Wednesday, 2018-01-10

« Tuesday, 2018-01-09 Index Thursday, 2018-01-11 »
*** AlexeyAbashkin has joined #openstack-lbaas00:01
*** AlexeyAbashkin has quit IRC00:05
johnsomFYI, the gates are all a mess with RETRY_LIMIT, POST_FAILURE, TIMEOUT, etc. errors.  So, if you see one of those, wait a while and recheck...00:32
johnsomI'm seeing this across projects00:32
johnsomNot just ours00:32
openstackgerritMichael Johnson proposed openstack/octavia master: Fix a typo in the test HTTP server  https://review.openstack.org/53236901:00
openstackgerritMichael Johnson proposed openstack/octavia-tempest-plugin master: Fix a typo in the test HTTP server  https://review.openstack.org/53237301:16
*** numans has quit IRC01:16
*** numans has joined #openstack-lbaas01:17
johnsomCores, those two patches are needed for some octavia-tempest-plugin work Alex is doing.  Please review.  Though note, the gates are all not running at the moment (infra is working on it), so don't expect the runs to finish (start?) any time soon.01:22
*** slaweq has joined #openstack-lbaas02:09
*** slaweq has quit IRC02:13
*** harlowja has quit IRC02:24
*** dougwig has quit IRC02:44
*** annp has joined #openstack-lbaas03:20
*** sanfern has joined #openstack-lbaas03:52
*** AlexeyAbashkin has joined #openstack-lbaas03:52
*** AlexeyAbashkin has quit IRC03:57
*** AlexeyAbashkin has joined #openstack-lbaas04:25
*** AlexeyAbashkin has quit IRC04:29
*** links has joined #openstack-lbaas04:37
*** links has quit IRC04:40
*** links has joined #openstack-lbaas04:46
*** yamamoto has joined #openstack-lbaas04:58
*** harlowja has joined #openstack-lbaas05:24
*** yamamoto_ has joined #openstack-lbaas05:29
*** yamamoto has quit IRC05:33
*** yamamoto has joined #openstack-lbaas05:46
*** yamamoto_ has quit IRC05:49
*** Alex_Staf has joined #openstack-lbaas06:03
*** oanson has joined #openstack-lbaas06:06
*** irenab has joined #openstack-lbaas06:07
*** oanson has quit IRC06:18
*** oanson has joined #openstack-lbaas06:22
*** pcaruana has joined #openstack-lbaas06:27
*** pcaruana has quit IRC06:33
*** pcaruana has joined #openstack-lbaas06:34
openstackgerrithuangshan proposed openstack/python-octaviaclient master: Add failover an amphora client support  https://review.openstack.org/53242406:36
*** slaweq has joined #openstack-lbaas07:09
openstackgerritAdam Harwell proposed openstack/octavia master: Add api-ref for amphora failover  https://review.openstack.org/53230007:10
openstackgerritAdam Harwell proposed openstack/octavia master: Add unit tests for neutron utils, add model/util for floating_ip  https://review.openstack.org/52535307:10
rm_worksome rebasing07:10
*** slaweq has quit IRC07:14
*** rcernin has quit IRC07:15
*** Rav has joined #openstack-lbaas07:26
*** armax has quit IRC07:35
*** threestrands has quit IRC07:36
*** Alex_Staf has quit IRC07:40
*** armax has joined #openstack-lbaas07:47
*** harlowja has quit IRC07:49
*** AlexeyAbashkin has joined #openstack-lbaas07:57
*** Rav has quit IRC07:59
*** armax has quit IRC08:01
*** b_bezak has joined #openstack-lbaas08:03
*** armax has joined #openstack-lbaas08:08
*** tesseract has joined #openstack-lbaas08:14
*** ianychoi has quit IRC08:35
*** Alex_Staf has joined #openstack-lbaas08:51
*** slaweq_ has joined #openstack-lbaas09:11
*** slaweq_ has quit IRC09:15
*** dayou has quit IRC10:05
*** dmellado has quit IRC10:06
*** dmellado has joined #openstack-lbaas10:07
*** salmankhan has joined #openstack-lbaas10:11
*** yamamoto has quit IRC10:11
*** threestrands has joined #openstack-lbaas10:21
*** dayou has joined #openstack-lbaas10:27
*** annp has quit IRC10:34
*** dmellado has quit IRC10:49
*** sanfern has quit IRC10:55
*** yamamoto has joined #openstack-lbaas10:55
*** reedip has quit IRC11:06
*** AlexeyAbashkin has quit IRC11:18
*** AlexeyAbashkin has joined #openstack-lbaas11:18
*** reedip has joined #openstack-lbaas11:19
*** dmellado has joined #openstack-lbaas11:23
*** dmellado has quit IRC11:32
*** dmellado has joined #openstack-lbaas11:34
*** sanfern has joined #openstack-lbaas11:39
*** dayou has quit IRC11:46
*** dayou has joined #openstack-lbaas11:47
*** dayou has quit IRC11:47
*** dayou has joined #openstack-lbaas11:47
*** dayou has quit IRC11:53
*** yamamoto has quit IRC11:55
*** yamamoto has joined #openstack-lbaas12:00
*** dayou has joined #openstack-lbaas12:03
*** dayou has quit IRC12:03
*** dayou has joined #openstack-lbaas12:03
*** yamamoto has quit IRC12:11
*** yamamoto has joined #openstack-lbaas12:26
*** b_bezak has quit IRC12:26
*** yamamoto has quit IRC12:32
*** dayou_ has joined #openstack-lbaas12:38
*** dayou has quit IRC12:38
*** dayou_ has quit IRC12:42
*** atoth has joined #openstack-lbaas12:42
*** links has quit IRC12:58
*** sri_ has joined #openstack-lbaas13:00
*** b_bezak has joined #openstack-lbaas13:20
*** yamamoto has joined #openstack-lbaas13:21
*** yamamoto has quit IRC13:49
openstackgerritMerged openstack/python-octaviaclient master: Code cleanup  https://review.openstack.org/53004514:37
*** armax has quit IRC14:41
openstackgerritSanthosh Fernandes proposed openstack/octavia master: L3 ACTIVE-ACTIVE Data model impact  https://review.openstack.org/52472214:43
*** yamamoto has joined #openstack-lbaas14:50
*** jniesz has joined #openstack-lbaas14:52
*** longstaf_ has joined #openstack-lbaas14:53
*** yamamoto has quit IRC14:58
-openstackstatus- NOTICE: Gerrit is being restarted due to slowness and to apply kernel patches14:58
*** openstackgerrit has quit IRC15:01
*** sanfern has quit IRC15:01
*** dougwig has joined #openstack-lbaas15:13
*** ianychoi has joined #openstack-lbaas15:14
*** armax has joined #openstack-lbaas15:14
*** numans has quit IRC15:26
*** numans has joined #openstack-lbaas15:28
*** dayou has joined #openstack-lbaas15:59
*** dayou has quit IRC15:59
*** dayou has joined #openstack-lbaas15:59
*** b_bezak has quit IRC16:23
*** sanfern has joined #openstack-lbaas16:26
*** dayou has quit IRC16:43
*** longstaf_ has quit IRC16:45
*** longstaff has joined #openstack-lbaas16:51
*** AlexeyAbashkin has quit IRC16:55
*** longstaff has quit IRC17:02
*** longstaff has joined #openstack-lbaas17:06
*** pcaruana has quit IRC17:11
*** numans has quit IRC17:16
*** harlowja has joined #openstack-lbaas17:16
*** numans has joined #openstack-lbaas17:19
*** dayou has joined #openstack-lbaas17:36
*** Alex_Staf has quit IRC17:36
*** longstaff has quit IRC17:38
*** longstaff has joined #openstack-lbaas17:39
*** dayou has quit IRC17:47
*** dayou has joined #openstack-lbaas18:02
sanfernhi johnsom18:07
*** dayou has quit IRC18:07
johnsomHi18:07
sanfernhow to mock os.path.abspath which is called in __init__ method ?18:07
johnsomOh, we really try to avoid putting code in the __init__ modules18:08
johnsomWhere?18:08
sanfernoh18:08
*** dayou has joined #openstack-lbaas18:09
sanfernhttp://paste.openstack.org/show/8HnYZ79B1AWHPTlvS4eX/18:09
johnsomAh, ok, so you are talking in a class, not a module.  NP18:10
sanfernyes18:11
sanfernI am stuck in mocking that output18:11
johnsomSo, you should be able to mock it with patch like we do other methods.  You just need to do so before the class is instantiated18:11
johnsomDo you have a patch posted?18:11
sanfernnot yet18:12
sanfernhttp://paste.openstack.org/show/VqZvYba7jndlCO5lO31j/18:12
johnsomYeah, doesn't look like it mocked.  Can you paste the test code?18:12
sanfernhttp://paste.openstack.org/show/hf8VxBHX7XglEJ26hfDW/18:13
johnsomYou have to mock that os.path.abspath before this line:         self.test_exabgp = exabgp.ExaBGP()18:14
sanfernoh ok got it my bad18:15
johnsomYou are instantiating the class in the setUp(), so it needs to be mocked there18:15
johnsomNP18:15
*** dayou has quit IRC18:19
*** numans has quit IRC18:19
*** dayou has joined #openstack-lbaas18:19
*** numans has joined #openstack-lbaas18:22
*** openstack has joined #openstack-lbaas18:33
*** ChanServ sets mode: +o openstack18:33
sanfernjason was mentioning we need to support multiple VIPs in a distributor. so we need to be able to plug multiple VIPs into dummy interface.18:33
johnsomSure18:34
*** AlexeyAbashkin has quit IRC18:35
sanfernI had tested in ubuntu  without persistence.  now adding into each entry will be rewriting interface file18:35
sanfernand reloading, is there any other mechanism18:36
*** tesseract has quit IRC18:36
johnsomYes, you can use pyroute2 to update the interface (add the secondary IPs) and also update the config file. This way it doesn't require a reload18:37
*** harlowja has quit IRC18:37
sanfernupdating interface file has to be rewriting entire file , we can not add delta18:37
johnsomYou could also target that specific interface file and only reload it as opposed to all of the interfaces18:38
johnsomYeah, that should be fine18:38
sanfernyes I am doing it now18:38
rm_workjohnsom: in our config, for amphora flavor, we put an ID but do you know if a name would work?18:38
sanferncreated dummy0.cfg only18:38
*** longstaff has quit IRC18:39
johnsomrm_work I'm not sure.  It's basically passed through to nova client, so if the client library does the translation yes.18:40
rm_workwe pass it straight into server.create as flavor, yeah18:40
rm_workso I guess I can try it?18:40
johnsomYeah18:40
johnsomI mean the UUID ID is guaranteed to me unique, where the name column is likely not....18:41
*** longstaff has joined #openstack-lbaas18:43
sanfernjohnsom, template - http://paste.openstack.org/show/iTJWwVGTV5ET0EYpfc5T/18:43
sanfernhere vip_list as to be appended list each time18:43
sanfernso we can update the file always18:44
*** longstaff has quit IRC18:44
johnsomWhy use up and down?18:45
sanfernTo support add multiple vips18:45
sanfernany better approach ?18:46
johnsomAh, yeah, ok, I see, this is the new form.  Ok18:47
johnsomThat should work, though I don't think you need the pre-up post-down either, that is what the iface line defines18:48
sanfernwe tested in our lab18:48
sanfernok18:48
johnsomMaybe it's needed, I'm not positive on that.  Trying to look18:51
sanfernok18:51
sanfernhow to add multiple IP's into interface in RHEL18:52
johnsomI'm not sure, nmagnezi would be best to answer.  Currently we use the alias template, but you might not need to do that. Maybe you do.18:53
johnsomhttps://github.com/openstack/octavia/blob/master/octavia/amphorae/backends/agent/api_server/templates/rh_plug_vip_ethX_alias.conf.j218:53
sanfernI was checking that but no secondaries entry18:54
johnsomYeah, at least before, you had to create an "alias' network config for each secondary Ip18:55
*** b_bezak has joined #openstack-lbaas18:55
*** b_bezak has quit IRC18:57
sanfernoh ok18:57
johnsomYeah, go with what you have for now, I'm not seeing the option I thought existed. It might only be in newer versions19:02
sanfernok19:05
sanfernAre there possible of vip's being mixed versions of ipv4 n ipv619:06
johnsomYes19:06
sanfern:( how to handle that19:07
johnsomLook at our existing templates, they handle v4 and v6 addressing already19:07
sanfernbut there one vip/amp here we are supporting multiple vip's / distributor19:09
*** salmankhan has quit IRC19:10
johnsomThe interfaces of a different version should be setup as dummy0:019:11
*** harlowja has joined #openstack-lbaas19:13
sanfern:)19:14
sanferni thought we will have one interface dummy0 of type dummy and assigned multiple IP's19:15
johnsomYes, you still will, the :0 syntax means secondary IPs, it's required to set the type to v6.  It's still just one dummy0 interface19:16
johnsomAt least in the kernel19:16
johnsomuserspace shows it as another interface19:16
*** harlowja_ has joined #openstack-lbaas19:16
sanfernoh ok19:17
*** harlowja has quit IRC19:19
*** openstackgerrit has joined #openstack-lbaas19:29
openstackgerritSanthosh Fernandes proposed openstack/octavia master: [WIP] ACTIVE-ACTIVE with exabgp-speaker - Octavia agent  https://review.openstack.org/49101619:29
sanfernjohnsom, http://paste.openstack.org/show/LpuVfnLxBmfkaFrsXoan/19:33
sanferni think i messed up in rebase19:34
johnsomYeah, that is an odd state to be in19:35
johnsomI guess if "git status" doesn't show any conflicts you can try "git rebase --continue"19:35
sanfernhttp://paste.openstack.org/show/zCLk8ZFAJilN5yZLfceB/19:39
johnsomUmm, that is bad. you are editing the Merge "Amphora API Failover call" patch19:41
sanfernyeah I did git review, it said rebase required19:42
sanfernafter fixing rebase conflicts i am this state :(19:42
johnsomDid you do the rebase continue I mentioned?19:43
sanfernyes19:46
sanfernafter that same state19:46
johnsomHmm, then it seems something was done wrong before the rebase. Likely the initial git commit -a was not done, but just amend19:47
sanferni did git add --all19:48
jnieszfor the sub-interface configuration, is that really needed for ipv6?19:50
jnieszip command can just add multiple addresses19:50
johnsomjniesz Yeah, the interface definition defines the protocol version.19:51
johnsomiface {{ interface }} inet{{ '6' if vrrp_ipv6 }} static19:51
jnieszyea, i guess it would be that or two dummies19:52
jnieszwhat about ipv4 dummy and ipv6 dummy int19:53
johnsomI would recommend only having one actual "dummy" interface.  The kernel limits the number of those by default, so just creating one dummy0 and then using the secondary IP syntax of :0 should work fine for your needs19:54
jnieszand then centos, I guess have multiple lines"IPADDR0="19:56
jnieszIPADDR119:57
jnieszIPADDR219:57
jnieszetc..19:57
johnsomIt's either that or using the "alias" files.  We would have to check with our RH friends.  Currently we use the "alias" file syntax for the secondary IPs.19:57
openstackgerritSanthosh Fernandes proposed openstack/octavia master: [WIP] ACTIVE-ACTIVE ExaBGP rest api driver  https://review.openstack.org/52700919:57
johnsomI'm a bit rusty on the RH network config files and when I try to research I hit the pay wall, so generally I have to ask for help these days with CentOS/RH issues19:59
jnieszsame here19:59
jnieszi am more familiar with Ubuntu19:59
johnsomI used to have an account, but job transition killed that.  Plus I don't use fedora personally anymore.19:59
*** longstaff has joined #openstack-lbaas19:59
*** dayou has quit IRC20:00
johnsom#startmeeting Octavia20:00
openstackMeeting started Wed Jan 10 20:00:10 2018 UTC and is due to finish in 60 minutes.  The chair is johnsom. Information about MeetBot at http://wiki.debian.org/MeetBot.20:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.20:00
*** openstack changes topic to " (Meeting topic: Octavia)"20:00
openstackThe meeting name has been set to 'octavia'20:00
cgoncalveso/20:00
johnsomHi folks20:00
johnsomAnother fine week working on Octavia20:00
*** longstaff has quit IRC20:00
*** longstaff has joined #openstack-lbaas20:01
jnieszhi20:01
johnsom#topic Announcements20:01
*** openstack changes topic to "Announcements (Meeting topic: Octavia)"20:01
johnsomFeature freeze - Queens MS3 is coming January 22nd20:01
longstaffhi20:01
johnsomJust a reminder, 12 days to feature freeze20:01
johnsom#link https://releases.openstack.org/queens/schedule.html20:01
johnsomRocky (Dublin) PTG planning etherpad20:02
johnsom#link https://etherpad.openstack.org/p/octavia-ptg-rocky20:02
johnsomI have setup an etherpad for the Rocky PTG coming up next month.20:02
johnsomPlease indicate if you will be attending or not and any topics you think we should discuss at the PTG.20:02
johnsomI will then take those and try to make a rough schedule we can use in Dublin.20:03
johnsomAlso of note, zuul has been having a very rough week.20:03
johnsomIf you are seeing RETRY_LIMIT, POST_FAILURE, TIMEOUT, etc. errors about all we can do is wait a while and try a "recheck".20:04
johnsomIt sounds like some of this is due to the hosting providers rolling out patches, some are other zuul issues.20:04
johnsomI hope they can be resolved soon.20:05
johnsomAny other announcements this week?20:05
johnsomOh, I should mention, the discussion about changing to one year release cycles is on hold.  Rocky will be a "normal" release cycle.  Let me see if I can pull up a link to the email.20:06
johnsom#link http://lists.openstack.org/pipermail/openstack-dev/2018-January/126080.html20:06
johnsom#topic Brief progress reports / bugs needing review20:07
*** openstack changes topic to "Brief progress reports / bugs needing review (Meeting topic: Octavia)"20:07
johnsomMoving on, I discovered that our functional test gates for the OpenStackSDK had been disabled while checking on the status of a SDK release for our horizon work.20:08
*** slaweq has joined #openstack-lbaas20:09
nmagnezio/20:09
johnsomI have been fighting with zuul and the gate code to get those re-enabled and optimized to use our noop drivers (since it is just testing the API). I think I have that handled now, but that took much longer than expected.20:09
johnsomI plan to get back to focus on the active/active work today.20:09
*** kowsalya_ has joined #openstack-lbaas20:10
johnsomI also did a big push to catch up on reviews after the break. The team was busy! Which is awesome.  I think we merged a bunch of that stuff already, with more in flight.20:10
johnsomAny other progress updates?20:10
johnsomOk20:11
johnsom#topic Octavia project quota consumption (nmagnezi)20:12
*** openstack changes topic to "Octavia project quota consumption (nmagnezi) (Meeting topic: Octavia)"20:12
nmagnezihey20:12
johnsomNir added a topic to the agenda about quota usage.20:12
nmagneziyup20:12
johnsomI put a short off-the-head response below it.20:12
nmagnezijohnsom, and you provided a feedback in the agenda20:12
johnsom#link https://wiki.openstack.org/wiki/Octavia/Weekly_Meeting_Agenda#Meeting_2018-01-1020:12
*** dayou has joined #openstack-lbaas20:13
johnsomBasically Octavia resources (VMs, ports, security groups, etc.) all use quota from the service account defined in the octavia.conf.20:13
nmagneziexactly20:13
johnsomnmagnezi Did that answer your question or is there more we should discuss20:13
johnsomThis is definitely a topic I want to add to the install guide once I can get that started.20:14
nmagneziso, best practices are not listed in our docs IIRC20:14
cgoncalvesjohnsom: I take that by account you mean project, not (keystone) user20:14
johnsom#link https://github.com/openstack/octavia/blob/master/etc/octavia.conf#L30020:15
nmagnezijohnsom, so in that account (project) you simply set quotas to -1? not sure I followed how RBAC comes into play here20:15
johnsomcgoncalves It includes a user20:15
nmagnezijohnsom, say I create an "Octavia" project and all amphoras live there, I'm still limited by the compute quotas for that project, right?20:16
cgoncalvesjohnsom: right. so best pratice should be a separate project (e.g. called octavia), not using 'admin' or 'service' project20:17
johnsomnmagnezi Correct on the quotas.  The RBAC part is this service account requires some RBAC configuration in neutron.  It needs to have permission to plug ports/networks from tenants into it's own amphora. So, to setup a special service account for Octavia to use, it requires some RBAC configuration in other services.  Similar in barbican depending on how you deploy it.20:17
johnsomcgoncalves Yes20:17
nmagnezijohnsom, alright. and in that dedicated project I will just set quotas to -1 ?20:18
johnsomnmagnezi Yes, you need to set those quotas appropriately for your deployment.  Many will use -1, some might want to set a limit.  Up to the operator20:18
nmagnezijohnsom, thank you. i imagined so, but wanted to hear from you since you already run Octavia in prod :)20:19
cgoncalveswhy aren't we creating a dedicated project in devstack plugin then, if that's the recommended setting?20:19
johnsomAny more discussion on quota before we move on to the next question?20:19
nmagnezijohnsom, I personally have no additional questions. cgoncalves might20:20
johnsomcgoncalves Mostly because it isn't truely needed, simplicity for testing, etc.  devstack != production configuration by any perspective20:20
nmagnezi+1 i think we can / should simply document this20:21
cgoncalvesjohnsom: understood. currently devstack defaults to 'admin' project20:21
cgoncalvesno further questions :)20:21
johnsomdevstack is really for testing and development, where speed is a benefit.  It's a fair argument to set it up that way, it just hasn't happened.20:21
johnsomnmagnezi I am really itching to write that "step-by-step"/"The hard way to install" Octavia installation guide. Sadly I only have so much time and it's not at the top of my priority list right now.  I suspect after I get act/act done/mostly done, it will pop to the top of my list.20:23
johnsomI just know it will take some time and we committed to making progress on Active/Active for Queens.20:23
nmagnezijohnsom, once we are done with the tripleO stuff we can also assist with this20:23
johnsom+120:24
nmagneziwe are getting close btw20:24
johnsom#topic Amphora certificates20:24
*** openstack changes topic to "Amphora certificates (Meeting topic: Octavia)"20:24
johnsomnmagnezi Good to hear20:24
johnsomSo, this question as about the certificates issued to the amphora.  I think there is some confusion on how these work.20:24
* nmagnezi listens20:25
nmagnezii actually read your reply, anything else I was wrong about?20:25
johnsomWhen we create an amphora, each amphora gets issued a unique certificate that has a common name (cn) that is it's amphroa UUID.20:25
nmagneziack. thank u for that correction20:26
johnsomThis is pushed to the amp, along with the CA cert.  Those combined are used for a two-way TLS/SSL authentication between the controller and the amphora. This is our secure command/control20:26
nmagnezibut a question that still remains is, what happens if an amphora lived long enough for that cert to become expire?20:27
johnsomSince many companies have certificate rotation guidelines, and limited lifetimes, we added a certificate rotation component to the housekeeping process.  It monitors the DB for amphora with expiring amphora certificates and issues renewed certificates to the amphroa.20:27
johnsom#link https://github.com/openstack/octavia/blob/master/octavia/cmd/house_keeping.py#L6920:28
nmagneziaha. can you point me to that part? I was not aware of it20:28
johnsomhere and...20:28
nmagnezijohnsom, thanks again :)20:28
johnsom#link https://github.com/openstack/octavia/blob/master/octavia/controller/housekeeping/house_keeping.py#L10520:29
johnsomIt uses a normal taskflow flow, via the controller worker library to rotate those certs.20:29
johnsomSo, that is how it's intended to work.20:29
nmagnezijohnsom, so when an amp run with an expiring cert it will simply stop working (health) and will get swapped with a new one?20:30
nmagneziby "swapped" I mean the currently running amp, not cert. it will generate a new amp with a rotated cert?20:31
johnsomnmagnezi, no, this is for command/control only.  The health heartbeats do not use this certificate.20:31
johnsomThe amps will continue to run, but the controllers will no longer be able to control them as the trust will be broken.20:31
nmagnezijohnsom, so how can an operator manually swap a given amp? kill it via nova and let Octavia spawn a new one?20:32
johnsomheartbeats use a HMAC shared key that is nonced with the amp ID.20:32
nmagneziif it's on ha config I guess the operator can perform a failover (and fail back)20:32
johnsomsorry, nonced -> salted20:33
jnieszshouldn't the cert swap happen prior to expiring?20:33
johnsomRight, if, for some reason the cert expires (which it shouldn't given the housekeeping setup), the operator can either manually issue a cert or failover the amp20:33
johnsomvia the API20:33
johnsomjniesz It does, it starts two weeks before by default config setting.20:34
johnsomIt tries until it is successful20:34
jnieszok, that makes sense20:34
nmagnezijohnsom, so thanks a lot for your answers. I will play with this for a bit, to learn it better.20:35
nmagnezijohnsom, do we have anything about cert rotation in the docs?20:35
cgoncalveswell thought ;)20:35
johnsom#link https://docs.openstack.org/octavia/latest/admin/guides/operator-maintenance.html#rotating-cryptographic-certificates20:36
johnsomThis section, but it could probably use some enhancement20:36
nmagneziwhen I'll spend time on this, I'll try to add information there20:37
nmagnezii have no further questions20:38
johnsom#link https://docs.openstack.org/octavia/latest/configuration/configref.html#house_keeping.cert_interval20:38
johnsomThese are the certificate rotation config settings20:38
johnsominterval is how often it looks for expiring certs, buffer is how far before expiration it should rotate them, threads is how many concurrent rotations the housekeeping process should be doing.20:39
johnsomnmagnezi Cool, thanks20:39
nmagnezijohnsom, thank you :)20:39
johnsom#topic Open Discussion20:40
*** openstack changes topic to "Open Discussion (Meeting topic: Octavia)"20:40
johnsomAny other topics for today?20:40
cgoncalvesjohnsom: you skipped 'provider driver' spec on purpose?20:40
johnsomOpps, nope, oversight20:40
johnsom#link https://review.openstack.org/50995720:40
johnsomThere has been an update to the provider driver spec.  Please re-review the changes.20:41
johnsomThis is a priority spec to get merged, so all votes are very important.20:41
johnsomThanks20:41
nmagneziwill do20:41
cgoncalvesI had a look at it today and seems good to go. will vote20:42
johnsomThank you20:42
johnsomNo other topics for today?20:43
johnsomSince we have a few RH folks here, jniesz had a question about secondary IPs on interfaces.20:44
* nmagnezi listens20:44
johnsomIs the "alias" config file still the only way to stack IPs on a single interface? Or is there a new/better way to do that?20:44
jnieszwe want to implement multiple IP addresses without alias20:44
jnieszas that seems to be deprecated and the old method20:45
jnieszso assign multiple IP addresses to single interface20:45
jnieszhttps://www.irccloud.com/pastebin/VimANHhU/20:45
jniesz^looks like that is the new method20:45
johnsomHe referenced these pay-wall articles:20:45
johnsom#link https://access.redhat.com/solutions/867220:45
johnsom#link https://access.redhat.com/solutions/12722320:45
* nmagnezi looks20:46
jniesz#link https://wiki.debian.org/NetworkConfiguration#Multiple_IP_addresses_on_one_Interface20:46
jnieszthere is a free one for Ubuntu20:46
jniesz: )20:46
johnsomI am too rusty to help with this one and I don't have a RH account any longer.20:47
nmagnezione of those articles does not offer a solution20:47
nmagnezithe second one20:47
nmagnezioffers the same way it's implemented20:47
nmagnezimeaning an alias ifcfg file eth0:1..20:47
*** atoth has quit IRC20:48
nmagnezijniesz, where did you see it got deprecated?20:48
johnsomOk, so the :# syntax via "alias" files is still the method.  I suspected as much.20:48
cgoncalvesactually you can use IPADDRn, yes20:49
jnieszthey do work different as it is not just syntax20:49
cgoncalvesIPADDR2=172.31.33.120:49
jnieszone creates a virtual sub interface20:49
cgoncalvesNETMASK2=255.255.255.020:49
jnieszseems cleaner to me to just add multiple IPs20:50
jnieszlike above with IPADDR220:50
jnieszIPADDR320:50
cgoncalvesyou would get a single ethX with multiple IP addressses20:50
jnieszyea, which is what I want20:50
jnieszto store all the /32 or /128 anycast VIPs20:50
jnieszso the host will accept traffic for the VIP Ip20:50
nmagneziI'm not sue what is the benefit here, but I'm not against this solution20:50
johnsomIt's for a dummy interface for the BGP based L3 Act/Act solution20:51
johnsomCool, so we have an answer for that.  Thanks!20:52
johnsomHelping us, help you...  grin20:52
nmagnezijniesz, if you will send a patch, list me for review. I'll give it some cycles :)20:52
johnsomAny other quick topics in the last few minutes?20:52
jnieszi can send to you, thanks20:53
johnsomThanks folks!  Chat with you all next week if not before.20:54
johnsom#endmeeting20:54
*** openstack changes topic to "Welcome to LBaaS / Octavia - Queens development is now open."20:54
openstackMeeting ended Wed Jan 10 20:54:10 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)20:54
openstackMinutes:        http://eavesdrop.openstack.org/meetings/octavia/2018/octavia.2018-01-10-20.00.html20:54
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/octavia/2018/octavia.2018-01-10-20.00.txt20:54
openstackLog:            http://eavesdrop.openstack.org/meetings/octavia/2018/octavia.2018-01-10-20.00.log.html20:54
nmagnezio/20:54
rm_workerr20:54
rm_workoops20:54
rm_worki just got back from running an errand, forgot today was wednesday T_T20:54
nmagnezirm_work, just in time :D20:54
rm_work... did we discuss anything where my input would actually have been relevant?20:55
johnsomInput is always relevant....20:55
johnsomUmm, nothing too major this week.20:55
johnsomhttp://eavesdrop.openstack.org/meetings/octavia/2018/octavia.2018-01-10-20.00.log.html20:55
nmagnezirm_work, we all agreed to migrate Octavia to ruby20:55
johnsomI answered some questions about quotas and the amp certs20:55
nmagnezirm_work, you were not there so you didn't get to vote20:56
rm_worklol20:56
johnsomHahaha, you know doug did suggest that a few times....20:56
nmagneziyup. i remembered that :)20:56
cgoncalvesrm_work: we're getting final agreement on https://review.openstack.org/#/c/509957/ so you can vote favorably again20:57
*** AlexeyAbashkin has joined #openstack-lbaas21:00
*** AlexeyAbashkin has quit IRC21:04
*** longstaff has quit IRC21:10
*** dayou has quit IRC21:38
*** pcaruana has joined #openstack-lbaas21:42
*** pcaruana has quit IRC21:43
* xgerman_ catching up21:44
*** dayou has joined #openstack-lbaas21:44
openstackgerritMerged openstack/octavia master: ignore api-ref/build directory  https://review.openstack.org/52238521:47
openstackgerritMerged openstack/octavia-tempest-plugin master: Fix a typo in the test HTTP server  https://review.openstack.org/53237321:47
*** dayou has quit IRC21:49
*** threestrands_ has joined #openstack-lbaas21:52
*** threestrands_ has quit IRC21:53
*** threestrands_ has joined #openstack-lbaas21:53
*** threestrands_ has quit IRC21:53
*** threestrands_ has joined #openstack-lbaas21:53
*** threestrands has quit IRC21:54
xgerman_looks like we forgot to tell people to vote in this weeks OpenStack election johnsom, nmagnezi21:55
johnsomYeah, true21:55
xgerman_sorry, was out most of the day because my babysitter overcommitted…21:55
johnsomOpps21:56
*** dayou has joined #openstack-lbaas21:57
*** rcernin has joined #openstack-lbaas22:11
-openstackstatus- NOTICE: The zuul system is being restarted to apply security updates and will be offline for several minutes. It will be restarted and changes re-equeued; changes approved during the downtime will need to be rechecked or re-approved.22:23
*** Alex_Staf has joined #openstack-lbaas22:26
*** barch has joined #openstack-lbaas22:29
barchAre there any installation guides for Lbaas?22:32
barchhttps://bugs.launchpad.net/octavia/+bug/1558369?comments=all22:32
openstackLaunchpad bug 1558369 in octavia "Docs: Installation guide needed for Neutron-LBaaS v2" [Medium,Confirmed] - Assigned to Sindhu Devale (sindhu-devale-3)22:32
johnsomTo answer some of the questions from the neutron channel:22:32
barchAlso last comment says "Dropping to medium given neutron-lbaas pending deprecation status". is lbaas v2 being deprecated now as well?22:33
johnsomYes, neutron-lbaas is going to be deprecated soon as it is no longer needed.  Octavia provides that capability now (though driver support is WIP)22:33
johnsomThe documentation for Octavia is here: https://docs.openstack.org/octavia/latest/22:33
barchSo we are to use octavia APIs directly? no more lbaas v2 apis?22:33
johnsomCorrect, octavia is now a top level openstack service with it's own endpoint and API22:34
johnsomYou no longer need to go through neutron22:34
barchIs this already in effect? for pike release?22:34
johnsomThere is an overview available here: https://docs.openstack.org/octavia/latest/contributor/guides/dev-quick-start.html22:34
johnsomDetailed docs are still WIP.  If this is a new install you could consider using OpenStack Ansible, etc.22:35
johnsomYes, the API became available in Pike22:35
barchWhat would be the recommended solution then for trying out lbaas in a new env22:35
barchshould we still install  the neutron's lbaas-plugin and use that?22:36
johnsomI would recommend going straight to Octavia and not deploying neutron-lbaas.  The only reason you would need neutron-lbaas is to use a driver other than Octavia, which is still WIP for Octavia API22:36
johnsomIf you don't have a reason to install neutron-lbaas, I would not install it.22:36
barchWould it be possible to use Octavia directly, and also use the neutron's lbaas for AVI - in the same env?22:37
barcheg, use both in a mixed env22:37
johnsomI can't answer for AVI, they don't participate in the community so I don't have much information about their offering.22:37
johnsomIn theory, if AVI is implemented as a neutron-lbaas driver, yes, you could deploy it that way.22:38
barchok so to clarify, for octavia at least...22:39
barchin the future (or even now with pike?) we dont need lbaas-plugin (https://github.com/openstack/neutron-lbaas) at all, and don't even need to set any lbaas/octavia service provider or service plguign within Neutron's config22:39
johnsomCorrect, as of Pike, neutron-lbaas is no longer required to use Octavia.22:40
barchWe can just install and create the octavia openstack service, and we talk to it's API endpoints (https://developer.openstack.org/api-ref/load-balancer/v2/index.html) directly22:40
johnsomCorrect22:40
*** threestrands_ has quit IRC22:41
johnsomDid you just want to try this out with devstack?22:41
*** blake has joined #openstack-lbaas22:42
barchNot in devstack, in a full OS env22:43
johnsomOk, I was going to give you the few lines needed for devstack.  Full environment is more work.22:44
barchWhen did octavia become it's own API endpoint/full openstack service?22:46
barchin pike rel?22:46
johnsomWell, the governance change was in Ocata, but yes, the API endpoint was first introduced in Pike.22:46
*** slaweq has quit IRC22:47
johnsomThe 1.0.0 release of Octavia22:47
johnsomhttps://docs.openstack.org/releasenotes/octavia/22:48
barchthx22:55
*** threestrands has joined #openstack-lbaas22:55
*** threestrands has quit IRC22:55
*** threestrands has joined #openstack-lbaas22:55
johnsomNP22:56
*** atoth has joined #openstack-lbaas23:08
*** threestrands has quit IRC23:11
*** threestrands has joined #openstack-lbaas23:20
*** numans has quit IRC23:21
*** numans has joined #openstack-lbaas23:24
*** armax has quit IRC23:36
*** Alex_Staf has quit IRC23:55
*** blake has quit IRC23:57
*** yamamoto has joined #openstack-lbaas23:58
« Tuesday, 2018-01-09 Index Thursday, 2018-01-11 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!