Friday, 2018-01-05

*** salmankhan has quit IRC		00:00
rm_work	johnsom: err can you pastebin me your command?	00:03
johnsom	openssl pkcs12 -export -nodes -inkey testcert.key -in testcert.pem -certfile ca_cert.pem -out testcert.p12	00:03
rm_work	in the patch in the cookbook section is the exact command i ran	00:03
johnsom	Enter Export Password:	00:04
johnsom	Verifying - Enter Export Password:	00:04
rm_work	hmmmmmmmm	00:04
rm_work	what version of openssl are you running	00:04
johnsom	I tried with both -nodes and without	00:04
johnsom	OpenSSL 1.0.2g 1 Mar 2016	00:04
rm_work	erg mine may just be stupid old	00:05
johnsom	Ubuntu 16.04	00:05
rm_work	i'm using 0.9.8zh on OSX T_T	00:05
rm_work	i looked for a way to do the passphrases for a while, never found it (on OSX)	00:05
rm_work	i may have to look at that again	00:05
rm_work	ugh	00:05
johnsom	Ok, I commented on the patch so I could move on to other patch reviews	00:06
rm_work	kk	00:06
rm_work	Amphora Failover API could use a +A :P	00:06
rm_work	whenev	00:06
rm_work	^_^	00:06
johnsom	Working my way there	00:06
*** sanfern has joined #openstack-lbaas		01:48
*** threestrands_ has joined #openstack-lbaas		02:14
*** threestrands_ has quit IRC		02:14
*** threestrands_ has joined #openstack-lbaas		02:14
*** threestrands has quit IRC		02:16
*** sanfern has quit IRC		02:34
*** harlowja has quit IRC		02:36
openstackgerrit	huangshan proposed openstack/octavia master: Check if it is used when creating a load balancer using vip_port_id https://review.openstack.org/525069	02:41
openstackgerrit	Merged openstack/octavia master: Improve user error messages for duplicate objects https://review.openstack.org/528370	03:15
openstackgerrit	Merged openstack/octavia master: Fix exception when querying for non-existing items https://review.openstack.org/530886	03:15
*** yamamoto has joined #openstack-lbaas		03:28
*** links has joined #openstack-lbaas		03:29
*** gans has joined #openstack-lbaas		03:32
*** links has quit IRC		03:34
*** reedip has joined #openstack-lbaas		03:34
*** annp has joined #openstack-lbaas		03:56
*** links has joined #openstack-lbaas		03:56
openstackgerrit	Merged openstack/octavia master: Add VIP qos into our cookbook https://review.openstack.org/530318	04:03
*** dayou has quit IRC		04:45
*** dayou has joined #openstack-lbaas		04:46
*** ianychoi has quit IRC		05:52
*** threestrands_ has quit IRC		06:13
*** dayou has quit IRC		06:43
*** fnaval has joined #openstack-lbaas		06:55
*** dayou has joined #openstack-lbaas		07:03
*** fnaval has quit IRC		07:06
openstackgerrit	Merged openstack/octavia master: TrivialFix: remove redundant import alias https://review.openstack.org/529797	07:14
*** armax has quit IRC		07:29
*** b_bezak has joined #openstack-lbaas		07:49
*** tesseract has joined #openstack-lbaas		08:12
openstackgerrit	Merged openstack/octavia master: Minimize the effect overloaded Health Manager processes https://review.openstack.org/531006	08:17
*** rcernin has quit IRC		08:28
*** armax has joined #openstack-lbaas		08:55
*** armax has quit IRC		09:14
*** cristicalin has joined #openstack-lbaas		09:34
*** cristicalin has quit IRC		09:39
*** aojea has joined #openstack-lbaas		10:07
*** aojea_ has joined #openstack-lbaas		10:13
*** aojea has quit IRC		10:16
*** aojea has joined #openstack-lbaas		10:18
*** aojea_ has quit IRC		10:22
*** aojea_ has joined #openstack-lbaas		10:23
*** salmankhan has joined #openstack-lbaas		10:25
*** aojea has quit IRC		10:26
*** aojea has joined #openstack-lbaas		10:29
*** aojea_ has quit IRC		10:31
*** aojea has quit IRC		10:37
*** reedip has quit IRC		10:39
*** sanfern has joined #openstack-lbaas		10:40
*** salmankhan has quit IRC		10:47
openstackgerrit	Santhosh Fernandes proposed openstack/octavia master: [WIP] L3 ACTIVE-ACTIVE Data model impact https://review.openstack.org/524722	10:49
*** reedip has joined #openstack-lbaas		10:52
*** sanfern has quit IRC		10:56
*** gans has quit IRC		10:59
*** pcaruana has joined #openstack-lbaas		11:01
*** aojea has joined #openstack-lbaas		11:10
*** aojea_ has joined #openstack-lbaas		11:14
*** aojea has quit IRC		11:16
*** aojea has joined #openstack-lbaas		11:19
*** aojea_ has quit IRC		11:22
*** aojea_ has joined #openstack-lbaas		11:25
*** aojea has quit IRC		11:28
*** aojea has joined #openstack-lbaas		11:29
*** aojea_ has quit IRC		11:32
*** aojea_ has joined #openstack-lbaas		11:34
*** aojea has quit IRC		11:37
*** aojea has joined #openstack-lbaas		11:40
*** aojea_ has quit IRC		11:42
*** aojea_ has joined #openstack-lbaas		11:45
*** aojea has quit IRC		11:47
*** aojea has joined #openstack-lbaas		11:49
*** salmankhan has joined #openstack-lbaas		11:49
*** aojea_ has quit IRC		11:52
*** aojea_ has joined #openstack-lbaas		11:55
*** aojea has quit IRC		11:57
*** aojea has joined #openstack-lbaas		12:00
*** annp has quit IRC		12:00
*** aojea_ has quit IRC		12:03
*** aojea has quit IRC		12:07
*** salmankhan has quit IRC		12:13
*** kong has quit IRC		12:23
*** numans has joined #openstack-lbaas		12:24
*** numans has quit IRC		12:25
*** numans has joined #openstack-lbaas		12:30
*** salmankhan has joined #openstack-lbaas		12:52
*** salmankhan has quit IRC		12:58
*** atoth has joined #openstack-lbaas		13:29
*** salmankhan has joined #openstack-lbaas		13:40
*** dayou has quit IRC		13:45
*** links has quit IRC		13:47
*** dayou has joined #openstack-lbaas		13:54
*** dayou has quit IRC		14:00
*** dayou has joined #openstack-lbaas		14:02
*** dayou has quit IRC		14:08
*** dayou has joined #openstack-lbaas		14:22
*** KeithMnemonic has joined #openstack-lbaas		14:31
*** longstaff has joined #openstack-lbaas		15:20
*** fnaval has joined #openstack-lbaas		15:29
*** fnaval has quit IRC		15:34
openstackgerrit	Bernard Cafarelli proposed openstack/octavia master: Rework amphora agent installation element https://review.openstack.org/522626	15:34
openstackgerrit	Bernard Cafarelli proposed openstack/octavia master: Allow setting full mandatory access control in amphora https://review.openstack.org/526380	15:34
*** b_bezak has quit IRC		15:41
*** longstaf_ has joined #openstack-lbaas		15:57
*** longstaff has quit IRC		16:01
*** longstaf_ has left #openstack-lbaas		16:09
*** longstaf_ has joined #openstack-lbaas		16:09
*** sanfern has joined #openstack-lbaas		16:11
*** yamamoto has quit IRC		16:26
*** fnaval has joined #openstack-lbaas		16:35
*** b_bezak has joined #openstack-lbaas		16:36
*** fnaval has quit IRC		16:37
*** armax has joined #openstack-lbaas		16:39
*** openstackstatus has quit IRC		16:40
*** openstackstatus has joined #openstack-lbaas		16:41
*** ChanServ sets mode: +v openstackstatus		16:41
sanfern	Hi johnsom,	16:43
*** yamamoto has joined #openstack-lbaas		16:50
johnsom	Hi sanfern, in a meeting so my response might be late	16:55
*** pcaruana has quit IRC		17:21
*** sanfern has quit IRC		17:31
*** salmankhan has quit IRC		17:44
*** yamamoto has quit IRC		17:47
*** kbyrne has joined #openstack-lbaas		17:47
*** yamamoto has joined #openstack-lbaas		18:03
*** yamamoto has quit IRC		18:07
*** harlowja has joined #openstack-lbaas		18:09
*** sanfern has joined #openstack-lbaas		18:10
openstackgerrit	Santhosh Fernandes proposed openstack/octavia master: [WIP] L3 ACTIVE-ACTIVE Data model impact https://review.openstack.org/524722	18:13
*** sanfern has quit IRC		18:20
*** leitan has joined #openstack-lbaas		18:21
leitan	Hi guys, hope you had a great holidays, been running octavia on prod for almost a year now, very happy, i have a question related the default flavor for the amphoraes	18:22
leitan	i configured a flavor based on the consumption of the legacy haproxy we had	18:22
leitan	but now i realized the flavor is oversized	18:22
leitan	and i want to reclaim some memory and vcpus	18:22
leitan	two questions	18:22
leitan	1 - if i change the default flavor id for amphorae, something breaks on the existing load balancers ?	18:23
leitan	2 - i was thinking to change de fault flavor, create new LBs, and replace the oversized with new ones, with same backends etc, and claim the resources from the cloud that way, sounds logical ?	18:24
johnsom	leitan Hello, so if the flavor ID is updated on the control plane, if the amphora gets rebuilt for any reason it will use the updated flavor ID. This is to allow you to make changes like this and do failovers, etc.	18:24
johnsom	leitan Yes, if you are running active/standby you can do it in a rolling way. No problem.	18:25
johnsom	If you have recent code, we added the LB failover API for this reason	18:25
leitan	johnsom: thats great, so if i update the deafault amp_flavor_id on the octavia conf, and destroy the active LB, it will create a new one with the updated flavor	18:25
leitan	johnsom: no, i have old code	18:25
leitan	but im using active passive	18:25
johnsom	https://developer.openstack.org/api-ref/load-balancer/v2/index.html#failover-a-load-balancer	18:25
johnsom	leitan Yes, but remember to restart the controller processes so it picks up the config change	18:26
leitan	yes, i was planning on restarting the api housekeeper worker and health manager	18:27
leitan	just FYI im using octavia-0.10.1.dev106 johnsom	18:27
johnsom	Ok, so Ocata release.	18:28
johnsom	Don't forget the controller worker process. It is important here	18:28
johnsom	You might consider building a fresh amphora image and uploading it before you do these failovers to pick up an OS patches, etc.	18:30
johnsom	Of course test out the image and process on a non-critical LB first just to make sure you have everything in order	18:30
leitan	johnsom: sure thing ! thanksss	18:37
johnsom	NP	18:37
leitan	ill try it out and let you know	18:37
*** salmankhan has joined #openstack-lbaas		18:44
*** yamamoto has joined #openstack-lbaas		18:48
*** numans has quit IRC		18:50
johnsom	FYI, I am asking around about a new openstacksdk release for the fix we need for the octavia-dashboard patches.	18:51
*** numans has joined #openstack-lbaas		18:51
*** yamamoto has quit IRC		18:52
openstackgerrit	Michael Johnson proposed openstack/octavia master: VIP port is created with port_security_enabled: False https://review.openstack.org/529449	18:56
*** openstack has joined #openstack-lbaas		21:17
*** ChanServ sets mode: +o openstack		21:17
*** fnaval has joined #openstack-lbaas		21:23
*** fnaval has quit IRC		21:25
*** numans has quit IRC		21:25
*** numans has joined #openstack-lbaas		21:28
johnsom	longstaff Hi	21:54
longstaff	Hi -- I want to finish the provider driver spec. Do you have anything in flight, or should I just go ahead and address the remaining comments?	21:55
johnsom	Please go ahead, I was holding off as I thought you mentioned you were working on an update	21:56
longstaff	Great. I'll go ahead and post a new patch with requested changes. Thanks.	21:57
johnsom	Perfect, thanks!	21:57
*** yamamoto has joined #openstack-lbaas		22:04
*** yamamoto has quit IRC		22:17
rm_work	anyone know how using rabbitmq in a cluster with HA queues works?	22:26
rm_work	re: configuring it in octavia.conf	22:26
rm_work	there's a nice guide here but it's a little sparse with regard to reasoning: https://docs.openstack.org/ha-guide/shared-messaging.html	22:26
johnsom	I did at one point, I think there is a small discussion in oslo messaging docs	22:27
rm_work	like... if i already configured rabbit to HA all the queues, do I need `rabbit_ha_queues=true` in my config?	22:27
rm_work	and are they recommending `rabbit_max_retries=0` for a reason? like, it needs to give up immediately to cycle to the next server in the list? or can i leave it with higher retries?	22:27
johnsom	https://docs.openstack.org/oslo.messaging/latest/reference/transport.html#oslo_messaging.TransportURL	22:29
rm_work	right	22:29
rm_work	i have that line	22:29
rm_work	with the commas	22:29
rm_work	transport_url = rabbit://octavia:**@oct-rbt-z1-01,octavia:@oct-rbt-z2-01,octavia:**@oct-rbt-z3-01/	22:30
rm_work	but the other options ... i could just copy them but i don't like to cargo-cult, kinda want to know WHY they disabled retries	22:30
johnsom	You are going beyond my experience on this one. All I can say is dig through this: https://docs.openstack.org/oslo.messaging/latest/configuration/opts.html#oslo-messaging-rabbit	22:31
johnsom	There might be something in the HA guide too	22:31
johnsom	Let me look in the HA guide too	22:31
rm_work	i linked the page on this from the HA guide :P	22:32
*** fnaval has joined #openstack-lbaas		22:32
johnsom	https://docs.openstack.org/ha-guide/shared-messaging.html	22:32
johnsom	Ah, yeah, so you did	22:32
johnsom	Sorry, context switching with fixing the openstacksdk gates that just dropped testing octavia....	22:32
johnsom	ugh	22:32
rm_work	lol well	22:32
rm_work	rabbit_max_retries is deprecated	22:33
rm_work	so whatever	22:33
johnsom	openstack.tests.functional.load_balancer.v2.test_load_balancer.TestLoadBalancer.test_health_monitor_find ... SKIPPED: Service load-balancer not found in cloud	22:33
rm_work	ah and yeah actually	22:33
rm_work	rabbit_ha_queues question is answered via your conf link too	22:33
rm_work	it's ignored in rabbit 3.x	22:33
rm_work	so, woo. thanks :P	22:33
rm_work	didn't expect to find answers in there, but glad i read it anyway :P	22:33
rm_work	thanks for the link	22:33
johnsom	NP	22:34
rm_work	do you run rabbit in SSL mode?	22:34
*** fnaval has quit IRC		22:34
johnsom	No, I don't think so (for dev work)	22:34
johnsom	nope	22:35
rm_work	i am thinking about prod work	22:35
rm_work	though we don't store anything sensitive right?	22:35
johnsom	Yeah, you probably should	22:35
johnsom	Not really, but you don't want injection either	22:36
rm_work	ah	22:36
rm_work	:/	22:36
*** fnaval has joined #openstack-lbaas		22:37
johnsom	The rabbit creds probably go over it in the clear too, not sure though	22:37
rm_work	>_<	22:37
johnsom	Hey, I didn't write ampq	22:38
johnsom	grin	22:38
johnsom	So, TLS, yes, have some	22:38
*** fnaval has quit IRC		22:40
*** slaweq_ has quit IRC		22:48
*** ltomasbo has quit IRC		23:11
*** fnaval has joined #openstack-lbaas		23:12
rm_work	OH johnsom now that I have been back for a little bit, i remembered the deal with pkcs12 and passphrases	23:12
rm_work	what you found was passphrase protecting the pkcs12 file	23:12
rm_work	not "storing the passphrase for the key you're bundling"	23:13
johnsom	Well, I ran the command in the cookbook. I also tried -nodes	23:13
rm_work	pkcs12 doesn't have a slot by default for a passphrase for a key that's inside it	23:13
rm_work	because honestly storing a key and its passphrase in the same object would be really dumb	23:14
rm_work	so the command actually didn't execute?	23:14
rm_work	i thought you were just saying that it said it would let you use a passphrase	23:14
*** fnaval has quit IRC		23:15
johnsom	No, it forces me to enter an "export passphrase	23:16
rm_work	oh	23:16
rm_work	just hit enter twice	23:16
rm_work	i may need to document that	23:16
johnsom	and it's not just for the key, it asks to confirm the passphrase	23:16
johnsom	Yeah, it seemed to conflict with the release notes comment, etc. So confused me, meaning we will get questions	23:17
*** fnaval has joined #openstack-lbaas		23:22
*** fnaval has quit IRC		23:24
*** slaweq has joined #openstack-lbaas		23:39
rm_work	let me know for sure if just pressing enter twice works for you	23:42
openstackgerrit	Michael Johnson proposed openstack/python-octaviaclient master: Update new documentation PTI jobs https://review.openstack.org/530384	23:44
*** slaweq has quit IRC		23:44
johnsom	Yeah, it will be a bit before I circle back around to that. I still have a capable stack, just working on a few other patches at the moment.	23:44
rm_work	np	23:48
rm_work	trying to figure out where/how we generate a client cert for amp communication	23:49
rm_work	in like... devstack	23:49
rm_work	ah nm it was where i thought it should be, just missed it the first time	23:50
*** longstaff has quit IRC		23:56

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!