Thursday, 2020-09-10

« Wednesday, 2020-09-09 Index Friday, 2020-09-11 »
*** skyraven has quit IRC00:09
*** arnoldoree has joined #openstack00:13
*** arnoldoree has joined #openstack00:16
*** gyee has quit IRC00:50
*** rvd has joined #openstack00:54
*** skyraven has joined #openstack02:05
*** skyraven has quit IRC02:10
*** tips has quit IRC02:11
*** chenhaw has quit IRC02:15
*** chenhaw has joined #openstack02:15
*** skme9 has joined #openstack02:18
*** rcernin has quit IRC02:50
*** arnoldoree has quit IRC02:54
*** rcernin has joined #openstack02:59
*** josephillips has quit IRC03:19
*** stac- has quit IRC03:32
*** stac_ has joined #openstack03:33
*** Euph0ria has quit IRC03:34
*** arnoldoree has joined #openstack03:38
*** user_19173783170 has joined #openstack03:46
user_19173783170i want to ask some question, is someone online?03:46
*** user_19173783170 has quit IRC03:47
*** zbsarash1 has quit IRC03:53
*** alexusono has quit IRC04:00
*** alexusono has joined #openstack04:01
*** skyraven has joined #openstack04:06
*** skyraven has quit IRC04:12
*** user_19173783170 has joined #openstack04:39
*** def_jam has joined #openstack04:40
user_19173783170 i want to ask some question, is someone online?04:40
*** eb0t_ has joined #openstack04:40
*** eb0t has quit IRC04:40
*** eblip has quit IRC04:41
user_1917378317011104:41
user_1917378317022204:41
user_19173783170hello04:41
*** user_19173783170 has left #openstack04:42
*** servagem has quit IRC04:44
*** pieguy128_ has joined #openstack04:52
*** pieguy128 has quit IRC04:52
*** bersace has quit IRC05:00
*** matt_kosut has joined #openstack05:01
*** bocaneri has joined #openstack05:11
*** noogie has quit IRC05:13
*** jtomasek has joined #openstack05:17
*** noogie has joined #openstack05:21
*** jtomasek has quit IRC05:22
*** skyraven has joined #openstack05:36
*** zbsarash1 has joined #openstack05:57
*** cah_link has joined #openstack06:13
*** ysastri has joined #openstack06:19
*** qchris has quit IRC06:21
*** ysastri has quit IRC06:23
*** idlemind_ has joined #openstack06:25
*** idlemind has quit IRC06:26
*** imega has joined #openstack06:31
*** qchris has joined #openstack06:33
*** marc2 has quit IRC06:39
*** alexusono has quit IRC06:41
*** slaweq has joined #openstack06:44
*** imega has quit IRC06:49
*** aelshamouty has joined #openstack06:55
*** benfelin has quit IRC06:57
*** jtomasek has joined #openstack07:00
*** benfelin has joined #openstack07:03
*** zbsarash1 has quit IRC07:08
*** bengates has joined #openstack07:15
*** tesseract has joined #openstack07:17
*** imega has joined #openstack07:24
*** lkoranda has quit IRC07:36
*** jcapitao has joined #openstack07:42
*** sergiuw has quit IRC07:45
*** sergiuw has joined #openstack07:45
*** tesseract has quit IRC07:55
*** tesseract has joined #openstack07:56
*** skme9 has quit IRC07:56
*** CeeMac has joined #openstack07:59
*** shyamb has joined #openstack08:03
*** shyam89 has joined #openstack08:13
*** shyamb has quit IRC08:15
*** skme9 has joined #openstack08:15
*** jcapitao has quit IRC08:27
*** rcernin has quit IRC08:35
*** jcapitao has joined #openstack08:36
*** imega has quit IRC08:37
*** jcapitao has quit IRC08:41
*** jcapitao has joined #openstack08:42
*** jtomasek has quit IRC08:45
*** slaweq has quit IRC08:46
*** SecOpsNinja has joined #openstack08:48
*** slaweq has joined #openstack08:49
*** slaweq has quit IRC08:50
*** aj_mailing has quit IRC08:54
*** gmoro has joined #openstack08:55
*** abdysn has joined #openstack08:59
*** manuvakery has joined #openstack09:06
*** shyam89 has quit IRC09:07
*** vexorg has quit IRC09:24
*** vexorg has joined #openstack09:27
*** shyamb has joined #openstack09:29
*** epheo has joined #openstack09:31
*** skme9_ has joined #openstack09:38
*** skme9 has quit IRC09:42
*** pcaruana has quit IRC09:51
*** imega has joined #openstack10:09
*** cah_link has quit IRC10:17
*** slaweq has joined #openstack10:20
*** StevenK has quit IRC10:21
*** sergiuw has quit IRC10:22
*** Lucas_Gray has joined #openstack10:32
*** rcernin has joined #openstack10:38
*** malevolent_ has joined #openstack10:43
*** shyamb has quit IRC10:44
*** malevolent has quit IRC10:45
*** shyamb has joined #openstack10:59
*** StevenK_ has joined #openstack11:19
*** jcapitao is now known as jcapitao_lunch11:21
*** StevenK_ is now known as StevenK11:23
*** omegapoint has joined #openstack11:24
*** epheo has quit IRC11:24
omegapointhey, i have a pretty odd question regarding neutron. We have an openstack deployment (neutron l3 + ml2 with linuxbridge for network) purely for testing MQTT software, which means we have many TCP connections that are established quickly and stay open for longer periods of time. therefore, we often run into conntrack issues. this telco WG request has been largely inactive https://bugs.launchpad.net/neutron/+bu11:27
omegapointg/1506076 so i'm wondering: would it be possible to simply disable conntrack for all my compute nodes entirely with a single iptables rule or something? we don't require any real filtering / security because everything runs in a private network anyway.11:27
omegapointi have tried tweaking conntrack hashtable & hash sizes and we also disable port security in the test deployments but no matter what we have a hard limit on connections we can establish per second and keep open and conntrack seems to be the culprit from the host metrics.11:28
*** shyamb has quit IRC11:43
*** shyamb has joined #openstack11:43
*** aelshamouty has quit IRC11:47
*** shyamb has quit IRC11:52
*** servagem has joined #openstack11:56
DHEomegapoint: from a purely linux standpoint if conntrack is loaded then everything gets tracked. rules to not make use of the data doesn't change that12:01
*** sergiuw has joined #openstack12:03
*** tesseract has quit IRC12:03
omegapointDHE: alright then, would our setup work without loading the conntrack module at all? from my understanding other setups like ones that use ovs rely on conntrack to work at all, but i'm not sure if the l3+ linuxbridge setup requires conntrack in any way12:04
DHEL3 agent hosts (routers) need it because NAT doesn't work at all without conntrack12:05
*** arxcruz|ruck is now known as arxcruz|pto12:05
DHEI honestly don't know how dedicated compute nodes would react to not having conntrack. it's rather necessary for security groups to work12:05
*** tesseract has joined #openstack12:05
omegapointalright that makes sense, so we have to keep it on infra nodes; well we don't use security groups at all anyway (no port security) so i guess i could give it a try at least12:07
omegapointi'm curious to know how calico can selectively disable conntrack and get a performance gain out of it though ( https://www.projectcalico.org/when-linux-conntrack-is-no-longer-your-friend/ )12:08
DHEit can be disabled with iptables. there are two chains listed when you run `iptables -t raw -L` and you can insert a `-j NOTRACK` rule into these. packets matching will not be processed by conntrack. note that you would have to get both directions to be effective12:13
DHEalso note that a cursory look at neutron source does suggest it may insert its own rules so I don't know how well this will scale. and manual rule insertion does rather defeat the point of VM automation12:14
*** jcapitao_lunch is now known as jcapitao12:16
*** Euph0ria has joined #openstack12:17
*** ccha has joined #openstack12:22
*** imega has quit IRC12:30
*** jangutter_ has joined #openstack12:36
*** jangutter has quit IRC12:39
*** imega has joined #openstack12:42
*** imega has quit IRC12:51
*** imega has joined #openstack12:51
*** imega has quit IRC13:15
*** cgfbee has quit IRC13:16
*** jangutter has joined #openstack13:22
*** cgfbee has joined #openstack13:23
*** jangutter_ has quit IRC13:25
*** Goneri has joined #openstack13:26
*** tips has joined #openstack13:30
*** jangutter_ has joined #openstack13:31
*** jangutter has quit IRC13:34
*** jangutte_ has joined #openstack13:34
*** imega has joined #openstack13:35
*** belmoreira has quit IRC13:36
*** jangutter_ has quit IRC13:37
*** zbsarash1 has joined #openstack14:05
*** Euph0ria has quit IRC14:18
*** Euph0ria has joined #openstack14:22
*** jtomasek has joined #openstack14:23
*** morazi_ has quit IRC14:58
*** jangutter has joined #openstack15:02
*** jangutter has quit IRC15:03
*** Euph0ria has quit IRC15:03
*** Euph0ria has joined #openstack15:03
*** morazi has joined #openstack15:03
*** jangutter has joined #openstack15:03
*** jangutte_ has quit IRC15:05
*** random_yanek has quit IRC15:14
*** vultaire has joined #openstack15:15
*** __ministry1 has joined #openstack15:15
*** __ministry1 has quit IRC15:16
*** random_yanek has joined #openstack15:21
*** jangutter_ has joined #openstack15:30
*** jangutter has quit IRC15:33
*** arnoldoree has quit IRC15:34
*** rcernin has quit IRC15:50
*** Lucas_Gray has quit IRC15:52
*** bengates has quit IRC15:58
*** spiral has joined #openstack16:14
*** jcapitao has quit IRC16:16
*** jadonn has quit IRC16:19
*** hamalq has joined #openstack16:32
*** sergiuw has quit IRC16:38
*** abdysn has quit IRC16:38
*** imega has quit IRC16:42
*** cp- has quit IRC16:52
*** cp- has joined #openstack16:57
*** gyee has joined #openstack17:03
*** SecOpsNinja has left #openstack17:09
*** errantekarmico has joined #openstack17:13
*** tonyb has quit IRC17:15
*** errantekarmico has quit IRC17:18
*** skme9_ has quit IRC17:31
*** tesseract has quit IRC17:31
*** skme9_ has joined #openstack17:31
*** skatsaounis has joined #openstack17:33
*** skatsaounis has quit IRC17:33
*** Lucas_Gray has joined #openstack17:42
*** tonyb has joined #openstack17:57
*** skme9_ has quit IRC18:05
*** manuvakery has quit IRC18:05
*** skme9_ has joined #openstack18:08
*** omegapoint has quit IRC18:09
*** gmann is now known as gmann_afk18:11
*** skme9_ has quit IRC18:25
*** errantekarmico has joined #openstack18:46
*** mikecmpbll has quit IRC18:59
*** marc2 has joined #openstack19:15
*** sergiuw has joined #openstack19:19
*** hamalq_ has joined #openstack19:23
*** hamalq has quit IRC19:24
*** Euph0ria has quit IRC19:47
*** Euph0ria has joined #openstack19:51
*** slaweq has quit IRC19:53
*** jangutter has joined #openstack19:53
*** jangutter has quit IRC19:54
*** jangutter_ has quit IRC19:54
*** jangutter has joined #openstack19:54
*** matt_kosut has quit IRC20:06
*** rs09 has joined #openstack20:49
*** errantekarmico has quit IRC20:50
*** errantekarmico has joined #openstack20:53
*** errantekarmico has quit IRC20:55
rs09I have an OpenStack environment that's configured with Federated Keystone (saml2 with ADFS). It works fine, but I'm having trouble when trying to authenticate while using the OpenStack CLI. ADFS also has multi-factor authentication enabled. Does the OpenStack CLI support MFA? For what it's worth, this is the error I'm encountering:# openstack token21:06
rs09issue/S:Envelope/S:Header/ecp:Response/@AssertionConsumerServiceURL should provide a single element list21:06
*** jtomasek has quit IRC21:11
*** scanepa has joined #openstack21:35
*** sergiuw has quit IRC21:45
*** Goneri has quit IRC21:49
*** rs09 has quit IRC22:08
*** rs09 has joined #openstack22:17
*** rs09 has quit IRC22:18
*** vexorg has quit IRC22:26
*** skyraven has quit IRC22:31
*** Lucas_Gray has quit IRC22:35
*** tips has quit IRC22:45
*** gmann_afk is now known as gmann22:49
*** spiral has quit IRC22:53
*** rcernin has joined #openstack22:57
*** rcernin has quit IRC22:59
*** rcernin has joined #openstack22:59
*** benfelin has quit IRC23:11
*** skyraven has joined #openstack23:43
*** random_yanek has quit IRC23:47
*** skyraven has quit IRC23:55
« Wednesday, 2020-09-09 Index Friday, 2020-09-11 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!