Friday, 2018-11-09

« Thursday, 2018-11-08 Index Saturday, 2018-11-10 »
*** pcaruana has quit IRC00:25
*** hyang has quit IRC00:26
*** yamamoto has joined #openstack-lbaas00:43
*** yamamoto has quit IRC00:47
*** velizarx has joined #openstack-lbaas01:37
*** velizarx has quit IRC01:54
*** velizarx has joined #openstack-lbaas02:07
*** yamamoto has joined #openstack-lbaas02:22
*** hongbin has joined #openstack-lbaas02:42
*** aojea has joined #openstack-lbaas03:24
*** aojea has quit IRC03:29
*** velizarx has quit IRC04:10
openstackgerritYAMAMOTO Takashi proposed openstack/neutron-lbaas master: Revert "Updated "create_pool" method in plugin"  https://review.openstack.org/61676304:25
*** velizarx has joined #openstack-lbaas04:35
*** velizarx has quit IRC04:45
*** openstackstatus has quit IRC04:59
*** hongbin has quit IRC05:07
*** openstack has joined #openstack-lbaas07:11
*** ChanServ sets mode: +o openstack07:11
openstackgerritzhangzhaoshan proposed openstack/octavia-tempest-plugin master: Clean up .gitignore references to personal tools  https://review.openstack.org/61683807:19
*** pcaruana has joined #openstack-lbaas07:21
*** Emine has joined #openstack-lbaas09:18
*** salmankhan has joined #openstack-lbaas09:54
*** abaindur has quit IRC09:57
openstackgerritYAMAMOTO Takashi proposed openstack/neutron-lbaas master: Revert "Updated "create_pool" method in plugin"  https://review.openstack.org/61676310:44
openstackgerritZhaoBo proposed openstack/python-octaviaclient master: Add 'client_auth_option' in Listener on client side  https://review.openstack.org/61687910:57
openstackgerritZhaoBo proposed openstack/octavia master: Add client_ca_tls_container_ref to Octavia v2 listener API  https://review.openstack.org/61226710:58
openstackgerritZhaoBo proposed openstack/octavia master: Add an option to the Octavia V2 listener API for client cert  https://review.openstack.org/61226810:58
openstackgerritMerged openstack/octavia master: Fix VIP plug failure if netns directory exists  https://review.openstack.org/61638211:31
openstackgerritCarlos Goncalves proposed openstack/octavia stable/rocky: Fix VIP plug failure if netns directory exists  https://review.openstack.org/61689912:39
openstackgerritCarlos Goncalves proposed openstack/octavia stable/queens: Fix VIP plug failure if netns directory exists  https://review.openstack.org/61690012:39
*** velizarx has joined #openstack-lbaas13:07
openstackgerritchenxiangui proposed openstack/octavia-dashboard master: Modify the wrong url  https://review.openstack.org/61694214:01
*** aojea_ has joined #openstack-lbaas14:01
*** Emine has quit IRC14:11
*** aojea_ has quit IRC14:49
*** velizarx has quit IRC14:49
*** aojea_ has joined #openstack-lbaas14:58
*** Emine has joined #openstack-lbaas15:31
*** yamamoto has quit IRC16:18
*** aojea_ has quit IRC16:20
*** aojea_ has joined #openstack-lbaas16:21
*** yamamoto has joined #openstack-lbaas16:21
*** yamamoto has quit IRC16:27
*** ivve has joined #openstack-lbaas18:00
*** Swami has joined #openstack-lbaas18:07
xgerman_rm_work: need some Octavia recovery advice18:10
*** emccormick has joined #openstack-lbaas18:12
colin-not strictly octavia related but thought this might interest folks, saw it on HN: https://www.haproxy.com/blog/application-layer-ddos-attack-protection-with-haproxy/18:15
johnsomcolin- Yeah, enabling the DDoS protections in the amphorae is on our roadmap: https://wiki.openstack.org/wiki/Octavia/Roadmap18:16
colin-read my mind18:16
johnsomThere are a number things we can do that aren't super hard, just needs someone to do the work.18:16
xgerman_you can always use QoS to limit DDos18:16
johnsomI think it should be a combination of kernel level settings (some are already on) and haproxy settings18:17
colin-do you guys set any of that on your amphorae?18:17
colin-just curious18:17
xgerman_you can set the Neutron QoS  - i dont think we do much on the amp level18:18
johnsomNo, we mostly run with the defaults in the DDoS case. So the syn cookies stuff is enabled after a threshold, etc.18:18
*** salmankhan has quit IRC18:38
*** emccormick has quit IRC18:42
openstackgerritMichael Johnson proposed openstack/octavia master: Migrate constants to use octavia-lib - Part 1  https://review.openstack.org/61701518:47
johnsomI'm trying to see if I can touch every file in octavia.... lol18:49
*** ivve has quit IRC19:12
*** zigo has quit IRC19:25
*** Emine has quit IRC19:48
*** abaindur has joined #openstack-lbaas19:55
*** abaindur has quit IRC19:56
*** abaindur has joined #openstack-lbaas19:56
*** salmankhan has joined #openstack-lbaas20:32
*** salmankhan has quit IRC20:36
rm_workxgerman_: sorry whats up21:01
rm_workxgerman_: am i too late to be helpful?21:01
rm_workdefinitely have a LOT of recovery experience :P21:01
*** hvhaugwitz has quit IRC21:18
*** hvhaugwitz has joined #openstack-lbaas21:25
*** yamamoto has joined #openstack-lbaas21:37
johnsomrm_work He had a DB go out to lunch on an old Pike install, so they got the "THIS IS NOT GOOD" and one amp down, one amp up situation.21:38
rm_workyeah21:38
rm_workthat's not too bad to fix21:38
rm_workat least for me, i wonder if it's different on the default net driver21:39
rm_worklike, 30s and done21:39
rm_work(per LB)21:39
johnsomYeah, I think it's just create a fake amp record, post an old health, mark back to active.21:40
*** yamamoto has quit IRC21:41
rm_workyeah21:44
rm_workbasically21:44
johnsomSince they have no failover api, etc....21:45
rm_workoh right ugh21:54
rm_workbut yeah that's when i was doing it too21:54
*** celebdor has quit IRC22:27
xgerman_I got them to just recreate the servcie22:31
xgerman_that’s what we are documenting22:31
rm_work?? like, new LB?22:34
johnsompush pin meet sledge hammer22:36
xgerman_well, so we are sure that database stuff works and I should make them do that instead22:40
xgerman_?22:40
xgerman_for all I know they might have half deleted ports and such22:41
rm_workit works for me, but i don't know if it's different for your thing22:43
xgerman_yeah, on a customer site is probably the wromg place to find out :-)22:43
johnsomThe downside is the rebuild approach causes downtime22:45
rm_workah for me it doesn't?22:45
rm_workunless it's already down22:45
xgerman_if I learned anyhting is that downtime is not a concern if it saves the operator time22:48
rm_worklol22:48
johnsomRight, I meant the approach of deleting the whole thing and rebuilding causes downtime, where the fix-in-place does not22:48
rm_workah lol22:48
rm_workwell not if you do it right22:48
rm_workspin up the new thing, swing the DNS over to the new VIP22:48
johnsomBest long term solution for them is to get off pike22:48
rm_work^^ this lol22:48
xgerman_yep, and this has now new urgency22:49
rm_workit's not even hard22:49
rm_workjust upgrade the control-plane22:49
rm_workeasy peasy done22:49
rm_workdoesn't require any major changes to your cloud22:50
rm_workif you're containerized it's just "use this image instead of that one" but i assume you are using OSA22:50
xgerman_if you try to run 100s of clouds you don’t do things differently for one22:51
rm_workyeah i mean you should do that with all of them :P22:51
cgoncalves"here's 1M bucks, do this differently for me now" -- you wouldn't? ;)22:52
rm_worki would dance like a trained monkey for that money :P22:52
rm_work(admittedly, probably worse than a trained monkey, but only for lack of said training)22:53
*** aojea_ has quit IRC23:52
« Thursday, 2018-11-08 Index Saturday, 2018-11-10 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!