Wednesday, 2020-04-15

*** threestrands has joined #openstack-lbaas		00:00
*** sapd1 has joined #openstack-lbaas		01:30
*** sapd1 has quit IRC		01:36
*** sapd1 has joined #openstack-lbaas		01:49
*** ramishra has quit IRC		03:12
*** psachin has joined #openstack-lbaas		03:33
*** ramishra has joined #openstack-lbaas		03:35
*** KeithMnemonic has quit IRC		04:30
dawzon	Would it make more sense for a cipher blacklist to be a colon-separated string or a ListOpt? Since it's not going to be consumed by OpenSSL it doesn't necessarily have to be formatted the same	04:41
*** vishalmanchanda has joined #openstack-lbaas		05:40
*** sapd1 has quit IRC		05:41
*** tobberydberg has joined #openstack-lbaas		05:45
*** threestrands has quit IRC		05:54
*** sapd1 has joined #openstack-lbaas		05:55
*** ccamposr has joined #openstack-lbaas		06:40
*** ccamposr__ has quit IRC		06:42
*** gcheresh has joined #openstack-lbaas		06:53
*** ataraday_ has joined #openstack-lbaas		06:55
*** maciejjozefczyk has joined #openstack-lbaas		07:06
*** ccamposr__ has joined #openstack-lbaas		07:26
*** rpittau\|afk is now known as rpittau		07:28
*** ccamposr has quit IRC		07:29
*** born2bake has joined #openstack-lbaas		07:50
*** tkajinam has quit IRC		08:21
*** sapd1 has quit IRC		09:04
*** sapd1 has joined #openstack-lbaas		09:16
*** sapd1 has quit IRC		09:21
rm_work	dawzon: i think the idea was that it'd be easiest to allow users to just copy/paste the most common format for the lists without having to reformat them to be separated manually to fit some custom format we define	09:23
rm_work	so it's not so much that they're going to be CONSUMED by openssl, as much as they are provided by openssl	09:23
*** gcheresh has quit IRC		09:33
openstackgerrit	Merged openstack/octavia-tempest-plugin master: Update hacking for Python3 https://review.opendev.org/715653	09:36
*** rpittau is now known as rpittau\|bbl		10:23
*** sapd1 has joined #openstack-lbaas		10:33
*** sapd1 has quit IRC		10:37
*** sapd1 has joined #openstack-lbaas		10:38
*** sapd1 has quit IRC		10:45
*** sapd1 has joined #openstack-lbaas		10:50
openstackgerrit	Adam Harwell proposed openstack/octavia master: Refactor the failover flows https://review.opendev.org/705317	10:50
openstackgerrit	Adam Harwell proposed openstack/octavia master: Use routed network filter if it exists https://review.opendev.org/706153	10:54
*** sapd1 has quit IRC		10:55
*** sapd1 has joined #openstack-lbaas		10:55
*** sapd1 has quit IRC		11:01
*** sapd1 has joined #openstack-lbaas		11:15
*** sapd1 has quit IRC		11:37
*** kevinz has joined #openstack-lbaas		11:40
kevinz	Hi Octavia, I have a problem after setting o-hm0 in the network nodes. The DNS(/etc/resolv.conf) will always be set to domain openstacklocal	11:42
kevinz	search openstacklocal	11:42
kevinz	nameserver 192.168.100.3	11:42
kevinz	nameserver 192.168.100.2	11:42
kevinz	so that the network host are always lost dns capability. I wonder do we have a method to avoid the dns over write in the network host?	11:43
*** servagem has joined #openstack-lbaas		11:46
cgoncalves	kevinz, hi. your network has DHCP servers enabled with nameservers and you set up o-hm0 to be configured via DHCP. you can either 1) disable nameservers in that subnet (openstack subnet set --no-dns-nameservers), 2) make your DHCP client not to request for DNS servers (example: https://github.com/openstack/octavia/blob/master/etc/dhcp/dhclient.conf) or 3) configure o-hm0 statically	11:54
*** sapd1 has joined #openstack-lbaas		11:54
kevinz	cgoncalves: Thanks for quick response. I will try the method! Should be really good	11:56
cgoncalves	kevinz, no problem! good luck	11:57
kevinz	cgoncalves: :-D	11:59
*** gcheresh has joined #openstack-lbaas		12:27
*** rpittau\|bbl is now known as rpittau		12:49
*** KeithMnemonic has joined #openstack-lbaas		12:54
*** TrevorV has joined #openstack-lbaas		13:37
*** rcernin has quit IRC		13:37
*** gcheresh has quit IRC		13:49
*** ataraday_ has quit IRC		14:01
openstackgerrit	Brian Haley proposed openstack/octavia master: Don't inherit enforcing bash errexit in devstack plugin https://review.opendev.org/720041	14:13
*** gcheresh has joined #openstack-lbaas		14:38
*** tkajinam has joined #openstack-lbaas		14:43
*** sapd1 has quit IRC		14:52
*** sapd1 has joined #openstack-lbaas		14:53
*** ianychoi has quit IRC		15:13
*** gcheresh has quit IRC		15:20
*** ataraday_ has joined #openstack-lbaas		15:33
mnaser	hmm	15:36
mnaser	have y'all seen an issue in train where the amphora responds with a 500 when the certificate rotation happens?	15:36
mnaser	it's been destroying an environment that i'm working with, where floods of 500s come in all at once as it rotates one-by-one and fails to do that one-by-one and they all slowly but surely hit error state	15:37
johnsom	mnaser Yeah, I think rm_work just found/fixed that. It's a python3 amphora issue.	15:38
rm_work	mnaser: yep patch is up	15:38
johnsom	mnaser https://review.opendev.org/#/c/719922/	15:38
mnaser	johnsom: i didnt see any changes in here -- https://github.com/openstack/octavia/blob/b0c2cd7b4c835c391cfedf12cf9f9ff8a0aabd17/octavia/amphorae/backends/agent/api_server/certificate_update.py	15:39
rm_work	we can't merge anything tho because of gate failures	15:39
mnaser	ok so not landed yet	15:39
rm_work	i just had most of my fleet explode this week	15:39
rm_work	because of that <_<	15:39
mnaser	rm_work: tough one because you dont have a vm leftover	15:40
rm_work	ah, they don't go away	15:40
rm_work	it just puts the amp in ERROR	15:41
rm_work	and breaks our communication with it	15:41
rm_work	but it doesn't get recycled because healthchecks still pass	15:41
rm_work	was actually remarkably simple to debug :D	15:41
mnaser	ah shucks, i haven't dove that much into it	15:41
mnaser	the hard/annoying part is this will require rotating all amphoras..	15:42
rm_work	yep	15:42
rm_work	i've rotated out my whole fleet ... several times	15:42
rm_work	ah, though be VERY careful	15:42
rm_work	the current failover mechanism will have a hard time	15:42
johnsom	ataraday_ Hi. I think we have a problem with the jobboard patch. It seems that the conductors are getting started even if the amphorav2 driver isn't being used. This conductor startup causes taskflow to go out and try to access redis (both the python module and the DB).	15:43
rm_work	because it won't be able to connect to the other amp when it tries to fail the first one	15:43
rm_work	and you'll get WEIRD and BAD results	15:43
rm_work	you will want to apply the patch for the failover rewrite	15:43
rm_work	https://review.opendev.org/#/c/705317/	15:43
rm_work	then failover can handle this case	15:43
rm_work	otherwise you will be in for not fun times	15:43
mnaser	rm_work: so need to land both that + the py3 fix to be able to get out of this easily?	15:44
mnaser	seems like a big patch to cherry-pick in a prod environment :X	15:44
rm_work	I did it! :D	15:45
rm_work	of course it also broke my UDP LBs	15:45
rm_work	but i fixed that :)	15:45
johnsom	Yeah, there are two bugs we are working on in it too	15:45
mnaser	it sounds like this opens up a rabbithole	15:46
rm_work	yeah it's not a GOOD situation	15:46
rm_work	i also haven't slept much in the past few days <_<	15:46
mnaser	rm_work: what if we ssh'd into teh amphoras and manually put in a generated key	15:47
mnaser	so that they started responding again?	15:47
rm_work	might work	15:47
rm_work	i don't actually know how to generate the correct pem	15:47
rm_work	but if you can figure that out it would fix it :)	15:47
rm_work	though doing that with ... so many... <_<	15:47
*** ianychoi has joined #openstack-lbaas		15:47
ataraday_	johnsom, hi	15:47
mnaser	yeah but you can automate the ssh in/out of that	15:48
rm_work	so what you CAN do, is apply the patch to one worker, shut down the other ones temporarily, and try a failover or two to see if they work	15:48
rm_work	then apply it more broadly if everything seems ok	15:48
rm_work	that is what i did	15:48
*** sapd1 has quit IRC		15:49
ataraday_	johnsom, you got this on your devstack or on some change?	15:49
*** sapd1 has joined #openstack-lbaas		15:49
mnaser	rm_work: can you force a cert rotate in octavia?	15:50
mnaser	oh nevermind it wouldn't even work because you still need to generate the cert yourself	15:50
rm_work	yes you can	15:50
rm_work	but	15:50
rm_work	yeah it would just fail again :D	15:50
mnaser	well i mean you can ssh into the amphora, update with manual cert, add that 2 line patch for flask, force rotation and confrim it doesnt break?	15:51
rm_work	yes	15:51
rm_work	i did that	15:51
rm_work	when i wrote the patch	15:51
mnaser	rm_work: could you also be really and "borrow" the working key from another amphora...?	15:51
mnaser	s/really/really bad/	15:51
rm_work	i don't think so because those certs are keyed to the amp's ID	15:51
rm_work	we validate that on communication	15:51
mnaser	ah ok	15:52
johnsom	ataraday_ Kong and I have both seen it on our devstacks. I think one issue is the devstack plugin.sh is using "=" instead of "==", but I think we also need to consider not always starting the conductors.	15:52
mnaser	rm_work: how can i force a rotate btw?	15:53
ataraday_	johnsom, omg, how gate do not get this	15:53
*** tkajinam has quit IRC		15:53
johnsom	ataraday_ Yeah, I have not had time to figure that one out....	15:54
rm_work	mnaser: in the DB, set the cert_busy to 0 and the cert_expiry time to ... like, now	15:54
rm_work	or NOW() :D	15:54
rm_work	on the amphora table record	15:55
johnsom	ataraday_ FYI, a paste from Kong: http://dpaste.com/36KYZ9B	15:55
rm_work	sorry, it's not an API call :/	15:55
ataraday_	johnsom, I can push a quick patch that will fix plugin.sh and run conductor conditionally	15:55
ataraday_	if nothing proposed...	15:55
johnsom	ataraday_ Thank you. Yeah, we have been working other recent bugs, so there is no real proposed patch.	15:56
mnaser	rm_work: ok cool thanks	15:57
rm_work	#startmeeting Octavia	16:01
openstack	Meeting started Wed Apr 15 16:01:17 2020 UTC and is due to finish in 60 minutes. The chair is rm_work. Information about MeetBot at http://wiki.debian.org/MeetBot.	16:01
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	16:01
*** openstack changes topic to " (Meeting topic: Octavia)"		16:01
openstack	The meeting name has been set to 'octavia'	16:01
rm_work	#chair johnsom	16:01
openstack	Current chairs: johnsom rm_work	16:01
rm_work	#chair cgoncalves	16:01
openstack	Current chairs: cgoncalves johnsom rm_work	16:01
cgoncalves	hi	16:01
johnsom	o/	16:01
gthiemonge	Hi	16:01
haleyb	hi	16:01
ataraday_	hi	16:01
rm_work	hey all!	16:02
rm_work	#topic Announcements	16:03
*** openstack changes topic to "Announcements (Meeting topic: Octavia)"		16:03
rm_work	Ussuri RC1 is next week!	16:03
* rm_work actually read the agenda page this time		16:03
johnsom	Yeah, we need to get bug fixes in!	16:03
rm_work	so, we need to work extra hard to review a number of outstanding patches that are very important to land	16:04
rm_work	anything else? we'll discuss those in more detail later	16:04
*** gcheresh has joined #openstack-lbaas		16:06
johnsom	We should probably mention that a sqlalchemy release is causing functional test failures.	16:06
johnsom	Just as an FYI. 1.3.16 introduced the issue.	16:06
johnsom	I think that is all I have.	16:07
rm_work	#topic Brief progress reports / bugs needing review	16:07
*** openstack changes topic to "Brief progress reports / bugs needing review (Meeting topic: Octavia)"		16:07
johnsom	I have been focused on bug fixing, reviews, and releases this week.	16:08
rm_work	I have a couple of bugs that I'd like to land fixes for -- ranging from super urgent to trivial	16:09
*** maciejjozefczyk has quit IRC		16:09
rm_work	super urgent:	16:09
rm_work	#link https://review.opendev.org/719922	16:09
rm_work	totally trivial:	16:09
rm_work	#link https://review.opendev.org/719921	16:09
rm_work	already merging: https://review.opendev.org/718881	16:09
rm_work	(once gate is fixed)	16:09
rm_work	and .... technically a feature but I vote to allow it to merge anyway for rc1: https://review.opendev.org/589180	16:10
cgoncalves	rm_work, on that last change, I commented but did not vote. probably I should have voted to get your attention, sorry	16:11
rm_work	ah k	16:11
gthiemonge	I have some octavia-dashboard backports that are waiting for reviews: https://review.opendev.org/#/q/I3668f3dc5d3eb6a288994386294cc018035540c8+is:open	16:11
openstackgerrit	Ann Taraday proposed openstack/octavia master: Run taskflow jobboard conductor conditionally https://review.opendev.org/720237	16:13
rm_work	commented coreycb	16:13
rm_work	err	16:13
rm_work	cgoncalves:	16:13
rm_work	cgoncalves: look at the newest code, the retry/delay all moved out to be at a higher level so it's common	16:15
rm_work	i'll fix the date thing	16:15
cgoncalves	rm_work, yep, I suspect that was the fix. thanks	16:16
johnsom	I would say we should have a priority list, but I think the etherpad updates broke our tracking etherpad	16:17
*** psachin has quit IRC		16:17
rm_work	:(	16:17
cgoncalves	etherpad is just slow	16:18
openstackgerrit	Adam Harwell proposed openstack/octavia master: Support HTTP and TCP checks in UDP healthmonitor https://review.opendev.org/589180	16:18
johnsom	There is discussion that the update broken it in the opendev channel	16:18
johnsom	broke, oye	16:18
johnsom	It doesn't load at all for me	16:19
cgoncalves	oh, ok. I could open it a few minutes ago	16:19
cgoncalves	yeah, timed out now	16:19
cgoncalves	rm_work, we are in feature freeze. if you want the UDP health monitor patch in, it probably needs a FFE	16:20
cgoncalves	(Feature Freeze Exception)	16:20
rm_work	and who grants that?	16:22
rm_work	PTL?	16:22
* rm_work looks at himself		16:22
rm_work	we lost our last day of merging to gate issues and 75% of our cores being on holiday :D	16:23
cgoncalves	appears to reading https://docs.openstack.org/project-team-guide/release-management.html	16:23
rm_work	cool	16:23
rm_work	i hereby grant a FFE	16:23
*** gcheresh has quit IRC		16:24
rm_work	now that we've settled that... anything else before we move to the next topic?	16:24
cgoncalves	it would be wise in this specific case to coordinate with other cores	16:24
rm_work	I mean, the other cores are necessarily involved as they have to +2/+A :D so	16:24
rm_work	that's kinda implied	16:24
rm_work	I grant the exception, if you agree you vote	16:25
cgoncalves	ok	16:25
rm_work	granting the FFE does nothing if you don't merge it ^_^	16:25
rm_work	cool, so next:	16:26
rm_work	#topic Open Discussion	16:26
*** openstack changes topic to "Open Discussion (Meeting topic: Octavia)"		16:26
rm_work	anything?	16:27
cgoncalves	yes	16:27
johnsom	There is an agenda item still	16:27
rm_work	ah there it is	16:28
cgoncalves	I added this to the agenda: How to handle https://review.opendev.org/#/c/711275/ (see Carlos' comments in Gerrit)	16:28
cgoncalves	so this ^ patch depends on an octavia-lib patch that is available in 1.5.0+	16:28
cgoncalves	train has octavia-lib==1.4.0 in upper-constraints.txt	16:29
cgoncalves	so I am not sure how we could backport the octavia-lib patch to stable/train, release a new version of octavia-lib and have it available in train for octavia to consume	16:30
cgoncalves	https://github.com/openstack/requirements/blob/stable/train/upper-constraints.txt#L141	16:30
johnsom	Yeah, umm, You can't backport a new positional parameter to a method in octaiva-lib. That could break drivers	16:31
cgoncalves	very good point	16:31
rm_work	yeah we may just be stuck	16:31
cgoncalves	+1	16:32
cgoncalves	in any case, how would we backport bug fixes to octavia-lib stable branches and have them released if u-c.txt has it set to ==1.4.0?	16:33
*** rpittau is now known as rpittau\|afk		16:33
johnsom	Yeah, it would require a UC bump	16:34
*** maciejjozefczyk has joined #openstack-lbaas		16:35
cgoncalves	problem could we might have to bump more than once :/	16:36
cgoncalves	if there's no other way, so be it	16:36
*** ataraday_ has quit IRC		16:37
rm_work	yeah i'm not totally sure i understand what the issue is, i'd have to try doing it maybe	16:38
johnsom	We have some strange relationships with octavia-lib versions I sure would like to figure out a better way to handle....	16:39
*** maciejjozefczyk has quit IRC		16:41
cgoncalves	train neutron-lib: https://review.opendev.org/#/c/679986/	16:43
cgoncalves	others also bumping versions in stable branches u-c.txt: https://review.opendev.org/#/q/project:openstack/requirements+NOT+branch:master	16:46
johnsom	Yeah, you pretty much have to be able to do so for bug fixes	16:47
johnsom	So, another topic we might want to discuss: Add skip to the tests for sqlalchemy.	16:47
cgoncalves	yeah, ok. I just wanted to make sure it is possible and how to handle it	16:47
johnsom	I would propose we do so as we know the issue is limited to the tests (sqlite) to unblock the gates	16:48
*** generalfuzz is now known as headphoneJames		16:49
cgoncalves	sounds reasonable	16:49
rm_work	ok	16:49
johnsom	Ok, I will propose one	16:49
xgerman	Wonder if we should do a virtual video happy hour?	16:51
rm_work	i'm down at some point	16:53
rm_work	tho my schedule is lulz :P	16:53
cgoncalves	+1. xgerman brings the beer	16:53
rm_work	we all bring the beer :D	16:54
xgerman	:beer	16:54
rm_work	for ourselves. because we are all in quarantine.	16:54
xgerman	I have all kind of slack emoji beers	16:54
xgerman	We can use poll to figure out the times…	16:56
johnsom	Sure, sounds good.	16:56
johnsom	It also sounds like the PTG will be virtual, so maybe we will have good participation there as well.	16:56
*** gcheresh has joined #openstack-lbaas		16:56
xgerman	Uh, oh, no trip to Vancouber :-(	16:57
rm_work	:(	16:57
rm_work	yeah i was really looking forward to that	16:57
cgoncalves	such a cool city	16:57
rm_work	ok well thanks everyone, meeting time about up	16:58
johnsom	#link https://www.openstack.org/events/opendev-ptg-2020/	16:58
johnsom	o/	16:59
johnsom	#endmeeting	17:00
rm_work	#endmeeting	17:00
*** openstack changes topic to "Discussions for OpenStack Octavia \| Priority bug review list: https://etherpad.openstack.org/p/octavia-priority-reviews"		17:00
openstack	Meeting ended Wed Apr 15 17:00:40 2020 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	17:00
openstack	Minutes: http://eavesdrop.openstack.org/meetings/octavia/2020/octavia.2020-04-15-16.01.html	17:00
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/octavia/2020/octavia.2020-04-15-16.01.txt	17:00
openstack	Log: http://eavesdrop.openstack.org/meetings/octavia/2020/octavia.2020-04-15-16.01.log.html	17:00
openstackgerrit	Michael Johnson proposed openstack/octavia master: Disable two tests due to sqlalchemy/sqlite bug https://review.opendev.org/720244	17:08
johnsom	rm_work Test skips ^^^	17:08
*** gcheresh has quit IRC		17:12
rm_work	kk	17:19
*** sapd1 has quit IRC		17:30
cgoncalves	unsolicited newsletter from HPE. me: I want to unsubscribe from all communications, website: no problem! just please provide your first and last name	17:36
johnsom	lol, just the name.	17:36
cgoncalves	I'm now called "A B"	17:36
johnsom	They used to have a really formal system for handling that, but I bet it went with the other half of the company.	17:37
rm_work	lol yeah I am "A B" in a lot of places also :D	17:48
rm_work	and often use a@b.com	17:48
xgerman	I a, test@example.com...	17:53
xgerman	I am	17:53
rm_work	ok so, once that patch for test skips merges, we can recheck the conditional conductors patch, and then we can recheck the udp template fix patch, and THEN we can start looking at the other ones	17:56
rm_work	actually rechecks should be fine for anything after the test-skips merge?	17:57
rm_work	the conductor thing wasn't actually failing the gates IIRC?	17:57
cgoncalves	another boring day in octavialand	17:57
johnsom	Yeah, it looks like the etherpad is back, it would be nice to update the list (I just did a few I knew) and have something to work against.	17:58
* johnsom has to disappear for another meeting		17:58
*** hongbin has joined #openstack-lbaas		19:01
*** osmanlicilegi has quit IRC		19:45
*** vishalmanchanda has quit IRC		19:54
openstackgerrit	Merged openstack/octavia master: Disable two tests due to sqlalchemy/sqlite bug https://review.opendev.org/720244	20:04
*** gcheresh has joined #openstack-lbaas		20:07
openstackgerrit	Adam Harwell proposed openstack/octavia master: Healthmanager opts aren't CLI-related https://review.opendev.org/719921	20:10
rm_work	k lots of rechecks going	20:11
*** servagem has quit IRC		20:34
*** gcheresh has quit IRC		20:47
*** gcheresh has joined #openstack-lbaas		20:59
*** gcheresh has quit IRC		21:52
*** TrevorV has quit IRC		22:18
*** born2bake has quit IRC		22:41
*** rcernin has joined #openstack-lbaas		22:45
*** hongbin has quit IRC		22:53
*** tkajinam has joined #openstack-lbaas		22:59
*** hongbin has joined #openstack-lbaas		23:01

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!