Monday, 2015-04-20

« Sunday, 2015-04-19 Index Tuesday, 2015-04-21 »
*** amotoki has joined #openstack-lbaas00:14
*** woodster_ has quit IRC01:00
*** madhu_ak has joined #openstack-lbaas02:07
*** madhu_ak has quit IRC02:26
*** woodster_ has joined #openstack-lbaas02:28
*** sbalukoff has quit IRC03:07
*** sbalukoff has joined #openstack-lbaas03:20
*** santosh_ns has joined #openstack-lbaas03:22
*** ajmiller has quit IRC04:34
*** vivek-eb_ has joined #openstack-lbaas04:48
*** vivek-ebay has quit IRC04:51
*** BrianShang has quit IRC04:56
*** BrianShang has joined #openstack-lbaas04:57
*** _kiran_ has joined #openstack-lbaas05:15
*** rdekel has joined #openstack-lbaas05:15
*** vivek-eb_ has quit IRC05:20
*** sbalukoff has quit IRC05:34
*** sbalukoff has joined #openstack-lbaas05:51
*** woodster_ has quit IRC06:30
*** kobis has joined #openstack-lbaas06:48
*** apuimedo has joined #openstack-lbaas06:54
*** chlong has quit IRC07:29
*** kiranr has joined #openstack-lbaas07:38
*** _kiran_ has quit IRC07:39
*** _kiran_ has joined #openstack-lbaas07:57
*** kiranr has quit IRC07:57
*** f13o has joined #openstack-lbaas08:47
*** chlong has joined #openstack-lbaas08:50
*** kbyrne has joined #openstack-lbaas08:54
*** apuimedo has quit IRC08:54
*** rdekel has quit IRC09:03
*** chlong has quit IRC09:20
*** pcaruana has quit IRC09:27
*** pcaruana has joined #openstack-lbaas09:30
*** chlong has joined #openstack-lbaas09:32
*** amotoki has quit IRC09:35
*** Tiancheng has joined #openstack-lbaas09:55
*** rdekel has joined #openstack-lbaas10:49
*** Tiancheng has quit IRC10:56
openstackgerritSalvatore Orlando proposed openstack/neutron-lbaas: Remove load_admin_roles from calls to get_admin_context  https://review.openstack.org/17535111:12
*** apuimedo has joined #openstack-lbaas11:38
*** woodster_ has joined #openstack-lbaas11:46
*** apuimedo_ has joined #openstack-lbaas11:55
*** chlong has quit IRC11:58
*** apuimedo_ has quit IRC12:03
*** jschwarz has joined #openstack-lbaas12:33
*** f13o has quit IRC13:07
*** f13o has joined #openstack-lbaas13:12
jschwarzHi guys13:36
jschwarzI'm watching https://www.youtube.com/watch?v=dwAedB1jiYQ and was wondering about the status of L7, HA and TLS in LBaaS v213:36
jschwarzAre they mature enough?13:37
*** apuimedo has quit IRC13:55
*** ajmiller has joined #openstack-lbaas14:08
ptoohilljschwarz: lbaasv2 currently supports TLS and can do HA to an extent. L7 has patch out there but is not complete. Lbaas v2 is still marked as expirimental14:11
jschwarzptoohill, how do I go about using TLS on my lbaasv2?14:14
ptoohilli should say L7 is just not tested/merged. I believe its 'complete' but didnt make it in time14:14
ptoohilljschwarz: do you have lbaasv2 running?14:14
jschwarzptoohill, I have 'q-lbaas' enabled on my devstack, so that must be v1?14:15
ptoohillIf you have lbaasv2 running you will also need barbican. Ill link a wiki article i put together to explain how to build a TLS enabled load balancer.14:15
jschwarzptoohill, I'm looking at the neutron CLI though for options and can't find any14:15
jschwarzthanks :)14:16
jschwarzrdekel, ^14:16
ptoohillhttps://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer14:16
ptoohillThis will help you get lbaasv2 and barbican spun up in devstack and shows how to actually build/test TLS load balancer. Let me know if you have any questions.14:17
jschwarzptoohill, thanks load, we'll look into it14:17
jschwarzptoohill, to what extend is HA available for v2?14:18
*** apuimedo has joined #openstack-lbaas14:18
jschwarzalso will appreciate links for the L7 patches14:18
ptoohillhttps://review.openstack.org/#/c/148859/14:19
jschwarzptoohill, thank you very much14:21
*** f13o has quit IRC14:40
*** f13o has joined #openstack-lbaas14:40
ajmillerblogan and dougwig I would really appreciate reviews of https://review.openstack.org/#/c/173438/ and https://review.openstack.org/#/c/175174/15:05
openstackgerritJohn Schwarz proposed openstack/neutron-lbaas: Prevent deletion of a subnet with lbaas v1 pool  https://review.openstack.org/17438415:11
*** vivek-ebay has joined #openstack-lbaas15:11
*** vivek-ebay has quit IRC15:14
*** xgerman has joined #openstack-lbaas15:16
*** _kiran_ has quit IRC15:18
*** sbalukoff has quit IRC15:25
*** vivek-ebay has joined #openstack-lbaas15:28
*** vivek-ebay has quit IRC15:36
openstackgerritPhillip Toohill proposed stackforge/octavia: Preparing for tempest testing  https://review.openstack.org/17219915:37
*** vivek-ebay has joined #openstack-lbaas15:38
xgermandougwig, blogan: https://s3.amazonaws.com/uploads.hipchat.com/8522/699764/584BqDI9R3dA2uW/Screenshot%20from%202015-04-20%2008%3A40%3A05.png15:41
xgermansome quality metrics for your pleasure15:42
bloganxgerman: looks pretty slick!15:43
xgermanyep, we have a new initiative over here focused on (code) quality15:44
bloganxgerman: is that the ui from rally?15:44
xgermanno, it's the UI from sonar cube our static code analysis tool15:45
bloganxgerman: i like it15:46
dougwigwhat's it say about neutron-lbaas?15:47
blogandougwig: shhh15:47
blogandougwig: thats like a horror movie where the person runs back into the house15:47
xgermanlol15:48
xgermanwhen I get numbers I will post them (we have a whole team tasked with making numbers for us)15:48
dougwigblogan: but if it's chuck norris, the house will run away.15:48
*** kobis has quit IRC15:48
xgermananyhow, from my tox -ecover runs it's not too shabby15:49
xgermanand static code analysis for a dynamic language has it's own challenges15:49
*** mlavalle has joined #openstack-lbaas15:50
*** rdekel has quit IRC15:52
*** rm_work is now known as rm_work|away15:52
*** smcgough has joined #openstack-lbaas15:54
*** smcgough has left #openstack-lbaas15:54
openstackgerritAl Miller proposed openstack/neutron-lbaas: Add Vagrant file that can bring up a working LBaaS devstack  https://review.openstack.org/17517415:59
*** smcgough has joined #openstack-lbaas16:05
*** jorgem has joined #openstack-lbaas16:10
*** apuimedo has quit IRC16:16
*** fnaval has joined #openstack-lbaas16:18
*** apuimedo has joined #openstack-lbaas16:20
*** madhu_ak has joined #openstack-lbaas16:30
*** rm_work|away is now known as rm_work16:31
*** jschwarz has quit IRC16:37
*** vivek-ebay has quit IRC16:42
madhu_akblogan, xgerman: I need reviews for https://review.openstack.org/#/c/171832/, Thanks!16:43
*** bharath has joined #openstack-lbaas16:46
*** jschwarz has joined #openstack-lbaas16:47
*** mwang2 has joined #openstack-lbaas16:50
openstackgerritAl Miller proposed openstack/neutron-lbaas: Add Vagrant file that can bring up a working LBaaS devstack  https://review.openstack.org/17517416:53
openstackgerritAl Miller proposed openstack/neutron-lbaas: Add Vagrant file that can bring up a working LBaaS devstack  https://review.openstack.org/17517416:55
*** f13o has quit IRC16:57
*** vivek-ebay has joined #openstack-lbaas17:02
*** jschwarz has quit IRC17:30
*** jorgem has quit IRC17:33
openstackgerritmin wang proposed openstack/neutron-lbaas: Introduced tempest API tests for openstack/neutron-lbaas  https://review.openstack.org/16843917:38
*** jorgem has joined #openstack-lbaas17:53
*** crc32 has joined #openstack-lbaas17:54
openstackgerritmin wang proposed openstack/neutron-lbaas: Admin API tempest for healthmonitor  https://review.openstack.org/17354217:55
*** jorgem has quit IRC18:09
*** sbalukoff has joined #openstack-lbaas18:13
johnsomTLS made it into LBaaS v2 Kilo18:23
johnsomAck, that was strange, that was an old question and strange scroll back behavior.18:24
*** vivek-eb_ has joined #openstack-lbaas18:27
*** vivek-ebay has quit IRC18:27
dougwigi added stuff to our meetup etherpad: https://etherpad.openstack.org/p/LBaaS-FWaaS-VPNaaS_Summer_Midcycle_meetup18:40
johnsomYou can get it to load?  I get undefined module errors18:41
johnsomAh, reload two worked18:41
dougwigi used it in chrome on a mac, if that makes any difference.18:42
johnsomYeah, I was running chrome too.  Just a strange etherpad error we got when etherpad.openstack had an issue.  Maybe it was just cached poorly18:45
*** jorgem has joined #openstack-lbaas19:06
blogani got that error too on chrome in linux19:11
bloganreload #4 fixed it19:11
*** madhu_ak has quit IRC19:27
*** ajmiller_ has joined #openstack-lbaas19:29
*** ajmiller has quit IRC19:33
*** mwang2 has quit IRC19:33
*** bharath has quit IRC19:34
*** bharath has joined #openstack-lbaas19:34
*** ajmiller_ is now known as ajmiller19:34
*** ptoohill-oo has joined #openstack-lbaas19:37
*** ptoohill-oo has quit IRC19:41
dougwigyikes19:41
dougwigis it the weird name in the url?19:42
johnsomMy guess is it is leftovers of the etherpad outage19:42
xgermanBozeman...19:50
*** mwang2 has joined #openstack-lbaas19:54
bloganbozeman sounds good to me19:58
*** bharath has quit IRC20:04
*** bharath has joined #openstack-lbaas20:04
johnsomI would totally go to Bozeman20:04
xgermanI like that town but it's hard to get to and the national park is still a bit away20:05
bloganexactly!20:07
xgermanok, +120:07
blogani think its a pipe dream bc it'd be hard to get people there and who would host?20:07
bloganalso im not sure i'd be able to go to any of these, no matter the dates20:07
xgermanwell, there is no HP office20:07
johnsomWe need to find some fishing club that needs load balancing20:08
xgermanmaybe the university would host us20:08
xgermana10 can bribe them with some lbs20:08
*** madhu_ak has joined #openstack-lbaas20:08
xgermanI will bring a printer20:08
bloganill bring a cloud20:09
bloganjust an empty box, no one will know20:10
johnsomWell, since you have it covered, I will bring my fly rod20:11
openstackgerritAl Miller proposed stackforge/octavia: Add devstack plugin for octavia  https://review.openstack.org/16779620:14
openstackgerritmin wang proposed openstack/neutron-lbaas: Admin API tempest for healthmonitor  https://review.openstack.org/17354220:31
*** jorgem has quit IRC20:39
*** jorgem has joined #openstack-lbaas20:40
dougwigif we go somewhere without an office ,we can book a hotel conference room.20:41
blogandougwig: under who's bill?20:43
*** jorgem has quit IRC20:44
dougwigi can pay it.20:44
bloganbig bucks20:45
dougwiglooks like 800-2500 or so for a big enough room for 3 days.20:45
blogancan you get hotel rooms for all of us too?20:46
bloganthat'd be grrreat20:46
dougwigha, no.20:46
bloganif we did it in boise, we could all just crash at your house20:47
dougwigsure, i'll just lay out sleeping bags.  it'll be like a slumber party.20:47
dougwigwith scotch.20:47
dougwigwe can also blow up watermelons in the desert.  with a 300 magnum.20:48
dougwigyou know, redneck fun.20:48
bloganyeah!20:48
bloganteam building20:48
bloganshoot apples off each other's head, for trust building20:49
openstackgerritAl Miller proposed stackforge/octavia: Add devstack plugin for octavia  https://review.openstack.org/16779621:00
xgermanI have a gig tent I cna bring so people can sleep in somebody's garden or oarking lot21:10
xgermangig=big21:10
xgermanholds like 8 people21:10
xgerman(according to the manufacturer)21:11
openstackgerritMichael Johnson proposed stackforge/octavia: Fix the common/keystone.py for identity v3  https://review.openstack.org/17557521:14
johnsomblogan ^^^ fixes the keystone 3 issue21:15
*** fnaval has quit IRC21:22
openstackgerritmin wang proposed openstack/neutron-lbaas: Admin API tempest for healthmonitor  https://review.openstack.org/17354221:35
*** madhu_ak has quit IRC21:38
*** madhu_ak has joined #openstack-lbaas21:45
*** fnaval has joined #openstack-lbaas21:48
ptoohilljohnsom: ping21:54
johnsomHi21:55
johnsomLooking at that as I just hit another problem with blogan's code21:55
johnsomBadRequest: Expecting to find domain in project -21:55
ptoohillYea, i got the same, but using the code similar to what is found in the link to neutron_lbaas works with v2 and v3 i just verified21:55
ptoohillill gist it21:56
johnsomCool, yeah, I wanted to read up on Client and then I will update the patchset.21:56
ptoohillFair enough, its not deprecated even though the docs make it seem like it is sorta. The deprecation is referring to 'non-session' based authentication, not the 'Client' itself21:57
ptoohillOthers were confused about that, wanted to clear that up21:57
ptoohilleverything will be/should be using this right?21:58
ptoohillthe keystone.py for any auth related ops?21:59
johnsomRight, it is common21:59
ptoohillasking because im wondering if we should return the client rather then session. ill link example shortly21:59
ptoohillif we return sesison the caller will have to build client themselves21:59
ptoohillI havnt tested this particular code with/in octavia. But testing in intrepter works as expected.22:00
ptoohillhttps://gist.github.com/the2hill/6fb8ff1d06905d98d0bb22:00
johnsomWell, since that code is currently returning the session, I'm not sure I want to do the surgery to swap that out.22:01
ptoohillfair enough22:01
ptoohillthe caller will have to import the client and build themselves is all22:02
johnsomLet me try the client method.  I have octavia code handy in a runnable environment22:02
ptoohillwhich, if the caller builds client, they will have to do the v2/v3 check also and use the appropriate one. If this is a bug fix for auth/v3 it may be good to refactor it. im ok either way i suppose, but with just the sesion being passed as is isnt going to work22:04
ptoohillreason it will work for barbicanclient is because that takes a session, but any other module that needs to use/authenticate with keystone will have to do that22:05
ptoohillmaybe add another method, one that builds/returns client and one that builds/returns session. That would keep it from breaking barbican and allow for other modules to use it without those additional checks22:06
johnsomI'm sort on time, so I'm in "get it functional" mode.  I agree that if we are doing the client work in a bunch of places we should pull that up into this keystone.py22:08
johnsomMy initial test did work.  I need to run two more tests and then I will push up another patchset22:08
ptoohillfair enough. I can add the additional method if need be22:08
johnsomSounds good22:08
ptoohillso it only looks like the barbican and nova modules are using it and both of those clients take the sesions. So if we use the Client and keep it DRY im fine with it the way it is. If we ever need to call keystone directly for authentication then adding the method would be the right way imo22:10
johnsomHmm, with client I'm getting "EndpointNotFound"22:17
ptoohillyoure using v3?22:17
johnsomTesting with v222:17
ptoohillodd22:17
johnsomBTW, that is after auth at the nova call22:17
ptoohilloh, hmm :/22:18
ptoohillso like a service endpoint not found?22:18
johnsomYeah, I guess so22:18
johnsomI even tried throwing in the region name in the client call, but no luck22:19
blogani did a cleanup of it to get it working with v3, never could get a good v3 working and then i forgot to come back to it22:19
rm_workwait what DOESN'T take sessions?22:20
ptoohillThis is how i tested in intrepreter22:22
ptoohillhttps://gist.github.com/the2hill/8b2918679eb876286e6822:22
johnsomWell, I think I can get the current code working, with the tenant hack, if I drop in a domain22:22
ptoohillrm_work: what are you talking about?22:22
johnsomI think rm_work missed part of the conversation22:22
ptoohill:)22:22
rm_workpossibly22:23
rm_worklooks like you are discussing relacing the part that builds a session and have it return a client22:23
bloganptoohill: did yous say other clients would not accept session?22:23
ptoohillthat gist works with v2/v3 using essentialy what would be done in the code22:23
rm_workbut i can't think of why you would ever need to do that22:23
ptoohillno22:23
rm_workall of the other libs just take a session22:23
ptoohillI was saying that if we ever needed to authenticate directly we should return a client not just a session22:23
rm_workerr22:23
rm_workyeah but what would ever require that?22:23
ptoohillright now we return a session because the things that are using use a session22:24
ptoohilli dont know....22:24
rm_workwhat do you mean by "auth directly"?22:24
rm_workget a token?22:24
rm_workbecause if you need it, you can get the token from the session22:24
ptoohillthat was the point, i was sayinghat if we NEED to it would be best to build the client instead of making the caller do the v2/v3 checks22:24
ptoohillhow so?22:24
bloganthat can be another method then22:24
bloganthis method is called get_session22:24
bloganwe can have a method called get_client if we want22:25
ptoohillexactly what i was saying above, blogan22:25
ptoohill><22:25
rm_worki thought we were hiding the checks from the user?22:25
ptoohilllol22:25
ptoohillyes,22:25
bloganptoohill: okay then, works for me22:25
rm_workwhatever, guess you guys have *whatever it is you're doing* under control22:25
ptoohillto explain mysef better22:25
ptoohillwell, first you say you can get a token from the session?22:26
ptoohillwhats that call look like?22:26
ptoohillif so then my point is moot22:26
bloganwhen do you need to get the token?22:26
rm_worknot sure why you need anything other than a session, but yes, you could always add a method that builds a Client (though I would argue that if you need to use a Client instead of a session, you are doing something wrong)22:26
rm_workuhh let me get the code22:26
rm_worksec22:26
ptoohillit was just a suggstion for if something ever needed it22:26
bloganyeah i dont think you're advocating for it now are you?22:26
rm_workif something ever needed a Client, the correct solution would be to patch it to use a session instead >_>22:27
ptoohillno22:27
ptoohilli was saying we 'could' at some point22:27
bloganwell that solution would not be feasible if we needed something to work now22:27
ptoohillif we needed22:27
bloganso are there any clients that do not take session?22:27
ptoohillso you can do session.get_token?22:27
rm_workessentially22:27
rm_workwas going to find the actual code22:27
ptoohillthen my argument is moot, i thought you needed client22:28
rm_workFFS, ERR_SSL_PROTOCOL_ERROR on github.com22:28
rm_workwtf is wrong with my machine22:28
bloganwhat do you need the token for?22:28
ptoohilli tried with session and couldnt get anythg22:28
ptoohilland examples all show calling from the ient22:28
ptoohillwe dont need it for anything right now22:28
bloganokay22:28
ptoohillit was just a suggestion..22:28
ptoohilli was mostly talking about using the method in my example instead of Password22:28
ptoohilland then those thoughts came up, i was not saying we needed anythg right now22:29
bloganwell since v2 password and v3 password take different required arguments, it makes it a bit more complicated, not something easily overcome22:29
ptoohilli have futuristic on my badge, im sorry22:29
ptoohill.....22:30
ptoohilluse Client................................22:30
ptoohillim not making self clear. im sorry22:30
bloganare you sure Client is not deprecated?22:30
ptoohillno, its not22:30
ptoohillnon-session authentication is deprecated22:30
ptoohillweve discussed this before22:30
blogani know and i dont think i was ever convinced22:30
bloganbc client sounds like non-session to me22:31
rm_workclient is a stage in the "get a session" code anyway22:31
rm_worklol22:31
rm_workanyway yess22:31
rm_workif you have mysession22:32
rm_workmysession.get_token()22:32
rm_workgives you the token22:32
rm_workjust verified22:32
rm_workand that way you're still properly using the single cached session22:32
ptoohillif you look at the docs where it says that it says that 'here's example of non-session, dont use this' but, if you use session you can add other args like below22:32
ptoohillok, then cool. my argument and head esplodes is moot. im sorry ><22:32
rm_worklulz22:33
rm_worksorry, i have a habit of jumping into conversations like halfway through22:33
rm_workwhen i see something i worked on being talked about22:33
bloganptoohill: from the docs: "A Session should be passed to the Client instead."22:34
bloganits just not overtly clear because they just import keystoneclient.client22:34
johnsomSorry, someone walked up to my desk.  Reading the scroll back22:35
openstackgerritMerged openstack/neutron-lbaas: Use TLS container UUIDs in Radware LBaaS  https://review.openstack.org/17327822:35
openstackgerritMerged openstack/neutron-lbaas: Add Kilo release milestone  https://review.openstack.org/17449722:35
ptoohillcomp died. Sorry for the confusion guys, i was just trying to get my point across about using Client vs Password and thought a client was required if we wanted to use it directly. But thats not the case and i was over thinking things. My apologies22:36
bloganptoohill: you get my last message?22:37
ptoohilli dont see it22:37
bloganptoohill: still abotu what is deprecated and not22:37
ptoohilli see adams message as last thing22:37
rm_workblogan: they keep importing the client because you have to make a client to make a session :P22:37
rm_workblogan: you just never *use* anything besides a session22:37
bloganrm_work: i'm looking at the section about the deprecated version of doing it22:37
ptoohillif you see thing saying Client is deprecated then ok, i stand corrected. But the docs is misleading imo and i believe its not22:37
rm_workClient is supposed to be deprecated for use with other libs22:38
bloganptoohill: from the docs: "A Session should be passed to the Client instead."22:38
ptoohillyea22:38
rm_workBUT again, you still have to MAKE A CLIENT to make a session22:38
rm_worksooooo22:38
rm_workit's a little wonky22:38
johnsomI just need the auth to work.  Right now I can get farther with the tenant_name hack and passing a domain.22:38
bloganbut passing the credentials into the clients does not sound right22:38
ptoohillThen im just incredibly confused, if Client is deprecated then we will need it the way it was22:38
rm_workjohnsom: i am confused as to why you'd be having auth problems. AFAIK the auth in keystone.py works in devstack for v2/v322:39
johnsomClient blows chunks both v2 and v3 against our public cloud for whatever reason.22:39
rm_workbecause we use it in neutron-lbaas22:39
rm_workah, maybe custom HP stuff for your keystone deploy?22:39
ptoohillThen thats a whole 'nother problem then ><22:39
rm_workblogan: https://github.com/stackforge/octavia/blob/master/octavia/common/keystone.py#L4722:39
johnsomrm_work Nope, testing octavia on devstack now.  v3 breaks with the "tenant_name" that has disappeared.22:39
bloganrm_work: i've seen that22:40
ptoohillredundancy is too is too22:40
rm_workblogan: that is, AFAICT, correct22:40
johnsomrm_work fix that and it throws: BadRequest: Expecting to find domain in project22:40
bloganrm_work: well no docs use that form, and i thought i tried that out and couldn't get it working22:40
rm_workblogan: the docs are old and sucky22:40
ptoohilland youre using what i had in the gist johnsom22:40
ptoohillor still using the identiy.client22:40
rm_workI literall just did this right now against our public cloud22:41
ptoohillsame22:41
johnsomrm_work No HP code in devstack, it's stock22:41
rm_workjohnsom: then i don't know why your identity stuff is breaking <_< works for me22:41
bloganim gonna try it in devstack22:41
bloganof course i can't get v3 working in devstack22:41
rm_workjohnsom: and remember we use the exact same code in neutron-lbaas22:41
ptoohillare you using the imports from like whats here22:41
ptoohillhttps://gist.github.com/the2hill/6fb8ff1d06905d98d0bb22:41
rm_workblogan: really? works in mine22:41
bloganrm_work: you have v3 deployed in your devstack?22:41
ptoohilland if you want to test via intrepreter use this22:42
rm_workblogan: yes22:42
ptoohillhttps://gist.github.com/the2hill/8b2918679eb876286e6822:42
bloganrm_work: how?22:42
rm_workblogan: if you have "keystone" enabled, both are deployed automatically22:42
ptoohilli just tested mine with v2/v3 in fresh devstack also22:42
johnsomv2 has worked, v3 was borked on tenant_name and the domain thing22:42
johnsomIt could be I have new versions and this is a fresh devstack from Friday22:42
ptoohillare you using Password?22:43
ptoohilljust want to be clear what youre trying22:43
rm_workhmm22:44
rm_workoh right22:44
rm_workthat is interesting22:44
johnsomOye: DevStack - Password fails as octavia is in head on v3.  Fix tenant_name to project_name, v3 gets to domain error.22:44
rm_workwe didn't update Octavia to match Neutron-lbaas yet did we22:45
johnsomDevStack - client works v3.22:45
rm_workyeah sorry, uhhh22:45
rm_worklook at the neutron-lbaas version22:45
rm_workwhich is actually probably what ptoohill linked22:45
blogani tis22:46
johnsomHP Cloud, v2 works from octavia head, v3 doesn't.  Client doesn't work v2 or v3 with strange errors about missing nova endpoints (with and without region )22:46
bloganjohnsom: both versions work with devstack?22:47
johnsomDevStack -Client works v3. haven't tested v222:47
johnsomYour code, I can get working with some changes22:48
johnsom"your code" meaning the last patchset you pushed up.22:48
rm_workyeah it's based on https://github.com/openstack/neutron-lbaas/blob/master/neutron_lbaas/common/cert_manager/barbican_cert_manager.py#L7322:48
rm_workwhich is the correct version, sorry22:48
rm_worki was looking at that locally in pycharm but then linked the octavia version, which is incorrect T_T22:48
rm_workthough that can be simplified to match ptoohill's gist22:49
johnsomrm_work That's the stuff that for whatever reason isn't working against HP cloud.  I'm guessing a region issue22:49
rm_workhmm22:49
rm_workyeah but it all works in devstack, correct?22:50
rm_workso yeah, something about the HP keystone deployment is wonky possibly22:50
johnsomYes22:50
rm_workto be fair, we can't even test v3 outside of devstack because RAX has no v3 deployment >_>22:50
johnsomThat code doesn't do the regions right I think.22:51
rm_workand our v2 deployment isn't ACTUALLY keystone22:51
rm_workSOON (tm)22:51
johnsomEven when I add region_name to the neutron-lbaas code it comes back with bad nova endpoints.22:52
johnsomUgh22:52
rm_workah yeah all of our DCs (and the devstack setup) are single-region22:52
rm_workerr, though keystone is global I think22:52
rm_workso actually that's wrong22:52
rm_workRAX keystone has regions22:52
rm_workdunno <_<22:53
openstackgerritGerman Eichberger proposed stackforge/octavia: Implements the haproxy amphora agent api server  https://review.openstack.org/16003422:57
*** bharath has quit IRC22:58
*** bharath_ has joined #openstack-lbaas22:58
ptoohillso Client is deprecated?22:58
johnsomYeah, ok, the Client stuff isn't getting the right nova endpoint on devstack either.22:59
johnsomGoing to go back to Password, add domain, see if I profit22:59
ptoohillis that a v3 bug in general then?22:59
rm_workerr but I don't think Password is valid for v323:00
ptoohillv2/v3 use the same db right?23:00
ptoohillwas sorta my point as to why use Client.. but if its deprecated i dont know what to use23:01
ptoohillIll be on a bit later23:02
rm_workerr23:04
rm_workso23:04
rm_workusing keystone.Client itself is not deprecated23:04
rm_workyou NEED to do that in order to make a session.Session()23:04
rm_workbut *passing a Client to another lib* is deprecated23:05
rm_workptoohill: ^^23:05
rm_workonly supposed to pass session objects23:05
johnsomptoohill blogan rm_work This works on devstack v3: https://gist.github.com/anonymous/4f8a83713880645426bc23:10
johnsomRun as a test, not code I would check in23:11
bloganjohnsom: do you even need project_name?23:28
johnsomNot sure, haven't tried it without23:28
bloganjohnsom: well doesn't matter, we'll already have that in the config, might as well use it23:29
rm_workbbl23:29
bloganjohnsom: okay i think using the Password object is the way to go, talked to a keystone guy in #openstack-keystone and he did say instantiated the Client and then using that as the auth part of the session was odd23:29
johnsomblogan Ok, so should I add those domains to the config and leave the code like that?23:30
bloganjohnsom: i honestly dont know what the domains do and what user_domain_name and project_domain_name do23:31
*** rm_work is now known as rm_work|away23:31
johnsomI don't either, other than make the errors go away.23:31
bloganjohnsom: lol config option of make_keystone_errors_go_away works23:32
johnsomThere is reference here: https://bugs.launchpad.net/python-openstackclient/+bug/137549523:32
openstackLaunchpad bug 1337422 in python-openstackclient "duplicate for #1375495 document different ways to authenticate" [Medium,Fix released] - Assigned to Dean Troyer (dtroyer)23:32
bloganyeah i saw that one23:32
bloganmay as well put a config option for both that way they're configurable23:33
bloganfix it later when we realized what we need from it23:33
johnsomSounds good, I will update the patchset.23:34
*** chlong has joined #openstack-lbaas23:34
bloganjohnsom: alright thanks, you get my comment about building the kwarg dictionary?23:34
johnsomLooking23:35
johnsomYeah, sure, NP23:36
ptoohillWhen i was testing i had to use domain also, until i configured it like my example. Sorry late to the convo i just dont understand why you would be getting errors with Client when its been tested by others and works23:42
*** crc32 has quit IRC23:43
openstackgerritAl Miller proposed stackforge/octavia: Add devstack plugin for octavia  https://review.openstack.org/16779623:46
*** ajmiller has quit IRC23:51
*** openstackgerrit has quit IRC23:58
*** openstackgerrit has joined #openstack-lbaas23:58
« Sunday, 2015-04-19 Index Tuesday, 2015-04-21 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!