Saturday, 2018-01-27

« Friday, 2018-01-26 Index Sunday, 2018-01-28 »
srihasjohnsom: just a doubt 00:25 < johnsom> Hmm, ok can you paste your "netstat -rn" -> inside namespace?00:00
srihasjohnsom: not a devstack. backed by Cisco ACI with opflex00:00
johnsomOk00:01
srihasnewton on ubuntu00:01
johnsomsrihas The route show table command shows if there are policy based routes enabled. These don't show up in the netstat -rn.00:02
srihashttp://paste.openstack.org/show/654192/00:04
srihasjohnsom: ok00:04
johnsomOk, no PBR games....00:08
johnsomAnd from inside the netns you can't directly curl the backend web servers?00:10
srihasjohnsom: no, I cant00:13
johnsomYeah, I think this is a lower level networking issue in the stack.  It seems like that tap interface in the netns isn't working00:13
srihasjohnsom: ok, I cant visualise a logical architecture of this LB setup and the way its talking to VMs. Is there any guide to understand it?00:15
johnsomWell, at this point it isn't the LB at all.00:15
srihasaha00:15
srihasthings in ACI?00:15
johnsomThe network namespace is created on the neutron controller host.  This is like an isolate environment for networking, as if it was on another host.00:16
srihasyeah00:16
johnsomIn this case there is one interface, your tapb12054f1-10 interface. This is line the nic (network card) for this other host.00:16
johnsomfrom inside that network namespace you should be able to ping it's gateway 192.168.180.1 or the web servers since they are on the same subnet.00:17
johnsomThis isn't working, which means this nic (tap) is not working, or it's not plugged into something correctly.00:17
srihasI can ping GW but not the VM strangely00:18
johnsomSo, yes, it could be an issue with how ACI and neutron are configured or working00:18
johnsomsrihas, ok, so that is at least one good step.  So maybe that gateway doesn't have a working router?00:19
johnsomOr bridge I guess in this case00:19
srihasIt has a working router I assume, because I can ping one VM from another over 192 network00:19
johnsomI don't know how ACI and neutron work together. I have not used ACI00:19
srihasnp00:20
johnsomsrihas ok, so that is good.  So it's likely just something wrong with this tap.00:20
johnsomhang on a second00:20
srihasok00:20
johnsomI'm going to look at the code for this driver and see if I can see how it creates that tap00:20
srihasok. ty00:21
johnsomSo it uses the neutron interface driver: https://github.com/openstack/neutron-lbaas/blob/master/neutron_lbaas/drivers/haproxy/namespace_driver.py#L8800:25
johnsomAnd creates it here: https://github.com/openstack/neutron-lbaas/blob/master/neutron_lbaas/drivers/haproxy/namespace_driver.py#L31800:25
Bar_I suspect the scenario I have suggested (occupied sec-group) won't revert nicely, for several reasons. It seems as the get_delete_load_balancer_flow was not written to handle failures.00:26
johnsomBar_ No, that is not correct.00:26
Bar_johnsom, would you care to explain?00:27
johnsomsrihas So I'm guessing there is some issue between the configured neutron interface driver and the ACI environment.  Sadly this is getting outside my knowledge area. You might try asking in the #openstack-neutron channel if someone can help debug that tap interface and the network topology with ACI.00:28
johnsomBar_ get_delete_load_balancer_flow is written to handle failures.  Very explicitly actually.00:28
johnsomsrihas It's something with that interface driver, I just have no idea what00:29
Bar_I must be missing something, I had expected the tasks to implement revert method, but there is none.00:29
Bar_e.g. network_tasks.UnplugVIP00:30
srihasjohnsom: I have a doubt, where are drivers located on my host?00:30
srihasjohnsom: nvm, found it00:31
johnsomsrihas It's configured in the /etc/neutron/l3_agent.ini00:32
srihas/usr/lib/python2.7/dist-packages/neutron_lbaas/drivers/haproxy/namespace_driver.py00:33
srihas I meant this johnsom00:33
johnsomsrihas Oh, that is the lbaas driver yes, but not the problem interface driver00:33
srihasinterface_driver = openvswitch00:33
srihasovs_integration_bridge = br-int00:33
johnsomHmm, ok, so it is setting up a local openvswitch. I wonder if that is plugged into your ACI00:34
*** rstarmer has quit IRC00:35
johnsomBar_ That is correct, if UnplugVIP fails, there is no remediation action required for that step in the flow.  Though all of the other steps in that flow fire their reverts.00:36
johnsomhttps://docs.openstack.org/octavia/latest/_images/LoadBalancerFlows-get_delete_load_balancer_flow.svg00:36
johnsomIn this case we are saying "If the unplug VIP task fails, we are in a place the code does not have tools to resolve beyond what was tried in the code." so we revert up the chain, which for that one, basically means we  mark the LB in ERROR and stop.00:37
johnsomBar_ VIPs are important to handle carefully as the user may have apps expecting that IP address or quota, such as a heat template, or a well known IP to their application.  We don't want to do more harm than good with the VIP.00:38
Bar_johnsom, so if VIP deletion fails, then LB will result in ERROR, correct?00:39
johnsomWe could consider adding retry steps to the flow if we think these are transient failures.00:39
johnsomBar_ Corrent, the LB will go into provisioning_status ERROR00:40
johnsomCorrent->Correct00:40
Bar_yeah... so it won't revert cleanly to a useful state. that's what I was afraid of.00:41
johnsomBar_ What do you mean about a "useful state" it completely reverts to the correct state of "ERROR"00:41
Bar_johnsom, if I had only left the sec-group orphan, would it be as bad?00:41
Bar_in other words, I'll ignore error in deletion of the security group, but I will fail to task for failure to delete the port.00:42
*** yamamoto has joined #openstack-lbaas00:43
Bar_useful state = I can still use the LB. just as if I never had issued a deletion flow.00:43
johnsomWell, yes, that is exactly how it behaves.  Since there is no listener on the LB (you can call delete) it is not accepting traffic on any ports anyway, so yes, it behaves the same as it did before the delete call.00:45
johnsomIt is also indicating that there is an error that is blocking the successful delete of the LB and that resources are still in use.00:46
*** salmankhan has quit IRC00:49
johnsomIt also leaves it in a state that allows the user to try again.00:50
johnsomBar_ Does that help to explain that flow?00:53
Bar_johnsom, if there is no problem to re-delete a loadbalancer in ERROR state, then I think I'm good.00:55
johnsomBar_ Yes, the user "escape" option for any resource in "ERROR" is to call delete00:55
johnsomIt allows them to delete and recreate any entity on the LB that fails in a way we can't automatically recover it, i.e. "ERROR".00:57
Bar_johnsom, ok, thanks. Just to make sure, if I fail to delete the security group, it is a good-enough reason in your opinion, to fail to whole deletion flow, correct?00:58
johnsomThat is our current model, because if we left it there is still an SG in use for that project.  It still counts against a quota, etc.00:59
xgerman_+101:01
johnsomIt's getting late and I'm struggling to remember all of those scenarios. I.e. if the SG is still on the port will neutron fail to delete the port, etc.  There are also subtleties in who owns which part. Is is an Octavia service account resource or a user resource.01:01
Bar_johnsom, just one more scenario: if I fail to delete the SG, should I give up on trying to delete the VIP?01:03
johnsomBar_ Yeah, that is the part I'm not sure right now. I would have to re-evaluate that.01:04
johnsomI mean, if we are going to revert the flow anyway, due to resource in use, we might as well stop there and not try to continue.01:05
johnsomIt makes it better for the operator if they are trying to manually resolve the underlying failure.01:05
Bar_ok then01:06
*** AlexeyAbashkin has joined #openstack-lbaas01:08
Bar_johnsom, thanks for the exlpanations. Unless there's something you wish to keep/merge from this patch, you can force-abandon it. (since i'm unable to do that)01:08
johnsomYou can't abandon it?  It's your patch??? You should be able to .01:09
Bar_I have written it from another user, I'm afraid.01:09
johnsomAh, multiple personalities...  Grin01:10
johnsomHa, ok, sure NP01:10
*** slaweq has joined #openstack-lbaas01:10
Bar_thx01:11
johnsomWe might want to consider adding more retry steps for transient errors. We do not do that in many, if any, of the flows.01:11
*** AlexeyAbashkin has quit IRC01:12
Bar_we could, plus there's taskflow support for this.01:13
*** slaweq has quit IRC01:15
rm_workyeah, taskflow-level retries would be neat01:17
rm_workand yeah, the VIP is usually the LAST thing to go regardless of whether it's technically required, because once we lose the VIP there's no getting it back, so it's the only truly unrecoverable thing that can happen01:17
*** yamamoto has quit IRC01:18
johnsomBar_ Yes, that is why I said in the flows...01:21
*** Bar_ has quit IRC01:33
*** rstarmer has joined #openstack-lbaas02:01
*** rstarmer has quit IRC02:05
*** bbzhao has quit IRC02:12
*** bbzhao has joined #openstack-lbaas02:12
*** rstarmer has joined #openstack-lbaas02:15
*** yamamoto has joined #openstack-lbaas02:19
*** HW-Peter has quit IRC02:22
*** yamamoto has quit IRC02:28
*** eN_Guruprasad_Rn has joined #openstack-lbaas02:35
*** rstarmer has quit IRC02:36
*** rstarmer has joined #openstack-lbaas02:46
*** rstarmer has quit IRC02:55
*** harlowja_ has quit IRC03:08
*** harlowja has joined #openstack-lbaas03:55
openstackgerritHengqing Hu proposed openstack/octavia master: Add SDK list to octavia user docs  https://review.openstack.org/53832304:04
*** fnaval has joined #openstack-lbaas04:04
*** armax has quit IRC04:25
*** armax has joined #openstack-lbaas04:26
*** armax has quit IRC04:26
*** armax has joined #openstack-lbaas04:27
*** armax has quit IRC04:27
*** armax has joined #openstack-lbaas04:27
*** armax has quit IRC04:28
*** armax has joined #openstack-lbaas04:28
*** armax has quit IRC04:28
*** armax has joined #openstack-lbaas04:29
*** armax has quit IRC04:29
*** fnaval has quit IRC05:22
*** gcheresh has joined #openstack-lbaas05:31
*** kevinbenton has quit IRC05:37
*** kevinbenton has joined #openstack-lbaas05:40
*** gcheresh has quit IRC06:14
openstackgerritOpenStack Proposal Bot proposed openstack/octavia-dashboard master: Imported Translations from Zanata  https://review.openstack.org/53776506:28
*** harlowja has quit IRC06:42
*** fnaval has joined #openstack-lbaas06:53
*** fnaval has quit IRC06:58
*** slaweq has joined #openstack-lbaas07:12
*** slaweq has quit IRC07:17
*** fnaval has joined #openstack-lbaas07:51
*** fnaval has quit IRC07:55
*** aojea has joined #openstack-lbaas08:12
*** slaweq has joined #openstack-lbaas08:17
*** AlexeyAbashkin has joined #openstack-lbaas08:37
openstackgerritMichael Johnson proposed openstack/octavia master: Handle missing security groups on listener delete  https://review.openstack.org/53840808:51
*** AlexeyAbashkin has quit IRC09:22
*** aojea has quit IRC09:28
*** aojea_ has joined #openstack-lbaas09:51
*** slaweq has quit IRC10:00
*** slaweq has joined #openstack-lbaas10:02
*** slaweq has joined #openstack-lbaas10:02
*** aojea_ has quit IRC10:03
*** aojea_ has joined #openstack-lbaas10:03
*** slaweq has quit IRC10:40
*** slaweq has joined #openstack-lbaas10:41
*** slaweq_ has joined #openstack-lbaas10:46
*** slaweq has quit IRC10:46
*** fnaval has joined #openstack-lbaas10:51
openstackgerritHengqing Hu proposed openstack/octavia-dashboard master: Change "Method" to "Algorithm" in pool step  https://review.openstack.org/53842210:53
*** fnaval has quit IRC10:55
*** eanderson_ has joined #openstack-lbaas11:09
*** eandersson has quit IRC11:11
*** aojea_ has quit IRC11:38
*** yamamoto has joined #openstack-lbaas11:39
*** aojea_ has joined #openstack-lbaas12:00
*** aojea_ has quit IRC12:01
*** aojea_ has joined #openstack-lbaas12:02
*** aojea_ has quit IRC12:04
*** salmankhan has joined #openstack-lbaas12:32
*** aojea has joined #openstack-lbaas12:46
*** aojea has quit IRC13:00
*** yamamoto has quit IRC13:29
*** Alex_Staf has joined #openstack-lbaas13:40
*** fnaval has joined #openstack-lbaas13:50
*** Alex_Staf has quit IRC13:51
*** fnaval has quit IRC13:55
*** yamamoto has joined #openstack-lbaas13:57
*** ipsecguy_ has quit IRC13:58
*** ipsecguy has joined #openstack-lbaas13:58
*** salmankhan has quit IRC13:58
*** fnaval has joined #openstack-lbaas14:51
*** yamamoto has quit IRC14:53
*** yamamoto has joined #openstack-lbaas14:54
*** fnaval has quit IRC14:55
*** ivve has quit IRC15:00
*** yamamoto has quit IRC15:01
*** ivve has joined #openstack-lbaas15:15
*** armax has joined #openstack-lbaas16:01
*** yamamoto has joined #openstack-lbaas16:09
*** yamamoto has quit IRC16:14
*** harlowja has joined #openstack-lbaas16:34
*** yamamoto has joined #openstack-lbaas16:43
*** yamamoto has quit IRC16:43
*** fnaval has joined #openstack-lbaas16:54
*** fnaval has quit IRC16:58
*** armax has quit IRC16:58
*** yamamoto has joined #openstack-lbaas17:44
*** fnaval has joined #openstack-lbaas17:51
*** fnaval has quit IRC17:55
*** yamamoto has quit IRC17:58
*** eanderson_ has quit IRC18:00
openstackgerritOpenStack Proposal Bot proposed openstack/octavia master: Updated from global requirements  https://review.openstack.org/53847418:06
*** AlexeyAbashkin has joined #openstack-lbaas18:06
*** AlexeyAbashkin has quit IRC18:11
*** fnaval has joined #openstack-lbaas18:51
*** fnaval has quit IRC18:56
*** AlexeyAbashkin has joined #openstack-lbaas19:07
*** AlexeyAbashkin has quit IRC19:11
openstackgerritMichael Johnson proposed openstack/octavia master: Handle missing security groups on listener delete  https://review.openstack.org/53840819:29
*** gcheresh has joined #openstack-lbaas19:42
*** fnaval has joined #openstack-lbaas19:51
*** fnaval has quit IRC19:55
openstackgerritOpenStack Proposal Bot proposed openstack/neutron-lbaas master: Updated from global requirements  https://review.openstack.org/53708820:10
*** bbzhao has quit IRC20:42
*** bbzhao has joined #openstack-lbaas20:43
*** slaweq_ has quit IRC21:02
*** slaweq has joined #openstack-lbaas21:11
*** slaweq has quit IRC21:15
*** gcheresh has quit IRC21:29
*** rstarmer has joined #openstack-lbaas21:33
*** fnaval has joined #openstack-lbaas21:51
*** fnaval has quit IRC21:55
*** rstarmer has quit IRC22:08
*** rstarmer has joined #openstack-lbaas22:38
*** rstarmer has quit IRC22:40
*** fnaval has joined #openstack-lbaas22:52
*** fnaval has quit IRC22:56
*** rstarmer has joined #openstack-lbaas23:03
openstackgerritMichael Johnson proposed openstack/octavia master: Re-enable "Page Contents" and update user docs  https://review.openstack.org/53852623:11
*** fnaval has joined #openstack-lbaas23:51
*** rstarmer has quit IRC23:55
*** fnaval has quit IRC23:55
*** rstarmer has joined #openstack-lbaas23:55
« Friday, 2018-01-26 Index Sunday, 2018-01-28 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!