Tuesday, 2018-03-20

*** yamamoto has quit IRC		00:26
*** yamamoto has joined #openstack-lbaas		00:28
*** yamamoto has quit IRC		00:28
*** openstackgerrit has joined #openstack-lbaas		00:36
openstackgerrit	Michael Johnson proposed openstack/neutron-lbaas master: Gate API test for the lbaasv2-proxy plugin https://review.openstack.org/539350	00:36
johnsom	Any arguments with deleting this test?	00:39
johnsom	https://github.com/openstack/neutron-lbaas/blob/master/neutron_lbaas/tests/tempest/v2/api/test_health_monitor_admin.py#L87	00:39
johnsom	Creating a health monitor with a project_id different than the rest of the LB.	00:40
*** yamamoto has joined #openstack-lbaas		01:07
*** fnaval has joined #openstack-lbaas		01:22
*** yamamoto has quit IRC		01:27
*** jaff_cheng has joined #openstack-lbaas		01:55
*** dayou has quit IRC		01:56
*** annp has joined #openstack-lbaas		01:56
*** links has joined #openstack-lbaas		02:40
*** yamamoto has joined #openstack-lbaas		03:52
xgerman_	johnsom: they said they would send that. We really need to get Octavia into more hands…	03:53
*** yamamoto has quit IRC		04:01
*** yamamoto has joined #openstack-lbaas		04:04
*** Bar__ has joined #openstack-lbaas		04:06
Bar__	hey, I'm not entirely sure how to approach the requirements issue: https://review.openstack.org/#/c/531257/	04:07
*** yamamoto has quit IRC		04:08
*** yamamoto has joined #openstack-lbaas		04:09
*** yamamoto has quit IRC		04:14
*** yamamoto has joined #openstack-lbaas		04:16
*** Bar__ has quit IRC		04:27
*** yamamoto has quit IRC		04:27
*** yamamoto has joined #openstack-lbaas		04:28
*** jaff_cheng has quit IRC		04:33
*** jaff_cheng has joined #openstack-lbaas		04:33
openstackgerrit	Merged openstack/octavia master: Periodic job to build + publish diskimage https://review.openstack.org/549259	04:34
*** yamamoto has quit IRC		04:43
*** yamamoto has joined #openstack-lbaas		04:46
*** chenghang has joined #openstack-lbaas		04:56
*** jaff_cheng has quit IRC		04:57
*** imacdonn has quit IRC		05:14
*** imacdonn has joined #openstack-lbaas		05:14
openstackgerrit	Jacky Hu proposed openstack/octavia-dashboard master: Align model with v2 api https://review.openstack.org/554198	05:42
openstackgerrit	Jacky Hu proposed openstack/octavia-dashboard master: Being able to change insert headers of listener https://review.openstack.org/549999	05:43
openstackgerrit	Michael Johnson proposed openstack/octavia master: Neutron-LBaaS to Octavia migration tool https://review.openstack.org/554420	06:13
johnsom	Bar__ Commented on your patch	06:20
*** Jack_Iv has joined #openstack-lbaas		06:22
*** Jack_Iv has quit IRC		06:26
*** kobis has joined #openstack-lbaas		06:36
*** dayou has joined #openstack-lbaas		06:48
*** kobis has quit IRC		06:57
*** kobis has joined #openstack-lbaas		06:57
*** kobis has quit IRC		06:59
*** rcernin has quit IRC		07:23
*** rcernin has joined #openstack-lbaas		07:24
*** rcernin has quit IRC		07:24
*** chenghang has quit IRC		07:25
*** jaff_cheng has joined #openstack-lbaas		07:26
*** ivve has joined #openstack-lbaas		07:31
*** pcaruana has joined #openstack-lbaas		07:34
*** tesseract has joined #openstack-lbaas		08:00
*** AlexeyAbashkin has joined #openstack-lbaas		08:04
openstackgerrit	Merged openstack/neutron-lbaas-dashboard master: Adds some notes on running both dashboards https://review.openstack.org/544589	08:19
openstackgerrit	Michal Kelner Mishali proposed openstack/neutron-lbaas master: DNM: check support for neutron ext from master https://review.openstack.org/554452	08:25
*** kobis has joined #openstack-lbaas		08:26
*** redondo-mk has quit IRC		08:30
*** redondo-mk has joined #openstack-lbaas		08:31
openstackgerrit	Nguyen Hai proposed openstack/python-octaviaclient master: Minor changes in docs https://review.openstack.org/554467	09:07
*** vegarl has quit IRC		09:14
*** vegarl has joined #openstack-lbaas		09:14
rm_work	johnsom: that thread honestly seems more positive than negative, and i think besides maybe making a few things seem a bit scarier or more broken than they are with Octavia (which was reconciled in a followup, hopefully people read them) it was kinda just a call for people to freaking deploy this project	09:31
rm_work	johnsom: ah also, https://review.openstack.org/#/c/554420/ is one of the things i was thinking of looking at -- do you want help in any way or rather just power through it?	09:40
*** yamamoto has quit IRC		10:04
*** yamamoto has joined #openstack-lbaas		10:09
*** salmankhan has joined #openstack-lbaas		10:13
*** yamamoto has quit IRC		10:14
*** jaff_cheng has quit IRC		10:46
*** rcernin has joined #openstack-lbaas		11:02
*** rcernin has quit IRC		11:06
*** yamamoto has joined #openstack-lbaas		11:10
*** yamamoto has quit IRC		11:12
*** yamamoto has joined #openstack-lbaas		11:12
*** annp has quit IRC		11:15
*** pcaruana has quit IRC		11:23
*** dayou has quit IRC		11:25
*** salmankhan1 has joined #openstack-lbaas		11:32
*** salmankhan has quit IRC		11:32
*** salmankhan1 is now known as salmankhan		11:32
*** yamamoto has quit IRC		11:40
*** yamamoto has joined #openstack-lbaas		11:41
*** dayou has joined #openstack-lbaas		11:47
*** pcaruana has joined #openstack-lbaas		11:55
*** atoth has joined #openstack-lbaas		12:20
*** openstackgerrit has quit IRC		12:33
*** AlexeyAbashkin has quit IRC		12:48
*** kobis has quit IRC		12:54
*** AlexeyAbashkin has joined #openstack-lbaas		13:10
rm_work	xgerman_: confirmed the upgrade works fine on the backup members thing	13:13
*** voelzmo has joined #openstack-lbaas		13:40
*** voelzmo has quit IRC		13:41
*** voelzmo has joined #openstack-lbaas		13:42
*** salmankhan has quit IRC		13:48
*** fnaval has quit IRC		13:48
*** links has quit IRC		13:51
*** dmellado has quit IRC		13:55
rm_work	tested the member backup thing in devstack, seems to work as expected and upgrade seems fine	13:56
*** voelzmo has quit IRC		14:01
*** voelzmo has joined #openstack-lbaas		14:04
*** salmankhan has joined #openstack-lbaas		14:04
*** fnaval has joined #openstack-lbaas		14:06
*** kobis has joined #openstack-lbaas		14:07
*** voelzmo has quit IRC		14:08
*** yamamoto_ has joined #openstack-lbaas		14:12
*** yamamoto has quit IRC		14:12
*** pcaruana has quit IRC		14:21
*** toker_ has joined #openstack-lbaas		14:26
*** salmankhan has quit IRC		14:27
toker_	Hi guys, when creating loadbalancer members trhough terraform I see the following in my logs,	14:28
toker_	2018-03-20 14:17:03.821 1 INFO octavia.api.v1.controllers.member [req-35707af3-6ff7-4f35-9f57-7bc5cb5cdb1c 5fc177cdfe7340399332ece2c09cd11c aff54c4fc2024c2c938def4effbba20e - default default] Member cannot be created or modified because the Load Balancer is in an immutable state	14:28
*** pcaruana has joined #openstack-lbaas		14:28
toker_	[3:21 PM] Patrik Martinsson: 2018-03-20 14:17:03.826 1 DEBUG wsme.api [req-35707af3-6ff7-4f35-9f57-7bc5cb5cdb1c 5fc177cdfe7340399332ece2c09cd11c aff54c4fc2024c2c938def4effbba20e - default default] Client-side error: Load Balancer a95fbd62-4611-49c6-bee2-594122e002e8 is immutable and cannot be updated. format_exception /usr/lib/python2.7/site-packages/wsme/api.py:222	14:28
toker_	Which results in that only a few of my backends gets added to my pool.	14:28
toker_	Is this something anyone recognises ? https://openstack.nimeyo.com/117375/openstack-operators-octavia-heat-octavia-deployment-with <- This seems to be the same issue, but with HEAT-deployment instead...	14:29
*** voelzmo has joined #openstack-lbaas		14:32
*** voelzmo has quit IRC		14:37
johnsom	toker_ Hi. The heat issue is due to problems in neutron. It looks like you are also using neutron-lbaas which has known problems, especially when used with tools like terraform. These are all resolved and not an issue if you use Octavia without neutron-lbaas. Have you considered running it that way?	14:38
toker_	johnsom: ah cool! Yes, well the reason I'm using neutron is because I'm on OSP 12... And they only had experimental support for octavia (through neutron).. I'm not sure how easy it would be to run without neutron ?	14:40
johnsom	toker_ Ah, yeah, they will have it fully available in OSP 13. cgoncalves Any advice here?	14:41
toker_	Yea, we are kinda waiting for that OSP 13 release. But yes, if there were an "easy" (or actually any way I guess) that we could skip neutron and go directly via Octavia API that would be great.	14:42
toker_	I mean, we got everything working through Neutron at this point. How hard is it to "skip neutron and talk to Octavia API directly" ?	14:44
johnsom	There is certainly a way, I was hoping our friends working on OSP were around to give advice. I’m not sure which version of Octavia 12 includes.	14:45
johnsom	Well, from a high level it is a setting change and using a different endpoint if you have Octavia Pike or newer, but with the packaged stuff it might be a bit more involved	14:46
* cgoncalves reads		14:46
johnsom	We have other folks using terraform directly to Octavia	14:47
*** voelzmo has joined #openstack-lbaas		14:47
johnsom	Because of these problems in neutron-lbaas	14:47
toker_	Using OSP 12 ?	14:47
johnsom	No, the ones I know of personally are not deploying with OSP	14:49
*** fnaval has quit IRC		14:49
*** fnaval has joined #openstack-lbaas		14:49
cgoncalves	toker_: OSP12 does not support Octavia as you rightfully said it. Octavia is deployable now in OSP13 and targeting full support	14:50
toker_	Ok, well we are still "testing" OSP and hacking around in it quite much anyway, so.	14:50
cgoncalves	you could install Octavia packages from OSP12 channels but they're not supported	14:51
toker_	cgoncalves: well the installation is already there	14:51
toker_	I have it working..	14:51
toker_	But through neutron	14:51
toker_	I want to expose Octavia API directly from the controller(S)	14:51
cgoncalves	toker_: ok, you should be able to do that with the provided Octavia packages in OSP12	14:53
*** dmellado has joined #openstack-lbaas		14:54
toker_	Hm, well the the config I have today for the octavia-api only binds on the internal_api network. How do make it publicly available? I tried changing the bind_add in the octavia.conf under [DEFAULT] but that didn't work (I'm not sure that's they way to do it).	14:54
toker_	Should octavia-api be exposed through apache ? Or is it just a daemon that listens on a port ?	14:55
*** dmellado has quit IRC		14:56
cgoncalves	toker_: https://github.com/openstack/puppet-octavia/blob/master/manifests/api.pp	14:58
cgoncalves	toker_: I can't find any reference to "bind_add" parameter in octavia code	15:00
johnsom	bind address	15:00
toker_	Hm, but that only defines the port 9876 (internal_api), what makes it listen on 13876 ?	15:00
toker_	It suppose listen on multiple ports no ?	15:00
*** dmellado has joined #openstack-lbaas		15:01
rm_work	no, it only has one address	15:01
rm_work	you just need to add the service entry to keystone, and enable v2 api, and disable v1 api	15:01
rm_work	and probably also you will want to disable the event-streamer stuff on the octavia side	15:02
rm_work	and uninstall neutron-lbaas	15:02
rm_work	i can find links to examples of most of that	15:02
*** voelzmo has quit IRC		15:02
rm_work	let me see...	15:02
rm_work	https://github.com/openstack/octavia/blob/master/etc/octavia.conf#L37-L38	15:03
*** voelzmo has joined #openstack-lbaas		15:03
rm_work	you'll want v1 False, v2 True	15:03
rm_work	https://github.com/openstack/octavia/blob/master/etc/octavia.conf#L80	15:03
toker_	Hm, if I do, openstack catalog show octavia, I see 'public: https://cloud:13876'. But I cant find anything listening on that port, thats why I get confused	15:03
rm_work	you'll want that set back to the default of "noop_event_streamer"	15:03
rm_work	hmm that is weird	15:03
rm_work	must be some OSP thing	15:03
rm_work	you can probably ignore that	15:03
*** dmellado has quit IRC		15:04
rm_work	and just remove that entry, and add one like this:	15:04
rm_work	type: load-balancer, name: octavia, endpoints: https://wherever:9876	15:04
toker_	oh..	15:05
toker_	Hm I see..	15:05
*** dmellado has joined #openstack-lbaas		15:05
toker_	But the enpoint address should be the one I bind octavia to, right ?	15:07
rm_work	yes	15:07
toker_	I see	15:07
rm_work	which by default would be :9876	15:07
toker_	Cool	15:07
rm_work	there is not really an internal/external	15:07
toker_	okok, let me see	15:08
rm_work	we just expose one api	15:08
rm_work	it is the same for admin/public/internal	15:08
rm_work	but make sure to disable api_v1	15:08
rm_work	it is insecure	15:08
rm_work	that is how neutron-lbaas communicates with octavia (no auth)	15:08
rm_work	also make sure it is set to keystone here for auth: https://github.com/openstack/octavia/blob/master/etc/octavia.conf#L25	15:09
toker_	okok	15:09
rm_work	cgoncalves: know what would be cool? a script to convert an OSP12 install from n-lbaas+octavia to pure octavia ;)	15:09
cgoncalves	rm_work: won't happen although... https://review.openstack.org/#/c/554420/	15:10
*** salmankhan has joined #openstack-lbaas		15:10
toker_	hehe well, to get octavia working in osp 12, there was a lot of manual configuration, and I'm not sure many customer using it..	15:10
cgoncalves	yeah, now imagine in a containerized overcloud	15:11
toker_	... our is containerized ><	15:12
cgoncalves	lol	15:12
*** dmellado has quit IRC		15:16
toker_	Hm, binding in on the port that is exposed as "loadbalancer", results in the following error "Max retries exceeded with url: /v2.0/lbaas/loadbalancers (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_record', 'wrong version number')],)",),))"	15:20
toker_	Seems a bit fishy ...	15:20
rm_work	erm	15:21
rm_work	so if you are containerized, i wonder if octavia is exposing :9876 inside the container but outside it's something else, maybe even with something in front of it doing SSL?	15:21
toker_	Hm, good points.	15:22
rm_work	you said it had another port listed before	15:22
rm_work	13876?	15:22
rm_work	i wonder if that is the external port number	15:22
rm_work	maybe an OSP specific thing	15:22
*** salmankhan has quit IRC		15:23
*** salmankhan has joined #openstack-lbaas		15:23
toker_	LISTEN 0 5 <ip>:13876 : users:(("octavia-api",pid=849234,fd=4))	15:25
rm_work	k	15:25
toker_	so it seems to me like octavia-api is binding to the right port	15:25
rm_work	then yeah, use that port instead	15:25
rm_work	must be OSP's ssl proxy in front of octavia's api	15:26
rm_work	the way they expose it	15:26
toker_	well, I can put 9876 there as well, restart it, and 'ss' shows that ports.	15:26
toker_	Hm, I'm not really sure how ssl is terminated	15:26
*** yamamoto_ has quit IRC		15:27
rm_work	doesn't matter much, though i'd recommend using the standard port number just for ease of reference later	15:30
toker_	yes absolutely, I agee.	15:31
toker_	Still confused about that ssl-error though.	15:31
rm_work	hmmm	15:40
toker_	Running it in debug mode from cli, this is what shows up	15:41
toker_	192.168.225.64 - - [20/Mar/2018 15:40:26] code 400, message Bad request syntax ("\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\xe1\xd2\x9cy\xa4u\xec?\xfa\xa1\xeb\xc7z\x98[\x11\xcaV\xde\xd7d\x8a\xcc\xa9B\x8c\xe6H\x8c\xf7\xb3\x84\x00\x00\x86\xc0,\xc00\xcc\xa9\xcc\xa8\xc0\xaf\xc0\xad\xc0+\xc0/\xc0\xae\xc0\xac\xc0$\xc0(\xc0s\xc0w\xc0#\xc0'\xc0r\xc0v\xc0")	15:41
toker_	192.168.225.64 - - [20/Mar/2018 15:40:26] "��Ҝy�u�?��z�[�V��d�̩B��H��,�0̨̩��+�/��$�(�s�w�#�'�r�v�" 400 -	15:42
toker_	Oh	15:45
toker_	I think its its the firewall. We have a firewall, that should be "smart" and let through 'tls' traffic. In this case, I guess it fails. It starts by letting it through, and then determines that it probably wasn't 'tls' and closes the connection. Running curl on the same instance where octavia is running works.	15:46
johnsom	toker_ openssl s_client -connect <ip>:<port> should dump some certificate data to help you see what is listening there	15:47
toker_	johnsom: yhanks, yeah, I think I got it.	15:48
rm_work	my guess is that it's just the octavia endpoint on HTTP not HTTPS	15:57
rm_work	and that you should change the endpoint to http:// or else put something in that container that can expose it via SSL	15:58
*** kobis has quit IRC		16:00
*** kobis has joined #openstack-lbaas		16:01
*** kobis has quit IRC		16:05
*** salmankhan has quit IRC		16:06
*** salmankhan has joined #openstack-lbaas		16:07
xgerman_	johnsom: any way to see if a —cascade on an LB succeeded	16:08
xgerman_	?	16:08
toker_	rm_work: you're right. It is not exposed through https.	16:08
xgerman_	not one of our design goals but you know those users don’t trust us with their deletes	16:08
rm_work	umm	16:08
toker_	Thats why I was wondering before how you expose the octavia api	16:08
rm_work	if the LB is gone? lol	16:09
xgerman_	rm_work: we report 404 right away	16:09
toker_	So if you want it behind https, you proxy it through apache for example ?	16:09
rm_work	err	16:09
rm_work	xgerman_: no?	16:09
xgerman_	yep, my assessment as well	16:09
rm_work	PENDING_DELETE LBs will not return 404	16:09
rm_work	if they do a show on the LB it will return as PENDING_DELETE	16:09
rm_work	if it goes away, then the delete worked :P	16:10
xgerman_	ok, they claim pools, etc. are still visible but LB is 404	16:10
rm_work	umm	16:10
xgerman_	time to dive into the delete code	16:10
toker_	cgoncalves: how do plan to expose octavia api behind https in OSP 13 ?	16:11
johnsom	I am lost on this thread	16:11
rm_work	I don't think that's possible	16:11
rm_work	xgerman_: the flows for it wouldn't allow that	16:11
johnsom	xgerman_ What is your reference? I know we have a disconnect with octavia returning "DELETED" records when other services return 404	16:11
johnsom	I proposed a change for that: https://review.openstack.org/#/c/545493/ but we need to dig into it a bit.	16:12
xgerman_	no, they say pools are still around but LB shows deleted. We run a linear flow nut the pool step is an unordered flow…	16:15
xgerman_	so I would assume it wold wait for the pools to be deleted before moving on	16:15
*** voelzmo has quit IRC		16:17
rm_work	yes	16:21
rm_work	it's an unordered flow inside a linear flow	16:21
rm_work	so the whole unordered flow finishes first	16:21
rm_work	then it moves on	16:21
rm_work	what they're saying is impossible	16:21
rm_work	so my guess is they are misunderstanding or mistaking something	16:22
johnsom	Yeah, I'm not sure the DB relation would even allow a pool without an LB....	16:22
rm_work	well	16:23
rm_work	technically the LB is there	16:23
rm_work	so it's ok	16:23
rm_work	just "DELETED"	16:23
johnsom	Ah, yes, true	16:23
xgerman_	yeah, I am a bit puzzled, too	16:25
xgerman_	unless task flow somehow doesn’t wait for the unordered flows to finish	16:26
rm_work	the flows just won't let it happen	16:26
rm_work	the LB can't go to DELETED unless the pools are gone	16:26
rm_work	i mean, that's taskflow's one job	16:26
rm_work	lol	16:26
johnsom	xgerman_ Well if someone kill -9 it DURING the flow....	16:26
rm_work	johnsom: it'd be stuck in PENDING_DELETE	16:27
rm_work	not DELETED	16:27
johnsom	right	16:27
rm_work	there is no way for it to get to DELETED and have the pools not be DELETED too	16:27
rm_work	I require proof. pics or it didn't happen	16:27
johnsom	lol, I have to agree	16:27
xgerman_	my delete was awfully fast but…	16:27
rm_work	someone somewhere is mistaken	16:27
johnsom	They aren't looking via neutron are they? now strange junk like that will happen in neutron, but not octavia	16:28
*** yamamoto has joined #openstack-lbaas		16:28
rm_work	yeah neutron, who knows	16:28
xgerman_	no, they have a new spiffy prurge script in golang which is highly parallel	16:28
xgerman_	and using gophercloud	16:28
johnsom	Yeah, so would break horribly if neutron-lbaas is in the mix, but will work fine with octavia	16:29
xgerman_	we got rid of neutron-lbaas together	16:30
*** salmankhan has quit IRC		16:32
rm_work	ok	16:32
rm_work	then yeah it should still be fine	16:32
*** yamamoto has quit IRC		16:34
*** salmankhan has joined #openstack-lbaas		16:37
*** sshank has joined #openstack-lbaas		16:40
*** salmankhan has quit IRC		16:53
*** AlexeyAbashkin has quit IRC		16:53
*** kobis has joined #openstack-lbaas		17:02
toker_	thanks for all the help guys, as a POC I just put nginx infront of octavia to expose it through tls. works flawless !	17:04
rm_work	:)	17:06
*** salmankhan has joined #openstack-lbaas		17:11
*** kobis has quit IRC		17:14
rm_work	wait... https://review.openstack.org/#/c/518455/ implies that SNI is broken right now in n-lbaas? and maybe in Queens?	17:14
toker_	2018-03-20 17:16:30.510 1 DEBUG wsme.api [req-1c2d011b-1600-4288-8b4b-c2c3d0bd64b8 66c0a56ab4c9fe86633bb2637c611db1b374fd02f355e6d7896b81d463fa3b0d 3c82c9bca0604a46b1eae338de6fd44b - 93f57ee0547f4c90a3680ee70f827f2e 93f57ee0547f4c90a3680ee70f827f2e] Client-side error: Policy does not allow this request to be performed. format_exception /usr/lib/python2.7/site-packages/wsme/api.py:222 :(	17:17
toker_	I guess I jumped the gun.. :(	17:17
toker_	Hm, I don't seem to get to use Octavia api as a member...	17:18
toker_	When I was admin it worked...	17:18
johnsom	toker_ https://github.com/openstack/octavia/tree/master/etc/policy	17:21
johnsom	toker_ Octavia uses the new RBAC policy scheme by default (like nova), but you can drop that copy that policy file over to /etc/octavia/policy.json to put it back to the old way where you don't need to be a "load-balancer member".	17:22
johnsom	https://docs.openstack.org/octavia/latest/configuration/policy.html	17:22
toker_	Oh, I thought I read somewhere about that. Thanks for the pointer!	17:22
*** salmankhan has quit IRC		17:23
toker_	If I now use the Octavia endpoint directly. Is there anything I need to disable / remove from neutron to not make it "confused" ? I mean as long as I use the correct endpoint neutron-lbaas shouldn't care right ?	17:26
*** salmankhan has joined #openstack-lbaas		17:27
rm_work	i would disable neutron-lbaas entirely	17:27
rm_work	you really do not want both running	17:27
rm_work	or rather, to be communicating with both at the same tim	17:28
rm_work	*time	17:28
toker_	Hm, I have no processes named anything like lbaas	17:28
rm_work	it'd be in the neutron container? I think?	17:29
rm_work	it just runs as part of neutron, it isn't a process	17:29
rm_work	you need to edit the neutron configuration and disable the lbaas plugin	17:30
toker_	'/etc/neutron/neutron_lbaas.conf' <- I have this file though	17:30
rm_work	yeah but not that	17:30
*** yamamoto has joined #openstack-lbaas		17:30
rm_work	should be /etc/neutron/neutron.conf i think	17:30
toker_	service_provider=LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default <- and that line	17:30
toker_	in neutron.conf	17:30
rm_work	hmmmm yeah there should be more	17:31
rm_work	johnsom: how does neutron decide to load the lbaas extension?	17:31
toker_	service_plugins=qos,router,trunk,lbaasv2 <- this line ?	17:31
johnsom	They run inside neutron process	17:31
rm_work	yes	17:31
rm_work	there it is	17:31
johnsom	yes that line	17:31
rm_work	get rid of lbaasv2	17:31
rm_work	and restart neutron api	17:31
toker_	ok, but the service provider line is fine ? and neutron_lbaas.conf I dont touch	17:32
toker_	ok	17:32
rm_work	none of that matters if the plugin isn't loaded	17:32
rm_work	you can remove the entire neutron_lbaas.conf	17:32
rm_work	it won't be loaded	17:32
toker_	Ok I see, and how about the service_provider line ? what does that do ?	17:32
rm_work	i'm surprised that's in neutron.conf? prolly it can do too	17:33
rm_work	*it can go too	17:33
toker_	Oh! No I remember now.. I put it there...	17:33
toker_	hehe	17:33
toker_	didnt see any reason for it being in neutron_lbaas	17:33
rm_work	it's very specific to neutron-lbaas, lol	17:33
toker_	I'm a very confused man.. Especially when it comes to Openstack	17:33
toker_	hehe	17:33
*** yamamoto has quit IRC		17:36
*** kobis has joined #openstack-lbaas		17:41
*** kobis has quit IRC		17:42
toker_	Hm, ran into this now "* openstack_lb_loadbalancer_v2.lb: openstack_lb_loadbalancer_v2.lb: Resource not found" when trying to create loadbalancer through terraform... "openstack loadbalancer list" however shows my loadbalancer as ACTIVE	17:47
toker_	God dammit so close	17:49
*** kobis has joined #openstack-lbaas		17:49
*** kobis has quit IRC		17:50
*** kobis has joined #openstack-lbaas		17:51
rm_work	hmmm yeah terraform may be trying to do the wrong thing	17:54
rm_work	like, it may be looking for the neutron endpoint and not the load-balancer endpoint	17:54
rm_work	i don't know much about how terraform works but IIRC it was written against neutron-lbaas	17:54
rm_work	which is the same API but it may be looking in the wrong place	17:54
rm_work	probably you want to do an L7 redirect	17:55
toker_	well its weird, I've set the variable use_octavia = "true" which should solve it as I understand it	17:55
rm_work	ah hmmm	17:55
toker_	operating_status \| OFFLINE <- this however is on my loadbalancer	17:55
toker_	Should it say offline ?	17:55
rm_work	ehh	17:56
rm_work	it depends	17:56
rm_work	do you have members?	17:56
toker_	no	17:56
toker_	havent added anything yet	17:56
rm_work	then yes it should say OFFLINE :)	17:56
toker_	Ok	17:56
toker_	I'll try to add members manually	17:56
toker_	and then I debug terraform more	17:56
*** openstackgerrit has joined #openstack-lbaas		17:58
openstackgerrit	Michael Johnson proposed openstack/neutron-lbaas master: Fix proxy extension for neutron RBAC https://review.openstack.org/554004	17:59
openstackgerrit	Michael Johnson proposed openstack/neutron-lbaas master: Gate API test for the lbaasv2-proxy plugin https://review.openstack.org/539350	18:01
toker_	hm, my "loadbalancer" menu dissapeared from horizon after removing lbaasv2 from neutron... was that expected ?	18:13
rm_work	you'll need to switch which plugin you use in horizon	18:13
*** AlexeyAbashkin has joined #openstack-lbaas		18:14
rm_work	from the neutron-lbaas-dashboard to octavia-dashboard	18:14
*** AlexeyAbashkin has quit IRC		18:14
toker_	oh do I need to install octavia-dashboard somehow then ? I only have neutron-lbaas-dashboard now I guess.	18:15
*** AlexeyAbashkin has joined #openstack-lbaas		18:15
rm_work	yes	18:16
toker_	ok ok	18:16
*** harlowja has joined #openstack-lbaas		18:23
toker_	hm, ok so i have my loadbalancer, i added a listener, i added a pool, i added a member to that pool. but operating status says 'OFFLINE'...	18:27
toker_	however curling the loadbalancers vip and my backend is answering	18:28
toker_	Up 49 minutes (unhealthy) octavia_health_manager <- this doesnt seem good thoug	18:28
toker_	2018-03-20 18:28:58.760 20 DEBUG octavia.controller.healthmanager.health_manager [-] Starting amphora health check health_check /usr/lib/python2.7/site-packages/octavia/controller/healthmanager/health_manager.py:45 <- this is the only message I get from the healthmanager	18:29
toker_	Is it suppose to work that way ?	18:29
rm_work	you need a healthmonitor	18:29
toker_	ok	18:29
rm_work	yeah pretty much that's it	18:29
rm_work	until stuff happens	18:29
toker_	oh wait, you mean i need to add an healthmonitor to my lb to get it in state "ONLINE" ?	18:30
*** kobis has quit IRC		18:31
*** yamamoto has joined #openstack-lbaas		18:32
rm_work	yes	18:36
rm_work	until then, the pool will be in NO_MONITOR state I believe, and the LB itself will be "OFFLINE"	18:36
rm_work	or is it only the members in NO_MONITOR	18:36
rm_work	anyway, yes, you need a healthmonitor on the pool to get to ONLINE	18:37
toker_	Hm, I added an health-check..I can see that it asks my webserver and gets the response correctly... still says offline though :/	18:37
rm_work	give it like 30s?	18:37
*** yamamoto has quit IRC		18:37
toker_	Hm, no go. I added it a couple of minutes ago, healtmonitor says operating_status \| ONLINE though...	18:38
toker_	wonder why the loadbalancer itself considering it being offline.	18:39
toker_	hehe	18:39
toker_	afaik it works	18:39
toker_	hehe	18:39
rm_work	hmmm	18:40
rm_work	the members each still say OFFLINE tho?	18:40
toker_	https://paste.fedoraproject.org/paste/k0MGHu8VVzfIks42pDeggA	18:40
toker_	theres the output from the loadbalancer, let me check the members	18:40
*** sshank has quit IRC		18:41
openstackgerrit	Merged openstack/neutron-lbaas master: Add a compatible check before creating pool https://review.openstack.org/492357	18:41
toker_	oh wait, the member says "no monitor"	18:41
rm_work	you sure you created a healthmonitor?	18:42
rm_work	:P	18:42
toker_	openstack loadbalancer healthmonitor create --expected-codes 200 --type HTTP --delay 2 --timeout 2 --max-retries 2 5dbf12eb-8c89-4e44-b3af-8064204cfc22	18:42
toker_	thats what I did	18:42
rm_work	hmmm	18:42
rm_work	what's a show for the pool look like?	18:42
toker_	https://paste.fedoraproject.org/paste/NhdQJqFkXxGGOMJDdfQlpQ	18:43
rm_work	hmm yeah so the HM is listed there	18:44
*** AlexeyAbashkin has quit IRC		18:44
rm_work	but then when you do a member list with the pool id	18:45
rm_work	what does that show?	18:45
toker_	let me do this again, i'm sure i've failed somewhere on the way. starting to get really tired now, been working for ages. gimme a minute	18:48
rm_work	eh, it does show the HM there	18:48
rm_work	so I'm not sure why it isn't getting the results	18:48
rm_work	unless your o-hm isn't getting packets	18:48
rm_work	uhh	18:48
rm_work	can you connect to the octavia DB?	18:49
rm_work	or actually...	18:49
toker_	im not sure the octavia-healthmonitor is working as expected	18:49
toker_	I have no way of telling	18:49
rm_work	i just need to know what's in the amphora_health table	18:49
rm_work	if it's empty... then that's the problem	18:49
rm_work	that is how you know if it's working	18:49
rm_work	there will be one entry in the amphora_health table for each amphora	18:49
rm_work	if the table is empty, then o-hm isn't getting packets	18:50
toker_	select * from amphora_health; Empty set (0.00 sec)	18:50
rm_work	you should be able to do `SELECT * from amphora_health ORDER BY last_update` and watch stuff being updated	18:51
rm_work	erg yeah ok	18:51
rm_work	so, it must not be getting health packets	18:51
rm_work	in the octavia config, what does it have for https://github.com/openstack/octavia/blob/master/etc/octavia.conf#L61	18:51
rm_work	controller_ip_port_list	18:51
toker_	its not set :/	18:52
rm_work	hmmm yeah	18:52
toker_	only heartbeat-key and event_streamer is set under health-manager...	18:53
rm_work	so you need to have the IPs of your o-hm machines set	18:53
toker_	ok so I need to get that part working	18:53
toker_	I think I understand	18:53
rm_work	and you need to recreate any amphora	18:53
rm_work	there's no way to update existing ones	18:53
toker_	Understood	18:53
toker_	But I have ssh to them	18:53
rm_work	ah	18:53
toker_	But yea I hear you	18:53
rm_work	then ... yes technically	18:53
toker_	hehe	18:53
rm_work	you could update the config there and restart the agent	18:53
toker_	I hear you	18:54
rm_work	if you want :P	18:54
rm_work	k	18:54
toker_	thanks for all the great support!	18:54
rm_work	also you will need a heartbet_key set	18:54
toker_	awesome!	18:54
rm_work	and make sure event_streamer_driver is noop_event_streamer	18:54
rm_work	and sync_provisioning_status = False	18:54
*** AlexeyAbashkin has joined #openstack-lbaas		19:03
*** salmankhan has quit IRC		19:04
*** kobis has joined #openstack-lbaas		19:08
*** kobis has quit IRC		19:12
*** yamamoto has joined #openstack-lbaas		19:34
*** yamamoto has quit IRC		19:39
*** AlexeyAbashkin has quit IRC		19:51
*** tesseract has quit IRC		19:56
*** kobis has joined #openstack-lbaas		19:59
*** sshank has joined #openstack-lbaas		20:03
*** sshank has quit IRC		20:16
*** openstackgerrit has quit IRC		20:33
*** yamamoto has joined #openstack-lbaas		20:35
*** yamamoto has quit IRC		20:41
*** openstackgerrit has joined #openstack-lbaas		20:42
openstackgerrit	German Eichberger proposed openstack/neutron-lbaas master: Fix proxy extension for neutron RBAC https://review.openstack.org/554004	20:42
*** kobis has quit IRC		20:43
*** kobis has joined #openstack-lbaas		20:44
*** kobis has quit IRC		20:44
*** kobis has joined #openstack-lbaas		20:44
*** kobis has quit IRC		20:45
*** kobis has joined #openstack-lbaas		20:45
*** salmankhan has joined #openstack-lbaas		20:45
*** kobis has quit IRC		20:46
*** kobis has joined #openstack-lbaas		20:46
*** kobis has quit IRC		20:47
*** kobis has joined #openstack-lbaas		20:47
*** kobis has quit IRC		20:47
*** kobis has joined #openstack-lbaas		20:48
*** kobis has quit IRC		20:48
openstackgerrit	Michael Johnson proposed openstack/octavia master: Don't failover amphora with LB in PENDING_* https://review.openstack.org/554694	20:51
johnsom	rm_work I had a note from you on that ^^^ so wrote it up	20:53
rm_work	hmmm	20:54
rm_work	trying to remember	20:54
rm_work	oh right	20:54
johnsom	It's in your "special" (Think SNL) patch	20:55
*** dmellado has joined #openstack-lbaas		20:56
rm_work	lol	20:57
rm_work	yes	20:57
rm_work	i kept meaning to do that	20:57
*** dmellado has quit IRC		20:58
*** dmellado has joined #openstack-lbaas		21:02
*** sshank has joined #openstack-lbaas		21:07
*** dmellado has quit IRC		21:08
*** dmellado has joined #openstack-lbaas		21:12
*** dmellado has quit IRC		21:13
*** dmellado has joined #openstack-lbaas		21:15
*** salmankhan has quit IRC		21:15
*** sshank has quit IRC		21:17
*** AlexeyAbashkin has joined #openstack-lbaas		21:19
*** AlexeyAbashkin has quit IRC		21:23
*** dmellado has quit IRC		21:32
*** yamamoto has joined #openstack-lbaas		21:37
*** yamamoto has quit IRC		21:43
*** salmankhan has joined #openstack-lbaas		22:02
*** dmellado has joined #openstack-lbaas		22:04
*** rcernin has joined #openstack-lbaas		22:13
*** AlexeyAbashkin has joined #openstack-lbaas		22:19
*** AlexeyAbashkin has quit IRC		22:23
*** ianychoi__ is now known as ianychoi		22:32
*** yamamoto has joined #openstack-lbaas		22:39
*** sshank has joined #openstack-lbaas		22:43
*** yamamoto has quit IRC		22:45
*** harlowja has quit IRC		22:57
*** fnaval has quit IRC		23:02
*** fnaval has joined #openstack-lbaas		23:08
*** fnaval has quit IRC		23:09
*** fnaval has joined #openstack-lbaas		23:09
openstackgerrit	German Eichberger proposed openstack/neutron-lbaas master: Fix proxy extension for neutron RBAC https://review.openstack.org/554004	23:13
*** AlexeyAbashkin has joined #openstack-lbaas		23:19
*** AlexeyAbashkin has quit IRC		23:23
*** salmankhan1 has joined #openstack-lbaas		23:31
*** salmankhan has quit IRC		23:33
*** salmankhan1 is now known as salmankhan		23:33
*** yamamoto has joined #openstack-lbaas		23:41
*** yamamoto has quit IRC		23:46
*** harlowja has joined #openstack-lbaas		23:49
*** salmankhan has quit IRC		23:58

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!