Thursday, 2017-01-05

« Wednesday, 2017-01-04 Index Friday, 2017-01-06 »
johnsomWell, I guess that would still leave it listening to everything, so probably not it.00:00
johnsomMight just be a strange dhcpd behavior on that platform where it automagically changes your route00:00
*** TrevorV has quit IRC00:02
rm_workthis is before the agent gets called00:03
rm_workso the VM is just sitting there00:03
rm_workworking00:03
rm_workthen the neutron plug happens00:04
rm_workand then no longer working00:04
rm_worki think it's something with the local network setup here00:04
rm_workso ignore me for a bit00:04
johnsomOk, for your notes for later, I would poke around in the dhcp hooks we adjust in those links above.  I bet the issue is in one of those scripts...00:08
*** fnaval has quit IRC00:09
*** ducttape_ has quit IRC00:11
*** ducttape_ has joined #openstack-lbaas00:11
openstackgerritMichael Johnson proposed openstack/octavia: Adds diskimage-create scripts to pypi package  https://review.openstack.org/41678200:13
rm_worklooks like it's an issue with the code that updates the security groups T_T00:16
*** ducttape_ has quit IRC00:25
*** amotoki has quit IRC00:34
*** gongysh has quit IRC00:47
openstackgerritJingLiu proposed openstack/octavia: Set access_policy for messaging's dispatcher  https://review.openstack.org/41639400:49
*** ducttape_ has joined #openstack-lbaas00:51
*** ducttape_ has quit IRC00:52
*** ducttape_ has joined #openstack-lbaas00:52
*** kong_ is now known as kong01:00
*** madhu_Ak has joined #openstack-lbaas01:03
openstackgerritMichael Johnson proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079401:05
openstackgerritMichael Johnson proposed openstack/octavia: Set access_policy for messaging's dispatcher  https://review.openstack.org/41639401:07
*** yamamoto has joined #openstack-lbaas01:09
*** madhu_Ak has quit IRC01:09
*** yamamoto has quit IRC01:18
*** yamamoto has joined #openstack-lbaas01:18
*** kevo has quit IRC01:26
rm_workoh hey johnsom last one for today if you're still here01:30
rm_workjohnsom: when you plug the VIP with allowed_address_pairs...01:31
*** bana_k has quit IRC01:31
johnsomStill here01:31
rm_work`openstack server show` shows me two addresses, the management IP and .... another IP that's not quite the VIP IP01:32
rm_workand in the netns, it binds the "not quite the VIP IP" to eth1, and eth1:0 is the working VIP IP01:32
rm_workis that *normal*?01:32
johnsomYes, it is normal.  That is how the allowed address pairs stuff works01:33
rm_workalright01:33
rm_workweird01:33
rm_workwell, everything is working then :P01:33
rm_workjust ... weird01:33
*** yamamoto has quit IRC01:33
johnsom"not quite" eth1 is the base address, a fixed address on the network/subnet.  eth1:0 is the vrrp address that moves between the hosts.01:33
johnsomserver show probably doesn't know/understand the allowed address pairs implementation in neutron.01:34
*** yamamoto has joined #openstack-lbaas01:34
johnsomneutron has the eth1:0 vrrp address configured the same on both ports as the "allowed address pair" IP.01:35
rm_workhmm01:36
rm_workso there's no network driver written for NOT using AAP?01:36
johnsomCorrect01:37
*** ducttape_ has quit IRC01:37
rm_workThe implementation I'm looking at would be more like: Every AMP gets a VIP plugged that is just a normal single VIP; then the LB gets a FLIP created and the FLIP is what points to the amp's VIP01:37
rm_workso the *LB*'s VIP would be the FLIP01:37
johnsomIt would mean you couldn't do Active/Standby.  It also makes the haproxy non local address binding stuff a bit odd01:37
johnsomSo no active/standby or you want to move the flip to fail over???01:38
rm_workmove the FLIP01:38
johnsomUgh, really.01:39
johnsomYou know those failover times are horrible right?01:39
rm_workyeah :/01:39
rm_workwell01:39
rm_workthe AAP is *working* but01:39
rm_worknot every VM that comes up will be routable to the subnet01:39
rm_worklike01:39
rm_workthe replacement VM on a failover might come up on a different subnet01:40
rm_workwithout access to the original subnet, so plugging that port wouldn't work01:40
rm_workI mean like, physically unconnectable (hypervisor doesn't have routing for that subnet at TOR)01:40
rm_workmaybe ensuring it comes up in the same AZ would fix that?01:41
johnsomI do need to run, maybe we should have a hangout tomorrow and talk through this.01:41
rm_workI think I *might* have some sort of guarantee that it'd work if i force it into the same AZ01:41
rm_workyeah it's interesting01:41
rm_workI have a lot of my day blocked off for various meetings, but I am curious if you've seen this be an issue anywhere else01:41
rm_workI'll verify whether same-AZ would fix it01:41
rm_workand then yeah we can chat01:42
johnsomWell, kind of the point of the vip is to be hot plugged into the amp, so....  Worried about going down a bad path here and Act/Stndby/failover not working01:42
*** yamamoto has quit IRC01:43
rm_workwell, no tenant networks here >_>01:43
johnsomSo, yeah, a chat through it would be good just to make sure you end up with the best solution.01:43
rm_workand the end user has no idea what subnets will even be routable on whatever host is picked for their amphora01:43
rm_workwhich is why i had to tweak it to actually make VIP optional on create, and autodetect the subnet based on what was plugged for management-net01:44
rm_workand had to change it to boot without specifying a subnet, and fill the subnet info for the amp based on what the scheduler chose >_>01:44
*** ducttape_ has joined #openstack-lbaas01:45
*** yamamoto has joined #openstack-lbaas01:49
*** yamamoto has quit IRC01:52
*** yamamoto has joined #openstack-lbaas01:54
*** gongysh has joined #openstack-lbaas02:00
openstackgerritZhaoBo proposed openstack/octavia: Fix multi-typo error in Octavia  https://review.openstack.org/41517202:05
openstackgerritZhaoBo proposed openstack/neutron-lbaas: Raise VipNetworkInvalid when create lb with no-subnets vipnet  https://review.openstack.org/41567302:06
*** yamamoto has quit IRC02:11
*** ducttape_ has quit IRC02:21
*** ducttape_ has joined #openstack-lbaas02:23
openstackgerritZhaoBo proposed openstack/octavia: Fix multi-typo error in Octavia  https://review.openstack.org/41517202:57
*** harlowja has quit IRC03:05
openstackgerritZhaoBo proposed openstack/octavia: Add check when plug vrrp port in LB creation  https://review.openstack.org/41651903:17
*** yamamoto has joined #openstack-lbaas03:20
*** amotoki has joined #openstack-lbaas03:30
*** links has joined #openstack-lbaas03:40
*** madhu_ak has joined #openstack-lbaas03:49
*** ducttape_ has quit IRC03:55
openstackgerritZhaoBo proposed openstack/octavia: Fix multi-typo error in Octavia  https://review.openstack.org/41517203:58
*** csomerville has joined #openstack-lbaas04:14
*** cody-somerville has quit IRC04:17
*** ducttape_ has joined #openstack-lbaas04:46
*** madhu_ak has quit IRC04:56
openstackgerritOpenStack Proposal Bot proposed openstack/neutron-lbaas: Updated from global requirements  https://review.openstack.org/41597505:09
openstackgerritOpenStack Proposal Bot proposed openstack/octavia: Updated from global requirements  https://review.openstack.org/41597905:11
*** ducttape_ has quit IRC05:15
reedipanyone available?05:49
*** ducttape_ has joined #openstack-lbaas06:15
rm_workreedip: kinda? o/06:20
*** ducttape_ has quit IRC06:20
*** gcheresh_ has joined #openstack-lbaas06:24
openstackgerritCao Xuan Hoang proposed openstack/octavia: Fix a typo in octavia/common/tls_utils/cert_parser.py  https://review.openstack.org/41685006:27
*** korean101 has joined #openstack-lbaas06:39
korean101hi guys.06:40
korean101anyone know this message? (CertificateGenerationException: Could not sign the certificate request: Failed to load /etc/octavia/certs/ca_01.pem)06:40
korean101i use RDO on CentOS 7.06:40
korean101and I copy 'certs directory' from DEVSTACK to my CentOS 7 server06:41
openstackgerritMerged openstack/octavia: Remove MANIFEST.in from repo  https://review.openstack.org/41647806:41
openstackgerritMerged openstack/octavia: Do not use log hints for exceptions  https://review.openstack.org/41564606:42
openstackgerritMerged openstack/octavia: Save neutron calls if plugin does not support dns-integration  https://review.openstack.org/41564406:42
korean101i also use Newton Releases06:42
korean101anyone help me?06:42
rm_workkorean101: and the file is actually exactly there? /etc/octavia/certs/ca_01.pem06:44
rm_workAnd the contents are actually a valid x509 certificate?06:44
korean101# file /etc/octavia/certs/ca_01.pem06:45
korean101/etc/octavia/certs/ca_01.pem: PEM certificate06:45
korean101-----BEGIN CERTIFICATE-----06:45
korean101rm_work: yes06:45
korean101rm_work: hi there06:45
korean101rm_work: i just copy that directory from DEVSTACK06:45
korean101rm_work: use scp command06:46
rm_workopenssl x509 -in /etc/octavia/certs/ca_01.pem -text06:46
rm_workit can load correctly?06:46
rm_workon that machine06:46
korean101rm_work: yes (http://paste.openstack.org/show/593947/)06:46
korean101rm_work: on CentOS 7 machine06:46
rm_workpermissions?06:47
korean101-rw-r--r--06:47
rm_workotherwise, the error it is showing may be masking a different issue06:47
rm_workdoes it give you a traceback?06:47
korean101rm_work: hmmm... i succeed deploy a test VM06:47
korean101rm_work: not any other ERRORs on logs06:48
rm_workis debug on?06:48
korean101rm_work: no06:48
rm_workpossibly turn on debug and check the output from the controller-worker06:49
korean101rm_work: turn on that option?06:49
korean101rm_work: ok. 1 minutes...06:49
korean101rm_work: debug on messages (http://paste.openstack.org/show/593948/)06:51
*** bana_k has joined #openstack-lbaas06:53
rm_workcongrats, you found a bug!06:54
rm_workkorean101: the error message there is wrong06:55
rm_workit should be telling you it can't open the private key06:55
rm_workprobably it has a passcode (the default from devstack is "foobar" which you don't have set06:55
rm_workca_private_key_passphrase = foobar06:55
korean101rm_work: yes. i miss 'foobar'06:56
rm_workyou can: file a bug; file a bug and fix it; just fix it; ignore this and hope someone else (probably me) remembers to do it later06:56
rm_work:P06:56
rm_workeh I can probably do it now quickly06:56
rm_workunless you want to :)06:57
rm_workugh another bug in here, wtf happened to this file06:58
korean101rm_work: i set 'certificates ca_private_key_passphrase = foobar'06:59
rm_workoh, actually it looks like in this case, it can't find the file07:00
rm_workthough you do need to set that :)07:00
rm_workit's just not the problem *now*07:00
korean101rm_work: but i got a same messages...07:00
rm_workyeah, because07:01
rm_workthere's a bug in the log file07:01
rm_workerr, log message07:01
korean101rm_work: ah...07:01
rm_workunfortunately it's just not printing the correct filename07:01
rm_workin devstack I have:07:01
rm_workca_private_key = /etc/octavia/certs/private/cakey.pem07:01
rm_workis that where the file is for you?07:02
rm_workand what do you have in your config?07:02
rm_workmake sure that is set properly for where you put the file07:02
korean101# grep pem /etc/octavia/octavia.conf07:02
korean101ca_private_key = /etc/octavia/certs/private/cakey.pem07:02
korean101ca_certificate = /etc/octavia/certs/ca_01.pem07:02
korean101server_ca = /etc/octavia/certs/ca_01.pem07:02
korean101client_cert = /etc/octavia/certs/client.pem07:02
rm_workis THAT file there, and what are the permissions on it?07:02
openstackgerritZhaoBo proposed openstack/octavia: Add check when plug vrrp port in LB creation  https://review.openstack.org/41651907:02
korean101rm_work: yes all exists... and -rw-r--r--07:03
rm_work /etc/octavia/certs/private/cakey.pem07:03
rm_workwhat about the directory it's in?07:03
*** Alex_Stef has joined #openstack-lbaas07:04
korean101rm_work: what directories?07:04
rm_workls -ld /etc/octavia/certs/private07:04
korean101rm_work: drwx------ 2 root root 23  1월  4 17:31 /etc/octavia/certs/private07:04
rm_workyeah07:05
rm_workwhat user is running octavia-worker?07:05
*** pcaruana has joined #openstack-lbaas07:05
korean101rm_work: octavia user07:05
rm_workyeah07:05
rm_workit can't access that directory07:05
rm_workeither: chmod go+rx /etc/octavia/certs/private07:06
rm_workor07:06
korean101rm_work: (http://paste.openstack.org/show/593954/)07:06
rm_workchmod g+rx /etc/octavia/certs/private && chgrp octavia /etc/octavia/certs/private07:06
rm_workone of those two commands will fix it07:07
rm_workdepending on how you want to handle security07:07
*** tesseract has joined #openstack-lbaas07:09
korean101rm_work: OMG!!! resolved!07:09
rm_work:)07:09
korean101rm_work: OMG. geninus guy!07:09
korean101rm_work: but i got "PENDING_CREATE"07:09
korean101rm_work: you still fix that bugs?07:10
rm_workheh, time for the next problem :)07:10
rm_workerr, well, it does need to create, right?07:10
rm_workhopefully it'll go active?07:10
openstackgerritAdam Harwell proposed openstack/octavia: Correcting error message for CA Key validation failure  https://review.openstack.org/41686907:10
korean101rm_work: nope. changed error07:10
rm_workah :/07:10
rm_workcheck controller worker log again07:11
korean101rm_work: http://paste.openstack.org/show/593955/07:11
korean101rm_work: worker.log        2017-01-05 16:09:34.603 7469 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.07:12
rm_workyeah that is normal07:12
rm_workit may print that LOTS of times07:12
rm_workwhat is after that?07:13
korean101rm_work: yes. couple of times07:13
korean101rm_work: 2017-01-05 16:10:20.130 7469 INFO octavia.controller.worker.tasks.database_tasks [-] Mark ACTIVE in DB for load balancer id: 8ef3c38b-06ec-4b45-b52a-4f8a84d1f78c07:13
korean101rm_work: last message07:13
rm_workprobably pastebin07:13
rm_workerr07:13
rm_workthen it should be active :) not error07:13
rm_workthat all looks good!07:13
rm_workmaybe it broke inside neutron-lbaas during the return? :/07:13
korean101rm_work: wait. i got neutron server log07:14
rm_workif that's the last thing in the worker log, then it was created successfully by octavia07:15
korean101rm_work: i use DVR07:16
korean101rm_work: is still problem?07:16
rm_workhmm07:16
rm_workI don't know if we ever resolved the DVR bug07:16
korean101rm_work: OMG07:17
korean101rm_work: i got ACTIVE message07:17
korean101rm_work: | 1a634f37-ba17-414c-a1a3-27f3423955ba | test-lb | 10.0.0.3    | ACTIVE              | octavia  |07:17
rm_workI am fairly certain we did not, in fact07:17
rm_workbut johnsom can say for sure in the morning07:17
rm_workhmm07:17
rm_workwell, that's good :P07:17
*** rcernin has joined #openstack-lbaas07:17
rm_workbut, it went to ERROR first, then ACTIVE? >_>07:17
rm_workweird07:17
korean101rm_work: nope07:17
korean101rm_work: delete lb and recreate LB07:17
rm_workah07:18
rm_workweird07:18
korean101rm_work: yes07:18
korean101rm_work: I try to test many times create LB07:18
korean101rm_work: and report to you07:18
*** kobis has joined #openstack-lbaas07:25
*** armax has joined #openstack-lbaas07:30
reediprm_work : I am trying to create Loadbalancer v2 on devstack. the loadbalancers are changiung status from PENDING_CREATE to ERROR07:30
*** bana_k has quit IRC07:31
*** anilvenkata has joined #openstack-lbaas07:36
rm_workreedip: what is happening in the octavia worker log?07:40
reediprm_work : where's that ? I cannot find it07:41
reedipsorry for disturbing you so late (??? )07:41
rm_workreedip: in devstack it should be in /opt/stack/logs/o-cw.log07:41
reediprm_work : okay, got a Traceback there07:43
reediprm_work: http://paste.openstack.org/show/593961/07:44
rm_workhmmm07:45
rm_workthat's odd07:45
rm_workI can't tell if that's from the Amp's cert (from configdrive) or if it's the local cert, but something isn't loading right07:46
rm_workI guess double-check your certs? :/07:46
*** ducttape_ has joined #openstack-lbaas07:46
rm_workwait, this is from devstack?07:46
rm_workuhh07:47
rm_workIf you have a clean devstack you should not be seeing that07:47
reedipyes this is from a freshly deployed devstack :(07:48
*** openstackgerrit has quit IRC07:50
*** ducttape_ has quit IRC07:51
korean101rm_work: i tested 2 VMs + 1 LB07:57
korean101rm_work: greatly works!07:57
korean101rm_work: thanks07:57
korean101rm_work: but Associating a floating IP address FAILED...07:58
korean101rm_work: perhaps DVR + Octavia (http://paste.openstack.org/show/593966/)07:58
korean101rm_work: DVR fip problem still exists...07:58
korean101rm_work: so sad...07:59
korean101johnsom: HI. DVR bugs not fixed yes? (https://bugs.launchpad.net/neutron/+bug/1583694)08:03
openstackLaunchpad bug 1583694 in neutron "[RFE] DVR support for Allowed_address_pair port that are bound to multiple ACTIVE VM ports" [Wishlist,Triaged] - Assigned to Swaminathan Vasudevan (swaminathan-vasudevan)08:03
rm_worklooks true08:08
korean101rm_work: hmmmmmmmm. so saaaaaaad08:09
*** armax has quit IRC08:13
rm_workone of these days someone who actually needs DVR will take a look and fix it :P08:18
*** openstackgerrit has joined #openstack-lbaas08:20
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology: Initial Distributor Noop Driver  https://review.openstack.org/31300608:20
reediprm_work : any suggestions how to proceed forward?08:21
*** armax has joined #openstack-lbaas08:22
*** jsheeren has joined #openstack-lbaas08:26
rm_workreedip: not sure what's up with your certs...08:27
reediprm_work : any way to clear and then reissue them ?08:27
rm_workyeah, you can re-run the cert creation script08:27
rm_worki forget exactly how it expects to be run, but you can check plugin.py08:28
rm_worksource $OCTAVIA_DIR/bin/create_certificates.sh $OCTAVIA_CERTS_DIR $OCTAVIA_DIR/etc/certificates/openssl.cnf08:28
rm_workI guess08:28
rm_workso set that stuff and run it :P08:28
korean101rm_work: i wanna fix it. but i can't  hmmmmmmm08:32
rm_workkorean101: how much time have you spent trying? :P08:32
*** kevo has joined #openstack-lbaas08:33
*** openstackgerrit has quit IRC08:33
korean101rm_work: never try08:33
korean101rm_work: just try to deploy openstack08:33
*** Deep_Thought has joined #openstack-lbaas08:37
Deep_ThoughtHello, is it possible to have a active / passive setup with the ha proxy driver of the loadbalancer?08:38
Deep_ThoughtI mean, in the lb methods, having 'actif passif'. Because the three methods I see (least connections, round robin and source ip) seem to be active / active08:40
rm_workactive/passive vs active/active isn't a loadbalancing algorithm08:48
rm_workit's configured as part of the service08:48
rm_workoh, you mean you want some backend nodes to receive no traffic unless all the others are down?08:48
Deep_Thoughtrm_work: exactly yes08:49
rm_workI think I've heard that referred to as Primary/Secondary but I don't think that's the industry term (not sure what is)08:49
rm_workI don't know that it's supported?08:49
Deep_ThoughtA bit like what keepalived does08:49
rm_workThough, I wonder if you can use weighting08:49
Deep_Thoughtwhis a MASTER and SLAVE role08:50
rm_workmaybe if you have weight zero nodes it wouldn't use them unless all nodes were equally weight zero? not sure, probably not correct :P08:50
rm_worki'm actually weird, the API is missing weight for add-member-to-pool >_>08:51
rm_workerr, it's actually weird08:52
rm_workmaybe freudian slip :P08:52
rm_workhttp://developer.openstack.org/api-ref/networking/v2/?expanded=add-member-to-pool-detail08:52
Deep_Thoughtrm_work: let's test ^^08:54
rm_workit claims with weight zero it won't use them for LB08:54
rm_workbut08:54
rm_worki wonder if that's true if they're the only members08:54
rm_workif it's ok for SOME requests to go through, you could do weights like.... 256 and 108:56
rm_workbut that's not great08:56
rm_workI know Rackspace CLB does what you want, which means some providers obviously have the option -- I just don't think we expose it in neutron-lbaas08:57
Deep_ThoughtBut it's present in the driver, right?08:57
rm_workI ... don't know08:57
Deep_Thoughtok08:57
Deep_ThoughtI'll do some tests and report back here08:58
Deep_Thoughtthanks08:58
rm_workI know we don't have that option exposed in Octavia08:59
rm_workI don't pay close attention to neutron-lbaas enough :/08:59
*** kevo has quit IRC09:08
*** yamamoto has quit IRC09:14
*** armax has quit IRC09:14
*** ducttape_ has joined #openstack-lbaas09:17
Deep_Thoughtrm_work: If a node's weight is 0 and the other node'sweight is != 0, the node with weight 0 receives no traffic at all. But if the node whose weight is != 0 is turned off, the other node doesn't get traffic anyway09:20
rm_workheh09:21
rm_workI was wondering if that was the case09:21
*** ducttape_ has quit IRC09:21
Deep_ThoughtIf all weights are zero then no traffic is sent at all :)09:28
Deep_ThoughtLet's test with weights 1 and 25609:28
rm_workthat should work but 1/256 requests will go to the other nodes :/09:35
Deep_Thoughtrm_work: it works fine09:42
Deep_Thought1 request is acceptable09:42
Deep_Thoughtso problem solved, thank you !09:42
*** openstackgerrit has joined #openstack-lbaas09:47
openstackgerritOpenStack Proposal Bot proposed openstack/octavia: Updated from global requirements  https://review.openstack.org/41597909:47
*** amotoki has quit IRC09:55
*** yamamoto has joined #openstack-lbaas09:59
*** yamamoto_ has joined #openstack-lbaas10:02
*** yamamoto has quit IRC10:06
*** nmagnezi has joined #openstack-lbaas10:06
*** yamamoto_ has quit IRC10:08
*** openstack has joined #openstack-lbaas10:17
*** gongysh has quit IRC10:31
*** yamamoto has joined #openstack-lbaas10:34
*** ducttape_ has joined #openstack-lbaas10:47
*** ducttape_ has quit IRC10:52
*** armax has joined #openstack-lbaas11:05
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - Initial Cluster Manager  https://review.openstack.org/40523811:09
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - Initial Distributor Noop Driver  https://review.openstack.org/31300611:09
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - create distributor network flow  https://review.openstack.org/40976311:09
openstackgerritAbed Abu dbai proposed openstack/octavia: Active-Active Topology - register/uregister amphorae tasks  https://review.openstack.org/40976511:09
openstackgerritAbed Abu dbai proposed openstack/octavia: Active-Active Topology - Cluster DB Tasks  https://review.openstack.org/40976411:09
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology OVS-based Distributor Driver  https://review.openstack.org/31762911:09
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology OVS-based Distributor Backend  https://review.openstack.org/32042211:09
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - Distributor related tasks  https://review.openstack.org/40695111:09
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE - controller network tasks  https://review.openstack.org/32348111:09
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - Distributor image creation  https://review.openstack.org/40359411:09
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE - network driver related changes  https://review.openstack.org/32249411:09
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE - distributor certificate tasks  https://review.openstack.org/40695211:09
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - distributor creation flow  https://review.openstack.org/40695311:09
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - create shared distributor  https://review.openstack.org/40695411:09
*** Alex_Stef has quit IRC11:09
*** amotoki has joined #openstack-lbaas11:16
*** armax has quit IRC11:26
*** gongysh has joined #openstack-lbaas11:45
*** ankur-gupta-f has quit IRC11:55
*** mhayden has quit IRC11:55
*** armax has joined #openstack-lbaas11:56
*** mhayden has joined #openstack-lbaas11:56
*** ankur-gupta-f has joined #openstack-lbaas11:56
*** Deep_Thought has quit IRC12:02
*** links has quit IRC12:13
*** gongysh has quit IRC12:14
*** ducttape_ has joined #openstack-lbaas12:18
*** ducttape_ has quit IRC12:22
*** links has joined #openstack-lbaas12:25
*** yamamoto has quit IRC12:36
*** catintheroof has quit IRC12:38
*** yamamoto has joined #openstack-lbaas12:38
*** catintheroof has joined #openstack-lbaas12:44
*** yamamoto has quit IRC12:52
*** armax has quit IRC12:54
*** links has quit IRC12:55
*** catintheroof has quit IRC12:57
*** catintheroof has joined #openstack-lbaas12:58
openstackgerritNir Magnezi proposed openstack/octavia: WIP - Fix the amphora-agent support for RH based Linux flavors  https://review.openstack.org/33184113:01
*** catintheroof has quit IRC13:02
*** catintheroof has joined #openstack-lbaas13:04
*** links has joined #openstack-lbaas13:07
*** ducttape_ has joined #openstack-lbaas13:09
*** Alex_Stef has joined #openstack-lbaas13:11
*** catintheroof has quit IRC13:11
Alex_StefIs there some documentation regarding single call action (configuring LB and cascading delete)13:13
nmagnezimaybe johnsom would know ^^13:18
Alex_Stefnmagnezi, tnx13:23
*** catintheroof has joined #openstack-lbaas13:47
*** ducttape_ has quit IRC13:48
*** yamamoto has joined #openstack-lbaas13:55
*** links has quit IRC14:02
*** yamamoto has quit IRC14:10
*** ducttape_ has joined #openstack-lbaas14:16
*** yamamoto has joined #openstack-lbaas14:27
*** ducttape_ has quit IRC14:43
*** saju_m has joined #openstack-lbaas14:45
*** nmagnezi_ has joined #openstack-lbaas15:00
*** jsheeren has quit IRC15:01
*** anilvenkata has quit IRC15:02
*** chlong has joined #openstack-lbaas15:05
*** ducttape_ has joined #openstack-lbaas15:14
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - Initial Cluster Manager  https://review.openstack.org/40523815:16
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - Distributor related tasks  https://review.openstack.org/40695115:16
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE - controller network tasks  https://review.openstack.org/32348115:16
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - Distributor image creation  https://review.openstack.org/40359415:16
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE - network driver related changes  https://review.openstack.org/32249415:16
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - create distributor network flow  https://review.openstack.org/40976315:16
openstackgerritAbed Abu dbai proposed openstack/octavia: Active-Active Topology - register/uregister amphorae tasks  https://review.openstack.org/40976515:16
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE - distributor certificate tasks  https://review.openstack.org/40695215:16
openstackgerritAbed Abu dbai proposed openstack/octavia: Active-Active Topology - Cluster DB Tasks  https://review.openstack.org/40976415:16
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - distributor creation flow  https://review.openstack.org/40695315:16
openstackgerritAbed Abu dbai proposed openstack/octavia: ACTIVE-ACTIVE Topology - create shared distributor  https://review.openstack.org/40695415:16
*** matt-borland has joined #openstack-lbaas15:24
*** fnaval has joined #openstack-lbaas15:25
*** fnaval_ has joined #openstack-lbaas15:27
*** fnaval__ has joined #openstack-lbaas15:28
*** fnaval__ has quit IRC15:28
*** fnaval has quit IRC15:30
*** fnaval has joined #openstack-lbaas15:31
*** saju_m has quit IRC15:31
*** catintheroof has quit IRC15:32
*** fnaval_ has quit IRC15:33
*** ducttape_ has quit IRC15:37
*** reedip_outofmemo has joined #openstack-lbaas15:49
*** ducttape_ has joined #openstack-lbaas15:49
*** TrevorV has joined #openstack-lbaas15:56
*** nmagnezi_ has quit IRC16:00
*** gcheresh_ has quit IRC16:01
*** rcernin has quit IRC16:07
johnsomAlex_Stef Both of those are missing docs at the moment.  We are starting work on the new api reference which will include those.16:11
Alex_Stefjohnsom, tnx man.16:12
*** csomerville has quit IRC16:13
*** csomerville has joined #openstack-lbaas16:13
*** yamamoto has quit IRC16:16
diltrammorning people16:19
*** tesseract has quit IRC16:21
*** nmagnezi has quit IRC16:27
*** Alex_Stef has quit IRC16:30
*** catintheroof has joined #openstack-lbaas16:32
*** kobis has quit IRC16:33
xgermano/16:36
johnsomMorning16:44
diltramjohnsom: did you saw email about python3?16:46
diltramin devstack16:46
diltramand adding DSVM jobs?16:46
johnsomHaven't got there yet, looking16:48
diltramok16:48
diltramI can configure this DSVM jobs16:48
johnsomWhat was the title?  I'm not seeing it16:49
diltram[openstack-dev] [all][py3][swift][devstack] USE_PYTHON3 works! (well somewhat)16:49
johnsomAh, swift I don't usually read16:50
diltramthey added swift tag because they completely not support python 3.x16:51
diltrambut mostly is about devstack16:51
*** amotoki has quit IRC16:55
*** pcaruana has quit IRC16:58
johnsomdiltram Sure, go ahead.  I see that the goal isn't approved yet, but still worth while to do.16:58
diltramok16:59
johnsomSkip the functional in nlbaas, as it was never finished getting setup and is non-functional.  I need to take a deeper look at if it matters or not.16:59
johnsomPlease ping me when you have a patch up so I can +1 it17:00
diltramsure17:00
*** bana_k has joined #openstack-lbaas17:04
*** nmagnezi_ has joined #openstack-lbaas17:14
*** yamamoto has joined #openstack-lbaas17:16
*** yamamoto has quit IRC17:26
openstackgerritMerged openstack/octavia: Updated from global requirements  https://review.openstack.org/41597917:27
openstackgerritMerged openstack/neutron-lbaas: Updated from global requirements  https://review.openstack.org/41597517:27
*** bana_k has quit IRC17:28
*** anilvenkata has joined #openstack-lbaas17:34
*** gcheresh_ has joined #openstack-lbaas17:37
*** gcheresh_ has quit IRC17:42
openstackgerritMichael Johnson proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079417:43
diltramjohnsom: https://review.openstack.org/417120 <- up to review17:43
*** anilvenkata has quit IRC17:44
johnsomThanks, looking17:44
openstackgerritLubosz Kosnik (diltram) proposed openstack/octavia: Fix tenant_id reference  https://review.openstack.org/41667817:45
*** kevo has joined #openstack-lbaas17:47
openstackgerritLubosz Kosnik (diltram) proposed openstack/octavia: Fix tenant_id reference  https://review.openstack.org/41667817:53
*** nmagnezi_ has quit IRC17:58
johnsomdiltram  Commented17:59
johnsomI think you caught one of them in the second patch17:59
diltramjohnsom: yep, that dashoard I fixed in next patch18:00
diltramso trusty is not really supported anymore, right?18:01
johnsomIt's not as clear as it should be, but I think for master now in ocata we are moving on to just testing xenail18:05
johnsomHere is the guidance I know of: https://governance.openstack.org/tc/reference/project-testing-interface.html18:05
johnsomWe can leave it and see if the infra folks comment on it, or just remove it now.18:06
*** SumitNaiksatam has joined #openstack-lbaas18:07
diltramjohnsom: I removed that trusty tests, I will ping you when test will pass, still didn't configured that properly18:08
diltramok, so this docs descibe ubuntu (latests LTS) so it's just xenial18:09
johnsomYeah, well that says "the most popular", not we should test....   It's not perfectly clear18:09
diltramtrue but still even our all tests are moved to xenial from trusty18:11
johnsomYeah, that was an infra push.  So, I think we are good with just xenial18:11
diltramlike always crickets when we're asking about something :P18:12
johnsomYeah, I have a patch that has been un-reviewed for almost a month.  Wondering if infra is in trouble18:13
diltramit looks like18:13
openstackgerritMerged openstack/octavia: Fix multi-typo error in Octavia  https://review.openstack.org/41517218:20
xgermanweird bug: If I create an lb, pool, etc. as tenant A; and then create a member for the pool from tenant A as tenant B/admin it will let me do itl show it for tenant B; but not tenant A18:21
xgermansince an admin can do everyhting this is likely ok but it irks me that you could syphon of traffic without the victim knowing18:22
xgermanLP18:23
diltramxgerman: you're using nlbaas?18:25
xgermanyep, v2 API18:25
xgermanwill make an LP entry18:25
johnsomYeah, that makes sense to me.  An admin account is all powerful and the object created will be under the project id that created it.18:25
xgermanyep, but as I said it irks me that as the original user I won;t see that they are syphoning off traffic18:26
diltramyeah, it's a bug18:26
diltrambecause even if admin is creating smth it should be created in specific project18:26
johnsomI don't think it is a bug.18:27
johnsomThe member is under a project, the tenant B project ID that created it.18:27
diltrambut is it proper configuration that it takes admin project not on which he's working currently?18:28
johnsomHe is saying he used tenant B, project_id 1234 which as the admin role.  So creating the member has project_id 1234 on it and not tenant A project ID 5432118:29
xgermanyep18:29
xgermanI think it’s legit18:30
xgermanI see it more form a security angle but if the guy is admin… ther eis not much we can do18:30
johnsomI guess we could put a limit in that doesn't allow admin role users to create child objects of an LB with a project ID different than the LB project ID.  It's an artificial limitation, but I can't think of a use case where you would really want to allow that.18:30
johnsomYeah, admin role can pretty much do anything.18:31
johnsomI think in the future there may be a use case where the roles get more advanced, I.e. IT creates the LB and listener, but delegates pool and member management to another project (project team or such).  But that is a whole different animal18:31
xgermanI am fine with the linitation18:32
xgermanfor the admin user18:32
johnsomBut, that use case would mean rolling back that admin limit as it would become a valid use case18:32
xgermanI don’t think I executed a valid use case18:33
diltramok because based on bug in launchpad about disabling project_id specification on creation of objects in Octavia it will be completely blocked18:34
diltramwe dicussed about this on mid-cycle18:34
diltramhttps://bugs.launchpad.net/octavia/+bug/162414518:34
openstackLaunchpad bug 1624145 in octavia "Octavia should ignore project_id on API create commands (except load_balancer)" [High,New]18:34
diltramso based on this18:34
xgermanmmh18:35
diltramwe're allowing creating load balancer in any project for admin18:35
johnsomYeah, not sure how I feel about that bug18:35
diltrambut all subresources will be created in the same project18:35
diltramfor me it's valid18:35
xgermanwe+118:35
diltramwhy anyone should be able to hidden any resources from me18:35
diltrambased on this admin can use my load balancer to private stuff and charge me for that usage18:36
xgermanyeah, that is my issue I can’t see the resource and won’t be able to find out why requests go amiss18:36
openstackgerritMerged openstack/octavia: Fix typo in doc/source/api/octaviaapi.rst  https://review.openstack.org/41619518:37
*** bana_k has joined #openstack-lbaas18:38
openstackgerritMerged openstack/octavia: Fix a typo  https://review.openstack.org/41660418:42
openstackgerritMerged openstack/octavia: Fix missing NovaServerGroupDelete  https://review.openstack.org/40940518:42
openstackgerritMerged openstack/octavia: Correcting error message for CA Key validation failure  https://review.openstack.org/41686918:44
openstackgerritMerged openstack/octavia: Adds diskimage-create scripts to pypi package  https://review.openstack.org/41678218:44
diltramsigh18:45
diltramthis tempest frustrate me18:45
diltramI was able to fix this tenant_id using clients but now it failes because tenant_networks_reachable option is not specified in group network :/18:45
*** reedip_outofmemo has quit IRC18:54
openstackgerritMerged openstack/octavia: Remove an erroneous MarkMemberActiveInDB task  https://review.openstack.org/40941019:03
openstackgerritLubosz Kosnik (diltram) proposed openstack/octavia: Fix tenant_id reference  https://review.openstack.org/41667819:09
*** pglass has joined #openstack-lbaas19:10
diltramsigh, sed will kill me19:10
*** pglass has quit IRC19:10
diltramby mistake seding code I changed the cfg option name19:10
*** rcernin has joined #openstack-lbaas19:11
diltramjohnsom: https://review.openstack.org/417120 <- tests passed19:14
johnsomk]19:15
*** harlowja has joined #openstack-lbaas19:16
*** saju_m has joined #openstack-lbaas19:17
xgermansomeone has a devstack running? I am having trouble deleting a member as a non admin…19:17
diltramgive me a sec19:18
johnsomI don't at the moment.  Let me know if I should spin one up19:19
*** TrevorV has quit IRC19:20
diltramxgerman: did you created the member as admin?19:24
xgermannope19:24
diltramso I was able on demo/demo create lb, pool, members19:25
diltramand then delete one of memebers19:25
diltrameven both of them19:25
xgermanok, so I screwed something up with my policies19:25
diltram:P19:26
diltramverify that you have project check19:27
xgermanI have mitaka19:27
diltram:P19:28
diltramdoesn't change anything :P19:28
*** SumitNaiksatam has left #openstack-lbaas19:33
*** gcheresh_ has joined #openstack-lbaas19:45
openstackgerritMerged openstack/octavia: Set access_policy for messaging's dispatcher  https://review.openstack.org/41639419:47
diltramjohnsom: reordered patches in review list19:53
johnsomok19:54
diltramIntroduce Test Base class for V2 is parent for xgerman patch19:54
xgermank19:54
mhaydenwhat's the preferred way to get octavia running quickly? devstack?20:01
diltrammhayden: yes20:01
diltramuse devstack20:01
diltrammhayden: trying something specific?20:02
mhaydendiltram: getting a start on the octavia role in openstack-ansible -- just need to see what a properly configured stack looks like20:02
diltramso yeah, use devstack and you will get what you need20:02
*** chlong has quit IRC20:03
diltramjohnsom, rm_work: +2 please https://review.openstack.org/#/c/416678/20:12
*** ducttape_ has quit IRC20:28
*** ducttape_ has joined #openstack-lbaas20:28
openstackgerritLubosz Kosnik (diltram) proposed openstack/octavia: Fix file mode  https://review.openstack.org/41717420:29
*** ducttape_ has quit IRC20:34
*** ducttape_ has joined #openstack-lbaas20:34
diltramDIB will be supporting containers20:39
diltramhttps://review.openstack.org/#/q/topic:ubuntu-container+status:open20:39
xgermanaweet20:40
diltramI forgot how long is taking to execute all tests properly :P20:42
diltramall scenario are working and it's executing and executing20:42
*** catintheroof has quit IRC20:45
*** TrevorV has joined #openstack-lbaas20:52
diltramall tests are green, finally :)20:54
xgermanHooray! And I executed most of my policy adventures… we should probably put that in the project somewhere…20:56
diltramxgerman: you can create patch based on my policy.json20:58
xgermank20:58
diltramand put all rules into octavia/policy/xxx.py files20:58
diltram:)20:58
diltramjohnsom: thx20:58
diltramI didn't saw that file mode change also :P20:59
diltrambecause of this I'm removing our mistake :P20:59
johnsomYep, thanks20:59
diltramany core is here except johnsom?21:00
*** _ducttape_ has joined #openstack-lbaas21:21
*** armax has joined #openstack-lbaas21:22
*** ducttape_ has quit IRC21:22
diltramok, cu people21:23
openstackgerritGerman Eichberger proposed openstack/neutron-lbaas: Adds a sample polic.json file  https://review.openstack.org/41719321:23
xgermanok, we probably need to do the same for Octavia so they stay compatible21:23
diltramxgerman: but remember that we're using policy in code21:24
diltramand probably you should rename the file21:24
diltramok21:24
xgermanyes, the file is named harmless21:24
diltramI'm leaving21:24
xgermank21:25
*** gcheresh_ has quit IRC21:31
*** saju_m has quit IRC21:36
openstackgerritMichael Johnson proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079421:44
johnsomYou can ignore those for now.  I'm working on tests and plan to commit as I complete test sections.21:45
johnsomI will be marking them WIP21:45
openstackgerritMichael Johnson proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079421:55
*** darrenc is now known as darrenc_afk22:07
rm_workdiltram: sorry was in meetings from 8:45am to now >_<22:18
rm_work+A'd your fixes22:18
johnsomFun22:18
xgermangelous22:21
xgermanIn Germany we had cookies and coffee at meetings — makes them much more civiized22:21
*** beardedeagle has joined #openstack-lbaas22:24
johnsomHahaha22:24
johnsomxgerman You can have cookies and coffee at our meetings...22:25
johnsomgrin22:25
*** darrenc_afk is now known as darrenc22:25
xgermanBYO22:25
johnsomProbably better quality22:25
*** _ducttape_ has quit IRC22:46
openstackgerritOpenStack Proposal Bot proposed openstack/octavia: Updated from global requirements  https://review.openstack.org/41722922:52
openstackgerritMichael Johnson proposed openstack/octavia: Remove an erroneous MarkHealthMonitorActiveInDB task  https://review.openstack.org/40940322:53
openstackgerritMerged openstack/octavia: Fix tenant_id reference  https://review.openstack.org/41667823:14
openstackgerritMerged openstack/octavia: Fix file mode  https://review.openstack.org/41717423:14
rm_worki COULD have cookies and coffee in my meeting... if i got up and made them23:18
rm_workjohnsom: can I catch you in ... an hour / hour and a half or so for some discussion?23:25
johnsomYep, no problem23:25
rm_workkk, have some interesting ideas23:25
rm_work(not originally mine, but I'm stealing them)23:26
rm_workbrb23:26
*** beardedeagle has quit IRC23:27
diltramrm_work: thx :)23:38
*** ducttape_ has joined #openstack-lbaas23:48
*** ducttape_ has quit IRC23:53
*** TrevorV has quit IRC23:54
*** TrevorV has joined #openstack-lbaas23:54
« Wednesday, 2017-01-04 Index Friday, 2017-01-06 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!