<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 11, 2016 at 7:47 PM, Hongbin Lu <span dir="ltr"><<a href="mailto:hongbin.lu@huawei.com" target="_blank">hongbin.lu@huawei.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div><br>
<br>
> -----Original Message-----<br>
> From: Emilien Macchi [mailto:<a href="mailto:emilien@redhat.com" target="_blank">emilien@redhat.com</a>]<br>
> Sent: May-11-16 9:44 AM<br>
> To: OpenStack Development Mailing List (not for usage questions)<br>
> Subject: Re: [openstack-dev] [puppet] magnum module -<br>
> fixes/improvements for Mitaka release<br>
><br>
> On Wed, May 11, 2016 at 9:22 AM, Michal Adamczyk <<a href="mailto:vanditboy@gmail.com" target="_blank">vanditboy@gmail.com</a>><br>
> wrote:<br>
> > Hi,<br>
> ><br>
> > I am working on some fixes/improvements to puppet magnum module:<br>
> > <a href="https://review.openstack.org/#/c/313293/" rel="noreferrer" target="_blank">https://review.openstack.org/#/c/313293/</a><br>
><br>
> reviewed & commented. Almost good, excellent work here!<br>
><br></div></div></blockquote><div><br></div><div>Thanks, another patch-set has been committed today.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div>
> > I have found some issues while creating a bays with magnum<br>
> > (<a href="https://bugs.launchpad.net/magnum/+bug/1575524" rel="noreferrer" target="_blank">https://bugs.launchpad.net/magnum/+bug/1575524</a>) and I still need to<br>
> > address few things:<br>
> ><br>
> > - getting ID of the domain and user used to create trust (see my<br>
> > patch set<br>
> > 10 commit info). I have added domain class like in heat<br>
> ><br>
> <a href="https://review.openstack.org/#/c/313293/10/manifests/keystone/domain.p" rel="noreferrer" target="_blank">https://review.openstack.org/#/c/313293/10/manifests/keystone/domain.p</a><br>
> > p but the requirements is to get domain and user id, not a name.<br>
> > With names module fails to create trust...<br>
> ><br>
> > Do you know if there is simple way to get user/domain ID via<br>
> > existing keystone module?<br>
><br>
> We already had this issue in the paste, with neutron.conf that needed<br>
> the tenant id from nova service, to manage notifications.<br>
> It was a bug and it was fixed very early.<br>
> Using ID in production deployments is:<br>
> * hard to deploy, you need some magic that deploy the resource and get<br>
> the id to write it somewhere<br>
> * not flexible: everytime the resource change, the ID change and you<br>
> need to update conf<br>
><br>
> So please fix Magnum to allow to use names (or maybe it's in Keystone,<br>
> I haven't looked).<br>
> Otherwise, you'll need to write a provider that will get the ID for you,<br>
> look this example:<br>
> <a href="https://github.com/openstack/puppet-" rel="noreferrer" target="_blank">https://github.com/openstack/puppet-</a><br>
> tempest/blob/master/lib/puppet/provider/tempest_glance_id_setter/openst<br>
> ack.rb<br>
<br>
</div></div>No problem from me. Please file a bug for that.</blockquote><div> </div><div>Should I rise a bug for that or it's already done? </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span><br>
><br>
> > - as magnum requires lbaas and in Mitaka v2 is supported according<br>
> to<br>
> > the docs<br>
> > <a href="http://docs.openstack.org/mitaka/networking-guide/adv-config-" rel="noreferrer" target="_blank">http://docs.openstack.org/mitaka/networking-guide/adv-config-</a><br>
> lbaas.htm<br>
</span>> > l we should add to neutron module or integration class directly the<br>
<span>> > following<br>
> > changes:<br>
> ><br>
> > class { '::neutron::agents::lbaas':<br>
> > interface_driver => $driver,<br>
> > debug => true,<br>
> > enable_v1 => false,<br>
> > enable_v2 => true,<br>
> > }<br>
> ><br>
> > neutron_config { 'service_providers/service_provider':<br>
> > value =><br>
> ><br>
> 'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.Hap<br>
> roxyOnHostPluginDriver:default';<br>
> > }<br>
> ><br>
><br>
> Good to know, we recently did some work to stabilize puppet-neutron so<br>
> we can deploy LBaaS v2, mjblack worked on it, maybe we can have a<br>
> status about it here.<br>
<br>
</span>FYI, Magnum is using LBaaS v1. There is a blueprint [1] to migrate to v2, but the blueprint is not finished yet.<br>
<br>
[1] <a href="https://blueprints.launchpad.net/magnum/+spec/magnum-lbaasv2-support" rel="noreferrer" target="_blank">https://blueprints.launchpad.net/magnum/+spec/magnum-lbaasv2-support</a></blockquote><div><br></div><div>This indicates that we have to wait till this is finished for magnum and my error:</div><div><span style="color:rgb(51,51,51);font-family:monospace;font-size:12px;line-height:18px">ERROR: HEAT-E99001 Service neutron is not available for resource type OS::Neutron:</span><span style="color:rgb(51,51,51);font-family:monospace;font-size:12px;line-height:18px">:HealthMonitor, reason: Service endpoint not in service catalog.\n']</span><br></div><div>might be related to the fact I have lbaasv2 enabled, correct? Magnum won't work with Mitaka release as we don't have lbaasv1 there :/</div><div><br></div><div>So we wait for mjblack status about lbaasv2 switch for puppet-neutron.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span><br>
><br>
> > - add a parameter to api.pp or creates a new class with this<br>
> parameter<br>
> > to manage certificate manager entry inside [certificates] section of<br>
> > magnum.conf. Any preferences here?<br>
><br>
> Is it some entries for enabling SSL? Or related to Barbican?<br>
> If related to barbican, I suggest we take the puppet-oslo approach, and<br>
> create a Define resource with the common parameters that we'll have in<br>
> our puppet modules for barbican section.<br>
> And consume this class/define or write this code in api.pp makes sense<br>
> to me, now.<br>
<br>
</span>It is related to Barbican.<br>
<div><div><br></div></div></blockquote><div><br></div><div>I am adding the class "certificates" with cert_manager_type parameter for the moment and we can think about barbican resource.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div>
><br>
> ><br>
> > - should we extend glance_image resource type to contains --os-distro<br>
> > properties so we can add the fedora-atomic or core-os image via<br>
> > glance_image resource type?<br>
><br>
> Definitely yes. Once we have all of this, we might want to create a 4th<br>
> scenario in our integration CI with magnum + containers + barbican<br>
> + neutron lbaas v2, so we test the full stack.<br></div></div></blockquote><div><br></div><div>Yes, good idea, this will be my next quest :)</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div>
> Question: how do you test Magnum, do you have Tempest tests?<br>
> I see<br>
> <a href="https://github.com/openstack/magnum/tree/master/magnum/tests/functional" rel="noreferrer" target="_blank">https://github.com/openstack/magnum/tree/master/magnum/tests/functional</a><br>
> /tempest_tests<br>
> kind of empty.<br>
> Our CI is running Tempest, it would be very useful for us to have<br>
> Magnum tests.<br>
></div></div></blockquote><div> </div><div>Hmm, well, I don't have Tempest tests. I am testing it on some old laptops/vms, wherever I can. I am just lunching baker/lint tests now to check if no errors.<br></div><div>I will think about creating them when I finish all tasks in the patch I am doing atm. </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div>> Thanks for your work here,<br></div></blockquote><div>No - thank you for the guidance and support here, I am very happy to work on such great project! </div><div><br></div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div>
> --<br>
> Emilien Macchi<br>
><br>
> _______________________________________________________________________<br>
> ___<br>
> OpenStack Development Mailing List (not for usage questions)<br>
> Unsubscribe: OpenStack-dev-<br>
> <a href="http://request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">request@lists.openstack.org?subject:unsubscribe</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Kind regards,<br><br>Michal Adamczyk</div>
</div></div>