Tuesday, 2018-03-20

*** yamamoto has quit IRC00:26
*** yamamoto has joined #openstack-lbaas00:28
*** yamamoto has quit IRC00:28
*** openstackgerrit has joined #openstack-lbaas00:36
openstackgerritMichael Johnson proposed openstack/neutron-lbaas master: Gate API test for the lbaasv2-proxy plugin  https://review.openstack.org/53935000:36
johnsomAny arguments with deleting this test?00:39
johnsomCreating a health monitor with a project_id different than the rest of the LB.00:40
*** yamamoto has joined #openstack-lbaas01:07
*** fnaval has joined #openstack-lbaas01:22
*** yamamoto has quit IRC01:27
*** jaff_cheng has joined #openstack-lbaas01:55
*** dayou has quit IRC01:56
*** annp has joined #openstack-lbaas01:56
*** links has joined #openstack-lbaas02:40
*** yamamoto has joined #openstack-lbaas03:52
xgerman_johnsom: they said they would send that. We really need to get Octavia into more hands…03:53
*** yamamoto has quit IRC04:01
*** yamamoto has joined #openstack-lbaas04:04
*** Bar__ has joined #openstack-lbaas04:06
Bar__hey, I'm not entirely sure how to approach the requirements issue: https://review.openstack.org/#/c/531257/04:07
*** yamamoto has quit IRC04:08
*** yamamoto has joined #openstack-lbaas04:09
*** yamamoto has quit IRC04:14
*** yamamoto has joined #openstack-lbaas04:16
*** Bar__ has quit IRC04:27
*** yamamoto has quit IRC04:27
*** yamamoto has joined #openstack-lbaas04:28
*** jaff_cheng has quit IRC04:33
*** jaff_cheng has joined #openstack-lbaas04:33
openstackgerritMerged openstack/octavia master: Periodic job to build + publish diskimage  https://review.openstack.org/54925904:34
*** yamamoto has quit IRC04:43
*** yamamoto has joined #openstack-lbaas04:46
*** chenghang has joined #openstack-lbaas04:56
*** jaff_cheng has quit IRC04:57
*** imacdonn has quit IRC05:14
*** imacdonn has joined #openstack-lbaas05:14
openstackgerritJacky Hu proposed openstack/octavia-dashboard master: Align model with v2 api  https://review.openstack.org/55419805:42
openstackgerritJacky Hu proposed openstack/octavia-dashboard master: Being able to change insert headers of listener  https://review.openstack.org/54999905:43
openstackgerritMichael Johnson proposed openstack/octavia master: Neutron-LBaaS to Octavia migration tool  https://review.openstack.org/55442006:13
johnsomBar__ Commented on your patch06:20
*** Jack_Iv has joined #openstack-lbaas06:22
*** Jack_Iv has quit IRC06:26
*** kobis has joined #openstack-lbaas06:36
*** dayou has joined #openstack-lbaas06:48
*** kobis has quit IRC06:57
*** kobis has joined #openstack-lbaas06:57
*** kobis has quit IRC06:59
*** rcernin has quit IRC07:23
*** rcernin has joined #openstack-lbaas07:24
*** rcernin has quit IRC07:24
*** chenghang has quit IRC07:25
*** jaff_cheng has joined #openstack-lbaas07:26
*** ivve has joined #openstack-lbaas07:31
*** pcaruana has joined #openstack-lbaas07:34
*** tesseract has joined #openstack-lbaas08:00
*** AlexeyAbashkin has joined #openstack-lbaas08:04
openstackgerritMerged openstack/neutron-lbaas-dashboard master: Adds some notes on running both dashboards  https://review.openstack.org/54458908:19
openstackgerritMichal Kelner Mishali proposed openstack/neutron-lbaas master: DNM: check support for neutron ext from master  https://review.openstack.org/55445208:25
*** kobis has joined #openstack-lbaas08:26
*** redondo-mk has quit IRC08:30
*** redondo-mk has joined #openstack-lbaas08:31
openstackgerritNguyen Hai proposed openstack/python-octaviaclient master: Minor changes in docs  https://review.openstack.org/55446709:07
*** vegarl has quit IRC09:14
*** vegarl has joined #openstack-lbaas09:14
rm_workjohnsom: that thread honestly seems more positive than negative, and i think besides maybe making a few things seem a bit scarier or more broken than they are with Octavia (which was reconciled in a followup, hopefully people read them) it was kinda just a call for people to freaking deploy this project09:31
rm_workjohnsom: ah also, https://review.openstack.org/#/c/554420/ is one of the things i was thinking of looking at -- do you want help in any way or rather just power through it?09:40
*** yamamoto has quit IRC10:04
*** yamamoto has joined #openstack-lbaas10:09
*** salmankhan has joined #openstack-lbaas10:13
*** yamamoto has quit IRC10:14
*** jaff_cheng has quit IRC10:46
*** rcernin has joined #openstack-lbaas11:02
*** rcernin has quit IRC11:06
*** yamamoto has joined #openstack-lbaas11:10
*** yamamoto has quit IRC11:12
*** yamamoto has joined #openstack-lbaas11:12
*** annp has quit IRC11:15
*** pcaruana has quit IRC11:23
*** dayou has quit IRC11:25
*** salmankhan1 has joined #openstack-lbaas11:32
*** salmankhan has quit IRC11:32
*** salmankhan1 is now known as salmankhan11:32
*** yamamoto has quit IRC11:40
*** yamamoto has joined #openstack-lbaas11:41
*** dayou has joined #openstack-lbaas11:47
*** pcaruana has joined #openstack-lbaas11:55
*** atoth has joined #openstack-lbaas12:20
*** openstackgerrit has quit IRC12:33
*** AlexeyAbashkin has quit IRC12:48
*** kobis has quit IRC12:54
*** AlexeyAbashkin has joined #openstack-lbaas13:10
rm_workxgerman_: confirmed the upgrade works fine on the backup members thing13:13
*** voelzmo has joined #openstack-lbaas13:40
*** voelzmo has quit IRC13:41
*** voelzmo has joined #openstack-lbaas13:42
*** salmankhan has quit IRC13:48
*** fnaval has quit IRC13:48
*** links has quit IRC13:51
*** dmellado has quit IRC13:55
rm_worktested the member backup thing in devstack, seems to work as expected and upgrade seems fine13:56
*** voelzmo has quit IRC14:01
*** voelzmo has joined #openstack-lbaas14:04
*** salmankhan has joined #openstack-lbaas14:04
*** fnaval has joined #openstack-lbaas14:06
*** kobis has joined #openstack-lbaas14:07
*** voelzmo has quit IRC14:08
*** yamamoto_ has joined #openstack-lbaas14:12
*** yamamoto has quit IRC14:12
*** pcaruana has quit IRC14:21
*** toker_ has joined #openstack-lbaas14:26
*** salmankhan has quit IRC14:27
toker_Hi guys, when creating loadbalancer members trhough terraform I see the following in my logs,14:28
toker_2018-03-20 14:17:03.821 1 INFO octavia.api.v1.controllers.member [req-35707af3-6ff7-4f35-9f57-7bc5cb5cdb1c 5fc177cdfe7340399332ece2c09cd11c aff54c4fc2024c2c938def4effbba20e - default default] Member cannot be created or modified because the Load Balancer is in an immutable state14:28
*** pcaruana has joined #openstack-lbaas14:28
toker_[3:21 PM] Patrik Martinsson:     2018-03-20 14:17:03.826 1 DEBUG wsme.api [req-35707af3-6ff7-4f35-9f57-7bc5cb5cdb1c 5fc177cdfe7340399332ece2c09cd11c aff54c4fc2024c2c938def4effbba20e - default default] Client-side error: Load Balancer a95fbd62-4611-49c6-bee2-594122e002e8 is immutable and cannot be updated. format_exception /usr/lib/python2.7/site-packages/wsme/api.py:22214:28
toker_Which results in that only a few of my backends gets added to my pool.14:28
toker_Is this something anyone recognises ? https://openstack.nimeyo.com/117375/openstack-operators-octavia-heat-octavia-deployment-with <- This seems to be the same issue, but with HEAT-deployment instead...14:29
*** voelzmo has joined #openstack-lbaas14:32
*** voelzmo has quit IRC14:37
johnsomtoker_ Hi. The heat issue is due to problems in neutron. It looks like you are also using neutron-lbaas which has known problems, especially when used with tools like terraform.  These are all resolved and not an issue if you use Octavia without neutron-lbaas.  Have you considered running it that way?14:38
toker_johnsom: ah cool! Yes, well the reason I'm using neutron is because I'm on OSP 12... And they only had experimental support for octavia (through neutron).. I'm not sure how easy it would be to run without neutron ?14:40
johnsomtoker_ Ah, yeah, they will have it fully available in OSP 13. cgoncalves Any advice here?14:41
toker_Yea, we are kinda waiting for that OSP 13 release. But yes, if there were an "easy" (or actually any way I guess) that we could skip neutron and go directly via Octavia API that would be great.14:42
toker_I mean, we got everything working through Neutron at this point. How hard is it to "skip neutron and talk to Octavia API directly" ?14:44
johnsomThere is certainly a way, I was hoping our friends working on OSP were around to give advice. I’m not sure which version of Octavia 12 includes.14:45
johnsomWell, from a high level it is a setting change and using a different endpoint if you have Octavia Pike or newer, but with the packaged stuff it might be a bit more involved14:46
* cgoncalves reads14:46
johnsomWe have other folks using terraform directly to Octavia14:47
*** voelzmo has joined #openstack-lbaas14:47
johnsomBecause of these problems in neutron-lbaas14:47
toker_Using OSP 12 ?14:47
johnsomNo, the ones I know of personally are not deploying with OSP14:49
*** fnaval has quit IRC14:49
*** fnaval has joined #openstack-lbaas14:49
cgoncalvestoker_: OSP12 does not support Octavia as you rightfully said it. Octavia is deployable now in OSP13 and targeting full support14:50
toker_Ok, well we are still "testing" OSP and hacking around in it quite much anyway, so.14:50
cgoncalvesyou could install Octavia packages from OSP12 channels but they're not supported14:51
toker_cgoncalves: well the installation is already there14:51
toker_I have it working..14:51
toker_But through neutron14:51
toker_I want to expose Octavia API directly from the controller(S)14:51
cgoncalvestoker_: ok, you should be able to do that with the provided Octavia packages in OSP1214:53
*** dmellado has joined #openstack-lbaas14:54
toker_Hm, well the the config I have today for the octavia-api only binds on the internal_api network. How do make it publicly available? I tried changing the bind_add in the octavia.conf under [DEFAULT] but that didn't work (I'm not sure that's they way to do it).14:54
toker_Should octavia-api be exposed through apache ? Or is it just a daemon that listens on a port ?14:55
*** dmellado has quit IRC14:56
cgoncalvestoker_: https://github.com/openstack/puppet-octavia/blob/master/manifests/api.pp14:58
cgoncalvestoker_: I can't find any reference to "bind_add" parameter in octavia code15:00
johnsombind address15:00
toker_Hm, but that only defines the port 9876 (internal_api), what makes it listen on 13876 ?15:00
toker_It suppose listen on multiple ports no ?15:00
*** dmellado has joined #openstack-lbaas15:01
rm_workno, it only has one address15:01
rm_workyou just need to add the service entry to keystone, and enable v2 api, and disable v1 api15:01
rm_workand probably also you will want to disable the event-streamer stuff on the octavia side15:02
rm_workand uninstall neutron-lbaas15:02
rm_worki can find links to examples of most of that15:02
*** voelzmo has quit IRC15:02
rm_worklet me see...15:02
*** voelzmo has joined #openstack-lbaas15:03
rm_workyou'll want v1 False, v2 True15:03
toker_Hm, if I do, openstack catalog show octavia, I see 'public: https://cloud:13876'. But I cant find anything listening on that port, thats why I get confused15:03
rm_workyou'll want that set back to the default of "noop_event_streamer"15:03
rm_workhmm that is weird15:03
rm_workmust be some OSP thing15:03
rm_workyou can probably ignore that15:03
*** dmellado has quit IRC15:04
rm_workand just remove that entry, and add one like this:15:04
rm_worktype: load-balancer, name: octavia, endpoints: https://wherever:987615:04
toker_Hm I see..15:05
*** dmellado has joined #openstack-lbaas15:05
toker_But the enpoint address should be the one I bind octavia to, right ?15:07
toker_I see15:07
rm_workwhich by default would be :987615:07
rm_workthere is not really an internal/external15:07
toker_okok, let me see15:08
rm_workwe just expose one api15:08
rm_workit is the same for admin/public/internal15:08
rm_workbut make sure to disable api_v115:08
rm_workit is insecure15:08
rm_workthat is how neutron-lbaas communicates with octavia (no auth)15:08
rm_workalso make sure it is set to keystone here for auth: https://github.com/openstack/octavia/blob/master/etc/octavia.conf#L2515:09
rm_workcgoncalves: know what would be cool? a script to convert an OSP12 install from n-lbaas+octavia to pure octavia ;)15:09
cgoncalvesrm_work: won't happen although... https://review.openstack.org/#/c/554420/15:10
*** salmankhan has joined #openstack-lbaas15:10
toker_hehe well, to get octavia working in osp 12, there was a lot of manual configuration, and I'm not sure many customer using it..15:10
cgoncalvesyeah, now imagine in a containerized overcloud15:11
toker_... our is containerized ><15:12
*** dmellado has quit IRC15:16
toker_Hm, binding in on the port that is exposed as "loadbalancer", results in the following error "Max retries exceeded with url: /v2.0/lbaas/loadbalancers (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_record', 'wrong version number')],)",),))"15:20
toker_Seems a bit fishy ...15:20
rm_workso if you are containerized, i wonder if octavia is exposing :9876 inside the container but outside it's something else, maybe even with something in front of it doing SSL?15:21
toker_Hm, good points.15:22
rm_workyou said it had another port listed before15:22
rm_worki wonder if that is the external port number15:22
rm_workmaybe an OSP specific thing15:22
*** salmankhan has quit IRC15:23
*** salmankhan has joined #openstack-lbaas15:23
toker_LISTEN     0      5      <ip>:13876                     *:*                   users:(("octavia-api",pid=849234,fd=4))15:25
toker_so it seems to me like octavia-api is binding to the right port15:25
rm_workthen yeah, use that port instead15:25
rm_workmust be OSP's ssl proxy in front of octavia's api15:26
rm_workthe way they expose it15:26
toker_well, I can put 9876 there as well, restart it, and 'ss' shows that ports.15:26
toker_Hm, I'm not really sure how ssl is terminated15:26
*** yamamoto_ has quit IRC15:27
rm_workdoesn't matter much, though i'd recommend using the standard port number just for ease of reference later15:30
toker_yes absolutely, I agee.15:31
toker_Still confused about that ssl-error though.15:31
toker_Running it in debug mode from cli, this is what shows up15:41
toker_192.168.225.64 - - [20/Mar/2018 15:40:26] code 400, message Bad request syntax ("\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\xe1\xd2\x9cy\xa4u\xec?\xfa\xa1\xeb\xc7z\x98[\x11\xcaV\xde\xd7d\x8a\xcc\xa9B\x8c\xe6H\x8c\xf7\xb3\x84\x00\x00\x86\xc0,\xc00\xcc\xa9\xcc\xa8\xc0\xaf\xc0\xad\xc0+\xc0/\xc0\xae\xc0\xac\xc0$\xc0(\xc0s\xc0w\xc0#\xc0'\xc0r\xc0v\xc0")15:41
toker_192.168.225.64 - - [20/Mar/2018 15:40:26] "��Ҝy�u�?����z�[�V��d�̩B��H������,�0̨̩�����+�/�����$�(�s�w�#�'�r�v�" 400 -15:42
toker_I think its its the firewall. We have a firewall, that should be "smart" and let through 'tls' traffic. In this case, I guess it fails. It starts by letting it through, and then determines that it probably wasn't 'tls' and closes the connection. Running curl on the same instance where octavia is running works.15:46
johnsomtoker_ openssl s_client -connect <ip>:<port> should dump some certificate data to help you see what is listening there15:47
toker_johnsom: yhanks, yeah, I think I got it.15:48
rm_workmy guess is that it's just the octavia endpoint on HTTP not HTTPS15:57
rm_workand that you should change the endpoint to http:// or else put something in that container that can expose it via SSL15:58
*** kobis has quit IRC16:00
*** kobis has joined #openstack-lbaas16:01
*** kobis has quit IRC16:05
*** salmankhan has quit IRC16:06
*** salmankhan has joined #openstack-lbaas16:07
xgerman_johnsom: any way to see if a —cascade on an LB succeeded16:08
toker_rm_work: you're right. It is not exposed through https.16:08
xgerman_not one of our design goals but you know those users don’t trust us with their deletes16:08
toker_Thats why I was wondering before how you expose the octavia api16:08
rm_workif the LB is gone? lol16:09
xgerman_rm_work: we report 404 right away16:09
toker_So if you want it behind https, you proxy it through apache for example ?16:09
rm_workxgerman_: no?16:09
xgerman_yep, my assessment as well16:09
rm_workPENDING_DELETE LBs will not return 40416:09
rm_workif they do a show on the LB it will return as PENDING_DELETE16:09
rm_workif it goes away, then the delete worked :P16:10
xgerman_ok, they claim pools, etc. are still visible but LB is 40416:10
xgerman_time to dive into the delete code16:10
toker_cgoncalves: how do plan to expose octavia api behind https in OSP 13 ?16:11
johnsomI am lost on this thread16:11
rm_workI don't think that's possible16:11
rm_workxgerman_: the flows for it wouldn't allow that16:11
johnsomxgerman_ What is your reference?  I know we have a disconnect with octavia returning "DELETED" records when other services return 40416:11
johnsomI proposed a change for that: https://review.openstack.org/#/c/545493/ but we need to dig into it a bit.16:12
xgerman_no, they say pools are still around but LB shows deleted. We run a linear flow nut the pool step is an unordered flow…16:15
xgerman_so I would assume it wold wait for the pools to be deleted before moving on16:15
*** voelzmo has quit IRC16:17
rm_workit's an unordered flow *inside* a linear flow16:21
rm_workso the whole unordered flow finishes first16:21
rm_workthen it moves on16:21
rm_workwhat they're saying is impossible16:21
rm_workso my guess is they are misunderstanding or mistaking something16:22
johnsomYeah, I'm not sure the DB relation would even allow a pool without an LB....16:22
rm_worktechnically the LB is there16:23
rm_workso it's ok16:23
rm_workjust "DELETED"16:23
johnsomAh, yes, true16:23
xgerman_yeah, I am a bit puzzled, too16:25
xgerman_unless task flow somehow doesn’t wait for the unordered flows to finish16:26
rm_workthe flows just won't let it happen16:26
rm_workthe LB can't go to DELETED unless the pools are gone16:26
rm_worki mean, that's taskflow's *one job*16:26
johnsomxgerman_ Well if someone kill -9 it DURING the flow....16:26
rm_workjohnsom: it'd be stuck in PENDING_DELETE16:27
rm_worknot DELETED16:27
rm_workthere *is no way* for it to get to DELETED and have the pools not be DELETED too16:27
rm_workI require proof. pics or it didn't happen16:27
johnsomlol, I have to agree16:27
xgerman_my delete was awfully fast but…16:27
rm_worksomeone somewhere is mistaken16:27
johnsomThey aren't looking via neutron are they? now strange junk like that will happen in neutron, but not octavia16:28
*** yamamoto has joined #openstack-lbaas16:28
rm_workyeah neutron, who knows16:28
xgerman_no, they have a new spiffy prurge script in golang which is highly parallel16:28
xgerman_and using gophercloud16:28
johnsomYeah, so would break horribly if neutron-lbaas is in the mix, but will work fine with octavia16:29
xgerman_we got rid of neutron-lbaas together16:30
*** salmankhan has quit IRC16:32
rm_workthen yeah it should still be fine16:32
*** yamamoto has quit IRC16:34
*** salmankhan has joined #openstack-lbaas16:37
*** sshank has joined #openstack-lbaas16:40
*** salmankhan has quit IRC16:53
*** AlexeyAbashkin has quit IRC16:53
*** kobis has joined #openstack-lbaas17:02
toker_thanks for all the help guys, as a POC I just put nginx infront of octavia to expose it through tls. works flawless !17:04
*** salmankhan has joined #openstack-lbaas17:11
*** kobis has quit IRC17:14
rm_workwait... https://review.openstack.org/#/c/518455/ implies that SNI is broken right now in n-lbaas? and maybe in Queens?17:14
toker_2018-03-20 17:16:30.510 1 DEBUG wsme.api [req-1c2d011b-1600-4288-8b4b-c2c3d0bd64b8 66c0a56ab4c9fe86633bb2637c611db1b374fd02f355e6d7896b81d463fa3b0d 3c82c9bca0604a46b1eae338de6fd44b - 93f57ee0547f4c90a3680ee70f827f2e 93f57ee0547f4c90a3680ee70f827f2e] Client-side error: Policy does not allow this request to be performed. format_exception /usr/lib/python2.7/site-packages/wsme/api.py:222 :(17:17
toker_I guess I jumped the gun.. :(17:17
toker_Hm, I don't seem to get to use Octavia api as a member...17:18
toker_When I was admin it worked...17:18
johnsomtoker_ https://github.com/openstack/octavia/tree/master/etc/policy17:21
johnsomtoker_ Octavia uses the new RBAC policy scheme by default (like nova), but you can drop that copy that policy file over to /etc/octavia/policy.json to put it back to the old way where you don't need to be a "load-balancer member".17:22
toker_Oh, I thought I read somewhere about that. Thanks for the pointer!17:22
*** salmankhan has quit IRC17:23
toker_If I now use the Octavia endpoint directly. Is there anything I need to disable / remove from neutron to not make it "confused" ? I mean as long as I use the correct endpoint neutron-lbaas shouldn't care right ?17:26
*** salmankhan has joined #openstack-lbaas17:27
rm_worki would disable neutron-lbaas entirely17:27
rm_workyou really do not want both running17:27
rm_workor rather, to be communicating with both at the same tim17:28
toker_Hm, I have no processes named anything like *lbaas*17:28
rm_workit'd be in the neutron container? I think?17:29
rm_workit just runs as part of neutron, it isn't a process17:29
rm_workyou need to edit the neutron configuration and disable the lbaas plugin17:30
toker_'/etc/neutron/neutron_lbaas.conf' <- I have this file though17:30
rm_workyeah but not that17:30
*** yamamoto has joined #openstack-lbaas17:30
rm_workshould be /etc/neutron/neutron.conf i think17:30
toker_service_provider=LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default <- and that line17:30
toker_in neutron.conf17:30
rm_workhmmmm yeah there should be more17:31
rm_workjohnsom: how does neutron decide to load the lbaas extension?17:31
toker_service_plugins=qos,router,trunk,lbaasv2 <- this line ?17:31
johnsomThey run inside neutron process17:31
rm_workthere it is17:31
johnsomyes that line17:31
rm_workget rid of lbaasv217:31
rm_workand restart neutron api17:31
toker_ok, but the service provider line is fine ? and neutron_lbaas.conf I dont touch17:32
rm_worknone of that matters if the plugin isn't loaded17:32
rm_workyou can remove the entire neutron_lbaas.conf17:32
rm_workit won't be loaded17:32
toker_Ok I see, and how about the service_provider line ? what does that do ?17:32
rm_worki'm surprised that's in neutron.conf? prolly it can do too17:33
rm_work*it can go too17:33
toker_Oh! No I remember now.. I put it there...17:33
toker_didnt see any reason for it being in neutron_lbaas17:33
rm_workit's very specific to neutron-lbaas, lol17:33
toker_I'm a very confused man.. Especially when it comes to Openstack17:33
*** yamamoto has quit IRC17:36
*** kobis has joined #openstack-lbaas17:41
*** kobis has quit IRC17:42
toker_Hm, ran into this now "* openstack_lb_loadbalancer_v2.lb: openstack_lb_loadbalancer_v2.lb: Resource not found" when trying to create loadbalancer through terraform... "openstack loadbalancer list" however shows my loadbalancer as ACTIVE17:47
toker_God dammit so close17:49
*** kobis has joined #openstack-lbaas17:49
*** kobis has quit IRC17:50
*** kobis has joined #openstack-lbaas17:51
rm_workhmmm yeah terraform may be trying to do the wrong thing17:54
rm_worklike, it may be looking for the neutron endpoint and not the load-balancer endpoint17:54
rm_worki don't know much about how terraform works but IIRC it was written against neutron-lbaas17:54
rm_workwhich is the same API but it may be looking in the wrong place17:54
rm_workprobably you want to do an L7 redirect17:55
toker_well its weird, I've set the variable   use_octavia = "true" which should solve it as I understand it17:55
rm_workah hmmm17:55
toker_operating_status    | OFFLINE  <- this however is on my loadbalancer17:55
toker_Should it say offline ?17:55
rm_workit depends17:56
rm_workdo you have members?17:56
toker_havent added anything yet17:56
rm_workthen yes it should say OFFLINE :)17:56
toker_I'll try to add members manually17:56
toker_and then I debug terraform more17:56
*** openstackgerrit has joined #openstack-lbaas17:58
openstackgerritMichael Johnson proposed openstack/neutron-lbaas master: Fix proxy extension for neutron RBAC  https://review.openstack.org/55400417:59
openstackgerritMichael Johnson proposed openstack/neutron-lbaas master: Gate API test for the lbaasv2-proxy plugin  https://review.openstack.org/53935018:01
toker_hm, my "loadbalancer" menu dissapeared from horizon after removing lbaasv2 from neutron... was that expected ?18:13
rm_workyou'll need to switch which plugin you use in horizon18:13
*** AlexeyAbashkin has joined #openstack-lbaas18:14
rm_workfrom the neutron-lbaas-dashboard to octavia-dashboard18:14
*** AlexeyAbashkin has quit IRC18:14
toker_oh do I need to install octavia-dashboard somehow then ? I only have neutron-lbaas-dashboard now I guess.18:15
*** AlexeyAbashkin has joined #openstack-lbaas18:15
toker_ok ok18:16
*** harlowja has joined #openstack-lbaas18:23
toker_hm, ok so i have my loadbalancer, i added a listener, i added a pool, i added a member to that pool. but operating status says 'OFFLINE'...18:27
toker_*however* curling the loadbalancers vip and my backend is answering18:28
toker_Up 49 minutes (unhealthy)                       octavia_health_manager <- this doesnt seem good thoug18:28
toker_2018-03-20 18:28:58.760 20 DEBUG octavia.controller.healthmanager.health_manager [-] Starting amphora health check health_check /usr/lib/python2.7/site-packages/octavia/controller/healthmanager/health_manager.py:45 <- this is the only message I get from the healthmanager18:29
toker_Is it suppose to work that way ?18:29
rm_workyou need a healthmonitor18:29
rm_workyeah pretty much that's it18:29
rm_workuntil stuff happens18:29
toker_oh wait, you mean i need to add an healthmonitor to my lb to get it in state "ONLINE" ?18:30
*** kobis has quit IRC18:31
*** yamamoto has joined #openstack-lbaas18:32
rm_workuntil then, the pool will be in NO_MONITOR state I believe, and the LB itself will be "OFFLINE"18:36
rm_workor is it only the members in NO_MONITOR18:36
rm_workanyway, yes, you need a healthmonitor on the pool to get to ONLINE18:37
toker_Hm, I added an health-check..I can see that it asks my webserver and gets the response correctly... still says offline though :/18:37
rm_workgive it like 30s?18:37
*** yamamoto has quit IRC18:37
toker_Hm, no go. I added it a couple of minutes ago, healtmonitor says operating_status    | ONLINE    though...18:38
toker_wonder why the loadbalancer itself considering it being offline.18:39
toker_afaik it works18:39
rm_workthe members each still say OFFLINE tho?18:40
toker_theres the output from the loadbalancer, let me check the members18:40
*** sshank has quit IRC18:41
openstackgerritMerged openstack/neutron-lbaas master: Add a compatible check before creating pool  https://review.openstack.org/49235718:41
toker_oh wait, the member says "no monitor"18:41
rm_workyou sure you created a healthmonitor?18:42
toker_openstack loadbalancer healthmonitor create --expected-codes 200 --type HTTP --delay 2 --timeout 2 --max-retries 2  5dbf12eb-8c89-4e44-b3af-8064204cfc2218:42
toker_thats what I did18:42
rm_workwhat's a show for the pool look like?18:42
rm_workhmm yeah so the HM is listed there18:44
*** AlexeyAbashkin has quit IRC18:44
rm_workbut then when you do a member list with the pool id18:45
rm_workwhat does that show?18:45
toker_let me do this again, i'm sure i've failed somewhere on the way. starting to get really tired now, been working for ages. gimme a minute18:48
rm_workeh, it does show the HM there18:48
rm_workso I'm not sure why it isn't getting the results18:48
rm_workunless your o-hm isn't getting packets18:48
rm_workcan you connect to the octavia DB?18:49
rm_workor actually...18:49
toker_im not sure the octavia-healthmonitor is working as expected18:49
toker_I have no way of telling18:49
rm_worki just need to know what's in the amphora_health table18:49
rm_workif it's empty... then that's the problem18:49
rm_workthat is how you know if it's working18:49
rm_workthere will be one entry in the amphora_health table for each amphora18:49
rm_workif the table is empty, then o-hm isn't getting packets18:50
toker_select * from amphora_health; Empty set (0.00 sec)18:50
rm_workyou should be able to do `SELECT * from amphora_health ORDER BY last_update` and watch stuff being updated18:51
rm_workerg yeah ok18:51
rm_workso, it must not be getting health packets18:51
rm_workin the octavia config, what does it have for https://github.com/openstack/octavia/blob/master/etc/octavia.conf#L6118:51
toker_its not set :/18:52
rm_workhmmm yeah18:52
toker_only heartbeat-key and event_streamer is set under health-manager...18:53
rm_workso you need to have the IPs of your o-hm machines set18:53
toker_ok so I need to get that part working18:53
toker_I think I understand18:53
rm_workand you need to recreate any amphora18:53
rm_workthere's no way to update existing ones18:53
toker_But I have ssh to them18:53
toker_But yea I hear you18:53
rm_workthen ... yes technically18:53
rm_workyou could update the config there and restart the agent18:53
toker_I hear you18:54
rm_workif you want :P18:54
toker_thanks for all the great support!18:54
rm_workalso you will need a heartbet_key set18:54
rm_workand make sure event_streamer_driver is noop_event_streamer18:54
rm_workand sync_provisioning_status = False18:54
*** AlexeyAbashkin has joined #openstack-lbaas19:03
*** salmankhan has quit IRC19:04
*** kobis has joined #openstack-lbaas19:08
*** kobis has quit IRC19:12
*** yamamoto has joined #openstack-lbaas19:34
*** yamamoto has quit IRC19:39
*** AlexeyAbashkin has quit IRC19:51
*** tesseract has quit IRC19:56
*** kobis has joined #openstack-lbaas19:59
*** sshank has joined #openstack-lbaas20:03
*** sshank has quit IRC20:16
*** openstackgerrit has quit IRC20:33
*** yamamoto has joined #openstack-lbaas20:35
*** yamamoto has quit IRC20:41
*** openstackgerrit has joined #openstack-lbaas20:42
openstackgerritGerman Eichberger proposed openstack/neutron-lbaas master: Fix proxy extension for neutron RBAC  https://review.openstack.org/55400420:42
*** kobis has quit IRC20:43
*** kobis has joined #openstack-lbaas20:44
*** kobis has quit IRC20:44
*** kobis has joined #openstack-lbaas20:44
*** kobis has quit IRC20:45
*** kobis has joined #openstack-lbaas20:45
*** salmankhan has joined #openstack-lbaas20:45
*** kobis has quit IRC20:46
*** kobis has joined #openstack-lbaas20:46
*** kobis has quit IRC20:47
*** kobis has joined #openstack-lbaas20:47
*** kobis has quit IRC20:47
*** kobis has joined #openstack-lbaas20:48
*** kobis has quit IRC20:48
openstackgerritMichael Johnson proposed openstack/octavia master: Don't failover amphora with LB in PENDING_*  https://review.openstack.org/55469420:51
johnsomrm_work I had a note from you on that ^^^ so wrote it up20:53
rm_worktrying to remember20:54
rm_workoh right20:54
johnsomIt's in your "special" (Think SNL) patch20:55
*** dmellado has joined #openstack-lbaas20:56
rm_worki kept meaning to do that20:57
*** dmellado has quit IRC20:58
*** dmellado has joined #openstack-lbaas21:02
*** sshank has joined #openstack-lbaas21:07
*** dmellado has quit IRC21:08
*** dmellado has joined #openstack-lbaas21:12
*** dmellado has quit IRC21:13
*** dmellado has joined #openstack-lbaas21:15
*** salmankhan has quit IRC21:15
*** sshank has quit IRC21:17
*** AlexeyAbashkin has joined #openstack-lbaas21:19
*** AlexeyAbashkin has quit IRC21:23
*** dmellado has quit IRC21:32
*** yamamoto has joined #openstack-lbaas21:37
*** yamamoto has quit IRC21:43
*** salmankhan has joined #openstack-lbaas22:02
*** dmellado has joined #openstack-lbaas22:04
*** rcernin has joined #openstack-lbaas22:13
*** AlexeyAbashkin has joined #openstack-lbaas22:19
*** AlexeyAbashkin has quit IRC22:23
*** ianychoi__ is now known as ianychoi22:32
*** yamamoto has joined #openstack-lbaas22:39
*** sshank has joined #openstack-lbaas22:43
*** yamamoto has quit IRC22:45
*** harlowja has quit IRC22:57
*** fnaval has quit IRC23:02
*** fnaval has joined #openstack-lbaas23:08
*** fnaval has quit IRC23:09
*** fnaval has joined #openstack-lbaas23:09
openstackgerritGerman Eichberger proposed openstack/neutron-lbaas master: Fix proxy extension for neutron RBAC  https://review.openstack.org/55400423:13
*** AlexeyAbashkin has joined #openstack-lbaas23:19
*** AlexeyAbashkin has quit IRC23:23
*** salmankhan1 has joined #openstack-lbaas23:31
*** salmankhan has quit IRC23:33
*** salmankhan1 is now known as salmankhan23:33
*** yamamoto has joined #openstack-lbaas23:41
*** yamamoto has quit IRC23:46
*** harlowja has joined #openstack-lbaas23:49
*** salmankhan has quit IRC23:58

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!