Monday, 2015-08-24

« Sunday, 2015-08-23 Index Tuesday, 2015-08-25 »
*** bana_k has quit IRC00:03
*** bharath has left #openstack-lbaas00:04
*** ganeshna has joined #openstack-lbaas00:19
*** bharathm has joined #openstack-lbaas00:19
*** ganeshna has quit IRC00:23
*** bharathm has quit IRC00:44
*** amotoki has joined #openstack-lbaas00:47
*** amotoki has quit IRC00:50
*** amotoki has joined #openstack-lbaas00:56
*** vjay11 has joined #openstack-lbaas01:43
*** bharathm has joined #openstack-lbaas01:44
*** bharathm has quit IRC01:49
*** KunalGan_ has joined #openstack-lbaas01:54
*** vjay11 has quit IRC01:56
*** KunalGandhi has quit IRC01:57
*** ganeshna has joined #openstack-lbaas02:20
*** ganeshna has quit IRC02:25
*** bharathm has joined #openstack-lbaas02:47
*** bharathm has quit IRC02:52
*** ganeshna has joined #openstack-lbaas02:58
*** ganeshna has quit IRC03:05
*** Aish has joined #openstack-lbaas03:06
*** KunalGan_ has quit IRC03:17
*** Aish has left #openstack-lbaas03:22
*** vivek-ebay has joined #openstack-lbaas03:29
*** openstackgerrit has quit IRC03:31
*** openstackgerrit has joined #openstack-lbaas03:32
*** diogogmt has quit IRC04:03
*** vivek-ebay has quit IRC04:09
*** vivek-ebay has joined #openstack-lbaas04:17
*** bharathm has joined #openstack-lbaas04:36
*** ajmiller has quit IRC04:38
*** bharathm has quit IRC04:40
*** Aish has joined #openstack-lbaas04:42
*** Aish has left #openstack-lbaas05:09
*** kiran-r has joined #openstack-lbaas05:10
*** numan has joined #openstack-lbaas05:21
*** Alex_Stef has joined #openstack-lbaas05:23
*** vivek-ebay has quit IRC05:24
*** numan has quit IRC05:26
*** ganeshna has joined #openstack-lbaas05:32
*** numan has joined #openstack-lbaas05:38
*** bharathm has joined #openstack-lbaas05:50
*** reedip has joined #openstack-lbaas06:24
*** _kiran_ has joined #openstack-lbaas06:25
*** kiran-r has quit IRC06:27
*** vjay11 has joined #openstack-lbaas06:49
*** nmagnezi has joined #openstack-lbaas06:56
*** bharathm has quit IRC06:57
*** bana_k has joined #openstack-lbaas07:03
*** evgenyf has joined #openstack-lbaas07:05
*** haigang has joined #openstack-lbaas07:05
*** haigang has quit IRC07:06
*** I has joined #openstack-lbaas07:06
*** I is now known as Guest6305707:07
*** Guest63057 has quit IRC07:07
*** haigang has joined #openstack-lbaas07:07
*** haigang has quit IRC07:09
*** haigang has joined #openstack-lbaas07:10
*** _kiran_ has quit IRC07:17
*** vjay11 has quit IRC07:21
*** apuimedo has joined #openstack-lbaas07:21
*** bana_k has quit IRC07:25
*** ganeshna has quit IRC07:33
*** jschwarz has joined #openstack-lbaas07:35
*** numan has quit IRC07:52
*** nmagnezi has quit IRC07:56
*** haigang has quit IRC08:06
*** ganeshna has joined #openstack-lbaas08:09
*** nmagnezi has joined #openstack-lbaas08:11
openstackgerritAdam Harwell proposed openstack/octavia: Refactor BarbicanAuth to allow for configurable auth method  https://review.openstack.org/21614008:15
*** numan has joined #openstack-lbaas08:20
*** numan has quit IRC09:27
*** numan has joined #openstack-lbaas09:49
*** ctracey has quit IRC10:55
*** ctracey has joined #openstack-lbaas10:58
*** xgerman has quit IRC10:58
*** xgerman has joined #openstack-lbaas11:00
*** evgenyf has quit IRC11:01
*** amotoki has quit IRC11:02
*** ganeshna has quit IRC11:12
*** evgenyf has joined #openstack-lbaas11:31
*** nmagnezi has quit IRC11:37
*** diogogmt has joined #openstack-lbaas11:41
*** numan has quit IRC12:02
*** diogogmt has quit IRC12:05
*** numan has joined #openstack-lbaas12:13
*** nmagnezi has joined #openstack-lbaas12:25
*** numan has quit IRC12:26
*** nmagnezi has quit IRC12:33
*** nmagnezi has joined #openstack-lbaas12:41
*** numan has joined #openstack-lbaas12:41
*** clev-away is now known as clev13:13
*** clev is now known as clev-away13:13
*** clev-away has quit IRC13:22
openstackgerritEvgeny Fedoruk proposed openstack/neutron-lbaas: L7 capability extension implementation for lbaas v2  https://review.openstack.org/14823213:26
*** clev has joined #openstack-lbaas13:37
*** amotoki has joined #openstack-lbaas14:00
*** Alex_Stef has quit IRC14:29
*** ajmiller has joined #openstack-lbaas14:33
*** alejandrito has joined #openstack-lbaas14:37
*** vivek-ebay has joined #openstack-lbaas14:48
*** diogogmt has joined #openstack-lbaas14:49
*** numan has quit IRC14:59
*** mlavalle has joined #openstack-lbaas15:00
*** numan has joined #openstack-lbaas15:02
*** vivek-ebay has quit IRC15:04
*** Aish has joined #openstack-lbaas15:10
*** amotoki has quit IRC15:16
*** ganeshna has joined #openstack-lbaas15:19
*** TrevorV has joined #openstack-lbaas15:30
*** vivek-ebay has joined #openstack-lbaas15:36
*** vivek-eb_ has joined #openstack-lbaas15:38
*** vivek-ebay has quit IRC15:40
*** numan has quit IRC15:47
*** evgenyf has quit IRC15:47
ptoohillCan we get some eyes on this. Would like/need to get the rest of tls stuff merged across projects as sson as possible. Please give reviews if you can. Thank you15:50
ptoohillhttps://review.openstack.org/#/c/188703/15:50
*** Aish has quit IRC15:51
TrevorVI'll hook you up with a super pedantic pair of eyes later ptoohill  :P15:52
ptoohillsounds good15:53
ajmillerptoohill I will look at it today15:53
ptoohillThank you15:53
*** alejandrito has quit IRC15:53
*** jorgem has joined #openstack-lbaas16:08
*** Aish has joined #openstack-lbaas16:09
*** jschwarz has quit IRC16:10
*** vivek-ebay has joined #openstack-lbaas16:10
*** vivek-eb_ has quit IRC16:13
*** ganeshna has quit IRC16:17
*** Aish has quit IRC16:20
ptoohillmadhu_k ping?16:21
*** jorgem has quit IRC16:21
johnsomptoohill he isn't in the office yet16:21
ptoohillThank you. Wanted to ask where the gate file was. I was going to look into getting barbican installed for gate checks and couldnt find it off hand16:22
ptoohillHe told me once, but not in scroll back anymore. Ill find it.16:24
johnsomptoohill This one: https://github.com/openstack/neutron-lbaas/blob/master/neutron_lbaas/tests/contrib/gate_hook.sh16:26
ptoohillah, looks like it, Thank you!16:27
ptoohillNot sure why barbican need so much extra set up then every other service though :/16:27
*** vivek-ebay has quit IRC16:32
*** ganeshna has joined #openstack-lbaas16:33
*** clev is now known as clev-away16:34
*** sbalukoff has quit IRC16:39
*** bana_k has joined #openstack-lbaas16:44
*** vivek-ebay has joined #openstack-lbaas16:51
*** Alex_Stef has joined #openstack-lbaas16:52
*** Aish has joined #openstack-lbaas16:56
*** minwang2 has joined #openstack-lbaas16:58
johnsommestery Advice on escalating this infra update? https://review.openstack.org/#/c/211319/17:02
* mestery looks17:02
mesteryjohnsom: Lets let dougwig handle that, no infra escalations without his support17:03
johnsomOk.  Sounds good.17:03
*** abdelwas has joined #openstack-lbaas17:04
*** Aish has quit IRC17:12
*** nmagnezi has quit IRC17:13
abdelwasHello blogan TrevorV17:18
TrevorVabdelwas, hello!17:19
abdelwasI was updating my local master branch and it looks broken17:19
*** madhu_ak has joined #openstack-lbaas17:20
abdelwasThis patch removed getter functions from allow_address_pair, that are still in use by other part of the code:  https://review.openstack.org/#/c/209210/17:20
abdelwas(get_subnet, and get_network) function17:21
xgermanyes, I thought bogan wanted to fix...17:21
xgermanblogan17:21
abdelwasYeah, johnsom pointed that https://review.openstack.org/#/c/202336/ is fixing this17:22
bana_kI was also having issues with LB going in error state17:22
johnsomActually doesn't look like it17:23
abdelwasOk17:23
bana_kI am looking into it. rest driver was not able to configure it after ssh connection test.17:23
bana_kssh connection was successful17:23
abdelwasThis is probably in LB creation,17:24
abdelwasbana_k but other procedures that require computing network Deltas will fail17:24
abdelwas(even with SSH)17:25
bana_khmm  I see thats why may be LB is going into error state. the error msges were not that clear17:25
TrevorVMy failover review shouldn't be fixing broken master...17:32
TrevorVHow did tests not catch stuff like that?17:32
TrevorVSorry I'm late, was grabbing lunch stuff.17:33
TrevorVabdelwas, do you have a dependent review that is now affected or is just master failing to create load balancers?17:33
abdelwasYes17:33
TrevorVwhich yes?  Dependent review?17:33
abdelwasMy active/standby (https://review.openstack.org/#/c/206252/) depends on that17:34
TrevorVAh gotcha.  Well from what blogan was showing me the other day, there are a number of existing getter methods that should still be available, just in the class inherited by allowed_address_pairs17:35
TrevorVDid that patch not merge/17:35
TrevorVmerge?17:35
TrevorV***17:35
TrevorVI had been confused about that as well.17:35
TrevorVIt is entirely possible the method you used to use isn't a thing anymore, but something equivalent should be available.17:36
*** Alex_Stef has quit IRC17:36
abdelwastest_get_network, test_get_subnet, and test_get_port were removed from the tests17:36
abdelwasthe method is get_subnet17:37
abdelwasits definition were removed from the master tree17:37
TrevorVI'm looking into it real quick17:37
abdelwasbut it is still in use in allow_address_pair17:37
TrevorVMy devstack VM is a little slow, so give me a minute :D17:37
abdelwasThis is just master, not anything related to my review17:38
abdelwasOK17:38
TrevorVI understand :)17:38
johnsompep8 should have caught it, but I think since it's a self. it missed it17:38
abdelwasI have a reasoning for that17:40
TrevorVabdelwas, as I had said, if you are looking at allowed_address_pairs.py17:40
abdelwasget_subnet implementation was removed from allow_address_pair but not from the base class17:40
TrevorVThe class definition has "neutron_bas.BaseNeutronDriver" as an inherited class.17:40
abdelwasSo network deltas tests, think that the method is just there17:40
abdelwasbut it is actually not17:41
TrevorVWhen you use AllowedAddressPairs it should be available through inheritance.17:41
johnsomYeah, it is inherited in.  abdelwas what is the error you are seeing?17:42
abdelwasThe tox error I got after rebasing my patch17:42
TrevorVDid you have merge conflicts?17:42
abdelwasI used to have17:43
TrevorVIts possible you merged improperly.  I had that issue the other day and broke johnsom :(17:43
*** bharathm has joined #openstack-lbaas17:43
TrevorVblogan helped me out.17:43
TrevorVI don't think blogan will be online today (he's got a lot of time to take off from Rax) but I can text him to see if he can help shed some light17:44
abdelwasthe get_subnet method can not be left without implementation, as network_tasks.py uses it to CalculateDelta (around line 87)17:44
abdelwasAm I missing something  ?17:44
TrevorVIts not unimplemented.17:44
TrevorVIts implemented in the inherited class.17:44
*** ganeshna has quit IRC17:44
johnsomTrevorV before you bother blogan let us have a look internally17:45
TrevorVAlright, sure thing johnsom17:45
TrevorVJust let me know if you want me to get him17:45
*** clev-away is now known as clev17:46
rm_workI think blogan said he was in office today?17:52
rm_workTrevorV: ^^ is that incorrect?17:52
TrevorVrm_work, he is17:52
TrevorVI texted him, he'll be back after lunch17:52
rm_workah17:52
TrevorVI wasn't sure because I wasn't aware of the time :D17:52
rm_workheading in myself shortly17:56
*** rm_work is now known as rm_work|away18:00
*** sbalukoff has joined #openstack-lbaas18:00
bloganI'm here now18:02
bloganabdelwas, johnsom, TrevorV: yeah the get_subnet, get_port, get_network are now in a Neutron base class18:02
bloganwhich allowed address pairs inherits from18:02
bloganand the tests for those got moved into an equivalent test module18:02
abdelwasYeah, got that part18:02
bloganabdelwas: the errors you are seeing are in your review?18:03
abdelwasIt seems TrevorV was right about merge problem in my review18:03
abdelwasYes it is18:03
blogandid you push up your mege fixes?18:03
bloganmerge18:03
abdelwasI am working on the merge fixes18:03
bloganabdelwas: i can take a look if you would like18:03
abdelwasDon't bother it seems that I get an outdated version of base.py for some reason (it only had abstract methods)18:04
abdelwasI will fix this and test again and let you know if I am still stuck with it18:04
abdelwasThank you very much blogan TrevorV. Appreciate it18:05
TrevorVNot a problem, like I said I did the same thing last week ha ha18:05
bloganabdelwas: there are actually 2 base.py's, one under the network package which is the abstract class for all network drivers, the other is the base.py under the network/neutron package, which is the partially implemented neutron base network driver18:06
bloganabdelwas: might have just had the wrong import statement18:06
abdelwasYeah18:09
abdelwasThat second file was not there in my local branch for a mysterious reason. I should have rebase daily for the last month :)18:10
abdelwasblogan thanks18:11
bana_kso this the log of o-cw18:11
bana_khttps://gist.github.com/banveerad/d904ea7c4337e113c1c818:11
bana_kit doesn't show any error but LB goes into error state18:11
bana_kn if I try to delete that I am not able to delete it18:12
*** jorgem has joined #openstack-lbaas18:13
bloganbana_k: if you do a nova list under the account that is supposed to provision these, does it show the instance in ERROR?18:18
bloganbana_k: wait that git is saying the flow was successful18:19
bloganbana_k: and the LB got updated to ACTIVE18:19
bloganbana_k: look at the q-svc logs, i'm willing to bet it took too long to go active, so the octavia driver tossed it into ERROR bc ittook what looks like 6 minutes to go active18:20
bloganbana_k: over 6 mins18:20
bloganbana_k: and i believe the default timeout is 100 seconds in the octavia driver, some arbitrary number i pulled out of my ass, we might want to increase that default timeout to higher if this is a typical case18:21
openstackgerritSherif Abdelwahab proposed openstack/octavia: Amphora Flows and Service Drivers for Active Standby  https://review.openstack.org/20625218:22
*** jorgem has quit IRC18:33
bana_knova instance is fine. I am able ssh to it.18:36
*** johnsom has quit IRC18:36
*** johnsom_ has joined #openstack-lbaas18:36
bana_kblogan: I saw the q-svc it doesnt have any error msgs.18:37
openstackgerritPhillip Toohill proposed openstack/neutron-lbaas: Adding barbican to gate hook  https://review.openstack.org/21637418:38
bloganbana_k: it wouldn't be an error message, it'd be a debug message, though it probably should be an error message now that hindsight has kicked in18:45
bloganbana_k: grep for this string "Timeout has expired for load balancer"18:46
bloganyou might find it18:46
bana_kblogan : Oh ok. q-svc has so many log msgs I might have missed it .18:46
bloganbana_k: yeah there's a lot of noise for sure18:47
bana_kblogan : yes ll do18:47
*** bharathm has quit IRC18:48
bana_kblogan: Yes i see that in the q-svc18:48
*** rm_work|away is now known as rm_work18:48
*** bharathm has joined #openstack-lbaas18:48
bloganbana_k: then yeah thats the problem, there si a config option you can set to increase the timeout to whatever you want18:49
bana_kI looked for it request_poll_interval/cfg.CONF.octavia.request_poll_timeout18:49
bloganbana_k: yeah you can add an [octavia] section in your neutron_lbaas.conf and put that option in18:50
bana_kblogan: ok ll do that18:50
bloganreally it can go into any config you want, as long as its passed in when you start neutron-server (neutron_lbaas.conf gets automatically loaded though bc of magic)18:50
bana_kblogan : I think i ll put it in neutron.conf as of now18:51
bana_kblogan : thanks18:51
bloganbana_k: okay, wherever your heart desires18:51
bana_kbut delete is not working when it goes into error state , I think  I should look into that first18:52
bana_kbefore fixing this one.18:52
bloganbana_k: i just put it in neutron_lbaas.conf bc it is a neutron_lbaas option and its automatically loaded18:52
bloganbana_k: yeah i figured that would work18:52
bana_koh ok .18:52
bana_kwill do that18:52
bloganbana_k: if you could troubleshoot why that's not working when LB is in error state that'd be great, then again i could probably just reproduce it too18:53
bana_ksure ll do that18:53
*** minwang2 has quit IRC18:54
*** numan has joined #openstack-lbaas18:55
*** numan has quit IRC18:56
*** numan has joined #openstack-lbaas18:57
rm_workptoohill: https://review.openstack.org/#/c/167885/19:06
ptoohillWould be quite nice to get that in. Thank you for pointing this out19:06
*** numan is now known as numans19:10
*** fnaval has joined #openstack-lbaas19:12
openstackgerritPhillip Toohill proposed openstack/neutron-lbaas: Adding barbican to gate hook  https://review.openstack.org/21637419:13
bloganbana_k: tested it out and it did delete the lb when it was an ERROR state, but i just updated the db to ERROR, didnt make the code do ti19:15
bana_kgood news is that delete LB is working fine with latest stack19:15
bana_kyes I was about to say that19:15
bana_kn its now deleting the VM also19:16
bloganbana_k: good news19:21
rm_workptoohill: https://review.openstack.org/#/c/216140/19:29
bloganquestion for anyone paying attention19:40
bloganneturon-lbaas currently has default_tls_container_id for tls certificates19:41
bloganwhen using barbican, the user would supply the uri to their container, which makes the _id field a bit inappropriate19:42
*** minwang2 has joined #openstack-lbaas19:42
bloganso i want to change that to ref before v2 gets out of experimental mode19:42
bloganso default_tls_container_ref instead19:43
blogani'd also argue dropping the default_ as well, which then leads to dropping the default_ off pool_id, but that could be biting off more than we can chew19:43
blogananyone of thoughts?19:43
bloganjohnsom_, xgerman, dougwig, ajmiller, ptoohill, rm_work, rm_you: ^^19:44
ptoohilldefault pool makes sense, when we have more pools. default tls just doesnt as we will have the one certificate and then sni. If we plan on doing something different we can change it then19:45
ptoohillbut pools already has plans19:45
*** numans has quit IRC19:46
ajmillerAre there any other precidents for "id" not being a uuid-derived thing?  It seems like that is a pretty well established convention, breaking it seems like a bad idea, so if we change it, sooner is better.19:49
sbalukoffI like keeping it named 'default_pool' since that will be less confusing when people are using L7 switching.19:53
sbalukoffAlso: +1 to ajmiller19:53
sbalukoffAnd I would agree that it probably makes sense to change it to a default_tls_container_ref instead of _id.19:54
xgermanURL is goodness19:55
xgermanref is fine with me19:55
bloganokay yeah default_pool_id can stay, i'm convinced on that19:59
blogandefault_ on the tls_container thing though?19:59
bloganand ajmiller to answer your qeustion, i do not know of any others20:00
bloganalso, rm_work/rm_you brought up a point that "container" is a barbican term, and since its not supposed to be only barbican, it would make sense to change that to "bundle"20:05
bloganany thoughts on that?20:05
xgermannah, just keep container20:06
ptoohillI still think container is a fairly generic term and not sure why everyone is against generic terms, but do like the way bundle sounds20:06
xgermanI think as long as we don’t call it amphora we will be fine20:06
bloganalright, going to call it server20:07
blogantls_server_ref20:07
ptoohillcontenedor20:07
xgermanyeah, I like container as well - it’s being used a lot those days20:08
bloganxgerman: lol for different reasons :) (docker)20:08
bloganxgerman: but really cahnging id to ref is the main issue i have20:09
bloganso keepign container i'd be fine with20:09
xgermanwell, people will start looking for the docker instance20:09
rm_workheh20:09
bloganbut since i was making one change, figured i'd see if anyone was open to other ones in the same patch20:09
rm_worki suggested bundle, so i might be biased, but i think it makes a lot of sense20:09
rm_workbut wouldn't object to keeping it as container20:10
rm_workas long as id->reg20:10
rm_work* id->ref20:10
johnsom_Thing Which Holds the Bits TWHB20:11
xgermanarca20:12
xgermanlatin fox box?20:12
johnsom_There you go20:13
xgermanyeah, in the amphora spirit...20:13
ptoohilltls_arca_ref20:16
blogani woudl have voted for arca20:16
johnsom_Rolls off the tongue20:16
bloganwell over amphora20:16
bloganstill new people coming in wouldn't know what the hell it is20:17
rm_workoooo20:22
*** vivek-ebay has quit IRC20:25
*** TrevorV has quit IRC20:32
*** jerrygb has joined #openstack-lbaas20:33
*** jerrygb is now known as test0rz20:34
*** test0rz is now known as asd112z20:34
*** woodster_ has joined #openstack-lbaas20:37
sbalukoffAs long as we're obfuscating it from newbs, I'm happy.20:40
sbalukoff;)20:40
johnsom_And those that leave the project for a while....20:40
sbalukoffSo I'm still in favor of keeping the 'default_' in front of the tls container ref thingy. This is because if someone is using SNI and the cert they ask for isn't found, the web service must default to using something.20:41
sbalukoffjohnsom: Aaw! You did miss me!20:41
sbalukoffLike a hole in the head, right?20:41
*** johnsom_ is now known as johnsom20:44
*** vivek-ebay has joined #openstack-lbaas20:48
openstackgerritmin wang proposed openstack/octavia: Add cert tracking and rotating in Housekeeping  https://review.openstack.org/21535920:50
openstackgerritPhillip Toohill proposed openstack/neutron-lbaas: Adding barbican to gate hook  https://review.openstack.org/21637420:50
rm_workptoohill: so if i get this fixed will it simplify your gate stuff?20:50
ptoohilla tad20:51
ptoohillrm_work:20:51
rm_workit's pretty trivial on the barbican side, really the complication is going to be on the infra side20:51
ptoohill3 lines or so20:51
rm_workheh20:51
rm_workwoo20:51
ptoohill:P20:51
blogansbalukoff: but i guess is that not implied by sni being on the listener as well?20:53
sbalukoffEh... it's about the same thing with 'default_pool' in the presence / absence of L7 policies referencing other pools.20:54
sbalukoffThe 'default' I guess is a reminder that it might not actually be the one used if overridden by SNI / L7 policy.20:55
blogansbalukoff: meaning sni and tls_container are on the listener, if sni is being used the default will be tls_container_ref, but tls_container_ref is also being used to terminate, which seems odd to have default_ in front20:55
blogansbalukoff: kind of the same, but sni is just used to route traffic, not to terminate (i could have this wrong too), which means the default_tls_container_ref will ahve dual roles, but terminating traffic is probably the more common role20:56
bloganand it being on the same object as sni gives it implied defaultness if people already know what sni is20:57
* blogan really deosn't like a long variable20:57
sbalukoffNo, SNI refers to the technology of being able to choose which cert is used to terminate a connection. So yes, in that sense SNI does terminate the traffic.20:57
sbalukoffOh I agree that the variable name is probably too long.20:57
sbalukoffLet's just call it george.20:57
sbalukoffIt doesn't make a huge difference either way.20:58
bloganok misunderstanding of sni on my part (i'm dumb)20:59
bloganwelp then20:59
sbalukoffEr... did you mean to say that L7 is used just to route traffic (not terminate it)? Because that is correct.20:59
bloganno i meant sni, and i was wrong20:59
sbalukoffAah, ok.20:59
sbalukoffOk, meeting time for me... BBIAB.20:59
*** vivek-ebay has quit IRC21:02
bloganokay gonna keep default_ since we'll be keeping default_ on pool21:02
bloganmajor thing is id to ref anyway21:02
xgermanok, are we good with that ;-)21:28
bharathmIn the command "neutron lbaas-member-create --subnet sub --address 10.0.0.5 --protocol- port 80 pool",, I believe the "sub" is the subnet that the member belongs to. Is there any reason for explicitly providing it rather than automatically picking it up from neutron db ?21:34
bharathmOr the subnet here just serves the purpose of routing to reach the backend ?21:38
*** madhu_ak_ has joined #openstack-lbaas21:46
*** madhu_ak has quit IRC21:50
*** madhu_ak_ is now known as madhu_ak22:01
*** vivek-ebay has joined #openstack-lbaas22:02
*** vivek-ebay has quit IRC22:07
bloganbharathm: how would one pick up the subnet from the neutron db?22:10
bharathmblogan: Sorry.. I meant if the subnet could be somehow retrieved from the neutron port information because the IP is assigned during the port creation from a specific subnet id22:11
bloganbharathm: assuming the ip is from a neutron server22:13
blogani mean nova server, or some kind of device taht creates a neutron port22:13
bloganbut im sure some smart logic could be put in to determine whether it is or isnt22:13
*** apuimedo_ has joined #openstack-lbaas22:13
bloganbut woudl still could run into an issue where the IP is meant to be on the public internet but there's a subnet with a port on it with the same IP22:14
bloganbut like i said some smart logic could be used to handle that.  still think there would be some assumptions made though22:14
bharathmUnderstood.. I have been working my way around to figure if this subnet is somehow/somewhere used by the haproxy on the data plane..22:16
bloganbharathm: well in the namespace driver it is not, but in Octavia it is22:17
bloganbharathm: at least I dont remember that it is because its a requirement to have all the subnets connected via an L3 router22:18
bloganwell the vip subnet connected to the member subnets via L3 router22:18
bloganrelic of the v1 namespace drvier that I carried over for lack of motivation to make it better :)22:19
bharathmHe he.. Gotcha... I need to dive into the network implementation in Octavia.. Mainly the plug_network part..22:20
bharathmThat's my initial understanding too. As long as there's a route between vip subnet and member subnet, LB should work and I didn't see any particular requirement of passing the subnet information for the members while adding them to pool..22:22
bloganbharathm: yeah that will connect the amphora (the thing running haproxy) to the subnet for each member22:22
bharathmGot it now.. Thanks blogan22:22
bloganbharathm: np, its really up to the backend to use it or not22:23
bloganerr driver/backend22:23
bharathm:-) makes sense22:24
bloganhowever that does bring up an interesting point, if one driver requires all the subnets to be connected to the router and others do not, thats kind of leaking details about the driver and making the workflow inconsistent for different drivers22:24
*** asd112z has quit IRC22:25
ptoohillSo, I cant seem to clone within the hook according to errors(maybe someone has other information). Adam is working, or was, on a patch that will solve this.22:28
ptoohillso, no tls ever22:29
ptoohillever, ever22:30
*** sbalukoff has quit IRC22:34
bana_kblogan: adjusting those values worked fine. But q-svc is not able to read those values from neutron_lbaas.conf so had put them in neutron.conf22:36
bloganbana_k: hmm, perhaps that has changed22:40
bloganbana_k: the magic loading22:40
bloganwell no, bc the service providers wouldn't be loading22:40
bana_koh ok.22:42
bana_kcreate n delete listener taking a lot of time on my virtualbox based VM devstack setup22:47
bana_khas anyone had the same experience ?22:47
bloganbana_k: that shouldn't take too long, its really just doing an update of the haproxy config, well it might also be updating neutron security groups as well22:47
bloganbana_k: can you look at the o-cw logs and see if that gives any clues?22:48
bana_kk ll do that.22:49
*** apuimedo_ has quit IRC22:51
bana_kstarted create listener  at 17:49:14.780 and LB went from active to update_pending status and went back to active state at 17:51:45.086.22:54
*** mlavalle has quit IRC22:55
bana_kblogan: in o-cw everything happens fast. But octavia driver 2015-08-24 17:51:45.086 DEBUG neutron_lbaas.drivers.octavia.driver [-] Octavia reports load balancer 775dbdd5-e220-46ca-b138-e46fdb3019b3 has provisioning status of ACTIVE from (pid=15454) thread_op /opt/stack/neutron-lbaas/neutron_lbaas/drivers/octavia/driver.py:6122:55
bloganbana_k: so it finsihed22:56
bana_koh I think its because of the updated poll interval and timeout22:56
bana_kvalues22:56
bloganbut took 2 minutes22:56
bloganbana_k: yeah dont update the interval22:56
bana_koh ok. got it22:56
bloganbana_k: great22:57
*** diogogmt has quit IRC23:03
*** Aish has joined #openstack-lbaas23:05
bana_kblogan: Is this is what abdelwas was discussing in the morning ? lwas> This is probably in LB creation,23:14
bana_k<abdelwas> bana_k but other procedures that require computing network Deltas will fail23:14
bana_k<abdelwas> (even with SSH)23:14
bana_k<bana_k> hmm  I see thats why may be LB is going into error state. the error msges were not that clear23:14
bana_k<TrevorV> My failover review shouldn't be fixing broken master...23:14
bana_k<TrevorV> How did tests not catch stuff like that?23:14
bana_k<TrevorV> Sorry I'm late, was grabbing lunch stuff.23:14
bana_k<TrevorV> abdelwas, do you have a dependent review that is now affected or is just master failing to create load balancers?23:14
bana_k<abdelwas> Yes23:14
bana_k<TrevorV> which yes?  Dependent review?23:14
bana_k<abdelwas> My active/standby (https://review.openstack.org/#/c/206252/) depends on that23:15
bana_k<TrevorV> Ah gotcha.  Well from what blogan was showing me the other day, there are a number of existing getter methods that should still be available, just in the class inherited by allowed_address_pairs23:15
bana_k<TrevorV> Did that patch not merge/23:15
bana_k<TrevorV> merge?23:15
bana_k<TrevorV> ***23:15
bana_k<TrevorV> I had been confused about that as well.23:15
bana_k<TrevorV> It is entirely possible the method you used to use isn't a thing anymore, but something equivalent should be available.23:15
bana_k* Alex_Stef has quit (Ping timeout: 244 seconds)23:15
bana_k<abdelwas> test_get_network, test_get_subnet, and test_get_port were removed from the tests23:15
bana_k<abdelwas> the method is get_subnet23:15
bana_k<abdelwas> its definition were removed from the master tree23:15
bana_k<TrevorV> I'm looking into it real quick23:15
bana_k<abdelwas> but it is still in use in allow_address_pair23:15
bana_k<TrevorV> My devstack VM is a little slow, so give me a minute :D23:15
bana_k<abdelwas> This is just master, not anything related to my review23:15
bana_k<abdelwas> OK23:15
bana_k<TrevorV> I understand :)23:15
bana_k<johnsom> pep8 should have caught it, but I think since it's a self. it missed it23:15
bana_k<abdelwas> I have a reasoning for that23:15
bana_k<TrevorV> abdelwas, as I had said, if you are looking at allowed_address_pairs.py23:15
bana_k<abdelwas> get_subnet implementation was removed from allow_address_pair but not from the base class23:15
bana_k<TrevorV> The class definition has "neutron_bas.BaseNeutronDriver" as an inherited class.23:15
bana_k<abdelwas> So network de23:15
bana_koh shit sorry23:15
bloganah bana_k you flooded the channel!23:15
bana_kI mean this https://gist.github.com/banveerad/c61872cbc13bd965529723:15
bloganlol23:15
bana_kmybad :D23:16
abdelwasMy name is mentioned like never before :D23:16
bloganlol23:16
bana_ksorry again ppl !23:17
bana_kplease take a  look at this log23:17
bloganbana_k: you've done something no one has ever done23:17
bana_klol23:17
bana_kI am glad :P23:18
bloganbana_k: are you testing out the abdelwas's active passive reveiw and got this log?23:18
bana_kno just add members23:18
bana_kand load balancer got stuck in update pending state23:19
bana_kn now i cant even delete that23:19
*** vivek-ebay has joined #openstack-lbaas23:19
bloganhmm23:19
bloganso straight off master?23:19
bana_kyes sir23:19
bana_kthis time let me double check it23:20
bana_kdouble checked, n yes23:20
bloganbana_k: whats the commit you're on in octavia?23:20
bana_kblogan: dfeea9ba1351c70ddb199d404d45a760a1538c0a23:21
bloganbana_k: ah you're using the rest driver23:21
bana_kyes23:21
bloganbana_k: that one i dont know as much about as johnsom and xgerman23:21
johnsomYou rang?23:22
bloganjohnsom: https://gist.github.com/banveerad/c61872cbc13bd965529723:22
bloganlooks like an error happening in the rest driver on member create23:22
xgermanhi23:22
bloganjohnsom: im sure my code change messed this up too23:22
bloganjohnsom: but thats just a guess based in no factual data23:23
xgermanblogan we will take your code change privileges away every time we are tow weeks from code freeze23:23
bloganxgerman: hey that review went up before 2 weeks :)23:23
*** vivek-ebay has quit IRC23:23
johnsomYeah, and xgerman +2'd it23:24
bloganboom!23:24
johnsomYou will note, I did not however....23:24
xgermanI know I am guilty23:24
bloganlol well technically, it worked with everything in master, it has only messed up reviews unmerged23:24
bloganwhich i knew would happen23:24
bloganand this is failing in the amp driver which i dont believe that review touch, but its possible that amp driver is getting data it doesn't expect23:25
bana_kand I think at least we should get the LB back to error state or something else its a deadlock23:26
johnsomIt's a pretty straight forward call.  I suspect something was not happy on the amp side23:26
bana_kwe cant do anything to the LB23:26
bloganwell it shoulda broke the ssh driver too if it was a parameter contract change, so it may not be that cahnge that did this23:26
johnsomThe status stuff is in the patchset I'm working on now.  It's done, just needs unit test.23:27
bloganbana_k: you can update the status to ACTIVE with a db call and then you can do something with it :)23:27
johnsombana_k is the amp still running, i.e. visible in nova list?23:27
bana_khehehe sure ll do23:27
bana_kyes23:27
bana_kits still running23:27
johnsomCool, ssh in "sudo ssh -i /etc/octavia/.ssh/octavia_ssh_key ubuntu@<mgmt ip>"23:28
johnsomThen look at the agent log /var/log/upstart/amphora-agent.log23:29
johnsomThere might be some hints here23:29
bana_koh ok sshing23:29
johnsomREST on devstack works for the most part for me.  I've been doing a bunch of testing with it for the health manager stuff23:30
openstackgerritmin wang proposed openstack/octavia: Add cert tracking and rotating in Housekeeping  https://review.openstack.org/21535923:32
johnsomMy guess is the interface didn't get plugged into the amp.  There is likely an error farther up the log23:32
bana_k /var/log/upstart/amphora-agent.log is empty :/23:33
johnsomSomething bad happened earlier in the process then, or this amp is running ssh driver.23:35
johnsomI don't think I have ever seen it empty with the rest driver.23:35
johnsomDid you create the lb with ssh driver, then switch to rest driver?23:35
*** vivek-ebay has joined #openstack-lbaas23:36
bana_kjohnsom : no23:37
*** kev0 has joined #openstack-lbaas23:37
bana_kjohnsom :  https://gist.github.com/banveerad/e1df110b6dc6337b16e323:37
johnsomHmmm23:37
bana_kmy octauva conf23:38
*** woodster_ has quit IRC23:38
johnsomThat looks ok23:38
*** woodster_ has joined #openstack-lbaas23:38
bana_kand this works too curl -k --cert /etc/octavia/certs/client.pem https://192.168.0.8:8443/0.5/info  | python -m json.tool23:39
johnsombana_k oh, is the log file named octavia-agent.log?23:40
*** diogogmt has joined #openstack-lbaas23:41
bana_klol, yes23:41
bana_kno error msgs on that23:41
johnsomsorry, I renamed it to clean up some mis-matches in this new patchset23:41
johnsomok23:41
johnsomsudo ifconfig23:42
johnsomany .0 interfaces?23:42
bana_kyes eth1.023:42
openstackgerritBrandon Logan proposed openstack/neutron-lbaas: Change tls and sni listener API attributes to ref  https://review.openstack.org/21646523:44
johnsomis it up or down?23:45
*** ajmiller has quit IRC23:50
bana_kethtool says link detected yes23:50
bana_kn has ip address23:50
johnsomCan you give the output of "sudo ifconfig eth1.0"23:50
bana_ksays up23:50
johnsomOk.  So, that is why you got the not found.23:51
johnsomDid you add a member to the same subnet as the VIP?23:51
johnsom(listener)23:51
bana_khttps://gist.github.com/banveerad/d21ecc6c8c6f50506dc523:51
bana_kyes23:52
bana_kVIP is 10.0.0.1323:52
bana_kn mems IP : 10.0.0.18 and 1723:52
johnsomYeah, this is blogan's bug.  abdelwas reported this.  The calculate delta is broken.  Was a bug filed for it?23:53
bana_kI dont think so23:54
johnsomIt's trying to bring up an interface on the amphora that is already up.23:54
bana_kshould I file the bug?23:57
*** apuimedo has quit IRC23:57
johnsomFiling it now23:59
« Sunday, 2015-08-23 Index Tuesday, 2015-08-25 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!