Wednesday, 2018-08-01

« Tuesday, 2018-07-31 Index Thursday, 2018-08-02 »
*** jistr has quit IRC00:00
*** jistr has joined #openstack-kuryr00:01
*** livelace has quit IRC00:21
*** livelace has joined #openstack-kuryr00:21
*** phuoc_ has quit IRC00:52
*** phuoc_ has joined #openstack-kuryr00:53
*** atoth has quit IRC01:27
*** Exaeta has joined #openstack-kuryr01:37
*** Exaeta has quit IRC01:43
*** hongbin has joined #openstack-kuryr01:47
*** hongbin_ has joined #openstack-kuryr01:51
*** hongbin has quit IRC01:52
*** eido1on has joined #openstack-kuryr01:54
eido1onWith our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/01:54
eido1onI thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/01:54
eido1onRead what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate01:54
eido1onA fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/01:54
*** eido1on has quit IRC01:55
*** Humvee14 has joined #openstack-kuryr01:56
*** Humvee14 has quit IRC01:56
*** BurningPrincess3 has joined #openstack-kuryr02:15
BurningPrincess3With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/02:15
BurningPrincess3I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/02:15
BurningPrincess3Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate02:15
BurningPrincess3A fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/02:15
*** BurningPrincess3 has quit IRC02:16
*** jcline27 has joined #openstack-kuryr02:23
*** jcline27 has quit IRC02:24
*** wsm has joined #openstack-kuryr02:27
wsmWith our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/02:27
wsmI thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/02:27
wsmRead what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate02:27
wsmA fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/02:27
*** wsm has quit IRC02:28
*** duoi1 has joined #openstack-kuryr02:28
duoi1With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/02:28
duoi1I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/02:28
duoi1Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate02:28
duoi1A fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/02:28
*** duoi1 has quit IRC02:29
*** EvanR26 has joined #openstack-kuryr02:48
*** EvanR26 has quit IRC02:48
*** hongbin_ has quit IRC02:54
*** tzumainn has quit IRC03:01
openstackgerritwangqi proposed openstack/kuryr-kubernetes master: fix a typo  https://review.openstack.org/58767403:03
*** m71220 has joined #openstack-kuryr03:05
m71220With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/03:05
m71220I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/03:05
m71220Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate03:05
m71220A fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/03:05
*** m71220 has quit IRC03:06
*** emerson has joined #openstack-kuryr03:51
emersonWith our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/03:51
emersonI thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/03:51
emersonRead what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate03:51
emersonA fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/03:51
*** emerson is now known as Guest5256803:51
*** Guest52568 has quit IRC03:51
*** Hobby7 has joined #openstack-kuryr04:00
Hobby7With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/04:00
Hobby7I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/04:00
Hobby7Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate04:00
Hobby7A fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/04:01
*** Hobby7 has quit IRC04:02
*** davidebeatrici6 has joined #openstack-kuryr04:04
davidebeatrici6With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/04:04
davidebeatrici6I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/04:04
davidebeatrici6Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate04:04
*** davidebeatrici6 has quit IRC04:05
*** snapiri has joined #openstack-kuryr04:21
*** matlock has joined #openstack-kuryr04:32
matlockWith our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/04:32
matlockI thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/04:32
matlockRead what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate04:32
matlockA fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/04:32
*** matlock has quit IRC04:34
*** kzaitsev_pi has quit IRC05:17
*** yar21 has joined #openstack-kuryr05:17
yar21With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/05:17
yar21I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/05:18
yar21Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate05:18
yar21A fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/05:18
*** yar21 has quit IRC05:18
*** kzaitsev_pi has joined #openstack-kuryr05:24
*** itzikb has joined #openstack-kuryr05:30
*** CoJaBo29 has joined #openstack-kuryr05:31
CoJaBo29With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/05:31
CoJaBo29I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/05:31
CoJaBo29Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate05:31
CoJaBo29A fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/05:31
*** CoJaBo29 has quit IRC05:32
*** lannister has joined #openstack-kuryr05:43
lannisterWith our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/05:43
lannisterI thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/05:43
lannisterRead what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate05:43
lannisterA fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/05:43
*** lannister has quit IRC05:44
*** Praise5 has joined #openstack-kuryr05:52
*** Praise5 has quit IRC05:52
*** janki has joined #openstack-kuryr05:52
*** ZLSA22 has joined #openstack-kuryr05:53
ZLSA22With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/05:53
ZLSA22I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/05:53
ZLSA22Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate05:53
ZLSA22A fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/05:53
*** ZLSA22 has quit IRC05:53
*** Ceber19 has joined #openstack-kuryr06:04
Ceber19With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/06:04
Ceber19I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/06:04
Ceber19Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate06:04
Ceber19A fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/06:05
*** Ceber19 has quit IRC06:06
*** dims has quit IRC06:13
*** alefir has joined #openstack-kuryr06:14
alefirWith our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/06:14
alefirI thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/06:14
alefirRead what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate06:14
alefirA fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/06:15
*** dims has joined #openstack-kuryr06:15
*** alefir is now known as Guest5848606:15
*** Guest58486 has quit IRC06:16
*** dims has quit IRC06:22
*** olspookishmagus8 has joined #openstack-kuryr06:23
olspookishmagus8With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/06:23
olspookishmagus8I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/06:23
olspookishmagus8Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate06:23
olspookishmagus8A fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/06:23
*** olspookishmagus8 has quit IRC06:24
*** dims has joined #openstack-kuryr06:24
*** celebdor1 has joined #openstack-kuryr06:41
*** pcaruana has joined #openstack-kuryr06:42
*** Theking^15 has joined #openstack-kuryr06:47
Theking^15With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/06:47
Theking^15I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/06:47
Theking^15Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate06:47
Theking^15A fascinating blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/06:47
*** AlexeyPerevalov has quit IRC06:48
*** AlexeyPerevalov has joined #openstack-kuryr06:48
*** Theking^15 has quit IRC06:51
*** MrElendig16 has joined #openstack-kuryr06:54
MrElendig16With our IRC ad service you can reach a global audience of entrepreneurs and fentanyl addicts with extraordinary engagement rates! https://williampitcock.com/06:54
MrElendig16I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/06:54
*** MrElendig16 has quit IRC06:54
dmelladoawesome, we've earned our own spammers....06:56
*** gcheresh has joined #openstack-kuryr06:56
*** ChanServ sets mode: +r 07:15
celebdor1dmellado: are you around?07:17
celebdor1dulek: please, take a look at https://review.openstack.org/#/c/575629/1607:18
dulekcelebdor1: I wasn't following those efforts too much. So this is the decided way of implementing multi-vif?07:25
dulekIIRC we had 3 of them. :P07:25
*** threestrands has quit IRC07:26
ltomasbodulek, celebdor1m, dmellado: also take a look at: https://review.openstack.org/#/c/579181 :D07:29
ltomasbocelebdor1, ^07:29
celebdor1dulek: that's how it looks like in the k8s community07:29
celebdor1ltomasbo: gotcha07:31
ltomasbocelebdor1, this should be backported right?07:36
ltomasbohttps://review.openstack.org/#/c/580198/07:36
celebdor1ltomasbo: yes07:37
celebdor1please do07:37
ltomasbook!07:37
ltomasboas there is quite some changes since then, can you take a look if I missed something:   https://review.openstack.org/58770607:38
ltomasbocelebdor1, ^^07:38
celebdor1sure07:40
dulekltomasbo: FYI - stable/queens gate is broken at the moment. I'll take a look after those reviews. :P07:44
ltomasbodulek, I just saw the email! thanks!07:48
dmelladodulek, celebdor1, ltomasbo07:58
dmelladoWe'll have a meeting re multi-vif next Mon07:58
dmelladoDid you see my mail?07:58
celebdor1dmellado: I did not see the email07:59
celebdor1one minute you ask for less meetings, the next you add meetings07:59
celebdor1are you plotting together with my wife to make me doubt my sanity?07:59
celebdor1xD07:59
ltomasbolol08:04
dmelladoWe discussed that in the last meeting xD08:09
dmelladoYou slacker xD08:09
celebdor1oh08:13
celebdor1we did...08:13
celebdor1start calling the asylum for me08:13
celebdor1ltomasbo: did you ensure somehow that with https://review.openstack.org/#/c/579181 the pods can talk to the host k8s monitoring ports?08:29
ltomasbocelebdor1, nop, I didn't address that on this patch08:30
celebdor1ok08:30
celebdor1thanks08:30
celebdor1let's tackle that on a follow-up patch08:30
celebdor1then08:30
ltomasbocelebdor1, that will depend on the subnet VM security group instead, right?08:30
ltomasbopod egress traffic is not blocked08:31
dulekltomasbo: How does https://review.openstack.org/#/c/575629 relate to pools?08:31
celebdor1VM? This also applies to baremetal and the kubelet interface, doesn't it?08:31
ltomasbo(by default_08:31
dulekltomasbo: I assume it's simply using pool driver if its configured, right?08:31
ltomasbocelebdor1, yes, let me see if the traffic is block in that case, perhaps it is already enabled08:31
celebdor1;-)08:32
ltomasbocelebdor1, for the baremetal case, I can ping the host08:33
ltomasboat least with devstack deployment there is nothing preventing that traffic08:33
celebdor1ltomasbo: and talk to other ports?08:33
celebdor1icmp is not a very good signal08:33
ltomasbocelebdor1, for the openshift-ansible (nested) we will need to modify the vms sg08:33
celebdor1ltomasbo: yes, I know08:34
celebdor1I'm talking only of devstack and tempest here08:34
celebdor1ltomasbo: is it me or in https://review.openstack.org/#/c/579181/20/doc/source/installation/network_namespace.rst you swapped around SG_ID_2 and SG_ID_1?08:35
ltomasbocelebdor1, let me see08:35
ltomasbodulek, I think the pool driver is right, it is used in the same way as before for the main_vif08:36
ltomasbodulek, for the additional vif, as there is just an empty implementation, it will not matter (yet)08:36
ltomasbocelebdor1, you mean in lines 57 and 58?08:37
ltomasbocelebdor1, it is meant to be like that, sg 1 should enable access from Sg_id_208:37
celebdor1yes08:37
celebdor1ltomasbo: those two lines confuse me terribly08:38
ltomasboand viceversa, so that when I add sg sg_allow_from_namespace to the pods on the default namespace08:38
celebdor1sg_allow_from_namespaces08:38
ltomasboit allows traffic from the pods with sg sg_id_208:38
celebdor1means that the selected SG will accept connections from all other namespaces, right?08:38
ltomasbocelebdor1, so, in a nutshell, SG_1 should have a rule that allows all traffic from sg_208:38
ltomasboand viceversa08:38
ltomasbothen, I add sg_1 to the pods on the default namespace08:39
celebdor1ok08:39
ltomasboand sg_2 to the pods on the other namespaces08:39
celebdor1those docstrings are confusing08:39
ltomasbo(it took me a while to get that right actually)08:39
celebdor1the first one should probably be08:39
celebdor1# Makes SG_ID_1 allow traffic from SG_ID_208:39
celebdor1or rather08:40
celebdor1# Makes SG_ID_1 allow traffic from the SG in SG_ALLOW_FROM_DEFAULT08:40
ltomasbook, I'll update it08:41
celebdor1thanks08:41
celebdor1with that08:41
celebdor1I think I can +208:41
ltomasboonly that?? nice!08:41
celebdor1well, I'm still finishing the review08:42
celebdor1I may find more08:42
celebdor1but irenab already +2, and I generally trust her reviews08:42
ltomasbobtw, you are right, I cannot access port 80 on the host from the pods08:42
celebdor1heh08:43
celebdor1I knew it!08:43
celebdor1xD08:43
irenabcelebdor1, what did I do? Lost your trust?08:45
ltomasbocelebdor1, did you check that without namespaces?08:45
celebdor1irenab: no, no08:45
celebdor1ltomasbo lost it08:45
celebdor1xD08:46
ltomasboxD08:46
irenab:-)08:46
celebdor1ltomasbo: no, I have not08:46
ltomasbocelebdor1, I did not add any rule to block that traffic... that is why I'm asking...08:47
celebdor1ltomasbo: the docstrings you have in the config options https://review.openstack.org/#/c/579181/20/kuryr_kubernetes/controller/drivers/namespace_security_groups.py is good08:49
*** pmannidi has quit IRC08:49
celebdor1ltomasbo: but you are using different SGs08:49
* dulek ignores ltomasbo patch for now and starts to fix stable/queens.08:52
celebdor1dulek: good08:53
ltomasbocelebdor1, not sure I follow...08:54
celebdor1ltomasbo: before namespaces, all the pods and kubelet interface are all in the default sg of the project, aren't they?08:55
ltomasboyes08:55
ltomasbocelebdor1, ahh, I though your 2 comments were related08:56
ltomasboyou refer to the help string, first right?08:56
ltomasboand then to the fact that the default sg from the k8s project is not used anymore08:57
openstackgerritLuis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Ensure isolation between namespaces  https://review.openstack.org/57918108:58
celebdor1ltomasbo: yes, first the help string08:59
celebdor1right08:59
ltomasbocelebdor1, I had to remove that one, otherwise traffic from pod to pod in different namespaces is allowed09:00
celebdor1ltomasbo: of course09:00
celebdor1:-)09:00
celebdor1and the access to the host was lost as a side effect09:01
celebdor1I wonder if you also lost the probes09:01
ltomasbobtw, dulek celebdor1: this is an important one: https://review.openstack.org/#/c/58756509:01
celebdor1I think you should just put the kubelet iface to be in the same SG as the default namespace09:01
ltomasbowithout that one, services cannot be updated, or better said, once updated, the pools has no members...09:01
ltomasbocelebdor1, taht is a good point09:02
celebdor1;-)09:02
ltomasbolet me try that!09:02
celebdor1please, change that in your current patch09:02
celebdor1ltomasbo: can you backport this patch from yossi?09:03
ltomasbocelebdor1, he already did (even though it is not yet merged)09:03
ltomasbohttps://review.openstack.org/#/c/587583/09:03
celebdor1ah, great!09:04
ltomasboI will update it with the cherry-pick info once the master one gets in09:04
celebdor1perfect09:05
celebdor1thanks09:05
dulekcelebdor1: Is stable/queens using the same kuryr/demo container as master?09:06
celebdor1dulek: I suppose09:07
celebdor1I don't recall09:07
celebdor1but this is set by tempest09:07
celebdor1and tempest runs the same regardless of branch, doesn't it09:08
celebdor1dmellado: ^^09:08
dmelladoThat can be set on the ci09:08
dmelladoShould be the same as of now09:08
celebdor1dulek: why?09:09
dulekcelebdor1: Basically the issue with stable/queens breakage is fact that from pod to service curl starts to produce progress bar. I'm trying to understand why I don't see that on master.09:10
dulekMaybe it's due to kubernetes Python lib… I'll check.09:10
ltomasbodulek, probably not09:12
*** itzikb has quit IRC09:12
ltomasbodulek, probably is using celebdor/kuryr-demo09:12
dulekltomasbo: I don't see why - we aren't branching tempest plugin.09:12
ltomasboahh, true09:12
ltomasbothen it should use the kuryr/demo09:13
celebdor1dulek: progress bar?09:13
celebdor1dafuq09:13
ltomasbocelebdor1, btw, same security group does not help either...09:13
dulekcelebdor1: http://logs.openstack.org/83/587583/1/check/kuryr-kubernetes-tempest-octavia/0ee8862/job-output.txt.gz#_2018-07-31_20_00_15_18771109:13
celebdor1ltomasbo: you sure you are using ovs firewall?09:14
celebdor1dulek: that's weird09:14
celebdor1let me check something09:14
ltomasboltomasbo, yep, only tap devices, no qbr or such09:14
ltomasbocelebdor1, ^^09:14
dulekcelebdor1: I suspect older Python kubernetes client ignores stderr=False and prints it.09:15
dulekcelebdor1: I'll just try `-s`.09:15
celebdor1ltomasbo: please, check on neutron.conf09:16
dmelladoDulek09:16
celebdor1dulek: right, that's why I wanted to fix it in tempest09:16
dmelladoThat's branchless09:16
ltomasbo 27 firewall_driver = openvswitch09:16
dmelladoAnd we won't be branching it but tagging09:17
dulekdmellado: Yeah, but global-requirements.txt is different.09:17
dulekdmellado: On master and stable/queens. So this must be the cause.09:17
dmelladoTag should handle that09:17
dmelladoWorks the same with upstream tempest09:17
ltomasbocelebdor1, found the issue09:17
dmelladoNevertheless09:17
dmelladoAt the doctor now09:18
dmelladoBbl09:18
celebdor1dulek: just pass "--silent"09:18
celebdor1to curl09:18
celebdor1ltomasbo: what's it?09:18
ltomasbocelebdor1, it is the iptables rule on the host09:18
celebdor1which?09:18
dulekcelebdor1: I'll try that, though it might be dependent on curl version.09:18
ltomasbocelebdor1, -A INPUT -j REJECT --reject-with icmp-host-prohibited09:18
dulekcelebdor1: https://stackoverflow.com/questions/7373752/how-do-i-get-curl-to-not-show-the-progress-bar09:18
ltomasbocelebdor1, -A FORWARD -j REJECT --reject-with icmp-host-prohibited09:18
celebdor1I think --silent's been there since forever09:18
dulekcelebdor1: But hopefully version from your container works fine. :)09:18
celebdor1and in kuryr/demo we compile a very recent version anyway09:19
celebdor17.5809:19
celebdor1we use09:19
celebdor1which is just under the one in fedora 7.5909:19
dulekcelebdor1: Awesome!09:21
openstackgerritMichał Dulko proposed openstack/kuryr-tempest-plugin master: Add -Ss to curl executions  https://review.openstack.org/58773609:22
celebdor1;-)09:23
ltomasbocelebdor1, so, without the iptable rule works without any changes, no need to change the sg to the kubelet09:23
celebdor1interesting09:23
celebdor1I guess we already allow everything in the default sg09:23
ltomasbocelebdor1, egreess traffic is always enabled by default09:24
ltomasboonly ingress is restricted09:24
ltomasboso pod -> host is enabled09:24
ltomasbohost -> pod is forbidden09:24
celebdor1host -> pod is necessary for the probes!09:24
celebdor1hence my comment of using the default ns sg09:25
ltomasbowhat probes? for the kuryr-controller and cni?09:25
*** maysamacedos has quit IRC09:28
dmelladook, so on my desktop now09:28
dmelladowhat was the issue with the branching, folks09:28
*** snapiri has quit IRC09:29
celebdor1ltomasbo: and other ports that may need them09:31
celebdor1a lot of apps use probes for health09:31
ltomasbook09:31
ltomasboI think we may need to modify the route too09:31
celebdor1dmellado: solved already09:31
celebdor1which route?09:31
ltomasboas it only includes 10.0.0.64/2609:31
ltomasbofor the kubelet09:31
ltomasboand with namespaces it will need to be the subnetpool id I guess09:32
ltomasboto cover all09:32
celebdor1true09:32
ltomasbocelebdor1, it will be nice to have a tempest test with a pod with probes09:36
ltomasbowe have never tested that, so we can get some surprises...09:37
ltomasbo:q09:37
celebdor1ltomasbo: yes, will add that09:40
celebdor1I'm now adding https to kuryr/demo09:41
openstackgerritMerged openstack/kuryr-kubernetes master: Implement multi-vif driver  https://review.openstack.org/57562909:41
openstackgerritMerged openstack/kuryr-kubernetes master: Services: Fix service connectivity after service port edit procedure  https://review.openstack.org/58756509:58
dulekcelebdor1, dmellado, irenab: zuul.openstack.org tells me that 587738 already passes LBaaSv2 gate, so seems like https://review.openstack.org/#/c/587736/ unblocks stable/queens.10:01
dulek(previously no Tempest tests passed).10:01
celebdor1awesome, thanks dulek10:02
openstackgerritAntoni Segura Puimedon proposed openstack/kuryr-tempest-plugin master: Make Port and http/https configurable for the test container  https://review.openstack.org/58774610:03
celebdor1dulek: ltomasbo: dmellado: gcheresh: https support for the demo container ;-)10:04
celebdor1I'll now rebuild the image and update the patch10:05
celebdor1so far I only tested the binary alone10:05
openstackgerritMichał Dulko proposed openstack/kuryr-tempest-plugin master: Add -Ss to curl executions  https://review.openstack.org/58773610:05
gchereshcelebdor1: thanks10:05
dulekcelebdor1, dmellado, irenab: I've fixed the pep8 error in stable/queens fix. :)10:06
dulekcelebdor1: golang has tabs preferred? :)10:06
dmelladodulek: link?10:08
celebdor1dulek: yest10:08
celebdor1*yes10:08
dulekdmellado: https://review.openstack.org/58773610:08
openstackgerritLuis Tomas Bolivar proposed openstack/kuryr-tempest-plugin master: Namespace isolation tempest coverage  https://review.openstack.org/58067810:28
celebdor1man... pushing docker images on rural dsl sucks10:54
celebdor1and it took me long to figure out why the cert was not working10:55
celebdor1guess what10:55
celebdor1the volume mount was being blocked by selinux10:55
celebdor1brrrr10:55
openstackgerritAntoni Segura Puimedon proposed openstack/kuryr-tempest-plugin master: Make Port and http/https configurable for the test container  https://review.openstack.org/58774610:56
*** threestrands has joined #openstack-kuryr11:15
openstackgerritLuis Tomas Bolivar proposed openstack/kuryr-tempest-plugin master: Namespace svc isolation tempest coverage  https://review.openstack.org/58777811:29
celebdor1irenab: dulek: Can we get https://review.openstack.org/#/c/580701/1 merged?11:41
openstackgerritLuis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Add namespace isolation for services  https://review.openstack.org/58142111:42
*** gcheresh has quit IRC11:42
*** janki has quit IRC11:44
openstackgerritLuis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Ensure isolation between namespaces  https://review.openstack.org/57918111:46
openstackgerritLuis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Add namespace isolation for services  https://review.openstack.org/58142111:46
ltomasbocelebdor1, I've updated the patch with the devstack modification regarding the sg for the kubelet11:47
celebdor1great. Thanks ltomasbo11:48
ltomasbocelebdor1, and the tempest test extension! https://review.openstack.org/#/c/58777811:51
celebdor1I can't find the change for the kubelet in https://review.openstack.org/#/c/581421/1311:52
celebdor1oh, it's on the other patch11:52
celebdor1xD11:52
ltomasbocelebdor1, yes, at 57918111:53
ltomasbocelebdor1, I'm deploying it to ensure there is no problem with that11:53
celebdor1ltomasbo: why does it need allow_from_default11:54
celebdor1?11:54
ltomasboI added both to that one to enable access from namespaces and default-namespace11:54
ltomasboso, allow_from_namespaces adds access from namespaces different to default11:55
ltomasboand allow_from_default from pods on the default namespace11:55
celebdor1also             -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 --dport $port_number -j ACCEPT || \11:55
celebdor1allow everything?11:55
* celebdor1 -> lunch11:56
ltomasboohh, I didn't read that one, let me see...11:56
ltomasbocelebdor1, we should open the healthcheck ports right? though that for sure belongs to a different patch set11:59
openstackgerritMerged openstack/kuryr-tempest-plugin master: Add -Ss to curl executions  https://review.openstack.org/58773612:20
celebdor1ok12:27
dmelladothe temperature here in Madrid is awesome12:28
dmelladocelebdor1: won't you fancy visiting us again?12:28
celebdor1dmellado: temperatures under 50 don't affect me12:30
celebdor1amount of PP voters does12:30
ltomasbolol12:30
dmelladocelebdor1: that also raises the temperature12:31
dmelladocelebdor1: https://78.media.tumblr.com/209bd0f9fea465f97fc9ba8f87ad6825/tumblr_pbpobw6uNp1s9y3qio1_1280.jpg12:31
celebdor1facha & facha asociados12:32
dmelladoyou shouldn't have allowed yours to leave Catalonia ever12:34
*** openstack has joined #openstack-kuryr12:56
*** barjavel.freenode.net sets mode: +ns 12:56
*** barjavel.freenode.net sets mode: -o openstack13:00
-barjavel.freenode.net- *** Notice -- TS for #openstack-kuryr changed from 1533128168 to 144828994313:00
*** barjavel.freenode.net sets mode: +crt-s 13:00
*** lihi has joined #openstack-kuryr13:00
*** leifmadsen_ has joined #openstack-kuryr13:00
*** AlexeyPerevalov has joined #openstack-kuryr13:00
*** pcaruana has joined #openstack-kuryr13:00
*** celebdor1 has joined #openstack-kuryr13:00
*** dims has joined #openstack-kuryr13:00
*** kzaitsev_pi has joined #openstack-kuryr13:00
*** phuoc_ has joined #openstack-kuryr13:00
*** livelace has joined #openstack-kuryr13:00
*** jistr has joined #openstack-kuryr13:00
*** rh-jelabarre has joined #openstack-kuryr13:00
*** shadower has joined #openstack-kuryr13:00
*** openstackgerrit has joined #openstack-kuryr13:00
*** dougbtv_ has joined #openstack-kuryr13:00
*** irenab has joined #openstack-kuryr13:00
*** kiseok7 has joined #openstack-kuryr13:00
*** s1061123 has joined #openstack-kuryr13:00
*** dmellado has joined #openstack-kuryr13:00
*** oanson has joined #openstack-kuryr13:00
*** pc_m has joined #openstack-kuryr13:00
*** celebdor[m] has joined #openstack-kuryr13:00
*** mrostecki[m] has joined #openstack-kuryr13:00
*** dulek has joined #openstack-kuryr13:00
*** russellb has joined #openstack-kuryr13:00
*** lxkong has joined #openstack-kuryr13:00
*** portdirect has joined #openstack-kuryr13:00
*** mfedosin has joined #openstack-kuryr13:00
*** pliu has joined #openstack-kuryr13:00
*** ltomasbo has joined #openstack-kuryr13:00
*** juriarte has joined #openstack-kuryr13:00
*** spotz has joined #openstack-kuryr13:00
*** korean101 has joined #openstack-kuryr13:00
*** ajo has joined #openstack-kuryr13:00
*** fkautz has joined #openstack-kuryr13:00
*** gigo has joined #openstack-kuryr13:00
*** ChanServ has joined #openstack-kuryr13:00
*** barjavel.freenode.net sets mode: +o ChanServ13:00
*** tzumainn has joined #openstack-kuryr13:03
openstackgerritMichał Dulko proposed openstack/kuryr-kubernetes master: Log traceback on errors in Watcher  https://review.openstack.org/58781513:06
irenabcelebdor1, merging13:12
celebdor1thanks!!!13:13
openstackgerritLuis Tomas Bolivar proposed openstack/kuryr-tempest-plugin master: Namespace isolation tempest coverage  https://review.openstack.org/58067813:21
celebdor1dulek: I answered your question about the ENV in the new version of the test container13:22
celebdor1dmellado: did we make the gate build the container or is it still pulling from dockerhub?13:22
*** ChanServ sets mode: +f #openstack-unregistered13:23
dmelladocelebdor1: IIRC you did that patch13:24
openstackgerritLuis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Add namespace isolation for services  https://review.openstack.org/58142113:29
celebdor1dmellado: I thought I did it for the tempest devstack patch13:30
celebdor1but it needed to be on some sort of ansible tempest crap13:30
celebdor1and I have no recollection of doing that13:30
dmelladooh, just put up a playbook on the playbooks directory13:31
dmelladolet me get you a patch13:31
dmelladohttps://review.openstack.org/#/c/560313/13:33
celebdor1thanks dmellado13:35
celebdor1partial thanks only, cause this will force me to write ansible13:35
celebdor1when do the playbooks run?13:37
celebdor1before devstack, don't they?13:37
dmelladocelebdor1: it kinda depends13:37
dmelladoyou can have them run either before, during or after13:38
dmelladopre-run will make them run before, ofc13:38
dmelladoxD13:38
celebdor1we need it to run after devstack and before tempest13:38
celebdor1so that devstack has already installed docker13:38
celebdor1oh, and tempest must have been cloned already13:38
celebdor1so that there is the container image tarball13:39
ltomasboirenab, I lost your +2 on this one: https://review.openstack.org/#/c/57918113:41
ltomasbocelebdor1, I tested https://review.openstack.org/#/c/57918113:41
ltomasbocelebdor1, with the new addition for the sg, they are applied properly13:42
openstackgerritMichał Dulko proposed openstack/kuryr-kubernetes master: Change Pod annotations format to o.vo  https://review.openstack.org/58437713:42
openstackgerritMichał Dulko proposed openstack/kuryr-kubernetes master: Fix compatiblity with old Pod annotation format  https://review.openstack.org/58442113:42
ltomasbobut, should I then expect connectivity from the host  (kubelet) to the pods?13:42
celebdor1ltomasbo: good13:44
celebdor1I already +2ed13:44
celebdor1now you need dulek and irenab13:44
dulekcelebdor1: On it, just a sec.13:44
celebdor1:-)13:44
celebdor1dulek: I'm not hurrying you, that's ltomasbo's job13:44
celebdor1I'm just getting him off my back13:45
celebdor1xD13:45
dulekMeanwhile patches with pod annotation format are now tested and rebased after with pliu's patch. :)13:45
ltomasboxD13:45
celebdor1dulek: awesome13:46
celebdor1I'll try to review today13:46
celebdor1but probably will finish tomorrow13:46
celebdor1dmellado: I invoke the zuul in you13:47
celebdor1I wanna hear "There is no Dani, only zuul"13:48
dmelladohttps://i0.wp.com/www.elciudadano.cl/wp-content/uploads/2017/05/Zuul.png13:48
dulekcelebdor1: I now only wonder about one issue with upgrades.13:48
celebdor1dulek: which13:49
dmelladocelebdor1: did you know that HP used to run a zuul clone called gozer?13:49
celebdor1dmellado: alright13:49
dmelladoxD13:49
dmelladocelebdor1: so what's up13:49
celebdor1IIURC13:49
celebdor1*IIUC13:49
dmelladobefore we go to the httpd restart meeting13:49
celebdor1I should modify .zuul.d/base.yaml13:49
dulekcelebdor1: Basically if we want to remove compatibility code in Stein we need some way of converting all *untouched* annotations after the Q->R upgrade.13:49
dulekcelebdor1: And at this moment the code is contained into a small utility method, so I'm tempted to just live with it and don't care about it now.13:50
celebdor1to have a job that is a parent to kuryr-kubernetes-tempest-base13:51
celebdor1that does not include tempest, only all the other stuff13:51
dmelladowhy would you like to have that?13:52
celebdor1well, how can I have something run after tempest is cloned but before it runs the tests?13:52
dmelladohttps://docs.openstack.org/infra/manual/zuulv3.html13:54
dmelladoI'd check in which phase is tempest actually run13:54
dmelladoon is parent playbook13:54
dmelladohttp://git.openstack.org/cgit/openstack/tempest/tree/.zuul.yaml#n3713:55
dmelladoin any case now that I recall, tempest should be clones as it'd be on required-projects13:57
*** janki has joined #openstack-kuryr14:20
openstackgerritMichał Dulko proposed openstack/kuryr-kubernetes master: Log traceback on errors in Watcher  https://review.openstack.org/58781514:37
* ltomasbo moving from hurrying celebdor1 to hurrying dulek14:41
dulekltomasbo: :)14:41
ltomasbodulek, it would be great if you can take a look to https://review.openstack.org/#/c/579181/14:42
ltomasbo:D14:42
ltomasboirenab and celebdor1 already did, and you suggested the re-shape of the subnet and sg drivers (which made a lot of sense)14:42
*** hongbin has joined #openstack-kuryr14:42
celebdor1dmellado: not sure what you meant with "tempest should be clones"14:43
dmelladocloned14:47
dmelladonot the clone attack14:47
dmellados/s/d14:47
dulekltomasbo: Sure, sure, sorry for the delay, but we've just finished the meeting with interns.14:47
dmelladoheh, we'll take a look ltomasbo14:48
ltomasbodulek, thanks!14:48
ltomasbodmellado, great!14:48
*** janki has quit IRC14:54
ltomasbodulek, this is finally green: https://review.openstack.org/#/c/587706/14:57
dulekltomasbo: Any reason why this isn't creating SGs on ServiceSubnetsDriver.get_security_groups?14:57
ltomasboit was a project vs tenant-id issue14:57
dulekltomasbo: I mean this gets less and less generic with new drivers and handlers.14:57
celebdor1dmellado: reading https://zuul-ci.org/docs/zuul/user/config.html?highlight=inheritance14:58
dmelladocelebdor1: enjoy it :D14:58
celebdor1It seems to me that the run: entry on the parent jobs is overriden14:58
dmelladohttps://upload.wikimedia.org/wikipedia/commons/thumb/5/52/Tipos_de_azules.png/250px-Tipos_de_azules.png14:59
dulekdmellado: Azules?15:00
dmelladodulek: Azuul15:00
dmelladoxD15:00
dmelladocelebdor1: did you check this15:00
dmelladohttps://docs.openstack.org/infra/manual/zuulv3.html15:00
ltomasbodulek, umm15:00
dmelladointheritance vs roles section?15:00
dulekltomasbo: So IMO namespace handler shouldn't need to create the SG.15:01
celebdor1but that looks unlikely, since it is the run: in the tempest .zuul.yaml of the tempest repo the one that actually runs tempest15:01
ltomasbodulek, I guess to follow the same struct as the subnet driver15:01
dulekltomasbo: It should get created by SG driver, when needed.15:01
celebdor1in he playbook15:01
dulekltomasbo: The question is - is it easy to pass it required params?15:01
celebdor1so how the fuck are the 'run' ordered between parents and children15:01
*** janki has joined #openstack-kuryr15:01
ltomasbodulek, but the problem is that we need to annotate the CRD15:02
dulekltomasbo: With the SG id so that we don't "lose" the SG?15:02
dulekltomasbo: And there's an assumption only handlers do that?15:02
ltomasbodulek, the assumption is that crd object gets annotated into the namespace15:03
ltomasbodulek, and the annotation happens after both network and sgs are created15:03
dulekltomasbo: Ah, right…15:04
celebdor1dmellado: ^^15:04
ltomasbodulek, it can be done in a different way, but then keeping track of possible rollbacks will be more complex15:04
dulekltomasbo: Yeah, now I see dragons in rollbacks.15:04
dulekltomasbo: And race conditions that could happen.15:04
ltomasboxD15:04
dulekltomasbo: Okay, I'm convinced. :)15:05
ltomasboxD15:05
ltomasbocelebdor1, dulek: yossi's backport is also green: https://review.openstack.org/#/c/58758315:08
celebdor1thanks ltomasbo15:08
dulekSeems like we've merged some code today. :)15:09
ltomasboxD15:09
celebdor1:-)15:15
*** pcaruana has quit IRC15:15
ltomasbocelebdor1, and yours backport: https://review.openstack.org/#/c/58770615:19
celebdor1thanks!15:22
dmelladocelebdor1: what?15:24
celebdor1so15:25
celebdor1in the zuul documentation it says that if you have a run: in your .zuul15:25
celebdor1it will override the parent one15:26
celebdor1in our case, the base run: is the one that runs devstack and then tempest15:26
celebdor1the problem is that between running devstack and tempest tests with tox15:26
celebdor1we need to do the test container creation15:27
celebdor1from the tar fire15:27
celebdor1*file15:27
openstackgerritLuis Tomas Bolivar proposed openstack/kuryr-tempest-plugin master: Namespace isolation tempest coverage  https://review.openstack.org/58067815:43
openstackgerritLuis Tomas Bolivar proposed openstack/kuryr-tempest-plugin master: Namespace svc isolation tempest coverage  https://review.openstack.org/58777815:43
*** janki has quit IRC15:55
openstackgerritMerged openstack/kuryr-kubernetes master: Ensure isolation between namespaces  https://review.openstack.org/57918116:01
ltomasbodulek, dmellado: seems this is the one to blame: https://github.com/openstack/kuryr-kubernetes/commit/ce3305b9eff3eff736065c9b9a5921bfd593b37516:07
ltomasbonot sure why we didn't hit it16:07
celebdor1so... to sum it up... dulek is the culprit, eh?16:10
celebdor1xD16:10
celebdor1why aren't we setting it when it is containerized?16:11
celebdor1oh, of course16:11
celebdor1xD16:11
celebdor1because then we get it from env vars16:11
celebdor1xD16:11
celebdor1that's an easy fix16:12
ltomasboyep16:12
ltomasbothe vars are there16:12
ltomasboso, if the config map is defined with api_root = "" it should work16:12
celebdor1you said it is just 'api_root ='16:13
celebdor1right, without the ""16:13
*** janki has joined #openstack-kuryr16:14
celebdor1anyway16:14
celebdor1let me fix it16:14
celebdor1ltomasbo: run again removing lines 376 and 377 from https://github.com/openstack/kuryr-kubernetes/commit/ce3305b9eff3eff736065c9b9a5921bfd593b375#diff-cd9ddf33b5bab44d58ff1f7e5ccc0c53R37616:15
celebdor1that should fix it16:15
ltomasboyep16:17
openstackgerritAntoni Segura Puimedon proposed openstack/kuryr-kubernetes master: kuryr-tempest-plugin devstack plugin to build kuryr/demo  https://review.openstack.org/58787316:19
*** janki has quit IRC16:24
dmelladoltomasbo: maybe as we didn't update the repo until now xD16:28
dmelladoanyways, I'm off for today16:28
dmelladog'night folks!16:29
*** janki has joined #openstack-kuryr17:06
*** maysams has joined #openstack-kuryr17:12
*** maysams has left #openstack-kuryr17:12
*** maysams has joined #openstack-kuryr17:12
*** pfo has joined #openstack-kuryr17:33
openstackgerritEmilio Garcia proposed openstack/kuryr-kubernetes master: Upstream kuryr Active Active High Availibility Development [Do Not Merge/Do Not Test]  https://review.openstack.org/58299218:14
*** pfo has quit IRC18:34
*** janki has quit IRC19:04
*** rh-jelabarre has quit IRC19:07
*** rh-jelabarre has joined #openstack-kuryr19:10
*** livelace has quit IRC19:29
openstackgerritAntoni Segura Puimedon proposed openstack/kuryr-tempest-plugin master: devstack: Move container build to stack extra  https://review.openstack.org/58807420:27
openstackgerritAntoni Segura Puimedon proposed openstack/kuryr-kubernetes master: kuryr-tempest-plugin devstack plugin to build kuryr/demo  https://review.openstack.org/58787320:28
openstackgerritAntoni Segura Puimedon proposed openstack/kuryr-kubernetes master: kuryr-tempest-plugin devstack plugin to build kuryr/demo  https://review.openstack.org/58787321:23
*** rh-jelabarre has quit IRC21:33
*** hongbin has quit IRC22:20
*** s1061123 has quit IRC22:28
*** s1061123 has joined #openstack-kuryr22:28
« Tuesday, 2018-07-31 Index Thursday, 2018-08-02 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!