Tuesday, 2016-11-29

*** hongbin has quit IRC		00:02
*** yuanying_ has joined #openstack-kuryr		00:03
*** limao has joined #openstack-kuryr		00:29
openstackgerrit	dengshaolin proposed openstack/fuxi: Retrieve volumes from cinder with matched metadata https://review.openstack.org/390448	00:34
openstackgerrit	dengshaolin proposed openstack/fuxi: Fix indexing operation for OrderDict in py3.4 and py3.5 https://review.openstack.org/403958	00:40
*** shashank_hegde has quit IRC		00:46
*** tonanhngo has quit IRC		01:01
*** tonanhngo has joined #openstack-kuryr		01:10
*** tonanhngo has quit IRC		01:14
openstackgerrit	bailin.zhang proposed openstack/kuryr-libnetwork: Fix the file permissions of README.rst https://review.openstack.org/396519	01:20
*** shashank_hegde has joined #openstack-kuryr		01:21
*** yamamot__ has joined #openstack-kuryr		01:41
openstackgerrit	OpenStack Proposal Bot proposed openstack/fuxi: Updated from global requirements https://review.openstack.org/373745	01:42
openstackgerrit	OpenStack Proposal Bot proposed openstack/kuryr-libnetwork: Updated from global requirements https://review.openstack.org/351976	01:44
*** yamamot__ has quit IRC		01:44
*** shashank_hegde has quit IRC		01:56
*** shashank_hegde has joined #openstack-kuryr		01:57
*** yamamot__ has joined #openstack-kuryr		02:04
*** shashank_hegde has quit IRC		02:20
*** hongbin has joined #openstack-kuryr		02:22
*** reedip has quit IRC		02:29
*** reedip has joined #openstack-kuryr		02:32
*** yuanying_ has quit IRC		03:00
*** oanson has joined #openstack-kuryr		03:07
*** yamamo___ has joined #openstack-kuryr		03:22
*** yamamot__ has quit IRC		03:26
*** yuanying has joined #openstack-kuryr		03:59
*** tonanhngo has joined #openstack-kuryr		04:08
*** tonanhngo has quit IRC		04:09
*** jgriffith is now known as jgriffith_away		04:21
*** tonanhngo has joined #openstack-kuryr		04:21
*** tonanhngo has quit IRC		04:22
*** hongbin has quit IRC		04:24
*** oanson has quit IRC		04:30
*** reedip has quit IRC		04:42
*** rock has quit IRC		04:47
*** tonanhngo has joined #openstack-kuryr		05:04
*** shashank_hegde has joined #openstack-kuryr		05:05
*** tonanhngo has quit IRC		05:06
*** shashank_hegde has quit IRC		05:12
*** shashank_hegde has joined #openstack-kuryr		05:35
*** shashank_hegde has quit IRC		06:16
*** irenab has joined #openstack-kuryr		06:24
*** shashank_hegde has joined #openstack-kuryr		06:27
irenab	vikasc, hi	06:38
openstackgerrit	Ilya Chukhnakov proposed openstack/kuryr-kubernetes: [WIP] CNI & VIFBridge binding https://review.openstack.org/404038	06:39
*** oanson has joined #openstack-kuryr		06:41
ivc_	irenab, apuimedo, ping	06:43
irenab	ivc_, pong	06:43
ivc_	irenab, apuimedo, just uploaded a working CNI https://review.openstack.org/404038 (still needs some cleanup, routes handling, tests and will also be split in smaller patches)	06:44
irenab	ivc_, I will take a look and try to run it	06:45
irenab	ivc_, can you please post your local.conf?	06:45
ivc_	irenab, apuimedo, also tried some 'stress-tests' by running "kubectl run nginx --image=nginx --replicas=30" (takes ~2min) and "kubectl delete deployment nginx" (works fine, but seems to exceed k8s timeout with some very unexpected results as it gets called second time by kubelet after pods are deleted and there's no annotations)	06:47
ivc_	irenab, http://paste.openstack.org/show/590746/	06:48
ivc_	irenab, but you also need to 'cd /opt/stack/kuryr-kubernetes && sudo pip install -r requirements.txt' to get rid of 'kuryr.lib' issues	06:49
irenab	ivc_, thanks	06:49
irenab	ivc_, regarding the second time delete, worth to check what k8s devs expected in such case. Looks like in our case its just 'success' operation	06:54
ivc_	irenab, that behaviour is really weird. everything is cleaned up properly on the first run, but for some reason k8s _sometimes_ calls cni again (and then we fail with our own timeout since '?watch=true' gets stuck)	06:59
irenab	ivc_, maybe watch should be kicked upon condition?	07:00
irenab	did you try to ask guys on k8s slack?	07:00
ivc_	irenab, what sort of condition do you suggest? like check pod with 'get' first?	07:01
irenab	actually, I would expect kubelet to take care of it ...	07:01
*** yamamo___ has quit IRC		07:02
irenab	let me take a look on the code	07:02
ivc_	you mean kubelet code?	07:02
irenab	yes, that it will not fire CNI for the false action	07:03
irenab	checking if pod exists sounds like workaround	07:04
irenab	also it assumes that pod is removed from the k8s data store after kebelet 'approves' its deleted	07:05
irenab	kubelet	07:05
irenab	ivc_, do you know how the k8s Pod delete flow goes?	07:05
ivc_	irenab, gotta dig into kubelet source	07:06
irenab	ivc_, same for me :-)	07:06
ivc_	irenab, what i'm afraid of is that probably there's no contract between cni and kube-api that when cni is called pod can be queried from kube-api	07:07
irenab	ivc_, starting to think the same	07:08
ivc_	given the async nature of k8s it might be totally possible and then we are screwed	07:08
irenab	but still do not understand how you cpuld get pods without annotations	07:08
irenab	it either with annotations or does not exist	07:09
ivc_	nope i'm not getting pods without annotations :) i'm not getting pods at all :)	07:09
irenab	aha	07:09
irenab	now it makes sense	07:09
irenab	so assuming there is no contact between Controller part and net plugin part on when pod is removed from the data model	07:10
ivc_	yep it does seems so	07:10
irenab	CNI should try to keep its sources local	07:10
ivc_	we can probably still can get away with our solution with daemon-based cni	07:11
irenab	yes, also thinking of it	07:12
irenab	actually why do we need k8s api for the delete case?	07:12
ivc_	we need vif details	07:12
ivc_	so we can os_vif.unplug	07:13
irenab	the best way would to get it with other args	07:13
ivc_	otherwise we'll have leftover hybrid bridges	07:13
ivc_	no way we can get it with other args	07:13
ivc_	i mean with non-daemon cni	07:14
irenab	I was thinking about adding extra power to kubelet	07:14
irenab	probably longer term	07:14
irenab	or we must keep local cache	07:15
irenab	container id -> vif details	07:15
irenab	probably what you mean by daemon	07:16
ivc_	yep. we need daemon anyway. with the current approach there's one hell of a storm of privsep helpers spawned by os_vif	07:17
ivc_	and we planned it anyway	07:18
*** yuanying has quit IRC		07:20
irenab	so the CNI Add/Del will just send request to daemon and block for reply?	07:21
ivc_	yeah	07:21
*** pcaruana has joined #openstack-kuryr		07:21
*** saneax has joined #openstack-kuryr		07:21
irenab	its just annoying that for Del we need it only for the extra vif info	07:23
ivc_	its not extra	07:24
irenab	I mean which is not pushed to CNI	07:24
ivc_	its part of vif. think of ovs-hybrid case at least - there's that linux bridge	07:24
ivc_	ah, right	07:24
ivc_	well, k8s cni-plugin is still experimental, so maybe it could be customized the way we need	07:26
*** yuanying has joined #openstack-kuryr		07:26
ivc_	the best place for our data is the netcfg json that is streamed to cni.stdin	07:27
irenab	I need some time to go over the code and try to dig into k8s code. Maybe we can consult with k8s guys	07:27
irenab	ivc_, I agree	07:27
irenab	and get it in 'push' from kubelet	07:27
ivc_	irenab, i wonder why did we not find out that k8s behaviour with midokura's PoC	07:29
*** dimak has joined #openstack-kuryr		07:37
*** yamamot__ has joined #openstack-kuryr		07:39
irenab	ivc_, I do not think it was properly tested on scale + maybe previous k8s version behaved differently	07:42
*** lezbar has joined #openstack-kuryr		08:08
*** lezbar has quit IRC		08:17
*** yuanying has quit IRC		08:17
janonymous	alraddarla_: cool, you could try https://review.openstack.org/#/c/394788/, https://review.openstack.org/#/c/394251/ , https://review.openstack.org/#/c/393996/ if that's fine	08:19
*** lezbar has joined #openstack-kuryr		08:19
*** irenab has quit IRC		08:37
*** irenab has joined #openstack-kuryr		08:39
openstackgerrit	Merged openstack/kuryr: Nested-Containers: vlan driver https://review.openstack.org/361993	08:49
apuimedo	ivc_: "the best place for our data is the netcfg json that is streamed to cni.stdin" what makes you say that?	08:50
*** shashank_hegde has quit IRC		08:50
*** shashank_hegde has joined #openstack-kuryr		08:59
*** shashank_hegde has quit IRC		08:59
*** pmannidi has quit IRC		09:00
*** garyloug has joined #openstack-kuryr		09:01
*** lmdaly has joined #openstack-kuryr		09:02
irenab	apuimedo, did you read the discussion we had with ivc_ this morning?	09:11
*** gsagie has joined #openstack-kuryr		09:40
*** ram____ has joined #openstack-kuryr		09:44
*** lezbar has quit IRC		09:44
*** openstackgerrit has quit IRC		09:48
*** openstackgerrit has joined #openstack-kuryr		09:48
apuimedo	irenab: I did	09:50
apuimedo	I'm a bit ill so maybe I didn't get all to perfection	09:50
apuimedo	but I thought the netcfg json that is passed to stdin is more for static configuration	09:50
apuimedo	so it would not serve for passing ovs-hybrid bridge names nor uuids	09:51
apuimedo	If we want to avoid needing watch for delete we could just put data on tempfiles like /run/kuryr/uuid_pod	09:51
apuimedo	irenab: ivc_: ^^	09:51
irenab	apuimedo, when do you suggest to place the tempfiles? On Add?	09:57
apuimedo	just before returning success on add	09:57
irenab	apuimedo, workaround, but possible. so daemon is not needed	10:01
irenab	apuimedo, rest and get well soon!	10:01
apuimedo	irenab: nah...	10:03
apuimedo	no rest	10:03
apuimedo	irenab: https://www.youtube.com/watch?v=jB2nWiEO9T0	10:04
apuimedo	like this	10:04
apuimedo	ivc_: what do you think of the files?	10:04
*** reedip has joined #openstack-kuryr		10:11
*** limao has quit IRC		10:11
apuimedo	irenab: ivc_: vikasc: https://review.openstack.org/#/c/404124/	10:18
openstackgerrit	Merged openstack/kuryr-libnetwork: Updated from global requirements https://review.openstack.org/351976	10:23
*** ram____ has quit IRC		10:44
openstackgerrit	Merged openstack/kuryr-libnetwork: Build docker busybox image locally https://review.openstack.org/399958	11:42
*** yamamot__ has quit IRC		11:46
apuimedo	vikasc: https://review.openstack.org/395453	11:51
*** vikasc has quit IRC		11:56
*** gsagie has quit IRC		12:14
*** lmdaly has quit IRC		12:30
apuimedo	ivc_: irenab: I just posted a gate that tries to install devstack https://review.openstack.org/#/c/404191/	12:31
apuimedo	of course, it will fail until we solve the kuryr-lib release	12:31
apuimedo	which I also submitted	12:31
*** limao has joined #openstack-kuryr		12:45
*** garyloug has quit IRC		12:51
ivc_	apuimedo, thats fantastic!	12:59
*** limao_ has joined #openstack-kuryr		13:04
ivc_	apuimedo, regarding the 'files' approach, i'm not sure. one part of me thinks its terribly UGLY, but on the other hand its quite simple.	13:05
ivc_	apuimedo, but i'd prefer to avoid it if we can. imo the problem would solve itself as soon as we get to 'recycling' ports/vifs	13:07
*** limao has quit IRC		13:07
ivc_	apuimedo, irenab, and our current cni approach is ineffective at best anyway (our cni is fat&slow, multiple IPDB instances flood netlink with unneded spam, os-vif spawns a separate sudo/rootwrap process on each cni exec) so we'll need to do something about it anyway even if it wasn't for the issue with de-sync between cni and k8s-api	13:14
*** yamamoto has joined #openstack-kuryr		13:20
*** yamamoto_ has joined #openstack-kuryr		13:22
*** yamamoto has quit IRC		13:25
irenab	ivc_, 'one part of me' ?	13:25
irenab	ivc_, I think you are in favor of the daemon from the day one.	13:27
ivc_	irenab, well, not exactly 'from the day one', but i am :)	13:31
irenab	ivc_, for recycling ports/vifs, what do you have in mind? per Clusrter or per node?	13:32
ivc_	irenab, performance-wise per-node would be best imo	13:35
ivc_	irenab, best solution would be if we could keep container-side interface and relocate it into some 'recycling' namespace(s)	13:39
irenab	ivc_, neutron related, you distribute ports across nodes?	13:41
ivc_	irenab, but i need to deal with services/lbaas first, so wdyt if we merge the current 'fat' cni (it still requires some tweaks and maybe has to be split in multiple patches)	13:41
irenab	ivc_, with files as apuimedo suggested?	13:42
ivc_	irenab, no, without files	13:42
irenab	ivc_, we can. I think we keep kuryr-k8s experimental anyway	13:42
irenab	ivc_, so how delete is resolved?	13:42
ivc_	irenab, it works now, you just see some unwanted messages in k8s logs	13:43
irenab	how vif is removed ?	13:43
alraddarla_	janonymous, i'll take care of the three you mentioned. thanks for letting me help :)	13:43
ivc_	irenab, https://review.openstack.org/#/c/404038/1/kuryr_kubernetes/cni/binding/base.py@57	13:44
irenab	ivc_, in case pod is not in k8s data model, will CNI be able to clean the host properly?	13:44
ivc_	irenab, during the first call to cni pod is available, but k8s calls cni second time in some cases	13:45
apuimedo	ivc_: we should still find out why that second call happens	13:46
apuimedo	irenab: did you check on k8s?	13:46
irenab	ivc_, not sure we can assume if during the first time Pod is in k8s data model.	13:47
irenab	apuimedo, not yet	13:48
apuimedo	I still prefer if we saved the trip to k8s :P	13:48
apuimedo	let's say that the split small exec / daemon solves it	13:49
irenab	apuimedo, agree on saving the trip for delete. Not sure we can do it for Add	13:49
apuimedo	in that solution, I assume the daemon keeps a dict of all the vifs for the host	13:49
apuimedo	then when it receives the request from the executable, it doesn't need to go to k8s anymore, since it has the data from watch	13:50
apuimedo	if it doesn't have data, it should either 'get' or timeout	13:50
ivc_	irenab, apuimedo, my point is that if you consider the 'fat' cni approach only as a temporary one (as i do) that will allow us to continue with testing (and we don't run 100s of pods for tests, right?) and services. and once we get to functionally-complete impl, we rework cni into daemon/exec	13:50
apuimedo	which is what happens now	13:50
apuimedo	I'm talking about the lean cni now	13:51
irenab	ivc_, I am ok with you proposal for taking steps	13:51
irenab	apuimedo, what do you think?	13:51
apuimedo	the only satisfactory solution for lean cni (split) that I can see is that the dict has a big size with LRU eviction. On first delete we just None the entry, and then when adding more, we collect the oldest Noned entries	13:52
apuimedo	irenab: I'm okay with taking steps	13:52
apuimedo	I'm just thinking out loud whether files still make sense with a lean split cni	13:52
irenab	apuimedo, define lean split	13:53
ivc_	irenab, daemon+exec	13:53
apuimedo	right	13:53
ivc_	apuimedo, i'd prefer if we did not persist state on filesystem if that could be avoided	13:54
irenab	exec called by kubelet and transfers call to daemon, blocks till gets answer?	13:54
ivc_	irenab, yes	13:54
irenab	apuimedo, so you considered Daemon to maintain files?	13:54
ivc_	irenab, apuimedo, and no os-vif/oslo.<anything> in exec for sure	13:54
apuimedo	irenab: no. With the split	13:55
apuimedo	I was considering keeping a big dictionary on memory	13:55
irenab	files versus store in mem?	13:55
apuimedo	that keeps data for all the pods that get scheduled to the host	13:55
irenab	this whagt daemon will maintain	13:56
apuimedo	yup	13:59
apuimedo	and I was proposing a dict with LRU eviction that allows us to track double delete invokation	13:59
apuimedo	and saying that it is still more complex than a files based approach	14:00
apuimedo	but I guess we can try both	14:00
*** lezbar has joined #openstack-kuryr		14:01
ivc_	apuimedo, i don't think we need LRU eviction. its just a matter of how much memory-per pod our data structures will require and how many pods you can expect per node	14:02
apuimedo	ivc_: I understand the concern about keeping files	14:02
apuimedo	I've dealt with its pains in the past	14:02
apuimedo	ivc_: the LRU is to keep track for older non-existing things	14:03
ivc_	apuimedo, not necessary. if we do not delete container-side interface but move it into some kuryr-managed netns, we could use it as source of truth	14:05
apuimedo	why would we not delete the ifaces when DELETE is called?	14:06
ivc_	to get lightning-fast add on recycled ports	14:07
ivc_	*ADD	14:07
apuimedo	oh, that	14:07
apuimedo	right	14:07
apuimedo	it flew out of my mind	14:07
apuimedo	:P	14:07
ivc_	:P	14:07
apuimedo	gotta think about it a bit more	14:07
ivc_	apuimedo, it would be similar to pre-creating ports in advance (something that was discussed already iirc)	14:12
apuimedo	yes, yes	14:12
ivc_	apuimedo, irenab, also consider that it could be an option to get rid of annotations and instead use some sort of controller --> cni-daemon rpc	14:16
irenab	ivc_, apuimedo : did you run devstack lately?	14:16
ivc_	irenab, with or without the cni patch?	14:17
irenab	ivc_, I am starting to realise wheat 'part of me' means :-)	14:17
irenab	ivc_, actually patch is not relevant, it fails for k8s-api	14:17
ivc_	irenab, i think i've forgot to update kuryr.conf cni config (you need to add "kuryr_conf": "/etc/kuryr/kuryr.conf")	14:17
irenab	devstack does not get there far... k8s-api fails with Invalid Auth Config	14:18
apuimedo	irenab: I didn't run it with the cni patch	14:18
apuimedo	:O	14:18
irenab	apuimedo, even before this	14:18
ivc_	irenab, i think you had the same error before	14:19
irenab	No RSA key provided	14:19
irenab	ivc_, I think it was nsenter, so added it a priori	14:20
irenab	apuimedo, now with test you add , we will have an indication if its supposed to work	14:23
ivc_	irenab, well the test clearly states that it does not work :)	14:24
*** lmdaly has joined #openstack-kuryr		14:26
ivc_	irenab, apuimedo, btw maybe what we are seeing with cni could actually be a bug in k8s and its cni plugin	14:31
irenab	ivc_, I want to reproduce it in my devstack and post question on k8s slack	14:33
ivc_	irenab, cool	14:34
irenab	once devstack is happy to serve me ...	14:34
ivc_	:)	14:34
ivc_	irenab, you'll also need to update cni/net.d/kuryr.conf with { "name": "kuryr", "type": "kuryr", "debug": true, "kuryr_conf": "/etc/kuryr/kuryr.conf" }	14:35
ivc_	irenab, and probably something else :) i need to restack on fresh env to cleanup the deployment part of the patch	14:37
irenab	ivc_, share the details once you get some more gotchas :-()	14:37
ivc_	irenab, i'm gonna do a clean restack today and will try to update the patch so it is usable	14:38
irenab	ivc_, thanks. I will continue tomorrow	14:41
*** irenab has quit IRC		14:45
*** garyloug has joined #openstack-kuryr		14:47
kristianjf	Hey guys, new to channel. I was going through some of your slides/doc but having trouble finding which openstack release is scheduled for k8s-cni integration.	15:04
kristianjf	Can anyone point me in the right direction?	15:05
ivc_	kristianjf, you can probably get an official statement from apuimedo	15:16
kristianjf	ivc_: thanks!	15:17
*** dougbtv has joined #openstack-kuryr		15:17
*** hongbin has joined #openstack-kuryr		15:22
*** saneax is now known as saneax-_-\|AFK		15:23
*** tonanhngo has joined #openstack-kuryr		15:33
openstackgerrit	Hongbin Lu proposed openstack/fuxi: Add devstack plugin for Fuxi https://review.openstack.org/402244	15:39
*** oanson has quit IRC		15:46
openstackgerrit	Darla Ahlert proposed openstack/kuryr-libnetwork: Unittest with mock https://review.openstack.org/394788	15:52
openstackgerrit	Darla Ahlert proposed openstack/kuryr-libnetwork: Unittests with mock https://review.openstack.org/394251	16:00
*** dimak has quit IRC		16:28
*** limao_ has quit IRC		16:36
*** pcaruana has quit IRC		16:36
*** akanksha__ has joined #openstack-kuryr		16:38
*** akanksha__ is now known as ApheleiaS		16:41
openstackgerrit	Darla Ahlert proposed openstack/kuryr-libnetwork: Unittests with Mock and add a TestCase https://review.openstack.org/393996	16:54
dougbtv	any chance anyone has seen kuryr being used with openshift? e.g. openshift on openstack with a shared neutron network between the two?	16:58
dougbtv	curious if there's any documentation on trying to get that up, if possible.	16:59
*** shashank_hegde has joined #openstack-kuryr		17:02
*** shashank_hegde has quit IRC		17:12
*** shashank_hegde has joined #openstack-kuryr		17:16
*** neil_ has joined #openstack-kuryr		17:16
*** neiljerram has quit IRC		17:17
*** diogogmt has joined #openstack-kuryr		17:31
*** neil_ has quit IRC		17:44
*** irenab has joined #openstack-kuryr		17:48
*** shashank_hegde has quit IRC		17:51
*** kristianjf has quit IRC		17:52
*** dougbtv has quit IRC		17:58
*** neil_ has joined #openstack-kuryr		18:00
*** jgriffith_away is now known as jgriffith		18:05
*** irenab has quit IRC		18:11
*** tonanhngo has quit IRC		18:14
*** lmdaly has quit IRC		18:20
*** shashank_hegde has joined #openstack-kuryr		18:21
*** shashank_hegde has quit IRC		18:25
openstackgerrit	Darla Ahlert proposed openstack/kuryr-libnetwork: Unittests with Mock and add a TestCase https://review.openstack.org/393996	18:27
openstackgerrit	Darla Ahlert proposed openstack/kuryr-libnetwork: Unittests with Mock and add a TestCase https://review.openstack.org/393996	18:34
*** jgriffith is now known as jgriffith_away		18:40
*** shashank_hegde has joined #openstack-kuryr		18:50
*** garyloug has quit IRC		19:00
*** tonanhngo has joined #openstack-kuryr		19:14
*** oanson has joined #openstack-kuryr		19:27
*** lezbar has quit IRC		19:47
*** jgriffith_away is now known as jgriffith		19:56
*** dougbtv has joined #openstack-kuryr		19:57
alraddarla_	janonymous, ping ?	20:36
*** diogogmt has quit IRC		20:40
*** diogogmt has joined #openstack-kuryr		20:42
*** oanson has quit IRC		20:43
*** ajo has quit IRC		21:16
*** ajo has joined #openstack-kuryr		21:17
*** ajo has quit IRC		21:43
*** diogogmt has quit IRC		21:46
*** ajo has joined #openstack-kuryr		21:46
*** diogogmt has joined #openstack-kuryr		22:12
*** ajo has quit IRC		22:40
*** ajo has joined #openstack-kuryr		22:41
*** diogogmt has quit IRC		23:01
*** yuanying has joined #openstack-kuryr		23:16
openstackgerrit	Hongbin Lu proposed openstack/fuxi: Add basic fullstack volume tests https://review.openstack.org/403941	23:18
openstackgerrit	Hongbin Lu proposed openstack/fuxi: Add basic fullstack volume tests https://review.openstack.org/403941	23:22
*** pmannidi has joined #openstack-kuryr		23:35

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!