Thursday, 2021-06-03

« Wednesday, 2021-06-02 Index Friday, 2021-06-04 »
*** b1tsh1ft3r has joined #openstack-ansible00:39
*** b1tsh1ft3r has quit IRC00:53
*** b1tsh1ft3r has joined #openstack-ansible02:16
*** b1tsh1ft_ has joined #openstack-ansible02:20
*** b1tsh1ft3r has quit IRC02:24
*** spatel has joined #openstack-ansible02:26
*** frenzy_friday has quit IRC02:54
*** frenzy_friday has joined #openstack-ansible02:54
*** furkance has quit IRC03:32
*** furkance has joined #openstack-ansible03:33
*** spatel has quit IRC03:38
*** spatel has joined #openstack-ansible03:41
*** spatel has quit IRC03:43
*** b1tsh1ft_ has quit IRC04:11
*** b1tsh1ft3r has joined #openstack-ansible04:42
*** b1tsh1ft3r has quit IRC04:50
*** gokhani has joined #openstack-ansible05:59
*** gokhani has quit IRC06:03
*** gokhani has joined #openstack-ansible06:03
*** luksky has joined #openstack-ansible06:13
noonedeadpunkmornings07:13
noonedeadpunkit seems I missed all fun07:16
*** andrewbonney has joined #openstack-ansible07:18
*** tosky has joined #openstack-ansible07:20
*** rpittau|afk is now known as rpittau07:34
jrossernoonedeadpunk: yes, looks like another upgrade gone strange07:42
noonedeadpunkI hope we will be able to figure out at least used version...07:43
jrosserand try to unpick if its no repo server / stale facts / not upgraded controllers first / ...07:43
noonedeadpunkexplicitly disabled building wheels07:44
jrosserright07:45
jrosseri still do wonder if we need to add some sort of circuit breaker behaviour that requires a -e break_the_opendev_servers_for_everyone=yes to avoid07:45
jrosserfrom the chat in #opendev it was failing on the nova repo which is massive, and sounded like compute nodes07:46
noonedeadpunknot sure tbh. and even if we add, it will be effective in years for ppl that face this right now07:47
noonedeadpunkbut yeah, we might add some logic to python_venv_build and check for length of play hosts07:48
noonedeadpunkand fail if wheels are not going to be used or smth07:49
noonedeadpunkI wonder if it can be side effect of broken venv_rebuild and the way ppl workarounded it07:49
jrosserpotentially yes, and if the fix for that is not in their upgrade then the behaviour will be like that forever07:51
noonedeadpunkbtw we have never merged "fix" of venv_rebuild to U07:53
noonedeadpunkhttps://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/77397107:53
jrosseroh yes that, nginx there is totally just for the functional test07:59
jrosserwas questioning again why that wasnt apache instead given it would be straight from the distro packages08:00
noonedeadpunknot to define different package name? hahaha08:02
noonedeadpunkI think because we also use nginx for repo container....08:03
noonedeadpunkshould be easy fix though08:05
opendevreviewlikui proposed openstack/openstack-ansible-os_panko master: Deprecate support for Panko  https://review.opendev.org/c/openstack/openstack-ansible-os_panko/+/79445708:06
jrossernoonedeadpunk: there is one obvious difference though08:07
jrosserthis https://github.com/openstack/openstack-ansible-repo_server/blob/master/defaults/main.yml#L30-L3208:07
jrosservs. https://github.com/openstack/ansible-role-python_venv_build/blob/master/tests/test.yml#L5108:07
noonedeadpunkyeah...08:08
noonedeadpunkto be fair, we also install epel there as well08:08
jrosserbut only for lsyncd i think08:09
noonedeadpunkoh, hm.. yeah08:11
* noonedeadpunk already launched functional test locally08:11
opendevreviewJonathan Rosser proposed openstack/ansible-role-python_venv_build stable/ussuri: Do not drop all wheels with venv_rebuild  https://review.opendev.org/c/openstack/ansible-role-python_venv_build/+/77397108:16
jrosser^ that uses the same repo for nginx as repo_server08:16
opendevreviewlikui proposed openstack/openstack-ansible-os_placement master: Update index.rst for stable/victoria  https://review.opendev.org/c/openstack/openstack-ansible-os_placement/+/79446208:17
jrosseri guess part of the trouble here is that the fix we made is good enough to prevent venv_rebuild=true causing a problem08:21
jrosserbut it won't rescue a repo_server which is already in the broken state08:21
noonedeadpunkyeah, it won't....08:21
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: DNM: exercise base-test in ansible deploy jobs  https://review.opendev.org/c/openstack/openstack-ansible/+/79433208:23
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: DNM: exercise base-test in ansible deploy jobs  https://review.opendev.org/c/openstack/openstack-ansible/+/79433208:24
opendevreviewlikui proposed openstack/openstack-ansible-os_placement master: These should be indented four spaces to match the other things in this block  https://review.opendev.org/c/openstack/openstack-ansible-os_placement/+/79446408:24
noonedeadpunkyep, it;s working (in regards to nginx08:25
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-rsyslog_client master: Add support for debian bullseye  https://review.opendev.org/c/openstack/openstack-ansible-rsyslog_client/+/79128808:29
noonedeadpunkjrosser: any point for -W in https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/791290 ?08:29
jrosserno - i think other than it was maybe one of the first bullseye patches i made and it couldnt be shown to be OK without a bunch of others08:31
*** luksky has quit IRC08:31
jrosserwhich we now have08:31
noonedeadpunkok, fair08:32
*** luksky has joined #openstack-ansible08:32
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Add PKI role to integrated repo  https://review.opendev.org/c/openstack/openstack-ansible/+/78803108:38
opendevreviewMerged openstack/ansible-hardening master: Switch hardening to integrated tests  https://review.opendev.org/c/openstack/ansible-hardening/+/79264009:06
*** odyssey4me has quit IRC09:51
opendevreviewMerged openstack/openstack-ansible-os_placement master: These should be indented four spaces to match the other things in this block  https://review.opendev.org/c/openstack/openstack-ansible-os_placement/+/79446409:54
opendevreviewMerged openstack/openstack-ansible master: setup.cfg: Replace dashes with underscores  https://review.opendev.org/c/openstack/openstack-ansible/+/78831209:57
*** gokhani has quit IRC10:03
*** admin1 has joined #openstack-ansible10:06
*** odyssey4me has joined #openstack-ansible10:10
*** gilou_ has joined #openstack-ansible10:13
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/victoria: Fix sahara backend URL  https://review.opendev.org/c/openstack/openstack-ansible/+/79444410:13
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/ussuri: Fix sahara backend URL  https://review.opendev.org/c/openstack/openstack-ansible/+/79444510:14
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible stable/ussuri: Fix sahara backend URL  https://review.opendev.org/c/openstack/openstack-ansible/+/79444510:16
*** gokhani has joined #openstack-ansible10:17
*** Gilou has quit IRC10:20
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Use PKI role to install CA certificates  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/79043110:29
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_manila master: Updated from OpenStack Ansible Tests  https://review.opendev.org/c/openstack/openstack-ansible-os_manila/+/78036210:46
*** gokhani has quit IRC11:00
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-openstack_hosts master: Use PKI role to install CA certificates  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/79043111:02
*** gokhani has joined #openstack-ansible11:02
noonedeadpunkFeels like we can merge https://review.opendev.org/q/topic:%22osa%252Fbullseye%22+(status:open) and https://review.opendev.org/q/topic:%22osa%252Fpki%22+(status:open) and do RC1 this week!11:03
opendevreviewJonathan Rosser proposed openstack/openstack-ansible-openstack_hosts master: Use PKI role to install CA certificates  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/79043111:06
jrosser^ fixed the tags11:06
noonedeadpunkI think both things might be left11:07
noonedeadpunkbut not sure what makes sense here11:07
noonedeadpunkalways is must have for sure though11:07
opendevreviewDmitriy Rabotyagov proposed openstack/ansible-config_template master: Use ansible_facts[] instead of fact variables  https://review.opendev.org/c/openstack/ansible-config_template/+/78075311:10
*** halali_ has quit IRC11:11
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Disable fact variables  https://review.opendev.org/c/openstack/openstack-ansible/+/77839611:12
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_ceilometer master: Fix u-c filter regex  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/78381211:13
opendevreviewMerged openstack/openstack-ansible-haproxy_server master: Update documentation for keepalived ping addresses  https://review.opendev.org/c/openstack/openstack-ansible-haproxy_server/+/78237511:25
*** halali_ has joined #openstack-ansible11:32
*** halali_ has quit IRC11:40
*** akahat has joined #openstack-ansible11:48
*** ioni has joined #openstack-ansible11:52
ionihi  guys11:55
ionidoes anyone have example on how to configure network on centos 7?11:55
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests stable/victoria: Add is_metal variable  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/79445011:58
noonedeadpunksorry, don't have any centos7 handy nowadays :(12:00
admin1ioni, is it for bridge or ovs or ovn ?12:02
ionibridge12:04
admin1its fairly easy .. copy the eth0/ens0 file to br-vlan etc and modify ..and then put BRIDGE=br-mgmt etc in the interface files12:05
ionidone that12:06
ionibut it tells me that I need to add an ip on bond0, bond0.1012:06
ionibut the ip is on br-mgmt12:06
admin1what tells you to add those ips ?12:06
ionibond0 bond0.10 doesn't come up12:06
ioniifcfg ?12:07
noonedeadpunkif interfaces are part of bond there should be no ips12:07
admin1what tells you add the ips  != ifcfg ..    valid answers are =>  "the voice in my head",  "ansible documentation" ,"some guy who said it should be like that" etc12:07
ionihttps://paste.xinu.at/6n6sN/12:07
ioninoonedeadpunk, indeed but it fails to come up with that error :)12:08
admin1so you have 1 bond and you want everything to be under that bond ?12:08
ionii know i shouldn't have ips on those, i'm running OSA  for 5 years on ubuntu12:08
ioniadmin1, yes12:09
admin1if you have bond0 and you want to use bond0 for all, then   you need 3 or 4 vlan tags ..  for br-mgmt, br-vxlan, br-storage  ( and maybe br-ssh) ..  and then the bond0 itself will be under br-vlan12:09
admin1if the port is hybrid and carries a vlan tag, then bond0 itself can have an ip address to be used for ssh12:10
admin1so in your case, are these already done and are the interfaces up and in the correct bridges12:10
admin1once those are up, then we move to configuring the ip part12:10
ioniok, have you seen the screenshot?12:11
ioniadmin1, again, i know how to layout should be, i've done it 1000 times on ubuntu12:11
mgariepywhat is are interface configuration ?12:12
admin1the screenshot is not an output of nmcli  or brctl show status to validate that12:12
mgariepylike what interface are part of the bound ?12:12
admin1ioni, ok .. in the bond0, you need to put BRIDGE=br-vlan12:12
admin1but there is no br-vlan in the screenshot12:12
ionihttps://paste.xinu.at/s7mL/12:12
mgariepy`cat /proc/net/bonding/bond0`12:13
mgariepyis the bonding module loaded ?12:13
admin1ioni,   modinfo 8021q12:13
*** halali_ has joined #openstack-ansible12:13
ionii loaded it now.12:14
ioniseems that centos 7 is not really a modern os12:15
mgariepy2014..12:15
mgariepywhy centos btw?12:16
admin1it should work now12:17
admin1config looks fine12:17
admin1cat /proc/net/vlan/config will show if the tags are added and in what interface12:17
noonedeadpunkAnd it has only maintenance updates atm12:18
ionii'm trying to get rid on some legacy tehnology and the "new one" works only centos 712:19
admin1ioni, did it worked after the module is loaded ?12:20
ioniadmin1, well, at least now i see some errors12:21
ionibrctl not available :)12:21
admin1you have to go to rpmfind.net, search for the bridge-utils rpm and download and install12:21
admin1maybe its in epel ..12:21
admin1have been a while since i have used centos .. its all ubuntu/debian now12:21
ionii'll manage it somehow12:22
admin1ioni =>  rpm -ivvh https://rpmfind.net/linux/centos/7.9.2009/os/x86_64/Packages/bridge-utils-1.5-9.el7.x86_64.rpm12:23
ioniyum install bridge-utils worked12:24
opendevreviewAndrew Bonney proposed openstack/openstack-ansible master: Add PKI role to integrated repo  https://review.opendev.org/c/openstack/openstack-ansible/+/78803112:34
opendevreviewMerged openstack/openstack-ansible-openstack_hosts master: Use appropriate osbpo repo for Bullseye  https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/79416112:37
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Add PKI role to integrated repo  https://review.opendev.org/c/openstack/openstack-ansible/+/78803112:38
*** gokhani has quit IRC12:47
opendevreviewMerged openstack/openstack-ansible-lxc_container_create master: Add Debian Bullseye support  https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/79389612:49
admin1 ioni, all working fine now ?12:54
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests stable/victoria: Workaround linting issue  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/79290612:57
ioniadmin1, yes. bond0 and all interfaces are coming up as expected. looking into bond112:58
*** spatel has joined #openstack-ansible12:59
opendevreviewMerged openstack/openstack-ansible-lxc_container_create master: Add upgrade jobs  https://review.opendev.org/c/openstack/openstack-ansible-lxc_container_create/+/79425613:47
*** odyssey4me has quit IRC13:49
opendevreviewMerged openstack/openstack-ansible-lxc_hosts master: Add upgrade jobs  https://review.opendev.org/c/openstack/openstack-ansible-lxc_hosts/+/79425513:52
admin1https://thelounge.chat/ is nice ( i am using now ) . no more znc or bouncers .13:53
*** odyssey4me has joined #openstack-ansible14:00
*** lowercase has joined #openstack-ansible14:01
noonedeadpunklooks suuuper nice indeed14:05
jrossernoonedeadpunk: do you have a moment to look at the upgrade trouble lowercase was having yesterday? i have a meeting unfortunatley just now14:06
noonedeadpunksure14:06
noonedeadpunkbtw, regarding policy issue being reported - http://paste.openstack.org/show/806326/14:07
opendevreviewMerged openstack/openstack-ansible-os_panko master: Fix wsgi_venv path for panko-api  https://review.opendev.org/c/openstack/openstack-ansible-os_panko/+/79419514:07
noonedeadpunk(it's pure aio, so single container/node)14:07
noonedeadpunkand it randomly fails. Which doesn't happen with yaml btw14:07
mgariepynot all the thread refreshed ?14:08
noonedeadpunkfeels like this, yes...14:09
noonedeadpunkbut um...14:09
noonedeadpunkwhy only for json then...14:11
mgariepyif you restart keystone.14:18
mgariepydoes it do the same thing?14:19
mgariepyerr.. nova.. lol14:20
mgariepyjust to see if it's a dynamic loading issue or another issue.14:21
spatelnoonedeadpunk in ansible i have to use shell because command module doesn't support complex operation14:23
spatelI tried command and playbook failed but it works with shell: module14:23
noonedeadpunkmgariepy: haven't tried tbh with other service14:24
noonedeadpunkalso to add context, it's about https://bugs.launchpad.net/openstack-ansible/+bug/193027614:24
opendevmeetLaunchpad bug 1930276 in openstack-ansible "Nova API not restarted when nova policy is updated" [Undecided,Triaged] - Assigned to Dmitriy Rabotyagov (noonedeadpunk)14:24
noonedeadpunkspatel: you haven't used anything complex where I commented14:24
spatelshell: ovs-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/status OVN_Northbound | sed 's/ //g' | grep -oP '(?<=Role:).*'14:25
spatelthis line doesn't work with command: module14:25
noonedeadpunkbut I commented L2014:25
noonedeadpunknot L3914:25
spatel:)14:25
spatelyou are goddam right... i thought you prefer command over shell14:26
spateli was overthinking.. sorry14:26
spatelall good then, let me check my handler part and then we i can resolve these changes14:27
spatelnoonedeadpunk what is the deal with config_template ?14:27
spatelwhat is the difference between template and config_template ?14:28
noonedeadpunkbecause you can override anything you want with config_template?14:29
noonedeadpunklike we do with all config overrides14:29
noonedeadpunkI prefer command over shell when it's possible to use command :)14:30
noonedeadpunkAnd it's not like me, but more like ansible-lint is also thinking14:30
noonedeadpunkhttps://github.com/ansible-community/ansible-lint/blob/master/src/ansiblelint/rules/UseCommandInsteadOfShellRule.py#L102-L10614:31
spatelThank you for explanation.14:33
mgariepynoonedeadpunk, added a comment on https://review.opendev.org/c/openstack/openstack-ansible/+/78360614:42
opendevreviewMerged openstack/openstack-ansible-os_neutron master: Use neutron_conf_dir for absent policy removal  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/78849914:43
opendevreviewMerged openstack/openstack-ansible master: Gather minimal facts in CI  https://review.opendev.org/c/openstack/openstack-ansible/+/79004214:51
opendevreviewMerged openstack/openstack-ansible master: Don't collect virtual facts  https://review.opendev.org/c/openstack/openstack-ansible/+/78992614:52
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Add Debian Bullseye support  https://review.opendev.org/c/openstack/openstack-ansible/+/78360615:18
noonedeadpunkjrosser: so it was 20.04 hosts and 18.04 controllers what caused the issue15:39
jrosserahha15:40
jrosser"upgrade one of the controllers" is tricky too - it has to be the one running lsyncd i think15:40
jrosseri was thinking if it was possible to introduce just one host of the required OS and use that for wheel build15:41
noonedeadpunkand I have some ideas how to handle that15:42
jrosserin principle its easy, boot a host (or VM) and override the build host for a ansible group or smth15:43
jrosserbut then the LB will not pick the one you want15:43
noonedeadpunkI mean overall situatuion during venv_build15:43
* noonedeadpunk need to run away15:43
jrosserok15:43
jrosseri wonder if thats a threading issue for the oslo.policy bug15:51
mgariepyi do wonder if the restart fix the issue or not.16:06
jrosseri was wondering if reloading the policy only updated what was possibly local to one (some?) threads16:10
jrosserand restarting would guarantee that they all got the new policy16:11
jrosserfsvo threads though, it is python after all16:12
*** rpittau is now known as rpittau|afk16:12
mgariepyhttps://github.com/openstack/oslo.policy/blob/master/oslo_policy/policy.py#L417-L42416:13
mgariepynot the same parser !16:13
*** sshnaidm is now known as sshnaidm|afk16:32
opendevreviewMerged openstack/ansible-role-uwsgi master: Add support for debian bullseye  https://review.opendev.org/c/openstack/ansible-role-uwsgi/+/79129016:39
noonedeadpunkmgariepy: restart fixes it, yes16:40
noonedeadpunkand that's good catch...16:41
noonedeadpunkjrosser: mgariepy: - would be great to merge that to unblock V functional tests https://review.opendev.org/c/openstack/openstack-ansible-tests/+/79290616:44
jrosserdone16:51
noonedeadpunkbtw regarding pki - https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/790431 fail during upgrade. I think it's because we don't have https://review.opendev.org/c/openstack/openstack-ansible/+/788031/10/tests/roles/bootstrap-host/files/user_variables_pki.yml when upgrading16:55
noonedeadpunkwhich means we should add some upgrade hook, or move that to defaults?16:56
noonedeadpunkI think we were discussing that some time ago...?16:56
jrosseroh right i think user_variables_pki needs to be removed completely to group_vars16:59
jrosserjust which group_vars maybe a good question16:59
noonedeadpunkall/infra?17:00
noonedeadpunkoh!17:00
noonedeadpunkall/ssl17:00
jrossereasy answer is all17:00
noonedeadpunkhttps://opendev.org/openstack/openstack-ansible/src/branch/master/inventory/group_vars/all/ssl.yml17:00
noonedeadpunksuper proper place :)17:00
jrosserbut i was thinking that maybe the variables only actually do anything on the host that makes the certs17:00
jrosserhowever i was unsure of that17:01
noonedeadpunkwe don't really delegate everything...17:03
noonedeadpunkI think we can add to all and move later on17:03
noonedeadpunkAlso would be great to have https://review.opendev.org/c/openstack/openstack-ansible/+/76997417:04
noonedeadpunk(offtop_17:04
noonedeadpunkbut we will less mess up things and more clear view where does things come from17:04
opendevreviewJonathan Rosser proposed openstack/openstack-ansible master: Add PKI role to integrated repo  https://review.opendev.org/c/openstack/openstack-ansible/+/78803117:06
opendevreviewSatish Patel proposed openstack/openstack-ansible-os_neutron master: Add ovn clustering support  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/79426618:18
opendevreviewSatish Patel proposed openstack/openstack-ansible-os_neutron master: Add ovn clustering support  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/79426618:19
opendevreviewSatish Patel proposed openstack/openstack-ansible-os_neutron master: Add ovn clustering support  https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/79426618:22
opendevreviewMerged openstack/openstack-ansible-os_ceilometer master: Fix u-c filter regex  https://review.opendev.org/c/openstack/openstack-ansible-os_ceilometer/+/78381218:51
*** dmsimard4 has joined #openstack-ansible19:14
*** dmsimard has quit IRC19:20
*** dmsimard4 is now known as dmsimard19:20
*** lowercase has quit IRC19:26
*** lowercase has joined #openstack-ansible19:29
opendevreviewMerged openstack/openstack-ansible master: Cleanup after service variables merged  https://review.opendev.org/c/openstack/openstack-ansible/+/76997419:39
*** djhankb has joined #openstack-ansible19:55
*** spotz has quit IRC20:24
*** lowercase has quit IRC20:28
*** spotz has joined #openstack-ansible20:47
spatelFolks, I have question20:55
spatelI want to build nginx or haproxy loadbalancer which support 1 million connection20:56
spatelmy load-testing saying i running out of local port range so i need to add more IPs in backend20:57
spatelbut found linux kernel doesn't do load-balancing with multiple IPs20:59
*** andrewbonney has quit IRC21:14
admin1for 1 million connects, you use dns to round-robin the connections to multiple servers21:20
jrosserspatel: are you running out of ports between haproxy and the backends?21:22
spatelyes21:23
spateli have 3 web server21:23
jrosseryou can specify source <ip> for each server in the backend21:24
admin1you can try to do ip_local_port_range  from  2000 : 6500021:24
admin1so that you get a big range21:24
spateljrosser something like this ? - https://www.irccloud.com/pastebin/0167bHKh/21:24
jrosserhttps://stackoverflow.com/questions/26886641/haproxy-connect-to-backend-with-source-ip21:25
spatelinteresting21:25
admin1spatel, found an article for 2 million connections -> https://www.freecodecamp.org/news/how-we-fine-tuned-haproxy-to-achieve-2-000-000-concurrent-ssl-connections-d017e61a4d27/21:25
jrosserdepending on how many connections each backend can support you may even be able to have multiple IP on each backend21:26
jrosserand then list them as multiple server in the haproxy config each with a unique source / destination address21:26
spatellets say i have 10 IPs in haproxy i can distribute them between 3 web right? like manual mapping21:29
spatellet me build haproxy in my lab and give it a try21:29
jrossersomething like that, yes21:29
jrosseranother thing to look as is using bgp and ecmp and just don’t use haproxy at all21:30
jrosserroute-to-the-host21:30
spatelwhat about TLS/SSL termination :)21:30
jrosserwell distribute that too :) don’t have a single bottleneck21:31
jrosserjust saying there’s more than one approach here - funnelling the traffic through one thing isn’t the only way21:31
admin1if your single haproxy goes wrong, you cause a 100% downtime for those million (clients)21:35
admin1distributing to say 5-10 will minimize a total downtime21:36
spatelstarted building lab - https://ibb.co/tsBRDfq21:41
spatelmy haproxy is in keepalive21:41
jrosserspatel: this is an excellent article (check out the whole blog too) https://vincent.bernat.ch/en/blog/2018-multi-tier-loadbalancer21:51
spatelwow! very nice work by that guy.. so much details21:52
*** spatel has quit IRC22:15
*** tosky has quit IRC23:00
*** luksky has quit IRC23:07
*** furkance has quit IRC23:37
*** furkance has joined #openstack-ansible23:38
« Wednesday, 2021-06-02 Index Friday, 2021-06-04 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!