Saturday, 2020-01-18

« Friday, 2020-01-17 Index Sunday, 2020-01-19 »
openstackgerritJames Kirsch proposed openstack/kolla-ansible master: Use kolla_toolbox to execute REST methods  https://review.opendev.org/70078801:14
openstackgerritJames Kirsch proposed openstack/kolla-ansible master: Generate self signed TLS certificates  https://review.opendev.org/70132301:14
openstackgerritJames Kirsch proposed openstack/kolla-ansible master: CI: Add TLS tests  https://review.opendev.org/70141401:14
*** stackedsax has quit IRC02:21
*** stackedsax has joined #openstack-kolla02:21
*** r3ap3r has quit IRC02:21
*** r3ap3r has joined #openstack-kolla02:21
*** mgoddard has quit IRC03:39
*** mgoddard has joined #openstack-kolla03:45
*** k_mouza has joined #openstack-kolla05:34
*** evrardjp has quit IRC05:34
*** evrardjp has joined #openstack-kolla05:34
*** k_mouza has quit IRC05:38
*** vmixor has joined #openstack-kolla07:12
*** kozhukalov has joined #openstack-kolla07:19
*** vmixor has quit IRC07:48
*** k_mouza has joined #openstack-kolla08:15
*** k_mouza has quit IRC08:20
openstackgerritMerged openstack/kolla-ansible master: Ansible lint: disable some checks  https://review.opendev.org/70289808:30
*** cah_link has joined #openstack-kolla09:14
*** cah_link1 has joined #openstack-kolla09:17
*** cah_link has quit IRC09:17
*** cah_link1 is now known as cah_link09:17
*** kozhukalov has quit IRC09:31
*** generalfuzz has quit IRC09:48
*** crindi has quit IRC09:48
*** crindi has joined #openstack-kolla09:49
*** cz3 has quit IRC09:56
*** cz3 has joined #openstack-kolla09:57
*** kozhukalov has joined #openstack-kolla09:57
cosmicsoundRelease for CentOS Linux 8 (1911)10:23
*** kozhukalov has quit IRC10:25
yoctozeptocosmicsound: yeah :-)10:26
*** xaban has joined #openstack-kolla11:09
osmanlicilegixaban: welcome :)11:19
xabanosmanlicilegi Thanks!11:35
xabanWe did have problems with our RabbitMQ, with some reason it couldn't form a cluster. Now it is even worse. It starts rabbitmq-bundle-0 on am6-controller-0, rabbitmq-bundle-1 on am6-controller-2 (where it should be am6-controller-1) and rabbitmq-bundle-2 is not being started. Any ideas?11:49
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible master: CI: Refactor base jobs  https://review.opendev.org/70323112:04
*** kozhukalov has joined #openstack-kolla12:05
yoctozeptoxaban: kolla channel not really the best place to discuss tripleo ;D mind you we are not using pacemaker in kolla12:05
*** born2bake has joined #openstack-kolla12:07
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible master: CI: Refactor base jobs  https://review.opendev.org/70323112:09
*** born2bake has quit IRC12:19
*** born2bake has joined #openstack-kolla12:33
*** born2bake has quit IRC12:38
*** kozhukalov has quit IRC12:43
*** kozhukalov has joined #openstack-kolla12:44
*** kozhukalov has quit IRC13:05
*** dciabrin_ has joined #openstack-kolla13:13
*** dciabrin has quit IRC13:18
*** zhanglong has joined #openstack-kolla14:30
*** kozhukalov has joined #openstack-kolla15:06
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible master: DNM: test nfv  https://review.opendev.org/70324615:12
openstackgerritRadosław Piliszek proposed openstack/kolla-ansible master: DNM: test nfv  https://review.opendev.org/70324615:12
*** zhanglong has quit IRC15:14
*** kozhukalov has quit IRC15:22
*** dave-mccowan has joined #openstack-kolla16:22
*** dave-mccowan has quit IRC16:39
*** born2bake has joined #openstack-kolla16:43
r3ap3ryoctozepto: I don't mean to be nosey but how in the world did you know xaban was talking about tripleO??17:33
*** evrardjp has quit IRC17:34
*** evrardjp has joined #openstack-kolla17:34
*** k_mouza has joined #openstack-kolla17:48
cosmicsoundr3ap3r , guess from the file structure -controlle-2 bundle-1 :)17:51
yoctozeptor3ap3r: what cosmicsound said ;-)17:53
yoctozeptoalso, we (me and osmanlicilegi) had already spoken with xaban on #openstack17:53
yoctozeptothat's why we knew it exactly :-)17:54
r3ap3rOh, lol.17:57
r3ap3rI have ALOT more to learn about Openstack deployments before I can do something like that without having a previous conversation with someone. lol17:58
yoctozeptoso make it your new year's goal :-)17:59
yoctozeptoyear still young :-)17:59
r3ap3rOh trust me, it is definitly on the list. Working on learning everything about Kolla that I can first and then move on to others but Kolla supports pretty much all of the things I want to tinker with to start out at deployment vs the others. ;-)18:01
yoctozeptor3ap3r: glad to hear that :-)18:02
r3ap3rOnly thing I cannot figure out, and I may have missed it in a previous conversation yall have had, is why dropping support for deploying Ceph? I know I can connect to an existing one that I build before deployment but I was just curious why it was dropped?18:04
yoctozeptor3ap3r: lack of human resources to keep it up-to-date - with kolla-ansible we promise a path of upgrade and upgrading storage cluster is no easy deal, sum it up with openstack and you get serious workload (at least from time to time) - we kinda tried to inform ppl about it and get to know their opinion via the ml and originally got nothing (I guess18:08
yoctozeptoppl are shy) but sporadically folks pop up here asking the very same question so I'm really puzzled how to best approach this :-) - anyways, we are (well, mostly mnasiadka is) working on conversion path to use ceph-ansible (for now as it is going to be deprecated too lol, what a mess)18:08
r3ap3rAh, understood. That makes sense. Ceph-Ansible being deprecated must be frustrating. I hear Ceph-Deploy is supposed to be pretty good, I was planning on using that to try my hand at deploying Ceph for the first time, maybe that could be integrated?18:14
r3ap3rDisclaimer: I am by no stretch of the imagination a Developer so feel free to tell me that wouldn't work at all. ;-)18:15
yoctozeptor3ap3r: well, we would still need to ditch upgrade with either path; ceph-deploy is worse in this context in that it happens only after you have deployed mon (and mgr afair, I think it runs off mgr) and it really helps with adding osds and other daemons (so scaling)18:17
r3ap3rOk, makes sense from my current understanding of things. Thanks for explaining things the way you do.18:19
yoctozeptoyw18:21
*** dave-mccowan has joined #openstack-kolla18:33
*** xaban has quit IRC18:49
openstackgerritRadosław Piliszek proposed openstack/kolla master: Revert "Debian/source: do not force tag in build jobs"  https://review.opendev.org/70325219:09
openstackgerritRadosław Piliszek proposed openstack/kolla master: Revert "Debian/source: do not force tag in build jobs"  https://review.opendev.org/70325219:15
openstackgerritRadosław Piliszek proposed openstack/kolla master: Revert "Debian/source: do not force tag in build jobs"  https://review.opendev.org/70325219:15
*** oncall-pokemon has joined #openstack-kolla19:38
oncall-pokemonHi, we are setting up kolla and are running into privsep errors where it says things like "privsep helper command exited non-zero (1)". But then deeper in the logs we see things like the log:" sudo: unknown uid 42435: who are you?" we just have the kolla user but it seems to want to run things with rootwrap as somebody else19:46
oncall-pokemonany ideas?19:46
yoctozeptooncall-pokemon: well, all users should be installed in base20:01
oncall-pokemonwhat does that mean specifically yoctozepto ? Like in the containers or on the base system? I guess you mean the base system? Is there a guide on who to create?20:02
yoctozeptooncall-pokemon: nah, the base image aka the image called 'base' :-)20:02
yoctozeptoall users are created upfront20:03
yoctozeptowith those high ids20:03
yoctozeptoI'm wondering why it knew that high id, yet said "unknown, who are you"20:04
yoctozeptohmm20:04
oncall-pokemonso it should be a container running with the word base in it? Because I did all the steps and I don't think I saw it20:04
oncall-pokemonyeah it knew the id20:04
yoctozeptooncall-pokemon: nah, it's a parent image of all the images20:04
yoctozeptoevery image kolla builds is a child of base20:04
yoctozepto(direct or indirect)20:05
oncall-pokemonahh ok. yeah we keep getting these privsep errors and stuff. kinda all new to us.20:09
yoctozeptoprivsep requires elevation20:09
yoctozeptoso it uses sudo20:09
yoctozeptoand sudoers are also installed in proper image20:10
oncall-pokemonahh I see and i guess because the users aren't there it's getting confused20:10
yoctozeptoyeah, though I don't know how "they are not there" ;D20:10
oncall-pokemonmaybe if I do kolla-ansible pull and then restart them all?20:12
yoctozeptoyou could but they were like never missing this part, it must know the names because they are setup via names, not ids and it knows the id to fail on20:13
yoctozeptoodd20:13
oncall-pokemonahh ok if you think of anything. where are those uid's defined? I saw them once someplace but can't remember where now20:19
*** k_mouza has quit IRC20:19
oncall-pokemonif I go into the nova-api container for example in the passwd file this exists `neutron❌42435:42435::/home/neutron:/usr/sbin/nologin`20:22
oncall-pokemonso it looks like it is there20:22
oncall-pokemonid 4243520:23
oncall-pokemonuid=42435(neutron) gid=42435(neutron) groups=42435(neutron)20:23
oncall-pokemonThis error was from "id 4243520:23
oncall-pokemonuid=42435(neutron) gid=42435(neutron) groups=42435(neutron)"20:23
oncall-pokemonsorry20:23
oncall-pokemonThis error was from site-packages/nova/compute/manager.py", line 2517, in _build_and_run_instance instance_uuid=instance.uuid, reason=six.text_type(e))20:24
yoctozeptooncall-pokemon: they are in kolla config.py20:28
yoctozeptothey go to /etc/passwd and shadow20:28
yoctozeptoyeah, 'tis neutron20:28
oncall-pokemonahh yes that log is on the compute node where the vm was destined20:30
oncall-pokemonThere's also this above the error https://pastebin.com/2Xn1YTq820:33
oncall-pokemonnot sure if that's the base you're talking about20:33
yoctozeptonah, this is some usage of word "base" in nova20:35
yoctozeptoif you exec into the container that is having issues20:36
yoctozeptocan you verify both passwd and shadow contain proper users?20:36
oncall-pokemonsays I can't read the shadow file as the nova user which is what I become when I do docker exec20:38
oncall-pokemonPermission denied rather than can't read20:38
oncall-pokemonif I do --user root then I can see that yes it's in the shadow file20:40
oncall-pokemonthis is the nova-compute container20:40
oncall-pokemonthe password field though shows !! which says the account is locked20:45
oncall-pokemonsays that for all users that aren't centos standard20:45
*** factor has joined #openstack-kolla20:50
yoctozeptothat's no problem20:55
oncall-pokemonthe uid thing is just an error. as to why `sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /usr/share/nova/nova-dist.conf --config-file /etc/nova/nova.conf --privsep_context nova.privsep.sys_admin_pctxt --privsep_sock_path /tmp/tmpeNTxkt/privsep.sock` exists with a 1 is the issue it seems20:55
yoctozeptoit really should consult only /etc/passwd20:55
oncall-pokemoni mean to say it says the uid thing is a warning20:55
oncall-pokemonThe nova-compute log says "Instance failed to spawn: FailedToDropPrivileges: privsep helper command exited non-zero (1)"20:56
oncall-pokemonBut it doesn't say why20:56
yoctozeptowell, sudo error is the reason20:57
oncall-pokemonahh ok21:00
oncall-pokemonif I just run `sudo nova-rootwrap` it asks for password21:01
oncall-pokemonoh wait there's a special nopasswd21:01
yoctozeptoindeed, that's how it works21:02
*** k_mouza has joined #openstack-kolla21:02
oncall-pokemonIf I run the command at the top I get the following https://pastebin.com/JA5b958521:03
oncall-pokemonnow it's not the full command but i'm just desperate I guess :)21:03
oncall-pokemonoh no i guess it's waiting for the path later in the command. bummer21:04
oncall-pokemonwell you're right I guess21:04
yoctozeptooncall-pokemon: well, sudo worked there21:05
yoctozeptothe rest is irrelevant for now21:05
oncall-pokemonyeah it did but it still complains about no socket at /tmp/tmpeNTxkt/privsep.sock21:06
yoctozeptoyeah, because it's not there when you are not nova the daemon :-)21:06
yoctozeptothe temporary path is indeed temporary21:06
yoctozeptoanyways, this proves sudo works21:07
yoctozeptoit should also work for the daemon itself21:08
* yoctozepto going to sleep, waving good night21:08
oncall-pokemonThanks. well let me try restarting. if you think of anything please let me know. good night21:08
*** k_mouza has quit IRC21:20
oncall-pokemonrestarting the container worked actually.21:31
oncall-pokemonis libvirtd supposed to be installed on the compute hypervisor or is that containerized too?21:31
*** k_mouza has joined #openstack-kolla21:35
openstackgerritMarcin Juszkiewicz proposed openstack/kolla-ansible master: CI: Add ansible-lint to tox  https://review.opendev.org/69477921:36
r3ap3roncall-pokemon: From my understanding, libvirtd is installed on the Compute Node and the Nova Container utilizes API calls to interact with libvirtd on the physical host.21:40
*** k_mouza has quit IRC21:40
*** k_mouza has joined #openstack-kolla21:42
hrwoncall-pokemon: grab clean machines with freshly installed minimal OS. run kolla-ansible bootstrap-servers precheck to have docker installed on each. do deploy.21:47
hrwoncall-pokemon: libvirtd will run in container21:47
hrwiirc precheck checks for libvirtd running on host21:47
* hrw out21:47
r3ap3rhrw: thanks for the clarification. :)21:48
*** cah_link1 has joined #openstack-kolla23:18
*** cah_link has quit IRC23:21
*** cah_link1 is now known as cah_link23:21
openstackgerritJames Kirsch proposed openstack/kolla-ansible master: Copy CA into containers.  https://review.opendev.org/69988823:22
openstackgerritJames Kirsch proposed openstack/kolla-ansible master: Use kolla_toolbox to execute REST methods  https://review.opendev.org/70078823:22
openstackgerritJames Kirsch proposed openstack/kolla-ansible master: Generate self signed TLS certificates  https://review.opendev.org/70132323:22
openstackgerritJames Kirsch proposed openstack/kolla-ansible master: CI: Add TLS tests  https://review.opendev.org/70141423:22
*** k_mouza has quit IRC23:23
*** born2bake has quit IRC23:33
oncall-pokemonThanks23:43
« Friday, 2020-01-17 Index Sunday, 2020-01-19 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!