Tuesday, 2020-12-08

« Monday, 2020-12-07 Index Wednesday, 2020-12-09 »
*** spatel has quit IRC00:03
*** TrevorV has quit IRC00:10
*** zzzeek has quit IRC00:47
*** zzzeek has joined #openstack-lbaas00:49
*** openstackgerrit has quit IRC00:58
*** sapd1 has joined #openstack-lbaas01:14
*** sapd1 has quit IRC01:19
*** sapd1 has joined #openstack-lbaas01:21
*** sapd1 has quit IRC01:25
*** zzzeek has quit IRC02:13
*** zzzeek has joined #openstack-lbaas02:14
*** zzzeek has quit IRC02:28
*** zzzeek has joined #openstack-lbaas02:29
*** zzzeek has quit IRC02:34
*** zzzeek has joined #openstack-lbaas02:36
*** tamas_erdei has joined #openstack-lbaas02:54
*** terdei has quit IRC02:57
*** spatel has joined #openstack-lbaas03:11
*** psachin has joined #openstack-lbaas03:17
*** xgerman has quit IRC03:31
*** zzzeek has quit IRC03:44
*** zzzeek has joined #openstack-lbaas03:44
*** rcernin has quit IRC03:46
*** rcernin has joined #openstack-lbaas03:50
*** sapd1 has joined #openstack-lbaas03:58
*** zzzeek has quit IRC04:26
*** zzzeek has joined #openstack-lbaas04:27
*** zzzeek has quit IRC04:41
*** zzzeek has joined #openstack-lbaas04:45
*** rcernin has quit IRC05:39
*** devfaz has quit IRC05:52
*** rcernin has joined #openstack-lbaas06:08
*** gcheresh has joined #openstack-lbaas06:24
*** zzzeek has quit IRC06:41
*** zzzeek has joined #openstack-lbaas06:45
*** rcernin has quit IRC06:45
*** rcernin has joined #openstack-lbaas07:01
*** damien_r has joined #openstack-lbaas07:01
*** zzzeek has quit IRC07:03
*** zzzeek has joined #openstack-lbaas07:05
*** damien_r has quit IRC07:06
*** lxkong has quit IRC07:09
*** vishalmanchanda has joined #openstack-lbaas07:19
*** spatel has quit IRC07:20
*** zzzeek has quit IRC07:24
*** rcernin has quit IRC07:25
*** zzzeek has joined #openstack-lbaas07:28
*** luksky has joined #openstack-lbaas08:04
*** rpittau|afk is now known as rpittau08:10
*** damien_r has joined #openstack-lbaas08:20
*** damien_r has quit IRC08:24
*** damien_r has joined #openstack-lbaas08:25
*** zzzeek has quit IRC08:57
*** zzzeek has joined #openstack-lbaas08:59
*** lxkong has joined #openstack-lbaas09:00
*** devfaz has joined #openstack-lbaas09:24
*** openstackgerrit has joined #openstack-lbaas09:40
openstackgerritXiaoYu Zhu proposed openstack/octavia master: Alternative Distributor for L3 Active-Active, N+1 Amphora Setup  https://review.opendev.org/c/openstack/octavia/+/74668809:40
*** zzzeek has quit IRC10:41
*** zzzeek has joined #openstack-lbaas10:42
*** sapd1 has quit IRC11:52
*** gcheresh has quit IRC11:57
*** gcheresh has joined #openstack-lbaas12:03
*** sapd1 has joined #openstack-lbaas12:40
*** TrevorV has joined #openstack-lbaas13:00
*** gcheresh has quit IRC13:02
*** damien_r has quit IRC13:05
*** zzzeek has quit IRC13:10
*** zzzeek has joined #openstack-lbaas13:11
*** damien_r has joined #openstack-lbaas13:12
*** gcheresh has joined #openstack-lbaas13:12
*** zzzeek has quit IRC13:16
*** zzzeek has joined #openstack-lbaas13:18
*** spatel has joined #openstack-lbaas13:19
*** zzzeek has quit IRC13:26
*** zzzeek has joined #openstack-lbaas13:28
*** damien_r has quit IRC13:50
*** damien_r has joined #openstack-lbaas14:04
*** sapd1 has quit IRC14:05
*** tkajinam has quit IRC14:47
*** tkajinam has joined #openstack-lbaas14:47
*** tkajinam has quit IRC15:18
rm_workjohnsom: the mishmash of clients we use to contact all the various services (nova, neutron, glance, keystone) all have different ways (or in some cases no way) of passing a cert to use for mutual TLS auth T_T16:07
rm_workwe're trying to set that up and it looks like it's going to be a bit of a nightmare16:07
rm_workmay require a number of patches, and some of them may depend on patches to the upstream service clients to even support this <_<16:08
johnsomYeah, many of the other projects don't understand two way authentication.16:08
johnsomThey are more focused on token auth16:08
rm_workseems glance client does support it (takes cert_file and key_file), and nova does (but only takes cert_file? wtf?)16:09
rm_workneutron doesn't at all16:09
johnsomrm_work Any progress on getting stable/stein requirements fixed?16:13
rm_worki just got git-review working again literally 5 min ago16:13
rm_workso will check now16:14
rm_workwill take a bit to rebuild environments16:17
*** psachin has quit IRC16:38
*** servagem has quit IRC16:40
mchlumskyhi! I am trying to use the tempest octavia plugin in our monitoring (run a LB scenario every X minutes) and I noticed that there is a requirement for admin credentials for all tests because LoadBalancerBaseTest sets it in credentials and all test classes inherit from it.  I naively removed admin from credentials and16:42
mchlumskyLoadBalancerBaseTest.setup_clients() and got quite a few scenarios to pass anyways. I'd like to not have to use admin credentials in my monitoring but what I did is dirty. Any thoughts on this?16:42
johnsomThe various roles that are setup are mostly for API testing to validate that our RBAC is working correctly.16:44
*** dulek has quit IRC16:44
johnsomThis is a downside to the tempest plugin design that there is one credential setup for the whole plugin.16:44
*** servagem has joined #openstack-lbaas16:45
johnsomI think there is a way to override that credential setup however via the tempest configuration file. I haven't done it, but I think rm_work has. Let me see if I can find you a link16:45
johnsommchlumsky https://docs.openstack.org/tempest/latest/configuration.html#pre-provisioned-credentials16:47
johnsomIf you are only running like a smoke test, one of the scenarios, you can probably use this to only use a "test" credential.16:48
johnsomThe API tests however will need a proper set as those tests also cover the Role Based Access Control (RBAC).16:48
*** dulek has joined #openstack-lbaas16:53
mchlumskythank you, I'll dig further. It looks like admin_username can be set. Maybe I can set it to a non-admin account and if it's not used it won't matter that it's not an admin account.17:03
rm_workjohnsom: so on pep8, these bandit failures look legit?17:09
rm_workor rather, maybe not legit but bandit is RUNNING and detecting things, though i think the things it's detecting are not real issues17:09
rm_workbecause it's running on our test-files17:10
rm_workIE: exclusion is not working17:10
rm_workI believe I ran into something like this before17:10
rm_workmeanwhile, requirements is failing because of `networkx`?17:10
haleybwho was the one who added bandit? :)  there's been a bunch of failures everywhere due to new pip i believe, it's a mess17:11
johnsomThe issue isn't results (those have been fine for a long time) it's that stein is running py27 and pulling in the latest bandit that is py3x only. It's getting the requirements and lower-constraints right that is the issue. This issue is only on stein BTW17:11
rm_workyeah my local bandit issues match what zuul saw17:11
rm_workso my tests are working17:11
rm_worki can run with this17:11
rm_workhmm ok17:11
rm_worki mean i checked out your patch, shouldn't the tox.ini be set up to use py27 for pep8?17:12
johnsomThis log: https://zuul.opendev.org/t/openstack/build/253e25a319fa4e06863c684d1d885b56/log/job-output.txt17:12
rm_workahh ok, so you are not worried about the fact that pep8 is failing on that branch17:12
johnsomAh, line links are working again: https://zuul.opendev.org/t/openstack/build/253e25a319fa4e06863c684d1d885b56/log/job-output.txt#1196217:13
rm_workright, k17:14
johnsomThat is all I'm trying to solve. My problem is the tox requirements/lower-constraints always passes for me in my VM but fails the gate jobs. My VM is messed up somehow and I was hoping someone else could take a pass at fixing those constraints issues that has a working VM.17:14
rm_workyeah my requirements job fails17:14
rm_worklocally17:15
rm_workbut in a really bad way, more than just bandit17:15
johnsomYeah, I borked my system somehow.17:15
rm_workhmmm the tox.ini requirements job looks weird to me for stein17:19
rm_workneed to compare with other releases17:20
rm_workbut also, for the record:17:22
rm_workCorrect: https://github.com/openstack/octavia/blob/stable/stein/tox.ini#L14017:22
rm_workIncorrect: https://github.com/openstack/octavia/blob/stable/stein/tox.ini#L8117:22
rm_workof course that gives me a host of other issues, but i will try to ignore that and focus on your concern presently17:24
rm_worki don't exactly understand why this job is running requirements with py27 when the tox.ini has requirements set as basepython=python317:30
rm_worki guess it auto-downgrades if it isn't available?17:30
johnsomWell, the gate job is defined in the zuul repos, it probably overrides it for stein17:33
rm_workuhhh17:42
rm_workit looks like your issue is actually in octavia-libb17:42
johnsomYeah, I think it is also impacted17:42
rm_worki mean, not also, it IS the impact here17:42
rm_workthis error is during the octavia-lib install17:43
*** rpittau is now known as rpittau|afk17:43
rm_workand yeah octavia-lib has no requirements lines for python_version==2.717:43
rm_workif we merged a fix there to add bandit for 2.717:43
rm_workthis might be better17:43
rm_workgotta figure out how to test that...17:44
*** xgerman has joined #openstack-lbaas17:54
*** ianychoi__ has quit IRC19:44
*** luksky has quit IRC19:51
*** TrevorV has quit IRC19:56
*** luksky has joined #openstack-lbaas20:05
*** admin0 has joined #openstack-lbaas20:53
*** itsjg has joined #openstack-lbaas21:02
*** gcheresh has quit IRC21:12
admin0hi all .. is there a way to kickstart the amphora creation process ?21:44
admin0i had a wrong ip in the container ( using openstack-ansible)21:44
admin0i nuked the containers , recreated it ( so that they are in the correct ip range)21:44
johnsomWhat state is the LB in now?21:46
johnsomBe sure to graceful shutdown your OpenStack containers, if not you can get things stuck in certain states. We have a patch for that in Octavia, but it's not enabled by default yet.21:47
admin0i nuked the lbs before deleting and re-creating the container21:48
johnsomOk, and after you re-created the container, you created a new load balancer?21:51
*** sorrison has joined #openstack-lbaas21:51
admin0not yet .. i was hoping to see a default amphora image boot up21:51
johnsomOh, you have spares pool enabled?21:52
admin0its set to 1 by default21:52
admin0i did not change it21:52
johnsomYeah, so housekeeping should maintain that pool. If you do "openstack server list --all" do you see an amphora?21:52
admin0i don't see it .. then the question is .. how frequent does housekeeping kicks in ?21:54
johnsomIt's a configuration setting. Default is every thirty seconds it will check the pool.21:55
johnsomif the server list --all doesn't show one, check "openstack loadbalancer amphora list". If it sees one, but it's no longer in nova, somehow it got deleted from nova but Octavia still thinks it's present. In which case you can "openstack loadbalancer amphora delete <ID>" to clear the database ghost record.21:57
*** rcernin has joined #openstack-lbaas21:59
johnsomNormally the controller would notice that it was a failed spare, but since you had networking problems before, the heartbeat never made it to the controllers and that automatic repair process never started.22:00
*** damien_r has quit IRC22:11
admin0are the containers ip hardcoded into the database ?22:12
admin0because the controller ips has changed, is there a possibility the db does not know about the new ones22:12
johnsomNo22:14
johnsomThe controller IPs are stored in the octavia.conf file. They get stamped into the amphora when a load balancer is created via cloud-init/config-drive/metadata, etc.22:16
johnsomSo that list should have been updated when you re-deployed the containers22:16
johnsomWell, I guess there is only one container at the moment22:17
*** luksky has quit IRC22:18
*** spatel has quit IRC22:19
admin0yeah .22:19
admin0i will do a full playbook run and see if it makes a differnce22:19
*** luksky has joined #openstack-lbaas22:32
admin0johnsom, https://gist.githubusercontent.com/a1git/851649fa6f76ebd6e4782f3d1c707501/raw/8970bdd6d4367df81474166f9aaed35c07c52013/gistfile1.txt -- is this caused by octavia ?22:44
admin0the firewall rules22:44
johnsomadmin0 No, I don't think so. That looks like a neutron bug of some sort22:44
admin0johnsom, https://review.opendev.org/c/openstack/neutron/+/740588 .. looks like a patch is out22:55
johnsomHmm, yeah, we don't do anything with ebtables, via SG or not, so should have no relation to anything Octavia is doing.22:56
*** tkajinam has joined #openstack-lbaas23:01
*** vishalmanchanda has quit IRC23:05
*** strigazi has quit IRC23:35
*** strigazi has joined #openstack-lbaas23:37
*** gthiemonge has quit IRC23:40
*** gthiemonge has joined #openstack-lbaas23:43
« Monday, 2020-12-07 Index Wednesday, 2020-12-09 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!