| *** sapd1 has joined #openstack-lbaas | 00:08 | |
| *** sapd1 has quit IRC | 00:16 | |
| *** yamamoto has quit IRC | 00:19 | |
| rm_work | did we not already add a "--long" to the amphora list to give more info? i thought that happened? guess not? | 00:56 |
|---|---|---|
| johnsom | {0} octavia_tempest_plugin.tests.barbican_scenario.v2.test_tls_barbican.TLSWithBarbicanTest.test_basic_tls_SNI_traffic [12.092657s] ... ok | 01:24 |
| johnsom | Finally. One of those days where debugging dumb mistakes takes longer than the code. | 01:24 |
| johnsom | I want to add another test case or two before I push the final version up. Should be done tomorrow. | 01:25 |
| *** abaindur has quit IRC | 01:47 | |
| openstackgerrit | Michael Johnson proposed openstack/octavia-tempest-plugin master: Add TLS SNI scenario tests https://review.opendev.org/690778 | 01:48 |
| johnsom | Ok, that should fail as it doesn't have the depends-on for my SNI patch. | 01:50 |
| johnsom | Plus it's not done. | 01:50 |
| johnsom | But calling it a night. | 01:50 |
| *** ricolin has joined #openstack-lbaas | 02:12 | |
| rm_work | o/ | 02:29 |
| *** ajay33 has joined #openstack-lbaas | 03:07 | |
| *** psachin has joined #openstack-lbaas | 03:39 | |
| *** yamamoto has joined #openstack-lbaas | 04:05 | |
| *** yamamoto has quit IRC | 04:10 | |
| *** yamamoto has joined #openstack-lbaas | 04:50 | |
| *** tkajinam_ has joined #openstack-lbaas | 05:03 | |
| *** tkajinam has quit IRC | 05:05 | |
| *** gcheresh_ has joined #openstack-lbaas | 05:15 | |
| *** ajay33 has quit IRC | 05:16 | |
| openstackgerrit | Michael Johnson proposed openstack/octavia-tempest-plugin master: Add TLS SNI scenario tests https://review.opendev.org/690778 | 05:43 |
| *** tkajinam__ has joined #openstack-lbaas | 05:52 | |
| *** tkajinam_ has quit IRC | 05:54 | |
| *** psachin has quit IRC | 05:58 | |
| *** psachin has joined #openstack-lbaas | 06:03 | |
| *** maciejjozefczyk has joined #openstack-lbaas | 06:14 | |
| openstackgerrit | pengyuesheng proposed openstack/octavia-lib master: Switch to Ussuri jobs https://review.opendev.org/690836 | 06:17 |
| *** ccamposr has joined #openstack-lbaas | 06:29 | |
| *** tkajinam__ is now known as tkajinam | 06:34 | |
| *** pcaruana has joined #openstack-lbaas | 06:41 | |
| *** tesseract has joined #openstack-lbaas | 07:18 | |
| *** vishalmanchanda has joined #openstack-lbaas | 07:23 | |
| *** trident has quit IRC | 07:46 | |
| *** abaindur has joined #openstack-lbaas | 07:50 | |
| openstackgerrit | Carlos Goncalves proposed openstack/octavia-tempest-plugin master: Add irrelevant-files to active-standby jobs https://review.opendev.org/690874 | 07:50 |
| *** trident has joined #openstack-lbaas | 07:51 | |
| *** rpittau|afk is now known as rpittau | 07:52 | |
| openstackgerrit | Ann Taraday proposed openstack/octavia master: Convert listener flows to use provider models https://review.opendev.org/660236 | 08:07 |
| *** abaindur has quit IRC | 08:07 | |
| *** tkajinam has quit IRC | 08:19 | |
| openstackgerrit | Ann Taraday proposed openstack/octavia master: Convert listener flows to use provider models https://review.opendev.org/660236 | 08:20 |
| openstackgerrit | Ajay Kumar proposed openstack/octavia master: Fix typo in doc agent.py->agent https://review.opendev.org/690884 | 08:57 |
| *** ajay33 has joined #openstack-lbaas | 08:58 | |
| *** yamamoto has quit IRC | 09:16 | |
| *** yamamoto has joined #openstack-lbaas | 09:22 | |
| *** yamamoto has quit IRC | 09:22 | |
| *** yamamoto has joined #openstack-lbaas | 09:22 | |
| *** yamamoto has quit IRC | 09:26 | |
| openstackgerrit | Maciej Józefczyk proposed openstack/octavia-tempest-plugin master: Handle NotImplemented flavor exception https://review.opendev.org/676135 | 09:41 |
| *** gcheresh_ has quit IRC | 10:15 | |
| *** gcheresh_ has joined #openstack-lbaas | 10:16 | |
| *** yamamoto has joined #openstack-lbaas | 10:26 | |
| *** yamamoto has quit IRC | 10:30 | |
| *** yamamoto has joined #openstack-lbaas | 10:42 | |
| *** yamamoto has quit IRC | 10:54 | |
| *** yamamoto has joined #openstack-lbaas | 10:57 | |
| *** yamamoto has quit IRC | 11:12 | |
| openstackgerrit | Ann Taraday proposed openstack/octavia master: Convert pool flows to use dicts https://review.opendev.org/665381 | 11:12 |
| openstackgerrit | Ann Taraday proposed openstack/octavia master: Transition member flows to use dicts https://review.opendev.org/657842 | 11:14 |
| openstackgerrit | Ann Taraday proposed openstack/octavia master: Transition amphora flows to dicts https://review.opendev.org/668898 | 11:15 |
| CobHead | Hi everyone! Anyone know if it is possible to enable HSTS on a Octavia Load Balancer? :) | 11:21 |
| CobHead | And also, has anyone experienced intermediate certificates to be sorted alphabetically when passed to Octavia? | 11:22 |
| *** gcheresh_ has quit IRC | 11:23 | |
| openstackgerrit | Dat Le proposed openstack/octavia master: Support to create amphora with customized metadata https://review.opendev.org/690925 | 11:24 |
| *** gcheresh_ has joined #openstack-lbaas | 11:28 | |
| openstackgerrit | Maciej Józefczyk proposed openstack/octavia-tempest-plugin master: Add an option to reuse connections https://review.opendev.org/672976 | 11:29 |
| *** yamamoto has joined #openstack-lbaas | 11:46 | |
| *** yamamoto has quit IRC | 11:54 | |
| *** psachin has quit IRC | 12:18 | |
| openstackgerrit | Gregory Thiemonge proposed openstack/octavia master: Fix controller worker graceful shutdown https://review.opendev.org/684201 | 12:28 |
| *** yamamoto has joined #openstack-lbaas | 12:28 | |
| *** psachin has joined #openstack-lbaas | 12:33 | |
| *** yamamoto has quit IRC | 12:35 | |
| *** goldyfruit has joined #openstack-lbaas | 13:00 | |
| johnsom | CobHead HSTS is not yet supported. Feel free to open a story for us: https://storyboard.openstack.org/#!/project/openstack/octavia | 13:09 |
| johnsom | As for intermediates, I don't think they need to be sorted. | 13:10 |
| *** yamamoto has joined #openstack-lbaas | 13:10 | |
| CobHead | johnsom: Thanks for the clarification wrt HSTS. It's weird though. I supply Octavia with a private key, a certificate and a fullchain which has 1 root and 1 intermediate certificate. They are being sorted alphabetically, and SSL tests against the Load Balancer results in an invalid chain warning. | 13:18 |
| johnsom | CobHead How are you testing? | 13:20 |
| CobHead | Using SSL Labs. | 13:20 |
| johnsom | Hmm | 13:21 |
| CobHead | I'm not sure if it is Barbican or Octavia sorting them, though. | 13:21 |
| johnsom | It is not likely to be Barbican | 13:21 |
| johnsom | You are using the pkcs12 bundle right? | 13:22 |
| CobHead | Yes | 13:22 |
| CobHead | (Which is the only way I know works) | 13:22 |
| johnsom | Yes, we had an old way that still works for backward compatibility, but pkcs12 is the way we are going forward. | 13:23 |
| johnsom | It was too easy for users to make errors before, so we switched to pkcs12. | 13:23 |
| CobHead | I see | 13:24 |
| johnsom | Plus the popular HSMs are pkcs12 based, so that also makes it easier for folks. | 13:24 |
| johnsom | Is your endpoint public? I.e. can I connect to it? | 13:25 |
| *** psachin has quit IRC | 13:28 | |
| *** yamamoto has quit IRC | 13:30 | |
| *** yamamoto has joined #openstack-lbaas | 13:31 | |
| *** yamamoto has quit IRC | 13:31 | |
| *** ajay33 has quit IRC | 13:38 | |
| *** born2bake has joined #openstack-lbaas | 13:42 | |
| born2bake | hi guys | 13:43 |
| born2bake | https://bugs.launchpad.net/kolla-ansible/+bug/1847905 there is a bug in octavia using kolla-ansible | 13:43 |
| openstack | Launchpad bug 1847905 in kolla-ansible "Octavia loadbalancer pending create state" [Undecided,New] | 13:43 |
| johnsom | born2bake Thanks for letting us know. There are a few people here that also work on the kolla ansible stuff. | 13:45 |
| *** born2bake has quit IRC | 13:49 | |
| CobHead | Please backport https://review.opendev.org/#/c/688221/, as it is destructive for users unless they are explicitly told not to delete the secret before deleting the LB. The only remedy for this is currently to access the DB and delete the rows associated with the LB in question. | 14:00 |
| *** yamamoto has joined #openstack-lbaas | 14:03 | |
| CobHead | Rephrase: The bug is destructive, not the patch. | 14:05 |
| *** learnstack has joined #openstack-lbaas | 14:05 | |
| *** gcheresh_ has quit IRC | 14:06 | |
| *** gcheresh_ has joined #openstack-lbaas | 14:06 | |
| *** vishalmanchanda has quit IRC | 14:13 | |
| *** yamamoto has quit IRC | 14:14 | |
| *** pcaruana has quit IRC | 14:19 | |
| openstackgerrit | Michael Johnson proposed openstack/octavia stable/train: Fix issues with unavailable secrets https://review.opendev.org/690984 | 14:30 |
| *** learnstack has quit IRC | 14:48 | |
| *** gcheresh_ has quit IRC | 14:57 | |
| *** learnstack has joined #openstack-lbaas | 14:59 | |
| *** learnstack has quit IRC | 15:06 | |
| *** born2bake has joined #openstack-lbaas | 15:09 | |
| *** bcafarel has quit IRC | 15:16 | |
| johnsom | haleyb FYI, those requirements changes you needed to make for the "stop py27 testing" patch, may have needed this: https://review.opendev.org/689588 | 15:24 |
| johnsom | The networkx issue was what led me to do that revert... | 15:24 |
| haleyb | johnsom: yes, possible, should I rebase to see it's still good? | 15:28 |
| johnsom | haleyb Yeah, and maybe back out the requirements changes? Basically we reverted that patch because it caused the upper-constraints to not be applied. | 15:28 |
| openstackgerrit | Brian Haley proposed openstack/octavia master: Stop testing python 2 https://review.opendev.org/687370 | 15:29 |
| *** maciejjozefczyk has quit IRC | 15:30 | |
| *** vishalmanchanda has joined #openstack-lbaas | 15:31 | |
| haleyb | johnsom: they might be ok as i don't think we need some of those anymore looking again | 15:31 |
| *** tesseract has quit IRC | 15:49 | |
| *** goldyfruit has quit IRC | 15:54 | |
| *** goldyfruit has joined #openstack-lbaas | 15:56 | |
| *** bcafarel has joined #openstack-lbaas | 16:00 | |
| *** rpittau is now known as rpittau|afk | 16:05 | |
| *** ccamposr has quit IRC | 16:13 | |
| *** ianychoi has joined #openstack-lbaas | 16:21 | |
| *** yamamoto has joined #openstack-lbaas | 16:45 | |
| *** yamamoto has quit IRC | 16:49 | |
| *** henriqueof has joined #openstack-lbaas | 17:25 | |
| *** TrevorV has joined #openstack-lbaas | 17:49 | |
| *** TrevorV has quit IRC | 17:50 | |
| *** TrevorV has joined #openstack-lbaas | 17:51 | |
| *** ricolin has quit IRC | 17:55 | |
| *** abaindur has joined #openstack-lbaas | 19:16 | |
| *** born2bake has quit IRC | 19:34 | |
| *** goldyfruit_ has joined #openstack-lbaas | 19:57 | |
| *** goldyfruit has quit IRC | 19:59 | |
| *** vishalmanchanda has quit IRC | 20:06 | |
| *** yamamoto has joined #openstack-lbaas | 20:11 | |
| *** yamamoto has quit IRC | 20:16 | |
| *** KeithMnemonic has quit IRC | 20:41 | |
| *** TrevorV has quit IRC | 20:44 | |
| rm_work | johnsom: should *delete* commands have a `--wait`? is that something people want to do? | 20:49 |
| rm_work | I guess so? | 20:49 |
| johnsom | Hmmm, sure? | 20:50 |
| johnsom | There is a clear state change when it completes, so I think it is fair | 20:50 |
| *** KeithMnemonic has joined #openstack-lbaas | 20:52 | |
| rm_work | yeah, and that way if you do `delete && add` for like, members or something, you can do --wait and be ok | 20:54 |
| rm_work | I don't know how to change the returncode for our client calls tho :/ | 20:54 |
| rm_work | I'm not clear about whether we have control over that, besides raising an exception? :/ | 20:54 |
| johnsom | Yeah, why do you want to change the return code? | 20:55 |
| *** maciejjozefczyk has joined #openstack-lbaas | 21:02 | |
| *** maciejjozefczyk has quit IRC | 21:10 | |
| rm_work | so if the CUD operation fails (ERROR status) the client will have a failure return code, and not just "yeah ok" :D | 21:33 |
| rm_work | so people who do `o-s lb create && o-s listener create` will actually have things work sanely | 21:34 |
| johnsom | Ah, yeah, it needs to raise an exception as it had an ERROR | 21:34 |
| openstackgerrit | Merged openstack/neutron-lbaas stable/stein: "lbaas delete l7 rule" Parameter Passing Error https://review.opendev.org/665315 | 21:37 |
| *** goldyfruit_ has quit IRC | 21:38 | |
| *** rcernin has quit IRC | 22:03 | |
| *** goldyfruit has joined #openstack-lbaas | 22:03 | |
| rm_work | ugh, it's always the testing | 22:33 |
| johnsom | yep | 22:34 |
| johnsom | I added pretty error messages when the SNI tests fail: | 22:35 |
| johnsom | b': ERROR: Received certificate "default" with CN bd9838e0-d7a0-409a-91d1-bc0af7caef76.example.com is not the expected certificate "SNI2" with CN bb3090f5-9260-4249-8ae5-4a97a32dd774.example.com.' | 22:35 |
| johnsom | Sadly, one of them is still failing... lol | 22:35 |
| rm_work | T_T | 22:36 |
| johnsom | Ah, helps if you put listener 2's TCP port in instead of listener 1's | 22:36 |
| *** gthiemonge has quit IRC | 22:37 | |
| *** gthiemonge has joined #openstack-lbaas | 22:37 | |
| johnsom | Before those it was a super handy: | 22:37 |
| johnsom | https://www.irccloud.com/pastebin/bp9hz92A/ | 22:38 |
| johnsom | And you had to dig through tempest logs to decode | 22:38 |
| rm_work | what's that python lib that lets you easily create a fake class with a bunch of attributes for testing | 22:38 |
| rm_work | like all it does is easily take a dict and make it into a fake class | 22:38 |
| rm_work | maybe starts with 'p'? | 22:39 |
| rm_work | or 'f'... | 22:39 |
| johnsom | collections.namedtuple ? | 22:39 |
| rm_work | no, isn't stdlib | 22:40 |
| johnsom | https://github.com/openstack/octavia/blob/master/octavia/tests/unit/common/sample_configs/sample_configs_combined.py#L31 | 22:40 |
| rm_work | hmmm i guess that might work | 22:40 |
| rm_work | but this other one was really slick | 22:40 |
| johnsom | Yay, ok: | 22:41 |
| johnsom | {0} octavia_tempest_plugin.tests.barbican_scenario.v2.test_tls_barbican.TLSWithBarbicanTest.test_basic_tls_SNI_multi_listener_traffic [22.651614s] ... ok | 22:41 |
| johnsom | A little polish and the SNI stuff is ready to ship. lol | 22:41 |
| rm_work | fff namedtuples doesn't quite do what I want | 22:43 |
| rm_work | aha! | 22:44 |
| rm_work | pretend | 22:45 |
| rm_work | damn, not in g-r | 22:45 |
| rm_work | https://pypi.org/project/pretend/ | 22:46 |
| rm_work | that would make my current task so much easier T_T | 22:47 |
| rm_work | but instead I can use Munch i guess | 22:48 |
| *** tkajinam has joined #openstack-lbaas | 23:04 | |
| *** rcernin has joined #openstack-lbaas | 23:13 | |
| *** yamamoto has joined #openstack-lbaas | 23:30 | |
| *** henriqueof has quit IRC | 23:33 | |
| *** yamamoto has quit IRC | 23:35 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!