| grauzikas | Hello, i have made mistake in osa config in octavia group binding - i added linux bridge and im using ovn so i need to provide - "neutron_ovn_gateway”, how now change this without rewriting everything? i tyred to run container-delete —limit octacia_all and reruned setup-hosts, setup-infrastructure, setup-openstack, but didnt helped | 06:48 |
|---|---|---|
| noonedeadpunk | mornings | 07:03 |
| noonedeadpunk | grauzikas: sorry I'm a bit confused about octavia and ovn. are you really meant octavia? or neutron? | 07:07 |
| noonedeadpunk | as octavia kinda uses whatever network neutron is providing | 07:07 |
| noonedeadpunk | (or well except lbaas) | 07:08 |
| noonedeadpunk | but then even for the lbaas network, it's neutron providing connectivity for amphoras | 07:08 |
| noonedeadpunk | so I'm confused what exactly you're trying to re-configure | 07:09 |
| grauzikas | octavia, i have neutron with ovn and i found: | 07:24 |
| grauzikas | https://opendev.org/openstack/openstack-ansible/commit/d35e3e0daef67546eded457a92186eb043575d69 | 07:25 |
| grauzikas | thats why im doing this like this :) i had it working previously, but changed something, reinstalled everything and now not works so trying to figure out what i did to stop it working and as i rememeber i was changing to linux bridge from ovn so i believe this could be issue | 07:26 |
| grauzikas | in ovn scenario there is no amphoras instances, loadbalancer lives in ovn | 07:27 |
| noonedeadpunk | um, I think you're mixing things up a bit | 07:29 |
| noonedeadpunk | so octavia have drivers through which it provides balancing | 07:30 |
| noonedeadpunk | there is an OVN driver, which can be used. | 07:31 |
| noonedeadpunk | but still you totally can use amphora driver as with linux bridges and ovs | 07:31 |
| noonedeadpunk | regarding commit - it kinda makes sense mostly for AIO scenario I'd say | 07:31 |
| noonedeadpunk | outside of aio this should not matter much, imo | 07:32 |
| grauzikas | https://paste.openstack.org/show/b3dPzcxSZHYJUxVRuML7/ | 07:35 |
| grauzikas | this is fragment of my current config | 07:35 |
| grauzikas | im not doing aio its multi server. and i have ml2.ovn | 07:36 |
| grauzikas | and in config i have octavia_enabled_provider_agents \n - ovn | 07:37 |
| grauzikas | im not sure what i did to make it stop working :) dont remember. need to add git to my /etc/openstack_deploy dir :) . but by searching for example on internet i ihave found https://opendev.org/openstack/openstack-ansible/commit/d35e3e0daef67546eded457a92186eb043575d69 and seems it was like this previously | 07:40 |
| noonedeadpunk | ok, so let's a bit iterate of what is not actually working, or how it does not work :) | 07:40 |
| grauzikas | load balancer creates and status active and online | 07:40 |
| grauzikas | but from intsances what running on internal network i cant ping loadbalancer internal vip | 07:41 |
| grauzikas | and attacher to load balancer floating ip also not pings | 07:41 |
| grauzikas | in ports status i can see that loadbalancer port is down | 07:41 |
| noonedeadpunk | oe thing is there's a typo in config we've just patched: https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/927521 | 07:41 |
| noonedeadpunk | how are you creating a load balancer? do you pass `--provider ovn`? | 07:42 |
| noonedeadpunk | as with your config I assume you will end up with amphoras anyway | 07:43 |
| noonedeadpunk | (by default) | 07:44 |
| grauzikas | yhttps://paste.openstack.org/show/bbvPCs8HrVx3ndvvPQlN/es like this | 07:44 |
| grauzikas | ohh… https://paste.openstack.org/show/bbvPCs8HrVx3ndvvPQlN/ | 07:44 |
| noonedeadpunk | so check for the patch I've linked above | 07:45 |
| noonedeadpunk | It could be the reason | 07:47 |
| noonedeadpunk | but also worth checking state of LB in OVN NB | 07:49 |
| noonedeadpunk | ie - check for `ovn-nbctl --no-leader-only list Load_Balancer <balancer_uuid>` from the northd container | 07:50 |
| grauzikas | Yes i already seen this and updated my osa and seems after that i had it working. Anyway trying to reinstall everything from sratch :) | 07:51 |
| johnsom | grauzikas The VIP port is always down in neutron, it's an allowed address pairs port, which means it's a fake neutron port. It will never be up | 08:01 |
| grauzikas | yes, but i cant reach internal vip port from instances in same internal network. 2 instances can comunicate to each other, but cant reach octavia loadbalancer vip in same internal network | 08:06 |
| grauzikas | also floating ip attached to lb is not pingable | 08:07 |
| grauzikas | so now dont rememebr what config was working for me https://paste.openstack.org/show/bLnUZzhm7gWws0H5dNdY/ | 08:09 |
| noonedeadpunk | you probably should not reach it either | 08:12 |
| noonedeadpunk | as balancing is performed in opposite direction :D | 08:13 |
| noonedeadpunk | so it might be "validly" firewalled | 08:13 |
| noonedeadpunk | but floating IP should be pingable iirc | 08:13 |
| noonedeadpunk | but then - it might be not octavia issue but neutron issue | 08:13 |
| grauzikas | neutron seems works because i can use both internal ips and external and router with snat from internal to external | 08:59 |
| grauzikas | Regarding masakari permission issue or should i append something in user_variables or may be im doing wrong? https://paste.openstack.org/show/bjmmXIxlOfrFs3NHXaJo/ | 13:03 |
| fungi | not sure if anyone saw my comments from last night, but is https://opendev.org/openstack/openstack-ansible/src/branch/master/scripts/get-pypi-pkg-version.py used for anything important? if so, upcoming pypi xmlrpc api changes will probably break it | 13:49 |
| jrosser | fungi I did see it but I don’t work Fridays so will take a look next week if no one gets there first | 14:52 |
| fungi | jrosser: cool, just wanted to make sure i wasn't shouting into the void! ;) | 14:52 |
| fungi | based on the notification i linked, we should expect to start seeing intermittent errors from it as of yesterday (they're doing increasingly long brown-out periods for the removal) | 14:54 |
| noonedeadpunk | looking at it - looks like a candidate for clean-up | 15:30 |
| noonedeadpunk | but would need to dig deeper for sure | 15:30 |
| noonedeadpunk | as that looks like very old version of the sha bump script | 15:31 |
| noonedeadpunk | that's not used for years | 15:31 |
| opendevreview | Merged openstack/openstack-ansible master: Remove ceph-server common tasks https://review.opendev.org/c/openstack/openstack-ansible/+/927917 | 16:16 |
| opendevreview | Merged openstack/openstack-ansible-os_skyline master: Enable SSLProxyProtocol for internal backends behind TLS https://review.opendev.org/c/openstack/openstack-ansible-os_skyline/+/927248 | 16:28 |
| opendevreview | Merged openstack/openstack-ansible-os_neutron stable/2024.1: Ensure proper permissions for OVN Metadata service https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/927761 | 16:29 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!