Friday, 2020-07-10

« Thursday, 2020-07-09 Index Saturday, 2020-07-11 »
*** cshen has joined #openstack-ansible01:26
*** cshen has quit IRC01:31
*** ianychoi_ has quit IRC01:48
*** ianychoi_ has joined #openstack-ansible01:50
*** d34dh0r53 has quit IRC02:32
*** d34dh0r53 has joined #openstack-ansible02:35
*** spatel has joined #openstack-ansible02:49
*** mmethot has quit IRC03:13
*** spatel has quit IRC03:39
*** fridtjof[m] has quit IRC04:08
*** nicolasbock has quit IRC04:08
*** sep has quit IRC04:08
*** sshnaidm|afk has quit IRC04:08
*** KeithMnemonic has quit IRC04:08
*** noonedeadpunk has quit IRC04:08
*** zigo has quit IRC04:08
*** yolanda has quit IRC04:08
*** gouthamr_ has quit IRC04:08
*** persia has quit IRC04:08
*** krah has quit IRC04:08
*** skelly has quit IRC04:08
*** brad[] has quit IRC04:08
*** nwonknu has quit IRC04:08
*** tacco has quit IRC04:08
*** tbarron has quit IRC04:08
*** ioni has quit IRC04:08
*** bjoernt has quit IRC04:08
*** ChanServ has quit IRC04:08
*** alvinstarr has quit IRC04:08
*** schwicht has quit IRC04:08
*** maharg101 has quit IRC04:08
*** admin0 has quit IRC04:08
*** dasp_ has quit IRC04:08
*** pcaruana has quit IRC04:08
*** evrardjp has quit IRC04:08
*** gixx has quit IRC04:08
*** mnaser has quit IRC04:08
*** cyberpear has quit IRC04:08
*** antonym has quit IRC04:08
*** jhesketh has quit IRC04:08
*** janno has quit IRC04:08
*** Adri2000 has quit IRC04:08
*** jroll has quit IRC04:08
*** ChosSimbaOne has quit IRC04:08
*** d34dh0r53 has quit IRC04:08
*** ianychoi_ has quit IRC04:08
*** wpp has quit IRC04:08
*** jmccrory has quit IRC04:08
*** ebbex has quit IRC04:08
*** Brace has quit IRC04:08
*** mcarden has quit IRC04:08
*** poopcat has quit IRC04:08
*** akahat has quit IRC04:08
*** melwitt has quit IRC04:08
*** Jeffrey4l has quit IRC04:08
*** rpittau has quit IRC04:08
*** nurdie_ has quit IRC04:08
*** cp- has quit IRC04:08
*** nsmeds has quit IRC04:08
*** arxcruz has quit IRC04:08
*** gokhani has quit IRC04:08
*** brtknr has quit IRC04:08
*** mrda has quit IRC04:08
*** redrobot has quit IRC04:08
*** mloza has quit IRC04:08
*** trident has quit IRC04:08
*** crazzy has quit IRC04:08
*** Miouge has quit IRC04:08
*** bverschueren has quit IRC04:08
*** bradm has quit IRC04:08
*** tobberydberg_ has quit IRC04:08
*** openstackgerrit has quit IRC04:08
*** Nick_A has quit IRC04:08
*** vesper11 has quit IRC04:08
*** NewJorg has quit IRC04:08
*** mgagne has quit IRC04:08
*** fyx has quit IRC04:08
*** samueldmq has quit IRC04:08
*** fresta has quit IRC04:08
*** dave-mccowan has quit IRC04:08
*** sri_ has quit IRC04:08
*** bl0m1 has quit IRC04:08
*** NobodyCam has quit IRC04:08
*** Open10K8S has quit IRC04:08
*** jrosser has quit IRC04:08
*** guilhermesp has quit IRC04:08
*** mugsie has quit IRC04:08
*** redkrieg has quit IRC04:08
*** stingrayza has quit IRC04:08
*** dmsimard has quit IRC04:08
*** prometheanfire has quit IRC04:08
*** johanssone has quit IRC04:08
*** djhankb has quit IRC04:08
*** chandankumar has quit IRC04:08
*** mgariepy has quit IRC04:08
*** timburke has quit IRC04:08
*** spotz has quit IRC04:08
*** partlycloudy has quit IRC04:08
*** mubix has quit IRC04:08
*** mwhahaha has quit IRC04:08
*** alanmeadows has quit IRC04:08
*** irclogbot_0 has quit IRC04:08
*** tinwood has quit IRC04:08
*** logan- has quit IRC04:08
*** gary_perkins has quit IRC04:08
*** masterpe has quit IRC04:08
*** CeeMac has quit IRC04:08
*** mmercer has quit IRC04:08
*** johnsom has quit IRC04:08
*** gouthamr has quit IRC04:08
*** gundalow has quit IRC04:08
*** donnyd has quit IRC04:08
*** idlemind has quit IRC04:08
*** waxfire has quit IRC04:08
*** soren has quit IRC04:08
*** sum12 has quit IRC04:08
*** admin0 has joined #openstack-ansible04:14
*** maharg101 has joined #openstack-ansible04:14
*** alvinstarr has joined #openstack-ansible04:14
*** ChosSimbaOne has joined #openstack-ansible04:14
*** jroll has joined #openstack-ansible04:14
*** Adri2000 has joined #openstack-ansible04:14
*** janno has joined #openstack-ansible04:14
*** jhesketh has joined #openstack-ansible04:14
*** antonym has joined #openstack-ansible04:14
*** cyberpear has joined #openstack-ansible04:14
*** mnaser has joined #openstack-ansible04:14
*** gixx has joined #openstack-ansible04:14
*** evrardjp has joined #openstack-ansible04:14
*** pcaruana has joined #openstack-ansible04:14
*** dasp_ has joined #openstack-ansible04:14
*** tbarron has joined #openstack-ansible04:14
*** nwonknu has joined #openstack-ansible04:14
*** brad[] has joined #openstack-ansible04:14
*** krah has joined #openstack-ansible04:14
*** skelly has joined #openstack-ansible04:14
*** tacco has joined #openstack-ansible04:14
*** persia has joined #openstack-ansible04:14
*** gouthamr_ has joined #openstack-ansible04:14
*** yolanda has joined #openstack-ansible04:14
*** sep has joined #openstack-ansible04:14
*** nicolasbock has joined #openstack-ansible04:14
*** fridtjof[m] has joined #openstack-ansible04:14
*** Nick_A has joined #openstack-ansible04:14
*** openstackgerrit has joined #openstack-ansible04:14
*** tobberydberg_ has joined #openstack-ansible04:14
*** bradm has joined #openstack-ansible04:14
*** bverschueren has joined #openstack-ansible04:14
*** Miouge has joined #openstack-ansible04:14
*** crazzy has joined #openstack-ansible04:14
*** trident has joined #openstack-ansible04:14
*** redkrieg has joined #openstack-ansible04:14
*** mugsie has joined #openstack-ansible04:14
*** guilhermesp has joined #openstack-ansible04:14
*** jrosser has joined #openstack-ansible04:14
*** Open10K8S has joined #openstack-ansible04:14
*** NobodyCam has joined #openstack-ansible04:14
*** sri_ has joined #openstack-ansible04:14
*** dave-mccowan has joined #openstack-ansible04:14
*** mgagne has joined #openstack-ansible04:14
*** NewJorg has joined #openstack-ansible04:14
*** vesper11 has joined #openstack-ansible04:14
*** poopcat has joined #openstack-ansible04:14
*** ebbex has joined #openstack-ansible04:14
*** mcarden has joined #openstack-ansible04:14
*** Brace has joined #openstack-ansible04:14
*** jmccrory has joined #openstack-ansible04:14
*** wpp has joined #openstack-ansible04:14
*** ianychoi_ has joined #openstack-ansible04:14
*** d34dh0r53 has joined #openstack-ansible04:14
*** Jeffrey4l has joined #openstack-ansible04:14
*** melwitt has joined #openstack-ansible04:14
*** akahat has joined #openstack-ansible04:14
*** arxcruz has joined #openstack-ansible04:14
*** cp- has joined #openstack-ansible04:14
*** nurdie_ has joined #openstack-ansible04:14
*** nsmeds has joined #openstack-ansible04:14
*** rpittau has joined #openstack-ansible04:14
*** djhankb has joined #openstack-ansible04:14
*** johanssone has joined #openstack-ansible04:14
*** prometheanfire has joined #openstack-ansible04:14
*** dmsimard has joined #openstack-ansible04:14
*** stingrayza has joined #openstack-ansible04:14
*** ioni has joined #openstack-ansible04:14
*** mubix has joined #openstack-ansible04:14
*** mwhahaha has joined #openstack-ansible04:14
*** chandankumar has joined #openstack-ansible04:14
*** fyx has joined #openstack-ansible04:14
*** CeeMac has joined #openstack-ansible04:14
*** mmercer has joined #openstack-ansible04:14
*** johnsom has joined #openstack-ansible04:14
*** gouthamr has joined #openstack-ansible04:14
*** alanmeadows has joined #openstack-ansible04:14
*** samueldmq has joined #openstack-ansible04:14
*** gundalow has joined #openstack-ansible04:14
*** soren has joined #openstack-ansible04:14
*** donnyd has joined #openstack-ansible04:14
*** mgariepy has joined #openstack-ansible04:14
*** sum12 has joined #openstack-ansible04:14
*** idlemind has joined #openstack-ansible04:14
*** bjoernt has joined #openstack-ansible04:14
*** ChanServ has joined #openstack-ansible04:14
*** tepper.freenode.net sets mode: +o ChanServ04:14
*** fresta has joined #openstack-ansible04:14
*** partlycloudy has joined #openstack-ansible04:14
*** spotz has joined #openstack-ansible04:14
*** timburke has joined #openstack-ansible04:14
*** irclogbot_0 has joined #openstack-ansible04:14
*** tinwood has joined #openstack-ansible04:14
*** waxfire has joined #openstack-ansible04:14
*** logan- has joined #openstack-ansible04:14
*** gary_perkins has joined #openstack-ansible04:14
*** mloza has joined #openstack-ansible04:15
*** gokhani has joined #openstack-ansible04:15
*** brtknr has joined #openstack-ansible04:15
*** redrobot has joined #openstack-ansible04:15
*** mrda has joined #openstack-ansible04:15
*** sshnaidm|afk has joined #openstack-ansible04:15
*** KeithMnemonic has joined #openstack-ansible04:15
*** noonedeadpunk has joined #openstack-ansible04:15
*** zigo has joined #openstack-ansible04:15
*** fridtjof[m] has quit IRC04:15
*** markvoelker has joined #openstack-ansible04:15
*** dave-mccowan has quit IRC04:15
*** nicolasbock has quit IRC04:16
*** schwicht has joined #openstack-ansible04:16
*** guilhermesp has quit IRC04:16
*** mnaser has quit IRC04:16
*** fyx has quit IRC04:16
*** ioni has quit IRC04:17
*** cyberpear has quit IRC04:17
*** guilhermesp has joined #openstack-ansible04:18
*** fyx has joined #openstack-ansible04:18
*** markvoelker has quit IRC04:20
*** bl0m1 has joined #openstack-ansible04:20
*** nicolasbock has joined #openstack-ansible04:21
*** masterpe has joined #openstack-ansible04:23
*** cyberpear has joined #openstack-ansible04:24
*** evrardjp has quit IRC04:33
*** evrardjp has joined #openstack-ansible04:33
*** markvoelker has joined #openstack-ansible04:50
*** fridtjof[m] has joined #openstack-ansible04:51
*** ioni has joined #openstack-ansible04:51
*** markvoelker has quit IRC04:55
*** udesale has joined #openstack-ansible05:09
*** markvoelker has joined #openstack-ansible05:10
*** markvoelker has quit IRC05:14
*** miloa has joined #openstack-ansible05:20
*** miloa has quit IRC05:21
*** nurdie_ has quit IRC05:21
*** udesale_ has joined #openstack-ansible05:36
*** nurdie has joined #openstack-ansible05:37
*** mindthecap has joined #openstack-ansible05:38
*** udesale has quit IRC05:38
*** nurdie has quit IRC05:42
*** udesale_ has quit IRC05:44
*** udesale has joined #openstack-ansible05:55
CeeMacmorning06:13
*** ianychoi_ has quit IRC06:22
*** ianychoi_ has joined #openstack-ansible06:23
*** this10nly has joined #openstack-ansible06:27
*** also_stingrayza has joined #openstack-ansible06:37
*** stingrayza has quit IRC06:39
*** also_stingrayza is now known as stingrayza06:47
*** cshen has joined #openstack-ansible07:19
*** arkan has joined #openstack-ansible07:21
*** tosky has joined #openstack-ansible07:30
*** jbadiapa has joined #openstack-ansible08:34
admin0morning .. is there a way to change a router status to master08:50
admin0i have all 3 routers set to standby08:50
openstackgerritMerged openstack/openstack-ansible-openstack_hosts master: Replace yum config manager with dnf alternative  https://review.opendev.org/73955409:05
*** markvoelker has joined #openstack-ansible09:12
*** markvoelker has quit IRC09:17
openstackgerritMerged openstack/openstack-ansible master: Fix KeyError raised when max hostname length exceeded  https://review.opendev.org/74034309:58
*** spatel has joined #openstack-ansible10:41
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible stable/ussuri: Fix KeyError raised when max hostname length exceeded  https://review.opendev.org/74044110:45
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible stable/train: Fix KeyError raised when max hostname length exceeded  https://review.opendev.org/74044210:45
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible stable/stein: Fix KeyError raised when max hostname length exceeded  https://review.opendev.org/74044310:45
*** spatel has quit IRC10:46
*** markvoelker has joined #openstack-ansible11:13
*** markvoelker has quit IRC11:23
*** cshen has quit IRC11:23
*** alvinstarr has quit IRC11:23
*** maharg101 has quit IRC11:23
*** admin0 has quit IRC11:23
*** cshen has joined #openstack-ansible11:27
*** alvinstarr has joined #openstack-ansible11:27
*** maharg101 has joined #openstack-ansible11:27
*** admin0 has joined #openstack-ansible11:27
*** namrata has joined #openstack-ansible11:55
admin0https://review.opendev.org/#/c/740078/ -- does this mean its merged and can use it ?12:01
*** markvoelker has joined #openstack-ansible12:06
*** markvoelker has quit IRC12:10
*** rh-jelabarre has joined #openstack-ansible12:12
namrataadmin0 Yes its ready for use12:13
*** rh-jelabarre has quit IRC12:19
*** rh-jelabarre has joined #openstack-ansible12:19
admin0\o/ .. and hopefully it will allow me to upgrade further in future12:21
*** markvoelker has joined #openstack-ansible12:22
mgariepyadmin0, for the routers status, you might need to check keepalived in the netns of the router.12:31
mgariepyout of curiosity how many routers do you have ?12:31
mgariepyi've seen some issue in the past (back in kilo or liberty) with the states of HA router not updating fast enough.12:32
admin0i fixed it in the morning by removing the ha status, and then removing the router from all l3-agents and adding it back again12:34
admin0this one router has around 70+ floating ips12:34
mgariepyhow many router for the install ?12:40
mgariepyi'm not using ha router since it was causing more issue for me than no-ha router..12:41
*** spatel has joined #openstack-ansible12:42
*** spatel has quit IRC12:47
*** mindthecap has quit IRC12:48
arkanhi guys, sorry to bother you, please can someone give me a working config for Octavia, I will pay $50 for it.12:50
arkanI lost 1 week for this thing12:50
arkanI can not play around the configs, and I'm under time pressure12:51
arkanI know that you have job also, but just a slice of your time, consider it as an external service12:51
*** nurdie has joined #openstack-ansible12:51
arkaneverything is working except LB12:52
*** arkan has quit IRC12:53
*** arkan has joined #openstack-ansible12:54
namratanoonedeadpunk if you are around, i want you to thank you for the other day with dnsmasq issue, it was my heat template which was setting the environment for 5 VMs which was setting the log-facility. thanks again for your help.12:58
*** mmethot has joined #openstack-ansible13:04
*** mnaser has joined #openstack-ansible13:08
*** jamesdenton has joined #openstack-ansible13:11
*** dave-mccowan has joined #openstack-ansible13:14
noonedeadpunknamrata: sure, no problem at all:) btw I never thought that heat template will adjust bare metal nodes config...13:21
noonedeadpunkoh, or you was creating testing env with heat?:)13:21
namrataI was seting /etc/openstack_deploy/user_variables.yml with my heat template only13:21
*** alanmeadows_ has joined #openstack-ansible13:24
*** gary_perkins_ has joined #openstack-ansible13:26
*** alanmeadows has quit IRC13:27
*** irclogbot_0 has quit IRC13:27
*** alanmeadows_ is now known as alanmeadows13:27
*** gary_perkins has quit IRC13:27
*** tinwood has quit IRC13:28
*** irclogbot_2 has joined #openstack-ansible13:28
*** mwhahaha has quit IRC13:30
*** logan- has quit IRC13:30
*** tinwood has joined #openstack-ansible13:30
*** mwhahaha has joined #openstack-ansible13:32
*** logan- has joined #openstack-ansible13:32
*** udesale_ has joined #openstack-ansible13:36
*** udesale has quit IRC13:39
arkanguys I will triple $1000 for a working Octavia config. Kidding :))13:43
arkanno really, I will play $100 for a working octavia config, but not more13:43
arkanthis is the maximum amount that I can pay13:44
arkanjust make this work13:44
arkanand make me live in peace13:44
CeeMacarkan: it might be worth taking  a step back, taking a fresh breath and looking at the problem with a fresh pair of eyes as I think you have yourself tangled in a knot13:45
CeeMacI don't use octavia myself, so can't give you a working config13:45
*** gokhani has quit IRC13:46
CeeMacbut I can maby talk through the issue with you13:46
arkanI lost a lot of time one week on Octavia13:46
arkanit drove me crazy13:46
CeeMacyes, ita can happen13:46
arkanfrom the morning until the evening13:46
CeeMacits easy to get bogged down in the problem so you can't see your way out13:46
CeeMacfrom what I see, and the information and links jrosser provided you're most of the way there.13:46
arkanpleace save my time13:46
arkanyes, but I could not reach the final13:47
CeeMacI think where you're struggling is with separating neutron networking from host and container networking13:47
openstackgerritDmitriy Rabotyagov (noonedeadpunk) proposed openstack/ansible-role-uwsgi master: Use X-Forwarded-For header in logs  https://review.opendev.org/74046913:47
arkanyes13:47
arkanCeeMac let's go private in order to not clutter the chat13:47
*** cshen has quit IRC13:48
CeeMacno need to worry about clutter, if it is a valid process then it could help other people too :)13:48
CeeMaclet me dig out the link to that diagram again13:49
CeeMacso i get my head straight13:49
arkancool13:49
arkanjust let me know what is the right config that should I use13:50
arkanand I will paste it into my config files13:50
CeeMaci think, from what i saw of your chat, you have your OSA config pretty much sorted13:50
CeeMacthe problem you had was getting the networking into the container correctly13:51
arkaneverything is working, except octavia13:51
arkanand today I tried to another config13:51
CeeMacso, the way I see it13:51
arkanone moment13:51
CeeMacon the RHS you have a neutron 'provider' network, tagged with a vlan ID13:52
arkanthis is my new configs - current one13:53
arkanhttp://paste.openstack.org/show/795755/ --> user_variables.yml13:53
*** arkan has quit IRC13:54
*** arkan has joined #openstack-ansible13:54
CeeMacyou were using vlan 510 rather than 111 no?13:54
arkanopenstack_user_config.yml ---> http://paste.openstack.org/show/795756/13:54
arkanyes, today I tried to do what is in the diagram13:55
CeeMacok13:55
arkancontroller network config ----> http://paste.openstack.org/show/795757/13:56
CeeMacok13:56
arkancompute network config ---> http://paste.openstack.org/show/795758/13:56
arkanbrctl show (compute) ---> http://paste.openstack.org/show/795759/13:57
arkanbrctl show (controller) ----> http://paste.openstack.org/show/795760/13:58
arkanand13:59
CeeMacyou have br-vlan as flat?13:59
arkanroot@compute1:~# tcpdump -i brqbc8fc1f4-e113:59
arkantcpdump: verbose output suppressed, use -v or -vv for full protocol decode13:59
arkanlistening on brqbc8fc1f4-e1, link-type EN10MB (Ethernet), capture size 262144 bytes13:59
arkan13:58:58.010010 ARP, Request who-has 172.29.235.220 tell 172.29.232.145, length 2813:59
arkanfrom the container there (on controller) is reaching br-vlan on compute14:00
arkanbut it does not know how to return14:00
arkancontainer ----> br-lbaas ----> br-vlan14:00
CeeMacyour vlan ids dont match up currently14:01
arkanhumm14:01
CeeMaceno1.510 on the controller14:01
CeeMacbr-vlan.111 on the compute14:01
CeeMacbut I think you need to have your br-vlan as 'vlan' type in openstack_user_config as you have flat14:01
arkana question, is there a way to not use br-vlan at all ?14:01
arkanor this is the only solution ?14:02
CeeMaclet me check something real quick14:03
arkangreat14:03
CeeMacyou're using vxlan for tenant networks right?14:03
CeeMacbr-vlan you've put in just for octavia traffic?  Or other provider networks too?14:03
arkanyes14:03
arkanI didn't want to use br-vlan, but as the diagram shows, I was trying in order to make octavia work14:04
arkanif there is a solution without the need for br-vlan, it would be great14:04
arkanmy provider is using net_name: "external"14:05
arkanwhich is of type "vlan", I used it for floating ips, and it works14:05
CeeMacsorry, brb just need to take a call14:06
arkansure14:06
jannoDoes anyone use designate deployed by openstack-ansible? how does your network look? how do you connect your designate containers to the outer world?14:06
jamesdentonarkan you can avoid the use of br-vlan as long as a) your neutron agents are not in a container on the controller and b) you use host_bind_override14:07
arkanaha14:08
arkanjamesdenton: nice hint14:09
jamesdentonif your br-vlan would contain em2, then you could set host_bind_override: em2 and destroy br-vlan14:09
openstackgerritMerged openstack/openstack-ansible-lxc_hosts stable/ussuri: Add centos-8 support  https://review.opendev.org/74023014:10
arkanwhat is em2 ? do you mean eno1 or eno2 in my case ?14:11
jamesdentonyeah, sorry, eno214:11
jamesdentonfrom looking at your output14:11
arkanbut I have neutron is a container, it means that I need br-vlan as you mention in a), right ?14:12
arkanroot@controller1:~# lxc-ls | grep neu14:13
arkancontroller1_memcached_container-bc6c7729          controller1_neutron_server_container-05f59c60     controller1_neutron_server_container-8c8adbed14:13
jamesdentonneutron-server != neutron-agent14:13
arkanaha14:13
jamesdentonthe agents are likely configured on the controller itself: systemctl status neutron-linuxbridge-aget14:13
CeeMacah, cavalry to the rescue!  hi jamesdenton14:13
jamesdentonsystemctl status neutron-linuxbridge-agent14:13
arkanroot@controller1:~# systemctl list-unit-files | grep neut14:13
arkanneutron-dhcp-agent.service             enabled14:13
arkanneutron-l3-agent.service               enabled14:13
arkanneutron-linuxbridge-agent.service      enabled14:13
jamesdentonnaw i'm gonna sink back into the shadows14:13
arkanneutron-metadata-agent.service         enabled14:13
arkanneutron-metering-agent.service         enabled14:13
arkanhahaha14:14
jamesdentonyep, cool. so you should be good to eliminate the br-vlan bridge itself and use host_bind_override for controllers and computes14:14
arkanall the warriors are here14:14
arkanok CeeMac: what was your idea about getting rid of br-vlan14:15
arkanI have only 2 nodes, controller and compute nodes14:15
arkaneno1 (controller) ------> router14:15
arkaneno1 (compute) -----> router14:15
arkaneno2 (controller) <-----> eno2 (compute)14:16
*** pcaruana has quit IRC14:17
arkanI also tried to combine under one network_provider: to use vlan for both octavia and for providing floating ips14:17
arkanby using rang: "510:520" for vlans14:18
arkanthen creating network for external networks using vlan 51114:18
arkanand the 510 to be used by octavia14:18
arkanbut I got the same problem, floating ips worked14:19
arkanbut octavia not14:19
arkanarping is reaching the bridge but can not return14:19
jamesdentonunless i'm mistaken, the br-lbaas bridge is there for two reasons: 1) to provide access to the lbaas mgmt network from the actual octavia service container and 2) give neutron a place to connect amphora to said lbaas mgmt network. An amphora will be multi-homes, and connect to both br-lbaas and other neutron provider networks off eno2 (br-vlan) to reach the actual pool members. but i need to re-educate myself on this14:21
jamesdenton*multi-homed14:21
arkanI can see that amphora is running14:22
arkanok, but how to solve this dilemma? is there a working config for my case ?14:23
arkanwhat should I change into my config to work ?14:24
jamesdentonyour amphora, what interfaces does it have?14:24
arkanone moment14:24
arkanlbaas-mgmt14:26
arkan    172.29.232.10414:26
arkanI can see from horizon14:26
arkanVNIC Type14:26
arkan    Normal14:26
arkanHost14:26
arkan    compute114:26
arkanProfile14:26
arkan    None14:26
arkanVIF Type14:26
arkan    bridge14:27
arkanVIF Details14:27
jamesdentonkk14:27
arkan        connectivity l214:27
arkan        port_filter True14:27
jamesdentoncan you ping the 172.29.232.104 IP from the dhcp namespace?14:27
arkanlet me see14:27
arkanI have only one netns14:29
arkanroot@controller1:~# ip netns14:29
arkanqdhcp-bc8fc1f4-e1cf-4c40-a831-73871561fd40 (id: 38)14:29
arkanroot@controller1:~# ip netns exec qdhcp-bc8fc1f4-e1cf-4c40-a831-73871561fd40 ping 172.29.232.10414:29
arkanPING 172.29.232.104 (172.29.232.104) 56(84) bytes of data.14:29
jamesdentonalso need to see your openstack network list and openstack subnet list output, please14:29
arkank14:30
johnsomAmphora don't allow ping by default.14:30
arkanaha yes14:30
*** pcaruana has joined #openstack-ansible14:30
arkanI can add icmp14:30
arkanto the instance14:30
arkanand retry it14:30
jamesdentoni'm not sure thats the right namespace yet, but good to know, johnsom. i guess arp could be validated either way14:30
*** spatel has joined #openstack-ansible14:33
johnsomI am late to the party here, but if the load balancer became ACTIVE, your lb-mgmt-net is working.14:33
arkanit worked14:33
arkanroot@controller1:~# ip netns exec qdhcp-bc8fc1f4-e1cf-4c40-a831-73871561fd40 ping 172.29.232.10414:33
arkanPING 172.29.232.104 (172.29.232.104) 56(84) bytes of data.14:33
arkan64 bytes from 172.29.232.104: icmp_seq=1 ttl=64 time=0.705 ms14:33
arkanI added security group icmp14:33
arkanand it pinged it14:33
arkanfrom the netns14:33
jamesdentoncool. and you've gone thru the process of adding pool members, listeners, etc?14:34
CeeMacjamesdenton trumps anything I would say :D14:34
jamesdentonnaw14:34
arkanI did not add anything right now14:34
arkanno LB is added14:34
arkanbut I can see some errors in journalctl -xf in octavia container14:35
jamesdentonok. so i guess my question is, what led you to believe it wasn't working? Just curious, so we can update docs/faqs/etc14:35
*** d34dh0r53 has quit IRC14:35
arkanone moment14:35
arkanhttp://paste.openstack.org/show/795763/14:36
arkanbecause every time I can see these errors14:36
jamesdentonyep, ok14:36
arkanalso14:36
arkanI can create LB but it remain not functional "offline"14:37
jamesdentonso, this leads me back to ceemac's question: in br-lbaas on the controller we see vlan 510, but on the compute you're using vlan 111? the actual lbaas mgmt network would need to exist as a (flat) neutron provider network connected to br-lbaas14:37
jamesdentonyou have that subnet list/network list?14:38
*** d34dh0r53 has joined #openstack-ansible14:38
arkanI can create it from cli + horizon (thanks for jrosser for helping me to use new sha256 for inistalling horizon)14:38
CeeMacarkan: I was going to say I'm not using br-vlan in my environment but use neutron_provider_networks in user_variables to configure my network mappings to physical interfaces14:38
admin0how do I run setup-hosts, but skip ansible-hardening on re-runs ?14:39
arkanhumm14:39
CeeMacadmin0: apply_security_hardening: false in user_variables14:39
jamesdentonadmin0: -e apply_security_hardening=false?14:39
CeeMacor that :D14:39
arkanCeeMac: I did not use this, and I don't know about it14:39
admin0got it :) thanks14:40
arkanI want to get rid of br-vlan14:40
arkanif it's possible14:40
*** pcaruana has quit IRC14:40
arkanhow to do it? show me the code :)))14:40
jamesdentonarkan i would forget that for now. i think you're close with the existing config, you can get it working then go from there14:40
jamesdentonchange too many variables and you'll never get it going14:40
arkanWe use this in our community "show me the code" :))14:40
CeeMacis eno2 dedicated just for octavia traffic?14:41
jamesdenton"teach a man to fish"14:41
jamesdenton:D14:41
arkanCeeMac, maybe, I was not sure14:41
CeeMaci mean in you setup14:41
arkanNo not sure of it14:41
CeeMacis your intenation that this would be a dedicated interface14:42
CeeMacoh14:42
arkanyes14:42
arkaneno214:42
CeeMacand that will only have the lbaas-mgmt traffic?14:42
arkanyes, I was thinking about it14:42
arkanbut I was not sure if it will work14:42
arkanso I provided a direct cable from eno2 (controller node) to eno2 (compute node)14:43
arkanbut I was not sure how the things will settle14:43
arkanif we can use eno2 for lbaas managment, it's ok, but how to do it?14:45
CeeMacright now, i think we need to correct the br-vlan.111 or the eno1.51014:45
jamesdentonarkan: two problems in your user_variables -- octavia_provider_network_name: vlan needs to be octavia_provider_network_name: lbaas, which is the provider definition you made in openstack_user_config for lbaas mgmt. And second, octavia_provider_network_type: vlan should be changed to octavia_provider_network_type: flat if you're going to use a br-lbaas w/ eno1.510. You also have octavia_management_net_subnet_cidr14:45
jamesdenton defined twice, with the second one effective (172.29.232.0/22). octavia_provider_segmentation_id can be commented out.14:45
arkanif I will try "flat" I will receive an error14:46
jamesdentonI think it should also be noted that whatever changes you make to the configuration to get it going may not translate well to a larger environment due to the cross-connections you mentioned.14:47
arkanlet me check14:47
arkanjamesdenton: I tried one time running using "flat" and I received this error while it was installing14:48
arkan"physical_network 'lbaas' unknown for flat provider network."14:48
arkanI used it in user_variables:14:49
arkanoctavia_provider_network_type: flat14:49
jamesdentonyeah, the provider definition is raw and not flat, so it's not defined in neutron agent confs14:49
jamesdentoni need to look at something brb14:49
arkansure14:49
arkanCeeMac: we can correct these, but what are the needed changes that need to be done14:50
arkan?14:50
arkanso I can retry the installation and see14:50
CeeMaci think you need to switch your provider_networks config from raw to flat also14:51
CeeMacfor br-lbaas14:51
spatelnoonedeadpunk: i am seeing my patch still failing on some environment https://review.opendev.org/#/c/739658/14:51
jamesdentonI'm not sure yet if that would break connectivity from octavia container to the bridge, though14:51
spatelnoonedeadpunk: is there anyway i can get into box and look for issue14:52
arkanCeeMac: br-lbaas has vlan tag in the physical network14:52
arkanand if I use a config in the provider_network: to by of type "flat"14:52
arkanthen I will receive an error, says:14:53
jamesdentonwhich is exactly why it would need to be 'flat' from a neutron perspective. That way, neutron won't tag on top of the existing tag14:53
arkan"can not ensalve br-lbaas...etc"14:53
jamesdentonahh yes.14:53
CeeMacon eno1.510 yes14:54
arkanI think it would work only if it's attached directly to eno1 as the case in br-ext14:54
CeeMachmm14:54
arkanbut I can not attach eno1 two times to different bridges14:54
CeeMacindeed14:54
CeeMacand you can't have 2 tagged subinterfaces with the same id14:55
jamesdentonyou might try 'host_bind_override: eno1.510', then14:55
CeeMacfor br-lbaas?14:55
arkanjamesdenton: but I don't have this !!14:55
arkanshould I create a dummy interface ?14:56
CeeMacyou don't have what arkan ?14:56
jamesdentonyou output implies there is a eno1.51014:56
arkaneno1.51014:56
CeeMacits in the netplan config14:56
arkanhumm14:56
CeeMacand the brctl output14:56
arkanyes14:56
arkanbut that has vlan tag14:57
arkancan I use it in the host_bing_ovveride ?14:57
arkan*host_bind_override14:57
jamesdentonyou can, as long as it's removed from the br-lbaas bridge on the compute14:57
jamesdentonand the network type is changed to flat14:58
arkanok14:58
arkanlet's take it step by step14:58
jamesdentoni'm looking for a working config, bear with me14:58
arkanlet's begin with physical networks files14:58
arkanis there any changes that need to be done there ?14:59
arkanin the netplan?14:59
arkanif the current setup ok, then:14:59
arkanwhat changes should I need to make in openstack_user_config.yml ?15:00
arkanin br-lbaas net ----> add "host_bind_override": "eno1.510", right ?15:01
arkanshould I leave it with type:"raw"?15:01
jamesdentonchange to flat15:02
noonedeadpunkspatel: I think for gnocchi you need to rename vars file just to redhat15:02
arkanare you sure that this will not throw "can not enslave br-lbaas" ?15:03
jamesdentonas long as you set host_bind_override: eno1.510 you should be OK15:03
spatelnoonedeadpunk: oh!! i think you are right.. let me see15:03
arkangreat15:03
spatelhold on15:03
CeeMacand remove it from the bridge on the host?15:03
jamesdentonyou just need to remove that from the br-lbaas bridge on the compute. neutron will plug it into a brq bridge15:03
arkanCeeMac: from netplan ?15:04
CeeMacyes15:04
arkanok15:04
arkanI will remove it from both compute and controller15:05
arkanjust a question, br-lbaas was attached to the interface in the vlans eno1.51015:06
arkanI will delete only br-lbaas and I will leave the interface eno1.51015:06
arkanon both the nodes15:06
CeeMacbr-lbaas: interfaces: []15:07
arkanaha15:07
openstackgerritSatish Patel proposed openstack/openstack-ansible-os_gnocchi master: Add centos-8 support  https://review.opendev.org/73965815:07
arkanI thought to delete it15:07
CeeMacno, remove it from the bridge15:08
CeeMacyou still need the vlan interface there for the host_bind_override15:08
arkanok, I will put it again but with interfaces: []15:08
arkanor even no interfaces15:08
arkanI mean I will not declare "interfaces"15:08
admin0i am guessing after all this is working, arkan will put up a blog or gist of config for us to copy to make it work :)15:09
CeeMacright, if that is valid with netplan, i don't netplan if I can avoid it :)15:09
arkan:))15:09
*** nurdie_ has joined #openstack-ansible15:10
CeeMaccheck with brctl that its definitely gone15:10
CeeMaciirc there are issue with modifying existing virtual interfaces with netplan/networkd15:11
arkanhttp://paste.openstack.org/show/795764/15:13
*** nurdie has quit IRC15:13
CeeMacits gone :)15:13
arkanyou wanted to be gone15:14
arkanand I make it gone15:14
arkanis this ok ?15:14
CeeMachaha15:14
CeeMacyes15:14
arkanbut on controller node15:14
CeeMacso you can make the changes as above to configuration file15:14
arkanit has somthing there15:14
arkaninterface created by neutron15:15
arkanI did not delete it15:15
arkanand also15:15
arkanit is not attached to eno1.51015:15
CeeMacthats ol15:15
CeeMac*ok15:15
CeeMacit was just the eno1.510 that was an issue as you're moving to host-bind-override15:15
arkanok15:16
CeeMacif you make the configuration changes like jamesdenton said above next15:16
spatelnoonedeadpunk: any idea what could be wrong with this builds, multiple failed https://review.opendev.org/#/c/739653/15:16
*** cshen has joined #openstack-ansible15:16
arkanis this good ? http://paste.openstack.org/show/795765/15:16
CeeMacseems ok15:17
CeeMacone way to find out :D15:17
arkannow let move to user_variables.yml15:17
openstackgerritMerged openstack/openstack-ansible-openstack_hosts stable/ussuri: Add advanced-virtualization CentOS 8 repo  https://review.opendev.org/74022815:17
noonedeadpunkspatel: I guess here the role might be broken somewhere...15:17
arkanwhat needs to be changed here http://paste.openstack.org/show/795766/ ?15:18
*** chandankumar is now known as raukadah15:18
openstackgerritMerged openstack/openstack-ansible-os_glance stable/ussuri: Add Centos-8 support  https://review.opendev.org/74023215:23
arkanjamesdenton: CeeMac: what should I change here before running the installation setup?15:24
arkanhttp://paste.openstack.org/show/795766/15:25
CeeMacsorry was afk15:26
arkannp15:26
CeeMacwhich octavia_management_net_subnet_cidr do you want to keep15:27
CeeMacyou have it twice with different subnets15:27
arkanI have in openstack_user_config these15:27
arkancidr_networks: &cidr_networks15:27
arkan  container: 172.29.236.0/2215:27
arkan  tunnel: 172.29.240.0/2215:27
arkan  storage: 172.29.244.0/2215:27
arkan  lbaas: 172.29.232.0/2215:27
CeeMacok so you remove / comment out the first one under # Network type using 10.0.x.x15:28
CeeMac*you can15:28
CeeMacalso jamesdenton mentioned to comment out octavia_provider_segmentation_id15:28
CeeMacand change to octavia_provider_network_type: flat15:29
arkanso lines: 6 & 10 will be commented out15:29
CeeMaccorrect15:30
arkanand leave line 5 ?15:30
CeeMacline 5 changes from 'vlan' to 'lbaas'15:30
arkanok15:30
CeeMacline 9 changes from 'vlan' to 'flat'15:30
arkanok15:31
CeeMacall based on previous conversation above15:31
arkanok15:32
arkanwe did not touch the br-vlan stuff15:32
CeeMacfor the moment that is probably sensible15:33
CeeMaclets see how this change works out15:33
arkanok15:33
arkanI will run os-neutron-install.yml15:33
arkanthen os-octavia-install.yml15:33
CeeMacok15:35
*** namrata has quit IRC15:37
arkanos-neutron-install.yml has finished with no errors15:48
arkannow I will run os-octavia-install.yml15:48
CeeMacok15:48
*** gyee has joined #openstack-ansible15:48
*** arkan has quit IRC15:53
*** arkan_ has joined #openstack-ansible15:54
*** arkan_ is now known as arkan15:54
openstackgerritMerged openstack/openstack-ansible-ceph_client stable/ussuri: Add centos-8 support  https://review.opendev.org/74023115:55
arkanCeeMac: os-octavia-install.yml has finished with no errors :))15:56
arkannow let's see15:56
CeeMaclets take a look at brctl and see what has been plumbed in then15:57
arkanok15:57
arkanbrctl show (compute) --> http://paste.openstack.org/show/795767/15:59
arkanbrctl show (controller) ----> http://paste.openstack.org/show/795769/15:59
arkanthere is an instance amphora running since 14 min.16:00
arkanand in octavia container journal log: http://paste.openstack.org/show/795770/16:01
CeeMacis tap8f2aa93f-ee the amphora interface?16:01
arkanone moment16:02
arkanit dissappeared16:02
arkanI think it will create another instance16:02
CeeMacso the controller looks good, you have eno1.510 and container eth14 in br-lbaas16:02
arkanit created a new amphora instance16:03
arkanbut from octavia container it can not reach it16:03
arkan... r: HTTPSConnectionPool(host='172.29.232.186', port=9443): M ...16:04
CeeMaci'm still not so sure about that br-vlan.111 that is dropped in the neutron bridge on compute node16:04
arkanI did not touch it, and now it's not used as I think16:04
arkanit's from the previous installation16:05
CeeMachmm, there needs to be some way to get traffic out of the neutron bridge to the 510 vlan so that it can get to the compute node and br-lbaas16:05
CeeMaccan you check the interface id of the amphora against the tap interface in the bridge16:05
CeeMacbrqbc8fc1f4-e116:06
arkanthat is from the previous installation that was used with br-vlan16:06
CeeMacyou left br-vlan there though16:06
CeeMacand I guess your neutron network is still set the same that the amphora is attaching to?16:07
arkanyes, we said to not touch it for now16:07
CeeMacyes16:07
arkando you want me to destroy every br-vlan on this planet ?16:07
CeeMaccan you get an 'openstack network show' output for the neutron network16:07
CeeMaclets not be hasty lol16:07
arkanok16:08
arkanyou mean openstack network list16:08
CeeMacno16:09
CeeMacthat would list all of the networks16:09
CeeMaci just want to see the specific network information for the provide network under neutron :)16:09
arkanshow for lbaas-mgmt16:09
CeeMacyes16:10
arkanopenstack network show lbaas-mgmt16:10
CeeMacand for the subnet for that network also16:10
arkanhttp://paste.openstack.org/show/795771/16:11
arkanhumm16:11
arkanit kept the segmentation id16:11
arkanI think I needed to destroy this network before running neutron16:11
CeeMacyes16:12
CeeMacit is also still vlan type16:12
arkanafter I destroy it16:12
arkanI will rerun neutron-install & octavia-install again16:12
CeeMacsounds good16:12
arkanok16:12
CeeMacthen lets do brctl again to see how things look16:13
arkanok16:13
arkanok now I destroyed it16:14
arkannow I will run the roles16:14
CeeMacok16:15
*** udesale_ has quit IRC16:19
arkanos-neutron-install.yml has finished without errors16:27
CeeMacgreat16:27
CeeMaccan you check did the provide network get created?16:27
arkanon moment16:27
CeeMacand can we get a quick brctl16:27
arkanI can see this16:28
arkanbr-lbaas8000.a22eebb1b4cbnob12e701e_eth1416:28
arkanon controller node16:28
CeeMacand on compute?16:28
CeeMaccan you paste full output16:29
arkanthis16:29
arkanbr-lbaas8000.a22eebb1b4cbnob12e701e_eth1416:29
arkaneno1.51016:29
arkanok, let me past all16:29
CeeMacthanks16:29
arkanbrctl show on controller ---> http://paste.openstack.org/show/795772/16:30
arkanbrctl show on compute1 ---> http://paste.openstack.org/show/795773/16:30
CeeMachmm16:31
CeeMacno eno1.510 in br-lbaas on compute16:31
arkanyes16:31
CeeMacwas that there before, can't remember now16:31
CeeMacanyway, run the ocatvia play see what happens16:31
CeeMacthe neutron bridge is gone, so should get recreated16:32
arkanyes it was there because it was attached in br-lbaas16:32
arkanin the physical network16:32
arkanas I think16:32
arkanas I remember well16:32
CeeMacyes, then we removed it due to host-bind-override16:32
arkanyes16:32
CeeMacgah, i've closed the pastes now16:33
CeeMacone sec16:33
*** cshen has quit IRC16:34
arkanyou can give me the green light to run os-octavia-install.yml16:34
CeeMacgo ahead16:35
arkanok16:35
CeeMacthen get a brctl output from compute once its run16:35
arkanok16:35
arkanok16:42
arkanit has finished without errors16:42
CeeMacgreat16:43
arkanbrctl show on compute ---> http://paste.openstack.org/show/795774/16:43
CeeMacok16:44
CeeMacso we have eno1.510 and the tap interface in the neutron bridge16:44
CeeMacso that should line up16:44
CeeMachow is octavia looking?16:44
arkanbrctl show on controller ---> http://paste.openstack.org/show/795775/16:44
arkanok, amphora has 3 minutes since it was started16:46
CeeMachmm16:46
arkanbut again "No route to host" in octavia container16:46
CeeMacyes16:46
CeeMacso, on both compute and controller, eno1.510 is being bound to the neutron bridge16:47
arkanyes16:47
CeeMacand br-lbaas on the controller only has the container eth14 in it16:47
arkanyes16:48
arkanroot@compute1:~# tcpdump -i tap47f8c8d9-ac16:49
arkantcpdump: verbose output suppressed, use -v or -vv for full protocol decode16:49
arkanlistening on tap47f8c8d9-ac, link-type EN10MB (Ethernet), capture size 262144 bytes16:49
arkan16:49:08.074000 ARP, Request who-has 172.29.235.220 tell 172.29.232.130, length 2816:49
arkan16:49:09.075653 ARP, Request who-has 172.29.235.220 tell 172.29.232.130, length 2816:49
arkanthe above ip 172.29.235.220 is in the eth14 inside octavia container16:50
CeeMacok16:50
arkan154: eth14@if155: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 100016:50
arkan    link/ether 00:16:3e:50:f9:b5 brd ff:ff:ff:ff:ff:ff link-netnsid 016:50
arkan    inet 172.29.235.220/22 brd 172.29.235.255 scope global eth1416:50
CeeMacthe problem is, there is nothing linking the provider network to the physical br-lbaas bridge16:51
CeeMacso the octavia container is not connected to the same broadcast domain16:51
CeeMacnow, after neutron play was run and before octavia play was run, on the controller, eno1.510 was attached to br-lbaas along with the container interface b12e701e_eth1416:52
CeeMacnow since running the octavia play, it is not16:52
arkanisn't it ? br-lbaas8000.a22eebb1b4cbnob12e701e_eth1416:53
arkanbrq53d4b297-478000.4e4db24c32b9noeno1.51016:54
arkantape6612229-1c16:54
arkaneno1.510 it's attached to brq53d4b297-4716:54
arkanright ?16:54
CeeMacyes16:56
CeeMacwhich is the neutron bridge16:56
arkanyes16:56
CeeMacwhat is that tape6612229-1c interface attached to on the controller?16:57
arkanthis is that I was looking at16:57
arkanI was thinking why is there16:57
arkanI found it16:59
arkanit is attached to this brq53d4b297-4716:59
CeeMacyes16:59
CeeMacat one end, what is on the other end16:59
arkan:))16:59
arkanhow can I know?16:59
arkanis there a way to find out ?17:00
CeeMacmaybe show arp on the bridge its attached to to see what IP it is17:00
CeeMacthen see if you can track that back?17:00
arkanok17:00
CeeMacor maybe openstack port list | grep 6612229-1c17:00
CeeMacto get the ID then port show to see what it is attached to (instance id)17:01
arkanopenstack port list | grep tape6612229-1c returns nothing17:01
*** cshen has joined #openstack-ansible17:01
arkanmaybe it's from previous installations17:02
arkani used arp -a17:05
CeeMacdont use tap in grep17:05
CeeMace6612229-1c should be the start of a port id17:05
arkanaha17:06
arkanok17:06
arkan| e6612229-1cd6-457a-aaa7-d000af57789d |      | fa:16:3e:0c:ef:4c | ip_address='172.29.232.30', subnet_id='6eb6d67c-5eaa-4dfa-aacb-67a74638dd31'  | ACTIVE |17:06
*** cshen has quit IRC17:07
arkanCeeMac: here in openstack_user_config.yml octavia is only installed on infra hosts17:13
arkanoctavia-infra_hosts: *infrastructure_hosts17:13
arkanso the containers will be only on infra17:13
arkanis there a possibility to run it on compute also? maybe neutron will make something similar to what it did in the controller node17:14
arkanbut this was just a thought17:14
arkanmaybe that's why here https://github.com/rcbops/rpc-octavia/blob/master/INSTALLATION.md they used br-vlan17:16
arkanin order to reach the compute node17:16
arkanand only br-lbaas exists on the controller node17:17
CeeMacsorry, lost my internet for  a while there17:21
arkanit happens sometimes to me17:21
CeeMacdid you find where that neutron port was plugged?17:22
arkanI don't if you can see what I've wrote erlier17:22
CeeMacyes17:22
arkanI will re-paste it17:22
arkan| e6612229-1cd6-457a-aaa7-d000af57789d |      | fa:16:3e:0c:ef:4c | ip_address='172.29.232.30', subnet_id='6eb6d67c-5eaa-4dfa-aacb-67a74638dd31'  | ACTIVE |17:22
CeeMaccan you paste the full output of openstack port show17:23
arkanearlier messages17:23
arkanhttp://paste.openstack.org/show/795778/17:23
arkanok, I will past it17:24
arkanhttp://paste.openstack.org/show/795779/17:25
arkanit's the dhcp17:26
CeeMacok17:28
CeeMaccan't quite figure out why that would have eno1.510 bound to it17:28
*** aedc has joined #openstack-ansible17:28
arkanCeeMac: do you need me to wipe out all (nuclear effect), and redeploy from zero with the current config ?17:29
arkan:))17:30
CeeMacseems a little drastic :)17:30
arkanI think one month I run the deployment more than CI/CD17:30
CeeMachaha17:31
CeeMacso, br-vlan isn't doing much now by the look of it17:32
admin0i have around 30k messages in ready state  in nova.versioned_notifications.info17:33
admin0any ideas what that is for ?17:33
arkanCeeMac: no I don't think is doing something17:34
arkanCeeMac: for my curiosity, how many NICs are you using in your installation ?17:35
CeeMac3 bonded pairs on compute and network nodes17:36
arkanoh17:36
arkanyou have a lot of NICs17:36
CeeMacyes i wanted to ensure seperation of traffic17:36
arkanin this diagram https://github.com/rcbops/rpc-octavia/blob/master/INSTALLATION.md they used br-vlan17:38
CeeMacyes17:38
arkanand I think that br-lbaas is installed in the controller node17:38
CeeMacand have veth bond between br-vlan and br-lbaas17:39
arkanyes17:39
arkanand br-vlan is on both the controller and compute17:39
CeeMacyes17:39
CeeMacwith vlan tagged interface17:39
CeeMaci'm trying to work backwards how we've ended up where we are17:39
CeeMacso you've defined the "lbaas" provider-network on "br-lbaas" with host-bind-override of eno1.51017:40
arkanyes17:40
CeeMacthen you've specificed this as the octavia_provider_network_name17:41
arkanyes17:41
CeeMacwhich should wire the neutron network 'lbaas-mgmt' to the br-lbaas17:42
arkanyes17:42
CeeMaci'm wondering if its because that bridge is flat its pulling the bound interace out instead and putting it in the neutron bridge17:42
CeeMaccan i get the paste of your openstack_user_config again please?17:43
arkansure17:43
arkanhttp://paste.openstack.org/show/795780/17:44
CeeMacthere is only 1 controller and 1 compute?17:46
arkanyes17:46
arkanit's my home lab 2 rack dell servers17:46
CeeMacright17:46
CeeMacso17:46
CeeMacyou have br-vlan defined with range 101:200,301:40017:47
CeeMacis that something you've put in yourself or taken from the example?17:47
arkanI've taken from the example17:47
CeeMacok17:48
arkanin order to use vlan 111, which was in the diagram17:48
CeeMacand do you have neutron-linuxbridge-agent running on the controller?17:48
arkanyes17:48
arkanroot@controller1:~# systemctl list-unit-files | grep neut17:49
arkanneutron-dhcp-agent.service             enabled17:49
arkanneutron-l3-agent.service               enabled17:49
arkanneutron-linuxbridge-agent.service      enabled17:49
arkanneutron-metadata-agent.service         enabled17:49
arkanneutron-metering-agent.service         enabled17:49
arkanalso17:50
CeeMacok, which explains why its getting the neutron bridge and teh br-lbaas17:50
arkanroot@compute1:~# systemctl list-unit-files | grep neut17:50
arkanneutron-linuxbridge-agent.service      enabled17:50
arkanbut br-lbaas is defined on both physical net17:51
arkanon compute and on controller17:51
arkanlet me paste my physical networks17:51
CeeMaci got them still from before17:51
arkanok17:52
CeeMacok, so if i'm working this out correctly, you could get rid of the second br-vlan in lines 109 to 11717:53
CeeMacchange 105 and 106 to vlan17:53
*** arkan has quit IRC17:53
CeeMacand add range: "501"17:53
CeeMacsorry range: "510"17:53
*** arkan has joined #openstack-ansible17:54
arkanI was disconnected17:54
arkanCeeMac: you said to get rid of lines 109-11717:55
arkanright ?17:55
CeeMacyes17:55
arkanok17:55
arkanshould I destroy them now ?17:55
arkan:))17:55
CeeMacchange 105 and 106 to vlan17:55
CeeMacand add range: "510"17:55
CeeMacor comment them out17:56
CeeMacmaybe comment them out17:56
CeeMacor take a copy of the file first in case you want/ need to revert17:56
arkanrange: "510" will not work17:56
arkan"510:510" this will work17:56
CeeMacyes, sorry17:56
arkanok17:57
arkan... processing ... destroying ...17:57
CeeMacin user_variables, change those 'flat' back to 'vlan', uncomment segmentation_id and set it to 51017:57
CeeMacsorry un-uncomment segmentation_id17:58
arkanI understood17:58
CeeMacno, i was right the first time.  Either way, get rid of the # :D17:58
CeeMacthen you'll probably need to create the veth link between br-vlan and br-lbaas as per the document / diagram17:59
*** cshen has joined #openstack-ansible17:59
arkanwe will see17:59
CeeMacin theory that should add eno2.510 to the neutron network18:00
CeeMaceno2 should be in br-vlan18:00
arkanyes18:00
CeeMacand with the link between br-vlan and br-lbaas it "should work"?18:00
arkanand they don't use the router18:00
arkanthey are directly connected18:00
arkandirect cable from controller to compute on eno218:01
CeeMacyes, direct connection but in a prod env you could have eno2 backing off to a switch stack18:01
arkanyeah, this one is not for prod18:01
CeeMacdid you test giving eno2 an IP on each host and pinging each other by the way?18:01
CeeMacjust to validate the connection is working18:02
arkanyes18:02
arkanit worked18:02
CeeMacgreat18:02
CeeMacdont forget to remove your neutron network before rerunning your plays18:02
CeeMaci need to leave "work" (my dining room) shortly, but i'll keep an eye on the channel from my phone18:03
arkanafter the modification18:03
CeeMacyes18:03
arkanopenstack_user_config.yml ---> http://paste.openstack.org/show/795781/18:03
admin0CeeMac, what app to use irc on phone ?18:03
*** cshen has quit IRC18:03
arkanuser_variables.yml ---> http://paste.openstack.org/show/795782/18:03
CeeMaci use irccloud18:04
CeeMacbut other irc clients are available :)18:04
openstackgerritSatish Patel proposed openstack/openstack-ansible-os_gnocchi master: Add centos-8 support  https://review.opendev.org/74051318:04
CeeMacoctavia_provider_network_name: vlan18:05
arkanok18:05
arkanbut I think it needs _address18:06
CeeMachow do you mean?18:06
arkanvlan_address18:06
CeeMacyou'e mixing up container network name?18:07
arkanas it's here https://docs.openstack.org/openstack-ansible-os_octavia/pike/18:07
CeeMacprovider network name is referencing the correct provider network, in this instance 'vlan' that we just ammended18:07
arkanoctavia_container_network_name18:08
noonedeadpunkadmin0: btw rc2 should be available now18:08
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible/src/tag/21.0.0.0rc218:08
CeeMaci'm talking about octavia_provider_network_name: though arkan18:08
arkanah18:08
CeeMacit is currently lbaas18:08
CeeMacneed to be vlan18:08
arkanok18:09
arkanit's vlan18:09
arkanand octavia_container_network_name: what should it be ?18:09
arkanlbaas_address ?18:09
admin0noonedeadpunk, yep .. i was refreshing that page constantly.. got started as soon as i way it was merged18:09
admin0i saw*18:09
noonedeadpunkok, got it:)18:10
CeeMacI would just leave everything else as it is18:11
arkanok18:11
admin0seeing the fun you are having arkan, i am going to play with it this weekend :D18:13
arkan:))18:13
arkannow it's http://paste.openstack.org/show/795783/18:14
arkanjust to check before the install18:14
*** mmethot has quit IRC18:16
*** mmethot has joined #openstack-ansible18:16
CeeMacOk18:17
arkanCeeMac: is it ok now, shall I start the installation ?18:17
arkangreat18:17
CeeMacYou cleared the neutron network?18:18
arkanyes18:18
arkanit's destroyed18:18
CeeMacGreat18:18
arkanif there is something to do first, is destroying18:19
arkanbecause it's easy to do it18:19
arkan:))18:19
CeeMacYes18:19
CeeMac:)18:19
CeeMacWhen you can't destroy something you know you're in trouble 😁18:19
arkanheheh18:20
CeeMacYou set the veth link up?18:21
arkanno18:21
arkanI said we will see then :))18:21
arkanbut even I need to see in netplan to do it18:22
CeeMacAh, OK. Let's see how brctl looks after install then18:22
arkanalso for my curiosity in your setup, did you need veth to do it manually ?18:22
arkanwith post-up ?18:22
CeeMacI dont use octavia yet18:23
arkanaha18:23
CeeMacAnd I use OVS18:23
CeeMacNot lxb18:23
arkanah18:23
arkanok18:23
arkanso it's different18:23
arkanbut what do you use for LB ?18:23
CeeMacSo I'm pretty much winging this with you :D18:23
arkanhahaha18:23
arkangreat18:23
CeeMacItll be fine :)18:24
CeeMacI started looking at lbaasv2 pre-octavia18:24
CeeMacBut had to put that on hold, we don't offer lbaas just yet18:24
arkanok18:25
CeeMacOr deploy virtual appliance / haproxy vm if needed18:25
arkanif this will work, wow I will make a party today in my dream :))18:25
CeeMacDon't rush out and buy balloons just yet18:26
CeeMacYou might jinx it18:26
arkanyeah18:27
arkanbut I know then how to destroy it :))18:27
arkanthe post up script should be created here18:29
arkan /etc/networkd-dispatcher/routable.d/18:29
arkanwe will see first18:30
CeeMacYes18:30
arkanok neutron has finished18:30
arkannow I will run octavia role18:31
CeeMacOk18:33
CeeMacOut of curiosity how is brctl looking just now?18:33
arkanone moment18:33
admin0do we have a straightforward ovs support now ? or we need to do a lot of overrides still ?18:34
arkanhttp://paste.openstack.org/show/795785/ (compute)18:35
arkanhttp://paste.openstack.org/show/795786/ (controller)18:36
CeeMacOK thanks18:36
CeeMacSo eno1.510 is missing from both br-lbaas18:37
arkandon't thank me, I thank you18:37
arkanyes18:37
arkanuntil os-octavia-install finish18:38
CeeMacPretty sure they should be there after neutron play18:39
arkanok now it has finished18:39
CeeMacI'm willing to be wrong though :)18:39
arkannow it's there18:39
arkanafter octavia18:40
CeeMacShow me the brctl :)18:40
arkanhttp://paste.openstack.org/show/795787/ (compute)18:40
arkanhttp://paste.openstack.org/show/795788/ (controller)18:41
arkanit's there eno2.51018:41
CeeMaceno2.510 is there, but eno1.510 is still missing18:41
CeeMacShould be bound to br-lbaas18:42
arkanyes18:42
arkanI think it remained veth18:42
arkanit needs veth18:42
CeeMacNo, it shouldn't need veth18:43
arkanto br-lbaas ?18:44
CeeMacWell, not for binding eno1. 51018:44
arkanit needs br-lbaas <----> br-vlan18:44
CeeMacYes18:44
arkanin the diagram is easy to watch it there :))18:44
CeeMacMaybe eno1. 510 isn't necessary18:45
arkanyes18:45
arkanis not necessary18:45
arkanthat was made to go through the router as tagged with id 51018:46
CeeMacBut you still had the host-bind-override for eno1. 510 on br-lbaas ?18:46
arkanaha yes18:46
CeeMacUnless you can't have the same vlan tagged on two interfaces?18:46
CeeMacAnyway18:46
CeeMacTry building the veth and see if that fixes the packet forwarding18:47
arkanshould I use the code in https://github.com/rcbops/rpc-octavia/blob/master/INSTALLATION.md ?18:48
arkan# Create the post-up script <----18:48
arkanand specify VLAN_ID=51018:49
CeeMacYes using vlan-id 51018:49
arkanok18:49
CeeMacThe ifup bit won't work though18:51
*** markvoelker has quit IRC18:54
arkanok18:54
arkanbrctl show (controller) ---> http://paste.openstack.org/show/795789/18:55
CeeMacLooks good18:55
arkanwow18:56
arkanI think something is changed now18:56
arkanI can see the rainbow18:56
arkanaha again18:56
admin0 i have this issue in glance mount.nfs: requested NFS version or transport protocol is not supported .. when using glance over NFS18:56
admin0do you know what protocol its requesting ?18:56
CeeMacWhat's the verdict arkan?18:57
arkanI got enthusiasm18:57
arkanNo route to host from octavia container18:57
CeeMacHmm18:57
CeeMacSo, so close18:57
arkanhttp://paste.openstack.org/show/795790/18:58
arkantcpdump (compute) http://paste.openstack.org/show/795791/18:59
arkanthis arp is coming from octavia container19:00
arkanit reached eno2.510 on br-vlan on compute node19:00
arkanI think, let me check19:01
CeeMac91 is the octavia container?19:01
arkanI have this ip for eth14 in octavia container 172.29.235.22019:02
CeeMacSo 91 is asking where is 22019:02
arkan 172.29.232.91 I want to see about it19:03
CeeMacBut is also saying where 91 is, so responding to arp request19:03
CeeMacLooks like arp request isn't reaching 22019:03
arkanit's there19:04
CeeMacWhats there?19:04
arkanlbaas-mgmt19:04
CeeMacYou lost me19:04
arkanone moment19:05
*** markvoelker has joined #openstack-ansible19:06
arkanthere is a port19:06
arkanhttp://paste.openstack.org/show/795792/19:06
CeeMacCan you run tcpdump on eno2 on both servers?19:06
arkaninside lbaas-mgmt network this port has that ip19:06
arkanit's running on compute:nova19:06
arkanok19:07
CeeMacYes, that is the neutron provider network specified19:07
*** mmethot has quit IRC19:08
CeeMacPresumably the octavia container has .220 ip?19:08
arkanyes19:08
CeeMacOk19:08
arkantcpdump (compute) ---> http://paste.openstack.org/show/795793/19:09
arkantcpdump (controller) ---> http://paste.openstack.org/show/795794/19:09
CeeMacOK so on the compute node you can see arp request coming from 220 asking where 91 is, and the arp reply19:10
*** markvoelker has quit IRC19:10
arkanyes19:11
CeeMacYou can also see 91 asking where 220 is but no arp reply19:11
CeeMacSame on controller19:11
arkanyou mean this one on compute Reply19:12
arkanReply 172.29.232.91 is-at fa:16:3e:e1:dd:4c (oui Unknown), length 2819:12
CeeMacCan you get a tcpdump of b12e701e_eth14 on controller please?19:14
arkanyes19:14
arkan19:14:54.294827 ARP, Request who-has 172.29.232.193 tell 172.29.235.220, length 2819:15
arkan19:14:55.322870 ARP, Request who-has 172.29.232.193 tell 172.29.235.220, length 2819:15
arkan19:14:56.342750 ARP, Request who-has 172.29.232.193 tell 172.29.235.220, length 2819:15
arkanonly arping19:15
arkanno reply19:15
arkanonly requests19:15
CeeMacCan you paste me the dump please?19:18
arkanfor that ?19:18
*** spatel has quit IRC19:18
CeeMacFor that interface yes19:18
arkanhttp://paste.openstack.org/show/795795/19:19
admin0how do you remove fwaas ?19:20
admin0is just # in the config good enough ?19:20
*** spatel has joined #openstack-ansible19:22
CeeMacCan you do a tcpdump on v-br-lbaas.510?19:22
arkanok19:22
*** spatel has quit IRC19:23
CeeMacAnd paste me, it's easier to te19:23
CeeMac*read on the phone19:23
*** spatel has joined #openstack-ansible19:23
arkanhttp://paste.openstack.org/show/795796/19:24
CeeMacAnd v-br-vlan19:26
CeeMacOn controller19:26
arkanCeeMac: I have a question19:26
*** dave-mccowan has quit IRC19:27
CeeMacShoot19:27
arkanin the physical network, we have br-vlan but it's attached to the eno219:27
CeeMacYes19:27
arkanit is not tagged as vlan19:27
CeeMacYes19:27
CeeMacNeutron creates tagged port on eno219:28
arkanso, only the bridge created by neutron is tagged on brq23228bbf-bf which has interface eno2.51019:28
arkanand we have veth between br-lbaas and br-vlan19:29
CeeMacIf you add I think -e to the tcpdump on eno2 you should see the vlan tag19:29
arkanyes19:30
*** spatel has quit IRC19:30
CeeMacBut we see requests and replies on compute node19:30
CeeMacBut only requests on controller19:31
CeeMacAnd the bridges are set up identical19:31
CeeMacSo if it works one way it should work the other19:31
CeeMacLet's continue on with the tcpdump and see where the edge of working is19:32
arkanhttp://paste.openstack.org/show/795797/19:32
CeeMacCan you do one on v-br-vlan please?19:36
arkanin our setting what is the role of br-lbaas? in user_variables we used br-vlan in   octavia_provider_network_type: vlan, this will use provider_network of vlan19:36
arkanyes19:36
admin0do you guys know how can i remove fwaas and vpnaas from a running neutron .. is just removing the entry from the config and restart of neutron server enough for it ?19:37
CeeMacBut you can see the arp reply to 220 is at least coming back to eno2 on the controller19:38
arkanadmin0: not yet :))19:38
arkanCeeMac: http://paste.openstack.org/show/795798/19:38
arkanyes19:38
CeeMacbr-lbaas is a physical bridge to attach the octavia container to, same as for br-mgmt and br-storage etc19:41
admin0so at first, neutron plugin base had   firewall_v2, lbv2 and vpn .. i # those and re-run the playbooks .. but they still linger around .. so trying to figure out how to remove them completely19:41
arkangot it19:41
arkanin our case it's using eno1.51019:42
arkan"host_bind_override" is used in our case19:42
arkanit will use it instead of br-lbaas19:42
CeeMacExcept eno1.510 isn't bound to br-lbaas now for some reason19:44
arkanyes19:44
CeeMacSo the reply is getting stuck in br-vlan on the controller19:46
arkanbut what about if we had eno1.510 bound to br-lbaas ?19:46
arkanyes19:46
arkanit's stuck19:47
arkandoes it has to do with arp filter ?19:48
arkanas I know arp filter is there for security reason19:48
CeeMacDo you have the exact same config and kernel modules installed on both hosts?19:49
CeeMacMight be related to container networking19:49
arkanyes they should be19:49
arkanthey are identical OS19:50
arkanubuntu 18.0419:50
arkansame stuff19:50
arkanmodules, apt update & upgrade19:50
arkankernel version19:50
CeeMacI'm wondering if it's some container bridging issue19:51
CeeMacI've seen similar under different circumstances19:51
arkanI don't know19:51
arkanI read that someone solved this19:52
arkanby using the script that we've used19:52
CeeMacIt's working fine on compute where there are no containers right?19:52
arkani'm wondering why it worked19:52
arkanhumm, I can not tell, because my setup is using containers19:52
arkanlxc19:53
CeeMacOn the compute node?19:53
*** arkan has quit IRC19:53
*** arkan has joined #openstack-ansible19:54
arkanI was disconnected19:54
arkanmy question does the team here tested octavia on lxc ?19:54
CeeMacAre there any containers running on the compute node?19:54
arkanno19:54
CeeMacOk19:54
arkanonly on controller19:54
CeeMacSo we know the exact same bridge configuration is working on compute node19:55
CeeMacAt least to eno219:55
arkanyes19:55
CeeMacI guess the compute node isn't using br-lbaas19:55
arkanhumm19:55
CeeMacI need to step away for an hour or so19:56
CeeMacThen I'll have another think when I come back19:57
arkanare you available tomorrow ?19:57
CeeMacOn the phone off and on19:57
arkanand also what time is now ?19:57
arkanhere is 22:5719:57
CeeMacMaybe we need to tag the veth in br-vlan the same as we did for lbaas19:58
CeeMac20:58 here19:58
arkanI'm available tomorrow from the morning till the evening19:58
arkanyes19:59
arkanI can tag it19:59
CeeMacOK, well try recreate v-br-vlan as v-br-vlan.510 and swap it into br-vlan instead19:59
*** cshen has joined #openstack-ansible20:00
CeeMacIf I don't catch you when I'm back later I'll try catch you tomorrow20:00
arkansure, just to charge my batteries (head) :))20:00
arkanI will try this now20:00
arkanhttp://paste.openstack.org/show/795799/20:04
*** cshen has quit IRC20:04
arkantcpdump (compute) ---> http://paste.openstack.org/show/795800/20:10
arkantcpdump (controller) ---> http://paste.openstack.org/show/795801/20:11
arkanoctavia container after having v-br-vlan.510 ---> http://paste.openstack.org/show/795802/20:12
arkanCeeMac: see you tommorrow, and thanks a lot for this investigation20:13
CeeMacSee you arkan20:36
*** KeithMnemonic has quit IRC20:47
admin0my 21.0.0.0rc2 fails in TASK [python_venv_build : Install python packages into the venv] -- neutron playbook20:49
*** dave-mccowan has joined #openstack-ansible21:21
*** spatel has joined #openstack-ansible21:33
spatelnoonedeadpunk: look like something is wrong with build servers, still throwing same error21:34
spateleven i rename redhat-7.yml to redhat.yml21:35
spatellook like build server not fetching newer code21:35
*** this10nly has quit IRC21:35
*** dave-mccowan has quit IRC21:40
*** cshen has joined #openstack-ansible22:01
*** cshen has quit IRC22:05
*** this10nly has joined #openstack-ansible22:34
*** tosky has quit IRC23:36
*** rh-jelabarre has quit IRC23:38
*** spatel has quit IRC23:40
*** rh-jelabarre has joined #openstack-ansible23:41
*** rh-jelabarre has quit IRC23:42
*** rh-jelabarre has joined #openstack-ansible23:42
*** rh-jelabarre has quit IRC23:47
« Thursday, 2020-07-09 Index Saturday, 2020-07-11 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!