Friday, 2013-12-06

« Thursday, 2013-12-05 Index Saturday, 2013-12-07 »
openstackgerritA change was merged to openstack/neutron: Fix downgrade in migration  https://review.openstack.org/5309100:00
*** jianingy_afk is now known as jianingy00:16
*** dims has quit IRC00:21
openstackgerritSalvatore Orlando proposed a change to openstack/neutron: Test commit for testing parallel job in experimental queue  https://review.openstack.org/5742000:23
*** Abhishek_ has quit IRC00:31
*** dims has joined #openstack-neutron00:33
*** Abhishek has joined #openstack-neutron00:34
*** SridarK has quit IRC00:38
*** aymenfrikha has quit IRC00:40
*** banix has quit IRC00:40
*** harlowja has quit IRC00:40
*** harlowja has joined #openstack-neutron00:42
openstackgerritJianing Yang proposed a change to openstack/neutron: Fix str2dict and dict2str's incorrect behavior  https://review.openstack.org/6019500:46
*** Abhishek has quit IRC00:49
openstackgerritEdgar Magana proposed a change to openstack/neutron: Implements provider network support in PLUMgrid plugin  https://review.openstack.org/6038300:50
*** mestery has quit IRC01:04
*** mestery has joined #openstack-neutron01:05
*** Abhishek has joined #openstack-neutron01:07
*** Abhishek has quit IRC01:11
*** annegentle has quit IRC01:18
*** mengxd has joined #openstack-neutron01:20
*** annegentle has joined #openstack-neutron01:25
*** dzyu has joined #openstack-neutron01:48
openstackgerritberlin proposed a change to openstack/neutron: Add Error Handling to NVP advanced LBaaS/FWaaS  https://review.openstack.org/5962501:53
*** marun has joined #openstack-neutron01:59
*** dzyu_ has joined #openstack-neutron02:00
*** dzyu has quit IRC02:01
*** dzyu_ is now known as dzyu02:01
*** julim has quit IRC02:06
*** Jianyong has joined #openstack-neutron02:14
*** changbl has joined #openstack-neutron02:16
*** rkukura has joined #openstack-neutron02:21
*** yamahata_ has joined #openstack-neutron02:28
*** mestery has quit IRC02:30
*** djbkd has joined #openstack-neutron02:30
*** mestery has joined #openstack-neutron02:33
openstackgerritgongysh proposed a change to openstack/python-neutronclient: refactor showcommand and RetrivePoolStats command  https://review.openstack.org/4729202:34
marunsalv-orlando: ping02:38
salv-orlandomarun: pong02:39
marunsalv-orlando: my, you're up early?02:40
salv-orlandomarun: nope about to go to bed (2.40 am)02:40
marunsalv-orlando: ah, uk?02:40
marunsalv-orlando: I'll make it quick, sorry.02:40
salv-orlandomarun: correct.02:40
salv-orlandogo ahead. Don't give me the nightmares please02:40
marunsalv-orlando: if the neutron service is restarted, does it notify the agents?02:40
salv-orlandoit does not.02:41
salv-orlandoI don't think the agents get any notification when a neutron server goes down/up02:41
salv-orlandoindeed they keep sending state reports even if nobody listens02:41
marunsalv-orlando: Someone on the mailing list was asking about that in regards to the agents staying in sync if the service goes down02:41
marunsalv-orlando: but when I think about it, if the service is down no changes are going to be made until it starts again anyway02:42
marunsalv-orlando: so, null question.  don't let me keep you any longer. :)02:42
salv-orlandoindeed, this is why I am struggling to understand the question02:42
salv-orlandoI don't think there's any need for agent-2-agent synchronization02:42
marunsalv-orlando: his email wasn't entirely coherent.02:42
marunsalv-orlando: and my questions reflects that.  I'm sorted now.02:42
salv-orlandobtw, question for you, before I head to bed02:42
marunshoot02:42
salv-orlandoovs commands; I'm seeing them timing out02:43
salv-orlandolocally and on the gate - a lot02:43
marunyee02:43
*** SumitNaiksatam has quit IRC02:43
salv-orlandois this new to you?02:43
marunyes, new to me02:43
*** devlaps has quit IRC02:43
*** alagalah_ has joined #openstack-neutron02:43
marundoes that imply that ovs is overloaded?02:44
*** djbkd has quit IRC02:44
salv-orlandomy guess is that we did not go a good thing by parallelising operations which interacted with ovs02:44
salv-orlandoI'm not talking about the ovs db monitor02:44
marunRight02:44
salv-orlandobut other things such as process_routers02:44
marunIs this a new move to parallize?02:44
salv-orlandorecent move. The problem is that ovs-vswitchd is single-threaded in the version we run on the gate; and only the most recent version (2.0) is multithreaded02:45
marunI think we're running into a pretty serious problem of contention for CPU resources.02:45
salv-orlandoor perhaps we're just asking too much to the agents when running gate tests with tenant isolation, parallelism and so on02:46
marunWell, I'm betting the cpu on a given devstack test instance is pegged 100% all the time.02:46
marunMaybe we need to start fiddling with priority?02:46
salv-orlandoactually they log sysstat le me check02:46
salv-orlandoyeah during high stress period cpu_idle is pretty much 002:48
marunsalv-orlando: So, priority?02:49
marunsalv-orlando: I mean, ovs > neutron service > agents02:49
salv-orlandoYes tomorrow among the other things I will try and nice ovs commands02:49
marunsalv-orlando: I'm not sure this is a problem in the real world, frankly.  Operators don't let hosts run at 100%, they know better.02:49
marun(at least, I hope they do)02:50
salv-orlandomarun: I agree with you, this is why I said we're asking too much from the gate02:50
marunsalv-orlando: I would tend to agree.  Mind you, we'd have to do this eventually anyway (make sure services play nice).  It just sucks that it's all coming at us at once right now.02:50
salv-orlandoAnother thing we should consider is to change the "tenant isolation" rules to avoid creating network/subnet/router pretty much for each test02:51
marunsalv-orlando: ok, sleep well!02:51
marunsalv-orlando: hmmm.  right, the setup/teardown is pretty crazy02:51
salv-orlandoAt some point I got the l3 agents processing 40 routers in a minute02:52
marunsalv-orlando: !02:52
marunsalv-orlando: that's pretty much insance02:52
salv-orlandoI mean receiving 40 notification to process routers02:52
salv-orlandoit took 114 seconds to process them02:52
marunsalv-orlando: sorry, insane02:52
marunWell, we should raise the issue with qa.  They seem to be of the opinion that stress testing like this is a good thing.02:53
salv-orlandoyup, this is stress testing; in the case of nova-network, I think they exercise in a flat scenarion02:53
marunBut dealing with unrealistic scenarios is keeping us from focusing on actual use cases.02:53
salv-orlandoand the flat scenario is nowhere that demanding in terms of operation for implementing the network02:53
marunright02:53
*** banix has joined #openstack-neutron02:54
salv-orlandook, let's say if I don't get anywhere by nicing ovs and ip commands I will resort to revisiting how tempest sets up the network02:54
marunSounds good.02:54
salv-orlandogoodnight!02:55
marun'nite!02:55
salv-orlandoor good morning to you02:55
*** salv-orlando has quit IRC02:55
*** csd has quit IRC02:57
mesterymarun: Sorry, back reading your discussion with salv-orlando, you still here?02:58
marunmestery: yes.  you're up early!02:58
marun(or late?)02:58
*** csd has joined #openstack-neutron02:58
mesterymarun: 9PM in Minnesota. :) Where are you at?02:58
marunJST - high noon02:59
mesterymarun: So, after reading the back scroll, one thing that occurs to me is this: What version of OVS are we using in the gate?02:59
marunmestery: not 2.0, sadly02:59
mesterymarun: That's where I was headed.02:59
mesteryBut even worse, is it version 1.4 we're using in the gate?02:59
mesteryBecause that is incredibly old. :(02:59
marunmestery: maybe?  I'm guessing it's whatever shipped with 12.0403:00
mesteryGood Lord, then it's 1.4.03:00
mesteryWe need to change that somehow.03:00
mesteryNobody in their right mind would run 1.4 in production.03:00
mesteryOr anything close to production.03:00
marunmestery: I'm afraid I'm ignorant as to why 1.4 is a problem, can you please enlighten me?03:00
mesterymarun: Running OVS 1.4 in the gate would be like trying to test OVS with OpenStack Diablo.03:00
mesteryLots of things have been fixed since then, performance enhancements made, etc.03:01
mesteryAnyways, just a thought as I read the back scroll.03:01
marunmestery: well, to be honest we're not doing anything complicated in the gate (yet)03:01
mesteryI agree, I think we're somewhat limited by the agents at this point, I guess I'm just thinking ahead here.03:02
marunmestery: provisioning ports and adding simple flows is about the extent of it.  Agreed that this is not representative of production, but it might still do for now.03:02
marunmestery: I think the fact that it's single-threaded is the biggest issue that might require updating.  As per salv-orlando's comment, the current tenant isolation scheme puts excessive load on ovs.03:02
* mestery nods in agreement.03:03
marunmestery: but we're going to be fighting for cpu regardless :(03:03
mesterymarun: Yes, that's true either way.03:03
marunmestery: My recent experiences with high load suggest that our current testing single-node testing strategy isn't really sustainable.03:03
marunmestery: we end up hitting bugs that aren't really problems.  Everything falls over eventually (short of running on a mainframe, and even then)03:04
marunmestery: (not that we don't have bugs that are really problems, of course)03:04
mesterymarun: Agreed, so even without Neutron things woudl tip over eventually in that scenario.03:04
marunmestery: I think so, yes.  There is only so much cpu to go around and we are running more and more services on that single node.  Something has to give eventually.03:04
marunmestery: neutron is just the canary in the coal mine03:05
mesterymarun: I agree.03:05
mesterymarun: And even the multi-node gate stuff I'm looking at for ML2 won't help, as it still leaves all control code on a single node.03:05
marunmestery: something tells me tripleo and heat might be necessary and soon03:07
mesterymarun: Agreed.03:07
mesterymarun: OK, I need to take off for a bit now.03:07
mesterymarun: Thanks for the chat!03:07
marunmestery: either that or we look at making the default tempest gate less of a stress test to focus on the functional.03:07
marunmestery: thanks to you as well, take care!03:07
*** SumitNaiksatam has joined #openstack-neutron03:10
*** dzyu has quit IRC03:11
*** dzyu has joined #openstack-neutron03:16
*** jp_at_hp has quit IRC03:20
*** nati_ueno has quit IRC03:24
*** alagalah_ has left #openstack-neutron03:29
*** amotoki_ has quit IRC03:37
openstackgerritJohn Dewey proposed a change to openstack/neutron: Removed erronus config file comment  https://review.openstack.org/6041303:38
*** dzyu has quit IRC03:40
*** julim has joined #openstack-neutron03:41
*** nati_ueno has joined #openstack-neutron03:41
openstackgerritA change was merged to openstack/neutron: Change to improve dhcp-agent sync_state  https://review.openstack.org/5986303:42
*** julim has quit IRC03:45
*** nati_uen_ has joined #openstack-neutron03:54
*** nati_ueno has quit IRC03:57
*** suresh12 has quit IRC04:01
*** banix has quit IRC04:03
*** banix has joined #openstack-neutron04:08
*** yamahata_ has quit IRC04:17
*** nati_uen_ has quit IRC04:22
*** gongysh has joined #openstack-neutron04:23
*** banix has quit IRC04:40
*** networkstatic has joined #openstack-neutron04:42
*** csd has quit IRC04:57
*** csd has joined #openstack-neutron04:58
*** mengxd has quit IRC05:02
*** ljjjustin has joined #openstack-neutron05:07
*** suresh12 has joined #openstack-neutron05:12
*** suresh12 has quit IRC05:16
*** x86brandon has quit IRC05:26
openstackgerritJohn Dewey proposed a change to openstack/neutron: Removed erronus config file comment  https://review.openstack.org/6041305:30
*** chandankumar has joined #openstack-neutron05:34
*** bvandenh has joined #openstack-neutron05:36
*** yfried has joined #openstack-neutron05:40
marunfark06:03
*** suresh12 has joined #openstack-neutron06:05
*** nati_ueno has joined #openstack-neutron06:08
*** amotoki has quit IRC06:28
openstackgerritJenkins proposed a change to openstack/neutron: Imported Translations from Transifex  https://review.openstack.org/6043006:32
*** alex_klimov has joined #openstack-neutron06:36
*** alex_klimov has quit IRC06:42
*** alex_klimov has joined #openstack-neutron06:43
*** alex_klimov has quit IRC06:43
*** alex_klimov has joined #openstack-neutron06:44
*** alex_klimov has quit IRC06:46
openstackgerritAaron Rosen proposed a change to openstack/neutron: Bump api_workers from 0 to 4  https://review.openstack.org/5978706:56
*** Jianyong has quit IRC07:06
*** Jianyong has joined #openstack-neutron07:09
*** gdubreui has quit IRC07:21
*** yfried has quit IRC07:30
*** ihrachyska has joined #openstack-neutron07:45
*** yfried has joined #openstack-neutron07:45
*** afazekas_ has joined #openstack-neutron07:49
*** suresh12 has quit IRC07:52
*** suresh12 has joined #openstack-neutron07:52
*** suresh12 has quit IRC07:53
*** nati_uen_ has joined #openstack-neutron07:54
*** nati_ueno has quit IRC07:58
*** alagalah has joined #openstack-neutron08:01
*** alagalah has quit IRC08:02
*** SumitNaiksatam has quit IRC08:03
*** gongysh has quit IRC08:03
*** Alien__ has joined #openstack-neutron08:05
*** csd has quit IRC08:08
*** jlibosva has joined #openstack-neutron08:08
*** csd has joined #openstack-neutron08:09
*** amritanshu_RnD has joined #openstack-neutron08:17
anteayajog0: yeah, if I can get a logstash url for https://bugs.launchpad.net/neutron/+bug/1210483 in the bug report, it would help me track the ongoing current status of the bug, and help me recruit someone to champion the bug08:19
anteayaso far, noone in -neutron is working on it, that I know of08:19
anteayahow do I get you an entry in a neutron service? I can look for it if I can learn how.08:20
anteayaYes, I was hearing about the reduction for large-ops tests, thanks for that.08:20
*** nati_uen_ has quit IRC08:20
anteayaand I am glad 1250168 was due to host issues and is no longer a bug for us, yay08:21
anteayamarun: I asked your cpu usage on a devstack test instance question in -infra08:24
anteayayou are welcome to follow up or I will relay back if/when I get a response08:24
*** beagles has quit IRC08:26
*** pete5_ has joined #openstack-neutron08:28
*** ivoks_ has joined #openstack-neutron08:29
*** beagles has joined #openstack-neutron08:29
*** mtreinish_ has joined #openstack-neutron08:34
*** pete5 has quit IRC08:34
*** lifeless has quit IRC08:34
*** ivoks has quit IRC08:34
*** Qlawy has quit IRC08:34
*** Qlawy has joined #openstack-neutron08:34
*** mtreinish has quit IRC08:34
*** mtreinish_ is now known as mtreinish08:35
*** pete5_ is now known as pete508:35
*** Qlawy has quit IRC08:35
*** Qlawy has joined #openstack-neutron08:35
*** networkstatic has quit IRC08:35
*** networks_ has joined #openstack-neutron08:35
*** jprovazn has joined #openstack-neutron08:35
*** lifeless has joined #openstack-neutron08:36
*** Jianyong has quit IRC08:37
*** ljjjustin has quit IRC08:37
*** ljjjustin has joined #openstack-neutron08:39
*** networks_ has quit IRC08:43
*** ygbo has joined #openstack-neutron08:43
*** networkstatic has joined #openstack-neutron08:45
*** jistr has joined #openstack-neutron08:48
*** jp_at_hp has joined #openstack-neutron08:54
*** suresh12 has joined #openstack-neutron09:04
*** networkstatic has quit IRC09:05
*** jlibosva has quit IRC09:05
*** networkstatic has joined #openstack-neutron09:06
*** jlibosva has joined #openstack-neutron09:06
marunanteaya: ok, thank you09:07
openstackgerritOleg Bondarev proposed a change to openstack/neutron: Mark dhcp ports as pending delete on subnet deletion  https://review.openstack.org/4649609:07
openstackgerritA change was merged to openstack/neutron: Imported Translations from Transifex  https://review.openstack.org/6043009:07
*** suresh12 has quit IRC09:08
*** jpich has joined #openstack-neutron09:11
*** fouxm has joined #openstack-neutron09:11
openstackgerritMarios Andreou proposed a change to openstack/neutron: Validate CIDR given as ip-prefix in security-group-rule-create  https://review.openstack.org/5921209:16
anteaya:D09:16
*** jlibosva has quit IRC09:24
*** jlibosva has joined #openstack-neutron09:24
*** jlibosva has joined #openstack-neutron09:25
*** ljjjustin has quit IRC09:27
*** Alien__ has quit IRC09:35
*** Sreedhar has joined #openstack-neutron09:39
SreedharMarun: Hi09:45
marunSreedhar: hi09:45
*** HenryG has quit IRC09:47
*** HenryG has joined #openstack-neutron09:47
SreedharMarun: I am planning to test with the patch you have created https://review.openstack.org/#/c/45678/ to reduce the polling by OVS agents. Just want to check whether the patch need to be installed only network node (where DHCP agent is running) or on all the compute nodes as well09:47
marunSreedhar:  it reduces l2 polling, so anywhere the l2 agent runs would benefit.  that said, it's not necessary unless cpu load is important, which is certainly the case for a network control node.09:49
SreedharMy Network node has 6 cores/12 threads. I don't see any high cpu utilization during the instance creation and when instances are booting on network node09:50
*** pashi has quit IRC09:51
*** rdo has quit IRC09:51
*** pashi_ has joined #openstack-neutron09:51
*** rdo has joined #openstack-neutron09:51
marunSreedhar: you're unlikely to see any benefit, then.09:53
marunSreedhar: I'm assuming the node running the neutron service is the bottleneck then?09:53
SreedharMarun: What i observed, during the instance creation even though we have 8 neutron API server process, only single neutron-server was very busy and running close to 100% cpu09:54
marunSreedhar: right.09:54
marunSreedhar: the rpc-initiated db queries09:55
marunSreedhar: That's the thing to profile09:55
*** steven-weston has joined #openstack-neutron09:55
SreedharMarun: can you guide me how to profile that so that i can enable the profiling and collect the data09:56
marunSreedhar: Sure09:56
marunSreedhar: Here is a good guide on stackoverflow: http://stackoverflow.com/questions/582336/how-can-you-profile-a-python-script09:56
marunSreedhar: The idea is that you would run the neutron service with the profiler.09:56
marunSreedhar: Then boot a single vm through nova and be able to ping it, and then shutdown the service to collect those results.09:57
marunSreedhar: Are you running from source or packages?09:57
SreedharMarun: From the Packages (have installed it from Ubuntu Cloud Ring)09:58
*** safchain has joined #openstack-neutron09:59
marunSreedhar: you'll need to dig into the daemon script that starts the neutron service to figure out what to invoke with the profiler.09:59
*** alex_klimov has joined #openstack-neutron10:00
SreedharMarun: Thanks. I will check on this10:00
marunSreedhar: I'll be interested in seeing the results.  I'm pretty sure there will be some easy stuff to optimize.10:01
Sreedharmarun: I will share the results once i am to collect the data10:03
*** networkstatic has quit IRC10:03
marunSreedhar: my only request is that you profile only a single vm boot.  a profiler slows things down tremendously and it would bottleneck in ways inconsistent with regular use.10:05
*** netavenger-jr has joined #openstack-neutron10:05
Sreedharmarun: ok10:05
openstackgerritAnn Kamyshnikova proposed a change to openstack/neutron: Update lockutils and fixture in openstack.common  https://review.openstack.org/4755710:08
openstackgerritberlin proposed a change to openstack/neutron: Fix VPNaaS Service driver should check whether router has gateway  https://review.openstack.org/6046110:08
*** steven-weston has quit IRC10:18
*** salv-orlando has joined #openstack-neutron10:27
*** Sreedhar has quit IRC10:36
openstackgerritSalvatore Orlando proposed a change to openstack/neutron: Test commit for testing parallel job in experimental queue  https://review.openstack.org/5742010:38
*** yfujioka has joined #openstack-neutron10:58
*** Sreedhar has joined #openstack-neutron11:01
openstackgerritSalvatore Orlando proposed a change to openstack/neutron: Test commit for testing parallel job in experimental queue  https://review.openstack.org/5742011:04
*** heyongli has joined #openstack-neutron11:08
*** yfujioka has quit IRC11:12
*** yamahata_ has joined #openstack-neutron11:21
*** pcm_ has joined #openstack-neutron11:22
*** pcm_ has quit IRC11:23
*** pcm_ has joined #openstack-neutron11:23
*** armax has joined #openstack-neutron11:25
openstackgerritAnn Kamyshnikova proposed a change to openstack/neutron: Add testing of migrations from oslo  https://review.openstack.org/4692711:46
*** yamahata_ has quit IRC11:48
*** ivoks_ is now known as ivoks11:55
*** ivoks has joined #openstack-neutron11:55
*** nati_ueno has joined #openstack-neutron12:14
*** banix has joined #openstack-neutron12:16
*** jp_at_hp1 has joined #openstack-neutron12:27
*** jp_at_hp has quit IRC12:30
openstackgerritDirk Mueller proposed a change to openstack/neutron: Do not concatenate localized strings  https://review.openstack.org/5289512:30
*** alex_klimov has quit IRC12:33
*** Sreedhar has quit IRC12:34
marios_enikanorov__:  enikanorov_  ping - if you get 5 mins -  revision better? https://review.openstack.org/#/c/59212/ tx!12:41
enikanorov_marios_: just left a comment. generally ok except a minor nit12:43
*** Sreedhar has joined #openstack-neutron12:46
*** nati_ueno has quit IRC12:49
openstackgerritA change was merged to openstack/neutron: Sync dhcp_agent.ini with the codes  https://review.openstack.org/5911812:49
marios_enikanorov_: ta very much !12:50
*** alex_klimov has joined #openstack-neutron12:51
*** banix has quit IRC12:53
*** yamahata_ has joined #openstack-neutron12:59
*** salv-orlando has quit IRC13:06
*** salv-orlando has joined #openstack-neutron13:07
*** beagles has quit IRC13:11
openstackgerritMarios Andreou proposed a change to openstack/neutron: Validate CIDR given as ip-prefix in security-group-rule-create  https://review.openstack.org/5921213:15
openstackgerritSylvain Afchain proposed a change to openstack/neutron: Fix a typo in log exception in the metering agent  https://review.openstack.org/5905813:19
HenryGIn the neutron project, are we requiring every review request to reference a bug/BP? How strict is this requirement?13:19
openstackgerritA change was merged to openstack/neutron: Handle failures on update_dhcp_port  https://review.openstack.org/5966413:26
*** beagles has joined #openstack-neutron13:26
*** csd has quit IRC13:34
*** csd has joined #openstack-neutron13:35
*** heyongli has quit IRC13:40
openstackgerritEvgeny Fedoruk proposed a change to openstack/neutron: Extending quota support for neutron LBaaS entities  https://review.openstack.org/5872013:46
openstackgerritOleg Bondarev proposed a change to openstack/neutron: LBaaS: unify haproxy-on-host plugin driver and agent  https://review.openstack.org/4038113:59
*** armax has quit IRC14:01
*** armax has joined #openstack-neutron14:02
jog0anteaya: so we could use 'self.assertTrue(len(addresses) >= 1)' in console.html but that may be too general14:02
jog0anteaya: to find a query for bug https://bugs.launchpad.net/neutron/+bug/1210483 we need a good line in the logs to use as a fingerprint14:03
openstackgerritJianing Yang proposed a change to openstack/neutron: Implement basic functionalities for port forwarding  https://review.openstack.org/6051214:04
*** beagles is now known as beagles_brb14:06
*** armax has quit IRC14:09
*** jianingy is now known as jianingy_afk14:11
*** armax has joined #openstack-neutron14:19
*** banix has joined #openstack-neutron14:21
*** alagalah has joined #openstack-neutron14:27
*** alagalah has left #openstack-neutron14:28
openstackgerritFlavio Percoco proposed a change to openstack/neutron: Sync rpc fix from oslo-incubator  https://review.openstack.org/6052414:35
*** peristeri has joined #openstack-neutron14:36
*** russellb is now known as rustlebee14:38
openstackgerritOleg Bondarev proposed a change to openstack/neutron: LBaaS: unify haproxy-on-host plugin driver and agent  https://review.openstack.org/4038114:38
*** alex_klimov has quit IRC14:41
obondarevhi all, looking for opinions on Akihiro's comment on https://review.openstack.org/#/c/53364/14:42
*** otherwiseguy has quit IRC14:44
*** sbasam has joined #openstack-neutron14:51
*** mestery_ has joined #openstack-neutron14:53
*** chandankumar has quit IRC14:53
*** mestery has quit IRC14:57
*** mestery has joined #openstack-neutron14:57
*** mestery_ has quit IRC14:58
*** jecarey has joined #openstack-neutron15:01
*** netavenger-jr has quit IRC15:02
*** netavenger-jr has joined #openstack-neutron15:02
*** clev has joined #openstack-neutron15:03
*** mestery has quit IRC15:05
peristeri#info peristeri continue working on https://bugs.launchpad.net/horizon/+bug/124170915:09
marios_enikanorov_: thanks bud: https://review.openstack.org/#/c/59212/15:11
*** mestery has joined #openstack-neutron15:13
enikanorov_my +115:15
*** jprovazn has quit IRC15:18
marios_enikanorov_: thanks15:18
openstackgerritSylvain Afchain proposed a change to openstack/neutron: Fix a typo in log exception in the metering agent  https://review.openstack.org/5905815:24
*** otherwiseguy has joined #openstack-neutron15:33
*** Qlawy has quit IRC15:35
*** Qlawy has joined #openstack-neutron15:36
*** Qlawy has joined #openstack-neutron15:36
*** devlaps has joined #openstack-neutron15:37
*** SushilKM has joined #openstack-neutron15:38
*** amritanshu_RnD has quit IRC15:39
*** jlibosva has quit IRC15:41
*** Mr_W has quit IRC15:41
*** beagles_brb is now known as beagles15:49
*** SushilKM has quit IRC15:50
*** dims has quit IRC15:58
*** djbkd has joined #openstack-neutron16:03
*** dims has joined #openstack-neutron16:03
marios_happy friday neutron16:03
* marios_ weekend16:03
*** carl_baldwin has joined #openstack-neutron16:16
*** Abhishek has joined #openstack-neutron16:26
*** suresh12 has joined #openstack-neutron16:28
*** suresh12 has quit IRC16:30
*** safchain has quit IRC16:39
*** markmcclain has joined #openstack-neutron16:42
*** Abhishek has quit IRC16:46
mesterymarios_: Yay, Friday!16:51
*** scotty916 has joined #openstack-neutron16:53
*** scotty916 has quit IRC16:56
*** Sreedhar has quit IRC16:59
*** pete5 has quit IRC17:00
*** alagalah has joined #openstack-neutron17:00
*** nati_ueno has joined #openstack-neutron17:01
*** fouxm has quit IRC17:02
*** alagalah has quit IRC17:02
*** rossella_s has joined #openstack-neutron17:06
*** pasquier-s has quit IRC17:06
*** jpich has quit IRC17:11
*** nati_ueno has quit IRC17:13
openstackgerritTerry Wilson proposed a change to openstack/neutron: Add fwaas_driver.ini to setup.cfg  https://review.openstack.org/6056217:14
EmilienMmarun: ping17:14
marunEmilienM: pong17:17
*** ygbo has quit IRC17:18
*** suresh12 has joined #openstack-neutron17:26
marunEmilienM: sorry, I have to sleep.17:29
*** SushilKM has joined #openstack-neutron17:30
*** marun has quit IRC17:30
*** Qlawy has quit IRC17:37
*** alagalah has joined #openstack-neutron17:40
*** markmcclain has quit IRC17:42
*** markmcclain has joined #openstack-neutron17:43
*** Qlawy has joined #openstack-neutron17:45
*** markmcclain has quit IRC17:46
*** nati_ueno has joined #openstack-neutron17:51
*** armax has quit IRC18:01
*** armax has joined #openstack-neutron18:02
*** SushilKM has quit IRC18:05
*** suresh12 has quit IRC18:08
openstackgerritNachi Ueno proposed a change to openstack/neutron: API Extension for SSL-VPN services  https://review.openstack.org/5889718:11
*** armax has quit IRC18:14
*** sbasam has quit IRC18:17
*** rossella_s has quit IRC18:17
*** alagalah has left #openstack-neutron18:19
*** armax has joined #openstack-neutron18:20
*** afazekas_ has quit IRC18:32
*** suresh12 has joined #openstack-neutron18:38
*** jistr has quit IRC18:45
*** alagalah has joined #openstack-neutron18:50
*** Qlawy has quit IRC18:53
*** Qlawy has joined #openstack-neutron18:53
openstackgerritNachi Ueno proposed a change to openstack/neutron: API Extension for SSL-VPN services  https://review.openstack.org/5889718:58
openstackgerritA change was merged to openstack/neutron: Fix a typo in log exception in the metering agent  https://review.openstack.org/5905819:13
openstackgerritA change was merged to openstack/neutron: Sync rpc fix from oslo-incubator  https://review.openstack.org/6052419:13
openstackgerritA change was merged to openstack/neutron: Do not concatenate localized strings  https://review.openstack.org/5289519:13
openstackgerritA change was merged to openstack/neutron: Fix unable to add allow all IPv4/6 security group rule  https://review.openstack.org/5767019:14
*** pete5 has joined #openstack-neutron19:23
openstackgerritAaron Rosen proposed a change to openstack/neutron: Remove dead code _arp_spoofing_rule()  https://review.openstack.org/6060119:27
*** armax has left #openstack-neutron19:27
openstackgerritA change was merged to openstack/neutron: Improve unit test coverage for Cisco plugin common code  https://review.openstack.org/6037019:28
*** jecarey has quit IRC19:41
*** suresh12 has quit IRC19:42
*** suresh12 has joined #openstack-neutron19:54
*** otherwiseguy has quit IRC19:58
*** yamahata_ has quit IRC19:59
*** pasquier-s has joined #openstack-neutron20:07
*** Sreedhar has joined #openstack-neutron20:07
*** mwagner_lap has joined #openstack-neutron20:11
*** suresh12 has quit IRC20:14
asadoughiarosen: around? had a question about security groups and source_port_range_min/source_port_range_max20:14
arosenasadoughi: yep20:14
arosenshoot20:14
asadoughiso, it's in the rpc api (not sure if that's the right term), but not in the server facing api20:15
arosenasadoughi: was there a question in there?20:16
asadoughiarosen: any reason why it's like that?20:16
arosenasadoughi:  I didn't do the security group rpc interface. I also thought this was odd. As far as security groups go the direction ingress/egress could have been used instead of introduction source/destination_port_range_min/max.20:18
arosenThough source/destination_port_range/min/max is used in the fwaas stuff though because the api allows you to enforce both source and dest TCP ports.20:19
asadoughiright20:19
arosenso in that case it makes sense.20:19
*** pasquier-s has quit IRC20:20
asadoughiiptables is stateful, open vswitch is stateless which is i started the question, because the server api as it stands is not rich enough to express all rules20:20
asadoughiwhich is why i*20:20
asadoughihowever, if i added --source-port-min --source-port-max to the api or additional directions: ingress-src, egress-src it would be complete for openvswitch20:21
asadoughiarosen: did you follow that? i wanted to just ping you before i wrote a longer explanation for the blueprint to test feasibility of expanding the security groups api20:22
*** harlowja has quit IRC20:23
*** harlowja has joined #openstack-neutron20:23
arosenasadoughi:  not quite sorry :/20:25
arosenasadoughi: I don't think our API states the behavior if something is stateful or stateless though.20:26
asadoughiarosen: ok. i'll just do the write up and ping you when it seems coherent20:26
arosenthat said EC2/security_groups currently do operate as stateful20:26
arosenasadoughi: it's hard to implement statefullness in ovs flows though.20:27
arosenWhen a flow comes in you'll need to then install a flow in the other direction patching the reverse of the fields to make it statefull20:28
asadoughiarosen: right so my implementation of ovs-firewall-driver will be stateless until ovs has connection tracking20:28
arosenasadoughi: sounds good keep me posted. Definitely interested in your findings.20:28
*** x86brandon has joined #openstack-neutron20:28
arosenMakes sense.20:29
asadoughiarosen: from my notes https://etherpad.openstack.org/p/ovs-firewall-driver-stateless20:30
arosenasadoughi: when you say ingress(src) or egress(src) what do you mean?20:32
arosensrc != remove_ip right20:32
arosenremote*20:33
arosenasadoughi:  what is the difference between line 1 and line 5?20:33
asadoughiarosen: in this context, direction is ip based  and src/dst is how the security group rule would be applied to tp_src or tp_dst20:33
openstackgerritSean M. Collins proposed a change to openstack/neutron: Create a new attribute for subnets, to store v6 dhcp options  https://review.openstack.org/5298320:34
arosenHrm, I think if i understand the different between line 1 and line 5 in your etherpad i'll understand.20:34
asadoughiarosen: each of A. B. C. D. are different flows20:34
arosenOHH20:35
aroseni miss read something20:35
aroseni didn't see you changed nw_sec***20:35
arosennw_src20:35
arosenokay let me look at this again sorry.20:35
*** networkstatic has joined #openstack-neutron20:39
asadoughiarosen: making more sense now?20:39
arosenasadoughi:  yup i need to think about it for a sec.20:39
*** mlavalle has joined #openstack-neutron20:43
arosenwhat do you mean by acknowledge B&C ?20:44
openstackgerritNachi Ueno proposed a change to openstack/neutron: API Extension for SSL-VPN services  https://review.openstack.org/5889720:44
arosenWhen you say not possible do you mean there is no neutron api to: # Allows instance_ip to serve ssh to client remote_ip (other half of D)20:44
asadoughiother words i could have chosen for acknoweldge: grok, accept, learn20:45
arosenWith is the other half of D not possible?20:45
arosenwhy is*20:45
arosenwhich part? It's not possible to write flows to support this?20:46
asadoughisecurity groups api is not rich enough to express this, it only expresses destination ports20:46
asadoughino, i've written all 4 possible flows with 2 ips and 2 ports.20:47
arosenasadoughi: I think i see what you are saying.20:49
arosenasadoughi:  so it looks like security groups are explicitly stateful.20:49
aroseni.e:20:49
arosenif you do:20:49
arosen# Allow remote_ip to ssh to vm 20:49
arosen neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress --remote-ip-prefix $remote_ip/32 default20:49
arosenthat means that the instance will be able to respond to that.20:50
arosenyou don't need to explicitly have a security group rule to allow the instance to respond.20:50
arosenThat's what you are talking about right?20:50
openstackgerritNachi Ueno proposed a change to openstack/neutron: API Extension for SSL-VPN services  https://review.openstack.org/5889720:53
arosenWhen the api call on line 10 is done you would have to install flows in the reverse that you have on line 1520:53
asadoughiarosen: sure, in explicit situations it's possible to have two flows per rule.20:54
openstackgerritNachi Ueno proposed a change to openstack/neutron: Improve vif attributes related with firewalling  https://review.openstack.org/2194620:55
*** rossella_s has joined #openstack-neutron20:55
asadoughihowever, for example with default security groups and a vm wanting to ssh out into remote, it's not possible to have flows implied (state) in that situation, so a need for one rule: one flow20:55
dkehnarosen: would you have a minute for an issue I'm having with unit test?20:56
arosenasadoughi:  ah okay so by default an instance can send out to anything. THough the tricky part is the reverse flow in the other direction to allow it to receive back ?20:58
asadoughiarosen: because otherwise the pairing of allow all egress flow would be allow all ingress flow in a stateless context ;)20:58
arosendkehn: shoot20:58
dkehnarosen: let me put some of this in a paste20:58
asadoughiarosen: right so that reverse flow would need to be explicit and i would like to change the security groups frontend api/db to handle it20:59
asadoughiarosen: using one of the two suggestions i've made. i have it in code already if that would make things clearer for you.20:59
arosenasadoughi:  i'm confused how line 26/27 would solve this?21:01
dkehnarosen: http://paste.openstack.org/show/54623/, basically I'm wondering how to get around the MisMatchError21:01
*** rossella_s has quit IRC21:02
dkehnarosen: one would assume that I would put the assertRaises on the self.new_update_request, which gave a MismatchError, but the actual tb occurrs on the get_response21:03
dkehnI'm figuring its something simple that I'm overlooking21:03
arosendkehn: give me a few min i'm thinking about what asadoughi has brought up.21:03
*** dkranz has joined #openstack-neutron21:03
dkehnarosen: np21:04
asadoughiwell, it would be 26 or 27. not both. my prototype is here https://github.com/asadoughi/neutron/compare/master...ovs_firewall_driver and the last 3 changes are relevant to how it works21:04
arosenasadoughi: so what would you want the api call to look like to implement: # Allow remote_ip to ssh to vm 21:05
asadoughiin the patch, i've gone with adding new directions , but the source-port-range-min,-max seems cleaner21:05
dkranzWould it be possible for a neutron dev to review "Adds test external/internal network connectivity"  https://review.openstack.org/#/c/55146/21:06
asadoughiarosen: updated etherpad with command line examples21:07
arosenasadoughi:  so it looks like direction can now be : ['ingress',                                                   'egress',                                                   'ingress-src',                                                   'egress-src']}},21:08
arosenWhat's the difference between ingress  and ingress-src?21:08
asadoughithe code that hijacks the port to change the rpc message: https://github.com/asadoughi/neutron/compare/master...ovs_firewall_driver#diff-78a89e0759aeb12cb44fc995d4ea7331R31121:09
asadoughiagain, the other way would be cleaner21:09
arosenasadoughi:  wait so are you saying you want to remove this explicit handing in security groups that when you do : --port-range-min 22 --port-range-max 22 --direction 22; that you also need to specify the  flow in the other way?21:09
asadoughibut hacky things pop into my mind first sometimes for some reason :)21:09
asadoughiarosen: could you rephrase that21:09
asadoughioh handling got it21:10
*** rossella_s has joined #openstack-neutron21:15
*** otherwiseguy has joined #openstack-neutron21:17
*** suresh12 has joined #openstack-neutron21:24
dkehnarosen: any time to look at it?21:26
arosendkehn:  one sec looking now.21:27
dkehnarosen: thx tons21:27
arosendkehn:  are you asking why this is occuring?21:29
arosen  File "neutron/extensions/extra_dhcp_opt.py", line 42, in _validate_list_of_dict_or_none21:29
arosen    raise ExtraDhcpOptBadData(data='blank string(s) not allowed')21:29
*** suresh12 has quit IRC21:29
arosenseems because of the '       ' here:21:29
arosen        upd_opts = [{'opt_name': 'bootfile-name', 'opt_value': '    '}]21:29
arosenopt_value21:29
dkehnarosen: no I'm basically wonder the right way to put a assertRaises in such that when the  ExtraDhcpOptBadData occurrs I catch it, it seems that I'm getting a MismatchError instead21:30
*** carl_baldwin has quit IRC21:31
arosendkehn: can you pastebin                 neutron/extensions/extra_dhcp_opt.py21:32
*** rossella_s has quit IRC21:33
dkehnarosen: http://paste.openstack.org/show/54626/ its at the end, I'm trying to pass in a '    ' string that should raise the validator exception21:34
arosendkehn: okay okay so the self.assertRaises is what is raising this mismatch error21:36
*** pasquier-s has joined #openstack-neutron21:36
arosenwhat does print eq give you21:36
arosenprint req * when the the return from new_update_request('ports'21:37
arosenOh21:37
arosenthe API isn't going  to raise ExtraDhcpOptBadData there it is going to raise BadRequest21:37
dkehnarosen: > /home/dkehn/devl/neutron-empty-string/neutron/tests/unit/test_extension_extradhcpopts.py(275)test_update_port_with_blank_string_extradhcpopt()21:37
dkehn-> self.assertRaises(edo_ext.ExtraDhcpOptBadData,21:37
dkehn(Pdb) p req21:37
dkehn<Request at 0x39509d0 PUT http://localhost/ports/a4515651-8e42-4491-a09a-e09ac51203c4.json>21:37
dkehnarosen: http://paste.openstack.org/show/54628/21:38
dkehnarosen: at the very bottom21:38
*** suresh12 has joined #openstack-neutron21:39
arosenusually we do something like this:21:39
arosen  req = self.new_update_request('ports', update_port,21:39
arosen                                          port['port']['id'])21:39
arosen            res = req.get_response(self.api)21:39
arosen            self.assertEqual(res.status_int, webob.exc.HTTPOk.code)21:39
dkehnarosen: let me try that21:40
arosenYou won't get an edo_ext.ExtraDhcpOptBadData exception from the api. One sec i can show you where the exceptions are converted.21:40
*** pasquier-s has quit IRC21:42
arosendkehn:  yea if you look in neutron/api/v2/base.py FAULT_MAP the api will only raise those exceptions.21:43
dkehnarosen: The issue is that the res = req.get_response...... produces a tb21:43
arosenwhat's the tb?21:44
dkehntb = traceback21:44
aroseni got that :) what does it say :)21:44
*** aymenfrikha has joined #openstack-neutron21:44
dkehnarosen: ExtraDhcpOptBadData: Invalid data format for extra-dhcp-opt: blank string(s) not allowed21:46
dkehnwhich is what I'm looking for21:46
arosendkehn: It must print an http response though not just that?21:47
dkehnone sec21:47
aroseni think that's just in the body of the request that it is returning.21:48
dkehnarosen: http://paste.openstack.org/show/54630/21:48
dkehnarosen: pdb session21:48
*** aymenfrikha has quit IRC21:49
arosendkehn: it looks like this is raising an error right:  res = req.get_response(self.api) you can't even print res ?21:51
dkehnarosen: <Response at 0x3f2de50 400 Bad Request>21:52
openstackgerritSean M. Collins proposed a change to openstack/neutron: Create a new attribute for subnets, to store v6 dhcp options  https://review.openstack.org/5298321:52
dkehnarosen: (Pdb) p res.__dict__21:53
dkehn{'_app_iter': ['{"NeutronError": {"message": "Invalid data format for extra-dhcp-opt: blank string(s) not allowed", "type": "ExtraDhcpOptBadData", "detail": ""}}'], '_status': '400 Bad Request', '_headerlist': [('Content-Type', 'application/json; charset=UTF-8'), ('Content-Length', '145')], 'conditional_response': False, '_headers': None}21:53
arosentype(res)21:53
arosenprint type(res)21:54
openstackgerritNachi Ueno proposed a change to openstack/neutron: API Extension for SSL-VPN services  https://review.openstack.org/5889721:55
arosenI'm wondering if it's been deserialized yet it doesn't look like it.21:55
dkehnno,21:56
dkehnthere hassn't21:56
arosenit's a string right?21:56
dkehnright21:56
arosenCool, can you paste the updated testcase ?21:56
arosenJust want to take a look what it is now.21:56
dkehnhttp://paste.openstack.org/show/54628/21:57
dkehnarosen: sorry that old21:57
dkehnarosen: http://paste.openstack.org/show/54631/21:58
arosendkehn: hrm what you have looks like it should work though i see in different places we call deserialize and not in others.22:02
*** aymenfrikha has joined #openstack-neutron22:02
arosenIf you add this it should work though I think:22:02
arosen            res = self.deserialize('json', req.get_response(self.api))22:03
arosenI'd give that a shot. The assertEqual will fail though as it's returning a webob.exc.HTTPBadRequest.code;22:04
dkehn            port = self.deserialize('json', req.get_response(self.api))22:04
dkehn            # res = req.get_response(self.api)22:04
arosenalso 'json' should be replaced with self.fmt but that can call happen later.22:04
dkehn            self.assertEqual(port.status.int, webob.exc.HTTPOk.code)22:04
arosenyup22:04
dkehnthis is what I've started with22:04
dkehnI've kind of been regressing22:04
arosenwhat was port then?22:04
dkehn(Pdb)22:05
dkehn> /home/dkehn/devl/neutron-empty-string/neutron/tests/unit/test_extension_extradhcpopts.py(275)test_update_port_with_blank_string_extradhcpopt()22:05
dkehn-> port = self.deserialize('json', req.get_response(self.api))22:05
dkehn(Pdb)22:05
dkehn2013-12-06 14:59:52,077    ERROR [neutron.api.v2.resource] update failed22:05
dkehnTraceback (most recent call last): File "neutron/api/v2/resource.py", line 84, in resource22:05
dkehn    result = method(request=request, **args)22:05
dkehn  File "neutron/api/v2/base.py", line 466, in update22:05
dkehn    allow_bulk=self._allow_bulk)22:05
dkehn  File "neutron/api/v2/base.py", line 595, in prepare_request_body22:05
dkehn    attr_vals['validate'][rule])22:05
dkehn  File "neutron/extensions/extra_dhcp_opt.py", line 42, in _validate_list_of_dict_or_none22:05
dkehn    raise ExtraDhcpOptBadData(data='blank string(s) not allowed')22:05
dkehnExtraDhcpOptBadData: Invalid data format for extra-dhcp-opt: blank string(s) not allowed22:05
arosenlets probably switch to private message so we don't spam everyone in here22:05
dkehn> /home/dkehn/devl/neutron-empty-string/neutron/tests/unit/test_extension_extradhcpopts.py(277)test_update_port_with_blank_string_extradhcpopt()22:05
dkehn-> self.assertEqual(port.status.int, webob.exc.HTTPOk.code)22:05
dkehn(Pdb)22:05
dkehnAttributeError: "'dict' object has no attribute 'status'"22:05
dkehn> /home/dkehn/devl/neutron-empty-string/neutron/tests/unit/test_extension_extradhcpopts.py(277)test_update_port_with_blank_string_extradhcpopt()22:05
dkehn-> self.assertEqual(port.status.int, webob.exc.HTTPOk.code)22:06
dkehn(Pdb) p port22:06
dkehn{u'NeutronError': {u'message': u'Invalid data format for extra-dhcp-opt: blank string(s) not allowed', u'type': u'ExtraDhcpOptBadData', u'detail': u''}}22:06
dkehn(Pdb)22:06
dkehnarosen: k22:06
*** networkstatic has quit IRC22:07
*** Sreedhar has quit IRC22:07
*** pcm_ has quit IRC22:12
*** networkstatic has joined #openstack-neutron22:20
*** harlowja has quit IRC22:21
*** networkstatic has quit IRC22:22
*** dims has quit IRC22:25
*** jecarey has joined #openstack-neutron22:31
*** alagalah has left #openstack-neutron22:31
*** dims has joined #openstack-neutron22:40
*** peristeri has quit IRC22:52
*** pasquier-s has joined #openstack-neutron22:53
*** clev has quit IRC23:02
*** aymenfrikha has quit IRC23:10
*** aymenfrikha has joined #openstack-neutron23:11
*** pasquier-s has quit IRC23:11
*** pasquier-s has joined #openstack-neutron23:35
*** x86brandon has quit IRC23:44
*** banix has quit IRC23:44
*** otherwiseguy has quit IRC23:51
*** arosen has left #openstack-neutron23:57
« Thursday, 2013-12-05 Index Saturday, 2013-12-07 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!