Wednesday, 2020-04-08

« Tuesday, 2020-04-07 Index Thursday, 2020-04-09 »
nmickusjohnsom does it need to be added to the set/update commands as well?00:00
johnsom^^^ I think that is what I just said. lol00:01
nmickuscommands not tests I wanted to double check since you didn't comment about the command00:03
nmickusoh wait read that wrong00:03
johnsomnmickus Yeah, we added it to create and the update commands00:11
johnsomhttps://docs.openstack.org/api-ref/load-balancer/v2/index.html?expanded=update-a-listener-detail#update-a-listener00:12
nmickusjohnsom I added the tests and am getting an error saying the fake resource does not have that attribute for both tests00:38
johnsomSo you missed something there00:38
nmickushttp://paste.openstack.org/show/791772/00:39
nmickusmy additions are at the end of both lists00:40
nmickusI can00:40
nmickusI can't see what i missed00:40
johnsomline 3, did you update the listener_info?00:40
nmickusno00:42
nmickusdo i need to add a specific string style to the test?00:45
nmickusjohnsom?00:50
johnsomnmickus For the of the ciphers field?00:51
johnsomcontent?00:51
nmickusyeah in the tests constants file00:51
johnsomI would put in a same string like the API reference has00:51
johnsomTests that are close to the real world use are usually best.00:52
nmickusso from dawson's patch?00:52
johnsomhttps://docs.openstack.org/api-ref/load-balancer/v2/index.html?expanded=create-listener-detail#id3500:53
johnsomyes00:53
*** JayLiu has joined #openstack-lbaas00:57
openstackgerritNoah Mickus proposed openstack/python-octaviaclient master: Add the ability to specify the cipher list for a listener  https://review.opendev.org/71781100:59
johnsomHi JayLiu. Welcome to working on Octavia.01:01
JayLiuhello!01:02
johnsomI understand you are interested in the Active/Active work01:02
johnsomHave you reviewed our existing spcecifications?01:02
JayLiuyes I read a lot01:02
johnsomOk, great.01:02
JayLiunow octavia has standby and single modes, right?01:03
johnsomThere are two different proposals in our specifications. One uses a "distributor" or load-balancer of load-balancers. The other is an L3 BGP/ECMP style.01:03
johnsomCorrect. Both active/active specifications have not completed the development01:04
johnsomWhat style of active/active are you interested in developing?01:05
JayLiuI saw that our code has been writen some code about active/active mode? My team want to how to participate into the community develop01:06
johnsomOk. So you maybe want to help finish one of the existing proposals?01:06
JayLiuSorry I am a member of my team, our code is more like the combination of the two different proposals01:08
JayLiuI wish you can give our team several days to prepare a ppt for further discuss?01:10
johnsomOh, ok. Then we should start with writing a proposal that describes what you want to add. This will be a document similar to the specifications you saw.  Let me provide some links to review.01:10
JayLiuok01:11
johnsomThis file describes what content is needed: https://github.com/openstack/octavia/blob/master/specs/template.rst01:11
johnsomThis file is a template you can fill out: https://github.com/openstack/octavia/blob/master/specs/skeleton.rst01:11
johnsomJayLiu I am happy to review a powerpoint and discuss with you, but the OpenStack community will want a specification file that can be commented on and reviewed. Then this specification will be approved for development.01:12
johnsomMy review of the powerpoint would just be to help guide you, but would not be approval to develop from the OpenStack community.01:13
JayLiuok! thx! we will commit a proposals later~01:13
JayLiuthank you for your guide :)01:14
johnsomOk, sounds great. It is nice to have you working with the Octavia team.01:14
openstackgerritMichael Johnson proposed openstack/octavia master: Add amphora delete API  https://review.opendev.org/71829301:32
johnsomIt is a start01:32
johnsomnot done however01:33
openstackgerritNoah Mickus proposed openstack/python-octaviaclient master: Add the ability to specify the cipher list for a pool  https://review.opendev.org/71783401:34
*** zasherif has joined #openstack-lbaas01:59
*** zasherif has quit IRC02:03
*** yamamoto has joined #openstack-lbaas02:14
openstackgerritDawson Coleman proposed openstack/octavia master: Add ability to specify TLS cipher list for pools  https://review.opendev.org/71715402:30
lxkongHi guys, we had a security testing the other day, one Octavia related issue was found, I'd like to hear your suggestion02:57
lxkong```It was found that it was possible to create a load balancer and add compute resources located in a restricted private network that belong to another project, as pool members, if the subnet ID is known. This allows a malicious user to configure a load balancer to act as a router or bridge, to access services that are intended to be restricted. Because this attack requires a subnet ID and the IP address of the02:57
lxkongresource, which are not necessarily guessable (although potentially exposed through documentation or source code repositories).```02:57
lxkongFor octavia stable/train02:57
lxkongi checked the code, even on master, we are using octavia service user to check the subnet02:58
lxkongjohnsom, rm_work ping02:58
rm_workRight, we're aware of this, or at least I am definitely aware of this, and actually it is part of the normal workflow of my users that we do things across tenants03:08
lxkongrm_work: and also the vip_xxx_id when creating load balancer?03:08
lxkongwe don't check that neither03:08
lxkongrm_work: any plan to fix that?03:09
rm_workErr sorry, we don't actually need the plugging technically tho lol03:09
rm_workBut we still use it for whatever reason <_< I should actually tell my users to stop :D03:09
rm_workNo plan to fix it exactly...03:10
lxkongrm_work: the issue is supposed to be critical for one of our private customer :-(03:10
lxkongpriviate cloud customer03:11
lxkongrm_work03:11
lxkongI can offer help if needed03:11
lxkongintroduce a new config option as you still have cross tenant usage?03:12
rm_workMaybe can do it as config, yes03:12
rm_workBasically we'd have to temperately switch to tenant context and confirm the tenant can see the subnet03:13
rm_workSince still need to be admin to plug it03:13
rm_workCan do it on the API call03:13
lxkongrm_work: ok, i will do more testing before submitting a patch03:13
lxkongrm_work: thanks for responding03:13
rm_workThe only thing is that if it ever becomes inaccessible to the tenant after (unshared, for example) we won't check again03:13
rm_workSo yeah, on the member create validation we can check not just the subnet exists but that it is also visible to the lb tenant03:14
rm_workWill require creating new sdk instance using the hijacked client token from the request I think03:15
*** psachin has joined #openstack-lbaas03:28
*** yamamoto has quit IRC03:42
*** yamamoto has joined #openstack-lbaas03:44
*** vishalmanchanda has joined #openstack-lbaas03:53
openstackgerritMichael Johnson proposed openstack/octavia master: Add amphora delete API  https://review.opendev.org/71829304:07
*** zasherif has joined #openstack-lbaas04:13
openstackgerritMichael Johnson proposed openstack/octavia master: Add amphora delete API  https://review.opendev.org/71829304:39
*** yamamoto has quit IRC04:42
*** yamamoto has joined #openstack-lbaas04:47
*** zasherif has quit IRC04:55
*** zasherif has joined #openstack-lbaas05:12
*** armax has quit IRC05:27
*** armax has joined #openstack-lbaas05:28
*** armax has quit IRC05:33
openstackgerritMichael Johnson proposed openstack/python-octaviaclient master: Add amphora delete command  https://review.opendev.org/71831105:57
*** armax has joined #openstack-lbaas06:13
*** armax has quit IRC06:18
*** gcheresh has joined #openstack-lbaas06:31
*** zasherif has quit IRC06:49
*** yamamoto has quit IRC06:52
*** gcheresh has quit IRC06:52
*** gcheresh has joined #openstack-lbaas06:59
*** maciejjozefczyk has joined #openstack-lbaas07:00
*** yamamoto has joined #openstack-lbaas07:05
*** rpittau|afk is now known as rpittau07:17
*** born2bake has joined #openstack-lbaas07:37
*** dmellado has quit IRC08:01
*** dmellado has joined #openstack-lbaas08:05
*** gcheresh has quit IRC08:22
*** gcheresh has joined #openstack-lbaas08:23
*** rcernin has quit IRC08:27
*** gcheresh has quit IRC08:31
*** gcheresh has joined #openstack-lbaas08:33
openstackgerritAnn Taraday proposed openstack/octavia master: Jobboard based controller  https://review.opendev.org/64740608:43
*** gcheresh has quit IRC08:44
*** tkajinam has quit IRC08:51
*** gcheresh has joined #openstack-lbaas09:00
*** ataraday_ has joined #openstack-lbaas09:04
*** gcheresh has quit IRC09:15
*** gcheresh has joined #openstack-lbaas09:26
*** gcheresh has quit IRC09:39
openstackgerritAnn Taraday proposed openstack/octavia master: Jobboard based controller  https://review.opendev.org/64740610:00
*** yamamoto has quit IRC10:13
*** rpittau is now known as rpittau|bbl10:24
*** gcheresh has joined #openstack-lbaas10:30
*** yamamoto has joined #openstack-lbaas10:33
*** yamamoto has quit IRC10:34
*** gcheresh has quit IRC10:49
*** yamamoto has joined #openstack-lbaas10:53
ataraday_cgoncalves, Hi! About your comment I checked the console of job https://zuul.opendev.org/t/openstack/stream/331985a665ce43f0bab803e079e3ee76?logfile=console.log Seems DIB_LOCAL_ELEMENTS are set corretly11:12
cgoncalvesataraday_, hi! yeah, I see it too. it is still unclear to me when Zuul merges configurations or overrides them11:15
cgoncalvesataraday_, I'll +2 as soon as Zuul verifies11:16
ataraday_cgoncalves, , Yeah, all job stuff is really confusing for me :) glad I'm not the only one11:19
ataraday_thanks!11:19
openstackgerritAnn Taraday proposed openstack/octavia master: Add option to set default ssl ciphers in haproxy  https://review.opendev.org/68533711:25
*** gcheresh has joined #openstack-lbaas12:07
*** tkajinam has joined #openstack-lbaas12:14
*** gcheresh has quit IRC12:17
*** ccamposr__ has joined #openstack-lbaas12:19
*** ccamposr has quit IRC12:21
*** rpittau|bbl is now known as rpittau12:23
openstackgerritAnn Taraday proposed openstack/octavia master: Add option to set default ssl ciphers in haproxy  https://review.opendev.org/68533712:39
*** gcheresh has joined #openstack-lbaas12:40
openstackgerritAnn Taraday proposed openstack/octavia master: Jobboard based controller  https://review.opendev.org/64740612:49
openstackgerritOpenStack Proposal Bot proposed openstack/octavia-dashboard master: Imported Translations from Zanata  https://review.opendev.org/71843012:55
*** spatel has joined #openstack-lbaas12:58
*** spatel has quit IRC12:59
*** gcheresh has quit IRC13:20
*** gcheresh has joined #openstack-lbaas13:24
*** yamamoto has quit IRC13:50
*** tobias-urdin has joined #openstack-lbaas13:51
tobias-urdincgoncalves: can i bother you for a sec :) since there is no "default" fields on flavor does it default to using the values from octavia.conf or will it select the "first one" if you only have one flavor?13:53
tobias-urdinor will octavia API just reject create requests without any flavor?13:54
tobias-urdin(i assume no on second since flavor_id is optional)13:55
johnsomtobias-urdin It will fall back to the configuration file defaults13:55
cgoncalves+113:56
tobias-urdinthanks!14:12
*** yamamoto has joined #openstack-lbaas14:17
*** dayou_ has joined #openstack-lbaas14:19
*** dayou has quit IRC14:22
*** gcheresh has quit IRC14:38
*** dayou_ has quit IRC14:44
*** dayou has joined #openstack-lbaas14:44
*** armax has joined #openstack-lbaas15:01
*** TrevorV has joined #openstack-lbaas15:02
*** yamamoto has quit IRC15:06
*** yamamoto has joined #openstack-lbaas15:15
*** yamamoto has quit IRC15:15
openstackgerritAnn Taraday proposed openstack/octavia master: Jobboard based controller  https://review.opendev.org/64740615:53
*** yamamoto has joined #openstack-lbaas15:55
johnsom#startmeeting Octavia16:02
openstackMeeting started Wed Apr  8 16:02:07 2020 UTC and is due to finish in 60 minutes.  The chair is johnsom. Information about MeetBot at http://wiki.debian.org/MeetBot.16:02
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:02
*** openstack changes topic to " (Meeting topic: Octavia)"16:02
openstackThe meeting name has been set to 'octavia'16:02
ataraday_hi16:02
cgoncalveshi16:02
dawzonhi16:02
*** zasherif has joined #openstack-lbaas16:02
haleybhi16:03
gthiemongehi16:03
johnsomSorry for being a minute or two late16:03
johnsomIt's been a busy morning.16:03
johnsom#topic Announcements16:03
*** openstack changes topic to "Announcements (Meeting topic: Octavia)"16:03
*** zasherif has quit IRC16:03
johnsomYou are stuck with me for the Victoria release cycle.16:04
cgoncalvesbummer!16:04
*** zasherif has joined #openstack-lbaas16:04
johnsomI.e. I will be the PTL for the next release.16:04
johnsomNo matter how much Adam tries, he is still the PTL until May. lol16:05
cgoncalvescongratulations and THANK YOU16:05
johnsomThanks!16:05
cgoncalvesthanks also to Adam for being PTL this past release16:05
johnsomYes, thank you to Adam for stepping up to PTL for Train and Ussuri!16:05
* johnsom thinks 4 more years....16:06
haleybjohnsom: you're welcome to be lifetime PTL :)16:06
johnsomPlease consider if you would like to be PTL after Victoria. I am happy to discuss or help folks feel comfortable to run.16:06
* johnsom looks for his coffee16:07
johnsomOk, other super important announcement:16:07
johnsomThis week is final release for the python-octaviaclient and is feature freeze for everything else!!!!!!16:07
johnsomPlease, if you have a feature that you want into Ussuri, speak up during this meeting and make sure the core reviews are tracking it.16:08
* cgoncalves cancels his dinner out plans. oh wait, covid-1916:08
johnsomI know that we have some TLS patches and jobboard still in plan for Ussuri.16:09
*** zasherif has quit IRC16:09
johnsomMy recent amphora delete feature is fine to push to Victoria IMO, so not stressing over that.16:09
*** yamamoto has quit IRC16:09
johnsomIf you have other features, please raise them.16:09
johnsomDocs, tests, and bug fixes are still open until April 20th week.16:10
johnsom#link https://releases.openstack.org/ussuri/schedule.html16:10
cgoncalvesit is not a feature and not super important but would not be backportable: noop certificate manager. I understand it was uploaded less than a week ago. if someone has cycles to review it, I'd appreciate. if not, all good still!16:11
johnsomAlso of note, we are starting to get the translation patches. Please help us review.16:11
cgoncalves#link https://review.opendev.org/#/c/717619/16:11
cgoncalvesthe noop certificate manager would allow us to do TLS-related testing in Tempest API16:11
johnsomcgoncalves That kind of falls into the testing category as it should only be used during tests. Not sure if it impacts other parts of the code, but may not fall under the feature freeze.16:12
johnsomI can take a quick scan16:12
cgoncalvesjohnsom, not falling under the feature freeze would be awesome16:12
johnsomOk. Please by the end of the meeting speak up if you have something. Otherwise it may not make Ussuri and may be bumped to Victoria.16:14
haleybjohnsom: i'm not sure i'll have time to update the multiple VIP patch, https://review.opendev.org/#/c/660239/ - i'll at least get it rebased to master16:14
johnsomYeah, Adam could not make the meeting today. I'm not sure the state on that. If you think you can get it ready for review, let's get it on the list.16:14
johnsomhaleyb So, please reach out to me by this time tomorrow if you get time to get it "ready"16:15
johnsom#topic Brief progress reports / bugs needing review16:16
*** openstack changes topic to "Brief progress reports / bugs needing review (Meeting topic: Octavia)"16:16
haleybit was still failing, so probably not, unless the light bulb just turns on as to the failure16:16
johnsomOk16:16
johnsomI have been juggling....16:16
johnsomI was working on tempest test cleanup. This found a bug in the OVN provider driver. I have opened a launchpad bug for that and the team is looking at it.16:17
johnsomI am pausing that work, mid-complete, to focus on the feature freeze, and release.16:17
ataraday_Jobboard change #link https://review.opendev.org/#/c/647406/ (not a day without stupid pep8 error)16:18
johnsomSo, many reviews as well. I will be working on failover patch cleanup today as well as it would be good to get that merged sooner than later. It's a bug fix, so still has a bit of time.16:18
johnsomataraday_ Thanks. I did a full review on that this week as well. Looked pretty good. I will look again today16:19
ataraday_and default cipher #link https://review.opendev.org/#/c/685337/ I rebased and updated it today16:19
ataraday_johnsom, cgoncalves Thank for reviews!16:19
johnsomOh! there is a good one to call out. I lost track of that one.  Will look today as well16:20
cgoncalvesataraday_, you're welcome!16:20
johnsomTLS ciphers is going to make Ussuri for Octavia and client.16:20
johnsomKudos to dawzon, great work!16:20
cgoncalvesataraday_, please see https://review.opendev.org/#/c/647406/104/devstack/plugin.sh@375. you removed the OCTAVIA_JOBBOARD_EXPIRATION_TIME part in plugin.sh in a follow-up patch set. I think we need it back16:21
cgoncalveswith quick fixing16:21
cgoncalvesI mean, minor fixing16:21
johnsomAh, some changes there were part of my comments. Maybe I missed something?16:21
cgoncalvesdawzon, great work on your patches!16:21
cgoncalvesjohnsom, yeah. there were some changes while you're offline16:22
dawzonThanks!  I really appreciate all the community help I received along the way16:23
* johnsom sleep is such a pain. lol16:23
*** rpittau is now known as rpittau|afk16:23
*** psachin has quit IRC16:24
cgoncalvesso I pushed a patch that adds the noop certificate manager I mentioned earlier.16:24
cgoncalves#link https://review.opendev.org/#/c/717619/16:24
johnsomThat has been long needed, thank you.16:24
cgoncalvesit is part of a chain of patches related to fixing issues with SNI16:24
cgoncalveswe need noop cert manager for testing the API in tempest16:25
ataraday_cgoncalves, I saw your commet, I think setting in job https://review.opendev.org/#/c/647406/106/zuul.d/jobs.yaml@81 is fine as for devstacks timeout which is as default also fits.16:25
johnsomYeah, I know I put some TODO comments in for the need in the functional tests too16:25
ataraday_only gates require higher timeout16:25
johnsomYeah, that was my comment. For example, when I run local it is much faster than the zuul gates, so I would rather have devstack fall back to the config.py default setting by default, and we only override for the zuul jobs in the job definition16:26
cgoncalvesataraday_, ok. I just thought since you added that devstack config option we could keep it given we found the problem. however, it is not a hard requirement so I am good not having it16:27
cgoncalvesok, sure16:27
johnsomWe tend to see devstack settings copied into actual deployment tools like tripleo and OSA, so I would rather not have settings need for zuul called out there unless we absolutely need it.16:30
cgoncalvesfair point16:30
johnsomThe nova boot timeout comes to mind16:30
johnsomataraday_ Thanks for the quick spins on these patches. Huge accomplishment for you in Ussuri!16:31
johnsom#topic Open Discussion16:31
*** openstack changes topic to "Open Discussion (Meeting topic: Octavia)"16:31
johnsomAlso of note, as I was writing up the release highlights and reviewing the release notes. We got some good stuff done this cycle. Thank you all for your work!16:32
ataraday_johnsom, Thanks! quick 100+ patches :D16:33
cgoncalvesjohnsom, thanks for the release highlights!16:33
born2bakeHello guys, I am wondering if you have a guide how to use octavia with kolla-ansible since cant find any good documentation how to deploy it correctly.16:33
johnsomborn2bake Hi. Since there are many deployment tools to deploy Octavia, the deployment tool specific docs are handled by the deployment tool team. There should be a section in the kolla docs for Octavia.16:35
dawzoncgoncalves I noticed your comment on the pool ciphers patch, I was under the impression that split_listeners wasn't really supported anymore? https://review.opendev.org/#/c/717154/16:36
*** zasherif has joined #openstack-lbaas16:36
*** zasherif has quit IRC16:37
cgoncalvesdawzon, it is still supported unless I missed something. we could argue it's deprecated and as so we don't add new features to it.16:37
born2bakejohnsom there is not but thanks anyway. i will try google then16:37
johnsomborn2bake I'm not finding it with a quick google search, maybe ask in the #openstack-kolla channel?16:37
johnsomcgonclaves I told the team they could ignore split listeners16:38
born2bakeI am not really sure if its even that much in use with kolla cause it seems like its outdated. still 3 certs required instead of 4 and etc.16:38
johnsomBut that brings up a good point that I should probably hammer out that mirror patch.... Sounds like a bug (grin???)16:39
cgoncalvesdawzon, my thought was if the controller services have your work and one runs an older amphora image (split listeners only) but also supports the tls ciphers, it would technically still be possible to configure the ciphers16:39
cgoncalvesit's an edge case, sure. we could go without split listener. if later we see it's actually needed we could consider that a bug...?16:40
johnsomborn2bake Yeah, I can't keep up with the state of all of the deployment tools. Sorry.16:40
cgoncalvesso split listener is deprecated and as so no new features added to it. is that it? I'm fine, just would like to have an agreement16:42
johnsomcgoncalves to some degree, we put release notes in that new features require a new amphora image. This is one that technically doesn't, but....16:42
cgoncalvesgood point on the release note16:43
johnsomcgonvales I think we just need to add a mirror patch that makes split listener work.16:43
johnsomopps, typo.16:43
cgoncalvesok16:43
johnsomMaybe file a bug we can tag those fixes against so we don't block the main feature patch16:45
cgoncalves+116:45
johnsomOk, any other topics today?16:46
johnsomOk, thank you everyone!16:48
cgoncalveso/16:48
johnsom#endmeeting16:48
*** openstack changes topic to "Discussions for OpenStack Octavia | Priority bug review list: https://etherpad.openstack.org/p/octavia-priority-reviews"16:48
openstackMeeting ended Wed Apr  8 16:48:30 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:48
openstackMinutes:        http://eavesdrop.openstack.org/meetings/octavia/2020/octavia.2020-04-08-16.02.html16:48
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/octavia/2020/octavia.2020-04-08-16.02.txt16:48
openstackLog:            http://eavesdrop.openstack.org/meetings/octavia/2020/octavia.2020-04-08-16.02.log.html16:48
*** zasherif has joined #openstack-lbaas16:50
*** ataraday_ has quit IRC16:51
johnsomborn2bake I know people are using Octavia with Kolla, we get questions every once in a while. I'm just not sure where the kolla installation docs are.16:53
born2bakeas far as I remember, the main problem was to make containers see neutron gw and make sure that octavia network will be reachable from lb to amphora instances.16:55
born2bakebut I think its still cant be used with https and etc.16:55
johnsomYeah, there is an lb-mgmt-net that is a "neutron network". There are a number of ways to set that up. Some have existing shared networks, some use provider networks (OSA), others create a dedicated network and bridge ports or route to it.16:56
johnsomborn2bake Octavia fully supports TLS. It is required for the command/control connections (over the lb-mgmt-net), and is optional for the tenant load balancers on whatever network they specify for their VIPs.16:57
johnsomborn2bake If you have questions about the command/control certificates, there is a detailed guide here: https://docs.openstack.org/octavia/latest/admin/guides/certificates.html16:58
johnsomI assume that is what kolla does when deploying Octavia.16:58
openstackgerritBrian Haley proposed openstack/octavia master: Allow multiple VIPs per LB  https://review.opendev.org/66023916:59
born2bakeYeah, its just outdated. currently, it only needs cert/private/cakey.pem cert/ca_01.pem cert/client.pem - -b 4.0.1 https://github.com/openstack/octavia.git17:00
born2bakeI think its still in process - https://bugs.launchpad.net/kolla-ansible/+bug/186213317:00
openstackLaunchpad bug 1862133 in kolla-ansible ussuri "octavia train does not work due to the certificates configuration change" [High,In progress] - Assigned to Noboru Iwamatsu (rockpine)17:00
johnsomHmmm, we didn't change the code really, you can still use a single CA for testing, etc. It's just never been a good practice.17:02
johnsomWe certainly did clarify how certificates are used in train though. There seemed to be a bunch of confusion.17:03
openstackgerritMerged openstack/octavia-dashboard master: Imported Translations from Zanata  https://review.opendev.org/71843017:08
*** zasherif has quit IRC17:16
openstackgerritMerged openstack/octavia-dashboard master: Fix pyScss version in lower-constraints.txt  https://review.opendev.org/71671317:24
openstackgerritBrian Haley proposed openstack/octavia master: Allow multiple VIPs per LB  https://review.opendev.org/66023917:45
*** maciejjozefczyk has quit IRC19:24
*** vishalmanchanda has quit IRC19:32
*** Trevor_V has joined #openstack-lbaas19:48
*** TrevorV has quit IRC19:51
rm_workhaleyb: so, the followup patch is also pretty necessary, I don't think we really want to plan to merge one and not the other20:05
rm_workhaleyb: and it still has an outstanding bug i needed to work with someone (probably johnsom) on, and he's also been super busy20:06
rm_workI don't think it's going to make U20:06
rm_workI would focus on other stuff for now unless you literally just have a ton of free time :D20:06
rm_workcgoncalves: i am trying to understand how noop cert-manager is different from local cert-manager? which was the one previously designed for testing20:07
rm_workbut that will actually function20:07
*** yamamoto has joined #openstack-lbaas20:07
*** yamamoto has quit IRC20:13
haleybrm_work: right, it won't make U, I was just in the rebase mood, but haven't looked-into the failure, probably can't for a couple of weeks20:23
rm_workyeah it probably needs actual work20:24
rm_worki'm in the same boat20:24
rm_workshit internal has been crazy and that is why i have been mostly absent :(20:24
rm_worki need to get back to a point where i can test stuff on that patch again20:25
*** zasherif has joined #openstack-lbaas20:31
rm_workright now my #1 priority (when I can even get to that, over fires) is making octavia's health-manager not trigger failovers when the DB is read-only (right now it only does that if the DB is fully down)20:32
johnsomhttps://images.app.goo.gl/9HzRwNqCZtdRi4QV620:34
openstackgerritMerged openstack/octavia master: Add ability to specify TLS cipher list for pools  https://review.opendev.org/71715420:39
*** zasherif has quit IRC20:40
openstackgerritLuke Tollefson proposed openstack/octavia-dashboard master: Add ciphers options for listeners and pools  https://review.opendev.org/71855020:42
*** zasherif has joined #openstack-lbaas20:44
*** zasherif has quit IRC20:47
*** zasherif has joined #openstack-lbaas21:12
*** zasherif has quit IRC21:16
*** TrevorV has joined #openstack-lbaas21:29
*** Trevor__V has joined #openstack-lbaas21:31
*** Trevor_V has quit IRC21:32
rm_workhttps://github.com/hagleitn/Openstack-Devstack2 :D21:33
rm_workand yes, josh is second most recent committer lol21:34
johnsomLatest commit 88d3eff on Mar 19, 2012 kind of says it alll21:34
rm_workyep :D21:34
*** TrevorV has quit IRC21:34
johnsomThat is the kind of repo it would be fun to post a patch to, just to freak all of the old contributors out21:35
rm_work:P21:49
rm_workwould have been agood April Fools joke21:49
johnsomYes!21:49
rm_workmaybe next year21:49
rm_work"ok google, remind me on March 29th 2021 to make a PR to devstack2"21:50
johnsomAnd propose it in governance21:50
lxkonghi johnsom, rm_work, are you able to see the content of https://storyboard.openstack.org/#!/story/2007531?22:09
johnsomlxkong no22:09
lxkongi realized i shouldn't paste the issue in the public channel, so created that security issue22:09
johnsomThank you22:09
johnsomIf it has a task against openstack/octavia and is marked security, we should be able to see it.22:10
lxkongyes, it's an openstack/octavia task22:10
johnsomIf not, we can ask in #storyboard to see what is wrong22:10
lxkonganyway, as i menioned to rm_work yersterday, i can offer my help. However after checking the octavia code, the openstack client initialization is hardcoded to use the octavia service user credential, i guess the change will touch many functions.22:12
lxkongi am not sure i have enough time to merge the code asap, as my wife's due day is next week22:13
*** zasherif has joined #openstack-lbaas22:14
johnsomlxkong We should discuss on the story, but I don't think it would be hard to implement on our side. There are complications on the other side however.22:14
johnsomlxkong Congratulations!22:14
lxkongthanks, johnsom :-)22:15
*** Trevor__V has quit IRC22:16
*** TrevorV has joined #openstack-lbaas22:17
*** zasherif has quit IRC22:22
rm_worklxkong: congrats!!!22:31
rm_workhope everything goes well :)22:31
*** rcernin has joined #openstack-lbaas22:32
lxkongrm_work: yeah, it's challenging given the curent COVID-19 situation22:32
rm_workyeah T_T22:32
rm_workhmm yeah i can't see that bug either, will have to ask someone about that22:33
johnsomrm_work It's a storyboard bug, log out and back in and you can see it22:34
rm_workah k22:35
rm_workyeah will post comments22:35
* lxkong goes to a meeting22:36
johnsomFirst tip of storyboard. Copy your comment to the clipboard before saving in case it blows up22:36
*** TrevorV has quit IRC22:50
*** born2bake has quit IRC22:51
*** threestrands has joined #openstack-lbaas23:10
openstackgerritAdam Harwell proposed openstack/octavia master: Add availability-zone to loadbalancer object docs  https://review.opendev.org/71635823:24
« Tuesday, 2020-04-07 Index Thursday, 2020-04-09 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!