Friday, 2019-03-01

« Thursday, 2019-02-28 Index Saturday, 2019-03-02 »
*** abaindur__ has quit IRC00:00
*** abaindur has quit IRC00:05
*** abaindur has joined #openstack-lbaas00:05
*** abaindur_ has joined #openstack-lbaas00:08
*** celebdor1 has quit IRC00:08
*** abaindur has quit IRC00:10
*** yamamoto_ has quit IRC00:10
openstackgerritMichael Johnson proposed openstack/python-octaviaclient master: Add enable_tls option into Pool CLI  https://review.openstack.org/62426500:10
*** yamamoto has joined #openstack-lbaas00:14
*** yamamoto has quit IRC00:20
openstackgerritMichael Johnson proposed openstack/octavia master: Add 2 new fields into Pool API for support re-encryption  https://review.openstack.org/61444700:20
openstackgerritMichael Johnson proposed openstack/octavia master: Add boolean tls_enabled option into Pool  https://review.openstack.org/62426400:20
openstackgerritMichael Johnson proposed openstack/octavia master: Amp driver support sni option to send the hostname to backend  https://review.openstack.org/62426700:20
openstackgerritMichael Johnson proposed openstack/octavia master: Fix an amphora driver bug for TLS client auth  https://review.openstack.org/64023200:38
*** trown is now known as trown|outtypewww00:39
*** yamamoto has joined #openstack-lbaas00:46
*** yamamoto has quit IRC00:50
*** strigazi has quit IRC00:55
*** strigazi has joined #openstack-lbaas00:56
*** strigazi has quit IRC01:05
*** strigazi has joined #openstack-lbaas01:05
*** abaindur has joined #openstack-lbaas01:24
*** abaindur_ has quit IRC01:25
*** abaindur_ has joined #openstack-lbaas01:28
*** henriqueof has quit IRC01:30
*** abaindu__ has joined #openstack-lbaas01:31
*** abaindu__ is now known as abaindur__01:31
*** abaindur has quit IRC01:31
*** abaindur_ has quit IRC01:33
*** abaindur has joined #openstack-lbaas01:34
*** abaindur_ has joined #openstack-lbaas01:36
*** abaindur__ has quit IRC01:36
*** abaindur has quit IRC01:38
*** abaindur has joined #openstack-lbaas01:39
*** abaindur_ has quit IRC01:41
*** yamamoto has joined #openstack-lbaas02:00
*** Dinesh_Bhor has joined #openstack-lbaas02:21
*** abaindur_ has joined #openstack-lbaas02:40
*** abaindu__ has joined #openstack-lbaas02:43
*** abaindur has quit IRC02:43
*** abaindu__ is now known as abaindur__02:43
*** abaindur_ has quit IRC02:45
*** hongbin has joined #openstack-lbaas02:46
*** abaindur has joined #openstack-lbaas02:47
*** abaindur_ has joined #openstack-lbaas02:50
*** abaindur__ has quit IRC02:50
*** abaindur has quit IRC02:52
*** abaindur_ has quit IRC02:52
*** yamamoto has quit IRC03:04
*** fnaval has quit IRC03:08
*** fnaval has joined #openstack-lbaas03:11
*** fnaval has quit IRC03:11
*** psachin has joined #openstack-lbaas03:12
*** ramishra has joined #openstack-lbaas03:14
*** yamamoto has joined #openstack-lbaas03:48
*** ramishra has quit IRC04:09
*** ramishra has joined #openstack-lbaas04:09
*** yamamoto has quit IRC04:10
*** Dinesh_Bhor has quit IRC04:29
*** hongbin has quit IRC04:40
*** yamamoto has joined #openstack-lbaas04:49
*** Dinesh_Bhor has joined #openstack-lbaas04:50
*** yamamoto has quit IRC04:54
*** yamamoto has joined #openstack-lbaas05:53
*** yamamoto has quit IRC05:58
*** abaindur has joined #openstack-lbaas05:58
*** abaindur has quit IRC05:59
*** Dinesh_Bhor has quit IRC05:59
*** abaindur has joined #openstack-lbaas05:59
*** Dinesh_Bhor has joined #openstack-lbaas06:02
*** ivve has joined #openstack-lbaas06:34
*** mkuf has quit IRC07:05
openstackgerritMerged openstack/neutron-lbaas master: Update neutron quota_driver path  https://review.openstack.org/63982907:05
*** ccamposr has joined #openstack-lbaas07:05
*** yamamoto has joined #openstack-lbaas07:08
*** yamamoto has quit IRC07:13
*** mkuf has joined #openstack-lbaas07:21
*** yamamoto has joined #openstack-lbaas07:46
*** Dinesh_Bhor has quit IRC08:01
*** abaindur has quit IRC08:01
*** Dinesh_Bhor has joined #openstack-lbaas08:08
*** AlexStaf has joined #openstack-lbaas08:09
*** luksky has joined #openstack-lbaas08:34
*** celebdor1 has joined #openstack-lbaas08:40
*** ramishra has quit IRC08:52
*** AlexStaf has quit IRC08:54
*** salmankhan has quit IRC09:01
*** yamamoto has quit IRC09:04
*** yamamoto has joined #openstack-lbaas09:05
*** AlexStaf has joined #openstack-lbaas09:27
*** jiteka has quit IRC10:20
*** eandersson has quit IRC10:20
*** jiteka has joined #openstack-lbaas10:25
*** celebdor1 has quit IRC10:26
*** salmankhan has joined #openstack-lbaas10:29
*** AlexStaf has quit IRC10:32
*** salmankhan1 has joined #openstack-lbaas10:33
*** salmankhan has quit IRC10:36
*** salmankhan1 is now known as salmankhan10:36
*** yamamoto has quit IRC10:45
*** luksky has quit IRC10:56
*** ramishra has joined #openstack-lbaas10:57
*** luksky has joined #openstack-lbaas11:09
zigoHi there.11:21
zigoAnyone around?11:21
zigojohnsom: Are you there?11:21
*** yamamoto has joined #openstack-lbaas11:21
*** luksky has quit IRC11:22
*** Dinesh_Bhor has quit IRC11:24
*** yamamoto has quit IRC11:32
*** yamamoto has joined #openstack-lbaas11:35
*** yamamoto has quit IRC11:35
cgoncalveszigo, can I be of any help? johnsom is located in western US.11:38
zigocgoncalves: I'm still having issue with the Octavia PKI.11:38
zigooctavia-worker gets a SSL: CERTIFICATE_VERIFY_FAILED.11:38
zigoI'm trying to figure out why...11:38
zigocgoncalves: When trying with Curl, I get:11:39
zigocurl: (35) error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding11:39
zigoI'm guessing my root CA is badly configured ...11:40
cgoncalveszigo, I didn't follow previous discussions you might have had about that.11:41
cgoncalveszigo, when does that happen? what are you curling?11:42
zigocgoncalves: The amphora-agent.service on port 9443.11:42
*** yamamoto has joined #openstack-lbaas11:43
cgoncalveszigo, have you followed the certificate guide? https://docs.openstack.org/octavia/latest/admin/guides/certificates.html11:46
zigocgoncalves: I did, and it failed on me...11:46
*** yamamoto has quit IRC11:47
cgoncalvesI must confess I am not super familiar with this area so apologies for random questions11:47
zigoWith SSL: CERTIFICATE_VERIFY_FAILED11:47
zigoOk.11:47
cgoncalveshmm ok. let me check11:47
zigo# curl https://10.52.234.8:9443/0.5/info11:49
zigocurl: (35) error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding11:49
cgoncalveszigo, which python version are you running?11:49
zigoPython 3.5.11:49
zigoThe Debian packages that I take care of (since Cactus in 2011) have long moved to Python 3.11:49
zigoIn the semi-official stretch-backport repo that I maintain, it's 3.5, and Sid/Buster has 3.7.11:50
zigoHere, in my PoC, it's 3.5.11:50
cgoncalvesok. asked because seems that server certificate verification has been introduced in 2.7.9 from what I read11:50
zigoOk.11:50
zigoWell, it doesn't look like a python problem, since curl has the issue too.11:51
zigocgoncalves: Is there a way to ignore ssl errors with requests?11:52
zigoI'd like to at least validate that everything else works ...11:52
cgoncalvesrequests.get(url, verify=False)11:53
cgoncalvesalso: curl --insecure url11:54
zigoYeah, this worked ! :)11:54
zigoI guess, what I'm searching, is where to add the verify=False in the octavia's code.11:55
zigoThere's no requests.get in /usr/lib/python3/dist-packages/octavia/amphorae/drivers/haproxy/rest_api_driver.py11:55
*** henriqueof has joined #openstack-lbaas11:55
zigoMaybe requests.Session(verify=False) ?11:56
zigoLooks like it. Let's try ! :)11:57
*** yamamoto has joined #openstack-lbaas12:11
*** luksky has joined #openstack-lbaas12:18
*** yamamoto has quit IRC12:50
*** trown|outtypewww is now known as trown13:16
*** yamamoto has joined #openstack-lbaas13:27
*** yamamoto has quit IRC13:30
*** yamamoto has joined #openstack-lbaas13:30
*** celebdor1 has joined #openstack-lbaas13:31
rm_workYou should not do that14:15
rm_workThe verification code is specifically required for safety there14:15
rm_workIf you're getting failures, it is because of a misconfiguration, which you should resolve14:16
rm_workUnfortunately it is a bit complicated with the certs, but I promise if you follow the certificate setup guide 100% accurately, it *will* work14:17
rm_workzigo: https://docs.openstack.org/octavia/latest/admin/guides/certificates.html#creating-the-certificate-authorities14:18
zigorm_work: I promise you that I followed it by the letter !!!14:18
zigoLike, 3 times...14:19
rm_workIt's also possible you have time sync issues? Did you check the clock on the controller versus the clock on the amphora?14:19
zigoNop.14:20
zigoSync is done correctly.14:20
rm_workI know I have seen that exact error before, with the bad padding...14:20
rm_workI'm trying to remember exactly what it was14:21
rm_workBut I do remember that I was able to resolve it14:21
rm_workIf you disable the verification there, you will cause a severe vulnerability14:21
rm_workI personally followed that cert guide when i reviewed the patch adding it to our docs about two months ago, and it absolutely worked. So if you followed it exactly and it's not working, and there are no clock drift issues, then there must be something broken in one of the Debian-specific libs involved, possibly the ssl lib itself14:26
rm_workAre you doing your testing on a cloud instance somewhere that you could give me access to? I don't have any clouds at the moment that include Debian images14:27
rm_workAh, I'm out for a while unfortunately, I'll be back on in ~5 hours14:30
rm_workBut good luck! If you're still having trouble, I can try to help you tomorrow.14:31
zigoNo worries.14:46
zigoThanks for the help so far.14:46
zigorm_work: I can't give out access, I'm afraid, no.14:47
zigoI'd have to setup a specific system for this.14:47
zigoThis thing where I'm trying to have Octavia is half set in production, others are using it.14:47
*** ccamposr has quit IRC14:59
*** ccamposr has joined #openstack-lbaas15:00
*** ccamposr has quit IRC15:08
*** ivve has quit IRC15:26
mlozaHello, I'm getting SSLError when I try access the octavia-dashboard in Horizon15:49
mlozathis is the log file http://sprunge.us/pmzrR015:49
*** luksky has quit IRC16:20
*** yamamoto has quit IRC16:23
*** yamamoto has joined #openstack-lbaas16:26
*** yamamoto has quit IRC16:31
*** sapd1 has quit IRC16:32
*** psachin has quit IRC16:38
*** luksky has joined #openstack-lbaas16:51
*** yamamoto has joined #openstack-lbaas17:06
*** ivve has joined #openstack-lbaas17:08
*** yamamoto has quit IRC17:11
*** fnaval has joined #openstack-lbaas17:16
*** trown is now known as trown|lunch17:31
*** roukoswarf has joined #openstack-lbaas17:35
*** ramishra has quit IRC17:37
*** irclogbot_1 has joined #openstack-lbaas18:11
*** trown|lunch is now known as trown18:37
*** ivve has quit IRC18:39
*** yboaron_ has quit IRC18:42
*** yamamoto has joined #openstack-lbaas18:54
*** yamamoto has quit IRC18:59
*** celebdor1 has quit IRC19:13
*** dmellado has quit IRC19:44
*** dmellado has joined #openstack-lbaas19:45
*** ivve has joined #openstack-lbaas19:47
*** irclogbot_1 has quit IRC19:50
*** irclogbot_1 has joined #openstack-lbaas20:03
*** salmankhan has quit IRC20:41
*** yamamoto has joined #openstack-lbaas20:42
*** yamamoto has quit IRC20:48
*** abaindur has joined #openstack-lbaas20:55
*** abaindur has quit IRC20:56
*** abaindur has joined #openstack-lbaas20:57
*** salmankhan has joined #openstack-lbaas21:09
*** salmankhan has quit IRC21:14
*** celebdor1 has joined #openstack-lbaas21:20
*** irclogbot_1 has quit IRC21:36
*** ivve has quit IRC22:16
*** henriqueof has quit IRC22:27
*** yamamoto has joined #openstack-lbaas22:31
*** yamamoto has quit IRC22:35
*** beisner_ has joined #openstack-lbaas22:45
*** fnaval has quit IRC22:45
*** celebdor1 has quit IRC22:47
*** xgerman has quit IRC22:52
*** beisner has quit IRC22:52
*** beisner_ is now known as beisner22:52
rm_workzigo: yeah np figured you just had some test deployment on a VM you were using for packaging stuff22:58
rm_workif it's a real prod deploy... yeah definitely don't skip that verification, lol22:58
*** roukoswarf has quit IRC23:15
*** luksky has quit IRC23:15
*** abaindur has quit IRC23:20
*** sapd1 has joined #openstack-lbaas23:33
*** abaindur has joined #openstack-lbaas23:36
*** mloza has quit IRC23:42
*** mloza has joined #openstack-lbaas23:43
mlozahello, I have a loadbalancer created with operating status offline but it works as I can connect to the VIP23:43
mlozaWhat triggers the operating status to go offline?23:44
« Thursday, 2019-02-28 Index Saturday, 2019-03-02 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!