Friday, 2015-07-31

*** mlavalle has quit IRC00:06
*** apuimedo has joined #openstack-lbaas00:08
*** SumitNaiksatam has quit IRC00:17
*** bharath has quit IRC00:18
openstackgerritmin wang proposed openstack/neutron-lbaas: WIP - Octavia driver
openstackgerritmin wang proposed openstack/neutron-lbaas: Set up the gate for LBaaS v2
*** minwang2 has quit IRC00:54
*** SumitNaiksatam has joined #openstack-lbaas01:00
*** madhu_ak has quit IRC01:01
*** bharath has joined #openstack-lbaas01:19
*** vivek-ebay has quit IRC01:24
*** Tiancheng has joined #openstack-lbaas01:27
*** Tiancheng has quit IRC01:31
*** Tiancheng has joined #openstack-lbaas01:32
*** bana_k has quit IRC01:52
*** bharath has quit IRC02:03
*** bharath has joined #openstack-lbaas02:05
*** cing has joined #openstack-lbaas02:08
*** apuimedo has quit IRC02:10
*** bharath has quit IRC02:10
*** openstackgerrit has quit IRC02:31
*** openstackgerrit has joined #openstack-lbaas02:32
*** KunalGan_ has quit IRC02:32
*** rm_you| has quit IRC02:39
*** rm_you has joined #openstack-lbaas02:40
*** rm_you has joined #openstack-lbaas02:40
*** madhu_ak has joined #openstack-lbaas03:01
*** bharath has joined #openstack-lbaas03:07
*** bharath has quit IRC03:11
*** Tiancheng has quit IRC03:23
*** Tiancheng has joined #openstack-lbaas03:23
*** h00327910__ has quit IRC03:28
openstackgerritBrandon Logan proposed openstack/octavia: Decouple amp driver from network using new models
bloganrm_work, xgerman: ^^03:45
*** bana_k has joined #openstack-lbaas03:49
*** Tiancheng_ has joined #openstack-lbaas03:58
*** Tiancheng has quit IRC03:58
*** haigang has joined #openstack-lbaas04:07
*** fnaval has quit IRC04:08
rm_workkk blogan04:14
*** fnaval has joined #openstack-lbaas04:15
*** vivek-ebay has joined #openstack-lbaas04:21
*** ajmiller has quit IRC04:25
rm_workblogan: you really didn't make that any clearer...,cm04:27
rm_workvery confusing04:27
rm_workand id() wtf04:27
rm_workwhat is going on there04:27
rm_workwas that a typo?04:27
*** bharath has joined #openstack-lbaas04:33
*** bharath has quit IRC04:38
*** bharath_ has joined #openstack-lbaas04:54
*** bharath_ has quit IRC04:56
*** minwang2 has joined #openstack-lbaas05:15
*** rm_work is now known as rm_work|away05:16
*** madhu_ak has quit IRC05:23
*** ig0r_ has joined #openstack-lbaas05:24
*** numan has joined #openstack-lbaas05:29
*** KunalGandhi has joined #openstack-lbaas05:30
*** KunalGan_ has joined #openstack-lbaas05:49
*** KunalGandhi has quit IRC05:52
*** ig0r__ has joined #openstack-lbaas06:11
*** ig0r_ has quit IRC06:12
openstackgerritMerged openstack/neutron-lbaas: Tempest tests for Members using testscenarios
*** vivek-ebay has quit IRC06:46
*** minwang2 has quit IRC06:49
*** jschwarz has joined #openstack-lbaas06:59
*** KunalGan_ has quit IRC07:05
*** jschwarz has quit IRC07:09
*** vjay4 has joined #openstack-lbaas07:16
*** vjay4 has quit IRC07:22
*** bana_k has quit IRC07:53
*** bharath has joined #openstack-lbaas07:57
*** bharath has quit IRC08:01
*** Tiancheng_ has quit IRC09:27
*** Tiancheng has joined #openstack-lbaas09:28
openstackgerritMerged openstack/neutron-lbaas: Tempest tests for Listener using testscenarios
openstackgerritMerged openstack/neutron-lbaas: Killed existing downgrade rules in migration scripts
*** Tiancheng has quit IRC09:36
openstackgerritMerged openstack/neutron-lbaas: Install HAProxy 1.5 on Ubuntu Devstack
openstackgerrityaowei proposed openstack/neutron-lbaas: modify loadbalancer to support sorting and paging. Closes-Bug: 1452529
openstackbug 1452529 in neutron "Lbaas object query doesn't support sorting or paging" [Wishlist,In progress] - Assigned to yaowei (yaowei)10:12
openstackgerrityaowei proposed openstack/neutron-lbaas: modify loadbalancer to support sorting and paging. Closes-Bug: 1452529
openstackbug 1452529 in neutron "Lbaas object query doesn't support sorting or paging" [Wishlist,In progress] - Assigned to yaowei (yaowei)10:15
*** numan has quit IRC10:35
*** Tiancheng has joined #openstack-lbaas11:02
openstackgerritEvgeny Fedoruk proposed openstack/neutron-lbaas: Fixing Radware LBaaS v2 driver bugs
*** ig0r__ has quit IRC11:15
*** ig0r_ has joined #openstack-lbaas11:19
*** Tiancheng has quit IRC11:28
*** cing has quit IRC11:51
*** amotoki has quit IRC12:03
*** numan has joined #openstack-lbaas12:07
*** haigang has quit IRC12:25
*** h00327910__ has joined #openstack-lbaas14:23
*** mlavalle has joined #openstack-lbaas14:28
*** fnaval has quit IRC14:39
*** ajmiller has joined #openstack-lbaas14:40
*** fnaval has joined #openstack-lbaas14:53
*** vivek-ebay has joined #openstack-lbaas14:55
*** chlong has quit IRC14:57
*** minwang2 has joined #openstack-lbaas14:57
*** diogogmt has joined #openstack-lbaas15:00
openstackgerritElena Ezhova proposed openstack/neutron-lbaas: Refactor v2 scenario tests
openstackgerritElena Ezhova proposed openstack/neutron-lbaas: Add scenario test for load balancer's session persistence
diogogmtdoes anybody know the latest state of the lbaas v2 api?15:01
diogogmtit is flagged as experimental on the officlal docs, would it be stable in the kilo release?15:02
*** vivek-ebay has quit IRC15:03
*** chlong has joined #openstack-lbaas15:11
*** numan has quit IRC15:16
*** johnsom_ has joined #openstack-lbaas15:22
*** bharath has joined #openstack-lbaas15:27
albertomdiogogmt: i was about ot ask the same15:27
diogogmtalbertom: even for the lbaas v1, do you know a good reference for an overview of its components? including pool, vips and members? i want to understand the rationale of setting the external lb port on the VIP and not on the pool, also why the pool and the VIP accept a protocol attribute15:29
albertomcrap, I saved the scripts that worked for me but not the sources15:29
* albertom did it last week15:29
albertomthe protocol is for the health monitor15:30
albertomit accepts http, and ping15:30
albertomand i think other one i am missing15:30
albertomwith ping, it will mark the node as UP if it replies the ping, (but that doesnt mean the http service is up and running)15:31
albertomso it could potentially route request to a host that appears to be UP but it isnt15:31
albertomwith the http protocol you ensure the host is up by having a 200 response from the web server on that node15:32
albertomthe VIP is the entry point, any request issued to the VIP will be redirected to the nodes in the pool,15:33
albertomand to make it accesible from the outside, you map a floating ip to the VIP15:33
*** vivek-ebay has joined #openstack-lbaas15:34
albertomaccording to this guy lbaasv2 is supported in kilo15:40
* albertom tries to enable15:40
diogogmtalbertom: what i’m saying is that both the pool and the VIP ask for a protocol (HTTP,HTTPS,TCP) — do you know where the pool protocol is used and the VIP protocol is used? why have two different protocols and not just on in the VIP?15:41
albertomoh got it15:41
albertomno idea :)15:41
diogogmtalbertom: looks like the lbaas v2 api drop the concept of a VIP completely15:42
diogogmtalbertom: they introduce listeners instead, similar to the ELB aws api15:42
*** vivek-ebay has quit IRC15:42
diogogmtalbertom: even the lbaas v2 documention is pretty confusing, check this out: the POST /v2.0/lbaas/listeners says: protocol: The protocol the front end listens for. Must be TCP, HTTP, or HTTPS.15:43
diogogmtand the POST /v2.0/lbaas/pools says: protocol: The protocol this pool and its members listen for. Must be one of TCP, HTTP, or HTTPS15:44
diogogmtso if i understand correctly the pool defines the protocol and port the members will be listening on and the listener defined the external protocol the lb will be listening on?15:44
diogogmtalbertom: but the POST /v2.0/lbaas/pools/​{pool_id}​/members still accepts a port: protocol_port The port that the member is listening to receive traffic.15:45
diogogmtwhat is the rationale for defining port numbers in three different places? in the pool, listener and member?15:45
albertomand in th ehealth monitor15:46
albertomneutron lb-healthmonitor-create --delay 5 --type HTTP --max-retries 3 --timeout 215:46
diogogmtalbertom: i’m reading through the api docs and it seems that the LISTENER defined the external properties for the loadbalancer and the POOL defined the internal properties for the LB15:48
diogogmtbut again, why have pools and listeners, why no just one entity defined both the external and internal properties?15:48
diogogmtanybody knows the logic behind the desing? are there any use cases validating the flow?15:48
albertombecause the nodes can be listening in different ports ?15:48
diogogmtthe members of the pool? in most use cases you could have the lb external port listening on port 80 and the internal members listening on port 808015:49
diogogmti don’t see the use case where the members would be listening on two different port, like 8080 and 909015:49
albertomcrazy people :P15:50
diogogmtalbertom: do you know what i mean? the use case usually is for application that need to be loadbalanced — in the case of webapps the external LB listens on port 80 and then dsitributes the traffic to the members that could be listening on any port **but all members are listening on the same port**15:51
potholediogogmt: Where you do you see port defined on the pool itself?15:53
albertom neutron lb-pool-create --lb-method ROUND_ROBIN --name mypool --protocol HTTP --subnet-id $subnetid15:53
albertomso you dont define the port on the pool, but the protocol15:53
albertomyou define the port on the vip/listener and on each member15:54
diogogmtpothole: in the official v2 docs:
potholeI am not seeing the port15:54
diogogmtpothole: check the POST /v2.0/lbaas/pools request attributes15:55
diogogmtprotocol_port: The port on which the front end listens. Must be an integer in the range from 1 to 65535.15:55
potholein the response15:55
diogogmtpothole: no, it lists right at the top15:55
diogogmtThe caller of this operation must specify these pool attributes, at a minimum:15:55
diogogmtand then protocol_port is one of the attributes15:55
potholeOh, i see. So this is most likely a copy-past error then.15:57
potholeWe have plans on updating this a a lot of other things. We have been busy actually getting code to work. If you have time and feel like contributing please feel free to help update our documentation!15:58
diogogmtpothole: no worries, i’m just trying to understand the flow of the v2 api, currently we don’t have the v2 enabled on our environment so i’m makinf some design decisions of our app based on the docs16:00
diogogmtpothole: a question for you: on the v2 api, can a pool have multiple listeners? what is the realationship between the pool and the listeners?16:01
potholeRight now the functionality is not there, and is something planned for the near future, but, a listener can have multiple pools16:02
fnavalquestion: will neutron-lbaas support xml?16:03
potholexml is dead fnaval16:03
fnavalpothole: k thats what i thought.  thanks16:04
diogogmtpothole: how would it work in the scenario where the listener have multiple pools? correct me if i’m wrong but the listener is define the external port+protocol of the LB, lets say HTTP:80 — then the pool defined the group of instances that will be loadbalanced, the internal port is defined when the instance is added to the pool , example 8080— what is the use case for having multiple pools connected to a sing16:06
potholewas away from comp, but what xgerman said16:09
xgermanyeah, L7 is planned for Liberty16:09
diogogmtpothole: xgerman what do you mean?16:10
*** KunalGandhi has joined #openstack-lbaas16:10
potholeLayer 7 load balancing16:10
xgermanL7 is tye abikity to send e.g. to a different pool then
xgermanerr http for the second one16:10
potholeeh, that might be an old one. But gives some detail16:12
diogogmtpothole: thanks, but how does L7 switching relates to listeners having multiple pools? would one pool of instances be serving only static content while a different pool can be hosting a rest api?16:15
diogogmtin the document you linked it makes mentions to the rule and policy APIs16:16
*** KunalGandhi has quit IRC16:16
albertomhow do i enable the v2 api ?16:16
albertomI ahve put16:16
albertomservice_plugins = router,lbaasv216:16
albertomin neutron.conf but neutron-server fails to start with it16:16
albertomit is fine with service_plugins = router,lbaas16:17
*** TrevorV has joined #openstack-lbaas16:17
xgermanwe also have some hit and miss vagrant script in the project16:18
xgerman(not really on top of updating that script)16:18
openstackgerritTrevor Vardeman proposed openstack/octavia: Adding amphora failover flows
potholediogogmt: That is indeed one of the valid use cases for L716:22
potholeSay you want to have a group of instance that serve the images for your site, you set up the pool to serve those images and create a rule that when the image is queried the pool serving the images will be used. Otherwise all other requests go to the other pool16:23
potholeThere's a lot more advanced and complex cases that can be used here. L7 is quite neat16:24
*** vivek-ebay has joined #openstack-lbaas16:25
diogogmtpothole: ok, thanks buddy, that makes a lot more sense now — which place would you recommend i go to find the official docs for the features already implemented and the ones that are being worked on for the lbaas v1 and v2?16:25
xgermanlbaasv1 is not being worked on… and won’t see any updates16:26
potholeWell, unfortunately we dont really have that yet, or atleast not somewhere official i dont think.  v1 is going aaway and nobody is working on it16:26
potholeyea :P16:26
diogogmtkk, i’ll just hang around the irc channel and keep my ears up for the new features being worked on then16:27
potholeL7 is being worked on, and you can always view gerrit/launchpad for tickets/patches/bugs16:27
xgermanalso we occasionally make specs for the things we work on...16:28
potholeThat is probably the most accurate/up-to-date representation of what we are doing and what we plan on doing16:28
diogogmtpothole: xgerman since you guys are actively working on the lbaas v2 you could probably be able to answer this question: on AWS ELB the offer a feature where you can only have one pool of servers but multiple listeners, for example, the domain could have one listener mapping the external port 80 to internal port 8080 then another listener mapping external p16:29
diogogmt90 to internal port 9090, however, the loadbalancer only has ONE pool of instances — do you see a use case for having ONE pool and MULTIPLE listeners?16:29
diogogmtthe AWS ELB approach seems to differ from the lbaas v2 L7 switching where ONE listeners can have MULTIPLE pools, right?16:30
potholeThat is a different thing and im not quite sure weve thought of this case16:30
potholeso its the same instances listening on multiple ports16:31
potholeso one pool, but the front end listens on different ports and balances them accordingly16:31
potholeyou could add same member with different port and acheieve the same thing i think16:32
xgermaneventually we were talking many-2-many for that relationship but we wanted to go i steps since it complicates things by a lot16:32
xgermanso one pool multiple listeners is in the plans but that requires us to rethink some other things16:33
potholeYea, then i dont remember this. Must have not talked about it in a while ><16:33
xgermanyep, we haven’t touched that in a while. Sam from radar is a big proponent of that16:33
xgermanwe did some work to decouple stats as a preparation but yeah… pretty low priority at the moment16:34
diogogmtpothole: xgerman i’ve been trying to think of use cases for having a many to many relation ship but couldn’t come up with one16:34
potholeyea, what's the use of this case?16:34
potholeI dont quite see it16:34
potholethe pool would have the port then?16:34
potholeand it would override the members port?16:35
xgermanyou want two listeners use the same pool and one listener have more than one pool — so many-2-many16:35
potholeotherwise, couldnt we just add same member, different port and achieve the same thing?16:35
diogogmtas far as the AWS ELB the listener defines both the internal and external port, the members are associated directly to their loadbalancer resource16:35
diogogmtxgerman: where would the VIP be defined, in the pool or in the listener?16:36
xgermanVIP is on the load balancer16:36
xgermanLB -> 1…N Listener -> Pool16:36
diogogmtxgerman: ok, got it, so in the lbaas v2 the VIP entity of v1 has been merged into a loadbalancer entity?16:38
xgermansort of  we still have the VIP but it’s just an IP now… port is on listener16:42
openstackgerritOpenStack Proposal Bot proposed openstack/octavia: Updated from global requirements
*** crc32 has joined #openstack-lbaas16:47
*** amit213 has quit IRC16:50
*** vjay4 has joined #openstack-lbaas16:50
*** amit213 has joined #openstack-lbaas16:50
johnsom_FYI, the Zuul/gerrit outages have impacted the sonar job.  I have retriggered the two test runs that were impacted.16:50
johnsom_There were >1300 jobs in the merge gate in zuul this morning and it is not happy...16:51
*** vjay4 has quit IRC16:56
xgermanwill only get worse the closer we get to Liberty-316:57
bloganzuul gets angry16:58
johnsom_Ok, Sonar is caught up.16:58
johnsom_As xgerman said, merge often my friend...16:58
bloganzuul should die down in a few days16:58
bloganor just die16:58
albertomI enabled v217:00
albertombut it doesnt show in horizon17:00
albertomis that work in progress too ?17:00
xgermanyep, horizon is slated for Liberty, too17:01
albertomor did i miss something ?17:01
albertomso v1 if you want horizon17:01
bloganalbertom: are yall using v1 in a production env somewhere?17:02
bloganalbertom: or just testing it all out?17:02
albertomtesting out17:02
*** rohara has joined #openstack-lbaas17:03
*** TrevorV2 has joined #openstack-lbaas17:04
*** TrevorV has quit IRC17:06
*** chlong has quit IRC17:09
*** bana_k has joined #openstack-lbaas17:23
*** crc32 has quit IRC17:44
*** crc32 has joined #openstack-lbaas17:52
*** crc32 has quit IRC17:54
*** crc32 has joined #openstack-lbaas17:54
*** SumitNaiksatam has quit IRC17:55
*** crc32 has quit IRC17:56
*** crc32 has joined #openstack-lbaas18:02
*** madhu_ak has joined #openstack-lbaas18:08
openstackgerritMerged openstack/octavia: Updated from global requirements
*** TrevorV2 has quit IRC18:39
*** madhu_ak_ has joined #openstack-lbaas18:41
*** madhu_ak has quit IRC18:42
*** madhu_ak_ is now known as madhu_ak18:46
*** TrevorV has joined #openstack-lbaas18:52
*** TrevorV has quit IRC18:54
*** TrevorV has joined #openstack-lbaas18:54
*** vivek-eb_ has joined #openstack-lbaas18:58
*** vivek-ebay has quit IRC18:59
*** ig0r_ has quit IRC19:26
*** mmdurrant has joined #openstack-lbaas19:27
openstackgerritPhillip Toohill proposed openstack/octavia: Updating cert_parser for cert loading
mmdurrantI’m confused about something in LBaaSv2.  If I create my load balancer on my private network, how can I give it a floating IP so it can talk to the world as well as its pool members?19:29
mmdurrantthe command for ip-floating-add only accepts an IP address and instance19:30
*** openstack has joined #openstack-lbaas19:33
*** vivek-ebay has joined #openstack-lbaas19:34
*** madhu_ak has quit IRC19:34
albertomand which is the private ip for the pool ?19:35
*** vivek-eb_ has quit IRC19:36
mmdurrantI don’t understand your question - pools don’t have IPs as far as I know.  Are you asking what subnet I’m using when I create the load balancer  versus the members?19:37
albertomno, i have the same question as you19:38
albertomin v1, a private ip is assigned to the VIP19:38
albertomwhich is assosiated with the pool19:38
albertomand the the floating ip is assosiated with the VIP19:38
mmdurrantOh, OK.  Exactly - there has to be a private IP interface on that subnet to be able to route traffic between the 2.19:38
*** vivek-eb_ has joined #openstack-lbaas19:38
albertomI have the pool now with the members but i cant see a way to comunicate with them19:39
mmdurrantFormerly when we created a VIP it would get an IP from the private subnet and you could assign a VIP to expose it to the world.19:39
*** vivek-ebay has quit IRC19:40
mmdurrantIt seems a loadbalancer would have to create 2 SDN ports in this scenario - 1 to talk to the world, 1 to talk to the pool members, similar to routers.19:41
mmdurrantI can get it to work if I create the lb on the private-subnet but then I have to create routing entries that allow me to reach the private subnet and that seems less than optimal.19:42
*** TrevorV has quit IRC19:43
albertomI created 3 machines ( - )19:45
albertomand after creating the listener and pool19:45
albertomI have a ip19:45
albertomwhich i guess it is the VIP19:46
albertombut i found it by guess, i dont know how to tell that is the vip19:46
*** rm_work|away is now known as rm_work19:49
rm_workalbertom / mmdurrant: blogan would be able to answer that one19:51
bloganalbertom: how did you create the lb?19:51
rm_workaaand there he is19:51
mmdurrantBam thank you19:51
albertomneutron lbaas-loadbalancer-create --name lb1 demo-subnet19:51
mmdurrantSup Brandon19:51
bloganalbertom: that should return a vip back to you19:51
blogansup mmdurrant19:52
mmdurrantI’m going to sit back and listen to your conversation with albertom and see where I went wrong.19:52
mmdurrantSame ol’… dougwig’s gone fishing so I’m working with QA/playing with LBs/wondering why this isn’t setup intuitively like I think it should be19:52
albertomblogan: you are right19:52
albertomneutron lbaas-loadbalancer-show lb119:52
albertomthat shyows the vip address and port19:53
bloganalbertom: the create call returns the vip as well19:53
*** TrevorV has joined #openstack-lbaas19:53
xgermanso you guys are dougwig’s colleagues? Anything we need to know to tease him next time we see him :-)19:53
bloganalbertom: and if you look at the details of that port, it should show the device owner as neutron:LOADBALANCERV219:54
bloganmmdurrant: intuitive setup is very subjective :)19:54
bloganmmdurrant: especially if you work with dougwig19:54
mmdurrantTruer words have never been spoken19:54
mmdurrantI’m sure his phone is lighting up right now with mentions of his name19:55
blogani hope he's checking it and it falls in the river19:55
xgermanisn’t he hunting?19:56
bloganfly fishing19:56
xgermanthat’s what he told us — for all I know he might be in Africa shooting Zebras19:56
crc32Or Cecils19:57
bloganis he a dentist as a side job?19:58
* mmdurrant reminds himself to ask why people give him such a hard time19:58
crc32I don't know. I have a hard time feeling sorry for a lion.19:58
crc32or scorpians19:58
crc32or system engineers19:59
mmdurrantHahahahah see I told you19:59
mmdurrantGet back to fishing or something’s going to end up in the river.19:59
bloganor a bear will have him for dinner19:59
xgermanor a dentist will take all his teeth20:00
*** vivek-eb_ has quit IRC20:01
*** vivek-ebay has joined #openstack-lbaas20:01
*** madhu_ak has joined #openstack-lbaas20:04
rm_workblogan: switched to +2 on your but i am still not happy >_>20:04
* rm_work will never be happy20:05
bloganrm_work: ill take a +2 and your unhappiness, its almost like a +420:06
bloganrm_work: im running into an issue where the cryptography lib method is not accepting unicode, if i do a str() around the variable, will that also work with py3? or do i need to do a six method?20:07
*** vivek-ebay has quit IRC20:07
rm_workyes, str() should be ok20:10
bloganmmdurrant: you ever get an answer to your floating ip to vip question?20:16
mmdurrantNope.  Digging around looking at SDN stuff, it appears all the right elements are in the right place.20:16
mmdurrantWith the exception of my load balancer having a port to communicate to the world on and a port to communicate to the backend nodes on20:17
bloganmmdurrant: so the floating ip create call takes a port_id, which you would give it the vip_port id20:17
bloganmmdurrant: but you that port needs to be created on a network that is connected by a router tagged as external (or soemthing like that)20:17
mmdurrantI was using the openstack client and not the neutron client.  That explains a lot.20:19
bloganmmdurrant: ahh20:19
mmdurrant“Why does this not accept the parameters he’s talking about?  Surely I’m doing something wrong…”20:20
bloganmmdurrant: yeah i haven't used that client yet, its not "ready" last i heard, but it'd still take me a while to move over since i hate relearning20:20
mmdurrantYeah I’m on the fence about whether to have a monolithic openstack client that does everything versus separate clients that each do their own thing.  Perhaps creating the openstack client as a wrapper around the others20:21
bloganlol last i heard thats what it does20:21
bloganbut i might be wrong now20:21
*** TrevorV2 has joined #openstack-lbaas20:21
bloganbut yeah especially with the big tent, if the monolithic client really wanted to be the one to rule them all client, it'd have to support a ton of projects20:21
*** TrevorV has quit IRC20:23
mmdurrantgot it20:24
mmdurrantYeah I agree completely - they’d have to have some kind of shim/wrapper to ensure that they’re not reproducing functionality in the monolithic client.  I like the idea of a one-stop command shop for everything I need to do, but I don’t.20:25
mmdurrant“got it” = got the port binding to work correctly.20:25
mmdurrantmy LB now has a public VIP and it’s sround-robining exactly as expected.20:26
albertomcool :D20:27
mmdurrantNow to get my devstack that’s uilt on a production openstack to talk to the rest of the world… :)20:27
mmdurrantThanks for the help blogan, sometimes a person has to ask stupid questions to realize they’re doing something incorrectly. ;)20:28
bloganmmdurrant: haha np, i'm sure you get a lot of that from dougwig20:28
bloganmmdurrant: but what client to use and openstackclient not being on par with neutron client is a pretty shitty ux20:29
mmdurrantI agree completely, it’s awful.  That’s been a giant PITA for me training a QA person how to do devstack as the parity isn’t there.  We had to convert a bunch of commands to use the openstack client because they were no longer available in the client recommended by the docs.20:30
bloganrm_work: cryptography.x509.load_pem_x509_certificate doesn't accept unicode in py2, and doesn't accept str in py320:36
rm_workbitch to reaperhulk in the crypto channel?20:38
rm_workhere, i'll do it20:38
bloganim sure it has something to do with the str changes in py3, but i don't want to be forced to do if else of py version20:39
rm_workblogan: it's supposed to take bytes apparently20:40
rm_workwhich may require an encode20:41
bloganlol doesn't work in py2 apparently20:41
*** TrevorV2 has quit IRC20:41
bloganunless im doing it wrong which is quite possible20:41
bloganhighly likely actually20:41
rm_workerr nm20:42
rm_workdo that20:42
rm_worksix.b() does the wrong thing according to them20:42
bloganok that works for both, the encode to ascii20:45
rm_workthere may be several places where that needs to be fixed20:45
rm_workwhere i just blindly did str() conversions20:45
bloganhave to change the tests to not make the constants of certs to just be str literals, not bytes20:45
rm_workto fix py3 issues20:45
rm_workthere were like 5 places or so i think20:46
rm_workwhere i did that20:46
rm_workeven in the real code, you might want to check20:46
bloganteh str() conversion?20:46
blogani dont see it in the cert_parser.py20:49
bloganthere was some six.b's i had to remove20:49
rm_workmaybe that is what had made it in20:52
openstackgerritBrandon Logan proposed openstack/octavia: Hooking TLS together
bloganthere updated20:52
rm_worklol k20:52
*** minwang2 has quit IRC20:52
*** minwang2 has joined #openstack-lbaas20:53
*** vivek-ebay has joined #openstack-lbaas21:04
*** vivek-ebay has quit IRC21:08
bloganxgerman: what things be buggy?21:10
blogancrc32, minwang2, xgerman:
bloganstructure of the heartbeat payload21:11
minwang2can you explain a bit about the status21:12
*** rm_you has quit IRC21:13
bloganminwang2: status would just be whether its up or down for now, active or not active (UP, DOWN are probably better)21:13
blogantx,rx are the outgoing and incoming bandwidth bytes21:13
bloganwhatever haproxy returns really21:14
bloganim sure they're counters though21:15
*** divya has joined #openstack-lbaas21:17
bloganxgerman: that looks fine to you?21:18
openstackgerritMerged openstack/octavia: Decouple amp driver from network using new models
divyaHi, I am trying out HaProxy Namespace driver with Lbaasv2 plugin and had couple of questions21:19
xgermanso I return for members from the stats socket code I wrote:21:19
xgermanso we should have a pool section IHMO21:20
divyaI am trying to associate floatingip to the loadbalancer VIP and when i try wget on VIP it doesnt seem to work ...21:20
bloganxgerman: does haproxy return a status for a backend? or just for the members?21:21
divyaping on the VIP floating IP works .. Is there any special configurations needs to be done to make the floatingip on VIP work?21:21
blogandivya: you're pinging the floating ip? or the vip that lbaas gave you?21:22
divyai tried pinging the floating ip that i assigned to the VIP21:22
xgermanit returns status for all of them21:22
xgermanI am just massaging the data to fir nicely21:22
bloganxgerman: so the heartbeat code will have to evaluate all of the members statuses to determine the pool status?21:23
blogandivya: and pinging the floatingip did not work?21:23
xgermanno, the pool status is extra21:23
blogandivya: but pinging the vip does?21:23
xgermanpool = backend21:23
divyablogan: ping works on both VIP and floating IP21:24
xgermanbut we can add to that util area to return whatever we want21:25
divyablogan: and wget on VIP forwards the requests to the pool memebers21:25
blogandivya: ahh, okay, but not the floating ip?21:25
divyablogan: but wget on FIP doesn;t seem to forward the requests21:25
divyablogan: i don't see anything on the haproxy logs21:25
blogandivya: so floating ip must be hittng some kind of security group rule21:25
divyablogan: where do you have to change the sg settings for VIP?21:27
blogandivya: if you're able to wget on the VIP and that works correctly, its not a security group rule on the VIP21:28
bloganbut the floating ip is just a nat to teh vip, so something is not working on that piece21:28
bloganxgerman: ohhh im dumb, this is already in octavia21:29
divyablogan: when i do a port show on VIP, it has default sg associated with it .. But port show on FIP shows sg as empty21:29
divyablogan: is it required to associate default sg to FIP?21:30
*** madhu_ak has quit IRC21:31
*** superflyy has joined #openstack-lbaas21:31
bana_kdo we need to open up the ports for http/https ?21:31
openstackgerritmin wang proposed openstack/neutron-lbaas: Set up the gate for LBaaS v2
*** madhu_ak has joined #openstack-lbaas21:32
divyablogan: when i do wget on FIP, is there a way to check if haproxy is receiving the request ?21:32
crc32ok. Thats what I'll be doing. :/21:32
blogandivya: try to add a security group rule for port 80 (or whatever port you're doing) on the floatingip21:32
blogandivya: what driver are you using?21:33
blogandivya: oh namespace driver21:33
blogandivya: you can do a tcpdump in the nlbaas-{loadbalancer-uuid} namespace and see if the requests get tehre21:34
divyablogan: i am using
*** crc32 has quit IRC21:34
divyablogan: Thanks will try that ..21:35
bana_kdivya: if you are using a devstack setup21:36
bana_knova secgroup-add-rule default icmp -1 -1; nova secgroup-add-rule default tcp 22 22
bana_knova secgroup-add-rule default tcp 80 80
bana_kthese should do21:36
*** rm_you has joined #openstack-lbaas21:38
*** rm_you has joined #openstack-lbaas21:38
divyabana_k: Thanks .. yes i am using devstack setup .. will try these21:39
divyablogan: trying running this command ip netns exec qlbaas-d22d5aa3-ec27-4f06-af70-b6789863cfae tcpdump -i any . is this the right command?21:39
divyablogan: i don't see any requests even when wget on VIP is returning response21:40
bana_kcan u try this21:42
bana_ksudo ip netns exec qrouter-XXXXXXXX_id curl -v vip_ip*21:42
bana_kget the router id21:42
bana_kthere should be only one router if u have not created any21:42
openstackgerritMadhusudhan Kandadai proposed openstack/neutron-lbaas: Updation for V2 scenario tests
blogandivya: yeah try what bana_k suggested, that'll let you knwo if the router can hit the vip21:46
madhu_ak+1 as bana_k suggested. Or you can do this way: sudo ip netns exec qrouter-XX /bin/bash21:47
madhu_akthen ping <vip_IP>21:47
bloganmadhu_ak: don't make it easy to run netns commands21:47
bloganit should always be painful21:47
madhu_akoh, why is it so?21:48
bloganyou dont like pain?21:49
bloganget out of openstack!21:49
madhu_akto be honest, when working on openstack for the first time, took longer time to understand than expected21:50
johnsom_You understand OpenStack??????21:50
bloganthats probably the nicest statement ever uttered about getting involved in openstack21:51
madhu_aksorry, it should be neutron-lbaas21:51
bloganwell it is a lot of code, and multiple stakeholders involved, it'll get complex21:52
madhu_akwell, should learn more now ( given that there is octavia)21:52
divyablogan: madhu_ak bana_k Thanks .. i am not using neutron l3 agent for routing .. using vendor specific OVS that does routing21:54
divyablogan: tried tcpdump .. on VIP seem to receive requests and on FIP it says 0 packets received21:55
madhu_akdivya: if you could let us know the steps how you created, so it might be useful to reproduce locally here21:58
blogandivya: ah that vendor specific thing mihgt be the issue21:59
divyablogan: madhu_ak Thanks for the help .. will debug on this more ...22:06
blogandivya: np, good luck22:12
divyablogan: bana_k Thanks for the help ... security group rule was the problem ... after adding the rule secgroup-add-rule default tcp 80 80 wget on FIP is working .. Thanks so much22:45
*** superflyy has quit IRC22:52
bana_kcool !22:53
madhu_akblogan, fnaval, ajmiller: need your reviews for v2 scenario tests: Thanks23:09
fnavalk, will take a look when i get a chance madhu_ak23:09
ajmillerI will look too.23:11
*** madhu_ak has quit IRC23:18
*** bharath has quit IRC23:33
*** sballe has quit IRC23:36
*** mlavalle has quit IRC23:38
ajmillerLOL, I guess that shows where my mind is on this fine Friday afternoon.... Later everyone..23:41
*** ajmiller has quit IRC23:42
*** chadix has quit IRC23:53
*** mixos has joined #openstack-lbaas23:53

Generated by 2.14.0 by Marius Gedminas - find it at!