Wednesday, 2017-08-02

*** catintheroof has joined #openstack-lbaas		00:03
mnaser	rm_work but im just thinking that if someone hit /v1 anyways when we expose it, it'll be an issue	00:22
mnaser	so certainly some work would have to be done to make sure no one can access v1, except lbaas	00:23
*** JudeC has quit IRC		00:26
*** tongl has quit IRC		00:27
rm_work	mnaser: right, you can expose the API via a LB or something	00:31
rm_work	you can also run them separately	00:32
rm_work	so, one box runs the API with v1 enabled, and is ACL'd to specifically the neutron-lbaas boxes	00:32
rm_work	and a different box/VM runs the api with only v2 enabled	00:32
mnaser	rm_work yeah that's a way around it	00:32
mnaser	we run stuff in nspawn containers so tha tshould be easy to do	00:33
rm_work	yep	00:33
mnaser	we run master octavia alongside newton and its working nicely now, just have some patches to magnum and it'll be working really nicely	00:33
johnsom	Good to hear	00:34
rm_work	we're running master octavia alongside liberty :P	00:35
rm_work	we should actually maybe put a recommendation somewhere for that	00:36
rm_work	like ... we recommend you ignore the version of the cloud you're running, and always run the newest release of octavia	00:36
johnsom	A full install guide is on my "wish I had time to do that now" list	00:36
rm_work	johnsom: my patch IS going to need a recheck anyway, I kinda want to put in the comment you asked for	00:38
johnsom	Ok	00:38
rm_work	johnsom: do you know if there's a bug to link from haproxy/ubuntu?	00:38
rm_work	I think you said you'd seen one	00:38
johnsom	It was in the release notes	00:38
rm_work	ugh k	00:40
rm_work	well whatever i'll just comment	00:40
johnsom	I'm looking to see if I can find the bug	00:40
johnsom	Nah, I'm not going to dig	00:42
rm_work	k	00:43
rm_work	just needs the +2 again then	00:43
openstackgerrit	Adam Harwell proposed openstack/octavia master: Properly handle more states from HAProxy health messages https://review.openstack.org/487671	00:43
johnsom	Done	00:44
*** catintheroof has quit IRC		00:44
rm_work	rechecking some others >_>	00:47
rm_work	ugh yeah that's gonna take a while	00:58
rm_work	test nodes dropped significantly and queue spiked to 8k	00:58
rm_work	funtimes	00:58
*** https_GK1wmSU has joined #openstack-lbaas		01:44
*** https_GK1wmSU has left #openstack-lbaas		01:45
rm_work	down to about 4k...	01:58
*** slaweq has joined #openstack-lbaas		02:07
*** slaweq has quit IRC		02:11
*** KeithMnemonic has quit IRC		02:14
*** yamamoto has quit IRC		02:24
*** yamamoto has joined #openstack-lbaas		02:30
*** yamamoto has quit IRC		02:35
*** fnaval has quit IRC		02:35
*** yamamoto has joined #openstack-lbaas		02:36
*** sanfern has quit IRC		02:37
*** yamamoto has quit IRC		02:41
*** fnaval has joined #openstack-lbaas		02:44
*** fnaval has quit IRC		02:44
*** yamamoto has joined #openstack-lbaas		02:45
*** fnaval has joined #openstack-lbaas		02:45
openstackgerrit	yanpuqing proposed openstack/neutron-lbaas master: Add "delay" value determination for health monitor https://review.openstack.org/489584	03:08
*** gtrxcb has joined #openstack-lbaas		03:21
*** yamamoto has quit IRC		03:33
*** links has joined #openstack-lbaas		03:48
*** yamamoto has joined #openstack-lbaas		03:49
*** sanfern has joined #openstack-lbaas		04:01
*** yamamoto has quit IRC		04:05
*** yamamoto has joined #openstack-lbaas		04:10
*** gcheresh_ has joined #openstack-lbaas		04:12
*** gongysh has joined #openstack-lbaas		04:13
rm_work	why are the gates soooo broken T_T	04:49
*** yamamoto has quit IRC		04:50
*** yamamoto has joined #openstack-lbaas		05:07
*** ssmith has joined #openstack-lbaas		05:16
*** ajo has quit IRC		06:11
openstackgerrit	yanpuqing proposed openstack/neutron-lbaas master: Add "delay" value determination for health monitor https://review.openstack.org/489584	06:15
*** slaweq has joined #openstack-lbaas		06:15
openstackgerrit	yanpuqing proposed openstack/neutron-lbaas master: Add "delay" value determination for health monitor https://review.openstack.org/489584	06:33
*** pcaruana has joined #openstack-lbaas		06:34
*** rcernin has joined #openstack-lbaas		06:46
*** aojea has joined #openstack-lbaas		07:07
*** ducnc has joined #openstack-lbaas		07:13
openstackgerrit	Merged openstack/octavia master: Properly handle more states from HAProxy health messages https://review.openstack.org/487671	07:30
*** kobis has joined #openstack-lbaas		07:35
*** Guest14 has joined #openstack-lbaas		07:39
*** gtrxcb has quit IRC		07:44
*** tesseract has joined #openstack-lbaas		07:48
*** aojea has quit IRC		07:49
*** aojea has joined #openstack-lbaas		07:49
*** aojea has quit IRC		07:54
*** aojea has joined #openstack-lbaas		07:59
*** ssmith has quit IRC		08:00
rm_work	these failures on the multinode are perplexing	08:23
nmagnezi	rm_work, kinda like lottery as a service	08:24
rm_work	ah this one is different	08:24
nmagnezi	rm_work, https://review.openstack.org/#/c/487565 one minor comment here	08:24
rm_work	is it just me or is the error message here a little ... weird	08:25
rm_work	http://logs.openstack.org/78/489678/2/check/gate-octavia-v1-dsvm-py3x-scenario-multinode/b2a843b/logs/screen-o-cw.txt.gz#_Aug_02_06_05_53_773124	08:25
rm_work	"Max retries exceeded"	08:25
rm_work	like ... 40 times? uhh	08:25
rm_work	someone doesn't know what "max" means	08:26
nmagnezi	O_o	08:27
openstackgerrit	Adam Harwell proposed openstack/python-octaviaclient master: Remove reqs from test-req that exist in req https://review.openstack.org/487565	08:27
rm_work	(that was not actually the problem)	08:28
nmagnezi	rm_work, possibly this has something to do with how we use requests https://github.com/openstack/octavia/blob/b3506fa3ebdd48806d80e42f15c612412412a160/octavia/amphorae/drivers/haproxy/rest_api_driver.py#L271	08:32
rm_work	hmmm	08:32
rm_work	looks like nova barfed on a create of one of the test members (not even an amp) >_>	08:33
*** openstackgerrit has quit IRC		08:33
rm_work	http://logs.openstack.org/78/489678/2/check/gate-octavia-v1-dsvm-py3x-scenario-multinode/b2a843b/logs/screen-n-cpu.txt.gz#_Aug_02_06_00_36_074096	08:34
nmagnezi	yikes	08:34
rm_work	maybe happens more often on multi-node?	08:34
nmagnezi	that's a question for the infra folks i guess	08:35
rm_work	i guess it really starts at http://logs.openstack.org/78/489678/2/check/gate-octavia-v1-dsvm-py3x-scenario-multinode/b2a843b/logs/screen-n-cpu.txt.gz#_Aug_02_06_00_13_991464	08:35
*** https_GK1wmSU has joined #openstack-lbaas		08:36
*** https_GK1wmSU has left #openstack-lbaas		08:37
*** aojea has quit IRC		08:41
*** aojea_ has joined #openstack-lbaas		08:41
rm_work	multinode is failing on my other patch too >_>	08:44
*** aojea_ has quit IRC		08:55
*** aojea has joined #openstack-lbaas		08:57
*** belharar has joined #openstack-lbaas		08:59
*** belharar has quit IRC		09:00
*** belharar has joined #openstack-lbaas		09:02
*** aojea_ has joined #openstack-lbaas		09:09
*** aojea has quit IRC		09:09
rm_work	ugh the issue is different EVERY time	09:09
rm_work	one time it just stopped in the middle of the install and failed	09:09
rm_work	one time it failed building a VM in nova	09:10
rm_work	one time curl died while downloading the base amp image for DIB	09:10
rm_work	one time it just ... lost connection to one of the other nodes in the multinode group	09:10
rm_work	http://logs.openstack.org/15/489015/4/check/gate-octavia-v1-dsvm-scenario-multinode/0171086/logs/devstacklog.txt.gz#_2017-08-02_05_36_25_315	09:11
nmagnezi	rm_work, maybe file a bug and ask for some advise @ #openstack-infra ?	09:20
rm_work	i think it's just that shit is unstable right now and we're getting hit by a variety of issues... probably just need to let things settle	09:20
rm_work	gonna go to bed and check it out in the morning	09:22
rm_work	ugh, meeting in ~7.5h	09:22
rm_work	hopefully will be there...	09:23
nmagnezi	rm_work, good night :)	09:28
*** openstackgerrit has joined #openstack-lbaas		09:30
openstackgerrit	Adam Harwell proposed openstack/octavia master: WIP: Floating IP Network Driver (spans L3s) https://review.openstack.org/435612	09:30
rm_work	night :P	09:30
*** ducnc has quit IRC		09:41
*** sanfern has quit IRC		10:56
*** atoth has quit IRC		11:05
*** Guest14 is now known as ajo		11:11
*** gongysh has quit IRC		11:15
openstackgerrit	Rajat Sharma proposed openstack/octavia master: Stop using deprecated CORS.set_latent() https://review.openstack.org/489169	11:16
openstackgerrit	Nir Magnezi proposed openstack/octavia master: Stop using deprecated CORS.set_latent() https://review.openstack.org/489169	11:39
openstackgerrit	Merged openstack/octavia master: Barbicanclient is refactoring, this fixes one of our bad tests https://review.openstack.org/489678	11:55
*** atoth has joined #openstack-lbaas		11:58
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-octaviaclient master: Updated from global requirements https://review.openstack.org/488171	12:27
*** sanfern has joined #openstack-lbaas		12:31
*** belharar has quit IRC		12:57
*** yamamoto has quit IRC		13:02
*** belharar has joined #openstack-lbaas		13:03
*** yamamoto has joined #openstack-lbaas		13:18
*** belharar has quit IRC		13:32
*** belharar has joined #openstack-lbaas		13:40
*** gcheresh_ has quit IRC		13:49
*** yamamoto has quit IRC		13:55
-openstackstatus- NOTICE: We have disable infracloud-vanilla due to the compute host running mirror.regionone.infracloud-vanilla.o.o being offline. Please recheck your failed jobs to schedule them to another cloud.		13:57
*** sanfern has quit IRC		14:04
*** sanfern has joined #openstack-lbaas		14:05
*** slaweq has quit IRC		14:14
*** slaweq has joined #openstack-lbaas		14:15
*** slaweq has quit IRC		14:19
*** fnaval has quit IRC		14:46
*** armax_ has joined #openstack-lbaas		14:53
*** armax has quit IRC		14:53
*** armax_ is now known as armax		14:53
*** yamamoto has joined #openstack-lbaas		14:55
*** gcheresh_ has joined #openstack-lbaas		14:57
*** fnaval has joined #openstack-lbaas		14:59
*** yamamoto has quit IRC		15:00
*** links has quit IRC		15:01
*** kobis has quit IRC		15:16
*** armax has quit IRC		15:19
openstackgerrit	Merged openstack/python-octaviaclient master: Updated from global requirements https://review.openstack.org/488171	15:25
*** armax has joined #openstack-lbaas		15:28
*** gcheresh_ has quit IRC		15:31
*** tomtomtom has quit IRC		15:32
*** armax has quit IRC		15:33
*** belharar has quit IRC		15:54
*** links has joined #openstack-lbaas		15:59
*** catintheroof has joined #openstack-lbaas		15:59
*** catintheroof has quit IRC		16:00
*** catintheroof has joined #openstack-lbaas		16:00
*** isantosp_ has quit IRC		16:04
*** rcernin has quit IRC		16:08
*** pcaruana has quit IRC		16:14
*** armax has joined #openstack-lbaas		16:18
*** gans has joined #openstack-lbaas		16:40
*** JudeC has joined #openstack-lbaas		16:51
johnsom	Octavia meeting starting soon on #openstack-meeting	16:56
*** gans has quit IRC		16:56
*** gans has joined #openstack-lbaas		16:57
*** rm_mobile has joined #openstack-lbaas		16:59
*** tesseract has quit IRC		17:07
*** harlowja has joined #openstack-lbaas		17:13
*** rm_mobile has quit IRC		17:17
*** sshank has joined #openstack-lbaas		17:19
*** gans has quit IRC		17:30
openstackgerrit	Adam Harwell proposed openstack/octavia master: Correct status for disabled members (honest abe edition) https://review.openstack.org/489015	17:52
*** jniesz has joined #openstack-lbaas		18:01
*** links has quit IRC		18:31
*** jniesz has quit IRC		18:39
*** sshank has quit IRC		18:51
*** sshank has joined #openstack-lbaas		18:51
*** atoth has quit IRC		18:57
*** apuimedo has quit IRC		19:00
openstackgerrit	Santhosh Fernandes proposed openstack/octavia master: Adding exabgp-speaker element to amphora image https://review.openstack.org/490164	19:13
*** gcheresh_ has joined #openstack-lbaas		19:18
*** sshank has quit IRC		19:19
*** sshank has joined #openstack-lbaas		19:27
*** sshank has quit IRC		19:29
openstackgerrit	Nir Magnezi proposed openstack/python-octaviaclient master: Remove reqs from test-req that exist in req https://review.openstack.org/487565	19:42
*** gcheresh_ has quit IRC		19:46
*** sshank has joined #openstack-lbaas		19:51
*** sshank has quit IRC		19:55
*** gcheresh_ has joined #openstack-lbaas		20:02
openstackgerrit	Santhosh Fernandes proposed openstack/octavia master: [WIP] Adding exabgp-speaker element to amphora image https://review.openstack.org/490164	20:11
*** sshank has joined #openstack-lbaas		20:14
rm_work	yes another different multinode failure: http://logs.openstack.org/54/485254/4/gate/gate-octavia-v1-dsvm-py3x-scenario-multinode/052d1e0/logs/screen-o-cw.txt.gz#_Aug_02_19_13_24_674444	20:23
rm_work	multinode has been failing like 3/4 of the time for the past day	20:23
rm_work	but it's always different	20:23
johnsom	We have been seeing that 404 for a while. Some of the other recent failures I have seen are libvirt/qemu crashing again	20:24
johnsom	I have that 404 on my list to investigate. On the surface it looks like the interface is never added by the kernel. I mostly see it on non-multinode jobs though.	20:25
*** gcheresh_ has quit IRC		20:26
*** sshank has quit IRC		20:27
*** sshank has joined #openstack-lbaas		20:27
openstackgerrit	Santhosh Fernandes proposed openstack/octavia master: [WIP] Adding exabgp-speaker element to amphora image https://review.openstack.org/490164	20:27
*** aojea_ has quit IRC		21:00
*** aojea has joined #openstack-lbaas		21:01
openstackgerrit	Adam Harwell proposed openstack/octavia master: WIP: Floating IP Network Driver (spans L3s) https://review.openstack.org/435612	21:03
*** yamamoto_ has joined #openstack-lbaas		21:08
*** yamamoto_ has quit IRC		21:15
*** yamamoto_ has joined #openstack-lbaas		21:17
*** eandersson has joined #openstack-lbaas		21:35
openstackgerrit	German Eichberger proposed openstack/octavia master: Ignore 404 amphora error when deleting resources https://review.openstack.org/487232	21:35
xgerman_	most of the people doing work are not known well in the org	21:38
xgerman_	I think they just made him a tetconic core…	21:38
johnsom	xgerman_ Wrong channel	21:38
mnaser	is there a way to get the list of IPs that a LB can have?	21:42
mnaser	it seems that when using octavia in active_standby, the traffic obviously doesnt come from the vip	21:43
*** sshank has quit IRC		21:43
mnaser	k8s by default has some firewalling so only allow the loadbalancer ip	21:43
mnaser	so.. it blocks traffic	21:43
johnsom	Yeah, the source should come from the base port IP. It's going to be dhcp'd or assigned by neutron when the LB is created from the subnet/network specified when the LB is created.	21:44
johnsom	For testing/manual, when you nova list as the octavia user or admin, the base port IP is listed	21:45
mnaser	johnsom is there a way to get that somehow exposed or automated	21:46
mnaser	cause i dont think a user would be able to see it, would they?	21:47
johnsom	Well, the thing to note is if that amp fails over, that IP can change	21:47
johnsom	No, that detail is hidden from an end user	21:47
mnaser	johnsom bummer. i have to try and figure out how to make this work, k8s filters traffic from the vips (i guess it assumes traffic will only come from that ip)	21:48
* mnaser thinks		21:48
johnsom	You could make a patch that causes the traffic to come from the VIP IP.	21:48
johnsom	Your case is you are relying on the VIP network default route right? No member subnets?	21:49
mnaser	johnsom yes, its all in the same l2 domain	21:49
*** ajo has quit IRC		21:49
johnsom	Yeah, because member subnet source IPs are also allocated by neutron, so would be a problem too	21:50
mnaser	if i can send traffic with the source being the vip, that's good enough for me	21:50
mnaser	technically i should be able to because i assume octavia creates allowed_address_pairs	21:50
johnsom	Yeah, give me a minute to find the setting that will need to go into the haproxy config	21:51
* mnaser looks aswell		21:51
johnsom	http://cbonte.github.io/haproxy-dconv/1.6/configuration.html#5.2-source	21:53
johnsom	That will need to be added to the jinja template, then code added to set it to be the vip IP	21:53
mnaser	oooo nice	21:53
johnsom	If you are going to upstream that, we need to think about how to a) make it an operator option, b) only do it for members that have the same subnet as the VIP.	21:54
rm_work	yeah, the jinja templates are configurable without patching too, I think right?	21:54
rm_work	we made it a path in config	21:54
rm_work	IIRC	21:54
rm_work	so it's a deployer choice thing	21:55
mnaser	rm_work they are i believe	21:55
mnaser	haproxy_template	21:55
rm_work	yes	21:55
rm_work	so any deployer (you) can do whatever special sauce they need	21:55
rm_work	this qualifies i think	21:55
mnaser	(im searching through the code)	21:55
johnsom	Yeah, the VIP IP should already be a variable for jinja, so probably no code change needed if you do it local	21:55
rm_work	though MAYBE this could be useful for others	21:55
mnaser	well i would prefer to upstream because i dont want to maintain a custom template that might deviate with new updates	21:55
mnaser	i could implement it as a config option	21:56
*** sshank has joined #openstack-lbaas		21:56
johnsom	https://github.com/openstack/octavia/blob/master/octavia/common/jinja/haproxy/templates/macros.j2#L142	21:56
mnaser	johnsom if we add it for all, wouldnt the traffic return through the default route so it should be okay?	21:57
mnaser	vip: 10.0.0.1/24, vms: 10.1.0.0/24, traffic sent to 10.1.0.0 from 10.0.0.1 will go through router (there has to be one in the first place if they dont share l2)	21:58
mnaser	vm in 10.1.0.0/24 doesnt have direct route, falls back to default (the router) and then router sends to vip	21:58
johnsom	That setting will force the backend connection, for that member, to have a source IP of the VIP IP. For most deployments, that is bad.	21:58
mnaser	i guess i'm not seeing the other use cases, in k8s the load balancers sits entirely in the same subnet/network	21:59
mnaser	and relies on floating ips to get public ip	21:59
mnaser	but im starting to see where you're getting at	21:59
mnaser	public ip for vip, members in a private network, bad things	21:59
johnsom	I.e. member subnet is 10.1.0.0/24 and vip is 10.2.0.0/24, a source IP of 10.2.0.1 on subnet 10.1.0.0/24 will get dropped/ignored	22:00
johnsom	Yep, you got it	22:00
mnaser	i could do the source for same l2 only	22:00
openstackgerrit	German Eichberger proposed openstack/octavia master: ACTIVE-ACTIVE Topology: Initial Distributor Driver Mixin https://review.openstack.org/313006	22:01
*** armax has quit IRC		22:01
xgerman_	you can also change K8 to accept a netmask	22:07
*** aojea has quit IRC		22:08
*** aojea has joined #openstack-lbaas		22:08
mnaser	xgerman_ LoadBalancerSourceRanges are specified in the spec of the service and make poor user experience	22:08
mnaser	for example using something like helm.. you'd have the whole automation gone	22:09
xgerman_	I don’t follow but I also never have used helm — my understanding is K8 creates LB to forward traffic to their nodes… so if anything it should be an operator setting in K8	22:12
xgerman_	another thing I have heard about is that people wanted to restrict which traffic can enter the VIP…	22:12
*** aojea has quit IRC		22:13
mnaser	xgerman_ im going to do a bit more reading and check.. kubernetes creates a bunch of complicated iptables rules so let me rule them out	22:14
xgerman_	yeah, they use iptable rules so all those service ports are proxied around	22:15
*** sshank has quit IRC		22:24
*** yamamoto_ has quit IRC		22:29
*** sshank has joined #openstack-lbaas		22:29
*** https_GK1wmSU has joined #openstack-lbaas		22:31
openstackgerrit	Merged openstack/octavia master: Fix haproxy_check_script for delete listener https://review.openstack.org/485254	22:32
*** yamamoto has joined #openstack-lbaas		22:32
*** https_GK1wmSU has left #openstack-lbaas		22:34
*** yamamoto has quit IRC		22:36
*** yamamoto has joined #openstack-lbaas		22:41
*** yamamoto has quit IRC		22:44
*** catintheroof has quit IRC		22:44
*** fnaval has quit IRC		22:54
*** yamamoto has joined #openstack-lbaas		22:56
*** fnaval has joined #openstack-lbaas		22:59
*** fnaval has quit IRC		22:59
*** fnaval has joined #openstack-lbaas		23:00
*** gtrxcb has joined #openstack-lbaas		23:06
*** yamamoto has quit IRC		23:11
*** yamamoto has joined #openstack-lbaas		23:14
*** tongl has joined #openstack-lbaas		23:26
*** apuimedo has joined #openstack-lbaas		23:26
*** sshank has quit IRC		23:50

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!