Wednesday, 2019-08-21

« Tuesday, 2019-08-20 Index Thursday, 2019-08-22 »
*** ianychoi has quit IRC00:57
*** ianychoi has joined #openstack-lbaas00:59
*** hongbin has joined #openstack-lbaas01:04
*** ricolin has joined #openstack-lbaas01:05
*** dtruong has quit IRC01:24
*** dtruong has joined #openstack-lbaas01:25
*** sapd1_x has joined #openstack-lbaas02:07
*** sapd1_x has quit IRC02:26
*** sapd1_x has joined #openstack-lbaas02:28
*** sapd1_x has quit IRC03:15
*** psachin has joined #openstack-lbaas03:33
*** ajay33 has joined #openstack-lbaas03:58
*** hongbin has quit IRC04:06
*** ramishra has joined #openstack-lbaas04:41
*** sapd1_x has joined #openstack-lbaas05:33
*** sapd1_x has quit IRC06:04
*** ianychoi has quit IRC06:34
*** ianychoi has joined #openstack-lbaas06:34
cgoncalvesrm_work, johnsom: we can schedule a review-athon sometime this week or early next. I'll be on PTO from next Wednesday, back Sept 10th06:51
rm_workKk, sooner is better I think06:52
cgoncalvesrm_work, you can start approving https://review.opendev.org/#/c/673337/ ;)06:53
rm_work:D06:54
rm_workah cool was waiting on that recheck06:54
rm_work+A06:54
rm_workyou could do https://review.opendev.org/#/c/675679/06:55
rm_work;)06:55
*** ianychoi has quit IRC07:00
*** ianychoi has joined #openstack-lbaas07:01
*** gcheresh has joined #openstack-lbaas07:05
*** gcheresh_ has joined #openstack-lbaas07:09
*** gcheresh has quit IRC07:10
*** trident has quit IRC07:10
*** maciejjozefczyk has joined #openstack-lbaas07:12
*** rcernin has quit IRC07:14
cgoncalvesrm_work, reviewing it now07:17
*** trident has joined #openstack-lbaas07:17
cgoncalvesapproved07:22
*** sapd1_x has joined #openstack-lbaas07:25
rm_work:)07:27
cgoncalvesrm_work, believe it or not, last night I dreamed you were stepping down from core. one of the scariest nights of my life07:32
rm_worklolol07:33
rm_worki've been unemployed for 3 months and still stayed core, prolly good for a bit :D07:33
*** ivve has joined #openstack-lbaas07:39
openstackgerritMerged openstack/octavia-lib master: Clean up octavia-lib docs and remove oslo.log  https://review.opendev.org/67567907:39
*** rpittau|afk is now known as rpittau07:40
openstackgerritAdit Sarfaty proposed openstack/neutron-lbaas stable/stein: Prevent deletion of a listener attached to a pool  https://review.opendev.org/67765907:42
openstackgerritAdit Sarfaty proposed openstack/neutron-lbaas stable/stein: Prevent deletion of a listener attached to a pool  https://review.opendev.org/67765907:45
cgoncalvesthis new job log output sucks. it even lost linked log lines07:46
rm_workO_o07:47
rm_workwhat changed? which thing are you looking at?07:48
cgoncalvesrm_work, https://storage.gra1.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/logs_37/673337/12/check/octavia-v2-dsvm-scenario/bd1a54c/controller/logs/screen-n-api.txt.gz08:09
cgoncalvescolors were lost, not possible to get a link to a specific timestamp, not possible to filter by log level08:09
rm_workhuh, yeah that's odd08:11
rm_workah prolly it hasn't been copied over yet08:12
cgoncalvesour gate is broken. something broken in DIB08:12
rm_workthat's from a currently running job?08:12
rm_workstuff just merged like a few hours ago :/08:12
rm_workoh wat08:13
rm_workyeah wow they did totally refactor this08:13
cgoncalvesjob had finished08:13
cgoncalvesanother example: https://b248f48739a903c51cb9-a5dd36e49cc995ae671150d65cd732c0.ssl.cf1.rackcdn.com/659626/7/check/octavia-v2-dsvm-scenario/c0ad46c/controller/logs/screen-o-api.txt.gz08:13
rm_workthough it looks more useful by defauly08:13
cgoncalvesI'll have a look at DIB08:13
rm_work*default08:13
rm_workonce they work out this kink08:14
rm_workthe first page shows me something *actually relevant*08:14
cgoncalveshmm, maybe not DIB but infra. they have DIB elements somewhere08:14
cgoncalveshttps://review.opendev.org/#/c/676120/08:16
cgoncalvesthis is what broke our gate08:16
rm_work:/08:17
rm_workaha yeah08:17
rm_workbbiab08:20
cgoncalvesFYI, fix approved and merging now08:28
*** tkajinam has quit IRC08:29
*** ianychoi has quit IRC08:32
*** ianychoi has joined #openstack-lbaas08:33
*** gcheresh has joined #openstack-lbaas08:36
*** gcheresh_ has quit IRC08:36
rm_workCool lol08:44
rm_workCan you do rechecks on the two (?) patches that failed in gate?08:45
cgoncalvesgate is still running on those two08:46
rm_workgrr ... Rebase? :D08:47
rm_workMaybe I can do it in a sec08:47
rm_workMy impatience is palpable08:48
rm_workAnd +A08:48
*** ccamposr__ has quit IRC08:50
*** ccamposr__ has joined #openstack-lbaas08:50
*** ccamposr__ has quit IRC08:51
*** ccamposr__ has joined #openstack-lbaas08:51
*** yamamoto has joined #openstack-lbaas08:53
openstackgerritAdit Sarfaty proposed openstack/neutron-lbaas stable/stein: Prevent deletion of a listener attached to a pool  https://review.opendev.org/67765909:07
*** gcheresh_ has joined #openstack-lbaas09:14
*** gcheresh has quit IRC09:15
*** yamamoto has quit IRC09:28
*** sapd1_x has quit IRC09:53
ivvehey there, im trying to create a https_terminated listener according to octavia docs(https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html). i've created a test-self-signed certificate and key, converted it to a pkcs12 file and uploaded it to barbican, but i'm getting: could not read x509 from PEM from octavia.09:54
ivvehttps://hastebin.com/qugopixale.rb09:56
ivvehere is how i did it09:56
ivvei can't really spot what i did wrong, i verified the certificate is valid and responds to the key09:58
ivveguessing it has to do with the password request10:08
ivvealso tried just creating the listener to an existing LB10:10
ivveopenstack loadbalancer listener create --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(openstack secret list | awk '/ tls_secret / {print $2}') elk01-loadbalancer_kibana10:10
ivvesame error occurs.. Could not read X509 from PEM (HTTP 500)10:10
openstackgerritAdit Sarfaty proposed openstack/neutron-lbaas stable/stein: Prevent deletion of a listener attached to a pool  https://review.opendev.org/67765910:11
*** rpittau is now known as rpittau|bbl10:14
rm_workivve: is this your cloud? do you have access to logs?10:24
*** yamamoto has joined #openstack-lbaas10:36
ivverm_work: yesbox10:40
ivveill get the traceback from heat and octavia10:41
ivvehere is the traceback form heat (request)10:42
ivvehttps://hastebin.com/apoqegapot.sql10:42
ivvethis is directly from octavia-api.log10:47
ivvehttps://hastebin.com/efezumaqof.sql10:47
rm_workWhelp, that's not very informative10:54
*** yamamoto has quit IRC10:55
cgoncalvesivve, which octavia version is it running?11:05
cgoncalvesivve, could you add "-nodes" to "openssl pkcs12" command and retry?11:08
ivvecgoncalves: when adding -nodes i get the exact same error11:16
ivveopenssl pkcs12 -nodes -export -inkey key.pem -in cert.pem -passout pass: -out secret.p1211:16
ivveCould not read X509 from PEM (HTTP 500)11:17
ivveversion is stein, getting the exact one in a sec11:17
ivveoctavia-api is 4.0.011:18
ivvepython-octaviaclient==1.8.011:19
*** salmankhan has joined #openstack-lbaas11:19
ivveno errors from barbican11:23
ivvehad no problems uploading and downloading the .p12 file, tested that11:24
ivvecreating loadbalancers without the terminated_https works perfectly also11:25
*** dayou has quit IRC11:28
cgoncalvesivve, can you check if you can open the pkcs12 file? "openssl pkcs12 -info -in secret.p12"11:30
ivvecgoncalves: i can, but it queries for password11:31
ivveand i think thats where the problem is11:31
ivvebut im not sure11:31
ivveit does spit out some error regarding the keys tho, due to password being too short11:32
ivveso im guessing the creation of the .p12 file is incorrect11:34
*** salmankhan has quit IRC11:38
*** dayou has joined #openstack-lbaas11:39
ivveis there any way to get the cert/key to octavia without pkcs12 ?11:45
ivveseems pkcs12 is a hassle since the password becomes "" instead of NULL or undefined11:46
ivvethink i solved it11:56
ivvenot fully verified yet, but seems -certfile is needed in addition to -in when converting to pkcs1211:59
cgoncalvesah, probably yeah12:01
cgoncalves"openssl pkcs12 -export -nodes -inkey testcert.key -in testcert.pem -certfile ca.cert.pem -passout pass: -out testcert.p12"12:02
cgoncalves^ this is what I use for testing12:02
ivvei just used cert.pem on both -in and -certfile12:02
ivvesince i only have cert and key12:02
*** rpittau|bbl is now known as rpittau12:10
ivvecgoncalves: would you know what this means?12:21
ivveAmphora agent returned unexpected result code 400 with response {u'message': u'Invalid request', u'details': u"[ALERT] 232/120913 (1626) : http frontend '51fb899a-c461-4118-9b3a-4c1af5f15822' (/var/lib/octavia/51fb899a-c461-4118-9b3a-4c1af5f15822/haproxy.cfg.new:23) tries to use incompatible tcp backend 'd8cdcddb-128c-4157-ba30-ae73e6f11e49' (/var/lib/octavia/51fb899a-c461-4118-9b3a-4c1af5f15822/haproxy.cfg.new:32) as its default backend (see12:22
ivve'mode').\n[WARNING] 232/120913 (1626) : Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n[ALERT] 232/120913 (1626) : Fatal errors found in configuration.\n"}12:22
ivveam i still having issues with my cert or is this something else?12:22
ivveso strange12:32
ivveheat can't find the pool once it is created12:32
ivveResource Create Failed: Notfound: Resources.Pool Kibana: Not Found (Http Fcb7c9bc-1743-4ea3-81cf-827042052d54 Not Found)12:33
ivveit was a pool configuration error13:01
rm_workCan you ssh into the amp and pastebin that haproxy.cfg.new ?13:01
ivvei had it set to https13:01
ivvebut should be http13:01
rm_workAh, ok13:01
ivveso just a brainfart from my side13:02
rm_workBut we really shouldn't allow an invalid config to get that far13:02
rm_workSo it's a bug on our side IMO13:02
rm_workI wonder if we fixed it in master yet...13:02
ivveif protocol: HTTPS it does that13:02
rm_workWhat was the exact config that caused that?13:02
rm_workAhh TLS TERM listener and HTTPS pool13:03
ivvepasting13:03
rm_workYeah ok13:03
ivveyes13:03
rm_workWe shouldn't allow that at the API layer, I think13:03
rm_workWe might have merged better validation... Or maybe it's still pending... But I remember reviewing a patch that seems maybe related13:04
rm_workI bet it's still open :/13:04
*** ccamposr__ has quit IRC13:04
*** ccamposr__ has joined #openstack-lbaas13:05
ivvehttps://hastebin.com/yuqevoyaxu.py13:05
ivvei did some searches but couldn't find any hits (from the errormessage)13:07
ivvei would gladly input my log here if you find it13:08
ivveif its still open13:08
rm_workI'll look later13:09
rm_workBut yeah, that isn't acceptable for us to take the request and ERROR on something that we can totally tell is wrong at validation time13:10
rm_workShould have thrown back a 400 on the original request13:11
rm_workNot put the LB in error 😡13:11
rm_workAlmost positive there's a pool validation patch up somewhere13:12
ivveok, let me know if you want me to add info to the issue13:13
ivveor create a new bug if it doesn't exist13:13
rm_workhttps://review.opendev.org/#/c/594040/13:13
rm_workFound it13:13
rm_workYeah we're aware that combination is bad13:13
rm_workI think we just need to review that patch again and get it fixed or merged13:14
ivveok great13:19
*** tesseract has joined #openstack-lbaas13:22
*** tesseract has quit IRC13:22
*** ccamposr__ has quit IRC13:38
*** ccamposr__ has joined #openstack-lbaas13:38
*** pvradu has joined #openstack-lbaas14:00
*** pvradu has quit IRC14:05
*** gregwork has quit IRC14:14
*** coreycb has quit IRC14:14
*** dougwig has quit IRC14:15
*** xgerman_ has quit IRC14:16
*** logan- has quit IRC14:16
*** irclogbot_2 has quit IRC14:17
*** logan_ has joined #openstack-lbaas14:17
*** irclogbot_0 has joined #openstack-lbaas14:18
openstackgerritMerged openstack/octavia master: Remove amphora-agent build deps  https://review.opendev.org/63915514:18
*** dougwig has joined #openstack-lbaas14:18
*** logan_ is now known as logan-14:18
*** xgerman_ has joined #openstack-lbaas14:18
*** coreycb has joined #openstack-lbaas14:18
*** gregwork has joined #openstack-lbaas14:18
*** pvradu has joined #openstack-lbaas14:36
*** Vorrtex has joined #openstack-lbaas14:41
*** pvradu has quit IRC14:51
xgerman_https://usercontent.irccloud-cdn.com/file/cakevptf/Screen%20Shot%202019-08-21%20at%208.02.22%20AM.png15:02
*** ccamposr__ has quit IRC15:12
*** ccamposr__ has joined #openstack-lbaas15:12
cgoncalvesno pressure15:13
cgoncalvesxgerman_, hallo! how is it going?15:14
*** ccamposr__ has quit IRC15:16
*** ccamposr__ has joined #openstack-lbaas15:16
xgerman_going ok — was trying to catch Adam when I am going to Asia next month but...15:16
xgerman_otherwise not much Open Source - glad to see things are still going strong here :-)15:16
*** gcheresh_ has quit IRC15:18
*** ataraday_ has joined #openstack-lbaas15:20
*** ivve has quit IRC15:21
*** pvradu has joined #openstack-lbaas15:25
*** ccamposr__ has quit IRC15:26
*** ccamposr__ has joined #openstack-lbaas15:26
colin-do you guys all have sr-iov enabled computes in your fleets?15:46
*** pvradu has quit IRC15:58
johnsom#startmeeting Octavia16:01
openstackMeeting started Wed Aug 21 16:01:32 2019 UTC and is due to finish in 60 minutes.  The chair is johnsom. Information about MeetBot at http://wiki.debian.org/MeetBot.16:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:01
*** openstack changes topic to " (Meeting topic: Octavia)"16:01
openstackThe meeting name has been set to 'octavia'16:01
johnsomSorry I was late...16:01
ataraday_hi16:01
cgoncalveshi16:01
colin-o/16:02
johnsomI was working to try to put an agenda together...16:02
johnsom#link https://wiki.openstack.org/wiki/Octavia/Weekly_Meeting_Agenda#Meeting_2019-08-2116:02
*** pvradu has joined #openstack-lbaas16:02
gthiemongehi16:02
johnsomHi everyone16:02
*** KeithMnemonic1 has joined #openstack-lbaas16:02
johnsom#topic Announcements16:02
*** openstack changes topic to "Announcements (Meeting topic: Octavia)"16:02
*** KeithMnemonic has quit IRC16:03
johnsomFirst up, the ranked list for the "U" cycle name is posted. Once the legal review is done the "U" name will be announced.16:03
johnsomFYI, the zuul log archive is now different. I mentioned this last week, but I have seen some questions about it.16:03
johnsom#link http://lists.openstack.org/pipermail/openstack-discuss/2019-August/008313.html16:03
johnsomWhat I have found is that if you use the top "Logs" tab, then the logs still have links and can be filtered.16:04
johnsomIt seems slower IMO, but at least it still works.16:04
johnsomPersonally I think the old way was better, but....16:05
*** rpittau is now known as rpittau|afk16:05
cgoncalvesI had not noticed the "Logs" tab. thank you!16:05
johnsomFinally my weekly reminder:16:05
cgoncalvesyeah, me too16:05
johnsomFeature freeze is rapidly approaching. We must have features merged by Sept 2nd for library changes and Sept. 9th for everything else.16:05
*** pvradu has quit IRC16:05
*** ricolin has quit IRC16:05
johnsomAny other announcements today?16:06
johnsom#topic Brief progress reports / bugs needing review16:06
*** openstack changes topic to "Brief progress reports / bugs needing review (Meeting topic: Octavia)"16:06
cgoncalvesmore like a personal announcement that I will be on PTO and miss the next two meetings16:06
johnsomOk, enjoy!16:06
ataraday_cgoncalves, have a good vacation!16:07
johnsomI have been focusing on re-working the failover flow. We know there are some pretty major issues in the flow and now is the time to fix those.16:07
johnsomI have added sub-flow retries, task retries, passive failures, support for missing amps, and code to fix the VIP so far, but there is much left to do....16:08
johnsomAlso, ataraday_ I poked the Oslo folks and your fix for the mysql column storage mereged:16:09
johnsom#link https://review.opendev.org/67538816:09
ataraday_I continue work on taskflow to db obj to dicts, bug in taskflow is merged so this is ready for review again https://review.opendev.org/#/c/662791/16:09
ataraday_johnsom, thanks a lot!16:09
johnsomIt may still be a week or two before it is released in a package and upper constraints updated16:09
cgoncalvesit is a very good start! are you going to push it all in one patch?16:09
johnsomThere are many patches open last time I checked16:10
johnsom#link https://review.opendev.org/#/c/662791/16:10
cgoncalvesjohnsom, I meant for the failover flow work16:10
johnsomAdded a link so it is highlighted in the meeting notes16:11
colin-https://review.opendev.org/#/c/673518/ saw adam's comment in here about testing, going to try cherry picking this down for some basic workflow validation this week16:11
johnsomAh, failover. A strong maybe.....16:11
colin-but, don't wait on us :)16:11
cgoncalvescolin-, awesome!16:11
johnsomcolin- Please also pull down the child patch:16:12
johnsom#link https://review.opendev.org/#/c/675063/116:12
cgoncalveswe have not yet been able to test it down due to last minute CI/infra issues16:12
colin-ah interesting, good note thx16:12
johnsomataraday_ I did not get a chance to look at the listener patch yet. Still on my list.16:13
cgoncalvesthe VIP ACL patch is now ready for reviews16:13
cgoncalves#link https://review.opendev.org/#/c/659626/16:13
colin-nice16:13
johnsomYay!16:14
cgoncalvesI know the AAP driver misses some test coverage, hence the Workflow-1. but don't feel discourage to review it16:14
cgoncalvesnext I will be working on a tempest test, but will take me some time till I get to it16:15
johnsomAny other updates today?16:16
cgoncalvesthe amphora image size should now be noticable smaller16:16
cgoncalves#link https://review.opendev.org/#/c/639155/16:16
cgoncalves*noticeable16:16
ataraday_johnsom, I checked today - rebase when well, there was an issue with my devstack. But there is an issue with cascade delete, which I point on the 9th patch set. And probably the fix for it should a bit bigger than I though.16:16
cgoncalveswe also switched taskflow engine to parallel. that should accelerate some flow operations like active-standby LB creation16:17
cgoncalves#link https://review.opendev.org/#/c/676379/16:17
johnsomataraday_ Ok, do you still want me to look at it, or do you have that covered?16:17
johnsom#link http://tarballs.openstack.org/octavia/test-images/16:17
johnsomFYI, this is how I look at image sizes16:18
cgoncalvesI have some patches open in DIB to reduce the footprint of yum-minimal images16:18
cgoncalves#link https://review.opendev.org/#/q/topic:yum-reduce-footprint16:18
johnsomCool16:19
ataraday_johnsom, I think I will make it work and than ask for review, no worries for now16:19
johnsomataraday_ Ok, thank you. Sorry I have been so busy on other tasks.16:19
johnsom#topic Community goals16:20
*** openstack changes topic to "Community goals (Meeting topic: Octavia)"16:20
johnsomThere are three community goals for Train. I wanted to review those real quick as we are getting close to feature freeze, etc.16:20
johnsomFirst up is the python3 (3.7) goal.16:21
johnsom#link https://governance.openstack.org/tc/goals/train/python3-updates.html16:21
johnsomI think we are done/good here. Does anyone think otherwise?16:21
johnsomWe have had python3 gates for some time, I think the main change here was adding 3.716:22
johnsomOk then, we are already marked as done there, so happy dance.16:23
johnsomSecond is PDF docs16:23
johnsom#link https://governance.openstack.org/tc/goals/train/pdf-doc-generation.html16:23
johnsomI took lead on this, but the job infrastructure for this goal is still not really ready.16:24
johnsomI have created an etherpad to track our test results:16:24
johnsom#link https://etherpad.openstack.org/p/pdf-goal-train-octavia16:24
johnsomThere is also a overall tracking etherpad:16:25
johnsom#link https://etherpad.openstack.org/p/train-pdf-support-goal16:25
johnsomI will continue to track this work, but I consider this goal at-risk for train.16:25
johnsomAny questions/comments on this goal?16:26
*** ccamposr__ has quit IRC16:26
cgoncalvesdoes it need to be completed by feature freeze?16:26
johnsomTechnically, probably not as it's just a docs job.16:26
cgoncalveswhat I am understanding is that it is at risk but not blocked on us16:26
*** ccamposr has joined #openstack-lbaas16:27
johnsomCorrect, it is blocked on the infrastructure/jobs being functional for us to try/use16:27
cgoncalvesright16:27
johnsomThis is part of what is blocking:16:27
johnsom#link https://review.opendev.org/#/c/664555/16:27
johnsomFinally the IPv6 goal:16:28
johnsom#link https://governance.openstack.org/tc/goals/train/ipv6-support-and-testing.html16:28
johnsomI think we had some proposed patches for this.16:28
cgoncalves#link https://review.opendev.org/#/c/594078/16:28
johnsomAs you know, we have IPv6 tempest scenarios already. This goal, for us, is about the control plane.16:29
johnsomI.e. calling out to the other services using IPv6   and running the lb-mgmt-net as pure IPv6.16:29
johnsomHow is that going?16:30
* johnsom hears crickets16:30
cgoncalvesit isn't from my side. haven't had cycles to work on that. rm_work seemed to have picked up the work for a while16:30
johnsomOk, maybe we can get an update from him when he is back online.16:31
johnsomAny other questions/comments/updates on the community goals?16:31
johnsom#topic Open Discussion16:32
*** openstack changes topic to "Open Discussion (Meeting topic: Octavia)"16:32
johnsomOk, any other topics for today?16:32
colin-what is the best way to visualize the data a healthmonitor is receiving from a given member?16:32
colin-are the GETs/POSTs and corresponding replies logged somewhere i am missing?16:33
johnsomSome of that data is logged at the debug level16:33
colin-is the amphora-agent carying it out? i checked its log in hopes of finding it (not debug) and didn't see16:34
johnsomI.e.16:34
johnsomAug 12 07:04:33 devstack octavia-health-manager[14967]: DEBUG octavia.controller.healthmanager.health_drivers.update_db [-] Listener 34e6feee-6ced-4296-8652-4668a87d2350 / Amphora 8b556645-e8b0-4101-a69e-6e8c5f5a70c4 stats: {'bytes_in': 146, 'bytes_out': 157, 'active_connections': 0, 'total_connections': 2, 'request_errors': 0} {{(pid=29660) _update_stats16:34
johnsom/opt/stack/octavia/octavia/controller/healthmanager/health_drivers/update_db.py:543}}16:34
* cgoncalves has a hard stop now. o/16:35
johnsomThere is also acknowledgment of a packet received:16:35
johnsomAug 12 07:04:43 devstack octavia-health-manager[14967]: DEBUG octavia.amphorae.drivers.health.heartbeat_udp [-] Received packet from ('192.168.0.74', 64717) {{(pid=15515) dorecv /opt/stack/octavia/octavia/amphorae/drivers/health/heartbeat_udp.py:189}}16:35
johnsomBut I don't think we dump the status payload into the debug log.16:35
colin-so for context i'm setting up a healthmonitor and playing around with url_path trying to get my monitor healthy16:36
colin-and it's just challenging when i'm not sure what the monitor is seeing16:36
johnsomOh, sorry, my bad. I was thinking health manager.... sigh16:36
colin-;)16:36
johnsomHealth monitor.... This is done by the haproxy engine. It is not done by the amphora agent.  Any messages about those will be in the tenant flow logs in the new log offloading.16:37
colin-absent the offloading (not runnint it locally yet) do i have any other options?16:38
colin-i guess crank up the debug/logging on haproxy16:38
johnsomYeah, you can look directly at the haproxy logs inside the amphora. All health monitoring results and state transitions are listed there.16:38
colin-got it, thanks16:39
johnsomIf you want to see the content of the health monitor check, you would need to run tcpdump inside the network namespace. (remember to bring up lo interface)16:39
johnsomActually for tcpdump, you may not need the lo up16:40
johnsomOk, any other topics today?16:41
johnsomAlright. Thank you folks! Have a great week.16:43
johnsom#endmeeting16:43
*** openstack changes topic to "Discussions for OpenStack Octavia | Priority bug review list: https://etherpad.openstack.org/p/octavia-priority-reviews"16:43
openstackMeeting ended Wed Aug 21 16:43:06 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:43
openstackMinutes:        http://eavesdrop.openstack.org/meetings/octavia/2019/octavia.2019-08-21-16.01.html16:43
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/octavia/2019/octavia.2019-08-21-16.01.txt16:43
openstackLog:            http://eavesdrop.openstack.org/meetings/octavia/2019/octavia.2019-08-21-16.01.log.html16:43
*** ivve has joined #openstack-lbaas16:56
*** psachin has quit IRC17:04
*** salmankhan has joined #openstack-lbaas18:23
*** ramishra has quit IRC18:24
*** maciejjozefczyk has quit IRC18:56
openstackgerritMerged openstack/octavia master: Lookup interfaces by MAC directly  https://review.opendev.org/67333718:59
*** gcheresh_ has joined #openstack-lbaas19:00
*** salmankhan has quit IRC19:17
openstackgerritSwaminathan Vasudevan proposed openstack/octavia master: Update osutil support for SUSE distro  https://review.opendev.org/54181119:26
rm_workhttps://www.irccloud.com/pastebin/9t7iTHqE20:12
rm_workDamnit20:12
rm_workUhhh cgoncalves does that mean you'll be on vacation through feature freeze? So ... that's a little concerning since we have stuff we'll need reviews on and the only other cores are volunteer / mostly absent. :/20:14
rm_workEnjoy your vacation though... lol20:14
*** salmankhan has joined #openstack-lbaas20:23
*** ajay33 has quit IRC20:27
*** gcheresh_ has quit IRC20:53
*** altlogbot_2 has quit IRC21:16
*** rcernin has joined #openstack-lbaas21:27
*** altlogbot_1 has joined #openstack-lbaas21:37
*** altlogbot_1 has quit IRC21:38
*** altlogbot_3 has joined #openstack-lbaas21:41
*** altlogbot_3 has quit IRC21:42
colin-how is octavia meant to read barbican secret containers from other projects?21:48
colin-the API is logging "4xx Client error: Not Found: Not Found. Sorry but your secret is in another castle."21:49
johnsomcolin- When you add a barbican container to a listener, we use the user token of the user creating the listener to add an ACL rule to barbican allowing Octavia access.21:54
johnsomSo the user adding it to the listener, needs to be the one that stored it in barbican21:54
colin-interesting, it's all being done within a single terraform execution scoped as the same individual user (me) in another, non-octavia customer project which is where the container exists21:55
colin-(secret container list shows the container there)21:55
colin-but when i authenticate to the octavia user i don't see it21:55
*** ivve has quit IRC21:57
johnsomcolin- Wait, what version of Octavia are you running?21:58
colin-oh crap21:59
johnsomYou need rocky or newer for the ACL magic21:59
colin-oh yeah i have rocky let me get version number21:59
johnsomOk, then any version of Rocky should be fine21:59
colin-and i _should_ be able to see it from the octavia account by virtue of the ACL you mentioned despite the octavia account not being the one that create it?22:03
colin-i guess i need to check for that property on the container22:03
*** salmankhan has quit IRC22:09
*** vishalmanchanda has quit IRC22:12
openstackgerritSwaminathan Vasudevan proposed openstack/octavia master: (WIP):Enable devstack octavia plugin to support SUSE distros  https://review.opendev.org/49890922:12
openstackgerritSwaminathan Vasudevan proposed openstack/octavia master: (WIP):Enable devstack octavia plugin to support SUSE distros  https://review.opendev.org/49890922:15
openstackgerritSwaminathan Vasudevan proposed openstack/octavia master: (WIP):Enable devstack octavia plugin to support SUSE distros  https://review.opendev.org/49890922:22
*** threestrands has joined #openstack-lbaas22:34
*** rcernin has quit IRC22:40
*** rcernin has joined #openstack-lbaas22:43
*** tkajinam has joined #openstack-lbaas22:56
*** Vorrtex has quit IRC23:01
« Tuesday, 2019-08-20 Index Thursday, 2019-08-22 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!