Thursday, 2015-12-03

« Wednesday, 2015-12-02 Index Friday, 2015-12-04 »
*** sacharya has quit IRC00:01
openstackgerritKevin Carter proposed openstack/openstack-ansible: Updated the py_pkgs lookup plugin for multi source  https://review.openstack.org/24148300:12
cloudnull^ sorry again for the spam, found a potential issue where a role package may not be udated in a local override case when using multi-source and would effect the pre-built venvs. I added in a small bit to take care of that too00:13
*** BjoernT has quit IRC00:13
cloudnullstevelle: odyssey4me ^00:13
*** mss_ has quit IRC00:17
*** baker has joined #openstack-ansible00:21
cloudnullkysse: so the replication is not staying in sync  ?00:26
kyssenope00:29
openstackgerritKevin Carter proposed openstack/openstack-ansible: Fix neutron issue w/ l2pop  https://review.openstack.org/25210000:33
cloudnullanything in the logs?00:33
cloudnullnetwork partitioning ?00:33
cloudnullstorage constraints ?00:33
cloudnullhow many containers for galera?00:34
cloudnulldoes the issue happen on vip failover or is it more it just dies ?00:35
*** eil397 has quit IRC00:36
cloudnullim out, back online later.00:36
*** sacharya has joined #openstack-ansible01:02
*** sacharya has quit IRC01:07
*** mss has joined #openstack-ansible01:12
*** markvoelker has quit IRC01:23
*** rebase_ has quit IRC01:28
openstackgerritMerged openstack/openstack-ansible: Use PyPi packages for ceph python bindings  https://review.openstack.org/24515401:35
openstackgerritMerged openstack/openstack-ansible: Add documentation for HA ceilometer  https://review.openstack.org/25265101:35
*** mancdaz has quit IRC01:39
*** mancdaz has joined #openstack-ansible01:40
*** tlian2 has joined #openstack-ansible02:02
*** tlian has quit IRC02:04
*** rebase_ has joined #openstack-ansible02:32
*** rebase_ has quit IRC02:35
kysseis there some kinda hard limit vms per host?02:46
kysseI'm only able to launch 17.02:47
kysseto one host02:47
Sam-I-Amits based on resource limits in the scheduler rules02:47
Sam-I-Amnot specifically a hard limit, but a combination of resources adding up02:47
kysseok, thanks02:48
*** sacharya has joined #openstack-ansible03:04
cloudnullkysse: check out http://docs.openstack.org/openstack-ops/content/compute_nodes.html specifically the Overcommitting section03:16
kysseah, thanks. Got2check that mysql error tomorrow, I'll provide those informations if I can not fix it myself.03:25
*** fawadkhaliq has joined #openstack-ansible03:32
*** rebase_ has joined #openstack-ansible03:36
*** rebase_ has quit IRC03:37
*** baker has quit IRC03:38
*** shausy has joined #openstack-ansible03:46
*** cemmason has joined #openstack-ansible03:47
cooljkysse: i missed your comments earlier, so dunno if this is what you're seeing, but if you have members not joining the cluster, check for /tmp/percona-version-check in the galera containers and delete it if present, then restart mysql and members should join the cluster and sync.03:54
*** cemmason has quit IRC04:00
*** shausy has quit IRC04:00
*** cemmason has joined #openstack-ansible04:01
*** sacharya has quit IRC04:31
*** galstrom_zzz is now known as galstrom04:32
*** linggao has quit IRC04:36
*** sacharya has joined #openstack-ansible04:37
*** hybridpollo has quit IRC04:41
*** fawadkhaliq has quit IRC04:50
*** tlian2 has quit IRC04:56
*** markvoelker has joined #openstack-ansible05:25
*** fawadkhaliq has joined #openstack-ansible05:27
*** markvoelker_ has joined #openstack-ansible05:28
*** shausy has joined #openstack-ansible05:30
*** markvoelker has quit IRC05:30
*** markvoelker has joined #openstack-ansible05:31
*** markvoelker_ has quit IRC05:34
*** markvoelker_ has joined #openstack-ansible05:38
*** markvoelker has quit IRC05:38
*** markvoelker_ has quit IRC05:51
*** sirushti has quit IRC06:01
*** sirushti has joined #openstack-ansible06:01
*** sacharya_ has joined #openstack-ansible06:05
*** sacharya has quit IRC06:06
*** galstrom is now known as galstrom_zzz06:10
*** phiche has joined #openstack-ansible06:27
*** sacharya_ has quit IRC06:28
*** sdake has quit IRC06:28
*** targon has joined #openstack-ansible06:30
*** markvoelker has joined #openstack-ansible06:50
*** markvoelker has quit IRC06:55
*** mss has quit IRC06:57
*** javeriak has joined #openstack-ansible07:00
*** phiche has quit IRC07:06
openstackgerritMerged openstack/openstack-ansible: Added ceilometer-polling upstart jobs  https://review.openstack.org/24988107:09
*** javeriak has quit IRC07:10
*** javeriak has joined #openstack-ansible07:10
*** phiche has joined #openstack-ansible07:15
*** javeriak_ has joined #openstack-ansible07:16
*** javeriak has quit IRC07:16
*** sdake has joined #openstack-ansible07:24
*** fawadkhaliq has quit IRC07:39
*** fawadkhaliq has joined #openstack-ansible07:39
*** sacharya has joined #openstack-ansible07:44
*** sacharya has quit IRC07:48
*** fawadkhaliq has quit IRC07:50
*** fawadkhaliq has joined #openstack-ansible07:53
*** fawadkhaliq has quit IRC07:57
*** shausy has quit IRC07:59
*** shausy has joined #openstack-ansible08:00
*** fawadkhaliq has joined #openstack-ansible08:05
*** fawadk has joined #openstack-ansible08:07
*** fawadkhaliq has quit IRC08:08
*** elo has quit IRC08:12
*** adaccada has joined #openstack-ansible08:24
*** markvoelker has joined #openstack-ansible08:25
*** javeriak_ has quit IRC08:27
*** fawadk has quit IRC08:28
*** fawadkhaliq has joined #openstack-ansible08:29
*** mpavone has joined #openstack-ansible08:29
*** markvoelker has quit IRC08:30
*** sdake has quit IRC08:36
*** egonzalez has joined #openstack-ansible08:37
*** javeriak has joined #openstack-ansible08:41
*** tiagogomes has joined #openstack-ansible08:47
*** mss has joined #openstack-ansible08:53
*** javeriak has quit IRC09:04
*** cemmason has quit IRC09:13
*** cemmason has joined #openstack-ansible09:13
*** sdake has joined #openstack-ansible09:16
*** javeriak has joined #openstack-ansible09:24
*** cemmason has quit IRC09:26
*** cemmason has joined #openstack-ansible09:26
*** sdake has quit IRC09:49
*** permalac has joined #openstack-ansible09:50
*** sdake has joined #openstack-ansible09:58
*** fawadkhaliq has quit IRC10:00
*** fawadkhaliq has joined #openstack-ansible10:00
*** javeriak has quit IRC10:04
*** marekd has quit IRC10:05
*** gparaskevas has joined #openstack-ansible10:05
*** sdake has quit IRC10:07
*** marekd has joined #openstack-ansible10:13
*** shausy has quit IRC10:15
*** shausy has joined #openstack-ansible10:15
*** marekd has quit IRC10:15
*** marekd has joined #openstack-ansible10:16
odyssey4memattt this may resolve the virt_type issue that you saw earlier this week: https://review.openstack.org/25242610:20
odyssey4memattt this may also apply if you were doing a multinode setup: https://review.openstack.org/25210010:21
*** mgoddard has joined #openstack-ansible10:22
*** markvoelker has joined #openstack-ansible10:26
matttodyssey4me: yeah i suspect so!10:30
*** markvoelker has quit IRC10:31
*** andyhky` has joined #openstack-ansible11:02
*** andyhky has quit IRC11:03
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Added ceilometer-polling upstart jobs  https://review.openstack.org/24994611:27
odyssey4meo/ all11:35
odyssey4mekysse when you're in, can you please add review feedback to https://review.openstack.org/252100 to indicate whether this is working for you?11:35
odyssey4mealextricity when you're in, can you also please provide feedback in https://review.openstack.org/252100 regarding whether it resolves the issues that you were seeing11:36
*** tlian has joined #openstack-ansible11:36
*** sacharya has joined #openstack-ansible11:47
openstackgerritMerged openstack/openstack-ansible-lxc_hosts: Added to ability to set mtu for lxcbr0  https://review.openstack.org/25248911:48
*** sacharya has quit IRC11:51
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Enable Neutron prevent_arp_spoofing by default  https://review.openstack.org/25257411:52
odyssey4meevrardjp please backport https://review.openstack.org/252489 to liberty when you get the chance11:54
odyssey4mehughsaunders andymccr any chance for a review on https://review.openstack.org/252426 ?11:55
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Convert AIO bootstrap from bash to Ansible  https://review.openstack.org/23952512:06
odyssey4memancdaz did you see alextricity's review on https://review.openstack.org/252416 ?12:08
mancdazodyssey4me I did, going to update the review today12:08
*** fawadkhaliq has quit IRC12:15
*** fawadkhaliq has joined #openstack-ansible12:16
openstackgerritMerged openstack/openstack-ansible: Updated the py_pkgs lookup plugin for multi source  https://review.openstack.org/24148312:16
odyssey4meany volunteers to backport  https://review.openstack.org/241483 to liberty?12:17
openstackgerritDarren Birkett proposed openstack/openstack-ansible: turn neutron notifications off by default  https://review.openstack.org/25241612:20
*** jaypipes has joined #openstack-ansible12:25
*** markvoelker has joined #openstack-ansible12:27
*** markvoelker has quit IRC12:32
*** openstackgerrit has quit IRC12:32
*** openstackgerrit has joined #openstack-ansible12:33
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Minor corrections to documentation  https://review.openstack.org/25292612:38
mhaydenmorning12:58
*** openstackgerrit has quit IRC13:17
*** openstackgerrit has joined #openstack-ansible13:17
*** markvoelker has joined #openstack-ansible13:28
openstackgerritMerged openstack/openstack-ansible: Fix nova_virt_type auto-detection  https://review.openstack.org/25242613:30
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Fix nova_virt_type auto-detection  https://review.openstack.org/25295313:31
*** ctina_ has joined #openstack-ansible13:32
*** markvoelker has quit IRC13:32
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Convert AIO bootstrap from bash to Ansible  https://review.openstack.org/23952513:35
odyssey4memhayden how would you like to back port https://review.openstack.org/241483 to liberty? :)13:38
odyssey4mes/how// :)13:38
mhaydenoh wow13:38
mhaydeni was attempting to review that earlier this week13:38
mhaydenodyssey4me: i assume this isn't a straight cherry pick13:40
odyssey4mesc68cal Sam-I-Am for the sake of being thorough, I did a recheck on https://review.openstack.org/252574 and boom - brokenness... see the non-voting check result13:40
odyssey4memhayden it may be, haven't tried it13:40
*** Bjoern_ has joined #openstack-ansible13:41
mhaydenodyssey4me: i'll take it in exchange for help on these security reviews ;)13:42
mhaydenmattt's been kind enough to trawl through https://review.openstack.org/#/c/245813/13:42
openstackgerritMajor Hayden proposed openstack/openstack-ansible: Updated the py_pkgs lookup plugin for multi source  https://review.openstack.org/25295613:44
odyssey4memhayden deal :)13:44
mhaydenodyssey4me: woot13:44
mhaydenimma try a cherry pick and then get out the scalpel if needed :P13:45
mhaydenmattt: love you, sir -- thanks much13:47
matttmhayden: hugs13:47
mhaydeni think that puts my beer tally with mattt at about 47513:47
odyssey4memhayden added a comment for a different way to do 'when:' clauses which have multiple conditions that need a boolean and, but otherwise all good and +w13:49
Sam-I-Amodyssey4me: wish i could see whats actually breaking in here13:49
odyssey4meSam-I-Am well, the tempest failure indicates that tempest could not ssh to the instance13:49
odyssey4methe rest you'd have to trawl through logs to determine why it didn't13:50
*** markvoelker has joined #openstack-ansible13:50
odyssey4meit is very possibly a race condition of some sort, which would explain why it works sometimes and not other times13:50
mhaydenthanks, odyssey4me! :)13:50
Sam-I-Amnot sure if its something that goes wrong with network creation or vm creation, but the logs say the vm isnt getting dhcp13:50
mhaydenodyssey4me / mattt: this enables gating for check mode -> https://review.openstack.org/#/c/251430/13:50
openstackgerritMerged openstack/openstack-ansible-security: Check mode compatibility for security role  https://review.openstack.org/24581313:51
*** markvoelker_ has joined #openstack-ansible13:52
*** markvoelker has quit IRC13:54
*** TravisA has joined #openstack-ansible13:56
* mhayden tips his hat to odyssey4me13:57
odyssey4memhayden looking good - I'm looking forward to seeing a functional gate check :)13:58
odyssey4meSam-I-Am yep, not getting DHCP - when we last dug into this - was due to the arp protection being enabled... essentially the DHCP requests can't get through13:59
Sam-I-Amwhich is odd13:59
odyssey4meSam-I-Am it's possible that this is peculiar to an AIO setup, but I don't have the skills to figure it out13:59
Sam-I-Amim trolling through the logs trying to match up some times14:00
*** javeriak has joined #openstack-ansible14:01
odyssey4meSam-I-Am I'd be happy to setup an AIO for someone to inspec14:04
Sam-I-Amdoes it ever break if you build one manually?14:04
Sam-I-Amunless these clocks are all sorts of screwy, it looks like the linuxbridge agent tore down network stuffs before the VM booted14:05
Sam-I-Amunless stuff is just missing14:06
Sam-I-Amthere's nothing in console.log between 12:53 and 13:0614:06
Sam-I-Amso i'm guessing thats when all the tempest bits are getting built?14:06
Sam-I-Amsort of makes more sense that way14:07
Sam-I-Amplus i havent had coffee14:07
*** shausy has quit IRC14:10
odyssey4meSam-I-Am the full tempest log is at http://logs.openstack.org/74/252574/2/check/gate-openstack-ansible-commit-nv/bc3dcee/logs/aio1_utility_container-354961d7/tempest.log14:11
Sam-I-Amhow many vxlan networks does it make? i thought it was 1 flat and 1 vxlan14:12
matttmhayden: is there much value testing this role outside of an openstack-ansible deploy ?14:12
mhaydenmattt: yeah14:12
matttwell there obviously is, but it would be nice to test it on top also14:12
mhaydenit should be fine for plain old ubuntu 14.04 systems too14:12
matttthat is true14:13
mhaydenmattt: well, this is step 1 of getting that done14:13
mhaydenmy goal is to have an env variable in gate-check-commit to apply this role at the end soon14:13
odyssey4meSam-I-Am one private network: https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_tempest/tasks/tempest_resources.yml#L14514:13
*** adaccada has quit IRC14:13
mhaydenmattt: but i gotta get the check/functional modes working separately first14:13
mhaydenbefore i go and break the gate and face odyssey4me's wrath :P14:13
matttmhayden: ok cool14:13
* mhayden whistles14:13
odyssey4memattt yeah, all roles must have their own functional tests to verify that they work, and to provide quick feedback outside of the complexity of the integrated tests14:14
mhaydenthanks mattt14:14
Sam-I-Amodyssey4me: which is interesting because i see references to vxlan-67 and vxlan-94 in the logs14:14
openstackgerritMerged openstack/openstack-ansible-security: Updating tests for openstack-ansible-security  https://review.openstack.org/25143014:17
*** KLevenstein has joined #openstack-ansible14:19
sc68calodyssey4me: ack.14:20
mancdazalextricity you around?14:20
*** javeriak has quit IRC14:20
*** fawadkhaliq has quit IRC14:24
*** fawadkhaliq has joined #openstack-ansible14:24
*** mgoddard_ has joined #openstack-ansible14:28
matttBjoern_: hey there, do you want to cherry-pick https://review.openstack.org/#/c/248904/ to liberty/kilo ?14:28
Bjoern_yes14:28
Bjoern_i can14:28
matttBjoern_: cool thanks, then we can get it reviewed for you14:28
*** Bjoern_ is now known as BjoernT14:28
*** mgoddard has quit IRC14:31
BjoernTmattt: do you remove the change id from the message ?14:33
BjoernTbefore reviewing14:33
matttBjoernT: you should be able to cherry-pick it right from the gerrit interface14:33
matttBjoernT: but the change ID should remain the same if you do it via git14:33
BjoernToh i see14:33
odyssey4memattt BjoernT wait for it to merge first14:34
BjoernTok14:34
odyssey4meotherwise the source commit isn't reflected properly14:34
matttok14:34
*** mpavone has quit IRC14:35
mhaydenodyssey4me: did i do this infra commit right?14:37
mhaydenhttps://review.openstack.org/#/c/252978/14:37
matttmhayden: i meant to ask, what runs run_tests.sh anyway ?14:38
odyssey4memhayden nope :)14:38
mhaydenmattt: it's for humans (according to odyssey4me)14:39
mhaydenodyssey4me: darnit -- what did i miss?14:39
odyssey4memhayden if you want to implement a check that uses tox, there's a whole ream of stuff to add14:40
mhaydenoh sheesh, okay14:41
mhaydenare there docs on this?14:41
odyssey4memhayden do you absolutely want to run the check test, or are you happy to run the functional tests straight off and leave the check test for manual testing?14:41
mhaydenwell i want to be 100% sure that someone can audit a system with this14:41
mhaydenso i do want to run check mode AND functional14:41
odyssey4meok, let's get the check mode in then14:42
odyssey4melet me find you an example14:42
mhaydenthanks14:44
odyssey4mehmm, pabelanger ping?14:46
odyssey4memhayden ok, first you need to edit jenkins/jobs/openstack-ansible-jobs.yaml with a new job-template14:53
odyssey4memhayden one of the builders needs to include something like this: https://github.com/openstack-infra/project-config/blob/master/jenkins/jobs/infra.yaml#L33-L3414:53
odyssey4mebut the envlist needs to be 'ansible-check' (or whatever the tox env name is you want14:54
odyssey4methis edit is the thing that tells jenkins how to run the job14:54
mhaydenohl, i see14:54
odyssey4meI think the template name should be 'gate-{name}-ansible-check'14:55
odyssey4meactually, let's do this a different way14:55
mhaydenhttps://gist.github.com/major/87130d0722f82886bb74 ?14:56
odyssey4melet's not add another kind of job - let's rather make the functional job first do a check, then do the functional thing14:56
mhaydenthat seems reasonable14:56
odyssey4methis way we're not wasting nodepool nodes, which makes -infra happy14:56
mhaydenand easier :P14:56
mhaydenwant me to adjust tox?14:56
*** mss has quit IRC14:57
odyssey4meso yes, you're wanting to adjust tox to do the one, then the other instead of doing them individually14:57
* mhayden is on it14:57
*** sigmavirus24_awa is now known as sigmavirus2414:57
odyssey4meI guess run_tests should change too - and I would suggest that run_tests does not execute the functional test by default - just in case someone executes it on their mac :)14:57
openstackgerritMajor Hayden proposed openstack/openstack-ansible-security: Merging check/functional jobs into one  https://review.openstack.org/25299114:58
mhaydenlike that ^^14:58
mhayden?14:58
odyssey4memhayden looks good to me - does it work?14:59
mhaydenoof, i guess i need to pull the functional bit out of the tox envlist at the top14:59
mhaydenso it doesn't run by default when someone runs tox14:59
odyssey4meno, that should be fine15:01
odyssey4meif someone runs tox then they should know what they're doing15:01
mhaydenabout to test those tox changes right quick15:02
*** iceyao has quit IRC15:04
*** cemmason1 has joined #openstack-ansible15:08
*** sdake has joined #openstack-ansible15:08
*** cemmason has quit IRC15:09
*** iceyao has joined #openstack-ansible15:09
*** spotz_zzz is now known as spotz15:10
mhaydenodyssey4me: tests out okay15:10
*** linggao has joined #openstack-ansible15:10
*** cemmason1 has quit IRC15:10
odyssey4memhayden cool :) mattt can you help out by reviewing https://review.openstack.org/252991 ?15:11
*** karimb has joined #openstack-ansible15:11
mhaydenodyssey4me: are you thinking of re-using this -> https://github.com/openstack-infra/project-config/blob/master/jenkins/jobs/ansible-role-jobs.yaml#L16-L32 ?15:16
odyssey4memhayden it'll actually be https://github.com/openstack-infra/project-config/blob/master/jenkins/jobs/ansible-role-jobs.yaml#L34-L5215:18
mhaydeni see15:19
odyssey4memhayden basically all you'll need to do is match the config in https://github.com/openstack-infra/project-config/blob/master/zuul/layout.yaml#L6868-L6876 for the zuul layout15:19
mhaydeni'm not sure what the job name will be -- bunch of variables there15:19
odyssey4methe rest is already in place15:19
mhaydenoh wowzers15:20
cloudnullmorning15:20
*** mgoddard_ has quit IRC15:21
*** mgoddard has joined #openstack-ansible15:22
pabelangerodyssey4me: pong, morning15:22
odyssey4mepabelanger morning, I think we've sorted ourselves out - no worries :)15:23
pabelangergreat15:23
*** markvoelker_ has quit IRC15:25
mhaydenodyssey4me: something like this? https://github.com/major/project-config/commit/a9d36471255a7553270641484d148f915f6165c515:25
odyssey4memhayden you're missing: https://github.com/openstack-infra/project-config/blob/master/zuul/layout.yaml#L687115:26
odyssey4memhayden then you can also remove https://github.com/openstack-infra/project-config/blob/master/zuul/layout.yaml#L6933-L6934 and https://github.com/openstack-infra/project-config/blob/master/zuul/layout.yaml#L6937-L693815:26
odyssey4me(they're catered for in the ansible-role-jobs job template15:27
mhaydenoh nice, didn't know i could remove those15:27
mhaydensimplifies it a bit15:27
mhaydenodyssey4me: https://github.com/major/project-config/commit/1bb894349d80b7f31b1c6716c0b0900daa1b436915:28
odyssey4memhayden oh, sorry - gate-openstack-ansible-security-ansible-lint can come out too15:29
odyssey4mehttps://github.com/openstack-infra/project-config/blob/master/zuul/layout.yaml#L6928-L6939 should look exactly like https://github.com/openstack-infra/project-config/blob/master/zuul/layout.yaml#L6918-L6926 in the end, just with s/rsyslog_client/security/15:30
pabelangerodyssey4me: not sure ansible-role-jobs is the best place atm. Since it will affect all ansible modules. Maybe we need to create a seperate ansible job-template for openstack-ansible team?15:30
odyssey4mepabelanger we're not modifying the job template - just using them :)15:30
pabelangerodyssey4me: another thing, you might get some push back from -infra for creating a ansible-check.  One question I was asked before, could it be added into ansible-lint15:31
odyssey4mepabelanger initially I was considering adding another template - but we rather made the functional check pipeline two checks15:31
*** mancdaz has quit IRC15:31
pabelangerfor example: https://github.com/openstack/ansible-role-nodepool/blob/master/tox.ini#L1015:31
pabelangerwhat I do today for ansible-lint and check-syntax15:31
*** mancdaz has joined #openstack-ansible15:31
odyssey4mepabelanger yeah, I've seen pushback - they want checks pipelined where possible15:32
odyssey4meeg: bashate has to be pipelined into the pep8 check15:32
pabelangerYa, I like the idea honestly.  More checks better15:33
pabelangerBut understand -infra too about the usage of nodes15:33
pabelangerI don't use --check much, since I'm using the gate to test functional tests15:33
odyssey4mepabelanger yes, but they're asking now to pipeline checks where possible to reduce the usage of nodepool15:33
pabelangerso, my question, what does --check give you over ansible-functional?15:34
odyssey4mepabelanger so what we've done now is combine the check test and the functional test into one15:34
odyssey4me--check is basically a test which checks what ansible would do (like an audit of what will happen)15:34
odyssey4methis is useful for change planning, or auditing in this special case15:34
mhaydenodyssey4me: https://review.openstack.org/#/c/252978/15:35
pabelangerodyssey4me: right, I assume like a --noop mode for puppet?15:36
mhaydennow i just need love on https://review.openstack.org/#/c/252991/15:36
odyssey4memhayden I updated the commit message to indicate the cross-repo dependency15:36
odyssey4mepabelanger exactly15:37
mhaydenthanks for that, odyssey4me15:37
*** Mudpuppy has joined #openstack-ansible15:39
pabelangerodyssey4me: okay, cool. Only question then, what does running --check before the actually functional test get you? Are you hoping --check will expose something the functional test doesn't? I'm wondering if I should be updating ansible-gofer to do that too15:40
mhaydenpabelanger: the idea there is to do a check run to simulate someone running an audit against their system15:41
*** baker has joined #openstack-ansible15:41
mhaydenperhaps someone who wants to see what changes need to be made before making changes15:41
*** daneyon has joined #openstack-ansible15:43
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Creating nova-secret with safe file permissions  https://review.openstack.org/24890415:44
pabelangermhayden: Ya, I agree.  But what I don't follow is adding that too the ansible-functional check / gate too.  Will have to read up on it and test15:45
pabelangerseems odd to --noop first, then run functional test15:45
odyssey4mepabelanger in the security role's case, the check mode is part of its function15:45
mhaydenwell, the use case is that someone may want to audit a system, review those changes, and then make changes15:46
mhaydenyeah, what odyssey4me said, the auditing mode is a feature15:46
odyssey4merunning the role in check mode performs an audit, running without check mode implements changes15:46
*** Mudpuppy has quit IRC15:47
alextricityodyssey4me I'll add the patch(https://review.openstack.org/252100) to my environment and spin up a VM to see if it solves the problems15:48
alextricitymancdaz I am around now :)15:48
mancdazalextricity I was looking to standardise the notification_driver settings across projects15:48
mancdazseems some of them use messagingv2, some use rpc_, some are dependent on whether ceilometer is deployed, some get dropped in anyway15:49
*** sacharya has joined #openstack-ansible15:49
*** TravisA has quit IRC15:49
mancdazalextricity but my main question was why, in glance, did you only configure the backend when the notification_driver was being configured?15:50
alextricityI've been looking into that lately since I've been doing a multi-node ceilometer testbed. I'm still playing around with the drivers to see which ones need to go where15:50
mancdazalextricity so all the projects can't just use messagingv2 ?15:50
*** Mudpuppy has joined #openstack-ansible15:52
alextricityI don't know for sure at the moment. I only know the projects that need to be using messagingv2. I don't see any reason why all projects can't use that.15:53
alextricitySome notification drivers probably got mixed around during the structure change15:53
*** sacharya has quit IRC15:53
alextricityI'm still playing around with it on my test environment15:53
alextricitye.g. configuring meters, spinning up resources, verifying measurements15:54
* alextricity is looking at the glance role now15:54
alextricityAh I see what you mean15:55
*** markvoelker has joined #openstack-ansible15:55
*** oneswig has joined #openstack-ansible15:56
alextricityI didn't think there was a need for rpc_backend if notification_driver isn't messagingv215:56
alextricityBut I could be missing something15:56
alextricitymancdaz: Which ones *are not* using messagingv2?15:57
mancdazalextricity neutron, cinder, heat15:58
*** javeriak has joined #openstack-ansible15:58
mancdazalextricity I was working through a review to just set them all to use messagingv2, only if *_ceilometer_enabled is true15:59
mancdazand no notification_driver if not15:59
alextricityThe docs say that cinder supports messagingv2 and cinder should be configured with that notification driver15:59
mancdazI think they all should if using oslo messaging?15:59
Sam-I-Amrpc_backend is what sets the main messaging backend16:00
alextricitymancdaz: I definitely agree16:00
Sam-I-Amits needed whether or not you use notification_driver16:00
Sam-I-Amalthough it may default to rabbit now16:00
odyssey4meeffectively we want to ensure that if ceilometer is not being installed, then nothing should notify the notification queue (otherwise we end up with a queue full of messages and nothing consuming them)16:01
alextricityi was looking at the neutron config documentation yesterday, and it *does* support messagingv2 as well16:01
alextricitySo we can configure neutron that way16:01
alextricityAs for heat...let me check on that16:01
odyssey4mebe aware that sometimes the docs are wrong, so if it doesn't support messagingv2 according to the docs - verify in the code to be sure, then submit a patch to docs :)16:01
Sam-I-Amcinder supports messagingv2 last i checked16:02
alextricityodyssey4me: so true16:02
*** sdake has quit IRC16:03
mancdazSam-I-Am we don't want notifications being sent if nothing is consuming them16:03
mancdazso I'm trying to have it get set only if something (ceilometer) wants to consume them16:03
Sam-I-Ammancdaz: yes16:03
mancdazsupport are seeing the notifications.info queue just grow16:03
alextricitymancdaz: I think it's safe to change all projects to messagingv2 when ceilometer is enabled16:03
Sam-I-Amnotification_driver = noop if not ceilometer (or anything else pulling from the notifications q)16:03
alextricity^^ I like that idea16:04
mancdazalextricity I'll put a review up for that shortly16:04
mancdazSam-I-Am alextricity I spoke to odyssey4me about that option16:04
odyssey4mewhat is the upstream default if it's not set?16:04
Sam-I-Amusually noop16:04
alextricityIt's just a blank list16:04
mancdazhis preference is not to set it at all if not ceilometer, and a deployer can add it using the config template if necessary16:04
Sam-I-Amor empty set = noop16:04
alextricityempty list*16:04
odyssey4meif it's noop, then just skip the config entry16:04
odyssey4meie ie ceilometer enabled, add config entry, else do nothing16:05
odyssey4me*if16:05
Sam-I-Ami always explicitly set it because projects lose their minds on config sometimes, and having it revert makes a queue grow unexpectedly16:05
mancdazit's how glance does it right now16:05
*** mss has joined #openstack-ansible16:06
mancdazhttps://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_glance/templates/glance-api.conf.j2#L31-L3816:06
odyssey4meSam-I-Am the position we've taken is to only set settings we care about setting... we don't need to override upstream defaults unnecessarily - and the config_overrides are there for anyone to use....16:06
mancdazhttps://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/os_glance/defaults/main.yml#L56-L5716:06
Sam-I-Amodyssey4me: assuming all the upstream defaults are sane16:07
Sam-I-Amthere was a time when glance was not, and could become again16:07
mancdazfor notification_driver the upstream defaults are [], or noop16:07
odyssey4mealso, if an upstream project is changing config defaults on a stable project, then they are breaking their contracts16:07
mancdazso per odyssey4me we don't need to set it16:07
odyssey4memancdaz yes16:07
*** sdake has joined #openstack-ansible16:07
odyssey4meSam-I-Am if we don't think upstream defaults are sane, then we must engage upstream to fix that16:07
mancdazso I propose all projects just get a *_ceilometer_notification_driver var, which gets dropped in only when *_ceilometer_enabled = true16:08
*** daneyon has quit IRC16:08
mancdazelse no notification_driver gets set16:08
*** tfly has joined #openstack-ansible16:08
*** tfly has quit IRC16:08
alextricitymancdaz: I can +1 that16:08
javeriakhey guys, isn't there a meeting today?16:08
odyssey4memancdaz what add a var at all?16:08
*** tfly has joined #openstack-ansible16:08
odyssey4memeeting in #openstack-meeting-4 cloudnull, mattt, andymccr, d34dh0r53, hughsaunders, b3rnard0, palendae, Sam-I-Am, odyssey4me, serverascode, rromans, erikmwilson, mancdaz, dolphm, _shaps_, BjoernT, claco, echiu, dstanek, jwagner, ayoung, prometheanfire, evrardjp, arbrandes, mhayden, scarlisle, luckyinva, ntt, javeriak16:08
*** tfly has quit IRC16:08
mancdazodyssey4me yes a <project>_ceilometer_notification_driver16:08
*** tfly has joined #openstack-ansible16:09
odyssey4memancdaz why bother? why not just have it set the appropriate driver in the template16:10
*** fawadkhaliq has quit IRC16:10
mancdazodyssey4me I guess you could. I don't suppose anyone would need to verride the driver if using ceilometer16:10
odyssey4memancdaz yep, and if they do - they can use the config_override anyway16:11
odyssey4meif we add a special var, then we have to document the use of the var - it just adds to the documentation workload16:11
mancdazodyssey4me ok I can buy that16:11
linggaoHi odyssey4me, I am trying to understand how openstack ansible works.  Where is the hosts file located?16:12
hughsaunderslinggao: openstack-ansible uses a dynamic inventory script rather than the standard ansible inventory. This script reads openstack_user_config to generate the inventory16:14
*** ysm has joined #openstack-ansible16:15
linggaohughsaunders, thanks. the strange thing is that if I ran " ansible galera_all -m shell -a date", I got "ERROR: Unable to find an inventory file, specify one with -i ?"16:19
linggaoBut if I ran it under /opt/openstack-ansible/playbooks, it seemed work.16:19
javeriaklinggao the path to inventory is relative to where you run the playbooks from16:20
javeriakso you have to be in that directory16:20
javeriakyou'll see the inventory directory under /playbooks16:21
linggaojaveriak, I see. there is an inventory directory there.16:21
linggaols16:21
linggaohughsaunders, javeriak thanks. I will read dynamic_inventory.py and try to understand.16:22
hughsaunderslinggao: thats some deep cloudnull magic16:23
linggao:)16:23
linggaohughsaunders, javeriak I am new to ansible. When I read the ansible doc, it seemed very easy to get started. But when I came donw to the openstack, I was confused.16:25
openstackgerritKevin Carter proposed openstack/openstack-ansible: Added in keystone reserved port  https://review.openstack.org/19670216:26
cloudnullwhats that ?16:27
hughsaunderslinggao: openstack-ansible uses the dynamic inventory script to generate names and ips for the containers that don't exist before the ansible run, its a convenience shortcut. It is still possible to use the standard inventory, but quite a lot of effort to write it out.16:27
cloudnulloh dynamic_inventory.py16:27
cloudnullsoryr16:27
cloudnull*sorry16:27
cloudnullhughsaunders linggao: ITS A TRAP!16:28
cloudnulllinggao: I'd love to work on making the inventory script more sane. its a bit hectic and crufty.16:29
linggaohughsaunders, cloudnull, I saw a file openstack_hostnames_ips.yml under /etc/openstack_deploy. I guess it is created by dynamic_inventory.py, right?16:29
cloudnullbut if you have any questions let me know.16:29
cloudnulllinggao: yes16:29
hughsaunderscloudnull: I keep meaning to add an ansible-inventory format output to the dynamic inventory script, so that script could be run to create an ansible-style static inv.16:31
hughsaundersbut haven't got round to it..16:31
linggaohughsaunders, cloudnull My stupid question is that why not create a standard host file for ansible so that it is easy for users to understand and change?16:31
linggaoAs an admin, it is hard to debug when something is wrong with openstack-ansible.16:33
cloudnulllinggao: the standard inventory file would be massive16:33
cloudnulland ansible inventory in ini format does not support dictionary parameters16:33
cloudnullso it'd be difficult to directly translate16:34
cloudnullthat said, in the independent role repository work we're creating individual inventories for the test on how to use the roles stand alone16:34
cloudnullso its moving that direction on a per role basis16:35
cloudnulland with some improvements in how the dynamic inventory works i think we can get mostly there16:35
linggaocloudnull, thanks for the insights.16:35
cloudnulllinggao: if you have some thoughts on how you'd like to see inventory and how it would make your life easier let us know.16:37
cloudnullmore insight on that topic would be greatly appreciated.16:37
javeriakoh i have one... the cleanup for stale entries from the inventory json is a pain :)16:38
javeriaki wonder is thats automate-able cloudnull ...16:39
cloudnullwe have the inventory-manage script16:40
cloudnullwhich will clean things up by name16:40
hughsaundersjaveriak: have you seen inventory-manage? https://github.com/openstack/openstack-ansible/blob/master/scripts/inventory-manage.py16:40
hughsaunderssnap16:40
cloudnull^ that one16:40
javeriakoh nope....16:41
javeriakis there a user doc entry on it that i can read?16:41
cloudnull./scripts/inventory-mange.py --help16:41
cloudnullwhich may not be helpful :)16:41
javeriakofcourse :)16:41
stevelleI was just looking for a doc entry, not finding one16:42
cloudnull./scripts/inventory-manage.py -f /etc/openstack_deploy/openstack_inventory.json <option>16:43
cloudnulljaveriak: ^ thats the basic usage16:43
* odyssey4me loves seeing doc entry patches :) *hint*16:43
linggaocloudnull, I am just thinking cloud. For me who just learned a little bit ansible, I would like see an ansible-style files. Otherwise, I feel like I am learning yet another language with openstack-ansible when something is wroing with my system and I need to debug it.16:45
*** sdake has quit IRC16:46
linggaos/cloud/loud/16:46
*** mgoddard_ has joined #openstack-ansible16:48
linggaoI have used some of the automated tools like puppet, chef, devstack, If it is working, everyone is happy. If something is not working, no one knows how to fix.16:48
*** KLevenstein is now known as KLev-away16:50
*** fawadkhaliq has joined #openstack-ansible16:50
*** Mudpuppy has quit IRC16:50
openstackgerritMerged openstack/openstack-ansible: turn neutron notifications off by default  https://review.openstack.org/25241616:51
*** mgoddard has quit IRC16:51
*** gparaskevas has quit IRC16:52
cloudnulllinggao: thats fair. we should try to make debugging inventory easier16:52
palendaeYeah, the inventory needs work16:53
palendaeIt's something I've wanted to do but can't find time16:53
linggaothanks! :)16:53
spotz*perks up*16:54
*** prithivm has joined #openstack-ansible16:54
*** targon has quit IRC16:56
odyssey4mewe did discuss it briefly at the summit - the general idea was to change it so that you could have a replaceable library for accessing a cmdb source (providing hosts, groups), and then augment other stuff on top of it16:57
odyssey4meour default library could be a standard ansible ini file16:57
palendaeyeah, I have a patch I threw up to start very, very basic test for the inventory16:57
palendaeSo we could start pulling it apart16:57
odyssey4meanother could be the current yml format16:57
palendaeAnd yeah, I would love to get it to the point where we drop an ini file like others do16:58
*** targon has joined #openstack-ansible16:58
*** prithivm has quit IRC16:59
*** jaypipes has quit IRC16:59
*** prithivm has joined #openstack-ansible16:59
*** targon has quit IRC17:00
mancdazmattt https://review.openstack.org/#/c/228646/17:00
cloudnulli have a role to dump inventory from running ansible. the output is not pretty17:01
*** oneswig has quit IRC17:01
*** baker has quit IRC17:02
*** greg_a has joined #openstack-ansible17:02
*** BjoernT has quit IRC17:03
matttmancdaz: ah nice17:03
odyssey4mespotz ?17:04
*** tfly has left #openstack-ansible17:04
cloudnullhttps://github.com/cloudnull/osa_rpc_test/blob/master/osa-server-create.yml#L37-L61 that'll recreate an INI like inventory from a  running ansible environment17:04
*** bangfrog has joined #openstack-ansible17:05
*** prithivm has quit IRC17:05
*** mgoddard_ has quit IRC17:07
*** mgoddard has joined #openstack-ansible17:08
*** notmorgan has joined #openstack-ansible17:09
* notmorgan waves17:09
*** greg_a has quit IRC17:09
cloudnullo/ notmorgan17:09
* notmorgan is going to have some questions soon17:09
notmorgantrying to use OSA to deploy a PoC on top of Vexxhost.17:09
notmorgan[yeah i know, virtualized on top of virtualized]17:09
notmorganbut..17:09
notmorgananyway just wanted to say hi before firing questions around :)17:10
notmorgancloudnull: also HEY!17:10
notmorgan:)17:10
* notmorgan tries not to stare too closely at neutron.17:10
notmorgan:P17:10
*** tiagogomes has quit IRC17:10
cloudnullits likely for the best17:10
notmorgancloudnull: yeah the networking setup has been kindof a beast17:11
notmorganbefore evne running OSA17:11
Sam-I-Amnotmorgan: networking is good for you17:11
notmorganwould be easier with physical hardware.17:12
cloudnullnotmorgan: Sam-I-Am cloud aint hard. its cloud!17:12
cloudnull:p17:12
notmorganprobably less fighting wiht "what the cloud gives me" (and what the cloud gives me is far from "insane", just requires more sideways looking)17:12
*** iceyao has quit IRC17:12
notmorgancloudnull: HAH17:12
notmorgani also have some stuff to contribute up to OSA (and other CMS modules for OpenStack) to make things better already - just need to proove they all work17:13
notmorgan:)17:13
*** greg_a has joined #openstack-ansible17:14
cloudnullsweet!17:14
*** iceyao has joined #openstack-ansible17:14
cloudnullworking is not part of the "success criteria" for cloud. thats rhetoric of our oppressors17:15
notmorganHAH17:15
notmorganoh gah, that makes me laugh too much17:15
cloudnullnotmorgan:  are you doing a multi node install ?17:15
cloudnullor is it an AIO17:15
notmorganso my PoC is focused on single API host with services sub-url mounted17:15
notmorganyes multinode17:15
cloudnullcool17:15
notmorganAIO doesn't really let me proove out what i need17:15
notmorgani need multiple API hostnames17:16
cloudnullwe can do that in an AIO if thats what you need17:16
notmorgansince i'm splitting Auth to "auth.<host>" and all other identity things under api..../<identity>17:16
notmorganand i want to ensure there is complete isolation from the user -> service17:16
notmorganwhich is not as easy with AIO17:16
notmorgani am also building a separate route for svc -> svc communication rather than user->svc17:17
cloudnullwe can set an "affinity" group for container+n for a service type17:17
cloudnullif that helps, but multi-node is the better way to go for sure17:17
notmorgani've proved i can do it now, but i'm aiming for a real "this is how it should look17:17
notmorganrather than "we faked it out internally"17:17
cloudnullnice17:17
notmorganand it also will help me develop the changes for keystoneauth, occ, and the services.17:18
cloudnullsweet!17:18
cloudnullwell you let us know what you need.17:18
notmorganmy long term goal is to have HAProxy or whateve edge to the offload of keystonetoken-validation/auth-validation17:18
cloudnullthat'd be cool17:18
notmorganevne have a mockup in Lua to do that already in HAProxy17:18
*** oneswig has joined #openstack-ansible17:18
*** oneswig has quit IRC17:18
cloudnullSSL termination on the LB offloading directly to auth-X would be sweet17:19
notmorgancloudnull: the start of it: https://github.com/morganfainberg/HAProxyKeystoneMiddlware17:19
* cloudnull reading17:19
notmorganand fwiw, it *seems* to generally do better than the python keystonemiddleware in a contrived environment17:20
notmorganlike devstack17:20
*** baker has joined #openstack-ansible17:21
notmorganbut.. i mean, thats *not* really a good "how well does this work" [nor is that code even near complete]17:21
alextricitycloudnull: well that was easy! installing libvirt in the venv did the trick17:21
alextricityAlthough, this looks fishy:17:22
alextricityConnecting to libvirt: qemu:///system _get_connection /openstack/venvs/ceilometer-master/lib/python2.7/site-packages/ceilometer/compute/virt/libvirt/inspector.py:8017:22
alextricityqemu?!17:22
alextricityI know for sure i'm using kvm17:22
alextricityTaking life, one bug at a time17:22
cloudnullnotmorgan: thats awesome  !17:23
cloudnull@RAX we're doing a similar thing in Bash for integration in F5 for production, but a community supported LUA option would be far superior and something that I'd imagine we can help out with. -cc Apsu, jamesdenton, rackertom17:24
cloudnullalextricity:  sweet!17:24
cloudnullqemu is the interface used to talk to KVM17:24
cloudnullso thats normal17:24
notmorgancloudnull: yeah. and then the reallllly cool part is if we get everything behind http://<host>/<service> rather than <service>.host or port-number based17:24
palendaecloudnull: I think Mudpuppy, who's not in this channel, was also working on F5 REST API stuff17:24
notmorgancloudnull: then we can do interesting things like... 1 OAuth session covers all APIs17:24
cloudnull^ that17:25
cloudnullawesome17:25
notmorgannow that LUA impl is *very* haproxy specific17:26
cloudnullpalendae: ah thats a good point, mudpuppy too is working on those bits17:26
notmorganbecuase it leans on the txn and txn.HTTP objects17:26
notmorganbut i think that is fine17:26
notmorgansince HAProxy does some of the best L7 routing of the OSS projects out there [without varnish insanity]17:26
cloudnullthats fine for sure.17:26
notmorganwhile i like varnish, i *dont* like the custom module bit17:27
notmorgananyway. so.. once i'm back i'll prob ask for some help getting the provider_network stuff lined up in my POC17:28
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Convert AIO bootstrap from bash to Ansible  https://review.openstack.org/23952517:28
cloudnullsweet! you let us know what you need to make it go17:29
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Convert AIO bootstrap from bash to Ansible  https://review.openstack.org/23952517:30
openstackgerritMerged openstack/openstack-ansible: Added ceilometer-polling upstart jobs  https://review.openstack.org/24994617:31
openstackgerritDarren Birkett proposed openstack/openstack-ansible: tidy up notification_driver implementation across projects  https://review.openstack.org/25309817:32
*** javeriak_ has joined #openstack-ansible17:34
mancdazalextricity https://review.openstack.org/#/c/253098/17:35
alextricityAwesome!17:35
*** egonzalez has quit IRC17:36
*** javeriak has quit IRC17:36
odyssey4memhayden the -nv check has shown that the whole process runs, but fails in tempest because of the missing metadata checksum17:38
odyssey4memhayden the voting gate keeps failing due to slowness, which I suspect relates to changes in the sshd config in the role I'm using - it'd be great if we could find the setting changes needed to add as vars to the bootstrap to make it be faster :)17:39
*** ysm has quit IRC17:44
odyssey4memancdaz with an update of the commit message, https://review.openstack.org/253098 will get my +217:45
notmorgancloudnull: yay finally got openstack-ansible to actually run.17:51
cloudnullwoot!17:52
cloudnullthats a step in the right direction17:52
spotzNice notmorgan17:52
cloudnull:)17:52
*** greg_a has quit IRC17:52
notmorgannow need to finally go figure out the network configs on the boxes and see if i can chase down a few of the other errors.17:52
cloudnullmaster/liberty?17:52
notmorganbut hey. -C is good.17:52
notmorgancloudnull: uhm... openstack ansible 12.0.1?17:52
notmorganwhatever that translates to17:52
cloudnullliberty17:52
notmorganthough i should move to master, but liberty should be sufficient17:53
openstackgerritDarren Birkett proposed openstack/openstack-ansible: tidy up notification_driver implementation across projects  https://review.openstack.org/25309817:53
* notmorgan was only running -C cause networking not setup17:53
cloudnullnotmorgan: you should pull in https://review.openstack.org/#/c/252100/17:53
notmorganbut hey. at least it didn't error all over17:53
notmorgancool.17:54
cloudnullneutron - l2pop == a bad time17:54
notmorgandone17:54
notmorganyah17:54
cloudnullyou can apply it w/ ``openstack-ansible os-neutron-instlal --tags neutron-config``17:55
* notmorgan nods.17:55
notmorganoh wow need to go chase why i can't reach some hosts first.17:55
notmorganthen errands then back to this17:55
cloudnullunreachable hosts is also a bad time ;)17:56
cloudnullhave fun w/ the errands17:56
Sam-I-Amcloudnull: neutron should work without l2pop17:57
odyssey4me#success OpenStack-Ansible Kilo 11.2.6 has been released. :)17:57
openstackstatusodyssey4me: Added success to Success page17:57
cloudnullSam-I-Am: it does not. we've estabilished this for the last two days.17:57
*** KLev-away is now known as KLevenstein17:57
cloudnullif it did we wouldnt need https://review.openstack.org/#/c/252100/17:58
Sam-I-Amcloudnull: i thought this was arp spoof stuff17:58
Sam-I-Amor l3ha + l2pop17:58
cloudnullno l2pop == port binding errors17:58
cloudnullregardless of l3ha17:58
Sam-I-Amblehhhhh17:58
cloudnullyea...17:59
cloudnullbecause, neutron, because CLOUD!17:59
Sam-I-Ami'm bringing that up over in the nootron channel18:00
Sam-I-Ambecause it seems really odd18:00
cloudnullplease do. and if you find something please learn us. because it should work.18:01
*** karimb has quit IRC18:02
Sam-I-Ami'll have to try this in my lab too18:02
Sam-I-Amthis is just liberty?18:02
cloudnullmaster/liberty18:03
Sam-I-Amcloudnull: is there a neutron bug for this?18:03
*** javeriak has joined #openstack-ansible18:03
cloudnullnot that i've made18:04
cloudnullor seen specifically.18:04
Sam-I-Amseems o-a hits a lot of possible neutron bugs, but doesnt open bugs18:04
Sam-I-Amso its hard for me to track these18:04
Sam-I-Amlike the l2pop+l3ha problem18:04
cloudnullwe just patched that yesterday18:04
odyssey4menote that this is linuxbridge... it may not be a problem for ovs or other networking backends18:04
cloudnull^ that too18:04
odyssey4mebut yes, we should be better at engaging the upstream communities18:04
Sam-I-Amthats also a possibility... o-a is the only deployment tool using lb18:04
cloudnullbecause we've learned the OVS lesson18:05
cloudnull:)18:05
cloudnullothers are getting there.18:05
Sam-I-Amsc68cal: ping18:05
notmorganhmm.. i cna login to the hosts that are unreachable but ansible can't... hmmm18:06
*** javeriak_ has quit IRC18:06
sc68calSam-I-Am: pong18:06
cloudnullnotmorgan: host key validation issues ?18:07
notmorgancloudnull: maybe...18:07
notmorganbut..18:07
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Tidy up notification_driver implementation across projects  https://review.openstack.org/25309818:07
Sam-I-Amsc68cal: scrollback, have you heard of this particular issue?18:07
cloudnullansible -m ping <hostname> works ?18:07
Sam-I-Amsc68cal: disabling l2pop in liberty breaks things18:07
cloudnull+ linuxbridge18:07
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Tidy up notification_driver implementation across projects  https://review.openstack.org/25309818:07
sc68calnope - open a bug please18:07
notmorganheh no hosts matched uhg.18:08
* cloudnull lunching18:08
Sam-I-Amsc68cal: yeah, lemmie try this in my lab first18:08
Sam-I-Amcould be something specific to o-a18:08
Sam-I-Amthats where this all becomes fun18:08
odyssey4meSam-I-Am ref: https://review.openstack.org/25210018:09
Sam-I-Amodyssey4me: bug says 'using l3ha'18:09
odyssey4meie Sam-I-Am you can associate https://bugs.launchpad.net/openstack-ansible/+bug/1521793 with Neutron18:09
openstackLaunchpad bug 1521793 in openstack-ansible trunk "Master/Liberty w/ L2pop disabled breaks neutron" [High,In progress] - Assigned to Kevin Carter (kevin-carter)18:09
odyssey4methere is a bug, in other words - it just needs to be added to Neutron18:09
Sam-I-Amyeah18:10
Sam-I-Amwhat i'm trying to glean is - does this break with or without l3ha?18:10
Sam-I-Ambecause for a while, l3ha broke with l2pop18:10
odyssey4meand yes, in subsequent investigation we've found that l2pop needs to be enabled regardless of whether l3ha is enabled or not18:10
Sam-I-Amnow its... l3ha broke without l2pop18:10
odyssey4meyes, l3ha broke without l2pop18:11
Sam-I-Amiirc, we enabled l2pop in kilo18:13
Sam-I-Amjust no l3ha18:13
Sam-I-Ambut i seem to recall kilo working without l2pop too18:13
odyssey4meyes18:13
*** mrodden has quit IRC18:19
*** mrodden has joined #openstack-ansible18:21
odyssey4me#success OpenStack-Ansible Liberty 12.0.2 has been released. :)18:22
openstackstatusodyssey4me: Added success to Success page18:22
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Only deploy .my.cnf file on galera/utility containers  https://review.openstack.org/25312218:24
openstackgerritByron McCollum proposed openstack/openstack-ansible: Implement OpenStack client clouds.yml configuration file  https://review.openstack.org/24920918:26
*** permalac has quit IRC18:32
*** eil397 has joined #openstack-ansible18:36
*** javeriak_ has joined #openstack-ansible18:39
*** javeriak has quit IRC18:40
*** javeriak has joined #openstack-ansible18:41
*** revdr has quit IRC18:42
*** javeriak_ has quit IRC18:44
*** elo has joined #openstack-ansible18:47
*** ctina_ has quit IRC18:53
*** javeriak has quit IRC18:55
alextricityHey. I'm using the 15GB Standard Instance from rax public cloud to build an AIO and it comes with two drives18:55
alextricitythe second drive, /dev/xvdc, has 2gb18:55
alextricityfor some reason the bootstrap scripts are building out /var/lib/lxc on this drive18:55
*** revdr has joined #openstack-ansible18:55
alextricitydoes anyone know where this is set?18:56
*** phiche1 has joined #openstack-ansible18:57
*** phiche has quit IRC19:00
*** Mudpuppy has joined #openstack-ansible19:00
*** phiche1 has quit IRC19:01
*** phiche has joined #openstack-ansible19:01
*** dmsimard is now known as dmsimard|afk19:01
*** phiche1 has joined #openstack-ansible19:01
*** phiche has quit IRC19:05
alextricitydiscard my question from above. I must of been lacking in caffeine19:05
*** phiche1 has quit IRC19:05
*** revdr has quit IRC19:06
*** revdr has joined #openstack-ansible19:06
openstackgerritTom Cameron proposed openstack/openstack-ansible: Allow ramdisk_id, kernel_id to be null on schema  https://review.openstack.org/25314019:07
Sam-I-Amrackertom: finger it out?19:07
rackertomSam-I-Am: Yesir.19:07
odyssey4mealextricity yep, it'll use the largest disk available for the AIO19:08
odyssey4mewe're changing that behaviour in https://review.openstack.org/23952519:09
rackertomodyssey4me: That review ^. Does it look right that only that template would need to be pulled in for Kilo as well as liberty, or have there been other changes which will need backporting to Kilo?19:09
odyssey4mein that patch it'll only use the largest disk if you tell it to, otherwise it'll assume using /19:09
odyssey4merackertom I have no idea - I'd recommend asking stevelle / sigmavirus24 / evrardjp about that19:11
*** mgoddard_ has joined #openstack-ansible19:11
odyssey4memhayden woot! https://review.openstack.org/239525 has passed the non-voting gate :)19:14
openstackgerritJesse Pretorius proposed openstack/openstack-ansible: Creating nova-secret with safe file permissions  https://review.openstack.org/24890419:14
*** mgoddard has quit IRC19:14
notmorganhmm. getting an LVM error (ensure /etc/lvm) issue on hosts that shouldn't *need* lvm, just writing to the filesystem is fine. [not a cinder block volume host]19:15
notmorganand /etc/lvm is there.19:15
*** mgoddard_ has quit IRC19:17
cloudnullnotmorgan: is failing due to write permissions?19:17
cloudnull*is it ...19:18
notmorgancloudnull: not sure. actually i'm going to go back to working on network config first then circle back on this in the case that it's just something wonky in trying to "check" vs. actually apply19:18
notmorganbecause getting the network configs on the hosts right is the big blocker for me atm.19:18
cloudnullok.19:18
cloudnullis it the host networks IE: bridges?19:18
cloudnullor the provider_networks section in config ?19:19
notmorgancloudnull: the actual target hosts network (bridges)19:19
notmorganfirst19:19
notmorganprovider_networks section is after i get the hosts sane19:19
cloudnullyou see https://github.com/openstack/openstack-ansible/blob/master/etc/network/interfaces.d/openstack_interface.cfg.example ?19:19
notmorganyah19:19
cloudnullkk19:20
notmorgani have to modify it cause i'm not doing bonds19:20
notmorgansince these are virtualized to begin with19:20
notmorganno real benefit19:20
*** ysm has joined #openstack-ansible19:20
notmorgani mean... i guess i could do bonds anyway with a single interface but... why bother with the headache19:20
cloudnullyea no need19:21
cloudnullhttps://github.com/openstack/openstack-ansible/blob/master/etc/network/interfaces.d/aio_interfaces.cfg might be more relevant19:21
cloudnulldo the nodes have mulitiple nics ?19:21
notmorganyes19:22
notmorganon diff networks19:22
cloudnullso that may be closer to what you'd want, plugging in `bridge_ports` to the various devives accordingly.19:23
notmorgancloudnull: yeah19:23
cloudnulland if needed you can hang a veth off of a bridge to give you yet another network19:23
cloudnullhttps://github.com/openstack/openstack-ansible/blob/master/etc/network/interfaces.d/aio_interfaces.cfg#L53-L5919:23
odyssey4meyeah, mattt's heat template for a multi-node deployment may be a useful reference here for the network config19:24
sigmavirus24odyssey4me: rackertom I thought that glance schema thing didn't need to be backported to kilo19:24
odyssey4meI've got to run.19:24
odyssey4mesigmavirus24 personally, I have no idea19:24
sigmavirus24thought that's what stevelle had said19:24
sigmavirus24Could be mis-remembering19:24
rackertomNo, stevelle made a comment about Kilo not deploying templates properly...but maybe that would be fixed some day in the future?19:25
cloudnullnotmorgan: this is what odyssey4me was making reference to19:27
cloudnullhttps://github.com/rcbops/rpc-heat/blob/master/config_controller_other.sh19:27
cloudnullhttps://github.com/rcbops/rpc-heat/blob/master/config_compute_all.sh19:28
notmorgancloudnull: looking19:28
stevellerackertom: so sigmavirus24 would probably recall, but in kilo the glance package didn't include the schema files at all. The fix for that was a change in liberty cycle though I don't have the fix on hand to link. that fix wasn't being backported.19:28
cloudnulljust more ways to skin the networking cat19:28
sigmavirus24stevelle: that's correct19:28
notmorgancloudnull: yeah. i think i'm gonna just hand edit the interfaces this time around.19:29
stevelleas such, the change to our playbooks is not an issue for kilo19:29
notmorganneed to be sure i am clear on what is happening.19:29
stevelleso no backport to kilo19:29
openstackgerritMerged openstack/openstack-ansible: Add new alarm for the galera checks  https://review.openstack.org/25189019:29
cloudnullyea this is what i find myself doing more often than not.19:29
* notmorgan wishes network was easier for OSA to deploy w/o needing the extra manual steps, but i get why19:29
cloudnullin the ansible2 timeframe we cna use the NM module to do a lot of that for us19:30
notmorgancloudnull: yeah19:30
* cloudnull wants http://docs.ansible.com/ansible/nmcli_module.html19:31
rackertomstevelle: Yeah, that particular file does exist so I backported anyway.19:32
* rackertom shrugs19:32
cloudnullnotmorgan: are there things that we can do to help out w/ the ansible2 OS modules ?19:32
rackertomodyssey4me had actually already done the backport for Liberty on the 1st anyway19:32
notmorgancloudnull: i am really not familiar with neutron stuff / networking in ansible at this point19:33
notmorganso i can't answer that sanely19:33
cloudnullno worries .19:33
* notmorgan tries rebooting a node and seeing if the network "works"19:43
notmorgan:P19:44
*** mgoddard has joined #openstack-ansible19:47
sigmavirus24odyssey4me: stevelle rackertom actually that backport is valid (see my vote on https://review.openstack.org/#/c/253140/)19:50
*** phiche has joined #openstack-ansible19:51
stevelleok, I could swear the packaging didn't get fixed so that this would actually get used in kilo but w/e19:51
stevelleI'm probably confused again19:51
rackertomWow. The first time I decide to pre-emptively ignore a comment for the betterment of a future me...and I was nearly right. This is the most confusing day of my life.19:52
*** dmsimard|afk is now known as dmsimard19:52
*** jimchou has joined #openstack-ansible19:54
logan-def valid, i filed that bug based on a kilo install19:57
*** ysm has quit IRC19:59
*** sdake has joined #openstack-ansible20:04
openstackgerritTom Cameron proposed openstack/openstack-ansible: Fixed haproxy backend config issue  https://review.openstack.org/25318020:08
notmorgancloudnull: woo i think i got my bridge setup working20:12
notmorgancloudnull: so quick question, used_ips, is there anything i need to add to used_ips if the ips are all assigned to bridge devices?20:13
notmorgancloudnull: it looks like i don't20:13
notmorganbut just confirming20:13
sigmavirus24stevelle: so, the packaging is separate from the template we carry in osa20:13
sigmavirus24in Kilo we need to lay down that file because otherwise nothing lays it down and glance gets upset that it's not there (probably) and so we need to keep the templated version up-to-date for glance in OSA20:14
cloudnullnotmorgan:  no. anything defined in the openstack_user_config file is already marked as "used"20:15
stevellesigmavirus24: confirming my prior state of confusion. thx20:15
notmorganok great20:15
notmorganwell20:15
notmorganthere are different IPs on the bridge interfaces20:15
notmorganthat aren't defined in the hosts in openstack_user_config20:15
sigmavirus24stevelle: glad to confirm20:15
notmorganonly the ips for the container network are there20:15
cloudnullare the cidr's being used within the cidr_networks ?20:15
notmorganyes20:16
notmorganso i need to exlude them20:16
cloudnullthen I'd add the entries or ranges20:16
notmorganwhat is the correct syntax/depth for used_ips. cause i keep getting parse errors trying to enable it20:16
cloudnullyes to make sure there are no conclusions20:16
cloudnullwrong word... *collisions20:16
* notmorgan just wants to block of the first ~25 ips in each cidr range20:16
notmorganand then call it good.20:16
cloudnullyup20:16
cloudnull10.0.0.1,10.0.0.26 and you should be good20:17
notmorganoh hay it worked this time.. cool must have been something else going on20:17
notmorganok now i am down to solving this LVM issue so i can run openstack-ansible for real20:18
notmorgannot just -C20:18
cloudnullit may be an issue w/ check mode and the tasks20:19
notmorganok so i should just run and see how it goes?20:19
notmorgancause... i think i'm at that point20:19
cloudnullyolo20:19
cloudnull:)20:19
notmorganoh man. hopefully this isn't all horked [i mean i also don't have HAProxy running yet, but don't expect OSA to set that up for me atm.20:20
*** ysm has joined #openstack-ansible20:20
notmorganbecause i have a much more custom config needed.20:20
*** ysm has quit IRC20:20
* notmorgan runs.20:20
notmorganwooooooo scaaaary20:20
cloudnullyou can run the haproxy role if you need that20:21
notmorgani hmmm20:22
notmorganbroken package install(s)20:22
notmorganoh poo, lost my default route20:22
notmorganok /me goes to fix20:22
cloudnullwas that caused by OSA ?20:22
notmorganno20:23
notmorganby my bridge setup20:23
cloudnullok, woooo... was about to panic :)20:23
notmorganlol20:25
notmorgannow i get to wait 6 minutes for the hosts to restart20:25
notmorgan(because cloud-init gets cranky and i didn't bother to disable it)20:26
Sam-I-Amcloud-init doesnt like bridges or vxlan interfaces20:31
openstackgerritKevin Carter proposed openstack/openstack-ansible: Functional backport for the new repo-build process  https://review.openstack.org/24421520:33
sigmavirus24Sam-I-Am: let the bridges you burn light your way20:35
Sam-I-Ammore or less20:35
*** oneswig has joined #openstack-ansible20:38
openstackgerritMiguel Alex Cantu proposed openstack/openstack-ansible: Add libvirt-python to ceilometer hosts  https://review.openstack.org/25319620:39
*** oneswig has quit IRC20:40
*** fawadkhaliq has quit IRC20:41
*** fawadkhaliq has joined #openstack-ansible20:42
*** fawadkhaliq has quit IRC20:44
stevellesigmavirus24: for best results, cross bridge before lighting20:47
*** openstackgerrit has quit IRC20:47
notmorgancloudnull: ooooooh and it's runnnnnnnning...20:47
notmorgancloudnull: [one error so far, but thats fine]20:47
*** openstackgerrit has joined #openstack-ansible20:48
notmorgancloudnull: and it's doing things... neato20:48
notmorganso it looks like i get to run ansible like i used to run puppet... keep running it until there are no errors >.<20:50
sigmavirus24notmorgan: s/puppet/chef/20:51
sigmavirus24:P20:51
notmorganhah20:51
notmorgannow if only the ubuntu mirrors weren't flakey20:51
sigmavirus24"Run thrice" was our motto with the old openstack cookbooks20:51
sigmavirus24notmorgan: a flakey mirror? neverrrr20:52
notmorgansigmavirus24: yeah right i know... so strange20:52
cloudnullnotmorgan:  use the successerator20:52
notmorgancloudnull: ??20:52
cloudnullkidding, but not... https://github.com/openstack/openstack-ansible/blob/master/scripts/scripts-library.sh#L43-L7120:53
cloudnullits for the gate20:53
notmorganno something else is going on now...20:53
notmorgangetting 404s20:53
notmorganlxc_hosts | Install apt packages20:53
*** mancdaz has quit IRC20:58
notmorganah this is an issue with the vexxhost mirrors it looks like - they don't have the packages21:00
*** mancdaz has joined #openstack-ansible21:01
*** itsuugo has joined #openstack-ansible21:03
*** karimb has joined #openstack-ansible21:12
notmorgancloudnull: out of curosity [only cause i'm about to run off for evening fun]21:12
notmorgancloudnull: does OSAD support keystone in mod_wsgi, fernet tokens, and/or other services behind nginx for SSL termination?21:12
notmorgancloudnull: and if you want to tell me "go read the code" that is a fine answer too21:13
*** ysm has joined #openstack-ansible21:13
sigmavirus24notmorgan: cloudnull is in a meeting with me21:16
notmorgansigmavirus24: irc asycn communication :P21:17
sigmavirus24notmorgan: we run keystone with apache+mod_wsgi and easily support fernet tokens21:17
sigmavirus24we also (in our deployments) do SSL termination at an F521:17
notmorgansigmavirus24: it was mostly a question on how much hacking am i going to need to do.21:17
notmorganso...21:17
notmorganbecause i need each endpoint to also be SSL terminated (behind the L7 router)21:17
sigmavirus24notmorgan: we did find that fernet+federation does not work though21:17
notmorganfor my POC21:17
notmorganso, it's [internet] -> [[ssl] HAProxy] -> [[ssl] service]21:18
sigmavirus24So you'll probably need to do some hacking but for the endpoint URL construction in the variables, you'll have to override the URI scheme variables which I can find for you later (or cloudnull can point you to them)21:18
sigmavirus24Aha, so point-to-point TLS, got it21:18
notmorganyah21:18
sigmavirus24That's not currently how we've deployed anything21:18
sigmavirus24(that I'm aware of)21:18
notmorgansorry, TLS all the things21:18
notmorgani'm actually ok ripping the containers out once i have a basic working set of configs21:18
sigmavirus24I'm 100% in support of that21:18
notmorganso, i might just do that21:19
notmorganbecause the containers buy me nothing for the PoC21:19
sigmavirus24That shouldn't be a problem to do though21:19
sigmavirus24It was just never a priority for us21:19
notmorganyeah figured as much21:19
sigmavirus24cloudnull: and odyssey4me can definitely confirm/deny that21:19
notmorgani need it because i am aiming to show an end-to-end config21:19
notmorganas part of this POC21:19
notmorganand have some good nginx configs to handle SSL for each of the APIs21:19
sigmavirus24:+1:21:19
sigmavirus24Yeah, that's interesting to me21:20
notmorgansince i wont ever be "redeploying" it wont make a lick of difference21:20
sigmavirus24heh21:20
notmorgani'm actually going to get a couple cheap-o real certs for my public facing endpoints21:20
notmorganso i can have people poke at it easily21:20
sigmavirus24Let's Encrypt is in public beta21:20
sigmavirus24;)21:20
notmorganyeah but "beta" meaning i'm on the wait list21:21
*** phiche1 has joined #openstack-ansible21:21
notmorgani am ok spending $20 on SSL certs if i get to that point before i'm allowed in21:21
notmorgan;)21:21
notmorgan($20 total, not each)21:21
* sigmavirus24 nods21:21
notmorganand that is if i don't look for less $$$ cert21:21
*** phiche has quit IRC21:21
*** mgoddard has quit IRC22:03
*** linggao has quit IRC22:04
*** phiche1 has quit IRC22:08
*** sdake has quit IRC22:10
mrdalinggao, odyssey4me: Sorry for not responding earlier, I was out of office yesterday.22:17
*** sdake has joined #openstack-ansible22:20
*** bangfrog has quit IRC22:23
*** ysm has quit IRC22:31
*** sacharya has joined #openstack-ansible22:36
*** Mudpuppy has quit IRC22:40
*** agireud has quit IRC22:47
*** sdake has quit IRC22:52
*** baker has quit IRC23:04
*** baker has joined #openstack-ansible23:04
*** mss_ has joined #openstack-ansible23:04
*** Tridde has quit IRC23:07
*** mss has quit IRC23:07
*** Trident has joined #openstack-ansible23:09
*** baker has quit IRC23:09
*** KLevenstein has quit IRC23:12
*** sacharya has quit IRC23:25
*** sacharya has joined #openstack-ansible23:25
*** spotz is now known as spotz_zzz23:32
*** bangfrog has joined #openstack-ansible23:43
*** agireud has joined #openstack-ansible23:52
*** sigmavirus24 is now known as sigmavirus24_awa23:57
« Wednesday, 2015-12-02 Index Friday, 2015-12-04 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!