Thursday, 2018-07-05

« Wednesday, 2018-07-04 Index Friday, 2018-07-06 »
openstackgerritMichael Johnson proposed openstack/neutron-lbaas master: Neutron-LBaaS to Octavia migration tool  https://review.openstack.org/57894200:38
*** longkb has joined #openstack-lbaas00:40
*** kobis has joined #openstack-lbaas01:11
*** kobis has quit IRC01:16
*** hongbin has joined #openstack-lbaas01:16
*** annp has joined #openstack-lbaas01:55
*** huangshan has joined #openstack-lbaas03:16
*** ramishra has joined #openstack-lbaas03:39
*** numans has quit IRC03:56
*** kobis has joined #openstack-lbaas04:25
*** kobis has quit IRC04:29
*** hongbin has quit IRC04:38
*** AlexStaf has joined #openstack-lbaas04:45
*** numans has joined #openstack-lbaas05:22
*** ianychoi has joined #openstack-lbaas05:34
*** kobis has joined #openstack-lbaas06:45
*** kobis has quit IRC06:49
*** yboaron has joined #openstack-lbaas06:52
*** ispp has joined #openstack-lbaas07:09
*** kobis has joined #openstack-lbaas07:14
*** yamamoto has quit IRC07:18
*** ispp has quit IRC07:20
*** peereb has joined #openstack-lbaas07:22
*** nmanos has joined #openstack-lbaas07:24
*** yboaron has quit IRC07:25
*** ispp has joined #openstack-lbaas07:26
*** yamamoto has joined #openstack-lbaas07:26
*** ispp has quit IRC07:39
*** yamamoto has quit IRC07:42
*** ktibi has joined #openstack-lbaas07:48
*** rcernin has quit IRC07:54
*** ispp has joined #openstack-lbaas08:00
*** yamamoto has joined #openstack-lbaas08:10
*** yboaron has joined #openstack-lbaas08:13
*** yboaron_ has joined #openstack-lbaas08:31
*** yboaron has quit IRC08:34
*** cvm has quit IRC08:36
openstackgerrityanpuqing proposed openstack/python-octaviaclient master: Add some filter options to load balancer list command  https://review.openstack.org/58032208:54
*** ispp has quit IRC08:55
*** AlexStaf has quit IRC08:55
*** velizarx has joined #openstack-lbaas09:10
velizarxHi folks. I want to use octavia with barbican (TLS-terminated load balancer) for customers, but I'm confused. In documentation (https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer) I see step "Grant the admin user access to the tls_secret1 barbican resource", but I don't understand, how the user should get admin_id? The simple user don't know anything about admin account. It's09:12
velizarx very strange case. I tried to configure barbicans' policy so that octavia will have access for getting any sertificates by default, but RBAC policy can't be configured so. And it is the very unsecure way. How to use this functionality?09:12
*** kobis has quit IRC09:23
cgoncalvesvelizarx, hi. this is a known issue. right now users are required to know octavia's user id which is only accessible to admins09:34
cgoncalvesvelizarx, patch https://review.openstack.org/#/c/552549/ should fix this. sadly it's not yet ready to be merged09:34
cgoncalvesit works, though, in case you want to test it out09:35
velizarxcgoncalves, hm, thank you, I will test this patch in local installation09:38
velizarxDo you consider the possibility of using user's token for authorization in barbican's API? For example, so magnum works.09:38
cgoncalvesvelizarx, that is the approach we're taking. see https://review.openstack.org/#/c/552549/9/octavia/certificates/common/auth/barbican_acl.py@8709:39
velizarxcgoncalves, ok, thank you!09:42
*** kiennt26 has joined #openstack-lbaas09:43
*** huangshan has quit IRC09:47
openstackgerritZhaoBo proposed openstack/octavia master: UDP jinja template  https://review.openstack.org/52542009:50
openstackgerritZhaoBo proposed openstack/octavia master: WIP:UDP for [2]  https://review.openstack.org/52965109:50
openstackgerritZhaoBo proposed openstack/octavia master: UDP for [3][5][6]  https://review.openstack.org/53939109:50
*** ispp has joined #openstack-lbaas09:50
*** yboaron_ has quit IRC09:57
*** kobis has joined #openstack-lbaas10:24
*** kobis has quit IRC10:24
*** annp has quit IRC10:25
*** annp has joined #openstack-lbaas10:26
*** annp has quit IRC10:38
*** kiennt26 has quit IRC10:41
*** kobis has joined #openstack-lbaas10:46
*** kobis has quit IRC10:46
*** yboaron_ has joined #openstack-lbaas10:48
*** velizarx has quit IRC10:49
*** annp has joined #openstack-lbaas10:49
*** velizarx has joined #openstack-lbaas10:49
*** annp has quit IRC10:54
*** kobis has joined #openstack-lbaas11:03
*** longkb has quit IRC11:36
*** amuller has joined #openstack-lbaas11:59
*** velizarx has quit IRC12:00
*** fnaval has quit IRC12:00
*** velizarx has joined #openstack-lbaas12:06
*** fnaval has joined #openstack-lbaas12:21
*** nmanos has quit IRC12:32
*** nmanos has joined #openstack-lbaas12:49
*** nmanos has quit IRC13:38
*** apuimedo has quit IRC13:42
*** ispp has quit IRC14:08
*** ispp has joined #openstack-lbaas14:09
*** ktibi has quit IRC14:27
mnaserhi14:39
mnaserwe can't fail over a failed load balancer? :\14:39
johnsommnaser Say what?14:53
mnasera loadbalancer was in 'ERROR' state14:53
mnaserand it wouldnt let you fail it over :p14:53
johnsomHmm, some cases that is valid, like if the VIP neutron port got nuked.14:53
*** Swami has joined #openstack-lbaas14:54
*** velizarx has quit IRC14:55
*** kobis has quit IRC14:55
*** yboaron_ has quit IRC14:57
mnaserit did get nuked in this14:57
mnaserin a failed-failover14:57
johnsomHmmm, can you pastebin the HM logs?14:58
johnsomYou are running queens?14:58
*** apuimedo has joined #openstack-lbaas15:05
*** peereb has quit IRC15:22
*** Swami has quit IRC15:44
openstackgerritMerged openstack/octavia master: Add exception handling for housekeeping service  https://review.openstack.org/57638816:10
*** ispp has quit IRC16:32
colin-any precedent for amphora nodes to be spun in the tenant they are serving versus a shared one?16:33
*** kobis has joined #openstack-lbaas16:36
johnsomNot that I know of. We all run it with a service account.16:36
johnsomAmps are intended to be hidden from users as an implementation detail of the driver.16:36
*** kobis has quit IRC16:44
jitekajohnsom: to followup on colin- questions, how do you handle quota restriction as vip back with amphora also consume compute resources (that could be used for VMs)16:45
johnsomjiteka Well, since Octavia is running as a service account, you can adjust the quotas up for that service account.16:47
jitekajohnsom: so you need as cloud ops to determin from the quota you allow to your user the chunk of compute ressource that will be consumed by the backend right ?16:50
johnsomjiteka Right, but load balancer resources have their own quota for the user. They are billed differently than a compute resource, so the design was to handle them independent of the user account. For example, if you offer both the octavia driver and a vendor driver, the octavia driver would use compute quota, but the vendor wouldn't as it is typically a hardware appliance.16:52
jitekajohnsom: so in case of using octavia driver, do you recommand using a dedicated host aggregate to keep amps VMs on specific node or it's better to have them spread on the whole fleet ?17:03
jitekajohnsom: thinking about throughput where compute nodes may need better bandwidth to support demanding services17:04
johnsomjiteka You can specify things like host aggregates with the dedicated nova "flavor". In general we like them spread out for HA. For example if you are using Active/Standby you can enable the anti-affinity configuration setting and nova will force the master and backup amphora  to different compute hosts. This way one compute outage doesn't take the load balancer down.17:07
*** ramishra has quit IRC17:13
jitekajohnsom: that's exactly what I'm looking for, having dedicated flavor mapped on host-aggregate with anti-affinity scheduling rules :)17:15
jitekajohnsom: thanks a lot for the help !17:15
johnsomSure, NP17:16
openstackgerritMichael Johnson proposed openstack/neutron-lbaas master: Neutron-LBaaS to Octavia migration tool  https://review.openstack.org/57894217:18
*** apuimedo has quit IRC17:35
openstackgerritGerman Eichberger proposed openstack/neutron-lbaas master: Gate API test for the lbaasv2-proxy plugin  https://review.openstack.org/53935017:40
*** kobis has joined #openstack-lbaas18:19
*** kobis has quit IRC18:43
*** abaindur has joined #openstack-lbaas19:03
*** abaindur has quit IRC19:04
*** abaindur has joined #openstack-lbaas19:04
*** kbyrne has joined #openstack-lbaas19:05
*** abaindur_ has joined #openstack-lbaas19:28
*** abaindur has quit IRC19:28
*** kbyrne has quit IRC19:42
*** kbyrne has joined #openstack-lbaas19:45
openstackgerritMichael Johnson proposed openstack/neutron-lbaas master: Neutron-LBaaS to Octavia migration tool  https://review.openstack.org/57894219:55
*** kobis has joined #openstack-lbaas19:58
cgoncalvessupports-upgrade & supports-accessible-upgrade approved \o/20:02
johnsomYep, still stuck in the post gates, but on it's way!20:02
*** amuller has quit IRC20:02
xgerman_@cgoncalves  you will be in Berlin?20:14
*** aojea_ has joined #openstack-lbaas20:19
*** dmellado has quit IRC20:28
*** kobis has quit IRC20:49
*** aojea_ has quit IRC20:56
*** abaindur_ has quit IRC21:00
*** aojea has joined #openstack-lbaas21:01
openstackgerritGerman Eichberger proposed openstack/neutron-lbaas master: Gate API test for the lbaasv2-proxy plugin  https://review.openstack.org/53935021:08
nmagnezidayou_, around?21:22
nmagneziI guess not21:23
nmagneziSo a question to johnsom  :)21:23
johnsomo/21:23
nmagnezijohnsom, re: https://review.openstack.org/#/c/572975/9/octavia/amphorae/backends/agent/api_server/amphora_info.py21:23
nmagneziThat pylint error21:23
nmagneziWhat was the issue exactly?21:23
nmagneziAlso no one answered this (might also be related to the same thing) https://review.openstack.org/#/c/572975/9/octavia/common/keystone.py21:24
johnsomThe new pylint this patch brings in (needed for py3) requires it be moved out of the second block.21:24
nmagneziGot it, but just so I'll learn from this, why?21:25
johnsomYeah, the other is the same.21:26
johnsomWhy, well, I have no idea really. I would think it should be part of the second block myself, but pylint doesn't like it21:26
nmagneziFair enough. If, we'll see it's just an error in pylint we can always change that in the future21:27
nmagneziRemoving my -121:27
johnsomYeah, we need the new pylint for the py3 support, so it's either go with the new scheme or disable that check all together21:28
nmagneziNot sure why I placed a comma after the "If".. maybe it's too late for me :D21:28
johnsomIf you are still curious, pull down the patch tomorrow and put it back then run the pep8 tox and see which rule it's complaining about.21:29
nmagnezijohnsom, I don't want to block it just for something that might be broken on pylint, we can always followup on this21:30
nmagnezijohnsom, +2 W+!21:30
nmagnezijohnsom, +2 W+121:30
johnsomThanks!21:30
nmagnezijohnsom, btw as for the active standby stuff I'm still looking at this, but I was able to reproduce this with ubuntu based amps. So it's not specific to some ancient keepalived version on centos or something21:31
nmagnezijohnsom, as promised, will keep you posted21:31
johnsomok21:31
cgoncalvesxgerman_, I don't know yet21:33
cgoncalvesxgerman_, are you?21:33
cgoncalvesin case you do and I don't, come to Heidelberg and we grab a beer21:34
xgerman_Not sure - but wanted to submit a few talks21:34
*** abaindur has joined #openstack-lbaas21:47
johnsomWahoo: https://governance.openstack.org/tc/reference/tags/assert_supports-accessible-upgrade.html21:54
johnsomThe post jobs are done, it's official21:54
xgerman_Sweet!!!21:54
*** ivve has quit IRC21:55
cgoncalvesgood job, team!21:56
*** rcernin has joined #openstack-lbaas22:00
openstackgerritMichael Johnson proposed openstack/neutron-lbaas master: Neutron-LBaaS to Octavia migration tool  https://review.openstack.org/57894222:05
*** aojea has quit IRC22:23
nmagnezijohnsom, still around?22:35
johnsomYes22:35
nmagnezijohnsom, I have a question about backup members (looking at this patch now)22:35
johnsomThe client patch?22:36
nmagnezijohnsom, I tested it now and I think I see something off. I checked the member db table and I don't see "backup" column22:37
nmagneziAm I missing something here?22:37
nmagneziWas it not implemented in the server side yet?22:37
nmagneziYes, the client patch22:37
johnsomYeah, the server side is here: https://review.openstack.org/#/c/552632/22:37
johnsomI have the backup column in my db....22:38
nmagneziChecking again22:38
*** aojea_ has joined #openstack-lbaas22:39
johnsomIf you didn't restack, but just pulled down a new version of Octavia you need to run the DB migration yourself (devstack usually handles that for you).22:39
johnsomoctavia-db-manage --config-file /etc/octavia/octavia.conf upgrade head22:40
nmagneziThe server side patch was merged 3 months ago22:40
nmagneziThe server side patch got merged 3 months ago, I should have it22:40
johnsomYeah, it's been there a while22:40
nmagneziOh, that was a devstack I reserved for testing something in queens22:41
* nmagnezi facepalm22:41
nmagneziThat explains it22:41
nmagnezisorry.22:41
johnsom+122:41
*** fnaval has quit IRC22:49
nmagnezijohnsom, okay. So created a member with --enable-backup but ends up with backup False.. http://paste.openstack.org/show/725162/22:49
johnsomTry putting it before the "pool1"22:50
*** abaindur has quit IRC22:50
johnsomTechnically the pool is the last parameter of the command22:50
nmagnezijohnsom, argparse should be able to handle it22:53
nmagnezijohnsom, but in any case, I get the same result http://paste.openstack.org/show/725163/22:53
johnsomnmagnezi Yeah, it looks like it's not in the POST body22:54
*** aojea_ has quit IRC22:55
*** fnaval has joined #openstack-lbaas22:55
*** rcernin has quit IRC22:58
*** rcernin has joined #openstack-lbaas23:01
*** ianychoi_ has joined #openstack-lbaas23:01
openstackgerritMerged openstack/octavia master: fix tox python3 overrides  https://review.openstack.org/57297523:01
*** ianychoi has quit IRC23:04
*** abaindur has joined #openstack-lbaas23:09
openstackgerritMerged openstack/octavia master: Move from platform.linux_distribution to distro.id  https://review.openstack.org/57928823:16
*** aojea has joined #openstack-lbaas23:16
*** aojea has quit IRC23:21
*** aojea has joined #openstack-lbaas23:46
openstackgerritMichael Johnson proposed openstack/neutron-lbaas master: Neutron-LBaaS to Octavia migration tool  https://review.openstack.org/57894223:47
*** aojea has quit IRC23:50
*** abaindur has quit IRC23:59
« Wednesday, 2018-07-04 Index Friday, 2018-07-06 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!