*** yamamoto has joined #openstack-lbaas | 02:00 | |
*** ricolin has joined #openstack-lbaas | 02:29 | |
*** yamamoto has quit IRC | 02:59 | |
*** yamamoto has joined #openstack-lbaas | 02:59 | |
*** ajay33 has joined #openstack-lbaas | 05:14 | |
*** gcheresh_ has joined #openstack-lbaas | 05:22 | |
*** gcheresh_ has quit IRC | 05:42 | |
*** gcheresh_ has joined #openstack-lbaas | 05:55 | |
*** yamamoto has quit IRC | 06:05 | |
*** gcheresh_ has quit IRC | 06:29 | |
*** ianychoi has quit IRC | 06:51 | |
*** yamamoto has joined #openstack-lbaas | 06:53 | |
*** ianychoi has joined #openstack-lbaas | 06:54 | |
*** ccamposr has joined #openstack-lbaas | 07:12 | |
*** numans has joined #openstack-lbaas | 07:13 | |
*** gcheresh_ has joined #openstack-lbaas | 07:16 | |
*** pcaruana has joined #openstack-lbaas | 07:16 | |
*** maciejjozefczyk has joined #openstack-lbaas | 07:22 | |
*** tesseract has joined #openstack-lbaas | 07:22 | |
*** rcernin has quit IRC | 07:32 | |
*** yamamoto has quit IRC | 07:44 | |
*** yamamoto has joined #openstack-lbaas | 07:47 | |
*** rpittau|afk is now known as rpittau | 07:51 | |
*** yamamoto has quit IRC | 08:38 | |
*** yamamoto has joined #openstack-lbaas | 08:40 | |
*** vesper has joined #openstack-lbaas | 08:40 | |
*** vesper11 has quit IRC | 08:40 | |
*** brtknr has joined #openstack-lbaas | 08:49 | |
*** gcheresh_ has quit IRC | 09:04 | |
*** yamamoto has quit IRC | 09:24 | |
frickler | cgoncalves: could you take a look at my rocky backport again? tests passed after recheck https://review.opendev.org/688959 | 09:27 |
---|---|---|
frickler | also, is there a release planned for rocky/stein on that or should I prepare a release patch myself? | 09:27 |
*** yamamoto has joined #openstack-lbaas | 09:28 | |
cgoncalves | frickler, done, thanks for the backport. no release planned yet but we can do it anytime we want, no problem | 09:31 |
*** openstackgerrit has quit IRC | 09:37 | |
*** openstackgerrit has joined #openstack-lbaas | 10:10 | |
openstackgerrit | Ann Taraday proposed openstack/octavia-tempest-plugin master: Add amphorav2 to provider list https://review.opendev.org/689128 | 10:10 |
*** yamamoto has quit IRC | 10:41 | |
*** rcernin has joined #openstack-lbaas | 10:42 | |
openstackgerrit | Ann Taraday proposed openstack/octavia master: Jobboard based controller https://review.opendev.org/647406 | 10:47 |
*** rcernin has quit IRC | 10:52 | |
*** trident has quit IRC | 11:11 | |
*** trident has joined #openstack-lbaas | 11:15 | |
*** ricolin_ has joined #openstack-lbaas | 11:23 | |
*** rcernin has joined #openstack-lbaas | 11:24 | |
*** ricolin has quit IRC | 11:25 | |
*** goldyfruit has quit IRC | 11:26 | |
*** rcernin has quit IRC | 11:34 | |
*** yamamoto has joined #openstack-lbaas | 11:52 | |
*** yamamoto has quit IRC | 11:54 | |
*** another_larsks is now known as larsks | 12:29 | |
*** yamamoto has joined #openstack-lbaas | 12:32 | |
openstackgerrit | Ann Taraday proposed openstack/octavia master: Jobboard based controller https://review.opendev.org/647406 | 12:40 |
openstackgerrit | Ann Taraday proposed openstack/octavia master: Add option to set default ssl ciphers in haproxy https://review.opendev.org/685337 | 12:40 |
*** yamamoto has quit IRC | 12:45 | |
*** yamamoto has joined #openstack-lbaas | 13:13 | |
*** yamamoto has quit IRC | 13:14 | |
*** yamamoto has joined #openstack-lbaas | 13:14 | |
brtknr | I'm attempting to use Octavia ingress via Magnum... anyone got it working? | 13:16 |
brtknr | I can see my loadbalancer spawing but the floating ip doesnt attach | 13:17 |
*** yamamoto has quit IRC | 13:18 | |
*** yamamoto has joined #openstack-lbaas | 13:18 | |
*** goldyfruit has joined #openstack-lbaas | 13:32 | |
*** maciejjozefczyk is now known as mjozefcz|lunch | 13:35 | |
*** mjozefcz|lunch has quit IRC | 13:40 | |
johnsom | Sorry, I have never used Magnum. What error is neutron giving you when you add the floating IP? Are you using DVR? | 13:45 |
*** mjozefcz|lunch has joined #openstack-lbaas | 13:51 | |
*** ianychoi has quit IRC | 14:21 | |
*** ianychoi has joined #openstack-lbaas | 14:29 | |
*** yamamoto has quit IRC | 14:32 | |
*** mjozefcz|lunch has quit IRC | 15:00 | |
*** mloza has joined #openstack-lbaas | 15:03 | |
*** goldyfruit has quit IRC | 15:08 | |
*** goldyfruit has joined #openstack-lbaas | 15:08 | |
*** goldyfruit has quit IRC | 15:09 | |
*** yamamoto has joined #openstack-lbaas | 15:14 | |
*** yamamoto has quit IRC | 15:18 | |
*** trident has quit IRC | 15:29 | |
*** trident has joined #openstack-lbaas | 15:32 | |
*** ianychoi has quit IRC | 15:43 | |
*** ianychoi has joined #openstack-lbaas | 15:44 | |
*** tesseract has quit IRC | 16:03 | |
*** mjozefcz|lunch has joined #openstack-lbaas | 16:11 | |
*** ccamposr has quit IRC | 16:16 | |
*** mjozefcz|lunch has quit IRC | 16:22 | |
*** gcheresh_ has joined #openstack-lbaas | 16:51 | |
*** KeithMnemonic has joined #openstack-lbaas | 17:05 | |
*** mjozefcz|lunch has joined #openstack-lbaas | 17:14 | |
*** gcheresh_ has quit IRC | 17:26 | |
*** gcheresh_ has joined #openstack-lbaas | 17:35 | |
*** mjozefcz|lunch has quit IRC | 17:43 | |
*** mjozefcz|lunch has joined #openstack-lbaas | 18:01 | |
openstackgerrit | Merged openstack/octavia master: Delete the periodic Fedora 28 amphora image job https://review.opendev.org/683850 | 18:23 |
*** mjozefcz|lunch has quit IRC | 18:27 | |
*** goldyfruit has joined #openstack-lbaas | 18:43 | |
*** gcheresh_ has quit IRC | 19:26 | |
*** spatel has joined #openstack-lbaas | 20:08 | |
*** pcaruana has quit IRC | 20:16 | |
*** ajay33 has quit IRC | 20:23 | |
*** spatel has quit IRC | 20:51 | |
colin- | do we avoid any mod_security stuff in haproxy since it seems to be gated by the enterprise version? | 20:58 |
johnsom | Isn't mod_security an apache thing? | 20:59 |
colin- | yeah i might have stuck my foot in my mouth with this, i don't think they have an equivalent component for the L7 stuff in haproxy | 21:00 |
johnsom | What are you trying to do? | 21:00 |
colin- | just remembering how trivial it was to load mod_security into an nginx listener and wondering if it would be low-effort to offer some "waf" thing on our L7s in the future | 21:00 |
*** goldyfruit has quit IRC | 21:01 | |
johnsom | Well, haproxy does have a rich ACL engine, but it really depends on what you are trying to solve. | 21:02 |
johnsom | We already have ddos to some degree from the kernel, we have basic ACLs. If you want to block based on protocol header, etc. the engine supports it, we would just have to expose it in some way. Or you can of course load a custom haproxy template. | 21:03 |
colin- | i guess i'd paraphrase it as bare-minimum protection against nefarios traffic matching public threat DBs for application-aware listeners | 21:03 |
colin- | nefarious* | 21:03 |
johnsom | So IPS like functionality | 21:03 |
colin- | yeah | 21:03 |
colin- | too far from base camp you think? (LBaaS) | 21:04 |
johnsom | Not necessarily, it is a good place in the pipeline to do inspection type things.... | 21:04 |
colin- | had roughly imagined it as a boolean available on HTTP and TERMINATED_HTTPS type listeners that when true would modify what the agent configures on the amp with the understanding that performance would suffer (cpu wise) | 21:06 |
colin- | will make a note here and save it for later, was mostly curious if it had been pursued or not | 21:06 |
johnsom | Yeah, not really something we have worked on yet. It could be added to the roadmap: https://wiki.openstack.org/wiki/Octavia/Roadmap | 21:07 |
johnsom | colin- https://github.com/haproxy/haproxy/tree/master/contrib/modsecurity | 21:10 |
colin- | oh interesting | 21:11 |
*** yamamoto has joined #openstack-lbaas | 21:16 | |
*** yamamoto has quit IRC | 21:21 | |
openstackgerrit | Merged openstack/octavia master: Fix log offload file permissions in CentOS devstack https://review.opendev.org/687938 | 21:37 |
*** goldyfruit has joined #openstack-lbaas | 21:38 | |
*** goldyfruit has quit IRC | 22:01 | |
*** openstackgerrit has quit IRC | 22:07 | |
*** openstackgerrit has joined #openstack-lbaas | 22:47 | |
openstackgerrit | Adam Harwell proposed openstack/octavia master: Allow IPv6 health network in devstack https://review.opendev.org/665103 | 22:47 |
openstackgerrit | Adam Harwell proposed openstack/octavia master: Fix some plug.py unit tests that broke on OSX https://review.opendev.org/682501 | 22:47 |
openstackgerrit | Adam Harwell proposed openstack/octavia master: Fix batch member update error on empty change list https://review.opendev.org/688548 | 22:51 |
*** ianychoi has quit IRC | 23:00 | |
*** ianychoi has joined #openstack-lbaas | 23:00 | |
*** rcernin has joined #openstack-lbaas | 23:19 | |
*** rcernin has quit IRC | 23:19 | |
*** rcernin has joined #openstack-lbaas | 23:20 | |
*** ianychoi has quit IRC | 23:24 | |
*** ianychoi has joined #openstack-lbaas | 23:26 | |
openstackgerrit | Adam Harwell proposed openstack/octavia master: Allow multiple VIPs per LB https://review.opendev.org/660239 | 23:54 |
openstackgerrit | Adam Harwell proposed openstack/octavia master: WIP: fix plugging member subnets on existing networks https://review.opendev.org/665402 | 23:54 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!