Perl 6 - the future is here, just unevenly distributed

IRC log for #puppet-openstack, 2015-07-13

| Channels | #puppet-openstack index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:08 logan2 joined #puppet-openstack
00:50 ducttape_ joined #puppet-openstack
00:52 openstackgerrit joined #puppet-openstack
00:53 topshare joined #puppet-openstack
01:59 mfisch sbadia: yo
01:59 mfisch sbadia: did Puppetlabs agree to move our namespace in the forge? I thought it was an open question
02:13 xingchao joined #puppet-openstack
02:15 gildub joined #puppet-openstack
02:37 EmilienM mfisch: I released them there
03:09 mfisch awesome
03:21 topshare joined #puppet-openstack
03:27 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
03:54 openstackgerrit Emilien Macchi proposed openstack/puppet-openstacklib: openstack provider: increase timeout to 20  https://review.openstack.org/200982
03:55 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
04:08 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
04:23 topshare joined #puppet-openstack
04:23 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
05:39 openstackgerrit Gilles Dubreuil proposed openstack/puppet-keystone: Resource keystone_trust for Keystone V3 API  https://review.openstack.org/200996
05:57 openstackgerrit Gilles Dubreuil proposed openstack/puppet-keystone: Resource keystone_trust for Keystone V3 API  https://review.openstack.org/200996
06:11 khappone joined #puppet-openstack
06:14 rwsu joined #puppet-openstack
06:26 hogepodge joined #puppet-openstack
06:28 sergmelikyan joined #puppet-openstack
06:32 gildub_ joined #puppet-openstack
06:42 pcaruana joined #puppet-openstack
06:52 ddmitriev joined #puppet-openstack
07:13 xingchao joined #puppet-openstack
07:18 dgurtner joined #puppet-openstack
07:18 dgurtner joined #puppet-openstack
07:28 jpena joined #puppet-openstack
07:45 openstackgerrit Gilles Dubreuil proposed openstack/puppet-keystone: Resource keystone_trust for Keystone V3 API  https://review.openstack.org/200996
07:51 openstackgerrit Gilles Dubreuil proposed openstack/puppet-keystone: Resource keystone_trust for Keystone V3 API  https://review.openstack.org/200996
07:51 openstackgerrit Javier Peña proposed openstack/puppet-ceilometer: Simplify parameters for rpc_backend  https://review.openstack.org/196036
07:56 chem joined #puppet-openstack
07:57 xingchao joined #puppet-openstack
08:02 jistr joined #puppet-openstack
08:18 paramite joined #puppet-openstack
08:28 xingchao joined #puppet-openstack
08:43 sergmelikyan joined #puppet-openstack
09:13 social oh hay, can we have this in? https://review.openstack.org/#/c/196668
09:15 kbyrne joined #puppet-openstack
09:26 sergmelikyan joined #puppet-openstack
09:51 derekh joined #puppet-openstack
10:56 cdelatte joined #puppet-openstack
11:08 xingchao joined #puppet-openstack
11:12 gildub joined #puppet-openstack
11:28 xingchao joined #puppet-openstack
11:30 sergmelikyan joined #puppet-openstack
11:33 blentz joined #puppet-openstack
11:35 dgurtner joined #puppet-openstack
11:35 dgurtner joined #puppet-openstack
11:41 sergmelikyan joined #puppet-openstack
11:41 EmilienM good morning
11:50 social EmilienM: will you have time for https://review.openstack.org/#/c/196668 ?
11:51 EmilienM social: yes, maybe today
11:53 gfidente joined #puppet-openstack
11:53 dprince joined #puppet-openstack
11:54 sergmelikyan joined #puppet-openstack
12:04 dgurtner joined #puppet-openstack
12:04 dgurtner joined #puppet-openstack
12:28 ducttape_ joined #puppet-openstack
12:31 topshare joined #puppet-openstack
12:47 sergmelikyan joined #puppet-openstack
12:49 sergmelikyan joined #puppet-openstack
12:54 ddmitriev1 joined #puppet-openstack
13:00 crinkle EmilienM: is it safe to say the sprint will be 9/2-9/4?
13:00 EmilienM I was about to close the poll
13:00 EmilienM crinkle: yes
13:00 crinkle mmk
13:02 EmilienM crinkle: (early) good morning!
13:04 crinkle good morning
13:05 richm joined #puppet-openstack
13:05 openstackgerrit Yanis Guenane proposed openstack/puppet-cinder: Sync cinder::db::sync with new standard  https://review.openstack.org/196693
13:09 sergmelikyan joined #puppet-openstack
13:20 rcallawa joined #puppet-openstack
13:26 openstackgerrit Yanis Guenane proposed openstack/puppet-designate: Creation of designate::db::sync  https://review.openstack.org/196622
13:33 iurygregory joined #puppet-openstack
13:48 dfisher joined #puppet-openstack
13:51 ferest joined #puppet-openstack
13:53 openstackgerrit Michael Polenchuk proposed openstack/puppet-neutron: Jumbo frames between instances  https://review.openstack.org/199999
14:15 sergmelikyan joined #puppet-openstack
14:24 openstackgerrit Merged openstack/puppet-openstack-cookiecutter: Handle the postgresql md5password in specs  https://review.openstack.org/200590
14:33 markvoelker joined #puppet-openstack
14:35 openstackgerrit Emilien Macchi proposed openstack/puppet-openstack-specs: Blueprint: Define our master branch policy  https://review.openstack.org/180141
14:38 vinsh_ joined #puppet-openstack
14:40 paramite_ joined #puppet-openstack
14:41 sergmelikyan joined #puppet-openstack
14:42 markvoelker_ joined #puppet-openstack
14:42 sergmelikyan joined #puppet-openstack
14:43 openstackgerrit Merged openstack/puppet-nova: Add ability to override compute_driver  https://review.openstack.org/200543
14:55 mdorman joined #puppet-openstack
14:55 openstackgerrit Merged openstack/puppet-neutron: Creation of neutron::db::sync  https://review.openstack.org/196668
15:07 richm EmilienM: re: roles resource - I just got a packstack failure because swift creates the keystone_role admin using ensure_resource
15:08 richm EmilienM: so looks like we have to use ensure_resource in the roles resource :P
15:08 EmilienM richm: well, it should be packstack to update their manifests
15:09 richm EmilienM: It's not packstack, it's swift::keystone::auth
15:09 EmilienM also, you can set the configure_role to False
15:09 EmilienM oh I see, ok
15:09 richm EmilienM: I am concerned because this is a case of "it worked before, now it's not working" after upgrade
15:15 openstackgerrit Lukas Bezdicka proposed openstack/puppet-neutron: Run neutron db sync also for each neutron module  https://review.openstack.org/200877
15:15 EmilienM richm: will look right after my dailys crum
15:16 richm EmilienM: I am testing a fix right now
15:16 EmilienM richm: I also found weird things last night with v3 + WSGI enabled
15:16 richm ok
15:17 EmilienM richm: https://review.openstack.org/200827
15:17 EmilienM richm: it fails now, but I'll look today
15:17 EmilienM richm: logs are interested to see
15:18 topshare joined #puppet-openstack
15:18 richm wth?  Error: Execution of '/usr/bin/openstack domain create --format shell admin_domain --enable --description Domain for admin v3 users' returned 1: ERROR: openstack Not Found (HTTP 404)
15:18 sergmelikyan Hi EmilienM, stackforge/puppet-murano is renamed to openstack/murano, this commit is last thing left https://review.openstack.org/192727
15:18 richm looks like the problem when it doesn't create the domain
15:18 sergmelikyan can you vote?
15:19 EmilienM sergmelikyan: will do
15:19 richm EmilienM: I run packstack exclusively with keystone wsgi
15:19 richm I've tested all of my v3 patches using keystone wsgi
15:19 sergmelikyan EmilienM: thank you!
15:19 EmilienM sergmelikyan: it's already voted BTW
15:19 rwsu joined #puppet-openstack
15:20 EmilienM richm: weird. I was thinking, could it be apache too long to start, like a race condition here?
15:20 markvoelker joined #puppet-openstack
15:28 richm EmilienM: could be
15:28 EmilienM richm: back
15:28 EmilienM richm: so you're doing a fix for which module?
15:28 EmilienM richm: my patch?
15:28 social EmilienM: question is, should I just do exec with setsebool?
15:28 EmilienM social: there is a selinux module afik
15:29 EmilienM social: and selinux resource in puppet
15:30 social uu selboolean
15:30 social nice
15:33 bklei joined #puppet-openstack
15:35 EmilienM richm: can I push on https://review.openstack.org/#/c/199676 ?
15:36 _morgan joined #puppet-openstack
15:37 gsilvis joined #puppet-openstack
15:37 tristanC joined #puppet-openstack
15:37 sac joined #puppet-openstack
15:37 nibalizer joined #puppet-openstack
15:37 mwoodson joined #puppet-openstack
15:37 _matthias_ joined #puppet-openstack
15:37 maximov joined #puppet-openstack
15:37 mwoodson joined #puppet-openstack
15:37 ikke-t joined #puppet-openstack
15:38 pasquier-s joined #puppet-openstack
15:39 dachary joined #puppet-openstack
15:39 mwhahaha joined #puppet-openstack
15:39 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: Transform keystone::roles::admin Class into a Define  https://review.openstack.org/199676
15:39 derekh joined #puppet-openstack
15:39 EmilienM richm: ^
15:41 openstackgerrit Lukas Bezdicka proposed openstack/puppet-keystone: Setup SELinux booleans if running in httpd  https://review.openstack.org/201229
15:41 EmilienM social: should not it be packaging thing ^ ?
15:42 EmilienM IMHO, openstack-horizon package should handle SElinux
15:42 social EmilienM: why? openstack-horizon provides service
15:42 social EmilienM: let me ask someone more experienced :)
15:42 EmilienM social: so does openstack-selinux.rpm
15:43 social EmilienM: openstack-selinux rpm is hack that should not exist
15:43 EmilienM social: it's out of topic I think
15:43 social EmilienM: but turning on booleans in openstack-horizon is also possible solution
15:43 EmilienM social: 1/ openstack-selinux is (until now) the official package to setup SELinux on nodes 2/ we don't override resources (files, selinux, users/groups, etc) with packaging
15:44 social EmilienM: issue is that it allows several ways of deployment which means it should not pick one by default and should not enable httpd keystone setup
15:44 social EmilienM: so it's up to deployer to enable the bools
15:44 EmilienM this can be discussed
15:45 social EmilienM: simillar to when you run haproxy instead of nova on nova port, you as deployer changed default setup, but yeah, I'll forward this to packagers
15:45 EmilienM your patch is going to fail the CI anyway
15:45 EmilienM SELinux is not enabled on trusty
15:45 social EmilienM: that's why it tests whether the selinux is enabled :)
15:45 EmilienM social: you're trying to solve an issue that we should fix in packaging, not in Puppet
15:45 EmilienM social: no I'm talking about https://review.openstack.org/#/c​/201229/1/manifests/wsgi/apache.pp,cm
15:46 EmilienM ah
15:46 EmilienM there is a test, indeed
15:46 social let's give it -1 for now
15:46 social and get someone from packaging to look at it
15:47 EmilienM social: I get your pain, no worries
15:47 EmilienM social: it's just we have to fix the issues the right way
15:47 social but in my opinion if you are doing nondefault deployment (which is the question here) you should as deployer take care of selinux
15:47 richm packstack test worked - now doing spec/beaker test
15:50 social EmilienM: anyway that one is not that burning as https://review.openstack.org/#/c/200877/ which I'm not sure if it's clean way of fixing the issues
15:50 sergmelikyan joined #puppet-openstack
15:51 EmilienM social: could you please report bugs on Launchpad & use a topic (see spredzy's work aboug db_sync) for this patch?
15:51 EmilienM social: having BZ in commit message do not really helpp
15:58 openstackgerrit Merged openstack/puppet-modulesync-configs: spec: Add spec_helper_acceptance to common files  https://review.openstack.org/199621
15:58 EmilienM xingchao: in same time, woot ^
15:59 xingchao EmilienM: aha :)
16:13 vinsh_ joined #puppet-openstack
16:13 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
16:14 cwolferh joined #puppet-openstack
16:19 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: Transform keystone::roles::admin Class into a Define  https://review.openstack.org/199676
16:21 openstackgerrit Merged openstack/puppet-glance: Add support for RabbitMQ connection heartbeat  https://review.openstack.org/194354
16:22 mgarza_ joined #puppet-openstack
16:26 openstackgerrit Merged openstack/puppet-cinder: Add support for RabbitMQ connection heartbeat  https://review.openstack.org/194343
16:28 openstackgerrit Merged openstack/puppet-nova: Add support for RabbitMQ connection heartbeat  https://review.openstack.org/194315
16:29 leanderthal joined #puppet-openstack
16:45 aimon joined #puppet-openstack
16:45 ducttape_ joined #puppet-openstack
16:48 EmilienM crinkle: richm and I found some issues in puppet-keystone/v3 and probably something in openstacklib
16:48 EmilienM richm: I'm writing a bug report
16:49 crinkle yay bugs \o/
16:49 EmilienM crinkle: this one is funky
16:49 EmilienM funky = funny + tricky
16:58 morazi joined #puppet-openstack
16:58 EmilienM richm, crinkle: https://bugs.launchpad.net/p​uppet-keystone/+bug/1474059
16:59 openstack Launchpad bug 1474059 in puppet-keystone "when WSGI enabled: domain service is unavailable during first Puppet run" [Undecided,New]
17:00 crinkle EmilienM: the "Notice: Puppet::Provider::Openstack: domain service is unavailable. Will retry for up to 10 seconds." is irrelevant, it means it waited and tried again
17:00 crinkle EmilienM: the error starts on "Error: Could not prefetch keystone_domain provider 'openstack': undefined method `collect' for nil:NilClass"
17:00 richm ok - this is what I did - I just replaced 'keystone' with 'httpd' in keystone_domain.rb autorequire(:service)
17:00 EmilienM richm: and it worked??
17:00 richm now I get two errors only - it seems the tests for ports 5000 and 35357 are not working
17:00 EmilienM richm: the service name is not looked up then
17:00 EmilienM wth
17:00 EmilienM crinkle: ok thx
17:01 crinkle er i might be wrong, what richm is saying makes it sound relevant
17:01 richm I thought the service name was 'keystone', no matter if it was using eventlet or wsgi
17:01 EmilienM yes
17:02 EmilienM me too
17:02 crinkle there is a service resource named keystone but it will be ensure => stopped if using wsgi
17:02 crinkle and the httpd service is the one that matters
17:02 richm so how do we fix this so that autorequire(:service) 'keystone' will actually work?
17:02 xingchao joined #puppet-openstack
17:02 crinkle just have two autorequires
17:02 EmilienM ohh
17:03 EmilienM richm: something like https://github.com/puppetlabs/puppetlabs-firew​all/blob/69fa795bc36d738a8aed26ad8c2dd79ff3d13​5fa/lib/puppet/type/firewallchain.rb#L151-L157
17:03 richm autorequire(:service) ['keystone', 'httpd'] ?
17:03 aimon_ joined #puppet-openstack
17:03 EmilienM no because it will never be created if not using WSGI
17:03 richm how does the keystone_domain.rb type code know if we are using eventlet or wsgi?
17:03 EmilienM richm: look iptalbes code
17:04 crinkle richm: it doesn't need to know, just autorequire both of them
17:04 crinkle richm: whichever one is in the catalog is the one that it will use
17:04 richm and it will just ignore the other one if it is not in the catalog?
17:04 EmilienM crinkle: it won't wail if it does not find one of both?
17:04 crinkle EmilienM: no
17:04 * EmilienM reading https://docs.puppetlabs.com/guides/cus​tom_types.html#automatic-relationships
17:04 aimon joined #puppet-openstack
17:04 richm so autorequire(:service) { ['keystone', 'httpd']  }
17:05 EmilienM "Note that this won’t throw an error if resources with those names do not exist"
17:05 crinkle autorequire just adds the relationship if the resource is in the catalog
17:05 EmilienM crinkle wrote that doc I'm sure !
17:05 crinkle otherwise it doesn't care
17:05 richm ack
17:05 EmilienM richm: do you submit the patch?
17:08 richm 1
17:09 richm 1) every type needs to have ['httpd', 'keystone']
17:09 richm 2) this needs to be backported back to juno
17:09 EmilienM yes
17:09 richm since we supported wsgi in juno (and even before, I think)
17:09 EmilienM for 2, I don't know
17:09 EmilienM nobody reported the bug before it's weird
17:10 richm I would think that we would have had problems, except that probably the intersection of the sets of people using wsgi, and those using puppet, is the null set
17:10 EmilienM https://github.com/openstack/puppet-keystone/blob​/stable/juno/lib/puppet/type/keystone_role.rb#L25
17:10 EmilienM yes
17:10 EmilienM we need to fix juno
17:10 richm ok
17:10 richm I can patch that
17:10 richm is there a bug open yet?
17:10 EmilienM https://bugs.launchpad.net/p​uppet-keystone/+bug/1474059
17:10 openstack Launchpad bug 1474059 in puppet-keystone "when WSGI enabled: domain service is unavailable during first Puppet run" [Critical,New]
17:11 EmilienM richm: you patch juno and I patch master/kilo ok ?
17:11 richm well, whoever patches master, we'll just cherry pick that patch to kilo and juno?
17:11 EmilienM no
17:12 EmilienM don't you think it fails to merge?
17:12 EmilienM maybe not, indeed
17:12 EmilienM richm: ok, go ahead to patch master first
17:12 richm if it fails, I'll manually fixup the cherry
17:12 richm ok
17:12 EmilienM richm: perfect
17:15 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
17:22 richm ok - problem
17:22 richm what if 'httpd' is in the catalog, in a way that is completely unrelated to keystone - that is, keystone is using eventlet so the service name is just 'keystone'
17:23 richm what will happen now that we have an autorequire(:service) ['httpd', 'keystone']
17:23 richm ?
17:23 richm will it wait until the completely unrelated 'httpd' service is up and running?
17:23 delattec joined #puppet-openstack
17:24 richm for example, if you have horizon and keystone in the same manifest, and keystone is using eventlet, not wsgi?
17:34 EmilienM richm: I think it's ok, we just want the relationship if the resource is in the catalog
17:34 EmilienM but there is a race condition here
17:35 EmilienM richm: in fact no, thanks to the autorequire, we are sure the resource will be created *after* apache is started, even if not used
17:35 EmilienM I don't see any trouble here, any thoughts?
17:37 pabelanger joined #puppet-openstack
17:39 EmilienM pabelanger: good to know you might join our sprint
17:39 EmilienM pabelanger: I was planning to work on CI things
17:39 pabelanger EmilienM, either way, going to start attending weekly meetings and see if I can lend a hand
17:40 EmilienM pabelanger: awesome!
17:40 EmilienM we need hands on CI
17:40 EmilienM for example, i'm currently thinking at how to get logs in our jobs
17:40 pabelanger EmilienM, Ya. Want to get more REL coverage for our -infra puppet modules, figured I learn from how openstack-puppet is doing it.  I know crinkle is doing a lot of work on it too
17:40 EmilienM pabelanger: see https://review.openstack.org/#/c/199712/
17:41 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: get logs in jenkins workspace  https://review.openstack.org/199712
17:43 EmilienM pabelanger: also working on running tempest on our beaker jobs
17:43 EmilienM pabelanger: https://review.openstack.org/#/c/198561
17:43 pabelanger EmilienM, interesting. Ya, still trying to wrap my head around some of the beaker stuff.  But looks like the right tool for more functional testing
17:43 EmilienM pabelanger: and the last big thing I want to do is to have a new job to run a whole openstack node
17:43 sergmelikyan joined #puppet-openstack
17:45 pabelanger EmilienM, Ya, that would be nice. I've always thought of writing a devstack project out of puppet modules for testing tempest. Then running it in parallel to devstack
17:45 pabelanger that way, we'd be testing packaging too, vs git install
17:45 EmilienM this is our plan
17:46 EmilienM pabelanger: we have a grenade plan also, but let me take my lunch and I come back :)
17:46 pabelanger EmilienM, Ya, I've never had time to focus on it. If you have a etherpad / spec about the effort I'd be interested in reading it.
17:47 pabelanger EmilienM, My first effort of a devstack style project using puppet was for something I was working on before joining Red Hat. https://github.com/kickstandproject-dev/grunt
17:47 pabelanger pretty simple, but worked well for my needs
17:47 pabelanger was using puppet-keystone and puppet-ceilometer for my functional testing
17:48 pabelanger but, I was installing my code from git, vs packages
17:48 pabelanger ended up using facter if I wanted to override puppet variables
17:48 pabelanger at run time
17:51 morazi joined #puppet-openstack
17:57 EmilienM pabelanger: nice
17:57 EmilienM i'll look in dept
17:58 EmilienM pabelanger: no I don't have any etherpad or spec, but I'm preparing an etherpad today
17:58 EmilienM it was just in my mind
17:58 EmilienM and I was playing with CI
17:58 pabelanger EmilienM, Ya, same. Something I've always been wanting to work on, if I had some time to do it :)
17:59 EmilienM pabelanger: I do have the time
17:59 pabelanger EmilienM, well, if you get an etherpad going, I'm more then happy to collaborate.
17:59 EmilienM pabelanger: I now focus 60% of my time to Puppet/CI
18:00 pabelanger EmilienM, Ya, I think I could get some time to focus on it too
18:04 xarses joined #puppet-openstack
18:08 openstackgerrit Clayton O'Neill proposed openstack/puppet-designate: Add hooks for external install & svc management  https://review.openstack.org/197172
18:14 richm EmilienM: re: httpd/keystone - I think it may be a problem
18:14 EmilienM richm: why?
18:14 richm consider a case where both horizon and keystone are in the same manifest
18:15 richm keystone uses eventlet
18:15 richm keystone_domain.rb types etc. use autorequire(:service) ['httpd', 'keystone']
18:15 richm that means, since 'httpd' is in the catalog, that keystone has to wait for both keystone and httpd
18:16 richm what if horizon needs keystone to be up before it can configure httpd appropriately?
18:16 richm then you get a deadlock
18:16 richm keystone is waiting for 'httpd', and horizon is waiting for 'keystone'
18:17 EmilienM pabelanger: https://etherpad.openstack​.org/p/puppet-openstack-CI
18:17 EmilienM pabelanger: all my mind is in there
18:18 pabelanger EmilienM, okay, will check it out in a bit
18:18 EmilienM richm: horizon is waiting for keystone?
18:18 richm EmilienM: yes
18:19 richm let's say horizon has to ensure some sort of keystone resource e.g. the horizon user, before it starts
18:21 EmilienM right
18:22 EmilienM richm: I have a solution
18:23 EmilienM maybe
18:25 EmilienM richm: maybe with an anchor
18:26 EmilienM but last time I talked about anchors, people insulted me :)
18:28 EmilienM richm: I don't see any dep between puppet horizon & puppet-keystone
18:30 sergmelikyan joined #puppet-openstack
18:32 mgagne EmilienM: I like anchor when done correctly =)
18:33 EmilienM mgagne: I don't any other solution here
18:33 EmilienM mgagne: but afik, anchors need PuppetDB, right?
18:34 mgagne EmilienM: no
18:34 delattec joined #puppet-openstack
18:34 EmilienM cool I'm wrong
18:34 mgagne EmilienM: they are just dummy resources which you can "anchor to" (create relationships)
18:34 EmilienM exactly what we need
18:34 mgagne EmilienM: and force containment/order
18:34 EmilienM crinkle: wdyt?
18:43 mfisch did you guys all get contrib codes to register for Tokyo?
18:43 mfisch I got one but I have a non-puppet commit I think
18:48 EmilienM mgagne, richm: what if we put in ::keystone: Service[$service_name] -> Keystone_domain<||>
18:49 pabelanger EmilienM, adding an update to etherpad
18:49 pabelanger just brain dumping
18:50 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
18:50 EmilienM pabelanger: you're duplicating the AIO thing I wrote
18:50 dfisher joined #puppet-openstack
18:50 pabelanger EmilienM, Ah, I didn't know what AIO was
18:51 crinkle EmilienM: anchor wfm
18:51 EmilienM crinkle: and having Service[$service_name] -> Keystone_domain<||> in init.pp ?
18:52 crinkle EmilienM: i thought keystone_domain would autorequire the ancjor
18:52 EmilienM crinkle: if I do Service[$service_name] -> Keystone_domain<||> - I don't use anchor
18:53 crinkle i would rather not have -> Keystone_domain<||>
18:53 EmilienM why ?
18:54 crinkle <||> has the problem that it realizes virtual resources and i can imagine that a user might want to have virtual keystone domain resources
18:54 crinkle what is insufficient about tje anchor idea?
18:54 EmilienM ok go for anchor
18:54 crinkle i'm on phone so typing slow
18:54 EmilienM crinkle: multi tasking :P
18:54 EmilienM richm: starting anchor code right now
18:58 openstackgerrit Paul Belanger proposed openstack/puppet-openstack-integration: Add LICENSE file  https://review.openstack.org/201296
18:58 EmilienM crinkle: I see the case when pacemaker is managing keystone or apache
19:05 openstackgerrit Paul Belanger proposed openstack/puppet-openstack-integration: [WIP] Initial commit for keystone  https://review.openstack.org/201298
19:14 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: Use an Anchor when service is managed  https://review.openstack.org/201300
19:14 EmilienM mgagne, crinkle: ^
19:14 crinkle EmilienM: what about that case?
19:14 EmilienM crinkle: pacemaker?
19:14 crinkle EmilienM: yes?
19:15 aimon joined #puppet-openstack
19:15 pabelanger EmilienM, my understanding was http://www.apache.org/licenses/LICENSE-2.0.txt was preferred for openstack projects.
19:15 EmilienM crinkle: I don't see the trouble here, since we just change the service_provider of Service resource when running pacemaker. But Service['keystone'] is still enabled
19:15 pabelanger trying to find some documentation about it, but could be wrong
19:16 EmilienM pabelanger: you're prob right, just thought to highlight it
19:16 EmilienM pabelanger: not worth -1 though
19:17 pabelanger EmilienM, okay. Going to ask either way
19:18 crinkle btw i'm in and out this afternoon, back later tonight
19:18 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
19:18 EmilienM crinkle: ack
19:23 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
19:30 EmilienM pabelanger: how do you plan to structure the manifests for AIO?
19:30 EmilienM we might need design discussion
19:32 pabelanger EmilienM, agreed. I was thinking each service has its own manifest, which would be included from a top-level manifest.
19:32 crinkle maybe a spec would be good
19:32 pabelanger something like single.pp would include keystone.pp which is setup for a single node
19:32 EmilienM crinkle: +1
19:32 pabelanger don't have an issue getting a spec up
19:32 pabelanger figure I'd hack something up first
19:33 pabelanger I imagine everybody has a way of doing it already envisioned in their head
19:33 EmilienM pabelanger: instead of create a composition layer, I would rather see some Hiera around here
19:33 EmilienM it will save a lot of code and allow flexibility
19:34 aimon joined #puppet-openstack
19:36 pabelanger hiera is possible
19:40 openstackgerrit Paul Belanger proposed openstack/puppet-openstack-integration: Give execute permissions to install_modules.sh  https://review.openstack.org/201307
19:40 openstackgerrit Paul Belanger proposed openstack/puppet-openstack-integration: [WIP] Initial commit for keystone  https://review.openstack.org/201298
19:44 blentz joined #puppet-openstack
19:45 aimon joined #puppet-openstack
19:46 EmilienM crinkle: anchor does not work in the patch. If you around can you explain why exactly virtual resource can't work for us?
19:48 EmilienM richm: the anchor is not created
19:48 EmilienM richm: I'm looking at why
19:53 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: Use an Anchor when service is managed  https://review.openstack.org/201300
19:54 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
19:55 rwsu joined #puppet-openstack
20:01 imcsk8_ joined #puppet-openstack
20:06 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: Use an Anchor when service is managed  https://review.openstack.org/201300
20:06 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
20:07 aimon joined #puppet-openstack
20:09 dgurtner joined #puppet-openstack
20:09 dgurtner joined #puppet-openstack
20:21 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: validate Keystone with Tempest  https://review.openstack.org/198561
20:25 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: validate Keystone with Tempest  https://review.openstack.org/198561
20:29 rwsu joined #puppet-openstack
20:29 EmilienM Hunner or _ody: I think we need help with https://bugs.launchpad.net/p​uppet-keystone/+bug/1474059
20:29 openstack Launchpad bug 1474059 in puppet-keystone "when WSGI enabled: domain service is unavailable during first Puppet run" [Critical,In progress] - Assigned to Emilien Macchi (emilienm)
20:30 openstackgerrit Paul Belanger proposed openstack/puppet-openstack-integration: [WIP] Initial commit for keystone  https://review.openstack.org/201298
20:39 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: Use an Anchor when service is managed  https://review.openstack.org/201300
20:39 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
20:40 cwolferh joined #puppet-openstack
20:42 Hunner EmilienM: side note, the collect on nil is because https://github.com/openstack/puppet-k​eystone/blob/master/lib/puppet/provid​er/keystone_domain/openstack.rb#L107 should be something like `(request('domain','list') || []).collect`
20:44 richm are you sure that request doesn't return [] if no domains are found?
20:44 richm I mean, how could it have worked this way for all this time?
20:44 richm Did we just get lucky for several weeks?
20:46 EmilienM Hunner: ^
20:47 EmilienM I can't make the Anchor thing working :(
20:48 richm https://github.com/openstack/puppet-openstacklib/​blob/master/lib/puppet/provider/openstack.rb#L25
20:50 Hunner richm: https://github.com/openstack/puppet-openstacklib/​blob/master/lib/puppet/provider/openstack.rb#L20 starts out nil
20:50 Hunner and is what is returned, so yes it returns nil
20:50 Hunner So better idea would be to have that default to Array.new instead of nil
20:51 richm it doesn't always return an array
20:51 Hunner EmilienM: It sounds like you think openstacklib's request method for timing out is not working correctly?
20:51 Hunner richm: Okay, then never mind
20:51 richm and it still doesn't explain why it works at all
20:52 EmilienM Hunner: also I'm wondering why https://review.openstack.org/201300 do not work
20:52 richm so basically, every time request('object', 'list') is called and returns an empty list, we should get an exception?
20:53 richm I'm not arguing that for safety's sake, returning || [] is probably the right thing to do
20:54 richm I'm just trying to figure out what underlying condition is causing request() to return nil
20:54 rcallawa joined #puppet-openstack
20:57 delatte joined #puppet-openstack
20:58 richm because https://github.com/openstack/puppet-openstacklib/​blob/master/lib/puppet/provider/openstack.rb#L27 parse_csv will _always_ return an array
20:58 richm or raise an exception
20:58 Hunner richm: Yeah, response.collect is fine. It will return nil if it hits the rescue and break without ever getting a value
20:59 richm are you saying that it is possible for https://github.com/openstack/puppe​t-openstacklib/blob/master/lib/pup​pet/provider/openstack.rb#L30-L33 to raise an exception that would cause rv to be nil?
21:00 richm and not raise the exception to the caller instead?
21:01 richm Hunner: ^^
21:02 richm Hunner: because afaict, collect will _always_ return an array, even if it is empty
21:02 richm so, not nil there either
21:02 Hunner richm: https://github.com/openstack/puppet-openstacklib/​blob/master/lib/puppet/provider/openstack.rb#L26 could raise and cause rv to be nil
21:02 richm Hunner: then why don't I see the exception that it is raising?
21:03 richm maybe the withenv is absorbing the raise and turning it into a nil return?
21:03 Hunner richm: Because it's caught by the rescue... that's why you see the first sleep message before the collect on nil message
21:04 richm Hunner: caught here?  https://github.com/openstack/puppet-openstacklib/​blob/master/lib/puppet/provider/openstack.rb#L52
21:04 richm ok
21:04 richm so if we timeout, it will return nil
21:04 Hunner yep
21:05 Hunner And something appears to be wrong with the timeout code since it just says 10 seconds then moves on
21:05 delattec joined #puppet-openstack
21:07 richm hmm - 1) would it be better to return nil to the providers, or raise some sort of timeout exception? 2) what exactly should the subclass provider do if request times out?
21:15 openstackgerrit Bradley Klein proposed openstack/puppet-monasca: Change to support api config for remote database  https://review.openstack.org/200182
21:16 Hunner richm: I think timeouts are unexpected and so returning nil is the wrong thing to do. https://github.com/openstack/puppet-openstacklib/​blob/master/lib/puppet/provider/openstack.rb#L58
21:16 Hunner That should be a raise. The only break should be above before the rescue after rv is set
21:17 richm so a timeout should raise some sort of Timeout exception to the caller?
21:23 richm Hunner: ^^
21:24 richm I guess that's fine.  It will get propagated all the way out to the main app if the caller doesn't know what to do
21:24 Hunner Or just raise the original e, since at that point it's considered correct?
21:24 richm Hunner: yes
21:36 EmilienM richm, Hunner: in that case, is it possible 1/ httpd is longer to start than the eventlet process, so we take more time to be ready for the keystone_domain request 2/ oslib does not handle well timeouts ?
21:37 richm yes, we could increase the timeout, but to what value?
21:37 EmilienM richm: I already tried yesterday
21:37 EmilienM to 20
21:37 EmilienM and it did not change anything
21:38 Hunner I think the timeout may be broken, as in it says it's going to wait but doesn't
21:39 EmilienM Hunner: does the autorequire waits for a running service?
21:39 crinkle i'm surprised this hasn't been an issue before
21:39 Hunner EmilienM: Autoreqire is basically adding `require` right? So if you have a service resource, that would be evaluated before any resources that autorequire it
21:40 Hunner EmilienM: Whether it is ensure => stopped or running
21:40 EmilienM ok
21:40 Hunner crinkle: I don't know about the history of the code, but something looks fishy in that bug's output and smells like the timeout being shortcircuited
21:42 bklei_ joined #puppet-openstack
21:42 crinkle it's typical for it to fail once, show that message, and then recover
21:42 crinkle if it was timing out it would repeat the message
21:43 crinkle current_time wouldn't be > end_time until after a few more tries and it would keep spitting out that message
21:44 crinkle that's why i think that notice is a red herring
21:44 crinkle i'm curious if the output one the line previous was about the service restarting
21:48 EmilienM crinkle: the question is: why does it work on eventlet and fails on wsgi. My first thought was about a race condition when starting the process (I think it takes more time to start httpd than keystone eventlet)
21:49 crinkle EmilienM: but then it would show that and repeat the "Will retry for..." message while it was waiting
21:49 crinkle that's what that's for
21:50 EmilienM crinkle: I tried with 20s last night, same result
21:50 crinkle i would try running the command by itself and see what it does
21:50 EmilienM I think we have two issues here
21:50 EmilienM 1/ timeout message
21:51 EmilienM 2/ keystone resource orchestration to make sure to create them *after* keystone is run whatever wsgi or eventlet
21:51 crinkle so after puppet exits, see it apache is running and see if keystone responds to commands
21:51 * crinkle afk
21:52 EmilienM Hunner: I was wrong, when running wsgi, autorequire is useless currently, because service['keystone'] is stopped
21:53 EmilienM Hunner: we wanted to add ['httpd'] in the autorequire but it's a bad idea for the reason in the https://review.openstack.org/#/c/201300/ commit message
21:53 EmilienM I'im still convainced an Anchor would help
21:54 Hunner EmilienM: I'm not sure about your intended order of operations when using/not using http... :/
21:54 Hunner It sounds like sometimes you manage one service and sometimes two?
21:54 Hunner Are you managing httpd from another module, or in the keystone module?
21:55 EmilienM Hunner: 1/ if I run eventlet, Service['keystone'] ensure => running
21:55 EmilienM Hunner: 1/ if I run wsgi, Service['keystone'] ensure => stopped
21:55 EmilienM oops 2/
21:55 EmilienM Hunner: the 2/ make sure apache is running since we include ::apache
21:55 EmilienM and we have a dependency in init
21:55 Hunner And does it go keystone => apache => resources when using apache?
21:56 EmilienM https://github.com/openstack/puppet-keys​tone/blob/master/manifests/init.pp#L529
21:56 EmilienM no
21:56 EmilienM we 1/ make sure to stop keystone 2/ start apache
21:56 EmilienM File['/etc/keystone/keystone.conf'] -> Keystone_config<||> ~> Service[httpd]
21:57 EmilienM https://github.com/openstack/puppet-keysto​ne/blob/master/manifests/init.pp#L866-L873
21:57 EmilienM Hunner: look that ^
21:57 EmilienM stopped
21:57 Hunner EmilienM: What if you throw an anchor on the end of https://github.com/openstack/puppet-keys​tone/blob/master/manifests/init.pp#L529 and make resources autorequire that anchor?
21:58 EmilienM Hunner: I was doing that now
21:58 EmilienM Hunner: my mistake is I did the anchor in the keystone::service
21:58 EmilienM but the service is disabled
21:58 EmilienM I'm so dumb
21:59 EmilienM Hunner: on which resource then?
22:00 EmilienM on Service[$service_name] probably
22:04 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: Use an Anchor when service is managed  https://review.openstack.org/201300
22:04 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
22:05 EmilienM Hunner: ^
22:11 rcallawa joined #puppet-openstack
22:12 EmilienM richm, crinkle, Hunner my patch works
22:13 EmilienM I just tested it
22:14 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: Use an Anchor when service is managed  https://review.openstack.org/201300
22:15 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone: acceptance: run keystone in a WSGI server by default  https://review.openstack.org/200827
22:15 EmilienM mfisch: I have wsgi working out of the box now, please forget my questions from last night
22:21 rcallawa_ joined #puppet-openstack
22:24 EmilienM richm: with my patch, I don't see any timeout issue
22:27 richm EmilienM: excellent
22:27 markvoelker joined #puppet-openstack
22:27 markvoelker joined #puppet-openstack
22:33 gildub joined #puppet-openstack
22:38 EmilienM richm: though we would keep an eye on this issue
22:38 richm yes
22:44 morazi joined #puppet-openstack
23:17 openstackgerrit Merged openstack/puppet-openstack-specs: Blueprint: Define our master branch policy  https://review.openstack.org/180141
23:28 topshare joined #puppet-openstack
23:38 openstackgerrit Merged openstack/puppet-monasca: Change to support api config for remote database  https://review.openstack.org/200182
23:42 xarses joined #puppet-openstack
23:44 ducttape_ joined #puppet-openstack
23:53 xingchao joined #puppet-openstack

| Channels | #puppet-openstack index | Today | | Search | Google Search | Plain-Text | summary