Perl 6 - the future is here, just unevenly distributed

IRC log for #puppet-openstack, 2015-09-17

| Channels | #puppet-openstack index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:06 markvoelker joined #puppet-openstack
00:15 karume joined #puppet-openstack
00:15 ducttape_ joined #puppet-openstack
00:22 aimon joined #puppet-openstack
00:27 aimon_ joined #puppet-openstack
00:38 xingchao joined #puppet-openstack
00:42 ibba joined #puppet-openstack
00:57 tiswanso joined #puppet-openstack
00:58 tiswanso joined #puppet-openstack
00:58 zhangjn joined #puppet-openstack
00:59 gildub EmilienM, Hi - looks like CI is still broken, is that correct?
00:59 tiswanso_ joined #puppet-openstack
01:01 yogesh-pc joined #puppet-openstack
01:03 gildub joined #puppet-openstack
01:04 sanjayu joined #puppet-openstack
01:06 markvoelker joined #puppet-openstack
01:16 EmilienM gildub: yes
01:16 EmilienM rdo servers
01:17 EmilienM disk issues, etc... sad day
01:36 zhangjn joined #puppet-openstack
01:36 aimon joined #puppet-openstack
01:40 xarses joined #puppet-openstack
01:51 openstackgerrit Adam Vinsh proposed openstack/puppet-swift: Manage swift with swiftinit service provider  https://review.openstack.org/203220
02:00 gildub EmilienM, ok, thanks
02:04 karume joined #puppet-openstack
02:25 vinsh my review just went through all of CI
02:26 vinsh they all ran and passed, looks like repos might be working for rdo now
02:30 xingchao joined #puppet-openstack
02:33 aimon_ joined #puppet-openstack
02:36 mjblack joined #puppet-openstack
02:45 gildub joined #puppet-openstack
03:04 ducttape_ joined #puppet-openstack
03:12 ducttape_ joined #puppet-openstack
03:21 xarses joined #puppet-openstack
03:22 xarses joined #puppet-openstack
03:53 karume joined #puppet-openstack
04:42 fedexo joined #puppet-openstack
04:51 gildub michchap_, xingchao, hi, please review https://review.openstack.org/213906 and https://review.openstack.org/213957
05:35 xarses joined #puppet-openstack
05:41 karume joined #puppet-openstack
05:51 gfidente joined #puppet-openstack
06:02 openstackgerrit Michal Rostecki proposed openstack/puppet-glance: [DO NOT MERGE] CI check for stable/juno  https://review.openstack.org/224436
06:11 xingchao joined #puppet-openstack
06:35 nihilifer hello
06:36 nihilifer what stable branches we support?
06:36 nihilifer I see that for almost all puppet-* project on stable branches, CI fails on tests for Puppet 4.0
06:37 nihilifer I mean stable/juno and stable/icehouse
06:38 nihilifer if we support these branches, I think we need to make some jobs non-voting for them
06:48 openstackgerrit Michal Rostecki proposed openstack/puppet-glance: [DO NOT MERGE] CI check for stable/juno  https://review.openstack.org/224454
06:50 stamak joined #puppet-openstack
07:15 stamak joined #puppet-openstack
07:46 openstackgerrit zhangguoqing proposed openstack/puppet-keystone: Fix README about Setup  https://review.openstack.org/224468
07:48 gildub EmilienM, How to edit the wiki? I can't find the corresponding git repo.
07:50 spredzy gildub, no repo https://wiki.openstack.org/wiki/Puppet
07:50 spredzy top-right corner
07:50 spredzy if that is what you were refering to
07:50 gildub spredzy, yeah, darn scroll bar! Thanks
07:51 spredzy yw :)
07:53 ibba joined #puppet-openstack
07:54 markvoelker joined #puppet-openstack
08:07 paramite joined #puppet-openstack
08:15 stamak joined #puppet-openstack
08:18 karume joined #puppet-openstack
08:18 xarses joined #puppet-openstack
08:19 xarses joined #puppet-openstack
08:20 jistr joined #puppet-openstack
08:27 openstackgerrit Michal Rostecki proposed openstack/puppet-glance: [DO NOT MERGE] Check CI on stable/juno  https://review.openstack.org/224478
08:29 openstackgerrit Athlan-Guyot sofer proposed openstack/puppet-keystone: New provider for keystone domain configuration.  https://review.openstack.org/219289
08:33 openstackgerrit Michal Rostecki proposed openstack/puppet-glance: [DO NOT MERGE] Check CI for stable/icehouse  https://review.openstack.org/224482
08:33 derekh joined #puppet-openstack
08:42 arnaud_orange joined #puppet-openstack
08:47 openstackgerrit Michael Polenchuk proposed openstack/puppet-nova: Avoid empty notification driver  https://review.openstack.org/220448
09:02 xingchao joined #puppet-openstack
09:04 nihilifer I proposed a patch for project-config to unlock stable branches https://review.openstack.org/#/c/224496/
09:06 xingchao joined #puppet-openstack
09:18 chandankumar joined #puppet-openstack
09:36 openstackgerrit Ramkumar Gowrishankar proposed openstack/puppet-neutron: Support for Nuage Neutron plugin and Nuage VRS in puppet-neutron  https://review.openstack.org/214798
09:43 arnaud_orange joined #puppet-openstack
09:55 igajsin joined #puppet-openstack
09:55 markvoelker joined #puppet-openstack
09:57 xingchao joined #puppet-openstack
09:57 igajsin left #puppet-openstack
09:58 openstackgerrit Sebastien Badia proposed openstack/puppet-heat: Bump rspec-puppet to 2.1.0  https://review.openstack.org/224548
10:06 openstackgerrit Athlan-Guyot sofer proposed openstack/puppet-keystone: Resource keystone_identity_provider for Keystone.  https://review.openstack.org/202689
11:02 timbyr_ joined #puppet-openstack
11:06 ferest joined #puppet-openstack
11:22 openstackgerrit Michal Rostecki proposed openstack/puppet-heat: Add an ability to manage use_stderr parameter  https://review.openstack.org/223999
11:26 markvoelker joined #puppet-openstack
11:28 dprince joined #puppet-openstack
11:31 openstackgerrit Michal Rostecki proposed openstack/puppet-heat: Bump rspec-puppet to 2.1.0  https://review.openstack.org/224582
11:31 openstackgerrit Sebastien Badia proposed openstack/puppet-ceilometer: Bump rspec-puppet to 2.1.0  https://review.openstack.org/224583
11:37 openstackgerrit Sebastien Badia proposed openstack/puppet-cinder: Bump rspec-puppet to 2.1.0  https://review.openstack.org/224585
11:39 ddmitriev1 joined #puppet-openstack
11:47 markvoelker joined #puppet-openstack
11:51 EmilienM good morning
11:58 openstackgerrit Sergey Kolekonov proposed openstack/puppet-neutron: Add retries to nova_admin_tenant_id_setter  https://review.openstack.org/194673
12:01 openstackgerrit Sergey Kolekonov proposed openstack/puppet-neutron: Add retries to nova_admin_tenant_id_setter  https://review.openstack.org/194673
12:04 openstackgerrit Michal Rostecki proposed openstack/puppet-keystone: Bump rspec-puppet to 2.1.0  https://review.openstack.org/224590
12:08 openstackgerrit Michal Rostecki proposed openstack/puppet-nova: Bump rspec-puppet to 2.1.0  https://review.openstack.org/224591
12:08 sbadia hi!
12:08 sbadia nihilifer: thanks for the backports
12:08 nihilifer sbadia: no problem :)
12:09 nihilifer sbadia: what about icehouse? I respond to your comment in https://review.openstack.org/#/c/224582/
12:10 sbadia nihilifer: but finnaly we decided to not check puppet4 in juno branch :D
12:10 sbadia https://review.openstack.org/#/c/224397/
12:10 sbadia EmilienM: ^
12:10 sbadia nihilifer: oh sorry! I reviewed too fast… sorry…
12:11 sbadia but the emilien patch will fix juno and icehouse :)
12:12 nihilifer ah, I didn't see this patch
12:13 sbadia me too ;-)
12:13 nihilifer ok, I abandoned my patch to project-config
12:16 ducttape_ joined #puppet-openstack
12:24 severion joined #puppet-openstack
12:28 EmilienM nihilifer: which patch?
12:28 sbadia EmilienM: https://review.openstack.org/#/c/224496/
12:28 EmilienM sbadia: thx
12:29 rochaporto joined #puppet-openstack
12:29 openstackgerrit Michal Rostecki proposed openstack/puppet-nova: Bump rspec-puppet to 2.1.0  https://review.openstack.org/224591
12:34 dprince this would be helpful to TripleO https://review.openstack.org/#/c/223128/
12:35 openstackgerrit Emilien Macchi proposed openstack/puppet-openstack-integration: Disable SElinux on CentOS7 jobs  https://review.openstack.org/224705
12:35 EmilienM sbadia: outstading review for today ^
12:35 EmilienM we wait for CI
12:35 EmilienM and see if it works
12:35 EmilienM social: ^
12:36 social EmilienM: I think it should be in permissive for trunk by default
12:37 morazi joined #puppet-openstack
12:38 EmilienM social: one question - when disabled, are we still applying contexts ?
12:39 EmilienM because Puppet test idempotency and if we are not applying contexts anymore, we would not be able to test Puppet idempotency when SElinux is enforced
12:41 ibba joined #puppet-openstack
12:42 social EmilienM: puppet should not be checking for contexts on selinux disabled systems, but we should just have enforcing set to 0 because we do want it to check for contexts
12:42 EmilienM let me rephrase my question
12:43 social in permissive mode it does set and check contexts
12:43 EmilienM Puppet sometimes manage contexts by default, (File provider specificaly) - we can't really control that
12:44 EmilienM last time, I had to patch puppetlabs-rabbitmq: https://github.com/puppetlabs/puppetlabs-rabbitmq​/commit/0227f762070ffbbea3c28d6a60174de98fa4cc1c
12:44 EmilienM because Puppet was trying to apply a (default) context, while packaging was trying to apply another one
12:44 EmilienM which made Puppet run NON idempotent
12:45 EmilienM we had SElinux enforced so I could detect it in our upstream CI
12:45 EmilienM so my question is: will I still be able to detect that kind of thing if we disable SElinux?
12:46 * spredzy check the file type provider to see how it handles selinux param if SELinux is disabled on the host
12:46 social EmilienM: disabling SELinux means turning it off, in that case no. What you do is turn off enforcing, SELinux is still present it just does not enforce eg if you do something forbidden it'll just log to audit log.
12:46 EmilienM spredzy: it's about 'selinux_ignore_defaults' attribute
12:46 social EmilienM: what you want is selinux in permissive mode - setenforce 0
12:47 EmilienM social: so https://review.openstack.org/224705 will make all of us happy
12:47 social EmilienM: exactly :)
12:47 EmilienM 1/ bring back our CI - 2/ do not deal with future SElinux issues - 3/ still test idempotency with contexts
12:48 EmilienM the 3/ is very important, I'll run some tests today to make sure
12:48 EmilienM I want our CI failing if contexts are differents in packaging & puppet
12:50 spredzy EmilienM, https://github.com/puppetlabs/puppet/blob/​master/lib/puppet/util/selinux.rb#L16-L22
12:50 v1k0d3n joined #puppet-openstack
12:50 EmilienM mhh
12:50 EmilienM that means it won't try to apply contexts I guess
12:50 spredzy EmilienM, and https://github.com/puppetlabs/puppet/blo​b/master/lib/puppet/util/selinux.rb#L38
12:51 spredzy that means is selinux is disabled it will puppet will just skip any selinux related operation
12:51 spredzy s/is/if
12:51 EmilienM which is not what we want
12:51 social spredzy: but it's 3 states selinux disabled, selinux enabled with permissive, selinux enabled with enforcing
12:51 EmilienM we still need to apply contexts
12:53 spredzy EmilienM, sorry can you repeat the context I don't get it I was answering <EmilienM> social: one question - when disabled, are we still applying contexts ?
12:54 EmilienM https://github.com/puppetlabs/puppetlabs-rabbitmq​/commit/0227f762070ffbbea3c28d6a60174de98fa4cc1c
12:54 EmilienM I created this patch ^^^^ because our Puppet OpenStack CI was down some time ago
12:54 spredzy ok
12:54 EmilienM and it was down because we install SElinux as enforced
12:54 EmilienM and Puppet was applying a context X while packaging Y
12:55 EmilienM it conflicted and Puppet runs were not idempotent
12:55 spredzy ok
12:55 EmilienM my question is: we are 'permissiving' SELinux now - are we going to be able to detect this kind of situation  again?
12:56 EmilienM I know it's very tricky - but I feel important to keep SElinux in the loop because our users strongly use it - so we might have an interest to make sure our modules can live with SElinux enforced
12:56 spredzy EmilienM, yes, because even if permissive labels are actually created
12:56 spredzy so puppet will still want to change the label if it doesn't match
12:56 openstackgerrit Merged openstack/puppet-openstack-integration: run_tests: stop pinning tempest repo  https://review.openstack.org/222621
12:57 spredzy EmilienM, as long as we do not disable selinux labels are applied (with permissive they are just not enforced)
12:57 EmilienM cool
12:57 pradk joined #puppet-openstack
12:58 spredzy social, ^ agree ?
12:58 EmilienM spredzy: but in your code, I'm not sure it applies contexts in permissive mode
12:58 social EmilienM: it does
12:58 EmilienM ok
12:58 openstackgerrit John Trowbridge proposed openstack/puppet-ironic: Add ironic-inspector support  https://review.openstack.org/223690
12:59 spredzy Normally enabled = (Enforcing, Permissive) disabled = disabled
12:59 EmilienM ok
13:00 EmilienM i'll test anyway :P
13:00 EmilienM ouch, gate is busy today
13:04 vinsh If the Gate had a Bar.. it would be more fun to hang out at.
13:08 EmilienM vinsh: I would be drunk.
13:08 vinsh :D
13:10 richm joined #puppet-openstack
13:13 EmilienM it works: https://jenkins06.openstack.org/job/gate-puppet-o​penstack-integration-dsvm-centos7/90/consoleFull
13:23 mattymo joined #puppet-openstack
13:27 su_zhang joined #puppet-openstack
13:32 openstackgerrit joined #puppet-openstack
13:33 tiswanso joined #puppet-openstack
13:40 degorenko hello folks! EmilienM spredzy sbadia can you please review https://review.openstack.org/220090 , https://review.openstack.org/222142
13:42 sbadia degorenko: done
13:42 sbadia thanks!!
13:42 degorenko sbadia, thank you :)
13:43 sbadia np
13:43 mattymo_ sbadia, EmilienM spredzy what URL are you using when configuring adminURL for keystone endpoint?
13:44 openstackgerrit John Trowbridge proposed openstack/puppet-ironic: Add ironic-inspector support  https://review.openstack.org/223690
13:44 mattymo_ the same IP as internalUrl or publicUrl?
13:45 zhangjn joined #puppet-openstack
13:46 su_zhang joined #puppet-openstack
13:46 dprince joined #puppet-openstack
13:46 zhangjn joined #puppet-openstack
13:49 spredzy mattymo, if I understand your question correctly  this depends on your setup / network isolation level
13:49 spredzy ie. Do you have one network for internal another for public and another for admin
13:49 spredzy is it the same for everyone
13:49 spredzy etc..
13:50 spredzy degorenko, done
13:52 openstackgerrit Sergey Kolekonov proposed openstack/puppet-neutron: Add parameters for Neutron QoS support  https://review.openstack.org/216654
13:57 degorenko spredzy, thanks, and about your comment, i'll do it but in next patch, because this one is revert :) https://review.openstack.org/#/c/222144
13:58 kindjal joined #puppet-openstack
13:58 degorenko spredzy, btw, we still have open discussion about include/require L)
13:58 degorenko :)
13:58 arnaud_orange joined #puppet-openstack
13:59 spredzy degorenko, removed my -1, ok for adding this in another patch
13:59 spredzy degorenko, I gave my opinion :) you should ping the other :p
13:59 degorenko sbadia, one more request :D take a look on https://review.openstack.org/#/c/222144 please. What do you think about Yanis' comment in patch set 3
13:59 degorenko spredzy, yep :P
14:00 degorenko spredzy, one more patch :D https://review.openstack.org/#/c/220090/
14:00 degorenko just was in merge conflict
14:01 EmilienM spredzy, sbadia : please look https://review.openstack.org/#/c/224705/
14:02 ducttape_ joined #puppet-openstack
14:03 spredzy EmilienM, degorenko gone
14:03 spredzy s/gone/done
14:03 spredzy :)
14:03 degorenko spredzy, thanks o/
14:05 mattymo_ spredzy, sorry I went AFK
14:05 mattymo_ spredzy, I mean if you set adminUrl in public network, then you can do keystone user-create, user-list, tenant-list etc
14:06 mattymo_ otherwise you must do keystone commands from a host inside internal network or from horizon
14:13 openstackgerrit Merged openstack/puppet-sahara: Revert "Fixed /etc/sahara handling"  https://review.openstack.org/222142
14:19 ericpeterson joined #puppet-openstack
14:26 markvoelker joined #puppet-openstack
14:34 openstackgerrit Denis Egorenko proposed openstack/puppet-sahara: Revert "Fix Sahara installation for Ubuntu"  https://review.openstack.org/222144
14:34 openstackgerrit Denis Egorenko proposed openstack/puppet-sahara: Rely on autorequire for config resource ordering  https://review.openstack.org/224762
14:34 degorenko spredzy, ^
14:34 openstackgerrit Merged openstack/puppet-openstack-integration: Disable SElinux on CentOS7 jobs  https://review.openstack.org/224705
14:35 EmilienM ok CI should be fixed now
14:35 openstackgerrit Athanasios Douitsis proposed openstack/puppet-vswitch: Support for FreeBSD  https://review.openstack.org/191523
14:46 openstackgerrit Iury Gregory Melo Ferreira proposed openstack/puppet-openstack-specs: Changes in enabling federation spec  https://review.openstack.org/223777
14:50 ducttape_ joined #puppet-openstack
14:51 mdorman joined #puppet-openstack
14:54 richm joined #puppet-openstack
15:01 tiswanso joined #puppet-openstack
15:02 sanjayu joined #puppet-openstack
15:04 mattymo_ hey richm
15:13 openstackgerrit Emilien Macchi proposed openstack/puppet-nova: Implement WSGI support for Nova API  https://review.openstack.org/213315
15:20 angdraug joined #puppet-openstack
15:21 richm mattymo_: hello
15:23 mattymo_ richm, when you deploy keystone, do you set adminurl to be in internal network or public network?
15:26 zhangjn joined #puppet-openstack
15:36 xingchao joined #puppet-openstack
15:40 richm mattymo_: "deploy keystone" - how?  "set adminurl" - where?
15:40 richm I'm not sure I understand the question
15:40 mattymo_ sorry I'm not clear
15:41 mattymo_ when deploying keystone service, you need to configure its service endpoints. one for internalurl, one for publicurl, one for adminurl
15:41 richm ok
15:41 mattymo_ let's say my internal network is 192.168.0.0/24 and my public is 10.10.0.0/24 and public routes to the rest of my org
15:41 mattymo_ and interanl doesn't
15:41 mattymo_ internal*
15:42 mattymo_ if I set adminurl inside internal network, then keystone cli commands fail because they require the ability to reach the adminUrl endpoint
15:42 richm I have no idea
15:42 mattymo_ oh ok
15:42 richm You would have to talk to someone who actually does OpenStack deployments
15:42 mattymo_ oh, what do you usually do?
15:44 richm The most I have ever done is a "deployment" using the puppet-keystone spec/acceptance tests, or using packstack for a very simple all-in-one, strictly for dev. testing purposes
15:44 richm I am in no way qualified to be an operator
15:50 myatsenko joined #puppet-openstack
15:53 chandankumar joined #puppet-openstack
15:56 skolekonov joined #puppet-openstack
16:01 serg_melikyan joined #puppet-openstack
16:09 ibba joined #puppet-openstack
16:24 tiswanso joined #puppet-openstack
16:26 tiswanso joined #puppet-openstack
16:30 linkedinyou joined #puppet-openstack
16:33 sergmelikyan joined #puppet-openstack
16:35 mdorman joined #puppet-openstack
16:38 aimon joined #puppet-openstack
16:41 fedexo joined #puppet-openstack
16:58 serg_melikyan joined #puppet-openstack
17:08 dprince joined #puppet-openstack
17:09 sergmelikyan joined #puppet-openstack
17:26 xingchao joined #puppet-openstack
17:27 sergmelikyan joined #puppet-openstack
17:50 sergmelikyan joined #puppet-openstack
18:05 dprince joined #puppet-openstack
18:06 imcsk8 EmilienM: some spec tests were failing for this patch https://review.openstack.org/#/c/221991 and i found that there are other parts of the puppet neutron module that try to configure the sriov driver: https://github.com/openstack/puppet-neutron/bl​ob/master/manifests/plugins/ml2/mech_driver.pp my guess is to delete them but i wanted  a second opnion before i send the patch
18:10 aimon joined #puppet-openstack
18:12 chandankumar joined #puppet-openstack
18:28 xingchao joined #puppet-openstack
18:37 xarses joined #puppet-openstack
18:47 mdorman anybody know if there’s any work in flight to improve the new v3 keystone providers… right now for every keystone_user and keystone_user_role resource (I think), it’s doing a separate ‘keystone user list’ call.  so on a system with a large number of users, this increases the run time for puppet substantially (adding 7-8 minutes to our runs, we have ~4000 users.)
18:48 mdorman i can create a new bug if nobody else has looked at this.  this used to be a problem with the previous providers, and we fixed it up so the user list was cached, so it’s kind of a regression on the v3 providers.
18:52 EmilienM there is a bug about that
18:52 EmilienM richm created it
18:52 EmilienM https://bugs.launchpad.net/p​uppet-keystone/+bug/1493450
18:52 openstack Launchpad bug 1493450 in puppet-keystone "bad indirection performance with openstack resources" [Medium,Confirmed]
18:52 EmilienM mdorman: ^
18:55 ducttape_ joined #puppet-openstack
18:58 mdorman awesome thanks
18:58 mdorman probably should have googled/rtfm on that one myself :)
19:00 dprince joined #puppet-openstack
19:04 EmilienM mdorman: feel free to send a patch that fix it, I'm not sure richm is working on it atm
19:08 _ody Did Hunner ever chime in on using the indirector for resource lookups?  I took a look at the code and it looks to have never been intended for the use of providers looking up other resources.
19:19 delattec joined #puppet-openstack
19:23 Hunner sup?
19:25 Hunner One thing I've done is cache the instances, then re-run on cache miss
19:26 EmilienM _ody: fyi i updated the patch you reviewed about nova api/wsgi
19:28 Hunner It's in the f5 provider, so I can't link since it's a private repo, but https://gist.github.com/hu​nner/a1a4bf3505f78b3c94ca is the snippet
19:29 Hunner worst case is still the same speed
19:32 yogesh-pc joined #puppet-openstack
19:37 jfluhmann joined #puppet-openstack
19:42 yogesh-pc EmilienM: any idea to the issue that I was having after installing both the apache and horizon together in the single configuration setup?
19:43 delatte joined #puppet-openstack
19:45 EmilienM yogesh-pc: no idea
19:45 EmilienM mfisch: have you tried already? ^
19:45 EmilienM running keystone wsgi & horizon on the same node?
19:45 EmilienM I don't see why it would fail
19:46 yogesh-pc do I need to do anything to start the horizon service?
19:47 yogesh-pc also I would like to access the admin permission and maybe try couple of openstack commands.. but i do not know how to do it
19:49 openstackgerrit Emilien Macchi proposed openstack/puppet-nova: Implement WSGI support for Nova API  https://review.openstack.org/213315
19:49 yogesh-pc i tried to source local.rc : http://paste.openstack.org/show/466753/
19:50 yogesh-pc and i get following error:
19:50 yogesh-pc http://paste.openstack.org/show/466754/
19:51 derekh joined #puppet-openstack
19:53 EmilienM mdorman: we are actually blocked by https://review.openstack.org/#/c/218059/
19:53 EmilienM if anyone wants to review it go ahead ^
19:54 EmilienM mdorman: can you share your manifest that create users/... resources and that takes time ? I would like to add it in our functional testing CI, it would be a good scenario - thanks
20:12 ericpeterson joined #puppet-openstack
20:17 richm EmilienM: mdorman: we could fix it now - the problem is that it is hideously complex to figure out which user is referenced in a keystone_user_role { 'username@...'
20:17 ducttape_ joined #puppet-openstack
20:17 openstackgerrit Ivan Chavero proposed openstack/puppet-neutron: Split SR-IOV configuration file into driver and agent pieces  https://review.openstack.org/221991
20:17 richm The complexity will be reduced a great deal if we can ever figure out a way to deal with the name + domain naming issue
20:18 richm so I'm reluctant to fix it, then fix it again
20:20 openstackgerrit Iury Gregory Melo Ferreira proposed openstack/puppet-keystone: [WIP] Support for Keystone as Service Provider  https://review.openstack.org/216821
20:24 openstackgerrit Ivan Chavero proposed openstack/puppet-neutron: Split SR-IOV configuration file into driver and agent pieces  https://review.openstack.org/221991
20:43 chem joined #puppet-openstack
20:58 iurygregory EmilienM, do you know a puppet lib to modify xml files? in the service provider i need to apply changes in the keystone configuration in Apache. =)
20:59 EmilienM iurygregory: xml in keystone config?
20:59 iurygregory keystone apache file
20:59 iurygregory vhost etc
20:59 EmilienM it's XML now?
21:00 iurygregory i think is xml, it is not?
21:01 iurygregory i need to modify under the <VirtualHost *:5000>
21:04 EmilienM iurygregory: do you know puppetlabs-apache ?
21:04 iurygregory just a little XD
21:06 EmilienM i think you can everything you need with the module
21:06 EmilienM and if you can't, submit a patch there
21:08 iurygregory ok ^^
21:10 EmilienM iurygregory: you need to create a vhost for what?
21:10 EmilienM just by curiosity
21:15 mdorman richm / EmilienM:  our manifests wrt keystone_user and keystone_user_role are relatively simple… on the order of 10-20 keystone_user’s and approximately the same keystone_user_role’s.  but the main issue is we have 4000+ users in our keystone backend LDAP
21:16 EmilienM ouch
21:16 EmilienM managed by puppet I suppose
21:17 mdorman what do you mean?   all the openstack stuff is managed by puppet, but nod the backend AD/LDAP
21:18 EmilienM mdorman: I meant the 4000 users
21:18 mdorman yeah AD is the backend identity source for keystone.  so a ‘keystone user list’ goes and gets that full list of thousands of users
21:18 EmilienM ok
21:19 mdorman anyway need to run now to pick up kids.  back online later if you want to discuss more.
21:20 EmilienM I don't know if there is any performant tool to manage 4000 keystone users today
21:22 tiswanso joined #puppet-openstack
21:26 EmilienM mgagne: do you use puppet to manage all your users?
21:26 mgagne EmilienM: what do you mean by "all" ?
21:26 EmilienM mgagne: your public cloud users
21:27 mgagne EmilienM: we don't manage our public cloud users, only services
21:27 EmilienM mgagne: ok
21:30 mgagne EmilienM: we are thinking about move away from puppet to manage our users. it's not very efficient. Puppet run takes forever to complete and I can't say having thousands of users will improve the situation over time.
21:30 EmilienM mgagne: this is what we were discussing ^^^^^^^^^
21:30 mgagne right
21:31 EmilienM I'm curious which technology is faster
21:31 mgagne the one that doesn't cache all users in memory :D
21:31 EmilienM mgagne: are you willing to help us to improve puppet-keystone?
21:32 mgagne EmilienM: unfortunately, I won't have time to invest before a long time (again)
21:32 EmilienM sad for us
21:33 mgagne EmilienM: yep. and although all the good promises here and there from me or my boss, there is nothing concret on that side.
21:34 richm EmilienM: someone needs to take a look at http://lists.openstack.org/pipermail/op​enstack-dev/2015-September/074715.html - and see if we can do the same thing for keystone_user, etc.
21:36 mgagne can't Puppet build a namevar from multiple properties? (not the resource title itself)
21:37 mgagne because I feel a Puppet user should be able to do keystone_user { 'foobar': user => 'bar', domain => 'baz' } just fine
21:38 * EmilienM reading _ody's emaill
21:51 aimon joined #puppet-openstack
21:52 tiswanso joined #puppet-openstack
21:54 xingchao joined #puppet-openstack
21:55 aimon_ joined #puppet-openstack
22:09 yogesh-pc joined #puppet-openstack
22:19 mdorman joined #puppet-openstack
22:38 yogesh-pc joined #puppet-openstack
22:39 ducttape_ joined #puppet-openstack
22:40 richm joined #puppet-openstack
22:55 gildub joined #puppet-openstack
23:27 ducttape_ joined #puppet-openstack
23:33 sergmelikyan joined #puppet-openstack
23:41 v1k0d3n joined #puppet-openstack
23:47 openstackgerrit Merged openstack/puppet-neutron: ml2: Fix typo with ml2_srvio/supported_pci_vendor_devs param.  https://review.openstack.org/214141
23:52 jfluhmann joined #puppet-openstack

| Channels | #puppet-openstack index | Today | | Search | Google Search | Plain-Text | summary