Wednesday, 2017-06-21

*** sshank has quit IRC		00:03
*** chlong has quit IRC		00:03
*** isotope has quit IRC		00:18
openstackgerrit	Adam Harwell proposed openstack/octavia master: SSL Health Monitors didn't actually ... check very much https://review.openstack.org/475944	00:19
rm_work	johnsom: ^^ there you go :)	00:20
rm_work	reviewing RBAC #1 now	00:20
johnsom	Ok, just about to a place I can look at that.	00:20
*** amotoki_away is now known as amotoki		00:23
*** sanfern has quit IRC		01:04
*** sanfern has joined #openstack-lbaas		01:23
*** JudeC has joined #openstack-lbaas		01:28
*** JudeC has quit IRC		01:36
*** gongysh has joined #openstack-lbaas		01:38
*** KeithMnemonic1 has quit IRC		01:39
*** isotope has joined #openstack-lbaas		01:55
openstackgerrit	Michael Johnson proposed openstack/octavia master: Add RBAC enforcement to quotas v2 API https://review.openstack.org/475980	01:57
*** isotope has quit IRC		02:08
*** sanfern has quit IRC		02:46
*** dayou has quit IRC		03:08
*** dayou has joined #openstack-lbaas		03:10
*** gans has joined #openstack-lbaas		03:47
*** yamamoto has joined #openstack-lbaas		03:57
*** links has joined #openstack-lbaas		04:07
*** armax has joined #openstack-lbaas		04:28
*** cpuga has joined #openstack-lbaas		04:37
*** cody-somerville has quit IRC		04:37
*** cody-somerville has joined #openstack-lbaas		04:37
*** armax has quit IRC		04:42
*** jerrygb has joined #openstack-lbaas		04:57
*** gcheresh has joined #openstack-lbaas		05:00
*** jerrygb has quit IRC		05:01
gans	I have confirmed this bug https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/1699396 , anyone else facing same issue?	05:02
openstack	Launchpad bug 1699396 in livecd-rootfs (Ubuntu) "sha256sum mismatch in cloud images" [Undecided,Confirmed]	05:02
*** links has quit IRC		05:07
korean101	anyone knows this ERROR? (octavia.compute.drivers.nova_driver BadRequest: Invalid key_name provided. (HTTP 400))	05:15
korean101	# neutron lbaas-loadbalancer-create --name test-lb demo-subnet	05:16
korean101	after above commands, i got ERROR	05:16
*** blogan has quit IRC		05:16
johnsom	gans yes, the ubuntu cloud image has been broken all day.	05:17
gans	johnsom, thanks for confirmation	05:17
johnsom	korean101 you have a configuration issue, the keypair name you added for ssh access to the amps is not present in nova	05:18
johnsom	Keypair in the octavi.conf	05:18
korean101	/etc/octavia/.ssh/octavia_ssh_key this?	05:20
johnsom	It is a nova keypair name and not a file path	05:20
korean101	johnsom: BTW 05:20 AM?	05:20
korean101	johnsom: don't sleep?	05:21
johnsom	Yeah, it is 10:20pm here	05:21
*** gongysh has quit IRC		05:21
johnsom	Will be soon	05:21
korean101	johnsom: not GMT?	05:21
korean101	UTC?	05:21
johnsom	I am in PST	05:21
korean101	johnsom: OH got it	05:22
korean101	johnsom: /etc/octavia/.ssh/octavia_ssh_key: PEM RSA private key	05:22
korean101	johnsom: and keypair list OK	05:22
*** links has joined #openstack-lbaas		05:23
johnsom	Hmm, the error you shared is an error nova tells us when the keypair name in nova doesn't match what we have in octavi.conf	05:24
*** armax has joined #openstack-lbaas		05:24
johnsom	I think the command is "nova keypair list"	05:24
gans	nova keypair-list	05:25
gans	openstack keypair list	05:25
korean101	yes. hypen	05:25
korean101	phen	05:25
korean101	johnsom: can you check this .conf file? (http://paste.openstack.org/show/uAFDWkOjjO3DsGARoPk8/)	05:27
johnsom	Make sure the # amp_ssh_key_name = in octavia.conf is in that list	05:27
korean101	johnsom: i already succeed deploy DVR + octavia in Newton releases	05:28
korean101	johnsom: now i try Ocata releases. so difficult again	05:28
johnsom	Ugh, yeah DVR still has bugs	05:28
korean101	johnsom: yes	05:28
korean101	johnsom: comment out this? amp_ssh_key_name	05:29
johnsom	Yeah, try that and restart the processes. I bet it will work	05:29
korean101	johnsom: OH!!!! got a next steps	05:31
korean101	johnsom: but another ERRORs	05:32
korean101	and in devstack not comment out amp_ssh_key_name	05:32
korean101	why i comment out that to deploy real machine?	05:32
korean101	i only reference devstack configuration	05:33
johnsom	Yeah, octavia_ssh_key is missing from nova keypair-list	05:33
korean101	johnsom: so difficult for me...	05:33
johnsom	You either can leave it commented out, it is only for debug, or load an ssh key into nova with that name	05:34
korean101	johnsom: but i already load that key name	05:35
korean101	johnsom: OMG	05:35
johnsom	Wrong project maybe?	05:35
korean101	johnsom: same errors (ERROR octavia.compute.drivers.nova_driver BadRequest: Invalid key_name provided. (HTTP 400))	05:35
korean101	johnsom: not nextp steps	05:36
johnsom	Hmm, maybe nova api log will give more information?	05:36
johnsom	N-api	05:37
korean101	johnsom: 1minutes	05:37
korean101	johnsom: nothings in n-api	05:39
johnsom	The 400 should be there	05:40
korean101	johnsom: wait johnsom	05:41
korean101	johnsom: please...	05:41
johnsom	It is a nova error	05:41
*** csomerville has joined #openstack-lbaas		05:44
korean101	johnsom: http://paste.openstack.org/show/uPdDf2nEAdD1KWcTWpHC/	05:45
korean101	johnsom: different ERRORs	05:45
*** cody-somerville has quit IRC		05:47
johnsom	Yeah, nova is failing. ComputeBuildException	05:47
korean101	johnsom: but not key name ERROR	05:48
korean101	johnsom: something different	05:48
johnsom	I usually dig through the nova logs to see why. It is either a config problem in octavia or nova isn't setup right. Or it i	05:49
johnsom	Does not have enough resource to boot the instance	05:49
korean101	johnsom: but i create test-002 VM now and succeed	05:49
korean101	johnsom: now active running	05:49
korean101	new VM	05:49
johnsom	Ok, hmm	05:50
*** armax has quit IRC		05:55
johnsom	I need to get some sleep. I would dig through the nova logs to see why it is failing	06:04
korean101	johnsom: yes thanks	06:05
korean101	i use ocata releases	06:05
korean101	johnsom: many thanks!	06:05
*** JudeC has joined #openstack-lbaas		06:11
*** pcaruana has joined #openstack-lbaas		06:31
*** jerrygb has joined #openstack-lbaas		06:36
*** kobis has joined #openstack-lbaas		06:51
*** rcernin has joined #openstack-lbaas		06:59
korean101	johnsom: got a clues	07:01
korean101	johnsom: SecurityGroupNotFound: Security group dd670196-4c2d-49e0-81cd-491afa5ae056 not found (in compute node)	07:01
korean101	but i already create secgroup and paste in octavia.conf	07:01
korean101	johnsom: \| dd670196-4c2d-49e0-81cd-491afa5ae056 \| lb-mgmt-sec-grp \| lb-mgmt-sec-grp \|	07:02
korean101	johnsom: amp_secgroup_list = dd670196-4c2d-49e0-81cd-491afa5ae056	07:02
korean101	johnsom: something weird	07:02
*** armax has joined #openstack-lbaas		07:04
korean101	johnsom: !!	07:07
korean101	johnsom: comment out amp_secgroup_list in octavia.conf	07:07
korean101	johnsom: amp instance booting is good	07:08
korean101	johnsom: but worker can't connect to amp	07:08
korean101	johnsom: something wrong in octavia.conf	07:08
*** cpuga has quit IRC		07:08
korean101	two comment out items in octavia.conf	07:09
korean101	johnsom: how can i do?	07:09
*** tesseract has joined #openstack-lbaas		07:15
*** links has quit IRC		07:31
*** jerrygb has quit IRC		07:34
*** links has joined #openstack-lbaas		07:44
*** sticker has quit IRC		08:12
*** gans819 has joined #openstack-lbaas		08:18
*** gans has quit IRC		08:21
rm_work	korean101: i think the user that octavia.conf has configured for nova is not the same user that you are using manually maybe?	08:28
rm_work	that is what it seems like	08:29
rm_work	because your nova user (that is in octavia.conf) cannot see the key-pair or the security group	08:29
nmagnezi	rm_work, o/	08:32
rm_work	o	08:32
rm_work	\|/	08:32
*** gans819 has quit IRC		08:32
rm_work	/\	08:32
rm_work	ugh lol	08:32
rm_work	tried to make my typo look intentional and it didn't work out T_T	08:33
nmagnezi	lol	08:33
korean101	rm_work: my normal user is demo	08:33
korean101	rm_work: and octavia user is also exists	08:33
korean101	rm_work: and i create LB via root credentials	08:34
korean101	rm_work: something wrong?	08:34
nmagnezi	rm_work, yet another recheck fest https://review.openstack.org/#/c/475892/	08:34
rm_work	in your octavia.conf, what is under the [nova] section	08:34
rm_work	you can leave out password, but what user/project	08:34
korean101	rm_work: but devstack's [nova] section's nothing	08:36
korean101	rm_work: i'll try that	08:36
korean101	rm_work: i added [nova] section auth information in octavia.conf	08:39
*** gongysh has joined #openstack-lbaas		08:39
korean101	rm_work: and do not comment out (amp_ssh_key_name, amp_secgroup_list)	08:39
korean101	rm_work: Invalid key_name provided ERROR again...	08:39
*** JudeC has quit IRC		08:41
*** rcernin has quit IRC		08:45
rm_work	what user did you put	08:48
rm_work	ah also neutron section	08:48
rm_work	because security-groups are neutron	08:48
*** rcernin has joined #openstack-lbaas		08:51
*** gans819 has joined #openstack-lbaas		08:52
korean101	rm_work: nova section's nova user	08:55
rm_work	korean101: what user IS that	09:00
rm_work	is it the same user AND project you used to create the SSH keypair?	09:00
korean101	rm_work: http://paste.openstack.org/show/ObTMS8k2WDJ9hQQp2Bzw/	09:00
korean101	rm_work: yes. i create	09:01
korean101	rm_work: my own keypair	09:01
rm_work	korean101: so, as the nova user, if you do a keypair list, the keypair shows up?	09:02
rm_work	usually we recommend using an "octavia-service" user or similar	09:02
rm_work	and give it admin in nova/neutron	09:02
korean101	as nova user	09:04
korean101	openstack keypair list	09:04
korean101	The request you have made requires authentication. (HTTP 401) (Request-ID: req-a67db5e3-153f-40f4-b947-baf3321cb9b5)	09:04
korean101	rm_work: http://paste.openstack.org/show/ZDFEUkFPtgLEpC1F7qbP/	09:06
korean101	there three users have a admin role	09:06
rm_work	umm	09:07
rm_work	ok but the nova user needs to have the keypair	09:07
rm_work	which i still haven't seen	09:07
korean101	rm_work: but nova user isn't normal user	09:08
rm_work	it doesn't matter	09:08
rm_work	keypairs don't get shared via roles/etc like everything else	09:08
korean101	rm_work: also in Newton release, nova user can't seee keypairs	09:08
rm_work	the nova user needs to actually have created the keypair	09:08
rm_work	ok	09:08
rm_work	then you need to use a different user	09:08
rm_work	as I said, we don't recommend using some random other user	09:08
rm_work	we recommend you use one "octavia-service" account	09:08
korean101	OK	09:09
*** cpuga has joined #openstack-lbaas		09:09
rm_work	that account needs to own at least the nova keypair and probably also the security-group	09:11
korean101	rm_work: admin user can't do that?	09:12
rm_work	it doesn't matter what its roles are	09:13
rm_work	nova keypairs are not shared between users	09:13
rm_work	at all	09:13
rm_work	ever	09:13
rm_work	they are only visible to the specific user that created them	09:13
*** cpuga has quit IRC		09:14
*** gans819 has quit IRC		09:18
*** gans has joined #openstack-lbaas		09:19
*** yamamoto has quit IRC		09:22
openstackgerrit	Nir Magnezi proposed openstack/octavia-dashboard master: Optimize the link address https://review.openstack.org/455298	09:32
openstackgerrit	Nir Magnezi proposed openstack/octavia-dashboard master: Updating for octavia-dashboard https://review.openstack.org/446178	09:32
korean101	rm_work: something else ERRORS	09:44
korean101	ERROR octavia.controller.worker.controller_worker OverQuotaClient: Quota exceeded for resources: ['security_group'].	09:44
korean101	rm_work: i changed octavia user	09:44
korean101	and rm_work and nothing amp_ssh_key_name ERROR	09:44
korean101	but other errors comming	09:45
rm_work	yeah you have a quota problem, it seems :P	09:45
rm_work	and errors tend to multiply	09:45
rm_work	because one thing breaks, and then everything breaks	09:45
*** yamamoto has joined #openstack-lbaas		09:46
openstackgerrit	Adam Harwell proposed openstack/octavia master: Allow using custom enum values for API fields https://review.openstack.org/463851	09:49
rm_work	^^ nmagnezi there might be more to that maybe, but that seems to be the basis for what we need I think, if i understand the needs of the vendors correctly	09:50
rm_work	but i really need feedback from Samuel / Evgeny / kobis	09:51
rm_work	ok we can recheck/merge stuff again, supposedly the xenial images are temporarily rolled back to working versions now	09:53
*** sanfern has joined #openstack-lbaas		09:58
*** sanfern has quit IRC		10:03
*** sanfern has joined #openstack-lbaas		10:04
openstackgerrit	Adam Harwell proposed openstack/octavia master: SSL Health Monitors didn't actually ... check very much https://review.openstack.org/475944	10:04
openstackgerrit	Adam Harwell proposed openstack/python-octaviaclient master: Add TLS-HELLO option for HealthMonitors https://review.openstack.org/476075	10:04
nmagnezi	rm_work, aye. I'll take a look at this one :)	10:08
nmagnezi	rm_work, see you tomorrow! (or later today for me..) :)	10:09
*** yamamoto_ has joined #openstack-lbaas		10:09
*** yamamoto has quit IRC		10:13
rm_work	yep :)	10:15
openstackgerrit	Adam Harwell proposed openstack/octavia master: SSL Health Monitors didn't actually ... check very much https://review.openstack.org/475944	10:16
rm_work	^^ missed a spot	10:16
*** gongysh has quit IRC		10:16
rm_work	a couple of those might need more rechecks, if you would be so kind	10:21
rm_work	and NOW i'm off	10:21
*** yamamoto_ has quit IRC		10:30
*** yamamoto has joined #openstack-lbaas		10:32
*** yamamoto has quit IRC		10:33
*** yamamoto has joined #openstack-lbaas		10:43
*** sanfern has quit IRC		10:52
*** yamamoto has quit IRC		10:54
*** gans has quit IRC		10:54
*** sanfern has joined #openstack-lbaas		10:57
*** cpuga has joined #openstack-lbaas		11:11
*** cpuga has quit IRC		11:15
*** gongysh has joined #openstack-lbaas		11:17
*** atoth has joined #openstack-lbaas		11:21
*** yamamoto has joined #openstack-lbaas		11:24
*** yamamoto has quit IRC		11:28
*** sanfern has quit IRC		11:30
*** bzhao has quit IRC		11:47
*** bzhao has joined #openstack-lbaas		11:48
openstackgerrit	Nir Magnezi proposed openstack/octavia master: Allow using custom enum values for API fields https://review.openstack.org/463851	11:50
*** yamamoto has joined #openstack-lbaas		11:54
openstackgerrit	Nir Magnezi proposed openstack/octavia master: Allow using custom enum values for API fields https://review.openstack.org/463851	11:58
*** cpuga has joined #openstack-lbaas		12:45
*** sanfern has joined #openstack-lbaas		12:50
*** jerrygb has joined #openstack-lbaas		13:00
*** cpuga has quit IRC		13:01
openstackgerrit	Nir Magnezi proposed openstack/octavia-dashboard master: Optimize the link address https://review.openstack.org/455298	13:20
*** cpuga has joined #openstack-lbaas		13:23
*** sanfern has quit IRC		13:24
*** sanfern has joined #openstack-lbaas		13:37
*** gongysh has quit IRC		13:39
*** catintheroof has joined #openstack-lbaas		13:45
*** gcheresh has quit IRC		13:45
*** cpuga has quit IRC		13:58
*** jerrygb has quit IRC		14:04
*** chlong has joined #openstack-lbaas		14:07
johnsom	rm_work When you get on today, can we talk about the RBAC patch? I don't see any major comments on it and wondered if we can defer one of those changes to the end of the chain?	14:15
johnsom	http://logs.openstack.org/20/475920/1/check/gate-octavia-python27-ubuntu-xenial/0ddd3fd/console.html#_2017-06-21_14_19_08_495699	14:24
johnsom	stderr: 'fatal: Could not read from remote repository.	14:24
johnsom	I think I should have just taken the day off....	14:24
johnsom	So, yeah, looks like the ubuntu cloud images still don't match the sha256sums	14:51
johnsom	I posted to the ubuntu forums, maybe that will raise attention	14:51
johnsom	Our centos 7 amps are working though... grin	14:52
nmagnezi	:D	14:52
johnsom	Score one for nmagnezi	14:52
*** rcernin has quit IRC		15:07
*** pcaruana has quit IRC		15:12
*** kobis has quit IRC		15:21
*** fnaval_ has joined #openstack-lbaas		15:23
*** blogan has joined #openstack-lbaas		15:32
*** sanfern has quit IRC		15:48
*** sanfern has joined #openstack-lbaas		15:49
*** cpuga has joined #openstack-lbaas		15:59
*** cpuga_ has joined #openstack-lbaas		16:01
*** tesseract has quit IRC		16:03
*** cpuga has quit IRC		16:04
*** yamamoto_ has joined #openstack-lbaas		16:10
*** yamamoto has quit IRC		16:13
*** bzhao has quit IRC		16:19
*** bzhao has joined #openstack-lbaas		16:20
*** sshank has joined #openstack-lbaas		16:34
*** yamamoto_ has quit IRC		16:47
*** yamamoto has joined #openstack-lbaas		16:49
*** harlowja has joined #openstack-lbaas		17:07
*** cpuga_ has quit IRC		17:11
*** links has quit IRC		17:15
johnsom	Ubuntu has fixed the issue with the cloud images	17:16
*** sshank has quit IRC		17:20
*** sshank has joined #openstack-lbaas		17:27
*** armax has quit IRC		17:29
*** cpuga has joined #openstack-lbaas		17:33
*** yamamoto has quit IRC		17:42
*** cody-somerville has joined #openstack-lbaas		17:44
*** csomerville has quit IRC		17:44
*** yamamoto has joined #openstack-lbaas		17:51
*** yamamoto has quit IRC		17:56
*** gcheresh has joined #openstack-lbaas		18:01
*** csomerville has joined #openstack-lbaas		18:02
*** cody-somerville has quit IRC		18:05
*** cpuga has quit IRC		18:10
*** yamamoto has joined #openstack-lbaas		18:15
*** JudeC has joined #openstack-lbaas		18:16
*** kbyrne has quit IRC		18:22
nmagnezi	johnsom, Score one for canonical :-)	18:23
*** kbyrne has joined #openstack-lbaas		18:23
*** cpuga has joined #openstack-lbaas		18:26
openstackgerrit	Merged openstack/octavia master: HM Update for url_path uses incorrect validation https://review.openstack.org/475892	18:29
johnsom	rm_work Did you figure out what happened with https://review.openstack.org/#/c/474790/?	18:30
johnsom	I see you rechecked it	18:30
rm_work	NOPE	18:30
rm_work	but, it's better than before	18:30
rm_work	at least we catch the "sometimes" one	18:31
rm_work	and at least it's obvious what happened	18:31
rm_work	so not really worse than previously	18:31
rm_work	and we have better debugging for catching any OTHER issues that come up, on the other patchsets that trigger them	18:31
rm_work	rather than rechecking that one over and over and over and hoping to randomly catch one	18:31
eandersson	Lets get this merged? https://review.openstack.org/#/c/475647/	18:33
eandersson	Since it will cause a conflict with the general re-branding	18:34
johnsom	Ha, I already reviewed that	18:38
johnsom	Ok, I'm going to grab a bite to eat before the meeting.	18:43
*** yamamoto has quit IRC		18:44
rm_work	johnsom: k. i addressed your comments on https://review.openstack.org/#/c/463851/ though i don't know if you like the answers	18:49
openstackgerrit	Merged openstack/octavia-dashboard master: Fix npm test https://review.openstack.org/475647	18:54
openstackgerrit	Adam Harwell proposed openstack/octavia master: Allow using custom enum values for API fields https://review.openstack.org/463851	18:58
rm_work	updated to address some things	18:58
openstackgerrit	Merged openstack/octavia master: Add RBAC enforcement to Octavia v2 API https://review.openstack.org/472872	18:59
*** sshank has quit IRC		19:00
openstackgerrit	Adam Harwell proposed openstack/octavia master: Octavia Feature Classification https://review.openstack.org/451177	19:05
rm_work	still trying to figure out what ^^ is exactly	19:06
*** sshank has joined #openstack-lbaas		19:08
*** sshank has quit IRC		19:10
eandersson	rm_work, how would these features be exposed to the dashboard?	19:20
eandersson	Would we add an API call to expose the features for a particular provider?	19:21
johnsom	rm_work It is supposed to be something like this: https://docs.openstack.org/developer/neutron/feature_classification/feature_classification_introduction.html	19:23
johnsom	https://docs.openstack.org/developer/neutron/feature_classification/general_feature_support_matrix.html	19:24
johnsom	It is just docs	19:26
*** jniesz has joined #openstack-lbaas		19:30
openstackgerrit	Michael Johnson proposed openstack/octavia master: Add filtering and field selection to API https://review.openstack.org/469275	19:37
johnsom	Rebase so I can test, review and clean up anything the RBAC stuff broke	19:37
johnsom	JudeC I assume it's ok for me to fix your API patches for the RBAC changes I just made....	19:42
johnsom	Feel free to say otherwise	19:42
JudeC	Yeah I don't mind at all :)	19:42
*** eandersson has quit IRC		19:43
JudeC	I can always fix them too, still wading through this tempest stuff trying to grasp what I am doing though... lol	19:43
openstackgerrit	Merged openstack/octavia master: Agent: swap flask responses to webob, handle 404 retries better https://review.openstack.org/474790	19:44
johnsom	Yeah, no problem, I can update them	19:44
JudeC	(wishing there were more examples of people writing tempest plugins)	19:45
*** yamamoto has joined #openstack-lbaas		19:45
johnsom	Yeah, you can ask questions in the openstack-qa channel BTW	19:47
johnsom	Not that I get timely replies all the time, but you can try	19:47
JudeC	Yeah rm_work directed me there yesterday.	19:47
rm_work	yeah they take a while :/	19:48
johnsom	They do tend to like folks that are trying to do a repo plugin, so maybe that will help you	19:48
JudeC	I will, I feel like I should fully understand what I am asking before posting in there. I want to make sure I at least read (most of) their documentation at least.	19:48
johnsom	I appreciate folks like you....	19:49
JudeC	There is quite a bit...	19:49
johnsom	The challenge is probably trying to figure out what is old and outdated vs. the new way...	19:50
JudeC	Exactly... I see a lot of stuff they say not to do implemented in these other tempest plugins.	19:51
*** yamamoto has quit IRC		19:52
johnsom	Yep	19:56
johnsom	Octavia meeting starting soon on #openstack-meeting-alt	19:56
*** openstackgerrit has quit IRC		20:03
*** rstarmer_ has quit IRC		20:07
rm_work	ah johnsom there was some refactoring i noticed i wanted done... so i just ... did it <_<	20:10
rm_work	posting shortly	20:10
*** rstarmer has joined #openstack-lbaas		20:10
johnsom	rm_work meeting time BTW	20:10
rm_work	yep	20:11
rm_work	was neck-deep in auth refactor	20:11
*** rstarmer has quit IRC		20:29
*** gcheresh has quit IRC		20:29
*** eandersson has joined #openstack-lbaas		20:31
*** ChanServ sets mode: +o johnsom		20:35
*** johnsom changes topic to "Welcome to LBaaS / Octavia - Pike review priority patches at https://etherpad.openstack.org/p/Octavia-Pike-priority-patches"		20:36
*** rstarmer has joined #openstack-lbaas		20:46
*** fnaval_ has quit IRC		20:50
*** amotoki is now known as amotoki_away		20:52
*** openstackgerrit has joined #openstack-lbaas		20:58
openstackgerrit	Ken Giusti proposed openstack/octavia master: Use 'get_rpc_transport' for RPC clients and servers. https://review.openstack.org/476270	20:58
johnsom	nmagnezi FYI, I have not "published" the link to that API-REF yet as it is not yet finished. L7 and quotas are still not done.	21:06
openstackgerrit	Adam Harwell proposed openstack/octavia master: Refactor the RBAC auth enforcement a bit https://review.openstack.org/476271	21:06
rm_work	johnsom: ^^	21:06
rm_work	end of your chain	21:06
*** fnaval has joined #openstack-lbaas		21:06
johnsom	Cool, thanks for not making be rebase the world... Grin	21:06
rm_work	yes I know how to do rebases :P	21:07
rm_work	err, rather, deal with long chains	21:07
openstackgerrit	Adam Harwell proposed openstack/octavia master: Refactor the RBAC auth enforcement a bit https://review.openstack.org/476271	21:09
johnsom	Does this mean you have reviewed the rest of the chain?	21:09
rm_work	yes	21:10
rm_work	or rather	21:10
rm_work	i decided to review it at the end	21:10
rm_work	because i got tired of looking at individual things	21:10
johnsom	Yeah	21:10
johnsom	Yeah, that is cool, thanks	21:11
rm_work	and yeah, so much DRY	21:11
rm_work	same as what I had to do at the end of the API patches	21:11
johnsom	Yeah, well, I got into the moment of getting it done	21:11
rm_work	it's like, by the time you get to the end, it's super clear where the repetition is	21:11
rm_work	but it's not while you're doing it from the start :P	21:12
rm_work	on mine i went back through and refactored everything which was an absolute PITA so I decided i wouldn't wish that on you and i'd just do it for you at the end ^_^	21:12
johnsom	Yeah, much easier	21:13
rm_work	now i just need to test in devstack	21:15
rm_work	which ... i'll get to shortly	21:15
*** isotope has joined #openstack-lbaas		21:16
*** chlong has quit IRC		21:22
isotope	I believe this bug is effecting me, lbaas tls is not working with non-admin tenant	21:33
isotope	https://bugs.launchpad.net/barbican/+bug/1592612	21:33
openstack	Launchpad bug 1592612 in octavia "LBaaS TLS is not working with non-admin tenant" [High,Confirmed]	21:33
isotope	is there a work around for this maybe using acl's?	21:33
johnsom	isotope Yes, there are two workarounds until with get this fully fixed	21:34
johnsom	1. Change the barbican RBAC policies to allow the octavia service account access to all of the containers in barbican. Works, but not a great option	21:34
johnsom	2. Use ACLs: https://docs.openstack.org/developer/octavia/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer	21:35
johnsom	We hope to fix this soon via the Octavia v2 API, just waiting on a capability in barbican	21:35
johnsom	in 2. admin can (should) be the octavia service account	21:36
*** cpuga has quit IRC		21:43
*** catintheroof has quit IRC		21:51
*** JudeC has quit IRC		21:57
*** JudeC has joined #openstack-lbaas		22:00
*** blogan_ has joined #openstack-lbaas		22:00
*** jniesz has quit IRC		22:02
isotope	johnson so admin_id is the id of the user performing the request?	22:03
*** armax has joined #openstack-lbaas		22:03
*** blogan has quit IRC		22:03
johnsom	isotope It should be the octavia service account name (or neutron service account if you are using a driver other than octavia)	22:04
isotope	Ah	22:04
isotope	I tried neutron as the service account name, I'm not sure if that is correct or not	22:16
johnsom	Yeah, it is dependent on your deployment	22:20
johnsom	JudeC Looking at filtering patch.	22:23
*** blogan_ has quit IRC		22:23
JudeC	ack.	22:23
johnsom	It looks like the gt functionality isn't implemented.	22:23
JudeC	gt?	22:23
johnsom	I am guessing the time based filtering isn't either.	22:23
johnsom	https://specs.openstack.org/openstack/api-wg/guidelines/pagination_filter_sort.html#filtering	22:24
johnsom	http://$test_API_IP:$test_API_PORT/v2.0/lbaas/listeners?protocol_port=gt:75	22:24
johnsom	I think I am just going to report those as bugs and let someone add it later.	22:24
JudeC	ohhh no I did not implement that. I was using neutron lbass docs to get feature parity.	22:25
johnsom	Oh, well, yeah. neutron is um.... not very up to date on the API specs	22:25
johnsom	I'm just going to add a bug for it and call it a day	22:26
JudeC	:P dang it this wouldnt have been hard to do either. Yeah if you throw in a bug I can circle back to it when I am done with this tempest stuff.	22:26
johnsom	It's icing if you ask me	22:26
JudeC	dang I wish I would have seen this doc before, at least I am learning where to look for all of this stuff. :/	22:28
johnsom	Ah, I thought I sent you a link. Sorry	22:29
JudeC	in: isn't implemented either	22:29
johnsom	Feel free to ping me	22:29
johnsom	Yeah, they don't really have that finalized I don't think	22:29
johnsom	Oh, in is there, it's LIKE they don't have yet	22:30
johnsom	https://bugs.launchpad.net/octavia/+bug/1699616	22:30
openstack	Launchpad bug 1699616 in octavia "Octavia v2 API needs to support conditional filtering" [Low,Triaged]	22:30
JudeC	ty	22:30
johnsom	JudeC Sorry to bother you again, trying to understand the patch.	22:41
johnsom	https://review.openstack.org/#/c/469275/10/octavia/api/v2/controllers/load_balancer.py Line 98	22:41
johnsom	Why is this needed if we have the filtering in the query now? https://review.openstack.org/#/c/469275/10/octavia/api/common/pagination.py	22:41
JudeC	looking	22:41
JudeC	This is for field selection, so if you just want to be shown the ids you can do ?fields=id or ids and names ?fields=id&fields=name.	22:44
johnsom	Ah, gotcha. Hmm, seems like we can do that over in the pagination / query as well.	22:45
JudeC	The way the responses work I couldn't just limit the data that was returned by the query from what I remember so I had to make the controller do the selection of the data that we want to be shown.	22:45
johnsom	Hmm, yeah, I could see the models maybe being odd. Going to think about it.	22:46
johnsom	At least we are limiting the number of rows returned now. That was the important one for paging	22:47
JudeC	I tried to do it in the query at first. IRRC I ran into an issue with the response types not being able to respond with partial data.	22:47
JudeC	IIRC*	22:48
johnsom	Yeah, but this current method drops them right before the response type is built	22:49
johnsom	The db_to_type might have an issue with it though	22:49
rm_work	johnsom / xgerman_: OK, tested the updated HM HTTPS mode, works as expected	22:49
johnsom	+1	22:50
*** sshank has joined #openstack-lbaas		22:50
rm_work	err sorry i still need to test the TLS-HELLO method	22:50
rm_work	but only a moment	22:50
JudeC	johnsom: let me pull up the code again and I can give you a more detailed answer to why I did what I did one sec.	22:50
*** armax has quit IRC		22:52
*** armax has joined #openstack-lbaas		22:53
rm_work	ummmm	22:59
rm_work	johnsom: i can't seem to create a TLS-HELLO or a PING healthmonitor, wtf	23:00
rm_work	HTTP/HTTPS/TCP work	23:01
rm_work	but PING and TLS-HELLO do not	23:01
johnsom	Isn't PING the default if it's just check and httpchk?	23:01
*** gongysh has joined #openstack-lbaas		23:01
rm_work	REQ: curl -g -i -X POST http://127.0.0.1:9876/v2.0/lbaas/healthmonitors -H "User-Agent: osc-lib/1.6.0 keystoneauth1/2.21.0 python-requests/2.17.3 CPython/2.7.12" -H "Content-Type: application/json" -H "X-Auth-Token: {SHA1}0e8fc079e30275680844b029fedfea89604844cd" -d '{"healthmonitor": {"name": "hm2", "admin_state_up": true, "pool_id": "e758dae1-bd64-4330-a3b4-dff397d4b62b", "delay": 2, "max_retries": 2, "timeout": 5, "type":	23:02
rm_work	"PING"}}'	23:02
rm_work	RESP: [400] Date: Wed, 21 Jun 2017 23:01:31 GMT Server: WSGIServer/0.1 Python/2.7.12 Content-Length: 88 Content-Type: application/json x-openstack-request-id: req-4fe25585-4258-4264-8630-1f69ac3b3251	23:02
rm_work	RESP BODY: {"debuginfo": null, "faultcode": "Client", "faultstring": " is not a valid option for "}	23:02
rm_work	???	23:02
rm_work	weird	23:02
rm_work	literally the same request but with a different "type" works	23:02
*** gongysh has quit IRC		23:03
johnsom	I can try on mine, just a sec	23:03
JudeC	johnsom: Ah yes because of _convert_db_to_type() I couldn't find a really elegant way to manipulate the object until it was already constructed. I am open to ideas on that though.	23:04
johnsom	rm_work Same here	23:05
rm_work	IIRC i had some ideas, need to look again at your code JudeC	23:05
rm_work	or rather... look for the first time T_T	23:05
rm_work	been busy	23:05
JudeC	:P	23:05
rm_work	ugh that's a bad excuse tho	23:05
rm_work	johnsom: hmm wtf	23:05
JudeC	nah man we all have been pretty crazy busy.	23:05
rm_work	johnsom: so PING is broken this whole time lol	23:06
rm_work	why would it do that error	23:06
rm_work	what is different about that type	23:06
rm_work	we don't do any further validation i thought	23:06
johnsom	The API type looks right, maybe a deeper validator	23:06
rm_work	i am looking for one	23:07
rm_work	ah i see where i throw that	23:08
rm_work	though I don't see why it failed to render properly...	23:09
johnsom	It's missing from the DB	23:09
johnsom	mysql> select * from health_monitor_type;	23:09
johnsom	+-------+-------------+	23:09
johnsom	\| name \| description \|	23:09
johnsom	+-------+-------------+	23:09
johnsom	\| HTTP \| NULL \|	23:09
johnsom	\| HTTPS \| NULL \|	23:09
johnsom	\| TCP \| NULL \|	23:09
johnsom	+-------+-------------+	23:09
johnsom	3 rows in set (0.00 sec)	23:09
johnsom	relational violation	23:09
rm_work	AHHHH I forgot about that part	23:09
rm_work	blegh	23:09
johnsom	Opps	23:09
rm_work	ok whelp	23:10
rm_work	I can add both in this patch	23:10
rm_work	but ummm	23:10
johnsom	Yep	23:10
rm_work	this message sucks	23:10
*** armax has quit IRC		23:10
rm_work	will fix	23:10
johnsom	At least there is a comment acknowledging sucky-ness	23:11
johnsom	https://github.com/openstack/octavia/blob/master/octavia/api/v2/controllers/health_monitor.py#L133	23:11
johnsom	JudeC if we filter those in the DB call and then drop them in the object like you do, we won't have pulled that data back from the DB just to be dropped. The type object back should just have None data in the columns that are going to be dropped by your code.	23:13
johnsom	Does that make sense or am I babbling train of thought too much?	23:14
JudeC	No, that makes sense.	23:14
JudeC	I will spin my wheels at this and see if I can come up with a fix for it tonight.	23:15
johnsom	So, leaving what you have, but adding to the pagination filter block to not return the columns	23:15
johnsom	Ok, thanks!	23:15
rm_work	this falls into the category of "does anyone use this?"	23:22
rm_work	because no one has noticed that PING monitors don't work yet	23:22
rm_work	or else hasn't bothered to submit a bug T_T	23:22
openstackgerrit	Adam Harwell proposed openstack/octavia master: SSL Health Monitors didn't actually ... check very much https://review.openstack.org/475944	23:22
johnsom	Clearly no one uses it, it NEVER was in the DB	23:23
rm_work	lol yep	23:31
rm_work	umm so	23:31
rm_work	now it generates the config but	23:31
rm_work	i can't get it to WORK?	23:31
rm_work	it has servers that respond on SSL	23:31
rm_work	but they show as down T_T	23:31
rm_work	blegh	23:31
rm_work	the config is exactly the same as before AFAICT	23:31
rm_work	OHHHHH nevermind	23:32
rm_work	Ithink	23:32
rm_work	uhh	23:32
rm_work	this is lulzy	23:32
rm_work	yeah nm the nm, i have no idea why this doesn't work	23:35
rm_work	yeah reverted to old code	23:37
rm_work	recreated HM	23:37
rm_work	it still doesn't work	23:37
rm_work	so either something is wrong with the return that i'm getting... or ... ???	23:38
*** sshank has quit IRC		23:47
rm_work	johnsom: can you test that CURRENT https HM works?	23:47
*** sshank has joined #openstack-lbaas		23:47
rm_work	does it really do a connect check and show members online?	23:48
*** sshank has quit IRC		23:48
rm_work	mine is constantly showing everything offline	23:48
rm_work	even with the old code	23:48
johnsom	Ok, just a minute	23:48
johnsom	Yeah, I see it hitting my webserver with an binary stream	23:51
rm_work	hmm	23:52
rm_work	yeah nm i guess i was just using a bad site to test	23:52
rm_work	i switched to a different test site and now it works fine	23:52
johnsom	Just a sec, I'm going to see if I can get a tcpdump and confirm it's an SSL handshake	23:52
rm_work	even though curl seemed to show a connection to both working	23:52
rm_work	so .. whatever, seems to be fine now	23:53
rm_work	now I can test your thing	23:54
*** KeithMnemonic has joined #openstack-lbaas		23:54
johnsom	Ok	23:55
*** isotope has quit IRC		23:59

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!