Thursday, 2019-05-30

« Wednesday, 2019-05-29 Index Friday, 2019-05-31 »
*** guozijn has joined #openstack-kolla00:15
*** guozijn has quit IRC00:24
*** factor has quit IRC01:02
*** k_mouza has joined #openstack-kolla01:32
*** whoami-rajat has joined #openstack-kolla01:35
*** k_mouza has quit IRC01:36
*** kplant has quit IRC01:56
*** guozijn has joined #openstack-kolla01:57
*** michaelbarkdoll has quit IRC02:16
openstackgerritsunguangning proposed openstack/kolla-ansible master: Spelling mistake in manila.conf.j2  https://review.opendev.org/66212302:24
q[bline]seems mariadb haproxy connection always fails on first run of deploy02:45
*** shyamb has joined #openstack-kolla02:51
openstackgerritsunguangning proposed openstack/kolla-ansible master: Remove parameters from cinder.conf in the current version  https://review.opendev.org/66212703:00
*** guozijn has quit IRC03:14
*** dave-mccowan has quit IRC03:15
*** guozijn has joined #openstack-kolla03:24
openstackgerritsunguangning proposed openstack/kolla-ansible master: Some parameters in glance.conf default section is useless 1. registry_host 2. cinder_catalog_info  https://review.opendev.org/66212903:25
shyambHi03:27
*** guozijn has quit IRC03:27
shyambAnyway good way to know docker run command for kolla based containers?03:27
*** JamesBenson has joined #openstack-kolla03:29
openstackgerritsunguangning proposed openstack/kolla-ansible master: Some parameters in glance.conf default section is useless  https://review.opendev.org/66212903:29
*** guozijn has joined #openstack-kolla03:36
*** shyamb has quit IRC04:09
*** guozijn has quit IRC04:50
q[bline]anyone seen this from keystore? keystone.access_rules_config.backends.json [-] No config file found for access rules, application credential access rules will be unavailable.: IOError: [Errno 2] No such file or directory: '/etc/keystone/access_rules.json'04:58
q[bline]keystone04:58
*** JamesBenson has quit IRC05:00
*** pcaruana has joined #openstack-kolla05:00
*** igordc has joined #openstack-kolla05:15
*** absubram has joined #openstack-kolla05:35
*** factor has joined #openstack-kolla05:37
*** absubram has quit IRC05:50
*** guozijn has joined #openstack-kolla05:50
*** dteselkin has joined #openstack-kolla05:59
*** radeks has joined #openstack-kolla05:59
*** igordc has quit IRC06:01
*** gdwornicki has joined #openstack-kolla06:01
openstackgerritKrzysztof Klimonda proposed openstack/kolla-ansible master: Make fluentd-elasticsearch configuration more robust  https://review.opendev.org/66174706:03
*** radeks has quit IRC06:05
*** radeks has joined #openstack-kolla06:10
openstackgerritChiawei Xie proposed openstack/kolla-ansible master: Add become for watcher config copying over  https://review.opendev.org/66213606:13
*** radeks_ has joined #openstack-kolla06:14
*** radeks has quit IRC06:16
*** radeks_ has quit IRC06:19
*** radeks_ has joined #openstack-kolla06:20
*** dteselkin has quit IRC06:21
*** luksky has joined #openstack-kolla06:42
openstackgerritMark Goddard proposed openstack/kolla-ansible master: Spelling mistake in manila.conf.j2  https://review.opendev.org/66212307:07
*** skramaja has joined #openstack-kolla07:21
kklimondastackedsax: I'm working on rebasing https://review.opendev.org/#/c/548407 to stein and master and adding support for ubuntu/debian07:34
*** gdwornicki has quit IRC07:42
kklimondabtw, should I just rebase the review with my changes?07:43
hrwkklimonda: do not rebase just for rebase, but if you change patch then rebase before sending for review07:46
kklimondahrw: yes, the plan is to actually add changes to make it work on ubuntu with stein and master - I just wasn't sure what are the rules for "hijacking" reviews07:50
*** priteau has joined #openstack-kolla07:53
hrwkklimonda: do master first.08:05
hrwkklimonda: about hijacking... if last revision is old then it feels forgotten so just go for it08:07
kklimondahrw: I'll be pushing master only (not sure if it's even a candidate for backporting to stein anyway) but I have to get it to work primarily with stein for our deployment - working on master is to have this upstreamed, and avoid diverging too much08:08
hrwok08:08
*** dougsz has joined #openstack-kolla08:09
*** k_mouza has joined #openstack-kolla08:17
openstackgerritChiawei Xie proposed openstack/kolla-ansible master: Add become for watcher config copying over  https://review.opendev.org/66213608:23
* hrw off08:25
*** k_mouza has quit IRC08:27
*** k_mouza has joined #openstack-kolla08:28
*** k_mouza has quit IRC08:32
*** k_mouza has joined #openstack-kolla08:33
*** gfidente has joined #openstack-kolla08:44
openstackgerritChason Chan proposed openstack/kolla-ansible master: Fix the deploy guide build failed  https://review.opendev.org/66187909:00
openstackgerritChason Chan proposed openstack/kolla-ansible master: Add a explanatory note for "placement_api_port"  https://review.opendev.org/66216409:06
kklimondastackedsax: was the plan for that patchset to "chain" haproxies? so that if local backend (non-encrypted) is not responding, we're sending it to another haproxy?09:18
kklimondamgoddard: perhaps you know more about how internal TLS was to be implemented?09:20
*** cah_link has joined #openstack-kolla09:22
kklimondaor is it just very incomplete at this stage, and the idea is to add per-backend certificates plus update configs to use them?09:22
*** cah_link has quit IRC09:28
*** cah_link has joined #openstack-kolla09:34
*** cah_link has quit IRC09:41
kklimondahmm, going through the comments it seems that the idea is to have all traffic go haproxy, but I can't see how was that supposed to work even with the initial patch - haproxy is listening only on the VIP address09:47
kklimondahow will this affect client address, if the request goes client -> haproxy -> haproxy -> backend?09:50
kklimondawill X-Forwarded-For be correct?09:50
*** factor has quit IRC09:53
*** cah_link has joined #openstack-kolla09:59
*** cah_link has quit IRC10:20
*** factor has joined #openstack-kolla10:37
openstackgerritKrzysztof Klimonda proposed openstack/kolla-ansible master: Allow disabling insecure API endpoints  https://review.opendev.org/54840710:54
*** k_mouza_ has joined #openstack-kolla10:56
*** k_mouza has quit IRC10:56
*** guozijn has quit IRC11:00
*** tonythomas has joined #openstack-kolla11:03
*** dave-mccowan has joined #openstack-kolla11:10
openstackgerritChason Chan proposed openstack/kolla-ansible master: Fix the deploy guide build failed  https://review.opendev.org/66187911:21
*** guozijn has joined #openstack-kolla11:23
*** kplant has joined #openstack-kolla11:24
*** JangwonLee_ has joined #openstack-kolla11:33
*** JangwonLee has quit IRC11:37
*** k_mouza_ has quit IRC11:46
*** k_mouza has joined #openstack-kolla11:47
*** luksky has quit IRC11:48
*** priteau has quit IRC12:01
*** priteau has joined #openstack-kolla12:04
*** tolisbar has joined #openstack-kolla12:20
*** tolisbar has quit IRC12:22
*** niceplace has quit IRC12:26
*** goldyfruit has quit IRC12:28
*** niceplace has joined #openstack-kolla12:29
*** sshnaidm|off has quit IRC12:32
*** skramaja has quit IRC12:33
*** guozijn has quit IRC12:34
*** guozijn has joined #openstack-kolla12:35
*** priteau has quit IRC12:36
*** sshnaidm has joined #openstack-kolla12:49
*** priteau has joined #openstack-kolla13:00
openstackgerritChason Chan proposed openstack/kolla-ansible master: Add deploy guide stuff to irrelevant file list of zuul  https://review.opendev.org/66220913:11
*** happyhemant has joined #openstack-kolla13:16
openstackgerritChason Chan proposed openstack/kolla-ansible master: Fix the deploy guide build failed  https://review.opendev.org/66187913:16
openstackgerritTaeha Kim proposed openstack/kolla master: Add RHEL subscription registration  https://review.opendev.org/49514813:18
openstackgerritKrzysztof Klimonda proposed openstack/kolla-ansible master: Make fluentd-elasticsearch configuration more robust  https://review.opendev.org/66174713:19
*** priteau has quit IRC13:23
*** pcaruana has quit IRC13:23
openstackgerritKrzysztof Klimonda proposed openstack/kolla-ansible master: Add support for elasticsearch TLS and authentication in fluentd  https://review.opendev.org/66221513:28
*** goldyfruit has joined #openstack-kolla13:29
openstackgerritZijian Guo proposed openstack/kolla-ansible master: Fix the document of external ceph for gnocchi  https://review.opendev.org/66222013:43
*** pcaruana has joined #openstack-kolla13:47
*** dciabrin has joined #openstack-kolla13:47
*** dciabrin_ has quit IRC13:50
*** luksky has joined #openstack-kolla14:09
openstackgerritPierre Riteau proposed openstack/kolla-ansible stable/queens: Upgrade identity v2 to identity v3 API  https://review.opendev.org/66223014:10
*** k_mouza has quit IRC14:13
*** k_mouza has joined #openstack-kolla14:17
*** JamesBenson has joined #openstack-kolla14:26
*** k_mouza has quit IRC14:26
*** dpawlik has quit IRC14:29
*** k_mouza has joined #openstack-kolla14:35
*** k_mouza has quit IRC14:35
*** k_mouza has joined #openstack-kolla14:35
*** itlinux has quit IRC14:48
*** iclon_ has joined #openstack-kolla15:00
*** guozijn has quit IRC15:02
*** iclon__ has quit IRC15:02
*** zbr_ has joined #openstack-kolla15:07
*** zbr has quit IRC15:09
*** absubram has joined #openstack-kolla15:14
*** guozijn has joined #openstack-kolla15:24
*** pcaruana has quit IRC15:33
*** luksky has quit IRC15:41
*** itlinux has joined #openstack-kolla15:46
stackedsaxkklimonda: I've only started reading through the patchset myself, so I'm hardly an authority16:09
kklimondawelp :)16:10
stackedsaxbut I thought the non-encrypted network was to be disabled entirely, no?16:10
stackedsaxwhat you're describing seems like what I'd expect based on what was describrd to me about the approach16:11
kklimondastackedsax: with TLS enabled, openstack services are all running over https but the TLS termination is always done by haproxy, and not backends16:11
*** JamesBenson has quit IRC16:11
stackedsaxah, right.  Yeah this was what I was wondering about, too16:11
stackedsaxon a call at the moment...16:11
kklimondaso haproxy connects to the local backend over http (and 127.0.0.1) and if that backend is down, the request is forwarded to another haproxy16:12
kklimondaif we want to disable internal (non–encrypted) network, then all services must be either configured to listen on localhost, or their port changed.16:15
kklimondafor now I've changed haproxy configuration so that it's listening on "public" network, otherwise it would steal the port from the backend.16:16
kklimondathere is also a question of how to support non-http services like mariadb, memcached and rabbitmq - until they are configured with TLS, we can't remove the internal network I think16:16
*** luksky has joined #openstack-kolla16:33
*** k_mouza_ has joined #openstack-kolla16:37
*** k_mouza has quit IRC16:41
*** k_mouza_ has quit IRC16:42
*** dougsz has quit IRC16:42
*** ivve has quit IRC16:43
*** mgoddard has quit IRC16:44
*** mgoddard has joined #openstack-kolla16:46
*** ivve has joined #openstack-kolla16:58
*** goldyfruit has quit IRC16:58
*** goldyfruit has joined #openstack-kolla16:59
*** mgoddard has quit IRC17:00
*** mgoddard has joined #openstack-kolla17:02
*** happyhemant has quit IRC17:05
*** guozijn has quit IRC17:09
*** goldyfruit has quit IRC17:14
*** goldyfruit has joined #openstack-kolla17:14
*** gfidente is now known as gfidente|afk17:32
*** absubram has quit IRC17:52
*** jonaspaulo has joined #openstack-kolla17:56
*** jschluet has quit IRC18:19
*** pcaruana has joined #openstack-kolla18:24
*** jschlueter has joined #openstack-kolla18:40
*** JamesBenson has joined #openstack-kolla18:43
*** JamesBenson has quit IRC18:48
*** jschlueter has quit IRC19:15
*** kplant has quit IRC19:27
*** k_mouza has joined #openstack-kolla19:32
*** k_mouza has quit IRC19:36
*** tonythomas has quit IRC19:38
*** jschluet has joined #openstack-kolla19:40
*** jschluet has quit IRC19:49
*** igordc has joined #openstack-kolla19:49
*** igordc has quit IRC19:50
*** JamesBenson has joined #openstack-kolla19:55
*** JamesBenson has quit IRC19:55
*** JamesBenson has joined #openstack-kolla19:56
*** igordc has joined #openstack-kolla20:00
*** jschluet has joined #openstack-kolla20:03
*** radeks has joined #openstack-kolla20:05
*** radeks_ has quit IRC20:06
*** dteselkin has joined #openstack-kolla20:10
*** factor has quit IRC20:14
*** radeks has quit IRC20:27
q[bline]I tried kolla-ansible with stein and rocky; in rocky, mariadb can't form a cluster and in stein keystore fails connections; any recommendations? My next stop is openstack-ansible20:46
openstackgerritMichal Nasiadka proposed openstack/kolla master: Ceph: Update to Nautilus on CentOS and OracleLinux  https://review.opendev.org/65798920:52
q[bline]is there an alternative to keystore?20:57
*** pcaruana has quit IRC21:18
*** itlinux has quit IRC21:23
*** whoami-rajat has quit IRC21:24
q[bline]OK, keystone freakin worked this last run; so happy.21:30
*** unicell has joined #openstack-kolla21:43
*** JamesBenson has quit IRC22:02
*** luksky has quit IRC22:16
*** goldyfruit has quit IRC22:17
*** jonaspaulo has quit IRC22:22
*** itlinux has joined #openstack-kolla22:42
*** goldyfruit has joined #openstack-kolla22:52
*** iclon__ has joined #openstack-kolla23:00
*** iclon_ has quit IRC23:03
*** JamesBenson has joined #openstack-kolla23:03
*** JamesBenson has quit IRC23:07
*** unicell has left #openstack-kolla23:31
q[bline]anyone know if I need to run reconfigure to add a ceph.conf override or can I just rerun the deploy?23:38
« Wednesday, 2019-05-29 Index Friday, 2019-05-31 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!