Thursday, 2015-09-17

*** ducttape_ has quit IRC		00:02
*** markvoelker has joined #puppet-openstack		00:06
*** zhangjn has quit IRC		00:09
*** markvoelker has quit IRC		00:11
*** gfidente has quit IRC		00:12
*** karume has joined #puppet-openstack		00:15
*** ducttape_ has joined #puppet-openstack		00:15
*** apuimedo has quit IRC		00:16
*** karume has quit IRC		00:19
*** aimon has joined #puppet-openstack		00:22
*** xarses has quit IRC		00:24
*** aimon_ has joined #puppet-openstack		00:27
*** aimon has quit IRC		00:30
*** xingchao has joined #puppet-openstack		00:38
*** ibba has joined #puppet-openstack		00:42
*** yogesh-pc has quit IRC		00:49
*** tiswanso has joined #puppet-openstack		00:57
*** tiswanso has quit IRC		00:58
*** tiswanso has joined #puppet-openstack		00:58
*** zhangjn has joined #puppet-openstack		00:58
gildub	EmilienM, Hi - looks like CI is still broken, is that correct?	00:59
*** tiswanso_ has joined #puppet-openstack		00:59
*** yogesh-pc has joined #puppet-openstack		01:01
*** tiswanso has quit IRC		01:02
*** gildub has quit IRC		01:02
*** gildub has joined #puppet-openstack		01:03
*** sanjayu has joined #puppet-openstack		01:04
*** markvoelker has joined #puppet-openstack		01:06
*** zhangjn has quit IRC		01:07
EmilienM	gildub: yes	01:16
EmilienM	rdo servers	01:16
EmilienM	disk issues, etc... sad day	01:17
*** zhangjn has joined #puppet-openstack		01:36
*** aimon has joined #puppet-openstack		01:36
*** aimon_ has quit IRC		01:38
*** xarses has joined #puppet-openstack		01:40
*** xarses has quit IRC		01:44
openstackgerrit	Adam Vinsh proposed openstack/puppet-swift: Manage swift with swiftinit service provider https://review.openstack.org/203220	01:51
*** xingchao has quit IRC		01:57
gildub	EmilienM, ok, thanks	02:00
*** gildub has quit IRC		02:00
*** karume has joined #puppet-openstack		02:04
*** karume has quit IRC		02:09
vinsh	my review just went through all of CI	02:25
*** kindjal has quit IRC		02:25
vinsh	they all ran and passed, looks like repos might be working for rdo now	02:26
*** xingchao has joined #puppet-openstack		02:30
*** aimon_ has joined #puppet-openstack		02:33
*** mjblack has quit IRC		02:34
*** ducttape_ has quit IRC		02:35
*** aimon has quit IRC		02:36
*** mjblack has joined #puppet-openstack		02:36
*** gildub has joined #puppet-openstack		02:45
*** yogesh-pc has quit IRC		03:04
*** ducttape_ has joined #puppet-openstack		03:04
*** ducttape_ has quit IRC		03:09
*** ibba has quit IRC		03:10
*** ducttape_ has joined #puppet-openstack		03:12
*** ducttape_ has quit IRC		03:18
*** xarses has joined #puppet-openstack		03:21
*** xarses has quit IRC		03:21
*** xarses has joined #puppet-openstack		03:22
*** xarses has quit IRC		03:22
*** richm has quit IRC		03:30
*** karume has joined #puppet-openstack		03:53
*** karume has quit IRC		03:57
*** tiswanso_ has quit IRC		04:10
*** fedexo has joined #puppet-openstack		04:42
gildub	michchap_, xingchao, hi, please review https://review.openstack.org/213906 and https://review.openstack.org/213957	04:51
*** xingchao has quit IRC		05:15
*** xarses has joined #puppet-openstack		05:35
*** karume has joined #puppet-openstack		05:41
*** fedexo has quit IRC		05:42
*** karume has quit IRC		05:46
*** gfidente has joined #puppet-openstack		05:51
openstackgerrit	Michal Rostecki proposed openstack/puppet-glance: [DO NOT MERGE] CI check for stable/juno https://review.openstack.org/224436	06:02
*** xarses has quit IRC		06:08
*** xingchao has joined #puppet-openstack		06:11
nihilifer	hello	06:35
nihilifer	what stable branches we support?	06:36
nihilifer	I see that for almost all puppet-* project on stable branches, CI fails on tests for Puppet 4.0	06:36
nihilifer	I mean stable/juno and stable/icehouse	06:37
nihilifer	if we support these branches, I think we need to make some jobs non-voting for them	06:38
openstackgerrit	Michal Rostecki proposed openstack/puppet-glance: [DO NOT MERGE] CI check for stable/juno https://review.openstack.org/224454	06:48
*** stamak has joined #puppet-openstack		06:50
*** markvoelker has quit IRC		06:53
*** stamak has quit IRC		07:11
*** stamak has joined #puppet-openstack		07:15
*** jpena\|zzz is now known as jpena		07:23
*** stamak has quit IRC		07:23
*** sanjayu has quit IRC		07:34
openstackgerrit	zhangguoqing proposed openstack/puppet-keystone: Fix README about Setup https://review.openstack.org/224468	07:46
gildub	EmilienM, How to edit the wiki? I can't find the corresponding git repo.	07:48
spredzy	gildub, no repo https://wiki.openstack.org/wiki/Puppet	07:50
spredzy	top-right corner	07:50
spredzy	if that is what you were refering to	07:50
gildub	spredzy, yeah, darn scroll bar! Thanks	07:50
spredzy	yw :)	07:51
*** ibba has joined #puppet-openstack		07:53
*** markvoelker has joined #puppet-openstack		07:54
*** gildub has quit IRC		07:55
*** markvoelker has quit IRC		07:59
*** paramite has joined #puppet-openstack		08:07
*** stamak has joined #puppet-openstack		08:15
*** karume has joined #puppet-openstack		08:18
*** xarses has joined #puppet-openstack		08:18
*** xarses has quit IRC		08:19
*** xarses has joined #puppet-openstack		08:19
*** jistr has joined #puppet-openstack		08:20
*** karume has quit IRC		08:23
openstackgerrit	Michal Rostecki proposed openstack/puppet-glance: [DO NOT MERGE] Check CI on stable/juno https://review.openstack.org/224478	08:27
openstackgerrit	Athlan-Guyot sofer proposed openstack/puppet-keystone: New provider for keystone domain configuration. https://review.openstack.org/219289	08:29
openstackgerrit	Michal Rostecki proposed openstack/puppet-glance: [DO NOT MERGE] Check CI for stable/icehouse https://review.openstack.org/224482	08:33
*** derekh has joined #puppet-openstack		08:33
*** arnaud_orange has joined #puppet-openstack		08:42
*** paramite is now known as paramite\|afk		08:44
*** paramite\|afk is now known as paramite		08:46
openstackgerrit	Michael Polenchuk proposed openstack/puppet-nova: Avoid empty notification driver https://review.openstack.org/220448	08:47
*** xingchao has quit IRC		08:52
*** xingchao has joined #puppet-openstack		09:02
nihilifer	I proposed a patch for project-config to unlock stable branches https://review.openstack.org/#/c/224496/	09:04
*** paramite is now known as paramite\|afk		09:05
*** xingchao has quit IRC		09:05
*** xingchao has joined #puppet-openstack		09:06
*** xingchao has quit IRC		09:06
*** chandankumar has joined #puppet-openstack		09:18
*** paramite\|afk is now known as paramite		09:28
openstackgerrit	Ramkumar Gowrishankar proposed openstack/puppet-neutron: Support for Nuage Neutron plugin and Nuage VRS in puppet-neutron https://review.openstack.org/214798	09:36
*** arnaud_orange has quit IRC		09:41
*** arnaud_orange has joined #puppet-openstack		09:43
*** ddmitriev1 has quit IRC		09:43
*** igajsin has joined #puppet-openstack		09:55
*** markvoelker has joined #puppet-openstack		09:55
*** xingchao has joined #puppet-openstack		09:57
*** igajsin has left #puppet-openstack		09:57
openstackgerrit	Sebastien Badia proposed openstack/puppet-heat: Bump rspec-puppet to 2.1.0 https://review.openstack.org/224548	09:58
*** markvoelker has quit IRC		10:00
*** paramite is now known as paramite\|afk		10:05
openstackgerrit	Athlan-Guyot sofer proposed openstack/puppet-keystone: Resource keystone_identity_provider for Keystone. https://review.openstack.org/202689	10:06
*** chandankumar has quit IRC		10:55
*** timbyr_ has joined #puppet-openstack		11:02
*** timbyr_ has quit IRC		11:03
*** ferest has joined #puppet-openstack		11:06
*** ferest has quit IRC		11:10
openstackgerrit	Michal Rostecki proposed openstack/puppet-heat: Add an ability to manage use_stderr parameter https://review.openstack.org/223999	11:22
*** markvoelker has joined #puppet-openstack		11:26
*** dprince has joined #puppet-openstack		11:28
*** markvoelker has quit IRC		11:31
openstackgerrit	Michal Rostecki proposed openstack/puppet-heat: Bump rspec-puppet to 2.1.0 https://review.openstack.org/224582	11:31
openstackgerrit	Sebastien Badia proposed openstack/puppet-ceilometer: Bump rspec-puppet to 2.1.0 https://review.openstack.org/224583	11:31
openstackgerrit	Sebastien Badia proposed openstack/puppet-cinder: Bump rspec-puppet to 2.1.0 https://review.openstack.org/224585	11:37
*** danieru has quit IRC		11:37
*** ddmitriev1 has joined #puppet-openstack		11:39
*** xingchao has quit IRC		11:39
*** ibba has quit IRC		11:43
*** markvoelker has joined #puppet-openstack		11:47
*** jpena is now known as jpena\|lunch		11:47
*** paramite\|afk is now known as paramite		11:49
EmilienM	good morning	11:51
*** jayg\|g0n3 is now known as jayg		11:57
openstackgerrit	Sergey Kolekonov proposed openstack/puppet-neutron: Add retries to nova_admin_tenant_id_setter https://review.openstack.org/194673	11:58
openstackgerrit	Sergey Kolekonov proposed openstack/puppet-neutron: Add retries to nova_admin_tenant_id_setter https://review.openstack.org/194673	12:01
openstackgerrit	Michal Rostecki proposed openstack/puppet-keystone: Bump rspec-puppet to 2.1.0 https://review.openstack.org/224590	12:04
openstackgerrit	Michal Rostecki proposed openstack/puppet-nova: Bump rspec-puppet to 2.1.0 https://review.openstack.org/224591	12:08
sbadia	hi!	12:08
sbadia	nihilifer: thanks for the backports	12:08
nihilifer	sbadia: no problem :)	12:08
nihilifer	sbadia: what about icehouse? I respond to your comment in https://review.openstack.org/#/c/224582/	12:09
sbadia	nihilifer: but finnaly we decided to not check puppet4 in juno branch :D	12:10
sbadia	https://review.openstack.org/#/c/224397/	12:10
sbadia	EmilienM: ^	12:10
sbadia	nihilifer: oh sorry! I reviewed too fast… sorry…	12:10
sbadia	but the emilien patch will fix juno and icehouse :)	12:11
nihilifer	ah, I didn't see this patch	12:12
sbadia	me too ;-)	12:13
nihilifer	ok, I abandoned my patch to project-config	12:13
*** ducttape_ has joined #puppet-openstack		12:16
*** severion has joined #puppet-openstack		12:24
*** paramite is now known as paramite\|afk		12:25
EmilienM	nihilifer: which patch?	12:28
sbadia	EmilienM: https://review.openstack.org/#/c/224496/	12:28
EmilienM	sbadia: thx	12:28
*** rochaporto has joined #puppet-openstack		12:29
openstackgerrit	Michal Rostecki proposed openstack/puppet-nova: Bump rspec-puppet to 2.1.0 https://review.openstack.org/224591	12:29
*** markvoelker has quit IRC		12:31
*** ducttape_ has quit IRC		12:32
dprince	this would be helpful to TripleO https://review.openstack.org/#/c/223128/	12:34
*** paramite\|afk is now known as paramite		12:34
openstackgerrit	Emilien Macchi proposed openstack/puppet-openstack-integration: Disable SElinux on CentOS7 jobs https://review.openstack.org/224705	12:35
EmilienM	sbadia: outstading review for today ^	12:35
EmilienM	we wait for CI	12:35
EmilienM	and see if it works	12:35
EmilienM	social: ^	12:35
*** zhangjn has quit IRC		12:36
social	EmilienM: I think it should be in permissive for trunk by default	12:36
*** morazi has joined #puppet-openstack		12:37
EmilienM	social: one question - when disabled, are we still applying contexts ?	12:38
EmilienM	because Puppet test idempotency and if we are not applying contexts anymore, we would not be able to test Puppet idempotency when SElinux is enforced	12:39
*** ibba has joined #puppet-openstack		12:41
social	EmilienM: puppet should not be checking for contexts on selinux disabled systems, but we should just have enforcing set to 0 because we do want it to check for contexts	12:42
EmilienM	let me rephrase my question	12:42
social	in permissive mode it does set and check contexts	12:43
EmilienM	Puppet sometimes manage contexts by default, (File provider specificaly) - we can't really control that	12:43
EmilienM	last time, I had to patch puppetlabs-rabbitmq: https://github.com/puppetlabs/puppetlabs-rabbitmq/commit/0227f762070ffbbea3c28d6a60174de98fa4cc1c	12:44
EmilienM	because Puppet was trying to apply a (default) context, while packaging was trying to apply another one	12:44
EmilienM	which made Puppet run NON idempotent	12:44
EmilienM	we had SElinux enforced so I could detect it in our upstream CI	12:45
EmilienM	so my question is: will I still be able to detect that kind of thing if we disable SElinux?	12:45
* spredzy check the file type provider to see how it handles selinux param if SELinux is disabled on the host		12:46
social	EmilienM: disabling SELinux means turning it off, in that case no. What you do is turn off enforcing, SELinux is still present it just does not enforce eg if you do something forbidden it'll just log to audit log.	12:46
EmilienM	spredzy: it's about 'selinux_ignore_defaults' attribute	12:46
social	EmilienM: what you want is selinux in permissive mode - setenforce 0	12:46
EmilienM	social: so https://review.openstack.org/224705 will make all of us happy	12:47
social	EmilienM: exactly :)	12:47
*** dprince has quit IRC		12:47
EmilienM	1/ bring back our CI - 2/ do not deal with future SElinux issues - 3/ still test idempotency with contexts	12:47
EmilienM	the 3/ is very important, I'll run some tests today to make sure	12:48
EmilienM	I want our CI failing if contexts are differents in packaging & puppet	12:48
*** severion has quit IRC		12:50
spredzy	EmilienM, https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/selinux.rb#L16-L22	12:50
*** v1k0d3n has joined #puppet-openstack		12:50
EmilienM	mhh	12:50
EmilienM	that means it won't try to apply contexts I guess	12:50
spredzy	EmilienM, and https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/selinux.rb#L38	12:51
spredzy	that means is selinux is disabled it will puppet will just skip any selinux related operation	12:51
spredzy	s/is/if	12:51
EmilienM	which is not what we want	12:51
social	spredzy: but it's 3 states selinux disabled, selinux enabled with permissive, selinux enabled with enforcing	12:51
EmilienM	we still need to apply contexts	12:51
spredzy	EmilienM, sorry can you repeat the context I don't get it I was answering <EmilienM> social: one question - when disabled, are we still applying contexts ?	12:53
EmilienM	https://github.com/puppetlabs/puppetlabs-rabbitmq/commit/0227f762070ffbbea3c28d6a60174de98fa4cc1c	12:54
EmilienM	I created this patch ^^^^ because our Puppet OpenStack CI was down some time ago	12:54
spredzy	ok	12:54
EmilienM	and it was down because we install SElinux as enforced	12:54
EmilienM	and Puppet was applying a context X while packaging Y	12:54
EmilienM	it conflicted and Puppet runs were not idempotent	12:55
spredzy	ok	12:55
EmilienM	my question is: we are 'permissiving' SELinux now - are we going to be able to detect this kind of situation again?	12:55
EmilienM	I know it's very tricky - but I feel important to keep SElinux in the loop because our users strongly use it - so we might have an interest to make sure our modules can live with SElinux enforced	12:56
spredzy	EmilienM, yes, because even if permissive labels are actually created	12:56
spredzy	so puppet will still want to change the label if it doesn't match	12:56
openstackgerrit	Merged openstack/puppet-openstack-integration: run_tests: stop pinning tempest repo https://review.openstack.org/222621	12:57
spredzy	EmilienM, as long as we do not disable selinux labels are applied (with permissive they are just not enforced)	12:57
EmilienM	cool	12:57
*** pradk has joined #puppet-openstack		12:58
spredzy	social, ^ agree ?	12:58
EmilienM	spredzy: but in your code, I'm not sure it applies contexts in permissive mode	12:58
*** jpena\|lunch is now known as jpena		12:58
social	EmilienM: it does	12:58
EmilienM	ok	12:58
openstackgerrit	John Trowbridge proposed openstack/puppet-ironic: Add ironic-inspector support https://review.openstack.org/223690	12:58
spredzy	Normally enabled = (Enforcing, Permissive) disabled = disabled	12:59
EmilienM	ok	12:59
EmilienM	i'll test anyway :P	13:00
EmilienM	ouch, gate is busy today	13:00
vinsh	If the Gate had a Bar.. it would be more fun to hang out at.	13:04
EmilienM	vinsh: I would be drunk.	13:08
vinsh	:D	13:08
*** richm has joined #puppet-openstack		13:10
EmilienM	it works: https://jenkins06.openstack.org/job/gate-puppet-openstack-integration-dsvm-centos7/90/consoleFull	13:13
*** mattymo has quit IRC		13:18
*** mattymo has joined #puppet-openstack		13:23
*** su_zhang has joined #puppet-openstack		13:27
*** openstackgerrit has quit IRC		13:31
*** openstackgerrit has joined #puppet-openstack		13:32
*** tiswanso has joined #puppet-openstack		13:33
*** su_zhang has quit IRC		13:38
*** paramite is now known as paramite\|afk		13:38
degorenko	hello folks! EmilienM spredzy sbadia can you please review https://review.openstack.org/220090 , https://review.openstack.org/222142	13:40
sbadia	degorenko: done	13:42
sbadia	thanks!!	13:42
degorenko	sbadia, thank you :)	13:42
sbadia	np	13:43
mattymo_	sbadia, EmilienM spredzy what URL are you using when configuring adminURL for keystone endpoint?	13:43
openstackgerrit	John Trowbridge proposed openstack/puppet-ironic: Add ironic-inspector support https://review.openstack.org/223690	13:44
mattymo_	the same IP as internalUrl or publicUrl?	13:44
*** zhangjn has joined #puppet-openstack		13:45
*** zhangjn has quit IRC		13:45
*** su_zhang has joined #puppet-openstack		13:46
*** dprince has joined #puppet-openstack		13:46
*** zhangjn has joined #puppet-openstack		13:46
spredzy	mattymo, if I understand your question correctly this depends on your setup / network isolation level	13:49
spredzy	ie. Do you have one network for internal another for public and another for admin	13:49
spredzy	is it the same for everyone	13:49
spredzy	etc..	13:49
spredzy	degorenko, done	13:50
openstackgerrit	Sergey Kolekonov proposed openstack/puppet-neutron: Add parameters for Neutron QoS support https://review.openstack.org/216654	13:52
*** ibba has quit IRC		13:54
*** arnaud_orange has quit IRC		13:56
degorenko	spredzy, thanks, and about your comment, i'll do it but in next patch, because this one is revert :) https://review.openstack.org/#/c/222144	13:57
*** kindjal has joined #puppet-openstack		13:58
degorenko	spredzy, btw, we still have open discussion about include/require L)	13:58
degorenko	:)	13:58
*** arnaud_orange has joined #puppet-openstack		13:58
spredzy	degorenko, removed my -1, ok for adding this in another patch	13:59
spredzy	degorenko, I gave my opinion :) you should ping the other :p	13:59
degorenko	sbadia, one more request :D take a look on https://review.openstack.org/#/c/222144 please. What do you think about Yanis' comment in patch set 3	13:59
degorenko	spredzy, yep :P	13:59
degorenko	spredzy, one more patch :D https://review.openstack.org/#/c/220090/	14:00
degorenko	just was in merge conflict	14:00
EmilienM	spredzy, sbadia : please look https://review.openstack.org/#/c/224705/	14:01
*** ducttape_ has joined #puppet-openstack		14:02
spredzy	EmilienM, degorenko gone	14:03
spredzy	s/gone/done	14:03
spredzy	:)	14:03
degorenko	spredzy, thanks o/	14:03
mattymo_	spredzy, sorry I went AFK	14:05
*** EmilienM sets mode: +o mfisch		14:05
*** EmilienM sets mode: +o clayton		14:05
mattymo_	spredzy, I mean if you set adminUrl in public network, then you can do keystone user-create, user-list, tenant-list etc	14:05
*** EmilienM sets mode: +o mgagne		14:05
mattymo_	otherwise you must do keystone commands from a host inside internal network or from horizon	14:06
*** su_zhang has quit IRC		14:09
*** paramite\|afk is now known as paramite		14:09
openstackgerrit	Merged openstack/puppet-sahara: Revert "Fixed /etc/sahara handling" https://review.openstack.org/222142	14:13
*** ericpeterson has joined #puppet-openstack		14:20
*** ducttape_ has quit IRC		14:22
*** markvoelker has joined #puppet-openstack		14:26
openstackgerrit	Denis Egorenko proposed openstack/puppet-sahara: Revert "Fix Sahara installation for Ubuntu" https://review.openstack.org/222144	14:34
openstackgerrit	Denis Egorenko proposed openstack/puppet-sahara: Rely on autorequire for config resource ordering https://review.openstack.org/224762	14:34
degorenko	spredzy, ^	14:34
openstackgerrit	Merged openstack/puppet-openstack-integration: Disable SElinux on CentOS7 jobs https://review.openstack.org/224705	14:34
EmilienM	ok CI should be fixed now	14:35
openstackgerrit	Athanasios Douitsis proposed openstack/puppet-vswitch: Support for FreeBSD https://review.openstack.org/191523	14:35
*** richm has quit IRC		14:41
openstackgerrit	Iury Gregory Melo Ferreira proposed openstack/puppet-openstack-specs: Changes in enabling federation spec https://review.openstack.org/223777	14:46
*** skolekonov is now known as _skolekonov		14:47
*** ericpeterson has quit IRC		14:50
*** ducttape_ has joined #puppet-openstack		14:50
*** mdorman has joined #puppet-openstack		14:51
*** rochaporto has quit IRC		14:51
*** richm has joined #puppet-openstack		14:54
*** paramite has quit IRC		14:59
*** tiswanso has quit IRC		15:00
*** tiswanso has joined #puppet-openstack		15:01
*** sanjayu has joined #puppet-openstack		15:02
mattymo_	hey richm	15:04
openstackgerrit	Emilien Macchi proposed openstack/puppet-nova: Implement WSGI support for Nova API https://review.openstack.org/213315	15:13
*** angdraug has joined #puppet-openstack		15:20
richm	mattymo_: hello	15:21
mattymo_	richm, when you deploy keystone, do you set adminurl to be in internal network or public network?	15:23
*** zhangjn has quit IRC		15:25
*** zhangjn has joined #puppet-openstack		15:26
*** arnaud_orange has quit IRC		15:26
*** xingchao has joined #puppet-openstack		15:36
richm	mattymo_: "deploy keystone" - how? "set adminurl" - where?	15:40
richm	I'm not sure I understand the question	15:40
mattymo_	sorry I'm not clear	15:40
mattymo_	when deploying keystone service, you need to configure its service endpoints. one for internalurl, one for publicurl, one for adminurl	15:41
richm	ok	15:41
mattymo_	let's say my internal network is 192.168.0.0/24 and my public is 10.10.0.0/24 and public routes to the rest of my org	15:41
mattymo_	and interanl doesn't	15:41
mattymo_	internal*	15:41
mattymo_	if I set adminurl inside internal network, then keystone cli commands fail because they require the ability to reach the adminUrl endpoint	15:42
richm	I have no idea	15:42
mattymo_	oh ok	15:42
richm	You would have to talk to someone who actually does OpenStack deployments	15:42
mattymo_	oh, what do you usually do?	15:42
richm	The most I have ever done is a "deployment" using the puppet-keystone spec/acceptance tests, or using packstack for a very simple all-in-one, strictly for dev. testing purposes	15:44
richm	I am in no way qualified to be an operator	15:44
*** stamak has quit IRC		15:45
*** myatsenko has joined #puppet-openstack		15:50
*** chandankumar has joined #puppet-openstack		15:53
*** skolekonov has joined #puppet-openstack		15:56
*** aimon_ has quit IRC		15:57
*** LimorStotland has quit IRC		15:59
*** serg_melikyan has joined #puppet-openstack		16:01
*** sergmelikyan has quit IRC		16:05
*** zhangjn has quit IRC		16:07
*** ibba has joined #puppet-openstack		16:09
*** mdorman has quit IRC		16:22
*** tiswanso has quit IRC		16:24
*** tiswanso has joined #puppet-openstack		16:24
*** tiswanso has quit IRC		16:25
*** tiswanso has joined #puppet-openstack		16:25
*** linkedinyou has joined #puppet-openstack		16:30
*** serg_melikyan has quit IRC		16:32
*** sergmelikyan has joined #puppet-openstack		16:33
*** jistr has quit IRC		16:35
*** mdorman has joined #puppet-openstack		16:35
*** aimon has joined #puppet-openstack		16:38
*** jpena is now known as jpena\|away		16:40
*** fedexo has joined #puppet-openstack		16:41
*** timrc_ is now known as timrc		16:50
*** derekh has quit IRC		16:50
*** skolekonov has quit IRC		16:55
*** IBerezovskiy has quit IRC		16:55
*** serg_melikyan has joined #puppet-openstack		16:58
*** sergmelikyan has quit IRC		17:01
*** dprince has quit IRC		17:06
*** dprince has joined #puppet-openstack		17:08
*** serg_melikyan has quit IRC		17:08
*** sergmelikyan has joined #puppet-openstack		17:09
*** xingchao has quit IRC		17:11
*** angdraug has quit IRC		17:17
*** fedexo has quit IRC		17:17
*** chandankumar has quit IRC		17:20
*** ibba has quit IRC		17:22
*** xingchao has joined #puppet-openstack		17:26
*** sergmelikyan has quit IRC		17:26
*** sergmelikyan has joined #puppet-openstack		17:27
*** xingchao has quit IRC		17:27
*** sergmelikyan has quit IRC		17:47
*** sergmelikyan has joined #puppet-openstack		17:50
*** aimon has quit IRC		17:51
*** sergmelikyan has quit IRC		17:52
*** dprince has quit IRC		17:53
*** dprince has joined #puppet-openstack		18:05
imcsk8	EmilienM: some spec tests were failing for this patch https://review.openstack.org/#/c/221991 and i found that there are other parts of the puppet neutron module that try to configure the sriov driver: https://github.com/openstack/puppet-neutron/blob/master/manifests/plugins/ml2/mech_driver.pp my guess is to delete them but i wanted a second opnion before i send the patch	18:06
*** aimon has joined #puppet-openstack		18:10
*** chandankumar has joined #puppet-openstack		18:12
*** xarses has quit IRC		18:16
*** xingchao has joined #puppet-openstack		18:28
*** xarses has joined #puppet-openstack		18:37
*** dprince has quit IRC		18:37
mdorman	anybody know if there’s any work in flight to improve the new v3 keystone providers… right now for every keystone_user and keystone_user_role resource (I think), it’s doing a separate ‘keystone user list’ call. so on a system with a large number of users, this increases the run time for puppet substantially (adding 7-8 minutes to our runs, we have ~4000 users.)	18:47
mdorman	i can create a new bug if nobody else has looked at this. this used to be a problem with the previous providers, and we fixed it up so the user list was cached, so it’s kind of a regression on the v3 providers.	18:48
*** greghaynes has quit IRC		18:49
EmilienM	there is a bug about that	18:52
EmilienM	richm created it	18:52
EmilienM	https://bugs.launchpad.net/puppet-keystone/+bug/1493450	18:52
openstack	Launchpad bug 1493450 in puppet-keystone "bad indirection performance with openstack resources" [Medium,Confirmed]	18:52
EmilienM	mdorman: ^	18:52
*** ducttape_ has quit IRC		18:55
*** ducttape_ has joined #puppet-openstack		18:55
mdorman	awesome thanks	18:58
mdorman	probably should have googled/rtfm on that one myself :)	18:58
*** dprince has joined #puppet-openstack		19:00
EmilienM	mdorman: feel free to send a patch that fix it, I'm not sure richm is working on it atm	19:04
_ody	Did Hunner ever chime in on using the indirector for resource lookups? I took a look at the code and it looks to have never been intended for the use of providers looking up other resources.	19:08
*** delattec has joined #puppet-openstack		19:19
*** cdelatte has quit IRC		19:22
Hunner	sup?	19:23
Hunner	One thing I've done is cache the instances, then re-run on cache miss	19:25
*** chandankumar has quit IRC		19:26
EmilienM	_ody: fyi i updated the patch you reviewed about nova api/wsgi	19:26
*** _skolekonov has quit IRC		19:28
Hunner	It's in the f5 provider, so I can't link since it's a private repo, but https://gist.github.com/hunner/a1a4bf3505f78b3c94ca is the snippet	19:28
Hunner	worst case is still the same speed	19:29
*** yogesh-pc has joined #puppet-openstack		19:32
*** jfluhmann has joined #puppet-openstack		19:37
yogesh-pc	EmilienM: any idea to the issue that I was having after installing both the apache and horizon together in the single configuration setup?	19:42
*** delatte has joined #puppet-openstack		19:43
EmilienM	yogesh-pc: no idea	19:45
EmilienM	mfisch: have you tried already? ^	19:45
EmilienM	running keystone wsgi & horizon on the same node?	19:45
EmilienM	I don't see why it would fail	19:45
yogesh-pc	do I need to do anything to start the horizon service?	19:46
*** delattec has quit IRC		19:46
yogesh-pc	also I would like to access the admin permission and maybe try couple of openstack commands.. but i do not know how to do it	19:47
*** jpena\|away has quit IRC		19:47
openstackgerrit	Emilien Macchi proposed openstack/puppet-nova: Implement WSGI support for Nova API https://review.openstack.org/213315	19:49
yogesh-pc	i tried to source local.rc : http://paste.openstack.org/show/466753/	19:49
yogesh-pc	and i get following error:	19:50
yogesh-pc	http://paste.openstack.org/show/466754/	19:50
*** derekh has joined #puppet-openstack		19:51
EmilienM	mdorman: we are actually blocked by https://review.openstack.org/#/c/218059/	19:53
EmilienM	if anyone wants to review it go ahead ^	19:53
EmilienM	mdorman: can you share your manifest that create users/... resources and that takes time ? I would like to add it in our functional testing CI, it would be a good scenario - thanks	19:54
*** xingchao has quit IRC		19:55
*** ducttape_ has quit IRC		20:12
*** ericpeterson has joined #puppet-openstack		20:12
richm	EmilienM: mdorman: we could fix it now - the problem is that it is hideously complex to figure out which user is referenced in a keystone_user_role { 'username@...'	20:17
*** ericpeterson has quit IRC		20:17
*** ducttape_ has joined #puppet-openstack		20:17
openstackgerrit	Ivan Chavero proposed openstack/puppet-neutron: Split SR-IOV configuration file into driver and agent pieces https://review.openstack.org/221991	20:17
richm	The complexity will be reduced a great deal if we can ever figure out a way to deal with the name + domain naming issue	20:17
richm	so I'm reluctant to fix it, then fix it again	20:18
openstackgerrit	Iury Gregory Melo Ferreira proposed openstack/puppet-keystone: [WIP] Support for Keystone as Service Provider https://review.openstack.org/216821	20:20
*** derekh has quit IRC		20:21
openstackgerrit	Ivan Chavero proposed openstack/puppet-neutron: Split SR-IOV configuration file into driver and agent pieces https://review.openstack.org/221991	20:24
*** yogesh-pc has quit IRC		20:27
*** tiswanso has quit IRC		20:37
*** chem has quit IRC		20:42
*** chem has joined #puppet-openstack		20:43
*** jayg is now known as jayg\|g0n3		20:49
iurygregory	EmilienM, do you know a puppet lib to modify xml files? in the service provider i need to apply changes in the keystone configuration in Apache. =)	20:58
EmilienM	iurygregory: xml in keystone config?	20:59
iurygregory	keystone apache file	20:59
iurygregory	vhost etc	20:59
EmilienM	it's XML now?	20:59
iurygregory	i think is xml, it is not?	21:00
iurygregory	i need to modify under the <VirtualHost *:5000>	21:01
*** morazi has quit IRC		21:03
EmilienM	iurygregory: do you know puppetlabs-apache ?	21:04
iurygregory	just a little XD	21:04
EmilienM	i think you can everything you need with the module	21:06
EmilienM	and if you can't, submit a patch there	21:06
iurygregory	ok ^^	21:08
EmilienM	iurygregory: you need to create a vhost for what?	21:10
EmilienM	just by curiosity	21:10
mdorman	richm / EmilienM: our manifests wrt keystone_user and keystone_user_role are relatively simple… on the order of 10-20 keystone_user’s and approximately the same keystone_user_role’s. but the main issue is we have 4000+ users in our keystone backend LDAP	21:15
EmilienM	ouch	21:16
EmilienM	managed by puppet I suppose	21:16
*** gfidente has quit IRC		21:17
mdorman	what do you mean? all the openstack stuff is managed by puppet, but nod the backend AD/LDAP	21:17
EmilienM	mdorman: I meant the 4000 users	21:18
mdorman	yeah AD is the backend identity source for keystone. so a ‘keystone user list’ goes and gets that full list of thousands of users	21:18
EmilienM	ok	21:18
mdorman	anyway need to run now to pick up kids. back online later if you want to discuss more.	21:19
*** mdorman has quit IRC		21:19
EmilienM	I don't know if there is any performant tool to manage 4000 keystone users today	21:20
*** tiswanso has joined #puppet-openstack		21:22
*** aimon has quit IRC		21:23
EmilienM	mgagne: do you use puppet to manage all your users?	21:26
mgagne	EmilienM: what do you mean by "all" ?	21:26
EmilienM	mgagne: your public cloud users	21:26
*** tiswanso has quit IRC		21:26
mgagne	EmilienM: we don't manage our public cloud users, only services	21:27
EmilienM	mgagne: ok	21:27
*** dprince has quit IRC		21:27
mgagne	EmilienM: we are thinking about move away from puppet to manage our users. it's not very efficient. Puppet run takes forever to complete and I can't say having thousands of users will improve the situation over time.	21:30
EmilienM	mgagne: this is what we were discussing ^^^^^^^^^	21:30
mgagne	right	21:30
EmilienM	I'm curious which technology is faster	21:31
mgagne	the one that doesn't cache all users in memory :D	21:31
EmilienM	mgagne: are you willing to help us to improve puppet-keystone?	21:31
mgagne	EmilienM: unfortunately, I won't have time to invest before a long time (again)	21:32
EmilienM	sad for us	21:32
mgagne	EmilienM: yep. and although all the good promises here and there from me or my boss, there is nothing concret on that side.	21:33
richm	EmilienM: someone needs to take a look at http://lists.openstack.org/pipermail/openstack-dev/2015-September/074715.html - and see if we can do the same thing for keystone_user, etc.	21:34
mgagne	can't Puppet build a namevar from multiple properties? (not the resource title itself)	21:36
mgagne	because I feel a Puppet user should be able to do keystone_user { 'foobar': user => 'bar', domain => 'baz' } just fine	21:37
* EmilienM reading _ody's emaill		21:38
*** aimon has joined #puppet-openstack		21:51
*** tiswanso has joined #puppet-openstack		21:52
*** xingchao has joined #puppet-openstack		21:54
*** aimon_ has joined #puppet-openstack		21:55
*** aimon has quit IRC		21:58
*** xingchao has quit IRC		22:03
*** yogesh-pc has joined #puppet-openstack		22:09
*** mdorman has joined #puppet-openstack		22:19
*** richm has quit IRC		22:26
*** tiswanso has quit IRC		22:27
*** delatte has quit IRC		22:28
*** chem has quit IRC		22:30
*** yogesh-pc has quit IRC		22:37
*** ducttape_ has quit IRC		22:38
*** yogesh-pc has joined #puppet-openstack		22:38
*** ducttape_ has joined #puppet-openstack		22:39
*** richm has joined #puppet-openstack		22:40
*** ducttape_ has quit IRC		22:43
*** kindjal has quit IRC		22:52
*** gildub has joined #puppet-openstack		22:55
*** jfluhmann has quit IRC		23:10
*** mdorman has quit IRC		23:13
*** ducttape_ has joined #puppet-openstack		23:27
*** sergmelikyan has joined #puppet-openstack		23:33
*** markvoelker has quit IRC		23:36
*** v1k0d3n has quit IRC		23:40
*** v1k0d3n has joined #puppet-openstack		23:41
openstackgerrit	Merged openstack/puppet-neutron: ml2: Fix typo with ml2_srvio/supported_pci_vendor_devs param. https://review.openstack.org/214141	23:47
*** yogesh-pc has quit IRC		23:50
*** sergmelikyan has quit IRC		23:50
*** jfluhmann has joined #puppet-openstack		23:52

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!