Wednesday, 2019-05-15

« Tuesday, 2019-05-14 Index Thursday, 2019-05-16 »
goldyfruitSo far I'm stuck to the function execution00:14
goldyfruitqinling-engine is able to connect to Kubernetes API and etcd00:15
goldyfruitbut for any reason it gets the internal API of my master00:15
goldyfruithttps://paste.api-zulu.com/raw/ijayenetun00:15
goldyfruitI' ve to leave00:20
goldyfruitIf you want more detail, I sent you my email by DM00:20
*** goldyfruit has quit IRC00:26
*** goldyfruit has joined #openstack-qinling00:38
goldyfruitBack00:40
goldyfruitI'll try to stay connected00:40
goldyfruit(my laptop at least)00:40
*** goldyfruit has quit IRC01:58
*** goldyfruit_ has joined #openstack-qinling01:59
*** goldyfruit_ has quit IRC02:20
*** zigo has quit IRC07:28
*** zigo has joined #openstack-qinling09:36
*** zigo has quit IRC10:30
*** zigo has joined #openstack-qinling10:40
*** goldyfruit_ has joined #openstack-qinling11:55
*** goldyfruit_ has quit IRC12:19
*** goldyfruit_ has joined #openstack-qinling12:36
*** goldyfruit_ has quit IRC15:24
*** goldyfruit has joined #openstack-qinling16:24
goldyfruitHey guys16:32
goldyfruitlxkong, I'm still facing my issue with nodeport, my security groups for masters/minions are wild open16:33
goldyfruitDo I need something else16:34
goldyfruitEven directly in the master node I'm not able to reach the cluster IP17:12
*** goldyfruit has quit IRC17:59
*** goldyfruit has joined #openstack-qinling18:23
goldyfruitIf I spawn the PODs and the SVC from my own template (using the openstackqinling runtime image), I'm able to get the /pong18:31
goldyfruitmeaning something goes wrong during the provisioning by Qinling18:32
goldyfruitThe only difference I found from my template and the Qinling's one is "nodePort: 3XXXX" value missing from Qinling18:36
goldyfruitThe main difference is: Endpoints:                192.168.241.148:909018:58
goldyfruitI don't have this when I'm able to reach my pod18:58
goldyfruitAnd I have annotation18:59
goldyfruithttps://paste.api-zulu.com/raw/gogeqiqumo18:59
lxkonggoldyfruit: just double check, your k8s cluster is created using Magnum, right?21:17
lxkong`url: http://10.0.0.58:30978/execute`, do you mean `10.0.0.58` is your internal IP address?21:23
lxkonggoldyfruit: does each node in your cluster have type: ExternalIP address?21:23
goldyfruitMy cluster is deployed with Magnum21:30
goldyfruit10.0.0.58 was a private IP21:30
goldyfruitI fixed that, now it try to reach a FIP21:31
goldyfruitbut without success21:31
goldyfruitlxkong,21:32
lxkongwhat's the error?21:32
goldyfruithttps://paste.api-zulu.com/raw/dupikudoji21:33
goldyfruitI feel like I miss something21:33
lxkong?21:34
goldyfruitI don't understand what I missed in my setup21:35
lxkongif you create a nodeport service in the cluster, can you access it from the qinling control plane?21:37
goldyfruityep21:39
lxkonghmm...21:39
lxkongif the service and all the pods are still alive, you can check the connection using curl21:40
goldyfruitDEBUG qinling.engine.default_engine [req-ae22590f-37c6-407f-a3ec-020938c214c6 e9c13653afc24d0e85d97d42fc781810 5eeb5916ae4b43699f06ea422e581b83 - default default] Found service url for function: a8805e50-014f-4b3d-9ab4-3d200b43b2b7(version 0), execution: e387a2ed-79d7-4a77-88bf-de05da7956f6, url: http://192.207.60.181:30410/execute create_execution /var/lib/kolla/venv/local/lib/python2.7/site-packages/qinling/engine/default_engine.py:16821:42
goldyfruitcurl timeout21:43
goldyfruiton k8s I see the service created21:43
goldyfruitqinling       service-a8805e50-014f-4b3d-9ab4-3d200b43b2b7-0   NodePort    10.254.21.2      <none>        9090:30410/TCP           82s     function_id=a8805e50-014f-4b3d-9ab4-3d200b43b2b7,function_version=0,pod-template-hash=5f7bb6fb44,runtime_id=0cbd4f27-57bc-411a-ab9b-9348c954617921:43
goldyfruit192.207.60.181 is the FIP of one of my master21:43
goldyfruitThis is the pod and the svc from the qinling namespace: https://paste.api-zulu.com/raw/onuzidokel21:48
goldyfruitI'm using Kubernetes 1.13.421:50
goldyfruitHere the describe of the service created by Qinling: https://paste.api-zulu.com/raw/goyahafoga21:52
goldyfruitEven from inside the cluster I'm not able to get the cluster ip21:55
lxkongwhat's your magnum version?21:58
goldyfruit8.021:58
goldyfruit(Stein)21:58
lxkongcan you show me the security group rules associated with the worker node port?21:58
lxkongalso, just for sure, please also check the network policy in the cluster?21:58
goldyfruithttps://paste.api-zulu.com/zawasecija.rb21:59
goldyfruitsecurity gorup rules for master and minions22:00
goldyfruitlxkong, what do you mean pas network policy in the cluster, how can I do that ?22:00
goldyfruit(not a k8s expert :()22:00
lxkong`kubectl get networkpolicy -n <namespace>`22:01
lxkongif there is one, describe it22:01
goldyfruitNAME                        POD-SELECTOR   AGE22:02
goldyfruitallow-qinling-engine-only   <none>         8h22:02
goldyfruithttps://paste.api-zulu.com/fitaxuwemi.pas22:02
lxkongcould you try to remove that network policy?22:04
lxkongand try again to curl22:05
goldyfruit:o !22:06
goldyfruitOMG22:06
lxkong?22:06
goldyfruitI'm able to reach the nodeport22:06
lxkongany luck?22:06
lxkongnice, then the network policy is the problem22:06
goldyfruit# curl  http://192.207.60.181:30410/ping -I22:06
goldyfruitHTTP/1.1 200 OK22:06
goldyfruitContent-Type: text/html; charset=utf-822:06
goldyfruitContent-Length: 422:06
lxkongwe should fix that22:06
lxkonggoldyfruit: please continue the journey, i'm ready to answer the next question :-)22:07
goldyfruitthe trusted_cidrs should not avoid the IPBlock ?22:07
goldyfruittrusted_cidrs = 10.128.150.4/3222:07
goldyfruitOk, now I got Failed to download function package from https://api.mycloud.com:7070/v1/functions/a8805e50-014f-4b3d-9ab4-3d200b43b2b7?download=true22:09
goldyfruitI guess I'll set the internal endpoint in qinling22:09
lxkonggoldyfruit: well, if you are using calico as the network plugin, the IPBlock cidr is only valid for the internal cluster ips22:10
goldyfruitHum22:10
goldyfruitI'm using calico22:10
lxkongfor now, just remove the network policy.22:10
lxkonggoldyfruit: you are working on a public cloud or private?22:11
goldyfruitpublic22:11
goldyfruitand private22:11
lxkong:-)22:11
lxkongok, for now, just remove the network policy, i will create an issue for tracking22:12
goldyfruitI removed the network policy22:12
lxkongand the pod needs to talk to qinling-api for package downloading22:12
goldyfruit:o22:13
goldyfruitThat is my issue there22:13
goldyfruitI need to open 707022:13
lxkongwhere it's blocked?22:13
lxkong7070 is the qinling service port22:13
goldyfruitMy k8s cluster is in a different place than the API22:14
goldyfruitWaiting from the network guy :p22:14
lxkongok. In our cloud, we allow the cluster nodes to talk to the api services.22:14
goldyfruitYeah, I just requested the same :)22:15
goldyfruitare you running go runtime ?22:15
goldyfruitIn fact, what runtimes are you running ?22:15
lxkongno, qinling only supports python. We are not running qinling in production actually, it's in alpha, and we plan to integrate qinling with knative at some time in the future.22:16
lxkongbecause in openstack community, there are not many people asking for FaaS, even after almost 1.5 years since Qinling was created22:17
goldyfruitTo be honest, the installation is quite complicated22:17
goldyfruitNone of the installers are able to deploy Qinling22:18
lxkonggoldyfruit: yeah, how did you install other openstack services?22:18
goldyfruitI integrated Qinling to Kolla in our case, I'll push it upstream (hoping they will merge it)22:18
goldyfruitI really think that it's a very cool project22:19
lxkongyeah, usually it's up to other community (e.g. ubuntu, kolla, openstack-ansible) to help to support qinling installation, but according to the current upstream situation in openstack...you know22:19
goldyfruitJust not enough "marketing" around it22:19
lxkongand not feedbacks22:20
lxkongas a result, it's in the maintenance for now. I'm answering question here but don't put much time working on that.22:20
goldyfruitWe install OpenStack using Kolla from OpenStack tarballs, which avoid the packages situation22:20
goldyfruitI understand22:21
lxkonguntil we are at a point to say, ok, we need to provide FaaS to the public, and we spend time on evalutating knative and so integration and development22:21
goldyfruitYou said Qinling support only Python22:21
lxkongyes22:21
goldyfruitIf we build our runtimes it will support other langages, right ?22:21
lxkongyep, sure22:22
goldyfruit(you scared me :p)22:22
lxkongthe runtime part is actually just an image22:22
lxkongas cloud provider, you can use any image you want22:22
goldyfruitYeah, I checked a bit on github/docker hub22:22
lxkongonly need to implement some functions22:22
lxkongthe image in Qinling upstream is only for dev purpose, i believe most of the cloud provider will have their own image for security reasons22:23
goldyfruitYeah for the CI as I read22:23
lxkongcorrect22:23
goldyfruitResources on Qinling are missing which is why it's not popular I thing22:24
goldyfruitthink*22:24
lxkongyeah22:24
goldyfruitWhen I was looking on Google to install it I only got few links and most of them were from your blog post22:25
goldyfruitwhich I had to translate :D22:25
lxkonghah22:25
lxkongi should write in English from the beginning22:26
goldyfruitI think one thing that could help a lot is the official documentation and the integration with Magnum22:26
lxkongi agree, we had one person who were mainly working on the doc a while ago, but he left openstack unfortunately22:28
goldyfruitAs many people22:29
goldyfruitBut OpenStack still there22:29
goldyfruitMore stable as ever22:29
goldyfruit(I started in 2012)22:29
lxkongyeah, and especially after k8s is becoming a buzz, we see a log of advantages to run k8s on top of openstack22:30
goldyfruitYep!22:30
lxkongit's much flexible to integrate the cloud services with k8s, do auto-scaling, auto-healing22:31
lxkongetc.22:31
goldyfruitExactly22:31
lxkongso we have deployed magnum (now in beta), and myself has been working on cloud-provider-openstack since last year.22:32
lxkongthat's another reason i didn't have much time on QInling :-)22:32
lxkongbecause costomers are still asking from container infra at the moment, FaaS may be the next thing22:33
goldyfruitTotally understand22:33
goldyfruitI found one of your PR22:33
goldyfruitabout PVC22:33
goldyfruithttps://github.com/kubernetes/cloud-provider-openstack/pull/40522:34
goldyfruitAre you using the cloud provider 1.14 ?22:34
goldyfruitSo I opened the port22:34
lxkong1.14 you mean CPO(cloud-provider-openstack)?22:34
goldyfruityes22:35
lxkongyes, we are using the latest version22:35
goldyfruitGood to know22:35
goldyfruitI got this error when I execute the function22:35
goldyfruithttps://paste.api-zulu.com/raw/epaxipowap22:35
goldyfruitI followed this doc: https://docs.openstack.org/qinling/latest/quick_start.html22:36
goldyfruitI'm using Qinling master branch22:39
lxkonggoldyfruit: can you check the pod log?22:40
lxkongyou can use `kubectl get po --show-labels` to find out which pod is working22:40
goldyfruithttps://paste.api-zulu.com/uximemuzec.sql22:41
goldyfruitI'll try the python3 runtime22:43
goldyfruitpython3 is a success22:43
goldyfruit+------------------+--------------------------------------+22:43
goldyfruit| Field            | Value                                |22:43
goldyfruit+------------------+--------------------------------------+22:43
goldyfruit| id               | 221294ff-2922-4ee7-9c8f-03f8e796a689 |22:43
goldyfruit| function_id      | c73357a6-8fb0-46f1-9c6b-1103ca1656ab |22:43
goldyfruit| function_version | 0                                    |22:44
goldyfruit| description      | None                                 |22:44
goldyfruit| input            | None                                 |22:44
goldyfruit| result           | {"duration": 0.505, "output": 30}    |22:44
goldyfruit| status           | success                              |22:44
goldyfruit| sync             | True                                 |22:44
goldyfruit| project_id       | 5eeb5916ae4b43699f06ea422e581b83     |22:44
goldyfruit| created_at       | 2019-05-15 22:43:42                  |22:44
goldyfruit| updated_at       | 2019-05-15 22:43:45                  |22:44
goldyfruit+------------------+--------------------------------------+22:44
goldyfruitopenstack function execution  log show 221294ff-2922-4ee7-9c8f-03f8e796a68922:45
goldyfruitWARN: Resource limiting failed, run in unlimit mode.22:45
goldyfruitStart execution: 221294ff-2922-4ee7-9c8f-03f8e796a68922:45
goldyfruitFinished execution: 221294ff-2922-4ee7-9c8f-03f8e796a68922:45
goldyfruitI'm going forward !22:45
lxkonghooray!22:47
goldyfruitJust looking for  Resource limiting failed, run in unlimit mode22:47
lxkongResource limiting is a feature wasn't well implemented22:48
lxkongif yo don't mind, could you please create several stories in https://storyboard.openstack.org/#!/project/openstack/qinling for all the issues you've seen?22:49
goldyfruitI'll22:49
lxkongmuch appreciate22:49
goldyfruitopenstack function create --cpu unlimited should work right ?22:49
goldyfruitNo problem, this is the least i can do !22:49
goldyfruitI guess it wants a numeric value22:50
lxkongit's based on cgroup on the worker node, if it's not supported, then all the resource limit parameter won't work, so you could ignore those params22:52
lxkongfyi, https://paste.api-zulu.com/zixolasiku.py22:53
goldyfruitGreat22:53
goldyfruitSo, I have FaaS working on my environment!22:54
lxkongcongrat! (i know how frustration you were in the jouney)22:54
lxkonganyway, i will leave you here and have to spend some time on my daily job22:54
goldyfruitNot that much, don't worry. I started to work on it yesterday morning22:54
goldyfruitSure!22:54
lxkongfeel free to ping me or leave msg here if you have any other questiosn22:55
goldyfruitThanks again for your help, I'll create the stories22:55
goldyfruitI'll, thanks22:55
lxkongnp22:55
*** goldyfruit has quit IRC23:22
*** goldyfruit has joined #openstack-qinling23:50
« Tuesday, 2019-05-14 Index Thursday, 2019-05-16 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!