Tuesday, 2018-12-11

rm_work	johnsom: i'm just not seeing how this patch helps unless "fixed_ips" contains more than one address, and I'm not sure how it would?	00:12
rm_work	wait, is this inside the amp? or not	00:14
openstackgerrit	Michael Johnson proposed openstack/octavia master: Adds flavor support to the amphora driver https://review.openstack.org/621323	00:14
rm_work	ah yeah ok it is	00:15
johnsom	rm_work It's inside	00:15
rm_work	naming collision with something we use outside confused me	00:15
rm_work	so we pass the port_info into the request to the amp	00:16
rm_work	which includes the fixed_ips list	00:16
rm_work	but I'm not sure what case we'd generate that with multiple IPs	00:16
johnsom	Nova tells us that list when we get the port back	00:16
rm_work	right ok	00:17
rm_work	but this goes back to "how does nova know what subnet we want"	00:17
rm_work	and why would nova ever give us a port with multiple	00:17
johnsom	I don't think it does, I think it sends them all in the way we are asking for stuff.	00:17
rm_work	so this takes care of the case of them not coming up right internally, assuming it's set up properly externally	00:17
rm_work	but we would never add the right subnets to the ports	00:18
johnsom	right, basically we were getting a list len > 1 and we were only setting up one address	00:18
rm_work	because i think it's pure dumb luck this works at all	00:18
johnsom	That patch makes it bring them all up	00:18
rm_work	because per earlier, we appear to just ask nova for a port on a network	00:18
rm_work	and it guesses what subnet	00:18
rm_work	because we never specify that	00:18
johnsom	No, neutron will give ALL subnets on the network back in the port details	00:18
rm_work	errr, that's not true	00:19
rm_work	i'm looking at one right now	00:19
johnsom	If we specify it would only be one	00:19
rm_work	if i create a port on a network in neutron	00:19
rm_work	hmmmm ok	00:20
rm_work	so it does	00:20
rm_work	if i just "create a port"	00:20
rm_work	but i'm looking at ports on LBs	00:20
rm_work	oh, maybe it also does?	00:20
rm_work	one sec	00:20
rm_work	hmm no	00:21
rm_work	err wtf	00:21
rm_work	ok give me a minute	00:21
rm_work	the ports aren't actually bound to the server?	00:22
johnsom	https://www.irccloud.com/pastebin/q7PpjFFK/	00:23
rm_work	ok that's not what I get	00:24
rm_work	http://paste.openstack.org/show/UcqKSu5lHm6SEDZFSd72/	00:25
rm_work	that's one of the two subnets on the network	00:25
rm_work	it didn't bind the ipv4 subnet on that port	00:26
rm_work	do i need the patch for that to happen correctly?	00:26
johnsom	No, that is master + my flavors stuff, but not the IPv6 fixes	00:27
rm_work	hmmm	00:27
johnsom	It has worked that way for me for years frankly	00:27
rm_work	so on devstack, the private network has two subnets, right?	00:27
johnsom	Mine does as I'm IPv6 enabled on the host	00:27
rm_work	private-subnet and ipv6-private-subnet	00:27
rm_work	yes	00:27
rm_work	so	00:28
johnsom	yeah	00:28
rm_work	i'm creating a new LB	00:28
johnsom	I do: openstack loadbalancer create --name lb1 --vip-subnet-id private-subnet	00:28
johnsom	An that is what created the port I pasted you	00:28
rm_work	right ok	00:28
rm_work	so i just did that	00:28
rm_work	waiting for it to come up	00:29
*** yamamoto has quit IRC		00:49
rm_work	hmmmmmmm	00:51
rm_work	so when i make an LB with ipv4 VIP, it does like yours	00:52
*** PagliaccisCloud has joined #openstack-lbaas		00:52
rm_work	when I make it with an ipv6 VIP...	00:52
rm_work	the ports only get ipv6, no ipv4	00:52
rm_work	SO	00:52
rm_work	when I create a member with an ipv6 subnet specified, it creates the port with only ipv6	00:53
rm_work	and then when i add a member with ipv4, it doesn't do anything with the port, and there's no ipv4 routes	00:53
rm_work	but i bet if i do it the other way around, it'll be ok?	00:53
openstackgerrit	Michael Johnson proposed openstack/octavia master: Add provider driver capabilities API https://review.openstack.org/624190	00:54
openstackgerrit	Michael Johnson proposed openstack/octavia master: Add provider driver capabilities API https://review.openstack.org/624190	00:54
rm_work	ahhhh yeah wow even with the VIP, when I tell it to make one on private-subnet, i get an ipv4 and ipv6 VIP O_o	00:59
rm_work	but if i tell it to make it on the ipv6-private-subnet it does not get both	01:01
rm_work	must be a neutron peculiarity	01:01
rm_work	they assume "you always get ipv6 no matter what"	01:02
johnsom	I know we have some funky code for "picking" subnets/addresses for the VIP	01:05
rm_work	hmmm ahhh maybe i'm having issues because of that	01:06
rm_work	yeah hah i bet	01:06
rm_work	one sec	01:06
rm_work	ok yeah	01:12
rm_work	so your patch fixes it	01:13
rm_work	the issue I was having was specifically because I was doing member on vip network	01:13
rm_work	and i was using an ipv6 VIP	01:13
rm_work	which then didn't allow an ipv4 member	01:13
rm_work	>_<	01:13
rm_work	but if i use your patch and do an ipv6 vip on a DIFFERENT subnet from my members, it works fine	01:14
rm_work	johnsom: were you maintaining that patch or no	01:14
rm_work	johnsom: i'd like to merge it, but it needs a test or something...	01:14
johnsom	I moved on and will eventually circle back, but feel free to take it and run	01:14
rm_work	k	01:15
rm_work	i'l see if i can figure out where to add an appropriate test	01:15
rm_work	ugh i want to submit a fix for the test i was debugging earlier even if i won't be updating the code lol	01:15
openstackgerrit	Adam Harwell proposed openstack/octavia master: demystify the calculate_network_delta unit test https://review.openstack.org/624259	01:18
openstackgerrit	Michael Johnson proposed openstack/octavia master: Add provider driver capabilities API https://review.openstack.org/624190	01:18
*** ianychoi has quit IRC		01:20
openstackgerrit	Michael Johnson proposed openstack/octavia master: Adds flavor support to the amphora driver https://review.openstack.org/621323	01:24
openstackgerrit	Michael Johnson proposed openstack/octavia master: Add provider driver capabilities API https://review.openstack.org/624190	01:24
rm_work	ok, tomorrow	01:28
rm_work	i'll figure that out	01:28
openstackgerrit	ZhaoBo proposed openstack/octavia master: Add boolean TLS option into Pool for backend re-encryption https://review.openstack.org/624264	03:08
openstackgerrit	ZhaoBo proposed openstack/python-octaviaclient master: Add TLS option into Pool CLI https://review.openstack.org/624265	03:09
*** hongbin has joined #openstack-lbaas		03:15
openstackgerrit	ZhaoBo proposed openstack/octavia master: WIP: Add boolean TLS option into Pool for backend re-encryption https://review.openstack.org/624264	03:26
openstackgerrit	ZhaoBo proposed openstack/octavia master: Amp driver support sni option to send the hostname to backend https://review.openstack.org/624267	03:26
*** bzhao__ has joined #openstack-lbaas		03:28
bzhao__	LOL. ;-)	03:51
openstackgerrit	ZhaoBo proposed openstack/octavia master: Add boolean TLS option into Pool for backend re-encryption https://review.openstack.org/624264	03:54
*** ramishra has quit IRC		03:59
*** yamamoto has joined #openstack-lbaas		04:46
*** jarodwl has joined #openstack-lbaas		05:02
*** hongbin has quit IRC		05:07
*** ramishra has joined #openstack-lbaas		05:26
*** yboaron_ has joined #openstack-lbaas		06:00
*** jmccrory has quit IRC		06:34
*** jmccrory has joined #openstack-lbaas		06:40
*** rcernin has quit IRC		06:43
openstackgerrit	Yang JianFeng proposed openstack/python-octaviaclient master: Add provider command support https://review.openstack.org/624294	07:00
openstackgerrit	xulei proposed openstack/octavia-dashboard master: Modify http to https. https://review.openstack.org/624296	07:08
openstackgerrit	xulei proposed openstack/octavia-dashboard master: Modify http to https. https://review.openstack.org/624296	07:10
*** ramishra has quit IRC		07:15
*** ccamposr has joined #openstack-lbaas		07:34
*** yboaron_ has quit IRC		07:35
openstackgerrit	Yang JianFeng proposed openstack/python-octaviaclient master: Add provider command support https://review.openstack.org/624294	07:40
*** oanson has quit IRC		07:54
*** ramishra has joined #openstack-lbaas		08:01
*** rpittau has joined #openstack-lbaas		08:05
*** gcheresh_ has joined #openstack-lbaas		08:08
*** rpittau has quit IRC		08:09
openstackgerrit	Yang JianFeng proposed openstack/python-octaviaclient master: Add provider command support https://review.openstack.org/624294	08:11
*** velizarx has joined #openstack-lbaas		08:12
openstackgerrit	Reedip proposed openstack/octavia-tempest-plugin master: Modify Member tests for Provider Drivers https://review.openstack.org/598476	08:19
*** rpittau has joined #openstack-lbaas		08:26
*** ramishra has quit IRC		08:44
*** ramishra has joined #openstack-lbaas		08:51
*** yamamoto has quit IRC		09:01
*** yamamoto has joined #openstack-lbaas		09:18
*** rpittau has quit IRC		09:24
*** yamamoto has quit IRC		09:27
*** pbourke_ has quit IRC		09:54
*** yamamoto has joined #openstack-lbaas		10:06
*** salmankhan has joined #openstack-lbaas		10:08
*** yamamoto has quit IRC		10:10
*** salmankhan has quit IRC		10:21
openstackgerrit	Carlos Goncalves proposed openstack/python-octaviaclient master: Add failover an amphora client support https://review.openstack.org/532424	10:21
*** salmankhan has joined #openstack-lbaas		10:21
*** rpittau has joined #openstack-lbaas		10:26
*** yamamoto has joined #openstack-lbaas		10:45
*** yamamoto has quit IRC		10:47
*** tobias-urdin is now known as tobias-urdin\|lun		11:00
*** tobias-urdin\|lun is now known as tobias-urdin_afk		11:01
*** yamamoto has joined #openstack-lbaas		11:11
*** yamamoto has quit IRC		11:16
*** yamamoto has joined #openstack-lbaas		11:16
*** tobias-urdin_afk is now known as tobias-urdin		11:27
*** salmankhan has quit IRC		11:46
*** salmankhan has joined #openstack-lbaas		11:50
*** yamamoto has quit IRC		12:23
*** rpittau is now known as rpittau\|lunch		12:25
*** yamamoto has joined #openstack-lbaas		12:28
*** yamamoto has quit IRC		12:32
openstackgerrit	Merged openstack/octavia master: Correct the base class for v2 l7rules type tests https://review.openstack.org/619397	12:35
*** velizarx has quit IRC		12:49
*** velizarx has joined #openstack-lbaas		13:03
*** yamamoto has joined #openstack-lbaas		13:05
*** rpittau\|lunch is now known as rpittau		13:31
*** aojea_ has joined #openstack-lbaas		13:45
*** reedipb has joined #openstack-lbaas		13:59
*** salmankhan has quit IRC		14:01
*** salmankhan has joined #openstack-lbaas		14:01
reedipb	@johnsom, @xgerman , @cgoncalves : hi	14:02
reedipb	@johnsom, @xgerman , @cgoncalves : I wanted to know a bit about the flavors concept in Octavia	14:02
reedipb	@johnsom, @xgerman , @cgoncalves : precisely my question is , if the flavors functionality for Octavia Provider drivers is enabled, and we have both Amphorae ( which supports L7) and OVN Provider Driver( which supports L4) , and then if the user sends a request to create an HTTP Listener, how would the operation occur?	14:07
openstackgerrit	Arnaud Morin proposed openstack/octavia master: Update requirements for ubuntu https://review.openstack.org/624405	14:08
*** aojea_ has quit IRC		14:14
openstackgerrit	Arnaud Morin proposed openstack/octavia master: Update requirements for ubuntu https://review.openstack.org/624405	14:15
*** salmankhan has quit IRC		14:46
cgoncalves	reedipb, if the LB is provided by the amphora driver, L7 listener creation request will succeed. if by OVN provider driver, it will fail	14:51
*** velizarx has quit IRC		14:53
reedipb	cgoncalves: thanks for the info. I am not sure about the default behavior ( that would be based on implementation of the flavors functionality, I guess). Can you let me know if the flavors functionality is targetted in T release ? or later?	14:56
*** salmankhan has joined #openstack-lbaas		14:59
cgoncalves	reedipb, Michael has started flavor implementation last week or so. the expected plan is to have basic flavor support in Stein	15:05
*** gcheresh_ has quit IRC		15:17
*** oanson has joined #openstack-lbaas		15:17
*** salmankhan1 has joined #openstack-lbaas		15:20
*** salmankhan has quit IRC		15:20
*** salmankhan1 is now known as salmankhan		15:20
johnsom	reedipb: flavors are defined per provider, so the driver has to support them or the settings will be the defaults defined in the octavia.conf. Flavors are a Stein feature and most of the base work is done. I just need to add more settings, docs, client support, and tempest.	15:26
*** aojea_ has joined #openstack-lbaas		15:36
*** ivve has joined #openstack-lbaas		15:37
*** gcheresh_ has joined #openstack-lbaas		15:40
xgerman	reedipb: I would assume the system pick the provider based on the flavor	15:50
openstackgerrit	Arnaud Morin proposed openstack/octavia master: Update requirements for ubuntu https://review.openstack.org/624405	15:51
*** gcheresh_ has quit IRC		15:53
openstackgerrit	Michael Johnson proposed openstack/octavia master: Make the CentOS 7 scenario gate non-voting https://review.openstack.org/623070	16:12
cgoncalves	^ understandably :(	16:15
johnsom	Yeah, we are still seeing failures. Timeout failures to be exact. It looks like the amps aren't booting up in a timely fashion in some runs.	16:16
openstackgerrit	Michael Johnson proposed openstack/octavia master: Add provider driver capabilities API https://review.openstack.org/624190	16:16
brtknr	hmm why does my cloud-controller-manager keep creating multiple loadbalancers for the same service?	16:17
johnsom	Do you have Octavia configured for Active/Standby HA mode? That would cause two instances to be booted for each load balancer	16:18
reedipb	thanks johnsom, xgerman, cgoncalves :)	16:19
openstackgerrit	Michael Johnson proposed openstack/octavia-tempest-plugin master: Adds get_amphora_stats to the service client https://review.openstack.org/585060	16:26
*** rpittau has quit IRC		16:30
*** aojea_ has quit IRC		17:02
*** aojea_ has joined #openstack-lbaas		17:03
*** aojea_ has quit IRC		17:07
*** yamamoto has quit IRC		17:19
*** amuller has joined #openstack-lbaas		17:48
johnsom	rm_work Barbican/Octavia question. In queens, when octavia reaches out to barbican to pull a secret, it is using the "octavia" service account right? Not impersonating the user? I am seeing strange barbican policy failure ERRORs even though I have added the "octavia" user to every RBAC role I can think of....	17:49
*** salmankhan has quit IRC		17:51
*** Swami has joined #openstack-lbaas		18:09
openstackgerrit	Luis Tomas Bolivar proposed openstack/octavia master: Enabling SG customization on loadbalancer listerners https://review.openstack.org/602564	18:15
openstackgerrit	Luis Tomas Bolivar proposed openstack/octavia master: Enabling SG customization on loadbalancer listerners https://review.openstack.org/602564	18:18
jiteka	I noticed that when creating a LB, it comes with a dedicated secgroup named lb-<lb uuid> with 2 rules associated to it	18:21
jiteka	Is it a default logic or due to configuration/misconfiguration on my side	18:21
jiteka	Right now I'm facing this error : ERROR oslo_messaging.rpc.server [req-4964905f-3ac1-4e38-9060-e2ee561cea8d - 57bae527dd574db09f46c04286fb0e39 - - -] Exception during message handling: OverQuotaClient: Quota exceeded for resources: ['security_group_rule'].	18:21
jiteka	At first I was thinking that impacted secgroup quota relate to the project which subnet-id used to create new LB belong to	18:23
openstackgerrit	Swaminathan Vasudevan proposed openstack/neutron-lbaas stable/ocata: Improve speed of listing from DB https://review.openstack.org/624160	18:31
openstackgerrit	Swaminathan Vasudevan proposed openstack/neutron-lbaas stable/pike: Improve speed of listing from DB https://review.openstack.org/624152	18:38
johnsom	jiteka Hi, yes, each LB gets a security group that opens the ports the user specifies for the Listeners.	18:40
johnsom	The account you are running octavia under should have non-default quotas....	18:41
johnsom	Here is how German set it up for OSA: https://github.com/openstack/openstack-ansible-os_octavia/blob/master/defaults/main.yml#L473	18:42
Swami	johnsom: Should we cherry-pick these two patches together ( Based on the commit message in the later it seems there is some dependency in there), can you confirm. https://review.openstack.org/#/c/624152/ and https://review.openstack.org/#/c/624225/.	18:43
*** ccamposr has quit IRC		18:52
johnsom	Swami Yes, I think you need to. Though there is some controversy over the https://review.openstack.org/#/c/624225 patch	18:53
johnsom	https://review.openstack.org/#/c/616763/	18:53
johnsom	Swami Ocata? Really?	18:54
Swami	johnsom: Yes I read the controversy issue in that patch, where someone was trying to revert it.	18:55
Swami	johnsom: Our target is still old, newton.	18:55
*** aojea has joined #openstack-lbaas		18:56
Swami	johnsom: Ok I will cherry-pick both the patches then.	18:56
*** yamamoto has joined #openstack-lbaas		19:17
openstackgerrit	Swaminathan Vasudevan proposed openstack/neutron-lbaas stable/ocata: Updated "create_pool" method in plugin https://review.openstack.org/624468	19:25
openstackgerrit	Swaminathan Vasudevan proposed openstack/neutron-lbaas stable/ocata: Improve speed of listing from DB https://review.openstack.org/624160	19:25
*** fnaval has joined #openstack-lbaas		19:49
jiteka	thanks johnsom	19:59
jiteka	johnsom: do you know if there is a way having octavia not making a security group for every new LB and falling back on a default one when listener ports are the same ? It would avoid to get a massive increase of secgroup-rule based on number of active LBs	20:01
johnsom	Currently we do not have that capability.	20:02
jiteka	johnsom: ok thanks, I will adapt octavia tenant quota then to fix my problem	20:06
*** yamamoto has quit IRC		20:19
*** aojea has quit IRC		21:19
*** amuller has quit IRC		21:19
*** rcernin has joined #openstack-lbaas		21:59
rm_work	johnsom: should be, yes	22:07
openstackgerrit	Hongbin Lu proposed openstack/neutron-lbaas master: [DNM] Test neutron policy-in-code https://review.openstack.org/624510	22:09
rm_work	jiteka: the secgroup is kinda necessary, there's no way a default one would work for all LBs	22:11
rm_work	we could try to flyweight it I GUESS? for like... the most common ones	22:12
rm_work	but that would add a whole lot of complexity :/	22:12
*** yamamoto has joined #openstack-lbaas		22:55
openstackgerrit	Merged openstack/octavia master: Make the CentOS 7 scenario gate non-voting https://review.openstack.org/623070	22:59
openstackgerrit	Adam Harwell proposed openstack/octavia master: Bring up secondary IPs on member networks https://review.openstack.org/611460	23:00
rm_work	johnsom: ^^ testing added	23:00
johnsom	Super, thank you!	23:00
rm_work	it's in a weird place IMO but that's where it was before and I'm not sure I can think of anywhere better <_<	23:00
rm_work	in testing my devstack, this worked fine	23:00
rm_work	so I'm +2 once it passes	23:01
johnsom	Cool. I am having a bad barbican day... Two folks stuck with issues that I don't have answers for today.	23:13
johnsom	The morning was Octavia accessing barbican, we got 403 policy errors no matter what I tried for roles on the account.	23:14
xgerman	yeah, BBQ hates us	23:15
openstackgerrit	German Eichberger proposed openstack/octavia master: Add auditing support to the Octavia API https://review.openstack.org/609854	23:32
xgerman	rebase...	23:33
openstackgerrit	Merged openstack/octavia-lib master: Initial provider driver library checkin https://review.openstack.org/612815	23:41
johnsom	Awesome! We can do a first release of octavia-lib and get it in global-requirements. Super pumped to get that going.	23:42

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!