Thursday, 2018-03-08

rm_work	so this is just dumb	00:00
rm_work	we can't get a clean run because random useless unrelated shit keeps happening	00:00
rm_work	what happened to the py3x one...	00:00
rm_work	ah yeah the other thing	00:00
rm_work	ok one sec, f this	00:00
openstackgerrit	Adam Harwell proposed openstack/neutron-lbaas master: Switch to stestr and wait for LB delete on cleanup https://review.openstack.org/550282	00:03
cgoncalves	lol	00:03
rm_work	literally nothing i can do about the statusline bug	00:04
rm_work	the gates are just taunting us	00:04
rm_work	I really want an override, like "f#$% this, i know this works, these gates are bulls#%@, merge this"	00:05
cgoncalves	the sleep fine for me. it's tests code and at cleanup	00:06
rm_work	time.sleep() in tests is ridiculously dumb but i don't feel like we have a choice	00:06
rm_work	anything that relies on hoping timing works out is a really fragile test	00:07
rm_work	and normally should be rewritten to not rely on timing	00:07
rm_work	but this is stuff that's async, and kind of out of our control, and we have no way to check with certainty	00:08
cgoncalves	ah, plus this is neutron-lbaas so....	00:08
rm_work	yes	00:08
rm_work	it can be hacky, we're lighting it on fire soon anyway	00:08
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [DNM] Add experimental ovsfw-scenario job https://review.openstack.org/550431	00:37
*** AlexeyAbashkin has joined #openstack-lbaas		00:45
rm_work	cgoncalves: did you get an email after the PTG about a code for the vancouver summit?	00:46
*** AlexeyAbashkin has quit IRC		00:50
cgoncalves	rm_work: I did	00:51
cgoncalves	LB operating_status=ONLINE && provisioning_status=PENDING_CREATE	00:53
cgoncalves	is it correct to setting operating_status=ONLINE while privisioning is still PENDING_CREATE?	00:54
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [WIP] Add grenade support https://review.openstack.org/549654	00:57
cgoncalves	http://logs.openstack.org/82/550282/7/check/neutron-lbaasv2-dsvm-api-namespace/ed15e24/job-output.txt.gz#_2018-03-08_00_54_01_541706	01:04
cgoncalves	blank string issue again	01:04
*** jniesz has quit IRC		01:14
*** annp has joined #openstack-lbaas		01:51
rm_work	cgoncalves: what was the subject line of that email	01:52
rm_work	ummm, not sure about the pending_create vs online thing	01:53
rm_work	it depends on what you're looking at	01:53
rm_work	if it's a test it might be fine	01:53
rm_work	pending* are transient states and we really shouldn't be looking for them in anything besides unit tests anyway	01:53
rm_work	and for the blank project_id... WHAT THE F	01:56
*** imacdonn has quit IRC		02:03
*** imacdonn has joined #openstack-lbaas		02:03
rm_work	I'm about to throw an @skip on that test	02:06
rm_work	and call it done	02:06
*** AlexeyAbashkin has joined #openstack-lbaas		02:45
*** harlowja has quit IRC		02:49
*** AlexeyAbashkin has quit IRC		02:49
openstackgerrit	Adam Harwell proposed openstack/neutron-lbaas master: Switch to stestr and wait for LB delete on cleanup https://review.openstack.org/550282	03:32
rm_work	cgoncalves: yeah, screw it, added a skip for now on that test as it isn't making any sense	03:33
*** harlowja has joined #openstack-lbaas		04:37
*** jappleii__ has joined #openstack-lbaas		04:42
*** jappleii__ has quit IRC		04:43
*** threestrands_ has quit IRC		04:44
rm_work	so, now we should be good to go with that patch, if others agree with me about skipping it for now	04:48
*** links has joined #openstack-lbaas		04:59
*** links has quit IRC		04:59
*** threestrands has joined #openstack-lbaas		05:00
*** threestrands has quit IRC		05:00
*** threestrands has joined #openstack-lbaas		05:00
*** links has joined #openstack-lbaas		05:16
*** threestrands has quit IRC		05:25
*** kobis has joined #openstack-lbaas		05:33
*** kobis has quit IRC		05:36
*** kobis has joined #openstack-lbaas		05:38
*** kobis has quit IRC		05:39
*** pcaruana has joined #openstack-lbaas		05:57
*** harlowja has quit IRC		06:05
*** pcaruana has quit IRC		06:08
*** atoth has quit IRC		06:20
*** atoth has joined #openstack-lbaas		06:22
*** dims has quit IRC		06:24
*** dims has joined #openstack-lbaas		06:30
openstackgerrit	Hengqing Hu proposed openstack/octavia-dashboard master: Replace noop tests with registration test https://review.openstack.org/550721	06:51
*** rcernin has quit IRC		07:22
*** kobis has joined #openstack-lbaas		07:26
*** atoth has quit IRC		07:27
openstackgerrit	OpenStack Proposal Bot proposed openstack/octavia-dashboard master: Imported Translations from Zanata https://review.openstack.org/550371	07:29
*** jaff_cheng has joined #openstack-lbaas		07:35
*** jaff_cheng has left #openstack-lbaas		07:36
*** AlexeyAbashkin has joined #openstack-lbaas		07:45
*** KeithMnemonic has joined #openstack-lbaas		07:49
*** AlexeyAbashkin has quit IRC		07:49
*** pcaruana has joined #openstack-lbaas		08:04
*** b_bezak has joined #openstack-lbaas		08:11
*** yamamoto has quit IRC		08:33
*** tesseract has joined #openstack-lbaas		08:36
*** yamamoto has joined #openstack-lbaas		08:42
*** pcaruana has quit IRC		08:43
*** tesseract has quit IRC		08:43
*** kberger has joined #openstack-lbaas		08:47
*** kberger has quit IRC		08:48
*** KeithMnemonic has quit IRC		08:49
*** yamamoto has quit IRC		08:50
*** pcaruana has joined #openstack-lbaas		08:52
*** tesseract has joined #openstack-lbaas		08:52
*** yamamoto has joined #openstack-lbaas		08:57
*** yamamoto has quit IRC		08:58
*** yamamoto has joined #openstack-lbaas		09:00
*** pcaruana has quit IRC		09:02
*** tesseract has quit IRC		09:02
*** bonky has left #openstack-lbaas		09:03
*** bonky has joined #openstack-lbaas		09:04
*** yamamoto has quit IRC		09:05
cgoncalves	rm_work: "Your Vancouver Summit Code: OpenStack PTG"	09:06
cgoncalves	from summit@openstack.org	09:06
bonky	rm_work: I've made some progress, pretty far, but not reached a successful deploy yet though :P	09:07
bonky	the errors I get now are,	09:07
bonky	2018-03-08 08:58:20.082 19 DEBUG octavia.amphorae.drivers.haproxy.rest_api_driver [-] request url plug/vip/10.10.10.100 request /usr/lib/python2.7/site-packages/octavia/amphorae/drivers/haproxy/rest_api_driver.py:254	09:08
bonky	2018-03-08 08:58:20.082 19 DEBUG octavia.amphorae.drivers.haproxy.rest_api_driver [-] request url https://10.40.6.15:9443/0.5/plug/vip/10.10.10.100 request /usr/lib/python2.7/site-packages/octavia/amphorae/drivers/haproxy/rest_api_driver.py:257	09:08
bonky	2018-03-08 08:58:20.084 19 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.: SSLError: [Errno 2] No such file or directory <- the error	09:08
bonky	It's not really specific about what files its missing so its a bit hard to debug	09:08
bonky	so the amphorae gets depoyed correcttly, and the endpoint on the vm is reachable, but something is off	09:10
*** pcaruana has joined #openstack-lbaas		09:15
*** yamamoto has joined #openstack-lbaas		09:15
*** tesseract has joined #openstack-lbaas		09:16
bonky	hm alot of certificates that is needed to get this working	09:16
*** yamamoto has quit IRC		09:20
nmagnezi_	cgoncalves, rm_work, I just W+1 https://review.openstack.org/#/c/550282	09:29
nmagnezi_	cgoncalves, rm_work, but we should get to the bottom of this eventually..	09:30
*** yamamoto has joined #openstack-lbaas		09:30
*** tesseract has quit IRC		09:32
*** pcaruana has quit IRC		09:32
cgoncalves	nmagnezi_: agreed	09:33
*** yamamoto has quit IRC		09:35
*** yamamoto has joined #openstack-lbaas		09:45
*** pcaruana has joined #openstack-lbaas		09:45
*** tesseract has joined #openstack-lbaas		09:46
*** yamamoto has quit IRC		09:50
*** yamamoto has joined #openstack-lbaas		10:00
*** yamamoto has quit IRC		10:05
*** dmellado has quit IRC		10:08
*** dmellado has joined #openstack-lbaas		10:13
*** annp has quit IRC		10:13
*** yamamoto has joined #openstack-lbaas		10:15
*** salmankhan has joined #openstack-lbaas		10:16
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [WIP] Add grenade support https://review.openstack.org/549654	10:17
*** yamamoto has quit IRC		10:20
*** yamamoto has joined #openstack-lbaas		10:23
*** yamamoto has quit IRC		10:23
*** yamamoto has joined #openstack-lbaas		10:30
openstackgerrit	Merged openstack/neutron-lbaas master: Switch to stestr and wait for LB delete on cleanup https://review.openstack.org/550282	10:35
cgoncalves	nmagnezi_: ^ has been merged. CI is not gating https://review.openstack.org/#/c/550134/	10:51
cgoncalves	do we need to recheck or cores to press the "Submit" button?	10:51
nmagnezi_	cgoncalves, there is not submit button, but I tried to recheck plus additional W+1	11:07
cgoncalves	nmagnezi_: k, thanks	11:08
cgoncalves	(FWIW in other gerrits I've used, there was a submit button)	11:08
nmagnezi_	cgoncalves, it's permission based :)	11:09
cgoncalves	3x +2 and 2x +W \o/	11:09
nmagnezi_	yeah. lol	11:09
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [WIP] Add grenade support https://review.openstack.org/549654	11:20
openstackgerrit	wangqi proposed openstack/octavia-tempest-plugin master: Update links in README https://review.openstack.org/550789	11:33
nmagnezi_	we should really start a policy of auto -2 for those "Update links" patches ^^ .. :-\|	11:34
*** salmankhan has quit IRC		11:39
*** salmankhan has joined #openstack-lbaas		11:39
*** salmankhan has quit IRC		11:59
*** salmankhan has joined #openstack-lbaas		12:07
*** salmankhan has quit IRC		12:20
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [WIP] Add grenade support https://review.openstack.org/549654	12:22
openstackgerrit	Merged openstack/octavia master: Migrate to stestr https://review.openstack.org/550134	12:30
*** yamamoto has quit IRC		12:32
nmagnezi_	cgoncalves, merged ^	12:35
openstackgerrit	Nir Magnezi proposed openstack/neutron-lbaas master: [DNM]: Test CI https://review.openstack.org/550085	12:35
*** yamamoto has joined #openstack-lbaas		12:38
*** salmankhan has joined #openstack-lbaas		12:47
*** salmankhan has quit IRC		13:14
*** salmankhan has joined #openstack-lbaas		13:17
cgoncalves	nmagnezi_: thanks!	13:28
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [WIP] Add grenade support https://review.openstack.org/549654	13:39
*** salmankhan has quit IRC		13:48
*** links has quit IRC		13:51
*** salmankhan has joined #openstack-lbaas		13:56
*** fnaval has joined #openstack-lbaas		14:27
*** beagles is now known as beagles\|brb		14:40
cgoncalves	damn you octavia, you and your immutable resource fellas :/	14:46
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [WIP] Add grenade support https://review.openstack.org/549654	14:47
*** Swami has joined #openstack-lbaas		14:49
openstackgerrit	Hengqing Hu proposed openstack/octavia master: Bring up lo when plugging interfaces https://review.openstack.org/550861	15:07
*** beagles\|brb is now known as beagles		15:12
*** yamamoto has quit IRC		15:14
*** yamamoto has joined #openstack-lbaas		15:16
*** yamamoto has quit IRC		15:21
*** b_bezak has quit IRC		15:29
*** yamamoto has joined #openstack-lbaas		15:29
openstackgerrit	Hengqing Hu proposed openstack/octavia master: ACTIVE-ACTIVE: Initial distributor data model https://review.openstack.org/528850	15:32
openstackgerrit	Hengqing Hu proposed openstack/octavia master: L3 ACTIVE-ACTIVE data model https://review.openstack.org/524722	15:32
openstackgerrit	Hengqing Hu proposed openstack/octavia master: Make frontend interface attrs less vrrp specific https://review.openstack.org/521138	15:32
openstackgerrit	Hengqing Hu proposed openstack/octavia master: Able to set frontend network for loadbalancer https://review.openstack.org/529936	15:32
openstackgerrit	Hengqing Hu proposed openstack/octavia master: Provide devstack samples for l3 active active https://review.openstack.org/520878	15:33
*** yamamoto has quit IRC		15:34
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [WIP] Add grenade support https://review.openstack.org/549654	15:36
*** kobis has quit IRC		15:37
*** yamamoto has joined #openstack-lbaas		15:38
*** yamamoto has quit IRC		15:38
bonky	Hi again, ok this makes me crazy. No matter what I have under [haproxy_amphora] client_cert, server_ca I cant get the octavia.amphorae.drivers.haproxy.rest_api_driver to connect to the instance.	16:05
bonky	Could not connect to instance. Retrying.: SSLError: [SSL] PEM lib (_ssl.c:2535)	16:05
bonky	^^ thats what I get	16:05
*** pcaruana has quit IRC		16:06
bonky	I really dont understand what to put there since nothing I try work	16:07
xgerman_	bonky: ok, you can check manually what is going on. Look at p 13 in https://docs.google.com/presentation/d/1p8ekZ99E30XR6w1hkPufTQJKCwkX9tRctnCIWVlx4Zw/edit#slide=id.p26	16:14
xgerman_	try to curl the amphora with -kv that should give you an idea about the certs	16:14
xgerman_	on the control plane side you need a client cert and it will check the server cert (from the amphora) against the CA in /etc/octavia/certs	16:16
xgerman_	for devstack I think we use the same CA for client/server certs…	16:16
xgerman_	cgoncalves: this is done - https://review.openstack.org/#/c/549259/21	16:29
nmagnezi_	xgerman_, maybe worth to rebase ^	16:37
xgerman_	ok	16:38
*** yamamoto has joined #openstack-lbaas		16:38
openstackgerrit	German Eichberger proposed openstack/octavia master: Periodic job to build + publish diskimage https://review.openstack.org/549259	16:38
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [WIP] Add grenade support https://review.openstack.org/549654	16:42
cgoncalves	xgerman_: out of curiosity, why 'test-images' and not 'images'? other projects that publish images use 'images/'	16:43
xgerman_	we want people to build their own images and not rely on us for timely security updates to the OS	16:44
cgoncalves	xgerman_: also, why prefixing image filename with 'test-only-'	16:45
*** yamamoto has quit IRC		16:45
cgoncalves	hmmm	16:45
xgerman_	to avoid people running them in production	16:45
xgerman_	;-)	16:45
xgerman_	also our main purpose for the images is to speed up kuryr and osa testing	16:46
*** salmankhan has quit IRC		16:46
cgoncalves	well, that will not prevent them, only (hopefully) warn	16:47
xgerman_	yep	16:47
xgerman_	out of our hands	16:47
cgoncalves	okay, I would not block because of this naming detail	16:47
xgerman_	yeah, let’s see what johnsom/rm_work think ;-)	16:48
nmagnezi_	I'm okay with "test-images".	16:49
cgoncalves	xgerman_: you've not checked the centos job though	16:49
xgerman_	I assume it works	16:49
nmagnezi_	each operator can use that as a base and add his own stuff	16:49
cgoncalves	my concern is that it might fail due to package names differing from ubuntu	16:49
xgerman_	ah. no, we will build the centos image on Ubuntu	16:50
cgoncalves	IIRC there's somewhere a conditional on rhel-based to install qemu with a different package name	16:50
cgoncalves	aaah right right	16:50
cgoncalves	still, I'd like first to see it verifying for the centos job ;)	16:50
*** salmankhan has joined #openstack-lbaas		16:51
cgoncalves	xgerman_: one other improvement could be suffixing filename with branch name. I know it's master and only master (at least for the time being)	16:51
xgerman_	yeah, that would be good once we “btranch” out	16:53
bonky	xgerman_: thanks!	16:53
bonky	FINALLY, I created a lb and its state got ACTIVE	16:53
bonky	:D	16:54
bonky	Only took me four days :P	16:54
xgerman_	<happy dance>	16:54
cgoncalves	bonky: you want to see operating_status==ONLINE and then double-check :P	16:54
*** harlowja has joined #openstack-lbaas		16:54
xgerman_	Please submit a patch to our docs to make sure others have an easier time	16:54
bonky	xgerman, oh there is much to wish regarding docs here I have to say. But also, I'm the "trial / error" kind of guy, which sometimes makes my life miserable, hehe	16:55
bonky	cgoncalves: operating_status : ONLINE	16:55
cgoncalves	great!	16:58
*** kobis has joined #openstack-lbaas		17:12
*** kobis has quit IRC		17:26
*** ivve has joined #openstack-lbaas		17:31
*** Swami has quit IRC		17:36
*** yamamoto has joined #openstack-lbaas		17:40
*** yamamoto has quit IRC		17:46
*** ivve has quit IRC		17:55
*** SumitNaiksatam has joined #openstack-lbaas		18:13
rm_work	cgoncalves: which things are immutable? you mean, LB between updates? or, some of the fields on things like HM or Listener?	18:19
cgoncalves	rm_work: users can't e.g. create members if pool is not yet online	18:22
rm_work	right	18:22
rm_work	single-create may help	18:23
rm_work	as we move that up the chain	18:23
cgoncalves	right	18:23
openstackgerrit	German Eichberger proposed openstack/octavia master: [WIP] Switch amphora agent to use privsep https://review.openstack.org/549295	18:23
cgoncalves	have you guys considered queueing CRUD operations?	18:24
rm_work	yeah i talked to someone else at the PTG about that	18:24
cgoncalves	if pool in PENDING_CREATE and POST member, add member create to queue	18:24
rm_work	it's something we talked about originally and opted to do this for simplicity so we could get stuff going	18:25
rm_work	there are some drawbacks	18:25
rm_work	but i think we could do it in a way that's sane	18:25
rm_work	and i would like to re-investigate it later	18:25
rm_work	maybe we could fit it in this cycle if we have a lot of time <_< but more likely next	18:25
cgoncalves	k. because for now users have to poll status before continuing	18:25
rm_work	yes	18:25
cgoncalves	including me in grenade	18:26
rm_work	which is how most of the rest of openstack works	18:26
cgoncalves	or... create <resource> --wait	18:26
*** harlowja has quit IRC		18:26
rm_work	yeah i think having that in the client would be fantastic	18:26
rm_work	i might look at doing that	18:26
rm_work	when i have time, which is ... not now	18:26
cgoncalves	client would poll behind the scenes?	18:27
rm_work	wasted way too much time this week on the gate stuff	18:27
rm_work	yeah there's --poll for nova at least	18:27
cgoncalves	hmmm right. not ideal but would suffice	18:27
rm_work	oh actually yeah it's --wait in this client	18:27
rm_work	it was --poll in the old one	18:27
rm_work	yeah if you have a free minute you could look at how nova did that, and either steal their method or rewrite it	18:28
rm_work	elsewise that sounds like the kind of thing i would enjoy hammering out, maybe in the next few weeks	18:28
xgerman_	or write a spec for a v3 API where we can queue :-)	18:29
rm_work	lol yeah so	18:29
rm_work	that was the biggest thing	18:29
rm_work	i think we may just need to do queueing as part of V3 along with a number of other cleanups and optimizations	18:29
cgoncalves	or queue that queue thing until we have microversions :P	18:30
rm_work	and we have to be really careful about moving on too soon from v2	18:30
xgerman_	yep	18:30
rm_work	eh, the amount of change that would be to introduce queueing kinda feels like a v3 to me	18:30
rm_work	and there is a whole laundry list of stuff i'd like to fix in our API as well	18:30
cgoncalves	i'm okay with not having it. just wanted to check if my thought was valid	18:31
rm_work	but we can talk about it	18:31
xgerman_	+1	18:31
cgoncalves	rm_work: FYI octavia rdo-queens and rdo-master packages require jinja 2.10 now	18:32
rm_work	k	18:32
rm_work	did we get a requirements bump yet locally?	18:33
rm_work	ah i see it	18:33
cgoncalves	yeah but again we can't backport it :(	18:34
rm_work	:(	18:35
rm_work	yeah that's unfortunate	18:36
rm_work	how goes the grenade?	18:36
cgoncalves	explosive :)	18:36
rm_work	i see that	18:37
cgoncalves	I need to fix some CLI commands. not blocked	18:38
rm_work	k	18:38
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [WIP] Add grenade support https://review.openstack.org/549654	18:39
*** yamamoto has joined #openstack-lbaas		18:42
*** yamamoto has quit IRC		18:48
*** tesseract has quit IRC		18:49
*** harlowja has joined #openstack-lbaas		19:11
*** SumitNaiksatam has quit IRC		19:11
*** Swami has joined #openstack-lbaas		19:13
*** harlowja has quit IRC		19:18
*** harlowja has joined #openstack-lbaas		19:33
*** gcheresh_ has joined #openstack-lbaas		19:42
*** salmankhan has quit IRC		19:42
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [WIP] Add grenade support https://review.openstack.org/549654	19:44
*** yamamoto has joined #openstack-lbaas		19:44
*** yamamoto has quit IRC		19:50
openstackgerrit	Adam Harwell proposed openstack/octavia master: WIP: Floating IP Network Driver (spans L3s) https://review.openstack.org/435612	19:51
openstackgerrit	Adam Harwell proposed openstack/octavia master: DNM: Remove PING type from HM options list https://review.openstack.org/528439	19:51
xgerman_	mmh	19:57
xgerman_	fun times	19:57
xgerman_	https://www.irccloud.com/pastebin/GnWaKxMD/	19:58
*** gcheresh_ has quit IRC		19:59
rm_work	err	20:02
rm_work	yeah the assert message is also really oddly worded :P	20:02
xgerman_	indeed, I also don’t like it when multi-process things don’t log the process-id	20:04
xgerman_	rm_work: is harlowja part of that privsep gang?	20:04
rm_work	not sure ;)	20:04
*** gcheresh_ has joined #openstack-lbaas		20:12
harlowja	not really; though i do sorta know how it works	20:24
xgerman_	harlowja: somehow I am doing something wrong - I am calling a wrapped method in line 86 in https://review.openstack.org/#/c/549295/7/octavia/amphorae/backends/agent/api_server/plug.py	20:29
xgerman_	and then it bombs with the printout	20:29
harlowja	the printout!	20:30
harlowja	what's the printout, ha	20:30
harlowja	ye olde printout	20:30
xgerman_	https://www.irccloud.com/pastebin/GnWaKxMD/	20:30
*** beagles is now known as beagles\|biab		20:34
harlowja	ya, its almost like it got 2 replies	20:36
xgerman_	yeah, very confused…	20:36
harlowja	what version of msgpack-python u have installed	20:40
harlowja	thinking maybe that lib had a bug where https://github.com/openstack/oslo.privsep/blob/master/oslo_privsep/comm.py#L75 wouldn't flush or something	20:40
harlowja	(had or has, ha)	20:40
harlowja	and it did just release recentlyish	20:41
xgerman_	msgpack (0.5.6)	20:42
harlowja	can u try 0.5.3	20:42
* harlowja looking at https://github.com/msgpack/msgpack-python/commits/master		20:42
xgerman_	sure	20:42
xgerman_	I have to respin a devstack though	20:43
harlowja	or just 0.5	20:43
xgerman_	so will be some time	20:43
harlowja	k	20:43
harlowja	there has been a bunch of buffer crap in that changelog	20:43
harlowja	so thinking maybe one fucked it up	20:43
*** yamamoto has joined #openstack-lbaas		20:46
openstackgerrit	German Eichberger proposed openstack/octavia master: [WIP] Switch amphora agent to use privsep https://review.openstack.org/549295	20:46
xgerman_	k, in 20 minutes we will know more ;-)	20:48
harlowja	okie dokie	20:49
harlowja	`Fix fallback.Unpacker.feed() dropped unused data from buffer (#287)` is one recent fix	20:49
harlowja	maybe that didn't fix it, lol	20:49
harlowja	and feed is used for this stuff in privsep	20:51
harlowja	(or maybe that fix isn't released, hard to tell	20:51
*** yamamoto has quit IRC		20:51
openstackgerrit	Adam Harwell proposed openstack/octavia master: Fix kvm-centos.7 gate https://review.openstack.org/550487	20:55
*** sshank has joined #openstack-lbaas		21:15
*** sshank has quit IRC		21:35
xgerman_	ok, so I changed our rwquirements to downgrade msgpack and it ignored me…	21:40
xgerman_	meeting time…	21:40
*** threestrands has joined #openstack-lbaas		21:47
*** yamamoto has joined #openstack-lbaas		21:47
*** gcheresh_ has quit IRC		21:51
*** yamamoto has quit IRC		21:53
*** yamamoto has joined #openstack-lbaas		21:53
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: Prevent awk matching itself when stopping Octavia https://review.openstack.org/551021	22:02
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: [WIP] Add grenade support https://review.openstack.org/549654	22:03
*** rcernin has joined #openstack-lbaas		22:25
imacdonn	rm_work: around ?	22:31
rm_work	yeah	22:34
*** rcernin_ has joined #openstack-lbaas		22:34
imacdonn	wanted to discuss the secret access thing with you a bit more ... not urgent if you're busy	22:35
rm_work	can in a moment	22:35
imacdonn	ok	22:35
rm_work	go ahead and start talking	22:35
imacdonn	:)	22:35
rm_work	i'll be able to read it soon	22:35
imacdonn	understood	22:35
*** rcernin_ has quit IRC		22:35
imacdonn	looking at https://review.openstack.org/#/c/550303/1..3/octavia/certificates/manager/barbican_legacy.py	22:35
imacdonn	and wondering if that covers all use-cases	22:36
*** rcernin_ has joined #openstack-lbaas		22:36
*** rcernin has quit IRC		22:36
imacdonn	when I was trying to get started with all of this (within the last couple of weeks), I was quite confused by a number of things, mostly due to docs that may be out of date (???)	22:36
rm_work	that's the only things in the container object	22:36
imacdonn	one of the things was how to put certs in barbican	22:36
imacdonn	there are docs which suggest making a PKCS#12, stuffing that into a barbican secret, then referencing that as a container for the listener	22:37
imacdonn	I couldn't get that to work	22:37
imacdonn	eventually figured out how to do it the barbican way, and octavia seemed to like it OK	22:37
*** rcernin_ has quit IRC		22:37
imacdonn	if I'm doing it the only right way now (i.e. create cert, key, intermediates, and maybe key passwd), plus a container with all of those	22:38
imacdonn	the docs need to be updated	22:38
imacdonn	otherwise, I'm not sure if the fix will work for the PKCS#12 case	22:38
imacdonn	example doc: https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html - look under "Deploy a TLS-terminated HTTPS load balancer"	22:39
rm_work	the pkcs12 thing is the "new" way	22:39
rm_work	it should work	22:39
rm_work	if it doesn't, i'm curious why not	22:39
rm_work	it worked in my testing and i believe johnsom also ran through tests for it	22:39
imacdonn	IIRC, the error I got was that the container had an invalid type of <blank>	22:39
imacdonn	something to that effect	22:39
rm_work	hmmm	22:40
*** rcernin has joined #openstack-lbaas		22:40
rm_work	well, i'm probably the right person to talk to, as i wrote all of the cert stuff	22:40
rm_work	but i'd need to see more	22:40
imacdonn	heh	22:40
imacdonn	so... if you do this (per the doc):	22:40
imacdonn	openssl pkcs12 -export -inkey server.key -in server.crt -certfile ca-chain.crt -passout pass: -out server.p12	22:40
imacdonn	openstack secret store --name='tls_secret1' -t 'application/octet-stream' -e 'base64' --payload="$(base64 < server.p12)"	22:40
imacdonn	...	22:40
imacdonn	openstack loadbalancer listener create --protocol-port 443 --protocol TERMINATED_HTTPS --name listener1 --default-tls-container=$(openstack secret list \| awk '/ tls_secret1 / {print $2}' lb1	22:40
imacdonn	you're telling it to use a secret, not a container... as the... container	22:41
imacdonn	I don't see how that could work	22:41
rm_work	it's fine	22:46
rm_work	it works	22:46
rm_work	because it first goes through the barbican NEW driver	22:47
rm_work	which tries to use it as a secret	22:47
rm_work	when that FAILS, it tries barbican legacy	22:47
imacdonn	hmm, ok... I guess I'll have to try that way again	22:47
rm_work	https://github.com/openstack/octavia/blob/master/octavia/certificates/manager/barbican.py#L112-L124	22:48
rm_work	i still need to make the change to the driver to automatically use the end-user's token and register the ACLs on the initial setup	22:49
rm_work	so we don't have to make the user figure that shit out (it's ... dumb)	22:50
imacdonn	yeah, that'd be nice to not have to deal with	22:50
imacdonn	openssl pkcs12 -export -inkey server.key -in server.crt -certfile ca-chain.crt -passout pass: -out server.p12	23:21
imacdonn	what is "pass:" supposed to be here ?	23:21
*** yamamoto_ has joined #openstack-lbaas		23:24
*** yamamoto has quit IRC		23:27
imacdonn	oh, never mind .. blank	23:28
*** threestrands_ has joined #openstack-lbaas		23:33
*** threestrands_ has quit IRC		23:33
*** threestrands_ has joined #openstack-lbaas		23:33
*** rcernin has quit IRC		23:35
*** rcernin has joined #openstack-lbaas		23:35
*** threestrands has quit IRC		23:36
*** yamamoto has joined #openstack-lbaas		23:38
*** yamamoto_ has quit IRC		23:41
*** fnaval has quit IRC		23:53
imacdonn	different error this time :/	23:55
imacdonn	2018-03-08 23:45:46.453 24634 ERROR octavia.controller.worker.controller_worker File "/usr/lib/python2.7/site-packages/octavia/certificates/common/pkcs12.py", line 35, in get_certificate	23:55
imacdonn	2018-03-08 23:45:46.453 24634 ERROR octavia.controller.worker.controller_worker return self.certificate.to_cryptography().public_bytes(	23:55
imacdonn	2018-03-08 23:45:46.453 24634 ERROR octavia.controller.worker.controller_worker AttributeError: 'X509' object has no attribute 'to_cryptography'	23:55
imacdonn	must've made the p12 wrong (?)	23:55
imacdonn	[imacdonn@home ~]$ openstack loadbalancer listener delete b1fe844e-076a-4948-9c35-a7239c0681f6	23:57
imacdonn	Load Balancer 8c99d487-d50f-462f-8312-f95fca8bbd20 is immutable and cannot be updated. (HTTP 409) (Request-ID: req-5eae3ba6-5dec-4c48-8d0a-112a364f8998)	23:57
imacdonn	w00t	23:57

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!