Monday, 2018-06-11

« Sunday, 2018-06-10 Index Tuesday, 2018-06-12 »
*** longkb has joined #openstack-lbaas00:32
*** kiennt26 has joined #openstack-lbaas01:02
*** hongbin has joined #openstack-lbaas01:18
*** phuoc has quit IRC01:28
*** phuoc has joined #openstack-lbaas01:28
*** annp has joined #openstack-lbaas02:03
*** hongbin has quit IRC03:48
*** longkb has quit IRC04:13
*** annp has quit IRC04:13
*** longkb has joined #openstack-lbaas04:13
*** links has joined #openstack-lbaas04:14
*** annp has joined #openstack-lbaas04:14
*** yamamoto has joined #openstack-lbaas04:28
*** kobis has joined #openstack-lbaas04:46
*** kobis has quit IRC05:05
*** AlexeyAbashkin has joined #openstack-lbaas06:04
*** kobis has joined #openstack-lbaas06:04
*** nmanos has joined #openstack-lbaas06:18
openstackgerritRafal Pietrzak proposed openstack/octavia master: Adding support for the octavia listener X-Forwarded-Proto header insertion.  https://review.openstack.org/57322706:20
*** pcaruana has joined #openstack-lbaas06:26
*** yamamoto has quit IRC06:35
*** kiennt26 has quit IRC06:37
*** yamamoto has joined #openstack-lbaas06:41
*** b_bezak has joined #openstack-lbaas07:07
*** rcernin has quit IRC07:10
*** yamamoto has quit IRC07:50
*** links has quit IRC07:50
*** yamamoto has joined #openstack-lbaas07:51
*** yamamoto has quit IRC07:54
*** yamamoto has joined #openstack-lbaas07:54
*** yamamoto has quit IRC07:54
*** yamamoto has joined #openstack-lbaas07:56
*** ispp has joined #openstack-lbaas08:17
openstackgerritAdit Sarfaty proposed openstack/octavia master: Use object instead of object id in the drivers delete callbacks  https://review.openstack.org/57197408:43
openstackgerritAdit Sarfaty proposed openstack/octavia master: Add baseline object in the drivers update callbacks  https://review.openstack.org/57230308:43
openstackgerritJacky Hu proposed openstack/octavia master: fix tox python3 overrides  https://review.openstack.org/57297509:04
openstackgerritbaiwenteng proposed openstack/octavia master: Fix typos in octavia replace seperate with separate  https://review.openstack.org/57418509:28
*** salmankhan has joined #openstack-lbaas09:28
openstackgerritJacky Hu proposed openstack/octavia master: fix tox python3 overrides  https://review.openstack.org/57297509:34
openstackgerritJacky Hu proposed openstack/octavia master: fix tox python3 overrides  https://review.openstack.org/57297509:53
*** kobis has quit IRC10:24
openstackgerritMerged openstack/octavia master: When SG delete fails on vip deallocate, try harder  https://review.openstack.org/54926310:35
*** kobis has joined #openstack-lbaas10:41
openstackgerritJan Zerebecki proposed openstack/neutron-lbaas master: Improve speed of listing from DB  https://review.openstack.org/56836111:08
*** atoth has joined #openstack-lbaas11:17
*** annp has quit IRC11:19
*** kobis has quit IRC11:21
*** longkb has quit IRC11:38
*** amuller has joined #openstack-lbaas11:51
*** ivve_ is now known as ivve12:03
*** amuller has quit IRC12:31
*** pcaruana has quit IRC12:39
openstackgerritAdit Sarfaty proposed openstack/octavia master: Providers: propose changes to create pool API  https://review.openstack.org/57424112:40
*** AlexeyAbashkin has quit IRC12:42
*** amuller has joined #openstack-lbaas12:43
*** amuller has joined #openstack-lbaas12:43
*** kobis has joined #openstack-lbaas12:50
*** kobis has quit IRC12:51
*** kobis has joined #openstack-lbaas12:53
*** amuller has quit IRC12:57
*** ispp has quit IRC13:29
*** ispp has joined #openstack-lbaas13:31
*** dayou_ has quit IRC13:31
*** pcaruana has joined #openstack-lbaas13:32
*** amuller has joined #openstack-lbaas13:55
*** gans has joined #openstack-lbaas14:00
*** gans has quit IRC14:01
*** ianychoi has quit IRC14:02
*** AlexeyAbashkin has joined #openstack-lbaas14:04
xgerman_o/14:05
*** dayou has joined #openstack-lbaas14:09
*** Alexey_Abashkin has joined #openstack-lbaas14:11
*** yamamoto has quit IRC14:11
*** yamamoto has joined #openstack-lbaas14:12
*** AlexeyAbashkin has quit IRC14:13
*** Alexey_Abashkin is now known as AlexeyAbashkin14:13
*** yamamoto has quit IRC14:19
cgoncalvesxgerman_, guten Tag :)14:22
xgerman_:-)14:22
*** yamamoto has joined #openstack-lbaas14:32
*** mlavalle has joined #openstack-lbaas14:50
*** ispp has quit IRC14:51
*** fnaval has joined #openstack-lbaas14:51
*** b_bezak has quit IRC14:53
*** b_bezak has joined #openstack-lbaas14:53
*** ispp has joined #openstack-lbaas14:54
*** b_bezak has quit IRC14:58
*** kobis has quit IRC15:12
openstackgerritMerged openstack/octavia master: Amend the spelling error of a word  https://review.openstack.org/57271815:15
*** ispp has quit IRC15:40
rm_workguten tag herr eichberger16:05
johnsomrm_work Morning16:06
johnsomJacky was busy last night fixing the pylint stuff.  If you have a minute can you give your opinion on some of the exclusions?16:06
johnsomHe also bumped it all the way to 1.9.2, which I am fine with, but it brought in a bunch more tests.16:07
rm_workmorning16:09
rm_workyeah sure16:09
rm_worki was hesitant to add a bunch of exclusions, but ... yeah16:10
rm_worksome of those things are <_<16:10
rm_worklike `Too many nested blocks (7/5) (too-many-nested-blocks)`16:10
johnsomYeah, like the deprecation one, I'm not sure about16:10
rm_workis dumb16:10
rm_workToo many boolean expressions in if statement (6/5) (too-many-boolean-expressions)16:10
rm_workalso dumb16:10
rm_worklike wtfeven16:10
rm_workRedefinition of app type from oslo_middleware.request_id.RequestId to octavia.common.keystone.SkippingAuthProtocol (redefined-variable-type)16:10
rm_workthat one is interesting...16:10
*** AlexeyAbashkin has quit IRC16:11
mnasertime for the monthly pebkac issue16:11
johnsomI had to put a few inlines in there to get around it's ignorance of sys.PY216:12
mnaserdeployer trying to use ssl, we've gotten as far as making sure that all secrets and container get acl to octavia user (supe rnot user friendly but i see where the issue comes from)16:12
johnsommnaser Hey, how is  it going?16:12
rm_workjohnsom: this one is quick if you would: https://review.openstack.org/#/c/573470/16:12
mnasernow creating the TERMINATED_HTTPS listener.. traceback on "InvalidRequest: Invalid request"16:12
mnaserinside upload_config16:12
johnsommnaser We have a patch in the works that solves that: https://review.openstack.org/55254916:12
mnaseroh man that's awesome. because it was super not straight forward16:13
*** AlexeyAbashkin has joined #openstack-lbaas16:13
johnsommnaser Hmmm, can you pastebin the traceback?  I also suspect we need the syslog entry from that amphora instance with the amphora-agent traceback16:13
mnaserso why would upload_config return 'Invalid request' .. a bad config?16:13
mnasergetting to the agent might be really difficult but i'll see what i can do..16:14
johnsommnaser Yeah, it's probably not passing the config validation for haproxy16:14
mnaserhttp://paste.openstack.org/show/723211/16:14
mnaserok so that might make it nice, if we output the config perhaps we can avoid the messing in amphora16:14
mnasershould i drop in a LOG.info(config)16:14
johnsommnaser Also, under /var/lib/octavia/ somewhere there should be a "failed" or "bad" config file saved16:15
mnaseroh even etter16:15
mnaserin the amphora or in the controller16:15
johnsomin the amphora16:15
* mnaser is avoiding as much as possible to go in the amphora :<16:15
johnsomYeah, sorry, we haven't spent time on the admin apis into the amp to collect this stuff yet16:15
johnsomI am guessing it is a formatting thing with the certs stored16:16
johnsomThough that *should* have failed a cert validation at the API before it got this far16:16
mnaserok time to see what happens now16:17
johnsomDid you follow this guide: https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer ?16:17
rm_workmnaser: are you using the pkcs12 thing or the individual secrets in a container thing16:17
mnaserbahahahaha16:17
mnasermy16:17
mnasergod16:17
mnaser"bind 10.232.0.22:443 ssl crt /var/lib/octavia/certs/1c56b7e2-20c0-4676-b0aa-346562dac933/cloudflare origin certificate.pem"16:17
rm_worklolwut16:18
rm_workwait how does it even have a filename16:18
rm_worksuch spaces...16:18
rm_worki thought WE named the cert :/16:18
johnsomAh, space in the filename...  hmmmm16:18
johnsomYeah, that is a bug on our side16:18
mnaserthe secret name is16:18
rm_workdid i do something dumb16:18
rm_worklolrly16:18
rm_workthere's no reason to not just name the cert by like16:19
rm_worka static filename16:19
rm_workin fact that REALLY should be what we do16:19
rm_workmy bad prolly16:19
johnsomYeah, I think I agree16:19
rm_work1 sec16:19
mnaseryay for once it wasn't a misconfig (but maybe not yay :p)16:19
johnsommnaser What version are you running so we make sure to backport that far back?16:20
mnaserqueens16:20
johnsomAwesome, no problem there16:20
rm_worki think we can go pike?16:20
johnsomYeah, technically still Ocata, but I think the team is agreeing that Pike is our oldest target16:20
johnsomPike being v1.0 and all16:21
johnsommnaser We can probably have something for you by the EOD. Not sure yet if it will need an amp image rebuild yet or not.16:22
rm_worki'm looking16:22
rm_workit should not16:22
mnaserjohnsom: dont think it will need it, i'm looking too :)16:22
rm_workgive me one min16:22
xgerman_should not…. filename and haproxy.cfg are all done by the controller16:23
mnaserhttps://github.com/openstack/octavia/blob/c547c63591f6c4d888aa6c5e462f0e4a91299ed2/octavia/common/jinja/haproxy/templates/macros.j2#L29-L4316:23
mnaserguessing not far out from here16:24
mnaserrm_work: found it16:24
mnaserhttps://github.com/openstack/octavia/blob/1f278e7ab336bb203dd4c8a01f33e8ddf5fb0220/octavia/common/jinja/haproxy/jinja_cfg.py#L205-L20816:24
mnaserwe use the primary_cn16:24
rm_workyeah16:24
mnasers/tls_cert.primary_cn/listener.tls_certificate_id/ and call it a day?16:24
rm_workwelllllllll16:25
rm_workthat leaks info16:25
rm_worki might just do some basic cleanup on the filename16:25
mnasertls_cert.id ?16:25
mnaseri dunno where it pulls that from16:25
rm_workwell16:25
johnsomYeah, could do the fingerprint16:26
rm_workit's a TLSContainer data model16:27
rm_workthat id field isn't actually filled tho, lol16:27
rm_workbut it could b16:28
rm_workwe could fill it with the fingerprint16:28
johnsomrm_work Maybe an issue here too: https://github.com/openstack/octavia/blob/master/octavia/amphorae/drivers/haproxy/rest_api_driver.py#L18616:28
rm_workand then use the id there later16:28
rm_workyeah16:28
rm_worki think those need to be consistent16:28
mnaserso16:28
rm_workbut if we store a fingerprint in the id field16:29
rm_workwe can use ID in both places16:29
mnaserif we fix both does that mean an amphora rebuild must be done16:29
rm_workno16:29
rm_workany time a config is sent, we send the tls cert and the new config16:29
johnsomNo, the second one is still server side16:29
rm_workso they will always match16:29
mnaseroh i see16:29
rm_workeven existing LBs will be fine on an update16:29
mnaserit tells it where to upload, i see16:29
rm_work(should)16:29
rm_workok one sec16:30
mnaserhttps://github.com/openstack/octavia/blob/30bafb11d7eff23d826b39534e31acc249bfa1f3/octavia/common/tls_utils/cert_parser.py#L361-L36816:30
mnaseri think its generated here16:30
rm_workyes16:31
rm_worki'm adding in the ID there16:31
rm_workjust figuring how how to get the fingerprint from the cert with crypto16:31
*** Alexey_Abashkin has joined #openstack-lbaas16:35
rm_workis the fingerprint really going to be a good format?16:35
mnaserwith all the colons16:36
mnaseri'm not sure rm_work16:36
*** AlexeyAbashkin has quit IRC16:36
*** Alexey_Abashkin is now known as AlexeyAbashkin16:36
mnasersanitize sounds liek a pain that can go wrong in some places16:36
johnsomYeah, maybe not.16:36
mnasermd5sum?16:36
johnsomShould we just SHA the cert?16:36
mnaseryeah or that16:36
rm_workyeah can do that16:37
mnaserhmm16:37
mnasera cn can contain spaces, can it contain other things16:37
rm_workeh16:37
rm_workthere isn't really validation16:37
rm_workso it could be done wrong16:37
rm_workIIRC16:37
johnsomYeah, e-mails, etc.  We store the amp ID in the ones we generate16:37
rm_worksee: our samples had bad characters in them for a while lol16:37
mnaserok so best to forget about it and sha1 the cert and use that16:38
rm_worki think SHA of the cert is fine, or md516:38
rm_workyeah16:38
mnaserwould you like me to push a patch?16:38
* mnaser has free time and has to fix $customer problem so i can volunteer16:38
rm_workif you want, seems like you are there too16:38
mnaserok cool, i'll work on something16:38
rm_worki could do it otherwise16:38
rm_workbut yeah if you do it, I can actually review it ;P16:38
mnaserhaha true16:38
openstackgerritMichael Johnson proposed openstack/octavia master: Implement provider drivers - Driver Library  https://review.openstack.org/57135816:41
*** Alexey_Abashkin has joined #openstack-lbaas16:42
johnsommnaser BTW, instead of all that ACL stuff, many deployments just RBAC the octavia account to have access to all of the barbican containers.  It's horrible security, but removed the ACL stuff until we can get the API patch done.16:43
*** AlexeyAbashkin has quit IRC16:44
*** Alexey_Abashkin is now known as AlexeyAbashkin16:44
mnaserwait a second16:45
mnaserwhen using sni16:45
mnaserdoes it depend on the file name to pick the right certificate?16:46
johnsomNo16:46
mnaserret_value['crt_dir'] = os.path.join(self.base_crt_dir, listener.id)16:46
mnaserso this won't break the behavior change of using md5'd names16:46
mnasercontext: https://github.com/openstack/octavia/blob/master/octavia/common/jinja/haproxy/jinja_cfg.py#L209-L21016:46
johnsomNo, it's best match based on CN or in some (broken) drivers it is an ordered list.16:47
mnaserok cool16:47
mnaserrunning pep8 locally16:47
rm_workdid you update/add tests? :P16:48
mnaseri'll see what breaks with the change :p16:48
rm_workwould be good to DO a test with spaces in a CN and make sure the filename ends up being good16:48
mnasertrue16:48
mnaserill do that16:48
mnaserok17:08
mnaserit looks like tls_cert.id17:08
mnaseris equal to listener.tls_certificate_i17:08
mnaserlistener.tls_certificate_id17:09
rm_workinteresting17:09
mnaserin tests where the id is provided17:09
rm_worknot sure HOW17:09
rm_workAH17:09
rm_worklol17:09
rm_workyeah our tests are wrong tho17:09
rm_workwe never actually set it :P17:09
mnaserOH17:09
mnaser;p17:09
* mnaser thinks17:09
rm_worki mean look at the only place we actually use that model in real code17:09
rm_workour testing is in some places ... not great17:09
rm_workespecially around the cert stuff17:09
rm_workwe'd like to completely remove and rewrite all of cert_parser.py17:10
rm_workit's a bit of a mess17:10
mnaserheh okay let me see17:12
openstackgerritMerged openstack/octavia-dashboard master: Allow detail pages to auto refresh upon action  https://review.openstack.org/56145817:19
*** AlexeyAbashkin has quit IRC17:35
rm_workyeah i'm semi-out today17:38
*** kobis has joined #openstack-lbaas17:46
*** kobis has quit IRC17:52
openstackgerritMohammed Naser proposed openstack/octavia master: Allow using spaces for primary common name in SSL certificates  https://review.openstack.org/57436817:55
openstackgerritMohammed Naser proposed openstack/octavia master: Allow using spaces for primary common name in SSL certificates  https://review.openstack.org/57436817:57
mnaserrm_work, johnsom, xgerman_ ^ :)17:57
mnaserpasses pep8 and py27 locally17:57
rm_worklooking :)17:57
rm_workdid you run functional too?17:57
mnasercan i run functional without an existing deployment locally?17:57
mnaseroh looks like its fixtures and all17:57
mnaserlet me run it17:57
rm_workyeah17:59
*** kobis has joined #openstack-lbaas18:02
mnaserrm_work: functional: commands succeeded18:02
rm_workwill have to find a break to review later18:06
rm_workin a day-long meetup (in-person)18:06
mnasernp :)18:07
rm_workmnaser: step 2: deploy it in your env :)18:07
mnaserrm_work: i am right now ;)18:07
rm_workwoo18:07
rm_workthat is how I test all my stuff ^_^18:07
*** salmankhan has quit IRC18:12
mnaserrm_work: works!18:16
rm_workquick nits18:20
rm_workshould be easy18:20
rm_work(just testing stuff)18:23
rm_workcode looks good ;)18:23
mnaserrm_work: ok cool addressign them18:25
openstackgerritMohammed Naser proposed openstack/octavia master: Allow using spaces for primary common name in SSL certificates  https://review.openstack.org/57436818:32
mnaserrm_work: done!18:32
*** fnaval has quit IRC18:38
*** fnaval_ has joined #openstack-lbaas18:38
rm_workcool thanks18:43
*** kobis has quit IRC18:55
*** nmanos has quit IRC18:55
*** kobis has joined #openstack-lbaas18:57
*** atoth has quit IRC19:23
mrhillsmanany thoughts on why i would be getting the following19:23
mrhillsmanhttps://www.irccloud.com/pastebin/DzkHNV6Z/19:23
mrhillsmani'm doing a simple lb create19:23
mrhillsmani can manually create security groups no problem hitting that endpoint19:23
mrhillsmancommand i am running - openstack --debug loadbalancer create --name lb1 --vip-network-id lb-mgmt-net19:24
rm_workcan you hit that from wherever the API server is running?19:25
rm_workyou might have network ACL issues?19:26
rm_workit doesn't look like permissions so much as it literally just can't reach the URL19:26
rm_workon that port19:26
johnsommrhillsman Hi Melvin, this is a configuration error. Let me get the section that is mis-configured, one minute19:30
mrhillsmanok thx19:30
mrhillsmansorry rm_work so late on response19:30
mrhillsmani can hit that from anywhere19:30
mrhillsmaninside and outside where the api server is running19:31
johnsommrhillsman It is one of the following:19:31
johnsom1. Something is mis-configured for the cloud here: https://github.com/openstack/octavia/blob/master/etc/octavia.conf#L38219:31
johnsom2. neutron does not have the security groups extension enabled. "openstack extension list" look for security-group19:32
johnsom3. The endpoint has some sort of firewall in front of it.19:33
mrhillsmankolla bites me again it looks like19:34
johnsom4. The keystone endpoint for neutron is mis-configured and not listening on that IP/port19:34
mrhillsmanthere is no [neutron] section :(19:34
johnsommrhillsman Well, in "normal" clouds, you don't need to set anything in that section19:34
mrhillsmannormal?19:35
mrhillsmannon-containerized clouds?19:35
johnsommrhillsman Fair point19:35
johnsomNo, just most deployments don't need to set those settings, the keystone defaults are enough19:35
mrhillsmanit is just weird that i can create a security group outside of trying osc lb ...19:36
johnsomLike devstack doesn't set anything there19:36
mrhillsmanok, let me dig a bit more19:36
johnsommrhillsman If you use the --debug on OSC does it connect to the same path?19:36
mrhillsmanyeah, that's what i used in the paste19:37
mrhillsmanwithout it same error19:37
johnsomMaybe there is a security group or container config that is blocking the octavia process from reaching that endpoint?19:37
mrhillsmanok cool, let me dig a bit more19:37
mrhillsmanappreciate the info19:38
johnsomSure, NP19:38
mrhillsmanugh, something definitely going on with the firewall or some routing kungfu in the way19:40
mrhillsmanthx again19:40
mrhillsmanjohnsom so if i use that override you pointed to will i be able to set it to say internal endpoint and still be able to use osc from an external host19:45
mrhillsmanfor some reason there is some routing in place that from inside the container i cannot hit the public IP address of the controller19:46
johnsomYes, those settings should override the keystone catalog settings19:46
mrhillsmanok thx, want to try that before i ask for something i'm likely to be told no about19:47
*** yamamoto has quit IRC19:51
-openstackstatus- NOTICE: Zuul was restarted for a software upgrade; changes uploaded or approved between 19:30 and 19:50 will need to be rechecked19:56
*** ispp has joined #openstack-lbaas20:12
*** kobis has quit IRC20:26
*** AlexeyAbashkin has joined #openstack-lbaas20:32
*** amuller has quit IRC20:43
*** Alexey_Abashkin has joined #openstack-lbaas20:46
*** AlexeyAbashkin has quit IRC20:47
*** Alexey_Abashkin is now known as AlexeyAbashkin20:47
*** Alexey_Abashkin has joined #openstack-lbaas20:51
*** yamamoto has joined #openstack-lbaas20:51
*** AlexeyAbashkin has quit IRC20:51
*** Alexey_Abashkin is now known as AlexeyAbashkin20:51
*** AlexeyAbashkin has quit IRC20:56
*** yamamoto has quit IRC20:58
*** mlavalle has left #openstack-lbaas20:59
*** AlexeyAbashkin has joined #openstack-lbaas21:08
*** ispp has quit IRC21:15
*** sshank has joined #openstack-lbaas21:47
*** AlexeyAbashkin has quit IRC21:54
*** fnaval_ has quit IRC22:15
*** rcernin has joined #openstack-lbaas22:16
*** SumitNaiksatam has joined #openstack-lbaas22:35
johnsomrm_work Able to IRC chat?23:29
rm_workyeah23:29
johnsomSo, I am noodling on the update thing with the old objects and I'm struggling to see the real race condition.  Can you refresh my memory of why we need to do anything with this "old_member"?23:30
rm_workthe listener-pool this?23:31
rm_work*thing?23:31
rm_workit's specifically that23:31
johnsomYeah, can you give me some details there?23:31
rm_workyeah ok so23:31
rm_workif you update a listener's default pool23:32
rm_workwe send that off to the driver23:32
johnsomOr are you talking about Adit's listener id patch?23:32
rm_workand then we update the DB23:32
rm_workno23:32
rm_workso anyway.... that much is clear, right? like if I do this:23:32
johnsomOk23:32
rm_workPUT /listeners/abc1234 {'listener': {'default_pool_id': 'newpool12345'}}23:33
rm_workit sends to the driver and then saves it to the DB23:33
johnsomyes23:33
rm_workthe amp driver loads up, and then what it tries to do is:23:33
rm_workwell, let me just link the code23:33
johnsomhttps://docs.openstack.org/octavia/latest/_images/ListenerFlows-get_update_listener_flow.svg23:34
johnsomWell, I have the flow open23:34
rm_workok so23:34
rm_workhttps://github.com/openstack/octavia/blob/master/octavia/common/data_models.py#L385-L40723:36
rm_workin the ListenerUpdate23:36
rm_workwe try to fetch the pool from the DB, via the pool_db.listeners backref23:37
rm_workwhich has already been removed23:37
rm_workso it explodes23:37
rm_workwhich is the "race"23:37
johnsomAh, a model update.  Ok, that is the part I forgot.  Got it.23:37
rm_workwe need to rewrite the driver23:38
rm_workto use the new driver lib23:38
rm_work:(23:39
johnsomYeah, that is what I have been looking at today.  Oslo messaging makes me not happy, but I figured out how to deal with it.23:39
rm_workah :/23:39
johnsomI don't think it's going to be that much work actually23:39
rm_workyeah i mean23:40
rm_workit shouldn't23:40
rm_worki hope23:40
rm_workin a lot of cases, the work is just "already done"23:40
rm_workbecause like, that whole update-attributes task in the flow could basically disappear23:40
rm_workbecause now we just immediately save the updates23:40
johnsomOk, that is the pointer I needed.  Just looking at member update flow, I'm like...   Um, don't care.23:40
rm_workyeah23:40
rm_workand it's not like you have to *rewrite* anything even for listener update23:41
rm_workit's just that it was trying to do bad stuff23:41
rm_workbut it doesn't NEED to do *anything*23:41
johnsomYeah, we never really did the rollback thing, so...23:42
rm_workyeah23:42
rm_workIMO we should still just version updates and remove the need for immutability on objects23:42
* rm_work shrugs23:42
rm_work / just v3 things /23:43
rm_work \ ignore me \23:43
*** ipsecguy has quit IRC23:47
johnsomOk, so pool, listener, loadbalancer, and l7policy all need updating23:47
rm_workthey do?23:48
rm_workwhy23:48
rm_workor wait, that's a little ambiguous23:48
rm_workwhat do you mean exactly23:48
*** ipsecguy has joined #openstack-lbaas23:50
rm_workaugh i need to do the TLS tests in tempest now <_<23:52
*** sshank has quit IRC23:53
johnsomAll of those data model update methods reference the old object23:55
johnsomFor various reasons23:55
rm_workyeah but like23:56
rm_worki thought all of that would essentially be already finished23:56
rm_workdue to saving in the API23:56
johnsomYeah, maybe, I will have to evaluate each one.  There are some that check if there was an object, like session persistence before but isn't now, so it goes off and deletes the SP record.  Etc.23:57
rm_worki feel like we should do that in the frontend23:57
rm_worksince ... umm23:57
rm_worki mean, in the API23:57
rm_workbecause if we're saving the object in the API side23:57
rm_workwe should do ALL that work23:57
rm_worknot just randomly orphan stuff23:57
rm_workbut IMO we may also need to figure out our "DELETED" story23:58
johnsomYeah, probably.23:58
rm_workbecause I like that better23:58
rm_workbut it'll make our current unique-constraint on listener-port break23:58
rm_workfor example23:58
johnsomrm_work Deleted is done in an update here: https://review.openstack.org/57135823:58
rm_workor rather, we already did that, but we need to fix it now23:58
rm_workright23:59
rm_workbut remember the issue we were talking about last week23:59
rm_workoh maybe you didn't read that scrollback23:59
johnsomIf fixed that problem already23:59
rm_workah ok23:59
rm_workhpw?23:59
rm_work*how23:59
« Sunday, 2018-06-10 Index Tuesday, 2018-06-12 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!