Monday, 2019-06-03

« Sunday, 2019-06-02 Index Tuesday, 2019-06-04 »
*** ivve has joined #openstack-lbaas00:24
*** rcernin has joined #openstack-lbaas01:09
*** Dinesh_Bhor has quit IRC03:08
*** Dinesh_Bhor has joined #openstack-lbaas03:08
*** ramishra has joined #openstack-lbaas04:24
*** ramishra_ has joined #openstack-lbaas04:28
*** ramishra has quit IRC04:30
*** altlogbot_1 has quit IRC04:36
*** altlogbot_3 has joined #openstack-lbaas04:37
*** ramishra has joined #openstack-lbaas04:51
*** ramishra_ has quit IRC04:53
*** pcaruana has joined #openstack-lbaas05:08
*** sapd1_x has joined #openstack-lbaas06:21
*** ivve has quit IRC06:28
*** gcheresh has joined #openstack-lbaas06:43
*** openstackgerrit has joined #openstack-lbaas06:59
openstackgerritGregory Thiemonge proposed openstack/octavia stable/queens: DNM Testing CI  https://review.opendev.org/66242806:59
*** numans has joined #openstack-lbaas07:00
*** luksky has joined #openstack-lbaas07:12
*** rpittau|afk is now known as rpittau07:19
*** luksky has quit IRC07:23
*** ivve has joined #openstack-lbaas07:36
*** luksky has joined #openstack-lbaas07:39
*** dougwig has quit IRC07:41
*** rm_work has quit IRC07:41
*** icey has quit IRC07:41
*** mnaser has quit IRC07:41
*** devfaz_ has quit IRC07:41
*** mugsie has quit IRC07:41
*** irclogbot_3 has quit IRC07:44
*** irclogbot_2 has joined #openstack-lbaas07:45
*** ccamposr has joined #openstack-lbaas07:46
*** dasp has quit IRC07:47
*** lxkong has quit IRC07:47
*** gcheresh has quit IRC07:49
*** devfaz has joined #openstack-lbaas07:49
*** gcheresh has joined #openstack-lbaas07:49
*** sapd1_x has quit IRC07:51
*** dasp has joined #openstack-lbaas07:52
*** lxkong has joined #openstack-lbaas07:52
*** dougwig has joined #openstack-lbaas07:53
*** icey has joined #openstack-lbaas07:53
*** rm_work has joined #openstack-lbaas07:53
*** mnaser has joined #openstack-lbaas07:53
*** mugsie has joined #openstack-lbaas07:53
*** ramishra has quit IRC08:07
*** happyhemant has joined #openstack-lbaas08:31
openstackgerritCarlos Goncalves proposed openstack/octavia master: Add RHEL 8 amphora support  https://review.opendev.org/63858108:34
*** rcernin has quit IRC08:36
*** ramishra has joined #openstack-lbaas09:20
*** luksky has quit IRC09:27
openstackgerritNir Magnezi proposed openstack/octavia master: Replace AMP_BASEOS with DISTRO_NAME for diskimage-builder RHEL8 img-defaults  https://review.opendev.org/66173710:51
*** trident has quit IRC11:04
*** trident has joined #openstack-lbaas11:06
*** luksky has joined #openstack-lbaas11:24
*** lucashxu has joined #openstack-lbaas11:37
*** lucashxu has quit IRC11:42
*** tesseract has joined #openstack-lbaas11:57
*** icey has quit IRC12:42
*** dougwig has quit IRC12:42
*** lxkong has quit IRC12:43
*** rm_work has quit IRC12:43
*** lxkong has joined #openstack-lbaas12:43
*** dougwig has joined #openstack-lbaas12:43
*** icey has joined #openstack-lbaas12:43
*** rm_work has joined #openstack-lbaas12:47
*** lucashxu has joined #openstack-lbaas12:49
*** lucashxu has quit IRC12:53
*** lucashxu has joined #openstack-lbaas12:53
*** lucasxu has joined #openstack-lbaas12:54
*** lucashxu has quit IRC12:57
*** lucasxu has quit IRC13:00
*** lucashxu has joined #openstack-lbaas13:07
*** boden has joined #openstack-lbaas13:08
*** beisner has quit IRC13:08
*** Vorrtex has joined #openstack-lbaas13:09
*** beisner has joined #openstack-lbaas13:10
*** ccamposr__ has joined #openstack-lbaas13:29
*** ccamposr has quit IRC13:30
*** happyhemant has quit IRC13:33
*** mnaser has quit IRC13:34
*** happyhemant has joined #openstack-lbaas13:35
*** mnaser has joined #openstack-lbaas13:37
*** gthiemon1e has quit IRC13:41
*** gthiemonge has joined #openstack-lbaas13:42
*** yamamoto has joined #openstack-lbaas13:55
openstackgerritMerged openstack/octavia master: Force amp-agent communication to TLSv1.2  https://review.opendev.org/65790113:56
*** yamamoto has quit IRC14:26
*** yamamoto has joined #openstack-lbaas14:27
*** yamamoto has quit IRC14:27
*** yamamoto has joined #openstack-lbaas14:28
*** yamamoto has quit IRC14:33
*** yamamoto has joined #openstack-lbaas14:51
*** spatel has joined #openstack-lbaas14:55
spatelQuestion: How do i give two ip address of octavia vip, like private IP which will talk to www and public IP for outside world to access application?14:57
*** yamamoto has quit IRC14:57
spatelWe are not using floating IP in our cloud. we have VLAN base provider14:57
spateljohnsom: ^^14:57
spatelOR anyone else can help me out14:57
johnsomspatel: when you create the load balancer you define your VIP address that receives connections to the load balancer.  When you add members to the pool you define the subnets the load balancer will connect to the servers over.15:03
*** ccamposr__ has quit IRC15:08
*** irclogbot_2 has quit IRC15:10
spateljohnsom: let me understand, when i am creating VIP its asking me for VIP IP and that would be public IP right?15:10
*** altlogbot_3 has quit IRC15:11
spatelbut when i add member ( which is running on private IP ) how does octavia get private IP to communicate with them?15:11
*** irclogbot_2 has joined #openstack-lbaas15:11
*** altlogbot_3 has joined #openstack-lbaas15:12
johnsomspatel When you create a member, we ask for the subnet that can reach the member. We then hot plug that subnet into the load balancer amphora. It will allocate and IP on the subnet for this.15:13
spatelOh! i got it now..15:15
spatellast question do i need to give my public IP manually? why its not DHCP base?15:16
*** gcheresh has quit IRC15:17
spateljohnsom: look at this screenshot https://imgur.com/a/hwDSoPd15:18
roukit is automatic if you leave it empty.15:20
roukit will hit the neutron ipam magic and get an ip in the subnet15:20
spatelhow does it know which VLAN it should pick IP, i have 3 public VLAN in cloud15:21
roukwell a single subnet can be only in one network, and one network can only have one vlan.... what do you mean?15:21
roukif you mean subnet, and not vlan, then that select box you have expanded is subnets, which should be specific enough15:22
spatelI meant i have multiple public IP vlans like vlan100, vlan200 and they have own associated subnets 100.100.100.0/24 and 200.200.200.0/2415:25
spatelif i want my VIP alway go with vlan200 in that case how does i tell octavia pick IP from vlan200?15:25
roukyou cant listen on multiple vlans like that i dont think, you can use floating ips to direct them to your lb vip in a private subnet.15:25
roukthats what floats/routing is for15:26
*** ccamposr has joined #openstack-lbaas15:26
spatelWe don't use floating IPs, we have VLAN provider where my all instance directly attached to my physical switch VLANs15:26
spatelour instance has direct public IP on eth0 ( NO NATing )15:27
*** ivve has quit IRC15:30
roukthen youre going to need multiple LBs id think. unless someone else has a suggestion15:31
rouknothing wrong with using floats to direct multiple publics to another, really.15:31
*** dasp has quit IRC15:35
johnsomspatel: when you create your VIP you tell it a subnet15:36
roukjohnsom: he wants multiple vips on a single LB in different networks.15:36
roukat least thats what i got.15:37
johnsomAh, cannot do that.15:46
spateljohnsom: I think i am confused or making you guys confused. let me ask question in more details.15:46
spatelI have www box running on 192.168.1.1 subnet and now i need LB so i am going to create one in that case i will pick private subnet in that GUI interface or public subnet?15:48
openstackgerritAnn Taraday proposed openstack/octavia master: [WIP] Use retry for AmphoraComputeConnectivityWait  https://review.opendev.org/66279115:48
johnsomspatel The load balancer create is creating the VIP. The address you want users to connect to when connecting to the load balancer. That is likely your public subnet.15:50
johnsomspatel Then, later, when you add a member to the pool, you will specify the subnet that can reach 192.168.1.1, likely a private subnet.15:51
spatelIn GUI interface no option to tell specify private subnet during adding members in pool15:52
*** dasp has joined #openstack-lbaas15:53
spateli think it may be pick auto IP when we will add member?15:53
johnsomspatel When you select from existing members (not add a new one) it already knows the subnet.15:55
spatelhttps://imgur.com/a/ZOORnFm15:56
spatelso you are saying as soon as i add member LB will get one ip address from that member pool to talk to them?15:56
johnsomIt will automatically get an IP from the member subnet to talk to the member servers, yes15:57
spateldamn! it that is what i was looking for :)15:57
spateli didn't find that details in documentation.15:58
spateljohnsom: you are awesome!15:58
roukoh... that was very different to the field being asked for... lol16:13
*** spatel has quit IRC16:17
*** yamamoto has joined #openstack-lbaas16:22
*** tesseract has quit IRC16:27
*** rpittau is now known as rpittau|afk16:28
*** yamamoto has quit IRC16:30
*** dosaboy has joined #openstack-lbaas16:36
*** ivve has joined #openstack-lbaas16:37
*** spatel has joined #openstack-lbaas16:47
*** luksky has quit IRC16:50
*** ccamposr has quit IRC16:52
*** mithilarun has joined #openstack-lbaas17:21
spatelrouk: sorry, my bad i asked question bad way!17:33
spateljohnsom: i have just spin up one LB and i can see it get private IP from member pool itself.17:34
spatelIn short it works17:34
spatelis there a way i can failover my vip to standby node?17:35
spatelI tried to shutdown primary and i am not seeing my vip failover to standby node17:36
*** Vorrtex has quit IRC17:38
colin-i may be misunderstanding your objective, spatel, but would an individual amphora failover (versus a loadbalancer failover) help here? https://developer.openstack.org/api-ref/load-balancer/v2/index.html?expanded=failover-amphora-detail#failover-amphora17:59
colin-that may trigger the vrrp role transfer i think you're describing17:59
*** mithilarun has quit IRC18:01
*** mithilarun has joined #openstack-lbaas18:02
spatelI thought if i shutdown primary amphora it will auto failover to standby amphora.18:03
*** mithilarun has quit IRC18:06
*** mithilarun has joined #openstack-lbaas18:18
*** mithilarun has quit IRC18:23
*** ramishra has quit IRC18:26
*** lucasxu has joined #openstack-lbaas18:28
colin-i would expect the same outcome in that case, yeah18:30
*** lucashxu has quit IRC18:30
*** mithilarun has joined #openstack-lbaas18:31
colin-i'll probably ask again during the meeting this week but, is anyone using a metric scraping agent (e.g. prometheus) on their amphora with a graphing solution (grafana?) for dashboarding per-LB/Listener/Pool/Member metrics related to the data plane? i'm interestd in how much useful info something like that could expose and wondered if anyone's had success with it18:34
*** gcheresh has joined #openstack-lbaas18:42
bodenjohnsom hi. ping if you get a min please18:42
*** luksky has joined #openstack-lbaas18:43
*** altlogbot_3 has quit IRC18:43
*** altlogbot_2 has joined #openstack-lbaas18:44
roukcolin-: https://storyboard.openstack.org/#!/story/2005812 i opened this a couple days ago due to needing some of this data in the api for rolling upgrades of members18:45
roukconnecting it to some central logger/grapher wouldnt be ideal for exposure to users of the infra, stuff like heat wouldnt be too happy to check prometheus metrics18:49
johnsomspatel The DB fields for role are configuration fields, not status fields. They will never change18:50
johnsomboden Hi18:50
bodenjohnsom hi... so I was looking at how to resolve those octavia.* imports I mentioned the other day... there are a number of things we'd need in octavia-lib to make that work... whats the best way to discuss how to proceed?18:51
bodenI'm willing to do some work, but looking for some direction18:51
johnsomboden We can either chat about them now or you can propose patches.18:51
johnsomboden Happy to chat/help.  Is this the NSX driver you are looking at?18:53
bodenjohnsom: well as you can see in https://opendev.org/x/vmware-nsx/src/branch/master/vmware_nsx/services/lbaas/octavia/octavia_driver.py the octavia.api.drivers import utils is used for various fuinctions18:53
bodennot sure how easy those functions would move over into the lib... seems the might have some ties to the db models?18:54
bodenthe other is octavia.db import api. that's used for get_session()18:54
johnsomYeah, those should not be needed/used by a driver.  They are for translating Octavia internal db models to the driver formats. Thus why they are not in the octavia-lib.18:55
johnsomYeah, ok, this is very troubling: "from octavia.db import api as db_apis"18:55
johnsomDriver should never be accessing the octavia database directly.18:55
johnsomSame here: from octavia.db import repositories18:56
johnsomboden It looks like they are mostly pulling back the project_id: https://opendev.org/x/vmware-nsx/src/branch/master/vmware_nsx/services/lbaas/octavia/octavia_driver.py#L10118:56
johnsomBest answer is to probably expand the driver data model to pass that over with all of the objects.  Right now it only passes it over for the LB18:57
bodenjohnsom hmm... I didn't write this code, nor am I familiar with the impl.... it would take me some digging to understand what even needs to be done here :)18:59
johnsomYeah, I'm not super familiar with it either. Just a quick read over. However, I can tell you it should not be going into our DB. That is almost guaranteed to break that driver.19:00
johnsomboden I wrote up a driver developers guide here: https://docs.openstack.org/octavia/latest/contributor/guides/providers.html19:01
johnsomIn case you haven't seen it. It has the driver data models that are passed to the drivers.19:01
johnsomYeah, this shouldn't need to access our certificate code either, those are all passed over to the drivers.19:02
bodenjohnsom thanks... let me take some more time to read that driver guide and try to understand what the code it doing... I thought this might be a simple discussion, but seems that's not the case19:03
johnsomI think that driver is just translating the objects to dicts and throwing them on a messaging queue, so it's probably a pretty straight forward object translation task.19:06
johnsomWe just need to know what the "to" format looks like.19:07
*** mithilarun has quit IRC19:08
johnsomboden this is very confusing... This is what the Octavia API does before it sends the object over: https://opendev.org/x/vmware-nsx/src/branch/master/vmware_nsx/services/lbaas/octavia/octavia_driver.py#L34319:13
johnsomSo why would the driver be doing this?19:13
johnsomhttps://github.com/openstack/octavia/blob/master/octavia/api/v2/controllers/l7policy.py#L16719:13
bodenjohnsom your guess is as good as mine at the moment... sorry this is new code to me19:13
bodenjohnsom I can talk to dev who wrote it19:14
johnsomboden Ok. I know the Octavia driver stuff very well, so feel free to ask questions or ping me if there is something I can help with. I'm willing to work on patches to help get that driver going.19:14
bodenjohnsom appreciate that... let me spend some time getting to know this code better before I waste more of your time19:15
johnsomOk19:15
*** altlogbot_2 has quit IRC19:20
*** mithilarun has joined #openstack-lbaas19:22
*** altlogbot_1 has joined #openstack-lbaas19:26
roukjohnsom: still no release with the 403 issue fixed? :(19:39
roukdidnt make it into 3.0.1 it seems19:40
roukjohnsom: is there a specific policy.json i can flip to make the 403 issue go away for now? risk for me is pretty low, function is needed.19:48
*** mithilarun has quit IRC19:48
*** gcheresh has quit IRC19:50
spateljohnsom: how do i ssh into amphora instance? I read and doc saying use ssh-key but not sure how do i inject it ?19:54
johnsomrouk: It is in 3.0.120:06
johnsomspatel: Eating lunch, will reply when I am done.20:06
spateljohnsom: no rush enjoy your lunch20:07
*** mugsie_ has joined #openstack-lbaas20:09
*** mithilarun has joined #openstack-lbaas20:13
*** mugsie has quit IRC20:15
*** trident has quit IRC20:18
*** trident has joined #openstack-lbaas20:20
johnsomrouk I wonder if you didn't do the upgrade steps?20:26
* johnsom Notes, I should write an upgrade doc for dashboard....20:26
johnsomspatel This setting: https://docs.openstack.org/octavia/latest/configuration/configref.html#controller_worker.amp_ssh_key_namehttps://docs.openstack.org/octavia/latest/configuration/configref.html#controller_worker.amp_ssh_key_name20:27
johnsomOpps, double paste. https://docs.openstack.org/octavia/latest/configuration/configref.html#controller_worker.amp_ssh_key_name20:27
johnsomIs the nova keypair name that you loaded your private key into. This keypair must be under the octavia service account you have configured.20:28
johnsomThen, at boot, Octavia will load your ssh key into the amphora.20:28
*** Vorrtex has joined #openstack-lbaas20:31
spatelwhere i should put this key?20:32
spateli am running openstack-ansible20:32
spateldo i need to put that in aio1_octavia_server_container-5e2a271d container?20:32
johnsomAh, for OSA, umm, let me look. I'm pretty sure they have a variable you can set for that.20:33
spatelhttps://docs.openstack.org/openstack-ansible-os_octavia/latest/configure-octavia.html#optional-configuring-octavia-with-ssh-access-to-the-amphora20:33
spatelDoc isn't clear about where i should drop that key?20:34
johnsomOh, nice. That is perfect docs.20:34
johnsomThis line: openstack keypair create --public-key <public key file> octavia_key20:34
spateli did upload that key20:34
spatelso all i need to boot instance right and use that private key to ssh in?20:35
johnsomloads the key into nova. So, you run that once from your utility container with the filename that has the private key20:35
johnsomOh, right, sorry, public key. So yes, you have it right20:35
johnsomObviously you have to set that OSA variable and deploy that config20:35
johnsomFor the default Ubuntu based amps the user is ubuntu, for centos it is centos20:36
spatelhmm let me try20:36
spateljohnsom: thanks man! i will let you know after my testing :) thanks for your help20:42
johnsomNP20:43
rm_workJust gonna drop this here: https://samsaffron.com/archive/2019/05/15/tests-that-sometimes-fail20:43
rm_workTimely considering how many rechecks I've done on my TLS patch in the last four days trying to get it to pass <_<20:44
johnsomI will take a look after I finish writing these unit tests....20:44
*** altlogbot_1 has quit IRC20:45
*** spatel has quit IRC20:47
*** mithilarun has quit IRC20:51
*** mithilarun has joined #openstack-lbaas21:05
*** pcaruana has quit IRC21:07
rm_workneed to dive into why that has failed like 6 rechecks21:15
johnsomYeah, I hate that.21:15
rm_workjust looking at the results without diving into logs, it seemed like just a spurious failure because it was like .... py27 scenario or something and the py3 / multinodes were passing21:16
rm_workbut since it's continuously doing it >_>21:16
*** lucasxu has quit IRC21:20
johnsomOk, got the OSC tags module moved to osc-lib so we can use it whenever we get around to finishing the tags work.21:44
*** boden has quit IRC21:44
*** yamamoto has joined #openstack-lbaas21:50
*** yamamoto has quit IRC21:54
*** rcernin has joined #openstack-lbaas21:58
openstackgerritMichael Johnson proposed openstack/octavia master: Remove references to OpenStack Anchor  https://review.opendev.org/66286621:58
johnsomMy tech-debt good deed for the day....21:58
colin-the gitweb links are back, huzzah!21:59
johnsomFYI, I'm going to take a look at the queens branch issue and see if I can help Greg22:07
johnsomOh, nevermind, it looks like he got it already22:08
johnsomOr it fixed itself22:09
*** mithilarun has quit IRC22:23
*** luksky has quit IRC22:28
rm_workI'm sad anchor died, i am not sure WHY it died since it *worked*22:41
rm_workwe were looking at it like, last week22:41
rm_workit seemed like such a good thing22:41
rm_workbut I guess Athenz.io is honestly pretty similar22:41
*** mithilarun has joined #openstack-lbaas22:46
*** Vorrtex has quit IRC23:12
*** mithilarun has quit IRC23:17
*** mithilarun has joined #openstack-lbaas23:17
*** mithilarun has quit IRC23:22
*** AlexStaf has joined #openstack-lbaas23:34
*** AlexStaf has quit IRC23:38
*** rcernin has quit IRC23:43
*** rcernin has joined #openstack-lbaas23:44
« Sunday, 2019-06-02 Index Tuesday, 2019-06-04 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!