Friday, 2019-09-20

*** goldyfruit___ has joined #openstack-lbaas		00:01
eandersson	stupid things like the dig implementation in the dns.python does not support brackets	00:02
johnsom	Things like this make me want to go read more on rust in hopes it is a better shiny language.... lol	00:03
openstackgerrit	Michael Johnson proposed openstack/octavia master: Improve the error message for bad pkcs12 bundles https://review.opendev.org/683254	00:03
johnsom	Ok, now back-portable with 2.0.0 mock	00:03
openstackgerrit	Merged openstack/octavia-tempest-plugin master: Fix spare_pool_enabled option type https://review.opendev.org/683168	00:20
johnsom	Nice, looks like the only ipv6 issue we have left is o-hm0 is down after the devstack run.	00:54
johnsom	I will look into that after dinner	00:55
*** yamamoto has quit IRC		01:24
*** yamamoto has joined #openstack-lbaas		01:30
*** ricolin has joined #openstack-lbaas		01:55
openstackgerrit	Austin Russell proposed openstack/octavia master: loadbalancer vip-network-id IP availability check https://review.opendev.org/673358	02:01
*** yamamoto has quit IRC		02:07
rm_work	i never had good luck with o-hm0 in devstack >_>	02:12
rm_work	remember https://github.com/rm-you/devstack_deploy/blob/master/stackme.sh#L47-L49	02:13
*** ricolin_ has joined #openstack-lbaas		03:04
*** ricolin has quit IRC		03:06
*** psachin has joined #openstack-lbaas		03:35
johnsom	lol, I have never had a problem	03:46
*** ramishra has joined #openstack-lbaas		03:47
johnsom	Frankly, this method has been the most stable and successful in my experience. Some of the other approaches I have seen have been.... questionable and created network loops... lol	03:47
openstackgerrit	Michael Johnson proposed openstack/octavia master: Allow IPv6 health network in devstack https://review.opendev.org/665103	04:05
openstackgerrit	Michael Johnson proposed openstack/octavia-tempest-plugin master: [train][goal] Define new 'octavia-v2-dsvm-noop-api-ipv6-only' job https://review.opendev.org/682726	04:07
johnsom	Boom. I think that should work....	04:08
johnsom	We will see though	04:08
*** ajay33 has joined #openstack-lbaas		04:26
*** yamamoto has joined #openstack-lbaas		04:58
*** yamamoto has quit IRC		05:01
johnsom	Well, the new ipv6 patch is working, but this gate host is slow....	05:16
rm_work	T_T	05:20
rm_work	I just did this: https://review.opendev.org/#/c/683285/	05:20
johnsom	ospurge? is this like clear out a project?	05:25
johnsom	Yeah, we discussed a coordinated approach to this at the last PTG.	05:26
johnsom	Why is it an x/ project though?	05:26
*** pcaruana has joined #openstack-lbaas		05:28
*** yamamoto has joined #openstack-lbaas		05:36
*** yamamoto has quit IRC		05:37
*** yamamoto has joined #openstack-lbaas		05:37
rm_work	it just got moved over with everything else	05:50
rm_work	for stuff that didn't have an owner really vouching for it and wasn't really tracked	05:51
rm_work	but had originally been like, stackforge / big openstack umbrella	05:51
rm_work	we might try to make it be more of a thing	05:51
*** pcaruana has quit IRC		05:53
*** ricolin_ is now known as ricolin		05:54
johnsom	Yeah, we all agreed in the room at the PTG that we need something like this.	05:55
rm_work	well, apparently it exists, and ... well, i'm starting to poke at it, and my org is gonna do more than just poke	06:10
rm_work	it seems	06:10
rm_work	ugh, oldschool zuul config: https://review.opendev.org/#/c/683285/3/playbooks/ospurge-functional/run.yaml	06:14
*** yamamoto has quit IRC		06:15
johnsom	lol	06:17
rm_work	need to find the patch where we transitioned ours to newstyle, and do that	06:19
johnsom	this may help: https://docs.openstack.org/infra/manual/zuulv3.html#moving-legacy-jobs-to-projects	06:20
*** psachin has quit IRC		06:23
cgoncalves	octavia-v2-dsvm-scenario-ipv6-only succeeded!	06:31
rm_work	woo	06:31
rm_work	oh, i guess it is already zuulv3, it's just using the oldschool methods for triggering tests and configuring devstack, but i can just move that stuff over directly to .zuul.yaml	06:32
johnsom	Yeah, locally the ipv6 just needed the interface up as DHCP did that for us before. Curious to look at the other voting failures tomorrow, but I suspect they are not related.	06:33
rm_work	so is it REALLY TRULY only ipv6?	06:33
rm_work	there's no ipv4 networks created at all during the test?	06:33
rm_work	^^ I think THAT is not possible without changes to our tempest code, which is what I was trying to do in that other patch	06:34
rm_work	what your test does is just only use ipv6 on the control-plane?	06:34
cgoncalves	cores, there are four backports that could use +W -- https://review.opendev.org/#/q/project:openstack/octavia+status:open+NOT+branch:master+label:Workflow%253E%253D0	06:35
cgoncalves	couple more merged last night. I may update the release patch to point to latest commits	06:35
rm_work	+2 for all	06:36
rm_work	what happened with this one tho: https://review.opendev.org/#/c/678557/	06:37
rm_work	I remember seeing that before	06:37
rm_work	and https://review.opendev.org/#/c/681780/ might need a little bit of rework to successfully backport :/	06:38
*** psachin has joined #openstack-lbaas		06:38
johnsom	rm_work Our tests always attempt to do "mixed" tests, with one IPV4 and one IPV6 network. This one is IPV6 only for control plane. I.e. all endpoints are V6, our management net is V6.	06:43
rm_work	k	06:43
rm_work	yeah, I think I took "ipv6-only" really super literally	06:43
johnsom	The goal calls the job names "ipv6-only" which is... yeah, a bit odd	06:43
rm_work	and turned off ipv4 entirely	06:43
rm_work	which is a little more complex :D	06:44
johnsom	Yeah, our tempest will always try mixed combos	06:44
rm_work	but if we're OK with calling this one "done", then I'm happy with it	06:44
johnsom	If these two jobs pass ( I think they are) I would vote that it's done. I just want to look into the random failures that popped up first to make sure.	06:45
rm_work	yep kk	06:45
rm_work	hopefully can wrap it up tomorrow	06:45
johnsom	I will dig through logs tomorrow. It's late here now	06:45
rm_work	yep kk	06:45
johnsom	Yep, that is my goal	06:45
* rm_work waves		06:45
*** trident has quit IRC		06:49
*** luksky has joined #openstack-lbaas		06:50
openstackgerrit	Ann Taraday proposed openstack/octavia stable/stein: Fix building configs for multiple listeners https://review.opendev.org/683299	06:50
openstackgerrit	Michael Johnson proposed openstack/octavia stable/rocky: Fix catching driver exceptions https://review.opendev.org/681780	06:52
*** yamamoto has joined #openstack-lbaas		06:55
cgoncalves	rm_work, the problem with https://review.opendev.org/#/c/678557/ is that the handler is mocked out. there was another backport patch in the past that encountered this problem. IIRC the workaround was to remove the test	06:56
rm_work	<_<	06:56
rm_work	are you going to handle it?	06:57
cgoncalves	plus, the l7rule test_update() passes but its code is bogus	06:57
rm_work	T_T	06:57
cgoncalves	I don't know tbh. I may try if I have the time but low prio	06:57
cgoncalves	https://github.com/openstack/octavia/blob/stable/queens/octavia/tests/functional/api/v2/test_l7rule.py#L596-L605	06:58
cgoncalves	L605 should assert for /images	06:58
rm_work	ah yeah you mentioned	06:59
rm_work	well, fix it and we can vote :D	06:59
rm_work	i'm about to call it for the night tho	06:59
*** trident has joined #openstack-lbaas		07:01
openstackgerrit	Merged openstack/octavia master: Generate PDF documentation https://review.opendev.org/667249	07:05
openstackgerrit	Merged openstack/octavia stable/queens: Work around strptime threading issue https://review.opendev.org/682951	07:05
openstackgerrit	Merged openstack/octavia stable/stein: Fix cleanup of expired load balancer entries https://review.opendev.org/682930	07:05
*** trident has quit IRC		07:07
*** maciejjozefczyk has joined #openstack-lbaas		07:11
*** trident has joined #openstack-lbaas		07:17
*** yamamoto has quit IRC		07:20
*** rcernin has quit IRC		07:29
*** rpittau\|afk is now known as rpittau		07:31
*** ivve has joined #openstack-lbaas		07:45
*** tkajinam has quit IRC		08:09
*** dtruong has quit IRC		08:54
*** rcernin has joined #openstack-lbaas		08:55
*** pcaruana has joined #openstack-lbaas		09:12
*** yamamoto has joined #openstack-lbaas		09:19
*** yamamoto has quit IRC		09:26
*** yamamoto has joined #openstack-lbaas		09:26
*** luksky has quit IRC		09:37
*** rcernin has quit IRC		09:49
*** osmanlicilegi has joined #openstack-lbaas		10:08
*** yamamoto has quit IRC		10:11
*** luksky has joined #openstack-lbaas		10:22
openstackgerrit	Carlos Goncalves proposed openstack/octavia stable/queens: Fix l7rule API handling of None updates https://review.opendev.org/678557	10:32
*** sapd1_x has joined #openstack-lbaas		10:40
*** yamamoto has joined #openstack-lbaas		10:48
openstackgerrit	Merged openstack/octavia stable/rocky: Fix member API handling of None/null updates https://review.opendev.org/683093	10:49
openstackgerrit	Ann Taraday proposed openstack/octavia master: Convert listener flows to use provider models https://review.opendev.org/660236	10:51
*** pcaruana has quit IRC		10:56
*** yamamoto has quit IRC		10:59
*** yamamoto has joined #openstack-lbaas		10:59
openstackgerrit	Ann Taraday proposed openstack/octavia master: Transition l7policy flows to dicts https://review.opendev.org/665977	11:14
openstackgerrit	Ann Taraday proposed openstack/octavia master: Transition l7rule flows to dicts https://review.opendev.org/668173	11:14
openstackgerrit	Maciej Józefczyk proposed openstack/octavia master: Validate supported LB algorithm in Amphora provider drivers https://review.opendev.org/672477	11:20
*** pcaruana has joined #openstack-lbaas		11:29
*** yamamoto has quit IRC		11:39
*** pcaruana has quit IRC		11:42
*** pcaruana has joined #openstack-lbaas		11:42
openstackgerrit	Merged openstack/octavia stable/stein: Fix pool API handling of None/null updates https://review.opendev.org/683094	11:44
*** dmellado has quit IRC		11:45
*** dmellado has joined #openstack-lbaas		11:48
*** sapd1_x has quit IRC		12:11
*** yamamoto has joined #openstack-lbaas		12:12
*** goldyfruit___ has quit IRC		12:12
*** psachin has quit IRC		12:28
openstackgerrit	Merged openstack/octavia stable/stein: Fix health monitor API handling of None updates https://review.opendev.org/683090	12:34
*** rcernin has joined #openstack-lbaas		12:56
*** spatel has joined #openstack-lbaas		13:11
*** ajay33 has quit IRC		13:14
*** goldyfruit___ has joined #openstack-lbaas		13:28
*** goldyfruit_ has joined #openstack-lbaas		13:35
*** goldyfruit___ has quit IRC		13:35
*** goldyfruit___ has joined #openstack-lbaas		13:36
*** goldyfruit_ has quit IRC		13:39
*** nmagnezi has quit IRC		13:50
*** openstackgerrit has quit IRC		14:06
*** ccamposr has joined #openstack-lbaas		14:08
*** openstackgerrit has joined #openstack-lbaas		14:22
openstackgerrit	Austin Russell proposed openstack/octavia master: loadbalancer vip-network-id IP availability check https://review.opendev.org/673358	14:22
*** rcernin has quit IRC		14:23
openstackgerrit	Merged openstack/octavia stable/stein: Fix member API handling of None/null updates https://review.opendev.org/683092	14:36
*** rcernin has joined #openstack-lbaas		14:38
openstackgerrit	Ann Taraday proposed openstack/octavia master: Convert pool flows to use dicts https://review.opendev.org/665381	14:40
openstackgerrit	Ann Taraday proposed openstack/octavia master: Transition member flows to use dicts https://review.opendev.org/657842	14:40
openstackgerrit	Ann Taraday proposed openstack/octavia master: Transition amphora flows to dicts https://review.opendev.org/668898	14:40
openstackgerrit	Ann Taraday proposed openstack/octavia master: Convert Lb flows to use provider dicts https://review.opendev.org/671725	14:40
openstackgerrit	Ann Taraday proposed openstack/octavia master: [WIP] Jobboard based controller https://review.opendev.org/647406	14:40
*** Vorrtex has joined #openstack-lbaas		14:56
*** luksky has quit IRC		14:58
*** maciejjozefczyk has quit IRC		15:07
*** trident has quit IRC		15:14
*** goldyfruit___ has quit IRC		15:21
*** ivve has quit IRC		15:21
*** trident has joined #openstack-lbaas		15:24
*** Vorrtex has quit IRC		15:25
*** goldyfruit has joined #openstack-lbaas		15:26
openstackgerrit	Michael Johnson proposed openstack/octavia master: Improve the error message for bad pkcs12 bundles https://review.opendev.org/683254	15:27
*** luksky has joined #openstack-lbaas		15:27
*** trident has quit IRC		15:29
*** trident has joined #openstack-lbaas		15:40
*** rcernin has quit IRC		15:44
*** rpittau is now known as rpittau\|afk		15:57
*** yamamoto has quit IRC		16:05
*** Vorrtex has joined #openstack-lbaas		16:09
*** yamamoto has joined #openstack-lbaas		16:14
*** yamamoto has quit IRC		16:14
*** yamamoto has joined #openstack-lbaas		16:15
*** pcaruana has quit IRC		16:19
*** yamamoto has quit IRC		16:23
openstackgerrit	Michael Johnson proposed openstack/octavia stable/queens: Flush the eth1 default route inside the netns https://review.opendev.org/683537	16:36
johnsom	^^^ Trying out an idea to maybe fix the "RTNETLINK answers: File exists\nFailed to bring up eth1." errors on queens / xenial	16:37
*** yamamoto has joined #openstack-lbaas		16:38
johnsom	lol, zuul queue is a 272. So maybe I will see the results when I get back from vacation....	16:39
*** ramishra has quit IRC		16:55
*** goldyfruit has quit IRC		17:01
*** goldyfruit has joined #openstack-lbaas		17:01
gregwork	johnsom: sorry i remember asking you this before, but when did you say we would be able to assign security groups to amphora ?	17:16
johnsom	gregwork I merged for Train	17:16
johnsom	https://docs.openstack.org/api-ref/load-balancer/v2/index.html?expanded=create-listener-detail#create-listener	17:17
johnsom	allowed_cidrs	17:18
johnsom	amp have always had security group rules, it's just the users couldn't change them until now.	17:18
gregwork	can a cloud operator do it ?	17:20
gregwork	somebody with admin role	17:20
gregwork	for the whole cloud	17:20
johnsom	No, not really. It was automated to allow only the ports needed for the load balancer.	17:21
johnsom	If you changed them manually, a failover would reset them.	17:21
gregwork	alright, im just trying to figure out if i can do something like this for our osp13/queens distro	17:22
gregwork	we are using openshift on openstack via kuryr	17:22
gregwork	and it heavily leverages octavia	17:22
gregwork	but we need network controls on octavia	17:22
gregwork	so that random source address cant talk to the LB	17:23
johnsom	gregwork OSP13 is a bit different. There are some special changes there for openshift, though it will be moving to the ACLs we added.	17:23
johnsom	gregwork Contact your support contact or open a ticket for OSP.	17:25
gregwork	im trying to think if redhat could backport a T release to a Q release	17:25
gregwork	i know upstream cant	17:25
gregwork	cause of rules :)	17:25
johnsom	Right the rules are different downstream than upstream.	17:25
gregwork	the "fix" to add controls to octavia are i have to implement an upper layer dmz with a vnf that can do dnat between octavia and the outside	17:26
gregwork	its pretty heavy to just protect octavia	17:26
gregwork	compared to just being able to add some sort of sec group or cider control	17:26
gregwork	*cidr	17:26
johnsom	Yeah, that is why we added the ACL api. Unfortunately neutron, when stacking SGs, it's a whitelist, so the most open wins. That doesn't help our use case.	17:27
johnsom	We had hoped that fwaas would also provide an option, but that hasn't come around yet either.	17:28
*** goldyfruit has quit IRC		17:31
cgoncalves	yeah, I second that, contact your support contact. there is a special way in OSP for the use case you are trying to achieve, it sounds like	17:42
cgoncalves	gregwork, https://review.opendev.org/#/c/625065/	17:43
gregwork	so that patch is to queens ?	17:47
cgoncalves	it will never merge in upstream queens but is in OSP 13	17:48
gregwork	oh wow i see it in /var/lib/config-data/puppet-generated/octavia/etc/octavia/octavia.conf	17:50
gregwork	so when i define this as amp_secgroup_allowed_projects = project-uuid .. how does this look from a security group pov	17:51
gregwork	will i see amphora instances associated with my load balancers	17:51
*** gcheresh has joined #openstack-lbaas		17:52
cgoncalves	you will get the security group octavia creates owned by your project, hence you can then customize it with your own rules	17:53
gregwork	ok the tricky part, for already deployed loadbalancers .. if i modify the octavia.conf .. will rules magically appear ?	17:53
gregwork	or is this done at lb creation time	17:53
cgoncalves	lb creation time	17:54
cgoncalves	FYI, this is the RHBZ https://bugzilla.redhat.com/show_bug.cgi?id=1635892	17:54
openstack	bugzilla.redhat.com bug 1635892 in openstack-octavia "loadbalancer listener requires security group customization" [High,Closed: currentrelease] - Assigned to ltomasbo	17:54
gregwork	ok so in openshifts case, when i add a route which creates the LB	17:54
cgoncalves	please consider one of the implications of this option: as this is not part of upstream, Octavia will not be responsible for re-configuring to the allowed_cidrs once it become available in a future release	17:55
cgoncalves	this was communicated to the Kuryr team	17:55
gregwork	right so there will be some migration work once there is a proper solution	17:56
gregwork	but osp13 is the LTS from redhat, so good for anotehr 2 years .. i think OSP16 will be Train?	17:57
gregwork	thats still awhile out since 15 is not evne GA yet	17:57
gregwork	*even	17:57
cgoncalves	probably, but not by Octavia. I'm thinking Kuryr	17:57
cgoncalves	15 GA yet live yesterday ;)	17:57
cgoncalves	s/yet/went/	17:57
gregwork	oh nice	17:57
cgoncalves	https://www.redhat.com/en/about/press-releases/red-hat-openstack-platform-15-enhances-infrastructure-security-and-cloud-native-integration-across-open-hybrid-cloud	17:57
gregwork	but still based on rocky	17:58
gregwork	and STS, not LTS	17:58
cgoncalves	no. OSP 15 is based on Stein	17:58
cgoncalves	correct. short-lived support (1 year)	17:58
gregwork	i think we will probably look to live in osp 13 until 16 comes out	17:58
gregwork	prod and all that	17:59
cgoncalves	to be fair to everyone here on the channel (community and other OpenStack vendors), I'd encourage you to reach out to Red Hat support for further clarifications	17:59
gregwork	i will, thanks for indulging me :)	17:59
cgoncalves	gregwork, reach out to Red Hat and we might have good news in a near future	18:00
*** goldyfruit has joined #openstack-lbaas		18:07
*** henriqueof has joined #openstack-lbaas		18:09
*** goldyfruit_ has joined #openstack-lbaas		18:14
*** goldyfruit has quit IRC		18:17
*** gcheresh has quit IRC		18:21
*** yamamoto has quit IRC		18:26
*** ricolin has quit IRC		18:27
*** yamamoto has joined #openstack-lbaas		18:27
*** ricolin has joined #openstack-lbaas		18:27
*** dulek has quit IRC		18:28
*** redrobot has quit IRC		18:28
*** mjblack has quit IRC		18:30
*** dulek has joined #openstack-lbaas		18:33
*** mjblack has joined #openstack-lbaas		18:33
*** Vorrtex has quit IRC		18:34
*** Vorrtex has joined #openstack-lbaas		18:50
*** ricolin has quit IRC		19:16
johnsom	Looks like the next PTG/summit is in Vancouver in June: http://lists.openstack.org/pipermail/foundation/2019-September/002794.html	19:52
*** KeithMnemonic1 has quit IRC		20:23
*** Vorrtex has quit IRC		20:29
rm_work	cool, Vancouver should be nice in June, and it's easy for me to get there :D	20:32
johnsom	Yeah, me too	20:32
*** redrobot has joined #openstack-lbaas		20:34
cgoncalves	Vancouver was one of the best Summit venues ever, if not the best. easy to move around and awesome view over the harbor	20:48
cgoncalves	johnsom, rm_work: just two left! ;) https://review.opendev.org/#/q/project:openstack/octavia+status:open+NOT+branch:master+label:Workflow%253E%253D0	21:15
rm_work	+A's all around	21:22
cgoncalves	<3	21:23
*** ccamposr has quit IRC		22:35
*** goldyfruit_ has quit IRC		22:42
*** spatel has quit IRC		22:44
openstackgerrit	Merged openstack/octavia-tempest-plugin master: Fix OpenStack clients region parameter https://review.opendev.org/683185	23:20
*** luksky has quit IRC		23:56

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!