| openstackgerrit | Tin Lam proposed openstack/neutron-lbaas-dashboard: Update requirement for horizon in stable/mitaka https://review.openstack.org/301406 | 00:08 |
|---|---|---|
| *** ChrisBenson1 has joined #openstack-lbaas | 00:17 | |
| *** ChrisBenson has quit IRC | 00:17 | |
| *** diogogmt has quit IRC | 00:49 | |
| *** ducttape_ has joined #openstack-lbaas | 01:07 | |
| *** Purandar has quit IRC | 01:12 | |
| *** ducttape_ has quit IRC | 01:37 | |
| *** mixos has joined #openstack-lbaas | 01:37 | |
| *** bana_k has quit IRC | 01:38 | |
| *** cody-somerville has quit IRC | 01:55 | |
| *** ducttape_ has joined #openstack-lbaas | 01:55 | |
| *** cody-somerville has joined #openstack-lbaas | 01:55 | |
| *** ducttape_ has quit IRC | 01:55 | |
| *** jaff_cheng has joined #openstack-lbaas | 01:56 | |
| *** diogogmt has joined #openstack-lbaas | 01:58 | |
| *** ducttape_ has joined #openstack-lbaas | 02:00 | |
| *** jaff_cheng has quit IRC | 02:11 | |
| *** jaff_cheng has joined #openstack-lbaas | 02:11 | |
| *** kevo has quit IRC | 02:19 | |
| *** Purandar has joined #openstack-lbaas | 02:20 | |
| *** chenghang has joined #openstack-lbaas | 02:23 | |
| *** jaff_cheng has quit IRC | 02:23 | |
| *** jaff_cheng has joined #openstack-lbaas | 02:23 | |
| *** ducttape_ has quit IRC | 02:23 | |
| *** ducttape_ has joined #openstack-lbaas | 02:27 | |
| *** chenghang has quit IRC | 02:27 | |
| *** yamamoto has quit IRC | 02:32 | |
| *** ducttape_ has quit IRC | 02:34 | |
| *** woodster_ has quit IRC | 02:37 | |
| *** yamamoto has joined #openstack-lbaas | 02:40 | |
| *** ducttape_ has joined #openstack-lbaas | 02:40 | |
| *** dnovosel has quit IRC | 02:43 | |
| *** yamamoto has quit IRC | 02:48 | |
| *** ducttape_ has quit IRC | 02:51 | |
| *** yamamot__ has joined #openstack-lbaas | 02:51 | |
| *** dhlorenz has quit IRC | 02:53 | |
| *** yamamot__ has quit IRC | 03:02 | |
| *** ducttape_ has joined #openstack-lbaas | 03:02 | |
| *** fawadkhaliq has joined #openstack-lbaas | 03:06 | |
| *** fawadkhaliq has quit IRC | 03:12 | |
| *** fawadkhaliq has joined #openstack-lbaas | 03:13 | |
| *** ducttape_ has quit IRC | 03:13 | |
| *** sekrit has joined #openstack-lbaas | 03:17 | |
| *** neelashah has joined #openstack-lbaas | 03:21 | |
| *** woodster_ has joined #openstack-lbaas | 03:21 | |
| *** fawadkhaliq has quit IRC | 03:21 | |
| *** fawadkhaliq has joined #openstack-lbaas | 03:22 | |
| *** fawadkhaliq has quit IRC | 03:22 | |
| *** fawadkhaliq has joined #openstack-lbaas | 03:22 | |
| *** neelashah has quit IRC | 03:23 | |
| *** bana_k has joined #openstack-lbaas | 03:34 | |
| *** links has joined #openstack-lbaas | 03:39 | |
| *** prabampm has quit IRC | 03:40 | |
| *** yamamot__ has joined #openstack-lbaas | 03:48 | |
| *** bana_k has quit IRC | 03:51 | |
| *** prabampm has joined #openstack-lbaas | 04:49 | |
| *** cody-somerville has quit IRC | 05:31 | |
| *** armax has quit IRC | 05:35 | |
| *** cody-somerville has joined #openstack-lbaas | 05:44 | |
| *** Purandar has quit IRC | 05:49 | |
| *** rcernin has joined #openstack-lbaas | 05:51 | |
| *** jaff_cheng has quit IRC | 05:55 | |
| *** prabampm has quit IRC | 05:55 | |
| *** prabampm1 has joined #openstack-lbaas | 05:55 | |
| *** anilvenkata has joined #openstack-lbaas | 05:59 | |
| *** fawadkhaliq has quit IRC | 06:02 | |
| *** bana_k has joined #openstack-lbaas | 06:08 | |
| *** Alex_Stef has joined #openstack-lbaas | 06:31 | |
| *** bana_k has quit IRC | 06:46 | |
| *** jaff_cheng has joined #openstack-lbaas | 06:48 | |
| kong | ping rm_work, today i spent some time on the tls termination implementation (especially for cert management part) in neutron-lbaas and octavia | 07:06 |
| rm_work | interesting | 07:06 |
| rm_work | so what approach are you taking? | 07:06 |
| kong | when using local_cert_manager, I wonder how to get the cert info on users's perspective | 07:06 |
| kong | local_cert_manager, i mean in neutron-lbaas side | 07:07 |
| rm_work | yes | 07:07 |
| rm_work | so, that is what I meant -- it needs to have an addition to the API | 07:07 |
| kong | rm_work: i am not doing any approach, just try to understand it | 07:07 |
| rm_work | to allow the API to accept EITHER a container_id for the cert (for things like Barbican) or to take in raw cert/key data (to store in LocalCertManager) | 07:08 |
| rm_work | or, even better would probably be DatabaseCertManager honestly | 07:08 |
| rm_work | and it would want to do something like a simple salted hash | 07:08 |
| rm_work | but, this is not something we chose to move forward with | 07:08 |
| kong | but adding another mechanism to do cert management seems to be far away from neutron and octavia... | 07:09 |
| rm_work | yes | 07:10 |
| *** chenghang has joined #openstack-lbaas | 07:10 | |
| rm_work | I mean, if you made a DatabaseCertManager, that would be within the system too, but would still need an API addition | 07:10 |
| kong | yes, need api to let user create/retrieve their cert info | 07:11 |
| kong | rm_work: I'm trying to find a best approach for us, deploy octavia without barbican. but find there is no better solution than using barbican, if we want to provide TLS termination | 07:12 |
| kong | and that's the feature our customers want, i have confirmed that | 07:12 |
| rm_work | yeah, deploying barbican is probably less effort than fixing LBaaS/Octavia | 07:13 |
| kong | btw, I suspect the local_cert_manager driver in neutron-lbaas, doesn't make sense for real deployment | 07:13 |
| *** nmagnezi has joined #openstack-lbaas | 07:13 | |
| rm_work | right | 07:14 |
| *** jaff_cheng has quit IRC | 07:14 | |
| rm_work | actually i need to remove that too | 07:14 |
| rm_work | it has the same problem as Octavia | 07:14 |
| rm_work | I just didn't get to doing it yet | 07:14 |
| kong | but I didn't find loca_cert part in octavia | 07:15 |
| kong | in certificate/manager, there is only barbican driver | 07:15 |
| rm_work | yes, it was removed | 07:15 |
| rm_work | because it is not possible to use it | 07:15 |
| kong | so, for now, only barbican is available, and there will be not another option in the near future, right? | 07:16 |
| rm_work | not unless someone volunteers to write it | 07:17 |
| kong | is there other choice deserves a driver for that? | 07:17 |
| rm_work | not any external services I'm aware of :/ | 07:19 |
| rm_work | the issue is that SOMEHOW the *user* needs to store the cert/key, which means something has to run an API | 07:20 |
| rm_work | which means either another service (like Barbican) or a change to the Neutron-LBaaS + Octavia APIs to allow taking in Certs/Keys as raw data, and then adding another driver that stores locally like a DBCertManager or LocalCertManager | 07:20 |
| rm_work | LocalCertManager is actually just a proof of concept, you would NEVER want to use that in production, it was just for "development" | 07:21 |
| rm_work | I could see an acceptable DatabaseCertManager driver for use in production | 07:21 |
| rm_work | if it was written properly | 07:21 |
| rm_work | the reason Barbican is good is because in theory it is written properly, and people who do not understand security fully don't have to write code for it (and mess up!) | 07:22 |
| *** pcaruana has joined #openstack-lbaas | 07:37 | |
| *** cody-somerville has quit IRC | 07:38 | |
| *** mixos has quit IRC | 07:44 | |
| *** ihrachys has joined #openstack-lbaas | 07:54 | |
| *** Alex_Stef has quit IRC | 07:55 | |
| *** Alex_Stef has joined #openstack-lbaas | 08:10 | |
| *** nmagnezi has quit IRC | 08:18 | |
| *** nmagnezi has joined #openstack-lbaas | 08:22 | |
| *** ihrachys has quit IRC | 08:31 | |
| *** ChrisBenson1 has quit IRC | 08:34 | |
| *** chlong has quit IRC | 08:35 | |
| *** woodster_ has quit IRC | 08:57 | |
| kong | rm_work: sorry, have to distract for a while by the baby | 08:57 |
| rm_work | No worries! :) Though I am about to go get dinner | 08:58 |
| kong | rm_work: then, an idea came to my mind, why we let users choose cert by themselves? | 08:58 |
| rm_work | The user must provide the cert | 08:58 |
| rm_work | they will have registered and paid for the cert from verisign or other for their domain | 08:58 |
| rm_work | in fact, ideally we are unable to see the private key ourselves (though this is not possible) | 08:59 |
| rm_work | anywhere the private key is read, is a security risk | 08:59 |
| rm_work | back in a while, though I assume you will be gone by the time I am back | 09:00 |
| kong | ok, the last question, why not we just generate cert randomly for users, transparently? | 09:00 |
| kong | rm_work :-) | 09:00 |
| rm_work | what, like self-signed? | 09:01 |
| rm_work | that is a useless certificate | 09:01 |
| rm_work | the certificate is what is presented to the end user (in their web browser) | 09:01 |
| rm_work | the purpose is to prove identity | 09:01 |
| rm_work | so the user has mywebsite.com and a certificate issued for it by a trusted issuer (Verisign, Symantec, etc) | 09:01 |
| rm_work | they create a loadbalancer for mywebsite.com and provide the LB with the certificate | 09:02 |
| rm_work | now when the user goes to mywebsite.com, it presents the correct certificate, and they get the little green lock that means the website is secure | 09:02 |
| rm_work | if we generate a random certificate, the user would get a red failure symbol and it would say the site is not secure! | 09:02 |
| kong | rm_work: in that scenario, the user won't use Barbican for certification, right? | 09:05 |
| kong | or, to some extent, the certification barbican generates is also useless, right? | 09:06 |
| *** ajo_ is now known as ajo | 09:06 | |
| kong | barbican can be a trusted issuer? | 09:07 |
| kong | sorry for so many questions, i know they are bothering | 09:08 |
| kong | rm_work: maybe you are absent, I just want to say, thank you very much, really appreciate all your answers | 09:09 |
| *** prabampm has joined #openstack-lbaas | 09:24 | |
| *** prabampm1 has quit IRC | 09:26 | |
| *** chenghang has quit IRC | 09:31 | |
| *** ihrachys has joined #openstack-lbaas | 09:37 | |
| *** kobis has joined #openstack-lbaas | 09:55 | |
| *** prabampm1 has joined #openstack-lbaas | 10:09 | |
| bharathm | kong: Barbican can do two task: Certificate generation and Centificate container.. In the later case, all it does is securely store the certificates.. So In Octavia's case, we use Barbican as a default cert manager (aka just to store and retrieve certs).. | 10:10 |
| *** prabampm has quit IRC | 10:11 | |
| kong | bharathm: so, as a result, octaiva will work with barbican together tightly, if we want to provide TLS termination feature | 10:12 |
| bharathm | So the user, running a web application load balanced through octavia, should buy a certificate from verisign (or some other CA) and store it in barbican container and create LbaaS listener with the barbican container id.. | 10:12 |
| kong | our end user need create or upload certificate to barbican first, then he can use octavia | 10:13 |
| kong | yeah | 10:13 |
| bharathm | Yes. Atleast for now, barbican is our cert manager.. This can be extended to support a different cert manager service in the future if needed | 10:14 |
| kong | ok, seems deploying barbican is unavoidable :-( | 10:14 |
| kong | and our customers should be told there will be 2 new services when we provide lbaas | 10:15 |
| kong | and our operators should deploy 2 new service, too | 10:15 |
| kong | ooh my god, kill me | 10:16 |
| bharathm | Well it's a matter of security consideration.. As rmwork pointed out, Barbican has been built considering these security factors so it's better to use that rather than reinventing the wheel (more like a crippled one).. :-) | 10:17 |
| kong | bharathm: yeah, correct | 10:19 |
| bharathm | Until two days ago I was in the impression that we could use local_generator but rmwork englightened me it wasn't part of api | 10:19 |
| bharathm | ok.. I am going to bed then.. | 10:20 |
| kong | bharathm: yes, me too | 10:20 |
| kong | bharathm: what's your timezone? | 10:20 |
| kong | bharathm: 22:20 for me | 10:20 |
| banszmar | mestery: Hello Kyle. I'd like to ask you a question on LBAAS driver in networking-odl. It seems to me that it is not fully implemented. Is it working? I've raised a bug report (https://bugs.launchpad.net/networking-odl/+bug/1559939), but so far there was no response. | 10:21 |
| openstack | Launchpad bug 1559939 in networking-odl "can't get networking-odl LBaaS driver to work" [Undecided,New] | 10:21 |
| bharathm | Pacific time.. it's 3:21am here | 10:21 |
| kong | bharathm: ooh, really early | 10:21 |
| banszmar | mestery: I was thinking about fixing it but wanted to check with you first. | 10:22 |
| *** ihrachys has quit IRC | 10:24 | |
| *** yamamot__ has quit IRC | 10:34 | |
| *** ihrachys has joined #openstack-lbaas | 10:53 | |
| *** numan_ has joined #openstack-lbaas | 11:04 | |
| *** jschwarz has joined #openstack-lbaas | 11:17 | |
| *** yamamoto has joined #openstack-lbaas | 11:20 | |
| *** Alex_Stef has quit IRC | 11:27 | |
| *** Alex_Stef has joined #openstack-lbaas | 11:39 | |
| *** rtheis has joined #openstack-lbaas | 11:44 | |
| *** yamamoto has quit IRC | 11:45 | |
| *** yamamoto has joined #openstack-lbaas | 11:47 | |
| *** yamamoto has quit IRC | 11:59 | |
| *** yamamoto has joined #openstack-lbaas | 12:00 | |
| *** yamamoto has quit IRC | 12:06 | |
| *** yamamoto has joined #openstack-lbaas | 12:09 | |
| *** yamamoto has quit IRC | 12:13 | |
| *** yamamoto has joined #openstack-lbaas | 12:15 | |
| *** yamamoto has quit IRC | 12:18 | |
| *** matt-borland has joined #openstack-lbaas | 12:19 | |
| reedip__ | blogan: ping | 12:25 |
| *** yamamoto has joined #openstack-lbaas | 12:31 | |
| *** yamamoto has quit IRC | 12:36 | |
| *** prabampm1 has quit IRC | 12:57 | |
| *** yamamoto has joined #openstack-lbaas | 12:58 | |
| *** dougwig has quit IRC | 13:21 | |
| *** xgerman has quit IRC | 13:21 | |
| *** rtheis has quit IRC | 13:21 | |
| *** clduser has quit IRC | 13:21 | |
| *** ajmiller has quit IRC | 13:21 | |
| *** amit213 has quit IRC | 13:21 | |
| *** yuanying has quit IRC | 13:21 | |
| *** lunarlamp has quit IRC | 13:21 | |
| *** eezhova has quit IRC | 13:21 | |
| *** matt-borland has quit IRC | 13:21 | |
| *** rcernin has quit IRC | 13:21 | |
| *** harlowja has quit IRC | 13:21 | |
| *** ajo has quit IRC | 13:21 | |
| *** raginbajin has quit IRC | 13:21 | |
| *** cgross has quit IRC | 13:21 | |
| *** markvan has quit IRC | 13:21 | |
| *** mdavidson has quit IRC | 13:21 | |
| *** blogan has quit IRC | 13:21 | |
| *** _laco has quit IRC | 13:21 | |
| *** bradjones has quit IRC | 13:21 | |
| *** ptoohill has quit IRC | 13:21 | |
| *** numan_ has quit IRC | 13:21 | |
| *** reedip__ has quit IRC | 13:21 | |
| *** kong has quit IRC | 13:21 | |
| *** logan- has quit IRC | 13:21 | |
| *** kbyrne has quit IRC | 13:21 | |
| *** amitry has quit IRC | 13:21 | |
| *** krotscheck has quit IRC | 13:21 | |
| *** intr1nsic has quit IRC | 13:21 | |
| *** ctracey has quit IRC | 13:21 | |
| *** Kiall has quit IRC | 13:21 | |
| *** nmagnezi has quit IRC | 13:21 | |
| *** pcaruana has quit IRC | 13:21 | |
| *** openstackgerrit has quit IRC | 13:21 | |
| *** crc32_znc has quit IRC | 13:21 | |
| *** hockeynut has quit IRC | 13:21 | |
| *** yamamoto has quit IRC | 13:21 | |
| *** ljianbj has quit IRC | 13:21 | |
| *** redrobot has quit IRC | 13:21 | |
| *** reedip has quit IRC | 13:21 | |
| *** HenryG has quit IRC | 13:21 | |
| *** Frito has quit IRC | 13:21 | |
| *** bedis has quit IRC | 13:21 | |
| *** zigo has quit IRC | 13:21 | |
| *** elarson has quit IRC | 13:21 | |
| *** sekrit has quit IRC | 13:21 | |
| *** ktrmzn has quit IRC | 13:22 | |
| *** mestery has quit IRC | 13:22 | |
| *** Alex_Stef has quit IRC | 13:22 | |
| *** diogogmt has quit IRC | 13:22 | |
| *** kfox1111 has quit IRC | 13:22 | |
| *** mhayden has quit IRC | 13:22 | |
| *** bharathm has quit IRC | 13:22 | |
| *** haleyb has quit IRC | 13:22 | |
| *** itsuugo has quit IRC | 13:22 | |
| *** johnsom has quit IRC | 13:22 | |
| *** thomasem_ has quit IRC | 13:22 | |
| *** Dave has quit IRC | 13:22 | |
| *** kevinbenton has quit IRC | 13:22 | |
| *** anilvenkata has quit IRC | 13:22 | |
| *** jorgem has quit IRC | 13:22 | |
| *** barclaac has quit IRC | 13:22 | |
| *** kobis has quit IRC | 13:22 | |
| *** banszmar has quit IRC | 13:22 | |
| *** lmiccini has quit IRC | 13:22 | |
| *** jidar has quit IRC | 13:22 | |
| *** neelashah has joined #openstack-lbaas | 13:24 | |
| *** dougwig_ has joined #openstack-lbaas | 13:24 | |
| *** xgerman_ has joined #openstack-lbaas | 13:24 | |
| *** yamamoto has joined #openstack-lbaas | 13:24 | |
| *** matt-borland has joined #openstack-lbaas | 13:24 | |
| *** rtheis has joined #openstack-lbaas | 13:24 | |
| *** Alex_Stef has joined #openstack-lbaas | 13:24 | |
| *** numan_ has joined #openstack-lbaas | 13:24 | |
| *** kobis has joined #openstack-lbaas | 13:24 | |
| *** nmagnezi has joined #openstack-lbaas | 13:24 | |
| *** pcaruana has joined #openstack-lbaas | 13:24 | |
| *** anilvenkata has joined #openstack-lbaas | 13:24 | |
| *** rcernin has joined #openstack-lbaas | 13:24 | |
| *** sekrit has joined #openstack-lbaas | 13:24 | |
| *** diogogmt has joined #openstack-lbaas | 13:24 | |
| *** Frito has joined #openstack-lbaas | 13:24 | |
| *** johnsom has joined #openstack-lbaas | 13:24 | |
| *** ajmiller has joined #openstack-lbaas | 13:24 | |
| *** openstackgerrit has joined #openstack-lbaas | 13:24 | |
| *** banszmar has joined #openstack-lbaas | 13:24 | |
| *** mdavidson has joined #openstack-lbaas | 13:24 | |
| *** reedip__ has joined #openstack-lbaas | 13:24 | |
| *** kong has joined #openstack-lbaas | 13:24 | |
| *** amit213 has joined #openstack-lbaas | 13:24 | |
| *** jorgem has joined #openstack-lbaas | 13:24 | |
| *** ljianbj has joined #openstack-lbaas | 13:24 | |
| *** logan- has joined #openstack-lbaas | 13:24 | |
| *** harlowja has joined #openstack-lbaas | 13:24 | |
| *** blogan has joined #openstack-lbaas | 13:24 | |
| *** kbyrne has joined #openstack-lbaas | 13:24 | |
| *** yuanying has joined #openstack-lbaas | 13:24 | |
| *** redrobot has joined #openstack-lbaas | 13:24 | |
| *** ktrmzn has joined #openstack-lbaas | 13:24 | |
| *** amitry has joined #openstack-lbaas | 13:24 | |
| *** crc32_znc has joined #openstack-lbaas | 13:24 | |
| *** krotscheck has joined #openstack-lbaas | 13:24 | |
| *** ajo has joined #openstack-lbaas | 13:24 | |
| *** kfox1111 has joined #openstack-lbaas | 13:24 | |
| *** raginbajin has joined #openstack-lbaas | 13:24 | |
| *** thomasem_ has joined #openstack-lbaas | 13:24 | |
| *** hockeynut has joined #openstack-lbaas | 13:24 | |
| *** barclaac has joined #openstack-lbaas | 13:24 | |
| *** lmiccini has joined #openstack-lbaas | 13:24 | |
| *** cgross has joined #openstack-lbaas | 13:24 | |
| *** mhayden has joined #openstack-lbaas | 13:24 | |
| *** intr1nsic has joined #openstack-lbaas | 13:24 | |
| *** bharathm has joined #openstack-lbaas | 13:24 | |
| *** ctracey has joined #openstack-lbaas | 13:24 | |
| *** clduser has joined #openstack-lbaas | 13:24 | |
| *** mestery has joined #openstack-lbaas | 13:24 | |
| *** Kiall has joined #openstack-lbaas | 13:24 | |
| *** _laco has joined #openstack-lbaas | 13:24 | |
| *** haleyb has joined #openstack-lbaas | 13:24 | |
| *** bradjones has joined #openstack-lbaas | 13:24 | |
| *** lunarlamp has joined #openstack-lbaas | 13:24 | |
| *** eezhova has joined #openstack-lbaas | 13:24 | |
| *** itsuugo has joined #openstack-lbaas | 13:24 | |
| *** reedip has joined #openstack-lbaas | 13:24 | |
| *** ptoohill has joined #openstack-lbaas | 13:24 | |
| *** Dave has joined #openstack-lbaas | 13:24 | |
| *** HenryG has joined #openstack-lbaas | 13:24 | |
| *** markvan has joined #openstack-lbaas | 13:24 | |
| *** kevinbenton has joined #openstack-lbaas | 13:24 | |
| *** bedis has joined #openstack-lbaas | 13:24 | |
| *** zigo has joined #openstack-lbaas | 13:24 | |
| *** jidar has joined #openstack-lbaas | 13:24 | |
| *** elarson has joined #openstack-lbaas | 13:24 | |
| *** xgerman_ is now known as xgerman | 13:24 | |
| *** amitry has quit IRC | 13:27 | |
| *** dougwig_ is now known as dougwig | 13:29 | |
| *** amitry has joined #openstack-lbaas | 13:31 | |
| *** yamamoto has quit IRC | 13:34 | |
| *** banszmar has quit IRC | 13:34 | |
| *** links has quit IRC | 13:35 | |
| *** Kiall has quit IRC | 13:36 | |
| *** Kiall has joined #openstack-lbaas | 13:37 | |
| *** yamamoto has joined #openstack-lbaas | 13:41 | |
| mestery | banszmar: have at it, I don't work on ODL any longer. | 13:42 |
| *** nmagnezi has quit IRC | 13:49 | |
| *** nmagnezi has joined #openstack-lbaas | 13:49 | |
| *** banszmar has joined #openstack-lbaas | 13:51 | |
| *** prabampm has joined #openstack-lbaas | 14:15 | |
| *** ducttape_ has joined #openstack-lbaas | 14:36 | |
| *** diogogmt has quit IRC | 14:39 | |
| *** kobis has quit IRC | 14:42 | |
| *** kobis has joined #openstack-lbaas | 14:46 | |
| *** kobis has quit IRC | 14:47 | |
| *** pcaruana has quit IRC | 15:06 | |
| *** mixos has joined #openstack-lbaas | 15:09 | |
| nmagnezi | dougwig, ping re: haproxy | 15:10 |
| dougwig | nmagnezi: ack | 15:10 |
| *** links has joined #openstack-lbaas | 15:14 | |
| *** mixos has quit IRC | 15:21 | |
| *** Bjoern_ has joined #openstack-lbaas | 15:21 | |
| *** Purandar has joined #openstack-lbaas | 15:22 | |
| *** links has quit IRC | 15:25 | |
| *** mixos has joined #openstack-lbaas | 15:26 | |
| *** diogogmt has joined #openstack-lbaas | 15:28 | |
| *** TrevorV has joined #openstack-lbaas | 15:29 | |
| *** armax has joined #openstack-lbaas | 15:36 | |
| *** mixos has quit IRC | 15:40 | |
| *** armax has quit IRC | 15:41 | |
| openstackgerrit | Nir Magnezi proposed openstack/neutron-lbaas: (WIP) Adds option to auto reschedule loadbalancers from dead lbaas agents https://review.openstack.org/299998 | 15:42 |
| nmagnezi | hi dougwig, still around? | 15:42 |
| dougwig | nmagnezi: what's up? | 15:48 |
| nmagnezi | dougwig, hi :) | 15:49 |
| nmagnezi | dougwig, following to a chat we had number of weeks ago, I have submitted this https://review.openstack.org/299998 | 15:49 |
| nmagnezi | dougwig, also, wanted to ask for your opinion about https://bugs.launchpad.net/neutron/+bug/1565801 | 15:50 |
| openstack | Launchpad bug 1565801 in neutron "[RFE] Add process monitor for haproxy" [Undecided,New] | 15:50 |
| nmagnezi | dougwig, should we go with an RFE path for the latter? | 15:50 |
| *** bana_k has joined #openstack-lbaas | 15:51 | |
| *** anilvenkata has quit IRC | 15:52 | |
| *** mixos has joined #openstack-lbaas | 15:52 | |
| *** mixos has quit IRC | 15:56 | |
| nmagnezi | dougwig, ? | 15:57 |
| nmagnezi | dougwig, going offline. catch you later | 15:59 |
| dougwig | nmagnezi: one sec | 15:59 |
| nmagnezi | dougwig, aye | 15:59 |
| *** mixos has joined #openstack-lbaas | 16:00 | |
| dougwig | nmagnezi: check with kevinbenton about how we're handling that with other agents. i don't want to invent some new scheme if we already have one. | 16:00 |
| nmagnezi | dougwig, there is something very similar to this in l3 agent | 16:01 |
| nmagnezi | dougwig, we have a server side loop spawned if allow_automatic_l3agent_failover=True to reschedule routers from deal l3 agents. | 16:02 |
| johnsom | nmagnezi You might look at my upstart script in Octavia. It auto-restarts haproxy | 16:02 |
| nmagnezi | johnsom, cloud you elaborate? | 16:03 |
| johnsom | https://github.com/openstack/octavia/blob/master/octavia/amphorae/backends/agent/api_server/templates/upstart.conf.j2 | 16:03 |
| johnsom | nmagnezi Upstart will respawn haproxy in the Octavia Amphora. If you want to take it to the next level, you can use active/standby in Octavia. | 16:05 |
| *** diogogmt_ has joined #openstack-lbaas | 16:06 | |
| nmagnezi | johnsom, this is a solution for octavia, but can it be used for haproxy in namepsace? (with regular lbaasv2 agent) | 16:06 |
| *** diogogmt has quit IRC | 16:07 | |
| *** diogogmt_ is now known as diogogmt | 16:07 | |
| johnsom | It could be adapted easily I think. | 16:07 |
| nmagnezi | johnsom, aye, but as ajo said it's distro specific | 16:08 |
| ajo | hi johnsom nmagnezi :) | 16:08 |
| ajo | I need to leave now :) | 16:08 |
| nmagnezi | actually me too | 16:08 |
| ajo | johnsom, in other agents with spawn processes we use the neutron process monitor, it's rather simple | 16:08 |
| nmagnezi | dougwig, i will speak with kevinbenton but please see what I also wrote here and in the commit msg :) | 16:08 |
| ajo | johnsom, for the amphora (if looking only to ubuntu) I guess upstart does a good job, | 16:09 |
| ajo | probably when looking at other amphoraed distros we may need systemd I guess... :) and nothing if we had containers :) | 16:09 |
| johnsom | Sure. I just wanted to highlight an option. Systemd has something similar | 16:09 |
| ajo | :) | 16:10 |
| ajo | johnsom, you mean the respawn ? | 16:11 |
| johnsom | Yes | 16:11 |
| ajo | we looked at something like this, but when we wrote ProcessMonitor I think systemd was not widely available, | 16:11 |
| johnsom | Yep, agreed | 16:12 |
| ajo | may be it's something we can revisit I'll think about it | 16:12 |
| ajo | thanks for the feedback :) | 16:12 |
| ajo | but anyway, I believe we should just use the ProcessMonitor interface, and may be write another driver to use systemd for example | 16:12 |
| ajo | or upstart | 16:12 |
| ajo | or whatever the distro has | 16:12 |
| ajo | that'd be cool :) | 16:12 |
| *** nmagnezi has quit IRC | 16:13 | |
| *** fawadkhaliq has joined #openstack-lbaas | 16:21 | |
| *** fawadkhaliq has quit IRC | 16:22 | |
| *** numan_ has quit IRC | 16:25 | |
| *** armax has joined #openstack-lbaas | 16:30 | |
| *** Alex_Stef has quit IRC | 16:31 | |
| *** Alex_Stef has joined #openstack-lbaas | 16:31 | |
| *** piet has joined #openstack-lbaas | 16:33 | |
| *** jschwarz has quit IRC | 16:35 | |
| *** mixos has quit IRC | 16:37 | |
| *** mixos has joined #openstack-lbaas | 16:38 | |
| *** mixos has quit IRC | 16:40 | |
| *** bana_k has quit IRC | 16:49 | |
| openstackgerrit | Lucas Palm proposed openstack/neutron-lbaas-dashboard: Show the member status properties https://review.openstack.org/299629 | 16:53 |
| *** Bjoern_ is now known as Bjoern_zZzZzZzZ | 16:57 | |
| *** cody-somerville has joined #openstack-lbaas | 17:01 | |
| *** cody-somerville has quit IRC | 17:04 | |
| *** cody-somerville has joined #openstack-lbaas | 17:05 | |
| *** cody-somerville has quit IRC | 17:05 | |
| *** cody-somerville has joined #openstack-lbaas | 17:05 | |
| *** bana_k has joined #openstack-lbaas | 17:06 | |
| *** cody-somerville has quit IRC | 17:08 | |
| *** cody-somerville has joined #openstack-lbaas | 17:09 | |
| *** Alex_Stef has quit IRC | 17:17 | |
| bana_k | hi, Is there any option in laabs v1 to restrict the traffic from some particular subnet? | 17:22 |
| *** Bjoern_zZzZzZzZ is now known as Bjoern_ | 17:39 | |
| *** davidlenwell has quit IRC | 17:42 | |
| *** kevo has joined #openstack-lbaas | 17:48 | |
| *** haleyb has quit IRC | 17:48 | |
| *** davidlenwell has joined #openstack-lbaas | 17:49 | |
| *** reedip__ has quit IRC | 17:52 | |
| *** haleyb has joined #openstack-lbaas | 18:01 | |
| *** diogogmt_ has joined #openstack-lbaas | 18:04 | |
| *** ihrachys has quit IRC | 18:04 | |
| *** Purandar has quit IRC | 18:04 | |
| *** Purandar has joined #openstack-lbaas | 18:06 | |
| *** diogogmt has quit IRC | 18:06 | |
| *** diogogmt_ is now known as diogogmt | 18:06 | |
| *** mixos has joined #openstack-lbaas | 18:11 | |
| *** yamamoto has quit IRC | 18:12 | |
| *** yamamoto has joined #openstack-lbaas | 18:16 | |
| *** diogogmt has quit IRC | 18:17 | |
| *** piet has quit IRC | 18:21 | |
| *** yamamoto has quit IRC | 18:21 | |
| *** piet has joined #openstack-lbaas | 18:27 | |
| *** diogogmt has joined #openstack-lbaas | 18:29 | |
| *** mixos has quit IRC | 18:31 | |
| *** ChrisBenson has joined #openstack-lbaas | 18:35 | |
| *** Bjoern_ has quit IRC | 18:35 | |
| *** crc32 has joined #openstack-lbaas | 18:37 | |
| *** rcernin has quit IRC | 18:41 | |
| *** mixos has joined #openstack-lbaas | 18:41 | |
| *** yamamoto has joined #openstack-lbaas | 18:46 | |
| *** ihrachys has joined #openstack-lbaas | 18:52 | |
| *** mixos has quit IRC | 18:52 | |
| *** yamamoto has quit IRC | 18:54 | |
| *** mixos has joined #openstack-lbaas | 18:56 | |
| *** mixos has quit IRC | 19:04 | |
| *** mixos has joined #openstack-lbaas | 19:05 | |
| *** crc32 has quit IRC | 19:15 | |
| *** crc32 has joined #openstack-lbaas | 19:15 | |
| *** yamamoto has joined #openstack-lbaas | 19:24 | |
| *** yamamoto has quit IRC | 19:24 | |
| *** yamamoto has joined #openstack-lbaas | 19:31 | |
| *** yamamoto has quit IRC | 19:36 | |
| *** crc32 has quit IRC | 19:36 | |
| *** crc32 has joined #openstack-lbaas | 19:37 | |
| *** ajmiller has quit IRC | 19:57 | |
| *** crc32 has quit IRC | 19:57 | |
| *** crc32 has joined #openstack-lbaas | 19:58 | |
| *** mixos has quit IRC | 20:00 | |
| *** ajmiller has joined #openstack-lbaas | 20:04 | |
| *** mixos has joined #openstack-lbaas | 20:09 | |
| *** mixos has quit IRC | 20:14 | |
| *** crc32 has quit IRC | 20:18 | |
| *** crc32 has joined #openstack-lbaas | 20:19 | |
| *** prabampm has quit IRC | 20:24 | |
| *** yamamoto has joined #openstack-lbaas | 20:30 | |
| *** prabampm has joined #openstack-lbaas | 20:31 | |
| *** yamamoto has quit IRC | 20:36 | |
| *** crc32 has quit IRC | 20:39 | |
| *** ihrachys has quit IRC | 20:39 | |
| *** crc32 has joined #openstack-lbaas | 20:40 | |
| *** divya has joined #openstack-lbaas | 20:56 | |
| *** yamamoto has joined #openstack-lbaas | 21:01 | |
| *** yamamoto has quit IRC | 21:06 | |
| *** piet has quit IRC | 21:17 | |
| *** kong has quit IRC | 21:18 | |
| *** kong has joined #openstack-lbaas | 21:19 | |
| *** rtheis has quit IRC | 21:21 | |
| *** Purandar has quit IRC | 21:34 | |
| *** GreenGraph has joined #openstack-lbaas | 21:40 | |
| *** GreenGraph has quit IRC | 21:40 | |
| *** yamamoto has joined #openstack-lbaas | 21:46 | |
| *** yamamoto has quit IRC | 21:50 | |
| *** matt-borland has quit IRC | 21:52 | |
| *** neelashah has quit IRC | 21:53 | |
| *** ducttape_ has quit IRC | 21:56 | |
| *** Purandar has joined #openstack-lbaas | 22:06 | |
| *** reedip__ has joined #openstack-lbaas | 22:08 | |
| *** yamamoto_ has joined #openstack-lbaas | 22:31 | |
| *** woodster_ has joined #openstack-lbaas | 22:34 | |
| *** yamamoto_ has quit IRC | 22:35 | |
| *** crc32 has quit IRC | 22:36 | |
| *** diogogmt has quit IRC | 22:48 | |
| *** diogogmt has joined #openstack-lbaas | 22:51 | |
| *** yamamoto_ has joined #openstack-lbaas | 23:16 | |
| *** yamamoto_ has quit IRC | 23:21 | |
| *** ChrisBenson has quit IRC | 23:42 | |
| *** TrevorV has quit IRC | 23:46 | |
| openstackgerrit | Trevor Vardeman proposed openstack/neutron-lbaas: WIP - Get Me A LB https://review.openstack.org/257201 | 23:50 |
| *** yamamoto_ has joined #openstack-lbaas | 23:50 | |
| *** ajmiller has quit IRC | 23:58 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!