Monday, 2016-04-04

« Sunday, 2016-04-03 Index Tuesday, 2016-04-05 »
bharathmFor your other question, "barbican" is the default cert manager while using TLS terminated listeners.. For non-tls listeners barbican is not needed.. Also you can change the cert manager to local if you want though it's not secure00:01
*** bana_k has quit IRC00:06
kongthanks for your answer, bharathm, looking at that patch01:11
kongand, anyone is woking on this patch: (Basic LoadBalancer Scenario Test) https://review.openstack.org/#/c/172199/?01:22
kongI saw a bunch of patchsets...01:23
kongIIUC, scenario tests will be included in the structure proposed in that patch, but what about API test? I mean, testing for separated API, creating lb, listing lb...etc.01:29
*** manishg has quit IRC01:44
*** ducttape_ has joined #openstack-lbaas01:54
*** ducttape_ has quit IRC01:55
*** ducttape_ has joined #openstack-lbaas01:55
*** manishg has joined #openstack-lbaas02:18
*** yamamoto has quit IRC02:27
*** yamamoto has joined #openstack-lbaas02:31
*** ducttape_ has quit IRC02:33
*** ducttape_ has joined #openstack-lbaas02:34
*** ducttape_ has quit IRC02:34
*** ducttape_ has joined #openstack-lbaas02:34
*** manishg has quit IRC02:41
*** links has joined #openstack-lbaas02:46
*** yamamoto has quit IRC02:50
*** ducttape_ has quit IRC02:57
*** ducttape_ has joined #openstack-lbaas02:58
*** ducttape_ has quit IRC02:58
*** manishg has joined #openstack-lbaas03:38
*** yamamoto has joined #openstack-lbaas04:01
*** Alex_Stef has joined #openstack-lbaas04:26
*** numans has joined #openstack-lbaas04:30
*** kobis has joined #openstack-lbaas04:33
*** prabampm has joined #openstack-lbaas04:45
*** manishg has quit IRC04:49
*** Alex_Stef has quit IRC04:53
*** Alex_Stef has joined #openstack-lbaas04:53
*** kobis has quit IRC04:58
*** amotoki has joined #openstack-lbaas05:11
*** amotoki has quit IRC05:18
*** anilvenkata has joined #openstack-lbaas05:19
*** eranra has quit IRC05:20
*** manishg has joined #openstack-lbaas05:20
*** manishg has quit IRC05:25
*** prabampm has quit IRC05:33
*** amotoki has joined #openstack-lbaas05:37
*** prabampm has joined #openstack-lbaas05:39
*** cody-somerville has quit IRC05:41
*** numans has quit IRC05:47
*** Purandar has quit IRC05:58
*** numans has joined #openstack-lbaas06:16
*** ihrachys has joined #openstack-lbaas06:21
*** ihrachys has quit IRC06:21
*** manishg has joined #openstack-lbaas06:21
*** bana_k has joined #openstack-lbaas06:21
*** manishg has quit IRC06:26
*** Alex_Stef has quit IRC06:33
*** prabampm has quit IRC06:49
*** bana_k has quit IRC06:56
*** prabampm has joined #openstack-lbaas06:56
*** nmagnezi has joined #openstack-lbaas06:58
*** ihrachys has joined #openstack-lbaas07:03
*** yamamoto has quit IRC07:04
*** yamamoto has joined #openstack-lbaas07:06
*** jschwarz has joined #openstack-lbaas07:13
*** manishg has joined #openstack-lbaas07:22
*** manishg has quit IRC07:26
*** yamamoto has quit IRC07:29
*** yamamoto has joined #openstack-lbaas07:30
*** reedip__ has quit IRC07:37
*** dhlorenz has joined #openstack-lbaas07:43
*** rcernin has joined #openstack-lbaas07:43
*** reedip__ has joined #openstack-lbaas07:44
*** fawadkhaliq has joined #openstack-lbaas07:54
*** fawadkhaliq has quit IRC08:10
*** numans has quit IRC08:14
*** anilvenkata has quit IRC08:15
*** Alex_Stef has joined #openstack-lbaas08:17
*** anilvenkata has joined #openstack-lbaas08:18
*** manishg has joined #openstack-lbaas08:22
*** manishg has quit IRC08:27
*** numans has joined #openstack-lbaas08:27
rm_workbharathm / kong: unfortunately local was actually unusable because we never did the API-side work to make it possible to pass raw cert data in -- so it was removed, unless someone wants to re-add it and do the work on the API to make it possible to use08:28
rm_work^^ just FYI since it was discussed earlier08:28
*** mdavidson has quit IRC08:39
kongrm_work: thanks for the info. that is really a bad new for me :-(08:39
rm_workwell, if you do not need TLS Termination, you do not need Barbican08:39
kongdepending on another openstack service will make things more complex08:39
kongrm_work: hmm, will consider that08:40
rm_workyou can deploy Octavia for just HTTP and HTTPS Passthrough08:40
kongrm_work: that will depend on waht our customers want08:40
rm_workyes... Are you deploying Neutron-LBaaS with Octavia, or just Octavia?08:41
rm_workor, just Neutron-LBaaS with something like the namespace haproxy driver?08:41
rm_workI assume Neutron-LBaaS with Octavia, as this is the recommended model at the moment08:42
kongrm_work:  yes, you are right. we are about to deploy neutron+lbaasv2+ocatavia08:43
kongrm_work: since octavia has a lot of features our customers want08:43
rm_workOK08:44
rm_workThen, getting TLS Termination to work without Barbican would require a large amount of effort :(08:44
kongrm_work:  honestly speaking, I don't know the TLS termination mechanism, but I'll try to understand it08:45
rm_workyou'd have to update the n-lbaas API to optionally allow passing in raw cert data, validate that only raw OR barbican data was passed, and pass this data on to the driver -- then update the Octavia API to allow for the same, and re-commit the local cert manager08:46
rm_workkong: with TLS Termination, the HTTPS connection would be decrypted on the LoadBalancer (amphora) and then the connection would continue to the member nodes unencrypted08:47
rm_workthis allows for doing L7 operations and such on the traffic08:47
rm_workalso it takes load off the backend members because TLS decryption is expensive08:47
kongrm_work: that means, haproxy will have more control about the data, right?08:47
rm_workyes08:47
rm_workotherwise, HAProxy can't inspect the traffic or headers08:48
rm_workso it has limited ability to make decisions08:48
*** amotoki has quit IRC08:49
kongrm_work: I hope lack of that feature will not stop us  :-)08:49
*** amotoki has joined #openstack-lbaas08:49
rm_workBarbican is ... not THAT difficult to deploy? Though it is "yet another service" to worry about... but it is highly recommended for security08:50
rm_workof course, you need a HSM for it to be effective, and they are expensive :/08:50
kongrm_work: anyway, it's not widely deployed. some of our operators even didn't heard about that08:51
kongif we deploy Babican only for Octavia, seems like a overkill08:52
rm_workI suppose so08:52
rm_workbut it is to be used by many other services too, I think08:52
kongthen that will be good for Babican to be more visible to the whole community08:53
kongI even thought, why not we provide another option for cert management in octavia. Users will take their choice08:54
kongs/take/make08:55
rm_workYes, it would be great to have more choices, and it should be easy to add them -- IF they are external services08:55
rm_workan internal storage option (like database) could be added easily on the backend (with CertManager interface) BUT it is impossible to get any data to it without the API accepting raw cert data08:56
rm_workwe'd welcome a CR to add this08:56
*** numans has quit IRC08:56
rm_workIt was on my very long list of TODOs but I was never able to get to it08:56
*** numans has joined #openstack-lbaas08:57
kongi think if i understand it more, maybe i could help do something about this08:57
kongrm_work: it's very late for me, have to get sleep, nice talking to you08:59
rm_workOk, yeah. 6pm here :)08:59
rm_workTalk to you later :)08:59
kongrm_work: have a good dinner :-)08:59
openstackgerritKobi Samoray proposed openstack/octavia: Implement custom header support for Octavia  https://review.openstack.org/25790109:08
*** amotoki has quit IRC09:17
*** amotoki has joined #openstack-lbaas09:18
*** banszmar has quit IRC09:20
*** manishg has joined #openstack-lbaas09:23
*** manishg has quit IRC09:28
*** mdavidson has joined #openstack-lbaas09:35
*** banszmar has joined #openstack-lbaas09:37
*** links has quit IRC09:53
*** links has joined #openstack-lbaas09:54
*** yamamoto has quit IRC10:03
*** yamamoto has joined #openstack-lbaas10:04
*** dhlorenz_ has joined #openstack-lbaas10:06
*** dhlorenz has quit IRC10:08
*** numans has quit IRC10:16
*** yamamoto has quit IRC10:16
*** yamamoto has joined #openstack-lbaas10:17
*** manishg has joined #openstack-lbaas10:24
*** yamamoto has quit IRC10:26
*** anilvenkata is now known as anilvenkata_afk10:29
*** manishg has quit IRC10:29
*** openstackgerrit has quit IRC10:48
bharathmrm_work: Thanks for clarifying on the local cert manager.. Apparently I didn't consider it's implementation (or lack of it) at the API front..10:48
*** openstackgerrit has joined #openstack-lbaas10:49
rm_workyeah, it is a problem :(10:50
rm_workI wasn't thinking about it when I first implemented it either, i was living in a fantasy backend world :)10:50
rm_workthus the problem10:50
*** nmagnezi has quit IRC10:57
*** dhlorenz_ has quit IRC11:03
*** dhlorenz has joined #openstack-lbaas11:05
*** nmagnezi has joined #openstack-lbaas11:10
*** krotscheck_vaca is now known as krotscheck11:13
*** yamamoto has joined #openstack-lbaas11:14
*** yamamoto_ has joined #openstack-lbaas11:15
*** yamamoto has quit IRC11:19
*** numan_ has joined #openstack-lbaas11:19
*** rtheis has joined #openstack-lbaas11:22
*** manishg has joined #openstack-lbaas11:25
*** manishg has quit IRC11:29
*** anilvenkata_afk is now known as anilvenkata11:39
*** neelashah has joined #openstack-lbaas11:58
*** nmagnezi_ has joined #openstack-lbaas12:08
*** nmagnezi has quit IRC12:12
*** numan_ has quit IRC12:43
openstackgerritKobi Samoray proposed openstack/octavia: Implement custom header support for Octavia  https://review.openstack.org/25790112:47
*** dhlorenz has quit IRC12:54
*** dhlorenz has joined #openstack-lbaas12:55
*** matt-borland has joined #openstack-lbaas13:15
*** links has quit IRC13:21
*** dhlorenz has quit IRC13:25
*** dhlorenz has joined #openstack-lbaas13:27
*** neelashah has quit IRC13:30
*** prabampm1 has joined #openstack-lbaas13:33
*** prabampm has quit IRC13:35
*** woodster_ has joined #openstack-lbaas13:36
*** TrevorV has joined #openstack-lbaas13:41
*** yamamoto_ has quit IRC13:56
*** yamamoto has joined #openstack-lbaas13:56
*** prabampm1 has quit IRC14:01
*** anilvenkata has quit IRC14:11
*** doug-fish has joined #openstack-lbaas14:15
*** ajmiller has joined #openstack-lbaas14:16
*** neelashah has joined #openstack-lbaas14:21
*** prabampm has joined #openstack-lbaas14:22
ptoohillHey xgerman, you around? Could I bug you regarding agent plug vip14:31
*** Bjoern has joined #openstack-lbaas14:31
*** piet has joined #openstack-lbaas14:32
*** amotoki has quit IRC14:35
ptoohillxgerman: Please let me know if you get a chance to chat with me at some point today, please.14:37
ajmillerpthoohil xgerman is out most of this week, with questionable internet access.14:38
rm_workso kinda like me last week14:41
*** ducttape_ has joined #openstack-lbaas14:41
ptoohillajmiller: Ah thank you for info :)14:43
*** mixos has joined #openstack-lbaas14:59
*** Alex_Stef has quit IRC15:00
*** cody-somerville has joined #openstack-lbaas15:07
*** cody-somerville has quit IRC15:07
*** cody-somerville has joined #openstack-lbaas15:07
*** neelashah has quit IRC15:08
*** Purandar has joined #openstack-lbaas15:15
*** mixos has quit IRC15:24
*** mixos has joined #openstack-lbaas15:27
*** neelashah has joined #openstack-lbaas15:27
*** johnsom has joined #openstack-lbaas15:31
*** mixos has quit IRC15:37
*** mixos has joined #openstack-lbaas15:42
*** mixos has quit IRC15:48
*** amotoki has joined #openstack-lbaas15:48
*** mixos has joined #openstack-lbaas15:53
*** piet has quit IRC15:53
*** jschwarz has quit IRC16:01
*** mixos has quit IRC16:01
*** mixos has joined #openstack-lbaas16:02
*** mixos has quit IRC16:02
*** mixos has joined #openstack-lbaas16:09
TrevorVHey dougwig you around just yet?16:28
dougwigTrevorV: yo16:30
*** TrevorV has quit IRC16:30
*** TrevorV has joined #openstack-lbaas16:30
TrevorVHah... dougwig I just "ctrl+q" and closed my chat... RIP.16:30
TrevorVSo the single-create "functions", as in, receives the request... But the response object is not right, and octavia is failing to build an amp.  So I have some bugs somewhere that need sorted methinks.16:31
TrevorVI'm only telling you because you did a few rechecks on the patch set, just wanted you to know it wasn't quite ready16:31
*** nmagnezi_ has quit IRC16:31
dougwigTrevorV: oh, my CI was pissy on friday, so i might've been trying to get it a clean run.16:32
*** barra204 has quit IRC16:32
TrevorVOh, gotcha, but it may just be a dirty run in general from it being incomplete, so I wouldn't stress on it, you know?16:32
dougwighey, if it fails for reals, good.  if it fails because i broke my infrastructure, it's gonna get a recheck.  :)16:33
dougwigit no longer costs me a quarter every time you jackals push a patchset.16:34
TrevorVHa ha ha hey now, I'm no jackal.16:34
TrevorVThough I think I'm a contender for most patch sets on a single review...16:34
rm_workdamn, mind telling me what it costs you now?16:45
rm_workneed to reprogram the algorithm I use for my dougwig-money-wasted counter app16:45
*** numan_ has joined #openstack-lbaas16:46
*** nmagnezi_ has joined #openstack-lbaas16:47
*** rcernin has quit IRC16:48
johnsomHas anyone tried adding a member on a second network/subnet recently?  I.e. 1 member on private, another member on a different network?16:50
johnsomIn testing my namespace patch I see the network plugged in nova, but in the amp eth2 doesn't show up.16:50
johnsomlshw -C NET shows: *-network:2 DISABLED16:51
*** bana_k has joined #openstack-lbaas16:57
*** armax has joined #openstack-lbaas17:07
*** Frito has joined #openstack-lbaas17:08
*** crc32 has joined #openstack-lbaas17:10
*** neelashah has quit IRC17:14
*** nmagnezi_ has quit IRC17:23
*** amotoki has quit IRC17:23
*** ihrachys has quit IRC17:24
*** kevo has joined #openstack-lbaas17:39
*** piet has joined #openstack-lbaas17:42
*** dhlorenz has quit IRC17:48
*** yamamoto has quit IRC18:01
*** yamamoto has joined #openstack-lbaas18:01
dougwigrm_work: internal openstack cloud, and the landlord pays electricity.18:02
dougwigrm_work: do your worst.18:02
*** anilvenkata has joined #openstack-lbaas18:02
*** doug-fish has quit IRC18:03
*** doug-fish has joined #openstack-lbaas18:03
*** doug-fish has quit IRC18:03
*** mixos has quit IRC18:04
*** neelashah has joined #openstack-lbaas18:11
*** numan_ has quit IRC18:14
*** mixos has joined #openstack-lbaas18:14
*** neelashah has quit IRC18:15
*** neelashah has joined #openstack-lbaas18:22
*** mixos has quit IRC18:27
*** mixos has joined #openstack-lbaas18:28
*** mixos has quit IRC18:31
*** diogogmt has joined #openstack-lbaas18:34
*** mixos has joined #openstack-lbaas18:36
*** crc32 has quit IRC18:38
*** mixos has quit IRC18:41
*** mixos has joined #openstack-lbaas18:55
*** mixos has quit IRC18:56
*** dhlorenz has joined #openstack-lbaas19:01
openstackgerritMark Vanderwiel proposed openstack/neutron-lbaas-dashboard: fix unit tests  https://review.openstack.org/29671819:13
*** mixos has joined #openstack-lbaas19:22
neelashahjohnsom: hi19:23
neelashahwondering about the linkgage of the lp to gerritt so the bugs get automatically updated with the patches?19:24
johnsomneelashah Hi.  It is still on my todo list for more research.  I think it is the group in the project.yaml, but I'm not 100% sure yet.19:33
neelashahjohnsom: ok, thanks…let me know if I need to do something on that19:34
johnsomYou are welcome to research as well.  I need to understand the implications of removing the group: neutron from the project19:35
*** Bjoern has quit IRC19:37
*** piet has quit IRC19:41
*** shakamunyi has joined #openstack-lbaas19:51
*** shakamunyi has quit IRC19:57
*** neelashah1 has joined #openstack-lbaas19:59
*** neelashah has quit IRC20:02
*** anilvenkata has quit IRC20:10
*** neelashah1 has quit IRC20:30
TrevorVAnyone here know anything about the "git commit style"?20:47
TrevorVLike, "simple" versus ... another option I can't remember>?20:47
TrevorVI'm having the WORST time trying to google for it.20:47
TrevorVThe problem I'm having is after doing a "git review -d #######", and making changes, I do a "git commit --amend" and it changes the name of my branch... Like, detaches me and stuff.20:48
TrevorVI don't like it.20:48
TrevorVWell, I didn't strictly figure it out, but I think I got a solution for this singular instance...20:57
TrevorVSorry guys :D20:57
*** ihrachys has joined #openstack-lbaas20:57
*** TrevorV has quit IRC21:01
openstackgerritTrevor Vardeman proposed openstack/neutron-lbaas: WIP - Get Me A LB  https://review.openstack.org/25720121:02
*** mixos has quit IRC21:55
*** matt-borland has quit IRC21:58
*** mixos has joined #openstack-lbaas21:59
*** rtheis has quit IRC22:01
*** mixos has quit IRC22:05
*** ducttape_ has quit IRC22:12
*** mixos has joined #openstack-lbaas22:15
*** mixos has quit IRC22:21
*** mixos has joined #openstack-lbaas22:33
*** mixos has quit IRC22:47
openstackgerritMichael Johnson proposed openstack/octavia: Run amphora haproxy in a network namespace  https://review.openstack.org/30029222:48
*** diogogmt has quit IRC22:56
*** diogogmt has joined #openstack-lbaas22:59
*** ihrachys has quit IRC23:11
*** chlong has joined #openstack-lbaas23:18
openstackgerritOpenStack Proposal Bot proposed openstack/octavia: Updated from global requirements  https://review.openstack.org/30139423:20
*** ducttape_ has joined #openstack-lbaas23:26
*** mixos has joined #openstack-lbaas23:26
*** ducttape_ has quit IRC23:28
*** mixos has quit IRC23:31
*** mixos has joined #openstack-lbaas23:32
*** mixos has quit IRC23:33
*** mixos has joined #openstack-lbaas23:35
*** mixos has quit IRC23:40
openstackgerritTin Lam proposed openstack/neutron-lbaas-dashboard: Update requirement for horizon in stable/mitaka  https://review.openstack.org/30140423:55
« Sunday, 2016-04-03 Index Tuesday, 2016-04-05 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!