Monday, 2018-10-22

« Sunday, 2018-10-21 Index Tuesday, 2018-10-23 »
openstackgerritNguyen Van Trung proposed openstack/neutron-lbaas master: Don't quote {posargs} in tox.ini  https://review.openstack.org/60882801:08
openstackgerritNguyen Van Trung proposed openstack/octavia master: Don't quote {posargs} in tox.ini  https://review.openstack.org/60883001:08
openstackgerritcoho proposed openstack/neutron-lbaas-dashboard stable/rocky: sni_container_refs needed if we want to use sni  https://review.openstack.org/61222201:29
openstackgerritcoho proposed openstack/neutron-lbaas-dashboard stable/queens: sni_container_refs needed if we want to use sni  https://review.openstack.org/61222301:30
openstackgerritcoho proposed openstack/neutron-lbaas-dashboard stable/pike: sni_container_refs needed if we want to use sni  https://review.openstack.org/61222401:31
openstackgerritcoho proposed openstack/neutron-lbaas-dashboard stable/ocata: sni_container_refs needed if we want to use sni  https://review.openstack.org/61222501:31
*** annp has joined #openstack-lbaas01:58
*** hongbin has joined #openstack-lbaas02:19
*** hongbin has quit IRC02:35
*** hongbin has joined #openstack-lbaas02:35
*** hongbin_ has joined #openstack-lbaas02:41
*** hongbin has quit IRC02:43
*** hongbin_ has quit IRC04:22
*** ramishra has joined #openstack-lbaas04:23
*** hongbin has joined #openstack-lbaas04:24
*** hongbin has quit IRC04:38
*** yboaron_ has joined #openstack-lbaas04:58
*** ccamposr has joined #openstack-lbaas05:57
*** pcaruana has joined #openstack-lbaas06:21
*** bzhao__ has joined #openstack-lbaas06:42
*** yamamoto has quit IRC06:49
*** yamamoto has joined #openstack-lbaas06:49
*** yamamoto has quit IRC06:53
*** yamamoto has joined #openstack-lbaas06:53
*** yamamoto has quit IRC06:55
*** yamamoto has joined #openstack-lbaas06:58
*** pcaruana has quit IRC06:58
*** rcernin has quit IRC06:59
*** yamamoto has quit IRC07:01
*** yamamoto_ has joined #openstack-lbaas07:01
*** rcernin has joined #openstack-lbaas07:05
*** yboaron_ has quit IRC07:06
*** rcernin has quit IRC07:07
*** pcaruana has joined #openstack-lbaas07:13
openstackgerritZhaoBo proposed openstack/octavia master: [WIP] Add client_ca_tls_container_ref to Octavia v2 listener API  https://review.openstack.org/61226707:33
openstackgerritZhaoBo proposed openstack/octavia master: WIP: Add an option to the Octavia V2 listener API for client cert  https://review.openstack.org/61226807:33
openstackgerritZhaoBo proposed openstack/octavia master: WIP: add more option for certification Optional type  https://review.openstack.org/61226907:33
openstackgerritZhaoBo proposed openstack/octavia master: WIP: add new ssl header for client certificate  https://review.openstack.org/61227007:33
openstackgerritZhaoBo proposed openstack/octavia master: WIP:L7rule support client certificate cases  https://review.openstack.org/61227107:33
*** srini_ has quit IRC07:36
*** velizarx has joined #openstack-lbaas07:52
*** rpittau has joined #openstack-lbaas08:02
*** aojea has joined #openstack-lbaas08:05
*** phuoc has quit IRC08:06
*** celebdor has joined #openstack-lbaas08:13
*** yboaron_ has joined #openstack-lbaas08:35
openstackgerritCarlos Goncalves proposed openstack/octavia stable/queens: Healthmanager shouldn't update NO_MONITOR members  https://review.openstack.org/61228008:36
*** yamamoto_ has quit IRC08:46
*** yamamoto has joined #openstack-lbaas08:46
*** yamamoto_ has joined #openstack-lbaas08:57
*** yamamoto has quit IRC09:00
*** yamamoto_ has quit IRC09:01
*** yamamoto has joined #openstack-lbaas09:01
openstackgerritVadim Ponomarev proposed openstack/octavia master: Add notifications about changed status to worker  https://review.openstack.org/61188209:06
*** salmankhan has joined #openstack-lbaas09:08
*** aojea has quit IRC09:18
*** celebdor has quit IRC09:43
*** yamamoto has quit IRC09:46
*** yamamoto has joined #openstack-lbaas09:47
openstackgerritCarlos Goncalves proposed openstack/octavia stable/queens: Create disabled members in haproxy  https://review.openstack.org/61229609:50
*** celebdor has joined #openstack-lbaas09:52
*** yamamoto has quit IRC09:52
*** aojea has joined #openstack-lbaas09:55
openstackgerritMerged openstack/octavia stable/rocky: Ensure pool object contains the listener_id if passed  https://review.openstack.org/61132110:11
*** yamamoto has joined #openstack-lbaas10:15
openstackgerritVadim Ponomarev proposed openstack/octavia master: Remove unused methods.  https://review.openstack.org/61230510:20
*** aojea has quit IRC10:29
openstackgerritCarlos Goncalves proposed openstack/octavia master: DNM: centos-minimal amphora  https://review.openstack.org/61230910:30
*** annp has quit IRC10:49
openstackgerritVadim Ponomarev proposed openstack/octavia master: Add a soft check for the allowed_address_pairs extension.  https://review.openstack.org/56854610:56
openstackgerritCarlos Goncalves proposed openstack/octavia master: DNM: centos-minimal amphora  https://review.openstack.org/61230911:11
*** aojea_ has joined #openstack-lbaas11:17
*** pcaruana has quit IRC11:26
*** pcaruana has joined #openstack-lbaas11:48
*** aojea_ has quit IRC11:53
*** pcaruana has quit IRC12:12
*** pcaruana has joined #openstack-lbaas12:12
openstackgerritVadim Ponomarev proposed openstack/octavia master: Add notifications about changed status to worker  https://review.openstack.org/61188212:35
*** aojea has joined #openstack-lbaas12:45
velizarxHi guys. Can you review this change (https://review.openstack.org/#/c/611987) faster?12:47
velizarxThis problem affects all new changes :(12:48
*** yamamoto has quit IRC12:50
*** yamamoto has joined #openstack-lbaas12:50
*** yamamoto has quit IRC12:55
openstackgerritNir Magnezi proposed openstack/octavia master: Add posibilities to set default timeouts  https://review.openstack.org/60941812:55
*** yboaron_ has quit IRC13:05
*** yboaron_ has joined #openstack-lbaas13:06
*** yamamoto has joined #openstack-lbaas13:06
*** aojea has quit IRC13:16
*** yboaron_ has quit IRC13:16
*** yboaron_ has joined #openstack-lbaas13:19
openstackgerritMerged openstack/octavia master: Update docs conf.py for openstackdocstheme change  https://review.openstack.org/61198713:43
*** aojea has joined #openstack-lbaas13:50
openstackgerritVlad Gusev proposed openstack/octavia master: Remove unused methods.  https://review.openstack.org/61230513:56
*** yamamoto has quit IRC13:58
*** yamamoto has joined #openstack-lbaas13:59
*** yamamoto has quit IRC14:04
*** ivve has joined #openstack-lbaas14:12
*** aojea has quit IRC14:22
openstackgerritVadim Ponomarev proposed openstack/octavia master: Support create amphora instance from volume based.  https://review.openstack.org/57050514:33
*** yamamoto has joined #openstack-lbaas14:41
openstackgerritVadim Ponomarev proposed openstack/octavia master: Add notifications about changed status to worker  https://review.openstack.org/61188214:55
*** ramishra has quit IRC14:59
openstackgerritVadim Ponomarev proposed openstack/octavia master: Add a soft check for the allowed_address_pairs extension.  https://review.openstack.org/56854615:01
*** yboaron_ has quit IRC15:05
*** pcaruana has quit IRC15:12
*** ccamposr has quit IRC15:13
*** aojea has joined #openstack-lbaas15:15
*** emccormick has joined #openstack-lbaas15:42
*** aojea has quit IRC15:48
*** celebdor has quit IRC15:52
emccormickHi all. Is anyone here familiar with the kernel parameters that get set in /etc/sysctl.d/ on the amphora haproxy image?15:54
xgerman_they should aLL be documented as part of the image build15:54
emccormickI was noticing lots of things in there that I would like to be set, however they don't actually seem to be getting loaded15:54
xgerman_mmh, what OS are you on?15:55
emccormickWell, for example the image has net.netfilter.nf_conntrack_buckets.conf which sets net.netfilter.nf_conntrack_buckets = 12500015:55
emccormickdefault ubuntu15:55
xgerman_ok, that’s strange since we do most of our testing on ubuntu…15:56
emccormickI literally fed nothing to it. Just ran diskimage-create.sh with no arguments15:56
xgerman_johnsom: ?15:56
emccormickyeah that's why I used it ;)15:56
emccormickdidn't want to start off too adventurous15:56
emccormickwhat's actually loaded is just the system default15:56
emccormicknet.netfilter.nf_conntrack_buckets = 1638415:56
xgerman_there is now actually some decent centOS support15:57
johnsomo/15:57
xgerman_o/15:57
emccormickxgerman_ That's round 2 for me ;)15:57
xgerman_:-)15:57
emccormickguessing johnson is Michael Johnson?15:58
johnsomYes, that would be me.15:58
xgerman_yep15:58
emccormickI'm the one that was asking the SSL questions on the ML. Thanks for your reply :)15:58
emccormickGot it resolved and replied back15:58
johnsomNot sure what the question is, but the current kernel tuning settings we are using are here: https://github.com/openstack/octavia/blob/master/elements/haproxy-octavia/post-install.d/20-haproxy-tune-kernel15:58
johnsomNote, some of these get applied inside the network namespace, some out depending on their scope15:59
xgerman_the problem is they are not being applied15:59
emccormickThe question is: I see the tuning files created. However they don't seem to get applied15:59
emccormickroot@amphora-22809127-bad0-4cbe-a738-a83f70f2ef1c:/etc/sysctl.d# sysctl -n net.netfilter.nf_conntrack_buckets16:00
emccormick1638416:00
johnsomDoes the LB have a listener? I would check after you have added a listener to the LB16:00
emccormickhmm. not yet.16:00
emccormickanother lack of workflow understanding perhaps ;)16:00
johnsomAh, conntrack, also note, depending on the version of the amphora you are using, we leave conntrack disabled, so those settings will stay at the default.16:00
johnsomI think only Rocky loads conntrack as we needed it for the UDP support.  Prior to that, we didn't load it as it was just overhead.16:01
johnsomThis is why there is a "|| true" in that file I linked. They will fail to set if conntrack is not active on the amphroa instance16:02
emccormickhmm. ok16:03
emccormickyeah that must be it. I'm using queens.16:04
emccormickI definitely need to set those for my use-case. I have a very busy site that dies without it16:04
johnsomYeah, check this one: net.ipv4.ip_nonlocal_bind16:04
johnsomIt is critical for our setup. If they are being applied, it will be 116:05
emccormickset to 116:05
emccormickI made a listener but haven't added any pool to it yet16:05
johnsomOk, so they are being applied.  Now, for those conntrack settings. If conntrack is not even loaded into the kernel, you don't need to set those.16:06
johnsomIn fact, you can't set them16:07
emccormickI guess I've never tried flying without it ;)16:07
johnsomHow busy is this busy  site?  requests per second and bandwidth wise?16:07
emccormickwell, we've had up to about 15,000 concurrent users16:08
emccormickheavy media site with lots of page elements16:08
emccormicktrying to see requests / second16:09
emccormickwe hit that conntrack table full problem which is what led me to increasing it16:09
emccormicknot very good with these analytics reports ;). Looks like a slow week is around 1M pageviews per week16:13
emccormicka more busy week is at least double that16:14
johnsomOk, I understand.  On queens you might be tight on what the amp can handle. There was some performance tuning patches that went in that boosts it to 30,000k with the stock amp. Let me look at where we backported that.16:14
johnsomemccormick You are going to want the jinja template changes from this patch: https://review.openstack.org/#/c/598379/16:17
johnsomIt's easy enough to apply those changes locally, either with the template override or just a local change/patch.16:18
johnsomThat will boost your requests per second.16:18
johnsomGoiing forward, with the flavors changes we expect to be able to scale the standalone/active/standby amp more in Stein, and then in a later release Active/Active is still in progress.16:19
emccormicknice16:19
emccormickEven though I'm using Queens APIs, would I be better building the image off of Rocky? Or would that break things?16:20
emccormickI'm probably going to upgrade to Rocky shortly anyway. Just waiting the Kolla release ;)16:20
johnsomIt *should* work, but two versions back we don't have gates testing (would be nice though). So, personally I would at least try it.  Most of us run newer full stack of Octavia on older clouds.16:21
johnsomAh, yeah, can't talk much to Kolla. One of the other cores uses it, but he is on vacation for a while.16:21
emccormickI hacked my way through those problem at least ;)16:22
emccormickDid you backport that patch anywhere or it's just in master?16:22
johnsomIt looks like it is only in master at the moment16:25
johnsomAs I remember, there was an issue with it and CentOS, since CentOS has such an old version of HAproxy. So it might be a bit complicated to backport.16:26
openstackgerritGerman Eichberger proposed openstack/octavia master: Allows failover if port is not deallocated by nova  https://review.openstack.org/58586416:28
openstackgerritMichael Johnson proposed openstack/octavia master: Bring up secondary IPs on member networks  https://review.openstack.org/61146016:29
emccormickjohnson ok, thanks a lot. I'll try and pick out those changes and see what I get16:29
johnsomOk, cool.  Also, you are still looking for help on the certificate thing right? (not caught up on e-mail yet)16:30
openstackgerritMichael Johnson proposed openstack/octavia master: Don't quote {posargs} in tox.ini  https://review.openstack.org/60883016:34
*** aojea has joined #openstack-lbaas16:41
emccormickjohnson I got it figured out. Kolla deploys only one set of certificates, and apparently having the same CA for both client and server certificates breaks things17:01
emccormickOnce I split out the certificates and hacked Kolla to deploy both it came up17:01
johnsomOk17:01
emccormickI hope to document this stuff when I'm done, and also get Kolla doing thing properly. I stole pieces of OSA to make it all go.17:02
johnsomYeah, I have been wanting to write the detailed install guide for years, it's just getting it to the top of the priority list....17:06
openstackgerritMichael Johnson proposed openstack/octavia-tempest-plugin master: Add traffic tests using an IPv6 VIP  https://review.openstack.org/61198017:07
*** aojea has quit IRC17:15
*** pcaruana has joined #openstack-lbaas17:27
*** salmankhan has quit IRC17:29
*** irclogbot_3 has joined #openstack-lbaas17:34
emccormickhmm. Looks like this would prevent me from running a newer amphora image anyway17:41
emccormickThe fix for the hmac.compare_digest on python3 requires you to upgrade your health managers before updating the amphora image. The health manager is compatible with older amphora images, but older controllers will reject the health heartbeats from images with this fix.17:41
emccormickthat's in Rocky17:41
*** irclogbot_3 has quit IRC17:56
*** pcaruana has quit IRC17:57
*** irclogbot_3 has joined #openstack-lbaas18:06
*** aojea has joined #openstack-lbaas18:07
*** abaindur has joined #openstack-lbaas18:32
*** abaindur has quit IRC18:32
*** abaindur has joined #openstack-lbaas18:33
*** aojea has quit IRC18:39
openstackgerritMerged openstack/octavia master: Fix logging error in get_current_loadbalancer_from_db  https://review.openstack.org/60996419:03
*** irclogbot_3 has quit IRC19:14
*** irclogbot_3 has joined #openstack-lbaas19:15
*** aojea has joined #openstack-lbaas19:17
openstackgerritGerman Eichberger proposed openstack/octavia master: Allows failover if port is not deallocated by nova  https://review.openstack.org/58586420:23
*** irclogbot_3 has quit IRC20:27
*** ivve has quit IRC20:48
*** emccormick has quit IRC20:48
*** fnaval has joined #openstack-lbaas21:10
*** dmellado has quit IRC21:32
*** aojea has quit IRC21:41
*** fnaval has quit IRC22:12
*** colby_ has quit IRC22:16
*** salmankhan has joined #openstack-lbaas22:28
*** salmankhan has quit IRC22:43
*** rcernin has joined #openstack-lbaas22:46
*** rcernin_ has joined #openstack-lbaas23:28
*** rcernin has quit IRC23:30
*** celebdor has joined #openstack-lbaas23:55
« Sunday, 2018-10-21 Index Tuesday, 2018-10-23 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!