Thursday, 2015-11-12

« Wednesday, 2015-11-11 Index Friday, 2015-11-13 »
*** sdake has joined #kolla00:01
*** tpot has joined #kolla00:02
*** sdake has quit IRC00:03
*** cloudnautique has quit IRC00:06
*** sdake has joined #kolla00:07
*** sacharya has joined #kolla00:11
*** achanda has joined #kolla00:15
*** sacharya has quit IRC00:15
*** achanda has quit IRC00:35
*** tzn has quit IRC00:47
*** diogogmt has quit IRC00:48
*** tzn has joined #kolla01:05
*** ssurana has quit IRC01:09
*** tzn has quit IRC01:09
*** sdake has quit IRC01:10
*** signed8bit_ZZZzz is now known as signed8bit01:15
*** akwasnie1 has joined #kolla01:25
*** mbound has quit IRC01:26
*** weiyu has joined #kolla01:31
*** signed8bit is now known as signed8bit_ZZZzz01:37
*** akwasnie1 has quit IRC01:38
*** akwasnie1 has joined #kolla01:40
*** akwasnie1 has quit IRC01:40
*** sacharya has joined #kolla01:54
*** sdake has joined #kolla01:56
*** sacharya has quit IRC01:59
*** diogogmt has joined #kolla02:13
*** signed8bit_ZZZzz is now known as signed8bit02:13
*** rhallisey has quit IRC02:14
*** sdake has quit IRC02:15
*** tzn has joined #kolla02:16
*** stvnoyes has quit IRC02:21
*** stvnoyes has joined #kolla02:21
*** mbound has joined #kolla02:26
*** mbound has quit IRC02:31
*** sdake has joined #kolla02:44
*** achanda has joined #kolla02:54
*** cemmason has joined #kolla02:55
*** dims has quit IRC02:57
*** weiyu has quit IRC03:00
*** dims has joined #kolla03:07
*** cloudnautique has joined #kolla03:07
*** cemmason has quit IRC03:08
*** cemmason has joined #kolla03:08
*** weiyu has joined #kolla03:09
*** cloudnautique has quit IRC03:12
*** signed8bit has quit IRC03:14
*** dims has quit IRC03:14
*** dims has joined #kolla03:16
*** weiyu has quit IRC03:23
sdakehttp://sdake.io/2015/11/11/the-tldr-on-immutable-infrastructure/03:23
*** dims has quit IRC03:25
*** weiyu has joined #kolla03:27
*** sdake has quit IRC03:39
*** sdake has joined #kolla03:40
*** mbound has joined #kolla04:23
*** mbound has quit IRC04:27
*** weiyu has quit IRC04:37
*** achanda has quit IRC05:04
*** sacharya has joined #kolla05:19
*** weiyu_ has joined #kolla05:20
*** weiyu_ has quit IRC05:34
asalkeldsdake: seems like lots of people in openstack are all for modifing config "on the go"05:36
asalkeldat least a subset of the config - some really makes sense05:36
asalkeldpersonally i am happy with immutable software, less so much config05:37
sdakeimo that is becuasse htey dont know about ummutaiblity05:37
asalkeldmeh05:37
sdakemdoif yconfig o nthe go - restart containre with new config05:39
sdakesame outome05:40
sdakeone with immutabuiltiy one iwthout05:40
asalkeld"same outcome"05:40
*** achanda has joined #kolla06:05
openstackgerritMichal Rostecki proposed openstack/kolla-mesos: [WIP] Using DCOS library for Marathon  https://review.openstack.org/24445506:07
*** weiyu has joined #kolla06:09
*** achanda has quit IRC06:10
*** achanda has joined #kolla06:15
*** tpot has quit IRC06:18
*** gfidente has quit IRC06:21
*** gfidente has joined #kolla06:22
*** gfidente has quit IRC06:22
*** gfidente has joined #kolla06:22
*** ryansb_ has joined #kolla06:26
*** ryansb_ has quit IRC06:26
*** ryansb_ has joined #kolla06:26
*** ryansb has quit IRC06:26
*** ryansb_ is now known as ryansb06:26
openstackgerritMichal Rostecki proposed openstack/kolla-mesos: [WIP] Using DCOS library for Marathon  https://review.openstack.org/24445506:33
nihiliferguys, I created a bp regarding ZK https://blueprints.launchpad.net/kolla/+spec/zookeeper06:40
nihiliferto use it in all commits regarding ZK06:40
asalkeldnihilifer: ok, i thought we were using the "mesos" bp, but doesn't worry me either way06:45
*** jasonsb has quit IRC06:49
*** jasonsb has joined #kolla06:51
*** sacharya has quit IRC06:54
*** jasonsb has quit IRC06:55
*** tfukushima has joined #kolla07:13
*** kejlly_ has joined #kolla07:16
*** kjelly has quit IRC07:18
*** tfukushima has quit IRC07:19
*** achanda has quit IRC07:20
*** kejlly_ is now known as kjelly07:20
*** jasonsb has joined #kolla07:20
*** tfukushima has joined #kolla07:22
openstackgerritMichal Rostecki proposed openstack/kolla: [WIP] Add ZooKeeper support in kolla-ansible  https://review.openstack.org/24447407:22
*** jasonsb has quit IRC07:25
nihiliferhow we should install kazoo? pip or packages?07:29
nihiliferor pip for source, packages for binary?07:30
sdakethe current answer is virtualenv nh07:34
sdakenihilifer ping - see PMs pleae07:42
sdakefor centos binary - pleae use binary pakages07:46
*** slotti has joined #kolla07:46
sdakei want to stamp otu any remaining pip in binry installs07:46
*** sacharya has joined #kolla07:55
*** sacharya has quit IRC07:59
*** tzn has quit IRC08:10
openstackgerritSteven Dake proposed openstack/kolla: Drop root privileges for mariadb  https://review.openstack.org/24348008:13
*** egonzalez has joined #kolla08:13
nihilifer@sdake: ok, thx08:22
*** sdake has quit IRC08:24
*** sdake has joined #kolla08:25
*** kproskurin has joined #kolla08:35
*** tzn has joined #kolla08:42
*** achanda has joined #kolla08:47
*** tzn has quit IRC08:47
*** sdake has quit IRC08:49
*** sdake has joined #kolla08:49
*** mbound has joined #kolla08:51
*** sdake has quit IRC09:00
*** mbound has quit IRC09:01
*** sdake has joined #kolla09:07
*** tfukushima has quit IRC09:26
*** tfukushima has joined #kolla09:30
*** achanda has quit IRC09:34
*** mbound has joined #kolla09:38
*** tzn has joined #kolla09:43
*** alisonh has quit IRC09:45
SamYaplemorning people09:45
*** openstackgerrit has quit IRC09:46
*** openstackgerrit has joined #kolla09:46
*** sdake has quit IRC09:46
kjellymorning09:49
nihilifermorning SamYaple09:49
*** tzn has quit IRC09:49
*** weiyu has quit IRC09:50
nihiliferSamYaple (or any other Ansible experts too): do you know any good practices how to write tests for Ansible modules?09:53
*** weiyu has joined #kolla09:53
nihiliferwe aldready have hundreds of Python code as modules and the number will grow09:54
nihiliferso I'm thinking how we can cover it by init tests09:54
SamYaplenihilifer: no09:58
SamYapleno good way to write tests09:58
SamYapleansible does some horrible things to that module file09:58
nihiliferbtw, I'm suffering because of all this imports with "*" which we have to use with Ansible09:59
SamYaplenihilifer: you know thats a requirement?10:00
nihiliferyes, I know10:00
SamYapleits that crazy?10:01
nihiliferso I can by only sad about it ;)10:01
nihiliferbe*10:02
*** alisonh has joined #kolla10:04
*** mbound has quit IRC10:05
*** mbound has joined #kolla10:07
SamYaplenihilifer: https://github.com/ansible/ansible/blob/devel/lib/ansible/executor/module_common.py#L9610:10
SamYapleisnt that awful10:10
nihiliferomg. why they're doing it to us?10:11
SamYapleits so bad10:11
SamYaplethe first time i saw that i just wanted to throw up10:11
nihiliferwhy we cannot just import modules and objects we need10:11
nihiliferlike a human beings? :P10:11
SamYaplebecause they actually rewrite that file10:12
SamYaplethey inject about 1000 lines of code into that file after the fact10:12
SamYapleits not an import10:12
SamYaplethat "import" is a marker to replace a bunch of lines10:12
nihiliferah, ok, I see10:13
SamYaplebasically that "python file" is only a section of python code, like a jinja2 template10:14
SamYaplenihilifer: do you know how to debug the ansible stuff?10:15
*** openstackgerrit has quit IRC10:16
*** pbourke has quit IRC10:16
nihiliferSamYaple: I usually use ansible with ANSIBLE_REMORE_FILES, putting pdb in that file and run it10:16
*** openstackgerrit has joined #kolla10:16
nihiliferdunno about any better way10:16
*** pbourke has joined #kolla10:17
SamYaplenihilifer: you mean ANSIBLE_KEEP_REMOTE_FILES ?10:17
nihiliferANSIBLE_KEEP_REMOTE_FILES*10:17
SamYapleyea10:17
nihiliferyes10:17
SamYapleyea thats a good way to do it10:17
SamYaplehave you ever used rpdb?10:17
nihiliferyes10:17
SamYaplei tend to use that, cut out the file copy middle man10:18
nihiliferrpdb sound good for debugging your own modules10:18
nihiliferbut no idea how to use it for debugging standard Ansible modules10:19
SamYaplewell there are two kinds of "modules"10:19
SamYapleaction plugins, and actual modules10:19
SamYapleaction plugins run on the deployment host side (template and copy are action plugins)10:19
SamYaplemodules run on the destination side10:19
SamYaplethe _modules_ can all me compied so you have a local clone of them10:20
SamYaplebe*10:20
SamYapleso if you want to debug the docker module, just copy it into your libraries directory10:20
SamYaplethen your playbooks will use that version of the docker module and you can edit it like it was your own10:20
*** sacharya has joined #kolla10:21
nihilifersounds good, thanks for this tip10:22
*** sacharya has quit IRC10:25
*** sdake has joined #kolla10:25
openstackgerritMerged openstack/kolla: Drop root for Horizon service  https://review.openstack.org/24340010:30
openstackgerritMerged openstack/kolla: Move the mariadb expect code to a script  https://review.openstack.org/24347910:31
openstackgerritMerged openstack/kolla: Added Ubuntu support for Vagrant  https://review.openstack.org/24363510:31
SamYapleHow would everyone feel if we allowed build.py to just print a summary and log each indvidual containers log to an actual file?10:31
SamYapleas optional behaviour10:31
SamYaplein the gate I want just a summary and then a directory with all the logs10:32
kproskurinI acttulay though about same thing. Current build.py logging is kinda bad10:33
kproskurinI’d make it default behaviour10:33
SamYaplekproskurin: its way better than it was before :D10:34
SamYapleas for making it default behaviour, well see... probably not though10:34
SamYaplethe issue is where would those logs go for default behaviour?10:34
SamYaple/var/logs? then build.py would require elevated permissions10:34
kproskurinCurrent one is useless. If you dont add | tee -a or something you cant really read all logs anyway10:34
SamYaplesee above10:35
kproskurinIf we talking about using build.py from git repo - I’d put them in users home OR in /tmp/10:36
kproskurinif tools was instelled by pip - I’d create a dir like /var/log/kolla-tools/build or something10:36
SamYaplekproskurin: neither of those places are an FHS place for logs10:37
kproskurinvar/log not  FHS place for logs?..10:38
SamYapleoh im sorry I read that as /lib10:38
*** jmccarthy has joined #kolla10:38
kproskurin:-D10:38
SamYapleno that would be fine10:38
kproskurinBut still, I consider using build.py from git as a “temp action” so /tmp is fine, imo. But we sould encourage users to install pip tools10:40
kproskurinkolla tools by pip, I mean10:40
*** sdake has quit IRC10:41
*** sdake has joined #kolla10:41
openstackgerritMerged openstack/kolla: Fix --retries option to kolla-build  https://review.openstack.org/24344910:43
openstackgerritSam Yaple proposed openstack/kolla: Convert gate to Ansible setup  https://review.openstack.org/24453810:45
*** tzn has joined #kolla10:46
weiyuHi Sam Yaple,  I opened a bug again   https://bugs.launchpad.net/kolla/+bug/146989110:49
openstackLaunchpad bug 1469891 in kolla "some cinder services enter restarting state" [High,New] - Assigned to Ryan Hallisey (rthall14)10:49
*** tzn has quit IRC10:51
SamYapleweiyu: no its a new bug. and its a bug with packaging for RDO10:56
SamYapleand im 100% we will run into it again10:56
*** tfukushima has quit IRC10:56
*** sdake has quit IRC10:57
*** sdake has joined #kolla10:57
*** alisonh has quit IRC10:58
weiyuMaybe we can fix it, Like this https://review.openstack.org/#/c/189974/510:59
SamYapleweiyu: this was already fixed, and the the packages were updated and the fix was removed11:00
SamYaplethe solution here is to not use rdo11:00
SamYaplethat packaging is alwasy going to be busted11:00
SamYapleyou cant package 5 minutes behind trunk11:01
*** alisonh has joined #kolla11:04
openstackgerritMerged openstack/kolla-mesos: Add a simplistic bootstrap script to install mesos (AIO)  https://review.openstack.org/24291111:07
openstackgerritVladislav Belogrudov proposed openstack/kolla: Add playbook for hosts pre-deployment checks (ports, files)  https://review.openstack.org/23988211:11
weiyuSample:  Rdo already repair the cinder dependencies?11:12
*** sdake has quit IRC11:13
*** sdake has joined #kolla11:13
*** dims_ has joined #kolla11:14
*** weiyu has quit IRC11:14
openstackgerritVladislav Belogrudov proposed openstack/kolla: Add playbook for hosts pre-deployment checks (ports, files)  https://review.openstack.org/23988211:18
*** jasonsb has joined #kolla11:23
*** jasonsb has quit IRC11:28
*** sdake has quit IRC11:29
*** tzn has joined #kolla11:46
*** tzn has quit IRC11:51
*** weiyu_ has joined #kolla12:12
*** weiyu_ has quit IRC12:15
*** v1k0d3n has quit IRC12:40
*** rhallisey has joined #kolla12:42
*** sacharya has joined #kolla12:45
*** tzn has joined #kolla12:47
*** sacharya has quit IRC12:49
*** tzn has quit IRC12:52
kproskurinSamYaple: Will you do build.py change regarding loging?13:02
openstackgerritMerged openstack/kolla: Drop root privileges for mariadb  https://review.openstack.org/24348013:13
SamYaplekproskurin: eventually I will have too13:15
SamYapleif you are offering to implement something yo uare welcome too13:15
SamYaplevbel: are you avaialble to talk about the precheck tasks for a moment?13:16
kproskurinSamYaple: I just dont want to dublicate work13:16
vbelSamYaple: yes, sure13:16
SamYapleIm just looking at the pattern that is going on where you specify the dict of variabels and then loop over them13:17
SamYapleIt doesn't seem like its saving any tpying and im wondering if it would be better to just be listing out each task13:17
SamYapleThat way there is not a seperate task for failures13:17
SamYapleYouve done more with it than me, have you tested just having a task per check?13:18
vbelyes, it is possible too. Also wait_for will be ok, otherwise I cannot get status from it13:18
vbelthat's why i used other utilities because they give status in results13:18
SamYaplesure but using shell is actually not best practice for ansible13:19
SamYaplewhich is why we removed it from Kolla13:19
vbelyes, true. I will stick to simple loop.13:19
*** dims_ has quit IRC13:24
vbelSamYaple, I will make a new patchset with this approach13:25
*** jasonsb has joined #kolla13:25
*** dims has joined #kolla13:26
*** jasonsb has quit IRC13:29
SamYapleok vbel thanks for the chat13:30
mandreSamYaple: +1 on splitting the build logs per image13:33
mandrei have a preference for /tmp but you can put them in /var/log for the pip installed kolla if you really want to13:33
*** dwalsh has joined #kolla13:35
*** diogogmt has quit IRC13:37
*** diogogmt has joined #kolla13:40
*** sdake has joined #kolla13:46
openstackgerritDiogo Monteiro proposed openstack/kolla: Get kolla path from settings when provisioning box  https://review.openstack.org/24467013:57
*** weiyu_ has joined #kolla14:00
*** diogogmt has quit IRC14:01
*** sdake has quit IRC14:02
openstackgerritVladislav Belogrudov proposed openstack/kolla: Add playbook for hosts pre-deployment checks (ports, files)  https://review.openstack.org/23988214:04
SamYaplemandre: i dont think it should be default14:05
SamYaplemandre: the way i planned it for the gate was to have a logdir option, so i could direct the logs to the proper place14:05
*** sdake has joined #kolla14:06
*** cemmason has quit IRC14:13
SamYapleanyone with centos know why the gate is hanging on ssh?14:14
SamYapleis there some firewall rules preventing connecting to your own ip over ssh?14:14
SamYapleie: if i setup the appropriate keys can I connect to the ip on a local interface over ssh on centos by default?14:14
*** cemmason has joined #kolla14:15
vbelSamYaple, I can rename service_ports to just ports, service_files to files in vars. Wonder if there will be unclear for anyone?14:17
SamYaplei think looping over all the items would be confusing since it doesn't actually save any lines of code14:18
SamYaplefor example if you had a named task per port yo uwere checking you wouldn't need all those loops14:18
SamYaplebut im not sure if you discovered a downside to that approach14:18
vbelSamYaple: I have submitted patchset with one task per check14:20
vbeljust wonder on naming of dictionaries14:21
*** sdake has quit IRC14:21
vbelit works this way too14:21
*** sdake has joined #kolla14:22
vbelSamYaple, or you mean different thing like just not using dicts14:22
SamYaplevbel: yes building dicts14:22
SamYapleits not clear to me the benefit they provide but they do add complexity14:22
*** dwalsh has quit IRC14:22
vbeli see14:23
*** weiyu_ has quit IRC14:26
*** dwalsh has joined #kolla14:27
*** itsuugo has joined #kolla14:30
vbelSamYaple, I will submit one more patchset, without dicts. Will take me some time14:32
openstackgerritSam Yaple proposed openstack/kolla: Move USER operation after footer  https://review.openstack.org/24468414:37
*** sdake has quit IRC14:37
*** sdake has joined #kolla14:38
SamYaplevbel: if you find it doesn't work for whatever reason, just make a comment as to why its not a good idea or why the current implementation is better even though it has a bit more added complexity14:38
SamYaplejust some comment explaining why the implemenation was chosen over the traditional ansible tasks14:38
vbelSamYaple: ok14:41
*** itsuugo has quit IRC14:43
*** tzn has joined #kolla14:47
*** tzn has quit IRC14:48
vbelSamYaple, there are 50 port checks, each uses 7 lines without loop (350), with loop: dict 4 * 50 + 7  (207+)14:50
vbeljust wanted to save time and separate logic from data :)14:51
*** ssurana has joined #kolla14:51
*** sdake has quit IRC14:53
SamYaplevbel: what what information does it fail with? anything sepcific about that task? or just the prot number?14:54
*** ashishjain has joined #kolla14:55
vbelfailed: [control01] => (item={'interface': u'enp0s3', 'name': 'Keystone Public', 'hostgroup': 'keystone', 'port': u'5000'}) => {"elapsed": 1, "failed": true, "item": {"hostgroup": "keystone", "interface": "enp0s3", "name": "Keystone Public", "port": "5000"}}14:55
vbelmsg: Timeout when waiting for 192.168.10.10:5000 to stop.14:55
vbelso it has interface or address, port, host group and name14:55
vbelyou mean we can save on "- name"14:56
*** ashishjain has joined #kolla14:56
vbelok, 50 port checks * 6 lines14:56
SamYaplevbel: im not worried about a few extra lines, im trying to figure out readability here14:58
SamYaplewhich one is esiest to read and understand14:58
SamYaplethe looping thing isn't complicated, but its not immdeidiately understandable14:58
vbelyes, it gives a lot of skipped at least14:59
*** dwalsh has quit IRC14:59
*** dims has quit IRC15:01
*** jasonsb has joined #kolla15:01
vbelSamYaple, with normal task it is:15:02
vbelTASK: [prechecks | Checking Keystone Admin port] ******************************15:02
vbelskipping: [control02]15:02
vbelfailed: [control01] => {"elapsed": 1, "failed": true}15:02
vbelmsg: Timeout when waiting for 192.168.10.10:35357 to stop.15:02
*** dims has joined #kolla15:07
*** diogogmt has joined #kolla15:07
*** diogogmt has quit IRC15:07
*** diogogmt has joined #kolla15:10
*** tzn has joined #kolla15:12
*** tzn has quit IRC15:15
*** dwalsh has joined #kolla15:15
*** ssurana has quit IRC15:16
*** signed8bit has joined #kolla15:18
*** ssurana has joined #kolla15:21
*** dwalsh has quit IRC15:34
*** sdake has joined #kolla15:35
*** tzn has joined #kolla15:35
*** sdake_ has joined #kolla15:39
*** sdake has quit IRC15:39
sdake_rhallisey note debuntian has a idifferent path to chmod15:40
*** tzn has quit IRC15:40
rhalliseyoh really15:40
rhalliseyI'm still having an issue with:15:40
rhallisey%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R rabbitmq\: /var/lib/rabbitmq15:40
rhalliseythat doesn't give privileges15:41
sdake_on centos that works15:42
sdake_on ubunt yu need /bin/chown15:42
SamYaple/bin/chown15:42
SamYapleda15:42
rhalliseydoesn't work for me15:42
rhalliseystill asking for a pw15:42
SamYaplerhallisey: do you have a patchset?15:43
*** sdake has joined #kolla15:43
rhalliseyno. I thought we don't like wip patches15:43
SamYaplei was just asking to see what you are talking about15:44
rhalliseyk15:44
SamYaplei dont think we have a problem with them...15:44
rhalliseywill just post it15:44
SamYaplei do them15:44
sdakewip pathes are fine15:44
sdakeas slong as they ar done being wip they are marked as such15:44
ashishjainSamYaple: Hi15:45
SamYaple14:15:38 < SamYaple> anyone with centos know why the gate is hanging on ssh?15:45
SamYaple14:15:54 < SamYaple> is there some firewall rules preventing connecting to your own ip over ssh?15:45
SamYaple14:16:20 < SamYaple> ie: if i setup the appropriate keys can I connect to the ip on a local interface over ssh on centos by default?15:45
SamYaplesdake: ^15:45
SamYapleashishjain: hi15:45
sdakeSamYaple yes that works on my box15:45
ashishjainSamYaple: I am trying to setup kolla aio on my laptop and it has got only network interface. I am trying the use the dummy interface as in https://github.com/openstack/kolla/blob/master/tests/deploy_aio.sh#L2815:46
sdakeSamYaple dont know why gat would hang on ssh no15:46
SamYaplesdake: ok thanks15:46
ashishjainHowever I observe that their are some issues with setting up the external network wherein I am unable to ping the router15:46
SamYaplesdake: https://review.openstack.org/#/c/244538/ patch in question15:46
ashishjainand even unable to ssh into the VM15:46
sdakeSamYaple which gte shoudl i look at15:47
SamYapleashishjain: yea the dummy interface like the gate is using doesn't have external connectivity at all15:47
SamYaplesdake: the ones that are failing :P15:47
*** sdake_ has quit IRC15:47
SamYaplethey all fail the same way15:47
SamYapleashishjain: the dummy interface is only there to ensure the ansible stuff deployed. the gate is a WIP and im rewritting the network stuff there.15:48
ashishjainSamYaple: Okay so that means it is not possible to simulate floatingip address at all?15:48
SamYapleashishjain: you definetely don't want to be following the gate around15:48
SamYapleyes you can with a single interface, but its kinda complicated and has its problems15:48
sdakeSamYaple it looks ike seliux may be in enforcing mode15:48
SamYaplebut you can make it work15:48
sdaketry setenforce 015:48
SamYaplesdake: how can you tell?15:48
ashishjainSamYaple: I get it now.. I have been breaking my head for last 2 days to make it work :(15:48
sdake        "facter_selinux_config_mode": "enforcing",15:49
SamYapleashishjain: the way I do it is like this....15:49
* SamYaple goes to make a pastebin15:49
openstackgerritRyan Hallisey proposed openstack/kolla: Drop root privileges for rabbitmq  https://review.openstack.org/24472115:50
SamYapleashishjain: http://paste.openstack.org/show/478680/15:50
SamYapleso eth0 has no ip, br1 has an ip15:51
SamYaplethen i have a veth pair15:51
SamYaplei give the neutron interface veth-ovs15:51
*** achanda has joined #kolla15:51
rhallisey^^ if anyone has an idea let me know15:52
sdakerhallisey chown \:15:53
sdakenot chown :15:53
sdakesudo treats : as a special character15:53
sdakeaccording to hte manp age it must be escaped15:53
rhalliseyso you're saying it should be 'rabbitmq\:'15:53
rhalliseythat's removes the syntax error, but still asks for a password15:54
SamYaplerhallisey: look at mariadb15:54
ashishjainSamYaple: How  do you go about creating the br1 - is it through brctl util?15:54
SamYaplethat works15:54
SamYapleashishjain: brctl addbr br115:54
*** jtriley has joined #kolla15:54
rhalliseyI copied it15:55
rhalliseynot in the review, but in previous iterations15:55
*** JoseMello has joined #kolla15:56
sdakedefinatelly should be rabbitmq:\15:56
sdake\:15:56
SamYaplesdake: so just `setenforce 0`?15:57
SamYapleim suprised the gate wroks at all then for centos15:57
sdakeSamYaple that will turn off seliux i cn't guarantee you have selinux o on15:57
sdakeyoucan sell for sure by running geetenforce15:57
sdakein the gate15:57
sdakegetenforce15:57
sdakethis will print out selinux stte15:58
sdakei dont know what htat factor state thign is15:58
sdakebut it sure looks like it is indicating selinux is enabled15:58
rhalliseystill asking for a pw :(15:58
*** dwalsh has joined #kolla15:59
sdakemy next suggestion is not to use a wildcard15:59
sdakethe sehll will expect the wildcard into the true name16:00
sdakesudo wont know the wildcardname though16:00
sdaketherefore sudo and the shell wont match up16:00
*** signed8bit is now known as signed8bit_ZZZzz16:00
sdakerhallisey ^^16:00
sdakerhallisey make  sense?16:01
*** achanda has quit IRC16:02
rhalliseyya I've tried this already, but will do it again16:02
sdakecomon folks we got 1 day to go to knock out the security blueprint !! ;)16:02
rhalliseysdake, I've literally copied the mariadb part16:02
sdakerhallisey dont use wildcards in the sudo call or sudoers file16:02
rhalliseyand replaced rabbitmq16:02
rhalliseystill asking for pw16:02
sdakeya its a tricky little thing16:03
*** achanda has joined #kolla16:03
rhalliseythe only thing that's worked has been: %kolla ALL=(root) NOPASSWD: /usr/bin/chown rabbitmq16:03
rhalliseythe only thing that's worked has been: %kolla ALL=(root) NOPASSWD: /usr/bin/chown16:03
rhallisey^ the second one16:03
*** achanda has quit IRC16:04
*** signed8bit_ZZZzz is now known as signed8bit16:04
sdakei'd prefer to hve the arogument16:04
sdakes16:04
sdakehmm i bet . is a special character in sudo16:05
sdakelet me read the man pge16:05
SamYaplethe arguement is a requirement16:06
sdakeThe following characters must be escaped with a backslash (‘\’) when used16:06
sdake     as part of a word (e.g. a user name or host name): ‘!’, ‘=’, ‘:’, ‘,’,16:06
sdake     ‘(’, ‘)’, ‘\’.16:06
sdakerhallisey when you get the erland lange up post anothe review please16:07
SamYaplerhallisey: whats actually failing btw?16:08
sdakeSamYaple sudo isn't honoring the sudoers file16:08
SamYaplesdake: how is that being determined?16:08
openstackgerritMichal Rostecki proposed openstack/kolla: [WIP] Use trusts in heat.conf  https://review.openstack.org/23619816:08
sdakeit pritn a password request16:08
sdakebts, mariadb is good to go ;)16:09
rhalliseyone second16:10
*** vbel has quit IRC16:18
*** vbel has joined #kolla16:18
openstackgerritSam Yaple proposed openstack/kolla: Convert gate to Ansible setup  https://review.openstack.org/24453816:19
SamYaplesdake: https://review.openstack.org/#/c/244684/16:19
*** egonzalez has quit IRC16:19
sdakeSamYaple ugh - we will need to keep that in mind16:20
SamYaplesdake: its cool, the USER operation as the very last step is fine16:22
SamYapleit won't affect anything else16:22
sdakerhallisey id the gettign rid of the wilcard fix he problem16:23
rhalliseyok back sorry16:23
*** kbyrne has joined #kolla16:23
SamYaplesdake: the setenforce thing seemed to be correct16:24
*** egonzalez has joined #kolla16:24
SamYaplesdake: gate broke deploying rabbitmq, but thats probbly unrelated16:25
rhalliseysdake, %kolla ALL=(root) NOPASSWD: /usr/bin/chown rabbitmq\: /var/lib/rabbitmq, /bin/chown rabbitmq\: /var/lib/rabbitmq16:25
rhallisey^ that didn't work16:25
sdakehwon -R?16:26
rhalliseyI've tried with -R. It didn't make a difference.  I'm still getting ask for a pw :(16:26
rhalliseyugh16:26
sdakerhallisey extend start is:16:27
sdake    sudo chown -R rabbitmq: /var/lib/rabbitmq16:27
sdakerun -it bash IP_of_registry:port_of_registry/kollaglue/centos-binary-rabbitmq16:28
sdakerun -it IP:port/kollaglue/entos/binary/rabbitmq bash16:29
sdakegrep kolla /etc/group16:29
*** blahRus has joined #kolla16:29
sdakerhallisey it definately wontwork without he -R16:30
sdakelets make sure we make it look right before debugging16:30
rhalliseyI added the -r to sudo16:30
rhalliseynow it works16:30
rhalliseyyes!16:30
*** dwalsh has quit IRC16:30
rhalliseyevery time I tested with -R I dropped the '\;'.  The false negative threw me off16:31
sdakeya sudoers file is tricky16:32
rhalliseysdake, thank you16:32
sdakeenjoy16:32
openstackgerritRyan Hallisey proposed openstack/kolla: Drop root privileges for rabbitmq  https://review.openstack.org/24472116:33
rhalliseyehh need bp hold a second..16:33
openstackgerritRyan Hallisey proposed openstack/kolla: Drop root privileges for rabbitmq  https://review.openstack.org/24472116:34
sdakei also submitted a -1 which needs attention16:34
rhalliseykk16:35
*** ssurana has quit IRC16:36
SamYaplesdake: why do you not have both chown paths in mariadb but ryan does in rabbitmq?16:36
SamYapleoh nvm16:37
SamYapleyou do16:37
openstackgerritRyan Hallisey proposed openstack/kolla: Drop root privileges for rabbitmq  https://review.openstack.org/24472116:38
*** sacharya has joined #kolla16:39
*** sdake has quit IRC16:40
*** cloudnautique has joined #kolla16:40
SamYapleoh wait sdake i was looking at the wrong job16:40
SamYaplesetenforce 0 ?16:40
SamYaplesudo: setenforce: command not found16:40
kproskurinGuys, any reason why horizon apache don’t send logs to rsyslog?16:42
*** sdake has joined #kolla16:42
SamYaplekproskurin: most of the logging isn't working properly16:42
SamYaplekproskurin: it just hasn't been setup properly yet16:42
SamYaplefeel free to submit a patch16:43
kproskurinI actually runs on a problem with ubuntu horizon on master16:43
kproskurinit cant create log in /var/log/apache216:43
kproskurinnot sure why16:43
SamYaplesdake: ^16:43
kproskurinpermission denied but dir permission are ok16:43
sdakei canread16:43
sdakethanks16:44
sdakekproskurin i'll fix the problem16:44
*** slotti has quit IRC16:44
kproskurinselinux? apparmor?16:44
SamYaplesdake: well I asked you a qeustion before and you did not respond16:44
sdakei was asleep :)16:44
SamYaplehence the ping for this16:44
kproskurinsdake: care to explain this problem in few words?16:44
kproskurinim curios16:44
sdakesure16:44
SamYapleand by before, i mean like 2 minutes ago16:44
sdakewe dded USEr to the continers16:44
sdakeSamYaple ack16:44
sdakethe USER drops permissions in the container16:45
SamYapleyou said 'setenforce 0' but thats not working16:45
sdakeSamYaple setenforce was just a 100% guess16:45
kproskurinsdake: that I understand. What blocking permission? selinux?16:45
SamYapleright its not a valid command16:45
rhalliseynot too bad a guess tho16:45
SamYaple16:42:04 < SamYaple> sudo: setenforce: command not found16:45
sdakesetenforce is not a valid command?16:45
sdakesec16:45
sdakei'm not logged in to my lap16:46
sdakebut it maybe /usr/sbin/setenforce16:46
sdakeor /sbin/setenforce16:46
sdakewhich is nto in the gate path16:46
SamYaplethats probably it16:46
SamYaplecan you 'which' and tell me the path?16:46
SamYaplesomeone*?16:46
sdakerhallisey type which setenforce16:47
rhallisey/usr/sbin/setenforce16:47
SamYaplethanks16:47
sdakekproskurin what is blocking the command is standard unix permissions16:47
sdakehoirizon runs as the horizon user, /var/log/apache2 is not howned by horizon16:47
kproskurinsdake: That’s not true16:48
SamYaplesdake: horizon should run as the apache2 user i think..16:48
kproskurin    && chown -R horizon: /var/run/apache2 /var/log/apache216:48
SamYapleso should keystone for that matter16:48
kproskurinin Dockfile16:48
sdakeSamYaple hard to tell what is more secure16:49
sdakehorizon has less perissions16:49
kproskurinas an example http://fpaste.org/289727/14473469/16:49
sdakethe non USER continer runs as apahe and horizon16:49
SamYaplesdake: its not about security, its about how it works16:50
SamYapleapache starts processes as the horizon user16:50
openstackgerritVladislav Belogrudov proposed openstack/kolla: Add playbook for hosts pre-deployment checks (ports, files)  https://review.openstack.org/23988216:50
sdakekproskurin run docker exec id16:51
sdakeand ls -ld /var/lib/apache216:51
kproskurinuid=1000(horizon) gid=1001(horizon) groups=1001(horizon),1000(kolla)16:51
kproskurin$  ls -ld /var/lib/apache216:51
kproskurindrwxr-xr-x 5 root root 4096 Nov 12 15:35 /var/lib/apache216:51
openstackgerritSam Yaple proposed openstack/kolla: Convert gate to Ansible setup  https://review.openstack.org/24453816:51
kproskurinmay be you mean /var/log/apache ?16:52
sdakethat dir shouldbe owned by horiozn16:52
sdake[09:48:25]  <kproskurin>    && chown -R horizon: /var/run/apache2 /var/log/apache216:52
sdakeoh /var/lib16:53
kproskurinsdake: yep16:53
kproskurinlog dir IS owned by horizon16:53
kproskurinand have w permission16:53
kproskurinyou can see iit here:  http://fpaste.org/289727/14473469/16:54
sdakeline 9 should work16:55
kproskurinDo we on the same page? :-)16:55
kproskurinbut it doesnt16:55
kproskurinit’s look like a selinux-like problem16:55
sdakeae you running wiht selinux?16:56
kproskurinOn a host system - no.16:58
kproskurinI just wondering16:58
SamYaplevbel: looking good :) i like it16:59
SamYapleAgain, for keystone and horizon we should be running as the httpd or apache2 user, _not_ the service user16:59
SamYaplethats important16:59
*** daneyon has joined #kolla17:00
vbelSamYaple: another 300-400 lines. I am happy to have learned touch typing :)17:01
SamYaplevbel: dvorak is life17:01
*** daneyon has quit IRC17:01
*** daneyon has joined #kolla17:02
*** daneyon_ has joined #kolla17:03
openstackgerritSam Yaple proposed openstack/kolla: Fix namespace regression for neutron  https://review.openstack.org/24476817:06
*** daneyon has quit IRC17:06
*** sdake_ has joined #kolla17:07
*** sdake has quit IRC17:09
*** exploreshaifali has joined #kolla17:13
*** rmart04 has joined #kolla17:16
*** jtriley has quit IRC17:17
*** ssurana has joined #kolla17:20
*** rmart04 has quit IRC17:21
*** rmart04 has joined #kolla17:21
*** rmart04_ has joined #kolla17:26
*** itsuugo has joined #kolla17:28
*** aojea_ has joined #kolla17:28
*** kproskurin has quit IRC17:28
*** rmart04 has quit IRC17:28
*** rmart04_ is now known as rmart0417:28
*** sdake_ has quit IRC17:28
*** sdake has joined #kolla17:29
*** sdake has quit IRC17:30
*** sdake has joined #kolla17:31
openstackgerritMerged openstack/kolla: Move USER operation after footer  https://review.openstack.org/24468417:31
*** itsuugo has quit IRC17:31
*** aojea_ has quit IRC17:31
*** gfidente has quit IRC17:33
*** gfidente has joined #kolla17:34
*** mbound has quit IRC17:38
*** egonzalez has quit IRC17:39
*** cloudnautique has quit IRC17:41
*** cloudnautique has joined #kolla17:41
*** cloudnautique has joined #kolla17:42
*** jtriley has joined #kolla17:44
ashishjainSamYaple: Sorry went away for sometime could not continue the discussion.17:48
ashishjainSamYaple: continuing on the paste you provided earlier http://paste.openstack.org/show/478680/17:48
*** dwalsh has joined #kolla17:49
*** jtriley has quit IRC17:50
ashishjain1) add a linux bridge  2) Create a veth-pair 3) add veth-bridge to br1 4) In globals.yml specify neutron_external_interface:veth-ovs17:50
ashishjain5) add br1 to eth017:52
ashishjainGot few questions on it17:53
ashishjain1) So does this means we end up using eth0 as internal as well as external interface?17:53
*** cloudnautique has quit IRC17:53
ashishjain2) Why eth0 does not have an ip but br1 has one, I was hoping it would be opposite?17:53
*** sdake has quit IRC17:54
*** dwalsh has quit IRC17:54
*** cloudnautique has joined #kolla17:56
*** sdake has joined #kolla18:02
pbourkecan anyone tell me at what point /var/lib/kolla/dev gets created on the host18:03
*** signed8bit is now known as signed8bit_ZZZzz18:03
pbourkeok it seems docker creates it18:06
*** dwalsh has joined #kolla18:08
SamYaplepbourke: thats not a file, but a folder18:08
pbourkei know18:09
SamYaplepbourke: its a mountpoint so we can share the log dev18:09
SamYapleashishjain: yes that means you have one interface for internal and external18:09
pbourkersyslog root drop is turning out to be a little tricky18:09
ashishjainwhen I run the script tools/cleanup-host isn't it supposed to clean all the various interfaces created br-int ,br-ex,qbr..?18:09
SamYaplepbourke: thats cool, nothing external accesses rsyslog pbourke18:09
SamYaplei wouldnt have a problem if that must stay root18:09
SamYaplejust saying18:10
pbourkeok, I think it can be done just not as straight forward as the others18:10
SamYapleashishjain: no18:10
ashishjainSamYaple: why is that?18:10
SamYapleashishjain: all of those interfaces are controlled by openvswitch18:10
pbourkesdake: are we still aiming for root drop work to be finished by tomorrow18:10
ashishjainSamYaple: but once I remove all the containers, that means I have removed all the openvswitch service, shouldn't it be cleaned up as well?18:11
SamYapleashishjain: the openvswitch is a module loaded into the kernel18:11
ashishjainSamYaple:okay.18:11
SamYapleashishjain: so you have to cleanup the ports before removing the database that knows about the ports18:11
SamYapleotherwise you have to reboot18:11
SamYaplethere is no way to clean them up at that point18:12
ashishjainSamYaple: Okay got it18:12
ashishjainSamYaple: Talking about your paste, the globals.yml needs two network interfaces one with ip(internal) and one without ip(external)18:13
ashishjainso here veth-ovs  becomes the external interface,18:13
ashishjainwithout ip ofcourse18:13
SamYaplebr1 is the network interface18:13
ashishjainohhh okay that is really interesting18:15
ashishjainIn the past I have done this by using a Libvirt VM but only after creating network bridges but never tried the approach as highlighter by you18:16
*** tzn has joined #kolla18:17
ashishjainSamYaple: I will cover all that we have discussed into this https://bugs.launchpad.net/kolla/+bug/151422718:17
openstackLaunchpad bug 1514227 in kolla "Update Documentation for bare metal deployment of kolla with single network interface " [Critical,Triaged] - Assigned to Ashish (ashish-jain14)18:17
SamYapleashishjain: thank you. i never got around to writting documentatino for doing a single interface18:17
*** sdake has quit IRC18:18
SamYaplethe thing is, its making a comlpicated networking situation more complicated and without a good grasp on all the technologies going on its impossible to explain or debug18:18
ashishjainSamYaple: So do you mean it is not a good approach to setup a dev environment on a bare metal with a single NIC?18:19
ashishjainSamYaple: Will it be better if I use a Virtual Box or Libvirt based VM which will provide me as many NIC as I want ?18:20
SamYapleashishjain: no its a good approach for a dev environment if thats all you have18:21
SamYapleashishjain: Vms are slower for dev, but gives a much easier understanding of the networ18:21
SamYaplefor the record, the setup i described for you is what i use exlusively18:22
ashishjainSamYaple: Thanks for this it is really helpful and I am hoping I will make it work. BTW I do agree VM's make life easier when you are short of NIC's and make stuff easier to debug and understand.18:23
ashishjainHowever I will still continue with the approach which you have suggested18:23
*** achanda has joined #kolla18:26
*** jpeeler has quit IRC18:30
*** rhallisey_ has joined #kolla18:31
*** rhallisey has quit IRC18:33
*** itsuugo has joined #kolla18:37
*** signed8bit_ZZZzz is now known as signed8bit18:41
ashishjainSamYaple: I got a wireless interface wlan0 and when I try to add interface using the following command "brctl addif br1 wlan0"18:42
ashishjainI get an error saying "can't add wlan0 to bridge br1: Operation not supported"18:42
ashishjainhave you faced a similar situation18:42
*** jpeeler has joined #kolla18:44
*** jpeeler has joined #kolla18:44
SamYapleashishjain: yea you can't bridge wireless connections18:45
SamYaple3 mac vs 4 mac in the header18:45
SamYapleits pretty boring stuff18:45
SamYaplelong storry short, you can't do it18:45
ashishjainSamYaple: Aaah....that makes life little more tough now ;)18:47
*** jpeeler has quit IRC18:47
*** rmart04 has quit IRC18:47
SamYapleif you want to look into it you _can_ make it work but you have to make tweaks to the wireless side that most routers cant to18:48
SamYaplecant do*18:48
SamYaplethe feature you want is 4addr18:48
SamYapleiw dev wlan0 set 4addr on18:48
SamYaplebut that will almost certianly break your stuff18:48
SamYaplei don't recommend trying to do it18:48
ashishjainSamYaple: Yes it is going to make already complicated networking(atleast for me ) very complicated.18:49
*** sdake has joined #kolla18:49
sdakepbourke aiming but not looking likely18:50
*** sdake has quit IRC18:51
*** tzn has quit IRC18:55
*** jpeeler has joined #kolla19:00
*** ashishjain has quit IRC19:02
*** tzn has joined #kolla19:05
*** ashishjain has joined #kolla19:14
*** rhallisey_ has quit IRC19:15
*** bmace has quit IRC19:15
*** bmace has joined #kolla19:15
*** rhallisey_ has joined #kolla19:17
*** achanda has quit IRC19:21
*** achanda has joined #kolla19:21
*** sdake has joined #kolla19:22
*** ashishjain has quit IRC19:23
*** ashishjain has joined #kolla19:26
ashishjainSamYaple: I loose my net connectivity as soon as I add network interface to bridge19:28
ashishjaineven if the bridge is setup with IP addr it does not help and network remains unreachable.19:29
ashishjainHere are the steps which I have taken 1) add bridge br1 2) create veth pair 3) add one veth pair to br1 4) add eth0 to br1 5) assign an ip to br119:30
ashishjainin the end I see network is unreachable19:30
SamYapleashishjain: this is basic linux networking stuff19:36
SamYaplebut you need to remove the ip from eth019:36
SamYaplepossible setup your default route for br119:37
ashishjainSamYaple: eth0 is set to manual and hence no ip19:38
*** itsuugo has quit IRC19:38
*** suro-patz has joined #kolla19:43
*** tzn has quit IRC19:44
*** sdake_ has joined #kolla19:46
*** vbel has quit IRC19:47
*** vbel has joined #kolla19:47
*** ashishjain has quit IRC19:47
*** sdake has quit IRC19:49
*** rmart04 has joined #kolla19:51
*** rmart04 has quit IRC20:06
*** sdake_ has quit IRC20:14
*** JoseMello has quit IRC20:14
*** mbound has joined #kolla20:16
*** jtriley has joined #kolla20:17
*** sdake has joined #kolla20:17
*** tzn has joined #kolla20:35
*** rhallisey_ is now known as rhallisey20:35
*** signed8bit is now known as signed8bit_ZZZzz20:41
*** signed8bit_ZZZzz is now known as signed8bit20:43
*** tzn has quit IRC20:44
*** sdake has quit IRC20:54
*** ashishjain has joined #kolla21:03
*** suro-patz has quit IRC21:10
*** sdake has joined #kolla21:11
*** sdake_ has joined #kolla21:15
*** sdake has quit IRC21:17
*** itsuugo has joined #kolla21:17
*** gfidente has quit IRC21:17
*** achanda has quit IRC21:23
*** achanda has joined #kolla21:26
*** achanda has quit IRC21:26
*** achanda has joined #kolla21:27
*** diogogmt has quit IRC21:27
*** tzn has joined #kolla21:32
*** shardy has quit IRC21:39
*** tzn has quit IRC21:44
*** tzn has joined #kolla21:47
*** achanda has quit IRC21:54
*** achanda has joined #kolla21:54
*** jtriley_ has joined #kolla21:58
*** jasonsb has quit IRC22:00
*** jtriley has quit IRC22:00
*** jtriley_ has quit IRC22:02
*** rhallisey has quit IRC22:03
*** exploreshaifali has quit IRC22:05
*** itsuugo has quit IRC22:11
*** sacharya has quit IRC22:19
*** dims_ has joined #kolla22:23
*** dims has quit IRC22:25
*** ashishjain has quit IRC22:25
*** dwalsh has quit IRC22:32
*** sdake_ has quit IRC22:44
*** blahRus has quit IRC23:16
*** sdake has joined #kolla23:23
*** sdake_ has joined #kolla23:26
*** sdake has quit IRC23:28
*** achanda has quit IRC23:55
« Wednesday, 2015-11-11 Index Friday, 2015-11-13 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!