Saturday, 2019-10-05

« Friday, 2019-10-04 Index Sunday, 2019-10-06 »
*** sapd1_x has joined #openstack-lbaas00:07
*** yamamoto has joined #openstack-lbaas00:10
lxkongrm_work: ping00:40
lxkongrm_work: i tested again, still failed to create pool, this is the error in amphora log http://dpaste.com/3GB7YR900:41
lxkongthis is the haproxy service log: http://dpaste.com/27W2D5W00:41
*** ricolin_ has joined #openstack-lbaas01:03
*** yamamoto has quit IRC01:04
*** yamamoto has joined #openstack-lbaas01:08
*** yamamoto has quit IRC01:21
rm_workhmm01:51
*** sapd1_x has quit IRC02:08
rm_workthat's odd02:10
rm_workcurious why it's having FD limit issues, but not sure if related02:10
rm_workreal problem appears to be the failure to fork a new PID?02:11
openstackgerritMerged openstack/octavia master: Fix urgent amphora two-way auth security bug  https://review.opendev.org/68654002:16
*** yamamoto has joined #openstack-lbaas02:38
*** yamamoto has quit IRC02:48
*** yamamoto has joined #openstack-lbaas02:59
*** AustinR has quit IRC03:37
*** yamamoto has quit IRC03:43
*** yamamoto has joined #openstack-lbaas03:48
*** yamamoto has quit IRC04:04
johnsomlxkong: the FD limit message is normal, ignore it.  The cannot fork is the true problem. The amp is out of memory. If this is a multi-listener LB make sure you have the recent single process patch.04:13
* johnsom sinks back into the pacific for another few days to swim with the turtles.04:14
* johnsom girggles, you are using haproxy 1.8 that uses more RAM up front than previous versions, thus the single process patch.04:17
*** ccamposr has quit IRC04:26
*** yamamoto has joined #openstack-lbaas04:36
*** yamamoto has quit IRC04:47
*** gcheresh has joined #openstack-lbaas04:54
*** yamamoto has joined #openstack-lbaas05:22
*** gcheresh has quit IRC05:53
*** gcheresh has joined #openstack-lbaas06:11
*** gcheresh has quit IRC06:33
*** yamamoto has quit IRC06:35
*** yamamoto has joined #openstack-lbaas06:40
*** yamamoto has quit IRC06:40
*** yamamoto has joined #openstack-lbaas06:40
*** yamamoto has quit IRC06:44
f0ocgoncalves rm_work Just doing the changes VMT asked for, do you already know which version numbers will contain the fixes or should I just add a minor to all them?06:46
*** vishalmanchanda has quit IRC07:08
f0o^ https://review.opendev.org/#/c/686724/2/ossa/OSSA-2019-005.yaml - This is the new OSSA with the proposed changes07:09
*** yamamoto has joined #openstack-lbaas07:20
*** yamamoto has quit IRC07:27
*** yamamoto has joined #openstack-lbaas07:50
*** yamamoto has quit IRC07:54
rm_workf0o: well since apparently we aren't VMT managed... i don't know if it matters much08:07
rm_workbut08:07
f0oJeremy's comment sounded like they'd add the OSSA regardless since we did the legwork08:24
f0oIt really is up to Octavia as a whole to decide how to communicate Security Advisories to the users and distributions08:25
rm_workKk that's good but it's not as urgent. We can wait until we release08:25
rm_workI definitely think we should do it08:25
f0ohaving it as OSSA sounds like we got a good channel already open to make the announcement08:25
rm_workYep08:27
rm_workI guess technically your strategy of bumping the number by 1 is fine regardless of actual release number, as it still wouldn't match anything else08:28
rm_workEven if we end up doing a larger bump08:28
rm_workBut we could also wait and put the real numbers08:28
rm_workI'm ok either way. Was hoping we could get those merged today but it'll have to wait I guess08:28
*** ccamposr has joined #openstack-lbaas08:28
lxkongrm_work, johnsom, thanks for your response, problem was solved when changing the amphora flavor mem to 1G (was 512M)09:13
rm_workCool09:16
rm_workAs Michael mentioned though, you want to make sure you have the patch for multi-listener single process09:17
rm_workOtherwise even at 1G you could run into issues with a few listeners09:17
lxkongrm_work: may i know which patch it is?09:17
lxkongor how can i search for that?09:18
lxkongrm_work: from what i can see inside the amphora, there is only one haproxy processs running, because it's using `/var/lib/octavia/{lb-id}/haproxy.cfg`09:18
lxkongrather than /var/lib/octavia/{listener-id}/haproxy.cfg09:19
rm_workhttps://review.opendev.org/#/c/668068/09:22
rm_workThat's the patch. I believe we backported it to Stein09:22
rm_workSo Stein or Train should have it, though not sure if we made a release for Stein afterwards09:23
lxkongrm_work: yeah, the stable/stein merge time was 31 Aug, we should have it09:38
*** gthiemonge has quit IRC09:40
*** gthiemonge has joined #openstack-lbaas09:40
cgoncalveslxkong, the stein backport hasn't made its way into a stein release yet09:44
cgoncalveshttps://review.opendev.org/#/c/683202/09:44
*** ccamposr has quit IRC09:44
lxkongcgoncalves: Thanks for this info. Fortunately, we are using branch instead of tag :-)09:45
cgoncalvesgreat09:46
openstackgerritCarlos Goncalves proposed openstack/octavia-tempest-plugin master: Enable tempest jobs for stable/train  https://review.opendev.org/68656509:48
f0orm_work: I agree regading the version numbers, it would be nice to have the actual values instead of projected imaginary ones09:48
cgoncalvescore reviewers: please help review backport patches https://review.opendev.org/#/q/I5619f5e40d7c9a2ee7741bf4664c0d2d0896399209:50
*** yamamoto has joined #openstack-lbaas09:53
cgoncalvesdayou, thank you!09:57
dayoucgoncalves: my pleasure!09:58
*** yamamoto has quit IRC10:47
*** yamamoto has joined #openstack-lbaas11:24
openstackgerritMerged openstack/octavia stable/train: Fix urgent amphora two-way auth security bug  https://review.opendev.org/68654111:29
*** yamamoto has quit IRC11:35
openstackgerritMerged openstack/octavia stable/stein: Fix urgent amphora two-way auth security bug  https://review.opendev.org/68654311:38
openstackgerritMerged openstack/octavia stable/rocky: Fix urgent amphora two-way auth security bug  https://review.opendev.org/68654411:41
openstackgerritMerged openstack/octavia stable/ocata: Fix urgent amphora two-way auth security bug  https://review.opendev.org/68654711:41
*** yamamoto has joined #openstack-lbaas11:44
*** yamamoto has quit IRC12:04
*** yamamoto has joined #openstack-lbaas12:09
*** yamamoto has quit IRC12:13
*** AustinR has joined #openstack-lbaas12:53
*** AustinR has quit IRC12:58
*** yamamoto has joined #openstack-lbaas12:58
*** yamamoto has quit IRC13:09
*** sapd1_x has joined #openstack-lbaas13:19
*** goldyfruit_ has quit IRC14:06
*** pcaruana has joined #openstack-lbaas14:36
*** lxkong has quit IRC14:41
openstackgerritMerged openstack/octavia-tempest-plugin master: Add an active/standby scenario test  https://review.opendev.org/58468115:05
openstackgerritMerged openstack/octavia stable/pike: Fix urgent amphora two-way auth security bug  https://review.opendev.org/68654615:41
f0oWho maintains the octavia horizon dashboard?16:12
f0obasically, I can crate and manage loadbalancers just fine via CLI but with Horizon I always get logged out when I click on create or edit a loadbalancer. I enabled debug but I cant really get much info out of it other than 'logged out user' after 'task load-balancer.GET.lbaas'16:14
*** ricolin_ has quit IRC16:20
cgoncalvesf0o, the octavia community itself. I'm a stranger to the dashboard. do you see any warning/error message in the horizon logs?16:34
cgoncalvescould you also check that horizon and the octavia dashboard packages meet the same python version?16:35
f0ogood point haha16:35
cgoncalveswe had Ubuntu users having a python version mismatch16:35
f0oI dont trust ubuntu anymore16:36
f0oshould've just gone gentoo again ;P16:36
cgoncalvesalso running horizon queens and dashboard rocky (or the other way around)16:36
*** luksky has joined #openstack-lbaas17:04
*** gcheresh has joined #openstack-lbaas17:11
f0oAnyone here with experience in terraform and octavia? upstream terraform provider for openstack doesnt seem to care about octavia, so I guess that has to be done via neutorn-lbaas?17:15
*** pcaruana has quit IRC17:18
*** sapd1_x has quit IRC17:43
*** gcheresh has quit IRC17:48
*** gcheresh has joined #openstack-lbaas18:00
*** gcheresh has quit IRC18:05
*** goldyfruit_ has joined #openstack-lbaas18:25
f0oI broke it again :'D18:31
f0o2019-10-05 18:30:28.232 11585 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [req-a51c5041-e64d-4e63-8cc2-c48f00440973 - c3caf1b55bb84b78a795fd81838e5160 - - -] Could not connect to instance. Retrying.: requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='172.16.1.79', port=9443): Read timed out. (read timeout=10.0)18:31
f0oI think this is related to the multi-listener change mentioned earlier, this particular amphora was tested with 4 listeners and 2 pools18:34
*** yamamoto has joined #openstack-lbaas19:07
*** yamamoto has quit IRC19:12
*** luksky has quit IRC22:16
*** yamamoto has joined #openstack-lbaas22:39
openstackgerritMerged openstack/octavia stable/queens: Fix urgent amphora two-way auth security bug  https://review.opendev.org/68654522:47
*** yamamoto has quit IRC22:48
*** yamamoto has joined #openstack-lbaas22:51
*** yamamoto has quit IRC22:57
*** yamamoto has joined #openstack-lbaas23:23
*** yamamoto has quit IRC23:23
*** yamamoto has joined #openstack-lbaas23:24
*** yamamoto has quit IRC23:28
« Friday, 2019-10-04 Index Sunday, 2019-10-06 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!