vulnerability was fixed at least in master, not sure if was backported to stable branchs yet16:30
*** hamza21 has joined #openstack-kolla16:31
pbourkeegonzalez: I think only in the gates though16:33
pbourkeif Im thinking of the same issue16:33
gebgates ?16:33
pbourkegeb: jenkins jobs that are run each time a commit is made upstream16:34
gebOk. Thanks egonzalez pbourke. Once you beleive its available, i'll be happy to test, report, give you an access if usefull. Feel free to ping me :)16:36
*** vabada has quit IRC16:48
*** abishop has joined #openstack-kolla16:49
*** david-lyle has quit IRC16:52
*** gkadam_ has quit IRC16:54
abishophi folks, not sure if this is a kolla or tripleo issue, but CentOS-based containers are claiming the selinux-policy-targeted RPM fails the verification check16:58
abishopsee http://paste.openstack.org/show/710267 for details16:58
abishopcan anyone suggest who to speak to about this?16:58
openstackgerritDoug Szumski proposed openstack/kolla-ansible master: Add support for deploying ZooKeeper  https://review.openstack.org/55087916:59
openstackgerritDoug Szumski proposed openstack/kolla-ansible master: Add support for deploying Kafka  https://review.openstack.org/55257116:59
kolla-slack<egonzalez> geb , pbourke is actually merged and backported https://review.openstack.org/#/c/550686/17:02
*** athomas_ has quit IRC17:03
*** masber has quit IRC17:06
*** murphyslawbbs has joined #openstack-kolla17:12
*** zhubingbing has joined #openstack-kolla17:14
*** masber has joined #openstack-kolla17:18
*** zhubingbing has quit IRC17:18
*** pcaruana has quit IRC17:23
*** itlinux has quit IRC17:27
*** ktibi has quit IRC17:29
*** murphyslawbbs has quit IRC17:32
*** masber has quit IRC17:37
*** mgoddard has quit IRC17:40
gebegonzalez, pbourke, great, just by looking the description it looks to be the good patch. Do you know if it would be available in pip ? I am ok for testing from git if needed but the install docs in https://docs.openstack.org/kolla-ansible/latest/user/quickstart.html etc recommends installing from pip, so i beleive it will impact users until it lands in pip17:43
gebif it is already available (currently testing after a pip install --upgrade kolla-ansible), maybe would it be revelant to emmit an advisory or something to tell users to upgrade ..?17:49
*** harlowja has quit IRC17:50
*** psidze has joined #openstack-kolla17:52
*** erolg has quit IRC17:54
*** ipsecguy has quit IRC17:55
*** radeks__ has quit IRC17:56
*** bill1 has joined #openstack-kolla17:58
*** david-lyle has joined #openstack-kolla17:59
*** ipsecguy has joined #openstack-kolla18:00
*** dougsz has quit IRC18:01
*** ipsecguy has quit IRC18:01
*** krasmussen has joined #openstack-kolla18:02
*** murphyslawbbs has joined #openstack-kolla18:03
*** krasmussen has quit IRC18:06
openstackgerritClint 'SpamapS' Byrum proposed openstack/kolla-ansible master: When preventing insecure endpoints be more careful  https://review.openstack.org/55566218:08
*** ipsecguy has joined #openstack-kolla18:11
*** bill1 has quit IRC18:14
*** slagle has quit IRC18:15
*** sambetts is now known as sambetts|afk18:16
*** jtriley_ has joined #openstack-kolla18:19
*** jtriley has quit IRC18:20
*** dciabrin_ has joined #openstack-kolla18:26
*** murphyslawbbs has quit IRC18:27
*** dciabrin has quit IRC18:28
gebegonzalez, pbourke, the patch is not already applyed in the last stable pip version 5.0.1. I tested with 6.0.0rc2 but the deploy was not successfull, so I cannot confirm the patch is applyed in this version.18:29
gebfor the record, the error when trying to deploy with kolla-ansible 6.0.0rc2 from pip on a ubuntu (i did not try to add the conf var, it may only be missing in the default ones) : failed: [localhost] (item=definitions.json) => {"changed": false, "item": "definitions.json", "msg": "AnsibleUndefinedVariable: {{ rabbitmq_monitoring_password }}: 'rabbitmq_monitoring_password' is undefined"}18:30
*** itlinux has joined #openstack-kolla18:32
*** gfidente has quit IRC18:32
*** harlowja has joined #openstack-kolla18:33
*** harlowja has quit IRC18:38
*** murphyslawbbs has joined #openstack-kolla18:38
*** fungi has joined #openstack-kolla18:41
*** itlinux has quit IRC18:47
*** itlinux has joined #openstack-kolla18:49
*** krasmussen has joined #openstack-kolla18:51
*** krasmussen has quit IRC18:51
*** krasmussen has joined #openstack-kolla18:52
*** dave-mcc_ has quit IRC18:55
*** murphyslawbbs has quit IRC18:59
*** murphyslawbbs has joined #openstack-kolla19:00
kolla-slack<egonzalez> geb, need to merge your old password file with the new version19:05
*** jtriley_ has quit IRC19:05
*** jtriley has joined #openstack-kolla19:06
*** itlinux has quit IRC19:08
*** lpetrut_ has quit IRC19:08
*** murphyslawbbs has quit IRC19:08
*** harlowja has joined #openstack-kolla19:09
*** athomas has quit IRC19:10
*** itlinux has joined #openstack-kolla19:15
*** itlinux has quit IRC19:16
*** murphyslawbbs has joined #openstack-kolla19:16
*** goldyfruit has joined #openstack-kolla19:24
*** murphyslawbbs has quit IRC19:26
*** openstackgerrit has quit IRC19:34
*** murphyslawbbs has joined #openstack-kolla19:38
gebegonzalez, pbourke, just tested: The fix isn't applyed in pip-stable: 5.0.1 nor pip-dev: 6.0.0rc2. Gtg, thanks a lot for your help anyway :)19:44
*** lpetrut has joined #openstack-kolla19:53
*** ansmith has quit IRC20:05
*** itlinux has joined #openstack-kolla20:07
*** itlinux has quit IRC20:09
*** sai_p has joined #openstack-kolla20:09
*** dave-mccowan has joined #openstack-kolla20:19
SamYaplefor those familiar with the uid/gid issue with nova/libvirt/qemu, what are the appropriate folder permissions for user/group in /var/lib/nova?20:45
* SamYaple is being a bit lazy20:45
*** dciabrin_ has quit IRC20:50
*** dciabrin_ has joined #openstack-kolla20:50
*** abishop has quit IRC20:52
*** unicell1 has quit IRC20:57
*** livelace-link has joined #openstack-kolla20:58
*** unicell has joined #openstack-kolla21:00
*** jtriley has quit IRC21:06
*** rhallisey has quit IRC21:11
*** hamza21 has quit IRC21:15
*** murphyslawbbs has quit IRC21:16
*** murphyslawbbs has joined #openstack-kolla21:17
*** jbadiapa has quit IRC21:19
*** cah_link has joined #openstack-kolla21:22
*** ansmith has joined #openstack-kolla21:25
*** goldyfruit has quit IRC21:26
*** cah_link has quit IRC21:26
*** lpetrut has quit IRC21:26
*** lpetrut has joined #openstack-kolla21:30
*** jtriley has joined #openstack-kolla21:47
*** radeks__ has joined #openstack-kolla21:51
*** JamesBenson has quit IRC21:54
*** dave-mccowan has quit IRC21:57
*** murphyslawbbs has quit IRC22:17
*** murphyslawbbs has joined #openstack-kolla22:17
*** radeks__ has quit IRC22:25
*** jtriley has quit IRC22:25
*** figleaf is now known as edleafe22:34
*** EmilienM has quit IRC22:34
*** jtriley has joined #openstack-kolla22:35
*** EmilienM has joined #openstack-kolla22:36
*** EmilienM has quit IRC22:36
*** EmilienM has joined #openstack-kolla22:36
*** slagle has joined #openstack-kolla22:37
*** jtriley has quit IRC22:40
*** david-lyle has quit IRC22:52
*** jtriley has joined #openstack-kolla23:05
*** lpetrut has quit IRC23:05
*** krasmussen has quit IRC23:08
*** krasmussen has joined #openstack-kolla23:09
*** jtriley has quit IRC23:10
*** jtriley has joined #openstack-kolla23:13
*** krasmussen has quit IRC23:13
*** murphyslawbbs has quit IRC23:20
*** openstackgerrit has joined #openstack-kolla23:32
openstackgerritClint 'SpamapS' Byrum proposed openstack/kolla-ansible master: When preventing insecure endpoints be more careful  https://review.openstack.org/55566223:32
*** jtriley has quit IRC23:42
*** david-lyle has joined #openstack-kolla23:50
*** jtriley has joined #openstack-kolla23:58
« Thursday, 2018-03-22 Index Saturday, 2018-03-24 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!