| openstackgerrit | Michael Johnson proposed openstack/octavia master: Fix a few nits from the main volume-based patch https://review.opendev.org/681144 | 00:04 |
|---|---|---|
| *** goldyfruit_ has joined #openstack-lbaas | 00:20 | |
| *** sapd1_x has quit IRC | 00:35 | |
| sapd1 | I would like to implement deny IP feature. Should we use native from haproxy or use FWaaS ? | 00:42 |
| sapd1 | johnsom, | 00:42 |
| *** spatel has joined #openstack-lbaas | 00:49 | |
| *** spatel has quit IRC | 00:53 | |
| johnsom | sapd1 Is this what you want? https://review.opendev.org/#/c/659626/ | 00:55 |
| johnsom | It is likely to make Train | 00:55 |
| sapd1 | johnsom, Actually the requirement is different, because that patch will allow user define allow access not deny access. | 01:00 |
| johnsom | sapd1 659626 When an ACL allow is added, the default becomes deny all | 01:01 |
| sapd1 | johnsom, Yes. But in some cases, We want to allow all and deny some cidrs. | 01:02 |
| sapd1 | https://blog.sleeplessbeastie.eu/2018/03/26/how-to-block-particular-ip-addresses-on-haproxy/ | 01:03 |
| sapd1 | we can implement this feature as a L7 policy. | 01:03 |
| johnsom | Yeah, we made the decision to use neutron SGs for the amphora driver.... It sounds like this needs to have some discussion. | 01:04 |
| sapd1 | johnsom, We can use FWaaS for this. But I think we should use haproxy feature. :D | 01:06 |
| johnsom | sapd1 There are probably trade offs. I think some could argue you could accomplish this with the VIP ACL patch proposed. Maybe you should write up a spec for this so people can comment on it. | 01:08 |
| sapd1 | johnsom, yes! | 01:10 |
| johnsom | sapd1 Sounds like a good plan. I'm interested in the use cases. I think we should have a spec as this is very similar to the ACLs. | 01:11 |
| johnsom | sapd1 Maybe we will decide to do "disallowed_cidrs" in addition to this "allowed_cidrs" patch. lol | 01:13 |
| *** yamamoto has joined #openstack-lbaas | 01:15 | |
| sapd1 | johnsom, But we should discuss how to implement this feature. With allowed_cidrs patch we can use SGs, but with disallowed_cidrs we cannot. | 01:16 |
| johnsom | sapd1 Right. It would need to either be iptables or haproxy for the amphora driver. | 01:17 |
| johnsom | Probably easier in haproxy frankly | 01:17 |
| johnsom | Either way, we should do a spec so we can all agree on how/where | 01:18 |
| sapd1 | johnsom, If we use haproxy, we only apply this feature for Layer 7. | 01:18 |
| sapd1 | johnsom, You mean Iptables inside amphora. | 01:19 |
| johnsom | sapd1 Why, I think we could apply it for L4 too | 01:19 |
| johnsom | sapd1 Yes, inside | 01:19 |
| johnsom | sapd1 HAProxy has a good ACL engine | 01:20 |
| sapd1 | johnsom, after searching, I found Haproxy support deny request for L4 and L7 too. | 01:23 |
| johnsom | sapd1 Yes, so I think we have options. I need to sign off for the night to make dinner. Chat with you later. | 01:24 |
| sapd1 | johnsom, see you. | 01:24 |
| *** hongbin has joined #openstack-lbaas | 01:35 | |
| *** Vorrtex has quit IRC | 01:55 | |
| *** yamamoto has quit IRC | 02:19 | |
| *** yamamoto has joined #openstack-lbaas | 03:03 | |
| *** hongbin has quit IRC | 03:46 | |
| *** ramishra has joined #openstack-lbaas | 03:54 | |
| *** ricolin has joined #openstack-lbaas | 05:00 | |
| *** nmagnezi has joined #openstack-lbaas | 06:12 | |
| *** sapd1_x has joined #openstack-lbaas | 06:25 | |
| *** gcheresh has joined #openstack-lbaas | 06:48 | |
| *** luksky has joined #openstack-lbaas | 06:52 | |
| *** gcheresh_ has joined #openstack-lbaas | 06:53 | |
| *** gcheresh has quit IRC | 06:53 | |
| *** tesseract has joined #openstack-lbaas | 07:05 | |
| *** ataraday has quit IRC | 07:05 | |
| *** rcernin has quit IRC | 07:09 | |
| *** maciejjozefczyk has joined #openstack-lbaas | 07:15 | |
| *** threestrands has quit IRC | 07:20 | |
| *** yamamoto has quit IRC | 07:22 | |
| *** rpittau|afk is now known as rpittau | 07:28 | |
| *** yamamoto has joined #openstack-lbaas | 07:30 | |
| *** yamamoto has quit IRC | 07:34 | |
| *** ccamposr has joined #openstack-lbaas | 07:41 | |
| *** happyhemant has joined #openstack-lbaas | 07:46 | |
| *** trident has quit IRC | 07:50 | |
| *** trident has joined #openstack-lbaas | 08:01 | |
| *** sapd1_x has quit IRC | 08:18 | |
| *** tkajinam has quit IRC | 08:22 | |
| dulek | cgoncalves: Hi there! Ever seen this thing? "Provider 'amphora' reports error: can't start new thread (HTTP 500)"? | 08:32 |
| dulek | We had probably beat everything out of Octavia's deployment - it was looping and recreating an LB since yesterday. | 08:33 |
| cgoncalves | dulek, hey. not off the top of my head but I'm returning from 2 weeks vacation... | 08:33 |
| dulek | cgoncalves: :) Sure, sure, it's definitely not new, we just hit it by stressing Octavia. I guess a restart will fix it, just wanted to ask. | 08:34 |
| cgoncalves | dulek, are there other log messages? debug mode on | 08:35 |
| dulek | cgoncalves: I don't know yet, will check after the meeting I'm starting. | 08:35 |
| dulek | cgoncalves: I see this in error_log for o-api: http://paste.openstack.org/show/774672/ | 08:52 |
| dulek | cgoncalves: And this in octavia.log: http://paste.openstack.org/show/774673/ | 08:54 |
| dulek | Seems like some threads leaked. | 08:56 |
| dulek | And as I've said, this env was hitting o-api with requests since yesterday evening as we got one LB creation looped. | 08:56 |
| *** yamamoto has joined #openstack-lbaas | 08:56 | |
| dulek | cgoncalves: I'm assuming restart of o-api will fix this. | 08:56 |
| *** yamamoto has quit IRC | 09:17 | |
| dulek | Yep, restart of octavia_api helped. | 09:25 |
| *** rcernin has joined #openstack-lbaas | 09:38 | |
| openstackgerrit | Ann Taraday proposed openstack/octavia master: Fix building configs for multiple listeners https://review.opendev.org/681195 | 09:47 |
| *** happyhemant has quit IRC | 09:56 | |
| *** salmankhan has joined #openstack-lbaas | 10:17 | |
| *** ataraday has joined #openstack-lbaas | 10:20 | |
| openstackgerrit | Carlos Goncalves proposed openstack/octavia master: Remove mock patching of jsonschema https://review.opendev.org/681219 | 10:52 |
| openstackgerrit | Carlos Goncalves proposed openstack/octavia master: Add VIP access control list https://review.opendev.org/659626 | 10:53 |
| openstackgerrit | Ajay Kumar proposed openstack/octavia master: DNM: Testing Gate https://review.opendev.org/681221 | 11:03 |
| openstackgerrit | Ann Taraday proposed openstack/octavia master: Convert Lb flows to use provider dicts https://review.opendev.org/671725 | 11:25 |
| openstackgerrit | Ann Taraday proposed openstack/octavia master: [WIP] Jobboard based controller https://review.opendev.org/647406 | 11:25 |
| *** goldyfruit_ has quit IRC | 12:18 | |
| openstackgerrit | Ann Taraday proposed openstack/octavia master: [WIP] Jobboard based controller https://review.opendev.org/647406 | 12:53 |
| *** goldyfruit_ has joined #openstack-lbaas | 13:23 | |
| *** rcernin has quit IRC | 13:45 | |
| *** boden has joined #openstack-lbaas | 13:46 | |
| *** Vorrtex has joined #openstack-lbaas | 13:47 | |
| *** ramishra has quit IRC | 13:51 | |
| *** ramishra has joined #openstack-lbaas | 13:51 | |
| *** tkajinam has joined #openstack-lbaas | 14:02 | |
| *** maciejjozefczyk has quit IRC | 14:30 | |
| *** ianychoi_ is now known as ianychoi | 14:37 | |
| *** Vorrtex has quit IRC | 14:37 | |
| *** gcheresh_ has quit IRC | 14:48 | |
| openstackgerrit | Vishal Manchanda proposed openstack/octavia-dashboard master: Generate PDF documentation https://review.opendev.org/679283 | 14:51 |
| *** tkajinam has quit IRC | 15:13 | |
| openstackgerrit | Vishal Manchanda proposed openstack/octavia-dashboard master: Generate PDF documentation https://review.opendev.org/679283 | 15:32 |
| *** tesseract has quit IRC | 16:06 | |
| *** rpittau is now known as rpittau|afk | 16:06 | |
| johnsom | dulek I have not seen that. It implies the container is out of memory maybe? | 16:37 |
| *** maciejjozefczyk has joined #openstack-lbaas | 16:47 | |
| *** maciejjozefczyk has quit IRC | 16:56 | |
| *** boden has quit IRC | 17:22 | |
| *** salmankhan has quit IRC | 17:23 | |
| *** trident has quit IRC | 17:46 | |
| *** trident has joined #openstack-lbaas | 17:59 | |
| johnsom | Any chance we can get re-approval on https://review.opendev.org/#/c/665029/? It already had a +2+w, but debugging zuul removed them. | 18:28 |
| johnsom | I expect we can start landing these this afternoon. The mirrors are fixed, just waiting on good images. | 18:29 |
| *** boden has joined #openstack-lbaas | 18:34 | |
| *** boden has quit IRC | 18:42 | |
| *** goldyfruit___ has joined #openstack-lbaas | 18:49 | |
| *** gcheresh_ has joined #openstack-lbaas | 18:51 | |
| *** goldyfruit_ has quit IRC | 18:52 | |
| *** ricolin has quit IRC | 18:58 | |
| *** gcheresh_ has quit IRC | 19:01 | |
| *** pcaruana has quit IRC | 19:20 | |
| *** gcheresh_ has joined #openstack-lbaas | 19:30 | |
| *** gcheresh_ has quit IRC | 19:38 | |
| openstackgerrit | Carlos Goncalves proposed openstack/octavia master: Add VIP access control list https://review.opendev.org/659626 | 19:53 |
| cgoncalves | rebased on top of the getter patch which received approval secs ago | 19:53 |
| *** boden has joined #openstack-lbaas | 20:05 | |
| *** spatel has joined #openstack-lbaas | 20:31 | |
| *** spatel has quit IRC | 20:35 | |
| *** luksky has quit IRC | 21:00 | |
| johnsom | The very first thing I'm going to do when we open "U" is drop all of the py2.7 jobs.... Cut our list in half | 21:00 |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Move to using octavia-lib constants https://review.opendev.org/673712 | 21:02 |
| rm_work | yissss | 21:08 |
| *** henriqueof1 has joined #openstack-lbaas | 21:30 | |
| *** ccamposr__ has joined #openstack-lbaas | 21:30 | |
| *** henriqueof has quit IRC | 21:31 | |
| *** ccamposr has quit IRC | 21:33 | |
| cgoncalves | not sure it will be feasible until CentOS 8 is out and supported in DIB (for nodepool and amphora images) | 21:38 |
| johnsom | https://review.opendev.org/#/c/681242/ | 21:50 |
| johnsom | Oh happy day.... | 21:58 |
| johnsom | Wait for it.... | 21:58 |
| johnsom | Coming to a git repo near you.... | 21:58 |
| johnsom | One more thing..... | 21:58 |
| openstackgerrit | Merged openstack/octavia master: Add get method support to the driver-agent https://review.opendev.org/665029 | 22:04 |
| johnsom | Next one needing some eyes: https://review.opendev.org/#/c/673712/ | 22:05 |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Bump diskimage-builder minimum to 2.24.0 https://review.opendev.org/680833 | 22:20 |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Support create amphora instance from volume based. https://review.opendev.org/570505 | 22:21 |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Fix a few nits from the main volume-based patch https://review.opendev.org/681144 | 22:21 |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Add `additive_only` parameter to Batch Member call https://review.opendev.org/667484 | 22:22 |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Fix building configs for multiple listeners https://review.opendev.org/681195 | 22:22 |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Fix cleanup of expired load balancer entries https://review.opendev.org/680400 | 22:24 |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Add long-running provider agent support https://review.opendev.org/674140 | 22:25 |
| *** boden has quit IRC | 22:49 | |
| *** boden has joined #openstack-lbaas | 22:57 | |
| *** rcernin has joined #openstack-lbaas | 22:59 | |
| *** boden has quit IRC | 23:00 | |
| *** henriqueof1 has quit IRC | 23:02 | |
| *** tkajinam has joined #openstack-lbaas | 23:03 | |
| *** goldyfruit___ has quit IRC | 23:17 | |
| johnsom | We are back in business | 23:26 |
| *** spatel has joined #openstack-lbaas | 23:29 | |
| *** spatel has quit IRC | 23:34 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!