Re: Cannot loging to ovirt wiki
On Thursday, September 18, 2014 01:10:15 AM Michael Scherer wrote: Le mercredi 17 septembre 2014 à 15:37 -0400, R P Herrold a écrit : On Wed, 17 Sep 2014, Michael Scherer wrote: As I said in the past, the plan wouldn't work. To have 2 gears communicate, we need to have them setup in a specific way, not just 2 gears in the same account. If one is moved to another node, we need to have a specific triggers on the webserver gear to trigger a potential configuration change. Why not just point the two through a pair of keyed access openvpn links, each to a fixed (and routing) central hub? MySQL will communicate just fine across a network fabric hub 10.0.0.1 10.0.1.1 /\ / \ 10.0.0.2 10.0.1.2 gear A gear B (the wiki) (the MySQL server) The hub just routes 10.0.1 and 10.0.0 back and forth Nothing changes, save re-establishment of an openvpn link when a 'spoke' moves I would slightly be against the idea because : 1) we do not root access in the gears 2) the firewall will likely not be open for that from the gear to external world 3) one of the main selling point of using openshift online was that we do not have to manage the platform aspect. Adding openvpn to bypass the platform is kinda managing a different platform than what we have, and kinda negate the main advantage of using openshift. 4) we would have to manage the hub ( so need to manage 1 more server ), so we could as well manage mysql and the wiki on the server and that's it ? If we must stretch the platform to its limit to make it do what we want, I think we should accept that what we want is not what we have. Again, i think openshift is a fine product when you use it with software made for the platform ( ie, aware of the scaling requirement, aware of the variable for integration, stateless if possible ). But currently, it is: - not integrated with puppet ( so we have 2 identity store ) - not integrated with icinga ( so it has its own monitoring ) - no backups made by ovirt infra ( but made by openshift ops ) - various space issue ( with a quite complex solution ) We can surely solve each of this with enough hack. I can surely run puppet inside the gear if I want, running a nagios agent if we want, make a clever backup script and solve the space issue by reinstalling everything. But if we go the pain of reinstallation and update, a more standard setup would be cleaner and easier in the future, by using straight tarball from upstream, by using standard system to cache the data, etc, etc. I can get you a publicly accessible vm on phx lab for the migration. but the DNS will take some time to change itself, that would suffice for you? If so, tell me the OS you need and how much space you tihnk we will need for it. -- David Caro Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization RD Tel.: +420 532 294 605 Email: dc...@redhat.com Web: www.redhat.com RHT Global #: 82-62605 signature.asc Description: This is a digitally signed message part. ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: Cannot loging to ovirt wiki
Le jeudi 18 septembre 2014 à 10:42 +0200, David Caro a écrit : On Thursday, September 18, 2014 01:10:15 AM Michael Scherer wrote: Le mercredi 17 septembre 2014 à 15:37 -0400, R P Herrold a écrit : On Wed, 17 Sep 2014, Michael Scherer wrote: As I said in the past, the plan wouldn't work. To have 2 gears communicate, we need to have them setup in a specific way, not just 2 gears in the same account. If one is moved to another node, we need to have a specific triggers on the webserver gear to trigger a potential configuration change. Why not just point the two through a pair of keyed access openvpn links, each to a fixed (and routing) central hub? MySQL will communicate just fine across a network fabric hub 10.0.0.1 10.0.1.1 /\ / \ 10.0.0.2 10.0.1.2 gear A gear B (the wiki) (the MySQL server) The hub just routes 10.0.1 and 10.0.0 back and forth Nothing changes, save re-establishment of an openvpn link when a 'spoke' moves I would slightly be against the idea because : 1) we do not root access in the gears 2) the firewall will likely not be open for that from the gear to external world 3) one of the main selling point of using openshift online was that we do not have to manage the platform aspect. Adding openvpn to bypass the platform is kinda managing a different platform than what we have, and kinda negate the main advantage of using openshift. 4) we would have to manage the hub ( so need to manage 1 more server ), so we could as well manage mysql and the wiki on the server and that's it ? If we must stretch the platform to its limit to make it do what we want, I think we should accept that what we want is not what we have. Again, i think openshift is a fine product when you use it with software made for the platform ( ie, aware of the scaling requirement, aware of the variable for integration, stateless if possible ). But currently, it is: - not integrated with puppet ( so we have 2 identity store ) - not integrated with icinga ( so it has its own monitoring ) - no backups made by ovirt infra ( but made by openshift ops ) - various space issue ( with a quite complex solution ) We can surely solve each of this with enough hack. I can surely run puppet inside the gear if I want, running a nagios agent if we want, make a clever backup script and solve the space issue by reinstalling everything. But if we go the pain of reinstallation and update, a more standard setup would be cleaner and easier in the future, by using straight tarball from upstream, by using standard system to cache the data, etc, etc. I can get you a publicly accessible vm on phx lab for the migration. but the DNS will take some time to change itself, that would suffice for you? I do not think we should migrate before testing a bit, so we can in the mean time reduce the DNS ttl, and it should be good once the migration is done. If so, tell me the OS you need and how much space you tihnk we will need for it. Either we go on el6, or el7. I personally prefer el7 due to newer features, but the main concern i would have is with puppet on it, and if that's fully ok with the current setup. And I think having 40G would be largely enough. We have 10G now, so with 40G, we have space for backup. And we can increase the size of the disk at will, no ? -- Michael Scherer Open Source and Standards, Sysadmin signature.asc Description: This is a digitally signed message part ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: Cannot loging to ovirt wiki
On Wednesday, September 17, 2014 05:52:33 AM Yair Zaslavsky wrote: Hi guys, I cannot login to ovirt wiki. The wiki insists that my cookies are disabled and therefore I cannot login, but I both checked and tried from firefox and chrome and getting the same results. Can you please check this out? My user is Yair Zaslavsky Should be temporarily fixed :/, more permanent solution is needed Thanks ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra -- David Caro Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization RD Tel.: +420 532 294 605 Email: dc...@redhat.com Web: www.redhat.com RHT Global #: 82-62605 signature.asc Description: This is a digitally signed message part. ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: Cannot loging to ovirt wiki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I've documented the issue in the past: http://lists.ovirt.org/pipermail/infra/2013-October/004183.html It would be possible to migrate the database to the separate gear in the ovirt tenant - http://mysqlserver-ovirt.rhcloud.com/ - and use that database with the appropriate environment variables on the wiki gear. Then you could drop the database on the wiki gear. If you do that, then you reduce the ibdata1 file to its start-up size, and buy us a couple of years. The way to remove the problem longer term would be to ensure that we have per-table database files. Cheers, Dave. On 09/17/2014 06:56 AM, David Caro wrote: On Wednesday, September 17, 2014 05:52:33 AM Yair Zaslavsky wrote: Hi guys, I cannot login to ovirt wiki. The wiki insists that my cookies are disabled and therefore I cannot login, but I both checked and tried from firefox and chrome and getting the same results. Can you please check this out? My user is Yair Zaslavsky Should be temporarily fixed :/, more permanent solution is needed Thanks ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra - -- Dave Neary - Community Action and Impact Open Source and Standards, Red Hat - http://community.redhat.com Ph: +1-978-399-2182 / Cell: +1-978-799-3338 -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJUGaE5AAoJECd1qeknDCggykQIAI4VfZxnGTHAfvPnTuOUNAch YghvDx5yLvJwVoE+uCsTvagNylNJsKMZ38moWqQtYPhpePhB14/psIzQfaghW8dB AGOzN5eDjPvq/6KPgzd3MTe2udqKnW2oI/oSwGz3+LkA+G1tDTZIidaBrXkoFMwb a/44GnVr/JE8uxA0g25eYrATaoEwQZ7wjiybzzu8jertXhZl4kHw0x3vxR+RPXDh TEYHf2CywlVGT3Aeo6D42OzfSh2qMLsWI6C5EtlvlUxHtPZD0svI1mffR0acUg5D AoKsoZRz4U5EcZ3YOoxzJEWAAitNOX37thC8cHkZ+QZCjymYNLZ2YEs5o7vLass= =klXG -END PGP SIGNATURE- ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: Cannot loging to ovirt wiki
On Wednesday, September 17, 2014 10:56:58 AM Dave Neary wrote: Hi, I've documented the issue in the past: http://lists.ovirt.org/pipermail/infra/2013-October/004183.html It would be possible to migrate the database to the separate gear in the ovirt tenant - http://mysqlserver-ovirt.rhcloud.com/ - and use that database with the appropriate environment variables on the wiki gear. Nice! I can do all that only with ssh access? (I have to the wiki, but not sure if I have it to the mysqlserver-ovirt) If not, who has it? who can do it/give privileges? Then you could drop the database on the wiki gear. If you do that, then you reduce the ibdata1 file to its start-up size, and buy us a couple of years. The way to remove the problem longer term would be to ensure that we have per-table database files. Cheers, Dave. On 09/17/2014 06:56 AM, David Caro wrote: On Wednesday, September 17, 2014 05:52:33 AM Yair Zaslavsky wrote: Hi guys, I cannot login to ovirt wiki. The wiki insists that my cookies are disabled and therefore I cannot login, but I both checked and tried from firefox and chrome and getting the same results. Can you please check this out? My user is Yair Zaslavsky Should be temporarily fixed :/, more permanent solution is needed Thanks ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra -- Dave Neary - Community Action and Impact Open Source and Standards, Red Hat - http://community.redhat.com Ph: +1-978-399-2182 / Cell: +1-978-799-3338 -- David Caro Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization RD Tel.: +420 532 294 605 Email: dc...@redhat.com Web: www.redhat.com RHT Global #: 82-62605 signature.asc Description: This is a digitally signed message part. ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: Cannot loging to ovirt wiki
On Wednesday, September 17, 2014 05:07:02 PM David Caro wrote: On Wednesday, September 17, 2014 10:56:58 AM Dave Neary wrote: Hi, I've documented the issue in the past: http://lists.ovirt.org/pipermail/infra/2013-October/004183.html It would be possible to migrate the database to the separate gear in the ovirt tenant - http://mysqlserver-ovirt.rhcloud.com/ - and use that database with the appropriate environment variables on the wiki gear. Nice! I can do all that only with ssh access? (I have to the wiki, but not sure if I have it to the mysqlserver-ovirt) If not, who has it? who can do it/give privileges? I was going to try to separate the tables into files before the end of the week, but if we can separate the mysql might be better (or do both at the same time). Then you could drop the database on the wiki gear. If you do that, then you reduce the ibdata1 file to its start-up size, and buy us a couple of years. The way to remove the problem longer term would be to ensure that we have per-table database files. Cheers, Dave. On 09/17/2014 06:56 AM, David Caro wrote: On Wednesday, September 17, 2014 05:52:33 AM Yair Zaslavsky wrote: Hi guys, I cannot login to ovirt wiki. The wiki insists that my cookies are disabled and therefore I cannot login, but I both checked and tried from firefox and chrome and getting the same results. Can you please check this out? My user is Yair Zaslavsky Should be temporarily fixed :/, more permanent solution is needed Thanks ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra -- Dave Neary - Community Action and Impact Open Source and Standards, Red Hat - http://community.redhat.com Ph: +1-978-399-2182 / Cell: +1-978-799-3338 -- David Caro Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization RD Tel.: +420 532 294 605 Email: dc...@redhat.com Web: www.redhat.com RHT Global #: 82-62605 signature.asc Description: This is a digitally signed message part. ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: Cannot loging to ovirt wiki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On 09/17/2014 11:07 AM, David Caro wrote: On Wednesday, September 17, 2014 10:56:58 AM Dave Neary wrote: Hi, I've documented the issue in the past: http://lists.ovirt.org/pipermail/infra/2013-October/004183.html It would be possible to migrate the database to the separate gear in the ovirt tenant - http://mysqlserver-ovirt.rhcloud.com/ - and use that database with the appropriate environment variables on the wiki gear. Nice! I can do all that only with ssh access? (I have to the wiki, but not sure if I have it to the mysqlserver-ovirt) I guess so, although for something delicate like that I was planning to let misc take it on. I would do it this way: * Put wiki in maintenance mode (to prevent inconsistency in database) * (ssh wiki mysqldump) | mysql from the database gear (will be longish) * Update environment variables for DB on wiki host, restart gear * Check that database wiki look OK, then take wiki out of maintenance mode * Retire the database on original gear (ideally, mysqldump + archive somewhere to be sure we have a timestamped restorable copy) and delete database files. If not, who has it? who can do it/give privileges? misc, Brian, myself and some others have full admin access to the gears (although I probably shouldn't any more). Cheers, Dave. - -- Dave Neary - Community Action and Impact Open Source and Standards, Red Hat - http://community.redhat.com Ph: +1-978-399-2182 / Cell: +1-978-799-3338 -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJUGahbAAoJECd1qeknDCggoZAIAL+jnaAsyO9HmN5YG4CUw6go ep1THQP9Ztpg0LFTOyHd3/dGfLetWQtwEGoY8KmizNUPiPH75GOJZkjm7KD/IuGZ Y2EHXNIdHEklVPhZYhr+brh1eiV3qslzXZZKO2SlwqNMspc76oZg4rigNHPmvU8m oIdbG1CD+bSRcDLR+vIKxg+XUMPfhXPUEONGWYx6zpsGPxCPdmA5G4nKGOx3wfCI RZEw7t0DETJW65wC+P++tYp3Q2PXWa2SyYaSoGMxUXJv72pA3iCusame/p+AmC14 vJHpdA4asqyhLyCSradL6+i3c9g03/r5xnMAYnb/3omDd2qP6vOcJDyrjnAZpI0= =pwMt -END PGP SIGNATURE- ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: Cannot loging to ovirt wiki
Le mercredi 17 septembre 2014 à 11:27 -0400, Dave Neary a écrit : Hi, On 09/17/2014 11:07 AM, David Caro wrote: On Wednesday, September 17, 2014 10:56:58 AM Dave Neary wrote: Hi, I've documented the issue in the past: http://lists.ovirt.org/pipermail/infra/2013-October/004183.html It would be possible to migrate the database to the separate gear in the ovirt tenant - http://mysqlserver-ovirt.rhcloud.com/ - and use that database with the appropriate environment variables on the wiki gear. Nice! I can do all that only with ssh access? (I have to the wiki, but not sure if I have it to the mysqlserver-ovirt) I guess so, although for something delicate like that I was planning to let misc take it on. As I said in the past, the plan wouldn't work. To have 2 gears communicate, we need to have them setup in a specific way, not just 2 gears in the same account. If one is moved to another node, we need to have a specific triggers on the webserver gear to trigger a potential configuration change. More over, this could mean having more patching to do on mediawiki side, which mean forking. Unless someone step to maintain a mediawiki fork, this is not gonna happen. I still maintain that the solution is to use openshift for what it is currently ( may be different once we have openshift v3 ), a Paas where you develop the software, not one where yo take out of the shelf software. The current mediawiki installation is already outdated when it come to security, so it should be upgraded anyway. It would be easier for me to just have a VM and use apache + tarball than openshift. -- Michael Scherer Open Source and Standards, Sysadmin signature.asc Description: This is a digitally signed message part ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
Re: Cannot loging to ovirt wiki
On Wed, 17 Sep 2014, Michael Scherer wrote: As I said in the past, the plan wouldn't work. To have 2 gears communicate, we need to have them setup in a specific way, not just 2 gears in the same account. If one is moved to another node, we need to have a specific triggers on the webserver gear to trigger a potential configuration change. Why not just point the two through a pair of keyed access openvpn links, each to a fixed (and routing) central hub? MySQL will communicate just fine across a network fabric hub 10.0.0.1 10.0.1.1 /\ / \ 10.0.0.2 10.0.1.2 gear A gear B (the wiki) (the MySQL server) The hub just routes 10.0.1 and 10.0.0 back and forth Nothing changes, save re-establishment of an openvpn link when a 'spoke' moves -- Russ herrold ___ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
