Friday, 2017-07-28

*** JudeC has quit IRC		00:00
openstackgerrit	Michael Johnson proposed openstack/python-octaviaclient master: Update python-octaviaclient docs for migration https://review.openstack.org/486859	00:04
johnsom	Darn requirements changed before we merged that	00:04
johnsom	Will neeed re-reviews from the cores	00:04
*** sshank has quit IRC		00:05
johnsom	Also, I have posted the Pike-3 release. Super thank you to the cores for powering through reviews to get this out. We did a lot of work for this milestone. Pike is going to he HUGE! grin	00:06
*** yamamoto has quit IRC		00:14
*** yamamoto has joined #openstack-lbaas		00:15
*** KeithMnemonic2 has quit IRC		00:16
rm_work	rofl	00:17
rm_work	+2'd	00:17
rm_work	xgerman_: https://review.openstack.org/486859	00:17
rm_work	johnsom: :P now if you want to help me test via a centos amp...	00:17
rm_work	pre/post patch ideally	00:18
johnsom	We have a gate for that.... Grin	00:18
rm_work	i'm trying to test in my env	00:18
rm_work	because my laptop is fucked now	00:18
rm_work	if i start a parallels VM, my CPUs all immediately spike to 100% from "kernel_task" and it basically locks up	00:18
rm_work	and eventually just reboots	00:18
johnsom	Ouch	00:19
rm_work	soooooo	00:19
rm_work	no more local devstack for me	00:19
* rm_work dusts off his centos devstack script to do more stacking in the cloud		00:19
rm_work	johnsom: but yeah, specifically testing haproxy's response to draining	00:20
johnsom	I commented on that patch	00:20
rm_work	ah	00:20
*** yamamoto has quit IRC		00:20
rm_work	sooooo	00:21
rm_work	your second comment is a fair point	00:21
rm_work	the first one...	00:21
rm_work	i actually had typed up the code to replace it	00:21
rm_work	and then realized	00:21
rm_work	there's literally no point	00:21
rm_work	we're handling all documented statuses	00:21
rm_work	it is effectively a NOOP that takes however many cycles	00:22
johnsom	By just logging them?	00:22
rm_work	I mean look:	00:22
rm_work	http://paste.openstack.org/show/616802/	00:25
rm_work	johnsom: ^^	00:25
rm_work	it's like	00:25
rm_work	seriously why	00:25
rm_work	err	00:25
rm_work	sorry that's supposed to be HAPROXY_MEMBER_UP_STATUSES	00:26
rm_work	http://paste.openstack.org/show/616803/	00:26
rm_work	and what happens because of that	00:26
rm_work	is if we DO get a different status from HAProxy	00:26
rm_work	it's masked	00:26
rm_work	and makes it: A) impossible to track down; B) needs a new version of the amp to fix	00:27
rm_work	whereas if we just let it push statuses through and we catchall on the receiving side... we can log weird statuses, and do something about that	00:27
johnsom	Hmmm, fair point. So you are arguing that we should do that on the controller side?	00:28
rm_work	yes	00:29
rm_work	and I did	00:29
rm_work	see: https://review.openstack.org/#/c/487671/3/octavia/controller/healthmanager/update_db.py	00:29
rm_work	it's not even new	00:29
rm_work	the log was already there	00:29
rm_work	just impossible to hit since we sanitized on the amp side	00:29
rm_work	line 185	00:29
rm_work	i just had to add the ability to deal with DRAIN	00:30
johnsom	What I am trying to solve is if haproxy sends MAINT, the member is DOWN from a customer perspective. With the code I see in https://review.openstack.org/#/c/487671/3/octavia/controller/healthmanager/update_db.py:172 it will just log it and leave it "ONLINE" for the user	00:30
rm_work	yes	00:30
rm_work	so we should deal with MAINT	00:30
rm_work	not hide it	00:30
johnsom	Right, I think that is what I am arguing for too.	00:31
rm_work	ok so MAINT is a possible status?	00:31
rm_work	is that DOWN?	00:31
johnsom	I am fine moving it to the controller. I just think we need to enhance that logic.	00:31
rm_work	ok	00:32
rm_work	so... MAINT too?	00:32
johnsom	Problem is, HAProxy doesn't reallly document them all. I had to dig into code to find what I did in the comment.	00:32
johnsom	MAINT, NOLB, MAINT (resolution), and whatever else is hidden in there	00:32
johnsom	I was trying to find a header that had them listed, but....	00:33
rm_work	we could catchall with "UNKNOWN" along with the log	00:33
rm_work	i mean, time to dig through c code?	00:33
rm_work	bedis: o/	00:34
johnsom	Yeah, that is what I did	00:34
johnsom	Ha	00:34
rm_work	ah rofl	00:34
rm_work	THAT kind of header	00:34
johnsom	He doesn't work there anymore	00:34
rm_work	i know	00:34
rm_work	but he'd still know :P	00:34
rm_work	ok so I'll allow for MAINT, and for anything else I'll use UNKNOWN and log	00:35
rm_work	OK?	00:35
johnsom	grep ST_F_STATUS stats.c	00:35
rm_work	yes/no	00:35
johnsom	Ok, that is probably fair. Will probably be a pain in our behind, but fair	00:35
rm_work	I'll call UNKNOWN = DOWN for neutron-lbaas	00:37
johnsom	Yeah	00:37
rm_work	also MAINT = DOWN	00:37
johnsom	Yes	00:37
johnsom	For sure	00:37
rm_work	k	00:37
rm_work	I wonder what those statuses mean for pools...	00:40
rm_work	well whatever, we carry that status forward, right?	00:40
johnsom	I think we just query haproxy for the member records, then calculate the pool status ourselves. Listener does have a different set of status, like FULL , etc.	00:41
johnsom	Hmmm, ok, no the comment says we query pool there too	00:42
rm_work	it appears to come back	00:43
rm_work	this is one of the last parts that I hadn't touched very much, lol	00:43
johnsom	I had at one point.	00:44
johnsom	I suspect pool (backend) is UP/DOWN/MAINT maybe NOLB	00:45
rm_work	MAINTENANCE \| - The member is down for maintenance	00:46
rm_work	is that right?	00:46
johnsom	Yeah, admin state down if we did it with the disable tag	00:46
johnsom	Oh, I also see "DOWN (agent)"	00:46
rm_work	hmm i wonder if that's why my admin-state-down is also not working	00:46
rm_work	lol	00:46
rm_work	i need to poke at that	00:46
johnsom	Though we aren't using agent at the moment	00:46
johnsom	Is it not working, or is it just not reporting right?	00:47
*** JudeC has joined #openstack-lbaas		00:47
*** yamamoto has joined #openstack-lbaas		00:48
johnsom	My money is on that it is working, but we aren't reporting it right which is the bug we talked about yesterday that I will fix when I get back, tuesday-ish	00:48
rm_work	oh, no	00:48
rm_work	we PULL the member	00:48
rm_work	that's how we make it "down"	00:48
rm_work	admin-down	00:48
johnsom	Right, currently	00:48
rm_work	wait, what bug are you aware of with it reporting?	00:48
johnsom	https://bugs.launchpad.net/octavia/+bug/1706828	00:48
openstack	Launchpad bug 1706828 in octavia "admin_state_up == false, member still ONLINE" [Critical,Triaged] - Assigned to Michael Johnson (johnsom)	00:48
rm_work	ah	00:48
rm_work	yeah not my issue	00:49
johnsom	It pulls the member, so it does go offline, but the status doesn't update right	00:49
johnsom	Should I put a bug in to convert to this new "client" model with barbican?	00:54
rm_work	no	00:55
rm_work	err	00:55
rm_work	well i guess so	00:55
rm_work	since we SHOULD convert	00:55
rm_work	but we need to wait for the bug I put in to close	00:55
rm_work	or... actually I guess we don't	00:55
rm_work	nevermind	00:55
rm_work	grrr why the hell did pyroute2 work fine before in unit tests and now it breaks	00:56
rm_work	according to everything i found, it NEVER worked on OSX	00:56
rm_work	but it totally did until yesterday	00:56
rm_work	but, now i can't run unit tests on OSX	00:56
johnsom	I don't know. sanfern had the same thing happen. It's a MacOS thing	00:56
rm_work	well it DID work	00:56
rm_work	....	00:57
rm_work	i never had problems	00:57
*** catintheroof has quit IRC		00:57
rm_work	until i rebuilt yesterday	00:57
*** leitan has quit IRC		01:02
johnsom	https://bugs.launchpad.net/octavia/+bug/1707091	01:03
openstack	Launchpad bug 1707091 in octavia "Need to convert to barbican "Client" instead of importing modules" [High,Triaged]	01:03
rm_work	it's not even that	01:03
rm_work	need to just change the location we import from	01:03
rm_work	the client based imports were also removed	01:03
johnsom	Well, I think the go-forward way is to use the client do-bob to pick a version	01:03
rm_work	if you saw MY bug, they literally moved every entrypoint, even Castellan was broken	01:03
rm_work	hmm k	01:04
openstackgerrit	Jude Cross proposed openstack/octavia-tempest-plugin master: [WIP] Create scenario tests for Octavia https://review.openstack.org/486775	01:04
johnsom	At least that is how I read it	01:04
*** leitan has joined #openstack-lbaas		01:05
johnsom	We didn't get our cascading ACLs either, so we can't do the cool create listener solves your container access issue....	01:06
rm_work	well, as someone said, we can technically do the ACLs on their behalf :/	01:08
rm_work	during the request	01:08
rm_work	which is super gross to me	01:08
rm_work	but might be a better user experience	01:08
rm_work	while still sacrificing SLIGHTLY less security than alternatives	01:08
johnsom	Only if we make a ton of calls, but I thought even that didn't work as we didn't have all of the object IDs and you couldn't "discover" them via the API	01:09
johnsom	The on behalf is my idea/plan. Just need the API on barbican side to make it happen	01:09
*** harlowja has quit IRC		01:10
johnsom	Maybe my understanding is wrong and from a container you can list all of the objects... Still, too many API calls IMO	01:10
openstackgerrit	Adam Harwell proposed openstack/octavia master: Properly handle more states from HAProxy health messages https://review.openstack.org/487671	01:10
rm_work	johnsom: ok there we go	01:10
rm_work	yeah you can discover them from the container	01:10
rm_work	just can't "get the data"	01:11
rm_work	but the container gives the object ids	01:11
johnsom	Well, if we can discover them, we can use the user's token to authorize our service account	01:11
rm_work	in fact that's really all a container contains :P	01:11
*** leitan has quit IRC		01:11
rm_work	yes	01:11
rm_work	we could do that	01:11
johnsom	We should do that	01:11
rm_work	gross IMO, but I won't -2 :/	01:11
johnsom	Yeah, but less gross than people blanket RBACing in the octavia account or having users run other commands to authorize an service account they don't know	01:12
rm_work	k	01:13
*** catintheroof has joined #openstack-lbaas		01:18
rm_work	off for a bit	01:18
rm_work	movie night	01:18
*** sanfern has quit IRC		01:19
*** catintheroof has quit IRC		01:25
openstackgerrit	Jude Cross proposed openstack/octavia-tempest-plugin master: [WIP] Create scenario tests for Octavia https://review.openstack.org/486775	01:25
*** leitan has joined #openstack-lbaas		01:37
*** yamamoto has quit IRC		01:53
openstackgerrit	Jude Cross proposed openstack/octavia-tempest-plugin master: [WIP] Create scenario tests for Octavia https://review.openstack.org/486775	01:56
*** cpuga has joined #openstack-lbaas		02:45
*** cpuga has quit IRC		02:54
*** armax has quit IRC		03:27
*** armax has joined #openstack-lbaas		03:36
*** sanfern has joined #openstack-lbaas		03:37
*** armax has quit IRC		03:43
*** armax has joined #openstack-lbaas		03:43
*** armax has quit IRC		03:44
*** armax has joined #openstack-lbaas		03:44
*** armax has quit IRC		03:44
*** yamamoto has joined #openstack-lbaas		03:48
*** leitan has quit IRC		03:48
*** leitan has joined #openstack-lbaas		03:49
*** cpuga has joined #openstack-lbaas		03:51
*** yamamoto_ has joined #openstack-lbaas		03:51
*** leitan_ has joined #openstack-lbaas		03:52
*** leitan has quit IRC		03:52
*** yamamoto has quit IRC		03:53
*** yamamoto has joined #openstack-lbaas		03:58
*** cpuga has quit IRC		03:58
*** yamamoto_ has quit IRC		03:58
*** leitan_ has quit IRC		04:03
*** yamamoto_ has joined #openstack-lbaas		04:16
*** yamamoto has quit IRC		04:17
*** links has joined #openstack-lbaas		04:20
*** yuanying has quit IRC		04:28
*** amotoki_ has joined #openstack-lbaas		04:29
*** harlowja has joined #openstack-lbaas		04:32
*** yamamoto has joined #openstack-lbaas		04:40
*** yamamoto_ has quit IRC		04:41
*** aojea has joined #openstack-lbaas		04:41
*** yuanying has joined #openstack-lbaas		04:42
*** aojea has quit IRC		04:46
*** yamamoto has quit IRC		04:51
*** yamamoto has joined #openstack-lbaas		04:53
*** cpuga has joined #openstack-lbaas		04:56
sanfern	Hi johnsom , can we customize interface file in disk image-builder what we use in amphora?	04:56
johnsom	Network interface file?	04:57
sanfern	yes	04:57
johnsom	Yes, to some degree. Most of it should come in automatically from neutron, but we do have jinja templates for those files.	04:58
johnsom	What were you looking to change?	04:58
sanfern	what I observe is when we have net ipv6 only then amphora boots up and has ipv4 interface in the file, so amphora doesn't get ip assigned and controller cannot reach the amphora instance	05:00
*** cpuga has quit IRC		05:00
johnsom	lb-mgmt-net?	05:00
sanfern	yes	05:00
*** yamamoto has quit IRC		05:01
johnsom	Hmm, that is created by cloud-init, we can't customize that	05:01
johnsom	Though it points to something wrong in your configuration	05:01
sanfern	if cloud-init is not assigning ip to a interface while booting what may be reason,	05:04
johnsom	So, on nova boot, we tell nova the network to add an interface on. Assuming that neutron network is only IPv6, nova should tell cloud-init, via config drive, how the interface needs to be configured. This can be DHCP, slaac, or static ipv4 or ipv6 addresses depending on how the network is setup in neutron.	05:05
*** aojea has joined #openstack-lbaas		05:05
johnsom	That box you see on boot from cloud-init, that is where it writes out that interface file in the OS.	05:05
johnsom	To debug....	05:05
johnsom	I guess, if you can get onto the instance, I would mount the config drive (I think it's just /dev/sr0 but it's been a while since I debugged config drive/cloud-init) and take a look at all of the configuration metadata stored there.	05:06
johnsom	Also, check the cloud-init logs in /var/log, they should tell you what cloud-init decided	05:07
sanfern	ok johnsom , thanks	05:08
johnsom	This is an odd one since I booted up an amp with IPv6 when you asked a question before and it was succesful	05:08
johnsom	Cloud-init docs are here: https://cloudinit.readthedocs.io/en/latest/	05:08
johnsom	Though I have found them only slightly useful	05:09
johnsom	This section: https://cloudinit.readthedocs.io/en/latest/topics/network-config.html	05:13
*** ssmith has joined #openstack-lbaas		05:16
rm_work	sanfern: i customize my net slightly	05:20
rm_work	let me find the patch	05:20
openstackgerrit	Jude Cross proposed openstack/octavia-tempest-plugin master: [WIP] Create scenario tests for Octavia https://review.openstack.org/486775	05:20
*** JudeC has quit IRC		05:21
rm_work	sanfern: http://paste.openstack.org/show/616813/	05:21
rm_work	very minor	05:21
rm_work	but I have to make the netmask constant	05:21
rm_work	because of the way our FLIPs work	05:21
rm_work	(this is inside the netns tho, for the VIP)	05:21
rm_work	so maybe not the same thing	05:22
sanfern	rm_work, api_server templates comes into pic after amphora boots up and have accessible ipv6 interface	05:23
rm_work	yeah ok	05:24
rm_work	so you don't even get an accessible interface	05:24
rm_work	then yes as johnsom said, that isn't the amp image really, that's supposed to be set up by cloud-init	05:24
rm_work	can you get into the VM via Spice or some out of band console?	05:24
sanfern	but in my case initial boot up will not get assigned with ipv6 but neutron assigns IP	05:24
sanfern	I am able to get into instance	05:25
rm_work	ok so you can see what's going on	05:25
rm_work	so you give it a management network that has ipv6 but it assigns an ipv4?	05:25
sanfern	in interface file has -iface ens3 net manual \n mtg 1500	05:26
sanfern	If I change this into - auto ens3 \n iface ens3 inet6 auto then reboot the instance it will get the ip	05:27
*** harlowja has quit IRC		05:28
sanfern	cloud-init logs shows 0- writing /etc/network/interfaces.d/50-cloud-init.cfg and nothing else in logs about network	05:29
sanfern	rm_work - no ip's will be assigned at all	05:31
rm_work	hmm	05:31
rm_work	well you can try changing it in the elements	05:31
rm_work	i do something ... similar too	05:32
rm_work	http://paste.openstack.org/show/616814/	05:32
rm_work	sanfern: ^^ that is how I disable DHCP on my boxes	05:32
rm_work	but I think you could do something similar to make that file have "auto"	05:33
rm_work	just do some sed magic	05:33
rm_work	i have ... 5 local patches to octavia	05:34
rm_work	those are two of them	05:34
*** kobis has joined #openstack-lbaas		05:34
johnsom	You should not have to do that. Cloud init should handle it	05:35
johnsom	Something is wrong with the neutron or nova config is my guess	05:35
sanfern	rm_work, http://paste.openstack.org/show/azguNyXPDJOyCv351zTN/	05:37
*** kobis has quit IRC		05:37
sanfern	I am running newton neutron and nova	05:37
*** aojea has quit IRC		05:37
rm_work	johnsom: well, in our case, we do different shit	05:38
johnsom	Yeah, so cloud init didn't get the neutron config	05:38
rm_work	yeah in his case, probably something is broken there	05:38
rm_work	unless the way his network is set up is that it relies on dhcp	05:38
rm_work	and the images are expecting cloud-init to do magic	05:38
rm_work	but their cloud-init doesn't do that	05:38
rm_work	it's possible the network is set up that way right?	05:38
johnsom	Even if it was dhcp, the int would be up if cloud init got anything	05:39
rm_work	it sounds like the default config in the amp is to NOT use dhcp?	05:39
rm_work	in ubuntu or whatever they're running?	05:39
rm_work	i'm in centos and it tries to dhcp but we don't have dhcp so it hangs for like 5m lol	05:39
johnsom	The default get overwritten by cloud init	05:40
rm_work	unless your network doesn't rely on cloud-init maybe?	05:40
* rm_work shrugs		05:40
rm_work	maybe that's un-possible	05:40
*** aojea has joined #openstack-lbaas		05:40
johnsom	It totally overwrites the file	05:40
johnsom	It is likely a config issue in nova or neutron	05:41
*** harlowja has joined #openstack-lbaas		05:41
johnsom	Or bug in newton	05:41
rm_work	i mean, what happens via cloud-init on some OTHER random VMs in your env	05:42
johnsom	But I am pretty sure we had ipv6 lb-mgmt-net working in mitaka	05:42
rm_work	it should have yes	05:42
rm_work	but it seems like cloud-init just isn't running anything?	05:42
rm_work	which wouldn't be our fault	05:42
sanfern	Anyone is using having only IPv6 in the environment	05:42
rm_work	we have NO ipv6 :(	05:42
rm_work	completely disabled	05:43
rm_work	very sucky	05:43
johnsom	Ouch	05:43
sanfern	we also want lb-mgmt-net to be ipv6	05:44
*** cpuga has joined #openstack-lbaas		05:56
johnsom	Yeah, ipv6 is the best for mgmt net	05:59
*** cpuga has quit IRC		06:01
sanfern	johnsom and rm_work I see neutron is applying net config cloud-init.logs	06:03
sanfern	i.e. ipv4	06:03
*** oomichi has quit IRC		06:05
*** yuanying has quit IRC		06:05
*** oomichi has joined #openstack-lbaas		06:06
*** yuanying has joined #openstack-lbaas		06:06
*** aojea has quit IRC		06:06
*** yuanying_ has joined #openstack-lbaas		06:07
*** yuanying has quit IRC		06:10
*** oomichi has quit IRC		06:10
*** oomichi has joined #openstack-lbaas		06:11
*** rcernin has joined #openstack-lbaas		06:15
*** sticker_ has quit IRC		06:23
*** yamamoto has joined #openstack-lbaas		06:36
*** yamamoto has quit IRC		06:44
*** yamamoto has joined #openstack-lbaas		06:45
*** harlowja has quit IRC		06:48
*** cpuga has joined #openstack-lbaas		06:57
*** cpuga_ has joined #openstack-lbaas		07:00
*** cpuga has quit IRC		07:02
*** oomichi has quit IRC		07:05
*** cpuga_ has quit IRC		07:06
*** oomichi has joined #openstack-lbaas		07:06
*** aojea has joined #openstack-lbaas		07:22
*** amotoki_ has quit IRC		07:24
*** yamamoto has quit IRC		07:25
*** yamamoto has joined #openstack-lbaas		07:27
*** gcheresh_ has joined #openstack-lbaas		07:31
*** amotoki_ has joined #openstack-lbaas		07:36
*** amotoki_ has quit IRC		07:40
*** cristicalin has joined #openstack-lbaas		07:41
*** amotoki_ has joined #openstack-lbaas		07:44
*** JudeC has joined #openstack-lbaas		07:52
*** ssmith has quit IRC		07:57
*** yamamoto has quit IRC		07:58
*** amotoki_ has quit IRC		07:58
*** yamamoto has joined #openstack-lbaas		07:59
*** cristicalin has quit IRC		08:00
*** strigazi_ is now known as strigazi		08:04
*** yamamoto_ has joined #openstack-lbaas		08:13
*** yamamoto has quit IRC		08:16
*** openstackgerrit has quit IRC		08:18
*** openstackgerrit has joined #openstack-lbaas		08:22
openstackgerrit	Jude Cross proposed openstack/octavia-tempest-plugin master: [WIP] Create scenario tests for load balancers https://review.openstack.org/486775	08:22
*** JudeC has quit IRC		08:23
*** yuanying_ has quit IRC		08:35
*** yuanying has joined #openstack-lbaas		08:35
*** yuanying has quit IRC		08:35
*** yuanying has joined #openstack-lbaas		08:36
*** cpuga has joined #openstack-lbaas		09:03
*** cpuga has quit IRC		09:07
*** cristicalin has joined #openstack-lbaas		09:26
*** cristicalin has quit IRC		09:37
*** sanfern has quit IRC		09:54
*** sanfern has joined #openstack-lbaas		09:54
*** sanfern has quit IRC		10:23
*** yamamoto_ has quit IRC		10:40
*** sanfern has joined #openstack-lbaas		10:59
*** cristicalin has joined #openstack-lbaas		11:15
*** yamamoto has joined #openstack-lbaas		11:19
*** cristicalin has quit IRC		11:20
*** yamamoto has quit IRC		11:29
*** apuimedo has joined #openstack-lbaas		11:37
*** AlexeyAbashkin has joined #openstack-lbaas		11:40
*** AlexeyAbashkin has quit IRC		11:47
*** catintheroof has joined #openstack-lbaas		11:48
*** yamamoto has joined #openstack-lbaas		11:51
*** rcernin has quit IRC		11:55
*** catintheroof has quit IRC		12:14
*** dosaboy has quit IRC		12:14
*** rcernin has joined #openstack-lbaas		12:16
*** strigazi is now known as strigazi_AFK		12:20
*** cristicalin has joined #openstack-lbaas		12:42
*** catintheroof has joined #openstack-lbaas		12:50
*** cristicalin has quit IRC		12:53
*** dosaboy has joined #openstack-lbaas		12:57
*** yamamoto has quit IRC		13:05
*** cpuga has joined #openstack-lbaas		13:06
*** cpuga has quit IRC		13:10
*** links has quit IRC		13:16
*** bzhao has quit IRC		13:29
*** bzhao has joined #openstack-lbaas		13:29
*** yamamoto has joined #openstack-lbaas		13:29
*** rcernin has quit IRC		13:38
*** ssmith has joined #openstack-lbaas		13:40
*** cpusmith has joined #openstack-lbaas		13:41
*** ssmith has quit IRC		13:45
*** sanfern has quit IRC		13:50
*** sanfern has joined #openstack-lbaas		13:50
*** strigazi_AFK is now known as strigazi_OFF		13:58
*** rcernin has joined #openstack-lbaas		14:01
*** yamamoto has quit IRC		14:12
*** yamamoto has joined #openstack-lbaas		14:12
*** AlexeyAbashkin has joined #openstack-lbaas		14:18
*** armax has joined #openstack-lbaas		14:26
*** atoth has quit IRC		14:29
*** aojea has quit IRC		14:36
*** harlowja has joined #openstack-lbaas		14:51
*** cpuga has joined #openstack-lbaas		15:07
*** cpuga has quit IRC		15:12
*** rcernin has quit IRC		15:13
*** fnaval has joined #openstack-lbaas		15:15
*** fnaval has quit IRC		15:15
*** fnaval has joined #openstack-lbaas		15:16
*** links has joined #openstack-lbaas		15:24
*** Alex_Staf has joined #openstack-lbaas		15:40
*** aojea has joined #openstack-lbaas		15:46
*** aojea has quit IRC		15:50
*** harlowja has quit IRC		15:51
*** Alex_Staf has quit IRC		15:51
xgerman_	o/	15:51
*** Alex_Staf has joined #openstack-lbaas		15:54
*** yamamoto has quit IRC		15:59
*** yamamoto has joined #openstack-lbaas		15:59
*** yamamoto has quit IRC		15:59
apuimedo	johnsom: hi. Is there some way to configure octavia to detect if the destination subnet is routable from the VIP so that no port is created in the member subnet?	16:06
*** aojea has joined #openstack-lbaas		16:06
apuimedo	Or even some way to disable the L2 mode altogether	16:07
*** cpuga has joined #openstack-lbaas		16:08
xgerman_	apiuimedo I don’t think so. It will compare subnet ids and pluf the ones missing	16:09
xgerman_	plug	16:09
xgerman_	please file a bug in Lauchpad for ojr consideration	16:09
*** gcheresh_ has quit IRC		16:09
*** aojea has quit IRC		16:10
*** cpuga has quit IRC		16:13
apuimedo	xgerman_: I'm just adding octavia support for kuryr-kubernetes	16:14
apuimedo	and I was trying different options	16:14
apuimedo	so what I do now is I just specify as member --subnet the subnet of the VIP	16:14
apuimedo	so that no plugging happens	16:15
xgerman_	yeah, that works ;-)	16:15
apuimedo	in the Octavia design documentation it said that if subnet ID was not given it assumed l3 connectivity	16:15
apuimedo	but it seems subnet_id is a mandatory field for the lbaasv2 api	16:15
apuimedo	(or at least the CLI)	16:15
xgerman_	yeah, we probably didn’t get around implementing that — so if you file a bug we will get to it ;-)	16:16
apuimedo	xgerman_: very well	16:17
johnsom	Yes, when the member is created use the same subnet id as the vip	16:17
apuimedo	johnsom: right. That's what I do	16:18
xgerman_	but it would be nice if we would fix it/be consistent with the docs	16:18
apuimedo	I was just wondering if I could save myself the trouble of retrieving the vip subnet id	16:18
apuimedo	:P	16:18
apuimedo	johnsom: is the containerized/k8s compute driver development stopped?	16:19
apuimedo	I remember talk about nova-lxd in Atlanta	16:20
xgerman_	we lost the person working on that but it’s still on our roadmap	16:21
*** armax has quit IRC		16:21
apuimedo	xgerman_: I have some design for it based on Kubernetes	16:21
johnsom	Yeah, the developer we had working on it is no longer working on OpenStack. We will continue, just had to shift priorities due to the reduces team size	16:22
apuimedo	good thing is, it gets rid of the control plane network, reduces a lot the need for the amphorae health monitor, etc	16:22
apuimedo	by reusing kubernetes pieces	16:22
johnsom	Apuimedo curious about how keepalived would work with k8s	16:22
xgerman_	we actually like those pirces ;-)	16:23
xgerman_	pieces	16:23
apuimedo	johnsom: in my design it is handled by a sidecar container	16:23
apuimedo	xgerman_: the less code to maintain the better	16:23
*** gcheresh_ has joined #openstack-lbaas		16:23
*** leitan has joined #openstack-lbaas		16:23
johnsom	Hmm, well, if you have the time to develop we will support you in Queens	16:24
apuimedo	johnsom: thanks	16:24
*** aojea has joined #openstack-lbaas		16:24
apuimedo	I'll share the document before Denver (this time I can't attend)	16:24
xgerman_	sure K8 would take care of a big chink of our control plane…	16:24
apuimedo	xgerman_: yes. I plan some things that may be controversial	16:25
johnsom	Seems optimistic IMO	16:25
xgerman_	probably we would need to be an operator	16:25
apuimedo	like getting rid of the haproxy socket	16:25
apuimedo	and use configmaps	16:25
apuimedo	instead	16:25
apuimedo	but of course, the amount of changes on the proposal are not all or nothing	16:26
johnsom	Sounds like writing up a spec would be a good start	16:26
johnsom	Help us with the vision	16:26
xgerman_	mmh, not sure how replacing the socket with a configmap would work — I can see a metrics/prometheus sidecar	16:26
xgerman_	but spec would be good	16:27
*** armax has joined #openstack-lbaas		16:28
apuimedo	xgerman_: well, there's two options there	16:28
apuimedo	one option to keep the socket is you have a sidecar that sees the configmap changes and uses the socket as is done now	16:28
apuimedo	the other is to just use the configmap as the haproxy configuration	16:29
apuimedo	with rollouts	16:29
apuimedo	(two options I thought about, likely there's more)	16:30
apuimedo	johnsom: it should end up in a spec, agreed on that	16:30
xgerman_	well, you are replacing our agent with the configmap	16:30
xgerman_	got t	16:30
xgerman_	I thought you meant the haproxy stats socket…	16:31
apuimedo	no, no	16:35
apuimedo	the agent	16:35
apuimedo	the stats, as you said, could very well be prometheus I guess	16:36
*** JudeC has joined #openstack-lbaas		16:41
*** openstackstatus has quit IRC		16:41
*** openstack has joined #openstack-lbaas		16:46
*** catinthe_ has joined #openstack-lbaas		16:54
*** harlowja has joined #openstack-lbaas		16:54
*** harlowja_ has joined #openstack-lbaas		16:55
*** Alex_Staf has quit IRC		16:56
*** catintheroof has quit IRC		16:58
*** harlowja has quit IRC		16:59
*** yamamoto has joined #openstack-lbaas		17:00
*** leitan has quit IRC		17:00
*** leitan has joined #openstack-lbaas		17:02
*** leitan has quit IRC		17:03
*** cpuga has joined #openstack-lbaas		17:09
*** yamamoto has quit IRC		17:10
-openstackstatus- NOTICE: The Gerrit service on review.openstack.org is being taken offline for roughly 5 minutes to perform a database backup and reconfiguration		17:12
*** cpuga has quit IRC		17:13
*** junbo has quit IRC		17:15
*** tongl has joined #openstack-lbaas		17:23
*** JudeC has quit IRC		17:28
*** openstackgerrit has quit IRC		17:33
*** gcheresh_ has quit IRC		17:41
*** aojea has quit IRC		17:59
*** fnaval has quit IRC		18:03
*** aojea has joined #openstack-lbaas		18:05
*** catinthe_ has quit IRC		18:08
*** cpuga has joined #openstack-lbaas		18:10
*** catintheroof has joined #openstack-lbaas		18:10
*** openstackstatus has quit IRC		18:11
*** openstack has joined #openstack-lbaas		18:15
rm_work	apuimedo: err wait	18:24
rm_work	apuimedo: I do not have to specify the subnet on a member create	18:24
rm_work	i bet neutron-lbaas is bugged	18:24
rm_work	and it's a required field there when it shouldn't be	18:24
rm_work	in Octavia's LBaaSv2 API, it is definitely not mandatory to specify a subnet-id on member	18:24
rm_work	johnsom: ^^	18:24
*** amotoki is now known as amotoki__		18:28
*** kobis has joined #openstack-lbaas		18:30
*** tongl has quit IRC		18:33
*** kobis has quit IRC		18:33
*** kobis has joined #openstack-lbaas		18:39
*** openstackstatus has quit IRC		18:42
*** openstack has joined #openstack-lbaas		18:46
*** kobis has quit IRC		18:51
*** rtjure has quit IRC		18:58
*** sshank has quit IRC		19:07
*** kobis has joined #openstack-lbaas		19:07
*** gcheresh_ has joined #openstack-lbaas		19:08
*** sshank has joined #openstack-lbaas		19:17
*** rtjure has joined #openstack-lbaas		19:17
*** rtjure has quit IRC		19:19
*** rtjure has joined #openstack-lbaas		19:19
*** rtjure has quit IRC		19:19
*** sshank has quit IRC		19:20
*** rtjure has joined #openstack-lbaas		19:20
*** rtjure has quit IRC		19:21
*** rtjure has joined #openstack-lbaas		19:21
*** rtjure has quit IRC		19:23
*** rtjure has joined #openstack-lbaas		19:24
*** rtjure has quit IRC		19:26
*** rtjure has joined #openstack-lbaas		19:27
*** rtjure_ has joined #openstack-lbaas		19:27
*** rtjure has quit IRC		19:29
*** rtjure has joined #openstack-lbaas		19:29
*** rtjure_ has quit IRC		19:29
*** rtjure has quit IRC		19:29
*** aojea has quit IRC		19:34
*** openstackgerrit has joined #openstack-lbaas		19:38
openstackgerrit	Kaitlin Farr proposed openstack/octavia master: Clean up python-barbicanclient imports https://review.openstack.org/488586	19:38
*** sshank has joined #openstack-lbaas		19:40
*** sshank has quit IRC		19:45
*** sshank has joined #openstack-lbaas		19:58
apuimedo	rm_work: that's great to know	20:02
apuimedo	rm_work: and yes, neutron-lbaas has a test that asserts that not passing the subnet raises	20:02
rm_work	blegh	20:03
rm_work	what version are you on	20:03
rm_work	we might be able to call that a bug and backport a fix	20:03
rm_work	I don't think anything bad happens if we remove that requirement	20:03
rm_work	augh right, johnsom is traveling	20:03
rm_work	maybe xgerman_ can remember	20:03
rm_work	or is he still on PTO?	20:03
rm_work	sometimes i feel like i'm the only one here <_<	20:04
rm_work	i think I don't take PTO enough	20:04
*** catintheroof has quit IRC		20:08
*** cpuga has joined #openstack-lbaas		20:11
*** cpuga has quit IRC		20:16
*** dayou2 has joined #openstack-lbaas		20:26
*** dayou1 has quit IRC		20:28
*** kobis has quit IRC		20:35
*** kobis has joined #openstack-lbaas		20:37
*** kobis has quit IRC		20:37
*** kobis has joined #openstack-lbaas		20:40
apuimedo	rm_work: I was checking master	20:44
apuimedo	same boat here. only one working at 1 or 2 am	20:45
apuimedo	(now it's not even 11pm though	20:45
apuimedo	)	20:45
rm_work	apuimedo: yeah but i mean between their last three vacations each i have not had a vacation, lol	20:45
rm_work	apuimedo: so you are running master?	20:45
apuimedo	rm_work: I am	20:45
rm_work	cool	20:45
rm_work	umm	20:45
rm_work	if you're running master...	20:46
apuimedo	when developing	20:46
rm_work	just don't use neutron-lbaas	20:46
rm_work	ah	20:46
rm_work	yeah i meant in your real prod env	20:46
apuimedo	rm_work: I'm readying kuryr-kubernetes pike release	20:46
apuimedo	so as long as something is in Pike...	20:47
apuimedo	rm_work: I thought neutron-lbaas was necessary for this to work	20:47
apuimedo	in the octavia local.conf samples it is there	20:47
rm_work	hah yeah	20:47
rm_work	so as of Pike	20:47
rm_work	you don't need it at all	20:47
rm_work	just use Octavia	20:47
rm_work	that's how we're deployed here	20:47
rm_work	but I don't know how any of the deployment solutions are using it...	20:48
rm_work	I wrote my own deployment stuff (also to k8s)	20:48
rm_work	using neutron-lbaas if you are able to run Octavia's Pike release (or `master`) is really ... bad	20:48
rm_work	you're doubling your effort (deploying two projects) so you can use neutron-lbaas (a worse project) to communicate with Octavia :P	20:49
*** tongl has joined #openstack-lbaas		20:54
*** kobis has quit IRC		20:55
*** kobis has joined #openstack-lbaas		20:55
*** kobis has quit IRC		20:55
*** gcheresh_ has quit IRC		20:59
*** KeithMnemonic has joined #openstack-lbaas		21:05
openstackgerrit	OpenStack Release Bot proposed openstack/python-octaviaclient master: Update reno for stable/pike https://review.openstack.org/488802	21:07
*** yamamoto has joined #openstack-lbaas		21:08
apuimedo	rm_work: do you have an example devstack local.conf without neutron-lbaas?	21:11
rm_work	https://github.com/rm-you/devstack_deploy	21:12
rm_work	I deploy with that	21:12
rm_work	I run stackme.sh	21:12
rm_work	you can kinda see	21:12
*** cpuga has joined #openstack-lbaas		21:12
rm_work	but you can look at the local.conf there	21:12
*** yamamoto has quit IRC		21:12
apuimedo	rm_work: thanks :-)	21:14
apuimedo	rm_work: anything that helps me shorten deploy time and drops the silly 'specify subnet' restriction	21:14
apuimedo	is great	21:14
apuimedo	rm_work: python-octaviaclient?	21:15
rm_work	yeah i absolutely don't recommend using n-lbaas	21:15
rm_work	there's other shitty bits too	21:15
apuimedo	does that allow me to use openstack load balancer etc	21:15
apuimedo	?	21:15
apuimedo	rm_work: oh. I love shitty bits	21:16
rm_work	yes	21:16
apuimedo	some examples?	21:16
*** cpuga has quit IRC		21:16
*** yamamoto has joined #openstack-lbaas		21:16
*** yamamoto has quit IRC		21:20
rm_work	you're dealing with two DBs	21:21
rm_work	so octavia is Truth and n-lbaas gets updates... sometimes	21:21
rm_work	it gets out of sync easily	21:21
rm_work	and we have to use the stupid event_streamer thing to try to keep it synced	21:21
rm_work	it's just dumb	21:21
rm_work	you can disable the event_streamer in your octavia config once you don't have n-lbaas	21:22
*** aojea has joined #openstack-lbaas		21:26
apuimedo	rm_work: good to know	21:30
apuimedo	thanks a lot for all these tips	21:30
xgerman_	rm_work sorry for abandoning you. The RAX requires me to submit a marriage certificate to insure my wife… so having everything still in boxes I thought let’s do a quick jaunt to the county clerk… and 3 hours later I amback	21:31
xgerman_	apuimedo I also wrote a proxy which send every request you make to n-lbaas straight to Octavia bypassing their DB	21:31
*** tongl has quit IRC		21:36
apuimedo	xgerman_: what would civilization be without bureaucraxy	21:38
apuimedo	*bureacracy	21:38
xgerman_	indeed	21:38
apuimedo	fucking hell, only mistyping	21:38
apuimedo	xgerman_: but as rm_work said, it's not necessary for master nor pike, right	21:39
apuimedo	deployments won't need neutron-lbaas anymore	21:39
apuimedo	is that right?	21:39
xgerman_	yes and no — if you use a 3rd party LB you will still need n-lbaas until vendors make new drivers…	21:39
openstackgerrit	OpenStack Proposal Bot proposed openstack/neutron-lbaas master: Updated from global requirements https://review.openstack.org/488863	21:41
openstackgerrit	OpenStack Proposal Bot proposed openstack/neutron-lbaas-dashboard master: Updated from global requirements https://review.openstack.org/488864	21:41
apuimedo	xgerman_: well, I can tell people that use 3rd party to just install n-lbaas then	21:42
xgerman_	yep	21:42
apuimedo	xgerman_: do you know if f5 already did the new drivers?	21:42
xgerman_	nobody did — we still need to design/implement the new driver interface	21:43
openstackgerrit	OpenStack Proposal Bot proposed openstack/octavia master: Updated from global requirements https://review.openstack.org/488866	21:43
openstackgerrit	OpenStack Proposal Bot proposed openstack/octavia-dashboard master: Updated from global requirements https://review.openstack.org/488867	21:43
apuimedo	xgerman_: good to know	21:49
rm_work	apuimedo: yeah but if you are using Octavia for this installation... you don't need it	21:51
*** cpusmith has quit IRC		21:51
apuimedo	rm_work: I was now thinking on OVN's and DragonFlow's native load balancers	21:52
apuimedo	it'd be nice if they didn't require neutron-lbaas either	21:52
rm_work	right	21:52
rm_work	we're working on it	21:53
rm_work	but need buy-in from vendors to help design the interface	21:53
*** yamamoto has joined #openstack-lbaas		21:55
apuimedo	rm_work: I think the important thing would be to make it easy to have hybrid drivers	21:57
apuimedo	so that vendors can implement gradually	21:58
apuimedo	for example start l4 only	21:58
apuimedo	and let normal amphorae for l7	21:58
xgerman_	yeah, we gotta see how we skin that cat	21:59
rm_work	there's a setup for a shim driver already	22:00
rm_work	so it might a simple port over from n-lbaas	22:00
rm_work	https://review.openstack.org/#/c/409398/	22:00
rm_work	Brandon doesn't work on this anymore but I took it over kinda	22:01
*** yamamoto has quit IRC		22:12
*** cpuga has joined #openstack-lbaas		22:13
*** cpuga has quit IRC		22:18
*** sshank has quit IRC		22:19
*** sshank has joined #openstack-lbaas		22:27
*** aojea has quit IRC		22:29
*** sanfern has quit IRC		22:37
*** sanfern has joined #openstack-lbaas		22:39
openstackgerrit	Adolfo Duarte proposed openstack/octavia master: Adds support for SUSE distros https://review.openstack.org/488885	22:47
*** yamamoto has joined #openstack-lbaas		23:13
*** yamamoto has quit IRC		23:21
*** rtjure has joined #openstack-lbaas		23:32
openstackgerrit	Merged openstack/octavia-dashboard master: Get rid of removed Django code https://review.openstack.org/487237	23:34
*** sshank has quit IRC		23:54

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!