Monday, 2017-01-16

*** amotoki has joined #openstack-lbaas		01:42
openstackgerrit	Joe Mills proposed openstack/neutron-lbaas: api test: centralize health monitor protocol https://review.openstack.org/419324	02:10
*** links has joined #openstack-lbaas		02:25
*** links has quit IRC		02:38
*** links has joined #openstack-lbaas		02:46
*** bana_k has joined #openstack-lbaas		03:16
*** sticker has joined #openstack-lbaas		03:24
*** bana_k has quit IRC		03:29
openstackgerrit	Tuan Luong-Anh proposed openstack/neutron-lbaas: Replaces uuid.uuid4 with uuidutils.generate_uuid() https://review.openstack.org/406768	03:57
*** amotoki_ has joined #openstack-lbaas		05:09
*** amotoki has quit IRC		05:12
*** kevo has joined #openstack-lbaas		06:37
*** saju_m has joined #openstack-lbaas		06:47
openstackgerrit	JingLiu proposed openstack/octavia: Fix file mode https://review.openstack.org/420519	06:50
*** greghaynes has quit IRC		06:52
*** greghaynes has joined #openstack-lbaas		06:58
*** greghaynes has quit IRC		07:04
*** yamamoto has quit IRC		07:04
*** greghaynes has joined #openstack-lbaas		07:15
*** nrado has joined #openstack-lbaas		07:16
*** kevo has quit IRC		07:16
*** tesseract has joined #openstack-lbaas		07:21
*** nmagnezi has joined #openstack-lbaas		07:25
*** kevo has joined #openstack-lbaas		07:31
*** gcheresh_ has joined #openstack-lbaas		07:33
*** pcaruana has joined #openstack-lbaas		07:34
*** jsheeren has joined #openstack-lbaas		07:52
*** kobis has joined #openstack-lbaas		07:56
*** eezhova has joined #openstack-lbaas		07:59
openstackgerrit	JingLiu proposed openstack/neutron-lbaas: Fix file mode https://review.openstack.org/420551	08:00
*** amotoki has joined #openstack-lbaas		08:07
*** amotoki_ has quit IRC		08:11
*** eezhova has quit IRC		08:47
*** eezhova has joined #openstack-lbaas		09:12
*** kevo has quit IRC		09:32
*** amotoki has quit IRC		10:01
*** anilvenkata has joined #openstack-lbaas		10:03
*** amotoki has joined #openstack-lbaas		10:08
*** amotoki has quit IRC		10:24
*** saju_m has quit IRC		10:28
*** saju_m has joined #openstack-lbaas		10:55
*** nmagnezi has quit IRC		11:04
*** nmagnezi has joined #openstack-lbaas		11:04
*** nmagnezi has quit IRC		11:06
*** nmagnezi_ has joined #openstack-lbaas		11:14
*** nmagnezi_ is now known as nmagnezi		11:15
*** amotoki has joined #openstack-lbaas		11:37
*** nrado has quit IRC		11:59
*** beagles_afk is now known as beagles		13:08
*** nrado has joined #openstack-lbaas		13:33
nmagnezi	johnsom, ping, a question about static routes in amphora (when you are here)	14:10
nmagnezi	johnsom, I created a loadbalancer with a subnet that has static routes, expected to get those in the file created by https://github.com/openstack/octavia/blob/master/octavia/amphorae/backends/agent/api_server/templates/plug_port_ethX.conf.j2#L26-L27	14:12
nmagnezi	johnsom, but didn't get any	14:12
nmagnezi	johnsom, i tried it both with static routes who are part of the subnet (lbaas-loadbalancer-create --name test <subnet>)	14:12
nmagnezi	johnsom, also, tried to add this as part of the router (which seems like a long shot but i still tried it)	14:13
nmagnezi	johnsom, the reasoning behind all this is to have an equivalent placement for static routes in the centos templates.	14:13
nmagnezi	johnsom, so as a first step, I tried to see how it looks with master code + ubuntu based amphora	14:14
*** links has quit IRC		14:30
*** beagles is now known as beagles_brb		14:57
*** jsheeren has quit IRC		15:00
*** anilvenkata has quit IRC		15:10
*** fnaval has joined #openstack-lbaas		15:25
*** beagles_brb is now known as beagles		15:41
*** ducttape_ has joined #openstack-lbaas		15:52
*** ducttape_ has quit IRC		15:55
*** amotoki has quit IRC		15:57
*** gcheresh_ has quit IRC		16:00
*** kobis has quit IRC		16:07
*** beardedeagle has joined #openstack-lbaas		16:08
*** armax has joined #openstack-lbaas		16:26
*** ducttape_ has joined #openstack-lbaas		16:34
*** eezhova has quit IRC		16:37
*** cody-somerville has joined #openstack-lbaas		16:39
*** cody-somerville has quit IRC		16:39
*** cody-somerville has joined #openstack-lbaas		16:39
*** cody-somerville has quit IRC		16:39
johnsom	nmagnezi The static routes come in from the "host_routes" on the subnet used: http://developer.openstack.org/api-ref/networking/v2/?expanded=create-port-detail,create-subnet-detail#create-subnet	16:44
*** nrado has quit IRC		16:45
*** cody-somerville has joined #openstack-lbaas		16:47
*** cody-somerville has quit IRC		16:47
*** cody-somerville has joined #openstack-lbaas		16:47
*** amotoki has joined #openstack-lbaas		16:57
*** ducttape_ has quit IRC		16:58
*** nrado has joined #openstack-lbaas		16:58
*** armax has quit IRC		17:05
*** eezhova has joined #openstack-lbaas		17:12
*** tesseract has quit IRC		17:29
*** johnsom has quit IRC		17:30
*** johnsom has joined #openstack-lbaas		17:30
*** frippe75 has joined #openstack-lbaas		17:40
*** armax has joined #openstack-lbaas		17:42
frippe75	maybe a pure neutron question? looking in the routers schema there is a STATUS field which indicates that a router is ACTIVE. In the lbaas_loadbalancer the "same field" is called OPERATING_STATUS and it is ONLINE. Is there no namingconvention?	17:43
johnsom	Well, OPERATING_STATUS != STATUS	17:43
johnsom	If I remember right, STATUS is more like our PROVISIONING_STATUS	17:44
frippe75	ok thought that it could be something like that.	17:44
johnsom	https://github.com/openstack/octavia/blob/master/octavia/common/constants.py#L64	17:44
johnsom	Yeah, which uses ACTIVE	17:44
frippe75	Ok so ther is a provisioning_status for loadbalancer and it is ACTIVE. Missed that. but it's actually named provisioning_status and not status. But maybe to be clear as to the operating_status.	17:45
johnsom	OPERATING_STATUS is actively monitored and the current functional status of the object. Correct. We tried to make it more clear what it is representing	17:46
*** armax has quit IRC		17:47
*** kevo has joined #openstack-lbaas		17:47
frippe75	ok thanks! took the "easy way" of copying some code and spent some time wondering why it didn't work...	17:47
frippe75	:-)	17:47
johnsom	NP	17:48
nrado	Hi, can someone explain to me the workflow of creating a TLS listener with barbican? Why do I need the service_auth in the neutron-lbass.conf and why do I have to add the admin user according to these instructions: https://wiki.openstack.org/wiki/Network/LBaaS/docs/how-to-create-tls-loadbalancer	17:50
johnsom	Hi nrado	17:51
johnsom	Take a look at: http://docs.openstack.org/developer/octavia/guides/basic-cookbook.html#deploy-a-tls-terminated-https-load-balancer	17:51
johnsom	Barbican has changed how we can access containers, so TLS listeners have changed a bit. We are still working with barbican to improve this in a future release.	17:52
johnsom	nrado This may also help with your user question: http://docs.openstack.org/developer/octavia/guides/dev-quick-start.html#create-octavia-user	17:53
*** ducttape_ has joined #openstack-lbaas		17:59
*** ducttape_ has quit IRC		18:03
*** bana_k has joined #openstack-lbaas		18:05
nrado	Thx johnsom, but it's still not clear to me. What is the neutron or rather the octavio user used for? Let's say I've a non-admin user who wants to create a tls listener.	18:07
nrado	Is the neutron or octvaia user the one who is responsible for the listener as a consumer? I'm asking because it might be that I have some problems with the RBAC of barbican.	18:07
nrado	That's why I need to know what is happening in the background	18:07
nrado	I was able to to create a TLS listener with an admin user, but as soon as I use a normal user, it's forbidden	18:08
johnsom	Right. The issue is the new ACL model in barbican. When you store your secrets in barbican they are under your project_id. However, when using them for a listener in octavia/lbaas either neturon or octavia will need access to those secrets containers.	18:10
johnsom	If everything is admin, we are fine. I.e. the container is created as admin and lbaas/octavia are running as admin we can access the containers in barbican.	18:10
johnsom	However, when the containers are created under a different project_id we have to authorize the account lbaas/octavia is running under to have access to those containers in barbican and the contents of the containers.	18:11
johnsom	This is the ACL lines in that example.	18:12
johnsom	Over time, the way barbican handles this has changed, thus the wiki docs being a bit old.	18:12
johnsom	In the future we are working to allow the listener create API to do this authorization on behalf of the requesting user, but we are not there yet.	18:13
johnsom	Does that help?	18:14
nrado	Yeah, sounds fine to me. So I need to run the "openstack acl user add" commands in order to authorize the neutron or octavia user to have access to the containers	18:16
*** bank_ has joined #openstack-lbaas		18:17
nrado	I'll give it a try now	18:17
johnsom	Yep	18:17
nrado	Hope it will work, thanks for helping me	18:17
johnsom	No problem, sorry this has been a bit of a moving target for us. Maybe in Pike we can get this cleaned up	18:18
*** bana_k has quit IRC		18:19
*** eezhova has quit IRC		18:23
*** bank_ has quit IRC		18:29
openstackgerrit	Michael Johnson proposed openstack/octavia: Remove an erroneous MarkHealthMonitorActiveInDB task https://review.openstack.org/409403	18:36
*** cody-somerville has quit IRC		18:48
johnsom	Hmm, this subunit failure is going to be tricky to track down. I just ran a test on 457 testr output files I had local and none of them failed like the gate....	18:50
*** eezhova has joined #openstack-lbaas		18:54
openstackgerrit	Michael Johnson proposed openstack/octavia: Do not merge: Save original testr output https://review.openstack.org/420907	18:55
*** cody-somerville has joined #openstack-lbaas		19:10
*** cody-somerville has quit IRC		19:10
*** cody-somerville has joined #openstack-lbaas		19:10
*** bana_k has joined #openstack-lbaas		19:11
*** ducttape_ has joined #openstack-lbaas		19:15
*** ducttape_ has quit IRC		19:19
*** cody-somerville has quit IRC		19:20
*** ducttape_ has joined #openstack-lbaas		19:25
*** ducttape_ has quit IRC		19:30
openstackgerrit	Michael Johnson proposed openstack/octavia: Do not merge: Save original testr output https://review.openstack.org/420907	19:52
openstackgerrit	Michael Johnson proposed openstack/octavia: Do not merge: Save original testr output https://review.openstack.org/420907	19:54
*** jerrygb has joined #openstack-lbaas		19:57
nmagnezi	johnsom, hey	19:58
johnsom	Hi	19:59
nmagnezi	johnsom, re ^^ (static routes), i think this is what i tried	19:59
nmagnezi	that didn't work for me	19:59
nmagnezi	i added a static route to a subnet	19:59
nmagnezi	and created a loadbalancer in that subnet	19:59
nmagnezi	created a listener and checked the cfg files	19:59
nmagnezi	didn't find any static route	19:59
johnsom	Hmmm, that is how I tested it. Let me see if I can try again	20:00
johnsom	amp is booting	20:04
johnsom	nmagnezi where are you checking?	20:05
*** bana_k has quit IRC		20:07
nmagnezi	johnsom, devstack master branch	20:07
nmagnezi	johnsom, i mean octavia master :)	20:07
nmagnezi	johnsom, ubuntu amp	20:07
johnsom	Yeah, where were you checking in the amp?	20:07
nmagnezi	johnsom, oh, sec	20:07
nmagnezi	johnsom, http://paste.openstack.org/show/595102/	20:08
*** bana_k has joined #openstack-lbaas		20:10
*** nrado has left #openstack-lbaas		20:11
johnsom	nmagnezi Hmmm, well, on my system I'm getting another error I will need to look into, but I do have the route in /etc/netns/amphora-haproxy/network/interfaces.d/eth1.cfg	20:11
johnsom	http://paste.openstack.org/show/TPYDUj6UcWT4X0V8Nl3q/	20:12
nmagnezi	johnsom, can you please paste the cmd you used to create the subnet? maybe i'm doing something wrong there	20:12
johnsom	neutron subnet-update --host-route destination=99.99.99.0/24,nexthop=172.21.21.244 private-subnet	20:12
johnsom	neutron lbaas-loadbalancer-create --name lb1 private-subnet	20:12
johnsom	That is what I did	20:13
nmagnezi	johnsom, thanks! I'll check and let you know :)	20:13
johnsom	Now, to figure out what went wrong with the agent... (though I'm not sure what code I have checked out at the moment on this devstack)	20:14
nmagnezi	johnsom, that's the fun part :)	20:17
*** cody-somerville has joined #openstack-lbaas		20:27
*** cody-somerville has quit IRC		20:27
*** cody-somerville has joined #openstack-lbaas		20:27
*** woodster_ has joined #openstack-lbaas		20:32
openstackgerrit	Michael Johnson proposed openstack/octavia: Do not merge: Save original testr output https://review.openstack.org/420907	20:32
openstackgerrit	Michael Johnson proposed openstack/octavia: Do not merge: Save original testr output https://review.openstack.org/420907	20:33
openstackgerrit	OpenStack Proposal Bot proposed openstack/neutron-lbaas: Updated from global requirements https://review.openstack.org/420843	20:34
*** ducttape_ has joined #openstack-lbaas		20:45
*** ducttape_ has quit IRC		20:49
*** gcheresh_ has joined #openstack-lbaas		20:53
*** eezhova has quit IRC		21:29
openstackgerrit	Michael Johnson proposed openstack/octavia: Do not merge: Save original testr output https://review.openstack.org/420907	21:30
johnsom	Of course, with the log archiving the test won't fail...	21:31
*** ducttape_ has joined #openstack-lbaas		21:35
*** frippe75 has quit IRC		21:36
*** ducttape_ has quit IRC		21:43
*** ducttape_ has joined #openstack-lbaas		21:44
*** ducttape_ has quit IRC		21:44
*** eezhova has joined #openstack-lbaas		21:46
*** eezhova has quit IRC		21:56
*** csomerville has joined #openstack-lbaas		22:01
*** cody-somerville has quit IRC		22:04
*** cody-somerville has joined #openstack-lbaas		22:05
*** saju_m has quit IRC		22:08
*** csomerville has quit IRC		22:08
*** saju_m has joined #openstack-lbaas		22:10
*** gcheresh_ has quit IRC		22:13
openstackgerrit	Michael Johnson proposed openstack/octavia: Archive the raw testrepository log https://review.openstack.org/420907	22:15
*** yamamoto has joined #openstack-lbaas		22:15
nmagnezi	johnsom, just tested it	22:15
johnsom	Well, I'm giving up and just adding that log archive to our gates.	22:15
nmagnezi	johnsom, not sure what happens but the loadbalancer ends up with ERROR state and the amphora gets deleted	22:16
johnsom	nmagnezi How did it go? I found my issue. I was passing in a bogus host route, so the plug was failing	22:16
nmagnezi	i should set a break point so I can debug	22:16
johnsom	nmagnezi Yeah, could be the same issue. If the route doesn't have a valid gw it fails.	22:17
nmagnezi	johnsom, i should try this stuff with valid routes :)	22:17
johnsom	nmagnezi FYI, you can stop the revert from running and cleaning up the amp.	22:17
nmagnezi	johnsom, anyhow I trust what you just pasted. I'll take this as example	22:17
nmagnezi	johnsom, by stopping the hk and hm services?	22:17
johnsom	nmagnezi To stop reverts, edit octavia/common/base_taskflow.py	22:18
johnsom	nmagnezi then add "never_resolve=True," to the tf_engines.load()	22:18
* nmagnezi takes notes		22:19
johnsom	That makes taskflow just stop the flow if an error occurs that would cause a revert	22:19
nmagnezi	johnsom, that's a nifty trick :)	22:19
johnsom	I asked for it special from the taskflow folks	22:19
nmagnezi	johnsom, till now I just placed breakpoints (pdb) on specific location	22:19
johnsom	The name is a bit cryptic, but it works	22:19
nmagnezi	johnsom, for example after the amp instance is created	22:20
johnsom	I should really add a config setting for that....	22:20
nmagnezi	johnsom, so I can use rsync and sync the latest amphora-agent code to the instance and restart the agent	22:20
nmagnezi	johnsom, a bit tricky, but it works	22:20
nmagnezi	johnsom, http://paste.openstack.org/show/595110/ :)	22:22
nmagnezi	johnsom, centos amp	22:22
johnsom	Nice!!!!	22:22
nmagnezi	johnsom, indeed! I just need to finish the jinja2 templates to include those static routes and ipv6	22:23
nmagnezi	johnsom, doing my best to finish this week..	22:23
johnsom	Please do. It would great to get this in	22:23
nmagnezi	johnsom, if you have some spare cycles (you don't) you can already have a look at the patch and give me an initial feedback	22:24
johnsom	I will make time	22:24
nmagnezi	johnsom, it would. I really want to make it. I'll keep you posted on this	22:24
johnsom	Ok, sounds good	22:24
nmagnezi	johnsom, okay, /me going to sleep it passed midnight	22:25
johnsom	Good night	22:26
nmagnezi	johnsom, good night	22:26
nmagnezi	johnsom, oh before i go, one thing i wanted to ask you about	22:27
nmagnezi	johnsom, https://review.openstack.org/#/c/331841/41/elements/amphora-agent/init-scripts/systemd/amphora-agent.service	22:27
nmagnezi	johnsom, so we either need to have separate files for ubuntu and centos	22:27
nmagnezi	johnsom, or we can omit the full patch and use	22:28
johnsom	Ah, the install path is different	22:28
nmagnezi	johnsom, or we can omit the full patch and use: amphora-image to trigger the alias	22:28
nmagnezi	yup	22:28
johnsom	nmagnezi Well, systemd requires the full path. It will fail without.	22:28
nmagnezi	i changed it just for my dev needs	22:28
nmagnezi	johnsom, ack, so we'll need additional file	22:29
johnsom	nmagnezi I think there is a way to force the install to /usr/local/bin. Would that be ok if I can pull up the way to override that?	22:29
nmagnezi	johnsom, mmm.. i dunno, i never tried such a thing. if it works i guess it is okay to have that	22:31
nmagnezi	johnsom, it might be a silly suggestion but maybe we can create a symlink ?	22:31
johnsom	nmagnezi Ok, I will research and push a patch while you sleep	22:31
nmagnezi	johnsom, thanks a lot :)	22:32
johnsom	Yeah, a sym link would probably work too. I will investigate	22:32
nmagnezi	johnsom, aye. good night	22:33
*** jerrygb has quit IRC		22:34
*** ducttape_ has joined #openstack-lbaas		22:45
*** ducttape_ has quit IRC		22:49
*** cody-somerville has quit IRC		22:59
johnsom	Six runs with the testr archive and no failures... ugh. Well, we can just merge the archive code and use it when it fails again in the future	23:00
*** cody-somerville has joined #openstack-lbaas		23:18
*** cody-somerville has quit IRC		23:18
*** cody-somerville has joined #openstack-lbaas		23:18
*** jerrygb has joined #openstack-lbaas		23:22
*** jerrygb has quit IRC		23:26
*** guest has joined #openstack-lbaas		23:29
*** jerrygb has joined #openstack-lbaas		23:34
*** ducttape_ has joined #openstack-lbaas		23:35
openstackgerrit	Merged openstack/octavia: Updated from global requirements https://review.openstack.org/420845	23:36
*** csomerville has joined #openstack-lbaas		23:39
*** cody-somerville has quit IRC		23:42
openstackgerrit	Michael Johnson proposed openstack/octavia: WIP - Fix the amphora-agent support for RH based Linux flavors https://review.openstack.org/331841	23:54
*** ankur-gupta-f2 has left #openstack-lbaas		23:57
*** fnaval has quit IRC		23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!