| *** rcernin has joined #openstack-lbaas | 00:03 | |
| rm_work | I ... can't believe we're going to have UDP load balancing | 00:14 |
|---|---|---|
| rm_work | where's dougwig and sbalukoff_, we all need to go out for drinks | 00:14 |
| openstackgerrit | Merged openstack/python-octaviaclient master: LB support UDP - Client part https://review.openstack.org/539390 | 00:25 |
| bzhao__ | johnsom: Thanks, Micheal. Let me fight for UDP LB then till 8.1 | 00:26 |
| johnsom | bzhao__ We are going to fight to get it in | 00:29 |
| bzhao__ | johnsom: Thanks, :). I might need to do the features in parallel for port_forwarding in neutron side. But don't worry, I had prepared the enough tea. :) | 00:31 |
| *** yamamoto has quit IRC | 00:39 | |
| *** longkb has joined #openstack-lbaas | 00:40 | |
| *** JudeC_ has quit IRC | 00:42 | |
| *** JudeC__ has joined #openstack-lbaas | 00:42 | |
| *** JudeC__ has quit IRC | 01:02 | |
| *** yamamoto has joined #openstack-lbaas | 01:03 | |
| *** annp has quit IRC | 01:13 | |
| *** annp has joined #openstack-lbaas | 01:14 | |
| *** hongbin has joined #openstack-lbaas | 01:16 | |
| *** yamamoto has quit IRC | 01:22 | |
| *** yamamoto has joined #openstack-lbaas | 01:50 | |
| openstackgerrit | ZhaoBo proposed openstack/octavia master: UDP jinja template https://review.openstack.org/525420 | 01:54 |
| openstackgerrit | Merged openstack/octavia master: Add baseline object in the drivers update callbacks https://review.openstack.org/572303 | 02:20 |
| *** yamamoto has quit IRC | 02:26 | |
| *** sapd has joined #openstack-lbaas | 02:28 | |
| bzhao__ | johnsom: Hi, maybe I will change the task of the UDP story for fit the post patch, may I do that? :) I'm afraid that our team and you won't like change the task personally. | 02:33 |
| johnsom | bzhao__ I'm sorry, I do not understand the question | 02:34 |
| openstackgerrit | Merged openstack/octavia-tempest-plugin master: Re-enable KVM https://review.openstack.org/579216 | 02:36 |
| bzhao__ | johnsom: That is, the udp storyboard, https://storyboard.openstack.org/#!/story/1657091 . I add some taskes for match the real patch do. Is that OK? | 02:36 |
| johnsom | Yes, it is ok to add more tasks. We don't need to have all of the tasks complete to merge either. Just the main feature part. For example, we still have a few weeks to do the API reference task and we can add UDP session persistence to the client later. | 02:38 |
| *** yamamoto has joined #openstack-lbaas | 02:39 | |
| bzhao__ | johnsom: OK, thanks, Michael. It's clear. ;-) | 02:39 |
| *** openstack has joined #openstack-lbaas | 02:51 | |
| *** ChanServ sets mode: +o openstack | 02:51 | |
| *** hongbin has quit IRC | 02:56 | |
| *** yamamoto has quit IRC | 03:07 | |
| *** yamamoto has joined #openstack-lbaas | 03:13 | |
| *** ramishra has joined #openstack-lbaas | 03:15 | |
| *** phuoc has quit IRC | 03:41 | |
| *** sanfern has joined #openstack-lbaas | 03:58 | |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Automatically set Barbican ACLs https://review.openstack.org/552549 | 04:02 |
| *** eanderson_ has joined #openstack-lbaas | 04:03 | |
| johnsom | ^^^ Fixed two issues there and now it runs fine for me. | 04:05 |
| *** phuoc has joined #openstack-lbaas | 04:12 | |
| *** yamamoto has quit IRC | 04:13 | |
| *** eanderson_ has quit IRC | 04:16 | |
| *** yamamoto has joined #openstack-lbaas | 04:38 | |
| *** JudeC_ has joined #openstack-lbaas | 04:47 | |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Correct naming for quota resources https://review.openstack.org/559672 | 04:54 |
| *** nmanos has joined #openstack-lbaas | 04:58 | |
| *** yamamoto has quit IRC | 05:13 | |
| *** yamamoto has joined #openstack-lbaas | 05:15 | |
| *** nmanos has quit IRC | 05:24 | |
| *** sanfern has quit IRC | 05:24 | |
| *** nmanos has joined #openstack-lbaas | 05:24 | |
| openstackgerrit | Michael Johnson proposed openstack/neutron-lbaas master: Fix neutron-lbaas tempest for filter validation https://review.openstack.org/585951 | 05:30 |
| johnsom | ^^^ gate fix | 05:30 |
| *** yamamoto has quit IRC | 05:31 | |
| *** yamamoto has joined #openstack-lbaas | 05:36 | |
| *** AlexStaf has joined #openstack-lbaas | 05:37 | |
| *** JudeC_ has quit IRC | 05:42 | |
| *** links has joined #openstack-lbaas | 05:48 | |
| *** yamamoto has quit IRC | 06:01 | |
| *** yamamoto has joined #openstack-lbaas | 06:03 | |
| openstackgerrit | Adit Sarfaty proposed openstack/octavia master: Add listener_id to the pool provider object https://review.openstack.org/579532 | 06:04 |
| *** yamamoto has quit IRC | 06:19 | |
| *** sanfern has joined #openstack-lbaas | 06:45 | |
| *** velizarx has joined #openstack-lbaas | 06:58 | |
| openstackgerrit | ZhaoBo proposed openstack/octavia master: UDP for [2] https://review.openstack.org/529651 | 07:01 |
| openstackgerrit | ZhaoBo proposed openstack/octavia master: UDP for [3][5][6] https://review.openstack.org/539391 | 07:01 |
| *** ispp has joined #openstack-lbaas | 07:06 | |
| *** yboaron has joined #openstack-lbaas | 07:13 | |
| openstackgerrit | Merged openstack/neutron-lbaas master: Neutron-LBaaS to Octavia migration tool https://review.openstack.org/578942 | 07:17 |
| *** pcaruana has joined #openstack-lbaas | 07:25 | |
| *** kobis has joined #openstack-lbaas | 07:30 | |
| *** AlexeyAbashkin has joined #openstack-lbaas | 07:33 | |
| *** kberger has joined #openstack-lbaas | 07:35 | |
| *** KeithMnemonic has quit IRC | 07:38 | |
| *** ispp has quit IRC | 07:40 | |
| *** velizarx has quit IRC | 08:03 | |
| *** ispp has joined #openstack-lbaas | 08:05 | |
| openstackgerrit | Merged openstack/octavia master: Correct naming for quota resources https://review.openstack.org/559672 | 08:06 |
| *** velizarx has joined #openstack-lbaas | 08:11 | |
| *** JudeC_ has joined #openstack-lbaas | 08:11 | |
| *** yamamoto has joined #openstack-lbaas | 08:15 | |
| *** yamamoto has quit IRC | 08:18 | |
| *** devfaz has quit IRC | 08:34 | |
| *** devfaz has joined #openstack-lbaas | 08:34 | |
| *** tesseract has joined #openstack-lbaas | 08:42 | |
| Krast | Hi, i got this SSL Error : 'PEM routines', 'PEM_read_bio', 'no start line' when octavia create LB on flow called : "octavia-create-loadbalancer-flow" | 08:48 |
| Krast | With openssl verify command my certificate look good | 08:48 |
| *** JudeC_ has quit IRC | 08:50 | |
| *** ispp has quit IRC | 09:10 | |
| *** salmankhan has joined #openstack-lbaas | 09:12 | |
| *** yboaron has quit IRC | 09:13 | |
| Krast | If someone knows a way to help me :) | 09:35 |
| openstackgerrit | Merged openstack/octavia master: Add listener_id to the pool provider object https://review.openstack.org/579532 | 09:40 |
| *** kobis has quit IRC | 10:09 | |
| *** kobis has joined #openstack-lbaas | 10:18 | |
| *** ispp has joined #openstack-lbaas | 10:24 | |
| *** sanfern has quit IRC | 10:25 | |
| *** yamamoto has joined #openstack-lbaas | 10:32 | |
| *** yamamoto has quit IRC | 10:45 | |
| *** rcernin has quit IRC | 11:04 | |
| *** longkb has quit IRC | 11:26 | |
| *** phuoc_ has joined #openstack-lbaas | 11:27 | |
| *** phuoc has quit IRC | 11:30 | |
| *** yboaron has joined #openstack-lbaas | 11:34 | |
| *** ispp has quit IRC | 11:48 | |
| *** ispp has joined #openstack-lbaas | 11:48 | |
| *** amuller has joined #openstack-lbaas | 11:56 | |
| *** sanfern has joined #openstack-lbaas | 12:31 | |
| *** yamamoto has joined #openstack-lbaas | 12:34 | |
| *** openstackgerrit has quit IRC | 12:36 | |
| *** yamamoto has quit IRC | 12:38 | |
| *** yamamoto has joined #openstack-lbaas | 12:39 | |
| *** links has quit IRC | 12:46 | |
| *** velizarx has quit IRC | 13:02 | |
| *** velizarx has joined #openstack-lbaas | 13:04 | |
| *** AlexStaf has quit IRC | 13:20 | |
| *** ispp has quit IRC | 13:21 | |
| *** yamamoto has quit IRC | 13:22 | |
| johnsom | Krast: make sure the certificate you are loading is in PEM format and has the normal certificate start lime ‘—- | 13:23 |
| *** ispp has joined #openstack-lbaas | 13:35 | |
| *** sanfern has quit IRC | 13:37 | |
| *** yamamoto has joined #openstack-lbaas | 13:45 | |
| *** velizarx has quit IRC | 13:47 | |
| *** velizarx has joined #openstack-lbaas | 13:49 | |
| *** hongbin has joined #openstack-lbaas | 13:52 | |
| *** fnaval has joined #openstack-lbaas | 13:53 | |
| *** AlexStaf has joined #openstack-lbaas | 13:56 | |
| *** ispp has quit IRC | 13:58 | |
| *** ispp has joined #openstack-lbaas | 13:58 | |
| Krast | @johnsom : Thanks for your answer, my certificate are generated by "create_certificates.sh" (it's a dev environment). | 13:58 |
| cgoncalves | johnsom, thank you much for testing and fixing the barbican acl patch! | 13:59 |
| johnsom | Krast If you look in the file it should say "-----BEGIN CERTIFICATE-----" Maybe the configuration file is pointing to the wrong place? | 14:00 |
| johnsom | Krast We use that script for you test gates daily, so I know it is working | 14:00 |
| johnsom | cgoncalves No problem, now we just need to get it merged | 14:01 |
| Krast | Yes my certificate start with this "-----BEGIN CERTIFICATE-----" | 14:01 |
| Krast | I will review my configuration :) | 14:02 |
| cgoncalves | johnsom, want another pair of core review eyes? otherwise you could approve it ;) | 14:04 |
| *** kobis1 has joined #openstack-lbaas | 14:04 | |
| *** kobis1 has quit IRC | 14:06 | |
| *** kobis has quit IRC | 14:07 | |
| johnsom | I fixed my typo. Hopefully we can get some core reviews this morning and get this stuff in. | 14:09 |
| nmagnezi | Looking at it now | 14:20 |
| *** yamamoto has quit IRC | 14:43 | |
| *** yamamoto has joined #openstack-lbaas | 14:45 | |
| johnsom | Thanks Nir | 14:46 |
| nmagnezi | With pleasure | 14:46 |
| *** hongbin has quit IRC | 14:46 | |
| *** yamamoto has quit IRC | 14:49 | |
| cgoncalves | johnsom, you mentioned issues with DVR-enabled clouds the other day. could you please refresh my mind? | 14:50 |
| johnsom | Yeah, DVR has had a number of bugs that "do bad things' | 14:50 |
| johnsom | They use a static ARP table that gets them in trouble | 14:50 |
| sapd | johnsom: I'm still using L2 network instead of L3 :D | 14:51 |
| johnsom | Before pike, you could not use neutron Allowed-Address-Pairs ports and floating IPs. It would just not bind the FLIP and traffic would not flow. | 14:51 |
| cgoncalves | we're seeing same/similar issue with ODL | 14:52 |
| johnsom | I heard that recently there is a new bug in DVR that leads to issues with flows in and out | 14:52 |
| cgoncalves | johnsom, the issue we're facing with ODL and DVR is when trying to reach LB via FIP | 14:52 |
| johnsom | Swami mentioned it to me at the Vancouver summit | 14:52 |
| johnsom | Yeah, probably this new bug in DVR | 14:52 |
| johnsom | Let me see if I can dig through all the dvr bugs and pull out a bug ID. | 14:53 |
| johnsom | Hmm, too many candidates | 14:54 |
| johnsom | https://bugs.launchpad.net/neutron?field.searchtext=dvr&search=Search&field.status%3Alist=NEW&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.assignee=&field.bug_reporter=&field.omit_dupes=on&field.has_patch=&field.has_no_package= | 14:54 |
| johnsom | Could be this one: https://bugs.launchpad.net/neutron/+bug/1774459 | 14:55 |
| openstack | Launchpad bug 1774459 in neutron "Update permanent ARP entries for allowed_address_pair IPs in DVR Routers" [High,Confirmed] | 14:55 |
| johnsom | Could be https://bugs.launchpad.net/neutron/+bug/1717302 | 14:56 |
| openstack | Launchpad bug 1717302 in neutron "Tempest floatingip scenario tests failing on DVR Multinode setup with HA" [High,Confirmed] - Assigned to Miguel Lavalle (minsel) | 14:56 |
| johnsom | cgoncalves Yeah, probably about 12 of these DVR bugs could be impacting us | 14:57 |
| johnsom | Fra-gee-lay | 15:00 |
| cgoncalves | bummer :/ | 15:04 |
| cgoncalves | hmmm I believe I've seen recently some internal CI FIP+DVR tests failing too | 15:05 |
| yboaron | Hi folks, Does Octavia support L7policy/l7rule for the HTTPS case, by HTTPS I mean for example to L7 load balancing based on TLS-SNI ? | 15:17 |
| yboaron | as far as I understand the answer is No. | 15:17 |
| johnsom | We do support L7 with the TLS-TERMINATED listener type. L7 based on SNI, not sure, give me a minute to refresh my memory. | 15:18 |
| yboaron | johnsom, 10x! | 15:21 |
| johnsom | yboaron I think we only look at the "host" feild in the quest, not the matched certificate or CN in the SNI list. | 15:21 |
| yboaron | johnsom, for the TLS-terminated, the L7policy/l7rules should be defined as in the plain HTTP case, right? the difference should be in the listener definition | 15:22 |
| johnsom | So it is this use case: https://docs.openstack.org/octavia/latest/user/guides/l7-cookbook.html#send-requests-for-http-www2-example-com-to-pool2 behind an TLS-TERMINATED listener. | 15:22 |
| johnsom | yboaron Correct, we define the TLS termination information on the listener, this includes SNI certificates. The listener will handle the decryption and then apply the L7 policies/rules. | 15:23 |
| yboaron | johnsom, cool!, do you plan to support L7 LB for the passthrough (TLS SNI) case? | 15:25 |
| johnsom | Well, if we are not decrypting the flow there is every limited information we could use for L7 rules. | 15:27 |
| johnsom | What would you like to use for a rule in that case? | 15:27 |
| yboaron | johnsom, actually this is the use case: https://github.com/openshift/origin/blob/26178233640a84897e3bf8bc4e35e4e13c94ac78/docs/routing.md#passthrough-termination | 15:28 |
| *** velizarx has quit IRC | 15:29 | |
| johnsom | yboaron Oh, just straight pass through. We support that, set listener type to "HTTPS". | 15:31 |
| yboaron | johnsom, it isn't just pass through, we should take L7 LB decision based on the host name in TLS hello packet | 15:33 |
| johnsom | yboaron Just a second let me test it. My memory is too fuzzy on the TLS handshake to say whether we support that today or not. One minute | 15:34 |
| yboaron | johnsom, I'm not familiar with ha-proxy at all, but this the code used in Openshift-router (based on ha-proxy) to for this requirement, https://github.com/openshift/origin/blob/8ffd78196cbae1a1a0d4dac7a8957e0bb803a4f2/pkg/router/template/util/haproxy/map_entry.go#L83 | 15:35 |
| yboaron | johnsom, take your time .. | 15:35 |
| *** ispp has quit IRC | 15:36 | |
| johnsom | yboaron Yeah, I know it is *possible* with our engine, I'm just not sure if we have implemented it yet. | 15:37 |
| *** pcaruana has quit IRC | 15:38 | |
| johnsom | yboaron Ok, yeah, we don't have support for that level of L7 for TLS passthrough today. You are welcome to open a story for us to add it though: https://storyboard.openstack.org | 15:38 |
| yboaron | I"ll open, thanks a lot johnsom! | 15:40 |
| johnsom | Sure, no problem | 15:40 |
| johnsom | yboaron Patches are always welcome too! | 15:40 |
| yboaron | johnsom, :-) | 15:41 |
| *** JudeC_ has joined #openstack-lbaas | 15:42 | |
| *** hongbin has joined #openstack-lbaas | 15:49 | |
| *** yamamoto has joined #openstack-lbaas | 15:55 | |
| *** AlexStaf has quit IRC | 15:58 | |
| *** yamamoto has quit IRC | 16:01 | |
| *** AlexeyAbashkin has quit IRC | 16:10 | |
| johnsom | Cores: still looking for reviews on the two provider driver patches: https://review.openstack.org/575807 and https://review.openstack.org/571358 | 16:11 |
| *** openstackgerrit has joined #openstack-lbaas | 16:16 | |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Separate the thread pool for health and stats update. https://review.openstack.org/581585 | 16:16 |
| *** tesseract has quit IRC | 16:39 | |
| *** JudeC_ has quit IRC | 16:44 | |
| *** yboaron has quit IRC | 16:54 | |
| *** salmankhan has quit IRC | 17:15 | |
| rm_work | anyone else getting bot spammed today in PMs? >_< | 17:17 |
| *** JudeC_ has joined #openstack-lbaas | 17:25 | |
| *** JudeC__ has joined #openstack-lbaas | 17:26 | |
| *** JudeC_ has quit IRC | 17:26 | |
| johnsom | I know some other channels got hit yesterday with "freenode" spam, but I haven't got an PMs | 17:29 |
| rm_work | it's like, constant | 17:45 |
| rm_work | i get a PM about once every 5 minutes | 17:45 |
| xgerman_ | no PMs for me but only cazy stuff in channels | 17:53 |
| xgerman_ | rm_work: wonder if you have seen the failover hanging because the vrrp port doesn’t deallocate | 17:54 |
| *** phuoc_ has quit IRC | 18:02 | |
| rm_work | doubt it :P | 18:04 |
| openstackgerrit | Merged openstack/octavia master: Automatically set Barbican ACLs https://review.openstack.org/552549 | 18:33 |
| johnsom | Just two more patches needing merged for the MS3 release: https://review.openstack.org/575807 and https://review.openstack.org/571358 | 18:38 |
| johnsom | Cores please take a glance | 18:38 |
| *** atoth has quit IRC | 18:57 | |
| *** ianychoi_ has joined #openstack-lbaas | 19:15 | |
| *** pcaruana has joined #openstack-lbaas | 19:17 | |
| *** ianychoi has quit IRC | 19:18 | |
| openstackgerrit | ZhaoBo proposed openstack/octavia master: UDP for [2] https://review.openstack.org/529651 | 19:18 |
| *** pcaruana has quit IRC | 19:45 | |
| *** amuller has quit IRC | 19:54 | |
| *** yamamoto has joined #openstack-lbaas | 19:59 | |
| *** yamamoto has quit IRC | 20:03 | |
| johnsom | Still looking for MS3 reviews | 20:58 |
| openstackgerrit | German Eichberger proposed openstack/octavia master: [WIP] Allows failover if port is not deallocated by nova https://review.openstack.org/585864 | 21:01 |
| *** AlexStaf has joined #openstack-lbaas | 21:25 | |
| *** rcernin has joined #openstack-lbaas | 22:19 | |
| *** bcafarel has quit IRC | 22:22 | |
| *** fnaval has quit IRC | 22:27 | |
| *** bcafarel has joined #openstack-lbaas | 22:50 | |
| *** hongbin has quit IRC | 23:00 | |
| rm_work | which ones? | 23:15 |
| openstackgerrit | Merged openstack/octavia master: Updates the amphora driver for new commit model https://review.openstack.org/575807 | 23:46 |
| openstackgerrit | Merged openstack/octavia master: Implement provider drivers - Driver Library https://review.openstack.org/571358 | 23:51 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!