Thursday, 2014-10-23

openstackgerritChad Lung proposed a change to stackforge/octavia: PEP8 fixes, spelling fixes
openstackgerritBrandon Logan proposed a change to stackforge/octavia: Doc detailing amphora lifecycle management
*** ptoohill_ has quit IRC14:33
* blogan moves to arizona14:35
* dougwig moves to London14:35
bloganarizona has the london bridge14:36
dougwigit also has that whacknut sheriff14:36
dougwigand this coming from an idahoan.14:36
bloganlondon bridge + whacknut sheriff = problem solved14:36
bloganmestery: Thanks for the +2/+A!16:25
mesteryblogan: Thank you and team for the awesome work!16:25
mesteryNow, on to the next patch :)16:25
bloganlol yes more monster patches!16:26
bloganthe comment to get CI to run again in gerrit is "recheck no bug" right?16:40
*** sbalukoff has joined #openstack-lbaas18:04
dougwigno, just "recheck"18:42
dougwigthey changed it18:42
dougwig+A???!?!??  YES.  thanks mestery18:42
mesterydougwig: We're on our way! :)18:42
bloganwell recheck doesn't work either18:43
dougwigi wonder if it's not monitoring the feature branch?18:44
openstackgerritTrevor Vardeman proposed a change to stackforge/octavia: Defining interface for amphora drivers
blogandougwig: i thoguht once it ran it'd clear out the +1s adn -1s20:00
bloganguess i am wrong20:00
dougwigit used to do that on rebase, but i think they changed it20:00
dougwigrecheck never did that.20:00
dougwigit's done.20:09
dougwigpylint failed.  because the env doesn't exist.20:09
dougwigit'll never pass20:09
dougwigsec, let me work up a master merge.20:09
dougwigstandby, scary 'git review' now running.  :)20:22
bloganyou're rebasing the feature branch?20:23
dougwigwith an empty commit on top, for the cherry (since a simple merge commit was rejected.)20:23
blogani thought we were supposed to wait on doing that20:23
dougwigthat failed too.20:24
dougwigwell, our jenkins will now never pass, since it depends on stuff in master.20:24
bloganhow did that happen?20:25
blogani mean the feature branch should be based on the version of master in which it was first created, unless it got rebased recently20:26
dougwigright, i was attempting to push that rebase to gerrit.  asking mark.20:26
dougwigthen you could go dependent on the rebase, and it'd all chain.20:26
bloganyeah that'd be fine, im just worried this will be a recurring problem20:27
bloganand it wasn't obvious to me that it was a master dependency issue20:27
dougwigi clicked into the jenkins failure to see where it was dying.20:28
bloganoh i didnt even look at the pylint one20:28
*** vivek-ebay has quit IRC20:36
* mestery is at the ready20:36
blogandougwig: thanks20:36
*** vivek-ebay has joined #openstack-lbaas20:36
bloganmestery: thnaks20:36
rm_worksbalukoff: is dustin around?20:37
rm_worksbalukoff: I had a question for him about the diagram from yesterday\20:37
*** VijayB_ has joined #openstack-lbaas20:40
mesteryblogan dougwig: fungi's change merged, I have a 30 minute call and then will try to collapse things back20:59
dougwigok, thanks.21:00
rm_workmestery: i was starting to feel like
xgermanyou use that image a lot21:33
bloganhe printed out a bunch of copies here and spread it around the castle like propaganda21:34
openstackgerritTrevor Vardeman proposed a change to stackforge/octavia: Nova virtual machine driver spec
xgermanprinting I would have liked that a few weeks ago :-)21:36
rm_workxgerman: I like it, because I think it's been pretty accurate to-date21:36
rm_worksbalukoff: yo?21:37
openstackgerritBrandon Logan proposed a change to stackforge/octavia: Doc detailing amphora lifecycle management
blogansbalukoff, dougwig, rm_work, xgerman: ^^22:46
bloganget some eyes on that, its still a WIP but early feedback on the spare amphora lifecycle would be great22:46
sbalukoffSorry! I've been in meetings all day.23:35
rm_workreally i wanted to talk to dustin anyway but you're my channel :P summon him?23:36
sbalukoff(And I've been the one in front of the whiteboard until now.)23:36
sbalukoffLet me see if he's here...23:36
*** dlundquist has joined #openstack-lbaas23:36
rm_workhey dlundquist23:39
rm_workdlundquist: so I had some questions about the diagram from yesterday evening23:40
rm_workbut... i may have forgotten them since I've been pinging at sbalukoff since like 3 hours ago and he's been slacking :P23:41
rm_workgoing to see if I can remember what it was...23:41
rm_workoh, so firstly23:41
rm_work"include Octavia controller API cert" -- would that be via nova metadata somehow?23:42
sbalukoffrm_work: I suggest you look into getting some kind of device which can help you remember things by allowing you to enter these ideas in glyphs that can be stored somewhere external to your brain.23:42
rm_workdo instances have a good way to get their own metadata?23:42
sbalukoff(ie. pencil and paper, or I dunno, a computer.)23:42
rm_worksbalukoff: yes well, I got distracted23:42
rm_workalso, does Bluebox' implementation of Openstack use one huge oslo notification queue?23:43
dlundquistYes, I was expecting to pass the API cert via nova metadata23:43
rm_worklike, Nova uses oslo notifications for events like "VM is ACTIVE"?23:43
rm_workconsidering whether we could connect to that queue and look for those notifications instead of polling23:43
rm_workdlundquist: i guess we would probably also pass the Octavia Controller API endpoint via metadata with the cert23:44
dlundquistyeah, metadata seems like a good way to distribute bootstrap config23:44
rm_workalso, how hard is it to spoof source-ip?23:44
rm_workI know we talked a bit about this yesterday23:45
rm_workand that it's going to be on an internal private network23:45
dlundquistit's pretty hard with standard Neutorn security groups23:45
rm_workso we can trust source-ip for verification23:45
dlundquistthey only permit access from the IP and MAC assigned to the port23:45
dlundquistassuming we don't disable those security groups so we can run multiple IPs23:46
rm_workand are you expecting the "Request CSR signing" to be synchronous?23:46
rm_workor would it be a callback23:46
rm_workIE, request -> response body is the signed cert?23:47
dlundquistWithin the HTTP request/response cycle.23:47
rm_workor, request -> reply 202, then initiate a POST to some endpoint on the Amphora API23:47
rm_workwith the cert23:47
rm_workso, the first one then23:47
rm_workalright, cool23:47
dlundquistat least as a starting point, we can move to a callback/polling later if we need23:47
rm_workand "announce via heartbeat [UDP]" is still the plan?23:47
rm_workWe didn't talk much about that, I honestly put it in there to begin with because I vaguely remembered sbalukoff talking about doing it that way at some point23:48
dlundquistI'm not up to speed on the UDP discussion, but I was originally thinking of a UDP keep alive protocol for amophora, that could also carry fixed length messages such as: 'go fetch updated config' or 'listener ... is down'23:49
rm_workthat would be stateless, right?23:50
rm_worksince it's UDP, we'd have to essentially give the whole state every time, not just "events"23:50
dlundquistI was just envisioning edge level notificatoins23:50
rm_workand giving the whole state could end up large, ie multiple packets, ie problematic for UDP :P23:51
rm_workI think UDP can really only be trusted for "i'm here"23:51
dlundquistAgreed, but it can be used a a signaling method: you have a new config you haven't downloaded23:52
rm_workah, yeah, just repeat that until they download the config :P23:52
rm_workbut again, any message really must fit in a single packet, right? I am not actually great with low-level networking so I am not sure how limiting that is23:53
dlundquist1400 bytes or so23:53
dlundquistI was thinking of a few dozen 1 byte flags23:53
rm_workthat's quite a few characters even23:54
dlundquistyeah, but we probably want to add a HMAC digest23:54
rm_workalright well anyway, that cleared up the only questions I had23:55
rm_workI'm going to translate this diagram into sphinx diagram language and put it in my BP23:55
*** IZebra has joined #openstack-lbaas23:59

