Perl 6 - the future is here, just unevenly distributed

IRC log for #puppet-openstack, 2017-03-15

| Channels | #puppet-openstack index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:29 rmart04 joined #puppet-openstack
00:29 openstackgerrit Emilien Macchi proposed openstack/puppet-keystone master: provider: don't require admin_token anymore  https://review.openstack.org/445681
00:36 dgurtner joined #puppet-openstack
00:36 dgurtner joined #puppet-openstack
01:30 rmart04 joined #puppet-openstack
01:52 xarses_ joined #puppet-openstack
01:53 xarses_ joined #puppet-openstack
02:00 rmart04 joined #puppet-openstack
03:01 rmart04 joined #puppet-openstack
04:02 rmart04 joined #puppet-openstack
04:07 markvoelker joined #puppet-openstack
04:09 jaganathan joined #puppet-openstack
04:18 udesale joined #puppet-openstack
04:28 openstackgerrit Merged openstack/puppet-congress master: Add bindep support  https://review.openstack.org/444984
05:03 rmart04 joined #puppet-openstack
05:17 udesale__ joined #puppet-openstack
05:26 agurenko joined #puppet-openstack
05:35 udesale joined #puppet-openstack
05:44 udesale__ joined #puppet-openstack
05:55 yprokule joined #puppet-openstack
06:04 rmart04 joined #puppet-openstack
06:09 markvoelker joined #puppet-openstack
06:37 pepijn joined #puppet-openstack
06:47 Guest4561 joined #puppet-openstack
06:52 jaosorior joined #puppet-openstack
07:18 skramaja joined #puppet-openstack
07:26 xarses_ joined #puppet-openstack
07:32 skramaja_ joined #puppet-openstack
07:43 openstackgerrit Vasyl Saienko proposed openstack/puppet-ironic stable/newton: Add ironic::drivers::interfaces class  https://review.openstack.org/445799
07:44 tesseract joined #puppet-openstack
08:03 dgurtner joined #puppet-openstack
08:10 markvoelker joined #puppet-openstack
08:13 udesale joined #puppet-openstack
08:26 salmankhan joined #puppet-openstack
08:33 jaganathan_lunch joined #puppet-openstack
08:34 salmankhan joined #puppet-openstack
08:37 openstackgerrit Merged openstack/puppet-tacker master: Add notifications parameters  https://review.openstack.org/444053
08:39 jpich joined #puppet-openstack
08:42 pepijn joined #puppet-openstack
08:48 ccamacho joined #puppet-openstack
08:58 openstackgerrit Carlos Camacho proposed openstack/puppet-openstack_spec_helper master: THIS IS A TEST - NEW LINE ADDED - DO NOT MERGE  https://review.openstack.org/445826
09:01 bogdando joined #puppet-openstack
09:02 pepijn joined #puppet-openstack
09:04 udesale__ joined #puppet-openstack
09:07 pepijn joined #puppet-openstack
09:18 jtomasek joined #puppet-openstack
09:19 bogdando joined #puppet-openstack
09:20 furlongm joined #puppet-openstack
09:25 openstackgerrit Merged openstack/puppet-ironic master: Support new driver configuration options  https://review.openstack.org/427741
09:30 openstackgerrit Vasyl Saienko proposed openstack/puppet-ironic stable/newton: Add ironic::drivers::interfaces class  https://review.openstack.org/445799
09:31 zioproto joined #puppet-openstack
09:34 fxpester joined #puppet-openstack
09:38 openstackgerrit Daniel Pawlik proposed openstack/puppet-neutron master: Added puppet class for creating neutron security groups  https://review.openstack.org/444667
09:40 openstackgerrit zhongshengping proposed openstack/puppet-ironic master: Add deps to all that is needed  https://review.openstack.org/445845
09:43 derekh joined #puppet-openstack
09:48 openstackgerrit Merged openstack/puppet-tacker master: Fix typo  https://review.openstack.org/444870
09:51 openstackgerrit Merged openstack/puppet-panko master: Fix typo  https://review.openstack.org/444868
09:54 openstackgerrit zhongshengping proposed openstack/puppet-nova master: Add a release note  https://review.openstack.org/445849
09:56 pepijn joined #puppet-openstack
09:58 openstackgerrit zhongshengping proposed openstack/puppet-ironic master: Fix format issue for a release note  https://review.openstack.org/445852
09:59 jpena|off joined #puppet-openstack
10:00 amoralej joined #puppet-openstack
10:04 gfidente joined #puppet-openstack
10:05 salmankhan joined #puppet-openstack
10:07 openstackgerrit Merged openstack/puppet-ironic master: Add domain parameters to switch, neutron and glance auth modules  https://review.openstack.org/445541
10:10 markvoelker joined #puppet-openstack
10:13 richm joined #puppet-openstack
10:14 udesale joined #puppet-openstack
10:16 udesale joined #puppet-openstack
10:38 jtomasek joined #puppet-openstack
10:45 jtomasek joined #puppet-openstack
10:52 furlongm joined #puppet-openstack
10:53 chem joined #puppet-openstack
10:56 skramaja joined #puppet-openstack
11:02 paramite joined #puppet-openstack
11:06 openstackgerrit joined #puppet-openstack
11:06 openstackgerrit Daniel Pawlik proposed openstack/puppet-neutron master: Added puppet class for creating neutron security groups  https://review.openstack.org/444667
11:21 EmilienM hello
11:29 g-belo joined #puppet-openstack
11:45 ccamacho1 joined #puppet-openstack
11:46 dgurtner joined #puppet-openstack
11:46 dgurtner joined #puppet-openstack
11:48 openstackgerrit Christopher Brown proposed openstack/puppet-nova stable/ocata: Adds snapshot_image_format configuration  https://review.openstack.org/445895
11:48 skramaja_ joined #puppet-openstack
11:54 morazi joined #puppet-openstack
11:56 skramaja_ joined #puppet-openstack
11:59 gfidente joined #puppet-openstack
11:59 gfidente joined #puppet-openstack
12:11 markvoelker joined #puppet-openstack
12:14 dgurtner joined #puppet-openstack
12:14 dgurtner joined #puppet-openstack
12:18 dprince joined #puppet-openstack
12:34 skramaja joined #puppet-openstack
12:38 markvoelker joined #puppet-openstack
12:46 jpich_ joined #puppet-openstack
12:47 jaosorior joined #puppet-openstack
12:49 ansmith joined #puppet-openstack
13:28 jtomasek joined #puppet-openstack
13:31 EmilienM can someone review https://review.openstack.org/#/c/445686/ please?
13:32 dtantsur is zhongshengping around? I'd like to check something re the comments on https://review.openstack.org/#/c/445524/
13:33 dtantsur or someone else can explain. I don't see us adding these includes to all manifests using ironic_config, I wonder why it's required here
13:38 mkarpin EmilienM: done, dtantsur: it should be included to guarantee that all configuration is done within config anchors
13:38 dtantsur mkarpin, so it's a bug that we don't do it now, right?
13:39 mkarpin yes
13:52 rmart04 joined #puppet-openstack
13:54 markvoelker_ joined #puppet-openstack
13:59 udesale joined #puppet-openstack
14:00 openstackgerrit Carlos Camacho proposed openstack/puppet-aodh master: Test upgrade puppet-lint - Do not merge  https://review.openstack.org/445972
14:00 openstackgerrit Juan Antonio Osorio Robles proposed openstack/puppet-keystone master: Make replacing fernet keys if they already exist configurable  https://review.openstack.org/445973
14:00 jaosorior EmilienM: ^^
14:00 dtantsur mkarpin, ack, thanks. will fix.
14:01 EmilienM jaosorior: sounds cool to me and backward compatible
14:01 EmilienM jaosorior: any chance to add unit tests and a release note?
14:01 jaosorior sure
14:01 jaosorior EmilienM: just wanted to know your opinion first
14:02 jaosorior let me add those then
14:02 EmilienM jaosorior: ++ excellent idea and very light
14:02 EmilienM jaosorior: once we have rotations in tripleo, we'll probably switch it to off
14:02 jaosorior EmilienM: I was planning to switch it off from now.
14:03 EmilienM jaosorior: well, wait
14:04 jaosorior ok
14:04 EmilienM jaosorior: if we manage the keys with something else I'm wondering if we want this resource
14:04 jaosorior there's no rush
14:04 EmilienM let me read the doc
14:05 EmilienM https://docs.puppet.com/puppet/latest/​types/file.html#file-attribute-replace
14:05 EmilienM "Note that this only affects content; Puppet will still manage ownership and permissions."
14:05 EmilienM that is excellent I think
14:05 EmilienM so we can manage content with another tooling
14:05 EmilienM and let puppet managing permissions
14:07 jaosorior EmilienM: exactly :D
14:08 openstackgerrit Juan Antonio Osorio Robles proposed openstack/puppet-keystone master: Make replacing fernet keys if they already exist configurable  https://review.openstack.org/445973
14:10 fultonj joined #puppet-openstack
14:13 jaosorior mwhahaha: currently rotation would get screwed by puppet
14:13 mwhahaha how?
14:13 jaosorior mwhahaha: if we do rotation out of band, the staging key would be replaced.
14:13 mwhahaha you provide two keys so you should only be changing one at a time
14:13 jaosorior which is 0
14:13 jaosorior mwhahaha: the puppet module is not doing rotation
14:14 mwhahaha jaosorior: my understanding of the how the keystone key rotation process works is to flip between 0/1. so from a puppet stand point you're only changing a single key at at time
14:14 mwhahaha i guess i need to go read the docs more
14:15 mwhahaha but i don't agree with that flag, that seems to be something outside of puppet-keystone's world
14:15 mwhahaha that seems to be a short coming in the way the consumer is using puppet-keystone
14:15 jaosorior mwhahaha: two keys is the minimum to begin with, one staging key and another primary key. Once rotation happens, there would be a new staging key (which would be 0), then the old staging key becomes the new primary key (2 in this case), and the old primary is now a secondary key
14:16 mwhahaha right so you would then just change the old primary (0) but leave the new primary (1) in place
14:16 mwhahaha which is changing the param data
14:16 mwhahaha then you flip back and forth between 0/1
14:16 jaosorior uh... you discard 1 at some
14:16 jaosorior *at some point
14:16 jaosorior you don't flip back and forth
14:17 jaosorior else we wouldn't get to do revocation of a key
14:17 mwhahaha let me go read the docs
14:17 jaosorior mwhahaha: maybe this will help a bit https://developer.ibm.com/opentech/wp-content/u​ploads/sites/43/2015/11/KeyRotationUpdated.mov
14:18 mwhahaha jaosorior: https://docs.openstack.org/admin-gu​ide/identity-fernet-token-faq.html
14:18 mwhahaha so we just keep adding keys
14:18 mwhahaha so 0 is staged, 1 is primary
14:18 mwhahaha then you add a 2 as new primary and 1 becomes secondary
14:19 mwhahaha but you'd still do it all via puppet and it's the thing injecting the params that handles that, not puppet-keystone
14:19 jaosorior mwhahaha: but I don't wanna do key rotation in puppet
14:19 mwhahaha the flag solves nothing, it has to be solved in the thing consuming puppet-keystone
14:19 mwhahaha you don't need to
14:19 jaosorior which is the reason that flag exists
14:19 jaosorior for me it's fine that puppet does the initial provisioning
14:20 mwhahaha so that sounds like your problem not puppet-keystone
14:20 jaosorior since it's already quite embedded with the tooling we currently have
14:20 pradk joined #puppet-openstack
14:20 EmilienM I think an option would be to disable key files management in puppet totally
14:20 mwhahaha since it can do the rotation but you don't wnat it to
14:20 jaosorior it can't do rotation
14:20 jaosorior that's not even close to being rotation
14:20 agrebennikov joined #puppet-openstack
14:20 mwhahaha then it should be fixed to support the rotation
14:21 * mwhahaha is not sure why it doesn't support 'rotation'
14:21 jaosorior ok, I'll just abandon the commit and work with it in tripleo somehow else.
14:21 acormier joined #puppet-openstack
14:22 mwhahaha eh this goes back to this is one of those things where people didn't quite undersrand what they they were imposing on operators
14:22 mwhahaha so my preference is that we properly handle rotation in puppet-keystone, not add flags to hack around it
14:23 dprince joined #puppet-openstack
14:24 dfisher joined #puppet-openstack
14:26 mwhahaha jaosorior: so it sounds like 0 (always staging) and 1 (primary) would be the initial keys. so you then need to execute the keystone-manage fernet_rotate, and then provide an updated set of keys to just ensure
14:26 mwhahaha jaosorior: but in the case of tripleo, it still needs to track those keys for scaleup actions
14:27 jaosorior mwhahaha: so, for clustered environments, the keystone tooling doesn't really work.
14:27 jaosorior cause we need the keys to match in each node
14:27 mwhahaha right which is where the tripleo has to know the keys part comes in
14:27 openstackgerrit Daniel Pawlik proposed openstack/puppet-neutron master: Added puppet class for creating neutron security groups  https://review.openstack.org/444667
14:27 mwhahaha or execute a sync instead of managing the keys in tripleo
14:28 mwhahaha jaosorior: what does keystone-manage fernet_rotate actually do? does it just call an api?
14:28 mwhahaha like what triggers the rotate action
14:29 jaosorior mwhahaha: so, one has to trigger that manually
14:29 jaosorior all it does is generate a new staging key, move the staging key to the biggest integer available in the repository, and finally purge the excess keys
14:30 mwhahaha jaosorior: ok so keystone just watches the directory for the keys, so it sounds like it's a tripleo workflow to generate (and store) new hiera data and apply across all keystone nodes. why the flag to not have it manage the keys?
14:31 jaosorior mwhahaha: cause we want to do the rotation out of band; not having to rely on constant overcloud updates.
14:33 mwhahaha jaosorior: so just undefine fernet keys after initial setup? can we do that instead?
14:33 mwhahaha but that still doesn't solve for the scale out action
14:33 mwhahaha how do you get consistent keys
14:33 mwhahaha you have to manage it in one place or it just adds to the problem
14:33 mwhahaha brb
14:52 openstackgerrit Andy Smith proposed openstack/puppet-openstack-integration master: Add support for dual oslo.messaging backend configuration  https://review.openstack.org/417387
14:58 mwhahaha jaosorior: so after thinking about it a bit more, if you want ot restore that flag we can add it but i still don't think it solves the rotation/scale problem
15:00 jaosorior mwhahaha: we're attempting to fix it using external tools https://review.openstack.org/#/c/445592​/1/specs/pike/keystone_fernet_rotation.rst
15:01 jtomasek joined #puppet-openstack
15:01 mwhahaha jaosorior: yea we'll have to see how that plays out as well
15:02 jaosorior mwhahaha: worst case, we do what rackspace does and just do the rotation via ansible.
15:02 mwhahaha jaosorior: the problem with that is the scale out action
15:03 openstackgerrit Merged openstack/puppet-openstack-integration master: heat: don't manage orchestration with openrc file  https://review.openstack.org/445686
15:03 openstackgerrit Christian Schwede proposed openstack/puppet-swift master: Add missing Swift services  https://review.openstack.org/445998
15:03 mwhahaha jaosorior: i think the correct solution is a workflow that handles the data movement inside tripleo for the next update
15:03 mwhahaha jaosorior: so a workflow that generates a new staging key, executes the rotate action on one node,  updates the appropriate fernet key storage in tripleo and runs an update on all keystone roles
15:04 mwhahaha jaosorior: that way if you add a controller after a rotation it gets the right keys
15:07 openstackgerrit Christian Schwede proposed openstack/puppet-swift master: Add missing Swift services  https://review.openstack.org/445998
15:24 openstackgerrit Dmitry Tantsur proposed openstack/puppet-ironic master: Add separate manifest for configuring access from ironic to inspector  https://review.openstack.org/445534
15:26 openstackgerrit Dmitry Tantsur proposed openstack/puppet-ironic master: Add separate manifest for configuring access to the service catalog  https://review.openstack.org/445524
15:36 openstackgerrit Merged openstack/puppet-congress master: Fix typo  https://review.openstack.org/444848
15:36 openstackgerrit Merged openstack/puppet-ironic stable/newton: Add ironic::drivers::interfaces class  https://review.openstack.org/445799
15:41 EmilienM mwhahaha: I didn't remember we disable voting on gate-puppet-openstack-integration-4-​scenario001-tempest-ubuntu-xenial-nv
15:41 EmilienM oh nevermind
15:41 mwhahaha we did what?
15:42 EmilienM Jan 24
15:42 mwhahaha oh yea ocata m2 fun
15:42 EmilienM sorry for noise
15:44 openstackgerrit Pradeep Kilambi proposed openstack/puppet-ceilometer master: Remove skip gnocchi option by default  https://review.openstack.org/424127
15:49 openstackgerrit Mykyta Karpin proposed openstack/puppet-sahara master: oslo log: check puppet resource instead of actual config in spec  https://review.openstack.org/446022
16:03 openstackgerrit Mykyta Karpin proposed openstack/puppet-sahara master: oslo log: check puppet resource instead of actual config in spec  https://review.openstack.org/446022
16:15 openstackgerrit Mykyta Karpin proposed openstack/puppet-murano master: oslo log: check puppet resource instead of actual config in spec  https://review.openstack.org/446048
16:33 clayton joined #puppet-openstack
16:50 pepijn joined #puppet-openstack
17:01 mwhahaha mkarpin: don't forget to update cookie cutter with your oslo log spec changes
17:03 openstackgerrit Merged openstack/puppet-glare master: Fix typo  https://review.openstack.org/444853
17:05 salmankhan joined #puppet-openstack
17:06 openstackgerrit Alex Schultz proposed openstack/puppet-tacker master: Add bindep support  https://review.openstack.org/444990
17:09 openstackgerrit Merged openstack/puppet-cloudkitty master: Fix typo  https://review.openstack.org/444846
17:09 openstackgerrit Alex Schultz proposed openstack/puppet-vitrage master: Fix typo  https://review.openstack.org/444888
17:10 openstackgerrit Merged openstack/puppet-murano master: oslo log: check puppet resource instead of actual config in spec  https://review.openstack.org/446048
17:11 openstackgerrit Merged openstack/puppet-openstack-cookiecutter master: Fix typo  https://review.openstack.org/444867
17:12 openstackgerrit Merged openstack/puppet-rally master: Fix typo  https://review.openstack.org/444869
17:14 openstackgerrit Merged openstack/puppet-magnum master: Fix typo  https://review.openstack.org/444860
17:21 openstackgerrit Merged openstack/puppet-octavia master: Fix typo  https://review.openstack.org/444866
17:34 EmilienM mwhahaha: https://review.openstack.org/#/c/444888/ ?
17:34 EmilienM where is the typo? lol
17:35 mwhahaha Think it was fixed elsewhere
17:35 mwhahaha I didn't pay attention after I rebased and then caught the change went away
17:37 EmilienM mwhahaha: as long as typo is fixed, we're good
17:51 openstackgerrit Pradeep Kilambi proposed openstack/puppet-ceilometer master: Make skip gnocchi option overridable  https://review.openstack.org/424127
17:57 imcsk8 joined #puppet-openstack
17:59 dgurtner joined #puppet-openstack
18:02 openstackgerrit Merged openstack/puppet-aodh master: Fix typo  https://review.openstack.org/444841
18:02 openstackgerrit Merged openstack/puppet-ceilometer master: Fix typo  https://review.openstack.org/444843
18:03 skramaja joined #puppet-openstack
18:30 openstackgerrit Ihar Hrachyshka proposed openstack/puppet-tempest master: Allow to set api_extensions to test for neutron  https://review.openstack.org/446109
18:44 bnemec joined #puppet-openstack
19:00 openstackgerrit Ihar Hrachyshka proposed openstack/puppet-openstack-integration master: Configure api_extensions to test for neutron  https://review.openstack.org/446126
19:03 openstackgerrit Ihar Hrachyshka proposed openstack/puppet-tempest master: Allow to set api_extensions to test for neutron  https://review.openstack.org/446109
19:12 dprince joined #puppet-openstack
19:24 dfisher mwhahaha: regarding my two reviews on changing Swift default port numbers - should I abandon my P-O-I change and change my puppet-swift change to be warnings mentioning an upcoming change?
19:25 mwhahaha yea
19:25 dfisher on it...
19:25 mwhahaha cause there are upgrade implications that people need to be aware of and they should take that into consideration and specify the new ports
19:25 * dfisher nods
19:25 openstackgerrit Ihar Hrachyshka proposed openstack/puppet-openstack-integration master: Configure api_extensions to test for neutron  https://review.openstack.org/446126
19:46 morazi joined #puppet-openstack
19:50 iurygregory joined #puppet-openstack
19:51 openstackgerrit Merged openstack/puppet-designate master: Fix typo  https://review.openstack.org/444849
19:58 fultonj joined #puppet-openstack
19:59 openstackgerrit Drew Fisher proposed openstack/puppet-swift master: Issue warning when old Swift ports are used  https://review.openstack.org/446154
20:00 iurygregory joined #puppet-openstack
20:21 rwsu joined #puppet-openstack
20:35 salmankhan joined #puppet-openstack
20:43 openstackgerrit Merged openstack/puppet-glance master: Fix typo  https://review.openstack.org/444851
20:44 saneax-_-|AFK joined #puppet-openstack
20:44 openstackgerrit Ihar Hrachyshka proposed openstack/puppet-openstack-integration master: Configure api_extensions to test for neutron  https://review.openstack.org/446126
20:46 openstackgerrit Drew Fisher proposed openstack/puppet-swift master: Issue warning when old Swift ports are used  https://review.openstack.org/446154
20:49 openstackgerrit Merged openstack/puppet-gnocchi master: Fix typo  https://review.openstack.org/444855
20:49 openstackgerrit Merged openstack/puppet-ironic master: Add separate manifest for configuring access to the service catalog  https://review.openstack.org/445524
20:49 openstackgerrit Merged openstack/puppet-ironic master: Add separate manifest for configuring access from ironic to inspector  https://review.openstack.org/445534
20:49 openstackgerrit Merged openstack/puppet-ironic master: Add deps to all that is needed  https://review.openstack.org/445845
20:50 openstackgerrit Merged openstack/puppet-keystone master: Fix typo  https://review.openstack.org/444858
20:50 dgurtner joined #puppet-openstack
20:50 dgurtner joined #puppet-openstack
20:56 openstackgerrit Merged openstack/puppet-nova master: Fix typo  https://review.openstack.org/444864
20:56 openstackgerrit Merged openstack/puppet-nova master: Add a release note  https://review.openstack.org/445849
20:56 openstackgerrit Merged openstack/puppet-watcher master: Fix typo  https://review.openstack.org/444872
21:09 morazi joined #puppet-openstack
21:28 jtomasek joined #puppet-openstack
21:30 salmankhan joined #puppet-openstack
21:33 openstackgerrit John Eckersberg proposed openstack/puppet-qdr master: Remove redundant variable declarations  https://review.openstack.org/446182
21:33 openstackgerrit John Eckersberg proposed openstack/puppet-qdr master: Add service_config_template as a parameter  https://review.openstack.org/446183
21:49 openstackgerrit Merged openstack/puppet-trove master: Fix typo  https://review.openstack.org/444871
22:13 acormier joined #puppet-openstack
22:30 rwsu joined #puppet-openstack
22:31 rmart04 joined #puppet-openstack
22:47 openstackgerrit Merged openstack/puppet-cinder master: Fix typo  https://review.openstack.org/444844
22:47 openstackgerrit Merged openstack/puppet-tempest master: Allow to set api_extensions to test for neutron  https://review.openstack.org/446109
22:48 ansmith joined #puppet-openstack
22:57 openstackgerrit Merged openstack/puppet-mistral master: Fix typo  https://review.openstack.org/444861
22:59 zioproto joined #puppet-openstack
23:18 acormier joined #puppet-openstack
23:20 asilenkov joined #puppet-openstack
23:24 salmankhan joined #puppet-openstack
23:40 openstackgerrit Giulio Fidente proposed openstack/puppet-ceph master: Require ceph::profile::client instead of ::base in mds.pp and rgw.pp  https://review.openstack.org/446227
23:50 openstackgerrit Merged openstack/puppet-ceilometer master: Make skip gnocchi option overridable  https://review.openstack.org/424127

| Channels | #puppet-openstack index | Today | | Search | Google Search | Plain-Text | summary