Friday, 2023-04-21

« Thursday, 2023-04-20 Index Saturday, 2023-04-22 »
*** iurygregory is now known as iurygregory|holiday02:26
opendevreviewliuxie proposed openstack/neutron-lib master: New api-def: allowedaddresspairs-atomic  https://review.opendev.org/c/openstack/neutron-lib/+/88061503:06
opendevreviewhuanghailun proposed openstack/neutron master: Add allowed_address_pairs add/remove atomic operations  https://review.opendev.org/c/openstack/neutron/+/88092207:09
opendevreviewhuanghailun proposed openstack/neutron master: Add allowed_address_pairs add/remove atomic operations  https://review.opendev.org/c/openstack/neutron/+/88092207:11
opendevreviewhuanghailun proposed openstack/neutron master: Add allowed_address_pairs add/remove atomic operations  https://review.opendev.org/c/openstack/neutron/+/88092207:18
dvo-plvHello08:06
dvo-plvDo you have ability to review our spec file from this fre ? https://bugs.launchpad.net/neutron/+bug/201354008:06
ralonsohdvo-plv, I'll take a look on Monday, I can't today. But this is in my TODO list08:15
dvo-plvgreate, thanks08:18
opendevreviewFernando Royo proposed openstack/ovn-octavia-provider master: Discard batch-update-members not valid request  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/88119808:28
opendevreviewhuanghailun proposed openstack/neutron master: Add allowed_address_pairs add/remove atomic operations  https://review.opendev.org/c/openstack/neutron/+/88092209:05
opendevreviewFernando Royo proposed openstack/ovn-octavia-provider master: Discard batch-update-members not valid request  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/88119810:10
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Admin procedure for duplicated or deleted OVN agents  https://review.opendev.org/c/openstack/neutron/+/88120410:20
opendevreviewRodolfo Alonso proposed openstack/neutron master: Update QoS documentation  https://review.opendev.org/c/openstack/neutron/+/88120610:58
opendevreviewRodolfo Alonso proposed openstack/neutron master: Update QoS documentation  https://review.opendev.org/c/openstack/neutron/+/88120610:59
dmitriisGot a pass on https://review.opendev.org/c/openstack/neutron-lib/+/870887 again after a re-upload if anybody has time.11:13
dmitriislajoskatona, ralonsoh: tyvm12:28
opendevreviewRodolfo Alonso proposed openstack/neutron master: Use a writer context for the online alembic migrations  https://review.opendev.org/c/openstack/neutron/+/88086713:14
lajoskatonadmitriis: :-) Thanks for proposing this feature upstream :-)13:19
ralonsohfolks, if you have 1 min: https://review.opendev.org/c/openstack/neutron/+/87466913:22
slaweqralonsoh +213:23
ralonsohthanks!13:23
lajoskatonaTahnks, I added in comment the reference for the original patch which introduced OVNSqlFixture13:29
ralonsohthanks!13:29
ralonsohah yes, I missed that link...13:29
opendevreviewMerged openstack/neutron-lib master: ext-gw-multihoming: api-def and api-ref  https://review.opendev.org/c/openstack/neutron-lib/+/87088713:34
ralonsohPing list: ykarel, mlavalle, mtomaska, slawek, obondarev, sahid, tobias-urdin, lajoskatona, amotoki 14:00
mlavalleo/14:00
ralonsoh#startmeeting neutron_drivers14:00
opendevmeetMeeting started Fri Apr 21 14:00:49 2023 UTC and is due to finish in 60 minutes.  The chair is ralonsoh. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
opendevmeetThe meeting name has been set to 'neutron_drivers'14:00
ralonsohhello14:00
lajoskatonao/14:01
slaweqo/14:01
rubasovo/14:01
ralonsohok, let's start14:02
obondarevo/14:02
sahid_o/14:02
ralonsohfirst topic is 14:02
ralonsoh#link https://bugs.launchpad.net/neutron/+bug/201322814:02
ralonsoh[rfe] Non-admin users unable to create SR-IOV switch dev ports14:02
ralonsohI'll present it14:02
ralonsohthe idea, discussed during this PTG and the previous one14:02
ralonsohis to have another port extension14:03
ralonsoha flag, that will enable/disable the HW offload14:03
ralonsohinstead of writing in the port binding, that is something Neutron shouldn't do14:03
ralonsohany backend supporting HWOL, will read it and create the corresponding interface14:03
ralonsoh(that means communication with Nova, that needs to support this extension)14:04
ralonsohso that's the feature. That will require a spec because: we create a new API extension, DB changes, changes in 2 backends and Nova-Neutron sync14:04
lajoskatonanova-spec also?14:05
ralonsohI don't think so14:05
lajoskatonaakc14:05
lajoskatonaack14:05
ralonsohbut this is something I can check with Nova folks14:05
sahid_I may not understand all, but insn't that somehing whcih should be controled by nova, having a port created using HW offload?14:07
ralonsohno, the port is created by Neutron14:07
ralonsohthe DB port14:07
ralonsohNova, reading the Neutron port, creates the L1 port14:07
ralonsohah, this flag will be by default admin only but configurable via policies14:08
slaweqso currently this information is in binding profile and that's how nova and other backends expects it, right?14:08
ralonsohyes14:08
ralonsohwell, the backend is controlled by Neutron, so that is something to be changed in our side14:09
ralonsohthe only "external" issue is the info passed to Nova14:09
ralonsohto pass to os-vif the correct way to create the L1 port14:09
slaweqwhy can't we add new extension to add new port's attribute for that so users can use it but then internally translate it into binding profile and send to e.g. nova?14:09
slaweqthat way impact of the change would be smaller, am I correct?14:09
ralonsohright, but the secondary goal of this feature was to avoid writing in the por tbinding dict14:10
ralonsohsomething that should be done only by nova14:10
ralonsohbut14:10
ralonsohwe can implement that in two phases14:10
ralonsoh1) add the port extension + port binding14:10
ralonsoh2) in the next release, if nova implements the port extension, remove the port binding stuff14:11
slaweqyeah, IIUC what You actuallywant to do are 2 different things14:11
ralonsohyes14:11
slaweq1. new extension to allow users setting this HWOL flag and14:11
slaweq2. change/improve communication with nova14:11
ralonsohyes14:11
ralonsohand also allow non-admin users to create HWOL ports14:12
ralonsoh**if** the admin allows that in the policies14:12
slaweqyes, but that's kind of related to 1)14:12
mlavalleand without touching the port binding14:12
ralonsohyes14:12
slaweqyes, but that's kind of related to 1)14:13
mlavallehonestly, the rfe is not as clear as what we've discussing here14:14
ralonsohno, it isn't 14:14
lajoskatonaagree14:14
obondarevsame feeling14:14
ralonsohif approved, I'll add a comemnt of what should be implemented and what the spec will contain14:14
mlavalleright, I was about to suggest that14:14
mlavalleto make clear what we understood14:15
ralonsohI prefer no to change the description, that is not mine14:15
mlavallethat's fine14:15
slaweq++14:15
lajoskatonashall we expect johnthetubaguy to work on this?14:15
ralonsohno14:15
mlavallejust in a coment leave in black and white our understanding14:15
ralonsohbut I can ask him14:15
sahid_why this was admin only from the beginning? something was just missing or it was legitimate?14:15
ralonsohport binding is admin only14:16
ralonsohand not configurable14:16
mlavalleso who would write the spec?14:16
ralonsohI'll do14:16
ralonsohand I'll implement the feature14:17
obondarev+1 then :)14:17
ralonsohbut if you agree on the description given here14:17
slaweqso I'm +1 for this RFE but for point 1) for now14:17
ralonsohok, I'll add the description of the 2 phases14:17
slaweqI think that neutron-nova thing is another story14:17
ralonsohthat will be easy to implement 14:17
slaweqI'm also fine with that but this should probably be discussed separately in nova-neutron session probably14:18
ralonsohfor sure14:18
ralonsohwe can change the Neutron code isolating the neutron-nova communication14:18
ralonsohany other question?14:20
slaweqnothing from me14:20
lajoskatonanot from me14:20
mlavalleno, I think enabling users to create hwol ports, under controls, is a worthy cause14:20
lajoskatonaI agree with this plan14:20
ralonsohthen please vote for this RFE14:20
mlavalle+114:21
lajoskatona+1 with the  spec14:21
mlavalleyeap, spec is needed14:21
ralonsohslaweq, obondarev ?14:21
obondarev+114:21
slaweq+114:22
ralonsohso approved with spec, including the description done in this conversation (and the 2 phases plan)14:22
ralonsohthank you all14:22
ralonsohnext one14:22
ralonsoh#link https://bugs.launchpad.net/neutron/+bug/201619714:22
ralonsohneutron can create port from network which has no subnet14:22
ralonsohrelated to14:22
ralonsoh#link https://bugs.launchpad.net/neutron/+bug/201619814:22
* sahid_ checked the spec to this why it has been implemented in that way considering admin only, but no mentions of that14:23
ralonsohOK, Liu is not here but I'll start the conversation14:24
ralonsohregardless of seeing the problem in lp#201619814:24
ralonsohI don't think we should block the creation of a port in a network without subnets14:24
slaweqif we already have it like that, I don't think we can remove it as it would be backward incompatible14:25
slaweqand we can break someone's use case even if we don't know about it14:25
ralonsohalthough, being said, I don't see any useful thing14:25
ralonsohyeah, that's the point, this is something that the current API allows14:25
ralonsohto be honest I don't see any usecase14:25
ralonsohbut is allowd14:25
slaweqsubnet is just our internal thing used for IPAM - network and port are things which IMO may be treated as representation of things from "physical" world14:25
sahid_removing this will be an api breaking14:25
obondarevseems like HA routers bug can be fixed with just checking HA network subnets14:26
slaweqsahid_++14:26
ralonsohobondarev, right!14:26
ralonsohbut this call should be done inside the same context creating the subnet14:27
ralonsohjust to be transactional14:27
slaweqmaybe we should do something like allocating IP addresses to ports when subnet is created14:27
slaweqsomething like:14:27
slaweqfor port in network.ports:14:27
slaweqif not port.fixed_ips:14:28
slaweqport.allocate_ip()14:28
mlavalle^^^inside subnet creation14:28
slaweqwhich would be done after subnet creation14:28
obondarevcan it  be undesired behaviour for those using no-IP ports on purpose?14:28
ralonsohbut we can have a subnet withtout ports14:28
slaweqobondarev so we can add maybe config knob to disable this new behavior14:29
slaweqbut use it for HA networks mentioned in https://bugs.launchpad.net/neutron/+bug/201619814:29
obondarevyeah, but if the only reason to do this is HA bug - I'd still fix race condition in traditional way14:29
obondarevby adding wait condition I mean14:30
ralonsohif this is a race condition, then the best way is to use somehow the DB engine14:30
mlavalleI agree with ralonsoh 14:30
opendevreviewSlawek Kaplonski proposed openstack/neutron master: [S-RBAC] Switch to new policies by default  https://review.opendev.org/c/openstack/neutron/+/87982714:30
obondarevmakes sense14:30
slaweqok, so for HA networks bug there are for sure better solutions and ways to fix it14:31
mlavalleat the same time I agree with obondarev that we shouldn't add features to fix a bug14:31
slaweqand for RFE I'm -1 to remove this functionality from our API14:31
ralonsoh-1, agree, there should be another way to prevent this race condition14:32
obondarevso I guess there are several ways to fix the bug, and disallow no-IP port creation seems an overkill14:32
ralonsohis there something that identifies an HA network?14:32
obondarev-1 for RFE14:32
lajoskatonaagree, there should be users who depend on it14:32
ralonsohthat makes it different from other HA networks?14:32
slaweqralonsoh nothing except name IIRC14:32
mlavalleit's just a network14:33
ralonsohbut is created for a router, right?14:33
slaweqit's created for tenant14:33
ralonsohfor a tenant, sorry14:33
ralonsohyes14:33
ralonsohso there we are: we can add a name check in the network creation14:33
ralonsohin the DB engine 14:34
slaweqbut internally it can be identified easy14:34
slaweqit has own OVO object https://github.com/openstack/neutron/blob/47d070c71e795e41e698cdb278d99dcfb3448bde/neutron/objects/l3_hamode.py#L5814:34
ralonsohso there it is!!14:34
slaweqand there is method to find it https://github.com/openstack/neutron/blob/master/neutron/db/l3_hamode_db.py#L9714:35
ralonsohwe can't have more that one L3HARouterNetwork per project14:35
ralonsohright?14:35
slaweqyes14:35
ralonsohso perfect, this condition is perfect for the DB engine14:35
slaweqhttps://github.com/openstack/neutron/blob/master/neutron/db/models/l3ha.py#L6214:35
mlavallethe primary key is the project14:36
ralonsohbut not unique14:36
ralonsohwe need a new class for this14:36
ralonsohbut easily doable14:37
ralonsohwhat do you think about proposing that in the LP bugs?14:37
mlavalleyes, let's do it14:37
slaweq++14:38
obondarev+14:38
lajoskatona+114:38
ralonsohperfect, thank you all, good stuff!14:38
ralonsohlast topic14:38
ralonsohmlavalle: Change in implementation of metadata rate limiting vs spec in order to support IPv614:38
ralonsohplease14:38
mlavalleI've continued the implementation of this feature after the original proposer indicated he couldn't continue doing it14:39
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Fix functional tests modules which are using PluginFixture  https://review.opendev.org/c/openstack/neutron/+/88122814:39
mlavallethe spec,  https://specs.openstack.org/openstack/neutron-specs/specs/2023.1/metadata-rate-limit.html, didn't address ipv614:40
mlavalleipv6 came up in one comment from ralonsoh to the proposed code14:40
mlavalleso addressing that comment, I've added ipv6 support14:40
mlavallethere is an issue, though. the opensource haproxy implementation only allows the tracking of 3 sticky counters14:41
mlavalleto implement the spec with rate limiting for ipv4 and ipv6 at he same time, we would need 4 sticky counters14:42
mlavallebtw, in line 79 here you can see the haproxy limitation: https://paste.openstack.org/show/bAE6IhPh4fQOGqFoxmMu/14:43
mlavalleso I'm proposing a slight change to the spec14:43
mlavallethe deployer would need to decide whether the want to rate limit for ipv4 or ipv6, but not both at the same time14:44
mlavallethat was, we only need two sticky counters14:44
slaweqis that something what can be changed in haproxy in future?14:44
lajoskatonahmmm, sad but reasonable limitation14:45
slaweqTBH I don't think we need to have it for IPv6 for now14:45
slaweqit's not that widely used14:45
mlavalletheir documentation explicitely indicates that the open source version only allows 3 sticky counters14:45
obondarevbetter than just limiting to ipv4 14:45
slaweqIPv4 should be more important14:45
rubasovI agree that currently we force the deployer to choose between ipv4 and ipv6, however I'd suggest to choose a config format that can allow both in the future, if/when we can support both at the same time14:46
mlavallewith my proposal we support both, just not both at the same time14:46
lajoskatona+114:46
slaweqok14:47
lajoskatonaI mean +1 for cfg option which can be used for allowing both14:47
ralonsoh+1, this is an external limitation and we provide to the user the ability to define which one is needed14:47
ralonsohso I think we agree on the proposal14:48
obondarev+114:48
ralonsohmlavalle, make a summary of this conversation in the LP bug14:48
lajoskatona+1, thanks mlavalle14:48
ralonsohand thanks!14:48
mlavallethanks, will do14:48
ralonsohso that's all, anything else you want to discuss?14:48
ralonsohhave a nice weekend!14:49
mlavalleo/14:49
ralonsoh#endmeeting14:49
opendevmeetMeeting ended Fri Apr 21 14:49:31 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:49
opendevmeetMinutes:        https://meetings.opendev.org/meetings/neutron_drivers/2023/neutron_drivers.2023-04-21-14.00.html14:49
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/neutron_drivers/2023/neutron_drivers.2023-04-21-14.00.txt14:49
opendevmeetLog:            https://meetings.opendev.org/meetings/neutron_drivers/2023/neutron_drivers.2023-04-21-14.00.log.html14:49
ralonsohbye14:49
rubasovo/14:49
obondarevo/14:49
slaweqhave a great weekend14:49
slaweqo/14:49
lajoskatonao/14:49
opendevreviewSlawek Kaplonski proposed openstack/neutron-tempest-plugin master: Don't run stable/xena jobs in check/gate queue anymore  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/88123215:00
opendevreviewMerged openstack/python-neutronclient master: Remove the CLI code from the Neutron client.  https://review.opendev.org/c/openstack/python-neutronclient/+/87171115:01
slaweqralonsoh ^^ if You have time15:01
slaweqit will also need https://review.opendev.org/c/openstack/releases/+/88123015:01
dmitriishttps://review.opendev.org/c/openstack/releases/+/880267 - created a change for openstack/releases to bump up the neutron-lib version (related to https://review.opendev.org/c/openstack/neutron-lib/+/870887)15:12
dmitriispasted a wrong link above, should be this instead: https://review.opendev.org/c/openstack/releases/+/88123115:17
opendevreviewLajos Katona proposed openstack/neutron master: Doc: Add FWaaS v2 install details  https://review.opendev.org/c/openstack/neutron/+/88123915:40
opendevreviewLajos Katona proposed openstack/networking-sfc master: Doc: refresh sfc install details  https://review.opendev.org/c/openstack/networking-sfc/+/88124015:43
opendevreviewTerry Wilson proposed openstack/neutron master: WIP Use neutron db for ovn agents  https://review.opendev.org/c/openstack/neutron/+/81885017:28
opendevreviewMerged openstack/neutron master: Remove the ``OVNSqlFixture`` class workaround  https://review.opendev.org/c/openstack/neutron/+/87466917:30
opendevreviewMiguel Lavalle proposed openstack/neutron master: Add rate-limiting to metadata agents  https://review.opendev.org/c/openstack/neutron/+/85887921:36
opendevreviewMiguel Lavalle proposed openstack/neutron master: Add rate-limiting to metadata agents  https://review.opendev.org/c/openstack/neutron/+/85887922:30
« Thursday, 2023-04-20 Index Saturday, 2023-04-22 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!