Tuesday, 2015-04-07

« Monday, 2015-04-06 Index Wednesday, 2015-04-08 »
*** mlavalle has quit IRC00:06
*** vivek-ebay has quit IRC00:10
openstackgerritmin wang proposed openstack/neutron-lbaas: Admin API tempest  https://review.openstack.org/17101100:26
*** xgerman has quit IRC00:30
*** mwang2 has quit IRC00:42
*** bharath has quit IRC00:56
*** bharath has joined #openstack-lbaas00:56
*** vivek-ebay has joined #openstack-lbaas00:57
*** SumitNaiksatam has joined #openstack-lbaas00:58
*** bharath has quit IRC01:01
*** xgerman has joined #openstack-lbaas01:33
*** xgerman has quit IRC01:36
*** xgerman has joined #openstack-lbaas01:37
*** xgerman has quit IRC01:37
*** xgerman has joined #openstack-lbaas01:37
openstackgerritMadhusudhan Kandadai proposed openstack/neutron-lbaas: Introduced tempest API tests for openstack/neutron-lbaas  https://review.openstack.org/16562701:38
*** xgerman has quit IRC01:39
*** xgerman has joined #openstack-lbaas01:39
*** vivek-ebay has quit IRC01:48
*** madhu_ak has quit IRC02:01
*** madhu_ak has joined #openstack-lbaas02:02
*** xgerman has quit IRC02:09
*** madhu_ak has quit IRC02:39
*** chlong has quit IRC02:42
*** chlong has joined #openstack-lbaas02:44
*** vivek-ebay has joined #openstack-lbaas02:58
*** ajmiller_ has joined #openstack-lbaas03:08
*** xgerman has joined #openstack-lbaas03:09
*** ajmiller__ has quit IRC03:12
openstackgerritMadhusudhan Kandadai proposed openstack/neutron-lbaas: Introduced tempest API tests for openstack/neutron-lbaas  https://review.openstack.org/16562703:16
*** sbfox has joined #openstack-lbaas03:32
*** fnaval has quit IRC03:47
*** TrevorV_ has joined #openstack-lbaas03:56
*** TrevorV_ has quit IRC04:01
*** fnaval has joined #openstack-lbaas04:06
openstackgerritPhillip Toohill proposed openstack/neutron-lbaas: WIP: Neutron LBaaS: TLS Barbican Scenario Test  https://review.openstack.org/16482804:16
*** amotoki has joined #openstack-lbaas04:20
*** xgerman has quit IRC04:28
openstackgerritTrevor Vardeman proposed stackforge/octavia: Amphora SSH Driver  https://review.openstack.org/16096404:29
*** madhu_ak has joined #openstack-lbaas04:34
*** bharath has joined #openstack-lbaas04:42
*** bharath has quit IRC04:46
*** vivek-ebay has quit IRC04:52
*** sbfox has quit IRC04:56
*** sbfox has joined #openstack-lbaas05:08
*** TrevorV_ has joined #openstack-lbaas05:08
*** TrevorV|Home has joined #openstack-lbaas05:19
openstackgerritDoug Wiegley proposed openstack/neutron-lbaas: Rename imports based on neutron tests reorganization.  https://review.openstack.org/17098305:20
openstackgerritDoug Wiegley proposed openstack/neutron-lbaas: Rename imports based on neutron tests reorganization.  https://review.openstack.org/17098305:21
*** apuimedo has joined #openstack-lbaas05:22
*** madhu_ak has quit IRC05:23
*** TrevorV_ has quit IRC05:28
openstackgerritDoug Wiegley proposed openstack/neutron-lbaas: WIP - Test an alternate mechanism for enabling lbaasv2 in devstack-gate  https://review.openstack.org/17104905:31
TrevorV|HomeHey doug can I bother you a minute?05:35
TrevorV|Homedougwig, ^^05:35
dougwigTrevorV|Home: sure05:35
*** Aish has quit IRC05:36
TrevorV|HomeI'm unable to stack devstack.05:36
TrevorV|HomeAttributeError: 'InstallRequirement' object has no attribute 'url'05:36
TrevorV|HomeThat's the last line of the error stacktrace bit05:36
dougwigi need a little more context than that.  :)05:36
TrevorV|HomeYeah, I was getting it05:36
TrevorV|Homeha ha05:36
TrevorV|Homepython update.py /blah/blah/python-neutronclient.py05:37
TrevorV|Home(no .py on client, sorry)05:37
TrevorV|HomeThat's what threw the error at least05:37
TrevorV|HomeThe only change I see in my devstack directory is fixing "openrc" to have "admin" as user instead of "demo"05:38
TrevorV|HomeI should have tried fresh clone first.05:38
TrevorV|HomeHold on05:38
TrevorV|HomeYeah, started fresh with same issue05:40
TrevorV|HomeWant a gist of the stack?05:40
TrevorV|Homedougwig, ^^05:40
dougwigyes, please05:41
TrevorV|Homehttps://gist.github.com/anonymous/4b4f0e92e45a08a8008205:41
TrevorV|HomeOnce again, only change was me replacing "demo" with "admin" in openrc05:42
dougwigi don't think i've ever done it that way before.  is /opt/stack git repos or package directories?05:43
TrevorV|HomeWhen you run stack.sh that's where all the projects are installed05:44
TrevorV|HomeYou don't think you've ever specified admin or what?05:45
dougwigright.  and those are git repos, right?05:45
TrevorV|HomeSorry, yes05:45
dougwigno, i meant i've always done requirements updates from dev source trees.05:46
dougwignot that they should ever need to be done manually.  what are you trying to do05:46
dougwig?05:46
TrevorV|HomeLiterally stack.05:46
TrevorV|HomeIt fails.05:46
dougwigoh, i see.05:47
dougwigyou don't want to hear my normal answer to that kind of weird error.05:47
TrevorV|HomeWhat, reinstall?05:47
TrevorV|HomeI'm on my linus tower, otherwise I would :(05:47
dougwiggo to bed and try again in the morning.  :)05:47
TrevorV|Homelinux***05:47
TrevorV|HomeHa ha ha I could, but I'm a little determined right now05:48
dougwigis this a fresh stack, or have you done a devstack before?05:48
TrevorV|HomeI've successfully stacked previously to this, like just last week, started up today and it fails.  It may be that it's too late for me right now and I can't think about how to find the error05:49
dougwigaha, that's where you're fucked.05:49
TrevorV|HomeYeah, exactly... hence me asking for help :P05:49
dougwigfirst i'd wipe everything out of pip, then i'd do "./unstack.sh ; ./clean.sh ; git pull ; ./stack.sh"05:50
TrevorV|HomeHmm... forgot about ./clean.sh05:50
dougwigthe downrev requirements mix isn't tested, because the single-use jenkins nodes always get the latest.05:50
TrevorV|HomeHow does one... clean out pip?05:51
dougwigpip list, and nuke the content.05:51
TrevorV|HomeLike.. one at a time?!?05:52
TrevorV|Homedougwig, it's made it a lot farther after the clean.sh05:55
TrevorV|Homecrossing my fingers...05:55
dougwigre-using devstack nodes is a lot like playing russian roulette with a glock.05:56
TrevorV|Homehmm... nevermind... still failed with the same error, just must have done extra setup previous to the attempt.05:56
dougwigyou have RECLONE=yes ?  does it fail the same way manually?05:57
TrevorV|HomeYeah, fails the same way05:57
TrevorV|HomeI'm not sure what you mean by manually05:57
TrevorV|HomeLike, going into each /opt/stack/project directory and doing a "pip install -r reqs"05:57
TrevorV|Homethere?05:57
dougwigyeah, re-create the same steps.05:58
TrevorV|HomeI can try05:58
dougwigworst case, all the deps install, and it can skip that path on the next stack.  best case, you find the error.05:58
rm_workpip freeze | xargs pip uninstall05:59
rm_work;P05:59
TrevorV|Homenice rm_work06:00
TrevorV|HomeYou think doing that and then running ./stack.sh should help maybe?06:00
rm_workeh, really not sure if your pip installed packages are going to be an issue06:00
rm_worki missed the actual problem06:00
rm_workother than your devstack on your local machine is f'ed06:01
TrevorV|HomeScroll up, link above to gist06:01
rm_workcan't06:01
TrevorV|HomeI repaste06:01
rm_workreconnected on this machine too recently06:01
TrevorV|Homehttps://gist.github.com/anonymous/4b4f0e92e45a08a8008206:01
TrevorV|HomeI debate bringing in my tower just for this to get sorted out :P06:01
rm_workwhere does the "InstallRequirement" class come from06:02
rm_workeerg possibly setuptools06:03
rm_workdistros have a funny habit of using custom, old/outdated setuptools06:04
rm_workso like, the one that ships with ubuntu06:04
rm_workyou have pyenv on there?06:04
dougwigyeah, i'm betting it's a package version mismatch snafu.06:04
rm_workif so, try this (easy to revert):06:04
rm_workpyenv install 2.7.806:05
TrevorV|HomeI think I have pyenv06:05
rm_workpyenv virtualenv 2.7.8 openstack06:05
rm_workpyenv global openstack06:05
rm_workTHEN do your devstack06:05
rm_workthat'll guarantee you no distro BS06:05
TrevorV|Homesays 2.7.8 already exists06:05
rm_workokthat is fine06:05
rm_workwasn't sure if you had installed it already06:05
TrevorV|HomeThat's the one I use default06:06
dougwigi hate to disappear on you guys, but i've been up since 3am.06:06
rm_workheh06:06
dougwigso i'm disappearing.  :)06:06
dougwignight06:06
TrevorV|Hometake it easy dougwig sorry to keep you06:06
rm_workTrevorV|Home: so yeah you're just going to make a clean virtualenv based on pyenv's 2.7.8, and then set it global06:06
TrevorV|HomeCan't make it my global06:06
TrevorV|Homesays not installed06:06
rm_workerr06:06
TrevorV|Homemistyped, nvmd06:06
rm_workwait did i get the args backwards for cirtualenv06:07
rm_work*virtualenv06:07
rm_workah nope good06:07
rm_workanywho, hopefully that should work06:07
TrevorV|Homealright, restacking with that06:07
rm_workand that way you can clean it out by just removing that virtualenv and remaking it every time06:07
rm_workor at least, every time you have issues06:07
TrevorV|HomeYeah06:07
rm_workyou can do "pyenv global system"06:08
rm_workto reset06:08
TrevorV|HomeIf this doesn't fix it, then fuck.06:08
TrevorV|HomeI'm so mad06:08
TrevorV|HomeNope.06:08
rm_worki could WFT tomorrow morning if you wanted me to look at it :P or you could just haul it in06:08
TrevorV|HomeSame effing error06:08
TrevorV|HomeI'm probably going to haul it in06:08
TrevorV|HomeI'll haul it in every damn day just to keep a linux machine as my primary macheen :P06:09
rm_worktracking down the InstallRequirement code now to figure out what version the url parameter disappeared/appeared in06:09
rm_workOH06:09
rm_workit comes from pip!06:10
TrevorV|Home?06:10
rm_workpip --version06:10
TrevorV|Home6.1.006:10
rm_workwhat the jesus06:10
rm_workrofl06:10
TrevorV|HomeIs that old??06:10
rm_workweird, usually pyenv installs its own pip06:11
TrevorV|Homeright?!06:11
TrevorV|Homewell, it did06:11
dougwigTrevorV|Home: given the zuul status of two simple lbaas changes right now, i'd *highly* recommend going to bed and trying again in the morning.06:11
TrevorV|HomeDAMNIT dougwig I WAS WORKING ON PROVING BRANDON WRONG06:11
rm_workTrevorV|Home: ok so06:13
dougwigTrevorV|Home: yep, your error is being discussed in the infra channel.06:13
rm_workcan you paste the WHOLE pip version response?06:13
dougwigTrevorV|Home: i'm sure you can find some other way to prove brandon wrong.  it's a target rich goal.06:13
rm_workinteresting06:13
TrevorV|Homedougwig, this happens every time... EVERY time I get REALLY close to getting him proven wrong... something comes up.06:14
TrevorV|HomeEvery time06:14
dougwigTrevorV|Home: the universe hates you.  with cause.06:14
rm_workTrevorV|Home may just have been the first in here to see this issue :P06:14
rm_worklike i was the first one to suffer from the gate failure at the SA hackathon06:14
TrevorV|HomeYeah.  I just.  Idk.  Alright.06:14
rm_workand was tearing my hair out for 30m06:14
rm_workof course, this has been apparently longer :P06:14
TrevorV|HomeI'll call it a night then.  Probably bring my tower into the office for funsies.  See you guys later.06:15
rm_workTrevorV|Home: still curious though about pip06:15
dougwigyou can fix the bug and be a global openstack hero.06:15
TrevorV|HomeThanks dougwig , now go to sleep06:15
rm_workTrevorV|Home: could you paste the whole line?06:15
dougwignight all06:15
rm_workWOAH06:15
bloganTrevorV|Home: you won't prove me wrong until you fix all the other bugs to get to the point im at06:16
TrevorV|HomeWhat other bugs?06:16
bloganTrevorV|Home: you need to flush after you write, that is a definite06:16
TrevorV|HomeNope, don't have to do that, and if you'd have listened I could have proven to you why06:17
bloganwell if you could get the code running you will see i am right06:17
blogani've commented on the other bugs ive got so far06:18
TrevorV|HomeSecond comment is not a bug.  It should be changed in a different review.06:19
TrevorV|HomeFirst comment I agree06:19
rm_workblogan: i think technically if you do a .close() it should force a flush06:19
rm_workassuming you mean a socket or a file buffer06:19
bloganrm_work: well since he's trying to read the file before the close, and the fact that delete=True on a tempfile deletes the file on close...no06:20
TrevorV|HomeIf the interpreter does some weird auto-flush behavior when running manually then I can see me being wrong06:20
rm_workTrevorV|Home: that's very very possible06:20
TrevorV|HomeHowever, when I open the interpreter and write to the file, then open another terminal and check that temp-file's contents, its populated by what I write to it06:20
TrevorV|HomeWithout having closed it.06:21
bloganTrevorV|Home: you should change it to what the data_model has it currently, another review can go into your code and change it to container_id if it is wanted06:21
TrevorV|HomeI thought it was currently named container_id blogan06:21
bloganTrevorV|Home: and it does not do that for me in an interpreter, nor the code running, so it is possible that it works for you and not me, but flushing it after the write should still be done06:22
bloganTrevorV|Home: in neutron-lbaas, not in octavia06:22
TrevorV|Homeoh seriously?!?!06:22
TrevorV|HomeMy bad06:22
bloganyeah, i didn't explain that well enough, but yeah you can't run your code unless that is fixed, and fixed in the jinja code as well06:23
bloganTrevorV|Home: are you doing a with tempfile.NamedTempFile(delete=True) as temp06:24
bloganin your interpreter?06:24
TrevorV|Homeno, and that's not in the code, is it?06:24
blogannope06:24
TrevorV|HomeThe steps I've done in the interpreter are as follows06:24
TrevorV|Homeimport tempfile stuffs06:25
bloganand you're doing it in ubuntu right?06:25
TrevorV|Homeyes06:25
TrevorV|Homeimport tempfile stuffs06:25
TrevorV|Hometmp = NamedTempFile(delete=True)06:25
TrevorV|Hometmp.write("some data")06:25
TrevorV|Homeprint tmp.name06:25
TrevorV|HomeThen, I open a new terminal and run "cat tmp.name"06:26
TrevorV|HomeBoom, "some data" is printed to the terminal06:26
rm_workyep06:27
rm_workfound the change06:27
rm_workhttps://github.com/pypa/pip/commit/e8e2566279879b7df04394edfcaa9c63c0ce9e6706:27
TrevorV|HomeWoah... See now it didn't work06:28
TrevorV|Homewtf06:28
bloganTrevorV|Home: yep i do the exact same thing, and the file exists, without any data06:28
TrevorV|HomeYeah, just got that.06:28
bloganflush will work all the time06:28
TrevorV|HomeIt wrote on my cloud vm though.  Weird.06:28
TrevorV|HomeIdk what its doing different there.06:28
TrevorV|HomeDifferent version of python maybe?06:28
blogan? no idea06:28
TrevorV|Home2.7.606:28
*** kobis has joined #openstack-lbaas06:28
TrevorV|HomeYeah, earlier version06:29
TrevorV|HomeShit06:29
TrevorV|HomeAlright, so you're right, flush will work every time.06:29
TrevorV|HomeIt should be done right after the write though right?06:29
rm_workyeah file handles are unpredictable06:29
rm_workyeah06:29
rm_workwrite -> flush06:29
rm_workthe writes depend on the OS and disk caching06:31
rm_workso if you are doing it manually, often there is a delay and some other writes queue up on your system from other things06:32
rm_workand by the time you check, it's gone through06:32
bloganalso your sftp.put assumes that directory exists06:32
TrevorV|HomeYeah, I saw that one06:32
rm_workbut if it's happening quickly in code, it will be too fast and miss06:32
rm_workugh, fucking directory making is BS06:32
bloganTrevorV|Home: so what have we learned today?06:32
bloganTrevorV|Home: ill start it off 1) brandon is always right06:33
TrevorV|Homeblogan, that sometimes the environment can skew results, and 2 people can be right at the same time06:33
rm_workbecause os.mkdir behaves differently in just about EVERY python version06:33
bloganTrevorV|Home: no, you were not right06:33
bloganrm_work: paramiko sftp has a mkdir command06:33
rm_workdoes it behave correctly? :P06:33
TrevorV|HomePfff06:33
bloganso at least that is abstracted away06:33
bloganwe can assume so06:33
rm_workbecause os.mkdir should die in a fire06:33
* blogan crosses fingers06:33
TrevorV|HomeEither way, I can't say I care about that, so I'll figure it out.06:33
blogancare about what?06:34
TrevorV|HomeWorst case I'll just toss in another exec line to make the directory06:34
TrevorV|HomeI'll make the changes here in a minute and push the review again06:34
TrevorV|HomeI'll update to tls_certificate_id or whatever06:34
TrevorV|HomeI was adlibbing because I hadn't read it yet06:35
rm_workexec should be used as little as physically possible06:35
TrevorV|HomeGoddamn my cat is all over me right now...06:35
TrevorV|HomeDesk is her space apparently06:35
rm_workit's one of those things to have a good level of paranoia about06:35
TrevorV|HomeJudging by the fact that the ssh_driver is BUILT around the exec function, I can't say I'll agree with you in this case.06:36
rm_workwell, i helped them fix the gate06:36
TrevorV|HomeWait, so stacking should work now or no06:36
blogansame issue TrevorV|Home was running into?06:37
rm_workyeah06:37
rm_workTrevorV|Home: not yet06:37
rm_workthere's a patch up06:37
rm_workI linked the cause -- it was pip 6.1.0 release today06:37
TrevorV|HomeYeah, thanks for that rm_work06:37
rm_workhttps://github.com/pypa/pip/commit/e8e2566279879b7df04394edfcaa9c63c0ce9e6706:37
rm_workfuntimes06:37
TrevorV|HomeGuess I probably don't need to bring in my tower then06:38
rm_workyeah :)06:38
rm_workunless you reaaaally want to06:38
TrevorV|HomeI might do it anyway... I miss my linuxes06:38
rm_workhehe06:38
rm_workman, i am jealous of the BYOD plan thing06:38
bloganlinux mint works remarkably well on mac06:39
rm_workbet carlos is sad he just missed that06:39
bloganat least my mbp06:39
rm_workyeah <_< your model06:39
TrevorV|HomeI'm actually thinking about getting a specific computer from the ibuypower website that's super tiny but has a good VC so I can use multiple monitors06:39
rm_workptoohill and I are boned06:39
TrevorV|HomeI went through bestbuy on their pre-built models... none with 2 vid ports except one vga and one dvi or hdmi...06:39
TrevorV|HomeLame06:39
rm_worklol worst buy06:39
bloganor you could build your own06:39
TrevorV|HomeIts the tower, not the laptop06:39
TrevorV|Homeibuypower is "building my own" without the replacing of the parts06:40
TrevorV|HomeMeaning, I don't get any DOA stuffs06:40
TrevorV|Homerm_work, did you use my gist or get your own?06:40
TrevorV|Homenvmd06:40
TrevorV|Homehja ha06:40
TrevorV|Homeha ha***06:40
rm_workyeah, tracked down the commit06:41
rm_workthanks git blame06:41
rm_workit's like they knew what it was going to be used for when they named the command :P06:42
Santosh_NSA out of context query:  for client--->extension-->plugin----->dbplugin flow  , I was expecting there should be validation for db_data/say empty tenant-id etc at Plugin layer. Plz correct me . Can you plz point me where are we doing validation for resource data,For example create listener where we are verifying tenant_id is uuid06:43
bloganSantosh_NS: tenant_id is not validated, the other fields are, and they're defined in the extension module in the massive RESOURCE_ATTR_MAP dictionary06:48
TrevorV|Homesorry rm_work, I'm going to be using exec_command again.06:48
rm_workfor what? >_>06:48
TrevorV|HomeOtherwise I have to make recursive "mkdir" method calls.06:48
rm_workerr06:48
TrevorV|HomeWell not recursive, a loop06:48
TrevorV|HomeBut a series of requests06:48
TrevorV|HomeApparently if the parent directory doesn't already exist it will fail06:48
rm_workyeah06:48
rm_workthat is what os.makedirs is for06:49
rm_workit's a pain but it's still 100% better than exec06:49
blogancan't do it over ssh06:49
rm_workand paramiko's mkdir has no -p equiv?06:49
TrevorV|HomeIf it has it, its not on their documentation06:50
*** woodster_ has quit IRC06:50
blogandoing the exec_command will just pass in ids that have no user input, so its not bad bad06:50
rm_workit's super paranoia, but, things like that can be used as part of overflow attacks / etc06:51
rm_workbest to just avoid exec entirely06:51
rm_workhttp://stackoverflow.com/questions/14819681/upload-files-using-sftp-in-python-but-create-directories-if-path-doesnt-exist06:51
rm_workseveral options there06:51
TrevorV|HomeJust looked at that...06:52
rm_workmost of those mkdir_p commands look sane06:52
TrevorV|Homebest answer is recursive requests... sorry not on my list of things to do for this.06:52
rm_workthey straight up give you the code06:52
rm_workcopy/paste it06:52
TrevorV|HomeYes, I understand, but where I can make one request versus several, I'll pick one.  Thanks06:53
rm_workugh06:53
rm_worki already -1'd german several times for exec06:53
rm_workwhen i -1 you, it's not going to be personal >_>06:53
bloganwell i can't rightl +2 something another core -1's06:54
bloganrightly06:54
blogani mean i can if it neither budges06:54
TrevorV|HomeI don't think its problematic to be cautious, but we're talking about one extra exec.  It already execs.06:55
rm_workto be fair, that's true06:55
TrevorV|HomeIf it makes you feel better I can fore-go the SFTP command and just semicolon delineate a list of commands in one request.06:55
rm_workwe'll see when i actually get to look at the CR06:55
rm_workthat helps me very little T_T06:56
bloganTrevorV|Home: what does the -sf switch do when invoking the haproxy command?06:56
rm_workthough if you can exec without using a variable at all inside exec()06:56
rm_worklike if it's ALWAYS "service haproxy restart"06:56
TrevorV|HomeWell, that never happens, rm_work.06:56
TrevorV|Homeblogan, it has to do with program exit/execution06:57
bloganTrevorV|Home: yeah just read it06:58
TrevorV|HomeSorry, I couldn't remember off-hand, but its essentially the "draining" state change thing06:58
bloganfinally got update to fully complete07:00
TrevorV|Homerm_work, can you access http://www.ibuypower.com/?07:01
TrevorV|Homeno question mark sorry07:01
rm_workhttp://isup.me/http://www.ibuypower.com07:02
rm_workdown for me and probably everyone else too :P07:02
TrevorV|HomeI didn'07:02
TrevorV|HomeI didn't know you could do that... Why I didn't know that, I don't know, but I didn't.07:02
TrevorV|HomeMakes sense07:02
rm_workTrevorV|Home: so if you need to execute commands on the system, at least use subprocess.call()07:03
rm_workslightly less prone to security nightmares07:03
TrevorV|Homerm_work, are you fully aware of what I'm doing in the ssh_driver?07:04
rm_worknope07:04
rm_workbarely partially aware07:04
TrevorV|HomeOkay... Well, I'm not going to ssh to the amphora, and then start a python interpreter to use subprocess....07:04
rm_workerr, then how would you use exec07:05
TrevorV|Homeparamiko.SSHClient().exec_command('command goes here')07:05
*** kiran_ has joined #openstack-lbaas07:05
TrevorV|Home(except its just a client I initialize and use the method)07:05
rm_workah, that is a different exec07:05
TrevorV|HomeIt could still be insecure to some degree, but its what I'm doin07:06
rm_workalso: lol yeah, probably want to just && or ;07:06
rm_workso you don't have to make multiple calls -- but i assume it's a session anyway07:06
rm_workso probably not significant07:06
rm_workIE: do whatev07:06
*** kiran_ is now known as kiran-r07:07
TrevorV|Homeyeah, its a session07:08
TrevorV|HomeI think07:08
TrevorV|HomeMaybe not07:08
TrevorV|HomeIt only establishes the connection once07:08
TrevorV|HomeThen you interact07:08
TrevorV|HomeThen close the connection07:08
TrevorV|HomeWhatever, just check the review at some point and you'll get caught up07:09
*** TrevorV|Home has quit IRC07:09
*** fnaval has quit IRC07:24
*** chlong has quit IRC07:34
rm_workoh man, this rabbit hole just keeps going07:37
*** sbfox has quit IRC08:06
*** apuimedo has quit IRC08:06
*** kobis has quit IRC08:25
*** kobis has joined #openstack-lbaas08:26
*** chlong has joined #openstack-lbaas10:07
*** tobberydberg has joined #openstack-lbaas10:47
openstackgerritJakub Libosvar proposed openstack/neutron-lbaas: Add HaproxyNSDriver to lbaas entry points  https://review.openstack.org/17112711:07
*** bedis has quit IRC11:29
*** bedis has joined #openstack-lbaas11:29
*** amotoki has quit IRC11:38
*** enikanorov has quit IRC11:42
*** enikanorov has joined #openstack-lbaas11:43
*** kiran-r has quit IRC11:43
*** chlong has quit IRC11:49
*** chlong has joined #openstack-lbaas11:51
*** woodster_ has joined #openstack-lbaas12:10
*** kobis has left #openstack-lbaas12:12
openstackgerritSusanne Balle proposed stackforge/octavia: WIP: haproxy reference amphora API client  https://review.openstack.org/17099312:53
openstackgerritSusanne Balle proposed stackforge/octavia: WIP: HaProxy rest ref driver implementation  https://review.openstack.org/17117212:53
*** amotoki has joined #openstack-lbaas13:00
*** openstackgerrit has quit IRC13:07
*** openstackgerrit has joined #openstack-lbaas13:07
*** chlong has quit IRC13:51
openstackgerritThierry Carrez proposed openstack/neutron-lbaas: Open Liberty development  https://review.openstack.org/17120513:54
*** mlavalle has joined #openstack-lbaas13:59
*** jorgem has joined #openstack-lbaas14:09
*** jorgem1 has joined #openstack-lbaas14:16
*** jorgem1 has quit IRC14:16
*** jorgem1 has joined #openstack-lbaas14:17
*** jorgem has quit IRC14:18
*** Aish has joined #openstack-lbaas14:24
*** devlaps has quit IRC14:38
*** fnaval has joined #openstack-lbaas14:38
*** jorgem1 has quit IRC14:56
*** jorgem has joined #openstack-lbaas14:58
*** jorgem1 has joined #openstack-lbaas15:03
*** jorgem has quit IRC15:05
*** vivek-ebay has joined #openstack-lbaas15:11
*** vivek-ebay has quit IRC15:11
*** xgerman has joined #openstack-lbaas15:14
*** vivek-ebay has joined #openstack-lbaas15:16
*** jorgem1 has quit IRC15:18
*** jorgem has joined #openstack-lbaas15:25
*** ajmiller_ has quit IRC15:27
*** ajmiller has joined #openstack-lbaas15:33
*** amotoki has quit IRC15:34
*** madhu_ak has joined #openstack-lbaas15:34
*** devlaps has joined #openstack-lbaas15:40
*** kiran has joined #openstack-lbaas15:45
*** madhu_ak has quit IRC15:49
*** vivek-ebay has quit IRC16:06
*** SumitNaiksatam has quit IRC16:06
openstackgerritPhillip Toohill proposed stackforge/octavia: Adds rise threshold to configuration generation  https://review.openstack.org/17126816:14
*** jorgem has quit IRC16:14
*** madhu_ak has joined #openstack-lbaas16:16
*** Aish has quit IRC16:18
*** jorgem has joined #openstack-lbaas16:31
openstackgerritGerman Eichberger proposed stackforge/octavia: Make PEM file confirm with SSH Driver  https://review.openstack.org/17128316:34
*** devlaps has quit IRC16:39
*** jorgem has quit IRC16:42
openstackgerritGerman Eichberger proposed stackforge/octavia: Make PEM file confiorm with SSH Driver  https://review.openstack.org/17128316:49
openstackgerritGerman Eichberger proposed stackforge/octavia: Make PEM file conform with SSH Driver  https://review.openstack.org/17128316:50
*** vivek-ebay has joined #openstack-lbaas16:50
xgermannot my day today16:50
rm_workheh16:50
rm_workI was trying to comment on it before you got 3 up16:50
rm_workto slow16:50
rm_work*too slow16:50
xgermanno worries16:50
*** _kiran_ has joined #openstack-lbaas16:54
*** kiran has quit IRC16:57
*** Aish has joined #openstack-lbaas16:59
*** mlavalle has quit IRC17:01
*** _kiran_ has quit IRC17:01
*** kiran has joined #openstack-lbaas17:01
*** bharath has joined #openstack-lbaas17:04
dougwigmorning17:06
*** kiran has quit IRC17:07
*** smcgough1 has quit IRC17:10
openstackgerritGerman Eichberger proposed stackforge/octavia: Implements the haproxy amphora agent api server  https://review.openstack.org/16003417:11
*** smcgough has joined #openstack-lbaas17:12
Aishblogan:  hi17:14
*** sbfox has joined #openstack-lbaas17:23
*** ajmiller_ has joined #openstack-lbaas17:43
*** ajmiller has quit IRC17:47
xgermanhi17:48
*** Varun_Lodaya has joined #openstack-lbaas17:49
*** bharath has quit IRC17:57
*** jorgem has joined #openstack-lbaas17:58
*** bharath has joined #openstack-lbaas17:58
*** jorgem has quit IRC17:58
*** smcgough1 has joined #openstack-lbaas18:26
*** mlavalle has joined #openstack-lbaas18:27
*** smcgough has quit IRC18:28
*** bharath_ has joined #openstack-lbaas18:36
*** bharath has quit IRC18:37
openstackgerritTrevor Vardeman proposed stackforge/octavia: Amphora SSH Driver  https://review.openstack.org/16096418:40
*** ajmiller has joined #openstack-lbaas18:44
*** ajmiller_ has quit IRC18:44
*** raj___ has joined #openstack-lbaas18:55
*** enikanorov has quit IRC19:01
openstackgerritDoug Wiegley proposed openstack/neutron-lbaas: WIP - Test an alternate mechanism for enabling lbaasv2 in devstack-gate  https://review.openstack.org/17104919:11
*** bharath_ has quit IRC19:11
*** bharath has joined #openstack-lbaas19:12
*** openstackgerrit has quit IRC19:22
*** openstackgerrit has joined #openstack-lbaas19:23
openstackgerritTrevor Vardeman proposed stackforge/octavia: Amphora SSH Driver  https://review.openstack.org/16096419:23
*** madhu_ak has quit IRC19:35
*** sbfox has quit IRC19:36
*** madhu_ak has joined #openstack-lbaas19:43
openstackgerritmin wang proposed stackforge/octavia: Add health check  amphora-driver-interface  https://review.openstack.org/17059919:57
ptoohillall sni certs are combined? question regarding the change xgerman20:08
xgermanwill answer in 10 minutes20:08
rm_workxgerman: yeah, curious where that came from -- I mixed your thing up with a change ptoohill was explaining to me last week about certs/keys/intermediates all being concatenated into one file, but don't know where it's specified that SNI is done like this20:21
rm_workhaproxy docs somewhere?20:21
johnsomhttp://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.1-crt-list20:22
johnsomIs that what you are asking about?20:22
*** vivek-ebay has quit IRC20:26
rm_workjohnsom: https://review.openstack.org/17128320:29
rm_workit says it is to conform with the SSH driver, but the SSH driver apparently doesn't do anything like that20:29
johnsomDoesn't the LBaaS v2 TLS use a single file?20:30
ptoohillno20:30
ptoohillIt uses individual files for each cert/keypair20:30
ptoohillI followed what baptiste said was the proper way to handle sni in Haproxy20:31
*** kobis has joined #openstack-lbaas20:31
johnsomOk, I think he mis-read that code then.  I remember he was talking about this last week when we were in Seattle20:31
ptoohillyou have a default cert, and a directory with all the non-default certs20:31
xgermannow you have my attention... rrading...20:32
xgermanptoohill, so we are not putting them in one file?20:33
xgermanit looked to me like https://review.openstack.org/#/c/160964/17/octavia/amphorae/drivers/haproxy/ssh_driver.py was concatentaing all SNI certs20:34
ptoohillxgerman, no, each cert/keypair is one pem20:34
ptoohillthe ssh_driver is doing the same as v2 nlbaas20:35
ptoohillit build individual pems for each container20:35
xgermangotcha, so for SNI we are using the cert directory option?20:36
ptoohillcorrect20:36
ptoohillfor ex:20:36
ptoohillbind:1000 ssl crt /certs/default.pem crt /certs20:36
ptoohillhaproxy will look through the certs dir and match the CN to the sni request20:37
ptoohillnow i was looking into the sni filter thing which we havnt implemented in v220:38
xgermanyep, it looked to us like you cna get the same by just concatenating the whole file ;-)20:39
ptoohillyou can, but why?20:39
ptoohillor atleast it looks like you can, i havnt used this way20:39
xgermanwell, using one file makes things simpler... but the LBaaS V2 spec indicated that the order of the certificates plays some role20:40
ptoohillif we need to add/remove one cert how does regenerating a potential huge file simpler?20:41
ptoohillwe can just save the data from one container and not reload all cert data20:41
xgermanyep20:42
xgermanso in the ssh driver you don't use different cert directories per listener20:42
ptoohillnow if thats the only way to apply sni-filter then we should look into it. im trying to find good examples for it but coming up short20:42
xgermanyeah, probably somethign we need to ask bedis about20:42
xgerman"good examples"20:42
ptoohillwhats wrong with a few additional directories in order to not reload 10+ tls containers20:42
xgermannothing wrong20:43
xgermanand I don't really have a strong opinion one way or the other -- I just misread your driver (actually johnsom misread it as well)20:43
johnsomGuilt20:43
johnsomguilty20:44
xgermanyeah, we should ask for more comments ;-)20:44
johnsomPersonally, I would lean towards the files20:44
xgermansingle file?20:45
johnsomSeparate files20:46
xgermanok, let's call that directory20:46
xgermanthen there was the "mapping file"20:47
ptoohillmapping file?20:52
ptoohillRight now it seems everything is blown away and regenerated anyhow. So i dont really have an opinion on one way or the other unless we plan on ever needing to trouble shoot a particular cert.. for whatever reason20:53
ptoohillthen i would say individual files are better. But i still need to figure out what this sni-filter is and if we need it20:53
rm_worki'm interested in how SNI cert ordering happens if it's individual files vs one large file20:54
ptoohillthink its that sni-filter thing20:55
xgermanrm_work:20:55
ptoohillI only set it up the way it is now because that was the suggested 'proper' way. But if we need to we can totally redo it20:55
xgerman* directory: will be loaded in alphabetcial order20:55
xgerman* one file - probably anyones guess20:56
xgerman* "mapping file": controls the order20:56
rm_workok20:56
ptoohilloh, thought you meant mapping file in driver code20:56
xgermanthat is my understanding, which might be wrong20:56
rm_workso either we make a mapping file, or we name things similar to like, rc.d20:56
rm_workC001-host1.mysite.com.pem20:57
rm_workC002-wildcard.mysite.com.pem20:57
rm_work?20:57
xgermando the crt-list Michael posted might be safest21:00
xgermanon the other hand the order is sort of unusual and only applies to edgecases21:01
xgermansince in most cases the computer is smart enough to go from the most specific to the least specific21:02
*** kobis has quit IRC21:03
*** raj___ has quit IRC21:07
xgermanso, it looks like the people who run haproxy.com like certificate directories21:11
ptoohilli.e /something/certs/21:13
ptoohill?21:13
xgermanyep21:14
*** tobberydberg has quit IRC21:17
xgermanok, I better revert then...21:21
*** chlong has joined #openstack-lbaas21:25
*** vivek-ebay has joined #openstack-lbaas21:27
*** vivek-eb_ has joined #openstack-lbaas21:30
*** vivek-ebay has quit IRC21:31
openstackgerritDoug Wiegley proposed openstack/neutron-lbaas: Rename imports based on neutron tests reorganization.  https://review.openstack.org/17098321:35
openstackgerritmin wang proposed stackforge/octavia: Add health check  amphora-driver-interface  https://review.openstack.org/17059921:36
*** openstackgerrit has quit IRC21:37
*** openstackgerrit has joined #openstack-lbaas21:37
openstackgerritBrandon Logan proposed stackforge/octavia: Added neutron allowed address pairs network driver  https://review.openstack.org/16744121:40
openstackgerritGerman Eichberger proposed stackforge/octavia: Implements the haproxy amphora agent api server  https://review.openstack.org/16003421:46
johnsomI have put a line item on tomorrow's agenda to review the API/Controller database design.  I am about to take another pass through the controller worker code to update for the database work.21:47
johnsomIt would be great if whoever is working on the consumer worker/api code could be at the meeting.  I'm not sure if Jorge is still working on it or if someone else is going to finish it up.21:48
ptoohilljorgem should be in meeting tomorrow if thats still his21:52
*** sbfox has joined #openstack-lbaas21:54
openstackgerritOpenStack Proposal Bot proposed openstack/neutron-lbaas: Updated from global requirements  https://review.openstack.org/17139821:54
johnsomCool, thanks!21:54
openstackgerritOpenStack Proposal Bot proposed stackforge/octavia: Updated from global requirements  https://review.openstack.org/17140522:00
*** mestery has quit IRC22:11
*** mestery has joined #openstack-lbaas22:12
*** xgerman has quit IRC22:13
*** xgerman has joined #openstack-lbaas22:15
openstackgerritMerged stackforge/octavia: Updated from global requirements  https://review.openstack.org/17140522:45
openstackgerritAl Miller proposed stackforge/octavia: Add devstack plugin for octavia  https://review.openstack.org/16779622:53
*** mlavalle has quit IRC22:55
*** Aish has left #openstack-lbaas23:06
*** TrevorV|Home has joined #openstack-lbaas23:12
*** sbfox has quit IRC23:13
*** TrevorV|Home has quit IRC23:17
*** mwang2 has joined #openstack-lbaas23:25
*** bharath has quit IRC23:51
openstackgerritMichael Johnson proposed stackforge/octavia: Adding post_network_plug to the noop amphora driver  https://review.openstack.org/17143423:51
« Monday, 2015-04-06 Index Wednesday, 2015-04-08 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!