Friday, 2016-09-30

« Thursday, 2016-09-29 Index Saturday, 2016-10-01 »
johnsomCores, can you guys review this: https://review.openstack.org/#/c/379001/  It's a bit of a chicken/egg with our gates/cross-repo dependencies.   To see that it worked, look at https://review.openstack.org/#/c/379000/ which depends on it.00:03
*** bana_k has quit IRC00:08
*** amotoki has joined #openstack-lbaas00:08
*** ducttape_ has joined #openstack-lbaas00:08
*** sticker has quit IRC00:16
johnsomThat should fix the scenario test gate issues with get-pip.py00:19
*** ducttape_ has quit IRC00:20
*** amotoki_ has joined #openstack-lbaas00:30
*** amotoki has quit IRC00:34
*** sticker has joined #openstack-lbaas00:39
*** yamamoto has joined #openstack-lbaas00:52
*** ducttape_ has joined #openstack-lbaas01:05
*** ducnc has joined #openstack-lbaas01:23
*** ducttape_ has quit IRC01:27
*** ducttape_ has joined #openstack-lbaas01:36
*** ducttape_ has quit IRC01:50
*** yuanying has quit IRC02:47
*** ducttape_ has joined #openstack-lbaas02:51
*** bdeschenes has quit IRC02:51
openstackgerritHe Qing proposed openstack/octavia: Remove dumplicated config option 'cert_generator'  https://review.openstack.org/37990302:54
*** yuanying has joined #openstack-lbaas02:55
*** ducttape_ has quit IRC02:56
*** amotoki_ has quit IRC03:15
*** yuanying has quit IRC03:38
*** yuanying has joined #openstack-lbaas03:49
*** ducttape_ has joined #openstack-lbaas03:52
*** amotoki has joined #openstack-lbaas03:53
*** amotoki has quit IRC03:57
*** ducttape_ has quit IRC03:57
*** links has joined #openstack-lbaas03:58
*** amotoki has joined #openstack-lbaas04:10
*** portdirect_ has joined #openstack-lbaas04:21
*** portdirect has quit IRC04:21
*** portdirect_ is now known as portdirect04:22
openstackgerritMerged openstack/neutron-lbaas: Use a cached get-pip.py if it is availble  https://review.openstack.org/37900104:38
*** ducttape_ has joined #openstack-lbaas04:53
*** ducttape_ has quit IRC04:58
rm_workheh i'm independent now so I can merge stuff as a second reviewer to RAX :P05:12
openstackgerritMerged openstack/octavia: Use a cached get-pip.py if it is availble  https://review.openstack.org/37900005:39
johnsomBonus05:55
*** amotoki has quit IRC06:01
*** rcernin has joined #openstack-lbaas06:07
openstackgerritPhillip Toohill proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079406:11
openstackgerritPhillip Toohill proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079406:11
openstackgerritPhillip Toohill proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079406:13
ptoohillheh06:13
*** anilvenkata has joined #openstack-lbaas06:28
*** sticker has quit IRC06:30
*** pcaruana has joined #openstack-lbaas06:39
*** amotoki has joined #openstack-lbaas06:51
openstackgerritPhillip Toohill proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079406:54
*** amotoki has quit IRC07:04
*** ducnc has quit IRC07:15
*** ihrachys has joined #openstack-lbaas07:16
*** ducnc has joined #openstack-lbaas07:17
*** coolias has joined #openstack-lbaas07:32
*** amotoki has joined #openstack-lbaas07:46
*** coolias has quit IRC07:49
*** ihrachys has quit IRC07:54
*** bdeschenes has joined #openstack-lbaas08:10
*** coolias has joined #openstack-lbaas08:14
*** amotoki_ has joined #openstack-lbaas08:27
*** amotoki has quit IRC08:29
*** ihrachys has joined #openstack-lbaas08:38
openstackgerritStephen Balukoff proposed openstack/octavia: Add support for PKCS7 bundles and encrypted keys  https://review.openstack.org/38002008:49
openstackgerritStephen Balukoff proposed openstack/octavia: Add support for PKCS7 bundles and encrypted keys  https://review.openstack.org/38002008:53
*** bdeschenes has quit IRC08:57
openstackgerritStephen Balukoff proposed openstack/octavia: Add support for PKCS7 bundles and encrypted keys  https://review.openstack.org/38002009:05
openstackgerritStephen Balukoff proposed openstack/octavia: Add support for PKCS7 bundles and encrypted keys  https://review.openstack.org/38002009:11
*** eezhova has joined #openstack-lbaas09:17
*** carrbs has quit IRC09:26
*** ducnc1 has joined #openstack-lbaas09:53
*** ducnc has quit IRC09:55
*** ducnc1 is now known as ducnc09:56
*** ducnc1 has joined #openstack-lbaas10:18
*** ducnc has quit IRC10:18
*** ducnc1 is now known as ducnc10:18
*** yamamoto has quit IRC10:19
openstackgerritOpenStack Proposal Bot proposed openstack/neutron-lbaas: Updated from global requirements  https://review.openstack.org/37885310:20
*** coolias has quit IRC10:23
*** coolias has joined #openstack-lbaas10:24
*** fnaval has joined #openstack-lbaas10:45
*** coolias has quit IRC10:55
*** ducttape_ has joined #openstack-lbaas10:58
*** ducttape_ has quit IRC11:02
*** nagyz has quit IRC11:10
*** nagyz has joined #openstack-lbaas11:11
*** gcheresh_ has joined #openstack-lbaas11:20
*** nmagnezi has joined #openstack-lbaas11:32
*** anilvenkata has quit IRC11:34
*** yamamoto has joined #openstack-lbaas11:34
*** yamamoto_ has joined #openstack-lbaas11:36
*** yamamoto has quit IRC11:40
*** numans has joined #openstack-lbaas11:41
*** nmagnezi has quit IRC11:45
*** Kiall has joined #openstack-lbaas11:54
rm_worksbalukoff: nits on your PKCS7 patch and then it'll be +2 from me11:57
*** ducttape_ has joined #openstack-lbaas11:58
*** ipsecguy has quit IRC12:02
*** ipsecguy has joined #openstack-lbaas12:03
*** ducttape_ has quit IRC12:03
*** ducttape_ has joined #openstack-lbaas12:12
ajo_ptoohill, I've noticed that scenario test doesn't work on DVR (floating ip stays marked as "DOWN") may be it's just my env12:13
*** amoralej is now known as amoralej|lunch12:14
*** gcheresh_ has quit IRC12:22
*** yamamoto_ has quit IRC12:26
*** fnaval has quit IRC12:27
*** ducttape_ has quit IRC12:27
*** fnaval has joined #openstack-lbaas12:39
openstackgerritMonty Taylor proposed openstack/octavia: Use get-pip.py from cache if it exists  https://review.openstack.org/38025512:42
rm_workhuh... thought https://review.openstack.org/#/c/379000/ already did that, but I guess not12:48
openstackgerritMonty Taylor proposed openstack/octavia: Use get-pip.py from cache if it exists  https://review.openstack.org/38025512:51
*** matt-borland has joined #openstack-lbaas12:52
openstackgerritMerged openstack/neutron-lbaas: Updated from global requirements  https://review.openstack.org/37885312:52
*** yamamoto has joined #openstack-lbaas12:56
*** links has quit IRC12:56
*** yamamoto has quit IRC13:01
*** yamamoto has joined #openstack-lbaas13:03
*** yamamoto has quit IRC13:03
*** yamamoto has joined #openstack-lbaas13:10
*** yamamoto has quit IRC13:15
johnsomI did already fix that13:19
johnsommugsie around?13:20
mugsieyo13:20
johnsomI was thinking about your security group issue13:20
mugsieOh, cool13:21
mugsiebeen meaning to write it up a little better13:21
johnsomHave you tried passing us a pre-made port with your SG on it already?13:21
mugsieno... can we do that?13:21
johnsomYes13:21
mugsie(this is all via the LBaaS v2 API)13:22
*** amoralej|lunch is now known as amoralej13:22
johnsomIt might work for your needs13:22
mugsieand all traffic from the LB -> Backends will come out that port?13:22
johnsomYes, lbaasv2 api with Octavia13:22
johnsomNo13:22
*** yamamoto has joined #openstack-lbaas13:22
mugsiewhere does that traffic come from?13:22
rm_workjohnsom: looks like he's pulling a slightly different get-pip.py location13:22
johnsomLb to backends is a port we create on each backend network13:23
mugsiebut so is the VIP Port?13:23
rm_workjohnsom: and his matches the path from https://review.openstack.org/#/c/378999/ and others13:24
rm_workjohnsom: so maybe we did the wrong location previously?13:24
johnsomWe allow you to optionally pass us a vip port13:24
*** yamamoto has quit IRC13:24
*** fnaval has quit IRC13:25
johnsomrm_work hmmm, I used the path infra gave me and it seems to work.  I will take a look at the patch when I am off my mobile13:25
rm_workAFAIK monty is basically an infra guru :P so I trust his judgement there -- but maybe we need to just use his version and essentially revert the previous patch? :/ dunno13:26
rm_workhis might just be simpler / more generic13:27
mugsiejohnsom: ah, we pass a VIP subnet13:27
mugsiehttps://github.com/kubernetes/kubernetes/blob/master/pkg/cloudprovider/providers/openstack/openstack_loadbalancer.go#L364-L36813:27
johnsommugsie try passing a port13:27
*** ducttape_ has joined #openstack-lbaas13:28
mugsieand Ocavia won't add its own SG to that custom port?13:28
johnsomrm_work well, I -1'd his nodepool patch for this, so...  yeah13:28
johnsommugsie it will, but you are trying to use transitive trust right?  Making the vip a member of the same SG as your other ports?13:29
johnsomIt won't help with the backend traffic though.  I am still not clear on the use case13:30
*** fnaval has joined #openstack-lbaas13:32
mugsieno, we want to add a rule to the backend SG, that allows traffic from the VIP SG13:33
mugsieand we cant do that with the octavia created one, as we cannot see it13:34
rm_workjohnsom: hmmmmmm13:34
johnsomYou want to loop back through the lb?13:34
mugsienope13:34
mugsieas the LB is in another sec group13:35
mugsieit cannot access the backends. as their sec group does not ahve an allow from 0.0.0.0/013:35
johnsomHahaha, ok, I am just confused now.  I will wait for your update on the bug13:35
*** ducttape_ has quit IRC13:35
johnsomSo, the backends, are they on the same subnet as the VIP on you load balancer?13:37
johnsomajo_ DVR has an open bug against it's floating IP implementation when used with neutron allowed address pairs ports.  This impacts Octavia.13:38
johnsomI can dig for a bug number if you would like it13:38
*** portdirect has quit IRC13:38
johnsomrm_work Ok, I see that he is adding another location to check.  That is cool.  Gerrit on my mobile is less than usable sometimes.13:40
openstackgerritPhillip Toohill proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079413:41
*** fnaval_ has joined #openstack-lbaas13:43
*** fnaval_ has quit IRC13:43
*** fnaval has quit IRC13:43
*** fnaval has joined #openstack-lbaas13:44
ajo_johnsom, ahhhh thanks :)13:48
ajo_johnsom, no worries, I just spawned octavia via vagrant which we default to DVR=on, and I saw scenario not passing13:49
ajo_I disabled DVR and saw scenario passing13:49
mugsiejohnsom: is DVR *still* not working?13:50
mugsie-_-13:50
*** fnaval has quit IRC13:50
johnsomYeah, still broken13:50
mugsieand CVR HA is still ... problematic13:51
*** ducnc has quit IRC13:54
*** crc32 has quit IRC13:58
*** amotoki_ has quit IRC14:04
*** ducttape_ has joined #openstack-lbaas14:04
*** gcheresh_ has joined #openstack-lbaas14:08
*** crc32 has joined #openstack-lbaas14:11
*** crc32 has quit IRC14:12
*** crc32 has joined #openstack-lbaas14:12
*** amotoki has joined #openstack-lbaas14:24
*** yamamoto has joined #openstack-lbaas14:29
*** matt-borland has quit IRC14:31
*** amotoki has quit IRC14:39
*** yamamoto has quit IRC14:41
*** amotoki has joined #openstack-lbaas14:46
openstackgerritPhillip Toohill proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079414:52
*** yamamoto has joined #openstack-lbaas14:57
*** yamamoto has quit IRC14:58
openstackgerritMerged openstack/octavia: Use get-pip.py from cache if it exists  https://review.openstack.org/38025515:02
*** pglass has joined #openstack-lbaas15:05
*** amotoki has quit IRC15:07
*** numans has quit IRC15:11
openstackgerritMiguel Angel Ajo proposed openstack/octavia: Fix nova image-list which is unavailable  https://review.openstack.org/37949315:14
*** yamamoto has joined #openstack-lbaas15:15
openstackgerritMerged openstack/octavia: Fix typo in active-active-distributor.rst  https://review.openstack.org/37907715:24
*** amotoki has joined #openstack-lbaas15:24
openstackgerritPaul Glass proposed openstack/octavia: Basic listener scenario test  https://review.openstack.org/37892215:39
*** gcheresh_ has quit IRC15:43
*** woodster_ has joined #openstack-lbaas15:53
openstackgerritPaul Glass proposed openstack/octavia: Basic session persistence scenario test  https://review.openstack.org/37982616:05
openstackgerritPaul Glass proposed openstack/octavia: Basic shared pools scenario test  https://review.openstack.org/37899316:05
*** rcernin has quit IRC16:08
*** yamamoto has quit IRC16:12
*** bana_k has joined #openstack-lbaas16:12
amoralejjohnsom, i've been testing lbaas-dashboard with newton rc2 using RDO packages and i've found some bugs16:24
amoraleji'm reported in LB16:24
amoralejLP16:24
johnsomGreat, thank you16:25
*** bana_k has quit IRC16:27
*** bcafarel_ has quit IRC16:27
*** bana_k has joined #openstack-lbaas16:28
*** bcafarel_ has joined #openstack-lbaas16:28
*** ihrachys has quit IRC16:28
*** bana_k has quit IRC17:02
*** ducttape_ has quit IRC17:09
*** yamamoto has joined #openstack-lbaas17:13
*** yamamoto has quit IRC17:19
*** eezhova has quit IRC17:20
*** ducttape_ has joined #openstack-lbaas17:25
*** amoralej is now known as amoralej|off17:31
*** fnaval has joined #openstack-lbaas17:56
*** fnaval has quit IRC17:57
*** fnaval has joined #openstack-lbaas17:58
*** fnaval has quit IRC17:59
*** fnaval has joined #openstack-lbaas17:59
openstackgerritMerged openstack/neutron-lbaas-dashboard: Subnet dropdown list has empty fields  https://review.openstack.org/35732218:11
*** eezhova has joined #openstack-lbaas18:24
*** bana_k has joined #openstack-lbaas18:35
*** kbyrne has quit IRC19:01
pglassin devstack, there is a neutron database with lbaas* tables, and there is a separate octavia database.19:05
pglasswhen creating resources with the `neutron lbaas*` commands, I see resources placed in both the neutron tables and the octavia tables.19:05
johnsomCorrect19:05
johnsomThis is part of what we are trying to solve with the merge....19:05
pglassare there known situations where those two databases could get out of sync?19:06
johnsomYes19:06
*** kbyrne has joined #openstack-lbaas19:06
johnsomEspecially if the event synchronization isn't enabled19:07
pglasswhat is event synchronization?19:07
pglassin this context19:08
johnsomEnabling the "event_streamer_driver" in your octavia.conf19:08
johnsomThe default is noop driver19:08
johnsomIt pushes certain events from Octavia back up to neutron lbaas over oslo messaging.19:09
pglassis this typically enabled in the openstack ci jobs?19:09
pglassi guess I can just check19:10
pglassso based on, http://logs.openstack.org/22/378922/2/check/gate-octavia-v1-dsvm-scenario-ubuntu-xenial-nv/43844bd/logs/etc/octavia/octavia.conf.txt.gz it uses the noop driver19:10
johnsomYep, there you go.19:11
johnsomWhat are you looking for?  health changes?19:11
pglasswell I created a health monitor and it quickly put my two member nodes into an error status (looking at logs). the members in the octavia database have their operating status set to ERROR. the members in the neutron database are set to ONLINE however.19:13
pglasstrying out the `neutron lbaas-loadbalancer-status <lb>` command (which lists everything) doesn't show the error statuses - presumably because it's using neutron's api which checks neutron's database.19:15
*** openstackgerrit has quit IRC19:18
johnsomCorrect.  Enable the event streamer and you will get what you want19:19
*** openstackgerrit has joined #openstack-lbaas19:19
sbalukoffHmmm...  might be a good idea to set this to enabled in devstack by default? Any down-sides to doing that?19:24
pglasswell, does this actually affect any behavior other than gets via neutron's api?19:26
pglasslike our tempest tests are consuming octavia's api directly, so they wouldn't see inconsistencies there?19:27
pglassthe new tempest tests, that is.19:27
*** carrbs has joined #openstack-lbaas19:33
pglassokay. that's better.19:35
pglassare there plans to create an octavia-specific client?19:36
*** anilvenkata has joined #openstack-lbaas19:36
*** FransUrbo has joined #openstack-lbaas19:44
FransUrboI'm having trouble with one of my LBaaSv1.. I've installed a second controller node, put keepalived in front of (most) services (not Neutron - 9696 - which didn't work for some reason) and put my virtual router into distributed mode (can't seem to change it into 'HA' mode).19:46
FransUrboAnd now one of my loadbalancers (HTTPS) can't seem to forward the request when called with the floating IP. With the internal IP it works.19:47
FransUrboWhen using curl, I get: curl: (35) Unknown SSL protocol error in connection to fqdn:port19:48
FransUrboThe request never reaches the real server behind it..19:48
FransUrboRunning strace on the haproxy process, I do see that it tries to connect to the backend server on the correct port (EINPROGRESS).19:51
FransUrboIn the syslog, I get: neutron-lbaas-agent[25825]: 2016-09-30 20:52:18.098 25825 WARNING neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver [-] Error while connecting to stats socket: [Errno 111] ECONNREFUSED19:52
sbalukoffpglass: Yes with the merge we intend to create an Octavia CLI, which will operate a lot like the neutron-lbaas CLI, but will be part of the unified openstack CLI system.19:56
sbalukoffI don't think anyone is working on that just yet.19:56
johnsomFransUrbo LbaaSv1 has been deprecated for a while and has been removed from the codebase in newton, so there aren't a lot of folks that have much recent experience with it.  We highly recommend you use LBaaSv2 instead.  That said, not being able to connect to the stats socket implies the haproxy process has a problem.19:58
FransUrboYeah, I tried that a few weeks ago, but i couldn't get it to work.19:58
johnsompglass Yes and no.  With the merge the current python-neutronclient will work directly as will the openstack client (I think someone is working on that), but it will use the LBaaSv2 API19:59
pglass:q19:59
FransUrboI posted a couple of issues that I've been seeing, but apparently I'm "seeing things" (so to speak :). I was planning on getting back to it 'eventually', but I had other more important things on my mind.19:59
pglass(ehh, vim commands)19:59
johnsomFransUrbo, where did you post them?  Here?20:00
FransUrboNo, in the tracker.20:00
johnsomAh20:00
johnsomWell, with v2 we can help you here at least20:00
johnsomWhat version of OpenStack are you using?20:01
FransUrboMitaka.20:01
johnsomOh, good stuff20:01
FransUrboyeah, but I'm pretty sure I'll be forced to upgrade 'shortly'. I Need VPNaaS and a few other bits and pieces that's only available in Newton..20:02
johnsomOk, yeah, if you want to give LBaaSv2 ago we can help.  Do you want to keep using the namespace/agent driver or Octavia (I'm guessing Octavia as you want HA)20:02
johnsomEven better.20:03
*** anilvenkata has quit IRC20:03
FransUrboNot today. When I go to LBaaSv2, I need to recreate almost all my infrastructure, and I want it to actually _WORK_ first :). Even if it's not perfect (I need the listeners from LBaaSv2), but for now I can survive with only one listener..20:04
*** anilvenkata has joined #openstack-lbaas20:04
FransUrbos/need the listeners/need the multiple listeners/20:04
johnsomYeah, note, you will not find LBaaSv1 in newton.20:05
FransUrboBecause this worked before my second controller and distributed router, I'm pretty sure it's something I did, but I'm unsure of how to rectify it.20:05
johnsomYour issue doesn't sound DVR related, but there are a number of bugs in DVR.  You might try it on a router with DVR disabled.20:06
FransUrboIt's taken all day to cleanup other bits and pieces that broke with this, and from what I can tell, this is the last piece. And I'm _pretty_ sure it's only this one LBaaSv1 that's at fault..20:06
FransUrbo"try it on a router with DVR disabled"? I do remember something about DVR in my fixes today (or yesterday)..20:07
FransUrboAh, yes: l3_agent.ini:DEFAULT/agent_mode=dvr_snat (was 'legacy').20:12
FransUrboBut if that was the case, then I'd figure _all_ of my LBaaSv1 would break.. Right?20:12
openstackgerritPhillip Toohill proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079420:21
johnsomsbalukoff Are you doing development on xenial?  I'm seeing this strange thing where tox -e py27 is only running 725 tests instead of 1200+20:22
johnsomJust curious if it's something in my environment or a general xenial thing20:22
sbalukoffjohnsom: Yeah, I'm on xenial, and yes, I'm seeing that too.20:22
johnsomOk.  Project for me this afternoon20:23
sbalukoffAlso, good catch on that. It hadn't occurred to me until just now that there should be a *lot* more tests running...20:23
johnsomYeah, the coverage gate dropped to like 66% which made me do a o-shucks moment until I realized it didn't run half the tests20:24
*** eezhova has quit IRC20:25
FransUrboI just noticed that the curl command works just fine from outside of OS.. !20:31
FransUrboIt seems like it's only if I do it from an instance that it fails..20:32
FransUrboWhich seems to indicate the router..20:32
johnsomhmm, ok, not xenial.   I just produced it on my trusty box.  It must be a python package update.20:33
FransUrboAnd it works from the instance if I'm using the private IP of the VIP (but not the floating one)..20:35
pglassin devstack, i have a load balancer with a vip of 10.0.0.7 and a member with ip 10.0.0.5 and load balancing works just fine. however, if I ssh into the amp, I am unable to curl that member directly.20:40
johnsomYes, it's in a network namespace20:40
johnsomsudo ip netns exec amphora-haproxy curl ...20:40
* johnsom wonders if he remembered that command line right20:41
FransUrboThe 'amphora-haproxy' should be the namespace name..20:42
FransUrboip netns exec qrouter-4b3639a1-880f-4b55-989f-c6f654e562a7 curl --insecure https://fqdn:port20:42
johnsomFransUrbo pglass is using Octavia which is a bit different20:42
FransUrboBut this sounds vagely like that problem I'm having..20:42
FransUrboAh, sorry20:42
openstackgerritPhillip Toohill proposed openstack/octavia: Add quota support to Octavia  https://review.openstack.org/36079420:45
pglasswell that is something i need to read about. but that makes sense - `sudo ip netns exec amphora-haproxy route -n`20:47
johnsompglass With Octavia the haproxy and keepalived processes live in an isolated network namespace.  The VIP and member networks get plugged into that namespace20:47
FransUrboHow do you debug a (possible) problem with a namespace?20:51
*** anilvenkata has quit IRC20:53
johnsomFransUrbo I usually do sudo ip netns exec <name> bash  and look around.  But in your case, if it works without the floating IP, it's not likely a namespace issue.20:54
johnsomDid you try disabling DVR?20:54
FransUrboWell, it works inside the namespace, outside of it but not from an instance.20:54
FransUrboHow do I disable DVR?20:55
johnsomFransUrbo neutron router-update --distributed False <router>20:57
johnsomThen recreate the floating up20:57
johnsomip20:57
FransUrboAh... Doh!20:58
openstackgerritStephen Balukoff proposed openstack/octavia: Add support for PKCS7 bundles and encrypted keys  https://review.openstack.org/38002020:58
FransUrboI was thinking about changes to the l3_agent.ini file.. Probably have to do that to, don't I?20:59
FransUrbos/agent_mode = dvr_snat/agent_mode = legacy/   ?20:59
johnsomHmm, not sure.  I think the command line will work until it restarts at a minimum21:00
FransUrboRight, I forgot. I've actually tried that: Bad router request: Migration from distributed router to centralized is not supported.21:00
johnsomHA21:01
pglassokay. i figured out my issue: https://bugs.launchpad.net/octavia/+bug/1600326. whenever I added a health monitor, it would put my member into error. the health monitor's timeout was 5 - which meant 5 milliseconds.21:04
openstackLaunchpad bug 1600326 in neutron "neutron-lbaas health monitor timeout and delay values interpreted as milliseconds" [Medium,Confirmed]21:04
pglassthen haproxy would timeout on the health checks.21:05
pglassand octavia uses something like "3s" (three seconds) for haproxy's health check interval, but doesn't do the same for the timeout21:09
FransUrboI'm pretty sure my probem is in the router and not on the loadbalancer so I'll go over to the FWaaS channel instead. Thanx johnsom for the input!21:10
pglasshttps://github.com/openstack/octavia/blob/master/octavia/common/jinja/haproxy/templates/macros.j2#L18621:12
pglassbut okay. maybe that will solve my tempest test issues.21:13
*** FransUrbo has left #openstack-lbaas21:14
johnsompglass hmmm, I thought that got fixed.  Can you confirm that is the issue?21:19
*** eezhova has joined #openstack-lbaas21:20
pglassi'm pretty confident about it now. let me paste some things for you21:22
pglassjohnsom: http://paste.openstack.org/show/583686/21:24
pglassso i use the neutron client to update the timeout to "5", and the haproxy.cfg on the amp is then updated to include "timeout check 5"21:25
pglassand per haproxy docs, that is in milliseconds, unless suffixed by another unit: https://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4.2-timeout%20check21:26
johnsomOk, yeah, I see that too21:26
johnsomYeah, it looks like both the legacy driver and octavia have that issue21:32
johnsomDo you want to push patches up or want me to?21:32
pglassuhh, i can do it. just one to neutron-lbaas and one to octavia?21:33
johnsompglass ^^?21:33
johnsomYeah, I'm thinking add the "s" to the jinja templates21:33
johnsomhttps://github.com/openstack/neutron-lbaas/blob/master/neutron_lbaas/drivers/haproxy/templates/haproxy_proxies.j221:34
johnsomhttps://github.com/openstack/octavia/blob/master/octavia/common/jinja/haproxy/templates/macros.j221:35
*** ducttape_ has quit IRC21:36
openstackgerritPaul Glass proposed openstack/neutron-lbaas: Switch HAProxy health check timeout to seconds  https://review.openstack.org/38065821:38
openstackgerritPaul Glass proposed openstack/octavia: Switch HAProxy health check timeout to seconds  https://review.openstack.org/38066021:40
johnsomThanks pglass21:43
pglassno problem! heading home now21:43
johnsomHave a good weekend21:43
*** pglass has quit IRC21:48
*** ducttape_ has joined #openstack-lbaas22:42
*** eezhova has quit IRC23:27
*** bana_k has quit IRC23:36
*** yamamoto has joined #openstack-lbaas23:48
*** fnaval has quit IRC23:54
« Thursday, 2016-09-29 Index Saturday, 2016-10-01 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!