Tuesday, 2023-09-19

« Monday, 2023-09-18 Index Wednesday, 2023-09-20 »
opendevreviewZhouHeng proposed openstack/neutron master: Improve ACL comparison efficiency  https://review.opendev.org/c/openstack/neutron/+/88544900:11
opendevreviewZhouHeng proposed openstack/neutron master: Improve ACL comparison efficiency  https://review.opendev.org/c/openstack/neutron/+/88544901:23
opendevreviewZhouHeng proposed openstack/neutron master: Improve ACL comparison efficiency  https://review.opendev.org/c/openstack/neutron/+/88544901:31
opendevreviewOpenStack Proposal Bot proposed openstack/neutron master: Imported Translations from Zanata  https://review.opendev.org/c/openstack/neutron/+/89552604:25
opendevreviewLajos Katona proposed openstack/tap-as-a-service master: GRE/ERSPAN mirroring for taas  https://review.opendev.org/c/openstack/tap-as-a-service/+/88535707:50
opendevreviewMerged openstack/neutron-vpnaas-dashboard master: Imported Translations from Zanata  https://review.opendev.org/c/openstack/neutron-vpnaas-dashboard/+/88265507:54
SvenKieskecan someone take a look at https://bugs.launchpad.net/kolla-ansible/+bug/2033980 ? it was filed against kolla-ansible but I analyzed it for a bit and this has to do with how neutron handles spawning and especially killing radvd and I want to be sure that's not a bug in neutron.08:33
SvenKieskeI still don't understand line 248 in utils.py: "return converter(f.read()) if converter else f.read()" where does this "converter" come from? is that some helper function in neutron? I was not able to find it, yet.08:35
opendevreviewZhouHeng proposed openstack/neutron master: DNM: test remove some rpc message  https://review.opendev.org/c/openstack/neutron/+/89489108:38
opendevreviewElvira García Ruiz proposed openstack/neutron stable/xena: [OVN] Fix rate and burst for stateless security groups  https://review.opendev.org/c/openstack/neutron/+/89578308:57
opendevreviewMerged openstack/neutron stable/zed: Add 3 secs to wait for keepalived state change  https://review.opendev.org/c/openstack/neutron/+/89566710:44
opendevreviewMerged openstack/neutron stable/yoga: Add 3 secs to wait for keepalived state change  https://review.opendev.org/c/openstack/neutron/+/89566810:44
opendevreviewMerged openstack/neutron stable/xena: Add 3 secs to wait for keepalived state change  https://review.opendev.org/c/openstack/neutron/+/89566910:44
opendevreviewMerged openstack/neutron stable/wallaby: Add 3 secs to wait for keepalived state change  https://review.opendev.org/c/openstack/neutron/+/89567010:44
*** ralonsoh_ is now known as ralonsoh11:07
opendevreviewRodolfo Alonso proposed openstack/neutron master: Add a "port" child table "porthardwareoffloadtype"  https://review.opendev.org/c/openstack/neutron/+/88283211:09
opendevreviewRodolfo Alonso proposed openstack/neutron stable/wallaby: Revert "[OVN][Trunk] Add port binding info on subport when parent is bound"  https://review.opendev.org/c/openstack/neutron/+/89479011:17
ralonsohbcafarel, hi! if you have some minutes: https://review.opendev.org/q/Ifc2d37e2042fad43dd838821953defd99a5f866511:35
ralonsohthanks in advance11:35
bcafarelralonsoh: sure, looking!11:46
bcafarelralonsoh: this needs a 2023.2 one too (and make sure we have it in a new rc?)11:49
ralonsohbcafarel, well yeah, because it didn't land in 2023.2 when it was master11:49
ralonsohI'll propose a patch11:49
gthiemongeHi Folks, in Octavia, we have some (old) code that disables a port (admin_state_up=False) that is connected to a VM, then waits for the status of the port to be DOWN: https://opendev.org/openstack/octavia/src/commit/5ce85105c9b9211df9f2d88c8f1f543120eabaf4/octavia/controller/worker/v2/tasks/network_tasks.py#L1060-L107412:16
gthiemongebut the status is always ACTIVE12:16
gthiemongeI think this behavior changed when we switched to ML2/OVN by default, does it ring a bell? should the status be DOWN for disabled ports?12:17
sahid_o/12:22
sahid_quick question guys, we have in our env 4 neutron servers, wierdly there is one that is taking 4x time more activities time to time12:23
sahid_it's always the same12:24
sahid_we have tried to stop it but then an other neutron server took that same kind of pattern12:24
sahid_so it's not related to the machine12:24
sahid_what could take more activity for a given neutron server compared to the other12:26
sahid_I guess it's not API related as that should be well disptached12:26
sahid_so I imagine it is rpc based12:26
opendevreviewElvira García Ruiz proposed openstack/neutron stable/wallaby: [OVN] Fix rate and burst for stateless security groups  https://review.opendev.org/c/openstack/neutron/+/89578512:45
ralonsohgthiemonge, status for disabled ports is always DOWN12:53
ralonsohwhat do you expect? the transition? the status?12:53
ralonsohjust to understand the OVS-OVN difference12:54
gthiemongeralonsoh: I expect it to be DOWN, but it's ACTIVE12:57
ralonsohok, let me check that first (without octavia)12:57
gthiemongehttps://paste.opendev.org/show/bmCJ7UgnQb0SJnKpdIS2/12:58
gthiemongefor instance ^ this port is disabled and bound, but status is ACTIVE12:58
lajoskatonaralonsoh, gthiemonge: with OVS my bound port status is DOWN after I set admin_state_up=False13:01
lajoskatonaralonsoh, gthiemonge: I have no working OVN env now :-(13:01
ralonsohok, that sounds like a bug, but I need to check13:04
ralonsohin ML2/OVN, if you disable the port, the status=ACTIVE13:04
lajoskatonasahid_: good question, with enough rpc_wprkers that could be ok, I think this is the step one document for rpc workers: https://docs.openstack.org/neutron/latest/admin/config-wsgi.html#neutron-worker-processes13:06
sahid_oh yes interesting point...13:11
sahid_"For rpc_workers, there needs to be enough to keep up with incoming events from the various neutron agents. Signs that there are too few can be agent heartbeats arriving late, nova vif bindings timing out on the hypervisors, or rpc message timeout exceptions in agent logs (for example, “broken pipe” errors)."13:11
sahid_lajoskatona: thank you13:11
SvenKieskeI _think_ I found a bug in the external_process.py handling of removing pid files, but I'm not 100% sure as I'm really no neutron expert, maybe someone can take a look at my last comment here: https://bugs.launchpad.net/kolla-ansible/+bug/203398013:19
ralonsohSvenKieske, will triage this bug during the next meeting. The handling of an external process is done using the same class (dnsmasq, radvd, keepalived, etc). But of course here there could be some additional condition13:26
SvenKieskeralonsoh: thank you! I suspect it's due to external killing or rather crashing of the radvd process, it's a little complicated to debug.13:29
SvenKieskeI can see there are some test cases around that, mhmm, weird.13:31
SvenKieskeah but the unit test cases always directly seem to test eventlet, maybe it's due to the ProcessManager wrapper, anyway thanks for looking into it! I guess you can find the problem way faster then me :)13:32
opendevreviewLajos Katona proposed openstack/tap-as-a-service master: WIP: CLI for Tap Mirrors  https://review.opendev.org/c/openstack/tap-as-a-service/+/88608513:45
opendevreviewRodolfo Alonso proposed openstack/neutron master: Add a "port" child table "porthardwareoffloadtype"  https://review.opendev.org/c/openstack/neutron/+/88283213:47
gthiemongeralonsoh: (sorry I was in a meeting) should I report a bug for ml2-ovn?13:50
ralonsohyes please13:50
ralonsohwe should at least investigate why we have this difference between mech drivers13:51
*** obondarev_ is now known as obondarev14:00
ralonsohPing list: bcafarel, elvira, frickler, mlavalle, mtomaska, obondarev, slawek, tobias-urdin, ykarel, lajoskatona, jlibosva, averdagu, amotoki 14:01
lajoskatonao/14:01
frickler\o14:01
mtomaskao/14:01
jlibosvao/14:01
obondarevo/14:01
ralonsoh#startmeeting networking14:01
opendevmeetMeeting started Tue Sep 19 14:01:42 2023 UTC and is due to finish in 60 minutes.  The chair is ralonsoh. Information about MeetBot at http://wiki.debian.org/MeetBot.14:01
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:01
opendevmeetThe meeting name has been set to 'networking'14:01
mlavalleo/14:01
ralonsohhello all14:01
rubasovo/14:01
elvirao/14:02
haleybo/ (in another meeting if i'm slow)14:02
slaweqo/14:02
ralonsoh#topic announcements14:02
ralonsoh#link https://releases.openstack.org/bobcat/schedule.html14:02
ralonsohThis is the election week14:02
ralonsohbut, at least for Neutron, the result is clear!14:02
ralonsohand we have RC1 released14:03
ralonsohalong with the stable/2023.2 branch14:03
slaweq\o/14:03
mtomaska\o\/o/14:03
lajoskatonacool14:03
ralonsohwe are officially pushing code to Caracal right now14:03
ralonsohso please, remember to make your backports to 2023.2 too, if needed14:03
ralonsohlast week, in advance, is the final release of the RC14:04
ralonsohand, as any week, please check the openinfra channel14:04
ralonsoh#link https://openinfra.dev/live/#all-episodes14:04
bcafarelo/14:04
ralonsohany other heads-up?14:05
ralonsohok, let's jump to the next topic14:05
ralonsoh#topic bugs14:05
ralonsohlast week report is from mtomaska 14:05
ralonsoh#link https://lists.openstack.org/pipermail/openstack-discuss/2023-September/035125.html14:05
ralonsohwe have some pending bugs to review, not assigned yet14:06
ralonsoh#link https://bugs.launchpad.net/neutron/+bug/203516814:06
ralonsohI would lower the priority of this one14:06
ralonsohit is interesting to remove these tables but not mandatory14:06
mtomaskasure it does not seem to be breaking anything14:07
ralonsohI think this is a low-hanging-fruit for anyone "playing" witht the DB migrations14:07
lajoskatonais there a gain if we remove? speed, complexity... ?14:07
ralonsohnothing, to be honest14:07
ralonsohthese tables are not consuming resources14:08
mtomaskaless testing. Maybe I should take a look how long those tests take?14:08
lajoskatonaok, so really low hanging fruit14:08
SvenKieskedeleted code is good code ;)14:08
lajoskatona:-)14:08
ralonsohno no, this is not deleting code but adding new migrations14:08
ralonsohok, next one14:08
ralonsoh#link https://bugs.launchpad.net/neutron/+bug/203557814:08
ralonsohI will ping eolivare to know if he's on this one14:09
ralonsohthis one seems to be related to the zuul configuration14:09
lajoskatonahe left comments on it14:09
ralonsohyes14:09
ralonsohI think they will need to have different zuul configs per stable branch14:09
ralonsohsame as other projects14:09
ralonsohto add the supported (or not) OS and nodes to the branches14:10
ralonsohI'll ping him after this meeting14:10
ralonsohnext one14:10
ralonsoh#link https://bugs.launchpad.net/neutron/+bug/203523014:10
ralonsohIMO, what is happening is that they are creating a port in a network without subnets14:11
ralonsohthat matches with this output14:11
ralonsohbut we need more feedback. Just the port creation API result is not enough here14:11
ralonsohin any case, any other review of this problem is always welcome14:12
ralonsohok, next one14:13
ralonsoh#link https://bugs.launchpad.net/neutron/+bug/203557314:13
ralonsohI've closed this one as duplicated of LP#201619814:13
ralonsohthe problem: the fix for ^^ implies a DB migration14:13
ralonsohso we can't backport it14:14
ralonsohthe problem is that if you send multiple HA network creation at the same time, there is a chance of race condition14:14
ralonsohthat leads to the creation (try to) create 2 HA networks 14:14
ralonsohthe fix: create the network and the HAnetwork register in the same DB transaction14:15
ralonsohthat guarantees the isolation14:15
ralonsohin any case, please review this one just to be sure I'm right (or not) in my conclusion14:15
ralonsohlast one14:16
ralonsoh#link https://bugs.launchpad.net/neutron/+bug/203533214:16
ralonsoha "persistent" issue with OVN+DVR+VLAN networks14:16
ralonsohslaweq, if I'm not wrong, we are going to block that but in some conditions14:17
ralonsohwhen using port forwarding, right?14:17
ralonsohI'll check this week if the LRP options the bug is describing are correct14:18
ralonsohit is complicated the support matrix of redirect-type, reside-on-redirect-chassis and network types14:18
slaweqonly when FIP PF are also enabled14:18
ralonsohbut I think this folk is misunderstanding the concepts here14:19
slaweqhttps://review.opendev.org/c/openstack/neutron/+/89254214:19
ralonsoh"My understanding is that `reside-on-redirect-chassis` is to force traffic to the gateway rather then DVR this should be `True` as Vlan networks will need to go through the chassis gateway for everything where geneve DVR can have this as false to allow for DVR."14:19
ralonsoh^ yes, this one14:19
ralonsohanyway, I'll talk to ltombaso to check if the bug description is correct or there is any misundertanding on how OVN FIP works with VLAN networks14:21
ralonsohI don't have any other bug in this list14:21
ralonsohdo you have any other pending bug?14:21
opendevreviewMerged openstack/neutron master: Imported Translations from Zanata  https://review.opendev.org/c/openstack/neutron/+/89552614:22
aprats-I don´t know if it is the right time to ask, I'm looking for reviews on this one https://bugs.launchpad.net/neutron/+bug/202972214:22
ralonsohthis one seems to be assigned and a patch submitted14:23
ralonsohif the bug is triaged, let's discuss it an the end of the meeting14:23
ralonsohin the on_demand section14:23
ralonsohThis week bcafarel is the deputy, next week will be lajoskatona.14:23
ralonsohakc?14:23
lajoskatonaack14:23
ralonsohack?14:23
bcafarel:) ack14:24
ralonsohthanks14:24
ralonsoh#topic specs14:24
ralonsohbecause we are starting a new release (while closing the last one)14:24
ralonsohlet's start reviewing the pending specs14:24
ralonsoh#link https://review.opendev.org/q/project:openstack%252Fneutron-specs+status:open14:24
ralonsohwe have "Add spec for partial support for OVN Interconnect RFE" on the plate14:25
ralonsohplease let's continue with the revision efforts from the last release14:25
ralonsohok, let's jump to the next topic14:26
ralonsoh#topic community_goals14:26
ralonsohI'll skip the first one, "Add support for the service role in neutron API policies"14:26
ralonsoh2) Neutron client deprecation 14:26
ralonsohlajoskatona, any update?14:26
lajoskatonanothing since last week14:26
lajoskatonaThe pending patches to neutronclient were merged14:27
lajoskatonaI have to jump into this topic and allocate some time to it14:27
lajoskatonathat's it 14:27
ralonsohperfect, I'll remove them from the meeting logs14:27
ralonsohlajoskatona, thanks a lot14:27
ralonsohok, last section14:27
ralonsoh#topic on_demand14:27
ralonsohaprats-, please14:28
ralonsohaprats-, I think you wanted to talk about https://bugs.launchpad.net/neutron/+bug/202972214:29
aprats-Thx, pushed here https://review.opendev.org/c/openstack/neutron/+/890459, I just wanted to know what to do next so I can have this change merged :) 14:29
lajoskatonacoming to IRC and advertising it is a good step :-)14:29
mlavalleyes!14:29
ralonsohso if I'm not wrong, what you want is to have multiple nating14:30
ralonsohfrom https://launchpadlibrarian.net/680342877/Screenshot%20from%202023-08-02%2009-30-17.png14:30
ralonsohsubnet B - subnet A - internet14:30
ralonsohright?14:30
aprats-Only router-ext is natting14:30
ralonsohwhy not router LAN?14:31
aprats-But yes, I want to have the subnet B to be able to use the nat of subnet A (If that make sense)14:31
aprats-Some of our clients wanted to make some kind of DMZ with the subnet A14:31
ralonsohI think you'll need to add routes inside the VM to access to the subnet A interface14:32
ralonsohand from there, access the external GW14:33
ralonsohbut if router LAN is nating between two internal networks, that won't add any default GW 14:33
aprats-Yes but it won't work, that's why I submitted this PR. We have a rule on the dvr that will only route traffic from directly attached networks14:34
ralonsohyes because this is the goal of the router for internal networks14:34
ralonsohthe router won't egress any traffic via subnet A as a external network14:35
ralonsohunless, maybe, you mark IP 10.20.0.1 (router ext, subnet A) as GW of the VMs14:35
ralonsohdid you try that?14:36
aprats-Just to be clear, adding 0.0.0.0/0 via 10.20.0.1 on the router lan routes will solve the routing issue from test_lan to the router_ext14:36
ralonsohexactly14:36
ralonsohso what's the problem then?14:37
aprats-Then there is still an issue, router_ext dvr won´t nat subnet B traffic 14:37
aprats-And that's this behavior that my code fixes 14:37
ralonsohthe problem is that your patch is adding snat to a router between internal networks14:38
ralonsohand that is not how it should work14:39
ralonsohactually you are adding this in the DVR router namespace only...14:39
ralonsoh(sorry)14:40
ralonsohaprats-, I'm not sure about this code (and the lack of testing). I would need to deploy an environment to test it first, just to know that we don't introduce any strange backdoor there14:41
aprats-From my point of view i'm not adding snat capabilities to an privte to private router. I'm whitelisting linked networks to use an actual snat14:41
ralonsohjust one last question (we can discuss this offline)14:42
aprats-Perhaps it needs more testing, perhaps it's not not in the right place (I'm fairly new here) and i'm willing to learn :) 14:42
ralonsohhow a router between two private network will have a GW?14:42
aprats-It has not14:43
ralonsohif self._get_gw_ips_cidr():  # Check if router has a gateway14:43
aprats-This code impact router_ext not router_lan14:43
ralonsohok, as I said, I'll need manual testing (and better description and documentation in this patch)14:44
haleybsorry, am in another meeting, but i think it's a valid bug, but like aprats- mentioned, it seems there is a cleaner place to put this i just don't see it yet14:44
haleybbut we can follow-up in the patch14:44
aprats-What it does is that it lists routes on a external router and will allow networks routed to use the external gateway14:44
haleybs/routes/rules from what i remember right?14:45
ralonsohlet's continue that in the patch14:45
haleyback14:45
aprats-ack14:45
ralonsohany other topic?14:45
haleybi had a quick one14:45
ralonsohplease14:46
haleybnow that 2024.1 is open, i did two patches for testing updates14:46
haleybhttps://review.opendev.org/c/openstack/neutron-tempest-plugin/+/895516 to add 2023.2 tempest jobs14:46
haleybhttps://review.opendev.org/c/openstack/neutron/+/895515 for adding SLURP jobs14:47
haleybany reviews would be great14:47
fricklernote that devstack and grenade aren't ready yet for 2023.214:47
ralonsohright, this is the second SLURP release14:47
lajoskatonafrickler: thanks for the info14:48
haleybfrickler: so do you mean i can't checkout stable/2023.2 in devstack and install? haven't looked actually14:49
fricklerthere is no branch yet14:49
fricklerwaiting for nova and requirements repos to branch14:49
fricklernova should hopefully get done later today14:50
slaweqhaleyb thx, I just commented in Your patch for neutron-tempest-plugin14:51
ralonsohbut for now, the Neutron patch is valid and can be merged (I left a comment)14:51
haleybright, i figured after some time we could make it voting, will need to update CI dashboard14:51
ralonsohok, any other topic14:52
ralonsohplease remember that today there won't be CI meeting14:52
mlavalleyeap14:52
ralonsohbut if you have something urgent, you can ping anyone here in this channel14:52
ralonsohthank you for attending14:53
ralonsoh#endmeeting14:53
opendevmeetMeeting ended Tue Sep 19 14:53:13 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:53
opendevmeetMinutes:        https://meetings.opendev.org/meetings/networking/2023/networking.2023-09-19-14.01.html14:53
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/networking/2023/networking.2023-09-19-14.01.txt14:53
opendevmeetLog:            https://meetings.opendev.org/meetings/networking/2023/networking.2023-09-19-14.01.log.html14:53
mlavalleo/14:53
slaweqo/14:53
lajoskatonao/14:53
bcafarelo/14:54
haleybo/14:54
fricklerykarel|away: ralonsoh: could you please check https://bugs.launchpad.net/neutron/+bug/2031526 ? iiuc it should be resolved14:55
ralonsohyes, it is14:56
opendevreviewRodolfo Alonso proposed openstack/neutron master: WIP test pep8  https://review.opendev.org/c/openstack/neutron/+/89582115:08
opendevreviewMiro Tomaska proposed openstack/neutron master: OVN Metadata handle process execeptions  https://review.opendev.org/c/openstack/neutron/+/89098615:12
opendevreviewBrian Haley proposed openstack/neutron-tempest-plugin master: Add job definitions for 2023.2 (Bobcat) branch  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/89551615:14
opendevreviewAndrew Bogott proposed openstack/neutron-tempest-plugin master: Allow updating of address pair on shared network  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/89024815:19
opendevreviewBodo Petermann proposed openstack/neutron-vpnaas master: Support for libreswan 4  https://review.opendev.org/c/openstack/neutron-vpnaas/+/89582415:42
opendevreviewBodo Petermann proposed openstack/neutron-vpnaas master: Support for libreswan 4  https://review.opendev.org/c/openstack/neutron-vpnaas/+/89582415:43
opendevreviewFernando Royo proposed openstack/ovn-octavia-provider master: Check multiple address of a LRP plugged to LS  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/89582616:01
opendevreviewFernando Royo proposed openstack/ovn-octavia-provider master: Check multiple address of a LRP plugged to LS  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/89582616:31
opendevreviewBrian Haley proposed openstack/neutron master: Remove obsolete radvd PID files before start  https://review.opendev.org/c/openstack/neutron/+/89583217:30
opendevreviewBrian Haley proposed openstack/neutron master: Bump skip-level lower version to stable/2023.1  https://review.opendev.org/c/openstack/neutron/+/89551517:30
opendevreviewJakub Libosvar proposed openstack/neutron master: functional: Use OVN version v22.06.1  https://review.opendev.org/c/openstack/neutron/+/89584919:03
opendevreviewMiro Tomaska proposed openstack/neutron master: OVN Metadata handle process execeptions  https://review.opendev.org/c/openstack/neutron/+/89098619:25
opendevreviewMiro Tomaska proposed openstack/neutron master: OVN Metadata handle process execeptions  https://review.opendev.org/c/openstack/neutron/+/89098619:33
opendevreviewBrian Haley proposed openstack/neutron master: Remove obsolete radvd PID files before start  https://review.opendev.org/c/openstack/neutron/+/89583219:36
opendevreviewMerged openstack/neutron master: Open the 2024.1 (Caracal) DB branch  https://review.opendev.org/c/openstack/neutron/+/89515520:24
« Monday, 2023-09-18 Index Wednesday, 2023-09-20 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!