| opendevreview | Tom Weininger proposed openstack/octavia master: Replace use of deprecated cert.not_valid_after https://review.opendev.org/c/openstack/octavia/+/921356 | 08:02 |
|---|---|---|
| opendevreview | Tom Weininger proposed openstack/octavia master: Fix cipher configuration for TLSv1.3 https://review.opendev.org/c/openstack/octavia/+/919846 | 10:27 |
| opendevreview | Tom Weininger proposed openstack/octavia master: Add pytest testenv to tox.ini https://review.opendev.org/c/openstack/octavia/+/881739 | 10:27 |
| opendevreview | Tom Weininger proposed openstack/octavia master: Make tests work with pytest runner https://review.opendev.org/c/openstack/octavia/+/881805 | 10:27 |
| opendevreview | Tom Weininger proposed openstack/octavia master: Fix cipher configuration for TLSv1.3 https://review.opendev.org/c/openstack/octavia/+/919846 | 10:46 |
| opendevreview | Tom Weininger proposed openstack/octavia master: Add pytest testenv to tox.ini https://review.opendev.org/c/openstack/octavia/+/881739 | 10:46 |
| opendevreview | Tom Weininger proposed openstack/octavia master: Make tests work with pytest runner https://review.opendev.org/c/openstack/octavia/+/881805 | 10:46 |
| opendevreview | Tom Weininger proposed openstack/octavia master: Fix cipher configuration for TLSv1.3 https://review.opendev.org/c/openstack/octavia/+/919846 | 11:12 |
| opendevreview | Tom Weininger proposed openstack/octavia master: Add pytest testenv to tox.ini https://review.opendev.org/c/openstack/octavia/+/881739 | 11:12 |
| opendevreview | Tom Weininger proposed openstack/octavia master: Make tests work with pytest runner https://review.opendev.org/c/openstack/octavia/+/881805 | 11:12 |
| opendevreview | Tom Weininger proposed openstack/octavia master: Replace use of deprecated cert.not_valid_after https://review.opendev.org/c/openstack/octavia/+/921356 | 13:21 |
| opendevreview | Gregory Thiemonge proposed openstack/octavia-tempest-plugin master: Check stability of rocky jobs https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/921269 | 14:48 |
| opendevreview | Tom Weininger proposed openstack/octavia-tempest-plugin master: Remove reference to train and ussuri https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/915851 | 15:08 |
| opendevreview | Tom Weininger proposed openstack/octavia-tempest-plugin master: Update branch regex to adapt to unmaintained branches https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/915852 | 15:08 |
| opendevreview | Tom Weininger proposed openstack/octavia-tempest-plugin master: Add stable/2024.1 jobs https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/915853 | 15:08 |
| gthiemonge | "Remove reference to train and ussuri" I think we can go from train to zed now :D | 15:12 |
| tweining | yeah, I just rebased the patch series :) | 15:13 |
| gthiemonge | #startmeeting Octavia | 16:00 |
| opendevmeet | Meeting started Wed Jun 5 16:00:38 2024 UTC and is due to finish in 60 minutes. The chair is gthiemonge. Information about MeetBot at http://wiki.debian.org/MeetBot. | 16:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 16:00 |
| opendevmeet | The meeting name has been set to 'octavia' | 16:00 |
| gthiemonge | o/ | 16:00 |
| johnsom | o/ | 16:00 |
| tweining | o/ | 16:00 |
| gthiemonge | #topic Announcements | 16:02 |
| gthiemonge | * 2024.2 Dalmatian Release Schedule | 16:02 |
| gthiemonge | nothing special here but I would like to share that I'm going to update the priority review list | 16:03 |
| gthiemonge | IMHO it's better to have it now than just before the next milestones | 16:03 |
| tweining | true | 16:03 |
| gthiemonge | note: we may have a lot of merge conflicts in the existing reviews now that the f-string patch is merged | 16:03 |
| johnsom | No "may" about it, there are a lot | 16:04 |
| tweining | probably a good opportunity to identify zombie patches | 16:05 |
| tweining | ie. those who don't get rebased | 16:05 |
| johnsom | And neglected patches, there seem to be a lot of those as well | 16:05 |
| gthiemonge | yeah | 16:06 |
| opendevreview | Gregory Thiemonge proposed openstack/octavia-tempest-plugin master: Check stability of rocky jobs https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/921269 | 16:07 |
| gthiemonge | that's all for my announcements, do you have anything else? | 16:08 |
| tweining | no | 16:08 |
| johnsom | Nope | 16:09 |
| gthiemonge | #topic CI Status | 16:10 |
| gthiemonge | rockylinux jobs are failing in octavia-tempest-plugin (they are non-voting) | 16:10 |
| gthiemonge | it's under investigation | 16:10 |
| johnsom | I have not had a chance to look at the IPv6 only job yet. | 16:11 |
| gthiemonge | there are still a few commits stuck on 2023.1 because grenade was failing, I rechecked one of them to see if it passes, then I'll recheck the remaining reviews | 16:11 |
| tweining | https://review.opendev.org/c/openstack/octavia/+/920989 https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/921269 for reference, these are the patches about failing rocky9 jobs | 16:11 |
| tweining | (and thanks for identifying the issues) | 16:12 |
| tweining | re CI, we still need to make adjustments to jobs for 2024.2. I rebased Takashi's patch series before the meeting | 16:13 |
| gthiemonge | +1 | 16:13 |
| tweining | https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/915853 | 16:13 |
| gthiemonge | thanks | 16:13 |
| tweining | https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/915852/3/zuul.d/jobs.yaml should we continue to test unmaintained branches in the CI? | 16:13 |
| johnsom | No, some have already started to break due to devstack changes | 16:14 |
| tweining | ok, I will propose a new patch that will replace the patch series then. I already started working on it. | 16:14 |
| gthiemonge | ack, thank you tweining | 16:15 |
| gthiemonge | #topic Brief progress reports / bugs needing review | 16:17 |
| tweining | please go first, if you have anything. I have a few things | 16:17 |
| gthiemonge | nothing from me ;-) | 16:18 |
| johnsom | #link https://review.opendev.org/c/openstack/devstack/+/885468 | 16:18 |
| johnsom | I.e. anything using focal won't stack now | 16:18 |
| johnsom | I am working on the nftables part of the SR-IOV for member ports. | 16:18 |
| tweining | good to know | 16:18 |
| johnsom | I hit a speed bump yesterday in that I was using the "ingress" hook in nftables for the rules, which simplifies the rules because I could hook a specific interface (i.e. eth1). | 16:19 |
| johnsom | The problem is, you can't use conntrack rules here, so you can't enable "established" rules to allow return traffic from calls out. | 16:20 |
| tweining | that SRIOV stuff only works with nftables, right? | 16:21 |
| johnsom | So, I need to move everything to "input", and interface handling, and figure out the best way to structure these rules. The tricky part is the member interface add/remove is async so, it's harder to build a "whole" rule set for each plug/unplug | 16:21 |
| johnsom | Yes, that is a choice I made. Move to only support nftables, as most distros are doing the same | 16:22 |
| tweining | or, in other words, it would break without nftables. So, wouldn't that break rocky9 jobs then if we disable nftables there? | 16:22 |
| johnsom | Yes, the image builder now requires nftables | 16:23 |
| gthiemonge | (that's another problem but we need to fix nftables in rocky9 if nftables is the issue) | 16:24 |
| johnsom | Rocky 9 should have nftables as centos 9 did | 16:24 |
| johnsom | If you think it has an nftables issue and want me to take a look, send me the build link | 16:26 |
| tweining | https://zuul.opendev.org/t/openstack/build/25eb991b4e3c4f1995cd858393d95e51 for instance | 16:29 |
| tweining | I guess we can move on | 16:29 |
| tweining | https://review.opendev.org/c/openstack/octavia/+/919846 Fix cipher configuration for TLSv1.3 | 16:29 |
| tweining | that patch is now complete. I tested it and it covers now both frontend and backend encryption | 16:30 |
| tweining | I also added a comment in the bugreport that describes my steps for verifying the fix. | 16:30 |
| QG | Ah cool, thanks tweining | 16:31 |
| johnsom | Cool, thanks for working on that | 16:31 |
| tweining | I didn't do a lot of programming in Python in the last few months. That's why I really enjoyed writing some Python code again for the TLS cipher config fix. | 16:32 |
| tweining | The code does quite a lot of things considering that it's just very few lines. I think in most other programming languages the same change would require a lot more code that would probably be a lot less readable. | 16:32 |
| tweining | enough rambling. please review. :) | 16:32 |
| tweining | https://review.opendev.org/c/openstack/octavia/+/921356 Replace use of deprecated cert.not_valid_after. I found this deprecation warning during testing with devstack. I didn't do any testing of this, but it looks like it shouldn't break anything. | 16:33 |
| tweining | https://review.opendev.org/q/topic:%22mypy%22+repo:openstack/octavia last but not least please don't forget the typing patches | 16:34 |
| gthiemonge | ack | 16:35 |
| gthiemonge | #topic Open Discussion | 16:36 |
| tweining | nothing else from me | 16:38 |
| johnsom | I don't think I have anything else either | 16:39 |
| gthiemonge | ok! | 16:39 |
| johnsom | I am pretty sure that rocky job is failing for reasons other than nftables. It can't reach the amp, which doesn't use nftables, it relies on security groups. | 16:40 |
| johnsom | unless rocky has some "default" firewall setup different than the others | 16:40 |
| gthiemonge | yeah it's really weird, but the only recent change in the amp is that we have enabled nftables by default | 16:40 |
| gthiemonge | and based on my experience, rockylinux has some issues when using nftables | 16:41 |
| johnsom | That is only used inside the netns for lvs right? | 16:41 |
| johnsom | Unless you have sr-iov enabled | 16:41 |
| gthiemonge | it may have default rules for the other interfaces | 16:41 |
| QG | I have a quick question about ports quota and loadbalancer creation | 16:41 |
| QG | we may have spot a bug, when you create a loadbalancer and you only have enough quota to create the vrrp port but not more, Octavia is returning a 500 | 16:43 |
| QG | Does this sound familiar? i will create a bug in launchpad | 16:43 |
| gthiemonge | the octavia-api only checks that it can create a VIP port | 16:44 |
| gthiemonge | 500 is weird there | 16:44 |
| johnsom | Hmm, not normal. | 16:44 |
| gthiemonge | yeah please create a launchpad | 16:44 |
| johnsom | We should not be returning a 500 to the user. Please open a bug | 16:44 |
| gthiemonge | QG: yoy don't have enough quota in the user's project or in the project that runs Octavia? | 16:45 |
| QG | In the user's project | 16:45 |
| gthiemonge | interesting, but yeah 500 is a bug | 16:46 |
| johnsom | Oh, please review: https://review.opendev.org/c/openstack/octavia/+/919974 it is a backport candidate | 16:46 |
| gthiemonge | ack | 16:47 |
| QG | ok and i think it let the vrrp created without deleting it | 16:47 |
| gthiemonge | there's known issue with leaked ports on errors: https://bugs.launchpad.net/octavia/+bug/2015320 | 16:49 |
| QG | ok thanks ! | 16:49 |
| gthiemonge | any other topics for today? | 16:50 |
| QG | Ah, and we'll try to get back to Octavia's topic with the deployment of amphoras on several AZs. ( https://review.opendev.org/c/openstack/octavia/+/558962 ) | 16:50 |
| gthiemonge | wow | 16:51 |
| gthiemonge | don't hesitate if you need help | 16:53 |
| gthiemonge | ok folks! | 16:53 |
| gthiemonge | thank you for the discussions | 16:53 |
| gthiemonge | have a good week | 16:53 |
| gthiemonge | #endmeeting | 16:53 |
| opendevmeet | Meeting ended Wed Jun 5 16:53:56 2024 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:53 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/octavia/2024/octavia.2024-06-05-16.00.html | 16:53 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/octavia/2024/octavia.2024-06-05-16.00.txt | 16:53 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/octavia/2024/octavia.2024-06-05-16.00.log.html | 16:53 |
| opendevreview | Tom Weininger proposed openstack/octavia-tempest-plugin master: Updates of jobs config for 2024.2 https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/921402 | 17:24 |
| tweining | gthiemonge: candidate for your priority list ^ | 17:24 |
| tweining | ... once I fixed the errors ;) | 17:25 |
| opendevreview | Tom Weininger proposed openstack/octavia-tempest-plugin master: Updates of jobs config for 2024.2 https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/921402 | 17:30 |
| opendevreview | Tom Weininger proposed openstack/octavia-tempest-plugin master: Updates of jobs config for 2024.2 https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/921402 | 17:33 |
| opendevreview | Merged openstack/octavia stable/2024.1: Fix listener update when using SRIOV VIP https://review.opendev.org/c/openstack/octavia/+/919649 | 17:36 |
| opendevreview | Merged openstack/octavia stable/2023.1: Fix health monitor information retrieval in API response https://review.opendev.org/c/openstack/octavia/+/917677 | 19:19 |
| sorbal | Hello, I am having trouble understanding the strategy behind the octavia_lib and how for example the listener has a data model defined in the octavia/common/data_models.py but the same time this listener data model is defined in the octavia_lib/drivers/data_models.py | 19:25 |
| sorbal | The octavia/api/drivers/utils.py uses both data models with the octavia_lib imported as driver_dm. But why is this needed? Why can't there be just one "source of truth" for the data models? | 19:25 |
| sorbal | I understand that octavia_lib is there to help with the development of provider drivers but I can't find any info in the docs to explain design choices like that. | 19:25 |
| sorbal | I would greatly appreciate it if anyone could point me to the right docs or explain the logic behind such decisions if you got the time. Thank you! | 19:26 |
| johnsom | Yeah, I can understand that confusion. | 19:30 |
| johnsom | The point of octavia_lib is to be used with third party provider drivers, like the neutron OVN driver, F5, etc. | 19:31 |
| johnsom | The doc that talks to this is here: https://docs.openstack.org/octavia/latest/contributor/guides/providers.html | 19:31 |
| johnsom | The data models are different because the use case is different for them both. There is data in the internal Octavia data model that is not helpful for the drivers (IDs for resources they don't have access to, etc). | 19:32 |
| johnsom | An example is user certificate data, we have to extract those and send the content to the driver, where internally we just have hrefs that the Octavia controllers have access to. | 19:34 |
| johnsom | I had to write all of those data-model to provider data model methods, so I know the pain. | 19:34 |
| johnsom | The spec for the provider feature might also provide some context: https://github.com/openstack/octavia/blob/master/specs/version1.1/enable-provider-driver.rst | 19:35 |
| sorbal | I see, yes I guess resources they don't have direct access to makes sense for that kind of split, I didn't notice. | 19:44 |
| sorbal | I have to make changes to the octavia_lib then for the WAF as well since octavia follows this pattern. | 19:44 |
| sorbal | Thank you, I will look into both links. | 19:44 |
| johnsom | Sure, NP | 19:45 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!