Monday, 2014-06-30

« Sunday, 2014-06-29 Index Tuesday, 2014-07-01 »
*** openstack has joined #tripleo13:49
*** yfaykya has quit IRC13:50
*** robsparker has joined #tripleo13:50
*** yfaykya has joined #tripleo13:51
*** edmund has joined #tripleo13:53
*** pcrews has joined #tripleo13:55
*** yfaykya has quit IRC13:56
*** yfaykya has joined #tripleo13:57
openstackgerritStuart McLaren proposed a change to openstack/tripleo-incubator: Run the overcloud with an SSL enabled public IP  https://review.openstack.org/8509813:58
*** ramishra has joined #tripleo13:59
*** CaptTofu has joined #tripleo13:59
*** yfaykya has quit IRC14:02
*** yfaykya has joined #tripleo14:04
*** jang has quit IRC14:05
*** yfaykya has quit IRC14:08
*** yfaykya has joined #tripleo14:10
*** yfaykya has quit IRC14:14
*** yfaykya has joined #tripleo14:16
*** rwsu has joined #tripleo14:16
*** rdopieralski has quit IRC14:16
openstackgerritA change was merged to openstack/tuskar-ui: Update the pbr version  https://review.openstack.org/10339414:18
openstackgerritStuart McLaren proposed a change to openstack/tripleo-incubator: Run the overcloud with an SSL enabled public IP  https://review.openstack.org/8509814:18
*** yfaykya has quit IRC14:21
*** yfaykya has joined #tripleo14:22
*** yfaykya has quit IRC14:27
tzumainnjdob, heya, quick question - if I deploy a provider resource in a stack, the resource_type of that resource matches what's in the resource registry, right?14:28
*** yfaykya has joined #tripleo14:28
jdobyes14:29
jdobin the resource_registry:  Foo::Bar = bar.yaml14:29
jdobin the master template, the type of resource is Foo::Bar14:29
tzumainnokay - athomas, jcoufal ^ we can get the role mapping that way14:29
jdoband heat will bomb if you dont give it an environment it can use to resolve what the hell Foo::Bar is14:29
jdobtzumainn: you can't though, since that doesn't have the version14:30
jdobunless you shove the version info into the filename14:30
tzumainncrap14:30
tzumainnjdob, well, if the stack knows about the plan - and I think it has to - then it can derive that information, right?14:31
jdobderive what information/14:32
jdob?14:32
tzumainnthe role versions14:32
jdobno, in fact, the stack is gonna have even less of a clue14:32
jdobarguably, it's not even going to know about what roles it has14:32
jdobsince roles is just a tuskar concept14:32
*** yfaykya has quit IRC14:32
tzumainnwait14:32
* jdob waits14:33
tzumainneither a plan needs to know about the deployed stack, or the stack needs to know what plan deployed it - it's impossible to coordinate them otherwise14:33
jdobright, and we decided the stack should be able to point to the plan that created it14:34
tzumainnright, so if a stack knows the plan14:34
tzumainnthen in theory it can know what kind of roles it contains within it, right?14:34
*** yfaykya has joined #tripleo14:34
jdobin theory "it" meaning what, the plan?14:35
tzumainnno, the stack14:35
tzumainnbut through the plan14:35
jdobi'm totally not getting the context here14:35
jdobif the plan can know its role versions, then yes, thats all transitive14:35
tzumainngiven a stack, how do we know which roles are deployed on which nodes14:35
jdobstack -> plan -> roles and versions14:35
tzumainncurrently we do it by comparing image names14:35
jdobbut from your initial point, we can't just look at resource_registry in the plan to know the roles and versions14:35
TheJuliawin 314:36
jdobso for that chain to work, there has to be a way for the plan to know the roles and versions14:36
tzumainnjdob, which it does, according to the spec14:36
* TheJulia should just learn to use alt-3 instead of typing out window changes in her irc client14:36
tzumainnjdob, what's missing here is that I think this all means a plan needs to be versioned too14:36
jdobya, i agree14:37
jdobotherwise there's that disconnect14:37
jdobwhen the plan changes past the live stack14:37
jdobassuming we care to keep that relationship14:37
tzumainnI think we need to14:37
jdobi think I could see it argued either way14:37
tzumainnbecause the UI will need plan-level information regarding the deployment14:37
jdobbut it certainly wouldn't hurt to version the plans14:38
tzumainnbut it can't be a version per change, otherwise you'll have 5 different versions when you add four roles14:38
*** yfaykya has quit IRC14:39
tzumainnmeaning, unlike role and template, it seems to me that we have to have the UI explicitly tell the api to mark a new version or something14:39
tzumainnor make it read-only?14:40
jdobyou could tie the version to when you request the compiled heat templates14:40
tzumainnand any further changes automatically create a new version14:40
jdobcall that a "commit" sort of concept14:40
jdob<change><change><change><change> commit, version the plan, get templates, presumably make live14:40
jdob<change><change><change>14:40
*** yfaykya has joined #tripleo14:40
tzumainnso regardless of when that "commit" happens, I think it'd be sufficient to have a read only flag or something act as the commit14:41
jdobwhy a read-only flag instead of a version number?14:42
jdobwhat does the flag actually get us?14:42
tzumainnit act as a commit flag14:43
tzumainnbecause there are times when you don't want a new version of a plan14:44
tzumainni.e., when you're adding roles, messing with config parameters14:44
tzumainnand any update to the plan should be a true update14:44
tzumainnthen you set the read_only flag after, say, a deployment14:44
jdobthrough a separate REST API call?14:44
tzumainnand now any update to the plan creates a new version instead14:44
tzumainnif you don't want tuskar to operate directly with heat, I think it'd have to be14:45
jdobnot necessarily, you could key it off an event like downloading the templates, but i dont see a problem with a save operation too14:45
*** yfaykya has quit IRC14:45
*** jprovazn has quit IRC14:46
jdobi dont agree with the idea of slapping down a read-only flag, but I get the workflow you're going after14:46
*** yfaykya has joined #tripleo14:47
*** yfaykya has quit IRC14:51
*** yfaykya has joined #tripleo14:53
openstackgerritStuart McLaren proposed a change to openstack/tripleo-image-elements: stunnel: Allow CA certificate to be specified  https://review.openstack.org/8509914:54
*** yfaykya has quit IRC14:57
*** yfaykya has joined #tripleo14:59
*** sballe has joined #tripleo14:59
*** untriaged-bot has joined #tripleo15:00
untriaged-botUntriaged bugs so far:15:00
untriaged-bothttps://bugs.launchpad.net/tripleo/+bug/133458115:00
uvirtbotLaunchpad bug 1334581 in tripleo "os-collect-config.conf need support to Heat userdata" [Undecided,In progress]15:00
untriaged-bothttps://bugs.launchpad.net/tripleo/+bug/133504215:00
untriaged-bothttps://bugs.launchpad.net/tripleo/+bug/133510515:00
untriaged-bothttps://bugs.launchpad.net/tripleo/+bug/133501615:00
untriaged-bothttps://bugs.launchpad.net/tripleo/+bug/133364915:00
uvirtbotLaunchpad bug 1335042 in tripleo "diskimage-builder: extlinux installation failure" [Undecided,New]15:00
untriaged-bothttps://bugs.launchpad.net/diskimage-builder/+bug/133245815:00
uvirtbotLaunchpad bug 1335105 in tuskar-ui "Devtest init script: sourcing tripleorc fails" [Undecided,New]15:00
untriaged-bothttps://bugs.launchpad.net/diskimage-builder/+bug/133252115:00
uvirtbotLaunchpad bug 1335016 in tripleo "diskimage-builder fails for Debian" [Undecided,New]15:00
uvirtbotLaunchpad bug 1333649 in tripleo "/etc/hosts entries written by hosts element doesn't survive reboot" [Undecided,In progress]15:00
*** untriaged-bot has quit IRC15:00
uvirtbotLaunchpad bug 1332458 in diskimage-builder "Not able to build armhf or arm64 images on amd64 arch systems." [Undecided,In progress]15:00
uvirtbotLaunchpad bug 1332521 in diskimage-builder "failed to remove `/tmp/image.A2aupYJb/mnt/tmp/in_target.d': Device or resource busy" [Undecided,New]15:00
*** yfaykya has quit IRC15:04
*** yfaykya has joined #tripleo15:05
*** marun has joined #tripleo15:06
*** marun has quit IRC15:08
*** vinsh has joined #tripleo15:09
*** martyntaylor has quit IRC15:09
*** yfaykya has quit IRC15:09
*** yfaykya has joined #tripleo15:11
*** marun has joined #tripleo15:12
*** nati_ueno has joined #tripleo15:12
*** marun is now known as marun_afk15:14
*** ifarkas_ has quit IRC15:16
*** yfaykya has quit IRC15:16
*** yfaykya has joined #tripleo15:17
*** jcoufal has quit IRC15:18
*** lazy_prince is now known as killer_prince15:20
*** yfaykya has quit IRC15:22
*** andreaf_ has quit IRC15:23
*** yfaykya has joined #tripleo15:23
*** martyntaylor has joined #tripleo15:25
openstackgerritDerek Higgins proposed a change to openstack-infra/tripleo-ci: Use the pre-downloaded Fedora image  https://review.openstack.org/10356615:25
regebroAha... "Command output matched '(CREATE|UPDATE)_FAILED'. Exiting..." Did that mean that installing Devstack worked, or that it failed? :-)15:25
derekh_dprince: just trying that out ^ , I think the image build precaches the fedora image15:26
openstackgerritAdam Vinsh proposed a change to openstack/tripleo-image-elements: Add nova url to neutron.conf  https://review.openstack.org/10356815:26
*** yfaykya has quit IRC15:28
dprincederekh_: if it works I'd be happy to eliminate that call. It would be nice to have the nodepool pre-caching script use our Squid though15:28
dprincederekh_: should be do-able I think... although it might be worth putting in a squid-test function to set or unset it based upon whether an in-rack squid has been deployed15:29
*** yfaykya has joined #tripleo15:29
derekh_dprince: ya, although its a non tripleo thing, we could do it as you node in your original comment (i.e. in prepare_node_tripleo.sh ), actually my patch may not work at all , lets see15:31
derekh_s/node/note/15:31
*** rcarrill` has quit IRC15:32
*** rakesh_hs has quit IRC15:32
*** rcarrillocruz has joined #tripleo15:33
*** yfaykya has quit IRC15:34
*** yfaykya has joined #tripleo15:36
openstackgerritAdam Vinsh proposed a change to openstack/tripleo-image-elements: Add nova url to neutron.conf  https://review.openstack.org/10356815:36
*** yfaykya has quit IRC15:40
dprincederekh_: did you see https://review.openstack.org/#/c/102213/15:40
derekh_dprince: I hadn't, looking now15:42
*** yfaykya has joined #tripleo15:42
*** dsneddon has joined #tripleo15:43
*** beekneemech is now known as bnemec15:45
openstackgerritAdam Vinsh proposed a change to openstack/tripleo-image-elements: Add nova url to neutron.conf  https://review.openstack.org/10356815:45
*** yfaykya has quit IRC15:46
*** nati_ueno has quit IRC15:47
*** yfaykya has joined #tripleo15:48
*** athomas has quit IRC15:48
*** yfaykya has quit IRC15:52
*** yfaykya has joined #tripleo15:54
howleytHi, would there be any objections to splitting out the reset-db script of the boot-stack element and moving it into the related elements. e.g. cinder, nova, etc.?15:57
*** athomas has joined #tripleo15:57
*** yfaykya has quit IRC15:58
*** blamar has joined #tripleo16:00
*** yfaykya has joined #tripleo16:00
*** marun_afk is now known as marun16:00
*** pblaho has quit IRC16:02
*** yfaykya has quit IRC16:05
*** yfaykya has joined #tripleo16:06
*** rcarrillocruz has quit IRC16:11
*** yfaykya has quit IRC16:11
*** yfaykya has joined #tripleo16:12
*** IvanBerezovskiy has left #tripleo16:13
*** rcarrillocruz has joined #tripleo16:16
*** yfaykya has quit IRC16:17
*** yfaykya has joined #tripleo16:18
*** yfaykya has quit IRC16:23
*** yfaykya has joined #tripleo16:25
openstackgerritTzu-Mainn Chen proposed a change to openstack/tuskar-ui: Fixed docstrings to match api reorganization  https://review.openstack.org/10357916:29
*** yfaykya has quit IRC16:29
*** andreaf_ has joined #tripleo16:30
*** morganfainberg_Z is now known as morganfainberg16:30
*** yfaykya has joined #tripleo16:31
*** ccrouch has joined #tripleo16:31
openstackgerritNicholas Randon proposed a change to openstack/tripleo-incubator: Update configure-vm to use abspath and join.  https://review.openstack.org/10281616:33
openstackgerritNicholas Randon proposed a change to openstack/tripleo-incubator: Clean-up os-apply-config lines in devtest.  https://review.openstack.org/10128616:33
openstackgerritNicholas Randon proposed a change to openstack/tripleo-image-elements: Move masquerade host_ip to config.json  https://review.openstack.org/10128016:33
openstackgerritTzu-Mainn Chen proposed a change to openstack/tuskar-ui: Use util version of list_to_dict  https://review.openstack.org/10358016:33
*** martyntaylor has left #tripleo16:34
*** yfaykya has quit IRC16:35
*** yfaykya has joined #tripleo16:37
*** andreaf_ has quit IRC16:41
*** yfaykya has quit IRC16:42
*** dkehn__ has joined #tripleo16:42
*** yfaykya has joined #tripleo16:43
*** ramishra has quit IRC16:45
*** ramishra has joined #tripleo16:45
*** dkehnx has quit IRC16:45
*** yfaykya has quit IRC16:47
*** yfaykya has joined #tripleo16:49
*** ramishra has quit IRC16:50
*** yfaykya has quit IRC16:54
*** CaptTofu has quit IRC16:54
*** jtomasek has quit IRC16:55
*** yfaykya has joined #tripleo16:55
*** SpamapS_ is now known as SpamapS16:57
*** SpamapS has quit IRC16:57
*** SpamapS has joined #tripleo16:57
*** yfaykya has quit IRC17:00
*** yfaykya has joined #tripleo17:01
*** derekh_ has quit IRC17:05
*** yfaykya has quit IRC17:06
*** yfaykya has joined #tripleo17:07
*** yfaykya has quit IRC17:12
*** yfaykya has joined #tripleo17:13
*** nati_ueno has joined #tripleo17:14
*** Penick has joined #tripleo17:15
*** yfaykya has quit IRC17:18
*** yfaykya has joined #tripleo17:20
*** regebro has quit IRC17:20
*** yfaykya has quit IRC17:24
openstackgerritlifeless proposed a change to openstack/tripleo-image-elements: Fix issues with provider networks and public ips  https://review.openstack.org/10344917:24
*** yfaykya has joined #tripleo17:26
*** yfaykya has quit IRC17:30
*** yfaykya has joined #tripleo17:32
*** rcarrill` has joined #tripleo17:32
adam_g`lifeless, re 93844 i was never able to get as far as reproducing the issue. after  https://review.openstack.org/#/c/93083/ merged we dropped 93844 from our testing patch set and haven't run into the starvation issue at 30+ nodes17:33
*** rcarrillocruz has quit IRC17:34
*** yfaykya has quit IRC17:37
*** yfaykya has joined #tripleo17:38
*** pelix has quit IRC17:40
*** martyntaylor has joined #tripleo17:41
*** lucasagomes is now known as lucas-afk17:42
*** yfaykya has quit IRC17:42
lifelessadam_g`: huh, so where do we stand on that review then ?17:43
*** rdopieralski has joined #tripleo17:43
lifelesspcrews: hi, how goes it ?17:43
lifelessTheJulia: also hi - I just wanted to touch base and see if you'd settled in enough to get your hands dirty, metaphorically speaking17:44
*** yfaykya has joined #tripleo17:44
pcrewslifeless: hi.  good.  I finished the elastic-recheck patch and am about to push a new version of that ~*~&! log patch :)17:44
lifelesspcrews: cool17:44
*** rcarrillocruz has joined #tripleo17:45
*** rcarrill` has quit IRC17:45
*** edmund has quit IRC17:48
openstackgerritpatrick-crews proposed a change to openstack-infra/tripleo-ci: Alter how we grab and store machine files to use logstash indexing.  https://review.openstack.org/9925017:48
*** yfaykya has quit IRC17:49
*** rcarrillocruz has quit IRC17:49
*** rcarrillocruz has joined #tripleo17:50
*** yfaykya has joined #tripleo17:50
TheJulialifeless: Settled... not exactly, but I'm ready and willing to begin getting my hands dirty.  I've been looking through blueprints and trying to figure out where I could really get started at.17:52
adam_g`lifeless, lemme try one more round of focused testing and ill update review17:54
*** yfaykya has quit IRC17:54
*** rcarrillocruz has quit IRC17:56
*** edmund has joined #tripleo17:56
*** yfaykya has joined #tripleo17:56
openstackgerritlifeless proposed a change to openstack/tripleo-image-elements: Fix issues with provider networks and public ips  https://review.openstack.org/10344918:00
lifelessTheJulia: cool, so the first hands-dirty thing is to make sure you have a local dev environment - have you run through devtest locally (e.g. run devtest.sh and let it do its thing?)18:01
*** rcarrillocruz has joined #tripleo18:01
*** yfaykya has quit IRC18:01
TheJuliaI have, it runs quite nicely on my macbook18:02
*** yfaykya has joined #tripleo18:02
*** dkehn__ is now known as dkehnx18:03
lifelesscool18:05
lifelessso the next thing then is to pick a thing to push forward on; right now there are several intiatives happening18:06
lifelessHA18:06
lifelessupdate18:06
lifelessvlan support sufficient to get the hp1 and hp2 regions online18:06
lifelessmoving code from incubator to os-cloud-config to support tuskar18:06
lifelessand of course, tuskar itself18:06
lifelessset against a background of general as-needed improvements to ironic, heat, nova etc18:07
greghayneslifeless: https://review.openstack.org/#/c/83883/ HA patch18:07
*** yfaykya has quit IRC18:07
lifelessTheJulia: are any of those things more (or less :)) interesting to you?18:07
*** rcarrillocruz has quit IRC18:08
*** yfaykya has joined #tripleo18:09
*** yfaykya has quit IRC18:13
openstackgerritA change was merged to openstack/tripleo-heat-templates: Add galera clustering properties  https://review.openstack.org/8388318:14
greghaynes\O/18:14
lifelessNEXT18:14
lifeless:)18:14
*** yfaykya has joined #tripleo18:15
TheJulialifeless: Sorry, was typing a rather large message to Ng.  HA and vlan support seems interesting.  Update just seems big and scary to me when I know it shouldn't be. :)18:18
*** yfaykya has quit IRC18:19
*** andreaf_ has joined #tripleo18:20
lifelessTheJulia: ok, so vlan support has me and tchaypo working on right now and neither of us are particularly timezone sympatico with you; so you'd be a bit thrown-in-the-deep-end; HA has greg and jprovazn and me (a tteennyy bit) on it, which means you'd have solid overlap with folk breathing it every day.18:21
*** yfaykya has joined #tripleo18:21
lifelessTheJulia: I'd suggest jumping on HA, by asking greghaynes for the set of open reviews he tests with18:21
greghaynesThats a good question18:21
lifelessTheJulia: and then running through devtest_overcloud (e.g. keep a stable seed and run the overcloud directly against it using the HA patch sets)18:22
lifelessTheJulia: and pick a facet that isn't quite right, and poke at it18:22
lifelessTheJulia: (and use greghaynes as a mentor to get deeper into it all)18:22
*** andreaf_ has quit IRC18:23
TheJuliaSo greghaynes, about that question :)18:23
greghayneshttps://review.openstack.org/#/c/95101/, https://review.openstack.org/#/c/94609/, https://review.openstack.org/#/c/98709, https://review.openstack.org/#/c/94354/18:24
*** andreaf_ has joined #tripleo18:24
greghaynesI *think* thats it for overcloud_controlscale > 1 with no ssl18:24
*** jp_at_hp has quit IRC18:24
lifelessgreghaynes: you know what might be cool? a trello card or wiki page that ists the set of stuff to burn down18:25
TheJulia(That would be most excellent to have)18:25
greghayneshrm, ill trello18:25
*** yfaykya has quit IRC18:26
*** andreaf_ has quit IRC18:26
lifelessgreghaynes: there are cards in the current MVP about this :)18:26
greghaynesYep, seems like they could get broken out a bit18:26
*** rcarrillocruz has joined #tripleo18:27
lifelessgreghaynes: you can also create todo items within a card18:27
*** andreaf_ has joined #tripleo18:27
*** yfaykya has joined #tripleo18:27
greghaynesaha! thats what I was looking for18:27
lifelessgreghaynes: e.g. see https://trello.com/c/siJrd0BE/80-ha-db-percona-xtradb-cluster-to-start-with18:27
*** lsmola__ has joined #tripleo18:31
*** yfaykya has quit IRC18:31
*** martyntaylor has left #tripleo18:32
*** yfaykya has joined #tripleo18:33
openstackgerritlifeless proposed a change to openstack/tripleo-specs: Also bind public services to a dedicated VIP  https://review.openstack.org/10015118:34
greghaynesTheJulia: ok, added some TODO's to the top 3 cards on https://trello.com/b/0jIoMrdo/tripleo18:36
greghayneswhich are super MVP'ey18:36
*** yfaykya has quit IRC18:37
greghaynespretty sure there does not exist any kind of work done on HAProxying mysql clients18:37
greghaynesand the rest have patches up18:37
lifelesstchaypo: https://trello.com/c/fTNQfscE/105-restore-vlan-support-for-public-apis may help lay things out a little - work items pulled together18:38
lifelessgreghaynes: is the galera intra-cluster communication on the same port clients talk to ?18:39
*** yfaykya has joined #tripleo18:39
*** shadower has quit IRC18:41
*** dtantsur has quit IRC18:41
*** jprovazn has joined #tripleo18:42
*** shadower has joined #tripleo18:42
*** dtantsur has joined #tripleo18:43
greghayneslifeless: I dont think so18:44
greghayneslooks like 456718:44
*** yfaykya has quit IRC18:44
greghaynesAsking for ssl?18:44
lifelessno, making sure when we put haproxy in front of mysql we dont' break the cluster18:44
greghaynesah, looks like 4567 is for replication18:44
greghaynesI am confused because I dont see the iptables rule for this though18:44
*** jang has joined #tripleo18:45
greghaynesop, nvm, found it18:45
greghayneselements/mysql-common/os-refresh-config/pre-configure.d/97-mysql-galera-iptables18:45
*** yfaykya has joined #tripleo18:45
TheJuliaCan somebody add me to the trello board? juliakreger18:49
TheJuliawell, the tripleo team18:49
*** yfaykya has quit IRC18:50
*** lsmola__ has quit IRC18:50
lifelessTheJulia: done, I think18:50
*** andreaf has quit IRC18:51
TheJuliagreghaynes: good to know re: mysql... I now have a challenge!18:51
*** yfaykya has joined #tripleo18:51
*** andreaf has joined #tripleo18:52
greghaynessweet18:53
TheJulialifeless: Thank you, it looks good18:53
*** lucas-afk is now known as lucasagomes18:53
*** lucasagomes has left #tripleo18:53
*** rcarrill` has joined #tripleo18:56
*** yfaykya has quit IRC18:56
*** yfaykya has joined #tripleo18:58
*** rcarrillocruz has quit IRC18:58
*** yfaykya has quit IRC19:02
*** jang1 has joined #tripleo19:03
*** lsmola__ has joined #tripleo19:03
*** yfaykya has joined #tripleo19:04
SpamapSshadower: hey thanks for picking up the "compute all hosts matrix once" patch :)19:06
*** adam_g` is now known as adam_g19:07
*** yfaykya has quit IRC19:08
*** lsmola__ has quit IRC19:08
*** yfaykya has joined #tripleo19:10
lifelessdprince: ohai - netcnofig spec reviewed19:11
*** nati_ueno has quit IRC19:11
dprincelifeless: ack, let me check it out.19:12
*** nati_ueno has joined #tripleo19:12
*** yfaykya has quit IRC19:15
*** yfaykya has joined #tripleo19:16
*** bnemec has quit IRC19:18
*** rcarrill` has quit IRC19:20
*** yfaykya has quit IRC19:21
*** bnemec has joined #tripleo19:21
*** morazi has quit IRC19:22
*** yfaykya has joined #tripleo19:22
*** dshulyak_ has quit IRC19:22
*** rcarrillocruz has joined #tripleo19:26
lifelessdprince: I realised today that testing vlans in CI will require the ability to do two static ips on the sewed19:26
*** yfaykya has quit IRC19:26
lifelessdprince: one for the untagged lan and one for the vlan; so I'm thinking to do some explicitly unsupported hack19:26
lifelessdprince: in the interim until the new shiny comes along19:26
lifelessdprince: what do you think ?19:27
dprincelifeless: I think that sounds reasonable. sewed?19:27
lifelessseed19:28
dprincelifeless: ah, seed. yes19:28
openstackgerritGregory Haynes proposed a change to openstack/os-cloud-config: Make keystone_pki less keystone specific  https://review.openstack.org/10363719:28
lifelessspecifically I need to do ensure-bridge and set a static IP on the bridge and a static IP on a vlan port19:28
* vinsh makes lifeless less specific19:28
*** yfaykya has joined #tripleo19:28
greghayneshehe19:28
lifelessdprince: ok, so I'll document a hacky not-supported thing and let it die when the new shiny comes together19:29
lifelessdprince: btw dunno if you saw my mail - you -2'd the mac setting thing, I'm hoping you can reconsider19:29
lifelessbbiaw19:29
*** julim has quit IRC19:30
*** morazi has joined #tripleo19:31
dprincelifeless: I suppose I'd like to understand a bit more why this is happening I guess. Having to hard code the MAC on the bridge means we are duplicating information19:32
*** yfaykya has quit IRC19:33
*** julim has joined #tripleo19:33
dprincelifeless: I'd rather not have to push a MAC address override in via heat metadata. Especially when the intent is that it should just work19:33
*** yfaykya has joined #tripleo19:34
lifelessdprince: oh I think you misunderstand - its not via heat metadata; its picking up the MAC of the ethernet card19:35
lifelessdprince: which is the one it should use19:35
*** amitpp has joined #tripleo19:35
*** mestery has joined #tripleo19:36
lifelessdprince: but we're going to have something similar turn up when doing bonding19:38
lifelessdprince: chuckC has a draft spec for neutron to support bonding metadata - specifically to enable boot from degraded state19:38
lifelesschuckC: have you pushed that up to gerrit ?19:39
*** yfaykya has quit IRC19:39
greghayneshttps://review.openstack.org/#/c/95101/ the new docs checking is awesome19:39
*** panda has quit IRC19:39
greghaynestchaypo: ^19:39
*** panda has joined #tripleo19:39
*** yfaykya has joined #tripleo19:40
dprincelifeless: ah, I see. But it *could* be via heat metadata too. Perhaps I was thinking about the new spec implementation of this already.19:42
dprincelifeless: I always sort of considered this an advanced option I guess. I hate to see us use it as our default... (especially since I see no reason for it on Fedora at this point)19:42
*** yfaykya has quit IRC19:45
*** yfaykya has joined #tripleo19:47
dprincelifeless: So in the case where one adds multiple physical NICs onto a bridge we'd need a way for the bridge config to know which MAC to choose. Right now that logic is in OVS because it selects the MAC for us (based on standard bridge behavoir/logic)19:48
dprincelifeless: honestly, would it be possible to move this one commit out of that patch series? It seems to be a different issue... I hate that the VLAN fix is blocked due to it19:50
*** yfaykya has quit IRC19:51
tchaypogreghaynes: You creepy19:51
dprincelifeless: I do like it better that we won't have to set the MAC via heat metadata though. Thanks for pointing that out. Still would like to understand some things on this myself though19:52
*** yfaykya has joined #tripleo19:53
*** bcrochet has quit IRC19:54
*** nati_ueno has quit IRC19:55
*** markmc has quit IRC19:55
*** nati_ueno has joined #tripleo19:55
tchaypogreghaynes: i had literally just rolled out of bed when i got the notification that you mentioned me. IT's like you were watching me19:56
*** yfaykya has quit IRC19:57
*** bcrochet has joined #tripleo19:57
chuckClifeless: not yet.  Had a question for you first.19:58
chuckClifeless: has anyone considered using dhcp client_id instead of mac address?19:58
*** yfaykya has joined #tripleo19:59
tchaypod19:59
*** julim has quit IRC20:00
tchaypod20:00
*** julim has joined #tripleo20:02
tchaypoI need to get coffee beans today. Cannot survive mornings without them.20:02
*** yfaykya has quit IRC20:03
*** dsneddon has quit IRC20:04
greghaynestchaypo: :)20:05
tchaypogreghaynes: i was going to say that the one thing I don't like so much about it is that the errors refer to a line in the generated .rst, and it's not always immediately clear which line of the .sh that corresponds to20:05
tchaypobut you managed to find an error that's new and special and completely clear. Well done sir!20:05
*** yfaykya has joined #tripleo20:05
*** yfaykya has quit IRC20:09
*** yfaykya has joined #tripleo20:11
lifelesschuckC: if you get it up we can get more eyeballs; no, I don't think they have. Its an interesting idea20:13
*** amitpp has quit IRC20:14
openstackgerritJames Polley proposed a change to openstack/tripleo-incubator: Generate overcloud keystone keys/certs  https://review.openstack.org/9510120:15
*** morazi has quit IRC20:15
*** yfaykya has quit IRC20:16
*** dsneddon has joined #tripleo20:16
*** yfaykya has joined #tripleo20:17
greghaynestchaypo: Not sure I agree with that ^20:17
greghaynesI dont see why we need to have that doc in our list20:17
tchaypoI was thinking it might make more sense to split out our TOC20:18
greghaynesWell, why not just make it so that doc doesnt match the glob20:18
tchaypoat the moment it's a list of links; i feel like it would make sense to group README.rst and devtest.rst into "overview" or "start here" or something20:18
tchaypothis would be part of a new "developer interest only" section20:19
greghaynesthe point of those docs is someone can run these scripts manually-ish, and someone can do that without common_functions being added to the TOC20:19
greghaynesah20:19
tchaypochanging the glob would be another option, but then you would have people looking at the docs for the bigger scripts unable to find out what the common functions did20:20
greghaynesIMO maybe do that in its own patch or somesuch20:20
greghaynesWhy not just change the filename20:20
tchaypowithout looking at the source. which should be fairly readable.20:20
chuckClifeless: I'll post it today, probably later20:20
greghaynes(I made a comment about that on that review)20:20
*** jang1 has quit IRC20:21
*** yfaykya has quit IRC20:22
*** yfaykya has joined #tripleo20:23
tchaypogreghaynes: oh look, you did too. I read that earlier but thought you were talking about the check-tripleo-undercloud-precise failure.20:24
openstackgerritKiall Mac Innes proposed a change to openstack/diskimage-builder: Remove a few more `lsb_release -is` calls  https://review.openstack.org/10365120:25
*** e0ne has joined #tripleo20:26
*** yfaykya has quit IRC20:28
*** e0ne has quit IRC20:28
tchaypogreghaynes: the cleanest rename is probably to just drop the .sh20:28
*** morazi has joined #tripleo20:29
*** yfaykya has joined #tripleo20:29
openstackgerritJames Polley proposed a change to openstack/tripleo-incubator: Generate overcloud keystone keys/certs  https://review.openstack.org/9510120:31
openstackgerritKiall Mac Innes proposed a change to openstack/tripleo-image-elements: Remove a few more `lsb_release -is` calls  https://review.openstack.org/10365220:31
*** yfaykya has quit IRC20:34
*** yfaykya has joined #tripleo20:36
*** e0ne has joined #tripleo20:36
*** yfaykya has quit IRC20:40
openstackgerritJames Polley proposed a change to openstack/tripleo-incubator: Tidy/prettify/segregate the master toctree  https://review.openstack.org/10365620:41
*** yfaykya has joined #tripleo20:42
*** e0ne has quit IRC20:42
tchaypohttp://docs-draft.openstack.org/56/103656/1/check/gate-tripleo-incubator-docs/1cbaa63/doc/build/html/20:44
tchayponot bad for a pre-caffiene tweak20:44
*** jprovazn has quit IRC20:45
tchaypolifeless: my dreams this morning will help too - I think they helped me figure out how the parts of work tie together.20:45
*** yfaykya has quit IRC20:46
* tchaypo heads out to address the 'feen situation20:47
*** yfaykya has joined #tripleo20:48
*** vinsh has quit IRC20:48
*** dprince has quit IRC20:51
*** yfaykya has quit IRC20:53
*** yfaykya has joined #tripleo20:54
*** yfaykya has quit IRC20:58
*** jdob has quit IRC20:59
*** weshay has quit IRC20:59
*** untriaged-bot has joined #tripleo21:00
untriaged-botUntriaged bugs so far:21:00
untriaged-bothttps://bugs.launchpad.net/tripleo/+bug/133458121:00
untriaged-bothttps://bugs.launchpad.net/tripleo/+bug/133504221:00
untriaged-bothttps://bugs.launchpad.net/tripleo/+bug/133510521:00
untriaged-bothttps://bugs.launchpad.net/diskimage-builder/+bug/133593221:00
untriaged-bothttps://bugs.launchpad.net/tripleo/+bug/133501621:00
uvirtbotLaunchpad bug 1334581 in tripleo "os-collect-config.conf need support to Heat userdata" [Undecided,In progress]21:00
untriaged-bothttps://bugs.launchpad.net/tripleo/+bug/133364921:00
uvirtbotLaunchpad bug 1335042 in tripleo "diskimage-builder: extlinux installation failure" [Undecided,New]21:00
untriaged-bothttps://bugs.launchpad.net/diskimage-builder/+bug/133245821:00
uvirtbotLaunchpad bug 1335105 in tuskar-ui "Devtest init script: sourcing tripleorc fails" [Undecided,New]21:00
uvirtbotLaunchpad bug 1335932 in diskimage-builder "/bin/dib-run-parts fails for spanish locale" [Undecided,New]21:00
untriaged-bothttps://bugs.launchpad.net/diskimage-builder/+bug/133252121:00
uvirtbotLaunchpad bug 1335016 in tripleo "diskimage-builder fails for Debian" [Undecided,New]21:00
uvirtbotLaunchpad bug 1333649 in tripleo "/etc/hosts entries written by hosts element doesn't survive reboot" [Undecided,In progress]21:00
*** untriaged-bot has quit IRC21:00
uvirtbotLaunchpad bug 1332458 in diskimage-builder "Not able to build armhf or arm64 images on amd64 arch systems." [Undecided,In progress]21:00
uvirtbotLaunchpad bug 1332521 in diskimage-builder "failed to remove `/tmp/image.A2aupYJb/mnt/tmp/in_target.d': Device or resource busy" [Undecided,New]21:00
*** yfaykya has joined #tripleo21:00
*** edmund1 has joined #tripleo21:02
*** yamahata has joined #tripleo21:02
*** edmund has quit IRC21:02
*** yfaykya has quit IRC21:04
*** yfaykya has joined #tripleo21:06
*** davidlenwell_ is now known as davidlenwell21:07
*** ChanServ sets mode: +v davidlenwell21:08
*** yfaykya has quit IRC21:11
*** yfaykya has joined #tripleo21:12
*** yfaykya has quit IRC21:16
*** akrivoka has quit IRC21:18
*** yfaykya has joined #tripleo21:18
*** julim has quit IRC21:21
*** yfaykya has quit IRC21:23
*** yfaykya has joined #tripleo21:25
*** dsneddon has quit IRC21:26
*** nati_uen_ has joined #tripleo21:27
*** EntropyWorks_ has joined #tripleo21:28
*** dsneddon has joined #tripleo21:28
*** rcarrill` has joined #tripleo21:28
*** panda__ has joined #tripleo21:28
*** yamahata__ has joined #tripleo21:29
*** yfaykya has quit IRC21:29
*** ccrouch1 has joined #tripleo21:29
*** Daviey_ has joined #tripleo21:30
*** yfaykya has joined #tripleo21:31
*** jogo_awa1 has joined #tripleo21:31
*** Shrews_ has joined #tripleo21:32
*** edmund has joined #tripleo21:34
*** EntropyWorks has quit IRC21:34
*** EntropyWorks_ is now known as EntropyWorks21:34
*** panda has quit IRC21:34
*** rcarrillocruz has quit IRC21:34
*** ubuntu has joined #tripleo21:35
*** nati_ueno has quit IRC21:35
*** Shrews has quit IRC21:35
*** jogo_away has quit IRC21:35
*** kevinbenton has quit IRC21:35
*** zaro has quit IRC21:35
*** Daviey has quit IRC21:35
*** juice has quit IRC21:35
*** yamahata has quit IRC21:35
*** greghaynes has quit IRC21:35
*** edmund1 has quit IRC21:36
*** ccrouch has quit IRC21:36
*** Daviey_ is now known as Daviey21:36
*** ubuntu is now known as Guest3744521:36
*** yfaykya has quit IRC21:36
*** kevinbenton has joined #tripleo21:36
*** yfaykya has joined #tripleo21:37
*** juice has joined #tripleo21:37
*** hewbrocc` is now known as hewbrocca21:38
*** yfaykya has quit IRC21:41
openstackgerritClint 'SpamapS' Byrum proposed a change to openstack/diskimage-builder: Last ditch effort to correct a wrong shasum.  https://review.openstack.org/8808421:42
*** blamar has quit IRC21:43
*** yfaykya has joined #tripleo21:43
*** jang has quit IRC21:43
openstackgerritGregory Haynes proposed a change to openstack/os-cloud-config: Make keystone_pki less keystone specific  https://review.openstack.org/10363721:44
*** greghaynes has joined #tripleo21:44
*** yfaykya has quit IRC21:47
*** yfaykya has joined #tripleo21:49
*** yfaykya has quit IRC21:53
*** yfaykya has joined #tripleo21:55
*** andreaf_ has quit IRC21:56
*** chuckC has quit IRC21:58
*** yfaykya has quit IRC22:00
tchaypofeen.22:00
*** dsneddon has quit IRC22:01
*** yfaykya has joined #tripleo22:01
*** dsneddon_ has joined #tripleo22:02
*** dsneddon_ is now known as dsneddon22:02
*** panda__ is now known as panda22:05
*** panda is now known as Guest7006722:05
*** yfaykya has quit IRC22:07
*** yfaykya has joined #tripleo22:07
*** Guest70067 is now known as panda22:08
*** Penick has quit IRC22:10
*** yfaykya has quit IRC22:12
*** yfaykya has joined #tripleo22:14
*** yfaykya has quit IRC22:19
*** yfaykya has joined #tripleo22:20
*** yfaykya has quit IRC22:24
*** yfaykya has joined #tripleo22:26
*** rdopieralski has quit IRC22:27
openstackgerritJames Polley proposed a change to openstack/tripleo-heat-templates: Have HAProxy bind to the public IP as well as the internal IP  https://review.openstack.org/10303922:27
*** morazi has quit IRC22:27
*** yfaykya has quit IRC22:30
*** blamar has joined #tripleo22:32
*** yfaykya has joined #tripleo22:32
*** yfaykya has quit IRC22:36
*** yfaykya has joined #tripleo22:38
*** rlandy has quit IRC22:41
*** yfaykya has quit IRC22:43
*** yfaykya has joined #tripleo22:44
*** yfaykya has quit IRC22:49
*** yfaykya has joined #tripleo22:50
greghaynesStevenK: you around?22:51
lifelessok, little break then onto hacks to get vlans in the seed22:51
greghayneslifeless: https://review.openstack.org/#/c/95101/822:51
lifelessgreghaynes: ready for +2 you think?22:52
greghaynesYes (I just did)22:53
greghaynesI do think itd be nice to make it more general since were making other keys22:53
greghayneser, since we have to make other certs22:53
greghaynesbut that can happen in a later patch22:54
lifelessso the discussion I had with jprovazn seems to have had no impact, turned that into a -122:55
*** yfaykya has quit IRC22:55
greghaynesah, some backscroll I should read up on?22:55
lifelesscouple days ago yeah22:56
*** yfaykya has joined #tripleo22:56
greghaynesWhat do you mean by autogenerating?22:57
greghaynesjust always assume we need to gen them?22:58
lifelessuse their presence in the heat env as the flag to gen them or not.22:58
greghaynesok, makes sense22:58
greghaynesSince we need to gen a handful of certs, we need to decouple the gen ca / gen cert scripts I think, when doing this though im unclear why we have the python in os-cloud-config for genning these rather then just running openssl directly22:59
lifelesstuskar23:00
greghaynesoh. that.23:00
lifelessthe other cert we generate is the local API cert?23:01
SpamapSJun 30 22:41:44 host-192-168-1-122 nova-compute[3549]: 2014-06-30 22:41:43.738 3549 TRACE nova.virt.baremetal.virtual_power_driver Stderr: 'Calling /usr/bin/virsh destroy "baremetalbrbm2_2" \nerror: Failed to destroy domain baremetalbrbm2_2\nerror: Failed to terminate process 8389 with SIGKILL: Device or resource busy\n'23:01
SpamapSknown failure?23:01
greghaynesyes, and soon certs for internal replication23:01
*** yfaykya has quit IRC23:02
lifelessgreghaynes: will they be a ca too? or just a cert23:02
lifelesswe might want a spec about how many ca's we create :)23:02
greghaynesI was wondering why we ever do more than one CA?23:02
greghaynesseems like sharing a CA for seed/over/under cloud would be fine23:02
*** yfaykya has joined #tripleo23:03
greghaynesobviously we have to support specifing a different CA per service, but we just can use the same one all over23:03
lifelessmmm23:04
lifelessso seed+under is one security domain23:04
lifelessover is a different one23:04
lifelessI think we should take care not to conflate them23:04
SpamapSYeah there are people who are excited about the separation we already have there.23:05
greghaynesSure, my thinking is that this is all self-signed anyways so the separation doesnt really add anything.23:05
SpamapSself signed doesn't have a shared CA.. so ??23:06
SpamapSyou mean "same CA signed" ?23:06
lifelessgreghaynes was suggesting we make one self signed root CA23:06
lifelessand use that in the keystone in all three clouds23:06
*** weshay has joined #tripleo23:06
*** yfaykya has quit IRC23:07
lifelessI think the issue there is that we might fail to correctly copy in the right cert and not notice because in test we had them all the same23:07
lifelessso it seems like a correctness risk we don't need to take23:07
greghaynesthat fair23:07
greghayneser, thats23:08
greghaynesWhat about per-service then?23:08
*** TravT has joined #tripleo23:08
lifelesswell23:08
lifelessdo we need CA's23:08
lifelessor keys23:08
lifelesskeystone is a CA23:08
lifelessit issues keys.23:08
*** yfaykya has joined #tripleo23:09
greghayneshuh.. I assumed that wasnt possible because were not passing in the CA private key anywhere23:09
lifelesswe may find keystone is utterly broken then :)23:10
greghaynesfun23:10
SpamapSkeystone issues signed tokens23:11
lifelessbut a moments consideration - PKI tokens23:11
lifeless:)23:11
*** yfaykya has quit IRC23:13
greghaynesyes, im not finding anywhere that keystone can issue a cert23:15
*** yfaykya has joined #tripleo23:15
lifelessso tokens are made in  keystone/token/providers/pki.py23:16
lifelesswhich calls out to keystoneclient to sign the token23:16
lifelesstaking the cert and the keyfile23:16
greghaynesYes, so that sounds like a signature using keystone's cert23:17
SpamapSusing keystones key23:17
SpamapSbut yes23:17
*** chuckC has joined #tripleo23:17
morganfainbergS/MIME != certificates, but is a function of x509 (CMS)23:18
morganfainbergand it uses certs (x509)23:18
lifelessso thats using the private key, no ?23:18
lifelessI guess not the CA's private key23:18
greghaynesexactly23:18
morganfainberglifeless, the key and the cert23:18
lifelessmorganfainberg: see backscroll for context23:18
lifelessmorganfainberg: the question at hand is how many CA's we want23:18
morganfainberglifeless, this was the use the same CA for all clouds?23:19
lifelessmorganfainberg: and how many certs23:19
morganfainberglifeless, right23:19
morganfainberglifeless, if you want to verify tokens from one cloud to the other, the certs must be the same23:19
*** openstackgerrit has quit IRC23:19
*** yfaykya has quit IRC23:19
morganfainberglifeless, i don't think that is what you want23:20
morganfainberglifeless, but a single CA could service all three clouds (not sure how you're manging the CA)23:20
*** openstackgerrit has joined #tripleo23:20
morganfainbergs/three/any number really/23:20
morganfainbergunless you're concerned about compromise of the CA, a single CA might be easier.23:20
morganfainbergbut i would still go separate certs per cloud.23:21
greghaynesIf we wanted to do it "really right"(tm) I think we sub-ca per cloud, that might be a bit overkill in complexity23:21
lifelessso23:21
morganfainberggreghaynes, right23:21
*** yfaykya has joined #tripleo23:21
lifelessright now we do selfsigned cert per cloud23:21
lifelesswe need to add more certs23:21
lifelessgalera replication23:21
greghaynesselfsigned CA23:21
lifelessrabbit23:21
lifelessAPI endpoint23:21
morganfainbergok, then a self-signed CA sounds like the best bet23:22
lifelessexternally we care about CA for the API endpoint only23:22
morganfainbergor a CA per cloud23:22
lifelesssince its the only one that clients will verify23:22
morganfainbergright, you can publish the CA cert as needed.23:22
lifelesssupplying one's own token for keystone isn't a feature23:22
morganfainbergfor adding to the chain.23:22
lifelesss/token/cert/23:22
morganfainbergfor validate reasons tha tis23:22
*** yamahata__ has quit IRC23:23
lifelessgreghaynes: so I think we probably have enough complexity here that this warrants a spec and operator eyeballs.23:23
greghaynesok23:23
lifelessgreghaynes: my inclination is to suggest we want a CA for seed+undercloud and a CA for each overcloud23:23
lifelessgreghaynes: with separate certs per controller node for the replication stuff; a common cert for all controllers for keystone since it sounds like thats a limitation there.23:24
morganfainberglifeless, greghaynes, with the number of certs you're talking about, that makes sense23:24
lifelessgreghaynes: if the user doesn't supply certs for API endpoints, we should generate the ourselves, from a separate CA23:24
lifelessgreghaynes: IMNSHO23:24
greghaynesYes, I agree23:24
greghaynesThat could plug in well with how companies internal PKI is setup - they may want to just gen a sub-ca per overcloud and then have us gen the certs from that23:25
greghaynesor at least ive heard of people wanting similar setups for things like puppet23:25
lifelessyah23:25
*** yfaykya has quit IRC23:26
*** yfaykya has joined #tripleo23:27
*** yfaykya has quit IRC23:31
*** yfaykya has joined #tripleo23:33
*** xuhaiwei has joined #tripleo23:37
*** yfaykya has quit IRC23:37
*** yfaykya has joined #tripleo23:39
*** weshay has quit IRC23:41
*** yfaykya has quit IRC23:44
*** bkero has quit IRC23:44
*** yfaykya has joined #tripleo23:45
*** yfaykya has quit IRC23:50
*** yfaykya has joined #tripleo23:52
*** yfaykya has quit IRC23:57
*** yfaykya has joined #tripleo23:58
openstackgerritJames Slagle proposed a change to openstack/tripleo-incubator: Update write-tripleorc  https://review.openstack.org/9728423:58
openstackgerritJames Slagle proposed a change to openstack/tripleo-incubator: Add vars to devtest_variables.sh  https://review.openstack.org/9728323:58
« Sunday, 2014-06-29 Index Tuesday, 2014-07-01 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!