Thursday, 2017-01-12

« Wednesday, 2017-01-11 Index Friday, 2017-01-13 »
*** dpak has left #openstack-swift00:00
*** kei_yama has quit IRC00:04
*** sams-gleb has joined #openstack-swift00:07
*** sams-gleb has quit IRC00:13
*** kei_yama has joined #openstack-swift00:15
claygso I'm super close to understading how patch 402043 works now!  At this point I'm pretty sure I know why it works - I couldn't explain it yet - but i understand now how Pavel's fix is also a correct solution for https://review.openstack.org/#/c/418690/00:16
patchbothttps://review.openstack.org/#/c/402043/ - swift - Optimize hash calculation when suffix hash invalid...00:16
patchbotpatch 418690 - swift - Fix race in new partitions detecting new/invalid s...00:16
*** kei_yama has quit IRC00:18
*** kei_yama has joined #openstack-swift00:21
*** asettle has joined #openstack-swift00:35
*** asettle has quit IRC00:38
*** asettle has joined #openstack-swift00:38
*** asettle has quit IRC00:44
*** jamielennox is now known as jamielennox|away00:50
claygok, I definately understand it now - and I could even explain why it's correct :\00:55
*** jamielennox|away is now known as jamielennox01:21
claygtimburke: I've got to sign off soon01:24
claygbut I went back and got my list of those patches ... umm what gives with patch 29922501:24
patchbothttps://review.openstack.org/#/c/299225/ - swift - Treat invalid limit parameters as errors01:24
claygyou want me to change my mind? or +1 so there's some sort of officail "if you guys thing this is for the best"?  Or do you need me to play the bad guy and -2 that wishlist needs-next-api thing!01:25
*** vint_bra has quit IRC01:28
*** tqtran has quit IRC01:30
*** varunsomani has joined #openstack-swift01:45
varunsomaniHi I am seeing an issue in the swift proxy screen, can anyone help ?01:46
*** ukaynar has joined #openstack-swift01:51
*** _JZ_ has quit IRC01:51
varunsomaniHi I am seeing an issue in the swift proxy server, can anyone help ?01:54
mattoliverauvarunsomani: maybe, whats up?01:56
varunsomaniI am getting the following message on screen01:56
varunsomaniproxy-server: Authenticating user token01:56
varunsomaniproxy-server: Invalid user token01:56
varunsomaniproxy-server: Deferring reject downstream01:56
varunsomaniproxy-server: Received request from user: user_id f2e6b61346b14946b389353b38016b87, project_id 37e383b047fa4f8196b7c13141f33916, roles admin01:56
varunsomaniproxy-server: Authorizing as anonymous (txn: tx0c59249a2e0c45bcb5c4a-005876ab43)01:56
varunsomanithis happens in the HEAD query01:57
varunsomaniIn GET query there is no issue.01:57
mattoliverauvarunsomani: what are you using for auth? keystone. Because I think that sounds like a problem with keystone.01:58
varunsomaniyes keystone01:58
varunsomanibut then why is GET working, also i am able to create container and things01:58
mattoliverauvarunsomani: has it ever worked or is this having trouble getting it set up?01:59
varunsomaniset up01:59
mattoliverauvarunsomani: your users is a memeber of one of the operator roles you've set up for Swift in keystone and defined what the operator roles are in the swift proxy keystoneauth config?02:02
mattoliverau*user02:02
mattoliverauand you have the reseller02:02
mattoliverau*and you have the reseller_prefix set up correctly?02:03
* mattoliverau is just trying to think of the gotchas I always fall for02:03
varunsomanii think we are using the default reseller prefix02:04
varunsomaniAUTH02:04
mattoliverauvarunsomani: and the storage url your using's account starts with AUTH_?02:05
varunsomanishould be, I haven't changed that setting. should get the default only.02:07
*** sams-gleb has joined #openstack-swift02:10
*** klrmn has quit IRC02:12
mattoliverauvarunsomani: I mean when your hitting the swift endpoint if the account part starting with AUTH_ ie: http://<ip>/v1/AUTH_<account>/? just want to make sure, because it's how the keystone middleware knows what auth plugin to use.02:14
*** sams-gleb has quit IRC02:14
varunsomaniyes i think so with the same auth get command is working fine02:15
varunsomanibut HEAD is failing02:15
mattoliverauoh right, so it's just the HEAD failing, sorry, failed to read :P02:15
varunsomanino worries02:15
varunsomaniit doesn't need any other authentication right ?02:16
mattoliveraunope, if GET wotks, HEAD should too, from an auth point of view02:16
varunsomaniyeah then keystone is working as expected i assume.02:18
varunsomaniany idea ?02:25
mattoliverauhmm, not sure what could be causing it.. need to think about this.02:44
*** ppai has joined #openstack-swift02:49
*** ppai has quit IRC02:55
*** JimCheung has quit IRC02:59
si1verI'm the glitch inhalator, herb conjugator, verb modulator.... teleport massive...03:06
* si1ver notes that this is the wrong room03:06
*** varunsomani has quit IRC03:09
si1verWell hey since I'm in here anyway... Do the tests on the swift3 middleware include aws4 request signing? I read through them but was not sure.03:09
*** bkopilov has quit IRC03:13
*** JimCheung has joined #openstack-swift03:14
*** JimCheung has quit IRC03:19
*** links has joined #openstack-swift03:39
*** dmorita has quit IRC04:01
*** psachin has joined #openstack-swift04:05
*** Jeffrey4l__ has joined #openstack-swift04:11
*** sams-gleb has joined #openstack-swift04:12
*** Jeffrey4l_ has quit IRC04:14
*** sams-gleb has quit IRC04:16
*** SkyRocknRoll has joined #openstack-swift04:27
*** bkopilov has joined #openstack-swift04:38
*** ppai has joined #openstack-swift04:55
*** dschultz has quit IRC04:56
*** manij has joined #openstack-swift04:58
*** dmorita has joined #openstack-swift05:02
*** manij has quit IRC05:03
*** dmorita has quit IRC05:06
*** ukaynar has quit IRC05:21
*** dmorita has joined #openstack-swift05:27
*** dmorita has quit IRC05:31
openstackgerritJanie Richling proposed openstack/swift: Symlink implementation.  https://review.openstack.org/23216205:51
openstackgerritJanie Richling proposed openstack/swift: Symlink API documentation  https://review.openstack.org/41594305:51
jrichlijust rebasing before squash ^^05:51
openstackgerritJanie Richling proposed openstack/swift: Symlink implementation.  https://review.openstack.org/23216205:55
jrichliugh, the same thing happened and version 43 was used instead of 44 for symlinks.py and others.  sorry tdasilva.05:59
* jrichli is calling it a night06:00
*** _JZ_ has joined #openstack-swift06:03
*** dmorita has joined #openstack-swift06:14
*** sams-gleb has joined #openstack-swift06:14
*** dmorita has quit IRC06:18
*** sams-gleb has quit IRC06:18
*** tesseract has joined #openstack-swift07:14
*** psachin has quit IRC07:27
*** _JZ_ has quit IRC07:29
*** psachin has joined #openstack-swift07:29
*** winggundamth has joined #openstack-swift07:30
*** ChubYann has quit IRC07:32
*** manous has joined #openstack-swift07:44
*** sams-gleb has joined #openstack-swift07:46
*** logan- has quit IRC07:47
*** hseipp has joined #openstack-swift07:55
*** logan- has joined #openstack-swift07:56
*** dmorita has joined #openstack-swift08:02
*** dmorita has quit IRC08:06
*** rledisez has joined #openstack-swift08:10
*** manij has joined #openstack-swift08:21
*** manij has quit IRC08:25
*** kei_yama has quit IRC08:31
*** winggundamth has quit IRC08:33
*** glb has joined #openstack-swift08:37
*** jordanP has joined #openstack-swift08:37
*** jordanP has quit IRC08:37
*** hseipp has quit IRC08:39
*** geaaru has joined #openstack-swift08:49
*** david-lyle has quit IRC09:01
*** manous has quit IRC09:09
*** mvk has quit IRC09:18
*** david-lyle has joined #openstack-swift09:24
mahatictimburke: clayg : thank you for the update/review on patch 374419!09:30
patchbothttps://review.openstack.org/#/c/374419/ - swift - Move documented reclaim_age option to correct loca...09:30
*** JimCheun_ has joined #openstack-swift09:31
*** jordanP has joined #openstack-swift09:33
*** JimCheun_ has quit IRC09:35
*** Shashikant86 has joined #openstack-swift09:39
*** asettle has joined #openstack-swift09:41
*** mvk has joined #openstack-swift09:51
*** cbartz has joined #openstack-swift10:22
*** sams-gleb has quit IRC10:31
*** sams-gleb has joined #openstack-swift10:32
*** mvk has quit IRC10:36
*** sams-gleb has quit IRC10:36
*** acoles_ is now known as acoles10:43
*** furlongm_ has quit IRC10:46
*** furlongm has joined #openstack-swift10:47
*** mvk has joined #openstack-swift10:48
*** sams-gleb has joined #openstack-swift10:51
*** Jeffrey4l__ is now known as Jeffrey4l10:58
*** Shashikant86 has quit IRC10:58
*** dmorita has joined #openstack-swift11:18
*** dmorita has quit IRC11:23
*** ganders has joined #openstack-swift11:35
*** vint_bra has joined #openstack-swift11:52
*** dmorita has joined #openstack-swift11:55
*** dmorita has quit IRC11:59
*** bkopilov has quit IRC11:59
*** jordanP has quit IRC12:07
*** jordanP has joined #openstack-swift12:08
*** links has quit IRC12:13
*** tmoreira has quit IRC12:15
*** sheel has joined #openstack-swift12:19
*** tmoreira has joined #openstack-swift12:19
*** ppai has quit IRC12:26
*** SkyRocknRoll has quit IRC12:38
tdasilvagood morning13:17
tdasilvaacoles: you around?13:17
acolestdasilva: yes13:17
tdasilvaacoles: hi! so I'm trying to understand the use of 'X-Object-Sysmeta-Container-Update-Override-Etag'. I see how in the encrypter we check to see if it has been set, so that it can be added to the footer13:18
tdasilvabut i'm still trying to understand who currently sets that header in the first place?13:19
acolestdasilva: no one IIRC, unless it got added in SLO - timburke had that in mind SLO using it13:20
acolesso it is just used by the encrypter13:20
tdasilvaacoles: is that the header used by EC proxy controller to send the "correct" etag to the container listing thou?13:21
acolestdasilva: no (I was just refreshing my memory on that)13:22
acolestdasilva: https://github.com/openstack/swift/blob/e8a80e874a5086e94c5ae93e3a9191cb813d1631/swift/proxy/controllers/obj.py#L1822-L182913:22
acolesfor b/wards compatibility we left EC using the older Backend- style override headers13:23
acolesThe object server handles both and applies correct precedence13:23
acolesBut for new use cases X-Object-Sysmeta-Container-Update-Override-Etag is the correct one to use13:24
acolestdasilva: Is this related to sending the symlink target to the container server?13:24
tdasilvaacoles: yes, i guess i'm trying to understand if another middleware could override whatever value is put in there13:25
tdasilva?13:25
*** links has joined #openstack-swift13:25
acolesIt can but IIRC the left most middleware (closest to client) takes precedence, so if symlink was very last in pipeline then it could be smart and append to the existing etag, but otherwise the symlink supplied value might get replaced by a later middeware13:27
acolessorry, that's wrong13:27
acolesI mean if symlink was before encryption and supplied a value then it would override the etag value that encryption wished to set13:28
acolesIt's assumed that the left most middleware is the authority for the etag value that should go to container server update13:29
psachinclayg: Can you please review 1) https://review.openstack.org/406012 2) https://review.openstack.org/41547313:29
patchbotpatch 406012 - swift - Fix swift-get-nodes arg parsing for missing ring13:29
patchbotpatch 415473 - swift - Proxy server controller tests should be reorganized13:29
tdasilvaacoles: are you referring to this: https://github.com/openstack/swift/blob/master/swift/common/middleware/crypto/encrypter.py#L144,L15213:32
acolestdasilva: yes, so an override header or footer would take precedence over the usual etag header when the encrypter decides what to encryt and then pass in the override footer13:38
tdasilvaacoles: and in the case of symlink, the expectation is that the etag being set is always the MD5_OF_EMPTY_STRING so, crypto should not try to set (encrypt) anything anyway, right?13:38
tdasilvaacoles: see line 155 just below...13:38
*** bkopilov has joined #openstack-swift13:39
tdasilvaacoles: will just need to modify that to account for 'etag;param=value'13:39
acolesright, the encrypter would need to first parse the etag for possible params13:40
acolestdasilva: what I'd like to suggest for consideration is that symlink uses a separate header to pass the target to the container server, and not abuse etag. I *think* we have support for that.13:41
acolessee this test https://github.com/openstack/swift/blob/3bf011b0e313b174e98ca59774420c1527cceb47/test/unit/obj/test_server.py#L5044-L504413:41
tdasilvaacoles: well..that was going to be one of my next questions...why can't we just comeup with another header to pass to the container server? I'm guessing we would want to limit that13:42
acolesIIRC I considered doing that to handle swift_bytes during fast post container updates, but in the end we always have to support swift_bytes being appended to content-type so there was no point. But for this new use case I think it is worth consideration.13:43
acolesSo if symlink adds X-Object-Sysmeta-Container-Update-Override-Symlink-Target=a/c/o' then I think the container update will get and X-Symlink-Target=a/c/o header13:44
acolesthat's assuming we made it plumb all the way through, but the object server seems to support that13:45
acolesSee https://github.com/openstack/swift/blob/2bdf61fadda655323a36185f921f8a3e183bcdf9/swift/obj/server.py#L459-L49513:46
acolesSo then the container server needs to be made to handle that new header, and it might do that by appending to etag in the db, but that choice is confined to the container server impl and we don't need to handle etags with possible params everywhere.13:48
tdasilvaacoles: ok, trying to take a look at container code atm to see if i understand it all13:54
* acoles afk14:02
openstackgerritJanie Richling proposed openstack/swift: Symlink implementation.  https://review.openstack.org/23216214:07
*** klamath has joined #openstack-swift14:10
*** klamath has quit IRC14:10
*** klamath has joined #openstack-swift14:11
rledisezhello all14:13
rledisezdoes anyone have tips to run the swift functional tests on a specific cluster? i tried to update sample.conf, but it seems it was ignored. i can't find anything except ops guide telling me i should already be doing it :)14:13
rledisezhttp://docs.openstack.org/developer/swift/ops_runbook/diagnose.html#functional-tests-usage14:13
tdasilvarledisez: you need to have a test.conf file14:14
tdasilvaand there's a env. variable to update that points to that test.conf file14:15
tdasilvaone sec14:15
tdasilvarledisez: basically something similar to this: https://thiagodasilvablog.wordpress.com/2016/11/02/running-functional-test-against-an-openstack-swift-cluster-deployed-with-tripleo/14:16
rlediseztdasilva: great, thank you! it does things now :)14:19
*** psachin has quit IRC14:28
tdasilvaacoles: would there be any reason to *not* add X-Symlink-Target to save headers? https://github.com/openstack/swift/blob/master/swift/container/server.py#L8314:28
tdasilvaacoles: instead of appending to the etag header14:28
openstackgerritJanie Richling proposed openstack/swift: Symlink implementation.  https://review.openstack.org/23216214:36
jrichlifinally worked ^^14:39
tdasilvajrichli: :)14:40
acolestdasilva: not sure what you are thinking. save_headers only applies to requests to container path, not object path updates?14:40
acolestdasilva: you'd probably be looking to modify the object update PUT handler around here https://github.com/openstack/swift/blob/9d29ca1c766f6e846dc7a8b8730fd76d304acfe4/swift/container/server.py#L370-L37014:42
acolesto consume the x-symlink-target header and append to etag internally to the container server14:42
tdasilvaoh i see, sorry, was looking at line 393 below14:43
tdasilvaacoles: i think i'm caught up now, thanks14:50
acolestdasilva: and then in GET listing path maybe extract the symlink value from the etag value in update_record https://github.com/openstack/swift/blob/9d29ca1c766f6e846dc7a8b8730fd76d304acfe4/swift/container/server.py#L441-L44114:50
acolestdasilva: if we went this way it might be smart to make the container server handling generic i.e. any extra X-* headers get mapped to a key value param stored in the db (appended to etag) and then in GET listing path they are extraced and added as items to the listing.14:53
acolestdasilva: the disadvantage of this approach is modifying the container server. the advantage is not having to consider any effects of having extra params tacked onto the etag throughout the request paths.14:54
tdasilvaacoles: i guess i'm just wondering if we want to have a generic handling like that if it would make sense to extend the db to add a "obj metadata" column? so we don't have to keep appending to etag?? i don't know....14:55
tdasilvaacoles: plus i honestly don't know how "easy" it is to just add a column to the database in terms of upgrades and all that14:56
gandersi'm trying to upgrade version from 2.7.0 to 2.12.1, and Im getting the following error msg while trying to start the account-server deamons: http://pastebin.com/raw/1ZpyRTLA   any ideas?14:56
tdasilvaganders: what version of pyeclib do you have installed?14:58
tdasilvaoh ImportError: No module named middleware.recon14:59
ganderstdasilva: 1.2.0-1~cloud014:59
acolestdasilva: I have been wondering the same, and have the same uncertainty re how "easy" that is.15:00
tdasilvaacoles: and then there's also the question of POST updates, right?15:01
acolestdasilva: yeah, this should only be for object metadata that is immutable i.e. sysmeta as it currently is.15:02
*** chlong has joined #openstack-swift15:02
acolestdasilva: that was the challenge with content-type, that it can be modified by a post but also is in container db15:03
tdasilvaacoles: right15:03
acolestdasilva: we should avoid needing to handle that scenario again15:03
gandersok, got the middleware.recon issue.. now getting: http://pastebin.com/raw/CF0CW6z615:04
tdasilvaganders: healthcheck?15:05
gandersadd the lines on account-server.conf resolved15:05
gandersliberasurecode[13611]: liberasurecode_backend_open: dynamic linking error libisal.so.2: cannot open shared object file: No such file or directory15:05
gandersliberasurecode[13611]: liberasurecode_backend_open: dynamic linking error libshss.so.1: cannot open shared object file: No such file or directory15:05
gandersonly those errors now15:06
tdasilvaganders: for that i believe you should just need to upgrade to the latest pyeclib/libec.15:06
*** sheel has quit IRC15:07
tdasilvaacoles: in terms of symlink that should be ok because we require a PUT for setting new target path, no POSTs, but any new metadata being added there would basically need to follow the same pattern15:07
acolestdasilva: another thing to bear in mind is that etags may also have a param appended from encrypter (swift_meta) so any parsing of etag for params needs to be aware of that.15:08
tdasilvaacoles: hmm...that's the case today??15:08
acolestdasilva: yep, timburke reminded me of that (only PUT) yesterday15:09
tdasilvaso in a listing, is that returned to the user? or removed by the middleare on the way back?15:09
acolesit is removed in the decrypter15:09
tdasilvaoh i see15:09
acoleshmmm, gets me thinking of another approach (maybe this is what timburke is already thinking)...15:09
tdasilvaheh15:10
acolestdasilva: if we generalised the encrypter's use of swift-meta in proxy middleware, so any middleware can put a key-val into a swift-meta dict that gets appended to the override etag in proxy server15:11
acolesand encrypter uses that mechanism itself15:11
acolesso symlink would add target=a/c/o to a dict in request environ and proxy takes care of appending that to the override etag, and extracting the dict in GET/HEAD path.15:14
acolesNow I have remembered that encrypter adds a param to etag I realise we already have dealt with any  possible side effects of that in request path. (presumably!)15:16
acolesBut I also know that we made the update override header mechanism generic for precisely this kind of use case :)15:17
*** manous has joined #openstack-swift15:21
tdasilvaacoles: sorry, did we build two mechanism to accomplish the same thing?15:24
acolestdasilva: hehe15:24
acolestdasilva: not quite but I think we may have laid the foundations for two15:24
acolesor there is third way, doing something bespoke for symlink targets!15:25
tdasilvahehehehehe15:25
*** ukaynar has joined #openstack-swift15:27
*** sams-gleb has quit IRC15:28
*** sams-gleb has joined #openstack-swift15:28
tdasilvaacoles: reading up the code in encrypter....in fact, swift-meta gets appended to every user metadata that gets encrypted, right?15:30
acolesyes15:30
tdasilvait contains the information necessary to decrypt it later15:31
acolesexactly15:31
acolesdifferent content for each item though15:31
acolesdifferent swift_meta content I mean, at least soem of it differes15:31
*** _JZ_ has joined #openstack-swift15:32
tdasilvaunderstood15:32
acolesSo the "generic" idea I decribed would need to use more precise names than just swift_meta for whatever accumulated the specific meta to be appended to an etag.15:32
tdasilvaacoles: in the case of X-Object-Sysmeta-Container-Update-Override-Etag, the etag that is sent to the container is actually an encrypted value, but it contains the swift_meta necessary to decrypt on the way out15:32
*** sams-gleb has quit IRC15:33
acolestdasilva: yes, to be precise the header value is of form <encrypted etag>;swift_meta=...15:34
acolesi.e. the swift_meta is not encrypted15:34
acolestdasilva: this conversation has helped me get up to speed on the topic. I'm sure timburke  will roll his eyes when he gets in and tell me how it needs to work ;)15:34
tdasilvaacoles: hehehe, thank you for taking the time to walk me through15:35
ganderstdasilva: got the pyeclib issue resolved.. all services are now up and running... is there any way to see if the services are running with the 'new' version of swift?15:37
tdasilvaganders: /info will return the version you are running, but i think that's just what the proxy is running15:40
tdasilvadoes recon return version info?15:41
*** hseipp has joined #openstack-swift15:43
*** mvk has quit IRC15:44
*** sams-gleb has joined #openstack-swift15:47
*** klrmn has joined #openstack-swift15:50
tdasilvaganders: this worked for me: curl -i http://localhost:6012/recon/version15:54
tdasilvait is not clear to me if swift-recon cli tool returns this info15:54
acolestdasilva: you're welcome15:55
ganderstdasilva: works great thanks :) {"version": "2.12.1.dev19"}15:56
*** bkopilov has quit IRC15:56
*** pcaruana has joined #openstack-swift15:58
*** oshritf has quit IRC16:04
ganderstdasilva: after performing the upg version and tuning some opts, the disks remain at 100%, logically if i stop the -replicator and -auditor daemons, the pct drops to 10-12% of usage, the prob is that i cannot leave stoped those daemons for a long time, right? is there any rule out there? i mean, is possible to set a script in order to start the daemons (repl and auditor) at certain time (for ex when there's less load) and then at the most he16:09
gandersavily loaded schedule, stoped?16:09
*** silor has joined #openstack-swift16:26
*** bkopilov has joined #openstack-swift16:33
*** links has quit IRC16:37
*** chsc has joined #openstack-swift16:38
*** chsc has joined #openstack-swift16:38
*** chlong has quit IRC16:52
tdasilvaganders: i don't think you should leave them stopped for a long time as you risk losing data, but rledisez did mention tuning them, i guess things like how often they run...16:53
ganderswhat would be the 'best' tuning for that?16:58
*** adu has quit IRC16:59
rledisezganders: are you using replica or erasure code policy?17:00
*** arch-nemesis has joined #openstack-swift17:00
*** chsc has quit IRC17:03
*** peterlisak has quit IRC17:08
*** peterlisak has joined #openstack-swift17:09
*** jarbod_ has quit IRC17:10
*** sheel has joined #openstack-swift17:10
*** jarbod_ has joined #openstack-swift17:10
*** ukaynar has quit IRC17:11
*** ganders has quit IRC17:13
*** adu has joined #openstack-swift17:16
*** cbartz has quit IRC17:17
notmynamegood morning17:17
*** oshritf has joined #openstack-swift17:17
*** oshritf has quit IRC17:18
*** ukaynar has joined #openstack-swift17:18
*** chosafine has joined #openstack-swift17:23
*** hseipp has quit IRC17:26
*** chlong has joined #openstack-swift17:26
*** silor has quit IRC17:29
*** chsc has joined #openstack-swift17:29
*** chsc has joined #openstack-swift17:29
*** ganders has joined #openstack-swift17:31
gandersrledisez: replica17:33
*** ukaynar has quit IRC17:36
rledisezganders: in object-auditor, reduce files_per_second, set zero_byte_files_per_second to 0, increase disk_chunk_size, in object-replicator use SSYNC, increase interval, in account/container auditor play reduce account/container per second, in account/container replicator increase interval17:38
rledisezganders: just set reasonable values, don't set an interval of one week ;)17:38
*** chsc has quit IRC17:39
*** silor has joined #openstack-swift17:39
gandersrledisez: thanks a lot :) will try that out17:40
*** dmorita has joined #openstack-swift17:42
*** chsc has joined #openstack-swift17:48
*** chsc has quit IRC17:48
*** chsc has joined #openstack-swift17:48
*** manous has quit IRC17:51
*** rledisez has quit IRC17:53
*** silor has quit IRC17:53
*** sams-gleb has quit IRC17:53
*** JimCheung has joined #openstack-swift17:58
*** JimCheung has quit IRC17:58
*** JimCheung has joined #openstack-swift17:59
*** jordanP has quit IRC18:03
*** bkeller` has joined #openstack-swift18:08
*** mvk has joined #openstack-swift18:09
openstackgerritAlistair Coles proposed openstack/swift: Support last modified on listing containers  https://review.openstack.org/19863418:09
openstackgerritAlistair Coles proposed openstack/swift: Trivial follow up to addition of last modified in container listings  https://review.openstack.org/41957918:09
*** chlong has quit IRC18:19
*** ukaynar_ has joined #openstack-swift18:26
claygacoles: mahatic: Is there really a behavior change in patch 374419?  It's not documented in tests if there is one lurking?18:27
patchbothttps://review.openstack.org/#/c/374419/ - swift - Move documented reclaim_age option to correct loca...18:27
claygwe don't... "ignore" anything now or after the patch?  we use the value that gets read into conf and give that to the DiskFile?18:27
clayg... if you are already on master setting reclaim_age in default you are golden - you don't need my stupid cleanup/plumbing + doc fix patch18:28
claygif you have different services configured with different relcaim ages (like anyone following the current docs would) then you're getting some undefined behavior - I don't really want to detail all of that because it's not what anyone wants18:29
claygthe only sane thing we support is one reclaim_age everywhere18:29
claygif you set it in DEFAULT - you're done18:29
claygif you want to set it every individual config section - by all means18:29
acolesclayg: look at the call from finalize_put to cleanup_ondisk_files https://github.com/openstack/swift/blob/8737ebe519110cbe8fa5ba5fba945de0d627142f/swift/obj/diskfile.py#L1497-L149718:29
claygif you want to set it in DEFAULT and also in the config section... ummm ok18:29
acolesin that case cleanup_ondisk_files on master does not use any configured value, it always uses one week.18:30
claygacoles: well - see that's a whole different bug!18:30
acoleslol18:30
claygacoles: your beef isn't docs/commitmessage/upgradeimpact18:30
claygit's "you can't set reclaim_age for object servers"18:30
claygI fixed it on accident (knew cleanup of passing around that stupid internal state was a good idea) - and I should write a damn test to prove it!18:31
acoleswell the patch fixes that right, so every call to cleanup_ondisk_files uses the conf value of reclaim_age. that's good, but it is a behavioural change18:31
claygI really thought I was good2go when I moved my reclaim_age setting to DEFAULT18:31
*** chlong has joined #openstack-swift18:32
claygi even bumped my default deploy reclaim age to 6 wks to try and make it harder to get dark data18:32
*** chosafine has quit IRC18:32
claygwith the "always be reclaiming tombstones" fix that mahatic did I've seen tombstones go down overall18:33
acolesclayg: I think mahatic is arguing a different point to mine (and i'm not sure I agree with her)18:33
*** openstackgerrit has quit IRC18:33
claygacoles: well... i'm just saying your point would be more clear if you stated it "this patch introduces a behavior change and a behavior change should have a test"18:33
*** chosafine has joined #openstack-swift18:33
claygI was reading tim's comments and started thinking "yeah, he's right, there *can't* be a behavior change in this patch i haven't looked at in months - if there was a behavior change there would be a test for it!"18:34
*** pcaruana has quit IRC18:34
claygacoles: thanks as always for catching my goofs ;)18:34
acolesclayg: "I think there is a change in behaviour..." https://review.openstack.org/#/c/374419/14//COMMIT_MSG@3318:35
patchbotpatch 374419 - swift - Move documented reclaim_age option to correct loca...18:35
*** chosafine has quit IRC18:36
acolesclayg: the test would be weird cos we'd uimmediately say well that's a bug thats being asserted i.e. set reclaim_age to zero in DEFAULT and you'll get no tombstones18:36
claygyeah i read that and was like "oh, so there *is* a behavior change" - but then I still couldn't spot it - i think i was looking at the diff on my phone instead of the current source code (your github link is more clear; i'm adding it to my -1)18:37
*** oshritf has joined #openstack-swift18:37
claygsorry to make a fuss about "you shoud have said" this or that - that's silly - the point is you spotted it - well done18:37
acolesclayg: funnt thing is i was just thining, ummm maybe i should knock up a test to prove it :)18:37
acolesthinking*18:38
claygacoles: wait... so you're saying the only way to prove that we don't pass reclaim age into _finalize_put is if we use a reclaim_age of 0?18:38
claygwhat if you do a delete with an x-timestamp or something and then it reaps the tombstone anyway ahead of the configured reclaim age?18:38
acolesor put a sleep into the cleanup18:39
clayg... well you could mock the return value of time; but that makes it feel less strong - I don't think anyone is going to set reclaim_age to 0 in any config section anywhere on a production system - sorry but no ops I know would do that "just to prove blah balh"18:40
claygall the ops I know are way more paranoid than I am18:40
claygI'll be like "it's fine; it won't hurt anything; that's stupid there's no way the code would ever do that" and they'll be like "well better safe than sorry" - they know better than to trust me18:41
claygnot passig reclaim_age into finalize_put still feels like a bug tho18:41
claygbut if it's benign maybe I'm less worried about it overall18:42
acolesthe patch fixes it and on master IDK if it was a bug or just a useful feature, on master it prevents ever cleaning up a tombstone you just wrote.18:42
claygnow that you mention it... I feel like I've set reclaim_age to 0 and had delete's not write tombstones?  was it while testing this patch/18:43
acoles yes!!!18:44
acolesI did same this morning, which proves that devs are insane in a way that ops aren't18:44
acolesIdeally we'd have the cleanup code be smart and never delete the tombstone it just wrote18:45
claygwhy?  it's gunna happen next cleanup_hash_dir anyway?18:45
claygacoles: will it stil delete the .data file?18:46
claygcause it sounds sorta like exactly what you'd expect reclaim_age of 0 to do?  :P18:46
claygwell that or just not write the tombstone file at all18:46
acolesthats what I saw, empty dir after the delete18:46
claygwfm18:46
claygand your sure that doesn't happen on master (i'm going to test it anyway - so you don't have to answer)18:47
acolesbut it would not get reclaimed in next cleanup call if the replicator is config'd as spec'd on master today so the replicator would pass in a sensible reclaim_age to the cleanup code18:47
clayghaving different reclaim_age for different object-* services is terrible sin I'm trying to paper over by suggestion configuration of the value once in DEFAULT18:48
acolesclayg: the patch is good. I just get all worried about an op out there who did this once upon a time http://paste.openstack.org/show/594755/ , that is the extent of my concern, nothing wrong with the patch, just me worrying about crazy stuff in the wild.18:49
claygobject server with 1 wk replicator with 2 wk is silly/bad - the zero case is just a pathologicial version of that - and not super explicitly worried about reclaim_age 0 having a particuarlly odd (dangerous?) beahvior18:49
claygwe're talking past each other18:50
claygI hadn't realized that config would do one thing on master and a different thing on this patch18:51
*** geaaru has quit IRC18:51
claygi understand now that you believe it would18:51
claygwe will prove it with a test18:51
claygonce all behavoir changes are documented with a test - it should be more clear what the upgrade impact will be18:51
*** tesseract has quit IRC18:51
*** bkeller` has quit IRC18:51
*** tqtran has joined #openstack-swift18:51
claygI'm more worried about my current configs of reclaim_age 6wks in [DEFAULT] not doing the right thing in finalize_put18:52
claygbut I guess you're saying that unless x-timestamp is very very close to reclaimage expiration anyway there's no behavior change - it only effects the finalize_put call on the object-server not the get_hashes/REPLICATE calls?18:52
*** sams-gleb has joined #openstack-swift18:53
claygacapgcoah LookupError: Entry point 'symlink' not found in egg 'swift'18:54
clayg^ that's not merged on master yet!  ;)18:54
tdasilva?18:55
claygtdasilva: i'd ust switched branches and my proxies wouldn't start because I had configured symlink middleware to test the conditional get's stuff18:56
tdasilvaoh lol18:58
*** sams-gleb has quit IRC18:59
*** vern has quit IRC18:59
claygacoles: ok, yeah I agree the behavior on master and this patch are different :D19:01
*** oshritf has quit IRC19:03
acolesclayg: https://gist.github.com/46a67c833d959fcb55cec785c06e20e119:09
*** oshritf has joined #openstack-swift19:14
*** oshritf has quit IRC19:18
timburkeclayg: on https://review.openstack.org/#/c/299225/ -- did you review it previously? i didn't see anything about it. i also don't know why we'd say needs-next-api -- 400 on a bad param instead of silently ignoring it seems like a reasonable change19:21
patchbotpatch 299225 - swift - Treat invalid limit parameters as errors19:21
claygtimburke: sorry i was just reading the history on the associated bug report19:22
timburkethere were definitely problems with it before i re-wrote most of it back in october, but now it seems like it could merge?19:22
claygtorgomatic: also had a recomendation that some pre-existing lack of validation may lead to clients of past doing all kinds of unknown weird things19:23
*** acoles is now known as acoles_19:23
timburkeoh, yeah, that bug report seems rather vague19:23
claygacoles_: thanks for the test!19:24
claygtimburke: the bug is tagged needs-new-api ?19:25
claygtimburke: does the patch add a new api version1?19:25
timburke...i disagree? seems reasonable to me that when we document that we expect an integer value, we can change it to error out if you *don't* provide one.19:27
claygtimburke: i *know* you disagree - and better yet - I *know* I might be wrong - i recognize the whole thing is scale and I've just got too much personal experience that in-action has the least negative consequences19:28
claygsure some dev might stare a screen for 10 mins only to realize they were sending garbage to limit - but they'll curse me; they'll curse themselves; they'll get over it19:29
claygOTOH if I start returning 400 and some *user* has their client break because BigCorp upgraded their cluster - we're jersk "breaking API" they'll screen19:29
clayg*scream19:29
claygyou can point at the spec all day long; but behavior trumps spec every time19:30
claygso.. I'd -2 the patch - but totally recognize that's just my judgement19:30
claygso... do what can I do to help you with that patch?19:30
*** oshritf has joined #openstack-swift19:31
*** ChubYann has joined #openstack-swift19:31
claygin particular ''.isdigit() was pointed out by sam as being particuarlly scary from the breaking POV19:32
claygmaybe something in wsgi makes it so `/a/c?limit=` doens't result in a 400 - but I don't see a test to prove it19:32
claygsome client somewhere sent `/a/c?limit=` and expected it to be ignored for sure19:33
claygbut why do I care?  I can just sit here and not change it and let the bug be tagged next-api until the cows come home19:33
claygit's easy... watch19:33
clayg;)19:33
*** oshritf has quit IRC19:36
timburkeclayg: i guess go -1 it while asking for a test with a blank limit? look a the code, that will continue to be ignored19:36
timburkeit's not wsgi, it's us, and it's in the diff19:36
claygoic, the __nonzero__ if19:37
*** oshritf has joined #openstack-swift19:39
claygtimburke: ok, so if we want to remove the needs-new-api tag from the bug we should bring it up at the swift meeting - i'll try not to be there ;)19:39
claygtimburke: i can't help but imagine some clint sending '?limit=None' without realizing it :\  sorry19:40
*** chlong has quit IRC19:41
clayg*my* code has but None in X-Backend-Frag-Index before when I didn't mean too :\19:41
claygit would have been better if it had been ignored - isntead we stuffed it a string 'None' and it sucked :\19:41
clayg"liberal in what you accept"19:41
timburkesi1ver: yes, swift3 includes support (and tests) for v4 signatures. it currently requires keystone, however. i've got plans to add support to tempauth and swauth, but haven't gotten around to it19:42
claygthere's lots of stuff in rfc 2616 that used to say like "if a server doesn't not recognize it may ignore..." kinda stuff19:42
*** ukaynar_ has quit IRC19:45
*** JimCheung has quit IRC19:46
*** oshritf has quit IRC19:48
timburke"liberal"...like accepting (and writing down!) 'None' when it totally should have been an int? i am *way* more interesting in validating user input early & often than saying "well, they probably didn't mean to send that"19:49
timburkeat least now i've got an explanation for https://review.openstack.org/#/c/219165/43/swift/obj/reconstructor.py@273 ...19:49
patchbotpatch 219165 - swift - EC Fragment Duplication - Foundational Global EC C...19:49
*** arch-nemesis has quit IRC19:50
*** ganders has quit IRC19:52
timburkeacoles_: even if we use a separate header to relay the symlink target to the container server, we've still gotta *store* it somewhere. stuffing it in etag seems lower-friction than a db migration, and it means there's some window of compatibility in case your proxies upgrade before your storage nodes19:53
*** chlong has joined #openstack-swift19:56
-openstackstatus- NOTICE: Gerrit will be offline between now and 20:30 for scheduled maintenance: http://lists.openstack.org/pipermail/openstack-dev/2017-January/109910.html20:10
*** ChanServ changes topic to "Gerrit will be offline between now and 20:30 for scheduled maintenance: http://lists.openstack.org/pipermail/openstack-dev/2017-January/109910.html"20:10
claygnotmyname: how do I work https://wiki.openstack.org/wiki/Meetings/Swift - timburke wants to untag 'needs-new-api' on lp bug #1254638 - I think he's gotta a pretty strong case that the associated fix is reasonable and I want others to chime in so that folks can feel comfortable in telling me I worry too much20:13
openstackLaunchpad bug 1254638 in OpenStack Object Storage (swift) "Some bad parameters do not return 4xx" [Wishlist,In progress] https://launchpad.net/bugs/1254638 - Assigned to Ankur Jain (j-ankur)20:13
notmynameclayg: top right corner, log in. then return to the page and top left corner to edit. typey typey and hit publish20:13
claygoic - "next meeting" it already has an empty bullet point!20:14
claygnotmyname: thanks!20:14
claygtimburke: https://wiki.openstack.org/wiki/Meetings/Swift boom!  you got this bro!20:15
*** oshritf has joined #openstack-swift20:26
*** adu has quit IRC20:27
*** oshritf has quit IRC20:30
clayghey!?20:32
clayggerrit is down?20:32
claygdid i miss a notification?20:32
zaitcev"Gerrit will be offline until 20:45 for scheduled maintenance (running longer than anticipated): http://lists.openstack.org/pipermail/openstack-dev/2017-January/109910.html"20:32
claygbah, unread in my inbox :'(20:33
claygI've been behind!  :P20:33
claygzaitcev: thanks20:33
zaitcevclayg: np. BTW, did you see this https://groups.google.com/forum/#!topic/golang-nuts/cR5bWfLroiQ20:34
claygzaitcev: how you doing?  what's the deal with the golang something binding somewhere with 6200?20:34
claygzaitcev: omg we are *so* going to get dinged for abusing http like this - did anyone respond?20:34
-openstackstatus- NOTICE: Updated: Gerrit will be offline until 20:45 for scheduled maintenance (running longer than anticipated): http://lists.openstack.org/pipermail/openstack-dev/2017-January/109910.html20:35
*** ChanServ changes topic to "Updated: Gerrit will be offline until 20:45 for scheduled maintenance (running longer than anticipated): http://lists.openstack.org/pipermail/openstack-dev/2017-January/109910.html"20:35
zaitcevclayg: nobody seems to care. I asked on #go-nuts and they suggest to follow the contribution procedure. File the item, outline the need, propose the fix...20:35
zaitcevclayg: I'm just letting you know in case you fancy Hummingbird work... I know you had your hands full with all the hashes updates and so on.20:36
claygzaitcev: so I *do* still fancy some hummingbird(ish) work - have you seen monty's oaktree?  https://github.com/openstack/oaktree20:37
claygthe gRPC stuff is *pretty* nice - protocol buffers are designed to make api's between client/servers written in different languages a breeze20:37
claygI've had some less than great expereiences using them for data transfer before - but there's some stuff you can do to make serialization of datablobs less bad20:38
zaitcevHmm, so this is some kind of a better Aeolus, it appears20:39
claygthat plus the builtin support for http2 multiplexing and the framing/termination/resume/footer stuff make it a really intersting protocol to me20:39
zaitcevAlthough, no... Aeolus is across AWS/Azure/OpenStack and this is only OpenStack.20:39
claygoh oh oh - yeah the oaktree thing - I just pointed it out as an example of gRPC that already exists in OpenStack20:40
zaitcevPlus gRPC as you mention20:40
claygwhat I want to do with gRPC has nothing to do with monty's goals of oaktree/porcilain/shade/etc20:41
*** openstackgerrit has joined #openstack-swift20:43
openstackgerritTim Burke proposed openstack/swift: Treat invalid limit parameters as errors  https://review.openstack.org/29922520:43
claygzaitcev: SO if at somepoint you get annoyed enough with lp bug #1496636 you may want to consider gRPC - there's some non-zero chance something like it will be part of the golang object-replication-server anyway - and python parts of swift the like reconstructor that need to do pyeclib stuff but still want to talk SSYNCv2 could very easily be doing gRPC protocol stuff anyway20:44
openstackLaunchpad bug 1496636 in OpenStack Object Storage (swift) "EC: Chunked transfer/commit protocol is *not* HTTP" [Undecided,New] https://launchpad.net/bugs/149663620:44
*** chlong has quit IRC20:44
claygbut you know... I might have stronger thoughts about it in ATL - you going to the PTG?20:45
zaitcevyes20:45
*** JimCheung has joined #openstack-swift20:46
claygw0000!20:46
clayggod, i re-read that bug about how jank our ec put protocol is and I sort of forgot :\20:46
claygI figure there is zero chance you can write this protcol to anything other server in the world except eventlet.wsgi :\20:47
claygi man you could *try* to port the bug - but *hopefully* someone would stop you ;)20:48
zaitcevI'm still reading https://bugs.launchpad.net/swift/+bug/1496636, sorry.20:49
openstackLaunchpad bug 1496636 in OpenStack Object Storage (swift) "EC: Chunked transfer/commit protocol is *not* HTTP" [Undecided,New]20:49
claygoh it's a h00t!20:49
zaitcevyeah, bfitz isn't going to like us20:50
*** JimCheung has quit IRC20:51
*** d0ugal has quit IRC20:52
*** ChanServ changes topic to "Let's talk, we're nice. | Ideas: https://wiki.openstack.org/wiki/Swift/ideas | Logs: http://eavesdrop.openstack.org/irclogs/%23openstack-swift/ | Meetings: https://wiki.openstack.org/wiki/Meetings/Swift | Priority Reviews: https://wiki.openstack.org/wiki/Swift/PriorityReviews"20:54
*** d0ugal has joined #openstack-swift20:54
*** d0ugal has quit IRC20:54
*** d0ugal has joined #openstack-swift20:54
*** manous has joined #openstack-swift20:56
*** sams-gleb has joined #openstack-swift20:57
*** chlong has joined #openstack-swift20:58
*** david-lyle has quit IRC21:01
*** david-lyle has joined #openstack-swift21:02
*** sams-gleb has quit IRC21:02
*** d0ugal has quit IRC21:03
*** chlong has quit IRC21:04
notmynamepdardeau: mmotiani: I'm sorry for your loss http://tpr.org/post/san-antonio-pushes-pause-google-fiber-deployment21:05
si1vertimburke: ok I'll have to look it over again. Was this in the openstack/swift3 repo or the fujita one? (may have spelled that wrong) I was looking in the openstack one.21:05
mattoliverauMorning21:05
si1verI am very close to having this working but I'm having another weird issue. If I specify the reseller_prefix=KEY line in [filter:keystoneauth], I get different results in test and stage. In stage with the line present it fails with the debug error "tenant mismatch: AUTH_c3ca2b0eecc94c2bb2d2528b5d0af2df != c3ca2b0eecc94c2bb2d2528b5d0af2df", but it works fine without the line. In test WITHOUT the line preset I get a failure "tenant21:09
patchbotError: No closing quotation21:09
si1verThere's no other mention of AUTH or KEY in either swift proxy config file. Is there somewhere else I can check for some kind of default value?21:10
claygyay I think gerrit is back-ish?21:10
mattoliverausi1ver have you got the reseller prefix being added to the end point in Keystone? And is KEY_ included in your storage URL your using when talking to swift?21:13
mattoliverauIf not then it's equiv of having and empty reseller set21:13
si1verthe two service catalogs looks the same except for the hostname. The two sets of openstack env vars look the same except for the hostname and the passwords.21:14
si1verthe two keystone service catalogs were setup using the same mysql and openstack commands.21:14
si1verThe staging cluster was deployed as liberty and upgraded to mitaka before installing keystone. the test one is deployed fresh with mitaka each run.21:15
*** chlong has joined #openstack-swift21:18
*** JimCheung has joined #openstack-swift21:18
*** openstackgerrit has quit IRC21:18
zaitcevclayg: Do you remember by any chance why the commit phase is not a separate POST? Because of unacceptable overhead, right?21:18
*** silor has joined #openstack-swift21:20
claygzaitcev: there is *no* good reason it shouldn't be a pipelined http request - that *exactly* what it should have been IMHO21:21
*** JimCheung has quit IRC21:22
*** ukaynar has joined #openstack-swift21:22
*** ukaynar has quit IRC21:22
claygbut we need some way for the second POST to mean "mae this fragment at this timestamp durable" and not like "the most recent fragment" or w/e21:23
claygI think with the current implementation we do the whole flush/fsync/mkdir/rename dance so the object *is* in the hashdir - not in /tmp21:24
claygI don't think the proxy is really setup to make pipelined reqeusts tho - you try to spike on it - I think you could even make a pipelined POST work for footers and drop all the mime stuff if you're really smart/careful21:24
claygyou might run it by torgomatic21:25
zaitcevso, a new EC put in order to avoid justifying myself in front of Go core21:26
zaitcevhmm21:26
zaitcevand resolve 149663621:26
*** silor1 has joined #openstack-swift21:30
*** silor has quit IRC21:31
*** silor1 is now known as silor21:31
timburkesi1ver: the tests generally look something like https://github.com/openstack/swift3/blob/master/swift3/test/functional/test_object.py#L778-L816 -- you'll notice, though, that there are pieces that boto doesn't handle properly :-/ not sure what client/lib you're using21:33
timburkeon the reseller_prefix issue, i think you might need to specify it in the s3token config as well? i forget exactly; might need to look at it again21:34
*** Jeffrey4l has quit IRC21:34
si1verwell I guess my puzzle is how the default could be different between the two environments.21:35
*** manous has quit IRC21:35
si1verSo I need a way to see that21:35
si1verlooks like swift tenants and openstack tenants are not the same thing, so it's difficult to google for.21:35
pdardeaunotmyname: ya, we just chalk it up to that cosmic injustice thing ;)21:35
*** JimCheung has joined #openstack-swift21:36
notmynamesi1ver: not sure I follow that. from what I've seen, the openstack tenant id is used to construct the account in swift (and that's what goes into the service catalog). what two things are you seeing that are different?21:40
si1verI only see a difference in the swift proxy logs for failed requests. They fail as KEY_ not matching on one, and AUTH_ not matching on the other. Specifying the reseller prefix makes one work and makes the other fail.21:42
si1verSo I am assuming one must have a different default than the other but I don't know how to see that.21:42
notmynameoh, wait. I'm jsut catching up on your topic. you're running two keystones at once?21:42
si1veryeah separate clusters.21:43
si1verOne is a chef cookbook test environment, the other is bare metal.21:43
notmynameoh, ok. not in the same cluster21:43
notmynamedefinitely specify the reseller prefix. better to be explicit than implicit. then you've got one of your clusters working and can look in to what the other issue is21:44
si1verright. The same config file works on one and fails in the other.21:44
*** openstackgerrit has joined #openstack-swift21:45
openstackgerritSamuel Merritt proposed openstack/swift: Fix download resumption for new SLOs.  https://review.openstack.org/41966421:45
mattoliverausi1ver: yeah so looks like the s3token also has a reseller_prefix as well you need to set21:45
si1verreseller prefix in the cookbook test env must be in the keystoneauth section or keystone fails to work. It doesn't matter if it is there or not for the bare metal cluster, keystone works either way, but with it present AWS4 auth fails with the same message that keystone fails with on the cookbook test.21:46
si1verI had to whiteboard all this out this morning to get it straight...21:46
si1verspecifying a reseller prefix in the swift3 section didn't seem to do anything. I'll try again.21:46
*** sheel has quit IRC21:47
mattoliverauin the s3token section, and it defaults to AUTH_ so that might be where the AUTH_ is coming from21:47
mattoliverausi1ver: https://github.com/openstack/swift3/blob/master/etc/proxy-server.conf-sample#L14721:48
mattoliverausi1ver: it goes in the s3token section not the swift321:49
si1verroger21:49
si1verShould keystoneauth and s3token both have the reseller prefix? It is not working on the bare metal nodes.21:51
si1verEither or both cause aws4 to fail on the bare metal cluster.21:53
mattoliverausi1ver: You need a reseller prefix for keystone, to identify it as the auth, the s3token one is so it can translate the s3api into the valid/required authenicatable storage url for swift (or in this case ketstone), so yeah you need both.. that's my limited understanding of swift3 anyway.21:55
si1verWith it in either section, I get this debug error in the proxy log: tenant mismatch: KEYc3ca2b0eecc94c2bb2d2528b5d0af2df != c3ca2b0eecc94c2bb2d2528b5d0af2df21:55
mattoliverausi1ver: you probably need it as KEY_21:55
mattoliveraunot KEY21:55
mattoliverauin s3token21:56
si1vertenant mismatch: KEY_c3ca2b0eecc94c2bb2d2528b5d0af2df != c3ca2b0eecc94c2bb2d2528b5d0af2df21:56
si1verheeey now we are getting somewhere. I added it to the keystoneauth section again but WITH the _, and it's working on the metal.21:58
si1verboth present but without the _ was failing.21:58
si1verI may have spent a week hunting a single char error... ha21:59
mattoliverausi1ver: swift allows you to have more then one auth middleware, the reseller prefix tells swift which one to use. You left it out from the keystone so it was expecting things without the KEY_21:59
mattoliveraunow you've told swift keystone auth with the auth for everyone (account starting in KEY_)21:59
mattoliverau*is the auth22:00
si1verYeah but it was infering the KEY on one and infering an AUTH on the other, which was my confusion.22:00
mattoliverausi1ver: yeah, sorry didn't realise swift3 defaulted to AUTH_22:00
mattoliverauso we all have learnt something :)22:00
si1verbeerdebt++22:00
si1verit works in test kitchen as well. Thank you very much. The different behavior is not explained, but eliminating it is good enough.22:02
claygkota_: I really *want* to start reviewing global ec support - but for some reason instead I'm going to do another revision of patch 374419 :\22:03
patchbothttps://review.openstack.org/#/c/374419/ - swift - Move documented reclaim_age option to correct loca...22:03
clayghopefully it won't take long!22:03
mattoliverau^ famous last words.22:04
*** d0ugal has joined #openstack-swift22:07
*** darrenc is now known as darrenc_afk22:09
*** gabor_antal has quit IRC22:11
*** gabor_antal_ has joined #openstack-swift22:11
claygonovy: did you get ahold of Pavel - I hate to bother him - but if he's not going to be working for awhile (good for him!) we should try to make progress without him22:16
claygif he's available I really don't want to do something without his valuable input!22:16
*** silor has quit IRC22:19
*** gabor_antal_ has quit IRC22:23
*** gabor_antal has joined #openstack-swift22:23
*** chlong has quit IRC22:29
*** sams-gleb has joined #openstack-swift22:30
*** ukaynar has joined #openstack-swift22:31
*** chlong has joined #openstack-swift22:37
*** darrenc_afk is now known as darrenc22:41
*** sams-gleb has quit IRC22:49
*** ukaynar has quit IRC22:55
openstackgerritSamuel Merritt proposed openstack/swift: Fix download resumption for new SLOs.  https://review.openstack.org/41966423:17
*** kei_yama has joined #openstack-swift23:23
*** tqtran has quit IRC23:29
*** vint_bra has quit IRC23:31
*** chsc has quit IRC23:36
*** Jeffrey4l has joined #openstack-swift23:37
*** klamath has quit IRC23:46
*** sams-gleb has joined #openstack-swift23:50
*** sams-gleb has quit IRC23:54
« Wednesday, 2017-01-11 Index Friday, 2017-01-13 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!