Wednesday, 2023-05-03

« Tuesday, 2023-05-02 Index Thursday, 2023-05-04 »
opendevreviewGregory Thiemonge proposed openstack/octavia master: [sqlalchemy2] Turn on RemovedIn20Warnings in tests  https://review.opendev.org/c/openstack/octavia/+/86128807:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: [sqlalchemy2] move to Session.get()  https://review.opendev.org/c/openstack/octavia/+/86128907:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: [sqlalchemy2] use attribute to indicate relationship  https://review.opendev.org/c/openstack/octavia/+/86131007:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: [sqlalchemy2] positional arguments for case  https://review.opendev.org/c/openstack/octavia/+/86131107:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: [sqlalchemy2] Use subquery to select from a query  https://review.opendev.org/c/openstack/octavia/+/86131207:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: [sqlalchemy2] Using non-integer/slice indices on Row is deprecated  https://review.opendev.org/c/openstack/octavia/+/86131307:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: [sqlaclhemy2] Don't pass strings to session.execute  https://review.opendev.org/c/openstack/octavia/+/86131407:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: [sqlalchemy2] Removal of cascade backrefs  https://review.opendev.org/c/openstack/octavia/+/86131507:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: [sqlalchemy2] Added missing relationships in models  https://review.opendev.org/c/openstack/octavia/+/87536407:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: [sqlalchemy2] subtransactions & autocommit removal  https://review.opendev.org/c/openstack/octavia/+/86131607:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: [sqlalchemy2] Disabling 'create_engine.convert_unicode' filter  https://review.opendev.org/c/openstack/octavia/+/87536507:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: Fix sqlalchemy declarative_base import  https://review.opendev.org/c/openstack/octavia/+/87589207:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: WIP Adding a functional job with SQLAlchemy master  https://review.opendev.org/c/openstack/octavia/+/87553207:07
opendevreviewGregory Thiemonge proposed openstack/octavia master: Fix pool_timeout for tests with sqlite file backend  https://review.opendev.org/c/openstack/octavia/+/88211707:07
opendevreviewTom Weininger proposed openstack/octavia master: DNM: profile w/ sqlalchemy2 using py-spy  https://review.opendev.org/c/openstack/octavia/+/87891707:16
opendevreviewTom Weininger proposed openstack/octavia-lib master: Add pre-commit config  https://review.opendev.org/c/openstack/octavia-lib/+/88212707:56
opendevreviewTom Weininger proposed openstack/octavia-lib master: Better __repr__() for data model  https://review.opendev.org/c/openstack/octavia-lib/+/88170108:00
opendevreviewTom Weininger proposed openstack/octavia-lib master: Add support for HTTP Strict Transport Security  https://review.opendev.org/c/openstack/octavia-lib/+/88082108:00
opendevreviewTom Weininger proposed openstack/python-octaviaclient master: Add support for HTTP Strict Transport Security  https://review.opendev.org/c/openstack/python-octaviaclient/+/88080808:05
opendevreviewTom Weininger proposed openstack/python-octaviaclient master: Add support for HTTP Strict Transport Security  https://review.opendev.org/c/openstack/python-octaviaclient/+/88080809:55
opendevreviewTom Weininger proposed openstack/octavia master: Add support for HTTP Strict Transport Security  https://review.opendev.org/c/openstack/octavia/+/88080610:13
opendevreviewMerged openstack/octavia-tempest-plugin master: Add h2 traffic/scenario test  https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/87442410:28
opendevreviewTom Weininger proposed openstack/octavia master: Add support for HTTP Strict Transport Security  https://review.opendev.org/c/openstack/octavia/+/88080610:28
opendevreviewTom Weininger proposed openstack/octavia master: Add support for HTTP Strict Transport Security  https://review.opendev.org/c/openstack/octavia/+/88080611:22
opendevreviewTom Weininger proposed openstack/octavia-tempest-plugin master: DNM profile o-* using py-spy  https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/87891913:41
opendevreviewTom Weininger proposed openstack/python-octaviaclient master: Add support for HTTP Strict Transport Security  https://review.opendev.org/c/openstack/python-octaviaclient/+/88080813:57
johnsomThe Octavia forum session will be Wednesday at 9am14:17
opendevreviewTom Weininger proposed openstack/octavia master: Add support for HTTP Strict Transport Security  https://review.opendev.org/c/openstack/octavia/+/88080614:19
crabjohnsom: on my controller I have client_ca.cert.pem  client.cert-and-key.pem  server_ca.cert.pem  server_ca.key.pem 14:52
crabamphora gets: client_ca.pem  server.pem14:54
crabfor starters, does that seem correct?14:54
crab(at least in terms of number of files if not content!)14:54
johnsomYes, that seems correct14:54
johnsomThe required files are listed here: https://docs.openstack.org/octavia/latest/admin/guides/certificates.html#configuring-octavia14:55
crabyeah i have worked through that whole document15:09
crabim trying to work out if i missed a step or got something wrong though.15:10
gthiemonge#startmeeting Octavia16:00
opendevmeetMeeting started Wed May  3 16:00:20 2023 UTC and is due to finish in 60 minutes.  The chair is gthiemonge. Information about MeetBot at http://wiki.debian.org/MeetBot.16:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:00
opendevmeetThe meeting name has been set to 'octavia'16:00
gthiemongeo/16:00
tweiningo/16:00
johnsomo/16:01
gthiemonge#topic Announcements16:02
gthiemonge* Octavia Forum Session at Vancouver16:02
gthiemongeFYI The Octavia Forum Session will be Wednesday, June 14th (9am)16:02
johnsomYep, it is scheduled for Wednesday morning at 9am16:02
tweiningwhat time is that in CEST?16:03
tweiningand, will it be streamed somehow?16:03
gthiemongewell I don't think it will be streamed16:04
gthiemongeI didn't see an announcement about it16:04
tweiningok, then forget my questions16:04
johnsomNo, I don't think they will be streaming the forum sessions16:05
johnsomI will be this time slot however16:05
gthiemonge* Bobcat Release Schedule16:07
gthiemongetweining has updated the review list etherpad with our priorities for the next milestones16:07
gthiemonge#link https://etherpad.opendev.org/p/octavia-priority-reviews16:07
gthiemongepriority #1 is python-neutronclient removal16:07
gthiemonge#link https://review.opendev.org/c/openstack/octavia/+/86632716:07
gthiemongejohnsom: you gave a CR+2 before it was rebased, could you take another look?16:07
johnsomSure, NP16:08
gthiemongethanks!16:08
gthiemonge#topic CI Status16:09
gthiemongethe Ubuntu Jammy nested-virt nodes are ok now16:10
gthiemongethe vexxhost nodes were removed16:10
johnsomOh good16:10
gthiemonge(the latest issue was random mirror issues that is under investigation)16:10
gthiemongeso the question:16:10
gthiemongeshould we merge "Updating Octavia tempest jobs on Ubuntu jammy (22.04)" now?16:10
gthiemonge#link https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/86136916:10
gthiemongein case those nodes are re-enabled we might be exposed to new failures16:11
gthiemongeor should we expect that if they re-enable the nodes, they should work as expected?16:11
gthiemongewhat do you think?16:11
johnsomI think it's ok to merge if it's passing16:11
johnsomWe should remove that centos 8 job too16:11
johnsomin another patch16:11
gthiemongeyeah16:12
gthiemongeok, I'm +2 it16:12
tweiningI concur16:12
gthiemongewe also need to add zed(!) and antelope jobs (zed is in the chain)16:12
gthiemongegmann has also a patch for the CI jobs, I'll rebase it16:13
gthiemongejohnsom: could you also review https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/861369 ?16:13
tweiningthat was fast :)16:14
gthiemongethanks!16:14
gthiemonge#topic Brief progress reports / bugs needing review16:15
gthiemongeI have 2 bugfixes that need reviews:16:15
johnsomgthiemonge I already did +2 that one16:15
gthiemonge+116:15
gthiemonge#link https://review.opendev.org/c/openstack/octavia/+/88172816:15
gthiemongethis patch fixes the incorrect removal of one IP rule in the amphora namespace16:15
gthiemongewith some specific network topologies, the bug makes the VIP unresponsive16:16
gthiemongeit is backport candidate to >=wallaby16:16
gthiemongeand I also have:16:16
gthiemonge#link https://review.opendev.org/c/openstack/octavia/+/88171916:16
gthiemongeit fixes a potential bug when plugging a new member subnet into the amp16:16
gthiemongesee https://bugs.launchpad.net/octavia/+bug/201789416:16
gthiemongeit affects all the releases (>=train)16:17
gthiemongetweining had an interesting question, because I added an hardcoded value to a loop16:17
gthiemonge#link https://review.opendev.org/c/openstack/octavia/+/881719/comment/4fd18ed7_78438fab/16:17
gthiemongemaybe I should set a more reasonable value, or I should remove the upper limit, but I don't like to add a possible infinite loop16:17
tweiningmy concern was mostly about test performance, although the number isn't huge really16:18
gthiemongethe loop should never go that far16:19
gthiemongeunless a user adds 65k members with their own networks16:19
tweininghttps://review.opendev.org/c/openstack/octavia/+/881719/2/octavia/tests/unit/amphorae/backends/agent/api_server/test_plug.py#44716:19
johnsomOne other thing there, we always work with MAC addresses and never trust the interface name. 16:19
johnsomInterface naming changes release to release and across distros16:20
gthiemongeit is used for renaming the new interface in the ns16:20
johnsomI was very careful in the old code to never rely on the name unless we set it16:20
gthiemongeI mean, this name is only used when renaming the iface, and in other calls, we use the hwaddr16:21
johnsomOk, I will take some time looking at this patch. Historically we used the interface file to make sure we had no name conflicts, etc.16:21
gthiemongewe could use "eth<network_uuid>"16:21
johnsomNah, short is fine, just want to make sure we don't make assumptions that will break on other distros16:22
gthiemongeok16:22
tweiningI'm mostly done with my work on the new HSTS feature, but there might be some detail fixes while I'm still testing16:24
tweininghttps://review.opendev.org/q/topic:hsts-haproxy+-is:wip16:24
tweiningfor some reason the new tempest test times out in my devstack env, but I think it succeeded in Zuul, so it's probably a configuration issue with my environment16:25
gthiemongeack, the priority is the octavia-lib patch, because we need a new release for the other patches16:25
johnsomRight16:26
gthiemonge#topic Open Discussion16:29
tweiningregarding that octavia-lib change you talked. there is a parent patch: https://review.opendev.org/c/openstack/octavia-lib/+/881701/216:30
tweiningit is similar to the db model repr() implementation I did last year. I'll need to check if there are fields that might be security sensitive.16:31
gthiemongeack16:32
tweiningalso, since I hate stestr I worked on adding support for running unit tests and functional tests with pytest16:32
tweiningfor octavia, not octavia-lib16:32
tweininghttps://review.opendev.org/q/topic:tox-pytest16:33
gthiemongetweining: what are the main differences?16:33
tweiningmuch more convenient to use. just look at the options that pytest offers.16:34
tweiningI also love pytest for its fixtures and ease of use, but we're uses standard unittest style tests, so that is not a benefit in our case16:35
gthiemongejohnsom: do we have some requirements on those tools?16:35
gthiemongejohnsom: stestr vs pytest16:36
tweiningpytest can also run tests in parallel and I noticed that certain tests fail when I run them in parallel. that is a sign that there is something wrong with some tests16:36
johnsomYeah, I think there is an OpenStack standard for that. I vaguely remember it when we switched the tool, testr->ostestr->stester16:36
johnsomAll our tests run in parallel16:37
tweiningI saw that some openstack projects do use pytest 16:37
tweiningyeah, but stestr runs them differently aparently16:37
johnsomFor example: 2023-05-03 13:45:00.458197 | ubuntu-jammy | {7} octavia.tests.unit.common.tls_utils.test_cert_parser.TestTLSParseUtils.test_validate_cert_and_key_match [0.138818s] ... ok16:38
johnsomThe {7} means it is running on the seventh thread16:38
johnsomThe current system also randomizes the order of the tests16:39
gthiemongewe could ping openstack-qa to get their feedback on it16:39
tweiningIDK, that might play a role.16:39
tweiningjust to be clear: I do not propose to use pytest instead of stestr16:40
tweiningmy patch only adds pytest as an option and as new tox test envs16:41
tweiningpytest-unit and pytest-func16:41
gthiemongeack16:42
gthiemongeok folks, any other topics?16:44
gthiemongeok!16:46
gthiemongethank you!16:46
gthiemonge#endmeeting16:46
opendevmeetMeeting ended Wed May  3 16:46:41 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:46
opendevmeetMinutes:        https://meetings.opendev.org/meetings/octavia/2023/octavia.2023-05-03-16.00.html16:46
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/octavia/2023/octavia.2023-05-03-16.00.txt16:46
opendevmeetLog:            https://meetings.opendev.org/meetings/octavia/2023/octavia.2023-05-03-16.00.log.html16:46
opendevreviewTom Weininger proposed openstack/octavia master: Make tests work with pytest runner  https://review.opendev.org/c/openstack/octavia/+/88180516:47
opendevreviewTom Weininger proposed openstack/octavia master: Add pytest testenv to tox.ini  https://review.opendev.org/c/openstack/octavia/+/88173916:47
opendevreviewTom Weininger proposed openstack/octavia master: DNM: Test CI with pytest running  https://review.opendev.org/c/openstack/octavia/+/88174016:47
opendevreviewMerged openstack/octavia master: Remove python-neutronclient  https://review.opendev.org/c/openstack/octavia/+/86632718:39
crabjohnsom: so i think that a big part of our problem was that we didnt set the correct mtu on our switch for the vxlan interface on the hypervisor that hosts our octavia controller. we have fixed that now, so the ssl negotiation seems to "work" we have some other problems but that was the main thing. 21:26
crabwe had it right for our neutron instances but that one caught us off guard. :(21:26
johnsomcrab Awesome that you found the issue!21:34
crabindeed. and thanks very much for your help.21:50
crabi think we still have a few hurdles to get over but we are getting there21:51
johnsomCool, let us know if we can help21:53
« Tuesday, 2023-05-02 Index Thursday, 2023-05-04 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!