Tuesday, 2021-04-20

« Monday, 2021-04-19 Index Wednesday, 2021-04-21 »
*** sapd1_y has quit IRC02:05
*** sapd1_y has joined #openstack-lbaas02:05
*** rcernin has quit IRC02:58
*** rcernin has joined #openstack-lbaas03:13
*** rcernin has quit IRC03:27
*** rcernin has joined #openstack-lbaas03:36
*** rcernin has quit IRC03:39
*** rcernin has joined #openstack-lbaas03:39
*** sapd1 has joined #openstack-lbaas03:55
*** vishalmanchanda has joined #openstack-lbaas04:23
*** gcheresh has joined #openstack-lbaas04:44
*** ianychoi__ has joined #openstack-lbaas04:48
*** gregraka has quit IRC04:48
*** sapd1_y has quit IRC04:48
*** sapd1_x has joined #openstack-lbaas04:48
*** gregraka2 has joined #openstack-lbaas04:48
*** ianychoi_ has quit IRC04:50
*** sapd1 has quit IRC05:04
*** xgerman has quit IRC05:23
*** yamamoto has quit IRC05:56
*** yamamoto has joined #openstack-lbaas06:31
*** yamamoto has quit IRC06:38
*** yamamoto has joined #openstack-lbaas06:38
*** rcernin has quit IRC07:15
*** rpittau|afk is now known as rpittau07:35
*** yamamoto has quit IRC07:40
*** luksky has joined #openstack-lbaas07:40
*** yamamoto has joined #openstack-lbaas07:49
openstackgerritzhangboye proposed openstack/python-octaviaclient master: Use py3 as the default runtime for tox  https://review.opendev.org/c/openstack/python-octaviaclient/+/78714007:58
*** yamamoto has quit IRC08:03
*** rcernin has joined #openstack-lbaas08:17
*** rcernin has quit IRC08:39
*** yamamoto has joined #openstack-lbaas08:43
*** yamamoto has quit IRC08:57
*** vishalmanchanda has quit IRC09:52
*** psachin has joined #openstack-lbaas10:01
openstackgerritGregory Thiemonge proposed openstack/octavia-tempest-plugin master: Fix owner_or_admin API tests  https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/78717710:04
*** rpittau is now known as rpittau|bbl10:04
*** rcernin has joined #openstack-lbaas10:10
*** ccamposr__ has quit IRC10:14
*** ccamposr__ has joined #openstack-lbaas10:14
*** rcernin has quit IRC10:17
*** yamamoto has joined #openstack-lbaas10:19
*** rcernin has joined #openstack-lbaas10:24
*** yamamoto has quit IRC10:25
*** zzzeek has quit IRC10:42
*** zzzeek has joined #openstack-lbaas10:43
*** vishalmanchanda has joined #openstack-lbaas10:49
*** yamamoto has joined #openstack-lbaas10:57
*** rcernin has quit IRC10:58
*** yamamoto has quit IRC11:03
*** rcernin has joined #openstack-lbaas11:23
*** masterpe has joined #openstack-lbaas11:40
masterpeWe use magnum to build k8s clusters, when using inbound with port 80 and 443 on a Octavia Amphora loadbalancer, some times the haproxy config in the Amphora lb gets mess up. Probably when k8s sends a update with 0 changes for the pool. My feeling is that https://review.opendev.org/c/openstack/octavia/+/782342 will fix this issue. Can I install this patch on a Train cluster.11:55
*** gregraka2 is now known as gregraka-afk11:55
*** rcernin has quit IRC11:55
openstackgerritCarlos Goncalves proposed openstack/octavia stable/ussuri: Fix empty Batch Member Update to unlock objects  https://review.opendev.org/c/openstack/octavia/+/78719011:58
gthiemongecgoncalves: thanks ;-)11:58
cgoncalvesgthiemonge, were you also working on the backport?11:58
masterpeIn http://eavesdrop.openstack.org/meetings/octavia/2020/octavia.2020-04-15-16.01.log.html#l-70 it is stated that https://review.opendev.org/#/c/711275/ has a requirement for octavia-lib in version 1.5.0+11:58
cgoncalvescouple of merge conflicts on stable/train. if you were already working on that, I can stop11:59
gthiemongecgoncalves: nop, I was looking at the story11:59
gthiemongemasterpe: cgoncalves is backporting the fix to stable/train12:03
masterpeah, nice. I'm I right that this patch solve the issue that the amphora mixes the diffrents pools into one haproxy backend?12:11
*** gregraka-afk is now known as gregraka12:12
gthiemongemasterpe: not sure, this patch fixes an issue with the provisioning status of the load balancer12:16
gthiemongemasterpe: what happens in your case? an invalid/weird haproxy configuration file?12:16
masterpeyes, after on update the pool with 0 changes. We get a mixed of multiple backends12:23
masterpein the haproxy12:23
cgoncalvesI'm not sure it is feasible to backport the patch to stable/train. it seems it to depend on https://review.opendev.org/c/openstack/octavia/+/688548 which as not backportable to stable/train either12:29
iceyanybody have an idea why I might see Details: {'code': 403, 'message': 'You are not authorized to perform the requested action: identity:list_role_assignments.', 'title': 'Forbidden'}(full trace: https://pastebin.ubuntu.com/p/2rnzVs2xy4/) running tempest octavia_tempest_plugin.tests.scenario.v2.test_traffic_ops.TrafficOperationsScenarioTest? Running 89 other tests seems fine, and the tempest config has an admin credentials configured with https://12:29
iceypastebin.ubuntu.com/p/nM47WsyGKG/12:29
masterpecgoncalves: That why i'm asking, 782342 is rework of 688548.12:32
cgoncalvesmasterpe, right. it also depends on a non-backportable octavia-lib change12:33
cgoncalvesfolks downstream could get creative and workaround the issue, I think12:34
gthiemongeicey: probably related to this change https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/77681712:35
gthiemongeicey: please check the release note, there's probably a tempest config issue: https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/776817/5/releasenotes/notes/Add-RBAC-scoped-tokens-tests-920aa35faf4a8c9d.yaml12:36
*** rpittau|bbl is now known as rpittau12:37
iceygthiemonge: so I should expect TrafficOperationsScenarioTest to fail with a fairly basic loac_balancer config in the tempest.conf?12:41
*** rcernin has joined #openstack-lbaas12:42
iceywould it be worth adding in `enforce_scope.octavia`?12:43
gthiemongeicey: no it should not fail12:44
iceygthiemonge: would you expect it to work correctly on Ussuri (as that's where I'm hitting this) - would I have better luck with a newer release? (not that I won't have to figure out how to get it passing on ussuri as well at some point)12:45
gthiemongeyeah it is strange that os_admin client fails12:45
iceyright before the access error in Keystone's logs, I also see `UserWarning: Policy identity:list_role_assignments failed scope check. The token used to make the request was project scoped but the policy requires ['system', 'domain'] scope. This behavior may change in the future where using the intended scope is required`12:46
*** rcernin has quit IRC12:46
johnsomYeah, so we added that because otherwise tempest doesn't log the roles assigned to the credentials tempest creates. This makes debugging nearly impossible with all of the keystone role changes going on.12:47
johnsomSo, icey, yes, you seem to be running keystone with scope checking, but tempest that doesn't have the scopes added?12:48
iceyjohnsom: awesome that the rest of a tempest smoke run doesn't have issues with this :)12:49
johnsomI would check your tempest version first, make sure it is up to date. If so, then ask in the #openstack-qa channel how to setup that admin credential to have the required system scope.12:49
iceyjohnsom: fresh from master ;-)12:49
johnsomYeah, that part is confusing to me as each tempest run should dump that list of roles....12:50
johnsomIt's in the base class for every tempest test....12:50
iceyit seems like that line's a warning, followed by a hard error, and I don't usually go through logs when tests pass /shrug12:50
johnsomKeystone changed this scope requirement in queens if I remember right12:50
johnsomBut recently they turned on checking the scope in a bunch of places12:51
iceyit doesn't look like my keystone has `enforce_scope = true`, so I'm confused about how I'd be walking into this :-/12:54
icey(/me is tempted to override the policy to allow whatever, as the purpose of my testing isn't to validate RBAC< but to validate, in this moment, Octavia in Ubuntu :-P12:54
icey)12:55
johnsomYeah, It's been hard for me too. The changes are all over the place, keystone, keystoneauth, oslo, tempest12:55
johnsomYeah, as a work around, you could disable that accounts.yaml override and run the test12:55
iceyI'm also using 1 point release back on Ussuri, so not super fresh OpenStack bits12:56
iceyjohnsom: you expect that it'd work with no accounts.yaml set?12:56
iceyshould I add in `use_dynamic_credentials = true` as well?12:57
johnsomI do. This is a tempest issue, probably they require something special when using the accounts.yaml override file for the new scopes stuff12:57
johnsomI would just leave it the defaults personally12:57
iceywill try that next!12:58
iceyand will also let you know how it goes, it'll be nice to get regular Octavia point releaess into Ubuntu with more validation :)12:58
iceys/releaess/releases/12:58
johnsom+112:59
johnsomicey This seems related: https://review.opendev.org/c/openstack/tempest/+/77317313:00
johnsomI would ask your question in #openstack-qa. The two people that would know how to fix your admin credential hang out there.13:00
iceyshould have still been getting that fix as I really enjoy my clean venvs and the requirements.txt is pointing at github13:01
iceyjohnsom: the part that's driving me insane is that it's only this one octavia test that's failing :-/13:01
*** psachin has quit IRC13:22
*** gcheresh has quit IRC13:38
*** vishalmanchanda has quit IRC13:39
*** vishalmanchanda has joined #openstack-lbaas13:47
zigoExcuse me, but what is octavia-housekeeping for?14:21
zigoI never ran it, and the Octavia service seemed working well anyways...14:22
zigojohnsom: ^14:22
johnsomPeriodic jobs. It cleans old database records, rotates the certificates issued to the amphora when they come close to expiration, manage the spares pool, etc.14:22
johnsomWithout it your database tables will grow forever and your amphora will eventually drop off the network as they will no longer be trusted.14:23
johnsomIt's been a part of the service since day one...14:24
johnsomDay one/Juno, lol14:24
*** gcheresh has joined #openstack-lbaas14:25
iceyjohnsom: still no luck, I think these are all of the relevant bits for the Octavia tempest test, wonder if you see anything: https://pastebin.ubuntu.com/p/v4z2t6rfbJ/14:29
zigojohnsom: Ok, I'll fix my puppet then ! :)14:29
zigoThanks.14:29
johnsomicey Yeah, it's the "auth" section I think. That is overriding some of the tempest defaults which I am guessing isn't doing the scope stuff keystone requires. Best place to ask is #openstack-qa14:30
johnsomI would ask in that channel "The tempest default os_admin account can no longer list roles in keystone with scope errors. How to I fix that? Here is my tempest config"14:32
johnsomThat should probably get you started over there.14:32
iceyjohnsom: I think I'll quote you directly on that14:35
icey:-D14:37
johnsomPlease do, lol14:37
*** sapd1 has joined #openstack-lbaas14:39
*** rcernin has joined #openstack-lbaas14:42
*** rcernin has quit IRC14:48
*** sapd1 has quit IRC14:49
johnsomicey I was hoping to not confuse them with a specific test as it's really not test related.14:53
*** sapd1 has joined #openstack-lbaas15:04
openstackgerritAdam Harwell proposed openstack/octavia master: Alias change amphorav2 -> amphora  https://review.opendev.org/c/openstack/octavia/+/74043215:33
*** rcernin has joined #openstack-lbaas15:50
*** rcernin has quit IRC15:55
*** gcheresh has quit IRC16:11
*** rpittau is now known as rpittau|afk16:59
*** rcernin has joined #openstack-lbaas17:51
*** rcernin has quit IRC17:56
*** luksky has quit IRC18:21
*** luksky has joined #openstack-lbaas18:21
*** vishalmanchanda has quit IRC19:09
*** luksky has quit IRC19:33
*** luksky has joined #openstack-lbaas19:33
*** gcheresh has joined #openstack-lbaas19:34
openstackgerritMichael Johnson proposed openstack/octavia master: Add Octavia performance guide and 2vcpu flavor  https://review.opendev.org/c/openstack/octavia/+/78728619:41
*** rcernin has joined #openstack-lbaas19:45
*** gcheresh has quit IRC19:55
openstackgerritGreg Rakauskas proposed openstack/octavia master: Edits for "Operator Maintenance Guide"  https://review.opendev.org/c/openstack/octavia/+/78728720:38
*** rcernin has quit IRC20:48
openstackgerritGreg Rakauskas proposed openstack/octavia master: Edits for "Operator Maintenance Guide"  https://review.opendev.org/c/openstack/octavia/+/78728721:00
*** jamesdenton has quit IRC21:11
openstackgerritGreg Rakauskas proposed openstack/octavia master: Edits for "Operator Maintenance Guide"  https://review.opendev.org/c/openstack/octavia/+/78728721:21
*** rcernin has joined #openstack-lbaas21:30
*** rcernin has quit IRC21:38
*** yamamoto has joined #openstack-lbaas22:01
*** yamamoto has quit IRC22:15
*** yamamoto has joined #openstack-lbaas22:16
*** rcernin has joined #openstack-lbaas22:21
*** rcernin has quit IRC22:26
*** rcernin has joined #openstack-lbaas22:39
*** rcernin has quit IRC22:44
*** rcernin has joined #openstack-lbaas22:46
*** rcernin has quit IRC22:53
*** rcernin has joined #openstack-lbaas22:53
*** luksky has quit IRC23:22
« Monday, 2021-04-19 Index Wednesday, 2021-04-21 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!