Friday, 2018-03-16

« Thursday, 2018-03-15 Index Saturday, 2018-03-17 »
*** celebdor has quit IRC00:14
openstackgerritdongjie zhang proposed openstack/kuryr-libnetwork master: Modify "_get_fixed_ips_by_interface_cidr"  https://review.openstack.org/55283800:52
*** salv-orlando has joined #openstack-kuryr00:55
*** salv-orlando has quit IRC01:00
*** salv-orlando has joined #openstack-kuryr01:56
*** salv-orlando has quit IRC02:01
*** dangtrinhnt has joined #openstack-kuryr02:52
*** hongbin has joined #openstack-kuryr02:57
*** salv-orlando has joined #openstack-kuryr02:57
*** salv-orlando has quit IRC03:01
*** hongbin has quit IRC03:57
*** salv-orlando has joined #openstack-kuryr03:58
*** salv-orlando has quit IRC04:02
*** gcheresh has joined #openstack-kuryr04:03
*** janki has joined #openstack-kuryr04:13
*** gcheresh has quit IRC04:38
*** janonymous has joined #openstack-kuryr04:50
*** salv-orlando has joined #openstack-kuryr04:59
*** salv-orlando has quit IRC05:03
*** gcheresh has joined #openstack-kuryr05:58
*** salv-orlando has joined #openstack-kuryr05:59
*** salv-orlando has quit IRC06:04
*** kiennt26 has joined #openstack-kuryr06:10
*** salv-orlando has joined #openstack-kuryr06:10
*** gcheresh has quit IRC06:17
*** maysamacedos has quit IRC06:33
*** yboaron has joined #openstack-kuryr07:07
*** maysamacedos has joined #openstack-kuryr07:36
*** celebdor has joined #openstack-kuryr08:14
*** maysamacedos has quit IRC08:28
*** maysamacedos has joined #openstack-kuryr08:28
*** jchhatbar has joined #openstack-kuryr08:32
*** janki has quit IRC08:32
ltomasbocelebdor, I see you +W https://review.openstack.org/#/c/552856/08:37
ltomasbocelebdor, what will happen when using tunneling? there will be a mismatch on the MTU size08:38
celebdorltomasbo: not sure I understand08:38
*** gcheresh has joined #openstack-kuryr08:38
ltomasboin case of having a default, to be on the safe side, I will set it to 1450 (so that vxlan and geneve will work properly)08:39
celebdoroh, that...08:39
celebdorWell, this is replicating the linux 1500 default08:39
celebdorbut I would approve a follow-up patch to move the default to 145008:40
celebdorfor the tunneling reason08:40
ltomasbobut the default in neutron is 1450 (for vxlan)08:40
celebdorltomasbo: let me check a moment08:40
celebdorltomasbo: I actually see 1442 with ovn (geneve)08:43
celebdorin tonicloud08:43
ltomasboyes, geneve is a bit larger08:43
ltomasboso, that is why yboaron and I were concern about setting mtu to 150008:43
ltomasboit is tunneling dependent08:43
celebdorI understand08:43
celebdorltomasbo: do you know where's the code that decides 1450/1442 in neutron08:44
celebdor?08:44
ltomasboand you can actually have different tunneling supported at the same time08:44
ltomasboso some networks will have one, some other will have the other08:44
*** yboaron has quit IRC08:44
ltomasboI think yboaron attached to his review a link to a document about that08:44
ltomasboihar was working on an automatic discovery of the mtu along the path08:45
ltomasboproblem is with old installation (when kuryr didn't exists)08:45
ltomasbootherwise, the right mtu is at the network object08:45
ltomasbocelebdor, did you only enabled geneve? you can try to create a network with vxlan and see that the mtu is properly obtained08:46
ltomasbo(otherwise there is a bug)08:46
celebdorltomasbo: I didn't know that ovn can work with vxlan08:57
celebdorcan it?08:57
ltomasboI meant that you can have geneve and vxlan tunneling enabled in neutron at the same time09:02
ltomasbonot sure if that is the great idea to make it working with ovn09:02
ltomasboI think ovn has some support for vxlan, but not sure09:03
ltomasbobut I guess you can use geneve for ml2/ovs09:03
*** gcheresh has quit IRC09:04
*** gcheresh has joined #openstack-kuryr09:07
celebdorI have no ml2/ovs atm09:08
*** jistr is now known as jistr|mtg09:24
*** kiennt26 has quit IRC10:24
*** gcheresh_ has joined #openstack-kuryr10:41
*** gcheresh has quit IRC10:43
celebdordulek: ping10:44
dulekcelebdor: Pong.10:44
celebdordulek: when you said that for cni side choice you only had bridge driver, did you mean ovs hybrid firewall bridge driver or native ovs?10:44
dulekcelebdor: Should work for both, I think. I've only modified BaseBridgeDriver.10:45
celebdorok10:45
celebdordulek: 'reconnect' is what you called moving the iface from the dummy ns to the infra container one?10:46
dulekcelebdor: Yup.10:46
celebdor:-)10:46
celebdorthat's a funny name10:47
dulekcelebdor: I should probably add a ton of docstrings.10:47
celebdorfor a moment I thought it was checking if the dataplane went down somehow10:47
celebdorxD10:47
dulekcelebdor: Naming is hard, you know. ;)10:47
celebdorindeed10:47
dulekcelebdor: I can't even come up with something better. "move" doesn't sound good as well.10:47
celebdordulek: where are we with the privsep stuff?10:48
celebdordoes it still trip the queens release?10:48
dulekcelebdor: Hm, why would it?10:48
celebdorwell, we had that import issue, did we fix that?10:48
celebdorI forgot10:48
dulekcelebdor: That was with os-vif>1.7.0. That was tracked down to usage of pyinstaller.10:49
celebdorah, thanks10:49
dulekcelebdor: So we're more-or-less fine at the moment - I've built upstream containers with older os-vif.10:49
dulekcelebdor: And to fix that properly I want to move them to `docker run` CNI execution.10:50
celebdoryes, that part I remember10:50
celebdorI think for upstream we can probably go use runc directly10:50
dulekcelebdor: I've planned this for today, but currently I'm trying to tackle https://review.openstack.org/#/c/544548 - to unblock Neutron folks.10:50
celebdordulek: yes, yes. Unblock neutron10:51
celebdorfor now I'm reviewing your patch10:51
dulekcelebdor: I appreciate that, I definitely need some help there.10:51
dulekThis daemon-side VIF choice is easy in the big picture, but mind-numbing in details. At least to me. :P10:52
celebdor;-)10:53
openstackgerritMerged openstack/kuryr-kubernetes master: Deprecate running kuryr-k8s without kuryr-daemon  https://review.openstack.org/55017010:58
*** gcheresh_ has quit IRC11:02
*** jistr|mtg is now known as jistr11:07
celebdordulek: any reason to put the different plugins in the same module https://review.openstack.org/#/c/527243/11/kuryr_kubernetes/cni/plugins/k8s_cni_registry.py ?11:18
dulekcelebdor: Not really, but both share this base registry plugin, so it was easier to follow when debugging. Once finished those should be split.11:19
celebdorok11:19
celebdordulek: why are you annotating the kuryrport with the podname?11:23
celebdorIsn't it better to just annotate the pod with the kuryrport?11:24
*** yamamoto has quit IRC11:24
dulekcelebdor: Yup, I haven't yet implemented what we've came up with during the PTG.11:24
celebdorok11:24
celebdordulek: Do we need to watch for pod on present?11:26
celebdorrather, do we need to watch for pod events?11:27
dulekcelebdor: Uhm, interesting question…11:27
celebdorI would have imagined that once we are on cni side11:28
celebdorwe only react to KuryrPort creation to activate11:28
dulekcelebdor: Yup, yup, I get it, CNI ADD/DEL.11:28
celebdorand then on CNI_ADD11:28
celebdorexactly11:28
celebdorbasically we start behaving a bit like a thin cni plugin11:28
dulekcelebdor: I don't immediately see any blockers, let me glance into the code for a moment.11:29
celebdorok11:30
dulekcelebdor: InstanceInfo passed to os.vif can be mocked with CNI params pretty easily, so it's not an issue.11:32
dulekcelebdor: But getting the pool_key to know where to look for VIF is an issue.11:33
dulekcelebdor: I mean not now, when we only have SGs and project as config values.11:33
dulekcelebdor: But once those will be dependent on pod - this might be a problem.11:33
dulekcelebdor: Of course we can just fetch pod info on demand from K8s API.11:34
celebdormmm11:34
celebdorbut those would be for namespace, wouldn't they11:34
celebdorand we know hte namespace on CNI_ADD11:34
celebdoror do you mean for the network policy?11:34
dulekcelebdor: SGs and network policies would be an issue.11:35
dulekcelebdor: You're right on namespace thing, though. :)11:35
celebdorThe more I think about it, the more it seems to me like that for network policy we need the controller to assign once the kuryrport has been assigned11:36
celebdorbut that comes with some assumptions11:36
dulekcelebdor: We can just fetch it on demand when we're running with network policies. It'll be a tremendous performance hit anyway.11:36
celebdoryeah11:36
openstackgerritMichał Dulko proposed openstack/kuryr-libnetwork master: Check for `standard-attr-tag` Neutron extension  https://review.openstack.org/55375611:37
openstackgerritMichał Dulko proposed openstack/kuryr-libnetwork master: Check for `standard-attr-tag` Neutron extension  https://review.openstack.org/55375611:53
openstackgerritMichał Dulko proposed openstack/kuryr-libnetwork master: DNM: Testing a standard-attr-tag fix  https://review.openstack.org/55376311:53
*** yamamoto has joined #openstack-kuryr11:58
*** gcheresh_ has joined #openstack-kuryr11:58
*** yamamoto has quit IRC12:31
*** yamamoto has joined #openstack-kuryr12:36
*** moycavirp has joined #openstack-kuryr12:39
*** maysamacedos has quit IRC12:44
*** jchhatbar has quit IRC12:47
*** jchhatba_ has joined #openstack-kuryr12:47
*** jlabarre has quit IRC12:58
*** jlabarre has joined #openstack-kuryr13:00
*** salv-orlando has quit IRC13:01
*** salv-orlando has joined #openstack-kuryr13:17
*** janonymous has quit IRC13:18
*** caowei has quit IRC13:21
dulekcelebdor: This `runc` thing doesn't look too pretty: https://gist.github.com/mitake/0793dd07bef3d8170fe979774db829c313:26
dulekcelebdor: Is that what you've meant?13:26
celebdornot this flow13:28
celebdorbut it's the same tool13:28
dulekcelebdor: What's the correct flow then?13:29
celebdorrunc exec13:30
celebdorjust like you'd do docker exec13:30
dulekcelebdor: Ah, okay. So you assume container is up already.13:30
celebdoryes13:31
celebdorcan't we13:31
celebdor?13:31
dulekcelebdor: We sure can, but that would be… `docker run`? Or you mean to start it with runc as well?13:31
celebdordulek: the container is started by kubelect since its the daemonset13:33
celebdordocker uses runc to start it13:33
celebdor(for a recent enough version of docker)13:33
dulekcelebdor: Oooh…13:34
celebdorand then we just do runc exec13:34
dulekcelebdor: Okay, I'm not sure why I haven't thought of it. I'm glad I asked. :)13:34
celebdor:-)13:34
*** jchhatba_ has quit IRC13:35
celebdordulek: http://paste.openstack.org/show/703010/13:37
dulekcelebdor: Do you know how id is calculated?13:40
dulekcelebdor: I can inject into container's env anything that's in container spec. I wonder if there's anything that matches.13:41
dulekcelebdor: BTW - what versions of Docker and runc do you have? My runc had issues with container file structure.13:45
celebdorwhat do you need spec?13:46
celebdorthe container is still built with docker13:46
celebdorwe would only use runc for doing the exec13:46
dulekcelebdor: http://paste.openstack.org/show/703012/13:47
celebdorI have runc 0.1.113:48
celebdorand docker 17.05.0-ce13:48
*** hongbin has joined #openstack-kuryr14:00
*** vikasc has quit IRC14:03
*** vikasc has joined #openstack-kuryr14:08
*** hongbin has quit IRC14:20
*** hongbin has joined #openstack-kuryr14:20
*** caowei has joined #openstack-kuryr14:28
*** caowei has quit IRC14:29
*** janki has joined #openstack-kuryr15:25
*** yamamoto has quit IRC15:26
*** yamamoto has joined #openstack-kuryr15:36
*** yamamoto has quit IRC15:41
*** yamamoto has joined #openstack-kuryr15:51
*** yamamoto has quit IRC15:55
*** jistr_ has joined #openstack-kuryr16:01
*** jistr has quit IRC16:03
*** celebdor has quit IRC16:03
*** jistr_ is now known as jistr16:04
*** yamamoto has joined #openstack-kuryr16:06
*** yamamoto has quit IRC16:11
*** yamamoto has joined #openstack-kuryr16:21
*** yamamoto has quit IRC16:25
*** yamamoto has joined #openstack-kuryr16:36
*** yamamoto has quit IRC16:41
*** yamamoto has joined #openstack-kuryr16:51
*** yamamoto has quit IRC16:56
*** neiljerram has quit IRC17:06
*** yamamoto has joined #openstack-kuryr17:06
*** yamamoto has quit IRC17:07
*** yamamoto has joined #openstack-kuryr17:07
*** yamamoto has quit IRC17:07
*** gcheresh_ has quit IRC17:14
*** celebdor has joined #openstack-kuryr17:49
*** vikasc has quit IRC17:51
*** yamamoto has joined #openstack-kuryr18:08
*** yamamoto has quit IRC18:14
*** vikasc has joined #openstack-kuryr18:18
*** gcheresh_ has joined #openstack-kuryr18:45
*** gcheresh_ has quit IRC18:53
*** gcheresh has joined #openstack-kuryr19:00
*** janki has quit IRC19:05
*** celebdor has quit IRC19:06
*** yamamoto has joined #openstack-kuryr19:10
*** yamamoto has quit IRC19:20
*** celebdor has joined #openstack-kuryr19:30
*** gcheresh has quit IRC19:54
*** maysamacedos has joined #openstack-kuryr20:15
*** yamamoto has joined #openstack-kuryr20:17
*** yamamoto has quit IRC20:22
*** yamamoto has joined #openstack-kuryr21:18
*** gcheresh has joined #openstack-kuryr21:21
*** maysamacedos has quit IRC21:22
*** yamamoto has quit IRC21:23
*** gcheresh has quit IRC21:29
*** vikasc has quit IRC22:07
*** hongbin has quit IRC22:07
*** mestery has quit IRC22:07
*** olivierbourdon38 has quit IRC22:07
*** vikasc has joined #openstack-kuryr22:07
*** hongbin has joined #openstack-kuryr22:07
*** mestery has joined #openstack-kuryr22:07
*** olivierbourdon38 has joined #openstack-kuryr22:07
*** salv-orlando has quit IRC22:15
*** salv-orlando has joined #openstack-kuryr22:16
*** yamamoto has joined #openstack-kuryr22:20
*** yamamoto has quit IRC22:26
*** hongbin has quit IRC22:48
*** maysamacedos has joined #openstack-kuryr23:20
*** yamamoto has joined #openstack-kuryr23:22
*** yamamoto has quit IRC23:27
*** maysamacedos has quit IRC23:45
*** openstackgerrit has quit IRC23:48
« Thursday, 2018-03-15 Index Saturday, 2018-03-17 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!