Monday, 2015-11-16

openstackgerrit	Angus Salkeld proposed openstack/kolla: Spec: Deploy Kolla images using Mesos https://review.openstack.org/241086	00:03
*** sacharya has quit IRC		00:20
*** alisonh has quit IRC		00:45
*** alisonh has joined #kolla		00:50
*** vilobhmm has joined #kolla		00:53
*** tfukushima has joined #kolla		00:56
*** tzn has quit IRC		01:15
*** weiyu_ has joined #kolla		01:16
*** sdake has quit IRC		01:18
*** kjelly has joined #kolla		01:22
*** cloudnull has quit IRC		01:34
*** ArchiFleKs has quit IRC		01:35
*** ArchiFleKs has joined #kolla		01:37
*** cloudkiller has joined #kolla		01:38
openstackgerrit	Angus Salkeld proposed openstack/kolla-mesos: add config generation script and some examples https://review.openstack.org/242912	01:49
*** sdake has joined #kolla		02:02
*** dims has joined #kolla		02:06
*** jasonsb has quit IRC		02:15
*** jasonsb has joined #kolla		02:15
*** jasonsb has quit IRC		02:36
*** jasonsb has joined #kolla		02:37
*** cloudkiller is now known as cloudnull		02:38
*** unicell has joined #kolla		03:01
*** vilobhmm has quit IRC		03:23
*** klint has joined #kolla		03:41
*** vilobhmm has joined #kolla		03:44
*** dims has quit IRC		03:47
*** dims has joined #kolla		03:48
*** vilobhmm has quit IRC		03:49
*** vilobhmm has joined #kolla		03:49
*** vilobhmm has quit IRC		03:50
*** weiyu_ has quit IRC		03:54
*** dims has quit IRC		04:08
*** weiyu has joined #kolla		04:10
*** sacharya has joined #kolla		04:15
*** daneyon has joined #kolla		04:21
*** weiyu has quit IRC		04:45
*** vbel has quit IRC		04:57
*** vbel has joined #kolla		04:58
*** daneyon has quit IRC		04:59
*** weiyu has joined #kolla		05:24
*** sacharya has quit IRC		05:28
*** weiyu has quit IRC		05:36
*** sdake has quit IRC		05:38
*** sdake has joined #kolla		05:41
*** weiyu_ has joined #kolla		06:15
*** pbourke has quit IRC		06:17
*** pbourke has joined #kolla		06:18
*** shakamunyi has joined #kolla		06:21
*** sacharya has joined #kolla		06:29
*** sacharya has quit IRC		06:34
*** vilobhmm has joined #kolla		06:38
*** shakamunyi has quit IRC		06:39
*** vilobhmm has quit IRC		06:40
openstackgerrit	Michal Rostecki proposed openstack/kolla-mesos: Rename package from kolla-mesos to kolla_mesos https://review.openstack.org/245276	06:42
openstackgerrit	Michal Rostecki proposed openstack/kolla-mesos: Install kolla-mesos package in Vagrant https://review.openstack.org/245591	06:49
*** vilobhmm has joined #kolla		06:53
*** shakamunyi has joined #kolla		06:54
*** nihilifer has quit IRC		07:02
*** nihilifer has joined #kolla		07:03
*** suro-patz has joined #kolla		07:04
*** SamYaple_ has joined #kolla		07:11
*** vincent_1dk has joined #kolla		07:11
*** slagle_ has joined #kolla		07:11
*** slagle has quit IRC		07:15
*** vincent_vdk has quit IRC		07:15
*** SamYaple has quit IRC		07:15
*** harmw has quit IRC		07:15
*** harmw has joined #kolla		07:21
*** suro-patz has quit IRC		07:30
*** Chandra has joined #kolla		07:31
*** rmart04 has joined #kolla		07:32
*** rmart04 has quit IRC		07:37
*** jmccarthy has quit IRC		07:38
Chandra	hi , i have local docker registry running at 192.168.1.100:8080 and i need to push all images to local registry .	07:40
Chandra	how to make it work . i tried using kolla-build --registry 192.168.1.100:8080 --push	07:41
Chandra	but it dint work . tried with port 5000 also . anyone have solution , please help . i am trying to deploy multi node	07:42
kjelly	Chandra: what's the error message ?	07:42
kjelly	Chandra: the command you use is correct.	07:43
Chandra	ERROR:kolla.cmd.build:Error: Status 502 trying to push repository kollaglue/ubuntu-source-gnocchi-statsd: "<html>\r\n<head><title>502 Bad Gateway</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>502 Bad Gateway</h1></center>\r\n<hr><center>nginx/1.4.6 (Ubuntu)</center>\r\n</body>\	07:43
kjelly	Chandra: Do you set insecure-registry ?	07:43
Chandra	no . i added ssh certs and when i login into docker with https on other nodes it works	07:44
Chandra	should i need to set insecure-registry ?	07:44
Chandra	could you please help me , where i can set this in ubuntu ?	07:45
kjelly	Chandra: yes. https://github.com/openstack/kolla/blob/master/doc/image-building.rst#docker-insecure-registry-config	07:45
Chandra	my deploy host is running on ubuntu .	07:45
kjelly	Chandra: you need to set it in the node which is used for deploy and building image.	07:45
Chandra	ok . thanks you kjelly . let me give a try	07:46
Chandra	thanks for helping out	07:46
kjelly	Chandra: :)	07:46
*** weiyu_ has quit IRC		07:51
*** vilobhmm has quit IRC		07:52
*** weiyu has joined #kolla		07:53
*** akwasnie1 has joined #kolla		07:53
*** Chandra has quit IRC		07:59
*** stvnoyes has quit IRC		08:01
*** stvnoyes has joined #kolla		08:01
*** egonzalez has joined #kolla		08:07
*** rmart04 has joined #kolla		08:09
*** egonzalez has quit IRC		08:20
openstackgerrit	Michal Rostecki proposed openstack/kolla: [WIP] Add Python 3.x support https://review.openstack.org/245659	08:22
*** egonzalez has joined #kolla		08:34
*** tobe has joined #kolla		08:34
*** weiyu has quit IRC		08:38
*** kjelly has quit IRC		08:40
*** shardy has joined #kolla		08:40
*** weiyu has joined #kolla		08:42
*** weiyu has quit IRC		08:44
openstackgerrit	Angus Salkeld proposed openstack/kolla-mesos: Add config generation script and some examples https://review.openstack.org/242912	08:48
*** exploreshaifali has joined #kolla		08:50
*** weiyu_ has joined #kolla		08:54
*** jmccarthy has joined #kolla		08:57
*** kproskurin has joined #kolla		09:02
*** kproskurin has quit IRC		09:02
*** kproskurin has joined #kolla		09:06
*** rmart04 has quit IRC		09:16
*** slotti has joined #kolla		09:20
*** athomas has joined #kolla		09:22
*** gfidente has joined #kolla		09:23
*** gfidente has joined #kolla		09:23
*** weiyu_ has quit IRC		09:35
*** kjelly has joined #kolla		09:35
*** weiyu_ has joined #kolla		09:38
*** tobe has quit IRC		09:44
*** tobe has joined #kolla		09:45
*** tzn has joined #kolla		09:56
*** mbound has joined #kolla		10:00
*** tfukushima has quit IRC		10:07
*** openstackgerrit has quit IRC		10:16
*** openstackgerrit has joined #kolla		10:16
*** inc0 has joined #kolla		10:20
inc0	Hey	10:20
openstackgerrit	Merged openstack/kolla: Remove unused tox jobs https://review.openstack.org/245096	10:20
inc0	Good news, I'm about to come back to work:)	10:21
*** tobe has quit IRC		10:36
akwasnie1	but unfortunately not in PL, inc0 :( how was your flight? :)	10:37
inc0	Pretty bad	10:37
inc0	We missed connecting flight (last one) in Washington	10:38
akwasnie1	uu..so you had to stay there, in Washington?	10:40
*** exploreshaifali has quit IRC		10:49
*** exploreshaifali has joined #kolla		10:53
inc0	Yup, we had to get hotel	10:59
*** mbound has quit IRC		11:03
openstackgerrit	Michal Rostecki proposed openstack/kolla-mesos: Install kolla-mesos package in Vagrant https://review.openstack.org/245591	11:08
*** dims has joined #kolla		11:12
*** weiyu_ has quit IRC		11:15
*** cemmason has joined #kolla		11:23
*** exploreshaifali has quit IRC		11:28
*** mbound has joined #kolla		11:31
*** cemmason has quit IRC		11:43
*** mbound has quit IRC		11:45
*** mbound has joined #kolla		11:45
openstackgerrit	Paul Bourke proposed openstack/kolla: Drop root for rsyslog https://review.openstack.org/245733	11:51
*** masterbound has joined #kolla		12:06
*** mbound has quit IRC		12:06
*** cemmason has joined #kolla		12:11
*** cemmason has quit IRC		12:26
*** rhallisey_ has joined #kolla		12:39
*** openstack has joined #kolla		12:51
-cameron.freenode.net- [freenode-info] channel flooding and no channel staff around to help? Please check with freenode support: http://freenode.net/faq.shtml#gettinghelp		12:51
*** inc0_ has joined #kolla		12:56
*** inc0 has quit IRC		12:56
*** inc0 has joined #kolla		12:56
*** inc0_ has joined #kolla		12:58
*** inc0_ has quit IRC		12:58
*** inc0 has quit IRC		12:59
*** inc0_ has joined #kolla		12:59
*** inc0 has joined #kolla		13:00
*** inc0_ has quit IRC		13:03
*** exploreshaifali has joined #kolla		13:12
*** cemmason has joined #kolla		13:34
*** cemmason has quit IRC		13:38
*** kjelly_ has joined #kolla		13:39
*** ubuntu1 is now known as anteaya		13:52
*** klint has quit IRC		14:00
*** vincent_1dk is now known as vincent_vdk		14:00
openstackgerrit	Paul Bourke proposed openstack/kolla: Drop root for rsyslog https://review.openstack.org/245733	14:17
*** sacharya has joined #kolla		14:17
openstackgerrit	Merged openstack/kolla-mesos: Rename package from kolla-mesos to kolla_mesos https://review.openstack.org/245276	14:19
*** achanda has joined #kolla		14:19
*** sacharya has quit IRC		14:22
openstackgerrit	Paul Bourke proposed openstack/kolla: Drop root for rsyslog https://review.openstack.org/245733	14:23
*** akwasnie1 has quit IRC		14:27
rhallisey	pbourke, one more comment I left in there	14:32
rhallisey	then I think it looks good	14:32
pbourke	rhallisey: cheers	14:32
*** sdake has quit IRC		14:48
openstackgerrit	Sam Yaple proposed openstack/kolla: Remove unused tox jobs https://review.openstack.org/245803	14:53
*** dwalsh has joined #kolla		14:56
*** jtriley has joined #kolla		15:06
*** achanda has quit IRC		15:13
*** chandra has joined #kolla		15:15
chandra	hi , when i am trying to deploy multi node i am getting bellow error . someone please help me ..	15:16
chandra	TASK: [common \| Starting log_data container] ********************************** failed: [control01] => {"error": "APIError(HTTPError(u'500 Server Error: Internal Server Error for url: http+docker://localunixsocket/v1.20/auth',),)", "failed": true} msg: failed to login to the remote registry, check your username/password. failed: [network01] => {"error": "APIError(HTTPError(u'500 Server Error: Internal Server Error for url: http+docker:/	15:16
*** achanda has joined #kolla		15:16
SamYaple_	hellow everyone	15:16
pbourke	hey SamYaple_	15:17
pbourke	chandra: it looks like docker isn't configured correctly	15:17
SamYaple_	chandra: that looks pretty straightforward, it looks like you are either trying to use authentication na your registry doesnt have it, or you have the wrong user name and password	15:17
*** SamYaple_ is now known as SamYaple		15:17
SamYaple	inc0: when do you start working again?	15:19
chandra	ok. default which user it will consider. should i need to mention docker user and password in globals.yml file ?	15:19
SamYaple	hey core guys, this is a fairly servious regression that I would like to get approved and backport https://review.openstack.org/#/c/244768/	15:20
SamYaple	chandra: by default there is no authertcation	15:20
SamYaple	chandra: so no username or password hsould be specified	15:20
SamYaple	rhallisey: pbourke: inc0: coolsvap: quick poll, how many of your would be opposed to a local copy of the docker module for ansible. That we maintain.	15:21
SamYaple	if we had that, then we woudnt have this problem of the 1.8.2 docker cap, and we could fix issues much much faster	15:21
chandra	now i am getting below error	15:21
chandra	TASK: [common \| Starting log_data container] ********************************** failed: [network01] => {"error": "APIError(HTTPError(u'500 Server Error: Internal Server Error for url: http+docker://localunixsocket/v1.20/images/create?tag=latest&fromImage=192.168.1.50%3A4000%2Fkollaglue%2Fubuntu-source-data',),)", "failed": true} msg: Failed to pull the specified image: 192.168.1.50:4000/kollaglue/ubuntu-source-data:latest failed: [contr	15:21
SamYaple	chandra: what does `docker pull 192.168.1.50:4000/kollaglue/ubuntu-source-data:latest` give you?	15:22
chandra	root@ubuntu:~/kolla# docker pull 192.168.1.50:4000/kollaglue/ubuntu-source-data:latest Pulling repository 192.168.1.50:4000/kollaglue/ubuntu-source-data 57710fd4eaaa: Download complete 2332d8973c93: Download complete ea358092da77: Download complete a467a7c6794f: Download complete ca4d7b1b9a51: Download complete e8cae89d8c86: Download complete Status: Image is up to date for 192.168.1.50:4000/kollaglue/ubuntu-source-data:latest	15:22
*** masterbound is now known as mbound		15:23
pbourke	SamYaple: doesn't sound worth it to me	15:23
pbourke	SamYaple: if you want to do that why not just move to beta version of ansible in kolla-ansible	15:23
chandra	SamYaple : pull worked fine	15:23
SamYaple	pbourke: we cant require a beta version of ansible for kolla	15:24
SamYaple	pbourke: and they are never snapping a new 1.9.x release	15:24
SamYaple	we will most certainly run into this problem in the future	15:24
SamYaple	my issue is when we envitably hit a bug like this again we will have no recourse. What if version 2.1.1 of ansible has a fix for a bug, but a broken version of docker?	15:25
SamYaple	we can't consume both fixes	15:25
pbourke	ah yes this is ansible on the deploy host not kolla-ansible	15:26
SamYaple	correct	15:26
kjelly_	chandra: do you set insecure-registry to all the node you use ?	15:26
SamYaple	kjelly_: thats probably it	15:26
pbourke	can we do a docker image for ansible	15:26
SamYaple	whta do you mean?	15:27
kproskurin	sounds interesting	15:27
pbourke	make a docker image that has working beta version of ansible	15:27
pbourke	instruct users to use that instead	15:27
SamYaple	we could actually wrap docker into the kolla-ansible container! but it would be kinda messy	15:28
SamYaple	another thing our own self written dockerm odule would get us is better use of DRY	15:29
SamYaple	you know those options we specify each time that dont change every?	15:29
SamYaple	we wouldnt have to do that	15:29
SamYaple	https://github.com/openstack/kolla/blob/master/ansible/roles/glance/tasks/start.yml#L4-L13	15:29
SamYaple	and then the env part too	15:30
SamYaple	we wouldnt have to write those out each time	15:30
pbourke	have you engaged much with ansible about fixing it	15:31
pbourke	before forking	15:31
chandra	Thanks SamYaple and kjeelly	15:31
chandra	it worked. after configuring insecure-registry in all nodes it worked	15:32
chandra	Thanks a lot. :-)	15:32
SamYaple	pbourke: simple fact is they 100% are not snapping another 1.9.x tag	15:32
SamYaple	we are completely at thier mercy here	15:33
pbourke	are they far off snapping a 2.0	15:33
SamYaple	it doesnt matter, we cant use 2.0 for liberty	15:33
SamYaple	it requires playbook changes	15:33
pbourke	so just limit liberty at 1.8.2	15:33
SamYaple	well master is limited at 1.8.2 right now as well :)	15:34
SamYaple	the real issue is we can't have ansible determining the progress of kolla-ansible	15:34
pbourke	yes but if we're patient, give them a chance to release 2.0 and then mitaka = ansible 2.0 + docker latest	15:34
SamYaple	and when that doesnt work?	15:35
SamYaple	i would be shocked if ansible 2.0 works for us on initial version	15:35
pbourke	ok that's all the arguments I've got :p	15:36
pbourke	i dont think the docker module is that big anyhow	15:37
SamYaple	these are valid arguments, and i agree with you	15:37
SamYaple	sdake is all over this "our own docker module" thing	15:37
SamYaple	oh right, another big thing is they have no intention of making thier docker module work with the docker v1 registry anymore	15:37
SamYaple	they said no to patching in support for that since it broke in 1.8.3	15:38
SamYaple	and i dont want to use v2 registry until it, you know, works	15:38
pbourke	yeah	15:39
pbourke	I wouldnt be thrilled about backporting that though	15:40
pbourke	unless that's not the intention	15:40
SamYaple	im not sure. I think backport was on the table. maybe idk	15:42
SamYaple	its not my intention	15:42
*** blahRus has joined #kolla		15:46
*** exploreshaifali has quit IRC		15:47
pbourke	rhallisey: are you sure '/usr/bin/rm rsyslog\: blah' locks that rm to the rsyslog user?	15:51
rhallisey	pbourke, pretty sure why	15:52
pbourke	rhallisey: cause it doesn't seem to be working and looking more closely rabbitmq only does it for chown commands	15:52
rhallisey	/usr/bin/rm -rf rsyslog	15:53
rhallisey	you need all the flags	15:53
rhallisey	I didn't realize that when I was doing it	15:53
*** mbound has quit IRC		15:54
rhallisey	pbourke, try that	15:54
pbourke	trying	15:55
rhallisey	kk	15:55
*** mbound has joined #kolla		15:55
SamYaple	÷/win 33	15:57
pbourke	rhallisey: still asking for password :( the syntax seems really weird, did you come across any useful examples online when doing yours?	15:59
*** chandra has quit IRC		16:03
*** masterbound has joined #kolla		16:09
*** mbound has quit IRC		16:11
rhallisey	pbourke, I did. Let me look...	16:13
*** kjelly_ has quit IRC		16:17
*** absubram has joined #kolla		16:18
pbourke	# glance image-list	16:25
pbourke	An auth plugin is required to fetch a token	16:25
pbourke	wtf does this mean	16:25
pbourke	proxy woes again it seems	16:26
rhallisey	pbourke, I can't find the example I used. Still looking	16:30
rhallisey	pbourke, I left a comment on what I think might work	16:32
pbourke	rhallisey: thanks	16:32
*** suro-patz has joined #kolla		16:34
pbourke	glance seems busted	16:36
pbourke	with file backend	16:37
pbourke	everyone is using ceph?	16:37
openstackgerrit	Ryan Hallisey proposed openstack/kolla: [WIP} Drop root privileges for openvswitch https://review.openstack.org/245366	16:37
*** sacharya has joined #kolla		16:42
*** achanda has quit IRC		16:51
*** daneyon has joined #kolla		16:54
*** sdake has joined #kolla		16:56
sdake	morning	16:56
pbourke	sdake: hi	16:57
pbourke	sdake: do you use ceph for a glance backend?	16:57
*** sdake has quit IRC		17:01
*** sdake has joined #kolla		17:02
*** slotti has quit IRC		17:05
*** sdake has quit IRC		17:06
*** sdake has joined #kolla		17:06
SamYaple	morning	17:09
SamYaple	pbourke: we dont have an ha glance backend, so ceph is our only ha solution	17:10
pbourke	SamYaple: right but it should work without ha	17:10
SamYaple	it _should_ work yes	17:10
SamYaple	but i dont know how often its tested	17:10
pbourke	can fix quick enough	17:12
SamYaple	wats broken on it?	17:15
pbourke	the drop root broke it	17:15
pbourke	as it can't create it	17:15
pbourke	on start	17:15
SamYaple	oh yea that sounds right	17:15
SamYaple	i dont think sdake tested it	17:15
SamYaple	i mean the file backend	17:15
sdake	what	17:16
sdake	i test eerything guys	17:16
sdake	i didn't do glance	17:16
SamYaple	qoute of the day tehre	17:16
SamYaple	17:17:47 < sdake> i test eerything guys	17:16
SamYaple	;)	17:16
sdake	everything i personally author i do test 1000%	17:17
pbourke	bd9e8c22d79f28d1bc74eeaa4f7f8563a8e9da6d	17:17
SamYaple	lies i have quotes from yesterday saying otherwise	17:17
pbourke	dum dum DUM	17:17
sdake	SamYaple thta wasn'tpersonally authored	17:18
pbourke	the good news is I uncovered it with tempest	17:18
pbourke	will be nice for uncovering these kind of things	17:18
pbourke	though image creation is a basic one so surprised no one hit it	17:19
SamYaple	21:53:45 < SamYaple> you should have probably tested that master to liberty repo change patch	17:20
SamYaple	21:53:55 < sdake_> y no beuno	17:20
SamYaple	21:54:01 < sdake_> your right i should have	17:20
SamYaple	just sayin	17:20
SamYaple	21:54:09 < sdake_> bad move on my part	17:20
sdake	that was xomeone elses patch i approved	17:20
sdake	not self-auhored	17:20
sdake	anyway I don think i did glance	17:21
SamYaple	https://review.openstack.org/#/c/242877/	17:22
SamYaple	its ok man	17:23
SamYaple	you can make mistakes	17:23
SamYaple	we all do	17:23
SamYaple	just own up to it	17:23
pbourke	popcorn.gif	17:23
sdake	guss i did glance	17:23
sdake	but it does look correct	17:23
pbourke	sdake: it's an edge case	17:24
pbourke	sdake: got another one - in sudoers.d, 'chown user\: foo'	17:25
pbourke	the user\: is just part of the chown cmd right?	17:25
pbourke	not, "only user can run this command"	17:25
SamYaple	pbourke: correct	17:25
pbourke	that's what I thought	17:25
pbourke	rhallisey: ^	17:25
SamYaple	basically you are saying this user can do this command EXACTLY LIKE THAT	17:25
SamYaple	any deviation and it wont allow it	17:26
sdake	without the backslace of course	17:26
pbourke	yeah but you can't do something like:	17:26
pbourke	rm -rf user\: foo	17:26
sdake	sudo needs colons escaped	17:26
SamYaple	pbourke: you can, but it will try to remove 'user:' as a file	17:26
*** unicell has quit IRC		17:26
*** masterbound has quit IRC		17:27
*** suro-patz has quit IRC		17:29
*** dmsimard is now known as dmsimard\|food		17:29
*** sdake_ has joined #kolla		17:31
*** dans_ has joined #kolla		17:31
SamYaple	rhallisey: you cannot drop privleges for openvswitch. this causes the socket (which is accessible from the host system) to have uid:guid mappings that can be insecure	17:32
SamYaple	it must run as root	17:32
SamYaple	we can circle back around on this when we can take advantage of the docker uid mapping in 1.9.0, but until then it can't drop its user like you are trying to do	17:32
pbourke	either im doing something wrong or glance with file backend is fubared	17:32
SamYaple	yes	17:33
pbourke	it mounts glance_data into glance_registry	17:33
pbourke	but its the api that needs to access the data store?	17:33
SamYaple	pbourke: is that a question or a statement?	17:33
sdake_	ok guys rhallisey needs custom repos	17:33
sdake_	and i need custom repos	17:33
sdake_	so lets have a discussion about that	17:33
*** sdake has quit IRC		17:33
SamYaple	i dont know where the images live, in the api container or the registry	17:33
*** slagle_ is now known as slagle		17:33
dans_	Anyone know how to enable support of network namespaces inside an LXC container? I got this error "TRACE neutron.agent.dhcp.agent Stderr: mount --make-shared "/var/run/netns failed": Permission denied" I'm running neutron inside of an LXC container. Any idea? Thanks for the help!!	17:34
pbourke	SamYaple: question	17:34
pbourke	SamYaple: which glance service should write image data to the file backend	17:34
SamYaple	pbourke: 17:35:19 < SamYaple> i dont know where the images live, in the api container or the registry	17:35
pbourke	SamYaple: ok thanks	17:35
SamYaple	testing would be my suggestion	17:35
SamYaple	i thought ti was the registry	17:35
sdake_	images are in registry	17:35
SamYaple	sdake_: the api recieves the data and sends it to the registry.... how?	17:36
SamYaple	over rabbit?	17:36
SamYaple	dans_: what is the context here as relates to Kolla?	17:36
*** athomas has quit IRC		17:36
SamYaple	dans_: also some distros symlink /var/run -> /run and that might cause you mount problems with lxc	17:36
*** inc0 has quit IRC		17:38
dans_	SamYaple: Thanks for the tip. Just thought someone here might know	17:38
*** inc0 has joined #kolla		17:38
SamYaple	dans_: yea we dont do alot with LXC here since this is all docker. I have a fair amout of experince with LXC	17:42
SamYaple	may i ask what you are trying to do dans_ ?	17:42
SamYaple	if its share namespace made from within containers to the host, that will not work	17:42
sdake_	SamYaple i beliee the flow is the api stores metadata and registry stores actual data	17:47
sdake_	but i dont think it involves rabbitmq	17:47
sdake_	i am not quite sure how it works	17:47
SamYaple	sdake_: how does the data get from the api (where all the data is received) to the metadata store?	17:47
sdake_	no idea	17:48
dans_	SamYaple: I was referred here by @dasm after asking in #neutron	17:49
SamYaple	dans_: depending on what you are trying to do we may have the information to help you. But the LXC folks are #openstack-ansible . I may be able to tell you what you need to know.... if i know what yo uare trying to do. Why are you trying to share the host /run/netns with the container?	17:50
*** kproskurin has quit IRC		17:52
dans_	I have neutron in a container and it wants to create a namespace for DHCP, however my LXC container won't let me.	17:53
dans_	ip netns add test mount --make-shared /var/run/netns failed: Permission denied	17:53
sdake_	sudo	17:54
dans_	:P still nope	17:54
dans_	sudo ip netns add test	17:54
dans_	sudo: PERM_SUDOERS: setresuid(-1, 1, -1): Operation not permitted	17:54
sdake_	i'm out of ideas ;)	17:54
SamYaple	dans_: im fairly certain youll need to create that in a privleged container	17:55
dans_	ok. thanks tho! i was root before too :)	17:55
*** egonzalez has quit IRC		17:55
SamYaple	because it has to create a second mountpoint	17:55
SamYaple	cloudnull and #openstack-ansible will be able to help yuo here	17:55
dans_	Great! I'll a privaleged container :) thanks!	17:56
*** jasonsb has quit IRC		17:57
openstackgerrit	Paul Bourke proposed openstack/kolla: Fix issues in Glance filesystem backend https://review.openstack.org/245912	17:58
openstackgerrit	Paul Bourke proposed openstack/kolla: Fix issues in Glance filesystem backend https://review.openstack.org/245912	18:02
*** tzn has quit IRC		18:03
*** unicell has joined #kolla		18:07
rhallisey	sorry back	18:08
openstackgerrit	Paul Bourke proposed openstack/kolla: Drop root for rsyslog https://review.openstack.org/245733	18:08
rhallisey	SamYaple, so there is nothing I can do at all for openvswitch?	18:09
dans_	SamYaple: my teammate just figured it! We had to add "lxc.aa_profile = unconfined" to the lxc config	18:10
rhallisey	sdake_, I think we just need a flag in build.py '--repo-url'	18:10
*** suro-patz has joined #kolla		18:10
rhallisey	think I have a patch around for this..	18:10
sdake_	we need a file import - may need more then one repo	18:10
rhallisey	oh you want to go that way	18:11
rhallisey	ok I see where you're coming	18:11
rhallisey	from	18:11
SamYaple	dans_: ah ok that would also make sense. apparmor is no bueno	18:12
SamYaple	dans_: but you should see logs about those denials in the host system logs	18:13
rhallisey	pbourke, did the those changes work?	18:13
* rhallisey reads backlog		18:13
SamYaple	rhallisey: im not sure what all can be done with openvswitch to make it "more secure" but I don't think we can change any part of the users stuff	18:13
sdake_	ya just a note lets not make things more secure at the expense of breaking things	18:14
sdake_	some processes just have to run as root and that is all there is to it	18:14
rhallisey	agreed	18:14
SamYaple	for the record, not running as root in the container doesn't make it more secure	18:15
*** inc0_ has joined #kolla		18:16
*** inc0 has quit IRC		18:18
sdake_	it makes the container more immutable ;)	18:23
sdake_	in some cases	18:23
sdake_	which could imply some security benefit	18:23
sdake_	but ya this exercise of ddropping root is a little disappointing - i had expected more	18:23
sdake_	(bang for the buck)	18:24
openstackgerrit	Steve Noyes proposed openstack/kolla: initial spec for kolla rest api client https://review.openstack.org/245917	18:24
*** jtriley has quit IRC		18:25
sdake_	stvnoyes your patch has alot of whitespce problems - can you fix pleases	18:28
sdake_	all the red makes people hangry :)	18:28
*** ssurana has joined #kolla		18:29
*** vilobhmm has joined #kolla		18:34
sdake_	SamYaple let me pick your brain	18:36
sdake_	instead of a base from centos7	18:36
sdake_	i want a from steaks-startup.org/centos7	18:37
sdake_	what would you recommend	18:37
sdake_	carry variance in a forked repo or make it an upstream feature?	18:37
sdake_	i think this is something alot of folks will want going forward	18:38
sdake_	and thats the argument against carrying variance	18:38
*** jasonsb has joined #kolla		18:39
*** vilobhmm has quit IRC		18:40
*** vilobhmm has joined #kolla		18:40
*** vilobhmm has quit IRC		18:41
*** vilobhmm has joined #kolla		18:41
*** vilobhmm has quit IRC		18:41
*** vilobhmm has joined #kolla		18:42
SamYaple	sdake_: you can do whatever you want, I dont agree with changing the Kolla base repo away from vanilla things	18:42
sdake_	d oyou mean hte trieplo repo overrides?	18:43
sdake_	I wasnt talking about that, I was talking about the FROM line	18:43
SamYaple	so was i	18:43
sdake_	i think repo overrides make alot of sense- your opinion?	18:44
SamYaple	the repo overrides are fine	18:44
sdake_	but not from overrides?	18:44
SamYaple	lets talk about one thing at a time	18:45
sdake_	ya	18:45
sdake_	ok lets talk about from overrides then :)	18:45
SamYaple	the sources.list/repo overrides I am +2 on	18:45
SamYaple	the FROM override I am also ok with, but we don't need alot of change to make that work	18:45
SamYaple	slight tweak to build.py	18:45
SamYaple	I do not agree with changing to steaks-startup.org/centos7 in the main kolla repo	18:46
SamYaple	i do agree with making an option so _you_ can build from that	18:46
sdake_	oh i see	18:46
sdake_	I misunderstood your objection	18:46
sdake_	on same page now	18:46
sdake_	you said slight tweak to build.py - any more information on the slight tweak needed?	18:48
sdake_	should we allow -b to override?	18:48
sdake_	or add a new option	18:48
sdake_	i am really anti new options	18:48
*** jasonsb has quit IRC		18:48
sdake_	i think our build options re off the hook already	18:48
SamYaple	so we have a --base-tag option	18:49
SamYaple	we need a similar option for --base-repo name	18:49
SamYaple	i know i know, but you want new features this is how you get them	18:50
sdake_	wow we have lag :)	18:50
sdake_	pbourke that bug with the registry data container	18:51
sdake_	can you make a special snowflake patch for stable/liberty?	18:51
SamYaple	sdake_: i never have lag. i think its just you	18:51
sdake_	ya agree sam i think so too	18:52
SamYaple	you should setup a cloud server running irrsi or something	18:52
sdake_	i'm good	18:52
sdake_	SamYaple the base-tag, atm defaults to latest	18:55
SamYaple	as it should	18:56
sdake_	how would you propose changing it to get steaks-startup.org/centos	18:56
SamYaple	no no, thats the tag	18:56
SamYaple	as in :latest	18:56
sdake_	yup i know	18:56
SamYaple	you want to change the image name	18:56
SamYaple	steaks-startup.org/centos:latest	18:57
sdake_	right - which is -b atm	18:57
SamYaple	but we use -b as the control for all our if logic	18:57
sdake_	i know	18:57
sdake_	so we need a new flag?	18:57
SamYaple	so either we need to add a base meta flag for centos	18:57
SamYaple	or we need to add a new flag to override	18:57
SamYaple	im not sure which	18:57
*** jtriley has joined #kolla		18:58
SamYaple	we can usurp -b/--base to accept steaks-startup.org/centos (old functionality style still intact)	18:58
SamYaple	and add a new flag --base-distro centos	18:58
SamYaple	so you would have to do --base steaks-startup.org/centos --base-distro centos	18:59
SamYaple	for the if statements to work	18:59
SamYaple	anyway, youll have to figure something out but ^^ that would work	18:59
SamYaple	i personally dont care unless it changes existing behaviour	18:59
sdake_	SamYaple cool sounds good dude	19:03
* sdake_ has a neverending backlog		19:04
*** jtriley has quit IRC		19:07
*** vilobhmm1 has joined #kolla		19:07
*** vilobhmm has quit IRC		19:09
*** sdake_ is now known as sdake		19:10
*** bmace has quit IRC		19:16
*** bmace has joined #kolla		19:17
*** jtriley has joined #kolla		19:21
openstackgerrit	Steve Noyes proposed openstack/kolla: initial spec for kolla rest api client https://review.openstack.org/245917	19:26
*** dmsimard\|food is now known as dmsimard		19:31
openstackgerrit	Michal Rostecki proposed openstack/kolla: Add Python 3.x support https://review.openstack.org/245659	19:37
*** vilobhmm1 has quit IRC		19:39
*** vilobhmm has joined #kolla		19:39
*** vilobhmm has quit IRC		19:41
*** vilobhmm has joined #kolla		19:42
*** jtriley has quit IRC		19:51
*** jtriley has joined #kolla		19:55
*** dwalsh_ has joined #kolla		19:57
*** dwalsh has quit IRC		19:58
openstackgerrit	Michal Rostecki proposed openstack/kolla-mesos: Add config generation script and some examples https://review.openstack.org/242912	19:58
*** kproskurin has joined #kolla		20:00
*** gfidente has quit IRC		20:02
openstackgerrit	Michal Rostecki proposed openstack/kolla-mesos: Add config generation script and some examples https://review.openstack.org/242912	20:06
kproskurin	Hello guys, did someone asked you already about Docker zombie problem? I mean: https://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/	20:06
SamYaple	kproskurin: wasnt that a docker 1.5.0 bug	20:07
SamYaple	sdake: you dealt with that 1.5.0 bug stuff, comments?	20:07
kproskurin	Afaik it's still persist	20:08
sdake	docker does indeed have a pid 1 problem	20:09
sdake	all the process reaping in kolla does not work correctly imo	20:09
kproskurin	yep	20:09
kproskurin	It could be a problem	20:09
openstackgerrit	Michal Rostecki proposed openstack/kolla-mesos: Install kolla-mesos package in Vagrant https://review.openstack.org/245591	20:17
*** dans_ has quit IRC		20:25
*** inc0_ has quit IRC		20:34
*** mbound has joined #kolla		20:37
*** suro-patz has quit IRC		20:45
*** suro-patz has joined #kolla		20:47
*** mwheckmann has joined #kolla		20:49
openstackgerrit	Sam Yaple proposed openstack/kolla: Fix namespace regression for neutron https://review.openstack.org/244768	20:56
*** tzn has joined #kolla		21:04
*** tzn has quit IRC		21:10
*** suro-patz has quit IRC		21:33
*** suro-patz has joined #kolla		21:33
*** shardy has quit IRC		21:33
sdake	stvnoyes nice job cutting your teeth on a spec for Kolla :) Welcome to the pain machine :) I left some comments in the spec. I think you would do well to remove the inception style thoughts - these are all part of tripleo and a big reason IMO tripleo has failed. inception dependencies are almost as bad as circular ones :)	21:38
*** sdake has quit IRC		21:44
*** sdake has joined #kolla		21:44
*** sdake has quit IRC		21:57
*** vilobhmm has quit IRC		22:03
*** vilobhmm has joined #kolla		22:03
*** rhallisey has quit IRC		22:03
*** jtriley has quit IRC		22:14
stvnoyes	sdake: thanks for the feedback, I'll go through an update & repost	22:22
*** jtriley has joined #kolla		22:24
*** dwalsh_ has quit IRC		22:29
*** vilobhmm has quit IRC		22:33
*** daneyon has quit IRC		22:34
*** vilobhmm has joined #kolla		22:34
*** kproskurin has quit IRC		22:54
*** kproskurin has joined #kolla		22:54
*** ryansb_ has joined #kolla		22:58
*** ryansb_ has quit IRC		22:58
*** ryansb_ has joined #kolla		22:58
*** blahRus1 has joined #kolla		22:58
*** ssurana1 has joined #kolla		23:00
*** jtriley has quit IRC		23:01
*** ssurana has quit IRC		23:06
*** blahRus has quit IRC		23:06
*** ryansb has quit IRC		23:06
*** kproskurin has quit IRC		23:06
*** ryansb_ is now known as ryansb		23:06
*** sacharya has quit IRC		23:15
*** blahRus1 has quit IRC		23:21
*** mwheckmann has quit IRC		23:26
*** jtriley has joined #kolla		23:33
*** absubram has quit IRC		23:34

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!