[OpenStack-Infra] Migrated review-dev.openstack.org

[Ian Wienand]

Hi all,

Pursuant to our discussion at [1] I have migrated this host.

I created a new 100GiB cinder volume and copied the old ~gerrit2 to
this.  This is now mounted at ~gerrit2 on the new 30GiB host in a
manner similar to review.openstack.org

SSL needs to be updated.  I will speak with experts in this field
(i.e. fungi).

I hit a number of issues.  For whatever reason, new hosts do not come
up with working ipv6 addresses, necessitating some work-arounds.  See
the series at [2].

Another thing was that the rackdns command from [3] does not seem to
show all our hosts?  I tried

 ianw@puppetmaster:~$ . ~root/ci-launch/openstack-rs-nova.sh
 ianw@puppetmaster:~$ . ~root/rackdns-venv/bin/activate
 ianw@puppetmaster:~$ rackdns record-list openstack.org

There's no ipv6 hosts in there, no entries for review-dev and lots of
others.  If this isn't user error, I can look into it further.  So I
ended up modifying the DNS via the web-interface where all the hosts
were listed correctly.

It took me a little too long to realise that the new host was trying
to share the remote db with the old host, causing all sorts of havoc.
Something to think about when writing puppet, anyway.

I'll remove the old host once we're satisfied the new one is working.

Thanks,

-i


[1] 
http://eavesdrop.openstack.org/meetings/infra/2016/infra.2016-08-16-19.02.html
[2] https://review.openstack.org/#/q/status:open+topic:launch-node
[3] 
https://git.openstack.org/cgit/openstack-infra/system-config/tree/launch/dns.py

___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Pholio Spec 340641

[Sebastian Marcet]

ok Craige, once i got approval for this
https://review.openstack.org/360862

u will be all good
regards

On Fri, Aug 26, 2016 at 12:08 AM, Craige McWhirter 
wrote:

> On Thu, Aug 25, 2016 at 09:43:59PM -0500, Jimmy Mcarthur wrote:
> >The logs are showing your .com.au address. So my guess is the
> >configuration problem is there. I do see an OpenStackID for
> >[1]cra...@mcwhirter.io, but it appears that's not the credentials
> being
> >passed here:
> >
> >   [2016-08-25 06:00:52] dev.WARNING: * CheckPointService - exception : <<
>
> Is that UTC? It's currently 13:08 AEST here and 03:08 UTC. I've not used
> the address below
> since yesterday. Everything today has been using cra...@mcwhirter.io
>
> > Authentication Exception : member craige mcwhirter com au does not
> exists!
> > >> - IP Address: 101.162.51.242 [] []
> > i verified db and its true your user does not exists
> > are you trying to get log with that user?
>
>
>
> --
> Craige McWhirter
> M: +61 4685 91819
> W: https://mcwhirter.com.au/
> GNUSocial: https://social.mcwhirter.io/craige
>
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Pholio Spec 340641

[Jimmy Mcarthur]

The logs are showing your .com.au address. So my guess is the 
configuration problem is there. I do see an OpenStackID for 
cra...@mcwhirter.io, but it appears that's not the credentials being 
passed here:


 [2016-08-25 06:00:52] dev.WARNING: * CheckPointService - exception :<<
   Authentication Exception : member craige mcwhirter com au does not exists!
   >>  - IP Address: 101.162.51.242 [] []
   i verified db and its true your user does not exists
   are you trying to get log with that user?


Jimmy

Craige McWhirter 
August 25, 2016 at 7:36 PM

...and I discover that my "From:" is being re-written outbound. I use the
address cra...@mcwhirter.io for OpenStackID.

--
Craige McWhirter
M: +61 4685 91819
W: https://mcwhirter.com.au/
GNUSocial: https://social.mcwhirter.io/craige
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
Craige McWhirter 
August 25, 2016 at 7:29 PM
On Thu, Aug 25, 2016 at 08:43:25AM -0300, Sebastian Marcet wrote:

Craige
all i see on production environment
is this exception
[2016-08-25 06:00:52] dev.WARNING: * CheckPointService - exception :<<
Authentication Exception : member craige mcwhirter com au does not exists!
>>  - IP Address: 101.162.51.242 [] []
i verified db and its true your user does not exists
are you trying to get log with that user?


No, I'm using the address this email is from. I did use that one initially as
it was the address I once used. I have since been using this address.


lets try to test with production env for now 
also lets try a minimal config for the mod_auth_openid

AuthType OpenID
require valid-user
AuthOpenIDSingleIdP [1]https://openstackid.org/



Switched back to this original configuration. Unfortunately, no love.


also which is the flow that are u seeing ( in the case that you are using
a valid user )
should be somehting like that:
you got redirect to [2]https://openstackid.org/accounts/user/login


I get to this OK. I enter my valid, current credentials but do not reach the
next stage in your work flow. Phabricator reports "There has been an error
while attempting to authenticate." and prompts me to choose another provider.


enter your credentials, and if they are valid
then you should get this url
[3]https://openstackid.org/accounts/user/consent
and after your consent you should be redirected to you origin domain
in case that you dont have any valid account on production site
please create one here
[4]https://www.openstack.org/join/register
let me know


I'm currently trying to work out what Phabricator thinks the actual problem is.
If you have any clues from the OpenStackID side, they'd be greatly appreciated.

--
Craige McWhirter
M: +61 4685 91819
W: https://mcwhirter.com.au/
GNUSocial: https://social.mcwhirter.io/craige
Sebastian Marcet 
August 25, 2016 at 6:43 AM
Craige
all i see on production environment
is this exception

[2016-08-25 06:00:52] dev.WARNING: * CheckPointService - exception : 
<< Authentication Exception : member craige mcwhirter com au does not 
exists! >> - IP Address: 101.162.51.242 [] []


i verified db and its true your user does not exists

are you trying to get log with that user?

lets try to test with production env for now 

also lets try a minimal config for the mod_auth_openid


AuthType OpenID
require valid-user
AuthOpenIDSingleIdP https://openstackid.org/


also which is the flow that are u seeing ( in the case that you are 
using a valid user )

should be somehting like that:
you got redirect to https://openstackid.org/accounts/user/login
enter your credentials, and if they are valid
then you should get this url
https://openstackid.org/accounts/user/consent
and after your consent you should be redirected to you origin domain

in case that you dont have any valid account on production site
please create one here

https://www.openstack.org/join/register

let me know

regards

Sebastian









Craige McWhirter 
August 25, 2016 at 1:44 AM

I switched to using a hostname with a valid TLD and I can now get to both
OpenStackID and -dev, so yay, much progress there.

However that's where it comes to halt.

I do not have an account on OpenStackID-dev and all links to create 
one / reset

password take me to OpenStackID.

My attempt to login via OpenStackID returns:

"There has been an error while attempting to authenticate."

I'm currently using a config that is, apart form the URLs, precisely 
what you

recommended.

Anything interesting in the logs on your end?

Thanks again Sebastian!

--
Craige McWhirter
M: +61 4685 91819
W: https://mcwhirter.com.au/
GNUSocial: https://social.mcwhirter.io/craige
Sebastian Marcet 

Re: [OpenStack-Infra] Pholio Spec 340641

[Craige McWhirter]

On Fri, Aug 26, 2016 at 10:29:28AM +1000, Craige McWhirter wrote:

> No, I'm using the address this email is from. I did use that one initially as
> it was the address I once used. I have since been using this address.

...and I discover that my "From:" is being re-written outbound. I use the
address cra...@mcwhirter.io for OpenStackID.

--
Craige McWhirter
M: +61 4685 91819
W: https://mcwhirter.com.au/
GNUSocial: https://social.mcwhirter.io/craige


signature.asc
Description: PGP signature
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Pholio Spec 340641

[Craige McWhirter]

On Thu, Aug 25, 2016 at 08:43:25AM -0300, Sebastian Marcet wrote:
>Craige
>all i see on production environment
>is this exception
>[2016-08-25 06:00:52] dev.WARNING: * CheckPointService - exception : <<
>Authentication Exception : member craige mcwhirter com au does not exists!
>>> - IP Address: 101.162.51.242 [] []
>i verified db and its true your user does not exists
>are you trying to get log with that user?

No, I'm using the address this email is from. I did use that one initially as
it was the address I once used. I have since been using this address.

>lets try to test with production env for now 
>also lets try a minimal config for the mod_auth_openid
>
>AuthType OpenID
>require valid-user
>AuthOpenIDSingleIdP [1]https://openstackid.org/
>

Switched back to this original configuration. Unfortunately, no love.

>also which is the flow that are u seeing ( in the case that you are using
>a valid user )
>should be somehting like that:
>you got redirect to [2]https://openstackid.org/accounts/user/login

I get to this OK. I enter my valid, current credentials but do not reach the
next stage in your work flow. Phabricator reports "There has been an error
while attempting to authenticate." and prompts me to choose another provider.

>enter your credentials, and if they are valid
>then you should get this url
>[3]https://openstackid.org/accounts/user/consent
>and after your consent you should be redirected to you origin domain
>in case that you dont have any valid account on production site
>please create one here
>[4]https://www.openstack.org/join/register
>let me know

I'm currently trying to work out what Phabricator thinks the actual problem is.
If you have any clues from the OpenStackID side, they'd be greatly appreciated.

--
Craige McWhirter
M: +61 4685 91819
W: https://mcwhirter.com.au/
GNUSocial: https://social.mcwhirter.io/craige


signature.asc
Description: PGP signature
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Development environments for infra's puppet modules

[Elizabeth K. Joseph]

On Thu, Aug 25, 2016 at 7:48 AM, James E. Blair  wrote:
> Joshua Hesketh  writes:
>
>> There's probably further discussions here but I don't have enough knowledge
>> in this area to comment further. The aim though should be to make it easy
>> to bootstrap a server with the module you're developing on so you can
>> easily verify and debug your changes.
>
> Don't forget the documentation we already have on this subject:
>
> http://docs.openstack.org/infra/system-config/sysadmin.html#making-a-change-in-puppet

This is what I've been using for years. Load up a new instance in a
cloud or locally on KVM, follow the documentation and test the change
I'm writing/reviewing. It's not all-encompassing (multi-node
interactions are still time-consuming to test properly), and it's not
fast, but it has been effective for most changes. Plus, it doesn't
require maintaining anything, those docs have stayed the same and
accurate for years.

That said, I think your idea has merit. Making testing changes faster
and easier is always helpful, as long someone is willing to do the
work to maintain it (and it doesn't turn into our long defunct
"Running your own CI infrastructure" docs). From where I'm sitting
Vagrant seems as good a way as any.

-- 
Elizabeth Krumbach Joseph || Lyz || pleia2

___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Development environments for infra's puppet modules

[Simon McCartney]

> 2) Is Vagrant a good fit for this? Otherwise should we consider an
> ansible-playbook to bootstrap an environment?
>

Just while you mention ansible, we've been looking at the infra-ansible[1]
& ansible-role-cloud-launcher[2] that Ricardo and others have been working
on, and as that project is relatively early in it's lifecycle we should
work on getting a friendly, safe, low-friction environment for working on
that suite, the current model involved a lot of manual copying stuff around
or using private repos for development, I'm sure we can find a better way
than that

[1] https://github.com/openstack-infra/infra-ansible
[2] https://github.com/openstack/ansible-role-cloud-launcher
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Development environments for infra's puppet modules

[Simon McCartney]

>
> We should look for a way to make developing, debugging and testing our
> puppet modules locally easier and more consistent.
> Short of bootstrapping an entire clone of openstack-infra, how do
>

This is pretty much what we do at the moment to maintain our internal
openstack-infra CI pipeline, we're still running a puppet master with a
single control repo (i.e. we're not split into system-config &
project-config yet)

We have a Vagrantfile that allows us to standup a puppet master with our
config & openstack-infra/config & hieradata mounted from local checkouts on
the workstation, this allows us to tweak our private modules directly,
import external modules via modules.env & tweak site.pp directly

we then have further guest vm definitions in our Vagrantfile to match the
host/role that's being worked on (as we're using site.pp, hostnames need to
match entries in site.pp, so we use vagrant-hostmanager to maintain
/etc/hosts across the guest VMs so that when we stand up a guest vm, the
puppet master compiles a catalogue that closely matches production.


> developers currently set up an environment to investigate how a puppet
> module behaves? This brings me to my first question:
> 1) Do we want to find/provide a way to set up a consistent development
> environment?
> Vagrant could be a useful way of providing a consistent development
> environment for those working on infra's puppet modules. This comes up in
> light of https://review.openstack.org/#/c/355273 which was split out from
> a larger change due to debate over any vagrant precedent. This change was
> in turn based upon this documented example of simulating OpenStack Infra
> environments for testing: https://krotscheck.net/2016/06
> /01/how-to-simulate-an-openstack-infra-slave.html
> Currently the only module (that a quick grep found for me) providing a
> vagrant file is puppet-storyboard.
> 2) Is Vagrant a good fit for this? Otherwise should we consider an
> ansible-playbook to bootstrap an environment?
>

I think Vagrant is very useful for this, it provides a decent abstraction
over the various virtualisation systems you may wish to use (virtualbox,
kvm, docker - we're only using virtualbox internally as it's the most
widely supported provider in Vagrant) - setting up the required networking,
mapping filesystems into VMs & managing /etc/hosts on guests & on the host
as required.

However, I'm not sure Vagrant provides a good solution for testing puppet
modules in isolation (I think it's great for the
system-config/project-config scenario, where you want to see how applying
the full set of required puppet modules on to an empty VM provides a
working system), it's harder to test standing up zuul without also setting
up a few other components, so puppet-zuul (for example) may not take
advantage of Vagrant directly, but may benefit from beaker[1] or
test-kitchen[2] work (I think that conversation has happened before but I
wasn't directly involved at the time)

[1] https://github.com/puppetlabs/beaker
[2] https://github.com/neillturner/kitchen-puppet & http://kitchen.ci/
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

[OpenStack-Infra] Gerrit downtime on Friday 2016-09-02 at 18:00 UTC

[Elizabeth K. Joseph]

Hi everyone,

On Friday, September 2nd from approximately 18:00 through 22:00 UTC
Gerrit will be unavailable while complete project renames.

Currently, we plan on renaming the following projects:

openstack/smaug -> openstack/karbor

openstack/higgins -> openstack/zun

Existing reviews, project watches, etc, for these projects will all be
carried over.

This list is subject to change. If you need a rename, please be sure
to get your project-config change in soon so we can review it and add
it to 
https://wiki.openstack.org/wiki/Meetings/InfraTeamMeeting#Upcoming_Project_Renames

We'll also be doing some cleanup unrelated to these two renames.

If you have any questions about the maintenance, please reply here or
contact us in #openstack-infra on freenode.

-- 
Elizabeth Krumbach Joseph || Lyz || pleia2

___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Development environments for infra's puppet modules

[James E. Blair]

Joshua Hesketh  writes:

> There's probably further discussions here but I don't have enough knowledge
> in this area to comment further. The aim though should be to make it easy
> to bootstrap a server with the module you're developing on so you can
> easily verify and debug your changes.

Don't forget the documentation we already have on this subject:

http://docs.openstack.org/infra/system-config/sysadmin.html#making-a-change-in-puppet

-Jim

___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

[OpenStack-Infra] Development environments for infra's puppet modules

[Joshua Hesketh]

Hey all,

We should look for a way to make developing, debugging and testing our
puppet modules locally easier and more consistent.
Short of bootstrapping an entire clone of openstack-infra, how do
developers currently set up an environment to investigate how a puppet
module behaves? This brings me to my first question:
1) Do we want to find/provide a way to set up a consistent development
environment?
Vagrant could be a useful way of providing a consistent development
environment for those working on infra's puppet modules. This comes up in
light of https://review.openstack.org/#/c/355273 which was split out from a
larger change due to debate over any vagrant precedent. This change was in
turn based upon this documented example of simulating OpenStack Infra
environments for testing:
https://krotscheck.net/2016/06/01/how-to-simulate-an-openstack-infra-slave.html
Currently the only module (that a quick grep found for me) providing a
vagrant file is puppet-storyboard.
2) Is Vagrant a good fit for this? Otherwise should we consider an
ansible-playbook to bootstrap an environment?
3) Where do we store and document such procedures (for example, in the
puppet repos themselves, as a guide somewhere, links to pastebin scripts
etc)
There's probably further discussions here but I don't have enough knowledge
in this area to comment further. The aim though should be to make it easy
to bootstrap a server with the module you're developing on so you can
easily verify and debug your changes.
Thoughts?
Cheers,Josh
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Pholio Spec 340641

[Sebastian Marcet]

Craige
all i see on production environment
is this exception

[2016-08-25 06:00:52] dev.WARNING: * CheckPointService - exception : <<
Authentication Exception : member craige mcwhirter com au does not exists!
>> - IP Address: 101.162.51.242 [] []

i verified db and its true your user does not exists

are you trying to get log with that user?

lets try to test with production env for now 

also lets try a minimal config for the mod_auth_openid


AuthType OpenID
require valid-user
AuthOpenIDSingleIdP https://openstackid.org/


also which is the flow that are u seeing ( in the case that you are using a
valid user )
should be somehting like that:
you got redirect to https://openstackid.org/accounts/user/login
enter your credentials, and if they are valid
then you should get this url
https://openstackid.org/accounts/user/consent
and after your consent you should be redirected to you origin domain

in case that you dont have any valid account on production site
please create one here

https://www.openstack.org/join/register

let me know

regards

Sebastian








On Thu, Aug 25, 2016 at 3:44 AM, Craige McWhirter 
wrote:

> On Wed, Aug 24, 2016 at 08:56:34PM -0300, Sebastian Marcet wrote:
> >Craige
> >there u have the problem
> >ServerName 192.168.99.10
> >you are not using a valid TLD domain, we are validating that
> >([1]https://www.icann.org/resources/pages/tlds-2012-02-25-en)
> >change it to something liken [2]test.domain.com or something like
> that
> >u need to specify some valid TLD for your server name
> >( its a security measure that we have in place , on dev and
> production,
> >change and let me know how its goes)
>
> I switched to using a hostname with a valid TLD and I can now get to both
> OpenStackID and -dev, so yay, much progress there.
>
> However that's where it comes to halt.
>
> I do not have an account on OpenStackID-dev and all links to create one /
> reset
> password take me to OpenStackID.
>
> My attempt to login via OpenStackID returns:
>
> "There has been an error while attempting to authenticate."
>
> I'm currently using a config that is, apart form the URLs, precisely what
> you
> recommended.
>
> Anything interesting in the logs on your end?
>
> Thanks again Sebastian!
>
> --
> Craige McWhirter
> M: +61 4685 91819
> W: https://mcwhirter.com.au/
> GNUSocial: https://social.mcwhirter.io/craige
>
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra

Re: [OpenStack-Infra] Pholio Spec 340641

[Craige McWhirter]

On Wed, Aug 24, 2016 at 08:56:34PM -0300, Sebastian Marcet wrote:
>Craige 
>there u have the problem 
>ServerName 192.168.99.10 
>you are not using a valid TLD domain, we are validating that
>([1]https://www.icann.org/resources/pages/tlds-2012-02-25-en)
>change it to something liken [2]test.domain.com or something like that
>u need to specify some valid TLD for your server name
>( its a security measure that we have in place , on dev and production,
>change and let me know how its goes)

I switched to using a hostname with a valid TLD and I can now get to both
OpenStackID and -dev, so yay, much progress there.

However that's where it comes to halt.

I do not have an account on OpenStackID-dev and all links to create one / reset
password take me to OpenStackID.

My attempt to login via OpenStackID returns:

"There has been an error while attempting to authenticate."

I'm currently using a config that is, apart form the URLs, precisely what you
recommended.

Anything interesting in the logs on your end?

Thanks again Sebastian!

--
Craige McWhirter
M: +61 4685 91819
W: https://mcwhirter.com.au/
GNUSocial: https://social.mcwhirter.io/craige


signature.asc
Description: PGP signature
___
OpenStack-Infra mailing list
OpenStack-Infra@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra