Wednesday, 2015-11-18

« Tuesday, 2015-11-17 Index Thursday, 2015-11-19 »
*** derekh has joined #openstack-operators00:13
*** harshs has quit IRC00:17
*** sanjayu has joined #openstack-operators00:20
*** derekh has quit IRC00:20
*** harshs has joined #openstack-operators00:31
*** dminer has quit IRC00:31
*** harshs_ has joined #openstack-operators00:34
*** harshs has quit IRC00:36
*** harshs_ is now known as harshs00:36
*** harshs has quit IRC00:37
*** mdorman has quit IRC00:40
*** harshs has joined #openstack-operators00:44
*** harshs has quit IRC00:44
*** shimura_ken has joined #openstack-operators00:52
*** armax has joined #openstack-operators00:57
*** gyee has quit IRC00:57
*** krobzaur_ has quit IRC01:00
*** SimonChung has joined #openstack-operators01:01
*** SimonChung2 has quit IRC01:01
*** SimonChung1 has joined #openstack-operators01:02
*** SimonChung has quit IRC01:02
*** SimonChung has joined #openstack-operators01:03
*** SimonChung1 has quit IRC01:03
*** mriedem has joined #openstack-operators01:05
*** alop has quit IRC01:05
*** zhangjn has joined #openstack-operators01:06
*** SimonChung has quit IRC01:14
*** kencjohnston has joined #openstack-operators01:26
*** VW has joined #openstack-operators01:52
*** harshs has joined #openstack-operators01:52
*** harshs has quit IRC02:02
*** Marga_ has quit IRC02:11
*** VW has quit IRC02:16
*** sanjayu has quit IRC02:23
*** ccarmack has joined #openstack-operators02:33
*** fawadkhaliq has joined #openstack-operators02:42
*** lhcheng has quit IRC02:49
*** lhcheng has joined #openstack-operators02:50
*** lhcheng has quit IRC02:50
*** shimura_ken has quit IRC02:51
*** shimura_ken has joined #openstack-operators02:52
*** shimura_ken has quit IRC02:53
*** yantarou____ has joined #openstack-operators02:53
*** rick_ has joined #openstack-operators03:10
*** maishsk has quit IRC03:10
*** yantarou____ has quit IRC03:17
*** bvandenh has joined #openstack-operators03:19
*** lhcheng has joined #openstack-operators03:23
*** bvandenh has quit IRC03:25
*** yantarou has joined #openstack-operators03:36
*** mriedem has quit IRC03:55
*** fawadkhaliq has quit IRC04:06
*** VW has joined #openstack-operators04:16
*** SimonChung has joined #openstack-operators04:17
*** SimonChung1 has joined #openstack-operators04:19
*** VW has quit IRC04:20
*** SimonChung has quit IRC04:21
*** fawadkhaliq has joined #openstack-operators04:27
*** gfa is now known as gfa_04:35
*** zhangjn has quit IRC04:37
*** zhangjn has joined #openstack-operators04:38
*** markvoelker_ has quit IRC04:40
*** harshs has joined #openstack-operators04:52
*** harshs_ has joined #openstack-operators04:52
*** harshs has quit IRC04:56
*** harshs_ is now known as harshs04:56
*** rick_ has quit IRC05:09
*** zerda has joined #openstack-operators05:14
*** Marga_ has joined #openstack-operators05:20
*** Marga_ has quit IRC05:20
*** Marga_ has joined #openstack-operators05:21
*** rick_ has joined #openstack-operators05:22
*** zhangjn_ has joined #openstack-operators05:26
*** zhangjn has quit IRC05:27
*** lhcheng_ has joined #openstack-operators05:29
*** lhcheng has quit IRC05:32
*** zhangjn_ has quit IRC05:37
*** zhangjn has joined #openstack-operators05:38
*** harshs_ has joined #openstack-operators05:43
*** harshs has quit IRC05:44
*** harshs_ is now known as harshs05:44
*** sanjayu has joined #openstack-operators05:52
*** clayton has quit IRC06:22
*** clayton has joined #openstack-operators06:23
*** rcernin has joined #openstack-operators06:37
*** lhcheng has joined #openstack-operators06:39
*** markvoelker has joined #openstack-operators06:40
*** lhcheng_ has quit IRC06:42
*** markvoelker has quit IRC06:45
*** elemoine has joined #openstack-operators06:56
*** Marga_ has quit IRC07:03
*** Marga_ has joined #openstack-operators07:05
*** armax has quit IRC07:16
*** subscope has joined #openstack-operators07:24
*** harshs has quit IRC07:36
*** markvoelker has joined #openstack-operators07:41
*** markvoelker has quit IRC07:46
*** jmccrory has quit IRC07:49
*** jmccrory has joined #openstack-operators07:54
*** belmoreira has joined #openstack-operators07:57
*** matrohon has joined #openstack-operators08:05
*** liverpooler has joined #openstack-operators08:07
*** maishsk has joined #openstack-operators08:14
*** egonzalez has joined #openstack-operators08:30
*** rick_ has quit IRC08:33
*** fawadkhaliq has quit IRC08:41
*** fawadkhaliq has joined #openstack-operators08:42
*** lhcheng has quit IRC08:45
*** ferest has joined #openstack-operators08:48
*** ferest has quit IRC08:53
*** fawadkhaliq has quit IRC08:57
*** egonzalez has quit IRC09:20
*** Piet has quit IRC09:21
*** cbrown2_ocf has joined #openstack-operators09:29
*** ahonda has quit IRC09:32
*** markvoelker has joined #openstack-operators09:42
*** markvoelker has quit IRC09:46
*** cbrown2_ocf has quit IRC10:12
*** cbrown2_ocf has joined #openstack-operators10:22
*** zhangjn has quit IRC10:28
*** fawadkhaliq has joined #openstack-operators10:36
*** marekd has joined #openstack-operators10:38
*** zhangjn has joined #openstack-operators10:51
*** zhangjn has quit IRC11:11
*** VW has joined #openstack-operators11:18
*** VW has quit IRC11:23
*** aswadr has joined #openstack-operators11:32
*** subscope has quit IRC11:41
*** subscope has joined #openstack-operators11:42
*** markvoelker has joined #openstack-operators11:43
*** markvoelker has quit IRC11:47
*** bvandenh has joined #openstack-operators11:50
*** egonzalez has joined #openstack-operators12:03
*** bvandenh has quit IRC12:05
*** zerda has quit IRC12:08
*** zhangjn has joined #openstack-operators12:09
*** zhangjn has quit IRC12:09
*** zhangjn has joined #openstack-operators12:10
*** zhangjn has quit IRC12:10
*** zhangjn has joined #openstack-operators12:10
*** aswadr has quit IRC12:15
*** subscope has quit IRC12:20
*** subscope has joined #openstack-operators12:21
*** subscope has quit IRC12:21
*** egonzalez has quit IRC12:22
*** alejandrito has joined #openstack-operators12:23
*** jkraj has joined #openstack-operators12:28
*** berendt has joined #openstack-operators12:35
*** fawadkhaliq has quit IRC12:42
*** markvoelker has joined #openstack-operators12:43
*** markvoelker has quit IRC12:48
*** electrofelix has joined #openstack-operators12:57
*** markvoelker has joined #openstack-operators13:09
*** cbrown2_ocf has quit IRC13:27
*** bvandenh has joined #openstack-operators13:28
*** sanjayu has quit IRC13:35
*** ccarmack has left #openstack-operators13:45
*** elemoine has quit IRC13:56
*** krobzaur_ has joined #openstack-operators14:07
*** bapalm has joined #openstack-operators14:08
*** bvandenh has quit IRC14:30
*** openstackgerrit has quit IRC14:31
*** openstackgerrit has joined #openstack-operators14:32
*** cbrown2_ocf has joined #openstack-operators14:32
*** cbrown2_ocf has quit IRC14:33
*** jkraj has quit IRC14:37
*** bapalm has quit IRC14:43
*** bapalm has joined #openstack-operators14:43
*** fawadkhaliq has joined #openstack-operators14:44
*** mriedem has joined #openstack-operators14:45
*** cbrown2_ocf has joined #openstack-operators14:49
*** ToMiles has joined #openstack-operators14:51
*** cbrown2_ocf has quit IRC14:52
*** laron has joined #openstack-operators14:54
*** harshs has joined #openstack-operators14:58
*** kencjohnston has quit IRC14:58
*** krobzaur has joined #openstack-operators15:01
*** krobzaur_ has quit IRC15:03
*** signed8bit has joined #openstack-operators15:04
*** subscope has joined #openstack-operators15:08
*** harshs has quit IRC15:10
*** liverpooler has quit IRC15:16
*** jeh has quit IRC15:17
*** csoukup has joined #openstack-operators15:27
*** berendt has quit IRC15:30
*** krobzaur has quit IRC15:32
*** kencjohnston has joined #openstack-operators15:39
*** krobzaur has joined #openstack-operators15:40
*** kencjohnston has quit IRC15:41
*** kencjohnston has joined #openstack-operators15:47
*** mdorman has joined #openstack-operators15:49
*** mriedem is now known as mriedem_meeting15:56
*** rcernin has quit IRC16:09
*** maishsk has quit IRC16:10
*** maishsk has joined #openstack-operators16:12
*** kencjohnston has quit IRC16:13
*** elemoine has joined #openstack-operators16:13
*** kencjohnston has joined #openstack-operators16:14
*** maishsk_ has joined #openstack-operators16:17
*** maishsk has quit IRC16:20
*** maishsk_ is now known as maishsk16:20
*** fawadkhaliq has quit IRC16:20
*** alop has joined #openstack-operators16:21
*** belmoreira has quit IRC16:24
*** dminer has joined #openstack-operators16:25
*** Piet has joined #openstack-operators16:38
*** Marga_ has quit IRC16:40
*** Marga_ has joined #openstack-operators16:42
openstackgerritMerged openstack/osops-tools-contrib: Adding the README  https://review.openstack.org/24531616:42
*** SimonChung1 has quit IRC16:43
*** britthouser has quit IRC16:46
*** maishsk has quit IRC16:47
mdorman@j^2  my calendar says there’s an osops irc meeting today.  is that true?16:52
*** britthouser has joined #openstack-operators16:54
*** fawadkhaliq has joined #openstack-operators16:54
*** fawadkhaliq has quit IRC16:55
*** fawadkhaliq has joined #openstack-operators16:55
*** cbrown2_ocf has joined #openstack-operators16:57
j^2Mdorman: I'm planning on being there. I don't control the agenda though raginbajin does16:58
*** belmoreira has joined #openstack-operators16:58
raginbajinmdorman: There should be.  We didn't have previous one because it was right after the summit and people were probably a bit tired.16:59
j^2I'd like to start the code stds today too17:00
*** lhcheng has joined #openstack-operators17:01
*** lhcheng_ has joined #openstack-operators17:02
*** lhcheng has quit IRC17:02
raginbajinThat seems good to me. I think I understood as that when the summit was over the ideas and work would start up around then since we'd have more feedback from the summit.17:04
mdormanj^2 / raginbajin   sounds good17:05
*** lhcheng_ is now known as lhcheng17:05
balajinmdorman: j^2: raginbajin: where can i find further details of the meeting17:06
balajinwould like to add to my calendar and if free will join the meeting17:06
balajinthanks in advance17:06
*** matrohon has quit IRC17:07
*** mriedem_meeting is now known as mriedem17:08
raginbajinhttp://eavesdrop.openstack.org/#Operators_Monitoring/Ops_Tools_Working_Group17:08
raginbajinThat has the current schedule as well as an iCal that you can add for the meeting.17:08
raginbajinbalajin you can also see all the logs from our meetings here:  http://eavesdrop.openstack.org/meetings/operators_ops_tools_monitoring/2015/17:09
balajinraginbajin: thank you17:10
balajinhttp://eavesdrop.openstack.org/#OpenStack_Operators_Team_Meeting - is this the same as the LDT operators meeting?17:13
raginbajinThose are all different meetings17:17
raginbajinI believe anyways17:18
raginbajinmaybe klindgren knows17:18
klindgrenLDT is an odd schedule17:19
j^2klindgren: we should remove the "old" meeting then17:19
klindgrenits every month - alternating timezones17:19
klindgrenI dont see an LDT meeting in the eavesdrop link above?17:20
klindgrenthe OPS one isn't LDT17:20
*** gyee has joined #openstack-operators17:20
j^2ah cool17:21
*** belmoreira has quit IRC17:25
*** krobzaur has quit IRC17:25
*** maishsk has joined #openstack-operators17:27
mdormanso is the “OpenStack Operators Team Meeting” the “old” meeting that’s no longer in place?17:32
mdormanconfused about all this17:32
balajinhaha17:33
balajinso we do not have an ops meeting in 27 mins from now17:33
mdormanwell the one 27 mins from now is “Operators Monitoring/Ops Tools Working Group”  right?17:34
mdormaner17:35
balajinmdorman: nope, that is 87 mins from now17:35
balajin:)17:35
balajinor rather 8517:35
mdormanyeah you’re right.17:35
*** elemoine has quit IRC17:39
j^2mdorman, balajin: wait what? I thought everything falls under the "Tools Working group"17:39
j^2that's the one that i've put OSOps in17:40
balajinj^2: there is a 10a PST meeting which is not happening any more17:40
balajinthe 11a PST is the tools working group meeting17:40
*** armax has joined #openstack-operators17:41
j^2balajin: so we've condensed everything into: http://eavesdrop.openstack.org/#Operators_Monitoring/Ops_Tools_Working_Group right?17:42
j^2or am i missign something?17:42
balajinj^2: i think that is hte conclusion that i am hearing so far17:44
j^2awesome, good, and to confirm that is 1300CST or 1100PST?17:45
balajinyup17:45
j^2rockon, ok i'm in the clear now, but raginbajin do we have an etherpad with the agenda on it? or anything?17:45
j^2if not, we should start putting them together for at least the next meeting17:46
*** SimonChung has joined #openstack-operators17:47
*** cbrown2_ocf has quit IRC17:51
mdormanok so sticking with the 11am PST one then.  got it.17:52
mdormanhow do we get that other one off that wiki?17:52
mriedemnova could use some ops feedback on an issue related to nova-manage db archive_deleted_instances, spelled out in this thread http://lists.openstack.org/pipermail/openstack-dev/2015-November/079778.html17:52
mdormannot a wiki, i guess.17:52
j^2mdorman: i think it's just a remove in infra, i can take that if you don't want to figure it out17:54
mdormansure that’d be great :)17:54
*** verdurin has quit IRC17:55
j^2:rockon: on it17:55
*** ToMiles has quit IRC17:56
j^2i think i'll propose to convert the tools working group to OSOps or something like that so we all know where to meet from now on17:59
j^2so we don't have this confusion againg17:59
mdormanyeah that sounds good18:02
balajinthanks j^218:03
j^2:D i'm here to whip us into shape :D18:03
j^2yall don't like chef, and i want to be part of the community so fuckit, i'll get OSOps off the ground :D18:03
j^2balajin: well you do ;)18:04
balajinha ha18:04
*** belmoreira has joined #openstack-operators18:04
balajinj^2: i have taken over 6+ months to start liking chef18:05
*** belmoreira has quit IRC18:05
raginbajinSo it's called the Monitoring and Tools workign group because at all the Summits there have been sessions and large discussions around it.18:05
balajinand now that i understand how to use chef, i am slowly trying to move everything that we want to do for config management and deployment to chef18:05
raginbajinI just don't want anyone to go and create another one because we renamed it to OSOps18:06
j^2raginbajin: could we add OSOps in the title?18:06
raginbajinThe Operators group meeting was an old one that was just for Operators to meet. It was very generic.18:06
raginbajinAbsolutely18:06
*** alop has quit IRC18:06
j^2ok, lets table this and we can talk about in the meeting18:06
j^2balajin: yeah it takes a while, but as soon as you get your head wrapped around it it's crazy powerful :D18:07
j^2balajin, mdorman, klindgren, raginbajin:  https://review.openstack.org/24707018:08
balajinagreed18:11
j^2raginbajin: https://review.openstack.org/247075 With the wording it seemed correct to put OSOps where i did. Totally open to suggestions18:12
*** Marga_ has quit IRC18:13
raginbajinThat seems to work for me.. We could drop the Monitoring and Tools part in the future once everyone is comfortable and just keep the it in the description so people can see what it is about.18:14
raginbajinBut for now I think that works great.18:14
j^2perfect :D18:15
*** signed8b_ has joined #openstack-operators18:17
j^2added to the OSOps wiki too: https://wiki.openstack.org/wiki/Osops#Contents need the agendas, eventually, but it's a start18:19
*** signed8bit has quit IRC18:19
*** regXboi has joined #openstack-operators18:20
*** regXboi has quit IRC18:21
*** fawadkhaliq has quit IRC18:21
*** verdurin has joined #openstack-operators18:22
*** harshs has joined #openstack-operators18:43
*** signed8b_ is now known as signed8bit_ZZZzz18:44
*** signed8bit_ZZZzz is now known as signed8b_18:47
*** bvandenh has joined #openstack-operators18:49
*** kencjohnston_ has joined #openstack-operators18:51
*** kencjohnston has quit IRC18:54
*** signed8bit has joined #openstack-operators19:03
*** signed8b_ has quit IRC19:04
*** Guest12059 is now known as med_19:04
*** med_ has quit IRC19:04
*** med_ has joined #openstack-operators19:04
*** harlowja has quit IRC19:05
*** VW has joined #openstack-operators19:07
*** VW has quit IRC19:07
*** harlowja has joined #openstack-operators19:08
*** Marga_ has joined #openstack-operators19:19
*** mriedem has quit IRC19:20
*** bapalm has quit IRC19:23
*** elemoine has joined #openstack-operators19:24
*** bapalm has joined #openstack-operators19:26
*** mriedem has joined #openstack-operators19:30
*** Marga_ has quit IRC19:47
*** laron has quit IRC19:54
*** Rockyg has joined #openstack-operators20:01
*** laron_ has joined #openstack-operators20:02
*** subscope has quit IRC20:06
*** subscope has joined #openstack-operators20:06
*** laron_ has quit IRC20:06
*** laron has joined #openstack-operators20:07
*** subscope has quit IRC20:09
*** subscope has joined #openstack-operators20:10
*** Marga_ has joined #openstack-operators20:14
*** bvandenh has quit IRC20:15
*** subscope has quit IRC20:17
*** lhcheng has quit IRC20:35
*** harlowja has quit IRC20:36
*** harlowja has joined #openstack-operators20:41
*** Marga_ has quit IRC20:45
*** verdurin has quit IRC20:49
*** vinsh_ has joined #openstack-operators20:51
*** rebase has joined #openstack-operators20:53
balajinklindgren: when you are done with the openstack-conductor meeting, mind sending a summary to the ops mail?20:54
*** vinsh has quit IRC20:54
balajini am guessing there is lot of interest there given the recent post about deprecating local conductor in the next major release20:54
klindgrenyea - I dunno how long that will take though?20:55
*** vinsh has joined #openstack-operators21:00
*** vinsh_ has quit IRC21:00
*** laron has quit IRC21:01
*** openstack has joined #openstack-operators21:04
*** signed8bit is now known as signed8bit_ZZZzz21:04
*** alejandrito has quit IRC21:04
*** elemoine has quit IRC21:12
*** verdurin has joined #openstack-operators21:18
*** laron has joined #openstack-operators21:18
*** signed8bit_ZZZzz is now known as signed8bit21:19
*** lhcheng has joined #openstack-operators21:24
*** verdurin has quit IRC21:31
*** Rockyg has quit IRC21:31
*** maishsk_ has joined #openstack-operators21:34
*** Marga_ has joined #openstack-operators21:34
*** maishsk has quit IRC21:35
*** maishsk_ is now known as maishsk21:35
*** Marga_ has quit IRC21:39
*** Marga_ has joined #openstack-operators21:40
*** elo has quit IRC21:44
*** kencjohnston_ has quit IRC21:45
drwahlanyone have any scripts to help find orphaned neutron ports?21:47
drwahlwas about to write something up and figured someone else had to have had this done already21:47
drwahlbut, i don't see it in the osops-tools-generic repo21:47
mdormanklindgren may have something, i’m not sure.21:48
drwahli thought i saw something floating around at one time, but can't seem to find it now21:48
klindgrenonly did some one liners around fips21:49
klindgrennothing around ports21:49
drwahlbleh, useless ;)21:49
drwahlok, i'll try to come up with something and get it up for review21:50
drwahlthanks guys21:50
klindgrendrwahl, if you also want to do routers - that would be awesome21:53
drwahlorphaned routers?21:54
drwahlor orphaned ports on routers?21:54
klindgrenboth?21:54
*** VW has joined #openstack-operators21:54
*** VW has quit IRC21:55
drwahlwfm21:55
*** VW has joined #openstack-operators21:55
klindgrenI think orphaned ports should find orphaned ports on routers21:56
drwahlya, i think so21:57
*** verdurin has joined #openstack-operators21:59
*** verdurin has quit IRC22:03
*** lhcheng has quit IRC22:04
*** lhcheng has joined #openstack-operators22:15
*** harshs has quit IRC22:26
klindgrenThose people following remote conductor work....22:28
klindgrenTurned off SSL to rabbitmq *MASSIVE* drop in cpu consumption by conductor22:28
dansmithklindgren: so I expect you were paying a lot for SSLing the heartbeats22:29
dansmithbased on the number of calls22:29
klindgrenwe disabled heartbeats and it didn't really make a change22:29
dansmithklindgren: okay, but the call counts don't match (even close) between those22:30
dansmithwell, maybe that's how it's being used, I dunno22:30
dansmithklindgren: but if conductor is idle, I dunno how else to explain the drop when not doing things22:30
dansmithbut whatever22:30
klindgrenwell went went from being 9-10% cpu usage on conductor when not really doing anything with it using 20-30% cpu per worker when doing stuff22:31
*** verdurin has joined #openstack-operators22:31
klindgrento bascially never higher than 1.3%22:31
klindgrenmost of the time around .7%22:31
mgagnewow22:32
dansmithmgagne: are you using ssl to rabbit?22:32
mgagnedansmith I'm not yet22:32
dansmithklindgren: out of curiosity, what is the thinking about why ssl was a good idea in the first place?22:32
klindgrendansmith, security req22:32
mgagnedansmith OpenStack Security Guide recommendations? =)22:32
dansmithklindgren: presumably your management network is private enough to not sorry about anything right?22:32
klindgrendont pass stuff in plain text22:33
dansmithmgagne: oh, does it recommend that?22:33
mgagnedansmith yea, I heard that one once22:33
mgagnedansmith of course22:33
dansmiththe reason I say that is that there's really no auth on the other end22:33
serverascodewe run rabbit with ssl too, though not sure how common it is22:33
klindgrendansmith, that doesn't stop the security folks from being like - zomg plaintext stuff on the netwokr22:33
klindgrendeath22:33
dansmithso if it's really just snooping, then whatever, but doesn't seem worth it too me, especially given today's revelation22:34
*** maishsk_ has joined #openstack-operators22:34
mgagneklindgren can't you configure client cert auth too?22:34
dansmithone compute node can trivially impersonate another, so if you're concerned about something untrusted on that networ,22:34
dansmithyou're pretty much screwed anyway22:34
dansmiththe credentials for rabbit are on every node, so it's really not even worth sniffing the network for an attacker22:35
*** rick_ has joined #openstack-operators22:35
balajindrwahl: http://git.openstack.org/cgit/openstack/osops-tools-generic/tree/neutron/listorphans.py22:35
klindgrendansmith, not disagreeing but - I dont think I am going to be able to get the sign-off from another team22:36
dansmithklindgren: okay, but you'll attribute the capital expense PO to SSL not conductor, right?22:37
*** maishsk has quit IRC22:37
*** maishsk_ is now known as maishsk22:37
drwahlbalajin: thx, that might get me what i'm looking for22:37
dansmithyou can now very clearly document the cost of "security"22:37
dansmithor an SSL accelerator22:37
klindgrenI am curious though - we have other python things that are listening to fairly high traffic rabbitmq sources and processing a large number of requests and dont see this same load22:37
klindgrenIE notifications.info22:38
balajinklindgren: the reason why i want ssl is because we do not have a separate data plane + control plane and i dont want control plane data going in plain text22:38
dansmithbalajin: scary :(22:38
dansmithklindgren: how long did your profiler run for that graph?22:38
mgagneklindgren was SSL used before kilo?22:38
klindgrenerm ~2minutes22:38
klindgrenmgagne, since havana22:39
dansmithklindgren: so that looks to me like 165 nova messages22:39
dansmithklindgren: over the course of two minutes22:39
balajindansmith: :( yeah but that is how it is22:39
mgagneklindgren so although SSL is taxing a lot of CPU, it doesn't fully explain the increase in CPU usage22:39
dansmithklindgren: so if it's not lower level traffic, I dunno what it is22:39
dansmithbalajin: please tell me what cloud you run so I can stay away :)22:39
balajinprivate cloud, so unless you work for us you wont use it22:40
dansmithbalajin: okay good :)22:40
balajinand there is valid reason why we do that - cost22:40
dansmithoh sure I know why :)22:40
dansmiththe cost of the first breach will be fun too22:41
balajindansmith: may be or may be not22:46
*** sanjayu has joined #openstack-operators22:47
*** csoukup has quit IRC22:48
*** laron has quit IRC22:51
*** arcimboldo has joined #openstack-operators22:53
*** mriedem has quit IRC22:54
harlowjadansmith balajin whats the percantage of companies that do seperate it, i'd be curious to know, especially for large companies22:59
harlowja(if anyone knows)22:59
harlowjacan't be cheap to install and built-out datacenters with 2 isolated networks in the same DC22:59
dansmithharlowja: really?23:00
harlowjareally, i'm curious to know23:00
dansmithharlowja: most everyone has two nics to two TOR switches, no?23:00
dansmithat a minimum23:00
harlowjaidk, i have 1 company experience/knowledge, i don't know others23:00
harlowja(which is why i ask)23:00
dansmithI have less, I guess, but still..23:00
dansmithI would expect at least vlan separation23:00
harlowjaya, we have that at y! afaik23:01
harlowjabut does someone like google have 2 nics to two TOR switches?23:01
dansmithbut I know people will have like two 1G nics on the box, bonded for HA, an then two 10G nics bonded for data path23:01
harlowjaor microsoft, or rackspace or ...23:01
dansmithI would surely expect they do23:01
harlowjagot me :-P23:01
dansmithbonded 1G nics for control path I meant23:02
andyhkyright, at a minimum VLANs, most rackspace setups have > 1 NIC and > 1 TOR23:02
dansmithyeah23:02
balajindansmith: vlan separation is obvious23:02
balajinbut vlan happing to23:02
harlowjak, so we have 1 company > 1 NIC and > 1 TOR and 1 company 1 nice with 1 tor + vlan23:02
harlowja*nic not nice23:02
harlowjanice nic23:02
harlowjalol23:02
harlowjabalajin i think knows more of the reasons than i do though23:03
harlowja(or other network archictects)23:03
balajinfyi, we do the same thing to - multi-vlan23:03
dansmithI don't know of any vlan exploits, so I'm not sure why vlan justifies needing SSL23:03
balajindansmith: vlan hopping?23:03
dansmithbalajin: is that a thing? how does that happen?23:04
dansmithwikipedia tells me it's usually due to improper configuration :)23:05
dansmithanyway23:05
serverascodedansmith: what's wrong with incremental improvements? ie. using ssl with rabbit while we wait for all the other things we need to23:05
serverascode*too23:05
*** Piet has quit IRC23:05
dansmithserverascode: nothing other than that I just don't think it buys you much23:05
balajindansmith: if you allow native vlans it is very much possible23:05
dansmithserverascode: certainly not if it requires you to run 2-4x the number of workers23:05
klindgrensooooo turns out I screwed up the change to non-ssl23:06
klindgrenand it wasn't actually connecting to rabbitmq23:06
dansmithbalajin: mkay, well, anyway.. even just for isolation of the impact of downloading an image on the paying customers, I'd expect two paths23:06
mgagneso even when conductor does nothing, it eats up to 7% cpu :D23:06
dansmithmgagne: no, 0.7% he said23:07
klindgrencpu usage dropped a bit23:07
klindgrenbut waiting for a while to figure out what the overhead of ssl is23:07
mgagneoh =(23:07
balajindansmith: aboslutely  but for private i dont see a need23:07
dansmithklindgren: okay "a bit" is much more in line with what I'd expect for no heartbeats23:07
dansmithklindgren: still seems like you have something else going on, given you had 165 messages over the course of two minutes23:08
klindgrenwell considering that computes are hardset to report in usage for vm's every minute or something?23:08
klindgrenthat plus metadata23:09
dansmithklindgren: remind me why you have 30k metadata requests per hour?23:09
dansmithklindgren: and what is the "some" value of actually not using ssl?23:10
klindgrenpeople run puppet every minute in their vm's to talk to a metadata service23:11
klindgrenpuppet by default has the ec2 facter fact enabled23:11
klindgrenwhich hits metadata for things like az, hostname, region23:11
klindgrenect ect23:11
dansmithokay23:12
dansmithklindgren: instance_get_by_uuid() is 3% of the total workload in that graph23:13
dansmithklindgren: do you have debug logging turned on such that you can see if any lazy-loading is happening?23:14
dansmithin compute23:14
klindgrenI will get a cProfiler run with ssl enabled as well23:14
dansmithor metadata or whatever23:14
klindgrenwe don't have debug enabled23:14
klindgrenI can enable it on a few servers though23:14
klindgrenanything you specifically want me to look for23:14
klindgren?23:14
dansmithklindgren: https://github.com/openstack/nova/blob/master/nova/objects/instance.py#L832-L83623:16
*** rick_ has quit IRC23:16
klindgrenroot@p3plcldhv003-09 ~]# grep "Lazy-loading" /var/log/nova/nova*23:18
klindgren[root@p3plcldhv003-09 ~]#23:18
klindgrennothing on the box I enabled debug on23:18
dansmithklindgren: but it was enabled for like 30 seconds?23:19
dansmithregardless, I don't really see any evidence of that happening a lot on in the call graph either23:19
klindgrenright - jsut saying so far I see nothing23:19
klindgrenits still enabled23:20
dansmiththe 100% timer thing is something I can't explain, but it might be something related to eventlet, I dunno23:20
*** signed8bit is now known as signed8bit_ZZZzz23:20
klindgrenI think that might be somethign that happens during startup23:20
klindgrenI noticed tht for a few seconds it takes 100% cpu?23:20
*** ducttape_ has joined #openstack-operators23:20
klindgrenthen forks the children and cpu drops23:20
dansmithbut according to the docs on that profiler, it means that 100% of execution time was spent there23:20
dansmithit's percentage of execution time, not percent of a core or something23:21
klindgrenbut it also didn't actually do anything? I dont really have an answer on it either, I just passwed it off as catchign hte startup bit that did consume a bunch of cpu *shrug*23:23
*** harshs has joined #openstack-operators23:23
dansmithwell,23:23
dansmiththere's also poll() a ton23:23
dansmithso what I'm saying is,23:24
dansmithif there is some eventlet thread that is tight looping,23:24
dansmithyou'd see that, and a bunch of cpu usage, basically any time the process wasn't busy being blocked on a mysql call23:24
klindgrenso SSL disabled is good for a 4% reduction in cpu across all cpu's23:25
klindgrenIE util went from average of 48% to 44%23:25
*** VW has quit IRC23:26
dansmithokay23:27
dansmithI wonder if that means that the bulk of the CPU is not actually passing (and encrypting) messages23:27
dansmithto clarify my point earlier,23:27
dansmithinstance_get_by_uuid() is the target of both a lazy-load and of a metadata hit23:28
dansmithso that being 3% of the total rules out those two activities in my mind23:28
*** ducttape_ has quit IRC23:28
dansmithand really,23:30
dansmithdispatch_and_reply is 10% total23:30
dansmithwhich is the parent of every rpc inbound call23:30
dansmithso I think that means 90% of the work is being spent elsewhere23:30
klindgrenlet me run profile with ssl disabled23:31
klindgrencProfile*23:31
*** dminer has quit IRC23:34
*** signed8bit_ZZZzz is now known as signed8bit23:34
klindgrenhttp://tempsend.com/AD0217D818/AEA4/conductor1workernossl.svg23:40
dansmithstill <10% handling RPC requests23:41
dansmith56% in "impl_rabbit:ensure" -- whatever that is23:41
*** ahonda has joined #openstack-operators23:42
*** VW has joined #openstack-operators23:42
dansmithmaybe the 96% in poll:wait means it's spending all that time waiting on a socket, but it surely doesn't seem like it23:42
*** VW has quit IRC23:43
*** krobzaur has joined #openstack-operators23:46
dansmithklindgren: that looks like ~900 rpc messages in that trace, fwiw23:47
klindgrenit was almost exactly 4 minutes btw23:48
dansmithokay23:48
*** signed8bit is now known as signed8bit_ZZZzz23:50
harlowjabtw, https://github.com/openstack/oslo.messaging/blob/master/oslo_messaging/_drivers/impl_rabbit.py#L581 (ensure) i think is the main dispatch call, so thats probably why its at the top there23:53
harlowjabasically the thing that retries and handles errors...23:53
harlowjapretty sure its just a wrapper though23:54
harlowja(which is just in this case wrapping execute_method )23:55
harlowjaand/or _object_dispatch (?)23:55
dansmithharlowja: but 50% for ensure and 10% for do_dispatch()?23:56
dansmith57% and 8% in this case23:57
dansmithwhere is the rest of that time going/23:57
harlowjaya, thats the question23:57
dansmithit's also confusing that our receive/dispatch method is called "ensure" but whatever :)23:57
harlowjadef23:57
harlowjaensure provided 'method' that is being wrapped works23:58
harlowjapretty sure thats why its called that23:58
harlowjakombu itself has similar code (that i think post-existed oslo.messaging ensure)23:58
dansmithyeah, it's just weird23:58
harlowjahttps://github.com/celery/kombu/blob/master/kombu/connection.py#L388 ..23:59
harlowja'Ensure operation completes, regardless of any channel/connection23:59
harlowja        errors occurring.'23:59
harlowjathe oslo.messaging ensure is similar/equivalent(?)23:59
harlowjaprobably don't even need the oslo.messaging one anymore imho23:59
harlowjabut medhi would know best23:59
harlowja'23:59
harlowjapyamqp:90:drain_events23:59
harlowja56.79%'23:59
dansmithI'm really curious about where that time is going23:59
« Tuesday, 2015-11-17 Index Thursday, 2015-11-19 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!