Wednesday, 2015-07-15

« Tuesday, 2015-07-14 Index Thursday, 2015-07-16 »
*** barra204 has quit IRC00:03
*** david-lyle has quit IRC00:25
*** signed8b_ has joined #openstack-operators00:33
*** SimonChung1 has quit IRC00:36
*** signed8b_ is now known as signed8bit_ZZZzz00:40
*** signed8bit_ZZZzz has quit IRC00:41
*** bitblt has quit IRC00:44
*** bradjones has quit IRC01:26
*** bradjones has joined #openstack-operators01:30
*** bradjones has quit IRC01:30
*** bradjones has joined #openstack-operators01:30
*** signed8b_ has joined #openstack-operators01:30
*** signed8b_ is now known as signed8bit_ZZZzz01:31
*** signed8bit_ZZZzz has quit IRC01:33
*** signed8bit has joined #openstack-operators01:53
*** markvoelker has quit IRC01:54
*** signed8bit is now known as signed8bit_ZZZzz01:54
*** signed8bit_ZZZzz has quit IRC01:56
*** markvoelker has joined #openstack-operators02:00
*** alop has quit IRC02:00
*** signed8b_ has joined #openstack-operators02:01
*** signed8b_ is now known as signed8bit_ZZZzz02:02
*** signed8bit_ZZZzz has quit IRC02:04
*** david-lyle has joined #openstack-operators02:12
*** markvoelker has quit IRC02:18
*** maishsk has quit IRC02:21
*** SimonChung has joined #openstack-operators02:31
*** SimonChung1 has joined #openstack-operators02:32
*** david-lyle has quit IRC02:35
*** SimonChung has quit IRC02:35
*** SimonChung has joined #openstack-operators02:40
*** SimonChung1 has quit IRC02:40
*** hakimo has joined #openstack-operators02:52
*** hakimo_ has quit IRC02:54
*** signed8b_ has joined #openstack-operators03:04
*** markvoelker has joined #openstack-operators03:35
*** david-lyle has joined #openstack-operators03:38
*** markvoelker_ has joined #openstack-operators03:38
*** markvoelker has quit IRC03:40
*** mahito has quit IRC03:41
xavpaicemgagne: I had that issue moving to Juno, haven't yet tried Kilo03:53
xavpaicemgagne: I added a ./debian/rules refresh-xstatic to make the deb's if that helps at all03:53
*** signed8__ has joined #openstack-operators04:03
*** markvoelker has joined #openstack-operators04:04
*** signed8b_ has quit IRC04:04
*** markvoelker_ has quit IRC04:07
*** markvoelker_ has joined #openstack-operators04:08
*** markvoelker has quit IRC04:09
*** signed8bit has joined #openstack-operators04:17
*** signed8__ has quit IRC04:20
*** signed8bit has quit IRC04:21
*** csoukup has joined #openstack-operators04:27
*** fifieldt has joined #openstack-operators04:28
*** a7ndrew has quit IRC04:41
*** mahito has joined #openstack-operators04:42
*** saneax_ has quit IRC04:50
*** markvoelker has joined #openstack-operators05:06
*** markvoelker_ has quit IRC05:06
*** markvoelker_ has joined #openstack-operators05:08
*** markvoelker has quit IRC05:11
*** dboik has joined #openstack-operators05:53
*** fawadkhaliq has joined #openstack-operators05:54
*** dboik has quit IRC05:57
*** mahito has quit IRC06:00
*** mahito has joined #openstack-operators06:03
*** belmoreira has joined #openstack-operators06:21
*** fawadkhaliq has quit IRC06:33
*** saneax has joined #openstack-operators06:39
*** Miouge has quit IRC06:49
*** Miouge has joined #openstack-operators06:50
*** bvandenh has joined #openstack-operators06:52
*** fawadkhaliq has joined #openstack-operators06:54
*** fawadk has joined #openstack-operators06:55
*** fawadkhaliq has quit IRC06:58
*** fawadkhaliq has joined #openstack-operators06:59
*** fawadk has quit IRC07:00
*** bvandenh has quit IRC07:03
sorrisonmgagne: yeah we hacked around it a bit. See https://github.com/NeCTAR-RC/horizon/commits/debian/2014.207:09
*** zigo has quit IRC07:24
*** zigo has joined #openstack-operators07:25
*** Miouge has quit IRC07:40
*** fawadkhaliq has quit IRC08:05
*** maishsk has joined #openstack-operators08:07
*** markvoelker_ has quit IRC08:21
*** fawadkhaliq has joined #openstack-operators08:22
*** racedo_ has joined #openstack-operators08:23
*** mahito has quit IRC08:24
*** mahito has joined #openstack-operators08:25
*** maishsk has quit IRC08:31
*** derekh has joined #openstack-operators08:35
*** markvoelker has joined #openstack-operators08:36
*** mahito has quit IRC08:39
*** maishsk has joined #openstack-operators08:39
*** markvoelker has quit IRC08:45
*** markvoelker has joined #openstack-operators08:51
*** markvoelker has quit IRC08:56
*** derekh has quit IRC09:02
*** markvoelker has joined #openstack-operators09:06
*** markvoelker has quit IRC09:10
*** maishsk has quit IRC09:12
*** maishsk has joined #openstack-operators09:13
*** markvoelker has joined #openstack-operators09:20
*** gfa is now known as gfa_09:21
*** markvoelker has quit IRC09:25
*** maishsk has quit IRC09:34
*** markvoelker has joined #openstack-operators09:35
*** markvoelker has quit IRC09:40
*** markvoelker has joined #openstack-operators09:49
*** markvoelker has quit IRC09:54
*** markvoelker has joined #openstack-operators10:04
*** markvoelker has quit IRC10:08
*** gfa_ is now known as gfa10:11
*** markvoelker has joined #openstack-operators10:19
*** markvoelker has quit IRC10:23
*** maishsk has joined #openstack-operators10:25
*** markvoelker has joined #openstack-operators10:33
*** bvandenh has joined #openstack-operators10:36
*** markvoelker has quit IRC10:38
*** markvoelker has joined #openstack-operators10:48
*** markvoelker has quit IRC10:54
*** maishsk has quit IRC11:02
*** markvoelker has joined #openstack-operators11:02
*** maishsk has joined #openstack-operators11:03
*** markvoelker has quit IRC11:07
*** maishsk has quit IRC11:14
*** maishsk has joined #openstack-operators11:16
*** markvoelker has joined #openstack-operators11:17
*** markvoelker has quit IRC11:21
*** fawadkhaliq has quit IRC11:23
*** markvoelker has joined #openstack-operators11:24
*** openstack has joined #openstack-operators11:37
*** bvandenh has quit IRC11:37
*** markvoelker has quit IRC11:37
*** sw3_ has joined #openstack-operators11:37
*** bradjones_ has joined #openstack-operators11:37
*** bradjones_ has joined #openstack-operators11:37
*** fawadkhaliq has joined #openstack-operators11:37
*** bradjones_ is now known as bradjones11:37
*** sw3_ is now known as sw311:37
*** sw3 has quit IRC11:37
*** sw3 has joined #openstack-operators11:37
*** markvoelker has joined #openstack-operators11:39
*** markvoelker has quit IRC11:44
*** fawadkhaliq has quit IRC11:45
*** markvoelker has joined #openstack-operators11:54
*** cdelatte has joined #openstack-operators11:56
*** delattec has joined #openstack-operators11:56
*** maishsk has quit IRC11:57
*** markvoelker has quit IRC11:58
*** maishsk has joined #openstack-operators12:02
*** radez_g0n3 is now known as radez12:02
*** markvoelker has joined #openstack-operators12:08
*** markvoelker has quit IRC12:13
*** markvoelker has joined #openstack-operators12:23
*** markvoelker has quit IRC12:28
*** Vinsh has quit IRC12:37
*** markvoelker has joined #openstack-operators12:37
*** markvoelker has quit IRC12:42
*** saneax has quit IRC12:48
*** signed8bit has joined #openstack-operators12:48
*** markvoelker has joined #openstack-operators12:52
*** ferest has joined #openstack-operators12:54
*** bhunter71 has joined #openstack-operators12:56
*** markvoelker has quit IRC12:56
*** jaypipes has joined #openstack-operators12:59
*** markvoelker has joined #openstack-operators13:01
*** dminer has joined #openstack-operators13:03
*** radez is now known as radez_g0n313:04
*** markvoelker has quit IRC13:09
*** markvoelker has joined #openstack-operators13:09
*** signed8bit is now known as signed8bit_ZZZzz13:10
*** markvoelker_ has joined #openstack-operators13:10
*** signed8bit_ZZZzz has quit IRC13:10
*** markvoelker has quit IRC13:14
*** bvandenh has joined #openstack-operators13:19
*** ferest has quit IRC13:23
*** bvandenh has quit IRC13:24
*** derekh has joined #openstack-operators13:30
*** maishsk has quit IRC13:31
*** maishsk has joined #openstack-operators13:33
*** Piet has quit IRC13:38
*** signed8bit has joined #openstack-operators13:41
*** csoukup has quit IRC13:42
*** signed8b_ has joined #openstack-operators13:44
*** signed8bit has quit IRC13:45
*** s7pn has joined #openstack-operators13:50
*** s7pn has quit IRC13:54
*** radez_g0n3 is now known as radez13:56
*** Piet has joined #openstack-operators14:00
*** dboik has joined #openstack-operators14:03
*** bvandenh has joined #openstack-operators14:15
*** bvandenh has quit IRC14:21
*** csoukup has joined #openstack-operators14:23
*** markvoelker has joined #openstack-operators14:28
*** markvoel_ has joined #openstack-operators14:31
*** markvoelker has quit IRC14:31
*** rbrooker has joined #openstack-operators14:31
*** markvoelker_ has quit IRC14:32
*** markvoel_ has quit IRC14:33
*** signed8b_ is now known as signed8bit_ZZZzz14:42
*** signed8bit_ZZZzz is now known as signed8b_14:42
*** maishsk has quit IRC14:43
*** alop has joined #openstack-operators14:45
verdurinWe're looking at how to configure inbound and outbound external access on our Icehouse system.14:50
verdurinOne proposal is to have a single VLAN per project, with two subnets.14:50
verdurinThe first subnet would allow outbound access, via PAT rules on the Cisco appliance.14:50
verdurinThe second subnet would allow inbound access, with our limited pool of internet IPs, using NAT rules on the Cisco hardware.14:51
verdurinDoes that sound feasible/sensible/crazy?14:51
verdurinThe alternative mooted approach is to have separate VLANs for each purpose within each project, but the appliances do have constraints on the number of VLANs they support.14:52
*** markvoelker has joined #openstack-operators14:53
*** markvoelker_ has joined #openstack-operators14:54
*** mdorman has joined #openstack-operators14:56
*** markvoelker has quit IRC14:58
*** SimonChung has left #openstack-operators15:14
*** saneax has joined #openstack-operators15:24
mgagnesorrison: thanks for the follow up. it's unfortunate that we can't reproduce the upstream build without such "hack" :-/15:27
*** ig0r__ has quit IRC15:39
*** ig0r_ has joined #openstack-operators15:40
*** belmoreira has quit IRC15:48
*** alop has quit IRC15:49
*** saneax has quit IRC15:55
*** jaypipes has quit IRC15:58
*** logan2 has quit IRC16:00
*** signed8b_ is now known as signed8bit_ZZZzz16:14
*** SimonChung has joined #openstack-operators16:16
*** bradjones has quit IRC16:20
*** verdurin has quit IRC16:20
*** bradjones has joined #openstack-operators16:20
*** bradjones has quit IRC16:20
*** bradjones has joined #openstack-operators16:20
*** verdurin has joined #openstack-operators16:20
*** SimonChung has quit IRC16:21
*** markvoelker_ has quit IRC16:40
*** markvoelker has joined #openstack-operators16:42
*** spligak has joined #openstack-operators16:45
*** alop has joined #openstack-operators16:45
*** racedo_ has quit IRC16:57
*** derekh has quit IRC17:01
*** maishsk has joined #openstack-operators17:03
*** logan2 has joined #openstack-operators17:10
*** SimonChung has joined #openstack-operators17:19
*** jaypipes has joined #openstack-operators17:35
*** maishsk has quit IRC17:37
*** maishsk has joined #openstack-operators17:40
*** signed8bit_ZZZzz is now known as signed8b_18:04
*** signed8b_ is now known as signed8bit_ZZZzz18:04
*** mdorman has quit IRC18:15
*** mdorman has joined #openstack-operators18:16
*** klindgren_ is now known as klindgren18:27
*** belmoreira has joined #openstack-operators18:28
klindgrenverdurin, that sounds like a mess.18:31
*** kencjohnston has joined #openstack-operators18:31
*** maishsk_ has joined #openstack-operators18:31
*** maishsk has quit IRC18:33
*** maishsk_ is now known as maishsk18:33
klindgrenWhats the actual requirement you are trying to work around?18:34
*** vinsh has joined #openstack-operators18:36
*** belmoreira has quit IRC18:41
*** radez is now known as radez_g0n318:44
*** markvoelker has quit IRC18:58
*** dminer has quit IRC19:05
*** radez_g0n3 is now known as radez19:05
*** fifieldt_ has joined #openstack-operators19:09
*** fifieldt has quit IRC19:13
*** belmoreira has joined #openstack-operators19:13
*** hakimo has quit IRC19:13
*** alop has quit IRC19:14
*** hakimo has joined #openstack-operators19:14
*** belmoreira has quit IRC19:43
*** markvoelker has joined #openstack-operators19:43
*** markvoelker has quit IRC19:45
*** markvoelker has joined #openstack-operators19:46
*** simon-AS559 has joined #openstack-operators19:48
*** cpschult has joined #openstack-operators20:09
*** jmckind has joined #openstack-operators20:27
*** SimonChung1 has joined #openstack-operators20:30
*** SimonChung has quit IRC20:30
*** alop has joined #openstack-operators20:44
*** dboik has quit IRC20:47
*** dboik has joined #openstack-operators20:53
*** Piet has quit IRC21:04
*** fawadkhaliq has joined #openstack-operators21:15
*** kencjohnston has quit IRC21:15
*** jmckind has quit IRC21:24
*** dboik_ has joined #openstack-operators21:26
*** dboik has quit IRC21:30
*** dboik_ has quit IRC21:31
*** Piet has joined #openstack-operators21:33
*** SimonChung has joined #openstack-operators21:40
*** SimonChung1 has quit IRC21:40
klindgrenclayton, you there?21:42
*** radez is now known as radez_g0n321:43
verdurinklindgren: we're certainly open to suggestions21:53
klindgrenverdurin, I dont get the requirement to have inbound traffic on one subnet and outbound traffic on another?21:55
*** cpschult has quit IRC21:55
*** fawadkhaliq has quit IRC21:55
verdurinklindgren: It's not a requirement, really.21:55
verdurinIt's one mechanism that's been suggested in order to allow for people who want no external access at all.21:56
*** jaypipes has quit IRC21:57
klindgrenWe do something similar - but its also kind of a mess.  We have the vm's get rfc1918 ip's as their ip address21:58
klindgrenthe networks are frontend by a firewall that does a hide-nat so that those instances can talk to the internet if they need too21:58
*** simon-AS559 has quit IRC21:58
klindgrenthen we use floating ip'ss or loadbalancers to allow inbound traffic to the vm's that need it21:59
klindgrenone could also configure 1-1 nat's on the firewall device to permit that traffic as well 100% outside of openstack22:00
verdurinYes, that sounds like what we're after.22:00
klindgrenif you do that - you may want to use floating ip's that are also rfc1918 ip address spacing so that you dont kill your people doing firewall configs with changes22:01
verdurin(yes to both approaches, really - the first one is similar to what we're talking about, the latter has been suggested, too)22:01
klindgrenso you associate a floating ip to the vm and add the nat rule to the floating ip - so that you can swap out vm's without causing a change22:02
klindgrenon our end - we dont have the upstream firewall changes managed by openstack22:02
klindgrenso eitherway is still painfull - but falls in line with status quo with the rest of the company22:03
klindgrenI am talking in generics here - because we have a pretty unique neutron setup with lots of custom patches to work with out network arch.22:03
verdurinIn your current scheme then, if traffic from an instance has an internet destination, it will _just work_, owing to firewall rules22:03
verdurinwithout anything special at the OpenStack end?22:04
klindgrencorrect - the firewall device will use the configured hide nat pool for the subnets22:04
klindgrenand will handle doing tht nat so that internet stuff will jsut work22:05
*** signed8bit has joined #openstack-operators22:06
verdurinThat certainly sounds simpler.22:06
*** hakimo has quit IRC22:07
klindgrenI should state that our configuration we dont use any of the neutron L3/networkign stuff22:07
klindgrenwe are doing flat networks22:07
verdurinAh. We're "stuck" with Neutron.22:07
*** britthouser has quit IRC22:07
klindgrenprovider (shared) flat networks22:07
*** hakimo has joined #openstack-operators22:08
klindgrenwe are using neutron as well - we just use "real networks" with "real" gateway's vs's having neutron createa router for everything22:08
klindgrenand tunneling everything everywhere22:08
verdurinAh, I see.22:08
klindgrenbtw - if you dont use neutron routers - floating ip's wont work without some changes22:10
*** signed8bit_ZZZzz has quit IRC22:10
verdurinYes. We are using routers at the moment, which works fine, without any external access.22:11
verdurinBasically, for political reasons, the provision of the external network to the system was handled separately to the main configuration.22:11
klindgrenAh - we did a cloud in the past using software routers.  Spent to much time trying to figure out how to make the router scale to support the network.22:12
verdurinIt's now plumbed into the appliances and we're pondering how best to make it available.22:12
klindgrenso is that to say that an external team manages the external network - or that was the case and now you want to make the external network available to users who want it?22:14
verdurinEquipment was bought from a contractor and they've set it up, but we'll be managing it from now on.22:15
verdurinWe've been given about 32 public IPs, with the ability to request more later.22:16
verdurinThe contractor isn't very familiar with OpenStack.22:17
*** zul has quit IRC22:17
klindgrenhow many routers do you have/plan to have?22:18
*** csoukup has quit IRC22:19
verdurinThere are 6 controller nodes, though I'm hoping to upgrade to Juno or Kilo and benefit from DVR.22:20
verdurinThe concern is functionality at the moment.22:21
klindgrenso the issue that you are prolly going to run into is the inefficient use of IP's22:21
verdurinYes, that's been a concern.22:21
verdurinAm I right in thinking that the per-project quotas for floating IPs are global?22:22
verdurinIn other words, they don't differentiate between floating IPs used for different purposes?22:23
klindgrenquota's per project are not global - they come with defaults - but you should be able to change them22:24
*** SimonChung has quit IRC22:34
*** signed8bit is now known as signed8bit_ZZZzz22:37
*** SimonChung has joined #openstack-operators22:41
claytonklindgren: am now22:41
klindgrenclayton, I have some venv questiosn for you if you dont mind22:41
claytonsure22:42
*** SimonChung has quit IRC22:46
*** SimonChung has joined #openstack-operators22:46
klindgrensorry - finishing up another convo - so few questiosn - are you guys using giftwrap for your stuff - or are you building venv's by hand?22:49
klindgrenmike was pointing out: https://github.com/twc-openstack/puppet-designate_ext/tree/master/files/config22:49
klindgrenas my question was specific to with venv's how are you handling thefact that pip in a venv only installs python, but for msot services their are config filesthat are needed to make them actually usable22:50
*** saneax has joined #openstack-operators22:50
klindgrenclayton, ^^ - when you get a chance22:57
claytonfor designate it comes with example config files22:58
claytonso that puppet module copies them into place if they don't already exist, but won't replace them if they do22:58
klindgrenkk - and do you use giftwrap?23:03
claytonno, I've looked at it and I like the approach.23:06
claytonI have a few PRs againt it accepted and a few still pending23:06
claytonbut I think we're going to try to move to containers anyway23:06
klindgrenkk23:07
klindgrenthinking of moving to OSAD then?23:07
claytonno, my understanding is that it's LXC specific23:08
claytonwell, and we need a migration path, so we'll probably do most of it ourself, with borrowing from OSAD and kolla23:08
*** rbrooker has quit IRC23:27
*** j05hk has quit IRC23:36
*** j05hk has joined #openstack-operators23:36
*** mdorman has quit IRC23:45
*** SimonChung has quit IRC23:45
*** SimonChung1 has joined #openstack-operators23:45
*** SimonChung1 has quit IRC23:45
*** SimonChung has joined #openstack-operators23:45
*** SimonChung1 has joined #openstack-operators23:47
*** SimonChung has quit IRC23:47
*** mahito has joined #openstack-operators23:58
*** alop has quit IRC23:58
« Tuesday, 2015-07-14 Index Thursday, 2015-07-16 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!