Tuesday, 2017-08-22

*** sshank has quit IRC		00:01
*** yamamoto_ has joined #openstack-lbaas		00:18
*** yamamoto_ has quit IRC		00:24
*** catintheroof has quit IRC		00:25
*** slaweq has joined #openstack-lbaas		00:28
*** slaweq has quit IRC		00:33
xgerman_	I like socket but yeah…	00:38
xgerman_	also like some reviews on my stuff: proxy, active-active, so I can continuew	00:39
*** JudeC has quit IRC		00:50
rm_work	xgerman_: well I might have to ... looks like gunicorn won't forward signals	00:55
*** openstackgerrit has joined #openstack-lbaas		01:12
openstackgerrit	OpenStack Proposal Bot proposed openstack/octavia master: Updated from global requirements https://review.openstack.org/496052	01:12
*** yamamoto_ has joined #openstack-lbaas		01:21
*** yamamoto_ has quit IRC		01:26
openstackgerrit	Adam Harwell proposed openstack/octavia master: WIP: Floating IP Network Driver (spans L3s) https://review.openstack.org/435612	01:34
johnsom	https://usercontent.irccloud-cdn.com/file/ZWbufmf9/1503365957.JPG	01:39
johnsom	rm_work	01:39
rm_work	johnsom	01:39
rm_work	i figured out the signals issue BTW	01:39
rm_work	and that looks ridiculous	01:39
rm_work	and now I'm wishing I'd taken you up on your guest room for the eclipse just so I could also be around when you eat that	01:39
johnsom	Tried my hand at hickory smoking again	01:40
rm_work	you using a barrel or you have like ... a real smoker	01:40
rm_work	the barrel method always struck me as more "legit" :P at least if you want oldschool southern bbq	01:41
rm_work	and has the advantage of being cheap	01:41
rm_work	but not as easy T_T	01:41
johnsom	"Real" electric smoker. Parting gift from HP	01:42
rm_work	nice	01:44
rm_work	yeah those make it pretty straightforward	01:44
rm_work	(insomuch as any cooking is straightforward)	01:44
rm_work	Did it turn out?	01:45
rm_work	i normally don't eat for a bit but that's making me really hungry T_T	01:45
rm_work	my favorite now is doing ribs with an Instant-Pot ... which I feel is basically like cheating but are amazing	01:47
johnsom	It did. My first attempt last year, not so much, but this is pretty good.	01:48
*** yamamoto_ has joined #openstack-lbaas		02:22
*** yamamoto_ has quit IRC		02:28
*** catintheroof has joined #openstack-lbaas		02:30
*** yamamoto has joined #openstack-lbaas		02:56
*** catintheroof has quit IRC		02:57
*** yamamoto has quit IRC		03:02
*** links has joined #openstack-lbaas		03:51
*** yamamoto has joined #openstack-lbaas		04:03
*** yamamoto has quit IRC		04:09
*** gcheresh has joined #openstack-lbaas		04:33
*** gcheresh has quit IRC		04:36
*** yamamoto has joined #openstack-lbaas		05:05
*** yamamoto has quit IRC		05:10
*** gcheresh has joined #openstack-lbaas		05:21
*** links has quit IRC		05:30
*** links has joined #openstack-lbaas		05:33
*** JudeC has joined #openstack-lbaas		05:46
rm_work	johnsom: -C for keepalived seems to ... completely make it stop doing anything, including communicating with peers and doing notify scripts :(	06:00
openstackgerrit	Adam Harwell proposed openstack/octavia master: WIP: Floating IP Network Driver (spans L3s) https://review.openstack.org/435612	06:03
*** slaweq has joined #openstack-lbaas		06:04
*** yamamoto has joined #openstack-lbaas		06:06
openstackgerrit	Adam Harwell proposed openstack/octavia master: WIP: Floating IP Network Driver (spans L3s) https://review.openstack.org/435612	06:08
*** yamamoto has quit IRC		06:12
*** eezhova has joined #openstack-lbaas		06:26
*** armax has quit IRC		06:39
*** rcernin has joined #openstack-lbaas		06:45
*** pcaruana has joined #openstack-lbaas		06:45
*** csomerville has joined #openstack-lbaas		07:05
*** cody-somerville has quit IRC		07:05
*** eezhova has quit IRC		07:16
*** dmellado has joined #openstack-lbaas		07:18
*** tesseract has joined #openstack-lbaas		07:20
-openstackstatus- NOTICE: Gerrit is going to be restarted due to slow performance		07:36
-openstackstatus- NOTICE: Gerrit has been restarted successfully		07:40
*** eezhova has joined #openstack-lbaas		07:45
*** aojea has joined #openstack-lbaas		08:32
*** yamamoto has joined #openstack-lbaas		08:35
*** aojea has quit IRC		08:44
*** yamamoto has quit IRC		08:59
*** yamamoto has joined #openstack-lbaas		08:59
*** yamamoto has quit IRC		08:59
*** JudeC has quit IRC		09:00
*** aojea has joined #openstack-lbaas		09:12
isantosp_	hi, how does loadbalancer quota works? is setted it on a neutron side?	09:17
*** csomerville has quit IRC		09:50
*** yamamoto has joined #openstack-lbaas		10:00
*** yamamoto has quit IRC		10:05
*** yamamoto has joined #openstack-lbaas		10:30
*** atoth has joined #openstack-lbaas		10:31
*** slaweq_ has joined #openstack-lbaas		10:59
*** junbo has quit IRC		11:01
*** slaweq has quit IRC		11:01
*** junbo has joined #openstack-lbaas		11:05
openstackgerrit	Omer Anson proposed openstack/octavia master: devstack: Allow 3rd party neutron backends deployment https://review.openstack.org/496205	11:10
*** yamamoto has quit IRC		11:18
*** yamamoto has joined #openstack-lbaas		11:30
*** belharar has joined #openstack-lbaas		11:33
*** fnaval has quit IRC		11:41
*** yamamoto has quit IRC		11:46
*** yamamoto has joined #openstack-lbaas		11:48
*** yamamoto has quit IRC		12:03
*** yamamoto has joined #openstack-lbaas		12:04
*** aojea has quit IRC		12:07
*** yamamoto has quit IRC		12:10
*** aojea has joined #openstack-lbaas		12:10
*** yamamoto has joined #openstack-lbaas		12:12
*** aojea has quit IRC		12:21
*** slaweq_ has quit IRC		12:25
*** slaweq has joined #openstack-lbaas		12:26
*** slaweq has quit IRC		12:30
*** slaweq has joined #openstack-lbaas		12:34
*** aojea has joined #openstack-lbaas		12:36
*** aojea has quit IRC		13:05
*** aojea has joined #openstack-lbaas		13:10
*** yamamoto has quit IRC		13:12
*** yamamoto has joined #openstack-lbaas		13:14
*** yamamoto has quit IRC		13:22
*** voelzmo has joined #openstack-lbaas		13:27
voelzmo	Hello friends of the loadbalancers! A quick question about the behavior of octavia when adding members: does it add new ports in the subnet where I'm adding members from?	13:29
*** fnaval has joined #openstack-lbaas		13:30
voelzmo	And how does octavia do scaling of the LBaaS? Let's say I'm adding a few thousand members, how does it keep up with the traffic to those instances?	13:31
*** leitan has joined #openstack-lbaas		13:34
johnsom	isantosp_ If you are using neutron-lbaas, yes, it is through neutron. If you are just using the Octavia endpoint quota is part of the API	13:38
johnsom	voelzmo Yes, we hot plug the networks into the load balancer it they are not already attached.	13:39
johnsom	At the moment we have not yet finished the act/act work that would help with scaling for the octavia driver. You would need to use a vendor driver for that use case today.	13:41
voelzmo	@johnsom Thanks! Are there idea on how to implement the scaling part? I'm wondering how the loadbalanced members would identify that the traffic they receive is really coming from the LB and not from somewhere else	13:42
voelzmo	I'd like to keep security groups as tight as possible	13:42
voelzmo	@johnsom And a question concerning what you call "hot plugging the network": does that mean octavia creates a new port in that network and all traffic to loadbalanced members will come from that port?	13:43
johnsom	I see. We have ideas and discussed options, but initially it will use DHCP for the ports	13:45
johnsom	Yes, that is how it works	13:45
voelzmo	@johnsom using DHCP would be okay, I'm trying not to care about IP addresses. Currently, we use marker-security-groups which are referenced by the security groups applied to the pool members	13:50
voelzmo	so they allow e.g. traffic from security group 'lbaas' on port 443 and 22	13:51
voelzmo	however, octavia would need to apply the security group to all ports it creates during runtime then	13:51
*** slaweq has quit IRC		13:51
voelzmo	e.g. a user would specify a "loadbalancer security group" when creating an LBaaS and octavia takes care of the rest	13:51
voelzmo	does that sound reasonable?	13:51
johnsom	Well, we don't want to blindly apply a user defined security group to the ports.	13:53
johnsom	Currently you can restrict access to the local subnet. If you are using TLS we plan to add backend encryption with client cert support.	13:55
*** aojea has quit IRC		13:55
*** aojea has joined #openstack-lbaas		13:56
voelzmo	@johnsom currently, it would mean that the subnet which contains my members needs to allow for incoming traffic from all IPs in that subnet, correct?	13:57
voelzmo	There is no way to restrict incoming traffic to only the loadbalancer instances, right?	13:57
johnsom	I think we need to look at how to layer them in a safe way	13:57
johnsom	Right, there are some tricks with allocation pools and timing, but not the best solution	13:58
*** voelzmo has quit IRC		14:01
*** bcafarel has quit IRC		14:05
*** voelzmo has joined #openstack-lbaas		14:11
*** armax has joined #openstack-lbaas		14:14
xgerman_	johnsom we have the disk image build script failing on the ansible side	14:14
johnsom	Hmm, joy. I will take a look when I get into the office.	14:15
johnsom	Gates or OSA?	14:16
voelzmo	@johnsom so you say the problem is known but you wouldn't try to solve this with a user-provided security group which is automatically applied to lbaas-created ports?	14:17
johnsom	voelzmo We have to do it in a way that doesn't allow the load balancer to be exposed.	14:18
voelzmo	@johnsom right now I can add manually security groups which expose it, right?	14:19
johnsom	Right now Octavia managed the port security groups and only opens required ports, but if we take user groups someone could open a hole into the lb	14:19
johnsom	Only as an Admin, yes	14:20
*** links has quit IRC		14:20
voelzmo	@johnsom really? I've been applying security groups with neutron update-port all day today?	14:20
*** bcafarel has joined #openstack-lbaas		14:20
voelzmo	Or is this just because my vendor-specific backend allows this by placing the ports visibly in my subnet?	14:21
johnsom	Could be. The octavia ports are owned by Octavia and only Admins should be able to make changes	14:22
*** yamamoto has joined #openstack-lbaas		14:23
xgerman_	periodic OSA	14:26
xgerman_	translation scenario (which includes Octavia)	14:26
xgerman_	http://paste.openstack.org/raw/619036/	14:28
*** yamamoto has quit IRC		14:28
xgerman_	maybe some of the resources went away. Didn’t have yet had coffee so my thinking is slow ATM	14:28
voelzmo	@johnsom is there any place where you would collect ideas or a proposal about how to solve this before implementing a solution? I'd be interested in participating in the discussion if you start tackling that topic	14:35
xgerman_	we were thinking using LB’s ACL’s to solve that issue	14:36
xgerman_	there must be a spec floating around	14:37
*** aojea has quit IRC		14:37
voelzmo	@xgerman_ LBs ACLs solve the issue to allow incoming traffic on loadbalanced members only from the LB?	14:39
voelzmo	I'd like to only expose what is needed on the members	14:39
*** aojea has joined #openstack-lbaas		14:40
xgerman_	well, that feels like a subnet design question	14:43
xgerman_	unless you are worried about members talking to each other	14:43
voelzmo	I am	14:45
voelzmo	that's what I'm saying	14:45
voelzmo	I want to expose only what is necessary, even on my subnet	14:45
xgerman_	ok, so you would need to put sec grps on members which allow our port	14:46
voelzmo	which works convenient on a lot of other IaaSes using some security group as marker for the LB	14:46
voelzmo	however, I just learned that this will no longer work, once octavia isn't a singleton anymore	14:46
xgerman_	we haven’t crossed that bridge yet ;-)	14:48
xgerman_	but I can see your issue I think we can solve that with a carefully chosen remote sec grp for you to allow	14:48
xgerman_	then only LB traffic will hit your members	14:49
voelzmo	@xgerman_ sounds lovely, I'd like to stick to the concept of using marker security groups, if possible	14:49
xgerman_	never heard of marker sec grps - so we might talk about the same thing	14:50
voelzmo	yeah, not sure what to call it	14:50
voelzmo	I'm using a security group just to reference it in another security group	14:50
voelzmo	to "mark" where traffic is coming from without having to specify IPs or network ranges	14:51
xgerman_	yes, that’s a remote security group	14:51
voelzmo	thanks, that's what I'm talking about	14:51
xgerman_	there is a similar concept in FWaaS V2	14:51
xgerman_	if you rather use firewalls in the future ;-)	14:51
voelzmo	@xgerman_ who knows about the future	14:51
xgerman_	yes, indeed	14:52
*** belharar has quit IRC		14:52
voelzmo	so even if I'm using a vendor-specific backend, I guess still something would need to be done in octavia to attach the same security group to all ports created, right?	14:54
voelzmo	so I could reference it as remote security group on my members	14:54
*** aojea has quit IRC		14:54
*** aojea has joined #openstack-lbaas		14:55
*** belharar has joined #openstack-lbaas		14:56
xgerman_	I would have to check if we don’t already do that and not expose but yes, we would likely have work ahead (but easy)	14:56
voelzmo	@xgerman_ I couldn't see it, at least	14:57
voelzmo	@johnsom the documentation still says you should create an attach your own security group to the created LB's port: https://docs.openstack.org/neutron/pike/admin/config-lbaas.html#building-an-lbaas-v2-load-balancer	14:58
voelzmo	you said this should only be possible for an admin?	14:58
xgerman_	yes	14:58
voelzmo	I'm doing this as regular project member	14:58
xgerman_	yeah, that also doesn’t sound right	14:59
xgerman_	since we can have a different port than the VIP to reach out to the subnet	14:59
voelzmo	@xgerman_ exactly, that's one of my issues	15:00
xgerman_	best would be to file. a bug and call it an RfE and we can go from there	15:00
johnsom	voelzmo Those are old neutron docs. Current docs are here: https://docs.openstack.org/octavia/latest/	15:00
voelzmo	@johnsom thanks. "Old" still means they're part of pike, though, right?	15:00
xgerman_	no	15:00
johnsom	Well, means someone added stuff to it that might not be accurate	15:01
johnsom	There are errors all over the neutron docs	15:01
voelzmo	@johnsom this has been in since mitaka and was at least accurate then	15:01
johnsom	We did a bunch of work in Pike to clean up and improve the docs	15:02
voelzmo	s/accurate/working/	15:02
johnsom	I know there is some stuff in there that never was accurate	15:02
johnsom	voelzmo So path forward, it would be great to post a spec with a proposal so that folks can review and comment.	15:03
voelzmo	and by spec you mean an 'rfe' tagged bug in launchpad, or are you using a different process?	15:04
*** aojea has quit IRC		15:05
johnsom	You could start as an RFE, but this seems like a big enough change that a spec might be best.	15:05
johnsom	https://github.com/openstack/octavia/tree/master/specs	15:06
johnsom	There is a template and example file there	15:06
*** cody-somerville has joined #openstack-lbaas		15:06
*** cody-somerville has quit IRC		15:06
*** cody-somerville has joined #openstack-lbaas		15:06
voelzmo	okay, thanks	15:06
voelzmo	w00t, github, not gerrit?	15:06
voelzmo	No, I'm still proposing stuff on https://git.openstack.org, right?	15:07
xgerman_	they are the same thing	15:08
voelzmo	ah, so much process confusion	15:08
voelzmo	well, github PRs and gerrit reviews are different things, right	15:08
*** aojea has joined #openstack-lbaas		15:08
xgerman_	yes, and yes	15:09
xgerman_	gerrit review is what we aim for	15:09
voelzmo	fair enough, I'll try to come up with a spec and submit something for review	15:09
voelzmo	tbh, I know very little about the current internals of octavia, so this will be more of a wishlist, but we have something to talk about at least	15:10
voelzmo	thanks @johnsom and @xgerman_	15:10
xgerman_	especially how you liek that sec-grp be exposed to the user - API and CLI changes would be of interest. Slapping sec grp on ports is easy…	15:10
*** eezhova has quit IRC		15:12
johnsom	Yeah, links to github are just the easiest way to point folks to files. It's still a standard OpenStack review process	15:12
johnsom	xgerman_ Do you have a link to the periodic job?	15:13
johnsom	"In the office now" and done with my first meeting.	15:13
*** rcernin has quit IRC		15:15
*** belharar has quit IRC		15:18
*** aojea has quit IRC		15:22
*** yamamoto has joined #openstack-lbaas		15:25
johnsom	xgerman_ rm_work To get Project Updates on the schedule, we need you to let us know if you (or a core team member who will be presenting in your place) are confirmed to attend Sydney—approval to go, a plane ticket, etc—by September 5. Project Updates in Sydney will be 20 minutes by default—we’ve found the 20 minute video recordings have better engagement than 40—but let us know if your update needs	15:29
johnsom	all 40 minutes.	15:29
*** yamamoto has quit IRC		15:30
xgerman_	ok	15:34
*** dougwig has joined #openstack-lbaas		15:34
xgerman_	johnsom I only have the link I posted earlier — I know the translation periodic job failed but no idea where to find it	15:37
johnsom	Ok, I think I found the job, looking now	15:37
xgerman_	in the paste it looked like we couldn’t download some python stuff	15:38
xgerman_	it’s stable/pike	15:38
johnsom	It looks like there were more infra mirror issues recently, so that might be the cause	15:38
xgerman_	yep, it looked like something which should be intermittent	15:39
*** csomerville has joined #openstack-lbaas		15:39
johnsom	xgerman_ So, if this is the job: http://status.openstack.org/openstack-health/#/job/periodic-openstack-ansible-deploy-translations-master-ubuntu-xenial	15:42
johnsom	It's failed once in the last seven days....	15:42
johnsom	But the timestamps don't match up	15:42
*** cody-somerville has quit IRC		15:43
*** belharar has joined #openstack-lbaas		15:58
johnsom	Yeah, I don't see any octavia errors in there. The only error line in the paste is dpkg: error: error writing to '<standard output>': Broken pipe	15:59
johnsom	Which could just be some local issue or network issue.	15:59
johnsom	The periodic job (not the paste) was a infra issue IMO	15:59
xgerman_	yeah, the paste was some guy running it on his box but that also had an error accessing some Internet resource	16:02
*** tesseract has quit IRC		16:04
*** voelzmo has quit IRC		16:06
*** eezhova has joined #openstack-lbaas		16:10
*** catintheroof has joined #openstack-lbaas		16:10
*** gcheresh has quit IRC		16:22
*** belharar has quit IRC		16:24
*** yamamoto has joined #openstack-lbaas		16:26
*** yamamoto has quit IRC		16:32
*** belharar has joined #openstack-lbaas		16:33
*** pcaruana has quit IRC		16:37
*** JudeC has joined #openstack-lbaas		16:56
*** belharar has quit IRC		17:00
*** gcheresh has joined #openstack-lbaas		17:06
*** yamamoto has joined #openstack-lbaas		17:28
*** yamamoto has quit IRC		17:35
rm_work	hmmm	17:46
rm_work	that's the VIP Port	17:46
rm_work	that's the one we expose	17:46
rm_work	oh whoops scrolled up too much	17:46
*** tongl has joined #openstack-lbaas		17:48
rm_work	johnsom: so does the core doing the project-update get a speaker pass?	17:48
rm_work	i have approval but i wouldn't have a badge at the moment	17:48
johnsom	You have the information I have, I can get you an e-mail to ask if you like	17:53
*** gcheresh has quit IRC		17:56
*** JudeC has quit IRC		18:01
*** eezhova has quit IRC		18:04
nmagnezi	o/	18:04
rm_work	hmm k	18:09
*** JudeC has joined #openstack-lbaas		18:18
*** yamamoto has joined #openstack-lbaas		18:31
*** voelzmo has joined #openstack-lbaas		18:34
*** yamamoto has quit IRC		18:37
*** gcheresh has joined #openstack-lbaas		18:44
*** voelzmo has quit IRC		18:46
*** amotoki has quit IRC		18:53
xgerman_	johnsom this combination of statistics and recent module is what I can comprehend pretty quickly: https://www.microsoft.com/developerblog/2017/06/28/scaling-udp-workloads-with-kubernetes/	19:02
xgerman_	downside is we probably need to rehash each time we add/remove LBs but we can fix that in the future with some of the better distributor stuff	19:03
xgerman_	Then I can sling that on LB1 on an ACTIVE-PASSIVE set and they become magically ACTIVE-ACTIBE ;-)	19:07
*** yamamoto has joined #openstack-lbaas		19:33
*** gcheresh has quit IRC		19:35
*** gcheresh has joined #openstack-lbaas		19:37
*** yamamoto has quit IRC		19:38
*** eezhova has joined #openstack-lbaas		19:44
*** armax has quit IRC		19:52
*** fnaval has quit IRC		19:56
*** sshank has joined #openstack-lbaas		20:03
*** fnaval has joined #openstack-lbaas		20:22
*** fnaval has quit IRC		20:22
*** fnaval has joined #openstack-lbaas		20:23
*** eezhova has quit IRC		20:27
xgerman_	rm_work we will get a feree code for attending the PTG	20:33
johnsom	Ah, true	20:33
xgerman_	rm_work my approved budget only covers the flight and some meals… so if you know a nice bridge…	20:34
xgerman_	I can probably kick in a few bucks if we want to go and do the update	20:34
*** yamamoto has joined #openstack-lbaas		20:35
*** yamamoto has quit IRC		20:38
*** yamamoto has joined #openstack-lbaas		20:38
*** yamamoto has quit IRC		20:39
*** rcernin has joined #openstack-lbaas		20:50
*** gcheresh has quit IRC		20:51
*** aojea has joined #openstack-lbaas		21:02
*** fnaval has quit IRC		21:04
*** armax has joined #openstack-lbaas		21:04
*** yamamoto has joined #openstack-lbaas		21:10
*** jmccrory has quit IRC		21:13
*** jmccrory has joined #openstack-lbaas		21:14
*** yamamoto has quit IRC		21:15
*** kbyrne has quit IRC		21:30
*** kbyrne has joined #openstack-lbaas		21:32
rm_work	xgerman_: i might have room in an airbnb	21:36
rm_work	xgerman_: i can just get a 2-room one	21:36
rm_work	still way cheaper than hotel	21:36
rm_work	i am supposed to book that now, too	21:36
xgerman_	awesome	21:36
rm_work	i've crashed on your couch a couple times I think :P	21:37
xgerman_	yep	21:37
xgerman_	which dates are you thiking?	21:37
rm_work	i'm still 100% verifying	21:37
xgerman_	same here	21:37
rm_work	so i'll need till the end of the week prolly	21:37
xgerman_	sounds good -	21:46
rm_work	johnsom / xgerman_: seems that keepalived is taking ~4s from when the MASTER dies to actually trigger transition to MASTER	21:57
rm_work	so I don't know how even upstream we are supposed to be doing subsecond	21:57
rm_work	because it's 4s from the last working request, until it does a GARP and theoretically would pick up new requests	21:57
johnsom	Oh, I never quoted sub-second, I usually say around a second	21:57
rm_work	lol	21:57
johnsom	Got back and watch the video from Tokyo	21:58
rm_work	well 4s seems a little sad	21:58
rm_work	and is not what I was expecting, quite	21:58
rm_work	i wonder if we can tweak that	21:58
rm_work	like, are any of our settings bad?	21:58
johnsom	Yeah, I don't think our defaults are "perfect" there	21:58
*** JudeC has quit IRC		21:59
rm_work	hmm	22:00
johnsom	I think things have changed a bit too over time.	22:00
*** leitan has quit IRC		22:01
*** catintheroof has quit IRC		22:01
rm_work	oh nice, realized why storing topology on the LB is nice	22:09
rm_work	now I can switch the topo to ACTIVE_STANDBY and it won't do horrific things to the old LBs :P	22:09
rm_work	i'd never really thought about it	22:09
rm_work	anyway, about to switch over to active-standby... soon	22:09
*** yamamoto_ has joined #openstack-lbaas		22:11
*** JudeC has joined #openstack-lbaas		22:14
*** yamamoto_ has quit IRC		22:17
rm_work	johnsom: wait is it related to:	22:18
rm_work	# vrrp_check_interval = 5	22:18
rm_work	# vrpp_fail_count = 2	22:18
rm_work	# vrrp_success_count = 2	22:18
rm_work	that doesn't actually look like how long it takes	22:18
rm_work	I mean I guess that's just for the check script?	22:18
rm_work	unless it isn't?	22:19
*** sshank has quit IRC		22:19
rm_work	yeah looks like those are used for the check script, not for the "pair liveness"	22:20
openstackgerrit	Adam Harwell proposed openstack/octavia master: WIP: Floating IP Network Driver (spans L3s) https://review.openstack.org/435612	22:21
openstackgerrit	Adam Harwell proposed openstack/octavia master: Whitespace fixes and simplification of keepalived template https://review.openstack.org/496430	22:26
rm_work	johnsom: ^^ that was bothering me a lot	22:26
rm_work	the template was an absolute mess	22:26
rm_work	the output had like 4 blank lines at the top, and EVERYTHING had different indentation	22:26
rm_work	it made me weep on the inside	22:26
johnsom	Hahaha	22:27
*** sshank has joined #openstack-lbaas		22:27
rm_work	and like, why were we using a macro	22:28
rm_work	for one spot	22:28
rm_work	that was just a for-loop	22:28
rm_work	that's not a macro	22:28
rm_work	it still bothers me that there's two newlines at the end of the TEMPLATE, but in the output, there's only one for some freaking reason	22:30
rm_work	so whatever, it has to stay I guess >_<	22:30
*** rcernin has quit IRC		22:32
rm_work	anyone know of any promo codes for the PTG? :P	22:59
*** aojea has quit IRC		23:05
johnsom	Nope	23:06
*** ipsecguy has quit IRC		23:07
*** ipsecguy has joined #openstack-lbaas		23:08
tongl	If there is any exception raised during creating LB resource, how can we exit without any resource being created. In our vmware_nsx driver, in case of exception raised, it still go ahead to create LB in ERROR state in neutron db.	23:11
tongl	https://github.com/openstack/vmware-nsx/blob/master/vmware_nsx/services/lbaas/nsx_v3/loadbalancer_mgr.py#L43	23:11
tongl	What I want is just output the exception to user, but not creating any resource in ERROR state in db.	23:12
johnsom	tongl Since the API is async you should always have a record for the client to query status	23:12
*** ipsecguy has quit IRC		23:12
*** ipsecguy has joined #openstack-lbaas		23:12
*** yamamoto_ has joined #openstack-lbaas		23:13
tongl	If it fails validation at an early stage, is it possible to exit without creating any resource?	23:13
tongl	For me it makes sense since it didn't pass validation. It just exit without any resource being created.	23:14
johnsom	Yes, if it fails basic validation the user gets a direct response instead of 201, but once the data is validated it is stored in the DB for the driver to act on.	23:15
rm_work	tongl: yeah, by the time your driver gets it, it HAS passed validation	23:16
tongl	I see. So as long as the data passes basic validation, it will be created in db even if the driver validation part failed.	23:16
rm_work	yes, then it will go to ERROR and the user will know it failed	23:17
rm_work	though, what validation happens in your driver that is being allowed through the API validation layer?	23:17
rm_work	that's not ideal	23:17
tongl	Probably in our driver, we can delete the record if it failed the driver validation.	23:17
rm_work	tongl: err, that would be bad	23:18
rm_work	then the user would just see their LB disappear	23:18
rm_work	and be very confused	23:18
rm_work	they need to be able to query the LBID and see that it went to ERROR	23:18
johnsom	tongl That would be a bad idea. The point of 201 is to signal that this is an async interface and the client should poll for status	23:18
tongl	e.g $ neutron lbaas-loadbalancer-create --name lb1 private-subnet	23:18
*** yamamoto_ has quit IRC		23:18
tongl	in our vmware-nsx driver, we requires there is a router for this subnet. otherwise it will fail lb validation.	23:19
rm_work	ok, so in that case, you would set it to ERROR	23:19
rm_work	and the user would be querying the LBID and see it go to ERROR status from PENDING_CREATE	23:19
tongl	so during lb creation, if it fails the subnet validation, we will raise BatRequest exception	23:19
rm_work	unfortunately for your case, the driver enters the picture too late to be part of API validation :/	23:20
rm_work	it MIGHT be possible to allow for some custom validations... I've done a little bit of work on that front	23:21
tongl	I see. I thought it was because I didn't raise correct exception :)	23:21
rm_work	but that gets into murky territory	23:21
rm_work	no, by the time you even get the request, we've already accepted it and sent the user a 201	23:21
johnsom	Yeah, by the time the driver gets the request the user is already gone	23:22
johnsom	This is something that could be proposed for the Octavia provider spec. Allowing drivers to have validator.	23:23
tongl	that would be awesome to allow driver validator	23:23
tongl	As I got some feedback that if it fails driver validator, it is confusing it the resource is still getting created in ERROR state.	23:24
johnsom	Yeah, it's an interesting case where drivers have additional restrictions	23:25
*** sshank has quit IRC		23:43
*** tongl has quit IRC		23:48

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!