| *** tongl has quit IRC | 00:52 | |
| *** csomerville has quit IRC | 00:56 | |
| *** cody-somerville has joined #openstack-lbaas | 01:03 | |
| *** harlowja has quit IRC | 01:13 | |
| *** dougwig has quit IRC | 01:24 | |
| *** ipsecguy has joined #openstack-lbaas | 01:32 | |
| *** ipsecguy_ has quit IRC | 01:33 | |
| *** sanfern has joined #openstack-lbaas | 02:04 | |
| *** yamamoto has joined #openstack-lbaas | 02:17 | |
| *** sanfern has quit IRC | 02:18 | |
| *** yamamoto has quit IRC | 02:38 | |
| *** yamamoto has joined #openstack-lbaas | 02:48 | |
| *** diltram has quit IRC | 03:50 | |
| *** gcheresh has joined #openstack-lbaas | 03:52 | |
| *** yamamoto has quit IRC | 03:57 | |
| *** links has joined #openstack-lbaas | 03:58 | |
| *** yamamoto has joined #openstack-lbaas | 03:59 | |
| *** diltram has joined #openstack-lbaas | 04:01 | |
| *** yamamoto has quit IRC | 04:04 | |
| *** yamamoto has joined #openstack-lbaas | 04:05 | |
| *** gcheresh has quit IRC | 04:14 | |
| *** yamamoto has quit IRC | 04:14 | |
| *** reedip has quit IRC | 04:14 | |
| *** reedip has joined #openstack-lbaas | 04:15 | |
| *** yamamoto has joined #openstack-lbaas | 04:15 | |
| *** yamamoto has quit IRC | 04:21 | |
| *** sanfern has joined #openstack-lbaas | 04:25 | |
| *** harlowja has joined #openstack-lbaas | 04:31 | |
| openstackgerrit | Merged openstack/neutron-lbaas master: Enhancements for the the back-end system https://review.openstack.org/479614 | 04:40 |
|---|---|---|
| *** yamamoto has joined #openstack-lbaas | 04:44 | |
| *** harlowja has quit IRC | 04:47 | |
| openstackgerrit | OpenStack Proposal Bot proposed openstack/neutron-lbaas master: Updated from global requirements https://review.openstack.org/483371 | 04:47 |
| *** gcheresh has joined #openstack-lbaas | 05:03 | |
| *** afranc has quit IRC | 05:10 | |
| *** diltram has quit IRC | 05:13 | |
| *** armax has quit IRC | 05:14 | |
| *** armax has joined #openstack-lbaas | 05:15 | |
| *** armax has quit IRC | 05:15 | |
| *** diltram has joined #openstack-lbaas | 05:16 | |
| *** armax has joined #openstack-lbaas | 05:16 | |
| *** armax has quit IRC | 05:16 | |
| *** armax has joined #openstack-lbaas | 05:17 | |
| *** armax has quit IRC | 05:17 | |
| *** armax has joined #openstack-lbaas | 05:17 | |
| *** armax has quit IRC | 05:18 | |
| *** armax has joined #openstack-lbaas | 05:18 | |
| *** armax has quit IRC | 05:18 | |
| *** afranc has joined #openstack-lbaas | 05:21 | |
| *** harlowja has joined #openstack-lbaas | 05:46 | |
| *** rcernin has joined #openstack-lbaas | 05:50 | |
| *** diltram has quit IRC | 06:41 | |
| *** harlowja has quit IRC | 06:42 | |
| *** diltram has joined #openstack-lbaas | 06:47 | |
| *** diltram has quit IRC | 06:58 | |
| *** diltram has joined #openstack-lbaas | 07:08 | |
| *** tesseract has joined #openstack-lbaas | 07:17 | |
| *** aojea has joined #openstack-lbaas | 07:20 | |
| *** catintheroof has joined #openstack-lbaas | 07:31 | |
| *** catintheroof has quit IRC | 07:36 | |
| *** diltram has quit IRC | 07:38 | |
| *** diltram has joined #openstack-lbaas | 07:45 | |
| *** diltram has quit IRC | 07:52 | |
| *** diltram has joined #openstack-lbaas | 07:54 | |
| *** diltram has quit IRC | 08:01 | |
| *** diltram has joined #openstack-lbaas | 08:08 | |
| *** cody-somerville has quit IRC | 08:36 | |
| *** cody-somerville has joined #openstack-lbaas | 08:36 | |
| *** cody-somerville has quit IRC | 08:36 | |
| *** cody-somerville has joined #openstack-lbaas | 08:36 | |
| *** diltram has quit IRC | 08:44 | |
| *** diltram has joined #openstack-lbaas | 08:47 | |
| *** openstackgerrit has quit IRC | 08:49 | |
| *** yamamoto has quit IRC | 09:06 | |
| *** yamamoto has joined #openstack-lbaas | 09:10 | |
| *** yamamoto has quit IRC | 09:10 | |
| *** mjblack has quit IRC | 09:10 | |
| *** yamamoto has joined #openstack-lbaas | 09:14 | |
| *** diltram has quit IRC | 09:24 | |
| *** diltram has joined #openstack-lbaas | 09:28 | |
| *** yamamoto has quit IRC | 09:36 | |
| *** yamamoto has joined #openstack-lbaas | 09:36 | |
| *** kobis has joined #openstack-lbaas | 09:42 | |
| *** atoth has quit IRC | 10:17 | |
| *** gcheresh_ has joined #openstack-lbaas | 10:28 | |
| *** gcheresh has quit IRC | 10:28 | |
| *** yamamoto has quit IRC | 10:55 | |
| *** atoth has joined #openstack-lbaas | 11:05 | |
| *** Alex_Staf has joined #openstack-lbaas | 11:29 | |
| *** dougwig has joined #openstack-lbaas | 11:32 | |
| Alex_Staf | rm_work, ping | 11:37 |
| *** yamamoto has joined #openstack-lbaas | 11:40 | |
| *** chlong_ has quit IRC | 11:43 | |
| *** aojea has quit IRC | 11:53 | |
| *** aojea has joined #openstack-lbaas | 12:02 | |
| *** yamamoto has quit IRC | 12:03 | |
| *** aojea has quit IRC | 12:07 | |
| *** kobis has quit IRC | 12:19 | |
| *** yamamoto has joined #openstack-lbaas | 12:21 | |
| *** aojea has joined #openstack-lbaas | 12:21 | |
| *** catintheroof has joined #openstack-lbaas | 12:21 | |
| Alex_Staf | rm_work, Hi, I am Octavia QE, I was wondering if there is haproxy l7 tests that are public. | 12:25 |
| *** aojea has quit IRC | 12:25 | |
| *** aojea has joined #openstack-lbaas | 12:39 | |
| *** aojea has quit IRC | 12:44 | |
| *** aojea has joined #openstack-lbaas | 12:48 | |
| *** aojea has quit IRC | 12:53 | |
| *** aojea has joined #openstack-lbaas | 12:57 | |
| *** aojea has quit IRC | 13:02 | |
| *** aojea has joined #openstack-lbaas | 13:06 | |
| *** aojea has quit IRC | 13:11 | |
| *** aojea has joined #openstack-lbaas | 13:25 | |
| *** aojea has quit IRC | 13:30 | |
| *** gcheresh_ has quit IRC | 13:42 | |
| *** aojea has joined #openstack-lbaas | 13:48 | |
| *** sanfern has quit IRC | 13:57 | |
| *** armax has joined #openstack-lbaas | 13:59 | |
| *** yamamoto has quit IRC | 14:09 | |
| *** links has quit IRC | 14:18 | |
| tomtomtom | @johnsom got octavia v2 working for not https loadbalancing, thanks for the help! and @rm_work and @xgerman | 14:54 |
| tomtomtom | in v2 is https load balancing working for barbican? | 14:54 |
| johnsom | Yes, it should be working, it was tested during the v2 development ( I spun it up for the API reference examples) | 14:55 |
| tomtomtom | i've configured barbican_cert_manager and barbican_acl_auth within octavia.conf, does it require an service_auth section or anything like that? | 14:56 |
| nmagnezi | johnsom, o/ | 15:00 |
| nmagnezi | johnsom, a question about octavia client. is it fully ready? or are we have some parts of the api to implement? | 15:03 |
| johnsom | tomtomtom Yes, the service_auth section is needed. There is also some either barbican RBAC or using the CLI ACLs that needs to happen. | 15:08 |
| *** yamamoto has joined #openstack-lbaas | 15:09 | |
| johnsom | nmagnezi The API is done aside from flavors and providers to my knowledge. The CLI is mostly done, I think missing status, stats, and quota still. I'm working on the OpenStack SDK as we speak | 15:09 |
| nmagnezi | johnsom, ack. thanks! | 15:11 |
| nmagnezi | johnsom, btw added something to the agenda for today | 15:12 |
| johnsom | Ok, cool, I have not got there yet, but will soon | 15:12 |
| *** yamamoto has quit IRC | 15:19 | |
| tomtomtom | yeah I added the octavia user to the acl for barbican already, but I only have a keystone auth section, not a service_auth section, I'll put that in. | 15:26 |
| johnsom | I posted our agenda for today: https://wiki.openstack.org/wiki/Octavia/Weekly_Meeting_Agenda#Meeting_2017-07-19 | 15:32 |
| johnsom | I tagged xgerman_ for the L3 active/active discussion we had. If you post some comments on the spec maybe we can skip that section of the agenda, otherwise we can discuss. | 15:32 |
| *** Alex_Staf has quit IRC | 15:32 | |
| *** ssmith has joined #openstack-lbaas | 15:36 | |
| ssmith | johnsom: Do you know what user Octavia uses when accessing the Barbican secret store. With Neutron LBaaS we had to acl user add the admin user that it was using for Neutron LBaaS in order for the LB to read the SSL Certificate. | 15:37 |
| johnsom | ssmith It will be the user you specify as the service_auth user in your octavia.conf. This can be the deployment "admin" user or could be a "octavia_service" user that has been granted the correct roles in the other services (nova, neutron, barbican, etc.) | 15:40 |
| ssmith | https://bugs.launchpad.net/barbican/+bug/1627391 you wrote "I think this bug is less important than the cascade ACL in bug 1592612 | 15:41 |
| openstack | Launchpad bug 1627391 in Barbican "Regular users do not have access to 'admin' ID when creating ACLs" [Undecided,Triaged] - Assigned to Douglas Mendizábal (dougmendizabal) | 15:41 |
| ssmith | If we have the cascade ACL feature we can eliminate this requirement from user workflow in lbaas/octavia." So is cascade acl working or this acl user add is required? | 15:41 |
| openstack | bug 1592612 in octavia "LBaaS TLS is not working with non-admin tenant" [High,Confirmed] https://launchpad.net/bugs/1592612 | 15:41 |
| *** dougwig has quit IRC | 15:42 | |
| johnsom | ssmith I have not checked in with the barbican project to see if it got implemented. Last time I checked, a few months ago, it had not yet been implemented. | 15:42 |
| *** openstackgerrit has joined #openstack-lbaas | 15:42 | |
| openstackgerrit | Xing Zhang proposed openstack/octavia master: Fix haproxy_check_script for delete listener https://review.openstack.org/485254 | 15:42 |
| johnsom | Once that is added we can make the ACL issue transparent to the end users or you don't have to change the RBAC for barbican | 15:43 |
| tomtomtom | so it sounds like the service_auth section for octavia needs to be set to auth to the admin project rather than the service project? | 15:48 |
| xgerman_ | yep, there is a special babrbican section | 15:49 |
| johnsom | Well, you can give it the "admin" role and the rest of the services won't need RBAC changes. If you set it up as a service account, you need to setup the RBAC in the other services to allow that account acceess. | 15:49 |
| tomtomtom | "special barbican section" in octavia.conf? is it [certificates]? | 15:51 |
| xgerman_ | I think so but it mostly allows you to spwcify the endpoint. | 15:54 |
| *** sanfern has joined #openstack-lbaas | 16:06 | |
| *** rcernin has quit IRC | 16:09 | |
| *** aojea has quit IRC | 16:13 | |
| *** aojea has joined #openstack-lbaas | 16:14 | |
| *** sanfern has quit IRC | 16:17 | |
| *** sanfern has joined #openstack-lbaas | 16:18 | |
| *** aojea has quit IRC | 16:18 | |
| *** rcernin has joined #openstack-lbaas | 16:23 | |
| tomtomtom | I see a tls_certificate_id in the octavia table, however, where's the ref stored? I see an sni table but no tls table? what is the tls_certificate_id referring to? | 16:27 |
| tomtomtom | *octavia listener table* | 16:27 |
| *** sanfern has quit IRC | 16:27 | |
| johnsom | tls_certificate_id is really the barbican href | 16:28 |
| johnsom | the raw DB tables still have old terminology | 16:29 |
| tomtomtom | ok, just having trouble setting a default-tls-container-ref for the listener, debug (from openstack command) always shows none even though there are no errors. | 16:31 |
| johnsom | Can you run "openstack --debug loadbalancer ..." and pastebin? | 16:32 |
| johnsom | Maybe there is a CLI bug | 16:32 |
| *** aojea has joined #openstack-lbaas | 16:41 | |
| *** aojea has quit IRC | 16:45 | |
| *** aojea has joined #openstack-lbaas | 16:50 | |
| *** sshank has joined #openstack-lbaas | 16:52 | |
| *** aojea has quit IRC | 16:54 | |
| *** jniesz has joined #openstack-lbaas | 16:57 | |
| johnsom | Octavia meeting starting soon on #openstack-meeting | 16:58 |
| *** sanfern has joined #openstack-lbaas | 17:01 | |
| ssmith | Any hints? We're getting SSL_ERROR_RX_RECORD_TOO_LONG on a new LB | 17:03 |
| tomtomtom | as a side note since the command wasn't working I did a mysql update for the tls_container_id to manually put in the href, but no luck doing that, probably wrong anyway. | 17:16 |
| *** aojea has joined #openstack-lbaas | 17:16 | |
| *** rm_mobile has joined #openstack-lbaas | 17:17 | |
| *** aojea has quit IRC | 17:22 | |
| *** harlowja has joined #openstack-lbaas | 17:25 | |
| *** harlowja has quit IRC | 17:25 | |
| *** harlowja has joined #openstack-lbaas | 17:26 | |
| *** JudeC has joined #openstack-lbaas | 17:43 | |
| *** tesseract has quit IRC | 17:46 | |
| rm_work | tomtomtom: the command wasn't working? which command? | 17:47 |
| tomtomtom | openstack loadbalancer listener create; when passing the --default-tls-confainer-ref http://barbican/container it is not updating the tls_container_id in the listener table. | 17:49 |
| rm_work | hmmm | 17:51 |
| rm_work | i haven't done a ton of testing with tls recently | 17:51 |
| rm_work | but that seems odd | 17:51 |
| *** atoth has quit IRC | 17:51 | |
| *** atoth has joined #openstack-lbaas | 17:57 | |
| johnsom | tomtomtom Your href looks like this right? https://developer.openstack.org/api-ref/load-balancer/v2/index.html?expanded=create-listener-detail#id32 | 18:05 |
| *** atoth has quit IRC | 18:06 | |
| JudeC | It could possibly be the client not working as intended as well. | 18:07 |
| johnsom | That is what I was thinking, maybe a bug crept in to the client. That is why I was asking for the debug output. | 18:07 |
| JudeC | Im finally back by the way :) | 18:08 |
| johnsom | You could try updating it via the API directly (how I tested it last) | 18:08 |
| tomtomtom | it looks like this exactly: http://198.51.100.10:9311/v1/containers/a570068c-d295-4780-91d4-3046a325db51 | 18:08 |
| johnsom | https://developer.openstack.org/api-ref/load-balancer/v2/index.html?expanded=update-a-listener-detail#id42 | 18:08 |
| johnsom | Hmm, that didn't open right for me. It's the update a listener section, I include the curl command line to do it direct to the API | 18:09 |
| johnsom | JudeC Welcome back! | 18:09 |
| tomtomtom | ok, so i don't have sni, is that an issue? | 18:09 |
| tomtomtom | I just use the tls containers from barbican | 18:10 |
| johnsom | No, SNI is totally optional | 18:10 |
| tomtomtom | right thats what I thought.... | 18:10 |
| johnsom | Ok, mascot e-mail sent | 18:15 |
| johnsom | Time for lunch before my next meeting. | 18:15 |
| openstackgerrit | OpenStack Proposal Bot proposed openstack/neutron-lbaas master: Updated from global requirements https://review.openstack.org/483371 | 18:38 |
| *** rm_mobile has quit IRC | 18:45 | |
| *** sanfern has quit IRC | 18:58 | |
| *** aojea has joined #openstack-lbaas | 19:05 | |
| *** gcheresh_ has joined #openstack-lbaas | 19:06 | |
| *** sshank has quit IRC | 19:07 | |
| *** aojea has quit IRC | 19:10 | |
| *** aojea has joined #openstack-lbaas | 19:15 | |
| *** chlong_ has joined #openstack-lbaas | 19:15 | |
| *** aojea has quit IRC | 19:19 | |
| *** kbyrne has quit IRC | 19:22 | |
| *** aojea has joined #openstack-lbaas | 19:24 | |
| *** kbyrne has joined #openstack-lbaas | 19:25 | |
| *** aojea has quit IRC | 19:28 | |
| *** aojea has joined #openstack-lbaas | 19:33 | |
| tomtomtom | ok so I've figured out that the haproxy on the amphora instance is removing the instances from the backend. | 19:33 |
| johnsom | They are failing the health monitor check? | 19:36 |
| *** aojea has quit IRC | 19:38 | |
| *** gcheresh_ has quit IRC | 19:42 | |
| *** tinyurl_comSLASH has joined #openstack-lbaas | 19:50 | |
| tomtomtom | yes, and I can't figure out why | 19:50 |
| tomtomtom | the server telnets to port 80 and can curl it. | 19:50 |
| tomtomtom | i'm trying to add some extra options to haproxy to get more verbose in logs | 19:51 |
| *** jniesz has quit IRC | 19:51 | |
| *** tinyurl_comSLASH has left #openstack-lbaas | 19:53 | |
| *** dougwig has joined #openstack-lbaas | 19:53 | |
| *** chlong_ has quit IRC | 20:03 | |
| *** sshank has joined #openstack-lbaas | 20:17 | |
| *** diltram has quit IRC | 20:18 | |
| *** diltram has joined #openstack-lbaas | 20:30 | |
| *** aojea has joined #openstack-lbaas | 20:36 | |
| *** diltram has quit IRC | 20:37 | |
| *** diltram has joined #openstack-lbaas | 20:41 | |
| *** aojea has quit IRC | 20:41 | |
| *** sshank has quit IRC | 20:42 | |
| *** sshank has joined #openstack-lbaas | 20:42 | |
| *** aojea has joined #openstack-lbaas | 20:46 | |
| *** chlong_ has joined #openstack-lbaas | 20:48 | |
| *** aojea has quit IRC | 20:50 | |
| *** aojea has joined #openstack-lbaas | 20:55 | |
| *** jniesz has joined #openstack-lbaas | 20:58 | |
| *** aojea has quit IRC | 20:59 | |
| *** aojea has joined #openstack-lbaas | 21:04 | |
| *** chlong_ has quit IRC | 21:04 | |
| *** aojea has quit IRC | 21:08 | |
| *** aojea has joined #openstack-lbaas | 21:13 | |
| openstackgerrit | Xing Zhang proposed openstack/octavia master: Fix haproxy_check_script for delete listener https://review.openstack.org/485254 | 21:14 |
| *** aojea has quit IRC | 21:18 | |
| tomtomtom | @johnsom how would I restart the haproxy service on an amphora instance? when I do via service or systemctl I lose the vip i'm trying to use. | 21:21 |
| *** aojea has joined #openstack-lbaas | 21:22 | |
| johnsom | You should be able to systemctl restart the haproxy-<uuid> | 21:22 |
| johnsom | If you are loosing the vip, something is screwy in your networking. | 21:22 |
| johnsom | It does rebuild the network namespace when you restart that process | 21:23 |
| johnsom | If you just want to pickup a config change, use reload instead of restart | 21:23 |
| *** sshank has quit IRC | 21:25 | |
| *** aojea has quit IRC | 21:27 | |
| tomtomtom | ok not losing vip, it keeps booting out all my backend servers even though they're reachable on port 80 | 21:27 |
| *** aojea has joined #openstack-lbaas | 21:31 | |
| *** sshank has joined #openstack-lbaas | 21:32 | |
| tomtomtom | this is the reason it states for the issue: Jul 19 21:31:42 amphora-81873411-447f-4233-af6d-a9388eb18a41 haproxy[2071]: Health check for server 3730d956-a81e-409d-abce-e11a6e6eb905/e778e742-5169-4e04-aaf6-09651d0f02af failed, reason: Layer4 timeout, info: " at initial connection step of tcp-check", check duration: 5001ms, status: 0/1 DOWN. | 21:32 |
| rm_work | tomtomtom: you can go into the namespace and try to curl the healthcheck url on your members | 21:35 |
| rm_work | i find that useful for debugging | 21:35 |
| rm_work | usually it's not haproxy's fault | 21:35 |
| tomtomtom | ok | 21:35 |
| tomtomtom | i'll give that a try | 21:35 |
| rm_work | tomtomtom: sudo ip netns exec amphora-haproxy bash | 21:35 |
| rm_work | and yeah just start curling the members | 21:35 |
| rm_work | see what comes back | 21:35 |
| *** aojea has quit IRC | 21:35 | |
| johnsom | Yeah, that is saying the TCP port isn't open. I would bet a security group or iptables rule is blocking the LB source addr | 21:36 |
| tomtomtom | aha! ok thanks @rm_work I did not realize there was a net namespace on the amphora instance, that helps a lot thanks! | 21:37 |
| rm_work | yeah prolly that's why you aren't seeing the VIP :) | 21:37 |
| johnsom | Oh! Yeah, all tenant traffic is isolated to the network namespace | 21:37 |
| rm_work | it doesn't show up in the main namespace | 21:37 |
| rm_work | once you are in that namespace, "ifconfig" or whatever will show you the VIP | 21:37 |
| rm_work | woo ok finally running with gunicorn instead of uwsgi | 21:38 |
| tomtomtom | yeah i see that so haproxy will use this net namespace for health checks? | 21:38 |
| rm_work | i really dislike uwsgi | 21:38 |
| rm_work | tomtomtom: yes | 21:39 |
| rm_work | everything haproxy lives inside the ns | 21:39 |
| johnsom | Yes, haproxy is inside the namespace | 21:39 |
| tomtomtom | ok well I see a basic issue with the way the LB was created inside the network, I currently only have the namespace on the external network, it can't reach the private ip's of the web servers from there. | 21:40 |
| *** aojea has joined #openstack-lbaas | 21:40 | |
| johnsom | When you add the member to the load balancer you specify the subnet they are reachable from, that would cause those networks to get hot-plugged into the namespace | 21:42 |
| *** aojea has quit IRC | 21:44 | |
| *** tongl has joined #openstack-lbaas | 21:45 | |
| tomtomtom | ok | 21:49 |
| *** aojea has joined #openstack-lbaas | 21:49 | |
| *** cpusmith has joined #openstack-lbaas | 21:50 | |
| tomtomtom | yeah ok I don't think the hot plugging is working because the subnet my vm instances are on are not reachable via the namespace.... example my vm is on 10.20.10.x and I would expect the namespace to be able to reach that subnet but it cannot. | 21:50 |
| openstackgerrit | Jason Niesz proposed openstack/octavia master: blueprint: l3-active-active https://review.openstack.org/453005 | 21:51 |
| tomtomtom | i bound a 10.20.10.x ip to the interface in the namespace hoping it would come on, but it did not work. | 21:52 |
| *** ssmith has quit IRC | 21:53 | |
| *** aojea has quit IRC | 21:53 | |
| *** cpusmith has quit IRC | 21:54 | |
| johnsom | tomtomtom Yeah, that will not work, it has to come through neutron, etc. Just delete the member from the pool and add it back with the proper subnet_id for your backend servers. | 21:57 |
| johnsom | If that is not adding the interface into the namespace, check the o-cw and amphora agent logs (amphora-agent and syslog in the amp) | 21:57 |
| johnsom | But if the member isn't going into provisioning_status ERROR that means the plug was successful | 21:58 |
| *** aojea has joined #openstack-lbaas | 21:59 | |
| *** aojea has quit IRC | 22:03 | |
| *** aojea has joined #openstack-lbaas | 22:08 | |
| *** aojea has quit IRC | 22:12 | |
| *** aojea has joined #openstack-lbaas | 22:17 | |
| *** aojea has quit IRC | 22:21 | |
| *** sshank has quit IRC | 22:25 | |
| *** aojea has joined #openstack-lbaas | 22:26 | |
| *** aojea has quit IRC | 22:30 | |
| *** aojea has joined #openstack-lbaas | 22:35 | |
| *** aojea has quit IRC | 22:39 | |
| *** sshank has joined #openstack-lbaas | 22:44 | |
| *** ssmith has joined #openstack-lbaas | 22:44 | |
| *** jniesz has quit IRC | 22:58 | |
| rm_work | anyone know what causes this? | 23:02 |
| *** aojea has joined #openstack-lbaas | 23:02 | |
| rm_work | /venv/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (139, u'Row size too large (> 8126). Changing some columns to TEXT or BLOB may help. In current row format, BLOB prefix of 0 bytes is stored inline.') | 23:02 |
| rm_work | johnsom: ^^ | 23:03 |
| *** catintheroof has quit IRC | 23:03 | |
| rm_work | there's some notes about having to set a log file size larger on the mysql side | 23:03 |
| rm_work | but | 23:03 |
| *** yamamoto has joined #openstack-lbaas | 23:04 | |
| rm_work | this is on the app side O_o | 23:04 |
| johnsom | Someone trying to put too large of data in a field? | 23:04 |
| *** aojea has quit IRC | 23:07 | |
| tongl | Quick question on the L7 rule. For example if I want to define a rule to match cookie_name=foo cookie_value=bar, the type is COOKIE, what should we specify for value? | 23:09 |
| tongl | Checked the api-ref, and it seems we can use key=foo, value=bar to match the cookie. | 23:11 |
| rm_work | johnsom: i mean... this is octavia | 23:11 |
| rm_work | so ?? | 23:11 |
| rm_work | one of our tables has a large row size i guess | 23:11 |
| johnsom | tongl It would be type=COOKIE, key=foo, value=bar | 23:11 |
| *** aojea has joined #openstack-lbaas | 23:11 | |
| tongl | johnsom: thanks! | 23:12 |
| johnsom | I would be surprised that we have a column over 8126.... | 23:12 |
| johnsom | tongl This may be helpful: https://developer.openstack.org/api-ref/load-balancer/v2/index.html?expanded=create-an-l7-policy-detail,create-an-l7-rule-detail#create-an-l7-rule | 23:12 |
| johnsom | and the cookbooks here: https://docs.openstack.org/octavia/latest/user/index.html | 23:13 |
| rm_work | johnsom: hmm, not sure what else it'd be | 23:13 |
| johnsom | tongl This one is basically what you are doing: https://docs.openstack.org/octavia/latest/user/guides/l7-cookbook.html#send-unauthenticated-users-to-login-pool-scenario-1 | 23:13 |
| tongl | Awesome, this is exactly I am looking for. | 23:14 |
| *** aojea has quit IRC | 23:16 | |
| *** yamamoto has quit IRC | 23:18 | |
| rm_work | BTW what are we doing about: | 23:20 |
| rm_work | 2017-07-19 23:01:37.854 25 WARNING keystonemiddleware.auth_token [-] Using the in-process token cache is deprecated as of the 4.2.0 release and may be removed in the 5.0.0 release or the 'O' development cycle. The in-process cache causes inconsistent results and high memory usage. When the feature is removed the auth_token middleware will notcache tokens by default which may result in performance issues. It is recommended to use | 23:20 |
| rm_work | memcache for the auth_token token cache by setting the memcached_servers option. | 23:20 |
| rm_work | i guess doesn't matter for devstack | 23:21 |
| rm_work | so we just... let it disappear? | 23:21 |
| rm_work | and it's a deployer issue? | 23:21 |
| *** aojea has joined #openstack-lbaas | 23:29 | |
| *** rcernin has quit IRC | 23:34 | |
| *** aojea has quit IRC | 23:34 | |
| *** sshank has quit IRC | 23:34 | |
| *** aojea has joined #openstack-lbaas | 23:38 | |
| johnsom | I think so, we have the setting in the conf file | 23:42 |
| johnsom | I mean, we aren't setting that to in-process are we? Isn't it picking that up from devstack? | 23:43 |
| *** aojea has quit IRC | 23:43 | |
| *** aojea has joined #openstack-lbaas | 23:47 | |
| *** aojea has quit IRC | 23:52 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!