| opendevreview | Quentin GROLLEAU proposed openstack/octavia master: Add validation for minimum number of ips when the subnet is specified https://review.opendev.org/c/openstack/octavia/+/898803 | 09:33 |
|---|---|---|
| opendevreview | Lê Minh Thư proposed openstack/octavia master: Add validate L7Rule containing special characters https://review.opendev.org/c/openstack/octavia/+/901584 | 14:17 |
| gthiemonge | #startmeeting Octavia | 16:00 |
| opendevmeet | Meeting started Wed Nov 22 16:00:20 2023 UTC and is due to finish in 60 minutes. The chair is gthiemonge. Information about MeetBot at http://wiki.debian.org/MeetBot. | 16:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 16:00 |
| opendevmeet | The meeting name has been set to 'octavia' | 16:00 |
| gthiemonge | hi | 16:00 |
| johnsom | o/ | 16:00 |
| tweining | o/ | 16:00 |
| oschwart | o/ | 16:00 |
| gthiemonge | #topic Announcements | 16:01 |
| gthiemonge | no announcements from me, do you have any? | 16:01 |
| johnsom | Milestone 1 was last week | 16:02 |
| gthiemonge | right | 16:02 |
| tweining | nothing from me | 16:02 |
| johnsom | Otherwise I don't think I have anything | 16:02 |
| gthiemonge | #topic CI Status | 16:03 |
| QG | o/ | 16:03 |
| gthiemonge | Reminder, we have some patches in review for the DB deadlock issue | 16:04 |
| gthiemonge | https://bugs.launchpad.net/octavia/+bug/2038798 | 16:04 |
| gthiemonge | https://review.opendev.org/c/openstack/octavia/+/899662 | 16:04 |
| gthiemonge | https://review.opendev.org/c/openstack/octavia/+/899663 | 16:04 |
| opendevreview | Pierre-Yves Jourel proposed openstack/octavia master: Add possibility to Resize a Load Balancer https://review.opendev.org/c/openstack/octavia/+/890215 | 16:05 |
| gthiemonge | #topic Brief progress reports / bugs needing review | 16:06 |
| johnsom | I am working on this bug: https://bugs.launchpad.net/octavia/+bug/2043582 | 16:08 |
| gthiemonge | +1 | 16:08 |
| johnsom | Handling certs with empty subject fields. I plan to have a patch today, hopefully a test as well | 16:08 |
| gthiemonge | I've been working on health-monitor issues | 16:08 |
| gthiemonge | there are 2 bugs: | 16:09 |
| gthiemonge | 1. Bug with HTTP/HTTPS HMs on pools with ALPN | 16:09 |
| gthiemonge | https://review.opendev.org/c/openstack/octavia/+/901435 | 16:09 |
| gthiemonge | 2. Bug with TLS-HELLO HMs | 16:09 |
| gthiemonge | https://review.opendev.org/c/openstack/octavia/+/901524 | 16:09 |
| tweining | I assume the reason why https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/893066/16 still has V-1 is that https://review.opendev.org/q/I700c65fb17bad28b2b922e03d9c94c4716de9cbe hasn't been merged yet, right? | 16:10 |
| gthiemonge | yeah probably | 16:11 |
| oschwart | right, I was about to write about it | 16:11 |
| oschwart | noop api u/s jobs fail because they could not find the new noop certificate manager | 16:13 |
| pyjou | Also I respond to comments in my RFE https://review.opendev.org/c/openstack/octavia/+/885490 | 16:14 |
| gthiemonge | pyjou: thanks | 16:14 |
| pyjou | And I've made a new patchset for this change https://review.opendev.org/c/openstack/octavia/+/890215 | 16:15 |
| gthiemonge | pyjou: the flavor cannot be updated with PUT | 16:15 |
| johnsom | There was some interest in this spec on the mailing list this week | 16:15 |
| pyjou | gthiemonge: I had a discussion about PUT vs POST on this comment: https://review.opendev.org/c/openstack/octavia/+/890215/comment/60969576_6795c5f5/ | 16:18 |
| gthiemonge | pyjou: sorry I was replying to your comment in https://review.opendev.org/c/openstack/octavia/+/885490 | 16:20 |
| gthiemonge | I'm looking for a way to revert the resize | 16:21 |
| gthiemonge | without having to create flavor/flavorprofile for the default nova flavor | 16:21 |
| johnsom | Revert inside the flow? | 16:22 |
| gthiemonge | nop, for instance, I resize the LB with an Octavia flavor that uses a nova flavor "amphora-big", then I change my mind, I want to use the default flavor | 16:23 |
| johnsom | I think my advice was to keep things a bit more simple such that if the user wanted to revert they just resize again. | 16:23 |
| gthiemonge | how do i switch back to my "amphora-default" flavor? | 16:24 |
| johnsom | The same way you switched to amphora-big IMO | 16:24 |
| gthiemonge | yeah so we need octavia flavors/flavorprofiles for the default flavor | 16:24 |
| gthiemonge | not a huge issue if it's documentetd | 16:25 |
| oschwart | so a resize revert would require 2 failovers? | 16:25 |
| johnsom | Ah, I see what you are saying, resize to flavor None | 16:25 |
| pyjou | A revert solution was proposed. Then I followed Johnsom's advice to remove the revert because users can just resize again to revert. | 16:25 |
| gthiemonge | pyjou: yeah I think it's acceptable | 16:26 |
| gthiemonge | pyjou: it would be great to have a admin doc that explains this feature | 16:26 |
| gthiemonge | maybe here https://docs.openstack.org/octavia/latest/admin/guides/operator-maintenance.html | 16:27 |
| pyjou | gthiemonge: No problem at all | 16:27 |
| gthiemonge | cool | 16:30 |
| gthiemonge | #topic Open Discussion | 16:30 |
| QG | is it the housekeeping that is supposed to renew the certificates used between the amphorae and the workers? | 16:31 |
| johnsom | Yes | 16:32 |
| johnsom | Housekeeping is the periodic job engine | 16:32 |
| QG | if the worker certificate is renewed (before it expires) will housekeeping renew it? | 16:33 |
| johnsom | Housekeeping will only renew the certificates issued to the amphora | 16:34 |
| gthiemonge | pyjou: maybe the resize feature could be described there: https://docs.openstack.org/octavia/latest/admin/flavors.html | 16:34 |
| pyjou | gthiemonge: Ack | 16:34 |
| QG | because for some reason the certificate on the worker side have been renewed, and the worker can no longer talk to amphora, and i was thinking may be the housekeeping can renew the amphora certif when it doesn't correspond anymore to the worker one | 16:36 |
| johnsom | The control plane side needs to be manually renewed. This is usually done with the deployment tooling, so it can do a rolling update across the controllers. | 16:38 |
| johnsom | We also tend to use lengthy validity periods for the control plane side. | 16:38 |
| QG | ok thanks johnsom for the infos ! | 16:39 |
| johnsom | #link https://docs.openstack.org/octavia/latest/admin/guides/operator-maintenance.html#rotating-cryptographic-certificates | 16:39 |
| tweining | lengthy = 10 years AFAIR :) | 16:39 |
| johnsom | Yeah, we typically do 50 for the CA, then 10 for the control plane, then 1 year for the amphora. If I remember right | 16:39 |
| gthiemonge | any other topics? | 16:43 |
| tweining | no | 16:43 |
| oschwart | nothing from me | 16:44 |
| opendevreview | Lê Minh Thư proposed openstack/octavia master: Fix duplicate specified VIP among load balancers https://review.opendev.org/c/openstack/octavia/+/901595 | 16:44 |
| tweining | did have a look at the spec from nova about health endpoints? | 16:44 |
| tweining | I forgot/had no time to read it | 16:44 |
| gthiemonge | nop, I didn't | 16:45 |
| tweining | o/ | 16:50 |
| gthiemonge | ok, I guess that's it! | 16:50 |
| gthiemonge | thank you guys | 16:50 |
| gthiemonge | #endmeeting | 16:50 |
| opendevmeet | Meeting ended Wed Nov 22 16:50:29 2023 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:50 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/octavia/2023/octavia.2023-11-22-16.00.html | 16:50 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/octavia/2023/octavia.2023-11-22-16.00.txt | 16:50 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/octavia/2023/octavia.2023-11-22-16.00.log.html | 16:50 |
| gallee | Hi, I am wondering if it is the expected behaviour to accept an HTTP_COOKIE session persistence on a TCP pool. This has no effect on the session persistence (which is normal since HA proxy supports this for HTTP traffic) | 16:51 |
| gthiemonge | gallee: I don't think it is expected, I know that some validation steps were missing for non-HTTP objects | 16:53 |
| gallee | Shall I open a bug ? | 16:55 |
| johnsom | It can't hurt to open a bug. https://bugs.launchpad.net/octavia | 16:56 |
| gallee | ok will do | 16:58 |
| opendevreview | Michael Johnson proposed openstack/octavia master: Fix issue with certificates with no subject or CN https://review.opendev.org/c/openstack/octavia/+/901689 | 21:50 |
| opendevreview | Michael Johnson proposed openstack/octavia master: Fix issue with certificates with no subject or CN https://review.opendev.org/c/openstack/octavia/+/901689 | 22:49 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!